seg000:00DC368D ;*******************************************************
seg000:00DC368D :* ENTRY POINT *
seg000:00DC368D ;*******************************************************
seg000:00DC368D call verifySignature
seg000:00DC3692 jmp loc_E6D3AF
seg000:00DC3697
...
seg000:00E6D3AF loc_E6D3AF: ; CODE XREF: seg000:00DC3692
seg000:00E6D3AF push 58h
seg000:00E6D3B1 push offset dword_F214B0
seg000:00E6D3B6 call sub_E6E360
seg000:00E6D3BB lea eax, [ebp-68h]
seg000:00E6D3BE push eax
seg000:00E6D3BF call ds:GetStartupInfoW
seg000:00E6D3C5 xor esi, esi
seg000:00E6D3C7 cmp ds:dword_F23C60, esi
seg000:00E6D3CD jnz short loc_E6D3DA
seg000:00E6D3CF push esi
seg000:00E6D3D0 push esi
seg000:00E6D3D1 push 1
seg000:00E6D3D3 push esi
seg000:00E6D3D4 call ds:HeapSetInformation
seg000:00E6D3DA
seg000:00E6D3DA loc_E6D3DA: ; CODE XREF: seg000:00E6D3CD
seg000:00E6D3DA mov eax, 5A4Dh
seg000:00E6D3DF cmp word ptr ds:dword_D90000, ax
seg000:00E6D3E6 jz short loc_E6D3ED
seg000:00E6D3E8
seg000:00E6D3E8 loc_E6D3E8: ; CODE XREF: seg000:00E6D3FC
seg000:00E6D3E8 ; seg000:00E6D40A ...
seg000:00E6D3E8 mov [ebp-1Ch], esi
seg000:00E6D3EB jmp short loc_E6D423
seg000:00E6D3ED ; ---------------------------------------------------------------------------
seg000:00E6D3ED
seg000:00E6D3ED loc_E6D3ED: ; CODE XREF: seg000:00E6D3E6
seg000:00E6D3ED mov eax, ds:dword_D90000+3Ch
seg000:00E6D3F2 cmp ds:dword_D90000[eax], 4550h
seg000:00E6D3FC jnz short loc_E6D3E8
seg000:00E6D3FE mov ecx, 10Bh
seg000:00E6D403 cmp [eax+0D90018h], cx
seg000:00E6D40A jnz short loc_E6D3E8
seg000:00E6D40C cmp dword ptr [eax+0D90074h], 0Eh
seg000:00E6D413 jbe short loc_E6D3E8
seg000:00E6D415 xor ecx, ecx
seg000:00E6D417 cmp [eax+0D900E8h], esi
seg000:00E6D41D setnz cl
seg000:00E6D420 mov [ebp-1Ch], ecx
seg000:00E6D423
seg000:00E6D423 loc_E6D423: ; CODE XREF: seg000:00E6D3EB
seg000:00E6D423 call sub_DCEEDB
seg000:00E6D428 test eax, eax
seg000:00E6D42A jnz short loc_E6D434
seg000:00E6D42C push 1Ch
seg000:00E6D42E call sub_E6D386
seg000:00E6D433 ; ---------------------------------------------------------------------------
seg000:00E6D433 pop ecx
seg000:00E6D434
seg000:00E6D434 loc_E6D434: ; CODE XREF: seg000:00E6D42A
seg000:00E6D434 call sub_E1B6CB
seg000:00E6D439 test eax, eax
seg000:00E6D43B jnz short loc_E6D445
seg000:00E6D43D push 10h
seg000:00E6D43F call sub_E6D386
seg000:00E6D444 ; ---------------------------------------------------------------------------
seg000:00E6D444 pop ecx
seg000:00E6D445
seg000:00E6D445 loc_E6D445: ; CODE XREF: seg000:00E6D43B
seg000:00E6D445 call sub_DF2BF4
seg000:00E6D44A mov [ebp-4], esi
seg000:00E6D44D call sub_E1A314
seg000:00E6D452 test eax, eax
seg000:00E6D454 jns short loc_E6D45E
seg000:00E6D456 push 1Bh
seg000:00E6D458 call sub_DB9CA6
seg000:00E6D45D ; ---------------------------------------------------------------------------
seg000:00E6D45D pop ecx
seg000:00E6D45E
seg000:00E6D45E loc_E6D45E: ; CODE XREF: seg000:00E6D454
seg000:00E6D45E call ds:GetCommandLineW
seg000:00E6D464 mov ds:dword_F21B28, eax
seg000:00E6D469 call sub_DDCA2A
seg000:00E6D46E mov ds:dword_F23C70, eax
seg000:00E6D473 call sub_DCC36A
seg000:00E6D478 test eax, eax
seg000:00E6D47A jns short loc_E6D484
seg000:00E6D47C push 8
seg000:00E6D47E call sub_DB9CA6
seg000:00E6D483 ; ---------------------------------------------------------------------------
seg000:00E6D483 pop ecx
seg000:00E6D484
seg000:00E6D484 loc_E6D484: ; CODE XREF: seg000:00E6D47A
seg000:00E6D484 call sub_DD3827
seg000:00E6D489 test eax, eax
seg000:00E6D48B jns short loc_E6D495
seg000:00E6D48D push 9
seg000:00E6D48F call sub_DB9CA6
seg000:00E6D494 ; ---------------------------------------------------------------------------
seg000:00E6D494 pop ecx
seg000:00E6D495
seg000:00E6D495 loc_E6D495: ; CODE XREF: seg000:00E6D48B
seg000:00E6D495 push 1
seg000:00E6D497 call sub_DDCB16
seg000:00E6D49C pop ecx
seg000:00E6D49D cmp eax, esi
seg000:00E6D49F jz short loc_E6D4A8
seg000:00E6D4A1 push eax
seg000:00E6D4A2 call sub_DB9CA6
seg000:00E6D4A7 ; ---------------------------------------------------------------------------
seg000:00E6D4A7 pop ecx
seg000:00E6D4A8
seg000:00E6D4A8 loc_E6D4A8: ; CODE XREF: seg000:00E6D49F
seg000:00E6D4A8 call sub_DCD4F2
seg000:00E6D4AD test byte ptr [ebp-3Ch], 1
seg000:00E6D4B1 jz short loc_E6D4B9
seg000:00E6D4B3 movzx ecx, word ptr [ebp-38h]
seg000:00E6D4B7 jmp short loc_E6D4BC
seg000:00E6D4B9 ; ---------------------------------------------------------------------------
seg000:00E6D4B9
seg000:00E6D4B9 loc_E6D4B9: ; CODE XREF: seg000:00E6D4B1
seg000:00E6D4B9 push 0Ah
seg000:00E6D4BB pop ecx
seg000:00E6D4BC
seg000:00E6D4BC loc_E6D4BC: ; CODE XREF: seg000:00E6D4B7
seg000:00E6D4BC push ecx
seg000:00E6D4BD push eax
seg000:00E6D4BE push esi
seg000:00E6D4BF push offset dword_D90000
seg000:00E6D4C4 call sub_D9847C ; => Here we go !
