00402820 /. 55 PUSH EBP 00402821 |. 8BEC MOV EBP,ESP 00402823 |. 6A FF PUSH -1 00402825 |. 68 2CAF4100 PUSH $_Anti-C.0041AF2C ; SE handler installation 0040282A |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 00402830 |. 50 PUSH EAX 00402831 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP 00402838 |. B8 08140000 MOV EAX,1408 0040283D |. E8 DE3F0000 CALL $_Anti-C.00406820 00402842 |. 898D 10ECFFFF MOV DWORD PTR SS:[EBP-13F0],ECX 00402848 |. 837D 08 00 CMP DWORD PTR SS:[EBP+8],0 0040284C |. 0F85 3F060000 JNZ $_Anti-C.00402E91 00402852 |. 68 E8030000 PUSH 3E8 00402857 |. 8B8D 10ECFFFF MOV ECX,DWORD PTR SS:[EBP-13F0] 0040285D |. E8 79310100 CALL $_Anti-C.004159DB 00402862 |. 85C0 TEST EAX,EAX 00402864 |. 0F84 04040000 JE $_Anti-C.00402C6E 0040286A |. C745 EC 030000>MOV DWORD PTR SS:[EBP-14],3 00402871 |. 8B85 10ECFFFF MOV EAX,DWORD PTR SS:[EBP-13F0] 00402877 |. 83B8 24010000 >CMP DWORD PTR DS:[EAX+124],0 0040287E |. 75 09 JNZ SHORT $_Anti-C.00402889 00402880 |. C745 E8 44C941>MOV DWORD PTR SS:[EBP-18],$_Anti-C.0041C>; ASCII "BF1942 (Ver: Tue, 19 Oct 2004 14:58:45)" 00402887 |. EB 16 JMP SHORT $_Anti-C.0040289F 00402889 |> 8B8D 10ECFFFF MOV ECX,DWORD PTR SS:[EBP-13F0] 0040288F |. 83B9 24010000 >CMP DWORD PTR DS:[ECX+124],1 00402896 |. 75 07 JNZ SHORT $_Anti-C.0040289F 00402898 |. C745 E8 6CC941>MOV DWORD PTR SS:[EBP-18],$_Anti-C.0041C>; ASCII "Battlefield Vietnam" 0040289F |> 6A 00 PUSH 0 ; /Title = NULL 004028A1 |. 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-18] ; | 004028A4 |. 52 PUSH EDX ; |Class 004028A5 |. FF15 20C44100 CALL DWORD PTR DS:[<&USER32.FindWindowA>>; \FindWindowA 004028AB |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX 004028AE |. 837D F0 00 CMP DWORD PTR SS:[EBP-10],0 004028B2 |. 75 07 JNZ SHORT $_Anti-C.004028BB 004028B4 |. C745 EC 000000>MOV DWORD PTR SS:[EBP-14],0 004028BB |> 837D F0 00 CMP DWORD PTR SS:[EBP-10],0 004028BF |. 0F84 A0010000 JE $_Anti-C.00402A65 004028C5 |. 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] 004028C8 |. 50 PUSH EAX ; /pProcessID 004028C9 |. 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] ; | 004028CC |. 51 PUSH ECX ; |hWnd 004028CD |. FF15 24C44100 CALL DWORD PTR DS:[<&USER32.GetWindowThr>; \GetWindowThreadProcessId 004028D3 |. C745 E0 000000>MOV DWORD PTR SS:[EBP-20],0 004028DA |. EB 09 JMP SHORT $_Anti-C.004028E5 004028DC |> 8B55 E0 /MOV EDX,DWORD PTR SS:[EBP-20] 004028DF |. 83C2 01 |ADD EDX,1 004028E2 |. 8955 E0 |MOV DWORD PTR SS:[EBP-20],EDX 004028E5 |> 837D E0 01 CMP DWORD PTR SS:[EBP-20],1 004028E9 |. 0F83 76010000 |JNB $_Anti-C.00402A65 004028EF |. 8B85 10ECFFFF |MOV EAX,DWORD PTR SS:[EBP-13F0] 004028F5 |. 