HelloWorld.exe Example
dumpbin /disasm #4755-HelloWorld.exe
Microsoft (R) COFF/PE Dumper Version 10.00.40219.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file #4755-HelloWorld.exe
File Type: EXECUTABLE IMAGE
_main:
00401000: 55 push ebp
00401001: 8B EC mov ebp,esp
00401003: 68 00 30 40 00 push 403000h
00401008: FF 15 A8 20 40 00 call dword ptr [__imp__puts]
0040100E: 83 C4 04 add esp,4
00401011: 33 C0 xor eax,eax
00401013: 5D pop ebp
00401014: C3 ret
00401015: CC Μ
_puts:
00401016: FF 25 A8 20 40 00 jmp dword ptr [__imp__puts]
0040101C: CC CC CC CC ΜΜΜΜ
00401020: 8B FF mov edi,edi
00401022: 55 push ebp
00401023: 8B EC mov ebp,esp
00401025: E8 76 03 00 00 call 004013A0
0040102A: A3 34 30 40 00 mov dword ptr ds:[00403034h],eax
0040102F: 6A 01 push 1
00401031: FF 15 90 20 40 00 call dword ptr [__imp____set_app_type]
00401037: 83 C4 04 add esp,4
0040103A: 6A FF push 0FFFFFFFFh
0040103C: FF 15 38 20 40 00 call dword ptr [__imp__EncodePointer@4]
00401042: A3 84 33 40 00 mov dword ptr [___onexitend],eax
00401047: A1 84 33 40 00 mov eax,dword ptr [___onexitend]
0040104C: A3 88 33 40 00 mov dword ptr [___onexitbegin],eax
00401051: 8B 0D 94 20 40 00 mov ecx,dword ptr [__imp___fmode]
00401057: 8B 15 4C 30 40 00 mov edx,dword ptr [__fmode]
0040105D: 89 11 mov dword ptr [ecx],edx
0040105F: A1 98 20 40 00 mov eax,dword ptr [__imp___commode]
00401064: 8B 0D 48 30 40 00 mov ecx,dword ptr [__commode]
0040106A: 89 08 mov dword ptr [eax],ecx
0040106C: E8 BF 04 00 00 call __RTC_Initialize
00401071: E8 AA 04 00 00 call __setargv
00401076: 83 3D 14 30 40 00 cmp dword ptr [___defaultmatherr],0
00
0040107D: 75 0E jne 0040108D
0040107F: 68 10 15 40 00 push offset __matherr
00401084: FF 15 9C 20 40 00 call dword ptr [__imp____setusermatherr]
0040108A: 83 C4 04 add esp,4
0040108D: E8 0E 04 00 00 call __setdefaultprecision
00401092: 83 3D 10 30 40 00 cmp dword ptr [___globallocalestatus],0FFFFFFFFh
FF
00401099: 75 0B jne 004010A6
0040109B: 6A FF push 0FFFFFFFFh
0040109D: FF 15 A0 20 40 00 call dword ptr [__imp___configthreadlocale]
004010A3: 83 C4 04 add esp,4
004010A6: 33 C0 xor eax,eax
004010A8: 5D pop ebp
004010A9: C3 ret
004010AA: CC CC CC CC CC CC ΜΜΜΜΜΜ
004010B0: 8B FF mov edi,edi
004010B2: 55 push ebp
004010B3: 8B EC mov ebp,esp
004010B5: 68 60 15 40 00 push offset __RTC_Terminate
004010BA: E8 D1 05 00 00 call _atexit
004010BF: 83 C4 04 add esp,4
004010C2: A1 54 30 40 00 mov eax,dword ptr [__newmode]
004010C7: A3 3C 30 40 00 mov dword ptr ds:[0040303Ch],eax
004010CC: 68 3C 30 40 00 push 40303Ch
004010D1: 8B 0D 50 30 40 00 mov ecx,dword ptr [__dowildcard]
004010D7: 51 push ecx
004010D8: 68 2C 30 40 00 push 40302Ch
004010DD: 68 30 30 40 00 push 403030h
004010E2: 68 28 30 40 00 push 403028h
004010E7: FF 15 88 20 40 00 call dword ptr [__imp____getmainargs]
004010ED: 83 C4 14 add esp,14h
004010F0: A3 38 30 40 00 mov dword ptr ds:[00403038h],eax
004010F5: 83 3D 38 30 40 00 cmp dword ptr ds:[403038h],0
00
004010FC: 7D 0A jge 00401108
004010FE: 6A 08 push 8
00401100: E8 AD 05 00 00 call __amsg_exit
00401105: 83 C4 04 add esp,4
00401108: 5D pop ebp
00401109: C3 ret
0040110A: CC CC CC CC CC CC ΜΜΜΜΜΜ
_mainCRTStartup:
00401110: 8B FF mov edi,edi
00401112: 55 push ebp
00401113: 8B EC mov ebp,esp
00401115: E8 A6 05 00 00 call ___security_init_cookie
0040111A: E8 11 00 00 00 call 00401130
0040111F: 5D pop ebp
00401120: C3 ret
00401121: CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜΜΜΜΜΜΜ
00401130: 8B FF mov edi,edi
00401132: 55 push ebp
00401133: 8B EC mov ebp,esp
00401135: 6A FE push 0FFFFFFFEh
00401137: 68 68 23 40 00 push 402368h
0040113C: 68 D0 19 40 00 push offset __except_handler4
00401141: 64 A1 00 00 00 00 mov eax,dword ptr fs:[00000000h]
00401147: 50 push eax
00401148: 83 C4 E4 add esp,0FFFFFFE4h
0040114B: 53 push ebx
0040114C: 56 push esi
0040114D: 57 push edi
0040114E: A1 20 30 40 00 mov eax,dword ptr [___security_cookie]
00401153: 31 45 F8 xor dword ptr [ebp-8],eax
00401156: 33 C5 xor eax,ebp
00401158: 50 push eax
00401159: 8D 45 F0 lea eax,[ebp-10h]
0040115C: 64 A3 00 00 00 00 mov dword ptr fs:[00000000h],eax
00401162: 89 65 E8 mov dword ptr [ebp-18h],esp
00401165: 83 3D 8C 33 40 00 cmp dword ptr [__NoHeapEnableTerminationOnCorruption],0
00
0040116C: 75 0E jne 0040117C
0040116E: 6A 00 push 0
00401170: 6A 00 push 0
00401172: 6A 01 push 1
00401174: 6A 00 push 0
00401176: FF 15 28 20 40 00 call dword ptr [__imp__HeapSetInformation@16]
0040117C: C7 45 FC 00 00 00 mov dword ptr [ebp-4],0
00
00401183: C7 45 DC 00 00 00 mov dword ptr [ebp-24h],0
00
0040118A: E8 01 02 00 00 call _NtCurrentTeb
0040118F: 8B 40 04 mov eax,dword ptr [eax+4]
00401192: 89 45 E0 mov dword ptr [ebp-20h],eax
