[7x]cmd.exe
17.02.2011, 18:36
base 17326
Меняем исходный код на новый....
<3CB29C00>
@CAVE:
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_1
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_2
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_3
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
JMP 0x3D5D96B1
db 0CC 0CC
@FUNC_1:
MOV EDX,DWORD PTR DS:[0x3C9114F2]
MOV ECX,DWORD PTR DS:[0x3C911022]
MOV EAX,DWORD PTR DS:[0x3C911052]
SUB ESP,0x28
PUSH EBP
MOV EBP,0x3C8F1AE0
SUB EBP,EDX
ADD EBP,ECX
TEST EAX,EAX
JE @FUNC_1_1
LEA EAX,DWORD PTR SS:[ESP+0x8]
PUSH EAX
CALL DWORD PTR DS:[0x3C8F1650] ; kernel32.GetSystemInfo
MOV ECX,DWORD PTR SS:[ESP+0xC]
DEC ECX
PUSH ECX
PUSH EBP
CALL @FUNC_1_A
MOV EDX,DWORD PTR SS:[EBP+0x3C]
LEA EAX,DWORD PTR DS:[EDX+EBP+0x4]
ADD ESP,0x8
TEST EAX,EAX
JNZ @FUNC_1_2
MOV ECX,DWORD PTR SS:[ESP+0x4]
JMP @FUNC_1_3
@FUNC_1_2:
MOV EDX,DWORD PTR DS:[EAX+0x70]
MOVZX ECX,WORD PTR DS:[EAX+0x2]
LEA EAX,DWORD PTR DS:[EAX+EDX*0x8+0x74]
@FUNC_1_3:
TEST ECX,ECX
JBE @FUNC_1_4
PUSH EBX
PUSH ESI
PUSH EDI
LEA EDI,DWORD PTR DS:[EAX+0xC]
LEA ESI,DWORD PTR DS:[EAX+0x8]
LEA EBX,DWORD PTR DS:[EAX+0x24]
MOV DWORD PTR SS:[ESP+0x10],ECX
@FUNC_1_6:
TEST DWORD PTR DS:[EBX],0x10000000
JNZ @FUNC_1_5
MOV EAX,DWORD PTR DS:[ESI]
MOV ECX,DWORD PTR DS:[EDI]
PUSH EAX
ADD ECX,EBP
PUSH ECX
CALL @FUNC_1_A
ADD ESP,0x8
@FUNC_1_5:
MOV EAX,DWORD PTR SS:[ESP+0x10]
ADD ESI,0x28
ADD EBX,0x28
ADD EDI,0x28
DEC EAX
MOV DWORD PTR SS:[ESP+0x10],EAX
JNZ @FUNC_1_6
POP EDI
POP ESI
POP EBX
@FUNC_1_4:
MOV DWORD PTR DS:[0x3C911052],0x0
@FUNC_1_1:
POP EBP
ADD ESP,0x28
RETN
db 0CC 0CC
@FUNC_1_A:
SUB ESP,0x1C
PUSH EDI
MOV EDI,DWORD PTR SS:[ESP+0x28]
TEST EDI,EDI
JNZ @FUNC_1_A_1
XOR EAX,EAX
POP EDI
ADD ESP,0x1C
RETN
@FUNC_1_A_1:
PUSH ESI
MOV ESI,DWORD PTR SS:[ESP+0x28]
PUSH 0x1C
LEA EAX,DWORD PTR SS:[ESP+0xC]
PUSH EAX
PUSH ESI
CALL DWORD PTR DS:[0x3C8F163C] ; kernel32.VirtualQuery
TEST EAX,EAX
JNZ @FUNC_1_A_2
POP ESI
POP EDI
ADD ESP,0x1C
RETN
@FUNC_1_A_2:
MOV EAX,DWORD PTR SS:[ESP+0x1C]
AND EAX,0xFFFFFF80
TEST AL,AL
MOV DWORD PTR SS:[ESP+0x1C],EAX
JNS @FUNC_1_A_3
POP ESI
MOV EAX,0x1
POP EDI
ADD ESP,0x1C
