[Из песочницы] Взлом Kaspersky Crackme: исследование защитного механизма (Часть 1)29.01.2016 12:18
.text:004047C0
.text:004047C0 sub_4047C0 proc near ; CODE XREF: sub_404E50+85
.text:004047C0
.text:004047C0 var_EC = dword ptr -0ECh
.text:004047C0 var_E8 = dword ptr -0E8h
.text:004047C0 var_E4 = dword ptr -0E4h
.text:004047C0 var_E0 = dword ptr -0E0h
.text:004047C0 var_D8 = dword ptr -0D8h
.text:004047C0 var_D4 = dword ptr -0D4h
.text:004047C0 var_D0 = dword ptr -0D0h
.text:004047C0 var_CC = dword ptr -0CCh
.text:004047C0 var_C8 = dword ptr -0C8h
.text:004047C0 var_C4 = dword ptr -0C4h
.text:004047C0 var_BC = dword ptr -0BCh
.text:004047C0 var_B8 = dword ptr -0B8h
.text:004047C0 var_B4 = dword ptr -0B4h
.text:004047C0 var_B0 = dword ptr -0B0h
.text:004047C0 var_AC = dword ptr -0ACh
.text:004047C0 var_A8 = dword ptr -0A8h
.text:004047C0 var_A4 = dword ptr -0A4h
.text:004047C0 var_A0 = dword ptr -0A0h
.text:004047C0 var_98 = dword ptr -98h
.text:004047C0 var_94 = dword ptr -94h
.text:004047C0 var_90 = dword ptr -90h
.text:004047C0 var_80 = dword ptr -80h
.text:004047C0 var_7C = dword ptr -7Ch
.text:004047C0 var_75 = byte ptr -75h
.text:004047C0 var_74 = byte ptr -74h
.text:004047C0 var_73 = byte ptr -73h
.text:004047C0 var_10 = dword ptr -10h
.text:004047C0 var_C = dword ptr -0Ch
.text:004047C0 var_4 = dword ptr -4
.text:004047C0 arg_0 = dword ptr 8
.text:004047C0
.text:004047C0 push ebp
.text:004047C1 mov ebp, esp
.text:004047C3 push 0FFFFFFFFh
.text:004047C5 push offset sub_41065C
.text:004047CA mov eax, large fs:0
.text:004047D0 push eax
.text:004047D1 sub esp, 0E0h
.text:004047D7 mov eax, ___security_cookie
.text:004047DC xor eax, ebp
.text:004047DE mov [ebp+var_10], eax
.text:004047E1 push ebx
.text:004047E2 push esi
.text:004047E3 push edi
.text:004047E4 push eax
.text:004047E5 lea eax, [ebp+var_C]
.text:004047E8 mov large fs:0, eax
.text:004047EE mov eax, [ebp+arg_0]
.text:004047F1 push 1Ch ; size_t
.text:004047F3 mov [ebp+var_D8], eax
.text:004047F9 call ??2@YAPAXI@Z ; operator new(uint)
.text:004047FE mov esi, eax
.text:00404800 add esp, 4
.text:00404803 mov [ebp+var_B4], esi
.text:00404809 xor edi, edi
.text:0040480B mov [ebp+var_4], edi
.text:0040480E cmp esi, edi
.text:00404810 jz short loc_40488D
.text:00404812 mov dword ptr [esi], offset off_4117D4
.text:00404818 push 30h ; size_t
.text:0040481A mov [esi+0Ch], edi
.text:0040481D call ??2@YAPAXI@Z ; operator new(uint)
.text:00404822 add esp, 4
.text:00404825 cmp eax, edi
.text:00404827 jz short loc_40485A
.text:00404829 mov [esi+8], eax
.text:0040482C mov [eax], eax
.text:0040482E mov eax, [esi+8]
.text:00404831 mov [eax+4], eax
.text:00404834 mov eax, [esi+8]
.text:00404837 mov [eax+8], eax
.text:0040483A mov ecx, [esi+8]
.text:0040483D mov byte ptr [ecx+2Ch], 1
.text:00404841 mov edx, [esi+8]
.text:00404844 mov byte ptr [edx+2Dh], 1
.text:00404848 mov dword ptr [esi+14h], 200h
.text:0040484F mov [esi+18h], edi
.text:00404852 mov [ebp+var_98], esi
.text:00404858 jmp short loc_404893
