; =========================================================================== _OSVERSIONINFOA struc ; (sizeof=0x94, standard type) dwOSVersionInfoSize dd ? dwMajorVersion dd ? dwMinorVersion dd ? dwBuildNumber dd ? dwPlatformId dd ? szCSDVersion db 128 dup(?) _OSVERSIONINFOA ends ; =========================================================================== MSG struc ; (sizeof=0x1C, standard type) hwnd dd ? ; offset message dd ? wParam dd ? lParam dd ? time dd ? pt POINT ? MSG ends ; =========================================================================== POINT struc ; (sizeof=0x8, standard type) x dd ? y dd ? POINT ends ; =========================================================================== tagMSG struc ; (sizeof=0x1C, standard type) hwnd dd ? ; offset message dd ? wParam dd ? lParam dd ? time dd ? pt POINT ? tagMSG ends ; =========================================================================== WNDCLASSA struc ; (sizeof=0x28, standard type) style dd ? lpfnWndProc dd ? ; offset cbClsExtra dd ? cbWndExtra dd ? hInstance dd ? ; offset hIcon dd ? ; offset hCursor dd ? ; offset hbrBackground dd ? ; offset lpszMenuName dd ? ; offset lpszClassName dd ? ; offset WNDCLASSA ends ; =========================================================================== _RTL_CRITICAL_SECTION struc ; (sizeof=0x18, standard type) DebugInfo dd ? ; offset LockCount dd ? RecursionCount dd ? OwningThread dd ? ; offset LockSemaphore dd ? ; offset SpinCount dd ? _RTL_CRITICAL_SECTION ends ; =========================================================================== _DISPLAY_DEVICEA struc ; (sizeof=0xA8, standard type) cb dd ? DeviceName db 32 dup(?) DeviceString db 128 dup(?) StateFlags dd ? _DISPLAY_DEVICEA ends ; =========================================================================== _SP_DEVICE_INTERFACE_DETAIL_DATA_A struc ; (sizeof=0x5, standard type) cbSize dd ? DevicePath db ? _SP_DEVICE_INTERFACE_DETAIL_DATA_A ends ; =========================================================================== _SP_DEVICE_INTERFACE_DATA struc ; (sizeof=0x1C, standard type) cbSize dd ? InterfaceClassGuid GUID ? Flags dd ? Reserved dd ? _SP_DEVICE_INTERFACE_DATA ends ; =========================================================================== _SP_DEVINFO_DATA struc ; (sizeof=0x1C, standard type) cbSize dd ? ClassGuid GUID ? DevInst dd ? Reserved dd ? _SP_DEVINFO_DATA ends ; =========================================================================== GUID struc ; (sizeof=0x10, standard type) Data1 dd ? Data2 dw ? Data3 dw ? Data4 db 8 dup(?) GUID ends ; =========================================================================== CPPEH_RECORD struc ; (sizeof=0x18, standard type) old_esp dd ? exc_ptr dd ? ; offset prev_er dd ? ; offset handler dd ? ; offset msEH_ptr dd ? ; offset disabled dd ? CPPEH_RECORD ends ; =========================================================================== _msExcept7 struc ; (sizeof=0x1C) Magic dd ? ; base 16 Count dd ? ; base 10 InfoPtr dd ? ; offset CountDtr dd ? ; base 10 DtrPtr dd ? ; offset _unk dd 2 dup(?) _msExcept7 ends ; =========================================================================== _msExcInfo struc ; (sizeof=0x8) Id dd ? ; base 10 Proc dd ? ; offset _msExcInfo ends ; =========================================================================== _msEH struc ; (sizeof=0xC) _unk dd ? ; base 16 FilterProc dd ? ; offset ExitProc dd ? ; offset _msEH ends ; =========================================================================== modelCapability struc ; (sizeof=0x10) modelType0 dd ? modelType1 dd ? modelCaps0 dd ? modelCaps1 dd ? modelCapability ends ; =========================================================================== modelSignature struc ; (sizeof=0x10) major db ? ; char minor db ? ; char unused02 dw ? unused04 dd ? unused08 dd ? modelType dd ? ; base 16 modelSignature ends ; =========================================================================== modelSignature_legacy struc ; (sizeof=0x18) name db 20 dup(?) ; string(C) modelType dd ? modelSignature_legacy ends ; =========================================================================== struc_6 struc ; (sizeof=0x58) db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined db ? ; undefined anonymous_0 db ? struc_6 ends ; =========================================================================== struct_0 struc ; (sizeof=0x4) anonymous_0 dd ? struct_0 ends ; =========================================================================== keyFlags struc ; (sizeof=0x58) key dd ? key2 dd ? flag01 dd ? flag02 dd ? flag03 dd ? flag04 dd ? flag05 dd ? flag06 dd ? flag07 dd ? flag08 dd ? flag09 dd ? flag0A dd ? flag0B dd ? flag0C dd ? flag0D dd ? flag0E dd ? flag0F dd ? flag10 dd ? flag11 dd ? flag12 dd ? flag13 dd ? flag14 dd ? keyFlags ends ; =========================================================================== runtimeFunctionality struc ; (sizeof=0x70) x000 dd ? x004 dd ? x008 dd ? x00C dd ? x010 dd ? x014 dd ? x018 dd ? x01C dd ? x020 dd ? x024 dd ? x028 dd ? x02C dd ? x030 dd ? x034 dd ? x038 dd ? x03C dd ? x040 dd ? x044 dd ? x048 dd ? x04C dd ? x050 dd ? x054 dd ? x058 dd ? x05C dd ? x060 dd ? x064 dd ? x068 dd ? x06C dd ? runtimeFunctionality ends ; ; 浜様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; This file is generated by The Interactive Disassembler (IDA) ; Copyright (c) 2006 by DataRescue sa/nv, ; 藩様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; ; Input MD5 : B7ABD8175EDAF8DEA455942555BF0C27 ; OS type : MS Windows ; Application type: DLL 32bit unicode macro page,string,zero irpc c, db '&c', page endm ifnb dw zero endif endm .686p .mmx .model flat ; File Name : C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll ; Format : Portable executable for 80386 (PE) ; Imagebase : 10000000 ; Section 1. (virtual address 00001000) ; Virtual size : 00008DA0 ( 36256.) ; Section size in file : 00009000 ( 36864.) ; Offset to raw data for section: 00001000 ; Flags 60000020: Text Executable Readable ; Alignment : default ; OS type : MS Windows ; Application type: DLL 32bit ; 様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; Segment type: Pure code _text segment para public 'CODE' use32 assume cs:_text ;org 201000h assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing ; *************** S U B R O U T I N E *************************************** getVideoJumpTable01Ex proc near ; CODE XREF: sub_2010C0+3 ; sub_201480+3 ... mov eax, ecx mov dword ptr [eax], offset videoJumpTable01 retn getVideoJumpTable01Ex endp ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** getVideoJumpTable01 proc near ; CODE XREF: deleteArrayOfPointersVideo01+3 ; getVideoJumpTable02+6 ... mov dword ptr [ecx], offset videoJumpTable01 retn getVideoJumpTable01 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** callTableFunc02 proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable04 arg0 = dword ptr 8 arg1 = byte ptr 0Ch mov edx, dword ptr [esp+arg1] mov eax, [ecx] push edx mov edx, [esp+4+arg0] push edx call dword ptr [eax+8] retn 0Ch callTableFunc02 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** doNothingPop08_Return0 proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable02 ... xor eax, eax retn 8 doNothingPop08_Return0 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** callTableFunc03 proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable04 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push edx call dword ptr [eax+0Ch] retn 8 callTableFunc03 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** callTableFunc05 proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable04 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push edx call dword ptr [eax+14h] retn 8 callTableFunc05 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** jmpTableFunc0B proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable02 ... mov eax, [ecx] jmp dword ptr [eax+2Ch] jmpTableFunc0B endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** jmpTableFunc0C proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable02 ... mov eax, [ecx] jmp dword ptr [eax+30h] jmpTableFunc0C endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** callTableFunc0C proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable04 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push edx call dword ptr [eax+30h] retn 8 callTableFunc0C endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** deleteArrayOfPointersVideo01 proc near ; DATA XREF: .rdata:videoJumpTable01 bDontDelete = byte ptr 8 push esi mov esi, ecx call getVideoJumpTable01 test [esp+bDontDelete], 1 jz short exit push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 exit: ; CODE XREF: deleteArrayOfPointersVideo01+D mov eax, esi pop esi retn 4 deleteArrayOfPointersVideo01 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2010C0 proc near ; CODE XREF: OpenDeviceLCD+8C push esi mov esi, ecx call getVideoJumpTable01Ex mov dword ptr [esi], offset videoJumpTable02 mov eax, esi pop esi retn sub_2010C0 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** getVideoJumpTable02 proc near ; CODE XREF: deleteArrayOfPointersVideo02+3 mov dword ptr [ecx], offset videoJumpTable02 jmp getVideoJumpTable01 getVideoJumpTable02 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** callSN06orSXBIOS_A084_0100 proc near ; DATA XREF: .rdata:videoJumpTable02 var_30 = dword ptr -30h arg4_copy = dword ptr -2Ch var_20 = dword ptr -20h var_18 = dword ptr -18h var_14 = dword ptr -14h arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov ecx, activeProfile_FunctionsClassFlags sub esp, 30h test ecx, ecx push esi mov esi, [esp+34h+arg_4] jz short loc_201132 xor eax, eax mov [esp+34h+var_30], eax mov [esp+34h+arg4_copy], eax lea eax, [esp+34h+var_30] push eax mov eax, [esp+38h+arg_0] mov word ptr [esp+38h+var_30], 0A084h mov word ptr [esp+38h+var_30+2], 100h mov word ptr [esp+38h+arg4_copy], si mov edx, [ecx] push eax call dword ptr [edx+54h] ; SNC.SN06() ? test eax, eax jnz short loc_201178 loc_201132: ; CODE XREF: callSN06orSXBIOS_A084_0100+10 push edi xor eax, eax mov ecx, 9 lea edi, [esp+3Ch+arg4_copy] rep stosd push 26h ; '&' lea ecx, [esp+40h+arg4_copy] push ecx stosw push 0 push 32h ; '2' mov dword ptr [esp+3Ch], 0A084h mov dword ptr [esp+30h], 100h mov [esp+4Ch+var_14], esi call callSXBIOSifNoDMI mov eax, [esp+3Ch] and eax, 0FF00h add esp, 10h neg eax sbb eax, eax inc eax pop edi loc_201178: ; CODE XREF: callSN06orSXBIOS_A084_0100+40 pop esi add esp, 30h retn 8 callSN06orSXBIOS_A084_0100 endp ; sp = -4 ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** callSN06orSXBIOS_A082_0007 proc near ; DATA XREF: .rdata:videoJumpTable02 var_38 = dword ptr -38h var_34 = word ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 mov ecx, activeProfile_FunctionsClassFlags sub esp, 30h test ecx, ecx push ebx push esi mov ebx, 0A082h jz doSXBIOScall mov esi, [esp+38h+arg_0] xor eax, eax mov [esp+38h+var_30], eax mov [esp+38h+var_2C], eax lea eax, [esp+38h+var_30] push eax mov word ptr [esp+3Ch+var_30], bx mov word ptr [esp+3Ch+var_30+2], 7 mov edx, [ecx] push esi call dword ptr [edx+54h] ; SNC.SN06() ? test eax, eax jz short doSXBIOScall mov cl, byte ptr [esp+38h+var_2C] mov eax, [esp+40h] and cl, 0Fh cmp cl, 3 jnz short loc_2011EA test eax, eax jnz short loc_2011E1 mov eax, [esp+44h] test eax, eax jnz loc_2012CE loc_2011E1: ; CODE XREF: callSN06orSXBIOS_A082_0007+53 mov word ptr [esp+38h+var_2C], 0 jmp short loc_201201 ; =========================================================================== loc_2011EA: ; CODE XREF: callSN06orSXBIOS_A082_0007+4F test eax, eax jnz short loc_2011FA mov eax, [esp+44h] test eax, eax jz loc_2012CE loc_2011FA: ; CODE XREF: callSN06orSXBIOS_A082_0007+6C mov word ptr [esp+38h+var_2C], 303h loc_201201: ; CODE XREF: callSN06orSXBIOS_A082_0007+68 mov ecx, activeProfile_FunctionsClassFlags lea eax, [esp+38h+var_30] push eax mov word ptr [esp+3Ch+var_30], bx mov word ptr [esp+3Ch+var_30+2], 107h mov edx, [ecx] push esi call dword ptr [edx+54h] ; SNC.SN06() ? test eax, eax jnz loc_2012D3 doSXBIOScall: ; CODE XREF: callSN06orSXBIOS_A082_0007+12 ; callSN06orSXBIOS_A082_0007+3F push edi xor eax, eax mov ecx, 9 lea edi, [esp+44h+var_30] rep stosd push 26h ; '&' lea ecx, [esp+48h+var_30] push ecx stosw push 0 push 32h ; '2' mov [esp+40h], ebx mov [esp+54h+var_20], 7 call callSXBIOSifNoDMI mov eax, [esp+40h] add esp, 10h mov esi, 0FF00h test eax, esi pop edi jnz short loc_2012C4 mov edx, [esp+28h] mov eax, [esp+40h] and edx, 0Fh cmp dl, 3 jnz short loc_201289 test eax, eax jnz short loc_20127F mov eax, [esp+40h+arg_0] test eax, eax jnz short loc_2012CE loc_20127F: ; CODE XREF: callSN06orSXBIOS_A082_0007+F5 mov dword ptr [esp+28h], 0 jmp short loc_20129D ; =========================================================================== loc_201289: ; CODE XREF: callSN06orSXBIOS_A082_0007+F1 test eax, eax jnz short loc_201295 mov eax, [esp+40h+arg_0] test eax, eax jz short loc_2012CE loc_201295: ; CODE XREF: callSN06orSXBIOS_A082_0007+10B mov dword ptr [esp+28h], 303h loc_20129D: ; CODE XREF: callSN06orSXBIOS_A082_0007+107 push 26h ; '&' lea eax, [esp+44h+var_30] push eax push 0 push 32h ; '2' mov [esp+3Ch], ebx mov [esp+50h+var_20], 107h call callSXBIOSifNoDMI mov eax, [esp+3Ch] add esp, 10h test eax, esi jz short loc_2012CE loc_2012C4: ; CODE XREF: callSN06orSXBIOS_A082_0007+E1 pop esi xor eax, eax pop ebx add esp, 30h retn 0Ch ; =========================================================================== loc_2012CE: ; CODE XREF: callSN06orSXBIOS_A082_0007+5B ; callSN06orSXBIOS_A082_0007+74 ... mov eax, 1 loc_2012D3: ; CODE XREF: callSN06orSXBIOS_A082_0007+A0 pop esi pop ebx add esp, 30h retn 0Ch callSN06orSXBIOS_A082_0007 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** callSN06orSXBIOS_A084 proc near ; DATA XREF: .rdata:videoJumpTable02 var_36 = dword ptr -36h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_20 = dword ptr -20h var_14 = dword ptr -14h arg_0 = dword ptr 4 mov ecx, activeProfile_FunctionsClassFlags sub esp, 30h xor eax, eax test ecx, ecx push esi jz exit mov [esp+34h+var_30], eax mov [esp+34h+var_2C], eax mov word ptr [esp+34h+var_30+2], ax lea eax, [esp+34h+var_30] push eax mov eax, [esp+38h+arg_0] mov word ptr [esp+38h+var_30], 0A084h mov edx, [ecx] push eax call dword ptr [edx+54h] ; SNC.SN06() ? mov ecx, [esp+34h+var_30+2] mov esi, [esp+3Ch] and ecx, 0FFh test eax, eax mov [esi], ecx jz short exit push edi xor eax, eax mov ecx, 9 lea edi, [esp+10h] rep stosd push 26h ; '&' lea edx, [esp+14h] push edx stosw push 0 push 32h ; '2' mov dword ptr [esp+3Ch], 0A084h mov dword ptr [esp+30h], 0 call callSXBIOSifNoDMI mov eax, [esp+3Ch] add esp, 10h test ah, 0FFh pop edi jz short loc_201371 xor eax, eax pop esi add esp, 30h retn 8 ; =========================================================================== loc_201371: ; CODE XREF: callSN06orSXBIOS_A084+86 mov eax, [esp+1Ch] and eax, 0FFh mov [esi], eax mov eax, 1 exit: ; CODE XREF: callSN06orSXBIOS_A084+E ; callSN06orSXBIOS_A084+49 pop esi add esp, 30h retn 8 callSN06orSXBIOS_A084 endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** callSN06orSXBIOS_A083_000F proc near ; DATA XREF: .rdata:videoJumpTable02 var_34 = word ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_20 = dword ptr -20h var_18 = dword ptr -18h var_14 = dword ptr -14h arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov ecx, activeProfile_FunctionsClassFlags sub esp, 30h test ecx, ecx push esi mov esi, [esp+34h+arg_4] jz short loc_2013D9 xor eax, eax mov [esp+34h+var_30], eax mov [esp+34h+var_2C], eax mov word ptr [esp+34h+var_30+2], ax lea eax, [esp+34h+var_30] push eax mov eax, [esp+38h+arg_0] mov word ptr [esp+38h+var_30], 0A083h mov word ptr [esp+38h+var_2C], 0Fh mov edx, [ecx] push eax call dword ptr [edx+54h] ; SNC.SN06() ? test eax, eax movzx ecx, word ptr [esp+38h+var_30] mov [esi], ecx jnz short loc_20142D loc_2013D9: ; CODE XREF: callSN06orSXBIOS_A083_000F+10 push edi xor eax, eax mov ecx, 9 lea edi, [esp+3Ch+var_2C] rep stosd push 26h ; '&' lea edx, [esp+40h+var_2C] push edx stosw push 0 push 32h ; '2' mov dword ptr [esp+3Ch], 0A083h mov dword ptr [esp+30h], 0 mov [esp+4Ch+var_14], 0Fh call callSXBIOSifNoDMI mov eax, [esp+3Ch] add esp, 10h test ah, 0FFh pop edi jz short loc_201422 xor eax, eax jmp short loc_20142D ; =========================================================================== loc_201422: ; CODE XREF: callSN06orSXBIOS_A083_000F+8C mov eax, [esp+38h+var_14] mov [esi], eax mov eax, 1 loc_20142D: ; CODE XREF: callSN06orSXBIOS_A083_000F+47 ; callSN06orSXBIOS_A083_000F+90 mov edx, [esi] xor ecx, ecx test dl, 3 jz short loc_20143B mov ecx, 2 loc_20143B: ; CODE XREF: callSN06orSXBIOS_A083_000F+A4 test dl, 4 jz short loc_201443 or ecx, 1 loc_201443: ; CODE XREF: callSN06orSXBIOS_A083_000F+AE test dl, 8 jz short loc_20144B or ecx, 8 loc_20144B: ; CODE XREF: callSN06orSXBIOS_A083_000F+B6 test dl, 30h jz short loc_201453 or ecx, 4 loc_201453: ; CODE XREF: callSN06orSXBIOS_A083_000F+BE mov [esi], ecx pop esi add esp, 30h retn 8 callSN06orSXBIOS_A083_000F endp ; sp = -4 ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** deleteArrayOfPointersVideo02 proc near ; DATA XREF: .rdata:videoJumpTable02 bDontDelete = byte ptr 8 push esi mov esi, ecx call getVideoJumpTable02 test [esp+bDontDelete], 1 jz short exit push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 exit: ; CODE XREF: deleteArrayOfPointersVideo02+D mov eax, esi pop esi retn 4 deleteArrayOfPointersVideo02 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_201480 proc near ; CODE XREF: OpenDeviceLCD+46 push esi mov esi, ecx call getVideoJumpTable01Ex mov dword ptr [esi], offset videoJumpTable03 mov eax, esi pop esi retn sub_201480 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** getVideoJumpTable03 proc near ; CODE XREF: deleteArrayOfPointersVideo03+3 mov dword ptr [ecx], offset videoJumpTable03 jmp getVideoJumpTable01 getVideoJumpTable03 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** callSN06orSXBIOS_5F61_0100 proc near ; DATA XREF: .rdata:videoJumpTable03 var_38 = dword ptr -38h var_34 = word ptr -34h var_32 = word ptr -32h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_24 = dword ptr -24h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 mov ecx, activeProfile_FunctionsClassFlags sub esp, 30h push ebp xor ebp, ebp cmp ecx, ebp push esi jz loc_201557 mov esi, [esp+38h+arg_0] xor eax, eax mov [esp+38h+var_30], eax mov [esp+38h+var_2C], eax lea eax, [esp+38h+var_30] push eax mov word ptr [esp+3Ch+var_30], 5F61h mov word ptr [esp+3Ch+var_30+2], 100h mov edx, [ecx] push esi call dword ptr [edx+54h] ; SNC.SN06() ? cmp eax, ebp jz short loc_201557 test byte ptr [esp+38h+var_2C], 4 mov eax, [esp+40h] jz short loc_201515 cmp eax, ebp jnz short loc_201509 cmp [esp+44h], ebp jnz loc_2015F8 loc_201509: ; CODE XREF: callSN06orSXBIOS_5F61_0100+4D mov word ptr [esp+38h+var_2C], bp mov word ptr [esp+38h+var_2C+2], bp jmp short loc_201532 ; =========================================================================== loc_201515: ; CODE XREF: callSN06orSXBIOS_5F61_0100+49 cmp eax, ebp jnz short loc_201523 cmp [esp+44h], ebp jz loc_2015F8 loc_201523: ; CODE XREF: callSN06orSXBIOS_5F61_0100+67 mov eax, 6 mov word ptr [esp+38h+var_2C], ax mov word ptr [esp+38h+var_2C+2], ax loc_201532: ; CODE XREF: callSN06orSXBIOS_5F61_0100+63 mov ecx, activeProfile_FunctionsClassFlags lea eax, [esp+38h+var_30] push eax mov word ptr [esp+3Ch+var_30], 5F61h mov word ptr [esp+3Ch+var_30+2], bp mov edx, [ecx] push esi call dword ptr [edx+54h] ; SNC.SN06() ? cmp eax, ebp jnz loc_2015F8 loc_201557: ; CODE XREF: callSN06orSXBIOS_5F61_0100+F ; callSN06orSXBIOS_5F61_0100+3E push edi xor eax, eax mov ecx, 9 lea edi, [esp+44h+var_30] rep stosd push 26h ; '&' lea ecx, [esp+48h+var_30] push ecx stosw push ebp push 32h ; '2' mov dword ptr [esp+40h], 5F61h mov [esp+54h+var_20], 100h call callSXBIOSifNoDMI mov al, [esp+40h] add esp, 10h cmp al, 5Fh ; '_' pop edi jnz short loc_2015EE test byte ptr [esp+28h], 4 mov eax, [esp+40h] jz short loc_2015B1 cmp eax, ebp jnz short loc_2015A7 cmp [esp+40h+arg_0], ebp jnz short loc_2015F8 loc_2015A7: ; CODE XREF: callSN06orSXBIOS_5F61_0100+EF mov [esp+28h], ebp mov [esp+40h+var_1C], ebp jmp short loc_2015C8 ; =========================================================================== loc_2015B1: ; CODE XREF: callSN06orSXBIOS_5F61_0100+EB cmp eax, ebp jnz short loc_2015BB cmp [esp+40h+arg_0], ebp jz short loc_2015F8 loc_2015BB: ; CODE XREF: callSN06orSXBIOS_5F61_0100+103 mov eax, 6 mov [esp+28h], eax mov [esp+40h+var_1C], eax loc_2015C8: ; CODE XREF: callSN06orSXBIOS_5F61_0100+FF push 26h ; '&' lea edx, [esp+44h+var_30] push edx push ebp push 32h ; '2' mov dword ptr [esp+3Ch], 5F61h mov [esp+50h+var_20], ebp call callSXBIOSifNoDMI mov al, [esp+3Ch] add esp, 10h cmp al, 5Fh ; '_' jz short loc_2015F8 loc_2015EE: ; CODE XREF: callSN06orSXBIOS_5F61_0100+E0 pop esi xor eax, eax pop ebp add esp, 30h retn 0Ch ; =========================================================================== loc_2015F8: ; CODE XREF: callSN06orSXBIOS_5F61_0100+53 ; callSN06orSXBIOS_5F61_0100+6D ... pop esi mov eax, 1 pop ebp add esp, 30h retn 0Ch callSN06orSXBIOS_5F61_0100 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** callSN06orSXBIOS_5F64_0100 proc near ; DATA XREF: .rdata:videoJumpTable03 var_34 = word ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_20 = dword ptr -20h var_18 = dword ptr -18h var_14 = dword ptr -14h arg_0 = dword ptr 4 arg_4 = dword ptr 8 sub esp, 30h push ebx mov ebx, [esp+34h+arg_4] push esi xor esi, esi mov [ebx], esi mov ecx, activeProfile_FunctionsClassFlags test ecx, ecx jz short loc_201659 xor eax, eax mov [esp+38h+var_30], eax mov [esp+38h+var_2C], eax lea eax, [esp+38h+var_30] push eax mov eax, [esp+3Ch+arg_0] mov word ptr [esp+3Ch+var_30], 5F64h mov word ptr [esp+3Ch+var_30+2], 100h mov edx, [ecx] push eax call dword ptr [edx+54h] ; SNC.SN06() ? mov esi, eax test esi, esi movzx eax, word ptr [esp+3Ch+var_30] jnz short loc_20169E loc_201659: ; CODE XREF: callSN06orSXBIOS_5F64_0100+15 push edi xor eax, eax mov ecx, 9 lea edi, [esp+40h+var_2C] rep stosd push 26h ; '&' lea ecx, [esp+44h+var_2C] push ecx stosw push 0 push 32h ; '2' mov dword ptr [esp+40h], 5F64h mov dword ptr [esp+34h], 100h call callSXBIOSifNoDMI mov al, [esp+40h] add esp, 10h cmp al, 5Fh ; '_' pop edi jnz short loc_2016BB mov eax, [esp+3Ch+var_14] mov esi, 1 loc_20169E: ; CODE XREF: callSN06orSXBIOS_5F64_0100+47 test al, 1 jz short loc_2016A5 or dword ptr [ebx], 2 loc_2016A5: ; CODE XREF: callSN06orSXBIOS_5F64_0100+90 test al, 2 jz short loc_2016AC or dword ptr [ebx], 4 loc_2016AC: ; CODE XREF: callSN06orSXBIOS_5F64_0100+97 test al, 4 jz short loc_2016B3 or dword ptr [ebx], 8 loc_2016B3: ; CODE XREF: callSN06orSXBIOS_5F64_0100+9E test ah, 8 jz short loc_2016BB or dword ptr [ebx], 1 loc_2016BB: ; CODE XREF: callSN06orSXBIOS_5F64_0100+83 ; callSN06orSXBIOS_5F64_0100+A6 mov eax, esi pop esi pop ebx add esp, 30h retn 8 callSN06orSXBIOS_5F64_0100 endp ; sp = -4 ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** callSN06orSXBIOS_5F64_0200 proc near ; DATA XREF: .rdata:videoJumpTable03 var_34 = word ptr -34h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_20 = dword ptr -20h var_18 = dword ptr -18h var_14 = dword ptr -14h arg_0 = dword ptr 4 arg_4 = dword ptr 8 sub esp, 30h push ebx mov ebx, [esp+34h+arg_4] push esi xor esi, esi mov [ebx], esi mov ecx, activeProfile_FunctionsClassFlags test ecx, ecx jz short loc_20171E xor eax, eax mov [esp+38h+var_30], eax mov [esp+38h+var_2C], eax mov word ptr [esp+38h+var_2C], ax lea eax, [esp+38h+var_30] push eax mov eax, [esp+3Ch+arg_0] mov word ptr [esp+3Ch+var_30], 5F64h mov word ptr [esp+3Ch+var_30+2], 200h mov edx, [ecx] push eax call dword ptr [edx+54h] ; SNC.SN06() ? mov esi, eax test esi, esi movzx eax, word ptr [esp+3Ch+var_30] jnz short loc_20176B loc_20171E: ; CODE XREF: callSN06orSXBIOS_5F64_0200+15 push edi xor eax, eax mov ecx, 9 lea edi, [esp+40h+var_2C] rep stosd push 26h ; '&' lea ecx, [esp+44h+var_2C] push ecx stosw push 0 push 32h ; '2' mov dword ptr [esp+40h], 5F64h mov dword ptr [esp+34h], 200h mov [esp+50h+var_14], 0 call callSXBIOSifNoDMI mov al, [esp+40h] add esp, 10h cmp al, 5Fh ; '_' pop edi jnz short loc_20178B mov eax, [esp+3Ch+var_14] mov esi, 1 loc_20176B: ; CODE XREF: callSN06orSXBIOS_5F64_0200+4C test ah, 1 jz short loc_201773 or dword ptr [ebx], 2 loc_201773: ; CODE XREF: callSN06orSXBIOS_5F64_0200+9E test ah, 2 jz short loc_20177B or dword ptr [ebx], 4 loc_20177B: ; CODE XREF: callSN06orSXBIOS_5F64_0200+A6 test ah, 4 jz short loc_201783 or dword ptr [ebx], 8 loc_201783: ; CODE XREF: callSN06orSXBIOS_5F64_0200+AE test ah, 8 jz short loc_20178B or dword ptr [ebx], 1 loc_20178B: ; CODE XREF: callSN06orSXBIOS_5F64_0200+90 ; callSN06orSXBIOS_5F64_0200+B6 mov eax, esi pop esi pop ebx add esp, 30h retn 8 callSN06orSXBIOS_5F64_0200 endp ; sp = -4 ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** method_SODV proc near ; DATA XREF: .rdata:videoJumpTable03 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, [esp+arg_4] mov ecx, activeProfile_FunctionsClassFlags push esi mov [esp+4+arg_4], eax mov edx, [ecx] push 56444F53h lea eax, [esp+8+arg_4] push eax mov eax, [esp+0Ch+arg_0] push eax xor esi, esi call dword ptr [edx+28h] test eax, eax jz short loc_2017D8 cmp [esp+4+arg_4], 0FFFFh mov eax, 1 jnz short loc_2017DA loc_2017D8: ; CODE XREF: method_SODV+27 mov eax, esi loc_2017DA: ; CODE XREF: method_SODV+36 pop esi retn 8 method_SODV endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** deleteArrayOfPointersVideo03 proc near ; DATA XREF: .rdata:videoJumpTable03 bDontDelete = byte ptr 8 push esi mov esi, ecx call getVideoJumpTable03 test [esp+bDontDelete], 1 jz short exit push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 exit: ; CODE XREF: deleteArrayOfPointersVideo03+D mov eax, esi pop esi retn 4 deleteArrayOfPointersVideo03 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_201800 proc near ; CODE XREF: OpenDeviceLCD+69 push esi push edi mov esi, ecx call getVideoJumpTable01Ex xor eax, eax mov [esi+4], eax mov [esi+8], eax mov [esi+0Ch], eax lea edi, [esi+10h] mov dword ptr [esi], offset videoJumpTable04 mov ecx, 9 rep stosd pop edi mov eax, esi pop esi retn sub_201800 endp ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** getVideoJumpTable04 proc near ; CODE XREF: deleteArrayOfPointersVideo04+3 push esi mov esi, ecx mov eax, [esi+4] test eax, eax mov dword ptr [esi], offset videoJumpTable04 jz short exit push eax ; hLibModule call ds:FreeLibrary mov dword ptr [esi+4], 0 exit: ; CODE XREF: getVideoJumpTable04+E mov ecx, esi pop esi jmp getVideoJumpTable01 getVideoJumpTable04 endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** sub_201860 proc near ; DATA XREF: .rdata:videoJumpTable04 push esi mov esi, ecx mov eax, [esi+4] test eax, eax jz short loc_20187C mov ecx, [esi+8] test ecx, ecx jz short loc_201878 mov ecx, [esi+0Ch] test ecx, ecx jnz short loc_2018BD loc_201878: ; CODE XREF: sub_201860+F test eax, eax jnz short loc_20188E loc_20187C: ; CODE XREF: sub_201860+8 push offset aNvcpl_dll ; "NvCpl.dll" call ds:LoadLibraryA test eax, eax mov [esi+4], eax jz short loc_2018D2 loc_20188E: ; CODE XREF: sub_201860+1A mov eax, [esi+4] push edi mov edi, ds:GetProcAddress push offset aNvgetpanelbrig ; "NvGetPanelBrightness" push eax ; hModule call edi ; GetProcAddress mov ecx, [esi+4] push offset aNvsetpanelbrig ; "NvSetPanelBrightness" push ecx ; hModule mov [esi+8], eax call edi ; GetProcAddress mov ecx, [esi+8] test ecx, ecx mov [esi+0Ch], eax pop edi jz short loc_2018C4 test eax, eax jz short loc_2018C4 loc_2018BD: ; CODE XREF: sub_201860+16 mov eax, 1 pop esi retn ; =========================================================================== loc_2018C4: ; CODE XREF: sub_201860+57 ; sub_201860+5B mov dword ptr [esi+8], 0 mov dword ptr [esi+0Ch], 0 loc_2018D2: ; CODE XREF: sub_201860+2C xor eax, eax pop esi retn sub_201860 endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2018E0 proc near ; DATA XREF: .rdata:videoJumpTable04 var_14 = byte ptr -14h var_13 = byte ptr -13h var_12 = byte ptr -12h var_11 = byte ptr -11h var_10 = byte ptr -10h var_F = byte ptr -0Fh var_E = byte ptr -0Eh var_D = byte ptr -0Dh var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = byte ptr -4 arg_0 = dword ptr 4 sub esp, 0Ch push esi mov esi, ecx mov eax, [esi+30h] test eax, eax jnz exit mov dword ptr [esi+10h], 340000h mov dword ptr [esi+14h], 3E0035h mov dword ptr [esi+18h], 4B003Fh mov dword ptr [esi+1Ch], 5C004Ch mov dword ptr [esi+20h], 75005Dh mov dword ptr [esi+24h], 890076h mov dword ptr [esi+28h], 0A3008Ah mov dword ptr [esi+2Ch], 0C300A4h mov dword ptr [esi+30h], 0FF00C4h ; this creates an 18-entry table with the values: ; 00,34,35,3E,3F,4B,4C,5C,5D, ; 75,76,89,8A,A3,A4,C3,C4,FF call getMachineID cmp eax, 42h ; 'B' ; model type 66 jnz short notModelType66 call getResultOfSXBIOScall_0034 ; model type 66 cmp eax, 6 jnz exit mov dword ptr [esi+10h], 0 mov dword ptr [esi+14h], 0E0001h mov dword ptr [esi+18h], 1C000Fh mov dword ptr [esi+1Ch], 35001Dh mov dword ptr [esi+20h], 550036h mov dword ptr [esi+24h], 770056h mov dword ptr [esi+28h], 0A10078h mov dword ptr [esi+2Ch], 0CF00A2h mov dword ptr [esi+30h], 0FF00D0h ; this fills an 18-entry table with: ; 00,00,01,0E,0F,1C,1D,35,36, ; 55,56,77,78,A1,A2,CF,D0,FF pop esi add esp, 0Ch retn 4 ; =========================================================================== notModelType66: ; CODE XREF: sub_2018E0+58 cmp eax, 43h ; 'C' ; model type 67 jz short modelType67_69_70_73_76 cmp eax, 45h ; 'E' ; model type 69 jz short modelType67_69_70_73_76 cmp eax, 46h ; 'F' ; model type 70 jz short modelType67_69_70_73_76 cmp eax, 49h ; 'I' ; model type 73 jz short modelType67_69_70_73_76 cmp eax, 4Ch ; 'L' ; model type 76 jnz exit modelType67_69_70_73_76: ; CODE XREF: sub_2018E0+B1 ; sub_2018E0+B6 ... mov ecx, activeProfile_FunctionsClassFlags xor eax, eax mov [esp+10h+var_C], eax mov [esp+10h+var_8], eax mov [esp+10h+var_4], al mov edx, [ecx] lea eax, [esp+10h+var_C] push eax mov eax, [esp+14h+arg_0] push eax call dword ptr [edx+58h] ; SNC.SN07() or SN06() test eax, eax jz exit mov al, byte ptr [esp+10h+var_C] movzx dx, al movzx ecx, al mov al, byte ptr [esp+10h+var_C+1] shl ecx, 10h mov [esi+10h], ecx inc edx movzx ecx, dx movzx edx, al movzx ax, al shl edx, 10h or ecx, edx mov [esi+14h], ecx inc eax movzx ecx, ax mov al, byte ptr [esp+10h+var_C+2] movzx edx, al movzx ax, al shl edx, 10h or ecx, edx mov [esi+18h], ecx inc eax movzx ecx, ax mov al, byte ptr [esp+10h+var_C+3] movzx edx, al movzx ax, al shl edx, 10h or ecx, edx mov [esi+1Ch], ecx inc eax movzx ecx, ax mov al, byte ptr [esp+10h+var_8] movzx edx, al movzx ax, al shl edx, 10h or ecx, edx mov [esi+20h], ecx inc eax movzx ecx, ax mov al, byte ptr [esp+10h+var_8+1] movzx edx, al movzx ax, al shl edx, 10h or ecx, edx mov [esi+24h], ecx inc eax movzx ecx, ax mov al, byte ptr [esp+10h+var_8+2] movzx edx, al movzx ax, al shl edx, 10h or ecx, edx mov [esi+28h], ecx inc eax movzx ecx, ax mov al, byte ptr [esp+10h+var_8+3] movzx edx, al movzx ax, al shl edx, 10h or ecx, edx movzx edx, [esp+10h+var_4] mov [esi+2Ch], ecx inc eax movzx ecx, ax shl edx, 10h or ecx, edx mov [esi+30h], ecx exit: ; CODE XREF: sub_2018E0+B ; sub_2018E0+62 ... pop esi add esp, 0Ch retn 4 sub_2018E0 endp ; *************** S U B R O U T I N E *************************************** returnValueAtIndex_offsetBase03 proc near ; DATA XREF: .rdata:videoJumpTable04 index = byte ptr 4 mov eax, dword ptr [esp+index] movzx eax, word ptr [ecx+eax*4+12h] retn 4 returnValueAtIndex_offsetBase03 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** testArrayReturnIndex_1_8 proc near ; DATA XREF: .rdata:videoJumpTable04 arg_0 = dword ptr 4 mov edx, [esp+arg_0] test edx, edx push esi mov eax, 8 ; default return value jl short loc_201ACC movzx esi, word ptr [ecx+12h] cmp edx, esi jg short loc_201ACC xor eax, eax pop esi retn 4 ; =========================================================================== loc_201ACC: ; CODE XREF: testArrayReturnIndex_1_8+C ; testArrayReturnIndex_1_8+14 movzx esi, word ptr [ecx+14h] cmp esi, edx jg short loc_201AE5 movzx esi, word ptr [ecx+16h] cmp edx, esi jg short loc_201AE5 mov eax, 1 pop esi retn 4 ; =========================================================================== loc_201AE5: ; CODE XREF: testArrayReturnIndex_1_8+22 ; testArrayReturnIndex_1_8+2A movzx esi, word ptr [ecx+18h] cmp esi, edx jg short loc_201AFE movzx esi, word ptr [ecx+1Ah] cmp edx, esi jg short loc_201AFE mov eax, 2 pop esi retn 4 ; =========================================================================== loc_201AFE: ; CODE XREF: testArrayReturnIndex_1_8+3B ; testArrayReturnIndex_1_8+43 movzx esi, word ptr [ecx+1Ch] cmp esi, edx jg short loc_201B17 movzx esi, word ptr [ecx+1Eh] cmp edx, esi jg short loc_201B17 mov eax, 3 pop esi retn 4 ; =========================================================================== loc_201B17: ; CODE XREF: testArrayReturnIndex_1_8+54 ; testArrayReturnIndex_1_8+5C movzx esi, word ptr [ecx+20h] cmp esi, edx jg short loc_201B30 movzx esi, word ptr [ecx+22h] cmp edx, esi jg short loc_201B30 mov eax, 4 pop esi retn 4 ; =========================================================================== loc_201B30: ; CODE XREF: testArrayReturnIndex_1_8+6D ; testArrayReturnIndex_1_8+75 movzx esi, word ptr [ecx+24h] cmp esi, edx jg short loc_201B49 movzx esi, word ptr [ecx+26h] cmp edx, esi jg short loc_201B49 mov eax, 5 pop esi retn 4 ; =========================================================================== loc_201B49: ; CODE XREF: testArrayReturnIndex_1_8+86 ; testArrayReturnIndex_1_8+8E movzx esi, word ptr [ecx+28h] cmp esi, edx jg short loc_201B62 movzx esi, word ptr [ecx+2Ah] cmp edx, esi jg short loc_201B62 mov eax, 6 pop esi retn 4 ; =========================================================================== loc_201B62: ; CODE XREF: testArrayReturnIndex_1_8+9F ; testArrayReturnIndex_1_8+A7 movzx esi, word ptr [ecx+2Ch] cmp esi, edx jg short loc_201B7B movzx esi, word ptr [ecx+2Eh] cmp edx, esi jg short loc_201B7B mov eax, 7 pop esi retn 4 ; =========================================================================== loc_201B7B: ; CODE XREF: testArrayReturnIndex_1_8+B8 ; testArrayReturnIndex_1_8+C0 movzx ecx, word ptr [ecx+30h] cmp ecx, edx jg short loc_201B88 mov eax, 8 loc_201B88: ; CODE XREF: testArrayReturnIndex_1_8+D1 pop esi retn 4 testArrayReturnIndex_1_8 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** callTableFunc10_0F_0E proc near ; DATA XREF: .rdata:videoJumpTable04 var_40 = dword ptr -40h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_24 = dword ptr -24h var_10 = dword ptr -10h arg_0 = dword ptr 4 sub esp, 10h push esi mov esi, ecx mov eax, [esi] call dword ptr [eax+40h] test eax, eax jnz short loc_201BA6 pop esi add esp, 10h retn 8 ; =========================================================================== loc_201BA6: ; CODE XREF: callTableFunc10_0F_0E+D mov eax, [esp+14h+arg_0] mov edx, [esi] push edi push eax mov ecx, esi call dword ptr [edx+3Ch] mov eax, [esp+20h] mov edx, [esi] push eax mov ecx, esi call dword ptr [edx+38h] push 8 lea ecx, [esp+14h] push ecx push 3 push 1 push 0 mov edi, eax call dword ptr [esi+8] mov edx, [esp+10h] push 8 sub edi, edx lea edx, [esp+0Ch] push edx push 1 push 1 push 0 mov [esp+1Ch], edi mov dword ptr [esp+20h], 0 call dword ptr [esi+0Ch] push 8 lea eax, [esp+0Ch] push eax push 2 push 1 push 0 call dword ptr [esi+0Ch] pop edi mov eax, 1 pop esi add esp, 10h retn 8 callTableFunc10_0F_0E endp ; sp = -10h ; *************** S U B R O U T I N E *************************************** callTableFunc10_0F proc near ; DATA XREF: .rdata:videoJumpTable04 var_20 = dword ptr -20h var_14 = dword ptr -14h var_C = dword ptr -0Ch arg_0 = dword ptr 4 sub esp, 8 push esi mov esi, ecx mov eax, [esi] call dword ptr [eax+40h] test eax, eax jnz short loc_201C26 pop esi add esp, 8 retn 8 ; =========================================================================== loc_201C26: ; CODE XREF: callTableFunc10_0F+D mov eax, [esp+0Ch+arg_0] mov edx, [esi] push eax mov ecx, esi call dword ptr [edx+3Ch] push 8 lea ecx, [esp+8] push ecx push 3 push 1 push 0 call dword ptr [esi+8] mov eax, [esp+4] mov edx, [esi] push eax mov ecx, esi call dword ptr [edx+34h] mov ecx, [esp+14h] mov [ecx], eax mov eax, 1 pop esi add esp, 8 retn 8 callTableFunc10_0F endp ; *************** S U B R O U T I N E *************************************** deleteArrayOfPointersVideo04 proc near ; DATA XREF: .rdata:videoJumpTable04 bDontDelete = byte ptr 8 push esi mov esi, ecx call getVideoJumpTable04 test [esp+bDontDelete], 1 jz short exit push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 exit: ; CODE XREF: deleteArrayOfPointersVideo04+D mov eax, esi pop esi retn 4 deleteArrayOfPointersVideo04 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** SXBIOS_Init proc near ; CODE XREF: SnyUtils_Init+23 mov ecx, offset libDataSXBIOSstruct mov MachineID, 0 call SXBIOS_Load test eax, eax jz short doUseDMI mov eax, 1 mov dont_use_DMI, eax retn ; =========================================================================== doUseDMI: ; CODE XREF: SXBIOS_Init+16 mov ecx, offset libDataSXBIOSstruct mov dont_use_DMI, 0 call Unload_Library mov eax, 1 retn SXBIOS_Init endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** unloadDMIlibraryConditional proc near ; CODE XREF: unload+5 mov eax, dont_use_DMI test eax, eax jz short locret_201CDD mov ecx, offset libDataSXBIOSstruct call Unload_Library mov dont_use_DMI, 0 locret_201CDD: ; CODE XREF: unloadDMIlibraryConditional+7 retn unloadDMIlibraryConditional endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** setMachineID proc near ; CODE XREF: SnyUtils_Init+51 machineID = byte ptr 4 mov eax, dword ptr [esp+machineID] mov MachineID, eax retn setMachineID endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** Get_TestMachineID proc near ; CODE XREF: getMachineID+18 hKey = dword ptr -10h cbData = dword ptr -0Ch Type = dword ptr -8 Data = dword ptr -4 sub esp, 10h push edi lea eax, [esp+14h+hKey] push eax ; phkResult push 1 ; samDesired xor edi, edi push edi ; ulOptions push offset SubKey ; "SOFTWARE\\Sony Corporation\\Shared Info\\S"... push 80000002h ; hKey call ds:RegOpenKeyExA test eax, eax jnz short loc_201D71 mov eax, [esp+14h+hKey] push esi mov esi, ds:RegQueryValueExA lea ecx, [esp+18h+cbData] push ecx ; lpcbData push edi ; lpData lea edx, [esp+20h+Type] push edx ; lpType push edi ; lpReserved push offset ValueName ; "dwTestMachineID" push eax ; hKey mov [esp+30h+Type], 4 mov [esp+30h+cbData], edi mov [esp+30h+Data], edi call esi ; RegQueryValueExA lea ecx, [esp+18h+cbData] push ecx ; lpcbData mov ecx, [esp+1Ch+hKey] lea edx, [esp+1Ch+Data] push edx ; lpData lea eax, [esp+20h+Type] push eax ; lpType push edi ; lpReserved push offset ValueName ; "dwTestMachineID" push ecx ; hKey call esi ; RegQueryValueExA test eax, eax pop esi jnz short loc_201D66 mov edi, [esp+14h+Data] loc_201D66: ; CODE XREF: Get_TestMachineID+70 mov edx, [esp+14h+hKey] push edx ; hKey call ds:RegCloseKey loc_201D71: ; CODE XREF: Get_TestMachineID+20 mov eax, edi pop edi add esp, 10h retn Get_TestMachineID endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** getStringFromArrayByIndex proc near ; CODE XREF: DMI_GetMachineID+1F2 ; DMI_GetMachineID+277 dmiBuffer = dword ptr 4 string = dword ptr 8 countOffset = byte ptr 0Ch mov eax, dword ptr [esp+countOffset] mov ecx, [esp+dmiBuffer] movzx ecx, byte ptr [ecx+eax] test ecx, ecx jz short exitFalse mov eax, [esp+string] dec ecx ; count test ecx, ecx jle short exit lea esp, [esp+0] scan: ; CODE XREF: getStringFromArrayByIndex+25 ; getStringFromArrayByIndex+2F mov dl, [eax] inc eax test dl, dl jnz short scan cmp byte ptr [eax], 0 jz short exitFalse dec ecx test ecx, ecx jg short scan retn 0Ch ; =========================================================================== exitFalse: ; CODE XREF: getStringFromArrayByIndex+E ; getStringFromArrayByIndex+2A xor eax, eax exit: ; CODE XREF: getStringFromArrayByIndex+17 retn 0Ch getStringFromArrayByIndex endp ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame DMI_GetMachineID proc near ; CODE XREF: getMachineID:using_DMI Type = dword ptr -264h cbData = dword ptr -260h Machine_Type = dword ptr -25Ch hKey = dword ptr -258h countDeviceIterations= dword ptr -254h BytesReturned = dword ptr -250h var_24C = dword ptr -24Ch inputBuffer = dword ptr -248h var_244 = word ptr -244h InBuffer = dword ptr -240h OutBuffer = dword ptr -23Ch var_238 = word ptr -238h var_236 = dword ptr -236h var_230 = dword ptr -230h BIOS_SeriesMajor= byte ptr -22Bh BIOS_SeriesMinor= byte ptr -22Ah bios_codename = dword ptr -224h FileName = dword ptr -210h var_20C = byte ptr -20Ch var_20B = dword ptr -20Bh Data = dword ptr -108h push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 268h push ebx push ebp push esi push edi lea eax, [esp+278h+hKey] push eax ; phkResult push 1 ; samDesired xor ebx, ebx push ebx ; ulOptions push offset aSoftwareSonyCo ; "SOFTWARE\\Sony Corporation\\Shared Info\\S"... push 80000002h ; hKey mov [esp+28Ch+var_24C], ecx mov [esp+28Ch+Machine_Type], ebx mov [esp+28Ch+BytesReturned], ebx xor edi, edi call ds:RegOpenKeyExA test eax, eax jnz exitFalse mov eax, [esp+278h+hKey] mov esi, ds:RegQueryValueExA lea ecx, [esp+278h+cbData] push ecx ; lpcbData push ebx ; lpData lea edx, [esp+280h+Type] push edx ; lpType push ebx ; lpReserved push offset aDmicall ; "dmicall" push eax ; hKey mov [esp+290h+Type], 1 mov [esp+290h+cbData], ebx call esi ; RegQueryValueExA lea ecx, [esp+278h+cbData] push ecx ; lpcbData mov ecx, [esp+27Ch+hKey] lea edx, [esp+27Ch+Data] push edx ; lpData lea eax, [esp+280h+Type] push eax ; lpType push ebx ; lpReserved push offset aDmicall ; "dmicall" push ecx ; hKey call esi ; RegQueryValueExA test eax, eax jnz short loc_201E52 mov edi, 1 loc_201E52: ; CODE XREF: DMI_GetMachineID+8B mov edx, [esp+278h+hKey] push edx ; hKey call ds:RegCloseKey cmp edi, ebx jz exitFalse mov eax, ds:device_path_root mov cl, ds:byte_20A7E0 mov [esp+278h+FileName], eax mov [esp+278h+var_20C], cl xor eax, eax mov ecx, 3Fh ; '?' lea edi, [esp+278h+var_20B] rep stosd stosw stosb lea eax, [esp+278h+Data] mov edx, eax scanForEndOfStringA: ; CODE XREF: DMI_GetMachineID+D6 mov cl, [eax] inc eax cmp cl, bl jnz short scanForEndOfStringA lea edi, [esp+278h+FileName] sub eax, edx dec edi nop scanForEndOfStringB: ; CODE XREF: DMI_GetMachineID+E6 mov cl, [edi+1] inc edi cmp cl, bl jnz short scanForEndOfStringB mov ecx, eax shr ecx, 2 push ebx ; hTemplateFile mov esi, edx rep movsd push 80h ; '' ; dwFlagsAndAttributes push 3 ; dwCreationDisposition push ebx ; lpSecurityAttributes push ebx ; dwShareMode mov ecx, eax push ebx ; dwDesiredAccess lea edx, [esp+290h+FileName] and ecx, 3 push edx ; lpFileName rep movsb call ds:CreateFileA mov edi, eax cmp edi, 0FFFFFFFFh jz exitFalse push ebx ; lpOverlapped lea eax, [esp+27Ch+BytesReturned] push eax ; lpBytesReturned push 0Ch ; nOutBufferSize lea ecx, [esp+284h+OutBuffer] push ecx ; lpOutBuffer push 4 ; nInBufferSize lea edx, [esp+28Ch+InBuffer] push edx ; lpInBuffer push 220000h ; dwIoControlCode push edi ; hDevice mov word ptr [esp+298h+InBuffer], 50h ; 'P' call ds:DeviceIoControl test eax, eax jz exitDeviceFailed cmp byte ptr [esp+278h+OutBuffer], bl jnz exitDeviceFailed movzx ebp, [esp+278h+var_238] add ebp, 3 push ebp ; size_t call malloc mov esi, eax add esp, 4 cmp esi, ebx jz exitDeviceFailed mov eax, [esp+278h+var_236] shr eax, 4 cmp word ptr [esp+278h+OutBuffer+2], bx mov word ptr [esp+278h+inputBuffer], 51h ; 'Q' mov word ptr [esp+278h+inputBuffer+2], bx mov [esp+278h+var_244], ax mov [esp+278h+cbData], ebx mov [esp+278h+Type], ebx mov [esp+278h+countDeviceIterations], ebx jbe scanSignaturesTable nop readDevice: ; CODE XREF: DMI_GetMachineID+2A8 push ebx ; lpOverlapped lea ecx, [esp+27Ch+BytesReturned] push ecx ; lpBytesReturned push ebp ; nOutBufferSize push esi ; lpOutBuffer push 8 ; nInBufferSize lea edx, [esp+28Ch+inputBuffer] push edx ; lpInBuffer push 220000h ; dwIoControlCode push edi ; hDevice call ds:DeviceIoControl test eax, eax jz readFailed mov al, [esi] cmp al, bl jnz loc_202054 mov cx, [esi+1] lea eax, [esi+3] mov word ptr [esp+278h+inputBuffer+2], cx mov cl, [eax] cmp cl, 2 jnz loc_202025 movzx edx, byte ptr [eax+1] mov ecx, [esp+278h+var_24C] push 5 add edx, eax push edx push eax call getStringFromArrayByIndex lea edx, [esp+278h+bios_codename] jmp short copySignatureA ; =========================================================================== db 8Dh, 49h, 0 ; =========================================================================== copySignatureA: ; CODE XREF: DMI_GetMachineID+1FB ; DMI_GetMachineID+208 mov cl, [eax] inc eax mov [edx], cl inc edx cmp cl, bl jnz short copySignatureA mov [esp+278h+cbData], 1 isType0: ; CODE XREF: DMI_GetMachineID+267 cmp [esp+278h+Type], ebx jz short isNotExpectedDeviceResponse resetCbData: ; CODE XREF: DMI_GetMachineID+292 cmp [esp+278h+cbData], ebx jnz short scanSignaturesTable isNotExpectedDeviceResponse: ; CODE XREF: DMI_GetMachineID+216 cmp word ptr [esi+1], 0FFFFh jnz short isLastDevice scanSignaturesTable: ; CODE XREF: DMI_GetMachineID+199 ; DMI_GetMachineID+21C ... push edi ; hObject call ds:CloseHandle push esi ; void * call free mov dl, [esp+27Ch+BIOS_SeriesMinor] mov bl, [esp+27Ch+BIOS_SeriesMajor] add esp, 4 mov ecx, 42h ; 'B' mov eax, offset unk_20A651 isSignatureMajor: ; CODE XREF: DMI_GetMachineID+25E cmp [eax-1], bl ; BIOS DMI SeriesMajor jnz short nextSignature cmp [eax], dl ; BIOS DMI SeriesMinor jz getTypeSignatureMajor nextSignature: ; CODE XREF: DMI_GetMachineID+24B sub eax, 10h dec ecx cmp eax, offset unk_20A231 jge short isSignatureMajor jmp getLegacySignaturesTable ; =========================================================================== loc_202025: ; CODE XREF: DMI_GetMachineID+1DE cmp cl, bl jnz short isType0 movzx ecx, byte ptr [eax+1] push 5 add ecx, eax push ecx mov ecx, [esp+280h+var_24C] push eax call getStringFromArrayByIndex lea edx, [esp+278h+var_230] copySignatureB: ; CODE XREF: DMI_GetMachineID+288 mov cl, [eax] inc eax mov [edx], cl inc edx cmp cl, bl jnz short copySignatureB mov [esp+278h+Type], 1 jmp short resetCbData ; =========================================================================== loc_202054: ; CODE XREF: DMI_GetMachineID+1C7 cmp al, 83h ; '' jnz short closeDevice isLastDevice: ; CODE XREF: DMI_GetMachineID+224 mov eax, [esp+24h] movzx edx, word ptr [esp+278h+OutBuffer+2] inc eax cmp eax, edx mov [esp+278h+countDeviceIterations], eax jl readDevice jmp scanSignaturesTable ; =========================================================================== readFailed: ; CODE XREF: DMI_GetMachineID+1BD push esi ; void * call free add esp, 4 exitDeviceFailed: ; CODE XREF: DMI_GetMachineID+145 ; DMI_GetMachineID+14F ... push edi ; hObject call ds:CloseHandle xor eax, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== closeDevice: ; CODE XREF: DMI_GetMachineID+296 push edi ; hObject call ds:CloseHandle push esi ; void * call free add esp, 4 exitFalse: ; CODE XREF: DMI_GetMachineID+3A ; DMI_GetMachineID+9F ... xor eax, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== getTypeSignatureMajor: ; CODE XREF: DMI_GetMachineID+24F shl ecx, 4 mov ecx, ds:dword_20A23C[ecx] test ecx, ecx mov [esp+278h+Machine_Type], ecx jnz short returnMachineID getLegacySignaturesTable: ; CODE XREF: DMI_GetMachineID+260 xor edi, edi mov esi, offset BiosSignatures_legacy ; "PIZZA" nop compareLegacyNames: ; CODE XREF: DMI_GetMachineID+31C lea eax, [esp+278h+bios_codename] push esi ; const unsigned char *strSearch push eax ; const unsigned char *str call _mbsstr ; _mbsstr(char *str, char *strSearch) add esp, 8 test eax, eax jnz short getType_legacy add esi, 18h inc edi cmp esi, offset ValueName ; "dwTestMachineID" jl short compareLegacyNames mov eax, [esp+278h+Machine_Type] pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== getType_legacy: ; CODE XREF: DMI_GetMachineID+310 lea ecx, [edi+edi*2] mov edx, ds:dword_20A674[ecx*8] mov [esp+278h+Machine_Type], edx returnMachineID: ; CODE XREF: DMI_GetMachineID+2F6 mov eax, [esp+278h+Machine_Type] pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn DMI_GetMachineID endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** doSXBIOScall proc near ; CODE XREF: doSXBIOScall_0034+27 ; sub_202230+4E ... functionNum = byte ptr 4 mov eax, dont_use_DMI test eax, eax jz short exit mov eax, dword ptr [esp+functionNum] push eax mov ecx, offset libDataSXBIOSstruct call call_SXBIOS_Call retn ; =========================================================================== exit: ; CODE XREF: doSXBIOScall+7 xor al, al retn doSXBIOScall endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** callSXBIOSifNoDMI proc near ; CODE XREF: callSN06orSXBIOS_A084_0100+71 ; callSN06orSXBIOS_A082_0007+CD ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch arg_C = dword ptr 10h mov eax, dont_use_DMI test eax, eax jz short useDMI mov eax, [esp+arg_C] mov ecx, [esp+arg_8] mov edx, [esp+arg_4] push eax mov eax, [esp+4+arg_0] push ecx push edx ; SXBIOS sub-function push eax ; SXBIOS function mov ecx, offset libDataSXBIOSstruct call call_SXBIOS retn ; =========================================================================== useDMI: ; CODE XREF: callSXBIOSifNoDMI+7 xor al, al retn callSXBIOSifNoDMI endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** getPreferredVideoTimingFromEDID proc near ; CODE XREF: getFunctionality_x068+228 EDIDregistryValue= dword ptr 4 suInfoLowWord = dword ptr 8 suInfoHighWord = byte ptr 0Ch mov eax, [esp+EDIDregistryValue] test eax, eax jz short exitFalse cmp byte ptr [eax+12h], 1 ; EDID Version Number jnz short exitFalse mov dl, [eax+13h] ; EDID Revision Number mov cl, 2 cmp dl, cl jb short exitFalse test [eax+18h], cl ; Power Management and Supported Feature(s): ; bit 1: preferred timing mode jz short exitFalse mov edx, [esp+suInfoLowWord] xor ecx, ecx mov cl, [eax+3Ah] ; Horizontal Active high (4 upper bits) ; Horizontal Blanking high (4 lower bits) push esi and ecx, 0F0h ; Horizontal Active high shl ecx, 4 mov [edx], ecx movzx esi, byte ptr [eax+38h] ; Horizontal Active (in pixels) or esi, ecx mov [edx], esi mov edx, dword ptr [esp+4+suInfoHighWord] xor ecx, ecx mov cl, [eax+3Dh] ; high significant bits for Vertical Active (4 upper bits) ; high significant bits for Vertical Blanking (4 lower bits) pop esi and ecx, 0F0h shl ecx, 4 mov [edx], ecx movzx eax, byte ptr [eax+3Bh] ; Vertical Active (in pixels) or eax, ecx mov [edx], eax mov al, 1 retn ; =========================================================================== exitFalse: ; CODE XREF: getPreferredVideoTimingFromEDID+6 ; getPreferredVideoTimingFromEDID+C ... xor al, al retn getPreferredVideoTimingFromEDID endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** doSXBIOScall_0034 proc near ; CODE XREF: getResultOfSXBIOScall_0034+D SXBIOSfuncNum = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 mov eax, dont_use_DMI sub esp, 8 test eax, eax jz short exit mov eax, [esp+8+arg_0] lea ecx, [esp+8+SXBIOSfuncNum] push ecx mov word ptr [esp+0Ch+SXBIOSfuncNum], 34h ; '4' mov word ptr [esp+0Ch+SXBIOSfuncNum+2], 0 mov [esp+0Ch+var_4], eax call doSXBIOScall add esp, 4 test al, al jnz short exit mov eax, 1 add esp, 8 retn ; =========================================================================== exit: ; CODE XREF: doSXBIOScall_0034+A ; doSXBIOScall_0034+31 xor eax, eax add esp, 8 retn doSXBIOScall_0034 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** callSXBIOS_02_1C02 proc near ; CODE XREF: configModelFunctionality+1C9 buffer = dword ptr -4 push ecx push 4 lea eax, [esp+8+buffer] push eax push 1C02h push 2 mov ecx, offset libDataSXBIOSstruct call call_SXBIOS movzx eax, word ptr [esp+4+buffer] pop ecx retn callSXBIOS_02_1C02 endp ; *************** S U B R O U T I N E *************************************** sub_202230 proc near ; CODE XREF: RAW_GetMachineID+D var_AC = dword ptr -0ACh var_A8 = dword ptr -0A8h var_A4 = dword ptr -0A4h var_C = dword ptr -0Ch arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, dont_use_DMI xor edx, edx sub esp, 0ACh cmp eax, edx jz short loc_2022AF push ebx mov ebx, [esp+0B0h+arg_0] push ebp push esi mov esi, [esp+0B8h+arg_4] push edi mov ecx, esi mov ebp, ecx shr ecx, 2 xor eax, eax mov edi, ebx rep stosd mov ecx, ebp and ecx, 3 rep stosb lea ecx, [esp+0BCh+var_AC] lea eax, [esp+0BCh+var_A4] push ecx mov word ptr [esp+0C0h+var_AC], dx mov word ptr [esp+0C0h+var_AC+2], dx mov [esp+0C0h+var_A8], eax call doSXBIOScall mov ecx, esi mov edx, ecx shr ecx, 2 mov edi, ebx lea esi, [esp+0C0h+var_C] rep movsd add esp, 4 mov ecx, edx and ecx, 3 rep movsb pop edi pop esi pop ebp mov eax, 1 pop ebx add esp, 0ACh retn ; =========================================================================== loc_2022AF: ; CODE XREF: sub_202230+F xor eax, eax add esp, 0ACh retn sub_202230 endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2022C0 proc near ; CODE XREF: callSNCmethod+21 var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 mov eax, dont_use_DMI sub esp, 0Ch test eax, eax push esi jz short loc_20230A mov esi, [esp+10h+arg_0] mov ax, [esi] lea edx, [esp+10h+var_8] lea ecx, [esp+10h+var_C] push edx mov word ptr [esp+14h+var_8], 2 mov word ptr [esp+14h+var_8+2], ax mov [esp+14h+var_4], ecx call doSXBIOScall add esp, 4 test al, al jnz short loc_20230A movzx eax, word ptr [esp+10h+var_C] mov [esi], eax mov eax, 1 pop esi add esp, 0Ch retn ; =========================================================================== loc_20230A: ; CODE XREF: sub_2022C0+B ; sub_2022C0+37 xor eax, eax pop esi add esp, 0Ch retn sub_2022C0 endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_202320 proc near ; CODE XREF: callSNCmethod+31 var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 mov eax, dont_use_DMI sub esp, 0Ch test eax, eax push esi jz short loc_202373 mov esi, [esp+10h+arg_0] mov ax, [esi] mov cx, [esi+2] mov word ptr [esp+10h+var_C], ax lea eax, [esp+10h+var_8] lea edx, [esp+10h+var_C] push eax mov word ptr [esp+14h+var_8], 3 mov word ptr [esp+14h+var_8+2], cx mov [esp+14h+var_4], edx call doSXBIOScall add esp, 4 test al, al jnz short loc_202373 movzx ecx, word ptr [esp+10h+var_C] mov [esi], ecx mov eax, 1 pop esi add esp, 0Ch retn ; =========================================================================== loc_202373: ; CODE XREF: sub_202320+B ; sub_202320+40 xor eax, eax pop esi add esp, 0Ch retn sub_202320 endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_202380 proc near ; CODE XREF: callSNCmethod+41 var_4 = dword ptr -4 arg_0 = dword ptr 4 push ecx mov eax, dont_use_DMI push esi xor esi, esi cmp eax, esi jz short loc_2023BF push 2 lea eax, [esp+0Ch+var_4] push eax push esi push 9 mov [esp+18h+var_4], esi call callSXBIOSifNoDMI add esp, 10h test al, al jnz short loc_2023BF mov edx, [esp+8+arg_0] xor ecx, ecx cmp word ptr [esp+8+var_4], si mov eax, 1 setz cl pop esi mov [edx], ecx pop ecx retn ; =========================================================================== loc_2023BF: ; CODE XREF: sub_202380+B ; sub_202380+25 mov eax, esi pop esi pop ecx retn sub_202380 endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2023D0 proc near ; CODE XREF: callSNCmethod+51 var_4 = dword ptr -4 arg_0 = dword ptr 4 push ecx mov eax, dont_use_DMI push esi xor esi, esi test eax, eax jz short loc_202409 mov eax, [esp+8+arg_0] xor ecx, ecx mov cl, [eax] not cl push 2 lea edx, [esp+0Ch+var_4] push edx push esi push 0Ah and ecx, 1 mov [esp+18h+var_4], ecx call callSXBIOSifNoDMI add esp, 10h test al, al mov eax, 1 jz short loc_20240B loc_202409: ; CODE XREF: sub_2023D0+B mov eax, esi loc_20240B: ; CODE XREF: sub_2023D0+37 pop esi pop ecx retn sub_2023D0 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** getResultOfSXBIOScall_0034 proc near ; CODE XREF: sub_2018E0+5A result = dword ptr -4 push ecx push esi lea eax, [esp+8+result] xor esi, esi push eax mov [esp+0Ch+result], esi call doSXBIOScall_0034 add esp, 4 test eax, eax jz short failed xor eax, eax mov al, byte ptr [esp+8+result+1] pop esi and eax, 7 pop ecx retn ; =========================================================================== failed: ; CODE XREF: getResultOfSXBIOScall_0034+17 mov eax, esi pop esi pop ecx retn getResultOfSXBIOScall_0034 endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** RAW_GetMachineID proc near ; CODE XREF: getMachineID+37 var_8 = dword ptr -8 var_3 = byte ptr -3 var_2 = byte ptr -2 sub esp, 8 push esi lea eax, [esp+0Ch+var_8] push 8 push eax xor esi, esi call sub_202230 add esp, 8 test eax, eax jnz short loc_20245E pop esi add esp, 8 retn ; =========================================================================== loc_20245E: ; CODE XREF: RAW_GetMachineID+17 mov dl, [esp+0Ch+var_2] push ebx mov bl, [esp+10h+var_3] mov ecx, 42h ; 'B' mov eax, offset unk_20A651 loc_202471: ; CODE XREF: RAW_GetMachineID+43 cmp [eax-1], bl jnz short loc_20247A cmp [eax], dl jz short loc_20248D loc_20247A: ; CODE XREF: RAW_GetMachineID+34 sub eax, 10h dec ecx cmp eax, offset unk_20A231 jge short loc_202471 pop ebx mov eax, esi pop esi add esp, 8 retn ; =========================================================================== loc_20248D: ; CODE XREF: RAW_GetMachineID+38 shl ecx, 4 mov esi, ds:dword_20A23C[ecx] pop ebx mov eax, esi pop esi add esp, 8 retn RAW_GetMachineID endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** getMachineID proc near ; CODE XREF: sub_2018E0+50 ; suDMI_GetMachineInfo+25 ... BytesReturned = dword ptr -28h Last_Error = dword ptr -24h InBuffer = dword ptr -20h var_1C = dword ptr -1Ch OutBuffer = dword ptr -18h var_14 = dword ptr -14h ClassGuid = dword ptr -10h var_C = word ptr -0Ch var_A = word ptr -0Ah var_8 = byte ptr -8 var_7 = byte ptr -7 var_6 = byte ptr -6 var_5 = byte ptr -5 var_4 = byte ptr -4 var_3 = byte ptr -3 var_2 = byte ptr -2 var_1 = byte ptr -1 mov eax, MachineID sub esp, 28h push ebx xor ebx, ebx cmp eax, ebx jnz exit mov ecx, offset TestMachineID call Get_TestMachineID cmp eax, ebx mov MachineID, eax jnz exit cmp dont_use_DMI, ebx mov ecx, offset TestMachineID jz short using_DMI call RAW_GetMachineID jmp short checkSpecialCases ; =========================================================================== using_DMI: ; CODE XREF: getMachineID+35 call DMI_GetMachineID checkSpecialCases: ; CODE XREF: getMachineID+3C cmp eax, 4Ch ; 'L' ; ID 76 mov MachineID, eax jz short openDevice cmp eax, 4Dh ; 'M' ; ID 77 jnz testNotDefaultID openDevice: ; CODE XREF: getMachineID+4B push esi lea eax, [esp+30h+Last_Error] push eax ; Last_Error lea ecx, [esp+34h+ClassGuid] push ebx ; MemberIndex push ecx ; ClassGuid mov [esp+3Ch+ClassGuid], 0F304EB09h mov [esp+3Ch+var_C], 5C5Fh mov [esp+3Ch+var_A], 11D2h mov [esp+3Ch+var_8], 0B5h ; '' mov [esp+3Ch+var_7], 3Fh ; '?' mov [esp+3Ch+var_6], 8 mov [esp+3Ch+var_5], bl mov [esp+3Ch+var_4], 46h ; 'F' mov [esp+3Ch+var_3], 1 mov [esp+3Ch+var_2], 98h ; '' mov [esp+3Ch+var_1], 0ACh ; '' call SNC_Device_Open mov esi, eax add esp, 0Ch cmp esi, ebx jnz short querySNCviaSN00 mov MachineID, ebx jmp short checkMachineID ; =========================================================================== querySNCviaSN00: ; CODE XREF: getMachineID+AB push ebx ; lpOverlapped lea edx, [esp+34h+BytesReturned] push edx ; lpBytesReturned push 8 ; nOutBufferSize lea eax, [esp+3Ch+OutBuffer] push eax ; lpOutBuffer push 8 ; nInBufferSize lea ecx, [esp+44h+InBuffer] push ecx ; lpInBuffer push 22201Ch ; dwIoControlCode push esi ; hDevice mov [esp+50h+BytesReturned], ebx mov [esp+50h+InBuffer], 30304E53h ; SN00 mov [esp+50h+var_1C], 4 call ds:DeviceIoControl test eax, eax jnz short loc_202595 mov MachineID, ebx jmp short checkMachineID ; =========================================================================== loc_202595: ; CODE XREF: getMachineID+EB mov edx, [esp+30h+var_14] not edx and edx, 1 or edx, 4Ch ; special types 76 and 77 mov MachineID, edx checkMachineID: ; CODE XREF: getMachineID+B3 ; getMachineID+F3 push esi ; hObject call ds:CloseHandle mov eax, MachineID pop esi testNotDefaultID: ; CODE XREF: getMachineID+50 cmp eax, ebx jnz short exit mov eax, 27h ; ''' ; default machine ID 39 mov MachineID, eax exit: ; CODE XREF: getMachineID+D ; getMachineID+24 ... pop ebx add esp, 28h retn getMachineID endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame suDMI_GetMachineInfo proc near ; CODE XREF: SuSXBIOS_Call-5A42 ; getFunctionality_x068:useDMI BytesReturned = dword ptr -23Ch Type = dword ptr -238h var_234 = dword ptr -234h hKey = dword ptr -230h cbData = dword ptr -22Ch var_228 = dword ptr -228h var_224 = word ptr -224h InBuffer = dword ptr -220h OutBuffer = dword ptr -21Ch var_218 = word ptr -218h var_216 = dword ptr -216h FileName = dword ptr -210h var_20C = byte ptr -20Ch var_20B = dword ptr -20Bh Data = dword ptr -108h push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 240h mov eax, dword_20F19C push ebx push ebp xor ebx, ebx cmp eax, ebx push esi push edi jnz exit xor esi, esi mov [esp+250h+var_234], esi call getMachineID cmp eax, 3Ch ; '<' ; ID less than 60 jnb exitFalse cmp eax, 36h ; '6' ; ID greater than 53 jb isDontUseDMI lea eax, [esp+250h+hKey] push eax ; phkResult push 1 ; samDesired push ebx ; ulOptions push offset aSoftwareSonyCo ; "SOFTWARE\\Sony Corporation\\Shared Info\\S"... push 80000002h ; hKey mov [esp+264h+BytesReturned], ebx xor edi, edi call ds:RegOpenKeyExA test eax, eax jnz exitFalse mov eax, [esp+250h+hKey] mov esi, ds:RegQueryValueExA lea ecx, [esp+250h+cbData] push ecx ; lpcbData push ebx ; lpData lea edx, [esp+258h+Type] push edx ; lpType push ebx ; lpReserved push offset aDmicall ; "dmicall" push eax ; hKey mov [esp+268h+Type], 1 mov [esp+268h+cbData], ebx call esi ; RegQueryValueExA lea ecx, [esp+250h+cbData] push ecx ; lpcbData mov ecx, [esp+254h+hKey] lea edx, [esp+254h+Data] push edx ; lpData lea eax, [esp+258h+Type] push eax ; lpType push ebx ; lpReserved push offset ValueName ; "dwTestMachineID" push ecx ; hKey call esi ; RegQueryValueExA test eax, eax jnz short closeKey mov edi, 1 closeKey: ; CODE XREF: suDMI_GetMachineInfo+AD mov edx, [esp+250h+hKey] push edx ; hKey call ds:RegCloseKey cmp edi, ebx jz exitFalse mov eax, ds:device_path_root mov cl, ds:byte_20A7E0 mov [esp+250h+FileName], eax mov [esp+250h+var_20C], cl xor eax, eax mov ecx, 3Fh ; '?' lea edi, [esp+250h+var_20B] rep stosd stosw stosb lea eax, [esp+250h+Data] mov edx, eax findEndOfStringA: ; CODE XREF: suDMI_GetMachineInfo+F8 mov cl, [eax] inc eax test cl, cl jnz short findEndOfStringA lea edi, [esp+250h+FileName] sub eax, edx dec edi findEndOfStringB: ; CODE XREF: suDMI_GetMachineInfo+107 mov cl, [edi+1] inc edi test cl, cl jnz short findEndOfStringB mov ecx, eax shr ecx, 2 push ebx ; hTemplateFile mov esi, edx rep movsd push 80h ; '' ; dwFlagsAndAttributes push 3 ; dwCreationDisposition push ebx ; lpSecurityAttributes push ebx ; dwShareMode mov ecx, eax push ebx ; dwDesiredAccess lea edx, [esp+268h+FileName] and ecx, 3 push edx ; lpFileName rep movsb call ds:CreateFileA mov edi, eax cmp edi, 0FFFFFFFFh jz short exitFalse push ebx ; lpOverlapped mov ebx, ds:DeviceIoControl lea eax, [esp+254h+BytesReturned] push eax ; lpBytesReturned push 0Ch ; nOutBufferSize lea ecx, [esp+25Ch+OutBuffer] push ecx ; lpOutBuffer push 4 ; nInBufferSize lea edx, [esp+264h+InBuffer] push edx ; lpInBuffer push 220000h ; dwIoControlCode push edi ; hDevice mov word ptr [esp+270h+InBuffer], 50h ; 'P' call ebx ; DeviceIoControl test eax, eax jnz short checkForExpectedResult closeHandle: ; CODE XREF: suDMI_GetMachineInfo+17A ; suDMI_GetMachineInfo+193 push edi ; hObject call ds:CloseHandle exitFalse: ; CODE XREF: suDMI_GetMachineInfo+2D ; suDMI_GetMachineInfo+5C ... xor eax, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== checkForExpectedResult: ; CODE XREF: suDMI_GetMachineInfo+161 mov al, byte ptr [esp+250h+OutBuffer] test al, al jnz short closeHandle movzx ebp, [esp+250h+var_218] add ebp, 3 push ebp ; size_t call malloc mov esi, eax xor eax, eax add esp, 4 cmp esi, eax jz short closeHandle mov ecx, [esp+250h+var_216] shr ecx, 4 cmp word ptr [esp+250h+OutBuffer+2], ax mov word ptr [esp+250h+var_228], 51h ; 'Q' mov word ptr [esp+250h+var_228+2], ax mov [esp+250h+var_224], cx mov [esp+250h+Type], eax jbe short closeHandleFreeMem queryDevice: ; CODE XREF: suDMI_GetMachineInfo+207 push 0 ; lpOverlapped lea edx, [esp+254h+BytesReturned] push edx ; lpBytesReturned push ebp ; nOutBufferSize push esi ; lpOutBuffer push 8 ; nInBufferSize lea eax, [esp+264h+var_228] push eax ; lpInBuffer push 220000h ; dwIoControlCode push edi ; hDevice call ebx ; DeviceIoControl test eax, eax jz short closeHandleFreeMem mov al, [esi] test al, al jnz short isValue083 mov cx, [esi+1] mov word ptr [esp+250h+var_228+2], cx cmp byte ptr [esi+3], 3 jz short setBuffer_010 cmp word ptr [esi+1], 0FFFFh jz short closeHandleFreeMem jmp short isEnd ; =========================================================================== isValue083: ; CODE XREF: suDMI_GetMachineInfo+1D8 cmp al, 83h ; '' jnz short closeHandleFreeMem isEnd: ; CODE XREF: suDMI_GetMachineInfo+1F1 mov eax, [esp+250h+Type] movzx edx, word ptr [esp+250h+OutBuffer+2] inc eax cmp eax, edx mov [esp+250h+Type], eax jl short queryDevice jmp short closeHandleFreeMem ; =========================================================================== setBuffer_010: ; CODE XREF: suDMI_GetMachineInfo+1E7 movzx eax, byte ptr [esi+10h] mov [esp+250h+var_234], eax closeHandleFreeMem: ; CODE XREF: suDMI_GetMachineInfo+1B6 ; suDMI_GetMachineInfo+1D2 ... push edi ; hObject call ds:CloseHandle push esi ; void * call free add esp, 4 xor ebx, ebx jmp short GetTestVal ; =========================================================================== isDontUseDMI: ; CODE XREF: suDMI_GetMachineInfo+36 cmp dont_use_DMI, ebx jz short isNotMatchingTestVal push 2 lea ecx, [esp+254h+BytesReturned] push ecx push ebx push 8 mov [esp+260h+BytesReturned], ebx call callSXBIOSifNoDMI movzx edx, word ptr [esp+260h+BytesReturned] add esp, 10h mov [esp+250h+var_234], edx GetTestVal: ; CODE XREF: suDMI_GetMachineInfo+225 mov esi, [esp+250h+var_234] isNotMatchingTestVal: ; CODE XREF: suDMI_GetMachineInfo+22D cmp esi, ebx mov dword_20F19C, esi mov eax, esi jnz short exit mov eax, 3 exit: ; CODE XREF: suDMI_GetMachineInfo+19 ; suDMI_GetMachineInfo+25C pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn suDMI_GetMachineInfo endp ; =========================================================================== db 5 dup(90h) ; =========================================================================== ; START OF FUNCTION CHUNK FOR SuSXBIOS_Call loc_202840: ; CODE XREF: SuSXBIOS_Call push esi mov esi, dword ptr [esp+4+buffer] mov ax, [esi] cmp ax, 8 jnz short loc_202861 call suDMI_GetMachineInfo test eax, eax jz short loc_202885 mov ecx, [esi+4] mov [ecx], ax xor al, al pop esi retn ; =========================================================================== loc_202861: ; CODE XREF: SuSXBIOS_Call-5A44 mov ecx, dont_use_DMI test ecx, ecx jz short loc_202885 mov edx, [esi+8] mov ecx, [esi+4] push edx xor edx, edx mov dx, [esi+2] push ecx push edx push eax call callSXBIOSifNoDMI add esp, 10h pop esi retn ; =========================================================================== loc_202885: ; CODE XREF: SuSXBIOS_Call-5A3B ; SuSXBIOS_Call-5A27 mov al, 82h ; '' pop esi retn ; END OF FUNCTION CHUNK FOR SuSXBIOS_Call ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame getFunctionality_x068 proc near ; CODE XREF: SuGetMachineInfo+100 ; sub_209400+14 ... suInfoHighWord = dword ptr -0C8h cbData = dword ptr -0C4h PropertyBufferSize= dword ptr -0C0h Type = dword ptr -0BCh suInfoLowWord = dword ptr -0B8h ClassGuid = dword ptr -0B4h var_B0 = word ptr -0B0h var_AE = word ptr -0AEh var_AC = byte ptr -0ACh var_AB = byte ptr -0ABh var_AA = byte ptr -0AAh var_A9 = byte ptr -0A9h var_A8 = byte ptr -0A8h var_A7 = byte ptr -0A7h var_A6 = byte ptr -0A6h var_A5 = byte ptr -0A5h PropertyRegDataType= dword ptr -0A4h deviceInfoSet = dword ptr -0A0h DeviceInfoData = dword ptr -9Ch buffer = dword ptr -80h push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 0C8h mov eax, dword_20F1A0 push ebx push ebp push esi xor esi, esi cmp eax, esi push edi jnz exit mov [esp+0D8h+suInfoHighWord], esi call getMachineID cmp eax, 3Ch ; '<' jb useDMI push 2 ; Flags push esi ; hwndParent push esi ; Enumerator lea eax, [esp+0E4h+ClassGuid] push eax ; ClassGuid mov [esp+0E8h+ClassGuid], 4D36E96Eh mov [esp+0E8h+var_B0], 0E325h mov [esp+0E8h+var_AE], 11CEh mov [esp+0E8h+var_AC], 0BFh ; '' mov [esp+0E8h+var_AB], 0C1h ; '' mov [esp+0E8h+var_AA], 8 mov [esp+0E8h+var_A9], 0 mov [esp+0E8h+var_A8], 2Bh ; '+' mov [esp+0E8h+var_A7], 0E1h ; '' mov [esp+0E8h+var_A6], 3 mov [esp+0E8h+var_A5], 18h call ds:SetupDiGetClassDevsA lea ecx, [esp+0D8h+DeviceInfoData] push ecx ; DeviceInfoData mov edi, eax push esi ; MemberIndex push edi ; DeviceInfoSet mov [esp+0E4h+deviceInfoSet], edi mov [esp+0E4h+PropertyRegDataType], 1 mov [esp+0E4h+PropertyBufferSize], esi mov [esp+0E4h+DeviceInfoData], 1Ch mov [esp+0E4h+cbData], esi call ds:SetupDiEnumDeviceInfo test eax, eax jz freeDeviceInfoList mov ebp, ds:SetupDiGetDeviceRegistryPropertyA getDeviceRegistryProp: ; CODE XREF: getFunctionality_x068+17F lea edx, [esp+0D8h+PropertyBufferSize] push edx ; RequiredSize push 0 ; PropertyBufferSize push 0 ; PropertyBuffer lea eax, [esp+0E4h+PropertyRegDataType] push eax ; PropertyRegDataType push 1 ; Property lea ecx, [esp+0ECh+DeviceInfoData] push ecx ; DeviceInfoData push edi ; DeviceInfoSet xor bl, bl call ebp ; SetupDiGetDeviceRegistryPropertyA mov eax, [esp+0D8h+PropertyBufferSize] inc eax push eax ; size_t mov [esp+0DCh+PropertyBufferSize], eax call malloc mov esi, eax add esp, 4 test esi, esi jz freeDeviceInfoList mov edx, [esp+0D8h+PropertyBufferSize] push 0 ; RequiredSize push edx ; PropertyBufferSize push esi ; PropertyBuffer lea eax, [esp+0E4h+PropertyRegDataType] push eax ; PropertyRegDataType push 1 ; Property lea ecx, [esp+0ECh+DeviceInfoData] push ecx ; DeviceInfoData push edi ; DeviceInfoSet call ebp ; SetupDiGetDeviceRegistryPropertyA test eax, eax jz short freeMem push offset aMs_ ; "MS_" push esi ; char * call strstr add esp, 8 test eax, eax jnz short foundMatch push offset aSny ; "SNY" push esi ; char * call strstr add esp, 8 test eax, eax jz short isNvidia mov eax, esi lea edx, [eax+1] findEndOfStringA: ; CODE XREF: getFunctionality_x068+136 mov cl, [eax] inc eax test cl, cl jnz short findEndOfStringA sub eax, edx push offset aFa ; "FA" lea edx, [eax+esi-3] push edx jmp short isMatch ; =========================================================================== isNvidia: ; CODE XREF: getFunctionality_x068+12A push offset aNvd ; "NVD" push esi ; char * isMatch: ; CODE XREF: getFunctionality_x068+144 call strstr add esp, 8 test eax, eax jz short freeMem foundMatch: ; CODE XREF: getFunctionality_x068+118 mov bl, 1 freeMem: ; CODE XREF: getFunctionality_x068+106 ; getFunctionality_x068+156 push esi ; void * call free add esp, 4 test bl, bl jnz short openRegistryKey mov eax, [esp+0D8h+cbData] lea ecx, [esp+0D8h+DeviceInfoData] inc eax push ecx ; DeviceInfoData push eax ; MemberIndex push edi ; DeviceInfoSet mov [esp+0E4h+cbData], eax call ds:SetupDiEnumDeviceInfo test eax, eax jnz getDeviceRegistryProp jmp freeDeviceInfoList ; =========================================================================== openRegistryKey: ; CODE XREF: getFunctionality_x068+165 push 0F003Fh ; samDesired push 1 ; KeyType push 0 ; HwProfile push 1 ; Scope lea edx, [esp+0E8h+DeviceInfoData] push edx ; DeviceInfoData push edi ; DeviceInfoSet call ds:SetupDiOpenDevRegKey mov ebx, eax cmp ebx, 0FFFFFFFFh jz freeDeviceInfoList mov esi, ds:RegQueryValueExA lea eax, [esp+0D8h+cbData] push eax ; lpcbData push 0 ; lpData lea ecx, [esp+0E0h+Type] push ecx ; lpType push 0 ; lpReserved push offset aEdid ; "EDID" push ebx ; hKey mov [esp+0F0h+Type], 3 mov [esp+0F0h+cbData], 0 call esi ; RegQueryValueExA mov edx, [esp+0D8h+cbData] push edx ; size_t call malloc mov ebp, eax add esp, 4 test ebp, ebp jz short freeDeviceInfoList lea eax, [esp+0D8h+cbData] push eax ; lpcbData push ebp ; lpData lea ecx, [esp+0E0h+Type] push ecx ; lpType push 0 ; lpReserved push offset aEdid ; "EDID" push ebx ; hKey call esi ; RegQueryValueExA test eax, eax jnz short freeMemCloseKey lea edx, [esp+0D8h+suInfoHighWord] mov [esp+0D8h+suInfoLowWord], eax mov [esp+0D8h+suInfoHighWord], eax ; zero it push edx mov ecx, 20h ; ' ' mov esi, ebp ; lpData lea edi, [esp+0DCh+buffer] lea eax, [esp+0DCh+suInfoLowWord] rep movsd push eax ; address of suInfoLowWord lea ecx, [esp+0E0h+buffer] push ecx ; EDID Registry value call getPreferredVideoTimingFromEDID movzx eax, word ptr [esp+0E4h+suInfoHighWord] movzx edx, word ptr [esp+0E4h+suInfoLowWord] mov edi, [esp+0E4h+deviceInfoSet] shl eax, 10h add esp, 0Ch or eax, edx mov [esp+0D8h+suInfoHighWord], eax freeMemCloseKey: ; CODE XREF: getFunctionality_x068+202 push ebp ; void * call free add esp, 4 push ebx ; hKey call ds:RegCloseKey freeDeviceInfoList: ; CODE XREF: getFunctionality_x068+AB ; getFunctionality_x068+E7 ... push edi ; DeviceInfoSet call ds:SetupDiDestroyDeviceInfoList mov eax, [esp+0D8h+suInfoHighWord] test eax, eax jnz short setFunctionalityValue_x068 DMIinfo02: ; CODE XREF: getFunctionality_x068+288 ; getFunctionality_x068+28A ; DATA XREF: ... mov [esp+0D8h+suInfoHighWord], 3000400h ; default setFunctionalityValue_x068: ; CODE XREF: getFunctionality_x068+264 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax exit: ; CODE XREF: getFunctionality_x068+19 pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== useDMI: ; CODE XREF: getFunctionality_x068+2B call suDMI_GetMachineInfo dec eax cmp eax, 0Ch ; switch 13 cases ja short DMIinfo02 ; default jmp ds:DMIinfoSwitchCaseTable[eax*4] ; switch jump DMIinfo00: ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 1E00280h ; case 0x0 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo01: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 2580320h ; case 0x1 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo03: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 4000500h ; case 0x3 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo04: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 41A0578h ; case 0x4 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo05: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 1E00400h ; case 0x5 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo06: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 2580500h ; case 0x6 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo07: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 4B00640h ; case 0x7 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo08: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 3000500h ; case 0x8 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo09: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 4B00780h ; case 0x9 mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo10: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 3200500h ; case 0xA mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo11: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 38405A0h ; case 0xB mov eax, [esp+0D8h+suInfoHighWord] mov dword_20F1A0, eax pop edi pop esi pop ebp pop ebx mov esp, ebp pop ebp retn ; =========================================================================== DMIinfo12: ; CODE XREF: getFunctionality_x068+28A ; DATA XREF: .text:DMIinfoSwitchCaseTable mov [esp+0D8h+suInfoHighWord], 41A0690h ; case 0xC mov eax, [esp+0D8h+suInfoHighWord] pop edi mov dword_20F1A0, eax pop esi pop ebp pop ebx mov esp, ebp pop ebp retn getFunctionality_x068 endp ; =========================================================================== db 8Dh, 49h, 0 DMIinfoSwitchCaseTable dd offset DMIinfo00, offset DMIinfo01, offset DMIinfo02 ; DATA XREF: getFunctionality_x068+28A dd offset DMIinfo03, offset DMIinfo04, offset DMIinfo05 ; jump table for switch statement dd offset DMIinfo06, offset DMIinfo07, offset DMIinfo08 dd offset DMIinfo09, offset DMIinfo10, offset DMIinfo11 dd offset DMIinfo12 db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** getFunctionJumpTable0 proc near ; CODE XREF: SnyUtils_Init+81 ; SnyUtils_Init+EA ... mov eax, ecx mov dword ptr [eax], offset functionJumpTable0 retn getFunctionJumpTable0 endp ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** doNothingPop0C_Return0 proc near ; DATA XREF: .rdata:functionJumpTable0 ; .rdata:functionJumpTable1 ... xor eax, eax retn 0Ch doNothingPop0C_Return0 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** doNothingPop04_Return0 proc near ; DATA XREF: .rdata:videoJumpTable01 ; .rdata:videoJumpTable02 ... xor eax, eax retn 4 doNothingPop04_Return0 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_202CC0 proc near ; CODE XREF: sub_203330+3 ; getFunctionJumpTable1+6 mov dword ptr [ecx], offset functionJumpTable0 retn sub_202CC0 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** filterModelTypeCapabilities proc near ; DATA XREF: .rdata:functionJumpTable0 ; .rdata:functionJumpTable1 ... var_10 = dword ptr -10h var_8 = dword ptr -8 modelCaps0 = dword ptr -4 modelType = dword ptr 8 modelCaps1 = byte ptr 0Ch push ecx push ebx mov ebx, [esp+8+modelType] push esi push edi mov edi, dword ptr [esp+10h+modelCaps1] mov esi, ecx lea ecx, [esp+10h+modelCaps0] push ecx ; modelCaps0 lea edx, [esp+14h+modelCaps1] push edx ; modelCaps01 mov dword ptr [edi], 0 mov eax, [esi] push ebx ; model type mov ecx, esi mov dword ptr [esp+1Ch+modelCaps1], 0 mov [esp+1Ch+modelCaps0], 0 call dword ptr [eax+1Ch] ; getModelCapability() test eax, eax jz failed mov eax, dword ptr [esp+10h+modelCaps1] lea ecx, [eax-1] cmp ecx, 7 ja short capsAlternative_CaseDefault movzx ecx, ds:indexCapsAlternativesTable01[ecx] jmp ds:doCapsAlternativesTable01[ecx*4] capsAlternative_Case0: ; DATA XREF: .text:doCapsAlternativesTable01 mov ecx, dword_20F174 test ecx, ecx jnz short doSuType00 and eax, 2 capsAlternative_Case1: ; CODE XREF: filterModelTypeCapabilities+51 ; DATA XREF: .text:00202DA8 mov [edi], eax capsAlternative_CaseDefault: ; CODE XREF: filterModelTypeCapabilities+48 ; filterModelTypeCapabilities+51 ... call getMachineID ; case 2 cmp eax, 36h ; '6' jz short do64bitCheck cmp dword_20F178, 0Eh jnz short do64bitCheck cmp ebx, 1 jz short equals_01_02_03 cmp ebx, 2 jz short equals_01_02_03 cmp ebx, 3 jnz short do64bitCheck equals_01_02_03: ; CODE XREF: filterModelTypeCapabilities+7D ; filterModelTypeCapabilities+82 mov dword ptr [edi], 8 do64bitCheck: ; CODE XREF: filterModelTypeCapabilities+6F ; filterModelTypeCapabilities+78 ... call get64bit_hObject test eax, eax jz short exit cmp ebx, 1 jz short equals_01 cmp ebx, 2 jnz short exit equals_01: ; CODE XREF: filterModelTypeCapabilities+9B mov dword ptr [edi], 8 exit: ; CODE XREF: filterModelTypeCapabilities+96 ; filterModelTypeCapabilities+A0 pop edi pop esi mov eax, 1 pop ebx pop ecx retn 0Ch ; =========================================================================== doSuType00: ; CODE XREF: filterModelTypeCapabilities+60 mov eax, [esp+10h+modelCaps0] mov ecx, [esp+14h] mov edx, [esi] push edi push eax push ecx mov ecx, esi call dword ptr [edx+20h] ; doNothingPop0C_Return0 test eax, eax jnz short capsAlternative_CaseDefault failed: ; CODE XREF: filterModelTypeCapabilities+38 pop edi pop esi xor eax, eax pop ebx pop ecx retn 0Ch filterModelTypeCapabilities endp ; =========================================================================== align 4 doCapsAlternativesTable01 dd offset capsAlternative_Case0 ; DATA XREF: filterModelTypeCapabilities+51 dd offset capsAlternative_Case1 dd offset capsAlternative_CaseDefault indexCapsAlternativesTable01 db 0, 1, 0, 1, 3 dup(2), 1 ; DATA XREF: filterModelTypeCapabilities+4A ; =========================================================================== nop nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** getModelTypeCapabilities proc near ; DATA XREF: .rdata:functionJumpTable0 ; .rdata:functionJumpTable1 ... modelType = dword ptr 4 modelCaps1 = dword ptr 8 modelCaps0 = byte ptr 0Ch mov edx, [esp+modelType] push esi mov esi, [esp+4+modelCaps1] xor eax, eax cmp edx, 1 push edi mov edi, dword ptr [esp+8+modelCaps0] mov [esi], eax mov [edi], eax jb short exit cmp edx, 85h ; '' ja short exit lea ecx, [edx-1] shl ecx, 4 ; 16-byte structures cmp edx, ds:modelCapabilityTable[ecx] jnz short exit cmp edx, ds:(modelCapabilityTable+4)[ecx] jnz short exit mov eax, ds:(modelCapabilityTable+0Ch)[ecx] mov [esi], eax mov ecx, ds:(modelCapabilityTable+8)[ecx] mov [edi], ecx mov eax, 1 ; return true exit: ; CODE XREF: getModelTypeCapabilities+17 ; getModelTypeCapabilities+1F ... pop edi pop esi retn 0Ch getModelTypeCapabilities endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** notifyHandlerEx proc near ; DATA XREF: .rdata:functionJumpTable0 ; .rdata:functionJumpTable1 ... contextData = dword ptr 4 eventID = dword ptr 8 msg_lParam = byte ptr 0Ch mov eax, [esp+eventID] push ebx push ebp mov ebp, [esp+8+contextData] push esi xor ebx, ebx cmp eax, 1000001h push edi mov edi, ecx ja loc_202EC8 jz loc_202F30 add eax, 0FFFFFF60h ; switch 32 cases cmp eax, 1Fh ja exit01 ; default jmp ds:off_203174[eax*4] ; switch jump loc_202E56: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:off_203174 ... mov esi, 3001h ; case 0xB7 jmp setMsgVal ; =========================================================================== loc_202E60: ; CODE XREF: notifyHandlerEx+2F ; DATA XREF: .text:off_203174 mov eax, [edi] ; case 0xBE lea ecx, [esp+10h+msg_lParam] push ecx push 2Bh ; '+' push ebp mov ecx, edi mov esi, 3009h mov dword ptr [esp+1Ch+msg_lParam], ebx call dword ptr [eax+8] test byte ptr [esp+1Ch], 1 jz setMsgVal loc_202E83: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203214 mov esi, 3008h jmp setMsgVal ; =========================================================================== loc_202E8D: ; CODE XREF: notifyHandlerEx+2F ; DATA XREF: .text:off_203174 call getMachineID ; case 0xBF cmp eax, 3Dh ; '=' jnz loc_20307A mov edx, [edi] lea eax, [esp+10h+msg_lParam] push eax push 55h ; 'U' push ebp mov ecx, edi mov esi, 301Dh mov dword ptr [esp+1Ch+msg_lParam], ebx call dword ptr [edx+8] test byte ptr [esp+1Ch], 2 jz setMsgVal mov esi, 301Ch jmp setMsgVal ; =========================================================================== loc_202EC8: ; CODE XREF: notifyHandlerEx+15 cmp eax, 2200015h ja loc_2030EE jz loc_2030E7 ; case 0xA5 cmp eax, 2000060h ja loc_2030A9 jz loc_203084 cmp eax, 1000010h ja short loc_202F48 jz short loc_202F30 sub eax, 1000002h jz short loc_202F21 sub eax, 6 jz short loc_202F12 sub eax, 2 jnz exit01 ; default mov esi, 2003h jmp setMsgVal ; =========================================================================== loc_202F12: ; CODE XREF: notifyHandlerEx+DD mov esi, 2002h mov ebx, 2 jmp setMsgVal ; =========================================================================== loc_202F21: ; CODE XREF: notifyHandlerEx+D8 mov esi, 2001h mov ebx, 2 jmp setMsgVal ; =========================================================================== loc_202F30: ; CODE XREF: notifyHandlerEx+1B ; notifyHandlerEx+D1 mov eax, dword_20F174 xor ecx, ecx cmp eax, ebx setz cl mov esi, 4001h mov ebx, ecx jmp setMsgVal ; =========================================================================== loc_202F48: ; CODE XREF: notifyHandlerEx+CF sub eax, 2000030h jz short loc_202F66 sub eax, 10h jnz exit01 ; default mov ebx, dword ptr [esp+10h+msg_lParam] mov esi, 5001h jmp setMsgVal ; =========================================================================== loc_202F66: ; CODE XREF: notifyHandlerEx+12D mov eax, dword ptr [esp+10h+msg_lParam] add eax, 0FFFFFFB0h cmp eax, 69h ; 'i' ja exit01 ; default movzx edx, ds:byte_203250[eax] jmp ds:off_2031F4[edx*4] ; case 0xB7 loc_202F84: ; CODE XREF: notifyHandlerEx+2F ; DATA XREF: .text:off_203174 ... mov esi, 3002h ; case 0xB9 jmp setMsgVal ; =========================================================================== loc_202F8E: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+15D ; DATA XREF: ... mov esi, 3003h ; case 0xB8 jmp setMsgVal ; =========================================================================== loc_202F98: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203200 mov esi, 3005h jmp setMsgVal ; =========================================================================== loc_202FA2: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203204 mov esi, 3006h jmp setMsgVal ; =========================================================================== loc_202FAC: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203208 mov esi, 3007h jmp setMsgVal ; =========================================================================== loc_202FB6: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203218 mov esi, 3009h jmp setMsgVal ; =========================================================================== loc_202FC0: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+15D ; DATA XREF: ... mov esi, 3010h ; case 0xBC jmp setMsgVal ; =========================================================================== loc_202FCA: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203220 mov esi, 300Ah jmp setMsgVal ; =========================================================================== loc_202FD4: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203230 mov esi, 301Eh jmp setMsgVal ; =========================================================================== loc_202FDE: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:0020320C mov esi, 3011h jmp setMsgVal ; =========================================================================== loc_202FE8: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203210 mov esi, 3012h jmp setMsgVal ; =========================================================================== loc_202FF2: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+15D ; DATA XREF: ... mov esi, 3013h ; case 0xBD jmp setMsgVal ; =========================================================================== loc_202FFC: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203228 mov esi, 3014h jmp setMsgVal ; =========================================================================== loc_203006: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:0020322C mov esi, 3015h jmp setMsgVal ; =========================================================================== loc_203010: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203234 mov esi, 301Fh jmp setMsgVal ; =========================================================================== loc_20301A: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203238 call getMachineID cmp eax, 31h ; '1' jnz short loc_20302E mov esi, 3017h jmp setMsgVal ; =========================================================================== loc_20302E: ; CODE XREF: notifyHandlerEx+202 mov eax, [edi] lea ecx, [esp+10h+msg_lParam] push ecx push 2Fh ; '/' push ebp mov ecx, edi mov esi, 301Dh mov dword ptr [esp+1Ch+msg_lParam], ebx call dword ptr [eax+8] mov al, [esp+1Ch] test al, al jns setMsgVal mov esi, 301Ch jmp setMsgVal ; =========================================================================== loc_20305C: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203244 mov esi, 3018h jmp setMsgVal ; =========================================================================== loc_203066: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:00203248 mov esi, 3019h jmp setMsgVal ; =========================================================================== loc_203070: ; CODE XREF: notifyHandlerEx+15D ; DATA XREF: .text:0020323C mov esi, 301Ah jmp setMsgVal ; =========================================================================== loc_20307A: ; CODE XREF: notifyHandlerEx+75 ; notifyHandlerEx+15D ; DATA XREF: ... mov esi, 301Bh jmp setMsgVal ; =========================================================================== loc_203084: ; CODE XREF: notifyHandlerEx+C4 mov eax, dword ptr [esp+10h+msg_lParam] cmp eax, ebx jz short loc_20309F cmp eax, 7 jnz exit01 ; default mov esi, 6001h jmp setMsgVal ; =========================================================================== loc_20309F: ; CODE XREF: notifyHandlerEx+26A mov esi, 6002h jmp setMsgVal ; =========================================================================== loc_2030A9: ; CODE XREF: notifyHandlerEx+BE add eax, 0FDDFFFF0h ; switch 5 cases cmp eax, 4 ja exit01 ; default jmp ds:off_2032BC[eax*4] ; switch jump loc_2030BE: ; CODE XREF: notifyHandlerEx+2F ; DATA XREF: .text:off_203174 ... mov esi, 1 ; case 0xA0 jmp setMsgVal ; =========================================================================== loc_2030C8: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+297 ; DATA XREF: ... mov esi, 15h ; case 0xA1 jmp setMsgVal ; =========================================================================== loc_2030D2: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+297 ; DATA XREF: ... mov esi, 4 ; case 0xA2 jmp short setMsgVal ; =========================================================================== loc_2030D9: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+297 ; DATA XREF: ... mov esi, 5 ; case 0xA3 jmp short setMsgVal ; =========================================================================== loc_2030E0: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+297 ; DATA XREF: ... mov esi, 6 ; case 0xA4 jmp short setMsgVal ; =========================================================================== loc_2030E7: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+B3 ; DATA XREF: ... mov esi, 7 ; case 0xA5 jmp short setMsgVal ; =========================================================================== loc_2030EE: ; CODE XREF: notifyHandlerEx+AD add eax, 0FDDFFFEAh cmp eax, 22h ; '"' ja short exit01 ; default movzx edx, ds:byte_203304[eax] jmp ds:off_2032D0[edx*4] ; case 0xA7 loc_203106: ; CODE XREF: notifyHandlerEx+2F ; DATA XREF: .text:off_203174 ... mov esi, 8 ; case 0xA6 jmp short setMsgVal ; =========================================================================== loc_20310D: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+2DF ; DATA XREF: ... mov esi, 0Bh ; case 0xA7 jmp short setMsgVal ; =========================================================================== loc_203114: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+2DF ; DATA XREF: ... mov esi, 0Ch ; case 0xA8 jmp short setMsgVal ; =========================================================================== loc_20311B: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+2DF ; DATA XREF: ... mov esi, 20h ; ' ' ; case 0xAA jmp short setMsgVal ; =========================================================================== loc_203122: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+2DF ; DATA XREF: ... mov esi, 3 ; case 0xAC jmp short setMsgVal ; =========================================================================== loc_203129: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+2DF ; DATA XREF: ... mov esi, 12h ; case 0xBB jmp short setMsgVal ; =========================================================================== loc_203130: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+2DF ; DATA XREF: ... mov esi, 9 ; case 0xB1 jmp short setMsgVal ; =========================================================================== loc_203137: ; CODE XREF: notifyHandlerEx+2F ; notifyHandlerEx+2DF ; DATA XREF: ... mov esi, 0Dh ; case 0xB2 jmp short setMsgVal ; =========================================================================== loc_20313E: ; CODE XREF: notifyHandlerEx+2DF ; DATA XREF: .text:002032E4 mov esi, 1Fh jmp short setMsgVal ; =========================================================================== loc_203145: ; CODE XREF: notifyHandlerEx+2DF ; DATA XREF: .text:002032F4 mov esi, 17h jmp short setMsgVal ; =========================================================================== loc_20314C: ; CODE XREF: notifyHandlerEx+2DF ; DATA XREF: .text:002032F8 mov esi, 18h jmp short setMsgVal ; =========================================================================== loc_203153: ; CODE XREF: notifyHandlerEx+2DF ; DATA XREF: .text:002032FC mov esi, 19h setMsgVal: ; CODE XREF: notifyHandlerEx+3B ; notifyHandlerEx+5D ... mov eax, [ebp+20h] mov ecx, [ebp+0Ch] push ebx ; lParam push esi ; wParam push eax ; Msg push ecx ; hWnd call ds:PostMessageA exit01: ; CODE XREF: notifyHandlerEx+29 ; notifyHandlerEx+2F ... pop edi ; default pop esi pop ebp mov eax, 1 pop ebx retn 0Ch notifyHandlerEx endp ; =========================================================================== off_203174 dd offset loc_2030BE, offset loc_2030C8, offset loc_2030D2 ; DATA XREF: notifyHandlerEx+2F dd offset loc_2030D9, offset loc_2030E0, offset loc_2030E7 ; jump table for switch statement dd offset loc_203106, offset loc_20310D, offset loc_203114 dd offset exit01, offset loc_20311B, offset exit01, offset loc_203122 dd 4 dup(offset exit01), offset loc_203130, offset loc_203137 dd 4 dup(offset exit01), offset loc_202E56, offset loc_202F8E dd offset loc_202F84, offset exit01, offset loc_203129 dd offset loc_202FC0, offset loc_202FF2, offset loc_202E60 dd offset loc_202E8D off_2031F4 dd offset loc_202F84 ; DATA XREF: notifyHandlerEx+15D ; case 0xB9 dd offset loc_202E56 ; case 0xB7 dd offset loc_202F8E ; case 0xB8 dd offset loc_202F98 dd offset loc_202FA2 dd offset loc_202FAC dd offset loc_202FDE dd offset loc_202FE8 dd offset loc_202E83 dd offset loc_202FB6 dd offset loc_202FC0 ; case 0xBC dd offset loc_202FCA dd offset loc_202FF2 ; case 0xBD dd offset loc_202FFC dd offset loc_203006 dd offset loc_202FD4 dd offset loc_203010 dd offset loc_20301A dd offset loc_203070 dd offset loc_20307A dd offset loc_20305C dd offset loc_203066 dd offset exit01 ; default byte_203250 db 0 ; DATA XREF: notifyHandlerEx+156 db 1, 2, 3 dd 7060504h, 0A090816h, 0E0D0C0Bh, 1211100Fh, 16161613h dd 14h dup(16161616h), 0FF8B1514h off_2032BC dd offset loc_2030BE, offset loc_2030C8, offset loc_2030D2 ; DATA XREF: notifyHandlerEx+297 dd offset loc_2030D9, offset loc_2030E0 ; jump table for switch statement off_2032D0 dd offset loc_203106 ; DATA XREF: notifyHandlerEx+2DF ; case 0xA6 dd offset loc_20310D ; case 0xA7 dd offset loc_203114 ; case 0xA8 dd offset loc_20311B ; case 0xAA dd offset loc_203122 ; case 0xAC dd offset loc_20313E dd offset loc_203130 ; case 0xB1 dd offset loc_203137 ; case 0xB2 dd offset loc_203129 ; case 0xBB dd offset loc_203145 dd offset loc_20314C dd offset loc_203153 dd offset exit01 ; default byte_203304 db 0 ; DATA XREF: notifyHandlerEx+2D8 ; =========================================================================== add [edx], eax or al, 3 or al, 4 or al, 0Ch add eax, 0C0C0C0Ch or al, 0Ch or al, 0Ch or al, 0Ch or al, 0Ch or al, 0Ch or al, 0Ch or al, 0Ch push es pop es or al, 8 or [edx], ecx or edx, [eax-6F6F6F70h] nop nop nop nop ; *************** S U B R O U T I N E *************************************** sub_203330 proc near ; DATA XREF: .rdata:functionJumpTable0 arg_0 = byte ptr 8 push esi mov esi, ecx call sub_202CC0 test [esp+arg_0], 1 jz short loc_203348 push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 loc_203348: ; CODE XREF: sub_203330+D mov eax, esi pop esi retn 4 sub_203330 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __cdecl SNC_Device_Open(LPGUID ClassGuid,DWORD MemberIndex,int) SNC_Device_Open proc near ; CODE XREF: getMachineID+9F ; deviceOpenByGUID+65 ... DeviceInterfaceDetailDataSize= dword ptr -420h DeviceInterfaceData= dword ptr -41Ch FileName = dword ptr -400h var_3FC = dword ptr -3FCh ClassGuid = dword ptr 4 MemberIndex = dword ptr 8 Last_Error = byte ptr 0Ch sub esp, 420h push ebx mov ebx, [esp+424h+ClassGuid] push esi push edi push 12h ; Flags xor edi, edi push edi ; hwndParent push edi ; Enumerator push ebx ; ClassGuid call ds:SetupDiGetClassDevsA mov esi, eax cmp esi, 0FFFFFFFFh jz loc_203404 mov ecx, [esp+42Ch+MemberIndex] lea eax, [esp+42Ch+DeviceInterfaceData] push eax ; DeviceInterfaceData push ecx ; MemberIndex push ebx ; InterfaceClassGuid push edi ; DeviceInfoData push esi ; DeviceInfoSet mov [esp+440h+DeviceInterfaceData], 1Ch call ds:SetupDiEnumDeviceInterfaces test eax, eax jz short loc_2033F4 mov ebx, ds:SetupDiGetDeviceInterfaceDetailA push edi ; DeviceInfoData lea edx, [esp+430h+DeviceInterfaceDetailDataSize] push edx ; RequiredSize push edi ; DeviceInterfaceDetailDataSize push edi ; DeviceInterfaceDetailData lea eax, [esp+43Ch+DeviceInterfaceData] push eax ; DeviceInterfaceData push esi ; DeviceInfoSet call ebx ; SetupDiGetDeviceInterfaceDetailA mov eax, [esp+42Ch+DeviceInterfaceDetailDataSize] cmp eax, 200h jnb short loc_2033F4 push edi ; DeviceInfoData push edi ; RequiredSize push eax ; DeviceInterfaceDetailDataSize lea ecx, [esp+438h+FileName] push ecx ; DeviceInterfaceDetailData lea edx, [esp+43Ch+DeviceInterfaceData] push edx ; DeviceInterfaceData push esi ; DeviceInfoSet mov [esp+444h+FileName], 5 call ebx ; SetupDiGetDeviceInterfaceDetailA test eax, eax jz short loc_2033F4 push edi ; hTemplateFile push 80h ; '' ; dwFlagsAndAttributes push 3 ; dwCreationDisposition push edi ; lpSecurityAttributes push 3 ; dwShareMode push 0C0000000h ; dwDesiredAccess lea eax, [esp+444h+var_3FC] push eax ; lpFileName call ds:CreateFileA mov edi, eax loc_2033F4: ; CODE XREF: SNC_Device_Open+48 ; SNC_Device_Open+69 ... push esi ; DeviceInfoSet call ds:SetupDiDestroyDeviceInfoList cmp edi, 0FFFFFFFFh jz short loc_203404 test edi, edi jnz short loc_203413 loc_203404: ; CODE XREF: SNC_Device_Open+22 ; SNC_Device_Open+AE call ds:GetLastError mov ecx, dword ptr [esp+42Ch+Last_Error] mov [ecx], eax loc_203413: ; CODE XREF: SNC_Device_Open+B2 mov eax, edi pop edi pop esi pop ebx add esp, 420h retn SNC_Device_Open endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** createRegisterWindowMsg proc near ; CODE XREF: terminateThreadCloseHandles+5F ; createSonyAsyncEvent+25 ... String = dword ptr -48h var_4 = dword ptr -4 arg_0 = dword ptr 4 sub esp, 40h push edi mov edi, [esp+44h+arg_0] mov eax, [edi+18h] test eax, eax jnz short loc_203493 mov eax, [edi+0Ch] test eax, eax jnz short loc_20343D xor eax, eax pop edi add esp, 40h retn ; =========================================================================== loc_20343D: ; CODE XREF: createRegisterWindowMsg+14 push esi mov [esp+48h+arg_0], 0 call ds:GetCurrentProcessId mov esi, eax lea eax, [esp+48h+arg_0] push eax push esi call ds:ProcessIdToSessionId mov ecx, [edi+0Ch] push ecx call ds:GetCurrentThreadId push eax push esi lea edx, [esp+5Ch+String] push offset aXXX ; "%x+%x+%x" push edx ; LPSTR call ds:wsprintfA add esp, 14h lea eax, [esp+50h+String] push eax ; lpString call ds:RegisterWindowMessageA mov ecx, eax mov eax, [esp+50h+var_4] shl eax, 10h or eax, ecx mov [edi+18h], eax pop esi loc_203493: ; CODE XREF: createRegisterWindowMsg+D pop edi add esp, 40h retn createRegisterWindowMsg endp ; sp = -8 ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** setBuffer2C_to4 proc near ; CODE XREF: SuCallDriverDWORD+9 ; SendDebugCommand+6 ... buffer = byte ptr 4 mov eax, dword ptr [esp+buffer] test eax, eax jz short exit cmp dword ptr [eax], 30h ; '0' jz short exitFailed mov dword ptr [eax+2Ch], 4 exit: ; CODE XREF: setBuffer2C_to4+6 xor eax, eax retn ; =========================================================================== exitFailed: ; CODE XREF: setBuffer2C_to4+B mov eax, 1 retn setBuffer2C_to4 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** zeroVideoFunctionTable proc near ; CODE XREF: deleteSXBIOSstructs+5 mov eax, ecx xor ecx, ecx mov dword ptr [eax], offset pointToDeleteBuffer_Func mov [eax+4], ecx mov dword ptr [eax+8], 0FFFFFFFFh mov [eax+0Ch], ecx mov [eax+10h], ecx mov [eax+14h], ecx mov [eax+18h], ecx mov [eax+1Ch], ecx mov [eax+20h], ecx mov [eax+24h], ecx retn zeroVideoFunctionTable endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** getDeleteBufferFunc proc near ; CODE XREF: deleteBuffer+3 ; deleteSXBIOSstructs+25 mov dword ptr [ecx], offset pointToDeleteBuffer_Func retn getDeleteBufferFunc endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** call_Begin_SXBIOS_Call proc near ; CODE XREF: SXBIOS_Load+14B mov eax, [ecx+0Ch] ; Begin_SXBIOS_Call test eax, eax jnz short loc_203508 retn ; =========================================================================== loc_203508: ; CODE XREF: call_Begin_SXBIOS_Call+5 jmp eax call_Begin_SXBIOS_Call endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** call_End_SXBIOS_Call proc near ; CODE XREF: Unload_Library+E mov eax, [ecx+10h] ; End_SXBIOS_Call test eax, eax jnz short loc_203518 retn ; =========================================================================== loc_203518: ; CODE XREF: call_End_SXBIOS_Call+5 mov ecx, [ecx+8] push ecx call eax add esp, 4 retn call_End_SXBIOS_Call endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** call_SXBIOS_Call proc near ; CODE XREF: doSXBIOScall+13 ; call_SXBIOS+2B functionNum = byte ptr 4 mov eax, [ecx+14h] ; addr_SXBIOS_Call test eax, eax jnz short doCall xor al, al retn 4 ; =========================================================================== doCall: ; CODE XREF: call_SXBIOS_Call+5 mov edx, dword ptr [esp+functionNum] mov ecx, [ecx+8] ; libAddress push edx push ecx call eax add esp, 8 retn 4 call_SXBIOS_Call endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** call_SXBIOS proc near ; CODE XREF: callSXBIOSifNoDMI+22 ; callSXBIOS_02_1C02+14 SXBIOS_function = dword ptr -8 var_4 = dword ptr -4 SXBIOS_function_num= word ptr 4 constantEQ1C02 = byte ptr 8 arg_8 = dword ptr 0Ch arg_C = dword ptr 10h sub esp, 8 mov ax, [esp+8+SXBIOS_function_num] mov dx, word ptr [esp+8+constantEQ1C02] mov word ptr [esp+8+SXBIOS_function], ax mov eax, [esp+8+arg_8] mov [esp+8+var_4], eax mov eax, [ecx+18h] ; addr_SXBIOS_CallEx test eax, eax mov word ptr [esp+8+SXBIOS_function+2], dx jnz short doSXBIOS_CallEx lea edx, [esp+8+SXBIOS_function] push edx call call_SXBIOS_Call add esp, 8 retn 