00401195: C7 45 E4 00 00 00 mov dword ptr [ebp-1Ch],0
00
0040119C: 6A 00 push 0
0040119E: 8B 4D E0 mov ecx,dword ptr [ebp-20h]
004011A1: 51 push ecx
004011A2: 68 80 33 40 00 push offset ___native_startup_lock
004011A7: FF 15 2C 20 40 00 call dword ptr [__imp__InterlockedCompareExchange@12]
004011AD: 89 45 DC mov dword ptr [ebp-24h],eax
004011B0: 83 7D DC 00 cmp dword ptr [ebp-24h],0
004011B4: 74 1E je 004011D4
004011B6: 8B 55 DC mov edx,dword ptr [ebp-24h]
004011B9: 3B 55 E0 cmp edx,dword ptr [ebp-20h]
004011BC: 75 09 jne 004011C7
004011BE: C7 45 E4 01 00 00 mov dword ptr [ebp-1Ch],1
00
004011C5: EB 0D jmp 004011D4
004011C7: 68 E8 03 00 00 push 3E8h
004011CC: FF 15 30 20 40 00 call dword ptr [__imp__Sleep@4]
004011D2: EB C8 jmp 0040119C
004011D4: 83 3D 7C 33 40 00 cmp dword ptr [___native_startup_state],1
01
004011DB: 75 0C jne 004011E9
004011DD: 6A 1F push 1Fh
004011DF: E8 CE 04 00 00 call __amsg_exit
004011E4: 83 C4 04 add esp,4
004011E7: EB 4B jmp 00401234
004011E9: 83 3D 7C 33 40 00 cmp dword ptr [___native_startup_state],0
00
004011F0: 75 38 jne 0040122A
004011F2: C7 05 7C 33 40 00 mov dword ptr [___native_startup_state],1
01 00 00 00
004011FC: 68 C8 20 40 00 push offset ___xi_z
00401201: 68 BC 20 40 00 push offset ___xi_a
00401206: E8 B3 07 00 00 call __initterm_e
0040120B: 83 C4 08 add esp,8
0040120E: 85 C0 test eax,eax
00401210: 74 16 je 00401228
00401212: C7 45 D4 FF 00 00 mov dword ptr [ebp-2Ch],0FFh
00
00401219: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
00401220: 8B 45 D4 mov eax,dword ptr [ebp-2Ch]
00401223: E9 53 01 00 00 jmp 0040137B
00401228: EB 0A jmp 00401234
0040122A: C7 05 44 30 40 00 mov dword ptr ds:[403044h],1
01 00 00 00
00401234: 83 3D 7C 33 40 00 cmp dword ptr [___native_startup_state],1
01
0040123B: 75 1C jne 00401259
0040123D: 68 B8 20 40 00 push offset ___xc_z
00401242: 68 B0 20 40 00 push offset ___xc_a
00401247: E8 6C 07 00 00 call __initterm
0040124C: 83 C4 08 add esp,8
0040124F: C7 05 7C 33 40 00 mov dword ptr [___native_startup_state],2
02 00 00 00
00401259: 83 3D 7C 33 40 00 cmp dword ptr [___native_startup_state],2
02
00401260: 74 22 je 00401284
00401262: 68 50 21 40 00 push offset ??_C@_1FA@DALEHHGL@?$AA_?$AA_?$AAn?$AAa?$AAt?$AAi?$AAv?$AAe?$AA_?$AAs?$AAt?$AAa?$AAr?$AAt?$AAu?$AAp?$AA_?$AAs?$AAt?$AAa?$AAt?$AAe?$AA?5?$AA?$DN?$AA?$DN?$AA?5?$AA_?$AA_?$AAi?$AAn?$AAi?$AAt@
00401267: 6A 00 push 0
00401269: 68 DC 01 00 00 push 1DCh
0040126E: 68 F0 20 40 00 push offset ??_C@_1GA@EHAKPACL@?$AAf?$AA?3?$AA?2?$AAd?$AAd?$AA?2?$AAv?$AAc?$AAt?$AAo?$AAo?$AAl?$AAs?$AA?2?$AAc?$AAr?$AAt?$AA_?$AAb?$AAl?$AAd?$AA?2?$AAs?$AAe?$AAl?$AAf?$AA_?$AAx?$AA8?$AA6?$AA?2?$AAc@
00401273: 6A 02 push 2
00401275: FF 15 6C 20 40 00 call dword ptr [__imp___CrtDbgReportW]
0040127B: 83 C4 14 add esp,14h
0040127E: 83 F8 01 cmp eax,1
00401281: 75 01 jne 00401284
00401283: CC int 3
00401284: 83 7D E4 00 cmp dword ptr [ebp-1Ch],0
00401288: 75 0D jne 00401297
0040128A: 6A 00 push 0
0040128C: 68 80 33 40 00 push offset ___native_startup_lock
00401291: FF 15 34 20 40 00 call dword ptr [__imp__InterlockedExchange@8]
00401297: 83 3D 90 33 40 00 cmp dword ptr [___dyn_tls_init_callback],0
00
0040129E: 74 1D je 004012BD
004012A0: 68 90 33 40 00 push offset ___dyn_tls_init_callback
004012A5: E8 F6 05 00 00 call __IsNonwritableInCurrentImage
004012AA: 83 C4 04 add esp,4
004012AD: 85 C0 test eax,eax
004012AF: 74 0C je 004012BD
004012B1: 6A 00 push 0
004012B3: 6A 02 push 2
004012B5: 6A 00 push 0
004012B7: FF 15 90 33 40 00 call dword ptr [___dyn_tls_init_callback]
004012BD: 6A 01 push 1
004012BF: FF 15 70 20 40 00 call dword ptr [__imp___CrtSetCheckCount]
004012C5: 83 C4 04 add esp,4
004012C8: 8B 0D 74 20 40 00 mov ecx,dword ptr [__imp____initenv]
004012CE: 8B 15 2C 30 40 00 mov edx,dword ptr ds:[40302Ch]
004012D4: 89 11 mov dword ptr [ecx],edx
004012D6: A1 2C 30 40 00 mov eax,dword ptr ds:[0040302Ch]
004012DB: 50 push eax
004012DC: 8B 0D 30 30 40 00 mov ecx,dword ptr ds:[403030h]
004012E2: 51 push ecx
004012E3: 8B 15 28 30 40 00 mov edx,dword ptr ds:[403028h]
004012E9: 52 push edx
004012EA: E8 11 FD FF FF call _main
004012EF: 83 C4 0C add esp,0Ch
004012F2: A3 40 30 40 00 mov dword ptr ds:[00403040h],eax
004012F7: 83 3D 34 30 40 00 cmp dword ptr ds:[403034h],0
00
004012FE: 75 0C jne 0040130C
00401300: A1 40 30 40 00 mov eax,dword ptr ds:[00403040h]
00401305: 50 push eax
00401306: FF 15 78 20 40 00 call dword ptr [__imp__exit]
0040130C: 83 3D 44 30 40 00 cmp dword ptr ds:[403044h],0
00
00401313: 75 06 jne 0040131B
00401315: FF 15 7C 20 40 00 call dword ptr [__imp___cexit]
0040131B: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
00401322: EB 52 jmp 00401376
00401324: 8B 4D EC mov ecx,dword ptr [ebp-14h]
