c:\WINDOWS\system32\drivers\tifm21.sys (hex) (dec) .EXE size (bytes) 490 1168 Minimum load size (bytes) 450 1104 Overlay number 0 0 Initial CS:IP 0000:0000 Initial SS:SP 0000:00B8 184 Minimum allocation (para) 0 0 Maximum allocation (para) FFFF 65535 Header size (para) 4 4 Relocation table offset 40 64 Relocation entries 0 0 Portable Executable starts at d0 Signature 00004550 (PE) Machine 014C (Intel 386) Sections 0008 Time Date Stamp 418FDFBF Mon Nov 08 16:06:07 2004 Symbol Table 00000000 Number of Symbols 00000000 Optional header size 00E0 Characteristics 010E Executable Image Line numbers stripped Local symbols stripped 32 bit word machine Magic 010B Linker Version 7.00 Size of Code 00013300 Size of Initialized Data 00001780 Size of Uninitialized Data 00000000 Address of Entry Point 00012D18 Base of Code 00000380 Base of Data 00012E80 Image Base 00010000 Section Alignment 00000080 File Alignment 00000080 Operating System Version 5.01 Image Version 5.01 Subsystem Version 5.01 reserved 00000000 Image Size 00014E00 Header Size 00000380 Checksum 0001D8C8 Subsystem 0001 (Native) DLL Characteristics 0000 Size Of Stack Reserve 00040000 Size Of Stack Commit 00001000 Size Of Heap Reserve 00100000 Size Of Heap Commit 00001000 Loader Flags 00000000 Number of Directories 00000010 Directory Name VirtAddr VirtSize -------------------------------------- -------- -------- Export 00000000 00000000 Import 00013380 0000003C Resource 00013B80 000004B0 Exception 00000000 00000000 Security 00000000 00000000 Base Relocation 00014080 00000BD8 Debug 00012FD0 0000001C Decription/Architecture 00000000 00000000 Machine Value (MIPS GP) 00000000 00000000 Thread Storage 00000000 00000000 Load Configuration 00000000 00000000 Bound Import 00000000 00000000 Import Address Table 00012E80 00000144 Delay Import 00000000 00000000 COM Runtime Descriptor 00000000 00000000 (reserved) 00000000 00000000 Section Table ------------- 01 .text Virtual Address 00000380 Virtual Size 00010DFE Raw Data Offset 00000380 Raw Data Size 00010E00 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 68000020 Code Not Pageable Executable Readable 02 page Virtual Address 00011180 Virtual Size 00001B35 Raw Data Offset 00011180 Raw Data Size 00001B80 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 68000020 Code Not Pageable Executable Readable 03 init Virtual Address 00012D00 Virtual Size 00000118 Raw Data Offset 00012D00 Raw Data Size 00000180 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 68000020 Code Not Pageable Executable Readable 04 .rdata Virtual Address 00012E80 Virtual Size 000003B4 Raw Data Offset 00012E80 Raw Data Size 00000400 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 48000040 Initialized Data Not Pageable Readable 05 .data Virtual Address 00013280 Virtual Size 000000D0 Raw Data Offset 00013280 Raw Data Size 00000100 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics C8000040 Initialized Data Not Pageable Readable Writeable 06 INIT Virtual Address 00013380 Virtual Size 000007DC Raw Data Offset 00013380 Raw Data Size 00000800 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics E2000020 Code Discardable Executable Readable Writeable 07 .rsrc Virtual Address 00013B80 Virtual Size 000004B0 Raw Data Offset 00013B80 Raw Data Size 00000500 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 42000040 Initialized Data Discardable Readable 08 .reloc Virtual Address 00014080 Virtual Size 00000D6C Raw Data Offset 00014080 Raw Data Size 00000D80 Relocation Offset 00000000 Relocation Count 0000 Line Number Offset 00000000 Line Number Count 0000 Characteristics 42000040 Initialized Data Discardable Readable Imp Addr Hint Import Name from ntoskrnl.exe - Not Bound -------- ---- --------------------------------------------------------------- 00012EA4 30 DbgPrint 00012EA8 4EE ZwClose 00012EAC 40B RtlInitUnicodeString 00012EB0 1D9 IofCallDriver 00012EB4 327 PoCallDriver 00012EB8 333 PoStartNextPowerIrp 00012EBC 149 IoDeleteDevice 00012EC0 21A KeInsertQueueDpc 00012EC4 178 IoInvalidateDeviceRelations 00012EC8 2BE MmUnmapIoSpace 00012ECC 136 IoConnectInterrupt 00012ED0 16A IoGetDmaAdapter 00012ED4 2A0 MmMapIoSpace 00012ED8 20B KeInitializeDpc 00012EDC 213 KeInitializeTimer 00012EE0 20F KeInitializeMutex 00012EE4 21D KeLeaveCriticalRegion 00012EE8 1F6 KeEnterCriticalRegion 00012EEC 138 IoCreateDevice 00012EF0 4D ExFreePoolWithTag 00012EF4 322 ObfReferenceObject 00012EF8 150 IoDisconnectInterrupt 00012EFC 235 KeReleaseMutex 00012F00 254 KeSetTimer 00012F04 189 IoQueueWorkItem 00012F08 120 IoAllocateWorkItem 00012F0C 15C IoFreeWorkItem 00012F10 330 PoSetPowerState 00012F14 5A9 wcslen 00012F18 1EF KeClearEvent 00012F1C 15E IoGetAttachedDeviceReference 00012F20 15A IoFreeIrp 00012F24 11E IoAllocateIrp 00012F28 59C swprintf 00012F2C 40 ExAllocatePoolWithTag 00012F30 32D PoRequestPowerIrp 00012F34 1F2 KeDelayExecutionThread 00012F38 1EE KeCancelTimer 00012F3C 15B IoFreeMdl 00012F40 2AE MmProbeAndLockPages 00012F44 11F IoAllocateMdl 00012F48 2BD MmUnlockPages 00012F4C 285 MmBuildMdlForNonPagedPool 00012F50 44F RtlQueryRegistryValues 00012F54 58B memmove 00012F58 498 RtlWriteRegistryValue 00012F5C 4F5 ZwCreateKey 00012F60 181 IoOpenDeviceRegistryKey 00012F64 3F3 RtlFreeUnicodeString 00012F68 14C IoDetachDevice 00012F6C 192 IoRegisterDeviceInterface 00012F70 125 IoAttachDeviceToDeviceStack 00012F74 3B5 RtlCopyUnicodeString 00012F78 1A7 IoSetDeviceInterfaceState 00012F7C 17E IoIsWdmVersionAvailable 00012F80 257 KeSynchronizeExecution 00012F84 227 KeQuerySystemTime 00012F88 58F sprintf 00012F8C 25E KeWaitForMultipleObjects 00012F90 56D _purecall 00012F94 259 KeTickCount 00012F98 568 _except_handler3 00012F9C 260 KeWaitForSingleObject 00012FA0 249 KeSetEvent 00012FA4 262 KefReleaseSpinLockFromDpcLevel 00012FA8 212 KeInitializeSpinLock 00012FAC 20C KeInitializeEvent 00012FB0 199 IoReleaseCancelSpinLock 00012FB4 261 KefAcquireSpinLockAtDpcLevel 00012FB8 321 ObfDereferenceObject 00012FBC 1DA IofCompleteRequest Imp Addr Hint Import Name from HAL.dll - Not Bound -------- ---- --------------------------------------------------------------- 00012E80 40 KeGetCurrentIrql 00012E84 4E KfRaiseIrql 00012E88 0 ExAcquireFastMutex 00012E8C 1 ExReleaseFastMutex 00012E90 4D KfLowerIrql 00012E94 4C KfAcquireSpinLock 00012E98 4F KfReleaseSpinLock 00012E9C 49 KeStallExecutionProcessor Debug Entry Chars TimeDate Maj Min Type Size AddrRaw PtrRaw -------- -------- ---- ---- ---------------------- -------- -------- -------- 00000000 418FDFBF 0000 0000 00000002 CODEVIEW 00000070 000131C4 000131C4 CODEVIEW Debug Info C:\XPDDK\2600\src\storage\tifmsys\HP_JAKARTA_HACK_08-27-2004\src\objfre\i386\tifm21.pdb - 888137916E7A38439A79B81388CB0AA8 IAT Entry 00000000: 00013B24 00013B16 - 00013B00 00013AEA - 00013ADC 00013AC8 00000018: 00013AB4 00013B38 - 00000000 000135D4 - 000135E0 000135EA 00000030: 00013602 00013612 - 00013622 00013638 - 0001364A 0001365E 00000048: 0001367C 0001368E - 000136A4 000136B6 - 000136C6 000136D8 00000060: 000136EC 00013700 - 00013718 00013730 - 00013742 00013756 00000078: 0001376C 00013784 - 00013796 000137A4 - 000137B6 000137CC 00000090: 000137DE 000137F0 - 000135C4 00013812 - 00013832 0001383E 000000A8: 0001384E 0001385A - 00013872 00013886 - 000138A0 000138B0 000000C0: 000138BC 000138D2 - 000138E2 000138F2 - 0001390E 00013928 000000D8: 00013932 0001394A - 00013958 00013972 - 0001398A 0001399C 000000F0: 000139B8 000139D6 - 000139EE 00013A0A - 00013A24 00013A3E 00000108: 00013A52 00013A5C - 00013A78 00013A84 - 00013AA0 000135AC 00000120: 0001359E 0001357C - 00013564 00013550 - 00013536 00013516 00000138: 000137FA 00013500 - 00000000 Disassembly 00010380 fn_00010380: ; Xref 00012826 00010380 8B442404 mov eax,[esp+4] 00010384 83603000 and dword ptr [eax+30h],0 00010388 C20400 ret 4 0001038B CC int 3 0001038C fn_0001038C: ; Xref 0001118C 0001038C 8B442404 mov eax,[esp+4] 00010390 8B4030 mov eax,[eax+30h] 00010393 C20400 ret 4 00010396 fn_00010396: ; Xref 00011C95 00010396 53 push ebx 00010397 56 push esi 00010398 8B742410 mov esi,[esp+10h] 0001039C 8A5E25 mov bl,[esi+25h] 0001039F 57 push edi 000103A0 6A02 push 2 000103A2 FF15B02F0200 call dword ptr [IoReleaseCancelSpinLock] 000103A8 8B7C2410 mov edi,[esp+10h] 000103AC 83C708 add edi,8 000103AF 8BCF mov ecx,edi 000103B1 FF15B42F0200 call dword ptr [KefAcquireSpinLockAtDpcLevel] 000103B7 8B4E5C mov ecx,[esi+5Ch] 000103BA 8B4658 mov eax,[esi+58h] 000103BD 8901 mov [ecx],eax 000103BF 894804 mov [eax+4],ecx 000103C2 8AD3 mov dl,bl 000103C4 8BCF mov ecx,edi 000103C6 FF15982E0200 call dword ptr [KfReleaseSpinLock] 000103CC 32D2 xor dl,dl 000103CE 8BCE mov ecx,esi 000103D0 C74618200100C0 mov dword ptr [esi+18h],0C0000120h 000103D7 FF15BC2F0200 call dword ptr [IofCompleteRequest] 000103DD 5F pop edi 000103DE 5E pop esi 000103DF 5B pop ebx 000103E0 C20800 ret 8 000103E3 CC int 3 000103E4 fn_000103E4: ; Xref 000138A8 00013932 000103E4 53 push ebx 000103E5 56 push esi 000103E6 8B74240C mov esi,[esp+0Ch] 000103EA 57 push edi 000103EB 8D7E08 lea edi,[esi+8] 000103EE 8BCF mov ecx,edi 000103F0 FF15942E0200 call dword ptr [KfAcquireSpinLock] 000103F6 837E1400 cmp dword ptr [esi+14h],0 000103FA 0F95C3 setne bl 000103FD 84DB test bl,bl 000103FF 750A jnz loc_0001040B 00010401 33C9 xor ecx,ecx 00010403 83C610 add esi,10h 00010406 41 inc ecx 00010407 F00FC10E lock xadd [esi],ecx 0001040B loc_0001040B: ; Xref 000103FF 0001040B 8AD0 mov dl,al 0001040D 8BCF mov ecx,edi 0001040F FF15982E0200 call dword ptr [KfReleaseSpinLock] 00010415 5F pop edi 00010416 5E pop esi 00010417 8AC3 mov al,bl 00010419 5B pop ebx 0001041A C20400 ret 4 0001041D CC int 3 0001041E fn_0001041E: ; Xref 00010737 00021233 0001041E 55 push ebp 0001041F 8BEC mov ebp,esp 00010421 83EC0C sub esp,0Ch 00010424 53 push ebx 00010425 8B5D08 mov ebx,[ebp+8] 00010428 8D45F4 lea eax,[ebp-0Ch] 0001042B 8945F8 mov [ebp-8],eax 0001042E 8D45F4 lea eax,[ebp-0Ch] 00010431 8D4B08 lea ecx,[ebx+8] 00010434 56 push esi 00010435 8945F4 mov [ebp-0Ch],eax 00010438 894DFC mov [ebp-4],ecx 0001043B FF15942E0200 call dword ptr [KfAcquireSpinLock] 00010441 8B33 mov esi,[ebx] 00010443 3BF3 cmp esi,ebx 00010445 88450B mov [ebp+0Bh],al 00010448 7441 jz loc_0001048B 0001044A 8B550C mov edx,[ebp+0Ch] 0001044D 57 push edi 0001044E loc_0001044E: ; Xref 00010488 0001044E 85D2 test edx,edx 00010450 8D46A8 lea eax,[esi-58h] 00010453 8BCE mov ecx,esi 00010455 8B36 mov esi,[esi] 00010457 7408 jz loc_00010461 00010459 8B7860 mov edi,[eax+60h] 0001045C 395718 cmp [edi+18h],edx 0001045F 7525 jnz loc_00010486 00010461 loc_00010461: ; Xref 00010457 00010461 33FF xor edi,edi 00010463 83C038 add eax,38h 00010466 8738 xchg [eax],edi 00010468 85FF test edi,edi 0001046A 741A jz loc_00010486 0001046C 8B39 mov edi,[ecx] 0001046E 8B4104 mov eax,[ecx+4] 00010471 8938 mov [eax],edi 00010473 894704 mov [edi+4],eax 00010476 8B45F8 mov eax,[ebp-8] 00010479 8D7DF4 lea edi,[ebp-0Ch] 0001047C 8939 mov [ecx],edi 0001047E 894104 mov [ecx+4],eax 00010481 8908 mov [eax],ecx 00010483 894DF8 mov [ebp-8],ecx 00010486 loc_00010486: ; Xref 0001045F 0001046A 00010486 3BF3 cmp esi,ebx 00010488 75C4 jnz loc_0001044E 0001048A 5F pop edi 0001048B loc_0001048B: ; Xref 00010448 0001048B 8A550B mov dl,[ebp+0Bh] 0001048E 8B4DFC mov ecx,[ebp-4] 00010491 FF15982E0200 call dword ptr [KfReleaseSpinLock] 00010497 5E pop esi 00010498 5B pop ebx 00010499 EB1C jmp loc_000104B7 0001049B loc_0001049B: ; Xref 000104BF 0001049B 8B01 mov eax,[ecx] 0001049D 8945F4 mov [ebp-0Ch],eax 000104A0 8D55F4 lea edx,[ebp-0Ch] 000104A3 895004 mov [eax+4],edx 000104A6 8B4510 mov eax,[ebp+10h] 000104A9 83C1A8 add ecx,0FFFFFFA8h 000104AC 32D2 xor dl,dl 000104AE 894118 mov [ecx+18h],eax 000104B1 FF15BC2F0200 call dword ptr [IofCompleteRequest] 000104B7 loc_000104B7: ; Xref 00010499 000104B7 8B4DF4 mov ecx,[ebp-0Ch] 000104BA 8D45F4 lea eax,[ebp-0Ch] 000104BD 3BC8 cmp ecx,eax 000104BF 75DA jnz loc_0001049B 000104C1 C9 leave 000104C2 C20C00 ret 0Ch 000104C5 CC int 3 000104C6 fn_000104C6: ; Xref 00011541 000104C6 8B442404 mov eax,[esp+4] 000104CA 8B4014 mov eax,[eax+14h] 000104CD C20400 ret 4 000104D0 fn_000104D0: ; Xref 000220F5 000104D0 56 push esi 000104D1 8B742408 mov esi,[esp+8] 000104D5 57 push edi 000104D6 8D4608 lea eax,[esi+8] 000104D9 50 push eax 000104DA 897604 mov [esi+4],esi 000104DD 8936 mov [esi],esi 000104DF FF15A82F0200 call dword ptr [KeInitializeSpinLock] 000104E5 8B442410 mov eax,[esp+10h] 000104E9 33FF xor edi,edi 000104EB 57 push edi 000104EC 89460C mov [esi+0Ch],eax 000104EF 57 push edi 000104F0 8D4618 lea eax,[esi+18h] 000104F3 50 push eax 000104F4 C7461001000000 mov dword ptr [esi+10h],1 000104FB 897E14 mov [esi+14h],edi 000104FE FF15AC2F0200 call dword ptr [KeInitializeEvent] 00010504 897E30 mov [esi+30h],edi 00010507 897E28 mov [esi+28h],edi 0001050A 897E2C mov [esi+2Ch],edi 0001050D 5F pop edi 0001050E 5E pop esi 0001050F C20800 ret 8 00010512 fn_00010512: ; Xref 0001282D 000139CC 0001475A 00010512 55 push ebp 00010513 8BEC mov ebp,esp 00010515 53 push ebx 00010516 56 push esi 00010517 8B7508 mov esi,[ebp+8] 0001051A 8D5E08 lea ebx,[esi+8] 0001051D 8BCB mov ecx,ebx 0001051F FF15942E0200 call dword ptr [KfAcquireSpinLock] 00010525 88450B mov [ebp+0Bh],al 00010528 8D5610 lea edx,[esi+10h] 0001052B 83C9FF or ecx,0FFFFFFFFh 0001052E F00FC10A lock xadd [edx],ecx 00010532 49 dec ecx 00010533 85C9 test ecx,ecx 00010535 7E0C jle loc_00010543 00010537 8AD0 mov dl,al 00010539 8BCB mov ecx,ebx 0001053B FF15982E0200 call dword ptr [KfReleaseSpinLock] 00010541 EB43 jmp loc_00010586 00010543 loc_00010543: ; Xref 00010535 00010543 57 push edi 00010544 EB2F jmp loc_00010575 00010546 loc_00010546: ; Xref 00010578 00010546 837E1400 cmp dword ptr [esi+14h],0 0001054A 752E jnz loc_0001057A 0001054C 837E3000 cmp dword ptr [esi+30h],0 00010550 7528 jnz loc_0001057A 00010552 8B0E mov ecx,[esi] 00010554 3BCE cmp ecx,esi 00010556 7422 jz loc_0001057A 00010558 8B01 mov eax,[ecx] 0001055A 8906 mov [esi],eax 0001055C 8D79A8 lea edi,[ecx-58h] 0001055F 897004 mov [eax+4],esi 00010562 33C0 xor eax,eax 00010564 8D4F38 lea ecx,[edi+38h] 00010567 8701 xchg [ecx],eax 00010569 85C0 test eax,eax 0001056B 751F jnz loc_0001058C 0001056D 8D4758 lea eax,[edi+58h] 00010570 894004 mov [eax+4],eax 00010573 8900 mov [eax],eax 00010575 loc_00010575: ; Xref 00010544 00010575 833A00 cmp dword ptr [edx],0 00010578 74CC jz loc_00010546 0001057A loc_0001057A: ; Xref 0001054A 00010550 00010556 0001057A 8A550B mov dl,[ebp+0Bh] 0001057D 8BCB mov ecx,ebx 0001057F FF15982E0200 call dword ptr [KfReleaseSpinLock] 00010585 loc_00010585: ; Xref 000105A7 00010585 5F pop edi 00010586 loc_00010586: ; Xref 00010541 00010586 5E pop esi 00010587 5B pop ebx 00010588 5D pop ebp 00010589 C20800 ret 8 0001058C loc_0001058C: ; Xref 0001056B 0001058C 8BCB mov ecx,ebx 0001058E 897E14 mov [esi+14h],edi 00010591 FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00010597 57 push edi 00010598 FF750C push dword ptr [ebp+0Ch] 0001059B FF560C call dword ptr [esi+0Ch] 0001059E 8A4D0B mov cl,[ebp+0Bh] 000105A1 FF15902E0200 call dword ptr [KfLowerIrql] 000105A7 EBDC jmp loc_00010585 000105A9 CC int 3 000105AA fn_000105AA: ; Xref 00014A9B 000105AA 8B442404 mov eax,[esp+4] 000105AE 33C9 xor ecx,ecx 000105B0 83C010 add eax,10h 000105B3 41 inc ecx 000105B4 F00FC108 lock xadd [eax],ecx 000105B8 C20400 ret 4 000105BB CC int 3 000105BC fn_000105BC: ; Xref 00011122 000114D8 00012287 00012443 000105BC 55 push ebp 000105BD 8BEC mov ebp,esp 000105BF 83EC10 sub esp,10h 000105C2 53 push ebx 000105C3 56 push esi 000105C4 8B7508 mov esi,[ebp+8] 000105C7 8D4E08 lea ecx,[esi+8] 000105CA 57 push edi 000105CB 894DFC mov [ebp-4],ecx 000105CE FF15942E0200 call dword ptr [KfAcquireSpinLock] 000105D4 88450B mov [ebp+0Bh],al 000105D7 8D5E14 lea ebx,[esi+14h] 000105DA 33C0 xor eax,eax 000105DC 8703 xchg [ebx],eax 000105DE 33FF xor edi,edi 000105E0 3BC7 cmp eax,edi 000105E2 8945F4 mov [ebp-0Ch],eax 000105E5 740C jz loc_000105F3 000105E7 57 push edi 000105E8 57 push edi 000105E9 8D4618 lea eax,[esi+18h] 000105EC 50 push eax 000105ED FF15A02F0200 call dword ptr [KeSetEvent] 000105F3 loc_000105F3: ; Xref 000105E5 000105F3 397E10 cmp [esi+10h],edi 000105F6 8B4628 mov eax,[esi+28h] 000105F9 8945F8 mov [ebp-8],eax 000105FC 8B462C mov eax,[esi+2Ch] 000105FF 8945F0 mov [ebp-10h],eax 00010602 897E28 mov [esi+28h],edi 00010605 752F jnz loc_00010636 00010607 loc_00010607: ; Xref 00010634 00010607 837E3000 cmp dword ptr [esi+30h],0 0001060B 7529 jnz loc_00010636 0001060D 8B3E mov edi,[esi] 0001060F 3BFE cmp edi,esi 00010611 7423 jz loc_00010636 00010613 8B07 mov eax,[edi] 00010615 8906 mov [esi],eax 00010617 83C7A8 add edi,0FFFFFFA8h 0001061A 897004 mov [eax+4],esi 0001061D 33C0 xor eax,eax 0001061F 8D4F38 lea ecx,[edi+38h] 00010622 8701 xchg [ecx],eax 00010624 85C0 test eax,eax 00010626 7530 jnz loc_00010658 00010628 8D4758 lea eax,[edi+58h] 0001062B 894004 mov [eax+4],eax 0001062E 8900 mov [eax],eax 00010630 837E1000 cmp dword ptr [esi+10h],0 00010634 74D1 jz loc_00010607 00010636 loc_00010636: ; Xref 00010605 0001060B 00010611 00010636 8A550B mov dl,[ebp+0Bh] 00010639 8B4DFC mov ecx,[ebp-4] 0001063C FF15982E0200 call dword ptr [KfReleaseSpinLock] 00010642 837DF800 cmp dword ptr [ebp-8],0 00010646 7406 jz loc_0001064E 00010648 FF75F0 push dword ptr [ebp-10h] 0001064B FF55F8 call dword ptr [ebp-8] 0001064E loc_0001064E: ; Xref 00010646 00010673 0001064E 8B45F4 mov eax,[ebp-0Ch] 00010651 5F pop edi 00010652 5E pop esi 00010653 5B pop ebx 00010654 C9 leave 00010655 C20800 ret 8 00010658 loc_00010658: ; Xref 00010626 00010658 8B4DFC mov ecx,[ebp-4] 0001065B 893B mov [ebx],edi 0001065D FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00010663 57 push edi 00010664 FF750C push dword ptr [ebp+0Ch] 00010667 FF560C call dword ptr [esi+0Ch] 0001066A 8A4D0B mov cl,[ebp+0Bh] 0001066D FF15902E0200 call dword ptr [KfLowerIrql] 00010673 EBD9 jmp loc_0001064E 00010675 CC int 3 00010676 fn_00010676: ; Xref 00011FB4 00010676 55 push ebp 00010677 8BEC mov ebp,esp 00010679 53 push ebx 0001067A 56 push esi 0001067B 8B7508 mov esi,[ebp+8] 0001067E 8D5E08 lea ebx,[esi+8] 00010681 57 push edi 00010682 8BCB mov ecx,ebx 00010684 FF15942E0200 call dword ptr [KfAcquireSpinLock] 0001068A 8B7E30 mov edi,[esi+30h] 0001068D 85FF test edi,edi 0001068F 8AD0 mov dl,al 00010691 88550B mov [ebp+0Bh],dl 00010694 7418 jz loc_000106AE 00010696 8BCB mov ecx,ebx 00010698 FF15982E0200 call dword ptr [KfReleaseSpinLock] 0001069E 8B4D10 mov ecx,[ebp+10h] 000106A1 897918 mov [ecx+18h],edi 000106A4 loc_000106A4: ; Xref 00010706 000106A4 32D2 xor dl,dl 000106A6 FF15BC2F0200 call dword ptr [IofCompleteRequest] 000106AC EB72 jmp loc_00010720 000106AE loc_000106AE: ; Xref 00010694 000106AE 837E1400 cmp dword ptr [esi+14h],0 000106B2 7528 jnz loc_000106DC 000106B4 837E1000 cmp dword ptr [esi+10h],0 000106B8 7522 jnz loc_000106DC 000106BA 8B7D10 mov edi,[ebp+10h] 000106BD B202 mov dl,2 000106BF 8BCB mov ecx,ebx 000106C1 897E14 mov [esi+14h],edi 000106C4 FF15982E0200 call dword ptr [KfReleaseSpinLock] 000106CA 57 push edi 000106CB FF750C push dword ptr [ebp+0Ch] 000106CE FF560C call dword ptr [esi+0Ch] 000106D1 8A4D0B mov cl,[ebp+0Bh] 000106D4 FF15902E0200 call dword ptr [KfLowerIrql] 000106DA EB44 jmp loc_00010720 000106DC loc_000106DC: ; Xref 000106B2 000106B8 000106DC 8B7D10 mov edi,[ebp+10h] 000106DF 8B4D14 mov ecx,[ebp+14h] 000106E2 8D4738 lea eax,[edi+38h] 000106E5 8708 xchg [eax],ecx 000106E7 807F2400 cmp byte ptr [edi+24h],0 000106EB 741B jz loc_00010708 000106ED 33C9 xor ecx,ecx 000106EF 8708 xchg [eax],ecx 000106F1 85C9 test ecx,ecx 000106F3 7413 jz loc_00010708 000106F5 8BCB mov ecx,ebx 000106F7 FF15982E0200 call dword ptr [KfReleaseSpinLock] 000106FD C74718200100C0 mov dword ptr [edi+18h],0C0000120h 00010704 8BCF mov ecx,edi 00010706 EB9C jmp loc_000106A4 00010708 loc_00010708: ; Xref 000106EB 000106F3 00010708 8B4E04 mov ecx,[esi+4] 0001070B 8D4758 lea eax,[edi+58h] 0001070E 894804 mov [eax+4],ecx 00010711 8930 mov [eax],esi 00010713 8901 mov [ecx],eax 00010715 8BCB mov ecx,ebx 00010717 894604 mov [esi+4],eax 0001071A FF15982E0200 call dword ptr [KfReleaseSpinLock] 00010720 loc_00010720: ; Xref 000106AC 000106DA 00010720 5F pop edi 00010721 5E pop esi 00010722 5B pop ebx 00010723 5D pop ebp 00010724 C21000 ret 10h 00010727 CC int 3 00010728 fn_00010728: ; Xref 00011114 00012870 00010728 8B442408 mov eax,[esp+8] 0001072C 8B4C2404 mov ecx,[esp+4] 00010730 50 push eax 00010731 6A00 push 0 00010733 51 push ecx 00010734 894130 mov [ecx+30h],eax 00010737 E8E2FCFFFF call fn_0001041E 0001073C C20800 ret 8 0001073F CC int 3 00010740 fn_00010740: ; Xref 0001081D 00010877 0001506B 000218DA 00010740 8B442404 mov eax,[esp+4] 00010744 33C9 xor ecx,ecx 00010746 41 inc ecx 00010747 F00FC108 lock xadd [eax],ecx 0001074B 33C9 xor ecx,ecx 0001074D 384804 cmp [eax+4],cl 00010750 741C jz loc_0001076E 00010752 83CAFF or edx,0FFFFFFFFh 00010755 F00FC110 lock xadd [eax],edx 00010759 750C jnz loc_00010767 0001075B 51 push ecx 0001075C 51 push ecx 0001075D 83C008 add eax,8 00010760 50 push eax 00010761 FF15A02F0200 call dword ptr [KeSetEvent] 00010767 loc_00010767: ; Xref 00010759 00010767 B8560000C0 mov eax,0C0000056h 0001076C EB02 jmp loc_00010770 0001076E loc_0001076E: ; Xref 00010750 0001076E 33C0 xor eax,eax 00010770 loc_00010770: ; Xref 0001076C 00010770 C20800 ret 8 00010773 CC int 3 00010774 fn_00010774: ; Xref 00010851 00014944 00014B76 00014BF5 00010774 ; 00014D26 00014E54 00015203 000152AC 00010774 ; 00015360 000211B1 000211BA 00021906 00010774 ; 00021921 00010774 8B442404 mov eax,[esp+4] 00010778 83C9FF or ecx,0FFFFFFFFh 0001077B F00FC108 lock xadd [eax],ecx 0001077F 750E jnz loc_0001078F 00010781 6A00 push 0 00010783 6A00 push 0 00010785 83C008 add eax,8 00010788 50 push eax 00010789 FF15A02F0200 call dword ptr [KeSetEvent] 0001078F loc_0001078F: ; Xref 0001077F 0001078F C20800 ret 8 00010792 off_00010792: ; Xref 000107E4 00010792 5449204D73670A00 db 'TI Msg',00Ah,000h 0001079A off_0001079A: ; Xref 000107EE 0001079A 5449204D73670A00 db 'TI Msg',00Ah,000h 000107A2 off_000107A2: ; Xref 000107FA 000107A2 5449204D73670A00 db 'TI Msg',00Ah,000h 000107AA off_000107AA: ; Xref 00010829 000107AA 5449204D73670A00 db 'TI Msg',00Ah,000h 000107B2 off_000107B2: ; Xref 00010858 000107B2 5449204D73670A00 db 'TI Msg',00Ah,000h 000107BA off_000107BA: ; Xref 0001088E 000107BA 5449204D73670A00 db 'TI Msg',00Ah,000h 000107C2 off_000107C2: ; Xref 000108AD 000107C2 5449204D73670A00 db 'TI Msg',00Ah,000h 000107CA off_000107CA: ; Xref 000108C2 000107CA 5449204D73670A00 db 'TI Msg',00Ah,000h 000107D2 off_000107D2: ; Xref 00022DA9 000107D2 55 push ebp 000107D3 8BEC mov ebp,esp 000107D5 8B4508 mov eax,[ebp+8] 000107D8 53 push ebx 000107D9 56 push esi 000107DA 8B750C mov esi,[ebp+0Ch] 000107DD 8B5E60 mov ebx,[esi+60h] 000107E0 57 push edi 000107E1 8B7828 mov edi,[eax+28h] 000107E4 6892070100 push offset off_00010792 000107E9 E822090100 call jmp_DbgPrint 000107EE C704249A070100 mov dword ptr [esp],offset off_0001079A 000107F5 E816090100 call jmp_DbgPrint 000107FA C70424A2070100 mov dword ptr [esp],offset off_000107A2 00010801 E80A090100 call jmp_DbgPrint 00010806 803B16 cmp byte ptr [ebx],16h 00010809 8B4618 mov eax,[esi+18h] 0001080C 59 pop ecx 0001080D 89450C mov [ebp+0Ch],eax 00010810 755A jnz loc_0001086C 00010812 807F0C00 cmp byte ptr [edi+0Ch],0 00010816 7440 jz loc_00010858 00010818 56 push esi 00010819 8D5F24 lea ebx,[edi+24h] 0001081C 53 push ebx 0001081D E81EFFFFFF call fn_00010740 00010822 85C0 test eax,eax 00010824 89450C mov [ebp+0Ch],eax 00010827 7C5A jl loc_00010883 00010829 68AA070100 push offset off_000107AA 0001082E E8DD080100 call jmp_DbgPrint 00010833 59 pop ecx 00010834 56 push esi 00010835 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 0001083B FE4623 inc byte ptr [esi+23h] 0001083E 83466024 add dword ptr [esi+60h],24h 00010842 56 push esi 00010843 FF7708 push dword ptr [edi+8] 00010846 FF15B42E0200 call dword ptr [PoCallDriver] 0001084C loc_0001084C: ; Xref 000108AB 0001084C 56 push esi 0001084D 53 push ebx 0001084E 89450C mov [ebp+0Ch],eax 00010851 E81EFFFFFF call fn_00010774 00010856 EB6A jmp loc_000108C2 00010858 loc_00010858: ; Xref 00010816 00010858 68B2070100 push offset off_000107B2 0001085D E8AE080100 call jmp_DbgPrint 00010862 59 pop ecx 00010863 56 push esi 00010864 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 0001086A EB4C jmp loc_000108B8 0001086C loc_0001086C: ; Xref 00010810 0001086C 807F0C00 cmp byte ptr [edi+0Ch],0 00010870 743B jz loc_000108AD 00010872 56 push esi 00010873 8D5F24 lea ebx,[edi+24h] 00010876 53 push ebx 00010877 E8C4FEFFFF call fn_00010740 0001087C 85C0 test eax,eax 0001087E 89450C mov [ebp+0Ch],eax 00010881 7D0B jge loc_0001088E 00010883 loc_00010883: ; Xref 00010827 00010883 6A00 push 0 00010885 50 push eax 00010886 56 push esi 00010887 E872690000 call fn_000171FE 0001088C EB3F jmp loc_000108CD 0001088E loc_0001088E: ; Xref 00010881 0001088E 68BA070100 push offset off_000107BA 00010893 E878080100 call jmp_DbgPrint 00010898 FE4623 inc byte ptr [esi+23h] 0001089B 83466024 add dword ptr [esi+60h],24h 0001089F 59 pop ecx 000108A0 8B4F08 mov ecx,[edi+8] 000108A3 8BD6 mov edx,esi 000108A5 FF15B02E0200 call dword ptr [IofCallDriver] 000108AB EB9F jmp loc_0001084C 000108AD loc_000108AD: ; Xref 00010870 000108AD 68C2070100 push offset off_000107C2 000108B2 E859080100 call jmp_DbgPrint 000108B7 59 pop ecx 000108B8 loc_000108B8: ; Xref 0001086A 000108B8 8BCE mov ecx,esi 000108BA 32D2 xor dl,dl 000108BC FF15BC2F0200 call dword ptr [IofCompleteRequest] 000108C2 loc_000108C2: ; Xref 00010856 000108C2 68CA070100 push offset off_000107CA 000108C7 E844080100 call jmp_DbgPrint 000108CC 59 pop ecx 000108CD loc_000108CD: ; Xref 0001088C 000108CD 8B450C mov eax,[ebp+0Ch] 000108D0 5F pop edi 000108D1 5E pop esi 000108D2 5B pop ebx 000108D3 5D pop ebp 000108D4 C20800 ret 8 000108D7 CC int 3 000108D8 off_000108D8: ; Xref 000108E8 000108D8 5449204D73670A00 db 'TI Msg',00Ah,000h 000108E0 fn_000108E0: ; Xref 000212DA 000212FC 000108E0 8B442404 mov eax,[esp+4] 000108E4 56 push esi 000108E5 8B7028 mov esi,[eax+28h] 000108E8 68D8080100 push offset off_000108D8 000108ED E81E080100 call jmp_DbgPrint 000108F2 8B542410 mov edx,[esp+10h] 000108F6 FE4223 inc byte ptr [edx+23h] 000108F9 83426024 add dword ptr [edx+60h],24h 000108FD 59 pop ecx 000108FE 8B4E08 mov ecx,[esi+8] 00010901 FF15B02E0200 call dword ptr [IofCallDriver] 00010907 5E pop esi 00010908 C20800 ret 8 0001090B CC int 3 0001090C off_0001090C: ; Xref 00021E96 0001090C 56 push esi 0001090D 8B74240C mov esi,[esp+0Ch] 00010911 8B8EB8010000 mov ecx,[esi+1B8h] 00010917 E8946A0000 call fn_000173B0 0001091C 84C0 test al,al 0001091E 7411 jz loc_00010931 00010920 8B06 mov eax,[esi] 00010922 56 push esi 00010923 6A00 push 0 00010925 83C074 add eax,74h 00010928 50 push eax 00010929 FF15C02E0200 call dword ptr [KeInsertQueueDpc] 0001092F B001 mov al,1 00010931 loc_00010931: ; Xref 0001091E 00010931 5E pop esi 00010932 C20800 ret 8 00010935 CC int 3 00010936 off_00010936: ; Xref 000109E4 00010936 5449204D73670A00 db 'TI Msg',00Ah,000h 0001093E off_0001093E: ; Xref 000109FE 0001093E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010946 off_00010946: ; Xref 00010A4A 00010946 5449204D73670A00 db 'TI Msg',00Ah,000h 0001094E off_0001094E: ; Xref 00010A64 0001094E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010956 off_00010956: ; Xref 00010A6F 00010956 5449204D73670A00 db 'TI Msg',00Ah,000h 0001095E off_0001095E: ; Xref 00010ABB 0001095E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010966 off_00010966: ; Xref 00010AD5 00010966 5449204D73670A00 db 'TI Msg',00Ah,000h 0001096E off_0001096E: ; Xref 00010B21 0001096E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010976 off_00010976: ; Xref 00010B3B 00010976 5449204D73670A00 db 'TI Msg',00Ah,000h 0001097E off_0001097E: ; Xref 00010B46 0001097E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010986 off_00010986: ; Xref 00022B30 00010986 51 push ecx 00010987 53 push ebx 00010988 55 push ebp 00010989 56 push esi 0001098A 8B742420 mov esi,[esp+20h] 0001098E 8D8E3C010000 lea ecx,[esi+13Ch] 00010994 57 push edi 00010995 894C2410 mov [esp+10h],ecx 00010999 FF15B42F0200 call dword ptr [KefAcquireSpinLockAtDpcLevel] 0001099F 8B8EB8010000 mov ecx,[esi+1B8h] 000109A5 E86E750000 call fn_00017F18 000109AA 8B2DC42E0200 mov ebp,[IoInvalidateDeviceRelations] 000109B0 33DB xor ebx,ebx 000109B2 A801 test al,1 000109B4 89442424 mov [esp+24h],eax 000109B8 745C jz loc_00010A16 000109BA 8B8EB8010000 mov ecx,[esi+1B8h] 000109C0 53 push ebx 000109C1 E88C6F0000 call fn_00017952 000109C6 3CA1 cmp al,0A1h 000109C8 7521 jnz loc_000109EB 000109CA 838E44010000FF or dword ptr [esi+144h],0FFFFFFFFh 000109D1 889E40010000 mov [esi+140h],bl 000109D7 889E41010000 mov [esi+141h],bl 000109DD C6864C01000007 mov byte ptr [esi+14Ch],7 000109E4 6836090100 push offset off_00010936 000109E9 EB18 jmp loc_00010A03 000109EB loc_000109EB: ; Xref 000109C8 000109EB 899E44010000 mov [esi+144h],ebx 000109F1 C6864001000001 mov byte ptr [esi+140h],1 000109F8 88864C010000 mov [esi+14Ch],al 000109FE 683E090100 push offset off_0001093E 00010A03 loc_00010A03: ; Xref 000109E9 00010A03 E808070100 call jmp_DbgPrint 00010A08 59 pop ecx 00010A09 53 push ebx 00010A0A FF763C push dword ptr [esi+3Ch] 00010A0D C686B001000001 mov byte ptr [esi+1B0h],1 00010A14 FFD5 call ebp 00010A16 loc_00010A16: ; Xref 000109B8 00010A16 F644242402 test byte ptr [esp+24h],2 00010A1B 746A jz loc_00010A87 00010A1D 8B8EB8010000 mov ecx,[esi+1B8h] 00010A23 33FF xor edi,edi 00010A25 47 inc edi 00010A26 57 push edi 00010A27 E8266F0000 call fn_00017952 00010A2C 3CA1 cmp al,0A1h 00010A2E 7521 jnz loc_00010A51 00010A30 838E58010000FF or dword ptr [esi+158h],0FFFFFFFFh 00010A37 889E54010000 mov [esi+154h],bl 00010A3D 889E55010000 mov [esi+155h],bl 00010A43 C6866001000007 mov byte ptr [esi+160h],7 00010A4A 6846090100 push offset off_00010946 00010A4F EB18 jmp loc_00010A69 00010A51 loc_00010A51: ; Xref 00010A2E 00010A51 89BE58010000 mov [esi+158h],edi 00010A57 C6865401000001 mov byte ptr [esi+154h],1 00010A5E 888660010000 mov [esi+160h],al 00010A64 684E090100 push offset off_0001094E 00010A69 loc_00010A69: ; Xref 00010A4F 00010A69 E8A2060100 call jmp_DbgPrint 00010A6E 59 pop ecx 00010A6F 6856090100 push offset off_00010956 00010A74 E897060100 call jmp_DbgPrint 00010A79 59 pop ecx 00010A7A 53 push ebx 00010A7B FF763C push dword ptr [esi+3Ch] 00010A7E C686B001000001 mov byte ptr [esi+1B0h],1 00010A85 FFD5 call ebp 00010A87 loc_00010A87: ; Xref 00010A1B 00010A87 F644242404 test byte ptr [esp+24h],4 00010A8C 745F jz loc_00010AED 00010A8E 8B8EB8010000 mov ecx,[esi+1B8h] 00010A94 6A02 push 2 00010A96 5F pop edi 00010A97 57 push edi 00010A98 E8B56E0000 call fn_00017952 00010A9D 3CA1 cmp al,0A1h 00010A9F 7521 jnz loc_00010AC2 00010AA1 838E6C010000FF or dword ptr [esi+16Ch],0FFFFFFFFh 00010AA8 889E68010000 mov [esi+168h],bl 00010AAE 889E69010000 mov [esi+169h],bl 00010AB4 C6867401000007 mov byte ptr [esi+174h],7 00010ABB 685E090100 push offset off_0001095E 00010AC0 EB18 jmp loc_00010ADA 00010AC2 loc_00010AC2: ; Xref 00010A9F 00010AC2 89BE6C010000 mov [esi+16Ch],edi 00010AC8 C6866801000001 mov byte ptr [esi+168h],1 00010ACF 888674010000 mov [esi+174h],al 00010AD5 6866090100 push offset off_00010966 00010ADA loc_00010ADA: ; Xref 00010AC0 00010ADA E831060100 call jmp_DbgPrint 00010ADF 59 pop ecx 00010AE0 53 push ebx 00010AE1 FF763C push dword ptr [esi+3Ch] 00010AE4 C686B001000001 mov byte ptr [esi+1B0h],1 00010AEB FFD5 call ebp 00010AED loc_00010AED: ; Xref 00010A8C 00010AED F644242408 test byte ptr [esp+24h],8 00010AF2 746A jz loc_00010B5E 00010AF4 8B8EB8010000 mov ecx,[esi+1B8h] 00010AFA 6A03 push 3 00010AFC 5F pop edi 00010AFD 57 push edi 00010AFE E84F6E0000 call fn_00017952 00010B03 3CA1 cmp al,0A1h 00010B05 7521 jnz loc_00010B28 00010B07 838E80010000FF or dword ptr [esi+180h],0FFFFFFFFh 00010B0E 889E7C010000 mov [esi+17Ch],bl 00010B14 889E7D010000 mov [esi+17Dh],bl 00010B1A C6868801000007 mov byte ptr [esi+188h],7 00010B21 686E090100 push offset off_0001096E 00010B26 EB18 jmp loc_00010B40 00010B28 loc_00010B28: ; Xref 00010B05 00010B28 89BE80010000 mov [esi+180h],edi 00010B2E C6867C01000001 mov byte ptr [esi+17Ch],1 00010B35 888688010000 mov [esi+188h],al 00010B3B 6876090100 push offset off_00010976 00010B40 loc_00010B40: ; Xref 00010B26 00010B40 E8CB050100 call jmp_DbgPrint 00010B45 59 pop ecx 00010B46 687E090100 push offset off_0001097E 00010B4B E8C0050100 call jmp_DbgPrint 00010B50 59 pop ecx 00010B51 53 push ebx 00010B52 FF763C push dword ptr [esi+3Ch] 00010B55 C686B001000001 mov byte ptr [esi+1B0h],1 00010B5C FFD5 call ebp 00010B5E loc_00010B5E: ; Xref 00010AF2 00010B5E 8B4C2410 mov ecx,[esp+10h] 00010B62 FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00010B68 5F pop edi 00010B69 5E pop esi 00010B6A 5D pop ebp 00010B6B 5B pop ebx 00010B6C 59 pop ecx 00010B6D C21000 ret 10h 00010B70 fn_00010B70: ; Xref 00021F66 00010B70 55 push ebp 00010B71 8BEC mov ebp,esp 00010B73 53 push ebx 00010B74 56 push esi 00010B75 6A4C push 4Ch 00010B77 E888370000 call fn_00014304 00010B7C 8B7508 mov esi,[ebp+8] 00010B7F 33DB xor ebx,ebx 00010B81 3BC3 cmp eax,ebx 00010B83 59 pop ecx 00010B84 740F jz loc_00010B95 00010B86 FFB69C000000 push dword ptr [esi+9Ch] 00010B8C 8BC8 mov ecx,eax 00010B8E E831670000 call fn_000172C4 00010B93 EB02 jmp loc_00010B97 00010B95 loc_00010B95: ; Xref 00010B84 00010B95 33C0 xor eax,eax 00010B97 loc_00010B97: ; Xref 00010B93 00010B97 3BC3 cmp eax,ebx 00010B99 8986B8010000 mov [esi+1B8h],eax 00010B9F 0F84C5000000 je loc_00010C6A 00010BA5 FF7658 push dword ptr [esi+58h] 00010BA8 8BC8 mov ecx,eax 00010BAA E813730000 call fn_00017EC2 00010BAF FFB6F4000000 push dword ptr [esi+0F4h] 00010BB5 8B8EB8010000 mov ecx,[esi+1B8h] 00010BBB E81E730000 call fn_00017EDE 00010BC0 FFB6F8000000 push dword ptr [esi+0F8h] 00010BC6 8B8EB8010000 mov ecx,[esi+1B8h] 00010BCC E819730000 call fn_00017EEA 00010BD1 FFB6B4010000 push dword ptr [esi+1B4h] 00010BD7 8B8EB8010000 mov ecx,[esi+1B8h] 00010BDD E87A670000 call fn_0001735C 00010BE2 FFB6FC000000 push dword ptr [esi+0FCh] 00010BE8 8B8EB8010000 mov ecx,[esi+1B8h] 00010BEE E803730000 call fn_00017EF6 00010BF3 8B8EB8010000 mov ecx,[esi+1B8h] 00010BF9 E884670000 call fn_00017382 00010BFE 8D86B1010000 lea eax,[esi+1B1h] 00010C04 3818 cmp [eax],bl 00010C06 7462 jz loc_00010C6A 00010C08 399EB4010000 cmp [esi+1B4h],ebx 00010C0E 8818 mov [eax],bl 00010C10 885D08 mov [ebp+8],bl 00010C13 7655 jbe loc_00010C6A 00010C15 33C0 xor eax,eax 00010C17 57 push edi 00010C18 loc_00010C18: ; Xref 00010C67 00010C18 8D0480 lea eax,[eax+eax*4] 00010C1B 8D3C86 lea edi,[esi+eax*4] 00010C1E 389F41010000 cmp [edi+141h],bl 00010C24 7434 jz loc_00010C5A 00010C26 FF7508 push dword ptr [ebp+8] 00010C29 8B8EB8010000 mov ecx,[esi+1B8h] 00010C2F E81C690000 call fn_00017550 00010C34 FF7508 push dword ptr [ebp+8] 00010C37 8B8EB8010000 mov ecx,[esi+1B8h] 00010C3D E8806B0000 call fn_000177C2 00010C42 84C0 test al,al 00010C44 7514 jnz loc_00010C5A 00010C46 FF7508 push dword ptr [ebp+8] 00010C49 8B8EB8010000 mov ecx,[esi+1B8h] 00010C4F E8FE6C0000 call fn_00017952 00010C54 88874C010000 mov [edi+14Ch],al 00010C5A loc_00010C5A: ; Xref 00010C24 00010C44 00010C5A FE4508 inc byte ptr [ebp+8] 00010C5D 0FB64508 movzx eax,byte ptr [ebp+8] 00010C61 3B86B4010000 cmp eax,[esi+1B4h] 00010C67 72AF jb loc_00010C18 00010C69 5F pop edi 00010C6A loc_00010C6A: ; Xref 00010B9F 00010C06 00010C13 00010C6A 5E pop esi 00010C6B 5B pop ebx 00010C6C 5D pop ebp 00010C6D C20400 ret 4 00010C70 fn_00010C70: ; Xref 00010E14 00010C70 53 push ebx 00010C71 56 push esi 00010C72 8B74240C mov esi,[esp+0Ch] 00010C76 33DB xor ebx,ebx 00010C78 807E4812 cmp byte ptr [esi+48h],12h 00010C7C 57 push edi 00010C7D 8B3D9C2F0200 mov edi,[KeWaitForSingleObject] 00010C83 750D jnz loc_00010C92 00010C85 53 push ebx 00010C86 53 push ebx 00010C87 53 push ebx 00010C88 53 push ebx 00010C89 8D8664010000 lea eax,[esi+164h] 00010C8F 50 push eax 00010C90 FFD7 call edi 00010C92 loc_00010C92: ; Xref 00010C83 00010C92 807E4822 cmp byte ptr [esi+48h],22h 00010C96 750D jnz loc_00010CA5 00010C98 53 push ebx 00010C99 53 push ebx 00010C9A 53 push ebx 00010C9B 53 push ebx 00010C9C 8D8684010000 lea eax,[esi+184h] 00010CA2 50 push eax 00010CA3 FFD7 call edi 00010CA5 loc_00010CA5: ; Xref 00010C96 00010CA5 807E4823 cmp byte ptr [esi+48h],23h 00010CA9 750D jnz loc_00010CB8 00010CAB 53 push ebx 00010CAC 53 push ebx 00010CAD 53 push ebx 00010CAE 53 push ebx 00010CAF 8D86A4010000 lea eax,[esi+1A4h] 00010CB5 50 push eax 00010CB6 FFD7 call edi 00010CB8 loc_00010CB8: ; Xref 00010CA9 00010CB8 807E4813 cmp byte ptr [esi+48h],13h 00010CBC 750D jnz loc_00010CCB 00010CBE 53 push ebx 00010CBF 53 push ebx 00010CC0 53 push ebx 00010CC1 53 push ebx 00010CC2 8D86C4010000 lea eax,[esi+1C4h] 00010CC8 50 push eax 00010CC9 FFD7 call edi 00010CCB loc_00010CCB: ; Xref 00010CBC 00010CCB 807E4801 cmp byte ptr [esi+48h],1 00010CCF 750D jnz loc_00010CDE 00010CD1 53 push ebx 00010CD2 53 push ebx 00010CD3 53 push ebx 00010CD4 53 push ebx 00010CD5 8D86E4010000 lea eax,[esi+1E4h] 00010CDB 50 push eax 00010CDC FFD7 call edi 00010CDE loc_00010CDE: ; Xref 00010CCF 00010CDE 807E4804 cmp byte ptr [esi+48h],4 00010CE2 750D jnz loc_00010CF1 00010CE4 53 push ebx 00010CE5 53 push ebx 00010CE6 53 push ebx 00010CE7 53 push ebx 00010CE8 81C604020000 add esi,204h 00010CEE 56 push esi 00010CEF FFD7 call edi 00010CF1 loc_00010CF1: ; Xref 00010CE2 00010CF1 5F pop edi 00010CF2 5E pop esi 00010CF3 5B pop ebx 00010CF4 C20400 ret 4 00010CF7 CC int 3 00010CF8 fn_00010CF8: ; Xref 0001103B 00011275 000112C5 00011376 00010CF8 ; 000114E4 00010CF8 53 push ebx 00010CF9 56 push esi 00010CFA 8B74240C mov esi,[esp+0Ch] 00010CFE 33DB xor ebx,ebx 00010D00 807E4812 cmp byte ptr [esi+48h],12h 00010D04 57 push edi 00010D05 8B3DFC2E0200 mov edi,[KeReleaseMutex] 00010D0B 750A jnz loc_00010D17 00010D0D 53 push ebx 00010D0E 8D8664010000 lea eax,[esi+164h] 00010D14 50 push eax 00010D15 FFD7 call edi 00010D17 loc_00010D17: ; Xref 00010D0B 00010D17 807E4822 cmp byte ptr [esi+48h],22h 00010D1B 750A jnz loc_00010D27 00010D1D 53 push ebx 00010D1E 8D8684010000 lea eax,[esi+184h] 00010D24 50 push eax 00010D25 FFD7 call edi 00010D27 loc_00010D27: ; Xref 00010D1B 00010D27 807E4823 cmp byte ptr [esi+48h],23h 00010D2B 750A jnz loc_00010D37 00010D2D 53 push ebx 00010D2E 8D86A4010000 lea eax,[esi+1A4h] 00010D34 50 push eax 00010D35 FFD7 call edi 00010D37 loc_00010D37: ; Xref 00010D2B 00010D37 807E4813 cmp byte ptr [esi+48h],13h 00010D3B 750A jnz loc_00010D47 00010D3D 53 push ebx 00010D3E 8D86C4010000 lea eax,[esi+1C4h] 00010D44 50 push eax 00010D45 FFD7 call edi 00010D47 loc_00010D47: ; Xref 00010D3B 00010D47 807E4801 cmp byte ptr [esi+48h],1 00010D4B 750A jnz loc_00010D57 00010D4D 53 push ebx 00010D4E 8D86E4010000 lea eax,[esi+1E4h] 00010D54 50 push eax 00010D55 FFD7 call edi 00010D57 loc_00010D57: ; Xref 00010D4B 00010D57 807E4804 cmp byte ptr [esi+48h],4 00010D5B 750A jnz loc_00010D67 00010D5D 53 push ebx 00010D5E 81C604020000 add esi,204h 00010D64 56 push esi 00010D65 FFD7 call edi 00010D67 loc_00010D67: ; Xref 00010D5B 00010D67 5F pop edi 00010D68 5E pop esi 00010D69 5B pop ebx 00010D6A C20400 ret 4 00010D6D CC int 3 00010D6E off_00010D6E: ; Xref 00010E54 00010D6E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010D76 off_00010D76: ; Xref 00010ED9 00010D76 5449204D73670A00 db 'TI Msg',00Ah,000h 00010D7E off_00010D7E: ; Xref 00010EE3 00010D7E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010D86 off_00010D86: ; Xref 00010F68 00010D86 5449204D73670A00 db 'TI Msg',00Ah,000h 00010D8E off_00010D8E: ; Xref 00010F7F 00010D8E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010D96 off_00010D96: ; Xref 00010F95 00010D96 5449204D73670A00 db 'TI Msg',00Ah,000h 00010D9E off_00010D9E: ; Xref 00010FD3 00010D9E 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DA6 off_00010DA6: ; Xref 00011043 00010DA6 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DAE off_00010DAE: ; Xref 000110D7 00010DAE 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DB6 off_00010DB6: ; Xref 00011100 00010DB6 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DBE off_00010DBE: ; Xref 00011161 00010DBE 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DC6 off_00010DC6: ; Xref 0001117D 00010DC6 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DCE off_00010DCE: ; Xref 000111C2 00010DCE 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DD6 off_00010DD6: ; Xref 000111CF 00010DD6 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DDE off_00010DDE: ; Xref 00011269 00010DDE 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DE6 off_00010DE6: ; Xref 00011326 00010DE6 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DEE