dwice 4e6a [9EEC90h] == Time Flag for Reg Checks! dwice f0e1 Next protection! dwice f2ca the final GOOD judgment; dwice f345 We approde here later the REGISTERDLG! dwice f34e AL == first char of the name!; dwice f353 if the Name buffer is empty... dwice f355 jump, else go away; dwice f357 AL == first char of the Serial buffer; dwice f35c if the Serial Buffer is empty... dwice f35e jump, else go away; dwice f37e [9EEC8C] == Time flag for Reg Dialog! dwice f393 the final BAD judgment!!! dwice f741 \ dwice f747 > These are Flag Controls!!; ;) dwice f74d / dwice f76b EAX == Time Flag, at the begin its value is 3; dwice f775 When EAX == 1,it begins the control of the serial; dwice f788 [9EEC94] == Flag control, if it sets to 1 we have a MISTAKE; dwice f794 [9EEED0] == Time flag for Reg Dialog! dwice f79e [9EEC90] == 0Ah; it's the first Time Flag for Registry Check! dwice f7a6 [9EEC90] = 0, Reset the Time Counter; dwice f7b1 [9EEEC4] == 1; it's a next Time's flag for Registry Check; dwice f7c0 EAX = [9EEED0], Time Flag; When EAX == 2, starts another Dialog check control; dwice f7dd [9EEC94] == Flag control, if it sets to 1 we have a MISTAKE; dwice f7e9 [9EEEC8] == 6; it's a next Time's Flag for Reg Dialog; dwice f7f3 EAX = [9EEEC4], Time's Flag; when EAX == 1 starts another Registry check control; dwice f7fc [9EEEC4] = 0, Reset the Time Counter; dwice f80b [9EEED4] == 5; it's a next Time's flag for Registry Check; dwice f820 EAX = [9EEEC8], Time Flag; When EAX == 6, starts another check control; dwice f840 [9EEC94] == Flag control, if it sets to 1 we have a MISTAKE; dwice f85a [9EEEC8] = 0, reset the Time Counter; dwice f860 [9EEC98] == Flag control, if it sets to 1 we have a MISTAKE; dwice f888 [9EEEB8] == 9; it's a next Time's Flag; dwice f892 EAX = [9EEED4], Time's Flag; when EAX == 4 starts another Registry check control; dwice f8e0 [9EEED4] = 0, Reset the Time Counter; dwice f8f7 [9EEECC] == 0Ah; it's a next Time's flag for Registry Check; dwice f900 EAX == [9EEEB8]! When EAX == 8, starts another check control; dwice f906 init ESI, ESI == 0; dwice f914 Save the new Time's Flag in [9EEEB8]; dwice f928 [9EEC9C] == Flag control, if it sets to 1 we have a MISTAKE; dwice f942 [9EEEB8] = 0, reset the Time Counter; dwice f948 [9EEC9C] == Flag control, if it sets to 1 we have a MISTAKE; dwice f9b1 EAX = [9EEECC], Time's Flag; when EAX == 7 starts another Registry check control; dwice fe20 saves ESI on the stack; dwice fe21 ESI points to a Heap Object; dwice fe29 saves EDI on the stack; dwice fe2a it jumps if really Heap Object exists; dwice fe2c ESI points to the original Heap Block; dwice fe34 it jumps surely; dwice fe3b parameter passed by value; dwice fe40 this proc generates a pseudo random number < to the parameter passed by value; dwice fe59 ESI points to another Heap Object; dwice fe61 it jumps if really Heap Object exists; dwice fe63 ESI points to the original Heap Block; dwice fe6b it jumps surely; dwice fe72 EDI == parameter passed ( top of the stack... ); dwice fe76 ECX = number of bytes to copy; dwice fe7b copy operation; dwice fe7d restore EDI; dwice fe83 restore ESI; dwice fe90 saves ESI on the stack; dwice fe91 ESI == offset base of Src Memory Block! dwice fe97 saves EDI on the stack; dwice fe98 init EDI; dwice fe9c it jumps if exists a Memory Block; else ... dwice fe9e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice fead EAX points to the offset 9EECF4h; dwice feb4 it jumps if [9EECF4h] == 0; dwice feb6 EAX points to Heap block; dwice feb7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice febc parameter passed by value; dwice fec1 init the location that will store a new pointer to M. Heap Block; dwice fecb this proc allocates a M. Block in the Heap pointed by EAX; dwice fed0 realign the stack; dwice fed3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice fed5 parameter passed by value; dwice feda this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice fedf realign the stack; dwice fee2 [9EECF4h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice fef0 it jumps if EDI == 0; dwice fef2 EDI points to Heap block; dwice fef3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice fef8 realign the stack; dwice fefb parameter passed by value; dwice ff00 this proc generates a pseudo random number < to the parameter passed by value; dwice ff25 EDX == [9EECF4h]; dwice ff2b First parameter passed by value; dwice ff30 Second parameter passed by addr: offset of Src M. Block; dwice ff31 Third parameter passed by addr: offset of New M. Block in the Heap; dwice ff32 This proc copies bytes of Src M. Block in the New M.Block; dwice ff42 \ dwice ff43 | dwice ff48 | dwice ff4e | dwice ff50 | ; This piece of code copies bytes of dwice ff55 | ; Src Memory Block in the dest. Memory dwice ff5a | ; Block allocated in the heap; dwice ff5c | dwice ff5d | dwice ff5e | dwice ff61 | dwice ff64 / dwice ff70 saves ESI on the stack; dwice ff71 ESI points to a Heap Object; dwice ff79 saves EDI on the stack; dwice ff7a it jumps if really Heap Object exists; dwice ff7c ESI points to the original Heap Block; dwice ff84 it jumps surely; dwice ff8b parameter passed by value; dwice ff90 this proc generates a pseudo random number < to the parameter passed by value; dwice ffac ESI points to another Heap Object; dwice ffb4 it jumps if really Heap Object exists; dwice ffb6 ESI points to the original Heap Block; dwice ffbe it jumps surely; dwice ffc5 EDI == parameter passed ( top of the stack... ); dwice ffc9 ECX = number of bytes to copy; dwice ffce copy operation; dwice ffd0 restore EDI; dwice ffd6 restore ESI; dwice ffe0 saves ESI on the stack; dwice ffe1 ESI == offset base of Src Memory Block! dwice ffe7 saves EDI on the stack; dwice ffe8 init EDI; dwice ffec it jumps if exists a Memory Block; else ... dwice ffee ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice fffd EAX points to the offset 9EECF8h; dwice 10004 it jumps if [9EECF8h] == 0; dwice 10006 EAX points to Heap block; dwice 10007 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1000c parameter passed by value; dwice 10011 init the location that will store a new pointer to M. Heap Block; dwice 1001b this proc allocates a M. Block in the Heap pointed by EAX; dwice 10020 realign the stack; dwice 10023 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10025 parameter passed by value; dwice 1002a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 1002f realign the stack; dwice 10032 [9EECF8h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10040 it jumps if EDI == 0; dwice 10042 EDI points to Heap block; dwice 10043 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 10048 realign the stack; dwice 1004b parameter passed by value; dwice 10050 this proc generates a pseudo random number < to the parameter passed by value; dwice 10075 EDX == [9EECF8h]; dwice 1007b First parameter passed by value; dwice 10080 Second parameter passed by addr: offset of Src M. Block; dwice 10081 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 10082 This proc copies bytes of Src M. Block in the New M.Block; dwice 10092 \ dwice 10093 | dwice 10098 | dwice 1009e | dwice 100a0 | ; This piece of code copies bytes of dwice 100a5 | ; Src Memory Block in the dest. Memory dwice 100aa | ; Block allocated in the heap; dwice 100ac | dwice 100ad | dwice 100ae | dwice 100b1 | dwice 100b4 / dwice 100c3 EAX = 0A312B14Ch; dwice 100c9 EBP = offset of Name; dwice 100cd init the stack: [ESP +10h] = 0A312B14Ch; dwice 100d1 init the stack: [ESP +04h] = 0A312B14Ch; dwice 100d5 init the stack: [ESP +0Ch] = 0A312B14Ch; dwice 100d9 CL = first char of the 'Cleaned Name'; dwice 100dc init the stack: [ESP +08h] = 0A312B14Ch; dwice 100e0 Check if Name is ... empty ;)! ; dwice 100e2 init the stack: [ESP +14h] = 0A312B14Ch; dwice 100e6 init the stack: [ESP +18h] = 0A312B14Ch; dwice 100ea init the stack: [ESP +1Ch] = 0A312B14Ch; dwice 100ee init the stack: [ESP +20h] = 0A312B14Ch; dwice 100f2 if the buffer of the 'Cleaned Name' is Empty, we have a mistake, else... dwice 100f8 ... we land here; dwice 100fa Save EBX ESI EDI on the stack; dwice 100fb ECX = Current char; parameter passed by value; dwice 100fc This Sub converts the Current Char in a UPPERCASE Char; dwice 10101 EDI = Current UPPERCASE Char; dwice 10104 AL = Current Char; dwice 10107 EAX is a parameter passed by value; dwice 10108 This Sub converts the Current Char in a UPPERCASE Char; dwice 1010d CL = Current Char; dwice 10110 ECX is a parameter passed by value; dwice 10111 EBX = Current UPPERCASE Char; dwice 10114 This Sub converts the Current Char in a UPPERCASE Char; dwice 10119 DL = Current Char; dwice 1011c EDX is a parameter passed by value; dwice 1011d ESI = Current UPPERCASE Char; dwice 10120 This Sub converts the Current Char in a UPPERCASE Char; dwice 10125 ECX = 06h; dwice 1012b Realign the Stack; dwice 1012e EAX = Current UPPERCASE Char; dwice 10131 EDX = Current UPPERCASE Char; dwice 10133 EBP = Current UPPERCASE Char; dwice 10135 EDX = Current UPPERCASE Char * 2^(06h) dwice 10137 ECX = 11h; dwice 1013d EBP = Current UPPERCASE Char * 2^(11h) dwice 1013f ECX = 0Dh; dwice 10145 EDX = Current UPPERCASE Char * [2^(06h) xor 2^(11h)]; dwice 1014b ECX = 18h; dwice 10151 EDX = Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor (2^(0Dh)]; dwice 10157 ECX = 06h; dwice 1015d EDX = Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor (2^(0Dh) xor (2^(18h)]; dwice 1015f EBP = Current UPPERCASE Char; dwice 10161 -- > EAX = Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor (2^(0Dh) xor (2^(18h) xor 1]; dwice 10163 EDX = Current UPPERCASE Char; dwice 10167 ECX = 11h; dwice 1016f ECX = 0Dh; dwice 1017b ECX = 18h; dwice 10187 ECX = 06h; dwice 1018f EBP = Current UPPERCASE Char; dwice 10191 -- > EBX = Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor (2^(0Dh) xor (2^(18h) xor 1]; dwice 10193 EDX = Current UPPERCASE Char; dwice 10197 ECX = 11h; dwice 1019f ECX = 0Dh; dwice 101ab ECX = 18h; dwice 101b7 ECX = 06h; dwice 101bf EBP = Current UPPERCASE Char; dwice 101c1 -- > EDI = Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor (2^(0Dh) xor (2^(18h) xor 1]; dwice 101c3 EDX = Current UPPERCASE Char; dwice 101c7 ECX = 11h; dwice 101cf ECX = 0Dh; dwice 101db ECX = 18h; dwice 101e7 ECX = 25h; dwice 101ef -- > ESI = Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 101f1 EDX = 25h; dwice 101f3 EBP = 25h; dwice 101f5 EDX = 25h * [ESP + 1Ch]; dwice 101fa EBP = 25h * [ESP + 14h]; dwice 101ff EDX = EDX + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 10201 EBP = EBP + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 10203 -- > [ESP + 1Ch] = EDX; dwice 10207 EDX = 25h; dwice 10209 EDX = 25h * [ESP +10h]; dwice 1020e EDX = EDX + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 10210 Check if BL == 3; dwice 10213 -- > [ESP + 10h] = EDX; dwice 10217 If last check is false ... dwice 10219 we jump here if BL == 3; dwice 1021f -- > [ESP + 10h] = EDX + 34651278; dwice 10230 EDX = 57h * EBP; dwice 10233 -- > [ESP + 14h] = EDX; dwice 10239 ... we jump here; EDX = [ESP + 20h]; dwice 1023d EBP = EBP + 19890278; dwice 10243 -- > [ESP + 14h] = EBP; dwice 1024d EBP = 47h * [ESP +20h]; dwice 1024f -- > [ESP + 20h] = EBP; dwice 10253 EDX = 25h; dwice 10255 ECX = 25h * [ESP +10h]; dwice 1025a EDX = 25h * [ESP +18h]; dwice 1025f EDX = EDX + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 10261 ECX = ECX + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 10263 -- > [ESP + 18h] = EDX; dwice 10267 EDX = [ESP +24h]; dwice 1026d -- > [ESP + 10h] = ECX; dwice 10274 EBP = 1Fh * [ESP + 24h]; dwice 10276 EDX = [ESP +28h]; dwice 1027a EBP = EBP + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 10283 -- > [ESP + 24h] = EBP; dwice 10287 EBP = [ESP + 34h]; dwice 1028b EDX = 11h * [ESP + 28h] + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 1028d -- > [ESP + 28h] = EDX; dwice 10291 EDX = [ESP + 2Ch]; dwice 10295 CL points to the next char; dwice 1029a EBP = EBP + 1; dwice 1029e if CL is empty ( so we arrive to the end of the Name buffer...)... dwice 102a0 EAX = 25h * [ESP + 2Ch] + Current UPPERCASE Char * [2^(06h) xor 2^(11h) xor 2^(0Dh) xor 2^(18h) xor 1]; dwice 102a3 -- > [ESP + 34h] = EBP; dwice 102a7 -- > [ESP + 2Ch] = EAX; dwice 102ab ... we not jump!; dwice 102b1 EAX = [ESP + 18h]; dwice 102c0 saves ESI on the stack; dwice 102c1 ESI points to a Heap Object; dwice 102c9 saves EDI on the stack; dwice 102ca it jumps if really Heap Object exists; dwice 102cc ESI points to the original Heap Block; dwice 102d4 it jumps surely; dwice 102db parameter passed by value; dwice 102e0 this proc generates a pseudo random number < to the parameter passed by value; dwice 102fc ESI points to another Heap Object; dwice 10304 it jumps if really Heap Object exists; dwice 10306 ESI points to the original Heap Block; dwice 1030e it jumps surely; dwice 10315 EDI == parameter passed ( top of the stack... ); dwice 10319 ECX = number of bytes to copy; dwice 1031e copy operation; dwice 10320 restore EDI; dwice 10326 restore ESI; dwice 10330 saves ESI on the stack; dwice 10331 ESI == offset base of Src Memory Block! dwice 10337 saves EDI on the stack; dwice 10338 init EDI; dwice 1033c it jumps if exists a Memory Block; else ... dwice 1033e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1034d EAX points to the offset 9EED00h; dwice 10354 it jumps if [9EED00h] == 0; dwice 10356 EAX points to Heap block; dwice 10357 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1035c parameter passed by value; dwice 10361 init the location that will store a new pointer to M. Heap Block; dwice 1036b this proc allocates a M. Block in the Heap pointed by EAX; dwice 10370 realign the stack; dwice 10373 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10375 parameter passed by value; dwice 1037a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 1037f realign the stack; dwice 10382 [9EED00h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10390 it jumps if EDI == 0; dwice 10392 EDI points to Heap block; dwice 10393 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 10398 realign the stack; dwice 1039b parameter passed by value; dwice 103a0 this proc generates a pseudo random number < to the parameter passed by value; dwice 103c5 EDX == [9EED00h]; dwice 103cb First parameter passed by value; dwice 103d0 Second parameter passed by addr: offset of Src M. Block; dwice 103d1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 103d2 This proc copies bytes of Src M. Block in the New M.Block; dwice 103e2 \ dwice 103e3 | dwice 103e8 | dwice 103ee | dwice 103f0 | ; This piece of code copies bytes of dwice 103f5 | ; Src Memory Block in the dest. Memory dwice 103fa | ; Block allocated in the heap; dwice 103fc | dwice 103fd | dwice 103fe | dwice 10401 | dwice 10404 / dwice 10410 saves ESI on the stack; dwice 10411 ESI points to a Heap Object; dwice 10419 saves EDI on the stack; dwice 1041a it jumps if really Heap Object exists; dwice 1041c ESI points to the original Heap Block; dwice 10424 it jumps surely; dwice 1042b parameter passed by value; dwice 10430 this proc generates a pseudo random number < to the parameter passed by value; dwice 10449 ESI points to another Heap Object; dwice 10451 it jumps if really Heap Object exists; dwice 10453 ESI points to the original Heap Block; dwice 1045b it jumps surely; dwice 10462 EDI == parameter passed ( top of the stack... ); dwice 10466 ECX = number of bytes to copy; dwice 1046b copy operation; dwice 1046d restore EDI; dwice 10473 restore ESI; dwice 10480 saves ESI on the stack; dwice 10481 ESI == offset base of Src Memory Block! dwice 10487 saves EDI on the stack; dwice 10488 init EDI; dwice 1048c it jumps if exists a Memory Block; else ... dwice 1048e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1049d EAX points to the offset 9EECFCh; dwice 104a4 it jumps if [9EECFCh] == 0; dwice 104a6 EAX points to Heap block; dwice 104a7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 104ac parameter passed by value; dwice 104b1 init the location that will store a new pointer to M. Heap Block; dwice 104bb this proc allocates a M. Block in the Heap pointed by EAX; dwice 104c0 realign the stack; dwice 104c3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 104c5 parameter passed by value; dwice 104ca this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 104cf realign the stack; dwice 104d2 [9EECFCh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 104e0 it jumps if EDI == 0; dwice 104e2 EDI points to Heap block; dwice 104e3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 104e8 realign the stack; dwice 104eb parameter passed by value; dwice 104f0 this proc generates a pseudo random number < to the parameter passed by value; dwice 10515 EDX == [9EECFCh]; dwice 1051b First parameter passed by value; dwice 10520 Second parameter passed by addr: offset of Src M. Block; dwice 10521 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 10522 This proc copies bytes of Src M. Block in the New M.Block; dwice 10532 \ dwice 10533 | dwice 10538 | dwice 1053e | dwice 10540 | ; This piece of code copies bytes of dwice 10545 | ; Src Memory Block in the dest. Memory dwice 1054a | ; Block allocated in the heap; dwice 1054c | dwice 1054d | dwice 1054e | dwice 10551 | dwice 10554 / dwice 10560 saves ESI on the stack; dwice 10561 ESI == offset base of Src Memory Block! dwice 10567 saves EDI on the stack; dwice 10568 init EDI; dwice 1056c it jumps if exists a Memory Block; else ... dwice 1056e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1057d EAX points to the address 9EED0Ch; dwice 10584 it jumps if [9EED0Ch] == 0; dwice 10586 EAX points to Heap block; dwice 10587 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1058c parameter passed by value; dwice 10591 init the location that will store a new pointer to M. Heap Block; dwice 1059b this proc allocates a M. Block in the Heap pointed by EAX; dwice 105a0 realign the stack; dwice 105a3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 105a5 parameter passed by value; dwice 105aa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 105af realign the stack; dwice 105b2 [9EED0Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 105c0 it jumps if EDI == 0; dwice 105c2 EDI points to Heap block; dwice 105c3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 105c8 realign the stack; dwice 105cb parameter passed by value; dwice 105d0 this proc generates a pseudo random number < to the parameter passed by value; dwice 105f5 EDX = [9EED0Ch]; dwice 105fb First parameter passed by value; dwice 10600 Second parameter passed by addr: offset of Src M. Block; dwice 10601 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 10602 This proc copies bytes of Src M. Block in the New M.Block; dwice 10613 \ dwice 10618 | dwice 1061e | dwice 10620 | ; This piece of code copies bytes of dwice 10625 | ; Src Memory Block in the dest. Memory dwice 1062a | ; Block allocated in the Heap; dwice 1062c | dwice 1062d | dwice 1062e | dwice 10631 | dwice 10634 | dwice 10637 / dwice 10646 Parameter passed by value; dwice 10648 This sub generates a pseudo random number by the use of the API GetTickCount ;D.The return value is in EAX; dwice 1064d EAX <= 10h; it 's used as a random index; dwice 10664 EAX == offset of stack's top; dwice 10665 This proc copies a Heap object in to the stack; dwice 10673 ECX == offset of stack's top; dwice 10674 This proc copies a Heap object in to the stack; dwice 10682 EDX == offset of stack's top; dwice 10683 This proc copies a Heap object in to the stack; dwice 10691 EAX == offset of stack's top; dwice 10692 This proc copies a Heap object in to the stack; dwice 106a0 ECX == offset of stack's top; dwice 106a1 This proc copies a Heap object in to the stack; dwice 106af EDX == offset of stack's top; dwice 106b0 This proc copies a Heap object in to the stack; dwice 106be EAX == offset of stack's top; dwice 106bf This proc copies a Heap object in to the stack; dwice 106ca ECX == offset of stack's top; dwice 106cb This proc copies a Heap object in to the stack; dwice 106d6 EDX == offset of stack's top; dwice 106d7 This proc copies a Heap object in to the stack; dwice 106e2 EAX == offset of stack's top; dwice 106e3 This proc copies a Heap object in to the stack; dwice 106ee ECX == offset of stack's top; dwice 106ef This proc copies a Heap object in to the stack; dwice 106fa EDX == offset of stack's top; dwice 106fb This proc copies a Heap object in to the stack; dwice 10706 EAX == offset of stack's top; dwice 10707 This proc copies a Heap object in to the stack; dwice 10712 ECX == offset of stack's top; dwice 10713 This proc copies a Heap object in to the stack; dwice 1071e EDX == offset of stack's top; dwice 1071f This proc copies a Heap object in to the stack; dwice 1072a EAX == offset of stack's top; dwice 1072b This proc copies a Heap object in to the stack; dwice 10736 ECX == offset of stack's top; dwice 10737 This proc copies a Heap object in to the stack; dwice 10742 EAX is a Magic value; if EAX = 0 we have an error; dwice 10751 ECX = Lengh of Serial; dwice 10754 if the Serial has a lengh != 1Eh, we have a mistake, else... dwice 1075e ...we jump here; EDX point to the 'Cleaned Name'; dwice 10765 parameter passed by address; EDX = offset of the 'Cleaned Name'; dwice 10766 This sub computes a value on the ' Cleaned Name' and returns it in EAX; dwice 1076b ECX = 0Fh; dwice 1077c ERROR!!!; dwice 1077d Magic Value is set to 0 (EAX == 0); dwice 10786 CL = [ESP + 244h + 0Fh]; CL is a 0Fh-esim char of the serial; dwice 1078d we use the value stored in EAX many times! dwice 1078f EDX = EAX and 1Fh; dwice 10798 ERROR!!!; dwice 10799 Magic Value is set to 0 (EAX == 0); dwice 107a2 ECX = 0Bh; dwice 107b0 ERROR!!!; dwice 107b1 Magic Value is set to 0 (EAX == 0); dwice 107ba CL = [ESP + 244h + 0Bh]; CL is a 0Bh-esim char of the serial; dwice 107c6 EDX = (EAX >> 5) and EAX; dwice 107cf ERROR!!!; dwice 107d0 Magic Value is set to 0 (EAX == 0); dwice 107d9 ECX = 03h; dwice 107e7 ERROR!!!; dwice 107e8 Magic Value is set to 0 (EAX == 0); dwice 107f1 DL = [ESP + 244h + 03h]; DL is a 03h-esim char of the serial; dwice 10804 ERROR!!!; dwice 10805 Magic Value is set to 0 (EAX == 0); dwice 108d0 saves ESI on the stack; dwice 108d1 ESI == offset base of Src Memory Block! dwice 108d7 saves EDI on the stack; dwice 108d8 init EDI; dwice 108dc it jumps if exists a Memory Block; else ... dwice 108de ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 108ed EAX points to the offset 9EED08h; dwice 108f4 it jumps if [9EED08h] == 0; dwice 108f6 EAX points to Heap block; dwice 108f7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 108fc parameter passed by value; dwice 10901 init the location that will store a new pointer to M. Heap Block; dwice 1090b this proc allocates a M. Block in the Heap pointed by EAX; dwice 10910 realign the stack; dwice 10913 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10915 parameter passed by value; dwice 1091a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 1091f realign the stack; dwice 10922 [9EED08h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10930 it jumps if EDI == 0; dwice 10932 EDI points to Heap block; dwice 10933 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 10938 realign the stack; dwice 1093b parameter passed by value; dwice 10940 this proc generates a pseudo random number < to the parameter passed by value; dwice 10965 EDX == [9EED08h]; dwice 1096b First parameter passed by value; dwice 10970 Second parameter passed by addr: offset of Src M. Block; dwice 10971 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 10972 This proc copies bytes of Src M. Block in the New M.Block; dwice 10982 \ dwice 10983 | dwice 10988 | dwice 1098e | dwice 10990 | ; This piece of code copies bytes of dwice 10995 | ; Src Memory Block in the dest. Memory dwice 1099a | ; Block allocated in the heap; dwice 1099c | dwice 1099d | dwice 1099e | dwice 109a1 | dwice 109a4 / dwice 10a20 saves ESI on the stack; dwice 10a21 ESI == offset base of Src Memory Block! dwice 10a27 saves EDI on the stack; dwice 10a28 init EDI; dwice 10a2c it jumps if exists a Memory Block; else ... dwice 10a2e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 10a3d EAX points to the offset 9EED04h; dwice 10a44 it jumps if [9EED04h] == 0; dwice 10a46 EAX points to Heap block; dwice 10a47 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 10a4c parameter passed by value; dwice 10a51 init