seg000:00E6D4C9 mov [ebp-20h], eax
seg000:00E6D4CC cmp [ebp-1Ch], esi
seg000:00E6D4CF jnz short loc_E6D4D7
seg000:00E6D4D1 push eax
seg000:00E6D4D2 call sub_D97893
seg000:00E6D4D7
seg000:00E6D4D7 loc_E6D4D7: ; CODE XREF: seg000:00E6D4CF
seg000:00E6D4D7 call sub_DB1BA6
seg000:00E6D4DC jmp short loc_E6D50C
seg000:00E6D4DE ; ---------------------------------------------------------------------------
seg000:00E6D4DE mov eax, [ebp-14h]
seg000:00E6D4E1 mov ecx, [eax]
seg000:00E6D4E3 mov ecx, [ecx]
seg000:00E6D4E5 mov [ebp-24h], ecx
seg000:00E6D4E8 push eax
seg000:00E6D4E9 push ecx
seg000:00E6D4EA call sub_DB7F6A
seg000:00E6D4EF pop ecx
seg000:00E6D4F0 pop ecx
seg000:00E6D4F1 retn
seg000:00E6D4F2 ; ---------------------------------------------------------------------------
seg000:00E6D4F2 mov esp, [ebp-18h]
seg000:00E6D4F5 mov eax, [ebp-24h]
seg000:00E6D4F8 mov [ebp-20h], eax
seg000:00E6D4FB cmp dword ptr [ebp-1Ch], 0
seg000:00E6D4FF jnz short loc_E6D507
seg000:00E6D501 push eax
seg000:00E6D502 call sub_DDB2C5
seg000:00E6D507
seg000:00E6D507 loc_E6D507: ; CODE XREF: seg000:00E6D4FF
seg000:00E6D507 call sub_E149B0
seg000:00E6D50C
seg000:00E6D50C loc_E6D50C: ; CODE XREF: seg000:00E6D4DC
seg000:00E6D50C mov dword ptr [ebp-4], 0FFFFFFFEh
seg000:00E6D513 mov eax, [ebp-20h]
seg000:00E6D516 call sub_E6E3A5
seg000:00E6D51B retn
seg000:00E6D51B ; ---------------------------------------------------------------------------
...
seg000:00D9847C ; =============== S U B R O U T I N E =======================================
seg000:00D9847C
seg000:00D9847C ; Attributes: bp-based frame
seg000:00D9847C
seg000:00D9847C sub_D9847C proc near ; CODE XREF: seg000:00E6D4C4�p
seg000:00D9847C
seg000:00D9847C var_2A09 = byte ptr -2A09h
seg000:00D9847C nNumberOfBytesToWrite= dword ptr -2A08h
seg000:00D9847C var_2A04 = dword ptr -2A04h
seg000:00D9847C var_2A00 = word ptr -2A00h
seg000:00D9847C var_29F9 = byte ptr -29F9h
seg000:00D9847C var_29F8 = dword ptr -29F8h
seg000:00D9847C lpBuffer = dword ptr -29F4h
seg000:00D9847C pSid = dword ptr -29F0h
seg000:00D9847C var_29EC = dword ptr -29ECh
seg000:00D9847C var_29E8 = dword ptr -29E8h
seg000:00D9847C lpSecurityAttributes= dword ptr -29E4h
seg000:00D9847C var_29E0 = dword ptr -29E0h
seg000:00D9847C var_29DC = dword ptr -29DCh
seg000:00D9847C var_29D8 = dword ptr -29D8h
seg000:00D9847C ProcessInformation= _PROCESS_INFORMATION ptr -29D4h
seg000:00D9847C pSecurityDescriptor= byte ptr -29C4h
seg000:00D9847C ValueName = word ptr -29B0h
seg000:00D9847C StartupInfo = _STARTUPINFOW ptr -29A0h
seg000:00D9847C Name = word ptr -2958h
seg000:00D9847C var_2938 = byte ptr -2938h
seg000:00D9847C var_28F8 = byte ptr -28F8h
seg000:00D9847C Buffer = word ptr -2800h
seg000:00D9847C var_27E0 = dword ptr -27E0h
seg000:00D9847C Filename = word ptr -2400h
seg000:00D9847C var_2000 = byte ptr -2000h
seg000:00D9847C
seg000:00D9847C push ebp
seg000:00D9847D mov ebp, esp
seg000:00D9847F and esp, 0FFFFFFF8h
seg000:00D98482 mov eax, 2A0Ch
seg000:00D98487 call __alloca_probe
seg000:00D9848C push ebx
seg000:00D9848D push esi
seg000:00D9848E push edi
seg000:00D9848F xor ebx, ebx
seg000:00D98491 push ebx ; lpModuleName
seg000:00D98492 call ds:GetModuleHandleW
seg000:00D98498 lea esi, [esp+2A18h+var_28F8]
seg000:00D9849F mov edx, 100h
seg000:00D984A4 mov ecx, offset ExSignature
seg000:00D984A9 mov ds:hInstance, eax
seg000:00D984AE call j_decipherOnion3
seg000:00D984B3 push 58h
seg000:00D984B5 pop esi
seg000:00D984B6
seg000:00D984B6 loc_D984B6: ; CODE XREF: sub_D9847C+53
seg000:00D984B6 lea ecx, [esp+2A18h+var_28F8] ; ECX=0x12D5C8
seg000:00D984BD lea eax, unk_E931D0[esi] ; EAX=0xE93228
seg000:00D984C3 push ecx
seg000:00D984C4 push eax
seg000:00D984C5 push eax
seg000:00D984C6 call decipherOnion4
seg000:00D984CB add esp, 0Ch
seg000:00D984CE dec esi
seg000:00D984CF jns short loc_D984B6
seg000:00D984D1 ; Here the two .onion addresses are deciphered !
...
seg000:00DDA1F5 ; =============== S U B R O U T I N E =======================================
seg000:00DDA1F5
seg000:00DDA1F5 ; Attributes: bp-based frame thunk
seg000:00DDA1F5
seg000:00DDA1F5 j_decipherOnion3 proc near ; CODE XREF: sub_D9847C+32
seg000:00DDA1F5 ; sub_E1E876+65 ...
seg000:00DDA1F5 jmp decipherOnion3
seg000:00DDA1F5 j_decipherOnion3 endp
seg000:00DDA1F5
...
seg000:00DC4A0C decipherOnion3 proc near ; CODE XREF: j_decipherOnion3
seg000:00DC4A0C
seg000:00DC4A0C var_4 = dword ptr -4
seg000:00DC4A0C
seg000:00DC4A0C push ebp
seg000:00DC4A0D mov ebp, esp
seg000:00DC4A0F push 4
seg000:00DC4A11 pop eax
seg000:00DC4A12 call __alloca_probe
seg000:00DC4A17 push esi
seg000:00DC4A18 call sub_DBDF31
seg000:00DC4A1D pop ecx
seg000:00DC4A1E test eax, eax
seg000:00DC4A20 js locret_DC4C04
seg000:00DC4A26 mov edx, [esi+0F0h]
seg000:00DC4A2C and [ebp+var_4], 0
seg000:00DC4A30 shl edx, 2
seg000:00DC4A33 push ebx
seg000:00DC4A34 push edi
