CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 3 of 12 FirstFirst 123456 ... LastLast
Results 31 to 45 of 174
  1. #31
    Join Date
    Apr 1999
    Posts
    27,449

    Re: reverse engineering

    I have to check that out. If that's the case, XP is certainly not developer friendly.

    Regards,

    Paul McKenzie


  2. #32
    Join Date
    Aug 2001
    Location
    Burnaby, BC, Canada
    Posts
    27

    Re: reverse engineering

    How ridiculous.

    Using a disassembler, a hacker can see the flow of the program but they cannot get the symbols in a stripped down executable.

    The info is not there for a disassembler to know the names of your functions etc.



  3. #33
    Join Date
    Jul 1999
    Location
    San Jose,CA
    Posts
    246

    Re: reverse engineering

    do u know of the

    win32 Portable Executable File Format and
    the PE API



    1. Search in MSDN
    2. Search in Google
    3. Search in CodeGuru.com
    4. Ask in the forum

    ABNM.....asih b*&6 nahi mardeh

  4. #34
    Join Date
    Mar 2000
    Location
    Birmingham, England
    Posts
    2,520

    Re: reverse engineering

    Naturally it allows you to view it in the debugger if the exe is compiled for debug, but if it is a release exe that crashes, xp forces you to close it


    Jase

    http://www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.

    Jase

    www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.
    ...

  5. #35
    Join Date
    Apr 1999
    Posts
    27,449

    Re: reverse engineering

    What about a release build with symbols? What if you started the release build from the VC++ environment on XP? Does it then give you the call stack? Does XP have tools such as Dr. Watson, which basically does the same thing as the VC++ debugger when your program crashes i.e. act as a Just In Time debugger? It's hard to believe that a release build on XP is undebuggable when a crash occurs. If that's true, then I'm sure MS has had developers howling at them these past few months.

    Regards,

    Paul McKenzie


  6. #36
    Join Date
    Jun 2001
    Location
    Switzerland
    Posts
    4,443

    Re: reverse engineering

    I'm not very familiar w/ the NT securty architecture, but poking around w/ my settings under W2k, I noticed a security setting wich determines whether a certain user may debug programs or not. I can imagine that if you're logged as a user that is nou allowed to debug, the faulty app will be closed w/o any message saying "You are not allowed to debug, so the only option is close".
    It's just a thought. I didn't try it out.

    Gabriel.
    _
    Forever trusting who we are
    And nothing else matters
    - Metallica
    _
    Gabriel, CodeGuru moderator

    Forever trusting who we are
    And nothing else matters
    - Metallica

    Learn about the advantages of std::vector.

  7. #37
    Join Date
    Mar 2000
    Location
    Birmingham, England
    Posts
    2,520

    Re: reverse engineering

    In actual fact, it is behaving as expected now. I'm not sure what I have changed in my project settings, but it does now allow me to look at the asm in the debugger when it crashes, as it does on NT. It hasn't done this for quite some time on my XP machine, previously it would open the debugger, but then force you to kill the app.

    Again, no symbols. Just SlideShow.exe, NT.DLL, ???, and a whole lot of asm.

    Oh well, good news for you I'm sure. As for me, I don't know asm so the feature remains superfluous

    (and yes, XP uses Dr Watson, although i disabled it because it doesn't provide me with any information i understand)




    Jase

    http://www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.

    Jase

    www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.
    ...

  8. #38
    Join Date
    Dec 2001
    Location
    Bremen, Germany
    Posts
    314

    Re: reverse engineering

    Just forget about disassembling to a disc file. When talking about tools like SoftIce you must notice that this isn't a tool to generate disassembled files of code. As I mentioned before, you can breakpoint on any symbol and any memory location and even on memory operations you'll like to. SI runs in background, is loaded before Windows and lets you even trace into the kernel32.dll or wherever you want (SI itself is secured I even had total system hangs (deadlocks in semaphores) and SI was quite running...

    I thought we're talking about if stealing algorithms is possible - and anyway how many layers you use - it is possible. You need a good knowledge of ASM, maybe a lot of time but that's it. Face it, it's a fact.
    Since we're not talking about patching an exe or dll, you don't have to worry about coding or checksumming your files.
    Also forget about MeltIce. It's not hard to find a patch for SoftIce that makes MeltIce useless. Always remember that the guys that are stealing algorithms are not those kiddy crackers - they don't want 10 algos per day, they want yours. And they have the equipment and many more time to spent on breaking in your program than you have for securing it.

    I used SoftIce for a (very) short time. Since then I not even pack my executables anymore - not worth the time.

    I suggest to take a close look at that tool. Then consider what's your algos worth.

    Oliver.


  9. #39
    Join Date
    Mar 2002
    Location
    Florida, United States
    Posts
    50

    Re: reverse engineering

    You seem pretty quick to accuse me of being wrong . Considering I am both a C++ Developer and an Intel Assembly-language engineer, I think I have some credibility here.

    Just think about it logically. If it were so easy to reverse machine code in to C++, then why do software companies complain so much about Microsoft not releasing the source to Windows? Just decompile it! This includes any commercial program on the market -- if this was indeed possible the open source movement would be cheering in the streets .

    A compiled program with no debugging information in it is downright impossible to reverse to C++ source. It is possible to reverse it to C, although the C code will be no where near like what the origonal source was.

    -MattAA
    armadillo@engineer.com

  10. #40
    Join Date
    Jun 1999
    Location
    San Diego, CA
    Posts
    600

    You all missed a very important point!

    Every one talking about whether reverse-engineering can give back exactly the same original C/C++ code or not. You all missed one important point. That is, the reverse engineered C/C++ code, no matter what they look like, they do indeed compile into exactly the same executable binary and do exactly the same thing your program does.

    So, forget about whether the reverse engineered code looks like your original source code or not. That question is irrelevant since both will compile into exactly the same program executable binary.

    The real question to ask is, looking at the reverse-engineered source code, can a potential hacker make any sense out of it? Given a little bit of skill, the answer is a definite YES.

    And, if your original source code was written in a real bad coding style, chances are that the reverse-engineered code could be actually even easier to read, and hence makes more sense than your original source code!



    Any one who knows he/she is not smart is smart.
    Any one who knows he/she is smart is not smart.
    You ask me if I am smart or not? Well...
    I don't know - you tell me :-)

  11. #41
    Join Date
    Apr 2001
    Location
    San Diego CA
    Posts
    378

    Can A block of code be stripped and used?

    If a potential hacker can identify functions by using SI..aka Tools can he just get that function in bin/obj/exe form and use that somewhere else in his own project?

    Rating Helps!!
    þ|êâšë rä†è rëþ|ïëš †hª† hë|þëd

  12. #42
    Join Date
    Apr 2000
    Location
    Los Angeles, California, USA
    Posts
    28

    Re: reverse engineering

    Anybody who tells you that the .exe file compiled in the release mode can be decompiled into the original source code has obviously no idea of how the compilers and decompilers work. The best decompiler i know is IDA (interractive disassembler) which decompiles the sorce code into the assembly. It can also point you on the Win32 API function calls and references to the other DLL files on your system. The same can be done with Win32Dasm. But the code that you get is not nearly close to the original c code (I should not even mention a c++ class structure here). If your "know how" is in the c++ design only, - then you're on the safe side. If you're talking about the algorithm that is irrelevant of the class structure then it may be retrieved in some form (not in the original one) which will be an assembly code with more or less disassembler genereted general commens added (referenced Win32 API function, CPU register, function entry points (without the real function names) and thing like this). Even though, this things can be retrieved, there are ways to "fool" disasseblers (or the people, working with the produced listings).
    Here is one simple trick:

    try
    {
    int a = 1/0; // generates an exception (it does not have to be this obvious)
    // some code that will never execute goes here
    catch (...)
    {
    // the actual code here
    // NOTE: If you write all your code this way
    // it will slow you down and create a
    // debugging nightmare
    }



    There are also ways of generating so called dynamic code and more. You can find some information on WWW.ASTALAVISTA.COM

    Generally it is pretty hard to read a disassembled code unless it does something very simple and straight forward (like Power-On-Reset CPU initialization) and you know well what the program or it's particular part should be doing.

    Assuming that somebody has a lot of time and patience to trace through the disassembled code in the debugger - complex algorithms are still not easy to understand on such low level.

    The thing that can realy sell you is the memory your algorithm is using, any intermediate and temprorary files your algorithm may be producing.
    This is the thing I would watch for first, because if I know what the initial data looks like then by watching how you program modifies it and, possibly, connecting this with the disassembly listings I would have a chance of a much better understanding of your algorithm than by just browsing through the code.

    Even though the dissassembler + debugger may do the job, your program on it's end can modify it's behavior if it is being debugged.

    There is a flag that the CPU sets in one of its register and, I belive, that I've seen a Win32 API function that tells you if the CPU is in the debug mode.

    The point is:

    1.
    Any .exe file can be decompiled into more or less accurate assembly or a low level c listing
    BUT
    no executable, compiled without debug information can be decompiled into the original C/C++ code.

