Back to Index
Previous: sub_02CD398C
Next: sub_02CD3C00
Labelmas.sub_02CD3A04
02CD3A04 /$ PUSH EBP
02CD3A05 |. MOV EBP,ESP
02CD3A07 |. ADD ESP,-14
02CD3A0A |. PUSH EBX
02CD3A0B |. PUSH ESI
02CD3A0C |. PUSH EDI
02CD3A0D |. TEST BYTE PTR SS:[EBP+D],0C0
02CD3A11 |. JNZ SHORT Labelmas.02CD3A23
02CD3A13 |. MOV EAX,DWORD PTR DS:[2CDF204]
02CD3A18 |. MOV EDX,DWORD PTR DS:[EAX]
02CD3A1A |. AND EDX,0C000
02CD3A20 |. OR DWORD PTR SS:[EBP+C],EDX
02CD3A23 |> TEST BYTE PTR SS:[EBP+D],80
02CD3A27 |. JNZ SHORT Labelmas.02CD3A30
02CD3A29 |. OR DWORD PTR SS:[EBP+C],4000
02CD3A30 |> MOV ECX,DWORD PTR SS:[EBP+C]
02CD3A33 |. AND ECX,700
02CD3A39 |. CMP ECX,500 ; Switch (cases 100..700)
02CD3A3F |. JG SHORT Labelmas.02CD3A5D
02CD3A41 |. JE SHORT Labelmas.02CD3A6F
02CD3A43 |. SUB ECX,100
02CD3A49 |. JE SHORT Labelmas.02CD3A7D
02CD3A4B |. SUB ECX,100
02CD3A51 |. JE SHORT Labelmas.02CD3A84
02CD3A53 |. SUB ECX,100
02CD3A59 |. JE SHORT Labelmas.02CD3A76
02CD3A5B |. JMP SHORT Labelmas.02CD3A8B
02CD3A5D |> SUB ECX,600
02CD3A63 |. JE SHORT Labelmas.02CD3A84
02CD3A65 |. SUB ECX,100
02CD3A6B |. JE SHORT Labelmas.02CD3A6F
02CD3A6D |. JMP SHORT Labelmas.02CD3A8B
02CD3A6F |> MOV EDI,1 ; Cases 500,700 of switch 02CD3A39
02CD3A74 |. JMP SHORT Labelmas.02CD3A90
02CD3A76 |> MOV EDI,2 ; Case 300 of switch 02CD3A39
02CD3A7B |. JMP SHORT Labelmas.02CD3A90
02CD3A7D |> MOV EDI,4 ; Case 100 of switch 02CD3A39
02CD3A82 |. JMP SHORT Labelmas.02CD3A90
02CD3A84 |> MOV EDI,5 ; Cases 200,600 of switch 02CD3A39
02CD3A89 |. JMP SHORT Labelmas.02CD3A90
02CD3A8B |> MOV EDI,3 ; Default case of switch 02CD3A39
02CD3A90 |> TEST BYTE PTR SS:[EBP+D],1
02CD3A94 |. JE SHORT Labelmas.02CD3AB7
02CD3A96 |. LEA EAX,DWORD PTR SS:[EBP+10]
02CD3A99 |. ADD EAX,4
02CD3A9C |. MOV EAX,DWORD PTR DS:[EAX-4]
02CD3A9F |. AND EAX,DWORD PTR DS:[2CDEC7C]
02CD3AA5 |. TEST AL,80
02CD3AA7 |. JE SHORT Labelmas.02CD3AB0
02CD3AA9 |. MOV EBX,80
02CD3AAE |. JMP SHORT Labelmas.02CD3AC9
02CD3AB0 |> MOV EBX,1
02CD3AB5 |. JMP SHORT Labelmas.02CD3AC9
02CD3AB7 |> MOV EAX,DWORD PTR SS:[EBP+8]
02CD3ABA |. PUSH EAX ; /FileName