seg000:00DC4A35 test edx, edx
seg000:00DC4A37 jle short loc_DC4A7E
seg000:00DC4A39 lea ecx, [esi+edx*4+8]
seg000:00DC4A3D lea eax, [esi+8]
seg000:00DC4A40
seg000:00DC4A40 loc_DC4A40: ; CODE XREF: decipherOnion3+70
seg000:00DC4A40 mov ebx, [ecx-8]
seg000:00DC4A43 mov edi, [eax-8]
seg000:00DC4A46 add [ebp+var_4], 4
seg000:00DC4A4A mov [eax-8], ebx
seg000:00DC4A4D mov ebx, [ecx-4]
seg000:00DC4A50 mov [ecx-8], edi
seg000:00DC4A53 mov edi, [eax-4]
seg000:00DC4A56 mov [eax-4], ebx
seg000:00DC4A59 mov ebx, [ecx]
seg000:00DC4A5B mov [ecx-4], edi
seg000:00DC4A5E mov edi, [eax]
seg000:00DC4A60 mov [eax], ebx
seg000:00DC4A62 mov ebx, [ecx+4]
seg000:00DC4A65 mov [ecx], edi
seg000:00DC4A67 mov edi, [eax+4]
seg000:00DC4A6A mov [eax+4], ebx
seg000:00DC4A6D mov [ecx+4], edi
seg000:00DC4A70 sub edx, 4
seg000:00DC4A73 add eax, 10h
seg000:00DC4A76 sub ecx, 10h
seg000:00DC4A79 cmp [ebp+var_4], edx
seg000:00DC4A7C jl short loc_DC4A40
seg000:00DC4A7E
seg000:00DC4A7E loc_DC4A7E: ; CODE XREF: decipherOnion3+2B
seg000:00DC4A7E xor eax, eax
seg000:00DC4A80 inc eax
seg000:00DC4A81 mov [ebp+var_4], eax
seg000:00DC4A84 cmp [esi+0F0h], eax
seg000:00DC4A8A jle loc_DC4C00
seg000:00DC4A90 lea ecx, [esi+2]
seg000:00DC4A93 mov eax, 0FFh
seg000:00DC4A98
seg000:00DC4A98 loc_DC4A98: ; CODE XREF: decipherOnion3+1EE
seg000:00DC4A98 mov edx, [ecx+0Eh]
seg000:00DC4A9B movzx ebx, byte ptr [ecx+0Fh]
seg000:00DC4A9F mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4AA6 add ecx, 10h
seg000:00DC4AA9 mov edi, edx
seg000:00DC4AAB shr edi, 18h
seg000:00DC4AAE mov edi, ds:dword_EB9000[edi*4]
seg000:00DC4AB5 and edi, eax
seg000:00DC4AB7 mov edi, ds:dword_EB9C00[edi*4]
seg000:00DC4ABE and ebx, eax
seg000:00DC4AC0 xor edi, ds:dword_EBA400[ebx*4]
seg000:00DC4AC7 movzx ebx, byte ptr [ecx]
seg000:00DC4ACA mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4AD1 and ebx, eax
seg000:00DC4AD3 xor edi, ds:dword_EBA000[ebx*4]
seg000:00DC4ADA movzx ebx, byte ptr [ecx+3]
seg000:00DC4ADE and edx, eax
seg000:00DC4AE0 mov edx, ds:dword_EB9000[edx*4]
seg000:00DC4AE7 and edx, eax
seg000:00DC4AE9 xor edi, ds:dword_EBA800[edx*4]
seg000:00DC4AF0 mov edx, [ecx+2]
seg000:00DC4AF3 mov [ecx-2], edi
seg000:00DC4AF6 mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4AFD mov edi, edx
seg000:00DC4AFF shr edi, 18h
seg000:00DC4B02 mov edi, ds:dword_EB9000[edi*4]
seg000:00DC4B09 and edi, eax
seg000:00DC4B0B mov edi, ds:dword_EB9C00[edi*4]
seg000:00DC4B12 and ebx, eax
seg000:00DC4B14 xor edi, ds:dword_EBA400[ebx*4]
seg000:00DC4B1B movzx ebx, byte ptr [ecx+4]
seg000:00DC4B1F mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4B26 and ebx, eax
seg000:00DC4B28 xor edi, ds:dword_EBA000[ebx*4]
seg000:00DC4B2F movzx ebx, byte ptr [ecx+7]
seg000:00DC4B33 and edx, eax
seg000:00DC4B35 mov edx, ds:dword_EB9000[edx*4]
seg000:00DC4B3C and edx, eax
seg000:00DC4B3E xor edi, ds:dword_EBA800[edx*4]
seg000:00DC4B45 mov edx, [ecx+6]
seg000:00DC4B48 mov [ecx+2], edi
seg000:00DC4B4B mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4B52 mov edi, edx
seg000:00DC4B54 shr edi, 18h
seg000:00DC4B57 mov edi, ds:dword_EB9000[edi*4]
seg000:00DC4B5E and edi, eax
seg000:00DC4B60 mov edi, ds:dword_EB9C00[edi*4]
seg000:00DC4B67 and ebx, eax
seg000:00DC4B69 xor edi, ds:dword_EBA400[ebx*4]
seg000:00DC4B70 movzx ebx, byte ptr [ecx+8]
seg000:00DC4B74 mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4B7B and edx, eax
seg000:00DC4B7D mov edx, ds:dword_EB9000[edx*4]
seg000:00DC4B84 and ebx, eax
seg000:00DC4B86 xor edi, ds:dword_EBA000[ebx*4]
seg000:00DC4B8D movzx ebx, byte ptr [ecx+0Bh]
seg000:00DC4B91 and edx, eax
seg000:00DC4B93 xor edi, ds:dword_EBA800[edx*4]
seg000:00DC4B9A mov edx, [ecx+0Ah]
seg000:00DC4B9D mov [ecx+6], edi
seg000:00DC4BA0 mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4BA7 mov edi, edx
seg000:00DC4BA9 shr edi, 18h
seg000:00DC4BAC mov edi, ds:dword_EB9000[edi*4]
seg000:00DC4BB3 and edi, eax
seg000:00DC4BB5 mov edi, ds:dword_EB9C00[edi*4]
seg000:00DC4BBC and ebx, eax
seg000:00DC4BBE xor edi, ds:dword_EBA400[ebx*4]
seg000:00DC4BC5 movzx ebx, byte ptr [ecx+0Ch]
seg000:00DC4BC9 mov ebx, ds:dword_EB9000[ebx*4]
seg000:00DC4BD0 and edx, eax
seg000:00DC4BD2 mov edx, ds:dword_EB9000[edx*4]
seg000:00DC4BD9 and ebx, eax
seg000:00DC4BDB xor edi, ds:dword_EBA000[ebx*4]
seg000:00DC4BE2 and edx, eax
seg000:00DC4BE4 xor edi, ds:dword_EBA800[edx*4]
seg000:00DC4BEB inc [ebp+var_4]
seg000:00DC4BEE mov edx, [ebp+var_4]
seg000:00DC4BF1 mov [ecx+0Ah], edi
seg000:00DC4BF4 cmp edx, [esi+0F0h]
seg000:00DC4BFA jl loc_DC4A98
seg000:00DC4C00
seg000:00DC4C00 loc_DC4C00: ; CODE XREF: decipherOnion3+7E
seg000:00DC4C00 pop edi
seg000:00DC4C01 xor eax, eax
seg000:00DC4C03 pop ebx
seg000:00DC4C04
seg000:00DC4C04 locret_DC4C04: ; CODE XREF: decipherOnion3+14
seg000:00DC4C04 leave
seg000:00DC4C05 retn
seg000:00DC4C05 decipherOnion3 endp
...