    2.
    The decompiled listing may be analyzed
    BUT
    analyzing a complex algorithm based only on the low level source listing is a very difficult and time consuming process and you can make it even more complex by making the code illogical in some (possibly critical) places as well as you may be able to avoid the use of the standard data formats (may be standard to the industry you working in) to store your intermediate data.

    3.
    It is possible to use a debugging tool to trace into your code and (!!!) into the memory that the program is using
    BUT
    you can modify the program behavior if it's being debuged.

    4.If somebody tells you that in order to crack a program, to retrieve a serial number, password, etc. it is required to have a source code listing - this person may as well tell you that in order to protect your PC from the viruses you should put a condom on your network/phone cable every time you connecting to the internet.


  13. #43
    Join Date
    Feb 2000
    Posts
    101

    Re: reverse engineering

    Why not write the sensitive algos in vb6. Which compiles it into something called p-code (Not played with VB for a couple of years so things might have moved on) which is interpreted by the correspnding VBxxRUN.dll.. Never heard of anybody cracking any software that was written in vb...

    OK it won't make your algos completely safe (nothing will !!) but it will take them far longer to extract them from the machine code...


  14. #44
    Join Date
    Jun 1999
    Location
    San Diego, CA
    Posts
    600

    Re: Can A block of code be stripped and used?

    Sure it can be done. But it's all a balance of what it takes to write your own and what it takes to identify what a specific portion of an exe is trying to do.

    There are cases where reverse engineering was done. One famous example is the RC4 algorithm. RSA never published RC4, but some one figured it out from the binary and released it on the net. Now every one has access to RC4. Mind you, though, you can not call your stuff RC4, because the name is trade-marked.


    Any one who knows he/she is not smart is smart.
    Any one who knows he/she is smart is not smart.
    You ask me if I am smart or not? Well...
    I don't know - you tell me :-)

  15. #45
    Join Date
    Apr 2000
    Location
    Los Angeles, California, USA
    Posts
    28

    Re: reverse engineering

    I was not exactly right calling the IDA the best disassembler I've seen. It's good for al lot of processor and controller types but it is pretty useless when you dealing with windows aplications. There is a pretty good one called Win32Dasm. And here is a disassembly listing, created for the Dialog based MFC application (I have accepted all the defaults in the AppWizard and have not added a single line of code to it).
    If you look at the listing you can easily notice that all the resources you use (dialog templates, string table entries, etc.) are accuratly referenced in the disassembly listing. Also standard Win32 API and MFC library function calls are also outlined as well as the referenced DLL files their content. Even thought it does not realy go much further then that... there is something to think about: do you realy wan to use string table for you string data? may be you want to initialize some of your dialogs on the fly instead of using a resource editor (just to avoid thisng like <Possible Reference to String Resource ID=00101: "&About test..."> in your diasssmbly listing)? etc.

    Disassembly of File: C:\Development\test\Release\test.exe
    Code Offset = 00001000, Code Size = 00001000
    Data Offset = 00003000, Data Size = 00001000

    Number of Objects = 0004 (dec), Imagebase = 00400000h

    Object01: .text RVA: 00001000 Offset: 00001000 Size: 00001000 Flags: 60000020
    Object02: .rdata RVA: 00002000 Offset: 00002000 Size: 00001000 Flags: 40000040
    Object03: .data RVA: 00003000 Offset: 00003000 Size: 00001000 Flags: C0000040
    Object04: .rsrc RVA: 00004000 Offset: 00004000 Size: 00001000 Flags: 40000040


    +++++++++++++++++++ MENU INFORMATION ++++++++++++++++++

    There Are No Menu Resources in This Application

    +++++++++++++++++ DIALOG INFORMATION ++++++++++++++++++

    Number of Dialogs = 2 (decimal)

    Name: DialogID_0064, # of Controls=004, Caption:"About test", ClassName:""
    001 - ControlID:FFFF, Control Class:"STATIC" Control Text:""
    002 - ControlID:FFFF, Control Class:"STATIC" Control Text:"test Version 1.0"
    003 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Copyright (C) 2002"
    004 - ControlID:0001, Control Class:"BUTTON" Control Text:"OK"
    Name: DialogID_0066, # of Controls=000, Caption:"@È", ClassName:""

    +++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++
    Number of Imported Modules = 4 (decimal)

    Import Module 001: MFC42.DLL
    Import Module 002: MSVCRT.dll
    Import Module 003: KERNEL32.dll
    Import Module 004: USER32.dll

    +++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++

    Import Module 001: MFC42.DLL

    Addr:800009FA hint(09FA) Name: Ordinal:09FA
    Addr:800009D0 hint(09D0) Name: Ordinal:09D0
    Addr:80001663 hint(1663) Name: Ordinal:1663
    Addr:80001186 hint(1186) Name: Ordinal:1186
    Addr:80000F52 hint(0F52) Name: Ordinal:0F52
    Addr:80000441 hint(0441) Name: Ordinal:0441
    Addr:8000144F hint(144F) Name: Ordinal:144F
    Addr:8000095C hint(095C) Name: Ordinal:095C
    Addr:80000D12 hint(0D12) Name: Ordinal:0D12
    Addr:800014B4 hint(14B4) Name: Ordinal:14B4
    Addr:800014B6 hint(14B6) Name: Ordinal:14B6
    Addr:80000AA5 hint(0AA5) Name: Ordinal:0AA5
    Addr:80000FEF hint(0FEF) Name: Ordinal:0FEF
    Addr:8000125A hint(125A) Name: Ordinal:125A
    Addr:800014BB hint(14BB) Name: Ordinal:14BB
    Addr:800014A9 hint(14A9) Name: Ordinal:14A9
    Addr:80001652 hint(1652) Name: Ordinal:1652
    Addr:80000BA6 hint(0BA6) Name: Ordinal:0BA6
    Addr:80000C4B hint(0C4B) Name: Ordinal:0C4B
    Addr:80000CBB hint(0CBB) Name: Ordinal:0CBB
    Addr:80001171 hint(1171) Name: Ordinal:1171
    Addr:80000C40 hint(0C40) Name: Ordinal:0C40
    Addr:80000CBE hint(0CBE) Name: Ordinal:0CBE
    Addr:80000BA9 hint(0BA9) Name: Ordinal:0BA9
    Addr:80000C09 hint(0C09) Name: Ordinal:0C09
    Addr:80000BA0 hint(0BA0) Name: Ordinal:0BA0
    Addr:80000EF6 hint(0EF6) Name: Ordinal:0EF6
    Addr:80000EF7 hint(0EF7) Name: Ordinal:0EF7
    Addr:80000EF1 hint(0EF1) Name: Ordinal:0EF1
    Addr:80000C07 hint(0C07) Name: Ordinal:0C07
    Addr:80000FF0 hint(0FF0) Name: Ordinal:0FF0
    Addr:8000120E hint(120E) Name: Ordinal:120E
    Addr:80001148 hint(1148) Name: Ordinal:1148
    Addr:80000E9A hint(0E9A) Name: Ordinal:0E9A
    Addr:80000231 hint(0231) Name: Ordinal:0231
    Addr:80000339 hint(0339) Name: Ordinal:0339
    Addr:8000032F hint(032F) Name: Ordinal:032F
    Addr:80000281 hint(0281) Name: Ordinal:0281
    Addr:800009D2 hint(09D2) Name: Ordinal:09D2
    Addr:80000A3D hint(0A3D) Name: Ordinal:0A3D
    Addr:8000046E hint(046E) Name: Ordinal:046E
    Addr:800010B2 hint(10B2) Name: Ordinal:10B2
    Addr:800018E7 hint(18E7) Name: Ordinal:18E7
    Addr:800012F5 hint(12F5) Name: Ordinal:12F5
    Addr:80001386 hint(1386) Name: Ordinal:1386
    Addr:80001266 hint(1266) Name: Ordinal:1266
    Addr:800017A4 hint(17A4) Name: Ordinal:17A4
    Addr:80000FEE hint(0FEE) Name: Ordinal:0FEE
    Addr:800006EF hint(06EF) Name: Ordinal:06EF
    Addr:80001137 hint(1137) Name: Ordinal:1137
    Addr:80001479 hint(1479) Name: Ordinal:1479
    Addr:80000951 hint(0951) Name: Ordinal:0951
    Addr:8000142B hint(142B) Name: Ordinal:142B
    Addr:800018E6 hint(18E6) Name: Ordinal:18E6
    Addr:80001101 hint(1101) Name: Ordinal:1101
    Addr:800014A0 hint(14A0) Name: Ordinal:14A0
    Addr:80001241 hint(1241) Name: Ordinal:1241
    Addr:800012E5 hint(12E5) Name: Ordinal:12E5
    Addr:80001159 hint(1159) Name: Ordinal:1159
    Addr:80000A58 hint(0A58) Name: Ordinal:0A58
    Addr:80000807 hint(0807) Name: Ordinal:0807
    Addr:800018E8 hint(18E8) Name: Ordinal:18E8
    Addr:80000EA5 hint(0EA5) Name: Ordinal:0EA5
    Addr:800013C9 hint(13C9) Name: Ordinal:13C9
    Addr:800006BF hint(06BF) Name: Ordinal:06BF
    Addr:8000148D hint(148D) Name: Ordinal:148D
    Addr:8000098E hint(098E) Name: Ordinal:098E
    Addr:8000084C hint(084C) Name: Ordinal:084C
    Addr:8000149D hint(149D) Name: Ordinal:149D
    Addr:80001213 hint(1213) Name: Ordinal:1213
    Addr:80001149 hint(1149) Name: Ordinal:1149
    Addr:80000E0D hint(0E0D) Name: Ordinal:0E0D
    Addr:80000144 hint(0144) Name: Ordinal:0144
    Addr:8000108A hint(108A) Name: Ordinal:108A
    Addr:8000047A hint(047A) Name: Ordinal:047A
    Addr:80000490 hint(0490) Name: Ordinal:0490
    Addr:80000320 hint(0320) Name: Ordinal:0320
    Addr:80001040 hint(1040) Name: Ordinal:1040
    Addr:8000021C hint(021C) Name: Ordinal:021C
    Addr:80000B2F hint(0B2F) Name: Ordinal:0B2F
    Addr:8000094B hint(094B) Name: Ordinal:094B
    Addr:800002F3 hint(02F3) Name: Ordinal:02F3
    Addr:800001D6 hint(01D6) Name: Ordinal:01D6
    Addr:80001118 hint(1118) Name: Ordinal:1118
    Addr:80001491 hint(1491) Name: Ordinal:1491
    Addr:80000ED6 hint(0ED6) Name: Ordinal:0ED6
    Addr:80000628 hint(0628) Name: Ordinal:0628

