Jenetrix/mem.dll.asm

## mem.dll.asm
;
; +-------------------------------------------------------------------------+
; |   This file has been generated by The Interactive Disassembler (IDA)    |
; |           Copyright (c) 2018 Hex-Rays, <support@hex-rays.com>           |
; |                            Freeware version                             |
; +-------------------------------------------------------------------------+
;
; Input SHA256 : AAFDDFEF46D643BC3D69354B6D147A883A3C774D0CB32CC467820CCF736511F6
; Input MD5    : 327E7899CF7959485A2E2525310E0C01
; Input CRC32  : E2366931

; File Name   : D:\Games\Starsiege\mem.dll
; Format      : Portable executable for 80386 (PE)
; Imagebase   : 10000000
; Timestamp   : 46C726D7 (Sat Aug 18 17:05:27 2007)
; Section 1. (virtual address 00001000)
; Virtual size                  : 0000005B (     91.)
; Section size in file          : 00000200 (    512.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment     : default

.686p
.mmx
.model flat


; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 10001000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing

loc_10001000:
call    ds:GetCurrentThreadId
push    eax
push    dword ptr [esp+10h]
push    dword ptr [esp+10h]
push    dword ptr [esp+10h]
call    ds:SetWindowsHookExW
retn    10h
; Exported entry   1. MS_Calloc


public MS_Calloc
MS_Calloc proc near
retn
MS_Calloc endp

; Exported entry   4. MS_Realloc


public MS_Realloc
MS_Realloc proc near
retn
MS_Realloc endp

; Exported entry   2. MS_Free


public MS_Free
MS_Free proc near
retn
MS_Free endp

; Exported entry   3. MS_Malloc


public MS_Malloc
MS_Malloc proc near
retn
MS_Malloc endp


sub_10001020 proc near

flOldProtect= dword ptr -4

push    ecx
lea     eax, [esp+4+flOldProtect]
push    eax             ; lpflOldProtect
push    4               ; flNewProtect
push    800h            ; dwSize
push    885A48h         ; lpAddress
call    ds:VirtualProtect
mov     byte ptr ds:746AA8h, 1
mov     dword ptr ds:885A48h, offset loc_10001000
pop     ecx
retn
sub_10001020 endp


; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
public DllEntryPoint
DllEntryPoint proc near

hinstDLL= dword ptr  4
fdwReason= dword ptr  8
lpReserved= dword ptr  0Ch

cmp     [esp+fdwReason], 1
jnz     short loc_10001056
call    sub_10001020

loc_10001056:
mov     al, 1
retn    0Ch
DllEntryPoint endp

align 200h
dd 380h dup(?)
_text ends

; Section 2. (virtual address 00002000)
; Virtual size                  : 0000014E (    334.)
; Section size in file          : 00000200 (    512.)
; Offset to raw data for section: 00000600
; Flags 40000040: Data Readable
; Alignment     : default
;
; Imports from KERNEL32.dll
;

; Segment type: Externs
; _idata
; DWORD __stdcall GetCurrentThreadId()
extrn GetCurrentThreadId:dword
; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
extrn VirtualProtect:dword

;
; Imports from USER32.dll
;
; HHOOK __stdcall SetWindowsHookExW(int idHook, HOOKPROC lpfn, HINSTANCE hmod, DWORD dwThreadId)
extrn SetWindowsHookExW:dword


; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 10002014h
__IMPORT_DESCRIPTOR_KERNEL32 dd rva off_10002050 ; Import Name Table
dd 0                    ; Time stamp
dd 0                    ; Forwarder Chain
dd rva aKernel32Dll     ; DLL Name
dd rva GetCurrentThreadId ; Import Address Table
__IMPORT_DESCRIPTOR_USER32 dd rva off_1000205C ; Import Name Table
dd 0                    ; Time stamp
dd 0                    ; Forwarder Chain
dd rva aUser32Dll       ; DLL Name
dd rva SetWindowsHookExW ; Import Address Table
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
db    0
;
; Import names for KERNEL32.dll
;
off_10002050 dd rva word_10002076
dd rva word_10002064
dd 0
;
; Import names for USER32.dll
;
off_1000205C dd rva word_1000209A
dd 0
word_10002064 dw 386h
db 'VirtualProtect',0
align 2
word_10002076 dw 146h
db 'GetCurrentThreadId',0
align 4
aKernel32Dll db 'KERNEL32.dll',0
align 2
word_1000209A dw 28Bh
db 'SetWindowsHookExW',0
aUser32Dll db 'USER32.dll',0
align 10h
;
; Export directory for Starsiege_VistaFix.dll
;
dd 0                    ; Characteristics
dd 46C726D7h            ; TimeDateStamp: Sat Aug 18 17:05:27 2007
dw 0                    ; MajorVersion
dw 0                    ; MinorVersion
dd rva aStarsiegeVista  ; Name
dd 1                    ; Base
dd 4                    ; NumberOfFunctions
dd 4                    ; NumberOfNames
dd rva off_100020E8     ; AddressOfFunctions
dd rva off_100020F8     ; AddressOfNames
dd rva word_10002108    ; AddressOfNameOrdinals
;
; Export Address Table for Starsiege_VistaFix.dll
;
off_100020E8 dd rva MS_Calloc, rva MS_Free, rva MS_Malloc
dd rva MS_Realloc
;
; Export Names Table for Starsiege_VistaFix.dll
;
off_100020F8 dd rva aMsCalloc, rva aMsFree, rva aMsMalloc ; "MS_Calloc" ...
dd rva aMsRealloc
;
; Export Ordinals Table for Starsiege_VistaFix.dll
;
word_10002108 dw 0, 1, 2, 3
aStarsiegeVista db 'Starsiege_VistaFix.dll',0
aMsCalloc db 'MS_Calloc',0
aMsFree db 'MS_Free',0
aMsMalloc db 'MS_Malloc',0
aMsRealloc db 'MS_Realloc',0
align 1000h
_rdata ends


end DllEntryPoint
	;
	; +-------------------------------------------------------------------------+
	; \| This file has been generated by The Interactive Disassembler (IDA) \|
	; \| Copyright (c) 2018 Hex-Rays, <support@hex-rays.com> \|
	; \| Freeware version \|
	; +-------------------------------------------------------------------------+
	;
	; Input SHA256 : AAFDDFEF46D643BC3D69354B6D147A883A3C774D0CB32CC467820CCF736511F6
	; Input MD5 : 327E7899CF7959485A2E2525310E0C01
	; Input CRC32 : E2366931

	; File Name : D:\Games\Starsiege\mem.dll
	; Format : Portable executable for 80386 (PE)
	; Imagebase : 10000000
	; Timestamp : 46C726D7 (Sat Aug 18 17:05:27 2007)
	; Section 1. (virtual address 00001000)
	; Virtual size : 0000005B ( 91.)
	; Section size in file : 00000200 ( 512.)
	; Offset to raw data for section: 00000400
	; Flags 60000020: Text Executable Readable
	; Alignment : default

	.686p
	.mmx
	.model flat


	; Segment type: Pure code
	; Segment permissions: Read/Execute
	_text segment para public 'CODE' use32
	assume cs:_text
	;org 10001000h
	assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing

	loc_10001000:
	call ds:GetCurrentThreadId
	push eax
	push dword ptr [esp+10h]
	push dword ptr [esp+10h]
	push dword ptr [esp+10h]
	call ds:SetWindowsHookExW
	retn 10h
	; Exported entry 1. MS_Calloc



	public MS_Calloc
	MS_Calloc proc near
	retn
	MS_Calloc endp

	; Exported entry 4. MS_Realloc



	public MS_Realloc
	MS_Realloc proc near
	retn
	MS_Realloc endp

	; Exported entry 2. MS_Free



	public MS_Free
	MS_Free proc near
	retn
	MS_Free endp

	; Exported entry 3. MS_Malloc



	public MS_Malloc
	MS_Malloc proc near
	retn
	MS_Malloc endp




	sub_10001020 proc near

	flOldProtect= dword ptr -4

	push ecx
	lea eax, [esp+4+flOldProtect]
	push eax ; lpflOldProtect
	push 4 ; flNewProtect
	push 800h ; dwSize
	push 885A48h ; lpAddress
	call ds:VirtualProtect
	mov byte ptr ds:746AA8h, 1
	mov dword ptr ds:885A48h, offset loc_10001000
	pop ecx
	retn
	sub_10001020 endp




	; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
	public DllEntryPoint
	DllEntryPoint proc near

	hinstDLL= dword ptr 4
	fdwReason= dword ptr 8
	lpReserved= dword ptr 0Ch

	cmp [esp+fdwReason], 1
	jnz short loc_10001056
	call sub_10001020

	loc_10001056:
	mov al, 1
	retn 0Ch
	DllEntryPoint endp

	align 200h
	dd 380h dup(?)
	_text ends

	; Section 2. (virtual address 00002000)
	; Virtual size : 0000014E ( 334.)
	; Section size in file : 00000200 ( 512.)
	; Offset to raw data for section: 00000600
	; Flags 40000040: Data Readable
	; Alignment : default
	;
	; Imports from KERNEL32.dll
	;

	; Segment type: Externs
	; _idata
	; DWORD __stdcall GetCurrentThreadId()
	extrn GetCurrentThreadId:dword
	; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
	extrn VirtualProtect:dword

	;
	; Imports from USER32.dll
	;
	; HHOOK __stdcall SetWindowsHookExW(int idHook, HOOKPROC lpfn, HINSTANCE hmod, DWORD dwThreadId)
	extrn SetWindowsHookExW:dword



	; Segment type: Pure data
	; Segment permissions: Read
	_rdata segment para public 'DATA' use32
	assume cs:_rdata
	;org 10002014h
	__IMPORT_DESCRIPTOR_KERNEL32 dd rva off_10002050 ; Import Name Table
	dd 0 ; Time stamp
	dd 0 ; Forwarder Chain
	dd rva aKernel32Dll ; DLL Name
	dd rva GetCurrentThreadId ; Import Address Table
	__IMPORT_DESCRIPTOR_USER32 dd rva off_1000205C ; Import Name Table
	dd 0 ; Time stamp
	dd 0 ; Forwarder Chain
	dd rva aUser32Dll ; DLL Name
	dd rva SetWindowsHookExW ; Import Address Table
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	db 0
	;
	; Import names for KERNEL32.dll
	;
	off_10002050 dd rva word_10002076
	dd rva word_10002064
	dd 0
	;
	; Import names for USER32.dll
	;
	off_1000205C dd rva word_1000209A
	dd 0
	word_10002064 dw 386h
	db 'VirtualProtect',0
	align 2
	word_10002076 dw 146h
	db 'GetCurrentThreadId',0
	align 4
	aKernel32Dll db 'KERNEL32.dll',0
	align 2
	word_1000209A dw 28Bh
	db 'SetWindowsHookExW',0
	aUser32Dll db 'USER32.dll',0
	align 10h
	;
	; Export directory for Starsiege_VistaFix.dll
	;
	dd 0 ; Characteristics
	dd 46C726D7h ; TimeDateStamp: Sat Aug 18 17:05:27 2007
	dw 0 ; MajorVersion
	dw 0 ; MinorVersion
	dd rva aStarsiegeVista ; Name
	dd 1 ; Base
	dd 4 ; NumberOfFunctions
	dd 4 ; NumberOfNames
	dd rva off_100020E8 ; AddressOfFunctions
	dd rva off_100020F8 ; AddressOfNames
	dd rva word_10002108 ; AddressOfNameOrdinals
	;
	; Export Address Table for Starsiege_VistaFix.dll
	;
	off_100020E8 dd rva MS_Calloc, rva MS_Free, rva MS_Malloc
	dd rva MS_Realloc
	;
	; Export Names Table for Starsiege_VistaFix.dll
	;
	off_100020F8 dd rva aMsCalloc, rva aMsFree, rva aMsMalloc ; "MS_Calloc" ...
	dd rva aMsRealloc
	;
	; Export Ordinals Table for Starsiege_VistaFix.dll
	;
	word_10002108 dw 0, 1, 2, 3
	aStarsiegeVista db 'Starsiege_VistaFix.dll',0
	aMsCalloc db 'MS_Calloc',0
	aMsFree db 'MS_Free',0
	aMsMalloc db 'MS_Malloc',0
	aMsRealloc db 'MS_Realloc',0
	align 1000h
	_rdata ends


	end DllEntryPoint