PCShrink 0.71 部分原始碼(帶Packer)
這個東西對資源處理太棒了.正在還原它的原始碼...
請問IDA怎麼自定義常量?還有assume什麼的?
這裡是部分原始碼,也許脫殼有用吧...
都弄好以後會發布帶資源的Full Source包:D
程式碼:--------------------------------------------------------------------------------
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+" TO EXPAND]
;
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
; ※ This file is generated by The Interactive Disassembler (IDA) ※
; ※ Copyright (c) 2003 by DataRescue sa/nv, <ida@datarescue.com> ※
; ※ [iNTERNAL RELEASE] ※
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
;
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
; File Name : E:\Documents and Settings\Star\桌面\pcsnk071\PCSHRINK.EXE.unpacked_.exe
; Format : Portable executable for IBM PC (PE)
; Section 1. (virtual address 00001000)
; Virtual size : 00004000 ( 16384.)
; Section size in file : 00004000 ( 16384.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : 16 bytes ?
model flat
; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
pcs1 segment para public 'CODE' use32
assume cs:pcs1
;org 401000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
call GetProcessHeap
mov ds:hHeap, eax
call GetCommandLineA
or eax, eax
jz short start
xchg eax, esi
loc_401014: ; CODE XREF: pcs1:00401035j
cmp byte ptr [esi], 0
jz short start
shl eax, 8
lodsb
cmp eax, 72696E6Bh
jnz short loc_401029
cmp byte ptr [esi], 2Eh
jnz short loc_401037
loc_401029: ; CODE XREF: pcs1:00401022j
cmp eax, 2E657865h
jz short loc_401037
cmp eax, 2E455845h
jnz short loc_401014
loc_401037: ; CODE XREF: pcs1:00401027j
; pcs1:0040102Ej ...
lodsb
cmp al, 20h
jz short loc_401037
cmp al, 22h
jz short loc_401037
dec esi
push esi
push offset szBuffer
call lstrcpy
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
public start
start proc near ; CODE XREF: pcs1:00401011j
; pcs1:00401017j
push 0 ; lpModuleName
call GetModuleHandleA
mov ds:hInstance, eax
push 0 ; dwInitParam
push offset DialogFunc ; lpDialogFunc
push 0 ; hWndParent
push 65h ; lpTemplateName
push eax ; hInstance
call DialogBoxParamA
push eax ; uExitCode
call ExitProcess
; DWORD __stdcall MyThread(LPVOID)
MyThread: ; DATA XREF: pcs1:00401205o
mov ds:lpFileName, offset szBuffer
cmp ds:BackupFile, 1
jnz short @SkipBackupFile
push ds:lpFileName
call MakeBackup
@SkipBackupFile: ; CODE XREF: start+34j
push ds:lpFileName
push offset szCompressOK ; "Successfully compressed!\r\n Installed on"...
call lstrcat
call CompressPE
cmp ds:CompressResult, 0FCh
jz short @Exit
cmp ds:CompressResult, 0FFh
jz short @CompressError
push offset aCompressedObje ; "\r\n Compressed objects: "
push offset szCompressOK ; "Successfully compressed!\r\n Installed on"...
call lstrcat
push offset aOriginalSize ; "\r\nOriginal size: "
push offset szCompressOK ; "Successfully compressed!\r\n Installed on"...
call lstrcat
push 0 ; uType
push offset szCaption ; lpCaption
push offset szCompressOK ; lpText
push 0 ; hWnd
call MessageBoxA
xor eax, eax
jmp short @Exit
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@CompressError: ; CODE XREF: start+66j
push ds:lpFileName
push offset szCompressError ; "There was an error compressing the file"...
call lstrcat
push 30h ; uType
push offset szCaption ; lpCaption
push offset szCompressError ; lpText
push 0 ; hWnd
call MessageBoxA
mov eax, 2
@Exit: ; CODE XREF: start+5Dj start+9Bj
push 0 ; lParam
push 0 ; wParam
push WM_CLOSE ; Msg
push ds:hWnd ; hWnd
call SendMessageA
push 0 ; dwExitCode
call ExitThread ; 退出執行緒
retn
start endp ; sp = -4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
; Attributes: bp-based frame
; BOOL __stdcall DialogFunc(HWND,UINT,WPARAM,LPARAM)
DialogFunc proc near ; DATA XREF: start+Eo
hWnd = dword ptr 8
Msg = dword ptr 0Ch
wParam = dword ptr 10h
enter 0, 0
DialogFunc endp
push ebx
push edi
push esi
mov eax, [ebp+8]
mov ds:hWnd, eax
cmp dword ptr [ebp+0Ch], WM_COMMAND
jz short @Command
cmp dword ptr [ebp+0Ch], WM_CLOSE
jz @Close
cmp dword ptr [ebp+0Ch], WM_INITDIALOG
jz @InitDialog
@UnknownMsg: ; CODE XREF: pcs1:00401243j
; pcs1:00401334j
xor eax, eax
pop esi
pop edi
pop ebx
leave
retn 10h
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@Command: ; CODE XREF: pcs1:00401140j
cmp dword ptr [ebp+10h], 1
jnz @NotOK
push 0
push ds:hOK
call EnableWindow
push 0
push ds:hBrowse
call EnableWindow
pusha
call ProcessCheckBoxes
popa
push 0FFh
push offset szBuffer
push 1000
push ds:hWnd
call GetDlgItemTextA
push 1004
push ds:hWnd
call IsDlgButtonChecked
mov ds:RestructureResourceData, eax
push 1005
push ds:hWnd
call IsDlgButtonChecked
mov ds:SectionMerging, eax
push 1012
push ds:hWnd
call IsDlgButtonChecked
mov ds:BackupFile, eax
push 1026
push ds:hWnd
call IsDlgButtonChecked
mov ds:CompressExportTable, eax
pusha
push offset ThreadId
push 0
push 0
push offset MyThread
push 0
push 0
call CreateThread
popa
jmp short @Return
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@NotOK: ; CODE XREF: pcs1:00401166j
cmp dword ptr [ebp+10h], 1003
jz @Browse
cmp dword ptr [ebp+10h], 2
jz short @Close
cmp dword ptr [ebp+10h], 1009
jz @virogen_cjb_net
cmp dword ptr [ebp+10h], 1008
jz @phrozencrew_com
jmp @UnknownMsg
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@Return: ; CODE XREF: pcs1:00401214j
; pcs1:00401351j ...
mov eax, 1
pop esi
pop edi
pop ebx
leave
retn 10h
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@Close: ; CODE XREF: pcs1:00401146j
; pcs1:00401227j
push 0 ; nExitCode
call PostQuitMessage
pop esi
pop edi
pop ebx
leave
retn 10h
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@InitDialog: ; CODE XREF: pcs1:00401153j
push 80h ; lpIconName
push ds:hInstance ; hInstance
call LoadIconA
push eax
push eax ; lParam
push 0 ; wParam
push WM_SETICON ; Msg
push ds:hWnd ; hWnd
call SendMessageA
pop eax
push eax ; lParam
push 1 ; wParam
push WM_SETICON ; Msg
push ds:hWnd ; hWnd
call SendMessageA
push offset szBuffer ; lpString
push 1000 ; nIDDlgItem
push ds:hWnd ; hDlg
call SetDlgItemTextA
push ds:RestructureResourceData ; uCheck
push 1004 ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
push ds:SectionMerging ; uCheck
push 3EDh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
push ds:BackupFile ; uCheck
push 1012 ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
push 1011 ; nIDDlgItem
push ds:hWnd ; hDlg
call GetDlgItem
mov ds:hProgress, eax
push 1 ; &OK
push ds:hWnd ; hDlg
call GetDlgItem
mov ds:hOK, eax
push 1003 ; &Browse
push ds:hWnd ; hDlg
call GetDlgItem
mov ds:hBrowse, eax
pusha
call _CheckDlgButton
popa
jmp @UnknownMsg
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@virogen_cjb_net: ; CODE XREF: pcs1:00401230j
push 0
push 0
push 0
push offset szWeb1 ; "http://virogen.cjb.net"
push 0
push ds:hWnd
call ShellExecuteA
jmp @Return
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@phrozencrew_com: ; CODE XREF: pcs1:0040123Dj
push 0
push 0
push 0
push offset szWeb2 ; "http://www.phrozencrew.com"
push 0
push ds:hWnd
call ShellExecuteA
jmp @Return
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@Browse: ; CODE XREF: pcs1:0040121Dj
mov eax, ds:hWnd
mov ds:ofn.hwndOwner, eax
mov ds:ofn.lpstrFilter, offset aPeExeFiles ; "PE EXE files"
mov ds:ofn.lpstrFile, offset szBuffer
mov ds:ofn.lStructSize, 4Ch
mov ds:ofn.nMaxFile, 0FFh
mov ds:ofn.Flags, 4
push offset ofn
call GetOpenFileNameA
or eax, eax
jz short @NoSelectFile
push offset szBuffer
push 1000
push ds:hWnd
call SetDlgItemTextA
@NoSelectFile: ; CODE XREF: pcs1:004013BBj
jmp @Return
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_4013D7 proc near ; CODE XREF: sub_4013D7+5Fp
; CompressPE+1D0p
pop eax
pop esi
push eax
or esi, esi
jz short loc_401452
movzx ecx, word ptr [esi+0Ch]
add cx, [esi+0Eh]
add esi, 10h
or ecx, ecx
jz short loc_401452
loc_4013ED: ; CODE XREF: sub_4013D7+6Ej
mov ebx, [esi+4]
test ebx, 80000000h
jz short loc_401449
cmp ds:dword_4037E3, 0
jnz short @GetProcAddress ; 去掉高位
pusha
push dword ptr [esi]
call sub_402291
popa
jnb short loc_401418
mov ds:ha_buzhidao, 0
jmp short @GetProcAddress ; 去掉高位
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401418: ; CODE XREF: sub_4013D7+33j
mov ds:ha_buzhidao, 1
@GetProcAddress: ; CODE XREF: sub_4013D7+28j
; sub_4013D7+3Fj
and ebx, 7FFFFFFFh ; 去掉高位
add ebx, ds:dword_4037B7
pusha
inc ds:dword_4037E3
push ebx
call sub_4013D7
dec ds:dword_4037E3
popa
loc_401442: ; CODE XREF: sub_4013D7+79j
add esi, 8
loop loc_4013ED
jmp short loc_401452
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401449: ; CODE XREF: sub_4013D7+1Fj
pusha
call sub_401458
popa
jmp short loc_401442
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401452: ; CODE XREF: sub_4013D7+5j
; sub_4013D7+14j ...
