; ; +-------------------------------------------------------------------------+ ; | This file has been generated by The Interactive Disassembler (IDA) | ; | Copyright (c) 2017 Hex-Rays, | ; +-------------------------------------------------------------------------+ ; ; Input SHA256 : 6D786CF6D5FFCBEF6B1E35477CF0CE2A1ADFB2E752DFB0D006329C062B1AF603 ; Input MD5 : 4C93DE0157EB5BA9C42BF290249A2C3C ; Input CRC32 : BB0029FD ; File Name : C:\Users\IEUser\Desktop\animdll_ba_2.dll ; Format : New Executable (NE) Windows ; Title 'animdll.dll' ; Target operating system MS Windows ; File Load CRC 000000000h ; Program Entry Point (CS:IP) 0000:0000 ; Initial Stack Pointer (SS:SP) 0000:0000 ; Auto Data Segment Index 0002h ( 2. ) ; Initial Local Heap Size 0400h ( 1024. ) ; Initial Stack Size 2000h ( 8192. ) ; Linker Version 5.1 ; Minimum code swap area size 0 ; Expected Windows Version 3.0 ; Program Flags (8201): DLL Single data Compatible with PM ; Other EXE Flags (0000): ; ---------------------------------------------------------------------------- ; Segment Number : 1 ; Alloc Size : 031Ch ; Offset in the file: 01B0h Length: 031Ch ; Attributes (0D60): CODE Pure Preloaded Relocations DPL: 3 .686p .mmx .model flat ; Segment type: Pure code cseg01 segment para public 'CODE' use16 assume cs:cseg01 assume es:nothing, ss:nothing, ds:dseg02, fs:nothing, gs:nothing push ds pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax mov ax, 1 pop ds pop bp dec bp retf 0Ah cld ; ; External Entry #1 into the Module ; Attributes (0023): Fixed Exported Shared dataseg Ring transactions ; public TIMERDLL_PROC TIMERDLL_PROC proc far push ds ; animdll_1 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax push si push di mov bx, [bp+0Eh] mov es, word ptr [bp+10h] mov di, bx mov dx, es:[bx+0Eh] mov cx, es:[bx+0Ch] cmp dx, 'MI' jnz short loc_75 cmp cx, 'NA' jnz short loc_75 mov dx, es:[bx+4] mov ax, es:[bx+6] add es:[bx], dx mov dx, es:[di+2] mov si, es:[bx+8] adc dx, ax mov cx, es:[bx+0Ah] mov es:[di+2], dx mov ax, es:[bx+4] mov bx, es:[bx+6] mov es, cx mov di, es:[si] add di, ax mov ax, es:[si+2] mov es:[si], di adc ax, bx mov es:[si+2], ax loc_75: pop di pop si pop ds pop bp dec bp retf 10h TIMERDLL_PROC endp db 89h, 0C0h cld ; ; External Entry #2 into the Module ; Attributes (0003): Fixed Exported Shared dataseg ; public TIMERDLL_TEST TIMERDLL_TEST proc far push ds ; animdll_2 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax push 0 push ds push offset aTestRunning ; "Test Running" push ds push offset aAnimdll16 ; "AnimDLL16" push 2000h ; MB_TASKMODAL call MESSAGEBOX pop ds pop bp dec bp retf TIMERDLL_TEST endp ; ; External Entry #3 into the Module ; Attributes (000B): Fixed Exported Shared dataseg Ring transactions ; public LOAD_SOUND LOAD_SOUND proc far push ds ; animdll_3 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax push si push di sub sp, 6 mov dx, [bp+8] push dx mov bx, [bp+6] push bx push 0 push 0 push 0 push 0 call MMIOOPEN mov si, ax mov [bp-0Ch], ax test ax, ax jz loc_16C push ax push 0 push 0 push 2 call MMIOSEEK push si