API tools faq
paste
View difference between Paste ID: 7a1Bn6HH and EWP6XVwm
SHOW: | | - or go back to the newest paste.
1
#include <windows.h>
2-
2+
3
//-------------------------------------------------------------------------

4-
4+
5-
5+
6-
6+
7-
7+
8-
8+
9
// extern PBOOLEAN KdDebuggerEnabled;

10-
10+
11
extern int dword_12628; // weak

12-
12+
13-
13+
14-
14+
15
extern char a_text[6]; // weak

16-
16+
17
extern char asc_12678[2]; // weak

18-
18+
19
extern int dword_12684; // weak

20-
20+
21
extern int dword_1268C; // weak

22-
22+
23
extern _UNKNOWN unk_12694; // weak

24-
24+
25
extern _UNKNOWN unk_14380; // weak

26-
26+
27
extern char byte_14390; // weak

28-
28+
29
extern const WCHAR word_14395; // idb

30-
30+
31
extern const WCHAR word_14471; // idb

32-
32+
33
extern int dword_1453D; // weak

34-
34+
35
extern char byte_14614; // weak

36-
36+
37
extern char byte_14616; // weak

38-
38+
39
extern int dword_1461C; // weak

40-
40+
41
extern int dword_14624; // weak

42-
42+
43
extern RTL_GENERIC_TABLE Table; // idb

44-
44+
45
extern char byte_14658; // weak

46-
46+
47
extern int dword_14660; // weak

48-
48+
49
extern int dword_14668; // weak

50-
50+
51
extern int dword_1468C; // weak

52-
52+
53
extern int dword_14694; // weak

54-
54+
55
extern int dword_1469C; // weak

56-
56+
57
extern int dword_146A4; // weak

58-
58+
59
extern int dword_146AC; // weak

60-
60+
61
//-------------------------------------------------------------------------

62-
62+
63
#define __thiscall __cdecl // Test compile in C mode

64-
64+
65
void __stdcall DriverReinitializationRoutine(PDRIVER_OBJECT DriverObject, int a2, unsigned int a3);

66-
66+
67
int __stdcall sub_1048A(int a1);

68-
68+
69
// int __usercall sub_1056C<eax>(int a1<esi>);

70-
70+
71
// int __usercall sub_105E4<eax>(LSA_UNICODE_STRING *a1<ecx>, int a2<edi>, int a3<esi>);

72-
72+
73
// void __userpurge sub_1076E(int a1<ebx>, PVOID *a2);

74-
74+
75
int *__cdecl sub_107E8();

76-
76+
77
int __stdcall sub_108BE(const char *a1);

78-
78+
79
// signed int __usercall sub_109B0<eax>(int a1<edi>);

80-
80+
81
// int __usercall sub_10A8A<eax>(int a1<edi>, int *a2<esi>);

82-
82+
83
// int __usercall sub_10B36<eax>(int a1<esi>);

84-
84+
85
int __stdcall sub_10BA2(int, int); // weak

86-
86+
87
// int __userpurge sub_10BEC<eax>(int a1<ebp>, int a2, int a3);

88-
88+
89
signed int __stdcall sub_10CFE(int a1, int a2);

90-
90+
91
// int __usercall sub_10DA8<eax>(int a1<ecx>, int a2<edi>, int a3<esi>);

92-
92+
93
void __stdcall NotifyRoutine(int a1, HANDLE Handle, int a3);

94-
94+
95
RTL_GENERIC_TABLE *__cdecl sub_10FE6();

96-
96+
97
// signed int __usercall sub_11066<eax>(int a1<eax>, RTL_GENERIC_TABLE *a2<edi>);

98-
98+
99
bool __stdcall CompareRoutine(int a1, int a2, int a3);

100-
100+
101
void __stdcall FreeRoutine(int a1, PVOID P);

102-
102+
103
// int __userpurge sub_111B4<eax>(int a1<eax>, int a2<ebx>, int a3);

104-
104+
105
// PVOID __userpurge sub_113C2<eax>(int a1<edi>, int a2, int a3);

106-
106+
107
void __fastcall sub_114EC(int a1, int a2, int a3, int a4, int a5);

108-
108+
109
PVOID __stdcall sub_11578(int a1);

110-
110+
111
// signed int __userpurge sub_115CC<eax>(const void *a1<eax>, int a2<ebx>, int a3);

112-
112+
113
__int32 __stdcall sub_1174A(int a1, int a2);

114-
114+
115
// PVOID __usercall sub_1182C<eax>(ULONG a1<esi>);

116-
116+
117
signed int __stdcall sub_118E2(unsigned int a1, int a2);

118-
118+
119
// char __usercall sub_11A08<al>(int a1<edi>);

120-
120+
121
// const char *__usercall sub_11ABC<eax>(const char *result<eax>, int a2<ecx>);

122-
122+
123
int *__cdecl sub_11C14();

124-
124+
125
char __stdcall sub_11D46(int a1, unsigned int a2);

126-
126+
127-
127+
128-
128+
129
int __stdcall sub_11F42(int, int, HANDLE Handle); // idb

130-
130+
131
int __stdcall sub_12000(HANDLE Handle, PVOID ProcessInformation); // idb

132-
132+
133-
133+
134-
134+
135
int __cdecl sub_1210F(int a1, unsigned int a2);

136-
136+
137-
137+
138-
138+
139
bool __cdecl sub_122D0(int a1, unsigned int a2, int a3, int a4);

140-
140+
141
signed int __cdecl sub_1236B(int a1, int a2);

142-
142+
143
// void *__cdecl memcpy(void *, const void *, size_t);

144-
144+
145
// int _SEH_epilog(void); weak

146-
146+
147
int nullsub_2(); // weak

148-
148+
149
int nullsub_3(); // weak

150-
150+
151
// KIRQL __stdcall KeGetCurrentIrql();

152-
152+
153
// NTSTATUS __stdcall ZwReadFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key);

154-
154+
155
// NTSTATUS __stdcall ZwOpenFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG OpenOptions);

156-
156+
157
// BOOLEAN __stdcall PsGetVersion(PULONG MajorVersion, PULONG MinorVersion, PULONG BuildNumber, PUNICODE_STRING CSDVersion);

158-
158+
159
// NTSTATUS __stdcall PsSetLoadImageNotifyRoutine(PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine);

160-
160+
161
// void __fastcall IofCompleteRequest(PIRP Irp, CCHAR PriorityBoost);

162-
162+
163
// BOOLEAN __stdcall RtlDeleteElementGenericTable(PRTL_GENERIC_TABLE Table, PVOID Buffer);

164-
164+
165
// PVOID __stdcall RtlLookupElementGenericTable(PRTL_GENERIC_TABLE Table, PVOID Buffer);

166-
166+
167
// PVOID __stdcall RtlInsertElementGenericTable(PRTL_GENERIC_TABLE Table, PVOID Buffer, CLONG BufferSize, PBOOLEAN NewElement);

168-
168+
169
// NTSTATUS __stdcall ZwAllocateVirtualMemory(HANDLE ProcessHandle, PVOID *BaseAddress, ULONG ZeroBits, PULONG AllocationSize, ULONG AllocationType, ULONG Protect);

170-
170+
171
// void __stdcall IoRegisterDriverReinitialization(PDRIVER_OBJECT DriverObject, PDRIVER_REINITIALIZE DriverReinitializationRoutine, PVOID Context);

172-
172+
173
// void __stdcall KeInitializeMutex(PRKMUTEX Mutex, ULONG Level);

174-
174+
175
// NTSTATUS __stdcall KeWaitForSingleObject(PVOID Object, KWAIT_REASON WaitReason, KPROCESSOR_MODE WaitMode, BOOLEAN Alertable, PLARGE_INTEGER Timeout);

176-
176+
177
// NTSTATUS __stdcall ZwOpenKey(PHANDLE KeyHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes);

178-
178+
179
// int __stdcall KeStackAttachProcess(_DWORD, _DWORD); weak

180-
180+
181
// int __stdcall ObOpenObjectByPointer(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD); weak

182-
182+
183
// LONG_PTR __fastcall ObfDereferenceObject(PVOID Object);

184-
184+
185
signed int __cdecl sub_12A95(int a1);

186-
186+
187
int __thiscall sub_12D71(void *this);

188-
188+
189
// int __usercall sub_133BF<eax>(int a1<eax>, int a2, int a3);

190-
190+
191
// int __usercall sub_1356E<eax>(unsigned int *a1<eax>, int a2<ebx>, int a3<edi>, int a4, int a5, int a6);

192-
192+
193
signed int __cdecl sub_136F8(int a1, int a2, int a3);

194-
194+
195
bool __cdecl sub_138DB(int a1, unsigned int a2, int a3, int a4);

196-
196+
197
// signed int __usercall sub_13A4B<eax>(unsigned int a1<eax>, int a2, int a3, unsigned __int16 a4);

198-
198+
199
// int __usercall sub_13BF1<eax>(unsigned int a1<eax>, int a2<ecx>, int a3, int a4, int a5);

200-
200+
201
int __cdecl sub_13C92(int a1, char a2, int a3);

202-
202+
203
// signed int __usercall sub_13D8E<eax>(int a1<eax>, int a2, int a3, unsigned int a4, int (__cdecl *a5)(_DWORD, _DWORD, _DWORD));

204-
204+
205
char __cdecl sub_10300()

206-
206+
207
  LSA_UNICODE_STRING DestinationString; // [sp+8h] [bp-18h]@1

208-
208+
209
  HANDLE Handle; // [sp+14h] [bp-Ch]@2

210-
210+
211
  char v5; // [sp+1Fh] [bp-1h]@1

212-
212+
213
  v4 = 0;

214-
214+
215
  v5 = v4 == 0;

216-
216+
217
  {

218-
218+
219
    ZwClose(Handle);

220-
220+
221
  return v5;

222-
222+
223
//----- (0001034C) --------------------------------------------------------

224-
224+
225
{

226-
226+
227
  {

228-
228+
229
    {

230-
230+
231
      {

232-
232+
233
          sub_10A3A();

234-
234+
235
          IoRegisterDriverReinitialization(DriverObject, DriverReinitializationRoutine, 0);

236-
236+
237
    }

238-
238+
239
}

240-
240+
241
NTSTATUS __stdcall DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)

242-
242+
243
  signed int v2; // eax@2

244-
244+
245
  unsigned int i; // [sp+14h] [bp-1Ch]@3

246-
246+
247
  ms_exc.disabled = 0;

248-
248+
249
  dword_1461C = (int)ExAllocatePool(0, 0x200u);

250-
250+
251
  {

252-
252+
253
    for ( i = (unsigned int)&unk_14380; i < (unsigned int)&unk_14384; i += 4 )

254-
254+
255
      if ( *(_DWORD *)i )

256-
256+
257
    }

258-
258+
259
  }

260-
260+
261
  {

262-
262+
263
  }

264-
264+
265
  {

266-
266+
267
    {

268-
268+
269
      if ( !IoCreateDevice(DriverObject, 0, &DestinationString, 0x22u, 0x100u, 0, (PDEVICE_OBJECT *)&RegistryPath) )

270-
270+
271
        DriverObject->MajorFunction[0] = (PDRIVER_DISPATCH)sub_10BA2;

272-
272+
273
        DriverObject->MajorFunction[14] = (PDRIVER_DISPATCH)sub_10BA2;

274-
274+
275
        IoRegisterDriverReinitialization(DriverObject, (PDRIVER_REINITIALIZE)DriverReinitializationRoutine, 0);

276-
276+
277
    }

278-
278+
279
  return 0;

280-
280+
281
// 10BA2: using guessed type int __stdcall sub_10BA2(int, int);

282-
282+
283
// 14624: using guessed type int dword_14624;

284-
284+
285
//----- (0001048A) --------------------------------------------------------

286-
286+
287
{

288-
288+
289
  int result; // eax@7

290-
290+
291
  int v4; // [sp+Ch] [bp-128h]@6

292-
292+
293
  int v6; // [sp+130h] [bp-4h]@3

294-
294+
295
  if ( !KeGetCurrentIrql() )