mov eax, ds:dword_403C69
retn
sub_4013D7 endp ; sp = 4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401458 proc near ; CODE XREF: sub_4013D7+73p
and ebx, 7FFFFFFFh
add ebx, ds:dword_4037B7
mov esi, ebx
cmp ds:ha_buzhidao, 1
jz short loc_40147E
mov edx, ds:dword_4037CB
add ds:dword_4037CB, 8
jmp short loc_40148B
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_40147E: ; CODE XREF: sub_401458+15j
mov edx, ds:dword_4037D7
add ds:dword_4037D7, 8
loc_40148B: ; CODE XREF: sub_401458+24j
mov [edx], esi
mov ecx, [esi+4]
push ebx
push ecx
push edx
push esi
push edi
push ebp
push ecx ; dwBytes
push 8 ; dwFlags
push ds:hHeap ; hHeap
call HeapAlloc
pop ebp
pop edi
pop esi
pop edx
pop ecx
pop ebx
mov [edx+4], eax
push eax
mov ebx, [esi]
call sub_401FC6
add ebx, ds:lpBaseAddress
pop edi
mov ecx, [esi+4]
mov esi, ebx
rep movsb
sub ebx, ds:dword_4037B7
retn
sub_401458 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
AllocMemInHeap proc near ; CODE XREF: CompressPE+1CAp
push 1F40h ; dwBytes
push 8 ; dwFlags
push ds:hHeap ; hHeap
call HeapAlloc
mov ds:dword_4037D3, eax
mov ds:dword_4037D7, eax
push 1F40h ; dwBytes
push 8 ; dwFlags
push ds:hHeap ; hHeap
call HeapAlloc
mov ds:BufferInHeap, eax
mov ds:dword_4037CB, eax
retn
AllocMemInHeap endp
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
push ds:BufferInHeap
push 0
push ds:hHeap
call HeapFree
push ds:BufferInHeap
push 0
push ds:hHeap
call HeapFree
retn
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_40152A proc near ; CODE XREF: CompressPE+1DEp
push ebx
push ecx
push edx
push esi
push edi
push ds:dword_4037D3
call sub_401552
push eax
push ds:BufferInHeap
call sub_401552
pop ebx
cmp ebx, eax
ja short loc_40154C
xchg eax, ebx
loc_40154C: ; CODE XREF: sub_40152A+1Fj
pop edi
pop esi
pop edx
pop ecx
pop ebx
retn
sub_40152A endp ; sp = -8
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401552 proc near ; CODE XREF: sub_40152A+Bp
; sub_40152A+17p
pop eax
pop esi
push eax
mov edx, 0FFFFFFFFh
loc_40155A: ; CODE XREF: sub_401552+1Dj
mov eax, [esi]
or eax, eax
jz short loc_401571
mov ebx, [eax]
or ebx, ebx
jz short loc_40156C
cmp ebx, edx
jnb short loc_40156C
mov edx, ebx
loc_40156C: ; CODE XREF: sub_401552+12j
; sub_401552+16j
add esi, 8
jmp short loc_40155A
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401571: ; CODE XREF: sub_401552+Cj
xchg eax, edx
retn
sub_401552 endp ; sp = 4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401573 proc near ; CODE XREF: CompressPE+202p
push ebx
push ecx
push edx
push esi
push edi
push ds:BufferInHeap
call sub_401589
pop edi
pop esi
pop edx
pop ecx
pop ebx
retn
sub_401573 endp ; sp = -4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401589 proc near ; CODE XREF: sub_401573+Bp
pop eax
pop esi
push eax
xor edx, edx
loc_40158E: ; CODE XREF: sub_401589+19j
mov eax, [esi]
or eax, eax
jz short loc_4015A4
mov ebx, [eax]
add ebx, [eax+4]
cmp ebx, edx
jbe short loc_40159F
mov edx, ebx
loc_40159F: ; CODE XREF: sub_401589+12j
add esi, 8
jmp short loc_40158E
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_4015A4: ; CODE XREF: sub_401589+9j
xchg eax, edx
retn
sub_401589 endp ; sp = 4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_4015A6 proc near ; CODE XREF: CompressPE+1F0p
pop eax
pop edi
push eax
push ds:BufferInHeap
push edi
call sub_4015C4
push eax
push ds:dword_4037D3
push eax
call sub_4015C4
pop eax
retn
sub_4015A6 endp ; sp = -0Ch
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_4015C4 proc near ; CODE XREF: sub_4015A6+Ap
; sub_4015A6+17p
pop eax
pop edi
pop edx
push eax
loc_4015C8: ; CODE XREF: sub_4015C4+2Aj
mov eax, [edx]
or eax, eax
jz short loc_4015F0
mov ebx, [eax]
mov ebx, edi
sub ebx, ds:lpBaseAddress
push eax
push edx
call sub_401FF1
pop edx
pop eax
mov [eax], ebx
mov esi, [edx+4]
mov ecx, [eax+4]
rep movsb
add edx, 8
jmp short loc_4015C8
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_4015F0: ; CODE XREF: sub_4015C4+8j
mov eax, edi
retn
sub_4015C4 endp ; sp = 8
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_4015F3 proc near ; CODE XREF: sub_401E09+59p
pop eax
pop esi
pop edi
push eax
mov edx, [esi+0A0h]
or edx, edx
jz short locret_40164C
movzx ecx, word ptr [esi+6]
loc_401605: ; CODE XREF: sub_4015F3+1Aj
cmp [edi+0Ch], edx
jz short loc_401611
add edi, 28h
loop loc_401605
jmp short locret_40164C
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401611: ; CODE XREF: sub_4015F3+15j
cmp ecx, 1
jnz short loc_401625
dec word ptr [esi+6]
pusha
xor eax, eax
mov ecx, 28h
rep stosb
popa
loc_401625: ; CODE XREF: sub_4015F3+21j
mov dword ptr [edi+10h], 0
mov dword ptr [esi+0A0h], 0
mov dword ptr [esi+0A4h], 0
mov ax, [esi+16h]
or ax, 1
mov [esi+16h], ax
locret_40164C: ; CODE XREF: sub_4015F3+Cj
; sub_4015F3+1Cj
retn
sub_4015F3 endp ; sp = 8
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_40164D proc near ; CODE XREF: CompressPE+35Fp
; CompressPE+37Bp
push ebx
mov ebx, ds:dword_40388F
mov ds:dword_40383F[ebx], 1
mov ds:dword_403867[ebx], eax
pop ebx
retn
sub_40164D endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
CompressPE proc near ; CODE XREF: start+51p
push ds:lpFileName ; lpFileName
call GetFileAttributesA
mov ds:dwFileAttributes, eax
cmp eax, 0FFFFFFFFh
jnz short loc_40167C
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_40167C: ; CODE XREF: CompressPE+13j
push 20h ; dwFileAttributes
push ds:lpFileName ; lpFileName
call SetFileAttributesA
mov esi, ds:lpFileName
call MyOpenFile
call sub_401DBE
jnb short loc_40169C
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_40169C: ; CODE XREF: CompressPE+33j
mov ds:hFile, eax
mov eax, ds:hFile
push eax
call sub_401E09
pop eax
push offset LastWriteTime ; lpLastWriteTime
push offset LastAccessTime ; lpLastAccessTime
push offset CreationTime ; lpCreationTime
push eax ; hFile
call GetFileTime
xor ecx, ecx ; dwBytes
call sub_401D60
jb @InvalidPE
cmp word ptr [eax], 'ZM'
jnz @InvalidPE
call GetPEHeader
push 2 ; ucb
push esi ; lp
call IsBadReadPtr
or eax, eax
jnz @InvalidPE
cmp word ptr [esi], 'EP'
jnz @InvalidPE
cmp dword ptr [esi+0Ch], 90909090h
jnz short loc_401722
push 10h ; uType
push offset szCaption ; lpCaption
push offset aFileAppearsToA ; lpText
push 0 ; hWnd
call MessageBoxA
mov ds:CompressResult, 0FCh
jmp @InvalidPE
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401722: ; CODE XREF: CompressPE+9Bj
call FreeFile
mov ecx, 1000h ; dwBytes
call sub_401D60
jb @InvalidPE
call GetPEHeader
mov dword ptr [esi+0Ch], 90909090h
movzx eax, word ptr [esi+6]
mov ds:dword_4037BB, eax
mov eax, [esi+34h]
mov ds:@ImageBase, eax
mov eax, [esi+0C0h]
mov ds:dword_4038C4, eax
cmp ds:CompressExportTable, 1
jz short @SkipCompressExportTable
mov eax, [esi+78h]
mov ds:dword_40379F, eax
@SkipCompressExportTable: ; CODE XREF: CompressPE+100j
movzx eax, word ptr [esi+14h]
add eax, 18h
add eax, esi
mov ds:dword_40378E, eax
mov ebx, [esi+0D8h]
or ebx, ebx
jz short loc_40179F
call sub_401FC6
add ebx, ds:lpBaseAddress
mov ecx, [esi+0DCh] ; dwBytes
mov edi, ebx
xor eax, eax
rep stosb
loc_40179F: ; CODE XREF: CompressPE+120j
mov ebx, [esi+0A8h]
or ebx, ebx
jz short loc_4017BF
call sub_401FC6
add ebx, ds:lpBaseAddress
mov ecx, [esi+0ACh] ; dwBytes
mov edi, ebx
xor eax, eax
stosb
loc_4017BF: ; CODE XREF: CompressPE+141j
mov dword ptr [esi+0D8h], 0
mov dword ptr [esi+0DCh], 0
mov dword ptr [esi+0D0h], 0
mov dword ptr [esi+0D4h], 0
mov dword ptr [esi+0A8h], 0
mov dword ptr [esi+0ACh], 0
mov eax, [esi+3Ch]
mov ds:dword_4037A3, eax
push esi
mov ebx, [esi+88h]
mov eax, [esi+8Ch]
or ebx, ebx
jz short loc_401872
mov ds:dword_4037B3, eax
mov ds:dword_403C6D, ebx
call sub_401FC6
add ebx, ds:lpBaseAddress
mov ds:dword_4037B7, ebx
call AllocMemInHeap
push ebx
call sub_4013D7
cmp ds:RestructureResourceData, 1
jnz short loc_401868
call sub_40152A
xchg eax, ebx
call sub_401FC6
add ebx, ds:lpBaseAddress
push ebx
call sub_4015A6
sub eax, ds:dword_4037B7
mov ds:dword_403C69, eax
jmp short loc_401872