00401327: 8B 11 mov edx,dword ptr [ecx]
00401329: 8B 02 mov eax,dword ptr [edx]
0040132B: 89 45 D8 mov dword ptr [ebp-28h],eax
0040132E: 8B 4D EC mov ecx,dword ptr [ebp-14h]
00401331: 51 push ecx
00401332: 8B 55 D8 mov edx,dword ptr [ebp-28h]
00401335: 52 push edx
00401336: E8 6B 04 00 00 call __XcptFilter
0040133B: 83 C4 08 add esp,8
0040133E: C3 ret
0040133F: 8B 65 E8 mov esp,dword ptr [ebp-18h]
00401342: 8B 45 D8 mov eax,dword ptr [ebp-28h]
00401345: A3 40 30 40 00 mov dword ptr ds:[00403040h],eax
0040134A: 83 3D 34 30 40 00 cmp dword ptr ds:[403034h],0
00
00401351: 75 0D jne 00401360
00401353: 8B 0D 40 30 40 00 mov ecx,dword ptr ds:[403040h]
00401359: 51 push ecx
0040135A: FF 15 84 20 40 00 call dword ptr [__imp___exit]
00401360: 83 3D 44 30 40 00 cmp dword ptr ds:[403044h],0
00
00401367: 75 06 jne 0040136F
00401369: FF 15 7C 20 40 00 call dword ptr [__imp___cexit]
0040136F: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
00401376: A1 40 30 40 00 mov eax,dword ptr ds:[00403040h]
0040137B: 8B 4D F0 mov ecx,dword ptr [ebp-10h]
0040137E: 64 89 0D 00 00 00 mov dword ptr fs:[0],ecx
00
00401385: 59 pop ecx
00401386: 5F pop edi
00401387: 5E pop esi
00401388: 5B pop ebx
00401389: 8B E5 mov esp,ebp
0040138B: 5D pop ebp
0040138C: C3 ret
0040138D: CC CC CC ΜΜΜ
_NtCurrentTeb:
00401390: 8B FF mov edi,edi
00401392: 55 push ebp
00401393: 8B EC mov ebp,esp
00401395: 64 A1 18 00 00 00 mov eax,dword ptr fs:[00000018h]
0040139B: 5D pop ebp
0040139C: C3 ret
0040139D: CC CC CC ΜΜΜ
004013A0: 8B FF mov edi,edi
004013A2: 55 push ebp
004013A3: 8B EC mov ebp,esp
004013A5: 83 EC 08 sub esp,8
004013A8: C7 45 FC 00 00 40 mov dword ptr [ebp-4],400000h
00
004013AF: 8B 45 FC mov eax,dword ptr [ebp-4]
004013B2: 0F B7 08 movzx ecx,word ptr [eax]
004013B5: 81 F9 4D 5A 00 00 cmp ecx,5A4Dh
004013BB: 74 04 je 004013C1
004013BD: 33 C0 xor eax,eax
004013BF: EB 49 jmp 0040140A
004013C1: 8B 55 FC mov edx,dword ptr [ebp-4]
004013C4: 8B 45 FC mov eax,dword ptr [ebp-4]
004013C7: 03 42 3C add eax,dword ptr [edx+3Ch]
004013CA: 89 45 F8 mov dword ptr [ebp-8],eax
004013CD: 8B 4D F8 mov ecx,dword ptr [ebp-8]
004013D0: 81 39 50 45 00 00 cmp dword ptr [ecx],4550h
004013D6: 74 04 je 004013DC
004013D8: 33 C0 xor eax,eax
004013DA: EB 2E jmp 0040140A
004013DC: 8B 55 F8 mov edx,dword ptr [ebp-8]
004013DF: 0F B7 42 18 movzx eax,word ptr [edx+18h]
004013E3: 3D 0B 01 00 00 cmp eax,10Bh
004013E8: 74 04 je 004013EE
004013EA: 33 C0 xor eax,eax
004013EC: EB 1C jmp 0040140A
004013EE: 8B 4D F8 mov ecx,dword ptr [ebp-8]
004013F1: 83 79 74 0E cmp dword ptr [ecx+74h],0Eh
004013F5: 77 04 ja 004013FB
004013F7: 33 C0 xor eax,eax
004013F9: EB 0F jmp 0040140A
004013FB: 8B 55 F8 mov edx,dword ptr [ebp-8]
004013FE: 33 C0 xor eax,eax
00401400: 83 BA E8 00 00 00 cmp dword ptr [edx+0E8h],0
00
00401407: 0F 95 C0 setne al
0040140A: 8B E5 mov esp,ebp
0040140C: 5D pop ebp
0040140D: C3 ret
0040140E: CC CC ΜΜ
?__CxxUnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z:
00401410: 8B FF mov edi,edi
00401412: 55 push ebp
00401413: 8B EC mov ebp,esp
00401415: 8B 45 08 mov eax,dword ptr [ebp+8]
00401418: 8B 08 mov ecx,dword ptr [eax]
0040141A: 81 39 63 73 6D E0 cmp dword ptr [ecx],0E06D7363h
00401420: 75 4F jne 00401471
00401422: 8B 55 08 mov edx,dword ptr [ebp+8]
00401425: 8B 02 mov eax,dword ptr [edx]
00401427: 83 78 10 03 cmp dword ptr [eax+10h],3
0040142B: 75 44 jne 00401471
0040142D: 8B 4D 08 mov ecx,dword ptr [ebp+8]
00401430: 8B 11 mov edx,dword ptr [ecx]
00401432: 81 7A 14 20 05 93 cmp dword ptr [edx+14h],19930520h
19
00401439: 74 2A je 00401465
0040143B: 8B 45 08 mov eax,dword ptr [ebp+8]
0040143E: 8B 08 mov ecx,dword ptr [eax]
00401440: 81 79 14 21 05 93 cmp dword ptr [ecx+14h],19930521h
19
00401447: 74 1C je 00401465
00401449: 8B 55 08 mov edx,dword ptr [ebp+8]
0040144C: 8B 02 mov eax,dword ptr [edx]
0040144E: 81 78 14 22 05 93 cmp dword ptr [eax+14h],19930522h
19
00401455: 74 0E je 00401465
00401457: 8B 4D 08 mov ecx,dword ptr [ebp+8]
0040145A: 8B 11 mov edx,dword ptr [ecx]
0040145C: 81 7A 14 00 40 99 cmp dword ptr [edx+14h],1994000h
01
00401463: 75 0C jne 00401471
00401465: E8 90 05 00 00 call ?terminate@@YAXXZ
0040146A: B8 01 00 00 00 mov eax,1
0040146F: EB 02 jmp 00401473
00401471: 33 C0 xor eax,eax
00401473: 5D pop ebp
00401474: C2 04 00 ret 4
00401477: CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜ
___CxxSetUnhandledExceptionFilter:
00401480: 8B FF mov edi,edi
00401482: 55 push ebp
00401483: 8B EC mov ebp,esp
00401485: 68 10 14 40 00 push offset ?__CxxUnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
0040148A: FF 15 24 20 40 00 call dword ptr [__imp__SetUnhandledExceptionFilter@4]
00401490: 33 C0 xor eax,eax