8B88 24010000 |MOV ECX,DWORD PTR DS:[EAX+124] 004028FB |. 6BC9 18 |IMUL ECX,ECX,18 004028FE |. 8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20] 00402901 |. 6BD2 18 |IMUL EDX,EDX,18 00402904 |. 8B8411 94C5410>|MOV EAX,DWORD PTR DS:[ECX+EDX+41C594] 0040290B |. 50 |PUSH EAX 0040290C |. E8 44FC0000 |CALL $_Anti-C.00412555 00402911 |. 83C4 04 |ADD ESP,4 00402914 |. 8985 34ECFFFF |MOV DWORD PTR SS:[EBP-13CC],EAX 0040291A |. 8B8D 34ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13CC] 00402920 |. 894D DC |MOV DWORD PTR SS:[EBP-24],ECX 00402923 |. 6A 00 |PUSH 0 ; /pBytesRead = NULL 00402925 |. 8B95 10ECFFFF |MOV EDX,DWORD PTR SS:[EBP-13F0] ; | 0040292B |. 8B82 24010000 |MOV EAX,DWORD PTR DS:[EDX+124] ; | 00402931 |. 6BC0 18 |IMUL EAX,EAX,18 ; | 00402934 |. 8B4D E0 |MOV ECX,DWORD PTR SS:[EBP-20] ; | 00402937 |. 6BC9 18 |IMUL ECX,ECX,18 ; | 0040293A |. 8B9408 94C5410>|MOV EDX,DWORD PTR DS:[EAX+ECX+41C594] ; | 00402941 |. 52 |PUSH EDX ; |BytesToRead 00402942 |. 8B45 DC |MOV EAX,DWORD PTR SS:[EBP-24] ; | 00402945 |. 50 |PUSH EAX ; |Buffer 00402946 |. 8B8D 10ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 0040294C |. 8B91 24010000 |MOV EDX,DWORD PTR DS:[ECX+124] ; | 00402952 |. 6BD2 18 |IMUL EDX,EDX,18 ; | 00402955 |. 8B45 E0 |MOV EAX,DWORD PTR SS:[EBP-20] ; | 00402958 |. 6BC0 18 |IMUL EAX,EAX,18 ; | 0040295B |. 8B8C02 90C5410>|MOV ECX,DWORD PTR DS:[EDX+EAX+41C590] ; | 00402962 |. 51 |PUSH ECX ; |BaseAddress 00402963 |. 8B55 E4 |MOV EDX,DWORD PTR SS:[EBP-1C] ; | 00402966 |. 52 |PUSH EDX ; |ProcessID 00402967 |. E8 4EDA0000 |CALL ; \Toolhelp32ReadProcessMemory 0040296C |. 85C0 |TEST EAX,EAX 0040296E |. 75 0C |JNZ SHORT $_Anti-C.0040297C 00402970 |. C745 EC 010000>|MOV DWORD PTR SS:[EBP-14],1 00402977 |. E9 C4000000 |JMP $_Anti-C.00402A40 0040297C |> 68 000000F0 |PUSH F0000000 00402981 |. 6A 01 |PUSH 1 00402983 |. 6A 00 |PUSH 0 00402985 |. 6A 00 |PUSH 0 00402987 |. 8D45 D0 |LEA EAX,DWORD PTR SS:[EBP-30] 0040298A |. 50 |PUSH EAX 0040298B |. FF15 14C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptAcqu>; ADVAPI32.CryptAcquireContextA 00402991 |. 8D4D D8 |LEA ECX,DWORD PTR SS:[EBP-28] 00402994 |. 51 |PUSH ECX 00402995 |. 6A 00 |PUSH 0 00402997 |. 6A 00 |PUSH 0 00402999 |. 68 03800000 |PUSH 8003 0040299E |. 8B55 D0 |MOV EDX,DWORD PTR SS:[EBP-30] 004029A1 |. 52 |PUSH EDX 004029A2 |. FF15 10C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptCrea>; ADVAPI32.CryptCreateHash 004029A8 |. 6A 00 |PUSH 0 004029AA |. 8B85 10ECFFFF |MOV EAX,DWORD PTR SS:[EBP-13F0] 004029B0 |. 8B88 24010000 |MOV ECX,DWORD PTR DS:[EAX+124] 004029B6 |. 6BC9 18 |IMUL ECX,ECX,18 004029B9 |. 8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20] 004029BC |. 