API tools faq
paste
Advertisement
Pr0nogo

Untitled

Pr0nogo
Dec 21st, 2020
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.00 KB | None | 0 0
raw download clone embed print report
  1. CPU Disasm
  2. Address Hex dump Command Comments
  3. 04FF5B20 /$ 83EC 10 SUB ESP,10
  4. 04FF5B23 |. 53 PUSH EBX
  5. 04FF5B24 |. 56 PUSH ESI
  6. 04FF5B25 |. 8B7424 1C MOV ESI,DWORD PTR SS:[ESP+1C]
  7. 04FF5B29 |. 57 PUSH EDI
  8. 04FF5B2A |. 85F6 TEST ESI,ESI
  9. 04FF5B2C |.- 0F84 35010000 JZ 04FF5C67
  10. 04FF5B32 |. A0 B8420005 MOV AL,BYTE PTR DS:[50042B8]
  11. 04FF5B37 |. 3C 01 CMP AL,1
  12. 04FF5B39 |.- 75 2B JNE SHORT 04FF5B66
  13. 04FF5B3B |. 8D4424 0C LEA EAX,[ESP+0C]
  14. 04FF5B3F |. 6A 0A PUSH 0A ; /Arg3 = 0A
  15. 04FF5B41 |. 50 PUSH EAX ; |Arg2
  16. 04FF5B42 |. 56 PUSH ESI ; |Arg1
  17. 04FF5B43 |. E8 C85E0000 CALL 04FFBA10 ; \smackw32.04FFBA10
  18. 04FF5B48 |. 83C4 0C ADD ESP,0C
  19. 04FF5B4B |. 8B3D 2C630005 MOV EDI,DWORD PTR DS:[<&KERNEL32.OutputD ; Jump to KERNELBASE.OutputDebugStringA
  20. 04FF5B51 |. 68 48440005 PUSH OFFSET 05004448 ; /String = "SmackClose: "
  21. 04FF5B56 |. FFD7 CALL EDI ; \KERNEL32.OutputDebugStringA
  22. 04FF5B58 |. 8D4424 0C LEA EAX,[ESP+0C]
  23. 04FF5B5C |. 50 PUSH EAX
  24. 04FF5B5D |. FFD7 CALL EDI
  25. 04FF5B5F |. 68 58440005 PUSH OFFSET 05004458 ; ASCII "
  26. "
  27. 04FF5B64 |. FFD7 CALL EDI
  28. 04FF5B66 |> 8B86 44040000 MOV EAX,DWORD PTR DS:[ESI+444]
  29. 04FF5B6C |. 83F8 FF CMP EAX,-1
  30. 04FF5B6F |.- 74 46 JE SHORT 04FF5BB7
  31. 04FF5B71 |. 8D9E 28040000 LEA EBX,[ESI+428]
  32. 04FF5B77 |. BF 07000000 MOV EDI,7
  33. 04FF5B7C |> 8B03 /MOV EAX,DWORD PTR DS:[EBX]
  34. 04FF5B7E |. 85C0 |TEST EAX,EAX
  35. 04FF5B80 |.- 74 25 |JZ SHORT 04FF5BA7
  36. 04FF5B82 |. 50 |PUSH EAX ; /Arg1
  37. 04FF5B83 |. FF15 845E0005 |CALL DWORD PTR DS:[5005E84] ; \smackw32.04FF9B90
  38. 04FF5B89 |. 8B03 |MOV EAX,DWORD PTR DS:[EBX]
  39. 04FF5B8B |. 8B08 |MOV ECX,DWORD PTR DS:[EAX]
  40. 04FF5B8D |. 51 |PUSH ECX ; /Arg1
  41. 04FF5B8E |. E8 ADB4FFFF |CALL _radfree@4 ; \smackw32._radfree@4
  42. 04FF5B93 |. 8B0B |MOV ECX,DWORD PTR DS:[EBX]
  43. 04FF5B95 |. 51 |PUSH ECX ; /Arg1
  44. 04FF5B96 |. E8 A5B4FFFF |CALL _radfree@4 ; \smackw32._radfree@4
  45. 04FF5B9B |. C703 00000000 |MOV DWORD PTR DS:[EBX],0
  46. 04FF5BA1 |. FF0D 98420005 |DEC DWORD PTR DS:[5004298]
  47. 04FF5BA7 |> 83C3 04 |ADD EBX,4
  48. 04FF5BAA |. 4F |DEC EDI
  49. 04FF5BAB |.- 75 CF \JNZ SHORT 04FF5B7C
  50. 04FF5BAD |. C786 44040000 MOV DWORD PTR DS:[ESI+444],-1
  51. 04FF5BB7 |> A1 98420005 MOV EAX,DWORD PTR DS:[5004298]
  52. 04FF5BBC |. 85C0 TEST EAX,EAX
  53. 04FF5BBE |.- 75 19 JNZ SHORT 04FF5BD9
