API tools faq
paste
Advertisement
kolton

Untitled

kolton
Feb 1st, 2015
385
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.43 KB | None | 0 0
raw download clone embed print report
  1. CPU Disasm
  2. Address Hex dump Command Comments
  3. $+6B60 /$ 81EC D00A0000 SUB ESP,0AD0 ; D2Net.00486B60(guessed Arg1,Arg2)
  4. $+6B66 |. A1 24B44800 MOV EAX,DWORD PTR DS:[48B424]
  5. $+6B6B |. 53 PUSH EBX
  6. $+6B6C |. 55 PUSH EBP
  7. $+6B6D |. 56 PUSH ESI
  8. $+6B6E |. 33F6 XOR ESI,ESI
  9. $+6B70 |. 33ED XOR EBP,EBP
  10. $+6B72 |. 3BC6 CMP EAX,ESI
  11. $+6B74 |. 57 PUSH EDI
  12. $+6B75 |. 897424 10 MOV DWORD PTR SS:[ESP+10],ESI
  13. $+6B79 |.- 0F85 E4010000 JNE 00486D63
  14. $+6B7F |. 90 NOP
  15. $+6B80 |> A1 48B24800 MOV EAX,DWORD PTR DS:[48B248]
  16. $+6B85 |. 8D4C24 14 LEA ECX,[ESP+14]
  17. $+6B89 |. 51 PUSH ECX ; /Arg5
  18. $+6B8A |. 56 PUSH ESI ; |Arg4
  19. $+6B8B |. 56 PUSH ESI ; |Arg3
  20. $+6B8C |. 8D5424 28 LEA EDX,[ESP+28] ; |
  21. $+6B90 |. 52 PUSH EDX ; |Arg2
  22. $+6B91 |. 56 PUSH ESI ; |Arg1
  23. $+6B92 |. 894424 34 MOV DWORD PTR SS:[ESP+34],EAX ; |
  24. $+6B96 |. C74424 30 010 MOV DWORD PTR SS:[ESP+30],1 ; |
  25. $+6B9E |. 897424 28 MOV DWORD PTR SS:[ESP+28],ESI ; |
  26. $+6BA2 |. C74424 2C A08 MOV DWORD PTR SS:[ESP+2C],186A0 ; |
  27. $+6BAA |. E8 DFF1FFFF CALL <JMP.&WSOCK32.#18> ; \WS2_32.select
  28. $+6BAF |. 8BD8 MOV EBX,EAX
  29. $+6BB1 |. 3BDE CMP EBX,ESI
  30. $+6BB3 |.- 0F84 9E010000 JE 00486D57
  31. $+6BB9 |. 83FB FF CMP EBX,-1
  32. $+6BBC |.- 75 41 JNE SHORT 00486BFF
  33. $+6BBE |. E8 C5F1FFFF CALL <JMP.&WSOCK32.#111> ; [WS2_32.WSAGetLastError
  34. $+6BC3 |. A1 18B44800 MOV EAX,DWORD PTR DS:[48B418]
  35. $+6BC8 |. 83F8 01 CMP EAX,1
  36. $+6BCB |.- 0F84 86010000 JE 00486D57
  37. $+6BD1 |. 83F8 02 CMP EAX,2
  38. $+6BD4 |.- 0F84 7D010000 JE 00486D57
  39. $+6BDA |. BA 41000000 MOV EDX,41
  40. $+6BDF |. B9 00B44800 MOV ECX,OFFSET 0048B400
  41. $+6BE4 |. E8 83F2FFFF CALL <JMP.&Fog.#10050> ; Jump to Fog.#10050
  42. $+6BE9 |. 68 00B44800 PUSH OFFSET 0048B400 ; /pCriticalSection = 0048B400
  43. $+6BEE |. 8935 28B44800 MOV DWORD PTR DS:[48B428],ESI ; |
  44. $+6BF4 |. FF15 7C814800 CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.RtlLeaveCriticalSection
  45. $+6BFA |.- E9 58010000 JMP 00486D57
  46. $+6BFF |> 8B0D 48B24800 MOV ECX,DWORD PTR DS:[48B248]
  47. $+6C05 |. 8D4424 1C LEA EAX,[ESP+1C]
  48. $+6C09 |. 50 PUSH EAX ; /Arg2
