From 4d07cbf1f6c3322d2865e0331573d01064889efd Mon Sep 17 00:00:00 2001 From: Sandy Carter Date: Sun, 23 Feb 2025 00:01:19 -0500 Subject: [PATCH] clean-up dll jump tables --- src/CMakeLists.txt | 2 +- ...rdata.000.008a9000-008a99a8.dllimports.asm | 64 ++-- ...899040-ddraw.dll-winmm.dll-wearasr.dll.asm | 86 ++--- ...emble.1336.008a2710-008a2770-imm32.dll.asm | 30 +- ....dll-advapi32.dll-ole32.dll-lhlogr.dll.asm | 362 +++++++++--------- ...e.1342.008a5b00-008a5b0c-dll-jmp-table.asm | 11 + ...lack.reassemble.1342.008a5b00-008a5f63.asm | 9 - ...e.1344.008a6460-008a6470-dll-jmp-table.asm | 23 +- 8 files changed, 292 insertions(+), 295 deletions(-) create mode 100644 src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5b0c-dll-jmp-table.asm delete mode 100644 src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5f63.asm diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 54d3158a..f878adda 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -388,7 +388,7 @@ set(SOURCES asm/unprocessed/runblack.reassemble.1337.008a2770-008a5030.asm asm/unprocessed/runblack.reassemble.1338.008a5030-008a5440-binkw32.dll-wsock32.dll-kernel32.dll-user32.dll-gdi32.dll-advapi32.dll-ole32.dll-lhlogr.dll.asm asm/unprocessed/runblack.reassemble.1339.008a5440-008a5b00.asm - asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5f63.asm + asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5b0c-dll-jmp-table.asm ) add_library(runblack-reassembled-src OBJECT ${SOURCES}) diff --git a/src/asm/unprocessed/rdata.000.008a9000-008a99a8.dllimports.asm b/src/asm/unprocessed/rdata.000.008a9000-008a99a8.dllimports.asm index 09bd1fd7..2f0a62f9 100644 --- a/src/asm/unprocessed/rdata.000.008a9000-008a99a8.dllimports.asm +++ b/src/asm/unprocessed/rdata.000.008a9000-008a99a8.dllimports.asm @@ -10,9 +10,9 @@ .globl __imp__RegOpenKeyExA@4 .globl __imp__RegSetValueExA@4 .globl __imp__TrackMouseEvent@4 -.globl __imp__DirectDrawCreateEx4 -.globl __imp__DirectDrawEnumerateA4 -.globl __imp__DirectDrawCreate4 +.globl __imp__DirectDrawCreateEx@4 +.globl __imp__DirectDrawEnumerateA@4 +.globl __imp__DirectDrawCreate@4 .globl __imp__DirectInputCreateA@4 .globl __imp__DirectXSetupGetVersion .globl __imp__SetTextColor@4 @@ -575,19 +575,19 @@ .globl __imp__WSAStartup@4 .globl __imp__inet_addr@4 .globl __imp__inet_ntoa -.globl __imp__BinkService_4@4 -.globl __imp__BinkWait_4@4 -.globl __imp__BinkGetRealtime_12@4 -.globl __imp__BinkGoto_12@4 -.globl __imp__BinkNextFrame_4@4 -.globl __imp__BinkSetSoundSystem_8@4 -.globl __imp__BinkOpenDirectSound_4@4 -.globl __imp__BinkSetSoundOnOff_8@4 -.globl __imp__BinkClose_4@4 -.globl __imp__BinkDoFrame_4@4 -.globl __imp__BinkOpen_8@4 -.globl __imp__BinkGetSummary_8@4 -.globl __imp__BinkCopyToBuffer_28@4 +.globl __imp__BinkService@4 +.globl __imp__BinkWait@4 +.globl __imp__BinkNextFrame@4 +.globl __imp__BinkGetRealtime@12 +.globl __imp__BinkGoto@12 +.globl __imp__BinkSetSoundOnOff@8 +.globl __imp__BinkSetSoundSystem@8 +.globl __imp__BinkOpenDirectSound@4 +.globl __imp__BinkClose@4 +.globl __imp__BinkGetSummary@8 +.globl __imp__BinkOpen@8 +.globl __imp__BinkCopyToBuffer@28 +.globl __imp__BinkDoFrame@4 .globl __imp__GetSaveFileNameA@4 .globl __imp__GetOpenFileNameA@4 .globl __imp__CoFileTimeToDosDateTime@4 @@ -612,9 +612,9 @@ rdata_bytes: .long 0 .long 0x005c5120 /* COMCTL32.DLL::TrackMouseEvent */ ; .set __imp__TrackMouseEvent@4, 0x008a901c .long 0 -.long 0x005c419e /* DDRAW.dll::DirectDrawCreateEx */ ; .set __imp__DirectDrawCreateEx4, 0x008a9024 -.long 0x005c4186 /* DDRAW.dll::DirectDrawEnumerateA */ ; .set __imp__DirectDrawEnumerateA4, 0x008a9028 -.long 0x005c41b4 /* DDRAW.dll::DirectDrawCreate */ ; .set __imp__DirectDrawCreate4, 0x008a902c +.long 0x005c419e /* DDRAW.dll::DirectDrawCreateEx */ ; .set __imp__DirectDrawCreateEx@4, 0x008a9024 +.long 0x005c4186 /* DDRAW.dll::DirectDrawEnumerateA */ ; .set __imp__DirectDrawEnumerateA@4, 0x008a9028 +.long 0x005c41b4 /* DDRAW.dll::DirectDrawCreate */ ; .set __imp__DirectDrawCreate@4, 0x008a902c .long 0 .long 0x005c5142 /* DINPUT.DLL::DirectInputCreateA */ ; .set __imp__DirectInputCreateA@4, 0x008a9034 .long 0 @@ -1192,19 +1192,19 @@ rdata_bytes: .long 0x8000000a /* WSOCK32.dll::inet_addr */ ; .set __imp__inet_addr@4, 0x008a9928 .long 0x8000000b /* WSOCK32.dll::inet_ntoa */ ; .set __imp__inet_ntoa, 0x008a992c .long 0 -.long 0x005c4582 /* binkw32.dll::BinkService_4 */ ; .set __imp__BinkService_4@4, 0x008a9934 -.long 0x005c4594 /* binkw32.dll::BinkWait_4 */ ; .set __imp__BinkWait_4@4, 0x008a9938 -.long 0x005c45b6 /* binkw32.dll::BinkGetRealtime_12 */ ; .set __imp__BinkGetRealtime_12@4, 0x008a993c -.long 0x005c45cc /* binkw32.dll::BinkGoto_12 */ ; .set __imp__BinkGoto_12@4, 0x008a9940 -.long 0x005c45a2 /* binkw32.dll::BinkNextFrame_4 */ ; .set __imp__BinkNextFrame_4@4, 0x008a9944 -.long 0x005c45f4 /* binkw32.dll::BinkSetSoundSystem_8 */ ; .set __imp__BinkSetSoundSystem_8@4, 0x008a9948 -.long 0x005c460c /* binkw32.dll::BinkOpenDirectSound_4 */ ; .set __imp__BinkOpenDirectSound_4@4, 0x008a994c -.long 0x005c45dc /* binkw32.dll::BinkSetSoundOnOff_8 */ ; .set __imp__BinkSetSoundOnOff_8@4, 0x008a9950 -.long 0x005c4626 /* binkw32.dll::BinkClose_4 */ ; .set __imp__BinkClose_4@4, 0x008a9954 -.long 0x005c4670 /* binkw32.dll::BinkDoFrame_4 */ ; .set __imp__BinkDoFrame_4@4, 0x008a9958 -.long 0x005c464a /* binkw32.dll::BinkOpen_8 */ ; .set __imp__BinkOpen_8@4, 0x008a995c -.long 0x005c4636 /* binkw32.dll::BinkGetSummary_8 */ ; .set __imp__BinkGetSummary_8@4, 0x008a9960 -.long 0x005c4658 /* binkw32.dll::BinkCopyToBuffer_28 */ ; .set __imp__BinkCopyToBuffer_28@4, 0x008a9964 +.long 0x005c4582 /* binkw32.dll::BinkService_4 */ ; .set __imp__BinkService@4, 0x008a9934 +.long 0x005c4594 /* binkw32.dll::BinkWait_4 */ ; .set __imp__BinkWait@4, 0x008a9938 +.long 0x005c45b6 /* binkw32.dll::BinkGetRealtime_12 */ ; .set __imp__BinkGetRealtime@12, 0x008a993c +.long 0x005c45cc /* binkw32.dll::BinkGoto_12 */ ; .set __imp__BinkGoto@12, 0x008a9940 +.long 0x005c45a2 /* binkw32.dll::BinkNextFrame_4 */ ; .set __imp__BinkNextFrame@4, 0x008a9944 +.long 0x005c45f4 /* binkw32.dll::BinkSetSoundSystem_8 */ ; .set __imp__BinkSetSoundSystem@8, 0x008a9948 +.long 0x005c460c /* binkw32.dll::BinkOpenDirectSound_4 */ ; .set __imp__BinkOpenDirectSound@4, 0x008a994c +.long 0x005c45dc /* binkw32.dll::BinkSetSoundOnOff_8 */ ; .set __imp__BinkSetSoundOnOff@8, 0x008a9950 +.long 0x005c4626 /* binkw32.dll::BinkClose_4 */ ; .set __imp__BinkClose@4, 0x008a9954 +.long 0x005c4670 /* binkw32.dll::BinkDoFrame_4 */ ; .set __imp__BinkDoFrame@4, 0x008a9958 +.long 0x005c464a /* binkw32.dll::BinkOpen_8 */ ; .set __imp__BinkOpen@8, 0x008a995c +.long 0x005c4636 /* binkw32.dll::BinkGetSummary_8 */ ; .set __imp__BinkGetSummary@8, 0x008a9960 +.long 0x005c4658 /* binkw32.dll::BinkCopyToBuffer_28 */ ; .set __imp__BinkCopyToBuffer@28, 0x008a9964 .long 0 .long 0x005c0698 /* comdlg32.dll::GetSaveFileNameA */ ; .set __imp__GetSaveFileNameA@4, 0x008a996c .long 0x005c06ac /* comdlg32.dll::GetOpenFileNameA */ ; .set __imp__GetOpenFileNameA@4, 