seg000:00DBDF31 ; =============== S U B R O U T I N E =======================================
seg000:00DBDF31
seg000:00DBDF31
seg000:00DBDF31 sub_DBDF31 proc near ; CODE XREF: sub_D9D58A
seg000:00DBDF31 ; decipherOnion3+C
seg000:00DBDF31
seg000:00DBDF31 var_8 = dword ptr -8
seg000:00DBDF31 var_4 = dword ptr -4
seg000:00DBDF31 arg_0 = dword ptr 4
seg000:00DBDF31
seg000:00DBDF31 push 8
seg000:00DBDF33 pop eax
seg000:00DBDF34 call __alloca_probe
seg000:00DBDF39 mov eax, [esp+8+arg_0]
seg000:00DBDF3D push ebx
seg000:00DBDF3E push ebp
seg000:00DBDF3F push esi
seg000:00DBDF40 push edi
seg000:00DBDF41 mov esi, edx ; ESI=0x100
seg000:00DBDF43 test ecx, ecx ; ECX=0xE931B0 (=> ciphered block - contains .onion)
seg000:00DBDF45 jz loc_DBE38F
seg000:00DBDF4B test eax, eax
seg000:00DBDF4D jz loc_DBE38F
seg000:00DBDF53 mov ebp, 0C0h
seg000:00DBDF58 lea edi, [ebp-40h]
seg000:00DBDF5B cmp esi, edi
seg000:00DBDF5D jz short loc_DBDF77
seg000:00DBDF5F cmp esi, ebp
seg000:00DBDF61 jz short loc_DBDF73
seg000:00DBDF63 cmp esi, 100h
seg000:00DBDF69 jz short loc_DBDF73
seg000:00DBDF6B push 0FFFFFFFEh
seg000:00DBDF6D pop eax
seg000:00DBDF6E jmp loc_DBE392
seg000:00DBDF73 ; ---------------------------------------------------------------------------
seg000:00DBDF73
seg000:00DBDF73 loc_DBDF73: ; CODE XREF: sub_DBDF31+30
seg000:00DBDF73 ; sub_DBDF31+38
seg000:00DBDF73 cmp esi, edi
seg000:00DBDF75 jnz short loc_DBDF83
seg000:00DBDF77
seg000:00DBDF77 loc_DBDF77: ; CODE XREF: sub_DBDF31+2C
seg000:00DBDF77 mov dword ptr [eax+0F0h], 0Ah
seg000:00DBDF81 jmp short loc_DBDF94
seg000:00DBDF83 ; ---------------------------------------------------------------------------
seg000:00DBDF83
seg000:00DBDF83 loc_DBDF83: ; CODE XREF: sub_DBDF31+44
seg000:00DBDF83 xor edx, edx
seg000:00DBDF85 cmp esi, ebp
seg000:00DBDF87 setnz dl
seg000:00DBDF8A lea edx, [edx+edx+0Ch] ; EDX=0xE
seg000:00DBDF8E mov [eax+0F0h], edx
seg000:00DBDF94
seg000:00DBDF94 loc_DBDF94: ; CODE XREF: sub_DBDF31+50
seg000:00DBDF94 mov edx, [ecx]
seg000:00DBDF96 bswap edx
seg000:00DBDF98 mov [eax], edx
seg000:00DBDF9A mov ebx, [ecx+4]
seg000:00DBDF9D lea edx, [eax+4]
seg000:00DBDFA0 mov [esp+18h+var_4], edx
seg000:00DBDFA4 bswap ebx
seg000:00DBDFA6 mov [edx], ebx
seg000:00DBDFA8 mov edx, [ecx+8]
seg000:00DBDFAB bswap edx
seg000:00DBDFAD mov [eax+8], edx
seg000:00DBDFB0 mov edx, [ecx+0Ch]
seg000:00DBDFB3 bswap edx
seg000:00DBDFB5 mov [eax+0Ch], edx
seg000:00DBDFB8 cmp esi, edi
seg000:00DBDFBA jnz loc_DBE0C9
seg000:00DBDFC0 mov esi, edx
seg000:00DBDFC2 shr edx, 10h
seg000:00DBDFC5 mov edi, esi
seg000:00DBDFC7 mov ecx, 0FFh
seg000:00DBDFCC and edx, ecx
seg000:00DBDFCE mov edx, ds:dword_EB9400[edx*4]
seg000:00DBDFD5 xor edx, 1000000h
seg000:00DBDFDB shr edi, 8
seg000:00DBDFDE and edi, ecx
seg000:00DBDFE0 mov ebp, ds:dword_EB9800[edi*4]
seg000:00DBDFE7 mov ebx, 0FF000000h
seg000:00DBDFEC and edx, ebx
seg000:00DBDFEE mov edi, 0FF0000h
seg000:00DBDFF3 and ebp, edi
seg000:00DBDFF5 xor edx, ebp
seg000:00DBDFF7 mov ebp, esi
seg000:00DBDFF9 shr ebp, 18h
seg000:00DBDFFC movzx ebp, byte ptr ds:dword_EB9000[ebp*4]
seg000:00DBE004 xor edx, ebp
seg000:00DBE006 and esi, ecx
seg000:00DBE008 mov ebp, ds:dword_EB8C00[esi*4]
seg000:00DBE00F mov esi, 0FF00h
seg000:00DBE014 and ebp, esi
seg000:00DBE016 xor edx, ebp
seg000:00DBE018 xor edx, [eax]
seg000:00DBE01A mov ebp, [esp+18h+var_4]
seg000:00DBE01E mov ebp, [ebp+0]
seg000:00DBE021 mov [eax+10h], edx
seg000:00DBE024 xor ebp, edx
seg000:00DBE026 mov edx, [eax+8]
seg000:00DBE029 xor edx, ebp
seg000:00DBE02B mov [eax+18h], edx
seg000:00DBE02E xor edx, [eax+0Ch]
seg000:00DBE031 mov [eax+14h], ebp
seg000:00DBE034 mov [eax+1Ch], edx
seg000:00DBE037 mov eax, [esp+18h+var_4]
seg000:00DBE03B mov [esp+18h+var_4], offset dword_EBAD04
seg000:00DBE043
seg000:00DBE043 loc_DBE043: ; CODE XREF: sub_DBDF31+18F
seg000:00DBE043 mov ebp, [eax+18h]
seg000:00DBE046 mov edx, ebp
seg000:00DBE048 mov [esp+18h+var_8], ebp
seg000:00DBE04C add eax, 10h
seg000:00DBE04F shr ebp, 10h
seg000:00DBE052 and ebp, ecx
seg000:00DBE054 mov ebp, ds:dword_EB9400[ebp*4]
seg000:00DBE05B shr edx, 8
seg000:00DBE05E and edx, ecx
seg000:00DBE060 mov edx, ds:dword_EB9800[edx*4]
seg000:00DBE067 and ebp, ebx
seg000:00DBE069 and edx, edi
seg000:00DBE06B xor edx, ebp
seg000:00DBE06D mov ebp, [esp+18h+var_8]
seg000:00DBE071 shr ebp, 18h
seg000:00DBE074 movzx ebp, byte ptr ds:dword_EB9000[ebp*4]
seg000:00DBE07C xor edx, ebp
seg000:00DBE07E mov ebp, [esp+18h+var_8]
seg000:00DBE082 and ebp, ecx
seg000:00DBE084 mov ebp, ds:dword_EB8C00[ebp*4]
seg000:00DBE08B and ebp, esi
seg000:00DBE08D xor edx, ebp
seg000:00DBE08F xor edx, [eax-4]
seg000:00DBE092 mov ebp, [esp+18h+var_4]
seg000:00DBE096 xor edx, [ebp+0]
seg000:00DBE099 add [esp+18h+var_4], 4
seg000:00DBE09E mov [eax+0Ch], edx
seg000:00DBE0A1 mov ebp, [eax]
seg000:00DBE0A3 xor ebp, edx
seg000:00DBE0A5 mov [eax+10h], ebp
seg000:00DBE0A8 mov edx, [eax+4]
seg000:00DBE0AB xor edx, ebp
seg000:00DBE0AD mov [eax+14h], edx
seg000:00DBE0B0 mov ebp, [eax+8]
seg000:00DBE0B3 xor ebp, edx
seg000:00DBE0B5 cmp [esp+18h+var_4], offset aAesPartOfOpens ; "AES part of OpenSSL 1.0.1g 7 Apr 2014"
seg000:00DBE0BD mov [eax+18h], ebp
seg000:00DBE0C0 jnz short loc_DBE043
seg000:00DBE0C2
seg000:00DBE0C2 loc_DBE0C2: ; CODE XREF: sub_DBDF31+2C8
seg000:00DBE0C2 ; sub_DBDF31+2E3 ...