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401868: ; CODE XREF: CompressPE+1DCj
call sub_401573
mov ds:dword_403C69, eax
loc_401872: ; CODE XREF: CompressPE+1ACj
; CompressPE+200j
mov ebx, ds:dword_4037B3
cmp eax, ebx
jnb short loc_401886
sub ebx, eax
cmp ebx, 200h
jnb short loc_401890
loc_401886: ; CODE XREF: CompressPE+214j
mov ds:dword_40389B, 0
loc_401890: ; CODE XREF: CompressPE+21Ej
cmp ds:SectionMerging, 0
jz short loc_4018B3
push offset byte_403CC9
push ds:dword_40378E
call sub_402050
push offset byte_403CC9
call sub_402222
loc_4018B3: ; CODE XREF: CompressPE+231j
pop esi
mov eax, ds:dword_4037BB
mov [esi+6], eax
push esi
mov eax, ds:dword_40378E
mov edi, offset byte_403C71
xor ecx, ecx ; dwBytes
mov cx, [esi+6] ; dwBytes
loc_4018CD: ; CODE XREF: CompressPE+405j
mov ds:dword_4037BF, 0
cmp edi, offset dword_403CC1
jz loc_401A42
mov ds:dword_4037AF, 0
mov ebx, ds:dword_403C6D
cmp [eax+0Ch], ebx
jnz short loc_40191B
cmp ds:dword_40389B, 1
jnz loc_401A42
mov ebx, ds:@ImageBase
add ds:dword_403C6D, ebx
mov ds:dword_4037AF, 1
loc_40191B: ; CODE XREF: CompressPE+290j
call sub_401CF4
jb loc_401A42
pusha
push offset szLineEnd ; "\r\n\t\t"
push offset aCompressedObje ; "\r\n Compressed objects: "
call lstrcat
popa
pusha
push offset szSectionName ; "pcs0"
push offset aCompressedObje ; "\r\n Compressed objects: "
call lstrcat
popa
push eax
push ecx
mov ebx, [eax+24h]
or ebx, 80000000h
mov [eax+24h], ebx
mov ebx, [eax+0Ch]
add ebx, ds:@ImageBase
mov [edi], ebx
push edi
mov esi, [eax+14h]
add esi, ds:lpBaseAddress
mov edi, esi
push eax
mov ecx, [eax+8] ; dwBytes
mov edx, [eax+10h]
cmp ecx, edx
jbe short loc_40197A
mov ecx, edx ; dwBytes
loc_40197A: ; CODE XREF: CompressPE+310j
pusha
xchg ecx, edx
mov ds:byte_403604, 9
mov edi, offset dword_403605
call sub_401F9E
push offset byte_403604
push offset aCompressedObje ; "\r\n Compressed objects: "
call lstrcat
popa
cmp ds:dword_4037AF, 1
jnz short loc_4019D7
sub ecx, ds:dword_403C69
add esi, ds:dword_403C69
mov edi, esi
call CompressIt
add eax, ds:dword_403C69
mov ds:dword_4037BF, eax
call sub_40164D
push eax
call GetMaxPath
mov ds:dword_4037B3, eax
jmp short loc_4019EC
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_4019D7: ; CODE XREF: CompressPE+33Fj
call CompressIt
mov ds:dword_4037BF, eax
call sub_40164D
push eax
call GetMaxPath
loc_4019EC: ; CODE XREF: CompressPE+36Fj
pusha
mov edx, ds:dword_4037AB
mov ds:byte_403604, 20h
mov edi, offset dword_403605
call sub_401F9E
push offset asc_40370D ; " -> "
push offset aCompressedObje ; "\r\n Compressed objects: "
call lstrcat
push offset byte_403604
push offset aCompressedObje ; "\r\n Compressed objects: "
call lstrcat
popa
pop ecx
pop edx
mov ebx, [edx+10h]
cmp ebx, ds:dword_403A50
jbe short loc_401A36
mov ds:dword_403A50, ebx
loc_401A36: ; CODE XREF: CompressPE+3C8j
pop edi
mov [edx+10h], eax
mov [edi+4], ecx
add edi, 8
pop ecx
pop eax
loc_401A42: ; CODE XREF: CompressPE+277j
; CompressPE+299j ...
mov ebx, dword ptr ds:szSectionName ; "pcs0"
bswap ebx
inc bl
bswap ebx
mov [eax], ebx
mov dword ptr ds:szSectionName, ebx ; "pcs0"
mov dword ptr [eax+4], 0
add eax, 28h
add ds:dword_40388F, 4
loop loc_401A6B
jmp short loc_401A70
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401A6B: ; CODE XREF: CompressPE+401j
jmp loc_4018CD
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401A70: ; CODE XREF: CompressPE+403j
pop esi
sub eax, 28h
mov edi, eax
mov eax, [edi+14h]
mov ds:dword_403792, eax
mov ecx, [edi+10h]
mov ds:dword_403796, ecx
mov eax, [edi+8]
mov ds:dword_40379A, eax
cmp eax, ecx
jnb short loc_401A95
mov eax, ecx
loc_401A95: ; CODE XREF: CompressPE+42Bj
add eax, 5425h
mov [edi+8], eax
cmp ds:dword_4037BF, 0
jnz short loc_401ABF
mov ecx, ds:dword_403796
mov eax, ds:dword_40379A
cmp eax, ecx
jbe short loc_401AC4
mov eax, ecx
mov ds:dword_40379A, ecx
jmp short loc_401AC4
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401ABF: ; CODE XREF: CompressPE+43Ej
mov eax, ds:dword_4037BF
loc_401AC4: ; CODE XREF: CompressPE+44Dj
; CompressPE+457j
mov ds:dword_4037C3, eax
push eax
add eax, 425h
mov ds:dword_4037E7, eax
call GetMaxPath
mov [edi+10h], eax
mov ecx, [esi+38h]
mov eax, [edi+8]
add eax, [edi+0Ch]
call sub_401DE7
mov [esi+50h], eax
add ds:dword_403A50, 425h
pop eax
mov dword ptr [edi+24h], 0E0000020h
add eax, [edi+0Ch]
mov ebx, [esi+28h]
mov [esi+28h], eax
push eax
add eax, ds:@ImageBase
sub eax, offset @LoaderStart
mov dword ptr ds:loc_403946+1, eax
pop eax
pusha
add eax, 114h
add ds:dword_403A58, eax
add ds:dword_403A64, eax
add ds:dword_403A68, eax
add ds:_LoadLibraryA, eax
add ds:_GetProcAddress, eax
add ds:_GlobalAlloc, eax
add ds:_ExitProcess, eax
mov ecx, [esi+80h]
mov ds:@ImportTableRVA, ecx
mov [esi+80h], eax
mov dword ptr [esi+84h], 85h
popa
add ebx, ds:@ImageBase
mov dword ptr ds:@SetOEP+1, ebx
push esi
call sub_402185
mov ecx, 425h
mov edi, ds:lpBaseAddress
add edi, ds:dword_4037C3
add edi, ds:dword_403792
mov esi, offset @LoaderStart
rep movsb
pop esi
mov eax, ds:dword_4037E7
push eax
call GetMaxPath
pop ecx
xchg eax, ecx
sub ecx, eax
xor eax, eax
rep stosb
call FreeFile
mov ds:CompressResult, 0
jmp short loc_401BBE
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@InvalidPE: ; CODE XREF: CompressPE+63j
; CompressPE+6Ej ...
call FreeFile
loc_401BBE: ; CODE XREF: CompressPE+551j
push offset LastWriteTime ; lpLastWriteTime
push offset LastAccessTime ; lpLastAccessTime
push offset CreationTime ; lpCreationTime
push ds:hFile ; hFile
call SetFileTime
mov edx, ds:dword_40375E
mov edi, offset dword_403473
call sub_401F9E
cmp ds:CompressResult, 0
jnz short loc_401BFB
mov eax, ds:hFile
call sub_401E09
loc_401BFB: ; CODE XREF: CompressPE+589j
mov edx, ds:dword_40375E
mov edi, offset dword_40348F
call sub_401F9E
push offset dword_403473
push offset aOriginalSize ; "\r\nOriginal size: "
call lstrcat
push offset aNewSize ; " New size : "
push offset aOriginalSize ; "\r\nOriginal size: "
call lstrcat
push offset dword_40348F
push offset aOriginalSize ; "\r\nOriginal size: "
call lstrcat
push ds:hFile ; hObject
call CloseHandle
push ds:dwFileAttributes ; dwFileAttributes
push ds:lpFileName ; lpFileName
call SetFileAttributesA
retn
CompressPE endp ; sp = 0Ch
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
; int __fastcall CompressIt(DWORD dwBytes)
CompressIt proc near ; CODE XREF: CompressPE+34Fp
; CompressPE+371p
push ecx
push esi
push ecx
push ecx ; dwBytes
push 8 ; dwFlags
push ds:hHeap ; hHeap
call HeapAlloc
mov ds:lpMem, eax
push 0A0000h ; dwBytes
push 8 ; dwFlags
push ds:hHeap ; hHeap
call HeapAlloc
mov ds:dword_4038A7, eax
pop ecx
cmp ecx, 50h
jbe short loc_401CC1
mov ds:dword_403786, esi
mov ds:dword_4038B3, ecx
push offset loc_40201C
push ds:dword_4038A7
push ecx
push ds:lpMem
push esi
call _aP_pack
mov ds:dword_4037AB, eax
or eax, eax
jz short loc_401CC1
pop edi
pop ecx
mov esi, ds:lpMem
rep movsb
jmp short @Clean
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401CC1: ; CODE XREF: CompressIt+31j
; CompressIt+5Ej
pop edi
pop ecx
mov ds:dword_4037AB, eax
@Clean: ; CODE XREF: CompressIt+6Aj
push ds:lpMem ; lpMem
push 0 ; dwFlags
push ds:hHeap ; hHeap
call HeapFree
push ds:dword_4038A7 ; lpMem
push 0 ; dwFlags
push ds:hHeap ; hHeap
call HeapFree
mov eax, ds:dword_4037AB
retn
CompressIt endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401CF4 proc near ; CODE XREF: CompressPE+2B5p
; sub_402050+Ep
push esi
cmp dword ptr [eax+14h], 0
jz short @SkipThisSection
cmp dword ptr [eax+10h], 0
jz short @SkipThisSection
cmp dword ptr [eax+8], 50h
jbe short @SkipThisSection
call sub_401D24
jb short @SkipThisSection
mov esi, offset szSkipedSectionName ; ".tls.relBSS"
loc_401D13: ; CODE XREF: sub_401CF4+28j
xchg eax, ebx
lodsd
xchg eax, ebx
cmp ebx, [eax]
jz short @SkipThisSection
or ebx, ebx
jnz short loc_401D13
pop esi
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@SkipThisSection: ; CODE XREF: sub_401CF4+5j
; sub_401CF4+Bj ...