02CD3ABB |. CALL <JMP.&KERNEL32.GetFileAttributesA> ; \GetFileAttributesA
02CD3AC0 |. MOV EBX,EAX
02CD3AC2 |. CMP EAX,-1
02CD3AC5 |. JNZ SHORT Labelmas.02CD3AC9
02CD3AC7 |. XOR EBX,EBX
02CD3AC9 |> MOV EAX,DWORD PTR SS:[EBP+C]
02CD3ACC |. AND EAX,3
02CD3ACF |. SUB EAX,1 ; Switch (cases 0..2)
02CD3AD2 |. JB SHORT Labelmas.02CD3ADB
02CD3AD4 |. JE SHORT Labelmas.02CD3AE4
02CD3AD6 |. DEC EAX
02CD3AD7 |. JE SHORT Labelmas.02CD3AED
02CD3AD9 |. JMP SHORT Labelmas.02CD3AF6
02CD3ADB |> MOV DWORD PTR SS:[EBP-4],80000000
02CD3AE2 |. JMP SHORT Labelmas.02CD3B05
02CD3AE4 |> MOV DWORD PTR SS:[EBP-4],40000000 ; Case 1 of switch 02CD3ACF
02CD3AEB |. JMP SHORT Labelmas.02CD3B05
02CD3AED |> MOV DWORD PTR SS:[EBP-4],C0000000 ; Case 2 of switch 02CD3ACF
02CD3AF4 |. JMP SHORT Labelmas.02CD3B05
02CD3AF6 |> PUSH 1 ; /Arg1 = 00000001; Default case of switch 02CD3ACF
02CD3AF8 |. CALL Labelmas.02CD4A24 ; \Labelmas.02CD4A24
02CD3AFD |. POP ECX
02CD3AFE |. MOV EBX,EAX
02CD3B00 |. JMP Labelmas.02CD3BF5
02CD3B05 |> MOV EAX,DWORD PTR SS:[EBP+C] ; Case 0 of switch 02CD3ACF
02CD3B08 |. AND EAX,70
02CD3B0B |. SUB EAX,10 ; Switch (cases 10..30)
02CD3B0E |. JE SHORT Labelmas.02CD3B21
02CD3B10 |. SUB EAX,10
02CD3B13 |. JE SHORT Labelmas.02CD3B28
02CD3B15 |. SUB EAX,10
02CD3B18 |. JE SHORT Labelmas.02CD3B31
02CD3B1A |. SUB EAX,10
02CD3B1D |. JE SHORT Labelmas.02CD3B3A
02CD3B1F |. JMP SHORT Labelmas.02CD3B3A
02CD3B21 |> XOR EDX,EDX ; Case 10 of switch 02CD3B0B
02CD3B23 |. MOV DWORD PTR SS:[EBP-8],EDX
02CD3B26 |. JMP SHORT Labelmas.02CD3B41
02CD3B28 |> MOV DWORD PTR SS:[EBP-8],1 ; Case 20 of switch 02CD3B0B
02CD3B2F |. JMP SHORT Labelmas.02CD3B41
02CD3B31 |> MOV DWORD PTR SS:[EBP-8],2 ; Case 30 of switch 02CD3B0B
02CD3B38 |. JMP SHORT Labelmas.02CD3B41
02CD3B3A |> MOV DWORD PTR SS:[EBP-8],3 ; Default case of switch 02CD3B0B
02CD3B41 |> MOV DWORD PTR SS:[EBP-14],0C
02CD3B48 |. XOR ECX,ECX
02CD3B4A |. MOV DWORD PTR SS:[EBP-10],ECX
02CD3B4D |. LEA ECX,DWORD PTR SS:[EBP-14]
02CD3B50 |. MOV EAX,DWORD PTR SS:[EBP+C]
02CD3B53 |. AND EAX,80
02CD3B58 |. CMP EAX,1
02CD3B5B |. SBB EDX,EDX
02CD3B5D |. NEG EDX
02CD3B5F |. MOV DWORD PTR SS:[EBP-C],EDX