seg000:00DBE0C2 xor eax, eax
seg000:00DBE0C4 jmp loc_DBE392
seg000:00DBE0C9 ; ---------------------------------------------------------------------------
seg000:00DBE0C9
seg000:00DBE0C9 loc_DBE0C9: ; CODE XREF: sub_DBDF31+89
seg000:00DBE0C9 mov edx, [ecx+10h]
seg000:00DBE0CC bswap edx
seg000:00DBE0CE mov [eax+10h], edx
seg000:00DBE0D1 mov edx, [ecx+14h]
seg000:00DBE0D4 bswap edx
seg000:00DBE0D6 mov [eax+14h], edx
seg000:00DBE0D9 cmp esi, ebp
seg000:00DBE0DB jnz loc_DBE1FE
seg000:00DBE0E1 mov esi, edx
seg000:00DBE0E3 shr edx, 10h
seg000:00DBE0E6 mov edi, esi
seg000:00DBE0E8 mov ecx, 0FFh
seg000:00DBE0ED and edx, ecx
seg000:00DBE0EF mov edx, ds:dword_EB9400[edx*4]
seg000:00DBE0F6 xor edx, 1000000h
seg000:00DBE0FC shr edi, 8
seg000:00DBE0FF and edi, ecx
seg000:00DBE101 mov ebp, ds:dword_EB9800[edi*4]
seg000:00DBE108 mov ebx, 0FF000000h
seg000:00DBE10D and edx, ebx
seg000:00DBE10F mov edi, 0FF0000h
seg000:00DBE114 and ebp, edi
seg000:00DBE116 xor edx, ebp
seg000:00DBE118 mov ebp, esi
seg000:00DBE11A shr ebp, 18h
seg000:00DBE11D movzx ebp, byte ptr ds:dword_EB9000[ebp*4]
seg000:00DBE125 xor edx, ebp
seg000:00DBE127 and esi, ecx
seg000:00DBE129 mov ebp, ds:dword_EB8C00[esi*4]
seg000:00DBE130 mov esi, 0FF00h
seg000:00DBE135 and ebp, esi
seg000:00DBE137 xor edx, ebp
seg000:00DBE139 xor edx, [eax]
seg000:00DBE13B mov ebp, [esp+18h+var_4]
seg000:00DBE13F mov ebp, [ebp+0]
seg000:00DBE142 xor ebp, edx
seg000:00DBE144 mov [eax+18h], edx
seg000:00DBE147 mov edx, [eax+8]
seg000:00DBE14A xor edx, ebp
seg000:00DBE14C mov [eax+1Ch], ebp
seg000:00DBE14F mov ebp, [eax+0Ch]
seg000:00DBE152 xor ebp, edx
seg000:00DBE154 mov [eax+20h], edx
seg000:00DBE157 mov [eax+24h], ebp
seg000:00DBE15A add eax, 28h
seg000:00DBE15D mov [esp+18h+var_4], offset dword_EBAD04
seg000:00DBE165
seg000:00DBE165 loc_DBE165: ; CODE XREF: sub_DBDF31+2C2
seg000:00DBE165 mov edx, [eax-18h]
seg000:00DBE168 xor edx, [eax-4]
seg000:00DBE16B mov ebp, [eax-14h]
seg000:00DBE16E xor ebp, edx
seg000:00DBE170 mov [eax+4], ebp
seg000:00DBE173 mov [eax], edx
seg000:00DBE175 mov ebp, [eax+4]
seg000:00DBE178 mov edx, ebp
seg000:00DBE17A mov [esp+18h+var_8], ebp
seg000:00DBE17E add eax, 18h
seg000:00DBE181 shr ebp, 10h
seg000:00DBE184 and ebp, ecx
seg000:00DBE186 mov ebp, ds:dword_EB9400[ebp*4]
seg000:00DBE18D shr edx, 8
seg000:00DBE190 and edx, ecx
seg000:00DBE192 mov edx, ds:dword_EB9800[edx*4]
seg000:00DBE199 and ebp, ebx
seg000:00DBE19B and edx, edi
seg000:00DBE19D xor edx, ebp
seg000:00DBE19F mov ebp, [esp+18h+var_8]
seg000:00DBE1A3 shr ebp, 18h
seg000:00DBE1A6 movzx ebp, byte ptr ds:dword_EB9000[ebp*4]
seg000:00DBE1AE xor edx, ebp
seg000:00DBE1B0 mov ebp, [esp+18h+var_8]
seg000:00DBE1B4 and ebp, ecx
seg000:00DBE1B6 mov ebp, ds:dword_EB8C00[ebp*4]
seg000:00DBE1BD and ebp, esi
seg000:00DBE1BF xor edx, ebp
seg000:00DBE1C1 xor edx, [eax-28h]
seg000:00DBE1C4 mov ebp, [esp+18h+var_4]
seg000:00DBE1C8 xor edx, [ebp+0]
seg000:00DBE1CB add [esp+18h+var_4], 4
seg000:00DBE1D0 mov [eax-10h], edx
seg000:00DBE1D3 mov ebp, [eax-24h]
seg000:00DBE1D6 xor ebp, edx
seg000:00DBE1D8 mov [eax-0Ch], ebp
seg000:00DBE1DB mov edx, [eax-20h]
seg000:00DBE1DE xor edx, ebp
seg000:00DBE1E0 mov [eax-8], edx
seg000:00DBE1E3 mov ebp, [eax-1Ch]
seg000:00DBE1E6 xor ebp, edx
seg000:00DBE1E8 cmp [esp+18h+var_4], offset dword_EBAD20
seg000:00DBE1F0 mov [eax-4], ebp
seg000:00DBE1F3 jnz loc_DBE165
seg000:00DBE1F9 jmp loc_DBE0C2
seg000:00DBE1FE ; ---------------------------------------------------------------------------
seg000:00DBE1FE
seg000:00DBE1FE loc_DBE1FE: ; CODE XREF: sub_DBDF31+1AA
seg000:00DBE1FE mov edx, [ecx+18h]
seg000:00DBE201 bswap edx
seg000:00DBE203 mov [eax+18h], edx
seg000:00DBE206 mov ecx, [ecx+1Ch]
seg000:00DBE209 bswap ecx
seg000:00DBE20B mov [eax+1Ch], ecx
seg000:00DBE20E cmp esi, 100h
seg000:00DBE214 jnz loc_DBE0C2
seg000:00DBE21A mov esi, ecx
seg000:00DBE21C mov edx, esi
seg000:00DBE21E shr edx, 10h
seg000:00DBE221 mov edi, esi
seg000:00DBE223 mov ecx, 0FFh
seg000:00DBE228 and edx, ecx
seg000:00DBE22A mov edx, ds:dword_EB9400[edx*4]
seg000:00DBE231 xor edx, 1000000h
seg000:00DBE237 shr edi, 8
seg000:00DBE23A and edi, ecx
seg000:00DBE23C mov ebp, ds:dword_EB9800[edi*4]
seg000:00DBE243 mov ebx, 0FF000000h
seg000:00DBE248 and edx, ebx
seg000:00DBE24A mov edi, 0FF0000h
seg000:00DBE24F and ebp, edi
seg000:00DBE251 xor edx, ebp
seg000:00DBE253 mov ebp, esi
seg000:00DBE255 shr ebp, 18h
seg000:00DBE258 movzx ebp, byte ptr ds:dword_EB9000[ebp*4]
seg000:00DBE260 xor edx, ebp
seg000:00DBE262 and esi, ecx
seg000:00DBE264 mov ebp, ds:dword_EB8C00[esi*4]
seg000:00DBE26B mov esi, 0FF00h
seg000:00DBE270 and ebp, esi
seg000:00DBE272 xor edx, ebp
seg000:00DBE274 xor edx, [eax]
seg000:00DBE276 mov ebp, [esp+18h+var_4]
seg000:00DBE27A mov ebp, [ebp+0]
seg000:00DBE27D xor ebp, edx
seg000:00DBE27F mov [eax+20h], edx
seg000:00DBE282 mov edx, [eax+8]
seg000:00DBE285 xor edx, ebp
seg000:00DBE287 mov [eax+24h], ebp
seg000:00DBE28A mov ebp, [eax+0Ch]
seg000:00DBE28D xor ebp, edx
seg000:00DBE28F mov [eax+28h], edx
seg000:00DBE292 mov [eax+2Ch], ebp
seg000:00DBE295 add eax, 30h