off_00010DEE: ; Xref 000113CF 00010DEE 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DF6 off_00010DF6: ; Xref 000114C6 00010DF6 5449204D73670A00 db 'TI Msg',00Ah,000h 00010DFE off_00010DFE: ; Xref 00011242 000115D1 00010DFE 55 push ebp 00010DFF 8BEC mov ebp,esp 00010E01 83EC28 sub esp,28h 00010E04 53 push ebx 00010E05 56 push esi 00010E06 57 push edi 00010E07 8B7D0C mov edi,[ebp+0Ch] 00010E0A 8B7714 mov esi,[edi+14h] 00010E0D 8B4640 mov eax,[esi+40h] 00010E10 56 push esi 00010E11 8945F8 mov [ebp-8],eax 00010E14 E857FEFFFF call fn_00010C70 00010E19 8A4718 mov al,[edi+18h] 00010E1C 8B5F10 mov ebx,[edi+10h] 00010E1F 8845FE mov [ebp-2],al 00010E22 8B4708 mov eax,[edi+8] 00010E25 8945E0 mov [ebp-20h],eax 00010E28 8B470C mov eax,[edi+0Ch] 00010E2B 8945E4 mov [ebp-1Ch],eax 00010E2E 8B471C mov eax,[edi+1Ch] 00010E31 8945F0 mov [ebp-10h],eax 00010E34 8B86A0000000 mov eax,[esi+0A0h] 00010E3A C1E809 shr eax,9 00010E3D 8945EC mov [ebp-14h],eax 00010E40 8945DC mov [ebp-24h],eax 00010E43 C745E801000000 mov dword ptr [ebp-18h],1 00010E4A loc_00010E4A: ; Xref 00010F8A 00010FE2 00010E4A 807DFE00 cmp byte ptr [ebp-2],0 00010E4E 0F848F000000 je loc_00010EE3 00010E54 686E0D0100 push offset off_00010D6E 00010E59 E8B2020100 call jmp_DbgPrint 00010E5E 83BE4002000000 cmp dword ptr [esi+240h],0 00010E65 59 pop ecx 00010E66 7510 jnz loc_00010E78 00010E68 8B8BB8010000 mov ecx,[ebx+1B8h] 00010E6E 6A01 push 1 00010E70 FF75F8 push dword ptr [ebp-8] 00010E73 E8A66F0000 call fn_00017E1E 00010E78 loc_00010E78: ; Xref 00010E66 00010E78 80BEB800000000 cmp byte ptr [esi+0B8h],0 00010E7F 8B8BB8010000 mov ecx,[ebx+1B8h] 00010E85 8D45EC lea eax,[ebp-14h] 00010E88 50 push eax 00010E89 FF75E0 push dword ptr [ebp-20h] 00010E8C 751A jnz loc_00010EA8 00010E8E 33C0 xor eax,eax 00010E90 668B86C0000000 mov ax,[esi+0C0h] 00010E97 50 push eax 00010E98 FFB6BC000000 push dword ptr [esi+0BCh] 00010E9E FF75F8 push dword ptr [ebp-8] 00010EA1 E8546B0000 call fn_000179FA 00010EA6 EB08 jmp loc_00010EB0 00010EA8 loc_00010EA8: ; Xref 00010E8C 00010EA8 FF75F8 push dword ptr [ebp-8] 00010EAB E8D86B0000 call fn_00017A88 00010EB0 loc_00010EB0: ; Xref 00010EA6 00010EB0 8B8BB8010000 mov ecx,[ebx+1B8h] 00010EB6 6A00 push 0 00010EB8 FF75F8 push dword ptr [ebp-8] 00010EBB 8845FF mov [ebp-1],al 00010EBE E85B6F0000 call fn_00017E1E 00010EC3 FF8640020000 inc dword ptr [esi+240h] 00010EC9 83BE4002000010 cmp dword ptr [esi+240h],10h 00010ED0 7207 jb loc_00010ED9 00010ED2 83A64002000000 and dword ptr [esi+240h],0 00010ED9 loc_00010ED9: ; Xref 00010ED0 00010ED9 68760D0100 push offset off_00010D76 00010EDE E98A000000 jmp loc_00010F6D 00010EE3 loc_00010EE3: ; Xref 00010E4E 00010EE3 687E0D0100 push offset off_00010D7E 00010EE8 E823020100 call jmp_DbgPrint 00010EED 83BE4402000000 cmp dword ptr [esi+244h],0 00010EF4 59 pop ecx 00010EF5 7510 jnz loc_00010F07 00010EF7 8B8BB8010000 mov ecx,[ebx+1B8h] 00010EFD 6A01 push 1 00010EFF FF75F8 push dword ptr [ebp-8] 00010F02 E8176F0000 call fn_00017E1E 00010F07 loc_00010F07: ; Xref 00010EF5 00010F07 80BEB800000000 cmp byte ptr [esi+0B8h],0 00010F0E 8B8BB8010000 mov ecx,[ebx+1B8h] 00010F14 8D45EC lea eax,[ebp-14h] 00010F17 50 push eax 00010F18 FF75E0 push dword ptr [ebp-20h] 00010F1B 751A jnz loc_00010F37 00010F1D 33C0 xor eax,eax 00010F1F 668B86C0000000 mov ax,[esi+0C0h] 00010F26 50 push eax 00010F27 FFB6BC000000 push dword ptr [esi+0BCh] 00010F2D FF75F8 push dword ptr [ebp-8] 00010F30 E8DB6B0000 call fn_00017B10 00010F35 EB08 jmp loc_00010F3F 00010F37 loc_00010F37: ; Xref 00010F1B 00010F37 FF75F8 push dword ptr [ebp-8] 00010F3A E85F6C0000 call fn_00017B9E 00010F3F loc_00010F3F: ; Xref 00010F35 00010F3F 8B8BB8010000 mov ecx,[ebx+1B8h] 00010F45 6A00 push 0 00010F47 FF75F8 push dword ptr [ebp-8] 00010F4A 8845FF mov [ebp-1],al 00010F4D E8CC6E0000 call fn_00017E1E 00010F52 FF8644020000 inc dword ptr [esi+244h] 00010F58 83BE4402000010 cmp dword ptr [esi+244h],10h 00010F5F 7207 jb loc_00010F68 00010F61 83A64402000000 and dword ptr [esi+244h],0 00010F68 loc_00010F68: ; Xref 00010F5F 00010F68 68860D0100 push offset off_00010D86 00010F6D loc_00010F6D: ; Xref 00010EDE 00010F6D E89E010100 call jmp_DbgPrint 00010F72 807DFF00 cmp byte ptr [ebp-1],0 00010F76 59 pop ecx 00010F77 746F jz loc_00010FE8 00010F79 807DFFC3 cmp byte ptr [ebp-1],0C3h 00010F7D 7510 jnz loc_00010F8F 00010F7F 688E0D0100 push offset off_00010D8E 00010F84 E887010100 call jmp_DbgPrint 00010F89 59 pop ecx 00010F8A E9BBFEFFFF jmp loc_00010E4A 00010F8F loc_00010F8F: ; Xref 00010F7D 00010F8F 807DFF84 cmp byte ptr [ebp-1],84h 00010F93 750F jnz loc_00010FA4 00010F95 68960D0100 push offset off_00010D96 00010F9A E871010100 call jmp_DbgPrint 00010F9F 59 pop ecx 00010FA0 C645FFC1 mov byte ptr [ebp-1],0C1h 00010FA4 loc_00010FA4: ; Xref 00010F93 00010FA4 837DE800 cmp dword ptr [ebp-18h],0 00010FA8 7E3E jle loc_00010FE8 00010FAA 807DFF87 cmp byte ptr [ebp-1],87h 00010FAE 740C jz loc_00010FBC 00010FB0 807DFF68 cmp byte ptr [ebp-1],68h 00010FB4 7406 jz loc_00010FBC 00010FB6 807DFF6D cmp byte ptr [ebp-1],6Dh 00010FBA 752C jnz loc_00010FE8 00010FBC loc_00010FBC: ; Xref 00010FAE 00010FB4 00010FBC 8B45DC mov eax,[ebp-24h] 00010FBF FF75F8 push dword ptr [ebp-8] 00010FC2 FF4DE8 dec dword ptr [ebp-18h] 00010FC5 8945EC mov [ebp-14h],eax 00010FC8 8B8BB8010000 mov ecx,[ebx+1B8h] 00010FCE E8B36E0000 call fn_00017E86 00010FD3 689E0D0100 push offset off_00010D9E 00010FD8 E833010100 call jmp_DbgPrint 00010FDD 807DFF6D cmp byte ptr [ebp-1],6Dh 00010FE1 59 pop ecx 00010FE2 0F8562FEFFFF jne loc_00010E4A 00010FE8 loc_00010FE8: ; Xref 00010F77 00010FA8 00010FBA 00010FE8 807DFE00 cmp byte ptr [ebp-2],0 00010FEC 8B45F0 mov eax,[ebp-10h] 00010FEF 8B4804 mov ecx,[eax+4] 00010FF2 8B4060 mov eax,[eax+60h] 00010FF5 8B4004 mov eax,[eax+4] 00010FF8 0F9445E4 sete byte ptr [ebp-1Ch] 00010FFC FF75E4 push dword ptr [ebp-1Ch] 00010FFF 8945F4 mov [ebp-0Ch],eax 00011002 FFB6A0000000 push dword ptr [esi+0A0h] 00011008 8B45F8 mov eax,[ebp-8] 0001100B FFB6B0000000 push dword ptr [esi+0B0h] 00011011 8D848390010000 lea eax,[ebx+eax*4+190h] 00011018 FFB6B4000000 push dword ptr [esi+0B4h] 0001101E 894DDC mov [ebp-24h],ecx 00011021 FF75DC push dword ptr [ebp-24h] 00011024 8945E8 mov [ebp-18h],eax 00011027 8B00 mov eax,[eax] 00011029 8B4804 mov ecx,[eax+4] 0001102C 50 push eax 0001102D FF5114 call dword ptr [ecx+14h] 00011030 807DFF00 cmp byte ptr [ebp-1],0 00011034 0F8431010000 je loc_0001116B 0001103A 56 push esi 0001103B E8B8FCFFFF call fn_00010CF8 00011040 8B5DF4 mov ebx,[ebp-0Ch] 00011043 68A60D0100 push offset off_00010DA6 00011048 C6430380 mov byte ptr [ebx+3],80h 0001104C E8BF000100 call jmp_DbgPrint 00011051 8B5B1C mov ebx,[ebx+1Ch] 00011054 85DB test ebx,ebx 00011056 59 pop ecx 00011057 7470 jz loc_000110C9 00011059 8B45F4 mov eax,[ebp-0Ch] 0001105C 80780B00 cmp byte ptr [eax+0Bh],0 00011060 7467 jz loc_000110C9 00011062 33C9 xor ecx,ecx 00011064 394DF8 cmp [ebp-8],ecx 00011067 740C jz loc_00011075 00011069 837DF801 cmp dword ptr [ebp-8],1 0001106D 7406 jz loc_00011075 0001106F 837DF802 cmp dword ptr [ebp-8],2 00011073 7532 jnz loc_000110A7 00011075 loc_00011075: ; Xref 00011067 0001106D 00011075 807DFE00 cmp byte ptr [ebp-2],0 00011079 752C jnz loc_000110A7 0001107B 8A4648 mov al,[esi+48h] 0001107E 3C12 cmp al,12h 00011080 7414 jz loc_00011096 00011082 3C22 cmp al,22h 00011084 7410 jz loc_00011096 00011086 3C01 cmp al,1 00011088 7404 jz loc_0001108E 0001108A 3C04 cmp al,4 0001108C 7519 jnz loc_000110A7 0001108E loc_0001108E: ; Xref 00011088 0001108E 8D8614010000 lea eax,[esi+114h] 00011094 EB06 jmp loc_0001109C 00011096 loc_00011096: ; Xref 00011080 00011084 00011096 8D86C4000000 lea eax,[esi+0C4h] 0001109C loc_0001109C: ; Xref 00011094 0001109C 3908 cmp [eax],ecx 0001109E 7E07 jle loc_000110A7 000110A0 83C9FF or ecx,0FFFFFFFFh 000110A3 F00FC108 lock xadd [eax],ecx 000110A7 loc_000110A7: ; Xref 00011073 00011079 0001108C 0001109E 000110A7 807DFFC1 cmp byte ptr [ebp-1],0C1h 000110AB 8A4302 mov al,[ebx+2] 000110AE 7506 jnz loc_000110B6 000110B0 24F7 and al,0F7h 000110B2 0C07 or al,7 000110B4 EB10 jmp loc_000110C6 000110B6 loc_000110B6: ; Xref 000110AE 000110B6 807DFF82 cmp byte ptr [ebp-1],82h 000110BA 7506 jnz loc_000110C2 000110BC 24F5 and al,0F5h 000110BE 0C05 or al,5 000110C0 EB04 jmp loc_000110C6 000110C2 loc_000110C2: ; Xref 000110BA 000110C2 24F4 and al,0F4h 000110C4 0C04 or al,4 000110C6 loc_000110C6: ; Xref 000110B4 000110C0 000110C6 884302 mov [ebx+2],al 000110C9 loc_000110C9: ; Xref 00011057 00011060 000110C9 8B45F4 mov eax,[ebp-0Ch] 000110CC 83601000 and dword ptr [eax+10h],0 000110D0 80A6B800000000 and byte ptr [esi+0B8h],0 000110D7 68AE0D0100 push offset off_00010DAE 000110DC E82F000100 call jmp_DbgPrint 000110E1 59 pop ecx 000110E2 6A00 push 0 000110E4 68010000C0 push 0C0000001h 000110E9 FF75F0 push dword ptr [ebp-10h] 000110EC E80D610000 call fn_000171FE 000110F1 8A4302 mov al,[ebx+2] 000110F4 240F and al,0Fh 000110F6 3C07 cmp al,7 000110F8 7421 jz loc_0001111B 000110FA 807DFF82 cmp byte ptr [ebp-1],82h 000110FE 741B jz loc_0001111B 00011100 68B60D0100 push offset off_00010DB6 00011105 E806000100 call jmp_DbgPrint 0001110A 59 pop ecx 0001110B 68560000C0 push 0C0000056h 00011110 8D466C lea eax,[esi+6Ch] 00011113 50 push eax 00011114 E80FF6FFFF call fn_00010728 00011119 EB0C jmp loc_00011127 0001111B loc_0001111B: ; Xref 000110F8 000110FE 0001111B FF7604 push dword ptr [esi+4] 0001111E 8D466C lea eax,[esi+6Ch] 00011121 50 push eax 00011122 E895F4FFFF call fn_000105BC 00011127 loc_00011127: ; Xref 00011119 00011127 B102 mov cl,2 00011129 FF15842E0200 call dword ptr [KfRaiseIrql] 0001112F FFB6AC000000 push dword ptr [esi+0ACh] 00011135 8AD8 mov bl,al 00011137 8B45E8 mov eax,[ebp-18h] 0001113A 8B00 mov eax,[eax] 0001113C FFB6B4000000 push dword ptr [esi+0B4h] 00011142 8B4804 mov ecx,[eax+4] 00011145 50 push eax 00011146 FF511C call dword ptr [ecx+1Ch] 00011149 8ACB mov cl,bl 0001114B FF15902E0200 call dword ptr [KfLowerIrql] 00011151 FF37 push dword ptr [edi] 00011153 E8CAFF0000 call jmp_IoFreeWorkItem 00011158 6A00 push 0 0001115A 57 push edi 0001115B FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00011161 68BE0D0100 push offset off_00010DBE 00011166 E969020000 jmp loc_000113D4 0001116B loc_0001116B: ; Xref 00011034 0001116B 8B86A0000000 mov eax,[esi+0A0h] 00011171 2986A8000000 sub [esi+0A8h],eax 00011177 0186A4000000 add [esi+0A4h],eax 0001117D 68C60D0100 push offset off_00010DC6 00011182 E889FF0000 call jmp_DbgPrint 00011187 59 pop ecx 00011188 8D466C lea eax,[esi+6Ch] 0001118B 50 push eax 0001118C E8FBF1FFFF call fn_0001038C 00011191 8B8EA8000000 mov ecx,[esi+0A8h] 00011197 85C9 test ecx,ecx 00011199 0F8440020000 je loc_000113DF 0001119F 85C0 test eax,eax 000111A1 0F8C38020000 jl loc_000113DF 000111A7 8B86A0000000 mov eax,[esi+0A0h] 000111AD 0186B0000000 add [esi+0B0h],eax 000111B3 B800600000 mov eax,6000h 000111B8 3BC8 cmp ecx,eax 000111BA 760D jbe loc_000111C9 000111BC 8986A0000000 mov [esi+0A0h],eax 000111C2 68CE0D0100 push offset off_00010DCE 000111C7 EB0B jmp loc_000111D4 000111C9 loc_000111C9: ; Xref 000111BA 000111C9 898EA0000000 mov [esi+0A0h],ecx 000111CF 68D60D0100 push offset off_00010DD6 000111D4 loc_000111D4: ; Xref 000111C7 000111D4 E837FF0000 call jmp_DbgPrint 000111D9 8B45E8 mov eax,[ebp-18h] 000111DC 59 pop ecx 000111DD FF75E4 push dword ptr [ebp-1Ch] 000111E0 8D8EA0000000 lea ecx,[esi+0A0h] 000111E6 51 push ecx 000111E7 FFB6B0000000 push dword ptr [esi+0B0h] 000111ED C686B800000001 mov byte ptr [esi+0B8h],1 000111F4 FFB6B4000000 push dword ptr [esi+0B4h] 000111FA 8B00 mov eax,[eax] 000111FC FF75DC push dword ptr [ebp-24h] 000111FF 8B5004 mov edx,[eax+4] 00011202 50 push eax 00011203 FF5220 call dword ptr [edx+20h] 00011206 6A20 push 20h 00011208 8945D8 mov [ebp-28h],eax 0001120B 8955DC mov [ebp-24h],edx 0001120E E8BD300000 call fn_000142D0 00011213 8BF8 mov edi,eax 00011215 85FF test edi,edi 00011217 0F8413010000 je loc_00011330 0001121D FF33 push dword ptr [ebx] 0001121F E8F8FE0000 call jmp_IoAllocateWorkItem 00011224 85C0 test eax,eax 00011226 8907 mov [edi],eax 00011228 7455 jz loc_0001127F 0001122A 8B4DD8 mov ecx,[ebp-28h] 0001122D 894F08 mov [edi+8],ecx 00011230 8B4DDC mov ecx,[ebp-24h] 00011233 57 push edi 00011234 894F0C mov [edi+0Ch],ecx 00011237 8A4DFE mov cl,[ebp-2] 0001123A 6A00 push 0 0001123C 884F18 mov [edi+18h],cl 0001123F 8B4DF0 mov ecx,[ebp-10h] 00011242 68FE0D0100 push offset off_00010DFE 00011247 50 push eax 00011248 895F10 mov [edi+10h],ebx 0001124B 897714 mov [edi+14h],esi 0001124E 894F1C mov [edi+1Ch],ecx 00011251 E8C0FE0000 call jmp_IoQueueWorkItem 00011256 8B7D0C mov edi,[ebp+0Ch] 00011259 FF37 push dword ptr [edi] 0001125B E8C2FE0000 call jmp_IoFreeWorkItem 00011260 6A00 push 0 00011262 57 push edi 00011263 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00011269 68DE0D0100 push offset off_00010DDE 0001126E E89DFE0000 call jmp_DbgPrint 00011273 59 pop ecx 00011274 56 push esi 00011275 E87EFAFFFF call fn_00010CF8 0001127A E975020000 jmp loc_000114F4 0001127F loc_0001127F: ; Xref 00011228 0001127F 33DB xor ebx,ebx 00011281 395DF8 cmp [ebp-8],ebx 00011284 740C jz loc_00011292 00011286 837DF801 cmp dword ptr [ebp-8],1 0001128A 7406 jz loc_00011292 0001128C 837DF802 cmp dword ptr [ebp-8],2 00011290 7532 jnz loc_000112C4 00011292 loc_00011292: ; Xref 00011284 0001128A 00011292 807DFE00 cmp byte ptr [ebp-2],0 00011296 752C jnz loc_000112C4 00011298 8A4648 mov al,[esi+48h] 0001129B 3C12 cmp al,12h 0001129D 7414 jz loc_000112B3 0001129F 3C22 cmp al,22h 000112A1 7410 jz loc_000112B3 000112A3 3C01 cmp al,1 000112A5 7404 jz loc_000112AB 000112A7 3C04 cmp al,4 000112A9 7519 jnz loc_000112C4 000112AB loc_000112AB: ; Xref 000112A5 000112AB 8D8614010000 lea eax,[esi+114h] 000112B1 EB06 jmp loc_000112B9 000112B3 loc_000112B3: ; Xref 0001129D 000112A1 000112B3 8D86C4000000 lea eax,[esi+0C4h] 000112B9 loc_000112B9: ; Xref 000112B1 000112B9 3918 cmp [eax],ebx 000112BB 7E07 jle loc_000112C4 000112BD 83C9FF or ecx,0FFFFFFFFh 000112C0 F00FC108 lock xadd [eax],ecx 000112C4 loc_000112C4: ; Xref 00011290 00011296 000112A9 000112BB 000112C4 56 push esi 000112C5 E82EFAFFFF call fn_00010CF8 000112CA B102 mov cl,2 000112CC FF15842E0200 call dword ptr [KfRaiseIrql] 000112D2 FFB6AC000000 push dword ptr [esi+0ACh] 000112D8 8845FE mov [ebp-2],al 000112DB 8B45E8 mov eax,[ebp-18h] 000112DE 8B00 mov eax,[eax] 000112E0 FFB6B4000000 push dword ptr [esi+0B4h] 000112E6 8B4804 mov ecx,[eax+4] 000112E9 50 push eax 000112EA FF511C call dword ptr [ecx+1Ch] 000112ED 8A4DFE mov cl,[ebp-2] 000112F0 FF15902E0200 call dword ptr [KfLowerIrql] 000112F6 8B45F4 mov eax,[ebp-0Ch] 000112F9 8B35F02E0200 mov esi,[ExFreePoolWithTag] 000112FF 53 push ebx 00011300 57 push edi 00011301 C6400306 mov byte ptr [eax+3],6 00011305 895810 mov [eax+10h],ebx 00011308 FFD6 call esi 0001130A 53 push ebx 0001130B 68010000C0 push 0C0000001h 00011310 FF75F0 push dword ptr [ebp-10h] 00011313 E8E65E0000 call fn_000171FE 00011318 8B7D0C mov edi,[ebp+0Ch] 0001131B FF37 push dword ptr [edi] 0001131D E800FE0000 call jmp_IoFreeWorkItem 00011322 53 push ebx 00011323 57 push edi 00011324 FFD6 call esi 00011326 68E60D0100 push offset off_00010DE6 0001132B E9A4000000 jmp loc_000113D4 00011330 loc_00011330: ; Xref 00011217 00011330 33FF xor edi,edi 00011332 397DF8 cmp [ebp-8],edi 00011335 740C jz loc_00011343 00011337 837DF801 cmp dword ptr [ebp-8],1 0001133B 7406 jz loc_00011343 0001133D 837DF802 cmp dword ptr [ebp-8],2 00011341 7532 jnz loc_00011375 00011343 loc_00011343: ; Xref 00011335 0001133B 00011343 807DFE00 cmp byte ptr [ebp-2],0 00011347 752C jnz loc_00011375 00011349 8A4648 mov al,[esi+48h] 0001134C 3C12 cmp al,12h 0001134E 7414 jz loc_00011364 00011350 3C22 cmp al,22h 00011352 7410 jz loc_00011364 00011354 3C01 cmp al,1 00011356 7404 jz loc_0001135C 00011358 3C04 cmp al,4 0001135A 7519 jnz loc_00011375 0001135C loc_0001135C: ; Xref 00011356 0001135C 8D8614010000 lea eax,[esi+114h] 00011362 EB06 jmp loc_0001136A 00011364 loc_00011364: ; Xref 0001134E 00011352 00011364 8D86C4000000 lea eax,[esi+0C4h] 0001136A loc_0001136A: ; Xref 00011362 0001136A 3938 cmp [eax],edi 0001136C 7E07 jle loc_00011375 0001136E 83C9FF or ecx,0FFFFFFFFh 00011371 F00FC108 lock xadd [eax],ecx 00011375 loc_00011375: ; Xref 00011341 00011347 0001135A 0001136C 00011375 56 push esi 00011376 E87DF9FFFF call fn_00010CF8 0001137B 8B45F4 mov eax,[ebp-0Ch] 0001137E B102 mov cl,2 00011380 C6400306 mov byte ptr [eax+3],6 00011384 897810 mov [eax+10h],edi 00011387 FF15842E0200 call dword ptr [KfRaiseIrql] 0001138D FFB6AC000000 push dword ptr [esi+0ACh] 00011393 8AD8 mov bl,al 00011395 8B45E8 mov eax,[ebp-18h] 00011398 8B00 mov eax,[eax] 0001139A FFB6B4000000 push dword ptr [esi+0B4h] 000113A0 8B4804 mov ecx,[eax+4] 000113A3 50 push eax 000113A4 FF511C call dword ptr [ecx+1Ch] 000113A7 8ACB mov cl,bl 000113A9 FF15902E0200 call dword ptr [KfLowerIrql] 000113AF 57 push edi 000113B0 68010000C0 push 0C0000001h 000113B5 FF75F0 push dword ptr [ebp-10h] 000113B8 E8415E0000 call fn_000171FE 000113BD 8B750C mov esi,[ebp+0Ch] 000113C0 FF36 push dword ptr [esi] 000113C2 E85BFD0000 call jmp_IoFreeWorkItem 000113C7 57 push edi 000113C8 56 push esi 000113C9 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 000113CF 68EE0D0100 push offset off_00010DEE 000113D4 loc_000113D4: ; Xref 00011166 0001132B 000113D4 E837FD0000 call jmp_DbgPrint 000113D9 59 pop ecx 000113DA E915010000 jmp loc_000114F4 000113DF loc_000113DF: ; Xref 00011199 000111A1 000113DF 837DF800 cmp dword ptr [ebp-8],0 000113E3 8B86A4000000 mov eax,[esi+0A4h] 000113E9 89450C mov [ebp+0Ch],eax 000113EC 7410 jz loc_000113FE 000113EE 837DF801 cmp dword ptr [ebp-8],1 000113F2 740A jz loc_000113FE 000113F4 837DF802 cmp dword ptr [ebp-8],2 000113F8 0F8580000000 jne loc_0001147E 000113FE loc_000113FE: ; Xref 000113EC 000113F2 000113FE 807DFE00 cmp byte ptr [ebp-2],0 00011402 757A jnz loc_0001147E 00011404 8A4648 mov al,[esi+48h] 00011407 3C12 cmp al,12h 00011409 743D jz loc_00011448 0001140B 3C22 cmp al,22h 0001140D 7439 jz loc_00011448 0001140F 3C01 cmp al,1 00011411 7404 jz loc_00011417 00011413 3C04 cmp al,4 00011415 7567 jnz loc_0001147E 00011417 loc_00011417: ; Xref 00011411 00011417 8D8614010000 lea eax,[esi+114h] 0001141D 83C9FF or ecx,0FFFFFFFFh 00011420 833800 cmp dword ptr [eax],0 00011423 7E06 jle loc_0001142B 00011425 8BD1 mov edx,ecx 00011427 F00FC110 lock xadd [eax],edx 0001142B loc_0001142B: ; Xref 00011423 0001142B 80A64001000000 and byte ptr [esi+140h],0 00011432 8D9644010000 lea edx,[esi+144h] 00011438 52 push edx 00011439 B8806967FF mov eax,0FF676980h 0001143E 51 push ecx 0001143F 50 push eax 00011440 8D8618010000 lea eax,[esi+118h] 00011446 EB2F jmp loc_00011477 00011448 loc_00011448: ; Xref 00011409 0001140D 00011448 8D86C4000000 lea eax,[esi+0C4h] 0001144E 83C9FF or ecx,0FFFFFFFFh 00011451 833800 cmp dword ptr [eax],0 00011454 7E06 jle loc_0001145C 00011456 8BD1 mov edx,ecx 00011458 F00FC110 lock xadd [eax],edx 0001145C loc_0001145C: ; Xref 00011454 0001145C 80A6F000000000 and byte ptr [esi+0F0h],0 00011463 8D96F4000000 lea edx,[esi+0F4h] 00011469 52 push edx 0001146A B8806967FF mov eax,0FF676980h 0001146F 51 push ecx 00011470 50 push eax 00011471 8D86C8000000 lea eax,[esi+0C8h] 00011477 loc_00011477: ; Xref 00011446 00011477 50 push eax 00011478 FF15002F0200 call dword ptr [KeSetTimer] 0001147E loc_0001147E: ; Xref 000113F8 00011402 00011415 0001147E B102 mov cl,2 00011480 FF15842E0200 call dword ptr [KfRaiseIrql] 00011486 FFB6AC000000 push dword ptr [esi+0ACh] 0001148C 8AD8 mov bl,al 0001148E 8B45E8 mov eax,[ebp-18h] 00011491 8B00 mov eax,[eax] 00011493 FFB6B4000000 push dword ptr [esi+0B4h] 00011499 8B4804 mov ecx,[eax+4] 0001149C 50 push eax 0001149D FF511C call dword ptr [ecx+1Ch] 000114A0 8ACB mov cl,bl 000114A2 FF15902E0200 call dword ptr [KfLowerIrql] 000114A8 80A6B800000000 and byte ptr [esi+0B8h],0 000114AF 8B5DF4 mov ebx,[ebp-0Ch] 000114B2 C6430301 mov byte ptr [ebx+3],1 000114B6 FF37 push dword ptr [edi] 000114B8 E865FC0000 call jmp_IoFreeWorkItem 000114BD 6A00 push 0 000114BF 57 push edi 000114C0 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 000114C6 68F60D0100 push offset off_00010DF6 000114CB E840FC0000 call jmp_DbgPrint 000114D0 59 pop ecx 000114D1 FF7604 push dword ptr [esi+4] 000114D4 8D466C lea eax,[esi+6Ch] 000114D7 50 push eax 000114D8 E8DFF0FFFF call fn_000105BC 000114DD 8B7D0C mov edi,[ebp+0Ch] 000114E0 56 push esi 000114E1 897B10 mov [ebx+10h],edi 000114E4 E80FF8FFFF call fn_00010CF8 000114E9 57 push edi 000114EA 6A00 push 0 000114EC FF75F0 push dword ptr [ebp-10h] 000114EF E80A5D0000 call fn_000171FE 000114F4 loc_000114F4: ; Xref 0001127A 000113DA 000114F4 5F pop edi 000114F5 5E pop esi 000114F6 5B pop ebx 000114F7 C9 leave 000114F8 C20800 ret 8 000114FB CC int 3 000114FC off_000114FC: ; Xref 0001158D 000114FC 5449204D73670A00 db 'TI Msg',00Ah,000h 00011504 off_00011504: ; Xref 000115F0 00011504 5449204D73670A00 db 'TI Msg',00Ah,000h 0001150C off_0001150C: ; Xref 000115F7 0001150C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011514 off_00011514: ; Xref 00011602 00011514 5449204D73670A00 db 'TI Msg',00Ah,000h 0001151C off_0001151C: ; Xref 00012209 000123DC 0001151C 55 push ebp 0001151D 8BEC mov ebp,esp 0001151F 83EC10 sub esp,10h 00011522 8B4508 mov eax,[ebp+8] 00011525 53 push ebx 00011526 8B5828 mov ebx,[eax+28h] 00011529 56 push esi 0001152A 8D8B38010000 lea ecx,[ebx+138h] 00011530 57 push edi 00011531 894DF8 mov [ebp-8],ecx 00011534 FF15B42F0200 call dword ptr [KefAcquireSpinLockAtDpcLevel] 0001153A 8B7514 mov esi,[ebp+14h] 0001153D 8D466C lea eax,[esi+6Ch] 00011540 50 push eax 00011541 E880EFFFFF call fn_000104C6 00011546 8B7804 mov edi,[eax+4] 00011549 8945FC mov [ebp-4],eax 0001154C 8B4060 mov eax,[eax+60h] 0001154F 8B4004 mov eax,[eax+4] 00011552 80783028 cmp byte ptr [eax+30h],28h 00011556 8B4E40 mov ecx,[esi+40h] 00011559 8B4510 mov eax,[ebp+10h] 0001155C 0F944517 sete byte ptr [ebp+17h] 00011560 807D1700 cmp byte ptr [ebp+17h],0 00011564 8986B4000000 mov [esi+0B4h],eax 0001156A 8B848B90010000 mov eax,[ebx+ecx*4+190h] 00011571 8B4804 mov ecx,[eax+4] 00011574 0F94C2 sete dl 00011577 52 push edx 00011578 8D96A0000000 lea edx,[esi+0A0h] 0001157E 52 push edx 0001157F FFB6B0000000 push dword ptr [esi+0B0h] 00011585 FF7510 push dword ptr [ebp+10h] 00011588 57 push edi 00011589 50 push eax 0001158A FF5120 call dword ptr [ecx+20h] 0001158D 68FC140100 push offset off_000114FC 00011592 8945F0 mov [ebp-10h],eax 00011595 8955F4 mov [ebp-0Ch],edx 00011598 E873FB0000 call jmp_DbgPrint 0001159D 59 pop ecx 0001159E 6A20 push 20h 000115A0 E82B2D0000 call fn_000142D0 000115A5 8BF8 mov edi,eax 000115A7 85FF test edi,edi 000115A9 744C jz loc_000115F7 000115AB FF7508 push dword ptr [ebp+8] 000115AE E869FB0000 call jmp_IoAllocateWorkItem 000115B3 85C0 test eax,eax 000115B5 8907 mov [edi],eax 000115B7 742E jz loc_000115E7 000115B9 8B4DF0 mov ecx,[ebp-10h] 000115BC 894F08 mov [edi+8],ecx 000115BF 8B4DF4 mov ecx,[ebp-0Ch] 000115C2 57 push edi 000115C3 894F0C mov [edi+0Ch],ecx 000115C6 8A4D17 mov cl,[ebp+17h] 000115C9 6A00 push 0 000115CB 884F18 mov [edi+18h],cl 000115CE 8B4DFC mov ecx,[ebp-4] 000115D1 68FE0D0100 push offset off_00010DFE 000115D6 50 push eax 000115D7 895F10 mov [edi+10h],ebx 000115DA 897714 mov [edi+14h],esi 000115DD 894F1C mov [edi+1Ch],ecx 000115E0 E831FB0000 call jmp_IoQueueWorkItem 000115E5 EB1B jmp loc_00011602 000115E7 loc_000115E7: ; Xref 000115B7 000115E7 6A00 push 0 000115E9 57 push edi 000115EA FF15F02E0200 call dword ptr [ExFreePoolWithTag] 000115F0 6804150100 push offset off_00011504 000115F5 EB05 jmp loc_000115FC 000115F7 loc_000115F7: ; Xref 000115A9 000115F7 680C150100 push offset off_0001150C 000115FC loc_000115FC: ; Xref 000115F5 000115FC E80FFB0000 call jmp_DbgPrint 00011601 59 pop ecx 00011602 loc_00011602: ; Xref 000115E5 00011602 6814150100 push offset off_00011514 00011607 E804FB0000 call jmp_DbgPrint 0001160C 59 pop ecx 0001160D 8B4DF8 mov ecx,[ebp-8] 00011610 FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00011616 6A03 push 3 00011618 58 pop eax 00011619 5F pop edi 0001161A 5E pop esi 0001161B 5B pop ebx 0001161C C9 leave 0001161D C21000 ret 10h 00011620 off_00011620: ; Xref 00011667 00011620 5449204D73670A00 db 'TI Msg',00Ah,000h 00011628 off_00011628: ; Xref 00011671 00011628 5449204D73670A00 db 'TI Msg',00Ah,000h 00011630 off_00011630: ; Xref 0001168D 00011630 5449204D73670A00 db 'TI Msg',00Ah,000h 00011638 off_00011638: ; Xref 000116A6 00011638 5449204D73670A00 db 'TI Msg',00Ah,000h 00011640 off_00011640: ; Xref 000116C0 00011640 5449204D73670A00 db 'TI Msg',00Ah,000h 00011648 off_00011648: ; Xref 000116F2 00011648 5449204D73670A00 db 'TI Msg',00Ah,000h 00011650 fn_00011650: ; Xref 00011E18 00011650 55 push ebp 00011651 8BEC mov ebp,esp 00011653 8B4508 mov eax,[ebp+8] 00011656 8B4028 mov eax,[eax+28h] 00011659 894508 mov [ebp+8],eax 0001165C 8B450C mov eax,[ebp+0Ch] 0001165F 8B4060 mov eax,[eax+60h] 00011662 53 push ebx 00011663 57 push edi 00011664 8B7804 mov edi,[eax+4] 00011667 6820160100 push offset off_00011620 0001166C E89FFA0000 call jmp_DbgPrint 00011671 C7042428160100 mov dword ptr [esp],offset off_00011628 00011678 E893FA0000 call jmp_DbgPrint 0001167D 8A4732 mov al,[edi+32h] 00011680 243F and al,3Fh 00011682 59 pop ecx 00011683 746D jz loc_000116F2 00011685 3C08 cmp al,8 00011687 7416 jz loc_0001169F 00011689 3C3F cmp al,3Fh 0001168B 7412 jz loc_0001169F 0001168D 6830160100 push offset off_00011630 00011692 E879FA0000 call jmp_DbgPrint 00011697 59 pop ecx 00011698 B8010000C0 mov eax,0C0000001h 0001169D EB77 jmp loc_00011716 0001169F loc_0001169F: ; Xref 00011687 0001168B 0001169F 8A4710 mov al,[edi+10h] 000116A2 56 push esi 000116A3 8B7718 mov esi,[edi+18h] 000116A6 6838160100 push offset off_00011638 000116AB 8806 mov [esi],al 000116AD E85EFA0000 call jmp_DbgPrint 000116B2 8B4508 mov eax,[ebp+8] 000116B5 32DB xor bl,bl 000116B7 885E01 mov [esi+1],bl 000116BA 38586A cmp [eax+6Ah],bl 000116BD 59 pop ecx 000116BE 7411 jz loc_000116D1 000116C0 6840160100 push offset off_00011640 000116C5 E846FA0000 call jmp_DbgPrint 000116CA 59 pop ecx 000116CB C6460280 mov byte ptr [esi+2],80h 000116CF EB03 jmp loc_000116D4 000116D1 loc_000116D1: ; Xref 000116BE 000116D1 885E02 mov [esi+2],bl 000116D4 loc_000116D4: ; Xref 000116CF 000116D4 885E03 mov [esi+3],bl 000116D7 8A4604 mov al,[esi+4] 000116DA 2440 and al,40h 000116DC 0C08 or al,8 000116DE 884604 mov [esi+4],al 000116E1 8A4606 mov al,[esi+6] 000116E4 24FC and al,0FCh 000116E6 0C04 or al,4 000116E8 C646050A mov byte ptr [esi+5],0Ah 000116EC 884606 mov [esi+6],al 000116EF 5E pop esi 000116F0 EB22 jmp loc_00011714 000116F2 loc_000116F2: ; Xref 00011683 000116F2 6848160100 push offset off_00011648 000116F7 E814FA0000 call jmp_DbgPrint 000116FC 8B4718 mov eax,[edi+18h] 000116FF 32DB xor bl,bl 00011701 8818 mov [eax],bl 00011703 885801 mov [eax+1],bl 00011706 885802 mov [eax+2],bl 00011709 885803 mov [eax+3],bl 0001170C 59 pop ecx 0001170D C7471004000000 mov dword ptr [edi+10h],4 00011714 loc_00011714: ; Xref 000116F0 00011714 33C0 xor eax,eax 00011716 loc_00011716: ; Xref 0001169D 00011716 5F pop edi 00011717 5B pop ebx 00011718 5D pop ebp 00011719 C20800 ret 8 0001171C off_0001171C: ; Xref 00011866 0001171C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011724 off_00011724: ; Xref 000118E0 00011724 5449204D73670A00 db 'TI Msg',00Ah,000h 0001172C off_0001172C: ; Xref 000118EA 0001172C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011734 off_00011734: ; Xref 000118F6 00011734 5449204D73670A00 db 'TI Msg',00Ah,000h 0001173C off_0001173C: ; Xref 00011935 0001173C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011744 off_00011744: ; Xref 00011962 00011744 5449204D73670A00 db 'TI Msg',00Ah,000h 0001174C off_0001174C: ; Xref 000119A5 0001174C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011754 off_00011754: ; Xref 000119AF 00011754 5449204D73670A00 db 'TI Msg',00Ah,000h 0001175C off_0001175C: ; Xref 000119BB 0001175C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011764 off_00011764: ; Xref 000119F2 00011764 5449204D73670A00 db 'TI Msg',00Ah,000h 0001176C off_0001176C: ; Xref 00011A2B 0001176C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011774 off_00011774: ; Xref 00011A35 00011774 5449204D73670A00 db 'TI Msg',00Ah,000h 0001177C off_0001177C: ; Xref 00011A41 0001177C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011784 off_00011784: ; Xref 00011AB0 00011784 5449204D73670A00 db 'TI Msg',00Ah,000h 0001178C off_0001178C: ; Xref 00011ACB 0001178C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011794 off_00011794: ; Xref 00011AD5 00011794 5449204D73670A00 db 'TI Msg',00Ah,000h 0001179C off_0001179C: ; Xref 00011ADE 0001179C 5449204D73670A00 db 'TI Msg',00Ah,000h 000117A4 off_000117A4: ; Xref 00011AE8 000117A4 5449204D73670A00 db 'TI Msg',00Ah,000h 000117AC off_000117AC: ; Xref 00011AF1 000117AC 5449204D73670A00 db 'TI Msg',00Ah,000h 000117B4 off_000117B4: ; Xref 00011AFB 000117B4 5449204D73670A00 db 'TI Msg',00Ah,000h 000117BC off_000117BC: ; Xref 00011B04 000117BC 5449204D73670A00 db 'TI Msg',00Ah,000h 000117C4 off_000117C4: ; Xref 00011B0E 000117C4 5449204D73670A00 db 'TI Msg',00Ah,000h 000117CC off_000117CC: ; Xref 00011B17 000117CC 5449204D73670A00 db 'TI Msg',00Ah,000h 000117D4 off_000117D4: ; Xref 00011B21 000117D4 5449204D73670A00 db 'TI Msg',00Ah,000h 000117DC off_000117DC: ; Xref 00011B2A 000117DC 5449204D73670A00 db 'TI Msg',00Ah,000h 000117E4 off_000117E4: ; Xref 00011B4B 000117E4 5449204D73670A00 db 'TI Msg',00Ah,000h 000117EC off_000117EC: ; Xref 00011B52 000117EC 5449204D73670A00 db 'TI Msg',00Ah,000h 000117F4 off_000117F4: ; Xref 00011B6B 000117F4 5449204D73670A00 db 'TI Msg',00Ah,000h 000117FC off_000117FC: ; Xref 00011B7B 000117FC 5449204D73670A00 db 'TI Msg',00Ah,000h 00011804 off_00011804: ; Xref 00011BB7 00011804 5449204D73670A00 db 'TI Msg',00Ah,000h 0001180C off_0001180C: ; Xref 00011BC8 0001180C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011814 off_00011814: ; Xref 00011BDD 00011814 5449204D73670A00 db 'TI Msg',00Ah,000h 0001181C off_0001181C: ; Xref 00011BE4 0001181C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011824 off_00011824: ; Xref 00011BEE 00011824 5449204D73670A00 db 'TI Msg',00Ah,000h 0001182C off_0001182C: ; Xref 00011C2E 0001182C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011834 off_00011834: ; Xref 00011C59 00011834 5449204D73670A00 db 'TI Msg',00Ah,000h 0001183C off_0001183C: ; Xref 00011C63 0001183C 5449204D73670A00 db 'TI Msg',00Ah,000h 00011844 fn_00011844: ; Xref 000212E1 00011844 55 push ebp 00011845 8BEC mov ebp,esp 00011847 83EC48 sub esp,48h 0001184A 8B4508 mov eax,[ebp+8] 0001184D 8365FC00 and dword ptr [ebp-4],0 00011851 83650800 and dword ptr [ebp+8],0 00011855 53 push ebx 00011856 8B5D0C mov ebx,[ebp+0Ch] 00011859 56 push esi 0001185A 8B7360 mov esi,[ebx+60h] 0001185D 57 push edi 0001185E 8B7828 mov edi,[eax+28h] 00011861 8B07 mov eax,[edi] 00011863 8B4028 mov eax,[eax+28h] 00011866 681C170100 push offset off_0001171C 0001186B 8945F4 mov [ebp-0Ch],eax 0001186E E89DF80000 call jmp_DbgPrint 00011873 59 pop ecx 00011874 FF15802E0200 call dword ptr [KeGetCurrentIrql] 0001187A 8B4604 mov eax,[esi+4] 0001187D 8B760C mov esi,[esi+0Ch] 00011880 8B5B0C mov ebx,[ebx+0Ch] 00011883 8945F8 mov [ebp-8],eax 00011886 B8100C2D00 mov eax,2D0C10h 0001188B 3BF0 cmp esi,eax 0001188D 0F87EB010000 jnbe loc_00011A7E 00011893 0F8492010000 je loc_00011A2B 00011899 81EE0C100400 sub esi,4100Ch 0001189F 0F844D010000 je loc_000119F2 000118A5 83EE04 sub esi,4 000118A8 0F840D010000 je loc_000119BB 000118AE 83EE08 sub esi,8 000118B1 0F84EE000000 je loc_000119A5 000118B7 81EEECBF0000 sub esi,0BFECh 000118BD 0F84C7000000 je loc_0001198A 000118C3 83EE10 sub esi,10h 000118C6 0F84AC000000 je loc_00011978 000118CC 81EEEC2F0200 sub esi,22FECh 000118D2 7422 jz loc_000118F6 000118D4 81EE000C0000 sub esi,0C00h 000118DA 0F85D0010000 jne loc_00011AB0 000118E0 6824170100 push offset off_00011724 000118E5 E826F80000 call jmp_DbgPrint 000118EA C704242C170100 mov dword ptr [esp],offset off_0001172C 000118F1 E9BF010000 jmp loc_00011AB5 000118F6 loc_000118F6: ; Xref 000118D2 000118F6 6834170100 push offset off_00011734 000118FB E810F80000 call jmp_DbgPrint 00011900 33C0 xor eax,eax 00011902 8A4740 mov al,[edi+40h] 00011905 59 pop ecx 00011906 50 push eax 00011907 8D45B8 lea eax,[ebp-48h] 0001190A 50 push eax 0001190B 8B45F4 mov eax,[ebp-0Ch] 0001190E 8B88B8010000 mov ecx,[eax+1B8h] 00011914 E871600000 call fn_0001798A 00011919 8BF0 mov esi,eax 0001191B 8D7DE0 lea edi,[ebp-20h] 0001191E A5 movsd 0001191F A5 movsd 00011920 A5 movsd 00011921 A5 movsd 00011922 8B45E4 mov eax,[ebp-1Ch] 00011925 8B7DE0 mov edi,[ebp-20h] 00011928 8B75EC mov esi,[ebp-14h] 0001192B 83630400 and dword ptr [ebx+4],0 0001192F 89430C mov [ebx+0Ch],eax 00011932 8B45E8 mov eax,[ebp-18h] 00011935 683C170100 push offset off_0001173C 0001193A 893B mov [ebx],edi 0001193C C743080B000000 mov dword ptr [ebx+8],0Bh 00011943 894310 mov [ebx+10h],eax 00011946 897314 mov [ebx+14h],esi 00011949 E8C2F70000 call jmp_DbgPrint 0001194E 0FAF75E8 imul esi,[ebp-18h] 00011952 0FAF75E4 imul esi,[ebp-1Ch] 00011956 0FAFF7 imul esi,edi 00011959 85F6 test esi,esi 0001195B 59 pop ecx 0001195C 0F85ED020000 jne loc_00011C4F 00011962 6844170100 push offset off_00011744 00011967 E8A4F70000 call jmp_DbgPrint 0001196C 59 pop ecx 0001196D 56 push esi 0001196E 68130000C0 push 0C0000013h 00011973 E9FE020000 jmp loc_00011C76 00011978 loc_00011978: ; Xref 000118C6 00011978 8D45F0 lea eax,[ebp-10h] 0001197B 50 push eax 0001197C FF75F4 push dword ptr [ebp-0Ch] 0001197F 57 push edi 00011980 FF750C push dword ptr [ebp+0Ch] 00011983 E89E530000 call fn_00016D26 00011988 EB10 jmp loc_0001199A 0001198A loc_0001198A: ; Xref 000118BD 0001198A 8D45F0 lea eax,[ebp-10h] 0001198D 50 push eax 0001198E FF75F4 push dword ptr [ebp-0Ch] 00011991 57 push edi 00011992 FF750C push dword ptr [ebp+0Ch] 00011995 E8544B0000 call fn_000164EE 0001199A loc_0001199A: ; Xref 00011988 0001199A 8945FC mov [ebp-4],eax 0001199D 8B45F0 mov eax,[ebp-10h] 000119A0 E9B1020000 jmp loc_00011C56 000119A5 loc_000119A5: ; Xref 000118B1 000119A5 684C170100 push offset off_0001174C 000119AA E861F70000 call jmp_DbgPrint 000119AF C7042454170100 mov dword ptr [esp],offset off_00011754 000119B6 E9FA000000 jmp loc_00011AB5 000119BB loc_000119BB: ; Xref 000118A8 000119BB 685C170100 push offset off_0001175C 000119C0 E84BF70000 call jmp_DbgPrint 000119C5 83630C00 and dword ptr [ebx+0Ch],0 000119C9 80631400 and byte ptr [ebx+14h],0 000119CD 80631600 and byte ptr [ebx+16h],0 000119D1 59 pop ecx 000119D2 C70318000000 mov dword ptr [ebx],18h 000119D8 C7430400000200 mov dword ptr [ebx+4],20000h 000119DF C7430820000000 mov dword ptr [ebx+8],20h 000119E6 C7431003000000 mov dword ptr [ebx+10h],3 000119ED E95D020000 jmp loc_00011C4F 000119F2 loc_000119F2: ; Xref 0001189F 000119F2 6864170100 push offset off_00011764 000119F7 E814F70000 call jmp_DbgPrint 000119FC 80630500 and byte ptr [ebx+5],0 00011A00 C60301 mov byte ptr [ebx],1 00011A03 C6430401 mov byte ptr [ebx+4],1 00011A07 C743080C000000 mov dword ptr [ebx+8],0Ch 00011A0E 80630D00 and byte ptr [ebx+0Dh],0 00011A12 83631400 and dword ptr [ebx+14h],0 00011A16 59 pop ecx 00011A17 C6430E01 mov byte ptr [ebx+0Eh],1 00011A1B C6430F01 mov byte ptr [ebx+0Fh],1 00011A1F C7431008000000 mov dword ptr [ebx+10h],8 00011A26 E924020000 jmp loc_00011C4F 00011A2B loc_00011A2B: ; Xref 00011893 00011A2B 686C170100 push offset off_0001176C 00011A30 E8DBF60000 call jmp_DbgPrint 00011A35 C7042474170100 mov dword ptr [esp],offset off_00011774 00011A3C E8CFF60000 call jmp_DbgPrint 00011A41 C704247C170100 mov dword ptr [esp],offset off_0001177C 00011A48 E8C3F60000 call jmp_DbgPrint 00011A4D 8B55F8 mov edx,[ebp-8] 00011A50 83FA1F cmp edx,1Fh 00011A53 59 pop ecx 00011A54 730C jnb loc_00011A62 00011A56 6A00 push 0 00011A58 68020000C0 push 0C0000002h 00011A5D E914020000 jmp loc_00011C76 00011A62 loc_00011A62: ; Xref 00011A54 00011A62 6A20 push 20h 00011A64 33C9 xor ecx,ecx 00011A66 58 pop eax 00011A67 loc_00011A67: ; Xref 00011A6E 00011A67 884C0B10 mov [ebx+ecx+10h],cl 00011A6B 41 inc ecx 00011A6C 3BC8 cmp ecx,eax 00011A6E 72F7 jb loc_00011A67 00011A70 8365FC00 and dword ptr [ebp-4],0 00011A74 8903 mov [ebx],eax 00011A76 895508 mov [ebp+8],edx 00011A79 E9DB010000 jmp loc_00011C59 00011A7E loc_00011A7E: ; Xref 0001188D 00011A7E 81EE00142D00 sub esi,2D1400h 00011A84 0F84A0000000 je loc_00011B2A 00011A8A 81EE04EC1F00 sub esi,1FEC04h 00011A90 0F8481000000 je loc_00011B17 00011A96 83EE0C sub esi,0Ch 00011A99 7469 jz loc_00011B04 00011A9B 83EE08 sub esi,8 00011A9E 7451 jz loc_00011AF1 00011AA0 81EEF0BF0900 sub esi,9BFF0h 00011AA6 7436 jz loc_00011ADE 00011AA8 81EE13400F00 sub esi,0F4013h 00011AAE 741B jz loc_00011ACB 00011AB0 loc_00011AB0: ; Xref 000118DA 00011AB0 6884170100 push offset off_00011784 00011AB5 loc_00011AB5: ; Xref 000118F1 000119B6 00011ADC 00011AEF 00011AB5 ; 00011B02 00011B15 00011B28 00011AB5 E856F60000 call jmp_DbgPrint 00011ABA 83650800 and dword ptr [ebp+8],0 00011ABE 59 pop ecx 00011ABF C745FC020000C0 mov dword ptr [ebp-4],0C0000002h 00011AC6 E98E010000 jmp loc_00011C59 00011ACB loc_00011ACB: ; Xref 00011AAE 00011ACB 688C170100 push offset off_0001178C 00011AD0 E83BF60000 call jmp_DbgPrint 00011AD5 C7042494170100 mov dword ptr [esp],offset off_00011794 00011ADC EBD7 jmp loc_00011AB5 00011ADE loc_00011ADE: ; Xref 00011AA6 00011ADE 689C170100 push offset off_0001179C 00011AE3 E828F60000 call jmp_DbgPrint 00011AE8 C70424A4170100 mov dword ptr [esp],offset off_000117A4 00011AEF EBC4 jmp loc_00011AB5 00011AF1 loc_00011AF1: ; Xref 00011A9E 00011AF1 68AC170100 push offset off_000117AC 00011AF6 E815F60000 call jmp_DbgPrint 00011AFB C70424B4170100 mov dword ptr [esp],offset off_000117B4 00011B02 EBB1 jmp loc_00011AB5 00011B04 loc_00011B04: ; Xref 00011A99 00011B04 68BC170100 push offset off_000117BC 00011B09 E802F60000 call jmp_DbgPrint 00011B0E C70424C4170100 mov dword ptr [esp],offset off_000117C4 00011B15 EB9E jmp loc_00011AB5 00011B17 loc_00011B17: ; Xref 00011A90 00011B17 68CC170100 push offset off_000117CC 00011B1C E8EFF50000 call jmp_DbgPrint 00011B21 C70424D4170100 mov dword ptr [esp],offset off_000117D4 00011B28 EB8B jmp loc_00011AB5 00011B2A loc_00011B2A: ; Xref 00011A84 00011B2A 68DC170100 push offset off_000117DC 00011B2F E8DCF50000 call jmp_DbgPrint 00011B34 8B03 mov eax,[ebx] 00011B36 33F6 xor esi,esi 00011B38 2BC6 sub eax,esi 00011B3A 59 pop ecx 00011B3B 0F8487000000 je loc_00011BC8 00011B41 48 dec eax 00011B42 740E jz loc_00011B52 00011B44 48 dec eax 00011B45 0F850E010000 jne loc_00011C59 00011B4B 68E4170100 push offset off_000117E4 00011B50 EB1E jmp loc_00011B70 00011B52 loc_00011B52: ; Xref 00011B42 00011B52 68EC170100 push offset off_000117EC 00011B57 E8B4F50000 call jmp_DbgPrint 00011B5C 8B4304 mov eax,[ebx+4] 00011B5F 2BC6 sub eax,esi 00011B61 59 pop ecx 00011B62 7417 jz loc_00011B7B 00011B64 48 dec eax 00011B65 0F85EE000000 jne loc_00011C59 00011B6B 68F4170100 push offset off_000117F4 00011B70 loc_00011B70: ; Xref 00011B50 00011BE2 00011B70 E89BF50000 call jmp_DbgPrint 00011B75 59 pop ecx 00011B76 E9DE000000 jmp loc_00011C59 00011B7B loc_00011B7B: ; Xref 00011B62 00011B7B 68FC170100 push offset off_000117FC 00011B80 E88BF50000 call jmp_DbgPrint 00011B85 8065E400 and byte ptr [ebp-1Ch],0 00011B89 8065E500 and byte ptr [ebp-1Bh],0 00011B8D 8065E600 and byte ptr [ebp-1Ah],0 00011B91 8065E700 and byte ptr [ebp-19h],0 00011B95 6A20 push 20h 00011B97 58 pop eax 00011B98 8945D0 mov [ebp-30h],eax 00011B9B 8945D4 mov [ebp-2Ch],eax 00011B9E C745D800000200 mov dword ptr [ebp-28h],20000h 00011BA5 8945DC mov [ebp-24h],eax 00011BA8 C745E003000000 mov dword ptr [ebp-20h],3 00011BAF C645E805 mov byte ptr [ebp-18h],5 00011BB3 668975EA mov [ebp-16h],si 00011BB7 C7042404180100 mov dword ptr [esp],offset off_00011804 00011BBE E84DF50000 call jmp_DbgPrint 00011BC3 8D75D0 lea esi,[ebp-30h] 00011BC6 EB73 jmp loc_00011C3B 00011BC8 loc_00011BC8: ; Xref 00011B3B 00011BC8 680C180100 push offset off_0001180C 00011BCD E83EF50000 call jmp_DbgPrint 00011BD2 8B4304 mov eax,[ebx+4] 00011BD5 2BC6 sub eax,esi 00011BD7 59 pop ecx 00011BD8 740A jz loc_00011BE4 00011BDA 48 dec eax 00011BDB 757C jnz loc_00011C59 00011BDD 6814180100 push offset off_00011814 00011BE2 EB8C jmp loc_00011B70 00011BE4 loc_00011BE4: ; Xref 00011BD8 00011BE4 681C180100 push offset off_0001181C 00011BE9 E822F50000 call jmp_DbgPrint 00011BEE C7042424180100 mov dword ptr [esp],offset off_00011824 00011BF5 E816F50000 call jmp_DbgPrint 00011BFA 8065D000 and byte ptr [ebp-30h],0 00011BFE 8065D100 and byte ptr [ebp-2Fh],0 00011C02 8065D300 and byte ptr [ebp-2Dh],0 00011C06 59 pop ecx 00011C07 6A28 push 28h 00011C09 58 pop eax 00011C0A 3945F8 cmp [ebp-8],eax 00011C0D 8945C8 mov [ebp-38h],eax 00011C10 8945CC mov [ebp-34h],eax 00011C13 C645D201 mov byte ptr [ebp-2Eh],1 00011C17 8975D4 mov [ebp-2Ch],esi 00011C1A 8975D8 mov [ebp-28h],esi 00011C1D 8975DC mov [ebp-24h],esi 00011C20 8975E0 mov [ebp-20h],esi 00011C23 8975E4 mov [ebp-1Ch],esi 00011C26 8975E8 mov [ebp-18h],esi 00011C29 7603 jbe loc_00011C2E 00011C2B 8945F8 mov [ebp-8],eax 00011C2E loc_00011C2E: ; Xref 00011C29 00011C2E 682C180100 push offset off_0001182C 00011C33 E8D8F40000 call jmp_DbgPrint 00011C38 8D75C8 lea esi,[ebp-38h] 00011C3B loc_00011C3B: ; Xref 00011BC6 00011C3B 59 pop ecx 00011C3C 8B4DF8 mov ecx,[ebp-8] 00011C3F 8BC1 mov eax,ecx 00011C41 C1E902 shr ecx,2 00011C44 8BFB mov edi,ebx 00011C46 F3A5 rep movsd 00011C48 8BC8 mov ecx,eax 00011C4A 83E103 and ecx,3 00011C4D F3A4 rep movsb 00011C4F loc_00011C4F: ; Xref 0001195C 000119ED 00011A26 00011C4F 8B45F8 mov eax,[ebp-8] 00011C52 8365FC00 and dword ptr [ebp-4],0 00011C56 loc_00011C56: ; Xref 000119A0 00011C56 894508 mov [ebp+8],eax 00011C59 loc_00011C59: ; Xref 00011A79 00011AC6 00011B45 00011B65 00011C59 ; 00011B76 00011BDB 00011C59 6834180100 push offset off_00011834 00011C5E E8ADF40000 call jmp_DbgPrint 00011C63 C704243C180100 mov dword ptr [esp],offset off_0001183C 00011C6A E8A1F40000 call jmp_DbgPrint 00011C6F 59 pop ecx 00011C70 FF7508 push dword ptr [ebp+8] 00011C73 FF75FC push dword ptr [ebp-4] 00011C76 loc_00011C76: ; Xref 00011973 00011A5D 00011C76 FF750C push dword ptr [ebp+0Ch] 00011C79 E880550000 call fn_000171FE 00011C7E 5F pop edi 00011C7F 5E pop esi 00011C80 5B pop ebx 00011C81 C9 leave 00011C82 C20800 ret 8 00011C85 CC int 3 00011C86 off_00011C86: ; Xref 00011FA7 00011C86 8B442404 mov eax,[esp+4] 00011C8A 8B4028 mov eax,[eax+28h] 00011C8D FF742408 push dword ptr [esp+8] 00011C91 83C06C add eax,6Ch 00011C94 50 push eax 00011C95 E8FCE6FFFF call fn_00010396 00011C9A C20800 ret 8 00011C9D CC int 3 00011C9E off_00011C9E: ; Xref 00011D6F 00011C9E 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CA6 off_00011CA6: ; Xref 00011D79 00011CA6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CAE off_00011CAE: ; Xref 00011D85 00011CAE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CB6 off_00011CB6: ; Xref 00011D8F 00011CB6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CBE off_00011CBE: ; Xref 00011D99 00011CBE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CC6 off_00011CC6: ; Xref 00011DA3 00011CC6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CCE off_00011CCE: ; Xref 00011DAF 00011CCE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CD6 off_00011CD6: ; Xref 00011DF3 00011CD6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CDE off_00011CDE: ; Xref 00011DFD 00011CDE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CE6 off_00011CE6: ; Xref 00011E09 00011CE6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CEE off_00011CEE: ; Xref 00011E4F 00011CEE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CF6 off_00011CF6: ; Xref 00011EB2 00011CF6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011CFE off_00011CFE: ; Xref 00011EC6 00011CFE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D06 off_00011D06: ; Xref 00011F1B 00011D06 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D0E off_00011D0E: ; Xref 00011F25 00011D0E 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D16 off_00011D16: ; Xref 00011F2E 00011D16 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D1E off_00011D1E: ; Xref 00011F38 00011D1E 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D26 off_00011D26: ; Xref 00011F50 00011D26 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D2E off_00011D2E: ; Xref 00011F79 00011D2E 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D36 off_00011D36: ; Xref 00011F9C 00011D36 5449204D73670A00 db 'TI Msg',00Ah,000h 00011D3E fn_00011D3E: ; Xref 00021303 00011D3E 55 push ebp 00011D3F 8BEC mov ebp,esp 00011D41 53 push ebx 00011D42 56 push esi 00011D43 57 push edi 00011D44 8B7D08 mov edi,[ebp+8] 00011D47 8B5F28 mov ebx,[edi+28h] 00011D4A 8B03 mov eax,[ebx] 00011D4C 8B5028 mov edx,[eax+28h] 00011D4F 8B450C mov eax,[ebp+0Ch] 00011D52 8B4060 mov eax,[eax+60h] 00011D55 8B7004 mov esi,[eax+4] 00011D58 0FB64E02 movzx ecx,byte ptr [esi+2] 00011D5C 83E900 sub ecx,0 00011D5F 7464 jz loc_00011DC5 00011D61 49 dec ecx 00011D62 744B jz loc_00011DAF 00011D64 49 dec ecx 00011D65 7432 jz loc_00011D99 00011D67 83E905 sub ecx,5 00011D6A 7423 jz loc_00011D8F 00011D6C 49 dec ecx 00011D6D 7416 jz loc_00011D85 00011D6F 689E1C0100 push offset off_00011C9E 00011D74 E897F30000 call jmp_DbgPrint 00011D79 C70424A61C0100 mov dword ptr [esp],offset off_00011CA6 00011D80 E9BA010000 jmp loc_00011F3F 00011D85 loc_00011D85: ; Xref 00011D6D 00011D85 68AE1C0100 push offset off_00011CAE 00011D8A E9C6010000 jmp loc_00011F55 00011D8F loc_00011D8F: ; Xref 00011D6A 00011D8F 68B61C0100 push offset off_00011CB6 00011D94 E9BC010000 jmp loc_00011F55 00011D99 loc_00011D99: ; Xref 00011D65 00011D99 68BE1C0100 push offset off_00011CBE 00011D9E E86DF30000 call jmp_DbgPrint 00011DA3 C70424C61C0100 mov dword ptr [esp],offset off_00011CC6 00011DAA E990010000 jmp loc_00011F3F 00011DAF loc_00011DAF: ; Xref 00011D62 00011DAF 68CE1C0100 push offset off_00011CCE 00011DB4 E857F30000 call jmp_DbgPrint 00011DB9 C7461801000000 mov dword ptr [esi+18h],1 00011DC0 E995010000 jmp loc_00011F5A 00011DC5 loc_00011DC5: ; Xref 00011D5F 00011DC5 0FB64E30 movzx ecx,byte ptr [esi+30h] 00011DC9 83F925 cmp ecx,25h 00011DCC 0F8F36010000 jnle loc_00011F08 00011DD2 0F84DA000000 je loc_00011EB2 00011DD8 85C9 test ecx,ecx 00011DDA 0F8488000000 je loc_00011E68 00011DE0 83F915 cmp ecx,15h 00011DE3 746A jz loc_00011E4F 00011DE5 83F91A cmp ecx,1Ah 00011DE8 741F jz loc_00011E09 00011DEA 83F91E cmp ecx,1Eh 00011DED 0F8528010000 jne loc_00011F1B 00011DF3 68D61C0100 push offset off_00011CD6 00011DF8 E813F30000 call jmp_DbgPrint 00011DFD C70424DE1C0100 mov dword ptr [esp],offset off_00011CDE 00011E04 E936010000 jmp loc_00011F3F 00011E09 loc_00011E09: ; Xref 00011DE8 00011E09 68E61C0100 push offset off_00011CE6 00011E0E E8FDF20000 call jmp_DbgPrint 00011E13 59 pop ecx 00011E14 FF750C push dword ptr [ebp+0Ch] 00011E17 57 push edi 00011E18 E833F8FFFF call fn_00011650 00011E1D 85C0 test eax,eax 00011E1F 7C1B jl loc_00011E3C 00011E21 6A04 push 4 00011E23 C6460301 mov byte ptr [esi+3],1 00011E27 8B7610 mov esi,[esi+10h] 00011E2A 58 pop eax 00011E2B 33C9 xor ecx,ecx 00011E2D 3BF0 cmp esi,eax 00011E2F 0F842E010000 je loc_00011F63 00011E35 8BC6 mov eax,esi 00011E37 E927010000 jmp loc_00011F63 00011E3C loc_00011E3C: ; Xref 00011E1F 00011E3C 33C0 xor eax,eax 00011E3E C6460306 mov byte ptr [esi+3],6 00011E42 894610 mov [esi+10h],eax 00011E45 B9020000C0 mov ecx,0C0000002h 00011E4A E914010000 jmp loc_00011F63 00011E4F loc_00011E4F: ; Xref 00011DE3 00011E4F 68EE1C0100 push offset off_00011CEE 00011E54 E8B7F20000 call jmp_DbgPrint 00011E59 59 pop ecx 00011E5A C6460304 mov byte ptr [esi+3],4 00011E5E B9850100C0 mov ecx,0C0000185h 00011E63 E9F9000000 jmp loc_00011F61 00011E68 loc_00011E68: ; Xref 00011DDA 00011E68 8B8AB8010000 mov ecx,[edx+1B8h] 00011E6E 33C0 xor eax,eax 00011E70 8A4340 mov al,[ebx+40h] 00011E73 50 push eax 00011E74 E88D600000 call fn_00017F06 00011E79 84C0 test al,al 00011E7B 0F85DA000000 jne loc_00011F5B 00011E81 8B461C mov eax,[esi+1Ch] 00011E84 85C0 test eax,eax 00011E86 C6460380 mov byte ptr [esi+3],80h 00011E8A 741A jz loc_00011EA6 00011E8C 807E0B00 cmp byte ptr [esi+0Bh],0 00011E90 7414 jz loc_00011EA6 00011E92 8A4802 mov cl,[eax+2] 00011E95 80E1F2 and cl,0F2h 00011E98 80C902 or cl,2 00011E9B 804807FF or byte ptr [eax+7],0FFh 00011E9F 884802 mov [eax+2],cl 00011EA2 C6400C3A mov byte ptr [eax+0Ch],3Ah 00011EA6 loc_00011EA6: ; Xref 00011E8A 00011E90 00011EA6 6A00 push 0 00011EA8 68130000C0 push 0C0000013h 00011EAD E9B3000000 jmp loc_00011F65 00011EB2 loc_00011EB2: ; Xref 00011DD2 00011EB2 68F61C0100 push offset off_00011CF6 00011EB7 E854F20000 call jmp_DbgPrint 00011EBC 8B435C mov eax,[ebx+5Ch] 00011EBF 8B7E18 mov edi,[esi+18h] 00011EC2 48 dec eax 00011EC3 894508 mov [ebp+8],eax 00011EC6 C70424FE1C0100 mov dword ptr [esp],offset off_00011CFE 00011ECD E83EF20000 call jmp_DbgPrint 00011ED2 8B4508 mov eax,[ebp+8] 00011ED5 884703 mov [edi+3],al 00011ED8 886702 mov [edi+2],ah 00011EDB 668B450A mov ax,[ebp+0Ah] 00011EDF 884701 mov [edi+1],al 00011EE2 8827 mov [edi],ah 00011EE4 8A4354 mov al,[ebx+54h] 00011EE7 884707 mov [edi+7],al 00011EEA 8A4355 mov al,[ebx+55h] 00011EED 884706 mov [edi+6],al 00011EF0 8A4356 mov al,[ebx+56h] 00011EF3 59 pop ecx 00011EF4 884705 mov [edi+5],al 00011EF7 8A4357 mov al,[ebx+57h] 00011EFA 884704 mov [edi+4],al 00011EFD 6A08 push 8 00011EFF C6460301 mov byte ptr [esi+3],1 00011F03 33C9 xor ecx,ecx 00011F05 58 pop eax 00011F06 EB5B jmp loc_00011F63 00011F08 loc_00011F08: ; Xref 00011DCC 00011F08 83E928 sub ecx,28h 00011F0B 7462 jz loc_00011F6F 00011F0D 49 dec ecx 00011F0E 49 dec ecx 00011F0F 745E jz loc_00011F6F 00011F11 83E905 sub ecx,5 00011F14 743A jz loc_00011F50 00011F16 83E906 sub ecx,6 00011F19 7413 jz loc_00011F2E 00011F1B loc_00011F1B: ; Xref 00011DED 00011F1B 68061D0100 push offset off_00011D06 00011F20 E8EBF10000 call jmp_DbgPrint 00011F25 C704240E1D0100 mov dword ptr [esp],offset off_00011D0E 00011F2C EB11 jmp loc_00011F3F 00011F2E loc_00011F2E: ; Xref 00011F19 00011F2E 68161D0100 push offset off_00011D16 00011F33 E8D8F10000 call jmp_DbgPrint 00011F38 C704241E1D0100 mov dword ptr [esp],offset off_00011D1E 00011F3F loc_00011F3F: ; Xref 00011D80 00011DAA 00011E04 00011F2C 00011F3F E8CCF10000 call jmp_DbgPrint 00011F44 59 pop ecx 00011F45 C6460306 mov byte ptr [esi+3],6 00011F49 B9020000C0 mov ecx,0C0000002h 00011F4E EB11 jmp loc_00011F61 00011F50 loc_00011F50: ; Xref 00011F14 00011F50 68261D0100 push offset off_00011D26 00011F55 loc_00011F55: ; Xref 00011D8A 00011D94 00011F55 E8B6F10000 call jmp_DbgPrint 00011F5A loc_00011F5A: ; Xref 00011DC0 00011F5A 59 pop ecx 00011F5B loc_00011F5B: ; Xref 00011E7B 00011F5B C6460301 mov byte ptr [esi+3],1 00011F5F 33C9 xor ecx,ecx 00011F61 loc_00011F61: ; Xref 00011E63 00011F4E 00011F61 33C0 xor eax,eax 00011F63 loc_00011F63: ; Xref 00011E2F 00011E37 00011E4A 00011F06 00011F63 50 push eax 00011F64 51 push ecx 00011F65 loc_00011F65: ; Xref 00011EAD 00011F8F 00011F65 FF750C push dword ptr [ebp+0Ch] 00011F68 E891520000 call fn_000171FE 00011F6D EB4F jmp loc_00011FBE 00011F6F loc_00011F6F: ; Xref 00011F0B 00011F0F 00011F6F 8B4D0C mov ecx,[ebp+0Ch] 00011F72 8B4904 mov ecx,[ecx+4] 00011F75 85C9 test ecx,ecx 00011F77 7518 jnz loc_00011F91 00011F79 682E1D0100 push offset off_00011D2E 00011F7E loc_00011F7E: ; Xref 00011FA1 00011F7E E88DF10000 call jmp_DbgPrint 00011F83 59 pop ecx 00011F84 6A00 push 0 00011F86 C6460306 mov byte ptr [esi+3],6 00011F8A 680D0000C0 push 0C000000Dh 00011F8F EBD4 jmp loc_00011F65 00011F91 loc_00011F91: ; Xref 00011F77 00011F91 8B5118 mov edx,[ecx+18h] 00011F94 035110 add edx,[ecx+10h] 00011F97 85575C test [edi+5Ch],edx 00011F9A 7407 jz loc_00011FA3 00011F9C 68361D0100 push offset off_00011D36 00011FA1 EBDB jmp loc_00011F7E 00011FA3 loc_00011FA3: ; Xref 00011F9A 00011FA3 80480301 or byte ptr [eax+3],1 00011FA7 68861C0100 push offset off_00011C86 00011FAC FF750C push dword ptr [ebp+0Ch] 00011FAF 83C36C add ebx,6Ch 00011FB2 57 push edi 00011FB3 53 push ebx 00011FB4 E8BDE6FFFF call fn_00010676 00011FB9 B803010000 mov eax,103h 00011FBE loc_00011FBE: ; Xref 00011F6D 00011FBE 5F pop edi 00011FBF 5E pop esi 00011FC0 5B pop ebx 00011FC1 5D pop ebp 00011FC2 C20800 ret 8 00011FC5 CC int 3 00011FC6 off_00011FC6: ; Xref 000120A0 00011FC6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011FCE off_00011FCE: ; Xref 000120D5 00011FCE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011FD6 off_00011FD6: ; Xref 00012103 00011FD6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011FDE off_00011FDE: ; Xref 00012127 00011FDE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011FE6 off_00011FE6: ; Xref 0001213B 00011FE6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011FEE off_00011FEE: ; Xref 0001214B 00011FEE 5449204D73670A00 db 'TI Msg',00Ah,000h 00011FF6 off_00011FF6: ; Xref 00012185 00011FF6 5449204D73670A00 db 'TI Msg',00Ah,000h 00011FFE off_00011FFE: ; Xref 000121AE 00011FFE 5449204D73670A00 db 'TI Msg',00Ah,000h 00012006 off_00012006: ; Xref 0001221D 00012006 5449204D73670A00 db 'TI Msg',00Ah,000h 0001200E off_0001200E: ; Xref 00012255 0001200E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012016 off_00012016: ; Xref 0001229F 00012016 5449204D73670A00 db 'TI Msg',00Ah,000h 0001201E off_0001201E: ; Xref 000122DF 0001201E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012026 off_00012026: ; Xref 000122F4 00012026 5449204D73670A00 db 'TI Msg',00Ah,000h 0001202E off_0001202E: ; Xref 00012308 0001202E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012036 off_00012036: ; Xref 00012346 00012036 5449204D73670A00 db 'TI Msg',00Ah,000h 0001203E off_0001203E: ; Xref 00012350 0001203E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012046 off_00012046: ; Xref 00012364 00012046 5449204D73670A00 db 'TI Msg',00Ah,000h 0001204E off_0001204E: ; Xref 0001239E 0001204E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012056 off_00012056: ; Xref 000123C7 00012056 5449204D73670A00 db 'TI Msg',00Ah,000h 0001205E off_0001205E: ; Xref 000123FC 0001205E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012066 off_00012066: ; Xref 00012410 00012066 5449204D73670A00 db 'TI Msg',00Ah,000h 0001206E off_0001206E: ; Xref 000220EC 0001206E 55 push ebp 0001206F 8BEC mov ebp,esp 00012071 83EC14 sub esp,14h 00012074 8B4508 mov eax,[ebp+8] 00012077 53 push ebx 00012078 56 push esi 00012079 8B7028 mov esi,[eax+28h] 0001207C 8B06 mov eax,[esi] 0001207E 8B4028 mov eax,[eax+28h] 00012081 8945F0 mov [ebp-10h],eax 00012084 0534010000 add eax,134h 00012089 57 push edi 0001208A 8BC8 mov ecx,eax 0001208C 8945F4 mov [ebp-0Ch],eax 0001208F FF15B42F0200 call dword ptr [KefAcquireSpinLockAtDpcLevel] 00012095 8B450C mov eax,[ebp+0Ch] 00012098 8B4060 mov eax,[eax+60h] 0001209B 8B7804 mov edi,[eax+4] 0001209E 33DB xor ebx,ebx 000120A0 68C61F0100 push offset off_00011FC6 000120A5 895DFC mov [ebp-4],ebx 000120A8 895DF8 mov [ebp-8],ebx 000120AB E860F00000 call jmp_DbgPrint 000120B0 385F02 cmp [edi+2],bl 000120B3 8B4640 mov eax,[esi+40h] 000120B6 59 pop ecx 000120B7 8945EC mov [ebp-14h],eax 000120BA 0F858F030000 jne loc_0001244F 000120C0 0FB64730 movzx eax,byte ptr [edi+30h] 000120C4 83E828 sub eax,28h 000120C7 0F84D2010000 je loc_0001229F 000120CD 48 dec eax 000120CE 48 dec eax 000120CF 0F857A030000 jne loc_0001244F 000120D5 68CE1F0100 push offset off_00011FCE 000120DA E831F00000 call jmp_DbgPrint 000120DF 8A4732 mov al,[edi+32h] 000120E2 8845FF mov [ebp-1],al 000120E5 8A4733 mov al,[edi+33h] 000120E8 8845FE mov [ebp-2],al 000120EB 8A4734 mov al,[edi+34h] 000120EE 8845FD mov [ebp-3],al 000120F1 8A4735 mov al,[edi+35h] 000120F4 8845FC mov [ebp-4],al 000120F7 8A4737 mov al,[edi+37h] 000120FA 8845F9 mov [ebp-7],al 000120FD 8A4738 mov al,[edi+38h] 00012100 8845F8 mov [ebp-8],al 00012103 C70424D61F0100 mov dword ptr [esp],offset off_00011FD6 0001210A E801F00000 call jmp_DbgPrint 0001210F 8B45FC mov eax,[ebp-4] 00012112 3B465C cmp eax,[esi+5Ch] 00012115 59 pop ecx 00012116 8B4DF8 mov ecx,[ebp-8] 00012119 8986BC000000 mov [esi+0BCh],eax 0001211F 898EC0000000 mov [esi+0C0h],ecx 00012125 761E jbe loc_00012145 00012127 68DE1F0100 push offset off_00011FDE 0001212C E8DFEF0000 call jmp_DbgPrint 00012131 59 pop ecx 00012132 8B4DF4 mov ecx,[ebp-0Ch] 00012135 FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 0001213B 68E61F0100 push offset off_00011FE6 00012140 E9C8010000 jmp loc_0001230D 00012145 loc_00012145: ; Xref 00012125 00012145 8B4654 mov eax,[esi+54h] 00012148 0FAFC1 imul eax,ecx 0001214B 68EE1F0100 push offset off_00011FEE 00012150 899EA4000000 mov [esi+0A4h],ebx 00012156 8986A8000000 mov [esi+0A8h],eax 0001215C 8986A0000000 mov [esi+0A0h],eax 00012162 E8A9EF0000 call jmp_DbgPrint 00012167 8B4718 mov eax,[edi+18h] 0001216A 80A6B800000000 and byte ptr [esi+0B8h],0 00012171 8986B0000000 mov [esi+0B0h],eax 00012177 B800600000 mov eax,6000h 0001217C 3986A8000000 cmp [esi+0A8h],eax 00012182 59 pop ecx 00012183 7611 jbe loc_00012196 00012185 68F61F0100 push offset off_00011FF6 0001218A 8986A0000000 mov [esi+0A0h],eax 00012190 E87BEF0000 call jmp_DbgPrint 00012195 59 pop ecx 00012196 loc_00012196: ; Xref 00012183 00012196 8B86B0000000 mov eax,[esi+0B0h] 0001219C 8B8EA0000000 mov ecx,[esi+0A0h] 000121A2 25FF0F0000 and eax,0FFFh 000121A7 8D9C08FF0F0000 lea ebx,[eax+ecx+0FFFh] 000121AE 68FE1F0100 push offset off_00011FFE 000121B3 C1EB0C shr ebx,0Ch 000121B6 E855EF0000 call jmp_DbgPrint 000121BB 8B55EC mov edx,[ebp-14h] 000121BE 85D2 test edx,edx 000121C0 59 pop ecx 000121C1 899EAC000000 mov [esi+0ACh],ebx 000121C7 740A jz loc_000121D3 000121C9 83FA01 cmp edx,1 000121CC 7405 jz loc_000121D3 000121CE 83FA02 cmp edx,2 000121D1 7528 jnz loc_000121FB 000121D3 loc_000121D3: ; Xref 000121C7 000121CC 000121D3 8A4648 mov al,[esi+48h] 000121D6 3C12 cmp al,12h 000121D8 7414 jz loc_000121EE 000121DA 3C22 cmp al,22h 000121DC 7410 jz loc_000121EE 000121DE 3C01 cmp al,1 000121E0 7404 jz loc_000121E6 000121E2 3C04 cmp al,4 000121E4 7515 jnz loc_000121FB 000121E6 loc_000121E6: ; Xref 000121E0 000121E6 8D8614010000 lea eax,[esi+114h] 000121EC EB06 jmp loc_000121F4 000121EE loc_000121EE: ; Xref 000121D8 000121DC 000121EE 8D86C4000000 lea eax,[esi+0C4h] 000121F4 loc_000121F4: ; Xref 000121EC 000121F4 33C9 xor ecx,ecx 000121F6 41 inc ecx 000121F7 F00FC108 lock xadd [eax],ecx 000121FB loc_000121FB: ; Xref 000121D1 000121E4 000121FB 8B4DF0 mov ecx,[ebp-10h] 000121FE 8B849190010000 mov eax,[ecx+edx*4+190h] 00012205 8B5004 mov edx,[eax+4] 00012208 56 push esi 00012209 681C150100 push offset off_0001151C 0001220E 53 push ebx 0001220F FF31 push dword ptr [ecx] 00012211 50 push eax 00012212 FF5210 call dword ptr [edx+10h] 00012215 85C0 test eax,eax 00012217 0F8D32020000 jnl loc_0001244F 0001221D 6806200100 push offset off_00012006 00012222 E8E9EE0000 call jmp_DbgPrint 00012227 59 pop ecx 00012228 8B4DF4 mov ecx,[ebp-0Ch] 0001222B FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00012231 8D86C4000000 lea eax,[esi+0C4h] 00012237 33DB xor ebx,ebx 00012239 3918 cmp [eax],ebx 0001223B 7E07 jle loc_00012244 0001223D 83C9FF or ecx,0FFFFFFFFh 00012240 F00FC108 lock xadd [eax],ecx 00012244 loc_00012244: ; Xref 0001223B 00012244 8D8614010000 lea eax,[esi+114h] 0001224A 3918 cmp [eax],ebx 0001224C 7E07 jle loc_00012255 0001224E 83C9FF or ecx,0FFFFFFFFh 00012251 F00FC108 lock xadd [eax],ecx 00012255 loc_00012255: ; Xref 0001224C 00012255 680E200100 push offset off_0001200E 0001225A C6470380 mov byte ptr [edi+3],80h 0001225E E8ADEE0000 call jmp_DbgPrint 00012263 8B471C mov eax,[edi+1Ch] 00012266 3BC3 cmp eax,ebx 00012268 59 pop ecx 00012269 7412 jz loc_0001227D 0001226B 807F0B00 cmp byte ptr [edi+0Bh],0 0001226F 740C jz loc_0001227D 00012271 8A4802 mov cl,[eax+2] 00012274 80E1F4 and cl,0F4h 00012277 80C904 or cl,4 0001227A loc_0001227A: ; Xref 00012335 0001227A 884802 mov [eax+2],cl 0001227D loc_0001227D: ; Xref 00012269 0001226F 0001231C 00012326 0001227D FF7508 push dword ptr [ebp+8] 00012280 83C66C add esi,6Ch 00012283 56 push esi 00012284 895F10 mov [edi+10h],ebx 00012287 E830E3FFFF call fn_000105BC 0001228C 53 push ebx 0001228D loc_0001228D: ; Xref 0001244A 0001228D 68010000C0 push 0C0000001h 00012292 FF750C push dword ptr [ebp+0Ch] 00012295 E8644F0000 call fn_000171FE 0001229A E9B9010000 jmp loc_00012458 0001229F loc_0001229F: ; Xref 000120C7 0001229F 6816200100 push offset off_00012016 000122A4 E867EE0000 call jmp_DbgPrint 000122A9 8A4732 mov al,[edi+32h] 000122AC 8845FF mov [ebp-1],al 000122AF 8A4733 mov al,[edi+33h] 000122B2 8845FE mov [ebp-2],al 000122B5 8A4734 mov al,[edi+34h] 000122B8 8845FD mov [ebp-3],al 000122BB 8A4735 mov al,[edi+35h] 000122BE 8845FC mov [ebp-4],al 000122C1 8A4737 mov al,[edi+37h] 000122C4 8845F9 mov [ebp-7],al 000122C7 8A4738 mov al,[edi+38h] 000122CA 8845F8 mov [ebp-8],al 000122CD 8B45FC mov eax,[ebp-4] 000122D0 8986BC000000 mov [esi+0BCh],eax 000122D6 8B45F8 mov eax,[ebp-8] 000122D9 8986C0000000 mov [esi+0C0h],eax 000122DF C704241E200100 mov dword ptr [esp],offset off_0001201E 000122E6 E825EE0000 call jmp_DbgPrint 000122EB 8B45FC mov eax,[ebp-4] 000122EE 3B465C cmp eax,[esi+5Ch] 000122F1 59 pop ecx 000122F2 7646 jbe loc_0001233A 000122F4 6826200100 push offset off_00012026 000122F9 E812EE0000 call jmp_DbgPrint 000122FE 59 pop ecx 000122FF 8B4DF4 mov ecx,[ebp-0Ch] 00012302 FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00012308 682E200100 push offset off_0001202E 0001230D loc_0001230D: ; Xref 00012140 0001230D C6470380 mov byte ptr [edi+3],80h 00012311 E8FAED0000 call jmp_DbgPrint 00012316 8B471C mov eax,[edi+1Ch] 00012319 3BC3 cmp eax,ebx 0001231B 59 pop ecx 0001231C 0F845BFFFFFF je loc_0001227D 00012322 807F0B00 cmp byte ptr [edi+0Bh],0 00012326 0F8451FFFFFF je loc_0001227D 0001232C 8A4802 mov cl,[eax+2] 0001232F 80E1F5 and cl,0F5h 00012332 80C905 or cl,5 00012335 E940FFFFFF jmp loc_0001227A 0001233A loc_0001233A: ; Xref 000122F2 0001233A 8B4654 mov eax,[esi+54h] 0001233D 0FAF45F8 imul eax,[ebp-8] 00012341 3B4710 cmp eax,[edi+10h] 00012344 7617 jbe loc_0001235D 00012346 6836200100 push offset off_00012036 0001234B E8C0ED0000 call jmp_DbgPrint 00012350 C704243E200100 mov dword ptr [esp],offset off_0001203E 00012357 E8B4ED0000 call jmp_DbgPrint 0001235C 59 pop ecx 0001235D loc_0001235D: ; Xref 00012344 0001235D 8B4654 mov eax,[esi+54h] 00012360 0FAF45F8 imul eax,[ebp-8] 00012364 6846200100 push offset off_00012046 00012369 899EA4000000 mov [esi+0A4h],ebx 0001236F 8986A8000000 mov [esi+0A8h],eax 00012375 8986A0000000 mov [esi+0A0h],eax 0001237B E890ED0000 call jmp_DbgPrint 00012380 8B4718 mov eax,[edi+18h] 00012383 80A6B800000000 and byte ptr [esi+0B8h],0 0001238A 8986B0000000 mov [esi+0B0h],eax 00012390 B800600000 mov eax,6000h 00012395 3986A8000000 cmp [esi+0A8h],eax 0001239B 59 pop ecx 0001239C 7611 jbe loc_000123AF 0001239E 684E200100 push offset off_0001204E 000123A3 8986A0000000 mov [esi+0A0h],eax 000123A9 E862ED0000 call jmp_DbgPrint 000123AE 59 pop ecx 000123AF loc_000123AF: ; Xref 0001239C 000123AF 8B86B0000000 mov eax,[esi+0B0h] 000123B5 8B8EA0000000 mov ecx,[esi+0A0h] 000123BB 25FF0F0000 and eax,0FFFh 000123C0 8D9C08FF0F0000 lea ebx,[eax+ecx+0FFFh] 000123C7 6856200100 push offset off_00012056 000123CC C1EB0C shr ebx,0Ch 000123CF E83CED0000 call jmp_DbgPrint 000123D4 8B45EC mov eax,[ebp-14h] 000123D7 59 pop ecx 000123D8 8B4DF0 mov ecx,[ebp-10h] 000123DB 56 push esi 000123DC 681C150100 push offset off_0001151C 000123E1 899EAC000000 mov [esi+0ACh],ebx 000123E7 8B848190010000 mov eax,[ecx+eax*4+190h] 000123EE 8B5004 mov edx,[eax+4] 000123F1 53 push ebx 000123F2 FF31 push dword ptr [ecx] 000123F4 50 push eax 000123F5 FF5210 call dword ptr [edx+10h] 000123F8 85C0 test eax,eax 000123FA 7D53 jge loc_0001244F 000123FC 685E200100 push offset off_0001205E 00012401 E80AED0000 call jmp_DbgPrint 00012406 59 pop ecx 00012407 8B4DF4 mov ecx,[ebp-0Ch] 0001240A FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00012410 6866200100 push offset off_00012066 00012415 C6470380 mov byte ptr [edi+3],80h 00012419 E8F2EC0000 call jmp_DbgPrint 0001241E 8B471C mov eax,[edi+1Ch] 00012421 85C0 test eax,eax 00012423 59 pop ecx 00012424 7412 jz loc_00012438 00012426 807F0B00 cmp byte ptr [edi+0Bh],0 0001242A 740C jz loc_00012438 0001242C 8A4802 mov cl,[eax+2] 0001242F 80E1F4 and cl,0F4h 00012432 80C904 or cl,4 00012435 884802 mov [eax+2],cl 00012438 loc_00012438: ; Xref 00012424 0001242A 00012438 FF7508 push dword ptr [ebp+8] 0001243B 83671000 and dword ptr [edi+10h],0 0001243F 83C66C add esi,6Ch 00012442 56 push esi 00012443 E874E1FFFF call fn_000105BC 00012448 6A00 push 0 0001244A E93EFEFFFF jmp loc_0001228D 0001244F loc_0001244F: ; Xref 000120BA 000120CF 00012217 000123FA 0001244F 8B4DF4 mov ecx,[ebp-0Ch] 00012452 FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00012458 loc_00012458: ; Xref 0001229A 00012458 5F pop edi 00012459 5E pop esi 0001245A 5B pop ebx 0001245B C9 leave 0001245C C20800 ret 8 0001245F CC int 3 00012460 off_00012460: ; Xref 00012471 00012460 5449204D73670A00 db 'TI Msg',00Ah,000h 00012468 off_00012468: ; Xref 000124A6 00012468 5449204D73670A00 db 'TI Msg',00Ah,000h 00012470 off_00012470: ; Xref 00012525 000125C9 00012470 56 push esi 00012471 6860240100 push offset off_00012460 00012476 E895EC0000 call jmp_DbgPrint 0001247B 8B742410 mov esi,[esp+10h] 0001247F 8B4608 mov eax,[esi+8] 00012482 0FB64040 movzx eax,byte ptr [eax+40h] 00012486 59 pop ecx 00012487 50 push eax 00012488 8B4604 mov eax,[esi+4] 0001248B 8B88B8010000 mov ecx,[eax+1B8h] 00012491 E84E590000 call fn_00017DE4 00012496 FF36 push dword ptr [esi] 00012498 E885EC0000 call jmp_IoFreeWorkItem 0001249D 6A00 push 0 0001249F 56 push esi 000124A0 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 000124A6 6868240100 push offset off_00012468 000124AB E860EC0000 call jmp_DbgPrint 000124B0 59 pop ecx 000124B1 5E pop esi 000124B2 C20800 ret 8 000124B5 CC int 3 000124B6 off_000124B6: ; Xref 000124E1 000124B6 5449204D73670A00 db 'TI Msg',00Ah,000h 000124BE off_000124BE: ; Xref 000124FD 000124BE 5449204D73670A00 db 'TI Msg',00Ah,000h 000124C6 off_000124C6: ; Xref 00012541 000124C6 5449204D73670A00 db 'TI Msg',00Ah,000h 000124CE off_000124CE: ; Xref 00012548 000124CE 5449204D73670A00 db 'TI Msg',00Ah,000h 000124D6 off_000124D6: ; Xref 000222FB 000124D6 53 push ebx 000124D7 57 push edi 000124D8 8B7C2410 mov edi,[esp+10h] 000124DC 8B07 mov eax,[edi] 000124DE 8B5828 mov ebx,[eax+28h] 000124E1 68B6240100 push offset off_000124B6 000124E6 E825EC0000 call jmp_DbgPrint 000124EB 83BFC400000000 cmp dword ptr [edi+0C4h],0 000124F2 59 pop ecx 000124F3 C687F000000001 mov byte ptr [edi+0F0h],1 000124FA 7558 jnz loc_00012554 000124FC 56 push esi 000124FD 68BE240100 push offset off_000124BE 00012502 E809EC0000 call jmp_DbgPrint 00012507 59 pop ecx 00012508 6A0C push 0Ch 0001250A E8C11D0000 call fn_000142D0 0001250F 8BF0 mov esi,eax 00012511 85F6 test esi,esi 00012513 7433 jz loc_00012548 00012515 FF33 push dword ptr [ebx] 00012517 E800EC0000 call jmp_IoAllocateWorkItem 0001251C 85C0 test eax,eax 0001251E 8906 mov [esi],eax 00012520 7416 jz loc_00012538 00012522 56 push esi 00012523 6A00 push 0 00012525 6870240100 push offset off_00012470 0001252A 50 push eax 0001252B 895E04 mov [esi+4],ebx 0001252E 897E08 mov [esi+8],edi 00012531 E8E0EB0000 call jmp_IoQueueWorkItem 00012536 EB1B jmp loc_00012553 00012538 loc_00012538: ; Xref 00012520 00012538 6A00 push 0 0001253A 56 push esi 0001253B FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00012541 68C6240100 push offset off_000124C6 00012546 EB05 jmp loc_0001254D 00012548 loc_00012548: ; Xref 00012513 00012548 68CE240100 push offset off_000124CE 0001254D loc_0001254D: ; Xref 00012546 0001254D E8BEEB0000 call jmp_DbgPrint 00012552 59 pop ecx 00012553 loc_00012553: ; Xref 00012536 00012553 5E pop esi 00012554 loc_00012554: ; Xref 000124FA 00012554 5F pop edi 00012555 5B pop ebx 00012556 C21000 ret 10h 00012559 CC int 3 0001255A off_0001255A: ; Xref 00012585 0001255A 5449204D73670A00 db 'TI Msg',00Ah,000h 00012562 off_00012562: ; Xref 000125A1 00012562 5449204D73670A00 db 'TI Msg',00Ah,000h 0001256A off_0001256A: ; Xref 000125E5 0001256A 5449204D73670A00 db 'TI Msg',00Ah,000h 00012572 off_00012572: ; Xref 000125EC 00012572 5449204D73670A00 db 'TI Msg',00Ah,000h 0001257A off_0001257A: ; Xref 00022189 0001257A 53 push ebx 0001257B 57 push edi 0001257C 8B7C2410 mov edi,[esp+10h] 00012580 8B07 mov eax,[edi] 00012582 8B5828 mov ebx,[eax+28h] 00012585 685A250100 push offset off_0001255A 0001258A E881EB0000 call jmp_DbgPrint 0001258F 83BF1401000000 cmp dword ptr [edi+114h],0 00012596 59 pop ecx 00012597 C6874001000001 mov byte ptr [edi+140h],1 0001259E 7558 jnz loc_000125F8 000125A0 56 push esi 000125A1 6862250100 push offset off_00012562 000125A6 E865EB0000 call jmp_DbgPrint 000125AB 59 pop ecx 000125AC 6A0C push 0Ch 000125AE E81D1D0000 call fn_000142D0 000125B3 8BF0 mov esi,eax 000125B5 85F6 test esi,esi 000125B7 7433 jz loc_000125EC 000125B9 FF33 push dword ptr [ebx] 000125BB E85CEB0000 call jmp_IoAllocateWorkItem 000125C0 85C0 test eax,eax 000125C2 8906 mov [esi],eax 000125C4 7416 jz loc_000125DC 000125C6 56 push esi 000125C7 6A00 push 0 000125C9 6870240100 push offset off_00012470 000125CE 50 push eax 000125CF 895E04 mov [esi+4],ebx 000125D2 897E08 mov [esi+8],edi 000125D5 E83CEB0000 call jmp_IoQueueWorkItem 000125DA EB1B jmp loc_000125F7 000125DC loc_000125DC: ; Xref 000125C4 000125DC 6A00 push 0 000125DE 56 push esi 000125DF FF15F02E0200 call dword ptr [ExFreePoolWithTag] 000125E5 686A250100 push offset off_0001256A 000125EA EB05 jmp loc_000125F1 000125EC loc_000125EC: ; Xref 000125B7 000125EC 6872250100 push offset off_00012572 000125F1 loc_000125F1: ; Xref 000125EA 000125F1 E81AEB0000 call jmp_DbgPrint 000125F6 59 pop ecx 000125F7 loc_000125F7: ; Xref 000125DA 000125F7 5E pop esi 000125F8 loc_000125F8: ; Xref 0001259E 000125F8 5F pop edi 000125F9 5B pop ebx 000125FA C21000 ret 10h 000125FD CC int 3 000125FE off_000125FE: ; Xref 0001265D 000125FE 5449204D73670A00 db 'TI Msg',00Ah,000h 00012606 off_00012606: ; Xref 00012673 00012606 5449204D73670A00 db 'TI Msg',00Ah,000h 0001260E off_0001260E: ; Xref 00012691 0001260E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012616 off_00012616: ; Xref 000126D2 00012616 5449204D73670A00 db 'TI Msg',00Ah,000h 0001261E off_0001261E: ; Xref 00012700 0001261E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012626 off_00012626: ; Xref 00012742 00012626 5449204D73670A00 db 'TI Msg',00Ah,000h 0001262E off_0001262E: ; Xref 00012765 0001262E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012636 off_00012636: ; Xref 0001276C 00012636 5449204D73670A00 db 'TI Msg',00Ah,000h 0001263E off_0001263E: ; Xref 00012777 0001263E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012646 off_00012646: ; Xref 00012791 00012646 5449204D73670A00 db 'TI Msg',00Ah,000h 0001264E fn_0001264E: ; Xref 00013981 0001264E 8B442404 mov eax,[esp+4] 00012652 53 push ebx 00012653 56 push esi 00012654 8B7028 mov esi,[eax+28h] 00012657 8B06 mov eax,[esi] 00012659 57 push edi 0001265A 8B7828 mov edi,[eax+28h] 0001265D 68FE250100 push offset off_000125FE 00012662 E8A9EA0000 call jmp_DbgPrint 00012667 33DB xor ebx,ebx 00012669 385E69 cmp [esi+69h],bl 0001266C 59 pop ecx 0001266D 0F84ED000000 je loc_00012760 00012673 6806260100 push offset off_00012606 00012678 E893EA0000 call jmp_DbgPrint 0001267D 8A4648 mov al,[esi+48h] 00012680 3C01 cmp al,1 00012682 59 pop ecx 00012683 7404 jz loc_00012689 00012685 3C04 cmp al,4 00012687 7545 jnz loc_000126CE 00012689 loc_00012689: ; Xref 00012683 00012689 399E28020000 cmp [esi+228h],ebx 0001268F 743D jz loc_000126CE 00012691 680E260100 push offset off_0001260E 00012696 E875EA0000 call jmp_DbgPrint 0001269B 8B8628020000 mov eax,[esi+228h] 000126A1 59 pop ecx 000126A2 8B4804 mov ecx,[eax+4] 000126A5 53 push ebx 000126A6 FFB62C020000 push dword ptr [esi+22Ch] 000126AC FFB634020000 push dword ptr [esi+234h] 000126B2 FFB630020000 push dword ptr [esi+230h] 000126B8 FFB638020000 push dword ptr [esi+238h] 000126BE 50 push eax 000126BF FF510C call dword ptr [ecx+0Ch] 000126C2 899E28020000 mov [esi+228h],ebx 000126C8 899E2C020000 mov [esi+22Ch],ebx 000126CE loc_000126CE: ; Xref 00012687 0001268F 000126CE 391F cmp [edi],ebx 000126D0 742E jz loc_00012700 000126D2 6816260100 push offset off_00012616 000126D7 E834EA0000 call jmp_DbgPrint 000126DC 59 pop ecx 000126DD 8D8F14010000 lea ecx,[edi+114h] 000126E3 FF15882E0200 call dword ptr [ExAcquireFastMutex] 000126E9 8B4E64 mov ecx,[esi+64h] 000126EC 8B4660 mov eax,[esi+60h] 000126EF 8901 mov [ecx],eax 000126F1 894804 mov [eax+4],ecx 000126F4 8D8F14010000 lea ecx,[edi+114h] 000126FA FF158C2E0200 call dword ptr [ExReleaseFastMutex] 00012700 loc_00012700: ; Xref 000126D0 00012700 681E260100 push offset off_0001261E 00012705 E806EA0000 call jmp_DbgPrint 0001270A 59 pop ecx 0001270B FF742410 push dword ptr [esp+10h] 0001270F FF15BC2E0200 call dword ptr [IoDeleteDevice] 00012715 8B4640 mov eax,[esi+40h] 00012718 8D843808010000 lea eax,[eax+edi+108h] 0001271F 895E04 mov [esi+4],ebx 00012722 3818 cmp [eax],bl 00012724 7451 jz loc_00012777 00012726 8818 mov [eax],bl 00012728 8B4640 mov eax,[esi+40h] 0001272B 8D0C80 lea ecx,[eax+eax*4] 0001272E 89848F44010000 mov [edi+ecx*4+144h],eax 00012735 8B7640 mov esi,[esi+40h] 00012738 83C610 add esi,10h 0001273B 8D04B6 lea eax,[esi+esi*4] 0001273E C6048701 mov byte ptr [edi+eax*4],1 00012742 6826260100 push offset off_00012626 00012747 C687B001000001 mov byte ptr [edi+1B0h],1 0001274E E8BDE90000 call jmp_DbgPrint 00012753 59 pop ecx 00012754 53 push ebx 00012755 FF773C push dword ptr [edi+3Ch] 00012758 FF15C42E0200 call dword ptr [IoInvalidateDeviceRelations] 0001275E EB17 jmp loc_00012777 00012760 loc_00012760: ; Xref 0001266D 00012760 385E68 cmp [esi+68h],bl 00012763 7407 jz loc_0001276C 00012765 682E260100 push offset off_0001262E 0001276A EB05 jmp loc_00012771 0001276C loc_0001276C: ; Xref 00012763 0001276C 6836260100 push offset off_00012636 00012771 loc_00012771: ; Xref 0001276A 00012771 E89AE90000 call jmp_DbgPrint 00012776 59 pop ecx 00012777 loc_00012777: ; Xref 00012724 0001275E 00012777 683E260100 push offset off_0001263E 0001277C E88FE90000 call jmp_DbgPrint 00012781 59 pop ecx 00012782 8B4C2414 mov ecx,[esp+14h] 00012786 32D2 xor dl,dl 00012788 895918 mov [ecx+18h],ebx 0001278B FF15BC2F0200 call dword ptr [IofCompleteRequest] 00012791 6846260100 push offset off_00012646 00012796 E875E90000 call jmp_DbgPrint 0001279B 59 pop ecx 0001279C 5F pop edi 0001279D 5E pop esi 0001279E 33C0 xor eax,eax 000127A0 5B pop ebx 000127A1 C20800 ret 8 000127A4 off_000127A4: ; Xref 000127ED 000127A4 5449204D73670A00 db 'TI Msg',00Ah,000h 000127AC off_000127AC: ; Xref 000127F7 000127AC 5449204D73670A00 db 'TI Msg',00Ah,000h 000127B4 off_000127B4: ; Xref 00012812 000127B4 4800610063006B004D00.. dw 'HackMask',000h 000127C6 0000 add [eax],al 000127C8 off_000127C8: ; Xref 00012817 000127C8 43006C00610073007300.. dw 'Classpnp',000h 000127DA 0000 add [eax],al 000127DC off_000127DC: ; Xref 00012832 000127DC 5449204D73670A00 db 'TI Msg',00Ah,000h 000127E4 fn_000127E4: ; Xref 00013881 000127E4 56 push esi 000127E5 8B742408 mov esi,[esp+8] 000127E9 57 push edi 000127EA 8B7E28 mov edi,[esi+28h] 000127ED 68A4270100 push offset off_000127A4 000127F2 E819E90000 call jmp_DbgPrint 000127F7 C70424AC270100 mov dword ptr [esp],offset off_000127AC 000127FE E80DE90000 call jmp_DbgPrint 00012803 59 pop ecx 00012804 33C0 xor eax,eax 00012806 40 inc eax 00012807 50 push eax 00012808 50 push eax 00012809 56 push esi 0001280A FF15102F0200 call dword ptr [PoSetPowerState] 00012810 6A01 push 1 00012812 68B4270100 push offset off_000127B4 00012817 68C8270100 push offset off_000127C8 0001281C 56 push esi 0001281D E8F6480000 call fn_00017118 00012822 83C76C add edi,6Ch 00012825 57 push edi 00012826 E855DBFFFF call fn_00010380 0001282B 56 push esi 0001282C 57 push edi 0001282D E8E0DCFFFF call fn_00010512 00012832 68DC270100 push offset off_000127DC 00012837 E8D4E80000 call jmp_DbgPrint 0001283C 59 pop ecx 0001283D 5F pop edi 0001283E 33C0 xor eax,eax 00012840 5E pop esi 00012841 C20800 ret 8 00012844 off_00012844: ; Xref 0001285C 00012844 5449204D73670A00 db 'TI Msg',00Ah,000h 0001284C off_0001284C: ; Xref 00012875 0001284C 5449204D73670A00 db 'TI Msg',00Ah,000h 00012854 fn_00012854: ; Xref 00013870 000138D5 00013971 000139E4 00012854 8B442404 mov eax,[esp+4] 00012858 56 push esi 00012859 8B7028 mov esi,[eax+28h] 0001285C 6844280100 push offset off_00012844 00012861 E8AAE80000 call jmp_DbgPrint 00012866 59 pop ecx 00012867 68560000C0 push 0C0000056h 0001286C 83C66C add esi,6Ch 0001286F 56 push esi 00012870 E8B3DEFFFF call fn_00010728 00012875 684C280100 push offset off_0001284C 0001287A E891E80000 call jmp_DbgPrint 0001287F 59 pop ecx 00012880 33C0 xor eax,eax 00012882 5E pop esi 00012883 C20800 ret 8 00012886 off_00012886: ; Xref 000128AD 00012886 5449204D73670A00 db 'TI Msg',00Ah,000h 0001288E fn_0001288E: ; Xref 00013AC2 00013AEC 00013B58 00013B6E 0001288E ; 00013B7F 00013BA4 00013BBB 00013BE2 0001288E ; 00013BF8 00013C09 00013C2E 00013C45 0001288E ; 00013C64 00013C7B 00013C9A 00013CB1 0001288E ; 00013CC3 00013D19 00013D30 00013D60 0001288E ; 00013D77 00013D9D 00013DB4 00013DF6 0001288E ; 00013E0C 00013E1D 00013E3F 00013E56 0001288E ; 00013E76 00013E8C 00013E9D 00013EAE 0001288E ; 00013F19 00013F30 00013F60 00013F77 0001288E ; 00013F9D 00013FB4 00013FF6 0001400C 0001288E ; 0001401D 0001403F 00014056 00014076 0001288E ; 0001408C 0001409D 000140AE 000140EE 0001288E 56 push esi 0001288F 57 push edi 00012890 FF74240C push dword ptr [esp+0Ch] 00012894 FF15142F0200 call dword ptr [wcslen] 0001289A 8BF0 mov esi,eax 0001289C 59 pop ecx 0001289D 8D7C3604 lea edi,[esi+esi+4] 000128A1 57 push edi 000128A2 E8F3190000 call fn_0001429A 000128A7 8BD0 mov edx,eax 000128A9 85D2 test edx,edx 000128AB 750F jnz loc_000128BC 000128AD 6886280100 push offset off_00012886 000128B2 E859E80000 call jmp_DbgPrint 000128B7 59 pop ecx 000128B8 33C0 xor eax,eax 000128BA EB23 jmp loc_000128DF 000128BC loc_000128BC: ; Xref 000128AB 000128BC 8BCF mov ecx,edi 000128BE 53 push ebx 000128BF 8BD9 mov ebx,ecx 000128C1 C1E902 shr ecx,2 000128C4 33C0 xor eax,eax 000128C6 8BFA mov edi,edx 000128C8 F3AB rep stosd 000128CA 8BCB mov ecx,ebx 000128CC 83E103 and ecx,3 000128CF F3AA rep stosb 000128D1 8BCE mov ecx,esi 000128D3 8B742410 mov esi,[esp+10h] 000128D7 8BFA mov edi,edx 000128D9 66F3A5 rep movsw 000128DC 8BC2 mov eax,edx 000128DE 5B pop ebx 000128DF loc_000128DF: ; Xref 000128BA 000128DF 5F pop edi 000128E0 5E pop esi 000128E1 C20400 ret 4 000128E4 off_000128E4: ; Xref 00012902 000128E4 5449204D73670A00 db 'TI Msg',00Ah,000h 000128EC off_000128EC: ; Xref 0001293A 000128EC 5449204D73670A00 db 'TI Msg',00Ah,000h 000128F4 fn_000128F4: ; Xref 00013A1A 000128F4 57 push edi 000128F5 8B7C240C mov edi,[esp+0Ch] 000128F9 8B4760 mov eax,[edi+60h] 000128FC 83780404 cmp dword ptr [eax+4],4 00012900 7410 jz loc_00012912 00012902 68E4280100 push offset off_000128E4 00012907 E804E80000 call jmp_DbgPrint 0001290C 8B4718 mov eax,[edi+18h] 0001290F 59 pop ecx 00012910 EB39 jmp loc_0001294B 00012912 loc_00012912: ; Xref 00012900 00012912 56 push esi 00012913 6A08 push 8 00012915 E880190000 call fn_0001429A 0001291A 8BF0 mov esi,eax 0001291C 85F6 test esi,esi 0001291E 7507 jnz loc_00012927 00012920 B89A0000C0 mov eax,0C000009Ah 00012925 EB23 jmp loc_0001294A 00012927 loc_00012927: ; Xref 0001291E 00012927 8B4C240C mov ecx,[esp+0Ch] 0001292B C70601000000 mov dword ptr [esi],1 00012931 894E04 mov [esi+4],ecx 00012934 FF15F42E0200 call dword ptr [ObfReferenceObject] 0001293A 68EC280100 push offset off_000128EC 0001293F E8CCE70000 call jmp_DbgPrint 00012944 59 pop ecx 00012945 33C0 xor eax,eax 00012947 89771C mov [edi+1Ch],esi 0001294A loc_0001294A: ; Xref 00012925 0001294A 5E pop esi 0001294B loc_0001294B: ; Xref 00012910 0001294B 5F pop edi 0001294C C20800 ret 8 0001294F CC int 3 00012950 off_00012950: ; Xref 000129C3 00012950 5449204D73670A00 db 'TI Msg',00Ah,000h 00012958 off_00012958: ; Xref 000129D3 00012958 5449204D73670A00 db 'TI Msg',00Ah,000h 00012960 fn_00012960: ; Xref 00013A04 00012960 8B442404 mov eax,[esp+4] 00012964 8B4028 mov eax,[eax+28h] 00012967 8B00 mov eax,[eax] 00012969 8B4828 mov ecx,[eax+28h] 0001296C 8B442408 mov eax,[esp+8] 00012970 8B4060 mov eax,[eax+60h] 00012973 56 push esi 00012974 8B7004 mov esi,[eax+4] 00012977 33C0 xor eax,eax 00012979 40 inc eax 0001297A 66394602 cmp [esi+2],ax 0001297E 757C jnz loc_000129FC 00012980 66833E40 cmp word ptr [esi],40h 00012984 7276 jb loc_000129FC 00012986 8B5604 mov edx,[esi+4] 00012989 894614 mov [esi+14h],eax 0001298C 6A04 push 4 0001298E 58 pop eax 0001298F 81E2D002FCFF and edx,0FFFC02D0h 00012995 894618 mov [esi+18h],eax 00012998 89461C mov [esi+1Ch],eax 0001299B 894620 mov [esi+20h],eax 0001299E 894624 mov [esi+24h],eax 000129A1 894628 mov [esi+28h],eax 000129A4 33C0 xor eax,eax 000129A6 83CA10 or edx,10h 000129A9 89462C mov [esi+2Ch],eax 000129AC 894630 mov [esi+30h],eax 000129AF 894634 mov [esi+34h],eax 000129B2 894638 mov [esi+38h],eax 000129B5 89463C mov [esi+3Ch],eax 000129B8 895604 mov [esi+4],edx 000129BB 3981F0000000 cmp [ecx+0F0h],eax 000129C1 7410 jz loc_000129D3 000129C3 6850290100 push offset off_00012950 000129C8 E843E70000 call jmp_DbgPrint 000129CD 806605FD and byte ptr [esi+5],0FDh 000129D1 EB0E jmp loc_000129E1 000129D3 loc_000129D3: ; Xref 000129C1 000129D3 6858290100 push offset