296-
296+
297
    sub_1056C((int)&v6);

298-
298+
299
      return 0;

300-
300+
301
    if ( sub_10886(2) )

302-
302+
303
      memset(&v4, 255, 0x11Cu);

304-
304+
305
      if ( !*(_DWORD *)v1 )

306-
306+
307
      result = (*(int (__stdcall **)(int *))v1)(&v4);

308-
308+
309
        return result;

310-
310+
311
        return *(_DWORD *)(v1 + 4) != 0 ? 0xC0000001 : 0;

312-
312+
313
    v3 = *(int (**)(void))(v1 + 4);

314-
314+
315
    {

316-
316+
317
        *(_BYTE *)a1 = 0;

318-
318+
319
    }

320-
320+
321
  }

322-
322+
323
  return 0;

324-
324+
325
//----- (00010542) --------------------------------------------------------

326-
326+
327
{

328-
328+
329
  char v1; // [sp+7h] [bp-1h]@1

330-
330+
331
  result = sub_1048A((int)&v1);

332-
332+
333
    result = (v1 != 0 ? 0x3FFFFFFF : 0) - 1073741823;

334-
334+
335
}

336-
336+
337
int __usercall sub_1056C<eax>(int a1<esi>)

338-
338+
339
  int v1; // ecx@2

340-
340+
341
  if ( !(dword_146A4 & 1) )

342-
342+
343
    dword_146A4 |= 1u;

344-
344+
345
    sub_107A2(v1, (int)nullsub_1);

346-
346+
347
  byte_14614 = 0;

348-
348+
349
  return a1;

350-
350+
351
// 124FA: using guessed type int nullsub_1();

352-
352+
353
// 14694: using guessed type int dword_14694;

354-
354+
355
//----- (000105A0) --------------------------------------------------------

356-
356+
357
{

358-
358+
359
  char v5; // zf@1

360-
360+
361
  v5 = *(_DWORD *)a1 == 0;

362-
362+
363
  *(_DWORD *)(a3 + 4) = a2;

364-
364+
365
  *(_DWORD *)(a3 + 12) = a2;

366-
366+
367
  {

368-
368+
369
    {

370-
370+
371
        memcpy(*(void **)a3, a4, a2);

372-
372+
373
    else

374-
374+
375
      *(_DWORD *)a1 = -1073741823;

376-
376+
377
  }

378-
378+
379
}

380-
380+
381
int __usercall sub_105E4<eax>(LSA_UNICODE_STRING *a1<ecx>, int a2<edi>, int a3<esi>)

382-
382+
383
  char v3; // zf@1

384-
384+
385
  OBJECT_ATTRIBUTES ObjectAttributes; // [sp+8h] [bp-20h]@2

386-
386+
387
  v3 = *(_DWORD *)a2 == 0;

388-
388+
389
  *(_DWORD *)(a3 + 4) = 0;

390-
390+
391
  {

392-
392+
393
    ObjectAttributes.Length = 24;

394-
394+
395
    ObjectAttributes.Attributes = 576;

396-
396+
397
    ObjectAttributes.SecurityQualityOfService = 0;

398-
398+
399
    *(_DWORD *)a2 = v4;

400-
400+
401
  }

402-
402+
403
}

404-
404+
405
ULONG __thiscall sub_10638(LSA_UNICODE_STRING *this, ULONG a2, int a3)

406-
406+
407
  char v3; // bl@1

408-
408+
409
  HANDLE v5; // ecx@6

410-
410+
411
  ULONG v7; // esi@6

412-
412+
413
  int v9; // eax@17

414-
414+
415
  void **v11; // eax@21

416-
416+
417
  char FileInformation; // [sp+10h] [bp-28h]@7

418-
418+
419-
419+
420-
420+
421-
421+
422-
422+
423
  v3 = 0;

424-
424+
425
  sub_105E4(this, (int)&IoStatusBlock.Information, (int)&Length);

426-
426+
427
    goto LABEL_2;

428-
428+
429
  {

430-
430+
431
    v6 = v14;

432-
432+
433
    v7 = v8;

434-
434+
435
  else

436-
436+
437
    v5 = Handle;

438-
438+
439-
439+
440-
440+
441
  IoStatusBlock.Information = v7;

442-
442+
443
    goto LABEL_9;

444-
444+
445
    goto LABEL_31;

446-
446+
447
  if ( v9 )

448-
448+
449
  else

450-
450+
451
  sub_1076E(a3, (PVOID *)v10);

452-
452+
453
  if ( IoStatusBlock.Information )

454-
454+
455
LABEL_2:

456-
456+
457
    {

458-
458+
459
      ZwClose(Handle);

460-
460+
461
    return IoStatusBlock.Information;

462-
462+
463-
463+
464-
464+
465
    goto LABEL_31;

466-
466+
467
  if ( !(_BYTE)Length )

468-
468+
469
  v7 = ZwReadFile(Handle, 0, 0, 0, &IoStatusBlock, v12, v6, 0, 0);

470-
470+
471
  {

472-
472+
473
    if ( (_BYTE)Length != v3 )

474-
474+
475
      LOBYTE(Length) = v3;

476-
476+
477
    }

478-
478+
479
  }

480-
480+
481
  {

482-
482+
483
    if ( (_BYTE)Length != v3 )

484-
484+
485
      LOBYTE(Length) = v3;

486-
486+
487
    }

488-
488+
489
  }

490-
490+
491
  {

492-
492+
493
    {

494-
494+
495
      ZwClose(Handle);

496-
496+
497
    result = 0;

498-
498+
499-
499+
500-
500+
501
//----- (0001076E) --------------------------------------------------------

502-
502+
503
{

504-
504+
505
  v2 = *(PVOID **)(a1 + 4);

506-
506+
507
  {

508-
508+
509
    {

510-
510+
511
        ExFreePoolWithTag(*v2, 0);

512-
512+
513
    }

514-
514+
515-
515+
516-
516+
517
//----- (000107A2) --------------------------------------------------------

518-
518+
519
{

520-
520+
521
  if ( !byte_14628 )

522-
522+
523
  if ( !dword_1461C )

524-
524+
525
  if ( dword_14624 <= dword_14620 )

526-
526+
527
  _ECX = &dword_14620;

528-
528+
529
  __asm { lock xadd [ecx], eax }

530-
530+
531
  {

532-
532+
533
    result = 0;

534-
534+
535
  else

536-
536+
537
LABEL_9:

538-
538+
539
  }

540-
540+
541
}

542-
542+
543
// 14620: using guessed type int dword_14620;

544-
544+
545
// 14628: using guessed type char byte_14628;

546-
546+
547
int *__cdecl sub_107E8()

548-
548+
549
  int v0; // eax@2

550-
550+
551
  dword_14694 = 0;

552-
552+
553
  dword_1469C = 0;

554-
554+
555
  if ( !sub_10886(0) )

556-
556+
557
    v0 = sub_1098E();

558-
558+
559
    {

560-
560+
561
      {

562-
562+
563
        dword_14698 = sub_1236B((int)&v2, -1332885072);

564-
564+
565
        dword_146A0 = sub_1236B((int)&v2, 1516803388);

566-
566+
567
    }

568-
568+
569
  return &dword_14694;

570-
570+
571
// 14694: using guessed type int dword_14694;

572-
572+
573
// 1469C: using guessed type int dword_1469C;

574-
574+
575
//----- (00010886) --------------------------------------------------------

576-
576+
577
{

578-
578+
579
  ULONG MajorVersion; // [sp+4h] [bp-4h]@1

580-
580+
581
  MinorVersion = 0;

582-
582+
583
  return MajorVersion == 5 && a1 == MinorVersion;

584-
584+
585
//----- (000108BE) --------------------------------------------------------

586-
586+
587
{

588-
588+
589
  PVOID v2; // esi@6

590-
590+
591
  PVOID v5; // [sp-8h] [bp-3Ch]@5

592-
592+
593-
593+
594-
594+
595
  char *v9; // [sp+24h] [bp-10h]@3

596-
596+
597
  ULONG SystemInformationLength; // [sp+2Ch] [bp-8h]@1

598-
598+
599
  SystemInformation = 0;

600-
600+
601
    || !SystemInformationLength )

602-
602+
603
  v9 = 0;

604-
604+
605
  v1 = 0;

606-
606+
607
  {

608-
608+
609
    {

610-
610+
611
      v5 = P;

612-
612+
613-
613+
614-
614+
615
    return 0;

616-
616+
617
  v2 = P;

618-
618+
619
  {

620-
620+
621
      return 0;

622-
622+
623
    v6 = v1;

624-
624+
625
    goto LABEL_9;

626-
626+
627
  if ( *(_DWORD *)v2 <= 0u )

628-
628+
629
  v10 = 0;

630-
630+
631
  while ( stricmp((const char *)v2 + v10 + *(_WORD *)v9 + 32, a1) )

632-
632+
633
    v10 += 284;

634-
634+
635
    ++v1;

636-
636+
637
    {

638-
638+
639
      goto LABEL_8;

640-
640+
641
  }

642-
642+
643
  ExFreePoolWithTag(v2, 0);

644-
644+
645
}

646-
646+
647
int __cdecl sub_1098E()

648-
648+
649
  int result; // eax@1

650-
650+
651
  if ( !result )

652-
652+
653
  return result;

654-
654+
655
//----- (000109B0) --------------------------------------------------------

656-
656+
657
{

658-
658+
659
  if ( byte_14390 )

660-
660+
661
    sub_11EC6(0, (int)&dword_14391, 0x278u);

662-
662+
663
  }

664-
664+
665
  {

666-
666+
667
    {

668-
668+
669
      memcpy((void *)&word_14395, *(const void **)(a1 + 4), *(_WORD *)a1);

670-
670+
671
  }

672-
672+
673
    result = -1073741823;

674-
674+
675
    result = 0;

676-
676+
677-
677+
678-
678+
679
// 14390: using guessed type char byte_14390;

680-
680+
681
//----- (00010A3A) --------------------------------------------------------

682-
682+
683
{

684-
684+
685
  char v1; // [sp+8h] [bp-8h]@1

686-
686+
687
  v2 = 0;

688-
688+
689-
689+
690-
690+
691
  {

692-
692+
693
    result = sub_10C22(v2);

694-
694+
695
    {

696-
696+
697-
697+
698-
698+
699
    }

700-
700+
701
  return result;

702-
702+
703
//----- (00010A8A) --------------------------------------------------------

704-
704+
705-
705+
706-
706+
707
  int v3; // ecx@4

708-
708+
709
  if ( !(dword_146B0 & 1) )

710-
710+
711
    v2 = *a2;

712-
712+
713
    dword_146AC = v2;

714-
714+
715-
715+
716-
716+
717
    dword_146B0 |= 2u;

718-
718+
719
    sub_107A2(v3, (int)nullsub_3);

720-
720+
721
  if ( dword_146AC )

722-
722+
723
  else

724-
724+
725
  byte_14615 = 0;

726-
726+
727
}

728-
728+
729
// 14615: using guessed type char byte_14615;

730-
730+
731
// 146AC: using guessed type int dword_146AC;

732-
732+
733
//----- (00010AE2) --------------------------------------------------------

734-
734+
735
{

736-
736+
737
  *(_DWORD *)a1 = 0;

738-
738+
739
  {

740-
740+
741
    dword_14690 |= 1u;

742-
742+
743
    memset(&Mutex, 0, sizeof(Mutex));

744-
744+
745
    sub_107A2(v1, (int)sub_124FE);

746-
746+
747-
747+
748-
748+
749
  return a1;

750-
750+
751
// 124FE: using guessed type int sub_124FE();

752-
752+
753
// 14664: using guessed type char byte_14664;

754-
754+
755
// 14690: using guessed type int dword_14690;

756-
756+
757
int __usercall sub_10B36<eax>(int a1<esi>)