00401492: 5D pop ebp
00401493: C3 ret
__configthreadlocale:
00401494: FF 25 A0 20 40 00 jmp dword ptr [__imp___configthreadlocale]
0040149A: CC CC CC CC CC CC ΜΜΜΜΜΜ
__setdefaultprecision:
004014A0: 8B FF mov edi,edi
004014A2: 55 push ebp
004014A3: 8B EC mov ebp,esp
004014A5: 6A 00 push 0
004014A7: 6A 1F push 1Fh
004014A9: 68 48 22 40 00 push offset ??_C@_1GG@PHGJJHBC@?$AAf?$AA?3?$AA?2?$AAd?$AAd?$AA?2?$AAv?$AAc?$AAt?$AAo?$AAo?$AAl?$AAs?$AA?2?$AAc?$AAr?$AAt?$AA_?$AAb?$AAl?$AAd?$AA?2?$AAs?$AAe?$AAl?$AAf?$AA_?$AAx?$AA8?$AA6?$AA?2?$AAc@
004014AE: 68 1C 22 40 00 push offset ??_C@_1CK@JMKHCBEI@?$AA_?$AAs?$AAe?$AAt?$AAd?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AAp?$AAr?$AAe?$AAc?$AAi?$AAs?$AAi?$AAo?$AAn?$AA?$AA@
004014B3: 68 B8 21 40 00 push offset ??_C@_1GE@KOCFNGPB@?$AA_?$AAc?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAf?$AAp?$AA_?$AAs?$AA?$CI?$AA?$CI?$AA?$CI?$AAv?$AAo?$AAi?$AAd?$AA?5?$AA?$CK?$AA?$CJ?$AA0?$AA?$CJ?$AA?0?$AA?5?$AA0?$AAx?$AA0?$AA0?$AA0?$AA1@
004014B8: 68 00 00 03 00 push 30000h
004014BD: 68 00 00 01 00 push 10000h
004014C2: 6A 00 push 0
004014C4: E8 37 05 00 00 call __controlfp_s
004014C9: 83 C4 0C add esp,0Ch
004014CC: 50 push eax
004014CD: E8 0E 00 00 00 call __invoke_watson_if_error
004014D2: 83 C4 18 add esp,18h
004014D5: 5D pop ebp
004014D6: C3 ret
004014D7: CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜ
__invoke_watson_if_error:
004014E0: 8B FF mov edi,edi
004014E2: 55 push ebp
004014E3: 8B EC mov ebp,esp
004014E5: 83 7D 08 00 cmp dword ptr [ebp+8],0
004014E9: 75 02 jne 004014ED
004014EB: EB 19 jmp 00401506
004014ED: 8B 45 1C mov eax,dword ptr [ebp+1Ch]
004014F0: 50 push eax
004014F1: 8B 4D 18 mov ecx,dword ptr [ebp+18h]
004014F4: 51 push ecx
004014F5: 8B 55 14 mov edx,dword ptr [ebp+14h]
004014F8: 52 push edx
004014F9: 8B 45 10 mov eax,dword ptr [ebp+10h]
004014FC: 50 push eax
004014FD: 8B 4D 0C mov ecx,dword ptr [ebp+0Ch]
00401500: 51 push ecx
00401501: E8 00 05 00 00 call __invoke_watson
00401506: 5D pop ebp
00401507: C3 ret
___setusermatherr:
00401508: FF 25 9C 20 40 00 jmp dword ptr [__imp____setusermatherr]
0040150E: CC CC ΜΜ
__matherr:
00401510: 8B FF mov edi,edi
00401512: 55 push ebp
00401513: 8B EC mov ebp,esp
00401515: 33 C0 xor eax,eax
00401517: 5D pop ebp
00401518: C3 ret
00401519: CC CC CC CC CC CC CC ΜΜΜΜΜΜΜ
__setargv:
00401520: 8B FF mov edi,edi
00401522: 55 push ebp
00401523: 8B EC mov ebp,esp
00401525: 33 C0 xor eax,eax
00401527: 5D pop ebp
00401528: C3 ret
00401529: CC CC CC CC CC CC CC ΜΜΜΜΜΜΜ
__RTC_Initialize:
00401530: 8B FF mov edi,edi
00401532: 56 push esi
00401533: BE 58 23 40 00 mov esi,offset ___rtc_izz
00401538: 8B C6 mov eax,esi
0040153A: 3D 58 23 40 00 cmp eax,offset ___rtc_izz
0040153F: 73 13 jae 00401554
00401541: 8B 06 mov eax,dword ptr [esi]
00401543: 85 C0 test eax,eax
00401545: 74 02 je 00401549
00401547: FF D0 call eax
00401549: 83 C6 04 add esi,4
0040154C: 81 FE 58 23 40 00 cmp esi,offset ___rtc_izz
00401552: 72 ED jb 00401541
00401554: 5E pop esi
00401555: C3 ret
00401556: CC CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜΜ
__RTC_Terminate:
00401560: 8B FF mov edi,edi
00401562: 56 push esi
00401563: BE 60 23 40 00 mov esi,offset ___rtc_tzz
00401568: 8B C6 mov eax,esi
0040156A: 3D 60 23 40 00 cmp eax,offset ___rtc_tzz
0040156F: 73 13 jae 00401584
00401571: 8B 06 mov eax,dword ptr [esi]
00401573: 85 C0 test eax,eax
00401575: 74 02 je 00401579
00401577: FF D0 call eax
00401579: 83 C6 04 add esi,4
0040157C: 81 FE 60 23 40 00 cmp esi,offset ___rtc_tzz
00401582: 72 ED jb 00401571
00401584: 5E pop esi
00401585: C3 ret
00401586: CC CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜΜ
__onexit:
00401590: 8B FF mov edi,edi
00401592: 55 push ebp
00401593: 8B EC mov ebp,esp
00401595: 6A FE push 0FFFFFFFEh
00401597: 68 88 23 40 00 push 402388h
0040159C: 68 D0 19 40 00 push offset __except_handler4
004015A1: 64 A1 00 00 00 00 mov eax,dword ptr fs:[00000000h]
004015A7: 50 push eax
004015A8: 83 C4 EC add esp,0FFFFFFECh
004015AB: 53 push ebx
004015AC: 56 push esi
004015AD: 57 push edi
004015AE: A1 20 30 40 00 mov eax,dword ptr [___security_cookie]
004015B3: 31 45 F8 xor dword ptr [ebp-8],eax
004015B6: 33 C5 xor eax,ebp
004015B8: 50 push eax
004015B9: 8D 45 F0 lea eax,[ebp-10h]
004015BC: 64 A3 00 00 00 00 mov dword ptr fs:[00000000h],eax
004015C2: A1 88 33 40 00 mov eax,dword ptr [___onexitbegin]
004015C7: 50 push eax
004015C8: FF 15 20 20 40 00 call dword ptr [__imp__DecodePointer@4]
004015CE: 89 45 E4 mov dword ptr [ebp-1Ch],eax
004015D1: 83 7D E4 FF cmp dword ptr [ebp-1Ch],0FFFFFFFFh
004015D5: 75 12 jne 004015E9
004015D7: 8B 4D 08 mov ecx,dword ptr [ebp+8]
004015DA: 51 push ecx
004015DB: FF 15 5C 20 40 00 call dword ptr [__imp___onexit]