off_00012958 000129D8 E833E70000 call jmp_DbgPrint 000129DD 804E0502 or byte ptr [esi+5],2 000129E1 loc_000129E1: ; Xref 000129D1 000129E1 8B4604 mov eax,[esi+4] 000129E4 834E08FF or dword ptr [esi+8],0FFFFFFFFh 000129E8 834E0CFF or dword ptr [esi+0Ch],0FFFFFFFFh 000129EC 83E0BF and eax,0FFFFFFBFh 000129EF 0D80000000 or eax,80h 000129F4 894604 mov [esi+4],eax 000129F7 59 pop ecx 000129F8 33C0 xor eax,eax 000129FA EB05 jmp loc_00012A01 000129FC loc_000129FC: ; Xref 0001297E 00012984 000129FC B8010000C0 mov eax,0C0000001h 00012A01 loc_00012A01: ; Xref 000129FA 00012A01 5E pop esi 00012A02 C20800 ret 8 00012A05 CC int 3 00012A06 off_00012A06: ; Xref 00012A34 00012A06 5449204D73670A00 db 'TI Msg',00Ah,000h 00012A0E off_00012A0E: ; Xref 00012A3E 00012A0E 5449204D73670A00 db 'TI Msg',00Ah,000h 00012A16 off_00012A16: ; Xref 00012A5B 00012A16 5449204D73670A00 db 'TI Msg',00Ah,000h 00012A1E off_00012A1E: ; Xref 000228DA 00012A1E 8B4C2404 mov ecx,[esp+4] 00012A22 56 push esi 00012A23 57 push edi 00012A24 FF15B82F0200 call dword ptr [ObfDereferenceObject] 00012A2A 8B742410 mov esi,[esp+10h] 00012A2E 8B4660 mov eax,[esi+60h] 00012A31 8B7804 mov edi,[eax+4] 00012A34 68062A0100 push offset off_00012A06 00012A39 E8D2E60000 call jmp_DbgPrint 00012A3E C704240E2A0100 mov dword ptr [esp],offset off_00012A0E 00012A45 E8C6E60000 call jmp_DbgPrint 00012A4A 817E18BB0000C0 cmp dword ptr [esi+18h],0C00000BBh 00012A51 59 pop ecx 00012A52 751B jnz loc_00012A6F 00012A54 837C241400 cmp dword ptr [esp+14h],0 00012A59 7420 jz loc_00012A7B 00012A5B 68162A0100 push offset off_00012A16 00012A60 C74718010000C0 mov dword ptr [edi+18h],0C0000001h 00012A67 E8A4E60000 call jmp_DbgPrint 00012A6C 59 pop ecx 00012A6D EB0C jmp loc_00012A7B 00012A6F loc_00012A6F: ; Xref 00012A52 00012A6F 8B4618 mov eax,[esi+18h] 00012A72 894718 mov [edi+18h],eax 00012A75 8B461C mov eax,[esi+1Ch] 00012A78 89471C mov [edi+1Ch],eax 00012A7B loc_00012A7B: ; Xref 00012A59 00012A6D 00012A7B 8B461C mov eax,[esi+1Ch] 00012A7E 56 push esi 00012A7F 89471C mov [edi+1Ch],eax 00012A82 FF15202F0200 call dword ptr [IoFreeIrp] 00012A88 32D2 xor dl,dl 00012A8A 8BCF mov ecx,edi 00012A8C FF15BC2F0200 call dword ptr [IofCompleteRequest] 00012A92 5F pop edi 00012A93 B8160000C0 mov eax,0C0000016h 00012A98 5E pop esi 00012A99 C20C00 ret 0Ch 00012A9C off_00012A9C: ; Xref 00013850 00012A9C 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AA4 off_00012AA4: ; Xref 00013863 00012AA4 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AAC off_00012AAC: ; Xref 00013899 00012AAC 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AB4 off_00012AB4: ; Xref 000138C7 00012AB4 5449204D73670A00 db 'TI Msg',00Ah,000h 00012ABC off_00012ABC: ; Xref 000138EB 00012ABC 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AC4 off_00012AC4: ; Xref 000138FC 00012AC4 5449204D73670A00 db 'TI Msg',00Ah,000h 00012ACC off_00012ACC: ; Xref 00013912 00012ACC 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AD4 off_00012AD4: ; Xref 00013923 00012AD4 5449204D73670A00 db 'TI Msg',00Ah,000h 00012ADC off_00012ADC: ; Xref 0001393B 00012ADC 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AE4 off_00012AE4: ; Xref 0001395D 00012AE4 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AEC off_00012AEC: ; Xref 00013986 00012AEC 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AF4 off_00012AF4: ; Xref 00013998 00012AF4 5449204D73670A00 db 'TI Msg',00Ah,000h 00012AFC off_00012AFC: ; Xref 000139A9 00012AFC 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B04 off_00012B04: ; Xref 000139D6 00012B04 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B0C off_00012B0C: ; Xref 000139F5 00012B0C 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B14 off_00012B14: ; Xref 00013A0B 00012B14 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B1C off_00012B1C: ; Xref 00013A27 00012B1C 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B24 off_00012B24: ; Xref 00013A3D 00012B24 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B2C off_00012B2C: ; Xref 00013A75 00012B2C 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B34 off_00012B34: ; Xref 00013A99 00012B34 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B3C off_00012B3C: ; Xref 00013AAC 00012B3C 25003000330058000000 dw '%03X',000h 00012B46 0000 add [eax],al 00012B48 off_00012B48: ; Xref 00013AD1 00012B48 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B50 off_00012B50: ; Xref 00013ADB 00012B50 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B58 off_00012B58: ; Xref 00013AE5 00012B58 470065006E0044006900.. dw 'GenDisk',000h 00012B68 off_00012B68: ; Xref 00013AFB 00012B68 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B70 off_00012B70: ; Xref 00013B05 00012B70 5449204D73670A00 db 'TI Msg',00Ah,000h 00012B78 off_00012B78: ; Xref 00013B42 00012B78 46006C00610073006800.. dw 'FlashMedia\UnknownDevice',000h 00012BAA 0000 add [eax],al 00012BAC off_00012BAC: ; Xref 00013B53 00012BAC 46006C00610073006800.. dw 'FlashMedia\SdDevice0',000h 00012BD6 0000 add [eax],al 00012BD8 off_00012BD8: ; Xref 00013B69 00012BD8 46006C00610073006800.. dw 'FlashMedia\SdDevice1',000h 00012C02 0000 add [eax],al 00012C04 off_00012C04: ; Xref 00013B7A 00012C04 46006C00610073006800.. dw 'FlashMedia\SdDevice2',000h 00012C2E 0000 add [eax],al 00012C30 off_00012C30: ; Xref 00013B8F 00012C30 46006C00610073006800.. dw 'FlashMedia\SdDevice3',000h 00012C5A 0000 add [eax],al 00012C5C off_00012C5C: ; Xref 00013B9F 00012C5C 46006C00610073006800.. dw 'FlashMedia\MemoryStickProDevice0',000h 00012C9E 0000 add [eax],al 00012CA0 0000 add [eax],al 00012CA2 0000 add [eax],al 00012CA4 off_00012CA4: ; Xref 00013BB6 00012CA4 46006C00610073006800.. dw 'FlashMedia\MemoryStickProDevice1',000h 00012CE6 0000 add [eax],al 00012CE8 0000 add [eax],al 00012CEA 0000 add [eax],al 00012CEC off_00012CEC: ; Xref 00013BCC 00012CEC 46006C00610073006800.. dw 'FlashMedia\MemoryStickProDevice2',000h 00012D2E 0000 add [eax],al 00012D30 off_00012D30: ; Xref 00013BDD 00012D30 46006C00610073006800.. dw 'FlashMedia\MmcDevice0',000h 00012D5C off_00012D5C: ; Xref 00013BF3 00012D5C 46006C00610073006800.. dw 'FlashMedia\MmcDevice1',000h 00012D88 off_00012D88: ; Xref 00013C04 00012D88 46006C00610073006800.. dw 'FlashMedia\MmcDevice2',000h 00012DB4 off_00012DB4: ; Xref 00013C19 00012DB4 46006C00610073006800.. dw 'FlashMedia\MmcDevice3',000h 00012DE0 off_00012DE0: ; Xref 00013C29 00012DE0 46006C00610073006800.. dw 'FlashMedia\XDDevice0',000h 00012E0A 0000 add [eax],al 00012E0C off_00012E0C: ; Xref 00013C40 00012E0C 46006C00610073006800.. dw 'FlashMedia\XDDevice1',000h 00012E36 0000 add [eax],al 00012E38 off_00012E38: ; Xref 00013C52 00012E38 46006C00610073006800.. dw 'FlashMedia\XDDevice2',000h 00012E62 0000 add [eax],al 00012E64 off_00012E64: ; Xref 00013C5F 00012E64 46006C00610073006800.. dw 'FlashMedia\MemoryStickDevice0',000h 00012EA0 off_00012EA0: ; Xref 00013C76 00012EA0 46006C00610073006800.. dw 'FlashMedia\MemoryStickDevice1',000h 00012EDC off_00012EDC: ; Xref 00013C88 00012EDC 46006C00610073006800.. dw 'FlashMedia\MemoryStickDevice2',000h 00012F18 off_00012F18: ; Xref 00013C95 00012F18 46006C00610073006800.. dw 'FlashMedia\SmartMediaDevice0',000h 00012F52 0000 add [eax],al 00012F54 off_00012F54: ; Xref 00013CAC 00012F54 46006C00610073006800.. dw 'FlashMedia\SmartMediaDevice1',000h 00012F8E 0000 add [eax],al 00012F90 off_00012F90: ; Xref 00013CBE 00012F90 46006C00610073006800.. dw 'FlashMedia\SmartMediaDevice2',000h 00012FCA 0000 add [eax],al 00012FCC off_00012FCC: ; Xref 00013CD2 00012FCC 5449204D73670A00 db 'TI Msg',00Ah,000h 00012FD4 off_00012FD4: ; Xref 00013CDC 00012FD4 5449204D73670A00 db 'TI Msg',00Ah,000h 00012FDC off_00012FDC: ; Xref 00013D14 00012FDC 46006C00610073006800.. dw 'FlashMedia\XDDevice0',000h 00013006 0000 add [eax],al 00013008 off_00013008: ; Xref 00013D2B 00013008 46006C00610073006800.. dw 'FlashMedia\XDDevice1',000h 00013032 0000 add [eax],al 00013034 off_00013034: ; Xref 00013D41 00013034 46006C00610073006800.. dw 'FlashMedia\XDDevice2',000h 0001305E 0000 add [eax],al 00013060 off_00013060: ; Xref 00013D4B 00013060 46006C00610073006800.. dw 'FlashMedia\MmcSd',000h 00013082 0000 add [eax],al 00013084 off_00013084: ; Xref 00013D5B 00013084 46006C00610073006800.. dw 'FlashMedia\SmartMediaDevice0',000h 000130BE 0000 add [eax],al 000130C0 off_000130C0: ; Xref 00013D72 000130C0 46006C00610073006800.. dw 'FlashMedia\SmartMediaDevice1',000h 000130FA 0000 add [eax],al 000130FC off_000130FC: ; Xref 00013D88 000130FC 46006C00610073006800.. dw 'FlashMedia\SmartMediaDevice2',000h 00013136 0000 add [eax],al 00013138 off_00013138: ; Xref 00013D98 00013138 46006C00610073006800.. dw 'FlashMedia\MemoryStickDevice0',000h 00013174 off_00013174: ; Xref 00013DAF 00013174 46006C00610073006800.. dw 'FlashMedia\MemoryStickDevice1',000h 000131B0 off_000131B0: ; Xref 00013DC5 000131B0 46006C00610073006800.. dw 'FlashMedia\MemoryStickDevice2',000h 000131EC off_000131EC: ; Xref 00013DE0 000131EC 46006C00610073006800.. dw 'FlashMedia\UnknownDevice',000h 0001321E 0000 add [eax],al 00013220 off_00013220: ; Xref 00013DF1 00013220 46006C00610073006800.. dw 'FlashMedia\SdDevice0',000h 0001324A 0000 add [eax],al 0001324C off_0001324C: ; Xref 00013E07 0001324C 46006C00610073006800.. dw 'FlashMedia\SdDevice1',000h 00013276 0000 add [eax],al 00013278 off_00013278: ; Xref 00013E18 00013278 46006C00610073006800.. dw 'FlashMedia\SdDevice2',000h 000132A2 0000 add [eax],al 000132A4 off_000132A4: ; Xref 00013E2D 000132A4 46006C00610073006800.. dw 'FlashMedia\SdDevice3',000h 000132CE 0000 add [eax],al 000132D0 0000 add [eax],al 000132D2 0000 add [eax],al 000132D4 off_000132D4: ; Xref 00013E3A 000132D4 46006C00610073006800.. dw 'FlashMedia\MemoryStickProDevice0',000h 00013316 0000 add [eax],al 00013318 0000 add [eax],al 0001331A 0000 add [eax],al 0001331C off_0001331C: ; Xref 00013E51 0001331C 46006C00610073006800.. dw 'FlashMedia\MemoryStickProDevice1',000h 0001335E 0000 add [eax],al 00013360 0000 add [eax],al 00013362 0000 add [eax],al 00013364 off_00013364: ; Xref 00013E63 00013364 46006C00610073006800.. dw 'FlashMedia\MemoryStickProDevice2',000h 000133A6 0000 add [eax],al 000133A8 off_000133A8: ; Xref 00013E71 000133A8 46006C00610073006800.. dw 'FlashMedia\MmcDevice0',000h 000133D4 off_000133D4: ; Xref 00013E87 000133D4 46006C00610073006800.. dw 'FlashMedia\MmcDevice1',000h 00013400 off_00013400: ; Xref 00013E98 00013400 46006C00610073006800.. dw 'FlashMedia\MmcDevice2',000h 0001342C off_0001342C: ; Xref 00013EA9 0001342C 46006C00610073006800.. dw 'FlashMedia\MmcDevice3',000h 00013458 off_00013458: ; Xref 00013EBD 00013458 5449204D73670A00 db 'TI Msg',00Ah,000h 00013460 off_00013460: ; Xref 00013EC7 00013460 5449204D73670A00 db 'TI Msg',00Ah,000h 00013468 off_00013468: ; Xref 00013EDD 00013468 5449204D73670A00 db 'TI Msg',00Ah,000h 00013470 off_00013470: ; Xref 00013F14 00013470 58004400300020004400.. dw 'XD0 Device',000h 00013486 0000 add [eax],al 00013488 off_00013488: ; Xref 00013F2B 00013488 58004400310020004400.. dw 'XD1 Device',000h 0001349E 0000 add [eax],al 000134A0 off_000134A0: ; Xref 00013F41 000134A0 58004400320020004400.. dw 'XD2 Device',000h 000134B6 0000 add [eax],al 000134B8 off_000134B8: ; Xref 00013F4B 000134B8 4D006D00630053006400.. dw 'MmcSd Device',000h 000134D2 0000 add [eax],al 000134D4 off_000134D4: ; Xref 00013F5B 000134D4 53006D00610072007400.. dw 'SmartMedia0 Device',000h 000134FA 0000 add [eax],al 000134FC off_000134FC: ; Xref 00013F72 000134FC 53006D00610072007400.. dw 'SmartMedia1 Device',000h 00013522 0000 add [eax],al 00013524 off_00013524: ; Xref 00013F88 00013524 53006D00610072007400.. dw 'SmartMedia2 Device',000h 0001354A 0000 add [eax],al 0001354C off_0001354C: ; Xref 00013F98 0001354C 4D0065006D006F007200.. dw 'MemoryStick0 Device',000h 00013574 off_00013574: ; Xref 00013FAF 00013574 4D0065006D006F007200.. dw 'MemoryStick1 Device',000h 0001359C off_0001359C: ; Xref 00013FC5 0001359C 4D0065006D006F007200.. dw 'MemoryStick2 Device',000h 000135C4 off_000135C4: ; Xref 00013FE0 000135C4 55006E006B006E006F00.. dw 'Unknown Device',000h 000135E2 0000 add [eax],al 000135E4 off_000135E4: ; Xref 00013FF1 000135E4 53004400300020004400.. dw 'SD0 Device',000h 000135FA 0000 add [eax],al 000135FC off_000135FC: ; Xref 00014007 000135FC 53004400310020004400.. dw 'SD1 Device',000h 00013612 0000 add [eax],al 00013614 off_00013614: ; Xref 00014018 00013614 53004400320020004400.. dw 'SD2 Device',000h 0001362A 0000 add [eax],al 0001362C off_0001362C: ; Xref 0001402D 0001362C 53004400330020004400.. dw 'SD3 Device',000h 00013642 0000 add [eax],al 00013644 off_00013644: ; Xref 0001403A 00013644 4D0065006D006F007200.. dw 'MemoryStickPro0 Device',000h 00013672 0000 add [eax],al 00013674 off_00013674: ; Xref 00014051 00013674 4D0065006D006F007200.. dw 'MemoryStickPro1 Device',000h 000136A2 0000 add [eax],al 000136A4 off_000136A4: ; Xref 00014063 000136A4 4D0065006D006F007200.. dw 'MemoryStickPro2 Device',000h 000136D2 0000 add [eax],al 000136D4 off_000136D4: ; Xref 00014071 000136D4 4D004D00430030002000.. dw 'MMC0 Device',000h 000136EC off_000136EC: ; Xref 00014087 000136EC 4D004D00430031002000.. dw 'MMC1 Device',000h 00013704 off_00013704: ; Xref 00014098 00013704 4D004D00430032002000.. dw 'MMC2 Device',000h 0001371C off_0001371C: ; Xref 000140A9 0001371C 4D004D00430033002000.. dw 'MMC3 Device',000h 00013734 off_00013734: ; Xref 000140B9 00013734 5449204D73670A00 db 'TI Msg',00Ah,000h 0001373C off_0001373C: ; Xref 000140C5 0001373C 5449204D73670A00 db 'TI Msg',00Ah,000h 00013744 off_00013744: ; Xref 000140D8 00013744 46006C00610073006800.. dw 'FlashMedia %d',000h 00013760 off_00013760: ; Xref 000140F9 00013760 5449204D73670A00 db 'TI Msg',00Ah,000h 00013768 off_00013768: ; Xref 0001410E 00013768 5449204D73670A00 db 'TI Msg',00Ah,000h 00013770 off_00013770: ; Xref 00014129 00013770 5449204D73670A00 db 'TI Msg',00Ah,000h 00013778 off_00013778: ; Xref 00014133 00013778 5449204D73670A00 db 'TI Msg',00Ah,000h 00013780 off_00013780: ; Xref 0001413D 00013780 5449204D73670A00 db 'TI Msg',00Ah,000h 00013788 off_00013788: ; Xref 00014147 00013788 5449204D73670A00 db 'TI Msg',00Ah,000h 00013790 off_00013790: ; Xref 0001415D 00013790 5449204D73670A00 db 'TI Msg',00Ah,000h 00013798 off_00013798: ; Xref 00014164 00013798 5449204D73670A00 db 'TI Msg',00Ah,000h 000137A0 off_000137A0: ; Xref 0001416E 000137A0 5449204D73670A00 db 'TI Msg',00Ah,000h 000137A8 off_000137A8: ; Xref 00014184 000137A8 5449204D73670A00 db 'TI Msg',00Ah,000h 000137B0 off_000137B0: ; Xref 0001418B 000137B0 5449204D73670A00 db 'TI Msg',00Ah,000h 000137B8 off_000137B8: ; Xref 00014195 000137B8 5449204D73670A00 db 'TI Msg',00Ah,000h 000137C0 off_000137C0: ; Xref 000141AB 000137C0 5449204D73670A00 db 'TI Msg',00Ah,000h 000137C8 off_000137C8: ; Xref 000141BC 000137C8 5449204D73670A00 db 'TI Msg',00Ah,000h 000137D0 off_000137D0: ; Xref 000141C6 000137D0 5449204D73670A00 db 'TI Msg',00Ah,000h 000137D8 off_000137D8: ; Xref 000141CF 000137D8 5449204D73670A00 db 'TI Msg',00Ah,000h 000137E0 off_000137E0: ; Xref 000141D9 000137E0 5449204D73670A00 db 'TI Msg',00Ah,000h 000137E8 off_000137E8: ; Xref 000141E2 000137E8 5449204D73670A00 db 'TI Msg',00Ah,000h 000137F0 off_000137F0: ; Xref 000141E9 000137F0 5449204D73670A00 db 'TI Msg',00Ah,000h 000137F8 off_000137F8: ; Xref 000141F0 000137F8 5449204D73670A00 db 'TI Msg',00Ah,000h 00013800 off_00013800: ; Xref 000141F7 00013800 5449204D73670A00 db 'TI Msg',00Ah,000h 00013808 off_00013808: ; Xref 0001420E 00013808 5449204D73670A00 db 'TI Msg',00Ah,000h 00013810 off_00013810: ; Xref 00014218 00013810 5449204D73670A00 db 'TI Msg',00Ah,000h 00013818 fn_00013818: ; Xref 00021365 00013818 55 push ebp 00013819 8BEC mov ebp,esp 0001381B 81EC94010000 sub esp,194h 00013821 8B450C mov eax,[ebp+0Ch] 00013824 53 push ebx 00013825 8B5860 mov ebx,[eax+60h] 00013828 8B4018 mov eax,[eax+18h] 0001382B 56 push esi 0001382C 57 push edi 0001382D 8B7D08 mov edi,[ebp+8] 00013830 8B7728 mov esi,[edi+28h] 00013833 8A4E40 mov cl,[esi+40h] 00013836 8945FC mov [ebp-4],eax 00013839 0FB64301 movzx eax,byte ptr [ebx+1] 0001383D 83F818 cmp eax,18h 00013840 884D0B mov [ebp+0Bh],cl 00013843 0F87C5090000 jnbe loc_0001420E 00013849 FF248535420100 jmp dword ptr [off_00014235+eax*4] 00013850 off_00013850: ; Xref 00014235 00013850 689C2A0100 push offset off_00012A9C 00013855 E8B6D80000 call jmp_DbgPrint 0001385A 33DB xor ebx,ebx 0001385C 43 inc ebx 0001385D 395E10 cmp [esi+10h],ebx 00013860 59 pop ecx 00013861 751A jnz loc_0001387D 00013863 68A42A0100 push offset off_00012AA4 00013868 E8A3D80000 call jmp_DbgPrint 0001386D 59 pop ecx 0001386E 53 push ebx 0001386F 57 push edi 00013870 E8DFEFFFFF call fn_00012854 00013875 85C0 test eax,eax 00013877 7C04 jl loc_0001387D 00013879 83661000 and dword ptr [esi+10h],0 0001387D loc_0001387D: ; Xref 00013861 00013877 0001387D FF750C push dword ptr [ebp+0Ch] 00013880 57 push edi 00013881 E85EEFFFFF call fn_000127E4 00013886 85C0 test eax,eax 00013888 8945FC mov [ebp-4],eax 0001388B 0F8C7D080000 jl loc_0001410E 00013891 895E10 mov [esi+10h],ebx 00013894 E975080000 jmp loc_0001410E 00013899 off_00013899: ; Xref 00014249 00013899 68AC2A0100 push offset off_00012AAC 0001389E E86DD80000 call jmp_DbgPrint 000138A3 59 pop ecx 000138A4 8D466C lea eax,[esi+6Ch] 000138A7 50 push eax 000138A8 E837CBFFFF call fn_000103E4 000138AD 84C0 test al,al 000138AF 740A jz loc_000138BB 000138B1 loc_000138B1: ; Xref 00013946 000138B1 68010000C0 push 0C0000001h 000138B6 E961080000 jmp loc_0001411C 000138BB loc_000138BB: ; Xref 000138AF 000138BB C7461002000000 mov dword ptr [esi+10h],2 000138C2 E943080000 jmp loc_0001410A 000138C7 off_000138C7: ; Xref 00014245 000138C7 68B42A0100 push offset off_00012AB4 000138CC E83FD80000 call jmp_DbgPrint 000138D1 59 pop ecx 000138D2 6A01 push 1 000138D4 57 push edi 000138D5 E87AEFFFFF call fn_00012854 000138DA 85C0 test eax,eax 000138DC 0F8C28080000 jl loc_0001410A 000138E2 83661000 and dword ptr [esi+10h],0 000138E6 E91F080000 jmp loc_0001410A 000138EB off_000138EB: ; Xref 0001424D 000138EB 68BC2A0100 push offset off_00012ABC 000138F0 E81BD80000 call jmp_DbgPrint 000138F5 837E1002 cmp dword ptr [esi+10h],2 000138F9 59 pop ecx 000138FA 740A jz loc_00013906 000138FC 68C42A0100 push offset off_00012AC4 00013901 E9A8000000 jmp loc_000139AE 00013906 loc_00013906: ; Xref 000138FA 00013906 C7461001000000 mov dword ptr [esi+10h],1 0001390D E9B5000000 jmp loc_000139C7 00013912 off_00013912: ; Xref 00014239 00013912 68CC2A0100 push offset off_00012ACC 00013917 E8F4D70000 call jmp_DbgPrint 0001391C 837E1001 cmp dword ptr [esi+10h],1 00013920 59 pop ecx 00013921 7528 jnz loc_0001394B 00013923 68D42A0100 push offset off_00012AD4 00013928 E8E3D70000 call jmp_DbgPrint 0001392D 59 pop ecx 0001392E 8D466C lea eax,[esi+6Ch] 00013931 50 push eax 00013932 E8ADCAFFFF call fn_000103E4 00013937 84C0 test al,al 00013939 7410 jz loc_0001394B 0001393B 68DC2A0100 push offset off_00012ADC 00013940 E8CBD70000 call jmp_DbgPrint 00013945 59 pop ecx 00013946 E966FFFFFF jmp loc_000138B1 0001394B loc_0001394B: ; Xref 00013921 00013939 0001394B 8B4610 mov eax,[esi+10h] 0001394E 894614 mov [esi+14h],eax 00013951 C7461003000000 mov dword ptr [esi+10h],3 00013958 E9AD070000 jmp loc_0001410A 0001395D off_0001395D: ; Xref 0001423D 0001395D 68E42A0100 push offset off_00012AE4 00013962 E8A9D70000 call jmp_DbgPrint 00013967 837E1004 cmp dword ptr [esi+10h],4 0001396B 59 pop ecx 0001396C 7408 jz loc_00013976 0001396E 6A01 push 1 00013970 57 push edi 00013971 E8DEEEFFFF call fn_00012854 00013976 loc_00013976: ; Xref 0001396C 00013976 FF750C push dword ptr [ebp+0Ch] 00013979 C7461005000000 mov dword ptr [esi+10h],5 00013980 57 push edi 00013981 E8C8ECFFFF call fn_0001264E 00013986 68EC2A0100 push offset off_00012AEC 0001398B E880D70000 call jmp_DbgPrint 00013990 59 pop ecx 00013991 33C0 xor eax,eax 00013993 E996080000 jmp loc_0001422E 00013998 off_00013998: ; Xref 00014241 00013998 68F42A0100 push offset off_00012AF4 0001399D E86ED70000 call jmp_DbgPrint 000139A2 837E1003 cmp dword ptr [esi+10h],3 000139A6 59 pop ecx 000139A7 740F jz loc_000139B8 000139A9 68FC2A0100 push offset off_00012AFC 000139AE loc_000139AE: ; Xref 00013901 000139AE E85DD70000 call jmp_DbgPrint 000139B3 E951070000 jmp loc_00014109 000139B8 loc_000139B8: ; Xref 000139A7 000139B8 8B4614 mov eax,[esi+14h] 000139BB 83F801 cmp eax,1 000139BE 894610 mov [esi+10h],eax 000139C1 0F8543070000 jne loc_0001410A 000139C7 loc_000139C7: ; Xref 0001390D 000139C7 57 push edi 000139C8 83C66C add esi,6Ch 000139CB 56 push esi 000139CC E841CBFFFF call fn_00010512 000139D1 E934070000 jmp loc_0001410A 000139D6 off_000139D6: ; Xref 00014291 000139D6 68042B0100 push offset off_00012B04 000139DB E830D70000 call jmp_DbgPrint 000139E0 59 pop ecx 000139E1 6A00 push 0 000139E3 57 push edi 000139E4 E86BEEFFFF call fn_00012854 000139E9 C7461004000000 mov dword ptr [esi+10h],4 000139F0 E915070000 jmp loc_0001410A 000139F5 off_000139F5: ; Xref 00014259 000139F5 680C2B0100 push offset off_00012B0C 000139FA E811D70000 call jmp_DbgPrint 000139FF 59 pop ecx 00013A00 FF750C push dword ptr [ebp+0Ch] 00013A03 57 push edi 00013A04 E857EFFFFF call fn_00012960 00013A09 EB14 jmp loc_00013A1F 00013A0B off_00013A0B: ; Xref 00014251 00013A0B 68142B0100 push offset off_00012B14 00013A10 E8FBD60000 call jmp_DbgPrint 00013A15 59 pop ecx 00013A16 FF750C push dword ptr [ebp+0Ch] 00013A19 57 push edi 00013A1A E8D5EEFFFF call fn_000128F4 00013A1F loc_00013A1F: ; Xref 00013A09 00013A1F 8945FC mov [ebp-4],eax 00013A22 E9E7060000 jmp loc_0001410E 00013A27 off_00013A27: ; Xref 00014289 00013A27 681C2B0100 push offset off_00012B1C 00013A2C E8DFD60000 call jmp_DbgPrint 00013A31 59 pop ecx 00013A32 6A18 push 18h 00013A34 E861080000 call fn_0001429A 00013A39 85C0 test eax,eax 00013A3B 7517 jnz loc_00013A54 00013A3D 68242B0100 push offset off_00012B24 00013A42 E8C9D60000 call jmp_DbgPrint 00013A47 59 pop ecx 00013A48 C745FC9A0000C0 mov dword ptr [ebp-4],0C000009Ah 00013A4F E9BA060000 jmp loc_0001410E 00013A54 loc_00013A54: ; Xref 00013A3B 00013A54 8B4D0C mov ecx,[ebp+0Ch] 00013A57 83601400 and dword ptr [eax+14h],0 00013A5B BEEC2F0200 mov esi,offset off_00022FEC 00013A60 8BF8 mov edi,eax 00013A62 A5 movsd 00013A63 A5 movsd 00013A64 A5 movsd 00013A65 A5 movsd 00013A66 C740100F000000 mov dword ptr [eax+10h],0Fh 00013A6D 89411C mov [ecx+1Ch],eax 00013A70 E995060000 jmp loc_0001410A 00013A75 off_00013A75: ; Xref 00014281 00013A75 682C2B0100 push offset off_00012B2C 00013A7A E891D60000 call jmp_DbgPrint 00013A7F 8B5B04 mov ebx,[ebx+4] 00013A82 83EB00 sub ebx,0 00013A85 59 pop ecx 00013A86 0F8450020000 je loc_00013CDC 00013A8C 4B dec ebx 00013A8D 7476 jz loc_00013B05 00013A8F 4B dec ebx 00013A90 7449 jz loc_00013ADB 00013A92 4B dec ebx 00013A93 0F8575060000 jne loc_0001410E 00013A99 68342B0100 push offset off_00012B34 00013A9E E86DD60000 call jmp_DbgPrint 00013AA3 FF7650 push dword ptr [esi+50h] 00013AA6 8D856CFEFFFF lea eax,[ebp-194h] 00013AAC 683C2B0100 push offset off_00012B3C 00013AB1 50 push eax 00013AB2 FF15282F0200 call dword ptr [swprintf] 00013AB8 83C410 add esp,10h 00013ABB 8D856CFEFFFF lea eax,[ebp-194h] 00013AC1 50 push eax 00013AC2 E8C7EDFFFF call fn_0001288E 00013AC7 8BF0 mov esi,eax 00013AC9 85F6 test esi,esi 00013ACB 0F843D060000 je loc_0001410E 00013AD1 68482B0100 push offset off_00012B48 00013AD6 E923060000 jmp loc_000140FE 00013ADB loc_00013ADB: ; Xref 00013A90 00013ADB 68502B0100 push offset off_00012B50 00013AE0 E82BD60000 call jmp_DbgPrint 00013AE5 C70424582B0100 mov dword ptr [esp],offset off_00012B58 00013AEC E89DEDFFFF call fn_0001288E 00013AF1 8BF0 mov esi,eax 00013AF3 85F6 test esi,esi 00013AF5 0F8413060000 je loc_0001410E 00013AFB 68682B0100 push offset off_00012B68 00013B00 E9F9050000 jmp loc_000140FE 00013B05 loc_00013B05: ; Xref 00013A8D 00013B05 68702B0100 push offset off_00012B70 00013B0A E801D60000 call jmp_DbgPrint 00013B0F 0FB64648 movzx eax,byte ptr [esi+48h] 00013B13 48 dec eax 00013B14 59 pop ecx 00013B15 0F8474010000 je loc_00013C8F 00013B1B 48 dec eax 00013B1C 0F8437010000 je loc_00013C59 00013B22 48 dec eax 00013B23 48 dec eax 00013B24 0F84F9000000 je loc_00013C23 00013B2A 83E80E sub eax,0Eh 00013B2D 0F8426010000 je loc_00013C59 00013B33 48 dec eax 00013B34 0F849C000000 je loc_00013BD6 00013B3A 83E80F sub eax,0Fh 00013B3D 745A jz loc_00013B99 00013B3F 48 dec eax 00013B40 740A jz loc_00013B4C 00013B42 68782B0100 push offset off_00012B78 00013B47 E977010000 jmp loc_00013CC3 00013B4C loc_00013B4C: ; Xref 00013B40 00013B4C 8A5D0B mov bl,[ebp+0Bh] 00013B4F 84DB test bl,bl 00013B51 750E jnz loc_00013B61 00013B53 68AC2B0100 push offset off_00012BAC 00013B58 E831EDFFFF call fn_0001288E 00013B5D 8BF0 mov esi,eax 00013B5F EB03 jmp loc_00013B64 00013B61 loc_00013B61: ; Xref 00013B51 00013B61 8B750C mov esi,[ebp+0Ch] 00013B64 loc_00013B64: ; Xref 00013B5F 00013B64 80FB01 cmp bl,1 00013B67 750C jnz loc_00013B75 00013B69 68D82B0100 push offset off_00012BD8 00013B6E E81BEDFFFF call fn_0001288E 00013B73 8BF0 mov esi,eax 00013B75 loc_00013B75: ; Xref 00013B67 00013B75 80FB02 cmp bl,2 00013B78 750C jnz loc_00013B86 00013B7A 68042C0100 push offset off_00012C04 00013B7F E80AEDFFFF call fn_0001288E 00013B84 8BF0 mov esi,eax 00013B86 loc_00013B86: ; Xref 00013B78 00013B86 80FB03 cmp bl,3 00013B89 0F853B010000 jne loc_00013CCA 00013B8F 68302C0100 push offset off_00012C30 00013B94 E92A010000 jmp loc_00013CC3 00013B99 loc_00013B99: ; Xref 00013B3D 00013B99 807D0B00 cmp byte ptr [ebp+0Bh],0 00013B9D 750E jnz loc_00013BAD 00013B9F 685C2C0100 push offset off_00012C5C 00013BA4 E8E5ECFFFF call fn_0001288E 00013BA9 8BF0 mov esi,eax 00013BAB EB03 jmp loc_00013BB0 00013BAD loc_00013BAD: ; Xref 00013B9D 00013BAD 8B750C mov esi,[ebp+0Ch] 00013BB0 loc_00013BB0: ; Xref 00013BAB 00013BB0 807D0B01 cmp byte ptr [ebp+0Bh],1 00013BB4 750C jnz loc_00013BC2 00013BB6 68A42C0100 push offset off_00012CA4 00013BBB E8CEECFFFF call fn_0001288E 00013BC0 8BF0 mov esi,eax 00013BC2 loc_00013BC2: ; Xref 00013BB4 00013BC2 807D0B02 cmp byte ptr [ebp+0Bh],2 00013BC6 0F85FE000000 jne loc_00013CCA 00013BCC 68EC2C0100 push offset off_00012CEC 00013BD1 E9ED000000 jmp loc_00013CC3 00013BD6 loc_00013BD6: ; Xref 00013B34 00013BD6 8A5D0B mov bl,[ebp+0Bh] 00013BD9 84DB test bl,bl 00013BDB 750E jnz loc_00013BEB 00013BDD 68302D0100 push offset off_00012D30 00013BE2 E8A7ECFFFF call fn_0001288E 00013BE7 8BF0 mov esi,eax 00013BE9 EB03 jmp loc_00013BEE 00013BEB loc_00013BEB: ; Xref 00013BDB 00013BEB 8B750C mov esi,[ebp+0Ch] 00013BEE loc_00013BEE: ; Xref 00013BE9 00013BEE 80FB01 cmp bl,1 00013BF1 750C jnz loc_00013BFF 00013BF3 685C2D0100 push offset off_00012D5C 00013BF8 E891ECFFFF call fn_0001288E 00013BFD 8BF0 mov esi,eax 00013BFF loc_00013BFF: ; Xref 00013BF1 00013BFF 80FB02 cmp bl,2 00013C02 750C jnz loc_00013C10 00013C04 68882D0100 push offset off_00012D88 00013C09 E880ECFFFF call fn_0001288E 00013C0E 8BF0 mov esi,eax 00013C10 loc_00013C10: ; Xref 00013C02 00013C10 80FB03 cmp bl,3 00013C13 0F85B1000000 jne loc_00013CCA 00013C19 68B42D0100 push offset off_00012DB4 00013C1E E9A0000000 jmp loc_00013CC3 00013C23 loc_00013C23: ; Xref 00013B24 00013C23 807D0B00 cmp byte ptr [ebp+0Bh],0 00013C27 750E jnz loc_00013C37 00013C29 68E02D0100 push offset off_00012DE0 00013C2E E85BECFFFF call fn_0001288E 00013C33 8BF0 mov esi,eax 00013C35 EB03 jmp loc_00013C3A 00013C37 loc_00013C37: ; Xref 00013C27 00013C37 8B750C mov esi,[ebp+0Ch] 00013C3A loc_00013C3A: ; Xref 00013C35 00013C3A 807D0B01 cmp byte ptr [ebp+0Bh],1 00013C3E 750C jnz loc_00013C4C 00013C40 680C2E0100 push offset off_00012E0C 00013C45 E844ECFFFF call fn_0001288E 00013C4A 8BF0 mov esi,eax 00013C4C loc_00013C4C: ; Xref 00013C3E 00013C4C 807D0B02 cmp byte ptr [ebp+0Bh],2 00013C50 7578 jnz loc_00013CCA 00013C52 68382E0100 push offset off_00012E38 00013C57 EB6A jmp loc_00013CC3 00013C59 loc_00013C59: ; Xref 00013B1C 00013B2D 00013C59 807D0B00 cmp byte ptr [ebp+0Bh],0 00013C5D 750E jnz loc_00013C6D 00013C5F 68642E0100 push offset off_00012E64 00013C64 E825ECFFFF call fn_0001288E 00013C69 8BF0 mov esi,eax 00013C6B EB03 jmp loc_00013C70 00013C6D loc_00013C6D: ; Xref 00013C5D 00013C6D 8B750C mov esi,[ebp+0Ch] 00013C70 loc_00013C70: ; Xref 00013C6B 00013C70 807D0B01 cmp byte ptr [ebp+0Bh],1 00013C74 750C jnz loc_00013C82 00013C76 68A02E0100 push offset off_00012EA0 00013C7B E80EECFFFF call fn_0001288E 00013C80 8BF0 mov esi,eax 00013C82 loc_00013C82: ; Xref 00013C74 00013C82 807D0B02 cmp byte ptr [ebp+0Bh],2 00013C86 7542 jnz loc_00013CCA 00013C88 68DC2E0100 push offset off_00012EDC 00013C8D EB34 jmp loc_00013CC3 00013C8F loc_00013C8F: ; Xref 00013B15 00013C8F 807D0B00 cmp byte ptr [ebp+0Bh],0 00013C93 750E jnz loc_00013CA3 00013C95 68182F0100 push offset off_00012F18 00013C9A E8EFEBFFFF call fn_0001288E 00013C9F 8BF0 mov esi,eax 00013CA1 EB03 jmp loc_00013CA6 00013CA3 loc_00013CA3: ; Xref 00013C93 00013CA3 8B750C mov esi,[ebp+0Ch] 00013CA6 loc_00013CA6: ; Xref 00013CA1 00013CA6 807D0B01 cmp byte ptr [ebp+0Bh],1 00013CAA 750C jnz loc_00013CB8 00013CAC 68542F0100 push offset off_00012F54 00013CB1 E8D8EBFFFF call fn_0001288E 00013CB6 8BF0 mov esi,eax 00013CB8 loc_00013CB8: ; Xref 00013CAA 00013CB8 807D0B02 cmp byte ptr [ebp+0Bh],2 00013CBC 750C jnz loc_00013CCA 00013CBE 68902F0100 push offset off_00012F90 00013CC3 loc_00013CC3: ; Xref 00013B47 00013B94 00013BD1 00013C1E 00013CC3 ; 00013C57 00013C8D 00013CC3 E8C6EBFFFF call fn_0001288E 00013CC8 8BF0 mov esi,eax 00013CCA loc_00013CCA: ; Xref 00013B89 00013BC6 00013C13 00013C50 00013CCA ; 00013C86 00013CBC 00013CCA 85F6 test esi,esi 00013CCC 0F843C040000 je loc_0001410E 00013CD2 68CC2F0100 push offset off_00012FCC 00013CD7 E922040000 jmp loc_000140FE 00013CDC loc_00013CDC: ; Xref 00013A86 00013CDC 68D42F0100 push offset off_00012FD4 00013CE1 E82AD40000 call jmp_DbgPrint 00013CE6 0FB64648 movzx eax,byte ptr [esi+48h] 00013CEA 83F812 cmp eax,12h 00013CED 59 pop ecx 00013CEE 0F8FDB000000 jnle loc_00013DCF 00013CF4 0F8498000000 je loc_00013D92 00013CFA 48 dec eax 00013CFB 7458 jz loc_00013D55 00013CFD 48 dec eax 00013CFE 0F848E000000 je loc_00013D92 00013D04 48 dec eax 00013D05 7444 jz loc_00013D4B 00013D07 48 dec eax 00013D08 0F85D2000000 jne loc_00013DE0 00013D0E 807D0B00 cmp byte ptr [ebp+0Bh],0 00013D12 750E jnz loc_00013D22 00013D14 68DC2F0100 push offset off_00012FDC 00013D19 E870EBFFFF call fn_0001288E 00013D1E 8BF0 mov esi,eax 00013D20 EB03 jmp loc_00013D25 00013D22 loc_00013D22: ; Xref 00013D12 00013D22 8B750C mov esi,[ebp+0Ch] 00013D25 loc_00013D25: ; Xref 00013D20 00013D25 807D0B01 cmp byte ptr [ebp+0Bh],1 00013D29 750C jnz loc_00013D37 00013D2B 6808300100 push offset off_00013008 00013D30 E859EBFFFF call fn_0001288E 00013D35 8BF0 mov esi,eax 00013D37 loc_00013D37: ; Xref 00013D29 00013D37 807D0B02 cmp byte ptr [ebp+0Bh],2 00013D3B 0F8574010000 jne loc_00013EB5 00013D41 6834300100 push offset off_00013034 00013D46 E963010000 jmp loc_00013EAE 00013D4B loc_00013D4B: ; Xref 00013D05 00013D4B 6860300100 push offset off_00013060 00013D50 E959010000 jmp loc_00013EAE 00013D55 loc_00013D55: ; Xref 00013CFB 00013D55 807D0B00 cmp byte ptr [ebp+0Bh],0 00013D59 750E jnz loc_00013D69 00013D5B 6884300100 push offset off_00013084 00013D60 E829EBFFFF call fn_0001288E 00013D65 8BF0 mov esi,eax 00013D67 EB03 jmp loc_00013D6C 00013D69 loc_00013D69: ; Xref 00013D59 00013D69 8B750C mov esi,[ebp+0Ch] 00013D6C loc_00013D6C: ; Xref 00013D67 00013D6C 807D0B01 cmp byte ptr [ebp+0Bh],1 00013D70 750C jnz loc_00013D7E 00013D72 68C0300100 push offset off_000130C0 00013D77 E812EBFFFF call fn_0001288E 00013D7C 8BF0 mov esi,eax 00013D7E loc_00013D7E: ; Xref 00013D70 00013D7E 807D0B02 cmp byte ptr [ebp+0Bh],2 00013D82 0F852D010000 jne loc_00013EB5 00013D88 68FC300100 push offset off_000130FC 00013D8D E91C010000 jmp loc_00013EAE 00013D92 loc_00013D92: ; Xref 00013CF4 00013CFE 00013D92 807D0B00 cmp byte ptr [ebp+0Bh],0 00013D96 750E jnz loc_00013DA6 00013D98 6838310100 push offset off_00013138 00013D9D E8ECEAFFFF call fn_0001288E 00013DA2 8BF0 mov esi,eax 00013DA4 EB03 jmp loc_00013DA9 00013DA6 loc_00013DA6: ; Xref 00013D96 00013DA6 8B750C mov esi,[ebp+0Ch] 00013DA9 loc_00013DA9: ; Xref 00013DA4 00013DA9 807D0B01 cmp byte ptr [ebp+0Bh],1 00013DAD 750C jnz loc_00013DBB 00013DAF 6874310100 push offset off_00013174 00013DB4 E8D5EAFFFF call fn_0001288E 00013DB9 8BF0 mov esi,eax 00013DBB loc_00013DBB: ; Xref 00013DAD 00013DBB 807D0B02 cmp byte ptr [ebp+0Bh],2 00013DBF 0F85F0000000 jne loc_00013EB5 00013DC5 68B0310100 push offset off_000131B0 00013DCA E9DF000000 jmp loc_00013EAE 00013DCF loc_00013DCF: ; Xref 00013CEE 00013DCF 83E813 sub eax,13h 00013DD2 0F8492000000 je loc_00013E6A 00013DD8 83E80F sub eax,0Fh 00013DDB 7457 jz loc_00013E34 00013DDD 48 dec eax 00013DDE 740A jz loc_00013DEA 00013DE0 loc_00013DE0: ; Xref 00013D08 00013DE0 68EC310100 push offset off_000131EC 00013DE5 E9C4000000 jmp loc_00013EAE 00013DEA loc_00013DEA: ; Xref 00013DDE 00013DEA 8A5D0B mov bl,[ebp+0Bh] 00013DED 84DB test bl,bl 00013DEF 750E jnz loc_00013DFF 00013DF1 6820320100 push offset off_00013220 00013DF6 E893EAFFFF call fn_0001288E 00013DFB 8BF0 mov esi,eax 00013DFD EB03 jmp loc_00013E02 00013DFF loc_00013DFF: ; Xref 00013DEF 00013DFF 8B750C mov esi,[ebp+0Ch] 00013E02 loc_00013E02: ; Xref 00013DFD 00013E02 80FB01 cmp bl,1 00013E05 750C jnz loc_00013E13 00013E07 684C320100 push offset off_0001324C 00013E0C E87DEAFFFF call fn_0001288E 00013E11 8BF0 mov esi,eax 00013E13 loc_00013E13: ; Xref 00013E05 00013E13 80FB02 cmp bl,2 00013E16 750C jnz loc_00013E24 00013E18 6878320100 push offset off_00013278 00013E1D E86CEAFFFF call fn_0001288E 00013E22 8BF0 mov esi,eax 00013E24 loc_00013E24: ; Xref 00013E16 00013E24 80FB03 cmp bl,3 00013E27 0F8588000000 jne loc_00013EB5 00013E2D 68A4320100 push offset off_000132A4 00013E32 EB7A jmp loc_00013EAE 00013E34 loc_00013E34: ; Xref 00013DDB 00013E34 807D0B00 cmp byte ptr [ebp+0Bh],0 00013E38 750E jnz loc_00013E48 00013E3A 68D4320100 push offset off_000132D4 00013E3F E84AEAFFFF call fn_0001288E 00013E44 8BF0 mov esi,eax 00013E46 EB03 jmp loc_00013E4B 00013E48 loc_00013E48: ; Xref 00013E38 00013E48 8B750C mov esi,[ebp+0Ch] 00013E4B loc_00013E4B: ; Xref 00013E46 00013E4B 807D0B01 cmp byte ptr [ebp+0Bh],1 00013E4F 750C jnz loc_00013E5D 00013E51 681C330100 push offset off_0001331C 00013E56 E833EAFFFF call fn_0001288E 00013E5B 8BF0 mov esi,eax 00013E5D loc_00013E5D: ; Xref 00013E4F 00013E5D 807D0B02 cmp byte ptr [ebp+0Bh],2 00013E61 7552 jnz loc_00013EB5 00013E63 6864330100 push offset off_00013364 00013E68 EB44 jmp loc_00013EAE 00013E6A loc_00013E6A: ; Xref 00013DD2 00013E6A 8A5D0B mov bl,[ebp+0Bh] 00013E6D 84DB test bl,bl 00013E6F 750E jnz loc_00013E7F 00013E71 68A8330100 push offset off_000133A8 00013E76 E813EAFFFF call fn_0001288E 00013E7B 8BF0 mov esi,eax 00013E7D EB03 jmp loc_00013E82 00013E7F loc_00013E7F: ; Xref 00013E6F 00013E7F 8B750C mov esi,[ebp+0Ch] 00013E82 loc_00013E82: ; Xref 00013E7D 00013E82 80FB01 cmp bl,1 00013E85 750C jnz loc_00013E93 00013E87 68D4330100 push offset off_000133D4 00013E8C E8FDE9FFFF call fn_0001288E 00013E91 8BF0 mov esi,eax 00013E93 loc_00013E93: ; Xref 00013E85 00013E93 80FB02 cmp bl,2 00013E96 750C jnz loc_00013EA4 00013E98 6800340100 push offset off_00013400 00013E9D E8ECE9FFFF call fn_0001288E 00013EA2 8BF0 mov esi,eax 00013EA4 loc_00013EA4: ; Xref 00013E96 00013EA4 80FB03 cmp bl,3 00013EA7 750C jnz loc_00013EB5 00013EA9 682C340100 push offset off_0001342C 00013EAE loc_00013EAE: ; Xref 00013D46 00013D50 00013D8D 00013DCA 00013EAE ; 00013DE5 00013E32 00013E68 00013EAE E8DBE9FFFF call fn_0001288E 00013EB3 8BF0 mov esi,eax 00013EB5 loc_00013EB5: ; Xref 00013D3B 00013D82 00013DBF 00013E27 00013EB5 ; 00013E61 00013EA7 00013EB5 85F6 test esi,esi 00013EB7 0F8451020000 je loc_0001410E 00013EBD 6858340100 push offset off_00013458 00013EC2 E937020000 jmp loc_000140FE 00013EC7 off_00013EC7: ; Xref 00014265 00013EC7 6860340100 push offset off_00013460 00013ECC E83FD20000 call jmp_DbgPrint 00013ED1 8B5B04 mov ebx,[ebx+4] 00013ED4 85DB test ebx,ebx 00013ED6 59 pop ecx 00013ED7 0F85E3010000 jne loc_000140C0 00013EDD 6868340100 push offset off_00013468 00013EE2 E829D20000 call jmp_DbgPrint 00013EE7 0FB64648 movzx eax,byte ptr [esi+48h] 00013EEB 83F812 cmp eax,12h 00013EEE 59 pop ecx 00013EEF 0F8FDA000000 jnle loc_00013FCF 00013EF5 0F8497000000 je loc_00013F92 00013EFB 48 dec eax 00013EFC 7457 jz loc_00013F55 00013EFE 48 dec eax 00013EFF 0F848D000000 je loc_00013F92 00013F05 48 dec eax 00013F06 7443 jz loc_00013F4B 00013F08 48 dec eax 00013F09 0F85D1000000 jne loc_00013FE0 00013F0F 385D0B cmp [ebp+0Bh],bl 00013F12 750E jnz loc_00013F22 00013F14 6870340100 push offset off_00013470 00013F19 E870E9FFFF call fn_0001288E 00013F1E 8BF0 mov esi,eax 00013F20 EB03 jmp loc_00013F25 00013F22 loc_00013F22: ; Xref 00013F12 00013F22 8B750C mov esi,[ebp+0Ch] 00013F25 loc_00013F25: ; Xref 00013F20 00013F25 807D0B01 cmp byte ptr [ebp+0Bh],1 00013F29 750C jnz loc_00013F37 00013F2B 6888340100 push offset off_00013488 00013F30 E859E9FFFF call fn_0001288E 00013F35 8BF0 mov esi,eax 00013F37 loc_00013F37: ; Xref 00013F29 00013F37 807D0B02 cmp byte ptr [ebp+0Bh],2 00013F3B 0F8574010000 jne loc_000140B5 00013F41 68A0340100 push offset off_000134A0 00013F46 E963010000 jmp loc_000140AE 00013F4B loc_00013F4B: ; Xref 00013F06 00013F4B 68B8340100 push offset off_000134B8 00013F50 E959010000 jmp loc_000140AE 00013F55 loc_00013F55: ; Xref 00013EFC 00013F55 807D0B00 cmp byte ptr [ebp+0Bh],0 00013F59 750E jnz loc_00013F69 00013F5B 68D4340100 push offset off_000134D4 00013F60 E829E9FFFF call fn_0001288E 00013F65 8BF0 mov esi,eax 00013F67 EB03 jmp loc_00013F6C 00013F69 loc_00013F69: ; Xref 00013F59 00013F69 8B750C mov esi,[ebp+0Ch] 00013F6C loc_00013F6C: ; Xref 00013F67 00013F6C 807D0B01 cmp byte ptr [ebp+0Bh],1 00013F70 750C jnz loc_00013F7E 00013F72 68FC340100 push offset off_000134FC 00013F77 E812E9FFFF call fn_0001288E 00013F7C 8BF0 mov esi,eax 00013F7E loc_00013F7E: ; Xref 00013F70 00013F7E 807D0B02 cmp byte ptr [ebp+0Bh],2 00013F82 0F852D010000 jne loc_000140B5 00013F88 6824350100 push offset off_00013524 00013F8D E91C010000 jmp loc_000140AE 00013F92 loc_00013F92: ; Xref 00013EF5 00013EFF 00013F92 807D0B00 cmp byte ptr [ebp+0Bh],0 00013F96 750E jnz loc_00013FA6 00013F98 684C350100 push offset off_0001354C 00013F9D E8ECE8FFFF call fn_0001288E 00013FA2 8BF0 mov esi,eax 00013FA4 EB03 jmp loc_00013FA9 00013FA6 loc_00013FA6: ; Xref 00013F96 00013FA6 8B750C mov esi,[ebp+0Ch] 00013FA9 loc_00013FA9: ; Xref 00013FA4 00013FA9 807D0B01 cmp byte ptr [ebp+0Bh],1 00013FAD 750C jnz loc_00013FBB 00013FAF 6874350100 push offset off_00013574 00013FB4 E8D5E8FFFF call fn_0001288E 00013FB9 8BF0 mov esi,eax 00013FBB loc_00013FBB: ; Xref 00013FAD 00013FBB 807D0B02 cmp byte ptr [ebp+0Bh],2 00013FBF 0F85F0000000 jne loc_000140B5 00013FC5 689C350100 push offset off_0001359C 00013FCA E9DF000000 jmp loc_000140AE 00013FCF loc_00013FCF: ; Xref 00013EEF 00013FCF 83E813 sub eax,13h 00013FD2 0F8492000000 je loc_0001406A 00013FD8 83E80F sub eax,0Fh 00013FDB 7457 jz loc_00014034 00013FDD 48 dec eax 00013FDE 740A jz loc_00013FEA 00013FE0 loc_00013FE0: ; Xref 00013F09 00013FE0 68C4350100 push offset off_000135C4 00013FE5 E9C4000000 jmp loc_000140AE 00013FEA loc_00013FEA: ; Xref 00013FDE 00013FEA 8A5D0B mov bl,[ebp+0Bh] 00013FED 84DB test bl,bl 00013FEF 750E jnz loc_00013FFF 00013FF1 68E4350100 push offset off_000135E4 00013FF6 E893E8FFFF call fn_0001288E 00013FFB 8BF0 mov esi,eax 00013FFD EB03 jmp loc_00014002 00013FFF loc_00013FFF: ; Xref 00013FEF 00013FFF 8B750C mov esi,[ebp+0Ch] 00014002 loc_00014002: ; Xref 00013FFD 00014002 80FB01 cmp bl,1 00014005 750C jnz loc_00014013 00014007 68FC350100 push offset off_000135FC 0001400C E87DE8FFFF call fn_0001288E 00014011 8BF0 mov esi,eax 00014013 loc_00014013: ; Xref 00014005 00014013 80FB02 cmp bl,2 00014016 750C jnz loc_00014024 00014018 6814360100 push offset off_00013614 0001401D E86CE8FFFF call fn_0001288E 00014022 8BF0 mov esi,eax 00014024 loc_00014024: ; Xref 00014016 00014024 80FB03 cmp bl,3 00014027 0F8588000000 jne loc_000140B5 0001402D 682C360100 push offset off_0001362C 00014032 EB7A jmp loc_000140AE 00014034 loc_00014034: ; Xref 00013FDB 00014034 807D0B00 cmp byte ptr [ebp+0Bh],0 00014038 750E jnz loc_00014048 0001403A 6844360100 push offset off_00013644 0001403F E84AE8FFFF call fn_0001288E 00014044 8BF0 mov esi,eax 00014046 EB03 jmp loc_0001404B 00014048 loc_00014048: ; Xref 00014038 00014048 8B750C mov esi,[ebp+0Ch] 0001404B loc_0001404B: ; Xref 00014046 0001404B 807D0B01 cmp byte ptr [ebp+0Bh],1 0001404F 750C jnz loc_0001405D 00014051 6874360100 push offset off_00013674 00014056 E833E8FFFF call fn_0001288E 0001405B 8BF0 mov esi,eax 0001405D loc_0001405D: ; Xref 0001404F 0001405D 807D0B02 cmp