    Import Module 002: MSVCRT.dll

    Addr:00002840 hint(0249) Name: exit
    Addr:00002848 hint(008F) Name: _acmdln
    Addr:00002852 hint(0058) Name: __getmainargs
    Addr:00002862 hint(010F) Name: _initterm
    Addr:0000286E hint(0083) Name: __setusermatherr
    Addr:00002882 hint(009D) Name: _adjust_fdiv
    Addr:00002832 hint(0048) Name: _XcptFilter
    Addr:00002892 hint(006A) Name: __p__commode
    Addr:000028A2 hint(006F) Name: __p__fmode
    Addr:000028B0 hint(0081) Name: __set_app_type
    Addr:000028C2 hint(00CA) Name: _except_handler3
    Addr:000028D6 hint(00B7) Name: _controlfp
    Addr:0000282A hint(00D3) Name: _exit
    Addr:00002806 hint(0055) Name: __dllonexit
    Addr:000027F2 hint(0049) Name: __CxxFrameHandler
    Addr:00002814 hint(0186) Name: _onexit
    Addr:000029AA hint(01AA) Name: _setmbcp

    Import Module 003: KERNEL32.dll

    Addr:000028E4 hint(0126) Name: GetModuleHandleA
    Addr:000028F8 hint(0150) Name: GetStartupInfoA

    Import Module 004: USER32.dll

    Addr:00002942 hint(0145) Name: GetSystemMenu
    Addr:00002952 hint(00A9) Name: DrawIcon
    Addr:00002934 hint(0007) Name: AppendMenuA
    Addr:0000295E hint(00F0) Name: GetClientRect
    Addr:00002924 hint(0214) Name: SendMessageA
    Addr:00002982 hint(018C) Name: IsIconic
    Addr:0000298E hint(00B7) Name: EnableWindow
    Addr:0000296E hint(0146) Name: GetSystemMetrics
    Addr:00002918 hint(019E) Name: LoadIconA

    +++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++
    Number of Exported Functions = 0000 (decimal)




    +++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++
    //********************** Start of Code in Object .text **************
    Program Entry Point = 004016E0 (C:\Development\test\Release\test.exe File Offset:000036E0)


    :00401000 A1B0204000 mov eax, dword ptr [004020B0]
    :00401005 C3 ret


    :00401006 90 nop
    :00401007 90 nop
    :00401008 90 nop
    :00401009 90 nop
    :0040100A 90 nop
    :0040100B 90 nop
    :0040100C 90 nop
    :0040100D 90 nop
    :0040100E 90 nop
    :0040100F 90 nop
    :00401010 B8E0214000 mov eax, 004021E0
    :00401015 C3 ret


    :00401016 90 nop
    :00401017 90 nop
    :00401018 90 nop
    :00401019 90 nop
    :0040101A 90 nop
    :0040101B 90 nop
    :0040101C 90 nop
    :0040101D 90 nop
    :0040101E 90 nop
    :0040101F 90 nop

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00401085(U)
    |
    :00401020 56 push esi
    :00401021 8BF1 mov esi, ecx
    :00401023 6A00 push 00000000

    * Reference To: MFC42.Ordinal:0231, Ord:0231h
    |
    :00401025 E84E050000 Call 00401578
    :0040102A C70618224000 mov dword ptr [esi], 00402218
    :00401030 8BC6 mov eax, esi
    :00401032 5E pop esi
    :00401033 C3 ret


    :00401034 90 nop
    :00401035 90 nop
    :00401036 90 nop
    :00401037 90 nop
    :00401038 90 nop
    :00401039 90 nop
    :0040103A 90 nop
    :0040103B 90 nop
    :0040103C 90 nop
    :0040103D 90 nop
    :0040103E 90 nop
    :0040103F 90 nop
    :00401040 56 push esi
    :00401041 8BF1 mov esi, ecx
    :00401043 E818000000 call 00401060
    :00401048 F644240801 test [esp+08], 01
    :0040104D 7409 je 00401058
    :0040104F 56 push esi

    * Reference To: MFC42.Ordinal:0339, Ord:0339h
    |
    :00401050 E829050000 Call 0040157E
    :00401055 83C404 add esp, 00000004

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040104D(C)
    |
    :00401058 8BC6 mov eax, esi
    :0040105A 5E pop esi
    :0040105B C20400 ret 0004


    :0040105E 90 nop
    :0040105F 90 nop

    * Referenced by a CALL at Address:
    |:00401043
    |

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004010A5(U)
    |

    * Reference To: MFC42.Ordinal:032F, Ord:032Fh
    |
    :00401060 E91F050000 Jmp 00401584
    :00401065 90 nop
    :00401066 90 nop
    :00401067 90 nop
    :00401068 90 nop
    :00401069 90 nop
    :0040106A 90 nop
    :0040106B 90 nop
    :0040106C 90 nop
    :0040106D 90 nop
    :0040106E 90 nop
    :0040106F 90 nop
    :00401070 E80B000000 call 00401080
    :00401075 E916000000 jmp 00401090
    :0040107A 90 nop
    :0040107B 90 nop
    :0040107C 90 nop
    :0040107D 90 nop
    :0040107E 90 nop
    :0040107F 90 nop

    * Referenced by a CALL at Address:
    |:00401070
    |
    :00401080 B928304000 mov ecx, 00403028
    :00401085 E996FFFFFF jmp 00401020
    :0040108A 90 nop
    :0040108B 90 nop
    :0040108C 90 nop
    :0040108D 90 nop
    :0040108E 90 nop
    :0040108F 90 nop

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00401075(U)
    |
    :00401090 68A0104000 push 004010A0
    :00401095 E82A060000 call 004016C4
    :0040109A 59 pop ecx
    :0040109B C3 ret


    :0040109C 90 nop
    :0040109D 90 nop
    :0040109E 90 nop
    :0040109F 90 nop
    :004010A0 B928304000 mov ecx, 00403028
    :004010A5 E9B6FFFFFF jmp 00401060
    :004010AA 90 nop
    :004010AB 90 nop
    :004010AC 90 nop
    :004010AD 90 nop
    :004010AE 90 nop
    :004010AF 90 nop
    :004010B0 6AFF push FFFFFFFF
    :004010B2 68D8184000 push 004018D8
    :004010B7 64A100000000 mov eax, dword ptr fs:[00000000]
    :004010BD 50 push eax
    :004010BE 64892500000000 mov dword ptr fs:[00000000], esp
    :004010C5 83EC64 sub esp, 00000064
    :004010C8 56 push esi
    :004010C9 8BF1 mov esi, ecx
    :004010CB 6A00 push 00000000

    * Reference To: MFC42.Ordinal:046E, Ord:046Eh
    |
    :004010CD E8CA040000 Call 0040159C
    :004010D2 83C404 add esp, 00000004
    :004010D5 8BCE mov ecx, esi

    * Reference To: MFC42.Ordinal:0A3D, Ord:0A3Dh
    |
    :004010D7 E8BA040000 Call 00401596
    :004010DC 6A00 push 00000000
    :004010DE 8D4C2408 lea ecx, dword ptr [esp+08]
    :004010E2 E8D9000000 call 004011C0
    :004010E7 8D442404 lea eax, dword ptr [esp+04]
    :004010EB 8D4C2404 lea ecx, dword ptr [esp+04]
    :004010EF C744247000000000 mov [esp+70], 00000000
    :004010F7 894620 mov dword ptr [esi+20], eax