  49. $+6C0A |. 51 PUSH ECX ; |Arg1
  50. $+6C0B |. E8 5AF1FFFF CALL <JMP.&WSOCK32.#151> ; \WS2_32.__WSAFDIsSet
  51. $+6C10 |. 85C0 TEST EAX,EAX
  52. $+6C12 |.- 0F84 3F010000 JZ 00486D57
  53. $+6C18 |. 3935 24B44800 CMP DWORD PTR DS:[48B424],ESI
  54. $+6C1E |.- 0F85 51010000 JNE 00486D75
  55. $+6C24 |. BA 8C010000 MOV EDX,18C
  56. $+6C29 |. B9 00B44800 MOV ECX,OFFSET 0048B400
  57. $+6C2E |. E8 39F2FFFF CALL <JMP.&Fog.#10050> ; Jump to Fog.#10050
  58. $+6C33 |. 397424 10 CMP DWORD PTR SS:[ESP+10],ESI
  59. $+6C37 |. 56 PUSH ESI ; /Arg4
  60. $+6C38 |. 68 B4050000 PUSH 5B4 ; |Arg3 = 5B4
  61. $+6C3D |.- 0F84 CB000000 JE 00486D0E ; |
  62. $+6C43 |. A1 48B24800 MOV EAX,DWORD PTR DS:[48B248] ; |
  63. $+6C48 |. 8D942C 280100 LEA EDX,[EBP+ESP+128] ; |
  64. $+6C4F |. 52 PUSH EDX ; ||Arg2
  65. $+6C50 |. 50 PUSH EAX ; ||Arg1
  66. $+6C51 |. E8 20F1FFFF CALL <JMP.&WSOCK32.#16> ; |\WSOCK32.recv
  67. $+6C56 |. 8BD8 MOV EBX,EAX ; |
  68. $+6C58 |. 3BDE CMP EBX,ESI ; |
  69. $+6C5A |.- 0F8E E1000000 JLE 00486D41 ; |
  70. $+6C60 |. 03EB ADD EBP,EBX ; |
  71. $+6C62 |. 33FF XOR EDI,EDI ; |
  72. $+6C64 |. 83FD 02 CMP EBP,2 ; |
  73. $+6C67 |.- 0F82 7E000000 JB 00486CEB ; |
  74. $+6C6D |. 8D49 00 LEA ECX,[ECX] ; |
  75. $+6C70 |> 8A843C 200100 /MOV AL,BYTE PTR SS:[EDI+ESP+120] ; |
  76. $+6C77 |. 3C F0 |CMP AL,0F0 ; |
  77. $+6C79 |.- 73 05 |JAE SHORT 00486C80 ; |
  78. $+6C7B |. 0FB6F0 |MOVZX ESI,AL ; |
  79. $+6C7E |.- EB 12 |JMP SHORT 00486C92 ; |
  80. $+6C80 |> 0FB68C3C 2101 |MOVZX ECX,BYTE PTR SS:[EDI+ESP+121] ; |
  81. $+6C88 |. 83E0 0F |AND EAX,0000000F ; |
  82. $+6C8B |. C1E0 08 |SHL EAX,8 ; |
  83. $+6C8E |. 03C1 |ADD EAX,ECX ; |
  84. $+6C90 |. 8BF0 |MOV ESI,EAX ; |
  85. $+6C92 |> 3BEE |CMP EBP,ESI ; |
  86. $+6C94 |.- 72 53 |JB SHORT 00486CE9 ; |
  87. $+6C96 |. 8B1D 44B24800 |MOV EBX,DWORD PTR DS:[48B244] ; |
  88. $+6C9C |. 8B8B B8070000 |MOV ECX,DWORD PTR DS:[EBX+7B8] ; |
  89. $+6CA2 |. 81FE F0000000 |CMP ESI,0F0 ; |
  90. $+6CA8 |. 1BC0 |SBB EAX,EAX ; |
  91. $+6CAA |. 83C0 02 |ADD EAX,2 ; |
  92. $+6CAD |. 8BD6 |MOV EDX,ESI ; |
  93. $+6CAF |. 2BD0 |SUB EDX,EAX ; |
  94. $+6CB1 |. 52 |PUSH EDX ; |/Arg2
  95. $+6CB2 |. 03C7 |ADD EAX,EDI ; ||
  96. $+6CB4 |. 8D8404 240100 |LEA EAX,[EAX+ESP+124] ; ||
  97. $+6CBB |. BA B8070000 |MOV EDX,7B8 ; ||
  98. $+6CC0 |. 2BD1 |SUB EDX,ECX ; ||
  99. $+6CC2 |. 50 |PUSH EAX ; ||Arg1
  100. $+6CC3 |. 03CB |ADD ECX,EBX ; ||
