API tools faq
paste
Guest User

Untitled

a guest
Jun 19th, 2018
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.90 KB | None | 0 0
raw download clone embed print report
  1. .text:000003F9 ; =============== S U B R O U T I N E =======================================
  2. .text:000003F9
  3. .text:000003F9 ; Attributes: bp-based frame
  4. .text:000003F9
  5. .text:000003F9 ; int __stdcall _AhnHS_StartService()
  6. .text:000003F9 public __AhnHS_StartService@0
  7. .text:000003F9 __AhnHS_StartService@0 proc near
  8. .text:000003F9
  9. .text:000003F9 var_10 = dword ptr -10h
  10. .text:000003F9 var_C = dword ptr -0Ch
  11. .text:000003F9 var_8 = dword ptr -8
  12. .text:000003F9 var_4 = dword ptr -4
  13. .text:000003F9
  14. .text:000003F9 push ebp
  15. .text:000003FA mov ebp, esp
  16. .text:000003FC sub esp, 10h
  17. .text:000003FF mov [ebp+var_4], 0
  18. .text:00000406 cmp ds:?g_hInstLib@@3PAUHINSTANCE__@@A, 0 ; HINSTANCE__ * g_hInstLib
  19. .text:0000040D jz short loc_418
  20. .text:0000040F cmp ds:_g_pfnSecureFunctionCall, 0
  21. .text:00000416 jnz short loc_421
  22. .text:00000418
  23. .text:00000418 loc_418: ; CODE XREF: _AhnHS_StartService()+14j
  24. .text:00000418 mov [ebp+var_4], 3
  25. .text:0000041F jmp short loc_478
  26. .text:00000421 ; ---------------------------------------------------------------------------
  27. .text:00000421
  28. .text:00000421 loc_421: ; CODE XREF: _AhnHS_StartService()+1Dj
  29. .text:00000421 lea eax, [ebp+var_4]
  30. .text:00000424 push eax
  31. .text:00000425 push 0
  32. .text:00000427 push 5
  33. .text:00000429 call ds:_g_pfnSecureFunctionCall
  34. .text:0000042F and eax, 0FFh
  35. .text:00000434 cmp eax, 1
  36. .text:00000437 jz short loc_440 // you want to go to cmp g_buseMonitor
  37. .text:00000439 mov [ebp+var_4], 1 // this makes the return HS_ERR1
  38. .text:00000440
  39. .text:00000440 loc_440: ; CODE XREF: _AhnHS_StartService()+3Ej
  40. .text:00000440 ; _AhnHS_StartService():loc_478j
  41. .text:00000440 cmp ds:?g_bUseMonitor@@3HA, 0 ; int g_bUseMonitor
  42. .text:00000447 jz short loc_473 // you want to jump
  43. .text:00000449 cmp [ebp+var_4], 0
  44. .text:0000044D jz short loc_473
  45. .text:0000044F mov [ebp+var_8], 0
  46. .text:00000456 mov ecx, [ebp+var_4]
  47. .text:00000459 mov [ebp+var_10], ecx
  48. .text:0000045C mov [ebp+var_C], offset $SG78338
  49. .text:00000463 lea edx, [ebp+var_8]
  50. .text:00000466 push edx
  51. .text:00000467 lea eax, [ebp+var_10]
  52. .text:0000046A push eax
  53. .text:0000046B push 12h
  54. .text:0000046D call ds:_g_pfnSecureFunctionCall
  55. .text:00000473
  56. .text:00000473 loc_473: ; CODE XREF: _AhnHS_StartService()+4Ej
  57. .text:00000473 ; _AhnHS_StartService()+54j
  58. .text:00000473 mov eax, [ebp+var_4]
  59. .text:00000476 jmp short loc_47A // oh look code exit
  60. .text:00000478 ; ---------------------------------------------------------------------------
  61. .text:00000478
  62. .text:00000478 loc_478: ; CODE XREF: _AhnHS_StartService()+26j
  63. .text:00000478 jmp short loc_440
  64. .text:0000047A ; ---------------------------------------------------------------------------
  65. .text:0000047A
  66. .text:0000047A loc_47A: ; CODE XREF: _AhnHS_StartService()+7Dj
  67. .text:0000047A mov esp, ebp
  68. .text:0000047C pop ebp
  69. .text:0000047D retn
  70. .text:0000047D __AhnHS_StartService@0 endp
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!