%ifdef show_headers 386 4:35 2011 (Windows CUI) ory [.edata (or where ever we found it)] ory [parts of .idata] ctory [.rsrc] ectory [.pdata] ctory on Directory [.reloc] ry irectory tory e Directory [.tls] ation Directory Directory s Table Directory Directory eader x10002000 ection contents) ard DLL First n Name Thunk 000 000021f0 000020f0 d-To 000 0000226a 00002114 d-To ectEx on 000 000023bc 00002158 d-To dow 000 000024d6 00002190 d-To 000 00000000 00000000 LMA File off Algn 0001000 00000400 2**2 , CODE 0002000 00000600 2**2 , READONLY, DATA 0003000 00001600 2**2 , CODE, DATA 000b000 00000000 2**2 %endif start0: ;at absolute offset 0x400 in file jmp 0x10003008 mov $0x12345678,%edx mov %edx,0x10001100 mov %edx,0x10003100 mov %edx,0x10004100 mov start1, %edi ;0x10003000 jmp *%edi (bad) (bad) (bad) incl (%eax) impure: ;at absolute offset 0x600 in file cld and %eax,(%eax) add %dh,%al and %eax,(%eax) add %dh,%al and %al,(%eax) add %bh,0x22(%eax) add %al,(%eax) push $0x22 add %al,(%eax) adc $0x21,%al add %al,(%eax) enter $0x23,$0x0 mov $0x58000023,%esp and %eax,(%eax) add %ah,%al and $0x0,%al add %dl,%dh and $0x0,%al add %dl,0x21(%eax) add %al,(%eax) add %ah,(%eax) and (%eax),%al add %ch,(%eax) and (%eax),%al add %dh,(%edx) and (%eax),%al add %bh,(%edx) and (%eax),%al add %al,0x0(%edx,%eiz,1) add %cl,0x22(%esi) add %al,(%eax) pop %eax and (%eax),%al add %ah,0x22(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) mov $0xd0000022,%esp and (%eax),%al add %ah,%dl and (%eax),%al add %dh,%dl and (%eax),%al add %al,(%edx) and (%eax),%eax add %cl,(%esi) and (%eax),%eax add %bl,(%ebx,%eiz,1) add %al,(%eax) xor $0x23,%al add %al,(%eax) inc %edx and (%eax),%eax add %dl,0x23(%edx) add %al,(%eax) pusha and (%eax),%eax add %ch,0x23(%esi) add %al,(%eax) jl 0x10002169 add %al,(%eax) mov (%ebx),%fs add %al,(%eax) lcall $0x23,$0xa6000023 add %al,(%eax) add %al,(%eax) add %al,(%eax) and $0x0,%al add %dl,(%edx) and $0x0,%al add %ah,(%esi) and $0x0,%al add %bh,(%eax) and $0x0,%al add %al,0x24(%esi) add %al,(%eax) pop %esp and $0x0,%al add %ch,0x24(%edx) add %al,(%eax) jle 0x1000219a add %al,(%eax) xchg %eax,%edx and $0x0,%al add %bl,-0x57ffffdc(%edx) and $0x0,%al add %dh,0x24c40000(%esp) add %al,(%eax) add %al,(%eax) add %al,(%eax) in (%dx),%al and $0x0,%al add %al,(%eax) and $0x0,%eax add %al,(%eax) inc %ebx push %edx push %esp inc %esp dec %esp dec %esp cs fs insb (%dx),%es:(%edi) insb (%dx),%es:(%edi) add %al,(%eax) and %ah,(%edx) add %al,(%eax) sub %ah,(%edx) add %al,(%eax) xor (%edx),%ah add %al,(%eax) cmp (%edx),%ah add %al,(%eax) inc %esp and (%eax),%al add %cl,0x22(%esi) add %al,(%eax) pop %eax and (%eax),%al add %ah,0x22(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) add %eax,(%eax) pop %edi outsl %ds:(%esi),(%dx) jo 0x1000228b outsb %ds:(%esi),(%dx) add %al,(%ecx) add %bl,0x63(%edi) insb (%dx),%es:(%edi) outsl %ds:(%esi),(%dx) jae 0x10002295 add %al,(%eax) add %eax,(%eax) pop %edi jb 0x1000229c popa add %al,%fs:(%ecx) add %bl,0x77(%edi) jb 0x100022a9 je 0x100022a7 add %al,(%eax) add %eax,(%eax) pop %edi insb (%dx),%es:(%edi) jae 0x100022af imul $0x0,%gs:(%eax),%eax add %eax,(%eax) pop %edi addr16 gs je 0x100022b8 push $0x10000 je 0x100022c5 insl (%dx),%es:(%edi) add %al,%gs:(%eax) add %eax,(%eax) pop %edi gs jb 0x100022d8 outsb %ds:(%esi),(%dx) outsl %ds:(%esi),(%dx) add %al,(%eax) dec %ebx inc %ebp push %edx dec %esi inc %ebp dec %esp xor (%edx),%esi cs fs insb (%dx),%es:(%edi) insb (%dx),%es:(%edi) add %al,(%eax) mov $0xd0000022,%esp and (%eax),%al add %ah,%dl and (%eax),%al add %dh,%dl and (%eax),%al add %al,(%edx) and (%eax),%eax add %cl,(%esi) and (%eax),%eax add %bl,(%ebx,%eiz,1) add %al,(%eax) xor $0x23,%al add %al,(%eax) inc %edx and (%eax),%eax add %dl,0x23(%edx) add %al,(%eax) pusha and (%eax),%eax add %ch,0x23(%esi) add %al,(%eax) jl 0x100022cd add %al,(%eax) mov (%ebx),%fs add %al,(%eax) lcall $0x23,$0xa6000023 add %al,(%eax) add %al,(%eax) add %al,(%ecx) add %al,0x65(%edi) je 0x1000230f outsl %ds:(%esi),(%dx) fs jne 0x10002332 gs dec %eax popa outsb %ds:(%esi),(%dx) fs insb (%dx),%es:(%edi) gs inc %ecx add %al,(%eax) add %eax,(%eax) inc %edi gs je 0x10002326 jb 0x10002347 arpl %ax,0x64(%ecx) fs jb 0x10002343 jae 0x10002353 add %al,(%eax) add %eax,(%eax) inc %edi gs je 0x10002334 popa jae 0x1000235f inc %ebp jb 0x10002360 outsl %ds:(%esi),(%dx) jb 0x100022f1 add %al,(%ecx) add %al,0x72(%ebx) gs popa je 0x1000235f inc %ebp jbe 0x10002362 outsb %ds:(%esi),(%dx) je 0x10002341 add %al,(%eax) add %eax,(%eax) push %ebx gs je 0x1000234d jbe 0x1000236f outsb %ds:(%esi),(%dx) je 0x1000230d add %al,(%ecx) add %dl,0x65(%edx) jae 0x10002379 je 0x1000235b jbe 0x1000237d outsb %ds:(%esi),(%dx) je 0x1000231b add %al,(%ecx) add %dl,0x61(%edi) imul $0x6e695372,0x6f(%esi,%eax,2),%esi insb (%dx),%es:(%di) gs dec %edi bound %ebp,0x65(%edx) arpl %si,0x78(%ebp,%eax,2) add %al,(%ecx) add %al,0x6c(%ebx) outsl %ds:(%esi),(%dx) jae 0x100023a0 dec %eax popa outsb %ds:(%esi),(%dx) fs insb (%dx),%es:(%edi) add %al,%gs:(%ecx) add %al,0x72(%ebx) gs popa je 0x100023af push %esp push $0x64616572 add %al,(%eax) add %eax,(%eax) inc %ebp js 0x100023c0 je 0x100023ad push $0x64616572 add %al,(%eax) add %eax,(%eax) inc %ebp js 0x100023ce je 0x100023b7 jb 0x100023d8 arpl %sp,0x73(%ebp) jae 0x1000236e add %eax,(%eax) inc %ebx jb 0x100023d8 popa je 0x100023db inc %esi imul $0x44000100,0x41(%ebp,%eiz,2),%ebp gs jbe 0x100023eb arpl %sp,0x49(%ebp) outsl %ds:(%esi),(%dx) inc %ebx outsl %ds:(%esi),(%dx) outsb %ds:(%esi),(%dx) je 0x100023fd outsl %ds:(%esi),(%dx) insb (%dx),%es:(%edi) add %al,(%ecx) add %dl,0x65(%edx) popa fs inc %esi imul $0x57000100,0x0(%ebp,%eiz,2),%ebp jb 0x10002408 je 0x10002406 inc %esi imul $0x73450001,0x0(%ebp,%eiz,2),%ebp arpl %sp,0x70(%ecx) gs inc %ebx outsl %ds:(%esi),(%dx) insl (%dx),%es:(%edi) insl (%dx),%es:(%edi) inc %esi jne 0x10002423 arpl %si,0x6f(%ecx,%ebp,2) outsb %ds:(%esi),(%dx) add %al,(%eax) push %ebp push %ebx inc %ebp push %edx xor (%edx),%esi cs fs insb (%dx),%es:(%edi) insb (%dx),%es:(%edi) add %al,(%eax) add %ah,(%eax,%eax,1) add %dl,(%edx) and $0x0,%al add %ah,(%esi) and $0x0,%al add %bh,(%eax) and $0x0,%al add %al,0x24(%esi) add %al,(%eax) pop %esp and $0x0,%al add %ch,0x24(%edx) add %al,(%eax) jle 0x1000240a add %al,(%eax) xchg %eax,%edx and $0x0,%al add %bl,-0x57ffffdc(%edx) and $0x0,%al add %dh,0x24c40000(%esp) add %al,(%eax) add %al,(%eax) add %al,(%eax) add %eax,(%eax) inc %ebx jb 0x1000246a popa je 0x1000246d push %edi imul $0x7845776f,0x64(%esi),%ebp inc %ecx add %al,(%ecx) add %dl,0x65(%edx) imul $0x6c437265,0x74(%bp,%di),%esi popa jae 0x10002494 inc %ebp js 0x10002465 add %al,(%eax) add %eax,(%eax) inc %esp gs push %di imul $0x7250776f,0x64(%esi),%ebp outsl %ds:(%esi),(%dx) arpl %ax,0x0(%ecx) add %al,(%ecx) add %cl,0x61(%edi,%ebp,2) fs dec %ecx insl (%dx),%es:(%edi) popa addr16 gs inc %ecx add %al,(%eax) add %eax,(%eax) inc %edi gs je 0x10002492 outsl %ds:(%esi),(%dx) jb 0x100024b4 addr16 jb 0x100024c1 jne 0x100024c2 fs push %edi imul $0x100776f,0x64(%esi),%ebp add %al,0x65(%edi) je 0x100024af gs jae 0x100024d8 popa addr16 gs inc %ecx add %al,(%ecx) add %dl,0x61(%edx,%esi,2) outsb %ds:(%esi),(%dx) jae 0x100024de popa je 0x100024da dec %ebp gs jae 0x100024ec popa add %al,%gs:(%bx,%si) add %eax,(%eax) inc %esp imul $0x68637461,0x70(%ebx),%esi dec %ebp gs jae 0x100024ff popa addr16 gs inc %ecx add %al,(%eax) add %eax,(%eax) inc %edi gs je 0x100024dc inc %ebx add %al,(%ecx) add %al,0x65(%edx) imul $0x746e6961,0x50(%bp),%ebp add %al,(%eax) add %eax,(%eax) inc %ebp outsb %ds:(%esi),(%dx) fs push %eax popa imul $0x10000,0x74(%esi),%ebp push %ebp jo 0x1000251d popa je 0x10002521 push %edi imul $0x776f,0x64(%esi),%ebp add %eax,(%eax) dec %ecx outsb %ds:(%esi),(%dx) jbe 0x1000252b insb (%dx),%es:(%edi) imul $0x63655265,0x74(%ecx,%eiz,2),%esp je 0x100024d5 add %al,0x44(%edi) dec %ecx xor (%edx),%esi cs fs insb (%dx),%es:(%edi) insb (%dx),%es:(%edi) add %ch,%ah and $0x0,%al add %al,(%eax) and $0x0,%eax add %al,(%eax) add %eax,(%eax) inc %ebx jb 0x10002556 popa je 0x10002559 inc %esp dec %ecx inc %edx push %ebx arpl %si,%gs:0x6f(%ecx,%ebp,2) outsb %ds:(%esi),(%dx) add %al,(%eax) add %eax,(%eax) push %ebx je 0x10002577 gs je 0x1000256b push $0x69424944 je 0x10002582 start1: jmp start2 ;0x10006e4a align 8 start1_copy: jmp start2 ;0x10006e4a data0x1000300d: resw 3 data0x10003013: db ' ' signature: data0x10003014 db 'cmcf 4.1b-pd' dd 0 ;0x10003020 powers: ;0x10003024 dd 10, 100, 1000, 10000, 100000, 1000000, dd 10000000, 100000000, 1000000000 cmpsl %es:(%edi),%ds:(%esi) inc %ecx add %dl,(%eax) adc (%eax),%al add %al,(%eax) mov %al,(%edx) data0x10003060: dd 0 data0x10003064: dd 0x1000b000 _offset: ;0x10003068 dd 0 _nc: dd 0x80 push %eax add %al,(%eax) add %ch,0x100045(%ecx) add %al,(%eax) add %ch,0x6a(%ebx) add %dl,(%eax) add %al,(%eax) add %al,(%eax) cmp $0x8b000003,%eax add (%eax),%al add %ah,%ch inc %edx add %dl,(%eax) xchg %eax,%esp inc %ebx add %dl,(%eax) or (%eax),%al add %al,(%eax) inc %esp inc %ebp add %dl,(%eax) add %bh,%bh incl (%eax) add %eax,(%eax) add %al,(%eax) lds (%ebx),%edi add %dl,(%eax) mov (%ecx),%? add %dl,(%eax) add %eax,(%eax) add %al,(%eax) mov $0x3a,%dl add %dl,(%eax) push %es add %al,(%eax) add %dh,0x0(%ecx) add %al,(%eax) add %al,(%eax) adc %al,(%eax) add %al,(%eax) adc %al,(%eax) jno 0x100030da add %al,(%eax) push %es add %al,(%eax) add %ah,0x3d(%ebp) add %dl,(%eax) sarb %cl,(%ebx) add %dl,(%eax) xchg %bh,(%eax,%eax,1) adc %ah,%ah cmp (%eax),%al adc %bh,%dh cmp (%eax),%eax adc %bl,-0x51efffc5(%esi) cmp (%eax),%eax adc %cl,0x3c(%esi) add %dl,(%eax) insb (%dx),%es:(%edi) cmp $0x0,%al adc %cl,-0x71efffc7(%esi) cmp %eax,(%eax) adc %cl,0x4f100039(%esi) cmp (%eax),%eax adc %cl,-0x71efffc7(%esi) cmp %eax,(%eax) adc %cl,0x42100039(%esi) cmp %eax,(%eax) adc %cl,-0x71efffc7(%esi) cmp %eax,(%eax) adc %dh,0x3e(%ebx) add %dl,(%eax) jno 0x10003198 add %dl,(%eax) add (%eax),%eax add (%eax),%eax add (%eax),%eax add %al,(%eax) hlt add (%eax),%eax add %al,(%eax) add %al,(%eax) add %al,(%eax) dec %ebx add %al,(%eax) add %al,(%eax) rclb %cl,(%ecx) add %al,(%eax) rclb %cl,(%ecx) add %al,(%eax) add %al,(%eax) fdivp %st,%st(7) add %dh,%al add %dl,(%eax) fwait shll $0x36,(%eax) cmp $0x0,%edi mov %ah,(%edi) rolb $0xc0,(%eax) mov %ch,(%eax,%eax,1) jbe 0x1000310c movb $0x0,(%eax) add %al,(%eax) iret cmp $0x0,%al adc %bl,0x7f10003a(%edx) cmp (%eax),%al adc %ch,0x3a(%ecx) add %dl,(%eax) repz cmp $0x0,%al adc %al,(%esi) cmp $0x1000,%eax add %al,(%eax) add %al,0x66(%eax) movb $0x40,(%eax) mov %?,-0x3b465f80(%edx) add %cl,-0x76(%eax,%ecx,8) add %ah,-0x4f(%ecx,%ecx,4) add %al,(%eax) add %dl,-0x7ee1e000(%eax) add %al,(%eax) pop %esp adc $0x0,%al and %bh,0xb8(%ecx) imul $0x8643b8,0xb18c54(%eax),%eax adc $0xe,%al (bad) add %al,(%eax) scas %es:(%edi),%al mov 0xc8828000,%eax add %ah,(%eax) inc %edi incl (%eax) add %bh,%al xlat %ds:(%ebx) add %al,(%eax) clc aad $0x0 add %bh,%al roll %cl,(%eax) add %al,(%eax) cld add %al,(%eax) inc %edx mov %al,0xe59a3880 add %al,(%eax) daa lds 0x5e(%eax),%eax cwtl rclb $0x31,(%eax) dec %ecx pop %ecx add %al,(%eax) mov $0x582000c4,%eax inc %ecx add %bl,0x400091e2(%eax) (bad) add %ah,(%eax) loop 0x10003650 add %al,(%eax) mov $0xf5720048,%ecx rolb $0x72,(%eax) xchg %eax,%ecx aam $0x0 add %al,(%eax) ljmp $0x8000,$0xc9d40000 aad $0xc9 add %al,(%eax) adcb $0x0,-0x79da6e00(%eax) pusha ja 0x100035ec add %al,0xe(%eax) dec %esp add %al,(%eax) add %al,0x0(%eax) add %al,-0x5c(%eax) add %al,(%eax) sbbb $0x80,(%eax) sub $0xae,%al test $0x90,%al movsl %ds:(%esi),%es:(%edi) faddl -0x4f5d89c0(%ebp) add %al,-0x36(%eax) and $0x0,%al add %al,%ah and -0x3a(%eax),%esp xchg %eax,%ebx call 0xd0992958 add %al,(%eax) add %dl,0x0(%edx) add %ah,-0x34d00000(%esi,%esi,8) add %al,(%eax) loope 0x10003619 add %al,%al fdivs -0x3986c000(%ebx) add %al,(%eax) mov $0xa3,%dl add %al,%ah rclb 0x3912b100(%ecx) add %al,(%eax) and %al,-0x5d3f8000(%esi) inc %eax xchg %eax,%esi fmul %st(4),%st add %al,-0x7fff38b2(%eax) popa xchg %eax,%esi add %al,(%eax) mov 0x4e840000(%ecx),%? add %ah,(%esi,%eiz,2) pop %esp add %al,(%eax) add %cl,%al inc %eax (bad) lcall $0x3b,$0x5a0840c7 add %dl,-0x49ebefd9(%eax) mov $0x5c482000,%ebx add %dl,-0x70(%eax) ret $0x6400 pop %eax and %eax,0x38(%eax) or $0xc9,%al add %al,0x3c(%eax) sub %ah,(%eax) jbe 0x100036ea xchg %eax,%esi add %cl,(%eax) mov -0x302eda00(%ecx),%? add %dh,-0xb(%esi) rolb $0x12,(%eax) je 0x100036a7 inc %eax sub %ah,%dh arpl %ax,(%eax) add %ah,%al pop %ds add %al,(%eax) aam $0x6c add %al,(%eax) loopne 0x1000367a add %al,%al and $0xf0c540c5,%eax rolb $0x80,(%eax) adc $0x59,%al add %al,0x7400f747(%ecx) jns 0x1000376e add %al,(%eax) shlb $0x0,-0x9800000(%ebx) jbe 0x1000372c adc $0x40,%al xchg %eax,%esi xchg %eax,%ebx call 0xdc4f4b10 adc %ch,(%ebx) rolb $0x40,0x0(%esi) jo 0x100036d5 add %al,0x1d(%eax) cmp (%eax),%al mov 0xa000bd0e,%al push %cs xchg %eax,%ebp add %al,(%eax) xor $0xc7,%al subb $0x6b,(%esi) sbb $0x40,%al xchg %eax,%edi xor $0x851490be,%eax mov $0x40,%ah jo 0x100036df mov $0x80,%ah mov -0x4f5d2000(%ebx,%esi,4),%bl add %cl,%cl lds -0x4dbdc000(%ebp),%esi add %dh,%ah cwtl sbb (%eax),%eax jp 0x1000371b mov $0x0,%ebp test %ecx,0x0(%ebp) adc %ah,%al insb (%dx),%es:(%edi) add %dl,(%eax) xor $0xbf100039,%eax cmp (%eax),%al adc %bl,%bh cmp (%eax),%al adc %ah,%ch cmp %eax,(%eax) adc %dl,%ch insb (%dx),%es:(%edi) add %dl,(%eax) (bad) insb (%dx),%es:(%edi) add %dl,(%eax) xlat %ds:(%ebx) insb (%dx),%es:(%edi) add %dl,(%eax) clc outsb %ds:(%esi),(%dx) add %dl,(%eax) fsubrs 0x10(%eax,%eax,1) (bad) cmp %eax,(%eax) adc %al,%bh cmp %eax,(%eax) adc %al,0xc10003d(%edx) cmp $0x3d171000,%eax add %dl,(%eax) enter $0x3c,$0x10 sarl $0x10,(%eax,%eax,1) mov $0x9e10003c,%edx cmp $0x0,%al adc %bl,0x3d(%esi) add %dl,(%eax) jne 0x100037e7 add %dl,(%eax) clc cmp $0x3e031000,%eax add %dl,(%eax) test $0x50100045,%eax dec %ebp add %dl,(%eax) mov 0x0(%ebp),%ecx adc %bl,-0x14efffb3(%esi) cmp %eax,(%eax) adc %dl,(%eax) cmp (%eax),%al adc %ch,%al add %dl,%ds:(%eax) ss inc %ecx add %dl,(%eax) sub %bh,(%edi) add %dl,(%eax) cmpsl %es:(%edi),%ds:(%esi) inc %ecx add %dl,(%eax) bound %eax,0x0(%ecx) adc %dl,0x41(%eax) add %dl,(%eax) int $0x3d add %dl,(%eax) sbb $0x8310003f,%eax inc %eax add %dl,(%eax) jmp 0x1000383e add %dl,(%eax) std dec %esp add %dl,(%eax) aam $0x40 add %dl,(%eax) fildl 0x0(%eax) adc %dh,0x3e(%ebx) add %dl,(%eax) imul $0x10,0x0(%esi),%esp mov $0x39,%ah add %dl,(%eax) arpl %di,(%edi) add %dl,(%eax) movsb %ds:(%esi),%es:(%edi) cmp $0x42441000,%eax add %dl,(%eax) (bad) dec %ebp add %dl,(%eax) loop 0x1000385e add %dl,(%eax) icebp inc %eax add %dl,(%eax) add 0x0(%edi),%ebp adc %cl,(%esi) outsl %ds:(%esi),(%dx) add %dl,(%eax) jb 0x1000386c add %dl,(%eax) mov 0x8110003f,%al aas add %dl,(%eax) icebp cmp $0x41021000,%eax add %dl,(%eax) sbb %ebp,0x0(%edi) adc %ah,(%edi,%ebp,2) add %dl,(%eax) dec %edx inc %esi add %dl,(%eax) das outsl %ds:(%esi),(%dx) add %dl,(%eax) cmp 0x0(%edi),%ch adc %dh,0x4a(%ecx) add %dl,(%eax) inc %ebp outsl %ds:(%esi),(%dx) add %dl,(%eax) arpl %di,(%edx) add %dl,(%eax) jl 0x100038d1 add %dl,(%eax) mov $0x6f,%bl add %dl,(%eax) xchg %ebp,0x0(%edi) adc %dl,(%esi,%ecx,2) add %dl,(%eax) inc %ebx dec %esi add %dl,(%eax) xchg %eax,%edx outsl %ds:(%esi),(%dx) add %dl,(%eax) popf outsl %ds:(%esi),(%dx) add %dl,(%eax) test $0x6f,%al add %dl,(%eax) aam $0x6f add %dl,(%eax) clc outsb %ds:(%esi),(%dx) add %dl,(%eax) push %eax outsl %ds:(%esi),(%dx) add %dl,(%eax) pop %ebx outsl %ds:(%esi),(%dx) add %dl,(%eax) gs inc %ebx add %dl,(%eax) outsw %ds:(%esi),(%dx) add %dl,(%eax) pusha push $0x0 adc %ah,%bh dec %edi add %dl,(%eax) repnz dec %edi add %dl,(%eax) mov (%ecx),%? add %dl,(%eax) mov $0xc910006f,%esi outsl %ds:(%esi),(%dx) add %dl,(%eax) fildll 0x0(%edi) adc %dh,0x6f(%ecx) add %dl,(%eax) mov $0x48,%al add %dl,(%eax) xor %ecx,0x0(%esi) adc %bl,(%edx) dec %ecx add %dl,(%eax) add 0x0(%ebp),%cl adc %cl,0x55(%esi) add %dl,(%eax) ljmp $0x56,$0x4610006f adc %ah,0x0(%esi,%edx,2) adc %dl,-0x30efffab(%ebx) push %ebp add %dl,(%eax) sbb %dl,0x0(%esi) adc %dh,(%edx) push %esi add %dl,(%eax) outsl %ds:(%esi),(%dx) push %esi add %dl,(%eax) imul $0x557810,0x0(%ebp),%edx adc %al,-0x52efffa9(%eax) push %edi add %dl,(%eax) ret $0x57 adc %bh,%ch push %edi add %dl,(%eax) and %bl,0x0(%eax) adc %al,0x58(%ebx) add %dl,(%eax) inc %esp push %ebp add %dl,(%eax) pop %edi push %ebp add %dl,(%eax) add %al,(%eax) add %al,(%eax) lea -0x4(%esi),%esi mov %eax,(%esi) push %esi mov 0x10003120,%eax mov %esp,(%eax) add $0x4,%eax jmp *%eax pop %eax mov (%eax),%esp mov %eax,0x10003120 pop %esi lods %ds:(%esi),%eax ret pause: push %edi call 0x10003918 pop %edi ret call 0x1000392a clc arpl %ax,(%ecx) adc %ch,%al (bad) (bad) (bad) clc aas add %edx,(%eax) call 0x1000392a clc sbb (%ecx),%eax adc %ch,%bl jecxz 0x10003915 cld xor (%ecx),%eax adc %cl,0x3ffcb90a(%ecx) add %edx,(%eax) popl (%ecx) lea -0x4(%ecx),%ecx mov %edx,(%ecx) mov %ecx,0x1000394b ret mov $0x10010ffc,%edx mov %ecx,(%edx) mov $0x10011bfc,%ecx popl (%ecx) lea -0x4(%ecx),%ecx mov %edx,(%ecx) mov %ecx,0x10003954 ret ret show: popl 0x10003124 call 0x1000395a call *0x1000312c call *0x10003124 call *0x10003130 jmp 0x1000399a call 0x1000398f ret popl 0x10003124 call 0x1000395a call *0x10003124 jmp 0x100039bf serve: popl 0x10003128 call 0x10003974 call 0x10003935 