758-
758+
759-
759+
760-
760+
761
  if ( !(dword_1468C & 1) )

762-
762+
763
    dword_1468C |= 1u;

764-
764+
765
    sub_107A2(v1, (int)nullsub_2);

766-
766+
767
  byte_14617 = 0;

768-
768+
769
  return a1;

770-
770+
771
// 124FC: using guessed type int nullsub_2();

772-
772+
773
// 1468C: using guessed type int dword_1468C;

774-
774+
775
int __thiscall sub_10B68(int this)

776-
776+
777
  int result; // eax@3

778-
778+
779
  v2 = this;

780-
780+
781
  {

782-
782+
783
  }

784-
784+
785
  {

786-
786+
787
    {

788-
788+
789
      result = sub_10C22(v2);

790-
790+
791
    else

792-
792+
793
      result = -1073741822;

794-
794+
795
  }

796-
796+
797
}

798-
798+
799
signed int __cdecl sub_10BE8()

800-
800+
801-
801+
802-
802+
803
//----- (00010BEC) --------------------------------------------------------

804-
804+
805
{

806-
806+
807
  int v4; // esi@1

808-
808+
809
  v4 = *(_DWORD *)(a1 + 12);

810-
810+
811
  if ( v3 != 259 )

812-
812+
813
    if ( v3 )

814-
814+
815
    *(_DWORD *)(v4 + 24) = v3;

816-
816+
817-
817+
818-
818+
819
}

820-
820+
821
//----- (00010C22) --------------------------------------------------------

822-
822+
823
{

824-
824+
825
  int v2; // eax@3

826-
826+
827
  int v4; // ecx@3

828-
828+
829
  int v7; // edi@9

830-
830+
831
  ULONG v9; // [sp+14h] [bp-1Ch]@1

832-
832+
833
  LSA_UNICODE_STRING DestinationString; // [sp+20h] [bp-10h]@1

834-
834+
835
  v1 = a1;

836-
836+
837
  RtlInitUnicodeString(&ValueName, &word_1445D);

838-
838+
839
  KeWaitForSingleObject((PVOID)(v1 + 8), 0, 0, 0, 0);

840-
840+
841
  if ( v9 )

842-
842+
843
    RtlInitUnicodeString((PUNICODE_STRING)&v12, &word_14471);

844-
844+
845
    if ( v9 )

846-
846+
847
LABEL_6:

848-
848+
849
      goto LABEL_7;

850-
850+
851
  }

852-
852+
853-
853+
854-
854+
855
  if ( sub_11D46(v4, v3) )

856-
856+
857
    KeReleaseMutex(v8, 0);

858-
858+
859
  }

860-
860+
861
  if ( !v9 )

862-
862+
863
    v7 = *(_DWORD *)(v1 + 4);

864-
864+
865
    {

866-
866+
867
      goto LABEL_7;

868-
868+
869
    goto LABEL_6;

870-
870+
871
LABEL_7:

872-
872+
873
  return v6;

874-
874+
875
// 14539: using guessed type int dword_14539;

876-
876+
877
//----- (00010CFE) --------------------------------------------------------

878-
878+
879
{

880-
880+
881
  int v3; // edi@1

882-
882+
883
  int v5; // eax@2

884-
884+
885
  int v8; // [sp+10h] [bp-4h]@1

886-
886+
887
  v4 = 0;

888-
888+
889
  KeWaitForSingleObject((PVOID)(a1 + 8), 0, 0, 0, 0);

890-
890+
891
  if ( v2 )

892-
892+
893-
893+
894-
894+
895
    v4 = 0;

896-
896+
897
  else

898-
898+
899
    v5 = 0;

900-
900+
901
  sub_1076E(a2, (PVOID *)v5);

902-
902+
903
  {

904-
904+
905
      v6 = -1073741823;

906-
906+
907
      v6 = 0;

908-
908+
909
  else

910-
910+
911
    v6 = v8;

912-
912+
913
  KeReleaseMutex((PRKMUTEX)(a1 + 8), v4);

914-
914+
915
}

916-
916+
917
void __usercall sub_10D7E(int a1<eax>)

918-
918+
919
  PVOID *v1; // edi@2

920-
920+
921
  {

922-
922+
923
    *(_BYTE *)a1 = 0;

924-
924+
925
    {

926-
926+
927
        ExFreePoolWithTag(*v1, 0);

928-
928+
929
    }

930-
930+
931
}

932-
932+
933
int __usercall sub_10DA8<eax>(int a1<ecx>, int a2<edi>, int a3<esi>)

934-
934+
935
  int v4; // eax@1

936-
936+
937
  v5 = a1;

938-
938+
939
  *(_DWORD *)a2 = *(_DWORD *)(a3 + 8) + *(_DWORD *)a3;

940-
940+
941
  *(_DWORD *)(a2 + 4) = v5;

942-
942+
943
  return a3;

944-
944+
945
//----- (00010DCC) --------------------------------------------------------

946-
946+
947
{

948-
948+
949
  int v4; // esi@9

950-
950+
951
  int v6; // ecx@12

952-
952+
953
  int i; // [sp+10h] [bp-50h]@4

954-
954+
955
  RTL_GENERIC_TABLE *v10; // [sp+18h] [bp-48h]@8

956-
956+
957
  int v12; // [sp+20h] [bp-40h]@9

958-
958+
959
  int v14; // [sp+28h] [bp-38h]@8

960-
960+
961
  int v16; // [sp+30h] [bp-30h]@9

962-
962+
963
  int v18; // [sp+38h] [bp-28h]@11

964-
964+
965
  char v20; // [sp+40h] [bp-20h]@7

966-
966+
967
  char v22; // [sp+4Ch] [bp-14h]@14

968-
968+
969
  unsigned int v24; // [sp+58h] [bp-8h]@9

970-
970+
971
  if ( sub_117A8(L"KERNEL32.DLL", a1) )

972-
972+
973
    sub_1174A((int)Handle, a3);

974-
974+
975
  else

976-
976+
977
    if ( !sub_10542() )

978-
978+
979
      i = 0;

980-
980+
981
      if ( !i )

982-
982+
983
        if ( v19 == *(_DWORD *)(a3 + 4) )

984-
984+
985
          if ( !(dword_14391 & 4) || !v20 )

986-
986+
987
            sub_10B36((int)&v10);

988-
988+
989
            v13 = 1;

990-
990+
991
            sub_10AE2((int)&v11);

992-
992+
993
            {

994-
994+
995
              v24 = *(_DWORD *)(v14 + 4);

996-
996+
997
              v25 = 0;

998-
998+
999
              v16 = 0;

1000-
1000+
1001
              sub_10DA8(v3, (int)&v15, (int)&v23);

1002-
1002+
1003
              v4 = v25;

1004-
1004+
1005
              {

1006-
1006+
1007
                {

1008-
1008+
1009
                  v17 = 0;

1010-
1010+
1011
                  for ( i = 0; i < v9; ++i )

1012-
1012+
1013
                    v5 = v4 + v23;

1014-
1014+
1015
                    v12 = v4 + v23;

1016-
1016+
1017
                    sub_10DA8(v6, (int)&v17, (int)&v23);

1018-
1018+
1019
                    if ( v25 > v24 )

1020-
1020+
1021
                    if ( sub_117A8(v21, a1) )

1022-
1022+
1023
                      v7 = sub_111B4((int)&v15, (int)&v22, *(_DWORD *)(v5 + 12));

1024-
1024+
1025
                    }

1026-
1026+
1027
                }

1028-
1028+
1029
            }

1030-
1030+
1031
          }

1032-
1032+
1033
      }

1034-
1034+
1035
  }

1036-
1036+
1037
// 124E0: using guessed type wchar_t aKernel32_dll[13];

1038-
1038+
1039
//----- (00010F80) --------------------------------------------------------

1040-
1040+
1041
{

1042-
1042+
1043
  {

1044-
1044+
1045
      sub_10DCC(a1, Handle, a3);

1046-
1046+
1047
}

1048-
1048+
1049
int __userpurge sub_10FC4<eax>(int result<eax>, int a2)

1050-
1050+
1051-
1051+
1052-
1052+
1053
  if ( (unsigned int)(v2 + 4) <= *(_DWORD *)(result + 4) )

1054-
1054+
1055
  *(_DWORD *)(result + 8) = v2 + 4;

1056-
1056+
1057
}

1058-
1058+
1059
RTL_GENERIC_TABLE *__cdecl sub_10FE6()

1060-
1060+
1061-
1061+
1062-
1062+
1063
  dword_14654 = 0;

1064-
1064+
1065
  dword_14660 = 0;

1066-
1066+
1067
    &Table,

1068-
1068+
1069
    (PRTL_GENERIC_ALLOCATE_ROUTINE)AllocateRoutine,

1070-
1070+
1071
    0);

1072-
1072+
1073
}

1074-
1074+
1075
// 14658: using guessed type char byte_14658;

1076-
1076+
1077
// 14660: using guessed type int dword_14660;

1078-
1078+
1079
PVOID __usercall sub_11028<eax>(int a1<eax>, RTL_GENERIC_TABLE *a2<edi>)

1080-
1080+
1081
  PKSPIN_LOCK v2; // ecx@1

1082-
1082+
1083
  PVOID v4; // eax@1

1084-
1084+
1085
  KIRQL v6; // dl@2

1086-
1086+
1087-
1087+
1088-
1088+
1089
  sub_1118A((int)&SpinLock, (int)&a2[1]);

1090-
1090+
1091
  v2 = SpinLock;

1092-
1092+
1093
  --v2[3];

1094-
1094+
1095
  if ( v5 )

1096-
1096+
1097-
1097+
1098-
1098+
1099
    KfReleaseSpinLock(v2, v6);

1100-
1100+
1101
  return v3;

1102-
1102+
1103
//----- (00011066) --------------------------------------------------------

1104-
1104+
1105
{

1106-
1106+
1107
  BOOLEAN v3; // al@1

1108-
1108+
1109
  KIRQL v5; // dl@3

1110-
1110+
1111
  char v7; // zf@5

1112-
1112+
1113
  int Buffer; // [sp+8h] [bp-18h]@1

1114-
1114+
1115
  Buffer = a1;

1116-
1116+
1117
  v3 = RtlDeleteElementGenericTable(a2, &Buffer);

1118-
1118+
1119
  if ( v3 )

1120-
1120+
1121
    v7 = *(_DWORD *)(v10 + 12)-- == 1;

1122-
1122+
1123
    {

1124-
1124+
1125
      *(_DWORD *)(v2 + 8) = 0;

1126-
1126+
1127
    }

1128-
1128+
1129
  }

1130-
1130+
1131
  {

1132-
1132+
1133
    if ( v4 )

1134-
1134+
1135
      v5 = *(_BYTE *)(v2 + 4);

1136-
1136+
1137
      KfReleaseSpinLock((PKSPIN_LOCK)v2, v5);

1138-
1138+
1139
    result = -1073741823;

1140-
1140+
1141
  return result;

1142-
1142+
1143
//----- (000110C0) --------------------------------------------------------

1144-
1144+
1145
{

1146-
1146+
1147
  PKSPIN_LOCK v3; // ecx@3

1148-
1148+
1149-
1149+
1150-
1150+
1151
  char v8; // zf@10

1152-
1152+
1153
  PKSPIN_LOCK SpinLock; // [sp+Ch] [bp-4h]@1

1154-
1154+
1155
  sub_1118A((int)&SpinLock, (int)&a1[1]);

1156-
1156+
1157
  {

1158-
1158+
1159
    v4 = SpinLock[3] == 1;

1160-
1160+
1161-
1161+
1162-
1162+
1163
    v3[2] = 0;

1164-
1164+
1165
    KfReleaseSpinLock(v3, *((_BYTE *)v3 + 4));

1166-
1166+
1167
  }

1168-
1168+
1169
  v3 = SpinLock;

1170-
1170+
1171
  {

1172-
1172+
1173
    if ( !v7 )