0x008a9970 diff --git a/src/asm/unprocessed/runblack.reassemble.1328.00897550-00899040-ddraw.dll-winmm.dll-wearasr.dll.asm b/src/asm/unprocessed/runblack.reassemble.1328.00897550-00899040-ddraw.dll-winmm.dll-wearasr.dll.asm index e290f36b..f8d36ba1 100644 --- a/src/asm/unprocessed/runblack.reassemble.1328.00897550-00899040-ddraw.dll-winmm.dll-wearasr.dll.asm +++ b/src/asm/unprocessed/runblack.reassemble.1328.00897550-00899040-ddraw.dll-winmm.dll-wearasr.dll.asm @@ -1,51 +1,49 @@ .intel_syntax noprefix .align 16 -.extern rdata_bytes - .globl _jmp_DDRAW_DLL__DirectDrawEnumerateA .globl _jmp_DDRAW_DLL__DirectDrawCreateEx .globl _jmp_DDRAW_DLL__DirectDrawCreate -_jmp_DDRAW_DLL__DirectDrawEnumerateA: jmp dword ptr [rdata_bytes + 0x28] // 0x00898390 ff2528908a00 -_jmp_DDRAW_DLL__DirectDrawCreateEx: jmp dword ptr [rdata_bytes + 0x24] // 0x00898396 ff2524908a00 -_jmp_DDRAW_DLL__DirectDrawCreate: jmp dword ptr [rdata_bytes + 0x2c] // 0x0089839c ff252c908a00 -_jmp_WINMM_DLL__mmioAscend: jmp dword ptr [rdata_bytes + 0x888] // 0x008983a2 ff2588988a00 -_jmp_WINMM_DLL__mmioRead: jmp dword ptr [rdata_bytes + 0x8c8] // 0x008983a8 ff25c8988a00 -_jmp_WINMM_DLL__mmioClose: jmp dword ptr [rdata_bytes + 0x884] // 0x008983ae ff2584988a00 -_jmp_WINMM_DLL__mmioDescend: jmp dword ptr [rdata_bytes + 0x8c4] // 0x008983b4 ff25c4988a00 -_jmp_WINMM_DLL__mmioOpenA: jmp dword ptr [rdata_bytes + 0x8c0] // 0x008983ba ff25c0988a00 -_jmp_WINMM_DLL__waveInAddBuffer: jmp dword ptr [rdata_bytes + 0x8b4] // 0x008983c0 ff25b4988a00 -_jmp_WINMM_DLL__waveInPrepareHeader: jmp dword ptr [rdata_bytes + 0x8bc] // 0x008983c6 ff25bc988a00 -_jmp_WINMM_DLL__waveInUnprepareHeader: jmp dword ptr [rdata_bytes + 0x8b8] // 0x008983cc ff25b8988a00 -_jmp_WINMM_DLL__waveInClose: jmp dword ptr [rdata_bytes + 0x8a8] // 0x008983d2 ff25a8988a00 -_jmp_WINMM_DLL__waveInReset: jmp dword ptr [rdata_bytes + 0x8b0] // 0x008983d8 ff25b0988a00 -_jmp_WINMM_DLL__waveInStart: jmp dword ptr [rdata_bytes + 0x8ac] // 0x008983de ff25ac988a00 -_jmp_WINMM_DLL__waveInOpen: jmp dword ptr [rdata_bytes + 0x89c] // 0x008983e4 ff259c988a00 -_jmp_WINMM_DLL__waveInGetDevCapsA: jmp dword ptr [rdata_bytes + 0x8a4] // 0x008983ea ff25a4988a00 -_jmp_WINMM_DLL__waveInGetNumDevs: jmp dword ptr [rdata_bytes + 0x8a0] // 0x008983f0 ff25a0988a00 -_jmp_WINMM_DLL__timeGetTime: jmp dword ptr [rdata_bytes + 0x88c] // 0x008983f6 ff258c988a00 -_jmp_WINMM_DLL__timeKillEvent: jmp dword ptr [rdata_bytes + 0x890] // 0x008983fc ff2590988a00 -_jmp_WINMM_DLL__timeSetEvent: jmp dword ptr [rdata_bytes + 0x898] // 0x00898402 ff2598988a00 -_jmp_WINMM_DLL__mciSendCommandA: jmp dword ptr [rdata_bytes + 0x894] // 0x00898408 ff2594988a00 -_jmp_WEARASR_DLL__Dialup__dt_Dialup: jmp dword ptr [rdata_bytes + 0x990] // 0x0089840e ff2590998a00 -_jmp_WEARASR_DLL__Dialup__Release: jmp dword ptr [rdata_bytes + 0x998] // 0x00898414 ff2598998a00 -_jmp_WEARASR_DLL__Dialup__GetDialupProperties: jmp dword ptr [rdata_bytes + 0x994] // 0x0089841a ff2594998a00 -_jmp_WEARASR_DLL__Dialup__GetDefaultEntryIndex: jmp dword ptr [rdata_bytes + 0x984] // 0x00898420 ff2584998a00 -_jmp_WEARASR_DLL__Dialup__GetNoDialUpConnecti: jmp dword ptr [rdata_bytes + 0x98c] // 0x00898426 ff258c998a00 -_jmp_WEARASR_DLL__Dialup__Initialise: jmp dword ptr [rdata_bytes + 0x988] // 0x0089842c ff2588998a00 -_jmp_WEARASR_DLL__Dialup__Dialup: jmp dword ptr [rdata_bytes + 0x980] // 0x00898432 ff2580998a00 -_jmp_WEARASR_DLL__Dialup__Disconnect: jmp dword ptr [rdata_bytes + 0x99c] // 0x00898438 ff259c998a00 -_jmp_WEARASR_DLL__Dialup__Connect: jmp dword ptr [rdata_bytes + 0x9a0] // 0x0089843e ff25a0998a00 - int3 // 0x00898444 cc - int3 // 0x00898445 cc - int3 // 0x00898446 cc - int3 // 0x00898447 cc - int3 // 0x00898448 cc - int3 // 0x00898449 cc - int3 // 0x0089844a cc - int3 // 0x0089844b cc - int3 // 0x0089844c cc - int3 // 0x0089844d cc - int3 // 0x0089844e cc - int3 // 0x0089844f cc +_jmp_DDRAW_DLL__DirectDrawEnumerateA: jmp dword ptr [__imp__DirectDrawEnumerateA@4] // 0x00898390 ff2528908a00 +_jmp_DDRAW_DLL__DirectDrawCreateEx: jmp dword ptr [__imp__DirectDrawCreateEx@4] // 0x00898396 ff2524908a00 +_jmp_DDRAW_DLL__DirectDrawCreate: jmp dword ptr [__imp__DirectDrawCreate@4] // 0x0089839c ff252c908a00 +_jmp_WINMM_DLL__mmioAscend: jmp dword ptr [__imp__mmioAscend@4] // 0x008983a2 ff2588988a00 +_jmp_WINMM_DLL__mmioRead: jmp dword ptr [__imp__mmioRead@4] // 0x008983a8 ff25c8988a00 +_jmp_WINMM_DLL__mmioClose: jmp dword ptr [__imp__mmioClose@4] // 0x008983ae ff2584988a00 +_jmp_WINMM_DLL__mmioDescend: jmp dword ptr [__imp__mmioDescend@4] // 0x008983b4 ff25c4988a00 +_jmp_WINMM_DLL__mmioOpenA: jmp dword ptr [__imp__mmioOpenA@4] // 0x008983ba ff25c0988a00 +_jmp_WINMM_DLL__waveInAddBuffer: jmp dword ptr [__imp__waveInAddBuffer@4] // 0x008983c0 ff25b4988a00 +_jmp_WINMM_DLL__waveInPrepareHeader: jmp dword ptr [__imp__waveInPrepareHeader@4] // 0x008983c6 ff25bc988a00 +_jmp_WINMM_DLL__waveInUnprepareHeader: jmp dword ptr [__imp__waveInUnprepareHeader@4] // 0x008983cc ff25b8988a00 +_jmp_WINMM_DLL__waveInClose: jmp dword ptr [__imp__waveInClose@4] // 0x008983d2 ff25a8988a00 +_jmp_WINMM_DLL__waveInReset: jmp dword ptr [__imp__waveInReset@4] // 0x008983d8 ff25b0988a00 +_jmp_WINMM_DLL__waveInStart: jmp dword ptr [__imp__waveInStart@4] // 0x008983de ff25ac988a00 +_jmp_WINMM_DLL__waveInOpen: jmp dword ptr [__imp__waveInOpen@4] // 0x008983e4 ff259c988a00 +_jmp_WINMM_DLL__waveInGetDevCapsA: jmp dword ptr [__imp__waveInGetDevCapsA@4] // 0x008983ea ff25a4988a00 +_jmp_WINMM_DLL__waveInGetNumDevs: jmp dword ptr [__imp__waveInGetNumDevs@4] // 0x008983f0 ff25a0988a00 +_jmp_WINMM_DLL__timeGetTime: jmp dword ptr [__imp__timeGetTime@4] // 0x008983f6 ff258c988a00 +_jmp_WINMM_DLL__timeKillEvent: jmp dword ptr [__imp__timeKillEvent@4] // 0x008983fc ff2590988a00 +_jmp_WINMM_DLL__timeSetEvent: jmp dword ptr [__imp__timeSetEvent@4] // 0x00898402 ff2598988a00 +_jmp_WINMM_DLL__mciSendCommandA: jmp dword ptr [__imp__mciSendCommandA@4] // 0x00898408 ff2594988a00 +_jmp_WEARASR_DLL__Dialup__dt_Dialup: jmp dword ptr [__imp___1Dialup__QAE_XZ@4] // 0x0089840e ff2590998a00 +_jmp_WEARASR_DLL__Dialup__Release: jmp dword ptr [__imp__Release_Dialup__QAEXXZ@4] // 0x00898414 ff2598998a00 +_jmp_WEARASR_DLL__Dialup__GetDialupProperties: jmp dword ptr [__imp__GetDialupProperties_Dialup__QAEHHPAUDIALUP_PROPERTIES___Z@4] // 0x0089841a ff2594998a00 +_jmp_WEARASR_DLL__Dialup__GetDefaultEntryIndex: jmp dword ptr [__imp__GetDefaultEntryIndex_Dialup__QAEHXZ@4] // 0x00898420 ff2584998a00 +_jmp_WEARASR_DLL__Dialup__GetNoDialUpConnecti: jmp dword ptr [__imp__GetNoDialUpConnections_Dialup__QAEKXZ@4] // 0x00898426 ff258c998a00 +_jmp_WEARASR_DLL__Dialup__Initialise: jmp dword ptr [__imp__Initialise_Dialup__QAEHXZ@4] // 0x0089842c ff2588998a00 +_jmp_WEARASR_DLL__Dialup__Dialup: jmp dword ptr [__imp___0Dialup__QAE_XZ@4] // 0x00898432 ff2580998a00 +_jmp_WEARASR_DLL__Dialup__Disconnect: jmp dword ptr [__imp__Disconnect_Dialup__QAEXH_Z@4] // 0x00898438 ff259c998a00 +_jmp_WEARASR_DLL__Dialup__Connect: jmp dword ptr [__imp__Connect_Dialup__QAEHHP6GXHPAX_ZPAG20_Z@4] // 0x0089843e ff25a0998a00 + int3 // 0x00898444 cc + int3 // 0x00898445 cc + int3 // 0x00898446 cc + int3 // 0x00898447 cc + int3 // 0x00898448 cc + int3 // 0x00898449 cc + int3 // 0x0089844a cc + int3 // 0x0089844b cc + int3 // 0x0089844c cc + int3 // 0x0089844d cc + int3 // 0x0089844e cc + int3 // 0x0089844f cc diff --git a/src/asm/unprocessed/runblack.reassemble.1336.008a2710-008a2770-imm32.dll.asm b/src/asm/unprocessed/runblack.reassemble.1336.008a2710-008a2770-imm32.dll.asm index e21b58f9..dec7ea5a 100644 --- a/src/asm/unprocessed/runblack.reassemble.1336.008a2710-008a2770-imm32.dll.asm +++ b/src/asm/unprocessed/runblack.reassemble.1336.008a2710-008a2770-imm32.dll.asm @@ -1,8 +1,6 @@ .intel_syntax noprefix .align 16 -.extern rdata_bytes - .globl _jmp_IMM32_DLL__ImmAssociateContext .globl _jmp_IMM32_DLL__ImmGetContext .globl _jmp_IMM32_DLL__ImmReleaseContext @@ -18,20 +16,20 @@ .globl _jmp_IMM32_DLL__ImmCreateContext .globl _jmp_IMM32_DLL__ImmGetDescriptionA -_jmp_IMM32_DLL__ImmAssociateContext: jmp dword ptr [rdata_bytes + 0x10c] // 0x008a2710 ff250c918a00 -_jmp_IMM32_DLL__ImmGetContext: jmp dword ptr [rdata_bytes + 0x110] // 0x008a2716 ff2510918a00 -_jmp_IMM32_DLL__ImmReleaseContext: jmp dword ptr [rdata_bytes + 0x114] // 0x008a271c ff2514918a00 -_jmp_IMM32_DLL__ImmGetCompositionStringA: jmp dword ptr [rdata_bytes + 0x118] // 0x008a2722 ff2518918a00 -_jmp_IMM32_DLL__ImmSetCompositionStringA: jmp dword ptr [rdata_bytes + 0x11c] // 0x008a2728 ff251c918a00 -_jmp_IMM32_DLL__ImmNotifyIME: jmp dword ptr [rdata_bytes + 0x120] // 0x008a272e ff2520918a00 -_jmp_IMM32_DLL__ImmGetOpenStatus: jmp dword ptr [rdata_bytes + 0x12c] // 0x008a2734 ff252c918a00 -_jmp_IMM32_DLL__ImmSetOpenStatus: jmp dword ptr [rdata_bytes + 0x128] // 0x008a273a ff2528918a00 -_jmp_IMM32_DLL__ImmSetCompositionWindow: jmp dword ptr [rdata_bytes + 0xfc] // 0x008a2740 ff25fc908a00 -_jmp_IMM32_DLL__ImmGetCandidateListA: jmp dword ptr [rdata_bytes + 0x124] // 0x008a2746 ff2524918a00 -_jmp_IMM32_DLL__ImmDestroyContext: jmp dword ptr [rdata_bytes + 0x100] // 0x008a274c ff2500918a00 -_jmp_IMM32_DLL__ImmGetProperty: jmp dword ptr [rdata_bytes + 0x104] // 0x008a2752 ff2504918a00 -_jmp_IMM32_DLL__ImmCreateContext: jmp dword ptr [rdata_bytes + 0xf8] // 0x008a2758 ff25f8908a00 -_jmp_IMM32_DLL__ImmGetDescriptionA: jmp dword ptr [rdata_bytes + 0x108] // 0x008a275e ff2508918a00 +_jmp_IMM32_DLL__ImmAssociateContext: jmp dword ptr [__imp__ImmAssociateContext@4] // 0x008a2710 ff250c918a00 +_jmp_IMM32_DLL__ImmGetContext: jmp dword ptr [__imp__ImmGetContext@4] // 0x008a2716 ff2510918a00 +_jmp_IMM32_DLL__ImmReleaseContext: jmp dword ptr [__imp__ImmReleaseContext@4] // 0x008a271c ff2514918a00 +_jmp_IMM32_DLL__ImmGetCompositionStringA: jmp dword ptr [__imp__ImmGetCompositionStringA@4] // 0x008a2722 ff2518918a00 +_jmp_IMM32_DLL__ImmSetCompositionStringA: jmp dword ptr [__imp__ImmSetCompositionStringA@4] // 0x008a2728 ff251c918a00 +_jmp_IMM32_DLL__ImmNotifyIME: jmp dword ptr [__imp__ImmNotifyIME@4] // 0x008a272e ff2520918a00 +_jmp_IMM32_DLL__ImmGetOpenStatus: jmp dword ptr [__imp__ImmGetOpenStatus@4] // 0x008a2734 ff252c918a00 +_jmp_IMM32_DLL__ImmSetOpenStatus: jmp dword ptr [__imp__ImmSetOpenStatus@4] // 0x008a273a ff2528918a00 +_jmp_IMM32_DLL__ImmSetCompositionWindow: jmp dword ptr [__imp__ImmSetCompositionWindow@4] // 0x008a2740 ff25fc908a00 +_jmp_IMM32_DLL__ImmGetCandidateListA: jmp dword ptr [__imp__ImmGetCandidateListA@4] // 0x008a2746 ff2524918a00 +_jmp_IMM32_DLL__ImmDestroyContext: jmp dword ptr [__imp__ImmDestroyContext@4] // 0x008a274c ff2500918a00 +_jmp_IMM32_DLL__ImmGetProperty: jmp dword ptr [__imp__ImmGetProperty@4] // 0x008a2752 ff2504918a00 +_jmp_IMM32_DLL__ImmCreateContext: jmp dword ptr [__imp__ImmCreateContext@4] // 0x008a2758 ff25f8908a00 +_jmp_IMM32_DLL__ImmGetDescriptionA: jmp dword ptr [__imp__ImmGetDescriptionA@4] // 0x008a275e ff2508918a00 int3 // 0x008a2764 cc int3 // 0x008a2765 cc int3 // 0x008a2766 cc diff --git a/src/asm/unprocessed/runblack.reassemble.1338.008a5030-008a5440-binkw32.dll-wsock32.dll-kernel32.dll-user32.dll-gdi32.dll-advapi32.dll-ole32.dll-lhlogr.dll.asm b/src/asm/unprocessed/runblack.reassemble.1338.008a5030-008a5440-binkw32.dll-wsock32.dll-kernel32.dll-user32.dll-gdi32.dll-advapi32.dll-ole32.dll-lhlogr.dll.asm index 5feab3e1..56ccaf46 100644 --- a/src/asm/unprocessed/runblack.reassemble.1338.008a5030-008a5440-binkw32.dll-wsock32.dll-kernel32.dll-user32.dll-gdi32.dll-advapi32.dll-ole32.dll-lhlogr.dll.asm +++ b/src/asm/unprocessed/runblack.reassemble.1338.008a5030-008a5440-binkw32.dll-wsock32.dll-kernel32.dll-user32.dll-gdi32.dll-advapi32.dll-ole32.dll-lhlogr.dll.asm @@ -1,8 +1,6 @@ .intel_syntax noprefix .align 16 -.extern rdata_bytes - .globl _jmp_KERNEL32_DLL__RtlUnwind .globl _jmp_WSOCK32_DLL__Ordinal_10 .globl _jmp_WSOCK32_DLL__Ordinal_115 @@ -28,183 +26,183 @@ .globl _jmp_WSOCK32_DLL__Ordinal_111 -_jmp_BINKW32_DLL___BinkService@4: jmp dword ptr [rdata_bytes + 0x934] // 0x008a5030 ff2534998a00 -_jmp_BINKW32_DLL___BinkWait@4: jmp dword ptr [rdata_bytes + 0x938] // 0x008a5036 ff2538998a00 -_jmp_BINKW32_DLL___BinkNextFrame@4: jmp dword ptr [rdata_bytes + 0x944] // 0x008a503c ff2544998a00 -_jmp_BINKW32_DLL___BinkGetRealtime@12: jmp dword ptr [rdata_bytes + 0x93c] // 0x008a5042 ff253c998a00 -_jmp_BINKW32_DLL___BinkGoto@12: jmp dword ptr [rdata_bytes + 0x940] // 0x008a5048 ff2540998a00 -_jmp_BINKW32_DLL___BinkSetSoundOnOff@8: jmp dword ptr [rdata_bytes + 0x950] // 0x008a504e ff2550998a00 -_jmp_BINKW32_DLL___BinkSetSoundSystem@8: jmp dword ptr [rdata_bytes + 0x948] // 0x008a5054 ff2548998a00 -_jmp_BINKW32_DLL___BinkOpenDirectSound@4: jmp dword ptr [rdata_bytes + 0x94c] // 0x008a505a ff254c998a00 -_jmp_BINKW32_DLL___BinkClose@4: jmp dword ptr [rdata_bytes + 0x954] // 0x008a5060 ff2554998a00 -_jmp_BINKW32_DLL___BinkGetSummary@8: jmp dword ptr [rdata_bytes + 0x960] // 0x008a5066 ff2560998a00 -_jmp_BINKW32_DLL___BinkOpen@8: jmp dword ptr [rdata_bytes + 0x95c] // 0x008a506c ff255c998a00 -_jmp_BINKW32_DLL___BinkCopyToBuffer@28: jmp dword ptr [rdata_bytes + 0x964] // 0x008a5072 ff2564998a00 -_jmp_BINKW32_DLL___BinkDoFrame@4: jmp dword ptr [rdata_bytes + 0x958] // 0x008a5078 ff2558998a00 -_jmp_WSOCK32_DLL__Ordinal_10: jmp dword ptr [rdata_bytes + 0x928] // 0x008a507e ff2528998a00 -_jmp_WSOCK32_DLL__Ordinal_115: jmp dword ptr [rdata_bytes + 0x924] // 0x008a5084 ff2524998a00 -_jmp_WSOCK32_DLL__Ordinal_116: jmp dword ptr [rdata_bytes + 0x920] // 0x008a508a ff2520998a00 -_jmp_WSOCK32_DLL__Ordinal_12: jmp dword ptr [rdata_bytes + 0x91c] // 0x008a5090 ff251c998a00 -_jmp_WSOCK32_DLL__Ordinal_21: jmp dword ptr [rdata_bytes + 0x918] // 0x008a5096 ff2518998a00 -_jmp_WSOCK32_DLL__Ordinal_15: jmp dword ptr [rdata_bytes + 0x8d4] // 0x008a509c ff25d4988a00 -_jmp_WSOCK32_DLL__Ordinal_6: jmp dword ptr [rdata_bytes + 0x8d8] // 0x008a50a2 ff25d8988a00 -_jmp_WSOCK32_DLL__Ordinal_2: jmp dword ptr [rdata_bytes + 0x8dc] // 0x008a50a8 ff25dc988a00 -_jmp_WSOCK32_DLL__Ordinal_8: jmp dword ptr [rdata_bytes + 0x8e0] // 0x008a50ae ff25e0988a00 -_jmp_WSOCK32_DLL__Ordinal_23: jmp dword ptr [rdata_bytes + 0x8e4] // 0x008a50b4 ff25e4988a00 -_jmp_WSOCK32_DLL__Ordinal_17: jmp dword ptr [rdata_bytes + 0x8e8] // 0x008a50ba ff25e8988a00 -_jmp_WSOCK32_DLL__Ordinal_18: jmp dword ptr [rdata_bytes + 0x8ec] // 0x008a50c0 ff25ec988a00 -_jmp_WSOCK32_DLL__Ordinal_3: jmp dword ptr [rdata_bytes + 0x8f0] // 0x008a50c6 ff25f0988a00 -_jmp_WSOCK32_DLL__Ordinal_52: jmp dword ptr [rdata_bytes + 0x8d0] // 0x008a50cc ff25d0988a00 -_jmp_WSOCK32_DLL__Ordinal_9: jmp dword ptr [rdata_bytes + 0x8f8] // 0x008a50d2 ff25f8988a00 -_jmp_WSOCK32_DLL__Ordinal_20: jmp dword ptr [rdata_bytes + 0x8fc] // 0x008a50d8 ff25fc988a00 -_jmp_WSOCK32_DLL__Ordinal_4: jmp dword ptr [rdata_bytes + 0x900] // 0x008a50de ff2500998a00 -_jmp_WSOCK32_DLL__Ordinal_22: jmp dword ptr [rdata_bytes + 0x904] // 0x008a50e4 ff2504998a00 -_jmp_WSOCK32_DLL__Ordinal_19: jmp dword ptr [rdata_bytes + 0x908] // 0x008a50ea ff2508998a00 -_jmp_WSOCK32_DLL__Ordinal_151: jmp dword ptr [rdata_bytes + 0x90c] // 0x008a50f0 ff250c998a00 -_jmp_WSOCK32_DLL__Ordinal_111: jmp dword ptr [rdata_bytes + 0x910] // 0x008a50f6 ff2510998a00 -_jmp_WSOCK32_DLL__Ordinal_16: jmp dword ptr [rdata_bytes + 0x914] // 0x008a50fc ff2514998a00 -_jmp_KERNEL32_DLL__InterlockedExchange: jmp dword ptr [rdata_bytes + 0x318] // 0x008a5102 ff2518938a00 -_jmp_KERNEL32_DLL__InterlockedDecrement: jmp dword ptr [rdata_bytes + 0x314] // 0x008a5108 ff2514938a00 -_jmp_KERNEL32_DLL__InterlockedIncrement: jmp dword ptr [rdata_bytes + 0x310] // 0x008a510e ff2510938a00 -_jmp_KERNEL32_DLL__CloseHandle: jmp dword ptr [rdata_bytes + 0x2c4] // 0x008a5114 ff25c4928a00 -_jmp_KERNEL32_DLL__SetFilePointer: jmp dword ptr [rdata_bytes + 0x220] // 0x008a511a ff2520928a00 -_jmp_KERNEL32_DLL__CreateFileA: jmp dword ptr [rdata_bytes + 0x21c] // 0x008a5120 ff251c928a00 -_jmp_KERNEL32_DLL__ReadFile: jmp dword ptr [rdata_bytes + 0x218] // 0x008a5126 ff2518928a00 -_jmp_KERNEL32_DLL__WriteFile: jmp dword ptr [rdata_bytes + 0x214] // 0x008a512c ff2514928a00 -_jmp_KERNEL32_DLL__GetFileSize: jmp dword ptr [rdata_bytes + 0x210] // 0x008a5132 ff2510928a00 -_jmp_KERNEL32_DLL__SetEndOfFile: jmp dword ptr [rdata_bytes + 0x20c] // 0x008a5138 ff250c928a00 -_jmp_KERNEL32_DLL__IsBadReadPtr: jmp dword ptr [rdata_bytes + 0x208] // 0x008a513e ff2508928a00 -_jmp_KERNEL32_DLL__HeapAlloc: jmp dword ptr [rdata_bytes + 0x204] // 0x008a5144 ff2504928a00 -_jmp_KERNEL32_DLL__HeapFree: jmp dword ptr [rdata_bytes + 0x200] // 0x008a514a ff2500928a00 -_jmp_KERNEL32_DLL__GetLastError: jmp dword ptr [rdata_bytes + 0x1fc] // 0x008a5150 ff25fc918a00 -_jmp_KERNEL32_DLL__GetTimeZoneInformation: jmp dword ptr [rdata_bytes + 0x1f8] // 0x008a5156 ff25f8918a00 -_jmp_KERNEL32_DLL__GetSystemTime: jmp dword ptr [rdata_bytes + 0x1f4] // 0x008a515c ff25f4918a00 -_jmp_KERNEL32_DLL__GetLocalTime: jmp dword ptr [rdata_bytes + 0x1f0] // 0x008a5162 ff25f0918a00 -_jmp_KERNEL32_DLL__RtlUnwind: jmp dword ptr [rdata_bytes + 0x1ec] // 0x008a5168 ff25ec918a00 -_jmp_KERNEL32_DLL__RaiseException: jmp dword ptr [rdata_bytes + 0x1e8] // 0x008a516e ff25e8918a00 -_jmp_KERNEL32_DLL__SetFileAttributesA: jmp dword ptr [rdata_bytes + 0x1e4] // 0x008a5174 ff25e4918a00 -_jmp_KERNEL32_DLL__HeapReAlloc: jmp dword ptr [rdata_bytes + 0x1e0] // 0x008a517a ff25e0918a00 -_jmp_KERNEL32_DLL__Beep: jmp dword ptr [rdata_bytes + 0x1dc] // 0x008a5180 ff25dc918a00 -_jmp_KERNEL32_DLL__ExitProcess: jmp dword ptr [rdata_bytes + 0x1d8] // 0x008a5186 ff25d8918a00 -_jmp_KERNEL32_DLL__TerminateProcess: jmp dword ptr [rdata_bytes + 0x1d4] // 0x008a518c ff25d4918a00 -_jmp_KERNEL32_DLL__GetCurrentProcess: jmp dword ptr [rdata_bytes + 0x1d0] // 0x008a5192 ff25d0918a00 -_jmp_KERNEL32_DLL__GetModuleHandleA: jmp dword ptr [rdata_bytes + 0x1cc] // 0x008a5198 ff25cc918a00 -_jmp_KERNEL32_DLL__GetStartupInfoA: jmp dword ptr [rdata_bytes + 0x1c8] // 0x008a519e ff25c8918a00 -_jmp_KERNEL32_DLL__GetVersion: jmp dword ptr [rdata_bytes + 0x268] // 0x008a51a4 ff2568928a00 -_jmp_KERNEL32_DLL__FatalAppExitA: jmp dword ptr [rdata_bytes + 0x30c] // 0x008a51aa ff250c938a00 -_jmp_KERNEL32_DLL__LCMapStringA: jmp dword ptr [rdata_bytes + 0x308] // 0x008a51b0 ff2508938a00 -_jmp_KERNEL32_DLL__LCMapStringW: jmp dword ptr [rdata_bytes + 0x2f0] // 0x008a51b6 ff25f0928a00 -_jmp_KERNEL32_DLL__GetCPInfo: jmp dword ptr [rdata_bytes + 0x304] // 0x008a51bc ff2504938a00 -_jmp_KERNEL32_DLL__CompareStringA: jmp dword ptr [rdata_bytes + 0x300] // 0x008a51c2 ff2500938a00 -_jmp_KERNEL32_DLL__CompareStringW: jmp dword ptr [rdata_bytes + 0x2fc] // 0x008a51c8 ff25fc928a00 -_jmp_KERNEL32_DLL__HeapSize: jmp dword ptr [rdata_bytes + 0x2f8] // 0x008a51ce ff25f8928a00 -_jmp_KERNEL32_DLL__GetModuleFileNameA: jmp dword ptr [rdata_bytes + 0x2f4] // 0x008a51d4 ff25f4928a00 -_jmp_KERNEL32_DLL__GetEnvironmentVariableA: jmp dword ptr [rdata_bytes + 0x2c0] // 0x008a51da ff25c0928a00 -_jmp_KERNEL32_DLL__HeapDestroy: jmp dword ptr [rdata_bytes + 0x2ec] // 0x008a51e0 ff25ec928a00 -_jmp_KERNEL32_DLL__HeapCreate: jmp dword ptr [rdata_bytes + 0x2e8] // 0x008a51e6 ff25e8928a00 -_jmp_KERNEL32_DLL__VirtualFree: jmp dword ptr [rdata_bytes + 0x2e4] // 0x008a51ec ff25e4928a00 -_jmp_KERNEL32_DLL__VirtualAlloc: jmp dword ptr [rdata_bytes + 0x2e0] // 0x008a51f2 ff25e0928a00 -_jmp_KERNEL32_DLL__IsBadWritePtr: jmp dword ptr [rdata_bytes + 0x2dc] // 0x008a51f8 ff25dc928a00 -_jmp_KERNEL32_DLL__GetCurrentThreadId: jmp dword ptr [rdata_bytes + 0x2d8] // 0x008a51fe ff25d8928a00 -_jmp_KERNEL32_DLL__TlsSetValue: jmp dword ptr [rdata_bytes + 0x2d4] // 0x008a5204 ff25d4928a00 -_jmp_KERNEL32_DLL__TlsAlloc: jmp dword ptr [rdata_bytes + 0x2d0] // 0x008a520a ff25d0928a00 -_jmp_KERNEL32_DLL__TlsFree: jmp dword ptr [rdata_bytes + 0x2cc] // 0x008a5210 ff25cc928a00 -_jmp_KERNEL32_DLL__SetLastError: jmp dword ptr [rdata_bytes + 0x2c8] // 0x008a5216 ff25c8928a00 -_jmp_KERNEL32_DLL__TlsGetValue: jmp dword ptr [rdata_bytes + 0x1ac] // 0x008a521c ff25ac918a00 -_jmp_KERNEL32_DLL__GetCurrentThread: jmp dword ptr [rdata_bytes + 0x1b0] // 0x008a5222 ff25b0918a00 -_jmp_KERNEL32_DLL__GetACP: jmp dword ptr [rdata_bytes + 0x2bc] // 0x008a5228 ff25bc928a00 -_jmp_KERNEL32_DLL__GetOEMCP: jmp dword ptr [rdata_bytes + 0x2b8] // 0x008a522e ff25b8928a00 -_jmp_KERNEL32_DLL__SetHandleCount: jmp dword ptr [rdata_bytes + 0x2b4] // 0x008a5234 ff25b4928a00 -_jmp_KERNEL32_DLL__GetStdHandle: jmp dword ptr [rdata_bytes + 0x2b0] // 0x008a523a ff25b0928a00 -_jmp_KERNEL32_DLL__GetFileType: jmp dword ptr [rdata_bytes + 0x2ac] // 0x008a5240 ff25ac928a00 -_jmp_KERNEL32_DLL__SetUnhandledExceptionFilter: jmp dword ptr [rdata_bytes + 0x2a8] // 0x008a5246 ff25a8928a00 -_jmp_KERNEL32_DLL__SetConsoleCtrlHandler: jmp dword ptr [rdata_bytes + 0x2a4] // 0x008a524c ff25a4928a00 -_jmp_KERNEL32_DLL__FlushFileBuffers: jmp dword ptr [rdata_bytes + 0x2a0] // 0x008a5252 ff25a0928a00 -_jmp_KERNEL32_DLL__UnhandledExceptionFilter: jmp dword ptr [rdata_bytes + 0x29c] // 0x008a5258 ff259c928a00 -_jmp_KERNEL32_DLL__FreeEnvironmentStringsA: jmp dword ptr [rdata_bytes + 0x298] // 0x008a525e ff2598928a00 -_jmp_KERNEL32_DLL__FreeEnvironmentStringsW: jmp dword ptr [rdata_bytes + 0x294] // 0x008a5264 ff2594928a00 -_jmp_KERNEL32_DLL__GetEnvironmentStrings: jmp dword ptr [rdata_bytes + 0x290] // 0x008a526a ff2590928a00 -_jmp_KERNEL32_DLL__GetEnvironmentStringsW: jmp dword ptr [rdata_bytes + 0x28c] // 0x008a5270 ff258c928a00 -_jmp_KERNEL32_DLL__IsValidLocale: jmp dword ptr [rdata_bytes + 0x288] // 0x008a5276 ff2588928a00 -_jmp_KERNEL32_DLL__IsValidCodePage: jmp dword ptr [rdata_bytes + 0x284] // 0x008a527c ff2584928a00 -_jmp_KERNEL32_DLL__GetLocaleInfoA: jmp dword ptr [rdata_bytes + 0x280] // 0x008a5282 ff2580928a00 -_jmp_KERNEL32_DLL__EnumSystemLocalesA: jmp dword ptr [rdata_bytes + 0x27c] // 0x008a5288 ff257c928a00 -_jmp_KERNEL32_DLL__GetUserDefaultLCID: jmp dword ptr [rdata_bytes + 0x278] // 0x008a528e ff2578928a00 -_jmp_KERNEL32_DLL__GetStringTypeA: jmp dword ptr [rdata_bytes + 0x274] // 0x008a5294 ff2574928a00 -_jmp_KERNEL32_DLL__GetStringTypeW: jmp dword ptr [rdata_bytes + 0x270] // 0x008a529a ff2570928a00 -_jmp_KERNEL32_DLL__SetEnvironmentVariableA: jmp dword ptr [rdata_bytes + 0x1b4] // 0x008a52a0 ff25b4918a00 -_jmp_KERNEL32_DLL__SetStdHandle: jmp dword ptr [rdata_bytes + 0x1a8] // 0x008a52a6 ff25a8918a00 -_jmp_KERNEL32_DLL__IsBadCodePtr: jmp dword ptr [rdata_bytes + 0x264] // 0x008a52ac ff2564928a00 -_jmp_KERNEL32_DLL__GetLocaleInfoW: jmp dword ptr [rdata_bytes + 0x260] // 0x008a52b2 ff2560928a00 -_jmp_KERNEL32_DLL__OpenProcess: jmp dword ptr [rdata_bytes + 0x25c] // 0x008a52b8 ff255c928a00 -_jmp_KERNEL32_DLL__CreateEventA: jmp dword ptr [rdata_bytes + 0x258] // 0x008a52be ff2558928a00 -_jmp_KERNEL32_DLL__WaitForSingleObject: jmp dword ptr [rdata_bytes + 0x254] // 0x008a52c4 ff2554928a00 -_jmp_KERNEL32_DLL__SetEvent: jmp dword ptr [rdata_bytes + 0x250] // 0x008a52ca ff2550928a00 -_jmp_KERNEL32_DLL__MulDiv: jmp dword ptr [rdata_bytes + 0x24c] // 0x008a52d0 ff254c928a00 -_jmp_KERNEL32_DLL__IsDBCSLeadByte: jmp dword ptr [rdata_bytes + 0x248] // 0x008a52d6 ff2548928a00 -_jmp_USER32_DLL__IsWindow: jmp dword ptr [rdata_bytes + 0x874] // 0x008a52dc ff2574988a00 -_jmp_USER32_DLL__SetMenu: jmp dword ptr [rdata_bytes + 0x87c] // 0x008a52e2 ff257c988a00 -_jmp_USER32_DLL__PeekMessageA: jmp dword ptr [rdata_bytes + 0x834] // 0x008a52e8 ff2534988a00 -_jmp_USER32_DLL__DispatchMessageA: jmp dword ptr [rdata_bytes + 0x830] // 0x008a52ee ff2530988a00 -_jmp_USER32_DLL__TranslateMessage: jmp dword ptr [rdata_bytes + 0x864] // 0x008a52f4 ff2564988a00 -_jmp_USER32_DLL__GetMessageA: jmp dword ptr [rdata_bytes + 0x820] // 0x008a52fa ff2520988a00 -_jmp_USER32_DLL__TranslateAcceleratorA: jmp dword ptr [rdata_bytes + 0x81c] // 0x008a5300 ff251c988a00 -_jmp_USER32_DLL__LoadAcceleratorsA: jmp dword ptr [rdata_bytes + 0x824] // 0x008a5306 ff2524988a00 -_jmp_USER32_DLL__RegisterClassA: jmp dword ptr [rdata_bytes + 0x814] // 0x008a530c ff2514988a00 -_jmp_USER32_DLL__LoadIconA: jmp dword ptr [rdata_bytes + 0x810] // 0x008a5312 ff2510988a00 -_jmp_USER32_DLL__GetMenu: jmp dword ptr [rdata_bytes + 0x818] // 0x008a5318 ff2518988a00 -_jmp_USER32_DLL__CreateWindowExA: jmp dword ptr [rdata_bytes + 0x808] // 0x008a531e ff2508988a00 -_jmp_USER32_DLL__GetSystemMetrics: jmp dword ptr [rdata_bytes + 0x804] // 0x008a5324 ff2504988a00 -_jmp_USER32_DLL__AdjustWindowRect: jmp dword ptr [rdata_bytes + 0x80c] // 0x008a532a ff250c988a00 -_jmp_USER32_DLL__LoadCursorA: jmp dword ptr [rdata_bytes + 0x858] // 0x008a5330 ff2558988a00 -_jmp_USER32_DLL__PostMessageA: jmp dword ptr [rdata_bytes + 0x7fc] // 0x008a5336 ff25fc978a00 -_jmp_USER32_DLL__GetWindowRect: jmp dword ptr [rdata_bytes + 0x7f4] // 0x008a533c ff25f4978a00 -_jmp_USER32_DLL__GetCursorPos: jmp dword ptr [rdata_bytes + 0x878] // 0x008a5342 ff2578988a00 -_jmp_USER32_DLL__GetAsyncKeyState: jmp dword ptr [rdata_bytes + 0x860] // 0x008a5348 ff2560988a00 -_jmp_USER32_DLL__ScreenToClient: jmp dword ptr [rdata_bytes + 0x85c] // 0x008a534e ff255c988a00 -_jmp_USER32_DLL__DefWindowProcA: jmp dword ptr [rdata_bytes + 0x870] // 0x008a5354 ff2570988a00 -_jmp_USER32_DLL__SetCursor: jmp dword ptr [rdata_bytes + 0x86c] // 0x008a535a ff256c988a00 -_jmp_USER32_DLL__ReleaseCapture: jmp dword ptr [rdata_bytes + 0x868] // 0x008a5360 ff2568988a00 -_jmp_USER32_DLL__SetTimer: jmp dword ptr [rdata_bytes + 0x82c] // 0x008a5366 ff252c988a00 -_jmp_USER32_DLL__KillTimer: jmp dword ptr [rdata_bytes + 0x800] // 0x008a536c ff2500988a00 -_jmp_USER32_DLL__SetCapture: jmp dword ptr [rdata_bytes + 0x7f0] // 0x008a5372 ff25f0978a00 -_jmp_USER32_DLL__GetMessageTime: jmp dword ptr [rdata_bytes + 0x7ec] // 0x008a5378 ff25ec978a00 -_jmp_USER32_DLL__RegisterWindowMessageA: jmp dword ptr [rdata_bytes + 0x854] // 0x008a537e ff2554988a00 -_jmp_USER32_DLL__MoveWindow: jmp dword ptr [rdata_bytes + 0x850] // 0x008a5384 ff2550988a00 -_jmp_USER32_DLL__GetClientRect: jmp dword ptr [rdata_bytes + 0x84c] // 0x008a538a ff254c988a00 -_jmp_USER32_DLL__ChangeDisplaySettingsA: jmp dword ptr [rdata_bytes + 0x848] // 0x008a5390 ff2548988a00 -_jmp_USER32_DLL__EnumDisplaySettingsA: jmp dword ptr [rdata_bytes + 0x844] // 0x008a5396 ff2544988a00 -_jmp_USER32_DLL__SetWindowLongA: jmp dword ptr [rdata_bytes + 0x840] // 0x008a539c ff2540988a00 -_jmp_USER32_DLL__SetWindowPos: jmp dword ptr [rdata_bytes + 0x83c] // 0x008a53a2 ff253c988a00 -_jmp_USER32_DLL__ClientToScreen: jmp dword ptr [rdata_bytes + 0x838] // 0x008a53a8 ff2538988a00 -_jmp_USER32_DLL__EndDialog: jmp dword ptr [rdata_bytes + 0x828] // 0x008a53ae ff2528988a00 -_jmp_USER32_DLL__SetCursorPos: jmp dword ptr [rdata_bytes + 0x7e4] // 0x008a53b4 ff25e4978a00 -_jmp_USER32_DLL__GetKeyboardLayoutList: jmp dword ptr [rdata_bytes + 0x7e0] // 0x008a53ba ff25e0978a00 -_jmp_USER32_DLL__GetKeyboardLayout: jmp dword ptr [rdata_bytes + 0x7e8] // 0x008a53c0 ff25e8978a00 -_jmp_GDI32_DLL__TextOutA: jmp dword ptr [rdata_bytes + 0x48] // 0x008a53c6 ff2548908a00 -_jmp_GDI32_DLL__SetTextColor: jmp dword ptr [rdata_bytes + 0x44] // 0x008a53cc ff2544908a00 -_jmp_GDI32_DLL__SetBkMode: jmp dword ptr [rdata_bytes + 0x4c] // 0x008a53d2 ff254c908a00 -_jmp_GDI32_DLL__SetBkColor: jmp dword ptr [rdata_bytes + 0x50] // 0x008a53d8 ff2550908a00 -_jmp_GDI32_DLL__CreateFontIndirectA: jmp dword ptr [rdata_bytes + 0x58] // 0x008a53de ff2558908a00 -_jmp_GDI32_DLL__GetDeviceCaps: jmp dword ptr [rdata_bytes + 0x5c] // 0x008a53e4 ff255c908a00 -_jmp_GDI32_DLL__GetObjectA: jmp dword ptr [rdata_bytes + 0x54] // 0x008a53ea ff2554908a00 -_jmp_ADVAPI32_DLL__RegCloseKey: jmp dword ptr [rdata_bytes + 0x4] // 0x008a53f0 ff2504908a00 -_jmp_ADVAPI32_DLL__RegSetValueExA: jmp dword ptr [rdata_bytes + 0x14] // 0x008a53f6 ff2514908a00 -_jmp_ADVAPI32_DLL__RegCreateKeyExA: jmp dword ptr [rdata_bytes + 0x8] // 0x008a53fc ff2508908a00 -_jmp_ADVAPI32_DLL__RegQueryValueExA: jmp dword ptr [rdata_bytes + 0x0] // 0x008a5402 ff2500908a00 -_jmp_ADVAPI32_DLL__RegOpenKeyExA: jmp dword ptr [rdata_bytes + 0x10] // 0x008a5408 ff2510908a00 -_jmp_OLE32_DLL__CoFileTimeToDosDateTime: jmp dword ptr [rdata_bytes + 0x978] // 