the location that will store a new pointer to M. Heap Block; dwice 10a5b this proc allocates a M. Block in the Heap pointed by EAX; dwice 10a60 realign the stack; dwice 10a63 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10a65 parameter passed by value; dwice 10a6a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 10a6f realign the stack; dwice 10a72 [9EED04h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 10a80 it jumps if EDI == 0; dwice 10a82 EDI points to Heap block; dwice 10a83 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 10a88 realign the stack; dwice 10a8b parameter passed by value; dwice 10a90 this proc generates a pseudo random number < to the parameter passed by value; dwice 10ab5 EDX == [9EED04h]; dwice 10abb First parameter passed by value; dwice 10ac0 Second parameter passed by addr: offset of Src M. Block; dwice 10ac1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 10ac2 This proc copies bytes of Src M. Block in the New M.Block; dwice 10ad2 \ dwice 10ad3 | dwice 10ad8 | dwice 10ade | dwice 10ae0 | ; This piece of code copies bytes of dwice 10ae5 | ; Src Memory Block in the dest. Memory dwice 10aea | ; Block allocated in the heap; dwice 10aec | dwice 10aed | dwice 10aee | dwice 10af1 | dwice 10af4 / dwice 10b03 save EBX; dwice 10b04 save EBP; dwice 10b05 EBP = offset of String1; dwice 10b09 save ESI; dwice 10b0a save EDI; dwice 10b0b init ECX = -1; dwice 10b0e EDI points to 'Cleaned Name'; dwice 10b14 EAX = 0; dwice 10b1a ECX = lengh of the 'Cleaned Name'; dwice 10b1b EDI = ECX = number of chars of Cleaned Name; dwice 10b1d EDI = EDI - 1; dwice 17791 First Check's routine; dwice 17796 In this Call there's a Second Check routine; dwice 1779b Third Check's routine; dwice 177a0 Fourth Check's routine; dwice 17ff0 saves ESI on the stack; dwice 17ff1 ESI points to a Heap Object; dwice 17ff9 saves EDI on the stack; dwice 17ffa it jumps if really Heap Object exists; dwice 17ffc ESI points to the original Heap Block; dwice 18004 it jumps surely; dwice 1800b parameter passed by value; dwice 18010 this proc generates a pseudo random number < to the parameter passed by value; dwice 1802a ESI points to another Heap Object; dwice 18032 it jumps if really Heap Object exists; dwice 18034 ESI points to the original Heap Block; dwice 1803c it jumps surely; dwice 18043 EDI == parameter passed ( top of the stack... ); dwice 18047 ECX = number of bytes to copy; dwice 1804c copy operation; dwice 1804e restore EDI; dwice 18054 restore ESI; dwice 18060 saves ESI on the stack; dwice 18061 ESI == offset base of Src Memory Block! dwice 18067 saves EDI on the stack; dwice 18068 init EDI; dwice 1806c it jumps if exists a Memory Block; else ... dwice 1806e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1807d EAX points to the offset 9EEE9Ch; dwice 18084 it jumps if [9EEE9Ch] == 0; dwice 18086 EAX points to Heap block; dwice 18087 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1808c parameter passed by value; dwice 18091 init the location that will store a new pointer to M. Heap Block; dwice 1809b this proc allocates a M. Block in the Heap pointed by EAX; dwice 180a0 realign the stack; dwice 180a3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 180a5 parameter passed by value; dwice 180aa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 180af realign the stack; dwice 180b2 [9EEE9Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 180c0 it jumps if EDI == 0; dwice 180c2 EDI points to Heap block; dwice 180c3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 180c8 realign the stack; dwice 180cb parameter passed by value; dwice 180d0 this proc generates a pseudo random number < to the parameter passed by value; dwice 180f5 EDX == [9EEE9Ch]; dwice 180fb First parameter passed by value; dwice 18100 Second parameter passed by addr: offset of Src M. Block; dwice 18101 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18102 This proc copies bytes of Src M. Block in the New M.Block; dwice 18112 \ dwice 18113 | dwice 18118 | dwice 1811e | dwice 18120 | ; This piece of code copies bytes of dwice 18125 | ; Src Memory Block in the dest. Memory dwice 1812a | ; Block allocated in the heap; dwice 1812c | dwice 1812d | dwice 1812e | dwice 18131 | dwice 18134 / dwice 18140 saves ESI on the stack; dwice 18141 ESI == offset base of Src Memory Block! dwice 18147 saves EDI on the stack; dwice 18148 init EDI; dwice 1814c it jumps if exists a Memory Block; else ... dwice 1814e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1815d EAX points to the offset 9EEEA0h; dwice 18164 it jumps if [9EEEA0h] == 0; dwice 18166 EAX points to Heap block; dwice 18167 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1816c parameter passed by value; dwice 18171 init the location that will store a new pointer to M. Heap Block; dwice 1817b this proc allocates a M. Block in the Heap pointed by EAX; dwice 18180 realign the stack; dwice 18183 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18185 parameter passed by value; dwice 1818a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 1818f realign the stack; dwice 18192 [9EEEA0h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 181a0 it jumps if EDI == 0; dwice 181a2 EDI points to Heap block; dwice 181a3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 181a8 realign the stack; dwice 181ab parameter passed by value; dwice 181b0 this proc generates a pseudo random number < to the parameter passed by value; dwice 181d5 EDX == [9EEEA0h]; dwice 181db First parameter passed by value; dwice 181e0 Second parameter passed by addr: offset of Src M. Block; dwice 181e1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 181e2 This proc copies bytes of Src M. Block in the New M.Block; dwice 181f2 \ dwice 181f3 | dwice 181f8 | dwice 181fe | dwice 18200 | ; This piece of code copies bytes of dwice 18205 | ; Src Memory Block in the dest. Memory dwice 1820a | ; Block allocated in the heap; dwice 1820c | dwice 1820d | dwice 1820e | dwice 18211 | dwice 18214 / dwice 18223 EAX = 578A43D1h; dwice 18228 save EBX on the stack; dwice 18229 save EBP on the stack; dwice 1822a EBP points to the Name Buffer; dwice 1822e save ESI on the stack; dwice 1822f save EDI on the stack; dwice 18230 DL = first char of the 'Cleaned Name'; dwice 18233 init the Stack: [ESP + 1Ch] = 578A43D1h; dwice 18237 test the presence of any char in a buffer...; dwice 18239 init the Stack: [ESP + 14h] = 578A43D1h; dwice 1823d init the Stack: [ESP + 10h] = 578A43D1h; dwice 18241 init the Stack: [ESP + 18h] = 578A43D1h; dwice 18245 ... if the first location of the Cleaned Name' buffer is empty, we have a mistake!!; dwice 18251 EDX = Current char; parameter passed by value; dwice 18252 This Sub converts the Current Char in a UPPERCASE Char; dwice 18257 ESI = Current UPPERCASE Char; dwice 1825a AL = Current Char; dwice 1825d EAX = Current char; parameter passed by value; dwice 1825e This Sub converts the Current Char in a UPPERCASE Char; dwice 18263 CL = Current Char; dwice 18266 ECX = Current char; parameter passed by value; dwice 18267 EDI = Current UPPERCASE Char; dwice 1826a This Sub converts the Current Char in a UPPERCASE Char; dwice 1826f DL = Current Char; dwice 18272 EDX = Current char; parameter passed by value; dwice 18273 EBX = Current UPPERCASE Char; dwice 18276 This Sub converts the Current Char in a UPPERCASE Char; dwice 1827b EBP = Current UPPERCASE Char; dwice 1827e EAX = offset of 'Cleaned Name' Buffer; dwice 18282 CL = Current Char; dwice 18284 ECX = Current char; parameter passed by value; dwice 18285 This Sub converts the Current Char in a UPPERCASE Char; dwice 1828a ECX = 07h; dwice 18290 EDX = Current UPPERCASE Char; dwice 18292 EDX = Current UPPERCASE Char * 2^(07h); dwice 18294 ECX = 0Bh; dwice 1829a EAX = Current UPPERCASE Char; dwice 1829c EAX = Current UPPERCASE Char * 2^(0Bh); dwice 1829e ECX = 11h; dwice 182a4 Realign the Stack; dwice 182a7 EDX = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh)]; dwice 182a9 EAX = Current UPPERCASE Char; dwice 182ab EAX = Current UPPERCASE Char * 2^(11h); dwice 182ad ECX = 18h; dwice 182b3 EDX = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h)]; dwice 182b5 EAX = Current UPPERCASE Char; dwice 182b7 EAX = Current UPPERCASE Char * 2^(18h); dwice 182b9 ECX = 1Dh; dwice 182bf EDX = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h)]; dwice 182c1 EAX = Current UPPERCASE Char; dwice 182c3 EAX = Current UPPERCASE Char * 2^(1Dh); dwice 182c5 ECX = 07h; dwice 182cb EDX = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh)]; dwice 182cd EAX = Current UPPERCASE Char; dwice 182cf -- > ESI = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 182d1 EDX = Current UPPERCASE Char; dwice 182d5 ECX = 0Bh; dwice 182dd ECX = 11h; dwice 182e9 ECX = 18h; dwice 182f5 ECX = 1Dh; dwice 18301 ECX = 07h; dwice 18309 EAX = Current UPPERCASE Char; dwice 1830b -- > EBP = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 1830d EDX = Current UPPERCASE Char; dwice 18311 ECX = 0Bh; dwice 18319 ECX = 11h; dwice 18325 ECX = 18h; dwice 18331 ECX = 1Dh; dwice 1833f -- > EBX = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 18341 EDX = Current UPPERCASE Char; dwice 18343 ECX = 07h; dwice 18349 EAX = Current UPPERCASE Char; dwice 1834d ECX = 0Bh; dwice 18355 ECX = 11h; dwice 18361 ECX = 18h; dwice 1836d ECX = 1Dh; dwice 1837b -- > EDI = Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 1837d check if BL == 03h; dwice 18380 we jump if BL<> 03h; dwice 1839d EAX = [ESP + 10h]; dwice 183a1 EAX = [ESP + 10h] - 5C786FE9h; dwice 183a6 -- > [ESP + 10h] = [ESP + 10h] - 5C786FE9h; dwice 183aa ECX = 25h; dwice 183b0 EDX = 25h; dwice 183b2 ECX = 25h * [ESP + 10h]; dwice 183b5 EDX = 25h * [ESP + 1Ch]; dwice 183ba EDX = EDX + Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 183bc ECX = ECX + Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 183be -- > [ESP + 1Ch] = EDX; dwice 183c2 EDX = 13h; dwice 183c8 ESI = 13h; dwice 183ca EDX = 13h * [ESP + 14h]; dwice 183cf ESI = 13h * [ESP + 18h]; dwice 183d4 EDX = EDX + 2 * Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 183d7 ESI = ESI + Current UPPERCASE Char * [2^(07h) xor 2^(0Bh) xor 2^(11h) xor 2^(18h) xor 2^(1Dh) xor 1]; dwice 183d9 -- > [ESP + 14h] = EDX; dwice 183dd EDX = offset of 'Cleaned Name' buffer; dwice 183e1 EDX = EDX + 1; dwice 183e2 -- > [ESP + 18h] = ESI; dwice 183e6 -- > [ESP + 24h] = EDX; dwice 183ea -- > [ESP + 10h] = ECX; dwice 183ee DL = Next Char of 'Cleaned Name' Buffer; dwice 183f2 if the Buffer of 'Cleaned Name' is empty, we finish this loop... dwice 183f8 / Garbage code! dwice 183fb | dwice 183fd \ dwice 18405 ...and EAX = [ESP + 18h]; or... dwice 18411 ...the same ;) ! Infact EAX = ESI = [ESP + 18h]; dwice 18490 saves ESI on the stack; dwice 18491 ESI == offset base of Src Memory Block! dwice 18497 saves EDI on the stack; dwice 18498 init EDI; dwice 1849c it jumps if exists a Memory Block; else ... dwice 1849e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 184ad EAX points to the offset 9EEEA4h; dwice 184b4 it jumps if [9EEEA4h] == 0; dwice 184b6 EAX points to Heap block; dwice 184b7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 184bc parameter passed by value; dwice 184c1 init the location that will store a new pointer to M. Heap Block; dwice 184cb this proc allocates a M. Block in the Heap pointed by EAX; dwice 184d0 realign the stack; dwice 184d3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 184d5 parameter passed by value; dwice 184da this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 184df realign the stack; dwice 184e2 [9EEEA4h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 184f0 it jumps if EDI == 0; dwice 184f2 EDI points to Heap block; dwice 184f3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 184f8 realign the stack; dwice 184fb parameter passed by value; dwice 18500 this proc generates a pseudo random number < to the parameter passed by value; dwice 18525 EDX == [9EEEA4h]; dwice 1852b First parameter passed by value; dwice 18530 Second parameter passed by addr: offset of Src M. Block; dwice 18531 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18532 This proc copies bytes of Src M. Block in the New M.Block; dwice 18542 \ dwice 18543 | dwice 18548 | dwice 1854e | dwice 18550 | ; This piece of code copies bytes of dwice 18555 | ; Src Memory Block in the dest. Memory dwice 1855a | ; Block allocated in the heap; dwice 1855c | dwice 1855d | dwice 1855e | dwice 18561 | dwice 18564 / dwice 185e0 saves ESI on the stack; dwice 185e1 ESI == offset base of Src Memory Block! dwice 185e7 saves EDI on the stack; dwice 185e8 init EDI; dwice 185ec it jumps if exists a Memory Block; else ... dwice 185ee ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 185fd EAX points to the offset 9EEEA8h; dwice 18604 it jumps if [9EEEA8h] == 0; dwice 18606 EAX points to Heap block; dwice 18607 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1860c parameter passed by value; dwice 18611 init the location that will store a new pointer to M. Heap Block; dwice 1861b this proc allocates a M. Block in the Heap pointed by EAX; dwice 18620 realign the stack; dwice 18623 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18625 parameter passed by value; dwice 1862a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 1862f realign the stack; dwice 18632 [9EEEA8h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18640 it jumps if EDI == 0; dwice 18642 EDI points to Heap block; dwice 18643 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 18648 realign the stack; dwice 1864b parameter passed by value; dwice 18650 this proc generates a pseudo random number < to the parameter passed by value; dwice 18675 EDX == [9EEEA8h]; dwice 1867b First parameter passed by value; dwice 18680 Second parameter passed by addr: offset of Src M. Block; dwice 18681 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18682 This proc copies bytes of Src M. Block in the New M.Block; dwice 18692 \ dwice 18693 | dwice 18698 | dwice 1869e | dwice 186a0 | ; This piece of code copies bytes of dwice 186a5 | ; Src Memory Block in the dest. Memory dwice 186aa | ; Block allocated in the heap; dwice 186ac | dwice 186ad | dwice 186ae | dwice 186b1 | dwice 186b4 / dwice 186c6 Parameter passed by value; dwice 186c8 This sub generates a pseudo random number by the use of the API GetTickCount ;D.The return value is in EAX; dwice 186cd EAX <= 10h; it 's used as a random index; dwice 186e4 EAX == offset of stack's top; dwice 186e5 This proc copies a Heap object in to the stack; dwice 186f3 ECX == offset of stack's top; dwice 186f4 This proc copies a Heap object in to the stack; dwice 18702 EDX == offset of stack's top; dwice 18703 This proc copies a Heap object in to the stack; dwice 18711 EAX == offset of stack's top; dwice 18712 This proc copies a Heap object in to the stack; dwice 18720 ECX == offset of stack's top; dwice 18721 This proc copies a Heap object in to the stack; dwice 1872f EDX == offset of stack's top; dwice 18730 This proc copies a Heap object in to the stack; dwice 1873e EAX == offset of stack's top; dwice 1873f This proc copies a Heap object in to the stack; dwice 1874a ECX == offset of stack's top; dwice 1874b This proc copies a Heap object in to the stack; dwice 18756 EDX == offset of stack's top; dwice 18757 This proc copies a Heap object in to the stack; dwice 18762 EAX == offset of stack's top; dwice 18763 This proc copies a Heap object in to the stack; dwice 1876e ECX == offset of stack's top; dwice 1876f This proc copies a Heap object in to the stack; dwice 1877a EDX == offset of stack's top; dwice 1877b This proc copies a Heap object in to the stack; dwice 18786 EAX == offset of stack's top; dwice 18787 This proc copies a Heap object in to the stack; dwice 18792 ECX == offset of stack's top; dwice 18793 This proc copies a Heap object in to the stack; dwice 1879e EDX == offset of stack's top; dwice 1879f This proc copies a Heap object in to the stack; dwice 187aa EAX == offset of stack's top; dwice 187ab This proc copies a Heap object in to the stack; dwice 187b6 ECX == offset of stack's top; dwice 187b7 This proc copies a Heap object in to the stack; dwice 187bc Next check of the serial!!; dwice 187bf ECX = -1; dwice 187c2 EAX = MAGIC value; if it set to 0 we have a MISTAKE; dwice 187c4 save EDi on the Stack; dwice 187c5 EDI = offset of the serial; dwice 187d1 EDI = original value; dwice 187d2 ECX = Serial's lengh; Check if it is equal to 1Eh; dwice 187d5 if the last check is not passed, EAX == 0 and we are bad boys!; dwice 187de EDX = offset of 'Cleaned Name'; dwice 187e5 Parameter passed by address : offset of 'Cleaned name'; dwice 187e6 This Sub computes an 'hash' and stores it in EAX; dwice 187eb ECX = 09h; dwice 187fa save the result of the last Sub: EAX = [9EEEC0]; dwice 1881a ERROR!!!; EAX == 0; dwice 18823 EAX = 1;) ; dwice 18828 it saves EAX: [9EEEBC] = EAX = 1; dwice 188f0 saves ESI on the stack; dwice 188f1 ESI == offset base of Src Memory Block! dwice 188f7 saves EDI on the stack; dwice 188f8 init EDI; dwice 188fc it jumps if exists a Memory Block; else ... dwice 188fe ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1890d EAX points to the offset 9EEEACh; dwice 18914 it jumps if [9EEEACh] == 0; dwice 18916 EAX points to Heap block; dwice 18917 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1891c parameter passed by value; dwice 18921 init the location that will store a new pointer to M. Heap Block; dwice 1892b this proc allocates a M. Block in the Heap pointed by EAX; dwice 18930 realign the stack; dwice 18933 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18935 parameter passed by value; dwice 1893a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 1893f realign the stack; dwice 18942 [9EEEACh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18950 it jumps if EDI == 0; dwice 18952 EDI points to Heap block; dwice 18953 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 18958 realign the stack; dwice 1895b parameter passed by value; dwice 18960 this proc generates a pseudo random number < to the parameter passed by value; dwice 18985 EDX == [9EEEACh]; dwice 1898b First parameter passed by value; dwice 18990 Second parameter passed by addr: offset of Src M. Block; dwice 18991 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18992 This proc copies bytes of Src M. Block in the New M.Block; dwice 189a2 \ dwice 189a3 | dwice 189a8 | dwice 189ae | dwice 189b0 | ; This piece of code copies bytes of dwice 189b5 | ; Src Memory Block in the dest. Memory dwice 189ba | ; Block allocated in the heap; dwice 189bc | dwice 189bd | dwice 189be | dwice 189c1 | dwice 189c4 / dwice 18a40 saves ESI on the stack; dwice 18a41 ESI == offset base of Src Memory Block! dwice 18a47 saves EDI on the stack; dwice 18a48 init EDI; dwice 18a4c it jumps if exists a Memory Block; else ... dwice 18a4e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 18a5d EAX points to the offset 9EEEB0h; dwice 18a64 it jumps if [9EEEB0h] == 0; dwice 18a66 EAX points to Heap block; dwice 18a67 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 18a6c parameter passed by value; dwice 18a71 init the location that will store a new pointer to M. Heap Block; dwice 18a7b this proc allocates a M. Block in the Heap pointed by EAX; dwice 18a80 realign the stack; dwice 18a83 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18a85 parameter passed by value; dwice 18a8a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 18a8f realign the stack; dwice 18a92 [9EEEB0h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18aa0 it jumps if EDI == 0; dwice 18aa2 EDI points to Heap block; dwice 18aa3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 18aa8 realign the stack; dwice 18aab parameter passed by value; dwice 18ab0 this proc generates a pseudo random number < to the parameter passed by value; dwice 18ad5 EDX == [9EEE80h]; dwice 18adb First parameter passed by value; dwice 18ae0 Second parameter passed by addr: offset of Src M. Block; dwice 18ae1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18ae2 This proc copies bytes of Src M. Block in the New M.Block; dwice 18af2 \ dwice 18af3 | dwice 18af8 | dwice 18afe | dwice 18b00 | ; This piece of code copies bytes of dwice 18b05 | ; Src Memory Block in the dest. Memory dwice 18b0a | ; Block allocated in the heap; dwice 18b0c | dwice 18b0d | dwice 18b0e | dwice 18b11 | dwice 18b14 / dwice 18b90 saves ESI on the stack; dwice 18b91 ESI == offset base of Src Memory Block! dwice 18b97 saves EDI on the stack; dwice 18b98 init EDI; dwice 18b9c it jumps if exists a Memory Block; else ... dwice 18b9e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 18bad EAX points to the address 9EEEB4h; dwice 18bb4 it jumps if [9EEEB4h] == 0; dwice 18bb6 EAX points to Heap block; dwice 18bb7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 18bbc parameter passed by value; dwice 18bc1 init the location that will store a new pointer to M. Heap Block; dwice 18bcb this proc allocates a M. Block in the Heap pointed by EAX; dwice 18bd0 realign the stack; dwice 18bd3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18bd5 parameter passed by value; dwice 18bda this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 18bdf realign the stack; dwice 18be2 [9EEEB4h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18bf0 it jumps if EDI == 0; dwice 18bf2 EDI points to Heap block; dwice 18bf3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 18bf8 realign the stack; dwice 18bfb parameter passed by value; dwice 18c00 this proc generates a pseudo random number < to the parameter passed by value; dwice 18c25 EDX = [9EEEB4h]; dwice 18c2b First parameter passed by value; dwice 18c30 Second parameter passed by addr: offset of Src M. Block; dwice 18c31 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18c32 This proc copies bytes of Src M. Block in the New M.Block; dwice 18c43 \ dwice 18c48 | dwice 18c4e | dwice 18c50 | dwice 18c55 | ; This piece of code copies bytes of dwice 18c5a | ; Src Memory Block in the dest. Memory dwice 18c5c | ; Block allocated in the Heap; dwice 18c5d | dwice 18c5e | dwice 18c61 | dwice 18c64 | dwice 18c67 / dwice 18c70 saves ESI on the stack; dwice 18c71 ESI points to a Heap Object; dwice 18c79 saves EDI on the stack; dwice 18c7a it jumps if really Heap Object exists; dwice 18c7c ESI points to the original Heap Block; dwice 18c84 it jumps surely; dwice 18c8b parameter passed by value; dwice 18c90 this proc generates a pseudo random number < to the parameter passed by value; dwice 18ca9 ESI points to another Heap Object; dwice 18cb1 it jumps if really Heap Object exists; dwice 18cb3 ESI points to the original Heap Block; dwice 18cbb it jumps surely; dwice 18cc2 EDI == parameter passed ( top of the stack... ); dwice 18cc6 ECX = number of bytes to copy; dwice 18ccb copy operation; dwice 18ccd restore EDI; dwice 18cd3 restore ESI; dwice 18ce0 saves ESI on the stack; dwice 18ce1 ESI == offset base of Src Memory Block! dwice 18ce7 saves EDI on the stack; dwice 18ce8 init EDI; dwice 18cec it jumps if exists a Memory Block; else ... dwice 18cee ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 18cfd EAX points to the offset 9EEEE4h; dwice 18d04 it jumps if [9EEEE4h] == 0; dwice 18d06 EAX points to Heap block; dwice 18d07 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 18d0c parameter passed by value; dwice 18d11 init the location that will store a new pointer to M. Heap Block; dwice 18d1b this proc allocates a M. Block in the Heap pointed by EAX; dwice 18d20 realign the stack; dwice 18d23 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18d25 parameter passed by value; dwice 18d2a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 18d2f realign the stack; dwice 18d32 [9EEEE4h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18d40 it jumps if EDI == 0; dwice 18d42 EDI points to Heap block; dwice 18d43 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 18d48 realign the stack; dwice 18d4b parameter passed by value; dwice 18d50 this proc generates a pseudo random number < to the parameter passed by value; dwice 18d75 EDX == [9EEEE4h]; dwice 18d7b First parameter passed by value; dwice 18d80 Second parameter passed by addr: offset of Src M. Block; dwice 18d81 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18d82 This proc copies bytes of Src M. Block in the New M.Block; dwice 18d92 \ dwice 18d93 | dwice 18d98 | dwice 