call *0x10003128 jmp 0x100039d2 call serve ;0x100039c7 ret c: mov $0x10015804,%esi ret mov 0x100030dc,%ecx mov %ecx,0x100030b8 mov 0x100030d8,%ecx mov %ecx,0x100030bc mov 0x100030c4,%ecx mov %ecx,0x100030c0 ret mov 0x100030c0,%ecx mov %ecx,0x100030c4 mov 0x100030bc,%ecx mov %ecx,0x100030d8 mov 0x100030b8,%ecx mov %ecx,0x100030dc movl $0x0,0x100030cc ret mov 0x100030dc,%ecx push %edi lea 0x1000315c(,%ecx,4),%edi jmp 0x10003a5d mov 0x100030d8,%ecx push %edi lea 0x10187ffc(,%ecx,4),%edi std repnz scas %es:(%edi),%eax cld pop %edi ret jmp *0x10003078 drop: mov 0x100030c4,%edx mov %edx,0x100030d0 movb $0xad,(%edx) incl 0x100030c4 ret qdup: mov 0x100030c4,%edx dec %edx cmp %edx,0x100030d0 jne dup ;0x10003a9a cmpb $0xad,(%edx) jne dup ;0x10003a9a mov %edx,0x100030c4 ret dup: mov 0x100030c4,%edx movl $0x89fc768d,(%edx) movb $0x6,0x4(%edx) addl $0x5,0x100030c4 ret lea -0x4(%esi),%esi mov %eax,(%esi) ret popl 0x100030ec ret macro: call 0x10003ab8 push %eax mov 0x100030dc,%ecx incl 0x100030dc lea 0x10003160(,%ecx,4),%ecx mov $0x218,%eax jmp 0x10003afd forth: call 0x10003ab8 push %eax mov 0x100030d8,%ecx incl 0x100030d8 lea 0x10188000(,%ecx,4),%ecx mov $0x2800,%eax mov -0x4(,%edi,4),%edx and $0xfffffff0,%edx mov %edx,(%ecx) mov 0x100030c4,%edx mov %edx,(%ecx,%eax,1) lea (%ecx,%eax,1),%edx shr $0x2,%edx mov %edx,0x100030c8 pop %eax mov %esp,0x100030d0 movl $0x10003ab2,0x100030b4 testl $0xffffffff,0x100030cc je 0x10003b41 jmp *0x100030cc ret lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x10188004(,%ecx,4),%eax ret call 0x10003ae4 movl $0x10003b42,0x2800(%ecx) incl 0x100030d8 mov %edi,0x4(%ecx) inc %edi ret movl $0x10003ab2,0x100030b4 call 0x10003a7f mov 0x100030d0,%edx mov %edx,0x100030d4 mov 0x100030c4,%edx mov %edx,0x100030d0 movb $0xb8,(%edx) mov %eax,0x1(%edx) addl $0x5,0x100030c4 ret call *0x100030b4 mov 0x0(,%edi,4),%eax inc %edi jmp 0x10003bbe call *0x100030b4 mov -0x4(,%edi,4),%eax sar $0x5,%eax call 0x10003b73 lods %ds:(%esi),%eax ret xor %edi,%edi decl 0x100030a8 je 0x10003beb lods %ds:(%esi),%eax jmp 0x10003bc7 movl $0x10003b69,0x100030b4 lea -0x4(%esi),%esi mov %eax,(%esi) mov -0x4(,%edi,4),%eax and $0xfffffff0,%eax call 0x10003a4f jne 0x10003a63 lods %ds:(%esi),%eax jmp *0x1018a800(,%ecx,4) call *0x100030b4 mov -0x4(,%edi,4),%eax and $0xfffffff0,%eax call 0x10003a3f jne 0x10003c1d lods %ds:(%esi),%eax jmp *0x10003378(,%ecx,4) call 0x10003a4f mov 0x1018a800(,%ecx,4),%eax jne 0x10003a63 mov 0x100030c4,%edx mov %edx,0x100030d0 movb $0xe8,(%edx) add $0x5,%edx sub %edx,%eax mov %eax,-0x4(%edx) mov %edx,0x100030c4 lods %ds:(%esi),%eax ret call *0x100030b4 mov -0x4(,%edi,4),%eax and $0xfffffff0,%eax call 0x10003a3f mov 0x10003378(,%ecx,4),%eax jmp 0x10003c29 movl $0x10003b69,0x100030b4 lea -0x4(%esi),%esi mov %eax,(%esi) mov -0x4(,%edi,4),%eax sar $0x5,%eax ret movl $0x10003b69,0x100030b4 lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x0(,%edi,4),%eax inc %edi ret comma: mov $0x4,%ecx compile: mov 0x100030c4,%edx mov %eax,(%edx) mov (%esi),%eax lea (%ecx,%edx,1),%edx lea 0x4(%esi),%esi mov %edx,0x100030c4 ret _1comma: mov $0x1,%ecx jmp 0x10003ca3 _2comma: mov $0x2,%ecx jmp 0x10003ca3 _3comma: mov $0x3,%ecx jmp 0x10003ca3 semicolon: mov 0x100030c4,%edx sub $0x5,%edx cmp %edx,0x100030d0 jne 0x10003ce8 cmpb $0xe8,(%edx) jne 0x10003ce8 incb (%edx) ret movb $0xc3,0x5(%edx) incl 0x100030c4 ret then: mov %esp,0x100030d0 mov 0x100030c4,%edx sub %eax,%edx mov %dl,-0x1(%eax) lods %ds:(%esi),%eax ret begin: mov %esp,0x100030d0 here: lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x100030c4,%eax ret qlit: ;?lit mov 0x100030c4,%edx lea -0x5(%edx),%edx cmp %edx,0x100030d0 jne 0x10003d5b cmpb $0xb8,(%edx) jne 0x10003d5b lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x100030d4,%eax mov %eax,0x100030d0 mov 0x1(%edx),%eax cmpl $0x89fc768d,-0x5(%edx) je 0x10003d53 mov %edx,0x100030c4 jmp 0x10003a69 addl $0xfffffff6,0x100030c4 ret xor %edx,%edx ret less: ;is top of stack less than 2nd element down? cmp %eax,(%esi) js 0x10003d64 ;yes, it's less xor %ecx,%ecx ;nope, clear flags ret testl $0xfffffff0,-0x4(,%edi,4) jne 0x10003d74 pop %edi pop %edi ret jump: pop %edx add %eax,%edx lea 0x5(%edx,%eax,4),%edx add -0x4(%edx),%edx lods %ds:(%esi),%eax jmp *%edx load: add _offset, %eax ;0x10003068,%eax shl $0x8,%eax push %edi mov %eax,%edi lods %ds:(%esi),%eax mov 0x0(,%edi,4),%edx inc %edi and $0xf,%edx call *0x100030e0(,%edx,4) jmp 0x10003d8f add %cl,0x31380d(%ebx) adc %al,%cl loope 0x10003dbd add $0x3,%ecx mov %ecx,0x10003134 mov %ecx,0x10003140 ret mov 0x10003136,%cx cmp 0x1000313c,%cx js 0x10003de6 mov 0x10003138,%ecx shl $0x10,%ecx mov 0x10003134,%cx add $0x1e,%ecx mov %ecx,0x10003134 ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xffffff,%eax mov %eax,0x10003154 lods %ds:(%esi),%eax ret mov $0xcf8,%edx out %eax,(%dx) lea 0x4(%edx),%edx in (%dx),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x80080008,%eax mov $0xfe,%ecx lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10003df8 and $0xff000000,%eax xor 0x4(%esi),%eax lods %ds:(%esi),%eax je 0x10003e2f sub $0x800,%eax dec %ecx jne 0x10003e12 lea 0x4(%esi),%esi lea -0x8(%eax),%eax ret mov $0x3000000,%eax call 0x10003e03 lea 0x10(%eax),%eax mov $0x6,%cl lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10003df8 and $0xfb,%al xor $0x8,%al je 0x10003e6b lods %ds:(%esi),%eax lea 0x4(%eax),%eax dec %ecx jne 0x10003e45 lea -0x18(%eax),%eax lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10003df8 and $0xf0,%al mov %eax,0x10003150 lods %ds:(%esi),%eax ret lods %ds:(%esi),%eax ret mov 0x10003134,%edi mov %edi,%ecx test %cx,%cx jns 0x10003e83 xor %ecx,%ecx and $0xffff,%ecx mov %ecx,0x1000315c imul $0x1000,%ecx,%ecx sar $0x10,%edi jns 0x10003e9c xor %edi,%edi mov %edi,0x10003158 lea (%ecx,%edi,4),%edi add 0x10003148,%edi ret lods %ds:(%esi),%ax xchg %al,%ah mov $0x10,%ecx shl %ax jae 0x10003ebc mov %edx,(%edi) add $0x4,%edi dec %ecx jne 0x10003eb5 ret lods %ds:(%esi),%ax xchg %al,%ah mov $0x10,%ecx shl %eax jae 0x10003ee1 mov %edx,(%edi) mov %edx,0x4(%edi) mov %edx,0x1000(%edi) mov %edx,0x1004(%edi) add $0x8,%edi dec %ecx jne 0x10003ecc ret call 0x10003dbd push %esi push %edi push %edx imul $0x30,%eax,%eax lea 0x10023000(%eax),%esi call 0x10003e74 mov 0x10003154,%edx mov $0x18,%ecx push %ecx call 0x10003eac add $0xfc0,%edi pop %ecx dec %ecx jne 0x10003f09 pop %edx pop %edi pop %esi lods %ds:(%esi),%eax addl $0x160000,0x10003134 ret push %esi push %edi push %edx imul $0x30,%eax,%eax lea 0x10023000(%eax),%esi call 0x10003e74 mov 0x10003154,%edx mov $0x18,%ecx push %ecx call 0x10003ec3 add $0x1f80,%edi pop %ecx dec %ecx jne 0x10003f44 pop %edx pop %edi pop %esi addl $0x2c0000,0x10003134 lods %ds:(%esi),%eax ret call 0x10003de7 movl $0x3,0x10003138 movl $0x3f4,0x1000313c jmp 0x10003da4 call 0x10003e74 mov (%esi),%ecx shl %ecx shl %ecx sub %ecx,%edi mov %eax,%ecx mov 0x10003154,%eax rep stos %eax,%es:(%edi) incl 0x10003134 lods %ds:(%esi),%eax lods %ds:(%esi),%eax ret call 0x10003e74 cmp $0x301,%eax js 0x10003fb1 mov $0x300,%eax mov %eax,%ecx sub 0x1000315c,%ecx jle 0x10003fec cmpl $0x401,(%esi) js 0x10003fc9 movl $0x400,(%esi) mov 0x10003158,%eax sub %eax,(%esi) jle 0x10003fec mov $0x400,%edx sub (%esi),%edx shl $0x2,%edx mov 0x10003154,%eax push %ecx mov (%esi),%ecx rep stos %eax,%es:(%edi) add %edx,%edi pop %ecx dec %ecx jne 0x10003fe1 lods %ds:(%esi),%eax lods %ds:(%esi),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xffff,%eax jmp 0x10003df1 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xff00ff,%eax jmp 0x10003df1 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xc0c0c0,%eax jmp 0x10003df1 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4040ff,%eax jmp 0x10003df1 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xff0000,%eax jmp 0x10003df1 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x8000ff00,%eax jmp 0x10003df1 add %al,(%eax) add %dl,-0x47(%esi) or (%eax),%al add %al,(%eax) lea 0x10004049,%edi lea 0x1(%edi),%esi rep movsb %ds:(%esi),%es:(%edi) pop %esi mov %al,0x10004053 lods %ds:(%esi),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xb,%ecx lea 0x10004049,%edi xor %eax,%eax rep stos %al,%es:(%edi) lods %ds:(%esi),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) xor %edx,%edx mov $0x1e,%ecx div %ecx mov %edx,%eax add $0x37fe5,%edx mov %edx,0x10003134 test %eax,%eax mov $0x0,%eax jne 0x100040a9 inc %eax ret lea -0x4(%esi),%esi mov %eax,(%esi) xor %eax,%eax mov %eax,0x10003134 call 0x10003df1 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x400,%eax lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x300,%eax jmp 0x10003fa0 mov %eax,0x10003138 lods %ds:(%esi),%eax ret mov %eax,0x1000313c lods %ds:(%esi),%eax ret mov %ax,0x10003134 lods %ds:(%esi),%eax mov %ax,0x10003136 lods %ds:(%esi),%eax ret add %ax,0x10003134 lods %ds:(%esi),%eax add %ax,0x10003136 breakpoint: ;0x12345678 loaded here by alternate startpoint lods %ds:(%esi),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x43,%eax mov 0x4(%esi),%edx test %edx,%edx jns 0x1000411a neg %edx mov %edx,0x4(%esi) xor $0x1,%al cmp (%esi),%edx jns 0x10004120 xor $0x4,%al ret sbb %bl,(%ecx) sbb (%ebx),%bl sbb $0x1d,%al push %ds pop %ds and %ah,(%ecx) add $0x4100a13,%eax push %cs lea -0x4(%esi),%esi mov %eax,(%esi) push %ecx mov 0x10004121(%eax),%al call 0x10003ee8 pop %ecx ret rol $0x4,%eax lea -0x4(%esi),%esi mov %eax,(%esi) and $0xf,%eax ret mov %eax,%edx neg %eax lea 0x20(,%eax,4),%ecx lods %ds:(%esi),%eax rol %cl,%eax mov %edx,%ecx jmp 0x10004167 mov $0x8,%ecx call 0x10004144 call 0x10004136 dec %ecx jne 0x10004167 lods %ds:(%esi),%eax ret mov $0x7,%ecx call 0x10004144 jne 0x1000419b lods %ds:(%esi),%eax dec %ecx jne 0x1000417b inc %ecx call 0x10004144 call 0x10004136 dec %ecx jne 0x10004187 call 0x10003f1d lods %ds:(%esi),%eax ret inc %ecx jmp 0x1000418c cmpl $0xa,0x10003090 jne 0x10004176 mov %eax,%edx test %edx,%edx jns 0x100041be neg %edx lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x23,%eax call 0x10003ee8 mov $0x8,%ecx mov %edx,%eax xor %edx,%edx divl powers(,%ecx,4) test %eax,%eax jne 0x100041e2 dec %ecx jns 0x100041c3 jmp 0x100041ea mov %edx,%eax xor %edx,%edx divl powers(,%ecx,4) call 0x10004131 dec %ecx jns 0x100041d7 mov %edx,%eax call 0x10004131 call 0x10003f1d lods %ds:(%esi),%eax ret add $0xc,%edi call 0x10004208 call 0x10003f1d sub $0x10,%edi mov $0x4,%ecx push %ecx lea -0x4(%esi),%esi mov %eax,(%esi) xor %eax,%eax mov 0x4(%edi),%al inc %edi call 0x10003ee8 pop %ecx dec %ecx jne 0x1000420d ret mov $0x100157fc,%edi mov 0x10003942,%edx cmp %edi,(%edx) jae 0x10004243 lea -0x4(%esi),%esi mov %eax,(%esi) mov (%edi),%eax sub $0x4,%edi call 0x1000419e jmp 0x10004228 ret call 0x10003f63 mov 0x10003088,%edi lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x10003098,%eax call 0x10003df1 mov 0x10003080,%eax add $0x0,%eax mov %eax,0x10003138 mov %eax,%edx add $0xc6,%edx mov %edx,0x1000313c shl $0x10,%eax add 0x10003084,%eax mov %eax,0x10003134 call 0x100041f8 call 0x100041f8 call 0x100041f8 call 0x10003dcd addl $0x580000,0x10003134 mov 0x1000308c,%edi add $0xc,%edi mov $0x3,%ecx call 0x1000420d movl $0x3,0x10003138 movw $0x3,0x10003136 call 0x10004223 movw $0x24b,0x10003136 lea 0x10004045,%edi mov $0xb,%ecx jmp 0x1000420d or $0x140c010a,%eax add (%esi),%al or %dl,(%ebx) or %ecx,(%edi) adc %edx,(%edx) or (%esi),%ecx pop %es add $0x17160403,%eax and $0x15,%al adc %bl,(%ecx) sbb (%ebx),%bl add %bl,0x201f181e(,%ebx,1) and %ebp,(%edi) sub %ebp,(%eax) sub (%esi,%eiz,1),%ch and 0x2b272d2e,%ah and (%ecx),%ebx sbb (%ebx),%bl add %bl,0x201f181e(,%ebx,1) and %eax,(%eax) sbb %ebx,(%edx) sbb (%eax),%eax sbb $0x1d,%al push %ds sbb %bl,(%edi) and %ah,(%ecx) add %al,(%eax) add $0x10000a13,%eax add $0xe,%al add %al,(%eax) add %al,(%eax) cmp $0x4,%al js 0x10004356 mov 0x10003088,%edx mov (%eax,%edx,1),%al ret jnp 0x100043c0 add %dl,(%eax) push %ss push $0x25ff1000 push %edi inc %ebx add %dl,(%eax) jmp *0x1000435b add %ah,-0x59efffbb(%esi) inc %ebp add %dl,(%eax) cmpsb %es:(%edi),%ds:(%esi) inc %ebp add %dl,(%eax) clc inc %ebp add %dl,(%eax) add %al,(%eax) add $0x44b300,%eax adc %cl,0x44(%ebx) add %dl,(%eax) icebp inc %ebx add %dl,(%eax) sbb $0x15100046,%eax and $0x45a60005,%eax add %dl,(%eax) cmpsb %es:(%edi),%ds:(%esi) inc %ebp add %dl,(%eax) in $0x44,%al add %dl,(%eax) or 0x0(%esi),%al adc %al,(%eax) and %ebp,0x44b300 adc %cl,0x44(%ebx) add %dl,(%eax) icebp inc %ebx add %dl,(%eax) das inc %esi add %dl,(%eax) adc $0xa6002d25,%eax inc %ebp add %dl,(%eax) fiaddl 0x10(%eax,%eax,1) testl $0x458210,0x0(%ebp) adc %ah,(%ebx) add $0x44e1000e,%eax add %dl,(%eax) sahf inc %ebp add %dl,(%eax) aaa inc %ebp add %dl,(%eax) loope 0x10004422 add %dl,(%eax) adc $0x1c000025,%eax mov 0x100043e4,%cl add $0x4,%cl shll %cl,(%esi) ret call 0x100043e5 lods %ds:(%esi),%eax ret call 0x100043e5 incl 0x100030a8 movb $0x1c,0x100043e4 sub %ch,0x100043e4 mov %edx,%eax lea -0x4(%esi),%esi mov %eax,(%esi) ret add $0x50,%eax mov $0x7,%cl jmp 0x1000442c cmp $0x10,%al jae 0x10004418 mov $0x4,%cl test $0x8,%al je 0x1000442c inc %ecx xor $0x18,%al mov %eax,%edx mov %cl,%ch cmp %cl,0x100043e4 jae 0x10004440 shr %al jb 0x100043f8 dec %cl jmp 0x10004430 shll %cl,(%esi) xor %eax,(%esi) sub %cl,0x100043e4 ret call 0x1000406d mov 0x100030a8,%eax lea (%esi,%eax,4),%esi lods %ds:(%esi),%eax jmp *0x10003070 call 0x1000406d movl $0x1,0x100030a8 movl $0x1,0x1000309c lea -0x4(%esi),%esi mov %eax,(%esi) movl $0x0,(%esi) movb $0x1c,0x100043e4 call 0x10004349 jns 0x1000449a mov 0x1000308c,%edx jmp *(%edx,%eax,4) test %al,%al je 0x100044b3 lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10004054 call 0x1000441f incl 0x1000309c lods %ds:(%esi),%eax call 0x1000435f jmp 0x1000448a push %cs or (%eax),%al add %al,(%eax) add %cl,(%eax,%eax,1) add %al,(%eax) str 0xb0000 add %al,(%eax) add %al,(%eax) add %eax,(%edx) add 0x9080706(,%eax,1),%eax add %ah,0x100044d9(%edx) jmp 0x1000452a lods %ds:(%esi),%eax jmp 0x100044f3 call *0x10003094 movb $0x0,0x100044d9 xor %eax,%eax call 0x1000435f call 0x10004349 jns 0x10004508 mov 0x1000308c,%edx jmp *(%edx,%eax,4) test %al,%al je 0x100044e1 mov 0x100044b7(%eax),%al testb $0x1f,0x100044d9 je 0x1000451d neg %eax mov (%esi),%edx imul 0x10003090,%edx add %eax,%edx mov %edx,(%esi) lods %ds:(%esi),%eax movl $0x100043d0,0x1000308c jmp 0x100044f3 lods %ds:(%esi),%eax call *0x100030a4 jmp *0x10003070 movl $0xa,0x10003090 movl $0x100043bc,0x1000308c movl $0x10004315,0x10003088 ret movl $0x10,0x10003090 movl $0x100043bc,0x1000308c movl $0x1000432d,0x10003088 ret xorl $0x27,0x10003094 xorb $0x2f,0x100043ce call *0x10003094 jmp 0x100044e1 lods %ds:(%esi),%eax lods %ds:(%esi),%eax jmp *0x10003070 lods %ds:(%esi),%eax jmp 0x100045bf movl $0x10004394,0x1000308c lea 0x100042e5,%edi mov %edi,0x10003088 testl $0xffffffff,0x10003074 je 0x100045d1 jmp *0x10003074 call 0x1000435f cmp $0x4,%al jns 0x100045e3 mov 0x1000308c,%edx jmp *(%edx,%eax,4) addl $0x14,0x1000308c call 0x1000445f call *0x100030a0 jmp 0x100045a9 lods %ds:(%esi),%eax movl $0x10004394,0x1000308c lea 0x100042e5,%edi jmp 0x1000461a movl $0x1000436c,0x1000308c lea 0x100042fd,%edi lods %ds:(%esi),%eax jmp 0x100045b9 movl $0x100043a8,0x1000308c lea 0x100042e5,%edi jmp 0x1000463f movl $0x10004380,0x1000308c lea 0x100042fd,%edi mov %edi,0x10003088 jmp 0x100044b3 lea -0x4(%esi),%esi mov %eax,(%esi) test %eax,%eax js 0x1000465d shll $0x4,(%esi) rol $0x4,%eax and $0x7,%eax ret shl %eax js 0x1000466d shll $0x5,(%esi) rol $0x4,%eax and $0x7,%eax xor $0x8,%al ret shll $0x7,(%esi) rol $0x6,%eax and $0x3f,%eax sub $0x10,%al ret lea -0x4(%esi),%esi mov %eax,(%esi) incl (%esi) cmp %edi,0x10003054 jne 0x1000468d mov %eax,0x10003054 cmp 0x10003054,%eax je 0x1000469f jns 0x1000469d mov %edi,0x1000305c lods %ds:(%esi),%eax ret mov %edi,0x10003058 subl $0x160000,0x10003134 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xe04000,%eax call 0x10003df1 mov $0x30,%eax mov 0x10003136,%cx cmp 0x1000313c,%cx js 0x100046e3 call 0x10003ee8 subl $0x160000,0x10003134 ret jmp 0x10003ee8 call 0x10003de7 lea -0x4(%esi),%esi mov %eax,(%esi) mov -0x4(,%edi,4),%eax and $0xfffffff0,%eax call 0x1000464a je 0x1000470a call 0x10003ee8 jmp 0x100046fc call 0x10003f1d lods %ds:(%esi),%eax lods %ds:(%esi),%eax ret mov 0x10003136,%cx cmp 0x10003138,%cx je 0x10004727 call 0x10003dcd call 0x1000402b jmp 0x100046ed call 0x1000403a jmp 0x100046ed call 0x10003fef jmp 0x100046ed lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xffff00,%eax call 0x10003df1 jmp 0x100046ed call 0x10003de7 lea -0x4(%esi),%esi mov %eax,(%esi) mov -0x4(,%edi,4),%eax and $0xfffffff0,%eax call 0x1000464a add $0x30,%al call 0x10003ee8 jmp 0x100046fc call 0x10003de7 lea -0x4(%esi),%esi mov %eax,(%esi) mov -0x4(,%edi,4),%eax and $0xfffffff0,%eax call 0x1000464a je 0x1000470a add $0x30,%al call 0x10003ee8 jmp 0x10004783 subl $0x160000,0x10003134 testl $0xfffffff0,-0x4(,%edi,4) jne 0x100046ed dec %edi mov %edi,0x10003060 call 0x10003f1d call 0x10004679 pop %edx lods %ds:(%esi),%eax ret mov -0x4(,%edi,4),%edx sar $0x5,%edx jmp 0x100047ea movl $0x100041a7,0x10003048 call 0x10003ffe call 0x100046ed mov 0x0(,%edi,4),%edx inc %edi lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xf800,%eax cmpl $0x100041a7,0x10003048 je 0x10004836 mov $0xc000,%eax jmp 0x10004836 