here
PHP Code:
0041F51F 50 PUSH EAX
0041F520 6A 00 PUSH 0x0
0041F522 56 PUSH ESI
0041F523 E8 E8AF8F00 CALL 00D1A510
0041F528 53 PUSH EBX
0041F529 57 PUSH EDI
0041F52A 56 PUSH ESI
0041F52B E8 A0D88F00 CALL 00D1CDD0
0041F530 8BC3 MOV EAX,EBX
0041F532 83C4 18 ADD ESP,0x18
0041F535 83E0 F8 AND EAX,0xFFFFFFF8
0041F538 7E 1A JLE SHORT 0041F554
0041F53A 8D78 FF LEA EDI,DWORD PTR DS:[EAX-0x1]
0041F53D C1EF 03 SHR EDI,0x3
0041F540 83C7 01 ADD EDI,0x1
0041F543 56 PUSH ESI // scr buffer
0041F544 56 PUSH ESI // dst buffer
0041F545 8BCD MOV ECX,EBP
0041F547 E8 14FDFFFF CALL 0041F260 // decryption algo (DBOPAKDecrypt)
0041F54C 83C6 08 ADD ESI,0x8
0041F54F 83EF 01 SUB EDI,0x1
0041F552 ^ 75 EF JNZ SHORT 0041F543 //cycle
0041F554 8BC3 MOV EAX,EBX
0041F556 5B POP EBX
0041F557 5E POP ESI
0041F558 5F POP EDI
0041F559 5D POP EBP
0041F55A C2 1000 RETN 0x10
pseudocode
PHP Code:
signed int __stdcall sub_41F4E0(int a1, signed int a2, void *Dst, size_t Size)
{
signed int result; // eax@2
void *v5; // esi@3
unsigned int v6; // edi@8
if ( a1 )
{
v5 = Dst;
if ( Dst )
{
if ( a2 <= (signed int)Size )
{
memset(Dst, 0, Size);
unknown_libname_24(Dst, a1, a2);
if ( (a2 & 0xFFFFFFF8) > 0 )
{
v6 = (((a2 & 0xFFFFFFF8u) - 1) >> 3) + 1;
do
{
DBOPAKDecrypt(v5, v5);
v5 = (char *)v5 + 8;
--v6;
}
while ( v6 );
}
result = a2;
}
else
{
result = -6;
}
}
else
{
result = (signed int)((char *)Dst - 3);
}
}
else
{
result = -5;
}
return result;
}