.text:0040485A ; ---------------------------------------------------------------------------
.text:0040485A
.text:0040485A loc_40485A: ; CODE XREF: sub_4047C0+67
.text:0040485A lea eax, [ebp+var_94]
.text:00404860 push eax
.text:00404861 lea ecx, [ebp+var_A4]
.text:00404867 mov [ebp+var_94], edi
.text:0040486D call ??0exception@std@@QAE@ABQBD@Z ; std::exception::exception(char const * const &)
.text:00404872 push offset unk_413D14
.text:00404877 lea ecx, [ebp+var_A4]
.text:0040487D push ecx
.text:0040487E mov [ebp+var_A4], offset off_4116C0
.text:00404888 call __CxxThrowException@8 ; _CxxThrowException(x,x)
.text:0040488D ; ---------------------------------------------------------------------------
.text:0040488D
.text:0040488D loc_40488D: ; CODE XREF: sub_4047C0+50
.text:0040488D mov [ebp+var_98], edi
.text:00404893
.text:00404893 loc_404893: ; CODE XREF: sub_4047C0+98
.text:00404893 mov [ebp+var_A8], edi
.text:00404899 mov [ebp+var_A4], edi
.text:0040489F mov [ebp+var_A0], edi
.text:004048A5 mov [ebp+var_4], 1
.text:004048AC mov [ebp+var_CC], edi
.text:004048B2 mov [ebp+var_C8], edi
.text:004048B8 mov [ebp+var_C4], edi
.text:004048BE push 18h ; size_t
.text:004048C0 mov byte ptr [ebp+var_4], 2
.text:004048C4 call ??2@YAPAXI@Z ; operator new(uint)
.text:004048C9 add esp, 4
.text:004048CC mov [ebp+var_94], eax
.text:004048D2 mov byte ptr [ebp+var_4], 3
.text:004048D6 cmp eax, edi
.text:004048D8 jz short loc_4048EB
.text:004048DA push 60h
.text:004048DC mov ecx, eax
.text:004048DE call sub_4033D0
.text:004048E3 mov [ebp+var_B8], eax
.text:004048E9 jmp short loc_4048F1
.text:004048EB ; ---------------------------------------------------------------------------
.text:004048EB
.text:004048EB loc_4048EB: ; CODE XREF: sub_4047C0+118
.text:004048EB mov [ebp+var_B8], edi
.text:004048F1
.text:004048F1 loc_4048F1: ; CODE XREF: sub_4047C0+129
.text:004048F1 push 18h ; size_t
.text:004048F3 mov byte ptr [ebp+var_4], 2
.text:004048F7 call ??2@YAPAXI@Z ; operator new(uint)
.text:004048FC add esp, 4
.text:004048FF mov [ebp+var_94], eax
.text:00404905 mov byte ptr [ebp+var_4], 4
.text:00404909 cmp eax, edi
.text:0040490B jz short loc_404921
.text:0040490D push 200h
.text:00404912 mov ecx, eax
.text:00404914 call sub_4033D0
.text:00404919 mov [ebp+var_AC], eax
.text:0040491F jmp short loc_404927
.text:00404921 ; ---------------------------------------------------------------------------
.text:00404921
.text:00404921 loc_404921: ; CODE XREF: sub_4047C0+14B
.text:00404921 mov [ebp+var_AC], edi
.text:00404927
.text:00404927 loc_404927: ; CODE XREF: sub_4047C0+15F
.text:00404927 mov ebx, [ebp+var_C8]
.text:0040492D mov [ebp+var_BC], edi
.text:00404933 mov edi, [ebp+var_98]
.text:00404939 mov byte ptr [ebp+var_4], 2
.text:0040493D
.text:0040493D loc_40493D: ; CODE XREF: sub_4047C0+4B9
.text:0040493D mov eax, [ebp+var_BC]
.text:00404943 inc eax
.text:00404944 mov [ebp+var_94], eax
.text:0040494A test eax, eax
.text:0040494C jle loc_404B8A
.text:00404952 mov ecx, [ebp+var_A4]