10h ; =========================================================================== doSXBIOS_CallEx: ; CODE XREF: call_SXBIOS+24 mov edx, [esp+8+arg_C] mov ecx, [ecx+8] ; libAddress push edx lea edx, [esp+0Ch+SXBIOS_function] push edx push ecx call eax ; SXBIOS_CallEx add esp, 0Ch add esp, 8 retn 10h call_SXBIOS endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** deleteBuffer proc near ; DATA XREF: .rdata:pointToDeleteBuffer_Func arg_0 = byte ptr 8 push esi mov esi, ecx call getDeleteBufferFunc test [esp+arg_0], 1 jz short loc_2035B8 push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 loc_2035B8: ; CODE XREF: deleteBuffer+D mov eax, esi pop esi retn 4 deleteBuffer endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** Unload_Library proc near ; CODE XREF: SXBIOS_Init+32 ; unloadDMIlibraryConditional+E ... push esi mov esi, ecx mov eax, [esi+8] push edi or edi, 0FFFFFFFFh cmp eax, edi jz short getHandle call call_End_SXBIOS_Call mov [esi+8], edi getHandle: ; CODE XREF: Unload_Library+C mov eax, [esi+4] ; hLibModule (SXBIOS) xor edi, edi cmp eax, edi jz short exit push eax ; hLibModule call ds:FreeLibrary mov [esi+4], edi ; libDataSXBIOS mov [esi+0Ch], edi mov [esi+10h], edi mov [esi+14h], edi mov [esi+18h], edi mov [esi+1Ch], edi mov [esi+20h], edi mov [esi+24h], edi exit: ; CODE XREF: Unload_Library+1D pop edi mov eax, 1 pop esi retn Unload_Library endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** SXBIOS_Load proc near ; CODE XREF: SXBIOS_Init+F hKey = dword ptr -110h cbData = dword ptr -10Ch Type = dword ptr -108h LibFileName = dword ptr -104h sub esp, 110h push ebx push esi mov esi, ecx ; libDataSXBIOS mov eax, [esi+4] test eax, eax push edi jnz loc_203753 lea eax, [esp+11Ch+hKey] push eax ; phkResult push 1 ; samDesired xor ebx, ebx push ebx ; ulOptions push offset aSoftwareSony_1 ; "Software\\Sony Corporation\\Shared Info\\S"... push 80000002h ; hKey call ds:RegOpenKeyExA test eax, eax jnz loc_20376F mov edi, ds:RegQueryValueExA lea ecx, [esp+11Ch+cbData] push ecx ; lpcbData push eax ; lpData lea edx, [esp+124h+Type] push edx ; lpType push eax ; lpReserved mov [esp+12Ch+cbData], eax mov eax, [esp+12Ch+hKey] push offset aSxbios_dll ; "SxBIOS.dll" push eax ; hKey mov [esp+134h+Type], 1 call edi ; RegQueryValueExA lea ecx, [esp+11Ch+cbData] push ecx ; lpcbData mov ecx, [esp+120h+hKey] lea edx, [esp+120h+LibFileName] push edx ; lpData lea eax, [esp+124h+Type] push eax ; lpType push ebx ; lpReserved push offset aSxbios_dll ; "SxBIOS.dll" push ecx ; hKey call edi ; RegQueryValueExA test eax, eax jnz short loc_203697 mov ebx, 1 loc_203697: ; CODE XREF: SXBIOS_Load+80 mov edx, [esp+11Ch+hKey] push edx ; hKey call ds:RegCloseKey test ebx, ebx jz loc_20376F lea eax, [esp+11Ch+LibFileName] push eax ; lpLibFileName call ds:LoadLibraryA test eax, eax mov [esi+4], eax jz loc_20376F mov edi, ds:GetProcAddress push offset ProcName ; "Begin_SXBIOS_Call" push eax ; hModule call edi ; GetProcAddress mov ecx, [esi+4] push offset aEnd_sxbios_cal ; "End_SXBIOS_Call" push ecx ; hModule mov [esi+0Ch], eax call edi ; GetProcAddress mov edx, [esi+4] push offset aSxbios_call ; "SXBIOS_Call" push edx ; hModule mov [esi+10h], eax call edi ; GetProcAddress mov [esi+14h], eax mov eax, [esi+4] push offset aSxbios_callex ; "SXBIOS_CallEx" push eax ; hModule call edi ; GetProcAddress mov ecx, [esi+4] push offset aSxbios_biosmes ; "SXBIOS_BiosMessageReq" push ecx ; hModule mov [esi+18h], eax call edi ; GetProcAddress mov edx, [esi+4] push offset aSxbios_cancelm ; "SXBIOS_CancelMessageReq" push edx ; hModule mov [esi+1Ch], eax call edi ; GetProcAddress mov [esi+20h], eax mov eax, [esi+4] push offset aSxbios_cmosget ; "SXBIOS_CMOSGetDefaultSetting" push eax ; hModule call edi ; GetProcAddress mov ecx, [esi+0Ch] test ecx, ecx mov [esi+24h], eax jz short exit mov ecx, [esi+10h] test ecx, ecx jz short exit mov ecx, [esi+14h] test ecx, ecx jz short exit mov ecx, [esi+18h] test ecx, ecx jz short exit mov ecx, [esi+1Ch] test ecx, ecx jz short exit mov ecx, [esi+20h] test ecx, ecx jz short exit test eax, eax jz short exit loc_203753: ; CODE XREF: SXBIOS_Load+10 cmp dword ptr [esi+8], 0FFFFFFFFh jnz short loc_20377B mov ecx, esi call call_Begin_SXBIOS_Call cmp eax, 0FFFFFFFFh mov [esi+8], eax jnz short loc_20377B exit: ; CODE XREF: SXBIOS_Load+11A ; SXBIOS_Load+121 ... mov ecx, esi call Unload_Library loc_20376F: ; CODE XREF: SXBIOS_Load+32 ; SXBIOS_Load+94 ... pop edi pop esi xor eax, eax pop ebx add esp, 110h retn ; =========================================================================== loc_20377B: ; CODE XREF: SXBIOS_Load+147 ; SXBIOS_Load+156 pop edi pop esi mov eax, 1 pop ebx add esp, 110h retn SXBIOS_Load endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** initVideoBuffer proc near ; CODE XREF: SnyUtils_Init+129 push edi xor eax, eax mov ecx, 14h mov edi, offset initialVideoBuffer rep stosd ; zero-fill buffer mov eax, 1 pop edi retn initVideoBuffer endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** nullsub_1 proc near ; CODE XREF: unload retn nullsub_1 endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** subWndMsg01112 proc near ; CODE XREF: .text:00203EFB hWnd = byte ptr 4 mov eax, dword ptr [esp+hWnd] mov edx, dword_20F174 mov hWnd, eax xor eax, eax cmp edx, eax jz short exit push eax ; lpTimerFunc push 3E8h ; uElapse 1000 mov [ecx], eax mov [ecx+54h], eax mov [ecx+58h], eax mov [ecx+5Ch], eax mov ecx, hWnd push 1 ; nIDEvent push ecx ; hWnd call ds:SetTimer exit: ; CODE XREF: subWndMsg01112+13 mov eax, 1 retn 4 subWndMsg01112 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** subWndMsg0401 proc near ; CODE XREF: .text:00203F64 arg_4 = dword ptr 0Ch push ebx mov ebx, [esp+arg_4] test ebx, ebx jnz short loc_20380F xor eax, eax pop ebx retn 8 ; =========================================================================== loc_20380F: ; CODE XREF: subWndMsg0401+7 push esi lea edx, [ecx+4] push edi xor edi, edi mov eax, edx loc_203818: ; CODE XREF: subWndMsg0401+29 mov esi, [eax] test esi, esi jz short loc_203822 cmp esi, ebx jz short loc_20383E loc_203822: ; CODE XREF: subWndMsg0401+1C inc edi add eax, 4 cmp edi, 14h jl short loc_203818 xor eax, eax lea ecx, [ecx+0] loc_203830: ; CODE XREF: subWndMsg0401+3C cmp dword ptr [edx], 0 jz short loc_203846 inc eax add edx, 4 cmp eax, 14h jl short loc_203830 loc_20383E: ; CODE XREF: subWndMsg0401+20 pop edi pop esi xor eax, eax pop ebx retn 8 ; =========================================================================== loc_203846: ; CODE XREF: subWndMsg0401+33 pop edi mov [ecx+eax*4+4], ebx pop esi mov eax, 1 pop ebx retn 8 subWndMsg0401 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** subWndMsg0402 proc near ; CODE XREF: .text:00203F4B arg_4 = dword ptr 0Ch push esi mov esi, [esp+arg_4] test esi, esi jnz short loc_20386F xor eax, eax pop esi retn 8 ; =========================================================================== loc_20386F: ; CODE XREF: subWndMsg0402+7 lea eax, [ecx+4] mov edx, 14h loc_203877: ; CODE XREF: subWndMsg0402+2B mov ecx, [eax] test ecx, ecx jz short loc_203887 cmp ecx, esi jnz short loc_203887 mov dword ptr [eax], 0 loc_203887: ; CODE XREF: subWndMsg0402+1B ; subWndMsg0402+1F add eax, 4 dec edx jnz short loc_203877 mov eax, 1 pop esi retn 8 subWndMsg0402 endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2038A0 proc near ; CODE XREF: sub_203AC0+37 ; sub_203AC0+A1 push esi push edi lea esi, [ecx+4] mov edi, 14h lea ebx, [ebx+0] loc_2038B0: ; CODE XREF: sub_2038A0+2C mov eax, [esi] test eax, eax jz short loc_2038C8 mov ecx, [eax+8] test ecx, ecx jz short loc_2038C8 push 0 push eax call terminateThread add esp, 8 loc_2038C8: ; CODE XREF: sub_2038A0+14 ; sub_2038A0+1B add esi, 4 dec edi jnz short loc_2038B0 pop edi mov dword_20E024, 0 pop esi retn sub_2038A0 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2038E0 proc near ; CODE XREF: sub_203DD0+72 push ebx push esi push edi lea edi, [ecx+4] mov ebx, 14h jmp short loc_2038F0 ; =========================================================================== db 8Dh, 49h, 0 ; =========================================================================== loc_2038F0: ; CODE XREF: sub_2038E0+B ; sub_2038E0+38 mov esi, [edi] test esi, esi jz short loc_203914 mov eax, [esi+8] test eax, eax jnz short loc_203914 push esi call createEventThread add esp, 4 test eax, eax jnz short loc_203914 push eax push esi call terminateThread add esp, 8 loc_203914: ; CODE XREF: sub_2038E0+14 ; sub_2038E0+1B ... add edi, 4 dec ebx jnz short loc_2038F0 pop edi pop esi mov eax, 1 pop ebx retn sub_2038E0 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** registerForSNCdeviceNotifications proc near ; CODE XREF: subWndMsg0113+2C var_2C = dword ptr -2Ch var_28 = byte ptr -28h var_26 = byte ptr -26h var_25 = byte ptr -25h var_24 = byte ptr -24h var_22 = byte ptr -22h var_21 = byte ptr -21h NotificationFilter= dword ptr -20h var_1C = dword ptr -1Ch var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 sub esp, 30h push esi mov esi, ecx mov eax, [esi+54h] test eax, eax jnz exit push edi mov ecx, 8 lea edi, [esp+38h+NotificationFilter] rep stosd mov eax, 8F3EE1Ah mov [esp+38h+var_14], eax ; 885411D2-BD7A-0800-46019D65 mov word ptr [esp+38h+var_2C], 8854h mov word ptr [esp+38h+var_2C+2], 11D2h mov eax, [esp+38h+var_2C] mov [esp+38h+var_28], 0BDh ; '' mov byte ptr [esp+11h], 7Ah ; 'z' mov [esp+38h+var_26], 8 mov [esp+38h+var_25], 0 mov ecx, dword ptr [esp+38h+var_28] mov [esp+38h+var_10], eax push 0 ; Flags lea eax, [esp+3Ch+NotificationFilter] mov [esp+3Ch+var_C], ecx mov ecx, hWnd push eax ; NotificationFilter mov [esp+40h+var_24], 46h ; 'F' mov byte ptr [esp+1Dh], 1 mov [esp+40h+var_22], 9Dh ; '' mov [esp+40h+var_21], 65h ; 'e' mov edx, dword ptr [esp+40h+var_24] push ecx ; hRecipient mov [esp+44h+NotificationFilter], 20h ; ' ' mov [esp+44h+var_1C], 5 mov [esp+44h+var_8], edx call ds:RegisterDeviceNotificationA mov [esi+54h], eax pop edi exit: ; CODE XREF: registerForSNCdeviceNotifications+B pop esi add esp, 30h retn registerForSNCdeviceNotifications endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2039E0 proc near ; CODE XREF: subWndMsg0102_0103+1B push esi mov esi, ecx mov eax, [esi+54h] test eax, eax jz short loc_2039FE push eax ; Handle call ds:UnregisterDeviceNotification test eax, eax jnz short loc_2039F7 pop esi retn ; =========================================================================== loc_2039F7: ; CODE XREF: sub_2039E0+13 mov dword ptr [esi+54h], 0 loc_2039FE: ; CODE XREF: sub_2039E0+8 mov eax, 1 pop esi retn sub_2039E0 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** resetACPInotifyHandler proc near ; CODE XREF: subWndMsg0102_0103+24 ; sub_203AC0+1C ... arg_0 = dword ptr 8 push esi mov esi, ecx mov eax, [esi+58h] test eax, eax push edi mov edi, [esp+4+arg_0] jz short loc_203A2A test edi, edi jz short loc_203A2A push eax ; hObject call ds:CloseHandle loc_203A2A: ; CODE XREF: resetACPInotifyHandler+D ; resetACPInotifyHandler+11 mov eax, [esi+5Ch] test eax, eax jz short loc_203A3C test edi, edi jz short loc_203A3C push eax ; Handle call ds:UnregisterDeviceNotification loc_203A3C: ; CODE XREF: resetACPInotifyHandler+1F ; resetACPInotifyHandler+23 pop edi mov dword ptr [esi+58h], 0 mov dword ptr [esi+5Ch], 0 mov eax, 1 pop esi retn 4 resetACPInotifyHandler endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** checkInitVideoBufferZero proc near ; CODE XREF: SuClose+4B mov eax, offset initialVideoBuffer iterateBuffer: ; CODE XREF: checkInitVideoBufferZero+12 cmp dword ptr [eax], 0 jnz short exitFalse add eax, 4 cmp eax, offset dword_20E0B4 jl short iterateBuffer mov eax, 1 ; return true retn ; =========================================================================== exitFalse: ; CODE XREF: checkInitVideoBufferZero+8 xor eax, eax retn checkInitVideoBufferZero endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** subWndMsg0102_0103 proc near ; CODE XREF: .text:00203EC6 ; .text:00203EE2 push esi mov esi, ecx push edi xor eax, eax mov ecx, 14h lea edi, [esi+4] rep stosd mov eax, dword_20F174 test eax, eax jz short exit mov ecx, esi call sub_2039E0 push 1 mov ecx, esi call resetACPInotifyHandler mov dword ptr [esi], 0 exit: ; CODE XREF: subWndMsg0102_0103+17 pop edi pop esi retn subWndMsg0102_0103 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_203AC0 proc near ; CODE XREF: subWndMsg0219+27 var_10 = dword ptr -10h var_C = word ptr -0Ch var_A = word ptr -0Ah var_8 = byte ptr -8 var_7 = byte ptr -7 var_6 = byte ptr -6 var_5 = byte ptr -5 var_4 = byte ptr -4 var_3 = byte ptr -3 var_2 = byte ptr -2 var_1 = byte ptr -1 arg_0 = dword ptr 4 sub esp, 10h push ebx push esi mov esi, [esp+18h+arg_0] mov eax, [esi+4] sub eax, 5 mov ebx, ecx jz short loc_203B04 dec eax jnz loc_203B66 push 0 call resetACPInotifyHandler mov eax, [esi+0Ch] push eax ; hObject call ds:CloseHandle mov ecx, [esi+10h] push ecx ; Handle call ds:UnregisterDeviceNotification mov ecx, ebx call sub_2038A0 pop esi pop ebx add esp, 10h retn 4 ; =========================================================================== loc_203B04: ; CODE XREF: sub_203AC0+11 push edi add esi, 0Ch mov ecx, 4 lea edi, [esp+1Ch+var_10] xor edx, edx mov [esp+1Ch+var_10], 8F3EE1Ah mov [esp+1Ch+var_C], 8854h mov [esp+1Ch+var_A], 11D2h mov [esp+1Ch+var_8], 0BDh ; '' mov [esp+1Ch+var_7], 7Ah ; 'z' mov [esp+1Ch+var_6], 8 mov [esp+1Ch+var_5], 0 mov [esp+1Ch+var_4], 46h ; 'F' mov [esp+1Ch+var_3], 1 mov [esp+1Ch+var_2], 9Dh ; '' mov [esp+1Ch+var_1], 65h ; 'e' repe cmpsd pop edi jnz short loc_203B66 push 1 mov ecx, ebx call resetACPInotifyHandler mov ecx, ebx call sub_2038A0 loc_203B66: ; CODE XREF: sub_203AC0+14 ; sub_203AC0+94 pop esi pop ebx add esp, 10h retn 4 sub_203AC0 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** registerACPInotifyHandler proc near ; CODE XREF: subWndMsg0113+46 ; sub_203DD0+6B InterfaceClassGuid= dword ptr -260h var_25C = word ptr -25Ch var_25A = word ptr -25Ah var_258 = byte ptr -258h var_257 = byte ptr -257h var_256 = byte ptr -256h var_255 = byte ptr -255h var_254 = byte ptr -254h var_253 = byte ptr -253h var_252 = byte ptr -252h var_251 = byte ptr -251h var_250 = dword ptr -250h DeviceInterfaceDetailDataSize= dword ptr -24Ch DeviceInterfaceData= dword ptr -248h NotificationFilter= dword ptr -22Ch var_228 = dword ptr -228h var_224 = dword ptr -224h var_220 = dword ptr -220h var_21C = dword ptr -21Ch FileName = dword ptr -200h var_1FC = dword ptr -1FCh sub esp, 260h push ebx push esi mov esi, ecx mov eax, [esi+58h] xor ebx, ebx cmp eax, ebx jz short loc_203B8E mov eax, [esi+5Ch] cmp eax, ebx jnz loc_203D28 loc_203B8E: ; CODE XREF: registerACPInotifyHandler+11 push ebp push 1 mov ecx, esi call resetACPInotifyHandler push 12h ; Flags push ebx ; hwndParent push ebx ; Enumerator lea eax, [esp+278h+InterfaceClassGuid] push eax ; ClassGuid mov [esp+27Ch+InterfaceClassGuid], 8F3EE1Ah mov [esp+27Ch+var_25C], 8854h mov [esp+27Ch+var_25A], 11D2h mov [esp+27Ch+var_258], 0BDh ; '' mov [esp+27Ch+var_257], 7Ah ; 'z' mov [esp+27Ch+var_256], 8 mov [esp+27Ch+var_255], bl mov [esp+27Ch+var_254], 46h ; 'F' mov [esp+27Ch+var_253], 1 mov [esp+27Ch+var_252], 9Dh ; '' mov [esp+27Ch+var_251], 65h ; 'e' call ds:SetupDiGetClassDevsA mov ebp, eax cmp ebp, 0FFFFFFFFh jz loc_203D10 lea ecx, [esp+26Ch+DeviceInterfaceData] push ecx ; DeviceInterfaceData push ebx ; MemberIndex lea edx, [esp+274h+InterfaceClassGuid] push edx ; InterfaceClassGuid push ebx ; DeviceInfoData push ebp ; DeviceInfoSet mov [esp+280h+var_250], ebx mov [esp+280h+DeviceInterfaceData], 1Ch call ds:SetupDiEnumDeviceInterfaces test eax, eax jz loc_203D09 push edi jmp short loc_203C20 ; =========================================================================== db 8Dh, 0A4h, 24h, 4 dup(0) ; =========================================================================== loc_203C20: ; CODE XREF: registerACPInotifyHandler+A7 ; registerACPInotifyHandler+192 mov edi, ds:SetupDiGetDeviceInterfaceDetailA push ebx ; DeviceInfoData lea eax, [esp+274h+DeviceInterfaceDetailDataSize] push eax ; RequiredSize push ebx ; DeviceInterfaceDetailDataSize push ebx ; DeviceInterfaceDetailData lea ecx, [esp+280h+DeviceInterfaceData] push ecx ; DeviceInterfaceData push ebp ; DeviceInfoSet call edi ; SetupDiGetDeviceInterfaceDetailA mov eax, [esp+270h+DeviceInterfaceDetailDataSize] cmp eax, 200h jnb loc_203CDC push ebx ; DeviceInfoData push ebx ; RequiredSize push eax ; DeviceInterfaceDetailDataSize lea edx, [esp+27Ch+FileName] push edx ; DeviceInterfaceDetailData lea eax, [esp+280h+DeviceInterfaceData] push eax ; DeviceInterfaceData push ebp ; DeviceInfoSet mov [esp+288h+FileName], 5 call edi ; SetupDiGetDeviceInterfaceDetailA test eax, eax jz short loc_203CDC push 1 mov ecx, esi call resetACPInotifyHandler push ebx ; hTemplateFile push 80h ; '' ; dwFlagsAndAttributes push 3 ; dwCreationDisposition push ebx ; lpSecurityAttributes push 1 ; dwShareMode push 80000000h ; dwDesiredAccess lea ecx, [esp+288h+var_1FC] push ecx ; lpFileName call ds:CreateFileA mov edx, eax cmp edx, ebx mov [esi+58h], edx jz short loc_203CD9 cmp edx, 0FFFFFFFFh jz short loc_203CD9 xor eax, eax mov ecx, 0Bh lea edi, [esp+270h+NotificationFilter] rep stosd mov eax, hWnd mov [esp+270h+var_220], edx push ebx ; Flags lea edx, [esp+274h+NotificationFilter] push edx ; NotificationFilter push eax ; hRecipient mov [esp+27Ch+NotificationFilter], 2Ch ; ',' mov [esp+27Ch+var_228], 6 mov [esp+27Ch+var_224], ebx mov [esp+27Ch+var_21C], ebx call ds:RegisterDeviceNotificationA mov [esi+5Ch], eax jmp short loc_203CDC ; =========================================================================== loc_203CD9: ; CODE XREF: registerACPInotifyHandler+122 ; registerACPInotifyHandler+127 mov [esi+58h], ebx loc_203CDC: ; CODE XREF: registerACPInotifyHandler+CF ; registerACPInotifyHandler+F2 ... mov eax, [esp+270h+var_250] lea ecx, [esp+270h+DeviceInterfaceData] push ecx ; DeviceInterfaceData inc eax push eax ; MemberIndex lea edx, [esp+278h+InterfaceClassGuid] push edx ; InterfaceClassGuid push ebx ; DeviceInfoData push ebp ; DeviceInfoSet mov [esp+284h+var_250], eax mov [esp+284h+DeviceInterfaceData], 1Ch call ds:SetupDiEnumDeviceInterfaces test eax, eax jnz loc_203C20 pop edi loc_203D09: ; CODE XREF: registerACPInotifyHandler+A0 push ebp ; DeviceInfoSet call ds:SetupDiDestroyDeviceInfoList loc_203D10: ; CODE XREF: registerACPInotifyHandler+79 cmp [esi+58h], ebx pop ebp jz short loc_203D1D mov eax, [esi+5Ch] cmp eax, ebx jnz short loc_203D28 loc_203D1D: ; CODE XREF: registerACPInotifyHandler+1A4 push 1 mov ecx, esi call resetACPInotifyHandler xor eax, eax loc_203D28: ; CODE XREF: registerACPInotifyHandler+18 ; registerACPInotifyHandler+1AB pop esi pop ebx add esp, 260h retn registerACPInotifyHandler endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall subWndMsg0113(UINT uIDEvent) subWndMsg0113 proc near ; CODE XREF: .text:00203F0B uIDEvent = byte ptr 4 mov eax, hWnd push esi push edi mov edi, dword ptr [esp+8+uIDEvent] push edi ; uIDEvent push eax ; hWnd mov esi, ecx call ds:KillTimer mov eax, edi dec eax jnz short exit mov eax, [esi+54h] test eax, eax jnz short loc_203D74 mov eax, dword_20F174 test eax, eax jz short loc_203D74 mov ecx, esi call registerForSNCdeviceNotifications mov [esi+54h], eax loc_203D74: ; CODE XREF: subWndMsg0113+1F ; subWndMsg0113+28 mov eax, [esi+5Ch] test eax, eax jnz short loc_203D8E mov eax, dword_20F174 test eax, eax jz short exit mov ecx, esi call registerACPInotifyHandler mov [esi+5Ch], eax loc_203D8E: ; CODE XREF: subWndMsg0113+39 mov eax, dword_20F174 test eax, eax jz short exit mov eax, [esi+54h] test eax, eax jz short loc_203DA5 mov eax, [esi+5Ch] test eax, eax jnz short exit loc_203DA5: ; CODE XREF: subWndMsg0113+5C cmp dword ptr [esi], 12Ch jge short exit mov ecx, hWnd push 0 ; lpTimerFunc push 3E8h ; uElapse push 1 ; nIDEvent push ecx ; hWnd call ds:SetTimer inc dword ptr [esi] exit: ; CODE XREF: subWndMsg0113+18 ; subWndMsg0113+42 ... pop edi pop esi retn 4 subWndMsg0113 endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_203DD0 proc near ; CODE XREF: subWndMsg0219+1A var_10 = dword ptr -10h var_C = word ptr -0Ch var_A = word ptr -0Ah var_8 = byte ptr -8 var_7 = byte ptr -7 var_6 = byte ptr -6 var_5 = byte ptr -5 var_4 = byte ptr -4 var_3 = byte ptr -3 var_2 = byte ptr -2 var_1 = byte ptr -1 arg_0 = dword ptr 4 mov edx, [esp+arg_0] mov eax, [edx+4] sub esp, 10h sub eax, 5 push ebx mov ebx, ecx jz short loc_203DE5 dec eax jmp short loc_203E37 ; =========================================================================== loc_203DE5: ; CODE XREF: sub_203DD0+10 push esi push edi mov ecx, 4 lea edi, [esp+1Ch+var_10] lea esi, [edx+0Ch] xor eax, eax mov [esp+1Ch+var_10], 8F3EE1Ah mov [esp+1Ch+var_C], 8854h mov [esp+1Ch+var_A], 11D2h mov [esp+1Ch+var_8], 0BDh ; '' mov [esp+1Ch+var_7], 7Ah ; 'z' mov [esp+1Ch+var_6], 8 mov [esp+1Ch+var_5], 0 mov [esp+1Ch+var_4], 46h ; 'F' mov [esp+1Ch+var_3], 1 mov [esp+1Ch+var_2], 9Dh ; '' mov [esp+1Ch+var_1], 65h ; 'e' repe cmpsd pop edi pop esi loc_203E37: ; CODE XREF: sub_203DD0+13 jnz short loc_203E47 mov ecx, ebx call registerACPInotifyHandler mov ecx, ebx call sub_2038E0 loc_203E47: ; CODE XREF: sub_203DD0:loc_203E37 pop ebx add esp, 10h retn 4 sub_203DD0 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** subWndMsg0219 proc near ; CODE XREF: .text:00203F7D arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, [esp+arg_0] add eax, 0FFFF8000h ; switch 5 cases cmp eax, 4 ja short nullsub_2 ; default jmp ds:off_203E80[eax*4] ; switch jump loc_203E65: ; DATA XREF: .text:off_203E80 mov eax, [esp+arg_4] ; case 0x8000 push eax call sub_203DD0 retn 8 ; =========================================================================== loc_203E72: ; CODE XREF: subWndMsg0219+E ; DATA XREF: .text:off_203E80 mov edx, [esp+arg_4] ; case 0x8001 push edx call sub_203AC0 subWndMsg0219 endp ; *************** S U B R O U T I N E *************************************** ; default nullsub_2 proc near ; CODE XREF: subWndMsg0219+C ; subWndMsg0219+E ; DATA XREF: ... retn 8 nullsub_2 endp ; =========================================================================== align 10h off_203E80 dd offset loc_203E65, offset loc_203E72, offset loc_203E65 ; DATA XREF: subWndMsg0219+E dd offset nullsub_2, offset loc_203E72 ; jump table for switch statement db 0Ch dup(90h) ; =========================================================================== MainWndClassMessageWindow: ; DATA XREF: createMainWndClass+14 push esi mov esi, [esp+0Ch] cmp esi, 113h push edi mov edi, [esp+14h] ; uIDEvent ja short msg0114orGreater jz short msg0113 mov eax, esi dec eax jz short msg0112 sub eax, 0Fh jz short msg0103 dec eax jnz short msg0102 mov ecx, offset dword_20E060 call subWndMsg0102_0103 push 0 call ds:PostQuitMessage pop edi mov eax, 1 pop esi retn 10h ; =========================================================================== msg0103: ; CODE XREF: .text:00203EBC mov ecx, offset dword_20E060 call subWndMsg0102_0103 push 0 call ds:PostQuitMessage jmp short msg0102 ; =========================================================================== msg0112: ; CODE XREF: .text:00203EB7 mov eax, [esp+0Ch] ; hWnd Timer push eax mov ecx, offset dword_20E060 call subWndMsg01112 pop edi pop esi retn 10h ; =========================================================================== msg0113: ; CODE XREF: .text:00203EB2 push edi mov ecx, offset dword_20E060 call subWndMsg0113 jmp short msg0102 ; =========================================================================== msg0114orGreater: ; CODE XREF: .text:00203EB0 mov eax, esi sub eax, 219h jz short locWndMsg0219 sub eax, 1E8h jz short locWndMsg0401 dec eax jz short locWndMsg0402 msg0102: ; CODE XREF: .text:00203EBF ; .text:00203EEF ... mov ecx, [esp+18h] mov edx, [esp+0Ch] push ecx push edi push esi push edx call ds:DefWindowProcA ; not handled; call Windows default message handler pop edi pop esi retn 10h ; =========================================================================== locWndMsg0402: ; CODE XREF: .text:00203F23 mov eax, [esp+18h] mov ecx, [esp+14h] push eax push ecx mov ecx, offset dword_20E060 call subWndMsg0402 pop edi pop esi retn 10h ; =========================================================================== locWndMsg0401: ; CODE XREF: .text:00203F20 mov edx, [esp+18h] mov eax, [esp+14h] push edx push eax mov ecx, offset dword_20E060 call subWndMsg0401 pop edi pop esi retn 10h ; =========================================================================== locWndMsg0219: ; CODE XREF: .text:00203F19 mov ecx, [esp+18h] mov edx, [esp+14h] push ecx push edx mov ecx, offset dword_20E060 call subWndMsg0219 pop edi mov eax, 1 pop esi retn 10h ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame GetVideoDeviceVendor proc near ; CODE XREF: configIDgeneric+21 ; configMachineID56+20 ... DisplayDevice = dword ptr -1A8h var_184 = byte ptr -184h push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 1A8h push esi push edi xor eax, eax push eax ; dwFlags mov ecx, 6Ah ; 'j' lea edi, [esp+1B4h+DisplayDevice] rep stosd lea eax, [esp+1B4h+DisplayDevice] push eax ; lpDisplayDevice xor esi, esi push esi ; iDevNum push esi ; Unused mov [esp+1C0h+DisplayDevice], 1A8h call ds:EnumDisplayDevicesA test eax, eax jz loc_204070 lea ecx, [esp+1B0h+var_184] push offset aIntel ; "Intel" push ecx ; unsigned __int8 * call _mbsstr add esp, 8 test eax, eax jz short loc_203FEC mov eax, 0Dh pop edi pop esi mov esp, ebp pop ebp retn ; =========================================================================== loc_203FEC: ; CODE XREF: GetVideoDeviceVendor+4F lea edx, [esp+1B0h+var_184] push offset aAti ; "ATI" push edx ; unsigned __int8 * call _mbsstr add esp, 8 test eax, eax jnz short loc_204065 lea eax, [esp+1B0h+var_184] push offset aRadeon ; "Radeon" push eax ; unsigned __int8 * call _mbsstr add esp, 8 test eax, eax jnz short loc_204065 lea ecx, [esp+1B0h+var_184] push offset aRadeon_0 ; "RADEON" push ecx ; unsigned __int8 * call _mbsstr add esp, 8 test eax, eax jnz short loc_204065 lea edx, [esp+1B0h+var_184] push offset aNvidia ; "NVIDIA" push edx ; unsigned __int8 * call _mbsstr add esp, 8 test eax, eax jnz short loc_20405A lea eax, [esp+1B0h+var_184] push offset aNvidia_0 ; "Nvidia" push eax ; unsigned __int8 * call _mbsstr add esp, 8 test eax, eax jz short loc_204070 loc_20405A: ; CODE XREF: GetVideoDeviceVendor+B2 mov eax, 0Eh pop edi pop esi mov esp, ebp pop ebp retn ; =========================================================================== loc_204065: ; CODE XREF: GetVideoDeviceVendor+70 ; GetVideoDeviceVendor+86 ... mov eax, 0Ch pop edi pop esi mov esp, ebp pop ebp retn ; =========================================================================== loc_204070: ; CODE XREF: GetVideoDeviceVendor+35 ; GetVideoDeviceVendor+C8 pop edi mov eax, esi pop esi mov esp, ebp pop ebp retn GetVideoDeviceVendor endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** initSuStruct proc near ; CODE XREF: configModelFunctionality+C struct0 = byte ptr 4 mov ecx, dword ptr [esp+struct0] xor edx, edx mov eax, 1 mov [ecx+58h], eax mov [ecx+6Ch], edx mov [ecx+3Ch], edx mov [ecx+44h], edx mov [ecx+48h], edx mov [ecx+4Ch], edx mov dword ptr [ecx+50h], 8 mov [ecx+54h], eax mov [ecx+18h], eax mov [ecx+8], eax mov [ecx+0Ch], eax mov [ecx+2Ch], eax mov [ecx], edx mov [ecx+4], edx mov [ecx+10h], edx mov [ecx+14h], edx mov [ecx+1Ch], edx mov [ecx+20h], edx mov [ecx+24h], edx mov [ecx+28h], edx mov [ecx+30h], edx mov [ecx+34h], edx mov [ecx+38h], edx mov [ecx+40h], edx mov [ecx+5Ch], edx mov [ecx+60h], edx mov [ecx+64h], edx mov [ecx+68h], edx retn 4 initSuStruct endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID55 proc near ; CODE XREF: configModelFunctionality+4B struct = byte ptr 4 mov ecx, dword ptr [esp+struct] mov eax, 1 xor edx, edx mov [ecx+3Ch], eax mov [ecx+8], edx mov [ecx+0Ch], edx mov [ecx+10h], eax mov [ecx+14h], eax mov [ecx+34h], eax mov [ecx+38h], eax mov [ecx+48h], eax mov dword ptr [ecx+40h], 0Ch retn 4 configMachineID55 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** configIDgeneric proc near ; CODE XREF: configModelFunctionality+3C ; configModelFunctionality+B4 ... struct = byte ptr 4 xor eax, eax push esi mov esi, dword ptr [esp+4+struct] mov dword ptr [esi+48h], 1 mov dword ptr [esi+5Ch], 300Bh mov [esi+8], eax mov [esi+0Ch], eax mov [esi+18h], eax mov [esi+2Ch], eax call GetVideoDeviceVendor mov [esi+40h], eax mov eax, 1 pop esi retn 4 configIDgeneric endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID56 proc near ; CODE XREF: configModelFunctionality+5A struct = byte ptr 8 push esi mov esi, dword ptr [esp+struct] push edi mov edi, 1 mov [esi+3Ch], edi mov [esi+4], edi mov [esi+10h], edi mov [esi+14h], edi mov [esi+34h], edi mov [esi+38h], edi mov [esi+48h], edi call GetVideoDeviceVendor mov [esi+40h], eax mov eax, edi pop edi pop esi retn 4 configMachineID56 endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** configMachineID57 proc near ; CODE XREF: configModelFunctionality+69 arg_0 = dword ptr 4 mov eax, [esp+arg_0] xor ecx, ecx mov dword ptr [eax+40h], 9 mov dword ptr [eax+5Ch], 300Bh mov [eax+8], ecx mov [eax+0Ch], ecx mov [eax+18h], ecx mov [eax+2Ch], ecx mov eax, 1 retn 4 configMachineID57 endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID58 proc near ; CODE XREF: configModelFunctionality+78 arg_0 = dword ptr 4 mov ecx, [esp+arg_0] mov eax, 1 xor edx, edx mov [ecx+3Ch], eax mov [ecx+8], edx mov [ecx+0Ch], edx mov [ecx+10h], eax mov [ecx+14h], eax mov [ecx+34h], eax mov [ecx+38h], eax mov dword ptr [ecx+40h], 0Dh retn 4 configMachineID58 endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID59 proc near ; CODE XREF: configModelFunctionality+87 arg_0 = dword ptr 4 xor eax, eax push esi mov esi, [esp+4+arg_0] mov [esi+54h], eax mov [esi+8], eax mov [esi+0Ch], eax mov [esi+18h], eax mov [esi+2Ch], eax mov dword ptr [esi+5Ch], 1 call GetVideoDeviceVendor mov [esi+40h], eax mov eax, 1 pop esi retn 4 configMachineID59 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID62 proc near ; CODE XREF: configMachineID65+6 ; configMachineID64_79 ... arg_0 = dword ptr 4 xor eax, eax push esi mov esi, [esp+4+arg_0] mov [esi+8], eax mov [esi+0Ch], eax mov [esi+18h], eax mov [esi+2Ch], eax mov dword ptr [esi+5Ch], 2 call GetVideoDeviceVendor mov [esi+40h], eax mov eax, 1 pop esi retn 4 configMachineID62 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID60 proc near ; CODE XREF: configMachineID72+5 ; configModelFunctionality+A5 arg_0 = dword ptr 4 mov ecx, [esp+arg_0] mov eax, 1 xor edx, edx mov [ecx+3Ch], eax mov [ecx], eax mov [ecx+8], edx mov [ecx+0Ch], edx mov [ecx+10h], eax mov [ecx+14h], eax mov [ecx+24h], eax mov [ecx+34h], eax mov dword ptr [ecx+40h], 0Dh retn 4 configMachineID60 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID63 proc near ; CODE XREF: configModelFunctionality+C3 arg_0 = dword ptr 4 mov eax, [esp+arg_0] xor ecx, ecx mov dword ptr [eax+48h], 1 mov dword ptr [eax+5Ch], 300Bh mov dword ptr [eax+40h], 0Dh mov [eax+8], ecx mov [eax+0Ch], ecx mov [eax+18h], ecx mov [eax+2Ch], ecx mov eax, 1 retn 4 configMachineID63 endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** configMachineID65 proc near ; CODE XREF: configModelFunctionality+E1 arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] push esi call configMachineID62 mov dword ptr [esi+54h], 0 mov eax, 1 pop esi retn 4 configMachineID65 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID66 proc near ; CODE XREF: configModelFunctionality+F0 arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] push edi mov edi, 1 mov [esi+3Ch], edi mov [esi+48h], edi call GetVideoDeviceVendor mov [esi+40h], eax mov [esi], edi mov [esi+4], edi mov [esi+10h], edi mov [esi+14h], edi mov [esi+24h], edi mov [esi+34h], edi mov eax, edi pop edi pop esi retn 4 configMachineID66 endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID67 proc near ; CODE XREF: configMachineID80 ; configModelFunctionality+FF struct = byte ptr 8 push esi mov esi, dword ptr [esp+struct] push edi mov edi, 1 mov [esi+6Ch], edi mov [esi+48h], edi call GetVideoDeviceVendor mov [esi+40h], eax xor eax, eax mov [esi+8], eax mov [esi+0Ch], eax mov [esi], edi mov [esi+10h], edi mov [esi+14h], edi mov [esi+24h], edi mov eax, edi pop edi pop esi retn 4 configMachineID67 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID68 proc near ; CODE XREF: configModelFunctionality+10E arg_0 = dword ptr 4 mov ecx, [esp+arg_0] mov eax, 1 xor edx, edx mov [ecx+6Ch], eax mov dword ptr [ecx+40h], 0Dh mov [ecx+8], edx mov [ecx+0Ch], edx mov [ecx+10h], eax mov [ecx+14h], eax mov [ecx+24h], eax retn 4 configMachineID68 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID70 proc near ; CODE XREF: configModelFunctionality+12C arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] xor eax, eax mov [esi+4Ch], eax mov [esi+54h], eax mov dword ptr [esi+6Ch], 1 call GetVideoDeviceVendor mov [esi+40h], eax mov dword ptr [esi+5Ch], 2 mov eax, 1 pop esi retn 4 configMachineID70 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID69 proc near ; CODE XREF: configModelFunctionality+11D arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] mov dword ptr [esi+4Ch], 0 mov dword ptr [esi+54h], 1 mov dword ptr [esi+6Ch], 1 call GetVideoDeviceVendor mov [esi+40h], eax mov dword ptr [esi+5Ch], 1 mov eax, 1 pop esi retn 4 configMachineID69 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID71 proc near ; CODE XREF: configModelFunctionality+13B arg_0 = dword ptr 4 mov ecx, [esp+arg_0] xor edx, edx mov eax, 1 mov [ecx+3Ch], eax mov [ecx+48h], eax mov dword ptr [ecx+40h], 0Dh mov [ecx], eax mov [ecx+18h], edx mov [ecx+8], edx mov [ecx+0Ch], edx mov [ecx+2Ch], edx mov [ecx+4Ch], edx retn 4 configMachineID71 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID72 proc near ; CODE XREF: configModelFunctionality+147 arg_0 = dword ptr 4 mov eax, [esp+arg_0] push eax call configMachineID60 mov eax, 1 retn 4 configMachineID72 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID73 proc near ; CODE XREF: configModelFunctionality+153 arg_0 = dword ptr 4 mov ecx, [esp+arg_0] mov eax, 1 xor edx, edx mov dword ptr [ecx+40h], 0Eh mov [ecx+48h], eax mov [ecx+6Ch], eax mov [ecx+8], edx mov [ecx+0Ch], edx mov [ecx+10h], eax mov [ecx+14h], eax mov [ecx+24h], eax retn 4 configMachineID73 endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID74 proc near ; CODE XREF: configModelFunctionality+15F arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] push edi mov edi, 1 xor eax, eax mov [esi+6Ch], edi mov [esi+48h], edi mov [esi+8], eax mov [esi+0Ch], eax mov [esi+10h], edi mov [esi+14h], edi mov [esi+24h], edi call GetVideoDeviceVendor mov [esi+40h], eax mov eax, edi pop edi pop esi retn 4 configMachineID74 endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID76 proc near ; CODE XREF: configModelFunctionality+16B arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] push edi mov edi, 1 mov [esi+48h], edi mov [esi+6Ch], edi mov [esi], edi mov [esi+4], edi mov [esi+8], edi mov [esi+0Ch], edi mov [esi+10h], edi mov [esi+14h], edi mov [esi+18h], edi mov [esi+24h], edi mov [esi+2Ch], edi call GetVideoDeviceVendor mov [esi+40h], eax mov eax, edi pop edi pop esi retn 4 configMachineID76 endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID77 proc near ; CODE XREF: configModelFunctionality+177 arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] push edi mov edi, 1 mov dword ptr [esi+48h], 0 mov [esi+6Ch], edi mov [esi+4], edi mov [esi+8], edi mov [esi+0Ch], edi mov [esi+10h], edi mov [esi+14h], edi mov [esi+18h], edi mov [esi+24h], edi mov [esi+2Ch], edi call GetVideoDeviceVendor mov [esi+40h], eax mov eax, edi pop edi pop esi retn 4 configMachineID77 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID78 proc near ; CODE XREF: configModelFunctionality+183 arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] mov dword ptr [esi+6Ch], 1 mov dword ptr [esi+54h], 1 call GetVideoDeviceVendor mov [esi+40h], eax mov dword ptr [esi+5Ch], 2 mov eax, 1 pop esi retn 4 configMachineID78 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** configMachineID75 proc near ; CODE XREF: configModelFunctionality+18F struct0 = byte ptr 4 mov ecx, dword ptr [esp+struct0] mov eax, 1 xor edx, edx mov [ecx+58h], eax mov [ecx+54h], eax mov [ecx+6Ch], edx mov [ecx+3Ch], eax mov [ecx+48h], eax mov [ecx+4Ch], edx mov dword ptr [ecx+50h], 8 mov [ecx+18h], eax mov [ecx+8], eax mov [ecx+0Ch], eax mov [ecx+2Ch], eax mov [ecx], edx mov [ecx+4], eax mov [ecx+10h], eax mov [ecx+14h], eax mov [ecx+1Ch], edx mov [ecx+20h], edx mov [ecx+24h], eax mov [ecx+28h], edx mov [ecx+30h], edx mov [ecx+34h], eax mov [ecx+38h], edx mov dword ptr [ecx+40h], 0Dh mov [ecx+5Ch], edx mov [ecx+60h], edx mov [ecx+64h], edx mov [ecx+68h], edx mov [ecx+44h], edx retn 4 configMachineID75 endp ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk configMachineID64_79 proc near ; CODE XREF: configModelFunctionality+D2 ; configModelFunctionality+19B jmp configMachineID62 configMachineID64_79 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk configMachineID80 proc near ; CODE XREF: configModelFunctionality+1A7 jmp configMachineID67 configMachineID80 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** configModelFunctionality proc near ; CODE XREF: SnyUtils_Init+42 machineID = dword ptr 0Ch buffer = byte ptr 10h push ebx push esi mov esi, dword ptr [esp+buffer] push edi push esi mov edi, ecx xor ebx, ebx call initSuStruct mov eax, [esp+4+machineID] cmp eax, 1001h ja default ; default jz machineID_0 ; values can range from 0 to 80 ; but switch only wants the range ; 54 to 80 ; add eax, -54 ensures the following ; cmp eax,26 doesn't set the CF flag ; for values with the sign-bit set ; and therefore ; ja default works for any ID outside ; the range 54 - 80 add eax, 0FFFFFFCAh ; switch 27 cases cmp eax, 1Ah ja default ; default jmp ds:machineIDSwitchTable[eax*4] ; switch jump machineID54: ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x36 mov ecx, edi call configIDgeneric mov ebx, eax jmp default ; default ; =========================================================================== machineID55: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x37 mov ecx, edi call configMachineID55 mov ebx, eax jmp default ; default ; =========================================================================== machineID56: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x38 mov ecx, edi call configMachineID56 mov ebx, eax jmp default ; default ; =========================================================================== machineID57: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x39 mov ecx, edi call configMachineID57 mov ebx, eax jmp default ; default ; =========================================================================== machineID58: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x3A mov ecx, edi call configMachineID58 mov ebx, eax jmp default ; default ; =========================================================================== machineID59: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x3B mov ecx, edi call configMachineID59 mov ebx, eax jmp default ; default ; =========================================================================== machineID62: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x3E mov ecx, edi call configMachineID62 mov ebx, eax jmp default ; default ; =========================================================================== machineID60: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x3C mov ecx, edi call configMachineID60 mov ebx, eax jmp default ; default ; =========================================================================== machineID61: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x3D mov ecx, edi call configIDgeneric mov ebx, eax jmp default ; default ; =========================================================================== machineID63: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x3F mov ecx, edi call configMachineID63 mov ebx, eax jmp default ; default ; =========================================================================== machineID64: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x40 mov ecx, edi call configMachineID64_79 mov ebx, eax jmp default ; default ; =========================================================================== machineID65: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x41 mov ecx, edi call configMachineID65 mov ebx, eax jmp default ; default ; =========================================================================== machineID66: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x42 mov ecx, edi call configMachineID66 mov ebx, eax jmp default ; default ; =========================================================================== machineID67: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x43 mov ecx, edi call configMachineID67 mov ebx, eax jmp default ; default ; =========================================================================== machineID68: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x44 mov ecx, edi call configMachineID68 mov ebx, eax jmp default ; default ; =========================================================================== machineID69: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x45 mov ecx, edi call configMachineID69 mov ebx, eax jmp default ; default ; =========================================================================== machineID70: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x46 mov ecx, edi call configMachineID70 mov ebx, eax jmp default ; default ; =========================================================================== machineID71: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x47 mov ecx, edi call configMachineID71 mov ebx, eax jmp short default ; default ; =========================================================================== machineID72: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x48 mov ecx, edi call configMachineID72 mov ebx, eax jmp short default ; default ; =========================================================================== machineID73: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x49 mov ecx, edi call configMachineID73 mov ebx, eax jmp short default ; default ; =========================================================================== machineID74: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x4A mov ecx, edi call configMachineID74 mov ebx, eax jmp short default ; default ; =========================================================================== machineID76: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x4C mov ecx, edi call configMachineID76 mov ebx, eax jmp short default ; default ; =========================================================================== machineID77: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x4D mov ecx, edi call configMachineID77 mov ebx, eax jmp short default ; default ; =========================================================================== machineID78: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x4E mov ecx, edi call configMachineID78 mov ebx, eax jmp short default ; default ; =========================================================================== machineID75: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x4B mov ecx, edi call configMachineID75 mov ebx, eax jmp short default ; default ; =========================================================================== machineID79: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x4F mov ecx, edi call configMachineID64_79 mov ebx, eax jmp short default ; default ; =========================================================================== machineID80: ; CODE XREF: configModelFunctionality+32 ; DATA XREF: .text:machineIDSwitchTable push esi ; case 0x50 mov ecx, edi call configMachineID80 mov ebx, eax jmp short default ; default ; =========================================================================== machineID_0: ; CODE XREF: configModelFunctionality+20 push esi mov ecx, edi call configIDgeneric mov [esi+48h], ebx mov ebx, 1 ; set to Type01 default: ; CODE XREF: configModelFunctionality+1A ; configModelFunctionality+2C ... cmp dword ptr [esi+5Ch], 300Bh ; default jnz short exit call callSXBIOS_02_1C02 mov [esi+60h], eax exit: ; CODE XREF: configModelFunctionality+1C7 pop edi pop esi mov eax, ebx pop ebx retn 8 configModelFunctionality endp ; =========================================================================== lea ecx, [ecx+0] ; =========================================================================== machineIDSwitchTable dd offset machineID54, offset machineID55, offset machineID56 ; DATA XREF: configModelFunctionality+32 dd offset machineID57, offset machineID58, offset machineID59 ; jump table for switch statement dd offset machineID60, offset machineID61, offset machineID62 dd offset machineID63, offset machineID64, offset machineID65 dd offset machineID66, offset machineID67, offset machineID68 dd offset machineID69, offset machineID70, offset machineID71 dd offset machineID72, offset machineID73, offset machineID74 dd offset machineID75, offset machineID76, offset machineID77 dd offset machineID78, offset machineID79, offset machineID80 ; =========================================================================== nop nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** initPowerProfile proc near ; CODE XREF: SnyUtils_Init+117 mov eax, hModule push edi xor edi, edi cmp eax, edi jnz zeroBuffers push offset LibFileName ; "powrprof.dll" call ds:LoadLibraryA cmp eax, edi mov hModule, eax jz exitFalse push esi mov esi, ds:GetProcAddress push offset aReadglobalpwrp ; "ReadGlobalPwrPolicy" push eax ; hModule call esi ; GetProcAddress mov ReadGlobalPwrPolicy, eax mov eax, hModule push offset aWriteglobalpwr ; "WriteGlobalPwrPolicy" push eax ; hModule call esi ; GetProcAddress mov ecx, hModule push offset aGetactivepwrsc ; "GetActivePwrScheme" push ecx ; hModule mov WriteGlobalPwrPolicy, eax call esi ; GetProcAddress mov edx, hModule push offset aSetactivepwrsc ; "SetActivePwrScheme" push edx ; hModule mov GetActivePwrScheme, eax call esi ; GetProcAddress mov SetActivePwrScheme, eax mov eax, hModule push offset aEnumpwrschemes ; "EnumPwrSchemes" push eax ; hModule call esi ; GetProcAddress mov ecx, hModule push offset aWritepwrscheme ; "WritePwrScheme" push ecx ; hModule mov EnumPwrSchemes, eax call esi ; GetProcAddress mov edx, hModule push offset aSetsuspendstat ; "SetSuspendState" push edx ; hModule mov WritePwrScheme, eax call esi ; GetProcAddress mov SetSuspendState, eax mov eax, hModule push offset aGetpwrcapabili ; "GetPwrCapabilities" push eax ; hModule call esi ; GetProcAddress cmp ReadGlobalPwrPolicy, edi mov GetPwrCapabilities, eax pop esi jz short resetValues cmp WriteGlobalPwrPolicy, edi jz short resetValues cmp GetActivePwrScheme, edi jz short resetValues cmp SetActivePwrScheme, edi jz short resetValues cmp EnumPwrSchemes, edi jz short resetValues cmp WritePwrScheme, edi jz short resetValues cmp SetSuspendState, edi jz short resetValues cmp eax, edi jnz short zeroBuffers resetValues: ; CODE XREF: initPowerProfile+C5 ; initPowerProfile+CD ... mov ecx, hModule push ecx ; hLibModule call ds:FreeLibrary mov hModule, edi mov ReadGlobalPwrPolicy, edi mov WriteGlobalPwrPolicy, edi mov GetActivePwrScheme, edi mov SetActivePwrScheme, edi mov EnumPwrSchemes, edi mov WritePwrScheme, edi mov SetSuspendState, edi mov GetPwrCapabilities, edi exitFalse: ; CODE XREF: initPowerProfile+22 xor eax, eax pop edi retn ; =========================================================================== zeroBuffers: ; CODE XREF: initPowerProfile+A ; initPowerProfile+F9 xor eax, eax mov ecx, 24h ; '$' ; zero 36 dwords mov edi, offset buffer_36_dwords rep stosd mov ecx, 1F4h ; zero 500 dwords mov edi, offset buffer_500_dwords_A rep stosd mov ecx, 1F4h ; zero 500 dwords mov edi, offset buffer_500_dwords_B push offset CriticalSection ; lpCriticalSection rep stosd call ds:InitializeCriticalSection mov eax, 1 ; exit True pop edi retn initPowerProfile endp ; =========================================================================== nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** unlockCriticalSection proc near ; CODE XREF: unload+F push esi push offset CriticalSection ; lpCriticalSection call ds:DeleteCriticalSection mov eax, hModule xor esi, esi cmp eax, esi jz short loc_204A14 push eax ; hLibModule call ds:FreeLibrary mov hModule, esi mov ReadGlobalPwrPolicy, esi mov WriteGlobalPwrPolicy, esi mov GetActivePwrScheme, esi mov SetActivePwrScheme, esi mov EnumPwrSchemes, esi mov WritePwrScheme, esi mov SetSuspendState, esi mov GetPwrCapabilities, esi loc_204A14: ; CODE XREF: unlockCriticalSection+15 pop esi retn unlockCriticalSection endp ; =========================================================================== nop nop nop nop nop nop nop nop nop nop loc_204A20: ; DATA XREF: SuSetPowerState-3396 ; SuSetPowerState-3287 ... mov eax, [esp+4] cmp eax, [esp+1Ch] jnz short loc_204A5F mov ecx, [esp+0Ch] push esi push edi push ecx push offset buffer_500_dwords_A call wcscpy mov edx, [esp+24h] push edx push offset buffer_500_dwords_B call wcscpy mov esi, [esp+30h] add esp, 10h mov ecx, 24h ; '$' mov edi, offset buffer_36_dwords rep movsd pop edi pop esi loc_204A5F: ; CODE XREF: .text:00204A28 mov al, 1 retn 1Ch ; =========================================================================== nop nop nop nop nop nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** sub_204A70 proc near ; CODE XREF: SuSetPowerState-33A0 ; SuSetPowerState-3291 ... arg_0 = dword ptr 4 mov eax, GetActivePwrScheme test eax, eax jz short loc_204A81 mov ecx, [esp+arg_0] push ecx call eax retn ; =========================================================================== loc_204A81: ; CODE XREF: sub_204A70+7 xor eax, eax retn sub_204A70 endp ; =========================================================================== nop nop nop nop nop nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** sub_204A90 proc near ; CODE XREF: SuSetPowerState-3331 ; SuSetPowerState-3222 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch mov eax, SetActivePwrScheme test eax, eax jz short loc_204AAB mov ecx, [esp+arg_8] mov edx, [esp+arg_4] push ecx mov ecx, [esp+4+arg_0] push edx push ecx call eax retn ; =========================================================================== loc_204AAB: ; CODE XREF: sub_204A90+7 xor eax, eax retn sub_204A90 endp ; =========================================================================== nop nop ; *************** S U B R O U T I N E *************************************** sub_204AB0 proc near ; CODE XREF: SuSetPowerState-3391 ; SuSetPowerState-3282 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, EnumPwrSchemes test eax, eax jz short loc_204AC6 mov ecx, [esp+arg_4] mov edx, [esp+arg_0] push ecx push edx call eax retn ; =========================================================================== loc_204AC6: ; CODE XREF: sub_204AB0+7 xor eax, eax retn sub_204AB0 endp ; =========================================================================== nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** sub_204AD0 