    * Reference To: MFC42.Ordinal:09D2, Ord:09D2h
    |
    :004010FA E891040000 Call 00401590
    :004010FF 8D4C2404 lea ecx, dword ptr [esp+04]
    :00401103 C7442470FFFFFFFF mov [esp+70], FFFFFFFF

    * Reference To: MFC42.Ordinal:0281, Ord:0281h
    |
    :0040110B E87A040000 Call 0040158A
    :00401110 8B4C2468 mov ecx, dword ptr [esp+68]
    :00401114 33C0 xor eax, eax
    :00401116 5E pop esi
    :00401117 64890D00000000 mov dword ptr fs:[00000000], ecx
    :0040111E 83C470 add esp, 00000070
    :00401121 C3 ret


    :00401122 90 nop
    :00401123 90 nop
    :00401124 90 nop
    :00401125 90 nop
    :00401126 90 nop
    :00401127 90 nop
    :00401128 90 nop
    :00401129 90 nop
    :0040112A 90 nop
    :0040112B 90 nop
    :0040112C 90 nop
    :0040112D 90 nop
    :0040112E 90 nop
    :0040112F 90 nop

    * Referenced by a CALL at Address:
    |:00401183
    |

    * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
    |:004018D3(U), :00401933(U)
    |

    * Reference To: MFC42.Ordinal:0281, Ord:0281h
    |
    :00401130 E955040000 Jmp 0040158A
    :00401135 90 nop
    :00401136 90 nop
    :00401137 90 nop
    :00401138 90 nop
    :00401139 90 nop
    :0040113A 90 nop
    :0040113B 90 nop
    :0040113C 90 nop
    :0040113D 90 nop
    :0040113E 90 nop
    :0040113F 90 nop
    :00401140 C20400 ret 0004


    :00401143 90 nop
    :00401144 90 nop
    :00401145 90 nop
    :00401146 90 nop
    :00401147 90 nop
    :00401148 90 nop
    :00401149 90 nop
    :0040114A 90 nop
    :0040114B 90 nop
    :0040114C 90 nop
    :0040114D 90 nop
    :0040114E 90 nop
    :0040114F 90 nop
    :00401150 C3 ret


    :00401151 90 nop
    :00401152 90 nop
    :00401153 90 nop
    :00401154 90 nop
    :00401155 90 nop
    :00401156 90 nop
    :00401157 90 nop
    :00401158 90 nop
    :00401159 90 nop
    :0040115A 90 nop
    :0040115B 90 nop
    :0040115C 90 nop
    :0040115D 90 nop
    :0040115E 90 nop
    :0040115F 90 nop

    * Referenced by a CALL at Address:
    |:0040135A
    |
    :00401160 56 push esi
    :00401161 6A00 push 00000000
    :00401163 8BF1 mov esi, ecx

    * Possible Reference to Dialog: DialogID_0064
    |
    :00401165 6A64 push 00000064

    * Reference To: MFC42.Ordinal:0144, Ord:0144h
    |
    :00401167 E8F0040000 Call 0040165C
    :0040116C C70648234000 mov dword ptr [esi], 00402348
    :00401172 8BC6 mov eax, esi
    :00401174 5E pop esi
    :00401175 C3 ret


    :00401176 90 nop
    :00401177 90 nop
    :00401178 90 nop
    :00401179 90 nop
    :0040117A 90 nop
    :0040117B 90 nop
    :0040117C 90 nop
    :0040117D 90 nop
    :0040117E 90 nop
    :0040117F 90 nop
    :00401180 56 push esi
    :00401181 8BF1 mov esi, ecx
    :00401183 E8A8FFFFFF call 00401130
    :00401188 F644240801 test [esp+08], 01
    :0040118D 7409 je 00401198
    :0040118F 56 push esi

    * Reference To: MFC42.Ordinal:0339, Ord:0339h
    |
    :00401190 E8E9030000 Call 0040157E
    :00401195 83C404 add esp, 00000004

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040118D(C)
    |
    :00401198 8BC6 mov eax, esi
    :0040119A 5E pop esi
    :0040119B C20400 ret 0004


    :0040119E 90 nop
    :0040119F 90 nop
    :004011A0 A130214000 mov eax, dword ptr [00402130]
    :004011A5 C3 ret


    :004011A6 90 nop
    :004011A7 90 nop
    :004011A8 90 nop
    :004011A9 90 nop
    :004011AA 90 nop
    :004011AB 90 nop
    :004011AC 90 nop
    :004011AD 90 nop
    :004011AE 90 nop
    :004011AF 90 nop
    :004011B0 B8C0224000 mov eax, 004022C0
    :004011B5 C3 ret


    :004011B6 90 nop
    :004011B7 90 nop
    :004011B8 90 nop
    :004011B9 90 nop
    :004011BA 90 nop
    :004011BB 90 nop
    :004011BC 90 nop
    :004011BD 90 nop
    :004011BE 90 nop
    :004011BF 90 nop

    * Referenced by a CALL at Address:
    |:004010E2
    |
    :004011C0 6AFF push FFFFFFFF
    :004011C2 68F8184000 push 004018F8
    :004011C7 64A100000000 mov eax, dword ptr fs:[00000000]
    :004011CD 50 push eax
    :004011CE 64892500000000 mov dword ptr fs:[00000000], esp
    :004011D5 51 push ecx
    :004011D6 8B442414 mov eax, dword ptr [esp+14]
    :004011DA 56 push esi
    :004011DB 8BF1 mov esi, ecx
    :004011DD 50 push eax

    * Possible Reference to Dialog: DialogID_0066
    |
    :004011DE 6A66 push 00000066
    :004011E0 8974240C mov dword ptr [esp+0C], esi

    * Reference To: MFC42.Ordinal:0144, Ord:0144h
    |
    :004011E4 E873040000 Call 0040165C
    :004011E9 C744241000000000 mov [esp+10], 00000000
    :004011F1 C70620244000 mov dword ptr [esi], 00402420

    * Reference To: MFC42.Ordinal:0490, Ord:0490h
    |
    :004011F7 E86C040000 Call 00401668
    :004011FC 6880000000 push 00000080
    :00401201 6A0E push 0000000E
    :00401203 6880000000 push 00000080

    * Reference To: MFC42.Ordinal:047A, Ord:047Ah
    |
    :00401208 E855040000 Call 00401662
    :0040120D 50 push eax

    * Reference To: USER32.LoadIconA, Ord:019Eh
    |
    :0040120E FF15D4214000 Call dword ptr [004021D4]
    :00401214 8B4C2408 mov ecx, dword ptr [esp+08]
    :00401218 894660 mov dword ptr [esi+60], eax
    :0040121B 8BC6 mov eax, esi
    :0040121D 5E pop esi
    :0040121E 64890D00000000 mov dword ptr fs:[00000000], ecx
    :00401225 83C410 add esp, 00000010
    :00401228 C20400 ret 0004


    :0040122B 90 nop
    :0040122C 90 nop
    :0040122D 90 nop
    :0040122E 90 nop
    :0040122F 90 nop
    :00401230 C20400 ret 0004


    :00401233 90 nop
    :00401234 90 nop
    :00401235 90 nop
    :00401236 90 nop
    :00401237 90 nop
    :00401238 90 nop
    :00401239 90 nop
    :0040123A 90 nop
    :0040123B 90 nop
    :0040123C 90 nop
    :0040123D 90 nop
    :0040123E 90 nop
    :0040123F 90 nop
    :00401240 B8E0224000 mov eax, 004022E0
    :00401245 C3 ret


    :00401246 90 nop
    :00401247 90 nop
    :00401248 90 nop
    :00401249 90 nop
    :0040124A 90 nop
    :0040124B 90 nop
    :0040124C 90 nop
    :0040124D 90 nop
    :0040124E 90 nop
    :0040124F 90 nop
    :00401250 6AFF push FFFFFFFF
    :00401252 6818194000 push 00401918
    :00401257 64A100000000 mov eax, dword ptr fs:[00000000]
    :0040125D 50 push eax
    :0040125E 64892500000000 mov dword ptr fs:[00000000], esp
    :00401265 51 push ecx
    :00401266 56 push esi
    :00401267 57 push edi
    :00401268 8BF1 mov esi, ecx

    * Reference To: MFC42.Ordinal:1266, Ord:1266h
    |
    :0040126A E84B030000 Call 004015BA
    :0040126F 8B4620 mov eax, dword ptr [esi+20]
    :00401272 6A00 push 00000000
    :00401274 50 push eax

    * Reference To: USER32.GetSystemMenu, Ord:0145h
    |
    :00401275 FF15B4214000 Call dword ptr [004021B4]
    :0040127B 50 push eax

    * Reference To: MFC42.Ordinal:0B2F, Ord:0B2Fh
    |
    :0040127C E8FF030000 Call 00401680
    :00401281 8BF8 mov edi, eax
    :00401283 85FF test edi, edi
    :00401285 745E je 004012E5
    :00401287 8D4C2408 lea ecx, dword ptr [esp+08]