6BD2 18 |IMUL EDX,EDX,18 004029BF |. 8B8411 94C5410>|MOV EAX,DWORD PTR DS:[ECX+EDX+41C594] 004029C6 |. 50 |PUSH EAX 004029C7 |. 8B4D DC |MOV ECX,DWORD PTR SS:[EBP-24] 004029CA |. 51 |PUSH ECX 004029CB |. 8B55 D8 |MOV EDX,DWORD PTR SS:[EBP-28] 004029CE |. 52 |PUSH EDX 004029CF |. FF15 0CC04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptHash>; ADVAPI32.CryptHashData 004029D5 |. C745 D4 100000>|MOV DWORD PTR SS:[EBP-2C],10 004029DC |. 6A 00 |PUSH 0 004029DE |. 8D45 D4 |LEA EAX,DWORD PTR SS:[EBP-2C] 004029E1 |. 50 |PUSH EAX 004029E2 |. 8D4D C0 |LEA ECX,DWORD PTR SS:[EBP-40] 004029E5 |. 51 |PUSH ECX 004029E6 |. 6A 02 |PUSH 2 004029E8 |. 8B55 D8 |MOV EDX,DWORD PTR SS:[EBP-28] 004029EB |. 52 |PUSH EDX 004029EC |. FF15 08C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptGetH>; ADVAPI32.CryptGetHashParam 004029F2 |. 8B45 D8 |MOV EAX,DWORD PTR SS:[EBP-28] 004029F5 |. 50 |PUSH EAX 004029F6 |. FF15 04C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptDest>; ADVAPI32.CryptDestroyHash 004029FC |. 6A 00 |PUSH 0 004029FE |. 8B4D D0 |MOV ECX,DWORD PTR SS:[EBP-30] 00402A01 |. 51 |PUSH ECX 00402A02 |. FF15 2CC04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptRele>; ADVAPI32.CryptReleaseContext 00402A08 |. 8B55 D4 |MOV EDX,DWORD PTR SS:[EBP-2C] 00402A0B |. 52 |PUSH EDX 00402A0C |. 8B85 10ECFFFF |MOV EAX,DWORD PTR SS:[EBP-13F0] 00402A12 |. 8B88 24010000 |MOV ECX,DWORD PTR DS:[EAX+124] 00402A18 |. 6BC9 18 |IMUL ECX,ECX,18 00402A1B |. 8B55 E0 |MOV EDX,DWORD PTR SS:[EBP-20] 00402A1E |. 6BD2 18 |IMUL EDX,EDX,18 00402A21 |. 8D8411 98C5410>|LEA EAX,DWORD PTR DS:[ECX+EDX+41C598] 00402A28 |. 50 |PUSH EAX 00402A29 |. 8D4D C0 |LEA ECX,DWORD PTR SS:[EBP-40] 00402A2C |. 51 |PUSH ECX 00402A2D |. E8 2E3D0000 |CALL $_Anti-C.00406760 00402A32 |. 83C4 0C |ADD ESP,0C 00402A35 |. 85C0 |TEST EAX,EAX 00402A37 |. 74 07 |JE SHORT $_Anti-C.00402A40 00402A39 |. C745 EC 040000>|MOV DWORD PTR SS:[EBP-14],4 00402A40 |> 8B55 DC |MOV EDX,DWORD PTR SS:[EBP-24] 00402A43 |. 8995 30ECFFFF |MOV DWORD PTR SS:[EBP-13D0],EDX 00402A49 |. 8B85 30ECFFFF |MOV EAX,DWORD PTR SS:[EBP-13D0] 00402A4F |. 50 |PUSH EAX 00402A50 |. E8 05FB0000 |CALL $_Anti-C.0041255A 00402A55 |. 83C4 04 |ADD ESP,4 00402A58 |. 837D EC 03 |CMP DWORD PTR SS:[EBP-14],3 00402A5C |. 74 02 |JE SHORT $_Anti-C.00402A60 00402A5E |. EB 05 |JMP SHORT $_Anti-C.00402A65 00402A60 |>^E9 77FEFFFF \JMP $_Anti-C.004028DC 00402A65 |> 837D EC 03 CMP DWORD PTR SS:[EBP-14],3 00402A69 |. 0F85 CF010000 JNZ $_Anti-C.00402C3E 00402A6F |. 6A 00 PUSH 0 ; /ProcessID = 0 00402A71 |. 6A 02 PUSH 2 ; |Flags = TH32CS_SNAPPROCESS 00402A73 |. E8 3CD90000 CALL ; \CreateToolhelp32Snapshot 00402A78 |. 