18d9e | dwice 18da0 | ; This piece of code copies bytes of dwice 18da5 | ; Src Memory Block in the dest. Memory dwice 18daa | ; Block allocated in the heap; dwice 18dac | dwice 18dad | dwice 18dae | dwice 18db1 | dwice 18db4 / dwice 18e30 saves ESI on the stack; dwice 18e31 ESI == offset base of Src Memory Block! dwice 18e37 saves EDI on the stack; dwice 18e38 init EDI; dwice 18e3c it jumps if exists a Memory Block; else ... dwice 18e3e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 18e4d EAX points to the offset 9EEEFOh; dwice 18e54 it jumps if [9EEEF0h] == 0; dwice 18e56 EAX points to Heap block; dwice 18e57 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 18e5c parameter passed by value; dwice 18e61 init the location that will store a new pointer to M. Heap Block; dwice 18e6b this proc allocates a M. Block in the Heap pointed by EAX; dwice 18e70 realign the stack; dwice 18e73 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18e75 parameter passed by value; dwice 18e7a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 18e7f realign the stack; dwice 18e82 [9EEEF0h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18e90 it jumps if EDI == 0; dwice 18e92 EDI points to Heap block; dwice 18e93 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 18e98 realign the stack; dwice 18e9b parameter passed by value; dwice 18ea0 this proc generates a pseudo random number < to the parameter passed by value; dwice 18ec5 EDX = [9EEEF0h]; dwice 18ecb First parameter passed by value; dwice 18ed0 Second parameter passed by addr: offset of Src M. Block; dwice 18ed1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 18ed2 This proc copies bytes of Src M. Block in the New M.Block; dwice 18ee3 \ dwice 18ee8 | dwice 18eee | dwice 18ef0 | dwice 18ef5 | ; This piece of code copies bytes of dwice 18efa | ; Src Memory Block in the dest. Memory dwice 18efc | ; Block allocated in the Heap; dwice 18efd | dwice 18efe | dwice 18f01 | dwice 18f04 | dwice 18f07 / dwice 18f80 saves ESI on the stack; dwice 18f81 ESI == offset base of Src Memory Block! dwice 18f87 saves EDI on the stack; dwice 18f88 init EDI; dwice 18f8c it jumps if exists a Memory Block; else ... dwice 18f8e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 18f9d EAX points to the offset 9EEEE8h; dwice 18fa4 it jumps if [9EEEE8h] == 0; dwice 18fa6 EAX points to Heap block; dwice 18fa7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 18fac parameter passed by value; dwice 18fb1 init the location that will store a new pointer to M. Heap Block; dwice 18fbb this proc allocates a M. Block in the Heap pointed by EAX; dwice 18fc0 realign the stack; dwice 18fc3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18fc5 parameter passed by value; dwice 18fca this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 18fcf realign the stack; dwice 18fd2 [9EEEE8h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 18fe0 it jumps if EDI == 0; dwice 18fe2 EDI points to Heap block; dwice 18fe3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 18fe8 realign the stack; dwice 18feb parameter passed by value; dwice 18ff0 this proc generates a pseudo random number < to the parameter passed by value; dwice 19015 EDX == [9EEEE8h]; dwice 1901b First parameter passed by value; dwice 19020 Second parameter passed by addr: offset of Src M. Block; dwice 19021 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 19022 This proc copies bytes of Src M. Block in the New M.Block; dwice 19032 \ dwice 19033 | dwice 19038 | dwice 1903e | dwice 19040 | ; This piece of code copies bytes of dwice 19045 | ; Src Memory Block in the dest. Memory dwice 1904a | ; Block allocated in the heap; dwice 1904c | dwice 1904d | dwice 1904e | dwice 19051 | dwice 19054 / dwice 19060 EDX = offset of first block; (first parameter); dwice 19064 EAX = offset of second block; (Second parameter); dwice 19068 save ESI in to the Stack; dwice 19069 ESI = first block; dwice 1906b ECX = second block; dwice 1906d First block goes in the position of Second block; dwice 1906f Second block goes in the position of First block; dwice 19071 restore original value of ESI; dwice 19080 EDX = offset of second block; (second parameter); dwice 19084 EDX = offset of third block; (third parameter); dwice 19088 save ESI in to the stack; dwice 19089 ESI = second block; dwice 1908b ECX = third block; dwice 1908d Second block goes in the position of Third block; dwice 1908f EAX = offset of first block; ( first parameter); dwice 19093 ESI = first block; dwice 19095 First block goes in the position of Second block; dwice 19097 Third block goes in the position of First block; dwice 19099 restore the value of ESI; dwice 190a0 EDX = offset of third block; (third parameter); dwice 190a4 EAX = offset of fourth block; (fourth parameter); dwice 190a8 save ESI in to the stack; dwice 190a9 ESI = third block; dwice 190ab ECX = fourth block; dwice 190ad Third block goes in the position of Fourth block; dwice 190af EAX = offset of second block; (second parameter); dwice 190b3 ESI = second block; dwice 190b5 Second block goes in the position of Third block; dwice 190b7 EDX = offset of first block; (first parameter); dwice 190bb ESI = first block; dwice 190bd First block goes in the position of Second block; dwice 190bf Fourth block goes in the position of First block; dwice 190c1 restore the value of ESI; dwice 190d3 EAX = 578A43D1h; dwice 190db ESI = pointer of the 'Cleaned Name'; dwice 190df save on the Stack EBX EBP ESI EDI; dwice 190e0 5 block = EAX; dwice 190e4 EDI = ESI = pointer of 'Cleaned Name'; dwice 190e6 ECX = -1; dwice 190e9 init EAX, EAX = 0; dwice 190ed EBX = A312B14Ch; dwice 190f3 EBP = A29DC94Dh; dwice 190fb ECX = lengh of 'Cleaned Name Buffer'; dwice 190fc First parameter passed by value : 1; dwice 190fe Second parameter passed by value: Lengh of 'Cleaned Name Buffer'; dwice 190ff third parameter passed by address: offset of 'Cleaned Name'; dwice 19100 This Sub computes a value by a CDATA Buffer and returns this in EAX; dwice 19105 EAX = EAX xor EBX; dwice 19107 EDI = ESI = pointer of the 'Cleaned Name'; dwice 19109 1 block = EAX; dwice 1910d ECX = -1; dwice 19110 init EAX, EAX = 0; dwice 19112 First parameter passed by value : 1; dwice 19119 Second parameter passed by value: Lengh of 'Cleaned Name Buffer'; dwice 1911a third parameter passed by address: offset of 'Cleaned Name'; dwice 1911b This Sub computes a value by a CDATA Buffer and returns this in EAX; dwice 19120 EBX = 17983DE1h; dwice 19126 EDI = ESI = pointer of the 'Cleaned Name'; dwice 19128 EAX = EAX xor EBX; dwice 1912a ECX = -1; dwice 1912d 2 block = EAX; dwice 19131 init EAX, EAX = 0; dwice 19138 First parameter passed by value : 1; dwice 1913a Second parameter passed by value: Lengh of 'Cleaned Name Buffer'; dwice 1913b third parameter passed by address: offset of 'Cleaned Name'; dwice 1913c This Sub computes a value by a CDATA Buffer and returns this in EAX; dwice 19141 EAX = EAX xor 58209123h; dwice 19146 EDI = ESI = pointer of the 'Cleaned Name'; dwice 19148 4 block = EAX; dwice 1914c ECX = -1; dwice 1914f init EAX, EAX = 0; dwice 19151 First parameter passed by value : 1; dwice 19158 Second parameter passed by value: Lengh of 'Cleaned Name Buffer'; dwice 19159 third parameter passed by address: offset of 'Cleaned Name'; dwice 1915a This Sub computes a value by a CDATA Buffer and returns this in EAX; dwice 19161 EDI = ESI = pointer of the 'Cleaned Name'; dwice 19163 EAX = EAX xor A29DC94Dh xor 289F1E44h; dwice 19168 ECX = -1; dwice 1916b 3 block = EAX; dwice 1916f init EAX, EAX = 0; dwice 19176 First parameter passed by value : 1; dwice 19178 Second parameter passed by value: Lengh of 'Cleaned Name Buffer'; dwice 19179 third parameter passed by address: offset of 'Cleaned Name'; dwice 1917a This Sub computes a value by a CDATA Buffer and returns this in EAX; dwice 1917f ECX = 5 block; dwice 19183 EDX = address of 6 block; dwice 19187 EAX = EAX xor ECX; dwice 19189 ECX = address of 2 block; dwice 1918d First parameter passed by address: offset of 2 block; dwice 1918e Second parameter passed by address: offset of 6 block; dwice 1918f 6 block = EAX; dwice 19193 This sub scrambles the postions of two blocks; dwice 19198 EDI = 6 block; dwice 1919c EBX = 7F2AE134h; dwice 191a1 realign the stack; dwice 191a4 EDI = EDI xor EBX; dwice 191a6 EAX = address of 1 block; dwice 191aa ECX = address of 6 block; dwice 191ae First parameter passed by address: offset of 1 block; dwice 191af Second parameter passed by address: offset of 6 block; dwice 191b0 6 block = EDI; dwice 191b4 This sub scrambles the postions of the blocks; dwice 191b9 EDX = 7F2AE134h; dwice 191bf EAX = 2 block; dwice 191c3 EAX = 2 block xor 13246178h; dwice 191c5 ECX = offset of 6 block; dwice 191c9 2 block = EAX; dwice 191cd EAX = address of 2 block; dwice 191d1 First parameter passed by address: offset of 2 block; dwice 191d2 EDX = address of 1 block; dwice 191d6 Second parameter passed by address: offset of 6 block; dwice 191d7 EAX = address of 3 block; dwice 191db Third parameter passed by address: offset of 1 block; dwice 191dc Fourth parameter passed by address: offset of 3 block; dwice 191dd This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 191e2 EAX = 4 block; dwice 191e6 ECX = address of 2 block; dwice 191ea EAX = address of 1 block; dwice 191ee EAX = EAX xor 58209123h; dwice 191f3 First parameter passed by address: offset of 2 block; dwice 191f4 Second parameter passed by address: offset of 1 block; dwice 191f5 4 block = EAX; dwice 191f9 This sub scrambles the postions of two blocks; dwice 191fe EDX = 1 block; dwice 19207 EDX = EDX xor 1893CBE0h; dwice 19209 EAX = address of 6 block; dwice 1920d 1 block = EDX; dwice 19211 ECX = address of 2 block; dwice 19215 First parameter passed by address: offset of 6 block; dwice 19216 EDX = address of 1 block; dwice 1921a Second parameter passed by address: offset of 2 block; dwice 1921b Third parameter passed by address: offset of 1 block; dwice 1921c This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19221 EAX = address of 2 block; dwice 19225 ECX = address of 4 block; dwice 19229 First parameter passed by address: offset of 2 block; dwice 1922a EDX = address of 3 block; dwice 1922e Second parameter passed by address: offset of 4 block; dwice 1922f Third parameter passed by address: offset of 3 block; dwice 19230 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19235 EAX = address of 1 block; dwice 19239 ECX = address of 6 block; dwice 1923d First parameter passed by address: offset of 1 block; dwice 1923e Second parameter passed by address: offset of 6 block; dwice 1923f This sub scrambles the postions of two blocks; dwice 19244 realign the stack; dwice 19247 EDX = address of 4 block; dwice 1924b EAX = address of 1 block; dwice 1924f First parameter passed by address: offset of 4 block; dwice 19250 Second parameter passed by address: offset of 1 block; dwice 19251 This sub scrambles the postions of two blocks; dwice 19256 ESI = 6 block; dwice 1925a ECX = address of 2 block; dwice 1925e EDX = address of 1 block; dwice 19262 ESI = ESI xor 7F2AE134h; dwice 19264 First parameter passed by address: offset of 2 block; dwice 19265 Second parameter passed by address: offset of 1 block; dwice 19266 6 block = ESI; dwice 1926a This sub scrambles the postions of two blocks; dwice 1926f EAX = address of 4 block; dwice 19273 ECX = address of 3 block; dwice 19277 First parameter passed by address: offset of 4 block; dwice 19278 Second parameter passed by address: offset of 3 block; dwice 19279 This sub scrambles the postions of two blocks; dwice 1927e EDX = 13246178h; dwice 19284 ECX = 4 block; dwice 19288 AL = last byte of 3 block; dwice 1928c realign the stack; dwice 1928f ECX = ECX xor 13246178h; dwice 19291 ESI = A248C13Bh; dwice 19296 if AL == 2, we ignore the next jump; dwice 19298 4 block = ECX; dwice 192a2 EAX = address of 1 block; dwice 192a6 ECX = address of 6 block; dwice 192aa First parameter passed by address: offset of 1 block; dwice 192ab EDX = address of 2 block; dwice 192af Second parameter passed by address: offset of 6 block; dwice 192b0 Third parameter passed by address: offset of 2 block; dwice 192b1 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 192b6 EAX = address of 1 block; dwice 192ba ECX = address of 2 block; dwice 192be First parameter passed by address: offset of 1 block; dwice 192bf EDX = address of 3 block; dwice 192c3 Second parameter passed by address: offset of 2 block; dwice 192c4 Third parameter passed by address: offset of 3 block; dwice 192c5 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 192ca EAX = 1893CBE0h; dwice 192cf EBP = 6 block; dwice 192d3 ECX = address of 6 block; dwice 192d7 EBP = EBP xor 1893CBE0h; dwice 192d9 EDX = address of 1 block; dwice 192dd First parameter passed by address: offset of 6 block; dwice 192de EAX = address of 2 block; dwice 192e2 Second parameter passed by address: offset of 1 block; dwice 192e3 ECX = address of 3 block; dwice 192e7 Third parameter passed by address: offset of 2 block; dwice 192e8 Fourth parameter passed by address: offset of 3 block; dwice 192e9 6 block = EBP; dwice 192ed This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 192f2 EDX = address of 3 block; dwice 192f6 EAX = address of 6 block; dwice 192fa First parameter passed by address: offset of 3 block; dwice 192fb ECX = address of 1 block; dwice 192ff Second parameter passed by address: offset of 6 block; dwice 19300 Third parameter passed by address: offset of 1 block; dwice 19301 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19306 EDX = address of 2 block; dwice 1930a EAX = address of 1 block; dwice 1930e First parameter passed by address: offset of 2 block; dwice 1930f ECX = address of 3 block; dwice 19313 Second parameter passed by address: offset of 1 block; dwice 19314 Third parameter passed by address: offset of 3 block; dwice 19315 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 1931a EAX = 3 block; dwice 1931e realign the stack; dwice 19321 EAX = EAX xor 34576FEBh; dwice 19326 3 block = EAX; dwice 1932f EDX = 34576FEBh; dwice 19335 EBP = 6 block; dwice 19339 EAX = address of 6 block; dwice 1933d EBP = EBP xor 34576FEBh; dwice 1933f ECX = address of 1 block; dwice 19343 First parameter passed by address: offset of 6 block; dwice 19344 EDX = address of 2 block; dwice 19348 Second parameter passed by address: offset of 1 block; dwice 19349 EAX = address of 3 block; dwice 1934d Third parameter passed by address: offset of 2 block; dwice 1934e Fourth parameter passed by address: offset of 3 block; dwice 1934f 6 block = EBP; dwice 19353 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 19358 ECX = address of 2 block; dwice 1935c EDX = address of 1 block; dwice 19360 First parameter passed by address: offset of 2 block; dwice 19361 EAX = address of 3 block; dwice 19365 Second parameter passed by address: offset of 1 block; dwice 19366 Third parameter passed by address: offset of 3 block; dwice 19367 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 1936c ECX = address of 1 block; dwice 19370 EDX = address of 6 block; dwice 19374 First parameter passed by address: offset of 1 block; dwice 19375 EAX: address of 2 block; dwice 19379 Second parameter passed by address: offset of 6 block; dwice 1937a Third parameter passed by address: offset of 2 block; dwice 1937b This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19380 ECX = address of 3 block; dwice 19384 EDX = address of 6 block; dwice 19388 First parameter passed by address: offset of 3 block; dwice 19389 EAX = address of 1 block; dwice 1938d Second parameter passed by address: offset of 6 block; dwice 1938e Third parameter passed by address: offset of 1 block; dwice 1938f This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19394 ECX = address of 1 block; dwice 19398 EDX = address of 2 block; dwice 1939c First parameter passed by address: offset of 1 block; dwice 1939d EAX = address of 3 block; dwice 193a1 Second parameter passed by address: offset of 2 block; dwice 193a2 Third parameter passed by address: offset of 3 block; dwice 193a3 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 193a8 EAX = 2 block; dwice 193ac realign the stack; dwice 193af EAX = EAX xor A248C13Bh; dwice 193b1 2 block = EAX; dwice 193b5 ECX = 7F2AE134h; dwice 193bb EDX = 4 block; dwice 193bf EDX = EDX xor 7F2AE134h; dwice 193c1 EAX = address of 2 block; dwice 193c5 4 block = EDX; dwice 193c9 EDX = address of 4 block; dwice 193cd First parameter passed by address: offset of 4 block; dwice 193ce Second parameter passed by address: offset of 2 block; dwice 193cf This sub scrambles the postions of two blocks; dwice 193d4 ECX = 2 block; dwice 193d8 EDX address of 3 block; dwice 193dc ECX = ECX xor 13246178h; dwice 193e2 EAX = address of 6 block; dwice 193e6 2 block = ECX; dwice 193ea ECX = address of 4 block; dwice 193ee First parameter passed by address: offset of 4 block; dwice 193ef Second parameter passed by address: offset of 3 block; dwice 193f0 Third parameter passed by address: offset of 6 block; dwice 193f1 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 193f6 ECX = address of 1 block; dwice 193fa EDX = address of 6 block; dwice 193fe First parameter passed by address: offset of 1 block; dwice 193ff Second parameter passed by address: offset of 6 block; dwice 19400 This sub scrambles the postions of two blocks; dwice 19405 EAX = address of 6 block; dwice 19409 ECX = address of 1 block; dwice 1940d First parameter passed by address: offset of 6 block; dwice 1940e EDX = address of 4 block; dwice 19412 Second parameter passed by address: offset of 1 block; dwice 19413 EAX = address of 3 block; dwice 19417 Third parameter passed by address: offset of 4 block; dwice 19418 Fourth parameter passed by address: offset of 3 block; dwice 19419 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 1941e ECX = A248C13Bh; dwice 19424 EDX = 6 block; dwice 19428 EDX = EDX xor A248C13Bh; dwice 1942a EAX = address of 3 block; dwice 1942e 6 block = EDX; dwice 19432 EDX = address of 1 block; dwice 19436 First parameter passed by address: offset of 1 block; dwice 19437 ECX = address of 4 block; dwice 1943b Second parameter passed by address: offset of 3 block; dwice 1943c Third parameter passed by address: offset of 4 block; dwice 1943d This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19442 EDX = address of 6 block; dwice 19446 EAX = address of 3 block; dwice 1944a First parameter passed by address: offset of 6 block; dwice 1944b Second parameter passed by address: offset of 3 block; dwice 1944c This sub scrambles the postions of two blocks; dwice 19451 realign the stack; dwice 19454 ECX = address of 3 block; dwice 19458 EDX = address of 2 block; dwice 1945c EAX = address of 4 block; dwice 19460 First parameter passed by address: offset of 3 block; dwice 19461 Second parameter passed by address: offset of 2 block; dwice 19462 ECX = address of 6 block; dwice 19466 Third parameter passed by address: offset of 4 block; dwice 19467 Fourth parameter passed by address: offset of 6 block; dwice 19468 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 1946d EDX = address of 3 block; dwice 19471 EAX = address of 1 block; dwice 19475 First parameter passed by address: offset of 3 block; dwice 19476 Second parameter passed by address: offset of 1 block; dwice 19477 This sub scrambles the postions of two blocks; dwice 1947c ECX = address of 2 block; dwice 19480 EDX = address of 1 block; dwice 19484 First parameter passed by address: offset of 2 block; dwice 19485 EAX = address of 6 block; dwice 19489 Second parameter passed by address: offset of 1 block; dwice 1948a Third parameter passed by address: offset of 6 block; dwice 1948b This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19490 ECX = address of 1 block; dwice 19494 EDX = address of 3 block; dwice 19498 First parameter passed by address: offset of 1 block; dwice 19499 Second parameter passed by address: offset of 3 block; dwice 1949a This sub scrambles the postions of two blocks; dwice 1949f EAX = address of 1 block; dwice 194a3 ECX = address of 6 block; dwice 194a7 First parameter passed by address: offset of 1 block; dwice 194a8 Second parameter passed by address: offset of 6 block; dwice 194a9 This sub scrambles the postions of two blocks; dwice 194ae EBP = 6 block; dwice 194b2 EDX = address of 6 block; dwice 194b6 EAX = address of 1 block; dwice 194ba EBP = EBP xor A248C13Bh; dwice 194bc First parameter passed by address: offset of 6 block; dwice 194bd Second parameter passed by address: offset of 1 block; dwice 194be 6 block = EBP; dwice 194c2 This sub scrambles the postions of two blocks; dwice 194c7 ECX = address of 2 block; dwice 194cb EDX = address of 6 block; dwice 194cf First parameter passed by address: offset of 2 block; dwice 194d0 Second parameter passed by address: offset of 6 block; dwice 194d1 This sub scrambles the postions of two blocks; dwice 194d6 EAX = A248C13Bh; dwice 194db ECX = 2 block; dwice 194df ECX = ECX xor A248C13Bh; dwice 194e1 realign the stack; dwice 194e4 2 block = ECX; dwice 194e8 ECX = address of 3 block; dwice 194ec EDX = address of 1 block; dwice 194f0 First parameter passed by address: offset of 3 block; dwice 194f1 EAX = address of 2 block; dwice 194f5 Second parameter passed by address: offset of 1 block; dwice 194f6 ECX = address of 6 block; dwice 194fa Third parameter passed by address: offset of 2 block; dwice 194fb Fourth parameter passed by address: offset of 6 block; dwice 194fc This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 19501 EDX = address of 6 block; dwice 19505 EAX = address of 1 block; dwice 19509 First parameter passed by address: offset of 6 block; dwice 1950a ECX = address of 2 block; dwice 1950e Second parameter passed by address: offset of 1 block; dwice 1950f Third parameter passed by address: offset of 2 block; dwice 19510 This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19515 EDX = address of 1 block; dwice 19519 EAX = address of 6 block; dwice 1951d First parameter passed by address: offset of 1 block; dwice 1951e Second parameter passed by address: offset of 6 block; dwice 1951f This sub scrambles the postions of two blocks; dwice 19524 EAX = address of 6 block; dwice 19528 EDX = address of 2 block; dwice 1952c First parameter passed by address: offset of 6 block; dwice 1952d Second parameter passed by address: offset of 2 block; dwice 1952e This sub scrambles the postions of two blocks; dwice 19533 EDX = 4 block; dwice 19537 EAX = address of 2 block; dwice 1953b EDX = EDX xor 7F2AE134h; dwice 1953d ECX = address of 4 block; dwice 19541 4 block = EDX; dwice 19545 First parameter passed by address: offset of 2 block; dwice 19546 EDX = address of 6 block; dwice 1954a Second parameter passed by address: offset of 4 block; dwice 1954b Third parameter passed by address: offset of 6 block; dwice 1954c This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [first parameter]; dwice 19551 EDX = 2 block; dwice 19555 EAX = address of 1 block; dwice 19559 ECX = address of 2 block; dwice 1955d EDX = EDX xor 1893CBE0h; dwice 1955f First parameter passed by address: offset of 1 block; dwice 19560 Second parameter passed by address: offset of 2 block; dwice 19561 2 block = EDX; dwice 19565 This sub scrambles the postions of two blocks; dwice 1956a Realign the stack; dwice 1956d EDX = address of 4 block; dwice 19571 EAX = address of 1 block; dwice 19575 First parameter passed by address: offset of 4 block; dwice 19576 Second parameter passed by address: offset of 1 block; dwice 19577 This sub scrambles the postions of two blocks; dwice 1957c ECX = 1893CBE0h; dwice 19582 EDX = 1 block; dwice 19586 EDX = EDX xor 1893CBE0h; dwice 19588 EAX = address of 1 block; dwice 1958c 1 block = EDX; dwice 19590 EDX = address of 2 block; dwice 19594 First parameter passed by address: offset of 2 block; dwice 19595 Second parameter passed by address: offset of 1 block; dwice 19596 This sub scrambles the postions of two blocks; dwice 1959b ECX = A29DC94Dh; dwice 195a1 EDI = 6 block; dwice 195a5 EDI = EDI xor A29DC94Dh; dwice 195a7 6 block = EDI; dwice 195ab EDX = address of 4 block; dwice 195af EAX = address of 6 block; dwice 195b3 First parameter passed by address: offset of 4 block; dwice 195b4 Second parameter passed by address: offset of 6 block; dwice 195b5 This sub scrambles the postions of two blocks; dwice 195ba ECX = address