RETN
@FUNC_1_A_3:
LEA ECX,DWORD PTR SS:[ESP+0x1C]
PUSH ECX
OR EAX,0x40
PUSH EAX
PUSH EDI
PUSH ESI
CALL DWORD PTR DS:[0x3C8F1668] ; kernel32.VirtualProtect
NEG EAX
SBB EAX,EAX
POP ESI
NEG EAX
POP EDI
ADD ESP,0x1C
RETN
db 0CC 0CC
@FUNC_2:
MOV EAX,DWORD PTR DS:[0x3D66CCE6]
SUB ESP,0x24
TEST EAX,EAX
JE @FUNC_2_1
PUSH ESI
LEA EAX,DWORD PTR SS:[ESP+0x4]
PUSH EAX
CALL DWORD PTR DS:[0x3C8F1650] ; kernel32.GetSystemInfo
MOV EDX,DWORD PTR DS:[0x3D66CCEB]
MOV ECX,DWORD PTR DS:[0x3D66CCF4]
MOV ESI,DWORD PTR SS:[ESP+0x8]
MOV EAX,0x3D66CCF9
SUB EAX,EDX
ADD EAX,ECX
MOV ECX,DWORD PTR DS:[EAX+0x3C]
LEA EDX,DWORD PTR DS:[ECX+EAX+0x18]
MOV ECX,DWORD PTR DS:[EDX+0x14]
MOV EDX,DWORD PTR DS:[EDX+0x4]
ADD ECX,EAX
ADD EDX,EAX
CMP ECX,EDX
JNB @FUNC_2_2
@FUNC_2_3:
MOV AL,BYTE PTR DS:[ECX]
MOV BYTE PTR DS:[ECX],AL
ADD ECX,ESI
CMP ECX,EDX
JB @FUNC_2_3
@FUNC_2_2:
MOV DWORD PTR DS:[0x3D66CCE6],0x0
POP ESI
@FUNC_2_1:
ADD ESP,0x24
RETN
db 0CC 0CC
@FUNC_3:
PUSH ECX
MOV EAX,DWORD PTR DS:[0x3D66C1FE]
TEST EAX,EAX
JE @FUNC_3_1
MOV ECX,DWORD PTR DS:[0x3D66C205]
MOV EDX,DWORD PTR DS:[0x3D66C219]
PUSH EBX
PUSH EBP
MOV EBP,DWORD PTR DS:[0x3D66C215]
CMP EBP,-0x1
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR DS:[0x3D66C209]
MOV ESI,0x3D66C215
MOV EBX,0x3D66C205
LEA EAX,DWORD PTR SS:[EBP+0x3C8F0000]
LEA ECX,DWORD PTR DS:[ECX+0x3C8F0000]
JE @FUNC_3_2
MOV EBP,DWORD PTR DS:[0x3D66C205]
MOV DWORD PTR SS:[ESP+0x10],EBP
@FUNC_3_6:
CMP EBP,-0x1
JE @FUNC_3_2
MOV EBP,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[ECX],EBP
SUB EDX,0x4
ADD ECX,0x4
ADD EAX,0x4
SUB EDI,0x4
TEST EDX,EDX
JNZ @FUNC_3_3
MOV EAX,DWORD PTR DS:[ESI+0x8]
MOV EDX,DWORD PTR DS:[ESI+0xC]
ADD ESI,0x8
ADD EAX,0x3C8F0000
@FUNC_3_3:
TEST EDI,EDI
JNZ @FUNC_3_4
MOV EBP,DWORD PTR DS:[EBX+0x8]
MOV EDI,DWORD PTR DS:[EBX+0xC]
ADD EBX,0x8
MOV DWORD PTR SS:[ESP+0x10],EBP
LEA ECX,DWORD PTR SS:[EBP+0x3C8F0000]
JMP @FUNC_3_5
@FUNC_3_4:
MOV EBP,DWORD PTR SS:[ESP+0x10]
@FUNC_3_5:
CMP DWORD PTR DS:[ESI],-0x1
JNZ @FUNC_3_6
@FUNC_3_2:
POP EDI
POP ESI
POP EBP
MOV DWORD PTR DS:[0x3D66C1FE],0x0
POP EBX
@FUNC_3_1:
POP ECX
RETN
db 0CC 0CC
То, что доктор прописал...