8985 90FEFFFF MOV DWORD PTR SS:[EBP-170],EAX 00402A7E |. C785 94FEFFFF >MOV DWORD PTR SS:[EBP-16C],128 00402A88 |. 8D8D 94FEFFFF LEA ECX,DWORD PTR SS:[EBP-16C] 00402A8E |. 51 PUSH ECX ; /pProcessentry 00402A8F |. 8B95 90FEFFFF MOV EDX,DWORD PTR SS:[EBP-170] ; | 00402A95 |. 52 PUSH EDX ; |hSnapshot 00402A96 |. E8 13D90000 CALL ; \Process32First 00402A9B |. 85C0 TEST EAX,EAX 00402A9D |. 0F84 87010000 JE $_Anti-C.00402C2A 00402AA3 |> 8B85 9CFEFFFF /MOV EAX,DWORD PTR SS:[EBP-164] 00402AA9 |. 50 |PUSH EAX ; /ProcessID 00402AAA |. 6A 08 |PUSH 8 ; |Flags = TH32CS_SNAPMODULE 00402AAC |. E8 03D90000 |CALL ; \CreateToolhelp32Snapshot 00402AB1 |. 8985 8CFEFFFF |MOV DWORD PTR SS:[EBP-174],EAX 00402AB7 |. C785 64FCFFFF >|MOV DWORD PTR SS:[EBP-39C],224 00402AC1 |. 8D8D 64FCFFFF |LEA ECX,DWORD PTR SS:[EBP-39C] 00402AC7 |. 51 |PUSH ECX ; /pModuleentry 00402AC8 |. 8B95 8CFEFFFF |MOV EDX,DWORD PTR SS:[EBP-174] ; | 00402ACE |. 52 |PUSH EDX ; |hSnapshot 00402ACF |. E8 D4D80000 |CALL ; \Module32First 00402AD4 |. 85C0 |TEST EAX,EAX 00402AD6 |. 0F84 1C010000 |JE $_Anti-C.00402BF8 00402ADC |. 6A 00 |PUSH 0 ; /pBytesRead = NULL 00402ADE |. 68 00100000 |PUSH 1000 ; |BytesToRead = 1000 (4096.) 00402AE3 |. 8D85 64ECFFFF |LEA EAX,DWORD PTR SS:[EBP-139C] ; | 00402AE9 |. 50 |PUSH EAX ; |Buffer 00402AEA |. 8B8D 78FCFFFF |MOV ECX,DWORD PTR SS:[EBP-388] ; | 00402AF0 |. 81C1 00100000 |ADD ECX,1000 ; | 00402AF6 |. 51 |PUSH ECX ; |BaseAddress 00402AF7 |. 8B95 9CFEFFFF |MOV EDX,DWORD PTR SS:[EBP-164] ; | 00402AFD |. 52 |PUSH EDX ; |ProcessID 00402AFE |. E8 B7D80000 |CALL ; \Toolhelp32ReadProcessMemory 00402B03 |. 85C0 |TEST EAX,EAX 00402B05 |. 0F84 ED000000 |JE $_Anti-C.00402BF8 00402B0B |. 68 000000F0 |PUSH F0000000 00402B10 |. 6A 01 |PUSH 1 00402B12 |. 6A 00 |PUSH 0 00402B14 |. 6A 00 |PUSH 0 00402B16 |. 8D85 58ECFFFF |LEA EAX,DWORD PTR SS:[EBP-13A8] 00402B1C |. 50 |PUSH EAX 00402B1D |. FF15 14C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptAcqu>; ADVAPI32.CryptAcquireContextA 00402B23 |. 8D8D 60ECFFFF |LEA ECX,DWORD PTR SS:[EBP-13A0] 00402B29 |. 51 |PUSH ECX 00402B2A |. 6A 00 |PUSH 0 00402B2C |. 6A 00 |PUSH 0 00402B2E |. 68 03800000 |PUSH 8003 00402B33 |. 8B95 58ECFFFF |MOV EDX,DWORD PTR SS:[EBP-13A8] 00402B39 |. 52 |PUSH EDX 00402B3A |. FF15 10C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptCrea>; ADVAPI32.CryptCreateHash 00402B40 |. 6A 00 |PUSH 0 00402B42 |. 68 00100000 |PUSH 1000 00402B47 |. 8D85 64ECFFFF |LEA EAX,DWORD PTR SS:[EBP-139C] 00402B4D |. 50 |PUSH EAX 00402B4E |. 8B8D 60ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13A0] 00402B54 |. 