A few functions from the old Razor911.dll-------------------------------------

1. A few functions from the old Razor911.dll
2. -------------------------------------------
3. BOOL sub_10001050()
4. {
5.   HWND v0; // eax@1
6.   HWND v1; // ebx@1
7.   void *v2; // eax@1
8.   void *v3; // esi@1
9.   void *v4; // ebx@11
10.   struct tagRECT Rect; // [sp+14h] [bp-5Ch]@1
11.   struct tagMSG Msg; // [sp+24h] [bp-4Ch]@5
12.   WNDCLASSEXW v8; // [sp+40h] [bp-30h]@1
13.  
14.   v8.cbSize = 48;
15.   v8.style = 64;
16.   v8.lpfnWndProc = (WNDPROC)sub_10001000;
17.   v8.cbClsExtra = 0;
18.   v8.cbWndExtra = 0;
19.   v8.hInstance = GetModuleHandleW(0);
20.   v8.hIcon = 0;
21.   v8.hCursor = 0;
22.   v8.hbrBackground = 0;
23.   v8.lpszMenuName = 0;
24.   v8.lpszClassName = L"Razor1911";
25.   v8.hIconSm = 0;
26.   RegisterClassExW(&v8);
27.   v0 = GetDesktopWindow();
28.   GetClientRect(v0, &Rect);
29.   v1 = CreateWindowExW(
30.          0,
31.          L"Razor1911",
32.          L"Razor 1911",
33.          0x80000000,
34.          (Rect.right - Rect.left - 800) >> 1,
35.          (Rect.bottom - Rect.top - 300) >> 1,
36.          800,
37.          300,
38.          0,
39.          0,
40.          v8.hInstance,
41.          0);
42.   v2 = operator new(0x58u);
43.   v3 = v2;
44.   if ( v2 )
45.   {
46.     *((float *)v2 + 6) = 0.0;
47.     *(_BYTE *)v2 = 1;
48.     *((_DWORD *)v2 + 7) = 0;
49.     *((_DWORD *)v2 + 8) = 0;
50.     *((_DWORD *)v2 + 11) = 0;
51.     *((_DWORD *)v2 + 12) = 0;
52.     *((_DWORD *)v2 + 14) = 0;
53.     *((_DWORD *)v2 + 15) = 0;
54.     *((_DWORD *)v2 + 16) = 0;
55.     *((_DWORD *)v2 + 21) = 0;
56.     QueryPerformanceFrequency((LARGE_INTEGER *)v2 + 1);
57.   }
58.   else
59.   {
60.     v3 = 0;
61.   }
62.   dword_10040E44 = v3;
63.   if ( !sub_10001350(v1) )
64.   {
65.     Msg.hwnd = 0;
66.     Msg.message = 0;
67.     Msg.wParam = 0;
68.     Msg.lParam = 0;
69.     Msg.time = 0;
70.     Msg.pt.x = 0;
71.     Msg.pt.y = 0;
72.     do
73.     {
74.       if ( PeekMessageW(&Msg, 0, 0, 0, 1u) )
75.       {
76.         TranslateMessage(&Msg);
77.         DispatchMessageW(&Msg);
78.       }
79.       else if ( sub_100016D0() )
80.       {
81.         DestroyWindow(v1);
82.       }
83.     }
84.     while ( Msg.message != 18 );
85.   }
86.   v4 = dword_10040E44;
87.   if ( dword_10040E44 )
88.   {
89.     sub_100012C0((int)dword_10040E44);
90.     operator delete(v4);
91.   }
92.   return UnregisterClassW(L"Razor1911", v8.hInstance);
93. }
94. -------------------------------------------------------
95. int __usercall sub_100012C0@<eax>(int a1@<esi>)
96. {
97.   int v1; // eax@5
98.   int v2; // eax@7
99.   int v3; // eax@9
100.   int v4; // eax@11
101.   int v5; // eax@13
102.   int result; // eax@15
103.  