mov -0x4(,%edi,4),%edx sar $0x5,%edx jmp 0x1000481b mov 0x0(,%edi,4),%edx inc %edi lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xffff00,%eax cmpl $0x100041a7,0x10003048 je 0x10004836 mov $0xc0c000,%eax call 0x10003df1 lea -0x4(%esi),%esi mov %eax,(%esi) mov %edx,%eax jmp *0x10003048 mov -0x4(,%edi,4),%edx sar $0x5,%edx lea -0x4(%esi),%esi mov %eax,(%esi) mov $0xffffff,%eax cmpl $0x100041a7,0x10003048 je 0x1000486d mov $0xc0c0c0,%eax jmp 0x10004836 add %dl,0x3c100047(%ebx) inc %edi add %dl,(%eax) adc 0x0(%eax),%ecx adc %dl,(%edx) inc %edi add %dl,(%eax) cs inc %edi add %dl,(%eax) loop 0x100048cd add %dl,(%eax) ret $0x47 adc %dh,0x7100047 dec %eax add %dl,(%eax) call 0x5d1048df inc %edi add %dl,(%eax) outsl %ds:(%esi),(%dx) inc %edi add %dl,(%eax) into inc %edi add %dl,(%eax) mov (%ecx),%? add %dl,(%eax) mov (%ecx),%? add %dl,(%eax) dec %eax dec %eax add %dl,(%eax) call 0x10003f63 lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x10003060,%eax mov %eax,0x10003058 xor %eax,%eax mov 0x1000304c,%edi add _offset, %edi ;0x10003068,%edi shl $0x8,%edi mov %edi,0x1000305c testl $0xf,0x0(,%edi,4) je 0x100048ed call 0x10004679 mov 0x0(,%edi,4),%edx inc %edi movl $0x100041a7,0x10003048 test $0x10,%dl je 0x1000490e movl $0x10004176,0x10003048 and $0xf,%edx call *0x10004870(,%edx,4) jmp 0x100048db call show ;0x1000398f call 0x100040aa call 0x100048b0 jmp 0x10004244 add %al,(%eax) add %bh,%bh incl (%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) incl (%eax) add %al,%al add %al,(%eax) (bad) incl (%eax) add %al,(%eax) add %al,(%eax) add %bh,%bh (bad) incl (%eax) (bad) (bad) incl (%eax) (bad) (bad) incl (%eax) incl -0x3f3fff80(%eax) rolb $0xff,(%eax) add %al,(%eax) add %al,(%ecx) decl 0x10003054 jns 0x1000497f incl 0x10003054 ret subl $0x8,0x10003054 jns 0x10004993 movl $0x0,0x10003054 ret addl $0x8,0x10003054 ret addl $0x2,0x1000304c ret cmpl $0x14,0x1000304c js 0x100049b4 subl $0x2,0x1000304c ret mov 0x1000304c,%ecx xchg %ecx,0x10003050 mov %ecx,0x1000304c ret xorl $0x1,0x1000304c ret mov 0x10003060,%ecx add 0x100030a8,%ecx xor 0x10003060,%ecx and $0xffffff00,%ecx je 0x100049f5 mov 0x100030a8,%ecx lods %ds:(%esi),%eax dec %ecx jne 0x100049f0 ret push %esi mov 0x10003060,%esi mov %esi,%ecx dec %esi mov %esi,%edi add 0x100030a8,%edi shl $0x2,%edi sub 0x10003058,%ecx js 0x10004a19 shl $0x2,%esi std rep movsl %ds:(%esi),%es:(%edi) cld pop %esi shr $0x2,%edi inc %edi mov %edi,0x10003054 mov 0x100030a8,%ecx dec %edi mov %eax,0x0(,%edi,4) lods %ds:(%esi),%eax dec %ecx jne 0x10004a2a ret call 0x100049d0 mov 0x10004970,%cl xor %cl,0x0(,%edi,4) cmp $0x3,%cl jne 0x10004a5f movb $0x4,0x10004970 movl $0xc000,0x10003098 ret popl 0x100030a0 movl $0x10003bc5,0x100030a0 ret movl $0x10004a60,0x100030a0 jmp 0x100045a9 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x1,%eax cmpb $0x4,0x10004970 je 0x10004a95 mov $0x3,%al cmpl $0xa,0x10003090 je 0x10004aa0 xor $0x10,%al xchg %eax,(%esi) movl $0x2,0x100030a8 jmp 0x10004a37 testb $0xa,0x10004970 jne 0x10004af3 mov %eax,%edx and $0xfc000000,%edx je 0x10004ac9 cmp $0xfc000000,%edx jne 0x10004a80 shl $0x5,%eax xor $0x2,%al cmpb $0x4,0x10004970 je 0x10004ad9 xor $0xb,%al cmpl $0xa,0x10003090 je 0x10004ae4 xor $0x10,%al movl $0x1,0x100030a8 jmp 0x10004a37 cmpb $0x9,0x10004970 jne 0x10004b08 mov %eax,%edx shl $0x5,%edx sar $0x5,%edx cmp %eax,%edx je 0x10004b0a lods %ds:(%esi),%eax ret shl $0x5,%eax xor $0x6,%al jmp 0x10004ad9 lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x10003058,%eax sub 0x1000305c,%eax je 0x10004b4a mov %eax,%ecx xchg %eax,%edx push %esi mov 0x10003058,%esi lea -0x4(,%esi,4),%esi mov 0x10003064,%edi std lods %ds:(%esi),%eax cld stos %eax,%es:(%edi) dec %ecx jne 0x10004b3a xchg %eax,%edx stos %eax,%es:(%edi) mov %edi,0x10003064 pop %esi lods %ds:(%esi),%eax ret call 0x10004b11 mov 0x1000305c,%edi mov 0x10003060,%ecx sub %edi,%ecx shl $0x2,%edi push %esi mov 0x10003058,%esi shl $0x2,%esi rep movsl %ds:(%esi),%es:(%edi) pop %esi jmp 0x10004971 call 0x10004b11 jmp 0x10004971 mov $0x1,%al jmp 0x10004ba0 mov $0x3,%al jmp 0x10004ba0 mov $0x4,%al jmp 0x10004ba0 mov $0x9,%al jmp 0x10004ba0 mov $0xa,%al jmp 0x10004ba0 mov $0xb,%al jmp 0x10004ba0 mov $0xd,%al jmp 0x10004ba0 mov $0xe,%al jmp 0x10004ba0 mov $0x7,%al mov %al,0x10004970 movl $0x10004a37,0x100030a0 mov 0x1000492c(,%eax,4),%eax mov %eax,0x10003098 pop %eax lods %ds:(%esi),%eax jmp 0x100045a9 lea -0x4(%esi),%esi mov %eax,(%esi) xor %eax,%eax incl 0x100030a8 jmp 0x10004a37 movb $0xc,0x10004970 mov $0xff00ff,%eax movl $0x10004bc2,0x100030a0 jmp 0x10004bb6 pop %eax lods %ds:(%esi),%eax movl $0x10003bc5,0x100030a0 movl $0x1000398e,0x100030a4 movb $0x0,0x100043a4 movl $0x100045a6,0x10004398 movl $0xffff00,0x10003098 jmp 0x100045a9 mov 0x10003064,%edx cmp $0x1000b000,%edx jne 0x10004c31 ret sub $0x8,%edx mov 0x4(%edx),%ecx mov %ecx,0x100030a8 lea -0x4(%esi),%esi mov %eax,(%esi) mov (%edx),%eax sub $0x4,%edx dec %ecx jne 0x10004c3d add $0x4,%edx mov %edx,0x10003064 jmp 0x100049d0 mov (%ecx),%? add %dl,(%eax) dec %esp dec %ebx add %dl,(%eax) in (%dx),%al dec %ebx add %dl,(%eax) and 0x10(%eax,%eax,1),%cl jle 0x10004cb5 add %dl,(%eax) (bad) dec %ebx add %dl,(%eax) xchg %cl,0x0(%ebx) adc %cl,%al dec %ecx add %dl,(%eax) jno 0x10004cc3 add %dl,(%eax) orb $0x10,0x0(%ecx) xchg %eax,%esp dec %ecx add %dl,(%eax) jns 0x10004ccf add %dl,(%eax) movsb %ds:(%esi),%es:(%edi) dec %ecx add %dl,(%eax) aam $0x4b add %dl,(%eax) sahf dec %ebx add %dl,(%eax) pushf dec %ecx add %dl,(%eax) mov (%ecx),%? add %dl,(%eax) xchg %eax,%edx dec %ebx add %dl,(%eax) mov 0x0(%ebx),%cs adc %cl,-0x71efffb5(%edx) cmp %eax,(%eax) adc %cl,-0x71efffc7(%esi) cmp %eax,(%eax) adc %dh,-0x69efffb7(%ebp) dec %ebx add %dl,(%eax) lcall $0x39,$0x8e10004b adc %dh,0x0(%ebx,%ecx,2) adc %dl,0xb000725 add %ecx,0x10160c2d add %esp,(%ebx) or %ecx,(%edx) sub (%eax),%eax cmp %bh,(%edx) add (%eax),%al adc %cl,(%esi) and 0xe7240013,%al dec %edi add %dl,(%eax) lods %ds:(%esi),%eax jmp 0x10004d23 mov 0x1000304c,%ecx mov %ecx,0x10003050 mov %eax,0x1000304c lods %ds:(%esi),%eax call 0x1000491a call *0x10004ce4 movl $0x10004aae,0x100030a4 movb $0x25,0x100043a4 movl $0x10004ce8,0x10004398 movl $0x10004cb8,0x1000308c movl $0x10004cc8,0x10003088 movl $0xffff00,0x10003098 call 0x1000435f call *0x10004c58(,%eax,4) lods %ds:(%esi),%eax jmp 0x10004d41 pop %edx mov %edx,0x1000496c add $0x8c,%edx mov %edx,0x10003088 sub $0x10,%edx mov %edx,0x1000308c call 0x1000435f mov 0x1000496c,%edx add %eax,%edx lea 0x5(%edx,%eax,4),%edx add -0x4(%edx),%edx lods %ds:(%esi),%eax call *%edx jmp 0x10004d6c boot: mov $0xfe,%al out %al,$0x64 jmp 0x10004d89 mov %eax,%ecx shl $0x8,%ecx lods %ds:(%esi),%eax push %edi mov %eax,%edi shl $0xa,%edi xor %eax,%eax rep stos %eax,%es:(%edi) pop %edi lods %ds:(%esi),%eax ret cmp $0xc,%eax jb 0x10003a63 push %edi mov %eax,%edi shl $0xa,%edi push %esi mov 0x1000304c,%esi shl $0xa,%esi mov $0x200,%ecx rep movsl %ds:(%esi),%es:(%edi) pop %esi pop %edi mov %eax,0x1000304c lods %ds:(%esi),%eax ret movl $0x302b5,0x10003134 lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x10003942,%eax pushl (%eax) call 0x10004176 lea -0x4(%esi),%esi mov %eax,(%esi) pop %eax call 0x10004176 lea -0x4(%esi),%esi mov %eax,(%esi) mov 0x1000394b,%eax call 0x10004176 lea -0x4(%esi),%esi mov %eax,(%esi) mov %esi,%eax jmp 0x10004176 decl 0x100030a8 je 0x10004e13 lods %ds:(%esi),%eax jmp 0x10004e08 ret call 0x10004a71 call 0x10004e08 call 0x10003a4f jne 0x10003a63 mov 0x1018a800(,%ecx,4),%eax ret and $0xfffffff0,%eax call 0x10003a4f mov 0x1018a800(,%ecx,4),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x1,%eax or %eax,%eax ret data0x10004e50: dd 0 times ((data0x10004fd0 - $$) - ($ - $$)) db 0 data0x10004fd0: dd 0x10000000 data0x10004fd4: dd 0x1fffffff check_stack_bounds: ;apparently dead code cmp 0x10004fd0,%esp jb 0x10004fe6 cmp %esp,0x10004fd4 ret pop %ecx mov data0x10004e50,%ebx mov 0x4(%ebx),%esp jmp *%ecx lea -0x4(%esi),%esi mov %eax,(%esi) mov data0x10004e50,%ebx mov 0x4(%ebx),%eax sub %esp,%eax shr %eax shr %eax ret data0x5006: ;for storing Windows syscalls? subr0x1000500a: mov 0x8(%eax),%eax add data0x10005006,%eax mov (%eax),%eax ret add %eax,(%eax) add %al,(%eax) or $0x0,%al add %al,(%eax) add %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) add $0x0,%al add %al,(%eax) add %eax,(%eax) add %al,(%eax) or $0x0,%al add %al,(%eax) or %al,(%eax) add %al,(%eax) data0x1000503a: dd 0x1, 0xc, 0xc add %eax,(%eax) add %al,(%eax) or $0x0,%al add %al,(%eax) adc %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) adc $0x0,%al add %al,(%eax) add %al,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) sbb %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) sbb $0x0,%al add %al,(%eax) add %eax,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) and $0x0,%al add %al,(%eax) add %eax,(%eax) add %al,(%eax) or %al,(%eax) add %al,(%eax) sub %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) sub $0x0,%al add %al,(%eax) add %eax,(%eax) add %al,(%eax) adc %al,(%eax) add %al,(%eax) xor %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) xor $0x0,%al add %al,(%eax) add %eax,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) cmp %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) or $0x0,%al add %al,(%eax) cmp $0x0,%al add %al,(%eax) add %eax,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) inc %eax add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %bl,(%eax) add %al,(%eax) add %al,0x0(%eax,%eax,1) add %al,(%ecx) add %al,(%eax) add %al,(%eax,%eax,1) add %al,(%eax) dec %eax add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %al,(%eax,%eax,1) add %al,(%eax) dec %esp add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %bl,(%eax,%eax,1) add %al,(%eax) push %eax add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %ah,(%eax) add %al,(%eax) add %dl,0x0(%eax,%eax,1) add %al,(%ecx) add %al,(%eax) add %dl,(%eax,%eax,1) add %al,(%eax) pop %eax add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %dl,(%eax,%eax,1) add %al,(%eax) pop %esp add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %cl,(%eax) add %al,(%eax) add %ah,0x0(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) xor %al,(%eax) add %al,(%eax) push $0x1000000 add %al,(%eax) add %al,(%eax,%eax,1) add %al,(%eax) insb (%dx),%es:(%edi) add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %dl,(%eax) add %al,(%eax) add %dh,0x0(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) sbb %al,(%eax) add %al,(%eax) je 0x10005164 add %al,(%eax) add %eax,(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) js 0x10005170 add %al,(%eax) add %eax,(%eax) add %al,(%eax) adc %al,(%eax) add %al,(%eax) jl 0x1000517c add %al,(%eax) add %eax,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) addb $0x0,(%eax) add %al,(%ecx) add %al,(%eax) add %al,(%eax,%eax,1) add %al,(%eax) test %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) add $0x0,%al add %al,(%eax) mov %al,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) or %al,(%eax) add %al,(%eax) mov %es,(%eax) add %al,(%eax) add %eax,(%eax) add %al,(%eax) or %al,(%eax) add %al,(%eax) nop add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %al,(%eax,%eax,1) add %al,(%eax) xchg %eax,%esp add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %cl,(%eax,%eax,1) add %al,(%eax) cwtl add %al,(%eax) add %al,(%ecx) add %al,(%eax) add %bl,(%eax) add %al,(%eax) add %ah,0x1000000(%eax) add %al,(%eax) add %dh,(%eax,%eax,1) add %al,(%eax) data0x100051e6: dd 0xa4 data0x100051ea: dd 0 outchars: ;0x100051ee: pusha push %ecx push %eax push $0x1 mov data0x1000503a,%eax call subr0x1000500a call *%eax add $0xc,%esp popa ret push %eax push %ecx mov %eax,0x100051ea mov $0x100051ea,%eax mov $0x1,%ecx call outchars pop %ecx pop %eax ret outstring: push %edx mov %eax,%edx .loop: xor %eax,%eax mov (%edx),%al or %eax,%eax je .done ;0x10005230 call 0x10005204 inc %edx jmp .loop ;0x10005220 .done: pop %edx ret pusha mov $0x10005052,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa ret outchr_inline: push %eax mov 0x4(%esp),%eax mov (%eax),%al call 0x10005204 pop %eax incl (%esp) ret crlf: call outchr_inline db 0xd ;carriage return call outchr_inline db 0xa ;linefeed ret xor %dh,(%ecx) xor (%ebx),%dh xor $0x35,%al ss aaa cmp %bh,(%ecx) inc %ecx inc %edx inc %ebx inc %esp inc %ebp inc %esi pusha mov $0x8,%ecx mov %eax,%edx rol $0x4,%edx mov %edx,%eax and $0xf,%eax mov 0x10005263(%eax),%al call 0x10005204 loop 0x1000527b call outchr_inline db ' ' popa ret pusha shr $0x2,%ecx mov %eax,%edi xor %edx,%edx test $0xf,%dl jne 0x100052bb call crlf ;0x10005256 mov %edi,%eax add %edx,%eax call 0x10005273 call outchr_inline db ' ' mov (%edi+%edx), %eax call 0x1000527b add $4, %edx loop 0x100052a7 call crlf ;0x10005256 popa ret pusha mov 0x20(%esp),%edi mov (%edi),%eax mov 0x4(%edi),%ecx call 0x1000529a popa addl $0x8,(%esp) ret pusha mov $0x1000506a,%eax call 0x1000500a call *%eax mov (%eax),%eax mov %eax,0x1c(%esp) popa or %eax,%eax ret inc %eax je 0x100052e4 xor %eax,%eax ret cmp %ecx,%eax jae 0x100052fb mov $0xfffffffe,%eax or %eax,%eax ret sysop_error: db ' Error in system operation.' db ' ' add %cl,(%ebx) (bad) je 0x10005343 call 0x10005256 call 0x10005273 mov sysop_error, %eax ;$0x1000530d,%eax call outstring ;0x1000521d ret win32_api_error: db 'Win32 API Error: ', 0 or %eax,%eax jne 0x100053a3 pusha mov $0x1000508e,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa push %eax call 0x10005256 mov win32_api_error, %eax ;$0x10005344,%eax call outstring ;0x1000521d pop %eax call 0x10005273 mov (%esp),%eax call 0x10005273 mov 0x4(%esp),%eax call 0x10005273 mov 0x8(%esp),%eax call 0x10005273 mov %ebx,%eax call 0x10005273 ret pusha push $0x180 push %ecx push %eax mov $0x10005016,%eax call 0x1000500a call *%eax add $0xc,%esp mov %eax,0x1c(%esp) popa ret pusha push %eax mov $0x10005022,%eax call 0x1000500a call *%eax add $0x4,%esp mov %eax,0x1c(%esp) popa ret pusha push %ecx push %eax push %edx mov $0x1000502e,%eax call 0x1000500a call *%eax add $0xc,%esp mov %eax,0x1c(%esp) popa ret pusha push %ecx push %eax push %edx mov $0x1000503a,%eax call 0x1000500a call *%eax add $0xc,%esp mov %eax,0x1c(%esp) popa ret add %al,(%eax) add %al,(%eax) reading_file: db 'Reading file', 0 subr0x1000541c: call 0x10005256 lea -0x4(%esi),%esi ;dup mov %eax,(%esi) mov reading_file, %eax ;0x1000540e call outstring ;0x1000521d mov (%esi),%eax call outstring ;0x1000521d mov $0x8000,%ecx lods %ds:(%esi),%eax ;drop call 0x100053a4 mov %eax,0x1000540a call outchr_inline db ' ' call 0x10005273 call 0x100052fb call 0x1000532b lods mov %eax, %ecx lods mov 0x1000540a, %edx call 0x100053d8 call 0x10005273 call 0x10005301 call 0x1000532b xor %eax,%eax xchg %eax,0x1000540a call 0x100053c1 lods %ds:(%esi),%eax ret push %edi jb 0x100054f5 je 0x100054f7 outsb %ds:(%esi),(%dx) and %ah,0x69(%bp) insb (%dx),%es:(%edi) and %al,%gs:(%eax) call 0x10005256 lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x10005489,%eax call outstring ;0x1000521d mov (%esi),%eax call outstring ;0x1000521d mov $0x8302,%ecx lods %ds:(%esi),%eax call 0x100053a4 mov %eax,0x1000540a call outchr_inline and %ch,%al cmpsb %es:(%edi),%ds:(%esi) std (bad) ljmp * sub %edi,%esi (bad) ljmp * push %esp (bad) (bad) ljmp *-0x74523775(%ebp) adc $0x1000540a,%eax call 0x100053f1 call 0x10005273 call 0x10005301 call 0x1000532b xor %eax,%eax xchg %eax,0x1000540a call 0x100053c1 lods %ds:(%esi),%eax ret workfile: ;OkadWork.cf db 'OkadWork.cf', 0 backupfile: ;OkadBack.cf db 'OkadBack.cf', 0 subr0x1000551c: shll $0xa,(%esi) ;convert block address to byte address addl $0x10020000,(%esi) ;offset into memory shl $0xa,%eax ;block to byte address lea -0x4(%esi),%esi ;dup mov %eax,(%esi) mov $0x10005504,%eax ;OkadWork.cf ret lea -0x4(%esi),%esi mov %eax,(%esi) xor %eax,%eax lea -0x4(%esi),%esi mov %eax,(%esi) mov $1440,%eax call 0x1000551c jmp 0x1000541c lea -0x4(%esi),%esi mov %eax,(%esi) xor %eax,%eax lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x5a0,%eax call 0x1000551c jmp 0x10005497 call 0x1000551c mov $0x10005510,%eax jmp 0x1000541c call 0x1000551c mov $0x10005510,%eax jmp 0x10005497 dec %edi imul $0x4f,0x64(%ecx),%esp jne 0x10005602 cs addr16 fs jae 0x10005593 shl $0x2,%eax shll $0x2,(%esi) lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x10005587,%eax jmp 0x10005497 dec %edi imul $0x53,0x64(%ecx),%esp imul $0x676f6c,0x2e(%ebp),%ebp add %al,(%eax) add %al,(%eax) dec %edi jo 0x10005620 outsb %ds:(%esi),(%dx) imul $0x414b4f20,0x67(%esi),%ebp inc %esp and %ch,0x67(%edi,%ebp,2) and %ah,0x69(%esi) insb (%dx),%es:(%edi) and %al,%gs:(%eax) lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10005256 mov $0x100055b8,%eax call outstring ;0x1000521d mov $0x100055a8,%eax call outstring ;0x1000521d mov $0x100055a8,%eax mov $0x8302,%ecx call 0x100053a4 mov %eax,0x100055b4 call outchr_inline and %ch,%al addr16 cld (bad) ljmp * ljmp $0xfd15,$0xe8fffffc (bad) ljmp *-0x5237743d(%ebp) mov 0x100055b4,%edx call 0x100053f1 call 0x10005301 call 0x1000532b lods %ds:(%esi),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) xor %eax,%eax xchg %eax,0x100055b4 call 0x100053c1 lods %ds:(%esi),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) lea -0x4(%esi),%esi mov %eax,(%esi) pusha push %esi mov $0x1000505e,%eax call 