51 |PUSH ECX 00402B55 |. FF15 0CC04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptHash>; ADVAPI32.CryptHashData 00402B5B |. C785 5CECFFFF >|MOV DWORD PTR SS:[EBP-13A4],10 00402B65 |. 6A 00 |PUSH 0 00402B67 |. 8D95 5CECFFFF |LEA EDX,DWORD PTR SS:[EBP-13A4] 00402B6D |. 52 |PUSH EDX 00402B6E |. 8D85 48ECFFFF |LEA EAX,DWORD PTR SS:[EBP-13B8] 00402B74 |. 50 |PUSH EAX 00402B75 |. 6A 02 |PUSH 2 00402B77 |. 8B8D 60ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13A0] 00402B7D |. 51 |PUSH ECX 00402B7E |. FF15 08C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptGetH>; ADVAPI32.CryptGetHashParam 00402B84 |. 8B95 60ECFFFF |MOV EDX,DWORD PTR SS:[EBP-13A0] 00402B8A |. 52 |PUSH EDX 00402B8B |. FF15 04C04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptDest>; ADVAPI32.CryptDestroyHash 00402B91 |. 6A 00 |PUSH 0 00402B93 |. 8B85 58ECFFFF |MOV EAX,DWORD PTR SS:[EBP-13A8] 00402B99 |. 50 |PUSH EAX 00402B9A |. FF15 2CC04100 |CALL DWORD PTR DS:[<&ADVAPI32.CryptRele>; ADVAPI32.CryptReleaseContext 00402BA0 |. C785 44ECFFFF >|MOV DWORD PTR SS:[EBP-13BC],0 00402BAA |. EB 0F |JMP SHORT $_Anti-C.00402BBB 00402BAC |> 8B8D 44ECFFFF |/MOV ECX,DWORD PTR SS:[EBP-13BC] 00402BB2 |. 83C1 01 ||ADD ECX,1 00402BB5 |. 898D 44ECFFFF ||MOV DWORD PTR SS:[EBP-13BC],ECX 00402BBB |> 83BD 44ECFFFF >| CMP DWORD PTR SS:[EBP-13BC],1 00402BC2 |. 73 34 ||JNB SHORT $_Anti-C.00402BF8 00402BC4 |. 8B95 5CECFFFF ||MOV EDX,DWORD PTR SS:[EBP-13A4] 00402BCA |. 52 ||PUSH EDX 00402BCB |. 8B85 44ECFFFF ||MOV EAX,DWORD PTR SS:[EBP-13BC] 00402BD1 |. 6BC0 18 ||IMUL EAX,EAX,18 00402BD4 |. 05 C8C54100 ||ADD EAX,$_Anti-C.0041C5C8 00402BD9 |. 50 ||PUSH EAX 00402BDA |. 8D8D 48ECFFFF ||LEA ECX,DWORD PTR SS:[EBP-13B8] 00402BE0 |. 51 ||PUSH ECX 00402BE1 |. E8 7A3B0000 ||CALL $_Anti-C.00406760 00402BE6 |. 83C4 0C ||ADD ESP,0C 00402BE9 |. 85C0 ||TEST EAX,EAX 00402BEB |. 75 09 ||JNZ SHORT $_Anti-C.00402BF6 00402BED |. C745 EC 050000>||MOV DWORD PTR SS:[EBP-14],5 00402BF4 |. EB 02 ||JMP SHORT $_Anti-C.00402BF8 00402BF6 |>^EB B4 |\JMP SHORT $_Anti-C.00402BAC 00402BF8 |> 8B95 8CFEFFFF |MOV EDX,DWORD PTR SS:[EBP-174] 00402BFE |. 52 |PUSH EDX ; /hObject 00402BFF |. FF15 44C24100 |CALL DWORD PTR DS:[<&KERNEL32.CloseHand>; \CloseHandle 00402C05 |. 837D EC 03 |CMP DWORD PTR SS:[EBP-14],3 00402C09 |. 74 02 |JE SHORT $_Anti-C.00402C0D 00402C0B |. EB 1B |JMP SHORT $_Anti-C.00402C28 00402C0D |> 8D85 94FEFFFF |LEA EAX,DWORD PTR SS:[EBP-16C] 00402C13 |. 50 |PUSH EAX ; /pProcessentry 00402C14 |. 8B8D 90FEFFFF |MOV ECX,DWORD PTR SS:[EBP-170] ; | 00402C1A |. 51 |PUSH ECX ; |hSnapshot 00402C1B |. E8 82D70000 |CALL ; \Process32Next 00402C20 |. 85C0 |TEST EAX,EAX 00402C22 |.