byte ptr [ebp+0Bh],2 00014061 7552 jnz loc_000140B5 00014063 68A4360100 push offset off_000136A4 00014068 EB44 jmp loc_000140AE 0001406A loc_0001406A: ; Xref 00013FD2 0001406A 8A5D0B mov bl,[ebp+0Bh] 0001406D 84DB test bl,bl 0001406F 750E jnz loc_0001407F 00014071 68D4360100 push offset off_000136D4 00014076 E813E8FFFF call fn_0001288E 0001407B 8BF0 mov esi,eax 0001407D EB03 jmp loc_00014082 0001407F loc_0001407F: ; Xref 0001406F 0001407F 8B750C mov esi,[ebp+0Ch] 00014082 loc_00014082: ; Xref 0001407D 00014082 80FB01 cmp bl,1 00014085 750C jnz loc_00014093 00014087 68EC360100 push offset off_000136EC 0001408C E8FDE7FFFF call fn_0001288E 00014091 8BF0 mov esi,eax 00014093 loc_00014093: ; Xref 00014085 00014093 80FB02 cmp bl,2 00014096 750C jnz loc_000140A4 00014098 6804370100 push offset off_00013704 0001409D E8ECE7FFFF call fn_0001288E 000140A2 8BF0 mov esi,eax 000140A4 loc_000140A4: ; Xref 00014096 000140A4 80FB03 cmp bl,3 000140A7 750C jnz loc_000140B5 000140A9 681C370100 push offset off_0001371C 000140AE loc_000140AE: ; Xref 00013F46 00013F50 00013F8D 00013FCA 000140AE ; 00013FE5 00014032 00014068 000140AE E8DBE7FFFF call fn_0001288E 000140B3 8BF0 mov esi,eax 000140B5 loc_000140B5: ; Xref 00013F3B 00013F82 00013FBF 00014027 000140B5 ; 00014061 000140A7 000140B5 85F6 test esi,esi 000140B7 7455 jz loc_0001410E 000140B9 6834370100 push offset off_00013734 000140BE EB3E jmp loc_000140FE 000140C0 loc_000140C0: ; Xref 00013ED7 000140C0 83FB01 cmp ebx,1 000140C3 7549 jnz loc_0001410E 000140C5 683C370100 push offset off_0001373C 000140CA E841D00000 call jmp_DbgPrint 000140CF FF7650 push dword ptr [esi+50h] 000140D2 8D856CFEFFFF lea eax,[ebp-194h] 000140D8 6844370100 push offset off_00013744 000140DD 50 push eax 000140DE FF15282F0200 call dword ptr [swprintf] 000140E4 83C410 add esp,10h 000140E7 8D856CFEFFFF lea eax,[ebp-194h] 000140ED 50 push eax 000140EE E89BE7FFFF call fn_0001288E 000140F3 8BF0 mov esi,eax 000140F5 85F6 test esi,esi 000140F7 7415 jz loc_0001410E 000140F9 6860370100 push offset off_00013760 000140FE loc_000140FE: ; Xref 00013AD6 00013B00 00013CD7 00013EC2 000140FE ; 000140BE 000140FE E80DD00000 call jmp_DbgPrint 00014103 8B450C mov eax,[ebp+0Ch] 00014106 89701C mov [eax+1Ch],esi 00014109 loc_00014109: ; Xref 000139B3 00014109 59 pop ecx 0001410A loc_0001410A: ; Xref 000138C2 000138DC 000138E6 00013958 0001410A ; 000139C1 000139D1 000139F0 00013A70 0001410A 8365FC00 and dword ptr [ebp-4],0 0001410E loc_0001410E: ; Xref 0001388B 00013894 00013A22 00013A4F 0001410E ; 00013A93 00013ACB 00013AF5 00013CCC 0001410E ; 00013EB7 000140B7 000140C3 000140F7 0001410E 6868370100 push offset off_00013768 00014113 E8F8CF0000 call jmp_DbgPrint 00014118 59 pop ecx 00014119 FF75FC push dword ptr [ebp-4] 0001411C loc_0001411C: ; Xref 000138B6 0001411C FF750C push dword ptr [ebp+0Ch] 0001411F E8FC300000 call fn_00017220 00014124 E905010000 jmp loc_0001422E 00014129 off_00014129: ; Xref 00014295 00014129 6870370100 push offset off_00013770 0001412E E9C9000000 jmp loc_000141FC 00014133 off_00014133: ; Xref 0001428D 00014133 6878370100 push offset off_00013778 00014138 E9BF000000 jmp loc_000141FC 0001413D off_0001413D: ; Xref 00014261 0001413D 6880370100 push offset off_00013780 00014142 E8C9CF0000 call jmp_DbgPrint 00014147 C7042488370100 mov dword ptr [esp],offset off_00013788 0001414E E8BDCF0000 call jmp_DbgPrint 00014153 59 pop ecx 00014154 8B4D0C mov ecx,[ebp+0Ch] 00014157 57 push edi 00014158 E8CBE60000 call fn_00022828 0001415D 6890370100 push offset off_00013790 00014162 EB4C jmp loc_000141B0 00014164 off_00014164: ; Xref 0001425D 00014164 6898370100 push offset off_00013798 00014169 E8A2CF0000 call jmp_DbgPrint 0001416E C70424A0370100 mov dword ptr [esp],offset off_000137A0 00014175 E896CF0000 call jmp_DbgPrint 0001417A 59 pop ecx 0001417B 8B4D0C mov ecx,[ebp+0Ch] 0001417E 57 push edi 0001417F E8A4E60000 call fn_00022828 00014184 68A8370100 push offset off_000137A8 00014189 EB25 jmp loc_000141B0 0001418B off_0001418B: ; Xref 00014269 0001418B 68B0370100 push offset off_000137B0 00014190 E87BCF0000 call jmp_DbgPrint 00014195 C70424B8370100 mov dword ptr [esp],offset off_000137B8 0001419C E86FCF0000 call jmp_DbgPrint 000141A1 59 pop ecx 000141A2 8B4D0C mov ecx,[ebp+0Ch] 000141A5 57 push edi 000141A6 E87DE60000 call fn_00022828 000141AB 68C0370100 push offset off_000137C0 000141B0 loc_000141B0: ; Xref 00014162 00014189 000141B0 8BF0 mov esi,eax 000141B2 E859CF0000 call jmp_DbgPrint 000141B7 59 pop ecx 000141B8 8BC6 mov eax,esi 000141BA EB72 jmp loc_0001422E 000141BC off_000141BC: ; Xref 00014285 000141BC 68C8370100 push offset off_000137C8 000141C1 E84ACF0000 call jmp_DbgPrint 000141C6 C70424D0370100 mov dword ptr [esp],offset off_000137D0 000141CD EB50 jmp loc_0001421F 000141CF off_000141CF: ; Xref 00014255 000141CF 68D8370100 push offset off_000137D8 000141D4 E837CF0000 call jmp_DbgPrint 000141D9 C70424E0370100 mov dword ptr [esp],offset off_000137E0 000141E0 EB3D jmp loc_0001421F 000141E2 off_000141E2: ; Xref 00014271 000141E2 68E8370100 push offset off_000137E8 000141E7 EB13 jmp loc_000141FC 000141E9 off_000141E9: ; Xref 00014275 000141E9 68F0370100 push offset off_000137F0 000141EE EB0C jmp loc_000141FC 000141F0 off_000141F0: ; Xref 00014279 000141F0 68F8370100 push offset off_000137F8 000141F5 EB05 jmp loc_000141FC 000141F7 off_000141F7: ; Xref 0001427D 000141F7 6800 db 'h',000h 000141F9 3801 cmp [ecx],al 000141FB 00 db 000h 000141FC loc_000141FC: ; Xref 0001412E 00014138 000141E7 000141EE 000141FC ; 000141F5 000141FC E80FCF0000 call jmp_DbgPrint 00014201 59 pop ecx 00014202 8B4D0C mov ecx,[ebp+0Ch] 00014205 8BC7 mov eax,edi 00014207 E836E60000 call fn_00022842 0001420C EB20 jmp loc_0001422E 0001420E loc_0001420E: ; Xref 00013843 0001426D 0001420E 6808380100 push offset off_00013808 00014213 E8F8CE0000 call jmp_DbgPrint 00014218 C7042410380100 mov dword ptr [esp],offset off_00013810 0001421F loc_0001421F: ; Xref 000141CD 000141E0 0001421F E8ECCE0000 call jmp_DbgPrint 00014224 59 pop ecx 00014225 8B4D0C mov ecx,[ebp+0Ch] 00014228 57 push edi 00014229 E8FAE50000 call fn_00022828 0001422E loc_0001422E: ; Xref 00013993 00014124 000141BA 0001420C 0001422E 5F pop edi 0001422F 5E pop esi 00014230 5B pop ebx 00014231 C9 leave 00014232 C20800 ret 8 00014235 off_00014235: ; Xref 00013849 00014235 50380100 dd offset off_00013850 00014239 12390100 dd offset off_00013912 0001423D 5D390100 dd offset off_0001395D 00014241 98390100 dd offset off_00013998 00014245 C7380100 dd offset off_000138C7 00014249 99380100 dd offset off_00013899 0001424D EB380100 dd offset off_000138EB 00014251 0B3A0100 dd offset off_00013A0B 00014255 CF410100 dd offset off_000141CF 00014259 F5390100 dd offset off_000139F5 0001425D 64410100 dd offset off_00014164 00014261 3D410100 dd offset off_0001413D 00014265 C73E0100 dd offset off_00013EC7 00014269 8B410100 dd offset off_0001418B 0001426D 0E420100 dd offset loc_0001420E 00014271 E2410100 dd offset off_000141E2 00014275 E9410100 dd offset off_000141E9 00014279 F0410100 dd offset off_000141F0 0001427D F7410100 dd offset off_000141F7 00014281 753A0100 dd offset off_00013A75 00014285 BC410100 dd offset off_000141BC 00014289 273A0100 dd offset off_00013A27 0001428D 33410100 dd offset off_00014133 00014291 D6390100 dd offset off_000139D6 00014295 29410100 dd offset off_00014129 00014299 CC int 3 0001429A fn_0001429A: ; Xref 000128A2 00012915 00013A34 00022521 0001429A ; 00022636 00022D51 0001429A 6843365850 push 50583643h 0001429F FF742408 push dword ptr [esp+8] 000142A3 6A01 push 1 000142A5 FF152C2F0200 call dword ptr [ExAllocatePoolWithTag] 000142AB 8BD0 mov edx,eax 000142AD 85D2 test edx,edx 000142AF 741A jz loc_000142CB 000142B1 8B4C2404 mov ecx,[esp+4] 000142B5 56 push esi 000142B6 8BF1 mov esi,ecx 000142B8 57 push edi 000142B9 C1E902 shr ecx,2 000142BC 33C0 xor eax,eax 000142BE 8BFA mov edi,edx 000142C0 F3AB rep stosd 000142C2 8BCE mov ecx,esi 000142C4 83E103 and ecx,3 000142C7 F3AA rep stosb 000142C9 5F pop edi 000142CA 5E pop esi 000142CB loc_000142CB: ; Xref 000142AF 000142CB 8BC2 mov eax,edx 000142CD C20400 ret 4 000142D0 fn_000142D0: ; Xref 0001120E 000115A0 0001250A 000125AE 000142D0 ; 00014A05 00014D84 0001517C 0001532F 000142D0 ; 00015909 00015C1E 00015FF3 0001630E 000142D0 ; 00022AF2 000142D0 684336584E push 4E583643h 000142D5 FF742408 push dword ptr [esp+8] 000142D9 6A00 push 0 000142DB FF152C2F0200 call dword ptr [ExAllocatePoolWithTag] 000142E1 8BD0 mov edx,eax 000142E3 85D2 test edx,edx 000142E5 7518 jnz loc_000142FF 000142E7 8B4C2404 mov ecx,[esp+4] 000142EB 56 push esi 000142EC 8BF1 mov esi,ecx 000142EE 57 push edi 000142EF 33FF xor edi,edi 000142F1 C1E902 shr ecx,2 000142F4 F3AB rep stosd 000142F6 8BCE mov ecx,esi 000142F8 83E103 and ecx,3 000142FB F3AA rep stosb 000142FD 5F pop edi 000142FE 5E pop esi 000142FF loc_000142FF: ; Xref 000142E5 000142FF 8BC2 mov eax,edx 00014301 C20400 ret 4 00014304 fn_00014304: ; Xref 00010B77 0001758B 00017653 00017682 00014304 ; 000176AF 000176CF 0001787E 000178AD 00014304 ; 000178F0 0001791D 0001F221 0001F246 00014304 ; 0001F260 0001F27A 00014304 684336584E push 4E583643h 00014309 FF742408 push dword ptr [esp+8] 0001430D 6A00 push 0 0001430F FF152C2F0200 call dword ptr [ExAllocatePoolWithTag] 00014315 8BD0 mov edx,eax 00014317 85D2 test edx,edx 00014319 741A jz loc_00014335 0001431B 8B4C2404 mov ecx,[esp+4] 0001431F 56 push esi 00014320 8BF1 mov esi,ecx 00014322 57 push edi 00014323 C1E902 shr ecx,2 00014326 33C0 xor eax,eax 00014328 8BFA mov edi,edx 0001432A F3AB rep stosd 0001432C 8BCE mov ecx,esi 0001432E 83E103 and ecx,3 00014331 F3AA rep stosb 00014333 5F pop edi 00014334 5E pop esi 00014335 loc_00014335: ; Xref 00014319 00014335 8BC2 mov eax,edx 00014337 C3 ret 00014338 fn_00014338: ; Xref 0001993A 0001ADD6 0001DDA0 0001DDBC 00014338 ; 0001E182 0001E84D 0001E858 0001E863 00014338 ; 0001E86E 0001F3C8 00021940 00014338 837C240400 cmp dword ptr [esp+4],0 0001433D 740C jz loc_0001434B 0001433F 6A00 push 0 00014341 FF742408 push dword ptr [esp+8] 00014345 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 0001434B loc_0001434B: ; Xref 0001433D 0001434B C3 ret 0001434C fn_0001434C: ; Xref 00021CC7 00021CFE 0001434C 55 push ebp 0001434D 8BEC mov ebp,esp 0001434F 83EC10 sub esp,10h 00014352 8B4508 mov eax,[ebp+8] 00014355 0FBE4030 movsx eax,byte ptr [eax+30h] 00014359 53 push ebx 0001435A 57 push edi 0001435B 33DB xor ebx,ebx 0001435D 53 push ebx 0001435E 50 push eax 0001435F FF15242F0200 call dword ptr [IoAllocateIrp] 00014365 8BF8 mov edi,eax 00014367 3BFB cmp edi,ebx 00014369 750A jnz loc_00014375 0001436B B89A0000C0 mov eax,0C000009Ah 00014370 E990000000 jmp loc_00014405 00014375 loc_00014375: ; Xref 00014369 00014375 56 push esi 00014376 8B7760 mov esi,[edi+60h] 00014379 83EE24 sub esi,24h 0001437C 7507 jnz loc_00014385 0001437E BE9A0000C0 mov esi,0C000009Ah 00014383 EB76 jmp loc_000143FB 00014385 loc_00014385: ; Xref 0001437C 00014385 385D10 cmp [ebp+10h],bl 00014388 C74718BB0000C0 mov dword ptr [edi+18h],0C00000BBh 0001438F 0F94C0 sete al 00014392 040F add al,0Fh 00014394 53 push ebx 00014395 884601 mov [esi+1],al 00014398 53 push ebx 00014399 8D45F0 lea eax,[ebp-10h] 0001439C 50 push eax 0001439D C6061B mov byte ptr [esi],1Bh 000143A0 FF15AC2F0200 call dword ptr [KeInitializeEvent] 000143A6 8B4760 mov eax,[edi+60h] 000143A9 C740F83A720100 mov dword ptr [eax-8],offset off_0001723A 000143B0 C640DFE0 mov byte ptr [eax-21h],0E0h 000143B4 83E824 sub eax,24h 000143B7 8D4DF0 lea ecx,[ebp-10h] 000143BA 894820 mov [eax+20h],ecx 000143BD 8B450C mov eax,[ebp+0Ch] 000143C0 8B08 mov ecx,[eax] 000143C2 894E04 mov [esi+4],ecx 000143C5 8B4804 mov ecx,[eax+4] 000143C8 894E08 mov [esi+8],ecx 000143CB 8B4808 mov ecx,[eax+8] 000143CE 894E0C mov [esi+0Ch],ecx 000143D1 8B400C mov eax,[eax+0Ch] 000143D4 8B4D08 mov ecx,[ebp+8] 000143D7 8BD7 mov edx,edi 000143D9 894610 mov [esi+10h],eax 000143DC FF15B02E0200 call dword ptr [IofCallDriver] 000143E2 8BF0 mov esi,eax 000143E4 81FE03010000 cmp esi,103h 000143EA 750F jnz loc_000143FB 000143EC 53 push ebx 000143ED 53 push ebx 000143EE 53 push ebx 000143EF 6A05 push 5 000143F1 8D45F0 lea eax,[ebp-10h] 000143F4 50 push eax 000143F5 FF159C2F0200 call dword ptr [KeWaitForSingleObject] 000143FB loc_000143FB: ; Xref 00014383 000143EA 000143FB 57 push edi 000143FC FF15202F0200 call dword ptr [IoFreeIrp] 00014402 8BC6 mov eax,esi 00014404 5E pop esi 00014405 loc_00014405: ; Xref 00014370 00014405 5F pop edi 00014406 5B pop ebx 00014407 C9 leave 00014408 C20C00 ret 0Ch 0001440B CC int 3 0001440C fn_0001440C: ; Xref 000144F9 00023308 0001440C 56 push esi 0001440D 8B74240C mov esi,[esp+0Ch] 00014411 57 push edi 00014412 56 push esi 00014413 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014419 8B7E18 mov edi,[esi+18h] 0001441C 32D2 xor dl,dl 0001441E 8BCE mov ecx,esi 00014420 FF15BC2F0200 call dword ptr [IofCompleteRequest] 00014426 8BC7 mov eax,edi 00014428 5F pop edi 00014429 5E pop esi 0001442A C20800 ret 8 0001442D CC int 3 0001442E off_0001442E: ; Xref 00023310 0001442E FF742408 push dword ptr [esp+8] 00014432 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014438 6A00 push 0 0001443A FF74240C push dword ptr [esp+0Ch] 0001443E E8DD2D0000 call fn_00017220 00014443 C20800 ret 8 00014446 off_00014446: ; Xref 00014464 00014446 5449204D73670A00 db 'TI Msg',00Ah,000h 0001444E off_0001444E: ; Xref 0002330C 0001444E 56 push esi 0001444F 57 push edi 00014450 8B7C2410 mov edi,[esp+10h] 00014454 8B7760 mov esi,[edi+60h] 00014457 57 push edi 00014458 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 0001445E 837E0801 cmp dword ptr [esi+8],1 00014462 751A jnz loc_0001447E 00014464 6846440100 push offset off_00014446 00014469 E8A2CC0000 call jmp_DbgPrint 0001446E 59 pop ecx 0001446F FF760C push dword ptr [esi+0Ch] 00014472 6A01 push 1 00014474 FF742414 push dword ptr [esp+14h] 00014478 FF15102F0200 call dword ptr [PoSetPowerState] 0001447E loc_0001447E: ; Xref 00014462 0001447E 6A00 push 0 00014480 57 push edi 00014481 E89A2D0000 call fn_00017220 00014486 5F pop edi 00014487 5E pop esi 00014488 C20800 ret 8 0001448B CC int 3 0001448C off_0001448C: ; Xref 00023304 0001448C FF742408 push dword ptr [esp+8] 00014490 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014496 6A00 push 0 00014498 68BB0000C0 push 0C00000BBh 0001449D FF742410 push dword ptr [esp+10h] 000144A1 E8582D0000 call fn_000171FE 000144A6 C20800 ret 8 000144A9 CC int 3 000144AA off_000144AA: ; Xref 000144D3 000144AA 5449204D73670A00 db 'TI Msg',00Ah,000h 000144B2 off_000144B2: ; Xref 00014509 000144B2 5449204D73670A00 db 'TI Msg',00Ah,000h 000144BA off_000144BA: ; Xref 00014529 000144BA 5449204D73670A00 db 'TI Msg',00Ah,000h 000144C2 fn_000144C2: ; Xref 00021387 000144C2 8B442404 mov eax,[esp+4] 000144C6 53 push ebx 000144C7 8B5C240C mov ebx,[esp+0Ch] 000144CB 56 push esi 000144CC 8B7028 mov esi,[eax+28h] 000144CF 57 push edi 000144D0 8B7B60 mov edi,[ebx+60h] 000144D3 68AA440100 push offset off_000144AA 000144D8 E833CC0000 call jmp_DbgPrint 000144DD 8B7610 mov esi,[esi+10h] 000144E0 83FE05 cmp esi,5 000144E3 59 pop ecx 000144E4 7423 jz loc_00014509 000144E6 83FE04 cmp esi,4 000144E9 741E jz loc_00014509 000144EB 0FB64701 movzx eax,byte ptr [edi+1] 000144EF 83F804 cmp eax,4 000144F2 53 push ebx 000144F3 FF742414 push dword ptr [esp+14h] 000144F7 7207 jb loc_00014500 000144F9 E80EFFFFFF call fn_0001440C 000144FE EB36 jmp loc_00014536 00014500 loc_00014500: ; Xref 000144F7 00014500 FF148504330200 call dword ptr [off_00023304+eax*4] 00014507 EB2D jmp loc_00014536 00014509 loc_00014509: ; Xref 000144E4 000144E9 00014509 68B2440100 push offset off_000144B2 0001450E E8FDCB0000 call jmp_DbgPrint 00014513 59 pop ecx 00014514 53 push ebx 00014515 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 0001451B 83631800 and dword ptr [ebx+18h],0 0001451F 32D2 xor dl,dl 00014521 8BCB mov ecx,ebx 00014523 FF15BC2F0200 call dword ptr [IofCompleteRequest] 00014529 68BA440100 push offset off_000144BA 0001452E E8DDCB0000 call jmp_DbgPrint 00014533 59 pop ecx 00014534 33C0 xor eax,eax 00014536 loc_00014536: ; Xref 000144FE 00014507 00014536 5F pop edi 00014537 5E pop esi 00014538 5B pop ebx 00014539 C20800 ret 8 0001453C off_0001453C: ; Xref 00014593 0001453C 5449204D73670A00 db 'TI Msg',00Ah,000h 00014544 off_00014544: ; Xref 000145D5 00014544 5449204D73670A00 db 'TI Msg',00Ah,000h 0001454C off_0001454C: ; Xref 000145DC 0001454C 5449204D73670A00 db 'TI Msg',00Ah,000h 00014554 off_00014554: ; Xref 000145F3 00014554 5449204D73670A00 db 'TI Msg',00Ah,000h 0001455C off_0001455C: ; Xref 00014633 0001455C 5449204D73670A00 db 'TI Msg',00Ah,000h 00014564 off_00014564: ; Xref 00014642 00014564 5449204D73670A00 db 'TI Msg',00Ah,000h 0001456C off_0001456C: ; Xref 00014659 0001456C 5449204D73670A00 db 'TI Msg',00Ah,000h 00014574 off_00014574: ; Xref 00014684 00014574 5449204D73670A00 db 'TI Msg',00Ah,000h 0001457C off_0001457C: ; Xref 000146B8 0001457C 5449204D73670A00 db 'TI Msg',00Ah,000h 00014584 off_00014584: ; Xref 00014D9F 00014584 55 push ebp 00014585 8BEC mov ebp,esp 00014587 83EC0C sub esp,0Ch 0001458A 8B450C mov eax,[ebp+0Ch] 0001458D 53 push ebx 0001458E 56 push esi 0001458F 8B7004 mov esi,[eax+4] 00014592 57 push edi 00014593 683C450100 push offset off_0001453C 00014598 E873CB0000 call jmp_DbgPrint 0001459D 59 pop ecx 0001459E 8B8EB8010000 mov ecx,[esi+1B8h] 000145A4 E8FD3B0000 call fn_000181A6 000145A9 8065FF00 and byte ptr [ebp-1],0 000145AD 8065FA00 and byte ptr [ebp-6],0 000145B1 33FF xor edi,edi 000145B3 39BEB4010000 cmp [esi+1B4h],edi 000145B9 0F8641010000 jbe loc_00014700 000145BF loc_000145BF: ; Xref 000146E9 000145BF FF75FA push dword ptr [ebp-6] 000145C2 8B8EB8010000 mov ecx,[esi+1B8h] 000145C8 E891310000 call fn_0001775E 000145CD 84C0 test al,al 000145CF 7471 jz loc_00014642 000145D1 3CA1 cmp al,0A1h 000145D3 7407 jz loc_000145DC 000145D5 6844450100 push offset off_00014544 000145DA EB5C jmp loc_00014638 000145DC loc_000145DC: ; Xref 000145D3 000145DC 684C450100 push offset off_0001454C 000145E1 E82ACB0000 call jmp_DbgPrint 000145E6 8D44BF50 lea eax,[edi+edi*4+50h] 000145EA 8D1C86 lea ebx,[esi+eax*4] 000145ED 803B00 cmp byte ptr [ebx],0 000145F0 59 pop ecx 000145F1 7440 jz loc_00014633 000145F3 6854450100 push offset off_00014554 000145F8 E813CB0000 call jmp_DbgPrint 000145FD 802300 and byte ptr [ebx],0 00014600 8D04BF lea eax,[edi+edi*4] 00014603 8D0486 lea eax,[esi+eax*4] 00014606 838844010000FF or dword ptr [eax+144h],0FFFFFFFFh 0001460D 80A04101000000 and byte ptr [eax+141h],0 00014614 C6804C01000007 mov byte ptr [eax+14Ch],7 0001461B loc_0001461B: ; Xref 00014670 0001461B 59 pop ecx 0001461C 6A00 push 0 0001461E FF763C push dword ptr [esi+3Ch] 00014621 C686B001000001 mov byte ptr [esi+1B0h],1 00014628 FF15C42E0200 call dword ptr [IoInvalidateDeviceRelations] 0001462E E9A9000000 jmp loc_000146DC 00014633 loc_00014633: ; Xref 000145F1 00014633 685C450100 push offset off_0001455C 00014638 loc_00014638: ; Xref 000145DA 00014638 E8D3CA0000 call jmp_DbgPrint 0001463D E999000000 jmp loc_000146DB 00014642 loc_00014642: ; Xref 000145CF 00014642 6864450100 push offset off_00014564 00014647 E8C4CA0000 call jmp_DbgPrint 0001464C 8D44BF50 lea eax,[edi+edi*4+50h] 00014650 8D1C86 lea ebx,[esi+eax*4] 00014653 803B00 cmp byte ptr [ebx],0 00014656 59 pop ecx 00014657 7519 jnz loc_00014672 00014659 686C450100 push offset off_0001456C 0001465E E8ADCA0000 call jmp_DbgPrint 00014663 8D04BF lea eax,[edi+edi*4] 00014666 89BC8644010000 mov [esi+eax*4+144h],edi 0001466D C60301 mov byte ptr [ebx],1 00014670 EBA9 jmp loc_0001461B 00014672 loc_00014672: ; Xref 00014657 00014672 8B8EB8010000 mov ecx,[esi+1B8h] 00014678 8D45F4 lea eax,[ebp-0Ch] 0001467B 50 push eax 0001467C FF75FA push dword ptr [ebp-6] 0001467F E80C370000 call fn_00017D90 00014684 6874450100 push offset off_00014574 00014689 8845FE mov [ebp-2],al 0001468C E87FCA0000 call jmp_DbgPrint 00014691 8D1C37 lea ebx,[edi+esi] 00014694 80A30401000000 and byte ptr [ebx+104h],0 0001469B 80A30801000000 and byte ptr [ebx+108h],0 000146A2 807DFE00 cmp byte ptr [ebp-2],0 000146A6 59 pop ecx 000146A7 7533 jnz loc_000146DC 000146A9 8D04BF lea eax,[edi+edi*4] 000146AC 8B848650010000 mov eax,[esi+eax*4+150h] 000146B3 3B45F4 cmp eax,[ebp-0Ch] 000146B6 7424 jz loc_000146DC 000146B8 687C450100 push offset off_0001457C 000146BD E84ECA0000 call jmp_DbgPrint 000146C2 C6830401000001 mov byte ptr [ebx+104h],1 000146C9 C6830801000001 mov byte ptr [ebx+108h],1 000146D0 80A6B001000000 and byte ptr [esi+1B0h],0 000146D7 C645FF01 mov byte ptr [ebp-1],1 000146DB loc_000146DB: ; Xref 0001463D 000146DB 59 pop ecx 000146DC loc_000146DC: ; Xref 0001462E 000146A7 000146B6 000146DC FE45FA inc byte ptr [ebp-6] 000146DF 0FB67DFA movzx edi,byte ptr [ebp-6] 000146E3 3BBEB4010000 cmp edi,[esi+1B4h] 000146E9 0F82D0FEFFFF jb loc_000145BF 000146EF 807DFF00 cmp byte ptr [ebp-1],0 000146F3 740B jz loc_00014700 000146F5 6A00 push 0 000146F7 FF763C push dword ptr [esi+3Ch] 000146FA FF15C42E0200 call dword ptr [IoInvalidateDeviceRelations] 00014700 loc_00014700: ; Xref 000145B9 000146F3 00014700 8D9E0C010000 lea ebx,[esi+10Ch] 00014706 8B3B mov edi,[ebx] 00014708 EB57 jmp loc_00014761 0001470A loc_0001470A: ; Xref 00014763 0001470A 807F0800 cmp byte ptr [edi+8],0 0001470E 744F jz loc_0001475F 00014710 837FE400 cmp dword ptr [edi-1Ch],0 00014714 7449 jz loc_0001475F 00014716 807FDC00 cmp byte ptr [edi-24h],0 0001471A 7443 jz loc_0001475F 0001471C 8A47E8 mov al,[edi-18h] 0001471F 3C01 cmp al,1 00014721 7404 jz loc_00014727 00014723 3C04 cmp al,4 00014725 752C jnz loc_00014753 00014727 loc_00014727: ; Xref 00014721 00014727 83BFC801000000 cmp dword ptr [edi+1C8h],0 0001472E 7423 jz loc_00014753 00014730 FFB7D8010000 push dword ptr [edi+1D8h] 00014736 8B8EB8010000 mov ecx,[esi+1B8h] 0001473C FFB7D0010000 push dword ptr [edi+1D0h] 00014742 33C0 xor eax,eax 00014744 8A47E0 mov al,[edi-20h] 00014747 FFB7CC010000 push dword ptr [edi+1CCh] 0001474D 50 push eax 0001474E E8C3340000 call fn_00017C16 00014753 loc_00014753: ; Xref 00014725 0001472E 00014753 FF77E4 push dword ptr [edi-1Ch] 00014756 8D470C lea eax,[edi+0Ch] 00014759 50 push eax 0001475A E8B3BDFFFF call fn_00010512 0001475F loc_0001475F: ; Xref 0001470E 00014714 0001471A 0001475F 8B3F mov edi,[edi] 00014761 loc_00014761: ; Xref 00014708 00014761 3BFB cmp edi,ebx 00014763 75A5 jnz loc_0001470A 00014765 8B750C mov esi,[ebp+0Ch] 00014768 FF36 push dword ptr [esi] 0001476A E8B3C90000 call jmp_IoFreeWorkItem 0001476F 6A00 push 0 00014771 56 push esi 00014772 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00014778 5F pop edi 00014779 5E pop esi 0001477A 5B pop ebx 0001477B C9 leave 0001477C C20800 ret 8 0001477F CC int 3 00014780 off_00014780: ; Xref 000147DA 00014780 5449204D73670A00 db 'TI Msg',00Ah,000h 00014788 off_00014788: ; Xref 000147E1 00014788 5449204D73670A00 db 'TI Msg',00Ah,000h 00014790 off_00014790: ; Xref 000147E8 00014790 5449204D73670A00 db 'TI Msg',00Ah,000h 00014798 off_00014798: ; Xref 000147EF 00014798 5449204D73670A00 db 'TI Msg',00Ah,000h 000147A0 off_000147A0: ; Xref 000147F6 000147A0 5449204D73670A00 db 'TI Msg',00Ah,000h 000147A8 off_000147A8: ; Xref 000147FD 000147A8 5449204D73670A00 db 'TI Msg',00Ah,000h 000147B0 off_000147B0: ; Xref 00014804 000147B0 5449204D73670A00 db 'TI Msg',00Ah,000h 000147B8 fn_000147B8: ; Xref 00014D5B 00014DF3 000147B8 8B442404 mov eax,[esp+4] 000147BC 8B4828 mov ecx,[eax+28h] 000147BF 8B442408 mov eax,[esp+8] 000147C3 89411C mov [ecx+1Ch],eax 000147C6 83E800 sub eax,0 000147C9 7439 jz loc_00014804 000147CB 48 dec eax 000147CC 742F jz loc_000147FD 000147CE 48 dec eax 000147CF 7425 jz loc_000147F6 000147D1 48 dec eax 000147D2 741B jz loc_000147EF 000147D4 48 dec eax 000147D5 7411 jz loc_000147E8 000147D7 48 dec eax 000147D8 7407 jz loc_000147E1 000147DA 6880470100 push offset off_00014780 000147DF EB28 jmp loc_00014809 000147E1 loc_000147E1: ; Xref 000147D8 000147E1 6888470100 push offset off_00014788 000147E6 EB21 jmp loc_00014809 000147E8 loc_000147E8: ; Xref 000147D5 000147E8 6890470100 push offset off_00014790 000147ED EB1A jmp loc_00014809 000147EF loc_000147EF: ; Xref 000147D2 000147EF 6898470100 push offset off_00014798 000147F4 EB13 jmp loc_00014809 000147F6 loc_000147F6: ; Xref 000147CF 000147F6 68A0470100 push offset off_000147A0 000147FB EB0C jmp loc_00014809 000147FD loc_000147FD: ; Xref 000147CC 000147FD 68A8470100 push offset off_000147A8 00014802 EB05 jmp loc_00014809 00014804 loc_00014804: ; Xref 000147C9 00014804 68B0470100 push offset off_000147B0 00014809 loc_00014809: ; Xref 000147DF 000147E6 000147ED 000147F4 00014809 ; 000147FB 00014802 00014809 E802C90000 call jmp_DbgPrint 0001480E 59 pop ecx 0001480F C20800 ret 8 00014812 off_00014812: ; Xref 00014874 00014812 5449204D73670A00 db 'TI Msg',00Ah,000h 0001481A off_0001481A: ; Xref 0001487B 0001481A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014822 off_00014822: ; Xref 00014882 00014822 5449204D73670A00 db 'TI Msg',00Ah,000h 0001482A off_0001482A: ; Xref 00014889 0001482A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014832 off_00014832: ; Xref 00014890 00014832 5449204D73670A00 db 'TI Msg',00Ah,000h 0001483A off_0001483A: ; Xref 00014897 0001483A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014842 off_00014842: ; Xref 0001489E 00014842 5449204D73670A00 db 'TI Msg',00Ah,000h 0001484A off_0001484A: ; Xref 000148A5 0001484A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014852 off_00014852: ; Xref 000148AC 00014852 5449204D73670A00 db 'TI Msg',00Ah,000h 0001485A fn_0001485A: ; Xref 0001513C 0001485A 8B442404 mov eax,[esp+4] 0001485E 8B4828 mov ecx,[eax+28h] 00014861 8B442408 mov eax,[esp+8] 00014865 83F807 cmp eax,7 00014868 894118 mov [ecx+18h],eax 0001486B 773F ja loc_000148AC 0001486D FF2485BA480100 jmp dword ptr [off_000148BA+eax*4] 00014874 off_00014874: ; Xref 000148BA 00014874 6812480100 push offset off_00014812 00014879 EB36 jmp loc_000148B1 0001487B off_0001487B: ; Xref 000148BE 0001487B 681A480100 push offset off_0001481A 00014880 EB2F jmp loc_000148B1 00014882 off_00014882: ; Xref 000148C2 00014882 6822480100 push offset off_00014822 00014887 EB28 jmp loc_000148B1 00014889 off_00014889: ; Xref 000148C6 00014889 682A480100 push offset off_0001482A 0001488E EB21 jmp loc_000148B1 00014890 off_00014890: ; Xref 000148CA 00014890 6832480100 push offset off_00014832 00014895 EB1A jmp loc_000148B1 00014897 off_00014897: ; Xref 000148CE 00014897 683A480100 push offset off_0001483A 0001489C EB13 jmp loc_000148B1 0001489E off_0001489E: ; Xref 000148D2 0001489E 6842480100 push offset off_00014842 000148A3 EB0C jmp loc_000148B1 000148A5 off_000148A5: ; Xref 000148D6 000148A5 684A480100 push offset off_0001484A 000148AA EB05 jmp loc_000148B1 000148AC loc_000148AC: ; Xref 0001486B 000148AC 6852480100 push offset off_00014852 000148B1 loc_000148B1: ; Xref 00014879 00014880 00014887 0001488E 000148B1 ; 00014895 0001489C 000148A3 000148AA 000148B1 E85AC80000 call jmp_DbgPrint 000148B6 59 pop ecx 000148B7 C20800 ret 8 000148BA off_000148BA: ; Xref 0001486D 000148BA 74480100 dd offset off_00014874 000148BE 7B480100 dd offset off_0001487B 000148C2 82480100 dd offset off_00014882 000148C6 89480100 dd offset off_00014889 000148CA 90480100 dd offset off_00014890 000148CE 97480100 dd offset off_00014897 000148D2 9E480100 dd offset off_0001489E 000148D6 A5480100 dd offset off_000148A5 000148DA off_000148DA: ; Xref 00014901 000148DA 5449204D73670A00 db 'TI Msg',00Ah,000h 000148E2 off_000148E2: ; Xref 00014914 000148E2 5449204D73670A00 db 'TI Msg',00Ah,000h 000148EA off_000148EA: ; Xref 00014949 000148EA 5449204D73670A00 db 'TI Msg',00Ah,000h 000148F2 off_000148F2: ; Xref 00014B27 000148F2 53 push ebx 000148F3 56 push esi 000148F4 57 push edi 000148F5 8B7C241C mov edi,[esp+1Ch] 000148F9 8B07 mov eax,[edi] 000148FB 8B7704 mov esi,[edi+4] 000148FE 8B5828 mov ebx,[eax+28h] 00014901 68DA480100 push offset off_000148DA 00014906 E805C80000 call jmp_DbgPrint 0001490B 8B442424 mov eax,[esp+24h] 0001490F 8B00 mov eax,[eax] 00014911 894618 mov [esi+18h],eax 00014914 C70424E2480100 mov dword ptr [esp],offset off_000148E2 0001491B E8F0C70000 call jmp_DbgPrint 00014920 59 pop ecx 00014921 56 push esi 00014922 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014928 83661C00 and dword ptr [esi+1Ch],0 0001492C 32D2 xor dl,dl 0001492E 8BCE mov ecx,esi 00014930 FF15BC2F0200 call dword ptr [IofCompleteRequest] 00014936 6A00 push 0 00014938 57 push edi 00014939 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 0001493F 56 push esi 00014940 83C324 add ebx,24h 00014943 53 push ebx 00014944 E82BBEFFFF call fn_00010774 00014949 68EA480100 push offset off_000148EA 0001494E E8BDC70000 call jmp_DbgPrint 00014953 59 pop ecx 00014954 5F pop edi 00014955 5E pop esi 00014956 5B pop ebx 00014957 C21400 ret 14h 0001495A off_0001495A: ; Xref 000149C7 0001495A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014962 off_00014962: ; Xref 000149DE 00014962 5449204D73670A00 db 'TI Msg',00Ah,000h 0001496A off_0001496A: ; Xref 000149F1 0001496A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014972 off_00014972: ; Xref 00014A11 00014972 5449204D73670A00 db 'TI Msg',00Ah,000h 0001497A off_0001497A: ; Xref 00014A2F 0001497A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014982 off_00014982: ; Xref 00014A74 00014982 5449204D73670A00 db 'TI Msg',00Ah,000h 0001498A off_0001498A: ; Xref 00014A7E 0001498A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014992 off_00014992: ; Xref 00014AF9 00014992 5449204D73670A00 db 'TI Msg',00Ah,000h 0001499A off_0001499A: ; Xref 00014B03 0001499A 5449204D73670A00 db 'TI Msg',00Ah,000h 000149A2 off_000149A2: ; Xref 00014B43 000149A2 5449204D73670A00 db 'TI Msg',00Ah,000h 000149AA off_000149AA: ; Xref 00014B7B 000149AA 5449204D73670A00 db 'TI Msg',00Ah,000h 000149B2 fn_000149B2: ; Xref 00014C26 000149B2 55 push ebp 000149B3 8BEC mov ebp,esp 000149B5 83EC20 sub esp,20h 000149B8 53 push ebx 000149B9 56 push esi 000149BA 8B750C mov esi,[ebp+0Ch] 000149BD 8B4660 mov eax,[esi+60h] 000149C0 57 push edi 000149C1 8B7D08 mov edi,[ebp+8] 000149C4 8B5F28 mov ebx,[edi+28h] 000149C7 685A490100 push offset off_0001495A 000149CC 8945FC mov [ebp-4],eax 000149CF E83CC70000 call jmp_DbgPrint 000149D4 8B45FC mov eax,[ebp-4] 000149D7 8B400C mov eax,[eax+0Ch] 000149DA 48 dec eax 000149DB 59 pop ecx 000149DC 7413 jz loc_000149F1 000149DE 6862490100 push offset off_00014962 000149E3 E828C70000 call jmp_DbgPrint 000149E8 C7450C04000000 mov dword ptr [ebp+0Ch],4 000149EF EB11 jmp loc_00014A02 000149F1 loc_000149F1: ; Xref 000149DC 000149F1 686A490100 push offset off_0001496A 000149F6 E815C70000 call jmp_DbgPrint 000149FB C7450C01000000 mov dword ptr [ebp+0Ch],1 00014A02 loc_00014A02: ; Xref 000149EF 00014A02 59 pop ecx 00014A03 6A08 push 8 00014A05 E8C6F8FFFF call fn_000142D0 00014A0A 85C0 test eax,eax 00014A0C 8945F8 mov [ebp-8],eax 00014A0F 751E jnz loc_00014A2F 00014A11 6872490100 push offset off_00014972 00014A16 E8F5C60000 call jmp_DbgPrint 00014A1B 59 pop ecx 00014A1C 56 push esi 00014A1D FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014A23 C746189A0000C0 mov dword ptr [esi+18h],0C000009Ah 00014A2A E934010000 jmp loc_00014B63 00014A2F loc_00014A2F: ; Xref 00014A0F 00014A2F 687A490100 push offset off_0001497A 00014A34 8938 mov [eax],edi 00014A36 897004 mov [eax+4],esi 00014A39 E8D2C60000 call jmp_DbgPrint 00014A3E 83650800 and dword ptr [ebp+8],0 00014A42 83C8FF or eax,0FFFFFFFFh 00014A45 8D7DE0 lea edi,[ebp-20h] 00014A48 AB stosd 00014A49 AB stosd 00014A4A AB stosd 00014A4B AB stosd 00014A4C 8B45FC mov eax,[ebp-4] 00014A4F 80780102 cmp byte ptr [eax+1],2 00014A53 59 pop ecx 00014A54 0F85C1000000 jne loc_00014B1B 00014A5A 837D0C04 cmp dword ptr [ebp+0Ch],4 00014A5E 0F85B7000000 jne loc_00014B1B 00014A64 8D830C010000 lea eax,[ebx+10Ch] 00014A6A 8B38 mov edi,[eax] 00014A6C EB51 jmp loc_00014ABF 00014A6E loc_00014A6E: ; Xref 00014AC1 00014A6E 807F0800 cmp byte ptr [edi+8],0 00014A72 7443 jz loc_00014AB7 00014A74 6882490100 push offset off_00014982 00014A79 E892C60000 call jmp_DbgPrint 00014A7E C704248A490100 mov dword ptr [esp],offset off_0001498A 00014A85 E886C60000 call jmp_DbgPrint 00014A8A 837FE400 cmp dword ptr [edi-1Ch],0 00014A8E 59 pop ecx 00014A8F 7426 jz loc_00014AB7 00014A91 807FDC00 cmp byte ptr [edi-24h],0 00014A95 7420 jz loc_00014AB7 00014A97 8D470C lea eax,[edi+0Ch] 00014A9A 50 push eax 00014A9B E80ABBFFFF call fn_000105AA 00014AA0 8D4768 lea eax,[edi+68h] 00014AA3 50 push eax 00014AA4 FF15382F0200 call dword ptr [KeCancelTimer] 00014AAA 8B4D08 mov ecx,[ebp+8] 00014AAD 8B47E0 mov eax,[edi-20h] 00014AB0 FF4508 inc dword ptr [ebp+8] 00014AB3 89448DE0 mov [ebp+ecx*4-20h],eax 00014AB7 loc_00014AB7: ; Xref 00014A72 00014A8F 00014A95 00014AB7 8B3F mov edi,[edi] 00014AB9 8D830C010000 lea eax,[ebx+10Ch] 00014ABF loc_00014ABF: ; Xref 00014A6C 00014ABF 3BF8 cmp edi,eax 00014AC1 75AB jnz loc_00014A6E 00014AC3 834DF4FF or dword ptr [ebp-0Ch],0FFFFFFFFh 00014AC7 8D45F0 lea eax,[ebp-10h] 00014ACA 50 push eax 00014ACB 33FF xor edi,edi 00014ACD 57 push edi 00014ACE 57 push edi 00014ACF C745F08072A4FF mov dword ptr [ebp-10h],0FFA47280h 00014AD6 FF15342F0200 call dword ptr [KeDelayExecutionThread] 00014ADC 397D08 cmp [ebp+8],edi 00014ADF 7618 jbe loc_00014AF9 00014AE1 loc_00014AE1: ; Xref 00014AF7 00014AE1 8B8BB8010000 mov ecx,[ebx+1B8h] 00014AE7 33C0 xor eax,eax 00014AE9 8A44BDE0 mov al,[ebp+edi*4-20h] 00014AED 50 push eax 00014AEE E8F1320000 call fn_00017DE4 00014AF3 47 inc edi 00014AF4 3B7D08 cmp edi,[ebp+8] 00014AF7 72E8 jb loc_00014AE1 00014AF9 loc_00014AF9: ; Xref 00014ADF 00014AF9 6892490100 push offset off_00014992 00014AFE E80DC60000 call jmp_DbgPrint 00014B03 C704249A490100 mov dword ptr [esp],offset off_0001499A 00014B0A E801C60000 call jmp_DbgPrint 00014B0F 59 pop ecx 00014B10 8B8BB8010000 mov ecx,[ebx+1B8h] 00014B16 E8E9350000 call fn_00018104 00014B1B loc_00014B1B: ; Xref 00014A54 00014A5E 00014B1B 8B45FC mov eax,[ebp-4] 00014B1E 0FB64001 movzx eax,byte ptr [eax+1] 00014B22 6A00 push 0 00014B24 FF75F8 push dword ptr [ebp-8] 00014B27 68F2480100 push offset off_000148F2 00014B2C FF750C push dword ptr [ebp+0Ch] 00014B2F 50 push eax 00014B30 FF733C push dword ptr [ebx+3Ch] 00014B33 FF15302F0200 call dword ptr [PoRequestPowerIrp] 00014B39 8BF8 mov edi,eax 00014B3B 81FF03010000 cmp edi,103h 00014B41 7438 jz loc_00014B7B 00014B43 68A2490100 push offset off_000149A2 00014B48 E8C3C50000 call jmp_DbgPrint 00014B4D 59 pop ecx 00014B4E 6A00 push 0 00014B50 FF75F8 push dword ptr [ebp-8] 00014B53 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00014B59 56 push esi 00014B5A FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014B60 897E18 mov [esi+18h],edi 00014B63 loc_00014B63: ; Xref 00014A2A 00014B63 83661C00 and dword ptr [esi+1Ch],0 00014B67 8BCE mov ecx,esi 00014B69 32D2 xor dl,dl 00014B6B FF15BC2F0200 call dword ptr [IofCompleteRequest] 00014B71 83C324 add ebx,24h 00014B74 56 push esi 00014B75 53 push ebx 00014B76 E8F9BBFFFF call fn_00010774 00014B7B loc_00014B7B: ; Xref 00014B41 00014B7B 68AA490100 push offset off_000149AA 00014B80 E88BC50000 call jmp_DbgPrint 00014B85 59 pop ecx 00014B86 5F pop edi 00014B87 5E pop esi 00014B88 5B pop ebx 00014B89 C9 leave 00014B8A C20800 ret 8 00014B8D CC int 3 00014B8E off_00014B8E: ; Xref 00014BCF 00014B8E 5449204D73670A00 db 'TI Msg',00Ah,000h 00014B96 off_00014B96: ; Xref 00014BDE 00014B96 5449204D73670A00 db 'TI Msg',00Ah,000h 00014B9E off_00014B9E: ; Xref 00014BFE 00014B9E 5449204D73670A00 db 'TI Msg',00Ah,000h 00014BA6 off_00014BA6: ; Xref 00014C08 00014BA6 5449204D73670A00 db 'TI Msg',00Ah,000h 00014BAE off_00014BAE: ; Xref 00014C14 00014BAE 5449204D73670A00 db 'TI Msg',00Ah,000h 00014BB6 off_00014BB6: ; Xref 00014C2B 00014BB6 5449204D73670A00 db 'TI Msg',00Ah,000h 00014BBE off_00014BBE: ; Xref 000150FD 0001524C 00014BBE 8B442404 mov eax,[esp+4] 00014BC2 53 push ebx 00014BC3 56 push esi 00014BC4 8B742410 mov esi,[esp+10h] 00014BC8 8B5E18 mov ebx,[esi+18h] 00014BCB 57 push edi 00014BCC 8B7828 mov edi,[eax+28h] 00014BCF 688E4B0100 push offset off_00014B8E 00014BD4 E837C50000 call jmp_DbgPrint 00014BD9 85DB test ebx,ebx 00014BDB 59 pop ecx 00014BDC 7D20 jge loc_00014BFE 00014BDE 68964B0100 push offset off_00014B96 00014BE3 E828C50000 call jmp_DbgPrint 00014BE8 59 pop ecx 00014BE9 56 push esi 00014BEA FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014BF0 56 push esi 00014BF1 83C724 add edi,24h 00014BF4 57 push edi 00014BF5 E87ABBFFFF call fn_00010774 00014BFA 33C0 xor eax,eax 00014BFC EB3D jmp loc_00014C3B 00014BFE loc_00014BFE: ; Xref 00014BDC 00014BFE 689E4B0100 push offset off_00014B9E 00014C03 E808C50000 call jmp_DbgPrint 00014C08 C70424A64B0100 mov dword ptr [esp],offset off_00014BA6 00014C0F E8FCC40000 call jmp_DbgPrint 00014C14 C70424AE4B0100 mov dword ptr [esp],offset off_00014BAE 00014C1B E8F0C40000 call jmp_DbgPrint 00014C20 59 pop ecx 00014C21 56 push esi 00014C22 FF742414 push dword ptr [esp+14h] 00014C26 E887FDFFFF call fn_000149B2 00014C2B 68B64B0100 push offset off_00014BB6 00014C30 E8DBC40000 call jmp_DbgPrint 00014C35 59 pop ecx 00014C36 B8160000C0 mov eax,0C0000016h 00014C3B loc_00014C3B: ; Xref 00014BFC 00014C3B 5F pop edi 00014C3C 5E pop esi 00014C3D 5B pop ebx 00014C3E C20C00 ret 0Ch 00014C41 CC int 3 00014C42 off_00014C42: ; Xref 00014CD2 00014C42 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C4A off_00014C4A: ; Xref 00014CE6 00014C4A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C52 off_00014C52: ; Xref 00014CFE 00014C52 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C5A off_00014C5A: ; Xref 00014D4D 00014C5A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C62 off_00014C62: ; Xref 00014D60 00014C62 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C6A off_00014C6A: ; Xref 00014D77 00014C6A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C72 off_00014C72: ; Xref 00014DB8 00014C72 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C7A off_00014C7A: ; Xref 00014DCD 00014C7A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C82 off_00014C82: ; Xref 00014DD7 00014C82 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C8A off_00014C8A: ; Xref 00014DE3 00014C8A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C92 off_00014C92: ; Xref 00014DF8 00014C92 5449204D73670A00 db 'TI Msg',00Ah,000h 00014C9A off_00014C9A: ; Xref 00014E10 00014C9A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014CA2 off_00014CA2: ; Xref 00014E28 00014CA2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014CAA off_00014CAA: ; Xref 00014E33 00014CAA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014CB2 off_00014CB2: ; Xref 00014E59 00014CB2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014CBA off_00014CBA: ; Xref 000152F4 0001539C 00014CBA 55 push ebp 00014CBB 8BEC mov ebp,esp 00014CBD 53 push ebx 00014CBE 56 push esi 00014CBF 8B750C mov esi,[ebp+0Ch] 00014CC2 8B4618 mov eax,[esi+18h] 00014CC5 57 push edi 00014CC6 8B7D08 mov edi,[ebp+8] 00014CC9 8B5F28 mov ebx,[edi+28h] 00014CCC 89450C mov [ebp+0Ch],eax 00014CCF 8B4660 mov eax,[esi+60h] 00014CD2 68424C0100 push offset off_00014C42 00014CD7 894508 mov [ebp+8],eax 00014CDA E831C40000 call jmp_DbgPrint 00014CDF 807E2100 cmp byte ptr [esi+21h],0 00014CE3 59 pop ecx 00014CE4 7412 jz loc_00014CF8 00014CE6 684A4C0100 push offset off_00014C4A 00014CEB E820C40000 call jmp_DbgPrint 00014CF0 8B4660 mov eax,[esi+60h] 00014CF3 80480301 or byte ptr [eax+3],1 00014CF7 59 pop ecx 00014CF8 loc_00014CF8: ; Xref 00014CE4 00014CF8 837D0C00 cmp dword ptr [ebp+0Ch],0 00014CFC 7D34 jge loc_00014D32 00014CFE 68524C0100 push offset off_00014C52 00014D03 E808C40000 call jmp_DbgPrint 00014D08 59 pop ecx 00014D09 56 push esi 00014D0A FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014D10 837D1000 cmp dword ptr [ebp+10h],0 00014D14 740B jz loc_00014D21 00014D16 6A00 push 0 00014D18 FF7510 push dword ptr [ebp+10h] 00014D1B FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00014D21 loc_00014D21: ; Xref 00014D14 00014D21 56 push esi 00014D22 83C324 add ebx,24h 00014D25 53 push ebx 00014D26 E849BAFFFF call fn_00010774 00014D2B 33C0 xor eax,eax 00014D2D E937010000 jmp loc_00014E69 00014D32 loc_00014D32: ; Xref 00014CFC 00014D32 8B4508 mov eax,[ebp+8] 00014D35 80780102 cmp byte ptr [eax+1],2 00014D39 0F85E9000000 jne loc_00014E28 00014D3F 8B4510 mov eax,[ebp+10h] 00014D42 8B4804 mov ecx,[eax+4] 00014D45 3B08 cmp ecx,[eax] 00014D47 0F8D80000000 jnl loc_00014DCD 00014D4D 685A4C0100 push offset off_00014C5A 00014D52 E8B9C30000 call jmp_DbgPrint 00014D57 59 pop ecx 00014D58 6A01 push 1 00014D5A 57 push edi 00014D5B E858FAFFFF call fn_000147B8 00014D60 68624C0100 push offset off_00014C62 00014D65 E8A6C30000 call jmp_DbgPrint 00014D6A 59 pop ecx 