104.   if ( *(_DWORD *)(a1 + 84) )
105.     sub_100020A0(*(void **)(a1 + 84));
106.   if ( *(_DWORD *)(a1 + 48) )
107.     DeleteObject(*(HGDIOBJ *)(a1 + 48));
108.   v1 = *(_DWORD *)(a1 + 64);
109.   if ( v1 )
110.   {
111.     (*(void (__stdcall **)(_DWORD))(*(_DWORD *)v1 + 8))(*(_DWORD *)(a1 + 64));
112.     *(_DWORD *)(a1 + 64) = 0;
113.   }
114.   v2 = *(_DWORD *)(a1 + 60);
115.   if ( v2 )
116.   {
117.     (*(void (__stdcall **)(_DWORD))(*(_DWORD *)v2 + 8))(*(_DWORD *)(a1 + 60));
118.     *(_DWORD *)(a1 + 60) = 0;
119.   }
120.   v3 = *(_DWORD *)(a1 + 56);
121.   if ( v3 )
122.   {
123.     (*(void (__stdcall **)(_DWORD))(*(_DWORD *)v3 + 8))(*(_DWORD *)(a1 + 56));
124.     *(_DWORD *)(a1 + 56) = 0;
125.   }
126.   v4 = *(_DWORD *)(a1 + 44);
127.   if ( v4 )
128.   {
129.     (*(void (__stdcall **)(_DWORD))(*(_DWORD *)v4 + 8))(*(_DWORD *)(a1 + 44));
130.     *(_DWORD *)(a1 + 44) = 0;
131.   }
132.   v5 = *(_DWORD *)(a1 + 32);
133.   if ( v5 )
134.   {
135.     (*(void (__stdcall **)(_DWORD))(*(_DWORD *)v5 + 8))(*(_DWORD *)(a1 + 32));
136.     *(_DWORD *)(a1 + 32) = 0;
137.   }
138.   result = *(_DWORD *)(a1 + 28);
139.   if ( result )
140.   {
141.     result = (*(int (__stdcall **)(_DWORD))(*(_DWORD *)result + 8))(*(_DWORD *)(a1 + 28));
142.     *(_DWORD *)(a1 + 28) = 0;
143.   }
144.   return result;
145. }
146. -------------------------------------------------------
147. char *__stdcall sub_1000462C(int a1, int a2, int a3, HANDLE Process)
148. {
149.   HWND v4; // esi@6
150.   DWORD v6; // eax@9
151.   char v7; // [sp+0h] [bp-90h]@1
152.   int v8; // [sp+10h] [bp-80h]@12
153.   LPVOID lpBaseAddress; // [sp+14h] [bp-7Ch]@15
154.   LPVOID v10; // [sp+18h] [bp-78h]@15
155.   SIZE_T NumberOfBytesRead; // [sp+40h] [bp-50h]@12
156.   int Buffer; // [sp+44h] [bp-4Ch]@1
157.   char v13; // [sp+48h] [bp-48h]@1
158.  
159.   Buffer = 1;
160.   qmemcpy(&v7, L"GTAIV.exe", 0x17u);
161.   qmemcpy(&v13, &unk_1001B240, 0x40u);
162.   if ( a2 == 43858 )
163.   {
164.     ReadProcessMemory(hProcess, Process, &v7, 0x40u, &NumberOfBytesRead);
165.     switch ( v8 )
166.     {
167.       case 18:
168.         WriteProcessMemory(hProcess, v10, &v13, 0x40u, &NumberOfBytesRead);
169.         break;
170.       case 100:
171.         WriteProcessMemory(hProcess, lpBaseAddress, &Buffer, 4u, &NumberOfBytesRead);
172.         break;
173.       case 51:
174.         return (char *)lpBaseAddress + (_DWORD)v10;
175.     }
176.   }
177.   else
178.   {
179.     if ( a2 == 43860 )
180.     {
181.       v4 = hWnd;
182.       hWnd = (HWND)Process;
183.       CreateThread(0, 0x1000u, (LPTHREAD_START_ROUTINE)sub_100047C4, Process, 0, (LPDWORD)&v7);
184.       return (char *)v4;
185.     }
186.     if ( a2 != 43869 )
187.       return (char *)1;
188.     if ( a3 == 1 )
189.     {
190.       hWnd = 0;
191.       hProcess = Process;
192.       v6 = GetProcessId(Process);
193.       sprintf(&v7, "v7_%04d", v6 ^ 0x19EA3FD3);
194.       CreateEventA(0, 1, 1, &v7);
195.       return (char *)100;
196.     }
197.     if ( a3 == 2 )
198.     {
199.       v4 = (HWND)calloc(1u, 0x14u);
200.       memcpy(v4, &v7, 0x12u);
201.       return (char *)v4;
202.     }
203.   }
204.   return 0;
205. }