__size32 global29 = 1;// 4 bytes unsigned int global28 = 0; __size32 global14;// 4 bytes void proc1(); void proc2(); void proc3(); void proc4(); // address: 0x40425d int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { __size8 al; // r8 __size32 eax; // r24 __size32 eax_1; // r24{111} __size32 eax_2; // r24{515} int ebp; // r29 void *ebp_1; // r29 __size32 ecx; // r25 union { void * x39; int x40; } ecx_1; // r25 __size32 ecx_2; // r25{516} __size32 edi; // r31 union { void * x13; int x14; } edi_1; // r31 union { void * x17; int x18; } edi_10; // r31 union { int x5; __size32 * x6; } edi_11; // r31 union { int x5; __size32 * x6; } edi_12; // r31 union { int x5; __size32 * x6; } edi_13; // r31 union { int x5; __size8 * x6; } edi_14; // r31 union { void * x19; int x20; } edi_15; // r31 union { int x7; __size32 * x8; } edi_16; // r31 union { int x7; __size32 * x8; } edi_17; // r31 union { int x7; __size32 * x8; } edi_18; // r31 union { int x7; __size8 * x8; } edi_19; // r31 union { int x1; __size32 * x2; } edi_2; // r31 union { void * x21; int x22; } edi_20; // r31 union { int x9; __size32 * x10; } edi_21; // r31 union { int x9; __size32 * x10; } edi_22; // r31 union { int x9; __size32 * x10; } edi_23; // r31 union { int x9; __size8 * x10; } edi_24; // r31 union { void * x23; int x24; } edi_25; // r31 union { int x11; __size32 * x12; } edi_26; // r31 union { int x11; __size32 * x12; } edi_27; // r31 union { int x11; __size32 * x12; } edi_28; // r31 union { int x11; __size8 * x12; } edi_29; // r31 union { int x1; __size32 * x2; } edi_3; // r31 union { int x11; __size8 * x12; } edi_30; // r31 union { int x1; __size32 * x2; } edi_4; // r31 union { void * x15; int x16; } edi_5; // r31 union { int x3; __size32 * x4; } edi_6; // r31 union { int x3; __size32 * x4; } edi_7; // r31 union { int x3; __size32 * x4; } edi_8; // r31 union { int x3; __size8 * x4; } edi_9; // r31 __size32 edx; // r26 __size32 edx_1; // r26{517} __size32 *esp; // r28 void *esp_1; // r28{165} void *esp_2; // r28{149} void *esp_3; // r28{105} void *esp_4; // r28{9} __size32 *esp_5; // r28{554} void *esp_6; // r28{542} __size32 esp_7; // r28{279} __size32 *esp_8; // r28{253} void *esp_9; // r28{518} int local0; // m[esp + 4] int local1; // m[esp + 8] int local10; // m[esp + 12]{105} int local11; // m[esp + 12]{279} int local12; // m[esp + 16]{105} int local13; // m[esp + 16]{279} union { __size32 * x25; int x26; } local14; // m[esp_3 - 8]{114} unsigned int local15; // m[esp_3 - 8]{109} union { __size32 * x27; int x28; } local16; // m[esp_3 - 20]{130} union { __size32 * x27; int x28; } local17; // m[esp_3 - 20]{130} unsigned int local18; // m[esp_3 - 20]{147} unsigned int local19; // m[esp_3 - 20]{141} int local2; // m[esp + 12] unsigned int local20; // m[esp_9 - 12]{194} union { __size32 * x31; int x32; } local21; // m[esp_9 - 12]{204} union { __size32 * x33; int x34; } local22; // m[esp_9 - 24]{242} unsigned int local23; // m[esp_9 - 24]{211} int local24; // m[esp - 4]{105} int local25; // m[esp - 4]{279} int