seg000:00DBE298 mov [esp+18h+var_4], offset dword_EBAD04
seg000:00DBE2A0
seg000:00DBE2A0 loc_DBE2A0: ; CODE XREF: sub_DBDF31+453
seg000:00DBE2A0 mov ebp, [eax-4]
seg000:00DBE2A3 mov edx, ebp
seg000:00DBE2A5 mov [esp+18h+var_8], ebp
seg000:00DBE2A9 shr ebp, 8
seg000:00DBE2AC and ebp, ecx
seg000:00DBE2AE mov ebp, ds:dword_EB8C00[ebp*4]
seg000:00DBE2B5 and ebp, esi
seg000:00DBE2B7 shr edx, 10h
seg000:00DBE2BA and edx, ecx
seg000:00DBE2BC mov edx, ds:dword_EB9800[edx*4]
seg000:00DBE2C3 and edx, edi
seg000:00DBE2C5 xor edx, ebp
seg000:00DBE2C7 mov ebp, [esp+18h+var_8]
seg000:00DBE2CB shr ebp, 18h
seg000:00DBE2CE mov ebp, ds:dword_EB9400[ebp*4]
seg000:00DBE2D5 and ebp, ebx
seg000:00DBE2D7 xor edx, ebp
seg000:00DBE2D9 mov ebp, [esp+18h+var_8]
seg000:00DBE2DD and ebp, ecx
seg000:00DBE2DF movzx ebp, byte ptr ds:dword_EB9000[ebp*4]
seg000:00DBE2E7 xor edx, ebp
seg000:00DBE2E9 xor edx, [eax-20h]
seg000:00DBE2EC mov ebp, [eax-1Ch]
seg000:00DBE2EF xor ebp, edx
seg000:00DBE2F1 mov [eax], edx
seg000:00DBE2F3 mov edx, [eax-18h]
seg000:00DBE2F6 xor edx, ebp
seg000:00DBE2F8 mov [eax+4], ebp
seg000:00DBE2FB mov ebp, [eax-14h]
seg000:00DBE2FE xor ebp, edx
seg000:00DBE300 mov [eax+0Ch], ebp
seg000:00DBE303 mov [eax+8], edx
seg000:00DBE306 mov ebp, [eax+0Ch]
seg000:00DBE309 mov edx, ebp
seg000:00DBE30B mov [esp+18h+var_8], ebp
seg000:00DBE30F add eax, 20h
seg000:00DBE312 shr ebp, 10h
seg000:00DBE315 and ebp, ecx
seg000:00DBE317 mov ebp, ds:dword_EB9400[ebp*4]
seg000:00DBE31E shr edx, 8
seg000:00DBE321 and edx, ecx
seg000:00DBE323 mov edx, ds:dword_EB9800[edx*4]
seg000:00DBE32A and ebp, ebx
seg000:00DBE32C and edx, edi
seg000:00DBE32E xor edx, ebp
seg000:00DBE330 mov ebp, [esp+18h+var_8]
seg000:00DBE334 shr ebp, 18h
seg000:00DBE337 movzx ebp, byte ptr ds:dword_EB9000[ebp*4]
seg000:00DBE33F xor edx, ebp
seg000:00DBE341 mov ebp, [esp+18h+var_8]
seg000:00DBE345 and ebp, ecx
seg000:00DBE347 mov ebp, ds:dword_EB8C00[ebp*4]
seg000:00DBE34E and ebp, esi
seg000:00DBE350 xor edx, ebp
seg000:00DBE352 xor edx, [eax-30h]
seg000:00DBE355 mov ebp, [esp+18h+var_4]
seg000:00DBE359 xor edx, [ebp+0]
seg000:00DBE35C add [esp+18h+var_4], 4
seg000:00DBE361 mov [eax-10h], edx
seg000:00DBE364 mov ebp, [eax-2Ch]
seg000:00DBE367 xor ebp, edx
seg000:00DBE369 mov [eax-0Ch], ebp
seg000:00DBE36C mov edx, [eax-28h]
seg000:00DBE36F xor edx, ebp
seg000:00DBE371 mov [eax-8], edx
seg000:00DBE374 mov ebp, [eax-24h]
seg000:00DBE377 xor ebp, edx
seg000:00DBE379 cmp [esp+18h+var_4], offset dword_EBAD1C
seg000:00DBE381 mov [eax-4], ebp
seg000:00DBE384 jnz loc_DBE2A0
seg000:00DBE38A jmp loc_DBE0C2
seg000:00DBE38F ; ---------------------------------------------------------------------------
seg000:00DBE38F
seg000:00DBE38F loc_DBE38F: ; CODE XREF: sub_DBDF31+14
seg000:00DBE38F ; sub_DBDF31+1C
seg000:00DBE38F or eax, 0FFFFFFFFh
seg000:00DBE392
seg000:00DBE392 loc_DBE392: ; CODE XREF: sub_DBDF31+3D
seg000:00DBE392 ; sub_DBDF31+193
seg000:00DBE392 pop edi
seg000:00DBE393 pop esi
seg000:00DBE394 pop ebp
seg000:00DBE395 pop ebx
seg000:00DBE396 pop ecx
seg000:00DBE397 pop ecx
seg000:00DBE398 retn
seg000:00DBE398 sub_DBDF31 endp
...
seg000:00DADDF3 ; =============== S U B R O U T I N E =======================================
seg000:00DADDF3
seg000:00DADDF3 ; Attributes: bp-based frame
seg000:00DADDF3
seg000:00DADDF3 decipherOnion4 proc near ; CODE XREF: sub_D9847C+4A
seg000:00DADDF3 ; sub_D9847C+21A ...
seg000:00DADDF3
seg000:00DADDF3 var_10 = dword ptr -10h
seg000:00DADDF3 var_C = dword ptr -0Ch
seg000:00DADDF3 var_8 = dword ptr -8
seg000:00DADDF3 var_4 = dword ptr -4
seg000:00DADDF3 arg_0 = dword ptr 8
seg000:00DADDF3 arg_4 = dword ptr 0Ch
seg000:00DADDF3 arg_8 = dword ptr 10h
seg000:00DADDF3
seg000:00DADDF3 push ebp
seg000:00DADDF4 mov ebp, esp
seg000:00DADDF6 push 10h
seg000:00DADDF8 pop eax
seg000:00DADDF9 call __alloca_probe
seg000:00DADDFE mov eax, [ebp+arg_0]
seg000:00DADE01 mov ecx, [eax]
seg000:00DADE03 mov edx, [eax+4]
seg000:00DADE06 push ebx
seg000:00DADE07 push esi
seg000:00DADE08 mov esi, [eax+8]
seg000:00DADE0B mov eax, [eax+0Ch]
seg000:00DADE0E bswap esi
seg000:00DADE10 push edi
seg000:00DADE11 mov edi, [ebp+arg_8]
seg000:00DADE14 xor esi, [edi+8]
seg000:00DADE17 bswap eax
seg000:00DADE19 xor eax, [edi+0Ch]
seg000:00DADE1C mov [ebp+var_C], esi
seg000:00DADE1F shr esi, 8
seg000:00DADE22 mov [ebp+var_8], eax
seg000:00DADE25 bswap ecx
seg000:00DADE27 xor ecx, [edi]
seg000:00DADE29 mov ebx, eax
seg000:00DADE2B shr ebx, 10h
seg000:00DADE2E mov eax, 0FFh
seg000:00DADE33 and ebx, eax
seg000:00DADE35 and esi, eax
seg000:00DADE37 mov [ebp+arg_0], esi
seg000:00DADE3A mov esi, ds:dword_EBA000[ebx*4]
seg000:00DADE41 mov ebx, [ebp+arg_0]
seg000:00DADE44 xor esi, ds:dword_EBA400[ebx*4]
seg000:00DADE4B bswap edx
seg000:00DADE4D xor edx, [edi+4]
seg000:00DADE50 mov ebx, ecx
seg000:00DADE52 shr ebx, 18h
seg000:00DADE55 xor esi, ds:dword_EB9C00[ebx*4]
seg000:00DADE5C mov ebx, edx
seg000:00DADE5E and ebx, eax
seg000:00DADE60 xor esi, ds:dword_EBA800[ebx*4]
seg000:00DADE67 mov ebx, [ebp+var_8]
seg000:00DADE6A shr ebx, 8
seg000:00DADE6D and ebx, eax
seg000:00DADE6F mov [ebp+var_4], ecx