of 3 block; dwice 195be EDX = address of 1 block; dwice 195c2 First parameter passed by address: offset of 3 block; dwice 195c3 EAX = address of 4 block; dwice 195c7 Second parameter passed by address: offset of 1 block; dwice 195c8 ECX = address of 2 block; dwice 195cc Third parameter passed by address: offset of 4 block; dwice 195cd Fourth parameter passed by address: offset of 2 block; dwice 195ce This Sub permutes the blocks: [first parameter] -> [second parameter] -> [third parameter] -> [fourth parameter] -> [first parameter]; dwice 195d3 --> EAX = 2 block; Uff !!! ;) dwice 195fc init EDX; dwice 195fe ECX == divisor; dwice 19603 EDX is the rest <= 10h; it 's used as a random index; dwice 19619 EDX == offset of stack's top; dwice 1961a This proc copies a Heap object in to the stack; dwice 19628 EAX == offset of stack's top; dwice 19629 This proc copies a Heap object in to the stack; dwice 19637 ECX == offset of stack's top; dwice 19638 This proc copies a Heap object in to the stack; dwice 19646 EDX == offset of stack's top; dwice 19647 This proc copies a Heap object in to the stack; dwice 19655 EAX == offset of stack's top; dwice 19656 This proc copies a Heap object in to the stack; dwice 19664 ECX == offset of stack's top; dwice 19665 This proc copies a Heap object in to the stack; dwice 19670 EDX == offset of stack's top; dwice 19671 This proc copies a Heap object in to the stack; dwice 1967c EAX == offset of stack's top; dwice 1967d This proc copies a Heap object in to the stack; dwice 19688 EDX == offset of stack's top; dwice 19689 This proc copies a Heap object in to the stack; dwice 19694 EAX == offset of stack's top; dwice 19695 This proc copies a Heap object in to the stack; dwice 196a0 ECX == offset of stack's top; dwice 196a1 This proc copies a Heap object in to the stack; dwice 196ac EDX == offset of stack's top; dwice 196ad This proc copies a Heap object in to the stack; dwice 196b8 EAX == offset of stack's top; dwice 196b9 This proc copies a Heap object in to the stack; dwice 196c4 ECX == offset of stack's top; dwice 196c5 This proc copies a Heap object in to the stack; dwice 196d0 EDX == offset of stack's top; dwice 196d1 This proc copies a Heap object in to the stack; dwice 196dc EAX == offset of stack's top; dwice 196dd This proc copies a Heap object in to the stack; dwice 196e2 here it begins the check of the serial; dwice 196e5 ECX = -1; dwice 196e8 EAX is the MAGIC VALUE!! If EAX == 0 we have an error; dwice 196ea save EDI on the Stack; dwice 196eb EDI = offset of the Serial; dwice 196f7 restore the original value of EDI; dwice 196f8 ECX = lengh of the Serial Buffer; it must to be long 1Eh; dwice 19704 ECX = pointer of 'Cleaned Name'; dwice 1970b parameter passed by offset: ECX == address of 'Cleaned Name'; dwice 1970c This Sub computes an 'hash' and stores it in EAX; dwice 19711 ECX = 0h; dwice 19720 save EAX in [9EEED8h]; dwice 19730 DL = 1-th char of the serial; dwice 19740 ERROR!! EAX = 0; dwice 19749 EAX = 1; ok ;) dwice 1974e it saves EAX in [9EEEF4h]; dwice 197a0 saves ESI on the stack; dwice 197a1 ESI points to a Heap Object; dwice 197a9 saves EDI on the stack; dwice 197aa it jumps if really Heap Object exists; dwice 197ac ESI points to the original Heap Block; dwice 197b4 it jumps surely; dwice 197bb parameter passed by value; dwice 197c0 this proc generates a pseudo random number < to the parameter passed by value; dwice 197d9 ESI points to another Heap Object; dwice 197e1 it jumps if really Heap Object exists; dwice 197e3 ESI points to the original Heap Block; dwice 197eb it jumps surely; dwice 197f2 EDI == parameter passed ( top of the stack... ); dwice 197f6 ECX = number of bytes to copy; dwice 197fb copy operation; dwice 197fd restore EDI; dwice 19803 restore ESI; dwice 19810 saves ESI on the stack; dwice 19811 ESI == offset base of Src Memory Block! dwice 19817 saves EDI on the stack; dwice 19818 init EDI; dwice 1981c it jumps if exists a Memory Block; else ... dwice 1981e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1982d EAX points to the offset 9EEEECh; dwice 19834 it jumps if [9EEEECh] == 0; dwice 19836 EAX points to Heap block; dwice 19837 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1983c parameter passed by value; dwice 19841 init the location that will store a new pointer to M. Heap Block; dwice 1984b this proc allocates a M. Block in the Heap pointed by EAX; dwice 19850 realign the stack; dwice 19853 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 19855 parameter passed by value; dwice 1985a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 1985f realign the stack; dwice 19862 [9EEEECh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 19870 it jumps if EDI == 0; dwice 19872 EDI points to Heap block; dwice 19873 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 19878 realign the stack; dwice 1987b parameter passed by value; dwice 19880 this proc generates a pseudo random number < to the parameter passed by value; dwice 198a5 EDX == [9EEEECh]; dwice 198ab First parameter passed by value; dwice 198b0 Second parameter passed by addr: offset of Src M. Block; dwice 198b1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 198b2 This proc copies bytes of Src M. Block in the New M.Block; dwice 198c2 \ dwice 198c3 | dwice 198c8 | dwice 198ce | dwice 198d0 | ; This piece of code copies bytes of dwice 198d5 | ; Src Memory Block in the dest. Memory dwice 198da | ; Block allocated in the heap; dwice 198dc | dwice 198dd | dwice 198de | dwice 198e1 | dwice 198e4 / dwice 19960 saves ESI on the stack; dwice 19961 ESI == offset base of Src Memory Block! dwice 19967 saves EDI on the stack; dwice 19968 init EDI; dwice 1996c it jumps if exists a Memory Block; else ... dwice 1996e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 1997d EAX points to the offset 9EEEE0h; dwice 19984 it jumps if [9EEEE0h] == 0; dwice 19986 EAX points to Heap block; dwice 19987 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 1998c parameter passed by value; dwice 19991 init the location that will store a new pointer to M. Heap Block; dwice 1999b this proc allocates a M. Block in the Heap pointed by EAX; dwice 199a0 realign the stack; dwice 199a3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 199a5 parameter passed by value; dwice 199aa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 199af realign the stack; dwice 199b2 [9EEEE0h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 199c0 it jumps if EDI == 0; dwice 199c2 EDI points to Heap block; dwice 199c3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 199c8 realign the stack; dwice 199cb parameter passed by value; dwice 199d0 this proc generates a pseudo random number < to the parameter passed by value; dwice 199f5 EDX == [9EEEE0h]; dwice 199fb First parameter passed by value; dwice 19a00 Second parameter passed by addr: offset of Src M. Block; dwice 19a01 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 19a02 This proc copies bytes of Src M. Block in the New M.Block; dwice 19a12 \ dwice 19a13 | dwice 19a18 | dwice 19a1e | dwice 19a20 | ; This piece of code copies bytes of dwice 19a25 | ; Src Memory Block in the dest. Memory dwice 19a2a | ; Block allocated in the heap; dwice 19a2c | dwice 19a2d | dwice 19a2e | dwice 19a31 | dwice 19a34 / dwice 19ab0 saves ESI on the stack; dwice 19ab1 ESI == offset base of Src Memory Block! dwice 19ab7 saves EDI on the stack; dwice 19ab8 init EDI; dwice 19abc it jumps if exists a Memory Block; else ... dwice 19abe ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 19acd EAX points to the offset 9EEEDCh; dwice 19ad4 it jumps if [9EEEDCh] == 0; dwice 19ad6 EAX points to Heap block; dwice 19ad7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 19adc parameter passed by value; dwice 19ae1 init the location that will store a new pointer to M. Heap Block; dwice 19aeb this proc allocates a M. Block in the Heap pointed by EAX; dwice 19af0 realign the stack; dwice 19af3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 19af5 parameter passed by value; dwice 19afa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 19aff realign the stack; dwice 19b02 [9EEEDCh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 19b10 it jumps if EDI == 0; dwice 19b12 EDI points to Heap block; dwice 19b13 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 19b18 realign the stack; dwice 19b1b parameter passed by value; dwice 19b20 this proc generates a pseudo random number < to the parameter passed by value; dwice 19b45 EDX == [9EEEDCh]; dwice 19b4b First parameter passed by value; dwice 19b50 Second parameter passed by addr: offset of Src M. Block; dwice 19b51 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 19b52 This proc copies bytes of Src M. Block in the New M.Block; dwice 19b62 \ dwice 19b63 | dwice 19b68 | dwice 19b6e | dwice 19b70 | ; This piece of code copies bytes of dwice 19b75 | ; Src Memory Block in the dest. Memory dwice 19b7a | ; Block allocated in the heap; dwice 19b7c | dwice 19b7d | dwice 19b7e | dwice 19b81 | dwice 19b84 / dwice 19de6 This Sub analyses the 'Name': Remove from this empty spaces!!!; dwice 19deb This Sub analyses the 'Name': Remove from this DIGIT chars and empty spaces!!!; dwice 19df0 This Sub analyses the 'Serial'; take of this only digit and letter ( uppercase!!) chars!!!; dwice 1a0c0 EAX == 01h; dwice 1a0cf ECX = [9EEEC0]; This value is an hash of the 'Cleaned Name'; dwice 1a0d5 [4F1220h] == pointer of the Serial; dwice 1a0e1 save EBX on the stack; dwice 1a0e2 EAX = 0, by default this check sets a MAGIC FLAG to zero ( -> Bad Boy); dwice 1a0e4 [4F0FE0h] == pointer of the String1; dwice 1a0ed restore original value in the EBX; dwice 1a100 EAX = [9EEEC0]; This value is an hash of the 'Cleaned Name'; dwice 1a105 ECX = 0Ah; dwice 1a11c [4F1220h] == pointer of the Serial; dwice 1a125 save EBX on the stack; dwice 1a126 EDX = 0, by default this check sets a MAGIC FLAG to zero ( -> Bad Boy); dwice 1a128 [4F0FE0h] == pointer of the String1; dwice 1a131 restore original value of the EBX; dwice 1a135 EAX = EDX = MAGIC FLAG!!; dwice 1a140 EAX = 0Ch; dwice 1a14f ECX = [9EEEC0]; This value is an hash of the 'Cleaned Name'; dwice 1a155 [4F1220h] == pointer of the Serial; dwice 1a161 save EBX on the stack; dwice 1a162 EAX = 0, by default this check sets a MAGIC FLAG to zero ( -> Bad Boy); dwice 1a164 [4F0FE0h] == pointer of the String1; dwice 1a16d restore original value of the EBX; dwice 1a180 EAX = 04h; dwice 1a185 by default, This flag control is 0; Bad boy; dwice 1a199 [9EEED8h] = hash value calculated by 'Cleaned Name'; dwice 1a19f [4F1220h] = offset of Serial buffer; dwice 1a1b4 ERROR!!! dwice 1a1b7 EAX = 1! ;) dwice 1a1bc Flag control is 1; Good boy!; dwice 1a1d0 EAX = 06h; dwice 1a1d5 by default, this flag control is 0; bad boy; dwice 1a1e9 [9EEED8h] = hash value calculated by 'Cleaned Name'; dwice 1a1ef [4F1220h] = offset of Serial buffer; dwice 1a204 ERROR!!! dwice 1a207 EAX = 1! ;) dwice 1a20c Flag control is 1; Good boy!; dwice 1a220 EAX = 02h; dwice 1a225 by default, this flag control is 0; bad boy; dwice 1a239 [9EEED8h] = hash value calculated by 'Cleaned Name'; dwice 1a23f [4F1220h] = offset of Serial buffer; dwice 1a254 ERROR!!! dwice 1a257 EAX = 1! ;) dwice 1a25c Flag control is 1; Good boy!; dwice 1a272 it saves EBX ESI EDI on the stack; dwice 1a273 EBX is the counter; dwice 1a278 parameter passed by value; dwice 1a27d this proc allocates a M. Block in the Heap pointed by EAX; dwice 1a282 parameter passed by value; dwice 1a284 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 1a286 this proc generates a pseudo random number < to the parameter passed by value; dwice 1a2a3 this proc allocates a M. Block in the Heap pointed by EAX; dwice 1a2a8 realign the stack; dwice 1a2ab ESI == pointer of new Mem. Block in the Heap; it's long 1110h bytes; dwice 1a302 this proc allocates a M. Block in the Heap pointed by EAX; dwice 1a307 realign the stack; dwice 1a30a ESI == pointer of new Mem. Block in the Heap; it's long 4440h bytes; dwice 1a33e this proc allocates a M. Block in the Heap pointed by EAX; dwice 1a343 realign the stack; dwice 1a346 ESI == pointer of new Mem. Block in the Heap; it's long 2220h bytes; dwice 1a384 this proc allocates a M. Block in the Heap pointed by EAX; dwice 1a389 realign the stack; dwice 1a38c ESI == pointer of new Mem. Block in the Heap; it's long 888h bytes; dwice 1a3d4 this proc allocates a M. Block in the Heap pointed by EAX; dwice 1a3d9 realign the stack; dwice 1a3dc ESI == pointer of new Mem. Block in the Heap; it's long 1110h bytes; dwice 1a3ea it jumps if ESI == 0; dwice 1a3ec ESI points to Heap block; dwice 1a3ed this proc de-allocates a M. Block in the Heap pointed by ESI; dwice 1a3f2 realign the stack; dwice 1a403 it jumps if EDI == 0; dwice 1a405 EDI points to Heap block; dwice 1a406 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 1a40b realign the stack; dwice 1a40e EBX = EBX-1; decrement the counter; dwice 1a417 restores EDI ESI EBX; dwice 1a460 EAX = 07h; dwice 1a465 by default, this flag control is 0; bad boy; dwice 1a479 [9EEED8h] = hash value calculated by 'Cleaned Name'; dwice 1a47f [4F1220h] = offset of Serial buffer; dwice 1a494 ERROR!!! dwice 1a497 EAX = 1! ;) dwice 1a49c Flag control is 1; Good boy!; dwice 1a4b0 EAX = 0Dh; dwice 1a4b5 by default, this flag control is 0; bad boy; dwice 1a4c9 [9EEED8h] = hash value calculated by 'Cleaned Name'; dwice 1a4cf [4F1220h] = offset of Serial buffer; dwice 1a4e4 ERROR!!! dwice 1a4e7 EAX = 1! ;) dwice 1a4ec Flag control is 1; Good boy!; dwice 1a500 EAX = 05h; dwice 1a50f [9EEED8h] = hash value calculated by 'Cleaned Name'; dwice 1a515 [4F1220h] = offset of Serial buffer; dwice 1a52a EAX = 1! ;) dwice 1a52f Flag control is 1; Good boy!; dwice 215f0 saves ESI on the stack; dwice 215f1 ESI == offset base of Src Memory Block! dwice 215f7 saves EDI on the stack; dwice 215f8 init EDI; dwice 215fc it jumps if exists a Memory Block; else ... dwice 215fe ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2160d EAX points to the offset A943E4h; dwice 21614 it jumps if [A943E4h] == 0; dwice 21616 EAX points to Heap block; dwice 21617 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2161c parameter passed by value; dwice 21621 init the location that will store a new pointer to M. Heap Block; dwice 2162b this proc allocates a M. Block in the Heap pointed by EAX; dwice 21630 realign the stack; dwice 21633 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21635 parameter passed by value; dwice 2163a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2163f realign the stack; dwice 21642 [A943E4h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21650 it jumps if EDI == 0; dwice 21652 EDI points to Heap block; dwice 21653 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 21658 realign the stack; dwice 2165b parameter passed by value; dwice 21660 this proc generates a pseudo random number < to the parameter passed by value; dwice 21685 EDX == [A943E4h]; dwice 2168b First parameter passed by value; dwice 21690 Second parameter passed by addr: offset of Src M. Block; dwice 21691 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 21692 This proc copies bytes of Src M. Block in the New M.Block; dwice 216a2 \ dwice 216a3 | dwice 216a8 | dwice 216ae | dwice 216b0 | ; This piece of code copies bytes of dwice 216b5 | ; Src Memory Block in the dest. Memory dwice 216ba | ; Block allocated in the heap; dwice 216bc | dwice 216bd | dwice 216be | dwice 216c1 | dwice 216c4 / dwice 21740 saves ESI on the stack; dwice 21741 ESI == offset base of Src Memory Block! dwice 21747 saves EDI on the stack; dwice 21748 init EDI; dwice 2174c it jumps if exists a Memory Block; else ... dwice 2174e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2175d EAX points to the offset A943D0h; dwice 21764 it jumps if [A943D0h] == 0; dwice 21766 EAX points to Heap block; dwice 21767 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2176c parameter passed by value; dwice 21771 init the location that will store a new pointer to M. Heap Block; dwice 2177b this proc allocates a M. Block in the Heap pointed by EAX; dwice 21780 realign the stack; dwice 21783 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21785 parameter passed by value; dwice 2178a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2178f realign the stack; dwice 21792 [A943D0h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 217a0 it jumps if EDI == 0; dwice 217a2 EDI points to Heap block; dwice 217a3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 217a8 realign the stack; dwice 217ab parameter passed by value; dwice 217b0 this proc generates a pseudo random number < to the parameter passed by value; dwice 217d5 EDX == [A943D0h]; dwice 217db First parameter passed by value; dwice 217e0 Second parameter passed by addr: offset of Src M. Block; dwice 217e1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 217e2 This proc copies bytes of Src M. Block in the New M.Block; dwice 217f2 \ dwice 217f3 | dwice 217f8 | dwice 217fe | dwice 21800 | ; This piece of code copies bytes of dwice 21805 | ; Src Memory Block in the dest. Memory dwice 2180a | ; Block allocated in the heap; dwice 2180c | dwice 2180d | dwice 2180e | dwice 21811 | dwice 21814 / dwice 21890 saves ESI on the stack; dwice 21891 ESI == offset base of Src Memory Block! dwice 21897 saves EDI on the stack; dwice 21898 init EDI; dwice 2189c it jumps if exists a Memory Block; else ... dwice 2189e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 218ad EAX points to the offset A943F0h; dwice 218b4 it jumps if [A943F0h] == 0; dwice 218b6 EAX points to Heap block; dwice 218b7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 218bc parameter passed by value; dwice 218c1 init the location that will store a new pointer to M. Heap Block; dwice 218cb this proc allocates a M. Block in the Heap pointed by EAX; dwice 218d0 realign the stack; dwice 218d3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 218d5 parameter passed by value; dwice 218da this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 218df realign the stack; dwice 218e2 [A943F0h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 218f0 it jumps if EDI == 0; dwice 218f2 EDI points to Heap block; dwice 218f3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 218f8 realign the stack; dwice 218fb parameter passed by value; dwice 21900 this proc generates a pseudo random number < to the parameter passed by value; dwice 21925 EDX == [A943F0h]; dwice 2192b First parameter passed by value; dwice 21930 Second parameter passed by addr: offset of Src M. Block; dwice 21931 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 21932 This proc copies bytes of Src M. Block in the New M.Block; dwice 21942 \ dwice 21943 | dwice 21948 | dwice 2194e | dwice 21950 | ; This piece of code copies bytes of dwice 21955 | ; Src Memory Block in the dest. Memory dwice 2195a | ; Block allocated in the heap; dwice 2195c | dwice 2195d | dwice 2195e | dwice 21961 | dwice 21964 / dwice 219e0 saves ESI on the stack; dwice 219e1 ESI == offset base of Src Memory Block! dwice 219e7 saves EDI on the stack; dwice 219e8 init EDI; dwice 219ec it jumps if exists a Memory Block; else ... dwice 219ee ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 219fd EAX points to the offset A943E0h; dwice 21a04 it jumps if [A943E0h] == 0; dwice 21a06 EAX points to Heap block; dwice 21a07 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 21a0c parameter passed by value; dwice 21a11 init the location that will store a new pointer to M. Heap Block; dwice 21a1b this proc allocates a M. Block in the Heap pointed by EAX; dwice 21a20 realign the stack; dwice 21a23 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21a25 parameter passed by value; dwice 21a2a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 21a2f realign the stack; dwice 21a32 [A943E0h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21a40 it jumps if EDI == 0; dwice 21a42 EDI points to Heap block; dwice 21a43 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 21a48 realign the stack; dwice 21a4b parameter passed by value; dwice 21a50 this proc generates a pseudo random number < to the parameter passed by value; dwice 21a75 EDX == [A943E0h]; dwice 21a7b First parameter passed by value; dwice 21a80 Second parameter passed by addr: offset of Src M. Block; dwice 21a81 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 21a82 This proc copies bytes of Src M. Block in the New M.Block; dwice 21a92 \ dwice 21a93 | dwice 21a98 | dwice 21a9e | dwice 21aa0 | ; This piece of code copies bytes of dwice 21aa5 | ; Src Memory Block in the dest. Memory dwice 21aaa | ; Block allocated in the heap; dwice 21aac | dwice 21aad | dwice 21aae | dwice 21ab1 | dwice 21ab4 / dwice 21ac0 saves ESI on the stack; dwice 21ac1 ESI points to a Heap Object; dwice 21ac9 saves EDI on the stack; dwice 21aca it jumps if really Heap Object exists; dwice 21acc ESI points to the original Heap Block; dwice 21ad4 it jumps surely; dwice 21adb parameter passed by value; dwice 21ae0 this proc generates a pseudo random number < to the parameter passed by value; dwice 21afa ESI points to another Heap Object; dwice 21b02 it jumps if really Heap Object exists; dwice 21b04 ESI points to the original Heap Block; dwice 21b0c it jumps surely; dwice 21b13 EDI == parameter passed ( top of the stack... ); dwice 21b17 ECX = number of bytes to copy; dwice 21b1c copy operation; dwice 21b1e restore EDI; dwice 21b24 restore ESI; dwice 21b30 saves ESI on the stack; dwice 21b31 ESI == offset base of Src Memory Block! dwice 21b37 saves EDI on the stack; dwice 21b38 init EDI; dwice 21b3c it jumps if exists a Memory Block; else ... dwice 21b3e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 21b4d EAX points to the offset A943D8h; dwice 21b54 it jumps if [A943D8h] == 0; dwice 21b56 EAX points to Heap block; dwice 21b57 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 21b5c parameter passed by value; dwice 21b61 init the location that will store a new pointer to M. Heap Block; dwice 21b6b this proc allocates a M. Block in the Heap pointed by EAX; dwice 21b70 realign the stack; dwice 21b73 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21b75 parameter passed by value; dwice 21b7a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 21b7f realign the stack; dwice 21b82 [A943D8h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21b90 it jumps if EDI == 0; dwice 21b92 EDI points to Heap block; dwice 21b93 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 21b98 realign the stack; dwice 21b9b parameter passed by value; dwice 21ba0 this proc generates a pseudo random number < to the parameter passed by value; dwice 21bc5 EDX == [A943D8h]; dwice 21bcb First parameter passed by value; dwice 21bd0 Second parameter passed by addr: offset of Src M. Block; dwice 21bd1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 21bd2 This proc copies bytes of Src M. Block in the New M.Block; dwice 21be2 \ dwice 21be3 | dwice 21be8 | dwice 21bee | dwice 21bf0 | ; This piece of code copies bytes of dwice 21bf5 | ; Src Memory Block in the dest. Memory dwice 21bfa | ; Block allocated in the heap; dwice 21bfc | dwice 21bfd | dwice 21bfe | dwice 21c01 | dwice 21c04 / dwice 21c80 saves ESI on the stack; dwice 21c81 ESI == offset base of Src Memory Block! dwice 21c87 saves EDI on the stack; dwice 21c88 init EDI; dwice 21c8c it jumps if exists a Memory Block; else ... dwice 21c8e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 21c9d EAX points to the offset A943F8h; dwice 21ca4 it jumps if [A943F8h] == 0; dwice 21ca6 EAX points to Heap block; dwice 21ca7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 21cac parameter passed by value; dwice 21cb1 init the location that will store a new pointer to M. Heap Block; dwice 21cbb this proc allocates a M. Block in the Heap pointed by EAX; dwice 21cc0 realign the stack; dwice 21cc3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21cc5 Parameter passed by value; dwice 21cca this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 21ccf realign the stack; dwice 21cd2 [A943F8h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21ce0 it jumps if EDI == 0; dwice 21ce2 EDI points to Heap block; dwice 21ce3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 21ce8 realign the stack; dwice 21ceb parameter passed by value; dwice 21cf0 this proc generates a pseudo random number < to the