00401D59 ADD ESP,14
00401D5C TEST EDI,EDI
00401D5E JE cryptex.00401E39
00401D64 MOV ESI,DS:[<&KERNEL32.GetConsoleScreenBufferInfo>]
00401D6A LEA EBX,DS:[EBX]
00401D70 MOV EDX,DS:[40504C]
00401D76 LEA ECX,SS:[ESP+2C]
00401D7A PUSH ECX
00401D7B PUSH EDX
00401D7C CALL ESI
00401D7E FLD DWORD PTR SS:[ESP+10]
00401D82 SUB ESP,8
00401D85 FSTP QWORD PTR SS:[ESP]
00401D88 PUSH cryptex.00403320 ; ASCII “%2.2f percent
completed.”
00401D8D CALL EBP
00401D8F ADD ESP,0C
00401D92 CMP EDI,1
00401D95 MOV EAX,0FFC
00401D9A JA SHORT cryptex.00401DA1
00401D9C MOV EAX,DS:[405050]
00401DA1 PUSH 0
00401DA3 PUSH EAX
00401DA4 MOV EAX,SS:[ESP+24]
00401DA8 PUSH cryptex.00405054
00401DAD PUSH EAX
00401DAE CALL DS:[<&ADVAPI32.CryptHashData>]
00401DB4 TEST EAX,EAX
00401DB6 JE cryptex.00401EEE
00401DBC CMP EDI,1
00401DBF MOV EAX,0FFC
00401DC4 JA SHORT cryptex.00401DCB
00401DC6 MOV EAX,DS:[405050]
00401DCB MOV EDX,SS:[ESP+14]
00401DCF PUSH 0 ; /pOverlapped = NULL
00401DD1 LEA ECX,SS:[ESP+2C] ; |
00401DD5 PUSH ECX ; |pBytesWritten
00401DD6 PUSH EAX ; |nBytesToWrite
00401DD7 PUSH cryptex.00405054 ; |Buffer = cryptex.00405054
00401DDC PUSH EDX ; |hFile
00401DDD CALL DS:[<&KERNEL32.WriteFile>]
00401DE3 SUB EDI,1
00401DE6 JE SHORT cryptex.00401E00
00401DE8 MOV EAX,SS:[ESP+8C]
00401DEF MOV ECX,DS:[405050]
00401DF5 PUSH EAX
00401DF6 PUSH ECX
00401DF7 PUSH EBXListing 6.8 (continued)
Deciphering File Formats 231