pop esi
stc
retn
sub_401CF4 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401D24 proc near ; CODE XREF: sub_401CF4+13p
pusha
mov edx, ds:dword_4038C4
cmp [eax+0Ch], edx
jz short loc_401D51
mov edx, ds:dword_40379F
or edx, edx
jz short loc_401D4E
mov ebx, [eax+0Ch]
cmp ebx, edx
jg short loc_401D4E
jz short loc_401D51
mov ebx, [eax+34h]
or ebx, ebx
jz short @SkipThisSection
cmp ebx, edx
jg short loc_401D51
loc_401D4E: ; CODE XREF: sub_401D24+14j
; sub_401D24+1Bj
popa
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401D51: ; CODE XREF: sub_401D24+Aj
; sub_401D24+1Dj ...
popa
stc
retn
sub_401D24 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
GetPEHeader proc near ; CODE XREF: CompressPE+74p
; CompressPE+D1p ...
mov esi, [eax+3Ch]
add esi, eax
mov ds:lpPEHeader, esi
retn
GetPEHeader endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401D60 proc near ; CODE XREF: CompressPE+5Ep
; CompressPE+C6p ...
push ecx
push offset FileSizeHigh ; lpFileSizeHigh
push ds:hFile ; hFile
call GetFileSize
call sub_401DBE
jnb short loc_401D7B
pop ecx
jmp short locret_401DBD
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401D7B: ; CODE XREF: sub_401D60+16j
mov ds:dword_40375E, eax
pop ecx
add eax, ecx
push 0 ; lpName
push eax ; dwMaximumSizeLow
push 0 ; dwMaximumSizeHigh
push 4 ; flProtect
push 0 ; lpFileMappingAttributes
push ds:hFile ; hFile
call CreateFileMappingA
call sub_401DBE
jb short locret_401DBD
mov ds:hObject, eax
push 0 ; dwNumberOfBytesToMap
push 0 ; dwFileOffsetLow
push 0 ; dwFileOffsetHigh
push 2 ; dwDesiredAccess
push eax ; hFileMappingObject
call MapViewOfFile
call sub_401DBE
jb short locret_401DBD
mov ds:lpBaseAddress, eax
locret_401DBD: ; CODE XREF: sub_401D60+19j
; sub_401D60+3Cj ...
retn
sub_401D60 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401DBE proc near ; CODE XREF: CompressPE+2Ep
; sub_401D60+11p ...
cmp eax, -1
jz short loc_401DC9
or eax, eax
jz short loc_401DC9
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401DC9: ; CODE XREF: sub_401DBE+3j
; sub_401DBE+7j
stc
retn
sub_401DBE endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
FreeFile proc near ; CODE XREF: CompressPE+BCp
; CompressPE+545p ...
push ds:lpBaseAddress ; lpBaseAddress
call UnmapViewOfFile
push ds:hObject ; hObject
call CloseHandle
retn
FreeFile endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
GetMaxPath proc near ; CODE XREF: CompressPE+365p
; CompressPE+381p ...
mov ecx, 200h
GetMaxPath endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401DE7 proc near ; CODE XREF: CompressPE+47Fp
; sub_401E09+78p ...
xor edx, edx
div ecx
or edx, edx
jz short loc_401DF0
inc eax
loc_401DF0: ; CODE XREF: sub_401DE7+6j
mul ecx
retn
sub_401DE7 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
; HFILE __stdcall MyOpenFile(LPCSTR lpFileName,LPOFSTRUCT lpReOpenBuff,UINT uStyle)
MyOpenFile proc near ; CODE XREF: CompressPE+29p
push 0 ; hTemplateFile
push 20h ; dwFlagsAndAttributes
push 3 ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 0 ; dwShareMode
push 0C0000000h ; dwDesiredAccess
push esi ; lpFileName
call CreateFileA
retn
MyOpenFile endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401E09 proc near ; CODE XREF: CompressPE+41p
; CompressPE+590p
xor ecx, ecx
call sub_401D60
jb @InvalidPE
mov ecx, ds:dword_40375E
or ecx, ecx
jz loc_401F4E
mov ds:dword_40377E, ecx
call GetPEHeader
mov eax, [esi+3Ch]
mov ds:dword_403762, eax
xor eax, eax
mov ax, [esi+14h]
add eax, 18h
add eax, esi
push esi
push eax
xchg eax, edi
mov ds:dword_4038A3, edi
movzx ecx, word ptr [esi+6]
xor ebx, ebx
loc_401E51: ; CODE XREF: sub_401E09+52j
call sub_401F54
inc ebx
cmp ebx, ecx
jz short loc_401E5D
jmp short loc_401E51
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401E5D: ; CODE XREF: sub_401E09+50j
pop eax
pop esi
pusha
push eax
push esi
call sub_4015F3
popa
push eax
xor edx, edx
mov ecx, 28h
xor eax, eax
mov ax, [esi+6]
inc eax
mul ecx
xchg eax, ebx
pop eax
push eax
add eax, ebx
mov ecx, [esi+3Ch]
call sub_401DE7
xchg eax, ebx
pop eax
mov ecx, ebx
sub ecx, ds:lpBaseAddress
mov [esi+54h], ecx
mov ecx, 200h
mov [esi+3Ch], ecx
movzx ecx, word ptr [esi+6]
mov edi, ebx
loc_401EA1: ; CODE XREF: sub_401E09+D5j
push eax
push ecx
mov ecx, edi
sub ecx, ds:lpBaseAddress
mov esi, [eax+14h]
mov [eax+14h], ecx
mov ebx, [eax+8]
cmp ebx, [eax+10h]
jg short loc_401EC9
mov ecx, 200h
push eax
xchg eax, ebx
call sub_401DE7
xchg eax, ebx
pop eax
jmp short loc_401ECC
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401EC9: ; CODE XREF: sub_401E09+AEj
mov ebx, [eax+10h]
loc_401ECC: ; CODE XREF: sub_401E09+BEj
mov [eax+10h], ebx
add esi, ds:lpBaseAddress
mov ecx, ebx
rep movsb
pop ecx
pop eax
add eax, 28h
loop loc_401EA1
sub eax, 28h
mov ecx, [eax+10h]
add ecx, [eax+14h]
push ecx
call FreeFile
mov ds:CompressResult, 0
pop ecx
mov ds:dword_403756, ecx
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push ecx ; lDistanceToMove
push ds:hFile ; hFile
call SetFilePointer
push ds:hFile ; hFile
call SetEndOfFile
xor ecx, ecx
call sub_401D60
jb short locret_401F53
call GetPEHeader
lea eax, [esi+58h]
push eax
push offset dword_403752
push ds:dword_40375E
push ds:lpBaseAddress
call CheckSumMappedFile
call FreeFile
mov ds:CompressResult, 0
jmp short locret_401F53
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_401F4E: ; CODE XREF: sub_401E09+15j
call FreeFile
locret_401F53: ; CODE XREF: sub_401E09+116j
; sub_401E09+143j
retn
sub_401E09 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401F54 proc near ; CODE XREF: sub_401E09+48p
push ebx
push ecx
mov eax, 28h
mul bl
add eax, ds:dword_4038A3
mov esi, eax
mov eax, [esi+10h]
mov ecx, eax
add eax, [esi+14h]
add eax, ds:lpBaseAddress
mov edi, eax
dec edi
xor eax, eax
std
repe scasb
cld
add edi, 2
sub edi, [esi+14h]
sub edi, ds:lpBaseAddress
mov ecx, 200h
xchg eax, edi
call sub_401DE7
cmp eax, [esi+10h]
jge short loc_401F9B
mov [esi+10h], eax
loc_401F9B: ; CODE XREF: sub_401F54+42j
pop ecx
pop ebx
retn
sub_401F54 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401F9E proc near ; CODE XREF: CompressPE+323p
; CompressPE+399p ...
push edi
mov ecx, 3
xor eax, eax
rep stosd
pop edi
mov eax, edx
mov esi, 0Ah
xor ecx, ecx
loc_401FB2: ; CODE XREF: sub_401F9E+1Cj
xor edx, edx
div esi
push edx
inc ecx
or eax, eax
jnz short loc_401FB2
loc_401FBC: ; CODE XREF: sub_401F9E+25j
pop edx
add dl, 30h
mov al, dl
stosb
loop loc_401FBC
retn
sub_401F9E endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401FC6 proc near ; CODE XREF: sub_401458+58p
; CompressPE+122p ...