0x008a540e ff2578998a00 -_jmp_LHLOGR_DLL__LHLogger__ClearError: jmp dword ptr [rdata_bytes + 0x348] // 0x008a5414 ff2548938a00 -_jmp_LHLOGR_DLL___lhbeginthread: jmp dword ptr [rdata_bytes + 0x3dc] // 0x008a541a ff25dc938a00 -_jmp_LHLOGR_DLL__LHDebugStack__UpdateStackInf: jmp dword ptr [rdata_bytes + 0x334] // 0x008a5420 ff2534938a00 -_jmp_LHLOGR_DLL__LHDebugStack__Initialise: jmp dword ptr [rdata_bytes + 0x330] // 0x008a5426 ff2530938a00 -_jmp_LHLOGR_DLL__RegistryRetrieveDouble: jmp dword ptr [rdata_bytes + 0x33c] // 0x008a542c ff253c938a00 -_jmp_LHLOGR_DLL__LHLogger__LogErrorCodeS: jmp dword ptr [rdata_bytes + 0x37c] // 0x008a5432 ff257c938a00 - int3 // 0x008a5438 cc - int3 // 0x008a5439 cc - int3 // 0x008a543a cc - int3 // 0x008a543b cc - int3 // 0x008a543c cc - int3 // 0x008a543d cc - int3 // 0x008a543e cc - int3 // 0x008a543f cc +_jmp_BINKW32_DLL___BinkService@4: jmp dword ptr [__imp__BinkService@4] // 0x008a5030 ff2534998a00 +_jmp_BINKW32_DLL___BinkWait@4: jmp dword ptr [__imp__BinkWait@4] // 0x008a5036 ff2538998a00 +_jmp_BINKW32_DLL___BinkNextFrame@4: jmp dword ptr [__imp__BinkNextFrame@4] // 0x008a503c ff2544998a00 +_jmp_BINKW32_DLL___BinkGetRealtime@12: jmp dword ptr [__imp__BinkGetRealtime@12] // 0x008a5042 ff253c998a00 +_jmp_BINKW32_DLL___BinkGoto@12: jmp dword ptr [__imp__BinkGoto@12] // 0x008a5048 ff2540998a00 +_jmp_BINKW32_DLL___BinkSetSoundOnOff@8: jmp dword ptr [__imp__BinkSetSoundOnOff@8] // 0x008a504e ff2550998a00 +_jmp_BINKW32_DLL___BinkSetSoundSystem@8: jmp dword ptr [__imp__BinkSetSoundSystem@8] // 0x008a5054 ff2548998a00 +_jmp_BINKW32_DLL___BinkOpenDirectSound@4: jmp dword ptr [__imp__BinkOpenDirectSound@4] // 0x008a505a ff254c998a00 +_jmp_BINKW32_DLL___BinkClose@4: jmp dword ptr [__imp__BinkClose@4] // 0x008a5060 ff2554998a00 +_jmp_BINKW32_DLL___BinkGetSummary@8: jmp dword ptr [__imp__BinkGetSummary@8] // 0x008a5066 ff2560998a00 +_jmp_BINKW32_DLL___BinkOpen@8: jmp dword ptr [__imp__BinkOpen@8] // 0x008a506c ff255c998a00 +_jmp_BINKW32_DLL___BinkCopyToBuffer@28: jmp dword ptr [__imp__BinkCopyToBuffer@28] // 0x008a5072 ff2564998a00 +_jmp_BINKW32_DLL___BinkDoFrame@4: jmp dword ptr [__imp__BinkDoFrame@4] // 0x008a5078 ff2558998a00 +_jmp_WSOCK32_DLL__Ordinal_10: jmp dword ptr [__imp__inet_addr@4] // 0x008a507e ff2528998a00 +_jmp_WSOCK32_DLL__Ordinal_115: jmp dword ptr [__imp__WSAStartup@4] // 0x008a5084 ff2524998a00 +_jmp_WSOCK32_DLL__Ordinal_116: jmp dword ptr [__imp__WSACleanup@4] // 0x008a508a ff2520998a00 +_jmp_WSOCK32_DLL__Ordinal_12: jmp dword ptr [__imp__ioctlsocket@4] // 0x008a5090 ff251c998a00 +_jmp_WSOCK32_DLL__Ordinal_21: jmp dword ptr [__imp__setsockopt@4] // 0x008a5096 ff2518998a00 +_jmp_WSOCK32_DLL__Ordinal_15: jmp dword ptr [__imp__ntohs@4] // 0x008a509c ff25d4988a00 +_jmp_WSOCK32_DLL__Ordinal_6: jmp dword ptr [__imp__getsockname@4] // 0x008a50a2 ff25d8988a00 +_jmp_WSOCK32_DLL__Ordinal_2: jmp dword ptr [__imp__bind@4] // 0x008a50a8 ff25dc988a00 +_jmp_WSOCK32_DLL__Ordinal_8: jmp dword ptr [__imp__htonl@4] // 0x008a50ae ff25e0988a00 +_jmp_WSOCK32_DLL__Ordinal_23: jmp dword ptr [__imp__socket@4] // 0x008a50b4 ff25e4988a00 +_jmp_WSOCK32_DLL__Ordinal_17: jmp dword ptr [__imp__recvfrom@4] // 0x008a50ba ff25e8988a00 +_jmp_WSOCK32_DLL__Ordinal_18: jmp dword ptr [__imp__select@4] // 0x008a50c0 ff25ec988a00 +_jmp_WSOCK32_DLL__Ordinal_3: jmp dword ptr [__imp__closesocket@4] // 0x008a50c6 ff25f0988a00 +_jmp_WSOCK32_DLL__Ordinal_52: jmp dword ptr [__imp__gethostbyname@4] // 0x008a50cc ff25d0988a00 +_jmp_WSOCK32_DLL__Ordinal_9: jmp dword ptr [__imp__htons@4] // 0x008a50d2 ff25f8988a00 +_jmp_WSOCK32_DLL__Ordinal_20: jmp dword ptr [__imp__sendto@4] // 0x008a50d8 ff25fc988a00 +_jmp_WSOCK32_DLL__Ordinal_4: jmp dword ptr [__imp__connect@4] // 0x008a50de ff2500998a00 +_jmp_WSOCK32_DLL__Ordinal_22: jmp dword ptr [__imp__shutdown@4] // 0x008a50e4 ff2504998a00 +_jmp_WSOCK32_DLL__Ordinal_19: jmp dword ptr [__imp__send@4] // 0x008a50ea ff2508998a00 +_jmp_WSOCK32_DLL__Ordinal_151: jmp dword ptr [__imp____WSAFDIsSet@4] // 0x008a50f0 ff250c998a00 +_jmp_WSOCK32_DLL__Ordinal_111: jmp dword ptr [__imp__WSAGetLastError@4] // 0x008a50f6 ff2510998a00 +_jmp_WSOCK32_DLL__Ordinal_16: jmp dword ptr [__imp__recv@4] // 0x008a50fc ff2514998a00 +_jmp_KERNEL32_DLL__InterlockedExchange: jmp dword ptr [__imp__InterlockedExchange@4] // 0x008a5102 ff2518938a00 +_jmp_KERNEL32_DLL__InterlockedDecrement: jmp dword ptr [__imp__InterlockedDecrement@4] // 0x008a5108 ff2514938a00 +_jmp_KERNEL32_DLL__InterlockedIncrement: jmp dword ptr [__imp__InterlockedIncrement@4] // 0x008a510e ff2510938a00 +_jmp_KERNEL32_DLL__CloseHandle: jmp dword ptr [__imp__CloseHandle@4] // 0x008a5114 ff25c4928a00 +_jmp_KERNEL32_DLL__SetFilePointer: jmp dword ptr [__imp__SetFilePointer@4] // 0x008a511a ff2520928a00 +_jmp_KERNEL32_DLL__CreateFileA: jmp dword ptr [__imp__CreateFileA@4] // 0x008a5120 ff251c928a00 +_jmp_KERNEL32_DLL__ReadFile: jmp dword ptr [__imp__ReadFile@4] // 0x008a5126 ff2518928a00 +_jmp_KERNEL32_DLL__WriteFile: jmp dword ptr [__imp__WriteFile@4] // 0x008a512c ff2514928a00 +_jmp_KERNEL32_DLL__GetFileSize: jmp dword ptr [__imp__GetFileSize@4] // 0x008a5132 ff2510928a00 +_jmp_KERNEL32_DLL__SetEndOfFile: jmp dword ptr [__imp__SetEndOfFile@4] // 0x008a5138 ff250c928a00 +_jmp_KERNEL32_DLL__IsBadReadPtr: jmp dword ptr [__imp__IsBadReadPtr@4] // 0x008a513e ff2508928a00 +_jmp_KERNEL32_DLL__HeapAlloc: jmp dword ptr [__imp__HeapAlloc@4] // 0x008a5144 ff2504928a00 +_jmp_KERNEL32_DLL__HeapFree: jmp dword ptr [__imp__HeapFree@4] // 0x008a514a ff2500928a00 +_jmp_KERNEL32_DLL__GetLastError: jmp dword ptr [__imp__GetLastError@0] // 0x008a5150 ff25fc918a00 +_jmp_KERNEL32_DLL__GetTimeZoneInformation: jmp dword ptr [__imp__GetTimeZoneInformation@4] // 0x008a5156 ff25f8918a00 +_jmp_KERNEL32_DLL__GetSystemTime: jmp dword ptr [__imp__GetSystemTime@4] // 0x008a515c ff25f4918a00 +_jmp_KERNEL32_DLL__GetLocalTime: jmp dword ptr [__imp__GetLocalTime@4] // 0x008a5162 ff25f0918a00 +_jmp_KERNEL32_DLL__RtlUnwind: jmp dword ptr [__imp__RtlUnwind@4] // 0x008a5168 ff25ec918a00 +_jmp_KERNEL32_DLL__RaiseException: jmp dword ptr [__imp__RaiseException@4] // 0x008a516e ff25e8918a00 +_jmp_KERNEL32_DLL__SetFileAttributesA: jmp dword ptr [__imp__SetFileAttributesA@4] // 0x008a5174 ff25e4918a00 +_jmp_KERNEL32_DLL__HeapReAlloc: jmp dword ptr [__imp__HeapReAlloc@4] // 0x008a517a ff25e0918a00 +_jmp_KERNEL32_DLL__Beep: jmp dword ptr [__imp__Beep@4] // 0x008a5180 ff25dc918a00 +_jmp_KERNEL32_DLL__ExitProcess: jmp dword ptr [__imp__ExitProcess@4] // 0x008a5186 ff25d8918a00 +_jmp_KERNEL32_DLL__TerminateProcess: jmp dword ptr [__imp__TerminateProcess@4] // 0x008a518c ff25d4918a00 +_jmp_KERNEL32_DLL__GetCurrentProcess: jmp dword ptr [__imp__GetCurrentProcess@4] // 0x008a5192 ff25d0918a00 +_jmp_KERNEL32_DLL__GetModuleHandleA: jmp dword ptr [__imp__GetModuleHandleA@4] // 0x008a5198 ff25cc918a00 +_jmp_KERNEL32_DLL__GetStartupInfoA: jmp dword ptr [__imp__GetStartupInfoA@4] // 0x008a519e ff25c8918a00 +_jmp_KERNEL32_DLL__GetVersion: jmp dword ptr [__imp__GetVersion@4] // 