.text:00404958 sub ecx, [ebp+var_A8]
.text:0040495E mov ebx, [ebp+var_AC]
.text:00404964 mov eax, 92492493h
.text:00404969 imul ecx
.text:0040496B add edx, ecx
.text:0040496D sar edx, 4
.text:00404970 mov eax, edx
.text:00404972 shr eax, 1Fh
.text:00404975 add eax, edx
.text:00404977 mov edx, [ebp+var_94]
.text:0040497D mov [ebp+var_D4], eax
.text:00404983 mov [ebp+var_B4], edx
.text:00404989 lea esp, [esp+0]
.text:00404990
.text:00404990 loc_404990: ; CODE XREF: sub_4047C0+3BE
.text:00404990 push 63h ; size_t
.text:00404992 lea eax, [ebp+var_73]
.text:00404995 push 0 ; int
.text:00404997 push eax ; void *
.text:00404998 mov [ebp+var_74], 0
.text:0040499C call _memset
.text:004049A1 add esp, 0Ch
.text:004049A4 xor esi, esi
.text:004049A6 call _rand
.text:004049AB cdq
.text:004049AC mov ecx, 28h
.text:004049B1 idiv ecx
.text:004049B3 add edx, 14h
.text:004049B6 test edx, edx
.text:004049B8 jle short loc_4049E9
.text:004049BA lea ebx, [ebx+0]
.text:004049C0
.text:004049C0 loc_4049C0: ; CODE XREF: sub_4047C0+227
.text:004049C0 call _rand
.text:004049C5 cdq
.text:004049C6 mov ecx, 60h
.text:004049CB idiv ecx
.text:004049CD inc esi
.text:004049CE add dl, 20h
.text:004049D1 mov [ebp+esi+var_75], dl
.text:004049D5 call _rand
.text:004049DA cdq
.text:004049DB mov ecx, 28h
.text:004049E0 idiv ecx
.text:004049E2 add edx, 14h
.text:004049E5 cmp esi, edx
.text:004049E7 jl short loc_4049C0
.text:004049E9
.text:004049E9 loc_4049E9: ; CODE XREF: sub_4047C0+1F8
.text:004049E9 lea eax, [ebp+var_74]
.text:004049EC mov [ebp+var_7C], 0Fh
.text:004049F3 mov [ebp+var_80], 0
.text:004049FA mov byte ptr [ebp+var_90], 0
.text:00404A01 lea edx, [eax+1]
.text:00404A04
.text:00404A04 loc_404A04: ; CODE XREF: sub_4047C0+249
.text:00404A04 mov cl, [eax]
.text:00404A06 inc eax
.text:00404A07 test cl, cl
.text:00404A09 jnz short loc_404A04
.text:00404A0B sub eax, edx
.text:00404A0D push eax ; size_t
.text:00404A0E lea edx, [ebp+var_74]
.text:00404A11 push edx ; void *
.text:00404A12 lea ecx, [ebp+var_90]
.text:00404A18 call sub_405BB0
.text:00404A1D mov eax, [edi]
.text:00404A1F mov edx, [eax+4]
.text:00404A22 lea ecx, [ebp+var_90]
.text:00404A28 push ecx
.text:00404A29 mov ecx, edi
.text:00404A2B mov byte ptr [ebp+var_4], 5
.text:00404A2F call edx
.text:00404A31 cmp [ebp+var_7C], 10h
.text:00404A35 mov byte ptr [ebp+var_4], 2
.text:00404A39 jb short loc_404A4A
.text:00404A3B mov eax, [ebp+var_90]
.text:00404A41 push eax ; void *
.text:00404A42 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404A47 add esp, 4
.text:00404A4A
.text:00404A4A loc_404A4A: ; CODE XREF: sub_4047C0+279
.text:00404A4A cmp [ebp+var_D4], 0
.text:00404A51 jbe loc_404B10
.text:00404A57 mov ecx, [ebp+var_D4]
.text:00404A5D mov esi, [ebp+var_A8]
.text:00404A63 mov [ebp+var_D0], ecx
.text:00404A69 lea esp, [esp+0]
.text:00404A70
.text:00404A70 loc_404A70: ; CODE XREF: sub_4047C0+34A
.text:00404A70 cmp [ebp+var_BC], 3
.text:00404A77 jl short loc_404A8A
.text:00404A79 mov ecx, [ebp+var_B8]
.text:00404A7F mov edx, [ecx]