push esi
push edi
push edx
push ecx
push eax
mov eax, ds:dword_40378E
mov ecx, ds:dword_4037BB
loc_401FD6: ; CODE XREF: sub_401FC6+1Aj
mov edx, [eax+0Ch]
cmp edx, ebx
ja short loc_401FE2
add eax, 28h
loop loc_401FD6
loc_401FE2: ; CODE XREF: sub_401FC6+15j
sub eax, 28h
sub ebx, [eax+0Ch]
add ebx, [eax+14h]
pop eax
pop ecx
pop edx
pop edi
pop esi
retn
sub_401FC6 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_401FF1 proc near ; CODE XREF: sub_4015C4+16p
push esi
push edi
push edx
push ecx
push eax
mov eax, ds:dword_40378E
mov ecx, ds:dword_4037BB
loc_402001: ; CODE XREF: sub_401FF1+1Aj
mov edx, [eax+14h]
cmp edx, ebx
ja short loc_40200D
add eax, 28h
loop loc_402001
loc_40200D: ; CODE XREF: sub_401FF1+15j
sub eax, 28h
sub ebx, [eax+14h]
add ebx, [eax+0Ch]
pop eax
pop ecx
pop edx
pop edi
pop esi
retn
sub_401FF1 endp
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_40201C: ; DATA XREF: CompressIt+3Fo
mov eax, [esp+4]
xor edx, edx
mov ecx, 64h
mul ecx
xor edx, edx
mov ecx, ds:dword_4038B3
or ecx, ecx
jz short loc_40204A
div ecx
push 0
push eax
push 402h
push ds:hProgress
call SendMessageA
loc_40204A: ; CODE XREF: pcs1:00402033j
mov eax, 1
retn
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_402050 proc near ; CODE XREF: CompressPE+23Ep
pop edx
pop eax
pop edi
push edx
mov ecx, ds:dword_4037BB
dec ecx
xor ebp, ebp
loc_40205D: ; CODE XREF: sub_402050+116j
push ecx
call sub_401CF4
jnb short loc_40206D
xor ebp, ebp
jz loc_40215E
loc_40206D: ; CODE XREF: sub_402050+13j
cmp ebp, 1
jz short loc_40207C
mov ebp, 1
jmp loc_40215E
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_40207C: ; CODE XREF: sub_402050+20j
push eax
mov ebx, [eax-14h]
add ebx, [eax-18h]
add ebx, ds:lpBaseAddress
push edi
mov edi, ebx
call sub_40216C
mov ecx, edi
sub ecx, [eax-14h]
sub ecx, ds:lpBaseAddress
mov ds:dword_4038AB, ecx
mov ebx, edi
pop edi
pop eax
push eax
push ebx
mov ebx, [eax+14h]
add ebx, [eax+10h]
add ebx, ds:lpBaseAddress
push edi
mov edi, ebx
call sub_40216C
mov ecx, edi
sub ecx, [eax+14h]
sub ecx, ds:lpBaseAddress
mov ds:dword_4038AF, ecx
pop edi
mov ebp, edi
pop edi
mov esi, [eax+14h]
add esi, ds:lpBaseAddress
mov ecx, ds:dword_4038AF
rep movsb
pop eax
mov ebx, [eax+34h]
mov ecx, [eax-1Ch]
sub ebx, ecx
mov [eax-20h], ebx
mov ebx, ds:dword_4038AB
add ebx, ds:dword_4038AF
mov [eax-18h], ebx
mov edi, ebp
mov ebx, [eax+0Ch]
add ebx, ds:@ImageBase
mov [edi+4], ebx
mov ebx, [eax-1Ch]
add ebx, ds:dword_4038AB
add ebx, ds:@ImageBase
mov [edi], ebx
mov ebx, ds:dword_4038AF
mov [edi+8], ebx
mov ecx, [eax+34h]
sub ecx, [eax+0Ch]
sub ecx, ebx
mov [edi+0Ch], ecx
add edi, 10h
pop ecx
push ecx
push eax
inc ecx
mov eax, ecx
xor edx, edx
mov ecx, 28h
mul ecx
mov ecx, eax
pop eax
mov esi, eax
add esi, 28h
push edi
mov edi, eax
rep movsb
pop edi
dec ds:dword_4037BB
mov ebp, 1
sub eax, 28h
loc_40215E: ; CODE XREF: sub_402050+17j
; sub_402050+27j
pop ecx
add eax, 28h
loop loc_402166
jmp short locret_40216B
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_402166: ; CODE XREF: sub_402050+112j
jmp loc_40205D
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
locret_40216B: ; CODE XREF: sub_402050+114j
retn
sub_402050 endp ; sp = 8
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_40216C proc near ; CODE XREF: sub_402050+3Cp
; sub_402050+67p
push eax
push edi
std
mov ecx, 0FFFFFFFh
xor eax, eax
repe scasb
add edi, 4
cld
pop edx
cmp edx, edi
jnb short loc_402183
mov edi, edx
loc_402183: ; CODE XREF: sub_40216C+13j
pop eax
retn
sub_40216C endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_402185 proc near ; CODE XREF: CompressPE+50Ep
push esi
push edi
push ecx
push edx
mov ecx, 28Ch
push ecx
push ecx ; dwBytes
push 8 ; dwFlags
push ds:hHeap ; hHeap
call HeapAlloc
mov ds:lpMem, eax
push 0FA000h ; dwBytes
push 8 ; dwFlags
push ds:hHeap ; hHeap
call HeapAlloc
mov ds:dword_4038A7, eax
pop ecx
push ecx
push 0
push ds:dword_4038A7
push ecx
push ds:lpMem
push offset loc_403ADD
call _aP_pack
push eax
mov ecx, eax
mov esi, ds:lpMem
mov edi, offset loc_403ADD
rep movsb
push ds:dword_4038A7 ; lpMem
push 0 ; dwFlags
push ds:hHeap ; hHeap
call HeapFree
push ds:lpMem ; lpMem
push 0 ; dwFlags
push ds:hHeap ; hHeap
call HeapFree
pop ecx
pop eax
sub eax, ecx
push eax
mov edi, offset loc_403ADD
add edi, ecx
mov ecx, eax
xor eax, eax
rep stosb
pop eax
pop edx
pop ecx
pop edi
pop esi
retn
sub_402185 endp ; sp = -14h
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_402222 proc near ; CODE XREF: CompressPE+248p
pop eax
pop ebx
push eax
pusha
xchg ebx, edi
add edi, 0B0h
loc_40222E: ; CODE XREF: sub_402222+12j
sub edi, 10h
cmp dword ptr [edi], 0
jz short loc_40222E
xchg edi, esi
mov edi, offset dword_40383F
loc_40223D: ; CODE XREF: sub_402222+2Bj
mov ecx, 4
rep movsd
sub esi, 20h
cmp esi, offset byte_403CC9
jnb short loc_40223D
mov esi, offset dword_40383F
mov edi, offset byte_403CC9
mov ecx, 0A0h
rep movsb
popa
retn
sub_402222 endp ; sp = 4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
MakeBackup proc near ; CODE XREF: start+3Cp
pop ebx
pop edi
push ebx
push edi
push edi
push offset lpNewFileName
call lstrcpy
pop edi
push edi
push offset szDotBak ; ".BAK"
push offset lpNewFileName
call lstrcat ; 加入字尾 .Bak
pop edi
push 0 ; bFailIfExists
push offset lpNewFileName ; lpNewFileName
push edi ; lpExistingFileName
call CopyFileA
retn
MakeBackup endp ; sp = 4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_402291 proc near ; CODE XREF: sub_4013D7+2Dp
; _CheckDlgButton+2p ...
pop edx
pop ebx
push edx
mov esi, offset dword_4038DC
loc_402299: ; CODE XREF: sub_402291+Fj
lodsd
or eax, eax
jz short loc_4022A4
cmp eax, ebx
jnz short loc_402299
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_4022A4: ; CODE XREF: sub_402291+Bj
stc
retn
sub_402291 endp ; sp = 4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_4022A6 proc near ; CODE XREF: ProcessCheckBoxes+24p
; ProcessCheckBoxes+3Fp ...
pop edx
pop ebx
push edx
mov esi, offset dword_4038DC
loc_4022AE: ; CODE XREF: sub_4022A6+Fj
lodsd
cmp ebx, eax
jz short locret_4022C3
or eax, eax
jnz short loc_4022AE
sub esi, 4
mov [esi], ebx
mov dword ptr [esi+4], 0
locret_4022C3: ; CODE XREF: sub_4022A6+Bj
retn
sub_4022A6 endp ; sp = 4
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
_CheckDlgButton proc near ; CODE XREF: pcs1:0040132Ep
push 1
call sub_402291
jb short loc_4022DF
push 1 ; uCheck
push 3FFh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_4022DF: ; CODE XREF: _CheckDlgButton+7j
push 2
call sub_402291
jb short loc_4022FA
push 1 ; uCheck
push 3EAh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_4022FA: ; CODE XREF: _CheckDlgButton+22j
push 3
call sub_402291
jb short loc_402315
push 1 ; uCheck
push 3EEh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_402315: ; CODE XREF: _CheckDlgButton+3Dj
push 4
call sub_402291
jb short loc_402330
push 1 ; uCheck
push 3F6h ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_402330: ; CODE XREF: _CheckDlgButton+58j
push 5
call sub_402291
jb short loc_40234B
push 1 ; uCheck
push 3F7h ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_40234B: ; CODE XREF: _CheckDlgButton+73j
push 6
call sub_402291
jb short loc_402366
push 1 ; uCheck
push 3FCh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_402366: ; CODE XREF: _CheckDlgButton+8Ej
push 7
call sub_402291
jb short loc_402381
push 1 ; uCheck
push 3F8h ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_402381: ; CODE XREF: _CheckDlgButton+A9j
push 8
call sub_402291
jb short loc_40239C
push 1 ; uCheck
push 401h ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_40239C: ; CODE XREF: _CheckDlgButton+C4j
push 9
call sub_402291
jb short loc_4023B7
push 1 ; uCheck
push 3FEh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_4023B7: ; CODE XREF: _CheckDlgButton+DFj
push 0Ah
call sub_402291
jb short loc_4023D2
push 1 ; uCheck
push 3FDh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_4023D2: ; CODE XREF: _CheckDlgButton+FAj
push 0Bh
call sub_402291
jb short loc_4023ED
push 1 ; uCheck
push 3FBh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_4023ED: ; CODE XREF: _CheckDlgButton+115j
push 0Ch
call sub_402291
jb short loc_402408
push 1 ; uCheck
push 3FAh ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_402408: ; CODE XREF: _CheckDlgButton+130j
push 0Eh
call sub_402291
jb short loc_402423
push 1 ; uCheck
push 3F9h ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
loc_402423: ; CODE XREF: _CheckDlgButton+14Bj
push 10h
call sub_402291
jb short locret_40243E
push 1 ; uCheck
push 400h ; nIDButton
push ds:hWnd ; hDlg
call CheckDlgButton
locret_40243E: ; CODE XREF: _CheckDlgButton+166j
retn
_CheckDlgButton endp ; sp = -38h
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
ProcessCheckBoxes proc near ; CODE XREF: pcs1:00401187p
mov edi, offset dword_4038DC
xor eax, eax
mov ecx, 10h
rep stosd
push 3FFh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_402468
push 1
call sub_4022A6
loc_402468: ; CODE XREF: ProcessCheckBoxes+20j
push 3EAh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_402483
push 2