local26; // m[esp - 8]{105} int local27; // m[esp - 8]{279} union { int x1; __size32 * x2; } local28; // edi_2{491} union { int x1; __size32 * x2; } local29; // edi_4{493} int local3; // m[esp + 16] union { int x3; __size32 * x4; } local30; // edi_6{495} union { int x3; __size32 * x4; } local31; // edi_8{497} union { int x5; __size32 * x6; } local32; // edi_11{499} union { int x5; __size32 * x6; } local33; // edi_13{501} union { int x7; __size32 * x8; } local34; // edi_16{503} union { int x7; __size32 * x8; } local35; // edi_18{505} union { int x9; __size32 * x10; } local36; // edi_21{507} union { int x9; __size32 * x10; } local37; // edi_23{509} union { int x11; __size32 * x12; } local38; // edi_26{511} union { int x11; __size32 * x12; } local39; // edi_28{513} __size32 local4; // m[esp - 4] __size32 local40; // eax_2{515} __size32 local41; // ecx_2{516} __size32 local42; // edx_1{517} void *local43; // esp_9{518} unsigned int local5; // m[esp - 8] int local6; // m[esp + 4]{105} int local7; // m[esp + 4]{279} int local8; // m[esp + 8]{105} int local9; // m[esp + 8]{279} edx = proc1(168, 0x12a8, esp - 4, hInstance, hPrevInstance, lpCmdLine, nCmdShow, ebp, pc); /* Warning: also results in esp_4, ebp_1, edi */ *(__size32*)(esp_4 - 4) = edi; *(__size32*)(ebp_1 - 4) = 0; *(__size32*)(ebp_1 - 0xd0c) = 0; *(__size16*)(ebp_1 - 0x12a8) = 0; ecx = 99; edi_1 = ebp_1 - 0x12a6; local28 = edi_1; edi_2 = local28; local29 = edi_2; while (ecx != 0) { *(__size32*)(__size32 *)edi = 0; edi_3 = edi_2 + ( (DF == 0) ? 4 : -4); ecx = ecx - 1; local28 = edi_3; local29 = edi_3; edi_2 = local28; local29 = edi_2; } edi_4 = local29; *(__size32*)(__size32 *)edi = 0; *(__size8*)(ebp_1 - 1288) = 0; ecx = 255; edi_5 = ebp_1 - 1287; local30 = edi_5; edi_6 = local30; local31 = edi_6; while (ecx != 0) { *(__size32*)(__size32 *)edi = 0; edi_7 = edi_6 + ( (DF == 0) ? 4 : -4); ecx = ecx - 1; local30 = edi_7; local31 = edi_7; edi_6 = local30; local31 = edi_6; } edi_8 = local31; *(__size32*)(__size32 *)edi = 0; edi_9 = edi_8 + ( (DF == 0) ? 2 : -2); *(__size8*)(__size8 *)edi = 0; *(__size8*)(ebp_1 - 264) = 0; ecx = 64; edi_10 = ebp_1 - 263; local32 = edi_10; edi_11 = local32; local33 = edi_11; while (ecx != 0) { *(__size32*)(__size32 *)edi = 0; edi_12 = edi_11 + ( (DF == 0) ? 4 : -4); ecx = ecx - 1; local32 = edi_12; local33 = edi_12; edi_11 = local32; local33 = edi_11; } edi_13 = local33; *(__size32*)(__size32 *)edi = 0; edi_14 = edi_13 + ( (DF == 0) ? 2 : -2); *(__size8*)(__size8 *)edi = 0; *(__size8*)(ebp_1 - 0xd08) = 0; ecx = 255; edi_15 = ebp_1 - 0xd07; local34 = edi_15; edi_16 = local34; local35 = edi_16; while (ecx != 0) { *(__size32*)(__size32 *)edi = 0; edi_17 = edi_16 + ( (DF == 0) ? 4 : -4); ecx = ecx - 1; local34 = edi_17; local35 = edi_17; edi_16 = local34; local35 = edi_16; } edi_18 = local35; *(__size32*)(__size32 *)edi = 0; edi_19 = edi_18 + ( (DF == 0) ? 2 : -2); *(__size8*)(__size8 *)edi = 0; *(__size8*)(ebp_1 - 0x1114) = 0; ecx = 255; edi_20 = ebp_1 - 0x1113; local36 = edi_20; edi_21 = local36; local37 = edi_21; while (ecx != 0) { *(__size32*)(__size32 *)edi = 0; edi_22 = edi_21 + ( (DF == 0) ? 