00014D6B 33C0 xor eax,eax 00014D6D 40 inc eax 00014D6E 50 push eax 00014D6F 50 push eax 00014D70 57 push edi 00014D71 FF15102F0200 call dword ptr [PoSetPowerState] 00014D77 686A4C0100 push offset off_00014C6A 00014D7C E88FC30000 call jmp_DbgPrint 00014D81 59 pop ecx 00014D82 6A08 push 8 00014D84 E847F5FFFF call fn_000142D0 00014D89 8BF8 mov edi,eax 00014D8B 85FF test edi,edi 00014D8D 7434 jz loc_00014DC3 00014D8F FF33 push dword ptr [ebx] 00014D91 E886C30000 call jmp_IoAllocateWorkItem 00014D96 85C0 test eax,eax 00014D98 8907 mov [edi],eax 00014D9A 7413 jz loc_00014DAF 00014D9C 57 push edi 00014D9D 6A00 push 0 00014D9F 6884450100 push offset off_00014584 00014DA4 50 push eax 00014DA5 895F04 mov [edi+4],ebx 00014DA8 E869C30000 call jmp_IoQueueWorkItem 00014DAD EB14 jmp loc_00014DC3 00014DAF loc_00014DAF: ; Xref 00014D9A 00014DAF 6A00 push 0 00014DB1 57 push edi 00014DB2 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00014DB8 68724C0100 push offset off_00014C72 00014DBD E84EC30000 call jmp_DbgPrint 00014DC2 59 pop ecx 00014DC3 loc_00014DC3: ; Xref 00014D8D 00014DAD 00014DC3 83661800 and dword ptr [esi+18h],0 00014DC7 83661C00 and dword ptr [esi+1Ch],0 00014DCB EB43 jmp loc_00014E10 00014DCD loc_00014DCD: ; Xref 00014D47 00014DCD 687A4C0100 push offset off_00014C7A 00014DD2 E839C30000 call jmp_DbgPrint 00014DD7 C70424824C0100 mov dword ptr [esp],offset off_00014C82 00014DDE E82DC30000 call jmp_DbgPrint 00014DE3 C704248A4C0100 mov dword ptr [esp],offset off_00014C8A 00014DEA E821C30000 call jmp_DbgPrint 00014DEF 59 pop ecx 00014DF0 6A04 push 4 00014DF2 57 push edi 00014DF3 E8C0F9FFFF call fn_000147B8 00014DF8 68924C0100 push offset off_00014C92 00014DFD E80EC30000 call jmp_DbgPrint 00014E02 59 pop ecx 00014E03 6A04 push 4 00014E05 58 pop eax 00014E06 50 push eax 00014E07 6A01 push 1 00014E09 57 push edi 00014E0A FF15102F0200 call dword ptr [PoSetPowerState] 00014E10 loc_00014E10: ; Xref 00014DCB 00014E10 689A4C0100 push offset off_00014C9A 00014E15 E8F6C20000 call jmp_DbgPrint 00014E1A 59 pop ecx 00014E1B 6A00 push 0 00014E1D FF7510 push dword ptr [ebp+10h] 00014E20 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00014E26 EB0B jmp loc_00014E33 00014E28 loc_00014E28: ; Xref 00014D39 00014E28 68A24C0100 push offset off_00014CA2 00014E2D E8DEC20000 call jmp_DbgPrint 00014E32 59 pop ecx 00014E33 loc_00014E33: ; Xref 00014E26 00014E33 68AA4C0100 push offset off_00014CAA 00014E38 E8D3C20000 call jmp_DbgPrint 00014E3D 59 pop ecx 00014E3E 56 push esi 00014E3F FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00014E45 32D2 xor dl,dl 00014E47 8BCE mov ecx,esi 00014E49 FF15BC2F0200 call dword ptr [IofCompleteRequest] 00014E4F 56 push esi 00014E50 83C324 add ebx,24h 00014E53 53 push ebx 00014E54 E81BB9FFFF call fn_00010774 00014E59 68B24C0100 push offset off_00014CB2 00014E5E E8ADC20000 call jmp_DbgPrint 00014E63 59 pop ecx 00014E64 B8160000C0 mov eax,0C0000016h 00014E69 loc_00014E69: ; Xref 00014D2D 00014E69 5F pop edi 00014E6A 5E pop esi 00014E6B 5B pop ebx 00014E6C 5D pop ebp 00014E6D C20C00 ret 0Ch 00014E70 off_00014E70: ; Xref 00014E98 00014E70 5449204D73670A00 db 'TI Msg',00Ah,000h 00014E78 off_00014E78: ; Xref 00014EBD 00014E78 5449204D73670A00 db 'TI Msg',00Ah,000h 00014E80 off_00014E80: ; Xref 00014EC8 00014E80 5449204D73670A00 db 'TI Msg',00Ah,000h 00014E88 off_00014E88: ; Xref 000151A0 00014E88 56 push esi 00014E89 8B74240C mov esi,[esp+0Ch] 00014E8D 57 push edi 00014E8E FF36 push dword ptr [esi] 00014E90 8B7E04 mov edi,[esi+4] 00014E93 E88AC20000 call jmp_IoFreeWorkItem 00014E98 68704E0100 push offset off_00014E70 00014E9D E86EC20000 call jmp_DbgPrint 00014EA2 59 pop ecx 00014EA3 6A00 push 0 00014EA5 6A00 push 0 00014EA7 33C0 xor eax,eax 00014EA9 6A00 push 0 00014EAB 40 inc eax 00014EAC 50 push eax 00014EAD 6A02 push 2 00014EAF 57 push edi 00014EB0 FF15302F0200 call dword ptr [PoRequestPowerIrp] 00014EB6 3D03010000 cmp eax,103h 00014EBB 740B jz loc_00014EC8 00014EBD 68784E0100 push offset off_00014E78 00014EC2 E849C20000 call jmp_DbgPrint 00014EC7 59 pop ecx 00014EC8 loc_00014EC8: ; Xref 00014EBB 00014EC8 68804E0100 push offset off_00014E80 00014ECD E83EC20000 call jmp_DbgPrint 00014ED2 59 pop ecx 00014ED3 6A00 push 0 00014ED5 56 push esi 00014ED6 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00014EDC 5F pop edi 00014EDD 5E pop esi 00014EDE C20800 ret 8 00014EE1 CC int 3 00014EE2 off_00014EE2: ; Xref 0001500A 00014EE2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014EEA off_00014EEA: ; Xref 00015034 00014EEA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014EF2 off_00014EF2: ; Xref 00015059 00014EF2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014EFA off_00014EFA: ; Xref 00015077 00014EFA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F02 off_00014F02: ; Xref 00015093 00014F02 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F0A off_00014F0A: ; Xref 000150BA 00014F0A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F12 off_00014F12: ; Xref 000150C4 00014F12 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F1A off_00014F1A: ; Xref 000150CE 00014F1A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F22 off_00014F22: ; Xref 00015115 00014F22 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F2A off_00014F2A: ; Xref 0001511F 00014F2A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F32 off_00014F32: ; Xref 00015129 00014F32 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F3A off_00014F3A: ; Xref 0001514B 00014F3A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F42 off_00014F42: ; Xref 00015155 00014F42 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F4A off_00014F4A: ; Xref 00015161 00014F4A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F52 off_00014F52: ; Xref 0001516D 00014F52 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F5A off_00014F5A: ; Xref 000151B0 00014F5A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F62 off_00014F62: ; Xref 000151C6 00014F62 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F6A off_00014F6A: ; Xref 00015208 00014F6A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F72 off_00014F72: ; Xref 00015212 00014F72 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F7A off_00014F7A: ; Xref 0001521E 00014F7A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F82 off_00014F82: ; Xref 00015264 00014F82 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F8A off_00014F8A: ; Xref 00015278 00014F8A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F92 off_00014F92: ; Xref 00015283 00014F92 5449204D73670A00 db 'TI Msg',00Ah,000h 00014F9A off_00014F9A: ; Xref 000152B1 00014F9A 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FA2 off_00014FA2: ; Xref 000152BB 00014FA2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FAA off_00014FAA: ; Xref 000152C5 00014FAA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FB2 off_00014FB2: ; Xref 0001530C 00014FB2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FBA off_00014FBA: ; Xref 00015316 00014FBA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FC2 off_00014FC2: ; Xref 00015320 00014FC2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FCA off_00014FCA: ; Xref 00015338 00014FCA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FD2 off_00014FD2: ; Xref 00015365 00014FD2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FDA off_00014FDA: ; Xref 000153B0 00014FDA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FE2 off_00014FE2: ; Xref 000153C1 00014FE2 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FEA off_00014FEA: ; Xref 000153E5 00014FEA 5449204D73670A00 db 'TI Msg',00Ah,000h 00014FF2 fn_00014FF2: ; Xref 00021380 00014FF2 55 push ebp 00014FF3 8BEC mov ebp,esp 00014FF5 83EC0C sub esp,0Ch 00014FF8 8B4508 mov eax,[ebp+8] 00014FFB 53 push ebx 00014FFC 8B5D0C mov ebx,[ebp+0Ch] 00014FFF 56 push esi 00015000 8B7028 mov esi,[eax+28h] 00015003 57 push edi 00015004 8B7B60 mov edi,[ebx+60h] 00015007 8B470C mov eax,[edi+0Ch] 0001500A 68E24E0100 push offset off_00014EE2 0001500F 8975FC mov [ebp-4],esi 00015012 8945F8 mov [ebp-8],eax 00015015 E8F6C00000 call jmp_DbgPrint 0001501A 8B4610 mov eax,[esi+10h] 0001501D 83F805 cmp eax,5 00015020 59 pop ecx 00015021 0F849A030000 je loc_000153C1 00015027 83F804 cmp eax,4 0001502A 0F8491030000 je loc_000153C1 00015030 85C0 test eax,eax 00015032 752F jnz loc_00015063 00015034 68EA4E0100 push offset off_00014EEA 00015039 E8D2C00000 call jmp_DbgPrint 0001503E 59 pop ecx 0001503F 53 push ebx 00015040 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00015046 FE4323 inc byte ptr [ebx+23h] 00015049 83436024 add dword ptr [ebx+60h],24h 0001504D 53 push ebx 0001504E FF7608 push dword ptr [esi+8] 00015051 FF15B42E0200 call dword ptr [PoCallDriver] 00015057 8BF0 mov esi,eax 00015059 68F24E0100 push offset off_00014EF2 0001505E E987030000 jmp loc_000153EA 00015063 loc_00015063: ; Xref 00015032 00015063 8D4624 lea eax,[esi+24h] 00015066 53 push ebx 00015067 50 push eax 00015068 89450C mov [ebp+0Ch],eax 0001506B E8D0B6FFFF call fn_00010740 00015070 85C0 test eax,eax 00015072 8945F4 mov [ebp-0Ch],eax 00015075 7D2E jge loc_000150A5 00015077 68FA4E0100 push offset off_00014EFA 0001507C E88FC00000 call jmp_DbgPrint 00015081 59 pop ecx 00015082 53 push ebx 00015083 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00015089 32D2 xor dl,dl 0001508B 8BCB mov ecx,ebx 0001508D FF15BC2F0200 call dword ptr [IofCompleteRequest] 00015093 68024F0100 push offset off_00014F02 00015098 E873C00000 call jmp_DbgPrint 0001509D 8B45F4 mov eax,[ebp-0Ch] 000150A0 E94C030000 jmp loc_000153F1 000150A5 loc_000150A5: ; Xref 00015075 000150A5 0FB64701 movzx eax,byte ptr [edi+1] 000150A9 48 dec eax 000150AA 837F0800 cmp dword ptr [edi+8],0 000150AE 0F85BA010000 jne loc_0001526E 000150B4 48 dec eax 000150B5 7468 jz loc_0001511F 000150B7 48 dec eax 000150B8 740A jz loc_000150C4 000150BA 680A4F0100 push offset off_00014F0A 000150BF E9B9010000 jmp loc_0001527D 000150C4 loc_000150C4: ; Xref 000150B8 000150C4 68124F0100 push offset off_00014F12 000150C9 E842C00000 call jmp_DbgPrint 000150CE C704241A4F0100 mov dword ptr [esp],offset off_00014F1A 000150D5 E836C00000 call jmp_DbgPrint 000150DA 8B4360 mov eax,[ebx+60h] 000150DD 80480301 or byte ptr [eax+3],1 000150E1 8B7360 mov esi,[ebx+60h] 000150E4 59 pop ecx 000150E5 8D46DC lea eax,[esi-24h] 000150E8 6A07 push 7 000150EA 8BF8 mov edi,eax 000150EC 59 pop ecx 000150ED F3A5 rep movsd 000150EF 80600300 and byte ptr [eax+3],0 000150F3 8B4360 mov eax,[ebx+60h] 000150F6 8360FC00 and dword ptr [eax-4],0 000150FA 83E824 sub eax,24h 000150FD C7401CBE4B0100 mov dword ptr [eax+1Ch],offset off_00014BBE 00015104 C64003E0 mov byte ptr [eax+3],0E0h 00015108 8B45FC mov eax,[ebp-4] 0001510B 53 push ebx 0001510C FF7008 push dword ptr [eax+8] 0001510F FF15B42E0200 call dword ptr [PoCallDriver] 00015115 68224F0100 push offset off_00014F22 0001511A E996020000 jmp loc_000153B5 0001511F loc_0001511F: ; Xref 000150B5 0001511F 682A4F0100 push offset off_00014F2A 00015124 E8E7BF0000 call jmp_DbgPrint 00015129 C70424324F0100 mov dword ptr [esp],offset off_00014F32 00015130 E8DBBF0000 call jmp_DbgPrint 00015135 59 pop ecx 00015136 FF75F8 push dword ptr [ebp-8] 00015139 FF7508 push dword ptr [ebp+8] 0001513C E819F7FFFF call fn_0001485A 00015141 837DF801 cmp dword ptr [ebp-8],1 00015145 0F85DF000000 jne loc_0001522A 0001514B 683A4F0100 push offset off_00014F3A 00015150 E8BBBF0000 call jmp_DbgPrint 00015155 C70424424F0100 mov dword ptr [esp],offset off_00014F42 0001515C E8AFBF0000 call jmp_DbgPrint 00015161 C704244A4F0100 mov dword ptr [esp],offset off_00014F4A 00015168 E8A3BF0000 call jmp_DbgPrint 0001516D C70424524F0100 mov dword ptr [esp],offset off_00014F52 00015174 E897BF0000 call jmp_DbgPrint 00015179 59 pop ecx 0001517A 6A0C push 0Ch 0001517C E84FF1FFFF call fn_000142D0 00015181 8BF8 mov edi,eax 00015183 85FF test edi,edi 00015185 743F jz loc_000151C6 00015187 FF7508 push dword ptr [ebp+8] 0001518A E88DBF0000 call jmp_IoAllocateWorkItem 0001518F 85C0 test eax,eax 00015191 8907 mov [edi],eax 00015193 741B jz loc_000151B0 00015195 8B4E3C mov ecx,[esi+3Ch] 00015198 894F04 mov [edi+4],ecx 0001519B 33C9 xor ecx,ecx 0001519D 57 push edi 0001519E 41 inc ecx 0001519F 51 push ecx 000151A0 68884E0100 push offset off_00014E88 000151A5 50 push eax 000151A6 894F08 mov [edi+8],ecx 000151A9 E868BF0000 call jmp_IoQueueWorkItem 000151AE EB35 jmp loc_000151E5 000151B0 loc_000151B0: ; Xref 00015193 000151B0 685A4F0100 push offset off_00014F5A 000151B5 E856BF0000 call jmp_DbgPrint 000151BA 59 pop ecx 000151BB 6A00 push 0 000151BD 57 push edi 000151BE FF15F02E0200 call dword ptr [ExFreePoolWithTag] 000151C4 EB0B jmp loc_000151D1 000151C6 loc_000151C6: ; Xref 00015185 000151C6 68624F0100 push offset off_00014F62 000151CB E840BF0000 call jmp_DbgPrint 000151D0 59 pop ecx 000151D1 loc_000151D1: ; Xref 000151C4 000151D1 33C9 xor ecx,ecx 000151D3 51 push ecx 000151D4 51 push ecx 000151D5 33C0 xor eax,eax 000151D7 51 push ecx 000151D8 40 inc eax 000151D9 50 push eax 000151DA 6A02 push 2 000151DC FF763C push dword ptr [esi+3Ch] 000151DF FF15302F0200 call dword ptr [PoRequestPowerIrp] 000151E5 loc_000151E5: ; Xref 000151AE 000151E5 53 push ebx 000151E6 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 000151EC FE4323 inc byte ptr [ebx+23h] 000151EF 83436024 add dword ptr [ebx+60h],24h 000151F3 53 push ebx 000151F4 FF7608 push dword ptr [esi+8] 000151F7 FF15B42E0200 call dword ptr [PoCallDriver] 000151FD 53 push ebx 000151FE FF750C push dword ptr [ebp+0Ch] 00015201 8BF0 mov esi,eax 00015203 E86CB5FFFF call fn_00010774 00015208 686A4F0100 push offset off_00014F6A 0001520D E8FEBE0000 call jmp_DbgPrint 00015212 C70424724F0100 mov dword ptr [esp],offset off_00014F72 00015219 E8F2BE0000 call jmp_DbgPrint 0001521E C704247A4F0100 mov dword ptr [esp],offset off_00014F7A 00015225 E9C0010000 jmp loc_000153EA 0001522A loc_0001522A: ; Xref 00015145 0001522A 8B4360 mov eax,[ebx+60h] 0001522D 80480301 or byte ptr [eax+3],1 00015231 8B7360 mov esi,[ebx+60h] 00015234 8D46DC lea eax,[esi-24h] 00015237 6A07 push 7 00015239 8BF8 mov edi,eax 0001523B 59 pop ecx 0001523C F3A5 rep movsd 0001523E 80600300 and byte ptr [eax+3],0 00015242 8B4360 mov eax,[ebx+60h] 00015245 8360FC00 and dword ptr [eax-4],0 00015249 83E824 sub eax,24h 0001524C C7401CBE4B0100 mov dword ptr [eax+1Ch],offset off_00014BBE 00015253 C64003E0 mov byte ptr [eax+3],0E0h 00015257 8B45FC mov eax,[ebp-4] 0001525A 53 push ebx 0001525B FF7008 push dword ptr [eax+8] 0001525E FF15B42E0200 call dword ptr [PoCallDriver] 00015264 68824F0100 push offset off_00014F82 00015269 E947010000 jmp loc_000153B5 0001526E loc_0001526E: ; Xref 000150AE 0001526E 48 dec eax 0001526F 0F84A1000000 je loc_00015316 00015275 48 dec eax 00015276 7443 jz loc_000152BB 00015278 688A4F0100 push offset off_00014F8A 0001527D loc_0001527D: ; Xref 000150BF 0001527D E88EBE0000 call jmp_DbgPrint 00015282 59 pop ecx 00015283 68924F0100 push offset off_00014F92 00015288 E883BE0000 call jmp_DbgPrint 0001528D 59 pop ecx 0001528E 53 push ebx 0001528F FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 00015295 FE4323 inc byte ptr [ebx+23h] 00015298 83436024 add dword ptr [ebx+60h],24h 0001529C 53 push ebx 0001529D FF7608 push dword ptr [esi+8] 000152A0 FF15B42E0200 call dword ptr [PoCallDriver] 000152A6 53 push ebx 000152A7 FF750C push dword ptr [ebp+0Ch] 000152AA 8BF0 mov esi,eax 000152AC E8C3B4FFFF call fn_00010774 000152B1 689A4F0100 push offset off_00014F9A 000152B6 E92F010000 jmp loc_000153EA 000152BB loc_000152BB: ; Xref 00015276 000152BB 68A24F0100 push offset off_00014FA2 000152C0 E84BBE0000 call jmp_DbgPrint 000152C5 C70424AA4F0100 mov dword ptr [esp],offset off_00014FAA 000152CC E83FBE0000 call jmp_DbgPrint 000152D1 8B4360 mov eax,[ebx+60h] 000152D4 80480301 or byte ptr [eax+3],1 000152D8 8B7360 mov esi,[ebx+60h] 000152DB 59 pop ecx 000152DC 8D46DC lea eax,[esi-24h] 000152DF 6A07 push 7 000152E1 8BF8 mov edi,eax 000152E3 59 pop ecx 000152E4 F3A5 rep movsd 000152E6 80600300 and byte ptr [eax+3],0 000152EA 8B4360 mov eax,[ebx+60h] 000152ED 8360FC00 and dword ptr [eax-4],0 000152F1 83E824 sub eax,24h 000152F4 C7401CBA4C0100 mov dword ptr [eax+1Ch],offset off_00014CBA 000152FB C64003E0 mov byte ptr [eax+3],0E0h 000152FF 8B45FC mov eax,[ebp-4] 00015302 53 push ebx 00015303 FF7008 push dword ptr [eax+8] 00015306 FF15B42E0200 call dword ptr [PoCallDriver] 0001530C 68B24F0100 push offset off_00014FB2 00015311 E99F000000 jmp loc_000153B5 00015316 loc_00015316: ; Xref 0001526F 00015316 68BA4F0100 push offset off_00014FBA 0001531B E8F0BD0000 call jmp_DbgPrint 00015320 C70424C24F0100 mov dword ptr [esp],offset off_00014FC2 00015327 E8E4BD0000 call jmp_DbgPrint 0001532C 59 pop ecx 0001532D 6A08 push 8 0001532F E89CEFFFFF call fn_000142D0 00015334 85C0 test eax,eax 00015336 7534 jnz loc_0001536C 00015338 68CA4F0100 push offset off_00014FCA 0001533D E8CEBD0000 call jmp_DbgPrint 00015342 59 pop ecx 00015343 53 push ebx 00015344 FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 0001534A BE9A0000C0 mov esi,0C000009Ah 0001534F 32D2 xor dl,dl 00015351 8BCB mov ecx,ebx 00015353 897318 mov [ebx+18h],esi 00015356 FF15BC2F0200 call dword ptr [IofCompleteRequest] 0001535C 53 push ebx 0001535D FF750C push dword ptr [ebp+0Ch] 00015360 E80FB4FFFF call fn_00010774 00015365 68D24F0100 push offset off_00014FD2 0001536A EB7E jmp loc_000153EA 0001536C loc_0001536C: ; Xref 00015336 0001536C 8B4E1C mov ecx,[esi+1Ch] 0001536F 8908 mov [eax],ecx 00015371 8B4DF8 mov ecx,[ebp-8] 00015374 894804 mov [eax+4],ecx 00015377 8B4B60 mov ecx,[ebx+60h] 0001537A 80490301 or byte ptr [ecx+3],1 0001537E 8B7360 mov esi,[ebx+60h] 00015381 8D56DC lea edx,[esi-24h] 00015384 6A07 push 7 00015386 59 pop ecx 00015387 8BFA mov edi,edx 00015389 F3A5 rep movsd 0001538B 80620300 and byte ptr [edx+3],0 0001538F 8B4B60 mov ecx,[ebx+60h] 00015392 83E924 sub ecx,24h 00015395 894120 mov [ecx+20h],eax 00015398 8B45FC mov eax,[ebp-4] 0001539B 53 push ebx 0001539C C7411CBA4C0100 mov dword ptr [ecx+1Ch],offset off_00014CBA 000153A3 C64103E0 mov byte ptr [ecx+3],0E0h 000153A7 FF7008 push dword ptr [eax+8] 000153AA FF15B42E0200 call dword ptr [PoCallDriver] 000153B0 68DA4F0100 push offset off_00014FDA 000153B5 loc_000153B5: ; Xref 0001511A 00015269 00015311 000153B5 E856BD0000 call jmp_DbgPrint 000153BA B803010000 mov eax,103h 000153BF EB30 jmp loc_000153F1 000153C1 loc_000153C1: ; Xref 00015021 0001502A 000153C1 68E24F0100 push offset off_00014FE2 000153C6 E845BD0000 call jmp_DbgPrint 000153CB 59 pop ecx 000153CC 53 push ebx 000153CD FF15B82E0200 call dword ptr [PoStartNextPowerIrp] 000153D3 BE560000C0 mov esi,0C0000056h 000153D8 32D2 xor dl,dl 000153DA 8BCB mov ecx,ebx 000153DC 897318 mov [ebx+18h],esi 000153DF FF15BC2F0200 call dword ptr [IofCompleteRequest] 000153E5 68EA4F0100 push offset off_00014FEA 000153EA loc_000153EA: ; Xref 0001505E 00015225 000152B6 0001536A 000153EA E821BD0000 call jmp_DbgPrint 000153EF 8BC6 mov eax,esi 000153F1 loc_000153F1: ; Xref 000150A0 000153BF 000153F1 59 pop ecx 000153F2 5F pop edi 000153F3 5E pop esi 000153F4 5B pop ebx 000153F5 C9 leave 000153F6 C20800 ret 8 000153F9 CC int 3 000153FA off_000153FA: ; Xref 0001543B 000153FA 5449204D73670A00 db 'TI Msg',00Ah,000h 00015402 off_00015402: ; Xref 0001546E 00015402 5449204D73670A00 db 'TI Msg',00Ah,000h 0001540A off_0001540A: ; Xref 00015486 0001540A 5449204D73670A00 db 'TI Msg',00Ah,000h 00015412 fn_00015412: ; Xref 00016E57 00015412 6A10 push 10h 00015414 6800300200 push offset off_00023000 00015419 E80ABD0000 call fn_00021128 0001541E 33DB xor ebx,ebx 00015420 53 push ebx 00015421 53 push ebx 00015422 53 push ebx 00015423 FF750C push dword ptr [ebp+0Ch] 00015426 FF7508 push dword ptr [ebp+8] 00015429 FF15442F0200 call dword ptr [IoAllocateMdl] 0001542F 8BF0 mov esi,eax 00015431 8975E4 mov [ebp-1Ch],esi 00015434 3BF3 cmp esi,ebx 00015436 744E jz loc_00015486 00015438 895DFC mov [ebp-4],ebx 0001543B 68FA530100 push offset off_000153FA 00015440 E8CBBC0000 call jmp_DbgPrint 00015445 59 pop ecx 00015446 33C0 xor eax,eax 00015448 385D10 cmp [ebp+10h],bl 0001544B 0F94C0 sete al 0001544E 50 push eax 0001544F 53 push ebx 00015450 56 push esi 00015451 FF15402F0200 call dword ptr [MmProbeAndLockPages] 00015457 loc_00015457: ; Xref 00015484 00015457 834DFCFF or dword ptr [ebp-4],0FFFFFFFFh 0001545B EB34 jmp loc_00015491 0001545D off_0001545D: ; Xref 00023004 0001545D 8B45EC mov eax,[ebp-14h] 00015460 8B00 mov eax,[eax] 00015462 8B00 mov eax,[eax] 00015464 8945E0 mov [ebp-20h],eax 00015467 33C0 xor eax,eax 00015469 40 inc eax 0001546A C3 ret 0001546B off_0001546B: ; Xref 00023008 0001546B 8B65E8 mov esp,[ebp-18h] 0001546E 6802540100 push offset off_00015402 00015473 E898BC0000 call jmp_DbgPrint 00015478 59 pop ecx 00015479 FF75E4 push dword ptr [ebp-1Ch] 0001547C FF153C2F0200 call dword ptr [IoFreeMdl] 00015482 33F6 xor esi,esi 00015484 EBD1 jmp loc_00015457 00015486 loc_00015486: ; Xref 00015436 00015486 680A540100 push offset off_0001540A 0001548B E880BC0000 call jmp_DbgPrint 00015490 59 pop ecx 00015491 loc_00015491: ; Xref 0001545B 00015491 8BC6 mov eax,esi 00015493 E8C9BC0000 call fn_00021161 00015498 C20C00 ret 0Ch 0001549B CC int 3 0001549C off_0001549C: ; Xref 000154A4 0001549C 5449204D73670A00 db 'TI Msg',00Ah,000h 000154A4 fn_000154A4: ; Xref 00015836 000159DB 00015A68 00015B28 000154A4 ; 00015F20 000160C5 00016160 00016217 000154A4 ; 00016F8B 000154A4 689C540100 push offset off_0001549C 000154A9 E862BC0000 call jmp_DbgPrint 000154AE 59 pop ecx 000154AF FF742404 push dword ptr [esp+4] 000154B3 FF15482F0200 call dword ptr [MmUnlockPages] 000154B9 FF253C2F0200 jmp dword ptr [IoFreeMdl] 000154BF CC int 3 000154C0 off_000154C0: ; Xref 000155A0 000154C0 5449204D73670A00 db 'TI Msg',00Ah,000h 000154C8 off_000154C8: ; Xref 00015665 000154C8 5449204D73670A00 db 'TI Msg',00Ah,000h 000154D0 off_000154D0: ; Xref 0001566F 000154D0 5449204D73670A00 db 'TI Msg',00Ah,000h 000154D8 off_000154D8: ; Xref 00015734 000154D8 5449204D73670A00 db 'TI Msg',00Ah,000h 000154E0 off_000154E0: ; Xref 0001577F 000154E0 5449204D73670A00 db 'TI Msg',00Ah,000h 000154E8 off_000154E8: ; Xref 00015807 000154E8 5449204D73670A00 db 'TI Msg',00Ah,000h 000154F0 off_000154F0: ; Xref 00015858 000154F0 5449204D73670A00 db 'TI Msg',00Ah,000h 000154F8 off_000154F8: ; Xref 0001587C 000154F8 5449204D73670A00 db 'TI Msg',00Ah,000h 00015500 off_00015500: ; Xref 000158AE 00015500 5449204D73670A00 db 'TI Msg',00Ah,000h 00015508 off_00015508: ; Xref 000158B7 00015508 5449204D73670A00 db 'TI Msg',00Ah,000h 00015510 off_00015510: ; Xref 000158C2 00015510 5449204D73670A00 db 'TI Msg',00Ah,000h 00015518 off_00015518: ; Xref 000158F6 00015518 5449204D73670A00 db 'TI Msg',00Ah,000h 00015520 off_00015520: ; Xref 000159FE 00015520 5449204D73670A00 db 'TI Msg',00Ah,000h 00015528 off_00015528: ; Xref 00015A95 00015528 5449204D73670A00 db 'TI Msg',00Ah,000h 00015530 off_00015530: ; Xref 00015B4A 00015530 5449204D73670A00 db 'TI Msg',00Ah,000h 00015538 off_00015538: ; Xref 00015B64 00015538 5449204D73670A00 db 'TI Msg',00Ah,000h 00015540 off_00015540: ; Xref 00015946 00015C4F 00015540 55 push ebp 00015541 8BEC mov ebp,esp 00015543 83EC34 sub esp,34h 00015546 53 push ebx 00015547 8B5D0C mov ebx,[ebp+0Ch] 0001554A 56 push esi 0001554B 8B7314 mov esi,[ebx+14h] 0001554E 57 push edi 0001554F 33C9 xor ecx,ecx 00015551 51 push ecx 00015552 51 push ecx 00015553 51 push ecx 00015554 8D86A4010000 lea eax,[esi+1A4h] 0001555A 51 push ecx 0001555B 50 push eax 0001555C 8945EC mov [ebp-14h],eax 0001555F FF159C2F0200 call dword ptr [KeWaitForSingleObject] 00015565 8B4310 mov eax,[ebx+10h] 00015568 8B9648020000 mov edx,[esi+248h] 0001556E 8A4B18 mov cl,[ebx+18h] 00015571 8945F8 mov [ebp-8],eax 00015574 8B4308 mov eax,[ebx+8] 00015577 8945E4 mov [ebp-1Ch],eax 0001557A 8B430C mov eax,[ebx+0Ch] 0001557D C1EA09 shr edx,9 00015580 84C9 test cl,cl 00015582 8955F0 mov [ebp-10h],edx 00015585 8A5640 mov dl,[esi+40h] 00015588 8945E8 mov [ebp-18h],eax 0001558B 8B431C mov eax,[ebx+1Ch] 0001558E 8B780C mov edi,[eax+0Ch] 00015591 884DFE mov [ebp-2],cl 00015594 8945E0 mov [ebp-20h],eax 00015597 8855F4 mov [ebp-0Ch],dl 0001559A 0F84CF000000 je loc_0001566F 000155A0 68C0540100 push offset off_000154C0 000155A5 E866BB0000 call jmp_DbgPrint 000155AA 80BE6002000000 cmp byte ptr [esi+260h],0 000155B1 59 pop ecx 000155B2 0F8595000000 jne loc_0001564D 000155B8 8A471E mov al,[edi+1Eh] 000155BB 8845CC mov [ebp-34h],al 000155BE 33C0 xor eax,eax 000155C0 8A671F mov ah,[edi+1Fh] 000155C3 0FB64F21 movzx ecx,byte ptr [edi+21h] 000155C7 8A4720 mov al,[edi+20h] 000155CA C1E008 shl eax,8 000155CD 0BC1 or eax,ecx 000155CF 0FB64F22 movzx ecx,byte ptr [edi+22h] 000155D3 C1E008 shl eax,8 000155D6 0BC1 or eax,ecx 000155D8 8945D0 mov [ebp-30h],eax 000155DB 33C0 xor eax,eax 000155DD 8A6723 mov ah,[edi+23h] 000155E0 0FB64F25 movzx ecx,byte ptr [edi+25h] 000155E4 8A4724 mov al,[edi+24h] 000155E7 C1E008 shl eax,8 000155EA 0BC1 or eax,ecx 000155EC 8945D4 mov [ebp-2Ch],eax 000155EF 8A4726 mov al,[edi+26h] 000155F2 C0E804 shr al,4 000155F5 8845D8 mov [ebp-28h],al 000155F8 8A4726 mov al,[edi+26h] 000155FB 2408 and al,8 000155FD 3C08 cmp al,8 000155FF 0F94C0 sete al 00015602 8845D9 mov [ebp-27h],al 00015605 8A4726 mov al,[edi+26h] 00015608 2404 and al,4 0001560A 3C04 cmp al,4 0001560C 0F94C0 sete al 0001560F 8845DA mov [ebp-26h],al 00015612 8A4726 mov al,[edi+26h] 00015615 2402 and al,2 00015617 3C02 cmp al,2 00015619 0F94C0 sete al 0001561C 8845DB mov [ebp-25h],al 0001561F 8A4726 mov al,[edi+26h] 00015622 2401 and al,1 00015624 FEC8 dec al 00015626 F6D8 neg al 00015628 1AC0 sbb al,al 0001562A FEC0 inc al 0001562C 8845DC mov [ebp-24h],al 0001562F 8D45F0 lea eax,[ebp-10h] 00015632 50 push eax 00015633 FF75E4 push dword ptr [ebp-1Ch] 00015636 8D45CC lea eax,[ebp-34h] 00015639 50 push eax 0001563A 8B45F8 mov eax,[ebp-8] 0001563D FF75F4 push dword ptr [ebp-0Ch] 00015640 8B88B8010000 mov ecx,[eax+1B8h] 00015646 E807260000 call fn_00017C52 0001564B EB18 jmp loc_00015665 0001564D loc_0001564D: ; Xref 000155B2 0001564D 8D45F0 lea eax,[ebp-10h] 00015650 50 push eax 00015651 FF75E4 push dword ptr [ebp-1Ch] 00015654 8B45F8 mov eax,[ebp-8] 00015657 FF75F4 push dword ptr [ebp-0Ch] 0001565A 8B88B8010000 mov ecx,[eax+1B8h] 00015660 E82D260000 call fn_00017C92 00015665 loc_00015665: ; Xref 0001564B 00015665 68C8540100 push offset off_000154C8 0001566A E9CA000000 jmp loc_00015739 0001566F loc_0001566F: ; Xref 0001559A 0001566F 68D0540100 push offset off_000154D0 00015674 E897BA0000 call jmp_DbgPrint 00015679 80BE6002000000 cmp byte ptr [esi+260h],0 00015680 59 pop ecx 00015681 0F8595000000 jne loc_0001571C 00015687 8A471E mov al,[edi+1Eh] 0001568A 8845CC mov [ebp-34h],al 0001568D 33C0 xor eax,eax 0001568F 8A671F mov ah,[edi+1Fh] 00015692 0FB64F21 movzx ecx,byte ptr [edi+21h] 00015696 8A4720 mov al,[edi+20h] 00015699 C1E008 shl eax,8 0001569C 0BC1 or eax,ecx 0001569E 0FB64F22 movzx ecx,byte ptr [edi+22h] 000156A2 C1E008 shl eax,8 000156A5 0BC1 or eax,ecx 000156A7 8945D0 mov [ebp-30h],eax 000156AA 33C0 xor eax,eax 000156AC 8A6723 mov ah,[edi+23h] 000156AF 0FB64F25 movzx ecx,byte ptr [edi+25h] 000156B3 8A4724 mov al,[edi+24h] 000156B6 C1E008 shl eax,8 000156B9 0BC1 or eax,ecx 000156BB 8945D4 mov [ebp-2Ch],eax 000156BE 8A4726 mov al,[edi+26h] 000156C1 C0E804 shr al,4 000156C4 8845D8 mov [ebp-28h],al 000156C7 8A4726 mov al,[edi+26h] 000156CA 2408 and al,8 000156CC 3C08 cmp al,8 000156CE 0F94C0 sete al 000156D1 8845D9 mov [ebp-27h],al 000156D4 8A4726 mov al,[edi+26h] 000156D7 2404 and al,4 000156D9 3C04 cmp al,4 000156DB 0F94C0 sete al 000156DE 8845DA mov [ebp-26h],al 000156E1 8A4726 mov al,[edi+26h] 000156E4 2402 and al,2 000156E6 3C02 cmp al,2 000156E8 0F94C0 sete al 000156EB 8845DB mov [ebp-25h],al 000156EE 8A4726 mov al,[edi+26h] 000156F1 2401 and al,1 000156F3 FEC8 dec al 000156F5 F6D8 neg al 000156F7 1AC0 sbb al,al 000156F9 FEC0 inc al 000156FB 8845DC mov [ebp-24h],al 000156FE 8D45F0 lea eax,[ebp-10h] 00015701 50 push eax 00015702 FF75E4 push dword ptr [ebp-1Ch] 00015705 8D45CC lea eax,[ebp-34h] 00015708 50 push eax 00015709 8B45F8 mov eax,[ebp-8] 0001570C FF75F4 push dword ptr [ebp-0Ch] 0001570F 8B88B8010000 mov ecx,[eax+1B8h] 00015715 E838250000 call fn_00017C52 0001571A EB18 jmp loc_00015734 0001571C loc_0001571C: ; Xref 00015681 0001571C 8D45F0 lea eax,[ebp-10h] 0001571F 50 push eax 00015720 FF75E4 push dword ptr [ebp-1Ch] 00015723 8B45F8 mov eax,[ebp-8] 00015726 FF75F4 push dword ptr [ebp-0Ch] 00015729 8B88B8010000 mov ecx,[eax+1B8h] 0001572F E85E250000 call fn_00017C92 00015734 loc_00015734: ; Xref 0001571A 00015734 68D8540100 push offset off_000154D8 00015739 loc_00015739: ; Xref 0001566A 00015739 8845FF mov [ebp-1],al 0001573C E8CFB90000 call jmp_DbgPrint 00015741 807DFE00 cmp byte ptr [ebp-2],0 00015745 0FB645F4 movzx eax,byte ptr [ebp-0Ch] 00015749 59 pop ecx 0001574A 8B4DF8 mov ecx,[ebp-8] 0001574D 0F9445E8 sete byte ptr [ebp-18h] 00015751 FF75E8 push dword ptr [ebp-18h] 00015754 8D848190010000 lea eax,[ecx+eax*4+190h] 0001575B FFB648020000 push dword ptr [esi+248h] 00015761 8945F4 mov [ebp-0Ch],eax 00015764 FFB658020000 push dword ptr [esi+258h] 0001576A 8B00 mov eax,[eax] 0001576C FFB65C020000 push dword ptr [esi+25Ch] 00015772 8B4804 mov ecx,[eax+4] 00015775 FFB680020000 push dword ptr [esi+280h] 0001577B 50 push eax 0001577C FF5114 call dword ptr [ecx+14h] 0001577F 68E0540100 push offset off_000154E0 00015784 E887B90000 call jmp_DbgPrint 00015789 807DFF00 cmp byte ptr [ebp-1],0 0001578D 59 pop ecx 0001578E 0F84D6000000 je loc_0001586A 00015794 6A00 push 0 00015796 FF75EC push dword ptr [ebp-14h] 00015799 FF15FC2E0200 call dword ptr [KeReleaseMutex] 0001579F 8B4718 mov eax,[edi+18h] 000157A2 03C7 add eax,edi 000157A4 807DFFC1 cmp byte ptr [ebp-1],0C1h 000157A8 C6470202 mov byte ptr [edi+2],2 000157AC 8A4802 mov cl,[eax+2] 000157AF 7508 jnz loc_000157B9 000157B1 80E1F7 and cl,0F7h 000157B4 80C907 or cl,7 000157B7 EB14 jmp loc_000157CD 000157B9 loc_000157B9: ; Xref 000157AF 000157B9 807DFF82 cmp byte ptr [ebp-1],82h 000157BD 7508 jnz loc_000157C7 000157BF 80E1F5 and cl,0F5h 000157C2 80C905 or cl,5 000157C5 EB06 jmp loc_000157CD 000157C7 loc_000157C7: ; Xref 000157BD 000157C7 80E1F4 and cl,0F4h 000157CA 80C904 or cl,4 000157CD loc_000157CD: ; Xref 000157B7 000157C5 000157CD 884802 mov [eax+2],cl 000157D0 83670C00 and dword ptr [edi+0Ch],0 000157D4 80A66002000000 and byte ptr [esi+260h],0 000157DB B102 mov cl,2 000157DD FF15842E0200 call dword ptr [KfRaiseIrql] 000157E3 FFB654020000 push dword ptr [esi+254h] 000157E9 88450F mov [ebp+0Fh],al 000157EC 8B45F4 mov eax,[ebp-0Ch] 000157EF 8B00 mov eax,[eax] 000157F1 FFB65C020000 push dword ptr [esi+25Ch] 000157F7 8B4804 mov ecx,[eax+4] 000157FA 50 push eax 000157FB FF511C call dword ptr [ecx+1Ch] 000157FE 8A4D0F mov cl,[ebp+0Fh] 00015801 FF15902E0200 call dword ptr [KfLowerIrql] 00015807 68E8540100 push offset off_000154E8 0001580C E8FFB80000 call jmp_DbgPrint 00015811 8B8680020000 mov eax,[esi+280h] 00015817 33FF xor edi,edi 00015819 3BC7 cmp eax,edi 0001581B 59 pop ecx 0001581C 742B jz loc_00015849 0001581E 8D8E84020000 lea ecx,[esi+284h] 00015824 803900 cmp byte ptr [ecx],0 00015827 7420 jz loc_00015849 00015829 802100 and byte ptr [ecx],0 0001582C 80BE7D02000000 cmp byte ptr [esi+27Dh],0 00015833 50 push eax 00015834 7407 jz loc_0001583D 00015836 E869FCFFFF call fn_000154A4 0001583B EB06 jmp loc_00015843 0001583D loc_0001583D: ; Xref 00015834 0001583D FF153C2F0200 call dword ptr [IoFreeMdl] 00015843 loc_00015843: ; Xref 0001583B 00015843 89BE80020000 mov [esi+280h],edi 00015849 loc_00015849: ; Xref 0001581C 00015827 00015849 FF33 push dword ptr [ebx] 0001584B E8D2B80000 call jmp_IoFreeWorkItem 00015850 57 push edi 00015851 53 push ebx 00015852 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00015858 68F0540100 push offset off_000154F0 0001585D loc_0001585D: ; Xref 00015A03 0001585D E8AEB80000 call jmp_DbgPrint 00015862 59 pop ecx 00015863 57 push edi 00015864 57 push edi 00015865 E942020000 jmp loc_00015AAC 0001586A loc_0001586A: ; Xref 0001578E 0001586A 8B8648020000 mov eax,[esi+248h] 00015870 298650020000 sub [esi+250h],eax 00015876 01864C020000 add [esi+24Ch],eax 0001587C 68F8540100 push offset off_000154F8 00015881 E88AB80000 call jmp_DbgPrint 00015886 8B8650020000 mov eax,[esi+250h] 0001588C 85C0 test eax,eax 0001588E 59 pop ecx 0001588F 0F8429020000 je loc_00015ABE 00015895 8D9E48020000 lea ebx,[esi+248h] 0001589B 8B0B mov ecx,[ebx] 0001589D 018E58020000 add [esi+258h],ecx 000158A3 B900600000 mov ecx,6000h 000158A8 3BC1 cmp eax,ecx 000158AA 7609 jbe loc_000158B5 000158AC 890B mov [ebx],ecx 000158AE 6800550100 push offset off_00015500 000158B3 EB07 jmp loc_000158BC 000158B5 loc_000158B5: ; Xref 000158AA 000158B5 8903 mov [ebx],eax 000158B7 6808550100 push offset off_00015508 000158BC loc_000158BC: ; Xref 000158B3 000158BC E84FB80000 call jmp_DbgPrint 000158C1 59 pop ecx 000158C2 6810550100 push offset off_00015510 000158C7 C6866002000001 mov byte ptr [esi+260h],1 000158CE E83DB80000 call jmp_DbgPrint 000158D3 8B45F4 mov eax,[ebp-0Ch] 000158D6 8B00 mov eax,[eax] 000158D8 59 pop ecx 000158D9 FF75E8 push dword ptr [ebp-18h] 000158DC 8B4804 mov ecx,[eax+4] 000158DF 53 push ebx 000158E0 FFB658020000 push dword ptr [esi+258h] 000158E6 FFB65C020000 push dword ptr [esi+25Ch] 000158EC FFB680020000 push dword ptr [esi+280h] 000158F2 50 push eax 000158F3 FF5120 call dword ptr [ecx+20h] 000158F6 6818550100 push offset off_00015518 000158FB 8945E4 mov [ebp-1Ch],eax 000158FE 8955E8 mov [ebp-18h],edx 00015901 E80AB80000 call jmp_DbgPrint 00015906 59 pop ecx 00015907 6A20 push 20h 00015909 E8C2E9FFFF call fn_000142D0 0001590E 8BD8 mov ebx,eax 00015910 85DB test ebx,ebx 00015912 0F84F0000000 je loc_00015A08 00015918 8B45F8 mov eax,[ebp-8] 0001591B FF30 push dword ptr [eax] 0001591D E8FAB70000 call jmp_IoAllocateWorkItem 00015922 85C0 test eax,eax 00015924 8903 mov [ebx],eax 00015926 7439 jz loc_00015961 00015928 8B4DE4 mov ecx,[ebp-1Ch] 0001592B 894B08 mov [ebx+8],ecx 0001592E 8B4DE8 mov ecx,[ebp-18h] 00015931 894B0C mov [ebx+0Ch],ecx 00015934 8B4DF8 mov ecx,[ebp-8] 00015937 53 push ebx 00015938 894B10 mov [ebx+10h],ecx 0001593B 8A4DFE mov cl,[ebp-2] 0001593E 6A00 push 0 00015940 884B18 mov [ebx+18h],cl 00015943 8B4DE0 mov ecx,[ebp-20h] 00015946 6840550100 push offset off_00015540 0001594B 50 push eax 0001594C 897314 mov [ebx+14h],esi 0001594F 894B1C mov [ebx+1Ch],ecx 00015952 E8BFB70000 call jmp_IoQueueWorkItem 00015957 8B5D0C mov ebx,[ebp+0Ch] 0001595A 33FF xor edi,edi 0001595C E9F4010000 jmp loc_00015B55 00015961 loc_00015961: ; Xref 00015926 00015961 6A00 push 0 00015963 FF75EC push dword ptr [ebp-14h] 00015966 FF15FC2E0200 call dword ptr [KeReleaseMutex] 0001596C 8B4718 mov eax,[edi+18h] 0001596F 03C7 add eax,edi 00015971 C6470202 mov byte ptr [edi+2],2 00015975 8A4802 mov cl,[eax+2] 00015978 33FF xor edi,edi 0001597A 80E1F5 and cl,0F5h 0001597D 57 push edi 0001597E 80C905 or cl,5 00015981 53 push ebx 00015982 8B1DF02E0200 mov ebx,[ExFreePoolWithTag] 00015988 884802 mov [eax+2],cl 0001598B FFD3 call ebx 0001598D B102 mov cl,2 0001598F FF15842E0200 call dword ptr [KfRaiseIrql] 00015995 FFB654020000 push dword ptr [esi+254h] 0001599B 8845FE mov [ebp-2],al 0001599E 8B45F4 mov eax,[ebp-0Ch] 000159A1 8B00 mov eax,[eax] 000159A3 FFB65C020000 push dword ptr [esi+25Ch] 000159A9 8B4804 mov ecx,[eax+4] 000159AC 50 push eax 000159AD FF511C call dword ptr [ecx+1Ch] 000159B0 8A4DFE mov cl,[ebp-2] 000159B3 FF15902E0200 call dword ptr [KfLowerIrql] 000159B9 8B8680020000 mov eax,[esi+280h] 000159BF 3BC7 cmp eax,edi 000159C1 742B jz loc_000159EE 000159C3 8D8E84020000 lea ecx,[esi+284h] 000159C9 803900 cmp byte ptr [ecx],0 000159CC 7420 jz loc_000159EE 000159CE 802100 and byte ptr [ecx],0 000159D1 80BE7D02000000 cmp byte ptr [esi+27Dh],0 000159D8 50 push eax 000159D9 7407 jz loc_000159E2 000159DB E8C4FAFFFF call fn_000154A4 000159E0 EB06 jmp loc_000159E8 000159E2 loc_000159E2: ; Xref 000159D9 000159E2 FF153C2F0200 call dword ptr [IoFreeMdl] 000159E8 loc_000159E8: ; Xref 000159E0 000159E8 89BE80020000 mov [esi+280h],edi 000159EE loc_000159EE: ; Xref 000159C1 000159CC 000159EE 8B450C mov eax,[ebp+0Ch] 000159F1 FF30 push dword ptr [eax] 000159F3 E82AB70000 call jmp_IoFreeWorkItem 000159F8 57 push edi 000159F9 FF750C push dword ptr [ebp+0Ch] 000159FC FFD3 call ebx 000159FE 6820550100 push offset off_00015520 00015A03 E955FEFFFF jmp loc_0001585D 00015A08 loc_00015A08: ; Xref 00015912 00015A08 8B4718 mov eax,[edi+18h] 00015A0B 03C7 add eax,edi 00015A0D C6470202 mov byte ptr [edi+2],2 00015A11 8A4802 mov cl,[eax+2] 00015A14 80E1F5 and cl,0F5h 00015A17 80C905 or cl,5 00015A1A 884802 mov [eax+2],cl 00015A1D B102 mov cl,2 00015A1F FF15842E0200 call dword ptr [KfRaiseIrql] 00015A25 FFB654020000 push dword ptr [esi+254h] 00015A2B 8AD8 mov bl,al 00015A2D 8B45F4 mov eax,[ebp-0Ch] 00015A30 8B00 mov eax,[eax] 00015A32 FFB65C020000 push dword ptr [esi+25Ch] 00015A38 8B4804 mov ecx,[eax+4] 00015A3B 50 push eax 00015A3C FF511C call dword ptr [ecx+1Ch] 00015A3F 8ACB mov cl,bl 00015A41 FF15902E0200 call dword ptr [KfLowerIrql] 00015A47 8B8680020000 mov eax,[esi+280h] 00015A4D 33DB xor ebx,ebx 00015A4F 3BC3 cmp eax,ebx 00015A51 7428 jz loc_00015A7B 00015A53 8D8E84020000 lea ecx,[esi+284h] 00015A59 3819 cmp [ecx],bl 00015A5B 741E jz loc_00015A7B 00015A5D 2019 and [ecx],bl 00015A5F 389E7D020000 cmp [esi+27Dh],bl 00015A65 50 push eax 00015A66 7407 jz loc_00015A6F 00015A68 E837FAFFFF call fn_000154A4 00015A6D EB06 jmp loc_00015A75 00015A6F loc_00015A6F: ; Xref 00015A66 00015A6F FF153C2F0200 call dword ptr [IoFreeMdl] 00015A75 loc_00015A75: ; Xref 00015A6D 00015A75 899E80020000 mov [esi+280h],ebx 00015A7B loc_00015A7B: ; Xref 00015A51 00015A5B 00015A7B 8B3DF02E0200 mov edi,[ExFreePoolWithTag] 00015A81 53 push ebx 00015A82 53 push ebx 00015A83 FFD7 call edi 00015A85 8B450C mov eax,[ebp+0Ch] 00015A88 FF30 push dword ptr [eax] 00015A8A E893B60000 call jmp_IoFreeWorkItem 00015A8F 53 push ebx 00015A90 FF750C push dword ptr [ebp+0Ch] 00015A93 FFD7 call edi 00015A95 6828550100 push offset off_00015528 00015A9A E871B60000 call jmp_DbgPrint 00015A9F 59 pop ecx 00015AA0 53 push ebx 00015AA1 FF75EC push dword ptr [ebp-14h] 00015AA4 FF15FC2E0200 call dword ptr [KeReleaseMutex] 00015AAA 53 push ebx 00015AAB 53 push ebx 00015AAC loc_00015AAC: ; Xref 00015865 00015AAC 81C66C020000 add esi,26Ch 00015AB2 56 push esi 00015AB3 FF15A02F0200 call dword ptr [KeSetEvent] 00015AB9 E9BB000000 jmp loc_00015B79 00015ABE loc_00015ABE: ; Xref 0001588F 00015ABE 8B864C020000 mov eax,[esi+24Ch] 00015AC4 B102 mov cl,2 00015AC6 8945E0 mov [ebp-20h],eax 00015AC9 FF15842E0200 call dword ptr [KfRaiseIrql] 00015ACF FFB654020000 push dword ptr [esi+254h] 00015AD5 88450F mov [ebp+0Fh],al 00015AD8 8B45F4 mov eax,[ebp-0Ch] 00015ADB 8B00 mov eax,[eax] 00015ADD FFB65C020000 push dword ptr [esi+25Ch] 00015AE3 8B4804 mov ecx,[eax+4] 00015AE6 50 push eax 00015AE7 FF511C call dword ptr [ecx+1Ch] 00015AEA 8A4D0F mov cl,[ebp+0Fh] 00015AED FF15902E0200 call dword ptr [KfLowerIrql] 00015AF3 80A66002000000 and byte ptr [esi+260h],0 00015AFA 8B45E0 mov eax,[ebp-20h] 00015AFD 80670200 and byte ptr [edi+2],0 00015B01 89470C mov [edi+0Ch],eax 00015B04 8B8680020000 mov eax,[esi+280h] 00015B0A 33FF xor edi,edi 00015B0C 3BC7 cmp eax,edi 00015B0E 742B jz loc_00015B3B 00015B10 8D8E84020000 lea ecx,[esi+284h] 00015B16 803900 cmp byte ptr [ecx],0 00015B19 7420 jz loc_00015B3B 00015B1B 802100 and byte ptr [ecx],0 00015B1E 80BE7D02000000 cmp byte ptr [esi+27Dh],0 00015B25 50 push eax 00015B26 7407 jz loc_00015B2F 00015B28 E877F9FFFF call fn_000154A4 00015B2D EB06 jmp loc_00015B35 00015B2F loc_00015B2F: ; Xref 00015B26 00015B2F FF153C2F0200 call dword ptr [IoFreeMdl] 00015B35 loc_00015B35: ; Xref 00015B2D 00015B35 89BE80020000 mov [esi+280h],edi 00015B3B loc_00015B3B: ; Xref 00015B0E 00015B19 00015B3B 57 push edi 00015B3C 57 push edi 00015B3D 81C66C020000 add esi,26Ch 00015B43 56 push esi 00015B44 FF15A02F0200 call dword ptr [KeSetEvent] 00015B4A 6830550100 push offset off_00015530 00015B4F E8BCB50000 call jmp_DbgPrint 00015B54 59 pop ecx 00015B55 loc_00015B55: ; Xref 0001595C 00015B55 FF33 push dword ptr [ebx] 00015B57 E8C6B50000 call jmp_IoFreeWorkItem 00015B5C 57 push edi 00015B5D 53 push ebx 00015B5E FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00015B64 6838550100 push offset off_00015538 00015B69 E8A2B50000 call jmp_DbgPrint 00015B6E 59 pop ecx 00015B6F 57 push edi 00015B70 FF75EC push dword ptr [ebp-14h] 00015B73 FF15FC2E0200 call dword ptr [KeReleaseMutex] 00015B79 loc_00015B79: ; Xref 00015AB9 00015B79 5F pop edi 00015B7A 5E pop esi 00015B7B 5B pop ebx 00015B7C C9 leave 00015B7D C20800 ret 8 00015B80 off_00015B80: ; Xref 00015C0B 00015B80 5449204D73670A00 db 'TI