.text:00404A81 mov eax, [edx+8]
.text:00404A84 call eax
.text:00404A86 test al, al
.text:00404A88 jz short loc_404B01
.text:00404A8A
.text:00404A8A loc_404A8A: ; CODE XREF: sub_4047C0+2B7
.text:00404A8A lea eax, [ebp+var_74]
.text:00404A8D mov [ebp+var_7C], 0Fh
.text:00404A94 mov [ebp+var_80], 0
.text:00404A9B mov byte ptr [ebp+var_90], 0
.text:00404AA2 lea edx, [eax+1]
.text:00404AA5
.text:00404AA5 loc_404AA5: ; CODE XREF: sub_4047C0+2EA
.text:00404AA5 mov cl, [eax]
.text:00404AA7 inc eax
.text:00404AA8 test cl, cl
.text:00404AAA jnz short loc_404AA5
.text:00404AAC sub eax, edx
.text:00404AAE push eax ; size_t
.text:00404AAF lea ecx, [ebp+var_74]
.text:00404AB2 push ecx ; void *
.text:00404AB3 lea ecx, [ebp+var_90]
.text:00404AB9 call sub_405BB0
.text:00404ABE mov edx, [ebx]
.text:00404AC0 mov edx, [edx+4]
.text:00404AC3 sub esp, 14h
.text:00404AC6 mov eax, esp
.text:00404AC8 mov [ebp+var_B0], esp
.text:00404ACE push eax
.text:00404ACF mov ecx, ebx
.text:00404AD1 mov byte ptr [ebp+var_4], 6
.text:00404AD5 call edx
.text:00404AD7 mov eax, [edi]
.text:00404AD9 mov edx, [eax+8]
.text:00404ADC lea ecx, [ebp+var_90]
.text:00404AE2 push ecx
.text:00404AE3 push esi
.text:00404AE4 mov ecx, edi
.text:00404AE6 call edx
.text:00404AE8 cmp [ebp+var_7C], 10h
.text:00404AEC mov byte ptr [ebp+var_4], 2
.text:00404AF0 jb short loc_404B01
.text:00404AF2 mov eax, [ebp+var_90]
.text:00404AF8 push eax ; void *
.text:00404AF9 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404AFE add esp, 4
.text:00404B01
.text:00404B01 loc_404B01: ; CODE XREF: sub_4047C0+2C8
.text:00404B01 ; sub_4047C0+330
.text:00404B01 add esi, 1Ch
.text:00404B04 dec [ebp+var_D0]
.text:00404B0A jnz loc_404A70
.text:00404B10
.text:00404B10 loc_404B10: ; CODE XREF: sub_4047C0+291
.text:00404B10 lea eax, [ebp+var_74]
.text:00404B13 mov [ebp+var_7C], 0Fh
.text:00404B1A mov [ebp+var_80], 0
.text:00404B21 mov byte ptr [ebp+var_90], 0
.text:00404B28 lea edx, [eax+1]
.text:00404B2B jmp short loc_404B30
.text:00404B2B ; ---------------------------------------------------------------------------
.text:00404B2D align 10h
.text:00404B30
.text:00404B30 loc_404B30: ; CODE XREF: sub_4047C0+36B
.text:00404B30 ; sub_4047C0+375
.text:00404B30 mov cl, [eax]
.text:00404B32 inc eax
.text:00404B33 test cl, cl
.text:00404B35 jnz short loc_404B30
.text:00404B37 sub eax, edx
.text:00404B39 push eax ; size_t
.text:00404B3A lea ecx, [ebp+var_74]
.text:00404B3D push ecx ; void *
.text:00404B3E lea ecx, [ebp+var_90]
.text:00404B44 call sub_405BB0
.text:00404B49 lea edx, [ebp+var_90]
.text:00404B4F push edx
.text:00404B50 lea ecx, [ebp+var_CC]
.text:00404B56 mov byte ptr [ebp+var_4], 7
.text:00404B5A call sub_4072B0
.text:00404B5F cmp [ebp+var_7C], 10h
.text:00404B63 mov byte ptr [ebp+var_4], 2
.text:00404B67 jb short loc_404B78
.text:00404B69 mov eax, [ebp+var_90]
.text:00404B6F push eax ; void *
.text:00404B70 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404B75 add esp, 4
.text:00404B78