<3CB29C00>
@CAVE:
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_1
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
db 0CC 0CC
@FUNC_1:
MOV EDX,DWORD PTR DS:[0x3C9114F2]
MOV ECX,DWORD PTR DS:[0x3C911022]
MOV EAX,DWORD PTR DS:[0x3C911052]
SUB ESP,0x28
PUSH EBP
MOV EBP,0x3C8F1AE0
SUB EBP,EDX
ADD EBP,ECX
TEST EAX,EAX
JE @FUNC_1_1
LEA EAX,DWORD PTR SS:[ESP+0x8]
PUSH EAX
CALL DWORD PTR DS:[0x3C8F1650] ; kernel32.GetSystemInfo
MOV ECX,DWORD PTR SS:[ESP+0xC]
DEC ECX
PUSH ECX
PUSH EBP
CALL @FUNC_2
MOV EDX,DWORD PTR SS:[EBP+0x3C]
LEA EAX,DWORD PTR DS:[EDX+EBP+0x4]
ADD ESP,0x8
TEST EAX,EAX
JNZ @FUNC_1_2
MOV ECX,DWORD PTR SS:[ESP+0x4]
JMP @FUNC_1_3
@FUNC_1_2:
MOV EDX,DWORD PTR DS:[EAX+0x70]
MOVZX ECX,WORD PTR DS:[EAX+0x2]
LEA EAX,DWORD PTR DS:[EAX+EDX*0x8+0x74]
@FUNC_1_3:
TEST ECX,ECX
JBE @FUNC_1_4
PUSH EBX
PUSH ESI
PUSH EDI
LEA EDI,DWORD PTR DS:[EAX+0xC]
LEA ESI,DWORD PTR DS:[EAX+0x8]
LEA EBX,DWORD PTR DS:[EAX+0x24]
MOV DWORD PTR SS:[ESP+0x10],ECX
@FUNC_1_6:
TEST DWORD PTR DS:[EBX],0x10000000
JNZ @FUNC_1_5
MOV EAX,DWORD PTR DS:[ESI]
MOV ECX,DWORD PTR DS:[EDI]
PUSH EAX
ADD ECX,EBP
PUSH ECX
CALL @FUNC_2
ADD ESP,0x8
@FUNC_1_5:
MOV EAX,DWORD PTR SS:[ESP+0x10]
ADD ESI,0x28
ADD EBX,0x28
ADD EDI,0x28
DEC EAX
MOV DWORD PTR SS:[ESP+0x10],EAX
JNZ @FUNC_1_6
POP EDI
POP ESI
POP EBX
@FUNC_1_4:
MOV DWORD PTR DS:[0x3C911052],0x0
@FUNC_1_1:
POP EBP
ADD ESP,0x28
RETN
db 0CC 0CC
@FUNC_2:
SUB ESP,0x1C
PUSH EDI
MOV EDI,DWORD PTR SS:[ESP+0x28]
TEST EDI,EDI
JNZ @FUNC_2_1
XOR EAX,EAX
POP EDI
ADD ESP,0x1C
RETN
@FUNC_2_1:
PUSH ESI
MOV ESI,DWORD PTR SS:[ESP+0x28]
PUSH 0x1C
LEA EAX,DWORD PTR SS:[ESP+0xC]
PUSH EAX
PUSH ESI
CALL DWORD PTR DS:[0x3C8F163C] ; kernel32.VirtualQuery
TEST EAX,EAX
JNZ @FUNC_2_2
POP ESI
POP EDI
ADD ESP,0x1C
RETN
@FUNC_2_2:
MOV EAX,DWORD PTR SS:[ESP+0x1C]
AND EAX,0xFFFFFF80
TEST AL,AL
MOV DWORD PTR SS:[ESP+0x1C],EAX
JNS @FUNC_2_3
POP ESI
MOV EAX,0x1
POP EDI
ADD ESP,0x1C
RETN
@FUNC_2_3:
LEA ECX,DWORD PTR SS:[ESP+0x1C]
PUSH ECX
OR EAX,0x40
PUSH EAX
PUSH EDI
PUSH ESI
CALL DWORD PTR DS:[0x3C8F1668] ; kernel32.VirtualProtect
NEG EAX
SBB EAX,EAX
POP ESI
NEG EAX
POP EDI
ADD ESP,0x1C
RETN
db 0CC 0CC
Меняем исходный код на новый....