Msg',00Ah,000h 00015B88 off_00015B88: ; Xref 00015C6E 00015B88 5449204D73670A00 db 'TI Msg',00Ah,000h 00015B90 off_00015B90: ; Xref 00015C75 00015B90 5449204D73670A00 db 'TI Msg',00Ah,000h 00015B98 off_00015B98: ; Xref 00015C80 00015B98 5449204D73670A00 db 'TI Msg',00Ah,000h 00015BA0 off_00015BA0: ; Xref 00016A5C 00016F1F 00015BA0 55 push ebp 00015BA1 8BEC mov ebp,esp 00015BA3 83EC10 sub esp,10h 00015BA6 8B4508 mov eax,[ebp+8] 00015BA9 53 push ebx 00015BAA 8B5828 mov ebx,[eax+28h] 00015BAD 56 push esi 00015BAE 8D8B38010000 lea ecx,[ebx+138h] 00015BB4 57 push edi 00015BB5 894DF8 mov [ebp-8],ecx 00015BB8 FF15B42F0200 call dword ptr [KefAcquireSpinLockAtDpcLevel] 00015BBE 8B7514 mov esi,[ebp+14h] 00015BC1 80BE6802000000 cmp byte ptr [esi+268h],0 00015BC8 8B8664020000 mov eax,[esi+264h] 00015BCE 8B7D10 mov edi,[ebp+10h] 00015BD1 0F954517 setne byte ptr [ebp+17h] 00015BD5 807D1700 cmp byte ptr [ebp+17h],0 00015BD9 8945FC mov [ebp-4],eax 00015BDC 8B4640 mov eax,[esi+40h] 00015BDF 0F94C2 sete dl 00015BE2 89BE5C020000 mov [esi+25Ch],edi 00015BE8 8B848390010000 mov eax,[ebx+eax*4+190h] 00015BEF 8B4804 mov ecx,[eax+4] 00015BF2 52 push edx 00015BF3 8D9648020000 lea edx,[esi+248h] 00015BF9 52 push edx 00015BFA FFB658020000 push dword ptr [esi+258h] 00015C00 57 push edi 00015C01 FFB680020000 push dword ptr [esi+280h] 00015C07 50 push eax 00015C08 FF5120 call dword ptr [ecx+20h] 00015C0B 68805B0100 push offset off_00015B80 00015C10 8945F0 mov [ebp-10h],eax 00015C13 8955F4 mov [ebp-0Ch],edx 00015C16 E8F5B40000 call jmp_DbgPrint 00015C1B 59 pop ecx 00015C1C 6A20 push 20h 00015C1E E8ADE6FFFF call fn_000142D0 00015C23 8BF8 mov edi,eax 00015C25 85FF test edi,edi 00015C27 744C jz loc_00015C75 00015C29 FF7508 push dword ptr [ebp+8] 00015C2C E8EBB40000 call jmp_IoAllocateWorkItem 00015C31 85C0 test eax,eax 00015C33 8907 mov [edi],eax 00015C35 742E jz loc_00015C65 00015C37 8B4DF0 mov ecx,[ebp-10h] 00015C3A 894F08 mov [edi+8],ecx 00015C3D 8B4DF4 mov ecx,[ebp-0Ch] 00015C40 57 push edi 00015C41 894F0C mov [edi+0Ch],ecx 00015C44 8A4D17 mov cl,[ebp+17h] 00015C47 6A00 push 0 00015C49 884F18 mov [edi+18h],cl 00015C4C 8B4DFC mov ecx,[ebp-4] 00015C4F 6840550100 push offset off_00015540 00015C54 50 push eax 00015C55 895F10 mov [edi+10h],ebx 00015C58 897714 mov [edi+14h],esi 00015C5B 894F1C mov [edi+1Ch],ecx 00015C5E E8B3B40000 call jmp_IoQueueWorkItem 00015C63 EB1B jmp loc_00015C80 00015C65 loc_00015C65: ; Xref 00015C35 00015C65 6A00 push 0 00015C67 57 push edi 00015C68 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00015C6E 68885B0100 push offset off_00015B88 00015C73 EB05 jmp loc_00015C7A 00015C75 loc_00015C75: ; Xref 00015C27 00015C75 68905B0100 push offset off_00015B90 00015C7A loc_00015C7A: ; Xref 00015C73 00015C7A E891B40000 call jmp_DbgPrint 00015C7F 59 pop ecx 00015C80 loc_00015C80: ; Xref 00015C63 00015C80 68985B0100 push offset off_00015B98 00015C85 E886B40000 call jmp_DbgPrint 00015C8A 59 pop ecx 00015C8B 8B4DF8 mov ecx,[ebp-8] 00015C8E FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00015C94 6A03 push 3 00015C96 58 pop eax 00015C97 5F pop edi 00015C98 5E pop esi 00015C99 5B pop ebx 00015C9A C9 leave 00015C9B C21000 ret 10h 00015C9E off_00015C9E: ; Xref 00015D7A 00015C9E 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CA6 off_00015CA6: ; Xref 00015DC9 00015CA6 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CAE off_00015CAE: ; Xref 00015DD0 00015CAE 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CB6 off_00015CB6: ; Xref 00015E1F 00015CB6 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CBE off_00015CBE: ; Xref 00015E69 00015CBE 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CC6 off_00015CC6: ; Xref 00015EF1 00015CC6 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CCE off_00015CCE: ; Xref 00015F42 00015CCE 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CD6 off_00015CD6: ; Xref 00015F66 00015CD6 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CDE off_00015CDE: ; Xref 00015F98 00015CDE 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CE6 off_00015CE6: ; Xref 00015FA1 00015CE6 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CEE off_00015CEE: ; Xref 00015FAC 00015CEE 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CF6 off_00015CF6: ; Xref 00015FE0 00015CF6 5449204D73670A00 db 'TI Msg',00Ah,000h 00015CFE off_00015CFE: ; Xref 000160E8 00015CFE 5449204D73670A00 db 'TI Msg',00Ah,000h 00015D06 off_00015D06: ; Xref 0001618C 00015D06 5449204D73670A00 db 'TI Msg',00Ah,000h 00015D0E off_00015D0E: ; Xref 00016239 00015D0E 5449204D73670A00 db 'TI Msg',00Ah,000h 00015D16 off_00015D16: ; Xref 00016253 00015D16 5449204D73670A00 db 'TI Msg',00Ah,000h 00015D1E off_00015D1E: ; Xref 00016030 0001633F 00015D1E 55 push ebp 00015D1F 8BEC mov ebp,esp 00015D21 83EC20 sub esp,20h 00015D24 53 push ebx 00015D25 8B5D0C mov ebx,[ebp+0Ch] 00015D28 56 push esi 00015D29 8B7314 mov esi,[ebx+14h] 00015D2C 57 push edi 00015D2D 33C9 xor ecx,ecx 00015D2F 51 push ecx 00015D30 51 push ecx 00015D31 51 push ecx 00015D32 8D86A4010000 lea eax,[esi+1A4h] 00015D38 51 push ecx 00015D39 50 push eax 00015D3A 8945EC mov [ebp-14h],eax 00015D3D FF159C2F0200 call dword ptr [KeWaitForSingleObject] 00015D43 8B4310 mov eax,[ebx+10h] 00015D46 8B9648020000 mov edx,[esi+248h] 00015D4C 8A4B18 mov cl,[ebx+18h] 00015D4F 8945F8 mov [ebp-8],eax 00015D52 8B4308 mov eax,[ebx+8] 00015D55 8945E4 mov [ebp-1Ch],eax 00015D58 8B430C mov eax,[ebx+0Ch] 00015D5B C1EA09 shr edx,9 00015D5E 84C9 test cl,cl 00015D60 8955F0 mov [ebp-10h],edx 00015D63 8B5640 mov edx,[esi+40h] 00015D66 8945E8 mov [ebp-18h],eax 00015D69 8B431C mov eax,[ebx+1Ch] 00015D6C 8B780C mov edi,[eax+0Ch] 00015D6F 884DFE mov [ebp-2],cl 00015D72 8945E0 mov [ebp-20h],eax 00015D75 8955F4 mov [ebp-0Ch],edx 00015D78 7456 jz loc_00015DD0 00015D7A 689E5C0100 push offset off_00015C9E 00015D7F E88CB30000 call jmp_DbgPrint 00015D84 80BE6002000000 cmp byte ptr [esi+260h],0 00015D8B 59 pop ecx 00015D8C 8D45F0 lea eax,[ebp-10h] 00015D8F 50 push eax 00015D90 FF75E4 push dword ptr [ebp-1Ch] 00015D93 7523 jnz loc_00015DB8 00015D95 33C0 xor eax,eax 00015D97 668B868C020000 mov ax,[esi+28Ch] 00015D9E 50 push eax 00015D9F FFB688020000 push dword ptr [esi+288h] 00015DA5 8B45F8 mov eax,[ebp-8] 00015DA8 FF75F4 push dword ptr [ebp-0Ch] 00015DAB 8B88B8010000 mov ecx,[eax+1B8h] 00015DB1 E8441C0000 call fn_000179FA 00015DB6 EB11 jmp loc_00015DC9 00015DB8 loc_00015DB8: ; Xref 00015D93 00015DB8 8B45F8 mov eax,[ebp-8] 00015DBB FF75F4 push dword ptr [ebp-0Ch] 00015DBE 8B88B8010000 mov ecx,[eax+1B8h] 00015DC4 E8BF1C0000 call fn_00017A88 00015DC9 loc_00015DC9: ; Xref 00015DB6 00015DC9 68A65C0100 push offset off_00015CA6 00015DCE EB54 jmp loc_00015E24 00015DD0 loc_00015DD0: ; Xref 00015D78 00015DD0 68AE5C0100 push offset off_00015CAE 00015DD5 E836B30000 call jmp_DbgPrint 00015DDA 80BE6002000000 cmp byte ptr [esi+260h],0 00015DE1 59 pop ecx 00015DE2 8D45F0 lea eax,[ebp-10h] 00015DE5 50 push eax 00015DE6 FF75E4 push dword ptr [ebp-1Ch] 00015DE9 7523 jnz loc_00015E0E 00015DEB 33C0 xor eax,eax 00015DED 668B868C020000 mov ax,[esi+28Ch] 00015DF4 50 push eax 00015DF5 FFB688020000 push dword ptr [esi+288h] 00015DFB 8B45F8 mov eax,[ebp-8] 00015DFE FF75F4 push dword ptr [ebp-0Ch] 00015E01 8B88B8010000 mov ecx,[eax+1B8h] 00015E07 E8041D0000 call fn_00017B10 00015E0C EB11 jmp loc_00015E1F 00015E0E loc_00015E0E: ; Xref 00015DE9 00015E0E 8B45F8 mov eax,[ebp-8] 00015E11 FF75F4 push dword ptr [ebp-0Ch] 00015E14 8B88B8010000 mov ecx,[eax+1B8h] 00015E1A E87F1D0000 call fn_00017B9E 00015E1F loc_00015E1F: ; Xref 00015E0C 00015E1F 68B65C0100 push offset off_00015CB6 00015E24 loc_00015E24: ; Xref 00015DCE 00015E24 8845FF mov [ebp-1],al 00015E27 E8E4B20000 call jmp_DbgPrint 00015E2C 807DFE00 cmp byte ptr [ebp-2],0 00015E30 8B45F8 mov eax,[ebp-8] 00015E33 59 pop ecx 00015E34 8B4DF4 mov ecx,[ebp-0Ch] 00015E37 0F9445E8 sete byte ptr [ebp-18h] 00015E3B FF75E8 push dword ptr [ebp-18h] 00015E3E 8D848890010000 lea eax,[eax+ecx*4+190h] 00015E45 FFB648020000 push dword ptr [esi+248h] 00015E4B 8945F4 mov [ebp-0Ch],eax 00015E4E FFB658020000 push dword ptr [esi+258h] 00015E54 8B00 mov eax,[eax] 00015E56 FFB65C020000 push dword ptr [esi+25Ch] 00015E5C 8B4804 mov ecx,[eax+4] 00015E5F FFB680020000 push dword ptr [esi+280h] 00015E65 50 push eax 00015E66 FF5114 call dword ptr [ecx+14h] 00015E69 68BE5C0100 push offset off_00015CBE 00015E6E E89DB20000 call jmp_DbgPrint 00015E73 807DFF00 cmp byte ptr [ebp-1],0 00015E77 59 pop ecx 00015E78 0F84D6000000 je loc_00015F54 00015E7E 6A00 push 0 00015E80 FF75EC push dword ptr [ebp-14h] 00015E83 FF15FC2E0200 call dword ptr [KeReleaseMutex] 00015E89 8B4718 mov eax,[edi+18h] 00015E8C 03C7 add eax,edi 00015E8E 807DFFC1 cmp byte ptr [ebp-1],0C1h 00015E92 C6470202 mov byte ptr [edi+2],2 00015E96 8A4802 mov cl,[eax+2] 00015E99 7508 jnz loc_00015EA3 00015E9B 80E1F7 and cl,0F7h 00015E9E 80C907 or cl,7 00015EA1 EB14 jmp loc_00015EB7 00015EA3 loc_00015EA3: ; Xref 00015E99 00015EA3 807DFF82 cmp byte ptr [ebp-1],82h 00015EA7 7508 jnz loc_00015EB1 00015EA9 80E1F5 and cl,0F5h 00015EAC 80C905 or cl,5 00015EAF EB06 jmp loc_00015EB7 00015EB1 loc_00015EB1: ; Xref 00015EA7 00015EB1 80E1F4 and cl,0F4h 00015EB4 80C904 or cl,4 00015EB7 loc_00015EB7: ; Xref 00015EA1 00015EAF 00015EB7 884802 mov [eax+2],cl 00015EBA 83670C00 and dword ptr [edi+0Ch],0 00015EBE 80A66002000000 and byte ptr [esi+260h],0 00015EC5 B102 mov cl,2 00015EC7 FF15842E0200 call dword ptr [KfRaiseIrql] 00015ECD FFB654020000 push dword ptr [esi+254h] 00015ED3 88450F mov [ebp+0Fh],al 00015ED6 8B45F4 mov eax,[ebp-0Ch] 00015ED9 8B00 mov eax,[eax] 00015EDB FFB65C020000 push dword ptr [esi+25Ch] 00015EE1 8B4804 mov ecx,[eax+4] 00015EE4 50 push eax 00015EE5 FF511C call dword ptr [ecx+1Ch] 00015EE8 8A4D0F mov cl,[ebp+0Fh] 00015EEB FF15902E0200 call dword ptr [KfLowerIrql] 00015EF1 68C65C0100 push offset off_00015CC6 00015EF6 E815B20000 call jmp_DbgPrint 00015EFB 8B8680020000 mov eax,[esi+280h] 00015F01 33FF xor edi,edi 00015F03 3BC7 cmp eax,edi 00015F05 59 pop ecx 00015F06 742B jz loc_00015F33 00015F08 8D8E84020000 lea ecx,[esi+284h] 00015F0E 803900 cmp byte ptr [ecx],0 00015F11 7420 jz loc_00015F33 00015F13 802100 and byte ptr [ecx],0 00015F16 80BE7D02000000 cmp byte ptr [esi+27Dh],0 00015F1D 50 push eax 00015F1E 7407 jz loc_00015F27 00015F20 E87FF5FFFF call fn_000154A4 00015F25 EB06 jmp loc_00015F2D 00015F27 loc_00015F27: ; Xref 00015F1E 00015F27 FF153C2F0200 call dword ptr [IoFreeMdl] 00015F2D loc_00015F2D: ; Xref 00015F25 00015F2D 89BE80020000 mov [esi+280h],edi 00015F33 loc_00015F33: ; Xref 00015F06 00015F11 00015F33 FF33 push dword ptr [ebx] 00015F35 E8E8B10000 call jmp_IoFreeWorkItem 00015F3A 57 push edi 00015F3B 53 push ebx 00015F3C FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00015F42 68CE5C0100 push offset off_00015CCE 00015F47 loc_00015F47: ; Xref 000160ED 00015F47 E8C4B10000 call jmp_DbgPrint 00015F4C 59 pop ecx 00015F4D 57 push edi 00015F4E 57 push edi 00015F4F E947020000 jmp loc_0001619B 00015F54 loc_00015F54: ; Xref 00015E78 00015F54 8B8648020000 mov eax,[esi+248h] 00015F5A 298650020000 sub [esi+250h],eax 00015F60 01864C020000 add [esi+24Ch],eax 00015F66 68D65C0100 push offset off_00015CD6 00015F6B E8A0B10000 call jmp_DbgPrint 00015F70 8B8650020000 mov eax,[esi+250h] 00015F76 85C0 test eax,eax 00015F78 59 pop ecx 00015F79 0F842E020000 je loc_000161AD 00015F7F 8D9E48020000 lea ebx,[esi+248h] 00015F85 8B0B mov ecx,[ebx] 00015F87 018E58020000 add [esi+258h],ecx 00015F8D B900600000 mov ecx,6000h 00015F92 3BC1 cmp eax,ecx 00015F94 7609 jbe loc_00015F9F 00015F96 890B mov [ebx],ecx 00015F98 68DE5C0100 push offset off_00015CDE 00015F9D EB07 jmp loc_00015FA6 00015F9F loc_00015F9F: ; Xref 00015F94 00015F9F 8903 mov [ebx],eax 00015FA1 68E65C0100 push offset off_00015CE6 00015FA6 loc_00015FA6: ; Xref 00015F9D 00015FA6 E865B10000 call jmp_DbgPrint 00015FAB 59 pop ecx 00015FAC 68EE5C0100 push offset off_00015CEE 00015FB1 C6866002000001 mov byte ptr [esi+260h],1 00015FB8 E853B10000 call jmp_DbgPrint 00015FBD 8B45F4 mov eax,[ebp-0Ch] 00015FC0 8B00 mov eax,[eax] 00015FC2 59 pop ecx 00015FC3 FF75E8 push dword ptr [ebp-18h] 00015FC6 8B4804 mov ecx,[eax+4] 00015FC9 53 push ebx 00015FCA FFB658020000 push dword ptr [esi+258h] 00015FD0 FFB65C020000 push dword ptr [esi+25Ch] 00015FD6 FFB680020000 push dword ptr [esi+280h] 00015FDC 50 push eax 00015FDD FF5120 call dword ptr [ecx+20h] 00015FE0 68F65C0100 push offset off_00015CF6 00015FE5 8945E4 mov [ebp-1Ch],eax 00015FE8 8955E8 mov [ebp-18h],edx 00015FEB E820B10000 call jmp_DbgPrint 00015FF0 59 pop ecx 00015FF1 6A20 push 20h 00015FF3 E8D8E2FFFF call fn_000142D0 00015FF8 8BD8 mov ebx,eax 00015FFA 85DB test ebx,ebx 00015FFC 0F84F0000000 je loc_000160F2 00016002 8B45F8 mov eax,[ebp-8] 00016005 FF30 push dword ptr [eax] 00016007 E810B10000 call jmp_IoAllocateWorkItem 0001600C 85C0 test eax,eax 0001600E 8903 mov [ebx],eax 00016010 7439 jz loc_0001604B 00016012 8B4DE4 mov ecx,[ebp-1Ch] 00016015 894B08 mov [ebx+8],ecx 00016018 8B4DE8 mov ecx,[ebp-18h] 0001601B 894B0C mov [ebx+0Ch],ecx 0001601E 8B4DF8 mov ecx,[ebp-8] 00016021 53 push ebx 00016022 894B10 mov [ebx+10h],ecx 00016025 8A4DFE mov cl,[ebp-2] 00016028 6A00 push 0 0001602A 884B18 mov [ebx+18h],cl 0001602D 8B4DE0 mov ecx,[ebp-20h] 00016030 681E5D0100 push offset off_00015D1E 00016035 50 push eax 00016036 897314 mov [ebx+14h],esi 00016039 894B1C mov [ebx+1Ch],ecx 0001603C E8D5B00000 call jmp_IoQueueWorkItem 00016041 8B5D0C mov ebx,[ebp+0Ch] 00016044 33FF xor edi,edi 00016046 E9F9010000 jmp loc_00016244 0001604B loc_0001604B: ; Xref 00016010 0001604B 6A00 push 0 0001604D FF75EC push dword ptr [ebp-14h] 00016050 FF15FC2E0200 call dword ptr [KeReleaseMutex] 00016056 8B4718 mov eax,[edi+18h] 00016059 03C7 add eax,edi 0001605B C6470202 mov byte ptr [edi+2],2 0001605F 8A4802 mov cl,[eax+2] 00016062 80E1F5 and cl,0F5h 00016065 80C905 or cl,5 00016068 884802 mov [eax+2],cl 0001606B B102 mov cl,2 0001606D FF15842E0200 call dword ptr [KfRaiseIrql] 00016073 FFB654020000 push dword ptr [esi+254h] 00016079 8845FE mov [ebp-2],al 0001607C 8B45F4 mov eax,[ebp-0Ch] 0001607F 8B00 mov eax,[eax] 00016081 FFB65C020000 push dword ptr [esi+25Ch] 00016087 8B4804 mov ecx,[eax+4] 0001608A 50 push eax 0001608B FF511C call dword ptr [ecx+1Ch] 0001608E 8A4DFE mov cl,[ebp-2] 00016091 FF15902E0200 call dword ptr [KfLowerIrql] 00016097 33FF xor edi,edi 00016099 57 push edi 0001609A 53 push ebx 0001609B 8B1DF02E0200 mov ebx,[ExFreePoolWithTag] 000160A1 FFD3 call ebx 000160A3 8B8680020000 mov eax,[esi+280h] 000160A9 3BC7 cmp eax,edi 000160AB 742B jz loc_000160D8 000160AD 8D8E84020000 lea ecx,[esi+284h] 000160B3 803900 cmp byte ptr [ecx],0 000160B6 7420 jz loc_000160D8 000160B8 802100 and byte ptr [ecx],0 000160BB 80BE7D02000000 cmp byte ptr [esi+27Dh],0 000160C2 50 push eax 000160C3 7407 jz loc_000160CC 000160C5 E8DAF3FFFF call fn_000154A4 000160CA EB06 jmp loc_000160D2 000160CC loc_000160CC: ; Xref 000160C3 000160CC FF153C2F0200 call dword ptr [IoFreeMdl] 000160D2 loc_000160D2: ; Xref 000160CA 000160D2 89BE80020000 mov [esi+280h],edi 000160D8 loc_000160D8: ; Xref 000160AB 000160B6 000160D8 8B450C mov eax,[ebp+0Ch] 000160DB FF30 push dword ptr [eax] 000160DD E840B00000 call jmp_IoFreeWorkItem 000160E2 57 push edi 000160E3 FF750C push dword ptr [ebp+0Ch] 000160E6 FFD3 call ebx 000160E8 68FE5C0100 push offset off_00015CFE 000160ED E955FEFFFF jmp loc_00015F47 000160F2 loc_000160F2: ; Xref 00015FFC 000160F2 6A00 push 0 000160F4 FF75EC push dword ptr [ebp-14h] 000160F7 FF15FC2E0200 call dword ptr [KeReleaseMutex] 000160FD 8B4718 mov eax,[edi+18h] 00016100 03C7 add eax,edi 00016102 C6470202 mov byte ptr [edi+2],2 00016106 8A4802 mov cl,[eax+2] 00016109 80E1F5 and cl,0F5h 0001610C 80C905 or cl,5 0001610F 884802 mov [eax+2],cl 00016112 B102 mov cl,2 00016114 FF15842E0200 call dword ptr [KfRaiseIrql] 0001611A FFB654020000 push dword ptr [esi+254h] 00016120 8AD8 mov bl,al 00016122 8B45F4 mov eax,[ebp-0Ch] 00016125 8B00 mov eax,[eax] 00016127 FFB65C020000 push dword ptr [esi+25Ch] 0001612D 8B4804 mov ecx,[eax+4] 00016130 50 push eax 00016131 FF511C call dword ptr [ecx+1Ch] 00016134 8ACB mov cl,bl 00016136 FF15902E0200 call dword ptr [KfLowerIrql] 0001613C 8B8680020000 mov eax,[esi+280h] 00016142 33FF xor edi,edi 00016144 3BC7 cmp eax,edi 00016146 742B jz loc_00016173 00016148 8D8E84020000 lea ecx,[esi+284h] 0001614E 803900 cmp byte ptr [ecx],0 00016151 7420 jz loc_00016173 00016153 802100 and byte ptr [ecx],0 00016156 80BE7D02000000 cmp byte ptr [esi+27Dh],0 0001615D 50 push eax 0001615E 7407 jz loc_00016167 00016160 E83FF3FFFF call fn_000154A4 00016165 EB06 jmp loc_0001616D 00016167 loc_00016167: ; Xref 0001615E 00016167 FF153C2F0200 call dword ptr [IoFreeMdl] 0001616D loc_0001616D: ; Xref 00016165 0001616D 89BE80020000 mov [esi+280h],edi 00016173 loc_00016173: ; Xref 00016146 00016151 00016173 57 push edi 00016174 57 push edi 00016175 8B3DF02E0200 mov edi,[ExFreePoolWithTag] 0001617B FFD7 call edi 0001617D 8B5D0C mov ebx,[ebp+0Ch] 00016180 FF33 push dword ptr [ebx] 00016182 E89BAF0000 call jmp_IoFreeWorkItem 00016187 6A00 push 0 00016189 53 push ebx 0001618A FFD7 call edi 0001618C 68065D0100 push offset off_00015D06 00016191 E87AAF0000 call jmp_DbgPrint 00016196 59 pop ecx 00016197 6A00 push 0 00016199 6A00 push 0 0001619B loc_0001619B: ; Xref 00015F4F 0001619B 81C66C020000 add esi,26Ch 000161A1 56 push esi 000161A2 FF15A02F0200 call dword ptr [KeSetEvent] 000161A8 E9BB000000 jmp loc_00016268 000161AD loc_000161AD: ; Xref 00015F79 000161AD 8B864C020000 mov eax,[esi+24Ch] 000161B3 B102 mov cl,2 000161B5 8945E0 mov [ebp-20h],eax 000161B8 FF15842E0200 call dword ptr [KfRaiseIrql] 000161BE FFB654020000 push dword ptr [esi+254h] 000161C4 88450F mov [ebp+0Fh],al 000161C7 8B45F4 mov eax,[ebp-0Ch] 000161CA 8B00 mov eax,[eax] 000161CC FFB65C020000 push dword ptr [esi+25Ch] 000161D2 8B4804 mov ecx,[eax+4] 000161D5 50 push eax 000161D6 FF511C call dword ptr [ecx+1Ch] 000161D9 8A4D0F mov cl,[ebp+0Fh] 000161DC FF15902E0200 call dword ptr [KfLowerIrql] 000161E2 80A66002000000 and byte ptr [esi+260h],0 000161E9 8B45E0 mov eax,[ebp-20h] 000161EC 80670200 and byte ptr [edi+2],0 000161F0 89470C mov [edi+0Ch],eax 000161F3 8B8680020000 mov eax,[esi+280h] 000161F9 33FF xor edi,edi 000161FB 3BC7 cmp eax,edi 000161FD 742B jz loc_0001622A 000161FF 8D8E84020000 lea ecx,[esi+284h] 00016205 803900 cmp byte ptr [ecx],0 00016208 7420 jz loc_0001622A 0001620A 802100 and byte ptr [ecx],0 0001620D 80BE7D02000000 cmp byte ptr [esi+27Dh],0 00016214 50 push eax 00016215 7407 jz loc_0001621E 00016217 E888F2FFFF call fn_000154A4 0001621C EB06 jmp loc_00016224 0001621E loc_0001621E: ; Xref 00016215 0001621E FF153C2F0200 call dword ptr [IoFreeMdl] 00016224 loc_00016224: ; Xref 0001621C 00016224 89BE80020000 mov [esi+280h],edi 0001622A loc_0001622A: ; Xref 000161FD 00016208 0001622A 57 push edi 0001622B 57 push edi 0001622C 81C66C020000 add esi,26Ch 00016232 56 push esi 00016233 FF15A02F0200 call dword ptr [KeSetEvent] 00016239 680E5D0100 push offset off_00015D0E 0001623E E8CDAE0000 call jmp_DbgPrint 00016243 59 pop ecx 00016244 loc_00016244: ; Xref 00016046 00016244 FF33 push dword ptr [ebx] 00016246 E8D7AE0000 call jmp_IoFreeWorkItem 0001624B 57 push edi 0001624C 53 push ebx 0001624D FF15F02E0200 call dword ptr [ExFreePoolWithTag] 00016253 68165D0100 push offset off_00015D16 00016258 E8B3AE0000 call jmp_DbgPrint 0001625D 59 pop ecx 0001625E 57 push edi 0001625F FF75EC push dword ptr [ebp-14h] 00016262 FF15FC2E0200 call dword ptr [KeReleaseMutex] 00016268 loc_00016268: ; Xref 000161A8 00016268 5F pop edi 00016269 5E pop esi 0001626A 5B pop ebx 0001626B C9 leave 0001626C C20800 ret 8 0001626F CC int 3 00016270 off_00016270: ; Xref 000162FB 00016270 5449204D73670A00 db 'TI Msg',00Ah,000h 00016278 off_00016278: ; Xref 0001635E 00016278 5449204D73670A00 db 'TI Msg',00Ah,000h 00016280 off_00016280: ; Xref 00016365 00016280 5449204D73670A00 db 'TI Msg',00Ah,000h 00016288 off_00016288: ; Xref 00016370 00016288 5449204D73670A00 db 'TI Msg',00Ah,000h 00016290 off_00016290: ; Xref 000167B7 00016F26 00016290 55 push ebp 00016291 8BEC mov ebp,esp 00016293 83EC10 sub esp,10h 00016296 8B4508 mov eax,[ebp+8] 00016299 53 push ebx 0001629A 8B5828 mov ebx,[eax+28h] 0001629D 56 push esi 0001629E 8D8B38010000 lea ecx,[ebx+138h] 000162A4 57 push edi 000162A5 894DF8 mov [ebp-8],ecx 000162A8 FF15B42F0200 call dword ptr [KefAcquireSpinLockAtDpcLevel] 000162AE 8B7514 mov esi,[ebp+14h] 000162B1 80BE6802000000 cmp byte ptr [esi+268h],0 000162B8 8B8664020000 mov eax,[esi+264h] 000162BE 8B7D10 mov edi,[ebp+10h] 000162C1 0F954517 setne byte ptr [ebp+17h] 000162C5 807D1700 cmp byte ptr [ebp+17h],0 000162C9 8945FC mov [ebp-4],eax 000162CC 8B4640 mov eax,[esi+40h] 000162CF 0F94C2 sete dl 000162D2 89BE5C020000 mov [esi+25Ch],edi 000162D8 8B848390010000 mov eax,[ebx+eax*4+190h] 000162DF 8B4804 mov ecx,[eax+4] 000162E2 52 push edx 000162E3 8D9648020000 lea edx,[esi+248h] 000162E9 52 push edx 000162EA FFB658020000 push dword ptr [esi+258h] 000162F0 57 push edi 000162F1 FFB680020000 push dword ptr [esi+280h] 000162F7 50 push eax 000162F8 FF5120 call dword ptr [ecx+20h] 000162FB 6870620100 push offset off_00016270 00016300 8945F0 mov [ebp-10h],eax 00016303 8955F4 mov [ebp-0Ch],edx 00016306 E805AE0000 call jmp_DbgPrint 0001630B 59 pop ecx 0001630C 6A20 push 20h 0001630E E8BDDFFFFF call fn_000142D0 00016313 8BF8 mov edi,eax 00016315 85FF test edi,edi 00016317 744C jz loc_00016365 00016319 FF7508 push dword ptr [ebp+8] 0001631C E8FBAD0000 call jmp_IoAllocateWorkItem 00016321 85C0 test eax,eax 00016323 8907 mov [edi],eax 00016325 742E jz loc_00016355 00016327 8B4DF0 mov ecx,[ebp-10h] 0001632A 894F08 mov [edi+8],ecx 0001632D 8B4DF4 mov ecx,[ebp-0Ch] 00016330 57 push edi 00016331 894F0C mov [edi+0Ch],ecx 00016334 8A4D17 mov cl,[ebp+17h] 00016337 6A00 push 0 00016339 884F18 mov [edi+18h],cl 0001633C 8B4DFC mov ecx,[ebp-4] 0001633F 681E5D0100 push offset off_00015D1E 00016344 50 push eax 00016345 895F10 mov [edi+10h],ebx 00016348 897714 mov [edi+14h],esi 0001634B 894F1C mov [edi+1Ch],ecx 0001634E E8C3AD0000 call jmp_IoQueueWorkItem 00016353 EB1B jmp loc_00016370 00016355 loc_00016355: ; Xref 00016325 00016355 6A00 push 0 00016357 57 push edi 00016358 FF15F02E0200 call dword ptr [ExFreePoolWithTag] 0001635E 6878620100 push offset off_00016278 00016363 EB05 jmp loc_0001636A 00016365 loc_00016365: ; Xref 00016317 00016365 6880620100 push offset off_00016280 0001636A loc_0001636A: ; Xref 00016363 0001636A E8A1AD0000 call jmp_DbgPrint 0001636F 59 pop ecx 00016370 loc_00016370: ; Xref 00016353 00016370 6888620100 push offset off_00016288 00016375 E896AD0000 call jmp_DbgPrint 0001637A 59 pop ecx 0001637B 8B4DF8 mov ecx,[ebp-8] 0001637E FF15A42F0200 call dword ptr [KefReleaseSpinLockFromDpcLevel] 00016384 6A03 push 3 00016386 58 pop eax 00016387 5F pop edi 00016388 5E pop esi 00016389 5B pop ebx 0001638A C9 leave 0001638B C21000 ret 10h 0001638E off_0001638E: ; Xref 000164FD 0001638E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016396 off_00016396: ; Xref 00016554 00016396 5449204D73670A00 db 'TI Msg',00Ah,000h 0001639E off_0001639E: ; Xref 00016561 0001639E 5449204D73670A00 db 'TI Msg',00Ah,000h 000163A6 off_000163A6: ; Xref 0001657D 000163A6 5449204D73670A00 db 'TI Msg',00Ah,000h 000163AE off_000163AE: ; Xref 000165B0 000163AE 5449204D73670A00 db 'TI Msg',00Ah,000h 000163B6 off_000163B6: ; Xref 000165D1 000163B6 746946616C73684D6564.. db 'tiFalshMedia\SdDevice',000h 000163CC 0000 add [eax],al 000163CE off_000163CE: ; Xref 000165D8 000163CE 5449204D73670A00 db 'TI Msg',00Ah,000h 000163D6 off_000163D6: ; Xref 000165ED 000163D6 746946616C73684D6564.. db 'tiFalshMedia\SdDevice',000h 000163EC 0000 add [eax],al 000163EE off_000163EE: ; Xref 00016622 000163EE 5449204D73670A00 db 'TI Msg',00Ah,000h 000163F6 off_000163F6: ; Xref 00016629 000163F6 5449204D73670A00 db 'TI Msg',00Ah,000h 000163FE off_000163FE: ; Xref 0001666A 000163FE 5449204D73670A00 db 'TI Msg',00Ah,000h 00016406 off_00016406: ; Xref 0001667D 00016406 5449204D73670A00 db 'TI Msg',00Ah,000h 0001640E off_0001640E: ; Xref 00016698 0001640E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016416 off_00016416: ; Xref 000166E4 00016416 5449204D73670A00 db 'TI Msg',00Ah,000h 0001641E off_0001641E: ; Xref 00016731 0001641E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016426 off_00016426: ; Xref 0001676E 00016426 5449204D73670A00 db 'TI Msg',00Ah,000h 0001642E off_0001642E: ; Xref 00016797 0001642E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016436 off_00016436: ; Xref 000167E7 00016436 5449204D73670A00 db 'TI Msg',00Ah,000h 0001643E off_0001643E: ; Xref 00016851 0001643E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016446 off_00016446: ; Xref 0001685C 00016446 5449204D73670A00 db 'TI Msg',00Ah,000h 0001644E off_0001644E: ; Xref 00016866 0001644E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016456 off_00016456: ; Xref 000168B9 00016456 5449204D73670A00 db 'TI Msg',00Ah,000h 0001645E off_0001645E: ; Xref 000168E3 0001645E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016466 off_00016466: ; Xref 00016923 00016466 5449204D73670A00 db 'TI Msg',00Ah,000h 0001646E off_0001646E: ; Xref 00016934 0001646E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016476 off_00016476: ; Xref 00016973 00016476 5449204D73670A00 db 'TI Msg',00Ah,000h 0001647E off_0001647E: ; Xref 000169AF 0001647E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016486 off_00016486: ; Xref 000169D6 00016486 5449204D73670A00 db 'TI Msg',00Ah,000h 0001648E off_0001648E: ; Xref 00016A13 0001648E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016496 off_00016496: ; Xref 00016A3C 00016496 5449204D73670A00 db 'TI Msg',00Ah,000h 0001649E off_0001649E: ; Xref 00016A8C 0001649E 5449204D73670A00 db 'TI Msg',00Ah,000h 000164A6 off_000164A6: ; Xref 00016AE0 000164A6 5449204D73670A00 db 'TI Msg',00Ah,000h 000164AE off_000164AE: ; Xref 00016B54 000164AE 5449204D73670A00 db 'TI Msg',00Ah,000h 000164B6 off_000164B6: ; Xref 00016B7C 000164B6 5449204D73670A00 db 'TI Msg',00Ah,000h 000164BE off_000164BE: ; Xref 00016B90 000164BE 5449204D73670A00 db 'TI Msg',00Ah,000h 000164C6 off_000164C6: ; Xref 00016BDF 000164C6 5449204D73670A00 db 'TI Msg',00Ah,000h 000164CE off_000164CE: ; Xref 00016BF5 000164CE 5449204D73670A00 db 'TI Msg',00Ah,000h 000164D6 off_000164D6: ; Xref 00016C34 000164D6 5449204D73670A00 db 'TI Msg',00Ah,000h 000164DE off_000164DE: ; Xref 00016C63 000164DE 5449204D73670A00 db 'TI Msg',00Ah,000h 000164E6 off_000164E6: ; Xref 00016C95 000164E6 5449204D73670A00 db 'TI Msg',00Ah,000h 000164EE fn_000164EE: ; Xref 00011995 000164EE 55 push ebp 000164EF 8BEC mov ebp,esp 000164F1 83EC20 sub esp,20h 000164F4 53 push ebx 000164F5 56 push esi 000164F6 8B750C mov esi,[ebp+0Ch] 000164F9 8A4640 mov al,[esi+40h] 000164FC 57 push edi 000164FD 688E630100 push offset off_0001638E 00016502 8845FC mov [ebp-4],al 00016505 E806AC0000 call jmp_DbgPrint 0001650A 59 pop ecx 0001650B 8B4D08 mov ecx,[ebp+8] 0001650E 8B590C mov ebx,[ecx+0Ch] 00016511 0FB6431C movzx eax,byte ptr [ebx+1Ch] 00016515 83F82A cmp eax,2Ah 00016518 0F8F7F030000 jnle loc_0001689D 0001651E 0F8424010000 je loc_00016648 00016524 33FF xor edi,edi 00016526 3BC7 cmp eax,edi 00016528 0F84FB000000 je loc_00016629 0001652E 83F812 cmp eax,12h 00016531 745D jz loc_00016590 00016533 83F81D cmp eax,1Dh 00016536 7445 jz loc_0001657D 00016538 83F825 cmp eax,25h 0001653B 740E jz loc_0001654B 0001653D 83F828 cmp eax,28h 00016540 0F8404010000 je loc_0001664A 00016546 E96E030000 jmp loc_000168B9 0001654B loc_0001654B: ; Xref 0001653B 0001654B 8B7B14 mov edi,[ebx+14h] 0001654E 8B465C mov eax,[esi+5Ch] 00016551 03FB add edi,ebx 00016553 48 dec eax 00016554 6896630100 push offset off_00016396 00016559 894510 mov [ebp+10h],eax 0001655C E8AFAB0000 call jmp_DbgPrint 00016561 C704249E630100 mov dword ptr [esp],offset off_0001639E 00016568 E8A3AB0000 call jmp_DbgPrint 0001656D 8B4510 mov eax,[ebp+10h] 00016570 8907 mov [edi],eax 00016572 8B4654 mov eax,[esi+54h] 00016575 894704 mov [edi+4],eax 00016578 E9C5030000 jmp loc_00016942 0001657D loc_0001657D: ; Xref 00016536 0001657D 68A6630100 push offset off_000163A6 00016582 E889AB0000 call jmp_DbgPrint 00016587 80630200 and byte ptr [ebx+2],0 0001658B E959060000 jmp loc_00016BE9 00016590 loc_00016590: ; Xref 00016531 00016590 8B430C mov eax,[ebx+0Ch] 00016593 83F81E cmp eax,1Eh 00016596 732A jnb loc_000165C2 00016598 8B4318 mov eax,[ebx+18h] 0001659B 03C3 add eax,ebx 0001659D C6430202 mov byte ptr [ebx+2],2 000165A1 8A4802 mov cl,[eax+2] 000165A4 80E1F5 and cl,0F5h 000165A7 80C905 or cl,5 000165AA 884802 mov [eax+2],cl 000165AD 8B4514 mov eax,[ebp+14h] 000165B0 68AE630100 push offset off_000163AE 000165B5 8938 mov [eax],edi 000165B7 E854AB0000 call jmp_DbgPrint 000165BC 59 pop ecx 000165BD E900070000 jmp loc_00016CC2 000165C2 loc_000165C2: ; Xref 00016596 000165C2 83F838 cmp eax,38h 000165C5 8B4314 mov eax,[ebx+14h] 000165C8 6A05 push 5 000165CA 59 pop ecx 000165CB 8D7C0308 lea edi,[ebx+eax+8] 000165CF 7316 jnb loc_000165E7 000165D1 BEB6630100 mov esi,offset off_000163B6 000165D6 F3A5 rep movsd 000165D8 68CE630100 push offset off_000163CE 000165DD 66A5 movsw 000165DF E82CAB0000 call jmp_DbgPrint 000165E4 59 pop ecx 000165E5 EB3B jmp loc_00016622 000165E7 loc_000165E7: ; Xref 000165CF 000165E7 8B4510 mov eax,[ebp+10h] 000165EA FF75FC push dword ptr [ebp-4] 000165ED BED6630100 mov esi,offset off_000163D6 000165F2 F3A5 rep movsd 000165F4 66A5 movsw 000165F6 8B88B8010000 mov ecx,[eax+1B8h] 000165FC E851170000 call fn_00017D52 00016601 6A05 push 5 00016603 59 pop ecx 00016604 8BF0 mov esi,eax 00016606 8B4314 mov eax,[ebx+14h] 00016609 8D7DE0 lea edi,[ebp-20h] 0001660C F3A5 rep movsd 0001660E 6A05 push 5 00016610 8D7C0324 lea edi,[ebx+eax+24h] 00016614 59 pop ecx 00016615 8D75E0 lea esi,[ebp-20h] 00016618 F3A5 rep movsd 0001661A 8B4314 mov eax,[ebx+14h] 0001661D C6440338C1 mov byte ptr [ebx+eax+38h],0C1h 00016622 loc_00016622: ; Xref 000165E5 00016622 68EE630100 push offset off_000163EE 00016627 EB05 jmp loc_0001662E 00016629 loc_00016629: ; Xref 00016528 00016629 68F6630100 push offset off_000163F6 0001662E loc_0001662E: ; Xref 00016627 0001662E 8B4314 mov eax,[ebx+14h] 00016631 03430C add eax,[ebx+0Ch] 00016634 8B4D14 mov ecx,[ebp+14h] 00016637 80630200 and byte ptr [ebx+2],0 0001663B 8901 mov [ecx],eax 0001663D E8CEAA0000 call jmp_DbgPrint 00016642 59 pop ecx 00016643 E949060000 jmp loc_00016C91 00016648 loc_00016648: ; Xref 0001651E 00016648 33FF xor edi,edi 0001664A loc_0001664A: ; Xref 00016540 0001664A 80A67D02000000 and byte ptr [esi+27Dh],0 00016651 817B0C00020000 cmp dword ptr [ebx+0Ch],200h 00016658 0F8208020000 jb loc_00016866 0001665E 898E64020000 mov [esi+264h],ecx 00016664 807B0801 cmp byte ptr [ebx+8],1 00016668 7513 jnz loc_0001667D 0001666A 68FE630100 push offset off_000163FE 0001666F E89CAA0000 call jmp_DbgPrint 00016674 C6866802000001 mov byte ptr [esi+268h],1 0001667B EB11 jmp loc_0001668E 0001667D loc_0001667D: ; Xref 00016668 0001667D 6806640100 push offset off_00016406 00016682 E889AA0000 call jmp_DbgPrint 00016687 80A66802000000 and byte ptr [esi+268h],0 0001668E loc_0001668E: ; Xref 0001667B 0001668E 33C0 xor eax,eax 00016690 8A631E mov ah,[ebx+1Eh] 00016693 59 pop ecx 00016694 0FB64B20 movzx ecx,byte ptr [ebx+20h] 00016698 680E640100 push offset off_0001640E 0001669D 8A431F mov al,[ebx+1Fh] 000166A0 C1E008 shl eax,8 000166A3 0BC1 or eax,ecx 000166A5 0FB64B21 movzx ecx,byte ptr [ebx+21h] 000166A9 C1E008 shl eax,8 000166AC 0BC1 or eax,ecx 000166AE 898688020000 mov [esi+288h],eax 000166B4 33C0 xor eax,eax 000166B6 8A6323 mov ah,[ebx+23h] 000166B9 8A4324 mov al,[ebx+24h] 000166BC 89868C020000 mov [esi+28Ch],eax 000166C2 E849AA0000 call jmp_DbgPrint 000166C7 8B4314 mov eax,[ebx+14h] 000166CA 59 pop ecx 000166CB 57 push edi 000166CC 57 push edi 000166CD 57 push edi 000166CE FF730C push dword ptr [ebx+0Ch] 000166D1 03C3 add eax,ebx 000166D3 50 push eax 000166D4 FF15442F0200 call dword ptr [IoAllocateMdl] 000166DA 3BC7 cmp eax,edi 000166DC 898680020000 mov [esi+280h],eax 000166E2 7536 jnz loc_0001671A 000166E4 6816640100 push offset off_00016416 000166E9 loc_000166E9: ; Xref 000169B4 000166E9 E822AA0000 call jmp_DbgPrint 000166EE 8B4318 mov eax,[ebx+18h] 000166F1 03C3 add eax,ebx 000166F3 C6430202 mov byte ptr [ebx+2],2 000166F7 59 pop ecx 000166F8 8A4802 mov cl,[eax+2] 000166FB 80E1F5 and cl,0F5h 000166FE 80C905 or cl,5 00016701 884802 mov [eax+2],cl 00016704 8B4514 mov eax,[ebp+14h] 00016707 8938 mov [eax],edi 00016709 80A68402000000 and byte ptr [esi+284h],0 00016710 B89A0000C0 mov eax,0C000009Ah 00016715 E9AD050000 jmp loc_00016CC7 0001671A loc_0001671A: ; Xref 000166E2 0001671A 50 push eax 0001671B C6868402000001 mov byte ptr [esi+284h],1 00016722 FF154C2F0200 call dword ptr [MmBuildMdlForNonPagedPool] 00016728 89BE4C020000 mov [esi+24Ch],edi 0001672E 8B430C mov eax,[ebx+0Ch] 00016731 681E640100 push offset off_0001641E 00016736 898650020000 mov [esi+250h],eax 0001673C 898648020000 mov [esi+248h],eax 00016742 E8C9A90000 call jmp_DbgPrint 00016747 8B8680020000 mov eax,[esi+280h] 0001674D 59 pop ecx 0001674E 8B4818 mov ecx,[eax+18h] 00016751 034810 add ecx,[eax+10h] 00016754 80A66002000000 and byte ptr [esi+260h],0 0001675B B800600000 mov eax,6000h 00016760 398650020000 cmp [esi+250h],eax 00016766 898E58020000 mov [esi+258h],ecx 0001676C 7611 jbe loc_0001677F 0001676E 6826640100 push offset off_00016426 00016773 898648020000 mov [esi+248h],eax 00016779 E892A90000 call jmp_DbgPrint 0001677E 59 pop ecx 0001677F loc_0001677F: ; Xref 0001676C 0001677F 8B8658020000 mov eax,[esi+258h] 00016785 8B8E48020000 mov ecx,[esi+248h] 0001678B 25FF0F0000 and eax,0FFFh 00016790 8DBC08FF0F0000 lea edi,[eax+ecx+0FFFh] 00016797 682E640100 push offset off_0001642E 0001679C C1EF0C shr edi,0Ch 0001679F E86CA90000 call jmp_DbgPrint 000167A4 59 pop ecx 000167A5 B102 mov cl,2 000167A7 89BE54020000 mov [esi+254h],edi 000167AD FF15842E0200 call dword ptr [KfRaiseIrql] 000167B3 8B4D10 mov ecx,[ebp+10h] 000167B6 56 push esi 000167B7 6890620100 push offset off_00016290 000167BC 88450F mov [ebp+0Fh],al 000167BF 0FB645FC movzx eax,byte ptr [ebp-4] 000167C3 8B848190010000 mov eax,[ecx+eax*4+190h] 000167CA 8B5004 mov edx,[eax+4] 000167CD 57 push edi 000167CE FF31 push dword ptr [ecx] 000167D0 50 push eax 000167D1 FF5210 call dword ptr [edx+10h] 000167D4 8A4D0F mov cl,[ebp+0Fh] 000167D7 894510 mov [ebp+10h],eax 000167DA FF15902E0200 call dword ptr [KfLowerIrql] 000167E0 33FF xor edi,edi 000167E2 397D10 cmp [ebp+10h],edi 000167E5 7D3A jge loc_00016821 000167E7 6836640100 push offset off_00016436 000167EC E81FA90000 call jmp_DbgPrint 000167F1 8B4318 mov eax,[ebx+18h] 000167F4 C6430202 mov byte ptr [ebx+2],2 000167F8 03C3 add eax,ebx 000167FA 59 pop ecx 000167FB 8A4802 mov cl,[eax+2] 000167FE 80E1F5 and cl,0F5h 00016801 80C905 or cl,5 00016804 884802 mov [eax+2],cl 00016807 8B4514 mov eax,[ebp+14h] 0001680A 8938 mov [eax],edi 0001680C FFB680020000 push dword ptr [esi+280h] 00016812 80A68402000000 and byte ptr [esi+284h],0 00016819 FF153C2F0200 call dword ptr [IoFreeMdl] 0001681F EB71 jmp loc_00016892 00016821 loc_00016821: ; Xref 000167E5 00016821 834DF8FF or dword ptr [ebp-8],0FFFFFFFFh 00016825 8D45F4 lea eax,[ebp-0Ch] 00016828 50 push eax 00016829 57 push edi 0001682A 57 push edi 0001682B 57 push edi 0001682C 81C66C020000 add esi,26Ch 00016832 56 push esi 00016833 C745F400D3CEFE mov dword ptr [ebp-0Ch],0FECED300h 0001683A FF159C2F0200 call dword ptr [KeWaitForSingleObject] 00016840 56 push esi 00016841 8BF8 mov edi,eax 00016843 FF15182F0200 call dword ptr [KeClearEvent] 00016849 81FF02010000 cmp edi,102h 0001684F 750B jnz loc_0001685C 00016851 683E640100 push offset off_0001643E 00016856 E8B5A80000 call jmp_DbgPrint 0001685B 59 pop ecx 0001685C loc_0001685C: ; Xref 0001684F 0001685C 6846640100 push offset off_00016446 00016861 E97E030000 jmp loc_00016BE4 00016866 loc_00016866: ; Xref 00016658 00016866 684E640100 push offset off_0001644E 0001686B E8A0A80000 call jmp_DbgPrint 00016870 8B4318 mov eax,[ebx+18h] 00016873 03C3 add eax,ebx 00016875 C6430202 mov byte ptr [ebx+2],2 00016879 59 pop ecx 0001687A 8A4802 mov cl,[eax+2] 0001687D 80E1F5 and cl,0F5h 00016880 80C905 or cl,5 00016883 884802 mov [eax+2],cl 00016886 8B4514 mov eax,[ebp+14h] 00016889 8938 mov [eax],edi 0001688B 80A68402000000 and byte ptr [esi+284h],0 00016892 loc_00016892: ; Xref 0001681F 00016892 89BE80020000 mov [esi+280h],edi 00016898 E925040000 jmp loc_00016CC2 0001689D loc_0001689D: ; Xref 00016518 0001689D 2DD0000000 sub eax,0D0h 000168A2 0F847F030000 je loc_00016C27 000168A8 48 dec eax 000168A9 0F84A3000000 je loc_00016952 000168AF 83E81D sub eax,1Dh 000168B2 7456 jz loc_0001690A 000168B4 48 dec eax 000168B5 742C jz loc_000168E3 000168B7 33FF xor edi,edi 000168B9 loc_000168B9: ; Xref 00016546 000168B9 6856640100 push offset off_00016456 000168BE E84DA80000 call jmp_DbgPrint 000168C3 8B4318 mov eax,[ebx+18h] 000168C6 03C3 add eax,ebx 000168C8 C6430202 mov byte ptr [ebx+2],2 000168CC 59 pop ecx 000168CD 8A4802 mov cl,[eax+2] 000168D0 80E1F5 and cl,0F5h 000168D3 80C905 or cl,5 000168D6 884802 mov [eax+2],cl 000168D9 8B4514 mov eax,[ebp+14h] 000168DC 8938 mov [eax],edi 000168DE E9DF030000 jmp loc_00016CC2 000168E3 loc_000168E3: ; Xref 000168B5 000168E3 685E640100 push offset off_0001645E 000168E8 E823A80000 call jmp_DbgPrint 000168ED 8B4510 mov eax,[ebp+10h] 000168F0 59 pop ecx 000168F1 8B88B8010000 mov ecx,[eax+1B8h] 000168F7 6A01 push 1 000168F9 FF75FC push dword ptr [ebp-4] 000168FC E845150000 call fn_00017E46 00016901 80630200 and byte ptr [ebx+2],0 00016905 E9E0020000 jmp loc_00016BEA 0001690A loc_0001690A: ; Xref 000168B2 0001690A 0FB645FC movzx eax,byte ptr [ebp-4] 0001690E 8B7314 mov esi,[ebx+14h] 00016911 8B4D10 mov ecx,[ebp+10h] 00016914 8D0480 lea eax,[eax+eax*4] 00016917 03F3 add esi,ebx 00016919 80BC814C01000022 cmp byte ptr [ecx+eax*4+14Ch],22h 00016921 7511 jnz loc_00016934 00016923 6866640100 push offset off_00016466 00016928 66C7060100 mov word ptr [esi],1 0001692D E8DEA70000 call jmp_DbgPrint 00016932 EB0E jmp loc_00016942 00016934 loc_00016934: ; Xref 00016921 00016934 686E640100 push offset off_0001646E 00016939 E8D2A70000 call jmp_DbgPrint 0001693E 66832600 and word ptr [esi],0 00016942 loc_00016942: ; Xref 00016578 00016932 00016942 8B430C mov eax,[ebx+0Ch] 00016945 80630200 and byte ptr [ebx+2],0 00016949 034314 add eax,[ebx+14h] 0001694C 59 pop ecx 0001694D E93A030000 jmp loc_00016C8C 00016952 loc_00016952: ; Xref 000168A9 00016952 80A67D02000000 and byte ptr [esi+27Dh],0 00016959 80BE7C02000000 cmp byte ptr [esi+27Ch],0 00016960 0F848F020000 je loc_00016BF5 00016966 817B0C00020000 cmp dword ptr [ebx+0Ch],200h 0001696D 0F825E010000 jb loc_00016AD1 00016973 6876640100 push offset off_00016476 00016978 898E64020000 mov [esi+264h],ecx 0001697E E88DA70000 call jmp_DbgPrint 00016983 807B0801 cmp byte ptr [ebx+8],1 00016987 59 pop ecx 00016988 0F94C0 sete al 0001698B 33FF xor edi,edi 0001698D 57 push edi 0001698E 57 push edi 0001698F 888668020000 mov [esi+268h],al 00016995 8B4314 mov eax,[ebx+14h] 00016998 57 push edi 00016999 FF730C push dword ptr [ebx+0Ch] 0001699C 03C3 add eax,ebx 0001699E 50 push eax 0001699F FF15442F0200 call dword ptr [IoAllocateMdl] 000169A5 3BC7 cmp eax,edi 000169A7 898680020000 mov [esi+280h],eax 000169AD 750A jnz loc_000169B9 000169AF 687E640100 push offset off_0001647E 000169B4 E930FDFFFF jmp loc_000166E9 000169B9 loc_000169B9: ; Xref 000169AD 000169B9 50 push eax 000169BA C6868402000001 mov byte ptr [esi+284h],1 000169C1 FF154C2F0200 call dword ptr [MmBuildMdlForNonPagedPool] 000169C7 8B8680020000 mov eax,[esi+280h] 000169CD 89BE4C020000 mov [esi+24Ch],edi 000169D3 8B4014 mov eax,[eax+14h] 000169D6 6886640100 push offset off_00016486 000169DB 898650020000 mov [esi+250h],eax 000169E1 898648020000 mov [esi+248h],eax 000169E7 E824A70000 call jmp_DbgPrint 000169EC 8B8680020000 mov eax,[esi+280h] 000169F2 59 pop ecx 000169F3 8B4818 mov ecx,[eax+18h] 000169F6 034810 add ecx,[eax+10h] 000169F9 80A66002000000 and byte ptr [esi+260h],0 00016A00 B800600000 mov eax,6000h 00016A05 398650020000 cmp [esi+250h],eax 00016A0B 898E58020000 mov [esi+258h],ecx 00016A11 7611 jbe loc_00016A24 00016A13 688E640100 push offset off_0001648E 00016A18 898648020000 mov [esi+248h],eax 00016A1E E8EDA60000 call jmp_DbgPrint 00016A23 59 pop ecx 00016A24 loc_00016A24: ; Xref 00016A11 00016A24 8B8658020000 mov eax,[esi+258h] 00016A2A 8B8E48020000 mov ecx,[esi+248h] 00016A30 25FF0F0000 and eax,0FFFh 00016A35 8DBC08FF0F0000 lea edi,[eax+ecx+0FFFh] 00016A3C 6896640100 push offset off_00016496 00016A41 C1EF0C shr edi,0Ch 00016A44 E8C7A60000 call jmp_DbgPrint 00016A49 59 pop ecx 00016A4A B102 