parameter passed by value; dwice 21d15 EDX = [A943F8h]; dwice 21d1b first parameter passed by value; dwice 21d20 Second parameter passed by addr: offset of Src M. Block; dwice 21d21 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 21d22 This proc copies bytes of Src M. Block in the New M.Block; dwice 21d32 \ dwice 21d33 | dwice 21d38 | dwice 21d3e | dwice 21d40 | ; This piece of code copies bytes of dwice 21d45 | ; Src Memory Block in the dest. Memory dwice 21d4a | ; Block allocated in the heap; dwice 21d4c | dwice 21d4d | dwice 21d4e | dwice 21d51 | dwice 21d54 / dwice 21dd0 saves ESI on the stack; dwice 21dd1 ESI == offset base of Src Memory Block! dwice 21dd7 saves EDI on the stack; dwice 21dd8 init EDI; dwice 21ddc it jumps if exists a Memory Block; else ... dwice 21dde ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 21ded EAX points to the offset A943ECh; dwice 21df4 it jumps if [A943ECh] == 0; dwice 21df6 EAX points to Heap block; dwice 21df7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 21dfc parameter passed by value; dwice 21e01 init the location that will store a new pointer to M. Heap Block; dwice 21e0b this prrc generates a pseudo random number < to the parameter passed by value; dwice 21e10 realign the stack; dwice 21e13 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21e15 parameter passed by value; dwice 21e1a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 21e1f realign the stack; dwice 21e22 [A943ECh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21e30 it jumps if EDI == 0; dwice 21e32 EDI points to Heap block; dwice 21e33 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 21e38 realign the stack; dwice 21e3b parameter passed by value; dwice 21e40 this prrc generates a pseudo random number < to the parameter passed by value; dwice 21e65 EDX == [A943ECh]; dwice 21e6b First parameter passed by value; dwice 21e70 Second parameter passed by addr: offset of Src M. Block; dwice 21e71 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 21e72 This proc copies bytes of Src M. Block in the New M.Block; dwice 21e82 \ dwice 21e83 | dwice 21e88 | dwice 21e8e | dwice 21e90 | ; This piece of code copies bytes of dwice 21e95 | ; Src Memory Block in the dest. Memory dwice 21e9a | ; Block allocated in the heap; dwice 21e9c | dwice 21e9d | dwice 21e9e | dwice 21ea1 | dwice 21ea4 / dwice 21f20 saves ESI on the stack; dwice 21f21 ESI == offset base of Src Memory Block! dwice 21f27 saves EDI on the stack; dwice 21f28 init EDI; dwice 21f2c it jumps if exists a Memory Block; else ... dwice 21f2e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 21f3d EAX points to the offset A943F4h; dwice 21f44 it jumps if [A943F4h] == 0; dwice 21f46 EAX points to Heap block; dwice 21f47 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 21f4c parameter passed by value; dwice 21f51 init the location that will store a new pointer to M. Heap Block; dwice 21f5b this proc allocates a M. Block in the Heap pointed by EAX; dwice 21f60 realign the stack; dwice 21f63 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21f65 parameter passed by value; dwice 21f6a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 21f6f realign the stack; dwice 21f72 [A943F4h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 21f80 it jumps if EDI == 0; dwice 21f82 EDI points to Heap block; dwice 21f83 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 21f88 realign the stack; dwice 21f8b parameter passed by value; dwice 21f90 this proc generates a pseudo random number < to the parameter passed by value; dwice 21fb5 EDX == [A943F4h]; dwice 21fbb First parameter passed by value; dwice 21fc0 Second parameter passed by addr: offset of Src M. Block; dwice 21fc1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 21fc2 This proc copies bytes of Src M. Block in the New M.Block; dwice 21fd2 \ dwice 21fd3 | dwice 21fd8 | dwice 21fde | dwice 21fe0 | ; This piece of code copies bytes of dwice 21fe5 | ; Src Memory Block in the dest. Memory dwice 21fea | ; Block allocated in the heap; dwice 21fec | dwice 21fed | dwice 21fee | dwice 21ff1 | dwice 21ff4 / dwice 22070 saves ESI on the stack; dwice 22071 ESI == offset base of Src Memory Block! dwice 22077 saves EDI on the stack; dwice 22078 init EDI; dwice 2207c it jumps if exists a Memory Block; else ... dwice 2207e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2208d EAX points to the offset A943CCh; dwice 22094 it jumps if [A943CCh] == 0; dwice 22096 EAX points to Heap block; dwice 22097 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2209c parameter passed by value; dwice 220a1 init the location that will store a new pointer to M. Heap Block; dwice 220ab this proc allocates a M. Block in the Heap pointed by EAX; dwice 220b0 realign the stack; dwice 220b3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 220b5 parameter passed by value; dwice 220ba this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 220bf realign the stack; dwice 220c2 [A943CCh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 220d0 it jumps if EDI == 0; dwice 220d2 EDI points to Heap block; dwice 220d3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 220d8 realign the stack; dwice 220db parameter passed by value; dwice 220e0 this proc generates a pseudo random number < to the parameter passed by value; dwice 22105 EDX == [A943CCh]; dwice 2210b First parameter passed by value; dwice 22110 Second parameter passed by addr: offset of Src M. Block; dwice 22111 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22112 This proc copies bytes of Src M. Block in the New M.Block; dwice 22122 \ dwice 22123 | dwice 22128 | dwice 2212e | dwice 22130 | ; This piece of code copies bytes of dwice 22135 | ; Src Memory Block in the dest. Memory dwice 2213a | ; Block allocated in the heap; dwice 2213c | dwice 2213d | dwice 2213e | dwice 22141 | dwice 22144 / dwice 221c0 saves ESI on the stack; dwice 221c1 ESI == offset base of Src Memory Block! dwice 221c7 saves EDI on the stack; dwice 221c8 init EDI; dwice 221cc it jumps if exists a Memory Block; else ... dwice 221ce ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 221dd EAX points to the offset A943E8h; dwice 221e4 it jumps if [A943E8h] == 0; dwice 221e6 EAX points to Heap block; dwice 221e7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 221ec parameter passed by value; dwice 221f1 init the location that will store a new pointer to M. Heap Block; dwice 221fb this proc allocates a M. Block in the Heap pointed by EAX; dwice 22200 realign the stack; dwice 22203 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22205 parameter passed by value; dwice 2220a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2220f realign the stack; dwice 22212 [A943E8h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22220 it jumps if EDI == 0; dwice 22222 EDI points to Heap block; dwice 22223 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22228 realign the stack; dwice 2222b parameter passed by value; dwice 22230 this proc generates a pseudo random number < to the parameter passed by value; dwice 22255 EDX == [A943E8h]; dwice 2225b First parameter passed by value; dwice 22260 Second parameter passed by addr: offset of Src M. Block; dwice 22261 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22262 This proc copies bytes of Src M. Block in the New M.Block; dwice 22272 \ dwice 22273 | dwice 22278 | dwice 2227e | dwice 22280 | ; This piece of code copies bytes of dwice 22285 | ; Src Memory Block in the dest. Memory dwice 2228a | ; Block allocated in the heap; dwice 2228c | dwice 2228d | dwice 2228e | dwice 22291 | dwice 22294 / dwice 22310 saves ESI on the stack; dwice 22311 ESI == offset base of Src Memory Block! dwice 22317 saves EDI on the stack; dwice 22318 init EDI; dwice 2231c it jumps if exists a Memory Block; else ... dwice 2231e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2232d EAX points to the offset A943DCh; dwice 22334 it jumps if [A943DCh] == 0; dwice 22336 EAX points to Heap block; dwice 22337 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2233c parameter passed by value; dwice 22341 init the location that will store a new pointer to M. Heap Block; dwice 2234b this proc allocates a M. Block in the Heap pointed by EAX; dwice 22350 realign the stack; dwice 22353 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22355 parameter passed by value; dwice 2235a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2235f realign the stack; dwice 22362 [A944DCh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22370 it jumps if EDI == 0; dwice 22372 EDI points to Heap block; dwice 22373 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22378 realign the stack; dwice 2237b parameter passed by value; dwice 22380 this proc generates a pseudo random number < to the parameter passed by value; dwice 223a5 EDX == [A943DCh]; dwice 223ab First parameter passed by value; dwice 223b0 Second parameter passed by addr: offset of Src M. Block; dwice 223b1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 223b2 This proc copies bytes of Src M. Block in the New M.Block; dwice 223c2 \ dwice 223c3 | dwice 223c8 | dwice 223ce | dwice 223d0 | ; This piece of code copies bytes of dwice 223d5 | ; Src Memory Block in the dest. Memory dwice 223da | ; Block allocated in the heap; dwice 223dc | dwice 223dd | dwice 223de | dwice 223e1 | dwice 223e4 / dwice 22460 saves ESI on the stack; dwice 22461 ESI == offset base of Src Memory Block! dwice 22467 saves EDI on the stack; dwice 22468 init EDI; dwice 2246c it jumps if exists a Memory Block; else ... dwice 2246e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2247d EAX points to the offset A943D4h; dwice 22484 it jumps if [A943D4h] == 0; dwice 22486 EAX points to Heap block; dwice 22487 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2248c parameter passed by value; dwice 22491 init the location that will store a new pointer to M. Heap Block; dwice 2249b this proc allocates a M. Block in the Heap pointed by EAX; dwice 224a0 realign the stack; dwice 224a3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 224a5 parameter passed by value; dwice 224aa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 224af realign the stack; dwice 224b2 [A943D4h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 224c0 it jumps if EDI == 0; dwice 224c2 EDI points to Heap block; dwice 224c3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 224c8 realign the stack; dwice 224cb parameter passed by value; dwice 224d0 this proc generates a pseudo random number < to the parameter passed by value; dwice 224f5 EDX == [A943D4h]; dwice 224fb First parameter passed by value; dwice 22500 Second parameter passed by addr: offset of Src M. Block; dwice 22501 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22502 This proc copies bytes of Src M. Block in the New M.Block; dwice 22512 \ dwice 22513 | dwice 22518 | dwice 2251e | dwice 22520 | ; This piece of code copies bytes of dwice 22525 | ; Src Memory Block in the dest. Memory dwice 2252a | ; Block allocated in the heap; dwice 2252c | dwice 2252d | dwice 2252e | dwice 22531 | dwice 22534 / dwice 22542 it saves EBX ESI EDI on the stack; dwice 22543 EBX = counter; dwice 22548 parameter passed by value; dwice 2254d this proc allocates a M. Block in the Heap pointed by EAX; dwice 22552 parameter passed by value; dwice 22554 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22556 this proc generates a pseudo random number < to the parameter passed by value; dwice 2255b realign the stack; dwice 22573 this proc allocates a M. Block in the Heap pointed by EAX; dwice 22578 realign the stack; dwice 2257b ESI == pointer of new Mem. Block in the Heap; it's long 1110h bytes; dwice 225d2 this proc allocates a M. Block in the Heap pointed by EAX; dwice 225d7 realign the stack; dwice 225da ESI == pointer of new Mem. Block in the Heap; it's long 4440h bytes; dwice 2260e this proc allocates a M. Block in the Heap pointed by EAX; dwice 22613 realign the stack; dwice 22616 ESI == pointer of new Mem. Block in the Heap; it's long 2220h bytes; dwice 22654 this proc allocates a M. Block in the Heap pointed by EAX; dwice 22659 realign the stack; dwice 2265c ESI == pointer of new Mem. Block in the Heap; it's long 888h bytes; dwice 226a4 this proc allocates a M. Block in the Heap pointed by EAX; dwice 226a9 realign the stack; dwice 226ac ESI == pointer of new Mem. Block in the Heap; it's long 1110h bytes; dwice 226ba it jumps if ESI == 0; dwice 226bc ESI points to Heap block; dwice 226bd this proc de-allocates a M. Block in the Heap pointed by ESI; dwice 226c2 realign the stack; dwice 226d3 it jumps if EDI == 0; dwice 226d5 EDI points to Heap block; dwice 226d6 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 226db realign the stack; dwice 226de EBX = EBX-1; decrement the counter; dwice 226e7 restore EDI ESI EBX; dwice 227a0 saves ESI on the stack; dwice 227a1 ESI == offset base of Src Memory Block! dwice 227a7 saves EDI on the stack; dwice 227a8 init EDI; dwice 227ac it jumps if exists a Memory Block; else ... dwice 227ae ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 227bd EAX points to the offset A94408h; dwice 227c4 it jumps if [A94408h] == 0; dwice 227c6 EAX points to Heap block; dwice 227c7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 227cc parameter passed by value; dwice 227d1 init the location that will store a new pointer to M. Heap Block; dwice 227db this proc allocates a M. Block in the Heap pointed by EAX; dwice 227e0 realign the stack; dwice 227e3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 227e5 parameter passed by value; dwice 227ea this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 227ef realign the stack; dwice 227f2 [A94408h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22800 it jumps if EDI == 0; dwice 22802 EDI points to Heap block; dwice 22803 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22808 realign the stack; dwice 2280b parameter passed by value; dwice 22810 this proc generates a pseudo random number < to the parameter passed by value; dwice 22835 EDX == [A94408h]; dwice 2283b First parameter passed by value; dwice 22840 Second parameter passed by addr: offset of Src M. Block; dwice 22841 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22842 This proc copies bytes of Src M. Block in the New M.Block; dwice 22852 \ dwice 22853 | dwice 22858 | dwice 2285e | dwice 22860 | ; This piece of code copies bytes of dwice 22865 | ; Src Memory Block in the dest. Memory dwice 2286a | ; Block allocated in the heap; dwice 2286c | dwice 2286d | dwice 2286e | dwice 22871 | dwice 22874 / dwice 228f0 saves ESI on the stack; dwice 228f1 ESI == offset base of Src Memory Block! dwice 228f7 saves EDI on the stack; dwice 228f8 init EDI; dwice 228fc it jumps if exists a Memory Block; else ... dwice 228fe ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2290d EAX points to the offset A943FCh; dwice 22914 it jumps if [A943FCh] == 0; dwice 22916 EAX points to Heap block; dwice 22917 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2291c parameter passed by value; dwice 22921 init the location that will store a new pointer to M. Heap Block; dwice 2292b this proc allocates a M. Block in the Heap pointed by EAX; dwice 22930 realign the stack; dwice 22933 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22935 parameter passed by value; dwice 2293a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2293f realign the stack; dwice 22942 [A943FCh] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22950 it jumps if EDI == 0; dwice 22952 EDI points to Heap block; dwice 22953 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22958 realign the stack; dwice 2295b parameter passed by value; dwice 22960 this proc generates a pseudo random number < to the parameter passed by value; dwice 22985 EDX == [A943FCh]; dwice 2298b First parameter passed by value; dwice 22990 Second parameter passed by addr: offset of Src M. Block; dwice 22991 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22992 This proc copies bytes of Src M. Block in the New M.Block; dwice 229a2 \ dwice 229a3 | dwice 229a8 | dwice 229ae | dwice 229b0 | ; This piece of code copies bytes of dwice 229b5 | ; Src Memory Block in the dest. Memory dwice 229ba | ; Block allocated in the heap; dwice 229bc | dwice 229bd | dwice 229be | dwice 229c1 | dwice 229c4 / dwice 22a40 saves ESI on the stack; dwice 22a41 ESI == offset base of Src Memory Block! dwice 22a47 saves EDI on the stack; dwice 22a48 init EDI; dwice 22a4c it jumps if exists a Memory Block; else ... dwice 22a4e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 22a5d EAX points to the offset A94410h; dwice 22a64 it jumps if [A94410h] == 0; dwice 22a66 EAX points to Heap block; dwice 22a67 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 22a6c parameter passed by value; dwice 22a71 init the location that will store a new pointer to M. Heap Block; dwice 22a7b this proc allocates a M. Block in the Heap pointed by EAX; dwice 22a80 realign the stack; dwice 22a83 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22a85 parameter passed by value; dwice 22a8a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 22a8f realign the stack; dwice 22a92 [A94410h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22aa0 it jumps if EDI == 0; dwice 22aa2 EDI points to Heap block; dwice 22aa3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22aa8 realign the stack; dwice 22aab parameter passed by value; dwice 22ab0 this proc generates a pseudo random number < to the parameter passed by value; dwice 22ad5 EDX == [A94410h]; dwice 22adb First parameter passed by value; dwice 22ae0 Second parameter passed by addr: offset of Src M. Block; dwice 22ae1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22ae2 This proc copies bytes of Src M. Block in the New M.Block; dwice 22af2 \ dwice 22af3 | dwice 22af8 | dwice 22afe | dwice 22b00 | ; This piece of code copies bytes of dwice 22b05 | ; Src Memory Block in the dest. Memory dwice 22b0a | ; Block allocated in the heap; dwice 22b0c | dwice 22b0d | dwice 22b0e | dwice 22b11 | dwice 22b14 / dwice 22b90 saves ESI on the stack; dwice 22b91 ESI == offset base of Src Memory Block! dwice 22b97 saves EDI on the stack; dwice 22b98 init EDI; dwice 22b9c it jumps if exists a Memory Block; else ... dwice 22b9e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 22bad EAX points to the offset A9440Ch; dwice 22bb4 it jumps if [A9440Ch] == 0; dwice 22bb6 EAX points to Heap block; dwice 22bb7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 22bbc parameter passed by value; dwice 22bc1 init the location that will store a new pointer to M. Heap Block; dwice 22bcb this proc allocates a M. Block in the Heap pointed by EAX; dwice 22bd0 realign the stack; dwice 22bd3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22bd5 parameter passed by value; dwice 22bda this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 22bdf realign the stack; dwice 22be2 [A9440Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22bf0 it jumps if EDI == 0; dwice 22bf2 EDI points to Heap block; dwice 22bf3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22bf8 realign the stack; dwice 22bfb parameter passed by value; dwice 22c00 this proc generates a pseudo random number < to the parameter passed by value; dwice 22c25 EDX == [A9440Ch]; dwice 22c2b First parameter passed by value; dwice 22c30 Second parameter passed by addr: offset of Src M. Block; dwice 22c31 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22c32 This proc copies bytes of Src M. Block in the New M.Block; dwice 22c42 \ dwice 22c43 | dwice 22c48 | dwice 22c4e | dwice 22c50 | ; This piece of code copies bytes of dwice 22c55 | ; Src Memory Block in the dest. Memory dwice 22c5a | ; Block allocated in the heap; dwice 22c5c | dwice 22c5d | dwice 22c5e | dwice 22c61 | dwice 22c64 / dwice 22c70 saves ESI on the stack; dwice 22c71 ESI points to a Heap Object; dwice 22c79 saves EDI on the stack; dwice 22c7a it jumps if really Heap Object exists; dwice 22c7c ESI points to the original Heap Block; dwice 22c84 it jumps surely; dwice 22c8b parameter passed by value; dwice 22c90 this proc generates a pseudo random number < to the parameter passed by value; dwice 22cac ESI points to another Heap Object; dwice 22cb4 it jumps if really Heap Object exists; dwice 22cb6 ESI points to the original Heap Block; dwice 22cbe it jumps surely; dwice 22cc5 EDI == parameter passed ( top of the stack... ); dwice 22cc9 ECX = number of bytes to copy; dwice 22cce copy operation; dwice 22cd0 restore EDI; dwice 22cd6 restore ESI; dwice 22ce0 saves ESI on the stack; dwice 22ce1 ESI == offset base of Src Memory Block! dwice 22ce7 saves EDI on the stack; dwice 22ce8 init EDI; dwice 22cec it jumps if exists a Memory Block; else ... dwice 22cee ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 22cfd EAX points to the offset A94404h; dwice 22d04 it jumps if [A94404h] == 0; dwice 22d06 EAX points to Heap block; dwice 22d07 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 22d0c parameter passed by value; dwice 22d11 init the location that will store a new pointer to M. Heap Block; dwice 22d1b this proc allocates a M. Block in the Heap pointed by EAX; dwice 22d20 realign the stack; dwice 22d23 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22d25 parameter passed by value; dwice 22d2a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 22d2f realign the stack; dwice 22d32 [A94404h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22d40 it jumps if EDI == 0; dwice 22d42 EDI points to Heap block; dwice 22d43 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22d48 realign the stack; dwice 22d4b parameter passed by value; dwice 22d50 this proc generates a pseudo random number < to the parameter passed by value; dwice 22d75 EDX == [A94404h]; dwice 22d7b First parameter passed by value; dwice 22d80 Second parameter passed by addr: offset of Src M. Block; dwice 22d81 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22d82 This proc copies bytes of Src M. Block in the New M.Block; dwice 22d92 \ dwice 22d93 | dwice 22d98 | dwice 22d9e | dwice 22da0 | ; This piece of code copies bytes of dwice 22da5 | ; Src Memory Block in the dest. Memory dwice 22daa | ; Block allocated in the heap; dwice 22dac | dwice 22dad | dwice 22dae | dwice 22db1 | dwice 22db4 / dwice 22e30 saves ESI on the stack; dwice 22e31 ESI == offset base of Src Memory Block! dwice 22e37 saves EDI on the stack; dwice 22e38 init EDI; dwice 22e3c it jumps if exists a Memory Block; else ... dwice 22e3e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 22e4d EAX points to the offset A94400h; dwice 22e54 it jumps if [A94400h] == 0; dwice 22e56 EAX points to Heap block; dwice 22e57 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 22e5c parameter passed by value; dwice 22e61 init the location that will store a new pointer to M. Heap Block; dwice 22e6b this proc allocates a M. Block in the Heap pointed by EAX; dwice 22e70 realign the stack; dwice 22e73 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22e75 parameter passed by value; dwice 22e7a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 22e7f realign the stack; dwice 22e82 [A94400h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22e90 it jumps if EDI == 0; dwice 22e92 EDI points to Heap block; dwice 22e93 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22e98 realign the stack; dwice 22e9b parameter passed by value; dwice 22ea0 this proc generates a pseudo random number < to the parameter passed by value; dwice 22ec5 EDX == [A94400h]; dwice 22ecb First parameter passed by value; dwice 22ed0 Second parameter passed by addr: offset of Src M. Block; dwice 22ed1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 22ed2 This proc copies bytes of Src M. Block in the New M.Block; dwice 22ee2 \ dwice 22ee3 | dwice 22ee8 | dwice 22eee | dwice 22ef0 | ; This piece of code copies bytes of dwice 22ef5 | ; Src Memory Block in the dest. Memory dwice 22efa | ; Block allocated in the heap; dwice 22efc | dwice 22efd | dwice 22efe | dwice 22f01 | dwice 22f04 / dwice 22f80 saves ESI on the stack; dwice 22f81 ESI == offset base of Src Memory Block! dwice 22f87 saves EDI on the stack; dwice 22f88 init EDI; dwice 22f8c it jumps if exists a Memory Block; else ... dwice 22f8e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 22f9d EAX points to the offset