4 : -4); ecx = ecx - 1; local36 = edi_22; local37 = edi_22; edi_21 = local36; local37 = edi_21; } edi_23 = local37; *(__size32*)(__size32 *)edi = 0; edi_24 = edi_23 + ( (DF == 0) ? 2 : -2); *(__size8*)(__size8 *)edi = 0; *(__size8*)(ebp_1 - 0x908) = 0; ecx = 255; edi_25 = ebp_1 - 0x907; local38 = edi_25; edi_26 = local38; local39 = edi_26; while (ecx != 0) { *(__size32*)(__size32 *)edi = 0; edi_27 = edi_26 + ( (DF == 0) ? 4 : -4); ecx = ecx - 1; local38 = edi_27; local39 = edi_27; edi_26 = local38; local39 = edi_26; } edi_28 = local39; *(__size32*)(__size32 *)edi = 0; edi_29 = edi_28 + ( (DF == 0) ? 2 : -2); *(__size8*)(__size8 *)edi = 0; esp_3 = proc2(0, 0, ecx, edx, ebp_1, edi_29 + ( (DF == 0) ? 1 : -1), local0, local1, local2, local3, local4, local5, , LOGICALFLAGS32(0), LOGICALFLAGS32(0), LOGICALFLAGS32(0)); /* Warning: also results in ebp_1, edi */ *(__size32*)(esp_3 - 4) = 0x8002; SetErrorMode(); al = (unsigned char) ebp_1 - 0x12a8; local14 = ebp_1 - 0x12a8; *(__size32*)(esp_3 - 12) = 514; WS2_32_dll_115(); GetCurrentProcess(); global14 = eax; *(__size32*)(esp_3 - 16) = 1024; local16 = ebp_1 - 1288; *(__size32*)(esp_3 - 24) = 0; GetModuleFileNameA(*(esp_3 - 16), *(esp_3 - 20), *(esp_3 - 24)); *(__size32*)(esp_3 - 16) = 0x409970; InitializeCriticalSection(*(esp_3 - 16)); *(__size32*)(esp_3 - 16) = 0x409988; InitializeCriticalSection(*(esp_3 - 16)); local40 = eax; local41 = ecx; local42 = edx; local43 = esp_2; *(__size32*)(ebp_1 - 0xd10) = 0; *(__size32*)(ebp_1 - 0x1118) = 0; *(__size32*)(ebp_1 - 0xd10) = 0; eax_2 = local40; ecx_2 = local41; edx_1 = local42; esp_9 = local43; tmp1 = *(ebp_1 - 0xd10) - 1000; while (*(ebp_1 - 0xd10) < 1000) { eax = proc3(al, eax_2, ecx_2, edx_1, ebp_1, edi, local6, local8, local10, local12, local24, local26, , SUBFLAGS32(*(ebp_1 - 0xd10), 1000, tmp1), tmp1 == 0, *(ebp_1 - 0xd10) < 1000); /* Warning: also results in esp_1, ebp_1, edi */ local43 = esp_1; ecx = *(ebp_1 - 0xd10); ecx_2 = ecx + 1000; edx = (eax & 0xffff) % (ecx + 1000); eax = *(ebp_1 - 0x1118); eax_2 = eax + edx; al = (unsigned char) eax + edx; *(__size32*)(ebp_1 - 0x1118) = eax + edx; local40 = eax_2; local41 = ecx_2; edx = *(ebp_1 - 0xd10); edx_1 = edx + 1; *(__size32*)(ebp_1 - 0xd10) = edx + 1; local42 = edx_1; eax_2 = local40; ecx_2 = local41; edx_1 = local42; esp_9 = local43; tmp1 = *(ebp_1 - 0xd10) - 1000; } *(__size32*)(esp_9 - 4) = 0x409498; *(union { __size32 * x29; int x30; }*)(esp_9 - 8) = ebp_1 - 264; lstrcpyA(); *(__size32*)(esp_9 - 12) = 0x2710; Sleep(*(esp_9 - 12)); local21 = ebp_1 - 264; *(__size32*)(esp_9 - 16) = 1; *(__size32*)(esp_9 - 20) = 0; CreateMutexA(); *(__size32*)(ebp_1 - 0xd14) = eax; GetLastError(); if (eax != 183) { local22 = ebp_1 - 0x908; *(__size32*)(esp_9 - 28) = 0x4094a4; *(__size32*)(esp_9 - 32) = 0x4094ac; *(__size32*)(esp_9 - 36) = 0x80000001; al = proc4(al, eax, ecx, ebp_1 - 0x908, ebp_1, edi, local6, local8, local10, local12, local24, local26, , SUBFLAGS32(eax, 