seg000:00DADE72 shr ecx, 10h
seg000:00DADE75 and ecx, eax
seg000:00DADE77 mov [ebp+arg_0], ecx
seg000:00DADE7A mov ecx, ds:dword_EBA400[ebx*4]
seg000:00DADE81 mov ebx, [ebp+arg_0]
seg000:00DADE84 xor ecx, ds:dword_EBA000[ebx*4]
seg000:00DADE8B xor esi, [edi+10h]
seg000:00DADE8E mov ebx, edx
seg000:00DADE90 shr ebx, 18h
seg000:00DADE93 xor ecx, ds:dword_EB9C00[ebx*4]
seg000:00DADE9A mov ebx, [ebp+var_C]
seg000:00DADE9D and ebx, eax
seg000:00DADE9F xor ecx, ds:dword_EBA800[ebx*4]
seg000:00DADEA6 mov ebx, [ebp+var_4]
seg000:00DADEA9 xor ecx, [edi+14h]
seg000:00DADEAC mov [ebp+var_10], edx
seg000:00DADEAF shr ebx, 8
seg000:00DADEB2 shr edx, 10h
seg000:00DADEB5 and ebx, eax
seg000:00DADEB7 and edx, eax
seg000:00DADEB9 mov edx, ds:dword_EBA000[edx*4]
seg000:00DADEC0 xor edx, ds:dword_EBA400[ebx*4]
seg000:00DADEC7 mov ebx, [ebp+var_C]
seg000:00DADECA shr ebx, 18h
seg000:00DADECD xor edx, ds:dword_EB9C00[ebx*4]
seg000:00DADED4 mov ebx, [ebp+var_8]
seg000:00DADED7 and ebx, eax
seg000:00DADED9 xor edx, ds:dword_EBA800[ebx*4]
seg000:00DADEE0 mov ebx, [ebp+var_10]
seg000:00DADEE3 xor edx, [edi+18h]
seg000:00DADEE6 mov edi, [ebp+var_C]
seg000:00DADEE9 shr edi, 10h
seg000:00DADEEC and edi, eax
seg000:00DADEEE mov edi, ds:dword_EBA000[edi*4]
seg000:00DADEF5 shr ebx, 8
seg000:00DADEF8 and ebx, eax
seg000:00DADEFA xor edi, ds:dword_EBA400[ebx*4]
seg000:00DADF01 mov ebx, [ebp+var_8]
seg000:00DADF04 shr ebx, 18h
seg000:00DADF07 xor edi, ds:dword_EB9C00[ebx*4]
seg000:00DADF0E mov ebx, [ebp+var_4]
seg000:00DADF11 and ebx, eax
seg000:00DADF13 xor edi, ds:dword_EBA800[ebx*4]
seg000:00DADF1A mov ebx, [ebp+arg_8]
seg000:00DADF1D xor edi, [ebx+1Ch]
seg000:00DADF20 add ebx, 20h
seg000:00DADF23 mov [ebp+arg_0], ebx
seg000:00DADF26 mov ebx, [ebp+arg_8]
seg000:00DADF29 mov ebx, [ebx+0F0h]
seg000:00DADF2F sar ebx, 1
seg000:00DADF31 dec ebx
seg000:00DADF32 mov [ebp+arg_8], ebx
seg000:00DADF35 jmp loc_DAE116
seg000:00DADF3A ; ---------------------------------------------------------------------------
seg000:00DADF3A
seg000:00DADF3A loc_DADF3A: ; CODE XREF: decipherOnion4+326
seg000:00DADF3A shr edi, 10h
seg000:00DADF3D and edi, eax
seg000:00DADF3F mov edi, ds:dword_EBA000[edi*4]
seg000:00DADF46 mov ebx, edx
seg000:00DADF48 shr ebx, 8
seg000:00DADF4B and ebx, eax
seg000:00DADF4D xor edi, ds:dword_EBA400[ebx*4]
seg000:00DADF54 mov ebx, esi
seg000:00DADF56 shr ebx, 18h
seg000:00DADF59 xor edi, ds:dword_EB9C00[ebx*4]
seg000:00DADF60 mov ebx, ecx
seg000:00DADF62 and ebx, eax
seg000:00DADF64 xor edi, ds:dword_EBA800[ebx*4]
seg000:00DADF6B mov ebx, [ebp+arg_0]
seg000:00DADF6E xor edi, [ebx]
seg000:00DADF70 mov ebx, esi
seg000:00DADF72 mov [ebp+var_4], edi
seg000:00DADF75 mov edi, [ebp+var_8]
seg000:00DADF78 shr edi, 8
seg000:00DADF7B shr ebx, 10h
seg000:00DADF7E and edi, eax
seg000:00DADF80 mov edi, ds:dword_EBA400[edi*4]
seg000:00DADF87 and ebx, eax
seg000:00DADF89 xor edi, ds:dword_EBA000[ebx*4]
seg000:00DADF90 mov ebx, ecx
seg000:00DADF92 shr ebx, 18h
seg000:00DADF95 xor edi, ds:dword_EB9C00[ebx*4]
seg000:00DADF9C mov ebx, edx
seg000:00DADF9E and ebx, eax
seg000:00DADFA0 xor edi, ds:dword_EBA800[ebx*4]
seg000:00DADFA7 mov ebx, [ebp+arg_0]
seg000:00DADFAA xor edi, [ebx+4]
seg000:00DADFAD mov ebx, esi
seg000:00DADFAF mov [ebp+var_10], edi
seg000:00DADFB2 mov edi, ecx
seg000:00DADFB4 shr edi, 10h
seg000:00DADFB7 shr ebx, 8
seg000:00DADFBA and edi, eax
seg000:00DADFBC mov edi, ds:dword_EBA000[edi*4]
seg000:00DADFC3 and ebx, eax
seg000:00DADFC5 xor edi, ds:dword_EBA400[ebx*4]
seg000:00DADFCC shr ecx, 8
seg000:00DADFCF mov ebx, edx
seg000:00DADFD1 and ecx, eax
seg000:00DADFD3 shr edx, 10h
seg000:00DADFD6 and edx, eax
seg000:00DADFD8 mov edx, ds:dword_EBA000[edx*4]
seg000:00DADFDF xor edx, ds:dword_EBA400[ecx*4]
seg000:00DADFE6 mov ecx, [ebp+var_8]
seg000:00DADFE9 shr ecx, 18h
seg000:00DADFEC xor edx, ds:dword_EB9C00[ecx*4]
seg000:00DADFF3 shr ebx, 18h
seg000:00DADFF6 xor edi, ds:dword_EB9C00[ebx*4]
seg000:00DADFFD mov ebx, [ebp+var_8]
seg000:00DAE000 and esi, eax
seg000:00DAE002 xor edx, ds:dword_EBA800[esi*4]
seg000:00DAE009 and ebx, eax
seg000:00DAE00B xor edi, ds:dword_EBA800[ebx*4]
seg000:00DAE012 mov ebx, [ebp+arg_0]
seg000:00DAE015 xor edx, [ebx+0Ch]
seg000:00DAE018 xor edi, [ebx+8]
seg000:00DAE01B mov ecx, edx
seg000:00DAE01D shr ecx, 10h
seg000:00DAE020 and ecx, eax
seg000:00DAE022 mov ecx, ds:dword_EBA000[ecx*4]
seg000:00DAE029 mov esi, edi
seg000:00DAE02B shr esi, 8
seg000:00DAE02E and esi, eax
seg000:00DAE030 xor ecx, ds:dword_EBA400[esi*4]
seg000:00DAE037 mov esi, [ebp+var_4]
seg000:00DAE03A shr esi, 18h
seg000:00DAE03D xor ecx, ds:dword_EB9C00[esi*4]
seg000:00DAE044 mov esi, [ebp+var_10]
seg000:00DAE047 and esi, eax
seg000:00DAE049 xor ecx, ds:dword_EBA800[esi*4]
seg000:00DAE050 mov [ebp+var_C], edi
seg000:00DAE053 xor ecx, [ebx+10h]
seg000:00DAE056 mov [ebp+var_8], edx
seg000:00DAE059 mov esi, ecx
seg000:00DAE05B mov ecx, edx
seg000:00DAE05D shr ecx, 8
seg000:00DAE060 mov ebx, [ebp+var_4]
seg000:00DAE063 shr ebx, 10h
seg000:00DAE066 and ebx, eax
seg000:00DAE068 and edi, eax
seg000:00DAE06A and ecx, eax
seg000:00DAE06C mov ecx, ds:dword_EBA400[ecx*4]
