| 00401000
|
$ 6A 00
|
PUSH 0
|
pModule = NULL
|
| 00401002
|
. E8 7D010000
|
CALL <JMP.&KERNEL32.GetModuleHandleA>
|
GetModuleHandleA
|
| 00401007
|
. A3 A0304000
|
MOV DWORD PTR DS:[4030A0],EAX
|
|
| 0040100C
|
. 6A 00
|
PUSH 0
|
lParam = NULL
|
| 0040100E
|
. 68 29104000
|
PUSH goth.00401029
|
DlgProc = goth.00401029
|
| 00401013
|
. 6A 00
|
PUSH 0
|
hOwner = NULL
|
| 00401015
|
. 6A 65
|
PUSH 65
|
pTemplate = 65
|
| 00401017
|
. FF35 A0304000
|
PUSH DWORD PTR DS:[4030A0]
|
hInst = NULL
|
| 0040101D
|
. E8 32010000
|
CALL <JMP.&USER32.DialogBoxParamA>
|
DialogBoxParamA
|
| 00401022
|
. 6A 00
|
PUSH 0
|
ExitCode = 0
|
| 00401024
|
. E8 55010000
|
CALL <JMP.&KERNEL32.ExitProcess>
|
ExitProcess
|
| 00401029
|
. 55
|
PUSH EBP
|
|
| 0040102A
|
. 8BEC
|
MOV EBP,ESP
|
|
| 0040102C
|
. 817D 0C 11010000
|
CMP DWORD PTR SS:[EBP+C],111
|
|
| 00401033
|
. 0F85 DA000000
|
JNZ goth.00401113
|
|
| 00401039
|
. 8B55 10
|
MOV EDX,DWORD PTR SS:[EBP+10]
|
|
| 0040103C
|
. C1EA 10
|
SHR EDX,10
|
|
| 0040103F
|
. 66:0BD2
|
OR DX,DX
|
|
| 00401042
|
. 0F85 FA000000
|
JNZ goth.00401142
|
|
| 00401048
|
. 8B45 10
|
MOV EAX,DWORD PTR SS:[EBP+10]
|
|
| 0040104B
|
. 25 FFFF0000
|
AND EAX,0FFFF
|
|
| 00401050
|
. 66:83F8 01
|
CMP AX,1
|
|
| 00401054
|
. 0F85 A3000000
|
JNZ goth.004010FD
|
|
| 0040105A
|
. 6A 20
|
PUSH 20
|
Count = 20 (32.)
|
| 0040105C
|
. 68 00304000
|
PUSH goth.00403000
|
Buffer = goth.00403000
|
| 00401061
|
. 68 B80B0000
|
PUSH 0BB8
|
ControlID = BB8 (3000.)
|
| 00401066
|
. FF75 08
|
PUSH DWORD PTR SS:[EBP+8]
|
hWnd
|
| 00401069
|
. E8 F8000000
|
CALL <JMP.&USER32.GetDlgItemTextA>
|
GetDlgItemTextA
|
| 0040106E
|
. 68 00304000
|
PUSH goth.00403000
|
String2 = ""
|
| 00401073
|
. 68 40304000
|
PUSH goth.00403040
|
String1 = "analspider"
|
| 00401078
|
. E8 0D010000
|
CALL <JMP.&KERNEL32.lstrcmpA>
|
lstrcmpA
|
| 004010A4
|
. E8 0BC0
|
OR EAX,EAX
|
|
| 0040107F
|
. 75 39
|
JNZ SHORT vault.004010BA
|
|
| 00401081
|
. 6A 20
|
PUSH 20
|
Count = 20 (32.)
|
| 00401083
|
. 68 20304000
|
PUSH goth.00403020
|
Buffer = goth.00403020
|
| 00401088
|
. 68 B90B0000
|
PUSH 0BB9
|
ControlID = BB9 (3001.)
|
| 0040108D
|
. FF75 08
|
PUSH DWORD PTR SS:[EBP+8]
|
hWnd
|
| 00401090
|
. E8 D1000000
|
CALL <JMP.&USER32.GetDlgItemTextA>
|
GetDlgItemTextA
|
| 00401095
|
. 68 4C304000
|
PUSH goth.0040304C
|
String2 = "7777"
|
| 0040109A
|
. 68 20304000
|
PUSH vault.00403020
|
String1 = ""
|
| 0040109F
|
. E8 E6000000
|
CALL <JMP.&KERNEL32.lstrcmpA>
|
lstrcmpA
|
| 004010A4
|
. 0BC0
|
OR EAX,EAX
|
|
| 004010A6
|
. 75 09
|
JNZ SHORT goth.004010B1
|
|
| 004010A8
|
. C605 9E304000 01
|
MOV BYTE PTR DS:[40309E],1
|
|
| 004010AF
|
. EB7nbsp;10
|
JMP SHORT vault.004010C1
|
|
| 004010B1
|
> C605 9E304000 00
|
JMP SHORT goth.004010C1
|
|
| 004010B8
|
. EB 07
|
JMP SHORT vault.004010C1
|
|
| 004010BA
|
> C605 9E304000 00
|
MOV BYTE PTR DS:[40309E],0
|
|
| 004010AF
|
. EB 10
|
JMP SHORT vault.004010C1
|
|
| 004010B1
|
> C605 9E304000 00
|
MOV BYTE PTR DS:[40309E],0
|
|
| 004010B8
|
. EB 07
|
JMP SHORT goth.004010C1
|
|
| 004010BA
|
> C605 9E304000 00
|
MOV BYTE PTR DS:[40309E],0
|
|
| 004010C1
|
> 803D 9E304000 01
|
CMP BYTE PTR DS:[40309E],1
|
|
| 004010C8
|
. 75 1D
|
JNZ SHORT vault.004010E7
|
|
| 004010CA
|
. 6A 24
|
PUSH 24
|
Style = MB_YESNO|MB_ICON
|
| 004010CC
|
. 68 57304000
|
PUSH goth.00403057
|
Title = "the goth"
|
| 004010D1
|
. 68 6C304000
|
PUSH goth.0040306C
|
Text = "Howdidyougetin?"
|
| 004010D6
|
. FF75 08
|
PUSH DWORD PTR SS:[EBP+8]
|
hOwner
|
| 004010D9
|
. E8 8E000000
|
CALL <JMP.&USER32.MessageBoxA>
|
MessageBoxA
|
| 004010DE
|
. C605 9E304000 00
|
MOV BYTE PTR DS:[40309E],0
|
|
| 004010E5
|
. EB 5B
|
JMP SHORT goth.00401142
|
|
| 004010E7
|
> 6A 10
|
PUSH 10
|
Style = MB_OK|MB_ICONHAND
|
| 004010E9
|
. 68 57304000
|
PUSH vault.00403057
|
Title = "the goth"
|
| 004010EE
|
. 68 61304000
|
PUSH vault.00403061
|
Text = "No Access!"
|