A94418h; dwice 22fa4 it jumps if [A94418h] == 0; dwice 22fa6 EAX points to Heap block; dwice 22fa7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 22fac parameter passed by value; dwice 22fb1 init the location that will store a new pointer to M. Heap Block; dwice 22fbb this proc allocates a M. Block in the Heap pointed by EAX; dwice 22fc0 realign the stack; dwice 22fc3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22fc5 parameter passed by value; dwice 22fca this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 22fcf realign the stack; dwice 22fd2 [A94418h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 22fe0 it jumps if EDI == 0; dwice 22fe2 EDI points to Heap block; dwice 22fe3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 22fe8 realign the stack; dwice 22feb parameter passed by value; dwice 22ff0 this proc generates a pseudo random number < to the parameter passed by value; dwice 23015 EDX == [A94418h]; dwice 2301b First parameter passed by value; dwice 23020 Second parameter passed by addr: offset of Src M. Block; dwice 23021 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23022 This proc copies bytes of Src M. Block in the New M.Block; dwice 23032 \ dwice 23033 | dwice 23038 | dwice 2303e | dwice 23040 | ; This piece of code copies bytes of dwice 23045 | ; Src Memory Block in the dest. Memory dwice 2304a | ; Block allocated in the heap; dwice 2304c | dwice 2304d | dwice 2304e | dwice 23051 | dwice 23054 / dwice 230d0 saves ESI on the stack; dwice 230d1 ESI == offset base of Src Memory Block! dwice 230d7 saves EDI on the stack; dwice 230d8 init EDI; dwice 230dc it jumps if exists a Memory Block; else ... dwice 230de ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 230ed EAX points to the offset A9441Ch; dwice 230f4 it jumps if [A9441Ch] == 0; dwice 230f6 EAX points to Heap block; dwice 230f7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 230fc parameter passed by value; dwice 23101 init the location that will store a new pointer to M. Heap Block; dwice 2310b this proc allocates a M. Block in the Heap pointed by EAX; dwice 23110 realign the stack; dwice 23113 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23115 parameter passed by value; dwice 2311a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2311f realign the stack; dwice 23122 [A9441Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23130 it jumps if EDI == 0; dwice 23132 EDI points to Heap block; dwice 23133 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23138 realign the stack; dwice 2313b parameter passed by value; dwice 23140 this proc generates a pseudo random number < to the parameter passed by value; dwice 23165 EDX == [A9441Ch]; dwice 2316b First parameter passed by value; dwice 23170 Second parameter passed by addr: offset of Src M. Block; dwice 23171 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23172 This proc copies bytes of Src M. Block in the New M.Block; dwice 23182 \ dwice 23183 | dwice 23188 | dwice 2318e | dwice 23190 | ; This piece of code copies bytes of dwice 23195 | ; Src Memory Block in the dest. Memory dwice 2319a | ; Block allocated in the heap; dwice 2319c | dwice 2319d | dwice 2319e | dwice 231a1 | dwice 231a4 / dwice 23220 saves ESI on the stack; dwice 23221 ESI == offset base of Src Memory Block! dwice 23227 saves EDI on the stack; dwice 23228 init EDI; dwice 2322c it jumps if exists a Memory Block; else ... dwice 2322e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2323d EAX points to the offset A94428h; dwice 23244 it jumps if [A94428h] == 0; dwice 23246 EAX points to Heap block; dwice 23247 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2324c parameter passed by value; dwice 23251 init the location that will store a new pointer to M. Heap Block; dwice 2325b this proc allocates a M. Block in the Heap pointed by EAX; dwice 23260 realign the stack; dwice 23263 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23265 parameter passed by value; dwice 2326a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2326f realign the stack; dwice 23272 [A94428h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23280 it jumps if EDI == 0; dwice 23282 EDI points to Heap block; dwice 23283 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23288 realign the stack; dwice 2328b parameter passed by value; dwice 23290 this proc generates a pseudo random number < to the parameter passed by value; dwice 232b5 EDX == [A94428h]; dwice 232bb First parameter passed by value; dwice 232c0 Second parameter passed by addr: offset of Src M. Block; dwice 232c1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 232c2 This proc copies bytes of Src M. Block in the New M.Block; dwice 232d2 \ dwice 232d3 | dwice 232d8 | dwice 232de | dwice 232e0 | ; This piece of code copies bytes of dwice 232e5 | ; Src Memory Block in the dest. Memory dwice 232ea | ; Block allocated in the heap; dwice 232ec | dwice 232ed | dwice 232ee | dwice 232f1 | dwice 232f4 / dwice 23370 saves ESI on the stack; dwice 23371 ESI == offset base of Src Memory Block! dwice 23377 saves EDI on the stack; dwice 23378 init EDI; dwice 2337c it jumps if exists a Memory Block; else ... dwice 2337e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2338d EAX points to the offset A94424h; dwice 23394 it jumps if [A94424h] == 0; dwice 23396 EAX points to Heap block; dwice 23397 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2339c parameter passed by value; dwice 233a1 init the location that will store a new pointer to M. Heap Block; dwice 233ab this proc allocates a M. Block in the Heap pointed by EAX; dwice 233b0 realign the stack; dwice 233b3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 233b5 parameter passed by value; dwice 233ba this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 233bf realign the stack; dwice 233c2 [A94424h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 233d0 it jumps if EDI == 0; dwice 233d2 EDI points to Heap block; dwice 233d3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 233d8 realign the stack; dwice 233db parameter passed by value; dwice 233e0 this proc generates a pseudo random number < to the parameter passed by value; dwice 23405 EDX == [A94424h]; dwice 2340b First parameter passed by value; dwice 23410 Second parameter passed by addr: offset of Src M. Block; dwice 23411 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23412 This proc copies bytes of Src M. Block in the New M.Block; dwice 23422 \ dwice 23423 | dwice 23428 | dwice 2342e | dwice 23430 | ; This piece of code copies bytes of dwice 23435 | ; Src Memory Block in the dest. Memory dwice 2343a | ; Block allocated in the heap; dwice 2343c | dwice 2343d | dwice 2343e | dwice 23441 | dwice 23444 / dwice 234c0 saves ESI on the stack; dwice 234c1 ESI == offset base of Src Memory Block! dwice 234c7 saves EDI on the stack; dwice 234c8 init EDI; dwice 234cc it jumps if exists a Memory Block; else ... dwice 234ce ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 234dd EAX points to the offset A94420h; dwice 234e4 it jumps if [A94420h] == 0; dwice 234e6 EAX points to Heap block; dwice 234e7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 234ec parameter passed by value; dwice 234f1 init the location that will store a new pointer to M. Heap Block; dwice 234fb this proc allocates a M. Block in the Heap pointed by EAX; dwice 23500 realign the stack; dwice 23503 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23505 parameter passed by value; dwice 2350a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2350f realign the stack; dwice 23512 [A94420h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23520 it jumps if EDI == 0; dwice 23522 EDI points to Heap block; dwice 23523 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23528 realign the stack; dwice 2352b parameter passed by value; dwice 23530 this proc generates a pseudo random number < to the parameter passed by value; dwice 23555 EDX == [A94420h]; dwice 2355b First parameter passed by value; dwice 23560 Second parameter passed by addr: offset of Src M. Block; dwice 23561 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23562 This proc copies bytes of Src M. Block in the New M.Block; dwice 23572 \ dwice 23573 | dwice 23578 | dwice 2357e | dwice 23580 | ; This piece of code copies bytes of dwice 23585 | ; Src Memory Block in the dest. Memory dwice 2358a | ; Block allocated in the heap; dwice 2358c | dwice 2358d | dwice 2358e | dwice 23591 | dwice 23594 / dwice 235a0 saves ESI on the stack; dwice 235a1 ESI points to a Heap Object; dwice 235a9 saves EDI on the stack; dwice 235aa it jumps if really Heap Object exists; dwice 235ac ESI points to the original Heap Block; dwice 235b4 it jumps surely; dwice 235bb parameter passed by value; dwice 235c0 this proc generates a pseudo random number < to the parameter passed by value; dwice 235da ESI points to another Heap Object; dwice 235e2 it jumps if really Heap Object exists; dwice 235e4 ESI points to the original Heap Block; dwice 235ec it jumps surely; dwice 235f3 EDI == parameter passed ( top of the stack... ); dwice 235f7 ECX = number of bytes to copy; dwice 235fc copy operation; dwice 235fe restore EDI; dwice 23604 restore ESI; dwice 23610 saves ESI on the stack; dwice 23611 ESI == offset base of Src Memory Block! dwice 23617 saves EDI on the stack; dwice 23618 init EDI; dwice 2361c it jumps if exists a Memory Block; else ... dwice 2361e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2362d EAX points to the offset A94414h; dwice 23634 it jumps if [A94414h] == 0; dwice 23636 EAX points to Heap block; dwice 23637 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2363c parameter passed by value; dwice 23641 init the location that will store a new pointer to M. Heap Block; dwice 2364b this proc allocates a M. Block in the Heap pointed by EAX; dwice 23650 realign the stack; dwice 23653 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23655 parameter passed by value; dwice 2365a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2365f realign the stack; dwice 23662 [A94414h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23670 it jumps if EDI == 0; dwice 23672 EDI points to Heap block; dwice 23673 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23678 realign the stack; dwice 2367b parameter passed by value; dwice 23680 this proc generates a pseudo random number < to the parameter passed by value; dwice 236a5 EDX == [A94414h]; dwice 236ab First parameter passed by value; dwice 236b0 Second parameter passed by addr: offset of Src M. Block; dwice 236b1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 236b2 This proc copies bytes of Src M. Block in the New M.Block; dwice 236c2 \ dwice 236c3 | dwice 236c8 | dwice 236ce | dwice 236d0 | ; This piece of code copies bytes of dwice 236d5 | ; Src Memory Block in the dest. Memory dwice 236da | ; Block allocated in the heap; dwice 236dc | dwice 236dd | dwice 236de | dwice 236e1 | dwice 236e4 / dwice 236f0 saves ESI on the stack; dwice 236f1 ESI points to a Heap Object; dwice 236fa it jumps if really Heap Object exists; dwice 236fc ESI points to the original Heap Block; dwice 23704 it jumps surely; dwice 2370b parameter passed by value; dwice 23710 this proc generates a pseudo random number < to the parameter passed by value; dwice 2372c ESI points to another Heap Object; dwice 23734 it jumps if really Heap Object exists; dwice 23736 ESI points to the original Heap Block; dwice 2373e it jumps surely; dwice 23745 EDI == parameter passed ( top of the stack... ); dwice 23749 ECX = number of bytes to copy; dwice 2374e copy operation; dwice 23760 saves ESI on the stack; dwice 23761 ESI == offset base of Src Memory Block! dwice 23767 saves EDI on the stack; dwice 23768 init EDI; dwice 2376c it jumps if exists a Memory Block; else ... dwice 2376e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2377d EAX points to the offset A9442Ch; dwice 23784 it jumps if [A9442Ch] == 0; dwice 23786 EAX points to Heap block; dwice 23787 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2378c parameter passed by value; dwice 23791 init the location that will store a new pointer to M. Heap Block; dwice 2379b this proc allocates a M. Block in the Heap pointed by EAX; dwice 237a0 realign the stack; dwice 237a3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 237a5 parameter passed by value; dwice 237aa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 237af realign the stack; dwice 237b2 [A9442Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 237c0 it jumps if EDI == 0; dwice 237c2 EDI points to Heap block; dwice 237c3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 237c8 realign the stack; dwice 237cb parameter passed by value; dwice 237d0 this proc generates a pseudo random number < to the parameter passed by value; dwice 237f5 EDX == [A9442Ch]; dwice 237fb First parameter passed by value; dwice 23800 Second parameter passed by addr: offset of Src M. Block; dwice 23801 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23802 This proc copies bytes of Src M. Block in the New M.Block; dwice 23812 \ dwice 23813 | dwice 23818 | dwice 2381e | dwice 23820 | ; This piece of code copies bytes of dwice 23825 | ; Src Memory Block in the dest. Memory dwice 2382a | ; Block allocated in the heap; dwice 2382c | dwice 2382d | dwice 2382e | dwice 23831 | dwice 23834 / dwice 238b0 saves ESI on the stack; dwice 238b1 ESI == offset base of Src Memory Block! dwice 238b7 saves EDI on the stack; dwice 238b8 init EDI; dwice 238bc it jumps if exists a Memory Block; else ... dwice 238be ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 238cd EAX points to the offset A94440h; dwice 238d4 it jumps if [A94440h] == 0; dwice 238d6 EAX points to Heap block; dwice 238d7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 238dc parameter passed by value; dwice 238e1 init the location that will store a new pointer to M. Heap Block; dwice 238eb this proc allocates a M. Block in the Heap pointed by EAX; dwice 238f0 realign the stack; dwice 238f3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 238f5 parameter passed by value; dwice 238fa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 238ff realign the stack; dwice 23902 [A94440h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23910 it jumps if EDI == 0; dwice 23912 EDI points to Heap block; dwice 23913 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23918 realign the stack; dwice 2391b parameter passed by value; dwice 23920 this proc generates a pseudo random number < to the parameter passed by value; dwice 23945 EDX == [A94440h]; dwice 2394b First parameter passed by value; dwice 23950 Second parameter passed by addr: offset of Src M. Block; dwice 23951 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23952 This proc copies bytes of Src M. Block in the New M.Block; dwice 23962 \ dwice 23963 | dwice 23968 | dwice 2396e | dwice 23970 | ; This piece of code copies bytes of dwice 23975 | ; Src Memory Block in the dest. Memory dwice 2397a | ; Block allocated in the heap; dwice 2397c | dwice 2397d | dwice 2397e | dwice 23981 | dwice 23984 / dwice 23a00 saves ESI on the stack; dwice 23a01 ESI == offset base of Src Memory Block! dwice 23a07 saves EDI on the stack; dwice 23a08 init EDI; dwice 23a0c it jumps if exists a Memory Block; else ... dwice 23a0e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 23a1d EAX points to the offset A94430h; dwice 23a24 it jumps if [A94430h] == 0; dwice 23a26 EAX points to Heap block; dwice 23a27 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 23a2c parameter passed by value; dwice 23a31 init the location that will store a new pointer to M. Heap Block; dwice 23a3b this proc allocates a M. Block in the Heap pointed by EAX; dwice 23a40 realign the stack; dwice 23a43 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23a45 parameter passed by value; dwice 23a4a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 23a4f realign the stack; dwice 23a52 [A94430h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23a60 it jumps if EDI == 0; dwice 23a62 EDI points to Heap block; dwice 23a63 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23a68 realign the stack; dwice 23a6b parameter passed by value; dwice 23a70 this proc generates a pseudo random number < to the parameter passed by value; dwice 23a95 EDX == [A94430h]; dwice 23a9b First parameter passed by value; dwice 23aa0 Second parameter passed by addr: offset of Src M. Block; dwice 23aa1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23aa2 This proc copies bytes of Src M. Block in the New M.Block; dwice 23ab2 \ dwice 23ab3 | dwice 23ab8 | dwice 23abe | dwice 23ac0 | ; This piece of code copies bytes of dwice 23ac5 | ; Src Memory Block in the dest. Memory dwice 23aca | ; Block allocated in the heap; dwice 23acc | dwice 23acd | dwice 23ace | dwice 23ad1 | dwice 23ad4 / dwice 23b50 saves ESI on the stack; dwice 23b51 ESI == offset base of Src Memory Block! dwice 23b57 saves EDI on the stack; dwice 23b58 init EDI; dwice 23b5c it jumps if exists a Memory Block; else ... dwice 23b5e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 23b6d EAX points to the offset A9443Ch; dwice 23b74 it jumps if [A9443Ch] == 0; dwice 23b76 EAX points to Heap block; dwice 23b77 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 23b7c parameter passed by value; dwice 23b81 init the location that will store a new pointer to M. Heap Block; dwice 23b8b this proc allocates a M. Block in the Heap pointed by EAX; dwice 23b90 realign the stack; dwice 23b93 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23b95 parameter passed by value; dwice 23b9a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 23b9f realign the stack; dwice 23ba2 [A94434h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23bb0 it jumps if EDI == 0; dwice 23bb2 EDI points to Heap block; dwice 23bb3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23bb8 realign the stack; dwice 23bbb parameter passed by value; dwice 23bc0 this proc generates a pseudo random number < to the parameter passed by value; dwice 23be5 EDX == [A9443Ch]; dwice 23beb First parameter passed by value; dwice 23bf0 Second parameter passed by addr: offset of Src M. Block; dwice 23bf1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23bf2 This proc copies bytes of Src M. Block in the New M.Block; dwice 23c02 \ dwice 23c03 | dwice 23c08 | dwice 23c0e | dwice 23c10 | ; This piece of code copies bytes of dwice 23c15 | ; Src Memory Block in the dest. Memory dwice 23c1a | ; Block allocated in the heap; dwice 23c1c | dwice 23c1d | dwice 23c1e | dwice 23c21 | dwice 23c24 / dwice 23c30 saves ESI on the stack; dwice 23c31 ESI points to a Heap Object; dwice 23c39 saves EDI on the stack; dwice 23c3a it jumps if really Heap Object exists; dwice 23c3c ESI points to the original Heap Block; dwice 23c44 it jumps surely; dwice 23c4b parameter passed by value; dwice 23c50 this proc generates a pseudo random number < to the parameter passed by value; dwice 23c6c ESI points to another Heap Object; dwice 23c74 it jumps if really Heap Object exists; dwice 23c76 ESI points to the original Heap Block; dwice 23c7e it jumps surely; dwice 23c85 EDI == parameter passed ( top of the stack... ); dwice 23c89 ECX = number of bytes to copy; dwice 23c8e copy operation; dwice 23c90 restore EDI; dwice 23c96 restore ESI; dwice 23ca0 saves ESI on the stack; dwice 23ca1 ESI == offset base of Src Memory Block! dwice 23ca7 saves EDI on the stack; dwice 23ca8 init EDI; dwice 23cac it jumps if exists a Memory Block; else ... dwice 23cae ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 23cbd EAX points to the offset A94438h; dwice 23cc4 it jumps if [A94438h] == 0; dwice 23cc6 EAX points to Heap block; dwice 23cc7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 23ccc parameter passed by value; dwice 23cd1 init the location that will store a new pointer to M. Heap Block; dwice 23cdb this proc allocates a M. Block in the Heap pointed by EAX; dwice 23ce0 realign the stack; dwice 23ce3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23ce5 parameter passed by value; dwice 23cea this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 23cef realign the stack; dwice 23cf2 [A94438h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23d00 it jumps if EDI == 0; dwice 23d02 EDI points to Heap block; dwice 23d03 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23d08 realign the stack; dwice 23d0b parameter passed by value; dwice 23d10 this proc generates a pseudo random number < to the parameter passed by value; dwice 23d35 EDX == [A94438h]; dwice 23d3b First parameter passed by value; dwice 23d40 Second parameter passed by addr: offset of Src M. Block; dwice 23d41 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23d42 This proc copies bytes of Src M. Block in the New M.Block; dwice 23d52 \ dwice 23d53 | dwice 23d58 | dwice 23d5e | dwice 23d60 | ; This piece of code copies bytes of dwice 23d65 | ; Src Memory Block in the dest. Memory dwice 23d6a | ; Block allocated in the heap; dwice 23d6c | dwice 23d6d | dwice 23d6e | dwice 23d71 | dwice 23d74 / dwice 23d80 saves ESI on the stack; dwice 23d81 ESI points to a Heap Object; dwice 23d89 saves EDI on the stack; dwice 23d8a it jumps if really Heap Object exists; dwice 23d8c ESI points to the original Heap Block; dwice 23d94 it jumps surely; dwice 23d9b parameter passed by value; dwice 23da0 this proc generates a pseudo random number < to the parameter passed by value; dwice 23db9 ESI points to another Heap Object; dwice 23dc1 it jumps if really Heap Object exists; dwice 23dc3 ESI points to the original Heap Block; dwice 23dcb it jumps surely; dwice 23dd2 EDI == parameter passed ( top of the stack... ); dwice 23dd6 ECX = number of bytes to copy; dwice 23ddb copy operation; dwice 23ddd restore EDI; dwice 23de3 restore ESI; dwice 23df0 saves ESI on the stack; dwice 23df1 ESI == offset base of Src Memory Block! dwice 23df7 saves EDI on the stack; dwice 23df8 init EDI; dwice 23dfc it jumps if exists a Memory Block; else ... dwice 23dfe ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 23e0d EAX points to the offset A94434h; dwice 23e14 it jumps if [A94434h] == 0; dwice 23e16 EAX points to Heap block; dwice 23e17 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 23e1c parameter passed by value; dwice 23e21 init the location that will store a new pointer to M. Heap Block; dwice 23e2b this proc allocates a M. Block in the Heap pointed by EAX; dwice 23e30 realign the stack; dwice 23e33 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23e35 parameter passed by value; dwice 23e3a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 23e3f realign the stack; dwice 23e42 [A94434h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23e50 it jumps if EDI == 0; dwice 23e52 EDI points to Heap block; dwice 23e53 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23e58 realign the stack; dwice 23e5b parameter passed by value; dwice 23e60 this proc generates a pseudo random number < to the parameter passed by value; dwice 23e85 EDX == [A94434h]; dwice 23e8b First parameter passed by value; dwice 23e90 Second parameter passed by addr: offset of Src M. Block; dwice 23e91 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23e92 This proc copies bytes of Src M. Block in the New M.Block; dwice 23ea2 \ dwice 23ea3 | dwice 23ea8 | dwice 23eae | dwice 23eb0 | ; This piece of code copies bytes of dwice 23eb5 | ; Src Memory Block in the dest. Memory dwice 23eba | ; Block allocated in the heap; dwice 23ebc | dwice 23ebd | dwice 23ebe | dwice 23ec1 | dwice 23ec4 / dwice 23ed0 saves ESI on the stack; dwice 23ed1 ESI points to a Heap Object; dwice 23ed9 saves EDI on the stack; dwice 23eda it jumps if really Heap Object exists; dwice 23edc ESI points to the original Heap Block; dwice 23ee4 it jumps surely; dwice 23eeb parameter passed by value; dwice 23ef0 this proc generates a pseudo random number < to the parameter passed by value; dwice 23f0a ESI points to another Heap Object; dwice 23f12 it jumps if really Heap Object exists; dwice 23f14 ESI points to the original Heap Block; dwice 23f1c it jumps surely; dwice 23f23 EDI == parameter passed ( top of the stack... ); dwice 23f27 ECX = number of bytes to copy; dwice 23f2c copy operation; dwice 23f2e restore EDI; dwice 23f34 restore ESI; dwice 23f40 saves ESI on the stack; dwice 23f41 ESI == offset base of Src Memory Block! dwice 