^0F85 7BFEFFFF \JNZ $_Anti-C.00402AA3 00402C28 |> EB 07 JMP SHORT $_Anti-C.00402C31 00402C2A |> C745 EC 020000>MOV DWORD PTR SS:[EBP-14],2 00402C31 |> 8B95 90FEFFFF MOV EDX,DWORD PTR SS:[EBP-170] 00402C37 |. 52 PUSH EDX ; /hObject 00402C38 |. FF15 44C24100 CALL DWORD PTR DS:[<&KERNEL32.CloseHandl>; \CloseHandle 00402C3E |> 51 PUSH ECX ; /Arg1 00402C3F |. 8BCC MOV ECX,ESP ; | 00402C41 |. 89A5 2CECFFFF MOV DWORD PTR SS:[EBP-13D4],ESP ; | 00402C47 |. 6A 04 PUSH 4 ; |/Arg2 = 00000004 00402C49 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] ; || 00402C4C |. 50 PUSH EAX ; ||Arg1 00402C4D |. E8 4E0B0000 CALL $_Anti-C.004037A0 ; |\$_Anti-C.004037A0 00402C52 |. 8985 0CECFFFF MOV DWORD PTR SS:[EBP-13F4],EAX ; | 00402C58 |. 8B8D 10ECFFFF MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 00402C5E |. 8B89 FC000000 MOV ECX,DWORD PTR DS:[ECX+FC] ; | 00402C64 |. E8 F71D0000 CALL $_Anti-C.00404A60 ; \$_Anti-C.00404A60 00402C69 |. E9 23020000 JMP $_Anti-C.00402E91 00402C6E |> 8B8D 10ECFFFF MOV ECX,DWORD PTR SS:[EBP-13F0] 00402C74 |. 81C1 08010000 ADD ECX,108 00402C7A |. E8 B10F0000 CALL $_Anti-C.00403C30 00402C7F |. 8985 40ECFFFF MOV DWORD PTR SS:[EBP-13C0],EAX 00402C85 |> 83BD 40ECFFFF >/CMP DWORD PTR SS:[EBP-13C0],0 00402C8C |. 0F84 DB010000 |JE $_Anti-C.00402E6D 00402C92 |. 8D95 40ECFFFF |LEA EDX,DWORD PTR SS:[EBP-13C0] 00402C98 |. 52 |PUSH EDX ; /Arg1 00402C99 |. 8B8D 10ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 00402C9F |. 81C1 08010000 |ADD ECX,108 ; | 00402CA5 |. E8 A60F0000 |CALL $_Anti-C.00403C50 ; \$_Anti-C.00403C50 00402CAA |. 8B00 |MOV EAX,DWORD PTR DS:[EAX] 00402CAC |. 8985 3CECFFFF |MOV DWORD PTR SS:[EBP-13C4],EAX 00402CB2 |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] 00402CB8 |. E8 A3080000 |CALL $_Anti-C.00403560 00402CBD |. 85C0 |TEST EAX,EAX 00402CBF |. 75 12 |JNZ SHORT $_Anti-C.00402CD3 00402CC1 |. 6A 01 |PUSH 1 ; /Arg1 = 00000001 00402CC3 |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] ; | 00402CC9 |. E8 B2080000 |CALL $_Anti-C.00403580 ; \$_Anti-C.00403580 00402CCE |. E9 95010000 |JMP $_Anti-C.00402E68 00402CD3 |> 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] 00402CD9 |. E8 82080000 |CALL $_Anti-C.00403560 00402CDE |. 83F8 01 |CMP EAX,1 00402CE1 |. 74 14 |JE SHORT $_Anti-C.00402CF7 00402CE3 |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] 00402CE9 |. E8 72080000 |CALL $_Anti-C.00403560 00402CEE |. 83F8 02 |CMP EAX,2 00402CF1 |. 0F85 64010000 |JNZ $_Anti-C.00402E5B 00402CF7 |> 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] 00402CFD |. E8 9E080000 |CALL $_Anti-C.004035A0 00402D02 |. 83F8 FF |CMP EAX,-1 00402D05 |. 0F84 16010000 |JE $_Anti-C.00402E21 00402D0B |. 