1174-
1174+
1175
    v3[2] = 0;

1176-
1176+
1177
  }

1178-
1178+
1179
  if ( v8 )

1180-
1180+
1181
    v9 = *((_BYTE *)v3 + 4);

1182-
1182+
1183
    KfReleaseSpinLock(v3, v9);

1184-
1184+
1185
  return 0;

1186-
1186+
1187
//----- (00011142) --------------------------------------------------------

1188-
1188+
1189
{

1190-
1190+
1191
  if ( *(_DWORD *)a2 == *(_DWORD *)a3 )

1192-
1192+
1193
  else

1194-
1194+
1195
  return result;

1196-
1196+
1197
//----- (00011160) --------------------------------------------------------

1198-
1198+
1199
{

1200-
1200+
1201
}

1202-
1202+
1203
void __stdcall FreeRoutine(int a1, PVOID P)

1204-
1204+
1205
  if ( P )

1206-
1206+
1207
}

1208-
1208+
1209
int __usercall sub_1118A<eax>(int a1<ebx>, int a2<esi>)

1210-
1210+
1211-
1211+
1212-
1212+
1213
  *(_DWORD *)a1 = a2;

1214-
1214+
1215
  if ( v2 != *(PKTHREAD *)(a2 + 8) )

1216-
1216+
1217
    v3 = KfAcquireSpinLock((PKSPIN_LOCK)a2);

1218-
1218+
1219
    *(_BYTE *)(a2 + 4) = v3;

1220-
1220+
1221
  }

1222-
1222+
1223-
1223+
1224-
1224+
1225
//----- (000111B4) --------------------------------------------------------

1226-
1226+
1227
{

1228-
1228+
1229
  int v4; // ecx@2

1230-
1230+
1231
  int v7; // [sp+8h] [bp-24h]@2

1232-
1232+
1233
  unsigned int v9; // [sp+10h] [bp-1Ch]@2

1234-
1234+
1235-
1235+
1236-
1236+
1237
  unsigned int v13; // [sp+20h] [bp-Ch]@2

1238-
1238+
1239
  v3 = 0;

1240-
1240+
1241
    && (v4 = *(_DWORD *)a1,

1242-
1242+
1243
        v7 = v4,

1244-
1244+
1245
        v10 = 0,

1246-
1246+
1247
        sub_10FC4((int)&v7, (int)&v13),

1248-
1248+
1249
    && (v14 = 0, v13 > 0) )

1250-
1250+
1251
    while ( 1 )

1252-
1252+
1253
      sub_10FC4((int)&v7, (int)&v12);

1254-
1254+
1255
      if ( v9 > v8 )

1256-
1256+
1257
LABEL_7:

1258-
1258+
1259
        goto LABEL_8;

1260-
1260+
1261
      if ( a3 == v12 )

1262-
1262+
1263-
1263+
1264-
1264+
1265
        goto LABEL_7;

1266-
1266+
1267
    *(_DWORD *)a2 = v10;

1268-
1268+
1269
  }

1270-
1270+
1271
  {

1272-
1272+
1273
    *(_DWORD *)a2 = v3;

1274-
1274+
1275
  }

1276-
1276+
1277
}

1278-
1278+
1279
signed int __userpurge sub_11242<eax>(int a1<eax>, int a2, int a3)

1280-
1280+
1281
  signed int result; // eax@1

1282-
1282+
1283
  PVOID v5; // edi@2

1284-
1284+
1285
  int v7; // ebx@4

1286-
1286+
1287
  void *v9; // ST08_4@4

1288-
1288+
1289
  char v11; // [sp+10h] [bp-38h]@1

1290-
1290+
1291
  int v13; // [sp+1Ch] [bp-2Ch]@4

1292-
1292+
1293
  int v15; // [sp+34h] [bp-14h]@7

1294-
1294+
1295
  int v17; // [sp+3Ch] [bp-Ch]@8

1296-
1296+
1297
  int v19; // [sp+44h] [bp-4h]@6

1298-
1298+
1299
  if ( !result )

1300-
1300+
1301
    v4 = sub_1182C(dword_12680 + 4981);

1302-
1302+
1303
    if ( v4

1304-
1304+
1305
          memcpy(v4, &unk_12EB8, 0x1375u),

1306-
1306+
1307
          *(_WORD *)v7 = 23117,

1308-
1308+
1309
          *(_WORD *)(dword_12690 + v7) = 267,

1310-
1310+
1311
          *(_DWORD *)(a3 + 4) = v7 + dword_12688,

1312-
1312+
1313
          *(_DWORD *)(*(_DWORD *)(a3 + 4) + 88) = v5,

1314-
1314+
1315
          *(_DWORD *)(*(_DWORD *)(a3 + 4) + 104) = dword_12680,

1316-
1316+
1317
          v8 = v18,

1318-
1318+
1319
      && v12 + *(_DWORD *)(v6 + 8) + *(_DWORD *)(v6 + 12) >= v8 + 12 )

1320-
1320+
1321
      result = sub_118E2(v8, (int)&v11);

1322-
1322+
1323
      if ( !result )

1324-
1324+
1325
        sub_10A8A((int)&v15, &v19);

1326-
1326+
1327
        if ( !v19 )

1328-
1328+
1329
          v16 = v18;

1330-
1330+
1331
          result = (*(int (__stdcall **)(signed int, unsigned int *, int *, signed int, int *))v15)(

1332-
1332+
1333
                     &v16,

1334-
1334+
1335
                     128,

1336-
1336+
1337
          if ( !result )

1338-
1338+
1339
            result = sub_11864((HANDLE *)(*(_DWORD *)(a3 + 4) + 144));

1340-
1340+
1341
            {

1342-
1342+
1343
              *(_DWORD *)a3 = a2;

1344-
1344+
1345
              *(_DWORD *)(a3 + 12) = v18;

1346-
1346+
1347
              result = 0;

1348-
1348+
1349
          }

1350-
1350+
1351
      }

1352-
1352+
1353
    else

1354-
1354+
1355
      result = -1073741823;

1356-
1356+
1357
  }

1358-
1358+
1359
}

1360-
1360+
1361-
1361+
1362-
1362+
1363
// 12690: using guessed type int dword_12690;

1364-
1364+
1365
PVOID __userpurge sub_113C2<eax>(int a1<edi>, int a2, int a3)

1366-
1366+
1367
  PVOID result; // eax@1

1368-
1368+
1369
  int v5; // ebx@2

1370-
1370+
1371-
1371+
1372-
1372+
1373
  {

1374-
1374+
1375
    memcpy((char *)result + 40, *(const void **)a1, *(_DWORD *)(a1 + 4));

1376-
1376+
1377
    *((_DWORD *)v4 + 4) = *(_DWORD *)(a1 + 4);

1378-
1378+
1379
    *((_BYTE *)v4 + 32) = (*(_BYTE *)(a2 + 6) >> 1) & 1;

1380-
1380+
1381
    result = *(PVOID *)(a3 + 4);

1382-
1382+
1383-
1383+
1384-
1384+
1385
}

1386-
1386+
1387
void __userpurge sub_1141E(int a1<eax>, int a2<ecx>, int a3<ebx>, int a4, int a5)

1388-
1388+
1389
  int v5; // esi@1

1390-
1390+
1391
  int v7; // edi@2

1392-
1392+
1393-
1393+
1394-
1394+
1395
  RTL_GENERIC_TABLE *v11; // edi@10

1396-
1396+
1397
  LSA_UNICODE_STRING DestinationString; // [sp+1Ch] [bp-1Ch]@3

1398-
1398+
1399
  int v15; // [sp+28h] [bp-10h]@9

1400-
1400+
1401
  int v17; // [sp+30h] [bp-8h]@1

1402-
1402+
1403
  v17 = 0;

1404-
1404+
1405
  v5 = a2;

1406-
1406+
1407
  if ( v6 )

1408-
1408+
1409
    v7 = *(_DWORD *)(a1 + 4);

1410-
1410+
1411
  }

1412-
1412+
1413
  {

1414-
1414+
1415
    if ( sub_10638(&DestinationString, dword_14539, (int)&v16) )

1416-
1416+
1417
      v9 = *(_DWORD *)v5;

1418-
1418+
1419
    }

1420-
1420+
1421
    {

1422-
1422+
1423
      if ( *(_BYTE *)(a3 + 6) & 1 )

1424-
1424+
1425
      v9 = *(_DWORD *)v8;

1426-
1426+
1427
    }

1428-
1428+
1429
  }

1430-
1430+
1431
  if ( v7 )

1432-
1432+
1433
    sub_10B36((int)&v18);

1434-
1434+
1435
    v10 = (int)sub_11028(a4, v18);

1436-
1436+
1437
      sub_113C2((int)&v14, a3, v10);

1438-
1438+
1439-
1439+
1440-
1440+
1441
// 14539: using guessed type int dword_14539;

1442-
1442+
1443
void __fastcall sub_114EC(int a1, int a2, int a3, int a4, int a5)

1444-
1444+
1445
  sub_1141E(a5, a1, a2, a3, a4);

1446-
1446+
1447
//----- (00011522) --------------------------------------------------------

1448-
1448+
1449
{

1450-
1450+
1451
  char v7; // [sp+Ch] [bp-28h]@1

1452-
1452+
1453-
1453+
1454-
1454+
1455
  v10 = 0;

1456-
1456+
1457
  if ( !v10 )

1458-
1458+
1459
  if ( v7 )

1460-
1460+
1461
    v7 = 0;

1462-
1462+
1463
  }

1464-
1464+
1465
}

1466-
1466+
1467
//----- (00011578) --------------------------------------------------------

1468-
1468+
1469
{

1470-
1470+
1471
  sub_10B36((int)&v2);

1472-
1472+
1473
}

1474-
1474+
1475
PVOID __stdcall sub_11598(int a1)

1476-
1476+
1477
  return sub_11578(a1);

1478-
1478+
1479
//----- (000115CC) --------------------------------------------------------

1480-
1480+
1481
{

1482-
1482+
1483
  int v4; // ST38_4@1

1484-
1484+
1485
  char v6; // zf@2

1486-
1486+
1487-
1487+
1488-
1488+
1489
  char v10; // [sp+8h] [bp-38h]@1

1490-
1490+
1491
  int v12; // [sp+2Ch] [bp-14h]@2

1492-
1492+
1493
  int v14; // [sp+34h] [bp-Ch]@12

1494-
1494+
1495
  v4 = *(_DWORD *)(a2 + 4);

1496-
1496+
1497
  result = sub_121E1((int)&v10, v4, 1);

1498-
1498+
1499-
1499+
1500-
1500+
1501
    sub_11066(a3, v15);

1502-
1502+
1503
    *(_DWORD *)v12 = *(_DWORD *)(a2 + 4);

1504-
1504+
1505
    *(_DWORD *)(v5 + 16) = sub_1236B((int)&v10, -1871298611);

1506-
1506+
1507
    *(_DWORD *)(v5 + 32) = sub_1236B((int)&v10, 578844873);

1508-
1508+
1509
    *(_DWORD *)(v5 + 48) = sub_1236B((int)&v10, 1538689877);

1510-
1510+
1511
    *(_DWORD *)(v5 + 64) = sub_1236B((int)&v10, -411935863);

1512-
1512+
1513
    result = sub_1236B((int)&v10, 201870840);

1514-
1514+
1515
    *(_DWORD *)(v5 + 80) = result;

1516-
1516+
1517
    {

1518-
1518+
1519
      {

1520-
1520+
1521
        {

1522-
1522+
1523
          {

1524-
1524+
1525
            {

1526-
1526+
1527
              {

1528-
1528+
1529
                {

1530-
1530+
1531
                  {

1532-
1532+
1533
                    {

1534-
1534+
1535
                      {

1536-
1536+
1537
                        v7 = v5 + 120;

1538-
1538+
1539
                        v9 = v14;

1540-
1540+
1541
                        v9 += 4;

1542-
1542+
1543
                        *(_DWORD *)v7 = *(_DWORD *)v9;