<3CB29C00>
@CAVE:
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_1
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_2
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_3
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
JMP 0x3D5D96B1
db 0CC 0CC
@FUNC_1:
MOV EDX,DWORD PTR DS:[0x3C9114F2]
MOV ECX,DWORD PTR DS:[0x3C911022]
MOV EAX,DWORD PTR DS:[0x3C911052]
SUB ESP,0x28
PUSH EBP
MOV EBP,0x3C8F1AE0
SUB EBP,EDX
ADD EBP,ECX
TEST EAX,EAX
JE @FUNC_1_1
LEA EAX,DWORD PTR SS:[ESP+0x8]
PUSH EAX
CALL DWORD PTR DS:[0x3C8F1650] ; kernel32.GetSystemInfo
MOV ECX,DWORD PTR SS:[ESP+0xC]
DEC ECX
PUSH ECX
PUSH EBP
CALL @FUNC_1_A
MOV EDX,DWORD PTR SS:[EBP+0x3C]
LEA EAX,DWORD PTR DS:[EDX+EBP+0x4]
ADD ESP,0x8
TEST EAX,EAX
JNZ @FUNC_1_2
MOV ECX,DWORD PTR SS:[ESP+0x4]
JMP @FUNC_1_3
@FUNC_1_2:
MOV EDX,DWORD PTR DS:[EAX+0x70]
MOVZX ECX,WORD PTR DS:[EAX+0x2]
LEA EAX,DWORD PTR DS:[EAX+EDX*0x8+0x74]
@FUNC_1_3:
TEST ECX,ECX
JBE @FUNC_1_4
PUSH EBX
PUSH ESI
PUSH EDI
LEA EDI,DWORD PTR DS:[EAX+0xC]
LEA ESI,DWORD PTR DS:[EAX+0x8]
LEA EBX,DWORD PTR DS:[EAX+0x24]
MOV DWORD PTR SS:[ESP+0x10],ECX
@FUNC_1_6:
TEST DWORD PTR DS:[EBX],0x10000000
JNZ @FUNC_1_5
MOV EAX,DWORD PTR DS:[ESI]
MOV ECX,DWORD PTR DS:[EDI]
PUSH EAX
ADD ECX,EBP
PUSH ECX
CALL @FUNC_1_A
ADD ESP,0x8
@FUNC_1_5:
MOV EAX,DWORD PTR SS:[ESP+0x10]
ADD ESI,0x28
ADD EBX,0x28
ADD EDI,0x28
DEC EAX
MOV DWORD PTR SS:[ESP+0x10],EAX
JNZ @FUNC_1_6
POP EDI
POP ESI
POP EBX
@FUNC_1_4:
MOV DWORD PTR DS:[0x3C911052],0x0
@FUNC_1_1:
POP EBP
ADD ESP,0x28
RETN
db 0CC 0CC
@FUNC_1_A:
SUB ESP,0x1C
PUSH EDI
MOV EDI,DWORD PTR SS:[ESP+0x28]
TEST EDI,EDI
JNZ @FUNC_1_A_1
XOR EAX,EAX
POP EDI
ADD ESP,0x1C
RETN
@FUNC_1_A_1:
PUSH ESI
MOV ESI,DWORD PTR SS:[ESP+0x28]
PUSH 0x1C
LEA EAX,DWORD PTR SS:[ESP+0xC]
PUSH EAX
PUSH ESI
CALL DWORD PTR DS:[0x3C8F163C] ; kernel32.VirtualQuery
TEST EAX,EAX
JNZ @FUNC_1_A_2
POP ESI
POP EDI
ADD ESP,0x1C
RETN
@FUNC_1_A_2:
MOV EAX,DWORD PTR SS:[ESP+0x1C]
AND EAX,0xFFFFFF80
TEST AL,AL
MOV DWORD PTR SS:[ESP+0x1C],EAX
JNS @FUNC_1_A_3
POP ESI
MOV EAX,0x1
POP EDI
ADD ESP,0x1C
RETN
@FUNC_1_A_3:
LEA ECX,DWORD PTR SS:[ESP+0x1C]
PUSH ECX
OR EAX,0x40
PUSH EAX
PUSH EDI
PUSH ESI
CALL DWORD PTR DS:[0x3C8F1668] ; kernel32.VirtualProtect
NEG EAX
SBB EAX,EAX
POP ESI
NEG EAX
POP EDI
ADD ESP,0x1C
RETN
db 0CC 0CC
@FUNC_2:
MOV EAX,DWORD PTR DS:[0x3D66CCE6]
SUB ESP,0x24
TEST EAX,EAX
JE @FUNC_2_1
PUSH ESI
LEA EAX,DWORD PTR SS:[ESP+0x4]
PUSH EAX
CALL DWORD PTR DS:[0x3C8F1650] ; kernel32.GetSystemInfo
MOV EDX,DWORD PTR DS:[0x3D66CCEB]
MOV ECX,DWORD PTR DS:[0x3D66CCF4]
MOV ESI,DWORD PTR SS:[ESP+0x8]
MOV EAX,0x3D66CCF9
SUB EAX,EDX
ADD EAX,ECX
MOV ECX,DWORD PTR DS:[EAX+0x3C]
LEA EDX,DWORD PTR DS:[ECX+EAX+0x18]
MOV ECX,DWORD PTR DS:[EDX+0x14]
MOV EDX,DWORD PTR DS:[EDX+0x4]
ADD ECX,EAX
ADD EDX,EAX
CMP ECX,EDX
JNB @FUNC_2_2
@FUNC_2_3:
MOV AL,BYTE PTR DS:[ECX]
MOV BYTE PTR DS:[ECX],AL
ADD ECX,ESI
CMP ECX,EDX
JB @FUNC_2_3
@FUNC_2_2:
MOV DWORD PTR DS:[0x3D66CCE6],0x0
POP ESI
@FUNC_2_1:
ADD ESP,0x24
RETN
db 0CC 0CC
@FUNC_3:
PUSH ECX
MOV EAX,DWORD PTR DS:[0x3D66C1FE]
TEST EAX,EAX
JE @FUNC_3_1
MOV ECX,DWORD PTR DS:[0x3D66C205]
MOV EDX,DWORD PTR DS:[0x3D66C219]
PUSH EBX
PUSH EBP
MOV EBP,DWORD PTR DS:[0x3D66C215]
CMP EBP,-0x1
PUSH ESI
PUSH EDI
MOV EDI,DWORD PTR DS:[0x3D66C209]
MOV ESI,0x3D66C215
MOV EBX,0x3D66C205
LEA EAX,DWORD PTR SS:[EBP+0x3C8F0000]
LEA ECX,DWORD PTR DS:[ECX+0x3C8F0000]
JE @FUNC_3_2
MOV EBP,DWORD PTR DS:[0x3D66C205]
MOV DWORD PTR SS:[ESP+0x10],EBP
@FUNC_3_6:
CMP EBP,-0x1
JE @FUNC_3_2
MOV EBP,DWORD PTR DS:[EAX]
MOV DWORD PTR DS:[ECX],EBP
SUB EDX,0x4
ADD ECX,0x4
ADD EAX,0x4
SUB EDI,0x4
TEST EDX,EDX
JNZ @FUNC_3_3
MOV EAX,DWORD PTR DS:[ESI+0x8]
MOV EDX,DWORD PTR DS:[ESI+0xC]
ADD ESI,0x8
ADD EAX,0x3C8F0000
@FUNC_3_3:
TEST EDI,EDI
JNZ @FUNC_3_4
MOV EBP,DWORD PTR DS:[EBX+0x8]
MOV EDI,DWORD PTR DS:[EBX+0xC]
ADD EBX,0x8
MOV DWORD PTR SS:[ESP+0x10],EBP
LEA ECX,DWORD PTR SS:[EBP+0x3C8F0000]
JMP @FUNC_3_5
@FUNC_3_4:
MOV EBP,DWORD PTR SS:[ESP+0x10]
@FUNC_3_5:
CMP DWORD PTR DS:[ESI],-0x1
JNZ @FUNC_3_6
@FUNC_3_2:
POP EDI
POP ESI
POP EBP
MOV DWORD PTR DS:[0x3D66C1FE],0x0
POP EBX
@FUNC_3_1:
POP ECX
RETN
db 0CC 0CC
То, что доктор прописал...