23f47 saves EDI on the stack; dwice 23f48 init EDI; dwice 23f4c it jumps if exists a Memory Block; else ... dwice 23f4e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 23f5d EAX points to the offset A94448h; dwice 23f64 it jumps if [A94448h] == 0; dwice 23f66 EAX points to Heap block; dwice 23f67 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 23f6c parameter passed by value; dwice 23f71 init the location that will store a new pointer to M. Heap Block; dwice 23f7b this proc allocates a M. Block in the Heap pointed by EAX; dwice 23f80 realign the stack; dwice 23f83 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23f85 parameter passed by value; dwice 23f8a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 23f8f realign the stack; dwice 23f92 [A94448h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 23fa0 it jumps if EDI == 0; dwice 23fa2 EDI points to Heap block; dwice 23fa3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 23fa8 realign the stack; dwice 23fab parameter passed by value; dwice 23fb0 this proc generates a pseudo random number < to the parameter passed by value; dwice 23fd5 EDX == [A94448h]; dwice 23fdb First parameter passed by value; dwice 23fe0 Second parameter passed by addr: offset of Src M. Block; dwice 23fe1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 23fe2 This proc copies bytes of Src M. Block in the New M.Block; dwice 23ff2 \ dwice 23ff3 | dwice 23ff8 | dwice 23ffe | dwice 24000 | ; This piece of code copies bytes of dwice 24005 | ; Src Memory Block in the dest. Memory dwice 2400a | ; Block allocated in the heap; dwice 2400c | dwice 2400d | dwice 2400e | dwice 24011 | dwice 24014 / dwice 24020 saves ESI on the stack; dwice 24021 ESI points to a Heap Object; dwice 24029 saves EDI on the stack; dwice 2402a it jumps if really Heap Object exists; dwice 2402c ESI points to the original Heap Block; dwice 24034 it jumps surely; dwice 2403b parameter passed by value; dwice 24040 this proc generates a pseudo random number < to the parameter passed by value; dwice 2405a ESI points to another Heap Object; dwice 24062 it jumps if really Heap Object exists; dwice 24064 ESI points to the original Heap Block; dwice 2406c it jumps surely; dwice 24073 EDI == parameter passed ( top of the stack... ); dwice 24077 ECX = number of bytes to copy; dwice 2407c copy operation; dwice 2407e restore EDI; dwice 24084 restore ESI; dwice 24090 saves ESI on the stack; dwice 24091 ESI == offset base of Src Memory Block! dwice 24097 saves EDI on the stack; dwice 24098 init EDI; dwice 2409c it jumps if exists a Memory Block; else ... dwice 2409e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 240ad EAX points to the offset A94454h; dwice 240b4 it jumps if [A94454h] == 0; dwice 240b6 EAX points to Heap block; dwice 240b7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 240bc parameter passed by value; dwice 240c1 init the location that will store a new pointer to M. Heap Block; dwice 240cb this proc generates a pseudo random number < to the parameter passed by value; dwice 240d0 realign the stack; dwice 240d3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 240d5 parameter passed by value; dwice 240da this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 240df realign the stack; dwice 240e2 [A94454h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 240f0 it jumps if EDI == 0; dwice 240f2 EDI points to Heap block; dwice 240f3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 240f8 realign the stack; dwice 240fb parameter passed by value; dwice 24100 this proc generates a pseudo random number < to the parameter passed by value; dwice 24125 EDX == [A94454h]; dwice 2412b First parameter passed by value; dwice 24130 Second parameter passed by addr: offset of Src M. Block; dwice 24131 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 24132 This proc copies bytes of Src M. Block in the New M.Block; dwice 24142 \ dwice 24143 | dwice 24148 | dwice 2414e | dwice 24150 | ; This piece of code copies bytes of dwice 24155 | ; Src Memory Block in the dest. Memory dwice 2415a | ; Block allocated in the heap; dwice 2415c | dwice 2415d | dwice 2415e | dwice 24161 | dwice 24164 / dwice 241e0 saves ESI on the stack; dwice 241e1 ESI == offset base of Src Memory Block! dwice 241e7 saves EDI on the stack; dwice 241e8 init EDI; dwice 241ec it jumps if exists a Memory Block; else ... dwice 241ee ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 241fd EAX points to the offset A94450h; dwice 24204 it jumps if [A94450h] == 0; dwice 24206 EAX points to Heap block; dwice 24207 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2420c parameter passed by value; dwice 24211 init the location that will store a new pointer to M. Heap Block; dwice 2421b this proc allocates a M. Block in the Heap pointed by EAX; dwice 24220 realign the stack; dwice 24223 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24225 parameter passed by value; dwice 2422a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2422f realign the stack; dwice 24232 [A94450h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24240 it jumps if EDI == 0; dwice 24242 EDI points to Heap block; dwice 24243 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 24248 realign the stack; dwice 2424b parameter passed by value; dwice 24250 this proc generates a pseudo random number < to the parameter passed by value; dwice 24275 EDX == [A94450h]; dwice 2427b First parameter passed by value; dwice 24280 Second parameter passed by addr: offset of Src M. Block; dwice 24281 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 24282 This proc copies bytes of Src M. Block in the New M.Block; dwice 24292 \ dwice 24293 | dwice 24298 | dwice 2429e | dwice 242a0 | ; This piece of code copies bytes of dwice 242a5 | ; Src Memory Block in the dest. Memory dwice 242aa | ; Block allocated in the heap; dwice 242ac | dwice 242ad | dwice 242ae | dwice 242b1 | dwice 242b4 / dwice 24330 saves ESI on the stack; dwice 24331 ESI == offset base of Src Memory Block! dwice 24337 saves EDI on the stack; dwice 24338 init EDI; dwice 2433c it jumps if exists a Memory Block; else ... dwice 2433e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2434d EAX points to the offset A94444h; dwice 24354 it jumps if [A94444h] == 0; dwice 24356 EAX points to Heap block; dwice 24357 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2435c parameter passed by value; dwice 24361 init the location that will store a new pointer to M. Heap Block; dwice 2436b this proc allocates a M. Block in the Heap pointed by EAX; dwice 24370 realign the stack; dwice 24373 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24375 parameter passed by value; dwice 2437a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2437f realign the stack; dwice 24382 [A94444h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24390 it jumps if EDI == 0; dwice 24392 EDI points to Heap block; dwice 24393 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 24398 realign the stack; dwice 2439b parameter passed by value; dwice 243a0 this proc generates a pseudo random number < to the parameter passed by value; dwice 243c5 EDX == [A94444h]; dwice 243cb First parameter passed by value; dwice 243d0 Second parameter passed by addr: offset of Src M. Block; dwice 243d1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 243d2 This proc copies bytes of Src M. Block in the New M.Block; dwice 243e2 \ dwice 243e3 | dwice 243e8 | dwice 243ee | dwice 243f0 | ; This piece of code copies bytes of dwice 243f5 | ; Src Memory Block in the dest. Memory dwice 243fa | ; Block allocated in the heap; dwice 243fc | dwice 243fd | dwice 243fe | dwice 24401 | dwice 24404 / dwice 24410 saves ESI on the stack; dwice 24411 ESI points to a Heap Object; dwice 24419 saves EDI on the stack; dwice 2441a it jumps if really Heap Object exists; dwice 2441c ESI points to the original Heap Block; dwice 24424 it jumps surely; dwice 2442b parameter passed by value; dwice 24430 this proc generates a pseudo random number < to the parameter passed by value; dwice 2444a ESI points to another Heap Object; dwice 24452 it jumps if really Heap Object exists; dwice 24454 ESI points to the original Heap Block; dwice 2445c it jumps surely; dwice 24463 EDI == parameter passed ( top of the stack... ); dwice 24467 ECX = number of bytes to copy; dwice 2446c copy operation; dwice 2446e restore EDI; dwice 24474 restore ESI; dwice 24480 saves ESI on the stack; dwice 24481 ESI == offset base of Src Memory Block! dwice 24487 saves EDI on the stack; dwice 24488 init EDI; dwice 2448c it jumps if exists a Memory Block; else ... dwice 2448e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2449d EAX points to the offset A9444Ch; dwice 244a4 it jumps if [A9444Ch] == 0; dwice 244a6 EAX points to Heap block; dwice 244a7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 244ac parameter passed by value; dwice 244b1 init the location that will store a new pointer to M. Heap Block; dwice 244bb this proc allocates a M. Block in the Heap pointed by EAX; dwice 244c0 realign the stack; dwice 244c3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 244c5 parameter passed by value; dwice 244ca this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 244cf realign the stack; dwice 244d2 [A9444Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 244e0 it jumps if EDI == 0; dwice 244e2 EDI points to Heap block; dwice 244e3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 244e8 realign the stack; dwice 244eb parameter passed by value; dwice 244f0 this porc generates a pseudo random number < to the parameter passed by value; dwice 24515 EDX == [A9444Ch]; dwice 2451b First parameter passed by value; dwice 24520 Second parameter passed by addr: offset of Src M. Block; dwice 24521 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 24522 This proc copies bytes of Src M. Block in the New M.Block; dwice 24532 \ dwice 24533 | dwice 24538 | dwice 2453e | dwice 24540 | ; This piece of code copies bytes of dwice 24545 | ; Src Memory Block in the dest. Memory dwice 2454a | ; Block allocated in the heap; dwice 2454c | dwice 2454d | dwice 2454e | dwice 24551 | dwice 24554 / dwice 245d0 saves ESI on the stack; dwice 245d1 ESI == offset base of Src Memory Block! dwice 245d7 saves EDI on the stack; dwice 245d8 init EDI; dwice 245dc it jumps if exists a Memory Block; else ... dwice 245de ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 245ed EAX points to the offset A94458h; dwice 245f4 it jumps if [A94458h] == 0; dwice 245f6 EAX points to Heap block; dwice 245f7 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 245fc parameter passed by value; dwice 24601 init the location that will store a new pointer to M. Heap Block; dwice 2460b this proc allocates a M. Block in the Heap pointed by EAX; dwice 24610 realign the stack; dwice 24613 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24615 parameter passed by value; dwice 2461a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2461f realign the stack; dwice 24622 [A94458h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24630 it jumps if EDI == 0; dwice 24632 EDI points to Heap block; dwice 24633 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 24638 realign the stack; dwice 2463b parameter passed by value; dwice 24640 this proc generates a pseudo random number < to the parameter passed by value; dwice 24665 EDX == [A94458h]; dwice 2466b First parameter passed by value; dwice 24670 Second parameter passed by addr: offset of Src M. Block; dwice 24671 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 24672 This proc copies bytes of Src M. Block in the New M.Block; dwice 24682 \ dwice 24683 | dwice 24688 | dwice 2468e | dwice 24690 | ; This piece of code copies bytes of dwice 24695 | ; Src Memory Block in the dest. Memory dwice 2469a | ; Block allocated in the heap; dwice 2469c | dwice 2469d | dwice 2469e | dwice 246a1 | dwice 246a4 / dwice 24720 saves ESI on the stack; dwice 24721 ESI == offset base of Src Memory Block! dwice 24727 saves EDI on the stack; dwice 24728 init EDI; dwice 2472c it jumps if exists a Memory Block; else ... dwice 2472e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2473d EAX points to the offset A9445Ch; dwice 24744 it jumps if [A9445Ch] == 0; dwice 24746 EAX points to Heap block; dwice 24747 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2474c parameter passed by value; dwice 24751 init the location that will store a new pointer to M. Heap Block; dwice 2475b this proc allocates a M. Block in the Heap pointed by EAX; dwice 24760 realign the stack; dwice 24763 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24765 parameter passed by value; dwice 2476a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2476f realign the stack; dwice 24772 [A9445Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 24780 it jumps if EDI == 0; dwice 24782 EDI points to Heap block; dwice 24783 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 24788 realign the stack; dwice 2478b parameter passed by value; dwice 24790 this proc generates a pseudo random number < to the parameter passed by value; dwice 247b5 EDX == [A9445Ch]; dwice 247bb First parameter passed by value; dwice 247c0 Second parameter passed by addr: offset of Src M. Block; dwice 247c1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 247c2 This proc copies bytes of Src M. Block in the New M.Block; dwice 247d2 \ dwice 247d3 | dwice 247d8 | dwice 247de | dwice 247e0 | ; This piece of code copies bytes of dwice 247e5 | ; Src Memory Block in the dest. Memory dwice 247ea | ; Block allocated in the heap; dwice 247ec | dwice 247ed | dwice 247ee | dwice 247f1 | dwice 247f4 / dwice 24800 saves ESI on the stack; dwice 24801 ESI points to a Heap Object; dwice 24809 saves EDI on the stack; dwice 2480a it jumps if really Heap Object exists; dwice 2480c ESI points to the original Heap Block; dwice 24814 it jumps surely; dwice 2481b parameter passed by value; dwice 24820 this proc generates a pseudo random number < to the parameter passed by value; dwice 2483a ESI points to another Heap Object; dwice 24842 it jumps if really Heap Object exists; dwice 24844 ESI points to the original Heap Block; dwice 2484c it jumps surely; dwice 24853 EDI == parameter passed ( top of the stack... ); dwice 24857 ECX = number of bytes to copy; dwice 2485c copy operation; dwice 2485e restore EDI; dwice 24864 restore ESI; dwice 24870 saves ESI on the stack; dwice 24871 ESI == offset base of Src Memory Block! dwice 24877 saves EDI on the stack; dwice 24878 init EDI; dwice 2487c it jumps if exists a Memory Block; else ... dwice 2487e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2488d EAX points to the offset A94460h; dwice 24894 it jumps if [A94460h] == 0; dwice 24896 EAX points to Heap block; dwice 24897 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2489c parameter passed by value; dwice 248a1 init the location that will store a new pointer to M. Heap Block; dwice 248ab this proc allocates a M. Block in the Heap pointed by EAX; dwice 248b0 realign the stack; dwice 248b3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 248b5 parameter passed by value; dwice 248ba this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 248bf realign the stack; dwice 248c2 [A94460h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 248d0 it jumps if EDI == 0; dwice 248d2 EDI points to Heap block; dwice 248d3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 248d8 realign the stack; dwice 248db parameter passed by value; dwice 248e0 this proc generates a pseudo random number < to the parameter passed by value; dwice 24905 EDX == [A94460h]; dwice 2490b First parameter passed by value; dwice 24910 Second parameter passed by addr: offset of Src M. Block; dwice 24911 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 24912 This proc copies bytes of Src M. Block in the New M.Block; dwice 24922 \ dwice 24923 | dwice 24928 | dwice 2492e | dwice 24930 | ; This piece of code copies bytes of dwice 24935 | ; Src Memory Block in the dest. Memory dwice 2493a | ; Block allocated in the heap; dwice 2493c | dwice 2493d | dwice 2493e | dwice 24941 | dwice 24944 / dwice 24950 ECX == second parameter -> offset of String1; dwice 24958 DL == first parameter -> current Serial's char; dwice 2495c init EAX;we consider it as an index i; dwice 2495e DL == String1[2*i] ? dwice 24960 if this test is ok, we exit to the loop; the Sub returns the value of the index i; dwice 24962 else it continues;i = i+1; dwice 24963 ECX = ECX+2; dwice 24966 the loop finishes when we have find the Serial's char in the String1 or when we visit its all; ( lengh of the String1 == 20h) dwice 2496b if we land here, we have a mistake; dwice 24aa0 EDX = First parameter = Offset of Serial; dwice 24aa7 save EDI ESI EBP EBX on the stack; dwice 24aa8 EDI = Offset of serial; dwice 24aaa ECX = -1; dwice 24aad EAX = 0; dwice 24ab4 Test the Length of Serial; if not equal to 1Eh... dwice 24ab9 we jump here; dwice 24abc EAX = 0, Magic Value, we have mistake; dwice 24abe restore EDI ESI EBP EBX; dwice 24ac0 EBP = Second Parameter = Destination Buffer of Cryptic Serial; dwice 24ac4 EBX = Offset of Serial; dwice 24ac6 ESI = 0; pointer of Cryptic Serial Buffer; dwice 24ac8 EBX = -100h; dwice 24aca EDI points to current byte of Cryptic Serial Buffer; dwice 24acd AL = current byte of Serial; dwice 24ad0 First parameter passed by value: Current Serial's byte; dwice 24ad1 Second paramter passed by address: offset of String1; dwice 24ad6 This Sub test if the current Serial' char is in a even position of Second parameter; dwice 24adb realign the stack; dwice 24ade EAX is the index position j where: Current Serial byte == String1[2*j]; dwice 24ae0 if EAX < 0 we have a mistake; dwice 24af4 1° group = (5,9,0Bh,0Ch); if ESI belongs it, it jumps in ONE; dwice 24b08 2° group = (4,6,0Ah,0Fh); if ESI belongs it, it jumps in TWO; dwice 24b1b 3° group = (0,2,8,0Eh); if ESI belongs it, it jumps in THREE; dwice 24b1d 4° group = others indexes; CL = [HashTable's base offset + 3 + 4*j]; dwice 24b26 THREE: DL = [HashTable's base offset + 2 + 4*j]; dwice 24b2d DL is saved in Current Byte of Cryptic Serial Buffer; dwice 24b31 TWO: AL = [HashTable's base offset + 1 + 4*j]; dwice 24b38 AL is saved in Current Byte of Cryptic Serial Buffer; dwice 24b3c ONE: CL = [HashTable's base offset + 4*j]; dwice 24b43 CL is saved in Current Byte of Cryptic Serial Buffer; dwice 24b45 increment the pointer to Crytic Serial Buffer: ESI = ESI + 1; dwice 24b46 repeat the loop until ESI = Length of Serial; dwice 24b52 EAX = 1, Magic Value, it's OK; dwice 24b57 restore EDI ESI EBP EBX; dwice 24d9d First check routine by Reg! dwice 24de3 EAX points to 'Cleaned Name'; dwice 24de7 It saves the EBX on the Stack; dwice 24de8 EBX = 17983DE1; dwice 24dee It saves EDI on the Stack; dwice 24def AL == first char of the 'Cleaned Name'; dwice 24df3 EDI == ECX == EBX == 17983DE1; dwice 24df5 EDI = EDI xor 11; Superflous!! dwice 24df8 If AL == 0 ( no Char in the 'Cleaned Name') we have mistake; dwice 24dfa Saves ECX on the stack; dwice 24dfe inits [ESP + C]; dwice 24e0d Saves ESI and EBP on the stack; dwice 24e0e Parameter passed by value: current char of 'Cleaned Name'; dwice 24e0f This Sub converts the Current Char in a UPPERCASE Char; dwice 24e14 ECX points to 'Cleaned Name'; dwice 24e18 EBP == Uppercase of Char of 'Cleaned Name' dwice 24e1d Parameter passed by value: current char of 'Cleaned Name'; dwice 24e1e This Sub converts the Current Char in a UPPERCASE Char; dwice 24e23 ESI == Uppercase of Char of 'Cleaned Name'; dwice 24e26 EAX points to 'Cleaned Name'; dwice 24e2c Parameter passed by value: current char of 'Cleaned Name'; dwice 24e2d This Sub converts the Current Char in a UPPERCASE Char; dwice 24e32 ECX = 1Dh; dwice 24e38 Realign the stack; dwice 24e3b EAX == Uppercase of Char of 'Cleaned Name'; dwice 24e44 ECX = 06h; dwice 24e4c ECX = 15h; dwice 24e52 EDX = Current UPPERCASE Char * [2^1Dh xor 2^06]; dwice 24e58 ECX = 0Fh; dwice 24e5e EDX = Current UPPERCASE Char * [2^1Dh xor 2^06 xor 2^15h]; dwice 24e64 ECX = 19h; dwice 24e6a EDX = Current UPPERCASE Char * [2^1Dh xor 2^06 xor 2^15h xor 2^0Fh]; dwice 24e70 ECX = 09; dwice 24e76 EDX = Current UPPERCASE Char * [2^1Dh xor 2^06 xor 2^15h xor 2^0Fh xor 2^19h]; dwice 24e7c [ESP+10h] == ECX (At the begin is 17983DE1); dwice 24e82 EDI = Current UPPERCASE Char; dwice 24e84 -- > EAX = Current Char * [2^1Dh xor 2^06 xor 2^15h xor 2^0Fh xor 2^19h xor 2^09h xor 1]; dwice 24e86 EDX = Current UPPERCASE Char; dwice 24e88 ECX = [ESP +10h] xor EAX; dwice 24e8a EBX = EBX xor EAX; at the begin EBX = [004F144C]; dwice 24e8c Stores ECX in [ESP +10h]; dwice 24e90 ECX = 1Dh; dwice 24e98 ECX = 06; dwice 24ea0 ECX = 15h; dwice 24eac ECX = 0Fh; dwice 24eb8 ECX = 19h; dwice 24ec4 ECX = 09; dwice 24eca EDX = Current Char *[2^1Dh xor 2^06 xor 2^15h xor 2^0Fh xor 2^19h]; dwice 24ecc EDI == Current Char; dwice 24ed0 ECX = EAX = Current Char * [2^1Dh xor 2^06 xor 2^15h xor 2^0Fh xor 2^19h xor 2^09h xor 1]; dwice 24ed2 ECX = ECX xor EBX -> EAX xor EBX -> EAX xor ( EAX xor EBX) -> ECX = EBX; dwice 24ed4 EDX = Current Char *[2^1Dh xor 2^06 xor 2^15h xor 2^0Fh xor 2^19h xor 2^09h]; dwice 24ed6 -- > EDI = EAX = Current Char * [2^1Dh xor 2^06 xor 2^15h xor 2^0Fh xor 2^19h xor 2^09h xor 1]; dwice 24ed8 EDX = Current Char; dwice 24eda EDI = EDI ( == EAX) or EBX; dwice 24edc EDX = EDX xor ESI -> Current Char xor ( Current Char) -> EDX == 0; dwice 24ede ESI points to 'Cleaned Name'; dwice 24ee2 EDX == EDX or ECX; -> EDX = ECX; dwice 24ee4 ECX = [ESP +14h]; dwice 24ee8 ESI = ESI + 1; dwice 24ee9 ECX = ECX + 1; dwice 24eea [ESP + 14] = is a counter of chars examined; dwice 24eee ECX = 06; dwice 24ef4 ECX = EAX xor 06h; dwice 24ef6 [ESP +24h] is a ponter to 'Cleaned Name Buffer' upgraded ;); dwice 24efa EBX = (EAX xor EBX) or ( EAX xor 06h); dwice 24efc ECX = 1Dh; dwice 24f02 ESI = EBP == Current Char; dwice 24f04 i save the value in EBX in [ESP + 18h]; dwice 24f08 EBX = EBP == Current Char; dwice 24f0c ECX = 06; dwice 24f12 EDI = EDI + 1; dwice 24f15 ECX = 15h; dwice 24f1b ESI = Current Char * (2^1Dh xor 2^06h); dwice 24f1d EBX = Current Char; dwice 24f21 ECX = 0Fh; dwice 24f27 ESI = Current Char * (2^1Dh xor 2^06h xor 2^15h); dwice 24f29 EBX = Current Char; dwice 24f2d ECX = 19h; dwice 24f33 ESI = Current Char * (2^1Dh xor 2^06h xor 2^15h xor 2^0Fh); dwice 24f35 EBX = Current Char; dwice 24f39 ECX = 09; dwice 24f3f ESI = Current Char * (2^1Dh xor 2^06h xor 2^15h xor 2^0Fh xor 2^19h); dwice 24f41 EBX = Current Char; dwice 24f45 ESI = Current Char * (2^1Dh xor 2^06h xor 2^15h xor 2^0Fh xor 2^19h xor 2^09h); dwice 24f47 ESI = Current Char * (2^1Dh xor 2^06h xor 2^15h xor 2^0Fh xor 2^19h xor 2^09h xor 1); dwice 24f49 EBP = ESI; dwice 24f4e EBP = EBP * ( 2^5-1) -> EBP = EBP * 1Fh; dwice 24f50 Check if EDI <= 11h; dwice 24f55 We land here if EDI > 11h; ECX = EBP * 5; dwice 24f59 EDI = EDI + 4FEh; dwice 24f62 ECX = ( 5*2^6-1) * EBP -> ECX = EBP * 13Fh; dwice 24f64 EBP = 5*ECX; dwice 24f67 EBP = EBP*2; -> EBP = ECX * 0Ah; -> EBP = EBP * 0C76h; dwice 24f69 Check if the char examined position is <= 3; dwice 24f70 We land here if Char examined position is 4th; dwice 24f74 EDI = EDI + 400h; dwice 24f7a EBP = EBP or EDI; dwice 24f7c Re - Init the position of char ezamined; in short way we do these elabs if Char position is a multiple of 5; dwice 24f87 ECX = 09; We jump here if the Char examined position is not 4th!!!; dwice 24f8d EBX = [ESP + 18h]; dwice 24f91 ECX = EAX xor 09h; dwice 24f93 EBX = (EAX xor EBX) or (EAX xor 06h) or (EAX xor 09h); dwice 24f95 ECX = EDI; dwice 24f9a ECX = ECX * 1Fh; dwice 24f9c EBP = EBP or (EAX xor EBX) or (EAX xor 06h) or (EAX xor 09h); dwice 24f9e ECX = 4 * ECX -> ECX = ECX * 7Ch; dwice 24fa1 EDI = ECX; dwice 24fa3 EDX = EDX + 83h; dwice 24fa9 Check if EBP is <= 0B3h; dwice 24fb1 We land here if EBP > 0B3h; ECX = 5 * EBP; dwice 24fb5 EDI = EDI + 4FEh; dwice 24fbe ECX = EBP * (5 * 2^6 -1); -> ECX = EBP * 13Fh; dwice 24fc0 EBP = EBP * 5; dwice 24fc3 EBP = EBP * 2; -> EBP = ECX * 0Ah; -> EBP = EBP * 0C76h; dwice 24fc7 We jump here if EBP <= 0B3h; EDI = EDI + 10A6CEh; dwice 24fcd EBP = EBP or 0DA106; dwice 24fd3 ESI = [ESP +10h]; dwice 24fd7 ECX = ESI; dwice 24fd9 ECX = ECX * 2^ (-1Fh); I consider the most significant bit!; dwice 24fdc ESI == 2* ESI; dwice 24fde Check if ECX is a negative ! dwice 24fe0 i save ESI in [ESP + 10h]; dwice 24fe4 if ECX > 