183, eax - 183), eax - 183 == 0, eax < 183); /* Warning: also results in eax, edx, esp_8, ebp_1, edi */ flags = LOGICALFLAGS32(eax); if (eax != 0) { eax = (int) *(ebp_1 - 0x908); al = (unsigned char) eax; flags = SUBFLAGS32(eax, 49, eax - 49); if (eax == 49) { global28 = 50; global29 = 0; } } *(union { void * x37; int x38; }*)(esp_8 + 12) = ebp_1 - 0x908; *(__size32*)(esp_8 + 8) = 0x4094bc; *(__size32*)(esp_8 + 4) = 0x4094c4; *(__size32*)esp_8 = 0x80000001; al = proc4(al, eax, ebp_1 - 0x908, edx, ebp_1, edi, local0, local1, local2, local3, local4, local5, , flags, ZF, CF); /* Warning: also results in eax, ecx, edx, esp_7, ebp_1, edi */ esp = esp_7 + 16; if (eax != 0) { edx = (int) *(ebp_1 - 0x908); if (edx == 49) { global28 = 100; global29 = 0; } } if (*0x409a28 == 0) { eax = proc3(al, eax, ecx, edx, ebp_1, edi, local7, local9, local11, local13, local25, local27, , SUBFLAGS32(global28, 0, global28), global28 == 0, global28 < 0); /* Warning: also results in esp */ tmpl = ( ((eax & 0xffff) < 0) ? -1 : 0) << 32 | eax & 0xffff; al = (tmpl % 1000 <= 800) ? 1 : 0; eax = 0 >> 8 & 0xffffff | (al); al = (unsigned char) eax - 1 & 0xffffffce; eax = eax - 1 >> 8 & 0xffffff | (al); global28 = eax + 100; } esp_6 = esp; *(__size32*)(esp_6 - 4) = 0; *(__size32*)(esp_6 - 8) = 0; *(__size32*)(esp_6 - 12) = 0; *(__size32*)(esp_6 - 16) = 0x401474; *(__size32*)(esp_6 - 20) = 0; *(__size32*)(esp_6 - 24) = 0; CreateThread(); *(__size32*)(esp_6 - 28) = 0; *(__size32*)(esp_6 - 32) = 0; *(__size32*)(esp_6 - 36) = 0; *(__size32*)(esp_6 - 40) = 0x401b98; *(__size32*)(esp_6 - 44) = 0; *(__size32*)(esp_6 - 48) = 0; CreateThread(); if (*0x409a28 != 100) { if (*0x409a28 == 50) { *(__size32*)(esp_6 - 52) = 0; *(__size32*)(esp_6 - 56) = 0; *(__size32*)(esp_6 - 60) = 0; *(__size32*)(esp_6 - 64) = 0x403eb4; *(__size32*)(esp_6 - 68) = 0; *(__size32*)(esp_6 - 72) = 0; CreateThread(); } } else { *(__size32*)(esp_6 - 52) = 0; *(__size32*)(esp_6 - 56) = 0; *(__size32*)(esp_6 - 60) = 0; *(__size32*)(esp_6 - 64) = 0x402797; *(__size32*)(esp_6 - 68) = 0; *(__size32*)(esp_6 - 72) = 0; CreateThread(); } esp_5 = esp; *(__size32*)(esp_5 - 4) = 0x2710; Sleep(*(esp_5 - 4)); if (*0x409a24 != 0) { for(;;) { L2: local4 = 0xea60; Sleep(*(esp - 4)); local4 = 0x46b4c4; InterlockedIncrement(*(esp - 4)); } } if (*0x409a28 != 100) { if (*0x409a28 == 50) { global28 = 100; *(__size32*)(esp_5 - 4) = 0; *(__size32*)(esp_5 - 8) = 0; *(__size32*)(esp_5 - 12) = 0; *(__size32*)(esp_5 - 16) = 0x402797; *(__size32*)(esp_5 - 20) = 0; *(__size32*)(esp_5 - 24) = 0; CreateThread(); } } else { global28 = 50; *(__size32*)(esp_5 - 4) = 0; *(__size32*)(esp_5 - 8) = 0; *(__size32*)(esp_5 - 12) = 0; *(__size32*)(esp_5 - 16) = 0x403eb4; *(__size32*)(esp_5 - 20) = 0; *(__size32*)(esp_5 - 24) = 0; CreateThread(); } local4 = 0x2710; Sleep(*(esp - 4)); if (*0x409a24 != 0) { goto L2; } } else { eax = *(ebp_1 - 0xd14); *(__size32*)(esp_9 - 24) = eax; ReleaseMutex(); ecx = *(ebp_1 - 0xd14); *(__size32*)(esp_9 - 28) = ecx; CloseHandle(*(esp_9 - 28)); } return 0; }