  101. $+6CC5 |. E8 C0F1FFFF |CALL <JMP.&Fog.#10224> ; |\Fog.#10224
  102. $+6CCA |. 8BD8 |MOV EBX,EAX ; |
  103. $+6CCC |. 2BEE |SUB EBP,ESI ; |
  104. $+6CCE |. 03FE |ADD EDI,ESI ; |
  105. $+6CD0 |. 85DB |TEST EBX,EBX ; |
  106. $+6CD2 |.- 7E 10 |JLE SHORT 00486CE4 ; |
  107. $+6CD4 |. A1 44B24800 |MOV EAX,DWORD PTR DS:[48B244] ; |
  108. $+6CD9 |. 0198 B8070000 |ADD DWORD PTR DS:[EAX+7B8],EBX ; |
  109. $+6CDF |. E8 FCF8FFFF |CALL 004865E0 ; |
  110. $+6CE4 |> 83FD 02 |CMP EBP,2 ; |
  111. $+6CE7 |.- 73 87 \JAE SHORT 00486C70 ; |
  112. $+6CE9 |> 33F6 XOR ESI,ESI ; |
  113. $+6CEB |> 3BEE CMP EBP,ESI ; |
  114. $+6CED |.- 74 52 JE SHORT 00486D41 ; |
  115. $+6CEF |. 3BFE CMP EDI,ESI ; |
  116. $+6CF1 |.- 74 4E JE SHORT 00486D41 ; |
  117. $+6CF3 |. 55 PUSH EBP ; |/Arg3
  118. $+6CF4 |. 8D8C3C 240100 LEA ECX,[EDI+ESP+124] ; ||
  119. $+6CFB |. 51 PUSH ECX ; ||Arg2
  120. $+6CFC |. 8D9424 280100 LEA EDX,[ESP+128] ; ||
  121. $+6D03 |. 52 PUSH EDX ; ||Arg1
  122. $+6D04 |. E8 B7A4FFFF CALL 004811C0 ; |\D2Net.004811C0
  123. $+6D09 |. 83C4 0C ADD ESP,0C ; |
  124. $+6D0C |.- EB 33 JMP SHORT 00486D41 ; |
  125. $+6D0E |> A1 44B24800 MOV EAX,DWORD PTR DS:[48B244] ; |
  126. $+6D13 |. 8B88 B8070000 MOV ECX,DWORD PTR DS:[EAX+7B8] ; |
  127. $+6D19 |. 8B15 48B24800 MOV EDX,DWORD PTR DS:[48B248] ; |
  128. $+6D1F |. 03C8 ADD ECX,EAX ; |
  129. $+6D21 |. 51 PUSH ECX ; |Arg2
  130. $+6D22 |. 52 PUSH EDX ; |Arg1
  131. $+6D23 |. E8 4EF0FFFF CALL <JMP.&WSOCK32.#16> ; \WSOCK32.recv
  132. $+6D28 |. 3BC6 CMP EAX,ESI
  133. $+6D2A |.- 7E 15 JLE SHORT 00486D41
  134. $+6D2C |. 8B0D 44B24800 MOV ECX,DWORD PTR DS:[48B244]
  135. $+6D32 |. 0181 B8070000 ADD DWORD PTR DS:[ECX+7B8],EAX
  136. $+6D38 |. E8 A3F8FFFF CALL 004865E0
  137. $+6D3D |. 894424 10 MOV DWORD PTR SS:[ESP+10],EAX
  138. $+6D41 |> 8B3D 7C814800 MOV EDI,DWORD PTR DS:[<&KERNEL32.LeaveCr
  139. $+6D47 |. 68 00B44800 PUSH OFFSET 0048B400 ; /pCriticalSection = 0048B400
  140. $+6D4C |. FFD7 CALL EDI ; \NTDLL.RtlLeaveCriticalSection
  141. $+6D4E |. 83FB FF CMP EBX,-1
  142. $+6D51 |.- 74 34 JE SHORT 00486D87
  143. $+6D53 |. 3BDE CMP EBX,ESI
  144. $+6D55 |.- 74 72 JE SHORT 00486DC9
  145. $+6D57 |> 3935 24B44800 CMP DWORD PTR DS:[48B424],ESI
  146. $+6D5D |.- 0F84 1DFEFFFF JE 00486B80
  147. $+6D63 |> 68 4C924800 PUSH OFFSET 0048924C ; /String = "Client thread close #2
  148. "
  149. $+6D68 |. FF15 6C814800 CALL DWORD PTR DS:[<&KERNEL32.OutputDebu ; \KERNEL32.OutputDebugStringA
  150. $+6D6E |. 56 PUSH ESI ; /Arg1
  151. $+6D6F |. FF15 78814800 CALL DWORD PTR DS:[<&KERNEL32.ExitThread ; \ntdll.RtlExitUserThread
  152. $+6D75 |> 68 34924800 PUSH OFFSET 00489234 ; /String = "Client thread close #3
  153. "
  154. $+6D7A |. FF15 6C814800 CALL DWORD PTR DS:[<&KERNEL32.OutputDebu ; \KERNEL32.OutputDebugStringA
  155. $+6D80 |. 56 PUSH ESI ; /Arg1
  156. $+6D81 |. FF15 78814800 CALL DWORD PTR DS:[<&KERNEL32.ExitThread ; \ntdll.RtlExitUserThread
  157. $+6D87 |> E8 FCEFFFFF CALL <JMP.&WSOCK32.#111> ; [WS2_32.WSAGetLastError
  158. $+6D8C |. A1 18B44800 MOV EAX,DWORD PTR DS:[48B418]
  159. $+6D91 |. 83F8 01 CMP EAX,1
  160. $+6D94 |.- 74 21 JE SHORT 00486DB7
  161. $+6D96 |. 83F8 02 CMP EAX,2
  162. $+6D99 |.- 74 1C JE SHORT 00486DB7
  163. $+6D9B |. BA 41000000 MOV EDX,41
  164. $+6DA0 |. B9 00B44800 MOV ECX,OFFSET 0048B400
  165. $+6DA5 |. E8 C2F0FFFF CALL <JMP.&Fog.#10050> ; Jump to Fog.#10050
  166. $+6DAA |. 68 00B44800 PUSH OFFSET 0048B400
  167. $+6DAF |. 8935 28B44800 MOV DWORD PTR DS:[48B428],ESI
  168. $+6DB5 |. FFD7 CALL EDI
  169. $+6DB7 |> 68 1C924800 PUSH OFFSET 0048921C ; /String = "Client thread close #5
  170. "
  171. $+6DBC |. FF15 6C814800 CALL DWORD PTR DS:[<&KERNEL32.OutputDebu ; \KERNEL32.OutputDebugStringA
  172. $+6DC2 |. 56 PUSH ESI ; /Arg1
  173. $+6DC3 |. FF15 78814800 CALL DWORD PTR DS:[<&KERNEL32.ExitThread ; \ntdll.RtlExitUserThread
  174. $+6DC9 |> A1 18B44800 MOV EAX,DWORD PTR DS:[48B418]
  175. $+6DCE |. 83F8 01 CMP EAX,1
  176. $+6DD1 |.- 74 25 JE SHORT 00486DF8
  177. $+6DD3 |. 83F8 02 CMP EAX,2
  178. $+6DD6 |.- 74 20 JE SHORT 00486DF8
  179. $+6DD8 |. BA 41000000 MOV EDX,41
  180. $+6DDD |. B9 00B44800 MOV ECX,OFFSET 0048B400
  181. $+6DE2 |. E8 85F0FFFF CALL <JMP.&Fog.#10050> ; Jump to Fog.#10050
  182. $+6DE7 |. 68 00B44800 PUSH OFFSET 0048B400 ; /pCriticalSection = 0048B400
  183. $+6DEC |. 8935 28B44800 MOV DWORD PTR DS:[48B428],ESI ; |
  184. $+6DF2 |. FF15 7C814800 CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti ; \NTDLL.RtlLeaveCriticalSection
  185. $+6DF8 |> 68 04924800 PUSH OFFSET 00489204 ; /String = "Client thread close #6
  186. "
  187. $+6DFD |. FF15 6C814800 CALL DWORD PTR DS:[<&KERNEL32.OutputDebu ; \KERNEL32.OutputDebugStringA
  188. $+6E03 |. 56 PUSH ESI ; /Arg1
  189. $+6E04 |. FF15 78814800 CALL DWORD PTR DS:[<&KERNEL32.ExitThread ; \ntdll.RtlExitUserThread
  190. $+6E0A |. CC INT3
  191. $+6E0B |. CC INT3
  192. $+6E0C |. CC INT3
  193. $+6E0D |. CC INT3
  194. $+6E0E |. CC INT3
  195. $+6E0F |. CC INT3
  196. $+6E10 |. 57 PUSH EDI
  197. $+6E11 |. 68 00B44800 PUSH OFFSET 0048B400 ; /Arg1 = D2Net.48B400
  198. $+6E16 |. C705 FCB34800 MOV DWORD PTR DS:[48B3FC],0 ; |
  199. $+6E20 |. C705 F4B34800 MOV DWORD PTR DS:[48B3F4],0 ; |
  200. $+6E2A |. FF15 80814800 CALL DWORD PTR DS:[<&KERNEL32.Initialize ; \ntdll.RtlInitializeCriticalSection
  201. $+6E30 |. 6A 00 PUSH 0 ; /Arg2 = 0
  202. $+6E32 |. 68 C2000000 PUSH 0C2 ; |Arg1 = 0C2
  203. $+6E37 |. BA 64924800 MOV EDX,OFFSET 00489264 ; |ASCII "..\Source\D2Net\SRC\Client.cpp"
  204. $+6E3C |. B9 BC070000 MOV ECX,7BC ; |
  205. $+6E41 |. E8 32F0FFFF CALL <JMP.&Fog.#10042> ; \Fog.#10042
  206. $+6E46 |. 8BF8 MOV EDI,EAX
  207. $+6E48 |. 33C0 XOR EAX,EAX
  208. $+6E4A |. 893D 44B24800 MOV DWORD PTR DS:[48B244],EDI
  209. $+6E50 |. B9 EF010000 MOV ECX,1EF
  210. $+6E55 |. F3:AB REP STOS DWORD PTR ES:[EDI]
  211. $+6E57 |. 8B4424 08 MOV EAX,DWORD PTR SS:[ESP+8]
  212. $+6E5B |. 83F8 01 CMP EAX,1
  213. $+6E5E |. A3 18B44800 MOV DWORD PTR DS:[48B418],EAX
  214. $+6E63 |. 5F POP EDI
  215. $+6E64 |.- 74 05 JE SHORT 00486E6B
  216. $+6E66 |. 83F8 02 CMP EAX,2
  217. $+6E69 |.- 75 22 JNE SHORT 00486E8D
  218. $+6E6B |> 6A 02 PUSH 2 ; /Arg4 = 2
  219. $+6E6D |. 8D4424 08 LEA EAX,[ESP+8] ; |
  220. $+6E71 |. 50 PUSH EAX ; |Arg3
  221. $+6E72 |. 6A 00 PUSH 0 ; |Arg2 = 0
  222. $+6E74 |. 6A 00 PUSH 0 ; |Arg1 = 0
  223. $+6E76 |. C64424 14 AF MOV BYTE PTR SS:[ESP+14],0AF ; |
  224. $+6E7B |. C64424 15 00 MOV BYTE PTR SS:[ESP+15],0 ; |
  225. $+6E80 |. E8 EB050000 CALL #10012 ; \D2Net.#10012
  226. $+6E85 |. B8 01000000 MOV EAX,1
  227. $+6E8A |. C2 0800 RETN 8
  228. $+6E8D |> 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8]
  229. $+6E91 |. 68 40B24800 PUSH OFFSET 0048B240 ; /pThreadId = D2Net.48B240 -> 0
  230. $+6E96 |. 6A 00 PUSH 0 ; |CreationFlags = 0
  231. $+6E98 |. 51 PUSH ECX ; |Parameter
  232. $+6E99 |. 68 B0684800 PUSH 004868B0 ; |StartAddress = D2Net.4868B0
  233. $+6E9E |. 6A 00 PUSH 0 ; |StackSize = 0
  234. $+6EA0 |. 6A 00 PUSH 0 ; |pSecurity = NULL
  235. $+6EA2 |. FF15 68814800 CALL DWORD PTR DS:[<&KERNEL32.CreateThre ; \KERNEL32.CreateThread
  236. $+6EA8 |. A3 F8B34800 MOV DWORD PTR DS:[48B3F8],EAX
  237. $+6EAD \. C2 0800 RETN 8
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!