8D8D 24ECFFFF |LEA ECX,DWORD PTR SS:[EBP-13DC] 00402D11 |. 51 |PUSH ECX ; /Arg1 00402D12 |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] ; | 00402D18 |. E8 C3080000 |CALL $_Anti-C.004035E0 ; \$_Anti-C.004035E0 00402D1D |. 8985 08ECFFFF |MOV DWORD PTR SS:[EBP-13F8],EAX 00402D23 |. 8B95 08ECFFFF |MOV EDX,DWORD PTR SS:[EBP-13F8] 00402D29 |. 8995 04ECFFFF |MOV DWORD PTR SS:[EBP-13FC],EDX 00402D2F |. C745 FC 000000>|MOV DWORD PTR SS:[EBP-4],0 00402D36 |. 8B85 04ECFFFF |MOV EAX,DWORD PTR SS:[EBP-13FC] 00402D3C |. 50 |PUSH EAX ; /Arg3 00402D3D |. 68 A0C94100 |PUSH $_Anti-C.0041C9A0 ; |Arg2 = 0041C9A0 ASCII "game.sayall "$ Anti-Cheat > Kicking '" 00402D42 |. 8D8D 20ECFFFF |LEA ECX,DWORD PTR SS:[EBP-13E0] ; | 00402D48 |. 51 |PUSH ECX ; |Arg1 00402D49 |. E8 F20B0000 |CALL $_Anti-C.00403940 ; \$_Anti-C.00403940 00402D4E |. 83C4 0C |ADD ESP,0C 00402D51 |. 8985 00ECFFFF |MOV DWORD PTR SS:[EBP-1400],EAX 00402D57 |. 8B95 00ECFFFF |MOV EDX,DWORD PTR SS:[EBP-1400] 00402D5D |. 8995 FCEBFFFF |MOV DWORD PTR SS:[EBP-1404],EDX 00402D63 |. C645 FC 01 |MOV BYTE PTR SS:[EBP-4],1 00402D67 |. 51 |PUSH ECX 00402D68 |. 8BC4 |MOV EAX,ESP 00402D6A |. 89A5 28ECFFFF |MOV DWORD PTR SS:[EBP-13D8],ESP 00402D70 |. 68 80C94100 |PUSH $_Anti-C.0041C980 ; /Arg3 = 0041C980 ASCII "' from Server (Packet loss)"" 00402D75 |. 8B8D FCEBFFFF |MOV ECX,DWORD PTR SS:[EBP-1404] ; | 00402D7B |. 51 |PUSH ECX ; |Arg2 00402D7C |. 50 |PUSH EAX ; |Arg1 00402D7D |. E8 1E0B0000 |CALL $_Anti-C.004038A0 ; \$_Anti-C.004038A0 00402D82 |. 83C4 0C |ADD ESP,0C 00402D85 |. 8985 F8EBFFFF |MOV DWORD PTR SS:[EBP-1408],EAX ; | 00402D8B |. 8B8D 10ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 00402D91 |. E8 6A060000 |CALL $_Anti-C.00403400 ; \$_Anti-C.00403400 00402D96 |. C645 FC 00 |MOV BYTE PTR SS:[EBP-4],0 00402D9A |. 8D8D 20ECFFFF |LEA ECX,DWORD PTR SS:[EBP-13E0] 00402DA0 |. E8 8BE4FFFF |CALL $_Anti-C.00401230 00402DA5 |. C745 FC FFFFFF>|MOV DWORD PTR SS:[EBP-4],-1 00402DAC |. 8D8D 24ECFFFF |LEA ECX,DWORD PTR SS:[EBP-13DC] 00402DB2 |. E8 79E4FFFF |CALL $_Anti-C.00401230 00402DB7 |. 8D8D 38ECFFFF |LEA ECX,DWORD PTR SS:[EBP-13C8] 00402DBD |. E8 2E100000 |CALL $_Anti-C.00403DF0 00402DC2 |. C745 FC 020000>|MOV DWORD PTR SS:[EBP-4],2 00402DC9 |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] 00402DCF |. E8 CC070000 |CALL $_Anti-C.004035A0 00402DD4 |. 50 |PUSH EAX ; /Arg3 00402DD5 |. 68 C8C94100 |PUSH $_Anti-C.0041C9C8 ; |Arg2 = 0041C9C8 ASCII "admin.kickplayer %i" 00402DDA |. 8D95 38ECFFFF |LEA EDX,DWORD PTR SS:[EBP-13C8] ; | 00402DE0 |. 52 |PUSH EDX ; |Arg1 00402DE1 |. E8 EA090000 |CALL $_Anti-C.004037D0 ; \$_Anti-C.004037D0 00402DE6 |. 83C4 0C |ADD ESP,0C 00402DE9 |. 