<3CB29C00>
@CAVE:
PUSHFD
PUSH ECX
PUSH ESI
PUSH EDI
PUSH EBX
PUSH EDX
CALL @FUNC_1
POP EDX
POP EBX
POP EDI
POP ESI
POP ECX
POPFD
db 0CC 0CC
@FUNC_1:
MOV EDX,DWORD PTR DS:[0x3C9114F2]
MOV ECX,DWORD PTR DS:[0x3C911022]
MOV EAX,DWORD PTR DS:[0x3C911052]
SUB ESP,0x28
PUSH EBP
MOV EBP,0x3C8F1AE0
SUB EBP,EDX
ADD EBP,ECX
TEST EAX,EAX
JE @FUNC_1_1
LEA EAX,DWORD PTR SS:[ESP+0x8]
PUSH EAX
CALL DWORD PTR DS:[0x3C8F1650] ; kernel32.GetSystemInfo
MOV ECX,DWORD PTR SS:[ESP+0xC]
DEC ECX
PUSH ECX
PUSH EBP
CALL @FUNC_2
MOV EDX,DWORD PTR SS:[EBP+0x3C]
LEA EAX,DWORD PTR DS:[EDX+EBP+0x4]
ADD ESP,0x8
TEST EAX,EAX
JNZ @FUNC_1_2
MOV ECX,DWORD PTR SS:[ESP+0x4]
JMP @FUNC_1_3
@FUNC_1_2:
MOV EDX,DWORD PTR DS:[EAX+0x70]
MOVZX ECX,WORD PTR DS:[EAX+0x2]
LEA EAX,DWORD PTR DS:[EAX+EDX*0x8+0x74]
@FUNC_1_3:
TEST ECX,ECX
JBE @FUNC_1_4
PUSH EBX
PUSH ESI
PUSH EDI
LEA EDI,DWORD PTR DS:[EAX+0xC]
LEA ESI,DWORD PTR DS:[EAX+0x8]
LEA EBX,DWORD PTR DS:[EAX+0x24]
MOV DWORD PTR SS:[ESP+0x10],ECX
@FUNC_1_6:
TEST DWORD PTR DS:[EBX],0x10000000
JNZ @FUNC_1_5
MOV EAX,DWORD PTR DS:[ESI]
MOV ECX,DWORD PTR DS:[EDI]
PUSH EAX
ADD ECX,EBP
PUSH ECX
CALL @FUNC_2
ADD ESP,0x8
@FUNC_1_5:
MOV EAX,DWORD PTR SS:[ESP+0x10]
ADD ESI,0x28
ADD EBX,0x28
ADD EDI,0x28
DEC EAX
MOV DWORD PTR SS:[ESP+0x10],EAX
JNZ @FUNC_1_6
POP EDI
POP ESI
POP EBX
@FUNC_1_4:
MOV DWORD PTR DS:[0x3C911052],0x0
@FUNC_1_1:
POP EBP
ADD ESP,0x28
RETN
db 0CC 0CC
@FUNC_2:
SUB ESP,0x1C
PUSH EDI
MOV EDI,DWORD PTR SS:[ESP+0x28]
TEST EDI,EDI
JNZ @FUNC_2_1
XOR EAX,EAX
POP EDI
ADD ESP,0x1C
RETN
@FUNC_2_1:
PUSH ESI
MOV ESI,DWORD PTR SS:[ESP+0x28]
PUSH 0x1C
LEA EAX,DWORD PTR SS:[ESP+0xC]
PUSH EAX
PUSH ESI
CALL DWORD PTR DS:[0x3C8F163C] ; kernel32.VirtualQuery
TEST EAX,EAX
JNZ @FUNC_2_2
POP ESI
POP EDI
ADD ESP,0x1C
RETN
@FUNC_2_2:
MOV EAX,DWORD PTR SS:[ESP+0x1C]
AND EAX,0xFFFFFF80
TEST AL,AL
MOV DWORD PTR SS:[ESP+0x1C],EAX
JNS @FUNC_2_3
POP ESI
MOV EAX,0x1
POP EDI
ADD ESP,0x1C
RETN
@FUNC_2_3:
LEA ECX,DWORD PTR SS:[ESP+0x1C]
PUSH ECX
OR EAX,0x40
PUSH EAX
PUSH EDI
PUSH ESI
CALL DWORD PTR DS:[0x3C8F1668] ; kernel32.VirtualProtect
NEG EAX
SBB EAX,EAX
POP ESI
NEG EAX
POP EDI
ADD ESP,0x1C
RETN
db 0CC 0CC