    * Reference To: MFC42.Ordinal:021C, Ord:021Ch
    |
    :0040128B E8EA030000 Call 0040167A

    * Possible Reference to String Resource ID=00101: "&About test..."
    |
    :00401290 6A65 push 00000065
    :00401292 8D4C240C lea ecx, dword ptr [esp+0C]
    :00401296 C744241800000000 mov [esp+18], 00000000

    * Reference To: MFC42.Ordinal:1040, Ord:1040h
    |
    :0040129E E8D1030000 Call 00401674
    :004012A3 8B4C2408 mov ecx, dword ptr [esp+08]
    :004012A7 8B41F8 mov eax, dword ptr [ecx-08]
    :004012AA 85C0 test eax, eax
    :004012AC 7426 je 004012D4
    :004012AE 8B5704 mov edx, dword ptr [edi+04]
    :004012B1 53 push ebx

    * Reference To: USER32.AppendMenuA, Ord:0007h
    |
    :004012B2 8B1DBC214000 mov ebx, dword ptr [004021BC]
    :004012B8 6A00 push 00000000
    :004012BA 6A00 push 00000000
    :004012BC 6800080000 push 00000800
    :004012C1 52 push edx
    :004012C2 FFD3 call ebx
    :004012C4 8B44240C mov eax, dword ptr [esp+0C]
    :004012C8 8B4F04 mov ecx, dword ptr [edi+04]
    :004012CB 50 push eax
    :004012CC 6A10 push 00000010
    :004012CE 6A00 push 00000000
    :004012D0 51 push ecx
    :004012D1 FFD3 call ebx
    :004012D3 5B pop ebx

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004012AC(C)
    |
    :004012D4 8D4C2408 lea ecx, dword ptr [esp+08]
    :004012D8 C7442414FFFFFFFF mov [esp+14], FFFFFFFF

    * Reference To: MFC42.Ordinal:0320, Ord:0320h
    |
    :004012E0 E889030000 Call 0040166E

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00401285(C)
    |
    :004012E5 8B5660 mov edx, dword ptr [esi+60]
    :004012E8 8B4620 mov eax, dword ptr [esi+20]

    * Reference To: USER32.SendMessageA, Ord:0214h
    |
    :004012EB 8B3DC4214000 mov edi, dword ptr [004021C4]
    :004012F1 52 push edx
    :004012F2 6A01 push 00000001
    :004012F4 6880000000 push 00000080
    :004012F9 50 push eax
    :004012FA FFD7 call edi
    :004012FC 8B4E60 mov ecx, dword ptr [esi+60]
    :004012FF 8B5620 mov edx, dword ptr [esi+20]
    :00401302 51 push ecx
    :00401303 6A00 push 00000000
    :00401305 6880000000 push 00000080
    :0040130A 52 push edx
    :0040130B FFD7 call edi
    :0040130D 8B4C240C mov ecx, dword ptr [esp+0C]
    :00401311 5F pop edi
    :00401312 B801000000 mov eax, 00000001
    :00401317 5E pop esi
    :00401318 64890D00000000 mov dword ptr fs:[00000000], ecx
    :0040131F 83C410 add esp, 00000010
    :00401322 C3 ret


    :00401323 90 nop
    :00401324 90 nop
    :00401325 90 nop
    :00401326 90 nop
    :00401327 90 nop
    :00401328 90 nop
    :00401329 90 nop
    :0040132A 90 nop
    :0040132B 90 nop
    :0040132C 90 nop
    :0040132D 90 nop
    :0040132E 90 nop
    :0040132F 90 nop
    :00401330 64A100000000 mov eax, dword ptr fs:[00000000]
    :00401336 6AFF push FFFFFFFF
    :00401338 6838194000 push 00401938
    :0040133D 50 push eax
    :0040133E 8B442410 mov eax, dword ptr [esp+10]
    :00401342 64892500000000 mov dword ptr fs:[00000000], esp
    :00401349 25F0FF0000 and eax, 0000FFF0
    :0040134E 83EC60 sub esp, 00000060
    :00401351 83F810 cmp eax, 00000010
    :00401354 753C jne 00401392
    :00401356 8D4C2400 lea ecx, dword ptr [esp]
    :0040135A E801FEFFFF call 00401160
    :0040135F 8D4C2400 lea ecx, dword ptr [esp]
    :00401363 C744246800000000 mov [esp+68], 00000000

    * Reference To: MFC42.Ordinal:09D2, Ord:09D2h
    |
    :0040136B E820020000 Call 00401590
    :00401370 8D4C2400 lea ecx, dword ptr [esp]
    :00401374 C7442468FFFFFFFF mov [esp+68], FFFFFFFF

    * Reference To: MFC42.Ordinal:0281, Ord:0281h
    |
    :0040137C E809020000 Call 0040158A
    :00401381 8B4C2460 mov ecx, dword ptr [esp+60]
    :00401385 64890D00000000 mov dword ptr fs:[00000000], ecx
    :0040138C 83C46C add esp, 0000006C
    :0040138F C20800 ret 0008



    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00401354(C)
    |

    * Reference To: MFC42.Ordinal:094B, Ord:094Bh
    |
    :00401392 E8EF020000 Call 00401686
    :00401397 8B4C2460 mov ecx, dword ptr [esp+60]
    :0040139B 64890D00000000 mov dword ptr fs:[00000000], ecx
    :004013A2 83C46C add esp, 0000006C
    :004013A5 C20800 ret 0008


    :004013A8 90 nop
    :004013A9 90 nop
    :004013AA 90 nop
    :004013AB 90 nop
    :004013AC 90 nop
    :004013AD 90 nop
    :004013AE 90 nop
    :004013AF 90 nop
    :004013B0 83EC64 sub esp, 00000064
    :004013B3 56 push esi
    :004013B4 8BF1 mov esi, ecx
    :004013B6 8B4620 mov eax, dword ptr [esi+20]
    :004013B9 50 push eax

    * Reference To: USER32.IsIconic, Ord:018Ch
    |
    :004013BA FF15C8214000 Call dword ptr [004021C8]
    :004013C0 85C0 test eax, eax
    :004013C2 0F848F000000 je 00401457
    :004013C8 53 push ebx
    :004013C9 57 push edi
    :004013CA 56 push esi
    :004013CB 8D4C2420 lea ecx, dword ptr [esp+20]

    * Reference To: MFC42.Ordinal:01D6, Ord:01D6h
    |
    :004013CF E8BE020000 Call 00401692
    :004013D4 8B7C2420 mov edi, dword ptr [esp+20]
    :004013D8 8D44241C lea eax, dword ptr [esp+1C]
    :004013DC 8B4E20 mov ecx, dword ptr [esi+20]
    :004013DF 6A00 push 00000000
    :004013E1 F7D8 neg eax
    :004013E3 1BC0 sbb eax, eax
    :004013E5 23C7 and eax, edi
    :004013E7 50 push eax
    :004013E8 6A27 push 00000027
    :004013EA 51 push ecx

    * Reference To: USER32.SendMessageA, Ord:0214h
    |
    :004013EB FF15C4214000 Call dword ptr [004021C4]

    * Reference To: USER32.GetSystemMetrics, Ord:0146h
    |
    :004013F1 8B3DD0214000 mov edi, dword ptr [004021D0]
    :004013F7 6A0B push 0000000B
    :004013F9 FFD7 call edi
    :004013FB 6A0C push 0000000C
    :004013FD 8BD8 mov ebx, eax
    :004013FF FFD7 call edi
    :00401401 8BF8 mov edi, eax
    :00401403 8B4620 mov eax, dword ptr [esi+20]
    :00401406 8D54240C lea edx, dword ptr [esp+0C]
    :0040140A 52 push edx
    :0040140B 50 push eax

    * Reference To: USER32.GetClientRect, Ord:00F0h
    |
    :0040140C FF15C0214000 Call dword ptr [004021C0]
    :00401412 8B4E60 mov ecx, dword ptr [esi+60]
    :00401415 8B442418 mov eax, dword ptr [esp+18]
    :00401419 51 push ecx
    :0040141A 8B4C2414 mov ecx, dword ptr [esp+14]
    :0040141E 2BC1 sub eax, ecx
    :00401420 2BC7 sub eax, edi
    :00401422 40 inc eax
    :00401423 99 cdq
    :00401424 2BC2 sub eax, edx
    :00401426 8B542410 mov edx, dword ptr [esp+10]
    :0040142A D1F8 sar eax, 1
    :0040142C 50 push eax
    :0040142D 8B44241C mov eax, dword ptr [esp+1C]
    :00401431 2BC2 sub eax, edx
    :00401433 2BC3 sub eax, ebx
    :00401435 40 inc eax
    :00401436 99 cdq
    :00401437 2BC2 sub eax, edx
    :00401439 8B542428 mov edx, dword ptr [esp+28]
    :0040143D D1F8 sar eax, 1
    :0040143F 50 push eax
    :00401440 52 push edx

    * Reference To: USER32.DrawIcon, Ord:00A9h
    |
    :00401441 FF15B8214000 Call dword ptr [004021B8]
    :00401447 8D4C241C lea ecx, dword ptr [esp+1C]

