Disassembled L2server.exe now in assembly

**JimiHendrix** · 08-06-06

To those who know assembly or have the time and desire to learn this should be of some help.

http://rapidshare.de/files/22556656/L2serverEXE.exe

This is just the beginning of the file it is 45 mb in txt format compressed with 7zip to 3 mb

.text:00401000 ; Input MD5 : FF29E60268CCDCAAAFD0338BB014911F
.text:00401000
.text:00401000 ; File Name : C:\Documents and Settings\Administrator.DR-PSOWBX60W2PB\My Documents\New Folder\L2Server\L2Server.exe
.text:00401000 ; Format : Portable executable for 80386 (PE)
.text:00401000 ; Imagebase : 400000
.text:00401000 ; Section 1. (virtual address 00001000)
.text:00401000 ; Virtual size : 001B3D82 (1785218.)
.text:00401000 ; Section size in file : 001B4000 (1785856.)
.text:00401000 ; Offset to raw data for section: 00001000
.text:00401000 ; Flags E0000060: Text Data Executable Readable Writable
.text:00401000 ; Alignment : default
.text:00401000
.text:00401000
.text:00401000 unicode macro page,string,zero
.text:00401000 irpc c,<string>
.text:00401000 db '&c', page
.text:00401000 endm
.text:00401000 ifnb <zero>
.text:00401000 dw zero
.text:00401000 endif
.text:00401000 endm
.text:00401000
.text:00401000 .686p
.text:00401000 .mmx
.text:00401000 .model flat
.text:00401000
.text:00401000 ; ---------------------------------------------------------------------------
.text:00401000
.text:00401000 ; Segment type: Pure code
.text:00401000 ; Segment permissions: Read/Write/Execute
.text:00401000 _text segment para public 'CODE' use32
.text:00401000 assume cs:_text
.text:00401000 ;org 401000h
.text:00401000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
.text:00401000
.text:00401000 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00401000
.text:00401000
.text:00401000 sub_401000 proc near ; CODE XREF: sub_425C20+38A0p
.text:00401000 mov eax, [ecx+10h]
.text:00401003 test eax, eax
.text:00401005 jnz short locret_40100C
.text:00401007 mov eax, offset word_5B563C
.text:0040100C
.text:0040100C locret_40100C: ; CODE XREF: sub_401000+5j
.text:0040100C retn
.text:0040100C sub_401000 endp
.text:0040100C
.text:0040100C ; ---------------------------------------------------------------------------
.text:0040100D align 10h
.text:00401010
.text:00401010 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00401010
.text:00401010
.text:00401010 sub_401010 proc near ; CODE XREF: sub_425C20+42ECp
.text:00401010 ; sub_425C20+44BAp ...
.text:00401010 mov eax, [ecx+10h]
.text:00401013 test eax, eax
.text:00401015 jz short loc_40101B
.text:00401017 mov eax, [eax+50h]
.text:0040101A retn
.text:0040101B ; ---------------------------------------------------------------------------
.text:0040101B
.text:0040101B loc_40101B: ; CODE XREF: sub_401010+5j
.text:0040101B xor eax, eax
.text:0040101D retn
.text:0040101D sub_401010 endp
.text:0040101D
.text:0040101D ; ---------------------------------------------------------------------------
.text:0040101E align 10h
.text:00401020
.text:00401020 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00401020
.text:00401020
.text:00401020 sub_401020 proc near ; CODE XREF: sub_425C20+4249p
.text:00401020 ; sub_425C20+4438p
.text:00401020 mov eax, [ecx+10h]
.text:00401023 test eax, eax
.text:00401025 jz short loc_40102B
.text:00401027 mov eax, [eax+54h]
.text:0040102A retn
.text:0040102B ; ---------------------------------------------------------------------------
.text:0040102B
.text:0040102B loc_40102B: ; CODE XREF: sub_401020+5j
.text:0040102B xor eax, eax
.text:0040102D retn
.text:0040102D sub_401020 endp
.text:0040102D
.text:0040102D ; ---------------------------------------------------------------------------
.text:0040102E align 10h
.text:00401030
.text:00401030 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00401030
.text:00401030
.text:00401030 sub_401030 proc near ; CODE XREF: sub_425C20+4FCBp
.text:00401030 mov eax, [ecx+10h]
.text:00401033 test eax, eax
.text:00401035 jz short loc_40103B
.text:00401037 mov eax, [eax+60h]
.text:0040103A retn
.text:0040103B ; ---------------------------------------------------------------------------
.text:0040103B
.text:0040103B loc_40103B: ; CODE XREF: sub_401030+5j
.text:0040103B xor eax, eax
.text:0040103D retn
.text:0040103D sub_401030 endp
.text:0040103D
.text:0040103D ; ---------------------------------------------------------------------------
.text:0040103E align 10h
.text:00401040
.text:00401040 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00401040