.text:00404B78 loc_404B78: ; CODE XREF: sub_4047C0+3A7
.text:00404B78 dec [ebp+var_B4]
.text:00404B7E jnz loc_404990
.text:00404B84 mov ebx, [ebp+var_C8]
.text:00404B8A
.text:00404B8A loc_404B8A: ; CODE XREF: sub_4047C0+18C
.text:00404B8A mov ecx, [ebp+var_A4]
.text:00404B90 cmp [ebp+var_A8], ecx
.text:00404B96 jz short loc_404BF9
.text:00404B98 mov edx, [ebp+var_B0]
.text:00404B9E mov eax, [ebp+var_A8]
.text:00404BA4 push edx
.text:00404BA5 push eax ; void *
.text:00404BA6 mov eax, ecx
.text:00404BA8 push eax ; int
.text:00404BA9 push eax ; int
.text:00404BAA call sub_406140
.text:00404BAF mov edi, eax
.text:00404BB1 add esp, 10h
.text:00404BB4 mov esi, edi
.text:00404BB6 cmp edi, [ebp+var_A4]
.text:00404BBC jz short loc_404BED
.text:00404BBE mov edi, edi
.text:00404BC0
.text:00404BC0 loc_404BC0: ; CODE XREF: sub_4047C0+42B
.text:00404BC0 cmp dword ptr [esi+14h], 10h
.text:00404BC4 jb short loc_404BD1
.text:00404BC6 mov eax, [esi]
.text:00404BC8 push eax ; void *
.text:00404BC9 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404BCE add esp, 4
.text:00404BD1
.text:00404BD1 loc_404BD1: ; CODE XREF: sub_4047C0+404
.text:00404BD1 mov dword ptr [esi+14h], 0Fh
.text:00404BD8 mov dword ptr [esi+10h], 0
.text:00404BDF mov byte ptr [esi], 0
.text:00404BE2 add esi, 1Ch
.text:00404BE5 cmp esi, [ebp+var_A4]
.text:00404BEB jnz short loc_404BC0
.text:00404BED
.text:00404BED loc_404BED: ; CODE XREF: sub_4047C0+3FC
.text:00404BED mov [ebp+var_A4], edi
.text:00404BF3 mov edi, [ebp+var_98]
.text:00404BF9
.text:00404BF9 loc_404BF9: ; CODE XREF: sub_4047C0+3D6
.text:00404BF9 lea ecx, [ebp+var_CC]
.text:00404BFF push ecx
.text:00404C00 lea ecx, [ebp+var_A8]
.text:00404C06 call sub_406F10
.text:00404C0B cmp [ebp+var_CC], ebx
.text:00404C11 jz short loc_404C6A
.text:00404C13 mov edx, [ebp+var_B0]
.text:00404C19 mov eax, [ebp+var_CC]
.text:00404C1F push edx
.text:00404C20 push eax ; void *
.text:00404C21 push ebx ; int
.text:00404C22 push ebx ; int
.text:00404C23 call sub_406140
.text:00404C28 mov edi, eax
.text:00404C2A add esp, 10h
.text:00404C2D mov esi, edi
.text:00404C2F cmp edi, ebx
.text:00404C31 jz short loc_404C5C
.text:00404C33
.text:00404C33 loc_404C33: ; CODE XREF: sub_4047C0+49A
.text:00404C33 cmp dword ptr [esi+14h], 10h
.text:00404C37 jb short loc_404C44
.text:00404C39 mov eax, [esi]
.text:00404C3B push eax ; void *
.text:00404C3C call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404C41 add esp, 4
.text:00404C44
.text:00404C44 loc_404C44: ; CODE XREF: sub_4047C0+477
.text:00404C44 mov dword ptr [esi+14h], 0Fh
.text:00404C4B mov dword ptr [esi+10h], 0
.text:00404C52 mov byte ptr [esi], 0
.text:00404C55 add esi, 1Ch
.text:00404C58 cmp esi, ebx
.text:00404C5A jnz short loc_404C33
.text:00404C5C
.text:00404C5C loc_404C5C: ; CODE XREF: sub_4047C0+471
.text:00404C5C mov ebx, edi
.text:00404C5E mov edi, [ebp+var_98]
.text:00404C64 mov [ebp+var_C8], ebx
.text:00404C6A
.text:00404C6A loc_404C6A: ; CODE XREF: sub_4047C0+451
.text:00404C6A mov eax, [ebp+var_94]
.text:00404C70 mov [ebp+var_BC], eax