proc near ; CODE XREF: SuSetPowerState-3342 ; SuSetPowerState-32C9 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch arg_C = dword ptr 10h mov eax, WritePwrScheme test eax, eax jz short loc_204AF0 mov ecx, [esp+arg_C] mov edx, [esp+arg_8] push ecx mov ecx, [esp+4+arg_4] push edx mov edx, [esp+8+arg_0] push ecx push edx call eax retn ; =========================================================================== loc_204AF0: ; CODE XREF: sub_204AD0+7 xor eax, eax retn sub_204AD0 endp ; =========================================================================== nop nop nop nop nop nop nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** sub_204B00 proc near ; CODE XREF: SuSetPowerState-33DB ; SuSetPowerState-3311 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch mov eax, SetSuspendState test eax, eax jz short loc_204B1B mov ecx, [esp+arg_8] mov edx, [esp+arg_4] push ecx mov ecx, [esp+4+arg_0] push edx push ecx call eax retn ; =========================================================================== loc_204B1B: ; CODE XREF: sub_204B00+7 xor eax, eax retn sub_204B00 endp ; =========================================================================== nop nop ; *************** S U B R O U T I N E *************************************** sub_204B20 proc near ; CODE XREF: SuSetPowerState-33BD ; SuSetPowerState-32AE arg_0 = dword ptr 4 mov eax, GetPwrCapabilities test eax, eax jz short loc_204B31 mov ecx, [esp+arg_0] push ecx call eax retn ; =========================================================================== loc_204B31: ; CODE XREF: sub_204B20+7 xor eax, eax retn sub_204B20 endp ; =========================================================================== nop nop nop nop nop nop nop nop nop nop nop nop ; START OF FUNCTION CHUNK FOR SuSetPowerState loc_204B40: ; CODE XREF: SuSetPowerState+8 mov eax, hModule sub esp, 54h push esi xor esi, esi cmp eax, esi jnz short loc_204B56 xor eax, eax pop esi add esp, 54h retn ; =========================================================================== loc_204B56: ; CODE XREF: SuSetPowerState-3413 push ebx push ebp push edi push offset CriticalSection ; lpCriticalSection mov [esp+68h+var_50], 1 call ds:EnterCriticalSection mov eax, [esp+64h+arg_4] sub eax, 12h jz loc_204CAD sub eax, 2 jz short loc_204B9E dec eax jnz short loc_204B95 push esi push esi push 1 call sub_204B00 add esp, 0Ch test eax, eax jnz loc_204DC1 loc_204B95: ; CODE XREF: SuSetPowerState-33E1 mov [esp+64h+var_50], esi jmp loc_204DC1 ; =========================================================================== loc_204B9E: ; CODE XREF: SuSetPowerState-33E4 lea eax, [esp+64h+var_4C] push eax call sub_204B20 add esp, 4 test eax, eax jz loc_204DC1 mov al, byte ptr [esp+64h+var_4C+3] test al, al jz short loc_204C39 lea ecx, [esp+64h+var_54] push ecx call sub_204A70 mov edx, [esp+68h+var_54] push edx push offset loc_204A20 call sub_204AB0 mov esi, buffer_36_dwords+28h mov edi, buffer_36_dwords+2Ch mov ebx, buffer_36_dwords+54h mov ebp, buffer_36_dwords+58h mov eax, 4 mov buffer_36_dwords+28h, eax mov buffer_36_dwords+2Ch, eax push offset buffer_36_dwords mov eax, 1 push offset buffer_500_dwords_B mov buffer_36_dwords+54h, eax mov buffer_36_dwords+58h, eax lea eax, [esp+78h+var_54] push offset buffer_500_dwords_A push eax call sub_204AD0 mov ecx, [esp+80h+var_54] push offset buffer_36_dwords push 0 push ecx call sub_204A90 add esp, 28h jmp short loc_204C49 ; =========================================================================== loc_204C39: ; CODE XREF: SuSetPowerState-33A7 mov esi, [esp+64h+var_50] mov edi, [esp+64h+var_50] mov ebx, [esp+64h+var_50] mov ebp, [esp+64h+var_50] loc_204C49: ; CODE XREF: SuSetPowerState-3329 push 0 push 0 push 0 call sub_204B00 add esp, 0Ch test eax, eax jz loc_204D6A mov al, byte ptr [esp+64h+var_4C+3] test al, al jz loc_204DC1 push offset buffer_36_dwords push offset buffer_500_dwords_B lea edx, [esp+6Ch+var_54] push offset buffer_500_dwords_A push edx mov buffer_36_dwords+28h, esi mov buffer_36_dwords+2Ch, edi mov buffer_36_dwords+54h, ebx mov buffer_36_dwords+58h, ebp call sub_204AD0 mov eax, [esp+74h+var_54] push offset buffer_36_dwords push 0 push eax jmp loc_204DB9 ; =========================================================================== loc_204CAD: ; CODE XREF: SuSetPowerState-33ED lea ecx, [esp+64h+var_4C] push ecx call sub_204B20 add esp, 4 test eax, eax jz loc_204DC1 mov al, byte ptr [esp+64h+var_4C+3] test al, al jz short loc_204D48 lea edx, [esp+64h+var_54] push edx call sub_204A70 mov eax, [esp+68h+var_54] push eax push offset loc_204A20 call sub_204AB0 mov esi, buffer_36_dwords+28h mov edi, buffer_36_dwords+2Ch mov ebx, buffer_36_dwords+54h mov ebp, buffer_36_dwords+58h push offset buffer_36_dwords mov eax, 2 push offset buffer_500_dwords_B mov buffer_36_dwords+28h, eax mov buffer_36_dwords+2Ch, eax mov eax, 1 lea ecx, [esp+78h+var_54] push offset buffer_500_dwords_A push ecx mov buffer_36_dwords+54h, eax mov buffer_36_dwords+58h, eax call sub_204AD0 mov edx, [esp+80h+var_54] push offset buffer_36_dwords push 0 push edx call sub_204A90 add esp, 28h jmp short loc_204D58 ; =========================================================================== loc_204D48: ; CODE XREF: SuSetPowerState-3298 mov esi, [esp+64h+var_50] mov edi, [esp+64h+var_50] mov ebx, [esp+64h+var_50] mov ebp, [esp+64h+var_50] loc_204D58: ; CODE XREF: SuSetPowerState-321A push 0 push 0 push 0 call sub_204B00 add esp, 0Ch test eax, eax jnz short loc_204D74 loc_204D6A: ; CODE XREF: SuSetPowerState-3307 mov [esp+64h+var_50], 0 jmp short loc_204DC1 ; =========================================================================== loc_204D74: ; CODE XREF: SuSetPowerState-31F8 mov al, byte ptr [esp+64h+var_4C+3] test al, al jz short loc_204DC1 push offset buffer_36_dwords push offset buffer_500_dwords_B lea eax, [esp+6Ch+var_54] push offset buffer_500_dwords_A push eax mov buffer_36_dwords+28h, esi mov buffer_36_dwords+2Ch, edi mov buffer_36_dwords+54h, ebx mov buffer_36_dwords+58h, ebp call sub_204AD0 mov ecx, [esp+74h+var_54] push offset buffer_36_dwords push 0 push ecx loc_204DB9: ; CODE XREF: SuSetPowerState-32B8 call sub_204A90 add esp, 1Ch loc_204DC1: ; CODE XREF: SuSetPowerState-33D1 ; SuSetPowerState-33C7 ... push offset CriticalSection ; lpCriticalSection call ds:LeaveCriticalSection mov eax, [esp+64h+var_50] pop edi pop ebp pop ebx pop esi add esp, 54h retn ; END OF FUNCTION CHUNK FOR SuSetPowerState ; =========================================================================== nop nop nop nop nop nop nop nop ; START OF FUNCTION CHUNK FOR SuSetDefaultPowerState loc_204DE0: ; CODE XREF: SuSetDefaultPowerState+8 push ecx mov eax, hModule test eax, eax jnz short loc_204DEE xor eax, eax pop ecx retn ; =========================================================================== loc_204DEE: ; CODE XREF: SuSetDefaultPowerState-3188 lea eax, [esp+4+var_4] push esi push eax call sub_204A70 add esp, 4 push offset CriticalSection ; lpCriticalSection mov esi, 1 call ds:EnterCriticalSection mov ecx, [esp+8+var_4] push ecx push offset loc_204A20 call sub_204AB0 mov eax, [esp+10h+arg_4] mov ecx, 2 add esp, 8 sub eax, ecx jz short loc_204E66 sub eax, ecx jz short loc_204E55 dec eax jz short loc_204E44 push offset CriticalSection ; lpCriticalSection xor esi, esi call ds:LeaveCriticalSection mov eax, esi pop esi pop ecx retn ; =========================================================================== loc_204E44: ; CODE XREF: SuSetDefaultPowerState-3140 mov eax, 5 mov buffer_36_dwords+28h, eax mov buffer_36_dwords+2Ch, eax jmp short loc_204E72 ; =========================================================================== loc_204E55: ; CODE XREF: SuSetDefaultPowerState-3143 mov eax, 4 mov buffer_36_dwords+28h, eax mov buffer_36_dwords+2Ch, eax jmp short loc_204E72 ; =========================================================================== loc_204E66: ; CODE XREF: SuSetDefaultPowerState-3147 mov buffer_36_dwords+28h, ecx mov buffer_36_dwords+2Ch, ecx loc_204E72: ; CODE XREF: SuSetDefaultPowerState-311D ; SuSetDefaultPowerState-310C push offset buffer_36_dwords push offset buffer_500_dwords_B lea edx, [esp+10h+var_4] push offset buffer_500_dwords_A push edx call sub_204AD0 mov eax, [esp+18h+var_4] push offset buffer_36_dwords push 0 push eax call sub_204A90 add esp, 1Ch push offset CriticalSection ; lpCriticalSection call ds:LeaveCriticalSection mov eax, esi pop esi pop ecx retn ; END OF FUNCTION CHUNK FOR SuSetDefaultPowerState ; =========================================================================== nop ; *************** S U B R O U T I N E *************************************** deviceOpenByGUID proc near ; CODE XREF: callSN00+D sub_208850+9 ; DATA XREF: ... ClassGuid = dword ptr -10h var_C = word ptr -0Ch var_A = word ptr -0Ah var_8 = byte ptr -8 var_7 = byte ptr -7 var_6 = byte ptr -6 var_5 = byte ptr -5 var_4 = byte ptr -4 var_3 = byte ptr -3 var_2 = byte ptr -2 var_1 = byte ptr -1 Last_Error = byte ptr 4 sub esp, 10h push esi mov esi, dword ptr [esp+14h+Last_Error] mov eax, [esi+4] test eax, eax jz short loc_204ECB mov eax, 1 pop esi add esp, 10h retn 4 ; =========================================================================== loc_204ECB: ; CODE XREF: deviceOpenByGUID+D lea eax, [esp+14h+Last_Error] push eax ; Last_Error lea ecx, [esp+18h+ClassGuid] push 0 ; MemberIndex push ecx ; ClassGuid mov [esp+20h+ClassGuid], 0F304EB09h mov [esp+20h+var_C], 5C5Fh mov [esp+20h+var_A], 11D2h mov [esp+20h+var_8], 0B5h ; '' mov [esp+20h+var_7], 3Fh ; '?' mov [esp+20h+var_6], 8 mov [esp+20h+var_5], 0 mov [esp+20h+var_4], 46h ; 'F' mov [esp+20h+var_3], 1 mov [esp+20h+var_2], 98h ; '' mov [esp+20h+var_1], 0ACh ; '' call SNC_Device_Open xor edx, edx add esp, 0Ch test eax, eax setnz dl mov [esi+4], eax pop esi mov eax, edx add esp, 10h retn 4 deviceOpenByGUID endp ; *************** S U B R O U T I N E *************************************** ; int __stdcall terminateThreadCloseHandles(DWORD BytesReturned,int) terminateThreadCloseHandles proc near ; CODE XREF: sub_2088F0+D5 ; sub_2088F0+EA ; DATA XREF: ... InBuffer = dword ptr -4 BytesReturned = byte ptr 4 arg_4 = dword ptr 8 push ecx push ebx mov ebx, ds:CloseHandle push esi mov esi, dword ptr [esp+0Ch+BytesReturned] mov eax, [esi+28h] push edi xor edi, edi cmp eax, edi jz short isOffset10_zero mov eax, [esi+14h] push eax ; hEvent call ds:SetEvent mov eax, [esi+28h] cmp eax, edi jz short closeHandle push 1F4h ; dwMilliseconds push eax ; hHandle call ds:WaitForSingleObject cmp eax, 102h jnz short closeHandle mov ecx, [esi+28h] push 0FFFFFFFFh ; dwExitCode push ecx ; hThread call ds:TerminateThread closeHandle: ; CODE XREF: terminateThreadCloseHandles+26 ; terminateThreadCloseHandles+39 mov edx, [esi+28h] push edx ; hObject call ebx ; CloseHandle mov [esi+28h], edi isOffset10_zero: ; CODE XREF: terminateThreadCloseHandles+15 cmp [esi+10h], edi jz short isOffset14_zero cmp [esi+0Ch], edi mov dword ptr [esp+10h+BytesReturned], edi jz short close_hObject push esi call createRegisterWindowMsg mov edx, [esi+4] add esp, 4 push edi ; lpOverlapped mov [esp+14h+InBuffer], eax lea eax, [esp+14h+BytesReturned] push eax ; lpBytesReturned push edi ; nOutBufferSize push edi ; lpOutBuffer push 4 ; nInBufferSize lea ecx, [esp+24h+InBuffer] push ecx ; lpInBuffer push 222014h ; dwIoControlCode push edx ; hDevice call ds:DeviceIoControl test eax, eax jnz short close_hObject mov dword ptr [esi+2Ch], 2 close_hObject: ; CODE XREF: terminateThreadCloseHandles+5C ; terminateThreadCloseHandles+8B mov eax, [esi+10h] push eax ; hObject call ebx ; CloseHandle mov [esi+10h], edi isOffset14_zero: ; CODE XREF: terminateThreadCloseHandles+53 mov eax, [esi+14h] cmp eax, edi jz short isOffset04_zero push eax ; hObject call ebx ; CloseHandle mov [esi+14h], edi isOffset04_zero: ; CODE XREF: terminateThreadCloseHandles+A2 mov eax, [esi+4] cmp eax, edi jz short exit cmp [esp+10h+arg_4], edi jz short exit push eax ; hObject call ebx ; CloseHandle mov [esi+4], edi exit: ; CODE XREF: terminateThreadCloseHandles+AF ; terminateThreadCloseHandles+B5 mov [esi+2Ch], edi pop edi pop esi mov eax, 1 pop ebx pop ecx retn 8 terminateThreadCloseHandles endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** createSonyAsyncEvent proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 BytesReturned = dword ptr -110h InBuffer = dword ptr -10Ch var_108 = dword ptr -108h Name = dword ptr -104h arg_0 = dword ptr 4 sub esp, 110h push esi mov esi, [esp+114h+arg_0] mov eax, [esi+10h] test eax, eax jnz short loc_205093 mov eax, [esi+0Ch] test eax, eax jz short loc_205093 push esi mov [esp+118h+BytesReturned], 0 call createRegisterWindowMsg mov [esp+118h+InBuffer], eax mov eax, [esi+0Ch] push eax lea ecx, [esp+11Ch+Name] push offset aSonyasyncevent ; "SonyAsyncEvent%X" push ecx ; LPSTR call ds:wsprintfA add esp, 10h lea edx, [esp+114h+Name] push edx ; lpName push 0 ; bInitialState push 0 ; bManualReset push 0 ; lpEventAttributes call ds:CreateEventA mov edx, [esi+4] push 0 ; lpOverlapped mov [esi+10h], eax mov [esp+118h+var_108], eax lea eax, [esp+118h+BytesReturned] push eax ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 8 ; nInBufferSize lea ecx, [esp+128h+InBuffer] push ecx ; lpInBuffer push 222004h ; dwIoControlCode push edx ; hDevice call ds:DeviceIoControl test eax, eax jnz short loc_205093 mov dword ptr [esi+2Ch], 2 pop esi add esp, 110h retn 4 ; =========================================================================== loc_205093: ; CODE XREF: createSonyAsyncEvent+13 ; createSonyAsyncEvent+1A ... mov eax, 1 pop esi add esp, 110h retn 4 createSonyAsyncEvent endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall deviceIOctrl222000(int,int InBuffer,LPVOID lpOutBuffer,int) deviceIOctrl222000 proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 BytesReturned = dword ptr -4 arg_0 = dword ptr 4 InBuffer = dword ptr 8 lpOutBuffer = byte ptr 0Ch push ecx mov ecx, dword ptr [esp+4+lpOutBuffer] push 0 ; lpOverlapped lea eax, [esp+8+BytesReturned] push eax ; lpBytesReturned mov eax, [esp+0Ch+arg_0] push 4 ; nOutBufferSize push ecx ; lpOutBuffer mov ecx, [eax+4] push 4 ; nInBufferSize lea edx, [esp+18h+InBuffer] push edx ; lpInBuffer push 222000h ; dwIoControlCode push ecx ; hDevice mov [esp+24h+BytesReturned], 0 call ds:DeviceIoControl pop ecx retn 10h deviceIOctrl222000 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** iterateSNCdeviceCalls proc near ; CODE XREF: sub_209350+20 ; DATA XREF: .rdata:functionJumpTable1 flagsTableEntry = byte ptr 8 push esi mov esi, dword ptr [esp+flagsTableEntry] mov eax, [esi+10h] ; index into flagsTable test eax, eax push edi mov edi, ecx jz short exitFailed mov eax, [esi+28h] ; index into flagsTable test eax, eax jz short exitFailed push ebx mov ebx, [esi+1Ch] ; index into flagsTable test bl, 2 jz short testBit2 mov eax, [edi] push esi call dword ptr [eax+10h] ; suTypesA0baseCalls testBit2: ; CODE XREF: iterateSNCdeviceCalls+1D test bl, 4 pop ebx jz short exit mov edx, [edi] push esi mov ecx, edi call dword ptr [edx+14h] ; call_iterate_B7toBF exit: ; CODE XREF: iterateSNCdeviceCalls+29 pop edi mov eax, 1 pop esi retn 4 ; =========================================================================== exitFailed: ; CODE XREF: iterateSNCdeviceCalls+D ; iterateSNCdeviceCalls+14 pop edi xor eax, eax pop esi retn 4 iterateSNCdeviceCalls endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** callSNCmethod proc near ; CODE XREF: callSNCmethodByModelType+455 ; doSNCmethodCall_byModelCaps+5A ; DATA XREF: ... var_174 = dword ptr -174h var_16C = dword ptr -16Ch var_168 = dword ptr -168h var_160 = dword ptr -160h var_15C = dword ptr -15Ch var_154 = dword ptr -154h var_150 = dword ptr -150h var_148 = dword ptr -148h var_144 = dword ptr -144h var_13C = dword ptr -13Ch var_138 = dword ptr -138h var_130 = dword ptr -130h var_12C = dword ptr -12Ch var_124 = dword ptr -124h var_120 = dword ptr -120h var_118 = dword ptr -118h var_114 = dword ptr -114h var_10C = dword ptr -10Ch var_108 = dword ptr -108h var_100 = dword ptr -100h var_FC = dword ptr -0FCh var_F4 = dword ptr -0F4h var_F0 = dword ptr -0F0h var_E8 = dword ptr -0E8h var_E4 = dword ptr -0E4h var_DC = dword ptr -0DCh var_D8 = dword ptr -0D8h var_D0 = dword ptr -0D0h var_CC = dword ptr -0CCh var_C4 = dword ptr -0C4h var_C0 = dword ptr -0C0h var_B8 = dword ptr -0B8h var_B4 = dword ptr -0B4h var_AC = dword ptr -0ACh var_A4 = dword ptr -0A4h var_A0 = dword ptr -0A0h var_9C = dword ptr -9Ch var_98 = dword ptr -98h var_94 = dword ptr -94h var_90 = dword ptr -90h var_8C = dword ptr -8Ch var_88 = dword ptr -88h var_84 = dword ptr -84h var_80 = dword ptr -80h var_78 = dword ptr -78h var_74 = dword ptr -74h var_70 = dword ptr -70h var_6C = dword ptr -6Ch var_68 = dword ptr -68h var_60 = dword ptr -60h var_5C = dword ptr -5Ch var_54 = dword ptr -54h var_50 = dword ptr -50h var_48 = dword ptr -48h var_44 = dword ptr -44h var_3C = dword ptr -3Ch var_38 = dword ptr -38h var_30 = dword ptr -30h var_2C = dword ptr -2Ch var_28 = dword ptr -28h var_24 = dword ptr -24h var_20 = dword ptr -20h var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 SNCmethod_Arg0 = dword ptr 4 methodNum = dword ptr 8 OutBuffer = byte ptr 0Ch mov eax, [esp+methodNum] dec eax cmp eax, 77h ; 'w' ja methodInvalid movzx eax, ds:snc_method_index[eax] jmp ds:SNC_Method_JumpTable[eax*4] ; =========================================================================== method0E: ; DATA XREF: .text:SNC_Method_JumpTable mov ecx, dword ptr [esp+OutBuffer] push ecx call sub_2022C0 add esp, 4 retn 0Ch ; =========================================================================== method0F: ; DATA XREF: .text:SNC_Method_JumpTable mov edx, dword ptr [esp+OutBuffer] push edx call sub_202320 add esp, 4 retn 0Ch ; =========================================================================== method2F: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, dword ptr [esp+OutBuffer] push eax call sub_202380 add esp, 4 retn 0Ch ; =========================================================================== method30: ; DATA XREF: .text:SNC_Method_JumpTable mov ecx, dword ptr [esp+OutBuffer] push ecx call sub_2023D0 add esp, 4 retn 0Ch ; =========================================================================== method06: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, dword ptr [esp+OutBuffer] mov edx, [ecx] push eax mov eax, [esp+4+SNCmethod_Arg0] push eax call dword ptr [edx+74h] retn 0Ch ; =========================================================================== method07: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+8+SNCmethod_Arg0] mov edx, [ecx] push eax mov eax, [esp+0Ch+var_4] push eax call dword ptr [edx+78h] retn 0Ch ; =========================================================================== method2C_GBTS: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+10h+var_4] mov edx, [ecx] push 53544247h push eax mov eax, [esp+18h+var_C] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method08: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+1Ch+var_10] mov edx, [ecx] push eax mov eax, [esp+20h+var_18] push eax call dword ptr [edx+80h] retn 0Ch ; =========================================================================== method09: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+24h+var_18] mov edx, [ecx] push eax mov eax, [esp+28h+var_20] push eax call dword ptr [edx+7Ch] retn 0Ch ; =========================================================================== method0A: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+2Ch+var_20] mov edx, [ecx] push eax mov eax, [esp+30h+var_28] push eax call dword ptr [edx+88h] retn 0Ch ; =========================================================================== method0B: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+34h+var_28] mov edx, [ecx] push eax mov eax, [esp+38h+var_30] push eax call dword ptr [edx+84h] retn 0Ch ; =========================================================================== method25_WCU7: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+3Ch+var_30] mov edx, [ecx] push 37554357h push eax mov eax, [esp+44h+var_38] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method26_WCU8: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+48h+var_3C] mov edx, [ecx] push 38554357h push eax mov eax, [esp+50h+var_44] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method11_WCU5: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+54h+var_48] mov edx, [ecx] push 35554357h push eax mov eax, [esp+5Ch+var_50] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method12_WCU6: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+60h+var_54] mov edx, [ecx] push 36554357h push eax mov eax, [esp+68h+var_5C] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method15_WCU2: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+6Ch+var_60] mov edx, [ecx] push 32554357h push eax mov eax, [esp+74h+var_68] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method16_WCU1: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+78h+var_6C] mov edx, [ecx] push 31554357h push eax mov eax, [esp+80h+var_74] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method13_WCU3: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+84h+var_78] mov edx, [ecx] push 33554357h push eax mov eax, [esp+8Ch+var_80] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method14_WCU4: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+90h+var_84] mov edx, [ecx] push 34554357h push eax mov eax, [esp+98h+var_8C] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method1B_GSNE: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+9Ch+var_98] push esi mov esi, [esp+0A0h+var_90] push 454E5347h push esi mov dword ptr [esi], 0 mov edx, [ecx] push eax call dword ptr [edx+28h] movzx ecx, byte ptr [esi] and ecx, 1 shl ecx, 1 mov [esi], ecx pop esi retn 0Ch ; =========================================================================== method1C_SSNE: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0A8h+var_9C] mov dl, [eax] not dl movzx edx, dl and edx, 2 shl edx, 17h or edx, 1 mov [eax], edx mov edx, [ecx] mov [esp+0A8h+var_9C], 454E5353h mov [esp+0A8h+var_A0], eax jmp dword ptr [edx+28h] ; =========================================================================== method00_GBRT: ; CODE XREF: callSNCmethod+15 ; DATA XREF: .text:SNC_Method_JumpTable mov eax, dword ptr [esp+OutBuffer] mov edx, [ecx] push 54524247h push eax mov eax, [esp+8+SNCmethod_Arg0] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method01_SBRT: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0Ch] mov edx, [ecx] push 54524253h push eax mov eax, [esp+14h+var_8] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method02_SPBR: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+18h+var_C] mov edx, [ecx] push 52425053h push eax mov eax, [esp+20h+var_14] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method03_GCTR: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+24h+var_18] mov edx, [ecx] push 52544347h push eax mov eax, [esp+2Ch+var_20] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method04_SCTR: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+30h+var_24] mov edx, [ecx] push 52544353h push eax mov eax, [esp+38h+var_2C] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method05_SPCR: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+3Ch+var_30] mov edx, [ecx] push 52435053h push eax mov eax, [esp+44h+var_38] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method0C_GPBR: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+48h+var_3C] mov edx, [ecx] push 52425047h push eax mov eax, [esp+50h+var_44] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method0D_GPCR: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+54h+var_48] mov edx, [ecx] push 52435047h push eax mov eax, [esp+5Ch+var_50] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method10_CMGB: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+60h+var_54] mov edx, [ecx] push 42474D43h push eax mov eax, [esp+68h+var_5C] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method17: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+6Ch+var_60] mov edx, [ecx] push eax mov eax, [esp+70h+var_68] push eax call dword ptr [edx+68h] retn 0Ch ; =========================================================================== method18: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+74h+var_68] mov edx, [ecx] push eax mov eax, [esp+78h+var_70] push eax call dword ptr [edx+64h] retn 0Ch ; =========================================================================== method19: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+7Ch+var_70] mov edx, [ecx] push eax mov eax, [esp+80h+var_78] push eax call dword ptr [edx+5Ch] retn 0Ch ; =========================================================================== method1A: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+84h+var_78] mov edx, [ecx] push eax mov eax, [esp+88h+var_80] push eax call dword ptr [edx+60h] retn 0Ch ; =========================================================================== method1D_NPPC: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+8Ch+var_80] mov edx, [ecx] push 4350504Eh push eax mov eax, [esp+94h+var_88] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method1E_GAMS: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+98h+var_8C] mov edx, [ecx] push 534D4147h push eax mov eax, [esp+0A0h+var_94] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method1F_SAMS: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0A4h+var_98] mov edx, [ecx] push 534D4153h push eax mov eax, [esp+0ACh+var_A0] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method20: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0B0h+var_A4] mov edx, [ecx] push eax mov eax, [esp+0B4h+var_AC] push eax call dword ptr [edx+8Ch] retn 0Ch ; =========================================================================== method21_RCMD: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0B8h+var_AC] mov edx, [ecx] push 444D4352h push eax mov eax, [esp+0C0h+var_B4] push eax call dword ptr [edx+30h] retn 0Ch ; =========================================================================== method22_SS2R: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0C4h+var_B8] mov edx, [ecx] push 52325353h push eax mov eax, [esp+0CCh+var_C0] push eax call dword ptr [edx+2Ch] retn 0Ch ; =========================================================================== method23_GTPS: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0D0h+var_C4] mov edx, [ecx] push 53505447h push eax mov eax, [esp+0D8h+var_CC] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method24_STPS: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0DCh+var_D0] mov edx, [ecx] push 53505453h push eax mov eax, [esp+0E4h+var_D8] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method27_RSBI: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0E8h+var_DC] mov edx, [ecx] push 49425352h push eax mov eax, [esp+0F0h+var_E4] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method28_RBMF: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+0F4h+var_E8] mov edx, [ecx] push 464D4252h push eax mov eax, [esp+0FCh+var_F0] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method29_CBMF: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+100h+var_F4] mov edx, [ecx] push 464D4243h push eax mov eax, [esp+108h+var_FC] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method2A_SGCV: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+10Ch+var_100] mov edx, [ecx] push 56434753h push eax mov eax, [esp+114h+var_108] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method2B_GGCV: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+118h+var_10C] mov edx, [ecx] push 56434747h push eax mov eax, [esp+120h+var_114] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method2D_SLRS: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+124h+var_118] mov edx, [ecx] push 53524C53h push eax mov eax, [esp+12Ch+var_120] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method2E_SUEE: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+130h+var_124] mov edx, [ecx] push 45455553h push eax mov eax, [esp+138h+var_12C] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method31_GAZP: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+13Ch+var_130] mov edx, [ecx] push 505A4147h push eax mov eax, [esp+144h+var_138] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method32_AZPW: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+148h+var_13C] mov edx, [ecx] push 57505A41h push eax mov eax, [esp+150h+var_144] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method33_GLNP: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+154h+var_148] mov edx, [ecx] push 504E4C47h push eax mov eax, [esp+15Ch+var_150] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method34_LNPW: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+160h+var_154] mov edx, [ecx] push 57504E4Ch push eax mov eax, [esp+168h+var_15C] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== method35_GCAM: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+16Ch+var_160] mov edx, [ecx] push 4D414347h push eax mov eax, [esp+174h+var_168] push eax call dword ptr [edx+24h] retn 0Ch ; =========================================================================== method36_SCAM: ; DATA XREF: .text:SNC_Method_JumpTable mov eax, [esp+178h+var_16C] mov edx, [ecx] push 4D414353h push eax mov eax, [esp+180h+var_174] push eax call dword ptr [edx+28h] retn 0Ch ; =========================================================================== methodInvalid: ; CODE XREF: callSNCmethod+8 ; DATA XREF: .text:SNC_Method_JumpTable mov ecx, [esp+SNCmethod_Arg0] mov dword ptr [ecx+2Ch], 6 xor eax, eax retn 0Ch callSNCmethod endp ; =========================================================================== SNC_Method_JumpTable dd offset method00_GBRT, offset method01_SBRT, offset method02_SPBR ; DATA XREF: callSNCmethod+15 dd offset method03_GCTR, offset method04_SCTR, offset method05_SPCR dd offset method06, offset method07, offset method08, offset method09 dd offset method0A, offset method0B, offset method0C_GPBR dd offset method0D_GPCR, offset method0E, offset method0F dd offset method10_CMGB, offset method11_WCU5, offset method12_WCU6 dd offset method13_WCU3, offset method14_WCU4, offset method15_WCU2 dd offset method16_WCU1, offset method17, offset method18 dd offset method19, offset method1A, offset method1B_GSNE dd offset method1C_SSNE, offset method1D_NPPC, offset method1E_GAMS dd offset method1F_SAMS, offset method20, offset method21_RCMD dd offset method22_SS2R, offset method23_GTPS, offset method24_STPS dd offset method25_WCU7, offset method26_WCU8, offset method27_RSBI dd offset method28_RBMF, offset method29_CBMF, offset method2A_SGCV dd offset method2B_GGCV, offset method2C_GBTS, offset method2D_SLRS dd offset method2E_SUEE, offset method2F, offset method30 dd offset method31_GAZP, offset method32_AZPW, offset method33_GLNP dd offset method34_LNPW, offset method35_GCAM, offset method36_SCAM dd offset methodInvalid snc_method_index db 0 ; DATA XREF: callSNCmethod+E ; 0 db 1 ; 1 ; =========================================================================== add al, [ebx] ; 2 ; =========================================================================== dd 37370504h, 37070637h, 37373737h, 0A370908h, 3737370Bh dd 0C373737h, 370F0E0Dh, 37373710h, 12113737h, 37141337h dd 37373737h, 37161537h, 37191817h, 3737371Ah, 1C1B3737h dd 1D373737h, 1E373737h, 3737201Fh, 22213737h, 25372423h dd 37373726h, 29282737h, 2B2A3737h, 37373737h, 2F2E2D2Ch dd 37373730h, 37373737h, 32313737h, 36353433h ; *************** S U B R O U T I N E *************************************** deviceIOctrl222018_SNC_Getter proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... BytesReturned = dword ptr -4 arg_0 = dword ptr 4 lpOutBuffer = dword ptr 8 InBuffer = byte ptr 0Ch push ecx mov ecx, [esp+4+lpOutBuffer] push esi mov esi, [esp+8+arg_0] push 0 ; lpOverlapped lea eax, [esp+0Ch+BytesReturned] push eax ; lpBytesReturned mov eax, [esi+4] push 4 ; nOutBufferSize push ecx ; lpOutBuffer push 4 ; nInBufferSize lea edx, [esp+1Ch+InBuffer] push edx ; lpInBuffer push 222018h ; dwIoControlCode push eax ; hDevice mov [esp+28h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_2057D2 mov dword ptr [esi+2Ch], 2 pop esi pop ecx retn 0Ch ; =========================================================================== loc_2057D2: ; CODE XREF: deviceIOctrl222018_SNC_Getter+34 mov dword ptr [esi+2Ch], 0 mov eax, 1 pop esi pop ecx retn 0Ch deviceIOctrl222018_SNC_Getter endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** deviceIOctrl22201C_SNC_Setter proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... BytesReturned = dword ptr -14h InBuffer = dword ptr -10h var_C = dword ptr -0Ch OutBuffer = dword ptr -8 var_4 = dword ptr -4 deviceStruct = dword ptr 4 resultBuffer = dword ptr 8 methodName = byte ptr 0Ch sub esp, 14h mov eax, dword ptr [esp+14h+methodName] push esi mov esi, [esp+18h+deviceStruct] push edi mov edi, [esp+1Ch+resultBuffer] mov ecx, [edi] push 0 ; lpOverlapped lea edx, [esp+20h+BytesReturned] push edx ; lpBytesReturned mov edx, [esi+4] ; deviceStruct.hDevice push 8 ; nOutBufferSize mov [esp+28h+InBuffer], eax lea eax, [esp+28h+OutBuffer] push eax ; lpOutBuffer push 8 ; nInBufferSize mov [esp+30h+var_C], ecx ; subFunction Num lea ecx, [esp+30h+InBuffer] push ecx ; lpInBuffer push 22201Ch ; dwIoControlCode push edx ; hDevice mov [esp+3Ch+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short exitTrue pop edi mov dword ptr [esi+2Ch], 2 pop esi add esp, 14h retn 0Ch ; =========================================================================== exitTrue: ; CODE XREF: deviceIOctrl22201C_SNC_Setter+49 mov eax, [esp+1Ch+var_4] mov [edi], eax ; resultBuffer pop edi mov dword ptr [esi+2Ch], 0 ; deviceStruct.02C mov eax, 1 pop esi add esp, 14h retn 0Ch deviceIOctrl22201C_SNC_Setter endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame deviceIOctrl222028_a proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... BytesReturned = dword ptr -834h InBuffer = dword ptr -830h var_82C = dword ptr -82Ch var_828 = dword ptr -828h var_824 = word ptr -824h OutBuffer = dword ptr -418h var_414 = byte ptr -414h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 838h push esi push edi mov esi, [ebp+arg_0] xor eax, eax mov ecx, 105h lea edi, [esp+840h+InBuffer] rep stosd mov ecx, 105h lea edi, [esp+840h+OutBuffer] rep stosd mov edi, [ebp+arg_4] mov eax, [ebp+arg_8] push 0 ; lpOverlapped mov ecx, edi mov edx, [ecx] mov [esp+844h+var_82C], edx mov [esp+844h+InBuffer], eax mov eax, [ecx+4] mov cx, [ecx+8] lea edx, [esp+844h+BytesReturned] push edx ; lpBytesReturned mov edx, [esi+4] push 414h ; nOutBufferSize mov [esp+84Ch+var_828], eax lea eax, [esp+84Ch+OutBuffer] push eax ; lpOutBuffer push 414h ; nInBufferSize mov [esp+854h+var_824], cx lea ecx, [esp+854h+InBuffer] push ecx ; lpInBuffer push 222028h ; dwIoControlCode push edx ; hDevice mov [esp+860h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_205906 mov dword ptr [esi+2Ch], 2 pop edi pop esi mov esp, ebp pop ebp retn 0Ch ; =========================================================================== loc_205906: ; CODE XREF: deviceIOctrl222028_a+85 movzx eax, [esp+840h+var_414] mov [edi], eax pop edi mov dword ptr [esi+2Ch], 0 mov eax, 1 pop esi mov esp, ebp pop ebp retn 0Ch deviceIOctrl222028_a endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame deviceIOctrl222028 proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... BytesReturned = dword ptr -834h InBuffer = dword ptr -830h var_82C = dword ptr -82Ch OutBuffer = dword ptr -418h var_414 = dword ptr -414h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 834h push ebx push esi mov esi, [ebp+arg_4] push edi mov ebx, [ebp+arg_0] xor eax, eax mov ecx, 105h lea edi, [esp+840h+InBuffer] rep stosd mov ecx, 105h lea edi, [esp+840h+OutBuffer] rep stosd mov eax, [ebp+arg_8] push 0 ; lpOverlapped mov [esp+844h+InBuffer], eax mov ecx, 100h lea edi, [esp+844h+var_82C] rep movsd lea ecx, [esp+844h+BytesReturned] push ecx ; lpBytesReturned mov ecx, [ebx+4] push 414h ; nOutBufferSize lea edx, [esp+84Ch+OutBuffer] push edx ; lpOutBuffer push 414h ; nInBufferSize lea eax, [esp+854h+InBuffer] push eax ; lpInBuffer push 222028h ; dwIoControlCode push ecx ; hDevice mov [esp+860h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_2059BB mov dword ptr [ebx+2Ch], 2 pop edi pop esi pop ebx mov esp, ebp pop ebp retn 0Ch ; =========================================================================== loc_2059BB: ; CODE XREF: deviceIOctrl222028+79 mov edi, [ebp+arg_4] mov ecx, 104h lea esi, [esp+840h+var_414] rep movsd pop edi pop esi mov dword ptr [ebx+2Ch], 0 mov eax, 1 pop ebx mov esp, ebp pop ebp retn 0Ch deviceIOctrl222028 endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall deviceIOctrl22200C(int,int InBuffer,int) deviceIOctrl22200C proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 BytesReturned = dword ptr -4 arg_0 = dword ptr 4 InBuffer = byte ptr 8 push ecx push esi mov esi, [esp+8+arg_0] mov edx, [esi+4] push 0 ; lpOverlapped lea eax, [esp+0Ch+BytesReturned] push eax ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 4 ; nInBufferSize lea ecx, [esp+1Ch+InBuffer] push ecx ; lpInBuffer push 22200Ch ; dwIoControlCode push edx ; hDevice mov [esp+28h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_205A2F mov dword ptr [esi+2Ch], 2 pop esi pop ecx retn 0Ch ; =========================================================================== loc_205A2F: ; CODE XREF: deviceIOctrl22200C+31 mov dword ptr [esi+2Ch], 0 mov eax, 1 pop esi pop ecx retn 0Ch deviceIOctrl22200C endp ; *************** S U B R O U T I N E *************************************** ; int __stdcall deviceIOctrl222024(int,int InBuffer) deviceIOctrl222024 proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... BytesReturned = dword ptr -4 arg_0 = dword ptr 4 InBuffer = byte ptr 8 push ecx push esi mov esi, [esp+8+arg_0] mov edx, [esi+4] push 0 ; lpOverlapped lea eax, [esp+0Ch+BytesReturned] push eax ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 4 ; nInBufferSize lea ecx, [esp+1Ch+InBuffer] push ecx ; lpInBuffer push 222024h ; dwIoControlCode push edx ; hDevice mov [esp+28h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_205A7F mov dword ptr [esi+2Ch], 2 pop esi pop ecx retn 8 ; =========================================================================== loc_205A7F: ; CODE XREF: deviceIOctrl222024+31 mov dword ptr [esi+2Ch], 0 mov eax, 1 pop esi pop ecx retn 8 deviceIOctrl222024 endp ; *************** S U B R O U T I N E *************************************** ; int __stdcall deviceIOctrl222020(int,int InBuffer) deviceIOctrl222020 proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... BytesReturned = dword ptr -4 arg_0 = dword ptr 4 InBuffer = byte ptr 8 push ecx push esi mov esi, [esp+8+arg_0] mov edx, [esi+4] push 0 ; lpOverlapped lea eax, [esp+0Ch+BytesReturned] push eax ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 4 ; nInBufferSize lea ecx, [esp+1Ch+InBuffer] push ecx ; lpInBuffer push 222020h ; dwIoControlCode push edx ; hDevice mov [esp+28h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_205ACF mov dword ptr [esi+2Ch], 2 pop esi pop ecx retn 8 ; =========================================================================== loc_205ACF: ; CODE XREF: deviceIOctrl222020+31 mov dword ptr [esi+2Ch], 0 mov eax, 1 pop esi pop ecx retn 8 deviceIOctrl222020 endp ; *************** S U B R O U T I N E *************************************** method_GCDP proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, [esp+arg_4] push 50444347h mov dword ptr [eax], 0 mov edx, [ecx] push eax mov eax, [esp+8+arg_0] push eax call dword ptr [edx+24h] retn 8 method_GCDP endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** setCDPW proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... var_C = dword ptr -0Ch var_4 = dword ptr -4 arg_0 = dword ptr 4 push ecx push esi mov esi, ecx mov eax, [esi] push edi mov edi, [esp+0Ch+arg_0] lea ecx, [esp+0Ch+var_4] push ecx push edi mov ecx, esi mov [esp+14h+var_4], 0 call dword ptr [eax+64h] test eax, eax jnz short loc_205B28 pop edi pop esi pop ecx retn 8 ; =========================================================================== loc_205B28: ; CODE XREF: setCDPW+20 mov eax, [esp+14h] mov edx, [eax] xor edx, [esp+0Ch+var_4] test dl, 1 jnz short method_CDPW pop edi mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== method_CDPW: ; CODE XREF: setCDPW+35 mov edx, [esi] push 57504443h push eax push edi mov ecx, esi call dword ptr [edx+28h] pop edi pop esi pop ecx retn 8 setCDPW endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** method_GCMI proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 494D4347h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+28h] retn 8 method_GCMI endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SCMI proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 494D4353h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+28h] retn 8 method_SCMI endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_GMGB proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 42474D47h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+24h] retn 8 method_GMGB endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SMGB proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 42474D53h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+28h] retn 8 method_SMGB endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_GLBH proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 48424C47h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+24h] retn 8 method_GLBH endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SLBH proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, [esp+arg_4] push esi mov esi, [eax] xor edx, edx test esi, esi setz dl push 48424C53h push eax mov [eax], edx mov eax, [esp+0Ch+arg_0] mov edx, [ecx] push eax call dword ptr [edx+28h] pop esi retn 8 method_SLBH endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** method_GTCS proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable3 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_0] mov eax, [ecx] push esi mov esi, [esp+4+arg_4] push 53435447h push esi push edx call dword ptr [eax+24h] mov edx, [esi] xor ecx, ecx cmp edx, 1 setnz cl mov [esi], ecx pop esi retn 8 method_GTCS endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** method_SCTS proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable3 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, [esp+arg_4] push esi mov esi, [eax] xor edx, edx cmp esi, 1 setnz dl push 53435453h push eax mov [eax], edx mov eax, [esp+0Ch+arg_0] mov edx, [ecx] push eax call dword ptr [edx+28h] pop esi retn 8 method_SCTS endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** getWirelessDevicePowerStatus proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... var_C = dword ptr -0Ch var_4 = dword ptr -4 arg_0 = dword ptr 4 push ecx mov eax, [ecx] push esi lea edx, [esp+8+var_4] push edx mov edx, [esp+0Ch+arg_0] xor esi, esi push edx mov [esp+10h+var_4], esi call dword ptr [eax+60h] ; method_GWDP ? test eax, eax jz short failed cmp [esp+8+var_4], esi jz short exit mov eax, [esp+10h] ; variable in caller's stack mov dword ptr [eax], 1 ; set result flag exit: ; CODE XREF: getWirelessDevicePowerStatus+1F mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== failed: ; CODE XREF: getWirelessDevicePowerStatus+19 mov eax, esi pop esi pop ecx retn 8 getWirelessDevicePowerStatus endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** method_GWDP proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push esi push 50445747h push edx mov edx, [esp+0Ch+arg_0] push edx xor esi, esi call dword ptr [eax+24h] ; SNC Getter test eax, eax mov eax, 1 jnz short exit mov eax, esi ; return 0 exit: ; CODE XREF: method_GWDP+1E pop esi retn 8 method_GWDP endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall deviceIOctrl222008(DWORD BytesReturned,int) deviceIOctrl222008 proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 InBuffer = dword ptr -8 var_4 = dword ptr -4 BytesReturned = byte ptr 4 arg_4 = dword ptr 8 sub esp, 8 push esi mov esi, dword ptr [esp+0Ch+BytesReturned] mov eax, [esi+0Ch] test eax, eax jz short exit push esi mov dword ptr [esp+10h+BytesReturned], 0 call createRegisterWindowMsg add esp, 4 push 0 ; lpOverlapped lea ecx, [esp+10h+BytesReturned] push ecx ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 8 ; nInBufferSize mov [esp+20h+InBuffer], eax mov eax, [esp+20h+arg_4] lea edx, [esp+20h+InBuffer] push edx ; lpInBuffer mov [esp+24h+var_4], eax mov eax, [esi+4] push 222008h ; dwIoControlCode push eax ; hDevice call ds:DeviceIoControl test eax, eax jnz short success mov dword ptr [esi+2Ch], 2 pop esi add esp, 8 retn 8 ; =========================================================================== success: ; CODE XREF: deviceIOctrl222008+4F mov dword ptr [esi+2Ch], 0 exit: ; CODE XREF: deviceIOctrl222008+D mov eax, 1 pop esi add esp, 8 retn 8 deviceIOctrl222008 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** suTypesA0baseCalls proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 arg_0 = dword ptr 0Ch push esi push edi mov edi, [esp+arg_0] mov esi, ecx mov eax, [esi] push 0A0h ; '' push edi call dword ptr [eax+0Ch] mov eax, SNCfunctionality test eax, eax jz short testSuType08 mov edx, [esi] push 0A1h ; '' push edi mov ecx, esi call dword ptr [edx+0Ch] ; deviceIOctrl222008 testSuType08: ; CODE XREF: suTypesA0baseCalls+1A mov eax, dword_20F13C test eax, eax jz short testSuType31 mov eax, [esi] push 0A2h ; '' push edi mov ecx, esi call dword ptr [eax+0Ch] ; deviceIOctrl222008 testSuType31: ; CODE XREF: suTypesA0baseCalls+30 mov eax, dword_20F140 test eax, eax jz short testSuType32 mov edx, [esi] push 0A3h ; '' push edi mov ecx, esi call dword ptr [edx+0Ch] ; deviceIOctrl222008 testSuType32: ; CODE XREF: suTypesA0baseCalls+46 mov eax, dword_20F144 test eax, eax jz short testSuType02 mov eax, [esi] push 0A4h ; '' push edi mov ecx, esi call dword ptr [eax+0Ch] ; deviceIOctrl222008 testSuType02: ; CODE XREF: suTypesA0baseCalls+5C mov eax, dword_20F148 test eax, eax jz short testSuType05 mov edx, [esi] push 0A5h ; '' push edi mov ecx, esi call dword ptr [edx+0Ch] ; deviceIOctrl222008 testSuType05: ; CODE XREF: suTypesA0baseCalls+72 mov eax, dword_20F14C test eax, eax jz short testSuType33 mov eax, [esi] push 0A6h ; '' push edi mov ecx, esi call dword ptr [eax+0Ch] ; deviceIOctrl222008 testSuType33: ; CODE XREF: suTypesA0baseCalls+88 mov eax, dword_20F150 test eax, eax jz short testSuType07 mov edx, [esi] push 0A7h ; '' push edi mov ecx, esi call dword ptr [edx+0Ch] ; deviceIOctrl222008 testSuType07: ; CODE XREF: suTypesA0baseCalls+9E mov eax, dword_20F154 test eax, eax jz short testSuType35 mov eax, [esi] push 0A8h ; '' push edi mov ecx, esi call dword ptr [eax+0Ch] ; deviceIOctrl222008 testSuType35: ; CODE XREF: suTypesA0baseCalls+B4 mov eax, dword_20F15C test eax, eax jz short testSuType37 mov edx, [esi] push 0AAh ; '' push edi mov ecx, esi call dword ptr [edx+0Ch] ; deviceIOctrl222008 testSuType37: ; CODE XREF: suTypesA0baseCalls+CA mov eax, dword_20F164 test eax, eax jz short testSuType03 mov eax, [esi] push 0ACh ; '' push edi mov ecx, esi call dword ptr [eax+0Ch] ; deviceIOctrl222008 testSuType03: ; CODE XREF: suTypesA0baseCalls+E0 mov eax, dword_20F168 test eax, eax jz short testSuType04 mov edx, [esi] push 0BBh ; '' push edi mov ecx, esi call dword ptr [edx+0Ch] ; deviceIOctrl222008 testSuType04: ; CODE XREF: suTypesA0baseCalls+F6 mov eax, dword_20F16C test eax, eax jz short testSuType06 mov eax, [esi] push 0B1h ; '' push edi mov ecx, esi call dword ptr [eax+0Ch] ; deviceIOctrl222008 testSuType06: ; CODE XREF: suTypesA0baseCalls+10C mov eax, dword_20F170 test eax, eax jz short exit mov edx, [esi] push 0B2h ; '' push edi mov ecx, esi call dword ptr [edx+0Ch] ; deviceIOctrl222008 exit: ; CODE XREF: suTypesA0baseCalls+122 pop edi mov eax, 1 pop esi retn 4 suTypesA0baseCalls endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** call_iterate_B7toBF proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 sub esp, 20h push ebx mov ebx, [esp+24h+arg_0] push esi push edi mov edi, ecx mov [esp+2Ch+var_20], 0B7h ; '' mov [esp+2Ch+var_1C], 0B8h ; '' mov [esp+2Ch+var_18], 0B9h ; '' mov [esp+2Ch+var_14], 1000010h mov [esp+2Ch+var_10], 0BCh ; '' mov [esp+2Ch+var_C], 0BDh ; '' mov [esp+2Ch+var_8], 0BEh ; '' mov [esp+2Ch+var_4], 0BFh ; '' xor esi, esi mov edi, edi doIOctrl_call: ; CODE XREF: call_iterate_B7toBF+61 mov ecx, [esp+esi*4+2Ch+var_20] mov eax, [edi] push ecx push ebx mov ecx, edi call dword ptr [eax+0Ch] ; deviceIOctrl222008 inc esi cmp esi, 8 ; completed the 8 calls yet? jl short doIOctrl_call pop edi pop esi mov eax, 1 pop ebx add esp, 20h retn 4 call_iterate_B7toBF endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** method_GHKE proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... var_10 = dword ptr -10h var_4 = dword ptr -4 arg_0 = dword ptr 4 push ecx mov eax, [ecx] push 454B4847h lea edx, [esp+8+var_4] push edx mov edx, [esp+0Ch+arg_0] push edx mov [esp+10h+var_4], 0 call dword ptr [eax+24h] test eax, eax jz short loc_205F83 mov eax, [esp+4+var_4] test eax, eax jz short loc_205F6E mov dword_20E020, eax loc_205F6E: ; CODE XREF: method_GHKE+27 mov eax, [esp+0Ch] mov ecx, dword_20E020 mov [eax], ecx mov eax, 1 pop ecx retn 8 ; =========================================================================== loc_205F83: ; CODE XREF: method_GHKE+1F xor eax, eax pop ecx retn 8 method_GHKE endp ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SN00 proc near ; CODE XREF: callSN00+26 callSN00+57 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 30304E53h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+28h] retn 8 method_SN00 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SN01 proc near ; CODE XREF: sub_206510+17 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 31304E53h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+24h] retn 8 method_SN01 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SN02 proc near ; CODE XREF: methodCondSN02_07+41 Arg0 = dword ptr 4 Arg1 = byte ptr 8 mov edx, dword ptr [esp+Arg1] mov eax, [ecx] push 32304E53h push edx mov edx, [esp+8+Arg0] push edx call dword ptr [eax+28h] retn 8 method_SN02 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SN03 proc near ; CODE XREF: sub_207CE0+41 deviceStruct = dword ptr 4 resultBuffer = byte ptr 8 mov edx, dword ptr [esp+resultBuffer] mov eax, [ecx] push 33304E53h push edx mov edx, [esp+8+deviceStruct] push edx call dword ptr [eax+28h] ; deviceIOctrl22201C_SNC_Setter retn 8 method_SN03 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SN05 proc near ; CODE XREF: notifyHandler+300 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 35304E53h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+28h] retn 8 method_SN05 