02CD3B62 |. PUSH 0 ; /hTemplateFile = NULL
02CD3B64 |. PUSH EBX ; |Attributes
02CD3B65 |. PUSH EDI ; |Mode
02CD3B66 |. PUSH ECX ; |pSecurity
02CD3B67 |. MOV EAX,DWORD PTR SS:[EBP-8] ; |
02CD3B6A |. PUSH EAX ; |ShareMode
02CD3B6B |. MOV EDX,DWORD PTR SS:[EBP-4] ; |
02CD3B6E |. PUSH EDX ; |Access
02CD3B6F |. MOV ECX,DWORD PTR SS:[EBP+8] ; |
02CD3B72 |. PUSH ECX ; |FileName
02CD3B73 |. CALL <JMP.&KERNEL32.CreateFileA> ; \CreateFileA
02CD3B78 |. MOV ESI,EAX
02CD3B7A |. CMP EAX,-1
02CD3B7D |. JNZ SHORT Labelmas.02CD3BAE
02CD3B7F |. CALL <JMP.&KERNEL32.GetLastError> ; [GetLastError
02CD3B84 |. MOV EBX,EAX
02CD3B86 |. AND EBX,0FFFF
02CD3B8C |. CMP EBX,6E
02CD3B8F |. JNZ SHORT Labelmas.02CD3BA3
02CD3B91 |. TEST BYTE PTR SS:[EBP+D],1
02CD3B95 |. JE SHORT Labelmas.02CD3B9E
02CD3B97 |. MOV EBX,50
02CD3B9C |. JMP SHORT Labelmas.02CD3BA3
02CD3B9E |> MOV EBX,2
02CD3BA3 |> PUSH EBX ; /Arg1
02CD3BA4 |. CALL Labelmas.02CD4A24 ; \Labelmas.02CD4A24
02CD3BA9 |. POP ECX
02CD3BAA |. MOV EBX,EAX
02CD3BAC |. JMP SHORT Labelmas.02CD3BF5
02CD3BAE |> MOV EDI,ESI
02CD3BB0 |. PUSH EDI ; /Arg1
02CD3BB1 |. CALL Labelmas.02CD3974 ; \Labelmas.02CD3974
02CD3BB6 |. POP ECX
02CD3BB7 |. TEST EAX,EAX
02CD3BB9 |. JE SHORT Labelmas.02CD3BC2
02CD3BBB |. OR DWORD PTR SS:[EBP+C],2000
02CD3BC2 |> TEST BL,1
02CD3BC5 |. JNZ SHORT Labelmas.02CD3BCE
02CD3BC7 |. OR DWORD PTR SS:[EBP+C],100
02CD3BCE |> AND DWORD PTR SS:[EBP+C],FFFFF8FF
02CD3BD5 |. MOV EAX,DWORD PTR SS:[EBP+C]
02CD3BD8 |. PUSH EAX ; /Arg2
02CD3BD9 |. PUSH EDI ; |Arg1
02CD3BDA |. CALL Labelmas.02CD4768 ; \Labelmas.02CD4768
02CD3BDF |. ADD ESP,8
02CD3BE2 |. MOV EBX,EAX
02CD3BE4 |. INC EAX
02CD3BE5 |. JNZ SHORT Labelmas.02CD3BF5
02CD3BE7 |. PUSH 4 ; /Arg1 = 00000004
02CD3BE9 |. CALL Labelmas.02CD4A24 ; \Labelmas.02CD4A24
02CD3BEE |. POP ECX
02CD3BEF |. PUSH ESI ; /hObject
02CD3BF0 |. CALL <JMP.&KERNEL32.CloseHandle> ; \CloseHandle
02CD3BF5 |> MOV EAX,EBX
02CD3BF7 |. POP EDI
02CD3BF8 |. POP ESI
02CD3BF9 |. POP EBX
02CD3BFA |. MOV ESP,EBP
02CD3BFC |. POP EBP
02CD3BFD \. RETN
02CD3BFE NOP
02CD3BFF NOP
Converted to HTML using
olly2html.pl
0.1 by Joe Stewart