0x1000500a call *%eax add $0x4,%esp popa lods %ds:(%esi),%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x30000000,%eax ret pusha push $0x0 mov $0x100050ee,%eax call 0x1000500a call *%eax pusha push $0x0 push %ecx push %eax push $0x0 mov $0x1000509a,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa ret pusha push %eax mov $0x100050ca,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa jmp 0x10005356 pusha push %eax mov $0x100050a6,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa jmp 0x10005356 pusha push %eax mov $0x100050b2,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa jmp 0x10005356 pusha push $0x1 push $0x0 push %eax mov $0x100050be,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa mov %eax,%ecx inc %eax call 0x10005356 mov %ecx,%eax ret pusha push $0x1 push %ecx push %eax jmp 0x100056e5 xor %eax,%eax mov %eax,%ecx call 0x1000567e mov %eax,0x10005708 call 0x10005256 call 0x10005273 call 0x100056f6 xor %eax,%eax mov %eax,%ecx inc %eax call 0x1000567e mov %eax,0x10005714 call 0x10005273 call 0x100056f6 ret push %ecx lea 0x8(%ecx),%edx push %edx push $0x0 push %ecx push %eax push $0x1000 push $0x0 mov $0x100050d6,%eax call 0x1000500a call *%eax pop %ecx mov %eax,(%ecx) call 0x10005356 mov %ecx,%eax mov $0x10,%ecx call 0x1000529a ret pusha pushl 0x14(%esi) pushl 0x10(%esi) pushl 0xc(%esi) pushl 0x8(%esi) pushl 0x4(%esi) pushl (%esi) push %eax mov $0x100050fa,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa add $0x18,%esi cmp $0xffffffff,%eax ret pusha push %eax mov $0x100050ca,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa lods %ds:(%esi),%eax ret pusha push $0x0 mov 0x14(%esi),%ecx shl %ecx shl %ecx push %ecx pushl 0x10(%esi) mov 0xc(%esi),%ecx shl %ecx shl %ecx push %ecx pushl 0x8(%esi) mov 0x4(%esi),%ecx shl %ecx shl %ecx push %ecx pushl (%esi) push %eax mov $0x10005106,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa add $0x18,%esi or %eax,%eax ret pusha push $0x0 pushl 0x8(%esi) pushl 0x4(%esi) pushl (%esi) push %eax mov $0x10005112,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa add $0xc,%esi or %eax,%eax ret pusha push $0x0 pushl 0x8(%esi) pushl 0x4(%esi) pushl (%esi) push %eax mov $0x1000511e,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa add $0xc,%esi or %eax,%eax ret pusha pushl (%esi) push %eax mov $0x1000512a,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa add $0x4,%esi or %eax,%eax ret arpl %ax,0x6f(%esi) jb 0x100058ff push $0x63692e32 outsl %ds:(%esi),(%dx) add %cl,0x6e(%edi) and %dh,%gs:0x6d(%ecx,%ebp,2) and %ch,%gs:0x70(%edi) gs jb 0x10005901 je 0x1000590b outsl %ds:(%esi),(%dx) outsb %ds:(%esi),(%dx) jae 0x100058e0 and %al,(%eax) call 0x10005256 mov $0x10005892,%eax call outstring ;0x1000521d push $0x0 mov $0x10005076,%eax call 0x1000500a call *%eax mov %eax,0x1000585e call 0x10005356 mov $0x10005166,%eax call 0x1000500a call *%eax mov %eax,0x10005862 call 0x10005356 push $0x50 xor %eax,%eax push %eax push %eax push $0x1 push $0x10005886 push %eax mov $0x1000515a,%eax call 0x1000500a call *%eax mov %eax,0x10005866 call 0x10005356 push $0x40 xor %eax,%eax push %eax push %eax push $0x2 push $0x7f88 push %eax mov $0x1000515a,%eax call 0x1000500a call *%eax mov %eax,0x1000586a call 0x10005356 call 0x100052cf pop %esi pop %eax add %dl,(%eax) adc %al,(%eax) add %al,(%eax) ret add %al,(%eax) add %al,(%eax) add %bh,0x64(%eax) add %dl,(%eax) adc %ah,0x0(%ebp) adc %al,(%eax) add %al,(%eax) add %ch,0x1000(,%eiz,2) add %al,(%eax) pusha add %dl,%fs:(%eax) dec %esp add %dl,%fs:(%eax) fsubl 0x0(%ebx) adc %al,(%eax) add %al,(%eax) add %bh,(%eax) add %dl,%fs:(%eax) sub %ah,0x10(%eax,%eax,1) movsb %ds:(%esi),%es:(%edi) add %dl,%gs:(%eax) lock add %dl,%gs:(%eax) in (%dx),%al add %dl,%gs:(%eax) add %al,(%eax) add %al,(%eax) or %ah,0x0(%esi) adc %al,(%eax) add %al,(%eax) add %dl,-0x73(%ebp) insb (%dx),%es:(%edi) and $0x8,%al push %edx mov 0x1000613c,%edx incl 0x1000613c and $0x3f,%edx shl $0x4,%edx add $0x10016400,%edx mov 0x0(%ebp),%eax mov %eax,(%edx) mov 0x4(%ebp),%eax mov %eax,0x4(%edx) mov 0x8(%ebp),%eax mov %eax,0x8(%edx) mov 0xc(%ebp),%eax mov %eax,0xc(%edx) mov 0x4(%ebp),%eax cmp $0x200,%eax jae 0x10006199 testl $0xffffffff,0x1000593c(,%eax,4) je 0x10006199 push %ecx push %edi push %esi call *0x1000593c(,%eax,4) pop %esi pop %edi pop %ecx pop %edx pop %ebp mov $0x1000514e,%eax call 0x1000500a jmp *%eax pop %esi pop %esi pop %edi pop %ecx pop %edx pop %ebp ret $0x10 add %al,(%eax) add %al,(%eax) arpl %sp,0x57(%esi) imul $0x30,0x0(%esi),%ebp sub (%eax),%eax add %al,(%eax) inc %eax popa add %dl,(%eax) outsl %ds:(%esi),(%dx) add %al,(%eax) add %bl,%dh add %al,(%eax) add %cl,0x1(%ebp) add %al,(%eax) mov $0x61,%ah add %dl,(%eax) add %al,(%eax) add %al,(%eax) mov 0x1000585e,%eax mov %eax,0x100061ce mov 0x10005866,%eax mov %eax,0x100061d2 mov 0x1000586a,%eax mov %eax,0x100061d6 push $0x100061ba mov $0x10005142,%eax call 0x1000500a call *%eax mov %eax,0x100061b0 call 0x10005356 ret add %al,(%eax) add %al,(%eax) arpl %bp,0x6c(%edi) outsl %ds:(%esi),(%dx) jb 0x10006274 outsl %ds:(%esi),(%dx) jb 0x100062a5 push $0xbc614e00 add %ah,0x68(%eax) xor 0x0(%edx),%esp adc %bh,%bh xor $0x1000585e,%eax push $0x0 push $0x0 push $0x300 push $0x400 push $0x32 push $0x32 push $0x10cf0000 push $0x10006228 ;string 'colorForth' pushl 0x100061b0 push $0x300 mov $0x10005136,%eax call 0x1000500a call *%eax mov %eax,0x10006224 call 0x10005356 popa ret jl 0x10006284 add %al,(%eax) add %al,(%eax,%eax,1) add %bl,0x1ffff(%esp,%edi,8) and %al,(%eax) add %cl,(%eax) add %al,(%eax) add %cl,(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) add %al,(%ecx) add %al,(%eax) push %edi imul $0x0,0x20(%esi),%ebp call 0x100052cf push %es arpl %ax,(%eax) adc %ah,(%eax) add %al,(%eax) add %al,%bl pusha xor %eax,%eax push %eax push %eax push %eax push $0x10006306 mov $0x10005172,%eax call 0x1000500a call *%eax mov %eax,0x1c(%esp) popa call 0x100056f6 or %eax,%eax ret testl $0xffffffff,0x10006306 je 0x1000637b pusha push $0x10006306 mov $0x1000518a,%eax call 0x1000500a call *%eax popa xor %eax,%eax jmp 0x10006380 mov $0x1,%eax or %eax,%eax ret push %ecx push %ebp dec %ecx push %esp and %ch,0x73(%ebp) and %dh,0x65(%bp,%si) arpl %sp,0x69(%ebp) jbe 0x100063f8 and %eax,%fs:(%eax) call 0x10006334 je 0x100063a6 call 0x10006358 je 0x100063a4 jmp 0x10006396 mov $0x10006383,%eax call outstring ;0x1000521d ret add %al,(%eax) add %cl,-0x4e40f38b(%ebx) arpl %ax,(%eax) adc %bh,0xa(%ecx) cld rep movsl %ds:(%esi),%es:(%edi) ret add %al,(%eax) add %cl,-0x1240f38b(%ebx) arpl %ax,(%eax) adc %bh,0x7(%ecx) jmp 0x100063e9 add %cl,0x9bf0c75(%ebx) add %dl,%fs:(%eax) mov $0x7,%ecx jmp 0x100063e9 add %al,(%eax) add %al,(%eax) add %cl,0x47a30845(%ebx) add %dl,%fs:(%eax) ret add %al,(%eax) add %bh,%bh add $0x10006455,%eax mov 0x8(%ebp),%eax mov %eax,0x10006459 xor %eax,%eax jmp 0x100061a7 add %al,(%eax) add %bh,%bh jne 0x1000647b mov $0x10005196,%eax call 0x1000500a call *%eax mov %eax,0x100062fe call 0x10005356 xor %eax,%eax push %eax push %eax push $0x10003148 push %eax push $0x10006282 pushl 0x100062fe mov $0x100051d2,%eax call 0x1000500a call *%eax mov %eax,0x10006302 call 0x10005356 mov 0x10003148,%eax mov %eax,0x1000314c ret add %cl,-0x5c99f3bb(%ebx) (bad) add %dl,%fs:(%eax) shr $0x10,%eax mov %ax,0x100064cb mov 0x10005714,%eax jmp 0x100056af push $0x100064cf pushl 0x10006224 mov $0x100051a2,%eax call 0x1000500a call *%eax xor %eax,%eax push $0xcc0020 push %eax push $0x10006282 pushl 0x1000314c push $0x364 push $0x400 push %eax push %eax pushl 0x100064cb pushl 0x100064c7 push %eax push %eax pushl 0x100062fe mov $0x100051de,%eax call 0x1000500a call *%eax push $0x100064cf pushl 0x10006224 mov $0x100051ae,%eax call 0x1000500a call *%eax mov $0x1,%eax jmp 0x100061a7 add %dh,%bh add $0x1000570c,%eax (bad) (bad) (bad) pushl 0x34(%ebp) cmpl $0x10,0x8(%ebp) jne 0x100065c2 movl $0x80,0x100030ac jmp 0x100065e4 mov 0x8(%ebp),%eax and $0x7f,%al or 0x100030ac,%eax mov %eax,0x1000570c mov 0xc(%ebp),%eax mov %eax,0x10005710 mov 0x10005708,%eax call 0x100056af xor %eax,%eax jmp 0x100061a7 add %ch,%bl mov $0x0,%dh add %al,0x7510087d(%ebx) or %bh,%al add $0x100030ac,%eax add %al,(%eax) add %al,(%eax) xor %eax,%eax jmp 0x100061a7 add %dh,(%ebx) shr $0x98,%cl sti (bad) incl (%eax) add %al,(%eax) add %ah,-0x5f(%eax) (bad) add %dl,%fs:(%eax) mov %eax,0x10006617 mov 0x100064cb,%eax mov %eax,0x1000661b push $0x0 push $0x1000660f pushl 0x10006224 mov $0x100051c6,%eax call 0x1000500a call *%eax call 0x10005356 pushl 0x10006224 mov $0x100051ba,%eax call 0x1000500a call *%eax call 0x10005356 popa ret call 0x1000661f ret call 0x1000666b jmp 0x10003935 add %al,(%eax) add (%eax),%eax add (%eax),%al or (%eax),%eax or $0xf0e00,%eax adc $0x0,%al sbb (%esi),%dl adc (%edi),%dl add %al,(%eax) add $0xc0a0908,%eax add %eax,(%esi) pop %es adc %dl,(%ebx) adc $0x111b0400,%eax sbb %eax,(%eax) sbb %al,(%eax) lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10003935 mov $0xffffffff,%ecx mov 0x10005708,%eax call 0x10005701 mov 0x1000570c,%eax mov 0x1000667b(%eax),%al movl $0x0,0x1000570c ret jmp 0x10006780 xor %bl,(%eax) xor %ebx,(%ecx) xor (%edx),%bl xor (%ebx),%ebx xor $0x1c,%al xor $0x371e361d,%eax pop %ds cmp %ah,(%eax) cmp %esp,(%ecx) inc %ecx add $0xa431342,%eax inc %esp adc %al,0x4(%ebp) inc %esi push %cs inc %edi or $0x7491448,%eax dec %edx and 0x24(%ebx),%cl dec %esp or $0x4d,%al or %ecx,0x6(%esi) dec %edi add 0x12(%eax),%edx push %ecx pop %ss push %edx add %edx,0x8(%ebx) push %esp add 0x16(%ebp),%dl push %esi adc %edx,0xf(%edi) pop %eax adc $0x265a0b59,%eax cmp $0x3f253e23,%eax daa cmp (%eax),%ch pop %esi sub %esi,-0x4dd444d6(%ecx) sub $0xb8,%al sub $0x2fbf2e3c,%eax and %al,-0x7df77ef3(%eax) sbb 0x30408470(%ebx),%eax lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10003935 mov $0xffffffff,%ecx mov 0x10005708,%eax call 0x10005701 mov 0x1000570c,%eax movl $0x0,0x1000570c mov $0x100067ac,%edx mov $0x35,%ecx cmp %al,(%edx) je 0x10006854 add $0x2,%edx loop 0x10006848 xor %eax,%eax ret mov 0x1(%edx),%al sub $0x100067ac,%edx shr %edx mov %edx,0x100030b0 test $0x80,%eax ret pop %ss (bad) add %eax,(%eax) add %al,(%eax) add %al,(%eax) add %al,(%eax) add %al,0x309435(%ebx) adc %ah,(%edi) xorb $0x2f,0x100043c8 call *0x10003094 movl $0x0,0x1000686b cmpl $0x10,0x10003090 jne 0x100068b4 movl $0x150414,0x1000686b movl $0x10006867,0x10003088 movl $0x1000686b,0x1000308c ret call 0x10006883 jmp 0x10006949 aaa inc %ebp add %dl,(%eax) aaa inc %ebp add %dl,(%eax) sahf inc %ebp add %dl,(%eax) dec %ecx imul $0x68c910,(%eax),%eax adc %ch,%al test %dl,%bh (bad) inc %edi add $0x1000686f,%eax push %es push %ss or %eax,(%eax) call 0x10006891 movb $0x0,0x100044d9 mov 0x100030b0,%eax call 0x10004365 je 0x10006912 jmp *0x100066d0(,%eax,4) test %eax,%eax jle 0x10006949 cmp $0x23,%al je 0x10006941 mov 0x100030b0,%eax cmp 0x10003090,%eax jns 0x1000693f testb $0xff,0x100044d9 je 0x10006932 neg %eax mov (%esi),%edx imul 0x10003090,%edx add %eax,%edx mov %edx,(%esi) jmp 0x10006949 xor %eax,0x100044d9 negl (%esi) lods %ds:(%esi),%eax jmp 0x10006904 icebp inc %ebx add %dl,(%eax) icebp inc %ebx add %dl,(%eax) dec %ebx inc %esp add %dl,(%eax) movl $0x2150402,0x1000686f call 0x1000406d movl $0x1,0x100030a8 movl $0x1,0x1000309c lea -0x4(%esi),%esi mov %eax,(%esi) movl $0x0,(%esi) movb $0x1c,0x100043e4 je 0x1000699d cmp $0x83,%eax jns 0x1000699d jmp *0x1000674c(,%eax,4) test %eax,%eax jle 0x100069bd cmp $0x30,%eax jns 0x100069bd lea -0x4(%esi),%esi mov %eax,(%esi) call 0x10004054 call 0x1000441f incl 0x1000309c lods %ds:(%esi),%eax call 0x10004365 jmp 0x1000698d call 0x10006883 jmp 0x100045a6 jmp *0x10004398 cmpsb %es:(%edi),%ds:(%esi) inc %ebp add %dl,(%eax) cmpsb %es:(%edi),%ds:(%esi) inc %ebp add %dl,(%eax) cmpsb %es:(%edi),%ds:(%esi) inc %ebp add %dl,(%eax) iret imul $0x69c510,(%eax),%eax adc %al,%bh add $0x1000686f,%eax add %al,(%eax) add %al,(%eax) movl $0x1000686b,0x1000308c movl $0x10006867,0x10003088 call 0x10004365 je 0x10006a15 jmp *0x100067d5(,%eax,4) cmp $0x30,%al jne 0x10006a26 movl $0x2150402,0x1000686f lods %ds:(%esi),%eax jmp 0x10006a07 test %eax,%eax jle 0x10006a5a testl $0xffffffff,0x1000686f jne 0x10006a43 cmpb $0xa,0x100030b0 js 0x100068e4 cmp $0x30,%eax jns 0x10006a5a call 0x10006958 call *0x100030a0 lea -0x4(%esi),%esi mov %eax,(%esi) lods %ds:(%esi),%eax jmp 0x100045a9 movl $0x100069e9,0x10003074 ret sub $0x4009200,%edi jb 0x10006a9c add $0x1200,%edi mov %edi,%eax and $0xff,%eax shr $0x8,%edi cmp $0x5a0,%edi jae 0x10006a9c mov %eax,0x10003054 mov %edi,0x1000304c call *0x1000307c mov data0x10004e50,%ebx mov 0x4(%ebx),%esp cld cmp $0x10015800,%esi jb 0x10006ab2 mov $0x10015800,%esi movl $0x10003ae4,0x100030ec movl $0x10003bfe,0x100030f0 movl $0x10003b9e,0x100030f4 movl $0x10003bae,0x100030f8 mov $0x2f,%eax call 0x10004054 jmp 0x100045a9 add %al,(%eax) add %dl,0x61(%edx,%esi,2) jo 0x10006c30 inc %esi popa jne 0x10006c71 je 0x10006c41 add %ch,%al dec %ecx out %al,$0xff (bad) mov $0x10006bfc,%eax call outstring ;0x1000521d call 0x100052cf in (%dx),%al push $0x0 adc %bl,(%eax) add %al,(%eax) add %ch,%al cmpsb %es:(%edi),%ds:(%esi) out %al,$0xff incl (%ebx,%ebp,2) add %dl,(%eax) int3 add %al,(%eax) add %ah,0x10006ba4(%ecx) mov $0x10,%ecx call 0x1000529a mov 0x10006bc8,%eax mov $0x10,%ecx call 0x1000529a ret cld push %ebp mov %esp,%ebp push %ecx push %esi push %edi incl 0x10006bd0 mov 0x8(%ebp),%eax mov (%eax),%eax mov $0x10006bd4,%edi mov $0x5,%ecx repnz scas %es:(%edi),%eax jne 0x10006c77 mov 0x10(%edi),%eax call *%eax jmp 0x10006cb1 mov 0x8(%ebp),%esi mov $0x10006aec,%edi mov $0x6,%ecx rep movsl %ds:(%esi),%es:(%edi) mov 0x10(%ebp),%esi mov $0x10006b04,%edi mov $0x33,%ecx rep movsl %ds:(%esi),%es:(%edi) mov 0x10(%ebp),%esi movl $0x10015800,0xa0(%esi) movl $0x10006a6b,0xb8(%esi) call 0x10006c08 xor %eax,%eax pop %edi pop %esi pop %ecx pop %ebp ret mov 0x4(%ebx),%edi add $0x4,%edi mov %fs:0x0,%eax mov %eax,(%edi) movl $0x10006c50,0x4(%edi) mov %edi,%fs:0x0 ret stop: ret read: ret write: ret format: ret ret add %al,(%eax) add %al,(%eax) add %al,(%eax) warm: lea -0x4(%esi),%esi mov %eax,(%esi) call 0x100039ae call 0x100039df movl $0x71,0x100030d8 movl $0x6,0x100030dc movl $0x1000b000,0x10003064 push %esi lea 0x10003590,%esi mov $0x10188000,%edi mov 0x100030d8,%ecx rep movsl %ds:(%esi),%es:(%edi) lea 0x10003754,%esi mov $0x1018a800,%edi mov 0x100030d8,%ecx rep movsl %ds:(%esi),%es:(%edi) pop %esi movl $0x1018d000,0x100030c4 movl $0x1000398e,0x1000307c movl $0x0,0x10003074 mov 0x10005714,%eax mov $0x1000,%ecx call 0x10005701 movl $0x10020000 >> 10, _offset ;$0x40080,0x10003068 mov $18, %eax call load ;0x10003d82 jmp 0x100045a9 call 0x10003935 call 0x1000435f call 0x10005273 lods %ds:(%esi),%eax jmp 0x10006d7b mov $0x10015800,%esi jmp 0x10006ce5 mov $0x10004ed0,%ecx mov $0x10006d8d,%eax jmp 0x1000574f add %al,(%eax) add %al,(%eax) mov 0x4(%esp),%ebx pusha sub $0xc,%esp movl $0x0,(%esp) mov %esp,0x4(%ebx) cld movl $0x3ff,0xc(%ebx) call 0x100061ea call 0x10006237 call 0x10006396 mov 0x10006da6,%eax mov $0xffffffff,%ecx call 0x10005701 xor %eax,%eax mov %eax,%ecx call 0x1000567e mov %eax,0x10006da6 call 0x10005273 call 0x10005356 mov $0x10004f50,%ecx mov $0x10006daa,%eax call 0x1000574f ret start2: ;at absolute offset 0x544a in file ;so subtract 0x10001a00 to locate data in xxd dump push %edi push %esi push %ebp push %esp push %ebx push %edx push %ecx push %eax sub $0xc,%esp movl $0x0,(%esp) mov data0x10004e50,%ebx mov %esp,0x4(%ebx) movl $0x100020f0, 0x10005006 ;0x2022, _open in CRTDLL.dll cld mov start2, %esi ;$0x10006e4a,%esi mov signature, %eax ;version string call outstring ;0x1000521d call 0x10005256 mov %esp,%eax call 0x10005273 call 0x10005533 call 0x10005256 mov %esp,%eax call 0x10005273 call 0x100058a8 call 0x10005718 call 0x10005256 mov %ebx,%eax call 0x10005273 call 0x10006cb8 call 0x10006de2 call 0x10006d8d .loop: call 0x10005232 call 0x10005204 jmp .loop nc: lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x1000306c >> 2, %eax ;$0x4000c1b,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c4d,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c51,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c38,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c32,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c13,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c15,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4001316,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c1f,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c2a,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c2c,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x400124c,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c31,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c1a,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c53,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4001b37,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c19,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4002c00,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c16,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4000c17,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x4001bb3,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x400121c,%eax ret lea -0x4(%esi),%esi mov %eax,(%esi) mov $0x40015c3,%eax ret