.text:00404C76 cmp eax, 32h
.text:00404C79 jl loc_40493D
.text:00404C7F mov edi, [ebp+var_A4]
.text:00404C85 cmp [ebp+var_A8], edi
.text:00404C8B jz short loc_404CE7
.text:00404C8D mov ecx, [ebp+var_B0]
.text:00404C93 mov edx, [ebp+var_A8]
.text:00404C99 push ecx
.text:00404C9A push edx ; void *
.text:00404C9B push edi ; int
.text:00404C9C push edi ; int
.text:00404C9D call sub_406140
.text:00404CA2 mov ebx, eax
.text:00404CA4 add esp, 10h
.text:00404CA7 mov esi, ebx
.text:00404CA9 cmp ebx, edi
.text:00404CAB jz short loc_404CD9
.text:00404CAD lea ecx, [ecx+0]
.text:00404CB0
.text:00404CB0 loc_404CB0: ; CODE XREF: sub_4047C0+517
.text:00404CB0 cmp dword ptr [esi+14h], 10h
.text:00404CB4 jb short loc_404CC1
.text:00404CB6 mov eax, [esi]
.text:00404CB8 push eax ; void *
.text:00404CB9 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404CBE add esp, 4
.text:00404CC1
.text:00404CC1 loc_404CC1: ; CODE XREF: sub_4047C0+4F4
.text:00404CC1 mov dword ptr [esi+14h], 0Fh
.text:00404CC8 mov dword ptr [esi+10h], 0
.text:00404CCF mov byte ptr [esi], 0
.text:00404CD2 add esi, 1Ch
.text:00404CD5 cmp esi, edi
.text:00404CD7 jnz short loc_404CB0
.text:00404CD9
.text:00404CD9 loc_404CD9: ; CODE XREF: sub_4047C0+4EB
.text:00404CD9 mov edi, ebx
.text:00404CDB mov ebx, [ebp+var_C8]
.text:00404CE1 mov [ebp+var_A4], edi
.text:00404CE7
.text:00404CE7 loc_404CE7: ; CODE XREF: sub_4047C0+4CB
.text:00404CE7 mov esi, [ebp+var_98]
.text:00404CED mov eax, [esi]
.text:00404CEF mov edx, [eax+10h]
.text:00404CF2 lea ecx, [ebp+var_EC]
.text:00404CF8 push ecx
.text:00404CF9 mov ecx, esi
.text:00404CFB call edx
.text:00404CFD mov eax, [ebp+var_D8]
.text:00404D03 push eax
.text:00404D04 lea ecx, [ebp+var_EC]
.text:00404D0A mov byte ptr [ebp+var_4], 8
.text:00404D0E call sub_402920
.text:00404D13 mov ecx, [ebp+var_B8]
.text:00404D19 test ecx, ecx
.text:00404D1B jz short loc_404D25
.text:00404D1D mov edx, [ecx]
.text:00404D1F mov eax, [edx]
.text:00404D21 push 1
.text:00404D23 call eax
.text:00404D25
.text:00404D25 loc_404D25: ; CODE XREF: sub_4047C0+55B
.text:00404D25 mov ecx, [ebp+var_AC]
.text:00404D2B test ecx, ecx
.text:00404D2D jz short loc_404D37
.text:00404D2F mov edx, [ecx]
.text:00404D31 mov eax, [edx]
.text:00404D33 push 1
.text:00404D35 call eax
.text:00404D37
.text:00404D37 loc_404D37: ; CODE XREF: sub_4047C0+56D
.text:00404D37 mov edx, [esi]
.text:00404D39 mov eax, [edx]
.text:00404D3B push 1
.text:00404D3D mov ecx, esi
.text:00404D3F call eax
.text:00404D41 mov eax, [ebp+var_E8]
.text:00404D47 mov ecx, [ebp+var_E4]
.text:00404D4D mov [ebp+var_EC], offset off_41171C
.text:00404D57 cmp eax, ecx
.text:00404D59 jz short loc_404D75
.text:00404D5B push 0 ; size_t
.text:00404D5D push ecx ; void *
.text:00404D5E push eax ; void *
.text:00404D5F mov esi, eax
.text:00404D61 call _memcpy_0
.text:00404D66 mov eax, [ebp+var_E8]
.text:00404D6C add esp, 0Ch
.text:00404D6F mov [ebp+var_E4], esi
.text:00404D75
.text:00404D75 loc_404D75: ; CODE XREF: sub_4047C0+599