call sub_4022A6
loc_402483: ; CODE XREF: ProcessCheckBoxes+3Bj
push 3EEh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_40249E
push 3
call sub_4022A6
loc_40249E: ; CODE XREF: ProcessCheckBoxes+56j
push 3F6h ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_4024B9
push 4
call sub_4022A6
loc_4024B9: ; CODE XREF: ProcessCheckBoxes+71j
push 3F7h ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_4024D4
push 5
call sub_4022A6
loc_4024D4: ; CODE XREF: ProcessCheckBoxes+8Cj
push 3FCh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_4024EF
push 6
call sub_4022A6
loc_4024EF: ; CODE XREF: ProcessCheckBoxes+A7j
push 3F8h ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_40250A
push 7
call sub_4022A6
loc_40250A: ; CODE XREF: ProcessCheckBoxes+C2j
push 401h ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_402525
push 8
call sub_4022A6
loc_402525: ; CODE XREF: ProcessCheckBoxes+DDj
push 3FEh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_402540
push 9
call sub_4022A6
loc_402540: ; CODE XREF: ProcessCheckBoxes+F8j
push 3FDh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_40255B
push 0Ah
call sub_4022A6
loc_40255B: ; CODE XREF: ProcessCheckBoxes+113j
push 3FBh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_402576
push 0Bh
call sub_4022A6
loc_402576: ; CODE XREF: ProcessCheckBoxes+12Ej
push 3FAh ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_402591
push 0Ch
call sub_4022A6
loc_402591: ; CODE XREF: ProcessCheckBoxes+149j
push 3F9h ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short loc_4025AC
push 0Eh
call sub_4022A6
loc_4025AC: ; CODE XREF: ProcessCheckBoxes+164j
push 400h ; nIDButton
push ds:hWnd ; hDlg
call IsDlgButtonChecked
or eax, eax
jz short locret_4025C7
push 10h
call sub_4022A6
locret_4025C7: ; CODE XREF: ProcessCheckBoxes+17Fj
retn
ProcessCheckBoxes endp ; sp = -38h
; [00000006 BYTES: COLLAPSED FUNCTION HeapFree. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetCommandLineA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileAttributesA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION IsBadReadPtr. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION ExitProcess. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileA. PRESS KEYPAD "+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
jmp ds:ReadFile
; [00000006 BYTES: COLLAPSED FUNCTION MapViewOfFile. PRESS KEYPAD "+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
jmp ds:LoadLibraryA
; [00000006 BYTES: COLLAPSED FUNCTION GetFileTime. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetModuleHandleA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetProcessHeap. PRESS KEYPAD "+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
jmp ds:GetStdHandle
; [00000006 BYTES: COLLAPSED FUNCTION ExitThread. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateFileMappingA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileSize. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CloseHandle. PRESS KEYPAD "+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
jmp ds:ReadConsoleA
; [00000006 BYTES: COLLAPSED FUNCTION SetEndOfFile. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CopyFileA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CreateThread. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetFileAttributesA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetFilePointer. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetFileTime. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION UnmapViewOfFile. PRESS KEYPAD "+" TO EXPAND]
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
jmp ds:WriteConsoleA
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
jmp ds:WriteFile
; [00000006 BYTES: COLLAPSED FUNCTION lstrcat. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION lstrcpy. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION HeapAlloc. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CheckSumMappedFile. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION CheckDlgButton. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SetDlgItemTextA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION SendMessageA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION PostQuitMessage. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION MessageBoxA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION LoadIconA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION IsDlgButtonChecked. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetDlgItemTextA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetDlgItem. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION EnableWindow. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION DialogBoxParamA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetOpenFileNameA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION ShellExecuteA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION _aP_pack. PRESS KEYPAD "+" TO EXPAND]
dd 24Ah dup(0)
align 4
; const CHAR lpNewFileName
lpNewFileName db 100h dup(0) ; DATA XREF: MakeBackup+5o
; MakeBackup+16o ...
szDotBak db '.BAK',0 ; DATA XREF: MakeBackup+11o
szWeb1 db 'http://virogen.cjb.net',0 ; DATA XREF: pcs1:0040133Fo
szWeb2 db 'http://www.phrozencrew.com',0 ; DATA XREF: pcs1:0040135Co
szLineEnd db 0Dh,0Ah ; DATA XREF: CompressPE+2C1o
db 9,9,0
dd 0Ch dup(0C4C4C4C4h), 0A0DC4C4h
szCaption db 'Phrozen Crew PE Shrinker v0.70, (c)1999 Virogen/PC',0
; DATA XREF: start+88o start+AFo ...
szCompressOK db 'Successfully compressed!',0Dh,0Ah ; DATA XREF: start+47o
; start+6Do ...
db ' Installed on file: ',9,0
dd 64h dup(0)
aCompressedObje db 0Dh,0Ah ; DATA XREF: start+68o CompressPE+2C6o ...
db ' Compressed objects: ',0
dd 2Dh dup(0)
aOriginalSize db 0Dh,0Ah ; DATA XREF: start+77o CompressPE+5AAo ...
db 'Original size: ',0
dd 0Ch dup(0)
db 2 dup(0)
dword_403473 dd 3 dup(0) ; DATA XREF: CompressPE+578o
; CompressPE+5A5o
db 3 dup(0)
aNewSize db ' New size : ',0 ; DATA XREF: CompressPE+5B4o
dword_40348F dd 3 dup(0) ; DATA XREF: CompressPE+59Bo
; CompressPE+5C3o
db 3 dup(0)
aFileAppearsToA db 'File appears to already be compressed.',0 ; DATA XREF: CompressPE+A4o
szCompressError db 'There was an error compressing the file!',0Dh,0Ah ; DATA XREF: start+A3o
; start+B4o
db 'Specified file: ',0
dd 41h dup(0)
byte_403604 db 20h ; DATA XREF: CompressPE+317w
; CompressPE+328o ...
dword_403605 dd 2 dup(0) ; DATA XREF: CompressPE+31Eo
; CompressPE+394o
; CHAR szBuffer
szBuffer db 0 ; DATA XREF: pcs1:00401042o start+23o ...
dd 3Fh dup(0)
db 3 dup(0)
asc_40370D db ' -> ',0 ; DATA XREF: CompressPE+39Eo
aPeExeFiles db 'PE EXE files',0 ; DATA XREF: pcs1:0040137Do
a_exe db '*.exe',0
aWorking__ db 'Working .. ',0
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
db 0 ;
; struct _FILETIME LastWriteTime
LastWriteTime dd 0 ; dwLowDateTime ; DATA XREF: CompressPE+47o
; CompressPE+558o
dd 0 ; dwHighDateTime
; struct _FILETIME LastAccessTime
LastAccessTime dd 0 ; dwLowDateTime ; DATA XREF: CompressPE+4Co
; CompressPE+55Do
dd 0 ; dwHighDateTime
; struct _FILETIME CreationTime
CreationTime dd 0 ; dwLowDateTime ; DATA XREF: CompressPE+51o
; CompressPE+562o
dd 0 ; dwHighDateTime
dword_403752 dd 0 ; DATA XREF: sub_401E09+121o
dword_403756 dd 0 ; DATA XREF: sub_401E09+EEw
; LPVOID lpMem
lpMem dd 0 ; DATA XREF: CompressIt+11w
; CompressIt+4Br ...
dword_40375E dd 0 ; DATA XREF: CompressPE+572r
; CompressPE+595r ...
dword_403762 dd 0 ; DATA XREF: sub_401E09+29w
; LPCVOID lpBaseAddress
lpBaseAddress dd 0 ; DATA XREF: sub_401458+5Dr
; sub_4015C4+Er ...
; DWORD dwFileAttributes
dwFileAttributes dd 0 ; DATA XREF: CompressPE+Bw
; CompressPE+5DDr
; LPCSTR lpFileName
lpFileName dd 0 ; DATA XREF: start+23w start+36r ...
lpPEHeader dd 0 ; DATA XREF: GetPEHeader+5w
dd 0
; HANDLE hObject
hObject dd 0 ; DATA XREF: sub_401D60+3Ew
; FreeFile+Br
dword_40377E dd 0 ; DATA XREF: sub_401E09+1Bw
; HANDLE hFile
hFile dd 0 ; DATA XREF: CompressPE+36w
; CompressPE+3Br ...
dword_403786 dd 0 ; DATA XREF: CompressIt+33w
dd 0
dword_40378E dd 0 ; DATA XREF: CompressPE+113w
; CompressPE+238r ...
dword_403792 dd 0 ; DATA XREF: CompressPE+413w
; CompressPE+524r
dword_403796 dd 0 ; DATA XREF: CompressPE+41Bw
; CompressPE+440r
dword_40379A dd 0 ; DATA XREF: CompressPE+424w
; CompressPE+446r ...
CompressResult db 0FFh ; DATA XREF: start+56r start+5Fr ...
dword_40379F dd 0 ; DATA XREF: CompressPE+105w
; sub_401D24+Cr
dword_4037A3 dd 0 ; DATA XREF: CompressPE+198w
; DWORD FileSizeHigh
FileSizeHigh dd 0 ; DATA XREF: sub_401D60+1o
dword_4037AB dd 0 ; DATA XREF: CompressPE+387r
; CompressIt+57w ...
dword_4037AF dd 0 ; DATA XREF: CompressPE+27Dw
; CompressPE+2ABw ...
dword_4037B3 dd 0 ; DATA XREF: CompressPE+1AEw
; CompressPE+20Cr ...
dword_4037B7 dd 0 ; DATA XREF: sub_4013D7+51r
; sub_401458+6r ...
dword_4037BB dd 0 ; DATA XREF: CompressPE+E1w
; CompressPE+24Er ...
dword_4037BF dd 0 ; DATA XREF: CompressPE+267w
; CompressPE+35Aw ...
dword_4037C3 dd 0 ; DATA XREF: CompressPE+45Ew
; CompressPE+51Er
dd 0
dword_4037CB dd 0 ; DATA XREF: sub_401458+17r
; sub_401458+1Dw ...