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SN06 proc near ; CODE XREF: callSN07_SN06+83 ; callSN06+62 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov edx, [esp+arg_4] mov eax, [ecx] push 36304E53h push edx mov edx, [esp+8+arg_0] push edx call dword ptr [eax+2Ch] retn 8 method_SN06 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** method_SN07 proc near ; CODE XREF: notifyHandler+37 ; notifyHandler+230 ... contextData = dword ptr 4 eventIDmodified = byte ptr 8 mov edx, dword ptr [esp+eventIDmodified] mov eax, [ecx] push 37304E53h push edx mov edx, [esp+8+contextData] push edx call dword ptr [eax+28h] retn 8 method_SN07 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** callSN00 proc near ; DATA XREF: .rdata:functionJumpTable2 var_4 = dword ptr -4 arg_0 = dword ptr 4 push ecx push ebx mov ebx, [esp+8+arg_0] push esi push edi push ebx mov edi, ecx xor esi, esi call deviceOpenByGUID test eax, eax jz short loc_2060EC lea eax, [esp+10h+var_4] push eax push ebx mov ecx, edi mov [esp+18h+var_4], 10h call method_SN00 test eax, eax jz short loc_2060EC push ebp mov ebp, [esp+14h+var_4] lea ebx, [edi+4] loc_2060A7: ; CODE XREF: callSN00+6D mov edx, 1 mov ecx, esi shl edx, cl test edx, ebp jz short loc_2060D6 mov edx, [esp+14h+arg_0] lea ecx, [esp+14h+var_4] push ecx lea eax, [esi+20h] push edx mov ecx, edi mov [esp+1Ch+var_4], eax call method_SN00 test eax, eax jz short loc_2060DF mov eax, [esp+14h+var_4] mov [ebx], eax loc_2060D6: ; CODE XREF: callSN00+42 inc esi add ebx, 4 cmp esi, 10h jl short loc_2060A7 loc_2060DF: ; CODE XREF: callSN00+5E pop ebp pop edi pop esi mov eax, 1 pop ebx pop ecx retn 4 ; =========================================================================== loc_2060EC: ; CODE XREF: callSN00+14 callSN00+2D pop edi mov eax, esi pop esi pop ebx pop ecx retn 4 callSN00 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** call_iterate_90toA0 proc near ; DATA XREF: .rdata:functionJumpTable2 arg_0 = dword ptr 8 push ebx mov ebx, [esp+arg_0] push esi push edi mov edi, ecx mov esi, 90h ; '' mov edi, edi loc_206110: ; CODE XREF: call_iterate_90toA0+20 mov eax, [edi] push esi push ebx mov ecx, edi call dword ptr [eax+0Ch] inc esi cmp esi, 0A0h ; '' jb short loc_206110 pop edi pop esi mov eax, 1 pop ebx retn 4 call_iterate_90toA0 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** notifyHandler proc near ; DATA XREF: .rdata:functionJumpTable2 contextData = dword ptr 4 eventID = byte ptr 8 mov eax, dword ptr [esp+eventID] push ebx push ebp mov ebp, [esp+8+contextData] push esi push edi add eax, 0FFFFFF70h ; -0x90 mov edi, ecx mov ecx, [edi+eax*4+4] cmp ecx, 100h ; key-scan event jnz loc_206320 and eax, 0Fh ; this is event 0x92 (ecx=0x100), ; so this will the 0x02 or eax, 200h ; request sub-function 0x02 mov dword ptr [esp+10h+eventID], eax lea eax, [esp+10h+eventID] push eax push ebp mov ecx, edi call method_SN07 test eax, eax jz exit ; default mov eax, dword ptr [esp+10h+eventID] test al, al ; bit 7 (0x8?) will be set for a key-down event ; reset for a key-up event jns keyScanCodePressed and eax, 7Fh dec eax cmp eax, 20h ; ' ' ; switch 33 cases ja exit ; default jmp ds:keyReleasedJumpTable[eax*4] ; switch jump keyReleaseScanCode00: ; DATA XREF: .text:keyReleasedJumpTable mov eax, SNCfunctionality ; case 0x0 test eax, eax jz exit ; default mov esi, 15h jmp setMsgVal ; =========================================================================== keyReleaseScanCode01: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F13C ; case 0x1 test eax, eax jz exit ; default keyReleaseScanCode16: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 4 ; case 0x16 jmp setMsgVal ; =========================================================================== keyReleaseScanCode02: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F140 ; case 0x2 test eax, eax jz exit ; default keyReleaseScanCode15: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 5 ; case 0x15 jmp setMsgVal ; =========================================================================== keyReleaseScanCode03: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F144 ; case 0x3 test eax, eax jz exit ; default keyReleaseScanCode14: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 6 ; case 0x14 jmp setMsgVal ; =========================================================================== keyReleaseScanCode04: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F148 ; case 0x4 test eax, eax jz exit ; default mov esi, 7 jmp setMsgVal ; =========================================================================== keyReleaseScanCode05: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F14C ; Fn+F5 released test eax, eax jz exit ; default mov esi, 8 jmp setMsgVal ; =========================================================================== keyReleaseScanCode06: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F150 ; Fn+F6 released test eax, eax jz exit ; default mov esi, 0Bh jmp setMsgVal ; =========================================================================== keyReleaseScanCode07: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F154 ; Fn+F7 released test eax, eax jz exit ; default mov esi, 0Ch jmp setMsgVal ; =========================================================================== keyReleaseScanCode08: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F158 ; case 0x8 test eax, eax jz exit ; default mov esi, 21h ; '!' jmp setMsgVal ; =========================================================================== keyReleaseScanCode09: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F15C ; case 0x9 test eax, eax jz exit ; default keyReleaseScanCode1C: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 20h ; ' ' ; case 0x1C jmp setMsgVal ; =========================================================================== keyReleaseScanCode0A: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F160 ; Fn+F10 released test eax, eax jz exit ; default mov esi, 22h ; '"' jmp setMsgVal ; =========================================================================== keyReleaseScanCode0B: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov eax, dword_20F164 ; case 0xB test eax, eax jz exit ; default mov esi, 3 jmp setMsgVal ; =========================================================================== keyReleaseScanCode0F: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 37h ; '7' ; case 0xF jmp setMsgVal ; =========================================================================== keyReleaseScanCode10: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 38h ; '8' ; case 0x10 jmp setMsgVal ; =========================================================================== keyReleaseScanCode1E: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 9 ; case 0x1E jmp setMsgVal ; =========================================================================== keyReleaseScanCode17: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 30h ; '0' ; case 0x17 jmp setMsgVal ; =========================================================================== keyReleaseScanCode18: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 31h ; '1' ; case 0x18 jmp setMsgVal ; =========================================================================== keyReleaseScanCode19: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 32h ; '2' ; case 0x19 jmp setMsgVal ; =========================================================================== keyReleaseScanCode1A: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 33h ; '3' ; case 0x1A jmp setMsgVal ; =========================================================================== keyReleaseScanCode1B: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 34h ; '4' ; case 0x1B jmp setMsgVal ; =========================================================================== keyReleaseScanCode1D: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 35h ; '5' ; case 0x1D jmp setMsgVal ; =========================================================================== keyReleaseScanCode1F: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 36h ; '6' ; case 0x1F jmp setMsgVal ; =========================================================================== keyReleaseScanCode20: ; CODE XREF: notifyHandler+5D ; DATA XREF: .text:keyReleasedJumpTable mov esi, 39h ; '9' ; case 0x20 jmp setMsgVal ; =========================================================================== keyScanCodePressed: ; CODE XREF: notifyHandler+4A mov esi, 1Fh jmp setMsgVal ; =========================================================================== loc_206320: ; CODE XREF: notifyHandler+1D cmp ecx, 101h ; SNN0 (0x90) video device switch jnz short loc_206332 mov esi, 3003h jmp setMsgVal ; =========================================================================== loc_206332: ; CODE XREF: notifyHandler+1F6 cmp ecx, 102h ; SNN1 (0x91) EC._Q26(), EC._Q27() jnz short loc_206344 mov esi, 3013h jmp setMsgVal ; =========================================================================== loc_206344: ; CODE XREF: notifyHandler+208 cmp ecx, 107h ; SNN4 (0x94) EC._Q2B(), EC._Q2C() jnz short loc_206380 lea ecx, [esp+10h+eventID] push ecx and eax, 0Fh ; modified event ID push ebp ; contextData mov ecx, edi mov esi, 3009h mov dword ptr [esp+18h+eventID], eax call method_SN07 test eax, eax jz setMsgVal mov esi, dword ptr [esp+10h+eventID] neg esi sbb esi, esi add esi, 3009h jmp loc_206435 ; =========================================================================== loc_206380: ; CODE XREF: notifyHandler+21A cmp ecx, 10Fh ; unknown jnz exit ; default mov ebx, eax ; this is event 0xA1 and ebx, 0Fh lea eax, [esp+10h+eventID] mov edx, ebx push eax or edx, 700h push ebp mov ecx, edi mov dword ptr [esp+18h+eventID], edx mov [esp+18h+contextData], 0 call method_SN07 test eax, eax jz exit ; default mov eax, dword ptr [esp+10h+eventID] and eax, 3 sub eax, 2 mov dword ptr [esp+10h+eventID], ebx jz short result_is_02 lea ecx, [esp+10h+eventID] push ecx push ebp mov ecx, edi mov esi, 3009h call method_SN07 test eax, eax jz short loc_2063EF mov esi, dword ptr [esp+10h+eventID] not esi and esi, 1 or esi, 3008h loc_2063EF: ; CODE XREF: notifyHandler+2AE mov [esp+10h+contextData], 1 jmp short loc_206428 ; =========================================================================== result_is_02: ; CODE XREF: notifyHandler+298 lea edx, [esp+10h+eventID] push edx push ebp mov ecx, edi mov esi, 301Dh call method_SN07 test eax, eax jz short loc_206420 mov esi, dword ptr [esp+10h+eventID] shr esi, 1 ; divide by 2 not esi ; invert and esi, 1 or esi, 301Ch loc_206420: ; CODE XREF: notifyHandler+2DD mov [esp+10h+contextData], 2 loc_206428: ; CODE XREF: notifyHandler+2C7 lea eax, [esp+10h+contextData] push eax push ebp mov ecx, edi call method_SN05 loc_206435: ; CODE XREF: notifyHandler+24B test esi, esi jz short exit ; default setMsgVal: ; CODE XREF: notifyHandler+76 ; notifyHandler+8D ... mov ecx, [ebp+20h] mov edx, [ebp+0Ch] push 0 ; lParam push esi ; wParam push ecx ; Msg push edx ; hWnd call ds:PostMessageA exit: ; CODE XREF: notifyHandler+3E ; notifyHandler+57 ... pop edi ; default pop esi pop ebp mov eax, 1 pop ebx retn 0Ch notifyHandler endp ; =========================================================================== db 8Bh, 0FFh keyReleasedJumpTable dd offset keyReleaseScanCode00, offset keyReleaseScanCode01 ; DATA XREF: notifyHandler+5D dd offset keyReleaseScanCode02, offset keyReleaseScanCode03 ; jump table for switch statement dd offset keyReleaseScanCode04, offset keyReleaseScanCode05 dd offset keyReleaseScanCode06, offset keyReleaseScanCode07 dd offset keyReleaseScanCode08, offset keyReleaseScanCode09 dd offset keyReleaseScanCode0A, offset keyReleaseScanCode0B dd 3 dup(offset exit), offset keyReleaseScanCode0F, offset keyReleaseScanCode10 dd 3 dup(offset exit), offset keyReleaseScanCode14, offset keyReleaseScanCode15 dd offset keyReleaseScanCode16, offset keyReleaseScanCode17 dd offset keyReleaseScanCode18, offset keyReleaseScanCode19 dd offset keyReleaseScanCode1A, offset keyReleaseScanCode1B dd offset keyReleaseScanCode1C, offset keyReleaseScanCode1D dd offset keyReleaseScanCode1E, offset keyReleaseScanCode1F dd offset keyReleaseScanCode20 db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** find_DWORD_in_CXbuffer proc near ; CODE XREF: sub_206510+34 ; callSNC_SN07_0105+19 ... searchValue = dword ptr 4 resultIndex = byte ptr 8 push esi mov esi, [esp+4+searchValue] xor eax, eax xor edx, edx add ecx, 4 lea esp, [esp+0] scan: ; CODE XREF: find_DWORD_in_CXbuffer+1B cmp [ecx], esi jz short found inc edx add ecx, 4 cmp edx, 10h jl short scan pop esi retn 8 ; =========================================================================== found: ; CODE XREF: find_DWORD_in_CXbuffer+12 mov eax, dword ptr [esp+4+resultIndex] mov [eax], edx mov eax, 1 pop esi retn 8 find_DWORD_in_CXbuffer endp ; *************** S U B R O U T I N E *************************************** sub_206510 proc near ; DATA XREF: .rdata:functionJumpTable2 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch push ecx push esi push edi mov esi, ecx mov ecx, [esp+0Ch+arg_0] lea eax, [esp+0Ch+var_4] push eax push ecx xor edi, edi mov ecx, esi mov [esp+14h+var_4], edi call method_SN01 test eax, eax jz short loc_20656B mov eax, [esp+0Ch+arg_4] lea edx, [esp+0Ch+arg_0] push edx push eax mov ecx, esi mov [esp+14h+arg_0], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_20656B mov edx, [esp+0Ch+var_4] mov ecx, [esp+0Ch+arg_0] mov eax, [esp+0Ch+arg_8] shr edx, cl pop edi pop esi and edx, 1 mov [eax], edx mov eax, 1 pop ecx retn 0Ch ; =========================================================================== loc_20656B: ; CODE XREF: sub_206510+1E ; sub_206510+3B mov eax, edi pop edi pop esi pop ecx retn 0Ch sub_206510 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0105 proc near ; CODE XREF: .text:00207911 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 105h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_2065DC mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_2065DC mov ecx, [esp+0Ch+var_4] mov edx, [esp+0Ch+arg_4] not ecx and ecx, 1 pop edi mov [edx], ecx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_2065DC: ; CODE XREF: callSNC_SN07_0105+20 ; callSNC_SN07_0105+40 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_0105 endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0105_2 proc near ; CODE XREF: .text:0020792B var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 105h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_20664D mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] not edx and edx, 1 shl edx, 10h and eax, 0Fh or edx, eax or edx, 100h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_20664F loc_20664D: ; CODE XREF: callSNC_SN07_0105_2+20 mov eax, edi loc_20664F: ; CODE XREF: callSNC_SN07_0105_2+5B pop edi pop esi pop ecx retn 8 callSNC_SN07_0105_2 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame callSN07_SN06 proc near ; DATA XREF: .rdata:functionJumpTable2 var_414 = dword ptr -414h var_410 = dword ptr -410h var_40C = dword ptr -40Ch var_408 = byte ptr -408h arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 414h push ebx push esi push edi lea eax, [esp+420h+var_414] push eax push 103h mov esi, ecx xor edi, edi mov [esp+428h+var_414], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz loc_206719 mov ebx, [esp+420h+var_414] mov eax, [ebp+arg_0] mov ecx, ebx and ecx, 0Fh lea edx, [esp+420h+var_414] push edx mov [esp+424h+var_414], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_206719 test byte ptr [esp+420h+var_414], 2 jz short loc_206719 mov edx, [ebp+arg_0] xor eax, eax mov ecx, 104h lea edi, [esp+420h+var_410] rep stosd lea ecx, [esp+420h+var_410] push ecx mov byte ptr [esp+424h+var_410], bl mov ebx, 1 push edx mov ecx, esi mov byte ptr [esp+428h+var_410+1], bl mov byte ptr [esp+428h+var_410+2], bl call method_SN06 test eax, eax jz short loc_20670E mov ecx, [esp+420h+var_410] mov eax, [ebp+arg_4] mov edx, [esp+420h+var_40C] mov [eax], ecx mov cl, [esp+420h+var_408] mov [eax+4], edx mov [eax+8], cl mov eax, ebx pop edi pop esi pop ebx mov esp, ebp pop ebp retn 8 ; =========================================================================== loc_20670E: ; CODE XREF: callSN07_SN06+8A xor eax, eax pop edi pop esi pop ebx mov esp, ebp pop ebp retn 8 ; =========================================================================== loc_206719: ; CODE XREF: callSN07_SN06+2C ; callSN07_SN06+51 ... mov eax, edi pop edi pop esi pop ebx mov esp, ebp pop ebp retn 8 callSN07_SN06 endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame callSN06 proc near ; DATA XREF: .rdata:functionJumpTable2 var_414 = dword ptr -414h var_410 = dword ptr -410h var_40A = dword ptr -40Ah arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 414h push ebx push esi push edi lea eax, [esp+420h+var_414] push eax push 10Ah mov ebx, ecx xor esi, esi mov [esp+428h+var_414], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_2067B1 mov esi, [ebp+arg_4] mov edx, [esi] xor eax, eax mov ecx, 104h lea edi, [esp+420h+var_410] rep stosd mov cl, byte ptr [esp+420h+var_414] mov byte ptr [esp+420h+var_410], cl lea ecx, [esp+420h+var_410] mov [esp+420h+var_410+2], edx mov edx, [ebp+arg_0] push ecx mov byte ptr [esp+424h+var_410+1], al mov eax, [esi+4] push edx mov ecx, ebx mov [esp+428h+var_40A], eax call method_SN06 test eax, eax jz short loc_2067B3 mov ecx, [esp+420h+var_410+2] mov edx, [esp+420h+var_40A] mov [esi], ecx mov [esi+4], edx pop edi pop esi pop ebx mov esp, ebp pop ebp retn 8 ; =========================================================================== loc_2067B1: ; CODE XREF: callSN06+2C mov eax, esi loc_2067B3: ; CODE XREF: callSN06+69 pop edi pop esi pop ebx mov esp, ebp pop ebp retn 8 callSN06 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0104 proc near ; CODE XREF: .text:002078DD var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 104h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short failed mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short failed mov ecx, [esp+0Ch+var_4] mov edx, [esp+0Ch+arg_4] not ecx and ecx, 1 pop edi mov [edx], ecx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== failed: ; CODE XREF: callSNC_SN07_0104+20 ; callSNC_SN07_0104+40 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_0104 endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0104_2 proc near ; CODE XREF: .text:002078F7 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 104h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_20688D mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] not edx and edx, 1 shl edx, 10h and eax, 0Fh or edx, eax or edx, 100h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_20688F loc_20688D: ; CODE XREF: callSNC_SN07_0104_2+20 mov eax, edi loc_20688F: ; CODE XREF: callSNC_SN07_0104_2+5B pop edi pop esi pop ecx retn 8 callSNC_SN07_0104_2 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_010B proc near ; CODE XREF: .text:0020795F resultIndex = dword ptr -4 Arg0 = dword ptr 4 result = byte ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+resultIndex] push eax push 10Bh mov esi, ecx xor edi, edi mov [esp+14h+resultIndex], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short failed mov ecx, [esp+0Ch+resultIndex] mov eax, [esp+0Ch+Arg0] and ecx, 0Fh lea edx, [esp+0Ch+resultIndex] push edx mov [esp+10h+resultIndex], ecx push eax ; SN07 Arg0 mov ecx, esi call method_SN07 test eax, eax jz short failed mov eax, [esp+0Ch+resultIndex] mov ecx, dword ptr [esp+0Ch+result] not eax and eax, 3 pop edi mov [ecx], eax mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== failed: ; CODE XREF: callSNC_SN07_010B+20 ; callSNC_SN07_010B+40 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_010B endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** sub_206910 proc near ; CODE XREF: .text:00207979 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 10Bh mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_20696D mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] not edx and edx, 2 shl edx, 10h and eax, 0Fh or edx, eax or edx, 100h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_20696F loc_20696D: ; CODE XREF: sub_206910+20 mov eax, edi loc_20696F: ; CODE XREF: sub_206910+5B pop edi pop esi pop ecx retn 8 sub_206910 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_010B_2 proc near ; CODE XREF: .text:00207993 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 109h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_2069D7 mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_2069D7 mov ecx, [esp+0Ch+arg_4] mov edx, [esp+0Ch+var_4] pop edi mov [ecx], edx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_2069D7: ; CODE XREF: callSNC_SN07_010B_2+20 ; callSNC_SN07_010B_2+40 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_010B_2 endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0109 proc near ; CODE XREF: .text:002079AD var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 109h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_206A38 mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] shl edx, 10h and eax, 0Fh or edx, eax or edx, 100h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_206A3A loc_206A38: ; CODE XREF: callSNC_SN07_0109+20 mov eax, edi loc_206A3A: ; CODE XREF: callSNC_SN07_0109+56 pop edi pop esi pop ecx retn 8 callSNC_SN07_0109 endp ; *************** S U B R O U T I N E *************************************** callSNC_SN07_010C proc near ; CODE XREF: .text:002079C7 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 10Ch mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_206A97 mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_206A97 mov ecx, [esp+0Ch+arg_4] mov edx, [esp+0Ch+var_4] pop edi mov [ecx], edx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_206A97: ; CODE XREF: callSNC_SN07_010C+20 ; callSNC_SN07_010C+40 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_010C endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** callSNC_SN07_010C_2 proc near ; CODE XREF: .text:002079E1 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 10Ch mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_206AF8 mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] shl edx, 10h and eax, 0Fh or edx, eax or edx, 100h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_206AFA loc_206AF8: ; CODE XREF: callSNC_SN07_010C_2+20 mov eax, edi loc_206AFA: ; CODE XREF: callSNC_SN07_010C_2+56 pop edi pop esi pop ecx retn 8 callSNC_SN07_010C_2 endp ; *************** S U B R O U T I N E *************************************** callSNC_SN07_010D proc near ; CODE XREF: .text:002079FB var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 10Dh mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_206B74 mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_206B74 mov ecx, [esp+0Ch+var_4] test ecx, ecx mov eax, 1 jnz short loc_206B5B mov ecx, [esp+0Ch+arg_4] mov [ecx], edi pop edi pop esi pop ecx retn 8 ; =========================================================================== loc_206B5B: ; CODE XREF: callSNC_SN07_010D+4D cmp ecx, 1 jnz short loc_206B6C mov edx, [esp+0Ch+arg_4] pop edi mov [edx], ecx pop esi pop ecx retn 8 ; =========================================================================== loc_206B6C: ; CODE XREF: callSNC_SN07_010D+5E pop edi xor eax, eax pop esi pop ecx retn 8 ; =========================================================================== loc_206B74: ; CODE XREF: callSNC_SN07_010D+20 ; callSNC_SN07_010D+40 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_010D endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_010D_2 proc near ; CODE XREF: .text:00207A15 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 10Dh mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_206BDB mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] and edx, 1 shl edx, 10h and eax, 0Fh or edx, eax or edx, 100h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_206BDD loc_206BDB: ; CODE XREF: callSNC_SN07_010D_2+20 mov eax, edi loc_206BDD: ; CODE XREF: callSNC_SN07_010D_2+59 pop edi pop esi pop ecx retn 8 callSNC_SN07_010D_2 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** testSN07resultBit0 proc near ; DATA XREF: .rdata:functionJumpTable2 result = dword ptr -4 SNC_Arg0 = dword ptr 4 returnVal = byte ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+result] push eax push 10Eh mov esi, ecx xor edi, edi mov [esp+14h+result], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short exitFalse mov ecx, [esp+0Ch+result] mov eax, [esp+0Ch+SNC_Arg0] and ecx, 0Fh ; mask off all but last nibble lea edx, [esp+0Ch+result] push edx mov [esp+10h+result], ecx push eax ; Arg0 mov ecx, esi call method_SN07 test eax, eax jz short exitFalse mov cl, byte ptr [esp+0Ch+result] mov edx, dword ptr [esp+0Ch+returnVal] mov eax, 1 ; exit True test cl, al mov ecx, edi ; reset to 0 setnz cl ; result = 1 pop edi pop esi inc ecx ; 0x01 or 0x02 mov [edx], ecx ; return value pop ecx retn 8 ; =========================================================================== exitFalse: ; CODE XREF: testSN07resultBit0+20 ; testSN07resultBit0+40 mov eax, edi ; return 0 pop edi pop esi pop ecx retn 8 testSN07resultBit0 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** callSN07_byLookup_010E proc near ; DATA XREF: .rdata:functionJumpTable2 resultOffset = dword ptr -4 buffer = dword ptr 4 pointerToEventID= byte ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+resultOffset] push eax ; resultIndex push 10Eh ; search value mov esi, ecx xor edi, edi mov [esp+14h+resultOffset], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short notFound mov edx, dword ptr [esp+0Ch+pointerToEventID] mov eax, [edx] mov edx, [esp+0Ch+buffer] xor ecx, ecx cmp eax, 2 mov eax, [esp+0Ch+resultOffset] ; resultIndex setz cl ; eax == 2 and eax, 0Fh ; keep the low nibble shl ecx, 10h ; shift into high word or ecx, eax ; combine high and low words or ecx, 100h ; set bit 8 mov dword ptr [esp+0Ch+pointerToEventID], ecx lea ecx, [esp+0Ch+pointerToEventID] push ecx ; eventIDmodified push edx ; contextData mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short exit notFound: ; CODE XREF: callSN07_byLookup_010E+20 mov eax, edi exit: ; CODE XREF: callSN07_byLookup_010E+5E pop edi pop esi pop ecx retn 8 callSN07_byLookup_010E endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_206CD0 proc near ; CODE XREF: classJump04+2B var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch push ecx push ebp push esi lea eax, [esp+0Ch+var_4] push eax push 107h mov esi, ecx xor ebp, ebp mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jnz short loc_206D0B lea ecx, [esp+0Ch+var_4] push ecx push 10Fh mov ecx, esi call find_DWORD_in_CXbuffer test eax, eax jz loc_2071A3 loc_206D0B: ; CODE XREF: sub_206CD0+20 mov eax, [esp+0Ch+arg_4] add eax, 0FFFFFFD9h cmp eax, 2Eh ; '.' ja loc_2071A3 movzx edx, ds:byte_2071D4[eax] push ebx push edi jmp ds:off_2071AC[edx*4] loc_206D2B: ; DATA XREF: .text:off_2071AC mov edi, [esp+14h+var_4] mov ebx, [esp+14h+arg_0] and edi, 0Fh lea ecx, [esp+14h+arg_4] push ecx mov eax, edi or eax, 300h push ebx mov ecx, esi mov [esp+1Ch+arg_4], eax call method_SN07 test eax, eax jz loc_2071A1 mov edx, [esp+14h+arg_8] mov eax, [edx] mov ecx, [esp+14h+arg_4] and eax, 1 and ecx, 2 or eax, ecx shl eax, 10h or eax, edi or eax, 400h lea edx, [esp+14h+arg_4] mov [esp+14h+arg_4], eax push edx jmp loc_207091 ; =========================================================================== loc_206D80: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071B0 mov eax, [esp+14h+var_4] mov edx, [esp+14h+arg_0] lea ecx, [esp+14h+arg_4] and eax, 0Fh push ecx or eax, 300h push edx mov ecx, esi mov [esp+1Ch+arg_4], eax call method_SN07 test eax, eax jz loc_2071A1 mov eax, [esp+14h+arg_4] mov ecx, [esp+14h+arg_8] pop edi and eax, 1 pop ebx mov ebp, 1 mov [ecx], eax pop esi mov eax, ebp pop ebp pop ecx retn 0Ch ; =========================================================================== loc_206DC5: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071B8 mov edi, [esp+14h+var_4] mov ebp, [esp+14h+arg_0] mov ebx, [esp+14h+arg_8] lea edx, [esp+14h+arg_4] push edx and edi, 0Fh push ebp mov ecx, esi mov [esp+1Ch+arg_4], edi mov dword ptr [ebx], 0 call method_SN07 test eax, eax jz short loc_206DF8 mov eax, [esp+14h+arg_4] and eax, 1 mov [ebx], eax loc_206DF8: ; CODE XREF: sub_206CD0+11D lea ecx, [esp+14h+arg_4] push ecx or edi, 100h push ebp mov ecx, esi mov [esp+1Ch+arg_4], edi call method_SN07 test eax, eax jz loc_20719C mov edx, [esp+14h+arg_4] mov eax, [ebx] and edx, 1 shl edx, 1 or eax, edx pop edi mov [ebx], eax pop ebx mov ebp, 1 pop esi mov eax, ebp pop ebp pop ecx retn 0Ch ; =========================================================================== loc_206E35: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071B4 mov edi, [esp+14h+var_4] mov ebx, [esp+14h+arg_0] and edi, 0Fh lea ecx, [esp+14h+arg_4] push ecx mov eax, edi or eax, 100h push ebx mov ecx, esi mov [esp+1Ch+arg_4], eax call method_SN07 test eax, eax jz loc_2071A1 mov edx, [esp+14h+arg_4] mov eax, [esp+14h+arg_8] mov ecx, [eax] and edx, 2 shl edx, 1 and ecx, 2 or edx, ecx shl edx, 0Fh or edx, edi or edx, 200h mov [esp+14h+arg_4], edx lea edx, [esp+14h+arg_4] push edx jmp loc_207091 ; =========================================================================== loc_206E8D: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071C0 mov edi, [esp+14h+var_4] mov ebx, [esp+14h+arg_0] mov ebp, [esp+14h+arg_8] and edi, 0Fh lea ecx, [esp+14h+arg_4] push ecx mov eax, edi or eax, 100h push ebx mov ecx, esi mov dword ptr [ebp+0], 0 mov [esp+1Ch+arg_4], eax call method_SN07 test eax, eax jz short loc_206ECA test byte ptr [esp+14h+arg_4], 2 jz short loc_206ECA or dword ptr [ebp+0], 1 loc_206ECA: ; CODE XREF: sub_206CD0+1ED ; sub_206CD0+1F4 lea eax, [esp+14h+arg_4] mov edx, edi push eax or edx, 300h push ebx mov ecx, esi mov [esp+1Ch+arg_4], edx call method_SN07 test eax, eax jz short loc_206EF2 test byte ptr [esp+14h+arg_4], 2 jz short loc_206EF2 or dword ptr [ebp+0], 2 loc_206EF2: ; CODE XREF: sub_206CD0+215 ; sub_206CD0+21C lea ecx, [esp+14h+arg_4] push ecx or edi, 500h push ebx mov ecx, esi mov [esp+1Ch+arg_4], edi call method_SN07 test eax, eax jz loc_20719C test byte ptr [esp+14h+arg_4], 2 jz loc_20719C mov eax, [ebp+0] pop edi or eax, 4 mov [ebp+0], eax pop ebx mov ebp, 1 pop esi mov eax, ebp pop ebp pop ecx retn 0Ch ; =========================================================================== loc_206F34: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071C4 mov edi, [esp+14h+var_4] mov ebx, [esp+14h+arg_0] and edi, 0Fh lea eax, [esp+14h+arg_4] mov edx, edi push eax or edx, 100h push ebx mov ecx, esi mov [esp+1Ch+arg_4], edx call method_SN07 test eax, eax mov ebp, [esp+14h+arg_8] jz short loc_206F8D mov ecx, [ebp+0] mov edx, [esp+14h+arg_4] and ecx, 1 shl ecx, 1 and edx, 1 or ecx, edx shl ecx, 10h or ecx, edi or ecx, 200h lea eax, [esp+14h+arg_4] push eax mov [esp+18h+arg_4], ecx push ebx mov ecx, esi call method_SN07 loc_206F8D: ; CODE XREF: sub_206CD0+28E mov ecx, edi or ecx, 300h lea edx, [esp+14h+arg_4] push edx mov [esp+18h+arg_4], ecx push ebx mov ecx, esi call method_SN07 test eax, eax jz short loc_206FD4 mov ecx, [esp+14h+arg_4] mov eax, [ebp+0] and eax, 2 and ecx, 1 or eax, ecx shl eax, 10h lea edx, [esp+14h+arg_4] or eax, edi push edx or eax, 400h push ebx mov ecx, esi mov [esp+1Ch+arg_4], eax call method_SN07 loc_206FD4: ; CODE XREF: sub_206CD0+2D8 lea ecx, [esp+14h+arg_4] push ecx mov eax, edi or eax, 500h push ebx mov ecx, esi mov [esp+1Ch+arg_4], eax call method_SN07 test eax, eax jz loc_20719C mov edx, [esp+14h+arg_4] mov eax, [ebp+0] and edx, 0FFFF9F01h shl edx, 1 and eax, 4 or edx, eax shl edx, 0Fh lea ecx, [esp+14h+arg_4] or edx, edi push ecx or edx, 600h push ebx mov ecx, esi mov [esp+1Ch+arg_4], edx call method_SN07 pop edi pop ebx mov ebp, 1 pop esi mov eax, ebp pop ebp pop ecx retn 0Ch ; =========================================================================== loc_207033: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071C8 mov edi, [esp+14h+var_4] mov ebx, [esp+14h+arg_0] and edi, 0Fh lea eax, [esp+14h+arg_4] mov edx, edi push eax or edx, 500h push ebx mov ecx, esi mov [esp+1Ch+arg_4], edx call method_SN07 test eax, eax jz loc_2071A1 mov ecx, [esp+14h+arg_8] mov eax, [ecx] mov edx, eax and edx, 7Ch shl edx, 6 and eax, 1 or edx, eax mov eax, [esp+14h+arg_4] and eax, 0FFFF8002h or edx, eax shl edx, 10h or edx, edi or edx, 600h lea ecx, [esp+14h+arg_4] mov [esp+14h+arg_4], edx push ecx loc_207091: ; CODE XREF: sub_206CD0+AB ; sub_206CD0+1B8 push ebx mov ecx, esi call method_SN07 test eax, eax jz loc_2071A1 pop edi pop ebx mov ebp, 1 pop esi mov eax, ebp pop ebp pop ecx retn 0Ch ; =========================================================================== loc_2070B0: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071CC mov edx, [esp+14h+var_4] mov ecx, [esp+14h+arg_0] lea eax, [esp+14h+arg_4] and edx, 0Fh push eax or edx, 500h push ecx mov ecx, esi mov [esp+1Ch+arg_4], edx call method_SN07 test eax, eax jz loc_2071A1 mov edx, [esp+14h+arg_4] mov eax, [esp+14h+arg_8] pop edi pop ebx and edx, 1 mov ebp, 1 mov [eax], edx pop esi mov eax, ebp pop ebp pop ecx retn 0Ch ; =========================================================================== loc_2070F6: ; CODE XREF: sub_206CD0+54 ; DATA XREF: .text:002071BC lea ecx, [esp+14h+var_4] push ecx push 10Fh mov ecx, esi call find_DWORD_in_CXbuffer test eax, eax jz loc_2071A1 mov edx, [esp+14h+var_4] mov ecx, [esp+14h+arg_0] lea eax, [esp+14h+arg_4] and edx, 0Fh push eax or edx, 800h push ecx mov ecx, esi mov [esp+1Ch+arg_4], edx call method_SN07 test eax, eax jz short loc_2071A1 mov eax, [esp+14h+arg_4] and eax, 7 dec eax jz short loc_207192 dec eax jz short loc_207179 sub eax, 2 jz short loc_207160 mov edx, [esp+14h+arg_8] pop edi pop ebx mov ebp, 1 pop esi mov eax, ebp mov dword ptr [edx], 0 pop ebp pop ecx retn 0Ch ; =========================================================================== loc_207160: ; CODE XREF: sub_206CD0+475 mov eax, [esp+14h+arg_8] pop edi pop ebx mov ebp, 1 mov dword ptr [eax], 4 pop esi mov eax, ebp pop ebp pop ecx retn 0Ch ; =========================================================================== loc_207179: ; CODE XREF: sub_206CD0+470 mov ecx, [esp+14h+arg_8] pop edi pop ebx mov ebp, 1 pop esi mov eax, ebp mov dword ptr [ecx], 2 pop ebp pop ecx retn 0Ch ; =========================================================================== loc_207192: ; CODE XREF: sub_206CD0+46D mov edx, [esp+14h+arg_8] mov dword ptr [edx], 1 loc_20719C: ; CODE XREF: sub_206CD0+141 ; sub_206CD0+23B ... mov ebp, 1 loc_2071A1: ; CODE XREF: sub_206CD0+54 ; sub_206CD0+80 ... pop edi pop ebx loc_2071A3: ; CODE XREF: sub_206CD0+35 ; sub_206CD0+45 pop esi mov eax, ebp pop ebp pop ecx retn 0Ch sub_206CD0 endp ; =========================================================================== align 4 off_2071AC dd offset loc_206D2B ; DATA XREF: sub_206CD0+54 dd offset loc_206D80 dd offset loc_206E35 dd offset loc_206DC5 dd offset loc_2070F6 dd offset loc_206E8D dd offset loc_206F34 dd offset loc_207033 dd offset loc_2070B0 dd offset loc_2071A1 byte_2071D4 db 0 ; DATA XREF: sub_206CD0+4B db 1, 9, 2 ; =========================================================================== add ecx, [ecx] or [ecx], ecx add al, 9 or ds:9090906h, eax or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [ecx], ecx or [edi], eax or [eax-6F6F6F70h], dl nop nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0106 proc near ; CODE XREF: .text:00207945 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 106h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz loc_2072D5 mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_2072D5 mov eax, [esp+0Ch+var_4] and eax, 0FFh dec eax cmp eax, 3 ; switch 4 cases ja short loc_2072C0 ; default jmp ds:off_2072E0[eax*4] ; switch jump loc_20726C: ; DATA XREF: .text:off_2072E0 mov ecx, [esp+0Ch+arg_4] ; case 0x0 pop edi mov dword ptr [ecx], 1 mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_207281: ; CODE XREF: callSNC_SN07_0106+55 ; DATA XREF: .text:off_2072E0 mov edx, [esp+0Ch+arg_4] ; case 0x1 pop edi mov dword ptr [edx], 2 mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_207296: ; CODE XREF: callSNC_SN07_0106+55 ; DATA XREF: .text:off_2072E0 mov eax, [esp+0Ch+arg_4] ; case 0x2 pop edi mov dword ptr [eax], 4 mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_2072AB: ; CODE XREF: callSNC_SN07_0106+55 ; DATA XREF: .text:off_2072E0 mov ecx, [esp+0Ch+arg_4] ; case 0x3 pop edi mov dword ptr [ecx], 3 mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_2072C0: ; CODE XREF: callSNC_SN07_0106+53 mov edx, [esp+0Ch+arg_4] ; default pop edi mov dword ptr [edx], 0 mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_2072D5: ; CODE XREF: callSNC_SN07_0106+20 ; callSNC_SN07_0106+44 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_0106 endp ; =========================================================================== db 8Dh, 49h, 0 off_2072E0 dd offset loc_20726C, offset loc_207281, offset loc_207296 ; DATA XREF: callSNC_SN07_0106+55 dd offset loc_2072AB ; jump table for switch statement ; *************** S U B R O U T I N E *************************************** isHotkeyActionID proc near ; CODE XREF: methodCondSN02_07+4D ; sub_207CE0+4D actionID = byte ptr 4 mov eax, dword ptr [esp+actionID] cmp eax, 100h jz short exitTrue cmp eax, 101h jz short exitTrue cmp eax, 102h jz short exitTrue xor eax, eax ; exitFalse retn 4 ; =========================================================================== exitTrue: ; CODE XREF: isHotkeyActionID+9 ; isHotkeyActionID+10 ... mov eax, 1 retn 4 isHotkeyActionID endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0111_2 proc near ; CODE XREF: .text:00207ABC var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 111h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_207380 mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh or ecx, 100h lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_207380 mov ecx, [esp+0Ch+var_4] mov edx, [esp+0Ch+arg_4] and ecx, 1 pop edi mov [edx], ecx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_207380: ; CODE XREF: callSNC_SN07_0111_2+20 ; callSNC_SN07_0111_2+46 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_0111_2 endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0111 proc near ; CODE XREF: classJump07+C var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 111h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_2073E5 mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] and edx, 1 shl edx, 10h and eax, 0Fh or edx, eax lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_2073E7 loc_2073E5: ; CODE XREF: callSNC_SN07_0111+20 mov eax, edi loc_2073E7: ; CODE XREF: callSNC_SN07_0111+53 pop edi pop esi pop ecx retn 8 callSNC_SN07_0111 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2073F0 proc near ; CODE XREF: classJump04+15 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 110h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_20744A mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_20744A mov ecx, [esp+0Ch+var_4] mov edx, [esp+0Ch+arg_4] and ecx, 1 pop edi mov [edx], ecx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_20744A: ; CODE XREF: sub_2073F0+20 ; sub_2073F0+40 mov eax, edi pop edi pop esi pop ecx retn 8 sub_2073F0 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_207460 proc near ; CODE XREF: classJump04+4 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 110h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_2074BB mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] and edx, 1 shl edx, 10h and eax, 0Fh or edx, eax or edx, 100h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_2074BD loc_2074BB: ; CODE XREF: sub_207460+20 mov eax, edi loc_2074BD: ; CODE XREF: sub_207460+59 pop edi pop esi pop ecx retn 8 sub_207460 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0113_2 proc near ; CODE XREF: callSNC_SN07_0113_choose+16 ; .text:00207AD6 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 113h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_207527 mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_207527 mov ecx, [esp+0Ch+arg_4] mov edx, [esp+0Ch+var_4] pop edi mov [ecx], edx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_207527: ; CODE XREF: callSNC_SN07_0113_2+20 ; callSNC_SN07_0113_2+40 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_0113_2 endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0113 proc near ; CODE XREF: callSNC_SN07_0113_choose+3B ; callSNCmethodByModelType+128 ... var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 113h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_20758D mov ecx, [esp+0Ch+var_4] mov eax, [esp+0Ch+arg_0] and ecx, 0Fh or ecx, 100h lea edx, [esp+0Ch+var_4] push edx mov [esp+10h+var_4], ecx push eax mov ecx, esi call method_SN07 test eax, eax jz short loc_20758D mov ecx, [esp+0Ch+arg_4] mov edx, [esp+0Ch+var_4] pop edi mov [ecx], edx mov eax, 1 pop esi pop ecx retn 8 ; =========================================================================== loc_20758D: ; CODE XREF: callSNC_SN07_0113+20 ; callSNC_SN07_0113+46 mov eax, edi pop edi pop esi pop ecx retn 8 callSNC_SN07_0113 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0113_3 proc near ; CODE XREF: callSNC_SN07_0113_choose+65 ; .text:00207B0A var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push edi lea eax, [esp+0Ch+var_4] push eax push 113h mov esi, ecx xor edi, edi mov [esp+14h+var_4], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short loc_2075F8 mov ecx, [esp+0Ch+arg_4] mov edx, [ecx] mov eax, [esp+0Ch+var_4] shl edx, 10h and eax, 0Fh or edx, eax or edx, 200h lea ecx, [esp+0Ch+arg_4] mov [esp+0Ch+arg_4], edx mov edx, [esp+0Ch+arg_0] push ecx push edx mov ecx, esi call method_SN07 test eax, eax mov eax, 1 jnz short loc_2075FA loc_2075F8: ; CODE XREF: callSNC_SN07_0113_3+20 mov eax, edi loc_2075FA: ; CODE XREF: callSNC_SN07_0113_3+56 pop edi pop esi pop ecx retn 8 callSNC_SN07_0113_3 endp ; *************** S U B R O U T I N E *************************************** call_0102 proc near ; CODE XREF: classJump10+19 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov eax, [esp+arg_4] mov edx, [eax] mov eax, [esp+arg_0] push esi xor esi, esi push 102h cmp edx, 2 mov edx, [ecx] push eax jnz short loc_20762D call dword ptr [edx+90h] test eax, eax jz short loc_20763C mov eax, 1 pop esi retn 8 ; =========================================================================== loc_20762D: ; CODE XREF: call_0102+18 call dword ptr [edx+94h] test eax, eax mov eax, 1 jnz short loc_20763E loc_20763C: ; CODE XREF: call_0102+22 mov eax, esi loc_20763E: ; CODE XREF: call_0102+3A pop esi retn 8 call_0102 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** callSNC_SN07_0113_choose proc near ; CODE XREF: classJump10+C var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push ebx push esi push edi mov edi, [esp+10h+arg_0] lea eax, [esp+10h+var_4] push eax xor ebx, ebx push edi mov esi, ecx mov [esp+18h+var_4], ebx call callSNC_SN07_0113_2 test eax, eax jz short loc_2076C3 test byte ptr [esp+10h+var_4], 1 jnz short loc_20767F pop edi pop esi xor eax, eax pop ebx pop ecx retn 8 ; =========================================================================== loc_20767F: ; CODE XREF: callSNC_SN07_0113_choose+24 lea ecx, [esp+10h+arg_0] push ecx push edi mov ecx, esi mov [esp+18h+arg_0], ebx call callSNC_SN07_0113 test eax, eax jz short loc_2076C3 mov edx, [esp+10h+arg_4] test byte ptr [edx], 2 mov eax, [esp+10h+arg_0] jz short loc_2076A6 and eax, 0FFFFFFFEh jmp short loc_2076A9 ; =========================================================================== loc_2076A6: ; CODE XREF: callSNC_SN07_0113_choose+4F or eax, 1 loc_2076A9: ; CODE XREF: callSNC_SN07_0113_choose+54 mov [esp+10h+arg_0], eax lea eax, [esp+10h+arg_0] push eax push edi mov ecx, esi call callSNC_SN07_0113_3 test eax, eax jz short loc_2076C3 mov ebx, 1 loc_2076C3: ; CODE XREF: callSNC_SN07_0113_choose+1D ; callSNC_SN07_0113_choose+42 ... pop edi pop esi mov eax, ebx pop ebx pop ecx retn 8 callSNC_SN07_0113_choose endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** callSNCmethodByModelType proc near ; DATA XREF: .rdata:functionJumpTable2 Arg0 = dword ptr 10h type = dword ptr 14h SNCsubFuncNum = byte ptr 18h ; FUNCTION CHUNK AT 00207879 SIZE 00000036 BYTES ; FUNCTION CHUNK AT 00207B18 SIZE 0000001D BYTES push ebx push ebp push esi mov esi, ecx mov ecx, [esp+type] push edi lea eax, [ecx-11h] xor edi, edi cmp eax, 74h ; 't' ; model type ja classJump29 movzx eax, ds:model_Class_LookupTable[eax] mov ebx, dword ptr [esp+4+SNCsubFuncNum] mov ebp, [esp+4+Arg0] jmp ds:classJumpTable[eax*4] ; =========================================================================== classJump16: ; DATA XREF: .text:classJumpTable mov ebp, dword ptr [esp+4+SNCsubFuncNum] mov ecx, [ebp+0] xor eax, eax dec ecx cmp ecx, 4 ; switch 5 cases ja short callFuncOffset090 ; default jmp ds:class16SwitchTable[ecx*4] ; switch jump class16Case0: ; DATA XREF: .text:class16SwitchTable mov eax, 100h ; case 0x0 jmp short callFuncOffset090 ; default ; =========================================================================== class16Case1: ; CODE XREF: callSNCmethodByModelType+3D ; DATA XREF: .text:00207C2C mov eax, 107h ; case 0x1 jmp short callFuncOffset090 ; default ; =========================================================================== class16Case2: ; CODE XREF: callSNCmethodByModelType+3D ; DATA XREF: .text:00207C30 mov eax, 102h ; case 0x2 jmp short callFuncOffset090 ; default ; =========================================================================== class16Case3: ; CODE XREF: callSNCmethodByModelType+3D ; DATA XREF: .text:00207C34 mov eax, 101h ; case 0x3 jmp short callFuncOffset090 ; default ; =========================================================================== class16Case4: ; CODE XREF: callSNCmethodByModelType+3D ; DATA XREF: .text:00207C38 mov eax, 113h ; case 0x4 callFuncOffset090: ; CODE XREF: callSNCmethodByModelType+3B ; callSNCmethodByModelType+49 ... mov ebx, [esp+4+Arg0] ; default mov edx, [esi] push eax push ebx mov ecx, esi call dword ptr [edx+90h] mov edi, eax test edi, edi jnz exit_0 cmp dword ptr [ebp+0], 2 jnz exit_0 mov eax, [esi] push 10Fh push ebx mov ecx, esi call dword ptr [eax+90h] mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump17: ; DATA XREF: .text:classJumpTable mov ebp, dword ptr [esp+4+SNCsubFuncNum] mov ecx, [ebp+0] xor eax, eax dec ecx cmp ecx, 4 ; switch 5 cases ja short callFuncOffset094 ; default jmp ds:class17SwitchTable[ecx*4] ; switch jump class17Case0: ; DATA XREF: .text:class17SwitchTable mov eax, 100h ; case 0x0 jmp short callFuncOffset094 ; default ; =========================================================================== class17Case1: ; CODE XREF: callSNCmethodByModelType+B1 ; DATA XREF: .text:class17SwitchTable mov eax, 107h ; case 0x1 jmp short callFuncOffset094 ; default ; =========================================================================== class17Case2: ; CODE XREF: callSNCmethodByModelType+B1 ; DATA XREF: .text:class17SwitchTable mov eax, 102h ; case 0x2 jmp short callFuncOffset094 ; default ; =========================================================================== class17Case3: ; CODE XREF: callSNCmethodByModelType+B1 ; DATA XREF: .text:class17SwitchTable mov eax, 101h ; case 0x3 jmp short callFuncOffset094 ; default ; =========================================================================== class17Case4: ; CODE XREF: callSNCmethodByModelType+B1 ; DATA XREF: .text:class17SwitchTable mov eax, 113h ; case 0x4 callFuncOffset094: ; CODE XREF: callSNCmethodByModelType+AF ; callSNCmethodByModelType+BD ... mov ebx, [esp+4+Arg0] ; default mov edx, [esi] push eax push ebx mov ecx, esi call dword ptr [edx+94h] mov edi, eax test edi, edi jnz exit_0 cmp dword ptr [ebp+0], 2 jnz exit_0 mov eax, [esi] push 10Fh push ebx mov ecx, esi call dword ptr [eax+94h] mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump09: ; DATA XREF: .text:classJumpTable mov ebx, dword ptr [esp+4+SNCsubFuncNum] mov ebp, [esp+4+Arg0] push ebx push ebp mov ecx, esi mov dword ptr [ebx], 0 call callSNC_SN07_0113 test eax, eax jz short sub_20781A mov ecx, [ebx] shl ecx, 1 not ecx and ecx, 2 mov [ebx], ecx callSNCmethodByModelType endp ; START OF FUNCTION CHUNK FOR classJump04 exitTrue: ; CODE XREF: classJump10+13 ; classJump04+B ... mov edi, 1 mov eax, edi pop edi pop esi pop ebp pop ebx retn 0Ch ; END OF FUNCTION CHUNK FOR classJump04 ; *************** S U B R O U T I N E *************************************** sub_20781A proc near ; CODE XREF: callSNCmethodByModelType+12F push ebx push 102h mov dword ptr [ebx], 0 mov edx, [esi] push ebp mov ecx, esi call dword ptr [edx+98h] test eax, eax jz exit_0 mov eax, [ebx] neg eax sbb eax, eax and eax, 2 mov edi, 1 mov [ebx], eax mov eax, edi pop edi pop esi pop ebp pop ebx retn 0Ch sub_20781A endp ; sp = 4 ; *************** S U B R O U T I N E *************************************** classJump10 proc near ; DATA XREF: .text:classJumpTable arg_10 = dword ptr 14h arg_18 = dword ptr 1Ch mov edi, [esp+arg_18] mov ebx, [esp+arg_10] push edi push ebx mov ecx, esi call callSNC_SN07_0113_choose test eax, eax jnz short exitTrue push edi push ebx mov ecx, esi call call_0102 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch classJump10 endp ; sp = 10h ; =========================================================================== ; START OF FUNCTION CHUNK FOR callSNCmethodByModelType classJump00: ; CODE XREF: callSNCmethodByModelType+27 ; DATA XREF: .text:classJumpTable mov ecx, dword ptr [esp+4+SNCsubFuncNum] mov eax, [ecx] mov edx, [esi] test eax, eax mov eax, [esp+4+Arg0] push 101h mov ecx, esi push eax jz short loc_2078A0 call dword ptr [edx+90h] mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== loc_2078A0: ; CODE XREF: callSNCmethodByModelType+1BF call dword ptr [edx+94h] mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; END OF FUNCTION CHUNK FOR callSNCmethodByModelType ; *************** S U B R O U T I N E *************************************** classJump01 proc near ; DATA XREF: .text:classJumpTable arg_10 = dword ptr 14h arg_18 = dword ptr 1Ch mov eax, [esp+arg_18] mov ecx, [esp+arg_10] mov edx, [esi] push eax push 101h push ecx mov ecx, esi call dword ptr [edx+98h] mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch classJump01 endp ; sp = 4 ; =========================================================================== classJump11: ; DATA XREF: .text:classJumpTable mov edx, [esp+1Ch] mov eax, [esp+14h] push edx push eax mov ecx, esi call callSNC_SN07_0104 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump12: ; DATA XREF: .text:classJumpTable mov ecx, [esp+1Ch] mov edx, [esp+14h] push ecx push edx mov ecx, esi call callSNC_SN07_0104_2 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump14: ; DATA XREF: .text:classJumpTable mov eax, [esp+1Ch] mov