mov cl,2 00016A4C 89BE54020000 mov [esi+254h],edi 00016A52 FF15842E0200 call dword ptr [KfRaiseIrql] 00016A58 8B4D10 mov ecx,[ebp+10h] 00016A5B 56 push esi 00016A5C 68A05B0100 push offset off_00015BA0 00016A61 88450F mov [ebp+0Fh],al 00016A64 0FB645FC movzx eax,byte ptr [ebp-4] 00016A68 8B848190010000 mov eax,[ecx+eax*4+190h] 00016A6F 8B5004 mov edx,[eax+4] 00016A72 57 push edi 00016A73 FF31 push dword ptr [ecx] 00016A75 50 push eax 00016A76 FF5210 call dword ptr [edx+10h] 00016A79 8A4D0F mov cl,[ebp+0Fh] 00016A7C 8BF8 mov edi,eax 00016A7E FF15902E0200 call dword ptr [KfLowerIrql] 00016A84 85FF test edi,edi 00016A86 0F8D34010000 jnl loc_00016BC0 00016A8C 689E640100 push offset off_0001649E 00016A91 E87AA60000 call jmp_DbgPrint 00016A96 8B4318 mov eax,[ebx+18h] 00016A99 C6430202 mov byte ptr [ebx+2],2 00016A9D 03C3 add eax,ebx 00016A9F 59 pop ecx 00016AA0 8A4802 mov cl,[eax+2] 00016AA3 80E1F5 and cl,0F5h 00016AA6 80C905 or cl,5 00016AA9 884802 mov [eax+2],cl 00016AAC 8B4514 mov eax,[ebp+14h] 00016AAF 832000 and dword ptr [eax],0 00016AB2 FFB680020000 push dword ptr [esi+280h] 00016AB8 80A68402000000 and byte ptr [esi+284h],0 00016ABF FF153C2F0200 call dword ptr [IoFreeMdl] 00016AC5 83A68002000000 and dword ptr [esi+280h],0 00016ACC E9F1010000 jmp loc_00016CC2 00016AD1 loc_00016AD1: ; Xref 0001696D 00016AD1 8A431E mov al,[ebx+1Eh] 00016AD4 0FB64B21 movzx ecx,byte ptr [ebx+21h] 00016AD8 8845E0 mov [ebp-20h],al 00016ADB 33C0 xor eax,eax 00016ADD 8A631F mov ah,[ebx+1Fh] 00016AE0 68A6640100 push offset off_000164A6 00016AE5 8A4320 mov al,[ebx+20h] 00016AE8 C1E008 shl eax,8 00016AEB 0BC1 or eax,ecx 00016AED 0FB64B22 movzx ecx,byte ptr [ebx+22h] 00016AF1 C1E008 shl eax,8 00016AF4 0BC1 or eax,ecx 00016AF6 0FB64B25 movzx ecx,byte ptr [ebx+25h] 00016AFA 8945E4 mov [ebp-1Ch],eax 00016AFD 33C0 xor eax,eax 00016AFF 8A6323 mov ah,[ebx+23h] 00016B02 8A4324 mov al,[ebx+24h] 00016B05 C1E008 shl eax,8 00016B08 0BC1 or eax,ecx 00016B0A 8945E8 mov [ebp-18h],eax 00016B0D E8FEA50000 call jmp_DbgPrint 00016B12 8A4326 mov al,[ebx+26h] 00016B15 8AC8 mov cl,al 00016B17 C0E904 shr cl,4 00016B1A 884DEC mov [ebp-14h],cl 00016B1D 8AC8 mov cl,al 00016B1F 80E108 and cl,8 00016B22 80F908 cmp cl,8 00016B25 0F94C1 sete cl 00016B28 884DED mov [ebp-13h],cl 00016B2B 8AC8 mov cl,al 00016B2D 80E104 and cl,4 00016B30 80F904 cmp cl,4 00016B33 0F94C1 sete cl 00016B36 884DEE mov [ebp-12h],cl 00016B39 8AC8 mov cl,al 00016B3B 80E102 and cl,2 00016B3E 80F902 cmp cl,2 00016B41 0F94C1 sete cl 00016B44 2401 and al,1 00016B46 FEC8 dec al 00016B48 F6D8 neg al 00016B4A 1AC0 sbb al,al 00016B4C FEC0 inc al 00016B4E 884DEF mov [ebp-11h],cl 00016B51 8845F0 mov [ebp-10h],al 00016B54 C70424AE640100 mov dword ptr [esp],offset off_000164AE 00016B5B E8B0A50000 call jmp_DbgPrint 00016B60 8B4314 mov eax,[ebx+14h] 00016B63 59 pop ecx 00016B64 03C3 add eax,ebx 00016B66 50 push eax 00016B67 8D45E0 lea eax,[ebp-20h] 00016B6A 50 push eax 00016B6B 8B4510 mov eax,[ebp+10h] 00016B6E FF75FC push dword ptr [ebp-4] 00016B71 8B88B8010000 mov ecx,[eax+1B8h] 00016B77 E856110000 call fn_00017CD2 00016B7C 68B6640100 push offset off_000164B6 00016B81 884513 mov [ebp+13h],al 00016B84 E887A50000 call jmp_DbgPrint 00016B89 807D1300 cmp byte ptr [ebp+13h],0 00016B8D 59 pop ecx 00016B8E 745A jz loc_00016BEA 00016B90 68BE640100 push offset off_000164BE 00016B95 E876A50000 call jmp_DbgPrint 00016B9A 8B4318 mov eax,[ebx+18h] 00016B9D 03C3 add eax,ebx 00016B9F C6430202 mov byte ptr [ebx+2],2 00016BA3 59 pop ecx 00016BA4 8A4802 mov cl,[eax+2] 00016BA7 80E1F5 and cl,0F5h 00016BAA 80C905 or cl,5 00016BAD 884802 mov [eax+2],cl 00016BB0 8B4514 mov eax,[ebp+14h] 00016BB3 832000 and dword ptr [eax],0 00016BB6 B8010000C0 mov eax,0C0000001h 00016BBB E907010000 jmp loc_00016CC7 00016BC0 loc_00016BC0: ; Xref 00016A86 00016BC0 8DBE6C020000 lea edi,[esi+26Ch] 00016BC6 8B35182F0200 mov esi,[KeClearEvent] 00016BCC 57 push edi 00016BCD FFD6 call esi 00016BCF 33C0 xor eax,eax 00016BD1 50 push eax 00016BD2 50 push eax 00016BD3 50 push eax 00016BD4 50 push eax 00016BD5 57 push edi 00016BD6 FF159C2F0200 call dword ptr [KeWaitForSingleObject] 00016BDC 57 push edi 00016BDD FFD6 call esi 00016BDF 68C6640100 push offset off_000164C6 00016BE4 loc_00016BE4: ; Xref 00016861 00016BE4 E827A50000 call jmp_DbgPrint 00016BE9 loc_00016BE9: ; Xref 0001658B 00016BE9 59 pop ecx 00016BEA loc_00016BEA: ; Xref 00016905 00016B8E 00016BEA 8B4314 mov eax,[ebx+14h] 00016BED 03430C add eax,[ebx+0Ch] 00016BF0 E997000000 jmp loc_00016C8C 00016BF5 loc_00016BF5: ; Xref 00016960 00016BF5 68CE640100 push offset off_000164CE 00016BFA E811A50000 call jmp_DbgPrint 00016BFF 80A68402000000 and byte ptr [esi+284h],0 00016C06 8B4318 mov eax,[ebx+18h] 00016C09 03C3 add eax,ebx 00016C0B C6430202 mov byte ptr [ebx+2],2 00016C0F 59 pop ecx 00016C10 8A4802 mov cl,[eax+2] 00016C13 80E1F5 and cl,0F5h 00016C16 80C905 or cl,5 00016C19 884802 mov [eax+2],cl 00016C1C 8B4514 mov eax,[ebp+14h] 00016C1F 832000 and dword ptr [eax],0 00016C22 E99B000000 jmp loc_00016CC2 00016C27 loc_00016C27: ; Xref 000168A2 00016C27 80A67D02000000 and byte ptr [esi+27Dh],0 00016C2E 807B2601 cmp byte ptr [ebx+26h],1 00016C32 7561 jnz loc_00016C95 00016C34 68D6640100 push offset off_000164D6 00016C39 E8D2A40000 call jmp_DbgPrint 00016C3E 80650E00 and byte ptr [ebp+0Eh],0 00016C42 80650F00 and byte ptr [ebp+0Fh],0 00016C46 59 pop ecx 00016C47 8D450E lea eax,[ebp+0Eh] 00016C4A 50 push eax 00016C4B 8B4510 mov eax,[ebp+10h] 00016C4E FF75FC push dword ptr [ebp-4] 00016C51 C6867C02000001 mov byte ptr [esi+27Ch],1 00016C58 8B88B8010000 mov ecx,[eax+1B8h] 00016C5E E8B5100000 call fn_00017D18 00016C63 68DE640100 push offset off_000164DE 00016C68 E8A3A40000 call jmp_DbgPrint 00016C6D 8B4314 mov eax,[ebx+14h] 00016C70 03C3 add eax,ebx 00016C72 C60001 mov byte ptr [eax],1 00016C75 59 pop ecx 00016C76 8A4D0E mov cl,[ebp+0Eh] 00016C79 884801 mov [eax+1],cl 00016C7C 8A4D0F mov cl,[ebp+0Fh] 00016C7F 884802 mov [eax+2],cl 00016C82 8B4314 mov eax,[ebx+14h] 00016C85 80630200 and byte ptr [ebx+2],0 00016C89 83C003 add eax,3 00016C8C loc_00016C8C: ; Xref 0001694D 00016BF0 00016C8C 8B4D14 mov ecx,[ebp+14h] 00016C8F 8901 mov [ecx],eax 00016C91 loc_00016C91: ; Xref 00016643 00016C91 33C0 xor eax,eax 00016C93 EB32 jmp loc_00016CC7 00016C95 loc_00016C95: ; Xref 00016C32 00016C95 68E6640100 push offset off_000164E6 00016C9A E871A40000 call jmp_DbgPrint 00016C9F 8B4318 mov eax,[ebx+18h] 00016CA2 03C3 add eax,ebx 00016CA4 C6430202 mov byte ptr [ebx+2],2 00016CA8 59 pop ecx 00016CA9 8A4802 mov cl,[eax+2] 00016CAC 80E1F5 and cl,0F5h 00016CAF 80C905 or cl,5 00016CB2 884802 mov [eax+2],cl 00016CB5 8B4514 mov eax,[ebp+14h] 00016CB8 832000 and dword ptr [eax],0 00016CBB 80A67C02000000 and byte ptr [esi+27Ch],0 00016CC2 loc_00016CC2: ; Xref 000165BD 00016898 000168DE 00016ACC 00016CC2 ; 00016C22 00016CC2 B8020000C0 mov eax,0C0000002h 00016CC7 loc_00016CC7: ; Xref 00016715 00016BBB 00016C93 00016CC7 5F pop edi 00016CC8 5E pop esi 00016CC9 5B pop ebx 00016CCA C9 leave 00016CCB C21000 ret 10h 00016CCE off_00016CCE: ; Xref 00016D37 00016CCE 5449204D73670A00 db 'TI Msg',00Ah,000h 00016CD6 off_00016CD6: ; Xref 00016D59 00016CD6 5449204D73670A00 db 'TI Msg',00Ah,000h 00016CDE off_00016CDE: ; Xref 00016D7D 00016CDE 5449204D73670A00 db 'TI Msg',00Ah,000h 00016CE6 off_00016CE6: ; Xref 00016DB6 00016CE6 5449204D73670A00 db 'TI Msg',00Ah,000h 00016CEE off_00016CEE: ; Xref 00016DFE 00016CEE 5449204D73670A00 db 'TI Msg',00Ah,000h 00016CF6 off_00016CF6: ; Xref 00016E82 00016CF6 5449204D73670A00 db 'TI Msg',00Ah,000h 00016CFE off_00016CFE: ; Xref 00016EBF 00016CFE 5449204D73670A00 db 'TI Msg',00Ah,000h 00016D06 off_00016D06: ; Xref 00016EE8 00016D06 5449204D73670A00 db 'TI Msg',00Ah,000h 00016D0E off_00016D0E: ; Xref 00016F41 00016D0E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016D16 off_00016D16: ; Xref 00016FB2 00016D16 5449204D73670A00 db 'TI Msg',00Ah,000h 00016D1E off_00016D1E: ; Xref 00016FBC 00016D1E 5449204D73670A00 db 'TI Msg',00Ah,000h 00016D26 fn_00016D26: ; Xref 00011983 00016D26 55 push ebp 00016D27 8BEC mov ebp,esp 00016D29 51 push ecx 00016D2A 8065FF00 and byte ptr [ebp-1],0 00016D2E 53 push ebx 00016D2F 56 push esi 00016D30 8B750C mov esi,[ebp+0Ch] 00016D33 8A4640 mov al,[esi+40h] 00016D36 57 push edi 00016D37 68CE6C0100 push offset off_00016CCE 00016D3C 88450F mov [ebp+0Fh],al 00016D3F E8CCA30000 call jmp_DbgPrint 00016D44 8B5D08 mov ebx,[ebp+8] 00016D47 8B7B0C mov edi,[ebx+0Ch] 00016D4A 8B470C mov eax,[edi+0Ch] 00016D4D 3D00020000 cmp eax,200h 00016D52 59 pop ecx 00016D53 7314 jnb loc_00016D69 00016D55 A803 test al,3 00016D57 7410 jz loc_00016D69 00016D59 68D66C0100 push offset off_00016CD6 00016D5E E8ADA30000 call jmp_DbgPrint 00016D63 59 pop ecx 00016D64 E9D8010000 jmp loc_00016F41 00016D69 loc_00016D69: ; Xref 00016D53 00016D57 00016D69 0FB6471C movzx eax,byte ptr [edi+1Ch] 00016D6D 83E828 sub eax,28h 00016D70 743B jz loc_00016DAD 00016D72 48 dec eax 00016D73 48 dec eax 00016D74 7437 jz loc_00016DAD 00016D76 2DA7000000 sub eax,0A7h 00016D7B 746D jz loc_00016DEA 00016D7D 68DE6C0100 push offset off_00016CDE 00016D82 E889A30000 call jmp_DbgPrint 00016D87 loc_00016D87: ; Xref 00016E0F 00016D87 8B4718 mov eax,[edi+18h] 00016D8A 03C7 add eax,edi 00016D8C C6470202 mov byte ptr [edi+2],2 00016D90 59 pop ecx 00016D91 8A4802 mov cl,[eax+2] 00016D94 80E1F5 and cl,0F5h 00016D97 80C905 or cl,5 00016D9A 884802 mov [eax+2],cl 00016D9D loc_00016D9D: ; Xref 00016F72 00016F81 00016F93 00016D9D 8B4514 mov eax,[ebp+14h] 00016DA0 832000 and dword ptr [eax],0 00016DA3 B8020000C0 mov eax,0C0000002h 00016DA8 E926020000 jmp loc_00016FD3 00016DAD loc_00016DAD: ; Xref 00016D70 00016D74 00016DAD 0FB64F20 movzx ecx,byte ptr [edi+20h] 00016DB1 33C0 xor eax,eax 00016DB3 8A671E mov ah,[edi+1Eh] 00016DB6 68E66C0100 push offset off_00016CE6 00016DBB C645FF01 mov byte ptr [ebp-1],1 00016DBF 8A471F mov al,[edi+1Fh] 00016DC2 C1E008 shl eax,8 00016DC5 0BC1 or eax,ecx 00016DC7 0FB64F21 movzx ecx,byte ptr [edi+21h] 00016DCB C1E008 shl eax,8 00016DCE 0BC1 or eax,ecx 00016DD0 898688020000 mov [esi+288h],eax 00016DD6 33C0 xor eax,eax 00016DD8 8A6723 mov ah,[edi+23h] 00016DDB 8A4724 mov al,[edi+24h] 00016DDE 89868C020000 mov [esi+28Ch],eax 00016DE4 E827A30000 call jmp_DbgPrint 00016DE9 59 pop ecx 00016DEA loc_00016DEA: ; Xref 00016D7B 00016DEA 80BE7C02000000 cmp byte ptr [esi+27Ch],0 00016DF1 7521 jnz loc_00016E14 00016DF3 8A471C mov al,[edi+1Ch] 00016DF6 3C28 cmp al,28h 00016DF8 741A jz loc_00016E14 00016DFA 3C2A cmp al,2Ah 00016DFC 7416 jz loc_00016E14 00016DFE 68EE6C0100 push offset off_00016CEE 00016E03 E808A30000 call jmp_DbgPrint 00016E08 80A68402000000 and byte ptr [esi+284h],0 00016E0F E973FFFFFF jmp loc_00016D87 00016E14 loc_00016E14: ; Xref 00016DF1 00016DF8 00016DFC 00016E14 807F1CD1 cmp byte ptr [edi+1Ch],0D1h 00016E18 7504 jnz loc_00016E1E 00016E1A 8065FF00 and byte ptr [ebp-1],0 00016E1E loc_00016E1E: ; Xref 00016E18 00016E1E 83A68002000000 and dword ptr [esi+280h],0 00016E25 80A68402000000 and byte ptr [esi+284h],0 00016E2C 899E64020000 mov [esi+264h],ebx 00016E32 807F0801 cmp byte ptr [edi+8],1 00016E36 7509 jnz loc_00016E41 00016E38 C6866802000001 mov byte ptr [esi+268h],1 00016E3F EB07 jmp loc_00016E48 00016E41 loc_00016E41: ; Xref 00016E36 00016E41 80A66802000000 and byte ptr [esi+268h],0 00016E48 loc_00016E48: ; Xref 00016E3F 00016E48 33C0 xor eax,eax 00016E4A 8A8668020000 mov al,[esi+268h] 00016E50 50 push eax 00016E51 FF770C push dword ptr [edi+0Ch] 00016E54 FF7714 push dword ptr [edi+14h] 00016E57 E8B6E5FFFF call fn_00015412 00016E5C 85C0 test eax,eax 00016E5E 898680020000 mov [esi+280h],eax 00016E64 0F84D7000000 je loc_00016F41 00016E6A 83A64C02000000 and dword ptr [esi+24Ch],0 00016E71 C6867D02000001 mov byte ptr [esi+27Dh],1 00016E78 C6868402000001 mov byte ptr [esi+284h],1 00016E7F 8B470C mov eax,[edi+0Ch] 00016E82 68F66C0100 push offset off_00016CF6 00016E87 898650020000 mov [esi+250h],eax 00016E8D 898648020000 mov [esi+248h],eax 00016E93 E878A20000 call jmp_DbgPrint 00016E98 8B8680020000 mov eax,[esi+280h] 00016E9E 59 pop ecx 00016E9F 8B4818 mov ecx,[eax+18h] 00016EA2 034810 add ecx,[eax+10h] 00016EA5 80A66002000000 and byte ptr [esi+260h],0 00016EAC B800600000 mov eax,6000h 00016EB1 398650020000 cmp [esi+250h],eax 00016EB7 898E58020000 mov [esi+258h],ecx 00016EBD 7611 jbe loc_00016ED0 00016EBF 68FE6C0100 push offset off_00016CFE 00016EC4 898648020000 mov [esi+248h],eax 00016ECA E841A20000 call jmp_DbgPrint 00016ECF 59 pop ecx 00016ED0 loc_00016ED0: ; Xref 00016EBD 00016ED0 8B8658020000 mov eax,[esi+258h] 00016ED6 8B8E48020000 mov ecx,[esi+248h] 00016EDC 25FF0F0000 and eax,0FFFh 00016EE1 8D9C08FF0F0000 lea ebx,[eax+ecx+0FFFh] 00016EE8 68066D0100 push offset off_00016D06 00016EED C1EB0C shr ebx,0Ch 00016EF0 E81BA20000 call jmp_DbgPrint 00016EF5 59 pop ecx 00016EF6 B102 mov cl,2 00016EF8 899E54020000 mov [esi+254h],ebx 00016EFE FF15842E0200 call dword ptr [KfRaiseIrql] 00016F04 807DFF00 cmp byte ptr [ebp-1],0 00016F08 8B4D10 mov ecx,[ebp+10h] 00016F0B 88450B mov [ebp+0Bh],al 00016F0E 0FB6450F movzx eax,byte ptr [ebp+0Fh] 00016F12 8B848190010000 mov eax,[ecx+eax*4+190h] 00016F19 8B5004 mov edx,[eax+4] 00016F1C 56 push esi 00016F1D 7507 jnz loc_00016F26 00016F1F 68A05B0100 push offset off_00015BA0 00016F24 EB05 jmp loc_00016F2B 00016F26 loc_00016F26: ; Xref 00016F1D 00016F26 6890620100 push offset off_00016290 00016F2B loc_00016F2B: ; Xref 00016F24 00016F2B 53 push ebx 00016F2C FF31 push dword ptr [ecx] 00016F2E 50 push eax 00016F2F FF5210 call dword ptr [edx+10h] 00016F32 8A4D0B mov cl,[ebp+0Bh] 00016F35 8BD8 mov ebx,eax 00016F37 FF15902E0200 call dword ptr [KfLowerIrql] 00016F3D 85DB test ebx,ebx 00016F3F 7D57 jge loc_00016F98 00016F41 loc_00016F41: ; Xref 00016D64 00016E64 00016F41 680E6D0100 push offset off_00016D0E 00016F46 E8C5A10000 call jmp_DbgPrint 00016F4B 8B4718 mov eax,[edi+18h] 00016F4E 03C7 add eax,edi 00016F50 C6470202 mov byte ptr [edi+2],2 00016F54 59 pop ecx 00016F55 8A4802 mov cl,[eax+2] 00016F58 80E1F5 and cl,0F5h 00016F5B 80C905 or cl,5 00016F5E 884802 mov [eax+2],cl 00016F61 80A67D02000000 and byte ptr [esi+27Dh],0 00016F68 8DBE80020000 lea edi,[esi+280h] 00016F6E 8B07 mov eax,[edi] 00016F70 85C0 test eax,eax 00016F72 0F8425FEFFFF je loc_00016D9D 00016F78 81C684020000 add esi,284h 00016F7E 803E00 cmp byte ptr [esi],0 00016F81 0F8416FEFFFF je loc_00016D9D 00016F87 802600 and byte ptr [esi],0 00016F8A 50 push eax 00016F8B E814E5FFFF call fn_000154A4 00016F90 832700 and dword ptr [edi],0 00016F93 E905FEFFFF jmp loc_00016D9D 00016F98 loc_00016F98: ; Xref 00016F3F 00016F98 33C0 xor eax,eax 00016F9A 50 push eax 00016F9B 50 push eax 00016F9C 50 push eax 00016F9D 50 push eax 00016F9E 81C66C020000 add esi,26Ch 00016FA4 56 push esi 00016FA5 FF159C2F0200 call dword ptr [KeWaitForSingleObject] 00016FAB 56 push esi 00016FAC FF15182F0200 call dword ptr [KeClearEvent] 00016FB2 68166D0100 push offset off_00016D16 00016FB7 E854A10000 call jmp_DbgPrint 00016FBC C704241E6D0100 mov dword ptr [esp],offset off_00016D1E 00016FC3 E848A10000 call jmp_DbgPrint 00016FC8 8B470C mov eax,[edi+0Ch] 00016FCB 59 pop ecx 00016FCC 8B4D14 mov ecx,[ebp+14h] 00016FCF 8901 mov [ecx],eax 00016FD1 33C0 xor eax,eax 00016FD3 loc_00016FD3: ; Xref 00016DA8 00016FD3 5F pop edi 00016FD4 5E pop esi 00016FD5 5B pop ebx 00016FD6 C9 leave 00016FD7 C21000 ret 10h 00016FDA off_00016FDA: ; Xref 0001701D 00016FDA 5449204D73670A00 db 'TI Msg',00Ah,000h 00016FE2 off_00016FE2: ; Xref 00017060 00016FE2 5449204D73670A00 db 'TI Msg',00Ah,000h 00016FEA off_00016FEA: ; Xref 0001706A 00016FEA 5449204D73670A00 db 'TI Msg',00Ah,000h 00016FF2 off_00016FF2: ; Xref 000170C1 00016FF2 5449204D73670A00 db 'TI Msg',00Ah,000h 00016FFA off_00016FFA: ; Xref 000170CB 00016FFA 5449204D73670A00 db 'TI Msg',00Ah,000h 00017002 off_00017002: ; Xref 000170DB 00017002 5449204D73670A00 db 'TI Msg',00Ah,000h 0001700A off_0001700A: ; Xref 000170E7 0001700A 5449204D73670A00 db 'TI Msg',00Ah,000h 00017012 fn_00017012: ; Xref 00021DB4 00021DD4 00021DF4 00021E13 00017012 55 push ebp 00017013 8BEC mov ebp,esp 00017015 81EC3C040000 sub esp,43Ch 0001701B 56 push esi 0001701C 57 push edi 0001701D 68DA6F0100 push offset off_00016FDA 00017022 C745FC01000000 mov dword ptr [ebp-4],1 00017029 E8E2A00000 call jmp_DbgPrint 0001702E FF7508 push dword ptr [ebp+8] 00017031 8B35142F0200 mov esi,[wcslen] 00017037 FFD6 call esi 00017039 FF7508 push dword ptr [ebp+8] 0001703C 33C0 xor eax,eax 0001703E B980000000 mov ecx,80h 00017043 8DBDC4FBFFFF lea edi,[ebp-43Ch] 00017049 F3AB rep stosd 0001704B FFD6 call esi 0001704D D1E0 shl eax,1 0001704F 50 push eax 00017050 FF7508 push dword ptr [ebp+8] 00017053 8D85C4FBFFFF lea eax,[ebp-43Ch] 00017059 50 push eax 0001705A FF15542F0200 call dword ptr [memmove] 00017060 68E26F0100 push offset off_00016FE2 00017065 E8A6A00000 call jmp_DbgPrint 0001706A 68EA6F0100 push offset off_00016FEA 0001706F E89CA00000 call jmp_DbgPrint 00017074 8B7510 mov esi,[ebp+10h] 00017077 83C420 add esp,20h 0001707A 6A0E push 0Eh 0001707C 59 pop ecx 0001707D 33C0 xor eax,eax 0001707F 6A04 push 4 00017081 8D7DC4 lea edi,[ebp-3Ch] 00017084 F3AB rep stosd 00017086 8B450C mov eax,[ebp+0Ch] 00017089 8945CC mov [ebp-34h],eax 0001708C 58 pop eax 0001708D 33FF xor edi,edi 0001708F 57 push edi 00017090 8945D4 mov [ebp-2Ch],eax 00017093 8945DC mov [ebp-24h],eax 00017096 57 push edi 00017097 8D45C4 lea eax,[ebp-3Ch] 0001709A 50 push eax 0001709B 8D85C4FBFFFF lea eax,[ebp-43Ch] 000170A1 50 push eax 000170A2 8D4DFC lea ecx,[ebp-4] 000170A5 6800000080 push 80000000h 000170AA C745C820000000 mov dword ptr [ebp-38h],20h 000170B1 8975D0 mov [ebp-30h],esi 000170B4 894DD8 mov [ebp-28h],ecx 000170B7 FF15502F0200 call dword ptr [RtlQueryRegistryValues] 000170BD 85C0 test eax,eax 000170BF 7C1A jl loc_000170DB 000170C1 68F26F0100 push offset off_00016FF2 000170C6 E845A00000 call jmp_DbgPrint 000170CB C70424FA6F0100 mov dword ptr [esp],offset off_00016FFA 000170D2 E839A00000 call jmp_DbgPrint 000170D7 33C0 xor eax,eax 000170D9 EB1D jmp loc_000170F8 000170DB loc_000170DB: ; Xref 000170BF 000170DB 6802700100 push offset off_00017002 000170E0 893E mov [esi],edi 000170E2 E829A00000 call jmp_DbgPrint 000170E7 C704240A700100 mov dword ptr [esp],offset off_0001700A 000170EE E81DA00000 call jmp_DbgPrint 000170F3 B8010000C0 mov eax,0C0000001h 000170F8 loc_000170F8: ; Xref 000170D9 000170F8 59 pop ecx 000170F9 5F pop edi 000170FA 5E pop esi 000170FB C9 leave 000170FC C20C00 ret 0Ch 000170FF CC int 3 00017100 off_00017100: ; Xref 00017143 00017100 5449204D73670A00 db 'TI Msg',00Ah,000h 00017108 off_00017108: ; Xref 0001719F 00017108 5449204D73670A00 db 'TI Msg',00Ah,000h 00017110 off_00017110: ; Xref 000171AE 00017110 5449204D73670A00 db 'TI Msg',00Ah,000h 00017118 fn_00017118: ; Xref 0001281D 00017118 55 push ebp 00017119 8BEC mov ebp,esp 0001711B 83EC24 sub esp,24h 0001711E 53 push ebx 0001711F 56 push esi 00017120 57 push edi 00017121 8D4508 lea eax,[ebp+8] 00017124 50 push eax 00017125 BE1F000200 mov esi,2001Fh 0001712A 56 push esi 0001712B 6A01 push 1 0001712D FF7508 push dword ptr [ebp+8] 00017130 FF15602F0200 call dword ptr [IoOpenDeviceRegistryKey] 00017136 8BF8 mov edi,eax 00017138 33DB xor ebx,ebx 0001713A 3BFB cmp edi,ebx 0001713C 7C61 jl loc_0001719F 0001713E 395D0C cmp [ebp+0Ch],ebx 00017141 745C jz loc_0001719F 00017143 6800710100 push offset off_00017100 00017148 E8C39F0000 call jmp_DbgPrint 0001714D 59 pop ecx 0001714E FF750C push dword ptr [ebp+0Ch] 00017151 8D45F4 lea eax,[ebp-0Ch] 00017154 50 push eax 00017155 FF15AC2E0200 call dword ptr [RtlInitUnicodeString] 0001715B 8B4508 mov eax,[ebp+8] 0001715E 53 push ebx 0001715F 53 push ebx 00017160 8945E0 mov [ebp-20h],eax 00017163 53 push ebx 00017164 8D45F4 lea eax,[ebp-0Ch] 00017167 8945E4 mov [ebp-1Ch],eax 0001716A 53 push ebx 0001716B 8D45DC lea eax,[ebp-24h] 0001716E 50 push eax 0001716F 56 push esi 00017170 8D45FC lea eax,[ebp-4] 00017173 50 push eax 00017174 C745DC18000000 mov dword ptr [ebp-24h],18h 0001717B C745E840020000 mov dword ptr [ebp-18h],240h 00017182 895DEC mov [ebp-14h],ebx 00017185 895DF0 mov [ebp-10h],ebx 00017188 FF155C2F0200 call dword ptr [ZwCreateKey] 0001718E 8BF8 mov edi,eax 00017190 3BFB cmp edi,ebx 00017192 7D1A jge loc_000171AE 00017194 FF7508 push dword ptr [ebp+8] 00017197 FF15A82E0200 call dword ptr [ZwClose] 0001719D EB0B jmp loc_000171AA 0001719F loc_0001719F: ; Xref 0001713C 00017141 0001719F 6808710100 push offset off_00017108 000171A4 E8679F0000 call jmp_DbgPrint 000171A9 59 pop ecx 000171AA loc_000171AA: ; Xref 0001719D 000171AA 3BFB cmp edi,ebx 000171AC 7C46 jl loc_000171F4 000171AE loc_000171AE: ; Xref 00017192 000171AE 6810710100 push offset off_00017110 000171B3 E8589F0000 call jmp_DbgPrint 000171B8 395D0C cmp [ebp+0Ch],ebx 000171BB 8B45FC mov eax,[ebp-4] 000171BE 59 pop ecx 000171BF 7503 jnz loc_000171C4 000171C1 8B4508 mov eax,[ebp+8] 000171C4 loc_000171C4: ; Xref 000171BF 000171C4 6A04 push 4 000171C6 8D4D14 lea ecx,[ebp+14h] 000171C9 51 push ecx 000171CA 6A04 push 4 000171CC FF7510 push dword ptr [ebp+10h] 000171CF 50 push eax 000171D0 6800000040 push 40000000h 000171D5 FF15582F0200 call dword ptr [RtlWriteRegistryValue] 000171DB 395D0C cmp [ebp+0Ch],ebx 000171DE 8BF8 mov edi,eax 000171E0 7409 jz loc_000171EB 000171E2 FF75FC push dword ptr [ebp-4] 000171E5 FF15A82E0200 call dword ptr [ZwClose] 000171EB loc_000171EB: ; Xref 000171E0 000171EB FF7508 push dword ptr [ebp+8] 000171EE FF15A82E0200 call dword ptr [ZwClose] 000171F4 loc_000171F4: ; Xref 000171AC 000171F4 8BC7 mov eax,edi 000171F6 5F pop edi 000171F7 5E pop esi 000171F8 5B pop ebx 000171F9 C9 leave 000171FA C21000 ret 10h 000171FD CC int 3 000171FE fn_000171FE: ; Xref 00010887 000110EC 00011313 000113B8 000171FE ; 000114EF 00011C79 00011F68 00012295 000171FE ; 000144A1 0002123D 0002127E 000212BE 000171FE ; 00021343 000213DB 0002144E 0002288B 000171FE 8B4C2404 mov ecx,[esp+4] 00017202 8B44240C mov eax,[esp+0Ch] 00017206 56 push esi 00017207 8B74240C mov esi,[esp+0Ch] 0001720B 32D2 xor dl,dl 0001720D 897118 mov [ecx+18h],esi 00017210 89411C mov [ecx+1Ch],eax 00017213 FF15BC2F0200 call dword ptr [IofCompleteRequest] 00017219 8BC6 mov eax,esi 0001721B 5E pop esi 0001721C C20C00 ret 0Ch 0001721F CC int 3 00017220 fn_00017220: ; Xref 0001411F 0001443E 00014481 000214B8 00017220 ; 00021521 00021574 000216E9 00021732 00017220 ; 0002189F 000218E5 00017220 8B4C2404 mov ecx,[esp+4] 00017224 56 push esi 00017225 8B74240C mov esi,[esp+0Ch] 00017229 32D2 xor dl,dl 0001722B 897118 mov [ecx+18h],esi 0001722E FF15BC2F0200 call dword ptr [IofCompleteRequest] 00017234 8BC6 mov eax,esi 00017236 5E pop esi 00017237 C20800 ret 8 0001723A off_0001723A: ; Xref 000143A9 00022C79 0001723A 6A00 db 'j',000h 0001723C 6A00 push 0 0001723E FF742414 push dword ptr [esp+14h] 00017242 FF15A02F0200 call dword ptr [KeSetEvent] 00017248 B8160000C0 mov eax,0C0000016h 0001724D C20C00 ret 0Ch 00017250 fn_00017250: ; Xref 00021724 000217A1 00017250 FF742408 push dword ptr [esp+8] 00017254 8B442408 mov eax,[esp+8] 00017258 83C044 add eax,44h 0001725B 50 push eax 0001725C FF15782F0200 call dword ptr [IoSetDeviceInterfaceState] 00017262 C20800 ret 8 00017265 CC int 3 00017266 fn_00017266: ; Xref 000215FA 00017266 56 push esi 00017267 8B742408 mov esi,[esp+8] 0001726B 6A00 push 0 0001726D 83C644 add esi,44h 00017270 56 push esi 00017271 FF15782F0200 call dword ptr [IoSetDeviceInterfaceState] 00017277 56 push esi 00017278 FF15642F0200 call dword ptr [RtlFreeUnicodeString] 0001727E 5E pop esi 0001727F C20400 ret 4 00017282 fn_00017282: ; Xref 000173BE 00018128 0001814E 00018184 00017282 ; 000181CE 00018241 00018266 0001835C 00017282 ; 00018627 00018679 0001877E 00018862 00017282 ; 00018A2A 00019571 00019862 00019880 00017282 ; 000198E4 00019989 000199E3 00019AD9 00017282 ; 0001A0A0 0001B269 0001B27D 0001B3D7 00017282 ; 0001B477 0001B4AD 0001B536 0001B55C 00017282 ; 0001B640 0001B764 0001B775 0001B7AF 00017282 ; 0001B7C0 0001C6D8 0001D66B 0001D7EF 00017282 ; 0001D81C 0001D82A 0001D8A3 0001D8B1 00017282 ; 0001DB80 0001E5BC 0001E8A2 0001E8C4 00017282 ; 0001EA59 0001EA9B 0001EAAB 0001EAF5 00017282 ; 0001EB05 0001EDAB 0001EDC3 0001EF0E 00017282 ; 0001EF19 0001F3F3 0001F452 0001F468 00017282 ; 0001F493 0001F4A9 0001F4BE 0001F52E 00017282 ; 0001F541 0001F5D0 0001F634 0001F662 00017282 ; 0001F678 0001F68D 0001F6F7 0001F71B 00017282 ; 0001F72D 0001F786 0001F7E2 0001F888 00017282 ; 0001F8A0 0001F905 0001F9A8 0001FA24 00017282 ; 0001FA3A 0001FA52 0001FB91 0001FBA7 00017282 ; 0001FBE9 0001FC10 0001FC25 0001FC74 00017282 ; 0001FD16 0001FD2C 0001FD41 00020276 00017282 ; 00020BDE 00020CA9 00020CE0 00020D1B 00017282 55 push ebp 00017283 8BEC mov ebp,esp 00017285 8B4508 mov eax,[ebp+8] 00017288 8B00 mov eax,[eax] 0001728A 5D pop ebp 0001728B C20400 ret 4 0001728E fn_0001728E: ; Xref 00018071 0001807F 000180AC 00019535 0001728E ; 00019B64 00019C90 0001A1B7 0001A39B 0001728E ; 0001A6BF 0001A6F3 0001A887 0001A999 0001728E ; 0001AB75 0001ABF1 0001AC55 0001AC84 0001728E ; 0001AC94 0001AD0B 0001ADA1 0001AE79 0001728E ; 0001AED2 0001AF57 0001AFBE 0001D236 0001728E ; 0001E4FD 000209D6 00020CC2 00020CD2 0001728E ; 00020D0D 0001728E 55 push ebp 0001728F 8BEC mov ebp,esp 00017291 8B4508 mov eax,[ebp+8] 00017294 668B00 mov ax,[eax] 00017297 5D pop ebp 00017298 C20400 ret 4 0001729B CC int 3 0001729C fn_0001729C: ; Xref 00017327 00017398 000173A8 000173FE 0001729C ; 00017501 00017635 00017733 00017FD8 0001729C ; 00018138 000181DB 000181E8 000181F8 0001729C ; 00018250 0001827D 00018293 000182A9 0001729C ; 000182BF 000182D5 000182EB 00018301 0001729C ; 00018317 0001832D 00018343 00018423 0001729C ; 0001847C 00018B00 000194E4 00019529 0001729C ; 00019563 0001963C 00019965 0001999E 0001729C ; 000199C2 000199D5 000199FE 00019A11 0001729C ; 00019A24 00019DAE 00019F3D 0001A0BC 0001729C ; 0001A56C 0001A90D 0001B077 0001B08D 0001729C ; 0001B1AF 0001B1BF 0001B1D5 0001B21F 0001729C ; 0001B239 0001B57B 0001D3E8 0001D3F8 0001729C ; 0001D410 0001DD29 0001DD39 0001DD51 0001729C ; 0001E54B 0001E561 0001E577 0001E58D 0001729C ; 0001E5A3 0001E5D8 0001E5ED 0001E776 0001729C ; 0001E842 0001F090 0001F0A0 0001F0B0 0001729C ; 0001F0C0 00020805 00020979 00020BD3 0001729C ; 00020BEE 0001729C 55 push ebp 0001729D 8BEC mov ebp,esp 0001729F 8B4508 mov eax,[ebp+8] 000172A2 8B4D0C mov ecx,[ebp+0Ch] 000172A5 8908 mov [eax],ecx 000172A7 5D pop ebp 000172A8 C20800 ret 8 000172AB CC int 3 000172AC fn_000172AC: ; Xref 00018093 000194A0 000194AE 000194C0 000172AC ; 00019551 000196B2 000196C0 00019712 000172AC ; 00019720 000197C2 000197D0 00019A7B 000172AC ; 00019AA2 00019B76 0001A1EA 0001A3B2 000172AC ; 0001A53D 0001A54B 0001A55D 0001A580 000172AC ; 0001A667 0001A674 0001A682 0001A690 000172AC ; 0001A6D7 0001A6E5 0001A70B 0001A719 000172AC ; 0001A8A4 0001A8B2 0001A8DE 0001A8EC 000172AC ; 0001A8FE 0001A923 0001A9B6 0001A9C4 000172AC ; 0001AB40 0001AC2C 0001ACC7 0001ACD5 000172AC ; 0001ACE6 0001ACF8 0001AD87 0001AD95 000172AC ; 0001AE44 0001AF0D 0001AFA4 0001AFB2 000172AC ; 0001BF74 0001BF85 0001C0C1 0001C0D2 000172AC ; 0001CCE1 0001CCF2 0001CFE6 0001CFF7 000172AC ; 0001D0E4 0001D0F1 0001D248 0001DBE2 000172AC ; 0001DBF3 0001E21C 0001E22D 0001E50F 000172AC ; 0001F4D9 0001F4E6 0001F649 0001F657 000172AC ; 0001F6A8 0001F6B5 0001FA06 0001FA14 000172AC ; 0001FC05 0001FCFD 0001FD0B 000207D3 000172AC ; 000207E1 000207F3 0002081A 000208D9 000172AC ; 000208E7 0002094B 00020959 00020967 000172AC ; 00020990 000209E3 000209F1 00020A39 000172AC ; 00020A47 00020B84 00020B92 000172AC 55 push ebp 000172AD 8BEC mov ebp,esp 000172AF 0FB7450C movzx eax,word ptr [ebp+0Ch] 000172B3 8B4D08 mov ecx,[ebp+8] 000172B6 8901 mov [ecx],eax 000172B8 5D pop ebp 000172B9 C20800 ret 8 000172BC off_000172BC: ; Xref 000172D3 000172BC 5449204D73670A00 db 'TI Msg',00Ah,000h 000172C4 fn_000172C4: ; Xref 00010B8E 000172C4 8B442404 mov eax,[esp+4] 000172C8 56 push esi 000172C9 8BF1 mov esi,ecx 000172CB 83661800 and dword ptr [esi+18h],0 000172CF 80661C00 and byte ptr [esi+1Ch],0 000172D3 68BC720100 push offset off_000172BC 000172D8 8906 mov [esi],eax 000172DA E8319E0000 call jmp_DbgPrint 000172DF 59 pop ecx 000172E0 6A04 push 4 000172E2 8D4E30 lea ecx,[esi+30h] 000172E5 8D4620 lea eax,[esi+20h] 000172E8 5A pop edx 000172E9 loc_000172E9: ; Xref 000172F4 000172E9 832000 and dword ptr [eax],0 000172EC 802100 and byte ptr [ecx],0 000172EF 83C004 add eax,4 000172F2 41 inc ecx 000172F3 4A dec edx 000172F4 75F3 jnz loc_000172E9 000172F6 C7463404000000 mov dword ptr [esi+34h],4 000172FD C6463802 mov byte ptr [esi+38h],2 00017301 8BC6 mov eax,esi 00017303 5E pop esi 00017304 C20400 ret 4 00017307 CC int 3 00017308 off_00017308: ; Xref 00017312 00017308 5449204D73670A00 db 'TI Msg',00Ah,000h 00017310 fn_00017310: ; Xref 00021933 00017310 53 push ebx 00017311 56 push esi 00017312 6808730100 push offset off_00017308 00017317 8BF1 mov esi,ecx 00017319 E8F29D0000 call jmp_DbgPrint 0001731E 8B06 mov eax,[esi] 00017320 59 pop ecx 00017321 6AFF push 0FFFFFFFFh 00017323 83C00C add eax,0Ch 00017326 50 push eax 00017327 E870FFFFFF call fn_0001729C 0001732C 32DB xor bl,bl 0001732E 837E3400 cmp dword ptr [esi+34h],0 00017332 761C jbe loc_00017350 00017334 33C0 xor eax,eax 00017336 loc_00017336: ; Xref 0001734E 00017336 8B448620 mov eax,[esi+eax*4+20h] 0001733A 85C0 test eax,eax 0001733C 7408 jz loc_00017346 0001733E 8B10 mov edx,[eax] 00017340 6A01 push 1 00017342 8BC8 mov ecx,eax 00017344 FF12 call dword ptr [edx] 00017346 loc_00017346: ; Xref 0001733C 00017346 FEC3 inc bl 00017348 0FB6C3 movzx eax,bl 0001734B 3B4634 cmp eax,[esi+34h] 0001734E 72E6 jb loc_00017336 00017350 loc_00017350: ; Xref 00017332 00017350 5E pop esi 00017351 5B pop ebx 00017352 C3 ret 00017353 CC int 3 00017354 off_00017354: ; Xref 0001736C 00017354 5449204D73670A00 db 'TI Msg',00Ah,000h 0001735C fn_0001735C: ; Xref 00010BDD 0001735C 8B442404 mov eax,[esp+4] 00017360 83F804 cmp eax,4 00017363 894134 mov [ecx+34h],eax 00017366 7404 jz loc_0001736C 00017368 80613800 and byte ptr [ecx+38h],0 0001736C loc_0001736C: ; Xref 00017366 0001736C 6854730100 push offset off_00017354 00017371 E89A9D0000 call jmp_DbgPrint 00017376 59 pop ecx 00017377 C20400 ret 4 0001737A off_0001737A: ; Xref 00017383 0001737A 5449204D73670A00 db 'TI Msg',00Ah,000h 00017382 fn_00017382: ; Xref 00010BF9 00017382 56 push esi 00017383 687A730100 push offset off_0001737A 00017388 8BF1 mov esi,ecx 0001738A E8819D0000 call jmp_DbgPrint 0001738F 8B06 mov eax,[esi] 00017391 59 pop ecx 00017392 6AFF push 0FFFFFFFFh 00017394 83C00C add eax,0Ch 00017397 50 push eax 00017398 E8FFFEFFFF call fn_0001729C 0001739D 8B06 mov eax,[esi] 0001739F 680F000080 push 8000000Fh 000173A4 83C008 add eax,8 000173A7 50 push eax 000173A8 E8EFFEFFFF call fn_0001729C 000173AD 5E pop esi 000173AE C3 ret 000173AF CC int 3 000173B0 fn_000173B0: ; Xref 00010917 000173B0 55 push ebp 000173B1 8BEC mov ebp,esp 000173B3 51 push ecx 000173B4 51 push ecx 000173B5 56 push esi 000173B6 8BF1 mov esi,ecx 000173B8 8B06 mov eax,[esi] 000173BA 83C014 add eax,14h 000173BD 50 push eax 000173BE E8BFFEFFFF call fn_00017282 000173C3 83F8FF cmp eax,0FFFFFFFFh 000173C6 894618 mov [esi+18h],eax 000173C9 0F843C010000 je loc_0001750B 000173CF 85C0 test eax,eax 000173D1 0F8434010000 je loc_0001750B 000173D7 B900000080 mov ecx,80000000h 000173DC 23C1 and eax,ecx 000173DE 3BC1 cmp eax,ecx 000173E0 53 push ebx 000173E1 0F94C3 sete bl 000173E4 807E1C00 cmp byte ptr [esi+1Ch],0 000173E8 0F850A010000 jne loc_000174F8 000173EE 84DB test bl,bl 000173F0 0F8402010000 je loc_000174F8 000173F6 8B06 mov eax,[esi] 000173F8 57 push edi 000173F9 51 push ecx 000173FA 83C00C add eax,0Ch 000173FD 50 push eax 000173FE E899FEFFFF call fn_0001729C 00017403 8B4E20 mov ecx,[esi+20h] 00017406 85C9 test ecx,ecx 00017408 7436 jz loc_00017440 0001740A 8B4618 mov eax,[esi+18h] 0001740D BA00000100 mov edx,10000h 00017412 8BF8 mov edi,eax 00017414 23FA and edi,edx 00017416 3BFA cmp edi,edx 00017418 0F9445F8 sete byte ptr [ebp-8] 0001741C BA00010000 mov edx,100h 00017421 23C2 and eax,edx 00017423 3BC2 cmp eax,edx 00017425 0F9445FC sete byte ptr [ebp-4] 00017429 807DF800 cmp byte ptr [ebp-8],0 0001742D 7506 jnz loc_00017435 0001742F 807DFC00 cmp byte ptr [ebp-4],0 00017433 740B jz loc_00017440 00017435 loc_00017435: ; Xref 0001742D 00017435 FF75FC push dword ptr [ebp-4] 00017438 8B01 mov eax,[ecx] 0001743A FF75F8 push dword ptr [ebp-8] 0001743D FF500C call dword ptr [eax+0Ch] 00017440 loc_00017440: ; Xref 00017408 00017433 00017440 8B4E24 mov ecx,[esi+24h] 00017443 85C9 test ecx,ecx 00017445 7436 jz loc_0001747D 00017447 8B4618 mov eax,[esi+18h] 0001744A BA00000200 mov edx,20000h 0001744F 8BF8 mov edi,eax 00017451 23FA and edi,edx 00017453 3BFA cmp edi,edx 00017455 0F9445F8 sete byte ptr [ebp-8] 00017459 BA00020000 mov edx,200h 0001745E 23C2 and eax,edx 00017460 3BC2 cmp eax,edx 00017462 0F9445FC sete byte ptr [ebp-4] 00017466 807DF800 cmp byte ptr [ebp-8],0 0001746A 7506 jnz loc_00017472 0001746C 807DFC00 cmp byte ptr [ebp-4],0 00017470 740B jz loc_0001747D 00017472 loc_00017472: ; Xref 0001746A 00017472 FF75FC push dword ptr [ebp-4] 00017475 8B01 mov eax,[ecx] 00017477 FF75F8 push dword ptr [ebp-8] 0001747A FF500C call dword ptr [eax+0Ch] 0001747D loc_0001747D: ; Xref 00017445 00017470 0001747D 8B4E28 mov ecx,[esi+28h] 00017480 85C9 test ecx,ecx 00017482 7436 jz loc_000174BA 00017484 8B4618 mov eax,[esi+18h] 00017487 BA00000400 mov edx,40000h 0001748C 8BF8 mov edi,eax 0001748E 23FA and edi,edx 00017490 3BFA cmp edi,edx 00017492 0F9445F8 sete byte ptr [ebp-8] 00017496 BA00040000 mov edx,400h 0001749B 23C2 and eax,edx 0001749D 3BC2 cmp eax,edx 0001749F 0F9445FC sete byte ptr [ebp-4] 000174A3 807DF800 cmp byte ptr [ebp-8],0 000174A7 7506 jnz loc_000174AF 000174A9 807DFC00 cmp byte ptr [ebp-4],0 000174AD 740B jz loc_000174BA 000174AF loc_000174AF: ; Xref 000174A7 000174AF FF75FC push dword ptr [ebp-4] 000174B2 8B01 mov eax,[ecx] 000174B4 FF75F8 push dword ptr [ebp-8] 000174B7 FF500C call dword ptr [eax+0Ch] 000174BA loc_000174BA: ; Xref 00017482 000174AD 000174BA 8B4E2C mov ecx,[esi+2Ch] 000174BD 85C9 test ecx,ecx 000174BF 7436 jz loc_000174F7 000174C1 8B4618 mov eax,[esi+18h] 000174C4 BA00000800 mov edx,80000h 000174C9 8BF8 mov edi,eax 000174CB 23FA and edi,edx 000174CD 3BFA cmp edi,edx 000174CF 0F9445F8 sete byte ptr [ebp-8] 000174D3 BA00080000 mov edx,800h 000174D8 23C2 and eax,edx 000174DA 3BC2 cmp eax,edx 000174DC 0F9445FC sete byte ptr [ebp-4] 000174E0 807DF800 cmp byte ptr [ebp-8],0 000174E4 7506 jnz loc_000174EC 000174E6 807DFC00 cmp byte ptr [ebp-4],0 000174EA 740B jz loc_000174F7 000174EC loc_000174EC: ; Xref 000174E4 000174EC FF75FC push dword ptr [ebp-4] 000174EF 8B01 mov eax,[ecx] 000174F1 FF75F8 push dword ptr [ebp-8] 000174F4 FF500C call dword ptr [eax+0Ch] 000174F7 loc_000174F7: ; Xref 000174BF 000174EA 000174F7 5F pop edi 000174F8 loc_000174F8: ; Xref 000173E8 000173F0 000174F8 8B06 mov eax,[esi] 000174FA FF7618 push dword ptr [esi+18h] 000174FD 83C014 add eax,14h 00017500 50 push eax 00017501 E896FDFFFF call fn_0001729C 00017506 8AC3 mov al,bl 00017508 5B pop ebx 00017509 EB02 jmp loc_0001750D 0001750B loc_0001750B: ; Xref 000173C9 000173D1 0001750B 32C0 xor al,al 0001750D loc_0001750D: ; Xref 00017509 0001750D 5E pop esi 0001750E C9 leave 0001750F C3 ret 00017510 off_00017510: ; Xref 0001756A 00017510 5449204D73670A00 db 'TI Msg',00Ah,000h 00017518 off_00017518: ; Xref 000175DB 00017518 5449204D73670A00 db 'TI Msg',00Ah,000h 00017520 off_00017520: ; Xref 000175F1 00017520 5449204D73670A00 db 'TI Msg',00Ah,000h 00017528 off_00017528: ; Xref 00017644 00017528 5449204D73670A00 db 'TI Msg',00Ah,000h 00017530 off_00017530: ; Xref 0001766C 00017530 5449204D73670A00 db 'TI Msg',00Ah,000h 00017538 off_00017538: ; Xref 000176A0 00017538 5449204D73670A00 db 'TI Msg',00Ah,000h 00017540 off_00017540: ; Xref 000176BE 00017540 5449204D73670A00 db 'TI Msg',00Ah,000h 00017548 off_00017548: ; Xref 00017738 00017548 5449204D73670A00 db 'TI Msg',00Ah,000h 00017550 fn_00017550: ; Xref 00010C2F 00017F8F 00017FA1 00017FB3 00017550 ; 00017FC5 0001820C 00017550 55 push ebp 00017551 8BEC mov ebp,esp 00017553 51 push ecx 00017554 51 push ecx 00017555 8065FF00 and byte ptr [ebp-1],0 00017559 53 push ebx 0001755A 0FB65D08 movzx ebx,byte ptr [ebp+8] 0001755E 56 push esi 0001755F 57 push edi 00017560 8D7B01 lea edi,[ebx+1] 00017563 8BF1 mov esi,ecx 00017565 C1E70A shl edi,0Ah 00017568 033E add edi,[esi] 0001756A 6810750100 push offset off_00017510 0001756F E89C9B0000 call jmp_DbgPrint 00017574 59 pop ecx 00017575 8B4C9E20 mov ecx,[esi+ebx*4+20h] 00017579 85C9 test ecx,ecx 0001757B 740C jz loc_00017589 0001757D E8E42B0000 call fn_0001A166 00017582 3C43 cmp al,43h 00017584 8845FE mov [ebp-2],al 00017587 743D jz loc_000175C6 00017589 loc_00017589: ; Xref 0001757B 00017589 6A20 push 20h 0001758B E874CDFFFF call fn_00014304 00017590 85C0 test eax,eax 00017592 59 pop ecx 00017593 740D jz loc_000175A2 00017595 57 push edi 00017596 8BC8 mov ecx,eax 00017598 E89D370000 call fn_0001AD3A 0001759D 8945F8 mov [ebp-8],eax 000175A0 EB04 jmp loc_000175A6 000175A2 loc_000175A2: ; Xref 00017593 000175A2 8365F800 and dword ptr [ebp-8],0 000175A6 loc_000175A6: ; Xref 000175A0 000175A6 8B4DF8 mov ecx,[ebp-8] 000175A9 E874380000 call fn_0001AE22 000175AE 8B4DF8 mov ecx,[ebp-8] 000175B1 E8B02B0000 call fn_0001A166 000175B6 8B4DF8 mov ecx,[ebp-8] 000175B9 85C9 test ecx,ecx 000175BB 8845FE mov [ebp-2],al 000175BE 7406 jz loc_000175C6 000175C0 8B01 mov eax,[ecx] 000175C2 6A01 push 1 000175C4 FF10 call dword ptr [eax] 000175C6 loc_000175C6: ; Xref 00017587 000175BE 000175C6 0FB645FE movzx eax,byte ptr [ebp-2] 000175CA 48 dec eax 000175CB 0F84ED000000 je loc_000176BE 000175D1 48 dec eax 000175D2 0F8494000000 je loc_0001766C 000175D8 48 dec eax 000175D9 7469 jz loc_00017644 000175DB 6818750100 push offset off_00017518 000175E0 E82B9B0000 call jmp_DbgPrint 000175E5 837C9E2000 cmp dword ptr [esi+ebx*4+20h],0 000175EA 59 pop ecx 000175EB C645FF83 mov byte ptr [ebp-1],83h 000175EF 7414 jz loc_00017605 000175F1 6820750100 push offset off_00017520 000175F6 E8159B0000 call jmp_DbgPrint 000175FB 59 pop ecx 000175FC 8B4C9E20 mov ecx,[esi+ebx*4+20h] 00017600 E8012C0000 call fn_0001A206 00017605 loc_00017605: ; Xref 000175EF 00017605 8BC3 mov eax,ebx 00017607 83E800 sub eax,0 0001760A 741E jz loc_0001762A 0001760C 48 dec eax 0001760D 7414 jz loc_00017623 0001760F 48 dec eax 00017610 740A jz loc_0001761C 00017612 48 dec eax 00017613 7525 jnz loc_0001763A 00017615 6800080800 push 80800h 0001761A EB13 jmp loc_0001762F 0001761C loc_0001761C: ; Xref 00017610 0001761C 6800040400 push 40400h 00017621 EB0C jmp loc_0001762F 00017623 loc_00017623: ; Xref 0001760D 00017623 6800020200 push 20200h 00017628 EB05 jmp loc_0001762F 0001762A loc_0001762A: ; Xref 0001760A 0001762A 6800010100 push 10100h 0001762F loc_0001762F: ; Xref 0001761A 00017621 00017628 0001762F 8B06 mov eax,[esi] 00017631 83C00C add eax,0Ch 00017634 50 push eax 00017635 E862FCFFFF call fn_0001729C 0001763A loc_0001763A: ; Xref 00017613 0001763A 8064333000 and byte ptr [ebx+esi+30h],0 0001763F E9AA000000 jmp loc_000176EE 00017644 loc_00017644: ; Xref 000175D9 00017644 6828750100 push offset off_00017528 00017649 E8C29A0000 call jmp_DbgPrint 0001764E 68F4000000 push 0F4h 00017653 E8ACCCFFFF call fn_00014304 00017658 85C0 test eax,eax 0001765A 59 pop ecx 0001765B 59 pop ecx 0001765C 0F8481000000 je loc_000176E3 00017662 57 push edi 00017663 8BC8 mov ecx,eax 00017665 E8640D0000 call fn_000183CE 0001766A EB79 jmp loc_000176E5 0001766C loc_0001766C: ; Xref 000175D2 0001766C 6830750100 push offset off_00017530 00017671 E89A9A0000 call jmp_DbgPrint 00017676 837E1400 cmp dword ptr [esi+14h],0 0001767A 59 pop ecx 0001767B 7423 jz loc_000176A0 0001767D 68D4000000 push 0D4h 00017682 E87DCCFFFF call fn_00014304 00017687 85C0 test eax,eax 00017689 59 pop ecx 0001768A 7457 jz loc_000176E3 0001768C 8A4D08 mov cl,[ebp+8] 0001768F 3A4E38 cmp cl,[esi+38h] 00017692 0F94C1 sete cl 00017695 51 push ecx 00017696 loc_00017696: ; Xref 000176BC 00017696 57 push edi 00017697 8BC8 mov ecx,eax 00017699 E8A63A0000 call fn_0001B144 0001769E EB45 jmp loc_000176E5 000176A0 loc_000176A0: ; Xref 0001767B 000176A0 6838750100 push offset off_00017538 000176A5 E8669A0000 call jmp_DbgPrint 000176AA 68D4000000 push 0D4h 000176AF E850CCFFFF call fn_00014304 000176B4 85C0 test eax,eax 000176B6 59 pop ecx 000176B7 59 pop ecx 000176B8 7429 jz loc_000176E3 000176BA 6A00 push 0 000176BC EBD8 jmp loc_00017696 000176BE loc_000176BE: ; Xref 000175CB 000176BE 6840750100 push offset off_00017540 000176C3 E8489A0000 call jmp_DbgPrint 000176C8 C7042414010000 mov dword ptr [esp],114h 000176CF E830CCFFFF call fn_00014304 000176D4 85C0 test eax,eax 000176D6 59 pop ecx 000176D7 740A jz loc_000176E3 000176D9 57