BufferInHeap dd 0 ; DATA XREF: AllocMemInHeap+2Ew
; pcs1:00401503r ...
dword_4037D3 dd 0 ; DATA XREF: AllocMemInHeap+12w
; sub_40152A+5r ...
dword_4037D7 dd 0 ; DATA XREF: sub_401458+26r
; sub_401458+2Cw ...
ha_buzhidao dd 0 ; DATA XREF: sub_4013D7+35w
; sub_4013D7+41w ...
; HANDLE hHeap
hHeap dd 1B0000h ; DATA XREF: pcs1:00401005w
; sub_401458+41r ...
dword_4037E3 dd 0 ; DATA XREF: sub_4013D7+21r
; sub_4013D7+58w ...
dword_4037E7 dd 0 ; DATA XREF: CompressPE+469w
; CompressPE+532r
; HINSTANCE hInstance
hInstance dd 0 ; DATA XREF: start+7w pcs1:00401267r
; HWND hWnd
hWnd dd 0 ; DATA XREF: start+CBr pcs1:00401134w ...
; struct tagOFNA ofn
ofn dd 0 ; lStructSize ; DATA XREF: pcs1:00401391w
; pcs1:004013AFo ...
dd 0 ; hwndOwner
dd 0 ; hInstance
dd 0 ; lpstrFilter
dd 0 ; lpstrCustomFilter
dd 0 ; nMaxCustFilter
dd 0 ; nFilterIndex
dd 0 ; lpstrFile
dd 0 ; nMaxFile
dd 0 ; lpstrFileTitle
dd 0 ; nMaxFileTitle
dd 0 ; lpstrInitialDir
dd 0 ; lpstrTitle
dd 0 ; Flags
dw 0 ; nFileOffset
dw 0 ; nFileExtension
dd 0 ; lpstrDefExt
dd 0 ; lCustData
dd 0 ; lpfnHook
dd 0 ; lpTemplateName
dword_40383F dd 0 ; DATA XREF: sub_40164D+7w
; sub_402222+16o ...
dd 9 dup(0)
dword_403867 dd 0 ; DATA XREF: sub_40164D+11w
dd 9 dup(0)
dword_40388F dd 0 ; DATA XREF: sub_40164D+1r
; CompressPE+3FAw
SectionMerging dd 1 ; DATA XREF: pcs1:004011CCw
; pcs1:004012C5r ...
; UINT RestructureResourceData
RestructureResourceData dd 1 ; DATA XREF: pcs1:004011B7w
; pcs1:004012AFr ...
dword_40389B dd 1 ; DATA XREF: CompressPE+220w
; CompressPE+292r
BackupFile dd 1 ; DATA XREF: start+2Dr pcs1:004011E1w ...
dword_4038A3 dd 0 ; DATA XREF: sub_401E09+3Cw
; sub_401F54+9r
dword_4038A7 dd 0 ; DATA XREF: CompressIt+28w
; CompressIt+44r ...
dword_4038AB dd 0 ; DATA XREF: sub_402050+4Cw
; sub_402050+9Er ...
dword_4038AF dd 0 ; DATA XREF: sub_402050+77w
; sub_402050+8Ar ...
dword_4038B3 dd 0 ; DATA XREF: CompressIt+39w
; pcs1:0040202Br
hProgress dd 0 ; DATA XREF: pcs1:00401301w
; pcs1:0040203Fr
szSectionName db 'pcs0',0 ; DATA XREF: CompressPE+2D2o
; CompressPE+3DCr ...
CompressExportTable dd 0 ; DATA XREF: pcs1:004011F6w
; CompressPE+F9r
dword_4038C4 dd 0 ; DATA XREF: CompressPE+F4w
; sub_401D24+1r
; DWORD ThreadId
ThreadId dd 0 ; DATA XREF: pcs1:004011FCo
dd 2 dup(0)
hOK dd 0 ; DATA XREF: pcs1:0040116Er
; pcs1:00401313w
hBrowse dd 0 ; DATA XREF: pcs1:0040117Br
; pcs1:00401328w
dword_4038DC dd 1, 2, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Ah dup(0)
; DATA XREF: sub_402291+3o
; sub_4022A6+3o ...
szSkipedSectionName db '.tls.relBSS',0 ; DATA XREF: sub_401CF4+1Ao
db 'ssb.',0
db 0 ;
db 0 ;
db 0 ;
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@LoaderStart: ; DATA XREF: CompressPE+4A9o
; CompressPE+52Ao
pushf
pusha
loc_403946: ; DATA XREF: CompressPE+4AEw
mov ebp, 0
add ss:xx[ebp], ebp
push ss:dword_403A50[ebp]
push 40h
call ss:_GlobalAlloc[ebp]
push eax
push eax
sub eax, offset @LoaderPart2
mov dword ptr ss:(@LoaderPart2+1)[ebp], eax
pop edi
lea esi, @LoaderPart2[ebp]
mov ecx, 0FCh
rep movsd
pop edi
jmp edi
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@LoaderPart2: ; DATA XREF: pcs1:00403961o
; pcs1:0040396Dr ...
mov ebp, 0
mov esi, edi
add esi, 160h
add edi, 3ECh
push edi
push esi
push edi
push ebp
push edi
push esi
call @CopyCode
add esp, 8
pop ebp
xchg eax, ecx
pop esi
pop edi
rep movsb
jmp loc_403ADD
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
; Attributes: bp-based frame
@CopyCode proc near ; CODE XREF: pcs1:00403996p
; pcs1:00403B17p
regEsi = dword ptr 8
regEdi = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
push ebp
mov esi, [ebp+regEsi]
mov edi, [ebp+regEdi]
cld
mov dl, 80h
loc_4039B7: ; CODE XREF: @CopyCode+14j
movsb
loc_4039B8: ; CODE XREF: @CopyCode+36j
; @CopyCode+7Fj
call sub_403A2A
jnb short loc_4039B7
xor ecx, ecx
call sub_403A2A
jnb short loc_4039E1
xor eax, eax
call sub_403A2A
jnb short loc_4039F2
mov al, 10h
loc_4039D3: ; CODE XREF: @CopyCode+31j
call sub_403A2A
adc al, al
jnb short loc_4039D3
jnz short loc_403A1F
stosb
jmp short loc_4039B8
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_4039E1: ; CODE XREF: @CopyCode+1Dj
call sub_403A36
dec ecx
loop loc_4039FE
mov eax, ebp
call sub_403A34
jmp short loc_403A20
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_4039F2: ; CODE XREF: @CopyCode+26j
lodsb
shr eax, 1
jz short loc_403A46
adc ecx, 2
mov ebp, eax
jmp short loc_403A20
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_4039FE: ; CODE XREF: @CopyCode+3Ej
xchg eax, ecx
dec eax
shl eax, 8
lodsb
mov ebp, eax
call sub_403A34
cmp eax, 7D00h
jnb short loc_403A1E
cmp eax, 500h
jnb short loc_403A1F
cmp eax, 7Fh
ja short loc_403A20
loc_403A1E: ; CODE XREF: @CopyCode+67j
inc ecx
loc_403A1F: ; CODE XREF: @CopyCode+33j
; @CopyCode+6Ej
inc ecx
loc_403A20: ; CODE XREF: @CopyCode+47j
; @CopyCode+53j ...
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp short loc_4039B8
@CopyCode endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_403A2A proc near ; CODE XREF: @CopyCode+Fp
; @CopyCode+18p ...
add dl, dl
jnz short locret_403A33
mov dl, [esi]
inc esi
adc dl, dl
locret_403A33: ; CODE XREF: sub_403A2A+2j
retn
sub_403A2A endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_403A34 proc near ; CODE XREF: @CopyCode+42p
; @CopyCode+5Dp
xor ecx, ecx
sub_403A34 endp
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
sub_403A36 proc near ; CODE XREF: @CopyCode+38p
inc ecx
loc_403A37: ; CODE XREF: sub_403A36+Dj
call sub_403A2A
adc ecx, ecx
call sub_403A2A
jb short loc_403A37
retn
sub_403A36 endp
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_403A46: ; CODE XREF: @CopyCode+4Cj
pop ebp
sub edi, [ebp+0Ch]
mov [ebp-4], edi
popa
pop ebp
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
dword_403A50 dd 0 ; DATA XREF: CompressPE+3C2r
; CompressPE+3CAw ...
xx dd offset dword_403D69 ; DATA XREF: pcs1:0040394Bw
dword_403A58 dd 28h ; DATA XREF: CompressPE+4BAw
dd 2 dup(0)
dword_403A64 dd 3Ch ; DATA XREF: CompressPE+4C0w
dword_403A68 dd 28h ; DATA XREF: CompressPE+4C6w
dd 5 dup(0)
_LoadLibraryA dd 49h ; DATA XREF: CompressPE+4CCw
; pcs1:00403B6Cr ...
_GetProcAddress dd 58h ; DATA XREF: CompressPE+4D2w
; pcs1:00403B7Er ...