ecx, [esp+14h] push eax push ecx mov ecx, esi call callSNC_SN07_0105 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump15: ; DATA XREF: .text:classJumpTable mov edx, [esp+1Ch] mov eax, [esp+14h] push edx push eax mov ecx, esi call callSNC_SN07_0105_2 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump13: ; DATA XREF: .text:classJumpTable mov ecx, [esp+1Ch] mov edx, [esp+14h] push ecx push edx mov ecx, esi call callSNC_SN07_0106 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump18: ; DATA XREF: .text:classJumpTable mov eax, [esp+1Ch] mov ecx, [esp+14h] push eax push ecx mov ecx, esi call callSNC_SN07_010B mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump19: ; DATA XREF: .text:classJumpTable mov edx, [esp+1Ch] mov eax, [esp+14h] push edx push eax mov ecx, esi call sub_206910 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump20: ; DATA XREF: .text:classJumpTable mov ecx, [esp+1Ch] mov edx, [esp+14h] push ecx push edx mov ecx, esi call callSNC_SN07_010B_2 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump21: ; DATA XREF: .text:classJumpTable mov eax, [esp+1Ch] mov ecx, [esp+14h] push eax push ecx mov ecx, esi call callSNC_SN07_0109 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump22: ; DATA XREF: .text:classJumpTable mov edx, [esp+1Ch] mov eax, [esp+14h] push edx push eax mov ecx, esi call callSNC_SN07_010C mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump23: ; DATA XREF: .text:classJumpTable mov ecx, [esp+1Ch] mov edx, [esp+14h] push ecx push edx mov ecx, esi call callSNC_SN07_010C_2 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump24: ; DATA XREF: .text:classJumpTable mov eax, [esp+1Ch] mov ecx, [esp+14h] push eax push ecx mov ecx, esi call callSNC_SN07_010D mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump25: ; DATA XREF: .text:classJumpTable mov edx, [esp+1Ch] mov eax, [esp+14h] push edx push eax mov ecx, esi call callSNC_SN07_010D_2 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump02: ; DATA XREF: .text:classJumpTable mov eax, [esp+1Ch] mov ecx, [esp+14h] mov edx, [esi] push eax push ecx mov ecx, esi call dword ptr [edx+88h] mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump03: ; DATA XREF: .text:classJumpTable mov eax, [esp+1Ch] mov ecx, [esp+14h] mov edx, [esi] push eax push ecx mov ecx, esi call dword ptr [edx+84h] mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; *************** S U B R O U T I N E *************************************** classJump04 proc near ; DATA XREF: .text:classJumpTable arg_24 = dword ptr 30h ; FUNCTION CHUNK AT 0020780C SIZE 0000000E BYTES push ebx push ebp mov ecx, esi call sub_207460 test eax, eax jnz exitTrue classJump05: ; DATA XREF: .text:classJumpTable push ebx push ebp mov ecx, esi call sub_2073F0 test eax, eax jnz exitTrue mov ecx, [esp-18h+arg_24] classJump06: ; DATA XREF: .text:classJumpTable push ebx push ecx push ebp mov ecx, esi call sub_206CD0 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch classJump04 endp ; sp = 20h ; *************** S U B R O U T I N E *************************************** classJump07 proc near ; DATA XREF: .text:classJumpTable arg_10 = dword ptr 14h arg_18 = dword ptr 1Ch mov edx, [esp+arg_18] mov eax, [esp+arg_10] push edx push eax mov ecx, esi call callSNC_SN07_0111 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch classJump07 endp ; sp = 10h ; =========================================================================== classJump08: ; DATA XREF: .text:classJumpTable mov ecx, [esp+1Ch] mov edx, [esp+14h] push ecx push edx mov ecx, esi call callSNC_SN07_0111_2 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump26: ; DATA XREF: .text:classJumpTable mov eax, [esp+1Ch] mov ecx, [esp+14h] push eax push ecx mov ecx, esi call callSNC_SN07_0113_2 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump27: ; DATA XREF: .text:classJumpTable mov edx, [esp+1Ch] mov eax, [esp+14h] push edx push eax mov ecx, esi call callSNC_SN07_0113 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== classJump28: ; DATA XREF: .text:classJumpTable mov ecx, [esp+1Ch] mov edx, [esp+14h] push ecx push edx mov ecx, esi call callSNC_SN07_0113_3 mov edi, eax pop edi pop esi pop ebp pop ebx retn 0Ch ; =========================================================================== ; START OF FUNCTION CHUNK FOR callSNCmethodByModelType classJump29: ; CODE XREF: callSNCmethodByModelType+12 ; DATA XREF: .text:classJumpTable mov eax, dword ptr [esp+4+SNCsubFuncNum] push eax push ecx mov ecx, [esp+0Ch+Arg0] push ecx mov ecx, esi call callSNCmethod mov edi, eax exit_0: ; CODE XREF: callSNCmethodByModelType+79 ; callSNCmethodByModelType+83 ... mov eax, edi pop edi pop esi pop ebp pop ebx retn 0Ch ; END OF FUNCTION CHUNK FOR callSNCmethodByModelType ; =========================================================================== db 8Dh, 49h, 0 classJumpTable dd offset classJump00, offset classJump01, offset classJump02 ; DATA XREF: callSNCmethodByModelType+27 dd offset classJump03, offset classJump04, offset classJump05 dd offset classJump06, offset classJump07, offset classJump08 dd offset classJump09, offset classJump10, offset classJump11 dd offset classJump12, offset classJump13, offset classJump14 dd offset classJump15, offset classJump16, offset classJump17 dd offset classJump18, offset classJump19, offset classJump20 dd offset classJump21, offset classJump22, offset classJump23 dd offset classJump24, offset classJump25, offset classJump26 dd offset classJump27, offset classJump28, offset classJump29 model_Class_LookupTable db 0, 1, 1Dh, 2, 3, 11h dup(1Dh), 4, 5, 1Dh, 2 dup(6) ; DATA XREF: callSNCmethodByModelType+18 db 3 dup(1Dh), 6, 2 dup(1Dh), 2 dup(6), 1Dh, 7, 8, 8 dup(1Dh) ; 117 (0x75) entries db 9, 0Ah, 7 dup(1Dh), 0Bh, 0Ch, 0Ah dup(1Dh), 2 dup(6) db 0Eh dup(1Dh), 0Dh, 3 dup(1Dh), 0Eh, 0Fh, 7 dup(1Dh) db 10h, 11h, 6 dup(1Dh), 12h, 13h, 14h, 15h, 16h, 17h db 2 dup(1Dh), 18h, 19h, 1Ah, 1Bh, 1Ch db 8Dh, 49h, 0 class16SwitchTable dd offset class16Case0 ; DATA XREF: callSNCmethodByModelType+3D ; jump table for switch statement dd offset class16Case1 ; case 0x1 dd offset class16Case2 ; case 0x2 dd offset class16Case3 ; case 0x3 dd offset class16Case4 ; case 0x4 class17SwitchTable dd offset class17Case0, offset class17Case1, offset class17Case2 ; DATA XREF: callSNCmethodByModelType+B1 dd offset class17Case3, offset class17Case4 ; jump table for switch statement ; *************** S U B R O U T I N E *************************************** methodCondSN02_07 proc near ; DATA XREF: .rdata:functionJumpTable2 resultIndex = dword ptr -4 SNxx_Arg0 = dword ptr 4 actionID = byte ptr 8 push ecx push ebp mov ebp, dword ptr [esp+8+actionID] push esi push edi lea eax, [esp+10h+resultIndex] push eax ; result index push ebp ; search value mov esi, ecx xor edi, edi mov [esp+18h+resultIndex], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short not_supported mov edi, [esp+10h+resultIndex] push ebx mov ebx, [esp+14h+SNxx_Arg0] mov ecx, edi mov edx, 1 shl edx, cl ; shift bit left based on resultIndex lea eax, [esp+14h+actionID] push eax push ebx ; ACPI SN02 Arg0 mov ecx, esi ; address of indirect lookup table ; containing addresses of methods ; to call to execute SNC ACPI methods mov dword ptr [esp+1Ch+actionID], edx ; Arg0 call method_SN02 test eax, eax jz short true push ebp mov ecx, esi call isHotkeyActionID test eax, eax jz short false lea ecx, [esp+14h+SNxx_Arg0] push ecx and edi, 0Fh ; SNC.SNFF() push ebx ; contextData (SN07 Arg1 ?) mov ecx, esi mov [esp+1Ch+SNxx_Arg0], edi call method_SN07 test eax, eax jz short true false: ; CODE XREF: methodCondSN02_07+54 pop ebx pop edi pop esi mov eax, 1 pop ebp pop ecx retn 8 ; =========================================================================== not_supported: ; CODE XREF: methodCondSN02_07+21 mov eax, edi pop edi pop esi pop ebp pop ecx retn 8 ; =========================================================================== true: ; CODE XREF: methodCondSN02_07+48 ; methodCondSN02_07+6C pop ebx pop edi pop esi xor eax, eax pop ebp pop ecx retn 8 methodCondSN02_07 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_207CE0 proc near ; DATA XREF: .rdata:functionJumpTable2 resultOffset = dword ptr -4 deviceStruct = dword ptr 4 actionID = byte ptr 8 push ecx push ebp mov ebp, dword ptr [esp+8+actionID] push esi push edi lea eax, [esp+10h+resultOffset] push eax ; resultIndex push ebp ; actionID mov edi, ecx xor esi, esi mov [esp+18h+resultOffset], 0FFh call find_DWORD_in_CXbuffer test eax, eax jz short exitNotFound mov esi, [esp+10h+resultOffset] push ebx mov ebx, [esp+14h+deviceStruct] mov ecx, esi ; get index mov edx, 1 shl edx, cl ; subFunction Num lea eax, [esp+14h+actionID] push eax push ebx mov ecx, edi mov dword ptr [esp+1Ch+actionID], edx call method_SN03 test eax, eax jz short exitResult push ebp ; actionID mov ecx, edi call isHotkeyActionID test eax, eax jz short exitFailed lea ecx, [esp+14h+deviceStruct] push ecx and esi, 0Fh ; search resultOffset or esi, 100h push ebx mov ecx, edi mov [esp+1Ch+deviceStruct], esi ; eventID call method_SN07 test eax, eax jz short exitResult exitFailed: ; CODE XREF: sub_207CE0+54 pop ebx pop edi pop esi mov eax, 1 pop ebp pop ecx retn 8 ; =========================================================================== exitNotFound: ; CODE XREF: sub_207CE0+21 pop edi mov eax, esi pop esi pop ebp pop ecx retn 8 ; =========================================================================== exitResult: ; CODE XREF: sub_207CE0+48 ; sub_207CE0+72 pop ebx pop edi pop esi xor eax, eax pop ebp pop ecx retn 8 sub_207CE0 endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** getFunctionJumpTable1 proc near ; CODE XREF: deleteArrayOfPointers+3 ; sub_209D10+3 mov dword ptr [ecx], offset functionJumpTable1 jmp sub_202CC0 getFunctionJumpTable1 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** ; DWORD __stdcall createMainWndClass(LPVOID) createMainWndClass proc near ; DATA XREF: SuOpen+4E msgBuffer = dword ptr -44h var_3C = dword ptr -3Ch hInstance = dword ptr -28h var_24 = dword ptr -24h var_20 = dword ptr -20h var_1C = dword ptr -1Ch var_18 = dword ptr -18h var_14 = dword ptr -14h var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 sub esp, 44h mov eax, hInstDll push ebp xor ebp, ebp lea ecx, [esp+48h+hInstance] push ecx ; lpWndClass mov [esp+4Ch+hInstance], ebp mov [esp+4Ch+var_24], offset MainWndClassMessageWindow mov [esp+4Ch+var_20], ebp mov [esp+4Ch+var_1C], ebp mov [esp+4Ch+var_18], eax mov [esp+4Ch+var_14], ebp mov [esp+4Ch+var_10], ebp mov [esp+4Ch+var_C], ebp mov [esp+4Ch+var_8], ebp mov [esp+4Ch+var_4], offset ClassName ; "MainWndClass" call ds:RegisterClassA test ax, ax jz short exitFailed push ebp ; lpParam push ebp ; hInstance push ebp ; hMenu push 0FFFFFFFDh ; hWndParent push ebp ; nHeight push ebp ; nWidth push ebp ; Y push ebp ; X push ebp ; dwStyle push offset WindowName ; "MainServer" push offset ClassName ; "MainWndClass" push ebp ; dwExStyle call ds:CreateWindowExA test eax, eax jnz short getMessage exitFailed: ; CODE XREF: createMainWndClass+49 xor eax, eax pop ebp add esp, 44h retn 4 ; =========================================================================== getMessage: ; CODE XREF: createMainWndClass+68 push esi mov esi, ds:GetMessageA push ebp ; wMsgFilterMax push ebp ; wMsgFilterMin push ebp ; hWnd lea edx, [esp+58h+msgBuffer] push edx ; lpMsg call esi ; GetMessageA cmp eax, ebp jz short unregisterClass push ebx mov ebx, ds:DispatchMessageA push edi mov edi, ds:TranslateMessage MessageLoop: ; CODE XREF: createMainWndClass+B5 cmp eax, 0FFFFFFFFh jz short cleanUp lea eax, [esp+54h+msgBuffer] push eax ; lpMsg call edi ; TranslateMessage lea ecx, [esp+54h+msgBuffer] push ecx ; lpMsg call ebx ; DispatchMessageA push ebp ; wMsgFilterMax push ebp ; wMsgFilterMin push ebp ; hWnd lea edx, [esp+60h+msgBuffer] push edx ; lpMsg call esi ; GetMessageA cmp eax, ebp jnz short MessageLoop cleanUp: ; CODE XREF: createMainWndClass+99 pop edi pop ebx unregisterClass: ; CODE XREF: createMainWndClass+86 mov eax, [esp+4Ch+var_18] push eax ; hInstance push offset ClassName ; "MainWndClass" call ds:UnregisterClassA mov eax, [esp+4Ch+var_3C] pop esi pop ebp add esp, 44h retn 4 createMainWndClass endp ; =========================================================================== db 0Bh dup(90h) ; Exported entry 2. SuCallDriverDWORD ; *************** S U B R O U T I N E *************************************** SuCallDriverDWORD proc near var_14 = dword ptr -14h var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch sub esp, 8 push esi mov esi, [esp+0Ch+arg_0] push esi call setBuffer2C_to4 add esp, 4 test eax, eax jnz short loc_207E8A pop esi add esp, 8 retn ; =========================================================================== loc_207E8A: ; CODE XREF: SuCallDriverDWORD+13 push ebx mov ebx, [esp+10h+arg_8] test ebx, ebx push edi mov [esp+14h+var_4], 0 jnz short loc_207EA0 lea ebx, [esp+14h+var_4] loc_207EA0: ; CODE XREF: SuCallDriverDWORD+2A mov edi, [esp+14h+arg_4] mov ecx, activeProfile_FunctionsClassFlags lea edx, [esp+14h+var_8] push edx push edi mov [esp+1Ch+var_8], 0 mov eax, [ecx] push esi call dword ptr [eax+18h] test eax, eax jz short loc_207F02 mov eax, [esp+20h+var_14] test eax, eax jbe short loc_207EFB cmp eax, 4 jbe short loc_207EE6 cmp eax, 8 jnz short loc_207EFB push ebx push edi push esi call sub_2098F0 add esp, 0Ch pop edi pop ebx pop esi add esp, 8 retn ; =========================================================================== loc_207EE6: ; CODE XREF: SuCallDriverDWORD+5D mov ecx, activeProfile_FunctionsClassFlags mov eax, [ecx] push ebx push edi push esi call dword ptr [eax+8] pop edi pop ebx pop esi add esp, 8 retn ; =========================================================================== loc_207EFB: ; CODE XREF: SuCallDriverDWORD+58 ; SuCallDriverDWORD+62 mov dword ptr [esi+2Ch], 2 loc_207F02: ; CODE XREF: SuCallDriverDWORD+50 pop edi pop ebx xor eax, eax pop esi add esp, 8 retn SuCallDriverDWORD endp ; sp = -0Ch ; =========================================================================== db 5 dup(90h) ; Exported entry 4. SuGetLastErrorCode ; *************** S U B R O U T I N E *************************************** SuGetLastErrorCode proc near arg_0 = dword ptr 4 mov eax, [esp+arg_0] test eax, eax jnz short loc_207F1E mov eax, 1 retn ; =========================================================================== loc_207F1E: ; CODE XREF: SuGetLastErrorCode+6 mov eax, [eax+2Ch] retn SuGetLastErrorCode endp ; =========================================================================== db 0Eh dup(90h) ; Exported entry 1. SendDebugCommand ; *************** S U B R O U T I N E *************************************** SendDebugCommand proc near arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push esi mov esi, [esp+arg_0] push esi call setBuffer2C_to4 add esp, 4 test eax, eax jnz short loc_207F44 pop esi retn ; =========================================================================== loc_207F44: ; CODE XREF: SendDebugCommand+10 mov edx, [esp+arg_8] mov ecx, activeProfile_FunctionsClassFlags mov eax, [ecx] push edx mov edx, [esp+4+arg_4] push edx push esi call dword ptr [eax+48h] pop esi retn SendDebugCommand endp ; =========================================================================== db 4 dup(90h) ; Exported entry 10. SuSetPowerState ; *************** S U B R O U T I N E *************************************** SuSetPowerState proc near var_54 = dword ptr -54h var_50 = dword ptr -50h var_4C = dword ptr -4Ch arg_0 = dword ptr 4 arg_4 = dword ptr 8 ; FUNCTION CHUNK AT 00204B40 SIZE 00000298 BYTES mov [esp+arg_0], 0 jmp loc_204B40 SuSetPowerState endp ; =========================================================================== db 3 dup(90h) ; Exported entry 9. SuSetDefaultPowerState ; *************** S U B R O U T I N E *************************************** SuSetDefaultPowerState proc near var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 ; FUNCTION CHUNK AT 00204DE0 SIZE 000000CF BYTES mov [esp+arg_0], 0 jmp loc_204DE0 SuSetDefaultPowerState endp ; =========================================================================== db 3 dup(90h) ; Exported entry 5. SuGetMachineID ; *************** S U B R O U T I N E *************************************** SuGetMachineID proc near machineID = byte ptr 0Ch push esi mov esi, dword ptr [esp+machineID] test esi, esi jz short loc_207F97 call getMachineID mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== loc_207F97: ; CODE XREF: SuGetMachineID+7 xor eax, eax pop esi retn SuGetMachineID endp ; =========================================================================== db 5 dup(90h) ; Exported entry 6. SuGetMachineInfo ; *************** S U B R O U T I N E *************************************** SuGetMachineInfo proc near functionalityIndex= dword ptr 0Ch infoPointer = byte ptr 10h push esi mov esi, dword ptr [esp+infoPointer] test esi, esi jnz short validBuffer xor eax, eax pop esi retn ; =========================================================================== validBuffer: ; CODE XREF: SuGetMachineInfo+7 mov eax, [esp+functionalityIndex] dec eax cmp eax, 25h ; '%' mov dword ptr [esi], 0 ja functionalityDefault jmp ds:functionalitySwitchCaseTable[eax*4] ; =========================================================================== functionality_x06C: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F1A4 xor eax, eax test ecx, ecx setnz al mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x03C: ; CODE XREF: SuGetMachineInfo+21 ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F174 xor ecx, ecx test eax, eax setnz cl mov eax, 1 mov [esi], ecx pop esi retn ; =========================================================================== functionality_x040: ; DATA XREF: .text:functionalitySwitchCaseTable mov edx, dword_20F178 ; video device vendor mov [esi], edx mov eax, 1 pop esi retn ; =========================================================================== functionality_x044: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F17C xor eax, eax test ecx, ecx setnz al mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x048: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F180 xor ecx, ecx test eax, eax setnz cl mov eax, 1 mov [esi], ecx pop esi retn ; =========================================================================== functionality_x04C: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F184 xor edx, edx test eax, eax setnz dl mov eax, 1 mov [esi], edx pop esi retn ; =========================================================================== functionality_x050: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F188 mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x054: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F18C xor ecx, ecx test eax, eax setnz cl mov eax, 1 mov [esi], ecx pop esi retn ; =========================================================================== functionality_x058: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F190 xor edx, edx test eax, eax setnz dl mov eax, 1 mov [esi], edx pop esi retn ; =========================================================================== functionality_x05C: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F194 mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x060: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F198 mov [esi], ecx mov eax, 1 pop esi retn ; =========================================================================== functionality_x068: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F1A0 ; EDID timing test eax, eax jnz short exit call getFunctionality_x068 mov dword_20F1A0, eax exit: ; CODE XREF: SuGetMachineInfo+FE mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x000: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, SNCfunctionality xor edx, edx test eax, eax setnz dl mov eax, 1 mov [esi], edx pop esi retn ; =========================================================================== functionality_x004: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F13C xor eax, eax test ecx, ecx setnz al mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x008: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F140 xor ecx, ecx test eax, eax setnz cl mov eax, 1 mov [esi], ecx pop esi retn ; =========================================================================== functionality_x00C: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F144 xor edx, edx test eax, eax setnz dl mov eax, 1 mov [esi], edx pop esi retn ; =========================================================================== functionality_x010: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F148 xor eax, eax test ecx, ecx setnz al mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x014: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F14C xor ecx, ecx test eax, eax setnz cl mov eax, 1 mov [esi], ecx pop esi retn ; =========================================================================== functionality_x018: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F150 xor edx, edx test eax, eax setnz dl mov eax, 1 mov [esi], edx pop esi retn ; =========================================================================== functionality_x01C: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F154 xor eax, eax test ecx, ecx setnz al mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x020: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F158 xor ecx, ecx test eax, eax setnz cl mov eax, 1 mov [esi], ecx pop esi retn ; =========================================================================== functionality_x024: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F15C xor edx, edx test eax, eax setnz dl mov eax, 1 mov [esi], edx pop esi retn ; =========================================================================== functionality_x028: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F160 xor eax, eax test ecx, ecx setnz al mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x02C: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F164 xor ecx, ecx test eax, eax setnz cl mov eax, 1 mov [esi], ecx pop esi retn ; =========================================================================== functionality_x030: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F168 xor edx, edx test eax, eax setnz dl mov eax, 1 mov [esi], edx pop esi retn ; =========================================================================== functionality_x034: ; DATA XREF: .text:functionalitySwitchCaseTable mov ecx, dword_20F16C xor eax, eax test ecx, ecx setnz al mov [esi], eax mov eax, 1 pop esi retn ; =========================================================================== functionality_x038: ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, dword_20F170 xor ecx, ecx test eax, eax setnz cl mov [esi], ecx functionalityDefault: ; CODE XREF: SuGetMachineInfo+1B ; DATA XREF: .text:functionalitySwitchCaseTable mov eax, 1 pop esi retn SuGetMachineInfo endp ; sp = 64h ; =========================================================================== align 4 functionalitySwitchCaseTable dd offset functionality_x03C, offset functionality_x000 ; DATA XREF: SuGetMachineInfo+21 dd offset functionality_x010, offset functionality_x030 dd offset functionality_x034, offset functionality_x014 dd offset functionality_x038, offset functionality_x01C dd offset functionality_x004, 6 dup(offset functionalityDefault) dd offset functionality_x040, 3 dup(offset functionalityDefault) dd offset functionality_x044, offset functionality_x048 dd offset functionalityDefault, offset functionality_x04C dd offset functionalityDefault, offset functionality_x050 dd offset functionality_x054, offset functionality_x058 dd offset functionality_x068, offset functionality_x05C dd offset functionality_x060, offset functionality_x06C dd offset functionality_x008, offset functionality_x00C dd offset functionality_x018, offset functionality_x020 dd offset functionality_x024, offset functionality_x028 dd offset functionality_x02C db 4 dup(90h) ; Exported entry 8. SuSXBIOS_Call ; *************** S U B R O U T I N E *************************************** SuSXBIOS_Call proc near buffer = byte ptr 8 ; FUNCTION CHUNK AT 00202840 SIZE 00000049 BYTES jmp loc_202840 SuSXBIOS_Call endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame isWin5_64bit proc near ; CODE XREF: SnyUtils_Init+10D VersionInformation= dword ptr -98h var_94 = dword ptr -94h var_88 = dword ptr -88h push ebp mov ebp, esp and esp, 0FFFFFFF8h sub esp, 98h push esi push edi xor eax, eax mov ecx, 25h ; '%' ; zero 37 dwords lea edi, [esp+0A0h+VersionInformation] rep stosd lea eax, [esp+0A0h+VersionInformation] push eax ; lpVersionInformation xor esi, esi mov [esp+0A4h+VersionInformation], 94h ; '' call ds:GetVersionExA ; Get extended information about the ; version of the operating system cmp [esp+0A0h+var_88], 2 jnz short exitFalse cmp [esp+0A0h+var_94], 5 mov eax, 1 ja short exit exitFalse: ; CODE XREF: isWin5_64bit+35 mov eax, esi exit: ; CODE XREF: isWin5_64bit+41 pop edi pop esi mov esp, ebp pop ebp retn isWin5_64bit endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** unload proc near ; CODE XREF: SnyUtils_Init:exit ; DllMain(x,x,x):unload call nullsub_1 call unloadDMIlibraryConditional call freeInOutBuffers call unlockCriticalSection mov ecx, activeProfile_FunctionsClassFlags test ecx, ecx jz short delete mov eax, [ecx] push 1 call dword ptr [eax] mov activeProfile_FunctionsClassFlags, 0 delete: ; CODE XREF: unload+1C push offset criticalSection ; lpCriticalSection call ds:DeleteCriticalSection retn unload endp ; =========================================================================== db 6 dup(90h) ; *************** S U B R O U T I N E *************************************** ; DWORD __stdcall StartAddress(LPVOID) StartAddress proc near ; DATA XREF: createEventThread+BF var_24 = dword ptr -24h var_1C = dword ptr -1Ch var_C = dword ptr -0Ch Handles = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 sub esp, 0Ch push ebx push ebp push esi mov esi, [esp+18h+arg_0] push edi push esi call createRegisterWindowMsg mov ecx, [esi+14h] mov edi, ds:WaitForMultipleObjects add esp, 4 push 0FFFFFFFFh ; dwMilliseconds push 0 ; bWaitAll lea edx, [esp+24h+Handles] mov ebx, eax mov eax, [esi+10h] push edx ; lpHandles push 2 ; nCount mov [esp+2Ch+Handles], eax mov [esp+2Ch+var_4], ecx call edi ; WaitForMultipleObjects cmp eax, 0FFFFFFFFh jz short loc_2083C9 mov ebp, ds:PostMessageA loc_208372: ; CODE XREF: StartAddress+97 cmp eax, 1 jz short loc_2083C9 mov ecx, activeProfile_FunctionsClassFlags mov eax, [ecx] lea edx, [esp+1Ch+arg_0] push edx lea edx, [esp+20h+var_C] push edx push ebx push esi call dword ptr [eax+40h] test eax, eax jnz short loc_2083A1 mov ecx, [esi+0Ch] push 1 ; lParam push eax ; wParam mov eax, [esi+24h] push eax ; Msg push ecx ; hWnd call ebp ; PostMessageA jmp short loc_2083B7 ; =========================================================================== loc_2083A1: ; CODE XREF: StartAddress+60 mov eax, [esp+1Ch+arg_0] mov ecx, activeProfile_FunctionsClassFlags mov edx, [ecx] push eax mov eax, [esp+20h+var_C] push eax push esi call dword ptr [edx+4] loc_2083B7: ; CODE XREF: StartAddress+6F push 0FFFFFFFFh ; dwMilliseconds push 0 ; bWaitAll lea ecx, [esp+24h+Handles] push ecx ; lpHandles push 2 ; nCount call edi ; WaitForMultipleObjects cmp eax, 0FFFFFFFFh jnz short loc_208372 loc_2083C9: ; CODE XREF: StartAddress+3A ; StartAddress+45 pop edi pop esi pop ebp xor eax, eax pop ebx add esp, 0Ch retn 4 StartAddress endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** createEventThread proc near ; CODE XREF: sub_2038E0+1E SuOpen+A9 ThreadId = dword ptr -110h Name = dword ptr -10Ch buffer = byte ptr 4 sub esp, 108h push esi mov esi, dword ptr [esp+10Ch+buffer] push esi call setBuffer2C_to4 add esp, 4 test eax, eax jz exitFalse mov eax, [esi+10h] test eax, eax jz short openDevice mov eax, [esi+28h] test eax, eax jz short openDevice mov eax, [esi+14h] test eax, eax jnz exitTrue openDevice: ; CODE XREF: createEventThread+24 ; createEventThread+2B mov ecx, activeProfile_FunctionsClassFlags mov eax, [ecx] ; jumpTable00 push esi call dword ptr [eax+34h] ; deviceOpenByGUID test eax, eax jz exitFalse mov eax, [esi+0Ch] test eax, eax jz exitTrue test byte ptr [esi+1Ch], 6 jz exitTrue mov eax, [esi+28h] test eax, eax jnz exitTrue mov eax, dword_20F18C test eax, eax jz short exitTrue mov ecx, activeProfile_FunctionsClassFlags mov edx, [ecx] push esi call dword ptr [edx+3Ch] ; createSonyAsyncEvent test eax, eax jz short exitFalse mov eax, [esi+14h] test eax, eax jnz short createThread mov eax, [esi+0Ch] push eax lea ecx, [esp+118h+Name] push offset aSonyquiteventX ; "SonyQuitEvent%X" push ecx ; LPSTR call ds:wsprintfA add esp, 0Ch lea edx, [esp+114h+Name] push edx ; lpName push 0 ; bInitialState push 0 ; bManualReset push 0 ; lpEventAttributes call ds:CreateEventA mov [esi+14h], eax createThread: ; CODE XREF: createEventThread+8A lea eax, [esp+114h+ThreadId] push eax ; lpThreadId push 0 ; dwCreationFlags push esi ; lpParameter push offset StartAddress ; lpStartAddress push 0 ; dwStackSize push 0 ; lpThreadAttributes call ds:CreateThread test eax, eax mov [esi+28h], eax jz short exitFalse mov ecx, activeProfile_FunctionsClassFlags mov edx, [ecx] push esi call dword ptr [edx+44h] ; deviceIOctrl222028 test eax, eax jnz short exitTrue exitFalse: ; CODE XREF: createEventThread+19 ; createEventThread+46 ... xor eax, eax pop esi add esp, 108h retn ; =========================================================================== exitTrue: ; CODE XREF: createEventThread+32 ; createEventThread+51 ... mov eax, 1 pop esi add esp, 108h retn createEventThread endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** terminateThread proc near ; CODE XREF: sub_2038A0+20 ; sub_2038E0+2C ... buffer = byte ptr 8 arg_4 = dword ptr 0Ch push esi mov esi, dword ptr [esp+buffer] push esi call setBuffer2C_to4 add esp, 4 test eax, eax jnz short doDeviceCall pop esi retn ; =========================================================================== doDeviceCall: ; CODE XREF: terminateThread+10 mov edx, [esp+arg_4] mov ecx, activeProfile_FunctionsClassFlags mov eax, [ecx] push edx push esi call dword ptr [eax+38h] ; terminateThreadCloseHandles pop esi retn terminateThread endp ; =========================================================================== db 9 dup(90h) ; Exported entry 7. SuOpen ; *************** S U B R O U T I N E *************************************** SuOpen proc near ThreadId = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 push ecx push esi push 30h ; '0' ; 48 call ??2@YAPAXI@Z ; operator new(uint) mov esi, eax add esp, 4 xor eax, eax test esi, esi jz exit push edi mov ecx, 0Ch mov edi, esi rep stosd push offset criticalSection ; lpCriticalSection mov dword ptr [esi], 30h ; '0' call ds:EnterCriticalSection mov eax, hHandle test eax, eax jnz short registerWindowMessage mov eax, dword_20F174 test eax, eax jz short registerWindowMessage lea eax, [esp+0Ch+ThreadId] push eax ; lpThreadId push 0 ; dwCreationFlags push 0 ; lpParameter push offset createMainWndClass ; lpStartAddress push 0 ; dwStackSize push 0 ; lpThreadAttributes call ds:CreateThread test eax, eax mov hHandle, eax jnz short registerWindowMessage push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 push offset criticalSection ; lpCriticalSection call ds:LeaveCriticalSection pop edi xor eax, eax pop esi pop ecx retn ; =========================================================================== registerWindowMessage: ; CODE XREF: SuOpen+3A SuOpen+43 ... mov edi, ds:RegisterWindowMessageA push offset String ; "SonyAsyncEvent" call edi ; RegisterWindowMessageA push offset aSuerror ; "SuError" mov [esi+20h], eax call edi ; RegisterWindowMessageA mov ecx, [esp+0Ch+arg_0] mov edx, [esp+0Ch+arg_4] push esi mov [esi+24h], eax mov [esi+0Ch], ecx mov [esi+1Ch], edx call createEventThread add esp, 4 test eax, eax jnz short checkSendMessage push 1 push esi call terminateThread add esp, 8 checkSendMessage: ; CODE XREF: SuOpen+B3 mov eax, dword_20F174 test eax, eax jz short leaveCriticalSection mov eax, hWnd test eax, eax jz short leaveCriticalSection push esi ; lParam push 0 ; wParam push 401h ; Msg push eax ; hWnd call ds:SendMessageA leaveCriticalSection: ; CODE XREF: SuOpen+C7 SuOpen+D0 push offset criticalSection ; lpCriticalSection call ds:LeaveCriticalSection mov eax, esi pop edi exit: ; CODE XREF: SuOpen+12 pop esi pop ecx retn SuOpen endp ; =========================================================================== db 0Eh dup(90h) ; Exported entry 3. SuClose ; *************** S U B R O U T I N E *************************************** SuClose proc near buffer = byte ptr 8 push esi mov esi, dword ptr [esp+buffer] push esi call setBuffer2C_to4 add esp, 4 test eax, eax jnz short doCriticalSection pop esi retn ; =========================================================================== doCriticalSection: ; CODE XREF: SuClose+10 push offset criticalSection ; lpCriticalSection call ds:EnterCriticalSection push 1 push esi call terminateThread mov eax, hWnd add esp, 8 test eax, eax jz short freeMemory push esi ; lParam push 0 ; wParam push 402h ; Msg push eax ; hWnd call ds:SendMessageA freeMemory: ; CODE XREF: SuClose+31 push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 call checkInitVideoBufferZero test eax, eax jz short exit mov eax, hHandle test eax, eax jz short exit mov eax, hWnd push 0 ; lParam push 0 ; wParam push 10h ; Msg push eax ; hWnd call ds:PostMessageA mov ecx, hHandle push 3E8h ; dwMilliseconds push ecx ; hHandle call ds:WaitForSingleObject test eax, eax jz short handleNull mov edx, hHandle push 0FFFFFFFFh ; dwExitCode push edx ; hThread call ds:TerminateThread handleNull: ; CODE XREF: SuClose+83 mov hHandle, 0 exit: ; CODE XREF: SuClose+52 SuClose+5B push offset criticalSection ; lpCriticalSection call ds:LeaveCriticalSection mov eax, 1 pop esi retn SuClose endp ; *************** S U B R O U T I N E *************************************** SnyUtils_Init proc near ; CODE XREF: DllMain(x,x,x)+1B buffer = dword ptr -14h mallocPointer = dword ptr -10h lpvReserved = dword ptr -0Ch hInstDLL = dword ptr -4 mov eax, large fs:0 push 0FFFFFFFFh push offset callExceptionHandler push eax mov large fs:0, esp sub esp, 8 push offset criticalSection ; lpCriticalSection call ds:InitializeCriticalSection call SXBIOS_Init test eax, eax jz exit push esi call getMachineID mov esi, eax ; MachineID push offset SNCfunctionality push esi lea ecx, [esp+20h+buffer] call configModelFunctionality cmp esi, 1001h jnz short test_x06C push 36h ; '6' call setMachineID add esp, 4 test_x06C: ; CODE XREF: SnyUtils_Init+4D mov eax, dword_20F1A4 test eax, eax jz short test_x03C push 44h ; 'D' ; malloc 272 call ??2@YAPAXI@Z ; operator new(uint) mov esi, eax add esp, 4 mov [esp+18h+mallocPointer], esi test esi, esi mov [esp+18h+hInstDLL], 0 jz short resetSelectedJumpTable push edi mov ecx, esi ; get address and store in [esi] call getFunctionJumpTable0 xor eax, eax mov ecx, 10h ; REP count lea edi, [esi+4] mov dword ptr [esi], offset functionJumpTable2 rep stosd ; zero-fill 0x40 bytes mov eax, esi pop edi jmp short setSelectedJumpTable ; =========================================================================== test_x03C: ; CODE XREF: SnyUtils_Init+60 mov eax, dword_20F174 test eax, eax jz short malloc_010 push 1D18h ; malloc 29792 call ??2@YAPAXI@Z ; operator new(uint) add esp, 4 mov [esp+18h+mallocPointer], eax test eax, eax mov [esp+18h+hInstDLL], 1 jz short resetSelectedJumpTable mov ecx, eax call initMachineIDandClass jmp short setSelectedJumpTable ; =========================================================================== malloc_010: ; CODE XREF: SnyUtils_Init+A4 push 4 call ??2@YAPAXI@Z ; operator new(uint) mov esi, eax add esp, 4 mov [esp+18h+mallocPointer], esi test esi, esi mov [esp+18h+hInstDLL], 2 jz short resetSelectedJumpTable mov ecx, esi call getFunctionJumpTable0 mov dword ptr [esi], offset functionJumpTable1 mov eax, esi jmp short setSelectedJumpTable ; =========================================================================== resetSelectedJumpTable: ; CODE XREF: SnyUtils_Init+7C ; SnyUtils_Init+C1 ... xor eax, eax setSelectedJumpTable: ; CODE XREF: SnyUtils_Init+9B ; SnyUtils_Init+CA ... test eax, eax mov [esp+18h+hInstDLL], 0FFFFFFFFh mov activeProfile_FunctionsClassFlags, eax pop esi jz short exit call isWin5_64bit mov Win5x_64bit, eax call initPowerProfile test eax, eax jz short exit call OpenDeviceLCD test eax, eax jz short exit call initVideoBuffer test eax, eax jz short exit mov eax, 1 mov ecx, [esp+14h+lpvReserved] mov large fs:0, ecx add esp, 14h retn ; =========================================================================== exit: ; CODE XREF: SnyUtils_Init+2A ; SnyUtils_Init+10B ... call unload mov ecx, [esp+14h+lpvReserved] xor eax, eax mov large fs:0, ecx add esp, 14h retn SnyUtils_Init endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** ; BOOL __stdcall DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved) _DllMain@12 proc near ; CODE XREF: DllEntryPoint+4B hinstDLL = dword ptr 4 fdwReason = dword ptr 8 lpvReserved = byte ptr 0Ch mov eax, [esp+fdwReason] sub eax, 0 push esi mov esi, 1 jz short unload dec eax jnz short exit mov eax, [esp+4+hinstDLL] mov hInstDll, eax call SnyUtils_Init pop esi retn 0Ch ; =========================================================================== unload: ; CODE XREF: DllMain(x,x,x)+D call unload exit: ; CODE XREF: DllMain(x,x,x)+10 mov eax, esi pop esi retn 0Ch _DllMain@12 endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** sub_208850 proc near ; DATA XREF: .rdata:functionJumpTable3 ClassGuid = dword ptr -10h var_C = word ptr -0Ch var_A = word ptr -0Ah var_8 = byte ptr -8 var_7 = byte ptr -7 var_6 = byte ptr -6 var_5 = byte ptr -5 var_4 = byte ptr -4 var_3 = byte ptr -3 var_2 = byte ptr -2 var_1 = byte ptr -1 Last_Error = byte ptr 4 sub esp, 10h push esi mov esi, dword ptr [esp+14h+Last_Error] push esi call deviceOpenByGUID test eax, eax jnz short loc_208869 pop esi add esp, 10h retn 4 ; =========================================================================== loc_208869: ; CODE XREF: sub_208850+10 mov eax, [esi+8] test eax, eax jz short loc_20887C mov eax, 1 pop esi add esp, 10h retn 4 ; =========================================================================== loc_20887C: ; CODE XREF: sub_208850+1E lea eax, [esp+14h+Last_Error] push eax ; Last_Error lea ecx, [esp+18h+ClassGuid] push 0 ; MemberIndex push ecx ; ClassGuid mov [esp+20h+ClassGuid], 8F3EE1Ah mov [esp+20h+var_C], 8854h mov [esp+20h+var_A], 11D2h mov [esp+20h+var_8], 0BDh ; '' mov [esp+20h+var_7], 7Ah ; 'z' mov [esp+20h+var_6], 8 mov [esp+20h+var_5], 0 mov [esp+20h+var_4], 46h ; 'F' mov [esp+20h+var_3], 1 mov [esp+20h+var_2], 9Dh ; '' mov [esp+20h+var_1], 65h ; 'e' call SNC_Device_Open xor edx, edx add esp, 0Ch test eax, eax setnz dl mov [esi+8], eax pop esi mov eax, edx add esp, 10h retn 4 sub_208850 endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall sub_2088F0(DWORD BytesReturned,int) sub_2088F0 proc near ; DATA XREF: .rdata:functionJumpTable3 InBuffer = dword ptr -4 BytesReturned = byte ptr 4 arg_4 = dword ptr 8 push ecx mov eax, dword_20F174 push ebp push esi mov esi, dword ptr [esp+0Ch+BytesReturned] push edi xor edi, edi cmp eax, edi mov ebp, ecx jz loc_2089D2 cmp [esi+8], edi jz loc_2089D2 cmp [esi+28h], edi push ebx mov ebx, ds:CloseHandle jz short loc_208953 mov eax, [esi+14h] push eax ; hEvent call ds:SetEvent mov ecx, [esi+28h] push 1F4h ; dwMilliseconds push ecx ; hHandle call ds:WaitForSingleObject cmp eax, 102h jnz short loc_20894A mov edx, [esi+28h] push 0FFFFFFFFh ; dwExitCode push edx ; hThread call ds:TerminateThread loc_20894A: ; CODE XREF: sub_2088F0+4C mov eax, [esi+28h] push eax ; hObject call ebx ; CloseHandle mov [esi+28h], edi loc_208953: ; CODE XREF: sub_2088F0+2C cmp [esi+10h], edi jz short loc_2089A0 cmp [esi+0Ch], edi mov dword ptr [esp+14h+BytesReturned], edi jz short loc_208997 push esi call createRegisterWindowMsg add esp, 4 push edi ; lpOverlapped lea ecx, [esp+18h+BytesReturned] push ecx ; lpBytesReturned push edi ; nOutBufferSize push edi ; lpOutBuffer push 4 ; nInBufferSize lea edx, [esp+28h+InBuffer] push edx ; lpInBuffer mov [esp+2Ch+InBuffer], eax mov eax, [esi+8] push 222004h ; dwIoControlCode push eax ; hDevice call ds:DeviceIoControl test eax, eax jnz short loc_208997 mov dword ptr [esi+2Ch], 2 loc_208997: ; CODE XREF: sub_2088F0+6F ; sub_2088F0+9E mov ecx, [esi+10h] push ecx ; hObject call ebx ; CloseHandle mov [esi+10h], edi loc_2089A0: ; CODE XREF: sub_2088F0+66 mov eax, [esi+14h] cmp eax, edi jz short loc_2089AD push eax ; hObject call ebx ; CloseHandle mov [esi+14h], edi loc_2089AD: ; CODE XREF: sub_2088F0+B5 mov eax, [esi+8] cmp eax, edi jz short loc_2089BA push eax ; hObject call ebx ; CloseHandle mov [esi+8], edi loc_2089BA: ; CODE XREF: sub_2088F0+C2 mov edx, [esp+14h+arg_4] push edx ; int push esi ; BytesReturned mov ecx, ebp mov [esi+2Ch], edi call terminateThreadCloseHandles pop ebx pop edi pop esi pop ebp pop ecx retn 8 ; =========================================================================== loc_2089D2: ; CODE XREF: sub_2088F0+13 ; sub_2088F0+1C mov eax, [esp+10h+arg_4] push eax ; int push esi ; BytesReturned mov ecx, ebp call terminateThreadCloseHandles pop edi pop esi pop ebp pop ecx retn 8 sub_2088F0 endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2089F0 proc near ; DATA XREF: .rdata:functionJumpTable3 BytesReturned = dword ptr -110h InBuffer = dword ptr -10Ch var_108 = dword ptr -108h Name = dword ptr -104h arg_0 = dword ptr 4 sub esp, 110h push esi mov esi, [esp+114h+arg_0] mov eax, [esi+10h] test eax, eax jnz short loc_208A83 mov eax, [esi+0Ch] test eax, eax jz short loc_208A83 push esi mov [esp+118h+BytesReturned], 0 call createRegisterWindowMsg mov [esp+118h+InBuffer], eax mov eax, [esi+0Ch] push eax lea ecx, [esp+11Ch+Name] push offset aSonyasyncevent ; "SonyAsyncEvent%X" push ecx ; LPSTR call ds:wsprintfA add esp, 10h lea edx, [esp+114h+Name] push edx ; lpName push 0 ; bInitialState push 0 ; bManualReset push 0 ; lpEventAttributes call ds:CreateEventA mov edx, [esi+8] push 0 ; lpOverlapped mov [esi+10h], eax mov [esp+118h+var_108], eax lea eax, [esp+118h+BytesReturned] push eax ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 8 ; nInBufferSize lea ecx, [esp+128h+InBuffer] push ecx ; lpInBuffer push 222000h ; dwIoControlCode push edx ; hDevice call ds:DeviceIoControl test eax, eax jnz short loc_208A83 mov dword ptr [esi+2Ch], 2 pop esi add esp, 110h retn 4 ; =========================================================================== loc_208A83: ; CODE XREF: sub_2089F0+13 ; sub_2089F0+1A ... mov eax, 1 pop esi add esp, 110h retn 4 sub_2089F0 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall sub_208AA0(int,int InBuffer,int,int) sub_208AA0 proc near ; DATA XREF: .rdata:functionJumpTable3 BytesReturned = dword ptr -0Ch OutBuffer = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 InBuffer = byte ptr 8 arg_8 = dword ptr 0Ch arg_C = dword ptr 10h sub esp, 0Ch push 0 ; lpOverlapped lea eax, [esp+10h+BytesReturned] push eax ; lpBytesReturned mov eax, [esp+14h+arg_0] push 8 ; nOutBufferSize lea ecx, [esp+18h+OutBuffer] push ecx ; lpOutBuffer mov ecx, [eax+8] push 4 ; nInBufferSize lea edx, [esp+20h+InBuffer] push edx ; lpInBuffer push 222010h ; dwIoControlCode push ecx ; hDevice mov [esp+2Ch+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_208ADD add esp, 0Ch retn 10h ; =========================================================================== loc_208ADD: ; CODE XREF: sub_208AA0+35 mov edx, [esp+0Ch+arg_8] mov eax, [esp+0Ch+OutBuffer] mov ecx, [esp+0Ch+arg_C] mov [edx], eax mov edx, [esp+0Ch+var_4] mov [ecx], edx mov eax, 1 add esp, 0Ch retn 10h sub_208AA0 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall doSNC_222020(int,int OutBuffer,int InBuffer) doSNC_222020 proc near ; CODE XREF: doSNC_op+22 ; sub_209250+25 BytesReturned = dword ptr -4 arg_0 = dword ptr 4 OutBuffer = dword ptr 8 InBuffer = byte ptr 0Ch push ecx push ebx push ebp mov ebp, [esp+0Ch+OutBuffer] mov eax, [ebp+0] push esi mov esi, [esp+10h+arg_0] xor ebx, ebx push edi mov edi, ds:DeviceIoControl mov [esp+14h+BytesReturned], ebx mov [esp+14h+OutBuffer], eax loc_208B20: ; CODE XREF: doSNC_222020+53 push 0 ; lpOverlapped lea ecx, [esp+18h+BytesReturned] push ecx ; lpBytesReturned mov ecx, [esi+8] push 4 ; nOutBufferSize lea edx, [esp+20h+OutBuffer] push edx ; lpOutBuffer push 1 ; nInBufferSize lea eax, [esp+28h+InBuffer] push eax ; lpInBuffer push 222020h ; dwIoControlCode push ecx ; hDevice call edi ; DeviceIoControl test eax, eax jz short loc_208B69 mov eax, [esp+14h+OutBuffer] cmp eax, 0FFh jnz short loc_208B81 inc ebx cmp ebx, 5 jl short loc_208B20 mov [ebp+0], eax pop edi mov dword ptr [esi+2Ch], 7 pop esi pop ebp xor eax, eax pop ebx pop ecx retn 0Ch ; =========================================================================== loc_208B69: ; CODE XREF: doSNC_222020+42 mov edx, [esp+14h+OutBuffer] pop edi mov [ebp+0], edx mov dword ptr [esi+2Ch], 2 pop esi pop ebp xor eax, eax pop ebx pop ecx retn 0Ch ; =========================================================================== loc_208B81: ; CODE XREF: doSNC_222020+4D mov [ebp+0], eax pop edi mov dword ptr [esi+2Ch], 0 pop esi pop ebp mov eax, 1 pop ebx pop ecx retn 0Ch doSNC_222020 endp ; =========================================================================== db 8 dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall doSNC_222024(int,int OutBuffer,int InBuffer) doSNC_222024 proc near ; CODE XREF: sub_208D00+1E ; doSNC_op:loc_208DFA ... BytesReturned = dword ptr -4 arg_0 = dword ptr 4 OutBuffer = dword ptr 8 InBuffer = dword ptr 0Ch push ecx mov al, byte ptr [esp+4+InBuffer] push ebx mov ebx, [esp+8+OutBuffer] mov cl, [ebx] mov edx, [ebx] push ebp push esi mov esi, [esp+10h+arg_0] xor ebp, ebp push edi mov edi, ds:DeviceIoControl mov [esp+14h+BytesReturned], ebp mov byte ptr [esp+14h+InBuffer], al mov byte ptr [esp+14h+InBuffer+1], cl mov [esp+14h+OutBuffer], edx lea ecx, [ecx+0] loc_208BD0: ; CODE XREF: doSNC_222024+63 push 0 ; lpOverlapped lea eax, [esp+18h+BytesReturned] push eax ; lpBytesReturned mov eax, [esi+8] push 4 ; nOutBufferSize lea ecx, [esp+20h+OutBuffer] push ecx ; lpOutBuffer push 2 ; nInBufferSize lea edx, [esp+28h+InBuffer] push edx ; lpInBuffer push 222024h ; dwIoControlCode push eax ; hDevice call edi ; DeviceIoControl test eax, eax jz short loc_208C18 mov eax, [esp+14h+OutBuffer] cmp eax, 0FFh jnz short loc_208C2F inc ebp cmp ebp, 5 jl short loc_208BD0 mov [ebx], eax pop edi mov dword ptr [esi+2Ch], 7 pop esi pop ebp xor eax, eax pop ebx pop ecx retn 0Ch ; =========================================================================== loc_208C18: ; CODE XREF: doSNC_222024+52 mov ecx, [esp+14h+OutBuffer] pop edi mov [ebx], ecx mov dword ptr [esi+2Ch], 2 pop esi pop ebp xor eax, eax pop ebx pop ecx retn 0Ch ; =========================================================================== loc_208C2F: ; CODE XREF: doSNC_222024+5D mov [ebx], eax pop edi mov dword ptr [esi+2Ch], 0 pop esi pop ebp mov eax, 1 pop ebx pop ecx retn 0Ch doSNC_222024 endp ; =========================================================================== db 0Bh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_208C50 proc near ; DATA XREF: .rdata:functionJumpTable3 BytesReturned = dword ptr -0Ch InBuffer = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch sub esp, 0Ch mov eax, [esp+0Ch+arg_4] mov ecx, [esp+0Ch+arg_8] push esi mov esi, [esp+10h+arg_0] push 0 ; lpOverlapped lea edx, [esp+14h+BytesReturned] push edx ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 8 ; nInBufferSize mov [esp+24h+InBuffer], eax lea eax, [esp+24h+InBuffer] push eax ; lpInBuffer mov [esp+28h+var_4], ecx mov ecx, [esi+8] push 222014h ; dwIoControlCode push ecx ; hDevice mov [esp+30h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_208CA3 mov dword ptr [esi+2Ch], 2 pop esi add esp, 0Ch retn 0Ch ; =========================================================================== loc_208CA3: ; CODE XREF: sub_208C50+43 mov dword ptr [esi+2Ch], 0 mov eax, 1 pop esi add esp, 0Ch retn 0Ch sub_208C50 endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** sub_208CC0 proc near ; DATA XREF: .rdata:functionJumpTable3 arg_4 = dword ptr 8 mov eax, [esp+arg_4] mov dword ptr [eax], 2010h mov edx, [ecx] mov [esp+arg_4], eax jmp dword ptr [edx+6Ch] sub_208CC0 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_208CE0 proc near ; DATA XREF: .rdata:functionJumpTable3 arg_4 = dword ptr 8 mov eax, [esp+arg_4] add dword ptr [eax], 20100000h mov edx, [ecx] mov [esp+arg_4], eax jmp dword ptr [edx+70h] sub_208CE0 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall sub_208D00(int,int OutBuffer) sub_208D00 proc near ; DATA XREF: .rdata:functionJumpTable3 arg_0 = dword ptr 8 OutBuffer = byte ptr 0Ch push esi mov esi, dword ptr [esp+OutBuffer] mov eax, [esi] push edi mov edi, [esp+4+arg_0] push 9Ah ; '' ; InBuffer lea edx, [esp+8+OutBuffer] push edx ; OutBuffer and eax, 0FFFFFFFDh push edi ; int mov dword ptr [esp+10h+OutBuffer], eax call doSNC_222024 test eax, eax jz short loc_208D39 mov dword ptr [edi+2Ch], 0 pop edi mov dword ptr [esi], 0 pop esi retn 8 ; =========================================================================== loc_208D39: ; CODE XREF: sub_208D00+25 mov dword ptr [edi+2Ch], 5 pop edi mov dword ptr [esi], 1 pop esi retn 8 sub_208D00 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall sub_208D50(DWORD BytesReturned,int) sub_208D50 proc near ; DATA XREF: .rdata:functionJumpTable3 InBuffer = dword ptr -8 var_4 = dword ptr -4 BytesReturned = byte ptr 4 arg_4 = dword ptr 8 sub esp, 8 push esi mov esi, dword ptr [esp+0Ch+BytesReturned] mov eax, [esi+0Ch] test eax, eax jz short loc_208DB6 push esi mov dword ptr [esp+10h+BytesReturned], 0 call createRegisterWindowMsg add esp, 4 push 0 ; lpOverlapped lea ecx, [esp+10h+BytesReturned] push ecx ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer push 8 ; nInBufferSize mov [esp+20h+InBuffer], eax mov eax, [esp+20h+arg_4] lea edx, [esp+20h+InBuffer] push edx ; lpInBuffer mov [esp+24h+var_4], eax mov eax, [esi+8] push 222008h ; dwIoControlCode push eax ; hDevice call ds:DeviceIoControl test eax, eax jnz short loc_208DAF mov dword ptr [esi+2Ch], 2 pop esi add esp, 8 retn 8 ; =========================================================================== loc_208DAF: ; CODE XREF: sub_208D50+4F mov dword ptr [esi+2Ch], 0 loc_208DB6: ; CODE XREF: sub_208D50+D mov eax, 1 pop esi add esp, 8 retn 8 sub_208D50 endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** ; int __stdcall doSNC_op(int,int InBuffer,int OutBuffer) doSNC_op proc near ; CODE XREF: doSNCmethodCall_byModelCaps+44 functionNum = dword ptr 4 InBuffer = dword ptr 8 OutBuffer = byte ptr 0Ch mov eax, [esp+InBuffer] mov edx, eax imul edx, 78h push esi mov esi, [edx+ecx-3BF0h] mov edx, [esp+4+functionNum] cmp esi, 1 pop esi push eax ; InBuffer