    * Reference To: MFC42.Ordinal:02F3, Ord:02F3h
    |
    :0040144B E83C020000 Call 0040168C
    :00401450 5F pop edi
    :00401451 5B pop ebx
    :00401452 5E pop esi
    :00401453 83C464 add esp, 00000064
    :00401456 C3 ret



    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004013C2(C)
    |
    :00401457 8BCE mov ecx, esi

    * Reference To: MFC42.Ordinal:094B, Ord:094Bh
    |
    :00401459 E828020000 Call 00401686
    :0040145E 5E pop esi
    :0040145F 83C464 add esp, 00000064
    :00401462 C3 ret


    :00401463 90 nop
    :00401464 90 nop
    :00401465 90 nop
    :00401466 90 nop
    :00401467 90 nop
    :00401468 90 nop
    :00401469 90 nop
    :0040146A 90 nop
    :0040146B 90 nop
    :0040146C 90 nop
    :0040146D 90 nop
    :0040146E 90 nop
    :0040146F 90 nop
    :00401470 8B4160 mov eax, dword ptr [ecx+60]
    :00401473 C3 ret


    :00401474 90 nop
    :00401475 90 nop
    :00401476 90 nop
    :00401477 90 nop
    :00401478 90 nop
    :00401479 90 nop
    :0040147A 90 nop
    :0040147B 90 nop
    :0040147C 90 nop
    :0040147D 90 nop
    :0040147E 90 nop
    :0040147F 90 nop
    :00401480 8B4120 mov eax, dword ptr [ecx+20]
    :00401483 6A00 push 00000000
    :00401485 50 push eax

    * Reference To: USER32.EnableWindow, Ord:00B7h
    |
    :00401486 FF15CC214000 Call dword ptr [004021CC]
    :0040148C C3 ret


    :0040148D 90 nop
    :0040148E 90 nop
    :0040148F 90 nop
    :00401490 8B4120 mov eax, dword ptr [ecx+20]
    :00401493 6A01 push 00000001
    :00401495 50 push eax

    * Reference To: USER32.EnableWindow, Ord:00B7h
    |
    :00401496 FF15CC214000 Call dword ptr [004021CC]
    :0040149C C3 ret


    :0040149D 90 nop
    :0040149E 90 nop
    :0040149F 90 nop

    * Reference To: MFC42.Ordinal:1241, Ord:1241h
    |
    :004014A0 FF25EC204000 Jmp dword ptr [004020EC]

    * Reference To: MFC42.Ordinal:18E7, Ord:18E7h
    |
    :004014A6 FF25B4204000 Jmp dword ptr [004020B4]

    * Reference To: MFC42.Ordinal:1186, Ord:1186h
    |
    :004014AC FF2518204000 Jmp dword ptr [00402018]

    * Reference To: MFC42.Ordinal:09FA, Ord:09FAh
    |
    :004014B2 FF250C204000 Jmp dword ptr [0040200C]

    * Reference To: MFC42.Ordinal:09D0, Ord:09D0h
    |
    :004014B8 FF2510204000 Jmp dword ptr [00402010]

    * Reference To: MFC42.Ordinal:1663, Ord:1663h
    |
    :004014BE FF2514204000 Jmp dword ptr [00402014]

    * Reference To: MFC42.Ordinal:0F52, Ord:0F52h
    |
    :004014C4 FF251C204000 Jmp dword ptr [0040201C]

    * Reference To: MFC42.Ordinal:0441, Ord:0441h
    |
    :004014CA FF2520204000 Jmp dword ptr [00402020]

    * Reference To: MFC42.Ordinal:144F, Ord:144Fh
    |
    :004014D0 FF2524204000 Jmp dword ptr [00402024]

    * Reference To: MFC42.Ordinal:095C, Ord:095Ch
    |
    :004014D6 FF2528204000 Jmp dword ptr [00402028]

    * Reference To: MFC42.Ordinal:0D12, Ord:0D12h
    |
    :004014DC FF252C204000 Jmp dword ptr [0040202C]

    * Reference To: MFC42.Ordinal:14B4, Ord:14B4h
    |
    :004014E2 FF2530204000 Jmp dword ptr [00402030]

    * Reference To: MFC42.Ordinal:14B6, Ord:14B6h
    |
    :004014E8 FF2534204000 Jmp dword ptr [00402034]

    * Reference To: MFC42.Ordinal:0AA5, Ord:0AA5h
    |
    :004014EE FF2538204000 Jmp dword ptr [00402038]

    * Reference To: MFC42.Ordinal:0FEF, Ord:0FEFh
    |
    :004014F4 FF253C204000 Jmp dword ptr [0040203C]

    * Reference To: MFC42.Ordinal:125A, Ord:125Ah
    |
    :004014FA FF2540204000 Jmp dword ptr [00402040]

    * Reference To: MFC42.Ordinal:14BB, Ord:14BBh
    |
    :00401500 FF2544204000 Jmp dword ptr [00402044]

    * Reference To: MFC42.Ordinal:14A9, Ord:14A9h
    |
    :00401506 FF2548204000 Jmp dword ptr [00402048]

    * Reference To: MFC42.Ordinal:1652, Ord:1652h
    |
    :0040150C FF254C204000 Jmp dword ptr [0040204C]

    * Reference To: MFC42.Ordinal:0BA6, Ord:0BA6h
    |
    :00401512 FF2550204000 Jmp dword ptr [00402050]

    * Reference To: MFC42.Ordinal:0C4B, Ord:0C4Bh
    |
    :00401518 FF2554204000 Jmp dword ptr [00402054]

    * Reference To: MFC42.Ordinal:0CBB, Ord:0CBBh
    |
    :0040151E FF2558204000 Jmp dword ptr [00402058]

    * Reference To: MFC42.Ordinal:1171, Ord:1171h
    |
    :00401524 FF255C204000 Jmp dword ptr [0040205C]

    * Reference To: MFC42.Ordinal:0C40, Ord:0C40h
    |
    :0040152A FF2560204000 Jmp dword ptr [00402060]

    * Reference To: MFC42.Ordinal:0CBE, Ord:0CBEh
    |
    :00401530 FF2564204000 Jmp dword ptr [00402064]

    * Reference To: MFC42.Ordinal:0BA9, Ord:0BA9h
    |
    :00401536 FF2568204000 Jmp dword ptr [00402068]

    * Reference To: MFC42.Ordinal:0C09, Ord:0C09h
    |
    :0040153C FF256C204000 Jmp dword ptr [0040206C]

    * Reference To: MFC42.Ordinal:0BA0, Ord:0BA0h
    |
    :00401542 FF2570204000 Jmp dword ptr [00402070]

    * Reference To: MFC42.Ordinal:0EF6, Ord:0EF6h
    |
    :00401548 FF2574204000 Jmp dword ptr [00402074]

    * Reference To: MFC42.Ordinal:0EF7, Ord:0EF7h
    |
    :0040154E FF2578204000 Jmp dword ptr [00402078]

    * Reference To: MFC42.Ordinal:0EF1, Ord:0EF1h
    |
    :00401554 FF257C204000 Jmp dword ptr [0040207C]

    * Reference To: MFC42.Ordinal:0C07, Ord:0C07h
    |
    :0040155A FF2580204000 Jmp dword ptr [00402080]

    * Reference To: MFC42.Ordinal:0FF0, Ord:0FF0h
    |
    :00401560 FF2584204000 Jmp dword ptr [00402084]

    * Reference To: MFC42.Ordinal:120E, Ord:120Eh
    |
    :00401566 FF2588204000 Jmp dword ptr [00402088]

    * Reference To: MFC42.Ordinal:1148, Ord:1148h
    |
    :0040156C FF258C204000 Jmp dword ptr [0040208C]

    * Reference To: MFC42.Ordinal:0E9A, Ord:0E9Ah
    |
    :00401572 FF2590204000 Jmp dword ptr [00402090]

    * Referenced by a CALL at Address:
    |:00401025
    |

    * Reference To: MFC42.Ordinal:0231, Ord:0231h
    |
    :00401578 FF2594204000 Jmp dword ptr [00402094]

    * Referenced by a CALL at Addresses:
    |:00401050 , :00401190
    |

    * Reference To: MFC42.Ordinal:0339, Ord:0339h
    |
    :0040157E FF2598204000 Jmp dword ptr [00402098]

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00401060(U)
    |

    * Reference To: MFC42.Ordinal:032F, Ord:032Fh
    |
    :00401584 FF259C204000 Jmp dword ptr [0040209C]

    * Referenced by a CALL at Addresses:
    |:0040110B , :0040137C
    |

    * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
    |:00401130(U), :004018F3(U)
    |

    * Reference To: MFC42.Ordinal:0281, Ord:0281h
    |
    :0040158A FF25A0204000 Jmp dword ptr [004020A0]

    * Referenced by a CALL at Addresses:
    |:004010FA , :0040136B
    |

    * Reference To: MFC42.Ordinal:09D2, Ord:09D2h
    |
    :00401590 FF25A4204000 Jmp dword ptr [004020A4]