0x008a51a4 ff2568928a00 +_jmp_KERNEL32_DLL__FatalAppExitA: jmp dword ptr [__imp__FatalAppExitA@4] // 0x008a51aa ff250c938a00 +_jmp_KERNEL32_DLL__LCMapStringA: jmp dword ptr [__imp__LCMapStringA@4] // 0x008a51b0 ff2508938a00 +_jmp_KERNEL32_DLL__LCMapStringW: jmp dword ptr [__imp__LCMapStringW@4] // 0x008a51b6 ff25f0928a00 +_jmp_KERNEL32_DLL__GetCPInfo: jmp dword ptr [__imp__GetCPInfo@4] // 0x008a51bc ff2504938a00 +_jmp_KERNEL32_DLL__CompareStringA: jmp dword ptr [__imp__CompareStringA@4] // 0x008a51c2 ff2500938a00 +_jmp_KERNEL32_DLL__CompareStringW: jmp dword ptr [__imp__CompareStringW@4] // 0x008a51c8 ff25fc928a00 +_jmp_KERNEL32_DLL__HeapSize: jmp dword ptr [__imp__HeapSize@4] // 0x008a51ce ff25f8928a00 +_jmp_KERNEL32_DLL__GetModuleFileNameA: jmp dword ptr [__imp__GetModuleFileNameA@4] // 0x008a51d4 ff25f4928a00 +_jmp_KERNEL32_DLL__GetEnvironmentVariableA: jmp dword ptr [__imp__GetEnvironmentVariableA@4] // 0x008a51da ff25c0928a00 +_jmp_KERNEL32_DLL__HeapDestroy: jmp dword ptr [__imp__HeapDestroy@4] // 0x008a51e0 ff25ec928a00 +_jmp_KERNEL32_DLL__HeapCreate: jmp dword ptr [__imp__HeapCreate@4] // 0x008a51e6 ff25e8928a00 +_jmp_KERNEL32_DLL__VirtualFree: jmp dword ptr [__imp__VirtualFree@4] // 0x008a51ec ff25e4928a00 +_jmp_KERNEL32_DLL__VirtualAlloc: jmp dword ptr [__imp__VirtualAlloc@4] // 0x008a51f2 ff25e0928a00 +_jmp_KERNEL32_DLL__IsBadWritePtr: jmp dword ptr [__imp__IsBadWritePtr@4] // 0x008a51f8 ff25dc928a00 +_jmp_KERNEL32_DLL__GetCurrentThreadId: jmp dword ptr [__imp__GetCurrentThreadId@4] // 0x008a51fe ff25d8928a00 +_jmp_KERNEL32_DLL__TlsSetValue: jmp dword ptr [__imp__TlsSetValue@4] // 0x008a5204 ff25d4928a00 +_jmp_KERNEL32_DLL__TlsAlloc: jmp dword ptr [__imp__TlsAlloc@4] // 0x008a520a ff25d0928a00 +_jmp_KERNEL32_DLL__TlsFree: jmp dword ptr [__imp__TlsFree@4] // 0x008a5210 ff25cc928a00 +_jmp_KERNEL32_DLL__SetLastError: jmp dword ptr [__imp__SetLastError@4] // 0x008a5216 ff25c8928a00 +_jmp_KERNEL32_DLL__TlsGetValue: jmp dword ptr [__imp__TlsGetValue@4] // 0x008a521c ff25ac918a00 +_jmp_KERNEL32_DLL__GetCurrentThread: jmp dword ptr [__imp__GetCurrentThread@4] // 0x008a5222 ff25b0918a00 +_jmp_KERNEL32_DLL__GetACP: jmp dword ptr [__imp__GetACP@4] // 0x008a5228 ff25bc928a00 +_jmp_KERNEL32_DLL__GetOEMCP: jmp dword ptr [__imp__GetOEMCP@4] // 0x008a522e ff25b8928a00 +_jmp_KERNEL32_DLL__SetHandleCount: jmp dword ptr [__imp__SetHandleCount@4] // 0x008a5234 ff25b4928a00 +_jmp_KERNEL32_DLL__GetStdHandle: jmp dword ptr [__imp__GetStdHandle@4] // 0x008a523a ff25b0928a00 +_jmp_KERNEL32_DLL__GetFileType: jmp dword ptr [__imp__GetFileType@4] // 0x008a5240 ff25ac928a00 +_jmp_KERNEL32_DLL__SetUnhandledExceptionFilter: jmp dword ptr [__imp__SetUnhandledExceptionFilter@4] // 0x008a5246 ff25a8928a00 +_jmp_KERNEL32_DLL__SetConsoleCtrlHandler: jmp dword ptr [__imp__SetConsoleCtrlHandler@4] // 0x008a524c ff25a4928a00 +_jmp_KERNEL32_DLL__FlushFileBuffers: jmp dword ptr [__imp__FlushFileBuffers@4] // 0x008a5252 ff25a0928a00 +_jmp_KERNEL32_DLL__UnhandledExceptionFilter: jmp dword ptr [__imp__UnhandledExceptionFilter@4] // 0x008a5258 ff259c928a00 +_jmp_KERNEL32_DLL__FreeEnvironmentStringsA: jmp dword ptr [__imp__FreeEnvironmentStringsA@4] // 0x008a525e ff2598928a00 +_jmp_KERNEL32_DLL__FreeEnvironmentStringsW: jmp dword ptr [__imp__FreeEnvironmentStringsW@4] // 0x008a5264 ff2594928a00 +_jmp_KERNEL32_DLL__GetEnvironmentStrings: jmp dword ptr [__imp__GetEnvironmentStrings@4] // 0x008a526a ff2590928a00 +_jmp_KERNEL32_DLL__GetEnvironmentStringsW: jmp dword ptr [__imp__GetEnvironmentStringsW@4] // 0x008a5270 ff258c928a00 +_jmp_KERNEL32_DLL__IsValidLocale: jmp dword ptr [__imp__IsValidLocale@4] // 0x008a5276 ff2588928a00 +_jmp_KERNEL32_DLL__IsValidCodePage: jmp dword ptr [__imp__IsValidCodePage@4] // 0x008a527c ff2584928a00 +_jmp_KERNEL32_DLL__GetLocaleInfoA: jmp dword ptr [__imp__GetLocaleInfoA@4] // 0x008a5282 ff2580928a00 +_jmp_KERNEL32_DLL__EnumSystemLocalesA: jmp dword ptr [__imp__EnumSystemLocalesA@4] // 0x008a5288 ff257c928a00 +_jmp_KERNEL32_DLL__GetUserDefaultLCID: jmp dword ptr [__imp__GetUserDefaultLCID@4] // 0x008a528e ff2578928a00 +_jmp_KERNEL32_DLL__GetStringTypeA: jmp dword ptr [__imp__GetStringTypeA@4] // 0x008a5294 ff2574928a00 +_jmp_KERNEL32_DLL__GetStringTypeW: jmp dword ptr [__imp__GetStringTypeW@4] // 0x008a529a ff2570928a00 +_jmp_KERNEL32_DLL__SetEnvironmentVariableA: jmp dword ptr [__imp__SetEnvironmentVariableA@8] // 0x008a52a0 ff25b4918a00 +_jmp_KERNEL32_DLL__SetStdHandle: jmp dword ptr [__imp__SetStdHandle@4] // 0x008a52a6 ff25a8918a00 +_jmp_KERNEL32_DLL__IsBadCodePtr: jmp dword ptr [__imp__IsBadCodePtr@4] // 0x008a52ac ff2564928a00 +_jmp_KERNEL32_DLL__GetLocaleInfoW: jmp dword ptr [__imp__GetLocaleInfoW@4] // 0x008a52b2 ff2560928a00 +_jmp_KERNEL32_DLL__OpenProcess: jmp dword ptr [__imp__OpenProcess@4] // 0x008a52b8 ff255c928a00 +_jmp_KERNEL32_DLL__CreateEventA: jmp dword ptr [__imp__CreateEventA@4] // 0x008a52be ff2558928a00 +_jmp_KERNEL32_DLL__WaitForSingleObject: jmp dword ptr [__imp__WaitForSingleObject@4] // 0x008a52c4 ff2554928a00 +_jmp_KERNEL32_DLL__SetEvent: jmp dword ptr [__imp__SetEvent@4] // 0x008a52ca ff2550928a00 +_jmp_KERNEL32_DLL__MulDiv: jmp dword ptr [__imp__MulDiv@4] // 0x008a52d0 ff254c928a00 +_jmp_KERNEL32_DLL__IsDBCSLeadByte: jmp dword ptr [__imp__IsDBCSLeadByte@4] // 0x008a52d6 ff2548928a00 +_jmp_USER32_DLL__IsWindow: jmp dword ptr [__imp__IsWindow@4] // 0x008a52dc ff2574988a00 +_jmp_USER32_DLL__SetMenu: jmp dword ptr [__imp__SetMenu@4] // 0x008a52e2 ff257c988a00 +_jmp_USER32_DLL__PeekMessageA: jmp dword ptr [__imp__PeekMessageA@4] // 0x008a52e8 ff2534988a00 +_jmp_USER32_DLL__DispatchMessageA: jmp dword ptr [__imp__DispatchMessageA@4] // 0x008a52ee ff2530988a00 +_jmp_USER32_DLL__TranslateMessage: jmp dword ptr [__imp__TranslateMessage@4] // 0x008a52f4 ff2564988a00 +_jmp_USER32_DLL__GetMessageA: jmp dword ptr [__imp__GetMessageA@4] // 0x008a52fa ff2520988a00 +_jmp_USER32_DLL__TranslateAcceleratorA: jmp dword ptr [__imp__TranslateAcceleratorA@4] // 0x008a5300 ff251c988a00 +_jmp_USER32_DLL__LoadAcceleratorsA: jmp dword ptr [__imp__LoadAcceleratorsA@4] // 0x008a5306 ff2524988a00 +_jmp_USER32_DLL__RegisterClassA: jmp dword ptr [__imp__RegisterClassA@4] // 0x008a530c ff2514988a00 +_jmp_USER32_DLL__LoadIconA: jmp dword ptr [__imp__LoadIconA@4] // 0x008a5312 ff2510988a00 +_jmp_USER32_DLL__GetMenu: jmp dword ptr [__imp__GetMenu@4] // 0x008a5318 ff2518988a00 +_jmp_USER32_DLL__CreateWindowExA: jmp dword ptr [__imp__CreateWindowExA@4] // 0x008a531e ff2508988a00 +_jmp_USER32_DLL__GetSystemMetrics: jmp dword ptr [__imp__GetSystemMetrics@4] // 0x008a5324 ff2504988a00 +_jmp_USER32_DLL__AdjustWindowRect: jmp dword ptr [__imp__AdjustWindowRect@4] // 0x008a532a ff250c988a00 +_jmp_USER32_DLL__LoadCursorA: jmp dword ptr [__imp__LoadCursorA@4] // 0x008a5330 ff2558988a00 +_jmp_USER32_DLL__PostMessageA: jmp dword ptr [__imp__PostMessageA@4] // 0x008a5336 ff25fc978a00 +_jmp_USER32_DLL__GetWindowRect: jmp dword ptr [__imp__GetWindowRect@4] // 0x008a533c ff25f4978a00 +_jmp_USER32_DLL__GetCursorPos: jmp