seg000:00DAE073 xor ecx, ds:dword_EBA000[ebx*4]
seg000:00DAE07A mov ebx, [ebp+var_10]
seg000:00DAE07D shr ebx, 18h
seg000:00DAE080 xor ecx, ds:dword_EB9C00[ebx*4]
seg000:00DAE087 mov ebx, [ebp+var_4]
seg000:00DAE08A xor ecx, ds:dword_EBA800[edi*4]
seg000:00DAE091 mov edi, [ebp+arg_0]
seg000:00DAE094 xor ecx, [edi+14h]
seg000:00DAE097 mov edi, [ebp+var_10]
seg000:00DAE09A shr edi, 10h
seg000:00DAE09D and edi, eax
seg000:00DAE09F mov edi, ds:dword_EBA000[edi*4]
seg000:00DAE0A6 shr ebx, 8
seg000:00DAE0A9 and ebx, eax
seg000:00DAE0AB xor edi, ds:dword_EBA400[ebx*4]
seg000:00DAE0B2 mov ebx, [ebp+var_C]
seg000:00DAE0B5 shr ebx, 18h
seg000:00DAE0B8 xor edi, ds:dword_EB9C00[ebx*4]
seg000:00DAE0BF mov ebx, [ebp+var_C]
seg000:00DAE0C2 and edx, eax
seg000:00DAE0C4 xor edi, ds:dword_EBA800[edx*4]
seg000:00DAE0CB mov edx, [ebp+arg_0]
seg000:00DAE0CE xor edi, [edx+18h]
seg000:00DAE0D1 shr ebx, 10h
seg000:00DAE0D4 mov edx, edi
seg000:00DAE0D6 mov edi, [ebp+var_10]
seg000:00DAE0D9 shr edi, 8
seg000:00DAE0DC and ebx, eax
seg000:00DAE0DE mov ebx, ds:dword_EBA000[ebx*4]
seg000:00DAE0E5 and edi, eax
seg000:00DAE0E7 xor ebx, ds:dword_EBA400[edi*4]
seg000:00DAE0EE mov edi, [ebp+var_8]
seg000:00DAE0F1 shr edi, 18h
seg000:00DAE0F4 xor ebx, ds:dword_EB9C00[edi*4]
seg000:00DAE0FB mov edi, [ebp+var_4]
seg000:00DAE0FE and edi, eax
seg000:00DAE100 xor ebx, ds:dword_EBA800[edi*4]
seg000:00DAE107 mov edi, [ebp+arg_0]
seg000:00DAE10A xor ebx, [edi+1Ch]
seg000:00DAE10D add [ebp+arg_0], 20h
seg000:00DAE111 dec [ebp+arg_8]
seg000:00DAE114 mov edi, ebx
seg000:00DAE116
seg000:00DAE116 loc_DAE116: ; CODE XREF: decipherOnion4+142
seg000:00DAE116 mov [ebp+var_8], edi
seg000:00DAE119 jnz loc_DADF3A
seg000:00DAE11F shr edi, 10h
seg000:00DAE122 and edi, eax
seg000:00DAE124 movzx edi, ds:byte_EBAC00[edi]
seg000:00DAE12B mov ebx, esi
seg000:00DAE12D shr ebx, 18h
seg000:00DAE130 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE137 shl ebx, 8
seg000:00DAE13A xor edi, ebx
seg000:00DAE13C shl edi, 8
seg000:00DAE13F mov ebx, edx
seg000:00DAE141 shr ebx, 8
seg000:00DAE144 and ebx, eax
seg000:00DAE146 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE14D xor edi, ebx
seg000:00DAE14F shl edi, 8
seg000:00DAE152 mov ebx, ecx
seg000:00DAE154 and ebx, eax
seg000:00DAE156 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE15D xor edi, ebx
seg000:00DAE15F mov ebx, [ebp+arg_0]
seg000:00DAE162 xor edi, [ebx]
seg000:00DAE164 mov ebx, [ebp+arg_4]
seg000:00DAE167 bswap edi
seg000:00DAE169 mov [ebx], edi
seg000:00DAE16B mov edi, esi
seg000:00DAE16D shr edi, 10h
seg000:00DAE170 and edi, eax
seg000:00DAE172 movzx edi, ds:byte_EBAC00[edi]
seg000:00DAE179 mov ebx, ecx
seg000:00DAE17B shr ebx, 18h
seg000:00DAE17E movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE185 shl ebx, 8
seg000:00DAE188 xor edi, ebx
seg000:00DAE18A mov ebx, [ebp+var_8]
seg000:00DAE18D shr ebx, 8
seg000:00DAE190 and ebx, eax
seg000:00DAE192 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE199 shl edi, 8
seg000:00DAE19C xor edi, ebx
seg000:00DAE19E shl edi, 8
seg000:00DAE1A1 mov ebx, edx
seg000:00DAE1A3 and ebx, eax
seg000:00DAE1A5 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE1AC xor edi, ebx
seg000:00DAE1AE mov ebx, [ebp+arg_0]
seg000:00DAE1B1 xor edi, [ebx+4]
seg000:00DAE1B4 mov ebx, [ebp+arg_4]
seg000:00DAE1B7 bswap edi
seg000:00DAE1B9 mov [ebx+4], edi
seg000:00DAE1BC mov ebx, edx
seg000:00DAE1BE shr ebx, 18h
seg000:00DAE1C1 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE1C8 shl ebx, 8
seg000:00DAE1CB mov edi, ecx
seg000:00DAE1CD shr edi, 10h
seg000:00DAE1D0 and edi, eax
seg000:00DAE1D2 movzx edi, ds:byte_EBAC00[edi]
seg000:00DAE1D9 xor edi, ebx
seg000:00DAE1DB mov ebx, esi
seg000:00DAE1DD shr ebx, 8
seg000:00DAE1E0 and ebx, eax
seg000:00DAE1E2 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE1E9 shl edi, 8
seg000:00DAE1EC xor edi, ebx
seg000:00DAE1EE mov ebx, [ebp+var_8]
seg000:00DAE1F1 and ebx, eax
seg000:00DAE1F3 movzx ebx, ds:byte_EBAC00[ebx]
seg000:00DAE1FA shl edi, 8
seg000:00DAE1FD xor edi, ebx
seg000:00DAE1FF mov ebx, [ebp+arg_0]
seg000:00DAE202 xor edi, [ebx+8]
seg000:00DAE205 shr edx, 10h
seg000:00DAE208 mov ebx, edi
seg000:00DAE20A mov edi, [ebp+arg_4]
seg000:00DAE20D and edx, eax
seg000:00DAE20F bswap ebx
seg000:00DAE211 mov [edi+8], ebx
seg000:00DAE214 movzx ebx, ds:byte_EBAC00[edx]
seg000:00DAE21B mov edx, [ebp+var_8]
seg000:00DAE21E shr edx, 18h
seg000:00DAE221 movzx edx, ds:byte_EBAC00[edx]
seg000:00DAE228 shr ecx, 8
seg000:00DAE22B and ecx, eax
seg000:00DAE22D movzx ecx, ds:byte_EBAC00[ecx]
seg000:00DAE234 shl edx, 8
seg000:00DAE237 xor ebx, edx
seg000:00DAE239 shl ebx, 8
seg000:00DAE23C and esi, eax
seg000:00DAE23E movzx eax, ds:byte_EBAC00[esi]
seg000:00DAE245 xor ebx, ecx
seg000:00DAE247 shl ebx, 8
seg000:00DAE24A xor ebx, eax
seg000:00DAE24C mov eax, [ebp+arg_0]
seg000:00DAE24F xor ebx, [eax+0Ch]
seg000:00DAE252 bswap ebx
seg000:00DAE254 mov [edi+0Ch], ebx
seg000:00DAE257 pop edi
seg000:00DAE258 pop esi
seg000:00DAE259 pop ebx
seg000:00DAE25A leave
seg000:00DAE25B retn
seg000:00DAE25B decipherOnion4 endp