1544-
1544+
1545
                        *(_DWORD *)result = *(_DWORD *)"ž";

1546-
1546+
1547
                        *(_BYTE *)(result + 6) = asc_12678[6];

1548-
1548+
1549
                      }

1550-
1550+
1551-
1551+
1552-
1552+
1553
              }

1554-
1554+
1555
          }

1556-
1556+
1557
      }

1558-
1558+
1559
  }

1560-
1560+
1561-
1561+
1562-
1562+
1563
signed int __thiscall sub_11718(int this, int a2, const void *a3)

1564-
1564+
1565
  return sub_115CC(a3, this, a2);

1566-
1566+
1567
//----- (0001174A) --------------------------------------------------------

1568-
1568+
1569
{

1570-
1570+
1571
  const void *v3; // edi@1

1572-
1572+
1573
  char v5; // [sp+8h] [bp-28h]@2

1574-
1574+
1575
  char v7; // [sp+14h] [bp-1Ch]@5

1576-
1576+
1577
  result = (__int32)sub_11598(a1);

1578-
1578+
1579
  if ( result )

1580-
1580+
1581
    v8 = 0;

1582-
1582+
1583
    if ( !v8 )

1584-
1584+
1585
    if ( v5 )

1586-
1586+
1587
      v5 = 0;

1588-
1588+
1589
    }

1590-
1590+
1591
  }

1592-
1592+
1593
}

1594-
1594+
1595
//----- (000117A8) --------------------------------------------------------

1596-
1596+
1597
{

1598-
1598+
1599
  int v3; // esi@1

1600-
1600+
1601-
1601+
1602-
1602+
1603
  char result; // al@4

1604-
1604+
1605
  WCHAR *v9; // esi@6

1606-
1606+
1607
  int v11; // [sp+8h] [bp-Ch]@3

1608-
1608+
1609
  int v13; // [sp+10h] [bp-4h]@6

1610-
1610+
1611-
1611+
1612-
1612+
1613
  {

1614-
1614+
1615
    ++a1;

1616-
1616+
1617
  while ( v4 );

1618-
1618+
1619
  v5 = (unsigned __int16)(*(_WORD *)a2 >> 1);

1620-
1620+
1621
  if ( v6 <= v5 )

1622-
1622+
1623
    v12 = 0;

1624-
1624+
1625
    if ( v6 )

1626-
1626+
1627
      v13 = v8 - (_DWORD)v2;

1628-
1628+
1629
      while ( 1 )

1630-
1630+
1631
        v10 = RtlUpcaseUnicodeChar(*(WCHAR *)((char *)v9 + v13));

1632-
1632+
1633
          break;

1634-
1634+
1635
        ++v9;

1636-
1636+
1637
          goto LABEL_9;

1638-
1638+
1639
      result = 0;

1640-
1640+
1641-
1641+
1642-
1642+
1643
LABEL_9:

1644-
1644+
1645
    }

1646-
1646+
1647
  else

1648-
1648+
1649
    result = 0;

1650-
1650+
1651
  return result;

1652-
1652+
1653-
1653+
1654-
1654+
1655
{

1656-
1656+
1657
  PVOID BaseAddress; // [sp+0h] [bp-8h]@1

1658-
1658+
1659
  BaseAddress = 0;

1660-
1660+
1661
  if ( ZwAllocateVirtualMemory((HANDLE)0xFFFFFFFF, &BaseAddress, 0, &AllocationSize, 0x1000u, 0x40u)

1662-
1662+
1663
    result = 0;

1664-
1664+
1665
    result = BaseAddress;

1666-
1666+
1667
}

1668-
1668+
1669
int __usercall sub_11864<eax>(HANDLE *a1<edi>)

1670-
1670+
1671
  signed int v1; // esi@1

1672-
1672+
1673
  HANDLE Handle; // [sp+4h] [bp-4Ch]@3

1674-
1674+
1675
  struct _IO_STATUS_BLOCK IoStatusBlock; // [sp+3Ch] [bp-14h]@2

1676-
1676+
1677
  NTSTATUS v8; // [sp+4Ch] [bp-4h]@2

1678-
1678+
1679
  ObjectAttributes.RootDirectory = 0;

1680-
1680+
1681
  ObjectAttributes.SecurityQualityOfService = 0;

1682-
1682+
1683
  ObjectAttributes.Attributes = 64;

1684-
1684+
1685
  v1 = 0;

1686-
1686+
1687
  {

1688-
1688+
1689
    if ( v8 )

1690-
1690+
1691
    *(&Handle + v1++) = *a1;

1692-
1692+
1693-
1693+
1694-
1694+
1695
  ++v1;

1696-
1696+
1697
  for ( i = v1 - 2; i >= 0; --i )

1698-
1698+
1699
  return v8;

1700-
1700+
1701
//----- (000118E2) --------------------------------------------------------

1702-
1702+
1703
{

1704-
1704+
1705-
1705+
1706-
1706+
1707
  int v5; // ecx@6

1708-
1708+
1709
  unsigned int v7; // eax@9

1710-
1710+
1711
  int v9; // eax@11

1712-
1712+
1713
  unsigned int v11; // [sp+4h] [bp-Ch]@10

1714-
1714+
1715
  int v13; // [sp+Ch] [bp-4h]@3

1716-
1716+
1717-
1717+
1718-
1718+
1719
    result = 0;

1720-
1720+
1721
  else

1722-
1722+
1723
    if ( v3 )

1724-
1724+
1725
      result = -1073741823;

1726-
1726+
1727
    else

1728-
1728+
1729
      v5 = v13;

1730-
1730+
1731
      for ( i = v13 + v12; v5 + 8 <= (unsigned int)i; v13 = v5 )

1732-
1732+
1733
        v6 = *(_DWORD *)(v5 + 4);

1734-
1734+
1735
          break;

1736-
1736+
1737
          return -1073741823;

1738-
1738+
1739
        v8 = 0;

1740-
1740+
1741
        {

1742-
1742+
1743
          {

1744-
1744+
1745-
1745+
1746-
1746+
1747
              if ( v9 >= a1 && v9 < a1 + 12 )

1748-
1748+
1749
            }

1750-
1750+
1751
          }

1752-
1752+
1753
        }

1754-
1754+
1755
        v4 = v5 + 8;

1756-
1756+
1757
      result = 0;

1758-
1758+
1759
  }

1760-
1760+
1761
}

1762-
1762+
1763
char __fastcall sub_119AE(int a1, int a2)

1764-
1764+
1765
  int v2; // eax@1

1766-
1766+
1767
  return !(v2 & 0x2000000)

1768-
1768+
1769
      && v2 & 0x20

1770-
1770+
1771
      && (!strncmp((const char *)a2, ".text", 8) || !strncmp((const char *)a2, "PAGE", 8));

1772-
1772+
1773
//----- (00011A08) --------------------------------------------------------

1774-
1774+
1775-
1775+
1776-
1776+
1777
  v1 = 0;

1778-
1778+
1779
  {

1780-
1780+
1781
    if ( v1 >= 0x14 )

1782-
1782+
1783
                                                                                                 - a1);

1784-
1784+
1785
  return 0;

1786-
1786+
1787
//----- (00011A4A) --------------------------------------------------------

1788-
1788+
1789
{

1790-
1790+
1791
  int v4; // edx@4

1792-
1792+
1793
  int v6; // edx@5

1794-
1794+
1795
  int v9; // [sp-4h] [bp-10h]@4

1796-
1796+
1797
  v10 = 0;

1798-
1798+
1799
  while ( 1 )

1800-
1800+
1801
    if ( a3 <= v3 + 5 )

1802-
1802+
1803
    if ( *(_BYTE *)v3 == -24 )

1804-
1804+
1805
      v5 = *(_DWORD *)(v3 + 1) + v3 + 5;

1806-
1806+
1807
      if ( v4 )

1808-
1808+
1809
        if ( sub_119AE(v9, v4) )

1810-
1810+
1811
          v7 = *(_DWORD *)(v6 + 8);

1812-
1812+
1813
            v7 = *(_DWORD *)(v6 + 16);

1814-
1814+
1815
            break;

1816-
1816+
1817
      }

1818-
1818+
1819
    ++v10;

1820-
1820+
1821
    if ( v10 >= 0x1E )

1822-
1822+
1823
  }

1824-
1824+
1825
}

1826-
1826+
1827
const char *__usercall sub_11ABC<eax>(const char *result<eax>, int a2<ecx>)

1828-
1828+
1829
  int v2; // ebx@1

1830-
1830+
1831
  while ( (unsigned int)result < v2 )

1832-
1832+
1833
    while ( (unsigned int)result <= v2 - 4 )

1834-
1834+
1835
      if ( *(_DWORD *)result == dword_12658 )

1836-
1836+
1837
      ++result;

1838-
1838+
1839
    result = 0;

1840-
1840+
1841
    if ( !result )

1842-
1842+
1843
    if ( !strncmp(result, (const char *)&dword_12658, 14) )

1844-
1844+
1845
    ++result;

1846-
1846+
1847
  return 0;

1848-
1848+
1849
// 12658: using guessed type int dword_12658;

1850-
1850+
1851
int __stdcall sub_11B04(int a1, const char *a2, unsigned int a3, int a4, int a5)

1852-
1852+
1853
  int result; // eax@2

1854-
1854+
1855
  int v7; // eax@17

1856-
1856+
1857
  int v9; // eax@24

1858-
1858+
1859
  int v11; // [sp+Ch] [bp-4h]@14

1860-
1860+
1861-
1861+
1862-
1862+
1863
    result = (int)sub_11ABC(a2, a3);

1864-
1864+
1865
    {

1866-
1866+
1867
        *(_BYTE *)a5 = 1;

1868-
1868+
1869
        *(_DWORD *)a4 = result;

1870-
1870+
1871
  }

1872-
1872+
1873
  {

1874-
1874+
1875
    result = a3 - 10;

1876-
1876+
1877
    if ( (unsigned int)a2 < a3 - 10 )

1878-
1878+
1879
      while ( 2 )

1880-
1880+
1881-
1881+
1882-
1882+
1883
          if ( result > a3 - 14 )

1884-
1884+
1885
            v11 = 0;

1886-
1886+
1887
          }

1888-
1888+
1889
            break;

1890-
1890+
1891
        v11 = result;

1892-
1892+
1893
        if ( v11 )

1894-
1894+
1895
          if ( !strncmp((const char *)v11, (const char *)&dword_12628, 5) )

1896-
1896+
1897
            v8 = 0;

1898-
1898+
1899
            while ( (unsigned int)&v6[v8] < v11 )

1900-
1900+
1901
              if ( *(_BYTE *)v7 == -24

1902-
1902+
1903
              {

1904-
1904+
1905
                if ( !v9 )

1906-
1906+
1907
                if ( !*(_DWORD *)a4 || v9 == *(_DWORD *)a4 )

1908-
1908+
1909
                  *(_DWORD *)a4 = v9;

1910-
1910+
1911
                }

1912-
1912+
1913
                *(_BYTE *)a5 = 1;

1914-
1914+
1915
              }

1916-
1916+
1917
              --v7;

1918-
1918+
1919
                break;

1920-
1920+
1921
          }

1922-
1922+
1923
          result = v10;

1924-
1924+
1925
          {

1926-
1926+
1927
            continue;

1928-
1928+
1929
        }

1930-
1930+
1931
      }

1932-
1932+
1933
  }

1934-
1934+
1935
}

1936-
1936+
1937
//----- (00011C14) --------------------------------------------------------

1938-
1938+
1939
{

1940-
1940+
1941
  int v1; // eax@2

1942-
1942+
1943-
1943+
1944-
1944+
1945
  int v5; // edx@5

1946-
1946+
1947
  int v7; // eax@8

1948-
1948+
1949
  char v10; // [sp+Ch] [bp-2Ch]@3

1950-
1950+
1951
  unsigned __int16 v12; // [sp+24h] [bp-14h]@4

1952-
1952+
1953-
1953+
1954-
1954+
1955
  v0 = 0;

1956-
1956+
1957
  if ( !dword_146AC )

1958-
1958+
1959
    v1 = sub_1098E();

1960-
1960+
1961
    if ( v1 )

1962-
1962+
1963
      if ( !sub_121E1((int)&v10, v1, 1) )

1964-
1964+
1965
        v3 = v12;

1966-
1966+
1967
        v14 = 0;

1968-
1968+
1969
        {

1970-
1970+
1971
          {

1972-
1972+
1973
            {

1974-
1974+
1975
              if ( *(_DWORD *)(v5 + 8) < v6 )

1976-
1976+
1977
              v7 = v13 + *(_DWORD *)(v5 + 12);

1978-
1978+
1979-
1979+
1980-
1980+
1981
              if ( v15 )

1982-
1982+
1983
            }

1984-
1984+
1985
            if ( (_WORD)v0 >= (unsigned __int16)v3 )

1986-
1986+
1987
              if ( !v14 )

1988-
1988+
1989
              dword_146A8 = v14;

1990-
1990+
1991-
1991+
1992-
1992+
1993
        }

1994-
1994+
1995
    }

1996-
1996+
1997
  }

1998-
1998+
1999
}

2000-
2000+
2001
// 146AC: using guessed type int dword_146AC;

2002-
2002+
2003
int __stdcall sub_11CCC(int a1)

2004-
2004+
2005
  int v1; // eax@1

2006-
2006+
2007
  int v3; // ebx@4

2008-
2008+
2009-
2009+
2010-
2010+
2011
  *(_DWORD *)(a1 + 28) = 0;

2012-
2012+
2013
  {

2014-
2014+
2015
  }

2016-
2016+
2017
  {

2018-
2018+
2019
    if ( *(_DWORD *)v3 == -1347686387 )

2020-
2020+
2021
      v5 = 0;

2022-
2022+
2023
      result = v5;

2024-
2024+
2025
      {

2026-
2026+
2027
                   *(_DWORD *)(v3 + 8),

2028-
2028+
2029
                   v3 + 24,

2030-
2030+
2031
                   v3 + 32);

2032-
2032+
2033
        {

2034-
2034+
2035
          result = 0;

2036-
2036+
2037
      }

2038-
2038+
2039
    else

2040-
2040+
2041
      result = -1073741811;

2042-
2042+
2043
  }

2044-
2044+
2045
}

2046-
2046+
2047
char __stdcall sub_11D46(int a1, unsigned int a2)

2048-
2048+
2049
  char result; // al@1

2050-
2050+
2051
  v3 = 0;

2052-
2052+
2053
  if ( a2 )

2054-
2054+
2055
    do

2056-
2056+
2057
    while ( v3 < a2 );

2058-
2058+
2059
  return result;

2060-
2060+
2061
//----- (00011D62) --------------------------------------------------------

2062-
2062+
2063-
2063+
2064-
2064+
2065
  OBJECT_ATTRIBUTES ObjectAttributes; // [sp+8h] [bp-20h]@1

2066-
2066+
2067
  HANDLE Handle; // [sp+24h] [bp-4h]@1

2068-
2068+
2069
  LOBYTE(v6) = 0;

2070-
2070+
2071
  ObjectAttributes.Length = 24;

2072-
2072+
2073
  ObjectAttributes.Attributes = 64;

2074-
2074+
2075
  ObjectAttributes.SecurityQualityOfService = 0;

2076-
2076+
2077
  LOBYTE(v6) = v3 == 0;

2078-
2078+
2079
    v3 = sub_11DD6((int)&v6, ValueName, a3);

2080-
2080+
2081
  {

2082-
2082+
2083
    ZwClose(Handle);

2084-
2084+
2085
  return v3;

2086-
2086+
2087
//----- (00011DD6) --------------------------------------------------------

2088-
2088+
2089
{

2090-
2090+
2091
  signed int v5; // esi@14

2092-
2092+
2093
  int v7; // eax@17

2094-
2094+
2095
  ULONG v9; // [sp-4h] [bp-30h]@7

2096-
2096+
2097
  ULONG ResultLength; // [sp+20h] [bp-Ch]@4

2098-
2098+
2099
  if ( !*(_BYTE *)a1

2100-
2100+
2101
        ZwQueryValueKey(*(HANDLE *)(a1 + 4), ValueName, KeyValuePartialInformation, 0, 0, &ResultLength) != -1073741789) )

2102-
2102+
2103
  v12 = 0;

2104-
2104+
2105
  if ( v12 )

2106-
2106+
2107
    if ( !P )

2108-
2108+
2109
    v9 = 0;

2110-
2110+
2111
LABEL_8:

2112-
2112+
2113
    return v12;

2114-
2114+
2115
  v4 = P;

2116-
2116+
2117
  if ( v12 )

2118-
2118+
2119
    if ( !v4 )

2120-
2120+
2121
    v9 = 0;

2122-
2122+
2123
    goto LABEL_8;

2124-
2124+
2125
  if ( *((_DWORD *)v4 + 1) == 3 )

2126-
2126+
2127
    v6 = (int)ExAllocatePool(0, 0x10u);

2128-
2128+
2129
    {

2130-
2130+
2131
      v4 = P;

2132-
2132+
2133
    else

2134-
2134+
2135
      v7 = 0;

2136-
2136+
2137
    sub_1076E(a3, (PVOID *)v7);

2138-
2138+
2139
    if ( v12 )

2140-
2140+
2141
      v5 = v12;

2142-
2142+
2143
    }

2144-
2144+
2145
      goto LABEL_15;

2146-
2146+
2147
  v5 = -1073741823;

2148-
2148+
2149
  ExFreePoolWithTag(v4, 0);

2150-
2150+
2151
}

2152-
2152+
2153
int __usercall sub_11EC6<eax>(char a1<al>, int a2<ecx>, unsigned int a3<esi>)

2154-
2154+
2155
  unsigned int v3; // edx@2

2156-
2156+
2157
  int result; // eax@6

2158-
2158+
2159
  char v8; // [sp+Ch] [bp-Ch]@1

2160-
2160+
2161
  unsigned int v10; // [sp+14h] [bp-4h]@1

2162-
2162+
2163
  v7 = a1 ^ 0xD;

2164-
2164+
2165
  v9 = 7;

2166-
2166+
2167
  {

2168-
2168+
2169
    if ( a3 )

2170-
2170+
2171
      do

2172-
2172+
2173
        *(_BYTE *)(v3 + a2) ^= v9 * v8 + v3 * v7;

2174-
2174+
2175
      }

2176-
2176+
2177
    }

2178-
2178+
2179
    if ( v10 )

2180-
2180+
2181
      do

2182-
2182+
2183
        *(_BYTE *)(v4 + a2) ^= *(_BYTE *)(((a3 + 1) >> 1) + a2 + v4);

2184-
2184+
2185
      }

2186-
2186+
2187
    }

2188-
2188+
2189
      *(_BYTE *)(result + a2) -= *(_BYTE *)(result + a2 - 1);

2190-
2190+
2191
  while ( v9-- - 1 >= 0 );

2192-
2192+
2193
}

2194-
2194+
2195
int __stdcall sub_11F42(int a1, int a2, HANDLE Handle)

2196-
2196+
2197
  int v3; // eax@2

2198-
2198+
2199
  int v5; // eax@5

2200-
2200+
2201-
2201+
2202-
2202+
2203
  *(_DWORD *)a1 = 0;

2204-
2204+
2205
  if ( !*(_DWORD *)a2 )

2206-
2206+
2207
    ms_exc.disabled = 0;

2208-
2208+
2209
    *(_DWORD *)a2 = v3;

2210-
2210+
2211
    {

2212-
2212+
2213
      if ( v8 && (v5 = *(_DWORD *)(v8 + 8)) != 0 )

2214-
2214+
2215
        *(_DWORD *)a1 = v5;

2216-
2216+
2217
      }

2218-
2218+
2219
      {

2220-
2220+
2221-
2221+
2222-
2222+
2223
    ms_exc.disabled = -1;

2224-
2224+
2225
  return a1;

2226-
2226+
2227
//----- (00011FC0) --------------------------------------------------------

2228-
2228+
2229
{

2230-
2230+
2231-
2231+
2232-
2232+
2233
  if ( !*(_DWORD *)a2 )

2234-
2234+
2235
    KeStackAttachProcess(*(_DWORD *)(a1 + 8), a1 + 12);

2236-
2236+
2237
  }

2238-
2238+
2239
}

2240-
2240+
2241
//----- (00012000) --------------------------------------------------------

2242-
2242+
2243
{

2244-
2244+
2245-
2245+
2246-
2246+
2247
  PVOID Object; // [sp+14h] [bp-Ch]@3

2248-
2248+
2249
  int v7; // [sp+1Ch] [bp-4h]@1

2250-
2250+
2251
  sub_12094((int)&v4, (int)&v7, (int)Handle);

2252-
2252+
2253
  {

2254-
2254+
2255
    {

2256-
2256+
2257
      ObfDereferenceObject(Object);

2258-
2258+
2259
    result = v7;

2260-
2260+
2261
  else

2262-
2262+
2263
    Handle = 0;

2264-
2264+
2265
    if ( !v3 )

2266-
2266+
2267
      ReturnLength = 0;

2268-
2268+
2269
    }

2270-
2270+
2271
      ZwClose(Handle);

2272-
2272+
2273
    {

2274-
2274+
2275
      ObfDereferenceObject(Object);

2276-
2276+
2277
    result = v3;

2278-
2278+
2279
  return result;

2280-
2280+
2281
// 1260C: using guessed type int __stdcall ObOpenObjectByPointer(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD);

2282-
2282+
2283
int __userpurge sub_12094<eax>(int a1<ebx>, int a2<edi>, int a3)

2284-
2284+
2285
  char v3; // zf@1

2286-
2286+
2287-
2287+
2288-
2288+
2289
  *(_BYTE *)a1 = 0;

2290-
2290+
2291
  {

2292-
2292+
2293
    *(_DWORD *)a2 = v4;

2294-
2294+
2295
    {

2296-
2296+
2297
        *(_BYTE *)a1 = 1;

2298-
2298+
2299
        *(_DWORD *)a2 = -1073741823;

2300-
2300+
2301
  }

2302-
2302+
2303
}

2304-
2304+
2305
//----- (000120CC) --------------------------------------------------------

2306-
2306+
2307
{

2308-
2308+
2309-
2309+
2310-
2310+
2311
    v2 = *(void **)(result + 4);

2312-
2312+
2313
    result = ObfDereferenceObject(v2);

2314-
2314+
2315
  return result;

2316-
2316+
2317
//----- (000120DE) --------------------------------------------------------

2318-
2318+
2319
{

2320-
2320+
2321
  int v2; // edx@1

2322-
2322+
2323
  int v4; // esi@2

2324-
2324+
2325
  v3 = *(_BYTE *)a1;

2326-
2326+
2327
  {

2328-
2328+
2329
    ++v2;

2330-
2330+
2331
  }

2332-
2332+
2333
}

2334-
2334+
2335
int __cdecl sub_1210F(int a1, unsigned int a2)

2336-
2336+
2337
  unsigned __int16 v2; // bx@1

2338-
2338+
2339
  int v4; // esi@1

2340-
2340+
2341-
2341+
2342-
2342+
2343
  int result; // eax@8

2344-
2344+
2345
  v2 = *(_WORD *)(a1 + 24);

2346-
2346+
2347
  v3 = 0;

2348-
2348+
2349
  {

2350-
2350+
2351
    result = 0;

2352-
2352+
2353
  else

2354-
2354+
2355
    v9 = *(_DWORD *)(a1 + 8);

2356-
2356+
2357
    {

2358-
2358+
2359
      v6 = *(_DWORD *)(v5 + 8);

2360-
2360+
2361
        v6 = *(_DWORD *)(v5 + 16);