_GlobalAlloc dd 69h ; DATA XREF: CompressPE+4D8w
; pcs1:00403959r
_ExitProcess dd 77h ; DATA XREF: CompressPE+4DEw
; pcs1:00403B95r
db 0 ;
db 0 ;
db 0 ;
db 0 ;
aKernel32_dll db 'KERNEL32.DLL',0
db 0 ;
db 0 ;
aLoadlibrarya db 'LoadLibraryA',0
db 0 ;
db 0 ;
aGetprocaddress db 'GetProcAddress',0
db 0 ;
db 0 ;
aGlobalalloc db 'GlobalAlloc',0
db 0 ;
db 0 ;
aExitprocess db 'ExitProcess',0
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_403ADD: ; CODE XREF: pcs1:004039A4j
; DATA XREF: sub_402185+45o ...
pop edi
lea esi, byte_403C71[ebp]
loc_403AE4: ; CODE XREF: pcs1:00403B25j
push ebp
push edi
push esi
lodsd
or eax, eax
jz short loc_403B27
xchg eax, edx
lodsd
xchg eax, ecx
push edi
push ecx
mov esi, edx
rep movsb
pop ecx
pop edi
cmp edx, ss:dword_403C6D[ebp]
jnz short loc_403B15
mov eax, ss:dword_403C69[ebp]
pusha
mov esi, edi
mov edi, edx
mov ecx, eax
rep movsb
popa
add edi, eax
add edx, eax
sub ecx, eax
loc_403B15: ; CODE XREF: pcs1:00403AFDj
push edx
push edi
call @CopyCode
add esp, 8
pop esi
pop edi
pop ebp
add esi, 8
jmp short loc_403AE4
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_403B27: ; CODE XREF: pcs1:00403AEAj
add esp, 0Ch
lea esi, byte_403CC9[ebp]
loc_403B30: ; CODE XREF: pcs1:00403B5Cj
lodsd
or eax, eax
jz short loc_403B5E
xchg eax, ebx
lodsd
xchg eax, edx
lodsd
xchg eax, ecx
push edi
push esi
xchg ebx, esi
push edi
push ecx
rep movsb
pop ecx
pop esi
mov edi, edx
rep movsb
pop esi
lodsd
xchg eax, ecx
xor eax, eax
rep stosb
mov edi, [esi-10h]
mov ecx, [esi-0Ch]
sub ecx, edi
xor eax, eax
rep stosb
pop edi
jmp short loc_403B30
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
loc_403B5E: ; CODE XREF: pcs1:00403B33j
call @ProcessImportTable
jnb short @ProcessImportTableOK ; (正常跳)若處理引入表成功就跳向OEP
lea ebx, aUser32_dll[ebp] ; "USER32.DLL"
push ebx
call ss:_LoadLibraryA[ebp]
or eax, eax
jz short @ExceptionExit ; 無法顯示視窗,直接退出
lea ebx, aMessageboxa[ebp] ; "MessageBoxA"
push ebx
push eax
call ss:_GetProcAddress[ebp] ; 取MessageBoxA地址
lea ebx, aRequiredDllMissing[ebp] ; "Required DLL missing!"
push 30h
push 0
push ebx
push 0
call eax ; 顯示出錯
@ExceptionExit: ; CODE XREF: pcs1:00403B74j
push 0
call ss:_ExitProcess[ebp]
@ProcessImportTableOK: ; CODE XREF: pcs1:00403B63j
popa
popf
@SetOEP: ; DATA XREF: CompressPE+507w
mov edx, 0
jmp edx ; JMP TO OEP
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
@ProcessImportTable proc near ; CODE XREF: pcs1:00403B5Ep
mov esi, ss:@ImportTableRVA[ebp]
or esi, esi
jz short @NoImportTable
mov edx, ss:@ImageBase[ebp]
add esi, edx
@ProcessThunkLoop: ; CODE XREF: @ProcessImportTable+22j
push edx
push esi
call @ProcessIID
jb short @ProcessThunkFailed
add esi, 14h ; sizeof IMAGE_IMPORT_DESCRIPTOR
cmp dword ptr [esi+0Ch], 0
jnz short @ProcessThunkLoop
@NoImportTable: ; CODE XREF: @ProcessImportTable+8j
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@ProcessThunkFailed: ; CODE XREF: @ProcessImportTable+19j
stc
retn
@ProcessImportTable endp ; sp = -8
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
@ProcessIID proc near ; CODE XREF: @ProcessImportTable+14p
pop eax
pop esi
pop edx
push eax
mov ecx, [esi]
mov edi, [esi+10h]
or ecx, ecx ; OrginalFirstThunk是否可用?
jnz short @UseFirstThunk
mov ecx, edi
@UseFirstThunk: ; CODE XREF: @ProcessIID+Bj
add ecx, edx
add edi, edx
mov eax, [esi+0Ch]
add eax, edx
push ecx
push edx
push eax
call ss:_LoadLibraryA[ebp]
pop edx
pop ecx
or eax, eax
jz short @MissDLL
mov ss:@Module[ebp], eax
@ProcessThunk: ; CODE XREF: @ProcessIID+5Ej
mov ebx, [ecx]
or ebx, ebx
jz short @ThunkEnd
test ebx, IMAGE_ORDINAL_FLAG32
jnz short @Ordinal
add ebx, edx
inc ebx
inc ebx
@Ordinal: ; CODE XREF: @ProcessIID+39j
and ebx, 7FFFFFFFh
push ecx
push edx
push ebx
push ss:@Module[ebp]
call ss:_GetProcAddress[ebp]
pop edx
pop ecx
or eax, eax
jz short @MissDLL
stosd ; 填充IAT
add ecx, 4 ; 下一個Thunk
jmp short @ProcessThunk
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@ThunkEnd: ; CODE XREF: @ProcessIID+31j
clc
retn
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@MissDLL: ; CODE XREF: @ProcessIID+25j
; @ProcessIID+58j
stc
retn
@ProcessIID endp ; sp = 4
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
aRequiredDllMissing db 'Required DLL missing!',0 ; DATA XREF: pcs1:00403B84r
aUser32_dll db 'USER32.DLL',0 ; DATA XREF: pcs1:00403B65r
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: pcs1:00403B76r
@Module dd 0 ; DATA XREF: @ProcessIID+27w
; @ProcessIID+48r
@ImportTableRVA dd 0 ; DATA XREF: CompressPE+4EAw
; @ProcessImportTabler
@ImageBase dd 0 ; DATA XREF: CompressPE+E9w
; CompressPE+29Fr ...
dword_403C69 dd 0 ; DATA XREF: sub_4013D7+7Br
; CompressPE+1FBw ...
dword_403C6D dd 0 ; DATA XREF: CompressPE+1B3w
; CompressPE+287r ...
byte_403C71 db 0 ; DATA XREF: CompressPE+25Co
; pcs1:00403ADEr
dd 13h dup(0)
db 3 dup(0)
dword_403CC1 dd 2 dup(0) ; DATA XREF: CompressPE+271o
byte_403CC9 db 0 ; DATA XREF: CompressPE+233o
; CompressPE+243o ...
dd 27h dup(0)
db 3 dup(0)
dword_403D69 dd 0A5h dup(0), 8C000000h, 40h, 0, 24000000h, 58000042h
; DATA XREF: pcs1:00403A54o
dd 8000041h, 41h, 0, 31000000h, 0D4000042h, 10000041h
dd 41h, 0, 3E000000h, 0DC000042h, 40000041h, 41h, 0, 49000000h
dd 0C000042h, 48000042h, 41h, 0, 56000000h, 14000042h
dd 50000042h, 41h, 0, 62000000h, 1C000042h, 42h, 4 dup(0)
dd 6C000000h, 78000042h, 8A000042h, 0A0000042h, 0B0000042h
dd 0BE000042h, 0CC000042h, 0D8000042h, 0E8000042h, 0F8000042h
dd 6000042h, 1A000043h, 2C000043h, 3C000043h, 4A000043h
dd 60000043h, 6E000043h, 7C000043h, 8C000043h, 9C000043h
dd 0A8000043h, 0B8000043h, 0CE000043h, 0E0000043h, 0EE000043h
dd 43h, 10000044h, 1C000044h, 26000044h, 30000044h, 44h
dd 3C000000h, 44h, 52000000h, 64000044h, 76000044h, 86000044h
dd 98000044h, 0A6000044h, 0B2000044h, 0C8000044h, 0DA000044h
dd 0E8000044h, 0F8000044h, 44h, 0A000000h, 45h, 1E000000h
dd 45h, 2E000000h, 45h
db 0 ;
db 0 ;
db 0 ;
pcs1 ends
--------------------------------------------------------------------------------
相關文章
- AbstractQueuedSynchronizer部分原始碼解析2021-01-05原始碼
- Sequelize Scopes 部分原始碼解析2019-03-04原始碼
- ThreadLocal部分原始碼分析2021-10-24thread原始碼
- 原始碼部分加密混淆方案2018-06-14原始碼加密
- LayoutInflate部分原始碼解析2018-04-03原始碼
- 【大型乾貨】手拉手帶你過一遍vue部分原始碼2018-04-25Vue原始碼
- set\list\map部分原始碼解析2018-10-24原始碼
- DPTP實驗部分原始碼分析2020-11-26原始碼
- 直播帶貨系統原始碼利用TextView設定部分字型的顏色和大小2021-09-28原始碼TextView
- 【QT】 QThread部分原始碼淺析2020-11-04QTthread原始碼
- 20款前端特效及部分原始碼2022-12-21前端特效原始碼
- Packer構建openStack映象2024-07-21
- 使用Packer構建映象2024-08-21
- koahub微信商城原始碼市場部分操作後臺原始碼展示2019-05-11原始碼
- 直播帶貨原始碼,css隱藏捲軸,但使超出部分任然可以滾動2023-03-09原始碼CSS
- Runtime原始碼淺析(內部分享)2019-05-11原始碼
- Java 集合 ArrayList 原始碼分析(帶著問題看原始碼)2018-06-22Java原始碼
- go-ethereum原始碼解析-miner挖礦部分原始碼分析CPU挖礦2018-05-26Go原始碼
- 以太坊原始碼分析(42)miner挖礦部分原始碼分析CPU挖礦2018-05-14原始碼
- 帶你一步一步手撕 Mybatis 原始碼加手繪流程圖——執行部分2019-11-03MyBatis原始碼流程圖
- Node.js原始碼解析-啟動-js部分2019-02-16Node.js原始碼
- redux 和 react-redux 部分原始碼閱讀2018-12-29ReduxReact原始碼
- Nacos使用和註冊部分原始碼介紹2021-01-19原始碼
- app直播原始碼,TextView部分字型顏色高亮2021-11-08APP原始碼TextView
- 精準測試方案 [部分原始碼整理中]2020-10-10原始碼
- 帶著問題看redux原始碼2019-05-21Redux原始碼
- 帶你讀 MySQL 原始碼:limit, offset2023-04-10MySql原始碼MIT
- 小豹子帶你看原始碼:ArrayList2018-01-17原始碼
- iOS 元件化方案,帶有原始碼2016-12-25iOS元件化原始碼
- 利用HERE Document攜帶C原始碼2012-06-08原始碼
- DevOps專題|Packer使用教程2020-01-09dev
- 自動化構建映象:Packer2024-11-15
- 生命週期詳細解讀(含部分原始碼)2019-05-14原始碼
- 幣幣合約執行解析(包含部分原始碼)2018-09-17原始碼
- jdk1.8 執行緒池部分原始碼分析2018-09-19JDK執行緒原始碼
- Appdash原始碼閱讀——部分opentracing支援2018-07-13APP原始碼
- 聊天平臺原始碼,TextView部分文字變色2021-10-27原始碼TextView
- 智慧校園人事管理系統原始碼(部分)2018-03-22原始碼