mov eax, dword ptr [esp+4+OutBuffer] push eax ; OutBuffer push edx ; int jnz short loc_208DFA call doSNC_222020 retn 0Ch ; int ; =========================================================================== loc_208DFA: ; CODE XREF: doSNC_op+20 call doSNC_222024 retn 0Ch doSNC_op endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** getMachineClassFromID proc near ; CODE XREF: initMachineIDandClass+66 machineType = byte ptr 4 mov eax, dword ptr [esp+machineType] cmp eax, 4Bh ; 'K' ja class00 movzx eax, ds:MachineClassTable[eax] jmp ds:ClassValueTable[eax*4] class10: ; DATA XREF: .text:00208F04 mov eax, 5 retn 4 ; =========================================================================== class0F: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208F00 mov eax, 6 retn 4 ; =========================================================================== class0C: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EF4 mov eax, 9 retn 4 ; =========================================================================== class0B: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EF0 mov eax, 0Ah retn 4 ; =========================================================================== class0A: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EEC mov eax, 0Ch retn 4 ; =========================================================================== class0D: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EF8 mov eax, 8 retn 4 ; =========================================================================== class07: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EE0 mov eax, 0Bh retn 4 ; =========================================================================== class0E: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EFC mov eax, 7 retn 4 ; =========================================================================== class11: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208F08 mov eax, 4 retn 4 ; =========================================================================== class09: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EE8 mov eax, 0Dh retn 4 ; =========================================================================== class05: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208ED8 mov eax, 0Eh retn 4 ; =========================================================================== class03: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208ED0 mov eax, 0Fh retn 4 ; =========================================================================== class04: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208ED4 mov eax, 10h retn 4 ; =========================================================================== class02: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208ECC mov eax, 11h retn 4 ; =========================================================================== class01: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EC8 mov eax, 12h retn 4 ; =========================================================================== class08: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EE4 mov eax, 13h retn 4 ; =========================================================================== class06: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208EDC mov eax, 14h retn 4 ; =========================================================================== class12: ; CODE XREF: getMachineClassFromID+14 ; DATA XREF: .text:00208F0C mov eax, 3 retn 4 ; =========================================================================== class00: ; CODE XREF: getMachineClassFromID+7 ; getMachineClassFromID+14 ; DATA XREF: ... mov eax, 15h retn 4 getMachineClassFromID endp ; =========================================================================== align 4 ClassValueTable dd offset class00 ; DATA XREF: getMachineClassFromID+14 dd offset class01 dd offset class02 dd offset class03 dd offset class04 dd offset class05 dd offset class06 dd offset class07 dd offset class08 dd offset class09 dd offset class0A dd offset class0B dd offset class0C dd offset class0D dd offset class0E dd offset class0F dd offset class10 dd offset class11 dd offset class12 dd offset class00 MachineClassTable db 0 ; DATA XREF: getMachineClassFromID+D db 13h db 13h db 13h db 13h db 13h db 13h db 13h db 13h db 13h db 13h db 13h db 13h db 1 db 2 db 2 db 13h db 3 db 3 db 3 db 13h db 4 db 5 db 3 db 6 db 6 db 5 db 4 db 3 dup(6) db 6 db 7 db 7 db 8 db 7 db 7 db 13h db 9 db 13h db 13h db 13h db 13h db 7 db 7 db 13h db 13h db 0Ah db 7 db 0Bh db 13h db 7 db 0Ch db 2 dup(13h), 0Ah db 7 db 13h dw 130Dh db 0Eh, 2 dup(13h) db 13h db 13h db 13h db 0Fh db 13h db 13h db 13h db 13h db 10h db 11h db 13h db 13h db 12h ; *************** S U B R O U T I N E *************************************** sub_208F60 proc near ; DATA XREF: .rdata:functionJumpTable3 arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch mov eax, [esp+arg_4] cmp eax, 80h ; '' mov edx, [esp+arg_8] push esi mov dword ptr [edx], 0 jb short loc_208FA8 cmp eax, 0BDh ; '' ja short loc_208FA8 mov esi, [esp+4+arg_0] push edi mov edi, [esi+8] test edi, edi pop edi jz short loc_208FA8 mov esi, [ecx+4] imul eax, 1Eh add eax, esi mov eax, [ecx+eax*4-3BF8h] xor ecx, ecx test eax, eax setnz cl mov [edx], eax pop esi mov eax, ecx retn 0Ch ; =========================================================================== loc_208FA8: ; CODE XREF: sub_208F60+14 ; sub_208F60+1B ... xor eax, eax pop esi retn 0Ch sub_208F60 endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_208FB0 proc near ; DATA XREF: .rdata:functionJumpTable3 arg_0 = dword ptr 0Ch push esi push edi mov edi, [esp+arg_0] mov esi, ecx mov eax, [esi] push 2200036h push edi call dword ptr [eax+0Ch] mov edx, [esi] push 2200037h push edi mov ecx, esi call dword ptr [edx+0Ch] mov eax, [esi] push 2200038h push edi mov ecx, esi call dword ptr [eax+0Ch] pop edi mov eax, 1 pop esi retn 4 sub_208FB0 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_208FF0 proc near ; DATA XREF: .rdata:functionJumpTable3 arg_0 = dword ptr 0Ch push esi push edi mov edi, [esp+arg_0] mov esi, ecx mov eax, [esi] push 2200010h push edi call dword ptr [eax+0Ch] mov eax, SNCfunctionality test eax, eax jz short loc_209019 mov edx, [esi] push 2200011h push edi mov ecx, esi call dword ptr [edx+0Ch] loc_209019: ; CODE XREF: sub_208FF0+1A mov eax, dword_20F13C test eax, eax jz short loc_20902F mov eax, [esi] push 2200012h push edi mov ecx, esi call dword ptr [eax+0Ch] loc_20902F: ; CODE XREF: sub_208FF0+30 mov eax, dword_20F140 test eax, eax jz short loc_209045 mov edx, [esi] push 2200013h push edi mov ecx, esi call dword ptr [edx+0Ch] loc_209045: ; CODE XREF: sub_208FF0+46 mov eax, dword_20F144 test eax, eax jz short loc_20905B mov eax, [esi] push 2200014h push edi mov ecx, esi call dword ptr [eax+0Ch] loc_20905B: ; CODE XREF: sub_208FF0+5C mov eax, dword_20F148 test eax, eax jz short loc_209071 mov edx, [esi] push 2200015h push edi mov ecx, esi call dword ptr [edx+0Ch] loc_209071: ; CODE XREF: sub_208FF0+72 mov eax, dword_20F14C test eax, eax jz short loc_209087 mov eax, [esi] push 2200016h push edi mov ecx, esi call dword ptr [eax+0Ch] loc_209087: ; CODE XREF: sub_208FF0+88 mov eax, dword_20F150 test eax, eax jz short loc_20909D mov edx, [esi] push 2200017h push edi mov ecx, esi call dword ptr [edx+0Ch] loc_20909D: ; CODE XREF: sub_208FF0+9E mov eax, dword_20F154 test eax, eax jz short loc_2090B3 mov eax, [esi] push 2200018h push edi mov ecx, esi call dword ptr [eax+0Ch] loc_2090B3: ; CODE XREF: sub_208FF0+B4 mov eax, dword_20F15C test eax, eax jz short loc_2090C9 mov edx, [esi] push 220001Ah push edi mov ecx, esi call dword ptr [edx+0Ch] loc_2090C9: ; CODE XREF: sub_208FF0+CA mov eax, dword_20F164 test eax, eax jz short loc_2090DF mov eax, [esi] push 220001Ch push edi mov ecx, esi call dword ptr [eax+0Ch] loc_2090DF: ; CODE XREF: sub_208FF0+E0 mov eax, dword_20F190 test eax, eax jz short loc_2090F5 mov edx, [esi] push 220001Fh push edi mov ecx, esi call dword ptr [edx+0Ch] loc_2090F5: ; CODE XREF: sub_208FF0+F6 mov eax, dword_20F168 test eax, eax jz short loc_20910B mov eax, [esi] push 2200035h push edi mov ecx, esi call dword ptr [eax+0Ch] loc_20910B: ; CODE XREF: sub_208FF0+10C mov eax, dword_20F16C test eax, eax jz short loc_209121 mov edx, [esi] push 2200032h push edi mov ecx, esi call dword ptr [edx+0Ch] loc_209121: ; CODE XREF: sub_208FF0+122 mov eax, dword_20F170 test eax, eax jz short loc_209137 mov eax, [esi] push 2200033h push edi mov ecx, esi call dword ptr [eax+0Ch] loc_209137: ; CODE XREF: sub_208FF0+138 mov edx, [esi] push edi mov ecx, esi call dword ptr [edx+94h] pop edi mov eax, 1 pop esi retn 4 sub_208FF0 endp ; =========================================================================== db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_209150 proc near ; DATA XREF: .rdata:functionJumpTable3 var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 4 sub esp, 0Ch push ebx mov ebx, [esp+10h+arg_0] push esi push edi mov edi, ecx mov [esp+18h+var_C], 2000030h mov [esp+18h+var_8], 1000001h mov [esp+18h+var_4], 100000Ah xor esi, esi loc_209176: ; CODE XREF: sub_209150+37 mov ecx, [esp+esi*4+18h+var_C] mov eax, [edi] push ecx push ebx mov ecx, edi call dword ptr [eax+0Ch] inc esi cmp esi, 3 jl short loc_209176 pop edi pop esi mov eax, 1 pop ebx add esp, 0Ch retn 4 sub_209150 endp ; =========================================================================== db 9 dup(90h) ; *************** S U B R O U T I N E *************************************** initMachineIDandClass proc near ; CODE XREF: SnyUtils_Init+C5 buffer = dword ptr -10h var_C = dword ptr -0Ch var_4 = dword ptr -4 push 0FFFFFFFFh push offset setExceptionHandler mov eax, large fs:0 push eax mov large fs:0, esp push ecx push ebx push esi push edi mov edi, ecx ; address of malloc-ed buffer from caller mov [esp+1Ch+buffer], edi call getFunctionJumpTable0 ; store in [ecx] aka [edi] mov [esp+1Ch+var_4], 0 mov dword ptr [edi], offset functionJumpTable3 ; replace Table0 with Table3 !? mov eax, offset flagsTable lea esi, [edi+8] lea ebx, [ebx+0] nextBlock: ; CODE XREF: initMachineIDandClass+5C mov ecx, esi mov edx, 16h copy: ; CODE XREF: initMachineIDandClass+52 mov ebx, [eax] mov [ecx], ebx add eax, 4 add ecx, 4 dec edx jnz short copy add esi, 78h ; 'x' cmp eax, (offset flagsTable.key+14F8h) jle short nextBlock call getMachineID push eax mov ecx, edi call getMachineClassFromID mov ecx, [esp+1Ch+var_C] mov [edi+4], eax ; Machine Class mov eax, edi pop edi pop esi pop ebx mov large fs:0, ecx add esp, 10h retn initMachineIDandClass endp ; =========================================================================== db 0Eh dup(90h) ; *************** S U B R O U T I N E *************************************** deleteArrayOfPointers proc near ; DATA XREF: .rdata:functionJumpTable1 ; .rdata:functionJumpTable2 ... bDontDelete = byte ptr 8 push esi mov esi, ecx call getFunctionJumpTable1 test [esp+bDontDelete], 1 jz short exit push esi call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 exit: ; CODE XREF: deleteArrayOfPointers+D mov eax, esi pop esi retn 4 deleteArrayOfPointers endp ; =========================================================================== db 2 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_209250 proc near ; CODE XREF: sub_209350+31 OutBuffer = dword ptr -4 arg_0 = dword ptr 4 push ecx mov eax, dword_20E024 test eax, eax push esi push edi mov esi, ecx jnz short loc_2092B8 mov edi, [esp+0Ch+arg_0] push 82h ; '' ; InBuffer lea eax, [esp+10h+OutBuffer] push eax ; OutBuffer push edi ; int mov [esp+18h+OutBuffer], 0 call doSNC_222020 test eax, eax jz short loc_20929F mov edx, [esp+0Ch+OutBuffer] push 81h ; '' ; InBuffer lea ecx, [esp+10h+OutBuffer] push ecx ; OutBuffer or edx, 6 push edi ; int mov ecx, esi mov [esp+18h+OutBuffer], edx call doSNC_222024 test eax, eax jnz short loc_2092AE loc_20929F: ; CODE XREF: sub_209250+2C mov dword ptr [edi+2Ch], 1 pop edi xor eax, eax pop esi pop ecx retn 4 ; =========================================================================== loc_2092AE: ; CODE XREF: sub_209250+4D mov dword_20E024, 1 loc_2092B8: ; CODE XREF: sub_209250+C pop edi mov eax, 1 pop esi pop ecx retn 4 sub_209250 endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** doSNCmethodCall_byModelCaps proc near ; DATA XREF: .rdata:functionJumpTable3 var_14 = byte ptr -14h var_10 = dword ptr -10h modelCaps1 = dword ptr -8 InBuffer = dword ptr -4 modelType = byte ptr 8 sub esp, 8 push ebx push esi push edi mov edi, dword ptr [esp+14h+modelType] mov esi, ecx mov eax, [esi] lea ecx, [esp+14h+InBuffer] push ecx lea edx, [esp+18h+modelCaps1] push edx xor ebx, ebx push edi ; model type mov ecx, esi mov [esp+20h+modelCaps1], ebx mov [esp+20h+InBuffer], ebx call dword ptr [eax+1Ch] ; getModelCapability() test eax, eax jz short failed test byte ptr [esp+14h+modelCaps1], 1 mov eax, [esp+20h] push eax ; OutBuffer jz short loc_209322 mov ecx, [esp+18h+InBuffer] mov edx, [esp+1Ch] push ecx ; InBuffer push edx ; functionNum mov ecx, esi call doSNC_op pop edi pop esi pop ebx add esp, 8 retn 0Ch ; =========================================================================== loc_209322: ; CODE XREF: doSNCmethodCall_byModelCaps+36 mov ecx, [esp+1Ch] push edi ; SNC method num push ecx ; SNC method Arg0 mov ecx, esi call callSNCmethod pop edi pop esi pop ebx add esp, 8 retn 0Ch ; =========================================================================== failed: ; CODE XREF: doSNCmethodCall_byModelCaps+2A pop edi pop esi mov eax, ebx pop ebx add esp, 8 retn 0Ch doSNCmethodCall_byModelCaps endp ; =========================================================================== db 0Dh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_209350 proc near ; DATA XREF: .rdata:functionJumpTable3 arg_0 = dword ptr 8 push esi mov esi, [esp+arg_0] mov eax, [esi+0Ch] test eax, eax push edi mov edi, ecx jz short loc_20937E mov eax, dword_20F18C test eax, eax jz short loc_20937E mov eax, [esi+1Ch] test eax, eax jz short loc_20937E push esi call iterateSNCdeviceCalls test eax, eax jnz short loc_20937E pop edi pop esi retn 4 ; =========================================================================== loc_20937E: ; CODE XREF: sub_209350+D ; sub_209350+16 ... mov ecx, edi push esi call sub_209250 pop edi pop esi retn 4 sub_209350 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** freeInOutBuffers proc near ; CODE XREF: unload+A mov ecx, dword_20F1D0 push esi xor esi, esi cmp ecx, esi jz short loc_2093A9 mov eax, [ecx] push 1 call dword ptr [eax] mov dword_20F1D0, esi loc_2093A9: ; CODE XREF: freeInOutBuffers+B mov eax, hObject cmp eax, esi jz short loc_2093BF push eax ; hObject call ds:CloseHandle mov hObject, esi loc_2093BF: ; CODE XREF: freeInOutBuffers+20 mov eax, lpOutBuffer cmp eax, esi jz short loc_2093D7 push eax call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 mov lpOutBuffer, esi loc_2093D7: ; CODE XREF: freeInOutBuffers+36 mov eax, lpInBuffer cmp eax, esi jz short loc_2093EF push eax call ??3@YAXPAX@Z ; operator delete(void *) add esp, 4 mov lpInBuffer, esi loc_2093EF: ; CODE XREF: freeInOutBuffers+4E pop esi retn freeInOutBuffers endp ; sp = -4 ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_209400 proc near ; CODE XREF: sub_2098F0+26 arg_0 = dword ptr 0Ch push esi push edi mov edi, ds:GetSystemMetrics push 0 ; nIndex call edi ; GetSystemMetrics push 1 ; nIndex mov esi, eax call edi ; GetSystemMetrics mov edi, eax call getFunctionality_x068 movzx ecx, ax shr eax, 10h cmp esi, ecx jg short loc_20944C cmp edi, eax jg short loc_20944C cmp esi, ecx jnz short loc_20942F cmp edi, eax jz short loc_20944C loc_20942F: ; CODE XREF: sub_209400+29 mov ecx, dword_20F1D0 xor eax, eax test ecx, ecx jz short loc_20944E mov edx, [esp+arg_0] mov eax, [ecx] push 0 push 1 push edx call dword ptr [eax+4] pop edi pop esi retn ; =========================================================================== loc_20944C: ; CODE XREF: sub_209400+21 ; sub_209400+25 ... xor eax, eax loc_20944E: ; CODE XREF: sub_209400+39 pop edi pop esi retn sub_209400 endp ; =========================================================================== db 0Fh dup(90h) ; *************** S U B R O U T I N E *************************************** sub_209460 proc near ; CODE XREF: sub_2098F0+39 arg_0 = dword ptr 0Ch arg_4 = dword ptr 10h push esi push edi mov edi, ds:GetSystemMetrics push 0 ; nIndex call edi ; GetSystemMetrics push 1 ; nIndex mov esi, eax call edi ; GetSystemMetrics mov edi, eax call getFunctionality_x068 movzx ecx, ax shr eax, 10h cmp esi, ecx jg short loc_2094B1 cmp edi, eax jg short loc_2094B1 cmp esi, ecx jnz short loc_20948F cmp edi, eax jz short loc_2094B1 loc_20948F: ; CODE XREF: sub_209460+29 mov ecx, dword_20F1D0 xor eax, eax test ecx, ecx jz short loc_2094B3 mov edx, [esp+arg_4] mov edx, [edx] mov eax, [ecx] push edx mov edx, [esp+4+arg_0] push 0 push edx call dword ptr [eax+4] pop edi pop esi retn ; =========================================================================== loc_2094B1: ; CODE XREF: sub_209460+21 ; sub_209460+25 ... xor eax, eax loc_2094B3: ; CODE XREF: sub_209460+39 pop edi pop esi retn sub_209460 endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2094C0 proc near ; CODE XREF: sub_2098F0+4C arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov ecx, dword_20F1D0 test ecx, ecx jz short loc_2094DA mov edx, [esp+arg_4] mov eax, [ecx] push edx mov edx, [esp+4+arg_0] push edx call dword ptr [eax+10h] retn ; =========================================================================== loc_2094DA: ; CODE XREF: sub_2094C0+8 xor eax, eax retn sub_2094C0 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2094E0 proc near ; CODE XREF: sub_2098F0+5F arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov ecx, dword_20F1D0 test ecx, ecx jz short loc_2094FA mov edx, [esp+arg_4] mov eax, [ecx] push edx mov edx, [esp+4+arg_0] push edx call dword ptr [eax+18h] retn ; =========================================================================== loc_2094FA: ; CODE XREF: sub_2094E0+8 xor eax, eax retn sub_2094E0 endp ; =========================================================================== db 3 dup(90h) ; *************** S U B R O U T I N E *************************************** doGetModelCapability proc near ; CODE XREF: sub_2098F0+72 arg_0 = dword ptr 4 arg_4 = dword ptr 8 mov ecx, dword_20F1D0 test ecx, ecx jz short failed mov edx, [esp+arg_4] mov edx, [edx] mov eax, [ecx] push edx mov edx, [esp+4+arg_0] push edx call dword ptr [eax+1Ch] ; getModelCapability() retn ; =========================================================================== failed: ; CODE XREF: doGetModelCapability+8 xor eax, eax retn doGetModelCapability endp ; =========================================================================== align 10h ; *************** S U B R O U T I N E *************************************** get64bit_hObject proc near ; CODE XREF: filterModelTypeCapabilities:do64bitCheck ; sub_209870 ... mov eax, Win5x_64bit test eax, eax jz short loc_209538 mov eax, hObject test eax, eax jz short loc_209538 mov eax, 1 retn ; =========================================================================== loc_209538: ; CODE XREF: get64bit_hObject+7 ; get64bit_hObject+10 xor eax, eax retn get64bit_hObject endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_209540 proc near ; CODE XREF: sub_209870+E BytesReturned = dword ptr -4 arg_0 = dword ptr 4 push ecx mov eax, dword_20F1D8 push esi mov esi, [esp+8+arg_0] mov ecx, [esi] dec eax cmp ecx, eax mov [esp+8+BytesReturned], 0 ja short loc_20955C mov eax, ecx loc_20955C: ; CODE XREF: sub_209540+18 mov edx, lpInBuffer movzx ecx, byte ptr [edx] dec ecx jz short loc_2095A1 dec ecx jz short loc_209593 dec ecx jz short loc_209573 xor eax, eax pop esi pop ecx retn ; =========================================================================== loc_209573: ; CODE XREF: sub_209540+2C mov ecx, lpOutBuffer mov cl, [ecx+eax] mov [edx+1], cl mov edx, lpOutBuffer mov al, [edx+eax] mov ecx, lpInBuffer mov [ecx+2], al jmp short loc_2095AD ; =========================================================================== loc_209593: ; CODE XREF: sub_209540+29 mov ecx, lpOutBuffer mov al, [ecx+eax] mov [edx+2], al jmp short loc_2095AD ; =========================================================================== loc_2095A1: ; CODE XREF: sub_209540+26 mov ecx, lpOutBuffer mov al, [ecx+eax] mov [edx+1], al loc_2095AD: ; CODE XREF: sub_209540+51 ; sub_209540+5F push 0 ; lpOverlapped lea ecx, [esp+0Ch+BytesReturned] push ecx ; lpBytesReturned push 0 ; nOutBufferSize push 0 ; lpOutBuffer mov dword ptr [esi], 0 mov edx, lpInBuffer mov eax, hObject push 3 ; nInBufferSize push edx ; lpInBuffer push 23049Ch ; dwIoControlCode push eax ; hDevice call ds:DeviceIoControl pop esi pop ecx retn sub_209540 endp ; =========================================================================== db 5 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2095E0 proc near ; CODE XREF: OpenDeviceLCD+1AF ; sub_2098B0+E BytesReturned = dword ptr -4 arg_0 = dword ptr 4 push ecx mov ecx, lpInBuffer mov edx, hObject push 0 ; lpOverlapped lea eax, [esp+8+BytesReturned] push eax ; lpBytesReturned push 3 ; nOutBufferSize push ecx ; lpOutBuffer push 0 ; nInBufferSize push 0 ; lpInBuffer push 230498h ; dwIoControlCode push edx ; hDevice mov [esp+24h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_209615 pop ecx retn ; =========================================================================== loc_209615: ; CODE XREF: sub_2095E0+31 mov eax, lpInBuffer cmp byte ptr [eax], 1 jnz short loc_209624 mov al, [eax+1] jmp short loc_209627 ; =========================================================================== loc_209624: ; CODE XREF: sub_2095E0+3D mov al, [eax+2] loc_209627: ; CODE XREF: sub_2095E0+42 push ebx push esi push edi mov edi, dword_20F1D8 xor ecx, ecx dec edi test edi, edi jbe short loc_209659 mov esi, lpOutBuffer movzx ebx, al loc_209640: ; CODE XREF: sub_2095E0+77 movzx edx, byte ptr [esi+ecx] movzx eax, byte ptr [esi+ecx+1] add eax, edx cdq sub eax, edx sar eax, 1 cmp ebx, eax jl short loc_209669 inc ecx cmp ecx, edi jb short loc_209640 loc_209659: ; CODE XREF: sub_2095E0+55 mov ecx, [esp+10h+arg_0] mov [ecx], edi pop edi pop esi mov eax, 1 pop ebx pop ecx retn ; =========================================================================== loc_209669: ; CODE XREF: sub_2095E0+72 mov eax, [esp+10h+arg_0] pop edi pop esi mov [eax], ecx mov eax, 1 pop ebx pop ecx retn sub_2095E0 endp ; =========================================================================== db 7 dup(90h) ; *************** S U B R O U T I N E *************************************** OpenDeviceLCD proc near ; CODE XREF: SnyUtils_Init+120 BytesReturned = dword ptr -10h var_C = dword ptr -0Ch var_4 = dword ptr -4 push 0FFFFFFFFh push offset sub_209D5C mov eax, large fs:0 push eax mov large fs:0, esp push ecx mov eax, dword_20F178 add eax, 0FFFFFFF8h ; switch 8 cases cmp eax, 7 ja short loc_209713 ; default jmp ds:off_20984C[eax*4] ; switch jump loc_2096AA: ; DATA XREF: .text:off_20984C push 4 ; case 0x9 call ??2@YAPAXI@Z ; operator new(uint) add esp, 4 mov [esp+10h+BytesReturned], eax test eax, eax mov [esp+10h+var_4], 0 jz short loc_209736 mov ecx, eax call sub_201480 jmp short loc_209738 ; =========================================================================== loc_2096CD: ; CODE XREF: OpenDeviceLCD+23 ; DATA XREF: .text:off_20984C push 34h ; '4' ; case 0xE call ??2@YAPAXI@Z ; operator new(uint) add esp, 4 mov [esp+10h+BytesReturned], eax test eax, eax mov [esp+10h+var_4], 1 jz short loc_209736 mov ecx, eax call sub_201800 jmp short loc_209738 ; =========================================================================== loc_2096F0: ; CODE XREF: OpenDeviceLCD+23 ; DATA XREF: .text:off_20984C push 4 ; case 0x8 call ??2@YAPAXI@Z ; operator new(uint) add esp, 4 mov [esp+10h+BytesReturned], eax test eax, eax mov [esp+10h+var_4], 2 jz short loc_209736 mov ecx, eax call sub_2010C0 jmp short loc_209738 ; =========================================================================== loc_209713: ; CODE XREF: OpenDeviceLCD+21 ; OpenDeviceLCD+23 ; DATA XREF: ... push 4 ; default call ??2@YAPAXI@Z ; operator new(uint) add esp, 4 mov [esp+10h+BytesReturned], eax test eax, eax mov [esp+10h+var_4], 3 jz short loc_209736 mov ecx, eax call getVideoJumpTable01Ex jmp short loc_209738 ; =========================================================================== loc_209736: ; CODE XREF: OpenDeviceLCD+42 ; OpenDeviceLCD+65 ... xor eax, eax loc_209738: ; CODE XREF: OpenDeviceLCD+4B ; OpenDeviceLCD+6E ... test eax, eax mov [esp+10h+var_4], 0FFFFFFFFh mov dword_20F1D0, eax jnz short loc_209758 mov ecx, [esp+10h+var_C] mov large fs:0, ecx add esp, 10h retn ; =========================================================================== loc_209758: ; CODE XREF: OpenDeviceLCD+C7 mov eax, Win5x_64bit test eax, eax jz loc_209837 mov eax, hObject test eax, eax jnz loc_209837 push 64h ; 'd' call ??2@YAPAXI@Z ; operator new(uint) add esp, 4 test eax, eax mov lpOutBuffer, eax jz loc_209837 push 3 call ??2@YAPAXI@Z ; operator new(uint) add esp, 4 test eax, eax mov lpInBuffer, eax jz loc_209837 push 0 ; hTemplateFile push 80h ; '' ; dwFlagsAndAttributes push 3 ; dwCreationDisposition push 0 ; lpSecurityAttributes push 3 ; dwShareMode push 1F01FFh ; dwDesiredAccess push offset FileName ; "\\\\.\\LCD" call ds:CreateFileA cmp eax, 0FFFFFFFFh mov hObject, eax jz short loc_209803 mov edx, lpOutBuffer push 0 ; lpOverlapped lea ecx, [esp+14h+BytesReturned] push ecx ; lpBytesReturned push 64h ; 'd' ; nOutBufferSize push edx ; lpOutBuffer push 0 ; nInBufferSize push 0 ; lpInBuffer push 230494h ; dwIoControlCode push eax ; hDevice mov [esp+30h+BytesReturned], 0 call ds:DeviceIoControl test eax, eax jnz short loc_209821 mov eax, hObject test eax, eax jz short loc_209803 push eax ; hObject call ds:CloseHandle loc_209803: ; CODE XREF: OpenDeviceLCD+145 ; OpenDeviceLCD+17A mov hObject, 0 mov eax, 1 mov ecx, [esp+10h+var_C] mov large fs:0, ecx add esp, 10h retn ; =========================================================================== loc_209821: ; CODE XREF: OpenDeviceLCD+171 mov eax, [esp+10h+BytesReturned] lea ecx, [esp+10h+BytesReturned] push ecx mov dword_20F1D8, eax call sub_2095E0 add esp, 4 loc_209837: ; CODE XREF: OpenDeviceLCD+DF ; OpenDeviceLCD+EC ... mov ecx, [esp+10h+var_C] mov eax, 1 mov large fs:0, ecx add esp, 10h retn OpenDeviceLCD endp ; =========================================================================== align 4 off_20984C dd offset loc_2096F0, offset loc_2096AA, offset loc_209713 ; DATA XREF: OpenDeviceLCD+23 dd 2 dup(offset loc_2096F0), offset loc_2096AA, offset loc_2096CD ; jump table for switch statement dd offset loc_2096F0 db 4 dup(90h) ; *************** S U B R O U T I N E *************************************** sub_209870 proc near ; CODE XREF: sub_2098F0+98 arg_0 = dword ptr 4 arg_4 = dword ptr 8 call get64bit_hObject test eax, eax jz short loc_209887 mov eax, [esp+arg_4] push eax call sub_209540 add esp, 4 retn ; =========================================================================== loc_209887: ; CODE XREF: sub_209870+7 mov ecx, dword_20F1D0 test ecx, ecx jz short loc_2098A3 mov eax, [esp+arg_4] mov eax, [eax] mov edx, [ecx] push eax mov eax, [esp+4+arg_0] push eax call dword ptr [edx+24h] retn ; =========================================================================== loc_2098A3: ; CODE XREF: sub_209870+1F xor eax, eax retn sub_209870 endp ; =========================================================================== db 0Ah dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2098B0 proc near ; CODE XREF: sub_2098F0+85 arg_0 = dword ptr 4 arg_4 = dword ptr 8 call get64bit_hObject test eax, eax jz short loc_2098C7 mov eax, [esp+arg_4] push eax call sub_2095E0 add esp, 4 retn ; =========================================================================== loc_2098C7: ; CODE XREF: sub_2098B0+7 mov ecx, dword_20F1D0 test ecx, ecx jz short loc_2098E1 mov eax, [esp+arg_4] mov edx, [ecx] push eax mov eax, [esp+4+arg_0] push eax call dword ptr [edx+28h] retn ; =========================================================================== loc_2098E1: ; CODE XREF: sub_2098B0+1F xor eax, eax retn sub_2098B0 endp ; =========================================================================== db 0Ch dup(90h) ; *************** S U B R O U T I N E *************************************** sub_2098F0 proc near ; CODE XREF: SuCallDriverDWORD+67 arg_0 = dword ptr 4 arg_4 = dword ptr 8 arg_8 = dword ptr 0Ch mov eax, [esp+arg_4] dec eax cmp eax, 45h ; 'E' ja loc_209997 movzx eax, ds:byte_2099CC[eax] jmp ds:off_2099A8[eax*4] loc_20990C: ; DATA XREF: .text:002099B4 mov ecx, [esp+arg_8] mov edx, [esp+arg_0] push ecx push edx call sub_209400 add esp, 8 retn ; =========================================================================== loc_20991F: ; CODE XREF: sub_2098F0+15 ; DATA XREF: .text:002099B8 mov eax, [esp+arg_8] mov ecx, [esp+arg_0] push eax push ecx call sub_209460 add esp, 8 retn ; =========================================================================== loc_209932: ; CODE XREF: sub_2098F0+15 ; DATA XREF: .text:002099BC mov edx, [esp+arg_8] mov eax, [esp+arg_0] push edx push eax call sub_2094C0 add esp, 8 retn ; =========================================================================== loc_209945: ; CODE XREF: sub_2098F0+15 ; DATA XREF: .text:002099C0 mov ecx, [esp+arg_8] mov edx, [esp+arg_0] push ecx push edx call sub_2094E0 add esp, 8 retn ; =========================================================================== loc_209958: ; CODE XREF: sub_2098F0+15 ; DATA XREF: .text:002099C4 mov eax, [esp+arg_8] mov ecx, [esp+arg_0] push eax push ecx call doGetModelCapability add esp, 8 retn ; =========================================================================== loc_20996B: ; CODE XREF: sub_2098F0+15 ; DATA XREF: .text:off_2099A8 mov edx, [esp+arg_8] mov eax, [esp+arg_0] push edx push eax call sub_2098B0 add esp, 8 retn ; =========================================================================== loc_20997E: ; CODE XREF: sub_2098F0+15 ; DATA XREF: .text:002099AC mov ecx, [esp+arg_8] mov edx, [esp+arg_0] push ecx push edx call sub_209870 add esp, 8 retn ; =========================================================================== loc_209991: ; CODE XREF: sub_2098F0+15 ; DATA XREF: .text:002099B0 mov eax, 1 retn ; =========================================================================== loc_209997: ; CODE XREF: sub_2098F0+8 ; sub_2098F0+15 ; DATA XREF: ... mov eax, [esp+arg_0] mov dword ptr [eax+2Ch], 2 xor eax, eax retn sub_2098F0 endp ; =========================================================================== db 8Dh, 49h, 0 off_2099A8 dd offset loc_20996B ; DATA XREF: sub_2098F0+15 dd offset loc_20997E dd offset loc_209991 dd offset loc_20990C dd offset loc_20991F dd offset loc_209932 dd offset loc_209945 dd offset loc_209958 dd offset loc_209997 byte_2099CC db 0 ; DATA XREF: sub_2098F0+E ; =========================================================================== add [edx], eax or [eax], cl or [eax], cl or [ebx], al or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax+ecx], al or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl or [eax], cl add eax, 90070608h nop nop nop nop nop nop nop nop nop nop nop nop nop ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk ; void __cdecl operator delete(void *) ??3@YAXPAX@Z proc near ; CODE XREF: deleteArrayOfPointersVideo01+10 ; deleteArrayOfPointersVideo02+10 ... jmp ds:__imp_??3@YAXPAX@Z ; operator delete(void *) ??3@YAXPAX@Z endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk ; unsigned __int8 *__cdecl mbsstr(const unsigned __int8 *,const unsigned __int8 *) _mbsstr proc near ; CODE XREF: DMI_GetMachineID+306 ; GetVideoDeviceVendor+45 ... jmp ds:__imp__mbsstr _mbsstr endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk ; void __cdecl free(void *) free proc near ; CODE XREF: DMI_GetMachineID+22E ; DMI_GetMachineID+2B4 ... jmp ds:__imp_free free endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk ; void *__cdecl malloc(size_t) malloc proc near ; CODE XREF: DMI_GetMachineID+15E ; suDMI_GetMachineInfo+185 ... jmp ds:__imp_malloc malloc endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk ; char *__cdecl strstr(const char *,const char *) strstr proc near ; CODE XREF: getFunctionality_x068+10E ; getFunctionality_x068+120 ... jmp ds:__imp_strstr strstr endp ; *************** S U B R O U T I N E *************************************** ; Attributes: library function ; _onexit_t __cdecl _onexit(_onexit_t) __onexit proc near ; CODE XREF: _atexit+4 arg_0 = dword ptr 4 cmp dword_20F1F4, 0FFFFFFFFh jnz short loc_209A4D jmp ds:_onexit ; =========================================================================== loc_209A4D: ; CODE XREF: __onexit+7 push offset dword_20F1F0 push offset dword_20F1F4 push [esp+8+arg_0] call __dllonexit add esp, 0Ch retn __onexit endp ; *************** S U B R O U T I N E *************************************** ; Attributes: library function ; int __cdecl atexit(void (*)(void)) _atexit proc near ; CODE XREF: _CRT_INIT(x,x,x)+59 ; deleteSXBIOSstructs+F arg_0 = dword ptr 4 push [esp+arg_0] ; _onexit_t call __onexit neg eax sbb eax, eax neg eax pop ecx dec eax retn _atexit endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk ; wchar_t *__cdecl wcscpy(wchar_t *,const wchar_t *) wcscpy proc near ; CODE XREF: .text:00204A36 ; .text:00204A45 jmp ds:__imp_wcscpy wcscpy endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk ; void * __cdecl operator new(unsigned int) ??2@YAPAXI@Z proc near ; CODE XREF: SuOpen+4 ; SnyUtils_Init+64 ... jmp ds:__imp_??2@YAPAXI@Z ; operator new(uint) ??2@YAPAXI@Z endp ; =========================================================================== ; START OF FUNCTION CHUNK FOR callExceptionHandler loc_209A82: ; CODE XREF: callExceptionHandler+5 ; setExceptionHandler+5 ... jmp ds:__CxxFrameHandler ; END OF FUNCTION CHUNK FOR callExceptionHandler ; =========================================================================== db 8 dup(0CCh) ; *************** S U B R O U T I N E *************************************** ; Attributes: library function ; __stdcall _CRT_INIT(x, x, x) __CRT_INIT@12 proc near ; CODE XREF: DllEntryPoint+3B ; DllEntryPoint+5F ... var_4 = dword ptr -4 arg_4 = dword ptr 8 mov eax, [esp+arg_4] test eax, eax jnz short loc_209AA6 cmp dword_20F1E4, eax jle short loc_209ACE dec dword_20F1E4 loc_209AA6: ; CODE XREF: _CRT_INIT(x,x,x)+6 cmp eax, 1 mov ecx, ds:_adjust_fdiv mov ecx, [ecx] mov dword_20F1E8, ecx jnz short loc_209B08 push 80h ; '' ; size_t call ds:__imp_malloc test eax, eax pop ecx mov dword_20F1F4, eax jnz short loc_209AD2 loc_209ACE: ; CODE XREF: _CRT_INIT(x,x,x)+E xor eax, eax jmp short locret_209B4B ; =========================================================================== loc_209AD2: ; CODE XREF: _CRT_INIT(x,x,x)+3C and dword ptr [eax], 0 mov eax, dword_20F1F4 mov dword_20F1F0, eax call sub_209BF8 push offset sub_209C3C ; void (*)(void) call _atexit mov [esp+4+var_4], offset dword_20E008 push offset dword_20E000 call _initterm inc dword_20F1E4 pop ecx jmp short loc_209B47 ; =========================================================================== loc_209B08: ; CODE XREF: _CRT_INIT(x,x,x)+27 test eax, eax jnz short loc_209B48 mov eax, dword_20F1F4 test eax, eax jz short loc_209B48 jmp short loc_209B2A ; =========================================================================== loc_209B17: ; CODE XREF: _CRT_INIT(x,x,x)+A7 mov ecx, dword_20F1F0 mov ecx, [ecx] test ecx, ecx jz short loc_209B2A call ecx mov eax, dword_20F1F4 loc_209B2A: ; CODE XREF: _CRT_INIT(x,x,x)+85 ; _CRT_INIT(x,x,x)+91 sub dword_20F1F0, 4 cmp dword_20F1F0, eax jnb short loc_209B17 push eax ; void * call ds:__imp_free and dword_20F1F4, 0 loc_209B47: ; CODE XREF: _CRT_INIT(x,x,x)+76 pop ecx loc_209B48: ; CODE XREF: _CRT_INIT(x,x,x)+7A ; _CRT_INIT(x,x,x)+83 xor eax, eax inc eax locret_209B4B: ; CODE XREF: _CRT_INIT(x,x,x)+40 retn 0Ch __CRT_INIT@12 endp ; *************** S U B R O U T I N E *************************************** ; Attributes: library function bp-based frame ; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpReserved) DllEntryPoint proc near hinstDLL = dword ptr 8 fdwReason = dword ptr 0Ch lpReserved = byte ptr 10h push ebp mov ebp, esp push ebx mov ebx, [ebp+hinstDLL] push esi mov esi, [ebp+fdwReason] test esi, esi push edi mov edi, dword ptr [ebp+lpReserved] jnz short testReason_is1 cmp dword_20F1E4, 0 jmp short checkFunctionPointer_020F1E4 ; =========================================================================== testReason_is1: ; CODE XREF: DllEntryPoint+11 cmp esi, 1 jz short checkFunctionPointer_020F1EC cmp esi, 2 jnz short callDllMain checkFunctionPointer_020F1EC: ; CODE XREF: DllEntryPoint+1F mov eax, dword_20F1EC test eax, eax jz short initCRT push edi push esi push ebx call eax ; call function pointer @ 0x20F1EC test eax, eax jz short exitFalse initCRT: ; CODE XREF: DllEntryPoint+2D push edi push esi push ebx call __CRT_INIT@12 ; _CRT_INIT(x,x,x) test eax, eax checkFunctionPointer_020F1E4: ; CODE XREF: DllEntryPoint+1A jnz short callDllMain exitFalse: ; CODE XREF: DllEntryPoint+36 xor eax, eax jmp short exit ; =========================================================================== callDllMain: ; CODE XREF: DllEntryPoint+24 ; DllEntryPoint:checkFunctionPointer_020F1E4 push edi ; lpvReserved push esi ; fdwReason push ebx ; hinstDLL call _DllMain@12 ; DllMain(x,x,x) cmp esi, 1 mov [ebp+fdwReason], eax jnz short checkArg_isZero test eax, eax jnz short exitSetResult push edi push eax push ebx call __CRT_INIT@12 ; _CRT_INIT(x,x,x) checkArg_isZero: ; CODE XREF: DllEntryPoint+56 test esi, esi jz short doInitCRTcall cmp esi, 3 jnz short exitSetResult doInitCRTcall: ; CODE XREF: DllEntryPoint+66 push edi push esi push ebx call __CRT_INIT@12 ; _CRT_INIT(x,x,x) test eax, eax jnz short checkCanDoCall and [ebp+fdwReason], eax checkCanDoCall: ; CODE XREF: DllEntryPoint+77 cmp [ebp+fdwReason], 0 jz short exitSetResult mov eax, dword_20F1EC test eax, eax jz short exitSetResult push edi push esi push ebx call eax mov [ebp+fdwReason], eax exitSetResult: ; CODE XREF: DllEntryPoint+5A ; DllEntryPoint+6B ... mov eax, [ebp+fdwReason] exit: ; CODE XREF: DllEntryPoint+46 pop edi pop esi pop ebx pop ebp retn 0Ch DllEntryPoint endp ; =========================================================================== align 4 ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk __dllonexit proc near ; CODE XREF: __onexit+1D jmp ds:__imp___dllonexit __dllonexit endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk _initterm proc near ; CODE XREF: _CRT_INIT(x,x,x)+6A jmp ds:__imp__initterm _initterm endp ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame sub_209BF8 proc near ; CODE XREF: _CRT_INIT(x,x,x)+4F var_1C = dword ptr -1Ch ms_exc = dword ptr -18h var_4 = dword ptr -4 push 0Ch push offset stru_20C9E0 call __SEH_prolog mov [ebp+var_1C], offset dword_20CA00 loc_209C0B: ; CODE XREF: sub_209BF8+3C cmp [ebp+var_1C], offset dword_20CA00 jnb short loc_209C36 and [ebp+var_4], 0 mov eax, [ebp+var_1C] mov eax, [eax] test eax, eax jz short loc_209C2C call eax jmp short loc_209C2C ; =========================================================================== loc_209C25: ; DATA XREF: .rdata:stru_20C9E0 xor eax, eax inc eax retn ; =========================================================================== loc_209C29: ; DATA XREF: .rdata:stru_20C9E0 mov esp, [ebp+ms_exc] loc_209C2C: ; CODE XREF: sub_209BF8+27 ; sub_209BF8+2B or [ebp+var_4], 0FFFFFFFFh add [ebp+var_1C], 4 jmp short loc_209C0B ; =========================================================================== loc_209C36: ; CODE XREF: sub_209BF8+1A call __SEH_epilog retn sub_209BF8 endp ; *************** S U B R O U T I N E *************************************** ; Attributes: bp-based frame ; void sub_209C3C(void) sub_209C3C proc near ; DATA XREF: _CRT_INIT(x,x,x)+54 var_1C = dword ptr -1Ch ms_exc = dword ptr -18h var_4 = dword ptr -4 push 0Ch push offset stru_20C9F0 call __SEH_prolog mov [ebp+var_1C], offset dword_20CA08 loc_209C4F: ; CODE XREF: sub_209C3C+3C cmp [ebp+var_1C], offset dword_20CA08 jnb short loc_209C7A and [ebp+var_4], 0 mov eax, [ebp+var_1C] mov eax, [eax] test eax, eax jz short loc_209C70 call eax jmp short loc_209C70 ; =========================================================================== loc_209C69: ; DATA XREF: .rdata:stru_20C9F0 xor eax, eax inc eax retn ; =========================================================================== loc_209C6D: ; DATA XREF: .rdata:stru_20C9F0 mov esp, [ebp+ms_exc] loc_209C70: ; CODE XREF: sub_209C3C+27 ; sub_209C3C+2B or [ebp+var_4], 0FFFFFFFFh add [ebp+var_1C], 4 jmp short loc_209C4F ; =========================================================================== loc_209C7A: ; CODE XREF: sub_209C3C+1A call __SEH_epilog retn sub_209C3C endp ; *************** S U B R O U T I N E *************************************** ; Attributes: library function __SEH_prolog proc near ; CODE XREF: sub_209BF8+7 ; sub_209C3C+7 arg_4 = dword ptr 8 push offset _except_handler3 mov eax, large fs:0 push eax mov eax, [esp+8+arg_4] mov [esp+8+arg_4], ebp lea ebp, [esp+8+arg_4] sub esp, eax push ebx push esi push edi mov eax, [ebp-8] mov [ebp-18h], esp push eax mov eax, [ebp-4] mov dword ptr [ebp-4], 0FFFFFFFFh mov [ebp-8], eax lea eax, [ebp-10h] mov large fs:0, eax retn __SEH_prolog endp ; sp = -18h ; *************** S U B R O U T I N E *************************************** ; Attributes: library function __SEH_epilog proc near ; CODE XREF: sub_209BF8:loc_209C36 ; sub_209C3C:loc_209C7A mov ecx, [ebp-10h] mov large fs:0, ecx pop ecx pop edi pop esi pop ebx leave push ecx retn __SEH_epilog endp ; *************** S U B R O U T I N E *************************************** ; Attributes: thunk _except_handler3 proc near ; DATA XREF: __SEH_prolog jmp ds:__imp__except_handler3 _except_handler3 endp ; =========================================================================== db 0Eh dup(0CCh) ; *************** S U B R O U T I N E *************************************** sub_209CE0 proc near ; DATA XREF: .rdata:stru_20CA0C mov eax, [ebp-10h] push eax call ??3@YAXPAX@Z ; operator delete(void *) pop ecx retn sub_209CE0 endp ; *************** S U B R O U T I N E *************************************** sub_209CEB proc near ; DATA XREF: .rdata:stru_20CA0C mov eax, [ebp-10h] push eax call ??3@YAXPAX@Z ; operator delete(void *) pop ecx retn sub_209CEB endp ; *************** S U B R O U T I N E *************************************** ; Microsoft VisualC 2-8/net runtime ; Attributes: library function unknown_libname_1 proc near ; DATA XREF: .rdata:stru_20CA0C mov eax, [ebp-10h] push eax call ??3@YAXPAX@Z ; operator delete(void *) pop ecx retn unknown_libname_1 endp ; *************** S U B R O U T I N E *************************************** callExceptionHandler proc near ; DATA XREF: SnyUtils_Init+8 ; FUNCTION CHUNK AT 00209A82 SIZE 00000006 BYTES mov eax, offset msException jmp loc_209A82 callExceptionHandler endp ; =========================================================================== db 5 dup(0CCh) ; *************** S U B R O U T I N E *************************************** sub_209D10 proc near ; DATA XREF: .rdata:stru_20CA40 mov ecx, [ebp-10h] jmp getFunctionJumpTable1 sub_209D10 endp ; *************** S U B R O U T I N E *************************************** setExceptionHandler proc near ; DATA XREF: initMachineIDandClass+2 mov eax, offset stru_20CA48 jmp loc_209A82 setExceptionHandler endp ; =========================================================================== db 0Eh dup(0CCh) ; *************** S U B R O U T I N E *************************************** ; Microsoft VisualC 2-8/net runtime ; Attributes: library function unknown_libname_2 proc near ; DATA XREF: .rdata:stru_20CA64 mov eax, [ebp-10h] push eax call ??3@YAXPAX@Z ; operator delete(void *) pop ecx retn unknown_libname_2 endp ; *************** S U B R O U T I N E *************************************** sub_209D3B proc near ; DATA XREF: .rdata:stru_20CA64 mov eax, [ebp-10h] push eax call ??3@YAXPAX@Z ; operator delete(void *) pop ecx retn sub_209D3B endp ; *************** S U B R O U T I N E *************************************** sub_209D46 proc near ; DATA XREF: .rdata:stru_20CA64 mov eax, [ebp-10h] push eax call ??3@YAXPAX@Z ; operator delete(void *) pop ecx retn sub_209D46 endp ; *************** S U B R O U T I N E *************************************** sub_209D51 proc near ; DATA XREF: .rdata:stru_20CA64 mov eax, [ebp-10h] push eax call ??3@YAXPAX@Z ; operator delete(void *) pop ecx retn sub_209D51 endp ; *************** S U B R O U T I N E *************************************** sub_209D5C proc near ; DATA XREF: OpenDeviceLCD+2 mov eax, offset stru_20CA84 jmp loc_209A82 sub_209D5C endp ; =========================================================================== db 0Ah dup(0CCh) ; *************** S U B R O U T I N E *************************************** deleteSXBIOSstructs proc near ; DATA XREF: .data:0020E004 mov ecx, offset libDataSXBIOSstruct call zeroVideoFunctionTable push offset deleteLibDataSXBIOSstruct ; void (*)(void) call _atexit pop ecx retn ; =========================================================================== db 0Ah dup(90h) ; =========================================================================== ; void deleteLibDataSXBIOSstruct(void) deleteLibDataSXBIOSstruct: ; DATA XREF: deleteSXBIOSstructs+A mov ecx, offset libDataSXBIOSstruct ; Microsoft VisualC 2-8/net runtime jmp getDeleteBufferFunc deleteSXBIOSstructs endp ; =========================================================================== db 6 dup(90h), 260h dup(0) _text ends ; Section 2. (virtual address 0000A000) ; Virtual size : 00003233 ( 12851.) ; Section size in file : 00004000 ( 16384.) ; Offset to raw data for section: 0000A000 ; Flags 40000040: Data Readable ; Alignment : default ; ; Imports from ADVAPI32.dll ; ; 様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; Segment type: Externs ; _idata ; LONG __stdcall RegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult) extrn RegOpenKeyExA:dword ; DATA XREF: Get_TestMachineID+18 ; DMI_GetMachineID+32 ... ; LONG __stdcall RegQueryValueExA(HKEY hKey,LPCSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData) extrn RegQueryValueExA:dword ; DATA XREF: Get_TestMachineID+27 ; Get_TestMachineID+4F ... ; LONG __stdcall RegCloseKey(HKEY hKey) extrn RegCloseKey:dword ; DATA XREF: Get_TestMachineID+7B ; DMI_GetMachineID+97 ... ; ; Imports from KERNEL32.dll ; ; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes,DWORD dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId) extrn CreateThread:dword ; DATA XREF: createEventThread+C8 ; SuOpen+57 ; DWORD __stdcall WaitForMultipleObjects(DWORD nCount,const HANDLE *lpHandles,BOOL bWaitAll,DWORD dwMilliseconds) extrn WaitForMultipleObjects:dword ; DATA XREF: StartAddress+14 ; StartAddress+35 ... ; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation) extrn GetVersionExA:dword ; DATA XREF: isWin5_64bit+2A ; Get extended information about the ; version of the operating system ; HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes,BOOL bManualReset,BOOL bInitialState,LPCSTR lpName) extrn CreateEventA:dword ; DATA XREF: createSonyAsyncEvent+50 ; createEventThread+AE ... ; BOOL __stdcall SetEvent(HANDLE hEvent) extrn SetEvent:dword ; DATA XREF: terminateThreadCloseHandles+1B ; sub_2088F0+32 ; DWORD __stdcall WaitForSingleObject(HANDLE hHandle,DWORD dwMilliseconds) extrn WaitForSingleObject:dword ; DATA XREF: terminateThreadCloseHandles+2E ; SuClose+7B ... ; BOOL __stdcall TerminateThread(HANDLE hThread,DWORD dwExitCode) extrn TerminateThread:dword ; DATA XREF: terminateThreadCloseHandles+41 ; SuClose+8E ... ; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn EnterCriticalSection:dword ; DATA XREF: SuSetPowerState-33FA ; SuSetDefaultPowerState-316A ... ; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn LeaveCriticalSection:dword ; DATA XREF: SuSetPowerState-319A ; SuSetDefaultPowerState-3137 ... ; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn DeleteCriticalSection:dword ; DATA XREF: unlockCriticalSection+6 ; unload+33 ; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection) extrn InitializeCriticalSection:dword ; DATA XREF: initPowerProfile+16D ; SnyUtils_Init+1D ; DWORD GetCurrentProcessId(void) extrn GetCurrentProcessId:dword ; DATA XREF: createRegisterWindowMsg+26 extrn ProcessIdToSessionId:dword ; DATA XREF: createRegisterWindowMsg+34 ; DWORD GetCurrentThreadId(void) extrn GetCurrentThreadId:dword ; DATA XREF: createRegisterWindowMsg+3E ; DWORD GetLastError(void) extrn GetLastError:dword ; DATA XREF: SNC_Device_Open:loc_203404 ; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile) extrn CreateFileA:dword ; DATA XREF: DMI_GetMachineID+10B ; suDMI_GetMachineInfo+129 ... ; BOOL __stdcall DeviceIoControl(HANDLE hDevice,DWORD dwIoControlCode,LPVOID lpInBuffer,DWORD nInBufferSize,LPVOID lpOutBuffer,DWORD nOutBufferSize,LPDWORD lpBytesReturned,LPOVERLAPPED lpOverlapped) extrn DeviceIoControl:dword ; DATA XREF: DMI_GetMachineID+13D ; DMI_GetMachineID+1B5 ... ; BOOL __stdcall FreeLibrary(HMODULE hLibModule) extrn FreeLibrary:dword ; DATA XREF: getVideoJumpTable04+11 ; Unload_Library+20 ... ; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName) extrn GetProcAddress:dword ; DATA XREF: sub_201860+32 ; sub_201860+3E ... ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName) extrn LoadLibraryA:dword ; DATA XREF: sub_201860+21 ; SXBIOS_Load+9F ... ; BOOL __stdcall CloseHandle(HANDLE hObject) extrn CloseHandle:dword ; DATA XREF: DMI_GetMachineID+227 ; DMI_GetMachineID+2BD ... ; ; Imports from MSVCR70.dll ; extrn __imp__except_handler3:dword ; DATA XREF: _except_handler3 extrn _adjust_fdiv:dword ; DATA XREF: _CRT_INIT(x,x,x)+19 extrn __imp__initterm:dword ; DATA XREF: _initterm ; _onexit_t __cdecl onexit(_onexit_t) extrn _onexit:dword ; DATA XREF: __onexit+9 extrn __imp___dllonexit:dword ; DATA XREF: __dllonexit extrn __CxxFrameHandler:dword ; DATA XREF: callExceptionHandler:loc_209A82 ; __declspec(dllimport) void * __cdecl operator new(unsigned int) extrn __imp_??2@YAPAXI@Z:dword ; DATA XREF: operator new(uint) ; wchar_t *__cdecl wcscpy(wchar_t *,const wchar_t *) extrn __imp_wcscpy:dword ; DATA XREF: wcscpy ; char *__cdecl strstr(const char *,const char *) extrn __imp_strstr:dword ; DATA XREF: strstr ; void *__cdecl malloc(size_t) extrn __imp_malloc:dword ; DATA XREF: malloc ; _CRT_INIT(x,x,x)+2E ; void __cdecl free(void *) extrn __imp_free:dword ; DATA XREF: free ; _CRT_INIT(x,x,x)+AA ; unsigned __int8 *__cdecl _mbsstr(const unsigned __int8 *,const unsigned __int8 *) extrn __imp__mbsstr:dword ; DATA XREF: _mbsstr ; __declspec(dllimport) void __cdecl operator delete(void *) extrn __imp_??3@YAXPAX@Z:dword ; DATA XREF: operator delete(void *) ; ; Imports from SETUPAPI.dll ; ; BOOL __stdcall SetupDiEnumDeviceInterfaces(HDEVINFO DeviceInfoSet,PSP_DEVINFO_DATA DeviceInfoData,LPGUID InterfaceClassGuid,DWORD MemberIndex,PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData) extrn SetupDiEnumDeviceInterfaces:dword ; DATA XREF: SNC_Device_Open+40 ; registerACPInotifyHandler+98 ... ; BOOL __stdcall SetupDiGetDeviceInterfaceDetailA(HDEVINFO DeviceInfoSet,PSP_DEVICE_INTERFACE_DATA DeviceInterfaceData,PSP_DEVICE_INTERFACE_DETAIL_DATA_A DeviceInterfaceDetailData,DWORD DeviceInterfaceDetailDataSize,PDWORD RequiredSize,PSP_DEVINFO_DATA DeviceInfoData) extrn SetupDiGetDeviceInterfaceDetailA:dword ; DATA XREF: SNC_Device_Open+4A ; SNC_Device_Open+5E ... ; HDEVINFO __stdcall SetupDiGetClassDevsA(LPGUID ClassGuid,PCSTR Enumerator,HWND hwndParent,DWORD Flags) extrn SetupDiGetClassDevsA:dword ; DATA XREF: getFunctionality_x068+78 ; SNC_Device_Open+17 ... ; HKEY __stdcall SetupDiOpenDevRegKey(HDEVINFO DeviceInfoSet,PSP_DEVINFO_DATA DeviceInfoData,DWORD Scope,DWORD HwProfile,DWORD KeyType,REGSAM samDesired) extrn SetupDiOpenDevRegKey:dword ; DATA XREF: getFunctionality_x068+19B ; BOOL __stdcall SetupDiGetDeviceRegistryPropertyA(HDEVINFO DeviceInfoSet,PSP_DEVINFO_DATA DeviceInfoData,DWORD Property,PDWORD PropertyRegDataType,PBYTE PropertyBuffer,DWORD PropertyBufferSize,PDWORD RequiredSize) extrn SetupDiGetDeviceRegistryPropertyA:dword ; DATA XREF: getFunctionality_x068+B1 ; getFunctionality_x068+CF ... ; BOOL __stdcall SetupDiDestroyDeviceInfoList(HDEVINFO DeviceInfoSet) extrn SetupDiDestroyDeviceInfoList:dword ; DATA XREF: getFunctionality_x068+258 ; SNC_Device_Open+A5 ... ; BOOL __stdcall SetupDiEnumDeviceInfo(HDEVINFO DeviceInfoSet,DWORD MemberIndex,PSP_DEVINFO_DATA DeviceInfoData) extrn SetupDiEnumDeviceInfo:dword ; DATA XREF: getFunctionality_x068+A3 ; getFunctionality_x068+177 ; ; Imports from USER32.dll ; ; HDEVNOTIFY __stdcall RegisterDeviceNotificationA(HANDLE hRecipient,LPVOID NotificationFilter,DWORD Flags) extrn RegisterDeviceNotificationA:dword ; DATA XREF: registerForSNCdeviceNotifications+92 ; registerACPInotifyHandler+15E ; BOOL __stdcall UnregisterDeviceNotification(HDEVNOTIFY Handle) extrn UnregisterDeviceNotification:dword ; DATA XREF: sub_2039E0+B ; resetACPInotifyHandler+26 ... ; BOOL __stdcall KillTimer(HWND hWnd,UINT uIDEvent) extrn KillTimer:dword ; DATA XREF: subWndMsg0113+F ; LRESULT __stdcall DefWindowProcA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam) extrn DefWindowProcA:dword ; DATA XREF: .text:00203F31 ; void __stdcall PostQuitMessage(int nExitCode) extrn PostQuitMessage:dword ; DATA XREF: .text:00203ECD ; .text:00203EE9 ; BOOL __stdcall EnumDisplayDevicesA(PVOID Unused,DWORD iDevNum,PDISPLAY_DEVICEA lpDisplayDevice,DWORD dwFlags) extrn EnumDisplayDevicesA:dword ; DATA XREF: GetVideoDeviceVendor+2D ; BOOL __stdcall UnregisterClassA(LPCSTR lpClassName,HINSTANCE hInstance) extrn UnregisterClassA:dword ; DATA XREF: createMainWndClass+C3 ; BOOL __stdcall TranslateMessage(const MSG *lpMsg) extrn TranslateMessage:dword ; DATA XREF: createMainWndClass+90 ; createMainWndClass+A0 ; LONG __stdcall DispatchMessageA(const MSG *lpMsg) extrn DispatchMessageA:dword ; DATA XREF: createMainWndClass+89 ; createMainWndClass+A7 ; BOOL __stdcall GetMessageA(LPMSG lpMsg,HWND hWnd,UINT wMsgFilterMin,UINT wMsgFilterMax) extrn GetMessageA:dword ; DATA XREF: createMainWndClass+74 ; createMainWndClass+82 ... ; HWND __stdcall CreateWindowExA(DWORD dwExStyle,LPCSTR lpClassName,LPCSTR lpWindowName,DWORD dwStyle,int X,int Y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE hInstance,LPVOID lpParam) extrn CreateWindowExA:dword ; DATA XREF: createMainWndClass+60 ; ATOM __stdcall RegisterClassA(const WNDCLASSA *lpWndClass) extrn RegisterClassA:dword ; DATA XREF: createMainWndClass+40 ; LRESULT __stdcall SendMessageA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam) extrn SendMessageA:dword ; DATA XREF: SuOpen+DB SuClose+3C ; int __stdcall GetSystemMetrics(int nIndex) extrn GetSystemMetrics:dword ; DATA XREF: sub_209400+2 ; sub_209400+A ... ; UINT __stdcall SetTimer(HWND hWnd,UINT nIDEvent,UINT uElapse,TIMERPROC lpTimerFunc) extrn SetTimer:dword ; DATA XREF: subWndMsg01112+2F ; subWndMsg0113+7D ; UINT __stdcall RegisterWindowMessageA(LPCSTR lpString) extrn RegisterWindowMessageA:dword ; DATA XREF: createRegisterWindowMsg+5E ; SuOpen:registerWindowMessage ... ; BOOL __stdcall PostMessageA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam) extrn PostMessageA:dword ; DATA XREF: notifyHandlerEx+342 ; notifyHandler+314 ... ; int wsprintfA(LPSTR,LPCSTR,...) extrn wsprintfA:dword ; DATA XREF: createRegisterWindowMsg+50 ; createSonyAsyncEvent+3C ... ; 様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; Segment type: Pure data _rdata segment para public 'DATA' use32 assume cs:_rdata ;org 20A10Ch db 4 dup(0) videoJumpTable01 dd offset deleteArrayOfPointersVideo01, offset callTableFunc02 ; DATA XREF: getVideoJumpTable01Ex+2 ; getVideoJumpTable01 dd offset doNothingPop08_Return0, offset doNothingPop04_Return0 dd offset callTableFunc03, offset doNothingPop04_Return0 dd offset callTableFunc05, offset jmpTableFunc0B, offset jmpTableFunc0C dd 2 dup(offset doNothingPop08_Return0), offset callTableFunc0C dd offset doNothingPop04_Return0 videoJumpTable02 dd offset deleteArrayOfPointersVideo02, offset callSN06orSXBIOS_A082_0007 ; DATA XREF: sub_2010C0+8 ; getVideoJumpTable02 dd offset doNothingPop08_Return0, offset doNothingPop04_Return0 dd offset callSN06orSXBIOS_A084, offset doNothingPop04_Return0 dd offset callSN06orSXBIOS_A083_000F, offset jmpTableFunc0B dd offset jmpTableFunc0C, 2 dup(offset doNothingPop08_Return0) dd offset callSN06orSXBIOS_A084_0100, offset doNothingPop04_Return0 videoJumpTable03 dd offset deleteArrayOfPointersVideo03, offset callSN06orSXBIOS_5F61_0100 ; DATA XREF: sub_201480+8 ; getVideoJumpTable03 dd offset doNothingPop08_Return0, offset doNothingPop04_Return0 dd offset callSN06orSXBIOS_5F64_0100, offset doNothingPop04_Return0 dd offset callSN06orSXBIOS_5F64_0200, offset jmpTableFunc0B dd offset jmpTableFunc0C, 2 dup(offset doNothingPop08_Return0) dd offset method_SODV, offset doNothingPop04_Return0 db 4 dup(0) videoJumpTable04 dd offset deleteArrayOfPointersVideo04, offset callTableFunc02 ; DATA XREF: sub_201800+17 ; getVideoJumpTable04+8 dd offset doNothingPop08_Return0, offset doNothingPop04_Return0 dd offset callTableFunc03, offset doNothingPop04_Return0 dd offset callTableFunc05, offset jmpTableFunc0B, offset jmpTableFunc0C dd offset callTableFunc10_0F_0E, offset callTableFunc10_0F dd offset callTableFunc0C, offset doNothingPop04_Return0 dd offset testArrayReturnIndex_1_8, offset returnValueAtIndex_offsetBase03 dd offset sub_2018E0, offset sub_201860 ; char aNvsetpanelbrig[] aNvsetpanelbrig db 'NvSetPanelBrightness',0 ; DATA XREF: sub_201860+43 db 3 dup(0) ; char aNvgetpanelbrig[] aNvgetpanelbrig db 'NvGetPanelBrightness',0 ; DATA XREF: sub_201860+38 db 3 dup(0) ; char aNvcpl_dll[] aNvcpl_dll db 'NvCpl.dll',0 ; DATA XREF: sub_201860:loc_20187C db 2 dup(0) BiosSignatures db 5Ah ; Z unk_20A231 db 30h ; 0 ; DATA XREF: DMI_GetMachineID+259 ; RAW_GetMachineID+3E db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 dword_20A23C dd 1 ; DATA XREF: DMI_GetMachineID+2EA ; RAW_GetMachineID+50 db 48h ; H db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 4Bh ; K db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 4Bh ; K db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4 db 0 db 0 db 0 db 41h ; A db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 5 db 0 db 0 db 0 db 4Dh ; M db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 6 db 0 db 0 db 0 db 5Ah ; Z db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 7 db 0 db 0 db 0 db 5Ah ; Z db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 7 db 0 db 0 db 0 db 44h ; D db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 9 db 0 db 0 db 0 db 4Bh ; K db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Ah db 0 db 0 db 0 db 41h ; A db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Ch db 0 db 0 db 0 db 44h ; D db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Dh db 0 db 0 db 0 db 55h ; U db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 11h db 0 db 0 db 0 db 55h ; U db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 11h db 0 db 0 db 0 db 50h ; P db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Eh db 0 db 0 db 0 db 50h ; P db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Eh db 0 db 0 db 0 db 5Ah ; Z db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0Bh db 0 db 0 db 0 db 43h ; C db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 14h db 0 db 0 db 0 db 45h ; E db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 15h db 0 db 0 db 0 db 55h ; U db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 16h db 0 db 0 db 0 db 43h ; C db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 18h db 0 db 0 db 0 db 42h ; B db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 19h db 0 db 0 db 0 db 42h ; B db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1Eh db 0 db 0 db 0 db 47h ; G db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 24h ; $ db 0 db 0 db 0 db 42h ; B db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 22h ; " db 0 db 0 db 0 db 47h ; G db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 20h db 0 db 0 db 0 db 4Bh ; K db 37h ; 7 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 25h ; % db 0 db 0 db 0 db 46h ; F db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 26h ; & db 0 db 0 db 0 db 42h ; B db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 22h ; " db 0 db 0 db 0 db 4Bh ; K db 39h ; 9 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 28h ; ( db 0 db 0 db 0 db 57h ; W db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 29h ; ) db 0 db 0 db 0 db 47h ; G db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2Bh ; + db 0 db 0 db 0 db 47h ; G db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2Ch ; , db 0 db 0 db 0 db 58h ; X db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2Dh ; - db 0 db 0 db 0 db 58h ; X db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2Eh ; . db 0 db 0 db 0 db 46h ; F db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2Fh ; / db 0 db 0 db 0 db 47h ; G db 34h ; 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 30h ; 0 db 0 db 0 db 0 db 47h ; G db 35h ; 5 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 31h ; 1 db 0 db 0 db 0 db 47h ; G db 37h ; 7 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 33h ; 3 db 0 db 0 db 0 db 47h ; G db 39h ; 9 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 34h ; 4 db 0 db 0 db 0 db 58h ; X db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2Eh ; . db 0 db 0 db 0 db 4Ah ; J db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 36h ; 6 db 0 db 0 db 0 db 46h ; F db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 37h ; 7 db 0 db 0 db 0 db 56h ; V db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 38h ; 8 db 0 db 0 db 0 db 58h ; X db 34h ; 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 39h ; 9 db 0 db 0 db 0 db 46h ; F db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Ah ; : db 0 db 0 db 0 db 4Ah ; J db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 36h ; 6 db 0 db 0 db 0 db 56h ; V db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 58h ; X db 35h ; 5 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Dh ; = db 0 db 0 db 0 db 58h ; X db 36h ; 6 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Fh ; ? db 0 db 0 db 0 db 4Eh ; N db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 42h ; B db 0 db 0 db 0 db 4Ah ; J db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 46h ; F db 34h ; 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 44h ; D db 0 db 0 db 0 db 4Ah ; J db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 1 db 10h db 0 db 0 db 57h ; W db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 45h ; E db 0 db 0 db 0 db 57h ; W db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 4Eh ; N db 32h ; 2 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 47h ; G db 0 db 0 db 0 db 4Eh ; N db 33h ; 3 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 48h ; H db 0 db 0 db 0 db 4Ah ; J db 36h ; 6 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 49h ; I db 0 db 0 db 0 db 58h ; X db 37h ; 7 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Ah ; J db 0 db 0 db 0 db 58h ; X db 38h ; 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Ah ; J db 0 db 0 db 0 db 4Eh ; N db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 42h ; B db 0 db 0 db 0 db 4Ah ; J db 34h ; 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Ch ; L db 0 db 0 db 0 db 4Ah ; J db 34h ; 4 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Dh ; M db 0 db 0 db 0 db 4Eh ; N db 35h ; 5 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Bh ; K db 0 db 0 db 0 db 4Eh ; N db 36h ; 6 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Bh ; K db 0 db 0 db 0 db 4Ah ; J unk_20A651 db 37h ; 7 ; DATA XREF: DMI_GetMachineID+243 ; RAW_GetMachineID+2C db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 50h ; P db 0 db 0 db 0 ; unsigned __int8 BiosSignatures_legacy BiosSignatures_legacy db 'PIZZA',0,0,0,0,0,0,0,0 ; DATA XREF: DMI_GetMachineID+2FA db 0 db 0 db 0 db 0 db 0 db 0 db 0 dword_20A674 dd 2Ah ; DATA XREF: DMI_GetMachineID+32D aDiretto db 'DIRETTO',0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 32h ; 2 db 0 db 0 db 0 db 50h ; P db 41h ; A db 53h ; S db 54h ; T db 41h ; A db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 35h ; 5 db 0 db 0 db 0 db 50h ; P db 54h ; T db 47h ; G db 44h ; D db 32h ; 2 db 2Dh ; - db 4Fh ; O db 4Dh ; M db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Bh ; ; db 0 db 0 db 0 db 45h ; E db 4Eh ; N db 4Ch ; L db 49h ; I db 4Ch ; L db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Eh ; > db 0 db 0 db 0 db 50h ; P db 35h ; 5 db 4Ch ; L db 50h ; P db 2Dh ; - db 4Fh ; O db 4Dh ; M db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 3Bh ; ; db 0 db 0 db 0 db 50h ; P db 52h ; R db 41h ; A db 47h ; G db 55h ; U db 45h ; E db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 41h ; A db 0 db 0 db 0 db 54h ; T db 41h ; A db 4Ch ; L db 41h ; A db 53h ; S db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 40h ; @ db 0 db 0 db 0 db 54h ; T db 41h ; A db 4Ch ; L db 41h ; A db 53h ; S db 32h ; 2 db 52h ; R db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 40h ; @ db 0 db 0 db 0 db 54h ; T db 41h ; A db 4Ch ; L db 41h ; A db 53h ; S db 32h ; 2 db 44h ; D db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 40h ; @ db 0 db 0 db 0 db 4Eh ; N db 49h ; I db 41h ; A db 43h ; C db 49h ; I db 4Eh ; N db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 40h ; @ db 0 db 0 db 0 db 54h ; T db 4Fh ; O db 4Bh ; K db 59h ; Y db 4Fh ; O db 54h ; T db 4Fh ; O db 57h ; W db 45h ; E db 52h ; R db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Eh ; N db 0 db 0 db 0 db 54h ; T db 52h ; R db 4Fh ; O db 47h ; G db 44h ; D db 4Fh ; O db 52h ; R db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4Fh ; O db 0 db 0 db 0 ; char ValueName[] ValueName db 'dwTestMachineID',0 ; DATA XREF: Get_TestMachineID+39 ; Get_TestMachineID+65 ... ; char SubKey[] SubKey db 'SOFTWARE\Sony Corporation\Shared Info\Shared DLLs',0 ; DATA XREF: Get_TestMachineID+E db 2 dup(0) device_path_root dd 5C2E5C5Ch ; DATA XREF: DMI_GetMachineID+A5 ; suDMI_GetMachineInfo+C7 byte_20A7E0 db 0 ; DATA XREF: DMI_GetMachineID+AA ; suDMI_GetMachineInfo+CC db 3 dup(0) ; char aDmicall[] aDmicall db 'dmicall',0 ; DATA XREF: DMI_GetMachineID+56 ; DMI_GetMachineID+81 ... ; char aSoftwareSonyCo[] aSoftwareSonyCo db 'SOFTWARE\Sony Corporation\Shared Info\Shared Services',0 ; DATA XREF: DMI_GetMachineID+1A ; suDMI_GetMachineInfo+44 db 2 dup(0) ; char aEdid[] aEdid db 'EDID',0 ; DATA XREF: getFunctionality_x068+1C0 ; getFunctionality_x068+1F8 db 3 dup(0) ; char aNvd[] aNvd db 'NVD',0 ; DATA XREF: getFunctionality_x068:isNvidia aFa db 'FA',0 ; DATA XREF: getFunctionality_x068+13A align 4 ; char aSny[] aSny db 'SNY',0 ; DATA XREF: getFunctionality_x068+11A ; char aMs_[] aMs_ db 'MS_',0 ; DATA XREF: getFunctionality_x068+108 db 4 dup(0) modelCapabilityTable dd 2 dup(1), 0, 3 dup(2), 0, 2, 2 dup(3), 0, 2, 2 dup(4) ; DATA XREF: getModelTypeCapabilities+27 ; getModelTypeCapabilities+2F ... dd 0, 2, 2 dup(5), 0, 2, 2 dup(6), 0, 2, 2 dup(7), 2 dup(0) dd 2 dup(8), 2 dup(0), 2 dup(9), 0, 8, 2 dup(0Ah), 0, 2 dd 2 dup(0Bh), 0, 2, 2 dup(0Ch), 80h, 1, 2 dup(0Dh), 81h dd 1, 2 dup(0Eh), 82h, 1, 2 dup(0Fh), 83h, 1, 2 dup(10h) dd 84h, 1, 2 dup(11h), 85h, 3, 2 dup(12h), 86h, 3, 2 dup(13h) dd 87h, 1, 2 dup(14h), 88h, 3, 2 dup(15h), 89h, 3, 2 dup(16h) dd 8Ah, 1, 2 dup(17h), 8Bh, 1, 2 dup(18h), 2 dup(0), 2 dup(19h) dd 2 dup(0), 2 dup(1Ah), 2 dup(0), 2 dup(1Bh), 8Ch, 1 dd 2 dup(1Ch), 0, 2, 2 dup(1Dh), 0, 2, 2 dup(1Eh), 0, 4 dd 2 dup(1Fh), 0, 4, 2 dup(20h), 2 dup(0), 2 dup(21h) dd 0, 2, 22h db 22h ; " db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 23h ; # db 0 db 0 db 0 db 23h ; # db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 24h ; $ db 0 db 0 db 0 db 24h ; $ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 25h ; % db 0 db 0 db 0 db 25h ; % db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 26h ; & db 0 db 0 db 0 db 26h ; & db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 27h ; ' db 0 db 0 db 0 db 27h ; ' db 0 db 0 db 0 db 96h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 28h ; ( db 0 db 0 db 0 db 28h ; ( db 0 db 0 db 0 db 97h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 29h ; ) db 0 db 0 db 0 db 29h ; ) db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2Ah ; * db 0 db 0 db 0 db 2Ah ; * db 0 db 0 db 0 db 98h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 2Bh ; + db 0 db 0 db 0 db 2Bh ; + db 0 db 0 db 0 db 99h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 2Ch ; , db 0 db 0 db 0 db 2Ch ; , db 0 db 0 db 0 db 9Ah ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 2Dh ; - db 0 db 0 db 0 db 2Dh ; - db 0 db 0 db 0 db 9Bh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 2Eh ; . db 0 db 0 db 0 db 2Eh ; . db 0 db 0 db 0 db 9Ch ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 2Fh ; / db 0 db 0 db 0 db 2Fh ; / db 0 db 0 db 0 db 9Dh ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 30h ; 0 db 0 db 0 db 0 db 30h ; 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 31h ; 1 db 0 db 0 db 0 db 31h ; 1 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 32h ; 2 db 0 db 0 db 0 db 32h ; 2 db 0 db 0 db 0 db 9Eh ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 33h ; 3 db 0 db 0 db 0 db 33h ; 3 db 0 db 0 db 0 db 9Fh ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 34h ; 4 db 0 db 0 db 0 db 34h ; 4 db 0 db 0 db 0 db 0A0h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 35h ; 5 db 0 db 0 db 0 db 35h ; 5 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 36h ; 6 db 0 db 0 db 0 db 36h ; 6 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 37h ; 7 db 0 db 0 db 0 db 37h ; 7 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 38h ; 8 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 39h ; 9 db 0 db 0 db 0 db 39h ; 9 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 3Ah ; : db 0 db 0 db 0 db 3Ah ; : db 0 db 0 db 0 db 0A1h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Bh ; ; db 0 db 0 db 0 db 3Bh ; ; db 0 db 0 db 0 db 0A2h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 3Ch ; < db 0 db 0 db 0 db 0A3h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Dh ; = db 0 db 0 db 0 db 3Dh ; = db 0 db 0 db 0 db 0A4h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Eh ; > db 0 db 0 db 0 db 3Eh ; > db 0 db 0 db 0 db 0A5h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 3Fh ; ? db 0 db 0 db 0 db 3Fh ; ? db 0 db 0 db 0 db 0A6h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 40h ; @ db 0 db 0 db 0 db 40h ; @ db 0 db 0 db 0 db 0A7h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 41h ; A db 0 db 0 db 0 db 41h ; A db 0 db 0 db 0 db 0A8h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 42h ; B db 0 db 0 db 0 db 42h ; B db 0 db 0 db 0 db 0A9h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 43h ; C db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 44h ; D db 0 db 0 db 0 db 44h ; D db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 45h ; E db 0 db 0 db 0 db 45h ; E db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 46h ; F db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 8 db 0 db 0 db 0 db 47h ; G db 0 db 0 db 0 db 47h ; G db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 48h ; H db 0 db 0 db 0 db 48h ; H db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 49h ; I db 0 db 0 db 0 db 49h ; I db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 4Ah ; J db 0 db 0 db 0 db 4Ah ; J db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 4Bh ; K db 0 db 0 db 0 db 4Bh ; K db 0 db 0 db 0 db 0AAh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 4Ch ; L db 0 db 0 db 0 db 4Ch ; L db 0 db 0 db 0 db 0ABh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 4Dh ; M db 0 db 0 db 0 db 4Dh ; M db 0 db 0 db 0 db 0ACh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 4Eh ; N db 0 db 0 db 0 db 4Eh ; N db 0 db 0 db 0 db 0ADh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 4Fh ; O db 0 db 0 db 0 db 4Fh ; O db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 50h ; P db 0 db 0 db 0 db 50h ; P db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 51h ; Q db 0 db 0 db 0 db 51h ; Q db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 52h ; R db 0 db 0 db 0 db 52h ; R db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 53h ; S db 0 db 0 db 0 db 53h ; S db 0 db 0 db 0 db 0AEh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 54h ; T db 0 db 0 db 0 db 54h ; T db 0 db 0 db 0 db 0B0h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 55h ; U db 0 db 0 db 0 db 55h ; U db 0 db 0 db 0 db 0B1h ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 56h ; V db 0 db 0 db 0 db 56h ; V db 0 db 0 db 0 db 0B2h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 57h ; W db 0 db 0 db 0 db 57h ; W db 0 db 0 db 0 db 0B3h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 58h ; X db 0 db 0 db 0 db 58h ; X db 0 db 0 db 0 db 0B8h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 59h ; Y db 0 db 0 db 0 db 59h ; Y db 0 db 0 db 0 db 0B9h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 5Ah ; Z db 0 db 0 db 0 db 5Ah ; Z db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 5Bh ; [ db 0 db 0 db 0 db 5Bh ; [ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 5Ch ; \ db 0 db 0 db 0 db 5Ch ; \ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 5Dh ; ] db 0 db 0 db 0 db 5Dh ; ] db 0 db 0 db 0 db 0B6h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 5Eh ; ^ db 0 db 0 db 0 db 5Eh ; ^ db 0 db 0 db 0 db 0B7h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 5Fh ; _ db 0 db 0 db 0 db 5Fh ; _ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 60h ; ` db 0 db 0 db 0 db 60h ; ` db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 61h ; a db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 62h ; b db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 63h ; c db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 64h ; d db 0 db 0 db 0 db 64h ; d db 0 db 0 db 0 db 0BCh ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 65h ; e db 0 db 0 db 0 db 65h ; e db 0 db 0 db 0 db 0BDh ; db 0 db 0 db 0 db 3 db 0 db 0 db 0 db 66h ; f db 0 db 0 db 0 db 66h ; f db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 67h ; g db 0 db 0 db 0 db 67h ; g db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 68h ; h db 0 db 0 db 0 db 68h ; h db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4 db 0 db 0 db 0 db 69h ; i db 0 db 0 db 0 db 69h ; i db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 4 db 0 db 0 db 0 db 6Ah ; j db 0 db 0 db 0 db 6Ah ; j db 0 db 0 db 0 db 0AFh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 6Bh ; k db 0 db 0 db 0 db 6Bh ; k db 0 db 0 db 0 db 0B3h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 6Ch ; l db 0 db 0 db 0 db 6Ch ; l db 0 db 0 db 0 db 0B4h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 6Dh ; m db 0 db 0 db 0 db 6Dh ; m db 0 db 0 db 0 db 0B5h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 6Eh ; n db 0 db 0 db 0 db 6Eh ; n db 0 db 0 db 0 db 0B6h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 6Fh ; o db 0 db 0 db 0 db 6Fh ; o db 0 db 0 db 0 db 0B7h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 70h ; p db 0 db 0 db 0 db 70h ; p db 0 db 0 db 0 db 0B8h ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 71h ; q db 0 db 0 db 0 db 71h ; q db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 72h ; r db 0 db 0 db 0 db 72h ; r db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 73h ; s db 0 db 0 db 0 db 73h ; s db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 74h ; t db 0 db 0 db 0 db 74h ; t db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 75h ; u db 0 db 0 db 0 db 75h ; u db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 76h ; v db 0 db 0 db 0 db 76h ; v db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 77h ; w db 0 db 0 db 0 db 77h ; w db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 78h ; x db 0 db 0 db 0 db 78h ; x db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 79h ; y db 0 db 0 db 0 db 79h ; y db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 7Ah ; z db 0 db 0 db 0 db 7Ah ; z db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 7Bh ; { db 0 db 0 db 0 db 7Bh ; { db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 7Ch ; | db 0 db 0 db 0 db 7Ch ; | db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 7Dh ; } db 0 db 0 db 0 db 7Dh ; } db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 7Eh ; ~ db 0 db 0 db 0 db 7Eh ; ~ db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 7Fh ;  db 0 db 0 db 0 db 7Fh ;  db 0 db 0 db 0 db 0BBh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 80h ; db 0 db 0 db 0 db 80h ; db 0 db 0 db 0 db 0BAh ; db 0 db 0 db 0 db 1 db 0 db 0 db 0 db 81h ; db 0 db 0 db 0 db 81h ; db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 82h ; db 0 db 0 db 0 db 82h ; db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 83h ; db 0 db 0 db 0 db 83h ; db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 84h ; db 0 db 0 db 0 db 84h ; db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 db 85h ; db 0 db 0 db 0 db 85h ; db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 2 db 0 db 0 db 0 functionJumpTable0 dd offset sub_203330, offset notifyHandlerEx, offset doNothingPop0C_Return0 ; DATA XREF: getFunctionJumpTable0+2 ; sub_202CC0 dd offset doNothingPop08_Return0, 2 dup(offset doNothingPop04_Return0) dd offset filterModelTypeCapabilities, offset getModelTypeCapabilities dd offset doNothingPop0C_Return0 ; char aXXX[] aXXX db '%x+%x+%x',0 ; DATA XREF: createRegisterWindowMsg+4A db 3 dup(0) ; char aSxbios_dll[] aSxbios_dll db 'SxBIOS.dll',0 ; DATA XREF: SXBIOS_Load+52 ; SXBIOS_Load+76 align 4 ; char aSoftwareSony_1[] aSoftwareSony_1 db 'Software\Sony Corporation\Shared Info\Shared Dlls',0 ; DATA XREF: SXBIOS_Load+20 db 2 dup(0) pointToDeleteBuffer_Func dd offset deleteBuffer ; DATA XREF: zeroVideoFunctionTable+4 ; getDeleteBufferFunc ; char aSxbios_cmosget[] aSxbios_cmosget db 'SXBIOS_CMOSGetDefaultSetting',0 ; DATA XREF: SXBIOS_Load+10A db 3 dup(0) ; char aSxbios_cancelm[] aSxbios_cancelm db 'SXBIOS_CancelMessageReq',0 ; DATA XREF: SXBIOS_Load+F9 ; char aSxbios_biosmes[] aSxbios_biosmes db 'SXBIOS_BiosMessageReq',0 ; DATA XREF: SXBIOS_Load+EB db 2 dup(0) ; char aSxbios_callex[] aSxbios_callex db 'SXBIOS_CallEx',0 ; DATA XREF: SXBIOS_Load+E0 db 2 dup(0) ; char aSxbios_call[] aSxbios_call db 'SXBIOS_Call',0 ; DATA XREF: SXBIOS_Load+CF ; char aEnd_sxbios_cal[] aEnd_sxbios_cal db 'End_SXBIOS_Call',0 ; DATA XREF: SXBIOS_Load+C1 ; char ProcName[] ProcName db 'Begin_SXBIOS_Call',0 ; DATA XREF: SXBIOS_Load+B6 db 2 dup(0) ; unsigned __int8 aNvidia_0 aNvidia_0 db 'Nvidia',0 ; DATA XREF: GetVideoDeviceVendor+B8 align 4 ; unsigned __int8 aNvidia aNvidia db 'NVIDIA',0 ; DATA XREF: GetVideoDeviceVendor+A2 align 4 ; unsigned __int8 aRadeon_0 aRadeon_0 db 'RADEON',0 ; DATA XREF: GetVideoDeviceVendor+8C align 4 ; unsigned __int8 aRadeon aRadeon db 'Radeon',0 ; DATA XREF: GetVideoDeviceVendor+76 align 4 ; unsigned __int8 aAti aAti db 'ATI',0 ; DATA XREF: GetVideoDeviceVendor+60 ; unsigned __int8 aIntel aIntel db 'Intel',0 ; DATA XREF: GetVideoDeviceVendor+3F db 2 dup(0) ; char aGetpwrcapabili[] aGetpwrcapabili db 'GetPwrCapabilities',0 ; DATA XREF: initPowerProfile+B1 align 4 ; char aSetsuspendstat[] aSetsuspendstat db 'SetSuspendState',0 ; DATA XREF: initPowerProfile+9A ; char aWritepwrscheme[] aWritepwrscheme db 'WritePwrScheme',0 ; DATA XREF: initPowerProfile+87 align 4 ; char aEnumpwrschemes[] aEnumpwrschemes db 'EnumPwrSchemes',0 ; DATA XREF: initPowerProfile+79 align 4 ; char aSetactivepwrsc[] aSetactivepwrsc db 'SetActivePwrScheme',0 ; DATA XREF: initPowerProfile+62 align 4 ; char aGetactivepwrsc[] aGetactivepwrsc db 'GetActivePwrScheme',0 ; DATA XREF: initPowerProfile+4F align 4 ; char aWriteglobalpwr[] aWriteglobalpwr db 'WriteGlobalPwrPolicy',0 ; DATA XREF: initPowerProfile+41 db 3 dup(0) ; char aReadglobalpwrp[] aReadglobalpwrp db 'ReadGlobalPwrPolicy',0 ; DATA XREF: initPowerProfile+2F ; char LibFileName[] LibFileName db 'powrprof.dll',0 ; DATA XREF: initPowerProfile+10 db 3 dup(0) ; char aSonyasyncevent[] aSonyasyncevent db 'SonyAsyncEvent%X',0 ; DATA XREF: createSonyAsyncEvent+36 ; sub_2089F0+36 db 7 dup(0) functionJumpTable1 dd offset deleteArrayOfPointers, offset notifyHandlerEx ; DATA XREF: getFunctionJumpTable1 ; SnyUtils_Init+EF dd offset callSNCmethod, offset deviceIOctrl222008, offset suTypesA0baseCalls dd offset call_iterate_B7toBF, offset filterModelTypeCapabilities dd offset getModelTypeCapabilities, offset doNothingPop0C_Return0 dd offset deviceIOctrl222018_SNC_Getter, offset deviceIOctrl22201C_SNC_Setter dd offset deviceIOctrl222028, offset deviceIOctrl222028_a dd offset deviceOpenByGUID, offset terminateThreadCloseHandles dd offset createSonyAsyncEvent, offset deviceIOctrl222000 dd offset iterateSNCdeviceCalls, offset deviceIOctrl22200C dd offset deviceIOctrl222024, offset deviceIOctrl222020 dd 2 dup(offset doNothingPop08_Return0), offset getWirelessDevicePowerStatus dd offset method_GWDP, offset method_GCDP, offset setCDPW dd offset method_GCMI, offset method_SCMI, offset method_GMGB dd offset method_SMGB, offset method_GLBH, offset method_SLBH dd offset method_GTCS, offset method_SCTS, offset method_GHKE functionJumpTable2 dd offset deleteArrayOfPointers, offset notifyHandler ; DATA XREF: SnyUtils_Init+90 dd offset callSNCmethodByModelType, offset deviceIOctrl222008 dd offset suTypesA0baseCalls, offset call_iterate_B7toBF dd offset filterModelTypeCapabilities, offset getModelTypeCapabilities dd offset doNothingPop0C_Return0, offset deviceIOctrl222018_SNC_Getter dd offset deviceIOctrl22201C_SNC_Setter, offset deviceIOctrl222028 dd offset deviceIOctrl222028_a, offset callSN00, offset terminateThreadCloseHandles dd offset createSonyAsyncEvent, offset deviceIOctrl222000 dd offset call_iterate_90toA0, offset deviceIOctrl22200C dd offset deviceIOctrl222024, offset deviceIOctrl222020 dd offset callSN06, offset callSN07_SN06, offset getWirelessDevicePowerStatus dd offset method_GWDP, offset method_GCDP, offset setCDPW dd offset method_GCMI, offset method_SCMI, offset method_GMGB dd offset method_SMGB, offset method_GLBH, offset method_SLBH dd offset testSN07resultBit0, offset callSN07_byLookup_010E dd offset method_GHKE, offset methodCondSN02_07, offset sub_207CE0 dd offset sub_206510 ; char WindowName[] WindowName db 'MainServer',0 ; DATA XREF: createMainWndClass+55 align 4 ; char ClassName[] ClassName db 'MainWndClass',0 ; DATA XREF: createMainWndClass+38 ; createMainWndClass+5A ... db 3 dup(0) ; char aSonyquiteventX[] aSonyquiteventX db 'SonyQuitEvent%X',0 ; DATA XREF: createEventThread+94 ; char aSuerror[] aSuerror db 'SuError',0 ; DATA XREF: SuOpen+8D ; char String[] String db 'SonyAsyncEvent',0 ; DATA XREF: SuOpen+86 align 10h flagsTable keyFlags <80h, 80h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ ; DATA XREF: initMachineIDandClass+32 1, 1, 1> keyFlags <81h, 81h, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <82h, 82h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <83h, 83h, 2, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <84h, 84h, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <85h, 85h, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <86h, 86h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <87h, 87h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <88h, 88h, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <89h, 89h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <8Ah, 8Ah, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <8Bh, 8Bh, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <8Ch, 8Ch, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,\ 1, 1, 1> keyFlags <8Dh, 8Dh, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <8Eh, 8Eh, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <8Fh, 8Fh, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,\ 0, 0, 0> keyFlags <90h, 90h, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,\ 0, 0, 0> keyFlags <91h, 91h, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,\ 0, 0, 0> keyFlags <92h, 92h, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,\ 0, 0, 0> keyFlags <93h, 93h, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,\ 0, 0, 0> keyFlags <94h, 94h, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,\ 0, 0, 0> keyFlags <95h, 95h, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0,\ 0, 0, 0> keyFlags <96h, 96h, 2, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1,\ 0, 0, 0> keyFlags <97h, 97h, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1,\ 0, 0, 0> keyFlags <98h, 98h, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0,\ 1, 1, 0> keyFlags <99h, 99h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0,\ 1, 1, 0> keyFlags <9Ah, 9Ah, 2, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0,\ 1, 1, 0> keyFlags <9Bh, 9Bh, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0,\ 1, 1, 0> keyFlags <9Ch, 9Ch, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0,\ 1, 1, 0> keyFlags <9Dh, 9Dh, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0,\ 1, 1, 0> keyFlags <9Eh, 9Eh, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 40h, 0, 40h, 0,\ 0, 1, 0, 0> keyFlags <9Fh, 9Fh, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 40h, 0, 40h, 0,\ 0, 1, 0, 0> keyFlags <0A0h, 0A0h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0A1h, 0A1h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A2h, 0A2h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A3h, 0A3h, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A4h, 0A4h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A5h, 0A5h, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A6h, 0A6h, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A7h, 0A7h, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A8h, 0A8h, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0A9h, 0A9h, 2, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0,\ 1, 0, 0> keyFlags <0AAh, 0AAh, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0ABh, 0ABh, 2, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0ACh, 0ACh, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0ADh, 0ADh, 2, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0AEh, 0AEh, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0AFh, 0AFh, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B0h, 0B0h, 2, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B1h, 0B1h, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B2h, 0B2h, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B3h, 0B3h, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B4h, 0B4h, 2, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B5h, 0B5h, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B6h, 0B6h, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B7h, 0B7h, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B8h, 0B8h, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0B9h, 0B9h, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0BAh, 0BAh, 2, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0BBh, 0BBh, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0BCh, 0BCh, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> keyFlags <0BDh, 0BDh, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\ 0, 0, 0> functionJumpTable3 dd offset deleteArrayOfPointers, offset notifyHandlerEx ; DATA XREF: initMachineIDandClass+2C dd offset doSNCmethodCall_byModelCaps, offset sub_208D50 dd offset sub_208FF0, offset sub_209150, offset filterModelTypeCapabilities dd offset getModelTypeCapabilities, offset sub_208F60 dd offset deviceIOctrl222018_SNC_Getter, offset deviceIOctrl22201C_SNC_Setter dd offset deviceIOctrl222028, offset deviceIOctrl222028_a dd offset sub_208850, offset sub_2088F0, offset sub_2089F0 dd offset sub_208AA0, offset sub_209350, offset sub_208C50 dd offset deviceIOctrl222024, offset deviceIOctrl222020 dd 2 dup(offset doNothingPop08_Return0), offset getWirelessDevicePowerStatus dd offset method_GWDP, offset method_GCDP, offset setCDPW dd offset method_GCMI, offset method_SCMI, offset sub_208CC0 dd offset sub_208CE0, offset method_GLBH, offset method_SLBH dd offset method_GTCS, offset method_SCTS, offset method_GHKE dd offset sub_208D00, offset sub_208FB0 ; char FileName[] FileName db '\\.\LCD',0 ; DATA XREF: OpenDeviceLCD+132 stru_20C9E0 _msEH <0FFFFFFFFh, offset loc_209C25, offset loc_209C29> ; DATA XREF: sub_209BF8+2 db 4 dup(0) stru_20C9F0 _msEH <0FFFFFFFFh, offset loc_209C69, offset loc_209C6D> ; DATA XREF: sub_209C3C+2 db 4 dup(0) dword_20CA00 dd 0 ; DATA XREF: sub_209BF8+C ; sub_209BF8:loc_209C0B dd 0 dword_20CA08 dd 0 ; DATA XREF: sub_209C3C+C ; sub_209C3C:loc_209C4F stru_20CA0C _msExcInfo <-1, offset sub_209CE0> ; DATA XREF: .rdata:msException _msExcInfo <-1, offset sub_209CEB> ; Microsoft VisualC 2-8/net runtime _msExcInfo <-1, offset unknown_libname_1> msException _msExcept7 <19930520h, 3, offset stru_20CA0C, 0, 0, 0> ; DATA XREF: callExceptionHandler stru_20CA40 _msExcInfo <-1, offset sub_209D10> ; DATA XREF: .rdata:stru_20CA48 stru_20CA48 _msExcept7 <19930520h, 1, offset stru_20CA40, 0, 0, 0> ; DATA XREF: setExceptionHandler stru_20CA64 _msExcInfo <-1, offset unknown_libname_2> ; DATA XREF: .rdata:stru_20CA84 _msExcInfo <-1, offset sub_209D3B> ; Microsoft VisualC 2-8/net runtime _msExcInfo <-1, offset sub_209D46> _msExcInfo <-1, offset sub_209D51> stru_20CA84 _msExcept7 <19930520h, 4, offset stru_20CA64, 0, 0, 0> ; DATA XREF: sub_209D5C dd 0CBB8h, 2 dup(0), 0CCF2h, 0A0A0h, 0CB80h, 2 dup(0) ; Resource string pointers dd 0CD64h, 0A068h, 0CB28h, 2 dup(0), 0CF4Ch, 0A010h, 0CBD8h dd 2 dup(0), 0D0B2h, 0A0C0h, 0CB18h, 2 dup(0), 0D0F0h dd 0A000h, 5 dup(0), 0D0E0h, 0D0CCh, 0D0BEh, 0, 0CF3Ch dd 0CF22h, 0CF12h, 0CF02h, 0CEF6h, 0CEE0h, 0CECEh, 0CEB6h dd 0CE9Eh, 0CE86h, 0CE6Ah, 0CE54h, 0CE3Ch, 0CE26h, 0CE16h dd 0CE08h, 0CDF6h, 0CDB8h, 0CDC6h, 0CDD8h, 0CDE8h, 0, 0CDA4h dd 0CD94h, 0CD88h, 0CD7Eh, 0CD70h, 0CD50h, 0CD40h, 0CD36h dd 0CD2Ch, 0CD22h, 0CD1Ah, 0CD10h, 0CD00h, 0, 0CCD4h, 0CCB0h dd 0CC98h, 0CC44h, 0CC5Ch, 0CC24h, 0CC80h, 0, 0CF9Ch, 0CFBAh dd 0CFDAh, 0CFE6h, 0CFF8h, 0D00Ah, 0D020h, 0D034h, 0D048h dd 0D05Ch, 0D06Ah, 0D07Ch, 0D08Eh, 0D09Eh, 0CF90h, 0CF6Ah dd 0CF5Ah, 0CF84h, 0 dw 11Bh aSetupdidestroydeviceinfoli db 'SetupDiDestroyDeviceInfoList',0 align 4 dw 164h aSetupdiopendevregkey db 'SetupDiOpenDevRegKey',0 align 4 dw 145h aSetupdigetdeviceregistrypr db 'SetupDiGetDeviceRegistryPropertyA',0 dw 11Eh aSetupdienumdeviceinfo db 'SetupDiEnumDeviceInfo',0 dw 12Dh aSetupdigetclassdevsa db 'SetupDiGetClassDevsA',0 align 10h dw 143h aSetupdigetdeviceinterfaced db 'SetupDiGetDeviceInterfaceDetailA',0 align 4 dw 11Fh aSetupdienumdeviceinterface db 'SetupDiEnumDeviceInterfaces',0 aSetupapi_dll db 'SETUPAPI.dll',0 align 10h dw 12h a??3@yaxpax@z db '??3@YAXPAX@Z',0 align 10h dw 1B0h a_mbsstr db '_mbsstr',0 dw 2AEh aFree db 'free',0 align 2 dw 2E1h aMalloc db 'malloc',0 align 4 dw 315h aStrstr db 'strstr',0 align 2 dw 333h aWcscpy db 'wcscpy',0 align 10h dw 11h a??2@yapaxi@z db '??2@YAPAXI@Z',0 align 10h dw 54h a__cxxframehandler db '__CxxFrameHandler',0 aMsvcr70_dll db 'MSVCR70.dll',0 dw 6Eh a__dllonexit db '__dllonexit',0 dw 1BBh a_onexit db '_onexit',0 dw 142h a_initterm db '_initterm',0 dw 0BEh a_adjust_fdiv db '_adjust_fdiv',0 align 4 dw 0F5h a_except_handler3 db '_except_handler3',0 align 4 dw 0E5h aFreelibrary db 'FreeLibrary',0 dw 189h aGetprocaddress db 'GetProcAddress',0 align 4 dw 22Eh aLoadlibrarya db 'LoadLibraryA',0 align 4 dw 2Ch aClosehandle db 'CloseHandle',0 dw 7Fh aDeviceiocontrol db 'DeviceIoControl',0 dw 4Ah aCreatefilea db 'CreateFileA',0 dw 15Ah aGetlasterror db 'GetLastError',0 align 2 dw 132h aGetcurrentthreadid db 'GetCurrentThreadId',0 align 4 dw 275h aProcessidtosessionid db 'ProcessIdToSessionId',0 align 4 dw 130h aGetcurrentprocessid db 'GetCurrentProcessId',0 dw 202h aInitializecriticalsection db 'InitializeCriticalSection',0 dw 76h aDeletecriticalsection db 'DeleteCriticalSection',0 dw 22Dh aLeavecriticalsection db 'LeaveCriticalSection',0 align 2 dw 8Bh aEntercriticalsection db 'EnterCriticalSection',0 align 2 dw 332h aTerminatethread db 'TerminateThread',0 dw 365h aWaitforsingleobject db 'WaitForSingleObject',0 dw 2ECh aSetevent db 'SetEvent',0 align 2 dw 46h aCreateeventa db 'CreateEventA',0 align 2 dw 1C8h aGetversionexa db 'GetVersionExA',0 dw 363h aWaitformultipleobjects db 'WaitForMultipleObjects',0 align 4 dw 65h aCreatethread db 'CreateThread',0 align 4 aKernel32_dll db 'KERNEL32.dll',0 align 2 dw 1FFh aPostmessagea db 'PostMessageA',0 align 2 dw 227h aRegisterwindowmessagea db 'RegisterWindowMessageA',0 align 4 dw 2D8h aWsprintfa db 'wsprintfA',0 dw 27Ah aSettimer db 'SetTimer',0 align 4 dw 21Ch aRegisterdevicenotification db 'RegisterDeviceNotificationA',0 dw 2B5h aUnregisterdevicenotificati db 'UnregisterDeviceNotification',0 align 2 dw 1B2h aKilltimer db 'KillTimer',0 dw 8Eh aDefwindowproca db 'DefWindowProcA',0 align 4 dw 201h aPostquitmessage db 'PostQuitMessage',0 dw 0D0h aEnumdisplaydevicesa db 'EnumDisplayDevicesA',0 dw 2B3h aUnregisterclassa db 'UnregisterClassA',0 align 4 dw 2AAh aTranslatemessage db 'TranslateMessage',0 align 4 dw 0A1h aDispatchmessagea db 'DispatchMessageA',0 align 4 dw 13Ah aGetmessagea db 'GetMessageA',0 dw 60h aCreatewindowexa db 'CreateWindowExA',0 dw 216h aRegisterclassa db 'RegisterClassA',0 align 2 dw 23Bh aSendmessagea db 'SendMessageA',0 align 2 dw 15Dh aGetsystemmetrics db 'GetSystemMetrics',0 align 2 aUser32_dll db 'USER32.dll',0 align 2 dw 1C8h aRegclosekey db 'RegCloseKey',0 dw 1EBh aRegqueryvalueexa db 'RegQueryValueExA',0 db 0 dw 1E1h aRegopenkeyexa db 'RegOpenKeyExA',0 aAdvapi32_dll db 'ADVAPI32.dll',0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0C3h ; db 0BCh ; db 62h ; b db 45h ; E db 0 db 0 db 0 db 0 dd 0D18Ch dd 1 dd 0Ah dd 0Ah db 28h, 0D1h, 2 dup(0), 50h, 0D1h, 2 dup(0), 78h, 0D1h db 2 dup(0), 30h, 7Fh, 2 dup(0), 70h, 7Eh, 2 dup(0), 10h db 86h, 2 dup(0), 10h, 7Fh, 2 dup(0), 80h, 7Fh, 2 dup(0) db 0A0h, 7Fh, 2 dup(0), 10h, 85h, 2 dup(0), 90h, 82h, 2 dup(0) db 70h, 7Fh, 2 dup(0), 60h, 7Fh, 2 dup(0), 99h, 0D1h, 2 dup(0) db 0AAh, 0D1h, 2 dup(0), 0BCh, 0D1h, 2 dup(0), 0C4h, 0D1h db 2 dup(0), 0D7h, 0D1h, 2 dup(0), 0E6h, 0D1h, 2 dup(0) db 0F7h, 0D1h, 2 dup(0), 0FEh, 0D1h, 2 dup(0), 0Ch, 0D2h db 2 dup(0), 23h, 0D2h, 2 dup(0) dw 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 aSnyutils_dll db 'SnyUtils.dll',0 aSenddebugcommand db 'SendDebugCommand',0 aSucalldriverdword db 'SuCallDriverDWORD',0 aSuclose db 'SuClose',0 aSugetlasterrorcode db 'SuGetLastErrorCode',0 aSugetmachineid db 'SuGetMachineID',0 aSugetmachineinfo db 'SuGetMachineInfo',0 aSuopen db 'SuOpen',0 aSusxbios_call db 'SuSXBIOS_Call',0 aSusetdefaultpowerstate db 'SuSetDefaultPowerState',0 aSusetpowerstate db 'SuSetPowerState',0 db 0DCDh dup(0) _rdata ends ; Section 3. (virtual address 0000E000) ; Virtual size : 000011F8 ( 4600.) ; Section size in file : 00001000 ( 4096.) ; Offset to raw data for section: 0000E000 ; Flags C0000040: Data Readable Writable ; Alignment : default ; 様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様様 ; Segment type: Pure data _data segment para public 'DATA' use32 assume cs:_data ;org 20E000h dword_20E000 dd 0 ; DATA XREF: _CRT_INIT(x,x,x)+65 dd offset deleteSXBIOSstructs dword_20E008 dd 6 dup(0) ; DATA XREF: _CRT_INIT(x,x,x)+5E dword_20E020 dd 0 ; DATA XREF: method_GHKE+29 ; method_GHKE+32 dword_20E024 dd 0 ; DATA XREF: sub_2038A0+2F ; sub_209250+1 ... MachineID dd 0 ; DATA XREF: SXBIOS_Init+5 ; setMachineID+4 ... TestMachineID dd 0 ; DATA XREF: getMachineID+13 ; getMachineID+30 dont_use_DMI dd 0 ; DATA XREF: SXBIOS_Init+1D ; SXBIOS_Init+28 ... libDataSXBIOSstruct dd 0 ; DATA XREF: SXBIOS_Init ; SXBIOS_Init:doUseDMI ... hLibModule dd 0 ; see function Unload_Library libAddress dd 0 addr_Begin_SXBIOS_Call dd 0 ; libDataSXBIOS + 0x0C addr_End_SXBIOS_Call dd 0 ; libDataSXBIOS + 0x10 addr_SXBIOS_Call dd 0 ; libDataSXBIOS + 0x14 addr_SXBIOS_CallEx dd 0 ; libDataSXBIOS + 0x18 addr_SXBIOS_BiosMessageReq dd 0 ; libDataSXBIOS + 0x1C addr_SXBIOS_CancelMessageReq dd 0 ; libDataSXBIOS + 0x20 addr_SXBIOS_CMOSGetDefaultSetting dd 0 ; libDataSXBIOS + 0x24 dd 0 dword_20E060 dd 0 ; DATA XREF: .text:00203EC1 ; .text:msg0103 ... initialVideoBuffer dd 14h dup(0) ; DATA XREF: initVideoBuffer+8 ; checkInitVideoBufferZero dword_20E0B4 dd 0 ; DATA XREF: checkInitVideoBufferZero+D dd 0 dd 0 ; HWND hWnd hWnd dd 0 ; DATA XREF: subWndMsg01112+A ; subWndMsg01112+26 ... db 4 dup(0) buffer_500_dwords_B dd 1F4h dup(0) ; DATA XREF: initPowerProfile+161 ; .text:00204A40 ... buffer_500_dwords_A dd 1DAh dup(0), 1Ah dup(?) ; DATA XREF: initPowerProfile+155 ; .text:00204A31 ... buffer_36_dwords dd 24h dup(?) ; DATA XREF: initPowerProfile+149 ; .text:00204A56 ... ; struct _RTL_CRITICAL_SECTION CriticalSection CriticalSection _RTL_CRITICAL_SECTION ; DATA XREF: initPowerProfile+166 ; unlockCriticalSection+1 ... ; HMODULE hModule hModule dd ? ; DATA XREF: initPowerProfile ; initPowerProfile+1D ... ReadGlobalPwrPolicy dd ? ; DATA XREF: initPowerProfile+37 ; initPowerProfile+B9 ... WriteGlobalPwrPolicy dd ? ; DATA XREF: initPowerProfile+55 ; initPowerProfile+C7 ... GetActivePwrScheme dd ? ; DATA XREF: initPowerProfile+68 ; initPowerProfile+CF ... SetActivePwrScheme dd ? ; DATA XREF: initPowerProfile+6F ; initPowerProfile+D7 ... EnumPwrSchemes dd ? ; DATA XREF: initPowerProfile+8D ; initPowerProfile+DF ... WritePwrScheme dd ? ; DATA XREF: initPowerProfile+A0 ; initPowerProfile+E7 ... SetSuspendState dd ? ; DATA XREF: initPowerProfile+A7 ; initPowerProfile+EF ... GetPwrCapabilities dd ? ; DATA XREF: initPowerProfile+BF ; initPowerProfile+138 ... db 4 dup(?) SNCfunctionality dd ? ; DATA XREF: suTypesA0baseCalls+13 ; notifyHandler:keyReleaseScanCode00 ... dword_20F13C dd ? ; DATA XREF: suTypesA0baseCalls:testSuType08 ; notifyHandler:keyReleaseScanCode01 ... dword_20F140 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType31 ; notifyHandler:keyReleaseScanCode02 ... dword_20F144 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType32 ; notifyHandler:keyReleaseScanCode03 ... dword_20F148 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType02 ; notifyHandler:keyReleaseScanCode04 ... dword_20F14C dd ? ; DATA XREF: suTypesA0baseCalls:testSuType05 ; notifyHandler:keyReleaseScanCode05 ... dword_20F150 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType33 ; notifyHandler:keyReleaseScanCode06 ... dword_20F154 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType07 ; notifyHandler:keyReleaseScanCode07 ... dword_20F158 dd ? ; DATA XREF: notifyHandler:keyReleaseScanCode08 ; SuGetMachineInfo:functionality_x020 dword_20F15C dd ? ; DATA XREF: suTypesA0baseCalls:testSuType35 ; notifyHandler:keyReleaseScanCode09 ... dword_20F160 dd ? ; DATA XREF: notifyHandler:keyReleaseScanCode0A ; SuGetMachineInfo:functionality_x028 dword_20F164 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType37 ; notifyHandler:keyReleaseScanCode0B ... dword_20F168 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType03 ; SuGetMachineInfo:functionality_x030 ... dword_20F16C dd ? ; DATA XREF: suTypesA0baseCalls:testSuType04 ; SuGetMachineInfo:functionality_x034 ... dword_20F170 dd ? ; DATA XREF: suTypesA0baseCalls:testSuType06 ; SuGetMachineInfo:functionality_x038 ... dword_20F174 dd ? ; DATA XREF: filterModelTypeCapabilities:capsAlternative_Case0 ; notifyHandlerEx:loc_202F30 ... dword_20F178 dd ? ; DATA XREF: filterModelTypeCapabilities+71 ; SuGetMachineInfo:functionality_x040 ... dword_20F17C dd ? ; DATA XREF: SuGetMachineInfo:functionality_x044 dword_20F180 dd ? ; DATA XREF: SuGetMachineInfo:functionality_x048 dword_20F184 dd ? ; DATA XREF: SuGetMachineInfo:functionality_x04C dword_20F188 dd ? ; DATA XREF: SuGetMachineInfo:functionality_x050 dword_20F18C dd ? ; DATA XREF: SuGetMachineInfo:functionality_x054 ; createEventThread+6C ... dword_20F190 dd ? ; DATA XREF: SuGetMachineInfo:functionality_x058 ; sub_208FF0:loc_2090DF dword_20F194 dd ? ; DATA XREF: SuGetMachineInfo:functionality_x05C dword_20F198 dd ? ; DATA XREF: SuGetMachineInfo:functionality_x060 dword_20F19C dd ? ; DATA XREF: suDMI_GetMachineInfo+C ; suDMI_GetMachineInfo+254 dword_20F1A0 dd ? ; DATA XREF: getFunctionality_x068+C ; getFunctionality_x068+272 ... dword_20F1A4 dd ? ; DATA XREF: SuGetMachineInfo:functionality_x06C ; SnyUtils_Init:test_x06C ; struct _RTL_CRITICAL_SECTION criticalSection criticalSection _RTL_CRITICAL_SECTION ; DATA XREF: unload:delete ; SuOpen+22 ... ; HANDLE hHandle hHandle dd ? ; DATA XREF: SuOpen+33 SuOpen+5F ... hInstDll dd ? ; DATA XREF: createMainWndClass+3 ; DllMain(x,x,x)+16 activeProfile_FunctionsClassFlags dd ? ; DATA XREF: callSN06orSXBIOS_A084_0100 ; callSN06orSXBIOS_A082_0007 ... Win5x_64bit dd ? ; DATA XREF: SnyUtils_Init+112 ; get64bit_hObject ... dword_20F1D0 dd ? ; DATA XREF: freeInOutBuffers ; freeInOutBuffers+13 ... ; HANDLE hObject hObject dd ? ; DATA XREF: freeInOutBuffers:loc_2093A9 ; freeInOutBuffers+29 ... dword_20F1D8 dd ? ; DATA XREF: sub_209540+1 ; sub_2095E0+4A ... ; LPVOID lpOutBuffer lpOutBuffer dd ? ; DATA XREF: freeInOutBuffers:loc_2093BF ; freeInOutBuffers+41 ... ; LPVOID lpInBuffer lpInBuffer dd ? ; DATA XREF: freeInOutBuffers:loc_2093D7 ; freeInOutBuffers+59 ... dword_20F1E4 dd ? ; DATA XREF: _CRT_INIT(x,x,x)+8 ; _CRT_INIT(x,x,x)+10 ... dword_20F1E8 dd ? ; DATA XREF: _CRT_INIT(x,x,x)+21 dword_20F1EC dd ? ; DATA XREF: DllEntryPoint:checkFunctionPointer_020F1EC ; DllEntryPoint+82 dword_20F1F0 dd ? ; DATA XREF: __onexit:loc_209A4D ; _CRT_INIT(x,x,x)+4A ... ; void *dword_20F1F4 dword_20F1F4 dd ? ; DATA XREF: __onexit __onexit+14 ... _data ends end DllEntryPoint