004015E1: 83 C4 04 add esp,4
004015E4: E9 88 00 00 00 jmp 00401671
004015E9: 6A 08 push 8
004015EB: E8 28 04 00 00 call __lock
004015F0: 83 C4 04 add esp,4
004015F3: C7 45 FC 00 00 00 mov dword ptr [ebp-4],0
00
004015FA: 8B 15 88 33 40 00 mov edx,dword ptr [___onexitbegin]
00401600: 52 push edx
00401601: FF 15 20 20 40 00 call dword ptr [__imp__DecodePointer@4]
00401607: 89 45 E4 mov dword ptr [ebp-1Ch],eax
0040160A: A1 84 33 40 00 mov eax,dword ptr [___onexitend]
0040160F: 50 push eax
00401610: FF 15 20 20 40 00 call dword ptr [__imp__DecodePointer@4]
00401616: 89 45 DC mov dword ptr [ebp-24h],eax
00401619: 8D 4D DC lea ecx,[ebp-24h]
0040161C: 51 push ecx
0040161D: 8D 55 E4 lea edx,[ebp-1Ch]
00401620: 52 push edx
00401621: 8B 45 08 mov eax,dword ptr [ebp+8]
00401624: 50 push eax
00401625: FF 15 38 20 40 00 call dword ptr [__imp__EncodePointer@4]
0040162B: 50 push eax
0040162C: E8 E1 03 00 00 call ___dllonexit
00401631: 83 C4 0C add esp,0Ch
00401634: 89 45 E0 mov dword ptr [ebp-20h],eax
00401637: 8B 4D E4 mov ecx,dword ptr [ebp-1Ch]
0040163A: 51 push ecx
0040163B: FF 15 38 20 40 00 call dword ptr [__imp__EncodePointer@4]
00401641: A3 88 33 40 00 mov dword ptr [___onexitbegin],eax
00401646: 8B 55 DC mov edx,dword ptr [ebp-24h]
00401649: 52 push edx
0040164A: FF 15 38 20 40 00 call dword ptr [__imp__EncodePointer@4]
00401650: A3 84 33 40 00 mov dword ptr [___onexitend],eax
00401655: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
0040165C: E8 02 00 00 00 call 00401663
00401661: EB 0B jmp 0040166E
00401663: 6A 08 push 8
00401665: E8 A2 03 00 00 call __unlock
0040166A: 83 C4 04 add esp,4
0040166D: C3 ret
0040166E: 8B 45 E0 mov eax,dword ptr [ebp-20h]
00401671: 8B 4D F0 mov ecx,dword ptr [ebp-10h]
00401674: 64 89 0D 00 00 00 mov dword ptr fs:[0],ecx
00
0040167B: 59 pop ecx
0040167C: 5F pop edi
0040167D: 5E pop esi
0040167E: 5B pop ebx
0040167F: 8B E5 mov esp,ebp
00401681: 5D pop ebp
00401682: C3 ret
00401683: CC CC CC CC CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜΜΜΜΜ
_atexit:
00401690: 8B FF mov edi,edi
00401692: 55 push ebp
00401693: 8B EC mov ebp,esp
00401695: 8B 45 08 mov eax,dword ptr [ebp+8]
00401698: 50 push eax
00401699: E8 F2 FE FF FF call __onexit
0040169E: 83 C4 04 add esp,4
004016A1: F7 D8 neg eax
004016A3: 1B C0 sbb eax,eax
004016A5: F7 D8 neg eax
004016A7: 83 E8 01 sub eax,1
004016AA: 5D pop ebp
004016AB: C3 ret
___set_app_type:
004016AC: FF 25 90 20 40 00 jmp dword ptr [__imp____set_app_type]
__amsg_exit:
004016B2: FF 25 8C 20 40 00 jmp dword ptr [__imp___amsg_exit]
___getmainargs:
004016B8: FF 25 88 20 40 00 jmp dword ptr [__imp____getmainargs]
004016BE: CC CC ΜΜ
___security_init_cookie:
004016C0: 8B FF mov edi,edi
004016C2: 55 push ebp
004016C3: 8B EC mov ebp,esp
004016C5: 83 EC 18 sub esp,18h
004016C8: C7 45 F8 00 00 00 mov dword ptr [ebp-8],0
00
004016CF: C7 45 FC 00 00 00 mov dword ptr [ebp-4],0
00
004016D6: 81 3D 20 30 40 00 cmp dword ptr [___security_cookie],0BB40E64Eh
4E E6 40 BB
004016E0: 74 1F je 00401701
004016E2: A1 20 30 40 00 mov eax,dword ptr [___security_cookie]
004016E7: 25 00 00 FF FF and eax,0FFFF0000h
004016EC: 74 13 je 00401701
004016EE: 8B 0D 20 30 40 00 mov ecx,dword ptr [___security_cookie]
004016F4: F7 D1 not ecx
004016F6: 89 0D 24 30 40 00 mov dword ptr [___security_cookie_complement],ecx
004016FC: E9 9B 00 00 00 jmp 0040179C
00401701: 8D 55 F8 lea edx,[ebp-8]
00401704: 52 push edx
00401705: FF 15 0C 20 40 00 call dword ptr [__imp__GetSystemTimeAsFileTime@4]
0040170B: 8B 45 F8 mov eax,dword ptr [ebp-8]
0040170E: 89 45 F4 mov dword ptr [ebp-0Ch],eax
00401711: 8B 4D F4 mov ecx,dword ptr [ebp-0Ch]
00401714: 33 4D FC xor ecx,dword ptr [ebp-4]
00401717: 89 4D F4 mov dword ptr [ebp-0Ch],ecx
0040171A: FF 15 10 20 40 00 call dword ptr [__imp__GetCurrentProcessId@0]
00401720: 33 45 F4 xor eax,dword ptr [ebp-0Ch]
00401723: 89 45 F4 mov dword ptr [ebp-0Ch],eax
00401726: FF 15 14 20 40 00 call dword ptr [__imp__GetCurrentThreadId@0]
0040172C: 33 45 F4 xor eax,dword ptr [ebp-0Ch]
0040172F: 89 45 F4 mov dword ptr [ebp-0Ch],eax
00401732: FF 15 18 20 40 00 call dword ptr [__imp__GetTickCount@0]
00401738: 33 45 F4 xor eax,dword ptr [ebp-0Ch]
0040173B: 89 45 F4 mov dword ptr [ebp-0Ch],eax
0040173E: 8D 55 E8 lea edx,[ebp-18h]
00401741: 52 push edx
00401742: FF 15 1C 20 40 00 call dword ptr [__imp__QueryPerformanceCounter@4]
00401748: 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
0040174B: 33 45 E8 xor eax,dword ptr [ebp-18h]
0040174E: 89 45 F4 mov dword ptr [ebp-0Ch],eax
00401751: 8B 4D F4 mov ecx,dword ptr [ebp-0Ch]
00401754: 33 4D EC xor ecx,dword ptr [ebp-14h]
00401757: 89 4D F4 mov dword ptr [ebp-0Ch],ecx