.text:00401040
.text:00401040 sub_401040 proc near ; CODE XREF: sub_425C20+4F6Dp
.text:00401040 ; sub_4F54A0+119p ...
.text:00401040 mov eax, [ecx+10h]
.text:00401043 test eax, eax
.text:00401045 jz short loc_40104B
.text:00401047 mov eax, [eax+68h]
.text:0040104A retn
.text:0040104B ; ---------------------------------------------------------------------------
.text:0040104B
.text:0040104B loc_40104B: ; CODE XREF: sub_401040+5j
.text:0040104B mov eax, 4
.text:00401050 retn
.text:00401050 sub_401040 endp
.text:00401050
.text:00401050 ; ---------------------------------------------------------------------------
.text:00401051 align 10h
.text:00401060
.text:00401060 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00401060
.text:00401060 ; Attributes: bp-based frame
.text:00401060
.text:00401060 sub_401060 proc near ; CODE XREF: sub_404620+36Dp
.text:00401060 ; sub_4323C0+269p
.text:00401060
.text:00401060 var_10 = dword ptr -10h
.text:00401060 var_C = dword ptr -0Ch
.text:00401060 var_4 = dword ptr -4
.text:00401060
.text:00401060 push ebp
.text:00401061 mov ebp, esp
.text:00401063 push 0FFFFFFFFh
.text:00401065 push offset loc_5A1490
.text:0040106A mov eax, large fs:0
.text:00401070 push eax
.text:00401071 mov large fs:0, esp
.text:00401078 sub esp, 0Ch
.text:0040107B push ebx
.text:0040107C push esi
.text:0040107D push edi
.text:0040107E add ecx, 14h
.text:00401081 mov [ebp+var_10], esp
.text:00401084 mov [ebp+var_4], 0
.text:0040108B call sub_4C4F60
.text:00401090 mov ecx, [ebp+var_C]
.text:00401093 pop edi
.text:00401094 pop esi
.text:00401095 mov large fs:0, ecx
.text:0040109C pop ebx
.text:0040109D mov esp, ebp
.text:0040109F pop ebp
.text:004010A0 retn
.text:004010A0 sub_401060 endp
.text:004010A0
.text:004010A1 ; ---------------------------------------------------------------------------
.text:004010A1 mov eax, [ebp-18h]
.text:004010A4 push offset dword_67333C
.text:004010A9 lea ecx, [ebp-14h]
.text:004010AC push ecx
.text:004010AD mov [ebp-14h], eax
.text:004010B0 call sub_58C2DA
.text:004010B5
.text:004010B5 loc_4010B5: ; DATA XREF: .rdata:00673378o
.text:004010B5 push offset aVoidWritelock ; "void WriteLock()"
.text:004010BA call sub_4792B0
.text:004010BF add esp, 4
.text:004010C2 push 0
.text:004010C4 push 0
.text:004010C6 call sub_58C2DA
.text:004010CB int 3 ; Trap to Debugger
.text:004010CC nop
.text:004010CD nop
.text:004010CE nop
.text:004010CF nop
.text:004010D0
.text:004010D0 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:004010D0
.text:004010D0 ; Attributes: bp-based frame
.text:004010D0
.text:004010D0 sub_4010D0 proc near ; CODE XREF: sub_404620+416p
.text:004010D0 ; sub_4323C0+307p
.text:004010D0
.text:004010D0 var_10 = dword ptr -10h
.text:004010D0 var_C = dword ptr -0Ch
.text:004010D0 var_4 = dword ptr -4
.text:004010D0
.text:004010D0 push ebp
.text:004010D1 mov ebp, esp
.text:004010D3 push 0FFFFFFFFh
.text:004010D5 push offset loc_5A14A0
.text:004010DA mov eax, large fs:0
.text:004010E0 push eax
.text:004010E1 mov large fs:0, esp
.text:004010E8 sub esp, 0Ch
.text:004010EB push ebx
.text:004010EC push esi
.text:004010ED push edi
.text:004010EE add ecx, 14h
.text:004010F1 mov [ebp+var_10], esp
.text:004010F4 mov [ebp+var_4], 0
.text:004010FB call sub_4C50D0
.text:00401100 mov ecx, [ebp+var_C]
.text:00401103 pop edi
.text:00401104 pop esi
.text:00401105 mov large fs:0, ecx
.text:0040110C pop ebx
.text:0040110D mov esp, ebp
.text:0040110F pop ebp
.text:00401110 retn
.text:00401110 sub_4010D0 endp
.text:00401110
.text:00401111 ; ---------------------------------------------------------------------------
.text:00401111 mov eax, [ebp-18h]
.text:00401114 push offset dword_67333C
.text:00401119 lea ecx, [ebp-14h]
.text:0040111C push ecx
.text:0040111D mov [ebp-14h], eax
.text:00401120 call sub_58C2DA
.text:00401125
.text:00401125 loc_401125: ; DATA XREF: .rdata:006733D8o
.text:00401125 push offset aVoidWriteunloc ; "void WriteUnlock()"
.text:0040112A call sub_4792B0
.text:0040112F add esp, 4
.text:00401132 push 0
.text:00401134 push 0
.text:00401136 call sub_58C2DA
.text:0040113B int 3 ; Trap to Debugger
.text:0040113C nop
.text:0040113D nop
.text:0040113E nop
.text:0040113F nop
.text:00401140

**MentaL**

Disassembled L2server.exe now in assembly

**ismael66** · 12-06-06

Nice work,just need some of your help in editing skills.
Thx a lot...!

Disassembled L2server.exe now in assembly

Thread Tools

Search Thread

Disassembled L2server.exe now in assembly

Advertisement