    * Referenced by a CALL at Address:
    |:004010D7
    |

    * Reference To: MFC42.Ordinal:0A3D, Ord:0A3Dh
    |
    :00401596 FF25A8204000 Jmp dword ptr [004020A8]

    * Referenced by a CALL at Address:
    |:004010CD
    |

    * Reference To: MFC42.Ordinal:046E, Ord:046Eh
    |
    :0040159C FF25AC204000 Jmp dword ptr [004020AC]

    * Reference To: MFC42.Ordinal:1491, Ord:1491h
    |
    :004015A2 FF255C214000 Jmp dword ptr [0040215C]

    * Reference To: MFC42.Ordinal:1118, Ord:1118h
    |
    :004015A8 FF2558214000 Jmp dword ptr [00402158]

    * Reference To: MFC42.Ordinal:12F5, Ord:12F5h
    |
    :004015AE FF25B8204000 Jmp dword ptr [004020B8]

    * Reference To: MFC42.Ordinal:1386, Ord:1386h
    |
    :004015B4 FF25BC204000 Jmp dword ptr [004020BC]

    * Referenced by a CALL at Address:
    |:0040126A
    |

    * Reference To: MFC42.Ordinal:1266, Ord:1266h
    |
    :004015BA FF25C0204000 Jmp dword ptr [004020C0]

    * Reference To: MFC42.Ordinal:17A4, Ord:17A4h
    |
    :004015C0 FF25C4204000 Jmp dword ptr [004020C4]

    * Reference To: MFC42.Ordinal:0FEE, Ord:0FEEh
    |
    :004015C6 FF25C8204000 Jmp dword ptr [004020C8]

    * Reference To: MFC42.Ordinal:06EF, Ord:06EFh
    |
    :004015CC FF25CC204000 Jmp dword ptr [004020CC]

    * Reference To: MFC42.Ordinal:1137, Ord:1137h
    |
    :004015D2 FF25D0204000 Jmp dword ptr [004020D0]

    * Reference To: MFC42.Ordinal:1479, Ord:1479h
    |
    :004015D8 FF25D4204000 Jmp dword ptr [004020D4]

    * Reference To: MFC42.Ordinal:0951, Ord:0951h
    |
    :004015DE FF25D8204000 Jmp dword ptr [004020D8]

    * Reference To: MFC42.Ordinal:142B, Ord:142Bh
    |
    :004015E4 FF25DC204000 Jmp dword ptr [004020DC]

    * Reference To: MFC42.Ordinal:18E6, Ord:18E6h
    |
    :004015EA FF25E0204000 Jmp dword ptr [004020E0]

    * Reference To: MFC42.Ordinal:1101, Ord:1101h
    |
    :004015F0 FF25E4204000 Jmp dword ptr [004020E4]

    * Reference To: MFC42.Ordinal:14A0, Ord:14A0h
    |
    :004015F6 FF25E8204000 Jmp dword ptr [004020E8]

    * Reference To: MFC42.Ordinal:0ED6, Ord:0ED6h
    |
    :004015FC FF2560214000 Jmp dword ptr [00402160]

    * Reference To: MFC42.Ordinal:12E5, Ord:12E5h
    |
    :00401602 FF25F0204000 Jmp dword ptr [004020F0]

    * Reference To: MFC42.Ordinal:1159, Ord:1159h
    |
    :00401608 FF25F4204000 Jmp dword ptr [004020F4]

    * Reference To: MFC42.Ordinal:0A58, Ord:0A58h
    |
    :0040160E FF25F8204000 Jmp dword ptr [004020F8]

    * Reference To: MFC42.Ordinal:0807, Ord:0807h
    |
    :00401614 FF25FC204000 Jmp dword ptr [004020FC]

    * Reference To: MFC42.Ordinal:18E8, Ord:18E8h
    |
    :0040161A FF2500214000 Jmp dword ptr [00402100]

    * Reference To: MFC42.Ordinal:0EA5, Ord:0EA5h
    |
    :00401620 FF2504214000 Jmp dword ptr [00402104]

    * Reference To: MFC42.Ordinal:13C9, Ord:13C9h
    |
    :00401626 FF2508214000 Jmp dword ptr [00402108]

    * Reference To: MFC42.Ordinal:06BF, Ord:06BFh
    |
    :0040162C FF250C214000 Jmp dword ptr [0040210C]

    * Reference To: MFC42.Ordinal:148D, Ord:148Dh
    |
    :00401632 FF2510214000 Jmp dword ptr [00402110]

    * Reference To: MFC42.Ordinal:098E, Ord:098Eh
    |
    :00401638 FF2514214000 Jmp dword ptr [00402114]

    * Reference To: MFC42.Ordinal:084C, Ord:084Ch
    |
    :0040163E FF2518214000 Jmp dword ptr [00402118]

    * Reference To: MFC42.Ordinal:149D, Ord:149Dh
    |
    :00401644 FF251C214000 Jmp dword ptr [0040211C]

    * Reference To: MFC42.Ordinal:1213, Ord:1213h
    |
    :0040164A FF2520214000 Jmp dword ptr [00402120]

    * Reference To: MFC42.Ordinal:1149, Ord:1149h
    |
    :00401650 FF2524214000 Jmp dword ptr [00402124]

    * Reference To: MFC42.Ordinal:0E0D, Ord:0E0Dh
    |
    :00401656 FF2528214000 Jmp dword ptr [00402128]

    * Referenced by a CALL at Addresses:
    |:00401167 , :004011E4
    |

    * Reference To: MFC42.Ordinal:0144, Ord:0144h
    |
    :0040165C FF252C214000 Jmp dword ptr [0040212C]

    * Referenced by a CALL at Address:
    |:00401208
    |

    * Reference To: MFC42.Ordinal:047A, Ord:047Ah
    |
    :00401662 FF2534214000 Jmp dword ptr [00402134]

    * Referenced by a CALL at Addresses:
    |:004011F7 , :0040188A
    |

    * Reference To: MFC42.Ordinal:0490, Ord:0490h
    |
    :00401668 FF2538214000 Jmp dword ptr [00402138]

    * Referenced by a CALL at Address:
    |:004012E0
    |

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00401913(U)
    |

    * Reference To: MFC42.Ordinal:0320, Ord:0320h
    |
    :0040166E FF253C214000 Jmp dword ptr [0040213C]

    * Referenced by a CALL at Address:
    |:0040129E
    |

    * Reference To: MFC42.Ordinal:1040, Ord:1040h
    |
    :00401674 FF2540214000 Jmp dword ptr [00402140]

    * Referenced by a CALL at Address:
    |:0040128B
    |

    * Reference To: MFC42.Ordinal:021C, Ord:021Ch
    |
    :0040167A FF2544214000 Jmp dword ptr [00402144]

    * Referenced by a CALL at Address:
    |:0040127C
    |

    * Reference To: MFC42.Ordinal:0B2F, Ord:0B2Fh
    |
    :00401680 FF2548214000 Jmp dword ptr [00402148]

    * Referenced by a CALL at Addresses:
    |:00401392 , :00401459
    |

    * Reference To: MFC42.Ordinal:094B, Ord:094Bh
    |
    :00401686 FF254C214000 Jmp dword ptr [0040214C]

    * Referenced by a CALL at Address:
    |:0040144B
    |

    * Reference To: MFC42.Ordinal:02F3, Ord:02F3h
    |
    :0040168C FF2550214000 Jmp dword ptr [00402150]

    * Referenced by a CALL at Address:
    |:004013CF
    |

    * Reference To: MFC42.Ordinal:01D6, Ord:01D6h
    |
    :00401692 FF2554214000 Jmp dword ptr [00402154]

    * Referenced by a CALL at Address:
    |:004016C8
    |
    :00401698 833D10314000FF cmp dword ptr [00403110], FFFFFFFF
    :0040169F 750C jne 004016AD
    :004016A1 FF742404 push [esp+04]

    * Reference To: MSVCRT._onexit, Ord:0186h
    |
    :004016A5 FF15A8214000 Call dword ptr [004021A8]
    :004016AB 59 pop ecx
    :004016AC C3 ret



    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040169F(C)
    |
    :004016AD 680C314000 push 0040310C
    :004016B2 6810314000 push 00403110
    :004016B7 FF74240C push [esp+0C]

    * Reference To: MSVCRT.__dllonexit, Ord:0055h
    |
    :004016BB E87E010000 Call 0040183E
    :004016C0 83C40C add esp, 0000000C
    :004016C3 C3 ret



    * Referenced by a CALL at Address:
    |:00401095
    |
    :004016C4 FF742404 push [esp+04]
    :004016C8 E8CBFFFFFF call 00401698
    :004016CD F7D8 neg eax
    :004016CF 1BC0 sbb eax, eax
    :004016D1 59 pop ecx
    :004016D2 F7D8 neg eax
    :004016D4 48 dec eax
    :004016D5 C3 ret



    * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
    |:004018DD(U), :004018FD(U), :0040191D(U), :0040193D(U)
    |