0040175A: 81 7D F4 4E E6 40 cmp dword ptr [ebp-0Ch],0BB40E64Eh
BB
00401761: 75 09 jne 0040176C
00401763: C7 45 F4 4F E6 40 mov dword ptr [ebp-0Ch],0BB40E64Fh
BB
0040176A: EB 1C jmp 00401788
0040176C: 8B 55 F4 mov edx,dword ptr [ebp-0Ch]
0040176F: 81 E2 00 00 FF FF and edx,0FFFF0000h
00401775: 75 11 jne 00401788
00401777: 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
0040177A: 0D 11 47 00 00 or eax,4711h
0040177F: C1 E0 10 shl eax,10h
00401782: 0B 45 F4 or eax,dword ptr [ebp-0Ch]
00401785: 89 45 F4 mov dword ptr [ebp-0Ch],eax
00401788: 8B 4D F4 mov ecx,dword ptr [ebp-0Ch]
0040178B: 89 0D 20 30 40 00 mov dword ptr [___security_cookie],ecx
00401791: 8B 55 F4 mov edx,dword ptr [ebp-0Ch]
00401794: F7 D2 not edx
00401796: 89 15 24 30 40 00 mov dword ptr [___security_cookie_complement],edx
0040179C: 8B E5 mov esp,ebp
0040179E: 5D pop ebp
0040179F: C3 ret
__exit:
004017A0: FF 25 84 20 40 00 jmp dword ptr [__imp___exit]
__XcptFilter:
004017A6: FF 25 80 20 40 00 jmp dword ptr [__imp___XcptFilter]
__cexit:
004017AC: FF 25 7C 20 40 00 jmp dword ptr [__imp___cexit]
_exit:
004017B2: FF 25 78 20 40 00 jmp dword ptr [__imp__exit]
__CrtSetCheckCount:
004017B8: FF 25 70 20 40 00 jmp dword ptr [__imp___CrtSetCheckCount]
004017BE: CC CC ΜΜ
__ValidateImageBase:
004017C0: 8B FF mov edi,edi
004017C2: 55 push ebp
004017C3: 8B EC mov ebp,esp
004017C5: 83 EC 0C sub esp,0Ch
004017C8: 8B 45 08 mov eax,dword ptr [ebp+8]
004017CB: 89 45 F8 mov dword ptr [ebp-8],eax
004017CE: 8B 4D F8 mov ecx,dword ptr [ebp-8]
004017D1: 0F B7 11 movzx edx,word ptr [ecx]
004017D4: 81 FA 4D 5A 00 00 cmp edx,5A4Dh
004017DA: 74 04 je 004017E0
004017DC: 33 C0 xor eax,eax
004017DE: EB 3B jmp 0040181B
004017E0: 8B 45 F8 mov eax,dword ptr [ebp-8]
004017E3: 8B 4D F8 mov ecx,dword ptr [ebp-8]
004017E6: 03 48 3C add ecx,dword ptr [eax+3Ch]
004017E9: 89 4D F4 mov dword ptr [ebp-0Ch],ecx
004017EC: 8B 55 F4 mov edx,dword ptr [ebp-0Ch]
004017EF: 81 3A 50 45 00 00 cmp dword ptr [edx],4550h
004017F5: 74 04 je 004017FB
004017F7: 33 C0 xor eax,eax
004017F9: EB 20 jmp 0040181B
004017FB: 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
004017FE: 83 C0 18 add eax,18h
00401801: 89 45 FC mov dword ptr [ebp-4],eax
00401804: 8B 4D FC mov ecx,dword ptr [ebp-4]
00401807: 0F B7 11 movzx edx,word ptr [ecx]
0040180A: 81 FA 0B 01 00 00 cmp edx,10Bh
00401810: 74 04 je 00401816
00401812: 33 C0 xor eax,eax
00401814: EB 05 jmp 0040181B
00401816: B8 01 00 00 00 mov eax,1
0040181B: 8B E5 mov esp,ebp
0040181D: 5D pop ebp
0040181E: C3 ret
0040181F: CC Μ
__FindPESection:
00401820: 8B FF mov edi,edi
00401822: 55 push ebp
00401823: 8B EC mov ebp,esp
00401825: 83 EC 0C sub esp,0Ch
00401828: 8B 45 08 mov eax,dword ptr [ebp+8]
0040182B: 8B 4D 08 mov ecx,dword ptr [ebp+8]
0040182E: 03 48 3C add ecx,dword ptr [eax+3Ch]
00401831: 89 4D FC mov dword ptr [ebp-4],ecx
00401834: C7 45 F8 00 00 00 mov dword ptr [ebp-8],0
00
0040183B: 8B 55 FC mov edx,dword ptr [ebp-4]
0040183E: 0F B7 42 14 movzx eax,word ptr [edx+14h]
00401842: 8B 4D FC mov ecx,dword ptr [ebp-4]
00401845: 8D 54 01 18 lea edx,[ecx+eax+18h]
00401849: 89 55 F4 mov dword ptr [ebp-0Ch],edx
0040184C: EB 12 jmp 00401860
0040184E: 8B 45 F8 mov eax,dword ptr [ebp-8]
00401851: 83 C0 01 add eax,1
00401854: 89 45 F8 mov dword ptr [ebp-8],eax
00401857: 8B 4D F4 mov ecx,dword ptr [ebp-0Ch]
0040185A: 83 C1 28 add ecx,28h
0040185D: 89 4D F4 mov dword ptr [ebp-0Ch],ecx
00401860: 8B 55 FC mov edx,dword ptr [ebp-4]
00401863: 0F B7 42 06 movzx eax,word ptr [edx+6]
00401867: 39 45 F8 cmp dword ptr [ebp-8],eax
0040186A: 73 23 jae 0040188F
0040186C: 8B 4D F4 mov ecx,dword ptr [ebp-0Ch]
0040186F: 8B 55 0C mov edx,dword ptr [ebp+0Ch]
00401872: 3B 51 0C cmp edx,dword ptr [ecx+0Ch]
00401875: 72 16 jb 0040188D
00401877: 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
0040187A: 8B 48 0C mov ecx,dword ptr [eax+0Ch]
0040187D: 8B 55 F4 mov edx,dword ptr [ebp-0Ch]
00401880: 03 4A 08 add ecx,dword ptr [edx+8]
00401883: 39 4D 0C cmp dword ptr [ebp+0Ch],ecx
00401886: 73 05 jae 0040188D
00401888: 8B 45 F4 mov eax,dword ptr [ebp-0Ch]
0040188B: EB 04 jmp 00401891
0040188D: EB BF jmp 0040184E
0040188F: 33 C0 xor eax,eax
00401891: 8B E5 mov esp,ebp
00401893: 5D pop ebp
00401894: C3 ret
00401895: CC CC CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜΜΜ
__IsNonwritableInCurrentImage:
004018A0: 8B FF mov edi,edi
004018A2: 55 push ebp
004018A3: 8B EC mov ebp,esp
004018A5: 6A FE push 0FFFFFFFEh
004018A7: 68 A8 23 40 00 push 4023A8h
004018AC: 68 D0 19 40 00 push offset __except_handler4
004018B1: 64 A1 00 00 00 00 mov eax,dword ptr fs:[00000000h]
004018B7: 50 push eax
004018B8: 83 C4 D8 add esp,0FFFFFFD8h
004018BB: 53 push ebx
004018BC: 56 push esi
004018BD: 57 push edi
004018BE: A1 20 30 40 00 mov eax,dword ptr [___security_cookie]
004018C3: 31 45 F8 xor dword ptr [ebp-8],eax
004018C6: 33 C5 xor eax,ebp
004018C8: 50 push eax
004018C9: 8D 45 F0 lea eax,[ebp-10h]
004018CC: 64 A3 00 00 00 00 mov dword ptr fs:[00000000h],eax
004018D2: 89 65 E8 mov dword ptr [ebp-18h],esp
004018D5: C7 45 E4 00 00 40 mov dword ptr [ebp-1Ch],400000h
00
004018DC: C7 45 FC 00 00 00 mov dword ptr [ebp-4],0
00
004018E3: 8B 45 E4 mov eax,dword ptr [ebp-1Ch]
004018E6: 50 push eax
004018E7: E8 D4 FE FF FF call __ValidateImageBase
004018EC: 83 C4 04 add esp,4
004018EF: 85 C0 test eax,eax
004018F1: 75 16 jne 00401909
004018F3: C7 45 D4 00 00 00 mov dword ptr [ebp-2Ch],0
00
004018FA: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
00401901: 8B 45 D4 mov eax,dword ptr [ebp-2Ch]
00401904: E9 97 00 00 00 jmp 004019A0
00401909: 8B 4D 08 mov ecx,dword ptr [ebp+8]
0040190C: 2B 4D E4 sub ecx,dword ptr [ebp-1Ch]
0040190F: 89 4D DC mov dword ptr [ebp-24h],ecx
00401912: 8B 55 DC mov edx,dword ptr [ebp-24h]
00401915: 52 push edx
00401916: 8B 45 E4 mov eax,dword ptr [ebp-1Ch]
00401919: 50 push eax
0040191A: E8 01 FF FF FF call __FindPESection
0040191F: 83 C4 08 add esp,8
00401922: 89 45 E0 mov dword ptr [ebp-20h],eax
00401925: 83 7D E0 00 cmp dword ptr [ebp-20h],0
00401929: 75 13 jne 0040193E
0040192B: C7 45 D0 00 00 00 mov dword ptr [ebp-30h],0
00
00401932: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
00401939: 8B 45 D0 mov eax,dword ptr [ebp-30h]
0040193C: EB 62 jmp 004019A0
0040193E: 8B 4D E0 mov ecx,dword ptr [ebp-20h]
00401941: 8B 51 24 mov edx,dword ptr [ecx+24h]
00401944: 81 E2 00 00 00 80 and edx,80000000h
0040194A: F7 DA neg edx
0040194C: 1B D2 sbb edx,edx
0040194E: 83 C2 01 add edx,1
00401951: 89 55 CC mov dword ptr [ebp-34h],edx
00401954: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
0040195B: 8B 45 CC mov eax,dword ptr [ebp-34h]
0040195E: EB 40 jmp 004019A0
00401960: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
00401967: EB 37 jmp 004019A0
00401969: 8B 45 EC mov eax,dword ptr [ebp-14h]
0040196C: 8B 08 mov ecx,dword ptr [eax]
0040196E: 8B 11 mov edx,dword ptr [ecx]
00401970: 89 55 D8 mov dword ptr [ebp-28h],edx
00401973: 8B 45 D8 mov eax,dword ptr [ebp-28h]
00401976: 33 C9 xor ecx,ecx
00401978: 3D 05 00 00 C0 cmp eax,0C0000005h
0040197D: 0F 94 C1 sete cl
00401980: 8B C1 mov eax,ecx
00401982: C3 ret
00401983: 8B 65 E8 mov esp,dword ptr [ebp-18h]
00401986: C7 45 C8 00 00 00 mov dword ptr [ebp-38h],0
00
0040198D: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
00401994: 8B 45 C8 mov eax,dword ptr [ebp-38h]
00401997: EB 07 jmp 004019A0
00401999: C7 45 FC FE FF FF mov dword ptr [ebp-4],0FFFFFFFEh
FF
004019A0: 8B 4D F0 mov ecx,dword ptr [ebp-10h]
004019A3: 64 89 0D 00 00 00 mov dword ptr fs:[0],ecx
00
004019AA: 59 pop ecx
004019AB: 5F pop edi
004019AC: 5E pop esi
004019AD: 5B pop ebx
004019AE: 8B E5 mov esp,ebp
004019B0: 5D pop ebp
004019B1: C3 ret
__CrtDbgReportW:
004019B2: FF 25 6C 20 40 00 jmp dword ptr [__imp___CrtDbgReportW]
__initterm:
004019B8: FF 25 68 20 40 00 jmp dword ptr [__imp___initterm]
__initterm_e:
004019BE: FF 25 50 20 40 00 jmp dword ptr [__imp___initterm_e]
004019C4: CC CC CC CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜΜΜΜ
__except_handler4:
004019D0: 8B FF mov edi,edi
004019D2: 55 push ebp
004019D3: 8B EC mov ebp,esp
004019D5: 8B 45 14 mov eax,dword ptr [ebp+14h]
004019D8: 50 push eax
004019D9: 8B 4D 10 mov ecx,dword ptr [ebp+10h]
004019DC: 51 push ecx
004019DD: 8B 55 0C mov edx,dword ptr [ebp+0Ch]
004019E0: 52 push edx
004019E1: 8B 45 08 mov eax,dword ptr [ebp+8]
004019E4: 50 push eax
004019E5: 68 30 1A 40 00 push offset @__security_check_cookie@4
004019EA: 68 20 30 40 00 push offset ___security_cookie
004019EF: E8 2A 00 00 00 call __except_handler4_common
004019F4: 83 C4 18 add esp,18h
004019F7: 5D pop ebp
004019F8: C3 ret
004019F9: CC Μ
?terminate@@YAXXZ:
004019FA: FF 25 44 20 40 00 jmp dword ptr [__imp_?terminate@@YAXXZ]
__controlfp_s:
00401A00: FF 25 48 20 40 00 jmp dword ptr [__imp___controlfp_s]
__invoke_watson:
00401A06: FF 25 4C 20 40 00 jmp dword ptr [__imp___invoke_watson]
__unlock:
00401A0C: FF 25 A4 20 40 00 jmp dword ptr [__imp___unlock]
___dllonexit:
00401A12: FF 25 54 20 40 00 jmp dword ptr [__imp____dllonexit]
__lock:
00401A18: FF 25 58 20 40 00 jmp dword ptr [__imp___lock]
__except_handler4_common:
00401A1E: FF 25 60 20 40 00 jmp dword ptr [__imp___except_handler4_common]
00401A24: CC CC CC CC CC CC CC CC CC CC CC CC ΜΜΜΜΜΜΜΜΜΜΜΜ
@__security_check_cookie@4:
00401A30: 3B 0D 20 30 40 00 cmp ecx,dword ptr [___security_cookie]
00401A36: 75 02 jne 00401A3A
00401A38: F3 C3 rep ret
00401A3A: E9 01 00 00 00 jmp ___report_gsfailure
00401A3F: CC Μ
___report_gsfailure:
00401A40: 8B FF mov edi,edi
00401A42: 55 push ebp
00401A43: 8B EC mov ebp,esp
00401A45: 81 EC 28 03 00 00 sub esp,328h
00401A4B: A3 60 31 40 00 mov dword ptr ds:[00403160h],eax
00401A50: 89 0D 5C 31 40 00 mov dword ptr ds:[40315Ch],ecx
00401A56: 89 15 58 31 40 00 mov dword ptr ds:[403158h],edx
00401A5C: 89 1D 54 31 40 00 mov dword ptr ds:[403154h],ebx
00401A62: 89 35 50 31 40 00 mov dword ptr ds:[403150h],esi
00401A68: 89 3D 4C 31 40 00 mov dword ptr ds:[40314Ch],edi
00401A6E: 66 8C 15 78 31 40 mov word ptr ds:[403178h],ss
00
00401A75: 66 8C 0D 6C 31 40 mov word ptr ds:[40316Ch],cs
00
00401A7C: 66 8C 1D 48 31 40 mov word ptr ds:[403148h],ds
00
00401A83: 66 8C 05 44 31 40 mov word ptr ds:[403144h],es
00
00401A8A: 66 8C 25 40 31 40 mov word ptr ds:[403140h],fs
00
00401A91: 66 8C 2D 3C 31 40 mov word ptr ds:[40313Ch],gs
00
00401A98: 9C pushfd
00401A99: 8F 05 70 31 40 00 pop dword ptr ds:[403170h]
00401A9F: 8B 45 00 mov eax,dword ptr [ebp]
00401AA2: A3 64 31 40 00 mov dword ptr ds:[00403164h],eax
00401AA7: 8B 45 04 mov eax,dword ptr [ebp+4]
00401AAA: A3 68 31 40 00 mov dword ptr ds:[00403168h],eax
00401AAF: 8D 45 08 lea eax,[ebp+8]
00401AB2: A3 74 31 40 00 mov dword ptr ds:[00403174h],eax
00401AB7: 8B 85 E0 FC FF FF mov eax,dword ptr [ebp-320h]
00401ABD: C7 05 B0 30 40 00 mov dword ptr ds:[4030B0h],10001h
01 00 01 00
00401AC7: A1 68 31 40 00 mov eax,dword ptr ds:[00403168h]
00401ACC: A3 64 30 40 00 mov dword ptr ds:[00403064h],eax
00401AD1: C7 05 58 30 40 00 mov dword ptr ds:[403058h],0C0000409h
09 04 00 C0
00401ADB: C7 05 5C 30 40 00 mov dword ptr ds:[40305Ch],1
01 00 00 00
00401AE5: 8B 0D 20 30 40 00 mov ecx,dword ptr [___security_cookie]
00401AEB: 89 8D D8 FC FF FF mov dword ptr [ebp-328h],ecx
00401AF1: 8B 15 24 30 40 00 mov edx,dword ptr [___security_cookie_complement]
00401AF7: 89 95 DC FC FF FF mov dword ptr [ebp-324h],edx
00401AFD: FF 15 3C 20 40 00 call dword ptr [__imp__IsDebuggerPresent@0]
00401B03: A3 A8 30 40 00 mov dword ptr ds:[004030A8h],eax
00401B08: 6A 01 push 1
00401B0A: E8 3F 00 00 00 call __crt_debugger_hook
00401B0F: 83 C4 04 add esp,4
00401B12: 6A 00 push 0
00401B14: FF 15 24 20 40 00 call dword ptr [__imp__SetUnhandledExceptionFilter@4]
00401B1A: 68 B0 22 40 00 push 4022B0h
00401B1F: FF 15 00 20 40 00 call dword ptr [__imp__UnhandledExceptionFilter@4]
00401B25: 83 3D A8 30 40 00 cmp dword ptr ds:[4030A8h],0
00
00401B2C: 75 0A jne 00401B38
00401B2E: 6A 01 push 1
00401B30: E8 19 00 00 00 call __crt_debugger_hook
00401B35: 83 C4 04 add esp,4
00401B38: 68 09 04 00 C0 push 0C0000409h
00401B3D: FF 15 04 20 40 00 call dword ptr [__imp__GetCurrentProcess@0]
00401B43: 50 push eax
00401B44: FF 15 08 20 40 00 call dword ptr [__imp__TerminateProcess@8]
00401B4A: 8B E5 mov esp,ebp
00401B4C: 5D pop ebp
00401B4D: C3 ret
__crt_debugger_hook:
00401B4E: FF 25 64 20 40 00 jmp dword ptr [__imp___crt_debugger_hook]
_EncodePointer@4:
00401B54: FF 25 38 20 40 00 jmp dword ptr [__imp__EncodePointer@4]
_InterlockedExchange@8:
00401B5A: FF 25 34 20 40 00 jmp dword ptr [__imp__InterlockedExchange@8]
_Sleep@4:
00401B60: FF 25 30 20 40 00 jmp dword ptr [__imp__Sleep@4]
_InterlockedCompareExchange@12:
00401B66: FF 25 2C 20 40 00 jmp dword ptr [__imp__InterlockedCompareExchange@12]
_HeapSetInformation@16:
00401B6C: FF 25 28 20 40 00 jmp dword ptr [__imp__HeapSetInformation@16]
_SetUnhandledExceptionFilter@4:
00401B72: FF 25 24 20 40 00 jmp dword ptr [__imp__SetUnhandledExceptionFilter@4]
_DecodePointer@4:
00401B78: FF 25 20 20 40 00 jmp dword ptr [__imp__DecodePointer@4]
_QueryPerformanceCounter@4:
00401B7E: FF 25 1C 20 40 00 jmp dword ptr [__imp__QueryPerformanceCounter@4]
_GetTickCount@0:
00401B84: FF 25 18 20 40 00 jmp dword ptr [__imp__GetTickCount@0]
_GetCurrentThreadId@0:
00401B8A: FF 25 14 20 40 00 jmp dword ptr [__imp__GetCurrentThreadId@0]
_GetCurrentProcessId@0:
00401B90: FF 25 10 20 40 00 jmp dword ptr [__imp__GetCurrentProcessId@0]
_GetSystemTimeAsFileTime@4:
00401B96: FF 25 0C 20 40 00 jmp dword ptr [__imp__GetSystemTimeAsFileTime@4]
_TerminateProcess@8:
00401B9C: FF 25 08 20 40 00 jmp dword ptr [__imp__TerminateProcess@8]
_GetCurrentProcess@0:
00401BA2: FF 25 04 20 40 00 jmp dword ptr [__imp__GetCurrentProcess@0]
_UnhandledExceptionFilter@4:
00401BA8: FF 25 00 20 40 00 jmp dword ptr [__imp__UnhandledExceptionFilter@4]
_IsDebuggerPresent@0:
00401BAE: FF 25 3C 20 40 00 jmp dword ptr [__imp__IsDebuggerPresent@0]
Summary
1000 .data
1000 .rdata
1000 .rsrc
1000 .text
C4Decompiler release 0.6.1
.png)
Mixed C/Assembler for part of __tmainCRTStartup:
.png)
Copyright © 2012 C4IT Ltd. (New Zealand)