  54. 04FF5BC0 |. A1 9C420005 MOV EAX,DWORD PTR DS:[500429C]
  55. 04FF5BC5 |. 85C0 TEST EAX,EAX
  56. 04FF5BC7 |.- 74 10 JZ SHORT 04FF5BD9
  57. 04FF5BC9 |. 50 PUSH EAX ; /Arg1
  58. 04FF5BCA |. E8 71B4FFFF CALL _radfree@4 ; \smackw32._radfree@4
  59. 04FF5BCF |. C705 9C420005 MOV DWORD PTR DS:[500429C],0
  60. 04FF5BD9 |> 8B86 B0030000 MOV EAX,DWORD PTR DS:[ESI+3B0]
  61. 04FF5BDF |. 83F8 FF CMP EAX,-1
  62. 04FF5BE2 |.- 74 12 JE SHORT 04FF5BF6
  63. 04FF5BE4 |. 8B8E 90030000 MOV ECX,DWORD PTR DS:[ESI+390]
  64. 04FF5BEA |. F6C5 10 TEST CH,10
  65. 04FF5BED |.- 75 07 JNZ SHORT 04FF5BF6
  66. 04FF5BEF |. 50 PUSH EAX ; /hObject
  67. 04FF5BF0 |. FF15 A0620005 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl ; \KERNEL32.CloseHandle
  68. 04FF5BF6 |> 8B86 BC030000 MOV EAX,DWORD PTR DS:[ESI+3BC]
  69. 04FF5BFC |. 85C0 TEST EAX,EAX
  70. 04FF5BFE |.- 74 06 JZ SHORT 04FF5C06
  71. 04FF5C00 |. 50 PUSH EAX ; /Arg1
  72. 04FF5C01 |. E8 3AB4FFFF CALL _radfree@4 ; \smackw32._radfree@4
  73. 04FF5C06 |> 8B86 B8030000 MOV EAX,DWORD PTR DS:[ESI+3B8]
  74. 04FF5C0C |. 85C0 TEST EAX,EAX
  75. 04FF5C0E |.- 74 06 JZ SHORT 04FF5C16
  76. 04FF5C10 |. 50 PUSH EAX ; /Arg1
  77. 04FF5C11 |. E8 2AB4FFFF CALL _radfree@4 ; \smackw32._radfree@4
  78. 04FF5C16 |> 8B86 E0030000 MOV EAX,DWORD PTR DS:[ESI+3E0]
  79. 04FF5C1C |. 85C0 TEST EAX,EAX
  80. 04FF5C1E |.- 74 06 JZ SHORT 04FF5C26
  81. 04FF5C20 |. 50 PUSH EAX ; /Arg1
  82. 04FF5C21 |. E8 1AB4FFFF CALL _radfree@4 ; \smackw32._radfree@4
  83. 04FF5C26 |> 8B86 D0030000 MOV EAX,DWORD PTR DS:[ESI+3D0]
  84. 04FF5C2C |. 85C0 TEST EAX,EAX
  85. 04FF5C2E |.- 74 06 JZ SHORT 04FF5C36
  86. 04FF5C30 |. 50 PUSH EAX ; /Arg1
  87. 04FF5C31 |. E8 0AB4FFFF CALL _radfree@4 ; \smackw32._radfree@4
  88. 04FF5C36 |> 8B86 50040000 MOV EAX,DWORD PTR DS:[ESI+450]
  89. 04FF5C3C |. 85C0 TEST EAX,EAX
  90. 04FF5C3E |.- 74 06 JZ SHORT 04FF5C46
  91. 04FF5C40 |. 50 PUSH EAX ; /Arg1
  92. 04FF5C41 |. E8 FAB3FFFF CALL _radfree@4 ; \smackw32._radfree@4
  93. 04FF5C46 |> 8B86 90030000 MOV EAX,DWORD PTR DS:[ESI+390]
  94. 04FF5C4C |. 8BFE MOV EDI,ESI
  95. 04FF5C4E |. B9 44010000 MOV ECX,144
  96. 04FF5C53 |. A9 00000002 TEST EAX,02000000
  97. 04FF5C58 |. B8 00000000 MOV EAX,0
  98. 04FF5C5D |. F3:AB REP STOS DWORD PTR ES:[EDI]
  99. 04FF5C5F |.- 75 06 JNZ SHORT 04FF5C67
  100. 04FF5C61 |. 56 PUSH ESI ; /Arg1
  101. 04FF5C62 |. E8 D9B3FFFF CALL _radfree@4 ; \smackw32._radfree@4
  102. 04FF5C67 |> 5F POP EDI
  103. 04FF5C68 |. 5E POP ESI
  104. 04FF5C69 |. 5B POP EBX
  105. 04FF5C6A |. 83C4 10 ADD ESP,10
  106. 04FF5C6D \. C2 0400 RETN 4
  107.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!