dword ptr [__imp__GetCursorPos@4] // 0x008a5342 ff2578988a00 +_jmp_USER32_DLL__GetAsyncKeyState: jmp dword ptr [__imp__GetAsyncKeyState@4] // 0x008a5348 ff2560988a00 +_jmp_USER32_DLL__ScreenToClient: jmp dword ptr [__imp__ScreenToClient@4] // 0x008a534e ff255c988a00 +_jmp_USER32_DLL__DefWindowProcA: jmp dword ptr [__imp__DefWindowProcA@4] // 0x008a5354 ff2570988a00 +_jmp_USER32_DLL__SetCursor: jmp dword ptr [__imp__SetCursor@4] // 0x008a535a ff256c988a00 +_jmp_USER32_DLL__ReleaseCapture: jmp dword ptr [__imp__ReleaseCapture@4] // 0x008a5360 ff2568988a00 +_jmp_USER32_DLL__SetTimer: jmp dword ptr [__imp__SetTimer@4] // 0x008a5366 ff252c988a00 +_jmp_USER32_DLL__KillTimer: jmp dword ptr [__imp__KillTimer@4] // 0x008a536c ff2500988a00 +_jmp_USER32_DLL__SetCapture: jmp dword ptr [__imp__SetCapture@4] // 0x008a5372 ff25f0978a00 +_jmp_USER32_DLL__GetMessageTime: jmp dword ptr [__imp__GetMessageTime@4] // 0x008a5378 ff25ec978a00 +_jmp_USER32_DLL__RegisterWindowMessageA: jmp dword ptr [__imp__RegisterWindowMessageA@4] // 0x008a537e ff2554988a00 +_jmp_USER32_DLL__MoveWindow: jmp dword ptr [__imp__MoveWindow@4] // 0x008a5384 ff2550988a00 +_jmp_USER32_DLL__GetClientRect: jmp dword ptr [__imp__GetClientRect@4] // 0x008a538a ff254c988a00 +_jmp_USER32_DLL__ChangeDisplaySettingsA: jmp dword ptr [__imp__ChangeDisplaySettingsA@4] // 0x008a5390 ff2548988a00 +_jmp_USER32_DLL__EnumDisplaySettingsA: jmp dword ptr [__imp__EnumDisplaySettingsA@4] // 0x008a5396 ff2544988a00 +_jmp_USER32_DLL__SetWindowLongA: jmp dword ptr [__imp__SetWindowLongA@4] // 0x008a539c ff2540988a00 +_jmp_USER32_DLL__SetWindowPos: jmp dword ptr [__imp__SetWindowPos@4] // 0x008a53a2 ff253c988a00 +_jmp_USER32_DLL__ClientToScreen: jmp dword ptr [__imp__ClientToScreen@4] // 0x008a53a8 ff2538988a00 +_jmp_USER32_DLL__EndDialog: jmp dword ptr [__imp__EndDialog@4] // 0x008a53ae ff2528988a00 +_jmp_USER32_DLL__SetCursorPos: jmp dword ptr [__imp__SetCursorPos@4] // 0x008a53b4 ff25e4978a00 +_jmp_USER32_DLL__GetKeyboardLayoutList: jmp dword ptr [__imp__GetKeyboardLayoutList@4] // 0x008a53ba ff25e0978a00 +_jmp_USER32_DLL__GetKeyboardLayout: jmp dword ptr [__imp__GetKeyboardLayout@4] // 0x008a53c0 ff25e8978a00 +_jmp_GDI32_DLL__TextOutA: jmp dword ptr [__imp__TextOutA@4] // 0x008a53c6 ff2548908a00 +_jmp_GDI32_DLL__SetTextColor: jmp dword ptr [__imp__SetTextColor@4] // 0x008a53cc ff2544908a00 +_jmp_GDI32_DLL__SetBkMode: jmp dword ptr [__imp__SetBkMode@4] // 0x008a53d2 ff254c908a00 +_jmp_GDI32_DLL__SetBkColor: jmp dword ptr [__imp__SetBkColor@4] // 0x008a53d8 ff2550908a00 +_jmp_GDI32_DLL__CreateFontIndirectA: jmp dword ptr [__imp__CreateFontIndirectA@4] // 0x008a53de ff2558908a00 +_jmp_GDI32_DLL__GetDeviceCaps: jmp dword ptr [__imp__GetDeviceCaps@4] // 0x008a53e4 ff255c908a00 +_jmp_GDI32_DLL__GetObjectA: jmp dword ptr [__imp__GetObjectA@4] // 0x008a53ea ff2554908a00 +_jmp_ADVAPI32_DLL__RegCloseKey: jmp dword ptr [__imp__RegCloseKey@4] // 0x008a53f0 ff2504908a00 +_jmp_ADVAPI32_DLL__RegSetValueExA: jmp dword ptr [__imp__RegSetValueExA@4] // 0x008a53f6 ff2514908a00 +_jmp_ADVAPI32_DLL__RegCreateKeyExA: jmp dword ptr [__imp__RegCreateKeyExA@4] // 0x008a53fc ff2508908a00 +_jmp_ADVAPI32_DLL__RegQueryValueExA: jmp dword ptr [__imp__RegQueryValueExA@4] // 0x008a5402 ff2500908a00 +_jmp_ADVAPI32_DLL__RegOpenKeyExA: jmp dword ptr [__imp__RegOpenKeyExA@4] // 0x008a5408 ff2510908a00 +_jmp_OLE32_DLL__CoFileTimeToDosDateTime: jmp dword ptr [__imp__CoFileTimeToDosDateTime@4] // 0x008a540e ff2578998a00 +_jmp_LHLOGR_DLL__LHLogger__ClearError: jmp dword ptr [__imp__ClearError_LHLogger__QAEXXZ@4] // 0x008a5414 ff2548938a00 +_jmp_LHLOGR_DLL___lhbeginthread: jmp dword ptr [__imp___lhbeginthread__YAKPADP6AXPAX_ZI1J_Z@4] // 0x008a541a ff25dc938a00 +_jmp_LHLOGR_DLL__LHDebugStack__UpdateStackInf: jmp dword ptr [__imp__UpdateStackInformation_LHDebugStack__QAEXXZ@4] // 0x008a5420 ff2534938a00 +_jmp_LHLOGR_DLL__LHDebugStack__Initialise: jmp dword ptr [__imp__Initialise_LHDebugStack__SAHXZ@4] // 0x008a5426 ff2530938a00 +_jmp_LHLOGR_DLL__RegistryRetrieveDouble: jmp dword ptr [__imp__RegistryRetrieveDouble__YA_AW4LH_RETURN__PAD0PAN_Z@4] // 0x008a542c ff253c938a00 +_jmp_LHLOGR_DLL__LHLogger__LogErrorCodeS: jmp dword ptr [__imp__LogErrorCodeS_LHLogger__SAHPAD0KPAULHErrorCode__KZZ@4] // 0x008a5432 ff257c938a00 + int3 // 0x008a5438 cc + int3 // 0x008a5439 cc + int3 // 0x008a543a cc + int3 // 0x008a543b cc + int3 // 0x008a543c cc + int3 // 0x008a543d cc + int3 // 0x008a543e cc + int3 // 0x008a543f cc diff --git a/src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5b0c-dll-jmp-table.asm b/src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5b0c-dll-jmp-table.asm new file mode 100644 index 00000000..4c30d5ec --- /dev/null +++ b/src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5b0c-dll-jmp-table.asm @@ -0,0 +1,11 @@ +.intel_syntax noprefix +.balign 0 + +.extern __imp__DirectInputCreateA@4 +.extern __imp__LHWaveGetQMixerDirectSoundObject_LH_AudioSystem__QAEPAXXZ@4 + +.globl _jmp_addr_0x008a5b00 + +_jmp_addr_0x008a5b00: + jmp dword ptr [__imp__DirectInputCreateA@4] // 0x008a5b00 ff2534908a00 + jmp dword ptr [__imp__LHWaveGetQMixerDirectSoundObject_LH_AudioSystem__QAEPAXXZ@4] // 0x008a5b06 ff25c4968a00 diff --git a/src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5f63.asm b/src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5f63.asm deleted file mode 100644 index 2e50cfee..00000000 --- a/src/asm/unprocessed/runblack.reassemble.1342.008a5b00-008a5f63.asm +++ /dev/null @@ -1,9 +0,0 @@ -.intel_syntax noprefix -.align 16 - -.extern rdata_bytes - -.globl _jmp_addr_0x008a5b00 - -_jmp_addr_0x008a5b00: jmp dword ptr [rdata_bytes + 0x34] // 0x008a5b00 ff2534908a00 - jmp dword ptr [rdata_bytes + 0x6c4] // 0x008a5b06 ff25c4968a00 diff --git a/src/asm/unprocessed/runblack.reassemble.1344.008a6460-008a6470-dll-jmp-table.asm b/src/asm/unprocessed/runblack.reassemble.1344.008a6460-008a6470-dll-jmp-table.asm index 8cffe83a..e10ee350 100644 --- a/src/asm/unprocessed/runblack.reassemble.1344.008a6460-008a6470-dll-jmp-table.asm +++ b/src/asm/unprocessed/runblack.reassemble.1344.008a6460-008a6470-dll-jmp-table.asm @@ -1,17 +1,18 @@ .intel_syntax noprefix .balign 0 -.extern rdata_bytes +.extern __imp__GetCurrentProcessId@0 +.extern __imp__GetSystemTimeAsFileTime@4 // Unable to set this byte so it's done in post process // int3 // 0x008a645b cc - int3 // 0x008a645c cc - int3 // 0x008a645d cc - int3 // 0x008a645e cc - int3 // 0x008a645f cc - jmp dword ptr [rdata_bytes + 0x31c] // 0x008a6460 ff251c938a00 - jmp dword ptr [rdata_bytes + 0x26c] // 0x008a6466 ff256c928a00 - int3 // 0x008a646c cc - int3 // 0x008a646d cc - int3 // 0x008a646e cc - int3 // 0x008a646f cc + int3 // 0x008a645c cc + int3 // 0x008a645d cc + int3 // 0x008a645e cc + int3 // 0x008a645f cc + jmp dword ptr [__imp__GetCurrentProcessId@0] // 0x008a6460 ff251c938a00 + jmp dword ptr [__imp__GetSystemTimeAsFileTime@4] // 0x008a6466 ff256c928a00 + int3 // 0x008a646c cc + int3 // 0x008a646d cc + int3 // 0x008a646e cc + int3 // 0x008a646f cc