2362-
2362+
2363
      if ( a2 >= v7 )

2364-
2364+
2365
        if ( a2 < v6 + v7 )

2366-
2366+
2367-
2367+
2368-
2368+
2369
      if ( (_WORD)v3 >= v2 )

2370-
2370+
2371
    }

2372-
2372+
2373
  }

2374-
2374+
2375
}

2376-
2376+
2377
signed int __usercall sub_1216B<eax>(int a1<eax>, unsigned int a2<ebx>)

2378-
2378+
2379
  int v2; // esi@1

2380-
2380+
2381
  int v4; // edi@3

2382-
2382+
2383
  unsigned int v6; // ecx@6

2384-
2384+
2385
  int v8; // esi@12

2386-
2386+
2387
  v2 = *(_DWORD *)(a1 + 20);

2388-
2388+
2389
  if ( a2 < *(_DWORD *)(a1 + 26) )

2390-
2390+
2391
    v4 = 0;

2392-
2392+
2393
      goto LABEL_17;

2394-
2394+
2395
      goto LABEL_14;

2396-
2396+
2397
    {

2398-
2398+
2399
      v6 = *(_DWORD *)(v5 + 8);

2400-
2400+
2401
        v6 = *(_DWORD *)(v5 + 16);

2402-
2402+
2403
      if ( a2 >= v7 )

2404-
2404+
2405
        if ( a2 < v6 + v7 )

2406-
2406+
2407
      }

2408-
2408+
2409
      if ( (_WORD)v4 >= v9 )

2410-
2410+
2411
    }

2412-
2412+
2413
    if ( v8 & 0x2000000 || !(v8 & 0x40000000) )

2414-
2414+
2415
      result = 0;

2416-
2416+
2417
LABEL_17:

2418-
2418+
2419
  }

2420-
2420+
2421
  {

2422-
2422+
2423
  }

2424-
2424+
2425-
2425+
2426-
2426+
2427
signed int __cdecl sub_121E1(int a1, int a2, int a3)

2428-
2428+
2429
  int v4; // eax@3

2430-
2430+
2431
  int v6; // edx@7

2432-
2432+
2433
  __int16 v8; // dx@12

2434-
2434+
2435
    return 1;

2436-
2436+
2437
  if ( 22531 == (v5 ^ 0x594F) )

2438-
2438+
2439
    if ( (*(_WORD *)(v4 + 24) ^ 0x5908) == 22531 && *(_WORD *)(v4 + 20) == 224 )

2440-
2440+
2441
      v7 = a1;

2442-
2442+
2443
      v6 = v4 + 120;

2444-
2444+
2445
      *(_DWORD *)(v7 + 16) = v6;

2446-
2446+
2447
      *(_DWORD *)(v7 + 20) = *(_WORD *)(v4 + 20) + v4 + 24;

2448-
2448+
2449-
2449+
2450-
2450+
2451
      *(_WORD *)(v7 + 24) = v8;

2452-
2452+
2453
      return 0;

2454-
2454+
2455
  }

2456-
2456+
2457
  {

2458-
2458+
2459
    {

2460-
2460+
2461
      *(_DWORD *)a1 = 1;

2462-
2462+
2463
      goto LABEL_12;

2464-
2464+
2465
  }

2466-
2466+
2467
}

2468-
2468+
2469
signed int __cdecl sub_122B3(int a1, unsigned int a2)

2470-
2470+
2471
  signed int result; // eax@1

2472-
2472+
2473
  if ( result )

2474-
2474+
2475
  return result;

2476-
2476+
2477
//----- (000122D0) --------------------------------------------------------

2478-
2478+
2479
{

2480-
2480+
2481
  bool result; // eax@2

2482-
2482+
2483
  v4 = *(_DWORD *)(a1 + 16) + 8 * a2;

2484-
2484+
2485
    return 1;

2486-
2486+
2487
  if ( *(_DWORD *)v4 )

2488-
2488+
2489
    if ( v6 + *(_DWORD *)(v4 + 4) > *(_DWORD *)(a1 + 26) )

2490-
2490+
2491
    *(_DWORD *)a3 = sub_122B3(a1, *(_DWORD *)v4);

2492-
2492+
2493
    result = *(_DWORD *)a3 == 0;

2494-
2494+
2495
  else

2496-
2496+
2497
    LOBYTE(v6) = *(_DWORD *)(v4 + 4) == v6;

2498-
2498+
2499
  }

2500-
2500+
2501
}

2502-
2502+
2503
signed int __usercall sub_12323<eax>(unsigned int a1<eax>, int a2, int a3, unsigned __int16 a4)

2504-
2504+
2505
  signed int v4; // eax@1

2506-
2506+
2507
  unsigned int v6; // eax@3

2508-
2508+
2509
  v5 = a1;

2510-
2510+
2511
  if ( !v4

2512-
2512+
2513
    || (v6 = *(_DWORD *)(v4 + 4 * a4), !v6)

2514-
2514+
2515
    || result >= v5 && result < a3 + v5 )

2516-
2516+
2517-
2517+
2518-
2518+
2519
//----- (0001236B) --------------------------------------------------------

2520-
2520+
2521
{

2522-
2522+
2523
  signed int result; // eax@2

2524-
2524+
2525
  unsigned int v5; // ebx@6

2526-
2526+
2527-
2527+
2528-
2528+
2529
  int v9; // [sp+Ch] [bp-4h]@1

2530-
2530+
2531
  if ( sub_122D0(a1, 0, (int)&v9, (int)&v7) )

2532-
2532+
2533
    result = 0;

2534-
2534+
2535
  else

2536-
2536+
2537
    v4 = v9;

2538-
2538+
2539
    if ( v9 && (v8 = sub_122B3(a1, *(_DWORD *)(v4 + 36))) != 0 )

2540-
2540+
2541-
2541+
2542-
2542+
2543
      {

2544-
2544+
2545
        {

2546-
2546+
2547
          if ( !v6 )

2548-
2548+
2549
          if ( sub_120DE(v6) == a2 )

2550-
2550+
2551
          ++v2;

2552-
2552+
2553-
2553+
2554-
2554+
2555
      result = 0;

2556-
2556+
2557
    else

2558-
2558+
2559
      result = 0;

2560-
2560+
2561
  }

2562-
2562+
2563
}

2564-
2564+
2565
signed int __usercall sub_12A24<eax>(int a1<esi>)

2566-
2566+
2567-
2567+
2568-
2568+
2569
  int v3; // eax@1

2570-
2570+
2571
  signed int result; // eax@2

2572-
2572+
2573
  v2 = *(int (__stdcall **)(_DWORD))(v1 + 32);

2574-
2574+
2575
  *(_DWORD *)(a1 + 1) = 57;

2576-
2576+
2577
  *(_DWORD *)(a1 + 17) = sub_12D71((void *)0x686);

2578-
2578+
2579-
2579+
2580-
2580+
2581
  v3 = sub_12D71((void *)0x260);

2582-
2582+
2583
  *(_DWORD *)(a1 + 33) = v4;

2584-
2584+
2585
  {

2586-
2586+
2587
    *(_DWORD *)(a1 + 45) = 0;

2588-
2588+
2589
    result = 0;

2590-
2590+
2591
  else

2592-
2592+
2593
    result = 1;

2594-
2594+
2595
  return result;

2596-
2596+
2597
//----- (00012A95) --------------------------------------------------------

2598-
2598+
2599
{

2600-
2600+
2601
  int v2; // edi@1

2602-
2602+
2603
  int v4; // eax@2

2604-
2604+
2605-
2605+
2606-
2606+
2607
  int v8; // [sp+51h] [bp-3Fh]@2

2608-
2608+
2609
  int (__cdecl *v10)(char *); // [sp+88h] [bp-8h]@1

2610-
2610+
2611
  v2 = *(_DWORD *)(a1 + 88);

2612-
2612+
2613
  v10 = (int (__cdecl *)(char *))(v2 + 149 + *(_DWORD *)(v2 + 129));

2614-
2614+
2615
  *(_DWORD *)(v2 + 149 + *(_DWORD *)(v2 + 141)) = 17744;

2616-
2616+
2617
  result = sub_12A24((int)&v7);

2618-
2618+
2619
  {

2620-
2620+
2621
    v8 = v2 + 149;

2622-
2622+
2623
    v4 = sub_12D71((void *)0x350);

2624-
2624+
2625
    if ( !result )

2626-
2626+
2627
      result = sub_12A24((int)&v7);

2628-
2628+
2629
      {

2630-
2630+
2631
        v9 = *(_DWORD *)(a1 + 104);

2632-
2632+
2633
        result = v11(&v7, (int)&v6);

2634-
2634+
2635-
2635+
2636-
2636+
2637
          if ( result )

2638-
2638+
2639
        }

2640-
2640+
2641
    }

2642-
2642+
2643
  return result;

2644-
2644+
2645
//----- (00012D37) --------------------------------------------------------

2646-
2646+
2647
{

2648-
2648+
2649
  bool result; // eax@2

2650-
2650+
2651
  v2 = *(int (__stdcall **)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))(a1 + 80);

2652-
2652+
2653
  if ( v2(*(_DWORD *)(a1 + 144), 2242560, a2, 40, a2, 40, &v4, 0) )

2654-
2654+
2655
  else

2656-
2656+
2657
  return result;

2658-
2658+
2659
//----- (00012D71) --------------------------------------------------------

2660-
2660+
2661
{

2662-
2662+
2663
}

2664-
2664+
2665
signed int __usercall sub_13343<eax>(int a1<eax>, unsigned int a2)

2666-
2666+
2667
  unsigned int v2; // edi@1

2668-
2668+
2669
  unsigned int v5; // ebx@4

2670-
2670+
2671
  unsigned int v7; // edx@8

2672-
2672+
2673
  unsigned int v9; // [sp+8h] [bp-4h]@1

2674-
2674+
2675
  LOWORD(v2) = *(_WORD *)(a1 + 24);

2676-
2676+
2677
    return 2;

2678-
2678+
2679
  if ( !(*(_DWORD *)(a1 + 26) % *(_DWORD *)(v4 + 56)) && *(_WORD *)(v4 + 6) )

2680-
2680+
2681
    v2 = (unsigned __int16)v2;

2682-
2682+
2683
      return 0;

2684-
2684+
2685
    while ( 1 )

2686-
2686+
2687
      v8 = *(_DWORD *)v6;

2688-
2688+
2689
      if ( *(_DWORD *)v6 >= v7 )

2690-
2690+
2691
      if ( v8 + *(_DWORD *)(v6 + 4) > a2 || v7 + *(_DWORD *)(v6 - 4) > v5 )

2692-
2692+
2693
      v6 += 40;

2694-
2694+
2695
      if ( v9 >= v2 )

2696-
2696+
2697
    }

2698-
2698+
2699
  return 2;

2700-
2700+
2701
//----- (000133BF) --------------------------------------------------------

2702-
2702+
2703
{

2704-
2704+
2705
  int v4; // ecx@1

2706-
2706+
2707
  int v6; // esi@2

2708-
2708+
2709
  int v8; // ecx@5

2710-
2710+
2711
  v4 = *(_DWORD *)(a1 + 20);

2712-
2712+
2713
  if ( result )

2714-
2714+
2715-
2715+
2716-
2716+
2717
    do

2718-
2718+
2719
      v7 = *(_DWORD *)v6;

2720-
2720+
2721
        v7 = *(_DWORD *)(v6 + 8);

2722-
2722+
2723
      result = a3 + *(_DWORD *)(v6 + 4);

2724-
2724+
2725
      {

2726-
2726+
2727
        *(_BYTE *)result++ = *(_BYTE *)v8;

2728-
2728+
2729
      v6 += 40;

2730-
2730+
2731
    }

2732-
2732+
2733
  }

2734-
2734+
2735
}

2736-
2736+
2737
int __usercall sub_13409<eax>(int a1<eax>, int a2, int a3, int a4)