51 |PUSH ECX ; /Arg1 00402DEA |. 8BCC |MOV ECX,ESP ; | 00402DEC |. 89A5 1CECFFFF |MOV DWORD PTR SS:[EBP-13E4],ESP ; | 00402DF2 |. 8D85 38ECFFFF |LEA EAX,DWORD PTR SS:[EBP-13C8] ; | 00402DF8 |. 50 |PUSH EAX ; |/Arg1 00402DF9 |. E8 12100000 |CALL $_Anti-C.00403E10 ; |\$_Anti-C.00403E10 00402DFE |. 8985 F4EBFFFF |MOV DWORD PTR SS:[EBP-140C],EAX ; | 00402E04 |. 8B8D 10ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 00402E0A |. E8 F1050000 |CALL $_Anti-C.00403400 ; \$_Anti-C.00403400 00402E0F |. C745 FC FFFFFF>|MOV DWORD PTR SS:[EBP-4],-1 00402E16 |. 8D8D 38ECFFFF |LEA ECX,DWORD PTR SS:[EBP-13C8] 00402E1C |. E8 0FE4FFFF |CALL $_Anti-C.00401230 00402E21 |> 51 |PUSH ECX ; /Arg1 00402E22 |. 8BCC |MOV ECX,ESP ; | 00402E24 |. 89A5 18ECFFFF |MOV DWORD PTR SS:[EBP-13E8],ESP ; | 00402E2A |. 68 DCC94100 |PUSH $_Anti-C.0041C9DC ; |/Arg1 = 0041C9DC ASCII "Kicked from Server! (Packet loss)" 00402E2F |. E8 FC0F0000 |CALL $_Anti-C.00403E30 ; |\$_Anti-C.00403E30 00402E34 |. 8985 F0EBFFFF |MOV DWORD PTR SS:[EBP-1410],EAX ; | 00402E3A |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] ; | 00402E40 |. E8 1B1C0000 |CALL $_Anti-C.00404A60 ; \$_Anti-C.00404A60 00402E45 |. 6A 00 |PUSH 0 ; /Arg2 = 00000000 00402E47 |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] ; | 00402E4D |. 51 |PUSH ECX ; |Arg1 00402E4E |. 8B8D 10ECFFFF |MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 00402E54 |. E8 07F9FFFF |CALL $_Anti-C.00402760 ; \$_Anti-C.00402760 00402E59 |. EB 0D |JMP SHORT $_Anti-C.00402E68 00402E5B |> 6A 02 |PUSH 2 ; /Arg1 = 00000002 00402E5D |. 8B8D 3CECFFFF |MOV ECX,DWORD PTR SS:[EBP-13C4] ; | 00402E63 |. E8 18070000 |CALL $_Anti-C.00403580 ; \$_Anti-C.00403580 00402E68 |>^E9 18FEFFFF \JMP $_Anti-C.00402C85 00402E6D |> 51 PUSH ECX ; /Arg1 00402E6E |. 8BCC MOV ECX,ESP ; | 00402E70 |. 89A5 14ECFFFF MOV DWORD PTR SS:[EBP-13EC],ESP ; | 00402E76 |. 68 00CA4100 PUSH $_Anti-C.0041CA00 ; |/Arg1 = 0041CA00 ASCII "game.listplayers" 00402E7B |. E8 B00F0000 CALL $_Anti-C.00403E30 ; |\$_Anti-C.00403E30 00402E80 |. 8985 ECEBFFFF MOV DWORD PTR SS:[EBP-1414],EAX ; | 00402E86 |. 8B8D 10ECFFFF MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 00402E8C |. E8 6F050000 CALL $_Anti-C.00403400 ; \$_Anti-C.00403400 00402E91 |> 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8] 00402E94 |. 52 PUSH EDX ; /Arg1 00402E95 |. 8B8D 10ECFFFF MOV ECX,DWORD PTR SS:[EBP-13F0] ; | 00402E9B |. E8 800E0000 CALL $_Anti-C.00403D20 ; \$_Anti-C.00403D20 00402EA0 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] 00402EA3 |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX 00402EAA |. 8BE5 MOV ESP,EBP 00402EAC |. 5D POP EBP 00402EAD \. C2 0400 RETN 4