12: 	HMODULE ntdll = LoadLibrary( "ntdll.dll" );
003C1002 68 3C 22 3C 00   push        offset string "ntdll.dll" (3C223Ch) 
003C1007 FF 15 04 20 3C 00 call        dword ptr [__imp__LoadLibraryA@4 (3C2004h)] 
003C100D 8B F8            mov         edi,eax 
    13: 	if (!ntdll)
003C100F 85 FF            test        edi,edi 
003C1011 74 61            je          Import+74h (3C1074h) 
003C1013 56               push        esi  
    14: 		return 0;
    15: 	RtlAdjPriv = (pRtlAdjustPrivilege) GetProcAddress(ntdll,"RtlAdjustPrivilege");
003C1014 8B 35 08 20 3C 00 mov         esi,dword ptr [__imp__GetProcAddress@8 (3C2008h)] 
003C101A 68 28 22 3C 00   push        offset string "RtlAdjustPrivilege" (3C2228h) 
003C101F 57               push        edi  
003C1020 FF D6            call        esi  
    16: 	NtTerminateProcess = (pNtTerminateProcess)GetProcAddress( ntdll, "NtTerminateProcess");
003C1022 68 14 22 3C 00   push        offset string "NtTerminateProcess" (3C2214h) 
003C1027 57               push        edi  
003C1028 A3 18 30 3C 00   mov         dword ptr [_RtlAdjPriv (3C3018h)],eax 
003C102D FF D6            call        esi  
    17: 	NtSuspendProcess = (pNtSuspendProcess)GetProcAddress(ntdll, "NtSuspendProcess" );
003C102F 68 00 22 3C 00   push        offset string "NtSuspendProcess" (3C2200h) 
003C1034 57               push        edi  
003C1035 A3 34 30 3C 00   mov         dword ptr [_NtTerminateProcess (3C3034h)],eax 
003C103A FF D6            call        esi  
    18: 	NtResumeProcess = (pNtResumeProcess)GetProcAddress(ntdll, "NtResumeProcess" );
003C103C 68 F0 21 3C 00   push        offset string "NtResumeProcess" (3C21F0h) 
003C1041 57               push        edi  
003C1042 A3 1C 30 3C 00   mov         dword ptr [_NtSuspendProcess (3C301Ch)],eax 
003C1047 FF D6            call        esi  
    19: 	FreeLibrary(ntdll);
003C1049 57               push        edi  
003C104A A3 20 30 3C 00   mov         dword ptr [_NtResumeProcess (3C3020h)],eax 
003C104F FF 15 14 20 3C 00 call        dword ptr [__imp__FreeLibrary@4 (3C2014h)] 
    20: 	{
    21: 		int prtn;
    22: 		RtlAdjPriv(20,TRUE,FALSE,&prtn);
003C1055 8D 44 24 08      lea         eax,[esp+8] 
003C1059 50               push        eax  
003C105A 6A 00            push        0    
003C105C 6A 01            push        1    
003C105E 6A 14            push        14h  
003C1060 FF 15 18 30 3C 00 call        dword ptr [_RtlAdjPriv (3C3018h)] 
    23: 	}
    24: 	RtlAdjPriv = NULL;
003C1066 83 25 18 30 3C 00 00 and         dword ptr [_RtlAdjPriv (3C3018h)],0 
003C106D 83 C4 10         add         esp,10h ; HUH? this isn't a CDECL
    25: 	return 1;
003C1070 33 C0            xor         eax,eax 
003C1072 40               inc         eax  
003C1073 5E               pop         esi  
003C1074 5F               pop         edi  
    26: }
003C1075 59               pop         ecx  
003C1076 C3               ret