8XXXXXXX, we don't jump; dwice 24fe8 ECX = ESI or 1; dwice 24feb upgrade [ESP + 10h]; dwice 24fef ECX = 0Fh; dwice 24ff5 ECX = EAX xor 0Fh; dwice 24ffc EAX = EDX * 1Fh; dwice 24ffe EBX = (EAX xor EBX) or (EAX xor 06h) or (EAX xor 09h) or (EAX xor 0Fh); dwice 25000 EDI = EDI * 10h; dwice 25003 Check if EAX <= 98187179;... dwice 25008 ...if no, ... dwice 2500a ...then EDI = EDI + 4FEh; dwice 25010 jump to the next calculation; dwice 25012 ...else EDI = EDI + 10A6CEh; dwice 25018 jump to the next calculation; dwice 2501a ECX = 0Fh; dwice 25020 ECX = EAX xor 0Fh; dwice 25022 EBX = (EAX xor EBX) or (EAX xor 06h) or (EAX xor 09h) or (EAX xor 0Fh);; dwice 25024 EDI = EDI * 2^(-4); -> remove the last nibble!!; dwice 25027 EBP = EBP xor (EAX xor EBX) or (EAX xor 06h) or (EAX xor 09h) or (EAX xor 0Fh);; dwice 25029 Check if EBX <= 821971A2h; dwice 25031 We jump here if EBX > 821971A2h; EAX = [ESP + 1Ch]; dwice 25035 ECX = EDI + 4FEh; dwice 2503b EAX = EAX xor ECX; \ dwice 2503d I save EAX in [ESP + 1Ch]; / These are a superflous Instructions!; dwice 25041 EAX = EBP * 5; dwice 25045 EAX = EBX * ( 5 * 2^6); dwice 25048 EAX = EBP * 13Fh; dwice 2504d EDX = EBP * 0C76h; dwice 2504f EDI = EDI xor EDX; dwice 25051 we jump to the next calculation!; dwice 25053 We jump here if EBX <= 821971A2h; EBP = EBP + 10A6CEh; dwice 25059 EDI = EDI or EBP; dwice 2505b EAX = point to Name Buffer upgraded; dwice 2505f AL = Next Char!; dwice 25069 ECX = [ESP + 10h]; dwice 2506f EAX = 512980ACh; dwice 25079 If EDI <= 11h, ECX = [ESP + 10] xor 512980ACh; dwice 2507d if EDI > 11h, ECX = [ESP +10h] xor 512980ACh; dwice 2508c EAX = [ESP + 10h]; dwice 25095 EAX = [ESP + 10h]; dwice 250a6 Parameter passed by value; dwice 250a8 This sub generates a pseudo random number by the use of the API GetTickCount ;D.The return value is in EAX; dwice 250ad EAX <= 10h; it 's used as a random index; dwice 250b9 [00425454h] == Base of a switch table of 10h pointers; dwice 250c4 EAX == offset of stack's top; dwice 250c5 This proc copies a Heap object in to the stack; dwice 250d3 ECX == offset of stack's top; dwice 250d4 This proc copies a Heap object in to the stack; dwice 250e2 EDX == offset of stack's top; dwice 250e3 This proc copies a Heap object in to the stack; dwice 250f1 EAX == offset of stack's top; dwice 250f2 This proc copies a Heap object in to the stack; dwice 25100 ECX == offset of stack's top; dwice 25101 This proc copies a Heap object in to the stack; dwice 2510f EDX == offset of stack's top; dwice 25110 This proc copies a Heap object in to the stack; dwice 2511e EAX == offset of stack's top; dwice 2511f This proc copies a Heap object in to the stack; dwice 2512a ECX == offset of stack's top; dwice 2512b This proc copies a Heap object in to the stack; dwice 25136 EDX == offset of stack's top; dwice 25137 This proc copies a Heap object in to the stack; dwice 25142 EAX == offset of stack's top; dwice 25143 This proc copies a Heap object in to the stack; dwice 2514e ECX == offset of stack's top; dwice 2514f This proc copies a Heap object in to the stack; dwice 2515a EDX == offset of stack's top; dwice 2515b This proc copies a Heap object in to the stack; dwice 25166 EAX == offset of stack's top; dwice 25167 This proc copies a Heap object in to the stack; dwice 25172 ECX == offset of stack's top; dwice 25173 This proc copies a Heap object in to the stack; dwice 2517e EDX == offset of stack's top; dwice 2517f This proc copies a Heap object in to the stack; dwice 2518a EAX == offset of stack's top; dwice 2518b This proc copies a Heap object in to the stack; dwice 25196 ECX == offset of stack's top; dwice 25197 This proc copies a Heap object in to the stack; dwice 2519c Here we begin the check of the serial!; dwice 251a2 EAX is a MAGIC VALUE! if EAX == 0, ERROR else EAX == 1 and you are a good boy! dwice 251a9 EDI points to the Serial's Buffer; dwice 251bc ECX == Lengh of the Serial ( == 1Eh); dwice 251bf if check is right, goes away, else... dwice 251c1 ...BYE! EAX == 0 and so we have mistake! dwice 251cb EDI points to the Name's Buffer; the Name is without digit or special char; dwice 251d5 EAX == 0; :D dwice 251dc ECX == Lengh of the Name! dwice 251df If Name's lengh is >=2, it's OK and go away, else ... dwice 251e1 ...BYE!! we have an Error!! dwice 251ed DL == current char of the serial! dwice 251f4 EAX points to the String1; dwice 251f8 first parameter passed by value : char; dwice 251f9 second parameter passed by address: offset of String1; dwice 251fa This Sub test if the current Serial' char is in a even position of String1; dwice 251ff Realign the Stack; dwice 25202 if EAX == -1 we jump to ERROR!! dwice 25210 EDI is the pointer to Serial's Buffer! dwice 25212 EBX == 0; dwice 25219 Init ESI; dwice 2521b CL == current char of the [serial + 10h]! dwice 25222 EDX points to the String1; dwice 25226 First paramenter passed by value: char; dwice 25227 second paramenter passed by address: offset of String1; dwice 25228 This Sub test if the current Serial' char is in a even position of String1; dwice 2522d Realign the Stack; dwice 25230 if EAX == -1 we jump to ERROR!! Else EAX is the index position j where: Char == String1[2*j]; dwice 25238 ESI == ECX == 0,4,8,...,18h -> 4*i (where i is the loop's counter); dwice 2523a ESI = ESI + 4; dwice 2523d EAX = j << 4*i; -> EAX = j * 2^(4 *i); dwice 2523f [ESP + 44C] == temp value! dwice 25246 ECX = temp value or EAX; dwice 25248 EDI = EDI + 1; dwice 25249 If ESI < 18h the loop continues; dwice 2524c upgrade temp value by ECX; dwice 25253 At the end, [ESP + 44C] == Sum (j[i]*16^i) where i belong to [0...6] and j[i] is the index position in the i-esim cycle; dwice 25255 ESI = [4F1428] == 987AC16B; dwice 2525b EAX = ECX = Sum (j[i]*16^i); i call it Number1; dwice 2525d -- > EDI == EAX == Number1; dwice 2525f ECX = 6; dwice 25264 EBX = ESI = Temp Number; at the begin,it's 987AC16B; dwice 25266 EDX = Number1 >> 4*i; i is the loop's counter ( i == 6 - ECX ); dwice 25268 EBX = EBX * 2^5; dwice 2526b it selects the last nibble of EDX; dwice 2526e EBX = EBX - ESI == EBX * (2^5-1) == EBX * 1Fh; dwice 25270 EDX = EDX xor EBX; -> EDX == EBX[7:1]!! only last nibble of EBX is calculated by xoring; dwice 25272 after the last calc the nibble is superflous; so EAX SHR 4!; dwice 25275 ECX = ECX-1; dwice 25276 it saves EDX in ESI -> Temp Number; dwice 25278 -- > At the end, ESI == Number2; dwice 2527a EAX points to the 'Cleaned Name'; dwice 25281 parameter passed by address; EAX == offset of 'Cleaned Name'; dwice 25282 This sub computes on the 'Cleaned Name' and returns a value in EAX; dwice 25287 [4F1484] == 8; dwice 25298 ERROR!! dwice 2529a Magic Value is set to 0 (EAX == 0); dwice 252a4 CL = [ESP + 24Ch + 8h]; CL is a 8h-esim char of the serial; dwice 252ab the replicate the value of EAX because we will use it many times! ;) ; dwice 252ad EDX = EAX and 1Fh; dwice 252b0 [ESP + 0Ch] == points to String1; dwice 252b6 ERROR!! dwice 252b8 Magic Value is set to 0 (EAX == 0); dwice 252c2 [4F1488] == 0Eh; dwice 252d0 ERROR!! dwice 252d2 Magic Value is set to 0 (EAX == 0); dwice 252dc DL = [ESP + 24Ch + 0Eh]; DL is a 0Eh-esim char of the serial; dwice 252e3 well... we finish to use the value obtained by the last CALL and stored in EAX; dwice 252e6 EAX = (EAX >> 5) and 1Fh; dwice 252e9 [ESP + 0Ch] == points to String1; dwice 252ef ERROR!! dwice 252f1 Magic Value is set to 0 (EAX == 0); dwice 252fb CL is a 16h-esim char of the serial; dwice 25302 Now, we use the value stored in ESI, we call them Number2; dwice 25304 EAX = ESI and 1Fh; dwice 25307 [ESP + 0Ch] == points to String1; dwice 2530d ERROR!! dwice 2530f Magic Value is set to 0 (EAX == 0); dwice 25319 AL is a 17h-esim char of the serial; dwice 25325 EDX = (ESI >> 5) and 1Fh; dwice 25328 [ESP + 0Ch] == points to String1; dwice 2532e ERROR!! dwice 25330 Magic Value is set to 0 (EAX == 0); dwice 2533a CL is a 18h-esim char of the serial; dwice 25344 ESI = (ESI >> 0Ah) and 1Fh; dwice 25347 [ESP + 0Ch] == points to String1; dwice 2534d ERROR!! dwice 2534f Magic Value is set to 0 (EAX == 0); dwice 25359 EDX points to the String1; dwice 2535d parameter passed by offset; ( offset of string1); dwice 25366 In this case the value returned in EAX is 0! dwice 2536a ERROR!! dwice 2536c Magic Value is set to 0 (EAX == 0); dwice 25376 First parameter passed by value : 1; dwice 25378 EAX = offset of serial; dwice 2537f Second Parameter passed by value : 19h; dwice 25381 Third parameter passed by address : offset of Serial; dwice 25382 This Sub computes a value by a CDATA Buffer and returns this in EAX; dwice 25387 [004F1424] == ESI == 1982D18C dwice 2538d DL is a 19h-esim char of the serial; dwice 25394 EAX = EAX xor ESI; dwice 25396 Realign the Stack; dwice 25399 we begin to use the value stored in EAX for some checks!;the value obtained in EAX is usede many times; dwice 2539b ECX = EAX and 1F; dwice 2539e [ESP + 0Ch] == points to String1; dwice 253a4 ERROR!! dwice 253a6 Magic Value is set to 0 (EAX == 0); dwice 253b0 DL is a 1Ah-esim char of the serial; dwice 253bc ECX = (EAX >> 5) and 1Fh; dwice 253bf [ESP + 0Ch] == points to String1; dwice 253c5 ERROR!! dwice 253c7 Magic Value is set to 0 (EAX == 0); dwice 253d1 DL is a 1Bh-esim char of the serial; dwice 253dd ECX = (EAX >> 0Ah) and 1Fh; dwice 253e0 [ESP + 0Ch] == points to String1; dwice 253e6 ERROR!! dwice 253e8 Magic Value is set to 0 (EAX == 0); dwice 253f2 DL is a 1Ch-esim char of the serial; dwice 253fe ECX = (EAX >> 0Fh) and 1Fh; dwice 25401 [ESP + 0Ch] == points to String1; dwice 25407 ERROR!! dwice 25409 Magic Value is set to 0 (EAX == 0); dwice 25413 CL is a 1Dh-esim char of the serial; dwice 2541d we finished to use the value stored in EAX; EAX = (EAX >> 14h) and 1Fh; dwice 25420 [ESP + 0Ch] == points to String1; dwice 25426 ERROR!! dwice 25428 Magic Value is set to 0 (EAX == 0); dwice 25432 -- > EDI = Number1; dwice 254a3 First Parameter == offset of Serial; dwice 254a8 Second Parameter == Buffer of Crypted Serial; dwice 254ad This proc crypts the Serial; if eax == 0, it's OK, else we have mistake; dwice 254bd If we approde here, the prog stores the crypted serial in HKLM\...\License code; dwice 25560 saves ESI on the stack; dwice 25561 ESI == offset base of Src Memory Block! dwice 25567 saves EDI on the stack; dwice 25568 init EDI; dwice 2556c it jumps if exists a Memory Block; else ... dwice 2556e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2557d EAX points to the offset A94468h; dwice 25584 it jumps if [A94468h] == 0; dwice 25586 EAX points to Heap block; dwice 25587 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2558c parameter passed by value; dwice 25591 init the location that will store a new pointer to M. Heap Block; dwice 2559b this proc allocates a M. Block in the Heap pointed by EAX; dwice 255a0 realign the stack; dwice 255a3 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 255a5 parameter passed by value; dwice 255aa this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 255af realign the stack; dwice 255b2 [A94468h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 255c0 it jumps if EDI == 0; dwice 255c2 EDI points to Heap block; dwice 255c3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 255c8 realign the stack; dwice 255cb parameter passed by value; dwice 255d0 this proc generates a pseudo random number < to the parameter passed by value; dwice 255f5 EDX == [A94468h]; dwice 255fb First parameter passed by value; dwice 25600 Second parameter passed by addr: offset of Src M. Block; dwice 25601 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 25602 This proc copies bytes of Src M. Block in the New M.Block; dwice 25612 \ dwice 25613 | dwice 25618 | dwice 2561e | dwice 25620 | ; This piece of code copies bytes of dwice 25625 | ; Src Memory Block in the dest. Memory dwice 2562a | ; Block allocated in the heap; dwice 2562c | dwice 2562d | dwice 2562e | dwice 25631 | dwice 25634 / dwice 25750 saves ESI on the stack; dwice 25751 ESI == offset base of Src Memory Block! dwice 25757 saves EDI on the stack; dwice 25758 init EDI; dwice 2575c it jumps if exists a Memory Block; else ... dwice 2575e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2576d EAX points to the offset A94464h; dwice 25774 it jumps if [A94464h] == 0; dwice 25776 EAX points to Heap block; dwice 25777 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2577c parameter passed by value; dwice 25781 init the location that will store a new pointer to M. Heap Block; dwice 2578b this proc allocates a M. Block in the Heap pointed by EAX; dwice 25790 realign the stack; dwice 25793 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 25795 parameter passed by value; dwice 2579a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2579f realign the stack; dwice 257a2 [A94464h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 257b0 it jumps if EDI == 0; dwice 257b2 EDI points to Heap block; dwice 257b3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 257b8 realign the stack; dwice 257bb parameter passed by value; dwice 257c0 this proc generates a pseudo random number < to the parameter passed by value; dwice 257e5 EDX == [A94464h]; dwice 257eb First parameter passed by value; dwice 257f0 Second parameter passed by addr: offset of Src M. Block; dwice 257f1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 257f2 This proc copies bytes of Src M. Block in the New M.Block; dwice 25802 \ dwice 25803 | dwice 25808 | dwice 2580e | dwice 25810 | ; This piece of code copies bytes of dwice 25815 | ; Src Memory Block in the dest. Memory dwice 2581a | ; Block allocated in the heap; dwice 2581c | dwice 2581d | dwice 2581e | dwice 25821 | dwice 25824 / dwice 25940 saves ESI on the stack; dwice 25941 ESI == offset base of Src Memory Block! dwice 25947 saves EDI on the stack; dwice 25948 init EDI; dwice 2594c it jumps if exists a Memory Block; else ... dwice 2594e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 2595d EAX points to the offset A94470h; dwice 25964 it jumps if [A94470h] == 0; dwice 25966 EAX points to Heap block; dwice 25967 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 2596c parameter passed by value; dwice 25971 init the location that will store a new pointer to M. Heap Block; dwice 2597b this proc allocates a M. Block in the Heap pointed by EAX; dwice 25980 realign the stack; dwice 25983 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 25985 parameter passed by value; dwice 2598a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 2598f realign the stack; dwice 25992 [A94470h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 259a0 it jumps if EDI == 0; dwice 259a2 EDI points to Heap block; dwice 259a3 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 259a8 realign the stack; dwice 259ab parameter passed by value; dwice 259b0 this proc generates a pseudo random number < to the parameter passed by value; dwice 259d5 EDX == [A94470h]; dwice 259db First parameter passed by value; dwice 259e0 Second parameter passed by addr: offset of Src M. Block; dwice 259e1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 259e2 This proc copies bytes of Src M. Block in the New M.Block; dwice 259f2 \ dwice 259f3 | dwice 259f8 | dwice 259fe | dwice 25a00 | ; This piece of code copies bytes of dwice 25a05 | ; Src Memory Block in the dest. Memory dwice 25a0a | ; Block allocated in the heap; dwice 25a0c | dwice 25a0d | dwice 25a0e | dwice 25a11 | dwice 25a14 / dwice 25a36 ESI points to the serial's buffer; dwice 25a3b EDI is a pointer to the new buffer on the stack! dwice 25a3f init EBX to zero; dwice 25a41 in AL stores the current serial's char; dwice 25a43 is it empty? (in otherwords, we arrive at the end of the serial's buffer?); dwice 25a45 if yes, we jump over this loop!!... dwice 25a47 ...else we analyse the current char!! ( passed by value to the next Sub); dwice 25a48 This Sub tests if the char stores in EAX is a LETTER (upper case or lower case)!If true, EAX == 1, else EAX == 0; dwice 25a4d simply realign the stack! dwice 25a54 AL == current serial's char; dwice 25a56 it passes by value to the nex Sub; dwice 25a57 This Sub tests if the char stores in EAX is a DIGIT!If true, EAX == 1, else EAX == 0; dwice 25a5c realign the stack! dwice 25a63 if we land here, the current char is not digit or letter! ESI == ESI + 1; dwice 25a64 jump to analyse the next char!; dwice 25a66 We land here if the current char stored in EAX is a letteral or digit!; dwice 25a69 it pass the char by value to the next Sub!; dwice 25a6a This Sub simply converts the letteral char in to upper case!; dwice 25a6f realign the stack; dwice 25a72 EDI is a pointer to the new buffer!! dwice 25a74 EDI == EDI + 1; dwice 25a75 EBX == EBX + 1; dwice 25a76 the buffer's lengh is MAX 256!; dwice 25b20 saves ESI on the stack; dwice 25b21 ESI == offset base of Src Memory Block! dwice 25b27 saves EDI on the stack; dwice 25b28 init EDI; dwice 25b2c it jumps if exists a Memory Block; else ... dwice 25b2e ...ESI == offset base of Original Memory Block! ( surely it's exists); dwice 25b3d EAX points to the offset A9446Ch; dwice 25b44 it jumps if [A9446Ch] == 0; dwice 25b46 EAX points to Heap block; dwice 25b47 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 25b4c parameter passed by value; dwice 25b51 init the location that will store a new pointer to M. Heap Block; dwice 25b5b this proc allocates a M. Block in the Heap pointed by EAX; dwice 25b60 realign the stack; dwice 25b63 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 25b65 parameter passed by value; dwice 25b6a this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 25b6f realign the stack; dwice 25b72 [A9446Ch] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 25b80 it jumps if EDI == 0; dwice 25b82 EDI points to Heap block; dwice 25b83 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 25b88 realign the stack; dwice 25b8b parameter passed by value; dwice 25b90 this proc generates a pseudo random number < to the parameter passed by value; dwice 25bb5 EDX == [A9446Ch]; dwice 25bbb First parameter passed by value; dwice 25bc0 Second parameter passed by addr: offset of Src M. Block; dwice 25bc1 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 25bc2 This proc copies bytes of Src M. Block in the New M.Block; dwice 25bd2 \ dwice 25bd3 | dwice 25bd8 | dwice 25bde | dwice 25be0 | ; This piece of code copies bytes of dwice 25be5 | ; Src Memory Block in the dest. Memory dwice 25bea | ; Block allocated in the heap; dwice 25bec | dwice 25bed | dwice 25bee | dwice 25bf1 | dwice 25bf4 / dwice 25c70 saves ESI on the stack; dwice 25c71 ESI == offset base of Src Memory Block! dwice 25c77 saves EDI on the stack; dwice 25c78 init EDI; dwice 25c7c it jumps if exists a Memory Block; dwice 25c83 EAX points to the address A94474h; dwice 25c8a it jumps if [A94474h] == 0; dwice 25c8c EAX points to Heap block; dwice 25c8d this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 25c92 parameter passed by value; dwice 25c97 init the location that will store a new pointer to M. Heap Block; dwice 25ca1 this proc allocates a M. Block in the Heap pointed by EAX; dwice 25ca6 realign the stack; dwice 25ca9 EDI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 25cab parameter passed by value; dwice 25cb0 this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 25cb5 realign the stack; dwice 25cb8 [A94474h] == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 25cc6 it jumps if EDI == 0; dwice 25cc8 EDI points to Heap block; dwice 25cc9 this proc de-allocates a M. Block in the Heap pointed by EDI; dwice 25cce realign the stack; dwice 25cd1 parameter passed by value; dwice 25cd6 this proc generates a pseudo random number < to the parameter passed by value; dwice 25cf9 EDX = [A94474h]; dwice 25cff First parameter passed by value; dwice 25d04 Second parameter passed by addr: offset of Src M. Block; dwice 25d05 Third parameter passed by addr: offset of New M. Block in the Heap; dwice 25d06 This proc copies bytes of Src M. Block in the New M.Block; dwice 25d17 \ dwice 25d1c | dwice 25d22 | dwice 25d24 | dwice 25d29 | ; This piece of code copies bytes of dwice 25d2e | ; Src Memory Block in the dest. Memory dwice 25d30 | ; Block allocated in the Heap; dwice 25d31 | dwice 25d32 | dwice 25d35 | dwice 25d38 | dwice 25d3b / dwice 25ea0 [A9447Ch] -> [A94474h]; dwice 25ea5 [A94474h] -> [9EED0Ch]; dwice 25eaa [9EED0Ch] -> [9EEEB4h]; dwice 25eaf [9EEEB4h] -> [9EEEF0h]; dwice 25eb4 [9EEEF0h] -> [A943F8h]; dwice 25eb9 [A943F8h] -> [A94410h]; dwice 25ebe [A94410h] -> [A94428h]; dwice 25ec3 [A94428h] -> [A94440h]; dwice 25ec8 [A94440h] -> [A94458h]; dwice 25ecd [A94458h] -> [A943F4h]; dwice 25ed2 [A943F4h] -> [A9446Ch]; dwice 25ed7 [A9446Ch] -> [9EED04h]; dwice 25edc [9EED04h] -> [9EEEACh]; dwice 25ee1 [9EEEACh] -> [9EEEE8h]; dwice 25ee6 [9EEEE8h] -> [A943F0h]; dwice 25eeb [A943F0h] -> [A9440Ch]; dwice 25ef0 [A9440Ch] -> [A94424h]; dwice 25ef5 [A94424h] -> [A9443Ch]; dwice 25efa [A9443Ch] -> [A94450h]; dwice 25eff [A94450h] -> [A943E8h]; dwice 25f04 [A943E8h] -> [A94470h]; dwice 25f09 [A94470h] -> [9EED08h]; dwice 25f0e [9EED08h] -> [9EEEB0h]; dwice 25f13 [9EEEB0h] -> [9EEEECh]; dwice 25f18 [9EEEECh] -> [A943E0h]; dwice 25f1d [A943E0h] -> [A94404h]; dwice 25f22 [A94404h] -> [A9441Ch]; dwice 25f27 [A9441Ch] -> [A94434h]; dwice 25f2c [A94434h] -> [A94454h]; dwice 25f31 [A94454h] -> [A943ECh]; dwice 25f36 [A943ECh] -> [A94464h]; dwice 25f3b [A94464h] -> [9EECFCh]; dwice 25f40 [9EECFCh] -> [9EEEA4h]; dwice 25f45 [9EEEA4h] -> [9EEEE0h]; dwice 25f4a [9EEEE0h] -> [A943E4h]; dwice 25f4f [A943E4h] -> [A94408h]; dwice 25f54 [A94408h] -> [A94420h]; dwice 25f59 [A94420h] -> [A94438h]; dwice 25f5e [A94438h] -> [A94448h]; dwice 25f63 [A94448h] -> [A943DCh]; dwice 25f68 [A943DCh] -> [A94468h]; dwice 25f6d [A94468h] -> [9EED00h]; dwice 25f72 [9EED00h] -> [9EEEA8h]; dwice 25f77 [9EEEA8h] -> [9EEEE4h]; dwice 25f7c [9EEEE4h] -> [A943D0h]; dwice 25f81 [A943D0h] -> [A943FCh]; dwice 25f86 [A943FCh] -> [A94414h]; dwice 25f8b [A94414h] -> [A94430h]; dwice 25f90 [A94430h] -> [A9444Ch]; dwice 25f95 [A9444Ch] -> [A943CCh]; dwice 25f9a [A943CCh] -> [A9445Ch]; dwice 25f9f [A9445Ch] -> [9EECF4h]; dwice 25fa4 [9EECF4h] -> [9EEE9Ch]; dwice 25fa9 [9EEE9Ch] -> [9EEEDCh]; dwice 25fae [9EEEDCh] -> [A943D8h]; dwice 25fb3 [A943D8h] -> [A94400h]; dwice 25fb8 [A94400h] -> [A94418h]; dwice 25fbd [A94418h] -> [A9442Ch]; dwice 25fc2 [A9442Ch] -> [A94444h]; dwice 25fc7 [A94444h] -> [A943D4h]; dwice 25fcc [A943D4h] -> [A94460h]; dwice 25fd1 [A94460h] -> [9EECF8h]; dwice 25fe1 save ESI and EDI in the stack; dwice 25fe2 EDI == counter; dwice 25fe7 parameter passed by value; dwice 25fec this proc allocates a M. Block in the Heap and returns its pointer in EAX; dwice 25ff1 parameter passed by value; dwice 25ff3 ESI == pointer of new Mem. Block in the Heap; it's long 450h bytes; dwice 25ff5 this proc generates a pseudo random number < to the parameter passed by value; dwice 26113 ESI points to Heap block; dwice 26114 this proc de-allocates a M. Block in the Heap pointed by EAX; dwice 26119 realign the stack; dwice 2611c EDI = EDI-1, decrement the counter; dwice 26124 restore ESI and EDI; dwice 27550 EAX = Second parameter; dwice 27554 save ESI; dwice 27555 ESI = -1; dwice 2755e save on the stack EBX EBP EDI; dwice 2755f EDI = Third parameter; dwice 27563 EBP = Second parameter; dwice 27565 EAX = First parameter; dwice 27569 save a temp value ( ESI ) in EBX; dwice 2756b EBX = EBX >> 8; dwice 2756e EAX, as the first parameter, selects the type of Hash's compute;its value is 0 or 1; dwice 27572 AL = Current byte addressed by Third parameter; dwice 27574 EDI = EDI + 1; increment the pointer of Second parameter buffer; dwice 27575 Parameter passed by value : Current byte addressed by Second parameter; dwice 27576 This Sub simply converts the letteral char in to upper case!; dwice 2757b set simply AL ;) ; dwice 27580 set simply the last byte of ESI; dwice 27586 Realign the Stack; dwice 27589 EAX = EAX xor ESI; dwice 2758b EAX is used as a pointer to a CDATA buffer; in ESI store the DWORD VALUE obtained; dwice 27594 ;if we jump here, EAX == 0 and the proc calculates a differen Hash; dwice 2759e ;In this case, the Hash calc is the same; the only difference is ... dwice 275a0 ; ... the absence of a conversion on downcase chars; dwice 275a8 ESI = ESI xor EBX; ESI is a temp value; dwice 275aa EBP is a loop counter; EBP = EBP - 1; dwice 275b0 EAX is a return value of this Sub; dwice 275b3 EAX = not ESI!!!