0x418ED3: B878563412 MOV EAX,0x12345678 0x418ED8: 648F0500000000 POP DWORD PTR FS:[0x0] 0x418EDF: 83C404 ADD ESP,0x4 0x418EE2: 55 PUSH EBP 0x418EE3: 53 PUSH EBX 0x418EE4: 51 PUSH ECX 0x418EE5: 57 PUSH EDI 0x418EE6: 56 PUSH ESI 0x418EE7: 52 PUSH EDX 0x418EE8: 8D9832110010 LEA EBX,DWORD PTR [EAX+0x10001132] 0x418EEE: 8B5318 MOV EDX,DWORD PTR [EBX+0x18] 0x418EF1: 52 PUSH EDX 0x418EF2: 8BE8 MOV EBP,EAX 0x418EF4: 6A40 PUSH 0x40 0x418EF6: 6800100000 PUSH 0x1000 0x418EFB: FF7304 PUSH DWORD PTR [EBX+0x4] 0x418EFE: 6A00 PUSH 0x0 0x418F00: 8B4B10 MOV ECX,DWORD PTR [EBX+0x10] 0x418F03: 03CA ADD ECX,EDX 0x418F05: 8B01 MOV EAX,DWORD PTR [ECX] 0x418F07: FFD0 CALL EAX ; Calls VirtualAlloc (for thunk code). 0x418F09: 5A POP EDX 0x418F0A: 8BF8 MOV EDI,EAX 0x418F0C: 50 PUSH EAX 0x418F0D: 52 PUSH EDX 0x418F0E: 8B33 MOV ESI,DWORD PTR [EBX] 0x418F10: 8B4320 MOV EAX,DWORD PTR [EBX+0x20] 0x418F13: 03C2 ADD EAX,EDX 0x418F15: 8B08 MOV ECX,DWORD PTR [EAX] 0x418F17: 894B20 MOV DWORD PTR [EBX+0x20],ECX 0x418F1A: 8B431C MOV EAX,DWORD PTR [EBX+0x1C] 0x418F1D: 03C2 ADD EAX,EDX 0x418F1F: 8B08 MOV ECX,DWORD PTR [EAX] 0x418F21: 894B1C MOV DWORD PTR [EBX+0x1C],ECX 0x418F24: 03F2 ADD ESI,EDX 0x418F26: 8B4B0C MOV ECX,DWORD PTR [EBX+0xC] 0x418F29: 03CA ADD ECX,EDX 0x418F2B: 8D431C LEA EAX,DWORD PTR [EBX+0x1C] 0x418F2E: 50 PUSH EAX ; EAX=0x00418EA8 pointing to entrypoints for LoadLibraryA and GetProcAddress 0x418F2F: 57 PUSH EDI ; EDI=0x00850000 0x418F30: 56 PUSH ESI ; ESI=0x004180B4 0x418F31: FFD1 CALL ECX 0x418F33: 5A POP EDX 0x418F34: 58 POP EAX 0x418F35: 034308 ADD EAX,DWORD PTR [EBX+0x8] 0x418F38: 8BF8 MOV EDI,EAX 0x418F3A: 52 PUSH EDX 0x418F3B: 8BF0 MOV ESI,EAX 0x418F3D: 8B46FC MOV EAX,DWORD PTR [ESI-0x4] 0x418F40: 83C004 ADD EAX,0x4 0x418F43: 2BF0 SUB ESI,EAX 0x418F45: 895608 MOV DWORD PTR [ESI+0x8],EDX 0x418F48: 8B4B10 MOV ECX,DWORD PTR [EBX+0x10] 0x418F4B: 894E24 MOV DWORD PTR [ESI+0x24],ECX 0x418F4E: 8B4B14 MOV ECX,DWORD PTR [EBX+0x14] 0x418F51: 51 PUSH ECX 0x418F52: 894E28 MOV DWORD PTR [ESI+0x28],ECX 0x418F55: 8B4B0C MOV ECX,DWORD PTR [EBX+0xC] 0x418F58: 894E14 MOV DWORD PTR [ESI+0x14],ECX 0x418F5B: FFD7 CALL EDI ; call "thunk" code 0x418F5D: 898523120010 MOV DWORD PTR [EBP+0x10001223],EAX 0x418F63: 8BF0 MOV ESI,EAX 0x418F65: 59 POP ECX 0x418F66: 5A POP EDX 0x418F67: 03CA ADD ECX,EDX 0x418F69: 6800800000 PUSH 0x8000 0x418F6E: 6A00 PUSH 0x0 0x418F70: 57 PUSH EDI 0x418F71: FF11 CALL DWORD PTR [ECX] ; free "thunk" code 0x418F73: 8BC6 MOV EAX,ESI 0x418F75: 5A POP EDX 0x418F76: 5E POP ESI 0x418F77: 5F POP EDI 0x418F78: 59 POP ECX 0x418F79: 5B POP EBX 0x418F7A: 5D POP EBP 0x418F7B: FFE0 JMP EAX