.text:00404D75 xor esi, esi
.text:00404D77 cmp eax, esi
.text:00404D79 jz short loc_404D84
.text:00404D7B push eax ; void *
.text:00404D7C call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404D81 add esp, 4
.text:00404D84
.text:00404D84 loc_404D84: ; CODE XREF: sub_4047C0+5B9
.text:00404D84 mov [ebp+var_E8], esi
.text:00404D8A mov [ebp+var_E4], esi
.text:00404D90 mov [ebp+var_E0], esi
.text:00404D96 cmp [ebp+var_CC], esi
.text:00404D9C jz short loc_404DE2
.text:00404D9E mov esi, [ebp+var_CC]
.text:00404DA4 cmp esi, ebx
.text:00404DA6 jz short loc_404DD1
.text:00404DA8
.text:00404DA8 loc_404DA8: ; CODE XREF: sub_4047C0+60F
.text:00404DA8 cmp dword ptr [esi+14h], 10h
.text:00404DAC jb short loc_404DB9
.text:00404DAE mov ecx, [esi]
.text:00404DB0 push ecx ; void *
.text:00404DB1 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404DB6 add esp, 4
.text:00404DB9
.text:00404DB9 loc_404DB9: ; CODE XREF: sub_4047C0+5EC
.text:00404DB9 mov dword ptr [esi+14h], 0Fh
.text:00404DC0 mov dword ptr [esi+10h], 0
.text:00404DC7 mov byte ptr [esi], 0
.text:00404DCA add esi, 1Ch
.text:00404DCD cmp esi, ebx
.text:00404DCF jnz short loc_404DA8
.text:00404DD1
.text:00404DD1 loc_404DD1: ; CODE XREF: sub_4047C0+5E6
.text:00404DD1 mov edx, [ebp+var_CC]
.text:00404DD7 push edx ; void *
.text:00404DD8 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404DDD add esp, 4
.text:00404DE0 xor esi, esi
.text:00404DE2
.text:00404DE2 loc_404DE2: ; CODE XREF: sub_4047C0+5DC
.text:00404DE2 cmp [ebp+var_A8], esi
.text:00404DE8 jz short loc_404E34
.text:00404DEA mov esi, [ebp+var_A8]
.text:00404DF0 cmp esi, edi
.text:00404DF2 jz short loc_404E25
.text:00404DF4 mov ebx, 0Fh
.text:00404DF9 lea esp, [esp+0]
.text:00404E00
.text:00404E00 loc_404E00: ; CODE XREF: sub_4047C0+663
.text:00404E00 cmp dword ptr [esi+14h], 10h
.text:00404E04 jb short loc_404E11
.text:00404E06 mov eax, [esi]
.text:00404E08 push eax ; void *
.text:00404E09 call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404E0E add esp, 4
.text:00404E11
.text:00404E11 loc_404E11: ; CODE XREF: sub_4047C0+644
.text:00404E11 mov [esi+14h], ebx
.text:00404E14 mov dword ptr [esi+10h], 0
.text:00404E1B mov byte ptr [esi], 0
.text:00404E1E add esi, 1Ch
.text:00404E21 cmp esi, edi
.text:00404E23 jnz short loc_404E00
.text:00404E25
.text:00404E25 loc_404E25: ; CODE XREF: sub_4047C0+632
.text:00404E25 mov ecx, [ebp+var_A8]
.text:00404E2B push ecx ; void *
.text:00404E2C call ??3@YAXPAX@Z ; operator delete(void *)
.text:00404E31 add esp, 4
.text:00404E34
.text:00404E34 loc_404E34: ; CODE XREF: sub_4047C0+628
.text:00404E34 mov ecx, [ebp+var_C]
.text:00404E37 mov large fs:0, ecx
.text:00404E3E pop ecx
.text:00404E3F pop edi
.text:00404E40 pop esi
.text:00404E41 pop ebx
.text:00404E42 mov ecx, [ebp+var_10]
.text:00404E45 xor ecx, ebp
.text:00404E47 call @__security_check_cookie@4 ; __security_check_cookie(x)
.text:00404E4C mov esp, ebp
.text:00404E4E pop ebp
.text:00404E4F retn
.text:00404E4F sub_4047C0 endp
.text:00404E4F
© Habrahabr.ru