2738-
2738+
2739
  unsigned int v4; // edi@1

2740-
2740+
2741
  char v6; // dl@4

2742-
2742+
2743
  int v8; // esi@5

2744-
2744+
2745
  unsigned int v11; // [sp+10h] [bp-8h]@1

2746-
2746+
2747
  v4 = 0;

2748-
2748+
2749
  if ( v11 )

2750-
2750+
2751
    v10 = *(_DWORD *)(a1 + 41);

2752-
2752+
2753
    while ( 1 )

2754-
2754+
2755
      if ( !sub_13CC0(a2, *(_DWORD *)v12) )

2756-
2756+
2757-
2757+
2758-
2758+
2759
        v5 = *(_BYTE *)a3 - *(_BYTE *)v7;

2760-
2760+
2761
        {

2762-
2762+
2763
          do

2764-
2764+
2765
            if ( !v6 )

2766-
2766+
2767
            ++v7;

2768-
2768+
2769
            v5 = *(_BYTE *)(v8 + v7) - *(_BYTE *)v7;

2770-
2770+
2771
          while ( *(_BYTE *)(v8 + v7) == *(_BYTE *)v7 );

2772-
2772+
2773
        if ( v5 >= 0 )

2774-
2774+
2775
          if ( v5 > 0 )

2776-
2776+
2777
          if ( !v5 )

2778-
2778+
2779
        }

2780-
2780+
2781
      v12 += 12;

2782-
2782+
2783
      if ( v4 >= v11 )

2784-
2784+
2785
    }

2786-
2786+
2787
  }

2788-
2788+
2789
  {

2790-
2790+
2791
    *(_DWORD *)a4 = 0;

2792-
2792+
2793
  return 0;

2794-
2794+
2795
//----- (0001356E) --------------------------------------------------------

2796-
2796+
2797
{

2798-
2798+
2799
  int v7; // eax@2

2800-
2800+
2801
  int result; // eax@5

2802-
2802+
2803
  int v11; // eax@9

2804-
2804+
2805
  if ( (signed int)v6 < 0 )

2806-
2806+
2807
    v7 = (unsigned __int16)v6;

2808-
2808+
2809
  }

2810-
2810+
2811
    return 4;

2812-
2812+
2813
  result = sub_13409(a2, a5, v8 + 2, a3);

2814-
2814+
2815
    return result;

2816-
2816+
2817
  {

2818-
2818+
2819
LABEL_9:

2820-
2820+
2821
    *(_DWORD *)a3 = v11;

2822-
2822+
2823
      return 0;

2824-
2824+
2825
  }

2826-
2826+
2827
}

2828-
2828+
2829
int __thiscall sub_1369C(void *this)

2830-
2830+
2831
  return (int)((char *)this - 4116659);

2832-
2832+
2833
//----- (000136F8) --------------------------------------------------------

2834-
2834+
2835
{

2836-
2836+
2837
  unsigned __int16 v5; // cx@4

2838-
2838+
2839
  int v7; // ecx@7

2840-
2840+
2841
  if ( *(_WORD *)a2 != 23117 || (v4 = a2 + *(_DWORD *)(a2 + 60), (*(_DWORD *)v4 ^ 0xF750F284) != -145705004) )

2842-
2842+
2843
  v5 = *(_WORD *)(v4 + 4);

2844-
2844+
2845
  {

2846-
2846+
2847
    {

2848-
2848+
2849
      *(_DWORD *)a1 = 0;

2850-
2850+
2851
LABEL_12:

2852-
2852+
2853
      *(_DWORD *)(v7 + 26) = *(_DWORD *)(v4 + 80);

2854-
2854+
2855
      v8 = *(_WORD *)(v4 + 6);

2856-
2856+
2857
      *(_DWORD *)(v7 + 4) = a3;

2858-
2858+
2859
      *(_DWORD *)(v7 + 8) = a2;

2860-
2860+
2861
    }

2862-
2862+
2863
  else

2864-
2864+
2865
    if ( 22531 == (v5 ^ 0xDE67) && (*(_WORD *)(v4 + 24) ^ 0x5A08) == 22531 && *(_WORD *)(v4 + 20) == 240 )

2866-
2866+
2867
      v7 = a1;

2868-
2868+
2869
      v6 = v4 + 136;

2870-
2870+
2871
    }

2872-
2872+
2873
  return 1;

2874-
2874+
2875
//----- (000138BE) --------------------------------------------------------

2876-
2876+
2877
{

2878-
2878+
2879
  result = sub_13B3A(a1, a2);

2880-
2880+
2881
    result = a2 + *(_DWORD *)(a1 + 8);

2882-
2882+
2883
}

2884-
2884+
2885
bool __cdecl sub_138DB(int a1, unsigned int a2, int a3, int a4)

2886-
2886+
2887
  int v4; // esi@1

2888-
2888+
2889
  unsigned int v6; // eax@3

2890-
2890+
2891-
2891+
2892-
2892+
2893
  v6 = *(_DWORD *)v4;

2894-
2894+
2895
  {

2896-
2896+
2897
      return 1;

2898-
2898+
2899
    *(_DWORD *)a4 = *(_DWORD *)(v4 + 4);

2900-
2900+
2901
  }

2902-
2902+
2903
  {

2904-
2904+
2905-
2905+
2906-
2906+
2907
  return result;

2908-
2908+
2909
//----- (0001392E) --------------------------------------------------------

2910-
2910+
2911
{

2912-
2912+
2913
  int v2; // edx@1

2914-
2914+
2915
  int v4; // esi@2

2916-
2916+
2917
  v3 = *(_BYTE *)a1;

2918-
2918+
2919
  {

2920-
2920+
2921
    ++v2;

2922-
2922+
2923
  }

2924-
2924+
2925
}

2926-
2926+
2927
signed int __usercall sub_13A4B<eax>(unsigned int a1<eax>, int a2, int a3, unsigned __int16 a4)

2928-
2928+
2929
  signed int v4; // eax@1

2930-
2930+
2931
  unsigned int v6; // eax@3

2932-
2932+
2933
  v5 = a1;

2934-
2934+
2935
  if ( !v4

2936-
2936+
2937
    || (v6 = *(_DWORD *)(v4 + 4 * a4), !v6)

2938-
2938+
2939-
2939+
2940-
2940+
2941
  return result;

2942-
2942+
2943
//----- (00013B3A) --------------------------------------------------------

2944-
2944+
2945
{

2946-
2946+
2947
  signed int result; // eax@2

2948-
2948+
2949
  int v5; // eax@6

2950-
2950+
2951
  unsigned int v7; // eax@8

2952-
2952+
2953
  unsigned __int16 v9; // [sp+4h] [bp-4h]@1

2954-
2954+
2955
  v9 = *(_WORD *)(a1 + 24);

2956-
2956+
2957
  {

2958-
2958+
2959
    if ( !*(_DWORD *)(a1 + 4) )

2960-
2960+
2961
    if ( *(_WORD *)(a1 + 24) <= 0u )

2962-
2962+
2963
    while ( 1 )

2964-
2964+
2965
      v5 = v2 + 40 * (unsigned __int16)v4;

2966-
2966+
2967
      if ( v6 >= *(_DWORD *)(v5 + 16) )

2968-
2968+
2969
      v7 = *(_DWORD *)(v5 + 12);

2970-
2970+
2971
      {

2972-
2972+
2973
          break;

2974-
2974+
2975-
2975+
2976-
2976+
2977
        goto LABEL_14;

2978-
2978+
2979
    v8 = *(_DWORD *)(40 * (unsigned __int16)v4 + v2 + 36);

2980-
2980+
2981
LABEL_14:

2982-
2982+
2983
    else

2984-
2984+
2985
      result = 1;

2986-
2986+
2987
  else

2988-
2988+
2989
    result = 0;

2990-
2990+
2991
  return result;

2992-
2992+
2993
//----- (00013BF1) --------------------------------------------------------

2994-
2994+
2995
{

2996-
2996+
2997
  int v6; // edi@1

2998-
2998+
2999
  int result; // eax@2

3000-
3000+
3001
  int v10; // ebx@4

3002-
3002+
3003
  v6 = a2 + 4;

3004-
3004+
3005
  v7 = a1 - 4;

3006-
3006+
3007
  if ( a1 >= 0xD )

3008-
3008+
3009
    if ( v6 <= (unsigned int)v5 )

3010-
3010+
3011
      do

3012-
3012+
3013
        v9 = v7 + v6 - 4;

3014-
3014+
3015
        if ( v6 > (unsigned int)v9 )

3016-
3016+
3017
LABEL_7:

3018-
3018+
3019
        }

3020-
3020+
3021
        {

3022-
3022+
3023
          {

3024-
3024+
3025
            if ( v10 > (unsigned int)v9 )

3026-
3026+
3027
          }

3028-
3028+
3029
        if ( !v10 || v10 - 4 > v11 )

3030-
3030+
3031
        if ( sub_13C66(a5, a4, v10 - 4, 0xDu) )

3032-
3032+
3033
        v7 = v7 + v6 - v10 - 1;

3034-
3034+
3035
      }

3036-
3036+
3037
    }

3038-
3038+
3039
  }

3040-
3040+
3041
  {

3042-
3042+
3043
  }

3044-
3044+
3045
}

3046-
3046+
3047
signed int __usercall sub_13C66<eax>(int a1<eax>, int a2<edx>, int a3<ecx>, unsigned int a4)

3048-
3048+
3049
  unsigned int v4; // edi@1

3050-
3050+
3051
  int v6; // esi@2

3052-
3052+
3053
  v4 = 0;

3054-
3054+
3055-
3055+
3056-
3056+
3057
    v6 = a2 - a1;

3058-
3058+
3059
    {

3060-
3060+
3061
      ++a1;

3062-
3062+
3063
        goto LABEL_5;

3064-
3064+
3065
    result = 0;

3066-
3066+
3067-
3067+
3068-
3068+
3069
LABEL_5:

3070-
3070+
3071
  }

3072-
3072+
3073
}

3074-
3074+
3075
int __cdecl sub_13C92(int a1, char a2, int a3)

3076-
3076+
3077
  int v3; // eax@2

3078-
3078+
3079
  v5 = a1;

3080-
3080+
3081
  {

3082-
3082+
3083
    if ( !v3 )

3084-
3084+
3085-
3085+
3086-
3086+
3087
  return v5;

3088-
3088+
3089
//----- (00013CC0) --------------------------------------------------------

3090-
3090+
3091
{

3092-
3092+
3093
  int v3; // eax@2

3094-
3094+
3095
  v2 = a1;

3096-
3096+
3097
  {

3098-
3098+
3099
    if ( (unsigned int)(v3 - 65) <= 0x19 )

3100-
3100+
3101
    v4 = *(_BYTE *)a2++;

3102-
3102+
3103
      v4 += 32;

3104-
3104+
3105
  while ( v3 && v3 == v4 );

3106-
3106+
3107
}

3108-
3108+
3109
signed int __usercall sub_13D8E<eax>(int a1<eax>, int a2, int a3, unsigned int a4, int (__cdecl *a5)(_DWORD, _DWORD, _DWORD))

3110-
3110+
3111-
3111+
3112-
3112+
3113
  int v7; // eax@5

3114-
3114+
3115
  v5 = 0;

3116-
3116+
3117
  {

3118-
3118+
3119
    while ( 1 )

3120-
3120+
3121-
3121+
3122-
3122+
3123
        if ( !(*(_DWORD *)(v6 + 28) & 0x2000000) )

3124-
3124+
3125
          v7 = *(_DWORD *)v6;

3126-
3126+
3127
            v7 = *(_DWORD *)(v6 + 8);

3128-
3128+
3129-
3129+
3130-
3130+
3131
      }

3132-
3132+
3133
      v6 += 40;

3134-
3134+
3135
        goto LABEL_9;

3136-
3136+
3137
    result = 1;

3138-
3138+
3139
  else

3140-
3140+
3141-
3141+
3142-
3142+
3143
  }

3144-
3144+
3145
}
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!