push 0 push 0 mov di, ax push 0 mov [bp-8], dx call MMIOSEEK push 2002h mov ax, [bp-8] push ax push di call GLOBALALLOC mov [bp-0Ah], ax test ax, ax jz short loc_13E push ax call GLOBALLOCK test dx, dx jnz short loc_10E test ax, ax jz short loc_11D loc_10E: push si push dx push ax mov ax, [bp-8] push ax push di call MMIOREAD jmp short loc_133 loc_11D: push 0 mov cx, [bp+8] push cx mov si, [bp+6] push si push ds push offset aCouldNotLockSo ; "Could not lock sound" push 2000h ; MB_TASKMODAL call MESSAGEBOX loc_133: mov dx, [bp-0Ah] push dx call GLOBALUNLOCK jmp short loc_153 loc_13E: push ax mov dx, [bp+8] push dx mov bx, [bp+6] push bx push ds push offset aCouldNotAllocS ; "Could not alloc sound" push 2000h ; MB_TASKMODAL call MESSAGEBOX loc_153: mov bx, [bp-0Ch] push bx push 0 call MMIOCLOSE mov ax, [bp-0Ah] lea sp, [bp-6] pop di pop si pop ds pop bp dec bp retf 4 loc_16C: push ax mov cx, [bp+8] push cx mov si, [bp+6] push si push ds push offset aCouldNotLoadSo ; "Could not load sound" push 2000h ; MB_TASKMODAL call MESSAGEBOX xor ax, ax lea sp, [bp-6] pop di pop si pop ds pop bp dec bp retf 4 LOAD_SOUND endp align 4 ; ; External Entry #4 into the Module ; Attributes (0007): Fixed Exported Shared dataseg ; public UNLOAD_SOUND UNLOAD_SOUND proc far push ds ; animdll_4 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax mov ax, [bp+6] test ax, ax jz short loc_1A7 push ax call GLOBALFREE loc_1A7: pop ds pop bp dec bp retf 2 UNLOAD_SOUND endp db 89h, 0C0h cld ; ; External Entry #5 into the Module ; Attributes (000B): Fixed Exported Shared dataseg Ring transactions ; public PLAY_SOUND PLAY_SOUND proc far push ds ; animdll_5 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax mov ax, [bp+8] test ax, ax jz short loc_1EF push ax call GLOBALLOCK mov bx, ax mov ax, dx test dx, dx jnz short loc_1D3 test bx, bx jz short loc_1EC loc_1D3: cmp word ptr [bp+6], 0 jz short loc_1DF push ax push bx push 0Fh ; fuSound = SND_ASYNC | SND_MEMORY | SND_LOOP | SND_NODEFAULT jmp short loc_1E3 loc_1DF: push ax push bx push 7 ; fuSound = SND_ASYNC | SND_MEMORY | SND_NODEFAULT loc_1E3: call SNDPLAYSOUND xor ax, ax jmp short loc_1EF loc_1EC: mov ax, 1 loc_1EF: pop ds pop bp dec bp retf 4 PLAY_SOUND endp db 89h, 0C0h cld ; ; External Entry #6 into the Module ; Attributes (000B): Fixed Exported Shared dataseg Ring transactions ; public OPEN_IPMA_DLL OPEN_IPMA_DLL proc far push ds ; animdll_6 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax push si push 'cd' ; fccType = vidc push 'iv' push 'AM' ; fccHandler = IPMA push 'PI' push 2 ; wMode = ICMODE_DECOMPRESS call ICOPEN mov si, ax test ax, ax jnz short loc_22F push ax push ds push offset aInstallBlownAw ; "Install Blown Away from CD-ROM" push ds push offset aBlownAway ; "Blown Away" push 2000h ; MB_TASKMODAL call MESSAGEBOX jmp short loc_24A loc_22F: push ax push 5001h ; ICM_SETSTATE mov es, word ptr [bp+8] push es mov bx, [bp+6] push bx push 0 push 22h ; '"' ; size of configuration data block mov word ptr es:[bx+4], 1 call ICSENDMESSAGE loc_24A: mov ax, si pop si pop ds pop bp dec bp retf 4 OPEN_IPMA_DLL endp cld ; ; External Entry #7 into the Module ; Attributes (000F): Fixed Exported Shared dataseg Ring transactions ; public CLOSE_IPMA_DLL CLOSE_IPMA_DLL proc far push ds ; animdll_7 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax push si les bx, [bp+6] mov si, [bp+0Ah] test si, si jz short loc_284 push si push 5001h ; ICM_SETSTATE push es push bx push 0 push 22h ; '"' ; size of configuration data block mov word ptr es:[bx+4], 2 call ICSENDMESSAGE push si call ICCLOSE loc_284: xor ax, ax pop si pop ds pop bp dec bp retf 6 CLOSE_IPMA_DLL endp db 89h, 0C0h cld ; ; External Entry #8 into the Module ; Attributes (0003): Fixed Exported Shared dataseg ; public TEST_VIDEO_DLL TEST_VIDEO_DLL proc far push ds ; animdll_8 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax push 'cd' ; fccType = vidc push 'iv' push '23' ; fccHandler = IV32 push 'VI' push 2 ; wMode = ICMODE_DECOMPRESS call ICOPEN test ax, ax jnz short loc_2C6 push ax push ds push offset aInstallVideoFo ; "Install Video For Windows from Game CD-"... push ds push offset aBlownAway ; "Blown Away" push 2000h ; MB_TASKMODAL call MESSAGEBOX xor ax, ax jmp short loc_303 loc_2C6: push ax call ICCLOSE push 'cd' ; fccType = vidc push 'iv' push 'AM' ; fccHandler = IPMA push 'PI' push 2 ; wMode = ICMODE_DECOMPRESS call ICOPEN test ax, ax jnz short loc_2FA push ax push ds push offset aInstallBlownAw_0 ; "Install Blown Away from CD-ROM" push ds push offset aBlownAway ; "Blown Away" push 2000h ; MB_TASKMODAL call MESSAGEBOX xor ax, ax pop ds pop bp dec bp retf loc_2FA: push ax call ICCLOSE mov ax, 1 loc_303: pop ds pop bp dec bp retf TEST_VIDEO_DLL endp cld ; ; External Entry #9 into the Module ; Attributes (0007): Fixed Exported Shared dataseg ; public WEP WEP proc far push ds ; animdll_9 pop ax nop inc bp push bp mov bp, sp push ds mov ds, ax mov ax, 1 pop ds pop bp dec bp retf 2 WEP endp align 2 align 8 cseg01 ends ; Segment Number : 2 ; Alloc Size : 00E4h ; Offset in the file: 059Eh Length: 00D0h ; Attributes (0C61): DATA Pure Preloaded DPL: 3 ; Segment type: Pure data dseg02 segment para public 'DATA' use16 assume cs:dseg02 aTestRunning db 'Test Running',0 align 2 aAnimdll16 db 'AnimDLL16',0 aCouldNotLockSo db 'Could not lock sound',0 align 2 aCouldNotAllocS db 'Could not alloc sound',0 aCouldNotLoadSo db 'Could not load sound',0 align 2 aInstallBlownAw db 'Install Blown Away from CD-ROM',0 align 2 aBlownAway db 'Blown Away',0 align 2 aInstallVideoFo db 'Install Video For Windows from Game' db ' CD-ROM',0 align 2 aInstallBlownAw_0 db 'Install Blown Away from CD-ROM',0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 db 0 align 10h dseg02 ends ; Segment type: Externs ; MMSYSTEM extrn SNDPLAYSOUND:far extrn MMIOOPEN:far extrn MMIOCLOSE:far extrn MMIOREAD:far extrn MMIOSEEK:far ; Segment type: Externs ; USER extrn MESSAGEBOX:far ; Segment type: Externs ; KERNEL extrn GLOBALALLOC:far extrn GLOBALFREE:far extrn GLOBALLOCK:far extrn GLOBALUNLOCK:far ; Segment type: Externs ; MSVIDEO extrn ICOPEN:far extrn ICCLOSE:far extrn ICSENDMESSAGE:far end