Path of Exile

[Fumbles]

anyone playing?

[Unda]

► Show Spoiler

int __usercall check7<eax>(int out1<edi>, int out2<esi>)
{
int v2; // edx@1
int v3; // ecx@1
int v4; // eax@1

v2 = out1 - 4;
v3 = out2 + 4;
v4 = 5381;
if ( out1 != 4 )
{
do
{
v4 = 33 * v4 + *v3++;
--v2;
}
while ( v2 );
}
*out2 = v4 ^ variableToGivePointer;
NoIdeaWhatThisVariableIS = out2;
return lSomeFunc1(out2, out1);
}

--------


char __userpurge LaunchAndCommunicateWithACThread<al>(int a1<ecx>, size_t sizeOfStruct<esi>, const void *filledStruct)
{
char whatDidWeSet; // al@3
void *EmptyStruct; // edx@4
signed int localSizeOfStruct; // ecx@4
void *currentByteStruct; // eax@4
int myPtr; // [sp+0h] [bp-4h]@1

myPtr = a1;
if ( !MyStruct1 )
MyStruct1 = malloc(0xFFu);
whatDidWeSet = LoadAC();
if ( whatDidWeSet )
{
EmptyStruct = MyStruct1;
localSizeOfStruct = 255;
currentByteStruct = MyStruct1;
do
{
*currentByteStruct = 0;
currentByteStruct = currentByteStruct + 1;
--localSizeOfStruct;
}
while ( localSizeOfStruct );
whatDidWeSet = memmove(EmptyStruct, filledStruct, sizeOfStruct);
lSomeFunc1 = SomeFunc1;
if ( sizeOfStruct <= 255 )
{
if ( sizeOfStruct )
{
variableToGivePointer = SomeHashFunction((MyStruct1 + 4), sizeOfStruct - 4);
whatDidWeSet = _InterlockedExchange(&myPtr, variableToGivePointer);
bCanDo = 1;
}
}
}
return whatDidWeSet;
}

-----


int __userpurge CheckForDebuggerThread<eax>(signed int a1<ebx>, int a2<edi>, int a3<esi>, int a4)
{
int v4; // eax@1
int event; // esi@2
void *localFlag; // eax@6
int result; // eax@10
int v8; // [sp-Ch] [bp-Ch]@2
int v9; // [sp-8h] [bp-8h]@2
signed int v10; // [sp-4h] [bp-4h]@2

v4 = lGetCurrentProcessId();
if ( lDebugActiveProcess(v4) )
{
v10 = a1;
v9 = a3;
v8 = a2;
event = malloc(0x60u);
while ( !infiniteLoop1 )
{
lWaitForDebugEvent(event, -1, v8, v9, v10);
switch ( *event )
{
case 1:
CheckExceptionEvent(event);
break;
case 2:
CheckThreadEvent(event);
break;
case 6:
localFlag = flag;
if ( !flag )
{
localFlag = malloc(4u);
flag = localFlag;
*localFlag = 0;
}
*(localFlag + 1) = 1;
break;
default:
break;
}
v10 = 65538;
v9 = *(event + 8);
v8 = *(event + 4);
lContinueDebugEvent();
}
result = 0;
}
else
{
result = 0;
}
return result;
}

-----


int __userpurge CheckForCheatThread<eax>(signed __int32 IDKWHATARGTHISIS<eax>, int IDKWHATARGTHISIS2)
{
int localInt; // eax@3
int ActiontoCheck; // ecx@3
int SomePtr; // eax@3
int v5; // esi@6
int v6; // eax@6
int v7; // edi@6
int v9; // [sp+10h] [bp-8h]@6
int v10; // [sp+14h] [bp-4h]@3

while ( !infiniteLoop2 )
{
if ( bCanDo )
{
_InterlockedExchange(&v10, IDKWHATARGTHISIS);
localInt = *(MyStruct1 + 6);
ActiontoCheck = *(MyStruct1 + *(MyStruct1 + 5) + 7) - 17;
bCanDo = 0;
SomePtr = (MyStruct1 + localInt + 8);
switch ( ActiontoCheck )
{
case 0:
check1(ActiontoCheck);
break;
case 25:
check2(SomePtr);
break;
case 42:
v5 = CheckForExeFileName(*SomePtr);
v9 = 0;
v6 = GetFlagForAction(59, &v9);
v7 = v9;
*(*(v6 + 6) + v6 + 8) = v5;
check7(v7, v6);
break;
case 59:
check3(SomePtr);
break;
case 76:
check4(SomePtr);
break;
case 93:
check5();
break;
case 110:
check6(SomePtr, ActiontoCheck);
break;
default:
break;
}
}
Sleep(0x1F4u);
}
return 0;
}

-----


char __cdecl LoadAC()
{
char result; // al@2

if ( hasLoaded )
{
result = 1;
}
else
{
if ( loadModules()
&& lCreateThread(0, 0, CheckForCheatThread, 0, 0, 0)
&& lCreateThread(0, 0, CheckForDebuggerThread, 0, 0, 0) )
{
result = 1;
hasLoaded = 1;
}
else
{
result = 0;
}
}
return result;
}

-----


int __usercall LoadCryptedModulename<eax>(void *a1<edi>, int a2)
{
const CHAR *v2; // eax@2
unsigned int v3; // eax@2
_UNKNOWN *i; // ecx@2
int v5; // eax@4
int result; // eax@4
unsigned int v7; // ecx@4
void *j; // edx@4

if ( !dword_C8FF4C )
{
v2 = getDecryptedModuleName(&unk_C755A4);
dword_C8FF4C = GetProcAddress(lKernel32DLL, v2);
v3 = strlen(&unk_C755A4);
for ( i = &unk_C755A4; v3; --v3 )
{
*i = 0;
i = i + 1;
}
}
v5 = getDecryptedModuleName(a1);
result = dword_C8FF4C(a2, v5);
v7 = strlen(a1);
for ( j = a1; v7; --v7 )
{
*j = 0;
j = j + 1;
}
return result;
}


---------




char __cdecl loadModules()
{
const CHAR *dKernel32DLL; // eax@1
const CHAR *dNtdllDLL; // eax@1
const CHAR *dUser32DLL; // eax@1
unsigned int len1; // eax@1
_UNKNOWN *i; // ecx@1
unsigned int len2; // eax@3
_UNKNOWN *j; // ecx@3
unsigned int len3; // eax@5
_UNKNOWN *k; // ecx@5

dKernel32DLL = getDecryptedModuleName(&cKernel32DLL);
lKernel32DLL = GetModuleHandleA(dKernel32DLL);
dNtdllDLL = getDecryptedModuleName(&cNtdllDLL);
lNtdllDLL = GetModuleHandleA(dNtdllDLL);
dUser32DLL = getDecryptedModuleName(&cUser32DLL);
lUser32DLL = GetModuleHandleA(dUser32DLL);
len1 = strlen(&cKernel32DLL);
for ( i = &cKernel32DLL; len1; --len1 )
{
*i = 0;
i = i + 1;
}
len2 = strlen(&cNtdllDLL);
for ( j = &cNtdllDLL; len2; --len2 )
{
*j = 0;
j = j + 1;
}
len3 = strlen(&cUser32DLL);
for ( k = &cUser32DLL; len3; --len3 )
{
*k = 0;
k = k + 1;
}
lCloseHandle = LoadCryptedModulename(&cCloseHandle, lKernel32DLL);
lContinueDebugEvent = LoadCryptedModulename(&cContinueDebugEvent, lKernel32DLL);
lCreateThread = LoadCryptedModulename(&cCreateThread, lKernel32DLL);
lDebugActiveProcess = LoadCryptedModulename(&cDebugActiveProcess, lKernel32DLL);
lEnumWindows = LoadCryptedModulename(&cEnumWindows, lUser32DLL);
lGetCurrentProcess = LoadCryptedModulename(&cGetCurrentProcess, lKernel32DLL);
lGetCurrentProcessId = LoadCryptedModulename(&cGetCurrentProcessId, lKernel32DLL);
lGetSystemInfo = LoadCryptedModulename(&cGetSystemInfo, lKernel32DLL);
lGetWindowTextA = LoadCryptedModulename(&cGetWindowTextA, lUser32DLL);
lModule32First = LoadCryptedModulename(&cModule32First, lKernel32DLL);
lModule32Next = LoadCryptedModulename(&cModule32Next, lKernel32DLL);
lOpenProcess = LoadCryptedModulename(&cOpenProcess, lKernel32DLL);
lProcess32First = LoadCryptedModulename(&cProcess32First, lKernel32DLL);
lProcess32Next = LoadCryptedModulename(&cProcess32Next, lKernel32DLL);
lReadProcessMemory = LoadCryptedModulename(&cReadProcessMemory, lKernel32DLL);
lVirtualAlloc = LoadCryptedModulename(&cVirtualAlloc, lKernel32DLL);
lVirtualFree = LoadCryptedModulename(&cVirtualFree, lKernel32DLL);
lVirtualQuery = LoadCryptedModulename(&cVirtualQuery, lKernel32DLL);
lVirtualQueryEx = LoadCryptedModulename(&cVirtualQueryEx, lKernel32DLL);
lWaitForDebugEvent = LoadCryptedModulename(&cWaitForDebugEvent, lKernel32DLL);
return 1;
}

-----


int __fastcall SomeHashFunction(int MyStructPlus4, int sizeOfStruct)
{
int result; // eax@1

for ( result = 5381; sizeOfStruct; --sizeOfStruct )
result = 33 * result + *MyStructPlus4++;
return result;
}

-----

int __fastcall GetFlags(int a1, int a2)
{
int result; // eax@1
int v3; // esi@2
int v4; // eax@3
int v5; // ecx@3

result = 0;
if ( a1 )
{
v3 = a1;
do
{
v4 = *a2 + 16 * result;
v5 = v4 & 0xF0000000;
if ( v4 & 0xF0000000 )
v4 ^= v5 >> 24;
result = ~v5 & v4;
++a2;
--v3;
}
while ( v3 );
}
return result;
}

----

signed int __stdcall CheckThreadEvent(int a1)
{
int v1; // edx@1
HMODULE v2; // eax@2
int v3; // ecx@2
int v4; // edx@2
int v5; // ecx@2
int v6; // esi@4
HMODULE v7; // eax@5
int v8; // ecx@5
int v9; // edx@5
unsigned int v10; // eax@6

v1 = dword_C90698;
if ( dword_C90698 )
{
v5 = dword_C9069C;
}
else
{
v2 = GetPoeHandle();
v3 = *(v2 + 15);
v4 = *(v2 + v3 + 44);
v5 = *(v2 + v3 + 28);
v1 = (v2 + v4);
dword_C90698 = v1;
dword_C9069C = v5;
}
v6 = v1;
if ( !v5 )
{
v7 = GetPoeHandle();
v8 = *(v7 + 15);
v9 = *(v7 + v8 + 44);
v5 = *(v7 + v8 + 28);
dword_C90698 = (v7 + v9);
dword_C9069C = v5;
}
v10 = *(a1 + 20);
if ( v10 < v6 || v10 > v6 + v5 )
*(flag + 2) = 1;
return 65538;
}


----


signed int __usercall CheckExceptionEvent<eax>(int a1<eax>)
{
int v1; // eax@1
void *v2; // eax@3
void *v4; // eax@6

v1 = *(a1 + 12);
if ( v1 == -2147483645 )
{
v4 = flag;
if ( !flag )
{
v4 = malloc(4u);
flag = v4;
*v4 = 0;
}
*v4 = 1;
return 65538;
}
if ( v1 != -2147483644 )
return 65538;
v2 = flag;
if ( !flag )
{
v2 = malloc(4u);
flag = v2;
*v2 = 0;
}
*(v2 + 3) = 1;
return 65538;
}

---



void *__cdecl getDecryptedModuleName(char *Src)
{
char *v1; // eax@1
char *v2; // edx@1
char v3; // cl@2
int v4; // edi@3
void *v5; // esi@3
int v6; // ecx@3
char *i; // eax@3

v1 = Src;
v2 = Src + 1;
do
v3 = *v1++;
while ( v3 );
v4 = v1 - v2;
v5 = malloc(v1 - v2);
memmove(v5, Src, v4 + 1);
decrypt(v5);
v6 = v4;
for ( i = Src; v6; --v6 )
*i++ = 0;
return v5;
}


----



HMODULE __cdecl GetPoeHandle()
{
HMODULE result; // eax@1
unsigned int v1; // ecx@2
_UNKNOWN *i; // edx@2
unsigned int v3; // ecx@4
_UNKNOWN *j; // edx@4

result = 0;
if ( !PoeHandle )
{
result = GetModuleHandleA(0);
v1 = strlen(&unk_C7519C);
for ( i = &unk_C7519C; v1; --v1 )
{
*i = 0;
i = i + 1;
}
v3 = strlen(&unk_C754B0);
for ( j = &unk_C754B0; v3; --v3 )
{
*j = 0;
j = j + 1;
}
}
PoeHandle = result;
return result;
}

----------




int __usercall GetSuspiciousProcessHandle<eax>(int a1<edi>)
{
void *v1; // esi@1
char *v2; // eax@2
char v3; // cl@3
int v4; // eax@4
char *v5; // edx@4
int i; // ecx@4
int result; // eax@8
int v8; // [sp+10h] [bp-12Ch]@1
int v9; // [sp+18h] [bp-124h]@9
char v10; // [sp+34h] [bp-108h]@2
_BYTE v11[3]; // [sp+35h] [bp-107h]@4

v1 = lSnapShop32(2, 0);
v8 = 296;
if ( lProcess32First(v1, &v8) )
{
while ( 1 )
{
v2 = &v10;
do
v3 = *v2++;
while ( v3 );
v4 = v2 - v11;
v5 = &v10;
for ( i = 5381; v4; --v4 )
i = 33 * i + *v5++;
if ( i == a1 )
break;
if ( !lProcess32Next(v1, &v8) )
goto LABEL_8;
}
result = v9;
}
else
{
LABEL_8:
lCloseHandle(v1);
result = 0;
}
return result;
}



-----




char __cdecl randomBetween1And15()
{
__int16 v0; // ax@1
unsigned int v1; // eax@4
int v2; // edx@5

LOBYTE(v0) = 0;
while ( !v0 || v0 == 16 )
{
v1 = GetTickCount();
srand(v1);
do
v2 = rand() % 255;
while ( !v2 );
v0 = v2 % 16;
}
return v0;
}


-------


int __usercall decrypt<eax>(int a1<esi>)
{
bool v1; // zf@1
int v2; // ecx@2
int v4; // [sp+0h] [bp-20h]@1
int v5; // [sp+4h] [bp-1Ch]@1
int v6; // [sp+8h] [bp-18h]@1
int v7; // [sp+Ch] [bp-14h]@1
int v8; // [sp+10h] [bp-10h]@1
int v9; // [sp+14h] [bp-Ch]@1
int v10; // [sp+18h] [bp-8h]@1
int v11; // [sp+1Ch] [bp-4h]@1

v1 = *a1 == 0;
v4 = 1031564106;
v5 = -1692349621;
v6 = -1483227765;
v7 = 82819599;
v8 = -1996613830;
v9 = -1314908053;
v10 = -1018096448;
v11 = -2009149833;
if ( !v1 )
{
v2 = a1;
do
{
*v2 ^= *(&v4 + v2 - a1);
++v2;
}
while ( *v2 );
}
return a1;
}

------



void *__stdcall GetFlagForAction(int Src, int a2)
{
unsigned int v2; // eax@1
unsigned int v3; // eax@3
unsigned __int8 v4; // bl@5
unsigned __int8 v5; // ST1C_1@5
size_t v6; // eax@5
size_t v7; // ebp@5
size_t v8; // eax@5
unsigned __int8 v9; // bl@5
void *v10; // esi@5
int v11; // ecx@5
HMODULE v12; // eax@6
int v13; // edx@6
int v14; // ecx@6
int v15; // edx@6
int v16; // ecx@7
HMODULE v17; // eax@8
int v18; // edx@8
int v19; // ecx@8
int v20; // edx@8
void *v21; // eax@9
int v22; // edi@9
int v23; // eax@11
void *i; // ecx@11
char v26; // [sp+11h] [bp-7h]@2
char v27; // [sp+12h] [bp-6h]@5
char v28; // [sp+13h] [bp-5h]@4
size_t Size; // [sp+14h] [bp-4h]@5

v2 = GetTickCount();
srand(v2);
do
v26 = rand() % 255;
while ( !v26 );
v3 = GetTickCount();
srand(v3);
do
v28 = rand() % 255;
while ( !v28 );
v4 = randomBetween1And15();
v5 = v4;
LOBYTE(v6) = randomBetween1And15();
v7 = v4;
v27 = v6;
v6 = v6;
Size = v6;
v8 = v6 + v4 + 22;
v9 = v4 >> 1;
*a2 = v8;
v10 = malloc(v8);
*(v10 + 6) = v5;
v11 = dword_C90698;
*(v10 + 4) = v26;
*(v10 + 5) = v9;
if ( !v11 )
{
v12 = GetPoeHandle();
v13 = *(v12 + 15);
v14 = *(v12 + v13 + 44);
v15 = *(v12 + v13 + 28);
v11 = (v12 + v14);
dword_C90698 = v11;
dword_C9069C = v15;
}
memmove(v10 + 7, (v11 + v7), v7);
*(v10 + v9 + 7) = Src;
*(v10 + v7 + 7) = 4;
*(v10 + v7 + 12) = v27;
v16 = dword_C90698;
if ( !dword_C90698 )
{
v17 = GetPoeHandle();
v18 = *(v17 + 15);
v19 = *(v17 + v18 + 44);
v20 = *(v17 + v18 + 28);
v16 = (v17 + v19);
dword_C90698 = v16;
dword_C9069C = v20;
}
memmove(v10 + v7 + 13, (Size + v16), Size);
v21 = flag;
v22 = v7 + Size + 13;
*(v10 + v22) = v28;
if ( !v21 )
{
v21 = malloc(4u);
flag = v21;
*v21 = 0;
}
memmove(v10 + v22 + 1, v21, 4u);
v23 = 0;
for ( i = v10; v7; --v7 )
{
v23 = *i ^ -2128831035 * v23;
i = i + 1;
}
Src = v23;
memmove(v10 + v22 + 5, &Src, 4u);
return v10;
}

--------

int __thiscall check1(int SomePtr)
{
int v1; // esi@1
int v2; // eax@1
int v3; // edi@2
int v4; // eax@5
int v5; // esi@7
int Src; // [sp+0h] [bp-4h]@1
int v8; // [sp+8h] [bp+4h]@0
int v9; // [sp+Ch] [bp+8h]@0
int out1; // [sp+10h] [bp+Ch]@0

Src = SomePtr;
v1 = v8;
v2 = 5381;
if ( out1 )
{
v3 = out1;
do
{
v2 = 33 * v2 + *v1++;
--v3;
}
while ( v3 );
}
if ( v2 == v9 )
v4 = 0;
else
v4 = GetFlags(out1, v8);
Src = v4;
v8 = 0;
v5 = GetFlagForAction(17, &v8);
memmove((*(v5 + 6) + v5 + 8), &Src, 4u);
return check7(v8, v5);
}

-----


int __usercall check2<eax>(int a1<eax>)
{
int out2; // esi@1
int out1; // [sp+8h] [bp-8h]@1
int flags; // [sp+Ch] [bp-4h]@1

flags = CheckModule(a1);
out1 = 0;
out2 = GetFlagForAction(42, &out1);
memmove((*(out2 + 6) + out2 + 8), &flags, 4u);
return check7(out1, out2);
}

---


int __usercall check3<eax>(int a1<eax>)
{
int v1; // esi@1
int v3; // [sp+8h] [bp-8h]@1
unsigned int Src; // [sp+Ch] [bp-4h]@1

Src = CheckForModifiedMemory(a1);
v3 = 0;
v1 = GetFlagForAction(76, &v3);
memmove((*(v1 + 6) + v1 + 8), &Src, 4u);
return check7(v3, v1);
}

----

int __thiscall check4(void *this)
{
int v1; // esi@1
int v3; // [sp+Ch] [bp-8h]@1
int Src; // [sp+10h] [bp-4h]@1

Src = CheckExternalApplicationMemory(*this, (this + 4));
v3 = 0;
v1 = GetFlagForAction(93, &v3);
memmove((*(v1 + 6) + v1 + 8), &Src, 4u);
return check7(v3, v1);
}

----

int __cdecl check5()
{
int v0; // esi@1
int v2; // [sp+8h] [bp-8h]@1
int Src; // [sp+Ch] [bp-4h]@1

Src = CheckForUnmappedDLL();
v2 = 0;
v0 = GetFlagForAction(110, &v2);
memmove((*(v0 + 6) + v0 + 8), &Src, 4u);
return check7(v2, v0);
}

-----

int __usercall check6<eax>(int a1<eax>, int a2<ecx>)
{
int v2; // ST0C_4@1
int result; // eax@1
int v4; // eax@2
int v5; // edi@2
int v6; // [sp+8h] [bp-4h]@1

v6 = a2;
v2 = *a1;
byte_C9068D = 0;
result = lEnumWindows(CheckForWindowText, v2);
if ( !byte_C9068D )
{
v6 = 0;
v4 = GetFlagForAction(127, &v6);
v5 = v6;
*(*(v4 + 6) + v4 + 8) = 0;
result = check7(v5, v4);
}
return result;
}

-------

int __stdcall CheckModule(int a1)
{
int v1; // eax@1
int v2; // edi@1
int result; // eax@2
char *v4; // eax@3
char v5; // cl@4
int v6; // eax@5
char *v7; // esi@5
int v8; // edx@5
int v9; // ecx@6
int v10; // esi@11
int v11; // [sp+10h] [bp-224h]@1
char v12; // [sp+30h] [bp-204h]@3
_BYTE v13[3]; // [sp+31h] [bp-203h]@5

v1 = lGetCurrentProcessId();
v2 = lSnapShop32(8, v1);
v11 = 548;
if ( lModule32First(v2, &v11) )
{
while ( 1 )
{
v4 = &v12;
do
v5 = *v4++;
while ( v5 );
v6 = v4 - v13;
v7 = &v12;
v8 = 5381;
if ( v6 )
{
v9 = v6;
do
{
v8 = 33 * v8 + *v7++;
--v9;
}
while ( v9 );
}
if ( v8 == a1 )
break;
if ( !lModule32Next(v2, &v11) )
{
lCloseHandle(v2);
return 0;
}
}
v10 = GetFlags(v6, &v12);
lCloseHandle(v2);
result = v10;
}
else
{
lCloseHandle(v2);
result = 0;
}
return result;
}

----
int __stdcall CheckForExeFileName(int a1)
{
HANDLE v1; // edi@1
char *v2; // eax@2
char v3; // cl@3
int v4; // eax@4
char *v5; // esi@4
int v6; // edx@4
int v7; // ecx@5
int result; // eax@9
int v9; // esi@10
int v10; // [sp+10h] [bp-128h]@1
char v11; // [sp+34h] [bp-104h]@2
_BYTE v12[3]; // [sp+35h] [bp-103h]@4

v1 = CreateToolhelp32Snapshot(2u, 0);
v10 = 296;
if ( lProcess32First(v1, &v10) )
{
while ( 1 )
{
v2 = &v11;
do
v3 = *v2++;
while ( v3 );
v4 = v2 - v12;
v5 = &v11;
v6 = 5381;
if ( v4 )
{
v7 = v4;
do
{
v6 = 33 * v6 + *v5++;
--v7;
}
while ( v7 );
}
if ( v6 == a1 )
break;
if ( !lProcess32Next(v1, &v10) )
goto LABEL_9;
}
v9 = GetFlags(v4, &v11);
lCloseHandle(v1);
result = v9;
}
else
{
LABEL_9:
lCloseHandle(v1);
result = 0;
}
return result;
}

-----


unsigned int __userpurge PatternScanner<eax>(int a1<eax>, unsigned int a2, int a3, int a4)
{
unsigned int result; // eax@1
int v5; // esi@3
int i; // ecx@3
int v7; // [sp-Ch] [bp-30h]@1
int v8; // [sp+0h] [bp-24h]@4
unsigned int v9; // [sp+4h] [bp-20h]@2
int v10; // [sp+8h] [bp-1Ch]@4
int *v11; // [sp+Ch] [bp-18h]@1
int v12; // [sp+14h] [bp-10h]@1
int (*v13)(); // [sp+18h] [bp-Ch]@1
_UNKNOWN *v14; // [sp+1Ch] [bp-8h]@1
int v15; // [sp+20h] [bp-4h]@1

v15 = -1;
v14 = &unk_C051D0;
v13 = except_handler3;
v12 = a1;
v11 = &v7;
result = a2;
LABEL_2:
v9 = result;
if ( result < a3 + a2 )
{
v15 = 0;
v5 = result;
for ( i = a4; ; ++i )
{
v8 = v5;
v10 = i;
if ( !*i )
{
v15 = -1;
return result;
}
if ( *i == 33 )
{
if ( *v5 != *(i + 1) )
{
v15 = -1;
++result;
goto LABEL_2;
}
++i;
v10 = i;
}
++v5;
}
}
return 0;
}

-------

unsigned int __stdcall CheckForModifiedMemory(int a1)
{
int v1; // edx@1
HMODULE v2; // eax@2
int v3; // ecx@2
int v4; // edx@2
int v5; // ecx@2
unsigned int v6; // esi@4
HMODULE v7; // eax@5
int v8; // ecx@5
int v9; // edx@5

v1 = dword_C90698;
if ( dword_C90698 )
{
v5 = dword_C9069C;
}
else
{
v2 = GetPoeHandle();
v3 = *(v2 + 15);
v4 = *(v2 + v3 + 44);
v5 = *(v2 + v3 + 28);
v1 = (v2 + v4);
dword_C90698 = v1;
dword_C9069C = v5;
}
v6 = v1;
if ( !v5 )
{
v7 = GetPoeHandle();
v8 = *(v7 + 15);
v9 = *(v7 + v8 + 44);
v5 = *(v7 + v8 + 28);
dword_C90698 = (v7 + v9);
dword_C9069C = v5;
}
return PatternScanner(a1, v6, v5, a1);
}

------

int __userpurge CheckExternalApplicationMemory<eax>(int eax0<eax>, int a1)
{
int v2; // eax@1
int v3; // ebx@2
int v4; // ebp@4
int v5; // edi@4
int v6; // eax@6
unsigned int v7; // esi@6
int v8; // eax@6
int v10; // [sp+4Ch] [bp-1Ch]@1
__int64 v11; // [sp+50h] [bp-18h]@1
_DWORD v12[2]; // [sp+58h] [bp-10h]@1
__int64 v13; // [sp+60h] [bp-8h]@1

v10 = 0;
_mm_storel_epi64(&v11, 0);
_mm_storel_epi64(v12, 0);
_mm_storel_epi64(&v13, 0);
v2 = GetSuspiciousProcessHandle(eax0);
if ( !v2 || (v3 = lOpenProcess(1040, 0, v2)) == 0 || !lVirtualQueryEx(v3, 0, &v10, 28) )
return 0;
while ( 1 )
{
v4 = v10;
v5 = v12[0];
if ( !(v12[1] & 0x1000) || !(BYTE4(v11) & 0xD0) )
goto LABEL_8;
v6 = lVirtualAlloc(0, v12[0], 4096, 4);
v7 = v6;
v8 = lReadProcessMemory(v3, v4, v6, v5, 0);
if ( PatternScanner(v8, v7, v5, a1) )
return v4;
lVirtualFree(v7, 0, 32768);
LABEL_8:
if ( !lVirtualQueryEx(v3, v4 + v5, &v10, 28) )
return 0;
}
}