    * Reference To: MSVCRT.__CxxFrameHandler, Ord:0049h
    |
    :004016D6 FF25A4214000 Jmp dword ptr [004021A4]
    :004016DC CC int 03
    :004016DD CC int 03
    :004016DE CC int 03
    :004016DF CC int 03

    //******************** Program Entry Point ********
    :004016E0 55 push ebp
    :004016E1 8BEC mov ebp, esp
    :004016E3 6AFF push FFFFFFFF
    :004016E5 68F8244000 push 004024F8
    :004016EA 6866184000 push 00401866
    :004016EF 64A100000000 mov eax, dword ptr fs:[00000000]
    :004016F5 50 push eax
    :004016F6 64892500000000 mov dword ptr fs:[00000000], esp
    :004016FD 83EC68 sub esp, 00000068
    :00401700 53 push ebx
    :00401701 56 push esi
    :00401702 57 push edi
    :00401703 8965E8 mov dword ptr [ebp-18], esp
    :00401706 33DB xor ebx, ebx
    :00401708 895DFC mov dword ptr [ebp-04], ebx
    :0040170B 6A02 push 00000002

    * Reference To: MSVCRT.__set_app_type, Ord:0081h
    |
    :0040170D FF1590214000 Call dword ptr [00402190]
    :00401713 59 pop ecx
    :00401714 830D0C314000FF or dword ptr [0040310C], FFFFFFFF
    :0040171B 830D10314000FF or dword ptr [00403110], FFFFFFFF

    * Reference To: MSVCRT.__p__fmode, Ord:006Fh
    |
    :00401722 FF158C214000 Call dword ptr [0040218C]
    :00401728 8B0D00314000 mov ecx, dword ptr [00403100]
    :0040172E 8908 mov dword ptr [eax], ecx

    * Reference To: MSVCRT.__p__commode, Ord:006Ah
    |
    :00401730 FF1588214000 Call dword ptr [00402188]
    :00401736 8B0DFC304000 mov ecx, dword ptr [004030FC]
    :0040173C 8908 mov dword ptr [eax], ecx
    :0040173E A180214000 mov eax, dword ptr [00402180]
    :00401743 8B00 mov eax, dword ptr [eax]
    :00401745 A308314000 mov dword ptr [00403108], eax
    :0040174A E816010000 call 00401865
    :0040174F 391D20304000 cmp dword ptr [00403020], ebx
    :00401755 750C jne 00401763
    :00401757 6862184000 push 00401862

    * Reference To: MSVCRT.__setusermatherr, Ord:0083h
    |
    :0040175C FF157C214000 Call dword ptr [0040217C]
    :00401762 59 pop ecx

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00401755(C)
    |
    :00401763 E8E8000000 call 00401850
    :00401768 6814304000 push 00403014
    :0040176D 6810304000 push 00403010

    * Reference To: MSVCRT._initterm, Ord:010Fh
    |
    :00401772 E8D3000000 Call 0040184A
    :00401777 A1F8304000 mov eax, dword ptr [004030F8]
    :0040177C 894594 mov dword ptr [ebp-6C], eax
    :0040177F 8D4594 lea eax, dword ptr [ebp-6C]
    :00401782 50 push eax
    :00401783 FF35F4304000 push dword ptr [004030F4]
    :00401789 8D459C lea eax, dword ptr [ebp-64]
    :0040178C 50 push eax
    :0040178D 8D4590 lea eax, dword ptr [ebp-70]
    :00401790 50 push eax
    :00401791 8D45A0 lea eax, dword ptr [ebp-60]
    :00401794 50 push eax

    * Reference To: MSVCRT.__getmainargs, Ord:0058h
    |
    :00401795 FF1574214000 Call dword ptr [00402174]
    :0040179B 680C304000 push 0040300C
    :004017A0 6800304000 push 00403000

    * Reference To: MSVCRT._initterm, Ord:010Fh
    |
    :004017A5 E8A0000000 Call 0040184A
    :004017AA 83C424 add esp, 00000024
    :004017AD A170214000 mov eax, dword ptr [00402170]
    :004017B2 8B30 mov esi, dword ptr [eax]
    :004017B4 89758C mov dword ptr [ebp-74], esi
    :004017B7 803E22 cmp byte ptr [esi], 22
    :004017BA 753A jne 004017F6

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004017C8(C)
    |
    :004017BC 46 inc esi
    :004017BD 89758C mov dword ptr [ebp-74], esi
    :004017C0 8A06 mov al, byte ptr [esi]
    :004017C2 3AC3 cmp al, bl
    :004017C4 7404 je 004017CA
    :004017C6 3C22 cmp al, 22
    :004017C8 75F2 jne 004017BC

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004017C4(C)
    |
    :004017CA 803E22 cmp byte ptr [esi], 22
    :004017CD 7504 jne 004017D3

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004017DB(C)
    |
    :004017CF 46 inc esi
    :004017D0 89758C mov dword ptr [ebp-74], esi

    * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
    |:004017CD(C), :004017F9(C)
    |
    :004017D3 8A06 mov al, byte ptr [esi]
    :004017D5 3AC3 cmp al, bl
    :004017D7 7404 je 004017DD
    :004017D9 3C20 cmp al, 20
    :004017DB 76F2 jbe 004017CF

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004017D7(C)
    |
    :004017DD 895DD0 mov dword ptr [ebp-30], ebx
    :004017E0 8D45A4 lea eax, dword ptr [ebp-5C]
    :004017E3 50 push eax

    * Reference To: KERNEL32.GetStartupInfoA, Ord:0150h
    |
    :004017E4 FF1504204000 Call dword ptr [00402004]
    :004017EA F645D001 test [ebp-30], 01
    :004017EE 7411 je 00401801
    :004017F0 0FB745D4 movzx eax, word ptr [ebp-2C]
    :004017F4 EB0E jmp 00401804

    * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
    |:004017BA(C), :004017FF(U)
    |
    :004017F6 803E20 cmp byte ptr [esi], 20
    :004017F9 76D8 jbe 004017D3
    :004017FB 46 inc esi
    :004017FC 89758C mov dword ptr [ebp-74], esi
    :004017FF EBF5 jmp 004017F6

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004017EE(C)
    |
    :00401801 6A0A push 0000000A
    :00401803 58 pop eax

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004017F4(U)
    |
    :00401804 50 push eax
    :00401805 56 push esi
    :00401806 53 push ebx
    :00401807 53 push ebx

    * Reference To: KERNEL32.GetModuleHandleA, Ord:0126h
    |
    :00401808 FF1500204000 Call dword ptr [00402000]
    :0040180E 50 push eax
    :0040180F E85E000000 call 00401872
    :00401814 894598 mov dword ptr [ebp-68], eax
    :00401817 50 push eax

    * Reference To: MSVCRT.exit, Ord:0249h
    |
    :00401818 FF156C214000 Call dword ptr [0040216C]
    :0040181E 8B45EC mov eax, dword ptr [ebp-14]
    :00401821 8B08 mov ecx, dword ptr [eax]
    :00401823 8B09 mov ecx, dword ptr [ecx]
    :00401825 894D88 mov dword ptr [ebp-78], ecx
    :00401828 50 push eax
    :00401829 51 push ecx

    * Reference To: MSVCRT._XcptFilter, Ord:0048h
    |
    :0040182A E815000000 Call 00401844
    :0040182F 59 pop ecx
    :00401830 59 pop ecx
    :00401831 C3 ret


    :00401832 8B65E8 mov esp, dword ptr [ebp-18]
    :00401835 FF7588 push [ebp-78]

    * Reference To: MSVCRT._exit, Ord:00D3h
    |
    :00401838 FF159C214000 Call dword ptr [0040219C]

    * Referenced by a CALL at Address:
    |:004016BB
    |

    * Reference To: MSVCRT.__dllonexit, Ord:0055h
    |
    :0040183E FF25A0214000 Jmp dword ptr [004021A0]

    * Referenced by a CALL at Address:
    |:0040182A
    |

    * Reference To: MSVCRT._XcptFilter, Ord:0048h
    |
    :00401844 FF2584214000 Jmp dword ptr [00402184]

    * Referenced by a CALL at Addresses:
    |:00401772 , :004017A5
    |

    * Reference To: MSVCRT._initterm, Ord:010Fh
    |
    :0040184A FF2578214000 Jmp dword ptr [00402178]

    * Referenced by a CALL at Address:
    |:00401763
    |
    :00401850 6800000300 push 00030000
    :00401855 6800000100 push 00010000

    * Reference To: MSVCRT._controlfp, Ord:00B7h
    |
    :0040185A E80D000000 Call 0040186C
    :0040185F 59 pop ecx
    :00401860 59 pop ecx
    :00401861 C3 ret


    :00401862 33C0 xor eax, eax
    :00401864 C3 ret



    * Referenced by a CALL at Address:
    |:0040174A
    |
    :00401865 C3 ret

    * Reference To: MSVCRT._except_handler3, Ord:00CAh

Page 3 of 12 FirstFirst 123456 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured