just some explanation will helpme ... i just know this part load the driver... and the other function check if is loaded... but first i need to understand this...
Code:
unpacked:007DC7BD push offset aHshieldEhsvc_d ; "\\HShield\\EhSvc.dll" unpacked:007DC7C2 rep stosd unpacked:007DC7C4 mov edi, offset unk_174C054 unpacked:007DC7C9 or ecx, 0FFFFFFFFh unpacked:007DC7CC repne scasb unpacked:007DC7CE not ecx unpacked:007DC7D0 sub edi, ecx unpacked:007DC7D2 mov eax, ecx unpacked:007DC7D4 mov esi, edi unpacked:007DC7D6 mov edi, edx unpacked:007DC7D8 shr ecx, 2 unpacked:007DC7DB rep movsd unpacked:007DC7DD mov ecx, eax unpacked:007DC7DF and ecx, 3 unpacked:007DC7E2 rep movsb unpacked:007DC7E4 lea ecx, [esp+214h+var_104] unpacked:007DC7EB push ecx unpacked:007DC7EC call ds:dword_87B170 unpacked:007DC7F2 push 4 unpacked:007DC7F4 push 2883DBEh unpacked:007DC7F9 push offset aE6e29374943cf6 ; "E6E29374943CF660DBEC8E62" unpacked:007DC7FE push 17B1h unpacked:007DC803 lea edx, [esp+220h+var_104] unpacked:007DC80A push offset sub_7DCC10 unpacked:007DC80F push edx unpacked:007DC810 call sub_859C92 unpacked:007DC815 push offset unk_8CC4A0 unpacked:007DC81A mov esi, eax unpacked:007DC81C call sub_7ACAA0 unpacked:007DC821 add esp, 4 unpacked:007DC824 test esi, esi unpacked:007DC826 jz loc_7DC93B unpacked:007DC82C cmp esi, 103h unpacked:007DC832 jg short loc_7DC8A2 unpacked:007DC834 jz short loc_7DC891 unpacked:007DC836 cmp esi, 100h unpacked:007DC83C jg short loc_7DC882 unpacked:007DC83E jz short loc_7DC86E unpacked:007DC840 mov eax, esi unpacked:007DC842 sub eax, 2 unpacked:007DC845 jz short loc_7DC85A unpacked:007DC847 sub eax, 2 unpacked:007DC84A jnz loc_7DC8E9 unpacked:007DC850 push offset unk_8CC478 unpacked:007DC855 jmp loc_7DC909