-----

signed int __stdcall CheckForWindowText(int a1, int a2)
{
signed int v2; // ecx@1
int *v3; // eax@1
int v4; // eax@3
signed int result; // eax@4
int *v6; // esi@5
int v7; // edx@5
int v8; // ecx@6
int v9; // esi@9
int v10; // eax@9
int v11; // edi@9
int v12; // [sp+Ch] [bp-100h]@9
int v13; // [sp+10h] [bp-FCh]@1

v2 = 250;
v3 = &v13;
do
{
*v3 = 0;
v3 = (v3 + 1);
--v2;
}
while ( v2 );
v4 = lGetWindowTextA(a1, &v13, 250);
if ( v4 )
{
v6 = &v13;
v7 = 5381;
if ( v4 )
{
v8 = v4;
do
{
v7 = 33 * v7 + *v6;
v6 = (v6 + 1);
--v8;
}
while ( v8 );
}
if ( v7 == a2 )
{
byte_C9068D = 1;
v9 = GetFlags(v4, &v13);
v12 = 0;
v10 = GetFlagForAction(127, &v12);
v11 = v12;
*(*(v10 + 6) + v10 + 8) = v9;
check7(v11, v10);
result = 0;
}
else
{
result = 1;
}
}
else
{
result = 1;
}
return result;
}

----


int __cdecl CheckForUnmappedDLL()
{
int v0; // esi@2
signed int v1; // ecx@4
int *v2; // eax@4
void *v3; // eax@6
int result; // eax@8
void *v5; // [sp+14h] [bp-120h]@0
CHAR *v6; // [sp+18h] [bp-11Ch]@0
int v7; // [sp+1Ch] [bp-118h]@1
__int64 v8; // [sp+20h] [bp-114h]@1
__int64 v9; // [sp+28h] [bp-10Ch]@1
__int64 v10; // [sp+30h] [bp-104h]@1
int v11; // [sp+38h] [bp-FCh]@4

v7 = 0;
_mm_storel_epi64(&v8, 0);
_mm_storel_epi64(&v9, 0);
_mm_storel_epi64(&v10, 0);
if ( lVirtualQuery(0, &v7, 28) )
{
while ( 1 )
{
v0 = v7;
if ( WORD2(v9) & 0x1000 )
{
if ( BYTE4(v8) & 0xD0 )
{
v1 = 250;
v2 = &v11;
do
{
*v2 = 0;
v2 = (v2 + 1);
--v1;
}
while ( v1 );
v3 = lGetCurrentProcess(v0, &v11, 250);
if ( !GetMappedFileNameA(v3, v5, v6, v7) )
break;
}
}
if ( !lVirtualQuery(v9 + v0, &v7, 28) )
goto LABEL_8;
}
result = v0;
}
else
{
LABEL_8:
result = 0;
}
return result;
}

No.

[mahitovec]

im gonna play new hc league

[suchbalance]

Wait what, new leagues starting tonight? Mahi you up for some coop on hc?

[mahitovec]

y lets go

[mahitovec]

what lv u are

[suchbalance]

Finished norm. Y u slack.

[mahitovec]

never alt tab outside of a town haha
nvm bad season timing anyway 5 days before mxl so not a big deal, had some fun. game is same boring tho

[Fumbles]

So why are there uniques in POE that have the same/similar names as su/ssu from Median XL? Which came first the Median or the poe?

[suchbalance]

Median. Brother laz worked for GGG on some PoE uniques (names + stats) - there is a full list somewhere on reddit if you google it. On others poe devs just took names from suggestions he made after he left.